Accepting request 681494 from security:tls

OBS-URL: https://build.opensuse.org/request/show/681494
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-1_1?expand=0&rev=6

0001-Axe-builtin-printf-implementation-use-glibc-instead.patch

@@ -1,955 +0,0 @@
-From fd708c2242408187cff392e8b0850275ac99376f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
-Date: Sun, 4 May 2014 23:36:54 -0400
-Subject: [PATCH] Axe builtin printf implementation, use glibc instead
-
-
-Index: openssl-1.1.0h/crypto/bio/b_print.c
-===================================================================
---- openssl-1.1.0h.orig/crypto/bio/b_print.c	2018-03-27 15:50:37.000000000 +0200
-+++ openssl-1.1.0h/crypto/bio/b_print.c	2018-03-27 16:31:15.425784205 +0200
-@@ -21,830 +21,6 @@
-  * on all source code distributions.
-  */
- 
--#ifdef HAVE_LONG_DOUBLE
--# define LDOUBLE long double
--#else
--# define LDOUBLE double
--#endif
--
--static int fmtstr(char **, char **, size_t *, size_t *,
--                  const char *, int, int, int);
--static int fmtint(char **, char **, size_t *, size_t *,
--                  int64_t, int, int, int, int);
--static int fmtfp(char **, char **, size_t *, size_t *,
--                 LDOUBLE, int, int, int, int);
--static int doapr_outch(char **, char **, size_t *, size_t *, int);
--static int _dopr(char **sbuffer, char **buffer,
--                 size_t *maxlen, size_t *retlen, int *truncated,
--                 const char *format, va_list args);
--
--/* format read states */
--#define DP_S_DEFAULT    0
--#define DP_S_FLAGS      1
--#define DP_S_MIN        2
--#define DP_S_DOT        3
--#define DP_S_MAX        4
--#define DP_S_MOD        5
--#define DP_S_CONV       6
--#define DP_S_DONE       7
--
--/* format flags - Bits */
--/* left-aligned padding */
--#define DP_F_MINUS      (1 << 0)
--/* print an explicit '+' for a value with positive sign */
--#define DP_F_PLUS       (1 << 1)
--/* print an explicit ' ' for a value with positive sign */
--#define DP_F_SPACE      (1 << 2)
--/* print 0/0x prefix for octal/hex and decimal point for floating point */
--#define DP_F_NUM        (1 << 3)
--/* print leading zeroes */
--#define DP_F_ZERO       (1 << 4)
--/* print HEX in UPPPERcase */
--#define DP_F_UP         (1 << 5)
--/* treat value as unsigned */
--#define DP_F_UNSIGNED   (1 << 6)
--
--/* conversion flags */
--#define DP_C_SHORT      1
--#define DP_C_LONG       2
--#define DP_C_LDOUBLE    3
--#define DP_C_LLONG      4
--
--/* Floating point formats */
--#define F_FORMAT        0
--#define E_FORMAT        1
--#define G_FORMAT        2
--
--/* some handy macros */
--#define char_to_int(p) (p - '0')
--#define OSSL_MAX(p,q) ((p >= q) ? p : q)
--
--static int
--_dopr(char **sbuffer,
--      char **buffer,
--      size_t *maxlen,
--      size_t *retlen, int *truncated, const char *format, va_list args)
--{
--    char ch;
--    int64_t value;
--    LDOUBLE fvalue;
--    char *strvalue;
--    int min;
--    int max;
--    int state;
--    int flags;
--    int cflags;
--    size_t currlen;
--
--    state = DP_S_DEFAULT;
--    flags = currlen = cflags = min = 0;
--    max = -1;
--    ch = *format++;
--
--    while (state != DP_S_DONE) {
--        if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))
--            state = DP_S_DONE;
--
--        switch (state) {
--        case DP_S_DEFAULT:
--            if (ch == '%')
--                state = DP_S_FLAGS;
--            else
--                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
--                    return 0;
--            ch = *format++;
--            break;
--        case DP_S_FLAGS:
--            switch (ch) {
--            case '-':
--                flags |= DP_F_MINUS;
--                ch = *format++;
--                break;
--            case '+':
--                flags |= DP_F_PLUS;
--                ch = *format++;
--                break;
--            case ' ':
--                flags |= DP_F_SPACE;
--                ch = *format++;
--                break;
--            case '#':
--                flags |= DP_F_NUM;
--                ch = *format++;
--                break;
--            case '0':
--                flags |= DP_F_ZERO;
--                ch = *format++;
--                break;
--            default:
--                state = DP_S_MIN;
--                break;
--            }
--            break;
--        case DP_S_MIN:
--            if (isdigit((unsigned char)ch)) {
--                min = 10 * min + char_to_int(ch);
--                ch = *format++;
--            } else if (ch == '*') {
--                min = va_arg(args, int);
--                ch = *format++;
--                state = DP_S_DOT;
--            } else
--                state = DP_S_DOT;
--            break;
--        case DP_S_DOT:
--            if (ch == '.') {
--                state = DP_S_MAX;
--                ch = *format++;
--            } else
--                state = DP_S_MOD;
--            break;
--        case DP_S_MAX:
--            if (isdigit((unsigned char)ch)) {
--                if (max < 0)
--                    max = 0;
--                max = 10 * max + char_to_int(ch);
--                ch = *format++;
--            } else if (ch == '*') {
--                max = va_arg(args, int);
--                ch = *format++;
--                state = DP_S_MOD;
--            } else
--                state = DP_S_MOD;
--            break;
--        case DP_S_MOD:
--            switch (ch) {
--            case 'h':
--                cflags = DP_C_SHORT;
--                ch = *format++;
--                break;
--            case 'l':
--                if (*format == 'l') {
--                    cflags = DP_C_LLONG;
--                    format++;
--                } else
--                    cflags = DP_C_LONG;
--                ch = *format++;
--                break;
--            case 'q':
--                cflags = DP_C_LLONG;
--                ch = *format++;
--                break;
--            case 'L':
--                cflags = DP_C_LDOUBLE;
--                ch = *format++;
--                break;
--            default:
--                break;
--            }
--            state = DP_S_CONV;
--            break;
--        case DP_S_CONV:
--            switch (ch) {
--            case 'd':
--            case 'i':
--                switch (cflags) {
--                case DP_C_SHORT:
--                    value = (short int)va_arg(args, int);
--                    break;
--                case DP_C_LONG:
--                    value = va_arg(args, long int);
--                    break;
--                case DP_C_LLONG:
--                    value = va_arg(args, int64_t);
--                    break;
--                default:
--                    value = va_arg(args, int);
--                    break;
--                }
--                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
--                            max, flags))
--                    return 0;
--                break;
--            case 'X':
--                flags |= DP_F_UP;
--                /* FALLTHROUGH */
--            case 'x':
--            case 'o':
--            case 'u':
--                flags |= DP_F_UNSIGNED;
--                switch (cflags) {
--                case DP_C_SHORT:
--                    value = (unsigned short int)va_arg(args, unsigned int);
--                    break;
--                case DP_C_LONG:
--                    value = va_arg(args, unsigned long int);
--                    break;
--                case DP_C_LLONG:
--                    value = va_arg(args, uint64_t);
--                    break;
--                default:
--                    value = va_arg(args, unsigned int);
--                    break;
--                }
--                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
--                            ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
--                            min, max, flags))
--                    return 0;
--                break;
--            case 'f':
--                if (cflags == DP_C_LDOUBLE)
--                    fvalue = va_arg(args, LDOUBLE);
--                else
--                    fvalue = va_arg(args, double);
--                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
--                           flags, F_FORMAT))
--                    return 0;
--                break;
--            case 'E':
--                flags |= DP_F_UP;
--                /* fall thru */
--            case 'e':
--                if (cflags == DP_C_LDOUBLE)
--                    fvalue = va_arg(args, LDOUBLE);
--                else
--                    fvalue = va_arg(args, double);
--                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
--                           flags, E_FORMAT))
--                    return 0;
--                break;
--            case 'G':
--                flags |= DP_F_UP;
--                /* fall thru */
--            case 'g':
--                if (cflags == DP_C_LDOUBLE)
--                    fvalue = va_arg(args, LDOUBLE);
--                else
--                    fvalue = va_arg(args, double);
--                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
--                           flags, G_FORMAT))
--                    return 0;
--                break;
--            case 'c':
--                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
--                            va_arg(args, int)))
--                    return 0;
--                break;
--            case 's':
--                strvalue = va_arg(args, char *);
--                if (max < 0) {
--                    if (buffer)
--                        max = INT_MAX;
--                    else
--                        max = *maxlen;
--                }
--                if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
--                            flags, min, max))
--                    return 0;
--                break;
--            case 'p':
--                value = (size_t)va_arg(args, void *);
--                if (!fmtint(sbuffer, buffer, &currlen, maxlen,
--                            value, 16, min, max, flags | DP_F_NUM))
--                    return 0;
--                break;
--            case 'n':          /* XXX */
--                if (cflags == DP_C_SHORT) {
--                    short int *num;
--                    num = va_arg(args, short int *);
--                    *num = currlen;
--                } else if (cflags == DP_C_LONG) { /* XXX */
--                    long int *num;
--                    num = va_arg(args, long int *);
--                    *num = (long int)currlen;
--                } else if (cflags == DP_C_LLONG) { /* XXX */
--                    int64_t *num;
--                    num = va_arg(args, int64_t *);
--                    *num = (int64_t)currlen;
--                } else {
--                    int *num;
--                    num = va_arg(args, int *);
--                    *num = currlen;
--                }
--                break;
--            case '%':
--                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
--                    return 0;
--                break;
--            case 'w':
--                /* not supported yet, treat as next char */
--                ch = *format++;
--                break;
--            default:
--                /* unknown, skip */
--                break;
--            }
--            ch = *format++;
--            state = DP_S_DEFAULT;
--            flags = cflags = min = 0;
--            max = -1;
--            break;
--        case DP_S_DONE:
--            break;
--        default:
--            break;
--        }
--    }
--    /*
--     * We have to truncate if there is no dynamic buffer and we have filled the
--     * static buffer.
--     */
--    if (buffer == NULL) {
--        *truncated = (currlen > *maxlen - 1);
--        if (*truncated)
--            currlen = *maxlen - 1;
--    }
--    if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
--        return 0;
--    *retlen = currlen - 1;
--    return 1;
--}
--
--static int
--fmtstr(char **sbuffer,
--       char **buffer,
--       size_t *currlen,
--       size_t *maxlen, const char *value, int flags, int min, int max)
--{
--    int padlen;
--    size_t strln;
--    int cnt = 0;
--
--    if (value == 0)
--        value = "<NULL>";
--
--    strln = OPENSSL_strnlen(value, max < 0 ? SIZE_MAX : (size_t)max);
--
--    padlen = min - strln;
--    if (min < 0 || padlen < 0)
--        padlen = 0;
--    if (max >= 0) {
--        /*
--         * Calculate the maximum output including padding.
--         * Make sure max doesn't overflow into negativity
--         */
--        if (max < INT_MAX - padlen)
--            max += padlen;
--        else
--            max = INT_MAX;
--    }
--    if (flags & DP_F_MINUS)
--        padlen = -padlen;
--
--    while ((padlen > 0) && (max < 0 || cnt < max)) {
--        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
--            return 0;
--        --padlen;
--        ++cnt;
--    }
--    while (strln > 0 && (max < 0 || cnt < max)) {
--        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
--            return 0;
--        --strln;
--        ++cnt;
--    }
--    while ((padlen < 0) && (max < 0 || cnt < max)) {
--        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
--            return 0;
--        ++padlen;
--        ++cnt;
--    }
--    return 1;
--}
--
--static int
--fmtint(char **sbuffer,
--       char **buffer,
--       size_t *currlen,
--       size_t *maxlen, int64_t value, int base, int min, int max, int flags)
--{
--    int signvalue = 0;
--    const char *prefix = "";
--    uint64_t uvalue;
--    char convert[DECIMAL_SIZE(value) + 3];
--    int place = 0;
--    int spadlen = 0;
--    int zpadlen = 0;
--    int caps = 0;
--
--    if (max < 0)
--        max = 0;
--    uvalue = value;
--    if (!(flags & DP_F_UNSIGNED)) {
--        if (value < 0) {
--            signvalue = '-';
--            uvalue = 0 - (uint64_t)value;
--        } else if (flags & DP_F_PLUS)
--            signvalue = '+';
--        else if (flags & DP_F_SPACE)
--            signvalue = ' ';
--    }
--    if (flags & DP_F_NUM) {
--        if (base == 8)
--            prefix = "0";
--        if (base == 16)
--            prefix = "0x";
--    }
--    if (flags & DP_F_UP)
--        caps = 1;
--    do {
--        convert[place++] = (caps ? "0123456789ABCDEF" : "0123456789abcdef")
--            [uvalue % (unsigned)base];
--        uvalue = (uvalue / (unsigned)base);
--    } while (uvalue && (place < (int)sizeof(convert)));
--    if (place == sizeof(convert))
--        place--;
--    convert[place] = 0;
--
--    zpadlen = max - place;
--    spadlen =
--        min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
--    if (zpadlen < 0)
--        zpadlen = 0;
--    if (spadlen < 0)
--        spadlen = 0;
--    if (flags & DP_F_ZERO) {
--        zpadlen = OSSL_MAX(zpadlen, spadlen);
--        spadlen = 0;
--    }
--    if (flags & DP_F_MINUS)
--        spadlen = -spadlen;
--
--    /* spaces */
--    while (spadlen > 0) {
--        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
--            return 0;
--        --spadlen;
--    }
--
--    /* sign */
--    if (signvalue)
--        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
--            return 0;
--
--    /* prefix */
--    while (*prefix) {
--        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
--            return 0;
--        prefix++;
--    }
--
--    /* zeros */
--    if (zpadlen > 0) {
--        while (zpadlen > 0) {
--            if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
--                return 0;
--            --zpadlen;
--        }
--    }
--    /* digits */
--    while (place > 0) {
--        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
--            return 0;
--    }
--
--    /* left justified spaces */
--    while (spadlen < 0) {
--        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
--            return 0;
--        ++spadlen;
--    }
--    return 1;
--}
--
--static LDOUBLE abs_val(LDOUBLE value)
--{
--    LDOUBLE result = value;
--    if (value < 0)
--        result = -value;
--    return result;
--}
--
--static LDOUBLE pow_10(int in_exp)
--{
--    LDOUBLE result = 1;
--    while (in_exp) {
--        result *= 10;
--        in_exp--;
--    }
--    return result;
--}
--
--static long roundv(LDOUBLE value)
--{
--    long intpart;
--    intpart = (long)value;
--    value = value - intpart;
--    if (value >= 0.5)
--        intpart++;
--    return intpart;
--}
--
--static int
--fmtfp(char **sbuffer,
--      char **buffer,
--      size_t *currlen,
--      size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags, int style)
--{
--    int signvalue = 0;
--    LDOUBLE ufvalue;
--    LDOUBLE tmpvalue;
--    char iconvert[20];
--    char fconvert[20];
--    char econvert[20];
--    int iplace = 0;
--    int fplace = 0;
--    int eplace = 0;
--    int padlen = 0;
--    int zpadlen = 0;
--    long exp = 0;
--    unsigned long intpart;
--    unsigned long fracpart;
--    unsigned long max10;
--    int realstyle;
--
--    if (max < 0)
--        max = 6;
--
--    if (fvalue < 0)
--        signvalue = '-';
--    else if (flags & DP_F_PLUS)
--        signvalue = '+';
--    else if (flags & DP_F_SPACE)
--        signvalue = ' ';
--
--    /*
--     * G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT
--     * depending on the number to be printed. Work out which one it is and use
--     * that from here on.
--     */
--    if (style == G_FORMAT) {
--        if (fvalue == 0.0) {
--            realstyle = F_FORMAT;
--        } else if (fvalue < 0.0001) {
--            realstyle = E_FORMAT;
--        } else if ((max == 0 && fvalue >= 10)
--                    || (max > 0 && fvalue >= pow_10(max))) {
--            realstyle = E_FORMAT;
--        } else {
--            realstyle = F_FORMAT;
--        }
--    } else {
--        realstyle = style;
--    }
--
--    if (style != F_FORMAT) {
--        tmpvalue = fvalue;
--        /* Calculate the exponent */
--        if (fvalue != 0.0) {
--            while (tmpvalue < 1) {
--                tmpvalue *= 10;
--                exp--;
--            }
--            while (tmpvalue > 10) {
--                tmpvalue /= 10;
--                exp++;
--            }
--        }
--        if (style == G_FORMAT) {
--            /*
--             * In G_FORMAT the "precision" represents significant digits. We
--             * always have at least 1 significant digit.
--             */
--            if (max == 0)
--                max = 1;
--            /* Now convert significant digits to decimal places */
--            if (realstyle == F_FORMAT) {
--                max -= (exp + 1);
--                if (max < 0) {
--                    /*
--                     * Should not happen. If we're in F_FORMAT then exp < max?
--                     */
--                    return 0;
--                }
--            } else {
--                /*
--                 * In E_FORMAT there is always one significant digit in front
--                 * of the decimal point, so:
--                 * significant digits == 1 + decimal places
--                 */
--                max--;
--            }
--        }
--        if (realstyle == E_FORMAT)
--            fvalue = tmpvalue;
--    }
--    ufvalue = abs_val(fvalue);
--    if (ufvalue > ULONG_MAX) {
--        /* Number too big */
--        return 0;
--    }
--    intpart = (unsigned long)ufvalue;
--
--    /*
--     * sorry, we only support 9 digits past the decimal because of our
--     * conversion method
--     */
--    if (max > 9)
--        max = 9;
--
--    /*
--     * we "cheat" by converting the fractional part to integer by multiplying
--     * by a factor of 10
--     */
--    max10 = roundv(pow_10(max));
--    fracpart = roundv(pow_10(max) * (ufvalue - intpart));
--
--    if (fracpart >= max10) {
--        intpart++;
--        fracpart -= max10;
--    }
--
--    /* convert integer part */
--    do {
--        iconvert[iplace++] = "0123456789"[intpart % 10];
--        intpart = (intpart / 10);
--    } while (intpart && (iplace < (int)sizeof(iconvert)));
--    if (iplace == sizeof(iconvert))
--        iplace--;
--    iconvert[iplace] = 0;
--
--    /* convert fractional part */
--    while (fplace < max) {
--        if (style == G_FORMAT && fplace == 0 && (fracpart % 10) == 0) {
--            /* We strip trailing zeros in G_FORMAT */
--            max--;
--            fracpart = fracpart / 10;
--            if (fplace < max)
--                continue;
--            break;
--        }
--        fconvert[fplace++] = "0123456789"[fracpart % 10];
--        fracpart = (fracpart / 10);
--    }
--
--    if (fplace == sizeof(fconvert))
--        fplace--;
--    fconvert[fplace] = 0;
--
--    /* convert exponent part */
--    if (realstyle == E_FORMAT) {
--        int tmpexp;
--        if (exp < 0)
--            tmpexp = -exp;
--        else
--            tmpexp = exp;
--
--        do {
--            econvert[eplace++] = "0123456789"[tmpexp % 10];
--            tmpexp = (tmpexp / 10);
--        } while (tmpexp > 0 && eplace < (int)sizeof(econvert));
--        /* Exponent is huge!! Too big to print */
--        if (tmpexp > 0)
--            return 0;
--        /* Add a leading 0 for single digit exponents */
--        if (eplace == 1)
--            econvert[eplace++] = '0';
--    }
--
--    /*
--     * -1 for decimal point (if we have one, i.e. max > 0),
--     * another -1 if we are printing a sign
--     */
--    padlen = min - iplace - max - (max > 0 ? 1 : 0) - ((signvalue) ? 1 : 0);
--    /* Take some off for exponent prefix "+e" and exponent */
--    if (realstyle == E_FORMAT)
--        padlen -= 2 + eplace;
--    zpadlen = max - fplace;
--    if (zpadlen < 0)
--        zpadlen = 0;
--    if (padlen < 0)
--        padlen = 0;
--    if (flags & DP_F_MINUS)
--        padlen = -padlen;
--
--    if ((flags & DP_F_ZERO) && (padlen > 0)) {
--        if (signvalue) {
--            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
--                return 0;
--            --padlen;
--            signvalue = 0;
--        }
--        while (padlen > 0) {
--            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
--                return 0;
--            --padlen;
--        }
--    }
--    while (padlen > 0) {
--        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
--            return 0;
--        --padlen;
--    }
--    if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
--        return 0;
--
--    while (iplace > 0) {
--        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]))
--            return 0;
--    }
--
--    /*
--     * Decimal point. This should probably use locale to find the correct
--     * char to print out.
--     */
--    if (max > 0 || (flags & DP_F_NUM)) {
--        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.'))
--            return 0;
--
--        while (fplace > 0) {
--            if(!doapr_outch(sbuffer, buffer, currlen, maxlen,
--                            fconvert[--fplace]))
--                return 0;
--        }
--    }
--    while (zpadlen > 0) {
--        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
--            return 0;
--        --zpadlen;
--    }
--    if (realstyle == E_FORMAT) {
--        char ech;
--
--        if ((flags & DP_F_UP) == 0)
--            ech = 'e';
--        else
--            ech = 'E';
--        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ech))
--                return 0;
--        if (exp < 0) {
--            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '-'))
--                    return 0;
--        } else {
--            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '+'))
--                    return 0;
--        }
--        while (eplace > 0) {
--            if (!doapr_outch(sbuffer, buffer, currlen, maxlen,
--                             econvert[--eplace]))
--                return 0;
--        }
--    }
--
--    while (padlen < 0) {
--        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
--            return 0;
--        ++padlen;
--    }
--    return 1;
--}
--
--#define BUFFER_INC  1024
--
--static int
--doapr_outch(char **sbuffer,
--            char **buffer, size_t *currlen, size_t *maxlen, int c)
--{
--    /* If we haven't at least one buffer, someone has doe a big booboo */
--    OPENSSL_assert(*sbuffer != NULL || buffer != NULL);
--
--    /* |currlen| must always be <= |*maxlen| */
--    OPENSSL_assert(*currlen <= *maxlen);
--
--    if (buffer && *currlen == *maxlen) {
--        if (*maxlen > INT_MAX - BUFFER_INC)
--            return 0;
--
--        *maxlen += BUFFER_INC;
--        if (*buffer == NULL) {
--            *buffer = OPENSSL_malloc(*maxlen);
--            if (*buffer == NULL)
--                return 0;
--            if (*currlen > 0) {
--                OPENSSL_assert(*sbuffer != NULL);
--                memcpy(*buffer, *sbuffer, *currlen);
--            }
--            *sbuffer = NULL;
--        } else {
--            char *tmpbuf;
--            tmpbuf = OPENSSL_realloc(*buffer, *maxlen);
--            if (tmpbuf == NULL)
--                return 0;
--            *buffer = tmpbuf;
--        }
--    }
--
--    if (*currlen < *maxlen) {
--        if (*sbuffer)
--            (*sbuffer)[(*currlen)++] = (char)c;
--        else
--            (*buffer)[(*currlen)++] = (char)c;
--    }
--
--    return 1;
--}
--
--/***************************************************************************/
- 
- int BIO_printf(BIO *bio, const char *format, ...)
- {
-@@ -859,30 +35,36 @@ int BIO_printf(BIO *bio, const char *for
-     return (ret);
- }
- 
-+static ssize_t cookie_BIO_write(void *cookie, const char *buf, size_t size)
-+{
-+        int ret;
-+        ret = BIO_write(cookie, buf, size);
-+        /* BIO_write may return negative value on error,
-+         * but we must return 0 on that case
-+         */
-+        return (ret < 0) ? 0 : ret;
-+}
-+
- int BIO_vprintf(BIO *bio, const char *format, va_list args)
- {
-+    FILE *fp;
-     int ret;
--    size_t retlen;
--    char hugebuf[1024 * 2];     /* Was previously 10k, which is unreasonable
--                                 * in small-stack environments, like threads
--                                 * or DOS programs. */
--    char *hugebufp = hugebuf;
--    size_t hugebufsize = sizeof(hugebuf);
--    char *dynbuf = NULL;
--    int ignored;
--
--    dynbuf = NULL;
--    if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
--                args)) {
--        OPENSSL_free(dynbuf);
--        return -1;
--    }
--    if (dynbuf) {
--        ret = BIO_write(bio, dynbuf, (int)retlen);
--        OPENSSL_free(dynbuf);
--    } else {
--        ret = BIO_write(bio, hugebuf, (int)retlen);
--    }
-+
-+    cookie_io_functions_t  bio_funcs = {
-+        .read  = NULL,
-+        .write = cookie_BIO_write,
-+        .seek  = NULL,
-+        .close = NULL,
-+    };
-+
-+    fp = fopencookie(bio, "w", bio_funcs);
-+
-+    if (fp == NULL)
-+            return -1;
-+
-+    ret = vfprintf(fp, format, args);
-+
-+    fclose(fp);
-     return (ret);
- }
- 
-@@ -898,29 +80,21 @@ int BIO_snprintf(char *buf, size_t n, co
-     int ret;
- 
-     va_start(args, format);
-+    ret = vsnprintf(buf, n, format, args);
-+    va_end(args);
- 
--    ret = BIO_vsnprintf(buf, n, format, args);
-+    if (ret >= n || ret == -1) return (-1);
- 
--    va_end(args);
-     return (ret);
- }
- 
- int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
- {
--    size_t retlen;
--    int truncated;
-+    int ret;
-+    ret = vsnprintf(buf, n, format, args);
- 
--    if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
--        return -1;
-+    if (ret >= n || ret == -1)
-+        return (-1);
- 
--    if (truncated)
--        /*
--         * In case of truncation, return -1 like traditional snprintf.
--         * (Current drafts for ISO/IEC 9899 say snprintf should return the
--         * number of characters that would have been written, had the buffer
--         * been large enough.)
--         */
--        return -1;
--    else
--        return (retlen <= INT_MAX) ? (int)retlen : -1;
-+    return (ret);
- }
-Index: openssl-1.1.0h/test/bioprinttest.c
-===================================================================
---- openssl-1.1.0h.orig/test/bioprinttest.c	2018-03-27 15:50:40.000000000 +0200
-+++ openssl-1.1.0h/test/bioprinttest.c	2018-03-27 16:30:23.096947435 +0200
-@@ -200,13 +200,6 @@ int main(int argc, char **argv)
-         dofptest(test++, 66666.0 + frac, width, prec, &fail);
-     }
- 
--    /* Test excessively big number. Should fail */
--    if (BIO_snprintf(buf, sizeof(buf), "%f\n", 2 * (double)ULONG_MAX) != -1) {
--        printf("Test %d failed. Unexpected success return from "
--               "BIO_snprintf()\n", test);
--        fail = 1;
--    }
--
- #ifndef OPENSSL_NO_CRYPTO_MDEBUG
-     if (CRYPTO_mem_leaks_fp(stderr) <= 0)
-         return 1;

