Compare commits
13 Commits
| Author | SHA1 | Date |
|---|---|---|
Clemens Lang
|
18420b31a5 | |
|
Clemens Lang
|
de1929a7a0 | |
|
Clemens Lang
|
2cc8d179f1 | |
Dmitry Belyavskiy
|
46eb8fcc17 | |
Miro Hrončok
|
2fc4e025c7 | |
Sahana Prasad
|
2002767b71 | |
Fedora Release Engineering
|
5de10d4810 | |
|
Sahana Prasad
|
0f5f931f9a | |
|
Sahana Prasad
|
b023ffe39f | |
|
Sahana Prasad
|
fb8e66a58f | |
|
Fedora Release Engineering
|
d34c6392bf | |
Tom Stellard
|
c89aeae26c | |
Tomas Mraz
|
a07706cf0e |
|
|
@ -49,3 +49,11 @@ openssl-1.0.0a-usa.tar.bz2
|
|||
/openssl-1.1.1f-hobbled.tar.xz
|
||||
/openssl-1.1.1g-hobbled.tar.xz
|
||||
/openssl-1.1.1h-hobbled.tar.xz
|
||||
/openssl-1.1.1i-hobbled.tar.xz
|
||||
/openssl-1.1.1j-hobbled.tar.xz
|
||||
/openssl-1.1.1k-hobbled.tar.xz
|
||||
/openssl-1.1.1l-hobbled.tar.xz
|
||||
/openssl-1.1.1n-hobbled.tar.xz
|
||||
/openssl-1.1.1o-hobbled.tar.xz
|
||||
/openssl-1.1.1p-hobbled.tar.xz
|
||||
/openssl-1.1.1q-hobbled.tar.xz
|
||||
|
|
|
|||
|
|
@ -1,11 +0,0 @@
|
|||
diff -up openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash openssl-1.1.0-pre5/crypto/x509/x509_cmp.c
|
||||
--- openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash 2016-07-18 15:16:32.788881100 +0200
|
||||
+++ openssl-1.1.0-pre5/crypto/x509/x509_cmp.c 2016-07-18 15:17:16.671871840 +0200
|
||||
@@ -87,6 +87,7 @@ unsigned long X509_issuer_and_serial_has
|
||||
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
||||
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
|
||||
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
|
||||
goto err;
|
||||
File diff suppressed because it is too large
Load Diff
|
|
@ -1,7 +1,7 @@
|
|||
diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err/openssl.txt
|
||||
--- openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/err/openssl.txt 2020-03-19 16:04:11.299063517 +0100
|
||||
@@ -747,6 +747,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn
|
||||
diff -up openssl-1.1.1j/crypto/err/openssl.txt.evp-kdf openssl-1.1.1j/crypto/err/openssl.txt
|
||||
--- openssl-1.1.1j/crypto/err/openssl.txt.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/err/openssl.txt 2021-03-03 14:10:13.729466935 +0100
|
||||
@@ -748,6 +748,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn
|
||||
EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate
|
||||
EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex
|
||||
EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate
|
||||
|
|
@ -11,7 +11,7 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err
|
|||
EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex
|
||||
EVP_F_EVP_MD_SIZE:162:EVP_MD_size
|
||||
EVP_F_EVP_OPENINIT:102:EVP_OpenInit
|
||||
@@ -809,12 +812,31 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k
|
||||
@@ -810,12 +813,31 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k
|
||||
EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen
|
||||
EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen
|
||||
EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen
|
||||
|
|
@ -43,7 +43,7 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err
|
|||
KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str
|
||||
KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive
|
||||
KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init
|
||||
@@ -826,6 +848,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc
|
||||
@@ -827,6 +849,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc
|
||||
KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str
|
||||
KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive
|
||||
KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init
|
||||
|
|
@ -51,15 +51,15 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err
|
|||
KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg
|
||||
OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
|
||||
OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid
|
||||
@@ -2277,6 +2300,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on
|
||||
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
|
||||
@@ -2284,6 +2307,7 @@ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_K
|
||||
operation not supported for this keytype
|
||||
EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
|
||||
EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow
|
||||
+EVP_R_PARAMETER_TOO_LARGE:187:parameter too large
|
||||
EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
|
||||
EVP_R_PBKDF2_ERROR:181:pbkdf2 error
|
||||
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
|
||||
@@ -2313,6 +2337,7 @@ KDF_R_MISSING_SEED:106:missing seed
|
||||
@@ -2320,6 +2344,7 @@ KDF_R_MISSING_SEED:106:missing seed
|
||||
KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
|
||||
KDF_R_VALUE_ERROR:108:value error
|
||||
KDF_R_VALUE_MISSING:102:value missing
|
||||
|
|
@ -67,9 +67,9 @@ diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err
|
|||
OBJ_R_OID_EXISTS:102:oid exists
|
||||
OBJ_R_UNKNOWN_NID:101:unknown nid
|
||||
OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error
|
||||
diff -up openssl-1.1.1e/crypto/evp/build.info.evp-kdf openssl-1.1.1e/crypto/evp/build.info
|
||||
--- openssl-1.1.1e/crypto/evp/build.info.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/build.info 2020-03-19 16:04:11.300063500 +0100
|
||||
diff -up openssl-1.1.1j/crypto/evp/build.info.evp-kdf openssl-1.1.1j/crypto/evp/build.info
|
||||
--- openssl-1.1.1j/crypto/evp/build.info.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/evp/build.info 2021-03-03 14:08:02.490294839 +0100
|
||||
@@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\
|
||||
p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
|
||||
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
|
||||
|
|
@ -80,9 +80,9 @@ diff -up openssl-1.1.1e/crypto/evp/build.info.evp-kdf openssl-1.1.1e/crypto/evp/
|
|||
e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
|
||||
e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
|
||||
e_chacha20_poly1305.c cmeth_lib.c
|
||||
diff -up openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c
|
||||
--- openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf 2020-03-19 16:04:11.300063500 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c 2020-03-19 16:16:46.497967633 +0100
|
||||
diff -up openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c
|
||||
--- openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/evp/e_chacha20_poly1305.c 2021-03-03 14:08:02.490294839 +0100
|
||||
@@ -14,9 +14,9 @@
|
||||
|
||||
# include <openssl/evp.h>
|
||||
|
|
@ -94,9 +94,9 @@ diff -up openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1e/
|
|||
|
||||
typedef struct {
|
||||
union {
|
||||
diff -up openssl-1.1.1e/crypto/evp/encode.c.evp-kdf openssl-1.1.1e/crypto/evp/encode.c
|
||||
--- openssl-1.1.1e/crypto/evp/encode.c.evp-kdf 2020-03-19 16:04:11.301063483 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/encode.c 2020-03-19 16:14:13.147628683 +0100
|
||||
diff -up openssl-1.1.1j/crypto/evp/encode.c.evp-kdf openssl-1.1.1j/crypto/evp/encode.c
|
||||
--- openssl-1.1.1j/crypto/evp/encode.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/evp/encode.c 2021-03-03 14:08:02.491294847 +0100
|
||||
@@ -11,8 +11,8 @@
|
||||
#include <limits.h>
|
||||
#include "internal/cryptlib.h"
|
||||
|
|
@ -107,9 +107,9 @@ diff -up openssl-1.1.1e/crypto/evp/encode.c.evp-kdf openssl-1.1.1e/crypto/evp/en
|
|||
|
||||
static unsigned char conv_ascii2bin(unsigned char a,
|
||||
const unsigned char *table);
|
||||
diff -up openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1e/crypto/evp/evp_err.c
|
||||
--- openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf 2020-03-19 16:04:11.218064919 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/evp_err.c 2020-03-19 16:04:11.302063465 +0100
|
||||
diff -up openssl-1.1.1j/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1j/crypto/evp/evp_err.c
|
||||
--- openssl-1.1.1j/crypto/evp/evp_err.c.evp-kdf 2021-03-03 14:08:02.469294651 +0100
|
||||
+++ openssl-1.1.1j/crypto/evp/evp_err.c 2021-03-03 14:12:08.272351600 +0100
|
||||
@@ -60,6 +60,9 @@ static const ERR_STRING_DATA EVP_str_fun
|
||||
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),
|
||||
"EVP_EncryptFinal_ex"},
|
||||
|
|
@ -135,18 +135,18 @@ diff -up openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1e/crypto/evp/e
|
|||
{ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"},
|
||||
{0, NULL}
|
||||
};
|
||||
@@ -241,6 +246,8 @@ static const ERR_STRING_DATA EVP_str_rea
|
||||
"operation not supported for this keytype"},
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
|
||||
@@ -243,6 +248,8 @@ static const ERR_STRING_DATA EVP_str_rea
|
||||
"operaton not initialized"},
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW),
|
||||
"output would overflow"},
|
||||
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARAMETER_TOO_LARGE),
|
||||
+ "parameter too large"},
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
|
||||
"partially overlapping buffers"},
