update to the 1.1.1b release

EVP_KDF API backport from master
SSH KDF implementation for EVP_KDF API backport from master
This commit is contained in:
Tomas Mraz 2019-02-28 17:00:02 +01:00
parent 757524ec00
commit 5cda1ca091
10 changed files with 11167 additions and 316 deletions

1
.gitignore vendored
View File

@ -42,3 +42,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.1.1-pre9-hobbled.tar.xz /openssl-1.1.1-pre9-hobbled.tar.xz
/openssl-1.1.1-hobbled.tar.xz /openssl-1.1.1-hobbled.tar.xz
/openssl-1.1.1a-hobbled.tar.xz /openssl-1.1.1a-hobbled.tar.xz
/openssl-1.1.1b-hobbled.tar.xz

View File

@ -1,6 +1,6 @@
diff -up openssl-1.1.1/apps/speed.c.curves openssl-1.1.1/apps/speed.c diff -up openssl-1.1.1b/apps/speed.c.curves openssl-1.1.1b/apps/speed.c
--- openssl-1.1.1/apps/speed.c.curves 2018-09-11 14:48:20.000000000 +0200 --- openssl-1.1.1b/apps/speed.c.curves 2019-02-26 15:15:30.000000000 +0100
+++ openssl-1.1.1/apps/speed.c 2018-09-13 09:24:24.840081023 +0200 +++ openssl-1.1.1b/apps/speed.c 2019-02-28 11:20:42.347170167 +0100
@@ -489,82 +489,28 @@ static const OPT_PAIR rsa_choices[] = { @@ -489,82 +489,28 @@ static const OPT_PAIR rsa_choices[] = {
static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
#endif /* OPENSSL_NO_RSA */ #endif /* OPENSSL_NO_RSA */
@ -170,10 +170,10 @@ diff -up openssl-1.1.1/apps/speed.c.curves openssl-1.1.1/apps/speed.c
/* default iteration count for the last two EC Curves */ /* default iteration count for the last two EC Curves */
ecdh_c[R_EC_X25519][0] = count / 1800; ecdh_c[R_EC_X25519][0] = count / 1800;
ecdh_c[R_EC_X448][0] = count / 7200; ecdh_c[R_EC_X448][0] = count / 7200;
diff -up openssl-1.1.1/crypto/ec/ecp_smpl.c.curves openssl-1.1.1/crypto/ec/ecp_smpl.c diff -up openssl-1.1.1b/crypto/ec/ecp_smpl.c.curves openssl-1.1.1b/crypto/ec/ecp_smpl.c
--- openssl-1.1.1/crypto/ec/ecp_smpl.c.curves 2018-09-11 14:48:21.000000000 +0200 --- openssl-1.1.1b/crypto/ec/ecp_smpl.c.curves 2019-02-26 15:15:30.000000000 +0100
+++ openssl-1.1.1/crypto/ec/ecp_smpl.c 2018-09-13 09:09:26.841792619 +0200 +++ openssl-1.1.1b/crypto/ec/ecp_smpl.c 2019-02-28 11:19:30.628479300 +0100
@@ -144,6 +144,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO @@ -145,6 +145,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
return 0; return 0;
} }
@ -185,10 +185,10 @@ diff -up openssl-1.1.1/crypto/ec/ecp_smpl.c.curves openssl-1.1.1/crypto/ec/ecp_s
if (ctx == NULL) { if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new(); ctx = new_ctx = BN_CTX_new();
if (ctx == NULL) if (ctx == NULL)
diff -up openssl-1.1.1/test/ecdsatest.c.curves openssl-1.1.1/test/ecdsatest.c diff -up openssl-1.1.1b/test/ecdsatest.c.curves openssl-1.1.1b/test/ecdsatest.c
--- openssl-1.1.1/test/ecdsatest.c.curves 2018-09-11 14:48:24.000000000 +0200 --- openssl-1.1.1b/test/ecdsatest.c.curves 2019-02-26 15:15:30.000000000 +0100
+++ openssl-1.1.1/test/ecdsatest.c 2018-09-13 09:09:26.841792619 +0200 +++ openssl-1.1.1b/test/ecdsatest.c 2019-02-28 11:19:30.628479300 +0100
@@ -173,6 +173,7 @@ static int x9_62_tests(void) @@ -176,6 +176,7 @@ static int x9_62_tests(void)
if (!change_rand()) if (!change_rand())
goto x962_err; goto x962_err;
@ -196,7 +196,7 @@ diff -up openssl-1.1.1/test/ecdsatest.c.curves openssl-1.1.1/test/ecdsatest.c
if (!TEST_true(x9_62_test_internal(NID_X9_62_prime192v1, if (!TEST_true(x9_62_test_internal(NID_X9_62_prime192v1,
"3342403536405981729393488334694600415596881826869351677613", "3342403536405981729393488334694600415596881826869351677613",
"5735822328888155254683894997897571951568553642892029982342"))) "5735822328888155254683894997897571951568553642892029982342")))
@@ -183,6 +184,7 @@ static int x9_62_tests(void) @@ -186,6 +187,7 @@ static int x9_62_tests(void)
"3238135532097973577080787768312505059318910517550078427819" "3238135532097973577080787768312505059318910517550078427819"
"78505179448783"))) "78505179448783")))
goto x962_err; goto x962_err;

