fix regression in EVP_PBE_scrypt() (#1688284)

fix incorrect help message in ca app (#1553206)
This commit is contained in:
Tomas Mraz 2019-03-15 16:05:02 +01:00
parent e2ea1027fe
commit c99b8bf7f9
3 changed files with 16 additions and 8 deletions

View File

@ -1,12 +1,12 @@
diff -up openssl-1.1.0-pre5/apps/ca.c.dgst openssl-1.1.0-pre5/apps/ca.c diff -up openssl-1.1.1b/apps/ca.c.dgst openssl-1.1.1b/apps/ca.c
--- openssl-1.1.0-pre5/apps/ca.c.dgst 2016-04-19 16:57:52.000000000 +0200 --- openssl-1.1.1b/apps/ca.c.dgst 2019-02-26 15:15:30.000000000 +0100
+++ openssl-1.1.0-pre5/apps/ca.c 2016-07-18 15:58:18.516742682 +0200 +++ openssl-1.1.1b/apps/ca.c 2019-03-15 15:53:46.622267688 +0100
@@ -216,7 +216,7 @@ OPTIONS ca_options[] = { @@ -169,7 +169,7 @@ const OPTIONS ca_options[] = {
{"enddate", OPT_ENDDATE, 's', {"enddate", OPT_ENDDATE, 's',
"YYMMDDHHMMSSZ cert notAfter (overrides -days)"}, "YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
{"days", OPT_DAYS, 'p', "Number of days to certify the cert for"}, {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
- {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"}, - {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
+ {"md", OPT_MD, 's', "md to use; see openssl dgst -h for list"}, + {"md", OPT_MD, 's', "md to use; see openssl help for list"},
{"policy", OPT_POLICY, 's', "The CA 'policy' to support"}, {"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
{"keyfile", OPT_KEYFILE, 's', "Private key"}, {"keyfile", OPT_KEYFILE, 's', "Private key"},
{"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"}, {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},

View File

@ -634,7 +634,7 @@ diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/ev
/* /*
* Maximum permitted memory allow this to be overridden with Configuration * Maximum permitted memory allow this to be overridden with Configuration
* option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible. * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible.
@@ -160,107 +37,39 @@ int EVP_PBE_scrypt(const char *pass, siz @@ -160,107 +37,43 @@ int EVP_PBE_scrypt(const char *pass, siz
uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
unsigned char *key, size_t keylen) unsigned char *key, size_t keylen)
{ {
@ -706,6 +706,10 @@ diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/ev
+ if (pass == NULL) { + if (pass == NULL) {
+ pass = empty; + pass = empty;
+ passlen = 0; + passlen = 0;
+ }
+ if (salt == NULL) {
+ salt = (const unsigned char *)empty;
+ saltlen = 0;
} }
- -
if (maxmem == 0) if (maxmem == 0)

View File

@ -22,7 +22,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.1.1b Version: 1.1.1b
Release: 2%{?dist} Release: 3%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -47,7 +47,7 @@ Patch21: openssl-1.1.0-issuer-hash.patch
# Functionality changes # Functionality changes
Patch31: openssl-1.1.1-conf-paths.patch Patch31: openssl-1.1.1-conf-paths.patch
Patch32: openssl-1.1.1-version-add-engines.patch Patch32: openssl-1.1.1-version-add-engines.patch
Patch33: openssl-1.1.0-apps-dgst.patch Patch33: openssl-1.1.1-apps-dgst.patch
Patch36: openssl-1.1.1-no-brainpool.patch Patch36: openssl-1.1.1-no-brainpool.patch
Patch37: openssl-1.1.1-ec-curves.patch Patch37: openssl-1.1.1-ec-curves.patch
Patch38: openssl-1.1.1-no-weak-verify.patch Patch38: openssl-1.1.1-no-weak-verify.patch
@ -448,6 +448,10 @@ export LD_LIBRARY_PATH
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Fri Mar 15 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-3
- fix regression in EVP_PBE_scrypt() (#1688284)
- fix incorrect help message in ca app (#1553206)
* Fri Mar 1 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-2 * Fri Mar 1 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-2
- use .include = syntax in the config file to allow it - use .include = syntax in the config file to allow it
to be parsed by 1.0.2 version (#1668916) to be parsed by 1.0.2 version (#1668916)