Update to 1.0.0d
Synced patches with Fedora native openssl-1.0.0d-2.
This commit is contained in:
parent
f9c5c21b08
commit
ca8adb3bca
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
|||||||
openssl-1.0.0a-usa.tar.bz2
|
openssl-1.0.0a-usa.tar.bz2
|
||||||
|
/openssl-1.0.0d-usa.tar.bz2
|
||||||
|
@ -5,9 +5,9 @@ set -e
|
|||||||
|
|
||||||
# Clean out patent-or-otherwise-encumbered code.
|
# Clean out patent-or-otherwise-encumbered code.
|
||||||
# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
|
# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
|
||||||
# IDEA: 5,214,703 25/05/2010
|
# IDEA: 5,214,703 07/01/2012
|
||||||
# RC5: 5,724,428 03/03/2015
|
# RC5: 5,724,428 01/11/2015
|
||||||
# EC: ????????? ??/??/2015
|
# EC: ????????? ??/??/2020
|
||||||
|
|
||||||
# Remove assembler portions of IDEA, MDC2, and RC5.
|
# Remove assembler portions of IDEA, MDC2, and RC5.
|
||||||
(find crypto/{idea,rc5}/asm -type f | xargs -r rm -fv)
|
(find crypto/{idea,rc5}/asm -type f | xargs -r rm -fv)
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.0.0a/engines/Makefile.mingw-sfx openssl-1.0.0a/engines/Makefile
|
diff -up openssl-1.0.0d/engines/Makefile.mingw-sfx openssl-1.0.0d/engines/Makefile
|
||||||
--- openssl-1.0.0a/engines/Makefile.mingw-sfx 2010-06-19 21:52:59.000000000 +0300
|
--- openssl-1.0.0d/engines/Makefile.mingw-sfx 2011-04-23 13:04:15.452843560 +0300
|
||||||
+++ openssl-1.0.0a/engines/Makefile 2010-06-19 21:53:34.000000000 +0300
|
+++ openssl-1.0.0d/engines/Makefile 2011-04-23 13:04:15.689846190 +0300
|
||||||
@@ -111,7 +111,10 @@ install:
|
@@ -111,7 +111,10 @@ install:
|
||||||
for l in $(LIBNAMES); do \
|
for l in $(LIBNAMES); do \
|
||||||
( echo installing $$l; \
|
( echo installing $$l; \
|
||||||
@ -12,4 +12,4 @@ diff -up openssl-1.0.0a/engines/Makefile.mingw-sfx openssl-1.0.0a/engines/Makefi
|
|||||||
+ elif [ "$(PLATFORM)" != "Cygwin" ]; then \
|
+ elif [ "$(PLATFORM)" != "Cygwin" ]; then \
|
||||||
case "$(CFLAGS)" in \
|
case "$(CFLAGS)" in \
|
||||||
*DSO_BEOS*) sfx=".so";; \
|
*DSO_BEOS*) sfx=".so";; \
|
||||||
*DSO_DLFCN*) sfx=".so";; \
|
*DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \
|
@ -28,8 +28,8 @@
|
|||||||
%global thread_test_threads %{?threads:%{threads}}%{!?threads:1}
|
%global thread_test_threads %{?threads:%{threads}}%{!?threads:1}
|
||||||
|
|
||||||
Name: mingw32-openssl
|
Name: mingw32-openssl
|
||||||
Version: 1.0.0a
|
Version: 1.0.0d
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: MinGW port of the OpenSSL toolkit
|
Summary: MinGW port of the OpenSSL toolkit
|
||||||
|
|
||||||
License: OpenSSL
|
License: OpenSSL
|
||||||
@ -59,7 +59,7 @@ Patch7: openssl-1.0.0-timezone.patch
|
|||||||
# Bug fixes
|
# Bug fixes
|
||||||
Patch23: openssl-1.0.0-beta4-default-paths.patch
|
Patch23: openssl-1.0.0-beta4-default-paths.patch
|
||||||
Patch24: openssl-0.9.8j-bad-mime.patch
|
Patch24: openssl-0.9.8j-bad-mime.patch
|
||||||
Patch25: openssl-1.0.0a-sslt1lib.patch
|
Patch25: openssl-1.0.0a-manfix.patch
|
||||||
# Functionality changes
|
# Functionality changes
|
||||||
Patch32: openssl-0.9.8g-ia64.patch
|
Patch32: openssl-0.9.8g-ia64.patch
|
||||||
Patch33: openssl-1.0.0-beta4-ca-dir.patch
|
Patch33: openssl-1.0.0-beta4-ca-dir.patch
|
||||||
@ -67,7 +67,7 @@ Patch34: openssl-0.9.6-x509.patch
|
|||||||
Patch35: openssl-0.9.8j-version-add-engines.patch
|
Patch35: openssl-0.9.8j-version-add-engines.patch
|
||||||
Patch38: openssl-1.0.0-beta5-cipher-change.patch
|
Patch38: openssl-1.0.0-beta5-cipher-change.patch
|
||||||
# Disabled this because it uses getaddrinfo which is lacking on Windows.
|
# Disabled this because it uses getaddrinfo which is lacking on Windows.
|
||||||
#Patch39: openssl-1.0.0-beta5-ipv6-apps.patch
|
#Patch39: openssl-1.0.0b-ipv6-apps.patch
|
||||||
Patch40: openssl-1.0.0a-fips.patch
|
Patch40: openssl-1.0.0a-fips.patch
|
||||||
Patch41: openssl-1.0.0-beta3-fipscheck.patch
|
Patch41: openssl-1.0.0-beta3-fipscheck.patch
|
||||||
Patch43: openssl-1.0.0a-fipsmode.patch
|
Patch43: openssl-1.0.0a-fipsmode.patch
|
||||||
@ -76,16 +76,23 @@ Patch45: openssl-0.9.8j-env-nozlib.patch
|
|||||||
Patch47: openssl-1.0.0-beta5-readme-warning.patch
|
Patch47: openssl-1.0.0-beta5-readme-warning.patch
|
||||||
Patch49: openssl-1.0.0-beta4-algo-doc.patch
|
Patch49: openssl-1.0.0-beta4-algo-doc.patch
|
||||||
Patch50: openssl-1.0.0-beta4-dtls1-abi.patch
|
Patch50: openssl-1.0.0-beta4-dtls1-abi.patch
|
||||||
Patch51: openssl-1.0.0a-version.patch
|
Patch51: openssl-1.0.0d-version.patch
|
||||||
Patch52: openssl-1.0.0-beta4-aesni.patch
|
Patch52: openssl-1.0.0b-aesni.patch
|
||||||
Patch53: openssl-1.0.0-name-hash.patch
|
Patch53: openssl-1.0.0-name-hash.patch
|
||||||
|
Patch54: openssl-1.0.0c-speed-fips.patch
|
||||||
|
#Patch55: openssl-1.0.0c-apps-ipv6listen.patch
|
||||||
|
Patch56: openssl-1.0.0c-rsa-x931.patch
|
||||||
|
Patch57: openssl-1.0.0c-fips186-3.patch
|
||||||
|
Patch58: openssl-1.0.0c-fips-md5-allow.patch
|
||||||
|
Patch59: openssl-1.0.0c-pkcs12-fips-default.patch
|
||||||
|
Patch60: openssl-1.0.0d-apps-dgst.patch
|
||||||
# Backported fixes including security fixes
|
# Backported fixes including security fixes
|
||||||
|
|
||||||
# MinGW-specific patches.
|
# MinGW-specific patches.
|
||||||
# Rename *eay32.dll to lib*.dll
|
# Rename *eay32.dll to lib*.dll
|
||||||
Patch101: mingw32-openssl-1.0.0-beta3-libversion.patch
|
Patch101: mingw32-openssl-1.0.0-beta3-libversion.patch
|
||||||
# Fix engines/ install target after lib rename
|
# Fix engines/ install target after lib rename
|
||||||
Patch102: mingw32-openssl-1.0.0a-sfx.patch
|
Patch102: mingw32-openssl-1.0.0d-sfx.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
|
|
||||||
@ -141,7 +148,7 @@ Requires: %{name} = %{version}-%{release}
|
|||||||
Static version of the MinGW port of the OpenSSL toolkit.
|
Static version of the MinGW port of the OpenSSL toolkit.
|
||||||
|
|
||||||
|
|
||||||
%{_mingw32_debug_package}
|
%{?_mingw32_debug_package}
|
||||||
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
@ -158,14 +165,14 @@ Static version of the MinGW port of the OpenSSL toolkit.
|
|||||||
|
|
||||||
%patch23 -p1 -b .default-paths
|
%patch23 -p1 -b .default-paths
|
||||||
%patch24 -p1 -b .bad-mime
|
%patch24 -p1 -b .bad-mime
|
||||||
%patch25 -p1 -b .sslt1lib
|
%patch25 -p1 -b .manfix
|
||||||
|
|
||||||
%patch32 -p1 -b .ia64
|
%patch32 -p1 -b .ia64
|
||||||
#patch33 is applied after make test
|
#patch33 is applied after make test
|
||||||
%patch34 -p1 -b .x509
|
%patch34 -p1 -b .x509
|
||||||
%patch35 -p1 -b .version-add-engines
|
%patch35 -p1 -b .version-add-engines
|
||||||
%patch38 -p1 -b .cipher-change
|
%patch38 -p1 -b .cipher-change
|
||||||
#%patch39 -p1 -b .ipv6-apps
|
#patch39 -p1 -b .ipv6-apps
|
||||||
%patch40 -p1 -b .fips
|
%patch40 -p1 -b .fips
|
||||||
%patch41 -p1 -b .fipscheck
|
%patch41 -p1 -b .fipscheck
|
||||||
%patch43 -p1 -b .fipsmode
|
%patch43 -p1 -b .fipsmode
|
||||||
@ -177,6 +184,13 @@ Static version of the MinGW port of the OpenSSL toolkit.
