Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openssl.git#b023ffe39f798981219604746432376b15169c79
This commit is contained in:
DistroBaker 2021-03-11 19:58:41 +00:00
parent f731f488ac
commit efa5f39ef0
9 changed files with 611 additions and 759 deletions

1
.gitignore vendored
View File

@ -50,3 +50,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.1.1g-hobbled.tar.xz /openssl-1.1.1g-hobbled.tar.xz
/openssl-1.1.1h-hobbled.tar.xz /openssl-1.1.1h-hobbled.tar.xz
/openssl-1.1.1i-hobbled.tar.xz /openssl-1.1.1i-hobbled.tar.xz
/openssl-1.1.1j-hobbled.tar.xz

View File

@ -1,11 +0,0 @@
diff -up openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash openssl-1.1.0-pre5/crypto/x509/x509_cmp.c
--- openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash 2016-07-18 15:16:32.788881100 +0200
+++ openssl-1.1.0-pre5/crypto/x509/x509_cmp.c 2016-07-18 15:17:16.671871840 +0200
@@ -87,6 +87,7 @@ unsigned long X509_issuer_and_serial_has
if (ctx == NULL)
goto err;
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
goto err;

View File

@ -1,7 +1,7 @@
diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err/openssl.txt diff -up openssl-1.1.1j/crypto/err/openssl.txt.evp-kdf openssl-1.1.1j/crypto/err/openssl.txt
--- openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/crypto/err/openssl.txt.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/crypto/err/openssl.txt 2020-03-19 16:04:11.299063517 +0100 +++ openssl-1.1.1j/crypto/err/openssl.txt 2021-03-03 14:10:13.729466935 +0100
@@ -747,6 +747,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn @@ -748,6 +748,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn
EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate
EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex
EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate
@ -11,7 +11,7 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err
EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex
EVP_F_EVP_MD_SIZE:162:EVP_MD_size EVP_F_EVP_MD_SIZE:162:EVP_MD_size
EVP_F_EVP_OPENINIT:102:EVP_OpenInit EVP_F_EVP_OPENINIT:102:EVP_OpenInit
@@ -809,12 +812,31 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k @@ -810,12 +813,31 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k
EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen
EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen
EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen
@ -43,7 +43,7 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err
KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str
KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive
KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init
@@ -826,6 +848,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc @@ -827,6 +849,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc
KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str
KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive
KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init
@ -51,15 +51,15 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err
KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg
OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid
@@ -2277,6 +2300,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on @@ -2284,6 +2307,7 @@ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_K
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
operation not supported for this keytype operation not supported for this keytype
EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow
+EVP_R_PARAMETER_TOO_LARGE:187:parameter too large +EVP_R_PARAMETER_TOO_LARGE:187:parameter too large
EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
EVP_R_PBKDF2_ERROR:181:pbkdf2 error EVP_R_PBKDF2_ERROR:181:pbkdf2 error
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
@@ -2313,6 +2337,7 @@ KDF_R_MISSING_SEED:106:missing seed @@ -2320,6 +2344,7 @@ KDF_R_MISSING_SEED:106:missing seed
KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
KDF_R_VALUE_ERROR:108:value error KDF_R_VALUE_ERROR:108:value error
KDF_R_VALUE_MISSING:102:value missing KDF_R_VALUE_MISSING:102:value missing
@ -67,9 +67,9 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err
OBJ_R_OID_EXISTS:102:oid exists OBJ_R_OID_EXISTS:102:oid exists
OBJ_R_UNKNOWN_NID:101:unknown nid OBJ_R_UNKNOWN_NID:101:unknown nid
OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error
diff -up openssl-1.1.1e/crypto/evp/build.info.evp-kdf openssl-1.1.1e/crypto/evp/build.info diff -up openssl-1.1.1j/crypto/evp/build.info.evp-kdf openssl-1.1.1j/crypto/evp/build.info
--- openssl-1.1.1e/crypto/evp/build.info.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/crypto/evp/build.info.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/crypto/evp/build.info 2020-03-19 16:04:11.300063500 +0100 +++ openssl-1.1.1j/crypto/evp/build.info 2021-03-03 14:08:02.490294839 +0100
@@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\ @@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\
p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
@ -80,9 +80,9 @@ diff -up openssl-1.1.1e/crypto/evp/build.info.evp-kdf openssl-1.1.1e/crypto/evp/
e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \ e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
e_chacha20_poly1305.c cmeth_lib.c e_chacha20_poly1305.c cmeth_lib.c
diff -up openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c diff -up openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c
--- openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf 2020-03-19 16:04:11.300063500 +0100 --- openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c 2020-03-19 16:16:46.497967633 +0100 +++ openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c 2021-03-03 14:08:02.490294839 +0100
@@ -14,9 +14,9 @@ @@ -14,9 +14,9 @@
# include <openssl/evp.h> # include <openssl/evp.h>
@ -94,9 +94,9 @@ diff -up openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1e/
typedef struct { typedef struct {
union { union {
diff -up openssl-1.1.1e/crypto/evp/encode.c.evp-kdf openssl-1.1.1e/crypto/evp/encode.c diff -up openssl-1.1.1j/crypto/evp/encode.c.evp-kdf openssl-1.1.1j/crypto/evp/encode.c
--- openssl-1.1.1e/crypto/evp/encode.c.evp-kdf 2020-03-19 16:04:11.301063483 +0100 --- openssl-1.1.1j/crypto/evp/encode.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/crypto/evp/encode.c 2020-03-19 16:14:13.147628683 +0100 +++ openssl-1.1.1j/crypto/evp/encode.c 2021-03-03 14:08:02.491294847 +0100
@@ -11,8 +11,8 @@ @@ -11,8 +11,8 @@
#include <limits.h> #include <limits.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
@ -107,9 +107,9 @@ diff -up openssl-1.1.1e/crypto/evp/encode.c.evp-kdf openssl-1.1.1e/crypto/evp/en
static unsigned char conv_ascii2bin(unsigned char a, static unsigned char conv_ascii2bin(unsigned char a,
const unsigned char *table); const unsigned char *table);
diff -up openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1e/crypto/evp/evp_err.c diff -up openssl-1.1.1j/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1j/crypto/evp/evp_err.c
--- openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf 2020-03-19 16:04:11.218064919 +0100 --- openssl-1.1.1j/crypto/evp/evp_err.c.evp-kdf 2021-03-03 14:08:02.469294651 +0100
+++ openssl-1.1.1e/crypto/evp/evp_err.c 2020-03-19 16:04:11.302063465 +0100 +++ openssl-1.1.1j/crypto/evp/evp_err.c 2021-03-03 14:12:08.272351600 +0100
@@ -60,6 +60,9 @@ static const ERR_STRING_DATA EVP_str_fun @@ -60,6 +60,9 @@ static const ERR_STRING_DATA EVP_str_fun
