forked from rpms/openssl
fix regression in EVP_PBE_scrypt() (#1688284)
fix incorrect help message in ca app (#1553206)
This commit is contained in:
parent
e2ea1027fe
commit
c99b8bf7f9
@ -1,12 +1,12 @@
|
|||||||
diff -up openssl-1.1.0-pre5/apps/ca.c.dgst openssl-1.1.0-pre5/apps/ca.c
|
diff -up openssl-1.1.1b/apps/ca.c.dgst openssl-1.1.1b/apps/ca.c
|
||||||
--- openssl-1.1.0-pre5/apps/ca.c.dgst 2016-04-19 16:57:52.000000000 +0200
|
--- openssl-1.1.1b/apps/ca.c.dgst 2019-02-26 15:15:30.000000000 +0100
|
||||||
+++ openssl-1.1.0-pre5/apps/ca.c 2016-07-18 15:58:18.516742682 +0200
|
+++ openssl-1.1.1b/apps/ca.c 2019-03-15 15:53:46.622267688 +0100
|
||||||
@@ -216,7 +216,7 @@ OPTIONS ca_options[] = {
|
@@ -169,7 +169,7 @@ const OPTIONS ca_options[] = {
|
||||||
{"enddate", OPT_ENDDATE, 's',
|
{"enddate", OPT_ENDDATE, 's',
|
||||||
"YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
|
"YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
|
||||||
{"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
|
{"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
|
||||||
- {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
|
- {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
|
||||||
+ {"md", OPT_MD, 's', "md to use; see openssl dgst -h for list"},
|
+ {"md", OPT_MD, 's', "md to use; see openssl help for list"},
|
||||||
{"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
|
{"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
|
||||||
{"keyfile", OPT_KEYFILE, 's', "Private key"},
|
{"keyfile", OPT_KEYFILE, 's', "Private key"},
|
||||||
{"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},
|
{"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},
|
@ -634,7 +634,7 @@ diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/ev
|
|||||||
/*
|
/*
|
||||||
* Maximum permitted memory allow this to be overridden with Configuration
|
* Maximum permitted memory allow this to be overridden with Configuration
|
||||||
* option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible.
|
* option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible.
|
||||||
@@ -160,107 +37,39 @@ int EVP_PBE_scrypt(const char *pass, siz
|
@@ -160,107 +37,43 @@ int EVP_PBE_scrypt(const char *pass, siz
|
||||||
uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
|
uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
|
||||||
unsigned char *key, size_t keylen)
|
unsigned char *key, size_t keylen)
|
||||||
{
|
{
|
||||||
@ -706,6 +706,10 @@ diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/ev
|
|||||||
+ if (pass == NULL) {
|
+ if (pass == NULL) {
|
||||||
+ pass = empty;
|
+ pass = empty;
|
||||||
+ passlen = 0;
|
+ passlen = 0;
|
||||||
|
+ }
|
||||||
|
+ if (salt == NULL) {
|
||||||
|
+ salt = (const unsigned char *)empty;
|
||||||
|
+ saltlen = 0;
|
||||||
}
|
}
|
||||||
-
|
-
|
||||||
if (maxmem == 0)
|
if (maxmem == 0)
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.1.1b
|
Version: 1.1.1b
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -47,7 +47,7 @@ Patch21: openssl-1.1.0-issuer-hash.patch
|
|||||||
# Functionality changes
|
# Functionality changes
|
||||||
Patch31: openssl-1.1.1-conf-paths.patch
|
Patch31: openssl-1.1.1-conf-paths.patch
|
||||||
Patch32: openssl-1.1.1-version-add-engines.patch
|
Patch32: openssl-1.1.1-version-add-engines.patch
|
||||||
Patch33: openssl-1.1.0-apps-dgst.patch
|
Patch33: openssl-1.1.1-apps-dgst.patch
|
||||||
Patch36: openssl-1.1.1-no-brainpool.patch
|
Patch36: openssl-1.1.1-no-brainpool.patch
|
||||||
Patch37: openssl-1.1.1-ec-curves.patch
|
Patch37: openssl-1.1.1-ec-curves.patch
|
||||||
Patch38: openssl-1.1.1-no-weak-verify.patch
|
Patch38: openssl-1.1.1-no-weak-verify.patch
|
||||||
@ -448,6 +448,10 @@ export LD_LIBRARY_PATH
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Mar 15 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-3
|
||||||
|
- fix regression in EVP_PBE_scrypt() (#1688284)
|
||||||
|
- fix incorrect help message in ca app (#1553206)
|
||||||
|
|
||||||
* Fri Mar 1 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-2
|
* Fri Mar 1 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-2
|
||||||
- use .include = syntax in the config file to allow it
|
- use .include = syntax in the config file to allow it
|
||||||
to be parsed by 1.0.2 version (#1668916)
|
to be parsed by 1.0.2 version (#1668916)
|
||||||
|
Loading…
Reference in New Issue
Block a user