|
|||||||
%patch51 -p1 -b .version
|
%patch51 -p1 -b .version
|
||||||
%patch52 -p1 -b .aesni
|
%patch52 -p1 -b .aesni
|
||||||
%patch53 -p1 -b .name-hash
|
%patch53 -p1 -b .name-hash
|
||||||
|
%patch54 -p1 -b .spfips
|
||||||
|
#patch55 -p1 -b .ipv6listen
|
||||||
|
%patch56 -p1 -b .x931
|
||||||
|
%patch57 -p1 -b .fips186-3
|
||||||
|
%patch58 -p1 -b .md5-allow
|
||||||
|
%patch59 -p1 -b .fips-default
|
||||||
|
%patch60 -p1 -b .dgst
|
||||||
|
|
||||||
%patch101 -p1 -b .mingw-libversion
|
%patch101 -p1 -b .mingw-libversion
|
||||||
%patch102 -p1 -b .mingw-sfx
|
%patch102 -p1 -b .mingw-sfx
|
||||||
@ -345,6 +359,10 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Apr 23 2011 Kalev Lember <kalev@smartlink.ee> - 1.0.0d-1
|
||||||
|
- Update to 1.0.0d
|
||||||
|
- Synced patches with Fedora native openssl-1.0.0d-2
|
||||||
|
|
||||||
* Fri Mar 04 2011 Kai Tietz <ktietz@redhat.com>
|
* Fri Mar 04 2011 Kai Tietz <ktietz@redhat.com>
|
||||||
- Fixes for CVE-2011-0014 openssl: OCSP stapling vulnerability
|
- Fixes for CVE-2011-0014 openssl: OCSP stapling vulnerability
|
||||||
|
|
||||||
|
@ -6,7 +6,7 @@ diff -up openssl-1.0.0-beta5/ssl/ssl.h.cipher-change openssl-1.0.0-beta5/ssl/ssl
|
|||||||
/* Allow initial connection to servers that don't support RI */
|
/* Allow initial connection to servers that don't support RI */
|
||||||
#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
|
#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
|
||||||
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
|
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
|
||||||
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* can break some security expectations */
|
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* no effect since 1.0.0c due to CVE-2010-4180 */
|
||||||
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
|
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
|
||||||
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
|
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
|
||||||
#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
|
#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
|
||||||
|
21
openssl-1.0.0a-manfix.patch
Normal file
21
openssl-1.0.0a-manfix.patch
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
diff -up openssl-1.0.0a/doc/apps/openssl.pod.manfix openssl-1.0.0a/doc/apps/openssl.pod
|
||||||
|
--- openssl-1.0.0a/doc/apps/openssl.pod.manfix 2010-01-21 19:46:28.000000000 +0100
|
||||||
|
+++ openssl-1.0.0a/doc/apps/openssl.pod 2010-06-30 14:24:50.000000000 +0200
|
||||||
|
@@ -287,8 +287,6 @@ SHA Digest
|
||||||
|
|
||||||
|
SHA-1 Digest
|
||||||
|
|
||||||
|
-=back
|
||||||
|
-
|
||||||
|
=item B<sha224>
|
||||||
|
|
||||||
|
SHA-224 Digest
|
||||||
|
@@ -305,6 +303,8 @@ SHA-384 Digest
|
||||||
|
|
||||||
|
SHA-512 Digest
|
||||||
|
|
||||||
|
+=back
|
||||||
|
+
|
||||||
|
=head2 ENCODING AND CIPHER COMMANDS
|
||||||
|
|
||||||
|
=over 10
|
@ -1,28 +0,0 @@
|
|||||||
--- openssl-1.0.0a/ssl/t1_lib.c 25 Nov 2010 12:28:28 -0000 1.64.2.17
|
|
||||||
+++ openssl-1.0.0a/ssl/t1_lib.c 8 Feb 2011 00:00:00 -0000
|
|
||||||
@@ -917,6 +917,7 @@
|
|
||||||
}
|
|
||||||
n2s(data, idsize);
|
|
||||||
dsize -= 2 + idsize;
|
|
||||||
+ size -= 2 + idsize;
|
|
||||||
if (dsize < 0)
|
|
||||||
{
|
|
||||||
*al = SSL_AD_DECODE_ERROR;
|
|
||||||
@@ -955,9 +956,14 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Read in request_extensions */
|
|
||||||
+ if (size < 2)
|
|
||||||
+ {
|
|
||||||
+ *al = SSL_AD_DECODE_ERROR;
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
n2s(data,dsize);
|
|
||||||
size -= 2;
|
|
||||||
- if (dsize > size)
|
|
||||||
+ if (dsize != size)
|
|
||||||
{
|
|
||||||
*al = SSL_AD_DECODE_ERROR;
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
|
|
@ -1,13 +0,0 @@
|
|||||||
diff -up openssl-1.0.0a/crypto/opensslv.h.version openssl-1.0.0a/crypto/opensslv.h
|
|
||||||
--- openssl-1.0.0a/crypto/opensslv.h.version 2010-06-04 13:28:52.000000000 +0200
|
|
||||||
+++ openssl-1.0.0a/crypto/opensslv.h 2010-06-04 13:29:42.000000000 +0200
|
|
||||||
@@ -25,7 +25,8 @@
|
|
||||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
|
||||||
* major minor fix final patch/beta)
|
|
||||||
*/
|
|
||||||
-#define OPENSSL_VERSION_NUMBER 0x1000001fL
|
|
||||||
+/* we have to keep the version number to not break the abi */
|
|
||||||
+#define OPENSSL_VERSION_NUMBER 0x10000003L
|
|
||||||
#ifdef OPENSSL_FIPS
|
|
||||||
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a-fips 1 Jun 2010"
|
|
||||||
#else
|
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.0.0-beta4/Configure.aesni openssl-1.0.0-beta4/Configure
|
diff -up openssl-1.0.0b/Configure.aesni openssl-1.0.0b/Configure
|
||||||
--- openssl-1.0.0-beta4/Configure.aesni 2010-01-07 23:38:31.000000000 +0100
|
--- openssl-1.0.0b/Configure.aesni 2010-11-16 17:33:22.000000000 +0100
|
||||||
+++ openssl-1.0.0-beta4/Configure 2010-01-12 22:18:06.000000000 +0100
|
+++ openssl-1.0.0b/Configure 2010-11-16 17:35:15.000000000 +0100
|
||||||
@@ -123,11 +123,11 @@ my $tlib="-lnsl -lsocket";
|
@@ -123,11 +123,11 @@ my $tlib="-lnsl -lsocket";
|
||||||
my $bits1="THIRTY_TWO_BIT ";
|
my $bits1="THIRTY_TWO_BIT ";
|
||||||
my $bits2="SIXTY_FOUR_BIT ";
|
my $bits2="SIXTY_FOUR_BIT ";
|
||||||
@ -21,10 +21,10 @@ diff -up openssl-1.0.0-beta4/Configure.aesni openssl-1.0.0-beta4/Configure
|
|||||||
"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
|
"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
|
||||||
-"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
|
-"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
|
||||||
+"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
|
+"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
|
||||||
|
"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
|
||||||
|
"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
|
||||||
# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
|
# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
|
||||||
# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
|
@@ -1419,6 +1419,7 @@ if ($rmd160_obj =~ /\.o$/)
|
||||||
"VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
|
|
||||||
@@ -1410,6 +1410,7 @@ if ($rmd160_obj =~ /\.o$/)
|
|
||||||
if ($aes_obj =~ /\.o$/)
|
if ($aes_obj =~ /\.o$/)
|
||||||
{
|
{
|
||||||
$cflags.=" -DAES_ASM";
|
$cflags.=" -DAES_ASM";
|
||||||
@ -32,9 +32,9 @@ diff -up openssl-1.0.0-beta4/Configure.aesni openssl-1.0.0-beta4/Configure
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$aes_obj=$aes_enc;
|
$aes_obj=$aes_enc;
|
||||||
diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl.aesni openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl
|
diff -up openssl-1.0.0b/crypto/aes/asm/aesni-x86.pl.aesni openssl-1.0.0b/crypto/aes/asm/aesni-x86.pl
|
||||||
--- openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl.aesni 2010-01-12 22:18:06.000000000 +0100
|
--- openssl-1.0.0b/crypto/aes/asm/aesni-x86.pl.aesni 2010-11-16 17:33:23.000000000 +0100
|
||||||
+++ openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl 2010-01-12 22:18:06.000000000 +0100
|
+++ openssl-1.0.0b/crypto/aes/asm/aesni-x86.pl 2010-11-16 17:33:23.000000000 +0100
|
||||||
@@ -0,0 +1,765 @@
|
@@ -0,0 +1,765 @@
|
||||||
+#!/usr/bin/env perl
|
+#!/usr/bin/env perl
|
||||||
+
|
+
|
||||||
@ -801,9 +801,9 @@ diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl.aesni openssl-1.0.0-bet
|
|||||||
+&asciz("AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>");
|
+&asciz("AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>");
|
||||||
+
|
+
|
||||||
+&asm_finish();
|
+&asm_finish();
|
||||||
diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl.aesni openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl
|
diff -up openssl-1.0.0b/crypto/aes/asm/aesni-x86_64.pl.aesni openssl-1.0.0b/crypto/aes/asm/aesni-x86_64.pl
|
||||||
--- openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl.aesni 2010-01-12 22:18:06.000000000 +0100
|
--- openssl-1.0.0b/crypto/aes/asm/aesni-x86_64.pl.aesni 2010-11-16 17:33:23.000000000 +0100
|
||||||
+++ openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl 2010-01-12 22:18:06.000000000 +0100
|
+++ openssl-1.0.0b/crypto/aes/asm/aesni-x86_64.pl 2010-11-16 17:33:23.000000000 +0100
|
||||||
@@ -0,0 +1,991 @@
|
@@ -0,0 +1,991 @@
|
||||||
+#!/usr/bin/env perl
|
+#!/usr/bin/env perl
|
||||||
+#
|
+#
|
||||||
@ -1796,9 +1796,9 @@ diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl.aesni openssl-1.0.0-
|
|||||||
+print $code;
|
+print $code;
|
||||||
+
|
+
|
||||||
+close STDOUT;
|
+close STDOUT;
|
||||||
diff -up openssl-1.0.0-beta4/crypto/aes/Makefile.aesni openssl-1.0.0-beta4/crypto/aes/Makefile
|
diff -up openssl-1.0.0b/crypto/aes/Makefile.aesni openssl-1.0.0b/crypto/aes/Makefile
|
||||||
--- openssl-1.0.0-beta4/crypto/aes/Makefile.aesni 2008-12-23 12:33:00.000000000 +0100
|
--- openssl-1.0.0b/crypto/aes/Makefile.aesni 2008-12-23 12:33:00.000000000 +0100
|
||||||
+++ openssl-1.0.0-beta4/crypto/aes/Makefile 2010-01-12 22:18:06.000000000 +0100
|
+++ openssl-1.0.0b/crypto/aes/Makefile 2010-11-16 17:33:23.000000000 +0100
|
||||||
@@ -50,9 +50,13 @@ aes-ia64.s: asm/aes-ia64.S
|
@@ -50,9 +50,13 @@ aes-ia64.s: asm/aes-ia64.S
|
||||||
|
|
||||||
aes-586.s: asm/aes-586.pl ../perlasm/x86asm.pl
|
aes-586.s: asm/aes-586.pl ../perlasm/x86asm.pl
|
||||||
@ -1813,9 +1813,9 @@ diff -up openssl-1.0.0-beta4/crypto/aes/Makefile.aesni openssl-1.0.0-beta4/crypt
|
|||||||
|
|
||||||
aes-sparcv9.s: asm/aes-sparcv9.pl
|
aes-sparcv9.s: asm/aes-sparcv9.pl
|
||||||
$(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
|
$(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
|
||||||
diff -up openssl-1.0.0-beta4/crypto/engine/eng_aesni.c.aesni openssl-1.0.0-beta4/crypto/engine/eng_aesni.c
|
diff -up openssl-1.0.0b/crypto/engine/eng_aesni.c.aesni openssl-1.0.0b/crypto/engine/eng_aesni.c
|
||||||
--- openssl-1.0.0-beta4/crypto/engine/eng_aesni.c.aesni 2010-01-12 22:18:06.000000000 +0100
|
--- openssl-1.0.0b/crypto/engine/eng_aesni.c.aesni 2010-11-16 17:33:23.000000000 +0100
