update to the 1.1.1c release
This commit is contained in:
parent
b3060e5f2d
commit
31d61b19d5
1
.gitignore
vendored
1
.gitignore
vendored
@ -43,3 +43,4 @@ openssl-1.0.0a-usa.tar.bz2
|
|||||||
/openssl-1.1.1-hobbled.tar.xz
|
/openssl-1.1.1-hobbled.tar.xz
|
||||||
/openssl-1.1.1a-hobbled.tar.xz
|
/openssl-1.1.1a-hobbled.tar.xz
|
||||||
/openssl-1.1.1b-hobbled.tar.xz
|
/openssl-1.1.1b-hobbled.tar.xz
|
||||||
|
/openssl-1.1.1c-hobbled.tar.xz
|
||||||
|
72
ectest.c
72
ectest.c
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||||
*
|
*
|
||||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||||
@ -728,6 +728,75 @@ err:
|
|||||||
BN_CTX_free(ctx);
|
BN_CTX_free(ctx);
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Tests a point known to cause an incorrect underflow in an old version of
|
||||||
|
* ecp_nist521.c
|
||||||
|
*/
|
||||||
|
static int underflow_test(void)
|
||||||
|
{
|
||||||
|
BN_CTX *ctx = NULL;
|
||||||
|
EC_GROUP *grp = NULL;
|
||||||
|
EC_POINT *P = NULL, *Q = NULL, *R = NULL;
|
||||||
|
BIGNUM *x1 = NULL, *y1 = NULL, *z1 = NULL, *x2 = NULL, *y2 = NULL;
|
||||||
|
BIGNUM *k = NULL;
|
||||||
|
int testresult = 0;
|
||||||
|
const char *x1str =
|
||||||
|
"1534f0077fffffe87e9adcfe000000000000000000003e05a21d2400002e031b1f4"
|
||||||
|
"b80000c6fafa4f3c1288798d624a247b5e2ffffffffffffffefe099241900004";
|
||||||
|
const char *p521m1 =
|
||||||
|
"1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
|
||||||
|
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe";
|
||||||
|
|
||||||
|
ctx = BN_CTX_new();
|
||||||
|
if (!TEST_ptr(ctx))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
BN_CTX_start(ctx);
|
||||||
|
x1 = BN_CTX_get(ctx);
|
||||||
|
y1 = BN_CTX_get(ctx);
|
||||||
|
z1 = BN_CTX_get(ctx);
|
||||||
|
x2 = BN_CTX_get(ctx);
|
||||||
|
y2 = BN_CTX_get(ctx);
|
||||||
|
k = BN_CTX_get(ctx);
|
||||||
|
if (!TEST_ptr(k))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
grp = EC_GROUP_new_by_curve_name(NID_secp521r1);
|
||||||
|
P = EC_POINT_new(grp);
|
||||||
|
Q = EC_POINT_new(grp);
|
||||||
|
R = EC_POINT_new(grp);
|
||||||
|
if (!TEST_ptr(grp) || !TEST_ptr(P) || !TEST_ptr(Q) || !TEST_ptr(R))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
if (!TEST_int_gt(BN_hex2bn(&x1, x1str), 0)
|
||||||
|
|| !TEST_int_gt(BN_hex2bn(&y1, p521m1), 0)
|
||||||
|
|| !TEST_int_gt(BN_hex2bn(&z1, p521m1), 0)
|
||||||
|
|| !TEST_int_gt(BN_hex2bn(&k, "02"), 0)
|
||||||
|
|| !TEST_true(EC_POINT_set_Jprojective_coordinates_GFp(grp, P, x1,
|
||||||
|
y1, z1, ctx))
|
||||||
|
|| !TEST_true(EC_POINT_mul(grp, Q, NULL, P, k, ctx))
|
||||||
|
|| !TEST_true(EC_POINT_get_affine_coordinates(grp, Q, x1, y1, ctx))
|
||||||
|
|| !TEST_true(EC_POINT_dbl(grp, R, P, ctx))
|
||||||
|
|| !TEST_true(EC_POINT_get_affine_coordinates(grp, R, x2, y2, ctx)))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
if (!TEST_int_eq(BN_cmp(x1, x2), 0)
|
||||||
|
|| !TEST_int_eq(BN_cmp(y1, y2), 0))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
testresult = 1;
|
||||||
|
|
||||||
|
err:
|
||||||
|
BN_CTX_end(ctx);
|
||||||
|
EC_POINT_free(P);
|
||||||
|
EC_POINT_free(Q);
|
||||||
|
EC_POINT_free(R);
|
||||||
|
EC_GROUP_free(grp);
|
||||||
|
BN_CTX_free(ctx);
|
||||||
|
|
||||||
|
return testresult;
|
||||||
|
}
|
||||||
# endif
|
# endif
|
||||||
|
|
||||||
static const unsigned char p521_named[] = {
|
static const unsigned char p521_named[] = {
|
||||||
@ -835,6 +904,7 @@ int setup_tests(void)
|
|||||||
# endif
|
# endif
|
||||||
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||||
ADD_ALL_TESTS(nistp_single_test, OSSL_NELEM(nistp_tests_params));
|
ADD_ALL_TESTS(nistp_single_test, OSSL_NELEM(nistp_tests_params));
|
||||||
|
ADD_TEST(underflow_test);
|
||||||
# endif
|
# endif
|
||||||
ADD_ALL_TESTS(internal_curve_test, crv_len);
|
ADD_ALL_TESTS(internal_curve_test, crv_len);
|
||||||
ADD_ALL_TESTS(internal_curve_test_method, crv_len);
|
ADD_ALL_TESTS(internal_curve_test_method, crv_len);
|
||||||
|
@ -1,40 +1,38 @@
|
|||||||
diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
diff -up openssl-1.1.1c/apps/speed.c.curves openssl-1.1.1c/apps/speed.c
|
||||||
--- openssl-1.1.1b/apps/speed.c.curves 2019-02-26 15:15:30.000000000 +0100
|
--- openssl-1.1.1c/apps/speed.c.curves 2019-05-28 15:12:21.000000000 +0200
|
||||||
+++ openssl-1.1.1b/apps/speed.c 2019-02-28 11:20:42.347170167 +0100
|
+++ openssl-1.1.1c/apps/speed.c 2019-05-29 15:36:53.332224470 +0200
|
||||||
@@ -489,82 +489,28 @@ static const OPT_PAIR rsa_choices[] = {
|
@@ -490,90 +490,30 @@ static double rsa_results[RSA_NUM][2];
|
||||||
static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
|
|
||||||
#endif /* OPENSSL_NO_RSA */
|
#endif /* OPENSSL_NO_RSA */
|
||||||
|
|
||||||
-#define R_EC_P160 0
|
enum {
|
||||||
-#define R_EC_P192 1
|
- R_EC_P160,
|
||||||
-#define R_EC_P224 2
|
- R_EC_P192,
|
||||||
-#define R_EC_P256 3
|
R_EC_P224,
|
||||||
-#define R_EC_P384 4
|
R_EC_P256,
|
||||||
-#define R_EC_P521 5
|
R_EC_P384,
|
||||||
-#define R_EC_K163 6
|
R_EC_P521,
|
||||||
-#define R_EC_K233 7
|
-#ifndef OPENSSL_NO_EC2M
|
||||||
-#define R_EC_K283 8
|
- R_EC_K163,
|
||||||
-#define R_EC_K409 9
|
- R_EC_K233,
|
||||||
-#define R_EC_K571 10
|
- R_EC_K283,
|
||||||
-#define R_EC_B163 11
|
- R_EC_K409,
|
||||||
-#define R_EC_B233 12
|
- R_EC_K571,
|
||||||
-#define R_EC_B283 13
|
- R_EC_B163,
|
||||||
-#define R_EC_B409 14
|
- R_EC_B233,
|
||||||
-#define R_EC_B571 15
|
- R_EC_B283,
|
||||||
-#define R_EC_BRP256R1 16
|
- R_EC_B409,
|
||||||
-#define R_EC_BRP256T1 17
|
- R_EC_B571,
|
||||||