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
|
||||
diff -up openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1e/crypto/evp/evp_local.h
|
||||
--- openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf 2020-03-19 16:04:10.657074629 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/evp_local.h 2020-03-19 16:04:20.722900404 +0100
|
||||
diff -up openssl-1.1.1j/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1j/crypto/evp/evp_local.h
|
||||
--- openssl-1.1.1j/crypto/evp/evp_local.h.evp-kdf 2021-03-03 14:08:02.362293695 +0100
|
||||
+++ openssl-1.1.1j/crypto/evp/evp_local.h 2021-03-03 14:08:02.491294847 +0100
|
||||
@@ -41,6 +41,11 @@ struct evp_cipher_ctx_st {
|
||||
unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
|
||||
} /* EVP_CIPHER_CTX */ ;
|
||||
|
|
@ -159,9 +159,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1e/crypto/evp
|
|||
int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
|
||||
int passlen, ASN1_TYPE *param,
|
||||
const EVP_CIPHER *c, const EVP_MD *md,
|
||||
diff -up openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1e/crypto/evp/evp_pbe.c
|
||||
--- openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf 2020-03-19 16:04:20.723900386 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/evp_pbe.c 2020-03-19 16:11:56.425001210 +0100
|
||||
diff -up openssl-1.1.1j/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1j/crypto/evp/evp_pbe.c
|
||||
--- openssl-1.1.1j/crypto/evp/evp_pbe.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/evp/evp_pbe.c 2021-03-03 14:08:02.491294847 +0100
|
||||
@@ -12,6 +12,7 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pkcs12.h>
|
||||
|
|
@ -170,9 +170,9 @@ diff -up openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1e/crypto/evp/e
|
|||
#include "evp_local.h"
|
||||
|
||||
/* Password based encryption (PBE) functions */
|
||||
diff -up openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1e/crypto/evp/kdf_lib.c
|
||||
--- openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf 2020-03-19 16:04:20.723900386 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/kdf_lib.c 2020-03-19 16:04:20.723900386 +0100
|
||||
diff -up openssl-1.1.1j/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1j/crypto/evp/kdf_lib.c
|
||||
--- openssl-1.1.1j/crypto/evp/kdf_lib.c.evp-kdf 2021-03-03 14:08:02.491294847 +0100
|
||||
+++ openssl-1.1.1j/crypto/evp/kdf_lib.c 2021-03-03 14:08:02.491294847 +0100
|
||||
@@ -0,0 +1,165 @@
|
||||
+/*
|
||||
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
|
@ -339,9 +339,9 @@ diff -up openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1e/crypto/evp/k
|
|||
+ return ctx->kmeth->derive(ctx->impl, key, keylen);
|
||||
+}
|
||||
+
|
||||
diff -up openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1e/crypto/evp/p5_crpt2.c
|
||||
--- openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/p5_crpt2.c 2020-03-19 16:17:48.822886126 +0100
|
||||
diff -up openssl-1.1.1j/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1j/crypto/evp/p5_crpt2.c
|
||||
--- openssl-1.1.1j/crypto/evp/p5_crpt2.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/evp/p5_crpt2.c 2021-03-03 14:08:02.491294847 +0100
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
|
@ -490,9 +490,9 @@ diff -up openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1e/crypto/evp/
|
|||
}
|
||||
|
||||
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
|
||||
diff -up openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1e/crypto/evp/pbe_scrypt.c
|
||||
--- openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/pbe_scrypt.c 2020-03-19 16:04:20.725900352 +0100
|
||||
diff -up openssl-1.1.1j/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1j/crypto/evp/pbe_scrypt.c
|
||||
--- openssl-1.1.1j/crypto/evp/pbe_scrypt.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/evp/pbe_scrypt.c 2021-03-03 14:08:02.491294847 +0100
|
||||
@@ -7,135 +7,12 @@
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
|
@ -763,9 +763,9 @@ diff -up openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1e/crypto/ev
|
|||
}
|
||||
+
|
||||
#endif
|
||||
diff -up openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1e/crypto/evp/pkey_kdf.c
|
||||
--- openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf 2020-03-19 16:04:20.726900334 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/pkey_kdf.c 2020-03-19 16:04:20.725900352 +0100
|
||||
diff -up openssl-1.1.1j/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1j/crypto/evp/pkey_kdf.c
|
||||
--- openssl-1.1.1j/crypto/evp/pkey_kdf.c.evp-kdf 2021-03-03 14:08:02.491294847 +0100
|
||||
+++ openssl-1.1.1j/crypto/evp/pkey_kdf.c 2021-03-03 14:08:02.491294847 +0100
|
||||
@@ -0,0 +1,255 @@
|
||||
+/*
|
||||
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
|
@ -1022,17 +1022,17 @@ diff -up openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1e/crypto/evp/
|
|||
+ pkey_kdf_ctrl_str
|
||||
+};
|
||||
+
|
||||
diff -up openssl-1.1.1e/crypto/kdf/build.info.evp-kdf openssl-1.1.1e/crypto/kdf/build.info
|
||||
--- openssl-1.1.1e/crypto/kdf/build.info.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/build.info 2020-03-19 16:04:32.347699194 +0100
|
||||
diff -up openssl-1.1.1j/crypto/kdf/build.info.evp-kdf openssl-1.1.1j/crypto/kdf/build.info
|
||||
--- openssl-1.1.1j/crypto/kdf/build.info.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/kdf/build.info 2021-03-03 14:08:02.491294847 +0100
|
||||
@@ -1,3 +1,3 @@
|
||||
LIBS=../../libcrypto
|
||||
SOURCE[../../libcrypto]=\
|
||||
- tls1_prf.c kdf_err.c hkdf.c scrypt.c
|
||||
+ tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c
|
||||
diff -up openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1e/crypto/kdf/hkdf.c
|
||||
--- openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/hkdf.c 2020-03-19 16:06:59.757147720 +0100
|
||||
diff -up openssl-1.1.1j/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1j/crypto/kdf/hkdf.c
|
||||
--- openssl-1.1.1j/crypto/kdf/hkdf.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/kdf/hkdf.c 2021-03-03 14:08:02.492294856 +0100
|
||||
@@ -8,32 +8,33 @@
|
||||
*/
|
||||
|
||||
|
|
@ -1498,9 +1498,9 @@ diff -up openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1e/crypto/kdf/hkdf
|
|||
|
||||
err:
|
||||
OPENSSL_cleanse(prev, sizeof(prev));
|
||||
diff -up openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_err.c
|
||||
--- openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/kdf_err.c 2020-03-19 16:04:32.349699159 +0100
|
||||
diff -up openssl-1.1.1j/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_err.c
|
||||
--- openssl-1.1.1j/crypto/kdf/kdf_err.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/kdf/kdf_err.c 2021-03-03 14:08:02.492294856 +0100
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
|
|
@ -1556,9 +1556,9 @@ diff -up openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1e/crypto/kdf/k
|
|||
{0, NULL}
|
||||
};
|
||||
|
||||
diff -up openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_local.h
|
||||
--- openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf 2020-03-19 16:04:32.349699159 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/kdf_local.h 2020-03-19 16:04:32.349699159 +0100
|
||||
diff -up openssl-1.1.1j/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_local.h
|
||||
--- openssl-1.1.1j/crypto/kdf/kdf_local.h.evp-kdf 2021-03-03 14:08:02.492294856 +0100
|
||||
+++ openssl-1.1.1j/crypto/kdf/kdf_local.h 2021-03-03 14:08:02.492294856 +0100
|
||||
@@ -0,0 +1,22 @@
|
||||
+/*
|
||||
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
|
@ -1582,9 +1582,9 @@ diff -up openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1e/crypto/kdf
|
|||
+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
|
||||
+ int cmd, const char *md_name);
|
||||
+
|
||||
diff -up openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_util.c
|
||||
--- openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf 2020-03-19 16:04:32.350699142 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/kdf_util.c 2020-03-19 16:04:32.350699142 +0100
|
||||
diff -up openssl-1.1.1j/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1j/crypto/kdf/kdf_util.c
|
||||
--- openssl-1.1.1j/crypto/kdf/kdf_util.c.evp-kdf 2021-03-03 14:08:02.492294856 +0100
|
||||
+++ openssl-1.1.1j/crypto/kdf/kdf_util.c 2021-03-03 14:08:02.492294856 +0100
|
||||
@@ -0,0 +1,73 @@
|
||||
+/*
|
||||
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
|
@ -1659,9 +1659,9 @@ diff -up openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1e/crypto/kdf/
|
|||
+ return call_ctrl(ctrl, impl, cmd, md);
|
||||
+}
|
||||
+
|
||||
diff -up openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1e/crypto/kdf/pbkdf2.c
|
||||
--- openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf 2020-03-19 16:04:32.374698727 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/pbkdf2.c 2020-03-19 16:04:32.374698727 +0100
|
||||
diff -up openssl-1.1.1j/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1j/crypto/kdf/pbkdf2.c
