diff --git a/0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch b/0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch deleted file mode 100644 index d3af960..0000000 --- a/0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch +++ /dev/null @@ -1,79 +0,0 @@ -From fac9200a881a83bef038ebed628ebd409786a1a6 Mon Sep 17 00:00:00 2001 -From: Vitezslav Cizek -Date: Tue, 4 Jun 2019 13:24:59 +0200 -Subject: [PATCH] build_SYS_str_reasons: Fix a crash caused by overlong locales - -The 4 kB SPACE_SYS_STR_REASONS in crypto/err/err.c isn't enough for some locales. -The Russian locales consume 6856 bytes, Ukrainian even 7000. - -build_SYS_str_reasons() contains an overflow check: - -if (cnt > sizeof(strerror_pool)) - cnt = sizeof(strerror_pool); - -But since commit 9f15e5b911ba6053e09578f190354568e01c07d7 it no longer -works as cnt is incremented once more after the condition. - -cnt greater than sizeof(strerror_pool) results in an unbounded -OPENSSL_strlcpy() in openssl_strerror_r(), eventually causing a crash. - -When the first received error string was empty or contained only -spaces, cur would move in front of the start of the strerror_pool. - -Also don't call openssl_strerror_r when the pool is full. - -Reviewed-by: Bernd Edlinger -Reviewed-by: Richard Levitte -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/8966) ---- - crypto/err/err.c | 16 +++++++++------- - 1 file changed, 9 insertions(+), 7 deletions(-) - -diff --git a/crypto/err/err.c b/crypto/err/err.c -index 57399f82ad..cf3ae4d3b3 100644 ---- a/crypto/err/err.c -+++ b/crypto/err/err.c -@@ -188,8 +188,8 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) - } - - #ifndef OPENSSL_NO_ERR --/* A measurement on Linux 2018-11-21 showed about 3.5kib */ --# define SPACE_SYS_STR_REASONS 4 * 1024 -+/* 2019-05-21: Russian and Ukrainian locales on Linux require more than 6,5 kB */ -+# define SPACE_SYS_STR_REASONS 8 * 1024 - # define NUM_SYS_STR_REASONS 127 - - static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; -@@ -223,21 +223,23 @@ static void build_SYS_str_reasons(void) - ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; - - str->error = ERR_PACK(ERR_LIB_SYS, 0, i); -- if (str->string == NULL) { -+ /* -+ * If we have used up all the space in strerror_pool, -+ * there's no point in calling openssl_strerror_r() -+ */ -+ if (str->string == NULL && cnt < sizeof(strerror_pool)) { - if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) { - size_t l = strlen(cur); - - str->string = cur; - cnt += l; -- if (cnt > sizeof(strerror_pool)) -- cnt = sizeof(strerror_pool); - cur += l; - - /* - * VMS has an unusual quirk of adding spaces at the end of -- * some (most? all?) messages. Lets trim them off. -+ * some (most? all?) messages. Lets trim them off. - */ -- while (ossl_isspace(cur[-1])) { -+ while (cur > strerror_pool && ossl_isspace(cur[-1])) { - cur--; - cnt--; - } --- -2.21.0 - diff --git a/openssl-1.1.0-no-html.patch b/openssl-1.1.0-no-html.patch index 45d701e..0b35e05 100644 --- a/openssl-1.1.0-no-html.patch +++ b/openssl-1.1.0-no-html.patch @@ -1,7 +1,8 @@ -diff -up openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.nohtml openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl ---- openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.no-html 2016-04-19 16:57:52.000000000 +0200 -+++ openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl 2016-07-18 13:58:55.060106243 +0200 -@@ -288,7 +288,7 @@ install_sw: all install_dev install_engi +Index: openssl-1.1.1d/Configurations/unix-Makefile.tmpl +=================================================================== +--- openssl-1.1.1d.orig/Configurations/unix-Makefile.tmpl 2019-09-11 15:38:17.788265421 +0200 ++++ openssl-1.1.1d/Configurations/unix-Makefile.tmpl 2019-09-11 15:38:35.640368636 +0200 +@@ -544,7 +544,7 @@ install_sw: install_dev install_engines uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev @@ -9,4 +10,4 @@ diff -up openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.nohtml openssl-1.1 +install_docs: install_man_docs uninstall_docs: uninstall_man_docs uninstall_html_docs - $(RM) -r -v $(DESTDIR)$(DOCDIR) + $(RM) -r $(DESTDIR)$(DOCDIR) diff --git a/openssl-1.1.1c.tar.gz b/openssl-1.1.1c.tar.gz deleted file mode 100644 index 61f257f..0000000 --- a/openssl-1.1.1c.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f6fb3079ad15076154eda9413fed42877d668e7069d9b87396d0804fdb3f4c90 -size 8864262 diff --git a/openssl-1.1.1c.tar.gz.asc b/openssl-1.1.1c.tar.gz.asc deleted file mode 100644 index b4a4677..0000000 --- a/openssl-1.1.1c.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEeVOsH7w9yLOykjk+1enkP3357owFAlztM8IACgkQ1enkP335 -7oxQwQ/9G4kkoJC0pat5P4uNBgVyxmXso63Eea91QYGC39BABSL+KpEzfyJtFwqR -36EAI8f5L5iGRKuBKerWtP8YUZ9Jc0Yf/a1R7sPGKh/0hor6dWhU1fh5x3HCatBC -TanYbgXgAQhNHQcwVG6qdvHIwtb9so5NtDB0cKNcegoH6D0IOUtQmYrqXiovsc3K -DwqgUL2ctUvDmroJVE4lQ6zpz239D3UoeSiTWAVGy/GudpQgx/9v6fqwO91/tyWk -Grlpf2v320dLCbCXrbbW4lPq7IeoIkTgPwnVlyLMrm4Ht+Ck6KPgbUyRaVpSuJum -6geA9Miczekv3PhPkF2/ltKwRLUt1TmujBdNTAxYXX6VWw32oh5YSQ2wTVZgvCN/ -HJvSW5N2fuEsO8jYX/0RxZjGrbsGyCXtXqElwmETO8JX+wuc6Rd1IFdDKDszUbLh -HEtMBdb/Dhv//gNkEwrPHw9tLH8nd+B4dCJNC/4+Au54t6SpRT2sV6FVNA4Ytkpu -O1OCs2cmIuGFBylDDZCSCWG+1U/dUVoqRh0ufg9PcFDdeicp6Q6cqyBNEVNXG7HU -g7c5zf0XOT7m3+G+d+pPvvzOsZrTKVlOcsAlI7aiqTFFtUUGpHtjm03OP2SKrakb -bPjVbZWzjvRe3st8+GXdv2/i0SuVZW0mTE+6+pPd1/6VlRGOqmI= -=+39w ------END PGP SIGNATURE----- diff --git a/openssl-1.1.1d.tar.gz b/openssl-1.1.1d.tar.gz new file mode 100644 index 0000000..54e6259 --- /dev/null +++ b/openssl-1.1.1d.