Upgrade to OpenSSL 1.1.1n
Related: rhbz#2064911 (cherry picked from commit 41079c8a15e65033775ffe3e998ed32d411df388)
This commit is contained in:
parent
2fc4e025c7
commit
46eb8fcc17
1
.gitignore
vendored
1
.gitignore
vendored
@ -53,3 +53,4 @@ openssl-1.0.0a-usa.tar.bz2
|
|||||||
/openssl-1.1.1j-hobbled.tar.xz
|
/openssl-1.1.1j-hobbled.tar.xz
|
||||||
/openssl-1.1.1k-hobbled.tar.xz
|
/openssl-1.1.1k-hobbled.tar.xz
|
||||||
/openssl-1.1.1l-hobbled.tar.xz
|
/openssl-1.1.1l-hobbled.tar.xz
|
||||||
|
/openssl-1.1.1n-hobbled.tar.xz
|
||||||
|
@ -4474,13 +4474,6 @@ diff -up openssl-1.1.1j/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1j/test/pk
|
|||||||
diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt
|
diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt
|
||||||
--- openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
--- openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||||
+++ openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt 2021-03-03 14:08:02.494294874 +0100
|
+++ openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt 2021-03-03 14:08:02.494294874 +0100
|
||||||
@@ -1,5 +1,5 @@
|
|
||||||
#
|
|
||||||
-# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
+# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
#
|
|
||||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
|
||||||
# this file except in compliance with the License. You can obtain a copy
|
|
||||||
@@ -15,7 +15,7 @@
|
@@ -15,7 +15,7 @@
|
||||||
Title = TLS1 PRF tests (from NIST test vectors)
|
Title = TLS1 PRF tests (from NIST test vectors)
|
||||||
|
|
||||||
@ -4740,7 +4733,7 @@ diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl
|
|||||||
Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
|
Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
|
||||||
@@ -303,3 +303,133 @@ Ctrl.r = r:8
|
@@ -303,3 +303,133 @@ Ctrl.r = r:8
|
||||||
Ctrl.p = p:1
|
Ctrl.p = p:1
|
||||||
Result = INTERNAL_ERROR
|
Result = KDF_DERIVE_ERROR
|
||||||
|
|
||||||
+Title = PBKDF2 tests
|
+Title = PBKDF2 tests
|
||||||
+
|
+
|
||||||
|
@ -870,8 +870,8 @@ diff -up openssl-1.1.1j/crypto/evp/digest.c.fips openssl-1.1.1j/crypto/evp/diges
|
|||||||
+# include <openssl/fips.h>
|
+# include <openssl/fips.h>
|
||||||
+#endif
|
+#endif
|
||||||
|
|
||||||
/* This call frees resources associated with the context */
|
|
||||||
int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
|
static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force)
|
||||||
@@ -66,6 +69,12 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
|
@@ -66,6 +69,12 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
|
||||||
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
|
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
|
||||||
{
|
{
|
||||||
@ -898,9 +898,9 @@ diff -up openssl-1.1.1j/crypto/evp/digest.c.fips openssl-1.1.1j/crypto/evp/diges
|
|||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
+#endif
|
+#endif
|
||||||
if (ctx->digest && ctx->digest->ctx_size) {
|
cleanup_old_md_data(ctx, 1);
|
||||||
OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
|
|
||||||
ctx->md_data = NULL;
|
ctx->digest = type;
|
||||||
@@ -150,6 +168,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
|
@@ -150,6 +168,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
|
||||||
|
|
||||||
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
|
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
|
||||||
|
@ -238,7 +238,7 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -1592,14 +1648,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
@@ -1592,10 +1648,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||||
* if we cannot get one.
|
* if we cannot get one.
|
||||||
*/
|
*/
|
||||||
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
|
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
|
||||||
@ -254,11 +254,6 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
|
|||||||
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
|
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
|
||||||
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
|
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
|
||||||
if (!sk_SSL_CIPHER_push(cipherstack,
|
if (!sk_SSL_CIPHER_push(cipherstack,
|
||||||
sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
|
|
||||||
+ OPENSSL_free(co_list);
|
|
||||||
sk_SSL_CIPHER_free(cipherstack);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||||
*cipher_list = cipherstack;
|
*cipher_list = cipherstack;
|
||||||
|
|
||||||
|
@ -4,9 +4,9 @@ diff -up openssl-1.1.1i/include/openssl/opensslv.h.version-override openssl-1.1.
|
|||||||
@@ -40,7 +40,7 @@ extern "C" {
|
@@ -40,7 +40,7 @@ extern "C" {
|
||||||
* major minor fix final patch/beta)
|
* major minor fix final patch/beta)
|
||||||
*/
|
*/
|
||||||
# define OPENSSL_VERSION_NUMBER 0x101010cfL
|
# define OPENSSL_VERSION_NUMBER 0x101010efL
|
||||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1l 24 Aug 2021"
|
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1n 15 Mar 2022"
|
||||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1l FIPS 24 Aug 2021"
|
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1n FIPS 15 Mar 2022"
|
||||||
|
|
||||||
/*-
|
/*-
|
||||||
* The macros below are to be used for shared library (.so, .dll, ...)
|
* The macros below are to be used for shared library (.so, .dll, ...)
|
||||||
|
@ -21,8 +21,8 @@
|
|||||||
|
|
||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.1.1l
|
Version: 1.1.1n
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -479,6 +479,9 @@ export LD_LIBRARY_PATH
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Mar 18 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1n-1
|
||||||
|
- Upgrade to version 1.1.1n
|
||||||
|
|
||||||
* Wed Sep 15 2021 Miro Hrončok <mhroncok@redhat.com> - 1:1.1.1l-2
|
* Wed Sep 15 2021 Miro Hrončok <mhroncok@redhat.com> - 1:1.1.1l-2
|
||||||
- Provide and obsolete openssl1.1 to allow using openssl1.1-devel on Fedora < 36
|
- Provide and obsolete openssl1.1 to allow using openssl1.1-devel on Fedora < 36
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (openssl-1.1.1l-hobbled.tar.xz) = f0dfe3d3f4d1165173a0aeb50949792fef37069fc2b29de4845851fe0dbae8254f1d892b0ab8b23b75efc994742f3a57c30c78efa0702f6408d3a80442053d6f
|
SHA512 (openssl-1.1.1n-hobbled.tar.xz) = e76b367218394279a1f34afcb747c2fdac6fc25fc933a70cdf85d1fd0eb6a4418b3bab985e8082b563df4f98dd6bac34464d143a8532bb78530235aaef988c4b
|
||||||
|
Loading…
Reference in New Issue
Block a user