forked from rpms/openssl
Update to Beta1 version
Includes a patch to support dual-ABI, as Beta1 brekas ABI with alpha16 Related: rhbz#1903209 Signed-off-by: Sahana Prasad <sahana@redhat.com>
This commit is contained in:
parent
90bf702df6
commit
d4e97b3110
@ -22,7 +22,7 @@ index b7eed914b0..af62f0ef08 100644
|
|||||||
+ ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
|
+ ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
|
||||||
+ goto err;
|
+ goto err;
|
||||||
} else {
|
} else {
|
||||||
const EVP_MD *type = EVP_get_digestbynid(mdnid);
|
const EVP_MD *type = NULL;
|
||||||
|
|
||||||
--
|
--
|
||||||
2.26.2
|
2.26.2
|
||||||
|
@ -38,48 +38,6 @@ index 9f369edf0e..c52389f831 100644
|
|||||||
(map { "-I".$_} @{$config{CPPINCLUDES}}),
|
(map { "-I".$_} @{$config{CPPINCLUDES}}),
|
||||||
@{$config{CPPFLAGS}}) -}
|
@{$config{CPPFLAGS}}) -}
|
||||||
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
|
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
|
||||||
diff --git a/Configure b/Configure
|
|
||||||
index dfad3fe7a5..dc6d5d4d73 100755
|
|
||||||
--- a/Configure
|
|
||||||
+++ b/Configure
|
|
||||||
@@ -27,7 +27,7 @@ use OpenSSL::config;
|
|
||||||
my $orig_death_handler = $SIG{__DIE__};
|
|
||||||
$SIG{__DIE__} = \&death_handler;
|
|
||||||
|
|
||||||
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
|
||||||
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
|
||||||
|
|
||||||
# Options:
|
|
||||||
#
|
|
||||||
@@ -44,6 +44,9 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
|
|
||||||
# This becomes the value of OPENSSLDIR in Makefile and in C.
|
|
||||||
# (Default: PREFIX/ssl)
|
|
||||||
#
|
|
||||||
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
|
|
||||||
+# cipher is specified (default).
|
|
||||||
+#
|
|
||||||
# --cross-compile-prefix Add specified prefix to binutils components.
|
|
||||||
#
|
|
||||||
# --api One of 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, or 3.0
|
|
||||||
@@ -367,6 +370,7 @@ $config{prefix}="";
|
|
||||||
$config{openssldir}="";
|
|
||||||
$config{processor}="";
|
|
||||||
$config{libdir}="";
|
|
||||||
+$config{system_ciphers_file}="";
|
|
||||||
my $auto_threads=1; # enable threads automatically? true by default
|
|
||||||
my $default_ranlib;
|
|
||||||
|
|
||||||
@@ -957,6 +961,10 @@ while (@argvcopy)
|
|
||||||
die "FIPS key too long (64 bytes max)\n"
|
|
||||||
if length $1 > 64;
|
|
||||||
}
|
|
||||||
+ elsif (/^--system-ciphers-file=(.*)$/)
|
|
||||||
+ {
|
|
||||||
+ $config{system_ciphers_file}=$1;
|
|
||||||
+ }
|
|
||||||
elsif (/^--cross-compile-prefix=(.*)$/)
|
|
||||||
{
|
|
||||||
$user{CROSS_COMPILE}=$1;
|
|
||||||
diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
|
diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
|
||||||
index b4ed3e51d5..2122e6bdfd 100644
|
index b4ed3e51d5..2122e6bdfd 100644
|
||||||
--- a/doc/man1/openssl-ciphers.pod.in
|
--- a/doc/man1/openssl-ciphers.pod.in
|
||||||
@ -322,10 +280,52 @@ index 404a706fab..e81fa9ec3e 100644
|
|||||||
--- a/util/libcrypto.num
|
--- a/util/libcrypto.num
|
||||||
+++ b/util/libcrypto.num
|
+++ b/util/libcrypto.num
|
||||||