|
||||||
+++ openssl-1.0.0-beta4/crypto/engine/eng_aesni.c 2010-01-12 22:18:06.000000000 +0100
|
+++ openssl-1.0.0b/crypto/engine/eng_aesni.c 2010-11-16 17:33:23.000000000 +0100
|
||||||
@@ -0,0 +1,413 @@
|
@@ -0,0 +1,413 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Support for Intel AES-NI intruction set
|
+ * Support for Intel AES-NI intruction set
|
||||||
@ -2230,9 +2230,9 @@ diff -up openssl-1.0.0-beta4/crypto/engine/eng_aesni.c.aesni openssl-1.0.0-beta4
|
|||||||
+
|
+
|
||||||
+#endif /* COMPILE_HW_AESNI */
|
+#endif /* COMPILE_HW_AESNI */
|
||||||
+#endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */
|
+#endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */
|
||||||
diff -up openssl-1.0.0-beta4/crypto/engine/eng_all.c.aesni openssl-1.0.0-beta4/crypto/engine/eng_all.c
|
diff -up openssl-1.0.0b/crypto/engine/eng_all.c.aesni openssl-1.0.0b/crypto/engine/eng_all.c
|
||||||
--- openssl-1.0.0-beta4/crypto/engine/eng_all.c.aesni 2010-01-07 23:38:31.000000000 +0100
|
--- openssl-1.0.0b/crypto/engine/eng_all.c.aesni 2010-11-16 17:33:22.000000000 +0100
|
||||||
+++ openssl-1.0.0-beta4/crypto/engine/eng_all.c 2010-01-12 22:18:06.000000000 +0100
|
+++ openssl-1.0.0b/crypto/engine/eng_all.c 2010-11-16 17:33:23.000000000 +0100
|
||||||
@@ -85,6 +85,9 @@ void ENGINE_load_builtin_engines(void)
|
@@ -85,6 +85,9 @@ void ENGINE_load_builtin_engines(void)
|
||||||
#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
|
#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
|
||||||
ENGINE_load_cryptodev();
|
ENGINE_load_cryptodev();
|
||||||
@ -2243,10 +2243,10 @@ diff -up openssl-1.0.0-beta4/crypto/engine/eng_all.c.aesni openssl-1.0.0-beta4/c
|
|||||||
ENGINE_load_dynamic();
|
ENGINE_load_dynamic();
|
||||||
#ifndef OPENSSL_NO_STATIC_ENGINE
|
#ifndef OPENSSL_NO_STATIC_ENGINE
|
||||||
#ifndef OPENSSL_NO_HW
|
#ifndef OPENSSL_NO_HW
|
||||||
diff -up openssl-1.0.0-beta4/crypto/engine/engine.h.aesni openssl-1.0.0-beta4/crypto/engine/engine.h
|
diff -up openssl-1.0.0b/crypto/engine/engine.h.aesni openssl-1.0.0b/crypto/engine/engine.h
|
||||||
--- openssl-1.0.0-beta4/crypto/engine/engine.h.aesni 2010-01-07 23:38:30.000000000 +0100
|
--- openssl-1.0.0b/crypto/engine/engine.h.aesni 2010-11-16 17:33:22.000000000 +0100
|
||||||
+++ openssl-1.0.0-beta4/crypto/engine/engine.h 2010-01-12 22:18:06.000000000 +0100
|
+++ openssl-1.0.0b/crypto/engine/engine.h 2010-11-16 17:33:23.000000000 +0100
|
||||||
@@ -342,6 +342,7 @@ void ENGINE_load_gost(void);
|
@@ -338,6 +338,7 @@ void ENGINE_load_gost(void);
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
void ENGINE_load_cryptodev(void);
|
void ENGINE_load_cryptodev(void);
|
||||||
@ -2254,9 +2254,9 @@ diff -up openssl-1.0.0-beta4/crypto/engine/engine.h.aesni openssl-1.0.0-beta4/cr
|
|||||||
void ENGINE_load_builtin_engines(void);
|
void ENGINE_load_builtin_engines(void);
|
||||||
|
|
||||||
/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
|
/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
|
||||||
diff -up openssl-1.0.0-beta4/crypto/engine/Makefile.aesni openssl-1.0.0-beta4/crypto/engine/Makefile
|
diff -up openssl-1.0.0b/crypto/engine/Makefile.aesni openssl-1.0.0b/crypto/engine/Makefile
|
||||||
--- openssl-1.0.0-beta4/crypto/engine/Makefile.aesni 2008-06-04 13:01:29.000000000 +0200
|
--- openssl-1.0.0b/crypto/engine/Makefile.aesni 2010-11-15 15:44:49.000000000 +0100
|
||||||
+++ openssl-1.0.0-beta4/crypto/engine/Makefile 2010-01-12 22:18:06.000000000 +0100
|
+++ openssl-1.0.0b/crypto/engine/Makefile 2010-11-16 17:33:23.000000000 +0100
|
||||||
@@ -21,12 +21,14 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c e
|
@@ -21,12 +21,14 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c e
|
||||||
eng_table.c eng_pkey.c eng_fat.c eng_all.c \
|
eng_table.c eng_pkey.c eng_fat.c eng_all.c \
|
||||||
tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
|
tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
|
||||||
@ -2274,9 +2274,9 @@ diff -up openssl-1.0.0-beta4/crypto/engine/Makefile.aesni openssl-1.0.0-beta4/cr
|
|||||||
|
|
||||||
SRC= $(LIBSRC)
|
SRC= $(LIBSRC)
|
||||||
|
|
||||||
diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni openssl-1.0.0-beta4/crypto/evp/evp_err.c
|
diff -up openssl-1.0.0b/crypto/evp/evp_err.c.aesni openssl-1.0.0b/crypto/evp/evp_err.c
|
||||||
--- openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni 2010-01-07 23:38:31.000000000 +0100
|
--- openssl-1.0.0b/crypto/evp/evp_err.c.aesni 2010-11-16 17:33:22.000000000 +0100
|
||||||
+++ openssl-1.0.0-beta4/crypto/evp/evp_err.c 2010-01-12 22:18:06.000000000 +0100
|
+++ openssl-1.0.0b/crypto/evp/evp_err.c 2010-11-16 17:33:23.000000000 +0100
|
||||||
@@ -1,6 +1,6 @@
|
@@ -1,6 +1,6 @@
|
||||||
/* crypto/evp/evp_err.c */
|
/* crypto/evp/evp_err.c */
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
@ -2293,7 +2293,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni openssl-1.0.0-beta4/cryp
|
|||||||
{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
|
{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
|
||||||
{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
|
{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
|
||||||
{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
|
{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
|
||||||
@@ -85,7 +86,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
|
@@ -86,7 +87,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
|
||||||
{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
|
{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
|
||||||
{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
|
{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
|
||||||
{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
|
{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
|
||||||
@ -2302,10 +2302,10 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni openssl-1.0.0-beta4/cryp
|
|||||||
{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
|
{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
|
||||||
{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
|
{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
|
||||||
{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"},
|
{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"},
|
||||||
diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.aesni openssl-1.0.0-beta4/crypto/evp/evp.h
|
diff -up openssl-1.0.0b/crypto/evp/evp.h.aesni openssl-1.0.0b/crypto/evp/evp.h
|
||||||
--- openssl-1.0.0-beta4/crypto/evp/evp.h.aesni 2010-01-07 23:38:31.000000000 +0100
|
--- openssl-1.0.0b/crypto/evp/evp.h.aesni 2010-11-16 17:33:22.000000000 +0100
|
||||||
+++ openssl-1.0.0-beta4/crypto/evp/evp.h 2010-01-12 22:18:06.000000000 +0100
|
+++ openssl-1.0.0b/crypto/evp/evp.h 2010-11-16 17:33:23.000000000 +0100
|
||||||
@@ -1162,6 +1162,7 @@ void ERR_load_EVP_strings(void);
|
@@ -1167,6 +1167,7 @@ void ERR_load_EVP_strings(void);
|
||||||
/* Error codes for the EVP functions. */
|
/* Error codes for the EVP functions. */
|
||||||
|
|
||||||
/* Function codes. */
|
/* Function codes. */
|
||||||
@ -2313,9 +2313,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.aesni openssl-1.0.0-beta4/crypto/e
|
|||||||
#define EVP_F_AES_INIT_KEY 133
|
#define EVP_F_AES_INIT_KEY 133
|
||||||
#define EVP_F_CAMELLIA_INIT_KEY 159
|
#define EVP_F_CAMELLIA_INIT_KEY 159
|
||||||
#define EVP_F_D2I_PKEY 100
|
#define EVP_F_D2I_PKEY 100
|
||||||
diff -up openssl-1.0.0-beta4/test/test_aesni.aesni openssl-1.0.0-beta4/test/test_aesni
|
diff -up openssl-1.0.0b/test/test_aesni.aesni openssl-1.0.0b/test/test_aesni
|
||||||
--- openssl-1.0.0-beta4/test/test_aesni.aesni 2010-01-12 22:18:06.000000000 +0100
|
--- openssl-1.0.0b/test/test_aesni.aesni 2010-11-16 17:33:23.000000000 +0100
|
||||||
+++ openssl-1.0.0-beta4/test/test_aesni 2010-01-12 22:18:06.000000000 +0100
|
+++ openssl-1.0.0b/test/test_aesni 2010-11-16 17:33:23.000000000 +0100
|
||||||
@@ -0,0 +1,69 @@
|
@@ -0,0 +1,69 @@
|
||||||
+#!/bin/sh
|
+#!/bin/sh
|
||||||
+
|
+
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.0.0-beta5/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta5/apps/s_apps.h
|
diff -up openssl-1.0.0b/apps/s_apps.h.ipv6-apps openssl-1.0.0b/apps/s_apps.h
|
||||||
--- openssl-1.0.0-beta5/apps/s_apps.h.ipv6-apps 2010-02-03 09:43:49.000000000 +0100
|
--- openssl-1.0.0b/apps/s_apps.h.ipv6-apps 2010-11-16 17:19:29.000000000 +0100
|
||||||
+++ openssl-1.0.0-beta5/apps/s_apps.h 2010-02-03 09:43:49.000000000 +0100
|
+++ openssl-1.0.0b/apps/s_apps.h 2010-11-16 17:19:29.000000000 +0100
|
||||||
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
|
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
|
||||||
#define PORT_STR "4433"
|
#define PORT_STR "4433"
|
||||||
#define PROTOCOL "tcp"
|
#define PROTOCOL "tcp"
|
||||||
@ -23,9 +23,9 @@ diff -up openssl-1.0.0-beta5/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta5/apps/s_
|
|||||||
|
|
||||||
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
|
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
|
||||||
int argi, long argl, long ret);
|
int argi, long argl, long ret);
|
||||||
diff -up openssl-1.0.0-beta5/apps/s_client.c.ipv6-apps openssl-1.0.0-beta5/apps/s_client.c
|
diff -up openssl-1.0.0b/apps/s_client.c.ipv6-apps openssl-1.0.0b/apps/s_client.c
|
||||||
--- openssl-1.0.0-beta5/apps/s_client.c.ipv6-apps 2010-02-03 09:43:49.000000000 +0100
|
--- openssl-1.0.0b/apps/s_client.c.ipv6-apps 2010-11-16 17:19:29.000000000 +0100
|
||||||
+++ openssl-1.0.0-beta5/apps/s_client.c 2010-02-03 09:43:49.000000000 +0100
|
+++ openssl-1.0.0b/apps/s_client.c 2010-11-16 17:19:29.000000000 +0100
|
||||||
@@ -389,7 +389,7 @@ int MAIN(int argc, char **argv)
|
@@ -389,7 +389,7 @@ int MAIN(int argc, char **argv)
|
||||||
int cbuf_len,cbuf_off;
|
int cbuf_len,cbuf_off;
|
||||||
int sbuf_len,sbuf_off;
|
int sbuf_len,sbuf_off;
|
||||||
@ -60,9 +60,9 @@ diff -up openssl-1.0.0-beta5/apps/s_client.c.ipv6-apps openssl-1.0.0-beta5/apps/
|
|||||||
{
|
{
|
||||||
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