0001-Limit-scope-of-CN-name-constraints.patch

@@ -1,802 +0,0 @@
-From c2c2c7b3f1df94f9a447cc3cf8196579543cc57e Mon Sep 17 00:00:00 2001
-From: Viktor Dukhovni <openssl-users@dukhovni.org>
-Date: Fri, 18 May 2018 09:09:51 -0400
-Subject: [PATCH 1/2] Limit scope of CN name constraints
-
-Don't apply DNS name constraints to the subject CN when there's a
-least one DNS-ID subjectAlternativeName.
-
-Don't apply DNS name constraints to subject CN's that are sufficiently
-unlike DNS names.  Checked name must have at least two labels, with
-all labels non-empty, no trailing '.' and all hyphens must be
-internal in each label.  In addition to the usual LDH characters,
-we also allow "_", since some sites use these for hostnames despite
-all the standards.
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-Reviewed-by: Tim Hudson <tjh@openssl.org>
----
- crypto/asn1/a_strex.c              |  50 -----------
- crypto/include/internal/asn1_int.h |   2 -
- crypto/x509v3/v3_ncons.c           | 140 +++++++++++++++++++++++++----
- test/certs/alt1-cert.pem           |  39 ++++----
- test/certs/alt1-key.pem            |  52 +++++------
- test/certs/badalt6-cert.pem        |  35 ++++----
- test/certs/badalt6-key.pem         |  52 +++++------
- test/certs/badalt7-cert.pem        |  33 ++++---
- test/certs/badalt7-key.pem         |  52 +++++------
- test/certs/badcn1-cert.pem         |  20 +++++
- test/certs/badcn1-key.pem          |  28 ++++++
- test/certs/goodcn1-cert.pem        |  22 +++++
- test/certs/goodcn1-key.pem         |  28 ++++++
- test/certs/setup.sh                |  25 ++++--
- test/recipes/25-test_verify.t      |   8 +-
- 15 files changed, 376 insertions(+), 210 deletions(-)
- create mode 100644 test/certs/badcn1-cert.pem
- create mode 100644 test/certs/badcn1-key.pem
- create mode 100644 test/certs/goodcn1-cert.pem
- create mode 100644 test/certs/goodcn1-key.pem
-
-diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
-index 75bc4319c7..ec7ac5a30c 100644
---- a/crypto/asn1/a_strex.c
-+++ b/crypto/asn1/a_strex.c
-@@ -613,53 +613,3 @@ int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in)
-     *out = stmp.data;
-     return stmp.length;
- }
--
--/* Return 1 if host is a valid hostname and 0 otherwise */
--int asn1_valid_host(const ASN1_STRING *host)
--{
--    int hostlen = host->length;
--    const unsigned char *hostptr = host->data;
--    int type = host->type;
--    int i;
--    signed char width = -1;
--    unsigned short chflags = 0, prevchflags;
--
--    if (type > 0 && type < 31)
--        width = tag2nbyte[type];
--    if (width == -1 || hostlen == 0)
--        return 0;
--    /* Treat UTF8String as width 1 as any MSB set is invalid */
--    if (width == 0)
--        width = 1;
--    for (i = 0 ; i < hostlen; i+= width) {
--        prevchflags = chflags;
--        /* Value must be <= 0x7F: check upper bytes are all zeroes */
--        if (width == 4) {
--            if (*hostptr++ != 0 || *hostptr++ != 0 || *hostptr++ != 0)
--                return 0;
--        } else if (width == 2) {
--            if (*hostptr++ != 0)
--                return 0;
--        }
--        if (*hostptr > 0x7f)
--            return 0;
--        chflags = char_type[*hostptr++];
--        if (!(chflags & (CHARTYPE_HOST_ANY | CHARTYPE_HOST_WILD))) {
--            /* Nothing else allowed at start or end of string */
--            if (i == 0 || i == hostlen - 1)
--                return 0;
--            /* Otherwise invalid if not dot or hyphen */
--            if (!(chflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN)))
--                return 0;
--            /*
--             * If previous is dot or hyphen then illegal unless both
--             * are hyphens: as .- -. .. are all illegal
--             */
--            if (prevchflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN)
--                && ((prevchflags & CHARTYPE_HOST_DOT)
--                    || (chflags & CHARTYPE_HOST_DOT)))
--                return 0;
--        }
--    }
--    return 1;
--}
-diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h
-index f70e3b47ba..a0c65318d5 100644
---- a/crypto/include/internal/asn1_int.h
-+++ b/crypto/include/internal/asn1_int.h
-@@ -90,5 +90,3 @@ struct asn1_pctx_st {
-     unsigned long oid_flags;
-     unsigned long str_flags;
- } /* ASN1_PCTX */ ;
--
--int asn1_valid_host(const ASN1_STRING *host);
-diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
-index 2eec405a36..c4b0551a03 100644
---- a/crypto/x509v3/v3_ncons.c
-+++ b/crypto/x509v3/v3_ncons.c
-@@ -297,47 +297,151 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc)
- 
- }
- 
-+static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen)
-+{
-+    int utf8_length;    /* Return type of ASN1_STRING_to_UTF8 */
-+    int i;
-+    unsigned char *utf8_value;
-+    int isdnsname = 0;
-+
-+    /* Don't leave outputs uninitialized */
-+    *dnsid = NULL;
-+    *idlen = 0;
-+
-+    /*-
-+     * Per RFC 6125, DNS-IDs representing internationalized domain names appear
-+     * in certificates in A-label encoded form:
-+     *
-+     *   https://tools.ietf.org/html/rfc6125#section-6.4.2
-+     *
-+     * The same applies to CNs which are intended to represent DNS names.
-+     * However, while in the SAN DNS-IDs are IA5Strings, as CNs they may be
-+     * needlessly encoded in 16-bit Unicode.  We perform a conversion to UTF-8
-+     * to ensure that we get an ASCII representation of any CNs that are
-+     * representable as ASCII, but just not encoded as ASCII.  The UTF-8 form
-+     * may contain some non-ASCII octets, and that's fine, such CNs are not
-+     * valid legacy DNS names.
-+     *
-+     * Note, 'int' is the return type of ASN1_STRING_to_UTF8() so that's what
-+     * we must use for 'utf8_length'.
-+     */
-+    if ((utf8_length = ASN1_STRING_to_UTF8(&utf8_value, cn)) < 0)
-+        return X509_V_ERR_OUT_OF_MEM;
-+
-+    /*
-+     * Some certificates have had names that include a *trailing* NUL byte.
-+     * Remove these harmless NUL characters. They would otherwise yield false
-+     * alarms with the following embedded NUL check.
-+     */
-+    while (utf8_length > 0 && utf8_value[utf8_length - 1] == '\0')
-+        --utf8_length;
-+
-+    /* Reject *embedded* NULs */
-+    if ((size_t)utf8_length != strlen((char *)utf8_value))
-+        return X509_V_ERR_UNSPECIFIED;
-+
-+    /*
-+     * XXX: Deviation from strict DNS name syntax, also check names with '_'
-+     * Check DNS name syntax, any '-' or '.' must be internal,
-+     * and on either side of each '.' we can't have a '-' or '.'.
-+     *
-+     * If the name has just one label, we don't consider it a DNS name.  This
-+     * means that "CN=sometld" cannot be precluded by DNS name constraints, but
-+     * that is not a problem.
-+     */
-+    for (i = 0; i < utf8_length; ++i) {
-+        unsigned char c = utf8_value[i];
-+
-+        if ((c >= 'a' && c <= 'z')
-+            || (c >= 'A' && c <= 'Z')
-+            || (c >= '0' && c <= '9')
-+            || c == '_')
-+            continue;
-+
-+        /* Dot and hyphen cannot be first or last. */
-+        if (i > 0 && i < utf8_length - 1) {
-+            if (c == '-')
-+                continue;
-+            /*
-+             * Next to a dot the preceding and following characters must not be
-+             * another dot or a hyphen.  Otherwise, record that the name is
-+             * plausible, since it has two or more labels.
-+             */
-+            if (c == '.'
-+                && utf8_value[i + 1] != '.'
-+                && utf8_value[i - 1] != '-'
-+                && utf8_value[i + 1] != '-') {
-+                isdnsname = 1;
-+                continue;
-+            }
-+        }
-+        isdnsname = 0;
-+        break;
-+    }
-+
-+    if (isdnsname) {
-+        *dnsid = utf8_value;
-+        *idlen = (size_t)utf8_length;
-+        return X509_V_OK;
-+    }
-+    OPENSSL_free(utf8_value);
-+    return X509_V_OK;
-+}
-+
- int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc)
- {
-     int r, i;
-+    GENERAL_NAMES *gens = NULL;
-     X509_NAME *nm;
--
-     ASN1_STRING stmp;
-     GENERAL_NAME gntmp;
-+
-     stmp.flags = 0;
-     stmp.type = V_ASN1_IA5STRING;
-     gntmp.type = GEN_DNS;
-     gntmp.d.dNSName = &stmp;
- 
-+    gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
-+    if (gens != NULL) {
-+        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
-+            GENERAL_NAME *gen = sk_GENERAL_NAME_value(gens, i);
-+
-+            if (gen->type == GEN_DNS) {
-+                GENERAL_NAMES_free(gens);
-+                return X509_V_OK;
-+            }
-+        }
-+        GENERAL_NAMES_free(gens);
-+    }
-+
-     nm = X509_get_subject_name(x);
- 
-     /* Process any commonName attributes in subject name */
- 
-     for (i = -1;;) {
-         X509_NAME_ENTRY *ne;
--        ASN1_STRING *hn;
-+        ASN1_STRING *cn;
-+        unsigned char *idval;
-+        size_t idlen;
-+
-         i = X509_NAME_get_index_by_NID(nm, NID_commonName, i);
-         if (i == -1)
-             break;
-         ne = X509_NAME_get_entry(nm, i);
--        hn = X509_NAME_ENTRY_get_data(ne);
--        /* Only process attributes that look like host names */
--        if (asn1_valid_host(hn)) {
--            unsigned char *h;
--            int hlen = ASN1_STRING_to_UTF8(&h, hn);
--            if (hlen <= 0)
--                return X509_V_ERR_OUT_OF_MEM;
-+        cn = X509_NAME_ENTRY_get_data(ne);
- 
--            stmp.length = hlen;
--            stmp.data = h;
--
--            r = nc_match(&gntmp, nc);
--
--            OPENSSL_free(h);
-+        /* Only process attributes that look like host names */
-+        if ((r = cn2dnsid(cn, &idval, &idlen)) != X509_V_OK)
-+            return r;
-+        if (idlen == 0)
-+            continue;
- 
--            if (r != X509_V_OK)
--                    return r;
--        }
-+        stmp.length = idlen;
-+        stmp.data = idval;
-+        r = nc_match(&gntmp, nc);
-+        OPENSSL_free(idval);
-+        if (r != X509_V_OK)
-+            return r;
-     }
-     return X509_V_OK;
- }
-diff --git a/test/certs/alt1-cert.pem b/test/certs/alt1-cert.pem
-index b94d0eaf9d..d68b0e5193 100644
---- a/test/certs/alt1-cert.pem
-+++ b/test/certs/alt1-cert.pem
-@@ -1,22 +1,21 @@
- -----BEGIN CERTIFICATE-----
--MIIDlTCCAn2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
--IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMGgxIzAh
--BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAxMRUwEwYDVQQDDAx3d3cu
--Z29vZC5vcmcxEzARBgNVBAMMCkpvZSBCbG9nZ3MxFTATBgNVBAMMDGFueS5nb29k
--LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAv1X8S8uUpnjTa
--3bv7m1jJbbX7bC9w7k4TfxiU5XL/m3EhN//EUBJSoamy6vFC6oy/6jA8XmptlVrY
--Sp3ZKFdjdZh+CyYZKcrv4JReF2lfRIINn6d6EgcAobGTNwdcv67xuNtMi0meAvmK
--gLjOa/IhCHNC+l8vNDJx/a+7mxH+yNxPL6lC/kJMja6oaYndx74WJpPC22LJ/cCp
--xspKKsoPYYjk0BX9RvbKO8s4b86Wjzzntht+NpQ4LLh9XwPZog11qGE4UIrsV8XA
--YxJrMGQNZd69cnCOz8vnOVCszFOa4qVvXeAGr0iFlZAXbQJevpiiXaXHMEt8C1qH
--xpcW8DcCAwEAAaOBmDCBlTAdBgNVHQ4EFgQUw8nB25NP0gUaFCrOwAO5KzllnREw
--HwYDVR0jBBgwFoAUCNGb+ebVZHCg8Wsanu1S2t31UEMwCQYDVR0TBAIwADBIBgNV
--HREEQTA/ggx3d3cuZ29vZC5vcmeCDGFueS5nb29kLmNvbYENZ29vZEBnb29kLm9y
--Z4EMYW55QGdvb2QuY29thwTAqAABMA0GCSqGSIb3DQEBCwUAA4IBAQBUnDMrg1py
--8/iYXzs11Qbw7bBhc/HQDpu5QVgriaX2zDUpTLSEUV7qZFSHmwWm91ILw2VA1Xni
--ua2sF19o/tJT0ZHpapkfqGpfsym2H04NDMKy0l0fSZhlCB5Kv5wpiFt9hBUrxS/2
--Dd6Kg+Ka02nD5QBXSAk/xz0FmgezzGGCLjg85/Sfe9Y7tNhQXh3HuGXuJizYccdQ
--Fh1IAFYW3DZoDKS7dDTCltvDEma/2IE684+CRJiA6PH9rYfJ1CCUfAMpyA85CxKT
--P68GDKI++WoUgM8LDfxS0KOL7A9cqcpM2L27hjyEgnqIBPHFfm9fxztBotuCTl5L
--vRlTFVjv65nn
-+MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-+IE5DIENBIDEwIBcNMTgwNTE2MDIzODEzWhgPMjExODA1MTcwMjM4MTNaMFQxIzAh
-+BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAxMRgwFgYDVQQDDA93d3cu
-+ZXhhbXBsZS5uZXQxEzARBgNVBAMMCkpvZSBCbG9nZ3MwggEiMA0GCSqGSIb3DQEB
-+AQUAA4IBDwAwggEKAoIBAQDTqvf6j+WxCtn4RU8/6uXXgCTcksv6NDXCZ9JAz4Vv
-+cQbJfhFbDWpGZQZDOCqwtj+7CSVIraxItHzPlrt36cevsoPmpuqGbHrUaOLneme2
-+x81SXUq0z/DmDvwxVENmRj1u7iCt3sL7awcid4SiotLOY2F1jBazmqprqKZBUiyQ
-+XqpSp+9uSav77ydwDXCrQozBdns1YRshgU9omQrTcIqHCj1f9Lo+A2y4+TZYZkvS
-+DuUZiTfPTPouR6sopM8JLyAZc+TvFFncEg24N+zz3O3jwH82BZEjzavw92J9npJB
-+UXvKb8O9z7UA65WYuL2he7kSQCsPNLoRWZnVpchwr3VHAgMBAAGjgZgwgZUwHQYD
-+VR0OBBYEFHvLhGWckFjVXdDI3ds9Wti6zgXAMB8GA1UdIwQYMBaAFAjRm/nm1WRw
-+oPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwSAYDVR0RBEEwP4IMd3d3Lmdvb2Qub3Jn
-+ggxhbnkuZ29vZC5jb22BDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEwKgA
-+ATANBgkqhkiG9w0BAQsFAAOCAQEATVcTyrAxsehdQNrkL6kquXxWlyegJcxvVxUe
-+hfh9+Lw4620b2S1/l2YxFM3peLAsRgJOznmJOeG18+y7/kx/3UNqYGY7e8iJQ3Gl
-+JwDIJp5JCaUOlodjhMJtRc7jn9RcsL97oizXdcryyWT0vSlM9Pie9NtHG5iq5X4+
-+oL3X8+OG25MOkF2h3YVCEG3vDu7quyTlHc2ebwpdLZRndcOewO2Cap1ettyWXUPP
-+Mha6wyJE8LJhrGmrI8Lw+i7gGscP0xYZn3yCLk5BtOabn4dvCiDmb+TPruKQQARw
-+BG45LEZzGxz+Ad3xRdZyVi1I67v9YShoYTCpMTSxJaR0erH74g==
- -----END CERTIFICATE-----
-diff --git a/test/certs/alt1-key.pem b/test/certs/alt1-key.pem
-index b5d4d326c5..6df050a38f 100644
---- a/test/certs/alt1-key.pem
-+++ b/test/certs/alt1-key.pem
-@@ -1,28 +1,28 @@
- -----BEGIN PRIVATE KEY-----
--MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCwL9V/EvLlKZ40
--2t27+5tYyW21+2wvcO5OE38YlOVy/5txITf/xFASUqGpsurxQuqMv+owPF5qbZVa
--2Eqd2ShXY3WYfgsmGSnK7+CUXhdpX0SCDZ+nehIHAKGxkzcHXL+u8bjbTItJngL5
--ioC4zmvyIQhzQvpfLzQycf2vu5sR/sjcTy+pQv5CTI2uqGmJ3ce+FiaTwttiyf3A
--qcbKSirKD2GI5NAV/Ub2yjvLOG/Olo8857YbfjaUOCy4fV8D2aINdahhOFCK7FfF
--wGMSazBkDWXevXJwjs/L5zlQrMxTmuKlb13gBq9IhZWQF20CXr6Yol2lxzBLfAta
--h8aXFvA3AgMBAAECggEAa073DcqQvhq3DSIw4wm/+DfW5nwXzF1QB6XAR0yI453j
--IuhEnzcGPeKuLBmZFxDWoptRG8fpCZFs4kPSTomxFGizewlp6O5ykfPAKR2VzMwF
--geCiWPL0f+dWlD1Byu4moXsASDE6tL/UuAAvnl+7R2HvL6SfsdGiTQc4qAvvyukM
--szks+MePHSlXmL5Eld7HfKgpvxY1SbYOQU0aPXAQAnLaOT931q+tgZMG6nBWN+pu
--w5bgKCA26BMAAaUAdIIDEa9fjzkpXjElCT4qhJYVKQn9Pb7aSc4jihSpCknqbb9c
--55nW5PWMZJyCbCOUG/SVTblXV+NmhdtwrgUbHImXIQKBgQDcb/7vp+rq06uNx3b4
--AjTZdzCVbHM8gp7b1GkGD0SncrzX6RxPSzNn7d4AUKY065bwa89A+TRwV8DSo7G8
--hxjzdU/FKCg8ce0eqoCtWjIT2r+rV2P9dFhfRT5jdOwHrym8LeSGzANjIBNV7FOf
--FIRkQ1BVD0QSPla+26ASqsw60wKBgQDMnEzChQWgAsBelALmGaj/wDdWDUXK8xRg
--s7dG1Sx41SLk39SAjCUYXPyy8IHBitJtPZNDp23tR4/m8Ui1pB2T0EnlzBsuzrZ/
--0aCbJnQ08FXE8iVajrgce4ZCdT8vkeH8EVhqDpJIlAhoKy3HaoAr4o2/uRoGDpHZ
--iAbDLTEOjQKBgFrp4dXLhkqFNArMShetKUjLLIFj8f7xzDzT1ODH6UO6QYI2xRM6
--65+gbd/pYzMOOvk7LYYZgXQX7RGyq3oaqcK3Dkg88KNFRUtRfLKCMYcYv9YVu8pr
--cosQTtPMBBCDQI44yziA6aC3OOJGDpLcbmG/lWEPY762cSZUBCfOw147AoGAd8S+
--AdcPtdwmcrY9BCfdDuea/JoEUon7UaehDqtVvt0z8bk7kIt4Y0x69ttleL8j8aHr
--g9yLsisDhvGR2BFa5t0zhHn3J20E0skINAlMWHieHAyJ5PpJtxJvQpOTCutf1sbo
--dBxXcHiGe0NbJrGmmQmiY6mcHBOHOEgxfSoE3zkCgYAc+ozIr3xmUcooUeA7uqpd
--LvGGqHThGrtXVFIErOIcajC9bHEeZw4Do/oT5L7Wr7pOZ20VUmuRvwytd7IYYTVV
--g+nIyKaMttEaCzHEsO0CQUHexOkJbL4rpc3HiK5hIhL8Yo2L/obQgCxYmvyChpo3
--sXJAoFllBNfAK3aanFOR1Q==
-+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDTqvf6j+WxCtn4
-+RU8/6uXXgCTcksv6NDXCZ9JAz4VvcQbJfhFbDWpGZQZDOCqwtj+7CSVIraxItHzP
-+lrt36cevsoPmpuqGbHrUaOLneme2x81SXUq0z/DmDvwxVENmRj1u7iCt3sL7awci
-+d4SiotLOY2F1jBazmqprqKZBUiyQXqpSp+9uSav77ydwDXCrQozBdns1YRshgU9o
-+mQrTcIqHCj1f9Lo+A2y4+TZYZkvSDuUZiTfPTPouR6sopM8JLyAZc+TvFFncEg24
-+N+zz3O3jwH82BZEjzavw92J9npJBUXvKb8O9z7UA65WYuL2he7kSQCsPNLoRWZnV
-+pchwr3VHAgMBAAECggEACPTB+1sdV+lioaulF8pDoWOtq5uWf+a3o5sq/U0Kk1WP
-++PSZnWWq6oGZyzxUKhf8CFjxt+qJUKY6Zbo2AnPk3B1MkXTclYV/iP9LIoo+WzCH
-+EoYaBB6MTd+ycg/jri8oqEnxHgo/681yhtXRyePj0ZHI7OVZjI3tyhJfvoHQmuci
-+u6qYYUP0GWuyM+kHS11vn6Q1U8nOZWvXpEDXDDdJ7+2QRuv01AXcjFxpbFzkMn2W
-+JkhKkCTIQpUU66VMRHwNexi+TR2rRESq0G+fa+6gaVFVIs0vBukq48IeC5W21j1L
-+zyftHxci67FlYC9iaiUxDVt3KB+lcukx6Cz5mjtzqQKBgQD/GrAtFfjiXKj9O5ld
-+K7dnnBHE8fzyWQWyOfwpVjNAC1J7tgwFvDpBpTHOwS5JnCwMWWM3rkBPRhCusmrF
-+AtfE8b643G+cJbTgDuEhGh11QR0p9VWMVFQL9kZxx12PegDtFBfzcfcI3XQwKVKL
-+ZbQn4ibW3BKSt9+Nh3APa0s5iwKBgQDUaTxZBajTdzoDd6Pg3warL5BhsxWr2tUQ
-+qf+iVoba2Y9NTBdxBht2whSaYweU9kxmeNZvnCu95B8HeRGE69Dxb7IWwpsaxoaf
-+ND0NcCF7aPZgx7hvhbHF7duzt3nuv+q5sOuuyHPzm+nF2snAuY3Zg+Bpv3nlYekf
-+18aXZdwStQKBgEpF8e9ei1UUl1sLZC6dUMvIw9+sePHye1cVzNYYM9m8sio0qbFt
-+ySRdvW+uDRT/dE+wItQOVsj95FOIvM9ZcYr0u4vFGnXDALOPgXqKyPLfn2cc9+hg
-+kQvei0oLOrFQWz6rcAHAN6WMHIz9KvxNAzPtg1NhRcMT5/Gj8jt7CK7bAoGAIeKz
-+7OO5Phr8F0eDzkDmGHMbDmr6XxMnAGSOUoCJPOqOMN+dsbsusHBfxw1bTUlJgONw
-+GhgI5l85EAEhaVoRWCLgfz8GbWwUV9uGjdlAjiZ9f4z9AFWMua2rae0wN4VIVd1C
-+i/yQeuF5lsXDf8paNcQTDeus74oCHcFXfhmS1S0CgYB2q8E+H0kFHbUxkIZYwhsM
-+r0lTecn+kVsyPPje2UlzfTwvcC9dFIC4ppCdJGUJAwi/PJnr6xNyOH6I1pjUA8ER
-+Aofm4Oj2DwX8W+81oO71/RXSfEFUjdOw0H6iRDyvWa1gqftj2/aWjV7Ifdo49thx
-+EzX/9GdsRInifN6FfOfo/A==
- -----END PRIVATE KEY-----
-diff --git a/test/certs/badalt6-cert.pem b/test/certs/badalt6-cert.pem
-index fbe040b52c..f41568f6ee 100644
---- a/test/certs/badalt6-cert.pem
-+++ b/test/certs/badalt6-cert.pem
-@@ -1,22 +1,21 @@
- -----BEGIN CERTIFICATE-----
--MIIDljCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
--IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMGkxIjAg
-+MIIDeDCCAmCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-+IE5DIENBIDEwIBcNMTgwNTE2MDMyNjMyWhgPMjExODA1MTcwMzI2MzJaMGkxIjAg
- BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDYxFzAVBgNVBAMMDm90aGVy
- Lmdvb2Qub3JnMRMwEQYDVQQDDApKb2UgQmxvZ2dzMRUwEwYDVQQDDAxhbnkuZ29v
--ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKz8F/ndKz0vuv
--BymjTUjtrWSQsnsuisR+oW8CIliNBi8yqqeNrtoa2s+e2GBC7gxDlK9IOqGo4Ulu
--9jY5On6RysrFWLpK97I7EP9cg63alH+NRFEwczRzErHtYx54yiBjcovcCVeTtdnd
--7/P4T8hIGy6QjdW68lzwnN/I9x11NWoipIKvAOGXz0L/WaPPWZ0GJFlBqEX//O3+
--6sweSUX4ivAC9txou3rwDA8kJx5Ge9trQ9dPPG/jpL96f1DLE9H2SkVff1KLTPmb
--jUwiYj161lsKLxGkbdmPWRjt1pP4+5UUhioo1Y0WrTd5ELwB1eKTtWsOlRsdLOa8
--1L6m8ngXAgMBAAGjgZgwgZUwHQYDVR0OBBYEFBIKyD5bUUNIFxlQJl/rBvvIm0XZ
--MB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwSAYD
--VR0RBEEwP4IMd3d3Lmdvb2Qub3JnggxhbnkuZ29vZC5jb22BDWdvb2RAZ29vZC5v
--cmeBDGFueUBnb29kLmNvbYcEwKgAATANBgkqhkiG9w0BAQsFAAOCAQEAa2lydA7a
--YgRhYeIuPEtR+bKyDkIKNjvx2IRL/FL70s/IWFWDK1rpsMYLGNa7rWpW5gq4T6zb
--JIwC/770Rw1p+0j9eAC95d2wCEhyNcLdoP4ch7whr0MhxYHUJ8zQGPdQ97DWGoEB
--2seLjrhMrX004TM4UlM+lpjsb88QEcD+kOEhdDTKm0ABUygOr1KRay437mtUhAzb
--WyUbAjKbhgyv6IFRNHKy6YtCMugPihn+Pd1NY6c2ACRVOAUS/+rvVyjxBCATW5Wk
--zAtNIxYgcm3rYRroGYT2BGj8Ic7oqPOWPdGWhsieX0c+y2ZnS727Kwc5tXFfW9By
--GH32QmEN5o5jZQ==
-+ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl46xhstHmmYhp
-+XY/FcnQStR4XHtHcNRyvq1perl0fezeCY85KkddGppic5qIWQDL4ViP3HfvhMlDZ
-+E0tAjEfr8Auac9gpa2IFVJAzMnnzOkhO6cr5kmid4392tNCG5sUWS99t2Z4f9sOP
-+DQKdoN7lnmxnpZqNf9NUERsN5i4fcvErfQZ4LqV5ld810ZAQZUfarn1rg6/U/ADc
-+qA0uQgk9RxVgSDt3M5mi8AaC73Be9nAefXQUybzs6J8EfsDijhD85msxs4Fha4pg
-+gM+bXHv9C7whxM5F2WTeET0cIcAfE3+jzQlkjcjlS1rTEq4d0Pd+1rXkhMwZeze2
-+KRL2Le8jAgMBAAGjezB5MB0GA1UdDgQWBBRJJljvheyfKr9neNplhIMIFx25QjAf
-+BgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa3fVQQzAJBgNVHRMEAjAAMCwGA1Ud
-+EQQlMCOBDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEwKgAATANBgkqhkiG
-+9w0BAQsFAAOCAQEAPfRFkpkTsPlH54n/i3kxR8Hw17kUOV0/v39fnNzV+PXS/IIU
-+9OFfP7qNeuoWVQKXCwNWGWYXb7O0LNJMJQWWtyXtzWH3rOSxdSRIrTsCVHA41Lbo
-+te2nrfnGMtg6em51Do6Kk0JM304sVAWl5OY/eckBmuDgN/5WfZudOLd8Ohv8vZ6U
-+ZNoSBNpu1x5gfEPywMUGAgbkNZVpzNAfulx3/D2kWk0qwEKqnphUyaXiTVqO49gr
-+n1LwSVdqBcmapBmEO3puV4TBWFwM49iMMNGn0fp/JBVsLjt+q7TK96qGBo/BSEL+
-+e2TXTNpdkn3l+ZK2FYdf7s8fytoe+6o92dN+fA==
- -----END CERTIFICATE-----
-diff --git a/test/certs/badalt6-key.pem b/test/certs/badalt6-key.pem
-index 203a4c7a00..782d69334a 100644
---- a/test/certs/badalt6-key.pem
-+++ b/test/certs/badalt6-key.pem
-@@ -1,28 +1,28 @@
- -----BEGIN PRIVATE KEY-----
--MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDKz8F/ndKz0vuv
--BymjTUjtrWSQsnsuisR+oW8CIliNBi8yqqeNrtoa2s+e2GBC7gxDlK9IOqGo4Ulu
--9jY5On6RysrFWLpK97I7EP9cg63alH+NRFEwczRzErHtYx54yiBjcovcCVeTtdnd
--7/P4T8hIGy6QjdW68lzwnN/I9x11NWoipIKvAOGXz0L/WaPPWZ0GJFlBqEX//O3+
--6sweSUX4ivAC9txou3rwDA8kJx5Ge9trQ9dPPG/jpL96f1DLE9H2SkVff1KLTPmb
--jUwiYj161lsKLxGkbdmPWRjt1pP4+5UUhioo1Y0WrTd5ELwB1eKTtWsOlRsdLOa8
--1L6m8ngXAgMBAAECggEBAJNMHK8BAvzTqTPPsfAGu4bTvgxRdKGy609FFAiqxUF3
--UmQsCZEfgwyqCszFPfSeS43xuPRukObE6L6MV4ls8GwWqvp1nKfCClJX3/9jK6tq
--2tDQ416a7Wb+FvfgW0tDEg7oLKfcqRyAoQFNuxWHbGDiTQlz2dzzFYkzhlzBDUYH
--/pu9qkNFGfYMFwsBUd8pp8zMnv552CCIgalBBFr1hy9q47HBaJPaF2/CjZJmsqkp
--rVMBH7+j0y1DW3JO5rSKcRdz+mgEd9m/yQIazvBPJKxeGza8JfLBuACYFLIoO1S+
--b8s/zmQPHeZwTxSsM64M1uYi4dmJy0viozLlWsjrE1ECgYEA/GxGG/lB1mL+Hzmc
--kXzWmA2nLPxZXGxMBOYH/n8l4OyDmKi2Bmly7kS0kLdY6gYTVBWFCRcvPxf+UJu9
--x4NcKDkjXVXSg7Muux3Bh1JoRCOKB2Hk3pqdDe55GcT5bSikkd5PYCNobcnqzSK1
--HzKveDdukraZxIPFpVs1VM9/gxMCgYEAza+BJUAEWoq925a1RKlMwdXW1ONBhFqU
--fXon15fgycHkiYIBGbGE65Oyz8BwE6jNAT+SwKlNCc6jPAkXvEUpczEi5Rcox8Ec
--hNoXBHcBxHEhtfV2VKX5I9JFAadmvnfS5St7HjRLzE2Y6xym1+fKfnAlSLpdb3W2
--eRqVBi3F020CgYEA6K/yrQTHwRX+BdC42JCIzSAA1IJG6eDW7skR43NX+pBr+sTD
--DwQTszrYbHLnXst888zmluutXO8EO1Bl0E3yHQ4W4IolhcweLtUOOm0nunA8Y/PE
--48MJNfd34N5nw01s7x5Mc2YQdOxmKvVsmzbA9AO9RTdYZgPGpVh/wA+LDssCgYBh
--F2+G/ekQNF3awhFfD+vDtAVtCLlsmLVvZbJY+sCJfJU8s7mBP2LXMSk/GD/Ph+b9
--p9zGRSSwdHJpbIFfxeYDEja+nWgKowWrUKd83BBhgmW/Vtc8rfwlBKS+Wx8M2dMb
--iqLbZyRAlICSuzumvyu+84EmC5L/gjlYgUvHVuQDIQKBgHH7q3hrKI5mQ0BR9h75
--4yP98c+Duz8IsQllIG0gzCiiOYIVTl3uzTCa/E9Sa+jG+kFsCeUDchmC6LmHdF/Z
--ZHfECcQT4B37xMMwvjwNW7E6/FyRx3XC762Fd5vlz3fBuVKburfh1JpfpcO85Wvo
--R1UfsJugW9Yetsqd9WB6q3ln
-+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDl46xhstHmmYhp
-+XY/FcnQStR4XHtHcNRyvq1perl0fezeCY85KkddGppic5qIWQDL4ViP3HfvhMlDZ
-+E0tAjEfr8Auac9gpa2IFVJAzMnnzOkhO6cr5kmid4392tNCG5sUWS99t2Z4f9sOP
-+DQKdoN7lnmxnpZqNf9NUERsN5i4fcvErfQZ4LqV5ld810ZAQZUfarn1rg6/U/ADc
-+qA0uQgk9RxVgSDt3M5mi8AaC73Be9nAefXQUybzs6J8EfsDijhD85msxs4Fha4pg
-+gM+bXHv9C7whxM5F2WTeET0cIcAfE3+jzQlkjcjlS1rTEq4d0Pd+1rXkhMwZeze2
-+KRL2Le8jAgMBAAECggEBAMcDjTTa2GmYWoZUr+UPizqyvsTnMmg/NoFBhy9WJVne
-+kpR3kJvvm30XNiEGbCV1GGryL5p7w5UVuPXjhQ7xIkY3feQNC4H361iP93HK7dXJ
-+i9V9AfGCdLzSuILsT2Wpm88MifUQIpqrRmqtqakKHkyMFG655409rpYlZNVogl9H
-+vzrTE8rjysNMjP+bpbgkxUJfeATw8OYhEwd9ahj/E0r0r2enYhGEP3j+1zYsGdmM
-+L2Uy4M+modaAWpZg5pUWpFjxl+V2cSJHdaQc8KYg8Z8RUyzYipFk3YzjP5jtprq5
-+dHf9FqlcXk+MtzcYe+x8mIb3uwZhOtdpnUqe5l+GTyECgYEA9j++rS9sajQzMqp0
-+p+EptacD/p7A3wldIDGEpPJsSQL+vhcigyn4iPCM1pGWR4iuR7Od9RpQSf3Tfnqc
-+ZwUJQOpiYpxo1+QlqlBJkDjDRztp+kETZAgzc084ZhwQv9PfYyxa+8layQFhnClt
-+Z9G0o4AV1povVeQLO5+9CQZQ4VMCgYEA7v4WuydzlLGKppsJEG8vvieR64mjOfO4
-+gHBMEYnzEeTZPDvIfEfguM1upJCvt5GXp3huVHCAsFgs6kDjVbpIL1A2HzrMPtOa
-+MNDSOrpuLcakAgEgx2VFv4TMnA1QKPg3//YCqEqqTJyX0C4OwaADRZJS7YfHp9lg
-+mpv90baE8PECgYAv3oxulj15F9SsEL7Es9yr11/La4kK0oMr8vRaLFYoi1CCG3U2
-+Ej6iQEDgpUSVe1iFz8DxGMBq4dDvUV5+GFiIKggeK1GmRk+cICdsxdwQSNh9MZFX
-+bNCzpb7M+r+2yrUuTj0RnT7svDwBY3xFJlr7PbcBFNAG3mHgoVjaHEQ0yQKBgHbS
-+zepvSv/65bzACFmrbklU0zAQVp9RlcIGE0wFEl0rMvbHon5oHkrDmOcpKLRUJtqU
-+/gXtiY4jyPEPIfhVjd44OzB7w2DZRChRKrUYS/9ma9SzSuDYcT0vgat00w4Lm4wf
-+fGK//Lvqf3B59cw/CmFkxuZiQ9ooMees9x11adOBAoGBAMdb0r8sAtgh+KTbA8Kq
-+guIWiknOk6/LYUTuT3fidPIPbErrUQQR9WWHuXjrj2RyHI/RLjYLFamikvhU7PmE
-+jPjPAo4p1a0WBwrYgjGDIRjTVjbUK282vuYkunGWYfgnZurAyjJCndL/eNZuX2F5
-+m1rTfab8O+tOOGKGyzfouD2A
- -----END PRIVATE KEY-----
-diff --git a/test/certs/badalt7-cert.pem b/test/certs/badalt7-cert.pem
-index b515ba43d9..4fa81b3c6f 100644
---- a/test/certs/badalt7-cert.pem
-+++ b/test/certs/badalt7-cert.pem
-@@ -1,23 +1,22 @@
- -----BEGIN CERTIFICATE-----
--MIID1DCCArygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
--IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMIGmMTsw
-+MIIDtjCCAp6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-+IE5DIENBIDEwIBcNMTgwNTE2MDMyNzA5WhgPMjExODA1MTcwMzI3MDlaMIGmMTsw
- OQYDVQQKHjIAQgBhAGQAIABOAEMAIABUAGUAcwB0ACAAQwBlAHIAdABpAGYAaQBj
- AGEAdABlACAANzElMCMGA1UEAx4cAG8AdABoAGUAcgAuAGcAbwBvAGQALgBvAHIA
- ZzEdMBsGA1UEAx4UAEoAbwBlACAAQgBsAG8AZwBnAHMxITAfBgNVBAMeGABhAG4A
- eQAuAGcAbwBvAGQALgBjAG8AbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
--ggEBANStByWr70u2A49OO+LYu0ivQP+uBu2n3E6RoEYf+op/+JF3clwfMQCGqiSg
--QxOJMHkcu4gJDudRLCSXqHPnR0hOd+mQ5wQQJmLj8A99ImcD2oN5R3V5I4bSlXP9
--GCq2pFDnwXuEcJ3d2Dt1HYO4jA4Ol/RBT3NIqmwSnQzXv98mjYFpy6AuAIaYGmbh
--1DLWxsTPI2NjNafJYS85NrQDLkTpq48nCmQCJ+ly6Zzu7WuJiDKD1Rxs7ZwgNtLi
--Zhp41TeFHxCbfSFKe9u4rnUmImKxwgc9KuzOLpLAzD9avWpPGHtkCsLFsiw/EJYf
--UdeCXc7tz9WhXZzOk/ffLOcrorMCAwEAAaOBmDCBlTAdBgNVHQ4EFgQUwYsR1XfZ
--2cPcAR7i5i9obalnJcIwHwYDVR0jBBgwFoAUCNGb+ebVZHCg8Wsanu1S2t31UEMw
--CQYDVR0TBAIwADBIBgNVHREEQTA/ggx3d3cuZ29vZC5vcmeCDGFueS5nb29kLmNv
--bYENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2QuY29thwTAqAABMA0GCSqGSIb3DQEB
--CwUAA4IBAQAN/klfzMLi2acp5KdH9UZR4XCk3cZBOuMuI0vU+wrU/ETgY6rFhAwY
--gSZsO6vX0mt/G6QfOmY5+kW4FY5XavGhhNVY2x5ATZKvQCf+orIsUHOBxVTjH6az
--uEnxGDRTbjXSkBTCTSoOqdJNeOmEwiaHEVy/atumUW2B2KP5FeBGdud/94c4Q9/O
--WBJ0EICGF6hYTDra63lAjxyARTvocVakIE8zytT1SbU4yO05mYPyNdXxiXikepFE
--phPQWNSLx4EPBIorGCFj7MPDmFCH/+EjDjGz3SNUvqsak6MstzK94KVriQyIHKex
--IL5WuKFm0XSGKTX8SzyMGErMGeriveL2
-+ggEBAOG4PegItzkmJDwlSA/FyVHWLWUIQrnxgS0KSds3On2CMsjDJ+X77B4s1IPI
-+yKHuqNbXqV/hJGAxKnZRZe0D6VsmKlYOYpz9QtFxvpo5DwA3q6BTx6sIElFn/lip
-+Pbu5ZeIMNeN4bot7x5sBobr6OgidAVaAuqQHHJnD7mQ1s22qY0UqkBqNBhhJWOmx
-+YC0Q56WDi9+C7Cy2+kiiSlT4jCZ8m1K0F7tTK5mF0p4HppXmXLzcecZ/Sw8jOqQK
-+JM/4UCj/nxWCGYKWkv8zLJtG+ryfZMf15/0Cd1dzHAS9mYU4mFssPdFyT+WFpw7b
-+K3TOTXkS/tAPbj0xin2wqBJz8m8CAwEAAaN7MHkwHQYDVR0OBBYEFOWYNq+H1LH6
-+lZUpgijb/S/sAiDsMB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkG
-+A1UdEwQCMAAwLAYDVR0RBCUwI4ENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2QuY29t
-+hwTAqAABMA0GCSqGSIb3DQEBCwUAA4IBAQAwUxnqq0gBgKmEHIRgZVu10KtOknjt
-+p/wEcqQ9METvXb+4/a4U6ftjTgaOrPVjamNFlaoUcTgx2nk2zRsjM+e+tpnxDgRR
-+/yoVB3HsISpdeN70s/WYAgvev/FdV3O+JWhUYHdKrDB4DMfPhlRIfSgOymJljo6+
-+wL8qa7lVonF91Im4SCbq4dqtAnbg4ttblQ3yjFfQtuwzyJD/3ism6FQPLbg1K4eu
-+1Si0EDL4Fct581Gb5D+NU8PYiwg7Nk8ubNlRHXydoVGDLmT0hLE+/IsPd1M8tMqm
-+sifRl2Is+lGVeg4pPHFjB0npTNkaYafu89dz/3PNRRr5If06B+apk4AX
- -----END CERTIFICATE-----
-diff --git a/test/certs/badalt7-key.pem b/test/certs/badalt7-key.pem
-index 50557e8968..b453f1ff30 100644
---- a/test/certs/badalt7-key.pem
-+++ b/test/certs/badalt7-key.pem
-@@ -1,28 +1,28 @@
- -----BEGIN PRIVATE KEY-----
--MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUrQclq+9LtgOP
--Tjvi2LtIr0D/rgbtp9xOkaBGH/qKf/iRd3JcHzEAhqokoEMTiTB5HLuICQ7nUSwk
--l6hz50dITnfpkOcEECZi4/APfSJnA9qDeUd1eSOG0pVz/RgqtqRQ58F7hHCd3dg7
--dR2DuIwODpf0QU9zSKpsEp0M17/fJo2BacugLgCGmBpm4dQy1sbEzyNjYzWnyWEv
--OTa0Ay5E6auPJwpkAifpcumc7u1riYgyg9UcbO2cIDbS4mYaeNU3hR8Qm30hSnvb
--uK51JiJiscIHPSrszi6SwMw/Wr1qTxh7ZArCxbIsPxCWH1HXgl3O7c/VoV2czpP3
--3yznK6KzAgMBAAECggEADjQ0Kv7tr3fLixGljEP/Vh5mT+02hz7TxueQ9b4DBKcB
--We3JVH+8zRUxXdraP/7EnwIdQDuipC5WrWb3mC4VI64h8hZ8Z1gQyEAC83XfC1RF
--jsxVynG5vrJnyuRXbdre5Ixl7rLsto5vd6EdxINZz0KIQYbvIHr07tzbYlUyelvA
--mu0kYdtbjm2p2AGJJ99zN3EiQ9lZDyiFirOXEA9P/YdKKVlIwpDPbn/TmNY/k6Ul
--mRxgAJKwKiR6Gg3QMdTUKeaXBpKf/pa+5rzR7zxNbiQO3IXOVx7ZzQ2R0Wuivpqk
--yjMaqUa7dDuvtIHJBpJB7TIL6SlQkiS1lEQFhO7EAQKBgQDz30obdymxqQVy7IsH
--NLo5xRX1hRRN9h34Y4qC0JXkCTG1fWJ19KYHod0S5peaIo/ThDVf1UXln6amdCjM
--oIfhmo0baNIdMMpxxBdsdLfUKwyVh8qROaBscPE4FGBUrfEW/wSn1WRYcWh+oda3
--LuLVf5Qt9a9f6ZYuy1X6dDi8swKBgQDfQJTSFUNkV8yKfMX54x0DcUkiWOu3LaET
--GSu0UXqBVn1Q+u6CUAkh5jA9fpyM5sp9+t5FuwjO+ITHfiNFoD/LCeMUfYVDF7O2
--uCLTsN+7gTGpKMnfL/rg9exrsfDdsmbQe4BhrUFBsYfKgBlBraL0QGD+25qgU8CS
--CQ6toGCCAQKBgQDCYJskwRoObPXW4AsAN1qnaRtTkjrY2O6SaGSiV7bhByMD0WiF
--M/aR5sXapsj3Jc0Vfi88rzUDDPk7eyJ51wn3G8SUsDuo4Ja7jtxMqctL5PQmyxD+
--J7xiMrNRS4xscifTeHgxfbh5dgsfw8bsQwaxvPpSl5ytCfWWXqOs+K2wWQKBgBM4
--Mher8PNQg7FgcILExJipRgyI7zID4ZwNTK/nW86KrZstHx9k2IRslraUkdGnhMM3
--t671HRsEVhn+h/bUhulp3nzDGZffEH+odocW8QvpYWcYtdha/xQi18mltgC//Q3x
--s+m0yqtnJzONt57p3d99M1x9d2BaFXf9A6B68BQBAoGBAOatu9+wGaIEB//fpaQt
--mnsS2XBJco5gHTjOegCSNe3gQQsB5mhTEekOeMzJ8WLTMVXQVCXx9/8HxKoycbq8
--M/7ScH1iT/wJTkSsjyeycUgH31GPeRvmo9YU2PsW3NN6ZyNpxWJFdcPYHAzZqJeA
--cZtQWiEyaf026DdR8YBYn6tf
-+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDhuD3oCLc5JiQ8
-+JUgPxclR1i1lCEK58YEtCknbNzp9gjLIwyfl++weLNSDyMih7qjW16lf4SRgMSp2
-+UWXtA+lbJipWDmKc/ULRcb6aOQ8AN6ugU8erCBJRZ/5YqT27uWXiDDXjeG6Le8eb
-+AaG6+joInQFWgLqkBxyZw+5kNbNtqmNFKpAajQYYSVjpsWAtEOelg4vfguwstvpI
-+okpU+IwmfJtStBe7UyuZhdKeB6aV5ly83HnGf0sPIzqkCiTP+FAo/58VghmClpL/
-+MyybRvq8n2TH9ef9AndXcxwEvZmFOJhbLD3Rck/lhacO2yt0zk15Ev7QD249MYp9
-+sKgSc/JvAgMBAAECggEAZG2cJawTEXtV7ejMii//Jck8g1JMlfzM86Q7Pizxejw+
-+qjKiguI2qSpbF5NzKRFNz+E+e+lpTN8zPFd1GSJ/Zk2x0n4uBBlu7E9GdcnjUb5z
-+Py9njEJYHB4//WS3kdmoag3ywBWqYaceJWpxcga5YXGx0bIO2MJNSGDzpWR7Q9QQ
-+tG/lWmno5goY2BxI08BTKSlqNIBkg/rr9jJo3axRcEmbx7hj4vUkAlypFKtmR4dW
-+bNo0f6VAd5Y6c9YbnKybR/44lScBksuSkZjm076cbbbp5PpsiLGe/12bqUcwCH+T
-+8hRVndmOLdOxC11OZOvMbX6x2uXNh3/Qr/GMyfzZcQKBgQD4we7E9vOygk1J5Vbl
-+1zETR9x3dujpBBx3xaHXUSJNUTNwmnZ+0JoFTqPkRmmPMNK7XfZuPymBehtk8WYt
-+NnezM2UNTdbfVOnJWnU6igRNGBaDW6F9AezlADBNwIbFVw6RqP4fTUFsmm9TQ/8M
-+4kZmmlW4uLZyX0WQO+AJa7NShwKBgQDoSpnQgmWqXMcaHwY2l8fEDuDc41nDoJIm
-+/CMppPbr7GkUX4OU785p6E0N0o1ONt+xCBT1lxHwWEeMAKZXrNC1XGpfvhpVZ72v
-+VruATDFs1rcL3S2Sty7A+jhFKKXlGeDWNcpaKY8nDvv2uJG0+J3bLprdMqnY/gQ1
-+C+FzyQ6S2QKBgDnHIaRSD6xoo3cEc7iS0O0/ha+hyNtGfy46kyqlx6fZsm73EYrG
-+/N86ssp0qFP/7RJj8rcMqKFQMUiy4R6jRg4zY8dBSyU4XczM2+mq4PDfJWuBPvMA
-+HXvbHV0R2LvBSrr+W3f9w7Jr9GuMoZLmg5+VPU/YZ1gNVOT5Y0IM5+vFAoGBANx9
-+CzlGvLeTrw1VS3GAaobn1Hr2dlrhTDki9UFvK03PLgK/ksdJRLV0YcdwBt6p6XRB
-+hpuC1O087lSuvTXVfJnZacMNUDOm7/7BpeJm8DcuK7tgKwTrSb61A7ppleY7xRWv
-+Iy6n6hCaAYIzuWJ85mGJAEhb8apdmqK7bzmXK3UpAoGBALdOvJfqbF0YlHbdQCVi
-+ftjtxs/dZKdF1rNARR0VMqUtZX+WP2b6OPXlwux94Cr//iNv5ih3B4Z4LIgTpgBJ
-+AKGXEBGMMthAlptC4BcOAEs9cYeWGLAoYk8jpNmXvXjhGqvzhPO2YrX5xy46dVOG
-+iiCseyA7Kr8Axt9QhUzoi5f7
- -----END PRIVATE KEY-----
-diff --git a/test/certs/badcn1-cert.pem b/test/certs/badcn1-cert.pem
-new file mode 100644
-index 0000000000..3b3bad658b
---- /dev/null
-+++ b/test/certs/badcn1-cert.pem
-@@ -0,0 +1,20 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDQDCCAiigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-+IE5DIENBIDEwIBcNMTgwNTE2MDI0MTMyWhgPMjExODA1MTcwMjQxMzJaME4xIzAh
-+BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAxMRUwEwYDVQQDDAx3d3cu
-+Z29vZC5vcmcxEDAOBgNVBAMMB2JhZC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-+DwAwggEKAoIBAQDN9WI6OyxnW+R98FqrWwMo3JE165bRB8iQOdDP3xE1+bvUMDYh
-+8wFR9gfNrKhqXubJ3lCHKgaApTXNKM/jwrT/pqhF6iNfPIbKAMTT4VZPy4/eI45R
-+03Yn+dJnZLDz7BDpnuhORp8XzQqfxSGBX0Rdr17xYOwGHcruwoitRyS/w8p8EKos
-+/LIDvjzye5GaPXqXkAkcBcLBpWlgMm+j8xE+LzGw1NVw8vWMSpP2WX9kp7aPbh+A
-+jSbT522yHy1r6WeElbSY7WOFvnmgbZ19pUdyz8CN6KKb87dBA0joyWSly5ZsNbjh
-+/YuRhCgRExvdQ6kImwdKAfO7RLkxho6jny1HAgMBAAGjXjBcMB0GA1UdDgQWBBT5
-+fenRjyFKUb1XvUnm4GV9kZmONDAfBgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa
-+3fVQQzAJBgNVHRMEAjAAMA8GA1UdEQQIMAaHBMCoAAEwDQYJKoZIhvcNAQELBQAD
-+ggEBACKtfZCcP/pY8Bu+lb/pGZj5txsmNbJ1l2RVACQA7CGjwfUr7VaQGMuT+FuA
-+Erlh+UnEC3R/e1xQwgJeuAXBOWFkxA61isVSrmM7YM6vDB0+t8N9lMUFjPbRyEkM
-+A5kaSLPrgSOg7ONsO6YGbaWm1XCoUC6Ilrdzy+ckzklgjYRth99b2d5WrjIxEWIq
-+BX2DI2ruetjXYGRzsqSK+O9d4fsqrb5M0ZCNWQZ4WnrMNaAeHWpW6NqSvof/N21x
-+WC5zcU7GXLrDigwWPMDLQhVtu4OihWjsqugh6Jl7DxDBhi8JKO6tJQAISHjKaL98
-+yXZFsQ//q7ATwlcHyB81B+X16AI=
-+-----END CERTIFICATE-----
-diff --git a/test/certs/badcn1-key.pem b/test/certs/badcn1-key.pem
-new file mode 100644
-index 0000000000..dbcf4b5d44
---- /dev/null
-+++ b/test/certs/badcn1-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDN9WI6OyxnW+R9
-+8FqrWwMo3JE165bRB8iQOdDP3xE1+bvUMDYh8wFR9gfNrKhqXubJ3lCHKgaApTXN
-+KM/jwrT/pqhF6iNfPIbKAMTT4VZPy4/eI45R03Yn+dJnZLDz7BDpnuhORp8XzQqf
-+xSGBX0Rdr17xYOwGHcruwoitRyS/w8p8EKos/LIDvjzye5GaPXqXkAkcBcLBpWlg
-+Mm+j8xE+LzGw1NVw8vWMSpP2WX9kp7aPbh+AjSbT522yHy1r6WeElbSY7WOFvnmg
-+bZ19pUdyz8CN6KKb87dBA0joyWSly5ZsNbjh/YuRhCgRExvdQ6kImwdKAfO7RLkx
-+ho6jny1HAgMBAAECggEBAKDxiUHx7cATShm0ElZnd6+dtQfKwv8zsuIpm+hk62Ef
-+d0zYI+UhrT1sIiryKmV9JaJITOtixtQOxl088D+Obrx8cnC4B84rUTVXpnfgVf9j
-+FljDtjpxIZsZmPbc836ZUZoOaICKpVYHD69Mb+NWG+mN2oaLc8VP0L4FXKLzvl7u
-+69NQlTPG2CS61BktVqMtWWc/9CvdOwqwVbckyISj9QLUgSXIyB4IP3bjp0RYSpOu
-+m3nhuhil1G3c05R4UfiE2d9Er7SBBoQ304ld892YRinSgtZqC1G25uZmWJ3ekAAM
-+bg6P0hBd86F/G2TxNdelYrxTazjqZShYi1N48SK6kUECgYEA+51O19Q5XkskD/Dn
-+VfaCjSOTFwDlb5ATmVCrJu+13/5IJfmJgWA6xdqfWoqxSOsJzXBEETKWgkahoo4K
-+OU1UaBTHEJ588xOpoMzbJkKlb5hPseEQsvu055Ky0euMgmlrALPQQ9e1DUSlowui
-+Cq9wCak4dqq9NNs6FMIeGhqczGECgYEA0YxcajJFxPHJsdFCVa4tdy9jgfC64t4Y
-+CWDzRfUnuX24ILbW9+olvvoZkMSzoVpiQ9YU8kPJUaOyFrw6jUV5GRHUCMgfkx2Y
-+nqe+7aSFmv0Nlo0RMV2PqaOZzlxnG9FzyNE+4PygZqtFhN21b5Idc69k2Ltu7K4J
-+J4MG1kMUGqcCgYEA0ttUPEisPtoHgZhntUFczHx4gnmMzH5X/k5876dIqkrFGZXR
-+5urGthHtIwpBYZMeZtxjHmpfeRNJ1xjjdnvYdVScMdAvc+ERcSDbsmd9jlR8zNuI
-+jAWl576nPoX//TXspu0JZiE5p8HUcRuJkxzMbjwyhje1Ubs6JDU81rFgn2ECgYAG
-+3WVNqVX1zMIBzEwzCGC+7dOBt0Q4GHSLIhz2JsDlZ8P3dmX2ezo/Vmwt/POxjod3
-+l3TaNvRKc2VrL0FvzV3ZP2dF3mCCbk7Iq9AqcuBZon6mdvqgNmN1eEGarBZIqAT2
-+CDzaHAyZMHU3lBfUjuHeH1nba9CHenAcVkOME2h+MwKBgQDiHAnTK4ovCNmT5E9i
-+03x/wPSH8FZ3Wrb1GMtNlTc7lOtB5eYIvwkaloJkNKHbUDv57V66hnYT6CyH4u45
-+dPtuohtafL9mdScYqmicGLtbLLglSQpJYt4J59hffNZ30E84dKXtyDN7E5P5Z00Z
-+8PbOMUy3oK6j+GMP/xRNI76RtA==
-+-----END PRIVATE KEY-----
-diff --git a/test/certs/goodcn1-cert.pem b/test/certs/goodcn1-cert.pem
-new file mode 100644
-index 0000000000..d9205e03b0
---- /dev/null
-+++ b/test/certs/goodcn1-cert.pem
-@@ -0,0 +1,22 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDkTCCAnmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-+IE5DIENBIDEwIBcNMTgwNTE2MDI0MDA0WhgPMjExODA1MTcwMjQwMDRaMIGeMSMw
-+IQYDVQQKDBpHb29kIE5DIFRlc3QgQ2VydGlmaWNhdGUgMTEVMBMGA1UEAwwMd3d3
-+Lmdvb2Qub3JnMRUwEwYDVQQDDAxhbnkuZ29vZC5jb20xETAPBgNVBAMMCG5vdC4u
-+ZG5zMRAwDgYDVQQDDAdub3RAZG5zMREwDwYDVQQDDAhub3QtLmRuczERMA8GA1UE
-+AwwIbm90LmRucy4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDigxI
-+nlYVjHtrFI+Iv/3b0jeZbs1jVnPF6ZREk46BTNAVNZsq24jKFG6yK4n9vKA/JuS7
-+jZe+gMX+sWh/S1IlsNDY8/Io1UsG/s1tmsvE2UrURUX4s8HnqB6AZ4Y9Cp4rSADe
-+mD/YdekRf3HFA0IKQvIFRkpegj8uuWwILC0n/ozMNUlNmxCBlOmtFwjFxmNr9Txa
-+ZeFvWvvc6oTubAETK4HcjLdimx1tePdd4+0mxJ/akQ3wVzUAI2ysijMmMJDzTxLs
-+FPkw4yUtJHK0/H2yJtpoJ4wQjsWd6a8F7wY/pHszAud1M8QZJKQDzkJOMnqLKNLT
-+OKw6dm1UG2J7iuqtAgMBAAGjXjBcMB0GA1UdDgQWBBSTKvqap2ab0z/UPrdDgc0V
-+m88R3TAfBgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa3fVQQzAJBgNVHRMEAjAA
-+MA8GA1UdEQQIMAaHBMCoAAEwDQYJKoZIhvcNAQELBQADggEBADcdm62qaOHbIDoa
-+5oUjXGHSQjV1g4BFe6DLH5/CZ0wOws3QzfQbPIxJrp3yJgDcQyZNOE/xQlq/nASS
-+thU6cUTB07voFVnbotB8YQuNU1wM9TAJOHC9LT1Y0J2GIP6QeXts6Cz6aBlqaQEZ
-+IrGRLuKVZePTO0Haup0mZ91XoXs3CBzkSerl0XpFL7BeugSigrhprFRPB4UC3IWb
-+pdNar61Wk4bN/COb6utRkK3iYk5YUTqYFib9EG4VBdxYfXv/tiBIGqQLnqPbId6w
-+q+McpSEPF1DIcCyL0vEDdIVN0SzxMfnfHMx0Qp0sh2aydIZk4xfEqXHZgZthSrse
-+u7nhn7s=
-+-----END CERTIFICATE-----
-diff --git a/test/certs/goodcn1-key.pem b/test/certs/goodcn1-key.pem
-new file mode 100644
-index 0000000000..2ad660c6db
---- /dev/null
-+++ b/test/certs/goodcn1-key.pem
-@@ -0,0 +1,28 @@
-+-----BEGIN PRIVATE KEY-----
-+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDigxInlYVjHtr
-+FI+Iv/3b0jeZbs1jVnPF6ZREk46BTNAVNZsq24jKFG6yK4n9vKA/JuS7jZe+gMX+
-+sWh/S1IlsNDY8/Io1UsG/s1tmsvE2UrURUX4s8HnqB6AZ4Y9Cp4rSADemD/YdekR
-+f3HFA0IKQvIFRkpegj8uuWwILC0n/ozMNUlNmxCBlOmtFwjFxmNr9TxaZeFvWvvc
-+6oTubAETK4HcjLdimx1tePdd4+0mxJ/akQ3wVzUAI2ysijMmMJDzTxLsFPkw4yUt
-+JHK0/H2yJtpoJ4wQjsWd6a8F7wY/pHszAud1M8QZJKQDzkJOMnqLKNLTOKw6dm1U
-+G2J7iuqtAgMBAAECggEAeQ1xZVOAf36kuTnVUhdplTii6v3JcQIIUjG0dG/U/P8M
-+otS45uNZ36CelvaVStwHaJEvcVzK4EjgSjiSNJvwkxzPbkA3XkgNVptPmdcG5yqO
-+RLNOChVeqYdOurdcR1XXbXv57dPbUqpMS2TWjdzieW/QXKuTRsbjTo3D75tJqUO6
-+1Bm4sSM3PogmsQwTP8HlZAmJXuSD+ZSB22Np5pT1dn5TvQU6xeA3NJR4ZO/HEZz4
-+CHJEiOx2BuGD6M0V1ZL6DzEsyIS/KKsvj4I2F4ROAK1j3lSD5VqrYPXn3oEsQdlm
-+OW8aVnHPYO6FI0LVLgcIEKxhdwGV3i6v/GRUe0Y9kQKBgQD0Zqn1trAuP5Peiy1K
-+Wc91yRjQxQTwSD00hzXMtvKzkEIiLEuVZq9qrqQ2TRRa5xneDGHDuUY9eZY8JwEr
-+l7f8CcfYC93PXLyRM2Gaz0jMxZxVPz5w7zssK3DZ+7JvH3nKkCUl7+Y0tH26qTO0
-+wTD9w9jd9bf85SLVgk3zSbUDwwKBgQDM0b2ffZpxyA16h7w8ZBuk1Z+iumrxnn5/
-+lKtffR2b4dZN37KiWw2c265vYhRfe/ANnVuagXb9aRM97yeQloRlWR10AaXJz3EB
-+sromqFShkorYRhwZoRiJC0laLG3W76wKMRr2T6TM1UG9gJ0szdGFG/yUDU+9pTRo
-+uq514rGgzwKBgQCGtsAgLF7YXzsGg/im7vInnn0LNk4OlAMInS7OdFk7GN0bMQdI
-+hp1SVIk3VS1PHetoNbL9y3YoFIj3BxjiCnLjfhClyYSt9BQMhSHbzz31gUc2xfGJ
-+FpSrOBawUMh97/+V4/ZV/vIJQyO6a+GQVJzIg9daIUMVJsgYoAaPf6VDOQKBgFyH
-+eHnf/XDfpq8vOOuzcgWieG7EduHW72DlohIObNzqRq2BnKraJakyWXh6P6fvTsBn
-+0WVYjY/n80hsjVw1k3RRsQuiXupv66aPvqcOLsWbdVxFOBaf/3yR+75gCfMq7Xbh
-+PkP+MP5UbVGWE+uUw821mgKsjNSpGKcjhwM8uXBjAoGAFEU3O8gQXfocVB8lxUeU
-+c0inLdAIgiw/36NPuW4NwKxzLOmHzlmvn7C98ihnbnGoQ0XBRfLw8siTbD3INgHY
-+NA0JeK8Qrt56b6wK14w9RzLQTu9gy1pULW21p1wswdNK4tlxfnnnozISZAYxeqAx
-+YMTtYZN77nb+yY4oE6XEugQ=
-+-----END PRIVATE KEY-----
-diff --git a/test/certs/setup.sh b/test/certs/setup.sh
-index 7e1086a224..018e5fc690 100755
---- a/test/certs/setup.sh
-+++ b/test/certs/setup.sh
-@@ -241,15 +241,30 @@ NC="$NC excluded;DNS:bad.ok.good.com"
- NC=$NC ./mkcert.sh genca "Test NC sub CA" ncca3-key ncca3-cert \
-         ncca1-key ncca1-cert
- 
--# all subjectAltNames allowed by CA1.
-+# all subjectAltNames allowed by CA1.  Some CNs are not!
- 
- ./mkcert.sh req alt1-key "O = Good NC Test Certificate 1" \
--    "1.CN=www.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \
-+    "1.CN=www.example.net" "2.CN=Joe Bloggs" | \
-     ./mkcert.sh geneealt alt1-key alt1-cert ncca1-key ncca1-cert \
-     "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
-     "email.1 = good@good.org" "email.2 = any@good.com" \
-     "IP = 127.0.0.1" "IP = 192.168.0.1"
- 
-+# all DNS-like CNs allowed by CA1, no DNS SANs.
-+
-+./mkcert.sh req goodcn1-key "O = Good NC Test Certificate 1" \
-+    "1.CN=www.good.org" "2.CN=any.good.com" \
-+    "3.CN=not..dns" "4.CN=not@dns" "5.CN=not-.dns" "6.CN=not.dns." | \
-+    ./mkcert.sh geneealt goodcn1-key goodcn1-cert ncca1-key ncca1-cert \
-+    "IP = 127.0.0.1" "IP = 192.168.0.1"
-+
-+# Some DNS-like CNs not permitted by CA1, no DNS SANs.
-+
-+./mkcert.sh req badcn1-key "O = Good NC Test Certificate 1" \
-+    "1.CN=www.good.org" "3.CN=bad.net" | \
-+    ./mkcert.sh geneealt badcn1-key badcn1-cert ncca1-key ncca1-cert \
-+    "IP = 127.0.0.1" "IP = 192.168.0.1"
-+
- # no subjectAltNames excluded by CA2.
- 
- ./mkcert.sh req alt2-key "O = Good NC Test Certificate 2" | \
-@@ -293,19 +308,17 @@ NC=$NC ./mkcert.sh genca "Test NC sub CA" ncca3-key ncca3-cert \
-     "email.1 = good@good.org" "email.2 = any@good.com" \
-     "IP = 127.0.0.2"
- 
--# all subject alt names OK but subject CN not allowed by CA1.
-+# No DNS-ID SANs and subject CN not allowed by CA1.
- ./mkcert.sh req badalt6-key "O = Bad NC Test Certificate 6" \
-     "1.CN=other.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \
-     ./mkcert.sh geneealt badalt6-key badalt6-cert ncca1-key ncca1-cert \
--    "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
-     "email.1 = good@good.org" "email.2 = any@good.com" \
-     "IP = 127.0.0.1" "IP = 192.168.0.1"
- 
--# all subject alt names OK but subject CN not allowed by CA1, BMPSTRING
-+# No DNS-ID SANS and subject CN not allowed by CA1, BMPSTRING
- REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \
-     "1.CN=other.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \
-     ./mkcert.sh geneealt badalt7-key badalt7-cert ncca1-key ncca1-cert \
--    "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
-     "email.1 = good@good.org" "email.2 = any@good.com" \
-     "IP = 127.0.0.1" "IP = 192.168.0.1"
- 
-diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
-index 11bd43090f..c23e114e06 100644
---- a/test/recipes/25-test_verify.t
-+++ b/test/recipes/25-test_verify.t
-@@ -30,7 +30,7 @@ sub verify {
-     run(app([@args]));
- }
- 
--plan tests => 127;
-+plan tests => 129;
- 
- # Canonical success
- ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
-@@ -326,6 +326,12 @@ ok(verify("alt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ),
- ok(verify("alt3-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
-    "Name Constraints nested test all permitted");
- 
-+ok(verify("goodcn1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
-+   "Name Constraints CNs permitted");
-+
-+ok(!verify("badcn1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
-+   "Name Constraints CNs not permitted");
-+
- ok(!verify("badalt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
-    "Name Constraints hostname not permitted");
- 
--- 
-2.17.0
-

