minor upstream release 1.0.2e fixing moderate severity security issues
- enable fast assembler implementation for NIST P-256 and P-521 elliptic curves (#1164210) - filter out unwanted link options from the .pc files (#1257836)
This commit is contained in:
parent
a83e4d7c4a
commit
4240ecaa1b
1
.gitignore
vendored
1
.gitignore
vendored
@ -25,3 +25,4 @@ openssl-1.0.0a-usa.tar.bz2
|
|||||||
/openssl-1.0.2a-hobbled.tar.xz
|
/openssl-1.0.2a-hobbled.tar.xz
|
||||||
/openssl-1.0.2c-hobbled.tar.xz
|
/openssl-1.0.2c-hobbled.tar.xz
|
||||||
/openssl-1.0.2d-hobbled.tar.xz
|
/openssl-1.0.2d-hobbled.tar.xz
|
||||||
|
/openssl-1.0.2e-hobbled.tar.xz
|
||||||
|
@ -1,17 +0,0 @@
|
|||||||
diff -up openssl-1.0.2d/crypto/aes/asm/aesni-sha256-x86_64.pl.sigill openssl-1.0.2d/crypto/aes/asm/aesni-sha256-x86_64.pl
|
|
||||||
--- openssl-1.0.2d/crypto/aes/asm/aesni-sha256-x86_64.pl.sigill 2015-07-09 16:51:25.000000000 +0200
|
|
||||||
+++ openssl-1.0.2d/crypto/aes/asm/aesni-sha256-x86_64.pl 2015-11-16 17:43:52.554826505 +0100
|
|
||||||
@@ -139,11 +139,8 @@ $code.=<<___ if ($avx>1);
|
|
||||||
je ${func}_avx2
|
|
||||||
___
|
|
||||||
$code.=<<___;
|
|
||||||
- and \$`1<<30`,%eax # mask "Intel CPU" bit
|
|
||||||
- and \$`1<<28|1<<9`,%r10d # mask AVX+SSSE3 bits
|
|
||||||
- or %eax,%r10d
|
|
||||||
- cmp \$`1<<28|1<<9|1<<30`,%r10d
|
|
||||||
- je ${func}_avx
|
|
||||||
+ and \$`1<<28`,%r10d # check for AVX
|
|
||||||
+ jnz ${func}_avx
|
|
||||||
ud2
|
|
||||||
___
|
|
||||||
}
|
|
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.0.2c/Configure.rpmbuild openssl-1.0.2c/Configure
|
diff -up openssl-1.0.2e/Configure.rpmbuild openssl-1.0.2e/Configure
|
||||||
--- openssl-1.0.2c/Configure.rpmbuild 2015-06-12 16:51:21.000000000 +0200
|
--- openssl-1.0.2e/Configure.rpmbuild 2015-12-03 15:04:23.000000000 +0100
|
||||||
+++ openssl-1.0.2c/Configure 2015-06-15 17:22:52.598496680 +0200
|
+++ openssl-1.0.2e/Configure 2015-12-04 13:20:22.996835604 +0100
|
||||||
@@ -365,8 +365,8 @@ my %table=(
|
@@ -365,8 +365,8 @@ my %table=(
|
||||||
####
|
####
|
||||||
# *-generic* is endian-neutral target, but ./config is free to
|
# *-generic* is endian-neutral target, but ./config is free to
|
||||||
@ -12,7 +12,7 @@ diff -up openssl-1.0.2c/Configure.rpmbuild openssl-1.0.2c/Configure
|
|||||||
|
|
||||||
#######################################################################
|
#######################################################################
|
||||||
# Note that -march is not among compiler options in below linux-armv4
|
# Note that -march is not among compiler options in below linux-armv4
|
||||||
@@ -395,30 +395,30 @@ my %table=(
|
@@ -395,31 +395,31 @@ my %table=(
|
||||||
#
|
#
|
||||||
# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
|
# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
|
||||||
#
|
#
|
||||||
@ -48,6 +48,7 @@ diff -up openssl-1.0.2c/Configure.rpmbuild openssl-1.0.2c/Configure
|
|||||||
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||||
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
|
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
|
||||||
"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||||
|
"debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||||
"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||||
"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
|
"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
|
||||||
-"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
-"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||||
@ -55,7 +56,7 @@ diff -up openssl-1.0.2c/Configure.rpmbuild openssl-1.0.2c/Configure
