forked from rpms/openssl
new upstream release fixing multiple security issues
This commit is contained in:
parent
8c1cdfe3ab
commit
7e7e3f299f
1
.gitignore
vendored
1
.gitignore
vendored
@ -17,3 +17,4 @@ openssl-1.0.0a-usa.tar.bz2
|
|||||||
/openssl-1.0.1h-hobbled.tar.xz
|
/openssl-1.0.1h-hobbled.tar.xz
|
||||||
/openssl-1.0.1i-hobbled.tar.xz
|
/openssl-1.0.1i-hobbled.tar.xz
|
||||||
/openssl-1.0.1j-hobbled.tar.xz
|
/openssl-1.0.1j-hobbled.tar.xz
|
||||||
|
/openssl-1.0.1k-hobbled.tar.xz
|
||||||
|
@ -1,23 +0,0 @@
|
|||||||
diff -up openssl-1.0.1-beta2/ssl/dtls1.h.dtls1-abi openssl-1.0.1-beta2/ssl/dtls1.h
|
|
||||||
--- openssl-1.0.1-beta2/ssl/dtls1.h.dtls1-abi 2012-02-06 17:07:34.630336118 +0100
|
|
||||||
+++ openssl-1.0.1-beta2/ssl/dtls1.h 2012-02-06 17:10:08.956623707 +0100
|
|
||||||
@@ -222,9 +222,6 @@ typedef struct dtls1_state_st
|
|
||||||
*/
|
|
||||||
record_pqueue buffered_app_data;
|
|
||||||
|
|
||||||
- /* Is set when listening for new connections with dtls1_listen() */
|
|
||||||
- unsigned int listen;
|
|
||||||
-
|
|
||||||
unsigned int mtu; /* max DTLS packet size */
|
|
||||||
|
|
||||||
struct hm_header_st w_msg_hdr;
|
|
||||||
@@ -248,6 +245,9 @@ typedef struct dtls1_state_st
|
|
||||||
unsigned int retransmitting;
|
|
||||||
unsigned int change_cipher_spec_ok;
|
|
||||||
|
|
||||||
+ /* Is set when listening for new connections with dtls1_listen() */
|
|
||||||
+ unsigned int listen;
|
|
||||||
+
|
|
||||||
#ifndef OPENSSL_NO_SCTP
|
|
||||||
/* used when SSL_ST_XX_FLUSH is entered */
|
|
||||||
int next_state;
|
|
26
openssl-1.0.1k-dtls1-abi.patch
Normal file
26
openssl-1.0.1k-dtls1-abi.patch
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
diff -up openssl-1.0.1k/ssl/dtls1.h.dtls1-abi openssl-1.0.1k/ssl/dtls1.h
|
||||||
|
--- openssl-1.0.1k/ssl/dtls1.h.dtls1-abi 2015-01-09 09:58:59.332596897 +0100
|
||||||
|
+++ openssl-1.0.1k/ssl/dtls1.h 2015-01-09 10:02:34.908472320 +0100
|
||||||
|
@@ -231,10 +231,6 @@ typedef struct dtls1_state_st
|
||||||
|
*/
|
||||||
|
record_pqueue buffered_app_data;
|
||||||
|
|
||||||
|
- /* Is set when listening for new connections with dtls1_listen() */
|
||||||
|
- unsigned int listen;
|
||||||
|
-
|
||||||
|
- unsigned int link_mtu; /* max on-the-wire DTLS packet size */
|
||||||
|
unsigned int mtu; /* max DTLS packet size */
|
||||||
|
|
||||||
|
struct hm_header_st w_msg_hdr;
|
||||||
|
@@ -262,6 +258,11 @@ typedef struct dtls1_state_st
|
||||||
|
*/
|
||||||
|
unsigned int change_cipher_spec_ok;
|
||||||
|
|
||||||
|
+ /* Is set when listening for new connections with dtls1_listen() */
|
||||||
|
+ unsigned int listen;
|
||||||
|
+
|
||||||
|
+ unsigned int link_mtu; /* max on-the-wire DTLS packet size */
|
||||||
|
+
|
||||||
|
#ifndef OPENSSL_NO_SCTP
|
||||||
|
/* used when SSL_ST_XX_FLUSH is entered */
|
||||||
|
int next_state;
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
|
diff -up openssl-1.0.1k/apps/speed.c.suiteb openssl-1.0.1k/apps/speed.c
|
||||||
--- openssl-1.0.1e/apps/speed.c.suiteb 2013-11-08 18:02:53.815229706 +0100
|
--- openssl-1.0.1k/apps/speed.c.suiteb 2015-01-09 10:03:38.406908388 +0100
|
||||||
+++ openssl-1.0.1e/apps/speed.c 2013-11-08 18:04:47.016724297 +0100
|
+++ openssl-1.0.1k/apps/speed.c 2015-01-09 10:03:38.602912821 +0100
|
||||||
@@ -966,49 +966,23 @@ int MAIN(int argc, char **argv)
|
@@ -966,49 +966,23 @@ int MAIN(int argc, char **argv)
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
@ -87,38 +87,44 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
|
|||||||
ecdh_doit[i]=1;
|
ecdh_doit[i]=1;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
diff -up openssl-1.0.1e/ssl/t1_lib.c.suiteb openssl-1.0.1e/ssl/t1_lib.c
|
diff -up openssl-1.0.1k/ssl/t1_lib.c.suiteb openssl-1.0.1k/ssl/t1_lib.c
|
||||||
--- openssl-1.0.1e/ssl/t1_lib.c.suiteb 2013-02-11 16:26:04.000000000 +0100
|
--- openssl-1.0.1k/ssl/t1_lib.c.suiteb 2015-01-09 10:03:38.603912844 +0100
|
||||||
+++ openssl-1.0.1e/ssl/t1_lib.c 2013-11-08 18:05:27.551617554 +0100
|
+++ openssl-1.0.1k/ssl/t1_lib.c 2015-01-09 10:06:35.470912834 +0100
|
||||||
@@ -204,31 +204,9 @@ static int nid_list[] =
|
@@ -218,29 +218,21 @@ static int pref_list[] =
|
||||||
|
NID_sect283k1, /* sect283k1 (9) */
|
||||||
static int pref_list[] =
|
NID_sect283r1, /* sect283r1 (10) */
|
||||||
{
|
#endif
|
||||||
- NID_sect571r1, /* sect571r1 (14) */
|
|
||||||
- NID_sect571k1, /* sect571k1 (13) */
|
|
||||||
NID_secp521r1, /* secp521r1 (25) */
|
|
||||||
- NID_sect409k1, /* sect409k1 (11) */
|
|
||||||
- NID_sect409r1, /* sect409r1 (12) */
|
|
||||||
NID_secp384r1, /* secp384r1 (24) */
|
|
||||||
- NID_sect283k1, /* sect283k1 (9) */
|
|
||||||
- NID_sect283r1, /* sect283r1 (10) */
|
|
||||||
- NID_secp256k1, /* secp256k1 (22) */
|
- NID_secp256k1, /* secp256k1 (22) */
|
||||||
NID_X9_62_prime256v1, /* secp256r1 (23) */
|
NID_X9_62_prime256v1, /* secp256r1 (23) */
|
||||||
- NID_sect239k1, /* sect239k1 (8) */
