enable secp256k1

openssl-1.0.1k-secp256k1.patch

@@ -0,0 +1,59 @@
+diff -up openssl-1.0.1k/crypto/ec/ec_curve.c.secp256k1 openssl-1.0.1k/crypto/ec/ec_curve.c
+--- openssl-1.0.1k/crypto/ec/ec_curve.c.secp256k1	2015-08-13 07:47:37.890966462 -0400
++++ openssl-1.0.1k/crypto/ec/ec_curve.c	2015-08-13 08:01:31.697866786 -0400
+@@ -82,6 +82,36 @@ typedef struct {
+ 	unsigned int cofactor;	/* promoted to BN_ULONG */
+ } EC_CURVE_DATA;
+ 
++static const struct { EC_CURVE_DATA h; unsigned char data[0+32*6]; }
++	_EC_SECG_PRIME_256K1 = {
++	{ NID_X9_62_prime_field,0,32,1 },
++	{							/* no seed */
++	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
++	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
++	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,
++	  0xFC,0x2F,
++	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
++	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
++	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
++	  0x00,0x00,
++	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* b */
++	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    
++	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
++	  0x00,0x07,
++	  0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0,	/* x */
++	  0x62,0x95,0xCE,0x87,0x0B,0x07,0x02,0x9B,0xFC,0xDB,
++	  0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8,
++	  0x17,0x98,
++	  0x48,0x3a,0xda,0x77,0x26,0xa3,0xc4,0x65,0x5d,0xa4,	/* y */
++	  0xfb,0xfc,0x0e,0x11,0x08,0xa8,0xfd,0x17,0xb4,0x48,
++	  0xa6,0x85,0x54,0x19,0x9c,0x47,0xd0,0x8f,0xfb,0x10,
++	  0xd4,0xb8,
++	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
++	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,
++	  0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E,0x8C,0xD0,0x36,
++	  0x41,0x41 }
++	};
++
+ static const struct { EC_CURVE_DATA h; unsigned char data[20+48*6]; }
+ 	_EC_NIST_PRIME_384 = {
+ 	{ NID_X9_62_prime_field,20,48,1 },
+@@ -212,6 +242,7 @@ typedef struct _ec_list_element_st {
+ static const ec_list_element curve_list[] = {
+ 	/* prime field curves */
+ 	/* secg curves */
++	{ NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, "SECG curve over a 256 bit prime field" },
+ 	/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
+ 	{ NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, "NIST/SECG curve over a 384 bit prime field" },
+ #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+diff -up openssl-1.0.1k/ssl/t1_lib.c.secp256k1 openssl-1.0.1k/ssl/t1_lib.c
+--- openssl-1.0.1k/ssl/t1_lib.c.secp256k1	2015-08-13 08:03:17.401589785 -0400
++++ openssl-1.0.1k/ssl/t1_lib.c	2015-08-13 08:05:44.283292971 -0400
+@@ -218,6 +218,7 @@ static int pref_list[] =
+ 		NID_sect283k1, /* sect283k1 (9) */
+ 		NID_sect283r1, /* sect283r1 (10) */ 
+ #endif
++		NID_secp256k1, /* secp256k1 (22) */
+ 		NID_X9_62_prime256v1, /* secp256r1 (23) */ 
+ #ifndef OPENSSL_NO_EC2M
+ 		NID_sect239k1, /* sect239k1 (8) */ 

openssl.spec

@@ -23,7 +23,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1k
-Release: 11%{?dist}
+Release: 12%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -83,6 +83,7 @@ Patch77: openssl-1.0.1e-weak-ciphers.patch
 Patch90: openssl-1.0.1e-enc-fail.patch
 Patch92: openssl-1.0.1h-system-cipherlist.patch
 Patch93: openssl-1.0.1h-disable-sslv2v3.patch
+Patch94: openssl-1.0.1k-secp256k1.patch
 # Backported fixes including security fixes
 Patch80: openssl-1.0.1j-evp-wrap.patch
 Patch81: openssl-1.0.1k-padlock64.patch
@@ -218,6 +219,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
 %patch90 -p1 -b .enc-fail
 %patch92 -p1 -b .system
 %patch93 -p1 -b .v2v3
+%patch94 -p1 -b .secp256k1
 
 %patch80 -p1 -b .wrap
 %patch81 -p1 -b .padlock64
@@ -504,6 +506,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Thu Aug 13 2015 Tom Callaway <spot@fedoraproject.org> 1.0.1k-12
+- enable secp256k1 (bz1021898)
+
 * Thu Jul  9 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-11
 - fix CVE-2015-1793 - certificate verification forgery