pool/openssl
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 264696 from Base:System

Browse Source 
I also submitted libcamgm that matches this submit


- suse_version 10.1 & 10.2 x86_64 can not enable-ec_nistp_64_gcc_128

- openssl-1.0.1i-noec2m-fix.patch: only report the Elliptic Curves
  we actually support (not the binary ones) (bnc#905037)

- openSUSE < 11.2 doesn't have accept4()

- openSSL 1.0.1j 
* Fix SRTP Memory Leak (CVE-2014-3513)
* Session Ticket Memory Leak (CVE-2014-3567)
* Add SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV)
* Build option no-ssl3 is incomplete (CVE-2014-3568)

OBS-URL: https://build.opensuse.org/request/show/264696
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=123
This commit is contained in:
Dominique Leuenberger 2014-12-17 18:18:04 +00:00 committed by Git OBS Bridge
parent 0985bc43b2
commit 984610bf7f
10 changed files with 487 additions and 849 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

349
0001-libcrypto-Hide-library-private-symbols.patch
View File

@ -37,10 +37,8 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
crypto/x509v3/pcy_int.h | 3 +++
31 files changed, 85 insertions(+), 17 deletions(-)
Index: openssl-1.0.1h/apps/Makefile
===================================================================
--- openssl-1.0.1h.orig/apps/Makefile
+++ openssl-1.0.1h/apps/Makefile
--- openssl-1.0.1j.orig/apps/Makefile
+++ openssl-1.0.1j/apps/Makefile
@@ -20,7 +20,7 @@ EXE_EXT=
SHLIB_TARGET=
@ -50,10 +48,8 @@ Index: openssl-1.0.1h/apps/Makefile
GENERAL=Makefile makeapps.com install.com
Index: openssl-1.0.1h/crypto/asn1/asn1_locl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/asn1/asn1_locl.h
+++ openssl-1.0.1h/crypto/asn1/asn1_locl.h
--- openssl-1.0.1j.orig/crypto/asn1/asn1_locl.h
+++ openssl-1.0.1j/crypto/asn1/asn1_locl.h
@@ -58,6 +58,8 @@
/* Internal ASN1 structures and functions: not for application use */
@ -69,10 +65,8 @@ Index: openssl-1.0.1h/crypto/asn1/asn1_locl.h
};
+
+#pragma GCC visibility pop
Index: openssl-1.0.1h/crypto/bn/bn_lcl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/bn/bn_lcl.h
+++ openssl-1.0.1h/crypto/bn/bn_lcl.h
--- openssl-1.0.1j.orig/crypto/bn/bn_lcl.h
+++ openssl-1.0.1j/crypto/bn/bn_lcl.h
@@ -483,6 +483,8 @@ extern "C" {
#undef bn_div_words
#endif
@ -91,10 +85,8 @@ Index: openssl-1.0.1h/crypto/bn/bn_lcl.h
#ifdef __cplusplus
}
#endif
Index: openssl-1.0.1h/crypto/camellia/cmll_locl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/camellia/cmll_locl.h
+++ openssl-1.0.1h/crypto/camellia/cmll_locl.h
--- openssl-1.0.1j.orig/crypto/camellia/cmll_locl.h
+++ openssl-1.0.1j/crypto/camellia/cmll_locl.h
@@ -68,6 +68,8 @@
#ifndef HEADER_CAMELLIA_LOCL_H
#define HEADER_CAMELLIA_LOCL_H
@ -110,10 +102,8 @@ Index: openssl-1.0.1h/crypto/camellia/cmll_locl.h
CAMELLIA_KEY *key);
+#pragma GCC visibility pop
#endif /* #ifndef HEADER_CAMELLIA_LOCL_H */
Index: openssl-1.0.1h/crypto/cast/cast_lcl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/cast/cast_lcl.h
+++ openssl-1.0.1h/crypto/cast/cast_lcl.h
--- openssl-1.0.1j.orig/crypto/cast/cast_lcl.h
+++ openssl-1.0.1j/crypto/cast/cast_lcl.h
@@ -217,6 +217,7 @@
}
#endif
@ -127,10 +117,8 @@ Index: openssl-1.0.1h/crypto/cast/cast_lcl.h
extern const CAST_LONG CAST_S_table6[256];
extern const CAST_LONG CAST_S_table7[256];
+#pragma GCC visibility pop
Index: openssl-1.0.1h/crypto/cms/cms_lcl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/cms/cms_lcl.h
+++ openssl-1.0.1h/crypto/cms/cms_lcl.h
--- openssl-1.0.1j.orig/crypto/cms/cms_lcl.h
+++ openssl-1.0.1j/crypto/cms/cms_lcl.h
@@ -426,6 +426,8 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerA
#define CMS_RECIPINFO_ISSUER_SERIAL 0
#define CMS_RECIPINFO_KEYIDENTIFIER 1
@ -150,10 +138,8 @@ Index: openssl-1.0.1h/crypto/cms/cms_lcl.h
#ifdef __cplusplus
}
#endif
Index: openssl-1.0.1h/crypto/des/des_locl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/des/des_locl.h
+++ openssl-1.0.1h/crypto/des/des_locl.h
--- openssl-1.0.1j.orig/crypto/des/des_locl.h
+++ openssl-1.0.1j/crypto/des/des_locl.h
@@ -421,10 +421,12 @@
PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
}
@ -167,20 +153,16 @@ Index: openssl-1.0.1h/crypto/des/des_locl.h
#ifdef OPENSSL_SMALL_FOOTPRINT
#undef DES_UNROLL
Index: openssl-1.0.1h/crypto/dsa/dsa_locl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/dsa/dsa_locl.h
+++ openssl-1.0.1h/crypto/dsa/dsa_locl.h
--- openssl-1.0.1j.orig/crypto/dsa/dsa_locl.h
+++ openssl-1.0.1j/crypto/dsa/dsa_locl.h
@@ -57,4 +57,4 @@
int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
unsigned char *seed_out,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) __attribute__ ((visibility ("hidden")));
Index: openssl-1.0.1h/crypto/ec/ec_lcl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/ec/ec_lcl.h
+++ openssl-1.0.1h/crypto/ec/ec_lcl.h
--- openssl-1.0.1j.orig/crypto/ec/ec_lcl.h
+++ openssl-1.0.1j/crypto/ec/ec_lcl.h
@@ -88,6 +88,8 @@
/* Structure details are not part of the exported interface,
* so all this may change in future versions. */
@ -196,10 +178,8 @@ Index: openssl-1.0.1h/crypto/ec/ec_lcl.h
#endif
+
+#pragma GCC visibility pop
Index: openssl-1.0.1h/crypto/ecdh/ech_locl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/ecdh/ech_locl.h
+++ openssl-1.0.1h/crypto/ecdh/ech_locl.h
--- openssl-1.0.1j.orig/crypto/ecdh/ech_locl.h
+++ openssl-1.0.1j/crypto/ecdh/ech_locl.h
@@ -58,6 +58,8 @@
#include <openssl/ecdh.h>
