forked from rpms/openssl
update to upstream version 1.1.0f
SRP and GOST is now allowed, note that GOST support requires adding GOST engine which is not part of openssl anymore
This commit is contained in:
parent
c676ac32d5
commit
1ff978b22e
1
.gitignore
vendored
1
.gitignore
vendored
@ -35,3 +35,4 @@ openssl-1.0.0a-usa.tar.bz2
|
|||||||
/openssl-1.1.0c-hobbled.tar.xz
|
/openssl-1.1.0c-hobbled.tar.xz
|
||||||
/openssl-1.1.0d-hobbled.tar.xz
|
/openssl-1.1.0d-hobbled.tar.xz
|
||||||
/openssl-1.1.0e-hobbled.tar.xz
|
/openssl-1.1.0e-hobbled.tar.xz
|
||||||
|
/openssl-1.1.0f-hobbled.tar.xz
|
||||||
|
@ -8,19 +8,11 @@ set -e
|
|||||||
# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore
|
# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore
|
||||||
# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore
|
# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore
|
||||||
# EC: ????????? ??/??/2020
|
# EC: ????????? ??/??/2020
|
||||||
# SRP: ????????? ??/??/20??
|
# SRP: ????????? ??/??/2017 - expired, we do not remove it anymore
|
||||||
|
|
||||||
# Remove assembler portions of IDEA, MDC2, and RC5.
|
# Remove assembler portions of IDEA, MDC2, and RC5.
|
||||||
# (find crypto/rc5/asm -type f | xargs -r rm -fv)
|
# (find crypto/rc5/asm -type f | xargs -r rm -fv)
|
||||||
|
|
||||||
# SRP.
|
|
||||||
for a in srp; do
|
|
||||||
for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
|
|
||||||
echo Destroying $c
|
|
||||||
> $c
|
|
||||||
done
|
|
||||||
done
|
|
||||||
|
|
||||||
for c in `find crypto/bn -name "*gf2m.c"`; do
|
for c in `find crypto/bn -name "*gf2m.c"`; do
|
||||||
echo Destroying $c
|
echo Destroying $c
|
||||||
> $c
|
> $c
|
||||||
@ -37,10 +29,9 @@ for c in `find test -name "ectest.c"`; do
|
|||||||
done
|
done
|
||||||
|
|
||||||
for h in `find crypto ssl apps test -name "*.h"` ; do
|
for h in `find crypto ssl apps test -name "*.h"` ; do
|
||||||
echo Removing SRP and EC2M references from $h
|
echo Removing EC2M references from $h
|
||||||
cat $h | \
|
cat $h | \
|
||||||
awk 'BEGIN {ech=1;} \
|
awk 'BEGIN {ech=1;} \
|
||||||
/^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \
|
|
||||||
/^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
|
/^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
|
||||||
/^#[ \t]*if/ {if(ech < 1) ech--;} \
|
/^#[ \t]*if/ {if(ech < 1) ech--;} \
|
||||||
{if(ech>0) {;print $0};} \
|
{if(ech>0) {;print $0};} \
|
||||||
|
@ -1,19 +1,28 @@
|
|||||||
diff -up openssl-1.1.0c/Configurations/unix-Makefile.tmpl.build openssl-1.1.0c/Configurations/unix-Makefile.tmpl
|
diff -up openssl-1.1.0f/Configurations/unix-Makefile.tmpl.build openssl-1.1.0f/Configurations/unix-Makefile.tmpl
|
||||||
--- openssl-1.1.0c/Configurations/unix-Makefile.tmpl.build 2016-11-10 15:03:43.000000000 +0100
|
--- openssl-1.1.0f/Configurations/unix-Makefile.tmpl.build 2017-06-02 13:51:39.621289504 +0200
|
||||||
+++ openssl-1.1.0c/Configurations/unix-Makefile.tmpl 2016-11-11 13:26:36.094400833 +0100
|
+++ openssl-1.1.0f/Configurations/unix-Makefile.tmpl 2017-06-02 13:54:45.298654812 +0200
|
||||||
@@ -630,7 +630,7 @@ install_man_docs:
|