5259
openssl-1.1.1-evp-kdf.patch Normal file

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -1,6 +1,6 @@
diff -up openssl-1.1.0g/crypto/asn1/a_verify.c.no-md5-verify openssl-1.1.0g/crypto/asn1/a_verify.c diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c
--- openssl-1.1.0g/crypto/asn1/a_verify.c.no-md5-verify 2017-11-02 15:29:02.000000000 +0100 --- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify 2019-02-26 15:15:30.000000000 +0100
+++ openssl-1.1.0g/crypto/asn1/a_verify.c 2017-11-03 16:15:46.125801341 +0100 +++ openssl-1.1.1b/crypto/asn1/a_verify.c 2019-02-28 11:25:31.531862873 +0100
@@ -7,6 +7,9 @@ @@ -7,6 +7,9 @@
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
@ -11,7 +11,7 @@ diff -up openssl-1.1.0g/crypto/asn1/a_verify.c.no-md5-verify openssl-1.1.0g/cryp
#include <stdio.h> #include <stdio.h>
#include <time.h> #include <time.h>
#include <sys/types.h> #include <sys/types.h>
@@ -126,6 +129,12 @@ int ASN1_item_verify(const ASN1_ITEM *it @@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
if (ret != 2) if (ret != 2)
goto err; goto err;
ret = -1; ret = -1;
@ -22,5 +22,5 @@ diff -up openssl-1.1.0g/crypto/asn1/a_verify.c.no-md5-verify openssl-1.1.0g/cryp
+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); + ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+ goto err; + goto err;
} else { } else {
const EVP_MD *type; const EVP_MD *type = EVP_get_digestbynid(mdnid);
type = EVP_get_digestbynid(mdnid);

5582
openssl-1.1.1-ssh-kdf.patch Normal file

File diff suppressed because it is too large Load Diff

View File

@ -295,10 +295,10 @@ diff -up openssl-1.1.1-pre9/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1-pre9/s
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2; goto err2;
diff -up openssl-1.1.1-pre9/test/cipherlist_test.c.system-cipherlist openssl-1.1.1-pre9/test/cipherlist_test.c diff -up openssl-1.1.1b/test/cipherlist_test.c.system-cipherlist openssl-1.1.1b/test/cipherlist_test.c
--- openssl-1.1.1-pre9/test/cipherlist_test.c.system-cipherlist 2018-08-21 14:14:15.000000000 +0200 --- openssl-1.1.1b/test/cipherlist_test.c.system-cipherlist 2019-02-28 11:27:15.181936081 +0100
+++ openssl-1.1.1-pre9/test/cipherlist_test.c 2018-08-22 12:15:54.558743609 +0200 +++ openssl-1.1.1b/test/cipherlist_test.c 2019-02-28 11:28:53.357111055 +0100
@@ -217,7 +217,9 @@ static int test_default_cipherlist_expli @@ -251,7 +251,9 @@ end:
int setup_tests(void) int setup_tests(void)
{ {
@ -306,5 +306,5 @@ diff -up openssl-1.1.1-pre9/test/cipherlist_test.c.system-cipherlist openssl-1.1
ADD_TEST(test_default_cipherlist_implicit); ADD_TEST(test_default_cipherlist_implicit);
+#endif +#endif
ADD_TEST(test_default_cipherlist_explicit); ADD_TEST(test_default_cipherlist_explicit);
ADD_TEST(test_default_cipherlist_clear);
return 1; return 1;
}