@ -216,10 +196,8 @@ Index: openssl-1.0.1h/crypto/ecdh/ech_locl.h
-
+#pragma GCC visibility pop
#endif /* HEADER_ECH_LOCL_H */
Index: openssl-1.0.1h/crypto/ecdsa/ecs_locl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/ecdsa/ecs_locl.h
+++ openssl-1.0.1h/crypto/ecdsa/ecs_locl.h
--- openssl-1.0.1j.orig/crypto/ecdsa/ecs_locl.h
+++ openssl-1.0.1j/crypto/ecdsa/ecs_locl.h
@@ -61,6 +61,8 @@
#include <openssl/ecdsa.h>
@ -236,10 +214,8 @@ Index: openssl-1.0.1h/crypto/ecdsa/ecs_locl.h
+#pragma GCC visibility pop
+
#endif /* HEADER_ECS_LOCL_H */
Index: openssl-1.0.1h/crypto/engine/eng_int.h
===================================================================
--- openssl-1.0.1h.orig/crypto/engine/eng_int.h
+++ openssl-1.0.1h/crypto/engine/eng_int.h
--- openssl-1.0.1j.orig/crypto/engine/eng_int.h
+++ openssl-1.0.1j/crypto/engine/eng_int.h
@@ -68,6 +68,8 @@
/* Take public definitions from engine.h */
#include <openssl/engine.h>
@ -256,10 +232,8 @@ Index: openssl-1.0.1h/crypto/engine/eng_int.h
-
+#pragma GCC visibility pop
#endif /* HEADER_ENGINE_INT_H */
Index: openssl-1.0.1h/crypto/engine/eng_rsax.c
===================================================================
--- openssl-1.0.1h.orig/crypto/engine/eng_rsax.c
+++ openssl-1.0.1h/crypto/engine/eng_rsax.c
--- openssl-1.0.1j.orig/crypto/engine/eng_rsax.c
+++ openssl-1.0.1j/crypto/engine/eng_rsax.c
@@ -262,7 +262,7 @@ static int mod_exp_pre_compute_data_512(
void mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */
UINT64 *g, /* 512 bits, 8 qwords */
@ -269,10 +243,8 @@ Index: openssl-1.0.1h/crypto/engine/eng_rsax.c
typedef struct st_e_rsax_mod_ctx
{
Index: openssl-1.0.1h/crypto/evp/e_aes.c
===================================================================
--- openssl-1.0.1h.orig/crypto/evp/e_aes.c
+++ openssl-1.0.1h/crypto/evp/e_aes.c
--- openssl-1.0.1j.orig/crypto/evp/e_aes.c
+++ openssl-1.0.1j/crypto/evp/e_aes.c
@@ -108,6 +108,8 @@ typedef struct
#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
@ -318,10 +290,8 @@ Index: openssl-1.0.1h/crypto/evp/e_aes.c
static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
Index: openssl-1.0.1h/crypto/evp/e_aes_cbc_hmac_sha1.c
===================================================================
--- openssl-1.0.1h.orig/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ openssl-1.0.1h/crypto/evp/e_aes_cbc_hmac_sha1.c
--- openssl-1.0.1j.orig/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ openssl-1.0.1j/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -97,6 +97,8 @@ typedef struct
extern unsigned int OPENSSL_ia32cap_P[2];
#define AESNI_CAPABLE (1<<(57-32))
@ -340,10 +310,8 @@ Index: openssl-1.0.1h/crypto/evp/e_aes_cbc_hmac_sha1.c
#define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data)
static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
Index: openssl-1.0.1h/crypto/evp/evp_locl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/evp/evp_locl.h
+++ openssl-1.0.1h/crypto/evp/evp_locl.h
--- openssl-1.0.1j.orig/crypto/evp/evp_locl.h
+++ openssl-1.0.1j/crypto/evp/evp_locl.h
@@ -263,6 +263,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
EVP_CIPHER_get_asn1_iv, \
NULL)
@ -362,10 +330,8 @@ Index: openssl-1.0.1h/crypto/evp/evp_locl.h
#ifdef OPENSSL_FIPS
#ifdef OPENSSL_DOING_MAKEDEPEND
Index: openssl-1.0.1h/crypto/md4/md4_locl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/md4/md4_locl.h
+++ openssl-1.0.1h/crypto/md4/md4_locl.h
--- openssl-1.0.1j.orig/crypto/md4/md4_locl.h
+++ openssl-1.0.1j/crypto/md4/md4_locl.h
@@ -65,7 +65,7 @@
#define MD4_LONG_LOG2 2 /* default to 32 bits */
#endif
@ -375,10 +341,8 @@ Index: openssl-1.0.1h/crypto/md4/md4_locl.h
#define DATA_ORDER_IS_LITTLE_ENDIAN
Index: openssl-1.0.1h/crypto/md5/md5_locl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/md5/md5_locl.h
+++ openssl-1.0.1h/crypto/md5/md5_locl.h
--- openssl-1.0.1j.orig/crypto/md5/md5_locl.h
+++ openssl-1.0.1j/crypto/md5/md5_locl.h
@@ -74,7 +74,7 @@
# endif
#endif
@ -388,10 +352,8 @@ Index: openssl-1.0.1h/crypto/md5/md5_locl.h
#define DATA_ORDER_IS_LITTLE_ENDIAN
Index: openssl-1.0.1h/crypto/modes/modes_lcl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/modes/modes_lcl.h
+++ openssl-1.0.1h/crypto/modes/modes_lcl.h
--- openssl-1.0.1j.orig/crypto/modes/modes_lcl.h
+++ openssl-1.0.1j/crypto/modes/modes_lcl.h
@@ -83,6 +83,8 @@ typedef unsigned char u8;
#define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
#endif
@ -407,10 +369,8 @@ Index: openssl-1.0.1h/crypto/modes/modes_lcl.h
};
-
+#pragma GCC visibility pop
Index: openssl-1.0.1h/crypto/o_str.h
===================================================================
--- openssl-1.0.1h.orig/crypto/o_str.h
+++ openssl-1.0.1h/crypto/o_str.h
--- openssl-1.0.1j.orig/crypto/o_str.h
+++ openssl-1.0.1j/crypto/o_str.h
@@ -61,8 +61,12 @@
#include <stddef.h> /* to get size_t */
@ -424,10 +384,8 @@ Index: openssl-1.0.1h/crypto/o_str.h
+#pragma GCC visibility pop
+
#endif
Index: openssl-1.0.1h/crypto/o_time.h
===================================================================
--- openssl-1.0.1h.orig/crypto/o_time.h
+++ openssl-1.0.1h/crypto/o_time.h
--- openssl-1.0.1j.orig/crypto/o_time.h
+++ openssl-1.0.1j/crypto/o_time.h
@@ -61,7 +61,11 @@
#include <time.h>
@ -440,10 +398,8 @@ Index: openssl-1.0.1h/crypto/o_time.h
+#pragma GCC visibility pop
+
#endif
Index: openssl-1.0.1h/crypto/ripemd/rmd_locl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/ripemd/rmd_locl.h
+++ openssl-1.0.1h/crypto/ripemd/rmd_locl.h