@@ -553,7 +553,7 @@ uninstall_runtime:
|
||||||
@\
|
install_man_docs:
|
||||||
OUTSUFFIX='.$${SEC}$(MANSUFFIX)'; \
|
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
|
||||||
OUTTOP="$(DESTDIR)$(MANDIR)"; \
|
@echo "*** Installing manpages"
|
||||||
- GENERATE='pod2man --name=$$NAME --section=$$SEC --center=OpenSSL --release=$(VERSION)'; \
|
- $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||||
+ GENERATE='TZ=UTC pod2man --name=$$NAME --section=$$SEC --center=OpenSSL --release=$(VERSION)'; \
|
+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||||
$(PROCESS_PODS)
|
--destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX)
|
||||||
|
|
||||||
uninstall_man_docs:
|
uninstall_man_docs:
|
||||||
diff -up openssl-1.1.0c/Configurations/10-main.conf.build openssl-1.1.0c/Configurations/10-main.conf
|
@@ -565,7 +565,7 @@ uninstall_man_docs:
|
||||||
--- openssl-1.1.0c/Configurations/10-main.conf.build 2016-11-10 15:03:43.000000000 +0100
|
install_html_docs:
|
||||||
+++ openssl-1.1.0c/Configurations/10-main.conf 2016-11-11 13:29:26.502289226 +0100
|
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
|
||||||
@@ -656,6 +656,7 @@ sub vms_info {
|
@echo "*** Installing HTML manpages"
|
||||||
|
- $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||||
|
+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||||
|
--destdir=$(DESTDIR)$(HTMLDIR) --type=html
|
||||||
|
|
||||||
|
uninstall_html_docs:
|
||||||
|
diff -up openssl-1.1.0f/Configurations/10-main.conf.build openssl-1.1.0f/Configurations/10-main.conf
|
||||||
|
--- openssl-1.1.0f/Configurations/10-main.conf.build 2017-05-25 14:46:17.000000000 +0200
|
||||||
|
+++ openssl-1.1.0f/Configurations/10-main.conf 2017-06-02 13:51:39.622289528 +0200
|
||||||
|
@@ -662,6 +662,7 @@ sub vms_info {
|
||||||
cflags => add("-m64 -DL_ENDIAN"),
|
cflags => add("-m64 -DL_ENDIAN"),
|
||||||
perlasm_scheme => "linux64le",
|
perlasm_scheme => "linux64le",
|
||||||
shared_ldflag => add("-m64"),
|
shared_ldflag => add("-m64"),
|
||||||
@ -21,7 +30,7 @@ diff -up openssl-1.1.0c/Configurations/10-main.conf.build openssl-1.1.0c/Configu
|
|||||||
},
|
},
|
||||||
|
|
||||||
"linux-armv4" => {
|
"linux-armv4" => {
|
||||||
@@ -696,6 +697,7 @@ sub vms_info {
|
@@ -702,6 +703,7 @@ sub vms_info {
|
||||||
"linux-aarch64" => {
|
"linux-aarch64" => {
|
||||||
inherit_from => [ "linux-generic64", asm("aarch64_asm") ],
|
inherit_from => [ "linux-generic64", asm("aarch64_asm") ],
|
||||||
perlasm_scheme => "linux64",
|
perlasm_scheme => "linux64",
|
||||||
@ -29,3 +38,36 @@ diff -up openssl-1.1.0c/Configurations/10-main.conf.build openssl-1.1.0c/Configu
|
|||||||
},
|
},
|
||||||
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
|
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
|
||||||
inherit_from => [ "linux-generic32", asm("aarch64_asm") ],
|
inherit_from => [ "linux-generic32", asm("aarch64_asm") ],
|
||||||
|
diff -up openssl-1.1.0f/test/evptests.txt.build openssl-1.1.0f/test/evptests.txt
|
||||||
|
--- openssl-1.1.0f/test/evptests.txt.build 2017-05-25 14:46:21.000000000 +0200
|
||||||
|
+++ openssl-1.1.0f/test/evptests.txt 2017-06-02 15:05:49.422161136 +0200
