SHA256
1
0
forked from pool/openssl-1_1

Accepting request 730187 from home:vitezslav_cizek:branches:security:tls

- Update to 1.1.1d (bsc#1133925, jsc#SLE-6430)
  * Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
    number generator (RNG). This was intended to include protection in the
    event of a fork() system call in order to ensure that the parent and child
    processes did not share the same RNG state. However this protection was not
    being used in the default case.
    (bsc#1150247, CVE-2019-1549)
  * Compute ECC cofactors if not provided during EC_GROUP construction. Before
    this change, EC_GROUP_set_generator would accept order and/or cofactor as
    NULL. After this change, only the cofactor parameter can be NULL.
    (bsc#1150003, CVE-2019-1547)
  * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
    (bsc#1150250, CVE-2019-1563)
  * For built-in EC curves, ensure an EC_GROUP built from the curve name is
    used even when parsing explicit parameters, when loading a serialized key
    or calling EC_GROUP_new_from_ecpkparameters()/EC_GROUP_new_from_ecparameters().
  * Early start up entropy quality from the DEVRANDOM seed source has been
    improved for older Linux systems.
  * Changed DH_check to accept parameters with order q and 2q subgroups.
    With order 2q subgroups the bit 0 of the private key is not secret
    but DH_generate_key works around that by clearing bit 0 of the
    private key for those. This avoids leaking bit 0 of the private key.
  * Significantly reduce secure memory usage by the randomness pools.
  * Revert the DEVRANDOM_WAIT feature for Linux systems
- drop 0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch (upstream)
- refresh patches
  * openssl-1.1.0-no-html.patch
  * openssl-jsc-SLE-8789-backport_KDF.patch

OBS-URL: https://build.opensuse.org/request/show/730187
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=43
This commit is contained in:
Pedro Monreal Gonzalez 2019-09-11 15:31:50 +00:00 committed by Git OBS Bridge
parent 231804ccdd
commit 0d52304a01
9 changed files with 222 additions and 281 deletions

View File

@ -1,79 +0,0 @@
From fac9200a881a83bef038ebed628ebd409786a1a6 Mon Sep 17 00:00:00 2001
From: Vitezslav Cizek <vcizek@suse.com>
Date: Tue, 4 Jun 2019 13:24:59 +0200
Subject: [PATCH] build_SYS_str_reasons: Fix a crash caused by overlong locales
The 4 kB SPACE_SYS_STR_REASONS in crypto/err/err.c isn't enough for some locales.
The Russian locales consume 6856 bytes, Ukrainian even 7000.
build_SYS_str_reasons() contains an overflow check:
if (cnt > sizeof(strerror_pool))
cnt = sizeof(strerror_pool);
But since commit 9f15e5b911ba6053e09578f190354568e01c07d7 it no longer
works as cnt is incremented once more after the condition.
cnt greater than sizeof(strerror_pool) results in an unbounded
OPENSSL_strlcpy() in openssl_strerror_r(), eventually causing a crash.
When the first received error string was empty or contained only
spaces, cur would move in front of the start of the strerror_pool.
Also don't call openssl_strerror_r when the pool is full.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8966)
---
crypto/err/err.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 57399f82ad..cf3ae4d3b3 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -188,8 +188,8 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
}
#ifndef OPENSSL_NO_ERR
-/* A measurement on Linux 2018-11-21 showed about 3.5kib */
-# define SPACE_SYS_STR_REASONS 4 * 1024
+/* 2019-05-21: Russian and Ukrainian locales on Linux require more than 6,5 kB */
+# define SPACE_SYS_STR_REASONS 8 * 1024
# define NUM_SYS_STR_REASONS 127
static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
@@ -223,21 +223,23 @@ static void build_SYS_str_reasons(void)
ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
str->error = ERR_PACK(ERR_LIB_SYS, 0, i);
- if (str->string == NULL) {
+ /*
+ * If we have used up all the space in strerror_pool,
+ * there's no point in calling openssl_strerror_r()
+ */
+ if (str->string == NULL && cnt < sizeof(strerror_pool)) {
if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) {
size_t l = strlen(cur);
str->string = cur;
cnt += l;
- if (cnt > sizeof(strerror_pool))
- cnt = sizeof(strerror_pool);
cur += l;
/*
* VMS has an unusual quirk of adding spaces at the end of
- * some (most? all?) messages. Lets trim them off.
+ * some (most? all?) messages. Lets trim them off.
*/
- while (ossl_isspace(cur[-1])) {
+ while (cur > strerror_pool && ossl_isspace(cur[-1])) {
cur--;
cnt--;
}
--
2.21.0

View File

@ -1,7 +1,8 @@
diff -up openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.nohtml openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl
--- openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.no-html 2016-04-19 16:57:52.000000000 +0200
+++ openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl 2016-07-18 13:58:55.060106243 +0200
@@ -288,7 +288,7 @@ install_sw: all install_dev install_engi
Index: openssl-1.1.1d/Configurations/unix-Makefile.tmpl
===================================================================
--- openssl-1.1.1d.orig/Configurations/unix-Makefile.tmpl 2019-09-11 15:38:17.788265421 +0200
+++ openssl-1.1.1d/Configurations/unix-Makefile.tmpl 2019-09-11 15:38:35.640368636 +0200
@@ -544,7 +544,7 @@ install_sw: install_dev install_engines
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
@ -9,4 +10,4 @@ diff -up openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.nohtml openssl-1.1
+install_docs: install_man_docs
uninstall_docs: uninstall_man_docs uninstall_html_docs
$(RM) -r -v $(DESTDIR)$(DOCDIR)
$(RM) -r $(DESTDIR)$(DOCDIR)

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f6fb3079ad15076154eda9413fed42877d668e7069d9b87396d0804fdb3f4c90
size 8864262