|
||||
--- openssl-1.1.1j/crypto/kdf/pbkdf2.c.evp-kdf 2021-03-03 14:08:02.492294856 +0100
|
||||
+++ openssl-1.1.1j/crypto/kdf/pbkdf2.c 2021-03-03 14:08:02.492294856 +0100
|
||||
@@ -0,0 +1,264 @@
|
||||
+/*
|
||||
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
|
@ -1927,9 +1927,9 @@ diff -up openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1e/crypto/kdf/pb
|
|||
+ HMAC_CTX_free(hctx_tpl);
|
||||
+ return ret;
|
||||
+}
|
||||
diff -up openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1e/crypto/kdf/scrypt.c
|
||||
--- openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/scrypt.c 2020-03-19 16:11:06.215872475 +0100
|
||||
diff -up openssl-1.1.1j/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1j/crypto/kdf/scrypt.c
|
||||
--- openssl-1.1.1j/crypto/kdf/scrypt.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/kdf/scrypt.c 2021-03-03 14:08:02.492294856 +0100
|
||||
@@ -8,25 +8,35 @@
|
||||
*/
|
||||
|
||||
|
|
@ -2517,9 +2517,9 @@ diff -up openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1e/crypto/kdf/sc
|
|||
+}
|
||||
|
||||
#endif
|
||||
diff -up openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1e/crypto/kdf/tls1_prf.c
|
||||
--- openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/tls1_prf.c 2020-03-19 16:10:32.317460707 +0100
|
||||
diff -up openssl-1.1.1j/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1j/crypto/kdf/tls1_prf.c
|
||||
--- openssl-1.1.1j/crypto/kdf/tls1_prf.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/kdf/tls1_prf.c 2021-03-03 14:08:02.492294856 +0100
|
||||
@@ -8,11 +8,15 @@
|
||||
*/
|
||||
|
||||
|
|
@ -2802,9 +2802,9 @@ diff -up openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1e/crypto/kdf/
|
|||
OPENSSL_clear_free(tmp, olen);
|
||||
return 0;
|
||||
}
|
||||
diff -up openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod
|
||||
--- openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf 2020-03-19 16:04:32.377698675 +0100
|
||||
+++ openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod 2020-03-19 16:04:32.377698675 +0100
|
||||
diff -up openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod
|
||||
--- openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod.evp-kdf 2021-03-03 14:08:02.492294856 +0100
|
||||
+++ openssl-1.1.1j/doc/man3/EVP_KDF_CTX.pod 2021-03-03 14:08:02.492294856 +0100
|
||||
@@ -0,0 +1,217 @@
|
||||
+=pod
|
||||
+
|
||||
|
|
@ -3023,9 +3023,9 @@ diff -up openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1e/doc/man3
|
|||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
diff -up openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod
|
||||
--- openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf 2020-03-19 16:04:32.377698675 +0100
|
||||
+++ openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod 2020-03-19 16:04:32.377698675 +0100
|
||||
diff -up openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod
|
||||
--- openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod.evp-kdf 2021-03-03 14:08:02.493294865 +0100
|
||||
+++ openssl-1.1.1j/doc/man7/EVP_KDF_HKDF.pod 2021-03-03 14:08:02.493294865 +0100
|
||||
@@ -0,0 +1,180 @@
|
||||
+=pod
|
||||
+
|
||||
|
|
@ -3207,9 +3207,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1e/doc/man
|
|||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
diff -up openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod
|
||||
--- openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf 2020-03-19 16:04:32.378698658 +0100
|
||||
+++ openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod 2020-03-19 16:04:32.378698658 +0100
|
||||
diff -up openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod
|
||||
--- openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf 2021-03-03 14:08:02.493294865 +0100
|
||||
+++ openssl-1.1.1j/doc/man7/EVP_KDF_PBKDF2.pod 2021-03-03 14:08:02.493294865 +0100
|
||||
@@ -0,0 +1,78 @@
|
||||
+=pod
|
||||
+
|
||||
|
|
@ -3289,9 +3289,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1e/doc/m
|
|||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
diff -up openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod
|
||||
--- openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf 2020-03-19 16:04:32.378698658 +0100
|
||||
+++ openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod 2020-03-19 16:04:32.378698658 +0100
|
||||
diff -up openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod
|
||||
--- openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf 2021-03-03 14:08:02.493294865 +0100
|
||||
+++ openssl-1.1.1j/doc/man7/EVP_KDF_SCRYPT.pod 2021-03-03 14:08:02.493294865 +0100
|
||||
@@ -0,0 +1,149 @@
|
||||
+=pod
|
||||
+
|
||||
|
|
@ -3442,9 +3442,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1e/doc/m
|
|||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
diff -up openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod
|
||||
--- openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf 2020-03-19 16:04:32.378698658 +0100
|
||||
+++ openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod 2020-03-19 16:04:32.378698658 +0100
|
||||
diff -up openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod
|
||||
--- openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf 2021-03-03 14:08:02.493294865 +0100
|
||||
+++ openssl-1.1.1j/doc/man7/EVP_KDF_TLS1_PRF.pod 2021-03-03 14:08:02.493294865 +0100
|
||||
@@ -0,0 +1,142 @@
|
||||
+=pod
|
||||
+
|
||||
|
|
@ -3588,9 +3588,9 @@ diff -up openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1e/doc
|
|||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
diff -up openssl-1.1.1e/include/crypto/evp.h.evp-kdf openssl-1.1.1e/include/crypto/evp.h
|
||||
--- openssl-1.1.1e/include/crypto/evp.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/include/crypto/evp.h 2020-03-19 16:04:32.347699194 +0100
|
||||
diff -up openssl-1.1.1j/include/crypto/evp.h.evp-kdf openssl-1.1.1j/include/crypto/evp.h
|
||||
--- openssl-1.1.1j/include/crypto/evp.h.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/include/crypto/evp.h 2021-03-03 14:08:02.493294865 +0100
|
||||
@@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m
|
||||
extern const EVP_PKEY_METHOD poly1305_pkey_meth;
|
||||
extern const EVP_PKEY_METHOD siphash_pkey_meth;
|
||||
|
|
@ -3616,10 +3616,10 @@ diff -up openssl-1.1.1e/include/crypto/evp.h.evp-kdf openssl-1.1.1e/include/cryp
|
|||
struct evp_md_st {
|
||||
int type;
|
||||
int pkey_type;
|
||||
diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/openssl/evperr.h
|
||||
--- openssl-1.1.1e/include/openssl/evperr.h.evp-kdf 2020-03-19 16:04:11.250064365 +0100
|
||||
+++ openssl-1.1.1e/include/openssl/evperr.h 2020-03-19 16:04:32.379698640 +0100
|
||||
@@ -58,6 +58,9 @@ int ERR_load_EVP_strings(void);
|
||||
diff -up openssl-1.1.1j/include/openssl/evperr.h.evp-kdf openssl-1.1.1j/include/openssl/evperr.h
|
||||
--- openssl-1.1.1j/include/openssl/evperr.h.evp-kdf 2021-03-03 14:08:02.477294722 +0100
|
||||
+++ openssl-1.1.1j/include/openssl/evperr.h 2021-03-03 14:13:37.587003722 +0100
|
||||
@@ -56,6 +56,9 @@ int ERR_load_EVP_strings(void);
|
||||
# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219
|
||||
# define EVP_F_EVP_ENCRYPTFINAL_EX 127
|
||||
# define EVP_F_EVP_ENCRYPTUPDATE 167
|
||||
|
|
@ -3629,7 +3629,7 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/
|
|||
# define EVP_F_EVP_MD_CTX_COPY_EX 110
|
||||
# define EVP_F_EVP_MD_SIZE 162
|
||||
# define EVP_F_EVP_OPENINIT 102
|
||||
@@ -120,11 +123,13 @@ int ERR_load_EVP_strings(void);
|
||||
@@ -118,11 +121,13 @@ int ERR_load_EVP_strings(void);
|
||||
# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
|
||||
# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164
|
||||
# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180
|
||||
|
|
@ -3643,17 +3643,17 @@ diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/
|
|||
# define EVP_F_UPDATE 173
|
||||
|
||||
/*
|
||||
@@ -181,6 +186,7 @@ int ERR_load_EVP_strings(void);
|
||||
@@ -179,6 +184,7 @@ int ERR_load_EVP_strings(void);
|
||||
# define EVP_R_ONLY_ONESHOT_SUPPORTED 177
|
||||
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
|
||||
# define EVP_R_OPERATON_NOT_INITIALIZED 151
|
||||
+# define EVP_R_PARAMETER_TOO_LARGE 187
|
||||
# define EVP_R_OUTPUT_WOULD_OVERFLOW 184
|
||||
# define EVP_R_PARTIALLY_OVERLAPPING 162
|
||||
# define EVP_R_PBKDF2_ERROR 181
|
||||
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
|
||||
diff -up openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf openssl-1.1.1e/include/openssl/kdferr.h
|
||||
--- openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/include/openssl/kdferr.h 2020-03-19 16:04:32.379698640 +0100
|
||||
diff -up openssl-1.1.1j/include/openssl/kdferr.h.evp-kdf openssl-1.1.1j/include/openssl/kdferr.h
|
||||
--- openssl-1.1.1j/include/openssl/kdferr.h.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/include/openssl/kdferr.h 2021-03-03 14:08:02.493294865 +0100
|
||||
@@ -23,6 +23,23 @@ int ERR_load_KDF_strings(void);
|
||||
/*
|
||||
* KDF function codes.
