update to the final 1.1.1 version
This commit is contained in:
parent
90121b0c9d
commit
a4bf4e1b65
@ -1,8 +1,40 @@
|
||||
diff -up openssl-1.1.1-pre8/apps/speed.c.curves openssl-1.1.1-pre8/apps/speed.c
|
||||
--- openssl-1.1.1-pre8/apps/speed.c.curves 2018-07-17 08:48:56.106625020 +0200
|
||||
+++ openssl-1.1.1-pre8/apps/speed.c 2018-07-17 08:50:07.526521809 +0200
|
||||
@@ -511,56 +511,20 @@ static double rsa_results[RSA_NUM][2];
|
||||
#define R_EC_X448 23
|
||||
diff -up openssl-1.1.1/apps/speed.c.curves openssl-1.1.1/apps/speed.c
|
||||
--- openssl-1.1.1/apps/speed.c.curves 2018-09-11 14:48:20.000000000 +0200
|
||||
+++ openssl-1.1.1/apps/speed.c 2018-09-13 09:24:24.840081023 +0200
|
||||
@@ -489,82 +489,28 @@ static const OPT_PAIR rsa_choices[] = {
|
||||
static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
|
||||
#endif /* OPENSSL_NO_RSA */
|
||||
|
||||
-#define R_EC_P160 0
|
||||
-#define R_EC_P192 1
|
||||
-#define R_EC_P224 2
|
||||
-#define R_EC_P256 3
|
||||
-#define R_EC_P384 4
|
||||
-#define R_EC_P521 5
|
||||
-#define R_EC_K163 6
|
||||
-#define R_EC_K233 7
|
||||
-#define R_EC_K283 8
|
||||
-#define R_EC_K409 9
|
||||
-#define R_EC_K571 10
|
||||
-#define R_EC_B163 11
|
||||
-#define R_EC_B233 12
|
||||
-#define R_EC_B283 13
|
||||
-#define R_EC_B409 14
|
||||
-#define R_EC_B571 15
|
||||
-#define R_EC_BRP256R1 16
|
||||
-#define R_EC_BRP256T1 17
|
||||
-#define R_EC_BRP384R1 18
|
||||
-#define R_EC_BRP384T1 19
|
||||
-#define R_EC_BRP512R1 20
|
||||
-#define R_EC_BRP512T1 21
|
||||
-#define R_EC_X25519 22
|
||||
-#define R_EC_X448 23
|
||||
+#define R_EC_P224 0
|
||||
+#define R_EC_P256 1
|
||||
+#define R_EC_P384 2
|
||||
+#define R_EC_P521 3
|
||||
+#define R_EC_X25519 4
|
||||
+#define R_EC_X448 5
|
||||
#ifndef OPENSSL_NO_EC
|
||||
static OPT_PAIR ecdsa_choices[] = {
|
||||
- {"ecdsap160", R_EC_P160},
|
||||
@ -58,10 +90,90 @@ diff -up openssl-1.1.1-pre8/apps/speed.c.curves openssl-1.1.1-pre8/apps/speed.c
|
||||
{"ecdhx25519", R_EC_X25519},
|
||||
{"ecdhx448", R_EC_X448}
|
||||
};
|
||||
diff -up openssl-1.1.1-pre8/crypto/ec/ecp_smpl.c.curves openssl-1.1.1-pre8/crypto/ec/ecp_smpl.c
|
||||
--- openssl-1.1.1-pre8/crypto/ec/ecp_smpl.c.curves 2018-06-20 16:48:10.000000000 +0200
|
||||
+++ openssl-1.1.1-pre8/crypto/ec/ecp_smpl.c 2018-07-17 08:48:56.107625044 +0200
|
||||
@@ -141,6 +141,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
|
||||
@@ -1495,29 +1441,10 @@ int speed_main(int argc, char **argv)
|
||||
unsigned int bits;
|
||||
} test_curves[] = {
|
||||
/* Prime Curves */
|
||||
- {"secp160r1", NID_secp160r1, 160},
|
||||
- {"nistp192", NID_X9_62_prime192v1, 192},
|
||||
{"nistp224", NID_secp224r1, 224},
|
||||
{"nistp256", NID_X9_62_prime256v1, 256},
|
||||
{"nistp384", NID_secp384r1, 384},
|
||||
{"nistp521", NID_secp521r1, 521},
|
||||
- /* Binary Curves */
|
||||
- {"nistk163", NID_sect163k1, 163},
|
||||
- {"nistk233", NID_sect233k1, 233},
|
||||
- {"nistk283", NID_sect283k1, 283},
|
||||
- {"nistk409", NID_sect409k1, 409},
|
||||
- {"nistk571", NID_sect571k1, 571},
|
||||
- {"nistb163", NID_sect163r2, 163},
|
||||
- {"nistb233", NID_sect233r1, 233},
|
||||
- {"nistb283", NID_sect283r1, 283},
|
||||
- {"nistb409", NID_sect409r1, 409},
|
||||
- {"nistb571", NID_sect571r1, 571},
|
||||
- {"brainpoolP256r1", NID_brainpoolP256r1, 256},
|
||||
- {"brainpoolP256t1", NID_brainpoolP256t1, 256},
|
||||
- {"brainpoolP384r1", NID_brainpoolP384r1, 384},
|
||||
- {"brainpoolP384t1", NID_brainpoolP384t1, 384},
|
||||
- {"brainpoolP512r1", NID_brainpoolP512r1, 512},
|
||||
- {"brainpoolP512t1", NID_brainpoolP512t1, 512},
|
||||
/* Other and ECDH only ones */
|
||||
{"X25519", NID_X25519, 253},
|
||||
{"X448", NID_X448, 448}
|
||||
@@ -2017,9 +1944,9 @@ int speed_main(int argc, char **argv)
|
||||
# endif
|
||||
|
||||
# ifndef OPENSSL_NO_EC
|
||||
- ecdsa_c[R_EC_P160][0] = count / 1000;
|
