SHA256
1
0
forked from pool/openssl-1_1

Accepting request 786956 from home:vitezslav_cizek:branches:security:tls

- Update to 1.1.1e
  * Properly detect EOF while reading in libssl. Previously if we hit an EOF
    while reading in libssl then we would report an error back to the
    application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
    an error to the stack (which means we instead return SSL_ERROR_SSL) and
    therefore give a hint as to what went wrong.
  * Check that ed25519 and ed448 are allowed by the security level. Previously
    signature algorithms not using an MD were not being checked that they were
    allowed by the security level.
  * Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername()
    was not quite right. The behaviour was not consistent between resumption
    and normal handshakes, and also not quite consistent with historical
    behaviour. The behaviour in various scenarios has been clarified and
    it has been updated to make it match historical behaviour as closely as
    possible.
  * Corrected the documentation of the return values from the EVP_DigestSign*
    set of functions.  The documentation mentioned negative values for some
    errors, but this was never the case, so the mention of negative values
    was removed.
  * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
    The presence of this system service is determined at run-time.
  * Added newline escaping functionality to a filename when using openssl dgst.
    This output format is to replicate the output format found in the '*sum'
    checksum programs. This aims to preserve backward compatibility.
  * Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just
    the first value.
- Update bunch of patches as the internal crypto headers got reorganized
- drop openssl-1_1-CVE-2019-1551.patch (upstream)

- openssl dgst: default to SHA256 only when called without a digest,

OBS-URL: https://build.opensuse.org/request/show/786956
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=65
This commit is contained in:
Pedro Monreal Gonzalez 2020-03-20 17:43:35 +00:00 committed by Git OBS Bridge
parent 8e4d5710d8
commit 32ced036f1
22 changed files with 680 additions and 1713 deletions

View File

@ -13,17 +13,10 @@ Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/chacha/build.info | 1 +
2 files changed, 558 insertions(+), 259 deletions(-)
Index: openssl-1.1.1c/crypto/chacha/asm/chacha-s390x.pl
Index: openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl
===================================================================
--- openssl-1.1.1c.orig/crypto/chacha/asm/chacha-s390x.pl 2019-06-06 12:15:57.271195550 +0200
+++ openssl-1.1.1c/crypto/chacha/asm/chacha-s390x.pl 2019-06-06 12:16:43.787489780 +0200
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
--- openssl-1.1.1e.orig/crypto/chacha/asm/chacha-s390x.pl 2020-03-19 11:43:25.650616856 +0100
+++ openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl 2020-03-19 11:43:40.614692484 +0100
@@ -20,41 +20,46 @@
#
# 3 times faster than compiler-generated code.
@ -859,7 +852,7 @@ Index: openssl-1.1.1c/crypto/chacha/asm/chacha-s390x.pl
+SIZE ("_s390x_chacha_novx",".-_s390x_chacha_novx");
+}
}
-close STDOUT;
-close STDOUT or die "error closing STDOUT: $!";
+################
+
+ALIGN (64);

View File

@ -942,7 +942,7 @@ index 21ca86055e..390f9eefe7 100755
-$code =~ s/\b(srlg\s+)(%r[0-9]+\s*,)\s*([0-9]+)/$1$2$2$3/gm;
-
-print $code;
-close STDOUT;
-close STDOUT or die "error closing STDOUT: $!";
+GLOBL ("poly1305_emit");
+TYPE ("poly1305_emit","\@function");
+ALIGN (16);