|
|||||||
#### So called "highgprs" target for z/Architecture CPUs
|
#### So called "highgprs" target for z/Architecture CPUs
|
||||||
# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
|
# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
|
||||||
# /proc/cpuinfo. The idea is to preserve most significant bits of
|
# /proc/cpuinfo. The idea is to preserve most significant bits of
|
||||||
@@ -436,12 +436,12 @@ my %table=(
|
@@ -437,12 +437,12 @@ my %table=(
|
||||||
#### SPARC Linux setups
|
#### SPARC Linux setups
|
||||||
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
|
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
|
||||||
# assisted with debugging of following two configs.
|
# assisted with debugging of following two configs.
|
||||||
@ -71,7 +72,7 @@ diff -up openssl-1.0.2c/Configure.rpmbuild openssl-1.0.2c/Configure
|
|||||||
#### Alpha Linux with GNU C and Compaq C setups
|
#### Alpha Linux with GNU C and Compaq C setups
|
||||||
# Special notes:
|
# Special notes:
|
||||||
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
|
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
|
||||||
@@ -1764,7 +1764,7 @@ while (<IN>)
|
@@ -1767,7 +1767,7 @@ while (<IN>)
|
||||||
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
|
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
|
||||||
{
|
{
|
||||||
my $sotmp = $1;
|
my $sotmp = $1;
|
||||||
@ -80,9 +81,9 @@ diff -up openssl-1.0.2c/Configure.rpmbuild openssl-1.0.2c/Configure
|
|||||||
}
|
}
|
||||||
elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
|
elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
|
||||||
{
|
{
|
||||||
diff -up openssl-1.0.2c/Makefile.org.rpmbuild openssl-1.0.2c/Makefile.org
|
diff -up openssl-1.0.2e/Makefile.org.rpmbuild openssl-1.0.2e/Makefile.org
|
||||||
--- openssl-1.0.2c/Makefile.org.rpmbuild 2015-06-12 16:51:21.000000000 +0200
|
--- openssl-1.0.2e/Makefile.org.rpmbuild 2015-12-03 15:04:23.000000000 +0100
|
||||||
+++ openssl-1.0.2c/Makefile.org 2015-06-15 17:19:14.874510995 +0200
|
+++ openssl-1.0.2e/Makefile.org 2015-12-04 13:18:44.913538616 +0100
|
||||||
@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
|
@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
|
||||||
SHLIB_MAJOR=
|
SHLIB_MAJOR=
|
||||||
SHLIB_MINOR=
|
SHLIB_MINOR=
|
||||||
@ -91,7 +92,7 @@ diff -up openssl-1.0.2c/Makefile.org.rpmbuild openssl-1.0.2c/Makefile.org
|
|||||||
PLATFORM=dist
|
PLATFORM=dist
|
||||||
OPTIONS=
|
OPTIONS=
|
||||||
CONFIGURE_ARGS=
|
CONFIGURE_ARGS=
|
||||||
@@ -338,10 +339,9 @@ clean-shared:
|
@@ -341,10 +342,9 @@ clean-shared:
|
||||||
link-shared:
|
link-shared:
|
||||||
@ set -e; for i in $(SHLIBDIRS); do \
|
@ set -e; for i in $(SHLIBDIRS); do \
|
||||||
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
|
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
|
||||||
@ -103,7 +104,7 @@ diff -up openssl-1.0.2c/Makefile.org.rpmbuild openssl-1.0.2c/Makefile.org
|
|||||||
done
|
done
|
||||||
|
|
||||||
build-shared: do_$(SHLIB_TARGET) link-shared
|
build-shared: do_$(SHLIB_TARGET) link-shared
|
||||||
@@ -352,7 +352,7 @@ do_$(SHLIB_TARGET):