--- openssl-1.0.1j.orig/crypto/ripemd/rmd_locl.h
+++ openssl-1.0.1j/crypto/ripemd/rmd_locl.h
@@ -76,7 +76,7 @@
# endif
#endif
@ -453,20 +409,16 @@ Index: openssl-1.0.1h/crypto/ripemd/rmd_locl.h
#define DATA_ORDER_IS_LITTLE_ENDIAN
Index: openssl-1.0.1h/crypto/rsa/rsa_locl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/rsa/rsa_locl.h
+++ openssl-1.0.1h/crypto/rsa/rsa_locl.h
--- openssl-1.0.1j.orig/crypto/rsa/rsa_locl.h
+++ openssl-1.0.1j/crypto/rsa/rsa_locl.h
@@ -1,4 +1,4 @@
extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
unsigned char *rm, size_t *prm_len,
const unsigned char *sigbuf, size_t siglen,
- RSA *rsa);
+ RSA *rsa) __attribute__ ((visibility ("hidden")));
Index: openssl-1.0.1h/crypto/sha/sha256.c
===================================================================
--- openssl-1.0.1h.orig/crypto/sha/sha256.c
+++ openssl-1.0.1h/crypto/sha/sha256.c
--- openssl-1.0.1j.orig/crypto/sha/sha256.c
+++ openssl-1.0.1j/crypto/sha/sha256.c
@@ -110,7 +110,7 @@ int SHA224_Final (unsigned char *md, SHA
#ifndef SHA256_ASM
static
@ -476,10 +428,8 @@ Index: openssl-1.0.1h/crypto/sha/sha256.c
#include "md32_common.h"
Index: openssl-1.0.1h/crypto/sha/sha512.c
===================================================================
--- openssl-1.0.1h.orig/crypto/sha/sha512.c
+++ openssl-1.0.1h/crypto/sha/sha512.c
--- openssl-1.0.1j.orig/crypto/sha/sha512.c
+++ openssl-1.0.1j/crypto/sha/sha512.c
@@ -94,7 +94,7 @@ fips_md_init(SHA512)
#ifndef SHA512_ASM
static
@ -489,10 +439,8 @@ Index: openssl-1.0.1h/crypto/sha/sha512.c
int SHA512_Final (unsigned char *md, SHA512_CTX *c)
{
Index: openssl-1.0.1h/crypto/sha/sha_locl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/sha/sha_locl.h
+++ openssl-1.0.1h/crypto/sha/sha_locl.h
--- openssl-1.0.1j.orig/crypto/sha/sha_locl.h
+++ openssl-1.0.1j/crypto/sha/sha_locl.h
@@ -108,7 +108,7 @@ static void sha_block_data_order (SHA_CT
#ifndef SHA1_ASM
static
@ -502,10 +450,8 @@ Index: openssl-1.0.1h/crypto/sha/sha_locl.h
#else
# error "Either SHA_0 or SHA_1 must be defined."
Index: openssl-1.0.1h/crypto/store/str_locl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/store/str_locl.h
+++ openssl-1.0.1h/crypto/store/str_locl.h
--- openssl-1.0.1j.orig/crypto/store/str_locl.h
+++ openssl-1.0.1j/crypto/store/str_locl.h
@@ -62,6 +62,8 @@
#include <openssl/crypto.h>
#include <openssl/store.h>
@ -522,10 +468,8 @@ Index: openssl-1.0.1h/crypto/store/str_locl.h
-
+#pragma GCC visibility pop
#endif
Index: openssl-1.0.1h/crypto/ui/ui_locl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/ui/ui_locl.h
+++ openssl-1.0.1h/crypto/ui/ui_locl.h
--- openssl-1.0.1j.orig/crypto/ui/ui_locl.h
+++ openssl-1.0.1j/crypto/ui/ui_locl.h
@@ -66,6 +66,8 @@
#undef _
#endif
@ -542,19 +486,15 @@ Index: openssl-1.0.1h/crypto/ui/ui_locl.h
-
+#pragma GCC visibility pop
#endif
Index: openssl-1.0.1h/crypto/whrlpool/wp_locl.h
===================================================================
--- openssl-1.0.1h.orig/crypto/whrlpool/wp_locl.h
+++ openssl-1.0.1h/crypto/whrlpool/wp_locl.h
--- openssl-1.0.1j.orig/crypto/whrlpool/wp_locl.h
+++ openssl-1.0.1j/crypto/whrlpool/wp_locl.h
@@ -1,3 +1,3 @@
#include <openssl/whrlpool.h>
-void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t);
+void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t) __attribute__ ((visibility ("hidden")));
Index: openssl-1.0.1h/crypto/x509v3/ext_dat.h
===================================================================
--- openssl-1.0.1h.orig/crypto/x509v3/ext_dat.h
+++ openssl-1.0.1h/crypto/x509v3/ext_dat.h
--- openssl-1.0.1j.orig/crypto/x509v3/ext_dat.h
+++ openssl-1.0.1j/crypto/x509v3/ext_dat.h
@@ -57,6 +57,8 @@
*/
/* This file contains a table of "standard" extensions */
@ -572,10 +512,8 @@ Index: openssl-1.0.1h/crypto/x509v3/ext_dat.h
/* Number of standard extensions */
#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
Index: openssl-1.0.1h/crypto/x509v3/pcy_int.h
===================================================================
--- openssl-1.0.1h.orig/crypto/x509v3/pcy_int.h
+++ openssl-1.0.1h/crypto/x509v3/pcy_int.h
--- openssl-1.0.1j.orig/crypto/x509v3/pcy_int.h
+++ openssl-1.0.1j/crypto/x509v3/pcy_int.h
@@ -56,6 +56,7 @@
*
*/
@ -590,10 +528,8 @@ Index: openssl-1.0.1h/crypto/x509v3/pcy_int.h
const X509_POLICY_CACHE *policy_cache_set(X509 *x);
+
+#pragma GCC visibility pop
Index: openssl-1.0.1h/crypto/modes/gcm128.c
===================================================================
--- openssl-1.0.1h.orig/crypto/modes/gcm128.c
+++ openssl-1.0.1h/crypto/modes/gcm128.c
--- openssl-1.0.1j.orig/crypto/modes/gcm128.c
+++ openssl-1.0.1j/crypto/modes/gcm128.c
@@ -567,8 +567,8 @@ static void gcm_ghash_4bit(u64 Xi[2],con
}
#endif
@ -618,10 +554,8 @@ Index: openssl-1.0.1h/crypto/modes/gcm128.c
# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
# define GHASH_ASM_X86
Index: openssl-1.0.1h/crypto/evp/e_rc4_hmac_md5.c
===================================================================
--- openssl-1.0.1h.orig/crypto/evp/e_rc4_hmac_md5.c
+++ openssl-1.0.1h/crypto/evp/e_rc4_hmac_md5.c
--- openssl-1.0.1j.orig/crypto/evp/e_rc4_hmac_md5.c
+++ openssl-1.0.1j/crypto/evp/e_rc4_hmac_md5.c
@@ -78,7 +78,7 @@ typedef struct
#define NO_PAYLOAD_LENGTH ((size_t)-1)
@ -631,10 +565,8 @@ Index: openssl-1.0.1h/crypto/evp/e_rc4_hmac_md5.c
#define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data)
Index: openssl-1.0.1h/crypto/cmac/cm_ameth.c
===================================================================