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2 +size 8845861 diff --git a/openssl-1.1.1d.tar.gz.asc b/openssl-1.1.1d.tar.gz.asc new file mode 100644 index 0000000..ec14a48 --- /dev/null +++ b/openssl-1.1.1d.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl13oWoACgkQ2cTSbQ5g +RJH0Agf+IekQXtSPsrn/5RMgXFGSyK+S1BpFhyoJRvDocVZAxwgvd4F1fcYkFVXH +5+Q6o6s6tIDb+VkuIajcDxTQvrFoXKWMbsFsu3NBAan5R0OlYINRYtXULg0ZqQv4 +zxclCSLQTpuMyptuGGbg0/8+9IAhGFk2XSA5EEI+SC6lswRQiT7p6dbULj4CvH3m +7mqovojAAaEJpgfG8b+L+QBJ4XId99uC6tiLM1tTMCsn1ErLsTd366fzEpC1w12a +V/gWQ1mVs+bmSRySPx8mO4CpHfhAI+sZrSsWG+UXP9Guf9YKHFLJDiSrX7EmvszR +B+/LvZqce4iCnwCUoIuYhxM6EybDdQ== +=v5CI +-----END PGP SIGNATURE----- diff --git a/openssl-1_1.changes b/openssl-1_1.changes index fff040e..fe89337 100644 --- a/openssl-1_1.changes +++ b/openssl-1_1.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Wed Sep 11 09:32:16 UTC 2019 - Vítězslav Čížek + +- Update to 1.1.1d (bsc#1133925, jsc#SLE-6430) + * Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random + number generator (RNG). This was intended to include protection in the + event of a fork() system call in order to ensure that the parent and child + processes did not share the same RNG state. However this protection was not + being used in the default case. + (bsc#1150247, CVE-2019-1549) + * Compute ECC cofactors if not provided during EC_GROUP construction. Before + this change, EC_GROUP_set_generator would accept order and/or cofactor as + NULL. After this change, only the cofactor parameter can be NULL. + (bsc#1150003, CVE-2019-1547) + * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. + (bsc#1150250, CVE-2019-1563) + * For built-in EC curves, ensure an EC_GROUP built from the curve name is + used even when parsing explicit parameters, when loading a serialized key + or calling EC_GROUP_new_from_ecpkparameters()/EC_GROUP_new_from_ecparameters(). + * Early start up entropy quality from the DEVRANDOM seed source has been + improved for older Linux systems. + * Changed DH_check to accept parameters with order q and 2q subgroups. + With order 2q subgroups the bit 0 of the private key is not secret + but DH_generate_key works around that by clearing bit 0 of the + private key for those. This avoids leaking bit 0 of the private key. + * Significantly reduce secure memory usage by the randomness pools. + * Revert the DEVRANDOM_WAIT feature for Linux systems +- drop 0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch (upstream) +- refresh patches + * openssl-1.1.0-no-html.patch + * openssl-jsc-SLE-8789-backport_KDF.patch + ------------------------------------------------------------------- Tue Sep 10 19:26:34 UTC 2019 - Jason Sikes diff --git a/openssl-1_1.spec b/openssl-1_1.spec index 2b4504a..f6995af 100644 --- a/openssl-1_1.spec +++ b/openssl-1_1.spec @@ -21,7 +21,7 @@ %define _rname openssl Name: openssl-1_1 # Don't forget to update the version in the "openssl" package! -Version: 1.1.1c +Version: 1.1.1d Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL @@ -43,8 +43,6 @@ Patch3: openssl-pkgconfig.patch Patch4: openssl-DEFAULT_SUSE_cipher.patch Patch5: openssl-ppc64-config.patch Patch6: openssl-no-date.patch -# PATCH-FIX-UPSTREAM https://github.com/openssl/openssl/pull/8966 -Patch7: 0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch # PATCH-FIX-UPSTREAM jsc#SLE-6126 and jsc#SLE-6129 Patch8: 0001-s390x-assembly-pack-perlasm-support.patch Patch9: 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch diff --git a/openssl-jsc-SLE-8789-backport_KDF.patch b/openssl-jsc-SLE-8789-backport_KDF.patch index 94a7aae..5c6589f 100644 --- a/openssl-jsc-SLE-8789-backport_KDF.patch +++ b/openssl-jsc-SLE-8789-backport_KDF.patch @@ -1,7 +1,7 @@ -Index: openssl-1.1.1c/crypto/evp/build.info +Index: openssl-1.1.1d/crypto/evp/build.info =================================================================== ---- openssl-1.1.1c.orig/crypto/evp/build.info -+++ openssl-1.1.1c/crypto/evp/build.info +--- openssl-1.1.1d.orig/crypto/evp/build.info 2019-09-11 15:52:54.177320463 +0200 ++++ openssl-1.1.1d/crypto/evp/build.info 2019-09-11 15:53:13.513431593 +0200 @@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ @@ -12,10 +12,10 @@ Index: openssl-1.1.1c/crypto/evp/build.info e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \ e_chacha20_poly1305.c cmeth_lib.c -Index: openssl-1.1.1c/crypto/evp/e_chacha20_poly1305.c +Index: openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c =================================================================== ---- openssl-1.1.1c.orig/crypto/evp/e_chacha20_poly1305.c -+++ openssl-1.1.1c/crypto/evp/e_chacha20_poly1305.c +--- openssl-1.1.1d.orig/crypto/evp/e_chacha20_poly1305.c 2019-09-11 15:52:54.177320463 +0200 ++++ openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c 2019-09-11 15:53:13.513431593 +0200 @@ -14,8 +14,8 @@ # include @@ -26,10 +26,10 @@ Index: openssl-1.1.1c/crypto/evp/e_chacha20_poly1305.c # include "internal/chacha.h" typedef struct { -Index: openssl-1.1.1c/crypto/evp/encode.c +Index: openssl-1.1.1d/crypto/evp/encode.c =================================================================== ---- openssl-1.1.1c.orig/crypto/evp/encode.c -+++ openssl-1.1.1c/crypto/evp/encode.c +--- openssl-1.1.1d.orig/crypto/evp/encode.c 2019-09-11 15:52:54.181320486 +0200 ++++ openssl-1.1.1d/crypto/evp/encode.c 2019-09-11 15:53:13.513431593 +0200 @@ -11,8 +11,8 @@ #include #include "internal/cryptlib.h" @@ -40,10 +40,10 @@ Index: openssl-1.1.1c/crypto/evp/encode.c static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table); -Index: openssl-1.1.1c/crypto/evp/evp_locl.h +Index: openssl-1.1.1d/crypto/evp/evp_locl.h =================================================================== ---- openssl-1.1.1c.orig/crypto/evp/evp_locl.h -+++ openssl-1.1.1c/crypto/evp/evp_locl.h +--- openssl-1.1.1d.orig/crypto/evp/evp_locl.h 2019-09-11 15:52:54.181320486 +0200 ++++ openssl-1.1.1d/crypto/evp/evp_locl.h 2019-09-11 15:53:13.513431593 +0200 @@ -41,6 +41,11 @@ struct evp_cipher_ctx_st { unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ } /* EVP_CIPHER_CTX */ ; @@ -56,10 +56,10 @@ Index: openssl-1.1.1c/crypto/evp/evp_locl.h int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, -Index: openssl-1.1.1c/crypto/evp/evp_pbe.c +Index: openssl-1.1.1d/crypto/evp/evp_pbe.c =================================================================== ---- openssl-1.1.1c.orig/crypto/evp/evp_pbe.c -+++ openssl-1.1.1c/crypto/evp/evp_pbe.c +--- openssl-1.1.1d.orig/crypto/evp/evp_pbe.c 2019-09-11 15:52:54.181320486 +0200 ++++ openssl-1.1.1d/crypto/evp/evp_pbe.c 2019-09-11 15:53:13.513431593 +0200 @@ -12,6 +12,7 @@ #include #include @@ -68,10 +68,10 @@ Index: openssl-1.1.1c/crypto/evp/evp_pbe.c #include "evp_locl.h" /* Password based encryption (PBE) functions */ -Index: openssl-1.1.1c/crypto/evp/kdf_lib.c +Index: openssl-1.1.1d/crypto/evp/kdf_lib.c =================================================================== ---- /dev/null -+++ openssl-1.1.1c/crypto/evp/kdf_lib.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.1.1d/crypto/evp/kdf_lib.c 2019-09-11 15:53:13.513431593 +0200 @@ -0,0 +1,166 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -239,10 +239,10 @@ Index: openssl-1.1.1c/crypto/evp/kdf_lib.c + return ctx->kmeth->derive(ctx->impl, key, keylen); +} + -Index: openssl-1.1.1c/crypto/evp/p5_crpt2.c +Index: openssl-1.1.1d/crypto/evp/p5_crpt2.c =================================================================== ---- openssl-1.1.1c.orig/crypto/evp/p5_crpt2.c -+++ openssl-1.1.1c/crypto/evp/p5_crpt2.c +--- openssl-1.1.1d.orig/crypto/evp/p5_crpt2.c 2019-09-11 15:52:54.181320486 +0200 ++++ openssl-1.1.1d/crypto/evp/p5_crpt2.c 2019-09-11 15:53:13.513431593 +0200 @@ -10,10 +10,12 @@ #include #include @@ -381,10 +381,10 @@ Index: openssl-1.1.1c/crypto/evp/p5_crpt2.c } int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, -Index: openssl-1.1.1c/crypto/evp/pkey_kdf.c +Index: openssl-1.1.1d/crypto/evp/pkey_kdf.c =================================================================== ---- /dev/null -+++ openssl-1.1.1c/crypto/evp/pkey_kdf.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.1.1d/crypto/evp/pkey_kdf.c 2019-09-11 15:53:13.513431593 +0200 @@ -0,0 +1,255 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -641,10 +641,10 @@ Index: openssl-1.1.1c/crypto/evp/pkey_kdf.c + pkey_kdf_ctrl_str +}; + -Index: openssl-1.1.1c/crypto/include/internal/evp_int.h +Index: openssl-1.1.1d/crypto/include/internal/evp_int.h =================================================================== ---- openssl-1.1.1c.orig/crypto/include/internal/evp_int.h -+++ openssl-1.1.1c/crypto/include/internal/evp_int.h +--- openssl-1.1.1d.orig/crypto/include/internal/evp_int.h 2019-09-11 15:52:54.181320486 +0200 ++++ openssl-1.1.1d/crypto/include/internal/evp_int.h 2019-09-11 15:53:13.513431593 +0200 @@ -112,6 +112,25 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m extern const EVP_PKEY_METHOD poly1305_pkey_meth; extern const EVP_PKEY_METHOD siphash_pkey_meth; @@ -671,19 +671,19 @@ Index: openssl-1.1.1c/crypto/include/internal/evp_int.h struct evp_md_st { int type; int pkey_type; -Index: openssl-1.1.1c/crypto/kdf/build.info +Index: openssl-1.1.1d/crypto/kdf/build.info =================================================================== ---- openssl-1.1.1c.orig/crypto/kdf/build.info -+++ openssl-1.1.1c/crypto/kdf/build.info +--- openssl-1.1.1d.orig/crypto/kdf/build.info 2019-09-11 15:52:54.181320486 +0200 ++++ openssl-1.1.1d/crypto/kdf/build.info 2019-09-11 15:53:13.513431593 +0200 @@ -1,3 +1,3 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - tls1_prf.c kdf_err.c hkdf.c scrypt.c + tls1_prf.c kdf_err.c kdf_util.c hkdf.c sshkdf.c scrypt.c pbkdf2.c -Index: openssl-1.1.1c/crypto/kdf/hkdf.c +Index: openssl-1.1.1d/crypto/kdf/hkdf.c =================================================================== ---- openssl-1.1.1c.orig/crypto/kdf/hkdf.c -+++ openssl-1.1.1c/crypto/kdf/hkdf.c +--- openssl-1.1.1d.orig/crypto/kdf/hkdf.c 2019-09-11 15:52:54.181320486 +0200 ++++ openssl-1.1.1d/crypto/kdf/hkdf.c 2019-09-11 15:53:13.513431593 +0200 @@ -8,32 +8,33 @@ */ @@ -1150,10 +1150,10 @@ Index: openssl-1.1.1c/crypto/kdf/hkdf.c err: OPENSSL_cleanse(prev, sizeof(prev)); -Index: openssl-1.1.1c/crypto/kdf/kdf_local.h +Index: openssl-1.1.1d/crypto/kdf/kdf_local.h =================================================================== ---- /dev/null -+++ openssl-1.1.1c/crypto/kdf/kdf_local.h +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.1.1d/crypto/kdf/kdf_local.h 2019-09-11 15:53:13.513431593 +0200 @@ -0,0 +1,22 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -1177,10 +1177,10 @@ Index: openssl-1.1.1c/crypto/kdf/kdf_local.h + int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), + int cmd, const char *md_name); + -Index: openssl-1.1.1c/crypto/kdf/kdf_util.c +Index: openssl-1.1.1d/crypto/kdf/kdf_util.c =================================================================== ---- /dev/null -+++ openssl-1.1.1c/crypto/kdf/kdf_util.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.1.1d/crypto/kdf/kdf_util.c 2019-09-11 15:53:13.513431593 +0200 @@ -0,0 +1,73 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -1255,10 +1255,10 @@ Index: openssl-1.1.1c/crypto/kdf/kdf_util.c + return call_ctrl(ctrl, impl, cmd, md); +} + -Index: openssl-1.1.1c/crypto/kdf/pbkdf2.c +Index: openssl-1.1.1d/crypto/kdf/pbkdf2.c =================================================================== ---- /dev/null -+++ openssl-1.1.1c/crypto/kdf/pbkdf2.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.1.1d/crypto/kdf/pbkdf2.c 2019-09-11 15:53:13.513431593 +0200 @@ -0,0 +1,264 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -1524,10 +1524,10 @@ Index: openssl-1.1.1c/crypto/kdf/pbkdf2.c + HMAC_CTX_free(hctx_tpl); + return ret; +} -Index: openssl-1.1.1c/crypto/kdf/scrypt.c +Index: openssl-1.1.1d/crypto/kdf/scrypt.c =================================================================== ---- openssl-1.1.1c.orig/crypto/kdf/scrypt.c -+++ openssl-1.1.1c/crypto/kdf/scrypt.c +--- openssl-1.1.1d.orig/crypto/kdf/scrypt.c 2019-09-11 15:52:54.185320508 +0200 ++++ openssl-1.1.1d/crypto/kdf/scrypt.c 2019-09-11 15:53:13.513431593 +0200 @@ -8,25 +8,34 @@ */ @@ -2116,10 +2116,10 @@ Index: openssl-1.1.1c/crypto/kdf/scrypt.c +} #endif -Index: openssl-1.1.1c/crypto/kdf/sshkdf.c +Index: openssl-1.1.1d/crypto/kdf/sshkdf.c =================================================================== ---- /dev/null -+++ openssl-1.1.1c/crypto/kdf/sshkdf.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.1.1d/crypto/kdf/sshkdf.c 2019-09-11 15:53:13.513431593 +0200 @@ -0,0 +1,288 @@ +/* + * Copyright 2018-2018 The OpenSSL Project Authors. All Rights Reserved. @@ -2409,10 +2409,10 @@ Index: openssl-1.1.1c/crypto/kdf/sshkdf.c + return ret; +} + -Index: openssl-1.1.1c/crypto/kdf/tls1_prf.c +Index: openssl-1.1.1d/crypto/kdf/tls1_prf.c =================================================================== ---- openssl-1.1.1c.orig/crypto/kdf/tls1_prf.c -+++ openssl-1.1.1c/crypto/kdf/tls1_prf.c +--- openssl-1.1.1d.orig/crypto/kdf/tls1_prf.c 2019-09-11 15:52:54.185320508 +0200 ++++ openssl-1.1.1d/crypto/kdf/tls1_prf.c 2019-09-11 15:53:13.513431593 +0200 @@ -8,10 +8,15 @@ */ @@ -2681,11 +2681,11 @@ Index: openssl-1.1.1c/crypto/kdf/tls1_prf.c if (EVP_MD_type(md) == NID_md5_sha1) { size_t i; unsigned char *tmp; -Index: openssl-1.1.1c/include/openssl/evperr.h +Index: openssl-1.1.1d/include/openssl/evperr.h =================================================================== ---- openssl-1.1.1c.orig/include/openssl/evperr.h -+++ openssl-1.1.1c/include/openssl/evperr.h -@@ -50,6 +50,9 @@ int ERR_load_EVP_strings(void); +--- openssl-1.1.1d.orig/include/openssl/evperr.h 2019-09-11 15:52:54.185320508 +0200 ++++ openssl-1.1.1d/include/openssl/evperr.h 2019-09-11 15:55:36.806255073 +0200 +@@ -57,6 +57,9 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219 # define EVP_F_EVP_ENCRYPTFINAL_EX 127 # define EVP_F_EVP_ENCRYPTUPDATE 167 @@ -2695,7 +2695,7 @@ Index: openssl-1.1.1c/include/openssl/evperr.h # define EVP_F_EVP_MD_CTX_COPY_EX 110 # define EVP_F_EVP_MD_SIZE 162 # define EVP_F_EVP_OPENINIT 102 -@@ -112,11 +115,13 @@ int ERR_load_EVP_strings(void); +@@ -119,12 +122,14 @@ int ERR_load_EVP_strings(void); # define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 # define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 @@ -2703,13 +2703,14 @@ Index: openssl-1.1.1c/include/openssl/evperr.h # define EVP_F_PKEY_SET_TYPE 158 # define EVP_F_RC2_MAGIC_TO_METH 109 # define EVP_F_RC5_CTRL 125 + # define EVP_F_R_32_12_16_INIT_KEY 242 # define EVP_F_S390X_AES_GCM_CTRL 201 # define EVP_F_UPDATE 173 +# define EVP_F_SCRYPT_ALG 228 /* * EVP reason codes. -@@ -169,6 +174,7 @@ int ERR_load_EVP_strings(void); +@@ -178,6 +183,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_ONLY_ONESHOT_SUPPORTED 177 # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 # define EVP_R_OPERATON_NOT_INITIALIZED 151 @@ -2717,10 +2718,10 @@ Index: openssl-1.1.1c/include/openssl/evperr.h # define EVP_R_PARTIALLY_OVERLAPPING 162 # define EVP_R_PBKDF2_ERROR 181 # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 -Index: openssl-1.1.1c/include/openssl/kdf.h +Index: openssl-1.1.1d/include/openssl/kdf.h =================================================================== ---- openssl-1.1.1c.orig/include/openssl/kdf.h -+++ openssl-1.1.1c/include/openssl/kdf.h +--- openssl-1.1.1d.orig/include/openssl/kdf.h 