View File

@ -1,7 +1,7 @@
Index: openssl-1.1.1d/crypto/err/openssl.txt
Index: openssl-1.1.1e/crypto/err/openssl.txt
===================================================================
--- openssl-1.1.1d.orig/crypto/err/openssl.txt 2020-01-23 13:45:11.124632385 +0100
+++ openssl-1.1.1d/crypto/err/openssl.txt 2020-01-23 13:45:31.704754695 +0100
--- openssl-1.1.1e.orig/crypto/err/openssl.txt 2020-03-20 14:37:07.940876078 +0100
+++ openssl-1.1.1e/crypto/err/openssl.txt 2020-03-20 16:12:06.574822921 +0100
@@ -753,6 +753,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn
EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate
EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex
@ -52,7 +52,7 @@ Index: openssl-1.1.1d/crypto/err/openssl.txt
KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg
OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid
@@ -2280,6 +2303,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on
@@ -2284,6 +2307,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
operation not supported for this keytype
EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
@ -60,7 +60,7 @@ Index: openssl-1.1.1d/crypto/err/openssl.txt
EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
EVP_R_PBKDF2_ERROR:181:pbkdf2 error
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
@@ -2316,6 +2340,7 @@ KDF_R_MISSING_SEED:106:missing seed
@@ -2320,6 +2344,7 @@ KDF_R_MISSING_SEED:106:missing seed
KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
KDF_R_VALUE_ERROR:108:value error
KDF_R_VALUE_MISSING:102:value missing
@ -68,10 +68,10 @@ Index: openssl-1.1.1d/crypto/err/openssl.txt
OBJ_R_OID_EXISTS:102:oid exists
OBJ_R_UNKNOWN_NID:101:unknown nid
OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error
Index: openssl-1.1.1d/crypto/evp/build.info
Index: openssl-1.1.1e/crypto/evp/build.info
===================================================================
--- openssl-1.1.1d.orig/crypto/evp/build.info 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/evp/build.info 2020-01-23 13:45:11.468634429 +0100
--- openssl-1.1.1e.orig/crypto/evp/build.info 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/evp/build.info 2020-03-20 14:37:08.204877468 +0100
@@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\
p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
@ -82,38 +82,10 @@ Index: openssl-1.1.1d/crypto/evp/build.info
e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
e_chacha20_poly1305.c cmeth_lib.c
Index: openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c
Index: openssl-1.1.1e/crypto/evp/evp_err.c
===================================================================
--- openssl-1.1.1d.orig/crypto/evp/e_chacha20_poly1305.c 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/evp/e_chacha20_poly1305.c 2020-01-23 13:45:11.468634429 +0100
@@ -14,8 +14,8 @@
# include <openssl/evp.h>
# include <openssl/objects.h>
-# include "evp_locl.h"
# include "internal/evp_int.h"
+# include "evp_locl.h"
# include "internal/chacha.h"
typedef struct {
Index: openssl-1.1.1d/crypto/evp/encode.c
===================================================================
--- openssl-1.1.1d.orig/crypto/evp/encode.c 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/evp/encode.c 2020-01-23 13:45:11.468634429 +0100
@@ -11,8 +11,8 @@
#include <limits.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
-#include "evp_locl.h"
#include "internal/evp_int.h"
+#include "evp_locl.h"
static unsigned char conv_ascii2bin(unsigned char a,
const unsigned char *table);
Index: openssl-1.1.1d/crypto/evp/evp_err.c
===================================================================
--- openssl-1.1.1d.orig/crypto/evp/evp_err.c 2020-01-23 13:45:11.228633003 +0100
+++ openssl-1.1.1d/crypto/evp/evp_err.c 2020-01-23 13:45:11.468634429 +0100
--- openssl-1.1.1e.orig/crypto/evp/evp_err.c 2020-03-20 14:37:08.036876583 +0100
+++ openssl-1.1.1e/crypto/evp/evp_err.c 2020-03-20 14:37:08.204877468 +0100
@@ -60,6 +60,9 @@ static const ERR_STRING_DATA EVP_str_fun
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),
"EVP_EncryptFinal_ex"},
@ -139,7 +111,7 @@ Index: openssl-1.1.1d/crypto/evp/evp_err.c
{ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"},
{0, NULL}
};
@@ -240,6 +245,8 @@ static const ERR_STRING_DATA EVP_str_rea
@@ -241,6 +246,8 @@ static const ERR_STRING_DATA EVP_str_rea
"operation not supported for this keytype"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
"operaton not initialized"},
@ -148,10 +120,10 @@ Index: openssl-1.1.1d/crypto/evp/evp_err.c
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
"partially overlapping buffers"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
Index: openssl-1.1.1d/crypto/evp/evp_locl.h
Index: openssl-1.1.1e/crypto/evp/evp_local.h
===================================================================
--- openssl-1.1.1d.orig/crypto/evp/evp_locl.h 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/evp/evp_locl.h 2020-01-23 13:45:11.468634429 +0100
--- openssl-1.1.1e.orig/crypto/evp/evp_local.h 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/evp/evp_local.h 2020-03-20 16:12:26.722928201 +0100
@@ -41,6 +41,11 @@ struct evp_cipher_ctx_st {
unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
} /* EVP_CIPHER_CTX */ ;
@ -164,22 +136,22 @@ Index: openssl-1.1.1d/crypto/evp/evp_locl.h
int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
int passlen, ASN1_TYPE *param,
const EVP_CIPHER *c, const EVP_MD *md,
Index: openssl-1.1.1d/crypto/evp/evp_pbe.c
Index: openssl-1.1.1e/crypto/evp/evp_pbe.c
===================================================================
--- openssl-1.1.1d.orig/crypto/evp/evp_pbe.c 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/evp/evp_pbe.c 2020-01-23 13:45:11.468634429 +0100
--- openssl-1.1.1e.orig/crypto/evp/evp_pbe.c 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/evp/evp_pbe.c 2020-03-20 14:37:08.204877468 +0100
@@ -12,6 +12,7 @@
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
#include <openssl/x509.h>
+#include "internal/evp_int.h"
#include "evp_locl.h"
+#include "crypto/evp.h"
#include "evp_local.h"
/* Password based encryption (PBE) functions */
Index: openssl-1.1.1d/crypto/evp/kdf_lib.c
Index: openssl-1.1.1e/crypto/evp/kdf_lib.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/crypto/evp/kdf_lib.c 2020-01-23 13:45:31.704754695 +0100
+++ openssl-1.1.1e/crypto/evp/kdf_lib.c 2020-03-20 16:12:06.574822921 +0100
@@ -0,0 +1,165 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -198,10 +170,10 @@ Index: openssl-1.1.1d/crypto/evp/kdf_lib.c
+#include <openssl/evp.h>
+#include <openssl/x509v3.h>
+#include <openssl/kdf.h>
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+#include "internal/numbers.h"
+#include "evp_locl.h"
+#include "evp_local.h"
+
+typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
+
@ -346,10 +318,10 @@ Index: openssl-1.1.1d/crypto/evp/kdf_lib.c
+ return ctx->kmeth->derive(ctx->impl, key, keylen);
+}
+
Index: openssl-1.1.1d/crypto/evp/p5_crpt2.c
Index: openssl-1.1.1e/crypto/evp/p5_crpt2.c
===================================================================
--- openssl-1.1.1d.orig/crypto/evp/p5_crpt2.c 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/evp/p5_crpt2.c 2020-01-23 13:45:11.468634429 +0100
--- openssl-1.1.1e.orig/crypto/evp/p5_crpt2.c 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/evp/p5_crpt2.c 2020-03-20 14:37:08.208877488 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
@ -364,13 +336,13 @@ Index: openssl-1.1.1d/crypto/evp/p5_crpt2.c
-# include <openssl/x509.h>
-# include <openssl/evp.h>
-# include <openssl/hmac.h>
-# include "evp_locl.h"
-# include "evp_local.h"
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+#include <openssl/hmac.h>
+#include "internal/evp_int.h"
+#include "evp_locl.h"
+#include "crypto/evp.h"
+#include "evp_local.h"
/* set this to print out info about the keygen algorithm */
/* #define OPENSSL_DEBUG_PKCS5V2 */
@ -498,10 +470,10 @@ Index: openssl-1.1.1d/crypto/evp/p5_crpt2.c
}
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
Index: openssl-1.1.1d/crypto/evp/pbe_scrypt.c
Index: openssl-1.1.1e/crypto/evp/pbe_scrypt.c
===================================================================
--- openssl-1.1.1d.orig/crypto/evp/pbe_scrypt.c 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/evp/pbe_scrypt.c 2020-01-23 13:45:11.468634429 +0100
--- openssl-1.1.1e.orig/crypto/evp/pbe_scrypt.c 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/evp/pbe_scrypt.c 2020-03-20 14:37:08.208877488 +0100
@@ -7,135 +7,12 @@
* https://www.openssl.org/source/license.html
*/
@ -772,10 +744,10 @@ Index: openssl-1.1.1d/crypto/evp/pbe_scrypt.c
}
+
#endif
Index: openssl-1.1.1d/crypto/evp/pkey_kdf.c
Index: openssl-1.1.1e/crypto/evp/pkey_kdf.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/crypto/evp/pkey_kdf.c 2020-01-23 13:45:11.468634429 +0100
+++ openssl-1.1.1e/crypto/evp/pkey_kdf.c 2020-03-20 16:11:56.326769377 +0100
@@ -0,0 +1,255 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -791,7 +763,7 @@ Index: openssl-1.1.1d/crypto/evp/pkey_kdf.c
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/kdf.h>
+#include "internal/evp_int.h"
+#include "crypto/evp.h"
+
+static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
+{
@ -1032,10 +1004,10 @@ Index: openssl-1.1.1d/crypto/evp/pkey_kdf.c
+ pkey_kdf_ctrl_str
+};
+
Index: openssl-1.1.1d/crypto/include/internal/evp_int.h
Index: openssl-1.1.1e/include/crypto/evp.h
===================================================================
--- openssl-1.1.1d.orig/crypto/include/internal/evp_int.h 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/include/internal/evp_int.h 2020-01-23 13:45:31.704754695 +0100
--- openssl-1.1.1e.orig/include/crypto/evp.h 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/include/crypto/evp.h 2020-03-20 16:12:06.574822921 +0100
@@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m
extern const EVP_PKEY_METHOD poly1305_pkey_meth;
extern const EVP_PKEY_METHOD siphash_pkey_meth;
@ -1061,19 +1033,19 @@ Index: openssl-1.1.1d/crypto/include/internal/evp_int.h
struct evp_md_st {
int type;
int pkey_type;
Index: openssl-1.1.1d/crypto/kdf/build.info
Index: openssl-1.1.1e/crypto/kdf/build.info
===================================================================
--- openssl-1.1.1d.orig/crypto/kdf/build.info 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/kdf/build.info 2020-01-23 13:45:31.704754695 +0100
--- openssl-1.1.1e.orig/crypto/kdf/build.info 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/kdf/build.info 2020-03-20 16:12:06.574822921 +0100
@@ -1,3 +1,3 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
- tls1_prf.c kdf_err.c hkdf.c scrypt.c
+ tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c
Index: openssl-1.1.1d/crypto/kdf/hkdf.c
Index: openssl-1.1.1e/crypto/kdf/hkdf.c
===================================================================
--- openssl-1.1.1d.orig/crypto/kdf/hkdf.c 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/kdf/hkdf.c 2020-01-23 13:45:11.468634429 +0100
--- openssl-1.1.1e.orig/crypto/kdf/hkdf.c 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/kdf/hkdf.c 2020-03-20 14:37:08.208877488 +0100
@@ -8,32 +8,33 @@
*/
@ -1085,7 +1057,7 @@ Index: openssl-1.1.1d/crypto/kdf/hkdf.c
#include <openssl/evp.h>
+#include <openssl/kdf.h>
#include "internal/cryptlib.h"
#include "internal/evp_int.h"
#include "crypto/evp.h"
+#include "kdf_local.h"
#define HKDF_MAXBUF 1024
@ -1540,10 +1512,10 @@ Index: openssl-1.1.1d/crypto/kdf/hkdf.c
err:
OPENSSL_cleanse(prev, sizeof(prev));
Index: openssl-1.1.1d/crypto/kdf/kdf_err.c
Index: openssl-1.1.1e/crypto/kdf/kdf_err.c
===================================================================
--- openssl-1.1.1d.orig/crypto/kdf/kdf_err.c 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/kdf/kdf_err.c 2020-01-23 13:45:31.704754695 +0100
--- openssl-1.1.1e.orig/crypto/kdf/kdf_err.c 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/kdf/kdf_err.c 2020-03-20 16:12:06.574822921 +0100
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
@ -1599,10 +1571,10 @@ Index: openssl-1.1.1d/crypto/kdf/kdf_err.c
{0, NULL}
};
Index: openssl-1.1.1d/crypto/kdf/kdf_local.h
Index: openssl-1.1.1e/crypto/kdf/kdf_local.h
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/crypto/kdf/kdf_local.h 2020-01-23 13:45:11.468634429 +0100
+++ openssl-1.1.1e/crypto/kdf/kdf_local.h 2020-03-20 14:37:08.208877488 +0100
@@ -0,0 +1,22 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1626,10 +1598,10 @@ Index: openssl-1.1.1d/crypto/kdf/kdf_local.h
+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
+ int cmd, const char *md_name);
+
Index: openssl-1.1.1d/crypto/kdf/kdf_util.c
Index: openssl-1.1.1e/crypto/kdf/kdf_util.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/crypto/kdf/kdf_util.c 2020-01-23 13:45:11.468634429 +0100
+++ openssl-1.1.1e/crypto/kdf/kdf_util.c 2020-03-20 14:37:08.208877488 +0100
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1646,7 +1618,7 @@ Index: openssl-1.1.1d/crypto/kdf/kdf_util.c
+#include <openssl/kdf.h>
+#include <openssl/evp.h>
+#include "internal/cryptlib.h"
+#include "internal/evp_int.h"
+#include "crypto/evp.h"
+#include "internal/numbers.h"
+#include "kdf_local.h"
+
@ -1704,10 +1676,10 @@ Index: openssl-1.1.1d/crypto/kdf/kdf_util.c
+ return call_ctrl(ctrl, impl, cmd, md);
+}
+
Index: openssl-1.1.1d/crypto/kdf/pbkdf2.c
Index: openssl-1.1.1e/crypto/kdf/pbkdf2.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/crypto/kdf/pbkdf2.c 2020-01-23 13:45:11.468634429 +0100
+++ openssl-1.1.1e/crypto/kdf/pbkdf2.c 2020-03-20 14:37:08.208877488 +0100
@@ -0,0 +1,264 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1725,7 +1697,7 @@ Index: openssl-1.1.1d/crypto/kdf/pbkdf2.c
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+#include "internal/cryptlib.h"
+#include "internal/evp_int.h"
+#include "crypto/evp.h"
+#include "kdf_local.h"
+
+static void kdf_pbkdf2_reset(EVP_KDF_IMPL *impl);
@ -1973,10 +1945,10 @@ Index: openssl-1.1.1d/crypto/kdf/pbkdf2.c
+ HMAC_CTX_free(hctx_tpl);
+ return ret;
+}
Index: openssl-1.1.1d/crypto/kdf/scrypt.c
Index: openssl-1.1.1e/crypto/kdf/scrypt.c
===================================================================
--- openssl-1.1.1d.orig/crypto/kdf/scrypt.c 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/kdf/scrypt.c 2020-01-23 13:45:11.472634451 +0100