||||
- ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
|
||||
- for (i = R_EC_P192; i <= R_EC_P521; i++) {
|
||||
+ ecdsa_c[R_EC_P224][0] = count / 1000;
|
||||
+ ecdsa_c[R_EC_P224][1] = count / 1000 / 2;
|
||||
+ for (i = R_EC_P256; i <= R_EC_P521; i++) {
|
||||
ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
|
||||
ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
|
||||
if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
|
||||
@@ -2031,6 +1958,7 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
}
|
||||
+#if 0
|
||||
ecdsa_c[R_EC_K163][0] = count / 1000;
|
||||
ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
|
||||
for (i = R_EC_K233; i <= R_EC_K571; i++) {
|
||||
@@ -2059,9 +1987,9 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
}
|
||||
-
|
||||
- ecdh_c[R_EC_P160][0] = count / 1000;
|
||||
- for (i = R_EC_P192; i <= R_EC_P521; i++) {
|
||||
+#endif
|
||||
+ ecdh_c[R_EC_P224][0] = count / 1000;
|
||||
+ for (i = R_EC_P256; i <= R_EC_P521; i++) {
|
||||
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
|
||||
if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
|
||||
ecdh_doit[i] = 0;
|
||||
@@ -2071,6 +1999,7 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
}
|
||||
+#if 0
|
||||
ecdh_c[R_EC_K163][0] = count / 1000;
|
||||
for (i = R_EC_K233; i <= R_EC_K571; i++) {
|
||||
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
|
||||
@@ -2116,6 +2045,7 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
}
|
||||
+#endif
|
||||
/* default iteration count for the last two EC Curves */
|
||||
ecdh_c[R_EC_X25519][0] = count / 1800;
|
||||
ecdh_c[R_EC_X448][0] = count / 7200;
|
||||
diff -up openssl-1.1.1/crypto/ec/ecp_smpl.c.curves openssl-1.1.1/crypto/ec/ecp_smpl.c
|
||||
--- openssl-1.1.1/crypto/ec/ecp_smpl.c.curves 2018-09-11 14:48:21.000000000 +0200
|
||||
+++ openssl-1.1.1/crypto/ec/ecp_smpl.c 2018-09-13 09:09:26.841792619 +0200
|
||||
@@ -144,6 +144,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -73,9 +185,9 @@ diff -up openssl-1.1.1-pre8/crypto/ec/ecp_smpl.c.curves openssl-1.1.1-pre8/crypt
|
||||
if (ctx == NULL) {
|
||||
ctx = new_ctx = BN_CTX_new();
|
||||
if (ctx == NULL)
|
||||
diff -up openssl-1.1.1-pre8/test/ecdsatest.c.curves openssl-1.1.1-pre8/test/ecdsatest.c
|
||||
--- openssl-1.1.1-pre8/test/ecdsatest.c.curves 2018-06-20 16:48:14.000000000 +0200
|
||||
+++ openssl-1.1.1-pre8/test/ecdsatest.c 2018-07-17 08:48:56.107625044 +0200
|
||||
diff -up openssl-1.1.1/test/ecdsatest.c.curves openssl-1.1.1/test/ecdsatest.c
|
||||
--- openssl-1.1.1/test/ecdsatest.c.curves 2018-09-11 14:48:24.000000000 +0200
|
||||
+++ openssl-1.1.1/test/ecdsatest.c 2018-09-13 09:09:26.841792619 +0200
|
||||
@@ -173,6 +173,7 @@ static int x9_62_tests(void)
|
||||
if (!change_rand())
|
||||
goto x962_err;
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,13 +0,0 @@
|
||||
diff -up openssl-1.1.1-pre9/crypto/rand/rand_lib.c.rand-cleanup openssl-1.1.1-pre9/crypto/rand/rand_lib.c
|
||||
--- openssl-1.1.1-pre9/crypto/rand/rand_lib.c.rand-cleanup 2018-09-06 08:18:19.481566808 +0200
|
||||
+++ openssl-1.1.1-pre9/crypto/rand/rand_lib.c 2018-09-06 13:28:32.531777065 +0200
|
||||
@@ -353,7 +353,8 @@ void rand_cleanup_int(void)
|
||||
if (meth != NULL && meth->cleanup != NULL)
|
||||
meth->cleanup();
|
||||
rand_pool_cleanup();
|
||||
- RAND_set_rand_method(NULL);
|
||||
+ if (meth != NULL)
|
||||
+ RAND_set_rand_method(NULL);
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
CRYPTO_THREAD_lock_free(rand_engine_lock);
|
||||
rand_engine_lock = NULL;
|
@ -1,14 +0,0 @@
|
||||
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
|
||||
index df5cff79c9..e740a8c25d 100644
|
||||
--- a/ssl/ssl_cert.c
|
||||
+++ b/ssl/ssl_cert.c
|
||||
@@ -947,7 +947,8 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
|
||||
if (level >= 2 && c->algorithm_enc == SSL_RC4)
|
||||
return 0;
|
||||