0001-Resume-reading-from-randfile-when-interrupted-by-a-s.patch

@@ -1,49 +0,0 @@
-From c5ac41de1511f898301c298b2b28d05372cba817 Mon Sep 17 00:00:00 2001
-From: Vitezslav Cizek <vcizek@suse.com>
-Date: Thu, 8 Dec 2016 13:10:33 +0100
-Subject: [PATCH] Resume reading from randfile when interrupted by a signal.
-
-It was regularly observed with openssh:
-sshd: fatal: cannot read from /dev/urandom, Interrupted system call
----
- crypto/rand/randfile.c | 15 ++++++++++++++-
- 1 file changed, 14 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
-index c96383a..6e39e86 100644
---- a/crypto/rand/randfile.c
-+++ b/crypto/rand/randfile.c
-@@ -104,6 +104,12 @@ static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) =
- 
- #define RFILE ".rnd"
- 
-+#ifdef EINTR
-+# define INTERRUPTED(in) (ferror(in) && errno == EINTR)
-+#else
-+# define INTERRUPTED (0)
-+#endif
-+
- /*
-  * Note that these functions are intended for seed files only. Entropy
-  * devices and EGD sockets are handled in rand_unix.c
-@@ -162,9 +168,16 @@ int RAND_load_file(const char *file, long bytes)
-             n = (bytes < BUFSIZE) ? (int)bytes : BUFSIZE;
-         else
-             n = BUFSIZE;
-+
-         i = fread(buf, 1, n, in);
--        if (i <= 0)
-+        if (i <= 0) {
-+            if (INTERRUPTED(in)) {
-+                /* Interrupted by a signal, resume reading */
-+                clearerr(in);
-+                continue;
-+            }
-             break;
-+        }
- 
-         RAND_add(buf, i, (double)i);
-         ret += i;
--- 
-2.10.2
-

0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch

@@ -1,40 +0,0 @@
-From 7ee2a43069913fb7c444c656048996ea92cc465e Mon Sep 17 00:00:00 2001
-From: Richard Levitte <levitte@openssl.org>
-Date: Wed, 28 Mar 2018 14:46:27 +0200
-Subject: [PATCH] Revert "util/dofile.pl: only quote stuff that actually needs
- quoting"
-
-This wasn't a good solution, too many things depend on the quotes being
-there consistently.
-
-This reverts commit 49cd47eaababc8c57871b929080fc1357e2ad7b8.
-
-Fixes #5772
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/5773)
-
-(cherry picked from commit 00701e5ea84861b74d9d624f21a6b3fcb12e8acd)
----
- util/dofile.pl | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/util/dofile.pl b/util/dofile.pl
-index fc72989b0f..a932941cd5 100644
---- a/util/dofile.pl
-+++ b/util/dofile.pl
-@@ -99,9 +99,9 @@ package main;
- # This adds quotes (") around the given string, and escapes any $, @, \,
- # " and ' by prepending a \ to them.
- sub quotify1 {
--    my $s = my $orig = shift @_;
-+    my $s = shift @_;
-     $s =~ s/([\$\@\\"'])/\\$1/g;
--    $s ne $orig || $s =~ /\s/ ? '"'.$s.'"' : $s;
-+    '"'.$s.'"';
- }
- 
- # quotify_l LIST
--- 
-2.16.3
-

0001-Tolerate-a-Certificate-using-a-non-supported-group-o.patch

@@ -1,104 +0,0 @@
-From e9d26dc85238c071117d911704f5f769e79b46a1 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 13 Mar 2018 17:23:10 +0000
-Subject: [PATCH] Tolerate a Certificate using a non-supported group on server
- side
-
-If a server has been configured to use an ECDSA certificate, we should
-allow it regardless of whether the server's own supported groups list
-includes the certificate's group.
-
-Fixes #2033
-
-Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
-(Merged from https://github.com/openssl/openssl/pull/5607)
----
- ssl/t1_lib.c | 30 +++++++++++++++++++++---------
- 1 file changed, 21 insertions(+), 9 deletions(-)
-
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 7a5721a1e2..dc4e6526d6 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -490,13 +490,16 @@ static int tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id,
-     return 1;
- }
- 
-+# define DONT_CHECK_OWN_GROUPS  0
-+# define CHECK_OWN_GROUPS       1
- /* Check an EC key is compatible with extensions */
--static int tls1_check_ec_key(SSL *s,
--                             unsigned char *curve_id, unsigned char *comp_id)
-+static int tls1_check_ec_key(SSL *s, unsigned char *curve_id,
-+                             unsigned char *comp_id, int check_own_groups)
- {
-     const unsigned char *pformats, *pcurves;
-     size_t num_formats, num_curves, i;
-     int j;
-+
-     /*
-      * If point formats extension present check it, otherwise everything is
-      * supported (see RFC4492).
-@@ -513,8 +516,12 @@ static int tls1_check_ec_key(SSL *s,
-     }
-     if (!curve_id)
-         return 1;
-+
-+    if (!s->server && !check_own_groups)
-+        return 1;
-+
-     /* Check curve is consistent with client and server preferences */
--    for (j = 0; j <= 1; j++) {
-+    for (j = check_own_groups ? 0 : 1; j <= 1; j++) {
-         if (!tls1_get_curvelist(s, j, &pcurves, &num_curves))
-             return 0;
-         if (j == 1 && num_curves == 0) {
-@@ -579,9 +586,12 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
-         return 0;
-     /*
-      * Can't check curve_id for client certs as we don't have a supported
--     * curves extension.
-+     * curves extension. For server certs we will tolerate certificates that
-+     * aren't in our own list of curves. If we've been configured to use an EC
-+     * cert then we should use it - therefore we use DONT_CHECK_OWN_GROUPS here.
-      */
--    rv = tls1_check_ec_key(s, s->server ? curve_id : NULL, &comp_id);
-+    rv = tls1_check_ec_key(s, s->server ? curve_id : NULL, &comp_id,
-+                           DONT_CHECK_OWN_GROUPS);
-     if (!rv)
-         return 0;
-     /*
-@@ -644,7 +654,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
-             return 0;
-         curve_id[0] = 0;
-         /* Check this curve is acceptable */
--        if (!tls1_check_ec_key(s, curve_id, NULL))
-+        if (!tls1_check_ec_key(s, curve_id, NULL, CHECK_OWN_GROUPS))
-             return 0;
-         return 1;
-     }
-@@ -746,8 +756,9 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs)
- }
- 
- /*
-- * Check signature algorithm is consistent with sent supported signature
-- * algorithms and if so return relevant digest.
-+ * Check signature algorithm received from the peer with a signature is
-+ * consistent with the sent supported signature algorithms and if so return
-+ * relevant digest.
-  */
- int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
-                             const unsigned char *sig, EVP_PKEY *pkey)
-@@ -769,7 +780,8 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
-         /* Check compression and curve matches extensions */
-         if (!tls1_set_ec_id(curve_id, &comp_id, EVP_PKEY_get0_EC_KEY(pkey)))
-             return 0;
--        if (!s->server && !tls1_check_ec_key(s, curve_id, &comp_id)) {
-+        if (!s->server && !tls1_check_ec_key(s, curve_id, &comp_id,
-+                                             CHECK_OWN_GROUPS)) {
-             SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE);
-             return 0;
-         }
--- 
-2.16.2
-