|
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
|
||||||
SHUTDOWN(s);
|
SHUTDOWN(s);
|
||||||
diff -up openssl-1.0.0-beta5/apps/s_server.c.ipv6-apps openssl-1.0.0-beta5/apps/s_server.c
|
diff -up openssl-1.0.0b/apps/s_server.c.ipv6-apps openssl-1.0.0b/apps/s_server.c
|
||||||
--- openssl-1.0.0-beta5/apps/s_server.c.ipv6-apps 2010-02-03 09:43:49.000000000 +0100
|
--- openssl-1.0.0b/apps/s_server.c.ipv6-apps 2010-11-16 17:19:29.000000000 +0100
|
||||||
+++ openssl-1.0.0-beta5/apps/s_server.c 2010-02-03 09:43:49.000000000 +0100
|
+++ openssl-1.0.0b/apps/s_server.c 2010-11-16 17:19:29.000000000 +0100
|
||||||
@@ -838,7 +838,7 @@ int MAIN(int argc, char *argv[])
|
@@ -838,7 +838,7 @@ int MAIN(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
X509_VERIFY_PARAM *vpm = NULL;
|
X509_VERIFY_PARAM *vpm = NULL;
|
||||||
@ -94,9 +94,9 @@ diff -up openssl-1.0.0-beta5/apps/s_server.c.ipv6-apps openssl-1.0.0-beta5/apps/
|
|||||||
print_stats(bio_s_out,ctx);
|
print_stats(bio_s_out,ctx);
|
||||||
ret=0;
|
ret=0;
|
||||||
end:
|
end:
|
||||||
diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/s_socket.c
|
diff -up openssl-1.0.0b/apps/s_socket.c.ipv6-apps openssl-1.0.0b/apps/s_socket.c
|
||||||
--- openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps 2009-08-26 13:21:50.000000000 +0200
|
--- openssl-1.0.0b/apps/s_socket.c.ipv6-apps 2010-07-05 13:03:22.000000000 +0200
|
||||||
+++ openssl-1.0.0-beta5/apps/s_socket.c 2010-02-03 10:00:30.000000000 +0100
|
+++ openssl-1.0.0b/apps/s_socket.c 2010-11-16 17:27:18.000000000 +0100
|
||||||
@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
|
@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
|
||||||
static void ssl_sock_cleanup(void);
|
static void ssl_sock_cleanup(void);
|
||||||
#endif
|
#endif
|
||||||
@ -226,7 +226,7 @@ diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/
|
|||||||
{
|
{
|
||||||
- int ret=0;
|
- int ret=0;
|
||||||
- struct sockaddr_in server;
|
- struct sockaddr_in server;
|
||||||
- int s= -1,i;
|
- int s= -1;
|
||||||
+ struct addrinfo *res, *res0, hints;
|
+ struct addrinfo *res, *res0, hints;
|
||||||
+ char * failed_call = NULL;
|
+ char * failed_call = NULL;
|
||||||
+ char port_name[8];
|
+ char port_name[8];
|
||||||
@ -277,7 +277,7 @@ diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/
|
|||||||
#if defined SOL_SOCKET && defined SO_REUSEADDR
|
#if defined SOL_SOCKET && defined SO_REUSEADDR
|
||||||
{
|
{
|
||||||
int j = 1;
|
int j = 1;
|
||||||
@@ -357,36 +372,39 @@ static int init_server_long(int *sock, i
|
@@ -357,35 +372,39 @@ static int init_server_long(int *sock, i
|
||||||
(void *) &j, sizeof j);
|
(void *) &j, sizeof j);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -294,7 +294,6 @@ diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/
|
|||||||
}
|
}
|
||||||
- /* Make it 128 for linux */
|
- /* Make it 128 for linux */
|
||||||
- if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
|
- if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
|
||||||
- i=0;
|
|
||||||
- *sock=s;
|
- *sock=s;
|
||||||
- ret=1;
|
- ret=1;
|
||||||
-err:
|
-err:
|
||||||
@ -328,16 +327,15 @@ diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/
|
|||||||
|
|
||||||
static int do_accept(int acc_sock, int *sock, char **host)
|
static int do_accept(int acc_sock, int *sock, char **host)
|
||||||
{
|
{
|
||||||
- int ret,i;
|
|
||||||
- struct hostent *h1,*h2;
|
|
||||||
- static struct sockaddr_in from;
|
|
||||||
+ static struct sockaddr_storage from;
|
+ static struct sockaddr_storage from;
|
||||||
+ char buffer[NI_MAXHOST];
|
+ char buffer[NI_MAXHOST];
|
||||||
+ int ret;
|
int ret;
|
||||||
|
- struct hostent *h1,*h2;
|
||||||
|
- static struct sockaddr_in from;
|
||||||
int len;
|
int len;
|
||||||
/* struct linger ling; */
|
/* struct linger ling; */
|
||||||
|
|
||||||
@@ -432,136 +450,58 @@ redoit:
|
@@ -432,135 +451,58 @@ redoit:
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if (host == NULL) goto end;
|
if (host == NULL) goto end;
|
||||||
@ -376,7 +374,6 @@ diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/
|
|||||||
- BIO_printf(bio_err,"gethostbyname failure\n");
|
- BIO_printf(bio_err,"gethostbyname failure\n");
|
||||||
- return(0);
|
- return(0);
|
||||||
- }
|
- }
|
||||||
- i=0;
|
|
||||||
- if (h2->h_addrtype != AF_INET)
|
- if (h2->h_addrtype != AF_INET)
|
||||||
- {
|
- {
|
||||||
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
|
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
|
57
openssl-1.0.0c-apps-ipv6listen.patch
Normal file
57
openssl-1.0.0c-apps-ipv6listen.patch
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
diff -up openssl-1.0.0c/apps/s_socket.c.ipv6listen openssl-1.0.0c/apps/s_socket.c
|
||||||
|
--- openssl-1.0.0c/apps/s_socket.c.ipv6listen 2011-01-24 16:44:18.000000000 +0100
|
||||||
|
+++ openssl-1.0.0c/apps/s_socket.c 2011-01-24 16:56:25.000000000 +0100
|
||||||
|
@@ -335,15 +335,16 @@ int do_server(char *port, int type, int
|
||||||
|
|
||||||
|
static int init_server(int *sock, char *port, int type)
|
||||||
|
{
|
||||||
|
- struct addrinfo *res, *res0, hints;
|
||||||
|
+ struct addrinfo *res, *res0 = NULL, hints;
|
||||||
|
char * failed_call = NULL;
|
||||||
|
- char port_name[8];
|
||||||
|
int s;
|
||||||
|
int e;
|
||||||
|
|
||||||
|
if (!ssl_sock_init()) return(0);
|
||||||
|
|
||||||
|
memset(&hints, '\0', sizeof(hints));
|
||||||
|
+ hints.ai_family = AF_INET6;
|
||||||
|
+tryipv4:
|
||||||
|
hints.ai_socktype = type;
|
||||||
|
hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
|
||||||
|
|
||||||
|
@@ -365,6 +366,12 @@ static int init_server(int *sock, char *
|
||||||
|
failed_call = "socket";
|
||||||
|
goto nextres;
|
||||||
|
}
|
||||||
|
+ if (hints.ai_family == AF_INET6)
|
||||||
|
+ {
|
||||||
|
+ int j = 0;
|
||||||
|
+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
|
||||||
|
+ (void *) &j, sizeof j);
|
||||||
|
+ }
|
||||||
|
#if defined SOL_SOCKET && defined SO_REUSEADDR
|
||||||
|
{
|
||||||
|
int j = 1;
|
||||||
|
@@ -392,9 +399,19 @@ nextres:
|
||||||
|
close(s);
|
||||||
|
res = res->ai_next;
|
||||||
|
}
|
||||||
|
- freeaddrinfo(res0);
|
||||||
|
+ if (res0)
|
||||||
|
+ freeaddrinfo(res0);
|
||||||
|
|
||||||
|
- if (s == INVALID_SOCKET) { perror("socket"); return(0); }
|
||||||
|
+ if (s == INVALID_SOCKET)
|
||||||
|
+ {
|
||||||
|
+ if (hints.ai_family == AF_INET6)
|
||||||
|
+ {
|
||||||
|
+ hints.ai_family = AF_INET;
|
||||||
|
+ goto tryipv4;
|
||||||
|
+ }
|
||||||
|
+ perror("socket");
|
||||||
|
+ return(0);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
perror(failed_call);
|
||||||
|
return(0);
|
20
openssl-1.0.0c-fips-md5-allow.patch
Normal file
20
openssl-1.0.0c-fips-md5-allow.patch
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
diff -up openssl-1.0.0c/crypto/md5/md5_dgst.c.md5-allow openssl-1.0.0c/crypto/md5/md5_dgst.c
|
||||||
|
--- openssl-1.0.0c/crypto/md5/md5_dgst.c.md5-allow 2011-02-03 19:53:28.000000000 +0100
|
||||||
|
+++ openssl-1.0.0c/crypto/md5/md5_dgst.c 2011-02-03 20:33:14.000000000 +0100
|
||||||
|
@@ -75,7 +75,15 @@ const char MD5_version[]="MD5" OPENSSL_V
|
||||||
|
#define INIT_DATA_C (unsigned long)0x98badcfeL
|
||||||
|
#define INIT_DATA_D (unsigned long)0x10325476L
|
||||||
|
|
||||||
|
-FIPS_NON_FIPS_MD_Init(MD5)
|
||||||
|
+int MD5_Init(MD5_CTX *c)
|
||||||
|
+#ifdef OPENSSL_FIPS
|
||||||
|
+ {
|
||||||
|
+ if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
|
||||||
|
+ FIPS_BAD_ALGORITHM(alg)
|
||||||
|
+ return private_MD5_Init(c);
|
||||||
|
+ }
|
||||||
|
+int private_MD5_Init(MD5_CTX *c)
|
||||||
|
+#endif
|
||||||
|
{
|
||||||
|
memset (c,0,sizeof(*c));
|
||||||
|
c->A=INIT_DATA_A;
|
384
openssl-1.0.0c-fips186-3.patch
Normal file
384
openssl-1.0.0c-fips186-3.patch
Normal file
@ -0,0 +1,384 @@
|
|||||||
|
diff -up openssl-1.0.0c/crypto/dsa/dsa_gen.c.fips186-3 openssl-1.0.0c/crypto/dsa/dsa_gen.c
|
||||||
|
--- openssl-1.0.0c/crypto/dsa/dsa_gen.c.fips186-3 2011-02-03 21:04:14.000000000 +0100
|
||||||
|
+++ openssl-1.0.0c/crypto/dsa/dsa_gen.c 2011-02-04 08:54:42.000000000 +0100
|
||||||
|
@@ -120,11 +120,11 @@ int dsa_builtin_paramgen(DSA *ret, size_
|
||||||
|
int ok=0;
|
||||||
|
unsigned char seed[SHA256_DIGEST_LENGTH];
|
||||||
|
unsigned char md[SHA256_DIGEST_LENGTH];
|
||||||
|
- unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH];
|
||||||
|
+ unsigned char buf[SHA256_DIGEST_LENGTH];
|
||||||
|
BIGNUM *r0,*W,*X,*c,*test;
|
||||||
|
BIGNUM *g=NULL,*q=NULL,*p=NULL;
|
||||||
|
BN_MONT_CTX *mont=NULL;
|
||||||
|
- int i, k, n=0, m=0, qsize = qbits >> 3;
|
||||||
|
+ int i, k, b, n=0, m=0, qsize = qbits >> 3;
|
||||||
|
int counter=0;
|
||||||
|
int r=0;
|
||||||
|
BN_CTX *ctx=NULL;
|
||||||
|
@@ -138,9 +138,13 @@ int dsa_builtin_paramgen(DSA *ret, size_
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (FIPS_mode() && (bits < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
|
||||||
|
+ if (FIPS_mode() &&
|
||||||
|
+ (bits != 1024 || qbits != 160) &&
|
||||||
|
+ (bits != 2048 || qbits != 224) &&
|
||||||
|
+ (bits != 2048 || qbits != 256) &&
|
||||||
|
+ (bits != 3072 || qbits != 256))
|
||||||
|
{
|
||||||
|
- DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_TOO_SMALL);
|
||||||
|
+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_INVALID);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
@@ -151,22 +155,25 @@ int dsa_builtin_paramgen(DSA *ret, size_
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
if (evpmd == NULL)
|
||||||
|
- /* use SHA1 as default */
|
||||||
|
- evpmd = EVP_sha1();
|
||||||
|
+ {
|
||||||
|
+ if (qbits <= 160)
|
||||||
|
+ evpmd = EVP_sha1();
|
||||||
|
+ else if (qbits <= 224)
|
||||||
|
+ evpmd = EVP_sha224();
|
||||||
|
+ else
|
||||||
|
+ evpmd = EVP_sha256();
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (bits < 512)
|
||||||
|
bits = 512;
|
||||||
|
|
||||||
|
bits = (bits+63)/64*64;
|
||||||
|
|
||||||
|
- /* NB: seed_len == 0 is special case: copy generated seed to
|
||||||
|
- * seed_in if it is not NULL.
