From 4084b84740ebfb83faed6373116655b3ce93b86b Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Nov 28 2022 15:02:01 +0000 Subject: Update to 3.0.7 --- diff --git a/.gitignore b/.gitignore index d9c2c56..ff70f74 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-3.0.2-hobbled.tar.gz /openssl-3.0.3-hobbled.tar.gz /openssl-3.0.5-hobbled.tar.xz +/openssl-3.0.7-hobbled.tar.xz diff --git a/0001-Aarch64-and-ppc64le-use-lib64.patch b/0001-Aarch64-and-ppc64le-use-lib64.patch index 1afde99..706604f 100644 --- a/0001-Aarch64-and-ppc64le-use-lib64.patch +++ b/0001-Aarch64-and-ppc64le-use-lib64.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.5/Configurations/10-main.conf openssl-3.0.5-new/Configurations/10-main.conf ---- openssl-3.0.5/Configurations/10-main.conf 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/Configurations/10-main.conf 2022-07-08 10:09:52.290097943 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/Configurations/10-main.conf openssl-3.0.7-hobbled-new/Configurations/10-main.conf +--- openssl-3.0.7-hobbled/Configurations/10-main.conf 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/Configurations/10-main.conf 2022-11-28 16:00:16.782820256 +0100 @@ -730,6 +730,7 @@ my %targets = ( lib_cppflags => add("-DL_ENDIAN"), asm_arch => 'ppc64', diff --git a/0002-Use-more-general-default-values-in-openssl.cnf.patch b/0002-Use-more-general-default-values-in-openssl.cnf.patch index 9136e82..f164627 100644 --- a/0002-Use-more-general-default-values-in-openssl.cnf.patch +++ b/0002-Use-more-general-default-values-in-openssl.cnf.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.5/apps/openssl.cnf openssl-3.0.5-new/apps/openssl.cnf ---- openssl-3.0.5/apps/openssl.cnf 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/apps/openssl.cnf 2022-07-08 10:09:52.488097947 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/openssl.cnf openssl-3.0.7-hobbled-new/apps/openssl.cnf +--- openssl-3.0.7-hobbled/apps/openssl.cnf 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/apps/openssl.cnf 2022-11-28 16:00:17.034822079 +0100 @@ -111,7 +111,7 @@ cert_opt = ca_default # Certificate fi default_days = 365 # how long to certify for diff --git a/0003-Do-not-install-html-docs.patch b/0003-Do-not-install-html-docs.patch index 134f152..e3bb029 100644 --- a/0003-Do-not-install-html-docs.patch +++ b/0003-Do-not-install-html-docs.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.5/Configurations/unix-Makefile.tmpl openssl-3.0.5-new/Configurations/unix-Makefile.tmpl ---- openssl-3.0.5/Configurations/unix-Makefile.tmpl 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/Configurations/unix-Makefile.tmpl 2022-07-08 10:09:52.683097951 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/Configurations/unix-Makefile.tmpl openssl-3.0.7-hobbled-new/Configurations/unix-Makefile.tmpl +--- openssl-3.0.7-hobbled/Configurations/unix-Makefile.tmpl 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/Configurations/unix-Makefile.tmpl 2022-11-28 16:00:17.274823815 +0100 @@ -611,7 +611,7 @@ install_sw: install_dev install_engines uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev diff --git a/0004-Override-default-paths-for-the-CA-directory-tree.patch b/0004-Override-default-paths-for-the-CA-directory-tree.patch index e43cb74..6df2d06 100644 --- a/0004-Override-default-paths-for-the-CA-directory-tree.patch +++ b/0004-Override-default-paths-for-the-CA-directory-tree.