0002-Skip-CN-DNS-name-constraint-checks-when-not-needed.patch

@@ -1,212 +0,0 @@
-From 6d3cfd13a904a03fc3522da935136dcdd12e9014 Mon Sep 17 00:00:00 2001
-From: Viktor Dukhovni <openssl-users@dukhovni.org>
-Date: Tue, 22 May 2018 14:46:02 -0400
-Subject: [PATCH 2/2] Skip CN DNS name constraint checks when not needed
-
-Only check the CN against DNS name contraints if the
-`X509_CHECK_FLAG_NEVER_CHECK_SUBJECT` flag is not set, and either the
-certificate has no DNS subject alternative names or the
-`X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT` flag is set.
-
-Add pertinent documentation, and touch up some stale text about
-name checks and DANE.
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-Reviewed-by: Tim Hudson <tjh@openssl.org>
----
- crypto/x509/x509_vfy.c                     | 28 ++++++++++++++++++-
- crypto/x509v3/v3_ncons.c                   | 31 +++++++---------------
- doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 21 ++++++++++++---
- doc/crypto/X509_check_host.pod             |  7 +++--
- doc/ssl/SSL_set1_host.pod                  |  2 +-
- 5 files changed, 61 insertions(+), 28 deletions(-)
-
-Index: openssl-1.1.0h/crypto/x509/x509_vfy.c
-===================================================================
---- openssl-1.1.0h.orig/crypto/x509/x509_vfy.c	2018-03-27 15:50:39.000000000 +0200
-+++ openssl-1.1.0h/crypto/x509/x509_vfy.c	2018-05-29 10:52:23.753159887 +0200
-@@ -557,6 +557,27 @@ static int check_chain_extensions(X509_S
-     return 1;
- }
- 
-+static int has_san_id(X509 *x, int gtype)
-+{
-+    int i;
-+    int ret = 0;
-+    GENERAL_NAMES *gs = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
-+
-+    if (gs == NULL)
-+        return 0;
-+
-+    for (i = 0; i < sk_GENERAL_NAME_num(gs); i++) {
-+        GENERAL_NAME *g = sk_GENERAL_NAME_value(gs, i);
-+
-+        if (g->type == gtype) {
-+            ret = 1;
-+            break;
-+        }
-+    }
-+    GENERAL_NAMES_free(gs);
-+    return ret;
-+}
-+
- static int check_name_constraints(X509_STORE_CTX *ctx)
- {
-     int i;
-@@ -655,7 +676,12 @@ static int check_name_constraints(X509_S
-                 int rv = NAME_CONSTRAINTS_check(x, nc);
- 
-                 /* If EE certificate check commonName too */
--                if (rv == X509_V_OK && i == 0)
-+                if (rv == X509_V_OK && i == 0
-+                    && (ctx->param->hostflags
-+                        & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT) == 0
-+                    && ((ctx->param->hostflags
-+                         & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT) != 0
-+                        || !has_san_id(x, GEN_DNS)))
-                     rv = NAME_CONSTRAINTS_check_CN(x, nc);
- 
-                 switch (rv) {
-Index: openssl-1.1.0h/crypto/x509v3/v3_ncons.c
-===================================================================
---- openssl-1.1.0h.orig/crypto/x509v3/v3_ncons.c	2018-05-29 10:52:23.733159579 +0200
-+++ openssl-1.1.0h/crypto/x509v3/v3_ncons.c	2018-05-29 10:52:23.753159887 +0200
-@@ -299,9 +299,9 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME
- 
- static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen)
- {
--    int utf8_length;    /* Return type of ASN1_STRING_to_UTF8 */
--    int i;
-+    int utf8_length;
-     unsigned char *utf8_value;
-+    int i;
-     int isdnsname = 0;
- 
-     /* Don't leave outputs uninitialized */
-@@ -337,8 +337,10 @@ static int cn2dnsid(ASN1_STRING *cn, uns
-         --utf8_length;
- 
-     /* Reject *embedded* NULs */
--    if ((size_t)utf8_length != strlen((char *)utf8_value))
--        return X509_V_ERR_UNSPECIFIED;
-+    if ((size_t)utf8_length != strlen((char *)utf8_value)) {
-+        OPENSSL_free(utf8_value);
-+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
-+    }
- 
-     /*
-      * XXX: Deviation from strict DNS name syntax, also check names with '_'
-@@ -388,11 +390,13 @@ static int cn2dnsid(ASN1_STRING *cn, uns
-     return X509_V_OK;
- }
- 
-+/*
-+ * Check CN against DNS-ID name constraints.
-+ */
- int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc)
- {
-     int r, i;
--    GENERAL_NAMES *gens = NULL;
--    X509_NAME *nm;
-+    X509_NAME *nm = X509_get_subject_name(x);
-     ASN1_STRING stmp;
-     GENERAL_NAME gntmp;
- 
-@@ -401,21 +405,6 @@ int NAME_CONSTRAINTS_check_CN(X509 *x, N
-     gntmp.type = GEN_DNS;
-     gntmp.d.dNSName = &stmp;
- 
--    gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
--    if (gens != NULL) {
--        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
--            GENERAL_NAME *gen = sk_GENERAL_NAME_value(gens, i);
--
--            if (gen->type == GEN_DNS) {
--                GENERAL_NAMES_free(gens);
--                return X509_V_OK;
--            }
--        }
--        GENERAL_NAMES_free(gens);
--    }
--
--    nm = X509_get_subject_name(x);
--
-     /* Process any commonName attributes in subject name */
- 
-     for (i = -1;;) {
-Index: openssl-1.1.0h/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
-===================================================================
---- openssl-1.1.0h.orig/doc/crypto/X509_VERIFY_PARAM_set_flags.pod	2018-03-27 15:50:40.000000000 +0200
-+++ openssl-1.1.0h/doc/crypto/X509_VERIFY_PARAM_set_flags.pod	2018-05-29 10:52:23.753159887 +0200
-@@ -130,14 +130,29 @@ B<name> clearing any previously specifie
- B<name> is NULL, or empty the list of hostnames is cleared, and
- name checks are not performed on the peer certificate.  If B<name>
- is NUL-terminated, B<namelen> may be zero, otherwise B<namelen>
--must be set to the length of B<name>.  When a hostname is specified,
-+must be set to the length of B<name>.
-+
-+When a hostname is specified,
- certificate verification automatically invokes L<X509_check_host(3)>
- with flags equal to the B<flags> argument given to
- X509_VERIFY_PARAM_set_hostflags() (default zero).  Applications
- are strongly advised to use this interface in preference to explicitly
--calling L<X509_check_host(3)>, hostname checks are out of scope
-+calling L<X509_check_host(3)>, hostname checks may be out of scope
- with the DANE-EE(3) certificate usage, and the internal check will
--be suppressed as appropriate when DANE support is added to OpenSSL.
-+be suppressed as appropriate when DANE verification is enabled.
-+
-+When the subject CommonName will not be ignored, whether as a result of the
-+B<X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT> host flag, or because no DNS subject
-+alternative names are present in the certificate, any DNS name constraints in
-+issuer certificates apply to the subject CommonName as well as the subject
-+alternative name extension.
-+
-+When the subject CommonName will be ignored, whether as a result of the
-+B<X509_CHECK_FLAG_NEVER_CHECK_SUBJECT> host flag, or because some DNS subject
-+alternative names are present in the certificate, DNS name constraints in
-+issuer certificates will not be applied to the subject DN.
-+As described in X509_check_host(3) the B<X509_CHECK_FLAG_NEVER_CHECK_SUBJECT>
-+flag takes precendence over the B<X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT> flag.
- 
- X509_VERIFY_PARAM_add1_host() adds B<name> as an additional reference
- identifier that can match the peer's certificate.  Any previous names
-Index: openssl-1.1.0h/doc/crypto/X509_check_host.pod
-===================================================================
---- openssl-1.1.0h.orig/doc/crypto/X509_check_host.pod	2018-03-27 15:50:40.000000000 +0200
-+++ openssl-1.1.0h/doc/crypto/X509_check_host.pod	2018-05-29 10:52:23.753159887 +0200
-@@ -93,6 +93,9 @@ consider the subject DN even if the cert
- names of the right type (DNS name or email address as appropriate); the default
- is to use the subject DN when no corresponding subject alternative names are
- present.
-+If both B<X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT> and
-+B<X509_CHECK_FLAG_NEVER_CHECK_SUBJECT> are specified, the latter takes
-+precedence and the subject DN is not checked for matching names.
- 
- If set, B<X509_CHECK_FLAG_NO_WILDCARDS> disables wildcard
- expansion; this only applies to B<X509_check_host>.
-@@ -128,9 +131,9 @@ NULs.
- 
- Applications are encouraged to use X509_VERIFY_PARAM_set1_host()
- rather than explicitly calling L<X509_check_host(3)>. Host name
--checks are out of scope with the DANE-EE(3) certificate usage,
-+checks may be out of scope with the DANE-EE(3) certificate usage,
- and the internal checks will be suppressed as appropriate when
--DANE support is added to OpenSSL.
-+DANE support is enabled.
- 
- =head1 SEE ALSO
- 
-Index: openssl-1.1.0h/doc/ssl/SSL_set1_host.pod
-===================================================================
---- openssl-1.1.0h.orig/doc/ssl/SSL_set1_host.pod	2018-03-27 15:50:40.000000000 +0200
-+++ openssl-1.1.0h/doc/ssl/SSL_set1_host.pod	2018-05-29 10:52:23.753159887 +0200
-@@ -56,7 +56,7 @@ is cleared or freed, or a renegotiation
- must not free the return value.
- 
- SSL clients are advised to use these functions in preference to
--explicitly calling L<X509_check_host(3)>.  Hostname checks are out
-+explicitly calling L<X509_check_host(3)>.  Hostname checks may be out
- of scope with the RFC7671 DANE-EE(3) certificate usage, and the
- internal check will be suppressed as appropriate when DANE is
- enabled.

0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch

@@ -0,0 +1,886 @@
+From f760137b2144740916afd9ff381451fa16c710de Mon Sep 17 00:00:00 2001
+From: Patrick Steuer <patrick.steuer@de.ibm.com>
+Date: Sat, 4 Aug 2018 00:10:06 +0200
+Subject: [PATCH] crypto/chacha/asm/chacha-s390x.pl: add vx code path.
+
+Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
+
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/6919)
+---
+ crypto/chacha/asm/chacha-s390x.pl | 816 ++++++++++++++++++++----------
+ crypto/chacha/build.info          |   1 +
+ 2 files changed, 558 insertions(+), 259 deletions(-)
+
+Index: openssl-1.1.1a/crypto/chacha/asm/chacha-s390x.pl
+===================================================================
+--- openssl-1.1.1a.orig/crypto/chacha/asm/chacha-s390x.pl	2018-11-20 14:35:37.000000000 +0100
++++ openssl-1.1.1a/crypto/chacha/asm/chacha-s390x.pl	2019-01-10 16:19:39.942838273 +0100
+@@ -1,5 +1,5 @@
+ #! /usr/bin/env perl
+-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ #
+ # Licensed under the OpenSSL license (the "License").  You may not use
+ # this file except in compliance with the License.  You can obtain a copy
+@@ -20,41 +20,46 @@
+ #
+ # 3 times faster than compiler-generated code.
+ 
+-$flavour = shift;
++#
++# August 2018
++#
++# Add vx code path.
++#
++# Copyright IBM Corp. 2018
++# Author: Patrick Steuer <patrick.steuer@de.ibm.com>
++
++use strict;
++use FindBin qw($Bin);
++use lib "$Bin/../..";
++use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE);
++
++my $flavour = shift;
+ 
++my ($z,$SIZE_T);
+ if ($flavour =~ /3[12]/) {
++	$z=0;	# S/390 ABI
+ 	$SIZE_T=4;
+-	$g="";
+ } else {
++	$z=1;	# zSeries ABI
+ 	$SIZE_T=8;
+-	$g="g";
+ }
+ 
++my $output;
+ while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+-open STDOUT,">$output";
+-
+-sub AUTOLOAD()		# thunk [simplified] x86-style perlasm
+-{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
+-    $code .= "\t$opcode\t".join(',',@_)."\n";
+-}
+ 
+ my $sp="%r15";
+-
+ my $stdframe=16*$SIZE_T+4*8;
+-my $frame=$stdframe+4*20;
+-
+-my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6));
+ 
+ my @x=map("%r$_",(0..7,"x","x","x","x",(10..13)));
+ my @t=map("%r$_",(8,9));
++my @v=map("%v$_",(16..31));
+ 
+ sub ROUND {
+ my ($a0,$b0,$c0,$d0)=@_;
+ my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+ my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+ my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+-my ($xc,$xc_)=map("\"$_\"",@t);
+-my @x=map("\"$_\"",@x);
++my ($xc,$xc_)=map("$_",@t);
+ 
+ 	# Consider order in which variables are addressed by their
+ 	# index:
+@@ -78,249 +83,542 @@ my @x=map("\"$_\"",@x);
+ 	# 'c' stores and loads in the middle, but none in the beginning
+ 	# or end.
+ 
+-	(
+-	"&alr	(@x[$a0],@x[$b0])",	# Q1
+-	 "&alr	(@x[$a1],@x[$b1])",	# Q2
+-	"&xr	(@x[$d0],@x[$a0])",
+-	 "&xr	(@x[$d1],@x[$a1])",
+-	"&rll	(@x[$d0],@x[$d0],16)",
+-	 "&rll	(@x[$d1],@x[$d1],16)",
+-
+-	"&alr	($xc,@x[$d0])",
+-	 "&alr	($xc_,@x[$d1])",
+-	"&xr	(@x[$b0],$xc)",
+-	 "&xr	(@x[$b1],$xc_)",
+-	"&rll	(@x[$b0],@x[$b0],12)",
+-	 "&rll	(@x[$b1],@x[$b1],12)",
+-
+-	"&alr	(@x[$a0],@x[$b0])",
+-	 "&alr	(@x[$a1],@x[$b1])",
+-	"&xr	(@x[$d0],@x[$a0])",
+-	 "&xr	(@x[$d1],@x[$a1])",
+-	"&rll	(@x[$d0],@x[$d0],8)",
+-	 "&rll	(@x[$d1],@x[$d1],8)",
+-
+-	"&alr	($xc,@x[$d0])",
+-	 "&alr	($xc_,@x[$d1])",
+-	"&xr	(@x[$b0],$xc)",
+-	 "&xr	(@x[$b1],$xc_)",
+-	"&rll	(@x[$b0],@x[$b0],7)",
+-	 "&rll	(@x[$b1],@x[$b1],7)",
+-
+-	"&stm	($xc,$xc_,'$stdframe+4*8+4*$c0($sp)')",	# reload pair of 'c's
+-	"&lm	($xc,$xc_,'$stdframe+4*8+4*$c2($sp)')",
+-
+-	"&alr	(@x[$a2],@x[$b2])",	# Q3
+-	 "&alr	(@x[$a3],@x[$b3])",	# Q4
+-	"&xr	(@x[$d2],@x[$a2])",
+-	 "&xr	(@x[$d3],@x[$a3])",
+-	"&rll	(@x[$d2],@x[$d2],16)",
+-	 "&rll	(@x[$d3],@x[$d3],16)",
+-
+-	"&alr	($xc,@x[$d2])",
+-	 "&alr	($xc_,@x[$d3])",
+-	"&xr	(@x[$b2],$xc)",
+-	 "&xr	(@x[$b3],$xc_)",
+-	"&rll	(@x[$b2],@x[$b2],12)",
+-	 "&rll	(@x[$b3],@x[$b3],12)",
+-
+-	"&alr	(@x[$a2],@x[$b2])",
+-	 "&alr	(@x[$a3],@x[$b3])",
+-	"&xr	(@x[$d2],@x[$a2])",
+-	 "&xr	(@x[$d3],@x[$a3])",
+-	"&rll	(@x[$d2],@x[$d2],8)",
+-	 "&rll	(@x[$d3],@x[$d3],8)",
+-
+-	"&alr	($xc,@x[$d2])",
+-	 "&alr	($xc_,@x[$d3])",
+-	"&xr	(@x[$b2],$xc)",
+-	 "&xr	(@x[$b3],$xc_)",
+-	"&rll	(@x[$b2],@x[$b2],7)",
+-	 "&rll	(@x[$b3],@x[$b3],7)"
+-	);
+-}
+-
+-$code.=<<___;
+-.text
+-
+-.globl	ChaCha20_ctr32
+-.type	ChaCha20_ctr32,\@function
+-.align	32
+-ChaCha20_ctr32:
+-	lt${g}r	$len,$len			# $len==0?
+-	bzr	%r14
+-	a${g}hi	$len,-64
+-	l${g}hi	%r1,-$frame
+-	stm${g}	%r6,%r15,`6*$SIZE_T`($sp)
+-	sl${g}r	$out,$inp			# difference
+-	la	$len,0($inp,$len)		# end of input minus 64
+-	larl	%r7,.Lsigma
+-	lgr	%r0,$sp
+-	la	$sp,0(%r1,$sp)
+-	st${g}	%r0,0($sp)
+-
+-	lmg	%r8,%r11,0($key)		# load key
+-	lmg	%r12,%r13,0($counter)		# load counter
+-	lmg	%r6,%r7,0(%r7)			# load sigma constant
+-
+-	la	%r14,0($inp)
+-	st${g}	$out,$frame+3*$SIZE_T($sp)
+-	st${g}	$len,$frame+4*$SIZE_T($sp)
+-	stmg	%r6,%r13,$stdframe($sp)		# copy key schedule to stack
+-	srlg	@x[12],%r12,32			# 32-bit counter value
+-	j	.Loop_outer
+-
+-.align	16
+-.Loop_outer:
+-	lm	@x[0],@x[7],$stdframe+4*0($sp)		# load x[0]-x[7]
+-	lm	@t[0],@t[1],$stdframe+4*10($sp)		# load x[10]-x[11]
+-	lm	@x[13],@x[15],$stdframe+4*13($sp)	# load x[13]-x[15]
+-	stm	@t[0],@t[1],$stdframe+4*8+4*10($sp)	# offload x[10]-x[11]
+-	lm	@t[0],@t[1],$stdframe+4*8($sp)		# load x[8]-x[9]
+-	st	@x[12],$stdframe+4*12($sp)		# save counter
+-	st${g}	%r14,$frame+2*$SIZE_T($sp)		# save input pointer
+-	lhi	%r14,10
+-	j	.Loop
+-
+-.align	4
+-.Loop:
+-___
+-	foreach (&ROUND(0, 4, 8,12)) { eval; }
+-	foreach (&ROUND(0, 5,10,15)) { eval; }
+-$code.=<<___;
+-	brct	%r14,.Loop
+-
+-	l${g}	%r14,$frame+2*$SIZE_T($sp)		# pull input pointer
+-	stm	@t[0],@t[1],$stdframe+4*8+4*8($sp)	# offload x[8]-x[9]
+-	lm${g}	@t[0],@t[1],$frame+3*$SIZE_T($sp)
+-
+-	al	@x[0],$stdframe+4*0($sp)	# accumulate key schedule
+-	al	@x[1],$stdframe+4*1($sp)
+-	al	@x[2],$stdframe+4*2($sp)
+-	al	@x[3],$stdframe+4*3($sp)
+-	al	@x[4],$stdframe+4*4($sp)
+-	al	@x[5],$stdframe+4*5($sp)
+-	al	@x[6],$stdframe+4*6($sp)
+-	al	@x[7],$stdframe+4*7($sp)
+-	lrvr	@x[0],@x[0]
+-	lrvr	@x[1],@x[1]
+-	lrvr	@x[2],@x[2]
+-	lrvr	@x[3],@x[3]
+-	lrvr	@x[4],@x[4]
+-	lrvr	@x[5],@x[5]
+-	lrvr	@x[6],@x[6]
+-	lrvr	@x[7],@x[7]
+-	al	@x[12],$stdframe+4*12($sp)
+-	al	@x[13],$stdframe+4*13($sp)
+-	al	@x[14],$stdframe+4*14($sp)
+-	al	@x[15],$stdframe+4*15($sp)
+-	lrvr	@x[12],@x[12]
+-	lrvr	@x[13],@x[13]
+-	lrvr	@x[14],@x[14]
+-	lrvr	@x[15],@x[15]
+-
+-	la	@t[0],0(@t[0],%r14)		# reconstruct output pointer
+-	cl${g}r	%r14,@t[1]
+-	jh	.Ltail
+-
+-	x	@x[0],4*0(%r14)			# xor with input
+-	x	@x[1],4*1(%r14)
+-	st	@x[0],4*0(@t[0])		# store output
+-	x	@x[2],4*2(%r14)
+-	st	@x[1],4*1(@t[0])
+-	x	@x[3],4*3(%r14)
+-	st	@x[2],4*2(@t[0])
+-	x	@x[4],4*4(%r14)
+-	st	@x[3],4*3(@t[0])
+-	 lm	@x[0],@x[3],$stdframe+4*8+4*8($sp)	# load x[8]-x[11]
+-	x	@x[5],4*5(%r14)
+-	st	@x[4],4*4(@t[0])
+-	x	@x[6],4*6(%r14)
+-	 al	@x[0],$stdframe+4*8($sp)
+-	st	@x[5],4*5(@t[0])
+-	x	@x[7],4*7(%r14)
+-	 al	@x[1],$stdframe+4*9($sp)
+-	st	@x[6],4*6(@t[0])
+-	x	@x[12],4*12(%r14)
+-	 al	@x[2],$stdframe+4*10($sp)
+-	st	@x[7],4*7(@t[0])
+-	x	@x[13],4*13(%r14)
+-	 al	@x[3],$stdframe+4*11($sp)
+-	st	@x[12],4*12(@t[0])
+-	x	@x[14],4*14(%r14)
+-	st	@x[13],4*13(@t[0])
+-	x	@x[15],4*15(%r14)
+-	st	@x[14],4*14(@t[0])
+-	 lrvr	@x[0],@x[0]
+-	st	@x[15],4*15(@t[0])
+-	 lrvr	@x[1],@x[1]
+-	 lrvr	@x[2],@x[2]
+-	 lrvr	@x[3],@x[3]
+-	lhi	@x[12],1
+-	 x	@x[0],4*8(%r14)
+-	al	@x[12],$stdframe+4*12($sp)	# increment counter
+-	 x	@x[1],4*9(%r14)
+-	 st	@x[0],4*8(@t[0])
+-	 x	@x[2],4*10(%r14)
+-	 st	@x[1],4*9(@t[0])
+-	 x	@x[3],4*11(%r14)
+-	 st	@x[2],4*10(@t[0])
+-	 st	@x[3],4*11(@t[0])
+-
+-	cl${g}r	%r14,@t[1]			# done yet?
+-	la	%r14,64(%r14)
+-	jl	.Loop_outer
+-
+-.Ldone:
+-	xgr	%r0,%r0
+-	xgr	%r1,%r1
+-	xgr	%r2,%r2
+-	xgr	%r3,%r3
+-	stmg	%r0,%r3,$stdframe+4*4($sp)	# wipe key copy
+-	stmg	%r0,%r3,$stdframe+4*12($sp)
+-
+-	lm${g}	%r6,%r15,`$frame+6*$SIZE_T`($sp)
+-	br	%r14
+-
+-.align	16
+-.Ltail:
+-	la	@t[1],64($t[1])
+-	stm	@x[0],@x[7],$stdframe+4*0($sp)
+-	sl${g}r	@t[1],%r14
+-	lm	@x[0],@x[3],$stdframe+4*8+4*8($sp)
+-	l${g}hi	@x[6],0
+-	stm	@x[12],@x[15],$stdframe+4*12($sp)
+-	al	@x[0],$stdframe+4*8($sp)
+-	al	@x[1],$stdframe+4*9($sp)
+-	al	@x[2],$stdframe+4*10($sp)
+-	al	@x[3],$stdframe+4*11($sp)
+-	lrvr	@x[0],@x[0]
+-	lrvr	@x[1],@x[1]
+-	lrvr	@x[2],@x[2]
+-	lrvr	@x[3],@x[3]
+-	stm	@x[0],@x[3],$stdframe+4*8($sp)
+-
+-.Loop_tail:
+-	llgc	@x[4],0(@x[6],%r14)
+-	llgc	@x[5],$stdframe(@x[6],$sp)
+-	xr	@x[5],@x[4]
+-	stc	@x[5],0(@x[6],@t[0])
+-	la	@x[6],1(@x[6])
+-	brct	@t[1],.Loop_tail
+-
+-	j	.Ldone
+-.size	ChaCha20_ctr32,.-ChaCha20_ctr32
+-
+-.align	32
+-.Lsigma:
+-.long	0x61707865,0x3320646e,0x79622d32,0x6b206574	# endian-neutral
+-.asciz	"ChaCha20 for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+-.align	4
+-___
++	alr	(@x[$a0],@x[$b0]);	# Q1
++	 alr	(@x[$a1],@x[$b1]);	# Q2
++	xr	(@x[$d0],@x[$a0]);
++	 xr	(@x[$d1],@x[$a1]);
++	rll	(@x[$d0],@x[$d0],16);
++	 rll	(@x[$d1],@x[$d1],16);
++
++	alr	($xc,@x[$d0]);
++	 alr	($xc_,@x[$d1]);
++	xr	(@x[$b0],$xc);
++	 xr	(@x[$b1],$xc_);
++	rll	(@x[$b0],@x[$b0],12);
++	 rll	(@x[$b1],@x[$b1],12);
++
++	alr	(@x[$a0],@x[$b0]);
++	 alr	(@x[$a1],@x[$b1]);
++	xr	(@x[$d0],@x[$a0]);
++	 xr	(@x[$d1],@x[$a1]);
++	rll	(@x[$d0],@x[$d0],8);
++	 rll	(@x[$d1],@x[$d1],8);
++
++	alr	($xc,@x[$d0]);
++	 alr	($xc_,@x[$d1]);
++	xr	(@x[$b0],$xc);
++	 xr	(@x[$b1],$xc_);
++	rll	(@x[$b0],@x[$b0],7);
++	 rll	(@x[$b1],@x[$b1],7);
++
++	stm	($xc,$xc_,"$stdframe+4*8+4*$c0($sp)");	# reload pair of 'c's
++	lm	($xc,$xc_,"$stdframe+4*8+4*$c2($sp)");
++
++	alr	(@x[$a2],@x[$b2]);	# Q3
++	 alr	(@x[$a3],@x[$b3]);	# Q4
++	xr	(@x[$d2],@x[$a2]);
++	 xr	(@x[$d3],@x[$a3]);
++	rll	(@x[$d2],@x[$d2],16);
++	 rll	(@x[$d3],@x[$d3],16);
++
++	alr	($xc,@x[$d2]);
++	 alr	($xc_,@x[$d3]);
++	xr	(@x[$b2],$xc);
++	 xr	(@x[$b3],$xc_);
++	rll	(@x[$b2],@x[$b2],12);
++	 rll	(@x[$b3],@x[$b3],12);
++
++	alr	(@x[$a2],@x[$b2]);
++	 alr	(@x[$a3],@x[$b3]);
++	xr	(@x[$d2],@x[$a2]);
++	 xr	(@x[$d3],@x[$a3]);
++	rll	(@x[$d2],@x[$d2],8);
++	 rll	(@x[$d3],@x[$d3],8);
++
++	alr	($xc,@x[$d2]);
++	 alr	($xc_,@x[$d3]);
++	xr	(@x[$b2],$xc);
++	 xr	(@x[$b3],$xc_);
++	rll	(@x[$b2],@x[$b2],7);
++	 rll	(@x[$b3],@x[$b3],7);
++}
++
++sub VX_ROUND {
++my ($a0,$b0,$c0,$d0)=@_;
++my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
++my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
++my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
++
++	vaf	(@v[$a0],@v[$a0],@v[$b0]);
++	vaf	(@v[$a1],@v[$a1],@v[$b1]);
++	vaf	(@v[$a2],@v[$a2],@v[$b2]);
++	vaf	(@v[$a3],@v[$a3],@v[$b3]);
++	vx	(@v[$d0],@v[$d0],@v[$a0]);
++	vx	(@v[$d1],@v[$d1],@v[$a1]);
++	vx	(@v[$d2],@v[$d2],@v[$a2]);
++	vx	(@v[$d3],@v[$d3],@v[$a3]);
++	verllf	(@v[$d0],@v[$d0],16);
++	verllf	(@v[$d1],@v[$d1],16);
++	verllf	(@v[$d2],@v[$d2],16);
++	verllf	(@v[$d3],@v[$d3],16);
++
++	vaf	(@v[$c0],@v[$c0],@v[$d0]);
++	vaf	(@v[$c1],@v[$c1],@v[$d1]);
++	vaf	(@v[$c2],@v[$c2],@v[$d2]);
++	vaf	(@v[$c3],@v[$c3],@v[$d3]);
++	vx	(@v[$b0],@v[$b0],@v[$c0]);
++	vx	(@v[$b1],@v[$b1],@v[$c1]);
++	vx	(@v[$b2],@v[$b2],@v[$c2]);
++	vx	(@v[$b3],@v[$b3],@v[$c3]);
++	verllf	(@v[$b0],@v[$b0],12);
++	verllf	(@v[$b1],@v[$b1],12);
++	verllf	(@v[$b2],@v[$b2],12);
++	verllf	(@v[$b3],@v[$b3],12);
++
++	vaf	(@v[$a0],@v[$a0],@v[$b0]);
++	vaf	(@v[$a1],@v[$a1],@v[$b1]);
++	vaf	(@v[$a2],@v[$a2],@v[$b2]);
++	vaf	(@v[$a3],@v[$a3],@v[$b3]);
++	vx	(@v[$d0],@v[$d0],@v[$a0]);
++	vx	(@v[$d1],@v[$d1],@v[$a1]);
++	vx	(@v[$d2],@v[$d2],@v[$a2]);
++	vx	(@v[$d3],@v[$d3],@v[$a3]);
++	verllf	(@v[$d0],@v[$d0],8);
++	verllf	(@v[$d1],@v[$d1],8);
++	verllf	(@v[$d2],@v[$d2],8);
++	verllf	(@v[$d3],@v[$d3],8);
++
++	vaf	(@v[$c0],@v[$c0],@v[$d0]);
++	vaf	(@v[$c1],@v[$c1],@v[$d1]);
++	vaf	(@v[$c2],@v[$c2],@v[$d2]);
++	vaf	(@v[$c3],@v[$c3],@v[$d3]);
++	vx	(@v[$b0],@v[$b0],@v[$c0]);
++	vx	(@v[$b1],@v[$b1],@v[$c1]);
++	vx	(@v[$b2],@v[$b2],@v[$c2]);
++	vx	(@v[$b3],@v[$b3],@v[$c3]);
++	verllf	(@v[$b0],@v[$b0],7);
++	verllf	(@v[$b1],@v[$b1],7);
++	verllf	(@v[$b2],@v[$b2],7);
++	verllf	(@v[$b3],@v[$b3],7);
++}
++
++PERLASM_BEGIN($output);
+ 
+-foreach (split("\n",$code)) {
+-	s/\`([^\`]*)\`/eval $1/ge;
++INCLUDE	("s390x_arch.h");
++TEXT	();
+ 
+-	print $_,"\n";
++################
++# void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, size_t len,
++#                     const unsigned int key[8], const unsigned int counter[4])
++{
++my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6));
++
++# VX CODE PATH
++{
++my $off=$z*8*16+8;	# offset(initial state)
++my $frame=$stdframe+4*16+$off;
++
++GLOBL	("ChaCha20_ctr32");
++TYPE	("ChaCha20_ctr32","\@function");
++ALIGN	(32);
++LABEL	("ChaCha20_ctr32");
++	larl	("%r1","OPENSSL_s390xcap_P");
++
++	lghi	("%r0",64);
++&{$z?	\&cgr:\&cr}	($len,"%r0");
++	jle	("_s390x_chacha_novx");
++
++	lg	("%r0","S390X_STFLE+16(%r1)");
++	tmhh	("%r0",0x4000);	# check for vector facility
++	jz	("_s390x_chacha_novx");
++
++if (!$z) {
++	llgfr   ($len,$len);
++	std	("%f4","16*$SIZE_T+2*8($sp)");
++	std	("%f6","16*$SIZE_T+3*8($sp)");
++}
++&{$z?	\&stmg:\&stm}	("%r6","%r7","6*$SIZE_T($sp)");
++
++	lghi	("%r1",-$frame);
++	lgr	("%r0",$sp);
++	la	($sp,"0(%r1,$sp)");	# allocate stack frame
++
++	larl	("%r7",".Lsigma");
++&{$z?	\&stg:\&st}	("%r0","0($sp)");	# backchain
++
++	vstm	("%v8","%v15","8($sp)") if ($z);
++
++	vlm	("%v1","%v2","0($key)");	# load key
++	vl	("%v0","0(%r7)");	# load sigma constant
++	vl	("%v3","0($counter)");	# load iv (counter||nonce)
++	l	("%r0","0($counter)");	# load counter
++	vstm	("%v0","%v3","$off($sp)");	# copy initial state to stack
++
++	srlg	("%r1",$len,8);
++	ltgr	("%r1","%r1");
++	jz	(".Lvx_4x_done");
++
++ALIGN	(16);	# process 4 64-byte blocks
++LABEL	(".Lvx_4x");
++	vlrepf	("%v$_",($_*4)."+$off($sp)") for (0..15);	# load initial
++								#  state
++	vl	("%v31","16(%r7)");
++	vaf	("%v12","%v12","%v31");	# increment counter
++
++	vlr	(@v[$_],"%v$_") for (0..15);	# copy initial state
++
++	lhi	("%r6",10);
++	j	(".Loop_vx_4x");
++
++ALIGN	(16);
++LABEL	(".Loop_vx_4x");
++	VX_ROUND( 0, 4, 8,12);	# column round
++	VX_ROUND( 0, 5,10,15);	# diagonal round
++	brct	("%r6",".Loop_vx_4x");
++
++	vaf	(@v[$_],@v[$_],"%v$_") for (0..15);	# state += initial
++							#  state (mod 32)
++	vlm	("%v6","%v7","32(%r7)");	# load vperm operands
++
++for (0..3) {	# blocks 1,2
++	vmrhf	("%v0",@v[$_*4+0],@v[$_*4+1]);	# ks = serialize(state)
++	vmrhf	("%v1",@v[$_*4+2],@v[$_*4+3]);
++	vperm	("%v".($_+ 8),"%v0","%v1","%v6");
++	vperm	("%v".($_+12),"%v0","%v1","%v7");
++}
++	vlm	("%v0","%v7","0($inp)");	# load in
++	vx	("%v$_","%v$_","%v".($_+8)) for (0..7);	# out = in ^ ks
++	vstm	("%v0","%v7","0($out)");	# store out
++
++	vlm	("%v6","%v7","32(%r7)");	# restore vperm operands
++
++for (0..3) {	# blocks 2,3
++	vmrlf	("%v0",@v[$_*4+0],@v[$_*4+1]);	# ks = serialize(state)
++	vmrlf	("%v1",@v[$_*4+2],@v[$_*4+3]);
++	vperm	("%v".($_+ 8),"%v0","%v1","%v6");
++	vperm	("%v".($_+12),"%v0","%v1","%v7");
++}
++	vlm	("%v0","%v7","128($inp)");	# load in
++	vx	("%v$_","%v$_","%v".($_+8)) for (0..7);	# out = in ^ ks
++	vstm	("%v0","%v7","128($out)");	# store out
++
++	ahi	("%r0",4);
++	st	("%r0","48+$off($sp)");	# update initial state
++
++	la	($inp,"256($inp)");
++	la	($out,"256($out)");
++	brctg	("%r1",".Lvx_4x");
++
++ALIGN	(16);
++LABEL	(".Lvx_4x_done");
++	lghi	("%r1",0xff);
++	ngr	($len,"%r1");
++	jnz	(".Lvx_rem");
++
++ALIGN	(16);
++LABEL	(".Lvx_done");
++	vzero	("%v$_") for (16..31);	# wipe ks and key copy
++	vstm	("%v16","%v17","16+$off($sp)");
++	vlm	("%v8","%v15","8($sp)") if ($z);
++
++	la	($sp,"$frame($sp)");
++&{$z?	\&lmg:\&lm}	("%r6","%r7","6*$SIZE_T($sp)");
++
++if (!$z) {
++	ld	("%f4","16*$SIZE_T+2*8($sp)");
++	ld	("%f6","16*$SIZE_T+3*8($sp)");
++	vzero	("%v$_") for (8..15);
++}
++	br	("%r14");
++ALIGN	(16);
++LABEL	(".Lvx_rem");
++	lhi	("%r0",64);
++
++	sr	($len,"%r0");
++	brc	(2,".Lvx_rem_g64");	# cc==2?
++
++	lghi	("%r1",-$stdframe);
++
++	la	($counter,"48+$off($sp)");	# load updated iv
++	ar	($len,"%r0");	# restore len
++
++	lgr	("%r7",$counter);
++&{$z?	\&stg:\&st}	("%r14","14*$SIZE_T+$frame($sp)");
++	la	($sp,"0(%r1,$sp)");
++
++	bras	("%r14","_s390x_chacha_novx");
++
++	la	($sp,"$stdframe($sp)");
++&{$z?	\&lg:\&l}	("%r14","14*$SIZE_T+$frame($sp)");
++	lgr	($counter,"%r7");
++	j	(".Lvx_done");
++
++ALIGN	(16);
++LABEL	(".Lvx_rem_g64");
++	vlrepf	("%v$_",($_*4)."+$off($sp)") for (0..15);	# load initial
++								#  state
++	vl	("%v31","16(%r7)");
++	vaf	("%v12","%v12","%v31");	# increment counter
++
++	vlr	(@v[$_],"%v$_") for (0..15);	# state = initial state
++
++	lhi	("%r6",10);
++	j	(".Loop_vx_rem");
++
++ALIGN	(16);
++LABEL	(".Loop_vx_rem");
++	VX_ROUND( 0, 4, 8,12);	# column round
++	VX_ROUND( 0, 5,10,15);	# diagonal round
++	brct	("%r6",".Loop_vx_rem");
++
++	vaf	(@v[$_],@v[$_],"%v$_") for (0..15);	# state += initial
++							#  state (mod 32)
++	vlm	("%v6","%v7","32(%r7)");	# load vperm operands
++
++for (0..3) {	# blocks 1,2
++	vmrhf	("%v0",@v[$_*4+0],@v[$_*4+1]);	# ks = serialize(state)
++	vmrhf	("%v1",@v[$_*4+2],@v[$_*4+3]);
++	vperm	("%v".($_+8),"%v0","%v1","%v6");
++	vperm	("%v".($_+12),"%v0","%v1","%v7");
++}
++	vlm	("%v0","%v3","0($inp)");	# load in
++	vx	("%v$_","%v$_","%v".($_+8)) for (0..3);	# out = in ^ ks
++	vstm	("%v0","%v3","0($out)");	# store out
++
++	la	($inp,"64($inp)");
++	la	($out,"64($out)");
++
++	sr	($len,"%r0");
++	brc	(4,".Lvx_tail");	# cc==4?
++
++	vlm	("%v0","%v3","0($inp)");	# load in
++	vx	("%v$_","%v$_","%v".($_+12)) for (0..3);	# out = in ^ ks
++	vstm	("%v0","%v3","0($out)");	# store out
++	jz	(".Lvx_done");
++
++for (0..3) {	# blocks 3,4
++	vmrlf	("%v0",@v[$_*4+0],@v[$_*4+1]);	# ks = serialize(state)
++	vmrlf	("%v1",@v[$_*4+2],@v[$_*4+3]);
++	vperm	("%v".($_+12),"%v0","%v1","%v6");
++	vperm	("%v".($_+8),"%v0","%v1","%v7");
++}
++	la	($inp,"64($inp)");
++	la	($out,"64($out)");
++
++	sr	($len,"%r0");
++	brc	(4,".Lvx_tail");	# cc==4?
++
++	vlm	("%v0","%v3","0($inp)");	# load in
++	vx	("%v$_","%v$_","%v".($_+12)) for (0..3);	# out = in ^ ks
++	vstm	("%v0","%v3","0($out)");	# store out
++	jz	(".Lvx_done");
++
++	la	($inp,"64($inp)");
++	la	($out,"64($out)");
++
++	sr	($len,"%r0");
++	vlr	("%v".($_+4),"%v$_") for (8..11);
++	j	(".Lvx_tail");
++
++ALIGN	(16);
++LABEL	(".Lvx_tail");
++	ar	($len,"%r0");	# restore $len
++	ahi	($len,-1);
++
++	lhi	("%r0",16);
++for (0..2) {
++	vll	("%v0",$len,($_*16)."($inp)");
++	vx	("%v0","%v0","%v".($_+12));
++	vstl	("%v0",$len,($_*16)."($out)");
++	sr	($len,"%r0");
++	brc	(4,".Lvx_done");	# cc==4?
++}
++	vll	("%v0",$len,"3*16($inp)");
++	vx	("%v0","%v0","%v15");
++	vstl	("%v0",$len,"3*16($out)");
++	j	(".Lvx_done");
++SIZE	("ChaCha20_ctr32",".-ChaCha20_ctr32");
++}
++
++# NOVX CODE PATH
++{
++my $frame=$stdframe+4*20;
++
++TYPE	("_s390x_chacha_novx","\@function");
++ALIGN	(32);
++LABEL	("_s390x_chacha_novx");
++&{$z?	\&ltgr:\&ltr}	($len,$len);	# $len==0?
++	bzr	("%r14");
++&{$z?	\&aghi:\&ahi}	($len,-64);
++&{$z?	\&lghi:\&lhi}	("%r1",-$frame);
++&{$z?	\&stmg:\&stm}	("%r6","%r15","6*$SIZE_T($sp)");
++&{$z?	\&slgr:\&slr}	($out,$inp);	# difference
++	la	($len,"0($inp,$len)");	# end of input minus 64
++	larl	("%r7",".Lsigma");
++	lgr	("%r0",$sp);
++	la	($sp,"0(%r1,$sp)");
++&{$z?	\&stg:\&st}	("%r0","0($sp)");
++
++	lmg	("%r8","%r11","0($key)");	# load key
++	lmg	("%r12","%r13","0($counter)");	# load counter
++	lmg	("%r6","%r7","0(%r7)");	# load sigma constant
++
++	la	("%r14","0($inp)");
++&{$z?	\&stg:\&st}	($out,"$frame+3*$SIZE_T($sp)");
++&{$z?	\&stg:\&st}	($len,"$frame+4*$SIZE_T($sp)");
++	stmg	("%r6","%r13","$stdframe($sp)");# copy key schedule to stack
++	srlg	(@x[12],"%r12",32);	# 32-bit counter value
++	j	(".Loop_outer");
++
++ALIGN	(16);
++LABEL	(".Loop_outer");
++	lm	(@x[0],@x[7],"$stdframe+4*0($sp)");	# load x[0]-x[7]
++	lm	(@t[0],@t[1],"$stdframe+4*10($sp)");	# load x[10]-x[11]
++	lm	(@x[13],@x[15],"$stdframe+4*13($sp)");	# load x[13]-x[15]
++	stm	(@t[0],@t[1],"$stdframe+4*8+4*10($sp)");# offload x[10]-x[11]
++	lm	(@t[0],@t[1],"$stdframe+4*8($sp)");	# load x[8]-x[9]
++	st	(@x[12],"$stdframe+4*12($sp)");	# save counter
++&{$z?	\&stg:\&st}	("%r14","$frame+2*$SIZE_T($sp)");# save input pointer
++	lhi	("%r14",10);
++	j	(".Loop");
++
++ALIGN	(4);
++LABEL	(".Loop");
++	ROUND	(0, 4, 8,12);
++	ROUND	(0, 5,10,15);
++	brct	("%r14",".Loop");
++
++&{$z?	\&lg:\&l}	("%r14","$frame+2*$SIZE_T($sp)");# pull input pointer
++	stm	(@t[0],@t[1],"$stdframe+4*8+4*8($sp)");	# offload x[8]-x[9]
++&{$z?	\&lmg:\&lm}	(@t[0],@t[1],"$frame+3*$SIZE_T($sp)");
++
++	al	(@x[0],"$stdframe+4*0($sp)");	# accumulate key schedule
++	al	(@x[1],"$stdframe+4*1($sp)");
++	al	(@x[2],"$stdframe+4*2($sp)");
++	al	(@x[3],"$stdframe+4*3($sp)");
++	al	(@x[4],"$stdframe+4*4($sp)");
++	al	(@x[5],"$stdframe+4*5($sp)");
++	al	(@x[6],"$stdframe+4*6($sp)");
++	al	(@x[7],"$stdframe+4*7($sp)");
++	lrvr	(@x[0],@x[0]);
++	lrvr	(@x[1],@x[1]);
++	lrvr	(@x[2],@x[2]);
++	lrvr	(@x[3],@x[3]);
++	lrvr	(@x[4],@x[4]);
++	lrvr	(@x[5],@x[5]);
++	lrvr	(@x[6],@x[6]);
++	lrvr	(@x[7],@x[7]);
++	al	(@x[12],"$stdframe+4*12($sp)");
++	al	(@x[13],"$stdframe+4*13($sp)");
++	al	(@x[14],"$stdframe+4*14($sp)");
++	al	(@x[15],"$stdframe+4*15($sp)");
++	lrvr	(@x[12],@x[12]);
++	lrvr	(@x[13],@x[13]);
++	lrvr	(@x[14],@x[14]);
++	lrvr	(@x[15],@x[15]);
++
++	la	(@t[0],"0(@t[0],%r14)");	# reconstruct output pointer
++&{$z?	\&clgr:\&clr}	("%r14",@t[1]);
++	jh	(".Ltail");
++
++	x	(@x[0],"4*0(%r14)");	# xor with input
++	x	(@x[1],"4*1(%r14)");
++	st	(@x[0],"4*0(@t[0])");	# store output
++	x	(@x[2],"4*2(%r14)");
++	st	(@x[1],"4*1(@t[0])");
++	x	(@x[3],"4*3(%r14)");
++	st	(@x[2],"4*2(@t[0])");
++	x	(@x[4],"4*4(%r14)");
++	st	(@x[3],"4*3(@t[0])");
++	 lm	(@x[0],@x[3],"$stdframe+4*8+4*8($sp)");	# load x[8]-x[11]
++	x	(@x[5],"4*5(%r14)");
++	st	(@x[4],"4*4(@t[0])");
++	x	(@x[6],"4*6(%r14)");
++	 al	(@x[0],"$stdframe+4*8($sp)");
++	st	(@x[5],"4*5(@t[0])");
++	x	(@x[7],"4*7(%r14)");
++	 al	(@x[1],"$stdframe+4*9($sp)");
++	st	(@x[6],"4*6(@t[0])");
++	x	(@x[12],"4*12(%r14)");
++	 al	(@x[2],"$stdframe+4*10($sp)");
++	st	(@x[7],"4*7(@t[0])");
++	x	(@x[13],"4*13(%r14)");
++	 al	(@x[3],"$stdframe+4*11($sp)");
++	st	(@x[12],"4*12(@t[0])");
++	x	(@x[14],"4*14(%r14)");
++	st	(@x[13],"4*13(@t[0])");
++	x	(@x[15],"4*15(%r14)");
++	st	(@x[14],"4*14(@t[0])");
++	 lrvr	(@x[0],@x[0]);
++	st	(@x[15],"4*15(@t[0])");
++	 lrvr	(@x[1],@x[1]);
++	 lrvr	(@x[2],@x[2]);
++	 lrvr	(@x[3],@x[3]);
++	lhi	(@x[12],1);
++	 x	(@x[0],"4*8(%r14)");
++	al	(@x[12],"$stdframe+4*12($sp)");	# increment counter
++	 x	(@x[1],"4*9(%r14)");
++	 st	(@x[0],"4*8(@t[0])");
++	 x	(@x[2],"4*10(%r14)");
++	 st	(@x[1],"4*9(@t[0])");
++	 x	(@x[3],"4*11(%r14)");
++	 st	(@x[2],"4*10(@t[0])");
++	 st	(@x[3],"4*11(@t[0])");
++
++&{$z?	\&clgr:\&clr}	("%r14",@t[1]);	# done yet?
++	la	("%r14","64(%r14)");
++	jl	(".Loop_outer");
++
++LABEL	(".Ldone");
++	xgr	("%r0","%r0");
++	xgr	("%r1","%r1");
++	xgr	("%r2","%r2");
++	xgr	("%r3","%r3");
++	stmg	("%r0","%r3","$stdframe+4*4($sp)");	# wipe key copy
++	stmg	("%r0","%r3","$stdframe+4*12($sp)");
++
++&{$z?	\&lmg:\&lm}	("%r6","%r15","$frame+6*$SIZE_T($sp)");
++	br	("%r14");
++
++ALIGN	(16);
++LABEL	(".Ltail");
++	la	(@t[1],"64($t[1])");
++	stm	(@x[0],@x[7],"$stdframe+4*0($sp)");
++&{$z?	\&slgr:\&slr}	(@t[1],"%r14");
++	lm	(@x[0],@x[3],"$stdframe+4*8+4*8($sp)");
++&{$z?	\&lghi:\&lhi}	(@x[6],0);
++	stm	(@x[12],@x[15],"$stdframe+4*12($sp)");
++	al	(@x[0],"$stdframe+4*8($sp)");
++	al	(@x[1],"$stdframe+4*9($sp)");
++	al	(@x[2],"$stdframe+4*10($sp)");
++	al	(@x[3],"$stdframe+4*11($sp)");
++	lrvr	(@x[0],@x[0]);
++	lrvr	(@x[1],@x[1]);
++	lrvr	(@x[2],@x[2]);
++	lrvr	(@x[3],@x[3]);
++	stm	(@x[0],@x[3],"$stdframe+4*8($sp)");
++
++LABEL	(".Loop_tail");
++	llgc	(@x[4],"0(@x[6],%r14)");
++	llgc	(@x[5],"$stdframe(@x[6],$sp)");
++	xr	(@x[5],@x[4]);
++	stc	(@x[5],"0(@x[6],@t[0])");
++	la	(@x[6],"1(@x[6])");
++	brct	(@t[1],".Loop_tail");
++
++	j	(".Ldone");
++SIZE	("_s390x_chacha_novx",".-_s390x_chacha_novx");
++}
+ }
+-close STDOUT;
++################
++
++ALIGN	(64);
++LABEL	(".Lsigma");
++LONG	(0x61707865,0x3320646e,0x79622d32,0x6b206574);	# endian-neutral sigma
++LONG	(0x00000000,0x00000001,0x00000002,0x00000003);	# vaf counter increment
++LONG	(0x03020100,0x07060504,0x13121110,0x17161514);	# vperm serialization
++LONG	(0x0b0a0908,0x0f0e0d0c,0x1b1a1918,0x1f1e1d1c);	# vperm serialization
++ASCIZ	("\"ChaCha20 for s390x, CRYPTOGAMS by <appro\@openssl.org>\"");
++ALIGN	(4);
++
++PERLASM_END();
+Index: openssl-1.1.1a/crypto/chacha/build.info
+===================================================================
+--- openssl-1.1.1a.orig/crypto/chacha/build.info	2018-11-20 14:35:37.000000000 +0100
++++ openssl-1.1.1a/crypto/chacha/build.info	2019-01-10 16:19:39.942838273 +0100
+@@ -9,6 +9,7 @@ GENERATE[chacha-armv4.S]=asm/chacha-armv
+ INCLUDE[chacha-armv4.o]=..
+ GENERATE[chacha-armv8.S]=asm/chacha-armv8.pl $(PERLASM_SCHEME)
+ INCLUDE[chacha-armv8.o]=..
++INCLUDE[chacha-s390x.o]=..
+ 
+ BEGINRAW[Makefile(unix)]
+ ##### CHACHA assembler implementations