--- openssl-1.1.1e.orig/crypto/kdf/scrypt.c 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/kdf/scrypt.c 2020-03-20 14:37:08.208877488 +0100
@@ -8,25 +8,34 @@
*/
@ -1989,7 +1961,7 @@ Index: openssl-1.1.1d/crypto/kdf/scrypt.c
-#include "internal/cryptlib.h"
+#include <openssl/kdf.h>
+#include <openssl/err.h>
#include "internal/evp_int.h"
#include "crypto/evp.h"
+#include "internal/numbers.h"
+#include "kdf_local.h"
@ -2565,10 +2537,10 @@ Index: openssl-1.1.1d/crypto/kdf/scrypt.c
+}
#endif
Index: openssl-1.1.1d/crypto/kdf/tls1_prf.c
Index: openssl-1.1.1e/crypto/kdf/tls1_prf.c
===================================================================
--- openssl-1.1.1d.orig/crypto/kdf/tls1_prf.c 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/kdf/tls1_prf.c 2020-01-23 13:45:11.472634451 +0100
--- openssl-1.1.1e.orig/crypto/kdf/tls1_prf.c 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/kdf/tls1_prf.c 2020-03-20 14:37:08.208877488 +0100
@@ -8,11 +8,15 @@
*/
@ -2579,7 +2551,7 @@ Index: openssl-1.1.1d/crypto/kdf/tls1_prf.c
-#include <openssl/kdf.h>
#include <openssl/evp.h>
+#include <openssl/kdf.h>
#include "internal/evp_int.h"
#include "crypto/evp.h"
+#include "kdf_local.h"
+static void kdf_tls1_prf_reset(EVP_KDF_IMPL *impl);
@ -2852,10 +2824,10 @@ Index: openssl-1.1.1d/crypto/kdf/tls1_prf.c
OPENSSL_clear_free(tmp, olen);
return 0;
}
Index: openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod
Index: openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod 2020-01-23 13:45:11.472634451 +0100
+++ openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod 2020-03-20 14:37:08.208877488 +0100
@@ -0,0 +1,217 @@
+=pod
+
@ -3074,10 +3046,10 @@ Index: openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod
+L<https://www.openssl.org/source/license.html>.
+
+=cut
Index: openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod
Index: openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod 2020-01-23 13:45:11.472634451 +0100
+++ openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod 2020-03-20 14:37:08.208877488 +0100
@@ -0,0 +1,180 @@
+=pod
+
@ -3259,10 +3231,10 @@ Index: openssl-1.1.1d/doc/man7/EVP_KDF_HKDF.pod
+L<https://www.openssl.org/source/license.html>.
+
+=cut
Index: openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod
Index: openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod 2020-01-23 13:45:11.472634451 +0100
+++ openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod 2020-03-20 14:37:08.208877488 +0100
@@ -0,0 +1,78 @@
+=pod
+
@ -3342,10 +3314,10 @@ Index: openssl-1.1.1d/doc/man7/EVP_KDF_PBKDF2.pod
+L<https://www.openssl.org/source/license.html>.
+
+=cut
Index: openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod
Index: openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod 2020-01-23 13:45:11.472634451 +0100
+++ openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod 2020-03-20 14:37:08.208877488 +0100
@@ -0,0 +1,149 @@
+=pod
+
@ -3496,10 +3468,10 @@ Index: openssl-1.1.1d/doc/man7/EVP_KDF_SCRYPT.pod
+L<https://www.openssl.org/source/license.html>.
+
+=cut
Index: openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod
Index: openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod 2020-01-23 13:45:11.472634451 +0100
+++ openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod 2020-03-20 14:37:08.208877488 +0100
@@ -0,0 +1,142 @@
+=pod
+
@ -3643,10 +3615,10 @@ Index: openssl-1.1.1d/doc/man7/EVP_KDF_TLS1_PRF.pod
+L<https://www.openssl.org/source/license.html>.
+
+=cut
Index: openssl-1.1.1d/include/openssl/evperr.h
Index: openssl-1.1.1e/include/openssl/evperr.h
===================================================================
--- openssl-1.1.1d.orig/include/openssl/evperr.h 2020-01-23 13:45:11.344633691 +0100
+++ openssl-1.1.1d/include/openssl/evperr.h 2020-01-23 13:45:11.472634451 +0100
--- openssl-1.1.1e.orig/include/openssl/evperr.h 2020-03-20 14:37:08.084876835 +0100
+++ openssl-1.1.1e/include/openssl/evperr.h 2020-03-20 14:37:08.208877488 +0100
@@ -58,6 +58,9 @@ int ERR_load_EVP_strings(void);
# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219
# define EVP_F_EVP_ENCRYPTFINAL_EX 127
@ -3671,7 +3643,7 @@ Index: openssl-1.1.1d/include/openssl/evperr.h
# define EVP_F_UPDATE 173
/*
@@ -180,6 +185,7 @@ int ERR_load_EVP_strings(void);
@@ -181,6 +186,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_ONLY_ONESHOT_SUPPORTED 177
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
# define EVP_R_OPERATON_NOT_INITIALIZED 151
@ -3679,10 +3651,10 @@ Index: openssl-1.1.1d/include/openssl/evperr.h
# define EVP_R_PARTIALLY_OVERLAPPING 162
# define EVP_R_PBKDF2_ERROR 181
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
Index: openssl-1.1.1d/include/openssl/kdferr.h
Index: openssl-1.1.1e/include/openssl/kdferr.h
===================================================================
--- openssl-1.1.1d.orig/include/openssl/kdferr.h 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/include/openssl/kdferr.h 2020-01-23 13:45:31.704754695 +0100
--- openssl-1.1.1e.orig/include/openssl/kdferr.h 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/include/openssl/kdferr.h 2020-03-20 16:12:06.574822921 +0100
@@ -23,6 +23,23 @@ int ERR_load_KDF_strings(void);
/*
* KDF function codes.
@ -3722,10 +3694,10 @@ Index: openssl-1.1.1d/include/openssl/kdferr.h
+# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112
#endif
Index: openssl-1.1.1d/include/openssl/kdf.h
Index: openssl-1.1.1e/include/openssl/kdf.h
===================================================================
--- openssl-1.1.1d.orig/include/openssl/kdf.h 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/include/openssl/kdf.h 2020-01-23 13:45:31.704754695 +0100
--- openssl-1.1.1e.orig/include/openssl/kdf.h 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/include/openssl/kdf.h 2020-03-20 16:12:06.574822921 +0100
@@ -10,10 +10,50 @@
#ifndef HEADER_KDF_H
# define HEADER_KDF_H
@ -3804,10 +3776,10 @@ Index: openssl-1.1.1d/include/openssl/kdf.h
}
# endif
#endif
Index: openssl-1.1.1d/include/openssl/ossl_typ.h
Index: openssl-1.1.1e/include/openssl/ossl_typ.h
===================================================================
--- openssl-1.1.1d.orig/include/openssl/ossl_typ.h 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/include/openssl/ossl_typ.h 2020-01-23 13:45:11.472634451 +0100
--- openssl-1.1.1e.orig/include/openssl/ossl_typ.h 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/include/openssl/ossl_typ.h 2020-03-20 14:37:08.212877511 +0100
@@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E
typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
@ -3817,10 +3789,10 @@ Index: openssl-1.1.1d/include/openssl/ossl_typ.h
typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
typedef struct hmac_ctx_st HMAC_CTX;
Index: openssl-1.1.1d/test/build.info
Index: openssl-1.1.1e/test/build.info
===================================================================
--- openssl-1.1.1d.orig/test/build.info 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/test/build.info 2020-01-23 13:45:11.472634451 +0100
--- openssl-1.1.1e.orig/test/build.info 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/test/build.info 2020-03-20 14:37:08.212877511 +0100
@@ -44,7 +44,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
bio_callback_test bio_memleak_test \
@ -3842,10 +3814,10 @@ Index: openssl-1.1.1d/test/build.info
SOURCE[x509_time_test]=x509_time_test.c
INCLUDE[x509_time_test]=../include
DEPEND[x509_time_test]=../libcrypto libtestutil.a
Index: openssl-1.1.1d/test/evp_kdf_test.c
Index: openssl-1.1.1e/test/evp_kdf_test.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/test/evp_kdf_test.c 2020-01-23 13:45:11.472634451 +0100
+++ openssl-1.1.1e/test/evp_kdf_test.c 2020-03-20 14:37:08.212877511 +0100
@@ -0,0 +1,237 @@
+/*
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
@ -4084,10 +4056,10 @@ Index: openssl-1.1.1d/test/evp_kdf_test.c
+#endif
+ return 1;
+}
Index: openssl-1.1.1d/test/evp_test.c
Index: openssl-1.1.1e/test/evp_test.c
===================================================================
--- openssl-1.1.1d.orig/test/evp_test.c 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/test/evp_test.c 2020-01-23 13:45:11.472634451 +0100
--- openssl-1.1.1e.orig/test/evp_test.c 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/test/evp_test.c 2020-03-20 14:37:08.212877511 +0100
@@ -1705,13 +1705,14 @@ static const EVP_TEST_METHOD encode_test
encode_test_run,
};
@ -4299,10 +4271,10 @@ Index: openssl-1.1.1d/test/evp_test.c
&keypair_test_method,
&keygen_test_method,
&mac_test_method,
Index: openssl-1.1.1d/test/pkey_meth_kdf_test.c
Index: openssl-1.1.1e/test/pkey_meth_kdf_test.c
===================================================================
--- openssl-1.1.1d.orig/test/pkey_meth_kdf_test.c 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/test/pkey_meth_kdf_test.c 2020-01-23 13:45:11.472634451 +0100
--- openssl-1.1.1e.orig/test/pkey_meth_kdf_test.c 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/test/pkey_meth_kdf_test.c 2020-03-20 14:37:08.212877511 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
@ -4506,10 +4478,10 @@ Index: openssl-1.1.1d/test/pkey_meth_kdf_test.c
}
#endif
Index: openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt
Index: openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt
===================================================================
--- openssl-1.1.1d.orig/test/recipes/30-test_evp_data/evpkdf.txt 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt 2020-01-23 13:45:31.704754695 +0100
--- openssl-1.1.1e.orig/test/recipes/30-test_evp_data/evpkdf.txt 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt 2020-03-20 16:12:06.574822921 +0100
@@ -1,5 +1,5 @@
#
-# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
@ -4908,10 +4880,10 @@ Index: openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt
+Ctrl.digest = digest:sha512
+Output = 00ef42cdbfc98d29db20976608e455567fdddf14
+
Index: openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt
Index: openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt 2020-01-23 13:45:11.476634476 +0100
+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt 2020-03-20 14:37:08.212877511 +0100
@@ -0,0 +1,305 @@
+#
+# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
@ -5218,10 +5190,10 @@ Index: openssl-1.1.1d/test/recipes/30-test_evp_data/evppkey_kdf.txt
+Ctrl.p = p:1
+Result = INTERNAL_ERROR
+
Index: openssl-1.1.1d/test/recipes/30-test_evp_kdf.t
Index: openssl-1.1.1e/test/recipes/30-test_evp_kdf.t
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/test/recipes/30-test_evp_kdf.t 2020-01-23 13:45:11.476634476 +0100
+++ openssl-1.1.1e/test/recipes/30-test_evp_kdf.t 2020-03-20 14:37:08.212877511 +0100
@@ -0,0 +1,13 @@
+#! /usr/bin/env perl
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -5236,10 +5208,10 @@ Index: openssl-1.1.1d/test/recipes/30-test_evp_kdf.t
+use OpenSSL::Test::Simple;
+
+simple_test("test_evp_kdf", "evp_kdf_test");
Index: openssl-1.1.1d/test/recipes/30-test_evp.t
Index: openssl-1.1.1e/test/recipes/30-test_evp.t
===================================================================
--- openssl-1.1.1d.orig/test/recipes/30-test_evp.t 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/test/recipes/30-test_evp.t 2020-01-23 13:45:11.476634476 +0100
--- openssl-1.1.1e.orig/test/recipes/30-test_evp.t 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/test/recipes/30-test_evp.t 2020-03-20 14:37:08.212877511 +0100
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/
setup("test_evp");
@ -5249,11 +5221,11 @@ Index: openssl-1.1.1d/test/recipes/30-test_evp.t
"evpcase.txt", "evpccmcavs.txt" );
plan tests => scalar(@files);
Index: openssl-1.1.1d/util/libcrypto.num
Index: openssl-1.1.1e/util/libcrypto.num
===================================================================
--- openssl-1.1.1d.orig/util/libcrypto.num 2020-01-23 13:45:11.348633716 +0100
+++ openssl-1.1.1d/util/libcrypto.num 2020-01-23 13:45:11.476634476 +0100
@@ -4617,3 +4617,11 @@ FIPS_drbg_get_strength
--- openssl-1.1.1e.orig/util/libcrypto.num 2020-03-20 14:37:08.088876857 +0100
+++ openssl-1.1.1e/util/libcrypto.num 2020-03-20 16:11:58.798782289 +0100
@@ -4622,3 +4622,11 @@ FIPS_drbg_get_strength
FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION:
FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION:
FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION:
@ -5265,10 +5237,10 @@ Index: openssl-1.1.1d/util/libcrypto.num
+EVP_KDF_ctrl_str 6595 1_1_1b EXIST::FUNCTION:
+EVP_KDF_size 6596 1_1_1b EXIST::FUNCTION:
+EVP_KDF_derive 6597 1_1_1b EXIST::FUNCTION:
Index: openssl-1.1.1d/util/private.num
Index: openssl-1.1.1e/util/private.num
===================================================================
--- openssl-1.1.1d.orig/util/private.num 2020-01-23 13:45:11.032631836 +0100
+++ openssl-1.1.1d/util/private.num 2020-01-23 13:45:11.476634476 +0100
--- openssl-1.1.1e.orig/util/private.num 2020-03-20 14:37:07.856875635 +0100
+++ openssl-1.1.1e/util/private.num 2020-03-20 14:37:08.212877511 +0100
@@ -22,6 +22,7 @@ CRYPTO_EX_dup
CRYPTO_EX_free datatype
CRYPTO_EX_new datatype
@ -5277,3 +5249,31 @@ Index: openssl-1.1.1d/util/private.num
EVP_PKEY_gen_cb datatype
EVP_PKEY_METHOD datatype
EVP_PKEY_ASN1_METHOD datatype
Index: openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c
===================================================================
--- openssl-1.1.1e.orig/crypto/evp/e_chacha20_poly1305.c 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c 2020-03-20 16:12:44.271019899 +0100
@@ -14,8 +14,8 @@
# include <openssl/evp.h>
# include <openssl/objects.h>
-# include "evp_local.h"
# include "crypto/evp.h"
+# include "evp_local.h"
# include "crypto/chacha.h"
typedef struct {
Index: openssl-1.1.1e/crypto/evp/encode.c
===================================================================
--- openssl-1.1.1e.orig/crypto/evp/encode.c 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/evp/encode.c 2020-03-20 16:15:09.491778701 +0100
@@ -11,8 +11,8 @@
#include <limits.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
-#include "evp_local.h"
#include "crypto/evp.h"
+#include "evp_local.h"
static unsigned char conv_ascii2bin(unsigned char a,
const unsigned char *table);