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEeVOsH7w9yLOykjk+1enkP3357owFAlztM8IACgkQ1enkP335
7oxQwQ/9G4kkoJC0pat5P4uNBgVyxmXso63Eea91QYGC39BABSL+KpEzfyJtFwqR
36EAI8f5L5iGRKuBKerWtP8YUZ9Jc0Yf/a1R7sPGKh/0hor6dWhU1fh5x3HCatBC
TanYbgXgAQhNHQcwVG6qdvHIwtb9so5NtDB0cKNcegoH6D0IOUtQmYrqXiovsc3K
DwqgUL2ctUvDmroJVE4lQ6zpz239D3UoeSiTWAVGy/GudpQgx/9v6fqwO91/tyWk
Grlpf2v320dLCbCXrbbW4lPq7IeoIkTgPwnVlyLMrm4Ht+Ck6KPgbUyRaVpSuJum
6geA9Miczekv3PhPkF2/ltKwRLUt1TmujBdNTAxYXX6VWw32oh5YSQ2wTVZgvCN/
HJvSW5N2fuEsO8jYX/0RxZjGrbsGyCXtXqElwmETO8JX+wuc6Rd1IFdDKDszUbLh
HEtMBdb/Dhv//gNkEwrPHw9tLH8nd+B4dCJNC/4+Au54t6SpRT2sV6FVNA4Ytkpu
O1OCs2cmIuGFBylDDZCSCWG+1U/dUVoqRh0ufg9PcFDdeicp6Q6cqyBNEVNXG7HU
g7c5zf0XOT7m3+G+d+pPvvzOsZrTKVlOcsAlI7aiqTFFtUUGpHtjm03OP2SKrakb
bPjVbZWzjvRe3st8+GXdv2/i0SuVZW0mTE+6+pPd1/6VlRGOqmI=
=+39w
-----END PGP SIGNATURE-----

3
openssl-1.1.1d.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2
size 8845861

11
openssl-1.1.1d.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl13oWoACgkQ2cTSbQ5g
RJH0Agf+IekQXtSPsrn/5RMgXFGSyK+S1BpFhyoJRvDocVZAxwgvd4F1fcYkFVXH
5+Q6o6s6tIDb+VkuIajcDxTQvrFoXKWMbsFsu3NBAan5R0OlYINRYtXULg0ZqQv4
zxclCSLQTpuMyptuGGbg0/8+9IAhGFk2XSA5EEI+SC6lswRQiT7p6dbULj4CvH3m
7mqovojAAaEJpgfG8b+L+QBJ4XId99uC6tiLM1tTMCsn1ErLsTd366fzEpC1w12a
V/gWQ1mVs+bmSRySPx8mO4CpHfhAI+sZrSsWG+UXP9Guf9YKHFLJDiSrX7EmvszR
B+/LvZqce4iCnwCUoIuYhxM6EybDdQ==
=v5CI
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,35 @@
-------------------------------------------------------------------
Wed Sep 11 09:32:16 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
- Update to 1.1.1d (bsc#1133925, jsc#SLE-6430)
* Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
number generator (RNG). This was intended to include protection in the
event of a fork() system call in order to ensure that the parent and child
processes did not share the same RNG state. However this protection was not
being used in the default case.
(bsc#1150247, CVE-2019-1549)
* Compute ECC cofactors if not provided during EC_GROUP construction. Before
this change, EC_GROUP_set_generator would accept order and/or cofactor as
NULL. After this change, only the cofactor parameter can be NULL.
(bsc#1150003, CVE-2019-1547)
* Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
(bsc#1150250, CVE-2019-1563)
* For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters, when loading a serialized key
or calling EC_GROUP_new_from_ecpkparameters()/EC_GROUP_new_from_ecparameters().
* Early start up entropy quality from the DEVRANDOM seed source has been
improved for older Linux systems.
* Changed DH_check to accept parameters with order q and 2q subgroups.
With order 2q subgroups the bit 0 of the private key is not secret
but DH_generate_key works around that by clearing bit 0 of the
private key for those. This avoids leaking bit 0 of the private key.
* Significantly reduce secure memory usage by the randomness pools.
* Revert the DEVRANDOM_WAIT feature for Linux systems
- drop 0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch (upstream)
- refresh patches
* openssl-1.1.0-no-html.patch
* openssl-jsc-SLE-8789-backport_KDF.patch
-------------------------------------------------------------------
Tue Sep 10 19:26:34 UTC 2019 - Jason Sikes <jsikes@suse.com>

View File

@ -21,7 +21,7 @@
%define _rname openssl
Name: openssl-1_1
# Don't forget to update the version in the "openssl" package!
Version: 1.1.1c
Version: 1.1.1d
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL
@ -43,8 +43,6 @@ Patch3: openssl-pkgconfig.patch
Patch4: openssl-DEFAULT_SUSE_cipher.patch
Patch5: openssl-ppc64-config.patch
Patch6: openssl-no-date.patch
# PATCH-FIX-UPSTREAM https://github.com/openssl/openssl/pull/8966
Patch7: 0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch
# PATCH-FIX-UPSTREAM jsc#SLE-6126 and jsc#SLE-6129
Patch8: 0001-s390x-assembly-pack-perlasm-support.patch
Patch9: 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch

