testing/openssl
SHA256
3
0
Fork 0
forked from pool/openssl
Code Pull Requests Activity

Accepting request 430498 from Base:System

Browse Source 
- update to openssl-1.0.2j
  * Missing CRL sanity check (CVE-2016-7052 bsc#1001148)

- OpenSSL Security Advisory [22 Sep 2016] (bsc#999665)
  Severity: High
  * OCSP Status Request extension unbounded memory growth
    (CVE-2016-6304) (bsc#999666)
  Severity: Low
  * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575)
  * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249)
  * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844)
  * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419)
  * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749)
  * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819)
  * Birthday attack against 64-bit block ciphers (SWEET32)
    (CVE-2016-2183) (bsc#995359)
  * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324)
  * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377)
  * Certificate message OOB reads (CVE-2016-6306) (bsc#999668)
- update to openssl-1.0.2i
  * remove patches:
    openssl-1.0.2a-new-fips-reqs.patch
    openssl-1.0.2e-fips.patch
  * add patches:
    openssl-1.0.2i-fips.patch
    openssl-1.0.2i-new-fips-reqs.patch

- fix crash in print_notice (bsc#998190)
  * add openssl-print_notice-NULL_crash.patch

OBS-URL: https://build.opensuse.org/request/show/430498
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=133
This commit is contained in:
Dominique Leuenberger 2016-09-28 13:03:33 +00:00 committed by Git OBS Bridge
parent fa61203f41
commit 6a01eea162
12 changed files with 646 additions and 694 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
View File

@ -4,10 +4,10 @@ Date: Sun, 4 May 2014 23:36:54 -0400
Subject: [PATCH] Axe builtin printf implementation, use glibc instead
Index: openssl-1.0.2g/crypto/bio/b_print.c
Index: openssl-1.0.2i/crypto/bio/b_print.c
===================================================================
--- openssl-1.0.2g.orig/crypto/bio/b_print.c 2016-03-01 14:35:05.000000000 +0100
+++ openssl-1.0.2g/crypto/bio/b_print.c 2016-03-01 15:26:55.597307479 +0100
--- openssl-1.0.2i.orig/crypto/bio/b_print.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/bio/b_print.c 2016-09-23 10:18:39.805097010 +0200
@@ -56,17 +56,10 @@
* [including the GNU Public Licence.]
*/
@ -28,7 +28,7 @@ Index: openssl-1.0.2g/crypto/bio/b_print.c
#include <stdio.h>
#include <string.h>
#include <ctype.h>
@@ -79,708 +72,6 @@
@@ -79,714 +72,6 @@
#include <openssl/bn.h> /* To get BN_LLONG properly defined */
#include <openssl/bio.h>
@ -376,9 +376,15 @@ Index: openssl-1.0.2g/crypto/bio/b_print.c
- break;
- }
- }
- *truncated = (currlen > *maxlen - 1);
- if (*truncated)
- currlen = *maxlen - 1;
- /*
- * We have to truncate if there is no dynamic buffer and we have filled the
- * static buffer.
- */
- if (buffer == NULL) {
- *truncated = (currlen > *maxlen - 1);
- if (*truncated)
- currlen = *maxlen - 1;
- }
- if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
- return 0;
- *retlen = currlen - 1;
@ -737,7 +743,7 @@ Index: openssl-1.0.2g/crypto/bio/b_print.c
int BIO_printf(BIO *bio, const char *format, ...)
{
va_list args;
@@ -794,32 +85,36 @@ int BIO_printf(BIO *bio, const char *for
@@ -800,32 +85,36 @@ int BIO_printf(BIO *bio, const char *for
return (ret);
}
@ -797,7 +803,7 @@ Index: openssl-1.0.2g/crypto/bio/b_print.c
return (ret);
}
@@ -835,29 +130,21 @@ int BIO_snprintf(char *buf, size_t n, co
@@ -841,29 +130,21 @@ int BIO_snprintf(char *buf, size_t n, co
int ret;
va_start(args, format);

