update to the 1.1.1c release
This commit is contained in:
parent
b3060e5f2d
commit
31d61b19d5
1
.gitignore
vendored
1
.gitignore
vendored
@ -43,3 +43,4 @@ openssl-1.0.0a-usa.tar.bz2
|
||||
/openssl-1.1.1-hobbled.tar.xz
|
||||
/openssl-1.1.1a-hobbled.tar.xz
|
||||
/openssl-1.1.1b-hobbled.tar.xz
|
||||
/openssl-1.1.1c-hobbled.tar.xz
|
||||
|
72
ectest.c
72
ectest.c
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
@ -728,6 +728,75 @@ err:
|
||||
BN_CTX_free(ctx);
|
||||
return r;
|
||||
}
|
||||
|
||||
/*
|
||||
* Tests a point known to cause an incorrect underflow in an old version of
|
||||
* ecp_nist521.c
|
||||
*/
|
||||
static int underflow_test(void)
|
||||
{
|
||||
BN_CTX *ctx = NULL;
|
||||
EC_GROUP *grp = NULL;
|
||||
EC_POINT *P = NULL, *Q = NULL, *R = NULL;
|
||||
BIGNUM *x1 = NULL, *y1 = NULL, *z1 = NULL, *x2 = NULL, *y2 = NULL;
|
||||
BIGNUM *k = NULL;
|
||||
int testresult = 0;
|
||||
const char *x1str =
|
||||
"1534f0077fffffe87e9adcfe000000000000000000003e05a21d2400002e031b1f4"
|
||||
"b80000c6fafa4f3c1288798d624a247b5e2ffffffffffffffefe099241900004";
|
||||
const char *p521m1 =
|
||||
"1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
|
||||
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe";
|
||||
|
||||
ctx = BN_CTX_new();
|
||||
if (!TEST_ptr(ctx))
|
||||
return 0;
|
||||
|
||||
BN_CTX_start(ctx);
|
||||
x1 = BN_CTX_get(ctx);
|
||||
y1 = BN_CTX_get(ctx);
|
||||
z1 = BN_CTX_get(ctx);
|
||||
x2 = BN_CTX_get(ctx);
|
||||
y2 = BN_CTX_get(ctx);
|
||||
k = BN_CTX_get(ctx);
|
||||
if (!TEST_ptr(k))
|
||||
goto err;
|
||||
|
||||
grp = EC_GROUP_new_by_curve_name(NID_secp521r1);
|
||||
P = EC_POINT_new(grp);
|
||||
Q = EC_POINT_new(grp);
|
||||
R = EC_POINT_new(grp);
|
||||
if (!TEST_ptr(grp) || !TEST_ptr(P) || !TEST_ptr(Q) || !TEST_ptr(R))
|
||||
goto err;
|
||||
|
||||
if (!TEST_int_gt(BN_hex2bn(&x1, x1str), 0)
|
||||
|| !TEST_int_gt(BN_hex2bn(&y1, p521m1), 0)
|
||||
|| !TEST_int_gt(BN_hex2bn(&z1, p521m1), 0)
|
||||
|| !TEST_int_gt(BN_hex2bn(&k, "02"), 0)
|
||||
|| !TEST_true(EC_POINT_set_Jprojective_coordinates_GFp(grp, P, x1,
|
||||
y1, z1, ctx))
|
||||
|| !TEST_true(EC_POINT_mul(grp, Q, NULL, P, k, ctx))
|
||||
|| !TEST_true(EC_POINT_get_affine_coordinates(grp, Q, x1, y1, ctx))
|
||||
|| !TEST_true(EC_POINT_dbl(grp, R, P, ctx))
|
||||
|| !TEST_true(EC_POINT_get_affine_coordinates(grp, R, x2, y2, ctx)))
|
||||
goto err;
|
||||
|
||||
if (!TEST_int_eq(BN_cmp(x1, x2), 0)
|
||||
|| !TEST_int_eq(BN_cmp(y1, y2), 0))
|
||||
goto err;
|
||||
|
||||
testresult = 1;
|
||||
|
||||
err:
|
||||
BN_CTX_end(ctx);
|
||||
EC_POINT_free(P);
|
||||
EC_POINT_free(Q);
|
||||
EC_POINT_free(R);
|
||||
EC_GROUP_free(grp);
|
||||
BN_CTX_free(ctx);
|
||||
|
||||
return testresult;
|
||||
}
|
||||
# endif
|
||||
|
||||
static const unsigned char p521_named[] = {
|
||||
@ -835,6 +904,7 @@ int setup_tests(void)
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
ADD_ALL_TESTS(nistp_single_test, OSSL_NELEM(nistp_tests_params));
|
||||
ADD_TEST(underflow_test);
|
||||
# endif
|
||||
ADD_ALL_TESTS(internal_curve_test, crv_len);
|
||||
ADD_ALL_TESTS(internal_curve_test_method, crv_len);
|
||||
|
@ -1,40 +1,38 @@
|
||||
diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
||||
--- openssl-1.1.1b/apps/speed.c.curves 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/apps/speed.c 2019-02-28 11:20:42.347170167 +0100
|
||||
@@ -489,82 +489,28 @@ static const OPT_PAIR rsa_choices[] = {
|
||||
static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
|
||||
diff -up openssl-1.1.1c/apps/speed.c.curves openssl-1.1.1c/apps/speed.c
|
||||
--- openssl-1.1.1c/apps/speed.c.curves 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/apps/speed.c 2019-05-29 15:36:53.332224470 +0200
|
||||
@@ -490,90 +490,30 @@ static double rsa_results[RSA_NUM][2];
|
||||
#endif /* OPENSSL_NO_RSA */
|
||||
|
||||
-#define R_EC_P160 0
|
||||
-#define R_EC_P192 1
|
||||
-#define R_EC_P224 2
|
||||
-#define R_EC_P256 3
|
||||
-#define R_EC_P384 4
|
||||
-#define R_EC_P521 5
|
||||
-#define R_EC_K163 6
|
||||
-#define R_EC_K233 7
|
||||
-#define R_EC_K283 8
|
||||
-#define R_EC_K409 9
|
||||
-#define R_EC_K571 10
|
||||
-#define R_EC_B163 11
|
||||
-#define R_EC_B233 12
|
||||
-#define R_EC_B283 13
|
||||
-#define R_EC_B409 14
|
||||
-#define R_EC_B571 15
|
||||
-#define R_EC_BRP256R1 16
|
||||
-#define R_EC_BRP256T1 17
|
||||
-#define R_EC_BRP384R1 18
|
||||