-#define R_EC_BRP384R1 18
|
-#endif
|
||||||
-#define R_EC_BRP384T1 19
|
- R_EC_BRP256R1,
|
||||||
-#define R_EC_BRP512R1 20
|
- R_EC_BRP256T1,
|
||||||
-#define R_EC_BRP512T1 21
|
- R_EC_BRP384R1,
|
||||||
-#define R_EC_X25519 22
|
- R_EC_BRP384T1,
|
||||||
-#define R_EC_X448 23
|
- R_EC_BRP512R1,
|
||||||
+#define R_EC_P224 0
|
- R_EC_BRP512T1,
|
||||||
+#define R_EC_P256 1
|
R_EC_X25519,
|
||||||
+#define R_EC_P384 2
|
R_EC_X448
|
||||||
+#define R_EC_P521 3
|
};
|
||||||
+#define R_EC_X25519 4
|
|
||||||
+#define R_EC_X448 5
|
|
||||||
#ifndef OPENSSL_NO_EC
|
#ifndef OPENSSL_NO_EC
|
||||||
static OPT_PAIR ecdsa_choices[] = {
|
static OPT_PAIR ecdsa_choices[] = {
|
||||||
- {"ecdsap160", R_EC_P160},
|
- {"ecdsap160", R_EC_P160},
|
||||||
@ -43,6 +41,7 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
|||||||
{"ecdsap256", R_EC_P256},
|
{"ecdsap256", R_EC_P256},
|
||||||
{"ecdsap384", R_EC_P384},
|
{"ecdsap384", R_EC_P384},
|
||||||
{"ecdsap521", R_EC_P521},
|
{"ecdsap521", R_EC_P521},
|
||||||
|
-# ifndef OPENSSL_NO_EC2M
|
||||||
- {"ecdsak163", R_EC_K163},
|
- {"ecdsak163", R_EC_K163},
|
||||||
- {"ecdsak233", R_EC_K233},
|
- {"ecdsak233", R_EC_K233},
|
||||||
- {"ecdsak283", R_EC_K283},
|
- {"ecdsak283", R_EC_K283},
|
||||||
@ -53,6 +52,7 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
|||||||
- {"ecdsab283", R_EC_B283},
|
- {"ecdsab283", R_EC_B283},
|
||||||
- {"ecdsab409", R_EC_B409},
|
- {"ecdsab409", R_EC_B409},
|
||||||
- {"ecdsab571", R_EC_B571},
|
- {"ecdsab571", R_EC_B571},
|
||||||
|
-# endif
|
||||||
- {"ecdsabrp256r1", R_EC_BRP256R1},
|
- {"ecdsabrp256r1", R_EC_BRP256R1},
|
||||||
- {"ecdsabrp256t1", R_EC_BRP256T1},
|
- {"ecdsabrp256t1", R_EC_BRP256T1},
|
||||||
- {"ecdsabrp384r1", R_EC_BRP384R1},
|
- {"ecdsabrp384r1", R_EC_BRP384R1},
|
||||||
@ -71,6 +71,7 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
|||||||
{"ecdhp256", R_EC_P256},
|
{"ecdhp256", R_EC_P256},
|
||||||
{"ecdhp384", R_EC_P384},
|
{"ecdhp384", R_EC_P384},
|
||||||
{"ecdhp521", R_EC_P521},
|
{"ecdhp521", R_EC_P521},
|
||||||
|
-# ifndef OPENSSL_NO_EC2M
|
||||||
- {"ecdhk163", R_EC_K163},
|
- {"ecdhk163", R_EC_K163},
|
||||||
- {"ecdhk233", R_EC_K233},
|
- {"ecdhk233", R_EC_K233},
|
||||||
- {"ecdhk283", R_EC_K283},
|
- {"ecdhk283", R_EC_K283},
|
||||||
@ -81,6 +82,7 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
|||||||
- {"ecdhb283", R_EC_B283},
|
- {"ecdhb283", R_EC_B283},
|
||||||
- {"ecdhb409", R_EC_B409},
|
- {"ecdhb409", R_EC_B409},
|
||||||
- {"ecdhb571", R_EC_B571},
|
- {"ecdhb571", R_EC_B571},
|
||||||
|
-# endif
|
||||||
- {"ecdhbrp256r1", R_EC_BRP256R1},
|
- {"ecdhbrp256r1", R_EC_BRP256R1},
|
||||||
- {"ecdhbrp256t1", R_EC_BRP256T1},
|
- {"ecdhbrp256t1", R_EC_BRP256T1},
|
||||||
- {"ecdhbrp384r1", R_EC_BRP384R1},
|
- {"ecdhbrp384r1", R_EC_BRP384R1},
|
||||||
@ -90,7 +92,7 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
|||||||
{"ecdhx25519", R_EC_X25519},
|
{"ecdhx25519", R_EC_X25519},
|
||||||
{"ecdhx448", R_EC_X448}
|
{"ecdhx448", R_EC_X448}
|
||||||
};
|
};
|
||||||
@@ -1495,29 +1441,10 @@ int speed_main(int argc, char **argv)
|
@@ -1504,31 +1444,10 @@ int speed_main(int argc, char **argv)
|
||||||
unsigned int bits;
|
unsigned int bits;
|
||||||
} test_curves[] = {
|
} test_curves[] = {
|
||||||
/* Prime Curves */
|
/* Prime Curves */
|
||||||
@ -100,6 +102,7 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
|||||||
{"nistp256", NID_X9_62_prime256v1, 256},
|
{"nistp256", NID_X9_62_prime256v1, 256},
|
||||||
{"nistp384", NID_secp384r1, 384},
|
{"nistp384", NID_secp384r1, 384},
|
||||||
{"nistp521", NID_secp521r1, 521},
|
{"nistp521", NID_secp521r1, 521},
|
||||||
|
-# ifndef OPENSSL_NO_EC2M
|
||||||
- /* Binary Curves */
|
- /* Binary Curves */
|
||||||
- {"nistk163", NID_sect163k1, 163},
|
- {"nistk163", NID_sect163k1, 163},
|
||||||
- {"nistk233", NID_sect233k1, 233},
|
- {"nistk233", NID_sect233k1, 233},
|
||||||
@ -111,6 +114,7 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
|||||||
- {"nistb283", NID_sect283r1, 283},
|
- {"nistb283", NID_sect283r1, 283},
|
||||||
- {"nistb409", NID_sect409r1, 409},
|
- {"nistb409", NID_sect409r1, 409},
|
||||||
- {"nistb571", NID_sect571r1, 571},
|
- {"nistb571", NID_sect571r1, 571},
|
||||||
|
-# endif
|
||||||
- {"brainpoolP256r1", NID_brainpoolP256r1, 256},
|
- {"brainpoolP256r1", NID_brainpoolP256r1, 256},
|
||||||
- {"brainpoolP256t1", NID_brainpoolP256t1, 256},
|
- {"brainpoolP256t1", NID_brainpoolP256t1, 256},
|
||||||
- {"brainpoolP384r1", NID_brainpoolP384r1, 384},
|
- {"brainpoolP384r1", NID_brainpoolP384r1, 384},
|
||||||
@ -120,7 +124,7 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
|||||||
/* Other and ECDH only ones */
|
/* Other and ECDH only ones */
|
||||||
{"X25519", NID_X25519, 253},
|
{"X25519", NID_X25519, 253},
|
||||||
{"X448", NID_X448, 448}
|
{"X448", NID_X448, 448}
|
||||||
@@ -2017,9 +1944,9 @@ int speed_main(int argc, char **argv)
|
@@ -2028,9 +1947,9 @@ int speed_main(int argc, char **argv)
|
||||||
# endif
|
# endif
|
||||||
|
|
||||||
# ifndef OPENSSL_NO_EC
|
# ifndef OPENSSL_NO_EC
|
||||||
@ -133,46 +137,38 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
|||||||
ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
|
ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
|
||||||
ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
|
ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
|
||||||
if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
|
if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
|
||||||
