forked from rpms/openssl
Fix two small regressions
Change the ts application default hash to SHA256
This commit is contained in:
parent
e18dcc63f4
commit
22a821356e
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c
|
diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c
|
||||||
--- openssl-1.1.1b/apps/speed.c.fips 2019-05-07 08:56:33.531174336 +0200
|
--- openssl-1.1.1b/apps/speed.c.fips 2019-05-07 11:52:35.887597899 +0200
|
||||||
+++ openssl-1.1.1b/apps/speed.c 2019-05-07 09:43:06.673989992 +0200
|
+++ openssl-1.1.1b/apps/speed.c 2019-05-07 16:51:36.946350159 +0200
|
||||||
@@ -1592,7 +1592,8 @@ int speed_main(int argc, char **argv)
|
@@ -1592,7 +1592,8 @@ int speed_main(int argc, char **argv)
|
||||||
continue;
|
continue;
|
||||||
if (strcmp(*argv, "rsa") == 0) {
|
if (strcmp(*argv, "rsa") == 0) {
|
||||||
@ -22,8 +22,19 @@ diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c
|
|||||||
dsa_doit[R_DSA_2048] = 1;
|
dsa_doit[R_DSA_2048] = 1;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@@ -1640,12 +1643,12 @@ int speed_main(int argc, char **argv)
|
@@ -1633,19 +1636,21 @@ int speed_main(int argc, char **argv)
|
||||||
ecdh_doit[i] = 2;
|
}
|
||||||
|
if (strcmp(*argv, "ecdh") == 0) {
|
||||||
|
for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
|
||||||
|
- ecdh_doit[loop] = 1;
|
||||||
|
+ if(!FIPS_mode() || (loop != R_EC_X25519 && loop != R_EC_X448))
|
||||||
|
+ ecdh_doit[loop] = 1;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (found(*argv, ecdh_choices, &i)) {
|
||||||
|
- ecdh_doit[i] = 2;
|
||||||
|
+ if(!FIPS_mode() || (i != R_EC_X25519 && i != R_EC_X448))
|
||||||
|
+ ecdh_doit[i] = 2;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
- if (strcmp(*argv, "eddsa") == 0) {
|
- if (strcmp(*argv, "eddsa") == 0) {
|
||||||
@ -37,7 +48,7 @@ diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c
|
|||||||
eddsa_doit[i] = 2;
|
eddsa_doit[i] = 2;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@@ -1734,23 +1737,30 @@ int speed_main(int argc, char **argv)
|
@@ -1734,23 +1739,30 @@ int speed_main(int argc, char **argv)
|
||||||
/* No parameters; turn on everything. */
|
/* No parameters; turn on everything. */
|
||||||
if ((argc == 0) && !doit[D_EVP]) {
|
if ((argc == 0) && !doit[D_EVP]) {
|
||||||
for (i = 0; i < ALGOR_NUM; i++)
|
for (i = 0; i < ALGOR_NUM; i++)
|
||||||
@ -73,7 +84,7 @@ diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
for (i = 0; i < ALGOR_NUM; i++)
|
for (i = 0; i < ALGOR_NUM; i++)
|
||||||
@@ -1798,30 +1808,46 @@ int speed_main(int argc, char **argv)
|
@@ -1798,30 +1810,46 @@ int speed_main(int argc, char **argv)
|
||||||
AES_set_encrypt_key(key24, 192, &aes_ks2);
|
AES_set_encrypt_key(key24, 192, &aes_ks2);
|
||||||
AES_set_encrypt_key(key32, 256, &aes_ks3);
|
AES_set_encrypt_key(key32, 256, &aes_ks3);
|
||||||
#ifndef OPENSSL_NO_CAMELLIA
|
#ifndef OPENSSL_NO_CAMELLIA
|
||||||
@ -130,7 +141,7 @@ diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c
|
|||||||
#endif
|
#endif
|
||||||
#ifndef SIGALRM
|
#ifndef SIGALRM
|
||||||
# ifndef OPENSSL_NO_DES
|
# ifndef OPENSSL_NO_DES
|
||||||
@@ -2118,6 +2144,7 @@ int speed_main(int argc, char **argv)
|
@@ -2118,6 +2146,7 @@ int speed_main(int argc, char **argv)
|
||||||
|
|
||||||
for (i = 0; i < loopargs_len; i++) {
|
for (i = 0; i < loopargs_len; i++) {
|
||||||
loopargs[i].hctx = HMAC_CTX_new();
|
loopargs[i].hctx = HMAC_CTX_new();
|
||||||
@ -1648,7 +1659,7 @@ diff -up openssl-1.1.1b/crypto/evp/pmeth_lib.c.fips openssl-1.1.1b/crypto/evp/pm
|
|||||||
+ {
|
+ {
|
||||||
pmeth = EVP_PKEY_meth_find(id);