-#define R_EC_BRP384T1 19
|
||||
-#define R_EC_BRP512R1 20
|
||||
-#define R_EC_BRP512T1 21
|
||||
-#define R_EC_X25519 22
|
||||
-#define R_EC_X448 23
|
||||
+#define R_EC_P224 0
|
||||
+#define R_EC_P256 1
|
||||
+#define R_EC_P384 2
|
||||
+#define R_EC_P521 3
|
||||
+#define R_EC_X25519 4
|
||||
+#define R_EC_X448 5
|
||||
enum {
|
||||
- R_EC_P160,
|
||||
- R_EC_P192,
|
||||
R_EC_P224,
|
||||
R_EC_P256,
|
||||
R_EC_P384,
|
||||
R_EC_P521,
|
||||
-#ifndef OPENSSL_NO_EC2M
|
||||
- R_EC_K163,
|
||||
- R_EC_K233,
|
||||
- R_EC_K283,
|
||||
- R_EC_K409,
|
||||
- R_EC_K571,
|
||||
- R_EC_B163,
|
||||
- R_EC_B233,
|
||||
- R_EC_B283,
|
||||
- R_EC_B409,
|
||||
- R_EC_B571,
|
||||
-#endif
|
||||
- R_EC_BRP256R1,
|
||||
- R_EC_BRP256T1,
|
||||
- R_EC_BRP384R1,
|
||||
- R_EC_BRP384T1,
|
||||
- R_EC_BRP512R1,
|
||||
- R_EC_BRP512T1,
|
||||
R_EC_X25519,
|
||||
R_EC_X448
|
||||
};
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
static OPT_PAIR ecdsa_choices[] = {
|
||||
- {"ecdsap160", R_EC_P160},
|
||||
@ -43,6 +41,7 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
||||
{"ecdsap256", R_EC_P256},
|
||||
{"ecdsap384", R_EC_P384},
|
||||
{"ecdsap521", R_EC_P521},
|
||||
-# ifndef OPENSSL_NO_EC2M
|
||||
- {"ecdsak163", R_EC_K163},
|
||||
- {"ecdsak233", R_EC_K233},
|
||||
- {"ecdsak283", R_EC_K283},
|
||||
@ -53,6 +52,7 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
||||
- {"ecdsab283", R_EC_B283},
|
||||
- {"ecdsab409", R_EC_B409},
|
||||
- {"ecdsab571", R_EC_B571},
|
||||
-# endif
|
||||
- {"ecdsabrp256r1", R_EC_BRP256R1},
|
||||
- {"ecdsabrp256t1", R_EC_BRP256T1},
|
||||
- {"ecdsabrp384r1", R_EC_BRP384R1},
|
||||
@ -71,6 +71,7 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
||||
{"ecdhp256", R_EC_P256},
|
||||
{"ecdhp384", R_EC_P384},
|
||||
{"ecdhp521", R_EC_P521},
|
||||
-# ifndef OPENSSL_NO_EC2M
|
||||
- {"ecdhk163", R_EC_K163},
|
||||
- {"ecdhk233", R_EC_K233},
|
||||
- {"ecdhk283", R_EC_K283},
|
||||
@ -81,6 +82,7 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
||||
- {"ecdhb283", R_EC_B283},
|
||||
- {"ecdhb409", R_EC_B409},
|
||||
- {"ecdhb571", R_EC_B571},
|
||||
-# endif
|
||||
- {"ecdhbrp256r1", R_EC_BRP256R1},
|
||||
- {"ecdhbrp256t1", R_EC_BRP256T1},
|
||||
- {"ecdhbrp384r1", R_EC_BRP384R1},
|
||||
@ -90,7 +92,7 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
||||
{"ecdhx25519", R_EC_X25519},
|
||||
{"ecdhx448", R_EC_X448}
|
||||
};
|
||||
@@ -1495,29 +1441,10 @@ int speed_main(int argc, char **argv)
|
||||
@@ -1504,31 +1444,10 @@ int speed_main(int argc, char **argv)
|
||||
unsigned int bits;
|
||||
} test_curves[] = {
|
||||
/* Prime Curves */
|
||||
@ -100,6 +102,7 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
||||
{"nistp256", NID_X9_62_prime256v1, 256},
|
||||
{"nistp384", NID_secp384r1, 384},
|
||||
{"nistp521", NID_secp521r1, 521},
|
||||
-# ifndef OPENSSL_NO_EC2M
|
||||
- /* Binary Curves */
|
||||
- {"nistk163", NID_sect163k1, 163},
|
||||
- {"nistk233", NID_sect233k1, 233},
|
||||
@ -111,6 +114,7 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
||||
- {"nistb283", NID_sect283r1, 283},
|
||||
- {"nistb409", NID_sect409r1, 409},
|
||||
- {"nistb571", NID_sect571r1, 571},
|
||||
-# endif
|
||||
- {"brainpoolP256r1", NID_brainpoolP256r1, 256},
|
||||
- {"brainpoolP256t1", NID_brainpoolP256t1, 256},
|
||||
- {"brainpoolP384r1", NID_brainpoolP384r1, 384},
|
||||
@ -120,7 +124,7 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
||||
/* Other and ECDH only ones */
|
||||
{"X25519", NID_X25519, 253},
|
||||
{"X448", NID_X448, 448}
|
||||
@@ -2017,9 +1944,9 @@ int speed_main(int argc, char **argv)
|
||||
@@ -2028,9 +1947,9 @@ int speed_main(int argc, char **argv)
|
||||
# endif
|
||||
|
||||
# ifndef OPENSSL_NO_EC
|
||||
@ -133,46 +137,38 @@ diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
|
||||
ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
|
||||
ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
|
||||
if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
|
||||
@@ -2031,6 +1958,7 @@ int speed_main(int argc, char **argv)
|
||||
@@ -2042,7 +1961,7 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
}
|
||||
+#if 0
|
||||
-# ifndef OPENSSL_NO_EC2M
|
||||
+# if 0
|
||||
ecdsa_c[R_EC_K163][0] = count / 1000;
|
||||
ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
|
||||
for (i = R_EC_K233; i <= R_EC_K571; i++) {
|
||||
@@ -2059,9 +1987,9 @@ int speed_main(int argc, char **argv)