316
0001-libcrypto-Hide-library-private-symbols.patch
View File

@ -37,10 +37,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
crypto/x509v3/pcy_int.h | 3 +++
31 files changed, 85 insertions(+), 17 deletions(-)
Index: openssl-1.0.2b/apps/Makefile
Index: openssl-1.0.2i/apps/Makefile
===================================================================
--- openssl-1.0.2b.orig/apps/Makefile 2015-06-11 15:55:38.000000000 +0200
+++ openssl-1.0.2b/apps/Makefile 2015-06-11 17:50:03.669860202 +0200
--- openssl-1.0.2i.orig/apps/Makefile 2016-09-22 12:24:52.000000000 +0200
+++ openssl-1.0.2i/apps/Makefile 2016-09-23 10:20:47.883004040 +0200
@@ -20,7 +20,7 @@ EXE_EXT=
SHLIB_TARGET=
@ -50,10 +50,10 @@ Index: openssl-1.0.2b/apps/Makefile
GENERAL=Makefile makeapps.com install.com
Index: openssl-1.0.2b/crypto/asn1/asn1_locl.h
Index: openssl-1.0.2i/crypto/asn1/asn1_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/asn1/asn1_locl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/asn1/asn1_locl.h 2015-06-11 17:50:03.670860215 +0200
--- openssl-1.0.2i.orig/crypto/asn1/asn1_locl.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/asn1/asn1_locl.h 2016-09-23 10:20:47.883004040 +0200
@@ -62,6 +62,8 @@
int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d);
int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d);
@ -69,10 +69,10 @@ Index: openssl-1.0.2b/crypto/asn1/asn1_locl.h
};
+
+#pragma GCC visibility pop
Index: openssl-1.0.2b/crypto/bn/bn_lcl.h
Index: openssl-1.0.2i/crypto/bn/bn_lcl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/bn/bn_lcl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/bn/bn_lcl.h 2015-06-11 17:50:03.670860215 +0200
--- openssl-1.0.2i.orig/crypto/bn/bn_lcl.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/bn/bn_lcl.h 2016-09-23 10:20:47.883004040 +0200
@@ -505,6 +505,8 @@ unsigned __int64 _umul128(unsigned __int
# undef bn_div_words
# endif
@ -91,10 +91,10 @@ Index: openssl-1.0.2b/crypto/bn/bn_lcl.h
#ifdef __cplusplus
}
#endif
Index: openssl-1.0.2b/crypto/cast/cast_lcl.h
Index: openssl-1.0.2i/crypto/cast/cast_lcl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/cast/cast_lcl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/cast/cast_lcl.h 2015-06-11 17:50:03.670860215 +0200
--- openssl-1.0.2i.orig/crypto/cast/cast_lcl.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/cast/cast_lcl.h 2016-09-23 10:20:47.883004040 +0200
@@ -217,6 +217,7 @@
}
#endif
@ -108,10 +108,10 @@ Index: openssl-1.0.2b/crypto/cast/cast_lcl.h
extern const CAST_LONG CAST_S_table6[256];
extern const CAST_LONG CAST_S_table7[256];
+#pragma GCC visibility pop
Index: openssl-1.0.2b/crypto/cms/cms_lcl.h
Index: openssl-1.0.2i/crypto/cms/cms_lcl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/cms/cms_lcl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/cms/cms_lcl.h 2015-06-11 17:50:03.670860215 +0200
--- openssl-1.0.2i.orig/crypto/cms/cms_lcl.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/cms/cms_lcl.h 2016-09-23 10:20:47.883004040 +0200
@@ -410,6 +410,8 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerA
# define CMS_OIK_KEYIDENTIFIER 1
# define CMS_OIK_PUBKEY 2
@ -130,10 +130,10 @@ Index: openssl-1.0.2b/crypto/cms/cms_lcl.h
#ifdef __cplusplus
}
#endif
Index: openssl-1.0.2b/crypto/des/des_locl.h
Index: openssl-1.0.2i/crypto/des/des_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/des/des_locl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/des/des_locl.h 2015-06-11 17:50:03.670860215 +0200
--- openssl-1.0.2i.orig/crypto/des/des_locl.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/des/des_locl.h 2016-09-23 10:20:47.883004040 +0200
@@ -432,10 +432,12 @@
PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
}
@ -147,10 +147,10 @@ Index: openssl-1.0.2b/crypto/des/des_locl.h
# ifdef OPENSSL_SMALL_FOOTPRINT
# undef DES_UNROLL
Index: openssl-1.0.2b/crypto/dsa/dsa_locl.h
Index: openssl-1.0.2i/crypto/dsa/dsa_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/dsa/dsa_locl.h 2015-06-11 17:41:59.488534507 +0200
+++ openssl-1.0.2b/crypto/dsa/dsa_locl.h 2015-06-11 17:50:03.670860215 +0200
--- openssl-1.0.2i.orig/crypto/dsa/dsa_locl.h 2016-09-23 10:20:47.695001240 +0200
+++ openssl-1.0.2i/crypto/dsa/dsa_locl.h 2016-09-23 10:20:47.883004040 +0200
@@ -58,7 +58,7 @@ int dsa_builtin_paramgen(DSA *ret, size_
const EVP_MD *evpmd, const unsigned char *seed_in,
size_t seed_len,
@ -160,10 +160,10 @@ Index: openssl-1.0.2b/crypto/dsa/dsa_locl.h
int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
const EVP_MD *evpmd, const unsigned char *seed_in,
Index: openssl-1.0.2b/crypto/ec/ec_lcl.h
Index: openssl-1.0.2i/crypto/ec/ec_lcl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/ec/ec_lcl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/ec/ec_lcl.h 2015-06-11 17:50:03.671860227 +0200
--- openssl-1.0.2i.orig/crypto/ec/ec_lcl.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/ec/ec_lcl.h 2016-09-23 10:20:47.887004099 +0200
@@ -89,6 +89,8 @@
* change in future versions.
*/
@ -179,10 +179,10 @@ Index: openssl-1.0.2b/crypto/ec/ec_lcl.h
#endif
+
+#pragma GCC visibility pop
Index: openssl-1.0.2b/crypto/ecdh/ech_locl.h
Index: openssl-1.0.2i/crypto/ecdh/ech_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/ecdh/ech_locl.h 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/ecdh/ech_locl.h 2015-06-11 17:50:03.671860227 +0200
--- openssl-1.0.2i.orig/crypto/ecdh/ech_locl.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/ecdh/ech_locl.h 2016-09-23 10:20:47.887004099 +0200
@@ -58,6 +58,8 @@
# include <openssl/ecdh.h>
@ -198,10 +198,10 @@ Index: openssl-1.0.2b/crypto/ecdh/ech_locl.h
+#pragma GCC visibility pop
#endif /* HEADER_ECH_LOCL_H */
Index: openssl-1.0.2b/crypto/ecdsa/ecs_locl.h
Index: openssl-1.0.2i/crypto/ecdsa/ecs_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/ecdsa/ecs_locl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/ecdsa/ecs_locl.h 2015-06-11 17:50:03.671860227 +0200
--- openssl-1.0.2i.orig/crypto/ecdsa/ecs_locl.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/ecdsa/ecs_locl.h 2016-09-23 10:20:47.887004099 +0200
@@ -61,6 +61,8 @@
# include <openssl/ecdsa.h>
@ -217,10 +217,10 @@ Index: openssl-1.0.2b/crypto/ecdsa/ecs_locl.h
+#pragma GCC visibility pop
#endif /* HEADER_ECS_LOCL_H */
Index: openssl-1.0.2b/crypto/engine/eng_int.h
Index: openssl-1.0.2i/crypto/engine/eng_int.h
===================================================================
--- openssl-1.0.2b.orig/crypto/engine/eng_int.h 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/engine/eng_int.h 2015-06-11 17:50:03.671860227 +0200
--- openssl-1.0.2i.orig/crypto/engine/eng_int.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/engine/eng_int.h 2016-09-23 10:20:47.887004099 +0200
@@ -69,6 +69,8 @@
/* Take public definitions from engine.h */
# include <openssl/engine.h>
@ -236,10 +236,10 @@ Index: openssl-1.0.2b/crypto/engine/eng_int.h
+#pragma GCC visibility pop
#endif /* HEADER_ENGINE_INT_H */
Index: openssl-1.0.2b/crypto/evp/e_aes.c
Index: openssl-1.0.2i/crypto/evp/e_aes.c
===================================================================
--- openssl-1.0.2b.orig/crypto/evp/e_aes.c 2015-06-11 17:41:59.490534533 +0200
+++ openssl-1.0.2b/crypto/evp/e_aes.c 2015-06-11 17:50:03.671860227 +0200
--- openssl-1.0.2i.orig/crypto/evp/e_aes.c 2016-09-23 10:20:47.695001240 +0200
+++ openssl-1.0.2i/crypto/evp/e_aes.c 2016-09-23 10:20:47.887004099 +0200
@@ -116,6 +116,8 @@ typedef struct {
# define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4))
@ -275,11 +275,11 @@ Index: openssl-1.0.2b/crypto/evp/e_aes.c
static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
Index: openssl-1.0.2b/crypto/evp/e_aes_cbc_hmac_sha1.c
Index: openssl-1.0.2i/crypto/evp/e_aes_cbc_hmac_sha1.c
===================================================================
--- openssl-1.0.2b.orig/crypto/evp/e_aes_cbc_hmac_sha1.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/evp/e_aes_cbc_hmac_sha1.c 2015-06-11 17:50:03.672860241 +0200
@@ -97,6 +97,8 @@ typedef struct {
--- openssl-1.0.2i.orig/crypto/evp/e_aes_cbc_hmac_sha1.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/evp/e_aes_cbc_hmac_sha1.c 2016-09-23 10:20:47.887004099 +0200
@@ -98,6 +98,8 @@ typedef struct {
extern unsigned int OPENSSL_ia32cap_P[];