2019-09-11 15:52:54.185320508 +0200 ++++ openssl-1.1.1d/include/openssl/kdf.h 2019-09-11 15:53:13.517431615 +0200 @@ -11,10 +11,61 @@ # define HEADER_KDF_H @@ -2799,11 +2800,11 @@ Index: openssl-1.1.1c/include/openssl/kdf.h # define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \ EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ -Index: openssl-1.1.1c/include/openssl/kdferr.h +Index: openssl-1.1.1d/include/openssl/kdferr.h =================================================================== ---- openssl-1.1.1c.orig/include/openssl/kdferr.h -+++ openssl-1.1.1c/include/openssl/kdferr.h -@@ -31,6 +31,28 @@ int ERR_load_KDF_strings(void); +--- openssl-1.1.1d.orig/include/openssl/kdferr.h 2019-09-11 15:52:54.185320508 +0200 ++++ openssl-1.1.1d/include/openssl/kdferr.h 2019-09-11 15:53:13.517431615 +0200 +@@ -35,6 +35,28 @@ int ERR_load_KDF_strings(void); # define KDF_F_PKEY_TLS1_PRF_DERIVE 101 # define KDF_F_PKEY_TLS1_PRF_INIT 110 # define KDF_F_TLS1_PRF_ALG 111 @@ -2832,7 +2833,7 @@ Index: openssl-1.1.1c/include/openssl/kdferr.h /* * KDF reason codes. -@@ -47,5 +69,9 @@ int ERR_load_KDF_strings(void); +@@ -51,5 +73,9 @@ int ERR_load_KDF_strings(void); # define KDF_R_UNKNOWN_PARAMETER_TYPE 103 # define KDF_R_VALUE_ERROR 108 # define KDF_R_VALUE_MISSING 102 @@ -2842,10 +2843,10 @@ Index: openssl-1.1.1c/include/openssl/kdferr.h +# define KDF_R_MISSING_XCGHASH 115 #endif -Index: openssl-1.1.1c/include/openssl/obj_mac.h +Index: openssl-1.1.1d/include/openssl/obj_mac.h =================================================================== ---- openssl-1.1.1c.orig/include/openssl/obj_mac.h -+++ openssl-1.1.1c/include/openssl/obj_mac.h +--- openssl-1.1.1d.orig/include/openssl/obj_mac.h 2019-09-11 15:52:54.189320532 +0200 ++++ openssl-1.1.1d/include/openssl/obj_mac.h 2019-09-11 15:53:13.517431615 +0200 @@ -4970,6 +4970,10 @@ #define LN_hkdf "hkdf" #define NID_hkdf 1036 @@ -2857,10 +2858,10 @@ Index: openssl-1.1.1c/include/openssl/obj_mac.h #define SN_id_pkinit "id-pkinit" #define NID_id_pkinit 1031 #define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L -Index: openssl-1.1.1c/include/openssl/ossl_typ.h +Index: openssl-1.1.1d/include/openssl/ossl_typ.h =================================================================== ---- openssl-1.1.1c.orig/include/openssl/ossl_typ.h -+++ openssl-1.1.1c/include/openssl/ossl_typ.h +--- openssl-1.1.1d.orig/include/openssl/ossl_typ.h 2019-09-11 15:52:54.189320532 +0200 ++++ openssl-1.1.1d/include/openssl/ossl_typ.h 2019-09-11 15:53:13.517431615 +0200 @@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E typedef struct evp_pkey_method_st EVP_PKEY_METHOD; typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; @@ -2870,10 +2871,10 @@ Index: openssl-1.1.1c/include/openssl/ossl_typ.h typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; typedef struct hmac_ctx_st HMAC_CTX; -Index: openssl-1.1.1c/test/recipes/30-test_evp.t +Index: openssl-1.1.1d/test/recipes/30-test_evp.t =================================================================== ---- openssl-1.1.1c.orig/test/recipes/30-test_evp.t -+++ openssl-1.1.1c/test/recipes/30-test_evp.t +--- openssl-1.1.1d.orig/test/recipes/30-test_evp.t 2019-09-11 15:52:54.189320532 +0200 ++++ openssl-1.1.1d/test/recipes/30-test_evp.t 2019-09-11 15:53:13.517431615 +0200 @@ -15,8 +15,8 @@ use OpenSSL::Test qw/:DEFAULT data_file/ setup("test_evp"); @@ -2885,10 +2886,10 @@ Index: openssl-1.1.1c/test/recipes/30-test_evp.t plan tests => scalar(@files); -Index: openssl-1.1.1c/test/recipes/30-test_evp_data/evppkey_kdf.txt +Index: openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt =================================================================== ---- /dev/null -+++ openssl-1.1.1c/test/recipes/30-test_evp_data/evppkey_kdf.txt +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt 2019-09-11 15:53:13.517431615 +0200 @@ -0,0 +1,305 @@ +# +# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. @@ -3195,10 +3196,10 @@ Index: openssl-1.1.1c/test/recipes/30-test_evp_data/evppkey_kdf.txt +Ctrl.p = p:1 +Result = INTERNAL_ERROR + -Index: openssl-1.1.1c/test/recipes/30-test_evp_data/evpkdf.txt +Index: openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt =================================================================== ---- openssl-1.1.1c.orig/test/recipes/30-test_evp_data/evpkdf.txt -+++ openssl-1.1.1c/test/recipes/30-test_evp_data/evpkdf.txt +--- openssl-1.1.1d.orig/test/recipes/30-test_evp_data/evpkdf.txt 2019-09-11 15:52:54.193320554 +0200 ++++ openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt 2019-09-11 15:53:13.521431638 +0200 @@ -1,5 +1,5 @@ # -# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. @@ -8438,10 +8439,10 @@ Index: openssl-1.1.1c/test/recipes/30-test_evp_data/evpkdf.txt +Ctrl.type = type:A +Output = FF +Result = KDF_MISMATCH -Index: openssl-1.1.1c/test/evp_kdf_test.c +Index: openssl-1.1.1d/test/evp_kdf_test.c =================================================================== ---- /dev/null -+++ openssl-1.1.1c/test/evp_kdf_test.