|
||||
@@ -2073,8 +1992,8 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
}
|
||||
-
|
||||
# endif
|
||||
|
||||
- ecdh_c[R_EC_P160][0] = count / 1000;
|
||||
- for (i = R_EC_P192; i <= R_EC_P521; i++) {
|
||||
+#endif
|
||||
+ ecdh_c[R_EC_P224][0] = count / 1000;
|
||||
+ for (i = R_EC_P256; i <= R_EC_P521; i++) {
|
||||
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
|
||||
if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
|
||||
ecdh_doit[i] = 0;
|
||||
@@ -2071,6 +1999,7 @@ int speed_main(int argc, char **argv)
|
||||
@@ -2084,7 +2003,7 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
}
|
||||
+#if 0
|
||||
-# ifndef OPENSSL_NO_EC2M
|
||||
+# if 0
|
||||
ecdh_c[R_EC_K163][0] = count / 1000;
|
||||
for (i = R_EC_K233; i <= R_EC_K571; i++) {
|
||||
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
|
||||
@@ -2116,6 +2045,7 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
}
|
||||
+#endif
|
||||
/* default iteration count for the last two EC Curves */
|
||||
ecdh_c[R_EC_X25519][0] = count / 1800;
|
||||
ecdh_c[R_EC_X448][0] = count / 7200;
|
||||
diff -up openssl-1.1.1b/crypto/ec/ecp_smpl.c.curves openssl-1.1.1b/crypto/ec/ecp_smpl.c
|
||||
--- openssl-1.1.1b/crypto/ec/ecp_smpl.c.curves 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/ec/ecp_smpl.c 2019-02-28 11:19:30.628479300 +0100
|
||||
diff -up openssl-1.1.1c/crypto/ec/ecp_smpl.c.curves openssl-1.1.1c/crypto/ec/ecp_smpl.c
|
||||
--- openssl-1.1.1c/crypto/ec/ecp_smpl.c.curves 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/ec/ecp_smpl.c 2019-05-29 15:30:09.071349520 +0200
|
||||
@@ -145,6 +145,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
|
||||
return 0;
|
||||
}
|
||||
@ -185,22 +181,30 @@ diff -up openssl-1.1.1b/crypto/ec/ecp_smpl.c.curves openssl-1.1.1b/crypto/ec/ecp
|
||||
if (ctx == NULL) {
|
||||
ctx = new_ctx = BN_CTX_new();
|
||||
if (ctx == NULL)
|
||||
diff -up openssl-1.1.1b/test/ecdsatest.c.curves openssl-1.1.1b/test/ecdsatest.c
|
||||
--- openssl-1.1.1b/test/ecdsatest.c.curves 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/test/ecdsatest.c 2019-02-28 11:19:30.628479300 +0100
|
||||
@@ -176,6 +176,7 @@ static int x9_62_tests(void)
|
||||
if (!change_rand())
|
||||
goto x962_err;
|
||||
diff -up openssl-1.1.1c/test/ecdsatest.h.curves openssl-1.1.1c/test/ecdsatest.h
|
||||
--- openssl-1.1.1c/test/ecdsatest.h.curves 2019-05-29 15:30:09.010350595 +0200
|
||||
+++ openssl-1.1.1c/test/ecdsatest.h 2019-05-29 15:41:24.586444294 +0200
|
||||
@@ -32,23 +32,6 @@ typedef struct {
|
||||
} ecdsa_cavs_kat_t;
|
||||
|
||||
+#if 0
|
||||
if (!TEST_true(x9_62_test_internal(NID_X9_62_prime192v1,
|
||||
"3342403536405981729393488334694600415596881826869351677613",
|
||||
"5735822328888155254683894997897571951568553642892029982342")))
|
||||
@@ -186,6 +187,7 @@ static int x9_62_tests(void)
|
||||
"3238135532097973577080787768312505059318910517550078427819"
|
||||
"78505179448783")))
|
||||
goto x962_err;
|
||||
+#endif
|
||||
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
if (!TEST_true(x9_62_test_internal(NID_X9_62_c2tnb191v1,
|
||||
static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
|
||||
- /* prime KATs from X9.62 */
|
||||
- {NID_X9_62_prime192v1, NID_sha1,
|
||||
- "616263", /* "abc" */
|
||||
- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
|
||||
- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
|
||||
- "5ca5c0d69716dfcb3474373902",
|
||||
- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
|
||||
- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
|
||||
- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
|
||||
- {NID_X9_62_prime239v1, NID_sha1,
|
||||
- "616263", /* "abc" */
|
||||
- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
|
||||
- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
|
||||
- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
|
||||
- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
|
||||
- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
|
||||
- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
|
||||
/* prime KATs from NIST CAVP */
|
||||
{NID_secp224r1, NID_sha224,
|
||||
"699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
|
||||
|
@ -5221,17 +5221,16 @@ diff -up openssl-1.1.1b/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1b/te
|
||||
+use OpenSSL::Test::Simple;
|
||||
+
|
||||
+simple_test("test_evp_kdf", "evp_kdf_test");