|
||||
|
|
@ -3693,9 +3693,9 @@ diff -up openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf openssl-1.1.1e/include/
|
|||
+# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112
|
||||
|
||||
#endif
|
||||
diff -up openssl-1.1.1e/include/openssl/kdf.h.evp-kdf openssl-1.1.1e/include/openssl/kdf.h
|
||||
--- openssl-1.1.1e/include/openssl/kdf.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/include/openssl/kdf.h 2020-03-19 16:04:32.380698623 +0100
|
||||
diff -up openssl-1.1.1j/include/openssl/kdf.h.evp-kdf openssl-1.1.1j/include/openssl/kdf.h
|
||||
--- openssl-1.1.1j/include/openssl/kdf.h.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/include/openssl/kdf.h 2021-03-03 14:08:02.493294865 +0100
|
||||
@@ -10,10 +10,50 @@
|
||||
#ifndef HEADER_KDF_H
|
||||
# define HEADER_KDF_H
|
||||
|
|
@ -3774,9 +3774,9 @@ diff -up openssl-1.1.1e/include/openssl/kdf.h.evp-kdf openssl-1.1.1e/include/ope
|
|||
}
|
||||
# endif
|
||||
#endif
|
||||
diff -up openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1e/include/openssl/ossl_typ.h
|
||||
--- openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/include/openssl/ossl_typ.h 2020-03-19 16:04:32.381698606 +0100
|
||||
diff -up openssl-1.1.1j/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1j/include/openssl/ossl_typ.h
|
||||
--- openssl-1.1.1j/include/openssl/ossl_typ.h.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/include/openssl/ossl_typ.h 2021-03-03 14:08:02.493294865 +0100
|
||||
@@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E
|
||||
typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
|
||||
typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
|
||||
|
|
@ -3786,9 +3786,9 @@ diff -up openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1e/includ
|
|||
typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
|
||||
|
||||
typedef struct hmac_ctx_st HMAC_CTX;
|
||||
diff -up openssl-1.1.1e/test/build.info.evp-kdf openssl-1.1.1e/test/build.info
|
||||
--- openssl-1.1.1e/test/build.info.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/test/build.info 2020-03-19 16:04:32.381698606 +0100
|
||||
diff -up openssl-1.1.1j/test/build.info.evp-kdf openssl-1.1.1j/test/build.info
|
||||
--- openssl-1.1.1j/test/build.info.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/test/build.info 2021-03-03 14:08:02.493294865 +0100
|
||||
@@ -44,7 +44,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
|
||||
ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
|
||||
bio_callback_test bio_memleak_test \
|
||||
|
|
@ -3810,9 +3810,9 @@ diff -up openssl-1.1.1e/test/build.info.evp-kdf openssl-1.1.1e/test/build.info
|
|||
SOURCE[x509_time_test]=x509_time_test.c
|
||||
INCLUDE[x509_time_test]=../include
|
||||
DEPEND[x509_time_test]=../libcrypto libtestutil.a
|
||||
diff -up openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf openssl-1.1.1e/test/evp_kdf_test.c
|
||||
--- openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf 2020-03-19 16:04:32.382698588 +0100
|
||||
+++ openssl-1.1.1e/test/evp_kdf_test.c 2020-03-19 16:04:32.382698588 +0100
|
||||
diff -up openssl-1.1.1j/test/evp_kdf_test.c.evp-kdf openssl-1.1.1j/test/evp_kdf_test.c
|
||||
--- openssl-1.1.1j/test/evp_kdf_test.c.evp-kdf 2021-03-03 14:08:02.494294874 +0100
|
||||
+++ openssl-1.1.1j/test/evp_kdf_test.c 2021-03-03 14:08:02.494294874 +0100
|
||||
@@ -0,0 +1,237 @@
|
||||
+/*
|
||||
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
|
@ -4051,9 +4051,9 @@ diff -up openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf openssl-1.1.1e/test/evp_kdf_
|
|||
+#endif
|
||||
+ return 1;
|
||||
+}
|
||||
diff -up openssl-1.1.1e/test/evp_test.c.evp-kdf openssl-1.1.1e/test/evp_test.c
|
||||
--- openssl-1.1.1e/test/evp_test.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/test/evp_test.c 2020-03-19 16:04:32.383698571 +0100
|
||||
diff -up openssl-1.1.1j/test/evp_test.c.evp-kdf openssl-1.1.1j/test/evp_test.c
|
||||
--- openssl-1.1.1j/test/evp_test.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/test/evp_test.c 2021-03-03 14:08:02.494294874 +0100
|
||||
@@ -1705,13 +1705,14 @@ static const EVP_TEST_METHOD encode_test
|
||||
encode_test_run,
|
||||
};
|
||||
|
|
@ -4265,9 +4265,9 @@ diff -up openssl-1.1.1e/test/evp_test.c.evp-kdf openssl-1.1.1e/test/evp_test.c
|
|||
&keypair_test_method,
|
||||
&keygen_test_method,
|
||||
&mac_test_method,
|
||||
diff -up openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1e/test/pkey_meth_kdf_test.c
|
||||
--- openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/test/pkey_meth_kdf_test.c 2020-03-19 16:04:32.386698519 +0100
|
||||
diff -up openssl-1.1.1j/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1j/test/pkey_meth_kdf_test.c
|
||||
--- openssl-1.1.1j/test/pkey_meth_kdf_test.c.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/test/pkey_meth_kdf_test.c 2021-03-03 14:08:02.494294874 +0100
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
|
@ -4471,16 +4471,9 @@ diff -up openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1e/test/pk
|
|||
}
|
||||
#endif
|
||||
|
||||
diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt
|
||||
--- openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt 2020-03-19 16:04:32.388698484 +0100
|
||||
@@ -1,5 +1,5 @@
|
||||
#
|
||||
-# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt
|
||||
--- openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/test/recipes/30-test_evp_data/evpkdf.txt 2021-03-03 14:08:02.494294874 +0100
|
||||
@@ -15,7 +15,7 @@
|
||||
Title = TLS1 PRF tests (from NIST test vectors)
|
||||
|
||||
|
|
@ -4740,7 +4733,7 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl
|
|||
Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
|
||||
@@ -303,3 +303,133 @@ Ctrl.r = r:8
|
||||
Ctrl.p = p:1
|
||||
Result = INTERNAL_ERROR
|
||||
Result = KDF_DERIVE_ERROR
|
||||
|
||||
+Title = PBKDF2 tests
|
||||
+
|
||||
|
|
@ -4872,9 +4865,9 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl
|
|||
+Ctrl.digest = digest:sha512
|
||||
+Output = 00ef42cdbfc98d29db20976608e455567fdddf14
|
||||
+
|
||||
diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt
|
||||
--- openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf 2020-03-19 16:04:32.389698467 +0100
|
||||
+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt 2020-03-19 16:04:32.389698467 +0100
|
||||
diff -up openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt
|
||||
--- openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf 2021-03-03 14:08:02.494294874 +0100
|
||||
+++ openssl-1.1.1j/test/recipes/30-test_evp_data/evppkey_kdf.txt 2021-03-03 14:08:02.494294874 +0100
|
||||
@@ -0,0 +1,305 @@
|
||||
+#
|
||||
+# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
|
@ -5181,9 +5174,9 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf op
|
|||
+Ctrl.p = p:1
|
||||
+Result = INTERNAL_ERROR
|
||||
+
|
||||
diff -up openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_kdf.t
|
||||
--- openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf 2020-03-19 16:04:32.390698450 +0100
|
||||
+++ openssl-1.1.1e/test/recipes/30-test_evp_kdf.t 2020-03-19 16:04:32.390698450 +0100
|
||||
diff -up openssl-1.1.1j/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp_kdf.t
|
||||
--- openssl-1.1.1j/test/recipes/30-test_evp_kdf.t.evp-kdf 2021-03-03 14:08:02.494294874 +0100
|
||||
+++ openssl-1.1.1j/test/recipes/30-test_evp_kdf.t 2021-03-03 14:08:02.494294874 +0100
|
||||
@@ -0,0 +1,13 @@
|
||||
+#! /usr/bin/env perl
|
||||
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
|
@ -5198,9 +5191,9 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1e/te
|
|||
+use OpenSSL::Test::Simple;
|
||||
+
|
||||
+simple_test("test_evp_kdf", "evp_kdf_test");
|
||||
diff -up openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp.t
|
||||
--- openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/test/recipes/30-test_evp.t 2020-03-19 16:04:32.390698450 +0100
