Accepting request 821489 from home:pmonrealgonzalez:branches:security:tls
- Update to 3.0.0 Alpha 5
* Deprecated the 'ENGINE' API. Engines should be replaced with
providers going forward.
* Reworked the recorded ERR codes to make better space for system errors.
To distinguish them, the macro 'ERR_SYSTEM_ERROR()' indicates
if the given code is a system error (true) or an OpenSSL error (false).
* Reworked the test perl framework to better allow parallel testing.
* Added ciphertext stealing algorithms AES-128-CBC-CTS, AES-192-CBC-CTS and
AES-256-CBC-CTS to the providers. CS1, CS2 and CS3 variants are supported.
* 'Configure' has been changed to figure out the configuration target if
none is given on the command line. Consequently, the 'config' script is
now only a mere wrapper. All documentation is changed to only mention
'Configure'.
* Added a library context that applications as well as other libraries can use
to form a separate context within which libcrypto operations are performed.
- There are two ways this can be used:
1) Directly, by passing a library context to functions that take
such an argument, such as 'EVP_CIPHER_fetch' and similar algorithm
fetching functions.
2) Indirectly, by creating a new library context and then assigning
it as the new default, with 'OPENSSL_CTX_set0_default'.
- All public OpenSSL functions that take an 'OPENSSL_CTX' pointer,
apart from the functions directly related to 'OPENSSL_CTX', accept
NULL to indicate that the default library context should be used.
- Library code that changes the default library context using
'OPENSSL_CTX_set0_default' should take care to restore it with a
second call before returning to the caller.
* The security strength of SHA1 and MD5 based signatures in TLS has been
reduced. This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer
working at the default security level of 1 and instead requires security
OBS-URL: https://build.opensuse.org/request/show/821489
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=13
2020-07-17 13:26:23 +02:00
|
|
|
Index: openssl-3.0.0-alpha5/util/perl/OpenSSL/config.pm
|
2020-04-24 10:03:40 +02:00
|
|
|
===================================================================
|
Accepting request 821489 from home:pmonrealgonzalez:branches:security:tls
- Update to 3.0.0 Alpha 5
* Deprecated the 'ENGINE' API. Engines should be replaced with
providers going forward.
* Reworked the recorded ERR codes to make better space for system errors.
To distinguish them, the macro 'ERR_SYSTEM_ERROR()' indicates
if the given code is a system error (true) or an OpenSSL error (false).
* Reworked the test perl framework to better allow parallel testing.
* Added ciphertext stealing algorithms AES-128-CBC-CTS, AES-192-CBC-CTS and
AES-256-CBC-CTS to the providers. CS1, CS2 and CS3 variants are supported.
* 'Configure' has been changed to figure out the configuration target if
none is given on the command line. Consequently, the 'config' script is
now only a mere wrapper. All documentation is changed to only mention
'Configure'.
* Added a library context that applications as well as other libraries can use
to form a separate context within which libcrypto operations are performed.
- There are two ways this can be used:
1) Directly, by passing a library context to functions that take
such an argument, such as 'EVP_CIPHER_fetch' and similar algorithm
fetching functions.
2) Indirectly, by creating a new library context and then assigning
it as the new default, with 'OPENSSL_CTX_set0_default'.
- All public OpenSSL functions that take an 'OPENSSL_CTX' pointer,
apart from the functions directly related to 'OPENSSL_CTX', accept
NULL to indicate that the default library context should be used.
- Library code that changes the default library context using
'OPENSSL_CTX_set0_default' should take care to restore it with a
second call before returning to the caller.
* The security strength of SHA1 and MD5 based signatures in TLS has been
reduced. This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer
working at the default security level of 1 and instead requires security
OBS-URL: https://build.opensuse.org/request/show/821489
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=13
2020-07-17 13:26:23 +02:00
|
|
|
--- openssl-3.0.0-alpha5.orig/util/perl/OpenSSL/config.pm
|
|
|
|
|
+++ openssl-3.0.0-alpha5/util/perl/OpenSSL/config.pm
|
|
|
|
|
@@ -525,14 +525,19 @@ EOF
|
|
|
|
|
return { target => "linux-ppc64" } if $KERNEL_BITS eq '64';
|
|
|
|
|
|
|
|
|
|
my %config = ();
|
|
|
|
|
- if (!okrun('echo __LP64__',
|
|
|
|
|
- 'gcc -E -x c - 2>/dev/null',
|
|
|
|
|
- 'grep "^__LP64__" 2>&1 >/dev/null') ) {
|
|
|
|
|
- %config = ( cflags => [ '-m32' ],
|
|
|
|
|
- cxxflags => [ '-m32' ] );
|
|
|
|
|
- }
|
|
|
|
|
- return { target => "linux-ppc",
|
|
|
|
|
- %config };
|
|
|
|
|
+ # ##
|
|
|
|
|
+ # if (!okrun('echo __LP64__', 'gcc -E -x c - 2>/dev/null', 'grep "^__LP64__" 2>&1 >/dev/null') ) { %config = ( cflags => [ '-m32' ], cxxflags => [ '-m32' ] ); }
|
|
|
|
|
+ # return { target => "linux-ppc",
|
|
|
|
|
+ # %config };
|
|
|
|
|
+ # ##
|
|
|
|
|
+ if (okrun('echo __LP64__', 'gcc -E -x c - 2>/dev/null',
|
|
|
|
|
+ 'grep "^__LP64__" 2>&1 >/dev/null') )
|
|
|
|
|
+ {
|
|
|
|
|
+ return { target => "linux-ppc", %config };
|
|
|
|
|
+ } else {
|
|
|
|
|
+ return { target => "linux-ppc64", %config };
|
|
|
|
|
+ }
|
|
|
|
|
+ ##
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
[ 'ppc64le-.*-linux2', { target => "linux-ppc64le" } ],
|