# define AESNI_CAPABLE (1<<(57-32))
@ -288,7 +288,7 @@ Index: openssl-1.0.2b/crypto/evp/e_aes_cbc_hmac_sha1.c
int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key);
int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
@@ -115,6 +117,8 @@ void aesni256_cbc_sha1_dec(const void *i
@@ -116,6 +118,8 @@ void aesni256_cbc_sha1_dec(const void *i
const AES_KEY *key, unsigned char iv[16],
SHA_CTX *ctx, const void *in0);
@ -297,10 +297,10 @@ Index: openssl-1.0.2b/crypto/evp/e_aes_cbc_hmac_sha1.c
# define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data)
static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
Index: openssl-1.0.2b/crypto/evp/evp_locl.h
Index: openssl-1.0.2i/crypto/evp/evp_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/evp/evp_locl.h 2015-06-11 17:41:59.492534560 +0200
+++ openssl-1.0.2b/crypto/evp/evp_locl.h 2015-06-11 17:50:03.672860241 +0200
--- openssl-1.0.2i.orig/crypto/evp/evp_locl.h 2016-09-23 10:20:47.695001240 +0200
+++ openssl-1.0.2i/crypto/evp/evp_locl.h 2016-09-23 10:20:47.887004099 +0200
@@ -261,6 +261,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
EVP_CIPH_FLAG_DEFAULT_ASN1, \
cipher##_init_key, NULL, NULL, NULL, NULL)
@ -319,10 +319,10 @@ Index: openssl-1.0.2b/crypto/evp/evp_locl.h
#ifdef OPENSSL_FIPS
# ifdef OPENSSL_DOING_MAKEDEPEND
Index: openssl-1.0.2b/crypto/md4/md4_locl.h
Index: openssl-1.0.2i/crypto/md4/md4_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/md4/md4_locl.h 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/md4/md4_locl.h 2015-06-11 17:50:03.672860241 +0200
--- openssl-1.0.2i.orig/crypto/md4/md4_locl.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/md4/md4_locl.h 2016-09-23 10:20:47.887004099 +0200
@@ -65,7 +65,7 @@
# define MD4_LONG_LOG2 2 /* default to 32 bits */
#endif
@ -332,10 +332,10 @@ Index: openssl-1.0.2b/crypto/md4/md4_locl.h
#define DATA_ORDER_IS_LITTLE_ENDIAN
Index: openssl-1.0.2b/crypto/md5/md5_locl.h
Index: openssl-1.0.2i/crypto/md5/md5_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/md5/md5_locl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/md5/md5_locl.h 2015-06-11 17:50:03.672860241 +0200
--- openssl-1.0.2i.orig/crypto/md5/md5_locl.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/md5/md5_locl.h 2016-09-23 10:20:47.887004099 +0200
@@ -76,7 +76,7 @@
# endif
#endif
@ -345,10 +345,10 @@ Index: openssl-1.0.2b/crypto/md5/md5_locl.h
#define DATA_ORDER_IS_LITTLE_ENDIAN
Index: openssl-1.0.2b/crypto/modes/modes_lcl.h
Index: openssl-1.0.2i/crypto/modes/modes_lcl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/modes/modes_lcl.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/modes/modes_lcl.h 2015-06-11 17:50:03.672860241 +0200
--- openssl-1.0.2i.orig/crypto/modes/modes_lcl.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/modes/modes_lcl.h 2016-09-23 10:20:47.887004099 +0200
@@ -89,6 +89,9 @@ _asm mov eax, val _asm bswap eax}
# define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
# define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
@ -365,10 +365,10 @@ Index: openssl-1.0.2b/crypto/modes/modes_lcl.h
};
+
+#pragma GCC visibility pop
Index: openssl-1.0.2b/crypto/o_str.h
Index: openssl-1.0.2i/crypto/o_str.h
===================================================================
--- openssl-1.0.2b.orig/crypto/o_str.h 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/o_str.h 2015-06-11 17:50:03.672860241 +0200
--- openssl-1.0.2i.orig/crypto/o_str.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/o_str.h 2016-09-23 10:20:47.887004099 +0200
@@ -61,9 +61,11 @@
# define HEADER_O_STR_H
@ -381,10 +381,10 @@ Index: openssl-1.0.2b/crypto/o_str.h
+#pragma GCC visibility pop
#endif
Index: openssl-1.0.2b/crypto/o_time.h
Index: openssl-1.0.2i/crypto/o_time.h
===================================================================
--- openssl-1.0.2b.orig/crypto/o_time.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/o_time.h 2015-06-11 17:50:03.672860241 +0200
--- openssl-1.0.2i.orig/crypto/o_time.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/o_time.h 2016-09-23 10:20:47.887004099 +0200
@@ -61,10 +61,12 @@
# define HEADER_O_TIME_H
@ -398,10 +398,10 @@ Index: openssl-1.0.2b/crypto/o_time.h
+#pragma GCC visibility pop
#endif
Index: openssl-1.0.2b/crypto/ripemd/rmd_locl.h
Index: openssl-1.0.2i/crypto/ripemd/rmd_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/ripemd/rmd_locl.h 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/ripemd/rmd_locl.h 2015-06-11 17:50:03.673860254 +0200
--- openssl-1.0.2i.orig/crypto/ripemd/rmd_locl.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/ripemd/rmd_locl.h 2016-09-23 10:20:47.887004099 +0200
@@ -76,7 +76,7 @@
# endif
#endif
@ -411,20 +411,20 @@ Index: openssl-1.0.2b/crypto/ripemd/rmd_locl.h
#define DATA_ORDER_IS_LITTLE_ENDIAN
Index: openssl-1.0.2b/crypto/rsa/rsa_locl.h
Index: openssl-1.0.2i/crypto/rsa/rsa_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/rsa/rsa_locl.h 2015-06-11 15:00:12.000000000 +0200
+++ openssl-1.0.2b/crypto/rsa/rsa_locl.h 2015-06-11 17:50:03.673860254 +0200
--- openssl-1.0.2i.orig/crypto/rsa/rsa_locl.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/rsa/rsa_locl.h 2016-09-23 10:20:47.887004099 +0200
@@ -1,4 +1,4 @@
extern int int_rsa_verify(int dtype, const unsigned char *m,
unsigned int m_len, unsigned char *rm,
size_t *prm_len, const unsigned char *sigbuf,
- size_t siglen, RSA *rsa);
+ size_t siglen, RSA *rsa) __attribute__ ((visibility ("hidden")));
Index: openssl-1.0.2b/crypto/sha/sha256.c
Index: openssl-1.0.2i/crypto/sha/sha256.c
===================================================================
--- openssl-1.0.2b.orig/crypto/sha/sha256.c 2015-06-11 17:41:59.509534778 +0200
+++ openssl-1.0.2b/crypto/sha/sha256.c 2015-06-11 17:50:03.673860254 +0200
--- openssl-1.0.2i.orig/crypto/sha/sha256.c 2016-09-23 10:20:47.707001419 +0200
+++ openssl-1.0.2i/crypto/sha/sha256.c 2016-09-23 10:20:47.887004099 +0200
@@ -135,7 +135,7 @@ int SHA224_Final(unsigned char *md, SHA2
# ifndef SHA256_ASM
static
@ -434,10 +434,10 @@ Index: openssl-1.0.2b/crypto/sha/sha256.c
# include "md32_common.h"
Index: openssl-1.0.2b/crypto/sha/sha512.c
Index: openssl-1.0.2i/crypto/sha/sha512.c
===================================================================
--- openssl-1.0.2b.orig/crypto/sha/sha512.c 2015-06-11 17:41:59.509534778 +0200
+++ openssl-1.0.2b/crypto/sha/sha512.c 2015-06-11 17:50:03.673860254 +0200
--- openssl-1.0.2i.orig/crypto/sha/sha512.c 2016-09-23 10:20:47.707001419 +0200
+++ openssl-1.0.2i/crypto/sha/sha512.c 2016-09-23 10:20:47.887004099 +0200
@@ -109,7 +109,7 @@ fips_md_init(SHA512)
# ifndef SHA512_ASM
static
@ -447,10 +447,10 @@ Index: openssl-1.0.2b/crypto/sha/sha512.c
int SHA512_Final(unsigned char *md, SHA512_CTX *c)
{
Index: openssl-1.0.2b/crypto/sha/sha_locl.h
Index: openssl-1.0.2i/crypto/sha/sha_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/sha/sha_locl.h 2015-06-11 17:41:59.509534778 +0200
+++ openssl-1.0.2b/crypto/sha/sha_locl.h 2015-06-11 17:50:03.673860254 +0200
--- openssl-1.0.2i.orig/crypto/sha/sha_locl.h 2016-09-23 10:20:47.707001419 +0200
+++ openssl-1.0.2i/crypto/sha/sha_locl.h 2016-09-23 10:20:47.887004099 +0200
@@ -108,7 +108,7 @@ static void sha_block_data_order(SHA_CTX
# ifndef SHA1_ASM
static
@ -460,10 +460,10 @@ Index: openssl-1.0.2b/crypto/sha/sha_locl.h
#else
# error "Either SHA_0 or SHA_1 must be defined."
Index: openssl-1.0.2b/crypto/store/str_locl.h
Index: openssl-1.0.2i/crypto/store/str_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/store/str_locl.h 2015-03-19 15:02:02.000000000 +0100
+++ openssl-1.0.2b/crypto/store/str_locl.h 2015-06-11 17:50:03.673860254 +0200
--- openssl-1.0.2i.orig/crypto/store/str_locl.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/store/str_locl.h 2016-09-23 10:20:47.887004099 +0200
@@ -63,6 +63,8 @@
# include <openssl/crypto.h>
# include <openssl/store.h>
@ -480,10 +480,10 @@ Index: openssl-1.0.2b/crypto/store/str_locl.h
-
+#pragma GCC visibility pop
#endif
Index: openssl-1.0.2b/crypto/ui/ui_locl.h
Index: openssl-1.0.2i/crypto/ui/ui_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/ui/ui_locl.h 2015-03-19 15:02:02.000000000 +0100
+++ openssl-1.0.2b/crypto/ui/ui_locl.h 2015-06-11 17:50:03.673860254 +0200