|
||||
diff -up openssl-1.1.1b/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1b/test/recipes/30-test_evp.t
|
||||
--- openssl-1.1.1b/test/recipes/30-test_evp.t.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/test/recipes/30-test_evp.t 2019-02-28 13:05:05.659521326 +0100
|
||||
@@ -15,8 +15,8 @@ use OpenSSL::Test qw/:DEFAULT data_file/
|
||||
diff -up openssl-1.1.1c/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1c/test/recipes/30-test_evp.t
|
||||
--- openssl-1.1.1c/test/recipes/30-test_evp.t.evp-kdf 2019-05-29 16:55:38.236960543 +0200
|
||||
+++ openssl-1.1.1c/test/recipes/30-test_evp.t 2019-05-29 16:57:46.348718012 +0200
|
||||
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/
|
||||
setup("test_evp");
|
||||
|
||||
my @files = ( "evpciph.txt", "evpdigest.txt", "evpencod.txt", "evpkdf.txt",
|
||||
- "evpmac.txt", "evppbe.txt", "evppkey.txt", "evppkey_ecc.txt",
|
||||
- "evpcase.txt" );
|
||||
+ "evppkey_kdf.txt", "evpmac.txt", "evppbe.txt", "evppkey.txt",
|
||||
+ "evppkey_ecc.txt", "evpcase.txt" );
|
||||
+ "evppkey_kdf.txt", "evpmac.txt", "evppbe.txt", "evppkey.txt", "evppkey_ecc.txt",
|
||||
"evpcase.txt", "evpccmcavs.txt" );
|
||||
|
||||
plan tests => scalar(@files);
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
diff -up openssl-1.1.1a/crypto/fips/fips.c.fips-post-rand openssl-1.1.1a/crypto/fips/fips.c
|
||||
--- openssl-1.1.1a/crypto/fips/fips.c.fips-post-rand 2019-01-15 14:14:07.813360637 +0100
|
||||
+++ openssl-1.1.1a/crypto/fips/fips.c 2019-01-15 14:14:07.838360173 +0100
|
||||
diff -up openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand openssl-1.1.1c/crypto/fips/fips.c
|
||||
--- openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand 2019-05-29 15:53:56.328216002 +0200
|
||||
+++ openssl-1.1.1c/crypto/fips/fips.c 2019-05-29 15:53:56.359215457 +0200
|
||||
@@ -68,6 +68,7 @@
|
||||
|
||||
# include <openssl/fips.h>
|
||||
@ -51,10 +51,10 @@ diff -up openssl-1.1.1a/crypto/fips/fips.c.fips-post-rand openssl-1.1.1a/crypto/
|
||||
ret = 1;
|
||||
goto end;
|
||||
}
|
||||
diff -up openssl-1.1.1a/crypto/include/internal/fips_int.h.fips-post-rand openssl-1.1.1a/crypto/include/internal/fips_int.h
|
||||
--- openssl-1.1.1a/crypto/include/internal/fips_int.h.fips-post-rand 2019-01-15 14:14:07.821360489 +0100
|
||||
+++ openssl-1.1.1a/crypto/include/internal/fips_int.h 2019-01-15 14:14:07.838360173 +0100
|
||||
@@ -76,6 +76,8 @@ int FIPS_selftest_hmac(void);
|
||||
diff -up openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand openssl-1.1.1c/crypto/include/internal/fips_int.h
|
||||
--- openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand 2019-05-29 15:53:56.337215844 +0200
|
||||
+++ openssl-1.1.1c/crypto/include/internal/fips_int.h 2019-05-29 15:53:56.359215457 +0200
|
||||
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
|
||||
int FIPS_selftest_drbg(void);
|
||||
int FIPS_selftest_cmac(void);
|
||||
|
||||
@ -63,9 +63,9 @@ diff -up openssl-1.1.1a/crypto/include/internal/fips_int.h.fips-post-rand openss
|
||||
int fips_pkey_signature_test(EVP_PKEY *pkey,
|
||||
const unsigned char *tbs, int tbslen,
|
||||
const unsigned char *kat,
|
||||
diff -up openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1a/crypto/rand/rand_unix.c
|
||||
--- openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand 2018-11-20 14:35:38.000000000 +0100
|
||||
+++ openssl-1.1.1a/crypto/rand/rand_unix.c 2019-01-15 14:17:22.416748544 +0100
|
||||
diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/crypto/rand/rand_unix.c
|
||||
--- openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/rand/rand_unix.c 2019-05-29 16:54:16.471391802 +0200
|
||||
@@ -16,10 +16,12 @@
|
||||
#include <openssl/rand.h>
|
||||
#include "rand_lcl.h"
|
||||
@ -74,12 +74,13 @@ diff -up openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1a/cr
|
||||
#include <stdio.h>
|
||||
#include "internal/dso.h"
|
||||
#if defined(__linux)
|
||||
# include <sys/syscall.h>
|
||||
-# include <asm/unistd.h>
|
||||
+# include <sys/syscall.h>
|
||||
+# include <sys/random.h>
|
||||
#endif
|
||||
#if defined(__FreeBSD__)
|
||||
# include <sys/types.h>
|
||||
@@ -258,7 +260,7 @@ static ssize_t sysctl_random(char *buf,
|
||||
@@ -279,7 +281,7 @@ static ssize_t sysctl_random(char *buf,
|
||||
* syscall_random(): Try to get random data using a system call
|
||||
* returns the number of bytes returned in buf, or < 0 on error.