|
||||||
|
@@ -3690,14 +3690,6 @@ PublicKey=Bob-25519-PUBLIC
|
||||||
|
MCowBQYDK2VuAyEA3p7bfXt9wbTTW2HC7OQ1Nz+DQ8hbeGdNrfx+FG+IK08=
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
|
||||||
|
-Derive=Alice-25519
|
||||||
|
-PeerKey=Bob-25519-PUBLIC
|
||||||
|
-SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742
|
||||||
|
-
|
||||||
|
-Derive=Bob-25519
|
||||||
|
-PeerKey=Alice-25519-PUBLIC
|
||||||
|
-SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742
|
||||||
|
-
|
||||||
|
# Illegal sign/verify operations with X25519 key
|
||||||
|
|
||||||
|
Sign=Alice-25519
|
||||||
|
@@ -3710,6 +3702,14 @@ Result = KEYOP_INIT_ERROR
|
||||||
|
Function = EVP_PKEY_verify_init
|
||||||
|
Reason = operation not supported for this keytype
|
||||||
|
|
||||||
|
+Derive=Alice-25519
|
||||||
|
+PeerKey=Bob-25519-PUBLIC
|
||||||
|
+SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742
|
||||||
|
+
|
||||||
|
+Derive=Bob-25519
|
||||||
|
+PeerKey=Alice-25519-PUBLIC
|
||||||
|
+SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742
|
||||||
|
+
|
||||||
|
## ECDH Tests: test with randomly generated keys for all the listed curves
|
||||||
|
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
diff -up openssl-1.1.0d/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0d/crypto/rsa/rsa_gen.c
|
diff -up openssl-1.1.0f/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0f/crypto/rsa/rsa_gen.c
|
||||||
--- openssl-1.1.0d/crypto/rsa/rsa_gen.c.cc-reqs 2017-01-26 14:10:23.000000000 +0100
|
--- openssl-1.1.0f/crypto/rsa/rsa_gen.c.cc-reqs 2017-05-25 14:46:19.000000000 +0200
|
||||||
+++ openssl-1.1.0d/crypto/rsa/rsa_gen.c 2017-01-26 16:01:52.622308528 +0100
|
+++ openssl-1.1.0f/crypto/rsa/rsa_gen.c 2017-06-02 14:13:45.352475862 +0200
|
||||||
@@ -75,6 +75,12 @@ static int rsa_builtin_keygen(RSA *rsa,
|
@@ -85,6 +85,12 @@ static int rsa_builtin_keygen(RSA *rsa,
|
||||||
if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
|
if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
@ -14,14 +14,14 @@ diff -up openssl-1.1.0d/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0d/crypto/rsa/r
|
|||||||
if (BN_copy(rsa->e, e_value) == NULL)
|
if (BN_copy(rsa->e, e_value) == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
@@ -103,7 +109,9 @@ static int rsa_builtin_keygen(RSA *rsa,
|
@@ -107,7 +113,9 @@ static int rsa_builtin_keygen(RSA *rsa,
|
||||||
do {
|
do {
|
||||||
if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
|
if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
|
||||||
goto err;
|
goto err;
|
||||||
- } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
|
- } while (BN_cmp(rsa->p, rsa->q) == 0);
|
||||||
+ if (!BN_sub(r2, rsa->q, rsa->p))
|
+ if (!BN_sub(r2, rsa->q, rsa->p))
|
||||||
+ goto err;
|
+ goto err;
|
||||||
+ } while ((BN_ucmp(r2, r3) <= 0) && (++degenerate < 3));
|
+ } while (BN_ucmp(r2, r3) <= 0);
|
||||||
if (degenerate == 3) {
|
if (!BN_sub(r2, rsa->q, BN_value_one()))
|
||||||
ok = 0; /* we set our own err */
|
goto err;
|
||||||
RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
|
if (!BN_gcd(r1, r2, rsa->e, ctx))
|
||||||
|