|
||||||
|
- */
|
||||||
|
if (seed_len && (seed_len < (size_t)qsize))
|
||||||
|
seed_in = NULL; /* seed buffer too small -- ignore */
|
||||||
|
if (seed_len > (size_t)qsize)
|
||||||
|
seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
|
||||||
|
- * but our internal buffers are restricted to 160 bits*/
|
||||||
|
+ * but our internal buffers are restricted to 256 bits*/
|
||||||
|
if (seed_in != NULL)
|
||||||
|
memcpy(seed, seed_in, seed_len);
|
||||||
|
|
||||||
|
@@ -189,13 +196,18 @@ int dsa_builtin_paramgen(DSA *ret, size_
|
||||||
|
if (!BN_lshift(test,BN_value_one(),bits-1))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
+ /* step 3 n = \lceil bits / qbits \rceil - 1 */
|
||||||
|
+ n = (bits+qbits-1)/qbits - 1;
|
||||||
|
+ /* step 4 b = bits - 1 - n * qbits */
|
||||||
|
+ b = bits - 1 - n*qbits;
|
||||||
|
+
|
||||||
|
for (;;)
|
||||||
|
{
|
||||||
|
for (;;) /* find q */
|
||||||
|
{
|
||||||
|
int seed_is_random;
|
||||||
|
|
||||||
|
- /* step 1 */
|
||||||
|
+ /* step 5 generate seed */
|
||||||
|
if(!BN_GENCB_call(cb, 0, m++))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
@@ -210,28 +222,17 @@ int dsa_builtin_paramgen(DSA *ret, size_
|
||||||
|
seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
|
||||||
|
}
|
||||||
|
memcpy(buf , seed, qsize);
|
||||||
|
- memcpy(buf2, seed, qsize);
|
||||||
|
- /* precompute "SEED + 1" for step 7: */
|
||||||
|
- for (i = qsize-1; i >= 0; i--)
|
||||||
|
- {
|
||||||
|
- buf[i]++;
|
||||||
|
- if (buf[i] != 0)
|
||||||
|
- break;
|
||||||
|
- }
|
||||||
|
|
||||||
|
- /* step 2 */
|
||||||
|
+ /* step 6 U = hash(seed) */
|
||||||
|
EVP_Digest(seed, qsize, md, NULL, evpmd, NULL);
|
||||||
|
- EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL);
|
||||||
|
- for (i = 0; i < qsize; i++)
|
||||||
|
- md[i]^=buf2[i];
|
||||||
|
|
||||||
|
- /* step 3 */
|
||||||
|
+ /* step 7 q = 2^(qbits-1) + U + 1 - (U mod 2) */
|
||||||
|
md[0] |= 0x80;
|
||||||
|
md[qsize-1] |= 0x01;
|
||||||
|
if (!BN_bin2bn(md, qsize, q))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
- /* step 4 */
|
||||||
|
+ /* step 8 test for prime (64 round of Rabin-Miller) */
|
||||||
|
r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
|
||||||
|
seed_is_random, cb);
|
||||||
|
if (r > 0)
|
||||||
|
@@ -239,27 +240,22 @@ int dsa_builtin_paramgen(DSA *ret, size_
|
||||||
|
if (r != 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
- /* do a callback call */
|
||||||
|
- /* step 5 */
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!BN_GENCB_call(cb, 2, 0)) goto err;
|
||||||
|
if(!BN_GENCB_call(cb, 3, 0)) goto err;
|
||||||
|
|
||||||
|
- /* step 6 */
|
||||||
|
+ /* step 11 */
|
||||||
|
counter=0;
|
||||||
|
- /* "offset = 2" */
|
||||||
|
-
|
||||||
|
- n=(bits-1)/160;
|
||||||
|
+ /* "offset = 1" */
|
||||||
|
|
||||||
|
for (;;)
|
||||||
|
{
|
||||||
|
if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
- /* step 7 */
|
||||||
|
+ /* step 11.1, 11.2 obtain W */
|
||||||
|
BN_zero(W);
|
||||||
|
- /* now 'buf' contains "SEED + offset - 1" */
|
||||||
|
for (k=0; k<=n; k++)
|
||||||
|
{
|
||||||
|
/* obtain "SEED + offset + k" by incrementing: */
|
||||||
|
@@ -272,28 +268,30 @@ int dsa_builtin_paramgen(DSA *ret, size_
|
||||||
|
|
||||||
|
EVP_Digest(buf, qsize, md ,NULL, evpmd, NULL);
|
||||||
|
|
||||||
|
- /* step 8 */
|
||||||
|
if (!BN_bin2bn(md, qsize, r0))
|
||||||
|
goto err;
|
||||||
|
- if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err;
|
||||||
|
+ if (k == n)
|
||||||
|
+ BN_mask_bits(r0,b);
|
||||||
|
+ if (!BN_lshift(r0,r0,qbits*k)) goto err;
|
||||||
|
if (!BN_add(W,W,r0)) goto err;
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* more of step 8 */
|
||||||
|
- if (!BN_mask_bits(W,bits-1)) goto err;
|
||||||
|
+ /* step 11.3 X = W + 2^(L-1) */
|
||||||
|
if (!BN_copy(X,W)) goto err;
|
||||||
|
if (!BN_add(X,X,test)) goto err;
|
||||||
|
|
||||||
|
- /* step 9 */
|
||||||
|
+ /* step 11.4 c = X mod 2*q */
|
||||||
|
if (!BN_lshift1(r0,q)) goto err;
|
||||||
|
if (!BN_mod(c,X,r0,ctx)) goto err;
|
||||||
|
+
|
||||||
|
+ /* step 11.5 p = X - (c - 1) */
|
||||||
|
if (!BN_sub(r0,c,BN_value_one())) goto err;
|
||||||
|
if (!BN_sub(p,X,r0)) goto err;
|
||||||
|
|
||||||
|
- /* step 10 */
|
||||||
|
+ /* step 11.6 */
|
||||||
|
if (BN_cmp(p,test) >= 0)
|
||||||
|
{
|
||||||
|
- /* step 11 */
|
||||||
|
+ /* step 11.7 */
|
||||||
|
r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
|
||||||
|
ctx, 1, cb);
|
||||||
|
if (r > 0)
|
||||||
|
@@ -302,12 +300,12 @@ int dsa_builtin_paramgen(DSA *ret, size_
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* step 13 */
|
||||||
|
+ /* step 11.9 */
|
||||||
|
counter++;
|
||||||
|
/* "offset = offset + n + 1" */
|
||||||
|
|
||||||
|
- /* step 14 */
|
||||||
|
- if (counter >= 4096) break;
|
||||||
|
+ /* step 12 */
|
||||||
|
+ if (counter >= 4*bits) break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
end:
|
||||||
|
diff -up openssl-1.0.0c/crypto/dsa/dsa.h.fips186-3 openssl-1.0.0c/crypto/dsa/dsa.h
|
||||||
|
--- openssl-1.0.0c/crypto/dsa/dsa.h.fips186-3 2011-02-03 21:04:14.000000000 +0100
|
||||||
|
+++ openssl-1.0.0c/crypto/dsa/dsa.h 2011-02-03 21:04:14.000000000 +0100
|
||||||
|
@@ -316,6 +316,7 @@ void ERR_load_DSA_strings(void);
|
||||||
|
#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
|
||||||
|
#define DSA_R_DECODE_ERROR 104
|
||||||
|
#define DSA_R_INVALID_DIGEST_TYPE 106
|
||||||
|
+#define DSA_R_KEY_SIZE_INVALID 113
|
||||||
|
#define DSA_R_KEY_SIZE_TOO_SMALL 110
|
||||||
|
#define DSA_R_MISSING_PARAMETERS 101
|
||||||
|
#define DSA_R_MODULUS_TOO_LARGE 103
|
||||||
|
diff -up openssl-1.0.0c/crypto/dsa/dsatest.c.fips186-3 openssl-1.0.0c/crypto/dsa/dsatest.c
|
||||||
|
--- openssl-1.0.0c/crypto/dsa/dsatest.c.fips186-3 2011-02-03 21:14:07.000000000 +0100
|
||||||
|
+++ openssl-1.0.0c/crypto/dsa/dsatest.c 2011-02-04 08:40:24.000000000 +0100
|
||||||
|
@@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int
|
||||||
|
/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
|
||||||
|
* FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
|
||||||
|
static unsigned char seed[20]={
|
||||||
|
- 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
|
||||||
|
- 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
|
||||||
|
+ 0x02,0x47,0x11,0x92,0x11,0x88,0xC8,0xFB,0xAF,0x48,0x4C,0x62,
|
||||||
|
+ 0xDF,0xA5,0xBE,0xA0,0xA4,0x3C,0x56,0xE3,
|
||||||
|
};
|
||||||
|
|
||||||
|
static unsigned char out_p[]={
|
||||||
|
- 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
|
||||||
|
- 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
|
||||||
|
- 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
|
||||||
|
- 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
|
||||||
|
- 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
|
||||||
|
- 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
|
||||||
|
- 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
|
||||||
|
- 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
|
||||||
|
+ 0xAC,0xCB,0x1E,0x63,0x60,0x69,0x0C,0xFB,0x06,0x19,0x68,0x3E,
|
||||||
|
+ 0xA5,0x01,0x5A,0xA2,0x15,0x5C,0xE2,0x99,0x2D,0xD5,0x30,0x99,
|
||||||
|
+ 0x7E,0x5F,0x8D,0xE2,0xF7,0xC6,0x2E,0x8D,0xA3,0x9F,0x58,0xAD,
|
||||||
|
+ 0xD6,0xA9,0x7D,0x0E,0x0D,0x95,0x53,0xA6,0x71,0x3A,0xDE,0xAB,
|
||||||
|
+ 0xAC,0xE9,0xF4,0x36,0x55,0x9E,0xB9,0xD6,0x93,0xBF,0xF3,0x18,
|
||||||
|