--- openssl-1.0.2i.orig/crypto/ui/ui_locl.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/ui/ui_locl.h 2016-09-23 10:20:47.887004099 +0200
@@ -67,6 +67,8 @@
# undef _
# endif
@ -499,19 +499,19 @@ Index: openssl-1.0.2b/crypto/ui/ui_locl.h
+#pragma GCC visibility pop
#endif
Index: openssl-1.0.2b/crypto/whrlpool/wp_locl.h
Index: openssl-1.0.2i/crypto/whrlpool/wp_locl.h
===================================================================
--- openssl-1.0.2b.orig/crypto/whrlpool/wp_locl.h 2015-06-11 15:00:12.000000000 +0200
+++ openssl-1.0.2b/crypto/whrlpool/wp_locl.h 2015-06-11 17:50:03.673860254 +0200
--- openssl-1.0.2i.orig/crypto/whrlpool/wp_locl.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/whrlpool/wp_locl.h 2016-09-23 10:20:47.887004099 +0200
@@ -1,3 +1,3 @@
#include <openssl/whrlpool.h>
-void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t);
+void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t) __attribute__ ((visibility ("hidden")));
Index: openssl-1.0.2b/crypto/x509v3/ext_dat.h
Index: openssl-1.0.2i/crypto/x509v3/ext_dat.h
===================================================================
--- openssl-1.0.2b.orig/crypto/x509v3/ext_dat.h 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/x509v3/ext_dat.h 2015-06-11 17:50:03.674860267 +0200
--- openssl-1.0.2i.orig/crypto/x509v3/ext_dat.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/x509v3/ext_dat.h 2016-09-23 10:20:47.887004099 +0200
@@ -58,6 +58,8 @@
*/
/* This file contains a table of "standard" extensions */
@ -529,10 +529,10 @@ Index: openssl-1.0.2b/crypto/x509v3/ext_dat.h
/* Number of standard extensions */
#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
Index: openssl-1.0.2b/crypto/x509v3/pcy_int.h
Index: openssl-1.0.2i/crypto/x509v3/pcy_int.h
===================================================================
--- openssl-1.0.2b.orig/crypto/x509v3/pcy_int.h 2015-06-11 15:00:12.000000000 +0200
+++ openssl-1.0.2b/crypto/x509v3/pcy_int.h 2015-06-11 17:50:03.674860267 +0200
--- openssl-1.0.2i.orig/crypto/x509v3/pcy_int.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/x509v3/pcy_int.h 2016-09-23 10:20:47.887004099 +0200
@@ -57,6 +57,8 @@
*
*/
@ -548,10 +548,10 @@ Index: openssl-1.0.2b/crypto/x509v3/pcy_int.h
const X509_POLICY_CACHE *policy_cache_set(X509 *x);
+
+#pragma GCC visibility pop
Index: openssl-1.0.2b/crypto/modes/gcm128.c
Index: openssl-1.0.2i/crypto/modes/gcm128.c
===================================================================
--- openssl-1.0.2b.orig/crypto/modes/gcm128.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/modes/gcm128.c 2015-06-11 17:50:03.674860267 +0200
--- openssl-1.0.2i.orig/crypto/modes/gcm128.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/modes/gcm128.c 2016-09-23 10:20:47.887004099 +0200
@@ -602,9 +602,9 @@ static void gcm_ghash_4bit(u64 Xi[2], co
}
# endif
@ -578,10 +578,10 @@ Index: openssl-1.0.2b/crypto/modes/gcm128.c
# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
# define gcm_init_avx gcm_init_clmul
Index: openssl-1.0.2b/crypto/evp/e_rc4_hmac_md5.c
Index: openssl-1.0.2i/crypto/evp/e_rc4_hmac_md5.c
===================================================================
--- openssl-1.0.2b.orig/crypto/evp/e_rc4_hmac_md5.c 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/evp/e_rc4_hmac_md5.c 2015-06-11 17:50:03.674860267 +0200
--- openssl-1.0.2i.orig/crypto/evp/e_rc4_hmac_md5.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/evp/e_rc4_hmac_md5.c 2016-09-23 10:20:47.887004099 +0200
@@ -78,7 +78,7 @@ typedef struct {
# define NO_PAYLOAD_LENGTH ((size_t)-1)
@ -591,10 +591,10 @@ Index: openssl-1.0.2b/crypto/evp/e_rc4_hmac_md5.c
# define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data)
Index: openssl-1.0.2b/crypto/cmac/cm_ameth.c
Index: openssl-1.0.2i/crypto/cmac/cm_ameth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/cmac/cm_ameth.c 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/cmac/cm_ameth.c 2015-06-11 17:50:03.674860267 +0200
--- openssl-1.0.2i.orig/crypto/cmac/cm_ameth.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/cmac/cm_ameth.c 2016-09-23 10:20:47.887004099 +0200
@@ -73,7 +73,7 @@ static void cmac_key_free(EVP_PKEY *pkey
if (cmctx)
CMAC_CTX_free(cmctx);
@ -604,10 +604,10 @@ Index: openssl-1.0.2b/crypto/cmac/cm_ameth.c
const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = {
EVP_PKEY_CMAC,
EVP_PKEY_CMAC,
Index: openssl-1.0.2b/crypto/evp/pmeth_lib.c
Index: openssl-1.0.2i/crypto/evp/pmeth_lib.c
===================================================================
--- openssl-1.0.2b.orig/crypto/evp/pmeth_lib.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/evp/pmeth_lib.c 2015-06-11 17:50:03.675860280 +0200
--- openssl-1.0.2i.orig/crypto/evp/pmeth_lib.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/evp/pmeth_lib.c 2016-09-23 10:20:47.887004099 +0200
@@ -71,7 +71,7 @@
typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
@ -617,10 +617,10 @@ Index: openssl-1.0.2b/crypto/evp/pmeth_lib.c
extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
Index: openssl-1.0.2b/crypto/cmac/cm_pmeth.c
Index: openssl-1.0.2i/crypto/cmac/cm_pmeth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/cmac/cm_pmeth.c 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/cmac/cm_pmeth.c 2015-06-11 17:50:03.675860280 +0200
--- openssl-1.0.2i.orig/crypto/cmac/cm_pmeth.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/cmac/cm_pmeth.c 2016-09-23 10:20:47.887004099 +0200
@@ -182,6 +182,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C
return -2;
}
@ -629,10 +629,10 @@ Index: openssl-1.0.2b/crypto/cmac/cm_pmeth.c
const EVP_PKEY_METHOD cmac_pkey_meth = {
EVP_PKEY_CMAC,
EVP_PKEY_FLAG_SIGCTX_CUSTOM,
Index: openssl-1.0.2b/crypto/rand/md_rand.c
Index: openssl-1.0.2i/crypto/rand/md_rand.c
===================================================================
--- openssl-1.0.2b.orig/crypto/rand/md_rand.c 2015-06-11 17:41:59.506534739 +0200
+++ openssl-1.0.2b/crypto/rand/md_rand.c 2015-06-11 17:50:03.675860280 +0200
--- openssl-1.0.2i.orig/crypto/rand/md_rand.c 2016-09-23 10:20:47.827003205 +0200
+++ openssl-1.0.2i/crypto/rand/md_rand.c 2016-09-23 10:20:47.887004099 +0200
@@ -164,7 +164,7 @@ static int ssleay_rand_nopseudo_bytes(un
static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
static int ssleay_rand_status(void);
@ -642,10 +642,10 @@ Index: openssl-1.0.2b/crypto/rand/md_rand.c
ssleay_rand_seed,
ssleay_rand_nopseudo_bytes,
ssleay_rand_cleanup,
Index: openssl-1.0.2b/crypto/dh/dh_ameth.c
Index: openssl-1.0.2i/crypto/dh/dh_ameth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/dh/dh_ameth.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/dh/dh_ameth.c 2015-06-11 17:50:03.675860280 +0200
--- openssl-1.0.2i.orig/crypto/dh/dh_ameth.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/dh/dh_ameth.c 2016-09-23 10:20:47.887004099 +0200
@@ -584,6 +584,7 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey,
}
@ -654,10 +654,10 @@ Index: openssl-1.0.2b/crypto/dh/dh_ameth.c
const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
EVP_PKEY_DH,
EVP_PKEY_DH,
Index: openssl-1.0.2b/crypto/dh/dh_pmeth.c
Index: openssl-1.0.2i/crypto/dh/dh_pmeth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/dh/dh_pmeth.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/dh/dh_pmeth.c 2015-06-11 17:50:03.675860280 +0200
--- openssl-1.0.2i.orig/crypto/dh/dh_pmeth.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/dh/dh_pmeth.c 2016-09-23 10:20:47.887004099 +0200
@@ -482,6 +482,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *
return 1;
}
@ -666,11 +666,11 @@ Index: openssl-1.0.2b/crypto/dh/dh_pmeth.c
const EVP_PKEY_METHOD dh_pkey_meth = {
EVP_PKEY_DH,
0,
Index: openssl-1.0.2b/crypto/dsa/dsa_ameth.c
Index: openssl-1.0.2i/crypto/dsa/dsa_ameth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/dsa/dsa_ameth.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/dsa/dsa_ameth.c 2015-06-11 17:50:03.676860293 +0200
@@ -620,6 +620,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey,
--- openssl-1.0.2i.orig/crypto/dsa/dsa_ameth.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/dsa/dsa_ameth.c 2016-09-23 10:20:47.887004099 +0200
@@ -621,6 +621,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey,
/* NB these are sorted in pkey_id order, lowest first */