@@ -2031,6 +1958,7 @@ int speed_main(int argc, char **argv)
|
@@ -2042,7 +1961,7 @@ int speed_main(int argc, char **argv)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
+#if 0
|
-# ifndef OPENSSL_NO_EC2M
|
||||||
|
+# if 0
|
||||||
ecdsa_c[R_EC_K163][0] = count / 1000;
|
ecdsa_c[R_EC_K163][0] = count / 1000;
|
||||||
ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
|
ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
|
||||||
for (i = R_EC_K233; i <= R_EC_K571; i++) {
|
for (i = R_EC_K233; i <= R_EC_K571; i++) {
|
||||||
@@ -2059,9 +1987,9 @@ int speed_main(int argc, char **argv)
|
@@ -2073,8 +1992,8 @@ int speed_main(int argc, char **argv)
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
-
|
# endif
|
||||||
|
|
||||||
- ecdh_c[R_EC_P160][0] = count / 1000;
|
- ecdh_c[R_EC_P160][0] = count / 1000;
|
||||||
- for (i = R_EC_P192; i <= R_EC_P521; i++) {
|
- for (i = R_EC_P192; i <= R_EC_P521; i++) {
|
||||||
+#endif
|
|
||||||
+ ecdh_c[R_EC_P224][0] = count / 1000;
|
+ ecdh_c[R_EC_P224][0] = count / 1000;
|
||||||
+ for (i = R_EC_P256; i <= R_EC_P521; i++) {
|
+ for (i = R_EC_P256; i <= R_EC_P521; i++) {
|
||||||
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
|
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
|
||||||
if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
|
if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
|
||||||
ecdh_doit[i] = 0;
|
ecdh_doit[i] = 0;
|
||||||
@@ -2071,6 +1999,7 @@ int speed_main(int argc, char **argv)
|
@@ -2084,7 +2003,7 @@ int speed_main(int argc, char **argv)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
+#if 0
|
-# ifndef OPENSSL_NO_EC2M
|
||||||
|
+# if 0
|
||||||
ecdh_c[R_EC_K163][0] = count / 1000;
|
ecdh_c[R_EC_K163][0] = count / 1000;
|
||||||
for (i = R_EC_K233; i <= R_EC_K571; i++) {
|
for (i = R_EC_K233; i <= R_EC_K571; i++) {
|
||||||
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
|
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
|
||||||
@@ -2116,6 +2045,7 @@ int speed_main(int argc, char **argv)
|
diff -up openssl-1.1.1c/crypto/ec/ecp_smpl.c.curves openssl-1.1.1c/crypto/ec/ecp_smpl.c
|
||||||
}
|
--- openssl-1.1.1c/crypto/ec/ecp_smpl.c.curves 2019-05-28 15:12:21.000000000 +0200
|
||||||
}
|
+++ openssl-1.1.1c/crypto/ec/ecp_smpl.c 2019-05-29 15:30:09.071349520 +0200
|
||||||
}
|
|
||||||
+#endif
|
|
||||||
/* default iteration count for the last two EC Curves */
|
|
||||||
ecdh_c[R_EC_X25519][0] = count / 1800;
|
|
||||||
ecdh_c[R_EC_X448][0] = count / 7200;
|
|
||||||
diff -up openssl-1.1.1b/crypto/ec/ecp_smpl.c.curves openssl-1.1.1b/crypto/ec/ecp_smpl.c
|
|
||||||
--- openssl-1.1.1b/crypto/ec/ecp_smpl.c.curves 2019-02-26 15:15:30.000000000 +0100
|
|
||||||
+++ openssl-1.1.1b/crypto/ec/ecp_smpl.c 2019-02-28 11:19:30.628479300 +0100
|
|
||||||
@@ -145,6 +145,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
|
@@ -145,6 +145,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -185,22 +181,30 @@ diff -up openssl-1.1.1b/crypto/ec/ecp_smpl.c.curves openssl-1.1.1b/crypto/ec/ecp
|
|||||||
if (ctx == NULL) {
|
if (ctx == NULL) {
|
||||||
ctx = new_ctx = BN_CTX_new();
|
ctx = new_ctx = BN_CTX_new();
|
||||||
if (ctx == NULL)
|
if (ctx == NULL)
|
||||||
diff -up openssl-1.1.1b/test/ecdsatest.c.curves openssl-1.1.1b/test/ecdsatest.c
|
diff -up openssl-1.1.1c/test/ecdsatest.h.curves openssl-1.1.1c/test/ecdsatest.h
|
||||||
--- openssl-1.1.1b/test/ecdsatest.c.curves 2019-02-26 15:15:30.000000000 +0100
|
--- openssl-1.1.1c/test/ecdsatest.h.curves 2019-05-29 15:30:09.010350595 +0200
|
||||||
+++ openssl-1.1.1b/test/ecdsatest.c 2019-02-28 11:19:30.628479300 +0100
|
+++ openssl-1.1.1c/test/ecdsatest.h 2019-05-29 15:41:24.586444294 +0200
|
||||||
@@ -176,6 +176,7 @@ static int x9_62_tests(void)
|
@@ -32,23 +32,6 @@ typedef struct {
|
||||||
if (!change_rand())
|
} ecdsa_cavs_kat_t;
|
||||||
goto x962_err;
|
|
||||||
|
|
||||||
+#if 0
|
static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
|
||||||
if (!TEST_true(x9_62_test_internal(NID_X9_62_prime192v1,
|
- /* prime KATs from X9.62 */
|
||||||
"3342403536405981729393488334694600415596881826869351677613",
|
- {NID_X9_62_prime192v1, NID_sha1,
|
||||||
"5735822328888155254683894997897571951568553642892029982342")))
|
- "616263", /* "abc" */
|
||||||
@@ -186,6 +187,7 @@ static int x9_62_tests(void)
|
- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
|
||||||
"3238135532097973577080787768312505059318910517550078427819"
|
- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
|
||||||
"78505179448783")))
|
- "5ca5c0d69716dfcb3474373902",
|
||||||
goto x962_err;
|
- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
|
||||||
+#endif
|
- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
|
||||||
|
- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
|
||||||
# ifndef OPENSSL_NO_EC2M
|
- {NID_X9_62_prime239v1, NID_sha1,
|
||||||
if (!TEST_true(x9_62_test_internal(NID_X9_62_c2tnb191v1,
|
- "616263", /* "abc" */
|
||||||
|
- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
|
||||||
|
- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
|
||||||
|
- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
|
||||||
|
- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
|
||||||
|
- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
|
||||||
|
- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
|
||||||
|
/* prime KATs from NIST CAVP */
|
||||||
|
{NID_secp224r1, NID_sha224,
|
||||||
|
"699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
|
||||||
|
@ -5221,17 +5221,16 @@ diff -up openssl-1.1.1b/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1b/te