View File

@ -1,7 +1,7 @@
Index: openssl-1.1.1d/crypto/include/internal/rand_int.h
Index: openssl-1.1.1d/include/crypto/rand.h
===================================================================
--- openssl-1.1.1d.orig/crypto/include/internal/rand_int.h 2020-01-23 13:45:11.368633835 +0100
+++ openssl-1.1.1d/crypto/include/internal/rand_int.h 2020-01-23 13:45:11.384633930 +0100
--- openssl-1.1.1d.orig/include/crypto/rand.h 2020-01-23 13:45:11.368633835 +0100
+++ openssl-1.1.1d/include/crypto/rand.h 2020-01-23 13:45:11.384633930 +0100
@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN
void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
@ -75,9 +75,9 @@ Index: openssl-1.1.1d/crypto/rand/rand_crng_test.c
+
+#include <string.h>
+#include <openssl/evp.h>
+#include "internal/rand_int.h"
+#include "crypto/rand.h"
+#include "internal/thread_once.h"
+#include "rand_lcl.h"
+#include "rand_local.h"
+
+static RAND_POOL *crngt_pool;
+static unsigned char crngt_prev[EVP_MAX_MD_SIZE];
@ -177,10 +177,10 @@ Index: openssl-1.1.1d/crypto/rand/rand_crng_test.c
+{
+ OPENSSL_secure_clear_free(out, outlen);
+}
Index: openssl-1.1.1d/crypto/rand/rand_lcl.h
Index: openssl-1.1.1d/crypto/rand/rand_local.h
===================================================================
--- openssl-1.1.1d.orig/crypto/rand/rand_lcl.h 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/rand/rand_lcl.h 2020-01-23 13:45:11.384633930 +0100
--- openssl-1.1.1d.orig/crypto/rand/rand_local.h 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/rand/rand_local.h 2020-01-23 13:45:11.384633930 +0100
@@ -33,7 +33,15 @@
# define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */
# define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */

View File

@ -1,12 +1,12 @@
Index: openssl-1.1.1d/crypto/fips/fips.c
Index: openssl-1.1.1e/crypto/fips/fips.c
===================================================================
--- openssl-1.1.1d.orig/crypto/fips/fips.c 2020-01-23 13:45:11.232633025 +0100
+++ openssl-1.1.1d/crypto/fips/fips.c 2020-01-23 13:45:48.216852822 +0100
--- openssl-1.1.1e.orig/crypto/fips/fips.c 2020-03-20 14:08:12.235758574 +0100
+++ openssl-1.1.1e/crypto/fips/fips.c 2020-03-20 14:08:13.787766679 +0100
@@ -68,6 +68,7 @@
# include <openssl/fips.h>
# include "internal/thread_once.h"
+# include "internal/rand_int.h"
+# include "crypto/rand.h"
# ifndef PATH_MAX
# define PATH_MAX 1024
@ -52,10 +52,10 @@ Index: openssl-1.1.1d/crypto/fips/fips.c
ret = 1;
goto end;
}
Index: openssl-1.1.1d/crypto/include/internal/fips_int.h
Index: openssl-1.1.1e/include/crypto/fips_int.h
===================================================================
--- openssl-1.1.1d.orig/crypto/include/internal/fips_int.h 2020-01-23 13:45:11.336633643 +0100
+++ openssl-1.1.1d/crypto/include/internal/fips_int.h 2020-01-23 13:45:11.368633835 +0100
--- openssl-1.1.1e.orig/include/crypto/fips_int.h 2020-03-20 14:08:12.239758595 +0100
+++ openssl-1.1.1e/include/crypto/fips_int.h 2020-03-20 14:08:13.787766679 +0100
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
int FIPS_selftest_drbg(void);
int FIPS_selftest_cmac(void);
@ -65,10 +65,10 @@ Index: openssl-1.1.1d/crypto/include/internal/fips_int.h
int fips_pkey_signature_test(EVP_PKEY *pkey,
const unsigned char *tbs, int tbslen,
const unsigned char *kat,
Index: openssl-1.1.1d/crypto/include/internal/rand_int.h
Index: openssl-1.1.1e/include/crypto/rand.h
===================================================================
--- openssl-1.1.1d.orig/crypto/include/internal/rand_int.h 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/include/internal/rand_int.h 2020-01-23 13:45:53.964886989 +0100
--- openssl-1.1.1e.orig/include/crypto/rand.h 2020-03-20 14:08:12.239758595 +0100
+++ openssl-1.1.1e/include/crypto/rand.h 2020-03-20 14:08:13.791766699 +0100
@@ -24,6 +24,7 @@
typedef struct rand_pool_st RAND_POOL;
@ -77,10 +77,10 @@ Index: openssl-1.1.1d/crypto/include/internal/rand_int.h
void rand_drbg_cleanup_int(void);
void drbg_delete_thread_state(void);
Index: openssl-1.1.1d/crypto/rand/drbg_lib.c
Index: openssl-1.1.1e/crypto/rand/drbg_lib.c
===================================================================
--- openssl-1.1.1d.orig/crypto/rand/drbg_lib.c 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/rand/drbg_lib.c 2020-01-23 13:45:53.964886989 +0100
--- openssl-1.1.1e.orig/crypto/rand/drbg_lib.c 2020-03-20 14:08:12.239758595 +0100
+++ openssl-1.1.1e/crypto/rand/drbg_lib.c 2020-03-20 14:08:13.791766699 +0100
@@ -1009,6 +1009,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
return min_entropy > min_entropylen ? min_entropy : min_entropylen;
}
@ -102,15 +102,15 @@ Index: openssl-1.1.1d/crypto/rand/drbg_lib.c
/* Implements the default OpenSSL RAND_add() method */
static int drbg_add(const void *buf, int num, double randomness)
{
Index: openssl-1.1.1d/crypto/rand/rand_unix.c
Index: openssl-1.1.1e/crypto/rand/rand_unix.c
===================================================================
--- openssl-1.1.1d.orig/crypto/rand/rand_unix.c 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/rand/rand_unix.c 2020-01-23 13:45:11.368633835 +0100
--- openssl-1.1.1e.orig/crypto/rand/rand_unix.c 2020-03-20 14:08:12.239758595 +0100
+++ openssl-1.1.1e/crypto/rand/rand_unix.c 2020-03-20 14:08:41.763912735 +0100
@@ -17,10 +17,12 @@
#include <openssl/crypto.h>
#include "rand_lcl.h"
#include "internal/rand_int.h"
+#include "internal/fips_int.h"
#include "rand_local.h"
#include "crypto/rand.h"
+#include "crypto/fips_int.h"
#include <stdio.h>
#include "internal/dso.h"
#ifdef __linux
@ -119,7 +119,7 @@ Index: openssl-1.1.1d/crypto/rand/rand_unix.c
# ifdef DEVRANDOM_WAIT
# include <sys/shm.h>
# include <sys/utsname.h>
@@ -295,7 +297,7 @@ static ssize_t sysctl_random(char *buf,
@@ -342,7 +344,7 @@ static ssize_t sysctl_random(char *buf,
* syscall_random(): Try to get random data using a system call
* returns the number of bytes returned in buf, or < 0 on error.
*/
@ -128,7 +128,7 @@ Index: openssl-1.1.1d/crypto/rand/rand_unix.c
{
/*
* Note: 'buflen' equals the size of the buffer which is used by the
@@ -317,6 +319,7 @@ static ssize_t syscall_random(void *buf,
@@ -364,6 +366,7 @@ static ssize_t syscall_random(void *buf,
* - Linux since 3.17 with glibc 2.25
* - FreeBSD since 12.0 (1200061)
*/
@ -136,7 +136,7 @@ Index: openssl-1.1.1d/crypto/rand/rand_unix.c
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
@@ -338,10 +341,10 @@ static ssize_t syscall_random(void *buf,
@@ -385,10 +388,10 @@ static ssize_t syscall_random(void *buf,
if (p_getentropy.p != NULL)
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
# endif
@ -150,7 +150,7 @@ Index: openssl-1.1.1d/crypto/rand/rand_unix.c
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
return sysctl_random(buf, buflen);
# else
@@ -576,6 +579,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
@@ -623,6 +626,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
size_t entropy_available;
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
@ -160,7 +160,7 @@ Index: openssl-1.1.1d/crypto/rand/rand_unix.c
{
size_t bytes_needed;
unsigned char *buffer;
@@ -586,7 +592,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
@@ -633,7 +639,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
while (bytes_needed != 0 && attempts-- > 0) {
buffer = rand_pool_add_begin(pool, bytes_needed);
@ -169,7 +169,7 @@ Index: openssl-1.1.1d/crypto/rand/rand_unix.c
if (bytes > 0) {
rand_pool_add_end(pool, bytes, 8 * bytes);
bytes_needed -= bytes;
@@ -621,8 +627,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
@@ -668,8 +674,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
int attempts = 3;
const int fd = get_random_device(i);
@ -181,7 +181,7 @@ Index: openssl-1.1.1d/crypto/rand/rand_unix.c
while (bytes_needed != 0 && attempts-- > 0) {
buffer = rand_pool_add_begin(pool, bytes_needed);
@@ -685,7 +693,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
@@ -732,7 +740,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
return entropy_available;
}
# endif