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0), {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),
"EVP_EncryptFinal_ex"}, "EVP_EncryptFinal_ex"},
@ -135,18 +135,18 @@ diff -up openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1e/crypto/evp/e
{ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"},
{0, NULL} {0, NULL}
}; };
@@ -241,6 +246,8 @@ static const ERR_STRING_DATA EVP_str_rea @@ -243,6 +248,8 @@ static const ERR_STRING_DATA EVP_str_rea
"operation not supported for this keytype"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
"operaton not initialized"}, "operaton not initialized"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW),
"output would overflow"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARAMETER_TOO_LARGE), + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARAMETER_TOO_LARGE),
+ "parameter too large"}, + "parameter too large"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
"partially overlapping buffers"}, "partially overlapping buffers"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
diff -up openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1e/crypto/evp/evp_local.h diff -up openssl-1.1.1j/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1j/crypto/evp/evp_local.h
--- openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf 2020-03-19 16:04:10.657074629 +0100 --- openssl-1.1.1j/crypto/evp/evp_local.h.evp-kdf 2021-03-03 14:08:02.362293695 +0100
+++ openssl-1.1.1e/crypto/evp/evp_local.h 2020-03-19 16:04:20.722900404 +0100 +++ openssl-1.1.1j/crypto/evp/evp_local.h 2021-03-03 14:08:02.491294847 +0100
@@ -41,6 +41,11 @@ struct evp_cipher_ctx_st { @@ -41,6 +41,11 @@ struct evp_cipher_ctx_st {
unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
} /* EVP_CIPHER_CTX */ ; } /* EVP_CIPHER_CTX */ ;
@ -159,9 +159,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1e/crypto/evp
int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
int passlen, ASN1_TYPE *param, int passlen, ASN1_TYPE *param,
const EVP_CIPHER *c, const EVP_MD *md, const EVP_CIPHER *c, const EVP_MD *md,
diff -up openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1e/crypto/evp/evp_pbe.c diff -up openssl-1.1.1j/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1j/crypto/evp/evp_pbe.c
--- openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf 2020-03-19 16:04:20.723900386 +0100 --- openssl-1.1.1j/crypto/evp/evp_pbe.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/crypto/evp/evp_pbe.c 2020-03-19 16:11:56.425001210 +0100 +++ openssl-1.1.1j/crypto/evp/evp_pbe.c 2021-03-03 14:08:02.491294847 +0100
@@ -12,6 +12,7 @@ @@ -12,6 +12,7 @@
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/pkcs12.h> #include <openssl/pkcs12.h>
@ -170,9 +170,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1e/crypto/evp/e
#include "evp_local.h" #include "evp_local.h"
/* Password based encryption (PBE) functions */ /* Password based encryption (PBE) functions */
diff -up openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1e/crypto/evp/kdf_lib.c diff -up openssl-1.1.1j/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1j/crypto/evp/kdf_lib.c
--- openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf 2020-03-19 16:04:20.723900386 +0100 --- openssl-1.1.1j/crypto/evp/kdf_lib.c.evp-kdf 2021-03-03 14:08:02.491294847 +0100
+++ openssl-1.1.1e/crypto/evp/kdf_lib.c 2020-03-19 16:04:20.723900386 +0100 +++ openssl-1.1.1j/crypto/evp/kdf_lib.c 2021-03-03 14:08:02.491294847 +0100
@@ -0,0 +1,165 @@ @@ -0,0 +1,165 @@
+/* +/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -339,9 +339,9 @@ diff -up openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1e/crypto/evp/k
+ return ctx->kmeth->derive(ctx->impl, key, keylen); + return ctx->kmeth->derive(ctx->impl, key, keylen);
+} +}
+ +
diff -up openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1e/crypto/evp/p5_crpt2.c diff -up openssl-1.1.1j/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1j/crypto/evp/p5_crpt2.c
--- openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/crypto/evp/p5_crpt2.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/crypto/evp/p5_crpt2.c 2020-03-19 16:17:48.822886126 +0100 +++ openssl-1.1.1j/crypto/evp/p5_crpt2.c 2021-03-03 14:08:02.491294847 +0100
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
/* /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
@ -490,9 +490,9 @@ diff -up openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1e/crypto/evp/
} }
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
diff -up openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1e/crypto/evp/pbe_scrypt.c diff -up openssl-1.1.1j/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1j/crypto/evp/pbe_scrypt.c
--- openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/crypto/evp/pbe_scrypt.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/crypto/evp/pbe_scrypt.c 2020-03-19 16:04:20.725900352 +0100 +++ openssl-1.1.1j/crypto/evp/pbe_scrypt.c 2021-03-03 14:08:02.491294847 +0100
@@ -7,135 +7,12 @@ @@ -7,135 +7,12 @@
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
@ -763,9 +763,9 @@ diff -up openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1e/crypto/ev
} }
+ +
#endif #endif
diff -up openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1e/crypto/evp/pkey_kdf.c diff -up openssl-1.1.1j/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1j/crypto/evp/pkey_kdf.c
--- openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf 2020-03-19 16:04:20.726900334 +0100 --- openssl-1.1.1j/crypto/evp/pkey_kdf.c.evp-kdf 2021-03-03 14:08:02.491294847 +0100
+++ openssl-1.1.1e/crypto/evp/pkey_kdf.c 2020-03-19 16:04:20.725900352 +0100 +++ openssl-1.1.1j/crypto/evp/pkey_kdf.c 2021-03-03 14:08:02.491294847 +0100
@@ -0,0 +1,255 @@ @@ -0,0 +1,255 @@
+/* +/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1022,17 +1022,17 @@ diff -up openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1e/crypto/evp/
+ pkey_kdf_ctrl_str + pkey_kdf_ctrl_str
+}; +};
+ +
diff -up openssl-1.1.1e/crypto/kdf/build.info.evp-kdf openssl-1.1.1e/crypto/kdf/build.info diff -up openssl-1.1.1j/crypto/kdf/build.info.evp-kdf openssl-1.1.1j/crypto/kdf/build.info
--- openssl-1.1.1e/crypto/kdf/build.info.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/crypto/kdf/build.info.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/crypto/kdf/build.info 2020-03-19 16:04:32.347699194 +0100 +++ openssl-1.1.1j/crypto/kdf/build.info 2021-03-03 14:08:02.491294847 +0100
@@ -1,3 +1,3 @@ @@ -1,3 +1,3 @@
LIBS=../../libcrypto LIBS=../../libcrypto
SOURCE[../../libcrypto]=\ SOURCE[../../libcrypto]=\
- tls1_prf.c kdf_err.c hkdf.c scrypt.c - tls1_prf.c kdf_err.c hkdf.c scrypt.c
+ tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c + tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c
diff -up openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1e/crypto/kdf/hkdf.c diff -up openssl-1.1.1j/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1j/crypto/kdf/hkdf.c
--- openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/crypto/kdf/hkdf.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/crypto/kdf/hkdf.c 2020-03-19 16:06:59.757147720 +0100 +++ openssl-1.1.1j/crypto/kdf/hkdf.c 2021-03-03 14:08:02.492294856 +0100
@@ -8,32 +8,33 @@ @@ -8,32 +8,33 @@
*/ */
@ -1498,9 +1498,9 @@ diff -up openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1e/crypto/kdf/hkdf
err: err:
OPENSSL_cleanse(prev, sizeof(prev)); OPENSSL_cleanse(prev, sizeof(prev));