|
||||
diff -up openssl-1.1.1j/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1j/test/recipes/30-test_evp.t
|
||||
--- openssl-1.1.1j/test/recipes/30-test_evp.t.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/test/recipes/30-test_evp.t 2021-03-03 14:08:02.495294883 +0100
|
||||
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/
|
||||
setup("test_evp");
|
||||
|
||||
|
|
@ -5210,10 +5203,10 @@ diff -up openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1e/test/r
|
|||
"evpcase.txt", "evpccmcavs.txt" );
|
||||
|
||||
plan tests => scalar(@files);
|
||||
diff -up openssl-1.1.1e/util/libcrypto.num.evp-kdf openssl-1.1.1e/util/libcrypto.num
|
||||
--- openssl-1.1.1e/util/libcrypto.num.evp-kdf 2020-03-19 16:04:11.263064140 +0100
|
||||
+++ openssl-1.1.1e/util/libcrypto.num 2020-03-19 16:04:32.392698415 +0100
|
||||
@@ -4622,3 +4622,11 @@ FIPS_drbg_get_strength
|
||||
diff -up openssl-1.1.1j/util/libcrypto.num.evp-kdf openssl-1.1.1j/util/libcrypto.num
|
||||
--- openssl-1.1.1j/util/libcrypto.num.evp-kdf 2021-03-03 14:08:02.481294758 +0100
|
||||
+++ openssl-1.1.1j/util/libcrypto.num 2021-03-03 14:08:02.495294883 +0100
|
||||
@@ -4626,3 +4626,11 @@ FIPS_drbg_get_strength
|
||||
FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION:
|
||||
FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION:
|
||||
FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION:
|
||||
|
|
@ -5225,9 +5218,9 @@ diff -up openssl-1.1.1e/util/libcrypto.num.evp-kdf openssl-1.1.1e/util/libcrypto
|
|||
+EVP_KDF_ctrl_str 6595 1_1_1b EXIST::FUNCTION:
|
||||
+EVP_KDF_size 6596 1_1_1b EXIST::FUNCTION:
|
||||
+EVP_KDF_derive 6597 1_1_1b EXIST::FUNCTION:
|
||||
diff -up openssl-1.1.1e/util/private.num.evp-kdf openssl-1.1.1e/util/private.num
|
||||
--- openssl-1.1.1e/util/private.num.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/util/private.num 2020-03-19 16:04:32.393698398 +0100
|
||||
diff -up openssl-1.1.1j/util/private.num.evp-kdf openssl-1.1.1j/util/private.num
|
||||
--- openssl-1.1.1j/util/private.num.evp-kdf 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/util/private.num 2021-03-03 14:08:02.495294883 +0100
|
||||
@@ -21,6 +21,7 @@ CRYPTO_EX_dup
|
||||
CRYPTO_EX_free datatype
|
||||
CRYPTO_EX_new datatype
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn_const.c
|
||||
--- openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/bn/bn_const.c 2020-07-17 10:36:29.245788441 +0200
|
||||
diff -up openssl-1.1.1j/crypto/bn/bn_const.c.fips-dh openssl-1.1.1j/crypto/bn/bn_const.c
|
||||
--- openssl-1.1.1j/crypto/bn/bn_const.c.fips-dh 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/bn/bn_const.c 2021-03-03 14:23:27.403092418 +0100
|
||||
@@ -1,13 +1,17 @@
|
||||
/*
|
||||
- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
|
@ -477,9 +477,9 @@ diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn
|
|||
- return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn);
|
||||
+ return COPY_BN(bn, _bignum_modp_8192_p);
|
||||
}
|
||||
diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh.c
|
||||
--- openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/bn/bn_dh.c 2020-07-17 10:36:29.246788449 +0200
|
||||
diff -up openssl-1.1.1j/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1j/crypto/bn/bn_dh.c
|
||||
--- openssl-1.1.1j/crypto/bn/bn_dh.c.fips-dh 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/bn/bn_dh.c 2021-03-03 14:23:27.404092427 +0100
|
||||
@@ -1,7 +1,7 @@
|
||||
/*
|
||||
- * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
|
@ -1956,9 +1956,9 @@ diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh
|
|||
|
||||
-#endif
|
||||
+#endif /* OPENSSL_NO_DH */
|
||||
diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh_check.c
|
||||
--- openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/dh/dh_check.c 2020-07-17 10:36:29.246788449 +0200
|
||||
diff -up openssl-1.1.1j/crypto/dh/dh_check.c.fips-dh openssl-1.1.1j/crypto/dh/dh_check.c
|
||||
--- openssl-1.1.1j/crypto/dh/dh_check.c.fips-dh 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/dh/dh_check.c 2021-03-03 14:23:27.404092427 +0100
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <stdio.h>
|
||||
#include "internal/cryptlib.h"
|
||||
|
|
@ -2043,9 +2043,9 @@ diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh
|
|||
+ return dh_check_pub_key_int(dh, q, pub_key, ret);
|
||||
+}
|
||||
+
|
||||
diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_gen.c
|
||||
--- openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh 2020-07-17 10:36:29.182787923 +0200
|
||||
+++ openssl-1.1.1g/crypto/dh/dh_gen.c 2020-07-17 10:36:29.246788449 +0200
|
||||
diff -up openssl-1.1.1j/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1j/crypto/dh/dh_gen.c
|
||||
--- openssl-1.1.1j/crypto/dh/dh_gen.c.fips-dh 2021-03-03 14:23:27.338091859 +0100
|
||||
+++ openssl-1.1.1j/crypto/dh/dh_gen.c 2021-03-03 14:23:27.404092427 +0100
|
||||
@@ -27,8 +27,7 @@ int DH_generate_parameters_ex(DH *ret, i
|
||||
BN_GENCB *cb)
|
||||
{
|
||||
|
|
@ -2075,10 +2075,10 @@ diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_g
|
|||
ctx = BN_CTX_new();
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_key.c
|
||||
--- openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh 2020-07-17 10:36:29.182787923 +0200
|
||||
+++ openssl-1.1.1g/crypto/dh/dh_key.c 2020-07-17 11:00:07.783777846 +0200
|
||||
@@ -100,10 +100,18 @@ static int generate_key(DH *dh)
|
||||
diff -up openssl-1.1.1j/crypto/dh/dh_key.c.fips-dh openssl-1.1.1j/crypto/dh/dh_key.c
|
||||
--- openssl-1.1.1j/crypto/dh/dh_key.c.fips-dh 2021-03-03 14:23:27.338091859 +0100
|
||||
+++ openssl-1.1.1j/crypto/dh/dh_key.c 2021-03-03 14:51:36.235296236 +0100
|
||||
@@ -120,10 +120,18 @@ static int generate_key(DH *dh)
|
||||
BIGNUM *pub_key = NULL, *priv_key = NULL;
|
||||
|
||||
#ifdef OPENSSL_FIPS
|
||||
|
|
@ -2101,7 +2101,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
|
|||
}
|
||||
#endif
|
||||
|
||||
@@ -139,7 +147,15 @@ static int generate_key(DH *dh)
|
||||
@@ -159,7 +167,15 @@ static int generate_key(DH *dh)
|
||||
}
|
||||
|
||||
if (generate_new_key) {
|
||||
|
|
@ -2118,7 +2118,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
|
|||
do {
|
||||
if (!BN_priv_rand_range(priv_key, dh->q))
|
||||
goto err;
|
||||
@@ -175,6 +191,15 @@ static int generate_key(DH *dh)
|
||||
@@ -195,6 +211,15 @@ static int generate_key(DH *dh)
|
||||
}
|
||||
/* We MUST free prk before any further use of priv_key */
|
||||
BN_clear_free(prk);
|
||||
|
|
@ -2134,7 +2134,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
|
|||
}
|
||||
|
||||
dh->pub_key = pub_key;
|
||||
@@ -197,6 +222,7 @@ static int compute_key(unsigned char *ke
|
||||
@@ -217,6 +242,7 @@ static int compute_key(unsigned char *ke
|
||||
BN_CTX *ctx = NULL;
|
||||
BN_MONT_CTX *mont = NULL;
|
||||
BIGNUM *tmp;
|
||||
|
|
@ -2142,7 +2142,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
|
|||
int ret = -1;
|
||||
int check_result;
|
||||
|
||||
@@ -243,6 +269,18 @@ static int compute_key(unsigned char *ke
|
||||
@@ -263,6 +289,18 @@ static int compute_key(unsigned char *ke
|
||||
DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
|
@ -2159,11 +2159,11 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
|
|||
+ goto err;
|
||||
+ }
|
||||
|
||||
ret = BN_bn2bin(tmp, key);
|
||||
ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p));
|
||||
err:
|
||||
diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_lib.c
|
||||
--- openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/dh/dh_lib.c 2020-07-17 10:36:29.246788449 +0200
|
||||
diff -up openssl-1.1.1j/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1j/crypto/dh/dh_lib.c
|
||||
--- openssl-1.1.1j/crypto/dh/dh_lib.c.fips-dh 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/dh/dh_lib.c 2021-03-03 14:23:27.405092436 +0100
|
||||
@@ -8,6 +8,7 @@
|
||||
*/
|