File diff suppressed because it is too large Load Diff

View File

@ -51,10 +51,10 @@ Index: openssl-1.1.1d/crypto/evp/kdf_lib.c
};
DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *,
Index: openssl-1.1.1d/crypto/include/internal/evp_int.h
Index: openssl-1.1.1d/include/crypto/evp.h
===================================================================
--- openssl-1.1.1d.orig/crypto/include/internal/evp_int.h 2020-01-23 13:45:11.468634429 +0100
+++ openssl-1.1.1d/crypto/include/internal/evp_int.h 2020-01-23 13:45:11.488634548 +0100
--- openssl-1.1.1d.orig/include/crypto/evp.h 2020-01-23 13:45:11.468634429 +0100
+++ openssl-1.1.1d/include/crypto/evp.h 2020-01-23 13:45:11.488634548 +0100
@@ -129,6 +129,7 @@ extern const EVP_KDF_METHOD pbkdf2_kdf_m
extern const EVP_KDF_METHOD scrypt_kdf_meth;
extern const EVP_KDF_METHOD tls1_prf_kdf_meth;
@ -118,7 +118,7 @@ Index: openssl-1.1.1d/crypto/kdf/sshkdf.c
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+#include "internal/cryptlib.h"
+#include "internal/evp_int.h"
+#include "crypto/evp.h"
+#include "kdf_local.h"
+
+/* See RFC 4253, Section 7.2 */

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2
size 8845861

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl13oWoACgkQ2cTSbQ5g
RJH0Agf+IekQXtSPsrn/5RMgXFGSyK+S1BpFhyoJRvDocVZAxwgvd4F1fcYkFVXH
5+Q6o6s6tIDb+VkuIajcDxTQvrFoXKWMbsFsu3NBAan5R0OlYINRYtXULg0ZqQv4
zxclCSLQTpuMyptuGGbg0/8+9IAhGFk2XSA5EEI+SC6lswRQiT7p6dbULj4CvH3m
7mqovojAAaEJpgfG8b+L+QBJ4XId99uC6tiLM1tTMCsn1ErLsTd366fzEpC1w12a
V/gWQ1mVs+bmSRySPx8mO4CpHfhAI+sZrSsWG+UXP9Guf9YKHFLJDiSrX7EmvszR
B+/LvZqce4iCnwCUoIuYhxM6EybDdQ==
=v5CI
-----END PGP SIGNATURE-----

3
openssl-1.1.1e.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:694f61ac11cb51c9bf73f54e771ff6022b0327a43bbdfa1b2f19de1662a6dcbe
size 9792634

11
openssl-1.1.1e.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl5w3zsACgkQ2cTSbQ5g
RJGAhAgAuX8zgGf2QK/fx1H1zmyR3j0oetXHb+tohlqITZYWl1V3nG4rciL0awOI
vBXNFQHKLBC+yY8AwXUqymGyOUTCEANT+ENeC9bfKigoEgo26V+bMzkU5dST3khy
scaYT4TEAjNVHeDb3Bt5jh8H/dNeUIKKan9ng29zrSfSHd7nXMEgPQMCgxSLdyYQ
Ej1VnFhuIc4e6I4tXWPUUhG3jqezpuOJi6h29DUg3mG+4UIyFXAUJr8vIg3ldasG
/A1QNVRMKROUHe1Bhm5v6zS7p9OnVHPkXPcoJTtIaciIU4wGMeeo/zoEgng+opin
X5+7jkfapyP9z+7CSl85BcrW3xrK+g==
=+Xvm
-----END PGP SIGNATURE-----

File diff suppressed because it is too large Load Diff

View File

@ -1,3 +1,48 @@
-------------------------------------------------------------------
Fri Mar 20 11:58:08 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
- Update to 1.1.1e
* Properly detect EOF while reading in libssl. Previously if we hit an EOF
while reading in libssl then we would report an error back to the
application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
an error to the stack (which means we instead return SSL_ERROR_SSL) and
therefore give a hint as to what went wrong.
* Check that ed25519 and ed448 are allowed by the security level. Previously
signature algorithms not using an MD were not being checked that they were
allowed by the security level.
* Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername()
was not quite right. The behaviour was not consistent between resumption
and normal handshakes, and also not quite consistent with historical
behaviour. The behaviour in various scenarios has been clarified and
it has been updated to make it match historical behaviour as closely as
possible.
* Corrected the documentation of the return values from the EVP_DigestSign*
set of functions. The documentation mentioned negative values for some
errors, but this was never the case, so the mention of negative values
was removed.
* Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
The presence of this system service is determined at run-time.
* Added newline escaping functionality to a filename when using openssl dgst.
This output format is to replicate the output format found in the '*sum'
checksum programs. This aims to preserve backward compatibility.
* Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just
the first value.
- Update bunch of patches as the internal crypto headers got reorganized
- drop openssl-1_1-CVE-2019-1551.patch (upstream)
-------------------------------------------------------------------
Fri Mar 20 10:22:27 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
- openssl dgst: default to SHA256 only when called without a digest,
not when it couldn't be found (bsc#1166189)
* add openssl-unknown_dgst.patch
-------------------------------------------------------------------
Wed Mar 4 08:23:23 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
- Limit the DRBG selftests to not deplete entropy (bsc#1165274)
* update openssl-fips_selftest_upstream_drbg.patch
-------------------------------------------------------------------
Wed Feb 26 13:28:14 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>

View File

@ -21,7 +21,7 @@
%define _rname openssl
Name: openssl-1_1
# Don't forget to update the version in the "openssl" package!
Version: 1.1.1d
Version: 1.1.1e
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL
@ -50,9 +50,6 @@ Patch10: 0003-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch
Patch11: 0004-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch
Patch12: 0005-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch
Patch13: 0006-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch
# OpenSSL Security Advisory [6 December 2019] bsc#1158809 CVE-2019-1551
# PATCH-FIX-UPSTREAM Integer overflow in RSAZ modular exponentiation on x86_64
Patch15: openssl-1_1-CVE-2019-1551.patch
# PATCH-FIX-UPSTREAM bsc#1152695 jsc#SLE-7861 Support for CPACF enhancements - part 1 (crypto)
Patch16: openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
Patch17: openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch
@ -85,6 +82,7 @@ Patch43: openssl-keep_EVP_KDF_functions_version.patch
Patch44: openssl-fips_fix_selftests_return_value.patch
Patch45: openssl-fips-add-SHA3-selftest.patch
Patch46: openssl-fips_selftest_upstream_drbg.patch
Patch47: openssl-unknown_dgst.patch
# PATCH-FIX-UPSTREAM jsc#SLE-7403 Support for CPACF enhancements - part 2 (crypto)
Patch50: openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch
Patch51: openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch

View File

@ -13,7 +13,7 @@ Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)
---
crypto/ec/ec2_smpl.c | 3 +
crypto/ec/ec_lcl.h | 15 +++++
crypto/ec/ec_local.h | 15 +++++
crypto/ec/ecdsa_ossl.c | 107 ++++++++++++++++++++++++------------
crypto/ec/ecp_mont.c | 3 +
crypto/ec/ecp_nist.c | 3 +
@ -27,10 +27,10 @@ Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
include/openssl/ecerr.h | 1 +
13 files changed, 119 insertions(+), 36 deletions(-)
Index: openssl-1.1.1d/crypto/ec/ec2_smpl.c
Index: openssl-1.1.1e/crypto/ec/ec2_smpl.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ec2_smpl.c
+++ openssl-1.1.1d/crypto/ec/ec2_smpl.c
--- openssl-1.1.1e.orig/crypto/ec/ec2_smpl.c 2020-03-20 13:03:13.823258089 +0100
+++ openssl-1.1.1e/crypto/ec/ec2_smpl.c 2020-03-20 13:03:17.247276054 +0100
@@ -956,6 +956,9 @@ const EC_METHOD *EC_GF2m_simple_method(v
0, /* keycopy */
0, /* keyfinish */
@ -41,10 +41,10 @@ Index: openssl-1.1.1d/crypto/ec/ec2_smpl.c
0, /* field_inverse_mod_ord */
0, /* blind_coordinates */
ec_GF2m_simple_ladder_pre,
Index: openssl-1.1.1d/crypto/ec/ec_lcl.h
Index: openssl-1.1.1e/crypto/ec/ec_local.h
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ec_lcl.h
+++ openssl-1.1.1d/crypto/ec/ec_lcl.h
--- openssl-1.1.1e.orig/crypto/ec/ec_local.h 2020-03-20 13:03:13.823258089 +0100
+++ openssl-1.1.1e/crypto/ec/ec_local.h 2020-03-20 13:03:17.251276075 +0100
@@ -179,6 +179,14 @@ struct ec_method_st {
/* custom ECDH operation */
int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen,
@ -74,13 +74,13 @@ Index: openssl-1.1.1d/crypto/ec/ec_lcl.h
int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
const uint8_t public_key[32], const uint8_t private_key[32]);
Index: openssl-1.1.1d/crypto/ec/ecdsa_ossl.c
Index: openssl-1.1.1e/crypto/ec/ecdsa_ossl.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecdsa_ossl.c
+++ openssl-1.1.1d/crypto/ec/ecdsa_ossl.c
--- openssl-1.1.1e.orig/crypto/ec/ecdsa_ossl.c 2020-03-20 13:03:13.823258089 +0100
+++ openssl-1.1.1e/crypto/ec/ecdsa_ossl.c 2020-03-20 13:03:54.463471314 +0100
@@ -14,6 +14,41 @@
#include "internal/bn_int.h"
#include "ec_lcl.h"
#include "crypto/bn.h"
#include "ec_local.h"
+int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp)
@ -359,10 +359,10 @@ Index: openssl-1.1.1d/crypto/ec/ecdsa_ossl.c
goto err;
}
/* if the signature is correct u1 is equal to sig->r */
Index: openssl-1.1.1d/crypto/ec/ecp_mont.c
Index: openssl-1.1.1e/crypto/ec/ecp_mont.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecp_mont.c
+++ openssl-1.1.1d/crypto/ec/ecp_mont.c
--- openssl-1.1.1e.orig/crypto/ec/ecp_mont.c 2020-03-20 13:03:13.823258089 +0100
+++ openssl-1.1.1e/crypto/ec/ecp_mont.c 2020-03-20 13:03:17.251276075 +0100
@@ -63,6 +63,9 @@ const EC_METHOD *EC_GFp_mont_method(void
0, /* keycopy */
0, /* keyfinish */
@ -373,10 +373,10 @@ Index: openssl-1.1.1d/crypto/ec/ecp_mont.c
0, /* field_inverse_mod_ord */
ec_GFp_simple_blind_coordinates,
ec_GFp_simple_ladder_pre,
Index: openssl-1.1.1d/crypto/ec/ecp_nist.c
Index: openssl-1.1.1e/crypto/ec/ecp_nist.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecp_nist.c
+++ openssl-1.1.1d/crypto/ec/ecp_nist.c
--- openssl-1.1.1e.orig/crypto/ec/ecp_nist.c 2020-03-20 13:03:13.827258110 +0100
+++ openssl-1.1.1e/crypto/ec/ecp_nist.c 2020-03-20 13:03:17.251276075 +0100
@@ -65,6 +65,9 @@ const EC_METHOD *EC_GFp_nist_method(void
0, /* keycopy */
0, /* keyfinish */
@ -387,10 +387,10 @@ Index: openssl-1.1.1d/crypto/ec/ecp_nist.c
0, /* field_inverse_mod_ord */
ec_GFp_simple_blind_coordinates,
ec_GFp_simple_ladder_pre,
Index: openssl-1.1.1d/crypto/ec/ecp_nistp224.c
Index: openssl-1.1.1e/crypto/ec/ecp_nistp224.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp224.c
+++ openssl-1.1.1d/crypto/ec/ecp_nistp224.c
--- openssl-1.1.1e.orig/crypto/ec/ecp_nistp224.c 2020-03-20 13:03:13.827258110 +0100
+++ openssl-1.1.1e/crypto/ec/ecp_nistp224.c 2020-03-20 13:03:17.251276075 +0100
@@ -291,6 +291,9 @@ const EC_METHOD *EC_GFp_nistp224_method(
ec_key_simple_generate_public_key,
0, /* keycopy */
@ -401,11 +401,11 @@ Index: openssl-1.1.1d/crypto/ec/ecp_nistp224.c
ecdh_simple_compute_key,
0, /* field_inverse_mod_ord */
0, /* blind_coordinates */
Index: openssl-1.1.1d/crypto/ec/ecp_nistp256.c
Index: openssl-1.1.1e/crypto/ec/ecp_nistp256.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp256.c
+++ openssl-1.1.1d/crypto/ec/ecp_nistp256.c
@@ -1809,6 +1809,9 @@ const EC_METHOD *EC_GFp_nistp256_method(
--- openssl-1.1.1e.orig/crypto/ec/ecp_nistp256.c 2020-03-20 13:03:13.827258110 +0100
+++ openssl-1.1.1e/crypto/ec/ecp_nistp256.c 2020-03-20 13:03:17.251276075 +0100
@@ -1829,6 +1829,9 @@ const EC_METHOD *EC_GFp_nistp256_method(
0, /* keycopy */
0, /* keyfinish */
ecdh_simple_compute_key,
@ -415,11 +415,11 @@ Index: openssl-1.1.1d/crypto/ec/ecp_nistp256.c
0, /* field_inverse_mod_ord */
0, /* blind_coordinates */
0, /* ladder_pre */
Index: openssl-1.1.1d/crypto/ec/ecp_nistp521.c
Index: openssl-1.1.1e/crypto/ec/ecp_nistp521.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp521.c
+++ openssl-1.1.1d/crypto/ec/ecp_nistp521.c
@@ -1651,6 +1651,9 @@ const EC_METHOD *EC_GFp_nistp521_method(
--- openssl-1.1.1e.orig/crypto/ec/ecp_nistp521.c 2020-03-20 13:03:13.827258110 +0100
+++ openssl-1.1.1e/crypto/ec/ecp_nistp521.c 2020-03-20 13:03:17.251276075 +0100
@@ -1669,6 +1669,9 @@ const EC_METHOD *EC_GFp_nistp521_method(
0, /* keycopy */
0, /* keyfinish */
ecdh_simple_compute_key,
@ -429,11 +429,11 @@ Index: openssl-1.1.1d/crypto/ec/ecp_nistp521.c
0, /* field_inverse_mod_ord */
0, /* blind_coordinates */
0, /* ladder_pre */
Index: openssl-1.1.1d/crypto/ec/ecp_nistz256.c
Index: openssl-1.1.1e/crypto/ec/ecp_nistz256.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistz256.c
+++ openssl-1.1.1d/crypto/ec/ecp_nistz256.c
@@ -1689,6 +1689,9 @@ const EC_METHOD *EC_GFp_nistz256_method(
--- openssl-1.1.1e.orig/crypto/ec/ecp_nistz256.c 2020-03-20 13:03:13.827258110 +0100
+++ openssl-1.1.1e/crypto/ec/ecp_nistz256.c 2020-03-20 13:03:17.251276075 +0100
@@ -1720,6 +1720,9 @@ const EC_METHOD *EC_GFp_nistz256_method(
0, /* keycopy */
0, /* keyfinish */
ecdh_simple_compute_key,
@ -443,10 +443,10 @@ Index: openssl-1.1.1d/crypto/ec/ecp_nistz256.c
ecp_nistz256_inv_mod_ord, /* can be #define-d NULL */
0, /* blind_coordinates */
0, /* ladder_pre */
Index: openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
Index: openssl-1.1.1e/crypto/ec/ecp_s390x_nistp.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecp_s390x_nistp.c
+++ openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
--- openssl-1.1.1e.orig/crypto/ec/ecp_s390x_nistp.c 2020-03-20 13:03:13.827258110 +0100
+++ openssl-1.1.1e/crypto/ec/ecp_s390x_nistp.c 2020-03-20 13:03:17.251276075 +0100
@@ -175,6 +175,9 @@ const EC_METHOD *EC_GFp_s390x_nistp##bit
NULL, /* keycopy */ \
NULL, /* keyfinish */ \
@ -457,10 +457,10 @@ Index: openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
NULL, /* field_inverse_mod_ord */ \
ec_GFp_simple_blind_coordinates, \
ec_GFp_simple_ladder_pre, \
Index: openssl-1.1.1d/crypto/ec/ecp_smpl.c
Index: openssl-1.1.1e/crypto/ec/ecp_smpl.c
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ecp_smpl.c
+++ openssl-1.1.1d/crypto/ec/ecp_smpl.c
--- openssl-1.1.1e.orig/crypto/ec/ecp_smpl.c 2020-03-20 13:03:13.827258110 +0100
+++ openssl-1.1.1e/crypto/ec/ecp_smpl.c 2020-03-20 13:03:17.251276075 +0100
@@ -64,6 +64,9 @@ const EC_METHOD *EC_GFp_simple_method(vo
0, /* keycopy */
0, /* keyfinish */
@ -471,10 +471,10 @@ Index: openssl-1.1.1d/crypto/ec/ecp_smpl.c
0, /* field_inverse_mod_ord */
ec_GFp_simple_blind_coordinates,
ec_GFp_simple_ladder_pre,
Index: openssl-1.1.1d/crypto/err/openssl.txt
Index: openssl-1.1.1e/crypto/err/openssl.txt
===================================================================
--- openssl-1.1.1d.orig/crypto/err/openssl.txt
+++ openssl-1.1.1d/crypto/err/openssl.txt
--- openssl-1.1.1e.orig/crypto/err/openssl.txt 2020-03-20 13:03:13.831258131 +0100
+++ openssl-1.1.1e/crypto/err/openssl.txt 2020-03-20 13:03:17.251276075 +0100
@@ -496,6 +496,9 @@ EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex
EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup
EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new
@ -493,7 +493,7 @@ Index: openssl-1.1.1d/crypto/err/openssl.txt
EC_F_OSSL_ECDSA_SIGN_SIG:249:ossl_ecdsa_sign_sig
EC_F_OSSL_ECDSA_VERIFY_SIG:250:ossl_ecdsa_verify_sig
EC_F_PKEY_ECD_CTRL:271:pkey_ecd_ctrl
@@ -2130,6 +2134,7 @@ EC_R_BUFFER_TOO_SMALL:100:buffer too sma
@@ -2133,6 +2137,7 @@ EC_R_BUFFER_TOO_SMALL:100:buffer too sma
EC_R_CANNOT_INVERT:165:cannot invert
EC_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range
EC_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh
@ -501,10 +501,10 @@ Index: openssl-1.1.1d/crypto/err/openssl.txt
EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
EC_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure
EC_R_DECODE_ERROR:142:decode error
Index: openssl-1.1.1d/include/openssl/ecerr.h
Index: openssl-1.1.1e/include/openssl/ecerr.h
===================================================================
--- openssl-1.1.1d.orig/include/openssl/ecerr.h
+++ openssl-1.1.1d/include/openssl/ecerr.h
--- openssl-1.1.1e.orig/include/openssl/ecerr.h 2020-03-20 13:03:13.831258131 +0100
+++ openssl-1.1.1e/include/openssl/ecerr.h 2020-03-20 13:03:17.251276075 +0100
@@ -41,6 +41,9 @@ int ERR_load_EC_strings(void);
# define EC_F_ECDSA_SIGN_EX 254
# define EC_F_ECDSA_SIGN_SETUP 248
@ -515,7 +515,7 @@ Index: openssl-1.1.1d/include/openssl/ecerr.h
# define EC_F_ECDSA_VERIFY 253
# define EC_F_ECD_ITEM_VERIFY 270
# define EC_F_ECKEY_PARAM2TYPE 223
@@ -185,6 +186,7 @@ int ERR_load_EC_strings(void);
@@ -185,6 +188,7 @@ int ERR_load_EC_strings(void);
# define EC_F_O2I_ECPUBLICKEY 152
# define EC_F_OLD_EC_PRIV_DECODE 222
# define EC_F_OSSL_ECDH_COMPUTE_KEY 247
@ -523,7 +523,7 @@ Index: openssl-1.1.1d/include/openssl/ecerr.h
# define EC_F_OSSL_ECDSA_SIGN_SIG 249
# define EC_F_OSSL_ECDSA_VERIFY_SIG 250
# define EC_F_PKEY_ECD_CTRL 271
@@ -212,6 +214,7 @@ int ERR_load_EC_strings(void);
@@ -212,6 +216,7 @@ int ERR_load_EC_strings(void);
# define EC_R_CANNOT_INVERT 165
# define EC_R_COORDINATES_OUT_OF_RANGE 146
# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160