|
|||||||
+use OpenSSL::Test::Simple;
|
+use OpenSSL::Test::Simple;
|
||||||
+
|
+
|
||||||
+simple_test("test_evp_kdf", "evp_kdf_test");
|
+simple_test("test_evp_kdf", "evp_kdf_test");
|
||||||
diff -up openssl-1.1.1b/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1b/test/recipes/30-test_evp.t
|
diff -up openssl-1.1.1c/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1c/test/recipes/30-test_evp.t
|
||||||
--- openssl-1.1.1b/test/recipes/30-test_evp.t.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
--- openssl-1.1.1c/test/recipes/30-test_evp.t.evp-kdf 2019-05-29 16:55:38.236960543 +0200
|
||||||
+++ openssl-1.1.1b/test/recipes/30-test_evp.t 2019-02-28 13:05:05.659521326 +0100
|
+++ openssl-1.1.1c/test/recipes/30-test_evp.t 2019-05-29 16:57:46.348718012 +0200
|
||||||
@@ -15,8 +15,8 @@ use OpenSSL::Test qw/:DEFAULT data_file/
|
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/
|
||||||
setup("test_evp");
|
setup("test_evp");
|
||||||
|
|
||||||
my @files = ( "evpciph.txt", "evpdigest.txt", "evpencod.txt", "evpkdf.txt",
|
my @files = ( "evpciph.txt", "evpdigest.txt", "evpencod.txt", "evpkdf.txt",
|
||||||
- "evpmac.txt", "evppbe.txt", "evppkey.txt", "evppkey_ecc.txt",
|
- "evpmac.txt", "evppbe.txt", "evppkey.txt", "evppkey_ecc.txt",
|
||||||
- "evpcase.txt" );
|
+ "evppkey_kdf.txt", "evpmac.txt", "evppbe.txt", "evppkey.txt", "evppkey_ecc.txt",
|
||||||
+ "evppkey_kdf.txt", "evpmac.txt", "evppbe.txt", "evppkey.txt",
|
"evpcase.txt", "evpccmcavs.txt" );
|
||||||
+ "evppkey_ecc.txt", "evpcase.txt" );
|
|
||||||
|
|
||||||
plan tests => scalar(@files);
|
plan tests => scalar(@files);
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.1.1a/crypto/fips/fips.c.fips-post-rand openssl-1.1.1a/crypto/fips/fips.c
|
diff -up openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand openssl-1.1.1c/crypto/fips/fips.c
|
||||||
--- openssl-1.1.1a/crypto/fips/fips.c.fips-post-rand 2019-01-15 14:14:07.813360637 +0100
|
--- openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand 2019-05-29 15:53:56.328216002 +0200
|
||||||
+++ openssl-1.1.1a/crypto/fips/fips.c 2019-01-15 14:14:07.838360173 +0100
|
+++ openssl-1.1.1c/crypto/fips/fips.c 2019-05-29 15:53:56.359215457 +0200
|
||||||
@@ -68,6 +68,7 @@
|
@@ -68,6 +68,7 @@
|
||||||
|
|
||||||
# include <openssl/fips.h>
|
# include <openssl/fips.h>
|
||||||
@ -51,10 +51,10 @@ diff -up openssl-1.1.1a/crypto/fips/fips.c.fips-post-rand openssl-1.1.1a/crypto/
|
|||||||
ret = 1;
|
ret = 1;
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
diff -up openssl-1.1.1a/crypto/include/internal/fips_int.h.fips-post-rand openssl-1.1.1a/crypto/include/internal/fips_int.h
|
diff -up openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand openssl-1.1.1c/crypto/include/internal/fips_int.h
|
||||||
--- openssl-1.1.1a/crypto/include/internal/fips_int.h.fips-post-rand 2019-01-15 14:14:07.821360489 +0100
|
--- openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand 2019-05-29 15:53:56.337215844 +0200
|
||||||
+++ openssl-1.1.1a/crypto/include/internal/fips_int.h 2019-01-15 14:14:07.838360173 +0100
|
+++ openssl-1.1.1c/crypto/include/internal/fips_int.h 2019-05-29 15:53:56.359215457 +0200
|
||||||
@@ -76,6 +76,8 @@ int FIPS_selftest_hmac(void);
|
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
|
||||||
int FIPS_selftest_drbg(void);
|
int FIPS_selftest_drbg(void);
|
||||||
int FIPS_selftest_cmac(void);
|
int FIPS_selftest_cmac(void);
|
||||||
|
|
||||||
@ -63,9 +63,9 @@ diff -up openssl-1.1.1a/crypto/include/internal/fips_int.h.fips-post-rand openss
|
|||||||
int fips_pkey_signature_test(EVP_PKEY *pkey,
|
int fips_pkey_signature_test(EVP_PKEY *pkey,
|
||||||
const unsigned char *tbs, int tbslen,
|
const unsigned char *tbs, int tbslen,
|
||||||
const unsigned char *kat,
|
const unsigned char *kat,
|
||||||
diff -up openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1a/crypto/rand/rand_unix.c
|
diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/crypto/rand/rand_unix.c
|
||||||
--- openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand 2018-11-20 14:35:38.000000000 +0100
|
--- openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand 2019-05-28 15:12:21.000000000 +0200
|
||||||
+++ openssl-1.1.1a/crypto/rand/rand_unix.c 2019-01-15 14:17:22.416748544 +0100
|
+++ openssl-1.1.1c/crypto/rand/rand_unix.c 2019-05-29 16:54:16.471391802 +0200
|
||||||
@@ -16,10 +16,12 @@
|
@@ -16,10 +16,12 @@
|
||||||
#include <openssl/rand.h>
|
#include <openssl/rand.h>
|
||||||
#include "rand_lcl.h"
|
#include "rand_lcl.h"
|
||||||
@ -74,12 +74,13 @@ diff -up openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1a/cr
|
|||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include "internal/dso.h"
|
#include "internal/dso.h"
|
||||||
#if defined(__linux)
|
#if defined(__linux)
|
||||||
# include <sys/syscall.h>
|
-# include <asm/unistd.h>
|
||||||
|
+# include <sys/syscall.h>
|
||||||
+# include <sys/random.h>
|
+# include <sys/random.h>
|
||||||
#endif
|
#endif
|
||||||
#if defined(__FreeBSD__)
|
#if defined(__FreeBSD__)
|
||||||
# include <sys/types.h>
|
# include <sys/types.h>
|
||||||
@@ -258,7 +260,7 @@ static ssize_t sysctl_random(char *buf,
|
@@ -279,7 +281,7 @@ static ssize_t sysctl_random(char *buf,
|
||||||
* syscall_random(): Try to get random data using a system call
|
* syscall_random(): Try to get random data using a system call
|
||||||
* returns the number of bytes returned in buf, or < 0 on error.
|
* returns the number of bytes returned in buf, or < 0 on error.