|
pmeth = EVP_PKEY_meth_find(id);
|
||||||
+#ifdef OPENSSL_FIPS
|
+#ifdef OPENSSL_FIPS
|
||||||
+ if (!(pmeth->flags & EVP_PKEY_FLAG_FIPS) && FIPS_mode()) {
|
+ if (pmeth && !(pmeth->flags & EVP_PKEY_FLAG_FIPS) && FIPS_mode()) {
|
||||||
+ EVPerr(EVP_F_INT_CTX_NEW, EVP_R_DISABLED_FOR_FIPS);
|
+ EVPerr(EVP_F_INT_CTX_NEW, EVP_R_DISABLED_FOR_FIPS);
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
+ }
|
+ }
|
||||||
@ -9890,7 +9901,7 @@ diff -up openssl-1.1.1b/crypto/hmac/hm_pmeth.c.fips openssl-1.1.1b/crypto/hmac/h
|
|||||||
diff -up openssl-1.1.1b/crypto/include/internal/fips_int.h.fips openssl-1.1.1b/crypto/include/internal/fips_int.h
|
diff -up openssl-1.1.1b/crypto/include/internal/fips_int.h.fips openssl-1.1.1b/crypto/include/internal/fips_int.h
|
||||||
--- openssl-1.1.1b/crypto/include/internal/fips_int.h.fips 2019-02-28 11:30:06.817745466 +0100
|
--- openssl-1.1.1b/crypto/include/internal/fips_int.h.fips 2019-02-28 11:30:06.817745466 +0100
|
||||||
+++ openssl-1.1.1b/crypto/include/internal/fips_int.h 2019-02-28 11:30:06.817745466 +0100
|
+++ openssl-1.1.1b/crypto/include/internal/fips_int.h 2019-02-28 11:30:06.817745466 +0100
|
||||||
@@ -0,0 +1,97 @@
|
@@ -0,0 +1,98 @@
|
||||||
+/* ====================================================================
|
+/* ====================================================================
|
||||||
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
|
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
|
||||||
+ *
|
+ *
|
||||||
@ -9954,6 +9965,7 @@ diff -up openssl-1.1.1b/crypto/include/internal/fips_int.h.fips openssl-1.1.1b/c
|
|||||||
+int FIPS_module_installed(void);
|
+int FIPS_module_installed(void);
|
||||||
+int FIPS_selftest_sha1(void);
|
+int FIPS_selftest_sha1(void);
|
||||||
+int FIPS_selftest_sha2(void);
|
+int FIPS_selftest_sha2(void);
|
||||||
|
+int FIPS_selftest_sha3(void);
|
||||||
+int FIPS_selftest_aes_ccm(void);
|
+int FIPS_selftest_aes_ccm(void);
|
||||||
+int FIPS_selftest_aes_gcm(void);
|
+int FIPS_selftest_aes_gcm(void);
|
||||||
+int FIPS_selftest_aes_xts(void);
|
+int FIPS_selftest_aes_xts(void);
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.1.1a/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1a/test/ssl-tests/20-cert-select.conf.in
|
diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in
|
||||||
--- openssl-1.1.1a/test/ssl-tests/20-cert-select.conf.in.no-brainpool 2018-11-20 14:35:42.000000000 +0100
|
--- openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool 2019-02-26 15:15:30.000000000 +0100
|
||||||
+++ openssl-1.1.1a/test/ssl-tests/20-cert-select.conf.in 2019-01-15 14:55:03.898065698 +0100
|
+++ openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in 2019-05-07 11:52:35.885597934 +0200
|
||||||
@@ -141,22 +141,23 @@ our @tests = (
|
@@ -141,22 +141,23 @@ our @tests = (
|
||||||
{
|
{
|
||||||
name => "ECDSA with brainpool",
|
name => "ECDSA with brainpool",
|
||||||
@ -57,10 +57,10 @@ diff -up openssl-1.1.1a/test/ssl-tests/20-cert-select.conf.in.no-brainpool opens
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
);
|
);
|
||||||
diff -up openssl-1.1.1a/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1a/test/ssl-tests/20-cert-select.conf
|
diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1b/test/ssl-tests/20-cert-select.conf
|
||||||
--- openssl-1.1.1a/test/ssl-tests/20-cert-select.conf.no-brainpool 2018-11-20 14:35:42.000000000 +0100
|
--- openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool 2019-02-26 15:15:30.000000000 +0100
|
||||||
