From 83d99a68af4dfed0bc8c4c651375331b7de75502 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 8 Nov 2013 18:16:49 +0100 Subject: [PATCH] add back support for secp521r1 EC curve - add aarch64 to Configure (#969692) --- ec_curve.c | 55 ++++++++++++++++++++++++ openssl-1.0.1-beta2-rpmbuild.patch | 7 ++-- openssl-1.0.1e-ecc-suiteb.patch | 32 +++++++------- openssl-1.0.1e-fips-ec.patch | 67 ++++++++++++++---------------- openssl.spec | 6 ++- 5 files changed, 111 insertions(+), 56 deletions(-) diff --git a/ec_curve.c b/ec_curve.c index 0690f8b..0c287bf 100644 --- a/ec_curve.c +++ b/ec_curve.c @@ -120,6 +120,56 @@ static const struct { EC_CURVE_DATA h; unsigned char data[20+48*6]; } 0xEC,0xEC,0x19,0x6A,0xCC,0xC5,0x29,0x73 } }; +static const struct { EC_CURVE_DATA h; unsigned char data[20+66*6]; } + _EC_NIST_PRIME_521 = { + { NID_X9_62_prime_field,20,66,1 }, + { 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC, /* seed */ + 0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA, + + 0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFC, + 0x00,0x51,0x95,0x3E,0xB9,0x61,0x8E,0x1C,0x9A,0x1F, /* b */ + 0x92,0x9A,0x21,0xA0,0xB6,0x85,0x40,0xEE,0xA2,0xDA, + 0x72,0x5B,0x99,0xB3,0x15,0xF3,0xB8,0xB4,0x89,0x91, + 0x8E,0xF1,0x09,0xE1,0x56,0x19,0x39,0x51,0xEC,0x7E, + 0x93,0x7B,0x16,0x52,0xC0,0xBD,0x3B,0xB1,0xBF,0x07, + 0x35,0x73,0xDF,0x88,0x3D,0x2C,0x34,0xF1,0xEF,0x45, + 0x1F,0xD4,0x6B,0x50,0x3F,0x00, + 0x00,0xC6,0x85,0x8E,0x06,0xB7,0x04,0x04,0xE9,0xCD, /* x */ + 0x9E,0x3E,0xCB,0x66,0x23,0x95,0xB4,0x42,0x9C,0x64, + 0x81,0x39,0x05,0x3F,0xB5,0x21,0xF8,0x28,0xAF,0x60, + 0x6B,0x4D,0x3D,0xBA,0xA1,0x4B,0x5E,0x77,0xEF,0xE7, + 0x59,0x28,0xFE,0x1D,0xC1,0x27,0xA2,0xFF,0xA8,0xDE, + 0x33,0x48,0xB3,0xC1,0x85,0x6A,0x42,0x9B,0xF9,0x7E, + 0x7E,0x31,0xC2,0xE5,0xBD,0x66, + 0x01,0x18,0x39,0x29,0x6a,0x78,0x9a,0x3b,0xc0,0x04, /* y */ + 0x5c,0x8a,0x5f,0xb4,0x2c,0x7d,0x1b,0xd9,0x98,0xf5, + 0x44,0x49,0x57,0x9b,0x44,0x68,0x17,0xaf,0xbd,0x17, + 0x27,0x3e,0x66,0x2c,0x97,0xee,0x72,0x99,0x5e,0xf4, + 0x26,0x40,0xc5,0x50,0xb9,0x01,0x3f,0xad,0x07,0x61, + 0x35,0x3c,0x70,0x86,0xa2,0x72,0xc2,0x40,0x88,0xbe, + 0x94,0x76,0x9f,0xd1,0x66,0x50, + 0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFA,0x51,0x86,0x87,0x83,0xBF,0x2F, + 0x96,0x6B,0x7F,0xCC,0x01,0x48,0xF7,0x09,0xA5,0xD0, + 0x3B,0xB5,0xC9,0xB8,0x89,0x9C,0x47,0xAE,0xBB,0x6F, + 0xB7,0x1E,0x91,0x38,0x64,0x09 } + }; + static const struct { EC_CURVE_DATA h; unsigned char data[20+32*6]; } _EC_X9_62_PRIME_256V1 = { { NID_X9_62_prime_field,20,32,1 }, @@ -164,6 +214,11 @@ static const ec_list_element curve_list[] = { /* secg curves */ /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ { NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, "NIST/SECG curve over a 384 bit prime field" }, +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + { NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method, "NIST/SECG curve over a 521 bit prime field" }, +#else + { NID_secp521r1, &_EC_NIST_PRIME_521.h, 0, "NIST/SECG curve over a 521 bit prime field" }, +#endif #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, EC_GFp_nistp256_method, "X9.62/SECG curve over a 256 bit prime field" }, #else diff --git a/openssl-1.0.1-beta2-rpmbuild.patch b/openssl-1.0.1-beta2-rpmbuild.patch index bca5613..a4bb691 100644 --- a/openssl-1.0.1-beta2-rpmbuild.patch +++ b/openssl-1.0.1-beta2-rpmbuild.patch @@ -34,7 +34,7 @@ diff -up openssl-1.0.1-beta2/Configure.rpmbuild openssl-1.0.1-beta2/Configure #### So called "highgprs" target for z/Architecture CPUs # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see # /proc/cpuinfo. The idea is to preserve most significant bits of -@@ -373,16 +373,16 @@ my %table=( +@@ -373,16 +373,17 @@ my %table=( # ldconfig and run-time linker to autodiscover. Unfortunately it # doesn't work just yet, because of couple of bugs in glibc # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... @@ -52,10 +52,11 @@ diff -up openssl-1.0.1-beta2/Configure.rpmbuild openssl-1.0.1-beta2/Configure # GCC 3.1 is a requirement -"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", ++"linux-aarch64","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", #### Alpha Linux with GNU C and Compaq C setups # Special notes: # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you -@@ -396,8 +396,8 @@ my %table=( +@@ -396,8 +397,8 @@ my %table=( # # # @@ -66,7 +67,7 @@ diff -up openssl-1.0.1-beta2/Configure.rpmbuild openssl-1.0.1-beta2/Configure "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -@@ -1678,7 +1678,7 @@ while () +@@ -1678,7 +1679,7 @@ while () elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) { my $sotmp = $1; diff --git a/openssl-1.0.1e-ecc-suiteb.patch b/openssl-1.0.1e-ecc-suiteb.patch index 95b192a..dc87b00 100644 --- a/openssl-1.0.1e-ecc-suiteb.patch +++ b/openssl-1.0.1e-ecc-suiteb.patch @@ -1,7 +1,7 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c ---- openssl-1.0.1e/apps/speed.c.suiteb 2013-10-18 17:38:22.288870517 +0200 -+++ openssl-1.0.1e/apps/speed.c 2013-10-18 17:38:22.336871572 +0200 -@@ -966,49 +966,21 @@ int MAIN(int argc, char **argv) +--- openssl-1.0.1e/apps/speed.c.suiteb 2013-11-08 18:02:53.815229706 +0100 ++++ openssl-1.0.1e/apps/speed.c 2013-11-08 18:04:47.016724297 +0100 +@@ -966,49 +966,23 @@ int MAIN(int argc, char **argv) else #endif #ifndef OPENSSL_NO_ECDSA @@ -11,7 +11,7 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c - else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2; + if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2; else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2; -- else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2; + else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2; - else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2; - else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2; - else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2; @@ -25,7 +25,7 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c else if (strcmp(*argv,"ecdsa") == 0) { - for (i=0; i < EC_NUM; i++) -+ for (i=R_EC_P256; i <= R_EC_P384; i++) ++ for (i=R_EC_P256; i <= R_EC_P521; i++) ecdsa_doit[i]=1; } else @@ -37,7 +37,7 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c - else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2; + if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2; else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2; -- else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2; + else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2; - else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2; - else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2; - else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2; @@ -51,52 +51,52 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c else if (strcmp(*argv,"ecdh") == 0) { - for (i=0; i < EC_NUM; i++) -+ for (i=R_EC_P256; i <= R_EC_P384; i++) ++ for (i=R_EC_P256; i <= R_EC_P521; i++) ecdh_doit[i]=1; } else -@@ -1097,15 +1069,11 @@ int MAIN(int argc, char **argv) +@@ -1097,15 +1071,11 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n"); #endif #ifndef OPENSSL_NO_ECDSA - BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n"); - BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n"); - BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n"); -+ BIO_printf(bio_err,"ecdsap256 ecdsap384\n"); ++ BIO_printf(bio_err,"ecdsap256 ecdsap384 ecdsap521\n"); BIO_printf(bio_err,"ecdsa\n"); #endif #ifndef OPENSSL_NO_ECDH - BIO_printf(bio_err,"ecdhp160 ecdhp192 ecdhp224 ecdhp256 ecdhp384 ecdhp521\n"); - BIO_printf(bio_err,"ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n"); - BIO_printf(bio_err,"ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n"); -+ BIO_printf(bio_err,"ecdhp256 ecdhp384\n"); ++ BIO_printf(bio_err,"ecdhp256 ecdhp384 ecdhp521\n"); BIO_printf(bio_err,"ecdh\n"); #endif -@@ -1184,11 +1152,11 @@ int MAIN(int argc, char **argv) +@@ -1184,11 +1154,11 @@ int MAIN(int argc, char **argv) if (!FIPS_mode() || i != R_DSA_512) dsa_doit[i]=1; #ifndef OPENSSL_NO_ECDSA - for (i=0; i #include @@ -106,7 +101,7 @@ diff -up openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1e/crypto/ecd ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); diff -up openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecdsatest.c --- openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ecdsa/ecdsatest.c 2013-05-03 12:19:59.976317311 +0200 ++++ openssl-1.0.1e/crypto/ecdsa/ecdsatest.c 2013-11-08 17:59:43.148028024 +0100 @@ -138,11 +138,14 @@ int