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.1.1d/test/evp_kdf_test.c 2019-09-11 15:53:13.521431638 +0200 @@ -0,0 +1,237 @@ +/* + * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. @@ -8680,11 +8681,11 @@ Index: openssl-1.1.1c/test/evp_kdf_test.c +#endif + return 1; +} -Index: openssl-1.1.1c/test/evp_test.c +Index: openssl-1.1.1d/test/evp_test.c =================================================================== ---- openssl-1.1.1c.orig/test/evp_test.c -+++ openssl-1.1.1c/test/evp_test.c -@@ -1689,7 +1689,7 @@ static const EVP_TEST_METHOD encode_test +--- openssl-1.1.1d.orig/test/evp_test.c 2019-09-11 15:52:54.193320554 +0200 ++++ openssl-1.1.1d/test/evp_test.c 2019-09-11 15:53:13.521431638 +0200 +@@ -1711,7 +1711,7 @@ static const EVP_TEST_METHOD encode_test typedef struct kdf_data_st { /* Context for this operation */ @@ -8693,7 +8694,7 @@ Index: openssl-1.1.1c/test/evp_test.c /* Expected output */ unsigned char *output; size_t output_len; -@@ -1716,16 +1716,11 @@ static int kdf_test_init(EVP_TEST *t, co +@@ -1738,16 +1738,11 @@ static int kdf_test_init(EVP_TEST *t, co if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) return 0; @@ -8711,7 +8712,7 @@ Index: openssl-1.1.1c/test/evp_test.c t->data = kdata; return 1; } -@@ -1734,7 +1729,42 @@ static void kdf_test_cleanup(EVP_TEST *t +@@ -1756,7 +1751,42 @@ static void kdf_test_cleanup(EVP_TEST *t { KDF_DATA *kdata = t->data; OPENSSL_free(kdata->output); @@ -8755,7 +8756,7 @@ Index: openssl-1.1.1c/test/evp_test.c } static int kdf_test_parse(EVP_TEST *t, -@@ -1745,7 +1775,7 @@ static int kdf_test_parse(EVP_TEST *t, +@@ -1767,7 +1797,7 @@ static int kdf_test_parse(EVP_TEST *t, if (strcmp(keyword, "Output") == 0) return parse_bin(value, &kdata->output, &kdata->output_len); if (strncmp(keyword, "Ctrl", 4) == 0) @@ -8764,7 +8765,7 @@ Index: openssl-1.1.1c/test/evp_test.c return 0; } -@@ -1759,7 +1789,7 @@ static int kdf_test_run(EVP_TEST *t) +@@ -1781,7 +1811,7 @@ static int kdf_test_run(EVP_TEST *t) t->err = "INTERNAL_ERROR"; goto err; } @@ -8773,7 +8774,7 @@ Index: openssl-1.1.1c/test/evp_test.c t->err = "KDF_DERIVE_ERROR"; goto err; } -@@ -1785,6 +1815,106 @@ static const EVP_TEST_METHOD kdf_test_me +@@ -1807,6 +1837,106 @@ static const EVP_TEST_METHOD kdf_test_me /** @@ -8880,7 +8881,7 @@ Index: openssl-1.1.1c/test/evp_test.c *** KEYPAIR TESTS **/ -@@ -2288,6 +2418,7 @@ static const EVP_TEST_METHOD *evp_test_l +@@ -2310,6 +2440,7 @@ static const EVP_TEST_METHOD *evp_test_l &digestverify_test_method, &encode_test_method, &kdf_test_method, @@ -8888,11 +8889,11 @@ Index: openssl-1.1.1c/test/evp_test.c &keypair_test_method, &keygen_test_method, &mac_test_method, -Index: openssl-1.1.1c/test/build.info +Index: openssl-1.1.1d/test/build.info =================================================================== ---- openssl-1.1.1c.orig/test/build.info -+++ openssl-1.1.1c/test/build.info -@@ -43,7 +43,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I +--- openssl-1.1.1d.orig/test/build.info 2019-09-11 15:52:54.193320554 +0200 ++++ openssl-1.1.1d/test/build.info 2019-09-11 15:53:13.521431638 +0200 +@@ -44,7 +44,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ bio_callback_test bio_memleak_test \ bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \ @@ -8902,7 +8903,7 @@ Index: openssl-1.1.1c/test/build.info asn1_encode_test asn1_decode_test asn1_string_table_test \ x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \ recordlentest drbgtest sslbuffertest \ -@@ -335,6 +336,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I +@@ -336,6 +337,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I INCLUDE[pkey_meth_kdf_test]=../include DEPEND[pkey_meth_kdf_test]=../libcrypto libtestutil.a @@ -8913,10 +8914,10 @@ Index: openssl-1.1.1c/test/build.info SOURCE[x509_time_test]=x509_time_test.c INCLUDE[x509_time_test]=../include DEPEND[x509_time_test]=../libcrypto libtestutil.a -Index: openssl-1.1.1c/test/pkey_meth_kdf_test.c +Index: openssl-1.1.1d/test/pkey_meth_kdf_test.c =================================================================== ---- openssl-1.1.1c.orig/test/pkey_meth_kdf_test.c -+++ openssl-1.1.1c/test/pkey_meth_kdf_test.c +--- openssl-1.1.1d.orig/test/pkey_meth_kdf_test.c 2019-09-11 15:52:54.193320554 +0200 ++++ openssl-1.1.1d/test/pkey_meth_kdf_test.c 2019-09-11 15:53:13.521431638 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. @@ -9120,10 +9121,10 @@ Index: openssl-1.1.1c/test/pkey_meth_kdf_test.c } #endif -Index: openssl-1.1.1c/test/recipes/30-test_evp_kdf.t +Index: openssl-1.1.1d/test/recipes/30-test_evp_kdf.t =================================================================== ---- /dev/null -+++ openssl-1.1.1c/test/recipes/30-test_evp_kdf.t +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.1.1d/test/recipes/30-test_evp_kdf.t 2019-09-11 15:53:13.521431638 +0200 @@ -0,0 +1,13 @@ +#! /usr/bin/env perl +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. @@ -9138,26 +9139,26 @@ Index: openssl-1.1.1c/test/recipes/30-test_evp_kdf.t +use OpenSSL::Test::Simple; + +simple_test("test_evp_kdf", "evp_kdf_test"); -Index: openssl-1.1.1c/util/libcrypto.num +Index: openssl-1.1.1d/util/libcrypto.num =================================================================== ---- openssl-1.1.1c.orig/util/libcrypto.num -+++ openssl-1.1.1c/util/libcrypto.num -@@ -4580,3 +4580,11 @@ EVP_PKEY_meth_get_digest_custom - OPENSSL_INIT_set_config_filename 4534 1_1_1b EXIST::FUNCTION:STDIO - OPENSSL_INIT_set_config_file_flags 