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.5/apps/CA.pl.in openssl-3.0.5-new/apps/CA.pl.in ---- openssl-3.0.5/apps/CA.pl.in 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/apps/CA.pl.in 2022-07-08 10:09:52.871097956 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/CA.pl.in openssl-3.0.7-hobbled-new/apps/CA.pl.in +--- openssl-3.0.7-hobbled/apps/CA.pl.in 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/apps/CA.pl.in 2022-11-28 16:00:17.505825485 +0100 @@ -29,7 +29,7 @@ my $X509 = "$openssl x509"; my $PKCS12 = "$openssl pkcs12"; @@ -10,9 +10,9 @@ diff -rupN --no-dereference openssl-3.0.5/apps/CA.pl.in openssl-3.0.5-new/apps/C my $CAKEY = "cakey.pem"; my $CAREQ = "careq.pem"; my $CACERT = "cacert.pem"; -diff -rupN --no-dereference openssl-3.0.5/apps/openssl.cnf openssl-3.0.5-new/apps/openssl.cnf ---- openssl-3.0.5/apps/openssl.cnf 2022-07-08 10:09:52.679097951 +0200 -+++ openssl-3.0.5-new/apps/openssl.cnf 2022-07-08 10:09:52.871097956 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/openssl.cnf openssl-3.0.7-hobbled-new/apps/openssl.cnf +--- openssl-3.0.7-hobbled/apps/openssl.cnf 2022-11-28 16:00:17.270823786 +0100 ++++ openssl-3.0.7-hobbled-new/apps/openssl.cnf 2022-11-28 16:00:17.505825485 +0100 @@ -52,6 +52,8 @@ tsa_policy3 = 1.2.3.4.5.7 [openssl_init] diff --git a/0005-apps-ca-fix-md-option-help-text.patch b/0005-apps-ca-fix-md-option-help-text.patch index 36586f1..a37c117 100644 --- a/0005-apps-ca-fix-md-option-help-text.patch +++ b/0005-apps-ca-fix-md-option-help-text.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.5/apps/ca.c openssl-3.0.5-new/apps/ca.c ---- openssl-3.0.5/apps/ca.c 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/apps/ca.c 2022-07-08 10:09:53.057097960 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/ca.c openssl-3.0.7-hobbled-new/apps/ca.c +--- openssl-3.0.7-hobbled/apps/ca.c 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/apps/ca.c 2022-11-28 16:00:17.738827171 +0100 @@ -210,7 +210,7 @@ const OPTIONS ca_options[] = { {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"}, diff --git a/0006-Disable-signature-verification-with-totally-unsafe-h.patch b/0006-Disable-signature-verification-with-totally-unsafe-h.patch index cdea72e..05b0703 100644 --- a/0006-Disable-signature-verification-with-totally-unsafe-h.patch +++ b/0006-Disable-signature-verification-with-totally-unsafe-h.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.5/crypto/asn1/a_verify.c openssl-3.0.5-new/crypto/asn1/a_verify.c ---- openssl-3.0.5/crypto/asn1/a_verify.c 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/crypto/asn1/a_verify.c 2022-07-08 10:09:53.250097964 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/crypto/asn1/a_verify.c openssl-3.0.7-hobbled-new/crypto/asn1/a_verify.c +--- openssl-3.0.7-hobbled/crypto/asn1/a_verify.c 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/crypto/asn1/a_verify.c 2022-11-28 16:00:17.971828856 +0100 @@ -153,6 +153,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); if (ret <= 1) diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch index 8ba6e2e..c872a27 100644 --- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.5/Configurations/unix-Makefile.tmpl openssl-3.0.5-new/Configurations/unix-Makefile.tmpl ---- openssl-3.0.5/Configurations/unix-Makefile.tmpl 2022-07-08 10:09:52.868097956 +0200 -+++ openssl-3.0.5-new/Configurations/unix-Makefile.tmpl 2022-07-08 10:09:53.438097968 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/Configurations/unix-Makefile.tmpl openssl-3.0.7-hobbled-new/Configurations/unix-Makefile.tmpl +--- openssl-3.0.7-hobbled/Configurations/unix-Makefile.tmpl 2022-11-28 16:00:17.501825456 +0100 ++++ openssl-3.0.7-hobbled-new/Configurations/unix-Makefile.tmpl 2022-11-28 16:00:18.203830534 +0100 @@ -315,6 +315,10 @@ MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) HTMLDIR=$(DOCDIR)/html @@ -20,10 +20,10 @@ diff -rupN --no-dereference openssl-3.0.5/Configurations/unix-Makefile.tmpl open (map { "-I".