--- openssl-1.0.1h.orig/crypto/cmac/cm_ameth.c
+++ openssl-1.0.1h/crypto/cmac/cm_ameth.c
--- openssl-1.0.1j.orig/crypto/cmac/cm_ameth.c
+++ openssl-1.0.1j/crypto/cmac/cm_ameth.c
@@ -73,6 +73,7 @@ static void cmac_key_free(EVP_PKEY *pkey
CMAC_CTX_free(cmctx);
}
@ -643,10 +575,8 @@ Index: openssl-1.0.1h/crypto/cmac/cm_ameth.c
const EVP_PKEY_ASN1_METHOD cmac_asn1_meth =
{
EVP_PKEY_CMAC,
Index: openssl-1.0.1h/crypto/evp/pmeth_lib.c
===================================================================
--- openssl-1.0.1h.orig/crypto/evp/pmeth_lib.c
+++ openssl-1.0.1h/crypto/evp/pmeth_lib.c
--- openssl-1.0.1j.orig/crypto/evp/pmeth_lib.c
+++ openssl-1.0.1j/crypto/evp/pmeth_lib.c
@@ -70,7 +70,7 @@
typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
@ -656,10 +586,8 @@ Index: openssl-1.0.1h/crypto/evp/pmeth_lib.c
extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
Index: openssl-1.0.1h/crypto/cmac/cm_pmeth.c
===================================================================
--- openssl-1.0.1h.orig/crypto/cmac/cm_pmeth.c
+++ openssl-1.0.1h/crypto/cmac/cm_pmeth.c
--- openssl-1.0.1j.orig/crypto/cmac/cm_pmeth.c
+++ openssl-1.0.1j/crypto/cmac/cm_pmeth.c
@@ -188,6 +188,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C
return -2;
}
@ -668,11 +596,9 @@ Index: openssl-1.0.1h/crypto/cmac/cm_pmeth.c
const EVP_PKEY_METHOD cmac_pkey_meth =
{
EVP_PKEY_CMAC,
Index: openssl-1.0.1h/crypto/rand/md_rand.c
===================================================================
--- openssl-1.0.1h.orig/crypto/rand/md_rand.c
+++ openssl-1.0.1h/crypto/rand/md_rand.c
@@ -164,7 +164,7 @@ static int ssleay_rand_nopseudo_bytes(un
--- openssl-1.0.1j.orig/crypto/rand/md_rand.c
+++ openssl-1.0.1j/crypto/rand/md_rand.c
@@ -163,7 +163,7 @@ static int ssleay_rand_nopseudo_bytes(un
static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
static int ssleay_rand_status(void);
@ -681,10 +607,8 @@ Index: openssl-1.0.1h/crypto/rand/md_rand.c
ssleay_rand_seed,
ssleay_rand_nopseudo_bytes,
ssleay_rand_cleanup,
Index: openssl-1.0.1h/crypto/dh/dh_ameth.c
===================================================================
--- openssl-1.0.1h.orig/crypto/dh/dh_ameth.c
+++ openssl-1.0.1h/crypto/dh/dh_ameth.c
--- openssl-1.0.1j.orig/crypto/dh/dh_ameth.c
+++ openssl-1.0.1j/crypto/dh/dh_ameth.c
@@ -466,6 +466,7 @@ int DHparams_print(BIO *bp, const DH *x)
return do_dh_print(bp, x, 4, NULL, 0);
}
@ -693,10 +617,8 @@ Index: openssl-1.0.1h/crypto/dh/dh_ameth.c
const EVP_PKEY_ASN1_METHOD dh_asn1_meth =
{
EVP_PKEY_DH,
Index: openssl-1.0.1h/crypto/dh/dh_pmeth.c
===================================================================
--- openssl-1.0.1h.orig/crypto/dh/dh_pmeth.c
+++ openssl-1.0.1h/crypto/dh/dh_pmeth.c
--- openssl-1.0.1j.orig/crypto/dh/dh_pmeth.c
+++ openssl-1.0.1j/crypto/dh/dh_pmeth.c
@@ -217,6 +217,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *
return 1;
}
@ -705,11 +627,9 @@ Index: openssl-1.0.1h/crypto/dh/dh_pmeth.c
const EVP_PKEY_METHOD dh_pkey_meth =
{
EVP_PKEY_DH,
Index: openssl-1.0.1h/crypto/dsa/dsa_ameth.c
===================================================================
--- openssl-1.0.1h.orig/crypto/dsa/dsa_ameth.c
+++ openssl-1.0.1h/crypto/dsa/dsa_ameth.c
@@ -639,7 +639,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey,
--- openssl-1.0.1j.orig/crypto/dsa/dsa_ameth.c
+++ openssl-1.0.1j/crypto/dsa/dsa_ameth.c
@@ -645,7 +645,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey,
}
/* NB these are sorted in pkey_id order, lowest first */
@ -718,10 +638,8 @@ Index: openssl-1.0.1h/crypto/dsa/dsa_ameth.c
const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] =
{
Index: openssl-1.0.1h/crypto/dsa/dsa_pmeth.c
===================================================================
--- openssl-1.0.1h.orig/crypto/dsa/dsa_pmeth.c
+++ openssl-1.0.1h/crypto/dsa/dsa_pmeth.c
--- openssl-1.0.1j.orig/crypto/dsa/dsa_pmeth.c
+++ openssl-1.0.1j/crypto/dsa/dsa_pmeth.c
@@ -281,6 +281,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX
return DSA_generate_key(pkey->pkey.dsa);
}
@ -730,11 +648,9 @@ Index: openssl-1.0.1h/crypto/dsa/dsa_pmeth.c
const EVP_PKEY_METHOD dsa_pkey_meth =
{
EVP_PKEY_DSA,
Index: openssl-1.0.1h/crypto/ec/ec_ameth.c
===================================================================
--- openssl-1.0.1h.orig/crypto/ec/ec_ameth.c
+++ openssl-1.0.1h/crypto/ec/ec_ameth.c
@@ -626,6 +626,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey,
--- openssl-1.0.1j.orig/crypto/ec/ec_ameth.c
+++ openssl-1.0.1j/crypto/ec/ec_ameth.c
@@ -628,6 +628,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey,
}
@ -742,10 +658,8 @@ Index: openssl-1.0.1h/crypto/ec/ec_ameth.c
const EVP_PKEY_ASN1_METHOD eckey_asn1_meth =
{
EVP_PKEY_EC,
Index: openssl-1.0.1h/crypto/ec/ec_pmeth.c
===================================================================
--- openssl-1.0.1h.orig/crypto/ec/ec_pmeth.c
+++ openssl-1.0.1h/crypto/ec/ec_pmeth.c
--- openssl-1.0.1j.orig/crypto/ec/ec_pmeth.c
+++ openssl-1.0.1j/crypto/ec/ec_pmeth.c
@@ -304,6 +304,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *
return EC_KEY_generate_key(pkey->pkey.ec);
}
@ -754,10 +668,8 @@ Index: openssl-1.0.1h/crypto/ec/ec_pmeth.c
const EVP_PKEY_METHOD ec_pkey_meth =
{
EVP_PKEY_EC,
Index: openssl-1.0.1h/crypto/hmac/hm_ameth.c
===================================================================
--- openssl-1.0.1h.orig/crypto/hmac/hm_ameth.c
+++ openssl-1.0.1h/crypto/hmac/hm_ameth.c