+ 0x1C,0x14,0x7B,0xA5,0x42,0x2E,0xCD,0x00,0xEB,0x35,0x3B,0x1B,
|
||||||
|
+ 0xA8,0x51,0xBB,0xE1,0x58,0x42,0x85,0x84,0x22,0xA7,0x97,0x5E,
|
||||||
|
+ 0x99,0x6F,0x38,0x20,0xBD,0x9D,0xB6,0xD9,0x33,0x37,0x2A,0xFD,
|
||||||
|
+ 0xBB,0xD4,0xBC,0x0C,0x2A,0x67,0xCB,0x9F,0xBB,0xDF,0xF9,0x93,
|
||||||
|
+ 0xAA,0xD6,0xF0,0xD6,0x95,0x0B,0x5D,0x65,0x14,0xD0,0x18,0x9D,
|
||||||
|
+ 0xC6,0xAF,0xF0,0xC6,0x37,0x7C,0xF3,0x5F,
|
||||||
|
};
|
||||||
|
|
||||||
|
static unsigned char out_q[]={
|
||||||
|
- 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
|
||||||
|
- 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
|
||||||
|
- 0xda,0xce,0x91,0x5f,
|
||||||
|
+ 0xE3,0x8E,0x5E,0x6D,0xBF,0x2B,0x79,0xF8,0xC5,0x4B,0x89,0x8B,
|
||||||
|
+ 0xBA,0x2D,0x91,0xC3,0x6C,0x80,0xAC,0x87,
|
||||||
|
};
|
||||||
|
|
||||||
|
static unsigned char out_g[]={
|
||||||
|
- 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
|
||||||
|
- 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
|
||||||
|
- 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
|
||||||
|
- 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
|
||||||
|
- 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
|
||||||
|
- 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
|
||||||
|
- 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
|
||||||
|
- 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
|
||||||
|
+ 0x42,0x4A,0x04,0x4E,0x79,0xB4,0x99,0x7F,0xFD,0x58,0x36,0x2C,
|
||||||
|
+ 0x1B,0x5F,0x18,0x7E,0x0D,0xCC,0xAB,0x81,0xC9,0x5D,0x10,0xCE,
|
||||||
|
+ 0x4E,0x80,0x7E,0x58,0xB4,0x34,0x3F,0xA7,0x45,0xC7,0xAA,0x36,
|
||||||
|
+ 0x24,0x42,0xA9,0x3B,0xE8,0x0E,0x04,0x02,0x2D,0xFB,0xA6,0x13,
|
||||||
|
+ 0xB9,0xB5,0x15,0xA5,0x56,0x07,0x35,0xE4,0x03,0xB6,0x79,0x7C,
|
||||||
|
+ 0x62,0xDD,0xDF,0x3F,0x71,0x3A,0x9D,0x8B,0xC4,0xF6,0xE7,0x1D,
|
||||||
|
+ 0x52,0xA8,0xA9,0x43,0x1D,0x33,0x51,0x88,0x39,0xBD,0x73,0xE9,
|
||||||
|
+ 0x5F,0xBE,0x82,0x49,0x27,0xE6,0xB5,0x53,0xC1,0x38,0xAC,0x2F,
|
||||||
|
+ 0x6D,0x97,0x6C,0xEB,0x67,0xC1,0x5F,0x67,0xF8,0x35,0x05,0x5E,
|
||||||
|
+ 0xD5,0x68,0x80,0xAA,0x96,0xCA,0x0B,0x8A,0xE6,0xF1,0xB1,0x41,
|
||||||
|
+ 0xC6,0x75,0x94,0x0A,0x0A,0x2A,0xFA,0x29,
|
||||||
|
};
|
||||||
|
|
||||||
|
static const unsigned char str1[]="12345678901234567890";
|
||||||
|
@@ -157,7 +162,7 @@ int main(int argc, char **argv)
|
||||||
|
BIO_printf(bio_err,"test generation of DSA parameters\n");
|
||||||
|
|
||||||
|
BN_GENCB_set(&cb, dsa_cb, bio_err);
|
||||||
|
- if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
|
||||||
|
+ if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 1024,
|
||||||
|
seed, 20, &counter, &h, &cb))
|
||||||
|
goto end;
|
||||||
|
|
||||||
|
@@ -170,9 +175,9 @@ int main(int argc, char **argv)
|
||||||
|
BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);
|
||||||
|
|
||||||
|
DSA_print(bio_err,dsa,0);
|
||||||
|
- if (counter != 105)
|
||||||
|
+ if (counter != 239)
|
||||||
|
{
|
||||||
|
- BIO_printf(bio_err,"counter should be 105\n");
|
||||||
|
+ BIO_printf(bio_err,"counter should be 239\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
if (h != 2)
|
||||||
|
diff -up openssl-1.0.0c/crypto/fips/fips_dsa_selftest.c.fips186-3 openssl-1.0.0c/crypto/fips/fips_dsa_selftest.c
|
||||||
|
--- openssl-1.0.0c/crypto/fips/fips_dsa_selftest.c.fips186-3 2011-02-03 21:04:14.000000000 +0100
|
||||||
|
+++ openssl-1.0.0c/crypto/fips/fips_dsa_selftest.c 2011-02-04 09:03:03.000000000 +0100
|
||||||
|
@@ -68,44 +68,42 @@
|
||||||
|
|
||||||
|
#ifdef OPENSSL_FIPS
|
||||||
|
|
||||||
|
-/* seed, out_p, out_q, out_g are taken the NIST test vectors */
|
||||||
|
-
|
||||||
|
static unsigned char seed[20] = {
|
||||||
|
- 0x77, 0x8f, 0x40, 0x74, 0x6f, 0x66, 0xbe, 0x33, 0xce, 0xbe, 0x99, 0x34,
|
||||||
|
- 0x4c, 0xfc, 0xf3, 0x28, 0xaa, 0x70, 0x2d, 0x3a
|
||||||
|
- };
|
||||||
|
+ 0x02,0x47,0x11,0x92,0x11,0x88,0xC8,0xFB,0xAF,0x48,0x4C,0x62,
|
||||||
|
+ 0xDF,0xA5,0xBE,0xA0,0xA4,0x3C,0x56,0xE3,
|
||||||
|
+ };
|
||||||
|
|
||||||
|
static unsigned char out_p[] = {
|
||||||
|
- 0xf7, 0x7c, 0x1b, 0x83, 0xd8, 0xe8, 0x5c, 0x7f, 0x85, 0x30, 0x17, 0x57,
|
||||||
|
- 0x21, 0x95, 0xfe, 0x26, 0x04, 0xeb, 0x47, 0x4c, 0x3a, 0x4a, 0x81, 0x4b,
|
||||||
|
- 0x71, 0x2e, 0xed, 0x6e, 0x4f, 0x3d, 0x11, 0x0f, 0x7c, 0xfe, 0x36, 0x43,
|
||||||
|
- 0x51, 0xd9, 0x81, 0x39, 0x17, 0xdf, 0x62, 0xf6, 0x9c, 0x01, 0xa8, 0x69,
|
||||||
|
- 0x71, 0xdd, 0x29, 0x7f, 0x47, 0xe6, 0x65, 0xa6, 0x22, 0xe8, 0x6a, 0x12,
|
||||||
|
- 0x2b, 0xc2, 0x81, 0xff, 0x32, 0x70, 0x2f, 0x9e, 0xca, 0x53, 0x26, 0x47,
|
||||||
|
- 0x0f, 0x59, 0xd7, 0x9e, 0x2c, 0xa5, 0x07, 0xc4, 0x49, 0x52, 0xa3, 0xe4,
|
||||||
|
- 0x6b, 0x04, 0x00, 0x25, 0x49, 0xe2, 0xe6, 0x7f, 0x28, 0x78, 0x97, 0xb8,
|
||||||
|
- 0x3a, 0x32, 0x14, 0x38, 0xa2, 0x51, 0x33, 0x22, 0x44, 0x7e, 0xd7, 0xef,
|
||||||
|
- 0x45, 0xdb, 0x06, 0x4a, 0xd2, 0x82, 0x4a, 0x82, 0x2c, 0xb1, 0xd7, 0xd8,
|
||||||
|
- 0xb6, 0x73, 0x00, 0x4d, 0x94, 0x77, 0x94, 0xef
|
||||||
|
+ 0xAC,0xCB,0x1E,0x63,0x60,0x69,0x0C,0xFB,0x06,0x19,0x68,0x3E,
|
||||||
|
+ 0xA5,0x01,0x5A,0xA2,0x15,0x5C,0xE2,0x99,0x2D,0xD5,0x30,0x99,
|
||||||
|
+ 0x7E,0x5F,0x8D,0xE2,0xF7,0xC6,0x2E,0x8D,0xA3,0x9F,0x58,0xAD,
|
||||||
|
+ 0xD6,0xA9,0x7D,0x0E,0x0D,0x95,0x53,0xA6,0x71,0x3A,0xDE,0xAB,
|
||||||
|
+ 0xAC,0xE9,0xF4,0x36,0x55,0x9E,0xB9,0xD6,0x93,0xBF,0xF3,0x18,
|
||||||
|
+ 0x1C,0x14,0x7B,0xA5,0x42,0x2E,0xCD,0x00,0xEB,0x35,0x3B,0x1B,
|
||||||
|
+ 0xA8,0x51,0xBB,0xE1,0x58,0x42,0x85,0x84,0x22,0xA7,0x97,0x5E,
|
||||||
|
+ 0x99,0x6F,0x38,0x20,0xBD,0x9D,0xB6,0xD9,0x33,0x37,0x2A,0xFD,
|
||||||
|
+ 0xBB,0xD4,0xBC,0x0C,0x2A,0x67,0xCB,0x9F,0xBB,0xDF,0xF9,0x93,
|
||||||
|
+ 0xAA,0xD6,0xF0,0xD6,0x95,0x0B,0x5D,0x65,0x14,0xD0,0x18,0x9D,
|
||||||
|
+ 0xC6,0xAF,0xF0,0xC6,0x37,0x7C,0xF3,0x5F,
|
||||||
|
};
|
||||||
|
|
||||||
|
static unsigned char out_q[] = {
|
||||||
|
- 0xd4, 0x0a, 0xac, 0x9f, 0xbd, 0x8c, 0x80, 0xc2, 0x38, 0x7e, 0x2e, 0x0c,
|
||||||
|
- 0x52, 0x5c, 0xea, 0x34, 0xa1, 0x83, 0x32, 0xf3
|
||||||
|
+ 0xE3,0x8E,0x5E,0x6D,0xBF,0x2B,0x79,0xF8,0xC5,0x4B,0x89,0x8B,
|
||||||
|
+ 0xBA,0x2D,0x91,0xC3,0x6C,0x80,0xAC,0x87,
|
||||||
|
};
|
||||||
|
|
||||||
|
static unsigned char out_g[] = {
|
||||||
|
- 0x34, 0x73, 0x8b, 0x57, 0x84, 0x8e, 0x55, 0xbf, 0x57, 0xcc, 0x41, 0xbb,
|
||||||
|
- 0x5e, 0x2b, 0xd5, 0x42, 0xdd, 0x24, 0x22, 0x2a, 0x09, 0xea, 0x26, 0x1e,
|
||||||
|
- 0x17, 0x65, 0xcb, 0x1a, 0xb3, 0x12, 0x44, 0xa3, 0x9e, 0x99, 0xe9, 0x63,
|
||||||
|
- 0xeb, 0x30, 0xb1, 0x78, 0x7b, 0x09, 0x40, 0x30, 0xfa, 0x83, 0xc2, 0x35,
|
||||||
|
- 0xe1, 0xc4, 0x2d, 0x74, 0x1a, 0xb1, 0x83, 0x54, 0xd8, 0x29, 0xf4, 0xcf,
|
||||||
|
- 0x7f, 0x6f, 0x67, 0x1c, 0x36, 0x49, 0xee, 0x6c, 0xa2, 0x3c, 0x2d, 0x6a,
|
||||||
|
- 0xe9, 0xd3, 0x9a, 0xf6, 0x57, 0x78, 0x6f, 0xfd, 0x33, 0xcd, 0x3c, 0xed,
|
||||||
|
- 0xfd, 0xd4, 0x41, 0xe6, 0x5c, 0x8b, 0xe0, 0x68, 0x31, 0x47, 0x47, 0xaf,
|
||||||
|
- 0x12, 0xa7, 0xf9, 0x32, 0x0d, 0x94, 0x15, 0x48, 0xd0, 0x54, 0x85, 0xb2,
|
||||||
|
- 0x04, 0xb5, 0x4d, 0xd4, 0x9d, 0x05, 0x22, 0x25, 0xd9, 0xfd, 0x6c, 0x36,
|
||||||
|
- 0xef, 0xbe, 0x69, 0x6c, 0x55, 0xf4, 0xee, 0xec
|
||||||
|
+ 0x42,0x4A,0x04,0x4E,0x79,0xB4,0x99,0x7F,0xFD,0x58,0x36,0x2C,
|
||||||
|
+ 0x1B,0x5F,0x18,0x7E,0x0D,0xCC,0xAB,0x81,0xC9,0x5D,0x10,0xCE,
|
||||||
|
+ 0x4E,0x80,0x7E,0x58,0xB4,0x34,0x3F,0xA7,0x45,0xC7,0xAA,0x36,
|
||||||
|
+ 0x24,0x42,0xA9,0x3B,0xE8,0x0E,0x04,0x02,0x2D,0xFB,0xA6,0x13,
|
||||||
|
+ 0xB9,0xB5,0x15,0xA5,0x56,0x07,0x35,0xE4,0x03,0xB6,0x79,0x7C,
|
||||||
