update to upstream version 1.1.0f

SRP and GOST is now allowed, note that GOST support requires
  adding GOST engine which is not part of openssl anymore
This commit is contained in:
Tomas Mraz 2017-06-02 15:32:15 +02:00
parent c676ac32d5
commit 1ff978b22e
8 changed files with 350 additions and 361 deletions

1
.gitignore vendored
View File

@ -35,3 +35,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.1.0c-hobbled.tar.xz /openssl-1.1.0c-hobbled.tar.xz
/openssl-1.1.0d-hobbled.tar.xz /openssl-1.1.0d-hobbled.tar.xz
/openssl-1.1.0e-hobbled.tar.xz /openssl-1.1.0e-hobbled.tar.xz
/openssl-1.1.0f-hobbled.tar.xz

View File

@ -8,19 +8,11 @@ set -e
# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore # IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore
# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore # RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore
# EC: ????????? ??/??/2020 # EC: ????????? ??/??/2020
# SRP: ????????? ??/??/20?? # SRP: ????????? ??/??/2017 - expired, we do not remove it anymore
# Remove assembler portions of IDEA, MDC2, and RC5. # Remove assembler portions of IDEA, MDC2, and RC5.
# (find crypto/rc5/asm -type f | xargs -r rm -fv) # (find crypto/rc5/asm -type f | xargs -r rm -fv)
# SRP.
for a in srp; do
for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
echo Destroying $c
> $c
done
done
for c in `find crypto/bn -name "*gf2m.c"`; do for c in `find crypto/bn -name "*gf2m.c"`; do
echo Destroying $c echo Destroying $c
> $c > $c
@ -37,10 +29,9 @@ for c in `find test -name "ectest.c"`; do
done done
for h in `find crypto ssl apps test -name "*.h"` ; do for h in `find crypto ssl apps test -name "*.h"` ; do
echo Removing SRP and EC2M references from $h echo Removing EC2M references from $h
cat $h | \ cat $h | \
awk 'BEGIN {ech=1;} \ awk 'BEGIN {ech=1;} \
/^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \
/^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \ /^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
/^#[ \t]*if/ {if(ech < 1) ech--;} \ /^#[ \t]*if/ {if(ech < 1) ech--;} \
{if(ech>0) {;print $0};} \ {if(ech>0) {;print $0};} \