diff -up openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_err.c diff -up openssl-1.1.1j/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_err.c
--- openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/crypto/kdf/kdf_err.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/crypto/kdf/kdf_err.c 2020-03-19 16:04:32.349699159 +0100 +++ openssl-1.1.1j/crypto/kdf/kdf_err.c 2021-03-03 14:08:02.492294856 +0100
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
/* /*
* Generated by util/mkerr.pl DO NOT EDIT * Generated by util/mkerr.pl DO NOT EDIT
@ -1556,9 +1556,9 @@ diff -up openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1e/crypto/kdf/k
{0, NULL} {0, NULL}
}; };
diff -up openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_local.h diff -up openssl-1.1.1j/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_local.h
--- openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf 2020-03-19 16:04:32.349699159 +0100 --- openssl-1.1.1j/crypto/kdf/kdf_local.h.evp-kdf 2021-03-03 14:08:02.492294856 +0100
+++ openssl-1.1.1e/crypto/kdf/kdf_local.h 2020-03-19 16:04:32.349699159 +0100 +++ openssl-1.1.1j/crypto/kdf/kdf_local.h 2021-03-03 14:08:02.492294856 +0100
@@ -0,0 +1,22 @@ @@ -0,0 +1,22 @@
+/* +/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1582,9 +1582,9 @@ diff -up openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1e/crypto/kdf
+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), + int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
+ int cmd, const char *md_name); + int cmd, const char *md_name);
+ +
diff -up openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_util.c diff -up openssl-1.1.1j/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_util.c
--- openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf 2020-03-19 16:04:32.350699142 +0100 --- openssl-1.1.1j/crypto/kdf/kdf_util.c.evp-kdf 2021-03-03 14:08:02.492294856 +0100
+++ openssl-1.1.1e/crypto/kdf/kdf_util.c 2020-03-19 16:04:32.350699142 +0100 +++ openssl-1.1.1j/crypto/kdf/kdf_util.c 2021-03-03 14:08:02.492294856 +0100
@@ -0,0 +1,73 @@ @@ -0,0 +1,73 @@
+/* +/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1659,9 +1659,9 @@ diff -up openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1e/crypto/kdf/
+ return call_ctrl(ctrl, impl, cmd, md); + return call_ctrl(ctrl, impl, cmd, md);
+} +}
+ +
diff -up openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1e/crypto/kdf/pbkdf2.c diff -up openssl-1.1.1j/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1j/crypto/kdf/pbkdf2.c
--- openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf 2020-03-19 16:04:32.374698727 +0100 --- openssl-1.1.1j/crypto/kdf/pbkdf2.c.evp-kdf 2021-03-03 14:08:02.492294856 +0100
+++ openssl-1.1.1e/crypto/kdf/pbkdf2.c 2020-03-19 16:04:32.374698727 +0100 +++ openssl-1.1.1j/crypto/kdf/pbkdf2.c 2021-03-03 14:08:02.492294856 +0100
@@ -0,0 +1,264 @@ @@ -0,0 +1,264 @@
+/* +/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -1927,9 +1927,9 @@ diff -up openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1e/crypto/kdf/pb
+ HMAC_CTX_free(hctx_tpl); + HMAC_CTX_free(hctx_tpl);
+ return ret; + return ret;
+} +}
diff -up openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1e/crypto/kdf/scrypt.c diff -up openssl-1.1.1j/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1j/crypto/kdf/scrypt.c
--- openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/crypto/kdf/scrypt.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/crypto/kdf/scrypt.c 2020-03-19 16:11:06.215872475 +0100 +++ openssl-1.1.1j/crypto/kdf/scrypt.c 2021-03-03 14:08:02.492294856 +0100
@@ -8,25 +8,35 @@ @@ -8,25 +8,35 @@
*/ */
@ -2517,9 +2517,9 @@ diff -up openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1e/crypto/kdf/sc
+} +}
#endif #endif
diff -up openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1e/crypto/kdf/tls1_prf.c diff -up openssl-1.1.1j/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1j/crypto/kdf/tls1_prf.c
--- openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/crypto/kdf/tls1_prf.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/crypto/kdf/tls1_prf.c 2020-03-19 16:10:32.317460707 +0100 +++ openssl-1.1.1j/crypto/kdf/tls1_prf.c 2021-03-03 14:08:02.492294856 +0100
@@ -8,11 +8,15 @@ @@ -8,11 +8,15 @@
*/ */
@ -2802,9 +2802,9 @@ diff -up openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1e/crypto/kdf/
OPENSSL_clear_free(tmp, olen); OPENSSL_clear_free(tmp, olen);
return 0; return 0;
} }
diff -up openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod diff -up openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod
--- openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf 2020-03-19 16:04:32.377698675 +0100 --- openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod.evp-kdf 2021-03-03 14:08:02.492294856 +0100
+++ openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod 2020-03-19 16:04:32.377698675 +0100 +++ openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod 2021-03-03 14:08:02.492294856 +0100
@@ -0,0 +1,217 @@ @@ -0,0 +1,217 @@
+=pod +=pod
+ +
@ -3023,9 +3023,9 @@ diff -up openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1e/doc/man3
+L<https://www.openssl.org/source/license.html>. +L<https://www.openssl.org/source/license.html>.
+ +
+=cut +=cut
diff -up openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod diff -up openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod
--- openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf 2020-03-19 16:04:32.377698675 +0100 --- openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod.evp-kdf 2021-03-03 14:08:02.493294865 +0100
+++ openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod 2020-03-19 16:04:32.377698675 +0100 +++ openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod 2021-03-03 14:08:02.493294865 +0100
@@ -0,0 +1,180 @@ @@ -0,0 +1,180 @@
+=pod +=pod
+ +
@ -3207,9 +3207,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1e/doc/man
+L<https://www.openssl.org/source/license.html>. +L<https://www.openssl.org/source/license.html>.
+ +
+=cut +=cut
diff -up openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod diff -up openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod
--- openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf 2020-03-19 16:04:32.378698658 +0100 --- openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf 2021-03-03 14:08:02.493294865 +0100
+++ openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod 2020-03-19 16:04:32.378698658 +0100 +++ openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod 2021-03-03 14:08:02.493294865 +0100
@@ -0,0 +1,78 @@ @@ -0,0 +1,78 @@
+=pod +=pod
+ +
@ -3289,9 +3289,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1e/doc/m
+L<https://www.openssl.org/source/license.html>. +L<https://www.openssl.org/source/license.html>.
+ +
+=cut +=cut
diff -up openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod diff -up openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod
--- openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf 2020-03-19 16:04:32.378698658 +0100 --- openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf 2021-03-03 14:08:02.493294865 +0100
+++ openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod 2020-03-19 16:04:32.378698658 +0100 +++ openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod 2021-03-03 14:08:02.493294865 +0100
@@ -0,0 +1,149 @@ @@ -0,0 +1,149 @@
+=pod +=pod
+ +
@ -3442,9 +3442,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1e/doc/m
+L<https://www.openssl.org/source/license.html>. +L<https://www.openssl.org/source/license.html>.