4535 1_1_1b EXIST::FUNCTION:STDIO +--- openssl-1.1.1d.orig/util/libcrypto.num 2019-09-11 15:53:13.525431662 +0200 ++++ openssl-1.1.1d/util/libcrypto.num 2019-09-11 15:58:08.483126793 +0200 +@@ -4582,3 +4582,11 @@ OPENSSL_INIT_set_config_file_flags EVP_PKEY_get0_engine 4536 1_1_1c EXIST::FUNCTION:ENGINE -+EVP_KDF_CTX_new_id 4537 1_1_1c EXIST::FUNCTION: -+EVP_KDF_CTX_free 4538 1_1_1c EXIST::FUNCTION: -+EVP_KDF_reset 4539 1_1_1c EXIST::FUNCTION: -+EVP_KDF_ctrl 4540 1_1_1c EXIST::FUNCTION: -+EVP_KDF_vctrl 4541 1_1_1c EXIST::FUNCTION: -+EVP_KDF_ctrl_str 4542 1_1_1c EXIST::FUNCTION: -+EVP_KDF_size 4543 1_1_1c EXIST::FUNCTION: -+EVP_KDF_derive 4544 1_1_1c EXIST::FUNCTION: -Index: openssl-1.1.1c/util/private.num + X509_get0_authority_serial 4537 1_1_1d EXIST::FUNCTION: + X509_get0_authority_issuer 4538 1_1_1d EXIST::FUNCTION: ++EVP_KDF_CTX_new_id 4539 1_1_1d EXIST::FUNCTION: ++EVP_KDF_CTX_free 4540 1_1_1d EXIST::FUNCTION: ++EVP_KDF_reset 4541 1_1_1d EXIST::FUNCTION: ++EVP_KDF_ctrl 4542 1_1_1d EXIST::FUNCTION: ++EVP_KDF_vctrl 4543 1_1_1d EXIST::FUNCTION: ++EVP_KDF_ctrl_str 4544 1_1_1d EXIST::FUNCTION: ++EVP_KDF_size 4545 1_1_1d EXIST::FUNCTION: ++EVP_KDF_derive 4546 1_1_1d EXIST::FUNCTION: +Index: openssl-1.1.1d/util/private.num =================================================================== ---- openssl-1.1.1c.orig/util/private.num -+++ openssl-1.1.1c/util/private.num +--- openssl-1.1.1d.orig/util/private.num 2019-09-11 15:52:54.197320577 +0200 ++++ openssl-1.1.1d/util/private.num 2019-09-11 15:53:13.525431662 +0200 @@ -21,6 +21,7 @@ CRYPTO_EX_dup CRYPTO_EX_free datatype CRYPTO_EX_new datatype @@ -9166,19 +9167,11 @@ Index: openssl-1.1.1c/util/private.num EVP_PKEY_gen_cb datatype EVP_PKEY_METHOD datatype EVP_PKEY_ASN1_METHOD datatype -Index: openssl-1.1.1c/crypto/evp/evp_err.c +Index: openssl-1.1.1d/crypto/evp/evp_err.c =================================================================== ---- openssl-1.1.1c.orig/crypto/evp/evp_err.c -+++ openssl-1.1.1c/crypto/evp/evp_err.c -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -55,6 +55,9 @@ static const ERR_STRING_DATA EVP_str_fun +--- openssl-1.1.1d.orig/crypto/evp/evp_err.c 2019-09-10 15:13:07.000000000 +0200 ++++ openssl-1.1.1d/crypto/evp/evp_err.c 2019-09-11 15:58:49.675363525 +0200 +@@ -59,6 +59,9 @@ static const ERR_STRING_DATA EVP_str_fun {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0), "EVP_EncryptFinal_ex"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTUPDATE, 0), "EVP_EncryptUpdate"}, @@ -9188,20 +9181,21 @@ Index: openssl-1.1.1c/crypto/evp/evp_err.c {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_CTX_COPY_EX, 0), "EVP_MD_CTX_copy_ex"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_SIZE, 0), "EVP_MD_size"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_OPENINIT, 0), "EVP_OpenInit"}, -@@ -146,10 +149,12 @@ static const ERR_STRING_DATA EVP_str_fun - "PKCS5_v2_PBKDF2_keyivgen"}, +@@ -151,11 +154,13 @@ static const ERR_STRING_DATA EVP_str_fun {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, 0), "PKCS5_v2_scrypt_keyivgen"}, -+ {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_KDF_CTRL, 0), "pkey_kdf_ctrl"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"}, ++ {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_KDF_CTRL, 0), "pkey_kdf_ctrl"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_R_32_12_16_INIT_KEY, 0), + "r_32_12_16_init_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_SCRYPT_ALG, 0), "scrypt_alg"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"}, {0, NULL} }; -@@ -230,7 +235,9 @@ static const ERR_STRING_DATA EVP_str_rea +@@ -237,7 +242,9 @@ static const ERR_STRING_DATA EVP_str_rea {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED), @@ -9212,10 +9206,10 @@ Index: openssl-1.1.1c/crypto/evp/evp_err.c {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, -Index: openssl-1.1.1c/crypto/evp/pbe_scrypt.c +Index: openssl-1.1.1d/crypto/evp/pbe_scrypt.c =================================================================== ---- openssl-1.1.1c.orig/crypto/evp/pbe_scrypt.c -+++ openssl-1.1.1c/crypto/evp/pbe_scrypt.c +--- openssl-1.1.1d.orig/crypto/evp/pbe_scrypt.c 2019-09-11 15:52:54.197320577 +0200 ++++ openssl-1.1.1d/crypto/evp/pbe_scrypt.c 2019-09-11 15:53:13.525431662 +0200 @@ -7,135 +7,12 @@ * https://www.openssl.org/source/license.html */ @@ -9484,10 +9478,10 @@ Index: openssl-1.1.1c/crypto/evp/pbe_scrypt.c } + #endif -Index: openssl-1.1.1c/crypto/kdf/kdf_err.c +Index: openssl-1.1.1d/crypto/kdf/kdf_err.c =================================================================== ---- openssl-1.1.1c.orig/crypto/kdf/kdf_err.c -+++ openssl-1.1.1c/crypto/kdf/kdf_err.c +--- openssl-1.1.1d.orig/crypto/kdf/kdf_err.c 2019-09-11 15:52:54.197320577 +0200 ++++ openssl-1.1.1d/crypto/kdf/kdf_err.c 2019-09-11 15:53:13.525431662 +0200 @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT @@ -9555,10 +9549,10 @@ Index: openssl-1.1.1c/crypto/kdf/kdf_err.c {0, NULL} }; -Index: openssl-1.1.1c/crypto/objects/obj_dat.h +Index: openssl-1.1.1d/crypto/objects/obj_dat.h =================================================================== ---- openssl-1.1.1c.orig/crypto/objects/obj_dat.h -+++ openssl-1.1.1c/crypto/objects/obj_dat.h +--- openssl-1.1.1d.orig/crypto/objects/obj_dat.h 