+++ openssl-1.1.1a/test/ssl-tests/20-cert-select.conf 2019-01-15 14:58:24.420416659 +0100
|
+++ openssl-1.1.1b/test/ssl-tests/20-cert-select.conf 2019-05-07 12:15:12.762907496 +0200
|
||||||
@@ -233,23 +233,23 @@ server = 5-ECDSA with brainpool-server
|
@@ -233,23 +233,18 @@ server = 5-ECDSA with brainpool-server
|
||||||
client = 5-ECDSA with brainpool-client
|
client = 5-ECDSA with brainpool-client
|
||||||
|
|
||||||
[5-ECDSA with brainpool-server]
|
[5-ECDSA with brainpool-server]
|
||||||
@ -68,32 +68,26 @@ diff -up openssl-1.1.1a/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-
|
|||||||
-CipherString = DEFAULT
|
-CipherString = DEFAULT
|
||||||
-Groups = brainpoolP256r1
|
-Groups = brainpoolP256r1
|
||||||
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
|
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
|
||||||
+#Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
|
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||||
+CipherString = aNULL
|
+CipherString = aNULL
|
||||||
+#Groups = brainpoolP256r1
|
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||||
+#PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
|
|
||||||
|
|
||||||
[5-ECDSA with brainpool-client]
|
[5-ECDSA with brainpool-client]
|
||||||
CipherString = aECDSA
|
CipherString = aECDSA
|
||||||
-Groups = brainpoolP256r1
|
-Groups = brainpoolP256r1
|
||||||
+#Groups = brainpoolP256r1
|
|
||||||
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
|
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
|
||||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
||||||
VerifyMode = Peer
|
VerifyMode = Peer
|
||||||
|
|
||||||
[test-5]
|
[test-5]
|
||||||
-ExpectedResult = Success
|
ExpectedResult = Success
|
||||||
-ExpectedServerCANames = empty
|
-ExpectedServerCANames = empty
|
||||||
-ExpectedServerCertType = brainpoolP256r1
|
-ExpectedServerCertType = brainpoolP256r1
|
||||||
-ExpectedServerSignType = EC
|
-ExpectedServerSignType = EC
|
||||||
+ExpectedResult = ServerFail
|
|
||||||
+#ExpectedServerCANames = empty
|
|
||||||
+#ExpectedServerCertType = brainpoolP256r1
|
|
||||||
+#ExpectedServerSignType = EC
|
|
||||||
|
|
||||||
|
|
||||||
# ===========================================================
|
# ===========================================================
|
||||||
@@ -1577,14 +1577,14 @@ server = 47-TLS 1.3 ECDSA with brainpool
|
@@ -1577,14 +1572,12 @@ server = 47-TLS 1.3 ECDSA with brainpool
|
||||||
client = 47-TLS 1.3 ECDSA with brainpool-client
|
client = 47-TLS 1.3 ECDSA with brainpool-client
|
||||||
|
|
||||||
[47-TLS 1.3 ECDSA with brainpool-server]
|
[47-TLS 1.3 ECDSA with brainpool-server]
|
||||||
@ -101,19 +95,17 @@ diff -up openssl-1.1.1a/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-
|
|||||||
-CipherString = DEFAULT
|
-CipherString = DEFAULT
|
||||||
-Groups = brainpoolP256r1
|
-Groups = brainpoolP256r1
|
||||||
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
|
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
|
||||||
+#Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
|
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||||
+CipherString = aNULL
|
+CipherString = aNULL
|
||||||
+#Groups = brainpoolP256r1
|
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||||
+#PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
|
|
||||||
|
|
||||||
[47-TLS 1.3 ECDSA with brainpool-client]
|
[47-TLS 1.3 ECDSA with brainpool-client]
|
||||||
CipherString = DEFAULT
|
CipherString = DEFAULT
|
||||||
-Groups = brainpoolP256r1
|
-Groups = brainpoolP256r1
|
||||||
+#Groups = brainpoolP256r1
|
|
||||||