|
||||||
*/
|
*/
|
||||||
@ -88,7 +89,7 @@ diff -up openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1a/cr
|
|||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* Note: 'buflen' equals the size of the buffer which is used by the
|
* Note: 'buflen' equals the size of the buffer which is used by the
|
||||||
@@ -280,6 +282,7 @@ static ssize_t syscall_random(void *buf,
|
@@ -301,6 +303,7 @@ static ssize_t syscall_random(void *buf,
|
||||||
* - Linux since 3.17 with glibc 2.25
|
* - Linux since 3.17 with glibc 2.25
|
||||||
* - FreeBSD since 12.0 (1200061)
|
* - FreeBSD since 12.0 (1200061)
|
||||||
*/
|
*/
|
||||||
@ -96,20 +97,21 @@ diff -up openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1a/cr
|
|||||||
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
|
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
|
||||||
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
|
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
|
||||||
|
|
||||||
@@ -301,10 +304,10 @@ static ssize_t syscall_random(void *buf,
|
@@ -322,10 +325,10 @@ static ssize_t syscall_random(void *buf,
|
||||||
if (p_getentropy.p != NULL)
|
if (p_getentropy.p != NULL)
|
||||||
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
||||||
# endif
|
# endif
|
||||||
-
|
-
|
||||||
+# endif
|
+# endif
|
||||||
/* Linux supports this since version 3.17 */
|
/* Linux supports this since version 3.17 */
|
||||||
# if defined(__linux) && defined(SYS_getrandom)
|
-# if defined(__linux) && defined(__NR_getrandom)
|
||||||
- return syscall(SYS_getrandom, buf, buflen, 0);
|
- return syscall(__NR_getrandom, buf, buflen, 0);
|
||||||
|
+# if defined(__linux) && defined(SYS_getrandom)
|
||||||
+ return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
|
+ return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
|
||||||
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
||||||
return sysctl_random(buf, buflen);
|
return sysctl_random(buf, buflen);
|
||||||
# else
|
# else
|
||||||
@@ -454,8 +457,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
@@ -475,8 +478,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||||
size_t bytes_needed;
|
size_t bytes_needed;
|
||||||
size_t entropy_available = 0;
|
size_t entropy_available = 0;
|
||||||
unsigned char *buffer;
|
unsigned char *buffer;
|
||||||
@ -121,7 +123,7 @@ diff -up openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1a/cr
|
|||||||
{
|
{
|
||||||
ssize_t bytes;
|
ssize_t bytes;
|
||||||
/* Maximum allowed number of consecutive unsuccessful attempts */
|
/* Maximum allowed number of consecutive unsuccessful attempts */
|
||||||
@@ -464,7 +469,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
@@ -485,7 +490,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||||
while (bytes_needed != 0 && attempts-- > 0) {
|
while (bytes_needed != 0 && attempts-- > 0) {
|
||||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||||
@ -130,7 +132,7 @@ diff -up openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1a/cr
|
|||||||
if (bytes > 0) {
|
if (bytes > 0) {
|
||||||
rand_pool_add_end(pool, bytes, 8 * bytes);
|
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||||
bytes_needed -= bytes;
|
bytes_needed -= bytes;
|
||||||
@@ -496,8 +501,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
@@ -540,8 +545,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||||
int attempts = 3;
|
int attempts = 3;
|
||||||
const int fd = get_random_device(i);
|
const int fd = get_random_device(i);
|
||||||
|
|
||||||
@ -142,7 +144,7 @@ diff -up openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1a/cr
|
|||||||
|
|
||||||
while (bytes_needed != 0 && attempts-- > 0) {
|
while (bytes_needed != 0 && attempts-- > 0) {
|
||||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||||
@@ -557,7 +564,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
@@ -601,7 +608,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# endif
|
# endif
|
||||||
|
@ -1,3 +1,15 @@
|
|||||||
|
diff -up openssl-1.1.1b/apps/pkcs12.c.fips openssl-1.1.1b/apps/pkcs12.c
|
||||||
|
--- openssl-1.1.1b/apps/pkcs12.c.fips 2019-02-26 15:15:30.000000000 +0100
|
||||||
|
+++ openssl-1.1.1b/apps/pkcs12.c 2019-05-24 12:08:40.524523735 +0200
|
||||||
|
@@ -126,7 +126,7 @@ int pkcs12_main(int argc, char **argv)
|
||||||
|
int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
|
||||||
|
int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
|
||||||
|
# ifndef OPENSSL_NO_RC2
|
||||||
|
- int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
|
||||||
|
+ int cert_pbe = FIPS_mode() ? NID_pbe_WithSHA1And3_Key_TripleDES_CBC : NID_pbe_WithSHA1And40BitRC2_CBC;
|
||||||
|
# else
|
||||||
|
int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
|
||||||
|
# endif
|
||||||
diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c
|
diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c
|
||||||
--- openssl-1.1.1b/apps/speed.c.fips 2019-05-07 11:52:35.887597899 +0200
|
--- openssl-1.1.1b/apps/speed.c.fips 2019-05-07 11:52:35.887597899 +0200
|
||||||
+++ openssl-1.1.1b/apps/speed.c 2019-05-07 16:51:36.946350159 +0200
|
+++ openssl-1.1.1b/apps/speed.c 2019-05-07 16:51:36.946350159 +0200
|
||||||
@ -985,9 +997,9 @@ diff -up openssl-1.1.1b/crypto/evp/c_alld.c.fips openssl-1.1.1b/crypto/evp/c_all
|
|||||||
+ }
|
+ }
|
||||||
+#endif
|
+#endif
|
||||||
}
|
}
|
||||||
diff -up openssl-1.1.1b/crypto/evp/digest.c.fips openssl-1.1.1b/crypto/evp/digest.c
|
diff -up openssl-1.1.1c/crypto/evp/digest.c.fips openssl-1.1.1c/crypto/evp/digest.c
|
||||||
--- openssl-1.1.1b/crypto/evp/digest.c.fips 2019-02-26 15:15:30.000000000 +0100
|
--- openssl-1.1.1c/crypto/evp/digest.c.fips 2019-05-28 15:12:21.000000000 +0200
|
||||||
+++ openssl-1.1.1b/crypto/evp/digest.c 2019-02-28 11:30:06.803745726 +0100
|
+++ openssl-1.1.1c/crypto/evp/digest.c 2019-05-29 15:47:59.220499971 +0200
|
||||||
@@ -14,6 +14,9 @@
|
@@ -14,6 +14,9 @@
|
||||||
#include <openssl/engine.h>
|
#include <openssl/engine.h>
|
||||||
#include "internal/evp_int.h"
|
#include "internal/evp_int.h"
|
||||||
@ -1027,17 +1039,18 @@ diff -up openssl-1.1.1b/crypto/evp/digest.c.fips openssl-1.1.1b/crypto/evp/diges
|
|||||||
if (ctx->digest && ctx->digest->ctx_size) {
|
if (ctx->digest && ctx->digest->ctx_size) {
|
||||||
OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
|
OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
|
||||||
ctx->md_data = NULL;
|
ctx->md_data = NULL;
|
||||||
@@ -150,6 +168,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
|
@@ -150,6 +168,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
|
||||||
|
|
||||||
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
|
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
|
||||||
{
|
{
|
||||||
+#ifdef OPENSSL_FIPS
|
+#ifdef OPENSSL_FIPS
|
||||||
+ FIPS_selftest_check();
|
+ FIPS_selftest_check();
|
||||||
+#endif
|
+#endif
|
||||||
return ctx->update(ctx, data, count);
|
+
|
||||||
}
|
if (count == 0)
|
||||||
|
return 1;
|
||||||
|
|
||||||
@@ -167,6 +188,9 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,
|