|
||||
*/
|
||||
@ -88,7 +89,7 @@ diff -up openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1a/cr
|
||||
{
|
||||
/*
|
||||
* Note: 'buflen' equals the size of the buffer which is used by the
|
||||
@@ -280,6 +282,7 @@ static ssize_t syscall_random(void *buf,
|
||||
@@ -301,6 +303,7 @@ static ssize_t syscall_random(void *buf,
|
||||
* - Linux since 3.17 with glibc 2.25
|
||||
* - FreeBSD since 12.0 (1200061)
|
||||
*/
|
||||
@ -96,20 +97,21 @@ diff -up openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1a/cr
|
||||
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
|
||||
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
|
||||
|
||||
@@ -301,10 +304,10 @@ static ssize_t syscall_random(void *buf,
|
||||
@@ -322,10 +325,10 @@ static ssize_t syscall_random(void *buf,
|
||||
if (p_getentropy.p != NULL)
|
||||
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
||||
# endif
|
||||
-
|
||||
+# endif
|
||||
/* Linux supports this since version 3.17 */
|
||||
# if defined(__linux) && defined(SYS_getrandom)
|
||||
- return syscall(SYS_getrandom, buf, buflen, 0);
|
||||
-# if defined(__linux) && defined(__NR_getrandom)
|
||||
- return syscall(__NR_getrandom, buf, buflen, 0);
|
||||
+# if defined(__linux) && defined(SYS_getrandom)
|
||||
+ return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
|
||||
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
||||
return sysctl_random(buf, buflen);
|
||||
# else
|
||||
@@ -454,8 +457,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
@@ -475,8 +478,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
size_t bytes_needed;
|
||||
size_t entropy_available = 0;
|
||||
unsigned char *buffer;
|
||||
@ -121,7 +123,7 @@ diff -up openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1a/cr
|
||||
{
|
||||
ssize_t bytes;
|
||||
/* Maximum allowed number of consecutive unsuccessful attempts */
|
||||
@@ -464,7 +469,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
@@ -485,7 +490,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
@ -130,7 +132,7 @@ diff -up openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1a/cr
|
||||
if (bytes > 0) {
|
||||
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||
bytes_needed -= bytes;
|
||||
@@ -496,8 +501,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
@@ -540,8 +545,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
int attempts = 3;
|
||||
const int fd = get_random_device(i);
|
||||
|
||||
@ -142,7 +144,7 @@ diff -up openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1a/cr
|
||||
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
@@ -557,7 +564,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
@@ -601,7 +608,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
}
|
||||
}
|
||||
# endif
|
||||
|
@ -1,3 +1,15 @@
|
||||
diff -up openssl-1.1.1b/apps/pkcs12.c.fips openssl-1.1.1b/apps/pkcs12.c
|
||||
--- openssl-1.1.1b/apps/pkcs12.c.fips 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/apps/pkcs12.c 2019-05-24 12:08:40.524523735 +0200
|
||||
@@ -126,7 +126,7 @@ int pkcs12_main(int argc, char **argv)
|
||||
int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
|
||||
int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
|
||||
# ifndef OPENSSL_NO_RC2
|
||||
- int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
|
||||
+ int cert_pbe = FIPS_mode() ? NID_pbe_WithSHA1And3_Key_TripleDES_CBC : NID_pbe_WithSHA1And40BitRC2_CBC;
|
||||
# else
|
||||
int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
|
||||
# endif
|
||||
diff -up openssl-1.1.1b/apps/speed.c.fips openssl-1.1.1b/apps/speed.c
|
||||
--- openssl-1.1.1b/apps/speed.c.fips 2019-05-07 11:52:35.887597899 +0200
|
||||
+++ openssl-1.1.1b/apps/speed.c 2019-05-07 16:51:36.946350159 +0200
|
||||
@ -985,9 +997,9 @@ diff -up openssl-1.1.1b/crypto/evp/c_alld.c.fips openssl-1.1.1b/crypto/evp/c_all
|
||||
+ }
|
||||
+#endif
|
||||
}
|
||||
diff -up openssl-1.1.1b/crypto/evp/digest.c.fips openssl-1.1.1b/crypto/evp/digest.c
|
||||
--- openssl-1.1.1b/crypto/evp/digest.c.fips 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/evp/digest.c 2019-02-28 11:30:06.803745726 +0100
|
||||
diff -up openssl-1.1.1c/crypto/evp/digest.c.fips openssl-1.1.1c/crypto/evp/digest.c
|
||||
--- openssl-1.1.1c/crypto/evp/digest.c.fips 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/evp/digest.c 2019-05-29 15:47:59.220499971 +0200
|
||||
@@ -14,6 +14,9 @@
|
||||
#include <openssl/engine.h>
|
||||
#include "internal/evp_int.h"
|
||||
@ -1027,17 +1039,18 @@ diff -up openssl-1.1.1b/crypto/evp/digest.c.fips openssl-1.1.1b/crypto/evp/diges
|
||||
if (ctx->digest && ctx->digest->ctx_size) {
|
||||
OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
|
||||
ctx->md_data = NULL;
|
||||
@@ -150,6 +168,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
|
||||
@@ -150,6 +168,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
|
||||
|
||||
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
|
||||
{
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ FIPS_selftest_check();
|
||||
+#endif
|
||||
return ctx->update(ctx, data, count);
|
||||
}
|
||||
+
|
||||
if (count == 0)
|
||||
return 1;
|
||||
|
||||
@@ -167,6 +188,9 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,
|
||||
@@ -170,6 +192,9 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,
|
||||
{
|
||||
int ret;
|
||||
|
||||