MaxProtocol = TLSv1.3
|
MaxProtocol = TLSv1.3
|
||||||
MinProtocol = TLSv1.3
|
MinProtocol = TLSv1.3
|
||||||
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
|
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
|
||||||
@@ -1592,7 +1592,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
|
@@ -1592,7 +1585,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
|
||||||
VerifyMode = Peer
|
VerifyMode = Peer
|
||||||
|
|
||||||
[test-47]
|
[test-47]
|
||||||
|
37
openssl-1.1.1-regression-fixes.patch
Normal file
37
openssl-1.1.1-regression-fixes.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
diff -up openssl-1.1.1b/crypto/conf/conf_lib.c.regression openssl-1.1.1b/crypto/conf/conf_lib.c
|
||||||
|
--- openssl-1.1.1b/crypto/conf/conf_lib.c.regression 2019-02-26 15:15:30.000000000 +0100
|
||||||
|
+++ openssl-1.1.1b/crypto/conf/conf_lib.c 2019-05-10 14:28:57.718049429 +0200
|
||||||
|
@@ -356,8 +356,10 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(
|
||||||
|
{
|
||||||
|
OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret));
|
||||||
|
|
||||||
|
- if (ret != NULL)
|
||||||
|
- memset(ret, 0, sizeof(*ret));
|
||||||
|
+ if (ret == NULL)
|
||||||
|
+ return NULL;
|
||||||
|
+
|
||||||
|
+ memset(ret, 0, sizeof(*ret));
|
||||||
|
ret->flags = DEFAULT_CONF_MFLAGS;
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
diff -up openssl-1.1.1b/crypto/evp/evp_enc.c.regression openssl-1.1.1b/crypto/evp/evp_enc.c
|
||||||
|
--- openssl-1.1.1b/crypto/evp/evp_enc.c.regression 2019-05-07 11:52:35.982596242 +0200
|
||||||
|
+++ openssl-1.1.1b/crypto/evp/evp_enc.c 2019-05-10 14:30:42.269243383 +0200
|
||||||
|
@@ -338,7 +338,7 @@ static int evp_EncryptDecryptUpdate(EVP_
|
||||||
|
|
||||||
|
bl = ctx->cipher->block_size;
|
||||||
|
|
||||||
|
- if (inl <= 0) {
|
||||||
|
+ if (in == NULL && inl <= 0) {
|
||||||
|
*outl = 0;
|
||||||
|
return inl == 0;
|
||||||
|
}
|
||||||
|
@@ -491,7 +491,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ct
|
||||||
|
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
|
||||||
|
cmpl = (cmpl + 7) / 8;
|
||||||
|
|
||||||
|
- if (inl <= 0) {
|
||||||
|
+ if (in == NULL && inl <= 0) {
|
||||||
|
*outl = 0;
|
||||||
|
return inl == 0;
|
||||||
|
}
|
50
openssl-1.1.1-ts-sha256-default.patch
Normal file
50
openssl-1.1.1-ts-sha256-default.patch
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
diff --git a/apps/ts.c b/apps/ts.c
|
||||||
|
index 63c5210183..4ef8a72eef 100644
|
||||||
|
--- a/apps/ts.c
|
||||||
|
+++ b/apps/ts.c
|
||||||
|
@@ -425,7 +425,7 @@ static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
|
||||||
|
ASN1_OBJECT *policy_obj = NULL;
|
||||||
|
ASN1_INTEGER *nonce_asn1 = NULL;
|
||||||
|
|
||||||
|
- if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
|
||||||
|
+ if (md == NULL && (md = EVP_get_digestbyname("sha256")) == NULL)
|
||||||
|
goto err;
|
||||||
|
if ((ts_req = TS_REQ_new()) == NULL)
|
||||||
|
goto err;
|
||||||
|
diff --git a/doc/man1/ts.pod b/doc/man1/ts.pod
|
||||||
|
index 078905a845..83b8fe4350 100644
|
||||||
|
--- a/doc/man1/ts.pod
|
||||||
|
+++ b/doc/man1/ts.pod
|
||||||
|
@@ -517,7 +517,7 @@ included. Default is no. (Optional)
|
||||||
|
=item B<ess_cert_id_alg>
|
||||||
|
|
||||||
|
This option specifies the hash function to be used to calculate the TSA's
|
||||||
|
-public key certificate identifier. Default is sha1. (Optional)
|
||||||
|
+public key certificate identifier. Default is sha256. (Optional)
|
||||||
|
|
||||||
|
=back
|
||||||
|
|
||||||
|
@@ -529,7 +529,7 @@ openssl/apps/openssl.cnf will do.