|
#ifndef OPENSSL_NO_EC2M
|
||||||
- NID_sect233k1, /* sect233k1 (6) */
|
NID_sect239k1, /* sect239k1 (8) */
|
||||||
- NID_sect233r1, /* sect233r1 (7) */
|
NID_sect233k1, /* sect233k1 (6) */
|
||||||
|
NID_sect233r1, /* sect233r1 (7) */
|
||||||
|
#endif
|
||||||
- NID_secp224k1, /* secp224k1 (20) */
|
- NID_secp224k1, /* secp224k1 (20) */
|
||||||
- NID_secp224r1, /* secp224r1 (21) */
|
- NID_secp224r1, /* secp224r1 (21) */
|
||||||
- NID_sect193r1, /* sect193r1 (4) */
|
#ifndef OPENSSL_NO_EC2M
|
||||||
- NID_sect193r2, /* sect193r2 (5) */
|
NID_sect193r1, /* sect193r1 (4) */
|
||||||
|
NID_sect193r2, /* sect193r2 (5) */
|
||||||
|
#endif
|
||||||
- NID_secp192k1, /* secp192k1 (18) */
|
- NID_secp192k1, /* secp192k1 (18) */
|
||||||
- NID_X9_62_prime192v1, /* secp192r1 (19) */
|
- NID_X9_62_prime192v1, /* secp192r1 (19) */
|
||||||
- NID_sect163k1, /* sect163k1 (1) */
|
#ifndef OPENSSL_NO_EC2M
|
||||||
- NID_sect163r1, /* sect163r1 (2) */
|
NID_sect163k1, /* sect163k1 (1) */
|
||||||
- NID_sect163r2, /* sect163r2 (3) */
|
NID_sect163r1, /* sect163r1 (2) */
|
||||||
|
NID_sect163r2, /* sect163r2 (3) */
|
||||||
|
#endif
|
||||||
- NID_secp160k1, /* secp160k1 (15) */
|
- NID_secp160k1, /* secp160k1 (15) */
|
||||||
- NID_secp160r1, /* secp160r1 (16) */
|
- NID_secp160r1, /* secp160r1 (16) */
|
||||||
- NID_secp160r2, /* secp160r2 (17) */
|
- NID_secp160r2, /* secp160r2 (17) */
|
||||||
};
|
};
|
||||||
|
|
||||||
int tls1_ec_curve_id2nid(int curve_id)
|
int tls1_ec_curve_id2nid(int curve_id)
|
||||||
|
@@ -1820,7 +1812,6 @@ int ssl_prepare_clienthello_tlsext(SSL *
|
||||||
|
s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
|
||||||
|
s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
|
||||||
|
|
||||||
|
- /* we support all named elliptic curves in RFC 4492 */
|
||||||
|
if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
|
||||||
|
s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
|
||||||
|
if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.0.1j/apps/s_apps.h.ephemeral openssl-1.0.1j/apps/s_apps.h
|
diff -up openssl-1.0.1k/apps/s_apps.h.ephemeral openssl-1.0.1k/apps/s_apps.h
|
||||||
--- openssl-1.0.1j/apps/s_apps.h.ephemeral 2014-10-16 13:32:30.772817591 +0200
|
--- openssl-1.0.1k/apps/s_apps.h.ephemeral 2015-01-09 10:22:03.289896211 +0100
|
||||||
+++ openssl-1.0.1j/apps/s_apps.h 2014-10-16 13:32:30.865819691 +0200
|
+++ openssl-1.0.1k/apps/s_apps.h 2015-01-09 10:22:03.373898111 +0100
|
||||||
@@ -156,6 +156,7 @@ int MS_CALLBACK verify_callback(int ok,
|
@@ -156,6 +156,7 @@ int MS_CALLBACK verify_callback(int ok,
|
||||||
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
|
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
|
||||||
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
|
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
|
||||||
@ -9,9 +9,9 @@ diff -up openssl-1.0.1j/apps/s_apps.h.ephemeral openssl-1.0.1j/apps/s_apps.h
|
|||||||
int init_client(int *sock, char *server, char *port, int type);
|
int init_client(int *sock, char *server, char *port, int type);
|
||||||
int should_retry(int i);
|
int should_retry(int i);
|
||||||
int extract_host_port(char *str,char **host_ptr,char **port_ptr);
|
int extract_host_port(char *str,char **host_ptr,char **port_ptr);
|
||||||
diff -up openssl-1.0.1j/apps/s_cb.c.ephemeral openssl-1.0.1j/apps/s_cb.c
|
diff -up openssl-1.0.1k/apps/s_cb.c.ephemeral openssl-1.0.1k/apps/s_cb.c
|
||||||
--- openssl-1.0.1j/apps/s_cb.c.ephemeral 2014-10-15 14:53:39.000000000 +0200
|
--- openssl-1.0.1k/apps/s_cb.c.ephemeral 2015-01-08 15:00:36.000000000 +0100
|
||||||
+++ openssl-1.0.1j/apps/s_cb.c 2014-10-16 13:32:30.865819691 +0200
|
+++ openssl-1.0.1k/apps/s_cb.c 2015-01-09 10:22:03.373898111 +0100
|
||||||
@@ -338,6 +338,38 @@ void MS_CALLBACK apps_ssl_info_callback(
|
@@ -338,6 +338,38 @@ void MS_CALLBACK apps_ssl_info_callback(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -51,10 +51,10 @@ diff -up openssl-1.0.1j/apps/s_cb.c.ephemeral openssl-1.0.1j/apps/s_cb.c
|
|||||||
|
|
||||||
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
|
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
|
||||||
{
|
{
|
||||||
diff -up openssl-1.0.1j/apps/s_client.c.ephemeral openssl-1.0.1j/apps/s_client.c
|
diff -up openssl-1.0.1k/apps/s_client.c.ephemeral openssl-1.0.1k/apps/s_client.c
|
||||||
--- openssl-1.0.1j/apps/s_client.c.ephemeral 2014-10-16 13:32:30.860819578 +0200
|
--- openssl-1.0.1k/apps/s_client.c.ephemeral 2015-01-09 10:22:03.367897975 +0100
|
||||||
+++ openssl-1.0.1j/apps/s_client.c 2014-10-16 13:32:30.865819691 +0200
|
+++ openssl-1.0.1k/apps/s_client.c 2015-01-09 10:22:03.373898111 +0100
|
||||||
@@ -2044,6 +2044,8 @@ static void print_stuff(BIO *bio, SSL *s
|
@@ -2058,6 +2058,8 @@ static void print_stuff(BIO *bio, SSL *s
|
||||||
BIO_write(bio,"\n",1);
|