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION:
|
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION:
|
||||||
BIO_new_ex ? 3_0_0 EXIST::FUNCTION:
|
ASN1_item_d2i_bio_ex ? 3_0_0 EXIST::FUNCTION:
|
||||||
BIO_s_core ? 3_0_0 EXIST::FUNCTION:
|
ASN1_item_d2i_ex ? 3_0_0 EXIST::FUNCTION:
|
||||||
OSSL_LIB_CTX_new_from_dispatch ? 3_0_0 EXIST::FUNCTION:
|
ASN1_TIME_print_ex ? 3_0_0 EXIST::FUNCTION:
|
||||||
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
||||||
--
|
--
|
||||||
2.26.2
|
2.26.2
|
||||||
|
|
||||||
|
diff -up openssl-3.0.0-beta1/Configure.sys-default openssl-3.0.0-beta1/Configure
|
||||||
|
--- openssl-3.0.0-beta1/Configure.sys-default 2021-06-29 11:47:58.978144386 +0200
|
||||||
|
+++ openssl-3.0.0-beta1/Configure 2021-06-29 11:52:01.631126260 +0200
|
||||||
|
@@ -27,7 +27,7 @@ use OpenSSL::config;
|
||||||
|
my $orig_death_handler = $SIG{__DIE__};
|
||||||
|
$SIG{__DIE__} = \&death_handler;
|
||||||
|
|
||||||
|
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||||
|
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||||
|
|
||||||
|
my $banner = <<"EOF";
|
||||||
|
|
||||||
|
@@ -61,6 +61,10 @@ EOF
|
||||||
|
# given with --prefix.
|
||||||
|
# This becomes the value of OPENSSLDIR in Makefile and in C.
|
||||||
|
# (Default: PREFIX/ssl)
|
||||||
|
+#
|
||||||
|
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
|
||||||
|
+# cipher is specified (default).
|
||||||
|
+#
|
||||||
|
# --banner=".." Output specified text instead of default completion banner
|
||||||
|
#
|
||||||
|
# --cross-compile-prefix Add specified prefix to binutils components.
|
||||||
|
@@ -385,6 +389,7 @@ $config{prefix}="";
|
||||||
|
$config{openssldir}="";
|
||||||
|
$config{processor}="";
|
||||||
|
$config{libdir}="";
|
||||||
|
+$config{system_ciphers_file}="";
|
||||||
|
my $auto_threads=1; # enable threads automatically? true by default
|
||||||
|
my $default_ranlib;
|
||||||
|
|
||||||
|
@@ -987,6 +992,10 @@ while (@argvcopy)
|
||||||
|
die "FIPS key too long (64 bytes max)\n"
|
||||||
|
if length $1 > 64;
|
||||||
|
}
|
||||||
|
+ elsif (/^--system-ciphers-file=(.*)$/)
|
||||||
|
+ {
|
||||||
|
+ $config{system_ciphers_file}=$1;
|
||||||
|
+ }
|
||||||
|
elsif (/^--banner=(.*)$/)
|
||||||
|
{
|
||||||
|
$banner = $1 . "\n";
|
||||||
|
@ -17,9 +17,9 @@ index 1036da9a2b..9d4896fcaf 100644
|
|||||||
--- a/include/openssl/crypto.h.in
|
--- a/include/openssl/crypto.h.in
|
||||||
+++ b/include/openssl/crypto.h.in
|
+++ b/include/openssl/crypto.h.in
|
||||||
@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack_macros);
|
@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack_macros);
|
||||||
# include <openssl/types.h>
|
|
||||||
# include <openssl/opensslconf.h>
|
# include <openssl/opensslconf.h>
|
||||||
# include <openssl/cryptoerr.h>
|
# include <openssl/cryptoerr.h>
|
||||||
|
# include <openssl/core.h>
|
||||||
+# include <openssl/fips.h>
|
+# include <openssl/fips.h>
|
||||||
|
|
||||||
# ifdef CHARSET_EBCDIC
|
# ifdef CHARSET_EBCDIC
|
||||||
@ -55,11 +55,10 @@ index 0000000000..c64f0f8e8f
|
|||||||
+}
|
+}
|
||||||
+# endif
|
+# endif
|
||||||
+#endif
|
+#endif
|
||||||