@ -9869,11 +9882,11 @@ diff -up openssl-1.1.1b/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1b/c
|
||||
+#endif
|
||||
+ return 0;
|
||||
+}
|
||||
diff -up openssl-1.1.1b/crypto/hmac/hmac.c.fips openssl-1.1.1b/crypto/hmac/hmac.c
|
||||
--- openssl-1.1.1b/crypto/hmac/hmac.c.fips 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/hmac/hmac.c 2019-02-28 11:30:06.817745466 +0100
|
||||
@@ -36,6 +36,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
|
||||
}
|
||||
diff -up openssl-1.1.1c/crypto/hmac/hmac.c.fips openssl-1.1.1c/crypto/hmac/hmac.c
|
||||
--- openssl-1.1.1c/crypto/hmac/hmac.c.fips 2019-05-29 15:46:19.138261106 +0200
|
||||
+++ openssl-1.1.1c/crypto/hmac/hmac.c 2019-05-29 15:49:09.508263133 +0200
|
||||
@@ -43,6 +43,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
|
||||
return 0;
|
||||
|
||||
if (key != NULL) {
|
||||
+#ifdef OPENSSL_FIPS
|
||||
@ -11756,13 +11769,13 @@ diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evpciph.txt.fips openssl-1
|
||||
|
||||
Cipher = aes-128-xts
|
||||
Key = 1111111111111111111111111111111122222222222222222222222222222222
|
||||
diff -up openssl-1.1.1b/util/libcrypto.num.fips openssl-1.1.1b/util/libcrypto.num
|
||||
--- openssl-1.1.1b/util/libcrypto.num.fips 2019-02-28 11:30:06.824745335 +0100
|
||||
+++ openssl-1.1.1b/util/libcrypto.num 2019-02-28 11:33:54.284516991 +0100
|
||||
@@ -4579,3 +4579,38 @@ EVP_PKEY_meth_set_digest_custom
|
||||
EVP_PKEY_meth_get_digest_custom 4533 1_1_1 EXIST::FUNCTION:
|
||||
diff -up openssl-1.1.1c/util/libcrypto.num.fips openssl-1.1.1c/util/libcrypto.num
|
||||
--- openssl-1.1.1c/util/libcrypto.num.fips 2019-05-29 15:46:19.154260824 +0200
|
||||
+++ openssl-1.1.1c/util/libcrypto.num 2019-05-29 15:50:10.390191805 +0200
|
||||
@@ -4580,3 +4580,38 @@ EVP_PKEY_meth_get_digest_custom
|
||||
OPENSSL_INIT_set_config_filename 4534 1_1_1b EXIST::FUNCTION:STDIO
|
||||
OPENSSL_INIT_set_config_file_flags 4535 1_1_1b EXIST::FUNCTION:STDIO
|
||||
EVP_PKEY_get0_engine 4536 1_1_1c EXIST::FUNCTION:ENGINE
|
||||
+FIPS_drbg_reseed 6348 1_1_0g EXIST::FUNCTION:
|
||||
+FIPS_selftest_check 6349 1_1_0g EXIST::FUNCTION:
|
||||
+FIPS_rand_set_method 6350 1_1_0g EXIST::FUNCTION:
|
||||
|
@ -14,24 +14,3 @@ diff -up openssl-1.1.1b/crypto/conf/conf_lib.c.regression openssl-1.1.1b/crypto/
|
||||
ret->flags = DEFAULT_CONF_MFLAGS;
|
||||
|
||||
return ret;
|
||||
diff -up openssl-1.1.1b/crypto/evp/evp_enc.c.regression openssl-1.1.1b/crypto/evp/evp_enc.c
|
||||
--- openssl-1.1.1b/crypto/evp/evp_enc.c.regression 2019-05-07 11:52:35.982596242 +0200
|
||||
+++ openssl-1.1.1b/crypto/evp/evp_enc.c 2019-05-10 14:30:42.269243383 +0200
|
||||
@@ -338,7 +338,7 @@ static int evp_EncryptDecryptUpdate(EVP_
|
||||
|
||||
bl = ctx->cipher->block_size;
|
||||
|
||||
- if (inl <= 0) {
|
||||
+ if (out != NULL && in == NULL && inl <= 0) {
|
||||
*outl = 0;
|
||||
return inl == 0;
|
||||
}
|
||||
@@ -491,7 +491,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ct
|
||||
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
|
||||
cmpl = (cmpl + 7) / 8;
|
||||
|
||||
- if (inl <= 0) {
|
||||
+ if (out != NULL && in == NULL && inl <= 0) {
|
||||
*outl = 0;
|
||||
return inl == 0;
|
||||
}
|
||||
|
@ -1,6 +1,6 @@
|
||||
diff -up openssl-1.1.1-pre9/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.1-pre9/Configurations/unix-Makefile.tmpl
|
||||
--- openssl-1.1.1-pre9/Configurations/unix-Makefile.tmpl.system-cipherlist 2018-08-22 12:15:54.520742678 +0200
|
||||
+++ openssl-1.1.1-pre9/Configurations/unix-Makefile.tmpl 2018-08-22 12:15:54.554743511 +0200
|
||||
diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.1c/Configurations/unix-Makefile.tmpl
|
||||
--- openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist 2019-05-29 15:42:27.951329271 +0200
|
||||
+++ openssl-1.1.1c/Configurations/unix-Makefile.tmpl 2019-05-29 15:42:27.974328867 +0200
|
||||
@@ -180,6 +180,10 @@ MANDIR=$(INSTALLTOP)/share/man
|
||||
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
|
||||
HTMLDIR=$(DOCDIR)/html
|
||||
@ -20,15 +20,15 @@ diff -up openssl-1.1.1-pre9/Configurations/unix-Makefile.tmpl.system-cipherlist
|
||||
(map { "-I".$_} @{$config{CPPINCLUDES}}),
|
||||
@{$config{CPPFLAGS}}) -}
|
||||
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
|
||||
diff -up openssl-1.1.1-pre9/Configure.system-cipherlist openssl-1.1.1-pre9/Configure
|
||||
--- openssl-1.1.1-pre9/Configure.system-cipherlist 2018-08-21 14:14:11.000000000 +0200
|
||||
+++ openssl-1.1.1-pre9/Configure 2018-08-22 12:16:46.600018343 +0200
|
||||
diff -up openssl-1.1.1c/Configure.system-cipherlist openssl-1.1.1c/Configure
|
||||
--- openssl-1.1.1c/Configure.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/Configure 2019-05-29 15:45:10.465469533 +0200
|
||||
@@ -24,7 +24,7 @@ use OpenSSL::Glob;
|
||||
my $orig_death_handler = $SIG{__DIE__};
|
||||
$SIG{__DIE__} = \&death_handler;
|
||||
|
||||
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||
|
||||
# Options:
|
||||
#
|
||||
@ -50,7 +50,7 @@ diff -up openssl-1.1.1-pre9/Configure.system-cipherlist openssl-1.1.1-pre9/Confi
|
||||
my $auto_threads=1; # enable threads automatically? true by default
|
||||
my $default_ranlib;
|
||||
|
||||
@@ -817,6 +821,10 @@ while (@argvcopy)
|
||||
@@ -824,6 +828,10 @@ while (@argvcopy)
|
||||
push @seed_sources, $x;
|
||||
}
|
||||
}
|
||||