@@ -170,6 +192,9 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
@ -9869,11 +9882,11 @@ diff -up openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1b/c
|
|||||||
+#endif
|
+#endif
|
||||||
+ return 0;
|
+ return 0;
|
||||||
+}
|
+}
|
||||||
diff -up openssl-1.1.1b/crypto/hmac/hmac.c.fips openssl-1.1.1b/crypto/hmac/hmac.c
|
diff -up openssl-1.1.1c/crypto/hmac/hmac.c.fips openssl-1.1.1c/crypto/hmac/hmac.c
|
||||||
--- openssl-1.1.1b/crypto/hmac/hmac.c.fips 2019-02-26 15:15:30.000000000 +0100
|
--- openssl-1.1.1c/crypto/hmac/hmac.c.fips 2019-05-29 15:46:19.138261106 +0200
|
||||||
+++ openssl-1.1.1b/crypto/hmac/hmac.c 2019-02-28 11:30:06.817745466 +0100
|
+++ openssl-1.1.1c/crypto/hmac/hmac.c 2019-05-29 15:49:09.508263133 +0200
|
||||||
@@ -36,6 +36,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
|
@@ -43,6 +43,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
|
||||||
}
|
return 0;
|
||||||
|
|
||||||
if (key != NULL) {
|
if (key != NULL) {
|
||||||
+#ifdef OPENSSL_FIPS
|
+#ifdef OPENSSL_FIPS
|
||||||
@ -11756,13 +11769,13 @@ diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1
|
|||||||
|
|
||||||
Cipher = aes-128-xts
|
Cipher = aes-128-xts
|
||||||
Key = 1111111111111111111111111111111122222222222222222222222222222222
|
Key = 1111111111111111111111111111111122222222222222222222222222222222
|
||||||
diff -up openssl-1.1.1b/util/libcrypto.num.fips openssl-1.1.1b/util/libcrypto.num
|
diff -up openssl-1.1.1c/util/libcrypto.num.fips openssl-1.1.1c/util/libcrypto.num
|
||||||
--- openssl-1.1.1b/util/libcrypto.num.fips 2019-02-28 11:30:06.824745335 +0100
|
--- openssl-1.1.1c/util/libcrypto.num.fips 2019-05-29 15:46:19.154260824 +0200
|
||||||
+++ openssl-1.1.1b/util/libcrypto.num 2019-02-28 11:33:54.284516991 +0100
|
+++ openssl-1.1.1c/util/libcrypto.num 2019-05-29 15:50:10.390191805 +0200
|
||||||
@@ -4579,3 +4579,38 @@ EVP_PKEY_meth_set_digest_custom
|
@@ -4580,3 +4580,38 @@ EVP_PKEY_meth_get_digest_custom
|
||||||
EVP_PKEY_meth_get_digest_custom 4533 1_1_1 EXIST::FUNCTION:
|
|
||||||
OPENSSL_INIT_set_config_filename 4534 1_1_1b EXIST::FUNCTION:STDIO
|
OPENSSL_INIT_set_config_filename 4534 1_1_1b EXIST::FUNCTION:STDIO
|
||||||
OPENSSL_INIT_set_config_file_flags 4535 1_1_1b EXIST::FUNCTION:STDIO
|
OPENSSL_INIT_set_config_file_flags 4535 1_1_1b EXIST::FUNCTION:STDIO
|
||||||
|
EVP_PKEY_get0_engine 4536 1_1_1c EXIST::FUNCTION:ENGINE
|
||||||
+FIPS_drbg_reseed 6348 1_1_0g EXIST::FUNCTION:
|
+FIPS_drbg_reseed 6348 1_1_0g EXIST::FUNCTION:
|
||||||
+FIPS_selftest_check 6349 1_1_0g EXIST::FUNCTION:
|
+FIPS_selftest_check 6349 1_1_0g EXIST::FUNCTION:
|
||||||
+FIPS_rand_set_method 6350 1_1_0g EXIST::FUNCTION:
|
+FIPS_rand_set_method 6350 1_1_0g EXIST::FUNCTION:
|
||||||
|
@ -14,24 +14,3 @@ diff -up openssl-1.1.1b/crypto/conf/conf_lib.c.regression openssl-1.1.1b/crypto/
|
|||||||
ret->flags = DEFAULT_CONF_MFLAGS;
|
ret->flags = DEFAULT_CONF_MFLAGS;
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
diff -up openssl-1.1.1b/crypto/evp/evp_enc.c.regression openssl-1.1.1b/crypto/evp/evp_enc.c
|
|
||||||
--- openssl-1.1.1b/crypto/evp/evp_enc.c.regression 2019-05-07 11:52:35.982596242 +0200
|
|
||||||
+++ openssl-1.1.1b/crypto/evp/evp_enc.c 2019-05-10 14:30:42.269243383 +0200
|
|
||||||
@@ -338,7 +338,7 @@ static int evp_EncryptDecryptUpdate(EVP_
|
|
||||||
|
|
||||||
bl = ctx->cipher->block_size;
|
|
||||||
|
|
||||||
- if (inl <= 0) {
|
|
||||||
+ if (out != NULL && in == NULL && inl <= 0) {
|
|
||||||
*outl = 0;
|
|
||||||
return inl == 0;
|
|
||||||
}
|
|
||||||
@@ -491,7 +491,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ct
|
|
||||||
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
|
|
||||||
cmpl = (cmpl + 7) / 8;
|
|
||||||
|
|
||||||
- if (inl <= 0) {
|
|
||||||
+ if (out != NULL && in == NULL && inl <= 0) {
|
|
||||||
*outl = 0;
|
|
||||||
return inl == 0;
|
|
||||||
}
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.1.1-pre9/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.1-pre9/Configurations/unix-Makefile.tmpl
|
diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.1c/Configurations/unix-Makefile.tmpl
|
||||||
--- openssl-1.1.1-pre9/Configurations/unix-Makefile.tmpl.system-cipherlist 2018-08-22 12:15:54.520742678 +0200
|
--- openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist 2019-05-29 15:42:27.951329271 +0200
|
||||||
+++ openssl-1.1.1-pre9/Configurations/unix-Makefile.tmpl 2018-08-22 12:15:54.554743511 +0200
|
+++ openssl-1.1.1c/Configurations/unix-Makefile.tmpl 2019-05-29 15:42:27.974328867 +0200
|
||||||
@@ -180,6 +180,10 @@ MANDIR=$(INSTALLTOP)/share/man
|
@@ -180,6 +180,10 @@ MANDIR=$(INSTALLTOP)/share/man
|
||||||
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
|
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
|
||||||
HTMLDIR=$(DOCDIR)/html
|
HTMLDIR=$(DOCDIR)/html
|
||||||
@ -20,15 +20,15 @@ diff -up openssl-1.1.1-pre9/Configurations/unix-Makefile.tmpl.system-cipherlist
|
|||||||
(map { "-I".$_} @{$config{CPPINCLUDES}}),
|
(map { "-I".$_} @{$config{CPPINCLUDES}}),
|
||||||
@{$config{CPPFLAGS}}) -}
|
@{$config{CPPFLAGS}}) -}
|
||||||
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
|
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
|
||||||
diff -up openssl-1.1.1-pre9/Configure.system-cipherlist openssl-1.1.1-pre9/Configure
|
diff -up openssl-1.1.1c/Configure.system-cipherlist openssl-1.1.1c/Configure
|
||||||
--- openssl-1.1.1-pre9/Configure.system-cipherlist 2018-08-21 14:14:11.000000000 +0200
|
--- openssl-1.1.1c/Configure.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||||
+++ openssl-1.1.1-pre9/Configure 2018-08-22 12:16:46.600018343 +0200
|
+++ openssl-1.1.1c/Configure 2019-05-29 15:45:10.465469533 +0200
|
||||||
@@ -24,7 +24,7 @@ use OpenSSL::Glob;
|
@@ -24,7 +24,7 @@ use OpenSSL::Glob;
|
||||||
my $orig_death_handler = $SIG{__DIE__};
|
my $orig_death_handler = $SIG{__DIE__};
|
||||||
$SIG{__DIE__} = \&death_handler;
|
$SIG{__DIE__} = \&death_handler;
|
||||||
|
|
||||||
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||||
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||||
|
|
||||||
# Options:
|
# Options:
|
||||||
#
|
#
|
||||||
@ -50,18 +50,18 @@ diff -up openssl-1.1.1-pre9/Configure.system-cipherlist openssl-1.1.1-pre9/Confi
|
|||||||
my $auto_threads=1; # enable threads automatically? true by default
|
my $auto_threads=1; # enable threads automatically? true by default
|
||||||
my $default_ranlib;
|
my $default_ranlib;
|
||||||
|
|
||||||
@@ -817,6 +821,10 @@ while (@argvcopy)
|
@@ -824,6 +828,10 @@ while (@argvcopy)
|
||||||
push @seed_sources, $x;
|
push @seed_sources, $x;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
+ elsif (/^--system-ciphers-file=(.*)$/)
|
+ elsif (/^--system-ciphers-file=(.*)$/)
|
||||||
+ {
|
+ {
|
||||||
+ $config{system_ciphers_file}=$1;
|
+ $config{system_ciphers_file}=$1;
|
||||||
+ }
|
+ }
|
||||||
elsif (/^--cross-compile-prefix=(.*)$/)
|
elsif (/^--cross-compile-prefix=(.*)$/)
|
||||||
{
|
{
|
||||||
$user{CROSS_COMPILE}=$1;
|
$user{CROSS_COMPILE}=$1;
|
||||||