$_} @{$config{CPPINCLUDES}}), @{$config{CPPFLAGS}}) -} CFLAGS={- join(' ', @{$config{CFLAGS}}) -} -diff -rupN --no-dereference openssl-3.0.5/Configure openssl-3.0.5-new/Configure ---- openssl-3.0.5/Configure 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/Configure 2022-07-08 10:09:53.439097968 +0200 -@@ -28,7 +28,7 @@ use OpenSSL::config; +diff -rupN --no-dereference openssl-3.0.7-hobbled/Configure openssl-3.0.7-hobbled-new/Configure +--- openssl-3.0.7-hobbled/Configure 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/Configure 2022-11-28 16:00:18.204830541 +0100 +@@ -27,7 +27,7 @@ use OpenSSL::config; my $orig_death_handler = $SIG{__DIE__}; $SIG{__DIE__} = \&death_handler; @@ -32,7 +32,7 @@ diff -rupN --no-dereference openssl-3.0.5/Configure openssl-3.0.5-new/Configure my $banner = <<"EOF"; -@@ -62,6 +62,10 @@ EOF +@@ -61,6 +61,10 @@ EOF # given with --prefix. # This becomes the value of OPENSSLDIR in Makefile and in C. # (Default: PREFIX/ssl) @@ -43,7 +43,7 @@ diff -rupN --no-dereference openssl-3.0.5/Configure openssl-3.0.5-new/Configure # --banner=".." Output specified text instead of default completion banner # # -w Don't wait after showing a Configure warning -@@ -388,6 +392,7 @@ $config{prefix}=""; +@@ -387,6 +391,7 @@ $config{prefix}=""; $config{openssldir}=""; $config{processor}=""; $config{libdir}=""; @@ -51,7 +51,7 @@ diff -rupN --no-dereference openssl-3.0.5/Configure openssl-3.0.5-new/Configure my $auto_threads=1; # enable threads automatically? true by default my $default_ranlib; -@@ -990,6 +995,10 @@ while (@argvcopy) +@@ -989,6 +994,10 @@ while (@argvcopy) die "FIPS key too long (64 bytes max)\n" if length $1 > 64; } @@ -62,9 +62,9 @@ diff -rupN --no-dereference openssl-3.0.5/Configure openssl-3.0.5-new/Configure elsif (/^--banner=(.*)$/) { $banner = $1 . "\n"; -diff -rupN --no-dereference openssl-3.0.5/doc/man1/openssl-ciphers.pod.in openssl-3.0.5-new/doc/man1/openssl-ciphers.pod.in ---- openssl-3.0.5/doc/man1/openssl-ciphers.pod.in 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/doc/man1/openssl-ciphers.pod.in 2022-07-08 10:09:53.439097968 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/doc/man1/openssl-ciphers.pod.in openssl-3.0.7-hobbled-new/doc/man1/openssl-ciphers.pod.in +--- openssl-3.0.7-hobbled/doc/man1/openssl-ciphers.pod.in 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/doc/man1/openssl-ciphers.pod.in 2022-11-28 16:00:18.204830541 +0100 @@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B cipher s The cipher suites not enabled by B, currently B. @@ -81,9 +81,9 @@ diff -rupN --no-dereference openssl-3.0.5/doc/man1/openssl-ciphers.pod.in openss =item B "High" encryption cipher suites. This currently means those with key lengths -diff -rupN --no-dereference openssl-3.0.5/include/openssl/ssl.h.in openssl-3.0.5-new/include/openssl/ssl.h.in ---- openssl-3.0.5/include/openssl/ssl.h.in 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/include/openssl/ssl.h.in 2022-07-08 10:09:53.439097968 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/include/openssl/ssl.h.in openssl-3.0.7-hobbled-new/include/openssl/ssl.h.in +--- openssl-3.0.7-hobbled/include/openssl/ssl.h.in 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/include/openssl/ssl.h.in 2022-11-28 16:00:18.205830548 +0100 @@ -205,6 +205,11 @@ extern "C" { * throwing out anonymous and unencrypted ciphersuites! (The latter are not * actually enabled by ALL, but "ALL:RSA" would enable some of them.) @@ -96,10 +96,10 @@ diff -rupN --no-dereference openssl-3.0.5/include/openssl/ssl.h.in openssl-3.0.5 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 -diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/ssl_ciph.c ---- openssl-3.0.5/ssl/ssl_ciph.c 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/ssl/ssl_ciph.c 2022-07-08 10:09:53.440097968 +0200 -@@ -1436,6 +1436,53 @@ int SSL_set_ciphersuites(SSL *s, const c +diff -rupN --no-dereference openssl-3.0.7-hobbled/ssl/ssl_ciph.c openssl-3.0.7-hobbled-new/ssl/ssl_ciph.c +--- openssl-3.0.7-hobbled/ssl/ssl_ciph.c 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/ssl/ssl_ciph.c 2022-11-28 