||||
|
||||
|
|
@ -2193,9 +2193,9 @@ diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_l
|
|||
dh->length = BN_num_bits(q);
|
||||
}
|
||||
|
||||
diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh_local.h
|
||||
--- openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh 2020-07-17 10:36:28.968786163 +0200
|
||||
+++ openssl-1.1.1g/crypto/dh/dh_local.h 2020-07-17 10:36:29.246788449 +0200
|
||||
diff -up openssl-1.1.1j/crypto/dh/dh_local.h.fips-dh openssl-1.1.1j/crypto/dh/dh_local.h
|
||||
--- openssl-1.1.1j/crypto/dh/dh_local.h.fips-dh 2021-03-03 14:23:27.202090689 +0100
|
||||
+++ openssl-1.1.1j/crypto/dh/dh_local.h 2021-03-03 14:23:27.405092436 +0100
|
||||
@@ -35,6 +35,7 @@ struct dh_st {
|
||||
const DH_METHOD *meth;
|
||||
ENGINE *engine;
|
||||
|
|
@ -2215,9 +2215,9 @@ diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh
|
|||
+/* FIPS mode only check which requires nid set and looks up q based on it. */
|
||||
+int dh_check_pub_key_full(const DH *dh, const BIGNUM *pub_key, int *ret);
|
||||
+
|
||||
diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/dh_rfc7919.c
|
||||
--- openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/dh/dh_rfc7919.c 2020-07-17 10:36:29.246788449 +0200
|
||||
diff -up openssl-1.1.1j/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1j/crypto/dh/dh_rfc7919.c
|
||||
--- openssl-1.1.1j/crypto/dh/dh_rfc7919.c.fips-dh 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/dh/dh_rfc7919.c 2021-03-03 14:23:27.405092436 +0100
|
||||
@@ -7,6 +7,8 @@
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
|
@ -2387,10 +2387,10 @@ diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/
|
|||
+ return dh_match_group(dh, q, NULL) != NID_undef;
|
||||
+}
|
||||
+
|
||||
diff -up openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh openssl-1.1.1g/crypto/ec/ec_key.c
|
||||
--- openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh 2020-07-17 11:00:53.958175227 +0200
|
||||
+++ openssl-1.1.1g/crypto/ec/ec_key.c 2020-07-20 13:24:03.941107320 +0200
|
||||
@@ -280,9 +280,18 @@ int ec_key_simple_generate_key(EC_KEY *e
|
||||
diff -up openssl-1.1.1j/crypto/ec/ec_key.c.fips-dh openssl-1.1.1j/crypto/ec/ec_key.c
|
||||
--- openssl-1.1.1j/crypto/ec/ec_key.c.fips-dh 2021-03-03 14:23:27.339091868 +0100
|
||||
+++ openssl-1.1.1j/crypto/ec/ec_key.c 2021-03-03 14:23:27.405092436 +0100
|
||||
@@ -281,9 +281,18 @@ int ec_key_simple_generate_key(EC_KEY *e
|
||||
if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
|
||||
goto err;
|
||||
|
||||
|
|
@ -2410,7 +2410,7 @@ diff -up openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh openssl-1.1.1g/crypto/ec/ec_k
|
|||
ok = 1;
|
||||
|
||||
err:
|
||||
@@ -296,8 +305,23 @@ int ec_key_simple_generate_key(EC_KEY *e
|
||||
@@ -297,8 +306,23 @@ int ec_key_simple_generate_key(EC_KEY *e
|
||||
|
||||
int ec_key_simple_generate_public_key(EC_KEY *eckey)
|
||||
{
|
||||
|
|
@ -2435,9 +2435,9 @@ diff -up openssl-1.1.1g/crypto/ec/ec_key.c.fips-dh openssl-1.1.1g/crypto/ec/ec_k
|
|||
}
|
||||
|
||||
int EC_KEY_check_key(const EC_KEY *eckey)
|
||||
diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_lib.c
|
||||
--- openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/evp/p_lib.c 2020-07-17 10:36:29.247788458 +0200
|
||||
diff -up openssl-1.1.1j/crypto/evp/p_lib.c.fips-dh openssl-1.1.1j/crypto/evp/p_lib.c
|
||||
--- openssl-1.1.1j/crypto/evp/p_lib.c.fips-dh 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/crypto/evp/p_lib.c 2021-03-03 14:23:27.405092436 +0100
|
||||
@@ -540,7 +540,8 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *p
|
||||
|
||||
int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
|
||||
|
|
@ -2448,9 +2448,9 @@ diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_l
|
|||
int ret = EVP_PKEY_assign(pkey, type, key);
|
||||
|
||||
if (ret)
|
||||
diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/objects/obj_dat.h
|
||||
--- openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh 2020-07-17 10:36:29.239788392 +0200
|
||||
+++ openssl-1.1.1g/crypto/objects/obj_dat.h 2020-07-17 10:36:29.247788458 +0200
|
||||
diff -up openssl-1.1.1j/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1j/crypto/objects/obj_dat.h
|
||||
--- openssl-1.1.1j/crypto/objects/obj_dat.h.fips-dh 2021-03-03 14:23:27.394092341 +0100
|
||||
+++ openssl-1.1.1j/crypto/objects/obj_dat.h 2021-03-03 14:23:27.406092444 +0100
|
||||
@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
|
||||
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */
|
||||
};
|
||||
|
|
@ -2512,9 +2512,9 @@ diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/o
|
|||
481, /* "nSRecord" */
|
||||
173, /* "name" */
|
||||
681, /* "onBasis" */
|
||||
diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto/objects/objects.txt
|
||||
--- openssl-1.1.1g/crypto/objects/objects.txt.fips-dh 2020-07-17 10:36:29.239788392 +0200
|
||||
+++ openssl-1.1.1g/crypto/objects/objects.txt 2020-07-17 10:36:29.247788458 +0200
|
||||
diff -up openssl-1.1.1j/crypto/objects/objects.txt.fips-dh openssl-1.1.1j/crypto/objects/objects.txt
|
||||
--- openssl-1.1.1j/crypto/objects/objects.txt.fips-dh 2021-03-03 14:23:27.395092350 +0100
|
||||
+++ openssl-1.1.1j/crypto/objects/objects.txt 2021-03-03 14:23:27.406092444 +0100
|
||||
@@ -1657,6 +1657,13 @@ id-pkinit 5 : pkInit
|
||||
: ffdhe4096
|
||||
: ffdhe6144
|
||||
|
|
@ -2529,9 +2529,9 @@ diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto
|
|||
|
||||
# OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17)
|
||||
|
||||
diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto/objects/obj_mac.num
|
||||
--- openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh 2020-07-17 10:36:29.239788392 +0200
|
||||
+++ openssl-1.1.1g/crypto/objects/obj_mac.num 2020-07-17 10:36:29.248788466 +0200
|
||||
diff -up openssl-1.1.1j/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1j/crypto/objects/obj_mac.num
|
||||
--- openssl-1.1.1j/crypto/objects/obj_mac.num.fips-dh 2021-03-03 14:23:27.395092350 +0100
|
||||
+++ openssl-1.1.1j/crypto/objects/obj_mac.num 2021-03-03 14:23:27.406092444 +0100
|
||||
@@ -1196,3 +1196,9 @@ sshkdf 1195
|
||||
kbkdf 1196
|
||||
krb5kdf 1197
|
||||
|
|
@ -2542,9 +2542,9 @@ diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto
|
|||
+modp_4096 1202
|
||||
+modp_6144 1203
|
||||
+modp_8192 1204
|
||||
diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/man3/DH_new_by_nid.pod
|
||||
--- openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/doc/man3/DH_new_by_nid.pod 2020-07-17 10:36:29.248788466 +0200
|
||||
diff -up openssl-1.1.1j/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1j/doc/man3/DH_new_by_nid.pod
|
||||
--- openssl-1.1.1j/doc/man3/DH_new_by_nid.pod.fips-dh 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/doc/man3/DH_new_by_nid.pod 2021-03-03 14:23:27.406092444 +0100
|
||||
@@ -8,13 +8,15 @@ DH_new_by_nid, DH_get_nid - get or find
|
||||
|
||||
#include <openssl/dh.h>
|
||||
|
|
@ -2563,9 +2563,9 @@ diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/ma
|
|||
|
||||
DH_get_nid() determines if the parameters contained in B<dh> match
|
||||
any named set. It returns the NID corresponding to the matching parameters or
|
||||
diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod
|
||||
--- openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod 2020-07-17 10:36:29.248788466 +0200
|
||||
diff -up openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod
|
||||
--- openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/doc/man3/EVP_PKEY_CTX_ctrl.pod 2021-03-03 14:23:27.406092444 +0100
|
||||
@@ -294,10 +294,11 @@ The EVP_PKEY_CTX_set_dh_pad() macro sets
|
||||
If B<pad> is zero (the default) then no padding is performed.
|
||||
|
||||
|
|
@ -2582,9 +2582,9 @@ diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/do
|
|||
The nid parameter and the rfc5114 parameter are mutually exclusive.
