From c99b8bf7f97fa320fa92a7e33543c13276e3a2fe Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 15 Mar 2019 16:05:02 +0100 Subject: [PATCH] fix regression in EVP_PBE_scrypt() (#1688284) fix incorrect help message in ca app (#1553206) --- ....0-apps-dgst.patch => openssl-1.1.1-apps-dgst.patch | 10 +++++----- openssl-1.1.1-evp-kdf.patch | 6 +++++- openssl.spec | 8 ++++++-- 3 files changed, 16 insertions(+), 8 deletions(-) rename openssl-1.1.0-apps-dgst.patch => openssl-1.1.1-apps-dgst.patch (56%) diff --git a/openssl-1.1.0-apps-dgst.patch b/openssl-1.1.1-apps-dgst.patch similarity index 56% rename from openssl-1.1.0-apps-dgst.patch rename to openssl-1.1.1-apps-dgst.patch index af10684..655b6e2 100644 --- a/openssl-1.1.0-apps-dgst.patch +++ b/openssl-1.1.1-apps-dgst.patch @@ -1,12 +1,12 @@ -diff -up openssl-1.1.0-pre5/apps/ca.c.dgst openssl-1.1.0-pre5/apps/ca.c ---- openssl-1.1.0-pre5/apps/ca.c.dgst 2016-04-19 16:57:52.000000000 +0200 -+++ openssl-1.1.0-pre5/apps/ca.c 2016-07-18 15:58:18.516742682 +0200 -@@ -216,7 +216,7 @@ OPTIONS ca_options[] = { +diff -up openssl-1.1.1b/apps/ca.c.dgst openssl-1.1.1b/apps/ca.c +--- openssl-1.1.1b/apps/ca.c.dgst 2019-02-26 15:15:30.000000000 +0100 ++++ openssl-1.1.1b/apps/ca.c 2019-03-15 15:53:46.622267688 +0100 +@@ -169,7 +169,7 @@ const OPTIONS ca_options[] = { {"enddate", OPT_ENDDATE, 's', "YYMMDDHHMMSSZ cert notAfter (overrides -days)"}, {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"}, - {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"}, -+ {"md", OPT_MD, 's', "md to use; see openssl dgst -h for list"}, ++ {"md", OPT_MD, 's', "md to use; see openssl help for list"}, {"policy", OPT_POLICY, 's', "The CA 'policy' to support"}, {"keyfile", OPT_KEYFILE, 's', "Private key"}, {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"}, diff --git a/openssl-1.1.1-evp-kdf.patch b/openssl-1.1.1-evp-kdf.patch index e71d84a..48169fa 100644 --- a/openssl-1.1.1-evp-kdf.patch +++ b/openssl-1.1.1-evp-kdf.patch @@ -634,7 +634,7 @@ diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/ev /* * Maximum permitted memory allow this to be overridden with Configuration * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible. -@@ -160,107 +37,39 @@ int EVP_PBE_scrypt(const char *pass, siz +@@ -160,107 +37,43 @@ int EVP_PBE_scrypt(const char *pass, siz uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, unsigned char *key, size_t keylen) { @@ -706,6 +706,10 @@ diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/ev + if (pass == NULL) { + pass = empty; + passlen = 0; ++ } ++ if (salt == NULL) { ++ salt = (const unsigned char *)empty; ++ saltlen = 0; } - if (maxmem == 0) diff --git a/openssl.spec b/openssl.spec index 9c89bab..f5b5845 100644 --- a/openssl.spec +++ b/openssl.spec @@ -22,7 +22,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.1.1b -Release: 2%{?dist} +Release: 3%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -47,7 +47,7 @@ Patch21: openssl-1.1.0-issuer-hash.patch # Functionality changes Patch31: openssl-1.1.1-conf-paths.patch Patch32: openssl-1.1.1-version-add-engines.patch -Patch33: openssl-1.1.0-apps-dgst.patch +Patch33: openssl-1.1.1-apps-dgst.patch Patch36: openssl-1.1.1-no-brainpool.patch Patch37: openssl-1.1.1-ec-curves.patch Patch38: openssl-1.1.1-no-weak-verify.patch @@ -448,6 +448,10 @@ export LD_LIBRARY_PATH %ldconfig_scriptlets libs %changelog +* Fri Mar 15 2019 Tomáš Mráz 1.1.1b-3 +- fix regression in EVP_PBE_scrypt() (#1688284) +- fix incorrect help message in ca app (#1553206) + * Fri Mar 1 2019 Tomáš Mráz 1.1.1b-2 - use .include = syntax in the config file to allow it to be parsed by 1.0.2 version (#1668916)