BIO_write(bio,"\n",1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -63,18 +63,18 @@ diff -up openssl-1.0.1j/apps/s_client.c.ephemeral openssl-1.0.1j/apps/s_client.c
|
|||||||
BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
|
BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
|
||||||
BIO_number_read(SSL_get_rbio(s)),
|
BIO_number_read(SSL_get_rbio(s)),
|
||||||
BIO_number_written(SSL_get_wbio(s)));
|
BIO_number_written(SSL_get_wbio(s)));
|
||||||
diff -up openssl-1.0.1j/ssl/ssl.h.ephemeral openssl-1.0.1j/ssl/ssl.h
|
diff -up openssl-1.0.1k/ssl/ssl.h.ephemeral openssl-1.0.1k/ssl/ssl.h
|
||||||
--- openssl-1.0.1j/ssl/ssl.h.ephemeral 2014-10-16 13:32:30.851819375 +0200
|
--- openssl-1.0.1k/ssl/ssl.h.ephemeral 2015-01-09 10:22:03.358897772 +0100
|
||||||
+++ openssl-1.0.1j/ssl/ssl.h 2014-10-16 13:33:23.233001903 +0200
|
+++ openssl-1.0.1k/ssl/ssl.h 2015-01-09 10:25:08.644088146 +0100
|
||||||
@@ -1585,6 +1585,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
@@ -1593,6 +1593,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
||||||
#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
|
#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
|
||||||
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
|
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
|
||||||
|
|
||||||
+#define SSL_CTRL_GET_SERVER_TMP_KEY 109
|
+#define SSL_CTRL_GET_SERVER_TMP_KEY 109
|
||||||
#define SSL_CTRL_CHECK_PROTO_VERSION 119
|
#define SSL_CTRL_CHECK_PROTO_VERSION 119
|
||||||
|
#define DTLS_CTRL_SET_LINK_MTU 120
|
||||||
#define DTLSv1_get_timeout(ssl, arg) \
|
#define DTLS_CTRL_GET_LINK_MIN_MTU 121
|
||||||
@@ -1628,6 +1629,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
@@ -1638,6 +1639,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
||||||
#define SSL_CTX_clear_extra_chain_certs(ctx) \
|
#define SSL_CTX_clear_extra_chain_certs(ctx) \
|
||||||
SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
|
SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
|
||||||
|
|
||||||
@ -84,9 +84,9 @@ diff -up openssl-1.0.1j/ssl/ssl.h.ephemeral openssl-1.0.1j/ssl/ssl.h
|
|||||||
#ifndef OPENSSL_NO_BIO
|
#ifndef OPENSSL_NO_BIO
|
||||||
BIO_METHOD *BIO_f_ssl(void);
|
BIO_METHOD *BIO_f_ssl(void);
|
||||||
BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
|
BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
|
||||||
diff -up openssl-1.0.1j/ssl/s3_lib.c.ephemeral openssl-1.0.1j/ssl/s3_lib.c
|
diff -up openssl-1.0.1k/ssl/s3_lib.c.ephemeral openssl-1.0.1k/ssl/s3_lib.c
|
||||||
--- openssl-1.0.1j/ssl/s3_lib.c.ephemeral 2014-10-16 13:32:30.866819713 +0200
|
--- openssl-1.0.1k/ssl/s3_lib.c.ephemeral 2015-01-08 15:00:56.000000000 +0100
|
||||||
+++ openssl-1.0.1j/ssl/s3_lib.c 2014-10-16 13:34:08.918033262 +0200
|
+++ openssl-1.0.1k/ssl/s3_lib.c 2015-01-09 10:22:03.374898133 +0100
|
||||||
@@ -3356,6 +3356,45 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
|
@@ -3356,6 +3356,45 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
|
||||||
|
|
||||||
#endif /* !OPENSSL_NO_TLSEXT */
|
#endif /* !OPENSSL_NO_TLSEXT */
|
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/engines/e_padlock.c
|
diff -up openssl-1.0.1k/engines/e_padlock.c.padlock64 openssl-1.0.1k/engines/e_padlock.c
|
||||||
--- openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 2011-06-21 18:42:15.000000000 +0200
|
--- openssl-1.0.1k/engines/e_padlock.c.padlock64 2015-01-08 15:00:56.000000000 +0100
|
||||||
+++ openssl-1.0.1-beta2/engines/e_padlock.c 2012-02-06 20:18:52.039537799 +0100
|
+++ openssl-1.0.1k/engines/e_padlock.c 2015-01-09 10:18:55.579650992 +0100
|
||||||
@@ -101,7 +101,10 @@
|
@@ -101,7 +101,10 @@
|
||||||
compiler choice is limited to GCC and Microsoft C. */
|
compiler choice is limited to GCC and Microsoft C. */
|
||||||
#undef COMPILE_HW_PADLOCK
|
#undef COMPILE_HW_PADLOCK
|
||||||
@ -30,11 +30,12 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e
|
|||||||
/*
|
/*
|
||||||
* As for excessive "push %ebx"/"pop %ebx" found all over.
|
* As for excessive "push %ebx"/"pop %ebx" found all over.
|
||||||
* When generating position-independent code GCC won't let
|
* When generating position-independent code GCC won't let
|
||||||
@@ -383,21 +387,6 @@ padlock_available(void)
|
@@ -383,23 +387,6 @@ padlock_available(void)
|
||||||
return padlock_use_ace + padlock_use_rng;
|
return padlock_use_ace + padlock_use_rng;
|
||||||
}
|
}
|
||||||
|
|
||||||
-#ifndef OPENSSL_NO_AES
|
-#ifndef OPENSSL_NO_AES
|
||||||
|
-#ifndef AES_ASM
|
||||||
-/* Our own htonl()/ntohl() */
|
-/* Our own htonl()/ntohl() */
|
||||||
-static inline void
|
-static inline void
|
||||||
-padlock_bswapl(AES_KEY *ks)
|
-padlock_bswapl(AES_KEY *ks)
|
||||||
@ -48,11 +49,12 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e
|
|||||||
- }
|
- }
|
||||||
-}
|
-}
|
||||||
-#endif
|
-#endif
|
||||||
|
-#endif
|
||||||
-
|
-
|
||||||
/* Force key reload from memory to the CPU microcode.
|
/* Force key reload from memory to the CPU microcode.