|
||||
|
||||
The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are
|
||||
diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/crypto/bn_dh.h
|
||||
--- openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/include/crypto/bn_dh.h 2020-07-17 10:36:29.248788466 +0200
|
||||
diff -up openssl-1.1.1j/include/crypto/bn_dh.h.fips-dh openssl-1.1.1j/include/crypto/bn_dh.h
|
||||
--- openssl-1.1.1j/include/crypto/bn_dh.h.fips-dh 2021-02-16 16:24:01.000000000 +0100
|
||||
+++ openssl-1.1.1j/include/crypto/bn_dh.h 2021-03-03 14:23:27.406092444 +0100
|
||||
@@ -1,7 +1,7 @@
|
||||
/*
|
||||
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
|
@ -2633,9 +2633,9 @@ diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/cr
|
|||
+extern const BIGNUM _bignum_modp_4096_q;
|
||||
+extern const BIGNUM _bignum_modp_6144_q;
|
||||
+extern const BIGNUM _bignum_modp_8192_q;
|
||||
diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include/openssl/obj_mac.h
|
||||
--- openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh 2020-07-17 10:36:29.240788400 +0200
|
||||
+++ openssl-1.1.1g/include/openssl/obj_mac.h 2020-07-17 10:36:29.248788466 +0200
|
||||
diff -up openssl-1.1.1j/include/openssl/obj_mac.h.fips-dh openssl-1.1.1j/include/openssl/obj_mac.h
|
||||
--- openssl-1.1.1j/include/openssl/obj_mac.h.fips-dh 2021-03-03 14:23:27.396092358 +0100
|
||||
+++ openssl-1.1.1j/include/openssl/obj_mac.h 2021-03-03 14:23:27.407092453 +0100
|
||||
@@ -5115,6 +5115,24 @@
|
||||
#define SN_ffdhe8192 "ffdhe8192"
|
||||
#define NID_ffdhe8192 1130
|
||||
|
|
@ -2661,10 +2661,10 @@ diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include
|
|||
#define SN_ISO_UA "ISO-UA"
|
||||
#define NID_ISO_UA 1150
|
||||
#define OBJ_ISO_UA OBJ_member_body,804L
|
||||
diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c
|
||||
--- openssl-1.1.1g/ssl/s3_lib.c.fips-dh 2020-07-17 10:36:29.199788063 +0200
|
||||
+++ openssl-1.1.1g/ssl/s3_lib.c 2020-07-17 10:36:29.248788466 +0200
|
||||
@@ -4858,13 +4858,51 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey
|
||||
diff -up openssl-1.1.1j/ssl/s3_lib.c.fips-dh openssl-1.1.1j/ssl/s3_lib.c
|
||||
--- openssl-1.1.1j/ssl/s3_lib.c.fips-dh 2021-03-03 14:23:27.354091997 +0100
|
||||
+++ openssl-1.1.1j/ssl/s3_lib.c 2021-03-03 14:23:27.407092453 +0100
|
||||
@@ -4849,13 +4849,51 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey
|
||||
EVP_PKEY *ssl_dh_to_pkey(DH *dh)
|
||||
{
|
||||
EVP_PKEY *ret;
|
||||
|
|
@ -2716,11 +2716,10 @@ diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c
|
|||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
diff -up openssl-1.1.1h/ssl/t1_lib.c.fips-dh openssl-1.1.1h/ssl/t1_lib.c
|
||||
--- openssl-1.1.1h/ssl/t1_lib.c.fips-dh 2020-11-04 14:04:41.851711629 +0100
|
||||
+++ openssl-1.1.1h/ssl/t1_lib.c 2020-11-04 14:06:06.506431652 +0100
|
||||
@@ -2470,7 +2470,7 @@
|
||||
diff -up openssl-1.1.1j/ssl/t1_lib.c.fips-dh openssl-1.1.1j/ssl/t1_lib.c
|
||||
--- openssl-1.1.1j/ssl/t1_lib.c.fips-dh 2021-03-03 14:23:27.401092401 +0100
|
||||
+++ openssl-1.1.1j/ssl/t1_lib.c 2021-03-03 14:23:27.407092453 +0100
|
||||
@@ -2542,7 +2542,7 @@ DH *ssl_get_auto_dh(SSL *s)
|
||||
p = BN_get_rfc3526_prime_4096(NULL);
|
||||
else if (dh_secbits >= 128)
|
||||
p = BN_get_rfc3526_prime_3072(NULL);
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
diff -up openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand openssl-1.1.1e/crypto/fips/fips.c
|
||||
--- openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand 2020-03-17 18:06:16.822418854 +0100
|
||||
+++ openssl-1.1.1e/crypto/fips/fips.c 2020-03-17 18:06:16.861418172 +0100
|
||||
diff -up openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand openssl-1.1.1i/crypto/fips/fips.c
|
||||
--- openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand 2020-12-09 10:26:41.634106328 +0100
|
||||
+++ openssl-1.1.1i/crypto/fips/fips.c 2020-12-09 10:26:41.652106475 +0100
|
||||
@@ -68,6 +68,7 @@
|
||||
|
||||
# include <openssl/fips.h>
|
||||
|
|
@ -51,10 +51,10 @@ diff -up openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand openssl-1.1.1e/crypto/
|
|||
ret = 1;
|
||||
goto end;
|
||||
}
|
||||
diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1e/crypto/rand/drbg_lib.c
|
||||
--- openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/rand/drbg_lib.c 2020-03-17 18:07:35.305045521 +0100
|
||||
@@ -1009,6 +1009,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
|
||||
diff -up openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1i/crypto/rand/drbg_lib.c
|
||||
--- openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand 2020-12-08 14:20:59.000000000 +0100
|
||||
+++ openssl-1.1.1i/crypto/rand/drbg_lib.c 2020-12-09 10:26:41.652106475 +0100
|
||||
@@ -1005,6 +1005,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
|
||||
return min_entropy > min_entropylen ? min_entropy : min_entropylen;
|
||||
}
|
||||
|
||||
|
|
@ -75,9 +75,9 @@ diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1e/cry
|
|||
/* Implements the default OpenSSL RAND_add() method */
|
||||
static int drbg_add(const void *buf, int num, double randomness)
|
||||
{
|
||||
diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/crypto/rand/rand_unix.c
|
||||
--- openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/rand/rand_unix.c 2020-03-17 18:09:01.503537189 +0100
|
||||
diff -up openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1i/crypto/rand/rand_unix.c
|
||||
--- openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand 2020-12-08 14:20:59.000000000 +0100
|
||||
+++ openssl-1.1.1i/crypto/rand/rand_unix.c 2020-12-09 10:36:59.531221903 +0100
|
||||
@@ -17,10 +17,12 @@
|
||||
#include <openssl/crypto.h>
|
||||
#include "rand_local.h"
|
||||
|
|
@ -91,7 +91,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
|||
# ifdef DEVRANDOM_WAIT
|
||||
# include <sys/shm.h>
|
||||
# include <sys/utsname.h>
|
||||
@@ -342,7 +344,7 @@ static ssize_t sysctl_random(char *buf,
|
||||
@@ -344,7 +346,7 @@ static ssize_t sysctl_random(char *buf,
|
||||
* syscall_random(): Try to get random data using a system call
|
||||
* returns the number of bytes returned in buf, or < 0 on error.
|
||||
*/
|
||||
|
|
@ -100,15 +100,15 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
|||
{
|
||||
/*
|
||||
* Note: 'buflen' equals the size of the buffer which is used by the
|
||||
@@ -364,6 +366,7 @@ static ssize_t syscall_random(void *buf,
|
||||
* - Linux since 3.17 with glibc 2.25
|
||||
* - FreeBSD since 12.0 (1200061)
|
||||
@@ -369,6 +371,7 @@ static ssize_t syscall_random(void *buf,
|
||||
* Note: Sometimes getentropy() can be provided but not implemented
|
||||
* internally. So we need to check errno for ENOSYS
|
||||
*/
|
||||
+# if 0
|
||||
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
|
||||
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
|
||||
|
||||
@@ -385,10 +388,10 @@ static ssize_t syscall_random(void *buf,
|
||||
@@ -394,10 +397,10 @@ static ssize_t syscall_random(void *buf,
|
||||
if (p_getentropy.p != NULL)
|
||||
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
||||
# endif
|
||||
|
|
@ -122,7 +122,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
|||
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
||||
return sysctl_random(buf, buflen);
|
||||
# else
|
||||
@@ -623,6 +626,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
@@ -633,6 +636,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
size_t entropy_available;
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
|
||||
|
|
@ -132,7 +132,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
|||
{
|
||||
size_t bytes_needed;
|
||||
unsigned char *buffer;
|
||||
@@ -633,7 +639,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
@@ -643,7 +649,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
|
|
@ -141,7 +141,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
|||
if (bytes > 0) {
|
||||
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||
bytes_needed -= bytes;
|
||||
@@ -668,8 +674,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
@@ -678,8 +684,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
int attempts = 3;
|
||||
const int fd = get_random_device(i);
|
||||
|
||||
|
|
@ -153,7 +153,7 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
|||
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
@@ -732,7 +740,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
@@ -742,7 +750,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
return entropy_available;
|
||||
}
|
||||
# endif
|
||||
|
|
@ -164,9 +164,9 @@ diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/cr
|
|||
return rand_pool_entropy_available(pool);
|
||||
# endif
|
||||
}
|
||||
diff -up openssl-1.1.1e/include/crypto/fips.h.fips-post-rand openssl-1.1.1e/include/crypto/fips.h
|
||||
--- openssl-1.1.1e/include/crypto/fips.h.fips-post-rand 2020-03-17 18:06:16.831418696 +0100
|
||||
+++ openssl-1.1.1e/include/crypto/fips.h 2020-03-17 18:06:16.861418172 +0100
|
||||
diff -up openssl-1.1.1i/include/crypto/fips.h.fips-post-rand openssl-1.1.1i/include/crypto/fips.h
|
||||
--- openssl-1.1.1i/include/crypto/fips.h.fips-post-rand 2020-12-09 10:26:41.639106369 +0100
|
||||
+++ openssl-1.1.1i/include/crypto/fips.h 2020-12-09 10:26:41.657106516 +0100
|
||||
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
|
||||
int FIPS_selftest_drbg(void);
|
||||
int FIPS_selftest_cmac(void);
|
||||
|
|
@ -176,9 +176,9 @@ diff -up openssl-1.1.1e/include/crypto/fips.h.fips-post-rand openssl-1.1.1e/incl
|
|||
int fips_pkey_signature_test(EVP_PKEY *pkey,
|
||||
const unsigned char *tbs, int tbslen,
|
||||
const unsigned char *kat,
|
||||
diff -up openssl-1.1.1e/include/crypto/rand.h.fips-post-rand openssl-1.1.1e/include/crypto/rand.h
|
||||
--- openssl-1.1.1e/include/crypto/rand.h.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/include/crypto/rand.h 2020-03-17 18:07:35.303045555 +0100
|
||||
diff -up openssl-1.1.1i/include/crypto/rand.h.fips-post-rand openssl-1.1.1i/include/crypto/rand.h
|
||||
--- openssl-1.1.1i/include/crypto/rand.h.fips-post-rand 2020-12-08 14:20:59.000000000 +0100
|
||||
+++ openssl-1.1.1i/include/crypto/rand.h 2020-12-09 10:26:41.657106516 +0100
|
||||
@@ -24,6 +24,7 @@
|
||||
typedef struct rand_pool_st RAND_POOL;
|
||||
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -1927,7 +1927,7 @@ diff -up openssl-1.1.1g/crypto/s390x_arch.h.s390x-ecc openssl-1.1.1g/crypto/s390
|
|||
+ unsigned long long kdsa[2];
|
||||
};
|
||||
|
||||
extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
|
||||
#if defined(__GNUC__) && defined(__linux)
|
||||
@@ -66,11 +74,14 @@ extern struct OPENSSL_s390xcap_st OPENSS
|
||||
# define S390X_KMF 0x90
|
||||
# define S390X_PRNO 0xa0
|
||||
|
|
|
|||
|
|
@ -238,7 +238,7 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
|
|||
}
|
||||
|
||||
/*
|
||||
@@ -1592,14 +1648,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
@@ -1592,10 +1648,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
* if we cannot get one.