|
@@ -355,7 +355,7 @@ do_$(SHLIB_TARGET):
|
||||||
libs="$(LIBKRB5) $$libs"; \
|
libs="$(LIBKRB5) $$libs"; \
|
||||||
fi; \
|
fi; \
|
||||||
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
|
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssl-1.0.2a/crypto/evp/c_allc.c.wrap openssl-1.0.2a/crypto/evp/c_allc.c
|
diff -up openssl-1.0.2e/crypto/evp/c_allc.c.wrap openssl-1.0.2e/crypto/evp/c_allc.c
|
||||||
--- openssl-1.0.2a/crypto/evp/c_allc.c.wrap 2015-04-22 15:41:32.147488107 +0200
|
--- openssl-1.0.2e/crypto/evp/c_allc.c.wrap 2015-12-04 13:33:42.118550036 +0100
|
||||||
+++ openssl-1.0.2a/crypto/evp/c_allc.c 2015-04-22 15:47:25.486946239 +0200
|
+++ openssl-1.0.2e/crypto/evp/c_allc.c 2015-12-04 13:33:42.190551722 +0100
|
||||||
@@ -179,6 +179,7 @@ void OpenSSL_add_all_ciphers(void)
|
@@ -179,6 +179,7 @@ void OpenSSL_add_all_ciphers(void)
|
||||||
EVP_add_cipher(EVP_aes_128_xts());
|
EVP_add_cipher(EVP_aes_128_xts());
|
||||||
EVP_add_cipher(EVP_aes_128_ccm());
|
EVP_add_cipher(EVP_aes_128_ccm());
|
||||||
@ -57,9 +57,9 @@ diff -up openssl-1.0.2a/crypto/evp/c_allc.c.wrap openssl-1.0.2a/crypto/evp/c_all
|
|||||||
EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
|
EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
|
||||||
EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
|
EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
|
||||||
# endif
|
# endif
|
||||||
diff -up openssl-1.0.2a/crypto/evp/e_aes.c.wrap openssl-1.0.2a/crypto/evp/e_aes.c
|
diff -up openssl-1.0.2e/crypto/evp/e_aes.c.wrap openssl-1.0.2e/crypto/evp/e_aes.c
|
||||||
--- openssl-1.0.2a/crypto/evp/e_aes.c.wrap 2015-04-22 15:41:32.148488131 +0200
|
--- openssl-1.0.2e/crypto/evp/e_aes.c.wrap 2015-12-04 13:33:42.119550059 +0100
|
||||||
+++ openssl-1.0.2a/crypto/evp/e_aes.c 2015-04-22 15:52:21.809039506 +0200
|
+++ openssl-1.0.2e/crypto/evp/e_aes.c 2015-12-04 13:33:42.190551722 +0100
|
||||||
@@ -1,5 +1,5 @@
|
@@ -1,5 +1,5 @@
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
- * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
|
- * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
|
||||||
@ -67,7 +67,7 @@ diff -up openssl-1.0.2a/crypto/evp/e_aes.c.wrap openssl-1.0.2a/crypto/evp/e_aes.
|
|||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@@ -1952,7 +1952,7 @@ static int aes_wrap_init_key(EVP_CIPHER_
|
@@ -1953,7 +1953,7 @@ static int aes_wrap_init_key(EVP_CIPHER_
|
||||||
wctx->iv = NULL;
|
wctx->iv = NULL;
|
||||||
}
|
}
|
||||||
if (iv) {
|
if (iv) {
|
||||||
@ -76,7 +76,7 @@ diff -up openssl-1.0.2a/crypto/evp/e_aes.c.wrap openssl-1.0.2a/crypto/evp/e_aes.
|
|||||||
wctx->iv = ctx->iv;
|
wctx->iv = ctx->iv;
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
@@ -1963,30 +1963,57 @@ static int aes_wrap_cipher(EVP_CIPHER_CT
|
@@ -1964,30 +1964,57 @@ static int aes_wrap_cipher(EVP_CIPHER_CT
|
||||||
{
|
{
|
||||||
EVP_AES_WRAP_CTX *wctx = ctx->cipher_data;
|
EVP_AES_WRAP_CTX *wctx = ctx->cipher_data;
|
||||||
size_t rv;
|
size_t rv;
|
||||||
@ -142,7 +142,7 @@ diff -up openssl-1.0.2a/crypto/evp/e_aes.c.wrap openssl-1.0.2a/crypto/evp/e_aes.