|
||||||
Loading EFLAGS from the stack clears EFLAGS[30]
|
Loading EFLAGS from the stack clears EFLAGS[30]
|
||||||
which does the trick. */
|
which does the trick. */
|
||||||
@@ -455,12 +444,127 @@ static inline void *name(size_t cnt, \
|
@@ -457,12 +444,129 @@ static inline void *name(size_t cnt, \
|
||||||
: "edx", "cc", "memory"); \
|
: "edx", "cc", "memory"); \
|
||||||
return iv; \
|
return iv; \
|
||||||
}
|
}
|
||||||
@ -165,6 +167,7 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e
|
|||||||
PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */
|
PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */
|
||||||
PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */
|
PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */
|
||||||
+
|
+
|
||||||
|
+#ifndef AES_ASM
|
||||||
+/* Our own htonl()/ntohl() */
|
+/* Our own htonl()/ntohl() */
|
||||||
+static inline void
|
+static inline void
|
||||||
+padlock_bswapl(AES_KEY *ks)
|
+padlock_bswapl(AES_KEY *ks)
|
||||||
@ -177,10 +180,11 @@ diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/e
|
|||||||
+ key++;
|
+ key++;
|
||||||
+ }
|
+ }
|
||||||
+}
|
+}
|
||||||
|
+#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* The RNG call itself */
|
/* The RNG call itself */
|
||||||
@@ -491,8 +595,8 @@ padlock_xstore(void *addr, unsigned int
|
@@ -493,8 +597,8 @@ padlock_xstore(void *addr, unsigned int
|
||||||
static inline unsigned char *
|
static inline unsigned char *
|
||||||
padlock_memcpy(void *dst,const void *src,size_t n)
|
padlock_memcpy(void *dst,const void *src,size_t n)
|
||||||
{
|
{
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.0.1i/apps/apps.c.trusted-first openssl-1.0.1i/apps/apps.c
|
diff -up openssl-1.0.1k/apps/apps.c.trusted-first openssl-1.0.1k/apps/apps.c
|
||||||
--- openssl-1.0.1i/apps/apps.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
|
--- openssl-1.0.1k/apps/apps.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
|
||||||
+++ openssl-1.0.1i/apps/apps.c 2014-08-07 13:54:27.751103405 +0200
|
+++ openssl-1.0.1k/apps/apps.c 2015-01-09 10:19:45.476779456 +0100
|
||||||
@@ -2365,6 +2365,8 @@ int args_verify(char ***pargs, int *parg
|
@@ -2365,6 +2365,8 @@ int args_verify(char ***pargs, int *parg
|
||||||
flags |= X509_V_FLAG_NOTIFY_POLICY;
|
flags |= X509_V_FLAG_NOTIFY_POLICY;
|
||||||
else if (!strcmp(arg, "-check_ss_sig"))
|
else if (!strcmp(arg, "-check_ss_sig"))
|
||||||
@ -10,9 +10,9 @@ diff -up openssl-1.0.1i/apps/apps.c.trusted-first openssl-1.0.1i/apps/apps.c
|
|||||||
else
|
else
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
diff -up openssl-1.0.1i/apps/cms.c.trusted-first openssl-1.0.1i/apps/cms.c
|
diff -up openssl-1.0.1k/apps/cms.c.trusted-first openssl-1.0.1k/apps/cms.c
|
||||||
--- openssl-1.0.1i/apps/cms.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
|
--- openssl-1.0.1k/apps/cms.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
|
||||||
+++ openssl-1.0.1i/apps/cms.c 2014-08-07 13:54:27.751103405 +0200
|
+++ openssl-1.0.1k/apps/cms.c 2015-01-09 10:19:45.476779456 +0100
|
||||||
@@ -642,6 +642,7 @@ int MAIN(int argc, char **argv)
|
@@ -642,6 +642,7 @@ int MAIN(int argc, char **argv)
|
||||||
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
|
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
|
||||||
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
|
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
|
||||||
@ -21,9 +21,9 @@ diff -up openssl-1.0.1i/apps/cms.c.trusted-first openssl-1.0.1i/apps/cms.c
|
|||||||
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
|
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||||
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
|
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
|
||||||
#ifndef OPENSSL_NO_ENGINE
|
#ifndef OPENSSL_NO_ENGINE
|
||||||
diff -up openssl-1.0.1i/apps/ocsp.c.trusted-first openssl-1.0.1i/apps/ocsp.c
|
diff -up openssl-1.0.1k/apps/ocsp.c.trusted-first openssl-1.0.1k/apps/ocsp.c
|
||||||
--- openssl-1.0.1i/apps/ocsp.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
|
--- openssl-1.0.1k/apps/ocsp.c.trusted-first 2015-01-09 10:19:45.477779478 +0100
|
||||||
+++ openssl-1.0.1i/apps/ocsp.c 2014-08-07 13:54:27.752103409 +0200
|
+++ openssl-1.0.1k/apps/ocsp.c 2015-01-09 10:20:57.726413440 +0100
|
||||||
@@ -605,6 +605,7 @@ int MAIN(int argc, char **argv)
|
@@ -605,6 +605,7 @@ int MAIN(int argc, char **argv)
|
||||||
BIO_printf (bio_err, "-path path to use in OCSP request\n");
|
BIO_printf (bio_err, "-path path to use in OCSP request\n");
|
||||||
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
|
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
|
||||||
@ -32,9 +32,9 @@ diff -up openssl-1.0.1i/apps/ocsp.c.trusted-first openssl-1.0.1i/apps/ocsp.c
|
|||||||
BIO_printf (bio_err, "-VAfile file validator certificates file\n");
|
BIO_printf (bio_err, "-VAfile file validator certificates file\n");
|
||||||
BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
|
BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
|
||||||
BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
|
BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
|
||||||
diff -up openssl-1.0.1i/apps/s_client.c.trusted-first openssl-1.0.1i/apps/s_client.c
|
diff -up openssl-1.0.1k/apps/s_client.c.trusted-first openssl-1.0.1k/apps/s_client.c
|
||||||
--- openssl-1.0.1i/apps/s_client.c.trusted-first 2014-08-07 13:54:27.752103409 +0200
|
--- openssl-1.0.1k/apps/s_client.c.trusted-first 2015-01-09 10:19:45.438778596 +0100
|
||||||
+++ openssl-1.0.1i/apps/s_client.c 2014-08-07 15:06:28.443918055 +0200
|