View File

@ -1,7 +1,7 @@
Index: openssl-1.1.1c/crypto/evp/build.info
Index: openssl-1.1.1d/crypto/evp/build.info
===================================================================
--- openssl-1.1.1c.orig/crypto/evp/build.info
+++ openssl-1.1.1c/crypto/evp/build.info
--- openssl-1.1.1d.orig/crypto/evp/build.info 2019-09-11 15:52:54.177320463 +0200
+++ openssl-1.1.1d/crypto/evp/build.info 2019-09-11 15:53:13.513431593 +0200
@@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\
p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
@ -12,10 +12,10 @@ Index: openssl-1.1.1c/crypto/evp/build.info
e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
e_chacha20_poly1305.c cmeth_lib.c
Index: openssl-1.1.1c/crypto/evp/e_chacha20_poly1305.c
Index: openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c
===================================================================
--- openssl-1.1.1c.orig/crypto/evp/e_chacha20_poly1305.c
+++ openssl-1.1.1c/crypto/evp/e_chacha20_poly1305.c
--- openssl-1.1.1d.orig/crypto/evp/e_chacha20_poly1305.c 2019-09-11 15:52:54.177320463 +0200
+++ openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c 2019-09-11 15:53:13.513431593 +0200
@@ -14,8 +14,8 @@
# include <openssl/evp.h>
@ -26,10 +26,10 @@ Index: openssl-1.1.1c/crypto/evp/e_chacha20_poly1305.c
# include "internal/chacha.h"
typedef struct {
Index: openssl-1.1.1c/crypto/evp/encode.c
Index: openssl-1.1.1d/crypto/evp/encode.c
===================================================================
--- openssl-1.1.1c.orig/crypto/evp/encode.c
+++ openssl-1.1.1c/crypto/evp/encode.c
--- openssl-1.1.1d.orig/crypto/evp/encode.c 2019-09-11 15:52:54.181320486 +0200
+++ openssl-1.1.1d/crypto/evp/encode.c 2019-09-11 15:53:13.513431593 +0200
@@ -11,8 +11,8 @@
#include <limits.h>
#include "internal/cryptlib.h"
@ -40,10 +40,10 @@ Index: openssl-1.1.1c/crypto/evp/encode.c
static unsigned char conv_ascii2bin(unsigned char a,
const unsigned char *table);
Index: openssl-1.1.1c/crypto/evp/evp_locl.h
Index: openssl-1.1.1d/crypto/evp/evp_locl.h
===================================================================
--- openssl-1.1.1c.orig/crypto/evp/evp_locl.h
+++ openssl-1.1.1c/crypto/evp/evp_locl.h
--- openssl-1.1.1d.orig/crypto/evp/evp_locl.h 2019-09-11 15:52:54.181320486 +0200
+++ openssl-1.1.1d/crypto/evp/evp_locl.h 2019-09-11 15:53:13.513431593 +0200
@@ -41,6 +41,11 @@ struct evp_cipher_ctx_st {
unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
} /* EVP_CIPHER_CTX */ ;
@ -56,10 +56,10 @@ Index: openssl-1.1.1c/crypto/evp/evp_locl.h
int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
int passlen, ASN1_TYPE *param,
const EVP_CIPHER *c, const EVP_MD *md,
Index: openssl-1.1.1c/crypto/evp/evp_pbe.c
Index: openssl-1.1.1d/crypto/evp/evp_pbe.c
===================================================================
--- openssl-1.1.1c.orig/crypto/evp/evp_pbe.c
+++ openssl-1.1.1c/crypto/evp/evp_pbe.c
--- openssl-1.1.1d.orig/crypto/evp/evp_pbe.c 2019-09-11 15:52:54.181320486 +0200
+++ openssl-1.1.1d/crypto/evp/evp_pbe.c 2019-09-11 15:53:13.513431593 +0200
@@ -12,6 +12,7 @@
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
@ -68,10 +68,10 @@ Index: openssl-1.1.1c/crypto/evp/evp_pbe.c
#include "evp_locl.h"
/* Password based encryption (PBE) functions */
Index: openssl-1.1.1c/crypto/evp/kdf_lib.c
Index: openssl-1.1.1d/crypto/evp/kdf_lib.c
===================================================================
--- /dev/null
+++ openssl-1.1.1c/crypto/evp/kdf_lib.c
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/crypto/evp/kdf_lib.c 2019-09-11 15:53:13.513431593 +0200
@@ -0,0 +1,166 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -239,10 +239,10 @@ Index: openssl-1.1.1c/crypto/evp/kdf_lib.c
+ return ctx->kmeth->derive(ctx->impl, key, keylen);
+}
+
Index: openssl-1.1.1c/crypto/evp/p5_crpt2.c
Index: openssl-1.1.1d/crypto/evp/p5_crpt2.c
===================================================================
--- openssl-1.1.1c.orig/crypto/evp/p5_crpt2.c
+++ openssl-1.1.1c/crypto/evp/p5_crpt2.c
--- openssl-1.1.1d.orig/crypto/evp/p5_crpt2.c 2019-09-11 15:52:54.181320486 +0200
+++ openssl-1.1.1d/crypto/evp/p5_crpt2.c 2019-09-11 15:53:13.513431593 +0200
@@ -10,10 +10,12 @@
#include <stdio.h>
#include <stdlib.h>
@ -381,10 +381,10 @@ Index: openssl-1.1.1c/crypto/evp/p5_crpt2.c
}
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
Index: openssl-1.1.1c/crypto/evp/pkey_kdf.c
Index: openssl-1.1.1d/crypto/evp/pkey_kdf.c
===================================================================
--- /dev/null
+++ openssl-1.1.1c/crypto/evp/pkey_kdf.c
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/crypto/evp/pkey_kdf.c 2019-09-11 15:53:13.513431593 +0200
@@ -0,0 +1,255 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -641,10 +641,10 @@ Index: openssl-1.1.1c/crypto/evp/pkey_kdf.c
+ pkey_kdf_ctrl_str
+};
+
Index: openssl-1.1.1c/crypto/include/internal/evp_int.h
Index: openssl-1.1.1d/crypto/include/internal/evp_int.h
===================================================================
--- openssl-1.1.1c.orig/crypto/include/internal/evp_int.h
+++ openssl-1.1.1c/crypto/include/internal/evp_int.h
--- openssl-1.1.1d.orig/crypto/include/internal/evp_int.h 2019-09-11 15:52:54.181320486 +0200
+++ openssl-1.1.1d/crypto/include/internal/evp_int.h 2019-09-11 15:53:13.513431593 +0200
@@ -112,6 +112,25 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m
extern const EVP_PKEY_METHOD poly1305_pkey_meth;
extern const EVP_PKEY_METHOD siphash_pkey_meth;