+ +
+=cut +=cut
diff -up openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod diff -up openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod
--- openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf 2020-03-19 16:04:32.378698658 +0100 --- openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf 2021-03-03 14:08:02.493294865 +0100
+++ openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod 2020-03-19 16:04:32.378698658 +0100 +++ openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod 2021-03-03 14:08:02.493294865 +0100
@@ -0,0 +1,142 @@ @@ -0,0 +1,142 @@
+=pod +=pod
+ +
@ -3588,9 +3588,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1e/doc
+L<https://www.openssl.org/source/license.html>. +L<https://www.openssl.org/source/license.html>.
+ +
+=cut +=cut
diff -up openssl-1.1.1e/include/crypto/evp.h.evp-kdf openssl-1.1.1e/include/crypto/evp.h diff -up openssl-1.1.1j/include/crypto/evp.h.evp-kdf openssl-1.1.1j/include/crypto/evp.h
--- openssl-1.1.1e/include/crypto/evp.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/include/crypto/evp.h.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/include/crypto/evp.h 2020-03-19 16:04:32.347699194 +0100 +++ openssl-1.1.1j/include/crypto/evp.h 2021-03-03 14:08:02.493294865 +0100
@@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m @@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m
extern const EVP_PKEY_METHOD poly1305_pkey_meth; extern const EVP_PKEY_METHOD poly1305_pkey_meth;
extern const EVP_PKEY_METHOD siphash_pkey_meth; extern const EVP_PKEY_METHOD siphash_pkey_meth;
@ -3616,10 +3616,10 @@ diff -up openssl-1.1.1e/include/crypto/evp.h.evp-kdf openssl-1.1.1e/include/cryp
struct evp_md_st { struct evp_md_st {
int type; int type;
int pkey_type; int pkey_type;
diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/openssl/evperr.h diff -up openssl-1.1.1j/include/openssl/evperr.h.evp-kdf openssl-1.1.1j/include/openssl/evperr.h
--- openssl-1.1.1e/include/openssl/evperr.h.evp-kdf 2020-03-19 16:04:11.250064365 +0100 --- openssl-1.1.1j/include/openssl/evperr.h.evp-kdf 2021-03-03 14:08:02.477294722 +0100
+++ openssl-1.1.1e/include/openssl/evperr.h 2020-03-19 16:04:32.379698640 +0100 +++ openssl-1.1.1j/include/openssl/evperr.h 2021-03-03 14:13:37.587003722 +0100
@@ -58,6 +58,9 @@ int ERR_load_EVP_strings(void); @@ -56,6 +56,9 @@ int ERR_load_EVP_strings(void);
# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219 # define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219
# define EVP_F_EVP_ENCRYPTFINAL_EX 127 # define EVP_F_EVP_ENCRYPTFINAL_EX 127
# define EVP_F_EVP_ENCRYPTUPDATE 167 # define EVP_F_EVP_ENCRYPTUPDATE 167
@ -3629,7 +3629,7 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/
# define EVP_F_EVP_MD_CTX_COPY_EX 110 # define EVP_F_EVP_MD_CTX_COPY_EX 110
# define EVP_F_EVP_MD_SIZE 162 # define EVP_F_EVP_MD_SIZE 162
# define EVP_F_EVP_OPENINIT 102 # define EVP_F_EVP_OPENINIT 102
@@ -120,11 +123,13 @@ int ERR_load_EVP_strings(void); @@ -118,11 +121,13 @@ int ERR_load_EVP_strings(void);
# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 # define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164
# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 # define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180
@ -3643,17 +3643,17 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/
# define EVP_F_UPDATE 173 # define EVP_F_UPDATE 173
/* /*
@@ -181,6 +186,7 @@ int ERR_load_EVP_strings(void); @@ -179,6 +184,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_ONLY_ONESHOT_SUPPORTED 177 # define EVP_R_ONLY_ONESHOT_SUPPORTED 177
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
# define EVP_R_OPERATON_NOT_INITIALIZED 151 # define EVP_R_OPERATON_NOT_INITIALIZED 151
+# define EVP_R_PARAMETER_TOO_LARGE 187 +# define EVP_R_PARAMETER_TOO_LARGE 187
# define EVP_R_OUTPUT_WOULD_OVERFLOW 184
# define EVP_R_PARTIALLY_OVERLAPPING 162 # define EVP_R_PARTIALLY_OVERLAPPING 162
# define EVP_R_PBKDF2_ERROR 181 # define EVP_R_PBKDF2_ERROR 181
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 diff -up openssl-1.1.1j/include/openssl/kdferr.h.evp-kdf openssl-1.1.1j/include/openssl/kdferr.h
diff -up openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf openssl-1.1.1e/include/openssl/kdferr.h --- openssl-1.1.1j/include/openssl/kdferr.h.evp-kdf 2021-02-16 16:24:01.000000000 +0100
--- openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100 +++ openssl-1.1.1j/include/openssl/kdferr.h 2021-03-03 14:08:02.493294865 +0100
+++ openssl-1.1.1e/include/openssl/kdferr.h 2020-03-19 16:04:32.379698640 +0100
@@ -23,6 +23,23 @@ int ERR_load_KDF_strings(void); @@ -23,6 +23,23 @@ int ERR_load_KDF_strings(void);
/* /*
* KDF function codes. * KDF function codes.
@ -3693,9 +3693,9 @@ diff -up openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf openssl-1.1.1e/include/
+# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112 +# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112
#endif #endif
diff -up openssl-1.1.1e/include/openssl/kdf.h.evp-kdf openssl-1.1.1e/include/openssl/kdf.h diff -up openssl-1.1.1j/include/openssl/kdf.h.evp-kdf openssl-1.1.1j/include/openssl/kdf.h
--- openssl-1.1.1e/include/openssl/kdf.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/include/openssl/kdf.h.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/include/openssl/kdf.h 2020-03-19 16:04:32.380698623 +0100 +++ openssl-1.1.1j/include/openssl/kdf.h 2021-03-03 14:08:02.493294865 +0100
@@ -10,10 +10,50 @@ @@ -10,10 +10,50 @@
#ifndef HEADER_KDF_H #ifndef HEADER_KDF_H
# define HEADER_KDF_H # define HEADER_KDF_H
@ -3774,9 +3774,9 @@ diff -up openssl-1.1.1e/include/openssl/kdf.h.evp-kdf openssl-1.1.1e/include/ope
} }
# endif # endif
#endif #endif
diff -up openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1e/include/openssl/ossl_typ.h diff -up openssl-1.1.1j/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1j/include/openssl/ossl_typ.h
--- openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/include/openssl/ossl_typ.h.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/include/openssl/ossl_typ.h 2020-03-19 16:04:32.381698606 +0100 +++ openssl-1.1.1j/include/openssl/ossl_typ.h 2021-03-03 14:08:02.493294865 +0100
@@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E @@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E
typedef struct evp_pkey_method_st EVP_PKEY_METHOD; typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
@ -3786,9 +3786,9 @@ diff -up openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1e/includ
typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
typedef struct hmac_ctx_st HMAC_CTX; typedef struct hmac_ctx_st HMAC_CTX;
diff -up openssl-1.1.1e/test/build.info.evp-kdf openssl-1.1.1e/test/build.info diff -up openssl-1.1.1j/test/build.info.evp-kdf openssl-1.1.1j/test/build.info
--- openssl-1.1.1e/test/build.info.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/test/build.info.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/test/build.info 2020-03-19 16:04:32.381698606 +0100 +++ openssl-1.1.1j/test/build.info 2021-03-03 14:08:02.493294865 +0100
@@ -44,7 +44,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I @@ -44,7 +44,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
bio_callback_test bio_memleak_test \ bio_callback_test bio_memleak_test \
@ -3810,9 +3810,9 @@ diff -up openssl-1.1.1e/test/build.info.evp-kdf openssl-1.1.1e/test/build.info
SOURCE[x509_time_test]=x509_time_test.c SOURCE[x509_time_test]=x509_time_test.c
