backport of KBKDF and KRB5KDF from master

This commit is contained in:
Tomas Mraz 2019-11-13 13:43:05 +01:00
parent dc9d5caf5e
commit 266efa3055
2 changed files with 858 additions and 65 deletions

File diff suppressed because it is too large Load Diff

View File

@ -22,7 +22,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.1.1d Version: 1.1.1d
Release: 2%{?dist} Release: 3%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -62,6 +62,7 @@ Patch47: openssl-1.1.1-ts-sha256-default.patch
Patch48: openssl-1.1.1-fips-post-rand.patch Patch48: openssl-1.1.1-fips-post-rand.patch
Patch49: openssl-1.1.1-evp-kdf.patch Patch49: openssl-1.1.1-evp-kdf.patch
Patch50: openssl-1.1.1-ssh-kdf.patch Patch50: openssl-1.1.1-ssh-kdf.patch
Patch60: openssl-1.1.1-krb5-kdf.patch
# Backported fixes including security fixes # Backported fixes including security fixes
Patch51: openssl-1.1.1-upstream-sync.patch Patch51: openssl-1.1.1-upstream-sync.patch
Patch52: openssl-1.1.1-s390x-update.patch Patch52: openssl-1.1.1-s390x-update.patch
@ -170,6 +171,7 @@ cp %{SOURCE13} test/
%patch53 -p1 -b .crng-test %patch53 -p1 -b .crng-test
%patch54 -p1 -b .regression %patch54 -p1 -b .regression
%patch55 -p1 -b .aes-asm %patch55 -p1 -b .aes-asm
%patch60 -p1 -b .krb5-kdf
%build %build
@ -456,6 +458,9 @@ export LD_LIBRARY_PATH
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Wed Nov 13 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1d-3
- backport of KBKDF and KRB5KDF from master
* Thu Oct 3 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1d-2 * Thu Oct 3 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1d-2
- re-enable the stitched AES-CBC-SHA implementations - re-enable the stitched AES-CBC-SHA implementations
- make AES-GCM work in FIPS mode again - make AES-GCM work in FIPS mode again