View File

@ -1,12 +1,12 @@
diff -up openssl-1.1.1a/include/openssl/opensslv.h.version-override openssl-1.1.1a/include/openssl/opensslv.h diff -up openssl-1.1.1b/include/openssl/opensslv.h.version-override openssl-1.1.1b/include/openssl/opensslv.h
--- openssl-1.1.1a/include/openssl/opensslv.h.version-override 2019-01-15 14:09:04.591995174 +0100 --- openssl-1.1.1b/include/openssl/opensslv.h.version-override 2019-02-28 11:34:56.427361796 +0100
+++ openssl-1.1.1a/include/openssl/opensslv.h 2019-01-15 14:11:31.976256442 +0100 +++ openssl-1.1.1b/include/openssl/opensslv.h 2019-02-28 11:35:40.487542747 +0100
@@ -40,7 +40,7 @@ extern "C" { @@ -40,7 +40,7 @@ extern "C" {
* major minor fix final patch/beta) * major minor fix final patch/beta)
*/ */
# define OPENSSL_VERSION_NUMBER 0x1010101fL # define OPENSSL_VERSION_NUMBER 0x1010102fL
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1a 20 Nov 2018" -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1b 26 Feb 2019"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1a FIPS 20 Nov 2018" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1b FIPS 26 Feb 2019"
/*- /*-
* The macros below are to be used for shared library (.so, .dll, ...) * The macros below are to be used for shared library (.so, .dll, ...)

View File

@ -21,8 +21,8 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.1.1a Version: 1.1.1b
Release: 2%{?dist} Release: 1%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -50,7 +50,7 @@ Patch32: openssl-1.1.1-version-add-engines.patch
Patch33: openssl-1.1.0-apps-dgst.patch Patch33: openssl-1.1.0-apps-dgst.patch
Patch36: openssl-1.1.1-no-brainpool.patch Patch36: openssl-1.1.1-no-brainpool.patch
Patch37: openssl-1.1.1-ec-curves.patch Patch37: openssl-1.1.1-ec-curves.patch
Patch38: openssl-1.1.0-no-weak-verify.patch Patch38: openssl-1.1.1-no-weak-verify.patch
Patch40: openssl-1.1.1-disable-ssl3.patch Patch40: openssl-1.1.1-disable-ssl3.patch
Patch41: openssl-1.1.1-system-cipherlist.patch Patch41: openssl-1.1.1-system-cipherlist.patch
Patch42: openssl-1.1.1-fips.patch Patch42: openssl-1.1.1-fips.patch
@ -59,6 +59,8 @@ Patch44: openssl-1.1.1-version-override.patch
Patch45: openssl-1.1.1-weak-ciphers.patch Patch45: openssl-1.1.1-weak-ciphers.patch
Patch46: openssl-1.1.1-seclevel.patch Patch46: openssl-1.1.1-seclevel.patch
Patch48: openssl-1.1.1-fips-post-rand.patch Patch48: openssl-1.1.1-fips-post-rand.patch
Patch49: openssl-1.1.1-evp-kdf.patch
Patch50: openssl-1.1.1-ssh-kdf.patch
# Backported fixes including security fixes # Backported fixes including security fixes
License: OpenSSL License: OpenSSL
@ -158,6 +160,8 @@ cp %{SOURCE13} test/
%patch45 -p1 -b .weak-ciphers %patch45 -p1 -b .weak-ciphers
%patch46 -p1 -b .seclevel %patch46 -p1 -b .seclevel
%patch48 -p1 -b .fips-post-rand %patch48 -p1 -b .fips-post-rand
%patch49 -p1 -b .evp-kdf
%patch50 -p1 -b .ssh-kdf
%build %build
@ -444,6 +448,11 @@ export LD_LIBRARY_PATH
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Thu Feb 28 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-1
- update to the 1.1.1b release
- EVP_KDF API backport from master
- SSH KDF implementation for EVP_KDF API backport from master
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.1a-2 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.1a-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

View File

@ -1 +1 @@
SHA512 (openssl-1.1.1a-hobbled.tar.xz) = 17d2703b2169f36b2ecd50d014103f31e22bbd42807b4688a3cd6140911e0aa9a2fa2bb1d4dda4eae000913a1551d85ac9c441a69c053a8ad10b593ec2a588b5 SHA512 (openssl-1.1.1b-hobbled.tar.xz) = 8055b19bfeec41fe0607c04d468d2f16a1e5fe02642c8deb67b00878be7e28ab266d13da41b9576800cba0b9448253f26f72ab8889d666f5d23103648f80bea1