forked from rpms/openssl
add missing initialization of str in aes_ccm_init_key (#853963)
- add important patches from upstream CVS
This commit is contained in:
Tomas Mraz
parent
eaa5561c35
commit
c015bd1b1e
103
openssl-1.0.1c-backports2.patch
Normal file
103
openssl-1.0.1c-backports2.patch
Normal file
@ -0,0 +1,103 @@
|
||||
diff -up openssl-1.0.1c/apps/cms.c.backports2 openssl-1.0.1c/apps/cms.c
|
||||
--- openssl-1.0.1c/apps/cms.c.backports2 2012-01-05 14:46:27.000000000 +0100
|
||||
+++ openssl-1.0.1c/apps/cms.c 2012-09-07 10:34:42.000000000 +0200
|
||||
@@ -233,6 +233,8 @@ int MAIN(int argc, char **argv)
|
||||
else if (!strcmp(*args,"-camellia256"))
|
||||
cipher = EVP_camellia_256_cbc();
|
||||
#endif
|
||||
+ else if (!strcmp (*args, "-debug_decrypt"))
|
||||
+ flags |= CMS_DEBUG_DECRYPT;
|
||||
else if (!strcmp (*args, "-text"))
|
||||
flags |= CMS_TEXT;
|
||||
else if (!strcmp (*args, "-nointern"))
|
||||
@@ -1039,6 +1041,8 @@ int MAIN(int argc, char **argv)
|
||||
ret = 4;
|
||||
if (operation == SMIME_DECRYPT)
|
||||
{
|
||||
+ if (flags & CMS_DEBUG_DECRYPT)
|
||||
+ CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
|
||||
|
||||
if (secret_key)
|
||||
{
|
||||
diff -up openssl-1.0.1c/crypto/bn/bn_lcl.h.backports2 openssl-1.0.1c/crypto/bn/bn_lcl.h
|
||||
--- openssl-1.0.1c/crypto/bn/bn_lcl.h.backports2 2012-09-06 17:25:22.000000000 +0200
|
||||
+++ openssl-1.0.1c/crypto/bn/bn_lcl.h 2012-09-07 10:22:43.000000000 +0200
|
||||
@@ -282,16 +282,23 @@ extern "C" {
|
||||
# endif
|
||||
# elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
|
||||
# if defined(__GNUC__) && __GNUC__>=2
|
||||
-# define BN_UMULT_HIGH(a,b) ({ \
|
||||
+# if __GNUC__>=4 && __GNUC_MINOR__>=4 /* "h" constraint is no more since 4.4 */
|
||||
+# define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64)
|
||||
+# define BN_UMULT_LOHI(low,high,a,b) ({ \
|
||||
+ __uint128_t ret=(__uint128_t)(a)*(b); \
|
||||
+ (high)=ret>>64; (low)=ret; })
|
||||
+# else
|
||||
+# define BN_UMULT_HIGH(a,b) ({ \
|
||||
register BN_ULONG ret; \
|
||||
asm ("dmultu %1,%2" \
|
||||
: "=h"(ret) \
|
||||
: "r"(a), "r"(b) : "l"); \
|
||||
ret; })
|
||||
-# define BN_UMULT_LOHI(low,high,a,b) \
|
||||
+# define BN_UMULT_LOHI(low,high,a,b)\
|
||||
asm ("dmultu %2,%3" \
|
||||
: "=l"(low),"=h"(high) \
|
||||
: "r"(a), "r"(b));
|
||||
+# endif
|
||||
# endif
|
||||
# endif /* cpu */
|
||||
#endif /* OPENSSL_NO_ASM */
|
||||
diff -up openssl-1.0.1c/crypto/modes/gcm128.c.backports2 openssl-1.0.1c/crypto/modes/gcm128.c
|
||||
--- openssl-1.0.1c/crypto/modes/gcm128.c.backports2 2012-01-25 18:56:24.000000000 +0100
|
||||
+++ openssl-1.0.1c/crypto/modes/gcm128.c 2012-09-07 10:24:56.000000000 +0200
|
||||
@@ -1398,7 +1398,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT
|
||||
void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult;
|
||||
#endif
|
||||
|
||||
- if (ctx->mres)
|
||||
+ if (ctx->mres || ctx->ares)
|
||||
GCM_MUL(ctx,Xi);
|
||||
|
||||
if (is_endian.little) {
|
||||
diff -up openssl-1.0.1c/ssl/ssl_cert.c.backports2 openssl-1.0.1c/ssl/ssl_cert.c
|
||||
--- openssl-1.0.1c/ssl/ssl_cert.c.backports2 2011-05-11 15:37:52.000000000 +0200
|
||||
+++ openssl-1.0.1c/ssl/ssl_cert.c 2012-09-07 10:33:54.000000000 +0200
|
||||
@@ -164,14 +164,14 @@ static void ssl_cert_set_default_md(CERT
|
||||
{
|
||||
/* Set digest values to defaults */
