Dominique Leuenberger 2020-10-18 14:17:49 +00:00 committed by Git OBS Bridge
commit af7a8f80d6
8 changed files with 324 additions and 308 deletions

File diff suppressed because it is too large Load Diff

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46
size 9801502

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl6e5ZUACgkQ2cTSbQ5g
RJHnTQf+KGRLb4BacpX2zWwjEHy/F4ylVcQXV0e5tVcLhdoviUxShb6RQ05uQ9XQ
Jmm94vFoquPGwhkH4HcT8NE5vYROsGqbgyy8i4D1iq5sJ/vFc1yU6b8Xxpnljk8N
mxjz69uHftPbJknNhpNzMbRn+UzZZpK7sU4kgr0u0H8FBuX7m61hFLRqJWNbsx5R
E3ekj06iPvzE+mxxWOOtJx412Ury69atfCP+SzUGLLYvaIm/htInR8uI7uEVh2hu
Aj1il4BvZX/r11PgSlzbwl9FZorKc+S6vrxnPek8+QKCRluvFe0IhcerLoIPk4Ok
gmM3j8ng49KW3xVL6IZIMjkfZdTuTw==
=CJa/
-----END PGP SIGNATURE-----

3
openssl-1.1.1h.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5c9ca8774bd7b03e5784f26ae9e9e6d749c9da2438545077e6b3d755a06595d9
size 9810045

11
openssl-1.1.1h.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl9p9DIACgkQ2cTSbQ5g
RJFkgAf/cEJVx8pptVMXRtbh9aBl73I12y+xURVt0WJ7Z6Uwotisq9otypUQH1kb
H7IULXo7SnCjpouJQzAKCh8muv7jz7yquL19q0s4uh46Qdz57tIdfJap/F/eGwR8
wPnciGtl9P+8uSsPTro9VlEjQRCTvGKXna35V3CilXx2zpP3X9izcUed8Irfcp0o
eWi9W0NhG4HJZOA7RNbfp8fGLCpfp364z1fcXeQFaZFdtiqdl5qKQ0/rt52ji+fs
M71jFvhPU3jyb921cFWO6CQN9O9+MUu02AWCYIm2VPkcqrhOQ5JoCyPsnv3ClE1v
X0TYTMIwnqNZ9UZsgsnIzAg2VxZDDw==
=kMzM
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Mon Oct 12 15:22:54 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Escape rpm command %%expand when used in comment.
-------------------------------------------------------------------
Tue Sep 22 20:43:59 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
- Update to 1.1.1h
* Disallow explicit curve parameters in verifications chains when X509_V_FLAG_X509_STRICT is used
* Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS contexts
- refresh openssl-fips_selftest_upstream_drbg.patch
* DRBG internals got renamed back:
reseed_gen_counter -> generate_counter
reseed_prop_counter -> reseed_counter
-------------------------------------------------------------------
Fri May 15 09:51:22 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>

View File

@ -21,7 +21,7 @@
%define _rname openssl
Name: openssl-1_1
# Don't forget to update the version in the "openssl" package!
Version: 1.1.1g
Version: 1.1.1h
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL
@ -263,7 +263,7 @@ cp %{SOURCE5} .
# invalidates a HMAC that may have been created earlier.
# solution: create the hashes _after_ the macro runs.
#
# this shows up earlier because otherwise the %expand of
# this shows up earlier because otherwise the %%expand of
# the macro is too late.
# remark: This is the same as running
# openssl dgst -sha256 -hmac 'ppaksykemnsecgtsttplmamstKMEs'