0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch

@@ -1,47 +0,0 @@
-From 7b46a0ed5938e28d974757db44cc9d299ad5cb4e Mon Sep 17 00:00:00 2001
-From: Patrick Steuer <patrick.steuer@de.ibm.com>
-Date: Thu, 23 Feb 2017 14:03:39 +0100
-Subject: [PATCH 02/44] crypto/modes/asm/ghash-s390x.pl: fix gcm_gmult_4bit
- KIMD code path.
-
-gcm_gmult_4bit KIMD code path assumed that that Xi is processed.
-However, with iv lengths not equal to 12, the function is also used to process
-Yi, resulting in wrong ghash computation.
-
-Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
----
- crypto/modes/asm/ghash-s390x.pl | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/modes/asm/ghash-s390x.pl b/crypto/modes/asm/ghash-s390x.pl
-index f8b038c708..6dbb8232d6 100644
---- a/crypto/modes/asm/ghash-s390x.pl
-+++ b/crypto/modes/asm/ghash-s390x.pl
-@@ -95,14 +95,23 @@ $code.=<<___ if(!$softonly && 0);	# hardware is slow for single block...
- 	lg	%r1,24(%r1)	# load second word of kimd capabilities vector
- 	tmhh	%r1,0x4000	# check for function 65
- 	jz	.Lsoft_gmult
-+	lghi	%r1,-16
- 	stg	%r0,16($sp)	# arrange 16 bytes of zero input
- 	stg	%r0,24($sp)
-+	la	$Htbl,0(%r1,$Htbl)	# H lies right before Htable
-+
- 	lghi	%r0,65		# function 65
--	la	%r1,0($Xi)	# H lies right after Xi in gcm128_context
-+	la	%r1,32($sp)
-+	mvc	32(16,$sp),0($Xi)	# copy Xi/Yi
-+	mvc	48(16,$sp),0($Htbl)	# copy H
- 	la	$inp,16($sp)
- 	lghi	$len,16
- 	.long	0xb93e0004	# kimd %r0,$inp
- 	brc	1,.-4		# pay attention to "partial completion"
-+
-+	mvc	0(16,$Xi),32($sp)
-+	xc	32(32,$sp),32($sp)	# wipe stack
-+
- 	br	%r14
- .align	32
- .Lsoft_gmult:
--- 
-2.13.6
-

0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch

@@ -1,112 +0,0 @@
-From 3e1c11dd482dd4626989bb6d84fc708d9bb95219 Mon Sep 17 00:00:00 2001
-From: Patrick Steuer <patrick.steuer@de.ibm.com>
-Date: Mon, 30 Jan 2017 17:37:54 +0100
-Subject: [PATCH 04/44] s390x assembly pack: add OPENSSL_s390xcap environment
- variable.
-
-The OPENSSL_s390xcap environment variable is used to set bits in the s390x
-capability vector to zero. This simplifies testing of different code paths.
-
-Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
----
- crypto/s390x_arch.h | 28 ++++++++++++++++++++++++++++
- crypto/s390xcap.c   | 33 +++++++++++++++++++++++++++++----
- 2 files changed, 57 insertions(+), 4 deletions(-)
- create mode 100644 crypto/s390x_arch.h
-
-Index: openssl-1.1.0g/crypto/s390x_arch.h
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.1.0g/crypto/s390x_arch.h	2018-01-10 15:26:40.291112320 +0100
-@@ -0,0 +1,28 @@
-+/*
-+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License").  You may not use
-+ * this file except in compliance with the License.  You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#ifndef S390X_ARCH_H
-+# define S390X_ARCH_H
-+
-+# include <stdint.h>
-+
-+/*
-+ * The elements of OPENSSL_s390xcap_P are the doublewords returned by the STFLE
-+ * instruction followed by the doubleword pairs returned by instructions' QUERY
-+ * functions. If STFLE returns fewer doublewords or an instruction is not
-+ * supported, the corresponding element is zero. The order is as follows:
-+ *
-+ * STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR
-+ */
-+# define S390X_STFLE_DWORDS	2
-+# define S390X_QUERY_DWORDS	8
-+# define S390X_CAP_DWORDS	(S390X_STFLE_DWORDS + S390X_QUERY_DWORDS)
-+extern unsigned long long OPENSSL_s390xcap_P[];
-+
-+#endif
-Index: openssl-1.1.0g/crypto/s390xcap.c
-===================================================================
---- openssl-1.1.0g.orig/crypto/s390xcap.c	2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/s390xcap.c	2018-01-10 15:27:42.988113439 +0100
-@@ -14,6 +14,7 @@
- #include <signal.h>
- 
- unsigned long long OPENSSL_s390xcap_P[10];
-+#include "s390x_arch.h"
- 
- static sigjmp_buf ill_jmp;
- static void ill_handler(int sig)
-@@ -21,17 +22,21 @@ static void ill_handler(int sig)
-     siglongjmp(ill_jmp, sig);
- }
- 
--unsigned long OPENSSL_s390x_facilities(void);
-+void OPENSSL_s390x_facilities(void);
- 
- void OPENSSL_cpuid_setup(void)
- {
-     sigset_t oset;
-     struct sigaction ill_act, oact;
-+    uint64_t vec;
-+    char *env;
-+    int off;
-+    int i;
- 
-     if (OPENSSL_s390xcap_P[0])
-         return;
- 
--    OPENSSL_s390xcap_P[0] = 1UL << (8 * sizeof(unsigned long) - 1);
-+    OPENSSL_s390xcap_P[0] = 1ULL << (8 * sizeof(uint64_t) - 1);
- 
-     memset(&ill_act, 0, sizeof(ill_act));
-     ill_act.sa_handler = ill_handler;
-@@ -47,4 +52,26 @@ void OPENSSL_cpuid_setup(void)
- 
-     sigaction(SIGILL, &oact, NULL);
-     sigprocmask(SIG_SETMASK, &oset, NULL);
-+
-+    if ((env = getenv("OPENSSL_s390xcap")) != NULL) {
-+        for (i = 0; i < S390X_CAP_DWORDS; i++) {
-+            off = (env[0] == '~') ? 1 : 0;
-+
-+            if (sscanf(env + off, "%llx", (unsigned long long *)&vec) == 1)
-+                OPENSSL_s390xcap_P[i] &= off ? ~vec : vec;
-+
-+            if (i == S390X_STFLE_DWORDS - 1)
-+                env = strchr(env, '.');
-+            else
-+                env = strpbrk(env, ":.");
-+
-+            if (env == NULL)
-+                break;
-+
-+            if (env[0] == '.')
-+                i = S390X_STFLE_DWORDS - 1;
-+
-+            env++;
-+        }
-+    }
- }

0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch

@@ -1,114 +0,0 @@
-From 79310b18d90badd58595cf2fff40591ad76c301a Mon Sep 17 00:00:00 2001
-From: Patrick Steuer <patrick.steuer@de.ibm.com>
-Date: Tue, 31 Jan 2017 12:43:35 +0100
-Subject: [PATCH 05/44] s390x assembly pack: add OPENSSL_s390xcap man page.
-
-Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
----
- doc/man3/OPENSSL_s390xcap.pod | 94 +++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 94 insertions(+)
- create mode 100644 doc/man3/OPENSSL_s390xcap.pod
-
-diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod
-new file mode 100644
-index 0000000000..de56c7cf55
---- /dev/null
-+++ b/doc/man3/OPENSSL_s390xcap.pod
-@@ -0,0 +1,94 @@
-+=pod
-+
-+=head1 NAME
-+
-+OPENSSL_s390xcap - the z processor capabilities vector
-+
-+=head1 SYNOPSIS
-+
-+ env OPENSSL_s390xcap=... <application>
-+
-+=head1 DESCRIPTION
-+
-+libcrypto supports z architecture instruction set extensions. These
-+extensions are denoted by individual bits in the capability vector.
-+When libcrypto is initialized, the bits returned by the STFLE instruction
-+and by the QUERY functions are stored in the vector.
-+
-+The OPENSSL_s390xcap environment variable can be set before starting an
-+application to affect capability detection. It is specified by a
-+colon-separated list of 64-bit values in hexadecimal notation, the 0x
-+prefix being optional. The ~ prefix means bitwise NOT and a point
-+indicates the end of the STFLE bits respectively the beginning of the
-+QUERY bits.
-+
-+After initialization, the capability vector is ANDed bitwise with the
-+corresponding parts of the environment variable.
-+
-+The following bits are significant:
-+
-+.
-+
-+=over
-+
-+=item #60 KIMD-SHA-512
-+
-+=item #61 KIMD-SHA-256
-+
-+=item #62 KIMD-SHA-1
-+
-+=back
-+
-+:
-+
-+=over
-+
-+=item #62 KIMD-GHASH
-+
-+=back
-+
-+:
-+
-+=over
-+
-+=item #11 KM-XTS-AES-256
-+
-+=item #13 KM-XTS-AES-128
-+
-+=item #43 KM-AES-256
-+
-+=item #44 KM-AES-192
-+
-+=item #45 KM-AES-128
-+
-+=back
-+
-+:
-+:
-+
-+=over
-+
-+=item #43 KMC-AES-256
-+
-+=item #44 KMC-AES-192
-+
-+=item #45 KMC-AES-128
-+
-+=back
-+
-+=head1 EXAMPLES
-+
-+OPENSSL_s390xcap=.0:0 disables KIMD.
-+
-+OPENSSL_s390xcap=.::~0x2800 disables KM-XTS-AES.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the OpenSSL license (the "License").  You may not use
-+this file except in compliance with the License.  You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
--- 
-2.13.6
-

0006-s390x-assembly-pack-extended-s390x-capability-vector.patch

@@ -1,220 +0,0 @@
-From 9c59438dadc2b8026c058deb0759da78de1bb7ba Mon Sep 17 00:00:00 2001
-From: Patrick Steuer <patrick.steuer@de.ibm.com>
-Date: Fri, 10 Feb 2017 19:43:08 +0100
-Subject: [PATCH 06/44] s390x assembly pack: extended s390x capability vector
- (STFLE).
-
-Extended the s390x capability vector to store the longer facility list
-available from z13 onwards. The bits indicating the vector extensions
-are set to zero, if the kernel does not enable the vector facility.
-
-Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
----
- crypto/aes/asm/aes-s390x.pl     | 10 +++++-----
- crypto/modes/asm/ghash-s390x.pl |  4 ++--
- crypto/s390x_arch.h             |  9 +++++++--
- crypto/s390xcap.c               | 31 +++++++++++++++++++++++++++++++
- crypto/s390xcpuid.S             | 14 +++++++++-----
- crypto/sha/asm/sha1-s390x.pl    |  4 ++--
- crypto/sha/asm/sha512-s390x.pl  |  4 ++--
- 7 files changed, 58 insertions(+), 18 deletions(-)
-
-Index: openssl-1.1.0g/crypto/aes/asm/aes-s390x.pl
-===================================================================
---- openssl-1.1.0g.orig/crypto/aes/asm/aes-s390x.pl	2018-01-10 17:13:05.962202226 +0100
-+++ openssl-1.1.0g/crypto/aes/asm/aes-s390x.pl	2018-01-10 17:22:31.466891754 +0100
-@@ -823,8 +823,8 @@ $code.=<<___ if (!$softonly);
- 	larl	%r1,OPENSSL_s390xcap_P
- 	llihh	%r0,0x8000
- 	srlg	%r0,%r0,0(%r5)
--	ng	%r0,32(%r1)	# check availability of both km...
--	ng	%r0,48(%r1)	# ...and kmc support for given key length
-+	ng	%r0,40(%r1)	# check availability of both km...
-+	ng	%r0,56(%r1)	# ...and kmc support for given key length
- 	jz	.Lekey_internal
- 
- 	lmg	%r0,%r1,0($inp)	# just copy 128 bits...
-@@ -1442,7 +1442,7 @@ $code.=<<___ if (!$softonly && 0);# kmct
- 	larl	%r1,OPENSSL_s390xcap_P
- 	llihh	%r0,0x8000	# check if kmctr supports the function code
- 	srlg	%r0,%r0,0($s0)
--	ng	%r0,64(%r1)	# check kmctr capability vector
-+	ng	%r0,72(%r1)	# check kmctr capability vector
- 	lgr	%r0,$s0
- 	lgr	%r1,$s1
- 	jz	.Lctr32_km_loop
-@@ -1592,7 +1592,7 @@ $code.=<<___ if(1);
- 	larl	%r1,OPENSSL_s390xcap_P
- 	llihh	%r0,0x8000
- 	srlg	%r0,%r0,32($s1)		# check for 32+function code
--	ng	%r0,32(%r1)		# check km capability vector
-+	ng	%r0,40(%r1)		# check km capability vector
- 	lgr	%r0,$s0			# restore the function code
- 	la	%r1,0($key1)		# restore $key1
- 	jz	.Lxts_km_vanilla
-Index: openssl-1.1.0g/crypto/modes/asm/ghash-s390x.pl
-===================================================================
---- openssl-1.1.0g.orig/crypto/modes/asm/ghash-s390x.pl	2018-01-10 17:13:05.962202226 +0100
-+++ openssl-1.1.0g/crypto/modes/asm/ghash-s390x.pl	2018-01-10 17:13:07.430224756 +0100
-@@ -89,7 +89,7 @@ ___
- $code.=<<___ if(!$softonly && 0);	# hardware is slow for single block...
- 	larl	%r1,OPENSSL_s390xcap_P
- 	lghi	%r0,0
--	lg	%r1,24(%r1)	# load second word of kimd capabilities vector
-+	lg	%r1,32(%r1)	# load second word of kimd capabilities vector
- 	tmhh	%r1,0x4000	# check for function 65
- 	jz	.Lsoft_gmult
- 	lghi	%r1,-16
-@@ -132,7 +132,7 @@ gcm_ghash_4bit:
- ___
- $code.=<<___ if(!$softonly);
- 	larl	%r1,OPENSSL_s390xcap_P
--	lg	%r0,24(%r1)	# load second word of kimd capabilities vector
-+	lg	%r0,32(%r1)	# load second word of kimd capabilities vector
- 	tmhh	%r0,0x4000	# check for function 65
- 	jz	.Lsoft_ghash
- 	lghi	%r0,65		# function 65
-Index: openssl-1.1.0g/crypto/s390x_arch.h
-===================================================================
---- openssl-1.1.0g.orig/crypto/s390x_arch.h	2018-01-10 17:13:05.962202226 +0100
-+++ openssl-1.1.0g/crypto/s390x_arch.h	2018-01-10 17:13:07.430224756 +0100
-@@ -18,11 +18,16 @@
-  * functions. If STFLE returns fewer doublewords or an instruction is not
-  * supported, the corresponding element is zero. The order is as follows:
-  *
-- * STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR
-+ * STFLE:STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR
-  */
--# define S390X_STFLE_DWORDS	2
-+# define S390X_STFLE_DWORDS	3
- # define S390X_QUERY_DWORDS	8
- # define S390X_CAP_DWORDS	(S390X_STFLE_DWORDS + S390X_QUERY_DWORDS)
- extern unsigned long long OPENSSL_s390xcap_P[];
- 
-+/* OPENSSL_s390xcap_P[2] flags */
-+# define S390X_STFLE_VXE	(1ULL << 56)
-+# define S390X_STFLE_VXD	(1ULL << 57)
-+# define S390X_STFLE_VX		(1ULL << 62)
-+
- #endif
-Index: openssl-1.1.0g/crypto/s390xcap.c
-===================================================================
---- openssl-1.1.0g.orig/crypto/s390xcap.c	2018-01-10 17:13:05.962202226 +0100
-+++ openssl-1.1.0g/crypto/s390xcap.c	2018-01-10 17:13:07.430224756 +0100
-@@ -22,6 +22,31 @@ static void ill_handler(int sig)
-     siglongjmp(ill_jmp, sig);
- }
- 
-+/*-
-+ * os-specific function to check if "vector enablement control"-bit and
-+ * "AFP register control"-bit in control register 0 are set.
-+ */
-+static int vx_enabled(void)
-+{
-+#if defined(OPENSSL_SYS_LINUX)
-+    FILE *fd;
-+    char buf[4096];
-+
-+    if ((fd = fopen("/proc/cpuinfo", "r")) == NULL)
-+        return 0;
-+
-+    buf[0] = '\0';
-+
-+    while ((fgets(buf, sizeof(buf), fd) != NULL)
-+           && (strstr(buf, "features") != buf));
-+
-+    fclose(fd);
-+    return (strstr(buf, " vx ") != NULL) ? 1 : 0;
-+#else
-+    return 0;
-+#endif
-+}
-+
- void OPENSSL_s390x_facilities(void);
- 
- void OPENSSL_cpuid_setup(void)
-@@ -53,6 +78,12 @@ void OPENSSL_cpuid_setup(void)
-     sigaction(SIGILL, &oact, NULL);
-     sigprocmask(SIG_SETMASK, &oset, NULL);
- 
-+    /* protection against disabled vector facility */
-+    if (!vx_enabled()) {
-+        OPENSSL_s390xcap_P[2] &= ~(S390X_STFLE_VXE | S390X_STFLE_VXD |
-+                                   S390X_STFLE_VX);
-+    }
-+
-     if ((env = getenv("OPENSSL_s390xcap")) != NULL) {
-         for (i = 0; i < S390X_CAP_DWORDS; i++) {
-             off = (env[0] == '~') ? 1 : 0;
-Index: openssl-1.1.0g/crypto/s390xcpuid.S
-===================================================================
---- openssl-1.1.0g.orig/crypto/s390xcpuid.S	2018-01-10 17:13:05.962202226 +0100
-+++ openssl-1.1.0g/crypto/s390xcpuid.S	2018-01-10 17:13:07.430224756 +0100
-@@ -21,33 +21,37 @@ OPENSSL_s390x_facilities:
- 	stg	%r0,56(%r4)
- 	stg	%r0,64(%r4)
- 	stg	%r0,72(%r4)
-+	stg	%r0,80(%r4)
- 
- 	.long	0xb2b04000	# stfle	0(%r4)
- 	brc	8,.Ldone
- 	lghi	%r0,1
- 	.long	0xb2b04000	# stfle 0(%r4)
-+	brc	8,.Ldone
-+	lghi	%r0,2
-+	.long	0xb2b04000	# stfle 0(%r4)
- .Ldone:
- 	lmg	%r2,%r3,0(%r4)
- 	tmhl	%r2,0x4000	# check for message-security-assist
- 	jz	.Lret
- 
- 	lghi	%r0,0		# query kimd capabilities
--	la	%r1,16(%r4)
-+	la	%r1,24(%r4)
- 	.long	0xb93e0002	# kimd %r0,%r2
- 
- 	lghi	%r0,0		# query km capability vector
--	la	%r1,32(%r4)
-+	la	%r1,40(%r4)
- 	.long	0xb92e0042	# km %r4,%r2
- 
- 	lghi	%r0,0		# query kmc capability vector
--	la	%r1,48(%r4)
-+	la	%r1,56(%r4)
- 	.long	0xb92f0042	# kmc %r4,%r2
- 
- 	tmhh	%r3,0x0004	# check for message-security-assist-4
- 	jz	.Lret
- 
- 	lghi	%r0,0		# query kmctr capability vector
--	la	%r1,64(%r4)
-+	la	%r1,72(%r4)
- 	.long	0xb92d2042	# kmctr %r4,%r2,%r2
- 
- .Lret:
-Index: openssl-1.1.0g/crypto/sha/asm/sha1-s390x.pl
-===================================================================
---- openssl-1.1.0g.orig/crypto/sha/asm/sha1-s390x.pl	2018-01-10 17:13:05.962202226 +0100
-+++ openssl-1.1.0g/crypto/sha/asm/sha1-s390x.pl	2018-01-10 17:13:07.430224756 +0100
-@@ -172,7 +172,7 @@ sha1_block_data_order:
- ___
- $code.=<<___ if ($kimdfunc);
- 	larl	%r1,OPENSSL_s390xcap_P
--	lg	%r0,16(%r1)	# check kimd capabilities
-+	lg	%r0,24(%r1)	# check kimd capabilities
- 	tmhh	%r0,`0x8000>>$kimdfunc`
- 	jz	.Lsoftware
- 	lghi	%r0,$kimdfunc
-Index: openssl-1.1.0g/crypto/sha/asm/sha512-s390x.pl
-===================================================================
---- openssl-1.1.0g.orig/crypto/sha/asm/sha512-s390x.pl	2018-01-10 17:13:05.962202226 +0100
-+++ openssl-1.1.0g/crypto/sha/asm/sha512-s390x.pl	2018-01-10 17:13:07.430224756 +0100
-@@ -244,7 +244,7 @@ $Func:
- ___
- $code.=<<___ if ($kimdfunc);
- 	larl	%r1,OPENSSL_s390xcap_P
--	lg	%r0,16(%r1)	# check kimd capabilities
-+	lg	%r0,24(%r1)	# check kimd capabilities
- 	tmhh	%r0,`0x8000>>$kimdfunc`
- 	jz	.Lsoftware
- 	lghi	%r0,$kimdfunc