--- openssl-1.0.1j.orig/crypto/hmac/hm_ameth.c
+++ openssl-1.0.1j/crypto/hmac/hm_ameth.c
@@ -138,6 +138,7 @@ static int old_hmac_encode(const EVP_PKE
#endif
@ -766,10 +678,8 @@ Index: openssl-1.0.1h/crypto/hmac/hm_ameth.c
const EVP_PKEY_ASN1_METHOD hmac_asn1_meth =
{
EVP_PKEY_HMAC,
Index: openssl-1.0.1h/crypto/hmac/hm_pmeth.c
===================================================================
--- openssl-1.0.1h.orig/crypto/hmac/hm_pmeth.c
+++ openssl-1.0.1h/crypto/hmac/hm_pmeth.c
--- openssl-1.0.1j.orig/crypto/hmac/hm_pmeth.c
+++ openssl-1.0.1j/crypto/hmac/hm_pmeth.c
@@ -235,6 +235,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C
return -2;
}
@ -778,10 +688,8 @@ Index: openssl-1.0.1h/crypto/hmac/hm_pmeth.c
const EVP_PKEY_METHOD hmac_pkey_meth =
{
EVP_PKEY_HMAC,
Index: openssl-1.0.1h/crypto/rsa/rsa_ameth.c
===================================================================
--- openssl-1.0.1h.orig/crypto/rsa/rsa_ameth.c
+++ openssl-1.0.1h/crypto/rsa/rsa_ameth.c
--- openssl-1.0.1j.orig/crypto/rsa/rsa_ameth.c
+++ openssl-1.0.1j/crypto/rsa/rsa_ameth.c
@@ -657,6 +657,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx
return 2;
}
@ -790,10 +698,8 @@ Index: openssl-1.0.1h/crypto/rsa/rsa_ameth.c
const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] =
{
{
Index: openssl-1.0.1h/crypto/rsa/rsa_pmeth.c
===================================================================
--- openssl-1.0.1h.orig/crypto/rsa/rsa_pmeth.c
+++ openssl-1.0.1h/crypto/rsa/rsa_pmeth.c
--- openssl-1.0.1j.orig/crypto/rsa/rsa_pmeth.c
+++ openssl-1.0.1j/crypto/rsa/rsa_pmeth.c
@@ -685,6 +685,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX
return ret;
}
@ -802,10 +708,8 @@ Index: openssl-1.0.1h/crypto/rsa/rsa_pmeth.c
const EVP_PKEY_METHOD rsa_pkey_meth =
{
EVP_PKEY_RSA,
Index: openssl-1.0.1h/crypto/objects/obj_xref.c
===================================================================
--- openssl-1.0.1h.orig/crypto/objects/obj_xref.c
+++ openssl-1.0.1h/crypto/objects/obj_xref.c
--- openssl-1.0.1j.orig/crypto/objects/obj_xref.c
+++ openssl-1.0.1j/crypto/objects/obj_xref.c
@@ -60,7 +60,7 @@
#include "obj_xref.h"
@ -815,10 +719,8 @@ Index: openssl-1.0.1h/crypto/objects/obj_xref.c
static int sig_cmp(const nid_triple *a, const nid_triple *b)
{
Index: openssl-1.0.1h/crypto/pem/pem_lib.c
===================================================================
--- openssl-1.0.1h.orig/crypto/pem/pem_lib.c
+++ openssl-1.0.1h/crypto/pem/pem_lib.c
--- openssl-1.0.1j.orig/crypto/pem/pem_lib.c
+++ openssl-1.0.1j/crypto/pem/pem_lib.c
@@ -80,7 +80,7 @@ const char PEM_version[]="PEM" OPENSSL_V
static int load_iv(char **fromp,unsigned char *to, int num);
@ -828,10 +730,8 @@ Index: openssl-1.0.1h/crypto/pem/pem_lib.c
int PEM_def_callback(char *buf, int num, int w, void *key)
{
Index: openssl-1.0.1h/crypto/asn1/tasn_prn.c
===================================================================
--- openssl-1.0.1h.orig/crypto/asn1/tasn_prn.c
+++ openssl-1.0.1h/crypto/asn1/tasn_prn.c
--- openssl-1.0.1j.orig/crypto/asn1/tasn_prn.c
+++ openssl-1.0.1j/crypto/asn1/tasn_prn.c
@@ -72,7 +72,7 @@
/* ASN1_PCTX routines */
@ -841,10 +741,8 @@ Index: openssl-1.0.1h/crypto/asn1/tasn_prn.c
{
ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */
0, /* nm_flags */
Index: openssl-1.0.1h/crypto/bn/bn_exp.c
===================================================================
--- openssl-1.0.1h.orig/crypto/bn/bn_exp.c
+++ openssl-1.0.1h/crypto/bn/bn_exp.c
--- openssl-1.0.1j.orig/crypto/bn/bn_exp.c
+++ openssl-1.0.1j/crypto/bn/bn_exp.c
@@ -684,11 +684,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
{
void bn_mul_mont_gather5(BN_ULONG *rp,const BN_ULONG *ap,
@ -860,10 +758,8 @@ Index: openssl-1.0.1h/crypto/bn/bn_exp.c
BN_ULONG *np=mont->N.d, *n0=mont->n0;
Index: openssl-1.0.1h/crypto/bn/bn_gf2m.c
===================================================================
--- openssl-1.0.1h.orig/crypto/bn/bn_gf2m.c
+++ openssl-1.0.1h/crypto/bn/bn_gf2m.c
--- openssl-1.0.1j.orig/crypto/bn/bn_gf2m.c
+++ openssl-1.0.1j/crypto/bn/bn_gf2m.c
@@ -220,7 +220,7 @@ static void bn_GF2m_mul_2x2(BN_ULONG *r,
r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */
}
@ -873,34 +769,3 @@ Index: openssl-1.0.1h/crypto/bn/bn_gf2m.c
#endif
/* Add polynomials a and b and store result in r; r could be a or b, a and b
Index: openssl-1.0.1h/test/Makefile
===================================================================
--- openssl-1.0.1h.orig/test/Makefile
+++ openssl-1.0.1h/test/Makefile
@@ -75,7 +75,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_
$(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
$(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
$(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \
- $(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT)
+ $(ASN1TEST)$(EXE_EXT)
# $(METHTEST)$(EXE_EXT)
@@ -87,7 +87,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATES
$(MDC2TEST).o $(RMDTEST).o \
$(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \
- $(EVPTEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o $(HEARTBEATTEST).o
+ $(EVPTEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o
SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
@@ -140,7 +140,7 @@ alltests: \
test_enc test_x509 test_rsa test_crl test_sid \
test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \
- test_jpake test_srp test_cms test_heartbeat
+ test_jpake test_srp test_cms
test_evp:
../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt

234
openssl-1.0.1e-fips-ec.patch
View File

@ -1,7 +1,5 @@
Index: openssl-1.0.1g/crypto/ecdh/ecdh.h
===================================================================
--- openssl-1.0.1g.orig/crypto/ecdh/ecdh.h
+++ openssl-1.0.1g/crypto/ecdh/ecdh.h
--- openssl-1.0.1j.orig/crypto/ecdh/ecdh.h
+++ openssl-1.0.1j/crypto/ecdh/ecdh.h
@@ -85,6 +85,8 @@
extern "C" {
#endif
@ -11,10 +9,8 @@ Index: openssl-1.0.1g/crypto/ecdh/ecdh.h
const ECDH_METHOD *ECDH_OpenSSL(void);
void ECDH_set_default_method(const ECDH_METHOD *);
Index: openssl-1.0.1g/crypto/ecdh/ecdhtest.c
===================================================================
--- openssl-1.0.1g.orig/crypto/ecdh/ecdhtest.c
+++ openssl-1.0.1g/crypto/ecdh/ecdhtest.c
--- openssl-1.0.1j.orig/crypto/ecdh/ecdhtest.c
+++ openssl-1.0.1j/crypto/ecdh/ecdhtest.c
@@ -323,11 +323,15 @@ int main(int argc, char *argv[])
if ((ctx=BN_CTX_new()) == NULL) goto err;
@ -31,10 +27,8 @@ Index: openssl-1.0.1g/crypto/ecdh/ecdhtest.c
#ifndef OPENSSL_NO_EC2M
/* NIST BINARY CURVES TESTS */
if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
Index: openssl-1.0.1g/crypto/ecdh/ech_lib.c
===================================================================
--- openssl-1.0.1g.orig/crypto/ecdh/ech_lib.c
+++ openssl-1.0.1g/crypto/ecdh/ech_lib.c
--- openssl-1.0.1j.orig/crypto/ecdh/ech_lib.c
+++ openssl-1.0.1j/crypto/ecdh/ech_lib.c
@@ -94,14 +94,7 @@ const ECDH_METHOD *ECDH_get_default_meth
{
if(!default_ECDH_method)
@ -50,10 +44,8 @@ Index: openssl-1.0.1g/crypto/ecdh/ech_lib.c
}
return default_ECDH_method;
}
Index: openssl-1.0.1g/crypto/ecdh/ech_ossl.c
===================================================================
--- openssl-1.0.1g.orig/crypto/ecdh/ech_ossl.c
+++ openssl-1.0.1g/crypto/ecdh/ech_ossl.c
--- openssl-1.0.1j.orig/crypto/ecdh/ech_ossl.c
+++ openssl-1.0.1j/crypto/ecdh/ech_ossl.c
@@ -79,6 +79,10 @@
#include <openssl/obj_mac.h>
#include <openssl/bn.h>
@ -108,10 +100,8 @@ Index: openssl-1.0.1g/crypto/ecdh/ech_ossl.c
if ((tmp=EC_POINT_new(group)) == NULL)
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
Index: openssl-1.0.1g/crypto/ecdsa/ecdsatest.c
===================================================================
--- openssl-1.0.1g.orig/crypto/ecdsa/ecdsatest.c
+++ openssl-1.0.1g/crypto/ecdsa/ecdsatest.c
--- openssl-1.0.1j.orig/crypto/ecdsa/ecdsatest.c
+++ openssl-1.0.1j/crypto/ecdsa/ecdsatest.c
@@ -138,11 +138,14 @@ int restore_rand(void)
}
@ -147,10 +137,8 @@ Index: openssl-1.0.1g/crypto/ecdsa/ecdsatest.c
if (!test_builtin(out)) goto err;
ret = 0;
Index: openssl-1.0.1g/crypto/ecdsa/ecs_lib.c
===================================================================
--- openssl-1.0.1g.orig/crypto/ecdsa/ecs_lib.c
+++ openssl-1.0.1g/crypto/ecdsa/ecs_lib.c
--- openssl-1.0.1j.orig/crypto/ecdsa/ecs_lib.c
+++ openssl-1.0.1j/crypto/ecdsa/ecs_lib.c
@@ -81,14 +81,7 @@ const ECDSA_METHOD *ECDSA_get_default_me
{
if(!default_ECDSA_method)
@ -166,10 +154,8 @@ Index: openssl-1.0.1g/crypto/ecdsa/ecs_lib.c
}
return default_ECDSA_method;
}
Index: openssl-1.0.1g/crypto/ecdsa/ecs_ossl.c
===================================================================
--- openssl-1.0.1g.orig/crypto/ecdsa/ecs_ossl.c
+++ openssl-1.0.1g/crypto/ecdsa/ecs_ossl.c
--- openssl-1.0.1j.orig/crypto/ecdsa/ecs_ossl.c
+++ openssl-1.0.1j/crypto/ecdsa/ecs_ossl.c
@@ -60,6 +60,9 @@
#include <openssl/err.h>
#include <openssl/obj_mac.h>
@ -219,10 +205,8 @@ Index: openssl-1.0.1g/crypto/ecdsa/ecs_ossl.c
/* check input values */
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
(pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)
Index: openssl-1.0.1g/crypto/ec/ec_key.c
===================================================================
--- openssl-1.0.1g.orig/crypto/ec/ec_key.c
+++ openssl-1.0.1g/crypto/ec/ec_key.c
--- openssl-1.0.1j.orig/crypto/ec/ec_key.c
+++ openssl-1.0.1j/crypto/ec/ec_key.c
@@ -64,9 +64,6 @@
#include <string.h>
#include "ec_lcl.h"
@ -319,114 +303,8 @@ Index: openssl-1.0.1g/crypto/ec/ec_key.c
{
ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
EC_R_COORDINATES_OUT_OF_RANGE);
Index: openssl-1.0.1g/crypto/ec/ecp_mont.c
===================================================================
--- openssl-1.0.1g.orig/crypto/ec/ecp_mont.c
+++ openssl-1.0.1g/crypto/ec/ecp_mont.c
@@ -63,18 +63,11 @@
#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
#include "ec_lcl.h"
const EC_METHOD *EC_GFp_mont_method(void)
{
-#ifdef OPENSSL_FIPS
- return fips_ec_gfp_mont_method();
-#else
static const EC_METHOD ret = {
EC_FLAGS_DEFAULT_OCT,
NID_X9_62_prime_field,
@@ -115,7 +108,6 @@ const EC_METHOD *EC_GFp_mont_method(void
ec_GFp_mont_field_set_to_one };
return &ret;
-#endif
}
Index: openssl-1.0.1g/crypto/ec/ecp_nist.c
===================================================================
--- openssl-1.0.1g.orig/crypto/ec/ecp_nist.c
+++ openssl-1.0.1g/crypto/ec/ecp_nist.c
@@ -67,15 +67,8 @@
#include <openssl/obj_mac.h>
#include "ec_lcl.h"
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
const EC_METHOD *EC_GFp_nist_method(void)
{
-#ifdef OPENSSL_FIPS
- return fips_ec_gfp_nist_method();
-#else
static const EC_METHOD ret = {
EC_FLAGS_DEFAULT_OCT,
NID_X9_62_prime_field,
@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_nist_method(void
0 /* field_set_to_one */ };
return &ret;
-#endif
}
int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
Index: openssl-1.0.1g/crypto/ec/ecp_smpl.c
===================================================================