@@ -1003,6 +1011,8 @@ if ($target eq "HASH") {
|
@@ -1016,6 +1024,8 @@ if ($target eq "HASH") {
|
||||||
exit 0;
|
exit 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -70,9 +70,9 @@ diff -up openssl-1.1.1-pre9/Configure.system-cipherlist openssl-1.1.1-pre9/Confi
|
|||||||
print "Configuring OpenSSL version $config{version} ($config{version_num}) ";
|
print "Configuring OpenSSL version $config{version} ($config{version_num}) ";
|
||||||
print "for $target\n";
|
print "for $target\n";
|
||||||
|
|
||||||
diff -up openssl-1.1.1-pre9/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1-pre9/doc/man1/ciphers.pod
|
diff -up openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1c/doc/man1/ciphers.pod
|
||||||
--- openssl-1.1.1-pre9/doc/man1/ciphers.pod.system-cipherlist 2018-08-21 14:14:13.000000000 +0200
|
--- openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||||
+++ openssl-1.1.1-pre9/doc/man1/ciphers.pod 2018-08-22 12:15:54.555743536 +0200
|
+++ openssl-1.1.1c/doc/man1/ciphers.pod 2019-05-29 15:42:27.975328849 +0200
|
||||||
@@ -182,6 +182,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
|
@@ -182,6 +182,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
|
||||||
|
|
||||||
The cipher suites not enabled by B<ALL>, currently B<eNULL>.
|
The cipher suites not enabled by B<ALL>, currently B<eNULL>.
|
||||||
@ -89,9 +89,9 @@ diff -up openssl-1.1.1-pre9/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1
|
|||||||
=item B<HIGH>
|
=item B<HIGH>
|
||||||
|
|
||||||
"High" encryption cipher suites. This currently means those with key lengths
|
"High" encryption cipher suites. This currently means those with key lengths
|
||||||
diff -up openssl-1.1.1-pre9/include/openssl/ssl.h.system-cipherlist openssl-1.1.1-pre9/include/openssl/ssl.h
|
diff -up openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist openssl-1.1.1c/include/openssl/ssl.h
|
||||||
--- openssl-1.1.1-pre9/include/openssl/ssl.h.system-cipherlist 2018-08-21 14:14:15.000000000 +0200
|
--- openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||||
+++ openssl-1.1.1-pre9/include/openssl/ssl.h 2018-08-22 12:15:54.557743585 +0200
|
+++ openssl-1.1.1c/include/openssl/ssl.h 2019-05-29 15:42:27.975328849 +0200
|
||||||
@@ -186,6 +186,11 @@ extern "C" {
|
@@ -186,6 +186,11 @@ extern "C" {
|
||||||
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
|
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
|
||||||
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
|
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
|
||||||
@ -104,9 +104,9 @@ diff -up openssl-1.1.1-pre9/include/openssl/ssl.h.system-cipherlist openssl-1.1.
|
|||||||
|
|
||||||
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
|
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
|
||||||
# define SSL_SENT_SHUTDOWN 1
|
# define SSL_SENT_SHUTDOWN 1
|
||||||
diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/ssl/ssl_ciph.c
|
diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ciph.c
|
||||||
--- openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist 2018-08-21 14:14:15.000000000 +0200
|
--- openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||||
+++ openssl-1.1.1-pre9/ssl/ssl_ciph.c 2018-08-22 12:15:54.557743585 +0200
|
+++ openssl-1.1.1c/ssl/ssl_ciph.c 2019-05-29 15:42:27.976328831 +0200
|
||||||
@@ -9,6 +9,8 @@
|
@@ -9,6 +9,8 @@
|
||||||
* https://www.openssl.org/source/license.html
|
* https://www.openssl.org/source/license.html
|
||||||
*/
|
*/
|
||||||
@ -116,7 +116,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
|||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
#include <openssl/objects.h>
|
#include <openssl/objects.h>
|
||||||
@@ -1397,6 +1399,53 @@ int SSL_set_ciphersuites(SSL *s, const c
|
@@ -1399,6 +1401,53 @@ int SSL_set_ciphersuites(SSL *s, const c
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -170,7 +170,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
|||||||
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||||
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
|
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
|
||||||
STACK_OF(SSL_CIPHER) **cipher_list,
|
STACK_OF(SSL_CIPHER) **cipher_list,
|
||||||
@@ -1410,15 +1459,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
@@ -1412,15 +1461,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||||
const char *rule_p;
|
const char *rule_p;
|
||||||
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
|
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
|
||||||
const SSL_CIPHER **ca_list = NULL;
|
const SSL_CIPHER **ca_list = NULL;
|
||||||
@ -198,7 +198,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -1441,7 +1500,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
@@ -1443,7 +1502,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||||
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
|
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
|
||||||
if (co_list == NULL) {
|
if (co_list == NULL) {
|
||||||
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
|
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
|
||||||
@ -207,7 +207,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
|||||||
}
|
}
|
||||||
|
|
||||||
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
|
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
|
||||||
@@ -1507,8 +1566,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
@@ -1509,8 +1568,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||||
* in force within each class
|
* in force within each class
|
||||||
*/
|
*/
|
||||||
if (!ssl_cipher_strength_sort(&head, &tail)) {
|
if (!ssl_cipher_strength_sort(&head, &tail)) {
|
||||||
@ -217,7 +217,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -1553,9 +1611,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
@@ -1555,9 +1613,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||||
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
|
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
|
||||||
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
|
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
|
||||||
if (ca_list == NULL) {
|
if (ca_list == NULL) {
|
||||||
@ -228,7 +228,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
|||||||
}
|
}
|
||||||
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
|
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
|
||||||
disabled_mkey, disabled_auth, disabled_enc,
|
disabled_mkey, disabled_auth, disabled_enc,
|
||||||
@@ -1581,8 +1638,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
@@ -1583,8 +1640,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||||
OPENSSL_free(ca_list); /* Not needed anymore */
|
OPENSSL_free(ca_list); /* Not needed anymore */
|
||||||
|
|
||||||
if (!ok) { /* Rule processing failure */
|
if (!ok) { /* Rule processing failure */
|
||||||
@ -238,7 +238,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -1590,14 +1646,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
@@ -1592,14 +1648,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||||
* if we cannot get one.