0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch

@@ -1,220 +0,0 @@
-From 29039576b1512a3508d40929dad605cefe806186 Mon Sep 17 00:00:00 2001
-From: Patrick Steuer <patrick.steuer@de.ibm.com>
-Date: Thu, 16 Feb 2017 09:05:28 +0100
-Subject: [PATCH 07/44] crypto/evp/e_aes.c: add foundations for extended s390x
- support.
-
-Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
----
- crypto/evp/e_aes.c  | 175 ++++++++++++++++++++++++++++++++++++++++++++++++++++
- crypto/s390x_arch.h |  10 +++
- 2 files changed, 185 insertions(+)
-
-diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
-index 802b1d814d..d5932e1c64 100644
---- a/crypto/evp/e_aes.c
-+++ b/crypto/evp/e_aes.c
-@@ -950,6 +950,181 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
- const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
- { return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
- 
-+#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && !defined(AES_SOFTONLY)
-+/*
-+ * IBM S390X support
-+ */
-+# include "s390x_arch.h"
-+
-+/*-
-+ * If KM and KMC support the function code, AES_KEY structure holds
-+ * key/function code (instead of key schedule/number of rounds).
-+ */
-+# define S390X_AES_FC (((AES_KEY *)(key))->rounds)
-+
-+# define S390X_aes_128_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_128)&&\
-+                                (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_128))
-+# define S390X_aes_192_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_192)&&\
-+                                (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_192))
-+# define S390X_aes_256_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_256)&&\
-+                                (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_256))
-+
-+# define s390x_aes_init_key aes_init_key
-+static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+                              const unsigned char *iv, int enc);
-+
-+# define S390X_aes_128_cbc_CAPABLE	1	/* checked by callee */
-+# define S390X_aes_192_cbc_CAPABLE	1
-+# define S390X_aes_256_cbc_CAPABLE	1
-+
-+# define s390x_aes_cbc_cipher aes_cbc_cipher
-+static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+                                const unsigned char *in, size_t len);
-+
-+# define S390X_aes_128_ecb_CAPABLE	0
-+# define S390X_aes_192_ecb_CAPABLE	0
-+# define S390X_aes_256_ecb_CAPABLE	0
-+
-+# define s390x_aes_ecb_cipher aes_ecb_cipher
-+static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+                                const unsigned char *in, size_t len);
-+
-+# define S390X_aes_128_ofb_CAPABLE	0
-+# define S390X_aes_192_ofb_CAPABLE	0
-+# define S390X_aes_256_ofb_CAPABLE	0
-+
-+# define s390x_aes_ofb_cipher aes_ofb_cipher
-+static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+                                const unsigned char *in, size_t len);
-+
-+# define S390X_aes_128_cfb_CAPABLE	0
-+# define S390X_aes_192_cfb_CAPABLE	0
-+# define S390X_aes_256_cfb_CAPABLE	0
-+
-+# define s390x_aes_cfb_cipher aes_cfb_cipher
-+static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+                                const unsigned char *in, size_t len);
-+
-+# define S390X_aes_128_cfb8_CAPABLE	0
-+# define S390X_aes_192_cfb8_CAPABLE	0
-+# define S390X_aes_256_cfb8_CAPABLE	0
-+
-+# define s390x_aes_cfb8_cipher aes_cfb8_cipher
-+static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+                                 const unsigned char *in, size_t len);
-+
-+# define S390X_aes_128_cfb1_CAPABLE	0
-+# define S390X_aes_192_cfb1_CAPABLE	0
-+# define S390X_aes_256_cfb1_CAPABLE	0
-+
-+# define s390x_aes_cfb1_cipher aes_cfb1_cipher
-+static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+                                 const unsigned char *in, size_t len);
-+
-+# define S390X_aes_128_ctr_CAPABLE	1	/* checked by callee */
-+# define S390X_aes_192_ctr_CAPABLE	1
-+# define S390X_aes_256_ctr_CAPABLE	1
-+
-+# define s390x_aes_ctr_cipher aes_ctr_cipher
-+static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+                                const unsigned char *in, size_t len);
-+
-+# define S390X_aes_128_gcm_CAPABLE	0
-+# define S390X_aes_192_gcm_CAPABLE	0
-+# define S390X_aes_256_gcm_CAPABLE	0
-+
-+# define s390x_aes_gcm_init_key aes_gcm_init_key
-+static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
-+                                  const unsigned char *key,
-+                                  const unsigned char *iv, int enc);
-+
-+# define s390x_aes_gcm_cipher aes_gcm_cipher
-+static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+                                const unsigned char *in, size_t len);
-+
-+# define S390X_aes_128_xts_CAPABLE	1	/* checked by callee */
-+# define S390X_aes_256_xts_CAPABLE	1
-+
-+# define s390x_aes_xts_init_key aes_xts_init_key
-+static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,
-+                                  const unsigned char *key,
-+                                  const unsigned char *iv, int enc);
-+
-+# define s390x_aes_xts_cipher aes_xts_cipher
-+static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+                                const unsigned char *in, size_t len);
-+
-+# define S390X_aes_128_ccm_CAPABLE	0
-+# define S390X_aes_192_ccm_CAPABLE	0
-+# define S390X_aes_256_ccm_CAPABLE	0
-+
-+# define s390x_aes_ccm_init_key aes_ccm_init_key
-+static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
-+                                  const unsigned char *key,
-+                                  const unsigned char *iv, int enc);
-+
-+# define s390x_aes_ccm_cipher aes_ccm_cipher
-+static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+                                const unsigned char *in, size_t len);
-+
-+# ifndef OPENSSL_NO_OCB
-+#  define S390X_aes_128_ocb_CAPABLE	0
-+#  define S390X_aes_192_ocb_CAPABLE	0
-+#  define S390X_aes_256_ocb_CAPABLE	0
-+
-+#  define s390x_aes_ocb_init_key aes_ocb_init_key
-+static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-+                                  const unsigned char *iv, int enc);
-+#  define s390x_aes_ocb_cipher aes_ocb_cipher
-+static int s390x_aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+                                const unsigned char *in, size_t len);
-+# endif
-+
-+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags)	\
-+static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
-+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
-+        flags|EVP_CIPH_##MODE##_MODE,   \
-+        s390x_aes_init_key,             \
-+        s390x_aes_##mode##_cipher,      \
-+        NULL,                           \
-+        sizeof(EVP_AES_KEY),            \
-+        NULL,NULL,NULL,NULL }; \
-+static const EVP_CIPHER aes_##keylen##_##mode = { \
-+        nid##_##keylen##_##nmode,blocksize,     \
-+        keylen/8,ivlen, \
-+        flags|EVP_CIPH_##MODE##_MODE,   \
-+        aes_init_key,                   \
-+        aes_##mode##_cipher,            \
-+        NULL,                           \
-+        sizeof(EVP_AES_KEY),            \
-+        NULL,NULL,NULL,NULL }; \
-+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
-+{ return S390X_aes_##keylen##_##mode##_CAPABLE?&s390x_aes_##keylen##_##mode: \
-+                                               &aes_##keylen##_##mode; }
-+
-+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
-+static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
-+        nid##_##keylen##_##mode,blocksize, \
-+        (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
-+        flags|EVP_CIPH_##MODE##_MODE,   \
-+        s390x_aes_##mode##_init_key,    \
-+        s390x_aes_##mode##_cipher,      \
-+        aes_##mode##_cleanup,           \
-+        sizeof(EVP_AES_##MODE##_CTX),   \
-+        NULL,NULL,aes_##mode##_ctrl,NULL }; \
-+static const EVP_CIPHER aes_##keylen##_##mode = { \
-+        nid##_##keylen##_##mode,blocksize, \
-+        (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
-+        flags|EVP_CIPH_##MODE##_MODE,   \
-+        aes_##mode##_init_key,          \
-+        aes_##mode##_cipher,            \
-+        aes_##mode##_cleanup,           \
-+        sizeof(EVP_AES_##MODE##_CTX),   \
-+        NULL,NULL,aes_##mode##_ctrl,NULL }; \
-+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
-+{ return S390X_aes_##keylen##_##mode##_CAPABLE?&s390x_aes_##keylen##_##mode: \
-+                                               &aes_##keylen##_##mode; }
-+
- #else
- 
- # define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
-diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h
-index 434f8e3f4e..5bf24930ed 100644
---- a/crypto/s390x_arch.h
-+++ b/crypto/s390x_arch.h
-@@ -30,4 +30,14 @@ extern uint64_t OPENSSL_s390xcap_P[];
- # define S390X_STFLE_VXD	(1ULL << 57)
- # define S390X_STFLE_VX		(1ULL << 62)
- 
-+/* OPENSSL_s390xcap_P[5] flags */
-+# define S390X_KM_AES_256	(1ULL << 43)
-+# define S390X_KM_AES_192	(1ULL << 44)
-+# define S390X_KM_AES_128	(1ULL << 45)
-+
-+/* OPENSSL_s390xcap_P[7] flags */
-+# define S390X_KMC_AES_256	(1ULL << 43)
-+# define S390X_KMC_AES_192	(1ULL << 44)
-+# define S390X_KMC_AES_128	(1ULL << 45)
-+
- #endif
--- 
-2.13.6
-

0008-s390x-assembly-pack-extended-s390x-capability-vector.patch

@@ -1,73 +0,0 @@
-From 5534badade984ccad7dbe56e17bcf0b2d00820c0 Mon Sep 17 00:00:00 2001
-From: Patrick Steuer <patrick.steuer@de.ibm.com>
-Date: Sun, 12 Feb 2017 12:27:00 +0100
-Subject: [PATCH 08/44] s390x assembly pack: extended s390x capability vector
- (KMA).
-
-Extended the s390x capability vector to store the doubleword pair
-returned by the KMA instruction's QUERY function.
-
-Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
----
- crypto/aes/asm/aes-s390x.pl    |  2 +-
- crypto/s390x_arch.h            |  9 +++++++--
- crypto/s390xcpuid.S            | 12 +++++++++++-
- crypto/sha/asm/sha1-s390x.pl   |  2 +-
- crypto/sha/asm/sha512-s390x.pl |  2 +-
- 5 files changed, 21 insertions(+), 6 deletions(-)
-
-Index: openssl-1.1.0g/crypto/s390x_arch.h
-===================================================================
---- openssl-1.1.0g.orig/crypto/s390x_arch.h	2018-01-10 15:38:21.714301915 +0100
-+++ openssl-1.1.0g/crypto/s390x_arch.h	2018-01-10 15:38:28.942417111 +0100
-@@ -18,10 +18,10 @@
-  * functions. If STFLE returns fewer doublewords or an instruction is not
-  * supported, the corresponding element is zero. The order is as follows:
-  *
-- * STFLE:STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR
-+ * STFLE:STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR:KMA:KMA
-  */
- # define S390X_STFLE_DWORDS	3
--# define S390X_QUERY_DWORDS	8
-+# define S390X_QUERY_DWORDS	10
- # define S390X_CAP_DWORDS	(S390X_STFLE_DWORDS + S390X_QUERY_DWORDS)
- extern unsigned long long OPENSSL_s390xcap_P[];
- 
-@@ -40,4 +40,9 @@ extern unsigned long long OPENSSL_s390xc
- # define S390X_KMC_AES_192	(1ULL << 44)
- # define S390X_KMC_AES_128	(1ULL << 45)
- 
-+/* OPENSSL_s390xcap_P[11] flags */
-+# define S390X_KMA_GCM_AES_256	(1ULL << 43)
-+# define S390X_KMA_GCM_AES_192	(1ULL << 44)
-+# define S390X_KMA_GCM_AES_128	(1ULL << 45)
-+
- #endif
-Index: openssl-1.1.0g/crypto/s390xcpuid.S
-===================================================================
---- openssl-1.1.0g.orig/crypto/s390xcpuid.S	2018-01-10 15:38:21.706301789 +0100
-+++ openssl-1.1.0g/crypto/s390xcpuid.S	2018-01-10 15:38:21.722302044 +0100
-@@ -22,6 +22,8 @@ OPENSSL_s390x_facilities:
- 	stg	%r0,64(%r4)
- 	stg	%r0,72(%r4)
- 	stg	%r0,80(%r4)
-+	stg	%r0,88(%r4)
-+	stg	%r0,96(%r4)
- 
- 	.long	0xb2b04000	# stfle	0(%r4)
- 	brc	8,.Ldone
-@@ -54,6 +56,14 @@ OPENSSL_s390x_facilities:
- 	la	%r1,72(%r4)
- 	.long	0xb92d2042	# kmctr %r4,%r2,%r2
- 
-+	lg	%r2,16(%r4)
-+	tmhl	%r2,0x2000	# check for message-security-assist-8
-+	jz	.Lret
-+
-+	lghi	%r0,0		# query kma capability vector
-+	la	%r1,88(%r4)
-+	.long	0xb9294022	# kma %r2,%r4,%r2
-+
- .Lret:
- 	br	%r14
- .size	OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities

0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch

@@ -1,58 +0,0 @@
-From 6d4165cf2b6c19162fdcc98e0f093b12ce765191 Mon Sep 17 00:00:00 2001
-From: Patrick Steuer <patrick.steuer@de.ibm.com>
-Date: Tue, 14 Feb 2017 02:07:37 +0100
-Subject: [PATCH 09/44] crypto/aes/asm/aes-s390x.pl: add KMA code path.
-
-Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
----
- crypto/aes/asm/aes-s390x.pl | 34 +++++++++++++++++++++++++++++++++-
- 1 file changed, 33 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
-index b546c16025..750f61e87a 100644
---- a/crypto/aes/asm/aes-s390x.pl
-+++ b/crypto/aes/asm/aes-s390x.pl
-@@ -1403,7 +1403,39 @@ $code.=<<___ if (!$softonly);
- 	clr	%r0,%r1
- 	jl	.Lctr32_software
- 
--	stm${g}	%r6,$s3,6*$SIZE_T($sp)
-+	stm${g}	$s2,$s3,10*$SIZE_T($sp)
-+	llgfr	$s2,%r0
-+	larl	%r1,OPENSSL_s390xcap_P
-+	llihh	%r0,0x8000	# check if kma supports the function code
-+	srlg	%r0,%r0,0($s2)
-+	ng	%r0,88(%r1)	# check kma capability vector
-+	lgr	%r0,$s2
-+	jz	.Lctr32_nokma
-+
-+	aghi	$sp,-112
-+	lhi	%r1,0x0600
-+	sllg	$len,$len,4
-+	or	%r0,%r1		# set HS and LAAD flags
-+	lmg	$s2,$s3,0($ivp)
-+	la	%r1,0($sp)	# prepare parameter block
-+	ahi	$s3,-1		# decrement counter
-+	mvc	80(32,$sp),0($key)	# copy key
-+	stmg	$s2,$s3,64($sp)	# copy iv
-+	st	$s3,12($sp)	# copy counter
-+	lghi	$s3,0		# no AAD
-+
-+	.long	0xb929a042	# kma $out,$s2,$inp
-+	brc	1,.-4		# pay attention to "partial completion"
-+
-+	xc	80(32,$sp),80($sp)	# wipe key copy
-+	la	$sp,112($sp)
-+	lm${g}	$s2,$s3,10*$SIZE_T($sp)
-+	br	$ra
-+
-+.align	16
-+.Lctr32_nokma:
-+
-+	stm${g}	%r6,$s1,6*$SIZE_T($sp)
- 
- 	slgr	$out,$inp
- 	la	%r1,0($key)	# %r1 is permanent copy of $key
--- 
-2.13.6
-

0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch

@@ -1,41 +0,0 @@
-From 98100dfe2659b43c1e80c54e5666e6f5d0330759 Mon Sep 17 00:00:00 2001
-From: Patrick Steuer <patrick.steuer@de.ibm.com>
-Date: Mon, 13 Feb 2017 16:43:12 +0100
-Subject: [PATCH 10/44] doc/man3/OPENSSL_s390xcap.pod: update (KMA).
-
-List KMA-GCM-AES bits as significant.
-
-Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
----
- doc/man3/OPENSSL_s390xcap.pod | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
-
-diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod
-index de56c7cf55..adf2c02036 100644
---- a/doc/man3/OPENSSL_s390xcap.pod
-+++ b/doc/man3/OPENSSL_s390xcap.pod
-@@ -76,6 +76,21 @@ The following bits are significant:
- 
- =back
- 
-+:
-+:
-+:
-+:
-+
-+=over
-+
-+=item #43 KMA-GCM-AES-256
-+
-+=item #44 KMA-GCM-AES-192
-+
-+=item #45 KMA-GCM-AES-128
-+
-+=back
-+
- =head1 EXAMPLES
- 
- OPENSSL_s390xcap=.0:0 disables KIMD.
--- 
-2.13.6
-

0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch

@@ -1,62 +0,0 @@
-From f34474dd00118128ed574e838895167efddf7359 Mon Sep 17 00:00:00 2001
-From: Patrick Steuer <patrick.steuer@de.ibm.com>
-Date: Tue, 14 Feb 2017 11:15:51 +0100
-Subject: [PATCH 11/44] crypto/aes/asm/aes-s390x.pl: add CFI annotations (KMA
- code path).
-
-Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
----
- crypto/aes/asm/aes-s390x.pl | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
-index 750f61e87a..6cabdf5069 100644
---- a/crypto/aes/asm/aes-s390x.pl
-+++ b/crypto/aes/asm/aes-s390x.pl
-@@ -1392,6 +1392,7 @@ $code.=<<___;
- .type	AES_ctr32_encrypt,\@function
- .align	16
- AES_ctr32_encrypt:
-+.cfi_startproc
- 	xgr	%r3,%r4		# flip %r3 and %r4, $out and $len
- 	xgr	%r4,%r3
- 	xgr	%r3,%r4
-@@ -1404,6 +1405,8 @@ $code.=<<___ if (!$softonly);
- 	jl	.Lctr32_software
- 
- 	stm${g}	$s2,$s3,10*$SIZE_T($sp)
-+	.cfi_rel_offset $s2,10*$SIZE_T
-+	.cfi_rel_offset $s3,11*$SIZE_T
- 	llgfr	$s2,%r0
- 	larl	%r1,OPENSSL_s390xcap_P
- 	llihh	%r0,0x8000	# check if kma supports the function code
-@@ -1413,6 +1416,7 @@ $code.=<<___ if (!$softonly);
- 	jz	.Lctr32_nokma
- 
- 	aghi	$sp,-112
-+	.cfi_adjust_cfa_offset 112
- 	lhi	%r1,0x0600
- 	sllg	$len,$len,4
- 	or	%r0,%r1		# set HS and LAAD flags
-@@ -1429,7 +1433,10 @@ $code.=<<___ if (!$softonly);
- 
- 	xc	80(32,$sp),80($sp)	# wipe key copy
- 	la	$sp,112($sp)
-+	.cfi_adjust_cfa_offset -112
- 	lm${g}	$s2,$s3,10*$SIZE_T($sp)
-+	.cfi_restore $s2
-+	.cfi_restore $s3
- 	br	$ra
- 
- .align	16
-@@ -1594,6 +1601,7 @@ $code.=<<___;
- 
- 	lm${g}	%r6,$ra,6*$SIZE_T($sp)
- 	br	$ra
-+.cfi_endproc
- .size	AES_ctr32_encrypt,.-AES_ctr32_encrypt
- ___
- }
--- 
-2.13.6
-

0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch

@@ -1,335 +0,0 @@
-From acef148f0aac18d78c3c857065b3a1274279b2df Mon Sep 17 00:00:00 2001
-From: Patrick Steuer <patrick.steuer@de.ibm.com>
-Date: Sat, 25 Feb 2017 10:05:12 +0100
-Subject: [PATCH 12/44] s390x assembly pack: add KMA code path for aes-gcm.
-
-Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
----
- crypto/aes/asm/aes-s390x.pl |  52 ++++++++++++
- crypto/evp/e_aes.c          | 200 ++++++++++++++++++++++++++++++++++++++++++--
- crypto/modes/gcm128.c       |   4 +
- crypto/s390x_arch.h         |   5 ++
- 4 files changed, 253 insertions(+), 8 deletions(-)
-
-Index: openssl-1.1.0g/crypto/aes/asm/aes-s390x.pl
-===================================================================
---- openssl-1.1.0g.orig/crypto/aes/asm/aes-s390x.pl	2018-01-09 17:35:12.231011406 +0100
-+++ openssl-1.1.0g/crypto/aes/asm/aes-s390x.pl	2018-01-09 17:35:16.795082242 +0100
-@@ -2257,6 +2257,58 @@ $code.=<<___;
- .size	AES_xts_decrypt,.-AES_xts_decrypt
- ___
- }
-+
-+################
-+# void s390x_aes_gcm_blocks(unsigned char *out, GCM128_CONTEXT *ctx,
-+#                           const unsigned char *in, size_t len,
-+#                           const unsigned char *aad, size_t alen,
-+#                           const AES_KEY *key, int enc)
-+{
-+my ($out,$ctx,$in,$len,$aad,$alen,$key,$enc) = map("%r$_",(2..9));
-+$code.=<<___ if (!$softonly);
-+.globl	s390x_aes_gcm_blocks
-+.type	s390x_aes_gcm_blocks,\@function
-+.align	16
-+s390x_aes_gcm_blocks:
-+	stm$g	$alen,$enc,7*$SIZE_T($sp)
-+	lm$g	$alen,$enc,$stdframe($sp)
-+
-+	aghi	$sp,-112
-+
-+	lmg	%r0,%r1,0($ctx)
-+	ahi	%r1,-1
-+
-+	mvc	16(32,$sp),64($ctx)	# copy Xi/H
-+	#mvc	48(16,$sp),48($ctx)	# copy len
-+	mvc	80(32,$sp),0($key)	# copy key
-+	st	%r1,12($sp)		# copy Yi
-+	stmg	%r0,%r1,64($sp)
-+
-+	lhi	%r1,128
-+	l	%r0,240($key)	# kma capability vector checked by caller
-+	sll	$enc,7
-+	xr	$enc,%r1
-+	or	%r0,$enc
-+
-+	la	%r1,0($sp)
-+
-+	.long	0xb9296024	# kma $out,$aad,$in
-+	brc	1,.-4		# pay attention to "partial completion"
-+
-+	l	%r0,12($sp)
-+	mvc	64(16,$ctx),16($sp)	# update Xi
-+	xc	0(112,$sp),0($sp)	# wipe stack
-+
-+	la	$sp,112($sp)
-+	ahi	%r0,1
-+	st	%r0,12($ctx)
-+
-+	lm$g	$alen,$enc,7*$SIZE_T($sp)
-+	br	$ra
-+.size	s390x_aes_gcm_blocks,.-s390x_aes_gcm_blocks
-+___
-+}
-+
- $code.=<<___;
- .string	"AES for s390x, CRYPTOGAMS by <appro\@openssl.org>"
- ___
-Index: openssl-1.1.0g/crypto/evp/e_aes.c
-===================================================================
---- openssl-1.1.0g.orig/crypto/evp/e_aes.c	2018-01-09 17:35:12.199010909 +0100
-+++ openssl-1.1.0g/crypto/evp/e_aes.c	2018-01-09 17:35:12.239011531 +0100
-@@ -960,7 +960,7 @@ const EVP_CIPHER *EVP_aes_##keylen##_##m
-  * If KM and KMC support the function code, AES_KEY structure holds
-  * key/function code (instead of key schedule/number of rounds).
-  */
--# define S390X_AES_FC (((AES_KEY *)(key))->rounds)
-+# define S390X_AES_FC(key)	(((AES_KEY *)(key))->rounds)
- 
- # define S390X_aes_128_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_128)&&\
-                                 (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_128))
-@@ -969,6 +969,11 @@ const EVP_CIPHER *EVP_aes_##keylen##_##m
- # define S390X_aes_256_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_256)&&\
-                                 (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_256))
- 
-+void s390x_aes_gcm_blocks(unsigned char *out, GCM128_CONTEXT *ctx,
-+                          const unsigned char *in, size_t len,
-+                          const unsigned char *aad, size_t alen,
-+                          const AES_KEY *key, int enc);
-+
- # define s390x_aes_init_key aes_init_key
- static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                               const unsigned char *iv, int enc);
-@@ -1029,18 +1034,197 @@ static int s390x_aes_cfb1_cipher(EVP_CIP
- static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                                 const unsigned char *in, size_t len);
- 
--# define S390X_aes_128_gcm_CAPABLE	0
--# define S390X_aes_192_gcm_CAPABLE	0
--# define S390X_aes_256_gcm_CAPABLE	0
-+# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE&&\
-+                                    OPENSSL_s390xcap_P[17]\
-+                                    &S390X_KMA_GCM_AES_128)
-+# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE&&\
-+                                    OPENSSL_s390xcap_P[17]\
-+                                    &S390X_KMA_GCM_AES_192)
-+# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE&&\
-+                                    OPENSSL_s390xcap_P[17]\
-+                                    &S390X_KMA_GCM_AES_256)
-+
-+static int s390x_aes_gcm(GCM128_CONTEXT *ctx, const unsigned char *in,
-+                         unsigned char *out, size_t len, int enc)
-+{
-+    int n;
-+    size_t rem;
-+    u64 mlen = ctx->len.u[1];
-+    unsigned char tmp;
-+
-+    mlen += len;
-+
-+    if (mlen > ((1ULL << 36) - 32) || (sizeof(len) == 8 && mlen < len))
-+        return -1;
-+
-+    ctx->len.u[1] = mlen;
-+
-+    if (ctx->ares) {
-+        (*ctx->gmult)(ctx->Xi.u, ctx->Htable);
-+        ctx->ares = 0;
-+    }
-+    S390X_AES_FC(ctx->key) |= S390X_KMA_LAAD;
-+    n = ctx->mres;
-+
-+    if (n) {
-+        while (n && len) {
-+            tmp = *in;
-+            *out = tmp ^ ctx->EKi.c[n];
-+            ctx->Xi.c[n] ^= enc ? *out : tmp;
-+            n = (n + 1) % AES_BLOCK_SIZE;
-+            --len;
-+            ++in;
-+            ++out;
-+        }
-+        if (n == 0) {
-+            (*ctx->gmult)(ctx->Xi.u, ctx->Htable);
-+        } else {
-+            ctx->mres = n;
-+            return 0;
-+        }
-+    }
-+    rem = len % AES_BLOCK_SIZE;
-+    len -= rem;
-+
-+    s390x_aes_gcm_blocks(out, ctx, in, len, NULL, 0, ctx->key, enc);
-+
-+    if (rem) {
-+        in += len;
-+        out += len;
-+        (*ctx->block)(ctx->Yi.c, ctx->EKi.c, ctx->key);
-+        ++ctx->Yi.d[3];
-+        while (rem--) {
-+            tmp = in[n];
-+            out[n] = tmp ^ ctx->EKi.c[n];
-+            ctx->Xi.c[n] ^= enc ? out[n] : tmp;
-+            ++n;
-+        }
-+    }
-+
-+    ctx->mres = n;
-+    return 0;
-+}
- 
--# define s390x_aes_gcm_init_key aes_gcm_init_key
- static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
-                                   const unsigned char *key,
--                                  const unsigned char *iv, int enc);
-+                                  const unsigned char *iv, int enc)
-+{
-+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
-+    const int keybitlen = EVP_CIPHER_CTX_key_length(ctx) * 8;
-+
-+    if (!iv && !key)
-+        return 1;
-+
-+    if (key) {
-+        AES_set_encrypt_key(key, keybitlen, &gctx->ks.ks);
-+        CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
-+        S390X_AES_FC(&gctx->ks) |= S390X_KMA_HS;
-+
-+        if (iv == NULL && gctx->iv_set)
-+            iv = gctx->iv;
-+
-+        if (iv) {
-+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
-+            gctx->iv_set = 1;
-+        }
-+        gctx->key_set = 1;
-+    } else {
-+        if (gctx->key_set)
-+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
-+        else
-+            memcpy(gctx->iv, iv, gctx->ivlen);
-+
-+        gctx->iv_set = 1;
-+        gctx->iv_gen = 0;
-+    }
-+    return 1;
-+}
-+
-+static int s390x_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-+                                    const unsigned char *in, size_t len)
-+{
-+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
-+    unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
-+    int enc = EVP_CIPHER_CTX_encrypting(ctx);
-+    int rv = -1;
-+
-+    if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
-+        return -1;
-+
-+    if (EVP_CIPHER_CTX_ctrl(ctx, enc ? EVP_CTRL_GCM_IV_GEN :
-+                            EVP_CTRL_GCM_SET_IV_INV,
-+                            EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
-+        goto err;
-+
-+    if (CRYPTO_gcm128_aad(&gctx->gcm, buf, gctx->tls_aad_len))
-+        goto err;
-+
-+    in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+    out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-+    len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
-+
-+    if (s390x_aes_gcm(&gctx->gcm, in, out, len, enc))
-+        goto err;
-+
-+    if (enc) {
-+        out += len;
-+        CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
-+        rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
-+    } else {
-+        CRYPTO_gcm128_tag(&gctx->gcm, buf, EVP_GCM_TLS_TAG_LEN);
-+
-+        if (CRYPTO_memcmp(buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
-+            OPENSSL_cleanse(out, len);
-+            goto err;
-+        }
-+        rv = len;
-+    }
-+ err:
-+    gctx->iv_set = 0;
-+    gctx->tls_aad_len = -1;
-+    return rv;
-+}
- 
--# define s390x_aes_gcm_cipher aes_gcm_cipher
- static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
--                                const unsigned char *in, size_t len);
-+                                const unsigned char *in, size_t len)
-+{
-+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
-+    unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
-+    int enc = EVP_CIPHER_CTX_encrypting(ctx);
-+
-+    if (!gctx->key_set)
-+        return -1;
-+
-+    if (gctx->tls_aad_len >= 0)
-+        return s390x_aes_gcm_tls_cipher(ctx, out, in, len);
-+
-+    if (!gctx->iv_set)
-+        return -1;
-+
-+    if (in) {
-+        if (out == NULL) {
-+            if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
-+                return -1;
-+        } else {
-+            if (s390x_aes_gcm(&gctx->gcm, in, out, len, enc))
-+                return -1;
-+        }
-+        return len;
-+    } else {
-+        if (enc) {
-+            gctx->taglen = 16;
-+            CRYPTO_gcm128_tag(&gctx->gcm, buf, gctx->taglen);
-+        } else {
-+            if (gctx->taglen < 0)
-+                return -1;
-+
-+            if (CRYPTO_gcm128_finish(&gctx->gcm, buf, gctx->taglen))
-+                return -1;
-+        }
-+        gctx->iv_set = 0;
-+        return 0;
-+    }
-+}
- 
- # define S390X_aes_128_xts_CAPABLE	1	/* checked by callee */
- # define S390X_aes_256_xts_CAPABLE	1
-Index: openssl-1.1.0g/crypto/modes/gcm128.c
-===================================================================
---- openssl-1.1.0g.orig/crypto/modes/gcm128.c	2017-11-02 15:29:03.000000000 +0100
-+++ openssl-1.1.0g/crypto/modes/gcm128.c	2018-01-09 17:35:12.239011531 +0100
-@@ -817,6 +817,10 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *
-         ctx->gmult = gcm_gmult_4bit;
-         CTX__GHASH(gcm_ghash_4bit);
-     }
-+# elif defined(GHASH_ASM)
-+    gcm_init_4bit(ctx->Htable, ctx->H.u);
-+    ctx->gmult = gcm_gmult_4bit;
-+    CTX__GHASH(gcm_ghash_4bit);
- # else
-     gcm_init_4bit(ctx->Htable, ctx->H.u);
- # endif
-Index: openssl-1.1.0g/crypto/s390x_arch.h
-===================================================================
---- openssl-1.1.0g.orig/crypto/s390x_arch.h	2018-01-09 17:35:12.207011034 +0100
-+++ openssl-1.1.0g/crypto/s390x_arch.h	2018-01-09 17:35:12.239011531 +0100
-@@ -45,4 +45,9 @@ extern uint64_t OPENSSL_s390xcap_P[];
- # define S390X_KMA_GCM_AES_192	(1ULL << 44)
- # define S390X_KMA_GCM_AES_128	(1ULL << 45)
- 
-+/* %r0 flags */
-+# define S390X_KMA_LPC		(1ULL <<  8)
-+# define S390X_KMA_LAAD		(1ULL <<  9)
-+# define S390X_KMA_HS		(1ULL << 10)
-+
- #endif