@ -671,19 +671,19 @@ Index: openssl-1.1.1c/crypto/include/internal/evp_int.h
struct evp_md_st {
int type;
int pkey_type;
Index: openssl-1.1.1c/crypto/kdf/build.info
Index: openssl-1.1.1d/crypto/kdf/build.info
===================================================================
--- openssl-1.1.1c.orig/crypto/kdf/build.info
+++ openssl-1.1.1c/crypto/kdf/build.info
--- openssl-1.1.1d.orig/crypto/kdf/build.info 2019-09-11 15:52:54.181320486 +0200
+++ openssl-1.1.1d/crypto/kdf/build.info 2019-09-11 15:53:13.513431593 +0200
@@ -1,3 +1,3 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
- tls1_prf.c kdf_err.c hkdf.c scrypt.c
+ tls1_prf.c kdf_err.c kdf_util.c hkdf.c sshkdf.c scrypt.c pbkdf2.c
Index: openssl-1.1.1c/crypto/kdf/hkdf.c
Index: openssl-1.1.1d/crypto/kdf/hkdf.c
===================================================================
--- openssl-1.1.1c.orig/crypto/kdf/hkdf.c
+++ openssl-1.1.1c/crypto/kdf/hkdf.c
--- openssl-1.1.1d.orig/crypto/kdf/hkdf.c 2019-09-11 15:52:54.181320486 +0200
+++ openssl-1.1.1d/crypto/kdf/hkdf.c 2019-09-11 15:53:13.513431593 +0200
@@ -8,32 +8,33 @@
*/
@ -1150,10 +1150,10 @@ Index: openssl-1.1.1c/crypto/kdf/hkdf.c
err:
OPENSSL_cleanse(prev, sizeof(prev));
Index: openssl-1.1.1c/crypto/kdf/kdf_local.h
Index: openssl-1.1.1d/crypto/kdf/kdf_local.h
===================================================================
--- /dev/null
+++ openssl-1.1.1c/crypto/kdf/kdf_local.h
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/crypto/kdf/kdf_local.h 2019-09-11 15:53:13.513431593 +0200
@@ -0,0 +1,22 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1177,10 +1177,10 @@ Index: openssl-1.1.1c/crypto/kdf/kdf_local.h
+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
+ int cmd, const char *md_name);
+
Index: openssl-1.1.1c/crypto/kdf/kdf_util.c
Index: openssl-1.1.1d/crypto/kdf/kdf_util.c
===================================================================
--- /dev/null
+++ openssl-1.1.1c/crypto/kdf/kdf_util.c
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/crypto/kdf/kdf_util.c 2019-09-11 15:53:13.513431593 +0200
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1255,10 +1255,10 @@ Index: openssl-1.1.1c/crypto/kdf/kdf_util.c
+ return call_ctrl(ctrl, impl, cmd, md);
+}
+
Index: openssl-1.1.1c/crypto/kdf/pbkdf2.c
Index: openssl-1.1.1d/crypto/kdf/pbkdf2.c
===================================================================
--- /dev/null
+++ openssl-1.1.1c/crypto/kdf/pbkdf2.c
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/crypto/kdf/pbkdf2.c 2019-09-11 15:53:13.513431593 +0200
@@ -0,0 +1,264 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1524,10 +1524,10 @@ Index: openssl-1.1.1c/crypto/kdf/pbkdf2.c
+ HMAC_CTX_free(hctx_tpl);
+ return ret;
+}
Index: openssl-1.1.1c/crypto/kdf/scrypt.c
Index: openssl-1.1.1d/crypto/kdf/scrypt.c
===================================================================
--- openssl-1.1.1c.orig/crypto/kdf/scrypt.c
+++ openssl-1.1.1c/crypto/kdf/scrypt.c
--- openssl-1.1.1d.orig/crypto/kdf/scrypt.c 2019-09-11 15:52:54.185320508 +0200
+++ openssl-1.1.1d/crypto/kdf/scrypt.c 2019-09-11 15:53:13.513431593 +0200
@@ -8,25 +8,34 @@
*/
@ -2116,10 +2116,10 @@ Index: openssl-1.1.1c/crypto/kdf/scrypt.c
+}
#endif
Index: openssl-1.1.1c/crypto/kdf/sshkdf.c
Index: openssl-1.1.1d/crypto/kdf/sshkdf.c
===================================================================
--- /dev/null
+++ openssl-1.1.1c/crypto/kdf/sshkdf.c
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/crypto/kdf/sshkdf.c 2019-09-11 15:53:13.513431593 +0200
@@ -0,0 +1,288 @@
+/*
+ * Copyright 2018-2018 The OpenSSL Project Authors. All Rights Reserved.
@ -2409,10 +2409,10 @@ Index: openssl-1.1.1c/crypto/kdf/sshkdf.c
+ return ret;
+}
+
Index: openssl-1.1.1c/crypto/kdf/tls1_prf.c
Index: openssl-1.1.1d/crypto/kdf/tls1_prf.c
===================================================================
--- openssl-1.1.1c.orig/crypto/kdf/tls1_prf.c
+++ openssl-1.1.1c/crypto/kdf/tls1_prf.c
--- openssl-1.1.1d.orig/crypto/kdf/tls1_prf.c 2019-09-11 15:52:54.185320508 +0200
+++ openssl-1.1.1d/crypto/kdf/tls1_prf.c 2019-09-11 15:53:13.513431593 +0200
@@ -8,10 +8,15 @@
*/
@ -2681,11 +2681,11 @@ Index: openssl-1.1.1c/crypto/kdf/tls1_prf.c
if (EVP_MD_type(md) == NID_md5_sha1) {
size_t i;
unsigned char *tmp;
Index: openssl-1.1.1c/include/openssl/evperr.h
Index: openssl-1.1.1d/include/openssl/evperr.h
===================================================================
--- openssl-1.1.1c.orig/include/openssl/evperr.h
+++ openssl-1.1.1c/include/openssl/evperr.h
@@ -50,6 +50,9 @@ int ERR_load_EVP_strings(void);
--- openssl-1.1.1d.orig/include/openssl/evperr.h 2019-09-11 15:52:54.185320508 +0200
+++ openssl-1.1.1d/include/openssl/evperr.h 2019-09-11 15:55:36.806255073 +0200
@@ -57,6 +57,9 @@ int ERR_load_EVP_strings(void);
# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219
# define EVP_F_EVP_ENCRYPTFINAL_EX 127
# define EVP_F_EVP_ENCRYPTUPDATE 167
@ -2695,7 +2695,7 @@ Index: openssl-1.1.1c/include/openssl/evperr.h
# define EVP_F_EVP_MD_CTX_COPY_EX 110
# define EVP_F_EVP_MD_SIZE 162
# define EVP_F_EVP_OPENINIT 102
@@ -112,11 +115,13 @@ int ERR_load_EVP_strings(void);
@@ -119,12 +122,14 @@ int ERR_load_EVP_strings(void);
# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164
# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180
@ -2703,13 +2703,14 @@ Index: openssl-1.1.1c/include/openssl/evperr.h
# define EVP_F_PKEY_SET_TYPE 158
# define EVP_F_RC2_MAGIC_TO_METH 109
# define EVP_F_RC5_CTRL 125
# define EVP_F_R_32_12_16_INIT_KEY 242
# define EVP_F_S390X_AES_GCM_CTRL 201
# define EVP_F_UPDATE 173
+# define EVP_F_SCRYPT_ALG 228