View File

@ -1,19 +1,28 @@
diff -up openssl-1.1.0c/Configurations/unix-Makefile.tmpl.build openssl-1.1.0c/Configurations/unix-Makefile.tmpl diff -up openssl-1.1.0f/Configurations/unix-Makefile.tmpl.build openssl-1.1.0f/Configurations/unix-Makefile.tmpl
--- openssl-1.1.0c/Configurations/unix-Makefile.tmpl.build 2016-11-10 15:03:43.000000000 +0100 --- openssl-1.1.0f/Configurations/unix-Makefile.tmpl.build 2017-06-02 13:51:39.621289504 +0200
+++ openssl-1.1.0c/Configurations/unix-Makefile.tmpl 2016-11-11 13:26:36.094400833 +0100 +++ openssl-1.1.0f/Configurations/unix-Makefile.tmpl 2017-06-02 13:54:45.298654812 +0200
@@ -630,7 +630,7 @@ install_man_docs: @@ -553,7 +553,7 @@ uninstall_runtime:
@\ install_man_docs:
OUTSUFFIX='.$${SEC}$(MANSUFFIX)'; \ @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
OUTTOP="$(DESTDIR)$(MANDIR)"; \ @echo "*** Installing manpages"
- GENERATE='pod2man --name=$$NAME --section=$$SEC --center=OpenSSL --release=$(VERSION)'; \ - $(PERL) $(SRCDIR)/util/process_docs.pl \
+ GENERATE='TZ=UTC pod2man --name=$$NAME --section=$$SEC --center=OpenSSL --release=$(VERSION)'; \ + TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
$(PROCESS_PODS) --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX)
uninstall_man_docs: uninstall_man_docs:
diff -up openssl-1.1.0c/Configurations/10-main.conf.build openssl-1.1.0c/Configurations/10-main.conf @@ -565,7 +565,7 @@ uninstall_man_docs:
--- openssl-1.1.0c/Configurations/10-main.conf.build 2016-11-10 15:03:43.000000000 +0100 install_html_docs:
+++ openssl-1.1.0c/Configurations/10-main.conf 2016-11-11 13:29:26.502289226 +0100 @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@@ -656,6 +656,7 @@ sub vms_info { @echo "*** Installing HTML manpages"
- $(PERL) $(SRCDIR)/util/process_docs.pl \
+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
--destdir=$(DESTDIR)$(HTMLDIR) --type=html
uninstall_html_docs:
diff -up openssl-1.1.0f/Configurations/10-main.conf.build openssl-1.1.0f/Configurations/10-main.conf
--- openssl-1.1.0f/Configurations/10-main.conf.build 2017-05-25 14:46:17.000000000 +0200
+++ openssl-1.1.0f/Configurations/10-main.conf 2017-06-02 13:51:39.622289528 +0200
@@ -662,6 +662,7 @@ sub vms_info {
cflags => add("-m64 -DL_ENDIAN"), cflags => add("-m64 -DL_ENDIAN"),
perlasm_scheme => "linux64le", perlasm_scheme => "linux64le",
shared_ldflag => add("-m64"), shared_ldflag => add("-m64"),
@ -21,7 +30,7 @@ diff -up openssl-1.1.0c/Configurations/10-main.conf.build openssl-1.1.0c/Configu
}, },
"linux-armv4" => { "linux-armv4" => {
@@ -696,6 +697,7 @@ sub vms_info { @@ -702,6 +703,7 @@ sub vms_info {
"linux-aarch64" => { "linux-aarch64" => {
inherit_from => [ "linux-generic64", asm("aarch64_asm") ], inherit_from => [ "linux-generic64", asm("aarch64_asm") ],
perlasm_scheme => "linux64", perlasm_scheme => "linux64",
@ -29,3 +38,36 @@ diff -up openssl-1.1.0c/Configurations/10-main.conf.build openssl-1.1.0c/Configu
}, },
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
inherit_from => [ "linux-generic32", asm("aarch64_asm") ], inherit_from => [ "linux-generic32", asm("aarch64_asm") ],
diff -up openssl-1.1.0f/test/evptests.txt.build openssl-1.1.0f/test/evptests.txt
--- openssl-1.1.0f/test/evptests.txt.build 2017-05-25 14:46:21.000000000 +0200
+++ openssl-1.1.0f/test/evptests.txt 2017-06-02 15:05:49.422161136 +0200
@@ -3690,14 +3690,6 @@ PublicKey=Bob-25519-PUBLIC
MCowBQYDK2VuAyEA3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08=
-----END PUBLIC KEY-----
-Derive=Alice-25519
-PeerKey=Bob-25519-PUBLIC
-SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742
-
-Derive=Bob-25519
-PeerKey=Alice-25519-PUBLIC
-SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742
-
# Illegal sign/verify operations with X25519 key
Sign=Alice-25519
@@ -3710,6 +3702,14 @@ Result = KEYOP_INIT_ERROR
Function = EVP_PKEY_verify_init
Reason = operation not supported for this keytype
+Derive=Alice-25519
+PeerKey=Bob-25519-PUBLIC
+SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742
+
+Derive=Bob-25519
+PeerKey=Alice-25519-PUBLIC
+SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742
+
## ECDH Tests: test with randomly generated keys for all the listed curves