0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch

@@ -1,51 +0,0 @@
-From d137c24cbf25bae932dcfc0b58fa667a9ef63bf0 Mon Sep 17 00:00:00 2001
-From: Patrick Steuer <patrick.steuer@de.ibm.com>
-Date: Sun, 26 Feb 2017 22:36:39 +0100
-Subject: [PATCH 13/44] crypto/aes/asm/aes-s390x.pl: add CFI annotations
- (KMA-gcm code path).
-
-Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
----
- crypto/aes/asm/aes-s390x.pl | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
-index f23b1231c1..dfe79f84a6 100644
---- a/crypto/aes/asm/aes-s390x.pl
-+++ b/crypto/aes/asm/aes-s390x.pl
-@@ -2270,10 +2270,15 @@ $code.=<<___ if (!$softonly);
- .type	s390x_aes_gcm_blocks,\@function
- .align	16
- s390x_aes_gcm_blocks:
-+.cfi_startproc
- 	stm$g	$alen,$enc,7*$SIZE_T($sp)
-+	.cfi_rel_offset $alen,7*$SIZE_T
-+	.cfi_rel_offset $key,8*$SIZE_T
-+	.cfi_rel_offset $enc,9*$SIZE_T
- 	lm$g	$alen,$enc,$stdframe($sp)
- 
- 	aghi	$sp,-112
-+	.cfi_adjust_cfa_offset 112
- 
- 	lmg	%r0,%r1,0($ctx)
- 	ahi	%r1,-1
-@@ -2300,11 +2305,16 @@ s390x_aes_gcm_blocks:
- 	xc	0(112,$sp),0($sp)	# wipe stack
- 
- 	la	$sp,112($sp)
-+	.cfi_adjust_cfa_offset -112
- 	ahi	%r0,1
- 	st	%r0,12($ctx)
- 
- 	lm$g	$alen,$enc,7*$SIZE_T($sp)
-+	.cfi_restore $alen
-+	.cfi_restore $key
-+	.cfi_restore $enc
- 	br	$ra
-+.cfi_endproc
- .size	s390x_aes_gcm_blocks,.-s390x_aes_gcm_blocks
- ___
- }
--- 
-2.13.6
-

baselibs.conf

@@ -5,6 +5,3 @@ libopenssl-1_1-devel
   conflicts "otherproviders(libopenssl-devel-<targettype>)"
   requires -"openssl-1_1-<targettype>"
   requires "libopenssl1_1-<targettype> = <version>"
-libopenssl1_1-hmac
-  requires "libopenssl1_1-<targettype> = <version>-%release"
-  obsoletes "libopenssl1_1_0-hmac-<targettype>"

openssl-1.0.1e-add-suse-default-cipher.patch

@@ -1,36 +0,0 @@
-Index: openssl-1.1.0f/ssl/ssl_ciph.c
-===================================================================
---- openssl-1.1.0f.orig/ssl/ssl_ciph.c	2017-05-25 14:46:20.000000000 +0200
-+++ openssl-1.1.0f/ssl/ssl_ciph.c	2017-09-01 11:54:09.848587297 +0200
-@@ -1461,7 +1461,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
-      */
-     ok = 1;
-     rule_p = rule_str;
--    if (strncmp(rule_str, "DEFAULT", 7) == 0) {
-+    if (strncmp(rule_str,"DEFAULT_SUSE", 12) == 0) {
-+        ok = ssl_cipher_process_rulestr(SSL_DEFAULT_SUSE_CIPHER_LIST,
-+        &head, &tail, ca_list, c);
-+        rule_p += 12;
-+        if (*rule_p == ':')
-+            rule_p++;
-+    }
-+    else if (strncmp(rule_str, "DEFAULT", 7) == 0) {
-         ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
-                                         &head, &tail, ca_list, c);
-         rule_p += 7;
-Index: openssl-1.1.0f/include/openssl/ssl.h
-===================================================================
---- openssl-1.1.0f.orig/include/openssl/ssl.h	2017-05-25 14:46:20.000000000 +0200
-+++ openssl-1.1.0f/include/openssl/ssl.h	2017-09-01 13:16:59.850407734 +0200
-@@ -195,6 +195,11 @@ extern "C" {
-  * an application-defined cipher list string starts with 'DEFAULT'.
-  */
- # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
-+# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\
-+    "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:"\
-+    "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
-+    "DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
-+    "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA"
- /*
-  * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
-  * starts with a reasonable order, and all we have to do for DEFAULT is

openssl-1.0.1e-add-test-suse-default-cipher-suite.patch

@@ -1,27 +0,0 @@
-Index: openssl-1.1.0c/test/recipes/99-test_suse_default_ciphers.t
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.1.0c/test/recipes/99-test_suse_default_ciphers.t	2016-12-19 13:59:16.662066548 +0100
-@@ -0,0 +1,22 @@
-+#! /usr/bin/env perl
-+
-+use strict;
-+use warnings;
-+
-+use OpenSSL::Test qw/:DEFAULT/;
-+use OpenSSL::Test::Utils;
-+
-+
-+setup("test_default_ciphersuites");
-+
-+plan tests => 4;
-+
-+my @cipher_suites = ("DEFAULT_SUSE", "DEFAULT");
-+
-+foreach my $cipherlist (@cipher_suites) {
-+  ok(run(app(["openssl", "ciphers", $cipherlist])),
-+     "openssl ciphers works with ciphersuite $cipherlist");
-+  ok(!grep(/(MD5|RC4|DES)/, run(app(["openssl", "ciphers", "DEFAULT_SUSE"]), capture => 1)),
-+         "$cipherlist shouldn't contain MD5, DES or RC4\n");
-+}
-+

openssl-1.1.0h.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517
-size 5422717

openssl-1.1.0h.tar.gz.asc

@@ -1,10 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEcBAABCAAGBQJaukw0AAoJENnE0m0OYESRNZoH/jP9DGnLUsEr58XUE1w+q+P/
-JXF/yaBr1LUx9e599zlVNkLyNsqIN0mVfMDgdnjefIwrEGBVBh9YdeNeeZ9Lnhc4
-PQCN4vzjUcNv7Jo2DSPmuVoUikntIYM4thrBQuVt031h1+1NQmDpcmU8SESFpM5H
-A7N6+p/i/ow5g2G/uqc+Wqy/Jdgwtkq+UPHvxajE7pVLhtY+ue5gU3f6Jb8odTdV
-VT1QNzaStN40WiUIHtrykB3F8eg5BvwkmLUqbruy9IEEtYoJvxALVLD1B7t047Tf
-Ti1AQ4Ld+NNxbhZeeYMeXTAog3w3DudsSQoOmIN2TiAR6WK44XlS/lu9lK/mFpo=
-=SK44
------END PGP SIGNATURE-----

openssl-1.1.1b.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b
+size 8213737

openssl-1.1.1b.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlx1SgkACgkQ2cTSbQ5g
+RJHsWwf7BqLAjJhHHU5aBqHCZgvn24wwGjiOsGjo0uNkjigM/1aZafB10CVhhTDA
+kHrZddEd6ZmC7b71WIn/2rVGNycHkSxzcpnLMZ0n6Y7/aqg/5ZeGj3sHPqBjIUWv
+A/uzRnaAxOXQC8bw1RgNKcQr/bP0ZTqWI5uaQR87fQ7Bh1TbKwc+ClvMZ679kx9S
+MHrcxjGmtlbxdkvMuKQMLqGNeaJAPgTAWNLTovawyq4HsFrM52etpAvqqb9MhHoR
+J7zi+PLY+9MUMuwEDVjnK6fCawMLr459c/VPzVcN0v6B5iAZQMVfuFu1INYAqxMC
+8tRz6DYabN1mpTCVTs6OV7IAzNYbjg==
+=B/je
+-----END PGP SIGNATURE-----

openssl-1_1.changes

@@ -1,3 +1,211 @@
+-------------------------------------------------------------------
+Mon Mar  4 13:01:18 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Drop bc and ed BuildRequires: I could not find any reference to
+  these tools being used during build or check.
+
+-------------------------------------------------------------------
+Fri Mar  1 13:28:03 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
+
+- Use upstream-approved patch for the handling of strerror_r
+  * https://github.com/openssl/openssl/pull/8371
+- add openssl-fix-handling-of-GNU-strerror_r.patch
+- drop strerror.patch
+
+-------------------------------------------------------------------
+Thu Feb 28 13:37:55 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- Update to 1.1.1b
+  * Added SCA hardening for modular field inversion in EC_GROUP
+    through a new dedicated field_inv() pointer in EC_METHOD.
+  * Change the info callback signals for the start and end of a post-handshake
+    message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START
+    and SSL_CB_HANDSHAKE_DONE. Experience has shown that many applications get
+    confused by this and assume that a TLSv1.2 renegotiation has started. This
+    can break KeyUpdate handling. Instead we no longer signal the start and end
+    of a post handshake message exchange (although the messages themselves are
+    still signalled). This could break some applications that were expecting
+    the old signals. However without this KeyUpdate is not usable for many
+    applications.
+  * Fix a bug in the computation of the endpoint-pair shared secret used
+    by DTLS over SCTP. This breaks interoperability with older versions
+    of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime
+    switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling
+    interoperability with such broken implementations. However, enabling
+    this switch breaks interoperability with correct implementations.
+  * Fix a use after free bug in d2i_X509_PUBKEY when overwriting a
+    re-used X509_PUBKEY object if the second PUBKEY is malformed.
+  * Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0()
+
+-------------------------------------------------------------------
+Thu Feb 28 12:10:33 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
+
+- Add strerror.patch to avoid problems with strerror_r() not setting
+  the provided buf
+
+-------------------------------------------------------------------
+Mon Feb 11 14:39:12 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
+
+- Add s390x poly1305 vectorized implementation (fate#326351)
+  * https://github.com/openssl/openssl/pull/7991
+- add 0001-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch
+
+-------------------------------------------------------------------
+Thu Jan 10 15:20:07 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
+
+- Add s390x chacha20 vectorized implementation (fate#326561)
+  * https://github.com/openssl/openssl/pull/6919
+- added patches:
+  0001-s390x-assembly-pack-perlasm-support.patch
+  0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch
+
+-------------------------------------------------------------------
+Tue Nov 20 14:31:28 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
+
+- Update to 1.1.1a
+  * Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
+    the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
+    are retained for backwards compatibility.
+  * Fixed the issue that RAND_add()/RAND_seed() silently discards random input
+    if its length exceeds 4096 bytes. The limit has been raised to a buffer size
+    of two gigabytes and the error handling improved.
+- drop upstream patches:
+  * 0001-Add-a-constant-time-flag-to-one-of-the-bignums-to-av.patch
+  * 0001-DSA-Check-for-sanity-of-input-parameters.patch
+  * 0001-DSA-mod-inverse-fix.patch
+  * openssl-CVE-2018-0734.patch
+  * openssl-CVE-2018-0735.patch
+
+-------------------------------------------------------------------
+Mon Nov  5 12:53:54 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
+
+- OpenSSL Security Advisory [30 October 2018]
+  * Timing vulnerability in ECDSA signature generation
+    (bsc#1113651, CVE-2018-0735)
+  * Timing vulnerability in DSA signature generation
+    (bsc#1113652, CVE-2018-0734)
+  * And more timing fixes
+- Add patches:
+  * openssl-CVE-2018-0734.patch
+  * openssl-CVE-2018-0735.patch
+  * 0001-DSA-mod-inverse-fix.patch
+  * 0001-Add-a-constant-time-flag-to-one-of-the-bignums-to-av.patch
+
+-------------------------------------------------------------------
+Mon Nov  5 11:00:54 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
+
+- Fix infinite loop in DSA generation with incorrect parameters
+  (bsc#1112209)
+  * 0001-DSA-Check-for-sanity-of-input-parameters.patch
+
+-------------------------------------------------------------------
+Thu Oct 25 13:32:33 UTC 2018 - Cristian Rodríguez <crrodriguez@opensuse.org>
+
+- Explictly select "getrandom" system call as the seed source,
+  it is the safer/best performing choice on linux.
+- do not force -std=gnu99, pick the compiler default.
+
+-------------------------------------------------------------------
+Tue Sep 11 13:49:06 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
+
+- Update to 1.1.1 release
+  * This is the first official release of the OpenSSL 1.1.1 branch
+    which brings TLS 1.3 support
+- remove all TLS 1.3 ciphers from the DEFAULT_SUSE cipher list as they
+  are configured differently
+  * modified openssl-DEFAULT_SUSE_cipher.patch
+- drop obsolete openssl-pretend_we_are_not_beta.patch
+
+-------------------------------------------------------------------
+Thu Aug 23 13:21:00 UTC 2018 - vcizek@suse.com
+
+- Update to 1.1.1-pre9 (Beta 7)
+  * Support for TLSv1.3 added
+  * Move the display of configuration data to configdata.pm.
+  * Allow GNU style "make variables" to be used with Configure.
+  * Add a STORE module (OSSL_STORE)
+  * Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes
+  * Add multi-prime RSA (RFC 8017) support
+  * Add SM3 implemented according to GB/T 32905-2016
+  * Add SM4 implemented according to GB/T 32907-2016.
+  * Add 'Maximum Fragment Length' TLS extension negotiation and support
+  * Add ARIA support
+  * Add SHA3
+  * Rewrite of devcrypto engine
+  * Add support for SipHash
+  * Grand redesign of the OpenSSL random generator
+- pretend the release is not a Beta, to avoid "OpenSSL version mismatch"
+  with OpenSSH
+  * add openssl-pretend_we_are_not_beta.patch
+- drop FIPS support
+  * don't build with FIPS mode (not supported in 1.1.1)
+  * don't create the -hmac subpackages
+  - drop FIPS patches
+    * openssl-fips-clearerror.patch
+    * openssl-fips-dont-fall-back-to-default-digest.patch
+    * openssl-fips-dont_run_FIPS_module_installed.patch
+    * openssl-fips-fix-odd-rsakeybits.patch
+    * openssl-fips-rsagen-d-bits.patch
+    * openssl-fips-selftests_in_nonfips_mode.patch
+    * openssl-fips_disallow_ENGINE_loading.patch
+    * openssl-rsakeygen-minimum-distance.patch
+    * openssl-1.1.0-fips.patch
+    * openssl-urandom-reseeding.patch
+    * openssl-CVE-2018-0737-fips.patch
+- add TLS 1.3 ciphers to DEFAULT_SUSE
+- merge openssl-1.0.1e-add-suse-default-cipher.patch and
+  openssl-1.0.1e-add-test-suse-default-cipher-suite.patch to
+  openssl-DEFAULT_SUSE_cipher.patch
+- drop patches:
+  * openssl-static-deps.patch (upstream)
+  * 0001-Resume-reading-from-randfile-when-interrupted-by-a-s.patch
+  * openssl-disable_rsa_keygen_tests_with_small_modulus.patch
+  * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
+- drop s390x patches
+  * 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch
+  * 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
+  * 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
+  * 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch
+  * 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch
+  * 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch
+  * 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch
+  * 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch
+  * 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
+  * 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch
+  * 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
+
+-------------------------------------------------------------------
+Tue Aug 14 14:02:22 UTC 2018 - vcizek@suse.com
+
+- Update to 1.1.0i
+  OpenSSL Security Advisory [12 June 2018]
+  * Reject excessively large primes in DH key generation
+    (bsc#1097158, CVE-2018-0732)
+  * Make EVP_PKEY_asn1_new() a bit stricter about its input
+  * Revert blinding in ECDSA sign and instead make problematic addition
+    length-invariant. Switch even to fixed-length Montgomery multiplication.
+  * Change generating and checking of primes so that the error rate of not
+    being prime depends on the intended use based on the size of the input.
+  * Increase the number of Miller-Rabin rounds for DSA key generating to 64.
+  * Add blinding to ECDSA and DSA signatures to protect against side channel
+    attacks
+  * When unlocking a pass phrase protected PEM file or PKCS#8 container, we
+    now allow empty (zero character) pass phrases.
+  * Certificate time validation (X509_cmp_time) enforces stricter
+    compliance with RFC 5280. Fractional seconds and timezone offsets
+    are no longer allowed.
+  * Fixed a text canonicalisation bug in CMS
+- drop patches (upstream):
+  * 0001-Limit-scope-of-CN-name-constraints.patch
+  * 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
+  * 0001-Tolerate-a-Certificate-using-a-non-supported-group-o.patch
+  * 0002-Skip-CN-DNS-name-constraint-checks-when-not-needed.patch
+- refresh patches:
+  * openssl-1.1.0-fips.patch
+  * openssl-disable_rsa_keygen_tests_with_small_modulus.patch
+- rename openssl-CVE-2018-0737.patch to openssl-CVE-2018-0737-fips.patch
+  as it now only includes changes to the fips code
+
 -------------------------------------------------------------------
 Thu Aug  2 10:41:20 UTC 2018 - vcizek@suse.com
 

openssl-1_1.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package openssl-1_1
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -20,72 +20,37 @@
 %define maj_min 1.1
 %define _rname  openssl
 Name:           openssl-1_1
-Version:        1.1.0h
+# Don't forget to update the version in the "openssl" package!
+Version:        1.1.1b
 Release:        0
 Summary:        Secure Sockets and Transport Layer Security
 License:        OpenSSL
 Group:          Productivity/Networking/Security
-Url:            https://www.openssl.org/
+URL:            https://www.openssl.org/
 Source:         https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz
 # to get mtime of file:
 Source1:        %{name}.changes
 Source2:        baselibs.conf
-Source42:       https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz.asc
+Source3:        https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz.asc
 # https://www.openssl.org/about/
 # http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/openssl.keyring
-Source43:       %{_rname}.keyring
+Source4:        %{_rname}.keyring
-Source99:       showciphers.c
+Source5:        showciphers.c
-# https://github.com/openssl/openssl/pull/2045
-Patch0:         0001-Resume-reading-from-randfile-when-interrupted-by-a-s.patch
-# PATCH-FIX-OPENSUSE: upstream won't use glibc
-Patch1:         0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
 # PATCH-FIX-OPENSUSE: do not install html mans it takes ages
-Patch2:         openssl-1.1.0-no-html.patch
+Patch1:         openssl-1.1.0-no-html.patch
-# PATCH-FIX-UPSTREAM: patch to allow deps and linking to static libs
+Patch2:         openssl-truststore.patch
-#                     needed for fips and taken from upstream
+Patch3:         openssl-pkgconfig.patch
-Patch3:         openssl-static-deps.patch
+Patch4:         openssl-DEFAULT_SUSE_cipher.patch
-Patch4:         openssl-truststore.patch
+Patch5:         openssl-ppc64-config.patch
-Patch5:         openssl-pkgconfig.patch
+Patch6:         openssl-no-date.patch
-Patch6:         openssl-1.0.1e-add-suse-default-cipher.patch
+# PATCH-FIX-UPSTREAM https://github.com/openssl/openssl/pull/6919 fate#326561
-Patch7:         openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
+Patch7:         0001-s390x-assembly-pack-perlasm-support.patch
-Patch8:         openssl-ppc64-config.patch
+Patch8:         0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch
-Patch9:         openssl-no-date.patch
+# PATCH-FIX-UPSTREAM FATE#326351 Add vectorized poly1305 implementation for s390x (https://github.com/openssl/openssl/pull/7991)
-# FIPS patches:
+Patch9:         0001-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch
-Patch51:        openssl-1.1.0-fips.patch
+# PATCH-FIX-UPSTREAM https://github.com/openssl/openssl/pull/8371
-Patch52:        openssl-fips-dont_run_FIPS_module_installed.patch
+Patch10:        openssl-fix-handling-of-GNU-strerror_r.patch
-Patch53:        openssl-fips_disallow_ENGINE_loading.patch
-Patch54:        openssl-rsakeygen-minimum-distance.patch
-Patch55:        openssl-urandom-reseeding.patch
-Patch56:        openssl-fips-rsagen-d-bits.patch
-Patch57:        openssl-fips-selftests_in_nonfips_mode.patch
-Patch58:        openssl-fips-fix-odd-rsakeybits.patch
-Patch59:        openssl-fips-clearerror.patch
-Patch60:        openssl-fips-dont-fall-back-to-default-digest.patch
-Patch61:        openssl-disable_rsa_keygen_tests_with_small_modulus.patch
-# FATE#321518 Add support for s390x CPACF enhancements (https://fate.suse.com/321518)
-Patch62:        0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch
-Patch63:        0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
-Patch64:        0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
-Patch65:        0006-s390x-assembly-pack-extended-s390x-capability-vector.patch
-Patch66:        0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch
-Patch67:        0008-s390x-assembly-pack-extended-s390x-capability-vector.patch
-Patch68:        0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch
-Patch69:        0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch
-Patch70:        0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
-Patch71:        0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch
-Patch72:        0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
-# PATCH-FIX-UPSTREAM (boo#1084651)
-Patch73:        0001-Tolerate-a-Certificate-using-a-non-supported-group-o.patch
-# PATCH-FIX-UPSTREAM (boo#1091961)
-Patch74:        0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
-Patch75:        openssl-CVE-2018-0737.patch
-# PATCH-FIX-UPSTREAM (bsc#1084011)
-Patch76:        0001-Limit-scope-of-CN-name-constraints.patch
-Patch77:        0002-Skip-CN-DNS-name-constraint-checks-when-not-needed.patch
-BuildRequires:  bc
-BuildRequires:  ed
 BuildRequires:  pkgconfig
-BuildRequires:  pkgconfig(zlib)
 Conflicts:      ssl
 Provides:       ssl
 Provides:       openssl(cli)
@@ -102,7 +67,6 @@ OpenSSL contains an implementation of the SSL and TLS protocols.
 
 %package -n libopenssl1_1
 Summary:        Secure Sockets and Transport Layer Security
-License:        OpenSSL
 Group:          Productivity/Networking/Security
 Recommends:     ca-certificates-mozilla
 # install libopenssl and libopenssl-hmac close together (bsc#1090765)
@@ -118,11 +82,9 @@ OpenSSL contains an implementation of the SSL and TLS protocols.
 
 %package -n libopenssl-1_1-devel
 Summary:        Development files for OpenSSL
-License:        OpenSSL
 Group:          Development/Libraries/C and C++
-Recommends:     %{name} = %{version}
 Requires:       libopenssl1_1 = %{version}
-Requires:       pkgconfig(zlib)
+Recommends:     %{name} = %{version}
 # we need to have around only the exact version we are able to operate with
 Conflicts:      libopenssl-devel < %{version}
 Conflicts:      libopenssl-devel > %{version}
@@ -135,21 +97,8 @@ Obsoletes:      libopenssl-1_1_0-devel
 This subpackage contains header files for developing applications
 that want to make use of the OpenSSL C API.
 
-%package -n libopenssl1_1-hmac
-Summary:        HMAC files for FIPS-140-2 integrity checking of the openssl shared libraries
-License:        BSD-3-Clause
-Group:          Productivity/Networking/Security
-Requires:       libopenssl1_1 = %{version}-%{release}
-# Needed for clean upgrade from former openssl-1_1_0, boo#1081335
-Obsoletes:      libopenssl1_1_0-hmac
-
-%description -n libopenssl1_1-hmac
-The FIPS compliant operation of the openssl shared libraries is NOT
-possible without the HMAC hashes contained in this package!
-
 %package doc
 Summary:        Additional Package Documentation
-License:        OpenSSL
 Group:          Productivity/Networking/Security
 Conflicts:      openssl-doc
 Provides:       openssl-doc = %{version}
@@ -173,20 +122,17 @@ export MACHINE=armv6l
 %endif
 
 ./config \
-    no-rc5 no-idea \
+    no-idea \
-    fips \
-    no-ssl3 \
     enable-rfc3779 \
 %ifarch x86_64 aarch64 ppc64le
     enable-ec_nistp_64_gcc_128 \
 %endif
     enable-camellia \
-    zlib \
     no-ec2m \
     --prefix=%{_prefix} \
     --libdir=%{_lib} \
     --openssldir=%{ssletcdir} \
-    %{optflags} -std=gnu99 \
+    %{optflags} \
     -Wa,--noexecstack \
     -Wl,-z,relro,-z,now \
     -fno-common \
@@ -195,7 +141,11 @@ export MACHINE=armv6l
     -D_GNU_SOURCE \
     -DOPENSSL_NO_BUF_FREELISTS \
     $(getconf LFS_CFLAGS) \
-    -Wall
+    -Wall \
+    --with-rand-seed=getrandom
+
+# Show build configuration
+perl configdata.pm --dump
 
 util/mkdef.pl crypto update
 make depend %{?_smp_mflags}
@@ -206,7 +156,7 @@ export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
 LD_LIBRARY_PATH=`pwd` make test -j1
 # show cyphers
-gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE99} -L%{buildroot}%{_libdir} -lssl -lcrypto
+gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE5} -L%{buildroot}%{_libdir} -lssl -lcrypto
 LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers
 
 %install
@@ -251,30 +201,7 @@ set -x
 find demos -type f -perm /111 -exec chmod 644 {} \;
 
 # Place showciphers.c for %doc macro
-cp %{SOURCE99} .
+cp %{SOURCE5} .
-
-# the hmac hashes:
-#
-# this is a hack that re-defines the __os_install_post macro
-# for a simple reason: the macro strips the binaries and thereby
-# invalidates a HMAC that may have been created earlier.
-# solution: create the hashes _after_ the macro runs.
-#
-# this shows up earlier because otherwise the %expand of
-# the macro is too late.
-# remark: This is the same as running
-#   openssl dgst -sha256 -hmac 'ppaksykemnsecgtsttplmamstKMEs'
-%{expand:%%global __os_install_post {%__os_install_post
-
-%{buildroot}%{_bindir}/fips_standalone_hmac \
-  %{buildroot}%{_libdir}/libssl.so.%{maj_min} > \
-    %{buildroot}%{_libdir}/.libssl.so.%{maj_min}.hmac
-
-%{buildroot}%{_bindir}/fips_standalone_hmac \
-  %{buildroot}%{_libdir}/libcrypto.so.%{maj_min} > \
-    %{buildroot}%{_libdir}/.libcrypto.so.%{maj_min}.hmac
-
-}}
 
 %post -n libopenssl1_1 -p /sbin/ldconfig
 %postun -n libopenssl1_1 -p /sbin/ldconfig
@@ -285,10 +212,6 @@ cp %{SOURCE99} .
 %{_libdir}/libcrypto.so.%{maj_min}
 %{_libdir}/engines-%{maj_min}
 
-%files -n libopenssl1_1-hmac
-%{_libdir}/.libssl.so.%{maj_min}.hmac
-%{_libdir}/.libcrypto.so.%{maj_min}.hmac
-
 %files -n libopenssl-1_1-devel
 %{_includedir}/%{_rname}/
 %{_includedir}/ssl
@@ -307,10 +230,12 @@ cp %{SOURCE99} .
 %dir %{ssletcdir}
 %config (noreplace) %{ssletcdir}/openssl.cnf
 %attr(700,root,root) %{ssletcdir}/private
+%{ssletcdir}/ct_log_list.cnf
+%{ssletcdir}/ct_log_list.cnf.dist
+
 %dir %{_datadir}/ssl
 %{_datadir}/ssl/misc
 %{_bindir}/c_rehash
-%{_bindir}/fips_standalone_hmac
 %{_bindir}/%{_rname}
 
