forked from rpms/openssl
update to the 1.1.1b release
EVP_KDF API backport from master SSH KDF implementation for EVP_KDF API backport from master
This commit is contained in:
parent
757524ec00
commit
5cda1ca091
1
.gitignore
vendored
1
.gitignore
vendored
@ -42,3 +42,4 @@ openssl-1.0.0a-usa.tar.bz2
|
|||||||
/openssl-1.1.1-pre9-hobbled.tar.xz
|
/openssl-1.1.1-pre9-hobbled.tar.xz
|
||||||
/openssl-1.1.1-hobbled.tar.xz
|
/openssl-1.1.1-hobbled.tar.xz
|
||||||
/openssl-1.1.1a-hobbled.tar.xz
|
/openssl-1.1.1a-hobbled.tar.xz
|
||||||
|
/openssl-1.1.1b-hobbled.tar.xz
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.1.1/apps/speed.c.curves openssl-1.1.1/apps/speed.c
|
diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
||||||
--- openssl-1.1.1/apps/speed.c.curves 2018-09-11 14:48:20.000000000 +0200
|
--- openssl-1.1.1b/apps/speed.c.curves 2019-02-26 15:15:30.000000000 +0100
|
||||||
+++ openssl-1.1.1/apps/speed.c 2018-09-13 09:24:24.840081023 +0200
|
+++ openssl-1.1.1b/apps/speed.c 2019-02-28 11:20:42.347170167 +0100
|
||||||
@@ -489,82 +489,28 @@ static const OPT_PAIR rsa_choices[] = {
|
@@ -489,82 +489,28 @@ static const OPT_PAIR rsa_choices[] = {
|
||||||
static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
|
static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
|
||||||
#endif /* OPENSSL_NO_RSA */
|
#endif /* OPENSSL_NO_RSA */
|
||||||
@ -98,11 +98,11 @@ diff -up openssl-1.1.1/apps/speed.c.curves openssl-1.1.1/apps/speed.c
|
|||||||
- {"nistp192", NID_X9_62_prime192v1, 192},
|
- {"nistp192", NID_X9_62_prime192v1, 192},
|
||||||
{"nistp224", NID_secp224r1, 224},
|
{"nistp224", NID_secp224r1, 224},
|
||||||
{"nistp256", NID_X9_62_prime256v1, 256},
|
{"nistp256", NID_X9_62_prime256v1, 256},
|
||||||
{"nistp384", NID_secp384r1, 384},
|
{"nistp384", NID_secp384r1, 384},
|
||||||
{"nistp521", NID_secp521r1, 521},
|
{"nistp521", NID_secp521r1, 521},
|
||||||
- /* Binary Curves */
|
- /* Binary Curves */
|
||||||
- {"nistk163", NID_sect163k1, 163},
|
- {"nistk163", NID_sect163k1, 163},
|
||||||
- {"nistk233", NID_sect233k1, 233},
|
- {"nistk233", NID_sect233k1, 233},
|
||||||
- {"nistk283", NID_sect283k1, 283},
|
- {"nistk283", NID_sect283k1, 283},
|
||||||
- {"nistk409", NID_sect409k1, 409},
|
- {"nistk409", NID_sect409k1, 409},
|
||||||
- {"nistk571", NID_sect571k1, 571},
|
- {"nistk571", NID_sect571k1, 571},
|
||||||
@ -170,10 +170,10 @@ diff -up openssl-1.1.1/apps/speed.c.curves openssl-1.1.1/apps/speed.c
|
|||||||
/* default iteration count for the last two EC Curves */
|
/* default iteration count for the last two EC Curves */
|
||||||
ecdh_c[R_EC_X25519][0] = count / 1800;
|
ecdh_c[R_EC_X25519][0] = count / 1800;
|
||||||
ecdh_c[R_EC_X448][0] = count / 7200;
|
ecdh_c[R_EC_X448][0] = count / 7200;
|
||||||
diff -up openssl-1.1.1/crypto/ec/ecp_smpl.c.curves openssl-1.1.1/crypto/ec/ecp_smpl.c
|
diff -up openssl-1.1.1b/crypto/ec/ecp_smpl.c.curves openssl-1.1.1b/crypto/ec/ecp_smpl.c
|
||||||
--- openssl-1.1.1/crypto/ec/ecp_smpl.c.curves 2018-09-11 14:48:21.000000000 +0200
|
--- openssl-1.1.1b/crypto/ec/ecp_smpl.c.curves 2019-02-26 15:15:30.000000000 +0100
|
||||||
+++ openssl-1.1.1/crypto/ec/ecp_smpl.c 2018-09-13 09:09:26.841792619 +0200
|
+++ openssl-1.1.1b/crypto/ec/ecp_smpl.c 2019-02-28 11:19:30.628479300 +0100
|