@ -61,7 +61,7 @@ diff -up openssl-1.1.1-pre9/Configure.system-cipherlist openssl-1.1.1-pre9/Confi
|
||||
elsif (/^--cross-compile-prefix=(.*)$/)
|
||||
{
|
||||
$user{CROSS_COMPILE}=$1;
|
||||
@@ -1003,6 +1011,8 @@ if ($target eq "HASH") {
|
||||
@@ -1016,6 +1024,8 @@ if ($target eq "HASH") {
|
||||
exit 0;
|
||||
}
|
||||
|
||||
@ -70,9 +70,9 @@ diff -up openssl-1.1.1-pre9/Configure.system-cipherlist openssl-1.1.1-pre9/Confi
|
||||
print "Configuring OpenSSL version $config{version} ($config{version_num}) ";
|
||||
print "for $target\n";
|
||||
|
||||
diff -up openssl-1.1.1-pre9/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1-pre9/doc/man1/ciphers.pod
|
||||
--- openssl-1.1.1-pre9/doc/man1/ciphers.pod.system-cipherlist 2018-08-21 14:14:13.000000000 +0200
|
||||
+++ openssl-1.1.1-pre9/doc/man1/ciphers.pod 2018-08-22 12:15:54.555743536 +0200
|
||||
diff -up openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1c/doc/man1/ciphers.pod
|
||||
--- openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/doc/man1/ciphers.pod 2019-05-29 15:42:27.975328849 +0200
|
||||
@@ -182,6 +182,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
|
||||
|
||||
The cipher suites not enabled by B<ALL>, currently B<eNULL>.
|
||||
@ -89,9 +89,9 @@ diff -up openssl-1.1.1-pre9/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1
|
||||
=item B<HIGH>
|
||||
|
||||
"High" encryption cipher suites. This currently means those with key lengths
|
||||
diff -up openssl-1.1.1-pre9/include/openssl/ssl.h.system-cipherlist openssl-1.1.1-pre9/include/openssl/ssl.h
|
||||
--- openssl-1.1.1-pre9/include/openssl/ssl.h.system-cipherlist 2018-08-21 14:14:15.000000000 +0200
|
||||
+++ openssl-1.1.1-pre9/include/openssl/ssl.h 2018-08-22 12:15:54.557743585 +0200
|
||||
diff -up openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist openssl-1.1.1c/include/openssl/ssl.h
|
||||
--- openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/include/openssl/ssl.h 2019-05-29 15:42:27.975328849 +0200
|
||||
@@ -186,6 +186,11 @@ extern "C" {
|
||||
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
|
||||
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
|
||||
@ -104,9 +104,9 @@ diff -up openssl-1.1.1-pre9/include/openssl/ssl.h.system-cipherlist openssl-1.1.
|
||||
|
||||
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
|
||||
# define SSL_SENT_SHUTDOWN 1
|
||||
diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/ssl/ssl_ciph.c
|
||||
--- openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist 2018-08-21 14:14:15.000000000 +0200
|
||||
+++ openssl-1.1.1-pre9/ssl/ssl_ciph.c 2018-08-22 12:15:54.557743585 +0200
|
||||
diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ciph.c
|
||||
--- openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/ssl/ssl_ciph.c 2019-05-29 15:42:27.976328831 +0200
|
||||
@@ -9,6 +9,8 @@
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
@ -116,7 +116,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
#include <openssl/objects.h>
|
||||
@@ -1397,6 +1399,53 @@ int SSL_set_ciphersuites(SSL *s, const c
|
||||
@@ -1399,6 +1401,53 @@ int SSL_set_ciphersuites(SSL *s, const c
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -170,7 +170,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
||||
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
|
||||
STACK_OF(SSL_CIPHER) **cipher_list,
|
||||
@@ -1410,15 +1459,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
@@ -1412,15 +1461,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
const char *rule_p;
|
||||
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
|
||||
const SSL_CIPHER **ca_list = NULL;
|
||||
@ -198,7 +198,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
||||
#endif
|
||||
|
||||
/*
|
||||
@@ -1441,7 +1500,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
@@ -1443,7 +1502,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
|
||||
if (co_list == NULL) {
|
||||
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
|
||||
@ -207,7 +207,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
||||
}
|
||||
|
||||
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
|
||||
@@ -1507,8 +1566,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
@@ -1509,8 +1568,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
* in force within each class
|
||||
*/
|
||||
if (!ssl_cipher_strength_sort(&head, &tail)) {
|
||||
@ -217,7 +217,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1553,9 +1611,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
@@ -1555,9 +1613,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
|
||||
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
|
||||
if (ca_list == NULL) {
|
||||
@ -228,7 +228,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
||||
}
|
||||
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
|
||||
disabled_mkey, disabled_auth, disabled_enc,
|
||||
@@ -1581,8 +1638,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
@@ -1583,8 +1640,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
OPENSSL_free(ca_list); /* Not needed anymore */
|
||||
|
||||
if (!ok) { /* Rule processing failure */
|
||||
@ -238,7 +238,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1590,14 +1646,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
@@ -1592,14 +1648,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
* if we cannot get one.