@ -678,10 +678,10 @@ Index: openssl-1.0.2b/crypto/dsa/dsa_ameth.c
const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = {
{
Index: openssl-1.0.2b/crypto/dsa/dsa_pmeth.c
Index: openssl-1.0.2i/crypto/dsa/dsa_pmeth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/dsa/dsa_pmeth.c 2015-06-11 17:41:59.488534507 +0200
+++ openssl-1.0.2b/crypto/dsa/dsa_pmeth.c 2015-06-11 17:50:03.676860293 +0200
--- openssl-1.0.2i.orig/crypto/dsa/dsa_pmeth.c 2016-09-23 10:20:47.695001240 +0200
+++ openssl-1.0.2i/crypto/dsa/dsa_pmeth.c 2016-09-23 10:20:47.887004099 +0200
@@ -278,6 +278,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX
return DSA_generate_key(pkey->pkey.dsa);
}
@ -690,10 +690,10 @@ Index: openssl-1.0.2b/crypto/dsa/dsa_pmeth.c
const EVP_PKEY_METHOD dsa_pkey_meth = {
EVP_PKEY_DSA,
EVP_PKEY_FLAG_AUTOARGLEN,
Index: openssl-1.0.2b/crypto/ec/ec_ameth.c
Index: openssl-1.0.2i/crypto/ec/ec_ameth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/ec/ec_ameth.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/ec/ec_ameth.c 2015-06-11 17:50:03.676860293 +0200
--- openssl-1.0.2i.orig/crypto/ec/ec_ameth.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/ec/ec_ameth.c 2016-09-23 10:20:47.891004159 +0200
@@ -608,6 +608,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey,
}
@ -702,10 +702,10 @@ Index: openssl-1.0.2b/crypto/ec/ec_ameth.c
const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
EVP_PKEY_EC,
EVP_PKEY_EC,
Index: openssl-1.0.2b/crypto/ec/ec_pmeth.c
Index: openssl-1.0.2i/crypto/ec/ec_pmeth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/ec/ec_pmeth.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/ec/ec_pmeth.c 2015-06-11 17:50:03.676860293 +0200
--- openssl-1.0.2i.orig/crypto/ec/ec_pmeth.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/ec/ec_pmeth.c 2016-09-23 10:20:47.891004159 +0200
@@ -491,6 +491,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *
return EC_KEY_generate_key(pkey->pkey.ec);
}
@ -714,11 +714,11 @@ Index: openssl-1.0.2b/crypto/ec/ec_pmeth.c
const EVP_PKEY_METHOD ec_pkey_meth = {
EVP_PKEY_EC,
0,
Index: openssl-1.0.2b/crypto/hmac/hm_ameth.c
Index: openssl-1.0.2i/crypto/hmac/hm_ameth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/hmac/hm_ameth.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/hmac/hm_ameth.c 2015-06-11 17:50:03.676860293 +0200
@@ -135,6 +135,7 @@ static int old_hmac_encode(const EVP_PKE
--- openssl-1.0.2i.orig/crypto/hmac/hm_ameth.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/hmac/hm_ameth.c 2016-09-23 10:20:47.891004159 +0200
@@ -140,6 +140,7 @@ static int old_hmac_encode(const EVP_PKE
#endif
@ -726,10 +726,10 @@ Index: openssl-1.0.2b/crypto/hmac/hm_ameth.c
const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
EVP_PKEY_HMAC,
EVP_PKEY_HMAC,
Index: openssl-1.0.2b/crypto/hmac/hm_pmeth.c
Index: openssl-1.0.2i/crypto/hmac/hm_pmeth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/hmac/hm_pmeth.c 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/hmac/hm_pmeth.c 2015-06-11 17:50:03.676860293 +0200
--- openssl-1.0.2i.orig/crypto/hmac/hm_pmeth.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/hmac/hm_pmeth.c 2016-09-23 10:20:47.891004159 +0200
@@ -228,6 +228,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C
return -2;
}
@ -738,23 +738,23 @@ Index: openssl-1.0.2b/crypto/hmac/hm_pmeth.c
const EVP_PKEY_METHOD hmac_pkey_meth = {
EVP_PKEY_HMAC,
0,
Index: openssl-1.0.2b/crypto/rsa/rsa_ameth.c
Index: openssl-1.0.2i/crypto/rsa/rsa_ameth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/rsa/rsa_ameth.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/rsa/rsa_ameth.c 2015-06-11 17:50:03.677860306 +0200
@@ -921,6 +921,7 @@ static int rsa_cms_encrypt(CMS_Recipient
return rv;
--- openssl-1.0.2i.orig/crypto/rsa/rsa_ameth.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/rsa/rsa_ameth.c 2016-09-23 10:20:47.891004159 +0200
@@ -929,6 +929,7 @@ static int rsa_cms_encrypt(CMS_Recipient
}
#endif
+ __attribute__ ((visibility ("hidden")))
const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
{
EVP_PKEY_RSA,
Index: openssl-1.0.2b/crypto/rsa/rsa_pmeth.c
Index: openssl-1.0.2i/crypto/rsa/rsa_pmeth.c
===================================================================
--- openssl-1.0.2b.orig/crypto/rsa/rsa_pmeth.c 2015-06-11 17:41:59.508534765 +0200
+++ openssl-1.0.2b/crypto/rsa/rsa_pmeth.c 2015-06-11 17:50:03.677860306 +0200
@@ -723,6 +723,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX
--- openssl-1.0.2i.orig/crypto/rsa/rsa_pmeth.c 2016-09-23 10:20:47.707001419 +0200
+++ openssl-1.0.2i/crypto/rsa/rsa_pmeth.c 2016-09-23 10:20:47.891004159 +0200
@@ -725,6 +725,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX
return ret;
}
@ -762,10 +762,10 @@ Index: openssl-1.0.2b/crypto/rsa/rsa_pmeth.c
const EVP_PKEY_METHOD rsa_pkey_meth = {
EVP_PKEY_RSA,
EVP_PKEY_FLAG_AUTOARGLEN,
Index: openssl-1.0.2b/crypto/objects/obj_xref.c
Index: openssl-1.0.2i/crypto/objects/obj_xref.c
===================================================================
--- openssl-1.0.2b.orig/crypto/objects/obj_xref.c 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/objects/obj_xref.c 2015-06-11 17:50:03.677860306 +0200
--- openssl-1.0.2i.orig/crypto/objects/obj_xref.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/objects/obj_xref.c 2016-09-23 10:20:47.891004159 +0200
@@ -61,7 +61,7 @@
#include "obj_xref.h"
@ -775,10 +775,10 @@ Index: openssl-1.0.2b/crypto/objects/obj_xref.c
static int sig_cmp(const nid_triple *a, const nid_triple *b)
{
Index: openssl-1.0.2b/crypto/pem/pem_lib.c
Index: openssl-1.0.2i/crypto/pem/pem_lib.c
===================================================================
--- openssl-1.0.2b.orig/crypto/pem/pem_lib.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/pem/pem_lib.c 2015-06-11 17:50:03.677860306 +0200
--- openssl-1.0.2i.orig/crypto/pem/pem_lib.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/pem/pem_lib.c 2016-09-23 10:20:47.891004159 +0200
@@ -80,7 +80,7 @@ const char PEM_version[] = "PEM" OPENSSL
static int load_iv(char **fromp, unsigned char *to, int num);
@ -788,10 +788,10 @@ Index: openssl-1.0.2b/crypto/pem/pem_lib.c
int PEM_def_callback(char *buf, int num, int w, void *key)
{
Index: openssl-1.0.2b/crypto/asn1/tasn_prn.c
Index: openssl-1.0.2i/crypto/asn1/tasn_prn.c
===================================================================
--- openssl-1.0.2b.orig/crypto/asn1/tasn_prn.c 2015-06-11 15:01:06.000000000 +0200
+++ openssl-1.0.2b/crypto/asn1/tasn_prn.c 2015-06-11 17:50:03.677860306 +0200
--- openssl-1.0.2i.orig/crypto/asn1/tasn_prn.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/asn1/tasn_prn.c 2016-09-23 10:20:47.891004159 +0200
@@ -73,7 +73,7 @@
/* ASN1_PCTX routines */
@ -801,11 +801,11 @@ Index: openssl-1.0.2b/crypto/asn1/tasn_prn.c
ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */
0, /* nm_flags */
0, /* cert_flags */
Index: openssl-1.0.2b/crypto/bn/bn_exp.c
Index: openssl-1.0.2i/crypto/bn/bn_exp.c
===================================================================
--- openssl-1.0.2b.orig/crypto/bn/bn_exp.c 2015-06-11 15:50:11.000000000 +0200
+++ openssl-1.0.2b/crypto/bn/bn_exp.c 2015-06-11 17:50:03.678860319 +0200
@@ -947,10 +947,10 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
--- openssl-1.0.2i.orig/crypto/bn/bn_exp.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/bn/bn_exp.c 2016-09-23 10:20:47.891004159 +0200
@@ -998,10 +998,10 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
*/
void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
const void *table, const BN_ULONG *np,
@ -819,10 +819,10 @@ Index: openssl-1.0.2b/crypto/bn/bn_exp.c
void bn_power5(BN_ULONG *rp, const BN_ULONG *ap,
const void *table, const BN_ULONG *np,
const BN_ULONG *n0, int num, int power);
Index: openssl-1.0.2b/crypto/bn/bn_gf2m.c
Index: openssl-1.0.2i/crypto/bn/bn_gf2m.c
===================================================================
--- openssl-1.0.2b.orig/crypto/bn/bn_gf2m.c 2015-06-11 15:52:57.000000000 +0200
+++ openssl-1.0.2b/crypto/bn/bn_gf2m.c 2015-06-11 17:50:03.678860319 +0200
--- openssl-1.0.2i.orig/crypto/bn/bn_gf2m.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/bn/bn_gf2m.c 2016-09-23 10:20:47.891004159 +0200
@@ -321,7 +321,7 @@ static void bn_GF2m_mul_2x2(BN_ULONG *r,
}
# else