@ -59,57 +59,6 @@ diff -up openssl-1.1.0e/crypto/ec/ecp_smpl.c.curves openssl-1.1.0e/crypto/ec/ecp
|
|||||||
if (ctx == NULL) {
|
if (ctx == NULL) {
|
||||||
ctx = new_ctx = BN_CTX_new();
|
ctx = new_ctx = BN_CTX_new();
|
||||||
if (ctx == NULL)
|
if (ctx == NULL)
|
||||||
diff -up openssl-1.1.0e/test/ecdhtest_cavs.h.curves openssl-1.1.0e/test/ecdhtest_cavs.h
|
|
||||||
--- openssl-1.1.0e/test/ecdhtest_cavs.h.curves 2017-02-16 15:46:22.237503550 +0100
|
|
||||||
+++ openssl-1.1.0e/test/ecdhtest_cavs.h 2017-02-16 16:08:16.091687111 +0100
|
|
||||||
@@ -29,6 +29,7 @@ typedef struct {
|
|
||||||
|
|
||||||
static const ecdh_cavs_kat_t ecdh_cavs_kats[] = {
|
|
||||||
/* curves over prime fields go here */
|
|
||||||
+#if 0
|
|
||||||
{ NID_X9_62_prime192v1,
|
|
||||||
"42ea6dd9969dd2a61fea1aac7f8e98edcc896c6e55857cc0",
|
|
||||||
"dfbe5d7c61fac88b11811bde328e8a0d12bf01a9d204b523",
|
|
||||||
@@ -204,6 +205,7 @@ static const ecdh_cavs_kat_t ecdh_cavs_k
|
|
||||||
"fcd345a976c720caaa97de6697226825615e1287a9eff67e",
|
|
||||||
"58ea42edbeeafca9ff44cfd7f29abd2cbde7626d79e422c9",
|
|
||||||
"72e88f3ea67d46d46dbf83926e7e2a6b85b54536741e6d2c" },
|
|
||||||
+#endif
|
|
||||||
{ NID_secp224r1,
|
|
||||||
"af33cd0629bc7e996320a3f40368f74de8704fa37b8fab69abaae280",
|
|
||||||
"882092ccbba7930f419a8a4f9bb16978bbc3838729992559a6f2e2d7",
|
|
||||||
diff -up openssl-1.1.0e/test/ecdhtest.c.curves openssl-1.1.0e/test/ecdhtest.c
|
|
||||||
--- openssl-1.1.0e/test/ecdhtest.c.curves 2017-02-16 12:58:24.000000000 +0100
|
|
||||||
+++ openssl-1.1.0e/test/ecdhtest.c 2017-02-16 16:07:30.412629758 +0100
|
|
||||||
@@ -252,10 +252,12 @@ typedef struct {
|
|
||||||
|
|
||||||
static const ecdh_kat_t ecdh_kats[] = {
|
|
||||||
/* Keys and shared secrets from RFC 5114 */
|
|
||||||
+#if 0
|
|
||||||
{ NID_X9_62_prime192v1,
|
|
||||||
"323FA3169D8E9C6593F59476BC142000AB5BE0E249C43426",
|
|
||||||
"631F95BB4A67632C9C476EEE9AB695AB240A0499307FCF62",
|
|
||||||
"AD420182633F8526BFE954ACDA376F05E5FF4F837F54FEBE" },
|
|
||||||
+#endif
|
|
||||||
{ NID_secp224r1,
|
|
||||||
"B558EB6C288DA707BBB4F8FBAE2AB9E9CB62E3BC5C7573E22E26D37F",
|
|
||||||
"AC3B1ADD3D9770E6F6A708EE9F3B8E0AB3B480E9F27F85C88B5E6D18",
|
|
||||||
@@ -303,6 +305,7 @@ static const ecdh_kat_t ecdh_kats[] = {
|
|
||||||
"01144C7D79AE6956BC8EDB8E7C787C4521CB086FA64407F97894E5E6B2D79B04"
|
|
||||||
"D1427E73CA4BAA240A34786859810C06B3C715A3A8CC3151F2BEE417996D19F3"
|
|
||||||
"DDEA" },
|
|
||||||
+#if 0
|
|
||||||
/* Keys and shared secrets from RFC 7027 */
|
|
||||||
{ NID_brainpoolP256r1,
|
|
||||||
"81DB1EE100150FF2EA338D708271BE38300CB54241D79950F77B063039804F1D",
|
|
||||||
@@ -322,6 +325,7 @@ static const ecdh_kat_t ecdh_kats[] = {
|
|
||||||
"ABBC19963DAB8E2F1EBA00BFFB29E4D72D13F2224562F405CB80503666B25429",
|
|
||||||
"A7927098655F1F9976FA50A9D566865DC530331846381C87256BAF3226244B76"
|
|
||||||
"D36403C024D7BBF0AA0803EAFF405D3D24F11A9B5C0BEF679FE1454B21C4CD1F" }
|
|
||||||
+#endif
|
|
||||||
};
|
|
||||||
|
|
||||||
/* Given private value and NID, create EC_KEY structure */
|
|
||||||
diff -up openssl-1.1.0e/test/ecdsatest.c.curves openssl-1.1.0e/test/ecdsatest.c