/*
* EVP reason codes.
@@ -169,6 +174,7 @@ int ERR_load_EVP_strings(void);
@@ -178,6 +183,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_ONLY_ONESHOT_SUPPORTED 177
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
# define EVP_R_OPERATON_NOT_INITIALIZED 151
@ -2717,10 +2718,10 @@ Index: openssl-1.1.1c/include/openssl/evperr.h
# define EVP_R_PARTIALLY_OVERLAPPING 162
# define EVP_R_PBKDF2_ERROR 181
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
Index: openssl-1.1.1c/include/openssl/kdf.h
Index: openssl-1.1.1d/include/openssl/kdf.h
===================================================================
--- openssl-1.1.1c.orig/include/openssl/kdf.h
+++ openssl-1.1.1c/include/openssl/kdf.h
--- openssl-1.1.1d.orig/include/openssl/kdf.h 2019-09-11 15:52:54.185320508 +0200
+++ openssl-1.1.1d/include/openssl/kdf.h 2019-09-11 15:53:13.517431615 +0200
@@ -11,10 +11,61 @@
# define HEADER_KDF_H
@ -2799,11 +2800,11 @@ Index: openssl-1.1.1c/include/openssl/kdf.h
# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \
EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
Index: openssl-1.1.1c/include/openssl/kdferr.h
Index: openssl-1.1.1d/include/openssl/kdferr.h
===================================================================
--- openssl-1.1.1c.orig/include/openssl/kdferr.h
+++ openssl-1.1.1c/include/openssl/kdferr.h
@@ -31,6 +31,28 @@ int ERR_load_KDF_strings(void);
--- openssl-1.1.1d.orig/include/openssl/kdferr.h 2019-09-11 15:52:54.185320508 +0200
+++ openssl-1.1.1d/include/openssl/kdferr.h 2019-09-11 15:53:13.517431615 +0200
@@ -35,6 +35,28 @@ int ERR_load_KDF_strings(void);
# define KDF_F_PKEY_TLS1_PRF_DERIVE 101
# define KDF_F_PKEY_TLS1_PRF_INIT 110
# define KDF_F_TLS1_PRF_ALG 111
@ -2832,7 +2833,7 @@ Index: openssl-1.1.1c/include/openssl/kdferr.h
/*
* KDF reason codes.
@@ -47,5 +69,9 @@ int ERR_load_KDF_strings(void);
@@ -51,5 +73,9 @@ int ERR_load_KDF_strings(void);
# define KDF_R_UNKNOWN_PARAMETER_TYPE 103
# define KDF_R_VALUE_ERROR 108
# define KDF_R_VALUE_MISSING 102
@ -2842,10 +2843,10 @@ Index: openssl-1.1.1c/include/openssl/kdferr.h
+# define KDF_R_MISSING_XCGHASH 115
#endif
Index: openssl-1.1.1c/include/openssl/obj_mac.h
Index: openssl-1.1.1d/include/openssl/obj_mac.h
===================================================================
--- openssl-1.1.1c.orig/include/openssl/obj_mac.h
+++ openssl-1.1.1c/include/openssl/obj_mac.h
--- openssl-1.1.1d.orig/include/openssl/obj_mac.h 2019-09-11 15:52:54.189320532 +0200
+++ openssl-1.1.1d/include/openssl/obj_mac.h 2019-09-11 15:53:13.517431615 +0200
@@ -4970,6 +4970,10 @@
#define LN_hkdf "hkdf"
#define NID_hkdf 1036
@ -2857,10 +2858,10 @@ Index: openssl-1.1.1c/include/openssl/obj_mac.h
#define SN_id_pkinit "id-pkinit"
#define NID_id_pkinit 1031
#define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L
Index: openssl-1.1.1c/include/openssl/ossl_typ.h
Index: openssl-1.1.1d/include/openssl/ossl_typ.h
===================================================================
--- openssl-1.1.1c.orig/include/openssl/ossl_typ.h
+++ openssl-1.1.1c/include/openssl/ossl_typ.h
--- openssl-1.1.1d.orig/include/openssl/ossl_typ.h 2019-09-11 15:52:54.189320532 +0200
+++ openssl-1.1.1d/include/openssl/ossl_typ.h 2019-09-11 15:53:13.517431615 +0200
@@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E
typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
@ -2870,10 +2871,10 @@ Index: openssl-1.1.1c/include/openssl/ossl_typ.h
typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
typedef struct hmac_ctx_st HMAC_CTX;
Index: openssl-1.1.1c/test/recipes/30-test_evp.t
Index: openssl-1.1.1d/test/recipes/30-test_evp.t
===================================================================
--- openssl-1.1.1c.orig/test/recipes/30-test_evp.t
+++ openssl-1.1.1c/test/recipes/30-test_evp.t
--- openssl-1.1.1d.orig/test/recipes/30-test_evp.t 2019-09-11 15:52:54.189320532 +0200
+++ openssl-1.1.1d/test/recipes/30-test_evp.t 2019-09-11 15:53:13.517431615 +0200
@@ -15,8 +15,8 @@ use OpenSSL::Test qw/:DEFAULT data_file/
setup("test_evp");
@ -2885,10 +2886,10 @@ Index: openssl-1.1.1c/test/recipes/30-test_evp.t
plan tests => scalar(@files);
Index: openssl-1.1.1c/test/recipes/30-test_evp_data/evppkey_kdf.txt
Index: openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt
===================================================================
--- /dev/null
+++ openssl-1.1.1c/test/recipes/30-test_evp_data/evppkey_kdf.txt
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt 2019-09-11 15:53:13.517431615 +0200
@@ -0,0 +1,305 @@
+#
+# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
@ -3195,10 +3196,10 @@ Index: openssl-1.1.1c/test/recipes/30-test_evp_data/evppkey_kdf.txt
+Ctrl.p = p:1
+Result = INTERNAL_ERROR
+
Index: openssl-1.1.1c/test/recipes/30-test_evp_data/evpkdf.txt
Index: openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt
===================================================================
--- openssl-1.1.1c.orig/test/recipes/30-test_evp_data/evpkdf.txt
+++ openssl-1.1.1c/test/recipes/30-test_evp_data/evpkdf.txt
--- openssl-1.1.1d.orig/test/recipes/30-test_evp_data/evpkdf.txt 2019-09-11 15:52:54.193320554 +0200
+++ openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt 2019-09-11 15:53:13.521431638 +0200
@@ -1,5 +1,5 @@
#
-# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
@ -8438,10 +8439,10 @@ Index: openssl-1.1.1c/test/recipes/30-test_evp_data/evpkdf.txt
+Ctrl.type = type:A