3
openssl-1.0.2h.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919
size 5274412

11
openssl-1.0.2h.tar.gz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJXKKvFAAoJENnE0m0OYESRGpAH/AyxYu871GheytE2YEgeEFou
1e37k9PiBgS9BUmpr0ufRGMn9QufZzYCf1b2LXr3Fn31Ui5rCHrLntGeAdD4ngmh
4fEOhEJRWpfHGlFVyXc8jHSeK6wfgvM928Up/ftSGyciDgWMDXmx5eCzJgREjJ+k
DAQwtE34lCilzrYOcEn9xVd3NEScodAHQEhRXXM7p6jesHlQ8cSFljDn8QDvFu/R
gRGAAWW9/ZjbwE6hbT8nPYq7UCUUvz2ne8U3kCwyGYwqLGt47qV0yD9mqG/oO0RB
wFOcJhcGUqKSxlHqukAusxeZLuXMzw7UmucLCDxW9ETB644KlZ3/8E4CkOlLNIM=
=a9Hy
-----END PGP SIGNATURE-----

754
openssl-1.0.2e-fips.patch → openssl-1.0.2i-fips.patch
View File

File diff suppressed because it is too large Load Diff

129
openssl-1.0.2a-new-fips-reqs.patch → openssl-1.0.2i-new-fips-reqs.patch
View File