|
diff -up openssl-1.1.0e/test/ecdsatest.c.curves openssl-1.1.0e/test/ecdsatest.c
|
||||||
--- openssl-1.1.0e/test/ecdsatest.c.curves 2017-02-16 12:58:24.000000000 +0100
|
--- openssl-1.1.0e/test/ecdsatest.c.curves 2017-02-16 12:58:24.000000000 +0100
|
||||||
+++ openssl-1.1.0e/test/ecdsatest.c 2017-02-16 15:46:22.250503857 +0100
|
+++ openssl-1.1.0e/test/ecdsatest.c 2017-02-16 15:46:22.250503857 +0100
|
||||||
|
File diff suppressed because it is too large
Load Diff
10
openssl.spec
10
openssl.spec
@ -21,7 +21,7 @@
|
|||||||
|
|
||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.1.0e
|
Version: 1.1.0f
|
||||||
Release: 1%{?dist}
|
Release: 1%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
@ -70,6 +70,7 @@ BuildRequires: lksctp-tools-devel
|
|||||||
BuildRequires: /usr/bin/rename
|
BuildRequires: /usr/bin/rename
|
||||||
BuildRequires: /usr/bin/pod2man
|
BuildRequires: /usr/bin/pod2man
|
||||||
BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt)
|
BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt)
|
||||||
|
BuildRequires: perl(Module::Load::Conditional)
|
||||||
Requires: coreutils, make
|
Requires: coreutils, make
|
||||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||||
|
|
||||||
@ -236,7 +237,7 @@ RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY"
|
|||||||
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
|
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
|
||||||
zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
|
zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
|
||||||
enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
|
enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
|
||||||
no-mdc2 no-ec2m no-gost no-srp \
|
no-mdc2 no-ec2m \
|
||||||
shared ${sslarch} $RPM_OPT_FLAGS
|
shared ${sslarch} $RPM_OPT_FLAGS
|
||||||
|
|
||||||
util/mkdef.pl crypto update
|
util/mkdef.pl crypto update
|
||||||
@ -427,6 +428,11 @@ export LD_LIBRARY_PATH
|
|||||||
%postun libs -p /sbin/ldconfig
|
%postun libs -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jun 2 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0f-1
|
||||||
|
- update to upstream version 1.1.0f
|
||||||
|
- SRP and GOST is now allowed, note that GOST support requires
|
||||||
|
adding GOST engine which is not part of openssl anymore
|
||||||
|
|
||||||
* Thu Feb 16 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0e-1
|
* Thu Feb 16 2017 Tomáš Mráz <tmraz@redhat.com> 1.1.0e-1
|
||||||
- update to upstream version 1.1.0e
|
- update to upstream version 1.1.0e
|
||||||
- add documentation of the PROFILE=SYSTEM special cipher string (#1420232)
|
- add documentation of the PROFILE=SYSTEM special cipher string (#1420232)
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (openssl-1.1.0e-hobbled.tar.xz) = 7db753907c211427ed494d92915c255d05faf9b47f22febfffbfe2be602777b6b82d7c71793003c2ebbbf7f67708c80a72aacde2582501ae63761b1090523974
|
SHA512 (openssl-1.1.0f-hobbled.tar.xz) = 4357ec7e2bebbf26e6f218bd4dbb7b1b836af16007a7e5f70e552409036de4dc080365cf0647c30e246c4f2ab3b521cf4b4941e2c4168821aaad049adc4421bb
|
||||||
|
Loading…
Reference in New Issue
Block a user