|
|||||||
| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
|
| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
|
||||||
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
|
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
|
||||||
|
|
||||||
@@ -2031,3 +2058,45 @@ const EVP_CIPHER *EVP_aes_256_wrap(void)
|
@@ -2032,3 +2059,45 @@ const EVP_CIPHER *EVP_aes_256_wrap(void)
|
||||||
{
|
{
|
||||||
return &aes_256_wrap;
|
return &aes_256_wrap;
|
||||||
}
|
}
|
||||||
@ -188,10 +188,10 @@ diff -up openssl-1.0.2a/crypto/evp/e_aes.c.wrap openssl-1.0.2a/crypto/evp/e_aes.
|
|||||||
+{
|
+{
|
||||||
+ return &aes_256_wrap_pad;
|
+ return &aes_256_wrap_pad;
|
||||||
+}
|
+}
|
||||||
diff -up openssl-1.0.2a/crypto/evp/e_des3.c.wrap openssl-1.0.2a/crypto/evp/e_des3.c
|
diff -up openssl-1.0.2e/crypto/evp/e_des3.c.wrap openssl-1.0.2e/crypto/evp/e_des3.c
|
||||||
--- openssl-1.0.2a/crypto/evp/e_des3.c.wrap 2015-04-22 15:41:40.301683300 +0200
|
--- openssl-1.0.2e/crypto/evp/e_des3.c.wrap 2015-12-04 13:33:42.119550059 +0100
|
||||||
+++ openssl-1.0.2a/crypto/evp/e_des3.c 2015-04-22 15:53:39.529899964 +0200
|
+++ openssl-1.0.2e/crypto/evp/e_des3.c 2015-12-04 13:33:42.191551745 +0100
|
||||||
@@ -473,7 +473,7 @@ static const EVP_CIPHER des3_wrap = {
|
@@ -474,7 +474,7 @@ static const EVP_CIPHER des3_wrap = {
|
||||||
NID_id_smime_alg_CMS3DESwrap,
|
NID_id_smime_alg_CMS3DESwrap,
|
||||||
8, 24, 0,
|
8, 24, 0,
|
||||||
EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
|
EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
|
||||||
@ -200,10 +200,10 @@ diff -up openssl-1.0.2a/crypto/evp/e_des3.c.wrap openssl-1.0.2a/crypto/evp/e_des
|
|||||||
des_ede3_init_key, des_ede3_wrap_cipher,
|
des_ede3_init_key, des_ede3_wrap_cipher,
|
||||||
NULL,
|
NULL,
|
||||||
sizeof(DES_EDE_KEY),
|
sizeof(DES_EDE_KEY),
|
||||||
diff -up openssl-1.0.2a/crypto/evp/evp.h.wrap openssl-1.0.2a/crypto/evp/evp.h
|
diff -up openssl-1.0.2e/crypto/evp/evp.h.wrap openssl-1.0.2e/crypto/evp/evp.h
|
||||||
--- openssl-1.0.2a/crypto/evp/evp.h.wrap 2015-04-22 19:30:57.000000000 +0200
|
--- openssl-1.0.2e/crypto/evp/evp.h.wrap 2015-12-04 13:33:42.120550083 +0100
|
||||||
+++ openssl-1.0.2a/crypto/evp/evp.h 2015-04-22 19:51:06.352832516 +0200
|
+++ openssl-1.0.2e/crypto/evp/evp.h 2015-12-04 13:33:42.191551745 +0100
|
||||||
@@ -832,6 +832,7 @@ const EVP_CIPHER *EVP_aes_128_ccm(void);
|
@@ -834,6 +834,7 @@ const EVP_CIPHER *EVP_aes_128_ccm(void);
|
||||||
const EVP_CIPHER *EVP_aes_128_gcm(void);
|
const EVP_CIPHER *EVP_aes_128_gcm(void);
|
||||||
const EVP_CIPHER *EVP_aes_128_xts(void);
|
const EVP_CIPHER *EVP_aes_128_xts(void);
|
||||||
const EVP_CIPHER *EVP_aes_128_wrap(void);
|
const EVP_CIPHER *EVP_aes_128_wrap(void);
|
||||||
@ -211,7 +211,7 @@ diff -up openssl-1.0.2a/crypto/evp/evp.h.wrap openssl-1.0.2a/crypto/evp/evp.h
|
|||||||
const EVP_CIPHER *EVP_aes_192_ecb(void);
|
const EVP_CIPHER *EVP_aes_192_ecb(void);
|
||||||
const EVP_CIPHER *EVP_aes_192_cbc(void);
|
const EVP_CIPHER *EVP_aes_192_cbc(void);
|
||||||
const EVP_CIPHER *EVP_aes_192_cfb1(void);