|
+ 0x62,0xDD,0xDF,0x3F,0x71,0x3A,0x9D,0x8B,0xC4,0xF6,0xE7,0x1D,
|
||||||
|
+ 0x52,0xA8,0xA9,0x43,0x1D,0x33,0x51,0x88,0x39,0xBD,0x73,0xE9,
|
||||||
|
+ 0x5F,0xBE,0x82,0x49,0x27,0xE6,0xB5,0x53,0xC1,0x38,0xAC,0x2F,
|
||||||
|
+ 0x6D,0x97,0x6C,0xEB,0x67,0xC1,0x5F,0x67,0xF8,0x35,0x05,0x5E,
|
||||||
|
+ 0xD5,0x68,0x80,0xAA,0x96,0xCA,0x0B,0x8A,0xE6,0xF1,0xB1,0x41,
|
||||||
|
+ 0xC6,0x75,0x94,0x0A,0x0A,0x2A,0xFA,0x29,
|
||||||
|
};
|
||||||
|
|
||||||
|
static const unsigned char str1[]="12345678901234567890";
|
||||||
|
@@ -133,7 +131,7 @@ int FIPS_selftest_dsa()
|
||||||
|
goto err;
|
||||||
|
if(!DSA_generate_parameters_ex(dsa, 1024,seed,20,&counter,&h,NULL))
|
||||||
|
goto err;
|
||||||
|
- if (counter != 378)
|
||||||
|
+ if (counter != 239)
|
||||||
|
goto err;
|
||||||
|
if (h != 2)
|
||||||
|
goto err;
|
25
openssl-1.0.0c-pkcs12-fips-default.patch
Normal file
25
openssl-1.0.0c-pkcs12-fips-default.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
diff -up openssl-1.0.0c/apps/pkcs12.c.fips-default openssl-1.0.0c/apps/pkcs12.c
|
||||||
|
--- openssl-1.0.0c/apps/pkcs12.c.fips-default 2009-07-27 23:08:45.000000000 +0200
|
||||||
|
+++ openssl-1.0.0c/apps/pkcs12.c 2011-02-04 15:25:38.000000000 +0100
|
||||||
|
@@ -67,6 +67,9 @@
|
||||||
|
#include <openssl/err.h>
|
||||||
|
#include <openssl/pem.h>
|
||||||
|
#include <openssl/pkcs12.h>
|
||||||
|
+#ifdef OPENSSL_FIPS
|
||||||
|
+#include <openssl/fips.h>
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
#define PROG pkcs12_main
|
||||||
|
|
||||||
|
@@ -130,6 +133,11 @@ int MAIN(int argc, char **argv)
|
||||||
|
|
||||||
|
apps_startup();
|
||||||
|
|
||||||
|
+#ifdef OPENSSL_FIPS
|
||||||
|
+ if (FIPS_mode())
|
||||||
|
+ cert_pbe = key_pbe; /* cannot use RC2 in the FIPS mode */
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
enc = EVP_des_ede3_cbc();
|
||||||
|
if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
|
||||||
|
|
36
openssl-1.0.0c-rsa-x931.patch
Normal file
36
openssl-1.0.0c-rsa-x931.patch
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
diff -up openssl-1.0.0c/apps/genrsa.c.x931 openssl-1.0.0c/apps/genrsa.c
|
||||||
|
--- openssl-1.0.0c/apps/genrsa.c.x931 2010-03-01 15:22:02.000000000 +0100
|
||||||
|
+++ openssl-1.0.0c/apps/genrsa.c 2011-02-01 18:32:05.000000000 +0100
|
||||||
|
@@ -95,6 +95,7 @@ int MAIN(int argc, char **argv)
|
||||||
|
int ret=1;
|
||||||
|
int i,num=DEFBITS;
|
||||||
|
long l;
|
||||||
|
+ int use_x931 = 0;
|
||||||
|
const EVP_CIPHER *enc=NULL;
|
||||||
|
unsigned long f4=RSA_F4;
|
||||||
|
char *outfile=NULL;
|
||||||
|
@@ -138,6 +139,8 @@ int MAIN(int argc, char **argv)
|
||||||
|
f4=3;
|
||||||
|
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
|
||||||
|
f4=RSA_F4;
|
||||||
|
+ else if (strcmp(*argv,"-x931") == 0)
|
||||||
|
+ use_x931 = 1;
|
||||||
|
#ifndef OPENSSL_NO_ENGINE
|
||||||
|
else if (strcmp(*argv,"-engine") == 0)
|
||||||
|
{
|
||||||
|
@@ -273,7 +276,14 @@ bad:
|
||||||
|
if (!rsa)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
- if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
|
||||||
|
+ if (use_x931)
|
||||||
|
+ {
|
||||||
|
+ if (!BN_set_word(bn, f4))
|
||||||
|
+ goto err;
|
||||||
|
+ if (!RSA_X931_generate_key_ex(rsa, num, bn, &cb))
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ else if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
app_RAND_write_file(NULL, bio_err);
|
94
openssl-1.0.0c-speed-fips.patch
Normal file
94
openssl-1.0.0c-speed-fips.patch
Normal file
@ -0,0 +1,94 @@
|
|||||||
|
diff -up openssl-1.0.0c/apps/speed.c.spfips openssl-1.0.0c/apps/speed.c
|
||||||
|
--- openssl-1.0.0c/apps/speed.c.spfips 2010-11-18 14:22:26.000000000 +0100
|
||||||
|
+++ openssl-1.0.0c/apps/speed.c 2011-01-24 17:25:32.000000000 +0100
|
||||||
|
@@ -100,6 +100,9 @@
|
||||||
|
#include <openssl/err.h>
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
#include <openssl/objects.h>
|
||||||
|
+#ifdef OPENSSL_FIPS
|
||||||
|
+#include <openssl/fips.h>
|
||||||
|
+#endif
|
||||||
|
#if !defined(OPENSSL_SYS_MSDOS)
|
||||||
|
#include OPENSSL_UNISTD
|
||||||
|
#endif
|
||||||
|
@@ -908,7 +911,12 @@ int MAIN(int argc, char **argv)
|
||||||
|
#ifndef OPENSSL_NO_RSA
|
||||||
|
if (strcmp(*argv,"rsa") == 0)
|
||||||
|
{
|
||||||
|
+#ifdef OPENSSL_FIPS
|
||||||
|
+ if (!FIPS_mode())
|
||||||
|
+#endif
|
||||||
|
+ {
|
||||||
|
rsa_doit[R_RSA_512]=1;
|
||||||
|
+ }
|
||||||
|
rsa_doit[R_RSA_1024]=1;
|
||||||
|
rsa_doit[R_RSA_2048]=1;
|
||||||
|
rsa_doit[R_RSA_4096]=1;
|
||||||
|
@@ -918,7 +926,12 @@ int MAIN(int argc, char **argv)
|
||||||
|
#ifndef OPENSSL_NO_DSA
|
||||||
|
if (strcmp(*argv,"dsa") == 0)
|
||||||
|
{
|
||||||
|
+#ifdef OPENSSL_FIPS
|
||||||
|
+ if (!FIPS_mode())
|
||||||
|
+#endif
|
||||||
|
+ {
|
||||||
|
dsa_doit[R_DSA_512]=1;
|
||||||
|
+ }
|
||||||
|
dsa_doit[R_DSA_1024]=1;
|
||||||
|
dsa_doit[R_DSA_2048]=1;
|
||||||
|
}
|
||||||
|
@@ -1193,30 +1206,54 @@ int MAIN(int argc, char **argv)
|
||||||
|
AES_set_encrypt_key(key32,256,&aes_ks3);
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_CAMELLIA
|
||||||
|
+ if (doit[D_CBC_128_CML] || doit[D_CBC_192_CML] || doit[D_CBC_256_CML])
|
||||||
|
+ {
|
||||||
|
Camellia_set_key(key16,128,&camellia_ks1);
|
||||||
|
Camellia_set_key(ckey24,192,&camellia_ks2);
|
||||||
|
Camellia_set_key(ckey32,256,&camellia_ks3);
|
||||||
|
+ }
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_IDEA
|
||||||
|
+ if (doit[D_CBC_IDEA])
|
||||||
|
+ {
|
||||||
|
idea_set_encrypt_key(key16,&idea_ks);
|
||||||
|
+ }
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_SEED
|
||||||
|
+ if (doit[D_CBC_SEED])
|
||||||
|
+ {
|
||||||
|
SEED_set_key(key16,&seed_ks);
|
||||||
|
+ }
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_RC4
|
||||||
|
+ if (doit[D_RC4])
|
||||||
|
+ {
|
||||||
|
RC4_set_key(&rc4_ks,16,key16);
|
||||||
|
+ }
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_RC2
|
||||||
|
+ if (doit[D_CBC_RC2])
|
||||||
|
+ {
|
||||||
|
RC2_set_key(&rc2_ks,16,key16,128);
|
||||||
|
+ }
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_RC5
|
||||||
|
+ if (doit[D_CBC_RC5])
|
||||||
|
+ {
|
||||||
|
RC5_32_set_key(&rc5_ks,16,key16,12);
|
||||||
|
+ }
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_BF
|
||||||
|
+ if (doit[D_CBC_BF])
|
||||||
|
+ {
|
||||||
|
BF_set_key(&bf_ks,16,key16);
|
||||||
|
+ }
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_CAST
|
||||||
|
+ if (doit[D_CBC_CAST])
|
||||||
|
+ {
|
||||||
|
CAST_set_key(&cast_ks,16,key16);
|
||||||
|
+ }
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_RSA
|
||||||
|
memset(rsa_c,0,sizeof(rsa_c));
|
110
openssl-1.0.0d-apps-dgst.patch
Normal file
110
openssl-1.0.0d-apps-dgst.patch
Normal file
@ -0,0 +1,110 @@
|
|||||||
|
diff -up openssl-1.0.0d/apps/ca.c.dgst openssl-1.0.0d/apps/ca.c
|
||||||
|
--- openssl-1.0.0d/apps/ca.c.dgst 2009-12-02 15:41:24.000000000 +0100
|
||||||
|
+++ openssl-1.0.0d/apps/ca.c 2011-04-05 21:09:42.000000000 +0200
|
||||||
|
@@ -157,7 +157,7 @@ static const char *ca_usage[]={
|
||||||
|
" -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
|
||||||
|
" -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n",
|
||||||
|
" -days arg - number of days to certify the certificate for\n",
|
||||||
|
-" -md arg - md to use, one of md2, md5, sha or sha1\n",
|
||||||
|
+" -md arg - md to use, see openssl dgst -h for list\n",
|
||||||
|
" -policy arg - The CA 'policy' to support\n",