diff --git a/test/property_test.c b/test/property_test.c
|
diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c
|
||||||
index ab61d01107..1cedc85f78 100644
|
--- openssl-3.0.0-beta1/test/property_test.c.fips-macro 2021-06-29 12:14:58.851557698 +0200
|
||||||
--- a/test/property_test.c
|
+++ openssl-3.0.0-beta1/test/property_test.c 2021-06-29 12:17:14.630143832 +0200
|
||||||
+++ b/test/property_test.c
|
@@ -488,6 +488,18 @@ static int test_property_list_to_string(
|
||||||
@@ -412,6 +412,18 @@ err:
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -75,16 +74,14 @@ index ab61d01107..1cedc85f78 100644
|
|||||||
+ return ret;
|
+ return ret;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
|
|
||||||
int setup_tests(void)
|
int setup_tests(void)
|
||||||
{
|
{
|
||||||
@@ -424,5 +436,6 @@ int setup_tests(void)
|
ADD_TEST(test_property_string);
|
||||||
|
@@ -500,6 +512,7 @@ int setup_tests(void)
|
||||||
ADD_TEST(test_property);
|
ADD_TEST(test_property);
|
||||||
ADD_TEST(test_query_cache_stochastic);
|
ADD_TEST(test_query_cache_stochastic);
|
||||||
ADD_TEST(test_fips_mode);
|
ADD_TEST(test_fips_mode);
|
||||||
+ ADD_TEST(test_downstream_FIPS_mode);
|
+ ADD_TEST(test_downstream_FIPS_mode);
|
||||||
|
ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
|
@ -2,8 +2,8 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1
|
|||||||
--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100
|
--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100
|
||||||
+++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100
|
+++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100
|
||||||
@@ -12,11 +12,54 @@
|
@@ -12,11 +12,54 @@
|
||||||
#include "internal/core.h"
|
|
||||||
#include "internal/bio.h"
|
#include "internal/bio.h"
|
||||||
|
#include "internal/provider.h"
|
||||||
|
|
||||||
+#ifndef FIPS_MODULE
|
+#ifndef FIPS_MODULE
|
||||||
+# include <sys/types.h>
|
+# include <sys/types.h>
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
diff -up openssl-3.0.0-alpha16/ssl/s3_msg.c.shut-down openssl-3.0.0-alpha16/ssl/s3_msg.c
|
|
||||||
--- openssl-3.0.0-alpha16/ssl/s3_msg.c.shut-down 2021-05-17 11:11:11.050702699 +0200
|
|
||||||
+++ openssl-3.0.0-alpha16/ssl/s3_msg.c 2021-05-17 11:12:37.741526784 +0200
|
|
||||||
@@ -52,6 +52,8 @@ int ssl3_send_alert(SSL *s, int level, i
|
|
||||||
* protocol_version alerts */
|
|
||||||
if (desc < 0)
|
|
||||||
return -1;
|
|
||||||
+ if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY)
|
|
||||||
+ return -1;
|
|
||||||
/* If a fatal one, remove from cache */
|
|
||||||
if ((level == SSL3_AL_FATAL) && (s->session != NULL))
|
|
||||||
SSL_CTX_remove_session(s->session_ctx, s->session);
|
|
File diff suppressed because it is too large
Load Diff
@ -1,28 +0,0 @@
|
|||||||
diff -up openssl-3.0.0-alpha16/apps/lib/apps.c.spkac openssl-3.0.0-alpha16/apps/lib/apps.c
|
|
||||||
--- openssl-3.0.0-alpha16/apps/lib/apps.c.spkac 2021-06-04 09:28:48.162316896 +0200
|
|
||||||
+++ openssl-3.0.0-alpha16/apps/lib/apps.c 2021-06-04 09:32:53.911795489 +0200
|
|
||||||
@@ -403,14 +403,18 @@ CONF *app_load_config_verbose(const char
|
|
||||||
|
|
||||||