|
const EVP_CIPHER *EVP_aes_192_cfb1(void);
|
||||||
@@ -843,6 +844,7 @@ const EVP_CIPHER *EVP_aes_192_ctr(void);
|
@@ -845,6 +846,7 @@ const EVP_CIPHER *EVP_aes_192_ctr(void);
|
||||||
const EVP_CIPHER *EVP_aes_192_ccm(void);
|
const EVP_CIPHER *EVP_aes_192_ccm(void);
|
||||||
const EVP_CIPHER *EVP_aes_192_gcm(void);
|
const EVP_CIPHER *EVP_aes_192_gcm(void);
|
||||||
const EVP_CIPHER *EVP_aes_192_wrap(void);
|
const EVP_CIPHER *EVP_aes_192_wrap(void);
|
||||||
@ -219,7 +219,7 @@ diff -up openssl-1.0.2a/crypto/evp/evp.h.wrap openssl-1.0.2a/crypto/evp/evp.h
|
|||||||
const EVP_CIPHER *EVP_aes_256_ecb(void);
|
const EVP_CIPHER *EVP_aes_256_ecb(void);
|
||||||
const EVP_CIPHER *EVP_aes_256_cbc(void);
|
const EVP_CIPHER *EVP_aes_256_cbc(void);
|
||||||
const EVP_CIPHER *EVP_aes_256_cfb1(void);
|
const EVP_CIPHER *EVP_aes_256_cfb1(void);
|
||||||
@@ -855,6 +857,7 @@ const EVP_CIPHER *EVP_aes_256_ccm(void);
|
@@ -857,6 +859,7 @@ const EVP_CIPHER *EVP_aes_256_ccm(void);
|
||||||
const EVP_CIPHER *EVP_aes_256_gcm(void);
|
const EVP_CIPHER *EVP_aes_256_gcm(void);
|
||||||
const EVP_CIPHER *EVP_aes_256_xts(void);
|
const EVP_CIPHER *EVP_aes_256_xts(void);
|
||||||
const EVP_CIPHER *EVP_aes_256_wrap(void);
|
const EVP_CIPHER *EVP_aes_256_wrap(void);
|
||||||
@ -227,9 +227,9 @@ diff -up openssl-1.0.2a/crypto/evp/evp.h.wrap openssl-1.0.2a/crypto/evp/evp.h
|
|||||||
# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
|
# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
|
||||||
const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
|
const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
|
||||||
const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
|
const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
|
||||||
diff -up openssl-1.0.2a/crypto/evp/evptests.txt.wrap openssl-1.0.2a/crypto/evp/evptests.txt
|
diff -up openssl-1.0.2e/crypto/evp/evptests.txt.wrap openssl-1.0.2e/crypto/evp/evptests.txt
|
||||||
--- openssl-1.0.2a/crypto/evp/evptests.txt.wrap 2015-04-22 15:41:47.194848307 +0200
|
--- openssl-1.0.2e/crypto/evp/evptests.txt.wrap 2015-12-03 15:04:23.000000000 +0100
|
||||||
+++ openssl-1.0.2a/crypto/evp/evptests.txt 2015-04-22 16:01:08.174540977 +0200
|
+++ openssl-1.0.2e/crypto/evp/evptests.txt 2015-12-04 13:33:42.191551745 +0100
|
||||||
@@ -399,3 +399,7 @@ id-aes256-wrap:000102030405060708090A0B0
|
@@ -399,3 +399,7 @@ id-aes256-wrap:000102030405060708090A0B0
|
||||||
id-aes192-wrap:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF0001020304050607:031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2
|
id-aes192-wrap:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF0001020304050607:031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2
|
||||||
id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF0001020304050607:A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1
|
id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF0001020304050607:A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1
|
||||||