restore_rand(void) } @@ -144,7 +139,7 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1e/crypto/e ret = 0; diff -up openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_lib.c --- openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ecdsa/ecs_lib.c 2013-05-03 12:19:59.977317333 +0200 ++++ openssl-1.0.1e/crypto/ecdsa/ecs_lib.c 2013-11-08 17:59:43.148028024 +0100 @@ -81,14 +81,7 @@ const ECDSA_METHOD *ECDSA_get_default_me { if(!default_ECDSA_method) @@ -162,7 +157,7 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1e/crypto/ecd } diff -up openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c --- openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c 2013-05-03 12:19:59.977317333 +0200 ++++ openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c 2013-11-08 17:59:43.148028024 +0100 @@ -60,6 +60,9 @@ #include #include @@ -214,7 +209,7 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1e/crypto/ec (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) diff -up openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec openssl-1.0.1e/crypto/ec/ec_key.c --- openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ec/ec_key.c 2013-05-03 12:19:59.978317354 +0200 ++++ openssl-1.0.1e/crypto/ec/ec_key.c 2013-11-08 17:59:43.148028024 +0100 @@ -64,9 +64,6 @@ #include #include "ec_lcl.h" @@ -313,7 +308,7 @@ diff -up openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec openssl-1.0.1e/crypto/ec/ec_k EC_R_COORDINATES_OUT_OF_RANGE); diff -up openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_mont.c --- openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ec/ecp_mont.c 2013-05-03 12:19:59.978317354 +0200 ++++ openssl-1.0.1e/crypto/ec/ecp_mont.c 2013-11-08 17:59:43.149028046 +0100 @@ -63,18 +63,11 @@ #include @@ -343,7 +338,7 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1e/crypto/ec/ec diff -up openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_nist.c --- openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ec/ecp_nist.c 2013-05-03 12:19:59.978317354 +0200 ++++ openssl-1.0.1e/crypto/ec/ecp_nist.c 2013-11-08 17:59:43.149028046 +0100 @@ -67,15 +67,8 @@ #include #include "ec_lcl.h" @@ -370,7 +365,7 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1e/crypto/ec/ec int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_smpl.c --- openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/ec/ecp_smpl.c 2013-05-03 12:19:59.979317376 +0200 ++++ openssl-1.0.1e/crypto/ec/ecp_smpl.c 2013-11-08 17:59:43.149028046 +0100 @@ -65,17 +65,10 @@ #include #include @@ -412,7 +407,7 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ec ctx = new_ctx = BN_CTX_new(); diff -up openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1e/crypto/evp/m_ecdsa.c --- openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/evp/m_ecdsa.c 2013-05-03 12:19:59.979317376 +0200 ++++ openssl-1.0.1e/crypto/evp/m_ecdsa.c 2013-11-08 17:59:43.149028046 +0100 @@ -116,7 +116,6 @@ #include @@ -436,8 +431,8 @@ diff -up openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1e/crypto/evp/m #endif -#endif diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c ---- openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec 2013-05-03 12:19:59.980317397 +0200 -+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c 2013-05-03 12:19:59.980317397 +0200 +--- openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec 2013-11-08 17:59:43.149028046 +0100 ++++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c 2013-11-08 17:59:43.149028046 +0100 @@ -0,0 +1,496 @@ +/* fips/ecdh/fips_ecdhvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -936,8 +931,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1e/cr + +#endif diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c ---- openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec 2013-05-03 12:19:59.980317397 +0200 -+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c 2013-05-03 12:19:59.980317397 +0200 +--- openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec 2013-11-08 17:59:43.150028068 +0100 ++++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c 2013-11-08 17:59:43.150028068 +0100 @@ -0,0 +1,533 @@ +/* fips/ecdsa/fips_ecdsavs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -1473,8 +1468,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1e/c + +#endif diff -up openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c ---- openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec 2013-05-03 12:19:59.981317418 +0200 -+++ openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c 2013-05-03 12:19:59.981317418 +0200 +--- openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec 2013-11-08 17:59:43.150028068 +0100 ++++ openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c 2013-11-08 17:59:43.150028068 +0100 @@ -0,0 +1,252 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -1729,8 +1724,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1e/ + +#endif diff -up openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c ---- openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec 2013-05-03 12:19:59.981317418 +0200 -+++ openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c 2013-05-03 12:19:59.981317418 +0200 +--- openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec 2013-11-08 17:59:43.150028068 +0100 ++++ openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c 2013-11-08 17:59:43.150028068 +0100 @@ -0,0 +1,167 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -1900,8 +1895,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1e + +#endif diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ec openssl-1.0.1e/crypto/fips/fips.h ---- openssl-1.0.1e/crypto/fips/fips.h.fips-ec 2013-05-03 12:19:59.942316578 +0200 -+++ openssl-1.0.1e/crypto/fips/fips.h 2013-05-03 12:19:59.981317418 +0200 +--- openssl-1.0.1e/crypto/fips/fips.h.fips-ec 2013-11-08 17:59:43.116027318 +0100 ++++ openssl-1.0.1e/crypto/fips/fips.h 2013-11-08 17:59:43.150028068 +0100 @@ -93,6 +93,8 @@ int FIPS_selftest_rsa(void); void FIPS_corrupt_dsa(void); void FIPS_corrupt_dsa_keygen(void); @@ -1912,8 +1907,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ec openssl-1.0.1e/crypto/fips/fi void FIPS_rng_stick(void); void FIPS_x931_stick(int onoff); diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec openssl-1.0.1e/crypto/fips/fips_post.c ---- openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec 2013-05-03 12:19:59.942316578 +0200 -+++ openssl-1.0.1e/crypto/fips/fips_post.c 2013-05-03 12:19:59.982317439 +0200 +--- openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec 2013-11-08 17:59:43.117027340 +0100 ++++ openssl-1.0.1e/crypto/fips/fips_post.c 2013-11-08 17:59:43.150028068 +0100 @@ -95,8 +95,12 @@ int FIPS_selftest(void) rv = 0; if (!FIPS_selftest_rsa()) @@ -1928,8 +1923,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec openssl-1.0.1e/crypto/fi } diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/Makefile ---- openssl-1.0.1e/crypto/fips/Makefile.fips-ec 2013-05-03 12:19:59.945316642 +0200 -+++ openssl-1.0.1e/crypto/fips/Makefile 2013-05-03 12:20:12.173579845 +0200 +--- openssl-1.0.1e/crypto/fips/Makefile.fips-ec 2013-11-08 17:59:43.119027384 +0100 ++++ openssl-1.0.1e/crypto/fips/Makefile 2013-11-08 17:59:43.151028090 +0100 @@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ @@ -2032,9 +2027,9 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/ fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h diff -up openssl-1.0.1e/version.map.fips-ec openssl-1.0.1e/version.map ---- openssl-1.0.1e/version.map.fips-ec 2013-05-03 12:19:59.000000000 +0200 -+++ openssl-1.0.1e/version.map 2013-05-09 11:11:08.022300608 +0200 -@@ -5,3 +5,7 @@ OPENSSL_1.0.1 { +--- openssl-1.0.1e/version.map.fips-ec 2013-11-08 17:59:43.131027649 +0100 ++++ openssl-1.0.1e/version.map 2013-11-08 17:59:43.151028090 +0100 +@@ -6,3 +6,7 @@ OPENSSL_1.0.1 { _original*; _current*; }; diff --git a/openssl.spec b/openssl.spec index 7e07179..b1a0022 100644 --- a/openssl.spec +++ b/openssl.spec @@ -21,7 +21,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.1e -Release: 30%{?dist} +Release: 31%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -456,6 +456,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun libs -p /sbin/ldconfig %changelog +* Fri Nov 8 2013 Tomáš Mráz 1.0.1e-31 +- add back support for secp521r1 EC curve +- add aarch64 to Configure (#969692) + * Tue Oct 29 2013 Tomáš Mráz 1.0.1e-30 - fix misdetection of RDRAND support on Cyrix CPUS (from upstream) (#1022346)