 %changelog

openssl-CVE-2018-0737.patch

@@ -1,112 +0,0 @@
-The CVE-2018-0737 fix consists of commits:
-9db724cfede4ba7a3668bff533973ee70145ec07
-011f82e66f4bf131c733fd41a8390039859aafb2
-7150a4720af7913cae16f2e4eaf768b578c0b298
-(the three above are included in 1.1.0h)
-6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
-and additional changes to our fips_rsa_keygen()
-
-From 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 Mon Sep 17 00:00:00 2001
-From: Billy Brumley <bbrumley@gmail.com>
-Date: Wed, 11 Apr 2018 10:10:58 +0300
-Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont
- both get called with BN_FLG_CONSTTIME flag set.
-
-CVE-2018-0737
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
----
- crypto/rsa/rsa_gen.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-Index: openssl-1.1.0h/crypto/rsa/rsa_gen.c
-===================================================================
---- openssl-1.1.0h.orig/crypto/rsa/rsa_gen.c	2018-05-10 11:50:53.298706226 +0200
-+++ openssl-1.1.0h/crypto/rsa/rsa_gen.c	2018-05-10 12:55:39.394968170 +0200
-@@ -123,6 +123,7 @@ static int fips_rsa_builtin_keygen(RSA *
-     int n = 0;
-     int test = 0;
-     int pbits = bits / 2;
-+    unsigned long error = 0;
- 
-     if (FIPS_selftest_failed()) {
-         FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED);
-@@ -191,6 +192,10 @@ retry:
-     if (!BN_lshift(r3, r3, pbits - 100))
-         goto err;
- 
-+    BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
-+    BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
-+    BN_set_flags(r2, BN_FLG_CONSTTIME);
-+
-     /* generate p and q */
-     for (i = 0; i < 5 * pbits; i++) {
-  ploop:
-@@ -205,9 +210,9 @@ retry:
- 
-         if (!BN_sub(r2, rsa->p, BN_value_one()))
-             goto err;
--        if (!BN_gcd(r1, r2, rsa->e, ctx))
--            goto err;
--        if (BN_is_one(r1)) {
-+        ERR_set_mark();
-+        if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
-+            /* GCD == 1 since inverse exists */
-             int r;
-             r = BN_is_prime_fasttest_ex(rsa->p, pbits > 1024 ? 4 : 5, ctx, 0,
-                                         cb);
-@@ -217,6 +222,15 @@ retry:
-                 break;
-         }
- 
-+        error = ERR_peek_last_error();
-+        if (ERR_GET_LIB(error) == ERR_LIB_BN
-+            && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
-+            /* GCD != 1 */
-+            ERR_pop_to_mark();
-+        } else {
-+            goto err;
-+        }
-+
-         if (!BN_GENCB_call(cb, 2, n++))
-             goto err;
-     }
-@@ -248,9 +262,9 @@ retry:
- 
-         if (!BN_sub(r2, rsa->q, BN_value_one()))
-             goto err;
--        if (!BN_gcd(r1, r2, rsa->e, ctx))
--            goto err;
--        if (BN_is_one(r1)) {
-+        ERR_set_mark();
-+        if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
-+            /* GCD == 1 since inverse exists */
-             int r;
-             r = BN_is_prime_fasttest_ex(rsa->q, pbits > 1024 ? 4 : 5, ctx, 0,
-                                         cb);
-@@ -260,6 +274,15 @@ retry:
-                 break;
-         }
- 
-+        error = ERR_peek_last_error();
-+        if (ERR_GET_LIB(error) == ERR_LIB_BN
-+            && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
-+            /* GCD != 1 */
-+            ERR_pop_to_mark();
-+        } else {
-+            goto err;
-+        }
-+
-         if (!BN_GENCB_call(cb, 2, n++))
-             goto err;
-     }
-@@ -457,6 +480,8 @@ static int rsa_builtin_keygen(RSA *rsa,
-     if (BN_copy(rsa->e, e_value) == NULL)
-         goto err;
- 
-+    BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
-+    BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
-     BN_set_flags(r2, BN_FLG_CONSTTIME);
-     /* generate p and q */
-     for (;;) {

openssl-DEFAULT_SUSE_cipher.patch

@@ -0,0 +1,64 @@
+Index: openssl-1.1.1/ssl/ssl_ciph.c
+===================================================================
+--- openssl-1.1.1.orig/ssl/ssl_ciph.c	2018-09-11 14:48:23.000000000 +0200
++++ openssl-1.1.1/ssl/ssl_ciph.c	2018-09-11 16:38:40.412543331 +0200
+@@ -1567,7 +1567,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+      */
+     ok = 1;
+     rule_p = rule_str;
+-    if (strncmp(rule_str, "DEFAULT", 7) == 0) {
++    if (strncmp(rule_str,"DEFAULT_SUSE", 12) == 0) {
++        ok = ssl_cipher_process_rulestr(SSL_DEFAULT_SUSE_CIPHER_LIST,
++                                        &head, &tail, ca_list, c);
++        rule_p += 12;
++        if (*rule_p == ':')
++            rule_p++;
++    }
++    else if (strncmp(rule_str, "DEFAULT", 7) == 0) {
+         ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
+                                         &head, &tail, ca_list, c);
+         rule_p += 7;
+Index: openssl-1.1.1/include/openssl/ssl.h
+===================================================================
+--- openssl-1.1.1.orig/include/openssl/ssl.h	2018-09-11 14:48:23.000000000 +0200
++++ openssl-1.1.1/include/openssl/ssl.h	2018-09-11 16:45:20.979303981 +0200
+@@ -171,6 +171,11 @@ extern "C" {
+  * This applies to ciphersuites for TLSv1.2 and below.
+  */
+ # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
++# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\
++    "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:"\
++    "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
++    "DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
++    "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA"
+ /* This is the default set of TLSv1.3 ciphersuites */
+ # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+ #  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+Index: openssl-1.1.1/test/recipes/99-test_suse_default_ciphers.t
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.1.1/test/recipes/99-test_suse_default_ciphers.t	2018-09-11 16:38:23.292423281 +0200
+@@ -0,0 +1,23 @@
++#! /usr/bin/env perl
++
++use strict;
++use warnings;
++
++use OpenSSL::Test qw/:DEFAULT/;
++use OpenSSL::Test::Utils;
++
++setup("test_default_ciphersuites");
++
++plan tests => 6;
++
++my @cipher_suites = ("DEFAULT_SUSE", "DEFAULT");
++
++foreach my $cipherlist (@cipher_suites) {
++  ok(run(app(["openssl", "ciphers", "-s", $cipherlist])),
++     "openssl ciphers works with ciphersuite $cipherlist");
++  ok(!grep(/(MD5|RC4|DES)/, run(app(["openssl", "ciphers", "-s", $cipherlist]), capture => 1)),
++         "$cipherlist shouldn't contain MD5, DES or RC4\n");
++  ok(grep(/(TLSv1.3)/, run(app(["openssl", "ciphers", "-tls1_3", "-s", "-v", $cipherlist]), capture => 1)),
++         "$cipherlist should contain TLSv1.3 ciphers\n");
++}
++

openssl-disable_rsa_keygen_tests_with_small_modulus.patch

@@ -1,12 +0,0 @@
-Index: openssl-1.1.0f/test/recipes/15-test_genrsa.t
-===================================================================
---- openssl-1.1.0f.orig/test/recipes/15-test_genrsa.t	2017-05-25 14:46:21.000000000 +0200
-+++ openssl-1.1.0f/test/recipes/15-test_genrsa.t	2017-05-29 17:56:31.900331435 +0200
-@@ -16,6 +16,7 @@ use OpenSSL::Test::Utils;
- 
- setup("test_genrsa");
- 
-+plan skip_all => 'Minimal RSA modulus size is 200 bits';
- plan tests => 5;
- 
- is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8");

openssl-fips-clearerror.patch

@@ -1,12 +0,0 @@
-Index: openssl-1.0.2g/crypto/o_init.c
-===================================================================
---- openssl-1.0.2g.orig/crypto/o_init.c	2016-04-14 10:54:05.763929573 +0200
-+++ openssl-1.0.2g/crypto/o_init.c	2016-04-14 10:59:08.366168879 +0200
-@@ -91,6 +91,7 @@ static void init_fips_mode(void)
-         NONFIPS_selftest_check();
-         /* drop down to non-FIPS mode if it is not requested */
-         FIPS_mode_set(0);
-+        ERR_clear_error();
-     } else {
-         /* abort if selftest failed */
-         FIPS_selftest_check();

openssl-fips-dont-fall-back-to-default-digest.patch

@@ -1,15 +0,0 @@
-Index: openssl-1.1.0e/apps/dgst.c
-===================================================================
---- openssl-1.1.0e.orig/apps/dgst.c	2017-04-20 12:31:52.471544178 +0200
-+++ openssl-1.1.0e/apps/dgst.c	2017-04-20 12:38:46.669771843 +0200
-@@ -94,6 +94,10 @@ int dgst_main(int argc, char **argv)
-     prog = opt_progname(argv[0]);
-     buf = app_malloc(BUFSIZE, "I/O buffer");
-     md = EVP_get_digestbyname(prog);
-+    if (md == NULL && strcmp(prog, "dgst") != 0) {
-+        BIO_printf(bio_err, "%s is not a known digest\n", prog);
-+        goto end;
-+    }
- 
-     prog = opt_init(argc, argv, dgst_options);
-     while ((o = opt_next()) != OPT_EOF) {

openssl-fips-dont_run_FIPS_module_installed.patch

@@ -1,16 +0,0 @@
-Index: openssl-1.0.2h/crypto/o_init.c
-===================================================================
---- openssl-1.0.2h.orig/crypto/o_init.c	2016-06-01 15:26:25.026937000 +0200
-+++ openssl-1.0.2h/crypto/o_init.c	2016-06-01 16:23:24.980858697 +0200
-@@ -111,9 +111,9 @@ void __attribute__ ((constructor)) OPENS
-         return;
-     done = 1;
- #ifdef OPENSSL_FIPS
--    if (!FIPS_module_installed()) {
-+    /*if (!FIPS_module_installed()) {
-         return;
--    }
-+    }*/
-     RAND_init_fips();
-     init_fips_mode();
-     if (!FIPS_mode()) {

openssl-fips-fix-odd-rsakeybits.patch

@@ -1,14 +0,0 @@
-Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c
-===================================================================
---- openssl-1.0.2g.orig/crypto/rsa/rsa_gen.c	2016-04-14 10:52:34.187646539 +0200
-+++ openssl-1.0.2g/crypto/rsa/rsa_gen.c	2016-04-14 10:53:39.335559301 +0200
-@@ -465,7 +465,8 @@ static int rsa_builtin_keygen(RSA *rsa,
-         goto err;
- 
-     bitsp = (bits + 1) / 2;
--    bitsq = bits - bitsp;
-+    /* Use the same number of bits for p and q, our checks assume it. */
-+    bitsq = bitsp;
- 
-     /* prepare a maximum for p and q */
-     /* 0xB504F334 is (sqrt(2)/2)*2^32 */

openssl-fips-rsagen-d-bits.patch

@@ -1,39 +0,0 @@
-Index: openssl-1.1.0c/crypto/rsa/rsa_gen.c
-===================================================================
---- openssl-1.1.0c.orig/crypto/rsa/rsa_gen.c	2016-12-08 17:55:15.968669184 +0100
-+++ openssl-1.1.0c/crypto/rsa/rsa_gen.c	2016-12-08 17:55:15.976669308 +0100
-@@ -173,6 +173,12 @@ static int fips_rsa_builtin_keygen(RSA *
-         goto err;
-     }
- 
-+    BN_copy(rsa->e, e_value);
-+
-+    if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
-+        test = 1;
-+
-+retry:
-     /* prepare approximate minimum p and q */
-     if (!BN_set_word(r0, 0xB504F334))
-         goto err;
-@@ -185,12 +191,6 @@ static int fips_rsa_builtin_keygen(RSA *
-     if (!BN_lshift(r3, r3, pbits - 100))
-         goto err;
- 
--    BN_copy(rsa->e, e_value);
--
--    if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
--        test = 1;
--
-- retry:
-     /* generate p and q */
-     for (i = 0; i < 5 * pbits; i++) {
-  ploop:
-@@ -323,6 +323,8 @@ static int fips_rsa_builtin_keygen(RSA *
-         BN_free(pr0);
-     }
- 
-+    /* test 2^(bits/2) < d < LCM((p-1)*(q-1)) */
-+    /* the LCM part is covered due to the generation by modulo above */
-     if (BN_num_bits(rsa->d) < pbits)
-         goto retry;             /* d is too small */
- 

openssl-fips-selftests_in_nonfips_mode.patch

@@ -1,74 +0,0 @@
-Index: openssl-1.1.0c/crypto/fips/fips.c
-===================================================================
---- openssl-1.1.0c.orig/crypto/fips/fips.c	2016-12-09 11:34:28.778291575 +0100
-+++ openssl-1.1.0c/crypto/fips/fips.c	2016-12-09 11:37:18.192847119 +0100
-@@ -472,6 +472,44 @@ int FIPS_module_mode_set(int onoff)
-     return ret;
- }
- 
-+/* In non-FIPS mode, the selftests must succeed if the
-+ * checksum files are present
-+ */
-+void NONFIPS_selftest_check(void)
-+{
-+        int rv;
-+	char *hmacpath;
-+        char path[PATH_MAX+1];
-+
-+        if (fips_selftest_fail)
-+	     {
-+                /* check if the checksum files are installed */
-+                rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER, "FIPS_mode_set", path, sizeof(path));
-+                if (rv < 0)
-+                        OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
-+
-+                hmacpath = make_hmac_path(path);
-+	        if (hmacpath == NULL)
-+                        OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
-+
-+                if (access(hmacpath, F_OK))
-+                    {
-+                        /* no hmac file is present, ignore the failed selftests */
-+                        if (errno == ENOENT)
-+                            {
-+                                free(hmacpath);
-+                                return;
-+                            }
-+                        /* we fail on any other error */
-+                    }
-+                /* if the file exists, but the selftests failed
-+                   (eg wrong checksum), we fail too */
-+                free(hmacpath);
-+                OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
-+	     }
-+        /* otherwise ok, selftests were successful */
-+}
-+
- static CRYPTO_THREAD_ID fips_threadid;
- static int fips_thread_set = 0;
- 
-Index: openssl-1.1.0c/crypto/o_init.c
-===================================================================
---- openssl-1.1.0c.orig/crypto/o_init.c	2016-12-09 11:34:28.726290785 +0100
-+++ openssl-1.1.0c/crypto/o_init.c	2016-12-09 11:34:28.778291575 +0100
-@@ -44,6 +44,8 @@ static void init_fips_mode(void)
-      */
- 
-     if (buf[0] != '1') {
-+        /* abort if selftest failed and the module is complete */
-+        NONFIPS_selftest_check();
-         /* drop down to non-FIPS mode if it is not requested */
-         FIPS_mode_set(0);
-     } else {
-Index: openssl-1.1.0c/include/openssl/fips.h
-===================================================================
---- openssl-1.1.0c.orig/include/openssl/fips.h	2016-12-09 11:34:28.654289692 +0100
-+++ openssl-1.1.0c/include/openssl/fips.h	2016-12-09 11:38:18.553750517 +0100
-@@ -65,6 +65,7 @@ extern "C" {
-     int FIPS_selftest(void);
-     int FIPS_selftest_failed(void);
-     int FIPS_selftest_drbg_all(void);
-+    void NONFIPS_selftest_check(void);
- 
-     int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
-                                const EVP_MD *evpmd, const unsigned char *seed_in,

openssl-fips_disallow_ENGINE_loading.patch

@@ -1,14 +0,0 @@
-Index: openssl-1.1.0c/crypto/init.c
-===================================================================
---- openssl-1.1.0c.orig/crypto/init.c	2016-12-08 17:36:03.170689184 +0100
-+++ openssl-1.1.0c/crypto/init.c	2016-12-08 17:36:14.938873308 +0100
-@@ -564,6 +564,9 @@ int OPENSSL_init_crypto(uint64_t opts, c
-             && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
-         return 0;
- # endif
-+# ifdef OPENSSL_FIPS
-+    if (!FIPS_mode())
-+# endif
-     if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
-             && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
-         return 0;

openssl-fix-handling-of-GNU-strerror_r.patch

@@ -0,0 +1,50 @@
+diff --git a/crypto/o_str.c b/crypto/o_str.c
+index 02578dbf0d..3b271e745b 100644
+--- a/crypto/o_str.c
++++ b/crypto/o_str.c
+@@ -223,7 +223,26 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+ #if defined(_MSC_VER) && _MSC_VER>=1400
+     return !strerror_s(buf, buflen, errnum);
+ #elif defined(_GNU_SOURCE)
+-    return strerror_r(errnum, buf, buflen) != NULL;
++    char *err;
++
++    /*
++     * GNU strerror_r may not actually set buf.
++     * It can return a pointer to some (immutable) static string in which case
++     * buf is left unused.
++     */
++    err = strerror_r(errnum, buf, buflen);
++    if (err == NULL)
++        return 0;
++    /*
++     * If err is statically allocated, err != buf and we need to copy the data.
++     * If err points somewhere inside buf, OPENSSL_strlcpy can handle this,
++     * since src and dest are not annotated with __restrict and the function
++     * reads src byte for byte and writes to dest.
++     * If err == buf we do not have to copy anything.
++     */
++    if (err != buf)
++        OPENSSL_strlcpy(buf, err, buflen);
++    return 1;
+ #elif (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) || \
+       (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600)
+     /*
+@@ -234,6 +253,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+     return !strerror_r(errnum, buf, buflen);
+ #else
+     char *err;
++
+     /* Fall back to non-thread safe strerror()...its all we can do */
+     if (buflen < 2)
+         return 0;
+@@ -241,8 +261,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+     /* Can this ever happen? */
+     if (err == NULL)
+         return 0;
+-    strncpy(buf, err, buflen - 1);
+-    buf[buflen - 1] = '\0';
++    OPENSSL_strlcpy(buf, err, buflen);
+     return 1;
+ #endif
+ }

openssl-no-date.patch

@@ -1,11 +1,13 @@
-Index: openssl-1.1.0f/util/mkbuildinf.pl
+Index: openssl-1.1.1-pre1/util/mkbuildinf.pl
 ===================================================================
---- openssl-1.1.0f.orig/util/mkbuildinf.pl
+--- openssl-1.1.1-pre1.orig/util/mkbuildinf.pl	2018-02-13 16:31:28.011389734 +0100
-+++ openssl-1.1.0f/util/mkbuildinf.pl
++++ openssl-1.1.1-pre1/util/mkbuildinf.pl	2018-02-13 16:31:51.539764582 +0100
-@@ -37,5 +37,5 @@ print <<"END_OUTPUT";
+@@ -28,7 +28,7 @@ print <<"END_OUTPUT";
- '\\0'
+  */
- };
+ 
  #define PLATFORM "platform: $platform"
 -#define DATE "built on: $date"
 +#define DATE ""
- END_OUTPUT
+ 
+ /*
+  * Generate compiler_flags as an array of individual characters. This is a

openssl-pkgconfig.patch

@@ -1,17 +1,17 @@
-Index: openssl-1.1.0h/Configurations/unix-Makefile.tmpl
+Index: openssl-1.1.1-pre3/Configurations/unix-Makefile.tmpl
 ===================================================================
---- openssl-1.1.0h.orig/Configurations/unix-Makefile.tmpl	2018-03-27 16:32:18.922799218 +0200
+--- openssl-1.1.1-pre3.orig/Configurations/unix-Makefile.tmpl	2018-03-20 15:20:03.037124698 +0100
-+++ openssl-1.1.0h/Configurations/unix-Makefile.tmpl	2018-03-27 16:33:19.307764137 +0200
++++ openssl-1.1.1-pre3/Configurations/unix-Makefile.tmpl	2018-03-20 15:21:04.206084731 +0100
-@@ -710,7 +710,7 @@ libcrypto.pc:
+@@ -843,7 +843,7 @@ libcrypto.pc:
  	    echo 'Version: '$(VERSION); \
  	    echo 'Libs: -L$${libdir} -lcrypto'; \
- 	    echo 'Libs.private: $(EX_LIBS)'; \
+ 	    echo 'Libs.private: $(LIB_EX_LIBS)'; \
 -	    echo 'Cflags: -I$${includedir}' ) > libcrypto.pc
 +	    echo 'Cflags: -DOPENSSL_LOAD_CONF -I$${includedir}' ) > libcrypto.pc
  
  libssl.pc:
  	@ ( echo 'prefix=$(INSTALLTOP)'; \
-@@ -723,7 +723,7 @@ libssl.pc:
+@@ -860,7 +860,7 @@ libssl.pc:
  	    echo 'Version: '$(VERSION); \
  	    echo 'Requires.private: libcrypto'; \
  	    echo 'Libs: -L$${libdir} -lssl'; \

openssl-ppc64-config.patch

@@ -1,12 +1,17 @@
-Index: openssl-1.1.0e/config
+Index: openssl-1.1.1-pre3/config
 ===================================================================
---- openssl-1.1.0e.orig/config
+--- openssl-1.1.1-pre3.orig/config	2018-03-20 15:24:38.037441210 +0100
-+++ openssl-1.1.0e/config
++++ openssl-1.1.1-pre3/config	2018-03-20 15:26:20.163043492 +0100
-@@ -550,7 +550,7 @@ case "$GUESSOS" in
+@@ -552,12 +552,7 @@ case "$GUESSOS" in
  	    OUT="linux-ppc64"
  	else
  	    OUT="linux-ppc"
--	    (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32"
+-	    if (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null); then
+-		:;
+-	    else
+-		__CNF_CFLAGS="$__CNF_CFLAGS -m32"
+-		__CNF_CXXFLAGS="$__CNF_CXXFLAGS -m32"
+-	    fi
 +	    (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || OUT="linux-ppc64"
  	fi
  	;;

openssl-rsakeygen-minimum-distance.patch

@@ -1,47 +0,0 @@
-Index: openssl-1.1.0h/crypto/rsa/rsa_gen.c
-===================================================================
---- openssl-1.1.0h.orig/crypto/rsa/rsa_gen.c	2018-03-27 16:34:44.709128590 +0200
-+++ openssl-1.1.0h/crypto/rsa/rsa_gen.c	2018-03-27 16:34:44.753129312 +0200
-@@ -420,6 +420,19 @@ static int rsa_builtin_keygen(RSA *rsa,
-     bitsp = (bits + 1) / 2;
-     bitsq = bits - bitsp;
- 
-+    /* prepare a maximum for p and q */
-+    /* 0xB504F334 is (sqrt(2)/2)*2^32 */
-+    if (!BN_set_word(r0, 0xB504F334))
-+        goto err;
-+    if (!BN_lshift(r0, r0, bitsp - 32))
-+        goto err;
-+
-+    /* prepare minimum p and q difference */
-+    if (!BN_one(r3))
-+        goto err;
-+    if (!BN_lshift(r3, r3, bitsp - 100))
-+        goto err;
-+
-     /* We need the RSA components non-NULL */
-     if (!rsa->n && ((rsa->n = BN_new()) == NULL))
-         goto err;
-@@ -446,6 +459,8 @@ static int rsa_builtin_keygen(RSA *rsa,
-     for (;;) {
-         if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
-             goto err;
-+        if (BN_cmp(rsa->p, r0) < 0)
-+            continue;
-         if (!BN_sub(r2, rsa->p, BN_value_one()))
-             goto err;
-         ERR_set_mark();
-@@ -471,6 +486,13 @@ static int rsa_builtin_keygen(RSA *rsa,
-             if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
-                 goto err;
-         } while (BN_cmp(rsa->p, rsa->q) == 0);
-+        if (BN_cmp(rsa->q, r0) < 0)
-+            continue;
-+        /* check for minimum distance between p and q, 2^(bitsp-100) */
-+        if (!BN_sub(r2, rsa->q, rsa->p))
-+            goto err;
-+        if (BN_ucmp(r2, r3) <= 0)
-+            continue;
-         if (!BN_sub(r2, rsa->q, BN_value_one()))
-             goto err;
-         ERR_set_mark();

openssl-static-deps.patch

@@ -1,195 +0,0 @@
-From 186a31e510d1326063cfeca17e58fadec236ad2a Mon Sep 17 00:00:00 2001
-From: Richard Levitte <levitte@openssl.org>
-Date: Wed, 9 Nov 2016 20:01:51 +0100
-Subject: [PATCH] Building: make it possible to force linking with static
- OpenSSL libs
-
-Very simply, support having the .a extension to denote depending on
-static libraries.  Note that this is not supported on native Windows
-when building shared libraries, as there is not static library then,
-just an import library with the same name.
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/1889)
----
- Configurations/common.tmpl           | 14 +++++++++++---
- Configurations/descrip.mms.tmpl      | 23 ++++++++++++++---------
- Configurations/unix-Makefile.tmpl    | 19 ++++++++++++-------
- Configurations/windows-makefile.tmpl |  4 +++-
- Configure                            |  7 +++++++
- 5 files changed, 47 insertions(+), 20 deletions(-)
-
-Index: openssl-1.1.0h/Configurations/common.tmpl
-===================================================================
---- openssl-1.1.0h.orig/Configurations/common.tmpl	2018-03-27 15:50:37.000000000 +0200
-+++ openssl-1.1.0h/Configurations/common.tmpl	2018-03-27 16:31:37.126131133 +0200
-@@ -9,15 +9,22 @@
-  # there are no duplicate dependencies and that they are in the
-  # right order.  This is especially used to sort the list of
-  # libraries that a build depends on.
-+ sub extensionlesslib {
-+     my @result = map { $_ =~ /(\.a)?$/; $` } @_;
-+     return @result if wantarray;
-+     return $result[0];
-+ }
-  sub resolvedepends {
-      my $thing = shift;
-+     my $extensionlessthing = extensionlesslib($thing);
-      my @listsofar = @_;    # to check if we're looping
--     my @list = @{$unified_info{depends}->{$thing}};
-+     my @list = @{$unified_info{depends}->{$extensionlessthing}};
-      my @newlist = ();
-      if (scalar @list) {
-          foreach my $item (@list) {
-+             my $extensionlessitem = extensionlesslib($item);
-              # It's time to break off when the dependency list starts looping
--             next if grep { $_ eq $item } @listsofar;
-+             next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
-              push @newlist, $item, resolvedepends($item, @listsofar, $item);
-          }
-      }
-@@ -28,8 +35,9 @@
-      my @newlist = ();
-      while (@list) {
-          my $item = shift @list;
-+         my $extensionlessitem = extensionlesslib($item);
-          push @newlist, $item
--             unless grep { $item eq $_ } @list;
-+             unless grep { $extensionlessitem eq extensionlesslib($_) } @list;
-      }
-      @newlist;
-  }
-Index: openssl-1.1.0h/Configurations/descrip.mms.tmpl
-===================================================================
---- openssl-1.1.0h.orig/Configurations/descrip.mms.tmpl	2018-03-27 15:50:37.000000000 +0200
-+++ openssl-1.1.0h/Configurations/descrip.mms.tmpl	2018-03-27 16:31:37.126131133 +0200
-@@ -537,6 +537,17 @@ configdata.pm : $(SRCDIR)Configure $(SRC
-   use File::Basename;
-   use File::Spec::Functions qw/abs2rel rel2abs catfile catdir/;
- 
-+  # Helper function to figure out dependencies on libraries
-+  # It takes a list of library names and outputs a list of dependencies
-+  sub compute_lib_depends {
-+      if ($disabled{shared}) {
-+          return map { $_ =~ /\.a$/ ? $`.".OLB" : $_.".OLB" } @_;
-+      }
-+      return map { $_ =~ /\.a$/
-+                   ? $`.".OLB"
-+                   : $unified_info{sharednames}->{$_}.".EXE" } @_;
-+  }
-+
-   sub generatesrc {
-       my %args = @_;
-       my $generator = join(" ", @{$args{generator}});
-@@ -632,9 +643,7 @@ EOF
-       my $libd = dirname($lib);
-       my $libn = basename($lib);
-       (my $mkdef_key = $libn) =~ s/^${osslprefix_q}lib([^0-9]*)\d*/$1/i;
--      my @deps = map {
--          $disabled{shared} ? $_.".OLB"
--              : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
-+      my @deps = compute_lib_depends(@{$args{deps}});
-       my $deps = join(", -\n\t\t", @deps);
-       my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
-       my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : "";
-@@ -680,9 +689,7 @@ EOF
-       my $libn = basename($lib);
-       (my $libn_nolib = $libn) =~ s/^lib//;
-       my @objs = map { "$_.OBJ" } @{$args{objs}};
--      my @deps = map {
--          $disabled{shared} ? $_.".OLB"
--              : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
-+      my @deps = compute_lib_depends(@{$args{deps}});
-       my $deps = join(", -\n\t\t", @objs, @deps);
-       my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
-       my $engine_opt = abs2rel(rel2abs(catfile($config{sourcedir},
-@@ -732,9 +739,7 @@ EOF
-       my $bind = dirname($bin);
-       my $binn = basename($bin);
-       my @objs = map { "$_.OBJ" } @{$args{objs}};
--      my @deps = map {
--          $disabled{shared} ? $_.".OLB"
--              : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
-+      my @deps = compute_lib_depends(@{$args{deps}});
-       my $deps = join(", -\n\t\t", @objs, @deps);
-       # The "[]" hack is because in .OPT files, each line inherits the
-       # previous line's file spec as default, so if no directory spec
-Index: openssl-1.1.0h/Configurations/unix-Makefile.tmpl
-===================================================================
---- openssl-1.1.0h.orig/Configurations/unix-Makefile.tmpl	2018-03-27 16:31:37.110130877 +0200
-+++ openssl-1.1.0h/Configurations/unix-Makefile.tmpl	2018-03-27 16:31:37.126131133 +0200
-@@ -755,13 +755,13 @@ configdata.pm: $(SRCDIR)/Configure $(SRC
-   # It takes a list of library names and outputs a list of dependencies
-   sub compute_lib_depends {
-       if ($disabled{shared}) {
--          return map { $_.$libext } @_;
-+          return map { $_ =~ /\.a$/ ? $`.$libext : $_.$libext } @_;
-       }
- 
-       # Depending on shared libraries:
-       # On Windows POSIX layers, we depend on {libname}.dll.a
-       # On Unix platforms, we depend on {shlibname}.so
--      return map { shlib_simple($_) } @_;
-+      return map { $_ =~ /\.a$/ ? $`.$libext : shlib_simple($_) } @_;
-   }
- 
-   sub generatesrc {
-@@ -976,11 +976,16 @@ EOF
-       my $binn = basename($bin);
-       my $objs = join(" ", map { $_.$objext } @{$args{objs}});
-       my $deps = join(" ",compute_lib_depends(@{$args{deps}}));
--      my $linklibs = join("", map { my $d = dirname($_);
--                                    my $f = basename($_);
--                                    $d = "." if $d eq $f;
--                                    (my $l = $f) =~ s/^lib//;
--                                    " -L$d -l$l" } @{$args{deps}});
-+      my $linklibs = join("", map { if ($_ =~ /\.a$/) {
-+                                        " $_";
-+                                    } else {
-+                                        my $d = dirname($_);
-+                                        my $f = basename($_);
-+                                        $d = "." if $d eq $f;
-+                                        (my $l = $f) =~ s/^lib//;
-+                                        " -L$d -l$l"
-+                                    }
-+                                  } @{$args{deps}});
-       my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
-       return <<"EOF";
- $bin$exeext: $objs $deps
-Index: openssl-1.1.0h/Configurations/windows-makefile.tmpl
-===================================================================
---- openssl-1.1.0h.orig/Configurations/windows-makefile.tmpl	2018-03-27 15:50:37.000000000 +0200
-+++ openssl-1.1.0h/Configurations/windows-makefile.tmpl	2018-03-27 16:31:37.126131133 +0200
-@@ -361,8 +361,10 @@ configdata.pm: "$(SRCDIR)\Configure" {-
-  # It takes a list of library names and outputs a list of dependencies
-  sub compute_lib_depends {
-      if ($disabled{shared}) {
--	 return map { $_.$libext } @_;
-+	 return map { $_ =~ /\.a$/ ? $`.$libext : $_.$libext } @_;
-      }
-+     die "Linking with static OpenSSL libraries is not supported in this configuration\n"
-+         if grep /\.a$/, @_;
-      return map { shlib_import($_) } @_;
-  }
- 
-Index: openssl-1.1.0h/Configure
-===================================================================
---- openssl-1.1.0h.orig/Configure	2018-03-27 15:50:37.000000000 +0200
-+++ openssl-1.1.0h/Configure	2018-03-27 16:31:37.126131133 +0200
-@@ -1844,9 +1844,16 @@ EOF
-                     $d = cleanfile($buildd, $_, $blddir);
-                 }
-                 # Take note if the file to depend on is being renamed
-+                # Take extra care with files ending with .a, they should
-+                # be treated without that extension, and the extension
-+                # should be added back after treatment.
-+                $d =~ /(\.a)?$/;
-+                my $e = $1 // "";
-+                $d = $`;
-                 if ($unified_info{rename}->{$d}) {
-                     $d = $unified_info{rename}->{$d};
-                 }
-+                $d .= $e;
-                 $unified_info{depends}->{$ddest}->{$d} = 1;
-             }
-         }

openssl-truststore.patch

@@ -1,10 +1,10 @@
 Don't use the legacy /etc/ssl/certs directory anymore but rather the
 p11-kit generated /var/lib/ca-certificates/openssl one (fate#314991)
-Index: openssl-1.1.0e/crypto/include/internal/cryptlib.h
+Index: openssl-1.1.1-pre1/include/internal/cryptlib.h
 ===================================================================
---- openssl-1.1.0e.orig/crypto/include/internal/cryptlib.h
+--- openssl-1.1.1-pre1.orig/include/internal/cryptlib.h	2018-02-13 14:48:12.000000000 +0100
-+++ openssl-1.1.0e/crypto/include/internal/cryptlib.h
++++ openssl-1.1.1-pre1/include/internal/cryptlib.h	2018-02-13 16:30:11.738161984 +0100
-@@ -41,8 +41,8 @@ DEFINE_LHASH_OF(MEM);
+@@ -59,8 +59,8 @@ DEFINE_LHASH_OF(MEM);
  
  # ifndef OPENSSL_SYS_VMS
  #  define X509_CERT_AREA          OPENSSLDIR

openssl-urandom-reseeding.patch

@@ -1,100 +0,0 @@
-Index: openssl-1.1.0c/crypto/rand/rand_unix.c
-===================================================================
---- openssl-1.1.0c.orig/crypto/rand/rand_unix.c	2016-12-12 17:33:05.654295693 +0100
-+++ openssl-1.1.0c/crypto/rand/rand_unix.c	2016-12-12 17:44:44.608814886 +0100
-@@ -144,7 +144,8 @@ int RAND_poll(void)
-     unsigned long l;
-     pid_t curr_pid = getpid();
- #  if defined(DEVRANDOM) || (!defined(OPENSS_NO_EGD) && defined(DEVRANDOM_EGD))
--    unsigned char tmpbuf[ENTROPY_NEEDED];
-+    /* STATE_SIZE is 1023 ... but it was suggested to seed with 1024 bytes */
-+    unsigned char tmpbuf[1024];
-     int n = 0;
- #  endif
- #  ifdef DEVRANDOM
-@@ -166,7 +167,7 @@ int RAND_poll(void)
-      * out of random entries.
-      */
- 
--    for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < ENTROPY_NEEDED); i++) {
-+    for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < sizeof(tmpbuf)); i++) {
-         if ((fd = open(randomfiles[i], O_RDONLY
- #   ifdef O_NONBLOCK
-                        | O_NONBLOCK
-@@ -246,7 +247,7 @@ int RAND_poll(void)
- 
-                 if (try_read) {
-                     r = read(fd, (unsigned char *)tmpbuf + n,
--                             ENTROPY_NEEDED - n);
-+                             sizeof(tmpbuf) - n);
-                     if (r > 0)
-                         n += r;
-                 } else
-@@ -263,7 +264,7 @@ int RAND_poll(void)
-             }
-             while ((r > 0 ||
-                     (errno == EINTR || errno == EAGAIN)) && usec != 0
--                   && n < ENTROPY_NEEDED);
-+                   && n < sizeof(tmpbuf));
- 
-             close(fd);
-         }
-@@ -276,12 +277,12 @@ int RAND_poll(void)
-      * collecting daemon.
-      */
- 
--    for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED;
-+    for (egdsocket = egdsockets; *egdsocket && n < sizeof(tmpbuf);
-          egdsocket++) {
-         int r;
- 
-         r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n,
--                                 ENTROPY_NEEDED - n);
-+                                 sizeof(tmpbuf) - n);
-         if (r > 0)
-             n += r;
-     }
-Index: openssl-1.1.0c/crypto/rand/md_rand.c
-===================================================================
---- openssl-1.1.0c.orig/crypto/rand/md_rand.c	2016-12-12 17:33:05.690296235 +0100
-+++ openssl-1.1.0c/crypto/rand/md_rand.c	2016-12-12 18:01:49.036286763 +0100
-@@ -318,6 +318,10 @@ static int rand_bytes(unsigned char *buf
-     if (num <= 0)
-         return 1;
- 
-+    /* special rule for /dev/urandom seeding ... seed with as much bytes
-+     * from /dev/urandom as you get out */
-+    RAND_load_file("/dev/urandom", num);
-+
-     m = EVP_MD_CTX_new();
-     if (m == NULL)
-         goto err_mem;
-Index: openssl-1.1.0c/crypto/fips/fips_drbg_rand.c
-===================================================================
---- openssl-1.1.0c.orig/crypto/fips/fips_drbg_rand.c	2016-12-12 17:33:05.690296235 +0100
-+++ openssl-1.1.0c/crypto/fips/fips_drbg_rand.c	2016-12-12 18:05:52.779971206 +0100
-@@ -90,6 +90,11 @@ static int fips_drbg_bytes(unsigned char
-     int rv = 0;
-     unsigned char *adin = NULL;
-     size_t adinlen = 0;
-+
-+    /* add entropy in 1:1 relation (number pulled bytes / number pushed from /dev/urandom) */
-+    if (count > dctx->min_entropy)
-+        RAND_load_file("/dev/urandom", count - dctx->min_entropy);
-+
-     CRYPTO_THREAD_write_lock(fips_rand_lock);
-     do {
-         size_t rcnt;
-Index: openssl-1.1.0c/crypto/rand/rand_lib.c
-===================================================================
---- openssl-1.1.0c.orig/crypto/rand/rand_lib.c	2016-12-12 17:33:05.690296235 +0100
-+++ openssl-1.1.0c/crypto/rand/rand_lib.c	2016-12-12 18:05:01.499195179 +0100
-@@ -188,7 +188,7 @@ static int drbg_rand_add(DRBG_CTX *ctx,
- {
-     RAND_OpenSSL()->add(in, inlen, entropy);
-     if (FIPS_rand_status()) {
--        FIPS_drbg_reseed(ctx, NULL, 0);
-+        FIPS_drbg_reseed(ctx, in, inlen);
-     }
-     return 1;
- }