@ -238,9 +238,9 @@ diff -up openssl-1.0.2a/crypto/evp/evptests.txt.wrap openssl-1.0.2a/crypto/evp/e
|
|||||||
+id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::c37b7e6492584340bed12207808941155068f738:138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a
|
+id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::c37b7e6492584340bed12207808941155068f738:138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a
|
||||||
+id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::466f7250617369:afbeb0f07dfbf5419200f2ccb50bb24f
|
+id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::466f7250617369:afbeb0f07dfbf5419200f2ccb50bb24f
|
||||||
+
|
+
|
||||||
diff -up openssl-1.0.2a/crypto/modes/modes.h.wrap openssl-1.0.2a/crypto/modes/modes.h
|
diff -up openssl-1.0.2e/crypto/modes/modes.h.wrap openssl-1.0.2e/crypto/modes/modes.h
|
||||||
--- openssl-1.0.2a/crypto/modes/modes.h.wrap 2015-04-22 15:41:49.228896997 +0200
|
--- openssl-1.0.2e/crypto/modes/modes.h.wrap 2015-12-04 13:33:41.770541886 +0100
|
||||||
+++ openssl-1.0.2a/crypto/modes/modes.h 2015-04-22 16:03:40.724152855 +0200
|
+++ openssl-1.0.2e/crypto/modes/modes.h 2015-12-04 13:33:42.191551745 +0100
|
||||||
@@ -157,6 +157,12 @@ size_t CRYPTO_128_unwrap(void *key, cons
|
@@ -157,6 +157,12 @@ size_t CRYPTO_128_unwrap(void *key, cons
|
||||||
unsigned char *out,
|
unsigned char *out,
|
||||||
const unsigned char *in, size_t inlen,
|
const unsigned char *in, size_t inlen,
|
||||||
@ -254,9 +254,9 @@ diff -up openssl-1.0.2a/crypto/modes/modes.h.wrap openssl-1.0.2a/crypto/modes/mo
|
|||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
diff -up openssl-1.0.2a/crypto/modes/wrap128.c.wrap openssl-1.0.2a/crypto/modes/wrap128.c
|
diff -up openssl-1.0.2e/crypto/modes/wrap128.c.wrap openssl-1.0.2e/crypto/modes/wrap128.c
|
||||||
--- openssl-1.0.2a/crypto/modes/wrap128.c.wrap 2015-03-19 14:30:36.000000000 +0100
|
--- openssl-1.0.2e/crypto/modes/wrap128.c.wrap 2015-12-03 15:04:23.000000000 +0100
|
||||||
+++ openssl-1.0.2a/crypto/modes/wrap128.c 2015-04-22 16:06:16.798848197 +0200
|
+++ openssl-1.0.2e/crypto/modes/wrap128.c 2015-12-04 13:37:51.486366984 +0100
|
||||||
@@ -2,6 +2,7 @@
|
@@ -2,6 +2,7 @@
|
||||||
/*
|
/*
|
||||||
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||||
@ -312,7 +312,7 @@ diff -up openssl-1.0.2a/crypto/modes/wrap128.c.wrap openssl-1.0.2a/crypto/modes/
|
|||||||
size_t CRYPTO_128_wrap(void *key, const unsigned char *iv,
|
size_t CRYPTO_128_wrap(void *key, const unsigned char *iv,
|
||||||
unsigned char *out,
|
unsigned char *out,
|
||||||
const unsigned char *in, size_t inlen,
|
const unsigned char *in, size_t inlen,
|
||||||
@@ -72,11 +98,11 @@ size_t CRYPTO_128_wrap(void *key, const
|
@@ -72,7 +98,7 @@ size_t CRYPTO_128_wrap(void *key, const
|
||||||
{
|
{
|
||||||
unsigned char *A, B[16], *R;
|
unsigned char *A, B[16], *R;
|
||||||
size_t i, j, t;
|
size_t i, j, t;
|
||||||
@ -321,11 +321,6 @@ diff -up openssl-1.0.2a/crypto/modes/wrap128.c.wrap openssl-1.0.2a/crypto/modes/
|
|||||||
return 0;
|
return 0;
|
||||||
A = B;
|
A = B;
|
||||||
t = 1;
|
t = 1;