||||||
@@ -144,6 +144,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
|
@@ -145,6 +145,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -185,10 +185,10 @@ diff -up openssl-1.1.1/crypto/ec/ecp_smpl.c.curves openssl-1.1.1/crypto/ec/ecp_s
|
|||||||
if (ctx == NULL) {
|
if (ctx == NULL) {
|
||||||
ctx = new_ctx = BN_CTX_new();
|
ctx = new_ctx = BN_CTX_new();
|
||||||
if (ctx == NULL)
|
if (ctx == NULL)
|
||||||
diff -up openssl-1.1.1/test/ecdsatest.c.curves openssl-1.1.1/test/ecdsatest.c
|
diff -up openssl-1.1.1b/test/ecdsatest.c.curves openssl-1.1.1b/test/ecdsatest.c
|
||||||
--- openssl-1.1.1/test/ecdsatest.c.curves 2018-09-11 14:48:24.000000000 +0200
|
--- openssl-1.1.1b/test/ecdsatest.c.curves 2019-02-26 15:15:30.000000000 +0100
|
||||||
+++ openssl-1.1.1/test/ecdsatest.c 2018-09-13 09:09:26.841792619 +0200
|
+++ openssl-1.1.1b/test/ecdsatest.c 2019-02-28 11:19:30.628479300 +0100
|
||||||
@@ -173,6 +173,7 @@ static int x9_62_tests(void)
|
@@ -176,6 +176,7 @@ static int x9_62_tests(void)
|
||||||
if (!change_rand())
|
if (!change_rand())
|
||||||
goto x962_err;
|
goto x962_err;
|
||||||
|
|
||||||
@ -196,7 +196,7 @@ diff -up openssl-1.1.1/test/ecdsatest.c.curves openssl-1.1.1/test/ecdsatest.c
|
|||||||
if (!TEST_true(x9_62_test_internal(NID_X9_62_prime192v1,
|
if (!TEST_true(x9_62_test_internal(NID_X9_62_prime192v1,
|
||||||
"3342403536405981729393488334694600415596881826869351677613",
|
"3342403536405981729393488334694600415596881826869351677613",
|
||||||
"5735822328888155254683894997897571951568553642892029982342")))
|
"5735822328888155254683894997897571951568553642892029982342")))
|
||||||
@@ -183,6 +184,7 @@ static int x9_62_tests(void)
|
@@ -186,6 +187,7 @@ static int x9_62_tests(void)
|
||||||
"3238135532097973577080787768312505059318910517550078427819"
|
"3238135532097973577080787768312505059318910517550078427819"
|
||||||
"78505179448783")))
|
"78505179448783")))
|
||||||
goto x962_err;
|
goto x962_err;
|
||||||
|
5259
openssl-1.1.1-evp-kdf.patch
Normal file
5259
openssl-1.1.1-evp-kdf.patch
Normal file
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.1.0g/crypto/asn1/a_verify.c.no-md5-verify openssl-1.1.0g/crypto/asn1/a_verify.c
|
diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c
|
||||||
--- openssl-1.1.0g/crypto/asn1/a_verify.c.no-md5-verify 2017-11-02 15:29:02.000000000 +0100
|
--- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify 2019-02-26 15:15:30.000000000 +0100
|
||||||
+++ openssl-1.1.0g/crypto/asn1/a_verify.c 2017-11-03 16:15:46.125801341 +0100
|
+++ openssl-1.1.1b/crypto/asn1/a_verify.c 2019-02-28 11:25:31.531862873 +0100
|
||||||
@@ -7,6 +7,9 @@
|
@@ -7,6 +7,9 @@
|
||||||
* https://www.openssl.org/source/license.html
|
* https://www.openssl.org/source/license.html
|
||||||
*/
|
*/
|
||||||
@ -11,7 +11,7 @@ diff -up openssl-1.1.0g/crypto/asn1/a_verify.c.no-md5-verify openssl-1.1.0g/cryp
|
|||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
@@ -126,6 +129,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
|
@@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
|
||||||
if (ret != 2)
|
if (ret != 2)
|
||||||
goto err;
|
goto err;
|
||||||
ret = -1;
|
ret = -1;
|
||||||
@ -22,5 +22,5 @@ diff -up openssl-1.1.0g/crypto/asn1/a_verify.c.no-md5-verify openssl-1.1.0g/cryp
|
|||||||