CONF *app_load_config_internal(const char *filename, int quiet)
|
|
||||||
{
|
|
||||||
- BIO *in = NULL; /* leads to empty config in case filename == "" */
|
|
||||||
+ BIO *in;
|
|
||||||
CONF *conf;
|
|
||||||
|
|
||||||
- if (*filename != '\0'
|
|
||||||
- && (in = bio_open_default_(filename, 'r', FORMAT_TEXT, quiet)) == NULL)
|
|
||||||
- return NULL;
|
|
||||||
- conf = app_load_config_bio(in, filename);
|
|
||||||
- BIO_free(in);
|
|
||||||
+ if (filename == NULL || *filename != '\0') {
|
|
||||||
+ if ((in = bio_open_default_(filename, 'r', FORMAT_TEXT, quiet)) == NULL)
|
|
||||||
+ return NULL;
|
|
||||||
+ conf = app_load_config_bio(in, filename);
|
|
||||||
+ BIO_free(in);
|
|
||||||
+ } else {
|
|
||||||
+ /* Return empty config if filename is empty string. */
|
|
||||||
+ conf = NCONF_new_ex(app_libctx, NULL);
|
|
||||||
+ }
|
|
||||||
return conf;
|
|
||||||
}
|
|
||||||
|
|
@ -1,41 +0,0 @@
|
|||||||
diff -up openssl-3.0.0-alpha16/providers/implementations/keymgmt/ecx_kmgmt.c.edsize openssl-3.0.0-alpha16/providers/implementations/keymgmt/ecx_kmgmt.c
|
|
||||||
--- openssl-3.0.0-alpha16/providers/implementations/keymgmt/ecx_kmgmt.c.edsize 2021-06-04 09:51:12.567348198 +0200
|
|
||||||
+++ openssl-3.0.0-alpha16/providers/implementations/keymgmt/ecx_kmgmt.c 2021-06-04 09:52:55.650321215 +0200
|
|
||||||
@@ -309,14 +309,14 @@ static int x448_get_params(void *key, OS
|
|
||||||
static int ed25519_get_params(void *key, OSSL_PARAM params[])
|
|
||||||
{
|
|
||||||
return ecx_get_params(key, params, ED25519_BITS, ED25519_SECURITY_BITS,
|
|
||||||
- ED25519_KEYLEN)
|
|
||||||
+ ED25519_SIGSIZE)
|
|
||||||
&& ed_get_params(key, params);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int ed448_get_params(void *key, OSSL_PARAM params[])
|
|
||||||
{
|
|
||||||
return ecx_get_params(key, params, ED448_BITS, ED448_SECURITY_BITS,
|
|
||||||
- ED448_KEYLEN)
|
|
||||||
+ ED448_SIGSIZE)
|
|
||||||
&& ed_get_params(key, params);
|
|
||||||
}
|
|
||||||
|
|
||||||
diff -up openssl-3.0.0-alpha16/test/evp_pkey_provided_test.c.edsize openssl-3.0.0-alpha16/test/evp_pkey_provided_test.c
|
|
||||||
--- openssl-3.0.0-alpha16/test/evp_pkey_provided_test.c.edsize 2021-06-04 09:51:24.540461209 +0200
|
|
||||||
+++ openssl-3.0.0-alpha16/test/evp_pkey_provided_test.c 2021-06-04 09:54:26.531182412 +0200
|
|
||||||
@@ -979,7 +979,7 @@ static int test_fromdata_ecx(int tst)
|
|
||||||
fromdata_params = ed25519_fromdata_params;
|
|
||||||
bits = ED25519_BITS;
|
|
||||||
security_bits = ED25519_SECURITY_BITS;
|
|
||||||
- size = ED25519_KEYLEN;
|
|
||||||
+ size = ED25519_SIGSIZE;
|
|
||||||
alg = "ED25519";
|
|
||||||
break;
|
|
||||||
|
|
||||||
@@ -987,7 +987,7 @@ static int test_fromdata_ecx(int tst)
|
|
||||||
fromdata_params = ed448_fromdata_params;
|
|
||||||
bits = ED448_BITS;
|
|
||||||
security_bits = ED448_SECURITY_BITS;
|
|
||||||
- size = ED448_KEYLEN;
|
|
||||||
+ size = ED448_SIGSIZE;
|
|
||||||
alg = "ED448";
|
|
||||||
break;
|
|
||||||
default:
|
|
@ -1,34 +0,0 @@
|
|||||||
diff -up openssl-3.0.0-alpha16/crypto/init.c.softhsm openssl-3.0.0-alpha16/crypto/init.c
|
|
||||||