|
||||
*/
|
||||
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
|
||||
@ -259,7 +259,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
||||
sk_SSL_CIPHER_free(cipherstack);
|
||||
return NULL;
|
||||
}
|
||||
@@ -1629,6 +1689,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
*cipher_list = cipherstack;
|
||||
|
||||
return cipherstack;
|
||||
@ -274,10 +274,10 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre9/
|
||||
}
|
||||
|
||||
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||
diff -up openssl-1.1.1-pre9/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1-pre9/ssl/ssl_lib.c
|
||||
--- openssl-1.1.1-pre9/ssl/ssl_lib.c.system-cipherlist 2018-08-22 12:15:54.552743462 +0200
|
||||
+++ openssl-1.1.1-pre9/ssl/ssl_lib.c 2018-08-22 12:15:54.558743609 +0200
|
||||
@@ -658,7 +658,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
|
||||
diff -up openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1c/ssl/ssl_lib.c
|
||||
--- openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist 2019-05-29 15:42:27.970328937 +0200
|
||||
+++ openssl-1.1.1c/ssl/ssl_lib.c 2019-05-29 15:42:27.977328814 +0200
|
||||
@@ -662,7 +662,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
|
||||
ctx->tls13_ciphersuites,
|
||||
&(ctx->cipher_list),
|
||||
&(ctx->cipher_list_by_id),
|
||||
@ -286,7 +286,7 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1-pre9/s
|
||||
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
|
||||
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
|
||||
return 0;
|
||||
@@ -2933,7 +2933,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
|
||||
@@ -2954,7 +2954,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
|
||||
if (!ssl_create_cipher_list(ret->method,
|
||||
ret->tls13_ciphersuites,
|
||||
&ret->cipher_list, &ret->cipher_list_by_id,
|
||||
@ -295,9 +295,9 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1-pre9/s
|
||||
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
|
||||
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
|
||||
goto err2;
|
||||
diff -up openssl-1.1.1b/test/cipherlist_test.c.system-cipherlist openssl-1.1.1b/test/cipherlist_test.c
|
||||
--- openssl-1.1.1b/test/cipherlist_test.c.system-cipherlist 2019-02-28 11:27:15.181936081 +0100
|
||||
+++ openssl-1.1.1b/test/cipherlist_test.c 2019-02-28 11:28:53.357111055 +0100
|
||||
diff -up openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist openssl-1.1.1c/test/cipherlist_test.c
|
||||
--- openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/test/cipherlist_test.c 2019-05-29 15:42:27.977328814 +0200
|
||||
@@ -251,7 +251,9 @@ end:
|
||||
|
||||
int setup_tests(void)
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,12 +1,12 @@
|
||||
diff -up openssl-1.1.1b/include/openssl/opensslv.h.version-override openssl-1.1.1b/include/openssl/opensslv.h
|
||||
--- openssl-1.1.1b/include/openssl/opensslv.h.version-override 2019-02-28 11:34:56.427361796 +0100
|
||||
+++ openssl-1.1.1b/include/openssl/opensslv.h 2019-02-28 11:35:40.487542747 +0100
|
||||
diff -up openssl-1.1.1c/include/openssl/opensslv.h.version-override openssl-1.1.1c/include/openssl/opensslv.h
|
||||
--- openssl-1.1.1c/include/openssl/opensslv.h.version-override 2019-05-29 15:52:30.014734859 +0200
|
||||
+++ openssl-1.1.1c/include/openssl/opensslv.h 2019-05-29 15:53:23.093800831 +0200
|
||||
@@ -40,7 +40,7 @@ extern "C" {
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x1010102fL
|
||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1b 26 Feb 2019"
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1b FIPS 26 Feb 2019"
|
||||
# define OPENSSL_VERSION_NUMBER 0x1010103fL
|
||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1c 28 May 2019"
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1c FIPS 28 May 2019"
|
||||
|
||||
/*-
|
||||
* The macros below are to be used for shared library (.so, .dll, ...)
|
||||
|
@ -21,8 +21,8 @@
|
||||
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.1.1b
|
||||
Release: 10%{?dist}
|
||||
Version: 1.1.1c
|
||||
Release: 1%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -454,6 +454,9 @@ export LD_LIBRARY_PATH
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Wed May 29 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-1
|
||||
- update to the 1.1.1c release
|
||||
|
||||
* Fri May 10 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-10
|
||||
- Another attempt at the AES-CCM regression fix
|
||||
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (openssl-1.1.1b-hobbled.tar.xz) = 8055b19bfeec41fe0607c04d468d2f16a1e5fe02642c8deb67b00878be7e28ab266d13da41b9576800cba0b9448253f26f72ab8889d666f5d23103648f80bea1
|
||||
SHA512 (openssl-1.1.1c-hobbled.tar.xz) = e6476209366d284bd02dca7e59a7ba2562aa7c58c91f0063b1e2b0f1a7f96fcff000e26d9c6f59b944e047b3305d237ed442f702ddd2e8c6c7a4d5b12e23c8db
|
||||
|
Loading…
Reference in New Issue
Block a user