View File

@ -1,7 +1,7 @@
diff -up openssl-1.1.0d/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0d/crypto/rsa/rsa_gen.c diff -up openssl-1.1.0f/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0f/crypto/rsa/rsa_gen.c
--- openssl-1.1.0d/crypto/rsa/rsa_gen.c.cc-reqs 2017-01-26 14:10:23.000000000 +0100 --- openssl-1.1.0f/crypto/rsa/rsa_gen.c.cc-reqs 2017-05-25 14:46:19.000000000 +0200
+++ openssl-1.1.0d/crypto/rsa/rsa_gen.c 2017-01-26 16:01:52.622308528 +0100 +++ openssl-1.1.0f/crypto/rsa/rsa_gen.c 2017-06-02 14:13:45.352475862 +0200
@@ -75,6 +75,12 @@ static int rsa_builtin_keygen(RSA *rsa, @@ -85,6 +85,12 @@ static int rsa_builtin_keygen(RSA *rsa,
if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL)) if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
goto err; goto err;
@ -14,14 +14,14 @@ diff -up openssl-1.1.0d/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0d/crypto/rsa/r
if (BN_copy(rsa->e, e_value) == NULL) if (BN_copy(rsa->e, e_value) == NULL)
goto err; goto err;
@@ -103,7 +109,9 @@ static int rsa_builtin_keygen(RSA *rsa, @@ -107,7 +113,9 @@ static int rsa_builtin_keygen(RSA *rsa,
do { do {
if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
goto err; goto err;
- } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3)); - } while (BN_cmp(rsa->p, rsa->q) == 0);
+ if (!BN_sub(r2, rsa->q, rsa->p)) + if (!BN_sub(r2, rsa->q, rsa->p))
+ goto err; + goto err;
+ } while ((BN_ucmp(r2, r3) <= 0) && (++degenerate < 3)); + } while (BN_ucmp(r2, r3) <= 0);
if (degenerate == 3) { if (!BN_sub(r2, rsa->q, BN_value_one()))
ok = 0; /* we set our own err */ goto err;
RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL); if (!BN_gcd(r1, r2, rsa->e, ctx))

View File

@ -59,57 +59,6 @@ diff -up openssl-1.1.0e/crypto/ec/ecp_smpl.c.curves openssl-1.1.0e/crypto/ec/ecp
if (ctx == NULL) { if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new(); ctx = new_ctx = BN_CTX_new();
if (ctx == NULL) if (ctx == NULL)
diff -up openssl-1.1.0e/test/ecdhtest_cavs.h.curves openssl-1.1.0e/test/ecdhtest_cavs.h
--- openssl-1.1.0e/test/ecdhtest_cavs.h.curves 2017-02-16 15:46:22.237503550 +0100
+++ openssl-1.1.0e/test/ecdhtest_cavs.h 2017-02-16 16:08:16.091687111 +0100
@@ -29,6 +29,7 @@ typedef struct {
static const ecdh_cavs_kat_t ecdh_cavs_kats[] = {
/* curves over prime fields go here */
+#if 0
{ NID_X9_62_prime192v1,
"42ea6dd9969dd2a61fea1aac7f8e98edcc896c6e55857cc0",
"dfbe5d7c61fac88b11811bde328e8a0d12bf01a9d204b523",
@@ -204,6 +205,7 @@ static const ecdh_cavs_kat_t ecdh_cavs_k
"fcd345a976c720caaa97de6697226825615e1287a9eff67e",
"58ea42edbeeafca9ff44cfd7f29abd2cbde7626d79e422c9",
"72e88f3ea67d46d46dbf83926e7e2a6b85b54536741e6d2c" },
+#endif
{ NID_secp224r1,
"af33cd0629bc7e996320a3f40368f74de8704fa37b8fab69abaae280",
"882092ccbba7930f419a8a4f9bb16978bbc3838729992559a6f2e2d7",
diff -up openssl-1.1.0e/test/ecdhtest.c.curves openssl-1.1.0e/test/ecdhtest.c
--- openssl-1.1.0e/test/ecdhtest.c.curves 2017-02-16 12:58:24.000000000 +0100
+++ openssl-1.1.0e/test/ecdhtest.c 2017-02-16 16:07:30.412629758 +0100
@@ -252,10 +252,12 @@ typedef struct {
static const ecdh_kat_t ecdh_kats[] = {
/* Keys and shared secrets from RFC 5114 */
+#if 0
{ NID_X9_62_prime192v1,
"323FA3169D8E9C6593F59476BC142000AB5BE0E249C43426",
"631F95BB4A67632C9C476EEE9AB695AB240A0499307FCF62",
"AD420182633F8526BFE954ACDA376F05E5FF4F837F54FEBE" },
+#endif
{ NID_secp224r1,
"B558EB6C288DA707BBB4F8FBAE2AB9E9CB62E3BC5C7573E22E26D37F",
"AC3B1ADD3D9770E6F6A708EE9F3B8E0AB3B480E9F27F85C88B5E6D18",
@@ -303,6 +305,7 @@ static const ecdh_kat_t ecdh_kats[] = {
"01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04"
"D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3"
"DDEA" },
+#if 0
/* Keys and shared secrets from RFC 7027 */
{ NID_brainpoolP256r1,
"81DB1EE100150FF2EA338D708271BE38300CB54241D79950F77B063039804F1D",
@@ -322,6 +325,7 @@ static const ecdh_kat_t ecdh_kats[] = {
"ABBC19963DAB8E2F1EBA00BFFB29E4D72D13F2224562F405CB80503666B25429",
"A7927098655F1F9976FA50A9D566865DC530331846381C87256BAF3226244B76"
"D36403C024D7BBF0AA0803EAFF405D3D24F11A9B5C0BEF679FE1454B21C4CD1F" }
+#endif
};
/* Given private value and NID, create EC_KEY structure */
diff -up openssl-1.1.0e/test/ecdsatest.c.curves openssl-1.1.0e/test/ecdsatest.c diff -up openssl-1.1.0e/test/ecdsatest.c.curves openssl-1.1.0e/test/ecdsatest.c
--- openssl-1.1.0e/test/ecdsatest.c.curves 2017-02-16 12:58:24.000000000 +0100 --- openssl-1.1.0e/test/ecdsatest.c.curves 2017-02-16 12:58:24.000000000 +0100
+++ openssl-1.1.0e/test/ecdsatest.c 2017-02-16 15:46:22.250503857 +0100 +++ openssl-1.1.0e/test/ecdsatest.c 2017-02-16 15:46:22.250503857 +0100