+++ openssl-1.0.1k/apps/s_client.c 2015-01-09 10:19:45.477779478 +0100
|
||||||
@@ -299,6 +299,7 @@ static void sc_usage(void)
|
@@ -299,6 +299,7 @@ static void sc_usage(void)
|
||||||
BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
|
BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
|
||||||
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
|
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
|
||||||
@ -43,9 +43,9 @@ diff -up openssl-1.0.1i/apps/s_client.c.trusted-first openssl-1.0.1i/apps/s_clie
|
|||||||
BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
|
BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
|
||||||
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
|
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
|
||||||
BIO_printf(bio_err," -prexit - print session information even on connection failure\n");
|
BIO_printf(bio_err," -prexit - print session information even on connection failure\n");
|
||||||
diff -up openssl-1.0.1i/apps/smime.c.trusted-first openssl-1.0.1i/apps/smime.c
|
diff -up openssl-1.0.1k/apps/smime.c.trusted-first openssl-1.0.1k/apps/smime.c
|
||||||
--- openssl-1.0.1i/apps/smime.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
|
--- openssl-1.0.1k/apps/smime.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
|
||||||
+++ openssl-1.0.1i/apps/smime.c 2014-08-07 13:54:27.753103414 +0200
|
+++ openssl-1.0.1k/apps/smime.c 2015-01-09 10:19:45.477779478 +0100
|
||||||
@@ -479,6 +479,7 @@ int MAIN(int argc, char **argv)
|
@@ -479,6 +479,7 @@ int MAIN(int argc, char **argv)
|
||||||
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
|
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
|
||||||
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
|
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
|
||||||
@ -54,9 +54,9 @@ diff -up openssl-1.0.1i/apps/smime.c.trusted-first openssl-1.0.1i/apps/smime.c
|
|||||||
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
|
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||||
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
|
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
|
||||||
#ifndef OPENSSL_NO_ENGINE
|
#ifndef OPENSSL_NO_ENGINE
|
||||||
diff -up openssl-1.0.1i/apps/s_server.c.trusted-first openssl-1.0.1i/apps/s_server.c
|
diff -up openssl-1.0.1k/apps/s_server.c.trusted-first openssl-1.0.1k/apps/s_server.c
|
||||||
--- openssl-1.0.1i/apps/s_server.c.trusted-first 2014-08-07 13:54:27.718103241 +0200
|
--- openssl-1.0.1k/apps/s_server.c.trusted-first 2015-01-09 10:19:45.445778755 +0100
|
||||||
+++ openssl-1.0.1i/apps/s_server.c 2014-08-07 13:54:27.753103414 +0200
|
+++ openssl-1.0.1k/apps/s_server.c 2015-01-09 10:19:45.478779501 +0100
|
||||||
@@ -502,6 +502,7 @@ static void sv_usage(void)
|
@@ -502,6 +502,7 @@ static void sv_usage(void)
|
||||||
BIO_printf(bio_err," -state - Print the SSL states\n");
|
BIO_printf(bio_err," -state - Print the SSL states\n");
|
||||||
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
|
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
|
||||||
@ -65,9 +65,9 @@ diff -up openssl-1.0.1i/apps/s_server.c.trusted-first openssl-1.0.1i/apps/s_serv
|
|||||||
BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
|
BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
|
||||||
BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
|
BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
|
||||||
BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
|
BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
|
||||||
diff -up openssl-1.0.1i/apps/s_time.c.trusted-first openssl-1.0.1i/apps/s_time.c
|
diff -up openssl-1.0.1k/apps/s_time.c.trusted-first openssl-1.0.1k/apps/s_time.c
|
||||||
--- openssl-1.0.1i/apps/s_time.c.trusted-first 2014-08-07 13:54:27.432101823 +0200
|
--- openssl-1.0.1k/apps/s_time.c.trusted-first 2015-01-09 10:19:45.391777534 +0100
|
||||||
+++ openssl-1.0.1i/apps/s_time.c 2014-08-07 13:54:27.753103414 +0200
|
+++ openssl-1.0.1k/apps/s_time.c 2015-01-09 10:19:45.478779501 +0100
|
||||||
@@ -179,6 +179,7 @@ static void s_time_usage(void)
|
@@ -179,6 +179,7 @@ static void s_time_usage(void)
|
||||||
file if not specified by this option\n\
|
file if not specified by this option\n\
|
||||||
-CApath arg - PEM format directory of CA's\n\
|
-CApath arg - PEM format directory of CA's\n\
|
||||||
@ -76,9 +76,9 @@ diff -up openssl-1.0.1i/apps/s_time.c.trusted-first openssl-1.0.1i/apps/s_time.c
|
|||||||
-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
|
-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
|
||||||
|
|
||||||
printf( "usage: s_time <args>\n\n" );
|
printf( "usage: s_time <args>\n\n" );
|
||||||
diff -up openssl-1.0.1i/apps/ts.c.trusted-first openssl-1.0.1i/apps/ts.c
|
diff -up openssl-1.0.1k/apps/ts.c.trusted-first openssl-1.0.1k/apps/ts.c
|
||||||
--- openssl-1.0.1i/apps/ts.c.trusted-first 2014-08-07 13:54:27.707103186 +0200
|
--- openssl-1.0.1k/apps/ts.c.trusted-first 2015-01-09 10:19:45.435778529 +0100
|
||||||
+++ openssl-1.0.1i/apps/ts.c 2014-08-07 13:54:27.753103414 +0200
|
+++ openssl-1.0.1k/apps/ts.c 2015-01-09 10:19:45.478779501 +0100
|
||||||
@@ -383,7 +383,7 @@ int MAIN(int argc, char **argv)
|
@@ -383,7 +383,7 @@ int MAIN(int argc, char **argv)
|
||||||
"ts -verify [-data file_to_hash] [-digest digest_bytes] "
|
"ts -verify [-data file_to_hash] [-digest digest_bytes] "
|
||||||
"[-queryfile request.tsq] "
|
"[-queryfile request.tsq] "
|
||||||
@ -88,9 +88,9 @@ diff -up openssl-1.0.1i/apps/ts.c.trusted-first openssl-1.0.1i/apps/ts.c
|
|||||||
"-untrusted cert_file.pem\n");
|
"-untrusted cert_file.pem\n");
|
||||||
cleanup:
|
cleanup:
|
||||||