2019-09-11 15:52:54.197320577 +0200 ++++ openssl-1.1.1d/crypto/objects/obj_dat.h 2019-09-11 15:53:13.525431662 +0200 @@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */ }; @@ -9605,19 +9599,19 @@ Index: openssl-1.1.1c/crypto/objects/obj_dat.h 16, /* "stateOrProvinceName" */ 660, /* "streetAddress" */ 498, /* "subtreeMaximumQuality" */ -Index: openssl-1.1.1c/crypto/objects/obj_mac.num +Index: openssl-1.1.1d/crypto/objects/obj_mac.num =================================================================== ---- openssl-1.1.1c.orig/crypto/objects/obj_mac.num -+++ openssl-1.1.1c/crypto/objects/obj_mac.num +--- openssl-1.1.1d.orig/crypto/objects/obj_mac.num 2019-09-11 15:52:54.261320945 +0200 ++++ openssl-1.1.1d/crypto/objects/obj_mac.num 2019-09-11 15:53:13.529431684 +0200 @@ -1192,3 +1192,4 @@ magma_cfb 1191 magma_mac 1192 hmacWithSHA512_224 1193 hmacWithSHA512_256 1194 +sshkdf 1195 -Index: openssl-1.1.1c/crypto/objects/objects.txt +Index: openssl-1.1.1d/crypto/objects/objects.txt =================================================================== ---- openssl-1.1.1c.orig/crypto/objects/objects.txt -+++ openssl-1.1.1c/crypto/objects/objects.txt +--- openssl-1.1.1d.orig/crypto/objects/objects.txt 2019-09-11 15:52:54.265320969 +0200 ++++ openssl-1.1.1d/crypto/objects/objects.txt 2019-09-11 15:53:13.529431684 +0200 @@ -1600,6 +1600,9 @@ secg-scheme 14 3 : dhSinglePass-cofactor # NID for HKDF : HKDF : hkdf @@ -9628,10 +9622,10 @@ Index: openssl-1.1.1c/crypto/objects/objects.txt # RFC 4556 1 3 6 1 5 2 3 : id-pkinit id-pkinit 4 : pkInitClientAuth : PKINIT Client Auth -Index: openssl-1.1.1c/doc/man3/EVP_KDF_CTX.pod +Index: openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod =================================================================== ---- /dev/null -+++ openssl-1.1.1c/doc/man3/EVP_KDF_CTX.pod +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod 2019-09-11 15:53:13.529431684 +0200 @@ -0,0 +1,217 @@ +=pod + @@ -9850,10 +9844,10 @@ Index: openssl-1.1.1c/doc/man3/EVP_KDF_CTX.pod +L. + +=cut -Index: openssl-1.1.1c/doc/man7/EVP_KDF_HKDF.pod +Index: openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod =================================================================== ---- /dev/null -+++ openssl-1.1.1c/doc/man7/EVP_KDF_HKDF.pod +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod 2019-09-11 15:53:13.529431684 +0200 @@ -0,0 +1,180 @@ +=pod + @@ -10035,10 +10029,10 @@ Index: openssl-1.1.1c/doc/man7/EVP_KDF_HKDF.pod +L. + +=cut -Index: openssl-1.1.1c/doc/man7/EVP_KDF_PBKDF2.pod +Index: openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod =================================================================== ---- /dev/null -+++ openssl-1.1.1c/doc/man7/EVP_KDF_PBKDF2.pod +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod 2019-09-11 15:53:13.529431684 +0200 @@ -0,0 +1,78 @@ +=pod + @@ -10118,10 +10112,10 @@ Index: openssl-1.1.1c/doc/man7/EVP_KDF_PBKDF2.pod +L. + +=cut -Index: openssl-1.1.1c/doc/man7/EVP_KDF_SCRYPT.pod +Index: openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod =================================================================== ---- /dev/null -+++ openssl-1.1.1c/doc/man7/EVP_KDF_SCRYPT.pod +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod 2019-09-11 15:53:13.529431684 +0200 @@ -0,0 +1,149 @@ +=pod + @@ -10272,10 +10266,10 @@ Index: openssl-1.1.1c/doc/man7/EVP_KDF_SCRYPT.pod +L. + +=cut -Index: openssl-1.1.1c/doc/man7/EVP_KDF_TLS1_PRF.pod +Index: openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod =================================================================== ---- /dev/null -+++ openssl-1.1.1c/doc/man7/EVP_KDF_TLS1_PRF.pod +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod 2019-09-11 15:53:13.529431684 +0200 @@ -0,0 +1,142 @@ +=pod + @@ -10419,10 +10413,10 @@ Index: openssl-1.1.1c/doc/man7/EVP_KDF_TLS1_PRF.pod +L. + +=cut -Index: openssl-1.1.1c/doc/man7/scrypt.pod +Index: openssl-1.1.1d/doc/man7/scrypt.pod =================================================================== ---- openssl-1.1.1c.orig/doc/man7/scrypt.pod -+++ /dev/null +--- openssl-1.1.1d.orig/doc/man7/scrypt.pod 2019-09-11 15:53:13.529431684 +0200 ++++ /dev/null 1970-01-01 00:00:00.000000000 +0000 @@ -1,115 +0,0 @@ -=pod - @@ -10464,7 +10458,7 @@ Index: openssl-1.1.1c/doc/man7/scrypt.pod -The output length of an scrypt key derivation is specified via the -length parameter to the L function. - --=head1 EXAMPLE +-=head1 EXAMPLES - -This example derives a 64-byte long test vector using scrypt using the password -"password", salt "NaCl" and N = 1024, r = 8, p = 16. @@ -10531,7 +10525,7 @@ Index: openssl-1.1.1c/doc/man7/scrypt.pod - -=head1 COPYRIGHT - --Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +-Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy @@ -10539,10 +10533,10 @@ Index: openssl-1.1.1c/doc/man7/scrypt.pod -L. - -=cut -Index: openssl-1.1.1c/doc/man7/EVP_KDF_SSHKDF.pod +Index: openssl-1.1.1d/doc/man7/EVP_KDF_SSHKDF.pod =================================================================== ---- /dev/null -+++ openssl-1.1.1c/doc/man7/EVP_KDF_SSHKDF.pod +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssl-1.1.1d/doc/man7/EVP_KDF_SSHKDF.pod 2019-09-11 15:53:13.529431684 +0200 @@ -0,0 +1,175 @@ +=pod +