View File

@ -14,7 +14,7 @@ Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
---
crypto/ec/build.info | 3 +-
crypto/ec/ec_curve.c | 42 +++++---
crypto/ec/ec_lcl.h | 5 +
crypto/ec/ec_local.h | 5 +
crypto/ec/ecp_s390x_nistp.c | 197 ++++++++++++++++++++++++++++++++++++
4 files changed, 234 insertions(+), 13 deletions(-)
create mode 100644 crypto/ec/ecp_s390x_nistp.c
@ -65,10 +65,10 @@ Index: openssl-1.1.1d/crypto/ec/ec_curve.c
#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp256_method,
#else
Index: openssl-1.1.1d/crypto/ec/ec_lcl.h
Index: openssl-1.1.1d/crypto/ec/ec_local.h
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ec_lcl.h
+++ openssl-1.1.1d/crypto/ec/ec_lcl.h
--- openssl-1.1.1d.orig/crypto/ec/ec_local.h
+++ openssl-1.1.1d/crypto/ec/ec_local.h
@@ -587,6 +587,11 @@ int ec_group_simple_order_bits(const EC_
*/
const EC_METHOD *EC_GFp_nistz256_method(void);
@ -98,7 +98,7 @@ Index: openssl-1.1.1d/crypto/ec/ecp_s390x_nistp.c
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/err.h>
+#include "ec_lcl.h"
+#include "ec_local.h"
+#include "s390x_arch.h"
+
+/* Size of parameter blocks */

View File

@ -1,7 +1,7 @@
Index: openssl-1.1.1d/crypto/fips/drbgtest.c
Index: openssl-1.1.1e/crypto/fips/drbgtest.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/crypto/fips/drbgtest.c 2020-02-26 19:21:37.798616477 +0100
+++ openssl-1.1.1e/crypto/fips/drbgtest.c 2020-03-20 14:15:42.114115340 +0100
@@ -0,0 +1,1178 @@
+/*
+ * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
@ -20,8 +20,8 @@ Index: openssl-1.1.1d/crypto/fips/drbgtest.c
+#include <openssl/obj_mac.h>
+#include <openssl/evp.h>
+#include <openssl/aes.h>
+#include "../crypto/rand/rand_lcl.h"
+#include "../crypto/include/internal/rand_int.h"
+#include "../crypto/rand/rand_local.h"
+#include "../include/crypto/rand.h"
+
+#if defined(_WIN32)
+# include <windows.h>
@ -1181,10 +1181,10 @@ Index: openssl-1.1.1d/crypto/fips/drbgtest.c
+ return 1;
+}
+
Index: openssl-1.1.1d/crypto/fips/drbgtest.h
Index: openssl-1.1.1e/crypto/fips/drbgtest.h
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1d/crypto/fips/drbgtest.h 2020-02-26 14:33:10.746715249 +0100
+++ openssl-1.1.1e/crypto/fips/drbgtest.h 2020-03-20 14:15:42.114115340 +0100
@@ -0,0 +1,579 @@
+/*
+ * Copyright 2011-2017 The OpenSSL Project Authors. All Rights Reserved.
@ -1765,10 +1765,10 @@ Index: openssl-1.1.1d/crypto/fips/drbgtest.h
+ 0xef, 0xd2, 0xd8, 0x5c, 0xdc, 0x62, 0x25, 0x9f, 0xaa, 0x1e, 0x2c, 0x67,
+ 0xf6, 0x02, 0x32, 0xe2
+};
Index: openssl-1.1.1d/crypto/fips/fips_post.c
Index: openssl-1.1.1e/crypto/fips/fips_post.c
===================================================================
--- openssl-1.1.1d.orig/crypto/fips/fips_post.c 2020-02-26 14:33:10.438713461 +0100
+++ openssl-1.1.1d/crypto/fips/fips_post.c 2020-02-26 16:44:09.488165757 +0100
--- openssl-1.1.1e.orig/crypto/fips/fips_post.c 2020-03-20 14:15:40.018104341 +0100
+++ openssl-1.1.1e/crypto/fips/fips_post.c 2020-03-20 14:15:42.114115340 +0100
@@ -51,7 +51,6 @@
#include <openssl/crypto.h>
@ -1777,22 +1777,10 @@ Index: openssl-1.1.1d/crypto/fips/fips_post.c
#include <openssl/err.h>
#include <openssl/bio.h>
#include <openssl/hmac.h>
Index: openssl-1.1.1d/crypto/rand/rand_lib.c
Index: openssl-1.1.1e/crypto/fips/build.info
===================================================================
--- openssl-1.1.1d.orig/crypto/rand/rand_lib.c 2020-02-26 14:33:10.442713484 +0100
+++ openssl-1.1.1d/crypto/rand/rand_lib.c 2020-02-26 16:43:50.992058552 +0100
@@ -18,7 +18,6 @@
#include "e_os.h"
#ifdef OPENSSL_FIPS
# include <openssl/fips.h>
-# include <openssl/fips_rand.h>
#endif
#ifndef OPENSSL_NO_ENGINE
Index: openssl-1.1.1d/crypto/fips/build.info
===================================================================
--- openssl-1.1.1d.orig/crypto/fips/build.info 2020-02-26 16:41:37.415284331 +0100
+++ openssl-1.1.1d/crypto/fips/build.info 2020-02-26 16:42:55.943739496 +0100
--- openssl-1.1.1e.orig/crypto/fips/build.info 2020-03-20 14:15:40.018104341 +0100
+++ openssl-1.1.1e/crypto/fips/build.info 2020-03-20 14:15:42.114115340 +0100
@@ -2,7 +2,7 @@ LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c \
@ -1802,10 +1790,10 @@ Index: openssl-1.1.1d/crypto/fips/build.info
fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
fips_dh_selftest.c fips_ers.c
Index: openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c
Index: openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c
===================================================================
--- openssl-1.1.1d.orig/crypto/fips/fips_drbg_selftest.c 2020-02-26 16:41:37.415284331 +0100
+++ openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c 2020-02-26 16:42:55.943739496 +0100
--- openssl-1.1.1e.orig/crypto/fips/fips_drbg_selftest.c 2020-03-20 14:15:40.018104341 +0100
+++ openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c 2020-03-20 14:15:42.114115340 +0100
@@ -774,6 +774,7 @@ int FIPS_drbg_health_check(DRBG_CTX *dct
return rv;
}
@ -1822,10 +1810,10 @@ Index: openssl-1.1.1d/crypto/fips/fips_drbg_selftest.c
int FIPS_selftest_drbg_all(void)
{
Index: openssl-1.1.1d/crypto/fips/fips.c
Index: openssl-1.1.1e/crypto/fips/fips.c
===================================================================
--- openssl-1.1.1d.orig/crypto/fips/fips.c 2020-02-26 14:33:10.642714645 +0100
+++ openssl-1.1.1d/crypto/fips/fips.c 2020-02-26 16:44:16.508206446 +0100
--- openssl-1.1.1e.orig/crypto/fips/fips.c 2020-03-20 14:15:40.018104341 +0100
+++ openssl-1.1.1e/crypto/fips/fips.c 2020-03-20 14:15:42.114115340 +0100
@@ -50,7 +50,6 @@
#define _GNU_SOURCE