+Output = FF
+Result = KDF_MISMATCH
Index: openssl-1.1.1c/test/evp_kdf_test.c
Index: openssl-1.1.1d/test/evp_kdf_test.c
===================================================================
--- /dev/null
+++ openssl-1.1.1c/test/evp_kdf_test.c
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/test/evp_kdf_test.c 2019-09-11 15:53:13.521431638 +0200
@@ -0,0 +1,237 @@
+/*
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
@ -8680,11 +8681,11 @@ Index: openssl-1.1.1c/test/evp_kdf_test.c
+#endif
+ return 1;
+}
Index: openssl-1.1.1c/test/evp_test.c
Index: openssl-1.1.1d/test/evp_test.c
===================================================================
--- openssl-1.1.1c.orig/test/evp_test.c
+++ openssl-1.1.1c/test/evp_test.c
@@ -1689,7 +1689,7 @@ static const EVP_TEST_METHOD encode_test
--- openssl-1.1.1d.orig/test/evp_test.c 2019-09-11 15:52:54.193320554 +0200
+++ openssl-1.1.1d/test/evp_test.c 2019-09-11 15:53:13.521431638 +0200
@@ -1711,7 +1711,7 @@ static const EVP_TEST_METHOD encode_test
typedef struct kdf_data_st {
/* Context for this operation */
@ -8693,7 +8694,7 @@ Index: openssl-1.1.1c/test/evp_test.c
/* Expected output */
unsigned char *output;
size_t output_len;
@@ -1716,16 +1716,11 @@ static int kdf_test_init(EVP_TEST *t, co
@@ -1738,16 +1738,11 @@ static int kdf_test_init(EVP_TEST *t, co
if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
return 0;
@ -8711,7 +8712,7 @@ Index: openssl-1.1.1c/test/evp_test.c
t->data = kdata;
return 1;
}
@@ -1734,7 +1729,42 @@ static void kdf_test_cleanup(EVP_TEST *t
@@ -1756,7 +1751,42 @@ static void kdf_test_cleanup(EVP_TEST *t
{
KDF_DATA *kdata = t->data;
OPENSSL_free(kdata->output);
@ -8755,7 +8756,7 @@ Index: openssl-1.1.1c/test/evp_test.c
}
static int kdf_test_parse(EVP_TEST *t,
@@ -1745,7 +1775,7 @@ static int kdf_test_parse(EVP_TEST *t,
@@ -1767,7 +1797,7 @@ static int kdf_test_parse(EVP_TEST *t,
if (strcmp(keyword, "Output") == 0)
return parse_bin(value, &kdata->output, &kdata->output_len);
if (strncmp(keyword, "Ctrl", 4) == 0)
@ -8764,7 +8765,7 @@ Index: openssl-1.1.1c/test/evp_test.c
return 0;
}
@@ -1759,7 +1789,7 @@ static int kdf_test_run(EVP_TEST *t)
@@ -1781,7 +1811,7 @@ static int kdf_test_run(EVP_TEST *t)
t->err = "INTERNAL_ERROR";
goto err;
}
@ -8773,7 +8774,7 @@ Index: openssl-1.1.1c/test/evp_test.c
t->err = "KDF_DERIVE_ERROR";
goto err;
}
@@ -1785,6 +1815,106 @@ static const EVP_TEST_METHOD kdf_test_me
@@ -1807,6 +1837,106 @@ static const EVP_TEST_METHOD kdf_test_me
/**
@ -8880,7 +8881,7 @@ Index: openssl-1.1.1c/test/evp_test.c
*** KEYPAIR TESTS
**/
@@ -2288,6 +2418,7 @@ static const EVP_TEST_METHOD *evp_test_l
@@ -2310,6 +2440,7 @@ static const EVP_TEST_METHOD *evp_test_l
&digestverify_test_method,
&encode_test_method,
&kdf_test_method,
@ -8888,11 +8889,11 @@ Index: openssl-1.1.1c/test/evp_test.c
&keypair_test_method,
&keygen_test_method,
&mac_test_method,
Index: openssl-1.1.1c/test/build.info
Index: openssl-1.1.1d/test/build.info
===================================================================
--- openssl-1.1.1c.orig/test/build.info
+++ openssl-1.1.1c/test/build.info
@@ -43,7 +43,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
--- openssl-1.1.1d.orig/test/build.info 2019-09-11 15:52:54.193320554 +0200
+++ openssl-1.1.1d/test/build.info 2019-09-11 15:53:13.521431638 +0200
@@ -44,7 +44,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
bio_callback_test bio_memleak_test \
bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \
@ -8902,7 +8903,7 @@ Index: openssl-1.1.1c/test/build.info
asn1_encode_test asn1_decode_test asn1_string_table_test \
x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
recordlentest drbgtest sslbuffertest \
@@ -335,6 +336,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
@@ -336,6 +337,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
INCLUDE[pkey_meth_kdf_test]=../include
DEPEND[pkey_meth_kdf_test]=../libcrypto libtestutil.a
@ -8913,10 +8914,10 @@ Index: openssl-1.1.1c/test/build.info
SOURCE[x509_time_test]=x509_time_test.c
INCLUDE[x509_time_test]=../include
DEPEND[x509_time_test]=../libcrypto libtestutil.a
Index: openssl-1.1.1c/test/pkey_meth_kdf_test.c
Index: openssl-1.1.1d/test/pkey_meth_kdf_test.c
===================================================================
--- openssl-1.1.1c.orig/test/pkey_meth_kdf_test.c
+++ openssl-1.1.1c/test/pkey_meth_kdf_test.c
--- openssl-1.1.1d.orig/test/pkey_meth_kdf_test.c 2019-09-11 15:52:54.193320554 +0200
+++ openssl-1.1.1d/test/pkey_meth_kdf_test.c 2019-09-11 15:53:13.521431638 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
@ -9120,10 +9121,10 @@ Index: openssl-1.1.1c/test/pkey_meth_kdf_test.c
}
#endif
Index: openssl-1.1.1c/test/recipes/30-test_evp_kdf.t
Index: openssl-1.1.1d/test/recipes/30-test_evp_kdf.t
===================================================================
--- /dev/null
+++ openssl-1.1.1c/test/recipes/30-test_evp_kdf.t
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/test/recipes/30-test_evp_kdf.t 2019-09-11 15:53:13.521431638 +0200
@@ -0,0 +1,13 @@
+#! /usr/bin/env perl
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -9138,26 +9139,26 @@ Index: openssl-1.1.1c/test/recipes/30-test_evp_kdf.t
+use OpenSSL::Test::Simple;
+
+simple_test("test_evp_kdf", "evp_kdf_test");
Index: openssl-1.1.1c/util/libcrypto.num
Index: openssl-1.1.1d/util/libcrypto.num
===================================================================
--- openssl-1.1.1c.orig/util/libcrypto.num
+++ openssl-1.1.1c/util/libcrypto.num