@ -1,26 +1,23 @@
Index: openssl-1.0.2f/crypto/bn/bn_rand.c
===================================================================
--- openssl-1.0.2f.orig/crypto/bn/bn_rand.c 2016-01-28 14:38:30.000000000 +0100
+++ openssl-1.0.2f/crypto/bn/bn_rand.c 2016-01-28 15:59:54.945269236 +0100
@@ -141,9 +141,11 @@ static int bnrand(int pseudorand, BIGNUM
goto err;
diff -up openssl-1.0.2i/crypto/bn/bn_rand.c.fips-reqs openssl-1.0.2i/crypto/bn/bn_rand.c
--- openssl-1.0.2i/crypto/bn/bn_rand.c.fips-reqs 2016-09-22 13:54:26.533848449 +0200
+++ openssl-1.0.2i/crypto/bn/bn_rand.c 2016-09-22 13:56:52.169233060 +0200
@@ -141,8 +141,11 @@ static int bnrand(int pseudorand, BIGNUM
}
- /* make a random number and set the top and bottom bits */
/* make a random number and set the top and bottom bits */
- time(&tim);
- RAND_add(&tim, sizeof(tim), 0.0);
+ if (!FIPS_mode()) { /* in FIPS mode the RNG is always properly seeded or the module fails */
+ /* make a random number and set the top and bottom bits */
+ if (!FIPS_mode()) {
+ /* in FIPS mode the RNG is always properly seeded or the module fails */
+ time(&tim);
+ RAND_add(&tim, sizeof(tim), 0.0);
+ }
if (pseudorand) {
if (RAND_pseudo_bytes(buf, bytes) == -1)
Index: openssl-1.0.2f/crypto/dh/dh_gen.c
===================================================================
--- openssl-1.0.2f.orig/crypto/dh/dh_gen.c 2016-01-28 15:59:54.912268693 +0100
+++ openssl-1.0.2f/crypto/dh/dh_gen.c 2016-01-28 15:59:54.945269236 +0100
/* We ignore the value of pseudorand and always call RAND_bytes */
if (RAND_bytes(buf, bytes) <= 0)
diff -up openssl-1.0.2i/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.2i/crypto/dh/dh_gen.c
--- openssl-1.0.2i/crypto/dh/dh_gen.c.fips-reqs 2016-09-22 13:54:26.489847426 +0200
+++ openssl-1.0.2i/crypto/dh/dh_gen.c 2016-09-22 13:54:26.533848449 +0200
@@ -128,7 +128,7 @@ static int dh_builtin_genparams(DH *ret,
return 0;
}
@ -30,10 +27,9 @@ Index: openssl-1.0.2f/crypto/dh/dh_gen.c
DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
goto err;
}
Index: openssl-1.0.2f/crypto/dh/dh.h
===================================================================
--- openssl-1.0.2f.orig/crypto/dh/dh.h 2016-01-28 15:59:54.912268693 +0100
+++ openssl-1.0.2f/crypto/dh/dh.h 2016-01-28 15:59:54.945269236 +0100
diff -up openssl-1.0.2i/crypto/dh/dh.h.fips-reqs openssl-1.0.2i/crypto/dh/dh.h
--- openssl-1.0.2i/crypto/dh/dh.h.fips-reqs 2016-09-22 13:54:26.489847426 +0200
+++ openssl-1.0.2i/crypto/dh/dh.h 2016-09-22 13:54:26.534848472 +0200
@@ -78,6 +78,7 @@
# endif
@ -42,10 +38,9 @@ Index: openssl-1.0.2f/crypto/dh/dh.h
# define DH_FLAG_CACHE_MONT_P 0x01
Index: openssl-1.0.2f/crypto/dsa/dsa_gen.c
===================================================================
--- openssl-1.0.2f.orig/crypto/dsa/dsa_gen.c 2016-01-28 15:59:54.913268710 +0100
+++ openssl-1.0.2f/crypto/dsa/dsa_gen.c 2016-01-28 15:59:54.945269236 +0100
diff -up openssl-1.0.2i/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.2i/crypto/dsa/dsa_gen.c
--- openssl-1.0.2i/crypto/dsa/dsa_gen.c.fips-reqs 2016-09-22 13:54:26.490847450 +0200
+++ openssl-1.0.2i/crypto/dsa/dsa_gen.c 2016-09-22 13:54:26.534848472 +0200
@@ -157,9 +157,11 @@ int dsa_builtin_paramgen(DSA *ret, size_
}
@ -61,10 +56,9 @@ Index: openssl-1.0.2f/crypto/dsa/dsa_gen.c
DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_INVALID);
goto err;
}
Index: openssl-1.0.2f/crypto/dsa/dsa.h
===================================================================
--- openssl-1.0.2f.orig/crypto/dsa/dsa.h 2016-01-28 15:59:54.913268710 +0100
+++ openssl-1.0.2f/crypto/dsa/dsa.h 2016-01-28 15:59:54.946269253 +0100
diff -up openssl-1.0.2i/crypto/dsa/dsa.h.fips-reqs openssl-1.0.2i/crypto/dsa/dsa.h
--- openssl-1.0.2i/crypto/dsa/dsa.h.fips-reqs 2016-09-22 13:54:26.490847450 +0200
+++ openssl-1.0.2i/crypto/dsa/dsa.h 2016-09-22 13:54:26.534848472 +0200
@@ -89,6 +89,7 @@
# endif
@ -85,11 +79,10 @@ Index: openssl-1.0.2f/crypto/dsa/dsa.h
* Rabin-Miller
*/
# define DSA_is_prime(n, callback, cb_arg) \
Index: openssl-1.0.2f/crypto/dsa/dsa_key.c
===================================================================
--- openssl-1.0.2f.orig/crypto/dsa/dsa_key.c 2016-01-28 15:59:54.913268710 +0100
+++ openssl-1.0.2f/crypto/dsa/dsa_key.c 2016-01-28 15:59:54.946269253 +0100
@@ -120,7 +120,7 @@ static int dsa_builtin_keygen(DSA *dsa)
diff -up openssl-1.0.2i/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.2i/crypto/dsa/dsa_key.c
--- openssl-1.0.2i/crypto/dsa/dsa_key.c.fips-reqs 2016-09-22 13:54:26.532848426 +0200
+++ openssl-1.0.2i/crypto/dsa/dsa_key.c 2016-09-22 13:54:26.534848472 +0200
@@ -125,7 +125,7 @@ static int dsa_builtin_keygen(DSA *dsa)
# ifdef OPENSSL_FIPS
if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
@ -98,11 +91,10 @@ Index: openssl-1.0.2f/crypto/dsa/dsa_key.c
DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
goto err;
}
Index: openssl-1.0.2f/crypto/fips/fips.c
===================================================================
--- openssl-1.0.2f.orig/crypto/fips/fips.c 2016-01-28 15:59:54.939269138 +0100
+++ openssl-1.0.2f/crypto/fips/fips.c 2016-01-28 15:59:54.946269253 +0100
@@ -418,26 +418,24 @@ int FIPS_module_mode_set(int onoff, cons
diff -up openssl-1.0.2i/crypto/fips/fips.c.fips-reqs openssl-1.0.2i/crypto/fips/fips.c
--- openssl-1.0.2i/crypto/fips/fips.c.fips-reqs 2016-09-22 13:54:26.532848426 +0200
+++ openssl-1.0.2i/crypto/fips/fips.c 2016-09-22 13:54:26.534848472 +0200
@@ -424,26 +424,24 @@ int FIPS_module_mode_set(int onoff, cons
ret = 0;
goto end;
}
@ -135,10 +127,9 @@ Index: openssl-1.0.2f/crypto/fips/fips.c
ret = 1;
goto end;
}
Index: openssl-1.0.2f/crypto/fips/fips_dh_selftest.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2f/crypto/fips/fips_dh_selftest.c 2016-01-28 15:59:54.946269253 +0100
diff -up openssl-1.0.2i/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.2i/crypto/fips/fips_dh_selftest.c
--- openssl-1.0.2i/crypto/fips/fips_dh_selftest.c.fips-reqs 2016-09-22 13:54:26.535848495 +0200
+++ openssl-1.0.2i/crypto/fips/fips_dh_selftest.c 2016-09-22 13:54:26.535848495 +0200
@@ -0,0 +1,162 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
@ -302,10 +293,9 @@ Index: openssl-1.0.2f/crypto/fips/fips_dh_selftest.c
+ return ret;
+}
+#endif
Index: openssl-1.0.2f/crypto/fips/fips.h
===================================================================
--- openssl-1.0.2f.orig/crypto/fips/fips.h 2016-01-28 15:59:54.939269138 +0100
+++ openssl-1.0.2f/crypto/fips/fips.h 2016-01-28 15:59:54.946269253 +0100
diff -up openssl-1.0.2i/crypto/fips/fips.h.fips-reqs openssl-1.0.2i/crypto/fips/fips.h
--- openssl-1.0.2i/crypto/fips/fips.h.fips-reqs 2016-09-22 13:54:26.527848309 +0200
+++ openssl-1.0.2i/crypto/fips/fips.h 2016-09-22 13:54:26.535848495 +0200
@@ -96,6 +96,7 @@ extern "C" {
int FIPS_selftest_dsa(void);
int FIPS_selftest_ecdsa(void);
@ -314,10 +304,9 @@ Index: openssl-1.0.2f/crypto/fips/fips.h
void FIPS_corrupt_rng(void);
void FIPS_rng_stick(void);
void FIPS_x931_stick(int onoff);
Index: openssl-1.0.2f/crypto/fips/fips_post.c
===================================================================
--- openssl-1.0.2f.orig/crypto/fips/fips_post.c 2016-01-28 15:59:54.933269039 +0100
+++ openssl-1.0.2f/crypto/fips/fips_post.c 2016-01-28 15:59:54.946269253 +0100
diff -up openssl-1.0.2i/crypto/fips/fips_post.c.fips-reqs openssl-1.0.2i/crypto/fips/fips_post.c
--- openssl-1.0.2i/crypto/fips/fips_post.c.fips-reqs 2016-09-22 13:54:26.524848240 +0200
+++ openssl-1.0.2i/crypto/fips/fips_post.c 2016-09-22 13:54:26.535848495 +0200
@@ -99,6 +99,8 @@ int FIPS_selftest(void)
rv = 0;
if (!FIPS_selftest_dsa())
@ -327,10 +316,9 @@ Index: openssl-1.0.2f/crypto/fips/fips_post.c
if (!FIPS_selftest_ecdh())
rv = 0;
return rv;
Index: openssl-1.0.2f/crypto/fips/fips_rsa_selftest.c
===================================================================
--- openssl-1.0.2f.orig/crypto/fips/fips_rsa_selftest.c 2016-01-28 15:59:54.920268825 +0100
+++ openssl-1.0.2f/crypto/fips/fips_rsa_selftest.c 2016-01-28 15:59:54.947269270 +0100
diff -up openssl-1.0.2i/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.2i/crypto/fips/fips_rsa_selftest.c
--- openssl-1.0.2i/crypto/fips/fips_rsa_selftest.c.fips-reqs 2016-09-22 13:54:26.499847659 +0200
+++ openssl-1.0.2i/crypto/fips/fips_rsa_selftest.c 2016-09-22 13:54:26.537848542 +0200
@@ -60,68 +60,107 @@
#ifdef OPENSSL_FIPS
@ -985,10 +973,9 @@ Index: openssl-1.0.2f/crypto/fips/fips_rsa_selftest.c
RSA_free(key);
return ret;
}
Index: openssl-1.0.2f/crypto/fips/Makefile
===================================================================
--- openssl-1.0.2f.orig/crypto/fips/Makefile 2016-01-28 15:59:54.933269039 +0100
+++ openssl-1.0.2f/crypto/fips/Makefile 2016-01-28 15:59:54.947269270 +0100
diff -up openssl-1.0.2i/crypto/fips/Makefile.fips-reqs openssl-1.0.2i/crypto/fips/Makefile
--- openssl-1.0.2i/crypto/fips/Makefile.fips-reqs 2016-09-22 13:54:26.524848240 +0200
+++ openssl-1.0.2i/crypto/fips/Makefile 2016-09-22 13:54:26.537848542 +0200
@@ -24,13 +24,15 @@ LIBSRC=fips_aes_selftest.c fips_des_self
fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
@ -1007,10 +994,9 @@ Index: openssl-1.0.2f/crypto/fips/Makefile
LIBCRYPTO=-L.. -lcrypto
Index: openssl-1.0.2f/crypto/rand/rand_lcl.h
===================================================================
--- openssl-1.0.2f.orig/crypto/rand/rand_lcl.h 2016-01-28 14:38:31.000000000 +0100
+++ openssl-1.0.2f/crypto/rand/rand_lcl.h 2016-01-28 15:59:54.947269270 +0100
diff -up openssl-1.0.2i/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.2i/crypto/rand/rand_lcl.h
--- openssl-1.0.2i/crypto/rand/rand_lcl.h.fips-reqs 2016-09-22 13:54:26.261842127 +0200
+++ openssl-1.0.2i/crypto/rand/rand_lcl.h 2016-09-22 13:54:26.537848542 +0200
@@ -112,7 +112,7 @@
#ifndef HEADER_RAND_LCL_H
# define HEADER_RAND_LCL_H
@ -1020,10 +1006,9 @@ Index: openssl-1.0.2f/crypto/rand/rand_lcl.h
# if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
Index: openssl-1.0.2f/crypto/rand/rand_lib.c
===================================================================
--- openssl-1.0.2f.orig/crypto/rand/rand_lib.c 2016-01-28 14:38:31.000000000 +0100
+++ openssl-1.0.2f/crypto/rand/rand_lib.c 2016-01-28 15:59:54.947269270 +0100
diff -up openssl-1.0.2i/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.2i/crypto/rand/rand_lib.c
--- openssl-1.0.2i/crypto/rand/rand_lib.c.fips-reqs 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/rand/rand_lib.c 2016-09-22 13:54:26.537848542 +0200
@@ -236,12 +236,22 @@ static int drbg_rand_add(DRBG_CTX *ctx,
double entropy)
{
@ -1047,10 +1032,9 @@ Index: openssl-1.0.2f/crypto/rand/rand_lib.c
return 1;
}
Index: openssl-1.0.2f/crypto/rsa/rsa_gen.c
===================================================================
--- openssl-1.0.2f.orig/crypto/rsa/rsa_gen.c 2016-01-28 15:59:54.923268874 +0100
+++ openssl-1.0.2f/crypto/rsa/rsa_gen.c 2016-01-28 15:59:54.947269270 +0100
diff -up openssl-1.0.2i/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.2i/crypto/rsa/rsa_gen.c
--- openssl-1.0.2i/crypto/rsa/rsa_gen.c.fips-reqs 2016-09-22 13:54:26.502847728 +0200
+++ openssl-1.0.2i/crypto/rsa/rsa_gen.c 2016-09-22 13:54:26.538848565 +0200
@@ -1,5 +1,6 @@
/* crypto/rsa/rsa_gen.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@ -1352,10 +1336,9 @@ Index: openssl-1.0.2f/crypto/rsa/rsa_gen.c
ok = 1;
err:
if (ok == -1) {
Index: openssl-1.0.2f/ssl/t1_enc.c
===================================================================
--- openssl-1.0.2f.orig/ssl/t1_enc.c 2016-01-28 14:56:08.000000000 +0100
+++ openssl-1.0.2f/ssl/t1_enc.c 2016-01-28 15:59:54.947269270 +0100
diff -up openssl-1.0.2i/ssl/t1_enc.c.fips-reqs openssl-1.0.2i/ssl/t1_enc.c
--- openssl-1.0.2i/ssl/t1_enc.c.fips-reqs 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/ssl/t1_enc.c 2016-09-22 13:54:26.538848565 +0200
@@ -292,6 +292,23 @@ static int tls1_PRF(long digest_mask,
return ret;
}

