Upgrade to OpenSSL 1.1.1n
Related: rhbz#2064911 (cherry picked from commit 41079c8a15e65033775ffe3e998ed32d411df388)
This commit is contained in:
parent
2fc4e025c7
commit
46eb8fcc17
|
@ -53,3 +53,4 @@ openssl-1.0.0a-usa.tar.bz2
|
|||
/openssl-1.1.1j-hobbled.tar.xz
|
||||
/openssl-1.1.1k-hobbled.tar.xz
|
||||
/openssl-1.1.1l-hobbled.tar.xz
|
||||
/openssl-1.1.1n-hobbled.tar.xz
|
||||
|
|
|
@ -4474,13 +4474,6 @@ diff -up openssl-1.1.1j/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1j/test/pk
|
|||
diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt
|
||||
--- openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt 2021-03-03 14:08:02.494294874 +0100
|
||||
@@ -1,5 +1,5 @@
|
||||
#
|
||||
-# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@@ -15,7 +15,7 @@
|
||||
Title = TLS1 PRF tests (from NIST test vectors)
|
||||
|
||||
|
@ -4740,7 +4733,7 @@ diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl
|
|||
Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
|
||||
@@ -303,3 +303,133 @@ Ctrl.r = r:8
|
||||
Ctrl.p = p:1
|
||||
Result = INTERNAL_ERROR
|
||||
Result = KDF_DERIVE_ERROR
|
||||
|
||||
+Title = PBKDF2 tests
|
||||
+
|
||||
|
|
|
@ -870,8 +870,8 @@ diff -up openssl-1.1.1j/crypto/evp/digest.c.fips openssl-1.1.1j/crypto/evp/diges
|
|||
+# include <openssl/fips.h>
|
||||
+#endif
|
||||
|
||||
/* This call frees resources associated with the context */
|
||||
int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
|
||||
|
||||
static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force)
|
||||
@@ -66,6 +69,12 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
|
||||
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
|
||||
{
|
||||
|
@ -898,9 +898,9 @@ diff -up openssl-1.1.1j/crypto/evp/digest.c.fips openssl-1.1.1j/crypto/evp/diges
|
|||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
if (ctx->digest && ctx->digest->ctx_size) {
|
||||
OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
|
||||
ctx->md_data = NULL;
|
||||
cleanup_old_md_data(ctx, 1);
|
||||
|
||||
ctx->digest = type;
|
||||
@@ -150,6 +168,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
|
||||
|
||||
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
|
||||
|
|
|
@ -238,7 +238,7 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
|
|||
}
|
||||
|
||||
/*
|
||||
@@ -1592,14 +1648,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
@@ -1592,10 +1648,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
* if we cannot get one.
|
||||
*/
|
||||
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
|
||||
|
@ -254,11 +254,6 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
|
|||
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
|
||||
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
|
||||
if (!sk_SSL_CIPHER_push(cipherstack,
|
||||
sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
|
||||
+ OPENSSL_free(co_list);
|
||||
sk_SSL_CIPHER_free(cipherstack);
|
||||
return NULL;
|
||||
}
|
||||
@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
*cipher_list = cipherstack;
|
||||
|
||||
|
|
|
@ -4,9 +4,9 @@ diff -up openssl-1.1.1i/include/openssl/opensslv.h.version-override openssl-1.1.
|
|||
@@ -40,7 +40,7 @@ extern "C" {
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x101010cfL
|
||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1l 24 Aug 2021"
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1l FIPS 24 Aug 2021"
|
||||
# define OPENSSL_VERSION_NUMBER 0x101010efL
|
||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1n 15 Mar 2022"
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1n FIPS 15 Mar 2022"
|
||||
|
||||
/*-
|
||||
* The macros below are to be used for shared library (.so, .dll, ...)
|
||||
|
|
|
@ -21,8 +21,8 @@
|
|||
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.1.1l
|
||||
Release: 2%{?dist}
|
||||
Version: 1.1.1n
|
||||
Release: 1%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
|
@ -479,6 +479,9 @@ export LD_LIBRARY_PATH
|
|||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Fri Mar 18 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1n-1
|
||||
- Upgrade to version 1.1.1n
|
||||
|
||||
* Wed Sep 15 2021 Miro Hrončok <mhroncok@redhat.com> - 1:1.1.1l-2
|
||||
- Provide and obsolete openssl1.1 to allow using openssl1.1-devel on Fedora < 36
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (openssl-1.1.1l-hobbled.tar.xz) = f0dfe3d3f4d1165173a0aeb50949792fef37069fc2b29de4845851fe0dbae8254f1d892b0ab8b23b75efc994742f3a57c30c78efa0702f6408d3a80442053d6f
|
||||
SHA512 (openssl-1.1.1n-hobbled.tar.xz) = e76b367218394279a1f34afcb747c2fdac6fc25fc933a70cdf85d1fd0eb6a4418b3bab985e8082b563df4f98dd6bac34464d143a8532bb78530235aaef988c4b
|
||||
|
|
Loading…
Reference in New Issue