@@ -4580,3 +4580,11 @@ EVP_PKEY_meth_get_digest_custom
OPENSSL_INIT_set_config_filename 4534 1_1_1b EXIST::FUNCTION:STDIO
OPENSSL_INIT_set_config_file_flags 4535 1_1_1b EXIST::FUNCTION:STDIO
--- openssl-1.1.1d.orig/util/libcrypto.num 2019-09-11 15:53:13.525431662 +0200
+++ openssl-1.1.1d/util/libcrypto.num 2019-09-11 15:58:08.483126793 +0200
@@ -4582,3 +4582,11 @@ OPENSSL_INIT_set_config_file_flags
EVP_PKEY_get0_engine 4536 1_1_1c EXIST::FUNCTION:ENGINE
+EVP_KDF_CTX_new_id 4537 1_1_1c EXIST::FUNCTION:
+EVP_KDF_CTX_free 4538 1_1_1c EXIST::FUNCTION:
+EVP_KDF_reset 4539 1_1_1c EXIST::FUNCTION:
+EVP_KDF_ctrl 4540 1_1_1c EXIST::FUNCTION:
+EVP_KDF_vctrl 4541 1_1_1c EXIST::FUNCTION:
+EVP_KDF_ctrl_str 4542 1_1_1c EXIST::FUNCTION:
+EVP_KDF_size 4543 1_1_1c EXIST::FUNCTION:
+EVP_KDF_derive 4544 1_1_1c EXIST::FUNCTION:
Index: openssl-1.1.1c/util/private.num
X509_get0_authority_serial 4537 1_1_1d EXIST::FUNCTION:
X509_get0_authority_issuer 4538 1_1_1d EXIST::FUNCTION:
+EVP_KDF_CTX_new_id 4539 1_1_1d EXIST::FUNCTION:
+EVP_KDF_CTX_free 4540 1_1_1d EXIST::FUNCTION:
+EVP_KDF_reset 4541 1_1_1d EXIST::FUNCTION:
+EVP_KDF_ctrl 4542 1_1_1d EXIST::FUNCTION:
+EVP_KDF_vctrl 4543 1_1_1d EXIST::FUNCTION:
+EVP_KDF_ctrl_str 4544 1_1_1d EXIST::FUNCTION:
+EVP_KDF_size 4545 1_1_1d EXIST::FUNCTION:
+EVP_KDF_derive 4546 1_1_1d EXIST::FUNCTION:
Index: openssl-1.1.1d/util/private.num
===================================================================
--- openssl-1.1.1c.orig/util/private.num
+++ openssl-1.1.1c/util/private.num
--- openssl-1.1.1d.orig/util/private.num 2019-09-11 15:52:54.197320577 +0200
+++ openssl-1.1.1d/util/private.num 2019-09-11 15:53:13.525431662 +0200
@@ -21,6 +21,7 @@ CRYPTO_EX_dup
CRYPTO_EX_free datatype
CRYPTO_EX_new datatype
@ -9166,19 +9167,11 @@ Index: openssl-1.1.1c/util/private.num
EVP_PKEY_gen_cb datatype
EVP_PKEY_METHOD datatype
EVP_PKEY_ASN1_METHOD datatype
Index: openssl-1.1.1c/crypto/evp/evp_err.c
Index: openssl-1.1.1d/crypto/evp/evp_err.c
===================================================================
--- openssl-1.1.1c.orig/crypto/evp/evp_err.c
+++ openssl-1.1.1c/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -55,6 +55,9 @@ static const ERR_STRING_DATA EVP_str_fun
--- openssl-1.1.1d.orig/crypto/evp/evp_err.c 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/evp/evp_err.c 2019-09-11 15:58:49.675363525 +0200
@@ -59,6 +59,9 @@ static const ERR_STRING_DATA EVP_str_fun
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),
"EVP_EncryptFinal_ex"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTUPDATE, 0), "EVP_EncryptUpdate"},
@ -9188,20 +9181,21 @@ Index: openssl-1.1.1c/crypto/evp/evp_err.c
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_CTX_COPY_EX, 0), "EVP_MD_CTX_copy_ex"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_SIZE, 0), "EVP_MD_size"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_OPENINIT, 0), "EVP_OpenInit"},
@@ -146,10 +149,12 @@ static const ERR_STRING_DATA EVP_str_fun
"PKCS5_v2_PBKDF2_keyivgen"},
@@ -151,11 +154,13 @@ static const ERR_STRING_DATA EVP_str_fun
{ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, 0),
"PKCS5_v2_scrypt_keyivgen"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_KDF_CTRL, 0), "pkey_kdf_ctrl"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_KDF_CTRL, 0), "pkey_kdf_ctrl"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_R_32_12_16_INIT_KEY, 0),
"r_32_12_16_init_key"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_SCRYPT_ALG, 0), "scrypt_alg"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"},
{0, NULL}
};
@@ -230,7 +235,9 @@ static const ERR_STRING_DATA EVP_str_rea
@@ -237,7 +242,9 @@ static const ERR_STRING_DATA EVP_str_rea
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
"operation not supported for this keytype"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
@ -9212,10 +9206,10 @@ Index: openssl-1.1.1c/crypto/evp/evp_err.c
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
"partially overlapping buffers"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
Index: openssl-1.1.1c/crypto/evp/pbe_scrypt.c
Index: openssl-1.1.1d/crypto/evp/pbe_scrypt.c
===================================================================
--- openssl-1.1.1c.orig/crypto/evp/pbe_scrypt.c
+++ openssl-1.1.1c/crypto/evp/pbe_scrypt.c
--- openssl-1.1.1d.orig/crypto/evp/pbe_scrypt.c 2019-09-11 15:52:54.197320577 +0200
+++ openssl-1.1.1d/crypto/evp/pbe_scrypt.c 2019-09-11 15:53:13.525431662 +0200
@@ -7,135 +7,12 @@
* https://www.openssl.org/source/license.html
*/
@ -9484,10 +9478,10 @@ Index: openssl-1.1.1c/crypto/evp/pbe_scrypt.c
}
+
#endif
Index: openssl-1.1.1c/crypto/kdf/kdf_err.c
Index: openssl-1.1.1d/crypto/kdf/kdf_err.c
===================================================================
--- openssl-1.1.1c.orig/crypto/kdf/kdf_err.c
+++ openssl-1.1.1c/crypto/kdf/kdf_err.c
--- openssl-1.1.1d.orig/crypto/kdf/kdf_err.c 2019-09-11 15:52:54.197320577 +0200
+++ openssl-1.1.1d/crypto/kdf/kdf_err.c 2019-09-11 15:53:13.525431662 +0200
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
@ -9555,10 +9549,10 @@ Index: openssl-1.1.1c/crypto/kdf/kdf_err.c
{0, NULL}
};
Index: openssl-1.1.1c/crypto/objects/obj_dat.h
Index: openssl-1.1.1d/crypto/objects/obj_dat.h
===================================================================
--- openssl-1.1.1c.orig/crypto/objects/obj_dat.h
+++ openssl-1.1.1c/crypto/objects/obj_dat.h
--- openssl-1.1.1d.orig/crypto/objects/obj_dat.h 2019-09-11 15:52:54.197320577 +0200
+++ openssl-1.1.1d/crypto/objects/obj_dat.h 2019-09-11 15:53:13.525431662 +0200