--- openssl-1.0.1g.orig/crypto/ec/ecp_smpl.c
+++ openssl-1.0.1g/crypto/ec/ecp_smpl.c
@@ -65,17 +65,10 @@
#include <openssl/err.h>
#include <openssl/symhacks.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
#include "ec_lcl.h"
const EC_METHOD *EC_GFp_simple_method(void)
{
-#ifdef OPENSSL_FIPS
- return fips_ec_gfp_simple_method();
-#else
static const EC_METHOD ret = {
EC_FLAGS_DEFAULT_OCT,
NID_X9_62_prime_field,
@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_simple_method(vo
0 /* field_set_to_one */ };
return &ret;
-#endif
}
@@ -186,6 +178,14 @@ int ec_GFp_simple_group_set_curve(EC_GRO
return 0;
}
+/* we comment the few following lines, temporarily...for avoiding small curves */
+/*
+ if (BN_num_bits(p) < 256)
+ {
+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
+ return 0;
+ }
+*/
if (ctx == NULL)
{
ctx = new_ctx = BN_CTX_new();
Index: openssl-1.0.1g/crypto/evp/m_ecdsa.c
===================================================================
--- openssl-1.0.1g.orig/crypto/evp/m_ecdsa.c
+++ openssl-1.0.1g/crypto/evp/m_ecdsa.c
--- openssl-1.0.1j.orig/crypto/evp/m_ecdsa.c
+++ openssl-1.0.1j/crypto/evp/m_ecdsa.c
@@ -116,7 +116,6 @@
#include <openssl/x509.h>
@ -449,10 +327,8 @@ Index: openssl-1.0.1g/crypto/evp/m_ecdsa.c
}
#endif
-#endif
Index: openssl-1.0.1g/crypto/fips/cavs/fips_ecdhvs.c
===================================================================
--- /dev/null
+++ openssl-1.0.1g/crypto/fips/cavs/fips_ecdhvs.c
+++ openssl-1.0.1j/crypto/fips/cavs/fips_ecdhvs.c
@@ -0,0 +1,496 @@
+/* fips/ecdh/fips_ecdhvs.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -950,10 +826,8 @@ Index: openssl-1.0.1g/crypto/fips/cavs/fips_ecdhvs.c
+ }
+
+#endif
Index: openssl-1.0.1g/crypto/fips/cavs/fips_ecdsavs.c
===================================================================
--- /dev/null
+++ openssl-1.0.1g/crypto/fips/cavs/fips_ecdsavs.c
+++ openssl-1.0.1j/crypto/fips/cavs/fips_ecdsavs.c
@@ -0,0 +1,533 @@
+/* fips/ecdsa/fips_ecdsavs.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1488,10 +1362,8 @@ Index: openssl-1.0.1g/crypto/fips/cavs/fips_ecdsavs.c
+ }
+
+#endif
Index: openssl-1.0.1g/crypto/fips/fips_ecdh_selftest.c
===================================================================
--- /dev/null
+++ openssl-1.0.1g/crypto/fips/fips_ecdh_selftest.c
+++ openssl-1.0.1j/crypto/fips/fips_ecdh_selftest.c
@@ -0,0 +1,252 @@
+/* fips/ecdh/fips_ecdh_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1745,10 +1617,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_ecdh_selftest.c
+ }
+
+#endif
Index: openssl-1.0.1g/crypto/fips/fips_ecdsa_selftest.c
===================================================================
--- /dev/null
+++ openssl-1.0.1g/crypto/fips/fips_ecdsa_selftest.c
+++ openssl-1.0.1j/crypto/fips/fips_ecdsa_selftest.c
@@ -0,0 +1,167 @@
+/* fips/ecdsa/fips_ecdsa_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1917,10 +1787,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_ecdsa_selftest.c
+ }
+
+#endif
Index: openssl-1.0.1g/crypto/fips/fips.h
===================================================================
--- openssl-1.0.1g.orig/crypto/fips/fips.h
+++ openssl-1.0.1g/crypto/fips/fips.h
--- openssl-1.0.1j.orig/crypto/fips/fips.h
+++ openssl-1.0.1j/crypto/fips/fips.h
@@ -93,6 +93,8 @@ int FIPS_selftest_rsa(void);
void FIPS_corrupt_dsa(void);
void FIPS_corrupt_dsa_keygen(void);
@ -1930,10 +1798,8 @@ Index: openssl-1.0.1g/crypto/fips/fips.h
void FIPS_corrupt_rng(void);
void FIPS_rng_stick(void);
void FIPS_x931_stick(int onoff);
Index: openssl-1.0.1g/crypto/fips/fips_post.c
===================================================================
--- openssl-1.0.1g.orig/crypto/fips/fips_post.c
+++ openssl-1.0.1g/crypto/fips/fips_post.c
--- openssl-1.0.1j.orig/crypto/fips/fips_post.c
+++ openssl-1.0.1j/crypto/fips/fips_post.c
@@ -95,8 +95,12 @@ int FIPS_selftest(void)
rv = 0;
if (!FIPS_selftest_rsa())
@ -1947,10 +1813,8 @@ Index: openssl-1.0.1g/crypto/fips/fips_post.c
return rv;
}
Index: openssl-1.0.1g/crypto/fips/Makefile
===================================================================
--- openssl-1.0.1g.orig/crypto/fips/Makefile
+++ openssl-1.0.1g/crypto/fips/Makefile
--- openssl-1.0.1j.orig/crypto/fips/Makefile
+++ openssl-1.0.1j/crypto/fips/Makefile
@@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self
fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
@ -2052,3 +1916,45 @@ Index: openssl-1.0.1g/crypto/fips/Makefile
fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
--- openssl-1.0.1j.orig/crypto/ec/ecp_nist.c
+++ openssl-1.0.1j/crypto/ec/ecp_nist.c
@@ -112,11 +112,6 @@ const EC_METHOD *EC_GFp_nist_method(void
0 /* field_decode */,
0 /* field_set_to_one */ };
-#ifdef OPENSSL_FIPS
- if (FIPS_mode())
- return fips_ec_gfp_nist_method();
-#endif
-
return &ret;
}
--- openssl-1.0.1j.orig/crypto/ec/ecp_smpl.c
+++ openssl-1.0.1j/crypto/ec/ecp_smpl.c
@@ -112,11 +112,6 @@ const EC_METHOD *EC_GFp_simple_method(vo
0 /* field_decode */,
0 /* field_set_to_one */ };
-#ifdef OPENSSL_FIPS
- if (FIPS_mode())
- return fips_ec_gfp_simple_method();
-#endif
-
return &ret;
}
--- openssl-1.0.1j.orig/crypto/ec/ecp_mont.c
+++ openssl-1.0.1j/crypto/ec/ecp_mont.c
@@ -111,11 +111,6 @@ const EC_METHOD *EC_GFp_mont_method(void
ec_GFp_mont_field_decode,
ec_GFp_mont_field_set_to_one };
-#ifdef OPENSSL_FIPS
- if (FIPS_mode())
- return fips_ec_gfp_mont_method();
-#endif
-
return &ret;
}