|
||||||
- memcpy(out + 8, in, inlen);
|
|
||||||
+ memmove(out + 8, in, inlen);
|
|
||||||
if (!iv)
|
|
||||||
iv = default_iv;
|
|
||||||
|
|
||||||
@@ -100,7 +126,23 @@ size_t CRYPTO_128_wrap(void *key, const
|
@@ -100,7 +126,23 @@ size_t CRYPTO_128_wrap(void *key, const
|
||||||
return inlen + 8;
|
return inlen + 8;
|
||||||
}
|
}
|
||||||
@ -351,15 +346,6 @@ diff -up openssl-1.0.2a/crypto/modes/wrap128.c.wrap openssl-1.0.2a/crypto/modes/
|
|||||||
unsigned char *out,
|
unsigned char *out,
|
||||||
const unsigned char *in, size_t inlen,
|
const unsigned char *in, size_t inlen,
|
||||||
block128_f block)
|
block128_f block)
|
||||||
@@ -113,7 +155,7 @@ size_t CRYPTO_128_unwrap(void *key, cons
|
|
||||||
A = B;
|
|
||||||
t = 6 * (inlen >> 3);
|
|
||||||
memcpy(A, in, 8);
|
|
||||||
- memcpy(out, in + 8, inlen);
|
|
||||||
+ memmove(out, in + 8, inlen);
|
|
||||||
for (j = 0; j < 6; j++) {
|
|
||||||
R = out + inlen - 8;
|
|
||||||
for (i = 0; i < inlen; i += 8, t--, R -= 8) {
|
|
||||||
@@ -128,11 +170,190 @@ size_t CRYPTO_128_unwrap(void *key, cons
|
@@ -128,11 +170,190 @@ size_t CRYPTO_128_unwrap(void *key, cons
|
||||||
memcpy(R, B + 8, 8);
|
memcpy(R, B + 8, 8);
|
||||||
}
|
}
|
26
openssl.spec
26
openssl.spec
@ -22,8 +22,8 @@
|
|||||||
|
|
||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.0.2d
|
Version: 1.0.2e
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -40,7 +40,7 @@ Source11: README.FIPS
|
|||||||
Source12: ec_curve.c
|
Source12: ec_curve.c
|
||||||
Source13: ectest.c
|
Source13: ectest.c
|
||||||
# Build changes
|
# Build changes
|
||||||
Patch1: openssl-1.0.2c-rpmbuild.patch
|
Patch1: openssl-1.0.2e-rpmbuild.patch
|
||||||
Patch2: openssl-1.0.2a-defaults.patch
|
Patch2: openssl-1.0.2a-defaults.patch
|
||||||
Patch4: openssl-1.0.2a-enginesdir.patch
|
Patch4: openssl-1.0.2a-enginesdir.patch
|
||||||
Patch5: openssl-1.0.2a-no-rpath.patch
|
Patch5: openssl-1.0.2a-no-rpath.patch
|
||||||
@ -56,7 +56,7 @@ Patch33: openssl-1.0.0-beta4-ca-dir.patch
|
|||||||
Patch34: openssl-1.0.2a-x509.patch
|
Patch34: openssl-1.0.2a-x509.patch
|
||||||
Patch35: openssl-1.0.2a-version-add-engines.patch
|
Patch35: openssl-1.0.2a-version-add-engines.patch
|
||||||
Patch39: openssl-1.0.2a-ipv6-apps.patch
|
Patch39: openssl-1.0.2a-ipv6-apps.patch
|
||||||
Patch40: openssl-1.0.2c-fips.patch
|
Patch40: openssl-1.0.2e-fips.patch
|
||||||
Patch45: openssl-1.0.2a-env-zlib.patch
|
Patch45: openssl-1.0.2a-env-zlib.patch
|
||||||
Patch47: openssl-1.0.2a-readme-warning.patch
|
Patch47: openssl-1.0.2a-readme-warning.patch
|
||||||
Patch49: openssl-1.0.1i-algo-doc.patch
|
Patch49: openssl-1.0.1i-algo-doc.patch
|
||||||
@ -83,10 +83,9 @@ Patch92: openssl-1.0.2a-system-cipherlist.patch
|
|||||||
Patch93: openssl-1.0.2a-disable-sslv2v3.patch
|
Patch93: openssl-1.0.2a-disable-sslv2v3.patch
|
||||||
Patch94: openssl-1.0.2d-secp256k1.patch
|
Patch94: openssl-1.0.2d-secp256k1.patch
|
||||||
# Backported fixes including security fixes
|
# Backported fixes including security fixes
|
||||||
Patch80: openssl-1.0.2a-wrap-pad.patch