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
- cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
|
||||
+ cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
|
||||
cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ECDSA
|
||||
- cert->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
|
||||
+ cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
|
||||
#endif
|
||||
}
|
||||
|
||||
diff -up openssl-1.0.1c/ssl/t1_lib.c.backports2 openssl-1.0.1c/ssl/t1_lib.c
|
||||
--- openssl-1.0.1c/ssl/t1_lib.c.backports2 2012-03-21 22:32:57.000000000 +0100
|
||||
+++ openssl-1.0.1c/ssl/t1_lib.c 2012-09-07 10:33:54.000000000 +0200
|
||||
@@ -2414,7 +2414,7 @@ int tls1_process_sigalgs(SSL *s, const u
|
||||
*/
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
|
||||
- c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
|
||||
+ c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest)
|
||||
@@ -2425,7 +2425,7 @@ int tls1_process_sigalgs(SSL *s, const u
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ECDSA
|
||||
if (!c->pkeys[SSL_PKEY_ECC].digest)
|
||||
- c->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
|
||||
+ c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
11
openssl-1.0.1c-ccm-init-str.patch
Normal file
11
openssl-1.0.1c-ccm-init-str.patch
Normal file
@ -0,0 +1,11 @@
|
||||
diff -up openssl-1.0.1c/crypto/evp/e_aes.c.init-str openssl-1.0.1c/crypto/evp/e_aes.c
|
||||
--- openssl-1.0.1c/crypto/evp/e_aes.c.init-str 2012-09-06 17:20:45.000000000 +0200
|
||||
+++ openssl-1.0.1c/crypto/evp/e_aes.c 2012-09-06 17:18:30.000000000 +0200
|
||||
@@ -1216,6 +1216,7 @@ static int aes_ccm_init_key(EVP_CIPHER_C
|
||||
vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
|
||||
CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
|
||||
&cctx->ks, (block128_f)vpaes_encrypt);
|
||||
+ cctx->str = NULL;
|
||||
cctx->key_set = 1;
|
||||
break;
|
||||
}
|
||||
10
openssl.spec
10
openssl.spec
@ -22,7 +22,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implem
|
||||
Name: openssl
|
||||
Version: 1.0.1c
|
||||
# Do not forget to bump SHLIB_VERSION on version upgrades
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -70,6 +70,8 @@ Patch68: openssl-1.0.1c-secure-getenv.patch
|
||||
# Backported fixes including security fixes
|
||||
Patch81: openssl-1.0.1-beta2-padlock64.patch
|
||||
Patch82: openssl-1.0.1c-backports.patch
|
||||
Patch83: openssl-1.0.1c-ccm-init-str.patch
|
||||
Patch84: openssl-1.0.1c-backports2.patch
|
||||
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
@ -172,6 +174,8 @@ from other formats to the formats used by the OpenSSL toolkit.
|
||||
|
||||
%patch81 -p1 -b .padlock64
|
||||
%patch82 -p1 -b .backports
|
||||
%patch83 -p1 -b .init-str
|
||||
%patch84 -p1 -b .backports2
|
||||
|
||||
# Modify the various perl scripts to reference perl in the right location.
|
||||
perl util/perlpath.pl `dirname %{__perl}`
|
||||
@ -425,6 +429,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
||||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Fri Sep 7 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-7
|
||||
- add missing initialization of str in aes_ccm_init_key (#853963)
|
||||
- add important patches from upstream CVS
|
||||
|
||||
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.0.1c-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user