|
||||
*/
|
||||
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
|
||||
|
|
@ -254,11 +254,6 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
|
|||
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
|
||||
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
|
||||
if (!sk_SSL_CIPHER_push(cipherstack,
|
||||
sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
|
||||
+ OPENSSL_free(co_list);
|
||||
sk_SSL_CIPHER_free(cipherstack);
|
||||
return NULL;
|
||||
}
|
||||
@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
*cipher_list = cipherstack;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
diff -up openssl-1.1.1g/include/openssl/opensslv.h.version-override openssl-1.1.1g/include/openssl/opensslv.h
|
||||
--- openssl-1.1.1g/include/openssl/opensslv.h.version-override 2020-04-23 13:29:37.802673513 +0200
|
||||
+++ openssl-1.1.1g/include/openssl/opensslv.h 2020-04-23 13:30:13.064008458 +0200
|
||||
diff -up openssl-1.1.1q/include/openssl/opensslv.h.version-override openssl-1.1.1q/include/openssl/opensslv.h
|
||||
--- openssl-1.1.1q/include/openssl/opensslv.h.version-override 2022-07-07 13:14:40.123541142 +0200
|
||||
+++ openssl-1.1.1q/include/openssl/opensslv.h 2022-07-07 13:15:20.777288763 +0200
|
||||
@@ -40,7 +40,7 @@ extern "C" {
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x1010108fL
|
||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1h 22 Sep 2020"
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1h FIPS 22 Sep 2020"
|
||||
# define OPENSSL_VERSION_NUMBER 0x1010111fL
|
||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1q 5 Jul 2022"
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1q FIPS 5 Jul 2022"
|
||||
|
||||
/*-
|
||||
* The macros below are to be used for shared library (.so, .dll, ...)
|
||||
|
|
|
|||
57
openssl.spec
57
openssl.spec
|
|
@ -21,7 +21,7 @@
|
|||
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.1.1h
|
||||
Version: 1.1.1q
|
||||
Release: 1%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
|
|
@ -42,8 +42,7 @@ Patch1: openssl-1.1.1-build.patch
|
|||
Patch2: openssl-1.1.1-defaults.patch
|
||||
Patch3: openssl-1.1.1-no-html.patch
|
||||
Patch4: openssl-1.1.1-man-rename.patch
|
||||
# Bug fixes
|
||||
Patch21: openssl-1.1.0-issuer-hash.patch
|
||||
|
||||
# Functionality changes
|
||||
Patch31: openssl-1.1.1-conf-paths.patch
|
||||
Patch32: openssl-1.1.1-version-add-engines.patch
|
||||
|
|
@ -78,6 +77,7 @@ Patch56: openssl-1.1.1-s390x-ecc.patch
|
|||
|
||||
License: OpenSSL and ASL 2.0
|
||||
URL: http://www.openssl.org/
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
BuildRequires: coreutils, perl-interpreter, sed, zlib-devel, /usr/bin/cmp
|
||||
BuildRequires: lksctp-tools-devel
|
||||
|
|
@ -90,6 +90,9 @@ BuildRequires: perl(Time::HiRes)
|
|||
BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy)
|
||||
Requires: coreutils
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Provides: openssl1.1 = %{epoch}:%{version}-%{release}
|
||||
Provides: openssl1.1%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Obsoletes: openssl1.1 < 1.1.1l-2
|
||||
|
||||
%description
|
||||
The OpenSSL toolkit provides support for secure communications between
|
||||
|
|
@ -103,6 +106,8 @@ Requires: ca-certificates >= 2008-5
|
|||
Requires: crypto-policies >= 20180730
|
||||
Recommends: openssl-pkcs11%{?_isa}
|
||||
Provides: openssl-fips = %{epoch}:%{version}-%{release}
|
||||
Provides: openssl1.1-libs = %{epoch}:%{version}-%{release}
|
||||
Provides: openssl1.1-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description libs
|
||||
OpenSSL is a toolkit for supporting cryptography. The openssl-libs
|
||||
|
|
@ -113,6 +118,9 @@ support cryptographic algorithms and protocols.
|
|||
Summary: Files for development of applications which will use OpenSSL
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: pkgconfig
|
||||
Provides: openssl1.1-devel = %{epoch}:%{version}-%{release}
|
||||
Provides: openssl1.1-devel%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Obsoletes: openssl1.1-devel < 1.1.1l-2
|
||||
|
||||
%description devel
|
||||
OpenSSL is a toolkit for supporting cryptography. The openssl-devel
|
||||
|
|
@ -154,8 +162,6 @@ cp %{SOURCE13} test/
|
|||
%patch3 -p1 -b .no-html %{?_rawbuild}
|
||||
%patch4 -p1 -b .man-rename
|
||||
|
||||
%patch21 -p1 -b .issuer-hash
|
||||
|
||||
%patch31 -p1 -b .conf-paths
|
||||
%patch32 -p1 -b .version-add-engines
|
||||
%patch33 -p1 -b .dgst
|
||||
|
|
@ -473,6 +479,47 @@ export LD_LIBRARY_PATH
|
|||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Thu Jul 07 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1q-1
|
||||
- Upgrade to 1.1.1q
|
||||
Resolves: CVE-2022-2097
|
||||
|
||||
* Thu Jun 30 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1p-1
|
||||
- Upgrade to 1.1.1p
|
||||
Resolves: CVE-2022-2068
|
||||
Related: rhbz#2099975
|
||||
|
||||
* Mon Jun 13 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1o-1
|
||||
- Upgrade to 1.1.1o
|
||||
Resolves: CVE-2022-1292
|
||||
Related: rhbz#2095817
|
||||
|
||||
* Fri Mar 18 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1n-1
|
||||
- Upgrade to version 1.1.1n
|
||||
|
||||
* Wed Sep 15 2021 Miro Hrončok <mhroncok@redhat.com> - 1:1.1.1l-2
|
||||
- Provide and obsolete openssl1.1 to allow using openssl1.1-devel on Fedora < 36
|
||||
|
||||
* Wed Aug 25 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1l-1
|
||||
- Upgrade to version 1.1.1.l
|
||||
|
||||
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.1k-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Fri Mar 26 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-1
|
||||
- Upgrade to version 1.1.1.k
|
||||
|
||||
* Tue Feb 23 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1j-1
|
||||
- Upgrade to version 1.1.1.j
|
||||
|
||||
* Wed Feb 10 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1i-3
|
||||
- Fix regression in X509_verify_cert() (bz1916594)
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.1i-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Wed Dec 9 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1i-1
|
||||
- Update to the 1.1.1i release fixing CVE-2020-1971
|
||||
|
||||
* Mon Nov 9 2020 Sahana Prasad <sahana@redhat.com> - 1.1.1h-1
|
||||
- Upgrade to version 1.1.1.h
|
||||
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1 +1 @@
|
|||
SHA512 (openssl-1.1.1h-hobbled.tar.xz) = 75e1d3f34f93462b97db92aa6538fd4f2f091ad717438e51d147508738be720d7d0bf4a9b1fda3a1943a4c13aae2a39da3add05f7da833b3c6de40a97bc97908
|
||||
SHA512 (openssl-1.1.1q-hobbled.tar.xz) = 990ece28fdf0a03768983a990d89302bd03758c08b4d2b25cff652c37ecc4e1c2bda9e6e0afca527ab87fb8ee594639e14ab96b5c890ef2ea6c5fadcd894b624
|
||||
|
|
|
|||
Loading…
Reference in New Issue