@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */
};
@ -9605,19 +9599,19 @@ Index: openssl-1.1.1c/crypto/objects/obj_dat.h
16, /* "stateOrProvinceName" */
660, /* "streetAddress" */
498, /* "subtreeMaximumQuality" */
Index: openssl-1.1.1c/crypto/objects/obj_mac.num
Index: openssl-1.1.1d/crypto/objects/obj_mac.num
===================================================================
--- openssl-1.1.1c.orig/crypto/objects/obj_mac.num
+++ openssl-1.1.1c/crypto/objects/obj_mac.num
--- openssl-1.1.1d.orig/crypto/objects/obj_mac.num 2019-09-11 15:52:54.261320945 +0200
+++ openssl-1.1.1d/crypto/objects/obj_mac.num 2019-09-11 15:53:13.529431684 +0200
@@ -1192,3 +1192,4 @@ magma_cfb 1191
magma_mac 1192
hmacWithSHA512_224 1193
hmacWithSHA512_256 1194
+sshkdf 1195
Index: openssl-1.1.1c/crypto/objects/objects.txt
Index: openssl-1.1.1d/crypto/objects/objects.txt
===================================================================
--- openssl-1.1.1c.orig/crypto/objects/objects.txt
+++ openssl-1.1.1c/crypto/objects/objects.txt
--- openssl-1.1.1d.orig/crypto/objects/objects.txt 2019-09-11 15:52:54.265320969 +0200
+++ openssl-1.1.1d/crypto/objects/objects.txt 2019-09-11 15:53:13.529431684 +0200
@@ -1600,6 +1600,9 @@ secg-scheme 14 3 : dhSinglePass-cofactor
# NID for HKDF
: HKDF : hkdf
@ -9628,10 +9622,10 @@ Index: openssl-1.1.1c/crypto/objects/objects.txt
# RFC 4556
1 3 6 1 5 2 3 : id-pkinit
id-pkinit 4 : pkInitClientAuth : PKINIT Client Auth
Index: openssl-1.1.1c/doc/man3/EVP_KDF_CTX.pod
Index: openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod
===================================================================
--- /dev/null
+++ openssl-1.1.1c/doc/man3/EVP_KDF_CTX.pod
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod 2019-09-11 15:53:13.529431684 +0200
@@ -0,0 +1,217 @@
+=pod
+
@ -9850,10 +9844,10 @@ Index: openssl-1.1.1c/doc/man3/EVP_KDF_CTX.pod
+L<https://www.openssl.org/source/license.html>.
+
+=cut
Index: openssl-1.1.1c/doc/man7/EVP_KDF_HKDF.pod
Index: openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod
===================================================================
--- /dev/null
+++ openssl-1.1.1c/doc/man7/EVP_KDF_HKDF.pod
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod 2019-09-11 15:53:13.529431684 +0200
@@ -0,0 +1,180 @@
+=pod
+
@ -10035,10 +10029,10 @@ Index: openssl-1.1.1c/doc/man7/EVP_KDF_HKDF.pod
+L<https://www.openssl.org/source/license.html>.
+
+=cut
Index: openssl-1.1.1c/doc/man7/EVP_KDF_PBKDF2.pod
Index: openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod
===================================================================
--- /dev/null
+++ openssl-1.1.1c/doc/man7/EVP_KDF_PBKDF2.pod
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod 2019-09-11 15:53:13.529431684 +0200
@@ -0,0 +1,78 @@
+=pod
+
@ -10118,10 +10112,10 @@ Index: openssl-1.1.1c/doc/man7/EVP_KDF_PBKDF2.pod
+L<https://www.openssl.org/source/license.html>.
+
+=cut
Index: openssl-1.1.1c/doc/man7/EVP_KDF_SCRYPT.pod
Index: openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod
===================================================================
--- /dev/null
+++ openssl-1.1.1c/doc/man7/EVP_KDF_SCRYPT.pod
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod 2019-09-11 15:53:13.529431684 +0200
@@ -0,0 +1,149 @@
+=pod
+
@ -10272,10 +10266,10 @@ Index: openssl-1.1.1c/doc/man7/EVP_KDF_SCRYPT.pod
+L<https://www.openssl.org/source/license.html>.
+
+=cut
Index: openssl-1.1.1c/doc/man7/EVP_KDF_TLS1_PRF.pod
Index: openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod
===================================================================
--- /dev/null
+++ openssl-1.1.1c/doc/man7/EVP_KDF_TLS1_PRF.pod
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod 2019-09-11 15:53:13.529431684 +0200
@@ -0,0 +1,142 @@
+=pod
+
@ -10419,10 +10413,10 @@ Index: openssl-1.1.1c/doc/man7/EVP_KDF_TLS1_PRF.pod
+L<https://www.openssl.org/source/license.html>.
+
+=cut
Index: openssl-1.1.1c/doc/man7/scrypt.pod
Index: openssl-1.1.1d/doc/man7/scrypt.pod
===================================================================
--- openssl-1.1.1c.orig/doc/man7/scrypt.pod
+++ /dev/null
--- openssl-1.1.1d.orig/doc/man7/scrypt.pod 2019-09-11 15:53:13.529431684 +0200
+++ /dev/null 1970-01-01 00:00:00.000000000 +0000
@@ -1,115 +0,0 @@
-=pod
-
@ -10464,7 +10458,7 @@ Index: openssl-1.1.1c/doc/man7/scrypt.pod
-The output length of an scrypt key derivation is specified via the
-length parameter to the L<EVP_PKEY_derive(3)> function.
-
-=head1 EXAMPLE
-=head1 EXAMPLES
-
-This example derives a 64-byte long test vector using scrypt using the password
-"password", salt "NaCl" and N = 1024, r = 8, p = 16.
@ -10531,7 +10525,7 @@ Index: openssl-1.1.1c/doc/man7/scrypt.pod
-
-=head1 COPYRIGHT
-
-Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
-Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the OpenSSL license (the "License"). You may not use
-this file except in compliance with the License. You can obtain a copy
@ -10539,10 +10533,10 @@ Index: openssl-1.1.1c/doc/man7/scrypt.pod
-L<https://www.openssl.org/source/license.html>.
-
-=cut
Index: openssl-1.1.1c/doc/man7/EVP_KDF_SSHKDF.pod
Index: openssl-1.1.1d/doc/man7/EVP_KDF_SSHKDF.pod
===================================================================
--- /dev/null
+++ openssl-1.1.1c/doc/man7/EVP_KDF_SSHKDF.pod
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/doc/man7/EVP_KDF_SSHKDF.pod 2019-09-11 15:53:13.529431684 +0200
@@ -0,0 +1,175 @@
+=pod
+