3
openssl-1.0.2j.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431
size 5307912

11
openssl-1.0.2j.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJX6O9BAAoJENnE0m0OYESRhC4H/0feEYv4JBbtk3cFyIt39ph6
A700qbm8pnOukXOg5Q2HrYz6TxE1C/p7MO4+iYnttvtC7WMz9oK0fEQ/k2PEjoU7
I65vM/LlrQjY6pJe+pORk+UL9uHamcDpeyYCa+Ro61o/l4Vd9iHQMN77LDfkKzDK
qq8q/DMlHVhPv1U8+kDCT9r4nEOqb0tkvJEIns3wFlkw1Wp+VwnhAS5s3J1Xwetj
MK6TFOtI1UOULXiYjSRs4Sy8nyxG5V6VVofAL+aQNOFqAzF45RE5R/6AjL5I8J9y
yoyIzj1a/h8M/PJGzADgpxZAdE2cpZAlQAhZdQutst0GRma6i36HGzq4IUDwbCc=
=puH/
-----END PGP SIGNATURE-----

28
openssl-fips-dont-fall-back-to-default-digest.patch
View File

@ -1,7 +1,7 @@
Index: openssl-1.0.2g/apps/dgst.c
Index: openssl-1.0.2i/apps/dgst.c
===================================================================
--- openssl-1.0.2g.orig/apps/dgst.c 2016-03-01 14:35:53.000000000 +0100
+++ openssl-1.0.2g/apps/dgst.c 2016-04-14 11:04:21.706558132 +0200
--- openssl-1.0.2i.orig/apps/dgst.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/apps/dgst.c 2016-09-23 10:20:02.162323196 +0200
@@ -147,7 +147,7 @@ int MAIN(int argc, char **argv)
/* first check the program name */
program_name(argv[0], pname, sizeof pname);
@ -20,12 +20,12 @@ Index: openssl-1.0.2g/apps/dgst.c
md = m;
else
break;
Index: openssl-1.0.2g/apps/apps.c
Index: openssl-1.0.2i/apps/apps.c
===================================================================
--- openssl-1.0.2g.orig/apps/apps.c 2016-03-01 14:35:53.000000000 +0100
+++ openssl-1.0.2g/apps/apps.c 2016-04-14 11:04:21.707558145 +0200
@@ -3226,3 +3226,45 @@ int raw_write_stdout(const void *buf, in
return write(fileno(stdout), buf, siz);
--- openssl-1.0.2i.orig/apps/apps.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/apps/apps.c 2016-09-23 10:20:02.162323196 +0200
@@ -3266,3 +3266,45 @@ int raw_write_stdout(const void *buf, in
return write(fileno_stdout(), buf, siz);
}
#endif
+
@ -70,10 +70,10 @@ Index: openssl-1.0.2g/apps/apps.c
+ return ciph;
+ }
+
Index: openssl-1.0.2g/apps/apps.h
Index: openssl-1.0.2i/apps/apps.h
===================================================================
--- openssl-1.0.2g.orig/apps/apps.h 2016-03-01 14:35:53.000000000 +0100
+++ openssl-1.0.2g/apps/apps.h 2016-04-14 11:04:21.707558145 +0200
--- openssl-1.0.2i.orig/apps/apps.h 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/apps/apps.h 2016-09-23 10:20:02.162323196 +0200
@@ -348,6 +348,9 @@ void print_cert_checks(BIO *bio, X509 *x
void store_setup_crl_download(X509_STORE *st);
@ -84,10 +84,10 @@ Index: openssl-1.0.2g/apps/apps.h
# define FORMAT_UNDEF 0
# define FORMAT_ASN1 1
# define FORMAT_TEXT 2
Index: openssl-1.0.2g/apps/enc.c
Index: openssl-1.0.2i/apps/enc.c
===================================================================
--- openssl-1.0.2g.orig/apps/enc.c 2016-03-01 14:35:05.000000000 +0100
+++ openssl-1.0.2g/apps/enc.c 2016-04-15 13:57:22.782628623 +0200
--- openssl-1.0.2i.orig/apps/enc.c 2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/apps/enc.c 2016-09-23 10:20:02.162323196 +0200
@@ -150,7 +150,7 @@ int MAIN(int argc, char **argv)
do_zlib = 1;
#endif

13
openssl-print_notice-NULL_crash.patch Normal file
View File

@ -0,0 +1,13 @@
Index: openssl-1.0.2i/crypto/x509v3/v3_cpols.c
===================================================================
--- openssl-1.0.2i.orig/crypto/x509v3/v3_cpols.c 2016-09-23 11:35:30.509972948 +0200
+++ openssl-1.0.2i/crypto/x509v3/v3_cpols.c 2016-09-23 11:36:16.742667963 +0200
@@ -459,6 +459,8 @@ static void print_notice(BIO *out, USERN
if (i)
BIO_puts(out, ", ");
tmp = i2s_ASN1_INTEGER(NULL, num);
+ if (tmp == NULL)
+ return;
BIO_puts(out, tmp);
OPENSSL_free(tmp);
}

39
openssl.changes
View File

@ -1,3 +1,42 @@
-------------------------------------------------------------------
Tue Sep 27 06:20:03 UTC 2016 - michael@stroeder.com
- update to openssl-1.0.2j
* Missing CRL sanity check (CVE-2016-7052 bsc#1001148)
-------------------------------------------------------------------
Fri Sep 23 08:22:01 UTC 2016 - vcizek@suse.com
- OpenSSL Security Advisory [22 Sep 2016] (bsc#999665)
Severity: High
* OCSP Status Request extension unbounded memory growth
(CVE-2016-6304) (bsc#999666)
Severity: Low
* Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575)
* Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249)
* DTLS buffered message DoS (CVE-2016-2179) (bsc#994844)
* OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419)
* DTLS replay protection DoS (CVE-2016-2181) (bsc#994749)
* OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819)
* Birthday attack against 64-bit block ciphers (SWEET32)
(CVE-2016-2183) (bsc#995359)
* Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324)
* OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377)
* Certificate message OOB reads (CVE-2016-6306) (bsc#999668)
- update to openssl-1.0.2i
* remove patches:
openssl-1.0.2a-new-fips-reqs.patch
openssl-1.0.2e-fips.patch
* add patches:
openssl-1.0.2i-fips.patch
openssl-1.0.2i-new-fips-reqs.patch
-------------------------------------------------------------------
Wed Aug 3 12:41:41 UTC 2016 - vcizek@suse.com
- fix crash in print_notice (bsc#998190)
* add openssl-print_notice-NULL_crash.patch
-------------------------------------------------------------------
Tue May 3 14:43:47 UTC 2016 - vcizek@suse.com

9
openssl.spec
View File

@ -29,7 +29,7 @@ Provides: ssl
%ifarch ppc64
Obsoletes: openssl-64bit
%endif
Version: 1.0.2h
Version: 1.0.2j
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL
@ -62,10 +62,10 @@ Patch10: openssl-pkgconfig.patch
Patch13: openssl-1.0.2a-ipv6-apps.patch
Patch14: 0001-libcrypto-Hide-library-private-symbols.patch
# FIPS patches:
Patch15: openssl-1.0.2e-fips.patch
Patch15: openssl-1.0.2i-fips.patch
Patch16: openssl-1.0.2a-fips-ec.patch
Patch17: openssl-1.0.2a-fips-ctor.patch
Patch18: openssl-1.0.2a-new-fips-reqs.patch
Patch18: openssl-1.0.2i-new-fips-reqs.patch
Patch19: openssl-gcc-attributes.patch
Patch26: 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
Patch33: openssl-no-egd.patch
@ -85,6 +85,8 @@ Patch57: openssl-fips-fix-odd-rsakeybits.patch
Patch58: openssl-fips-clearerror.patch
Patch59: openssl-fips-dont-fall-back-to-default-digest.patch
Patch60: openssl-print_notice-NULL_crash.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -204,6 +206,7 @@ this package's base documentation.
%patch57 -p1
%patch58 -p1
%patch59 -p1
%patch60 -p1
%if 0%{?suse_version} >= 1120
%patch3
%endif