File diff suppressed because it is too large Load Diff

View File

@ -21,7 +21,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.1.0e Version: 1.1.0f
Release: 1%{?dist} Release: 1%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
@ -70,6 +70,7 @@ BuildRequires: lksctp-tools-devel
BuildRequires: /usr/bin/rename BuildRequires: /usr/bin/rename
BuildRequires: /usr/bin/pod2man BuildRequires: /usr/bin/pod2man
BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt) BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt)
BuildRequires: perl(Module::Load::Conditional)
Requires: coreutils, make Requires: coreutils, make
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@ -236,7 +237,7 @@ RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY"
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \ --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \ enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
no-mdc2 no-ec2m no-gost no-srp \ no-mdc2 no-ec2m \
shared ${sslarch} $RPM_OPT_FLAGS shared ${sslarch} $RPM_OPT_FLAGS
util/mkdef.pl crypto update util/mkdef.pl crypto update
@ -427,6 +428,11 @@ export LD_LIBRARY_PATH
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%changelog %changelog
* Fri Jun 2 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0f-1
- update to upstream version 1.1.0f
- SRP and GOST is now allowed, note that GOST support requires
adding GOST engine which is not part of openssl anymore
* Thu Feb 16 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0e-1 * Thu Feb 16 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0e-1
- update to upstream version 1.1.0e - update to upstream version 1.1.0e
- add documentation of the PROFILE=SYSTEM special cipher string (#1420232) - add documentation of the PROFILE=SYSTEM special cipher string (#1420232)

View File

@ -1 +1 @@
SHA512 (openssl-1.1.0e-hobbled.tar.xz) = 7db753907c211427ed494d92915c255d05faf9b47f22febfffbfe2be602777b6b82d7c71793003c2ebbbf7f67708c80a72aacde2582501ae63761b1090523974 SHA512 (openssl-1.1.0f-hobbled.tar.xz) = 4357ec7e2bebbf26e6f218bd4dbb7b1b836af16007a7e5f70e552409036de4dc080365cf0647c30e246c4f2ab3b521cf4b4941e2c4168821aaad049adc4421bb