/* Clean up. */
|
/* Clean up. */
|
||||||
diff -up openssl-1.0.1i/apps/verify.c.trusted-first openssl-1.0.1i/apps/verify.c
|
diff -up openssl-1.0.1k/apps/verify.c.trusted-first openssl-1.0.1k/apps/verify.c
|
||||||
--- openssl-1.0.1i/apps/verify.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
|
--- openssl-1.0.1k/apps/verify.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
|
||||||
+++ openssl-1.0.1i/apps/verify.c 2014-08-07 13:54:27.754103419 +0200
|
+++ openssl-1.0.1k/apps/verify.c 2015-01-09 10:19:45.478779501 +0100
|
||||||
@@ -237,7 +237,7 @@ int MAIN(int argc, char **argv)
|
@@ -237,7 +237,7 @@ int MAIN(int argc, char **argv)
|
||||||
|
|
||||||
end:
|
end:
|
||||||
@ -100,9 +100,9 @@ diff -up openssl-1.0.1i/apps/verify.c.trusted-first openssl-1.0.1i/apps/verify.c
|
|||||||
BIO_printf(bio_err," [-attime timestamp]");
|
BIO_printf(bio_err," [-attime timestamp]");
|
||||||
#ifndef OPENSSL_NO_ENGINE
|
#ifndef OPENSSL_NO_ENGINE
|
||||||
BIO_printf(bio_err," [-engine e]");
|
BIO_printf(bio_err," [-engine e]");
|
||||||
diff -up openssl-1.0.1i/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1i/crypto/x509/x509_vfy.c
|
diff -up openssl-1.0.1k/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1k/crypto/x509/x509_vfy.c
|
||||||
--- openssl-1.0.1i/crypto/x509/x509_vfy.c.trusted-first 2014-08-07 13:54:27.716103231 +0200
|
--- openssl-1.0.1k/crypto/x509/x509_vfy.c.trusted-first 2015-01-09 10:19:45.443778710 +0100
|
||||||
+++ openssl-1.0.1i/crypto/x509/x509_vfy.c 2014-08-07 13:54:27.754103419 +0200
|
+++ openssl-1.0.1k/crypto/x509/x509_vfy.c 2015-01-09 10:19:45.479779524 +0100
|
||||||
@@ -207,6 +207,21 @@ int X509_verify_cert(X509_STORE_CTX *ctx
|
@@ -207,6 +207,21 @@ int X509_verify_cert(X509_STORE_CTX *ctx
|
||||||
|
|
||||||
/* If we are self signed, we break */
|
/* If we are self signed, we break */
|
||||||
@ -125,9 +125,9 @@ diff -up openssl-1.0.1i/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1i/cryp
|
|||||||
|
|
||||||
/* If we were passed a cert chain, use it first */
|
/* If we were passed a cert chain, use it first */
|
||||||
if (ctx->untrusted != NULL)
|
if (ctx->untrusted != NULL)
|
||||||
diff -up openssl-1.0.1i/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1i/crypto/x509/x509_vfy.h
|
diff -up openssl-1.0.1k/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1k/crypto/x509/x509_vfy.h
|
||||||
--- openssl-1.0.1i/crypto/x509/x509_vfy.h.trusted-first 2014-08-07 13:54:27.360101466 +0200
|
--- openssl-1.0.1k/crypto/x509/x509_vfy.h.trusted-first 2015-01-09 10:19:45.266774706 +0100
|
||||||
+++ openssl-1.0.1i/crypto/x509/x509_vfy.h 2014-08-07 13:54:27.754103419 +0200
|
+++ openssl-1.0.1k/crypto/x509/x509_vfy.h 2015-01-09 10:19:45.479779524 +0100
|
||||||
@@ -389,6 +389,8 @@ void X509_STORE_CTX_set_depth(X509_STORE
|
@@ -389,6 +389,8 @@ void X509_STORE_CTX_set_depth(X509_STORE
|
||||||
#define X509_V_FLAG_USE_DELTAS 0x2000
|
#define X509_V_FLAG_USE_DELTAS 0x2000
|
||||||
/* Check selfsigned CA signature */
|
/* Check selfsigned CA signature */
|
||||||
@ -137,9 +137,9 @@ diff -up openssl-1.0.1i/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1i/cryp
|
|||||||
|
|
||||||
|
|
||||||
#define X509_VP_FLAG_DEFAULT 0x1
|
#define X509_VP_FLAG_DEFAULT 0x1
|
||||||
diff -up openssl-1.0.1i/doc/apps/cms.pod.trusted-first openssl-1.0.1i/doc/apps/cms.pod
|
diff -up openssl-1.0.1k/doc/apps/cms.pod.trusted-first openssl-1.0.1k/doc/apps/cms.pod
|
||||||
--- openssl-1.0.1i/doc/apps/cms.pod.trusted-first 2014-08-06 23:10:56.000000000 +0200
|
--- openssl-1.0.1k/doc/apps/cms.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
|
||||||
+++ openssl-1.0.1i/doc/apps/cms.pod 2014-08-07 13:54:27.754103419 +0200
|
+++ openssl-1.0.1k/doc/apps/cms.pod 2015-01-09 10:19:45.479779524 +0100
|
||||||
@@ -35,6 +35,7 @@ B<openssl> B<cms>
|
@@ -35,6 +35,7 @@ B<openssl> B<cms>
|
||||||
[B<-print>]
|
[B<-print>]
|
||||||
[B<-CAfile file>]
|
[B<-CAfile file>]
|
||||||
@ -161,9 +161,9 @@ diff -up openssl-1.0.1i/doc/apps/cms.pod.trusted-first openssl-1.0.1i/doc/apps/c
|
|||||||
=item B<-md digest>
|
=item B<-md digest>
|
||||||
|
|
||||||
digest algorithm to use when signing or resigning. If not present then the
|
digest algorithm to use when signing or resigning. If not present then the
|
||||||
diff -up openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first openssl-1.0.1i/doc/apps/ocsp.pod
|
diff -up openssl-1.0.1k/doc/apps/ocsp.pod.trusted-first openssl-1.0.1k/doc/apps/ocsp.pod
|
||||||
--- openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first 2014-08-07 13:54:27.708103191 +0200
|
--- openssl-1.0.1k/doc/apps/ocsp.pod.trusted-first 2015-01-09 10:19:45.436778551 +0100
|
||||||
+++ openssl-1.0.1i/doc/apps/ocsp.pod 2014-08-07 13:54:27.755103424 +0200
|
+++ openssl-1.0.1k/doc/apps/ocsp.pod 2015-01-09 10:19:45.479779524 +0100
|
||||||
@@ -29,6 +29,7 @@ B<openssl> B<ocsp>
|
@@ -29,6 +29,7 @@ B<openssl> B<ocsp>
|
||||||
[B<-path>]
|
[B<-path>]
|
||||||
[B<-CApath dir>]
|
[B<-CApath dir>]
|
||||||
@ -172,7 +172,7 @@ diff -up openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first openssl-1.0.1i/doc/apps/
|
|||||||
[B<-VAfile file>]
|
[B<-VAfile file>]
|
||||||
[B<-validity_period n>]
|
[B<-validity_period n>]
|
||||||
[B<-status_age n>]
|
[B<-status_age n>]
|
||||||
@@ -138,6 +139,13 @@ or "/" by default.
|
@@ -142,6 +143,13 @@ connection timeout to the OCSP responder
|
||||||
file or pathname containing trusted CA certificates. These are used to verify
|
file or pathname containing trusted CA certificates. These are used to verify
|
||||||
the signature on the OCSP response.
|
the signature on the OCSP response.