--- openssl-3.0.0-alpha16/crypto/init.c.softhsm 2021-06-04 09:40:22.637748149 +0200
|
|
||||||
+++ openssl-3.0.0-alpha16/crypto/init.c 2021-06-04 09:44:09.695867437 +0200
|
|
||||||
@@ -454,6 +454,13 @@ int OPENSSL_init_crypto(uint64_t opts, c
|
|
||||||
uint64_t tmp;
|
|
||||||
int aloaddone = 0;
|
|
||||||
|
|
||||||
+ /* Applications depend on 0 being returned when cleanup was already done */
|
|
||||||
+ if (stopped) {
|
|
||||||
+ if (!(opts & OPENSSL_INIT_BASE_ONLY))
|
|
||||||
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* We ignore failures from this function. It is probably because we are
|
|
||||||
* on a platform that doesn't support lockless atomic loads (we may not
|
|
||||||
@@ -476,15 +483,7 @@ int OPENSSL_init_crypto(uint64_t opts, c
|
|
||||||
/*
|
|
||||||
* At some point we should look at this function with a view to moving
|
|
||||||
* most/all of this into OSSL_LIB_CTX.
|
|
||||||
- */
|
|
||||||
-
|
|
||||||
- if (stopped) {
|
|
||||||
- if (!(opts & OPENSSL_INIT_BASE_ONLY))
|
|
||||||
- ERR_raise(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL);
|
|
||||||
- return 0;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
+ *
|
|
||||||
* When the caller specifies OPENSSL_INIT_BASE_ONLY, that should be the
|
|
||||||
* *only* option specified. With that option we return immediately after
|
|
||||||
* doing the requested limited initialization. Note that
|
|
@ -1,36 +0,0 @@
|
|||||||
diff -up openssl-3.0.0-alpha16/ssl/statem/extensions.c.reneg openssl-3.0.0-alpha16/ssl/statem/extensions.c
|
|
||||||
--- openssl-3.0.0-alpha16/ssl/statem/extensions.c.reneg 2021-06-04 10:03:01.313023512 +0200
|
|
||||||
+++ openssl-3.0.0-alpha16/ssl/statem/extensions.c 2021-06-04 10:05:43.019538516 +0200
|
|
||||||
@@ -45,6 +45,7 @@ static int tls_parse_certificate_authori
|
|
||||||
#ifndef OPENSSL_NO_SRP
|
|
||||||
static int init_srp(SSL *s, unsigned int context);
|
|
||||||
#endif
|
|
||||||
+static int init_ec_point_formats(SSL *s, unsigned int context);
|
|
||||||
static int init_etm(SSL *s, unsigned int context);
|
|
||||||
static int init_ems(SSL *s, unsigned int context);
|
|
||||||
static int final_ems(SSL *s, unsigned int context, int sent);
|
|
||||||
@@ -158,7 +159,7 @@ static const EXTENSION_DEFINITION ext_de
|
|
||||||
TLSEXT_TYPE_ec_point_formats,
|
|
||||||
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
|
|
||||||
| SSL_EXT_TLS1_2_AND_BELOW_ONLY,
|
|
||||||
- NULL, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats,
|
|
||||||
+ init_ec_point_formats, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats,
|
|
||||||
tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
|
|
||||||
final_ec_pt_formats
|
|
||||||
},
|
|
||||||
@@ -1144,6 +1145,15 @@ static int init_srp(SSL *s, unsigned int
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+static int init_ec_point_formats(SSL *s, unsigned int context)
|
|
||||||
+{
|
|
||||||
+ OPENSSL_free(s->ext.peer_ecpointformats);
|
|
||||||
+ s->ext.peer_ecpointformats = NULL;
|
|
||||||
+ s->ext.peer_ecpointformats_len = 0;
|
|
||||||
+
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static int init_etm(SSL *s, unsigned int context)