INCLUDE[x509_time_test]=../include INCLUDE[x509_time_test]=../include
DEPEND[x509_time_test]=../libcrypto libtestutil.a DEPEND[x509_time_test]=../libcrypto libtestutil.a
diff -up openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf openssl-1.1.1e/test/evp_kdf_test.c diff -up openssl-1.1.1j/test/evp_kdf_test.c.evp-kdf openssl-1.1.1j/test/evp_kdf_test.c
--- openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf 2020-03-19 16:04:32.382698588 +0100 --- openssl-1.1.1j/test/evp_kdf_test.c.evp-kdf 2021-03-03 14:08:02.494294874 +0100
+++ openssl-1.1.1e/test/evp_kdf_test.c 2020-03-19 16:04:32.382698588 +0100 +++ openssl-1.1.1j/test/evp_kdf_test.c 2021-03-03 14:08:02.494294874 +0100
@@ -0,0 +1,237 @@ @@ -0,0 +1,237 @@
+/* +/*
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
@ -4051,9 +4051,9 @@ diff -up openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf openssl-1.1.1e/test/evp_kdf_
+#endif +#endif
+ return 1; + return 1;
+} +}
diff -up openssl-1.1.1e/test/evp_test.c.evp-kdf openssl-1.1.1e/test/evp_test.c diff -up openssl-1.1.1j/test/evp_test.c.evp-kdf openssl-1.1.1j/test/evp_test.c
--- openssl-1.1.1e/test/evp_test.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/test/evp_test.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/test/evp_test.c 2020-03-19 16:04:32.383698571 +0100 +++ openssl-1.1.1j/test/evp_test.c 2021-03-03 14:08:02.494294874 +0100
@@ -1705,13 +1705,14 @@ static const EVP_TEST_METHOD encode_test @@ -1705,13 +1705,14 @@ static const EVP_TEST_METHOD encode_test
encode_test_run, encode_test_run,
}; };
@ -4265,9 +4265,9 @@ diff -up openssl-1.1.1e/test/evp_test.c.evp-kdf openssl-1.1.1e/test/evp_test.c
&keypair_test_method, &keypair_test_method,
&keygen_test_method, &keygen_test_method,
&mac_test_method, &mac_test_method,
diff -up openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1e/test/pkey_meth_kdf_test.c diff -up openssl-1.1.1j/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1j/test/pkey_meth_kdf_test.c
--- openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/test/pkey_meth_kdf_test.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/test/pkey_meth_kdf_test.c 2020-03-19 16:04:32.386698519 +0100 +++ openssl-1.1.1j/test/pkey_meth_kdf_test.c 2021-03-03 14:08:02.494294874 +0100
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
/* /*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
@ -4471,9 +4471,9 @@ diff -up openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1e/test/pk
} }
#endif #endif
diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt
--- openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt 2020-03-19 16:04:32.388698484 +0100 +++ openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt 2021-03-03 14:08:02.494294874 +0100
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
# #
-# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. -# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
@ -4872,9 +4872,9 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl
+Ctrl.digest = digest:sha512 +Ctrl.digest = digest:sha512
+Output = 00ef42cdbfc98d29db20976608e455567fdddf14 +Output = 00ef42cdbfc98d29db20976608e455567fdddf14
+ +
diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt
--- openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf 2020-03-19 16:04:32.389698467 +0100 --- openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf 2021-03-03 14:08:02.494294874 +0100
+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt 2020-03-19 16:04:32.389698467 +0100 +++ openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt 2021-03-03 14:08:02.494294874 +0100
@@ -0,0 +1,305 @@ @@ -0,0 +1,305 @@
+# +#
+# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
@ -5181,9 +5181,9 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf op
+Ctrl.p = p:1 +Ctrl.p = p:1
+Result = INTERNAL_ERROR +Result = INTERNAL_ERROR
+ +
diff -up openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_kdf.t diff -up openssl-1.1.1j/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_kdf.t
--- openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf 2020-03-19 16:04:32.390698450 +0100 --- openssl-1.1.1j/test/recipes/30-test_evp_kdf.t.evp-kdf 2021-03-03 14:08:02.494294874 +0100
+++ openssl-1.1.1e/test/recipes/30-test_evp_kdf.t 2020-03-19 16:04:32.390698450 +0100 +++ openssl-1.1.1j/test/recipes/30-test_evp_kdf.t 2021-03-03 14:08:02.494294874 +0100
@@ -0,0 +1,13 @@ @@ -0,0 +1,13 @@
+#! /usr/bin/env perl +#! /usr/bin/env perl
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
@ -5198,9 +5198,9 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1e/te
+use OpenSSL::Test::Simple; +use OpenSSL::Test::Simple;
+ +
+simple_test("test_evp_kdf", "evp_kdf_test"); +simple_test("test_evp_kdf", "evp_kdf_test");
diff -up openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp.t diff -up openssl-1.1.1j/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp.t
--- openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/test/recipes/30-test_evp.t.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/test/recipes/30-test_evp.t 2020-03-19 16:04:32.390698450 +0100 +++ openssl-1.1.1j/test/recipes/30-test_evp.t 2021-03-03 14:08:02.495294883 +0100
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/ @@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/
setup("test_evp"); setup("test_evp");
@ -5210,10 +5210,10 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1e/test/r
"evpcase.txt", "evpccmcavs.txt" ); "evpcase.txt", "evpccmcavs.txt" );
plan tests => scalar(@files); plan tests => scalar(@files);
diff -up openssl-1.1.1e/util/libcrypto.num.evp-kdf openssl-1.1.1e/util/libcrypto.num diff -up openssl-1.1.1j/util/libcrypto.num.evp-kdf openssl-1.1.1j/util/libcrypto.num
--- openssl-1.1.1e/util/libcrypto.num.evp-kdf 2020-03-19 16:04:11.263064140 +0100 --- openssl-1.1.1j/util/libcrypto.num.evp-kdf 2021-03-03 14:08:02.481294758 +0100
+++ openssl-1.1.1e/util/libcrypto.num 2020-03-19 16:04:32.392698415 +0100 +++ openssl-1.1.1j/util/libcrypto.num 2021-03-03 14:08:02.495294883 +0100
@@ -4622,3 +4622,11 @@ FIPS_drbg_get_strength @@ -4626,3 +4626,11 @@ FIPS_drbg_get_strength
FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION: FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION:
FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION: FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION:
FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION: FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION:
@ -5225,9 +5225,9 @@ diff -up openssl-1.1.1e/util/libcrypto.num.evp-kdf openssl-1.1.1e/util/libcrypto
+EVP_KDF_ctrl_str 6595 1_1_1b EXIST::FUNCTION: +EVP_KDF_ctrl_str 6595 1_1_1b EXIST::FUNCTION:
+EVP_KDF_size 6596 1_1_1b EXIST::FUNCTION: +EVP_KDF_size 6596 1_1_1b EXIST::FUNCTION:
+EVP_KDF_derive 6597 1_1_1b EXIST::FUNCTION: +EVP_KDF_derive 6597 1_1_1b EXIST::FUNCTION:
diff -up openssl-1.1.1e/util/private.num.evp-kdf openssl-1.1.1e/util/private.num diff -up openssl-1.1.1j/util/private.num.evp-kdf openssl-1.1.1j/util/private.num
--- openssl-1.1.1e/util/private.num.evp-kdf 2020-03-17 15:31:17.000000000 +0100 --- openssl-1.1.1j/util/private.num.evp-kdf 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1e/util/private.num 2020-03-19 16:04:32.393698398 +0100 +++ openssl-1.1.1j/util/private.num 2021-03-03 14:08:02.495294883 +0100
@@ -21,6 +21,7 @@ CRYPTO_EX_dup @@ -21,6 +21,7 @@ CRYPTO_EX_dup
CRYPTO_EX_free datatype CRYPTO_EX_free datatype
CRYPTO_EX_new datatype CRYPTO_EX_new datatype