+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
|
+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
|
||||||
+ goto err;
|
+ goto err;
|
||||||
} else {
|
} else {
|
||||||
const EVP_MD *type;
|
const EVP_MD *type = EVP_get_digestbynid(mdnid);
|
||||||
type = EVP_get_digestbynid(mdnid);
|
|
5582
openssl-1.1.1-ssh-kdf.patch
Normal file
5582
openssl-1.1.1-ssh-kdf.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -295,10 +295,10 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1-pre9/s
|
|||||||
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
|
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
|
||||||
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
|
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
|
||||||
goto err2;
|
goto err2;
|
||||||
diff -up openssl-1.1.1-pre9/test/cipherlist_test.c.system-cipherlist openssl-1.1.1-pre9/test/cipherlist_test.c
|
diff -up openssl-1.1.1b/test/cipherlist_test.c.system-cipherlist openssl-1.1.1b/test/cipherlist_test.c
|
||||||
--- openssl-1.1.1-pre9/test/cipherlist_test.c.system-cipherlist 2018-08-21 14:14:15.000000000 +0200
|
--- openssl-1.1.1b/test/cipherlist_test.c.system-cipherlist 2019-02-28 11:27:15.181936081 +0100
|
||||||
+++ openssl-1.1.1-pre9/test/cipherlist_test.c 2018-08-22 12:15:54.558743609 +0200
|
+++ openssl-1.1.1b/test/cipherlist_test.c 2019-02-28 11:28:53.357111055 +0100
|
||||||
@@ -217,7 +217,9 @@ static int test_default_cipherlist_expli
|
@@ -251,7 +251,9 @@ end:
|
||||||
|
|
||||||
int setup_tests(void)
|
int setup_tests(void)
|
||||||
{
|
{
|
||||||
@ -306,5 +306,5 @@ diff -up openssl-1.1.1-pre9/test/cipherlist_test.c.system-cipherlist openssl-1.1
|
|||||||
ADD_TEST(test_default_cipherlist_implicit);
|
ADD_TEST(test_default_cipherlist_implicit);
|
||||||
+#endif
|
+#endif
|
||||||
ADD_TEST(test_default_cipherlist_explicit);
|
ADD_TEST(test_default_cipherlist_explicit);
|
||||||
|
ADD_TEST(test_default_cipherlist_clear);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
diff -up openssl-1.1.1a/include/openssl/opensslv.h.version-override openssl-1.1.1a/include/openssl/opensslv.h
|
diff -up openssl-1.1.1b/include/openssl/opensslv.h.version-override openssl-1.1.1b/include/openssl/opensslv.h
|
||||||
--- openssl-1.1.1a/include/openssl/opensslv.h.version-override 2019-01-15 14:09:04.591995174 +0100
|
--- openssl-1.1.1b/include/openssl/opensslv.h.version-override 2019-02-28 11:34:56.427361796 +0100
|
||||||
+++ openssl-1.1.1a/include/openssl/opensslv.h 2019-01-15 14:11:31.976256442 +0100
|
+++ openssl-1.1.1b/include/openssl/opensslv.h 2019-02-28 11:35:40.487542747 +0100
|
||||||
@@ -40,7 +40,7 @@ extern "C" {
|
@@ -40,7 +40,7 @@ extern "C" {
|
||||||
* major minor fix final patch/beta)
|
* major minor fix final patch/beta)
|
||||||
*/
|
*/
|
||||||
# define OPENSSL_VERSION_NUMBER 0x1010101fL
|
# define OPENSSL_VERSION_NUMBER 0x1010102fL
|
||||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1a 20 Nov 2018"
|
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1b 26 Feb 2019"
|
||||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1a FIPS 20 Nov 2018"
|
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1b FIPS 26 Feb 2019"
|
||||||
|
|
||||||
/*-
|
/*-
|
||||||
* The macros below are to be used for shared library (.so, .dll, ...)