View File

@ -419,15 +419,15 @@ Index: openssl-1.1.1g/crypto/fips/drbgtest.c
+ /* Instantiate again with valid data */
+ if (!instantiate(drbg, td, &t))
+ goto err;
+ reseed_counter_tmp = drbg->reseed_gen_counter;
+ drbg->reseed_gen_counter = drbg->reseed_interval;
+ reseed_counter_tmp = drbg->generate_counter;
+ drbg->generate_counter = drbg->reseed_interval;
+
+ /* Generate output and check entropy has been requested for reseed */
+ t.entropycnt = 0;
+ if (!RAND_DRBG_generate(drbg, buff, td->exlen, 0,
+ td->adin, td->adinlen)
+ || t.entropycnt != 1
+ || drbg->reseed_gen_counter != reseed_counter_tmp + 1
+ || drbg->generate_counter != reseed_counter_tmp + 1
+ || !uninstantiate(drbg))
+ goto err;
+
@ -444,15 +444,15 @@ Index: openssl-1.1.1g/crypto/fips/drbgtest.c
+ /* Test reseed counter works */
+ if (!instantiate(drbg, td, &t))
+ goto err;
+ reseed_counter_tmp = drbg->reseed_gen_counter;
+ drbg->reseed_gen_counter = drbg->reseed_interval;
+ reseed_counter_tmp = drbg->generate_counter;
+ drbg->generate_counter = drbg->reseed_interval;
+
+ /* Generate output and check entropy has been requested for reseed */
+ t.entropycnt = 0;
+ if (!RAND_DRBG_generate(drbg, buff, td->exlen, 0,
+ td->adin, td->adinlen)
+ || t.entropycnt != 1
+ || drbg->reseed_gen_counter != reseed_counter_tmp + 1
+ || drbg->generate_counter != reseed_counter_tmp + 1
+ || !uninstantiate(drbg))
+ goto err;
+
@ -642,14 +642,14 @@ Index: openssl-1.1.1g/crypto/fips/drbgtest.c
+ */
+
+ /* Test whether seed propagation is enabled */
+ if (master->reseed_prop_counter == 0
+ || public->reseed_prop_counter == 0
+ || private->reseed_prop_counter == 0)
+ if (master->reseed_counter == 0
+ || public->reseed_counter == 0
+ || private->reseed_counter == 0)
+ return 0;
+
+ /* Check whether the master DRBG's reseed counter is the largest one */
+ if (public->reseed_prop_counter > master->reseed_prop_counter
+ || private->reseed_prop_counter > master->reseed_prop_counter)
+ if (public->reseed_counter > master->reseed_counter
+ || private->reseed_counter > master->reseed_counter)
+ return 0;
+
+ /*
@ -697,8 +697,8 @@ Index: openssl-1.1.1g/crypto/fips/drbgtest.c
+
+ if (expect_success == 1) {
+ /* Test whether all three reseed counters are synchronized */
+ if (public->reseed_prop_counter != master->reseed_prop_counter
+ || private->reseed_prop_counter != master->reseed_prop_counter)
+ if (public->reseed_counter != master->reseed_counter
+ || private->reseed_counter != master->reseed_counter)
+ return 0;
+
+ /* Test whether reseed time of master DRBG is set correctly */
@ -816,7 +816,7 @@ Index: openssl-1.1.1g/crypto/fips/drbgtest.c
+ * Test whether the public and private DRBG are both reseeded when their
+ * reseed counters differ from the master's reseed counter.
+ */
+ master->reseed_prop_counter++;
+ master->reseed_counter++;
+ if (!test_drbg_reseed(1, master, public, private, 0, 1, 1, 0))
+ goto error;
+ reset_drbg_hook_ctx();
@ -825,8 +825,8 @@ Index: openssl-1.1.1g/crypto/fips/drbgtest.c
+ * Test whether the public DRBG is reseeded when its reseed counter differs
+ * from the master's reseed counter.
+ */
+ master->reseed_prop_counter++;
+ private->reseed_prop_counter++;
+ master->reseed_counter++;
+ private->reseed_counter++;
+ if (!test_drbg_reseed(1, master, public, private, 0, 1, 0, 0))
+ goto error;
+ reset_drbg_hook_ctx();
@ -835,8 +835,8 @@ Index: openssl-1.1.1g/crypto/fips/drbgtest.c
+ * Test whether the private DRBG is reseeded when its reseed counter differs
+ * from the master's reseed counter.
+ */
+ master->reseed_prop_counter++;
+ public->reseed_prop_counter++;
+ master->reseed_counter++;
+ public->reseed_counter++;
+ if (!test_drbg_reseed(1, master, public, private, 0, 0, 1, 0))
+ goto error;
+ reset_drbg_hook_ctx();
@ -869,7 +869,7 @@ Index: openssl-1.1.1g/crypto/fips/drbgtest.c
+ * Test whether none of the DRBGs is reseed if the master fails to reseed
+ */
+ master_ctx.fail = 1;
+ master->reseed_prop_counter++;
+ master->reseed_counter++;
+ RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf));
+ if (!test_drbg_reseed(0, master, public, private, 0, 0, 0, 0))
+ goto error;