|
||||||
|
" -keyfile arg - private key file\n",
|
||||||
|
" -keyform arg - private key file format (PEM or ENGINE)\n",
|
||||||
|
diff -up openssl-1.0.0d/apps/enc.c.dgst openssl-1.0.0d/apps/enc.c
|
||||||
|
--- openssl-1.0.0d/apps/enc.c.dgst 2010-06-15 19:25:02.000000000 +0200
|
||||||
|
+++ openssl-1.0.0d/apps/enc.c 2011-04-05 21:11:54.000000000 +0200
|
||||||
|
@@ -302,7 +302,7 @@ bad:
|
||||||
|
BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
|
||||||
|
BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
|
||||||
|
BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
|
||||||
|
- BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n","");
|
||||||
|
+ BIO_printf(bio_err,"%-14s from a passphrase. See openssl dgst -h for list.\n","");
|
||||||
|
BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S");
|
||||||
|
BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
|
||||||
|
BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
|
||||||
|
diff -up openssl-1.0.0d/apps/req.c.dgst openssl-1.0.0d/apps/req.c
|
||||||
|
--- openssl-1.0.0d/apps/req.c.dgst 2010-03-10 14:48:21.000000000 +0100
|
||||||
|
+++ openssl-1.0.0d/apps/req.c 2011-04-05 21:12:33.000000000 +0200
|
||||||
|
@@ -421,7 +421,7 @@ bad:
|
||||||
|
#ifndef OPENSSL_NO_ECDSA
|
||||||
|
BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
|
||||||
|
#endif
|
||||||
|
- BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
|
||||||
|
+ BIO_printf(bio_err," -[digest] Digest to sign with (see openssl dgst -h for list)\n");
|
||||||
|
BIO_printf(bio_err," -config file request template file.\n");
|
||||||
|
BIO_printf(bio_err," -subj arg set or modify request subject\n");
|
||||||
|
BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n");
|
||||||
|
diff -up openssl-1.0.0d/apps/ts.c.dgst openssl-1.0.0d/apps/ts.c
|
||||||
|
--- openssl-1.0.0d/apps/ts.c.dgst 2009-10-18 16:42:26.000000000 +0200
|
||||||
|
+++ openssl-1.0.0d/apps/ts.c 2011-04-05 21:16:07.000000000 +0200
|
||||||
|
@@ -368,7 +368,7 @@ int MAIN(int argc, char **argv)
|
||||||
|
BIO_printf(bio_err, "usage:\n"
|
||||||
|
"ts -query [-rand file%cfile%c...] [-config configfile] "
|
||||||
|
"[-data file_to_hash] [-digest digest_bytes]"
|
||||||
|
- "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] "
|
||||||
|
+ "[-<hashalg>] "
|
||||||
|
"[-policy object_id] [-no_nonce] [-cert] "
|
||||||
|
"[-in request.tsq] [-out request.tsq] [-text]\n",
|
||||||
|
LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||||
|
diff -up openssl-1.0.0d/apps/x509.c.dgst openssl-1.0.0d/apps/x509.c
|
||||||
|
--- openssl-1.0.0d/apps/x509.c.dgst 2011-04-05 21:13:42.000000000 +0200
|
||||||
|
+++ openssl-1.0.0d/apps/x509.c 2011-04-05 21:13:17.000000000 +0200
|
||||||
|
@@ -141,7 +141,7 @@ static const char *x509_usage[]={
|
||||||
|
" -set_serial - serial number to use\n",
|
||||||
|
" -text - print the certificate in text form\n",
|
||||||
|
" -C - print out C code forms\n",
|
||||||
|
-" -md2/-md5/-sha1/-mdc2 - digest to use\n",
|
||||||
|
+" -<dgst> - digest to use, see openssl dgst -h output for list\n",
|
||||||
|
" -extfile - configuration file with X509V3 extensions to add\n",
|
||||||
|
" -extensions - section from config file with X509V3 extensions to add\n",
|
||||||
|
" -clrext - delete extensions before signing and input certificate\n",
|
||||||
|
diff -up openssl-1.0.0d/doc/apps/ca.pod.dgst openssl-1.0.0d/doc/apps/ca.pod
|
||||||
|
--- openssl-1.0.0d/doc/apps/ca.pod.dgst 2009-04-10 13:25:53.000000000 +0200
|
||||||
|
+++ openssl-1.0.0d/doc/apps/ca.pod 2011-04-05 21:16:39.000000000 +0200
|
||||||
|
@@ -160,7 +160,8 @@ the number of days to certify the certif
|
||||||
|
=item B<-md alg>
|
||||||
|
|
||||||
|
the message digest to use. Possible values include md5, sha1 and mdc2.
|
||||||
|
-This option also applies to CRLs.
|
||||||
|
+For full list of digests see openssl dgst -h output. This option also
|
||||||
|
+applies to CRLs.
|
||||||
|
|
||||||
|
=item B<-policy arg>
|
||||||
|
|
||||||
|
diff -up openssl-1.0.0d/doc/apps/ocsp.pod.dgst openssl-1.0.0d/doc/apps/ocsp.pod
|
||||||
|
--- openssl-1.0.0d/doc/apps/ocsp.pod.dgst 2008-02-25 19:11:47.000000000 +0100
|
||||||
|
+++ openssl-1.0.0d/doc/apps/ocsp.pod 2011-04-05 21:18:17.000000000 +0200
|
||||||
|
@@ -210,7 +210,8 @@ check is not performed.
|
||||||
|
=item B<-md5|-sha1|-sha256|-ripemod160|...>
|
||||||
|
|
||||||
|
this option sets digest algorithm to use for certificate identification
|
||||||
|
-in the OCSP request. By default SHA-1 is used.
|
||||||
|
+in the OCSP request. By default SHA-1 is used. See openssl dgst -h output for
|
||||||
|
+the list of available algorithms.
|
||||||
|
|
||||||
|
=back
|
||||||
|
|
||||||
|
diff -up openssl-1.0.0d/doc/apps/req.pod.dgst openssl-1.0.0d/doc/apps/req.pod
|
||||||
|
--- openssl-1.0.0d/doc/apps/req.pod.dgst 2009-04-10 18:42:28.000000000 +0200
|
||||||
|
+++ openssl-1.0.0d/doc/apps/req.pod 2011-04-05 21:20:47.000000000 +0200
|
||||||
|
@@ -201,7 +201,8 @@ will not be encrypted.
|
||||||
|
|
||||||
|
this specifies the message digest to sign the request with (such as
|
||||||
|
B<-md5>, B<-sha1>). This overrides the digest algorithm specified in
|
||||||
|
-the configuration file.
|
||||||
|
+the configuration file. For full list of possible digests see openssl
|
||||||
|
+dgst -h output.
|
||||||
|
|
||||||
|
Some public key algorithms may override this choice. For instance, DSA
|
||||||
|
signatures always use SHA1, GOST R 34.10 signatures always use
|
||||||
|
diff -up openssl-1.0.0d/doc/apps/x509.pod.dgst openssl-1.0.0d/doc/apps/x509.pod
|
||||||
|
--- openssl-1.0.0d/doc/apps/x509.pod.dgst 2010-01-12 18:27:11.000000000 +0100
|
||||||
|
+++ openssl-1.0.0d/doc/apps/x509.pod 2011-04-05 21:19:56.000000000 +0200
|
||||||
|
@@ -101,6 +101,7 @@ the digest to use. This affects any sign
|
||||||
|
digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
|
||||||
|
specified then SHA1 is used. If the key being used to sign with is a DSA key
|
||||||
|
then this option has no effect: SHA1 is always used with DSA keys.
|
||||||
|
+For full list of digests see openssl dgst -h output.
|
||||||
|
|
||||||
|
=item B<-engine id>
|
||||||
|
|
22
openssl-1.0.0d-version.patch
Normal file
22
openssl-1.0.0d-version.patch
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
diff -up openssl-1.0.0d/crypto/opensslv.h.version openssl-1.0.0d/crypto/opensslv.h
|
||||||
|
--- openssl-1.0.0d/crypto/opensslv.h.version 2011-02-10 14:24:52.000000000 +0100
|
||||||
|
+++ openssl-1.0.0d/crypto/opensslv.h 2011-02-10 14:48:00.000000000 +0100
|
||||||
|
@@ -25,7 +25,8 @@
|
||||||
|
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||||
|
* major minor fix final patch/beta)
|
||||||
|
*/
|
||||||
|
-#define OPENSSL_VERSION_NUMBER 0x1000004fL
|
||||||
|
+/* we have to keep the version number to not break the abi */
|
||||||
|
+#define OPENSSL_VERSION_NUMBER 0x10000003
|
||||||
|
#ifdef OPENSSL_FIPS
|
||||||
|
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0d-fips 8 Feb 2011"
|
||||||
|
#else
|
||||||
|
@@ -83,7 +84,7 @@
|
||||||
|
* should only keep the versions that are binary compatible with the current.
|
||||||
|
*/
|
||||||
|
#define SHLIB_VERSION_HISTORY ""
|
||||||
|
-#define SHLIB_VERSION_NUMBER "1.0.0"
|
||||||
|
+#define SHLIB_VERSION_NUMBER "1.0.0d"
|
||||||
|
|
||||||
|
|
||||||
|
#endif /* HEADER_OPENSSLV_H */
|
Loading…
Reference in New Issue
Block a user