View File

@ -1,6 +1,6 @@
diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn_const.c diff -up openssl-1.1.1j/crypto/bn/bn_const.c.fips-dh openssl-1.1.1j/crypto/bn/bn_const.c
--- openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 --- openssl-1.1.1j/crypto/bn/bn_const.c.fips-dh 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1g/crypto/bn/bn_const.c 2020-07-17 10:36:29.245788441 +0200 +++ openssl-1.1.1j/crypto/bn/bn_const.c 2021-03-03 14:23:27.403092418 +0100
@@ -1,13 +1,17 @@ @@ -1,13 +1,17 @@
/* /*
- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
@ -477,9 +477,9 @@ diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn
- return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn); - return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn);
+ return COPY_BN(bn, _bignum_modp_8192_p); + return COPY_BN(bn, _bignum_modp_8192_p);
} }
diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh.c diff -up openssl-1.1.1j/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1j/crypto/bn/bn_dh.c
--- openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 --- openssl-1.1.1j/crypto/bn/bn_dh.c.fips-dh 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1g/crypto/bn/bn_dh.c 2020-07-17 10:36:29.246788449 +0200 +++ openssl-1.1.1j/crypto/bn/bn_dh.c 2021-03-03 14:23:27.404092427 +0100
@@ -1,7 +1,7 @@ @@ -1,7 +1,7 @@
/* /*
- * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
@ -1956,9 +1956,9 @@ diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh
-#endif -#endif
+#endif /* OPENSSL_NO_DH */ +#endif /* OPENSSL_NO_DH */
diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh_check.c diff -up openssl-1.1.1j/crypto/dh/dh_check.c.fips-dh openssl-1.1.1j/crypto/dh/dh_check.c
--- openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 --- openssl-1.1.1j/crypto/dh/dh_check.c.fips-dh 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1g/crypto/dh/dh_check.c 2020-07-17 10:36:29.246788449 +0200 +++ openssl-1.1.1j/crypto/dh/dh_check.c 2021-03-03 14:23:27.404092427 +0100
@@ -10,6 +10,7 @@ @@ -10,6 +10,7 @@
#include <stdio.h> #include <stdio.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
@ -2043,9 +2043,9 @@ diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh
+ return dh_check_pub_key_int(dh, q, pub_key, ret); + return dh_check_pub_key_int(dh, q, pub_key, ret);
+} +}
+ +
diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_gen.c diff -up openssl-1.1.1j/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1j/crypto/dh/dh_gen.c
--- openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh 2020-07-17 10:36:29.182787923 +0200 --- openssl-1.1.1j/crypto/dh/dh_gen.c.fips-dh 2021-03-03 14:23:27.338091859 +0100
+++ openssl-1.1.1g/crypto/dh/dh_gen.c 2020-07-17 10:36:29.246788449 +0200 +++ openssl-1.1.1j/crypto/dh/dh_gen.c 2021-03-03 14:23:27.404092427 +0100
@@ -27,8 +27,7 @@ int DH_generate_parameters_ex(DH *ret, i @@ -27,8 +27,7 @@ int DH_generate_parameters_ex(DH *ret, i
BN_GENCB *cb) BN_GENCB *cb)
{ {
@ -2075,10 +2075,10 @@ diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_g
ctx = BN_CTX_new(); ctx = BN_CTX_new();
if (ctx == NULL) if (ctx == NULL)
goto err; goto err;
diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_key.c diff -up openssl-1.1.1j/crypto/dh/dh_key.c.fips-dh openssl-1.1.1j/crypto/dh/dh_key.c
--- openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh 2020-07-17 10:36:29.182787923 +0200 --- openssl-1.1.1j/crypto/dh/dh_key.c.fips-dh 2021-03-03 14:23:27.338091859 +0100
+++ openssl-1.1.1g/crypto/dh/dh_key.c 2020-07-17 11:00:07.783777846 +0200 +++ openssl-1.1.1j/crypto/dh/dh_key.c 2021-03-03 14:51:36.235296236 +0100
@@ -100,10 +100,18 @@ static int generate_key(DH *dh) @@ -120,10 +120,18 @@ static int generate_key(DH *dh)
BIGNUM *pub_key = NULL, *priv_key = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL;
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
@ -2101,7 +2101,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
} }
#endif #endif
@@ -139,7 +147,15 @@ static int generate_key(DH *dh) @@ -159,7 +167,15 @@ static int generate_key(DH *dh)
} }
if (generate_new_key) { if (generate_new_key) {
@ -2118,7 +2118,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
do { do {
if (!BN_priv_rand_range(priv_key, dh->q)) if (!BN_priv_rand_range(priv_key, dh->q))
goto err; goto err;
@@ -175,6 +191,15 @@ static int generate_key(DH *dh) @@ -195,6 +211,15 @@ static int generate_key(DH *dh)
} }
/* We MUST free prk before any further use of priv_key */ /* We MUST free prk before any further use of priv_key */
BN_clear_free(prk); BN_clear_free(prk);
@ -2134,7 +2134,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
} }
dh->pub_key = pub_key; dh->pub_key = pub_key;
@@ -197,6 +222,7 @@ static int compute_key(unsigned char *ke @@ -217,6 +242,7 @@ static int compute_key(unsigned char *ke
BN_CTX *ctx = NULL; BN_CTX *ctx = NULL;
BN_MONT_CTX *mont = NULL; BN_MONT_CTX *mont = NULL;
BIGNUM *tmp; BIGNUM *tmp;
@ -2142,7 +2142,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
int ret = -1; int ret = -1;
int check_result; int check_result;
@@ -243,6 +269,18 @@ static int compute_key(unsigned char *ke @@ -263,6 +289,18 @@ static int compute_key(unsigned char *ke
DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB); DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
goto err; goto err;
} }
@ -2159,11 +2159,11 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
+ goto err; + goto err;
+ } + }
ret = BN_bn2bin(tmp, key); ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p));
err: err:
diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_lib.c diff -up openssl-1.1.1j/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1j/crypto/dh/dh_lib.c
--- openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 --- openssl-1.1.1j/crypto/dh/dh_lib.c.fips-dh 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1g/crypto/dh/dh_lib.c 2020-07-17 10:36:29.246788449 +0200 +++ openssl-1.1.1j/crypto/dh/dh_lib.c 2021-03-03 14:23:27.405092436 +0100
@@ -8,6 +8,7 @@ @@ -8,6 +8,7 @@
*/ */
@ -2193,9 +2193,9 @@ diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_l
dh->length = BN_num_bits(q); dh->length = BN_num_bits(q);
} }
diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh_local.h diff -up openssl-1.1.1j/crypto/dh/dh_local.h.fips-dh openssl-1.1.1j/crypto/dh/dh_local.h
--- openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh 2020-07-17 10:36:28.968786163 +0200 --- openssl-1.1.1j/crypto/dh/dh_local.h.fips-dh 2021-03-03 14:23:27.202090689 +0100
+++ openssl-1.1.1g/crypto/dh/dh_local.h 2020-07-17 10:36:29.246788449 +0200 +++ openssl-1.1.1j/crypto/dh/dh_local.h 2021-03-03 14:23:27.405092436 +0100
@@ -35,6 +35,7 @@ struct dh_st { @@ -35,6 +35,7 @@ struct dh_st {
const DH_METHOD *meth; const DH_METHOD *meth;
ENGINE *engine; ENGINE *engine;
@ -2215,9 +2215,9 @@ diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh
+/* FIPS mode only check which requires nid set and looks up q based on it. */ +/* FIPS mode only check which requires nid set and looks up q based on it. */
+int dh_check_pub_key_full(const DH *dh, const BIGNUM *pub_key, int *ret); +int dh_check_pub_key_full(const DH *dh, const BIGNUM *pub_key, int *ret);
+ +
diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/dh_rfc7919.c diff -up openssl-1.1.1j/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1j/crypto/dh/dh_rfc7919.c
--- openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 --- openssl-1.1.1j/crypto/dh/dh_rfc7919.c.fips-dh 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1g/crypto/dh/dh_rfc7919.c 2020-07-17 10:36:29.246788449 +0200 +++ openssl-1.1.1j/crypto/dh/dh_rfc7919.c 2021-03-03 14:23:27.405092436 +0100
@@ -7,6 +7,8 @@ @@ -7,6 +7,8 @@
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
@ -2387,10 +2387,10 @@ diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/
+ return dh_match_group(dh, q, NULL) != NID_undef; + return dh_match_group(dh, q, NULL) != NID_undef;
+} +}
+ +
diff -up openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh openssl-1.1.1g/crypto/ec/ec_key.c diff -up openssl-1.1.1j/crypto/ec/ec_key.c.fips-dh openssl-1.1.1j/crypto/ec/ec_key.c
--- openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh 2020-07-17 11:00:53.958175227 +0200 --- openssl-1.1.1j/crypto/ec/ec_key.c.fips-dh 2021-03-03 14:23:27.339091868 +0100
+++ openssl-1.1.1g/crypto/ec/ec_key.c 2020-07-20 13:24:03.941107320 +0200 +++ openssl-1.1.1j/crypto/ec/ec_key.c 2021-03-03 14:23:27.405092436 +0100
@@ -280,9 +280,18 @@ int ec_key_simple_generate_key(EC_KEY *e @@ -281,9 +281,18 @@ int ec_key_simple_generate_key(EC_KEY *e
if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
goto err; goto err;
@ -2410,7 +2410,7 @@ diff -up openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh openssl-1.1.1g/crypto/ec/ec_k
ok = 1; ok = 1;
err: err:
@@ -296,8 +305,23 @@ int ec_key_simple_generate_key(EC_KEY *e @@ -297,8 +306,23 @@ int ec_key_simple_generate_key(EC_KEY *e
int ec_key_simple_generate_public_key(EC_KEY *eckey) int ec_key_simple_generate_public_key(EC_KEY *eckey)