View File

@ -15,16 +15,16 @@ Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
crypto/err/openssl.txt | 2 +
2 files changed, 200 insertions(+), 4 deletions(-)
diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
index 0b03d7fd04..be81f0b8f0 100644
--- a/crypto/ec/ecp_s390x_nistp.c
+++ b/crypto/ec/ecp_s390x_nistp.c
Index: openssl-1.1.1e/crypto/ec/ecp_s390x_nistp.c
===================================================================
--- openssl-1.1.1e.orig/crypto/ec/ecp_s390x_nistp.c 2020-03-20 13:13:44.618571104 +0100
+++ openssl-1.1.1e/crypto/ec/ecp_s390x_nistp.c 2020-03-20 13:14:20.398759363 +0100
@@ -10,6 +10,7 @@
#include <stdlib.h>
#include <string.h>
#include <openssl/err.h>
+#include <openssl/rand.h>
#include "ec_lcl.h"
#include "ec_local.h"
#include "s390x_arch.h"
@@ -28,6 +29,15 @@
@ -207,7 +207,7 @@ index 0b03d7fd04..be81f0b8f0 100644
#define EC_GFP_S390X_NISTP_METHOD(bits) \
\
static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \
@@ -122,6 +289,29 @@ static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \
@@ -122,6 +289,29 @@ static int ec_GFp_s390x_nistp##bits##_mu
S390X_SIZE_P##bits); \
} \
\
@ -237,7 +237,7 @@ index 0b03d7fd04..be81f0b8f0 100644
const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \
{ \
static const EC_METHOD EC_GFp_s390x_nistp##bits##_meth = { \
@@ -176,8 +366,8 @@ const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \
@@ -176,8 +366,8 @@ const EC_METHOD *EC_GFp_s390x_nistp##bit
NULL, /* keyfinish */ \
ecdh_simple_compute_key, \
ecdsa_simple_sign_setup, \
@ -248,7 +248,7 @@ index 0b03d7fd04..be81f0b8f0 100644
NULL, /* field_inverse_mod_ord */ \
ec_GFp_simple_blind_coordinates, \
ec_GFp_simple_ladder_pre, \
@@ -186,8 +376,12 @@ const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \
@@ -186,8 +376,12 @@ const EC_METHOD *EC_GFp_s390x_nistp##bit
}; \
static const EC_METHOD *ret; \
\
@ -263,11 +263,11 @@ index 0b03d7fd04..be81f0b8f0 100644
ret = &EC_GFp_s390x_nistp##bits##_meth; \
else \
ret = EC_GFp_mont_method(); \
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 035bd729f3..5d5981035c 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -554,6 +554,8 @@ EC_F_ECDSA_VERIFY:253:ECDSA_verify
Index: openssl-1.1.1e/crypto/err/openssl.txt
===================================================================
--- openssl-1.1.1e.orig/crypto/err/openssl.txt 2020-03-20 13:13:44.618571104 +0100
+++ openssl-1.1.1e/crypto/err/openssl.txt 2020-03-20 13:14:02.446664907 +0100
@@ -499,6 +499,8 @@ EC_F_ECDSA_VERIFY:253:ECDSA_verify
EC_F_ECDSA_SIMPLE_SIGN_SETUP:310:ecdsa_simple_sign_setup
EC_F_ECDSA_SIMPLE_SIGN_SIG:311:ecdsa_simple_sign_sig
EC_F_ECDSA_SIMPLE_VERIFY_SIG:312:ecdsa_simple_verify_sig
@ -276,6 +276,3 @@ index 035bd729f3..5d5981035c 100644
EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
--
2.24.0

View File

@ -16,7 +16,7 @@ Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/dsa/dsa_pmeth.c | 7 +-
crypto/ec/build.info | 2 +-
crypto/ec/ec_curve.c | 12 +-
crypto/ec/ec_lcl.h | 2 +-
crypto/ec/ec_local.h | 2 +-
crypto/ec/ec_pmeth.c | 7 +-
crypto/ec/ecx_meth.c | 672 +++++++++++++++++++++++++++++-
crypto/err/openssl.txt | 6 +
@ -122,10 +122,10 @@ Index: openssl-1.1.1d/crypto/ec/ec_curve.c
EC_GFp_s390x_nistp256_method,
#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp256_method,
Index: openssl-1.1.1d/crypto/ec/ec_lcl.h
Index: openssl-1.1.1d/crypto/ec/ec_local.h
===================================================================
--- openssl-1.1.1d.orig/crypto/ec/ec_lcl.h
+++ openssl-1.1.1d/crypto/ec/ec_lcl.h
--- openssl-1.1.1d.orig/crypto/ec/ec_local.h
+++ openssl-1.1.1d/crypto/ec/ec_local.h
@@ -595,7 +595,7 @@ int ec_group_simple_order_bits(const EC_
*/
const EC_METHOD *EC_GFp_nistz256_method(void);
@ -938,7 +938,7 @@ Index: openssl-1.1.1d/crypto/evp/pmeth_lib.c
--- openssl-1.1.1d.orig/crypto/evp/pmeth_lib.c
+++ openssl-1.1.1d/crypto/evp/pmeth_lib.c
@@ -17,60 +17,67 @@
#include "internal/evp_int.h"
#include "crypto/evp.h"
#include "internal/numbers.h"
+typedef const EVP_PKEY_METHOD *(*pmeth_fn)(void);
@ -1068,10 +1068,10 @@ Index: openssl-1.1.1d/crypto/evp/pmeth_lib.c
if (app_pkey_methods == NULL)
return NULL;
idx -= OSSL_NELEM(standard_methods);
Index: openssl-1.1.1d/crypto/include/internal/evp_int.h
Index: openssl-1.1.1d/include/crypto/evp.h
===================================================================
--- openssl-1.1.1d.orig/crypto/include/internal/evp_int.h
+++ openssl-1.1.1d/crypto/include/internal/evp_int.h
--- openssl-1.1.1d.orig/include/crypto/evp.h
+++ openssl-1.1.1d/include/crypto/evp.h
@@ -93,24 +93,24 @@ DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);

View File

@ -19,10 +19,10 @@ Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/s390xcpuid.pl | 31 ++-
3 files changed, 556 insertions(+), 13 deletions(-)
Index: openssl-1.1.1d/crypto/s390x_arch.h
Index: openssl-1.1.1e/crypto/s390x_arch.h
===================================================================
--- openssl-1.1.1d.orig/crypto/s390x_arch.h
+++ openssl-1.1.1d/crypto/s390x_arch.h
--- openssl-1.1.1e.orig/crypto/s390x_arch.h 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/s390x_arch.h 2020-03-20 17:29:30.459520742 +0100
@@ -49,6 +49,9 @@ struct OPENSSL_s390xcap_st {
extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
@ -75,15 +75,15 @@ Index: openssl-1.1.1d/crypto/s390x_arch.h
# define S390X_TRNG 114
/* Register 0 Flags */
Index: openssl-1.1.1d/crypto/s390xcap.c
Index: openssl-1.1.1e/crypto/s390xcap.c
===================================================================
--- openssl-1.1.1d.orig/crypto/s390xcap.c
+++ openssl-1.1.1d/crypto/s390xcap.c
--- openssl-1.1.1e.orig/crypto/s390xcap.c 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/s390xcap.c 2020-03-20 17:29:58.011664305 +0100
@@ -13,15 +13,51 @@
#include <setjmp.h>
#include <signal.h>
#include "internal/cryptlib.h"
+#include "internal/ctype.h"
+#include "crypto/ctype.h"
#include "s390x_arch.h"
+#define LEN 128
@ -636,10 +636,10 @@ Index: openssl-1.1.1d/crypto/s390xcap.c
+ free(buff);
+ return rc;
}
Index: openssl-1.1.1d/crypto/s390xcpuid.pl
Index: openssl-1.1.1e/crypto/s390xcpuid.pl
===================================================================
--- openssl-1.1.1d.orig/crypto/s390xcpuid.pl
+++ openssl-1.1.1d/crypto/s390xcpuid.pl
--- openssl-1.1.1e.orig/crypto/s390xcpuid.pl 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/s390xcpuid.pl 2020-03-20 17:29:30.459520742 +0100
@@ -38,7 +38,26 @@ OPENSSL_s390x_facilities:
stg %r0,S390X_STFLE+8(%r4) # wipe capability vectors
stg %r0,S390X_STFLE+16(%r4)

View File

@ -6,7 +6,7 @@ Index: openssl-1.1.1d/crypto/ec/ecx_meth.c
#ifdef S390X_EC_ASM
# include "s390x_arch.h"
+# include "internal/constant_time_locl.h"
+# include "internal/constant_time.h"
static void s390x_x25519_mod_p(unsigned char u[32])
{
@ -61,10 +61,10 @@ Index: openssl-1.1.1d/crypto/ec/ecx_meth.c
s390x_flip_endian64(param.x448.d_src, param.x448.d_src);
param.x448.d_src[63] &= 252;
Index: openssl-1.1.1d/include/internal/constant_time_locl.h
Index: openssl-1.1.1d/include/internal/constant_timeh
===================================================================
--- openssl-1.1.1d.orig/include/internal/constant_time_locl.h
+++ openssl-1.1.1d/include/internal/constant_time_locl.h
--- openssl-1.1.1d.orig/include/internal/constant_time.h
+++ openssl-1.1.1d/include/internal/constant_time.h
@@ -353,6 +353,34 @@ static ossl_inline void constant_time_co
}

View File

@ -0,0 +1,15 @@
Index: openssl-1.1.1d/apps/dgst.c
===================================================================
--- openssl-1.1.1d.orig/apps/dgst.c 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/apps/dgst.c 2020-03-20 11:20:27.618536409 +0100
@@ -95,6 +95,10 @@ int dgst_main(int argc, char **argv)
prog = opt_progname(argv[0]);
buf = app_malloc(BUFSIZE, "I/O buffer");
md = EVP_get_digestbyname(prog);
+ if (md == NULL && strcmp(prog, "dgst") != 0) {
+ BIO_printf(bio_err, "%s is not a known digest\n", prog);
+ goto end;
+ }
prog = opt_init(argc, argv, dgst_options);
while ((o = opt_next()) != OPT_EOF) {