|
||||||
|
|
||||||
@ -186,9 +186,9 @@ diff -up openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first openssl-1.0.1i/doc/apps/
|
|||||||
=item B<-verify_other file>
|
=item B<-verify_other file>
|
||||||
|
|
||||||
file containing additional certificates to search when attempting to locate
|
file containing additional certificates to search when attempting to locate
|
||||||
diff -up openssl-1.0.1i/doc/apps/s_client.pod.trusted-first openssl-1.0.1i/doc/apps/s_client.pod
|
diff -up openssl-1.0.1k/doc/apps/s_client.pod.trusted-first openssl-1.0.1k/doc/apps/s_client.pod
|
||||||
--- openssl-1.0.1i/doc/apps/s_client.pod.trusted-first 2014-08-07 13:54:27.726103281 +0200
|
--- openssl-1.0.1k/doc/apps/s_client.pod.trusted-first 2015-01-09 10:19:45.451778890 +0100
|
||||||
+++ openssl-1.0.1i/doc/apps/s_client.pod 2014-08-07 13:54:27.755103424 +0200
|
+++ openssl-1.0.1k/doc/apps/s_client.pod 2015-01-09 10:19:45.479779524 +0100
|
||||||
@@ -19,6 +19,7 @@ B<openssl> B<s_client>
|
@@ -19,6 +19,7 @@ B<openssl> B<s_client>
|
||||||
[B<-pass arg>]
|
[B<-pass arg>]
|
||||||
[B<-CApath directory>]
|
[B<-CApath directory>]
|
||||||
@ -206,9 +206,9 @@ diff -up openssl-1.0.1i/doc/apps/s_client.pod.trusted-first openssl-1.0.1i/doc/a
|
|||||||
|
|
||||||
Set various certificate chain valiadition option. See the
|
Set various certificate chain valiadition option. See the
|
||||||
L<B<verify>|verify(1)> manual page for details.
|
L<B<verify>|verify(1)> manual page for details.
|
||||||
diff -up openssl-1.0.1i/doc/apps/smime.pod.trusted-first openssl-1.0.1i/doc/apps/smime.pod
|
diff -up openssl-1.0.1k/doc/apps/smime.pod.trusted-first openssl-1.0.1k/doc/apps/smime.pod
|
||||||
--- openssl-1.0.1i/doc/apps/smime.pod.trusted-first 2014-07-22 21:43:11.000000000 +0200
|
--- openssl-1.0.1k/doc/apps/smime.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
|
||||||
+++ openssl-1.0.1i/doc/apps/smime.pod 2014-08-07 13:54:27.755103424 +0200
|
+++ openssl-1.0.1k/doc/apps/smime.pod 2015-01-09 10:19:45.479779524 +0100
|
||||||
@@ -15,6 +15,9 @@ B<openssl> B<smime>
|
@@ -15,6 +15,9 @@ B<openssl> B<smime>
|
||||||
[B<-pk7out>]
|
[B<-pk7out>]
|
||||||
[B<-[cipher]>]
|
[B<-[cipher]>]
|
||||||
@ -232,9 +232,9 @@ diff -up openssl-1.0.1i/doc/apps/smime.pod.trusted-first openssl-1.0.1i/doc/apps
|
|||||||
=item B<-md digest>
|
=item B<-md digest>
|
||||||
|
|
||||||
digest algorithm to use when signing or resigning. If not present then the
|
digest algorithm to use when signing or resigning. If not present then the
|
||||||
diff -up openssl-1.0.1i/doc/apps/s_server.pod.trusted-first openssl-1.0.1i/doc/apps/s_server.pod
|
diff -up openssl-1.0.1k/doc/apps/s_server.pod.trusted-first openssl-1.0.1k/doc/apps/s_server.pod
|
||||||
--- openssl-1.0.1i/doc/apps/s_server.pod.trusted-first 2014-08-07 13:54:27.726103281 +0200
|
--- openssl-1.0.1k/doc/apps/s_server.pod.trusted-first 2015-01-09 10:19:45.451778890 +0100
|
||||||
+++ openssl-1.0.1i/doc/apps/s_server.pod 2014-08-07 15:07:12.315099577 +0200
|
+++ openssl-1.0.1k/doc/apps/s_server.pod 2015-01-09 10:19:45.479779524 +0100
|
||||||
@@ -33,6 +33,7 @@ B<openssl> B<s_server>
|
@@ -33,6 +33,7 @@ B<openssl> B<s_server>
|
||||||
[B<-state>]
|
[B<-state>]
|
||||||
[B<-CApath directory>]
|
[B<-CApath directory>]
|
||||||
@ -256,9 +256,9 @@ diff -up openssl-1.0.1i/doc/apps/s_server.pod.trusted-first openssl-1.0.1i/doc/a
|
|||||||
=item B<-state>
|
=item B<-state>
|
||||||
|
|
||||||
prints out the SSL session states.
|
prints out the SSL session states.
|
||||||
diff -up openssl-1.0.1i/doc/apps/s_time.pod.trusted-first openssl-1.0.1i/doc/apps/s_time.pod
|
diff -up openssl-1.0.1k/doc/apps/s_time.pod.trusted-first openssl-1.0.1k/doc/apps/s_time.pod
|
||||||
--- openssl-1.0.1i/doc/apps/s_time.pod.trusted-first 2014-07-22 21:41:23.000000000 +0200
|
--- openssl-1.0.1k/doc/apps/s_time.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
|
||||||
+++ openssl-1.0.1i/doc/apps/s_time.pod 2014-08-07 13:54:27.755103424 +0200
|
+++ openssl-1.0.1k/doc/apps/s_time.pod 2015-01-09 10:19:45.480779546 +0100
|
||||||
@@ -14,6 +14,7 @@ B<openssl> B<s_time>
|
@@ -14,6 +14,7 @@ B<openssl> B<s_time>
|
||||||
[B<-key filename>]
|
[B<-key filename>]
|
||||||
[B<-CApath directory>]
|
[B<-CApath directory>]
|
||||||
@ -280,9 +280,9 @@ diff -up openssl-1.0.1i/doc/apps/s_time.pod.trusted-first openssl-1.0.1i/doc/app
|
|||||||
=item B<-new>
|
=item B<-new>
|
||||||
|
|
||||||
performs the timing test using a new session ID for each connection.
|
performs the timing test using a new session ID for each connection.