{ {
@ -2435,9 +2435,9 @@ diff -up openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh openssl-1.1.1g/crypto/ec/ec_k
} }
int EC_KEY_check_key(const EC_KEY *eckey) int EC_KEY_check_key(const EC_KEY *eckey)
diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_lib.c diff -up openssl-1.1.1j/crypto/evp/p_lib.c.fips-dh openssl-1.1.1j/crypto/evp/p_lib.c
--- openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh 2020-04-21 14:22:39.000000000 +0200 --- openssl-1.1.1j/crypto/evp/p_lib.c.fips-dh 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1g/crypto/evp/p_lib.c 2020-07-17 10:36:29.247788458 +0200 +++ openssl-1.1.1j/crypto/evp/p_lib.c 2021-03-03 14:23:27.405092436 +0100
@@ -540,7 +540,8 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *p @@ -540,7 +540,8 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *p
int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
@ -2448,9 +2448,9 @@ diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_l
int ret = EVP_PKEY_assign(pkey, type, key); int ret = EVP_PKEY_assign(pkey, type, key);
if (ret) if (ret)
diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/objects/obj_dat.h diff -up openssl-1.1.1j/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1j/crypto/objects/obj_dat.h
--- openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh 2020-07-17 10:36:29.239788392 +0200 --- openssl-1.1.1j/crypto/objects/obj_dat.h.fips-dh 2021-03-03 14:23:27.394092341 +0100
+++ openssl-1.1.1g/crypto/objects/obj_dat.h 2020-07-17 10:36:29.247788458 +0200 +++ openssl-1.1.1j/crypto/objects/obj_dat.h 2021-03-03 14:23:27.406092444 +0100
@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = { @@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */
}; };
@ -2512,9 +2512,9 @@ diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/o
481, /* "nSRecord" */ 481, /* "nSRecord" */
173, /* "name" */ 173, /* "name" */
681, /* "onBasis" */ 681, /* "onBasis" */
diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto/objects/objects.txt diff -up openssl-1.1.1j/crypto/objects/objects.txt.fips-dh openssl-1.1.1j/crypto/objects/objects.txt
--- openssl-1.1.1g/crypto/objects/objects.txt.fips-dh 2020-07-17 10:36:29.239788392 +0200 --- openssl-1.1.1j/crypto/objects/objects.txt.fips-dh 2021-03-03 14:23:27.395092350 +0100
+++ openssl-1.1.1g/crypto/objects/objects.txt 2020-07-17 10:36:29.247788458 +0200 +++ openssl-1.1.1j/crypto/objects/objects.txt 2021-03-03 14:23:27.406092444 +0100
@@ -1657,6 +1657,13 @@ id-pkinit 5 : pkInit @@ -1657,6 +1657,13 @@ id-pkinit 5 : pkInit
: ffdhe4096 : ffdhe4096
: ffdhe6144 : ffdhe6144
@ -2529,9 +2529,9 @@ diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto
# OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17) # OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17)
diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto/objects/obj_mac.num diff -up openssl-1.1.1j/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1j/crypto/objects/obj_mac.num
--- openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh 2020-07-17 10:36:29.239788392 +0200 --- openssl-1.1.1j/crypto/objects/obj_mac.num.fips-dh 2021-03-03 14:23:27.395092350 +0100
+++ openssl-1.1.1g/crypto/objects/obj_mac.num 2020-07-17 10:36:29.248788466 +0200 +++ openssl-1.1.1j/crypto/objects/obj_mac.num 2021-03-03 14:23:27.406092444 +0100
@@ -1196,3 +1196,9 @@ sshkdf 1195 @@ -1196,3 +1196,9 @@ sshkdf 1195
kbkdf 1196 kbkdf 1196
krb5kdf 1197 krb5kdf 1197
@ -2542,9 +2542,9 @@ diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto
+modp_4096 1202 +modp_4096 1202
+modp_6144 1203 +modp_6144 1203
+modp_8192 1204 +modp_8192 1204
diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/man3/DH_new_by_nid.pod diff -up openssl-1.1.1j/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1j/doc/man3/DH_new_by_nid.pod
--- openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh 2020-04-21 14:22:39.000000000 +0200 --- openssl-1.1.1j/doc/man3/DH_new_by_nid.pod.fips-dh 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1g/doc/man3/DH_new_by_nid.pod 2020-07-17 10:36:29.248788466 +0200 +++ openssl-1.1.1j/doc/man3/DH_new_by_nid.pod 2021-03-03 14:23:27.406092444 +0100
@@ -8,13 +8,15 @@ DH_new_by_nid, DH_get_nid - get or find @@ -8,13 +8,15 @@ DH_new_by_nid, DH_get_nid - get or find
#include <openssl/dh.h> #include <openssl/dh.h>
@ -2563,9 +2563,9 @@ diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/ma
DH_get_nid() determines if the parameters contained in B<dh> match DH_get_nid() determines if the parameters contained in B<dh> match
any named set. It returns the NID corresponding to the matching parameters or any named set. It returns the NID corresponding to the matching parameters or
diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod diff -up openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod
--- openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh 2020-04-21 14:22:39.000000000 +0200 --- openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod 2020-07-17 10:36:29.248788466 +0200 +++ openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod 2021-03-03 14:23:27.406092444 +0100
@@ -294,10 +294,11 @@ The EVP_PKEY_CTX_set_dh_pad() macro sets @@ -294,10 +294,11 @@ The EVP_PKEY_CTX_set_dh_pad() macro sets
If B<pad> is zero (the default) then no padding is performed. If B<pad> is zero (the default) then no padding is performed.
@ -2582,9 +2582,9 @@ diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/do
The nid parameter and the rfc5114 parameter are mutually exclusive. The nid parameter and the rfc5114 parameter are mutually exclusive.
The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are
diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/crypto/bn_dh.h diff -up openssl-1.1.1j/include/crypto/bn_dh.h.fips-dh openssl-1.1.1j/include/crypto/bn_dh.h
--- openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh 2020-04-21 14:22:39.000000000 +0200 --- openssl-1.1.1j/include/crypto/bn_dh.h.fips-dh 2021-02-16 16:24:01.000000000 +0100
+++ openssl-1.1.1g/include/crypto/bn_dh.h 2020-07-17 10:36:29.248788466 +0200 +++ openssl-1.1.1j/include/crypto/bn_dh.h 2021-03-03 14:23:27.406092444 +0100
@@ -1,7 +1,7 @@ @@ -1,7 +1,7 @@
/* /*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
@ -2633,9 +2633,9 @@ diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/cr
+extern const BIGNUM _bignum_modp_4096_q; +extern const BIGNUM _bignum_modp_4096_q;
+extern const BIGNUM _bignum_modp_6144_q; +extern const BIGNUM _bignum_modp_6144_q;
+extern const BIGNUM _bignum_modp_8192_q; +extern const BIGNUM _bignum_modp_8192_q;
diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include/openssl/obj_mac.h diff -up openssl-1.1.1j/include/openssl/obj_mac.h.fips-dh openssl-1.1.1j/include/openssl/obj_mac.h
--- openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh 2020-07-17 10:36:29.240788400 +0200 --- openssl-1.1.1j/include/openssl/obj_mac.h.fips-dh 2021-03-03 14:23:27.396092358 +0100
+++ openssl-1.1.1g/include/openssl/obj_mac.h 2020-07-17 10:36:29.248788466 +0200 +++ openssl-1.1.1j/include/openssl/obj_mac.h 2021-03-03 14:23:27.407092453 +0100
@@ -5115,6 +5115,24 @@ @@ -5115,6 +5115,24 @@
#define SN_ffdhe8192 "ffdhe8192" #define SN_ffdhe8192 "ffdhe8192"
#define NID_ffdhe8192 1130 #define NID_ffdhe8192 1130
@ -2661,10 +2661,10 @@ diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include
#define SN_ISO_UA "ISO-UA" #define SN_ISO_UA "ISO-UA"
#define NID_ISO_UA 1150 #define NID_ISO_UA 1150
#define OBJ_ISO_UA OBJ_member_body,804L #define OBJ_ISO_UA OBJ_member_body,804L
diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c diff -up openssl-1.1.1j/ssl/s3_lib.c.fips-dh openssl-1.1.1j/ssl/s3_lib.c
--- openssl-1.1.1g/ssl/s3_lib.c.fips-dh 2020-07-17 10:36:29.199788063 +0200 --- openssl-1.1.1j/ssl/s3_lib.c.fips-dh 2021-03-03 14:23:27.354091997 +0100
+++ openssl-1.1.1g/ssl/s3_lib.c 2020-07-17 10:36:29.248788466 +0200 +++ openssl-1.1.1j/ssl/s3_lib.c 2021-03-03 14:23:27.407092453 +0100
@@ -4858,13 +4858,51 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey @@ -4849,13 +4849,51 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey
EVP_PKEY *ssl_dh_to_pkey(DH *dh) EVP_PKEY *ssl_dh_to_pkey(DH *dh)
{ {
EVP_PKEY *ret; EVP_PKEY *ret;
@ -2716,11 +2716,10 @@ diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c
return ret; return ret;
} }
#endif #endif
diff -up openssl-1.1.1j/ssl/t1_lib.c.fips-dh openssl-1.1.1j/ssl/t1_lib.c
diff -up openssl-1.1.1h/ssl/t1_lib.c.fips-dh openssl-1.1.1h/ssl/t1_lib.c --- openssl-1.1.1j/ssl/t1_lib.c.fips-dh 2021-03-03 14:23:27.401092401 +0100
--- openssl-1.1.1h/ssl/t1_lib.c.fips-dh 2020-11-04 14:04:41.851711629 +0100 +++ openssl-1.1.1j/ssl/t1_lib.c 2021-03-03 14:23:27.407092453 +0100
+++ openssl-1.1.1h/ssl/t1_lib.c 2020-11-04 14:06:06.506431652 +0100 @@ -2542,7 +2542,7 @@ DH *ssl_get_auto_dh(SSL *s)
@@ -2470,7 +2470,7 @@
p = BN_get_rfc3526_prime_4096(NULL); p = BN_get_rfc3526_prime_4096(NULL);
else if (dh_secbits >= 128) else if (dh_secbits >= 128)
p = BN_get_rfc3526_prime_3072(NULL); p = BN_get_rfc3526_prime_3072(NULL);