|
* if we cannot get one.
|
||||||
*/
|
*/
|
||||||
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
|
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
|
||||||
@ -259,7 +259,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
|||||||
sk_SSL_CIPHER_free(cipherstack);
|
sk_SSL_CIPHER_free(cipherstack);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@@ -1629,6 +1689,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||||
*cipher_list = cipherstack;
|
*cipher_list = cipherstack;
|
||||||
|
|
||||||
return cipherstack;
|
return cipherstack;
|
||||||
@ -274,10 +274,10 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
|||||||
}
|
}
|
||||||
|
|
||||||
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||||
diff -up openssl-1.1.1-pre9/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1-pre9/ssl/ssl_lib.c
|
diff -up openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1c/ssl/ssl_lib.c
|
||||||
--- openssl-1.1.1-pre9/ssl/ssl_lib.c.system-cipherlist 2018-08-22 12:15:54.552743462 +0200
|
--- openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist 2019-05-29 15:42:27.970328937 +0200
|
||||||
+++ openssl-1.1.1-pre9/ssl/ssl_lib.c 2018-08-22 12:15:54.558743609 +0200
|
+++ openssl-1.1.1c/ssl/ssl_lib.c 2019-05-29 15:42:27.977328814 +0200
|
||||||
@@ -658,7 +658,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
|
@@ -662,7 +662,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
|
||||||
ctx->tls13_ciphersuites,
|
ctx->tls13_ciphersuites,
|
||||||
&(ctx->cipher_list),
|
&(ctx->cipher_list),
|
||||||
&(ctx->cipher_list_by_id),
|
&(ctx->cipher_list_by_id),
|
||||||
@ -286,7 +286,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1-pre9/s
|
|||||||
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
|
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
|
||||||
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
|
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
|
||||||
return 0;
|
return 0;
|
||||||
@@ -2933,7 +2933,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
|
@@ -2954,7 +2954,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
|
||||||
if (!ssl_create_cipher_list(ret->method,
|
if (!ssl_create_cipher_list(ret->method,
|
||||||
ret->tls13_ciphersuites,
|
ret->tls13_ciphersuites,
|
||||||
&ret->cipher_list, &ret->cipher_list_by_id,
|
&ret->cipher_list, &ret->cipher_list_by_id,
|
||||||
@ -295,9 +295,9 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1-pre9/s
|
|||||||
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
|
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
|
||||||
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
|
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
|
||||||
goto err2;
|
goto err2;
|
||||||
diff -up openssl-1.1.1b/test/cipherlist_test.c.system-cipherlist openssl-1.1.1b/test/cipherlist_test.c
|
diff -up openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist openssl-1.1.1c/test/cipherlist_test.c
|
||||||
--- openssl-1.1.1b/test/cipherlist_test.c.system-cipherlist 2019-02-28 11:27:15.181936081 +0100
|
--- openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||||
+++ openssl-1.1.1b/test/cipherlist_test.c 2019-02-28 11:28:53.357111055 +0100
|
+++ openssl-1.1.1c/test/cipherlist_test.c 2019-05-29 15:42:27.977328814 +0200
|
||||||
@@ -251,7 +251,9 @@ end:
|
@@ -251,7 +251,9 @@ end:
|
||||||
|
|
||||||
int setup_tests(void)
|
int setup_tests(void)
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -1,12 +1,12 @@
|
|||||||
diff -up openssl-1.1.1b/include/openssl/opensslv.h.version-override openssl-1.1.1b/include/openssl/opensslv.h
|
diff -up openssl-1.1.1c/include/openssl/opensslv.h.version-override openssl-1.1.1c/include/openssl/opensslv.h
|
||||||
--- openssl-1.1.1b/include/openssl/opensslv.h.version-override 2019-02-28 11:34:56.427361796 +0100
|
--- openssl-1.1.1c/include/openssl/opensslv.h.version-override 2019-05-29 15:52:30.014734859 +0200
|
||||||
+++ openssl-1.1.1b/include/openssl/opensslv.h 2019-02-28 11:35:40.487542747 +0100
|
+++ openssl-1.1.1c/include/openssl/opensslv.h 2019-05-29 15:53:23.093800831 +0200
|
||||||
@@ -40,7 +40,7 @@ extern "C" {
|
@@ -40,7 +40,7 @@ extern "C" {
|
||||||
* major minor fix final patch/beta)
|
* major minor fix final patch/beta)
|
||||||
*/
|
*/
|
||||||
# define OPENSSL_VERSION_NUMBER 0x1010102fL
|
# define OPENSSL_VERSION_NUMBER 0x1010103fL
|
||||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1b 26 Feb 2019"
|
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1c 28 May 2019"
|
||||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1b FIPS 26 Feb 2019"
|
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1c FIPS 28 May 2019"
|
||||||
|
|
||||||
/*-
|
/*-
|
||||||
* The macros below are to be used for shared library (.so, .dll, ...)
|
* The macros below are to be used for shared library (.so, .dll, ...)
|
||||||
|
@ -21,8 +21,8 @@
|
|||||||
|
|
||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.1.1b
|
Version: 1.1.1c
|
||||||
Release: 10%{?dist}
|
Release: 1%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -454,6 +454,9 @@ export LD_LIBRARY_PATH
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed May 29 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-1
|
||||||
|
- update to the 1.1.1c release
|
||||||
|
|
||||||
* Fri May 10 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-10
|
* Fri May 10 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-10
|
||||||
- Another attempt at the AES-CCM regression fix
|
- Another attempt at the AES-CCM regression fix
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (openssl-1.1.1b-hobbled.tar.xz) = 8055b19bfeec41fe0607c04d468d2f16a1e5fe02642c8deb67b00878be7e28ab266d13da41b9576800cba0b9448253f26f72ab8889d666f5d23103648f80bea1
|
SHA512 (openssl-1.1.1c-hobbled.tar.xz) = e6476209366d284bd02dca7e59a7ba2562aa7c58c91f0063b1e2b0f1a7f96fcff000e26d9c6f59b944e047b3305d237ed442f702ddd2e8c6c7a4d5b12e23c8db
|
||||||
|
Loading…
Reference in New Issue
Block a user