|
||||||
|
|
||||||
|
=head2 Time Stamp Request
|
||||||
|
|
||||||
|
-To create a time stamp request for design1.txt with SHA-1
|
||||||
|
+To create a time stamp request for design1.txt with SHA-256
|
||||||
|
without nonce and policy and no certificate is required in the response:
|
||||||
|
|
||||||
|
openssl ts -query -data design1.txt -no_nonce \
|
||||||
|
@@ -545,12 +545,12 @@ To print the content of the previous request in human readable format:
|
||||||
|
|
||||||
|
openssl ts -query -in design1.tsq -text
|
||||||
|
|
||||||
|
-To create a time stamp request which includes the MD-5 digest
|
||||||
|
+To create a time stamp request which includes the SHA-512 digest
|
||||||
|
of design2.txt, requests the signer certificate and nonce,
|
||||||
|
specifies a policy id (assuming the tsa_policy1 name is defined in the
|
||||||
|
OID section of the config file):
|
||||||
|
|
||||||
|
- openssl ts -query -data design2.txt -md5 \
|
||||||
|
+ openssl ts -query -data design2.txt -sha512 \
|
||||||
|
-tspolicy tsa_policy1 -cert -out design2.tsq
|
||||||
|
|
||||||
|
=head2 Time Stamp Response
|
10
openssl.spec
10
openssl.spec
@ -22,7 +22,7 @@
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.1.1b
|
Version: 1.1.1b
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -58,6 +58,7 @@ Patch43: openssl-1.1.1-ignore-bound.patch
|
|||||||
Patch44: openssl-1.1.1-version-override.patch
|
Patch44: openssl-1.1.1-version-override.patch
|
||||||
Patch45: openssl-1.1.1-weak-ciphers.patch
|
Patch45: openssl-1.1.1-weak-ciphers.patch
|
||||||
Patch46: openssl-1.1.1-seclevel.patch
|
Patch46: openssl-1.1.1-seclevel.patch
|
||||||
|
Patch47: openssl-1.1.1-ts-sha256-default.patch
|
||||||
Patch48: openssl-1.1.1-fips-post-rand.patch
|
Patch48: openssl-1.1.1-fips-post-rand.patch
|
||||||
Patch49: openssl-1.1.1-evp-kdf.patch
|
Patch49: openssl-1.1.1-evp-kdf.patch
|
||||||
Patch50: openssl-1.1.1-ssh-kdf.patch
|
Patch50: openssl-1.1.1-ssh-kdf.patch
|
||||||
@ -65,6 +66,7 @@ Patch50: openssl-1.1.1-ssh-kdf.patch
|
|||||||
Patch51: openssl-1.1.1-upstream-sync.patch
|
Patch51: openssl-1.1.1-upstream-sync.patch
|
||||||
Patch52: openssl-1.1.1-s390x-update.patch
|
Patch52: openssl-1.1.1-s390x-update.patch
|
||||||
Patch53: openssl-1.1.1-fips-crng-test.patch
|
Patch53: openssl-1.1.1-fips-crng-test.patch
|
||||||
|
Patch54: openssl-1.1.1-regression-fixes.patch
|
||||||
|
|
||||||
License: OpenSSL
|
License: OpenSSL
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
@ -158,12 +160,14 @@ cp %{SOURCE13} test/
|
|||||||
%patch44 -p1 -b .version-override
|
%patch44 -p1 -b .version-override
|
||||||
%patch45 -p1 -b .weak-ciphers
|
%patch45 -p1 -b .weak-ciphers
|
||||||
%patch46 -p1 -b .seclevel
|
%patch46 -p1 -b .seclevel
|
||||||
|
%patch47 -p1 -b .ts-sha256-default
|
||||||
%patch48 -p1 -b .fips-post-rand
|
%patch48 -p1 -b .fips-post-rand
|
||||||
%patch49 -p1 -b .evp-kdf
|
%patch49 -p1 -b .evp-kdf
|
||||||
%patch50 -p1 -b .ssh-kdf
|
%patch50 -p1 -b .ssh-kdf
|
||||||
%patch51 -p1 -b .upstream-sync
|
%patch51 -p1 -b .upstream-sync
|
||||||
%patch52 -p1 -b .s390x-update
|
%patch52 -p1 -b .s390x-update
|
||||||
%patch53 -p1 -b .crng-test
|
%patch53 -p1 -b .crng-test
|
||||||
|
%patch54 -p1 -b .regression
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -450,6 +454,10 @@ export LD_LIBRARY_PATH
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri May 10 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-9
|
||||||
|
- Fix two small regressions
|
||||||
|
- Change the ts application default hash to SHA256
|
||||||
|
|
||||||
* Tue May 7 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-8
|
* Tue May 7 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-8
|
||||||
- FIPS compliance fixes
|
- FIPS compliance fixes
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user