|
|
||||||
{
|
|
||||||
s->ext.use_etm = 0;
|
|
@ -1,45 +0,0 @@
|
|||||||
diff -up openssl-3.0.0-alpha16/apps/dgst.c.digest openssl-3.0.0-alpha16/apps/dgst.c
|
|
||||||
--- openssl-3.0.0-alpha16/apps/dgst.c.digest 2021-06-04 10:21:03.153697643 +0200
|
|
||||||
+++ openssl-3.0.0-alpha16/apps/dgst.c 2021-06-04 10:22:26.737489944 +0200
|
|
||||||
@@ -330,6 +330,8 @@ int dgst_main(int argc, char **argv)
|
|
||||||
}
|
|
||||||
|
|
||||||
if (hmac_key != NULL) {
|
|
||||||
+ if (md == NULL)
|
|
||||||
+ md = (EVP_MD *)EVP_sha256();
|
|
||||||
sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
|
|
||||||
(unsigned char *)hmac_key,
|
|
||||||
strlen(hmac_key));
|
|
||||||
diff -up openssl-3.0.0-alpha16/test/recipes/20-test_dgst.t.digest openssl-3.0.0-alpha16/test/recipes/20-test_dgst.t
|
|
||||||
--- openssl-3.0.0-alpha16/test/recipes/20-test_dgst.t.digest 2021-06-04 10:21:18.871846631 +0200
|
|
||||||
+++ openssl-3.0.0-alpha16/test/recipes/20-test_dgst.t 2021-06-04 10:23:56.862344245 +0200
|
|
||||||
@@ -17,7 +17,7 @@ use OpenSSL::Test::Utils;
|
|
||||||
|
|
||||||
setup("test_dgst");
|
|
||||||
|
|
||||||
-plan tests => 7;
|
|
||||||
+plan tests => 8;
|
|
||||||
|
|
||||||
sub tsignverify {
|
|
||||||
my $testtext = shift;
|
|
||||||
@@ -115,6 +115,20 @@ subtest "HMAC generation with `dgst` CLI
|
|
||||||
ok($hmacdata[0] =~ $expected, "HMAC: Check HMAC value is as expected ($hmacdata[0]) vs ($expected)");
|
|
||||||
ok($hmacdata[1] =~ $expected,
|
|
||||||
"HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)");
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+subtest "HMAC generation with `dgst` CLI, default digest" => sub {
|
|
||||||
+ plan tests => 2;
|
|
||||||
+
|
|
||||||
+ my $testdata = srctop_file('test', 'data.bin');
|
|
||||||
+ #HMAC the data twice to check consistency
|
|
||||||
+ my @hmacdata = run(app(['openssl', 'dgst', '-hmac', '123456',
|
|
||||||
+ $testdata, $testdata]), capture => 1);
|
|
||||||
+ chomp(@hmacdata);
|
|
||||||
+ my $expected = qr/HMAC-SHA256\(\Q$testdata\E\)= 6f12484129c4a761747f13d8234a1ff0e074adb34e9e9bf3a155c391b97b9a7c/;
|
|
||||||
+ ok($hmacdata[0] =~ $expected, "HMAC: Check HMAC value is as expected ($hmacdata[0]) vs ($expected)");
|
|
||||||
+ ok($hmacdata[1] =~ $expected,
|
|
||||||
+ "HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)");
|
|
||||||
};
|
|
||||||
|
|
||||||
subtest "Custom length XOF digest generation with `dgst` CLI" => sub {
|
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-3.0.0-alpha16/crypto/bio/b_addr.c.use-explicit openssl-3.0.0-alpha16/crypto/bio/b_addr.c
|
diff -up openssl-3.0.0-alpha16/crypto/bio/bio_addr.c.use-explicit openssl-3.0.0-alpha16/crypto/bio/bio_addr.c
|
||||||
--- openssl-3.0.0-alpha16/crypto/bio/b_addr.c.use-explicit 2021-07-06 14:06:05.706578389 +0200
|
--- openssl-3.0.0-alpha16/crypto/bio/bio_addr.c.use-explicit 2021-07-06 14:06:05.706578389 +0200
|
||||||
+++ openssl-3.0.0-alpha16/crypto/bio/b_addr.c 2021-07-06 14:07:24.482329505 +0200
|
+++ openssl-3.0.0-alpha16/crypto/bio/bio_addr.c 2021-07-06 14:07:24.482329505 +0200
|
||||||
@@ -696,7 +696,7 @@ int BIO_lookup_ex(const char *host, cons