|
Patch80: openssl-1.0.2e-wrap-pad.patch
|
||||||
Patch81: openssl-1.0.2a-padlock64.patch
|
Patch81: openssl-1.0.2a-padlock64.patch
|
||||||
Patch82: openssl-1.0.2c-trusted-first-doc.patch
|
Patch82: openssl-1.0.2c-trusted-first-doc.patch
|
||||||
Patch83: openssl-1.0.2d-amd-sigill.patch
|
|
||||||
|
|
||||||
License: OpenSSL
|
License: OpenSSL
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
@ -208,7 +207,6 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
|
|||||||
%patch80 -p1 -b .wrap
|
%patch80 -p1 -b .wrap
|
||||||
%patch81 -p1 -b .padlock64
|
%patch81 -p1 -b .padlock64
|
||||||
%patch82 -p1 -b .trusted-first
|
%patch82 -p1 -b .trusted-first
|
||||||
%patch83 -p1 -b .sigill
|
|
||||||
|
|
||||||
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
|
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
|
||||||
|
|
||||||
@ -270,7 +268,8 @@ sslarch="linux-ppc64le"
|
|||||||
--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
|
--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
|
||||||
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
|
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
|
||||||
zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
|
zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
|
||||||
enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-gost no-srp \
|
enable-cms enable-md2 enable-ec_nistp_64_gcc_128 \
|
||||||
|
no-mdc2 no-rc5 no-ec2m no-gost no-srp \
|
||||||
--with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
|
--with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
|
||||||
--with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}
|
--with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}
|
||||||
|
|
||||||
@ -288,6 +287,11 @@ make rehash
|
|||||||
# Overwrite FIPS README
|
# Overwrite FIPS README
|
||||||
cp -f %{SOURCE11} .
|
cp -f %{SOURCE11} .
|
||||||
|
|
||||||
|
# Clean up the .pc files
|
||||||
|
for i in libcrypto.pc libssl.pc openssl.pc ; do
|
||||||
|
sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i
|
||||||
|
done
|
||||||
|
|
||||||
%check
|
%check
|
||||||
# Verify that what was compiled actually works.
|
# Verify that what was compiled actually works.
|
||||||
|
|
||||||
@ -479,6 +483,12 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
|||||||
%postun libs -p /sbin/ldconfig
|
%postun libs -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Dec 4 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.2e-1
|
||||||
|
- minor upstream release 1.0.2e fixing moderate severity security issues
|
||||||
|
- enable fast assembler implementation for NIST P-256 and P-521
|
||||||
|
elliptic curves (#1164210)
|
||||||
|
- filter out unwanted link options from the .pc files (#1257836)
|
||||||
|
|
||||||
* Mon Nov 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.2d-3
|
* Mon Nov 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.2d-3
|
||||||
- fix sigill on some AMD CPUs (#1278194)
|
- fix sigill on some AMD CPUs (#1278194)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user