/* Level 3: forward secure ciphersuites only */
|
||||
- if (level >= 3 && !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))
|
||||
+ if (level >= 3 && (c->min_tls != TLS1_3_VERSION ||
|
||||
+ !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))))
|
||||
return 0;
|
||||
break;
|
||||
}
|
@ -1,14 +1,12 @@
|
||||
diff -up openssl-1.1.1-pre9/include/openssl/opensslv.h.version-override openssl-1.1.1-pre9/include/openssl/opensslv.h
|
||||
--- openssl-1.1.1-pre9/include/openssl/opensslv.h.version-override 2018-08-22 12:25:31.959886929 +0200
|
||||
+++ openssl-1.1.1-pre9/include/openssl/opensslv.h 2018-08-22 12:26:17.997014595 +0200
|
||||
@@ -39,8 +39,8 @@ extern "C" {
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
diff -up openssl-1.1.1/include/openssl/opensslv.h.version-override openssl-1.1.1/include/openssl/opensslv.h
|
||||
--- openssl-1.1.1/include/openssl/opensslv.h.version-override 2018-09-13 08:54:38.247940128 +0200
|
||||
+++ openssl-1.1.1/include/openssl/opensslv.h 2018-09-13 08:56:10.757779555 +0200
|
||||
@@ -40,7 +40,7 @@ extern "C" {
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
-# define OPENSSL_VERSION_NUMBER 0x10101009L
|
||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1-pre9 (beta) 21 Aug 2018"
|
||||
+# define OPENSSL_VERSION_NUMBER 0x1010100fL
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1-pre9 (beta) FIPS 21 Aug 2018"
|
||||
# define OPENSSL_VERSION_NUMBER 0x1010100fL
|
||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1 11 Sep 2018"
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1 FIPS 11 Sep 2018"
|
||||
|
||||
/*-
|
||||
* The macros below are to be used for shared library (.so, .dll, ...)
|
||||
|
15
openssl.spec
15
openssl.spec
@ -19,17 +19,15 @@
|
||||
|
||||
%global _performance_build 1
|
||||
|
||||
%global prerelease pre9
|
||||
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.1.1
|
||||
Release: 0.%{prerelease}.3%{?dist}
|
||||
Release: 1%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
# The original openssl upstream tarball cannot be shipped in the .src.rpm.
|
||||
Source: openssl-%{version}-%{prerelease}-hobbled.tar.xz
|
||||
Source: openssl-%{version}-hobbled.tar.xz
|
||||
Source1: hobble-openssl
|
||||
Source2: Makefile.certificate
|
||||
Source6: make-dummy-cert
|
||||
@ -59,9 +57,7 @@ Patch42: openssl-1.1.1-fips.patch
|
||||
Patch43: openssl-1.1.1-ignore-bound.patch
|
||||
Patch44: openssl-1.1.1-version-override.patch
|
||||
Patch45: openssl-1.1.0-weak-ciphers.patch
|
||||
Patch46: openssl-1.1.1-rand-cleanup.patch
|
||||
# Backported fixes including security fixes
|
||||
Patch70: openssl-1.1.1-seclevel-check.patch
|
||||
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
@ -135,7 +131,7 @@ package provides Perl scripts for converting certificates and keys
|
||||
from other formats to the formats used by the OpenSSL toolkit.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}-%{prerelease}
|
||||
%setup -q -n %{name}-%{version}
|
||||
|
||||
# The hobble_openssl is called here redundantly, just to be sure.
|
||||
# The tarball has already the sources removed.
|
||||
@ -163,9 +159,7 @@ cp %{SOURCE13} test/
|
||||
%patch43 -p1 -b .ignore-bound
|
||||
%patch44 -p1 -b .version-override
|
||||
%patch45 -p1 -b .weak-ciphers
|
||||
%patch46 -p1 -b .rand-cleanup
|
||||
|
||||
%patch70 -p1 -b .seclevel-check
|
||||
|
||||
%build
|
||||
# Figure out which flags we want to use.
|
||||
@ -453,6 +447,9 @@ export LD_LIBRARY_PATH
|
||||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Thu Sep 13 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-1
|
||||
- update to the final 1.1.1 version
|
||||
|
||||
* Thu Sep 6 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-0.pre9.3
|
||||
- do not try to initialize RNG in cleanup if it was not initialized
|
||||
before (#1624554)
|
||||
|
Loading…
Reference in New Issue
Block a user