|
@@ -696,7 +696,7 @@ int BIO_lookup_ex(const char *host, cons
|
||||||
hints.ai_protocol = protocol;
|
hints.ai_protocol = protocol;
|
||||||
# ifdef AI_ADDRCONFIG
|
# ifdef AI_ADDRCONFIG
|
||||||
|
1321
0019-dual-abi.patch
Normal file
1321
0019-dual-abi.patch
Normal file
File diff suppressed because it is too large
Load Diff
1321
dual-abi.patch
Normal file
1321
dual-abi.patch
Normal file
File diff suppressed because it is too large
Load Diff
6
ectest.c
6
ectest.c
@ -28,9 +28,9 @@
|
|||||||
#include <openssl/rand.h>
|
#include <openssl/rand.h>
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
#include <openssl/opensslconf.h>
|
#include <openssl/opensslconf.h>
|
||||||
#include "openssl/core_names.h"
|
#include <openssl/core_names.h>
|
||||||
#include "openssl/param_build.h"
|
#include <openssl/param_build.h>
|
||||||
#include "openssl/evp.h"
|
#include <openssl/evp.h>
|
||||||
|
|
||||||
static size_t crv_len = 0;
|
static size_t crv_len = 0;
|
||||||
static EC_builtin_curve *curves = NULL;
|
static EC_builtin_curve *curves = NULL;
|
||||||
|
26
openssl.spec
26
openssl.spec
@ -15,7 +15,7 @@
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 3.0.0
|
Version: 3.0.0
|
||||||
Release: 0.alpha16.7%{?dist}
|
Release: 0.beta1.1%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -50,24 +50,14 @@ Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
|
|||||||
Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
|
Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
|
||||||
# Add check to see if fips flag is enabled in kernel
|
# Add check to see if fips flag is enabled in kernel
|
||||||
#Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
|
#Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
|
||||||
# Avoid sending alerts after shutdown
|
|
||||||
Patch10: 0010-Avoid-sending-alert-after-shutdown.patch
|
|
||||||
# remove unsupported EC curves
|
# remove unsupported EC curves
|
||||||
Patch11: 0011-Remove-EC-curves.patch
|
Patch11: 0011-Remove-EC-curves.patch
|
||||||
# Fix reading SPKAC data from stdin
|
|
||||||
Patch12: 0012-Fix-SPKAC-data-from-stdin.patch
|
|
||||||
# Fix incorrect OSSL_PKEY_PARAM_MAX_SIZE for ed25519 and ed448
|
|
||||||
Patch13: 0013-Fix-incorrect-OSSL_PKEY_PARAM_MAX_SIZE.patch
|
|
||||||
# Return 0 after cleanup in OPENSSL_init_crypto()
|
|
||||||
Patch14: 0014-Return0-OPENSSL-init-crypto-cleanup.patch
|
|
||||||
# Cleanup the peer point formats on regotiation
|
|
||||||
Patch15: 0015-Cleanup-peer-point-formats-regotiation.patch
|
|
||||||
# Fix default digest to SHA256
|
|
||||||
Patch16: 0016-Fix-default-digest-SHA256.patch
|
|
||||||
# Use AI_ADDRCONFIG only when explicit host name is given
|
# Use AI_ADDRCONFIG only when explicit host name is given
|
||||||
Patch17: 0017-use-AI-ADDRCONFIG-explicit-hostname.patch
|
Patch17: 0017-use-AI-ADDRCONFIG-explicit-hostname.patch
|
||||||
# Fix segmentation fault in BN_lebin2bn()
|
# Fix segmentation fault in BN_lebin2bn()
|
||||||
Patch18: 0018-Fix-crash-BN_lebin2bn.patch
|
Patch18: 0018-Fix-crash-BN_lebin2bn.patch
|
||||||
|
# Temporary dual-ABI build patch
|
||||||
|
Patch19: 0019-dual-abi.patch