631
openssl-1.0.1e-fips.patch
View File

File diff suppressed because it is too large Load Diff

59
openssl-1.0.1i-noec2m-fix.patch Normal file
View File

@ -0,0 +1,59 @@
From 90fec44393443f93d6f7fb00662472bb2a8a6c9b Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 10 Nov 2014 23:42:50 +0000
Subject: [PATCH] Added OPENSSL_NO_EC2M guards around the preferred EC curve
list
---
ssl/t1_lib.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index d6aff4b..8dafc6e 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -204,28 +204,40 @@ static int nid_list[] =
static int pref_list[] =
{
+#ifndef OPENSSL_NO_EC2M
NID_sect571r1, /* sect571r1 (14) */
NID_sect571k1, /* sect571k1 (13) */
+#endif
NID_secp521r1, /* secp521r1 (25) */
+#ifndef OPENSSL_NO_EC2M
NID_sect409k1, /* sect409k1 (11) */
NID_sect409r1, /* sect409r1 (12) */
+#endif
NID_secp384r1, /* secp384r1 (24) */
+#ifndef OPENSSL_NO_EC2M
NID_sect283k1, /* sect283k1 (9) */
NID_sect283r1, /* sect283r1 (10) */
+#endif
NID_secp256k1, /* secp256k1 (22) */
NID_X9_62_prime256v1, /* secp256r1 (23) */
+#ifndef OPENSSL_NO_EC2M
NID_sect239k1, /* sect239k1 (8) */
NID_sect233k1, /* sect233k1 (6) */
NID_sect233r1, /* sect233r1 (7) */
+#endif
NID_secp224k1, /* secp224k1 (20) */
NID_secp224r1, /* secp224r1 (21) */
+#ifndef OPENSSL_NO_EC2M
NID_sect193r1, /* sect193r1 (4) */
NID_sect193r2, /* sect193r2 (5) */
+#endif
NID_secp192k1, /* secp192k1 (18) */
NID_X9_62_prime192v1, /* secp192r1 (19) */
+#ifndef OPENSSL_NO_EC2M
NID_sect163k1, /* sect163k1 (1) */
NID_sect163r1, /* sect163r1 (2) */
NID_sect163r2, /* sect163r2 (3) */
+#endif
NID_secp160k1, /* secp160k1 (15) */
NID_secp160r1, /* secp160r1 (16) */
NID_secp160r2, /* secp160r2 (17) */
--
2.1.0

3
openssl-1.0.1i.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7
size 4422117

11
openssl-1.0.1i.tar.gz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJT4pu4AAoJENnE0m0OYESRle0H/A6fmNlUkhJ5NS5/W6HbztKE
j5xWzecv7HKElr01tleyGkefwg/whBhE1HN0QsFygOR29HFF4dhijjarYj7gh6tR
rsTGpbi+i0j2355a/BJdisXx9IESQLHeXxIAcGYEyWJKAUPzIHnIq/de+/IU9Luz
Ck5aNaB2epB8mAyqHD8tkyK52764ngATElsuz9/aSGBSgoNkLXa/3nDEink2ckaD
+fiBftKALEmJy+aaKp3E3PE3rQ02L0UK0hsO9DfOe0SZtFOd1nGF3Pb1DgGvum+R
RYUXuroGc6D126lK/ThhqZxBOWn+TYmm9g+P15r9nWOUvqvP1Bn2no0AvRvZH30=
=f6Uy
-----END PGP SIGNATURE-----

3
openssl-1.0.1j.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3
size 4432964

11
openssl-1.0.1j.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJUPm6ZAAoJENnE0m0OYESRnTMH/3C0nbnYzAn5mO+PIZUs/yJ5
DWFKNY4nUeJDuI6V1M95qhnQVn4ae3ikCQeXXVQEMMeWf2giATGJAmt0bJsyylfE
M/q9K6/hyshJDMXNWK0BvoC/XjE5ohwZQEFHjqvcS1+ednOsuLoBPNslghA2CNTC
8+iv9+eOMcTJyraEh09jjCzn7WNaL2IMyvx1b7xtj4zvZ6chVEoqSSYM820NdqZQ
1xoClVOXn/IEkoUOG81NgzsMol7AjPM8AVeG7UGHqqKy/TGKHAiik6gpLjOpGpzv
iyU7nMzK+YhWU1UgJdXu7De0FjekTFgZgHCANdw1FmPcGpiXJsZcY+jPaYNCouQ=
=h6ga
-----END PGP SIGNATURE-----

25
openssl.changes
View File

@ -1,3 +1,28 @@
-------------------------------------------------------------------
Tue Nov 18 09:42:50 UTC 2014 - brian@aljex.com
- suse_version 10.1 & 10.2 x86_64 can not enable-ec_nistp_64_gcc_128
-------------------------------------------------------------------
Mon Nov 17 12:34:12 UTC 2014 - meissner@suse.com
- openssl-1.0.1i-noec2m-fix.patch: only report the Elliptic Curves
we actually support (not the binary ones) (bnc#905037)
-------------------------------------------------------------------
Fri Nov 7 22:09:27 UTC 2014 - brian@aljex.com
- openSUSE < 11.2 doesn't have accept4()
-------------------------------------------------------------------
Tue Oct 21 19:58:31 UTC 2014 - crrodriguez@opensuse.org
- openSSL 1.0.1j
* Fix SRTP Memory Leak (CVE-2014-3513)
* Session Ticket Memory Leak (CVE-2014-3567)
* Add SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV)
* Build option no-ssl3 is incomplete (CVE-2014-3568)
-------------------------------------------------------------------
Thu Aug 21 15:05:43 UTC 2014 - meissner@suse.com

10
openssl.spec
View File

@ -29,7 +29,7 @@ Provides: ssl
%ifarch ppc64
Obsoletes: openssl-64bit
%endif
Version: 1.0.1i
Version: 1.0.1j
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL
@ -47,7 +47,9 @@ Source11: README-FIPS.txt
Patch0: merge_from_0.9.8k.patch
Patch1: openssl-1.0.0-c_rehash-compat.diff
Patch2: bug610223.patch
%if 0%{?suse_version} >= 1120
Patch3: openssl-ocloexec.patch
%endif
Patch4: VIA_padlock_support_on_64systems.patch
# PATCH-FIX-UPSTREAM http://rt.openssl.org/Ticket/Attachment/WithHeaders/20049
Patch5: openssl-fix-pod-syntax.diff
@ -72,6 +74,7 @@ Patch34: openssl-fips-hidden.patch
Patch35: openssl-1.0.1e-add-suse-default-cipher.patch
Patch36: openssl-1.0.1e-add-suse-default-cipher-header.patch
Patch37: openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
Patch38: openssl-1.0.1i-noec2m-fix.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -164,7 +167,9 @@ this package's base documentation.
%patch0 -p1
%patch1 -p1
%patch2 -p1
%if 0%{?suse_version} >= 1120
%patch3
%endif
%patch4 -p1
%patch5 -p1
%patch6 -p1
@ -186,6 +191,7 @@ this package's base documentation.
%patch35 -p1
%patch36 -p1
%patch37 -p1
%patch38 -p1
cp -p %{S:10} .
cp -p %{S:11} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
@ -243,8 +249,10 @@ no-ssl2 \
enable-rfc3779 \
%endif
%ifarch x86_64 aarch64 ppc64le
%if 0%{?suse_version} < 1010 || 0%{?suse_version} > 1020
enable-ec_nistp_64_gcc_128 \
%endif
%endif
enable-camellia \
zlib \
no-ec2m \