File diff suppressed because it is too large Load Diff

View File

@ -1,113 +0,0 @@
diff -up openssl-1.1.1i/crypto/x509/x509_vfy.c.verify-cert openssl-1.1.1i/crypto/x509/x509_vfy.c
--- openssl-1.1.1i/crypto/x509/x509_vfy.c.verify-cert 2021-01-20 17:24:53.100175663 +0100
+++ openssl-1.1.1i/crypto/x509/x509_vfy.c 2021-01-20 17:24:53.156176315 +0100
@@ -323,9 +323,10 @@ static int sk_X509_contains(STACK_OF(X50
}
/*
- * Find in given STACK_OF(X509) sk a non-expired issuer cert (if any) of given cert x.
- * The issuer must not be the same as x and must not yet be in ctx->chain, where the
- * exceptional case x is self-issued and ctx->chain has just one element is allowed.
+ * Find in given STACK_OF(X509) sk an issuer cert of given cert x.
+ * The issuer must not yet be in ctx->chain, where the exceptional case
+ * that x is self-issued and ctx->chain has just one element is allowed.
+ * Prefer the first one that is not expired, else take the last expired one.
*/
static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
{
@@ -338,7 +339,7 @@ static X509 *find_issuer(X509_STORE_CTX
* Below check 'issuer != x' is an optimization and safety precaution:
* Candidate issuer cert cannot be the same as the subject cert 'x'.
*/
- if (issuer != x && ctx->check_issued(ctx, x, issuer)
+ if (ctx->check_issued(ctx, x, issuer)
&& (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1)
|| !sk_X509_contains(ctx->chain, issuer))) {
rv = issuer;
diff -up openssl-1.1.1i/test/recipes/70-test_verify_extra.t.verify-cert openssl-1.1.1i/test/recipes/70-test_verify_extra.t
--- openssl-1.1.1i/test/recipes/70-test_verify_extra.t.verify-cert 2020-12-08 14:20:59.000000000 +0100
+++ openssl-1.1.1i/test/recipes/70-test_verify_extra.t 2021-01-20 17:24:53.156176315 +0100
@@ -16,4 +16,5 @@ plan tests => 1;
ok(run(test(["verify_extra_test",
srctop_file("test", "certs", "roots.pem"),
srctop_file("test", "certs", "untrusted.pem"),
- srctop_file("test", "certs", "bad.pem")])));
+ srctop_file("test", "certs", "bad.pem"),
+ srctop_file("test", "certs", "rootCA.pem")])));
diff -up openssl-1.1.1i/test/verify_extra_test.c.verify-cert openssl-1.1.1i/test/verify_extra_test.c
--- openssl-1.1.1i/test/verify_extra_test.c.verify-cert 2020-12-08 14:20:59.000000000 +0100
+++ openssl-1.1.1i/test/verify_extra_test.c 2021-01-20 17:24:53.156176315 +0100
@@ -18,6 +18,21 @@
static const char *roots_f;
static const char *untrusted_f;
static const char *bad_f;
+static const char *good_f;
+
+static X509 *load_cert_pem(const char *file)
+{
+ X509 *cert = NULL;
+ BIO *bio = NULL;
+
+ if (!TEST_ptr(bio = BIO_new(BIO_s_file())))
+ return NULL;
+ if (TEST_int_gt(BIO_read_filename(bio, file), 0))
+ (void)TEST_ptr(cert = PEM_read_bio_X509(bio, NULL, NULL, NULL));
+
+ BIO_free(bio);
+ return cert;
+}
static STACK_OF(X509) *load_certs_from_file(const char *filename)
{
@@ -175,16 +190,48 @@ static int test_store_ctx(void)
return testresult;
}
+static int test_self_signed(const char *filename, int expected)
+{
+ X509 *cert = load_cert_pem(filename);
+ STACK_OF(X509) *trusted = sk_X509_new_null();
+ X509_STORE_CTX *ctx = X509_STORE_CTX_new();
+ int ret;
+
+ ret = TEST_ptr(cert)
+ && TEST_true(sk_X509_push(trusted, cert))
+ && TEST_true(X509_STORE_CTX_init(ctx, NULL, cert, NULL));
+ X509_STORE_CTX_trusted_stack(ctx, trusted);
+ ret = ret && TEST_int_eq(X509_verify_cert(ctx), expected);
+
+ X509_STORE_CTX_free(ctx);
+ sk_X509_free(trusted);
+ X509_free(cert);
+ return ret;
+}
+
+static int test_self_signed_good(void)
+{
+ return test_self_signed(good_f, 1);
+}
+
+static int test_self_signed_bad(void)
+{
+ return test_self_signed(bad_f, 0);
+}
+
int setup_tests(void)
{
if (!TEST_ptr(roots_f = test_get_argument(0))
|| !TEST_ptr(untrusted_f = test_get_argument(1))
- || !TEST_ptr(bad_f = test_get_argument(2))) {
- TEST_error("usage: verify_extra_test roots.pem untrusted.pem bad.pem\n");
+ || !TEST_ptr(bad_f = test_get_argument(2))
+ || !TEST_ptr(good_f = test_get_argument(3))) {
+ TEST_error("usage: verify_extra_test roots.pem untrusted.pem bad.pem good.pem\n");
return 0;
}
ADD_TEST(test_alt_chains_cert_forgery);
ADD_TEST(test_store_ctx);
+ ADD_TEST(test_self_signed_good);
+ ADD_TEST(test_self_signed_bad);
return 1;
}

View File

@ -4,9 +4,9 @@ diff -up openssl-1.1.1i/include/openssl/opensslv.h.version-override openssl-1.1.
@@ -40,7 +40,7 @@ extern "C" { @@ -40,7 +40,7 @@ extern "C" {
* major minor fix final patch/beta) * major minor fix final patch/beta)
*/ */
# define OPENSSL_VERSION_NUMBER 0x1010109fL # define OPENSSL_VERSION_NUMBER 0x101010afL
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1i 8 Dec 2020" -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1j 16 Feb 2021"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1i FIPS 8 Dec 2020" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1j FIPS 16 Feb 2021"
/*- /*-
* The macros below are to be used for shared library (.so, .dll, ...) * The macros below are to be used for shared library (.so, .dll, ...)

View File

@ -21,8 +21,8 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.1.1i Version: 1.1.1j
Release: 3%{?dist} Release: 1%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -42,10 +42,6 @@ Patch1: openssl-1.1.1-build.patch
Patch2: openssl-1.1.1-defaults.patch Patch2: openssl-1.1.1-defaults.patch
Patch3: openssl-1.1.1-no-html.patch Patch3: openssl-1.1.1-no-html.patch
Patch4: openssl-1.1.1-man-rename.patch Patch4: openssl-1.1.1-man-rename.patch
# Bug fixes
Patch21: openssl-1.1.0-issuer-hash.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1916594
Patch71: openssl-1.1.1-verify-cert.patch
# Functionality changes # Functionality changes
Patch31: openssl-1.1.1-conf-paths.patch Patch31: openssl-1.1.1-conf-paths.patch
@ -158,8 +154,6 @@ cp %{SOURCE13} test/
%patch3 -p1 -b .no-html %{?_rawbuild} %patch3 -p1 -b .no-html %{?_rawbuild}
%patch4 -p1 -b .man-rename %patch4 -p1 -b .man-rename
%patch21 -p1 -b .issuer-hash
%patch31 -p1 -b .conf-paths %patch31 -p1 -b .conf-paths
%patch32 -p1 -b .version-add-engines %patch32 -p1 -b .version-add-engines
%patch33 -p1 -b .dgst %patch33 -p1 -b .dgst
@ -189,7 +183,6 @@ cp %{SOURCE13} test/
%patch67 -p1 -b .kdf-selftest %patch67 -p1 -b .kdf-selftest
%patch69 -p1 -b .alpn-cb %patch69 -p1 -b .alpn-cb
%patch70 -p1 -b .rewire-fips-drbg %patch70 -p1 -b .rewire-fips-drbg
%patch71 -p1 -b .verify-cert
%build %build
@ -478,6 +471,9 @@ export LD_LIBRARY_PATH
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Tue Feb 23 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1j-1
- Upgrade to version 1.1.1.j
* Wed Feb 10 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1i-3 * Wed Feb 10 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1i-3
- Fix regression in X509_verify_cert() (bz1916594) - Fix regression in X509_verify_cert() (bz1916594)

View File

@ -1 +1 @@
SHA512 (openssl-1.1.1i-hobbled.tar.xz) = e131a05e88690a7be7c3d74cbb26620130498ced2ce3d7fd55979aab5ea736ec8b268ba92268bd5bc347989325a3950a066883007cb20c2dd9739fd1eafc513f SHA512 (openssl-1.1.1j-hobbled.tar.xz) = ad7387f11043b46873f5cb484a83822a1e11aae3fd09cab699192034be7f6e7a8fcaa1960df8bf96871e6268b63cf7046ebb75c4df72de67bb4b3d2aa94f77e7