|
||||||
diff -up openssl-1.0.1i/doc/apps/ts.pod.trusted-first openssl-1.0.1i/doc/apps/ts.pod
|
diff -up openssl-1.0.1k/doc/apps/ts.pod.trusted-first openssl-1.0.1k/doc/apps/ts.pod
|
||||||
--- openssl-1.0.1i/doc/apps/ts.pod.trusted-first 2014-07-22 21:41:23.000000000 +0200
|
--- openssl-1.0.1k/doc/apps/ts.pod.trusted-first 2014-10-15 15:49:15.000000000 +0200
|
||||||
+++ openssl-1.0.1i/doc/apps/ts.pod 2014-08-07 13:54:27.756103429 +0200
|
+++ openssl-1.0.1k/doc/apps/ts.pod 2015-01-09 10:19:45.480779546 +0100
|
||||||
@@ -46,6 +46,7 @@ B<-verify>
|
@@ -46,6 +46,7 @@ B<-verify>
|
||||||
[B<-token_in>]
|
[B<-token_in>]
|
||||||
[B<-CApath> trusted_cert_path]
|
[B<-CApath> trusted_cert_path]
|
||||||
@ -304,9 +304,9 @@ diff -up openssl-1.0.1i/doc/apps/ts.pod.trusted-first openssl-1.0.1i/doc/apps/ts
|
|||||||
=item B<-untrusted> cert_file.pem
|
=item B<-untrusted> cert_file.pem
|
||||||
|
|
||||||
Set of additional untrusted certificates in PEM format which may be
|
Set of additional untrusted certificates in PEM format which may be
|
||||||
diff -up openssl-1.0.1i/doc/apps/verify.pod.trusted-first openssl-1.0.1i/doc/apps/verify.pod
|
diff -up openssl-1.0.1k/doc/apps/verify.pod.trusted-first openssl-1.0.1k/doc/apps/verify.pod
|
||||||
--- openssl-1.0.1i/doc/apps/verify.pod.trusted-first 2014-08-06 23:10:56.000000000 +0200
|
--- openssl-1.0.1k/doc/apps/verify.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
|
||||||
+++ openssl-1.0.1i/doc/apps/verify.pod 2014-08-07 13:54:27.756103429 +0200
|
+++ openssl-1.0.1k/doc/apps/verify.pod 2015-01-09 10:19:45.480779546 +0100
|
||||||
@@ -9,6 +9,7 @@ verify - Utility to verify certificates.
|
@@ -9,6 +9,7 @@ verify - Utility to verify certificates.
|
||||||
B<openssl> B<verify>
|
B<openssl> B<verify>
|
||||||
[B<-CApath directory>]
|
[B<-CApath directory>]
|
19
openssl.spec
19
openssl.spec
@ -22,8 +22,8 @@
|
|||||||
|
|
||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.0.1j
|
Version: 1.0.1k
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -58,11 +58,11 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
|
|||||||
Patch34: openssl-0.9.6-x509.patch
|
Patch34: openssl-0.9.6-x509.patch
|
||||||
Patch35: openssl-0.9.8j-version-add-engines.patch
|
Patch35: openssl-0.9.8j-version-add-engines.patch
|
||||||
Patch39: openssl-1.0.1h-ipv6-apps.patch
|
Patch39: openssl-1.0.1h-ipv6-apps.patch
|
||||||
Patch40: openssl-1.0.1j-fips.patch
|
Patch40: openssl-1.0.1k-fips.patch
|
||||||
Patch45: openssl-1.0.1e-env-zlib.patch
|
Patch45: openssl-1.0.1e-env-zlib.patch
|
||||||
Patch47: openssl-1.0.0-beta5-readme-warning.patch
|
Patch47: openssl-1.0.0-beta5-readme-warning.patch
|
||||||
Patch49: openssl-1.0.1i-algo-doc.patch
|
Patch49: openssl-1.0.1i-algo-doc.patch
|
||||||
Patch50: openssl-1.0.1-beta2-dtls1-abi.patch
|
Patch50: openssl-1.0.1k-dtls1-abi.patch
|
||||||
Patch51: openssl-1.0.1e-version.patch
|
Patch51: openssl-1.0.1e-version.patch
|
||||||
Patch56: openssl-1.0.0c-rsa-x931.patch
|
Patch56: openssl-1.0.0c-rsa-x931.patch
|
||||||
Patch58: openssl-1.0.1-beta2-fips-md5-allow.patch
|
Patch58: openssl-1.0.1-beta2-fips-md5-allow.patch
|
||||||
@ -75,7 +75,7 @@ Patch69: openssl-1.0.1c-dh-1024.patch
|
|||||||
Patch70: openssl-1.0.1j-fips-ec.patch
|
Patch70: openssl-1.0.1j-fips-ec.patch
|
||||||
Patch71: openssl-1.0.1i-manfix.patch
|
Patch71: openssl-1.0.1i-manfix.patch
|
||||||
Patch72: openssl-1.0.1e-fips-ctor.patch
|
Patch72: openssl-1.0.1e-fips-ctor.patch
|
||||||
Patch73: openssl-1.0.1e-ecc-suiteb.patch
|
Patch73: openssl-1.0.1k-ecc-suiteb.patch
|
||||||
Patch74: openssl-1.0.1e-no-md5-verify.patch
|
Patch74: openssl-1.0.1e-no-md5-verify.patch
|
||||||
Patch75: openssl-1.0.1e-compat-symbols.patch
|
Patch75: openssl-1.0.1e-compat-symbols.patch
|
||||||
Patch76: openssl-1.0.1i-new-fips-reqs.patch
|
Patch76: openssl-1.0.1i-new-fips-reqs.patch
|
||||||
@ -85,10 +85,10 @@ Patch92: openssl-1.0.1h-system-cipherlist.patch
|
|||||||
Patch93: openssl-1.0.1h-disable-sslv2v3.patch
|
Patch93: openssl-1.0.1h-disable-sslv2v3.patch
|
||||||
# Backported fixes including security fixes
|
# Backported fixes including security fixes
|
||||||
Patch80: openssl-1.0.1j-evp-wrap.patch
|
Patch80: openssl-1.0.1j-evp-wrap.patch
|
||||||
Patch81: openssl-1.0.1-beta2-padlock64.patch
|
Patch81: openssl-1.0.1k-padlock64.patch
|
||||||
Patch84: openssl-1.0.1i-trusted-first.patch
|
Patch84: openssl-1.0.1k-trusted-first.patch
|
||||||
Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
|
Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
|
||||||
Patch89: openssl-1.0.1j-ephemeral-key-size.patch
|
Patch89: openssl-1.0.1k-ephemeral-key-size.patch
|
||||||
|
|
||||||
License: OpenSSL
|
License: OpenSSL
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
@ -478,6 +478,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
|||||||
%postun libs -p /sbin/ldconfig
|
%postun libs -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 9 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-1
|
||||||
|
- new upstream release fixing multiple security issues
|
||||||
|
|
||||||
* Thu Nov 20 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1j-3
|
* Thu Nov 20 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1j-3
|
||||||
- disable SSLv3 by default again (mail servers and possibly
|
- disable SSLv3 by default again (mail servers and possibly
|
||||||
LDAP servers should probably allow it explicitly for legacy
|
LDAP servers should probably allow it explicitly for legacy
|
||||||
|
Loading…
Reference in New Issue
Block a user