|
* The macros below are to be used for shared library (.so, .dll, ...)
|
||||||
|
15
openssl.spec
15
openssl.spec
@ -21,8 +21,8 @@
|
|||||||
|
|
||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.1.1a
|
Version: 1.1.1b
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -50,7 +50,7 @@ Patch32: openssl-1.1.1-version-add-engines.patch
|
|||||||
Patch33: openssl-1.1.0-apps-dgst.patch
|
Patch33: openssl-1.1.0-apps-dgst.patch
|
||||||
Patch36: openssl-1.1.1-no-brainpool.patch
|
Patch36: openssl-1.1.1-no-brainpool.patch
|
||||||
Patch37: openssl-1.1.1-ec-curves.patch
|
Patch37: openssl-1.1.1-ec-curves.patch
|
||||||
Patch38: openssl-1.1.0-no-weak-verify.patch
|
Patch38: openssl-1.1.1-no-weak-verify.patch
|
||||||
Patch40: openssl-1.1.1-disable-ssl3.patch
|
Patch40: openssl-1.1.1-disable-ssl3.patch
|
||||||
Patch41: openssl-1.1.1-system-cipherlist.patch
|
Patch41: openssl-1.1.1-system-cipherlist.patch
|
||||||
Patch42: openssl-1.1.1-fips.patch
|
Patch42: openssl-1.1.1-fips.patch
|
||||||
@ -59,6 +59,8 @@ Patch44: openssl-1.1.1-version-override.patch
|
|||||||
Patch45: openssl-1.1.1-weak-ciphers.patch
|
Patch45: openssl-1.1.1-weak-ciphers.patch
|
||||||
Patch46: openssl-1.1.1-seclevel.patch
|
Patch46: openssl-1.1.1-seclevel.patch
|
||||||
Patch48: openssl-1.1.1-fips-post-rand.patch
|
Patch48: openssl-1.1.1-fips-post-rand.patch
|
||||||
|
Patch49: openssl-1.1.1-evp-kdf.patch
|
||||||
|
Patch50: openssl-1.1.1-ssh-kdf.patch
|
||||||
# Backported fixes including security fixes
|
# Backported fixes including security fixes
|
||||||
|
|
||||||
License: OpenSSL
|
License: OpenSSL
|
||||||
@ -158,6 +160,8 @@ cp %{SOURCE13} test/
|
|||||||
%patch45 -p1 -b .weak-ciphers
|
%patch45 -p1 -b .weak-ciphers
|
||||||
%patch46 -p1 -b .seclevel
|
%patch46 -p1 -b .seclevel
|
||||||
%patch48 -p1 -b .fips-post-rand
|
%patch48 -p1 -b .fips-post-rand
|
||||||
|
%patch49 -p1 -b .evp-kdf
|
||||||
|
%patch50 -p1 -b .ssh-kdf
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -444,6 +448,11 @@ export LD_LIBRARY_PATH
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Feb 28 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-1
|
||||||
|
- update to the 1.1.1b release
|
||||||
|
- EVP_KDF API backport from master
|
||||||
|
- SSH KDF implementation for EVP_KDF API backport from master
|
||||||
|
|
||||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.1a-2
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.1a-2
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (openssl-1.1.1a-hobbled.tar.xz) = 17d2703b2169f36b2ecd50d014103f31e22bbd42807b4688a3cd6140911e0aa9a2fa2bb1d4dda4eae000913a1551d85ac9c441a69c053a8ad10b593ec2a588b5
|
SHA512 (openssl-1.1.1b-hobbled.tar.xz) = 8055b19bfeec41fe0607c04d468d2f16a1e5fe02642c8deb67b00878be7e28ab266d13da41b9576800cba0b9448253f26f72ab8889d666f5d23103648f80bea1
|
||||||
|
Loading…
Reference in New Issue
Block a user