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
@ -79,7 +69,7 @@ BuildRequires: /usr/bin/pod2man
|
|||||||
BuildRequires: /usr/sbin/sysctl
|
BuildRequires: /usr/sbin/sysctl
|
||||||
BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt)
|
BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt)
|
||||||
BuildRequires: perl(Module::Load::Conditional), perl(File::Temp)
|
BuildRequires: perl(Module::Load::Conditional), perl(File::Temp)
|
||||||
BuildRequires: perl(Time::HiRes), perl(IPC::Cmd), perl(Pod::Html)
|
BuildRequires: perl(Time::HiRes), perl(IPC::Cmd), perl(Pod::Html), perl(Digest::SHA)
|
||||||
BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy), perl(bigint)
|
BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy), perl(bigint)
|
||||||
BuildRequires: git-core
|
BuildRequires: git-core
|
||||||
Requires: coreutils
|
Requires: coreutils
|
||||||
@ -123,7 +113,7 @@ package provides Perl scripts for converting certificates and keys
|
|||||||
from other formats to the formats used by the OpenSSL toolkit.
|
from other formats to the formats used by the OpenSSL toolkit.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -S git -n %{name}-%{version}-alpha16
|
%autosetup -S git -n %{name}-%{version}-beta1
|
||||||
|
|
||||||
# The hobble_openssl is called here redundantly, just to be sure.
|
# The hobble_openssl is called here redundantly, just to be sure.
|
||||||
# The tarball has already the sources removed.
|
# The tarball has already the sources removed.
|
||||||
@ -334,8 +324,6 @@ cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h >> \
|
|||||||
install -m644 %{SOURCE9} \
|
install -m644 %{SOURCE9} \
|
||||||
$RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h
|
$RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h
|
||||||
%endif
|
%endif
|
||||||
LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
|
|
||||||
export LD_LIBRARY_PATH
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%{!?_licensedir:%global license %%doc}
|
%{!?_licensedir:%global license %%doc}
|
||||||
@ -392,6 +380,10 @@ export LD_LIBRARY_PATH
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jul 14 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.1
|
||||||
|
- Update to Beta1 version
|
||||||
|
- Includes a patch to support dual-ABI, as Beta1 brekas ABI with alpha16
|
||||||
|
|
||||||
* Tue Jul 06 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.7
|
* Tue Jul 06 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.7
|
||||||
- Fixes override of openssl_conf in openssl.cnf
|
- Fixes override of openssl_conf in openssl.cnf
|
||||||
- Use AI_ADDRCONFIG only when explicit host name is given
|
- Use AI_ADDRCONFIG only when explicit host name is given
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (openssl-3.0.0-hobbled.tar.xz) = fa5e40d22f0358b39d8eb47ee675e91ad88a93a5234dab12b27ec19c455a701042a3a70541fee1ba7ee28dbbca6024e84deb5b2fa6cc7e773374ea1e067a1b80
|
SHA512 (openssl-3.0.0-hobbled.tar.xz) = 05f3e01621be98e776061a86b8fec68bdafeac720c8f968b1c4fafc5f328839701d2ffd67d6bd695c3dbf67e3efb03b3c856ed046d751359bc89b867205b7fe9
|
||||||
|
Loading…
Reference in New Issue
Block a user