16:00:18.206830555 +0100 +@@ -1438,6 +1438,53 @@ int SSL_set_ciphersuites(SSL *s, const c return ret; } @@ -153,7 +153,7 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/s STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) **cipher_list, -@@ -1450,15 +1497,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1452,15 +1499,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; const SSL_CIPHER **ca_list = NULL; const SSL_METHOD *ssl_method = ctx->method; @@ -181,7 +181,7 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/s /* * To reduce the work to do we only want to process the compiled -@@ -1480,7 +1537,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1482,7 +1539,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); if (co_list == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); @@ -190,7 +190,7 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/s } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, -@@ -1546,8 +1603,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1548,8 +1605,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ * in force within each class */ if (!ssl_cipher_strength_sort(&head, &tail)) { @@ -200,7 +200,7 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/s } /* -@@ -1591,9 +1647,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1593,9 +1649,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); if (ca_list == NULL) { @@ -211,7 +211,7 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/s } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mkey, disabled_auth, disabled_enc, -@@ -1619,8 +1674,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1621,8 +1676,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ OPENSSL_free(ca_list); /* Not needed anymore */ if (!ok) { /* Rule processing failure */ @@ -221,7 +221,7 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/s } /* -@@ -1628,10 +1682,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1630,10 +1684,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ * if we cannot get one. */ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { @@ -237,7 +237,7 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/s /* Add TLSv1.3 ciphers first - we always prefer those if possible */ for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); -@@ -1683,6 +1740,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1685,6 +1742,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ *cipher_list = cipherstack; return cipherstack; @@ -252,9 +252,9 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/s } char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) -diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_lib.c openssl-3.0.5-new/ssl/ssl_lib.c ---- openssl-3.0.5/ssl/ssl_lib.c 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/ssl/ssl_lib.c 2022-07-08 10:09:53.441097968 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/ssl/ssl_lib.c openssl-3.0.7-hobbled-new/ssl/ssl_lib.c +--- openssl-3.0.7-hobbled/ssl/ssl_lib.c 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/ssl/ssl_lib.c 2022-11-28 16:00:18.206830555 +0100 @@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx ctx->tls13_ciphersuites, &(ctx->cipher_list), @@ -264,7 +264,7 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_lib.c openssl-3.0.5-new/ssl/ss if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return 0; -@@ -3271,7 +3271,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *li +@@ -3285,7 +3285,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *li if (!ssl_create_cipher_list(ret, ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, @@ -273,9 +273,9 @@ diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_lib.c openssl-3.0.5-new/ssl/ss || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; -diff -rupN --no-dereference openssl-3.0.5/test/cipherlist_test.c openssl-3.0.5-new/test/cipherlist_test.c ---- openssl-3.0.5/test/cipherlist_test.c 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/test/cipherlist_test.c 2022-07-08 10:09:53.441097968 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/cipherlist_test.c openssl-3.0.7-hobbled-new/test/cipherlist_test.c +--- openssl-3.0.7-hobbled/test/cipherlist_test.c 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/test/cipherlist_test.c 2022-11-28 16:00:18.207830563 +0100 @@ -246,7 +246,9 @@ end: int setup_tests(void) @@ -286,9 +286,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/cipherlist_test.c openssl-3.0.5-n ADD_TEST(test_default_cipherlist_explicit); ADD_TEST(test_default_cipherlist_clear); return 1; -diff -rupN --no-dereference openssl-3.0.5/util/libcrypto.num openssl-3.0.5-new/util/libcrypto.num ---- openssl-3.0.5/util/libcrypto.num 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/util/libcrypto.num 2022-07-08 10:09:53.442097968 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/util/libcrypto.num openssl-3.0.7-hobbled-new/util/libcrypto.num +--- openssl-3.0.7-hobbled/util/libcrypto.num 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/util/libcrypto.num 2022-11-28 16:00:18.208830570 +0100 @@ -5427,3 +5427,4 @@ EVP_PKEY_get0_provider EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: diff --git a/0008-Add-FIPS_mode-compatibility-macro.patch b/0008-Add-FIPS_mode-compatibility-macro.patch index ea82120..43fdf6e 100644 --- a/0008-Add-FIPS_mode-compatibility-macro.patch +++ b/0008-Add-FIPS_mode-compatibility-macro.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.5/include/openssl/crypto.h.in openssl-3.0.5-new/include/openssl/crypto.h.in ---- openssl-3.0.5/include/openssl/crypto.h.in 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/include/openssl/crypto.h.in 2022-07-08 10:09:53.638097973 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/include/openssl/crypto.h.in openssl-3.0.7-hobbled-new/include/openssl/crypto.h.in +--- openssl-3.0.7-hobbled/include/openssl/crypto.h.in 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/include/openssl/crypto.h.in 2022-11-28 16:00:18.471832472 +0100 @@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack # include # include @@ -9,9 +9,9 @@ diff -rupN --no-dereference openssl-3.0.5/include/openssl/crypto.h.in openssl-3. # ifdef CHARSET_EBCDIC # include -diff -rupN --no-dereference openssl-3.0.5/include/openssl/fips.h openssl-3.0.5-new/include/openssl/fips.h ---- openssl-3.0.5/include/openssl/fips.h 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-3.0.5-new/include/openssl/fips.h 2022-07-08 10:09:53.638097973 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/include/openssl/fips.h openssl-3.0.7-hobbled-new/include/openssl/fips.h +--- openssl-3.0.7-hobbled/include/openssl/fips.h 1970-01-01 01:00:00.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/include/openssl/fips.h 2022-11-28 16:00:18.472832479 +0100 @@ -0,0 +1,25 @@ +/* + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. @@ -38,9 +38,9 @@ diff -rupN --no-dereference openssl-3.0.5/include/openssl/fips.h openssl-3.0.5-n +} +# endif +#endif -diff -rupN --no-dereference openssl-3.0.5/test/property_test.c openssl-3.0.5-new/test/property_test.c ---- openssl-3.0.5/test/property_test.c 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/test/property_test.c 2022-07-08 10:09:53.638097973 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/property_test.c openssl-3.0.7-hobbled-new/test/property_test.c +--- openssl-3.0.7-hobbled/test/property_test.c 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/test/property_test.c 2022-11-28 16:00:18.472832479 +0100 @@ -624,6 +624,18 @@ static int test_property_list_to_string( return ret; } diff --git a/0011-Remove-EC-curves.patch b/0011-Remove-EC-curves.patch index f35da1b..fa3ad50 100644 --- a/0011-Remove-EC-curves.patch +++ b/0011-Remove-EC-curves.patch @@ -1,7 +1,7 @@ -diff -rupN --no-dereference openssl-3.0.5/apps/speed.c openssl-3.0.5-new/apps/speed.c ---- openssl-3.0.5/apps/speed.c 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/apps/speed.c 2022-07-08 10:09:53.832097977 +0200 -@@ -365,68 +365,23 @@ static double ffdh_results[FFDH_NUM][1]; +diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/speed.c openssl-3.0.7-hobbled-new/apps/speed.c +--- openssl-3.0.7-hobbled/apps/speed.c 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/apps/speed.c 2022-11-28 16:00:18.706834172 +0100 +@@ -366,68 +366,23 @@ static double ffdh_results[FFDH_NUM][1]; #endif /* OPENSSL_NO_DH */ enum ec_curves_t { @@ -72,7 +72,7 @@ diff -rupN --no-dereference openssl-3.0.5/apps/speed.c openssl-3.0.5-new/apps/sp {"ecdhx25519", R_EC_X25519}, {"ecdhx448", R_EC_X448} }; -@@ -1418,31 +1373,10 @@ int speed_main(int argc, char **argv) +@@ -1422,31 +1377,10 @@ int speed_main(int argc, char **argv) */ static const EC_CURVE ec_curves[EC_NUM] = { /* Prime Curves */ @@ -104,7 +104,7 @@ diff -rupN --no-dereference openssl-3.0.5/apps/speed.c openssl-3.0.5-new/apps/sp /* Other and ECDH only ones */ {"X25519", NID_X25519, 253}, {"X448", NID_X448, 448} -@@ -1470,8 +1404,8 @@ int speed_main(int argc, char **argv) +@@ -1474,8 +1408,8 @@ int speed_main(int argc, char **argv) OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448); OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0); @@ -115,9 +115,9 @@ diff -rupN --no-dereference openssl-3.0.5/apps/speed.c openssl-3.0.5-new/apps/sp #ifndef OPENSSL_NO_SM2 OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2); -diff -rupN --no-dereference openssl-3.0.5/crypto/evp/ec_support.c openssl-3.0.5-new/crypto/evp/ec_support.c ---- openssl-3.0.5/crypto/evp/ec_support.c 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/crypto/evp/ec_support.c 2022-07-08 10:09:53.832097977 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/crypto/evp/ec_support.c openssl-3.0.7-hobbled-new/crypto/evp/ec_support.c +--- openssl-3.0.7-hobbled/crypto/evp/ec_support.c 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/crypto/evp/ec_support.c 2022-11-28 16:00:18.707834179 +0100 @@ -20,99 +20,12 @@ typedef struct ec_name2nid_st { static const EC_NAME2NID curve_list[] = { /* prime field curves */ @@ -218,9 +218,9 @@ diff -rupN --no-dereference openssl-3.0.5/crypto/evp/ec_support.c openssl-3.0.5- }; const char *OSSL_EC_curve_nid2name(int nid) -diff -rupN --no-dereference openssl-3.0.5/test/acvp_test.inc openssl-3.0.5-new/test/acvp_test.inc ---- openssl-3.0.5/test/acvp_test.inc 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/test/acvp_test.inc 2022-07-08 10:09:53.832097977 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/acvp_test.inc openssl-3.0.7-hobbled-new/test/acvp_test.inc +--- openssl-3.0.7-hobbled/test/acvp_test.inc 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/test/acvp_test.inc 2022-11-28 16:00:18.707834179 +0100 @@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_ }; static const struct ecdsa_sigver_st ecdsa_sigver_data[] = { @@ -237,9 +237,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/acvp_test.inc openssl-3.0.5-new/t "SHA2-512", "P-521", ITM(ecdsa_sigver_msg1), -diff -rupN --no-dereference openssl-3.0.5/test/ecdsatest.h openssl-3.0.5-new/test/ecdsatest.h ---- openssl-3.0.5/test/ecdsatest.h 2022-07-05 13:32:40.000000000 +0200 -+++ openssl-3.0.5-new/test/ecdsatest.h 2022-07-08 10:09:53.833097977 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/ecdsatest.h openssl-3.0.7-hobbled-new/test/ecdsatest.h +--- openssl-3.0.7-hobbled/test/ecdsatest.h 2022-11-28 15:56:54.042363693 +0100 ++++ openssl-3.0.7-hobbled-new/test/ecdsatest.h 2022-11-28 16:00:18.708834186 +0100 @@ -32,23 +32,6 @@ typedef struct { } ecdsa_cavs_kat_t; @@ -264,10 +264,10 @@ diff -rupN --no-dereference openssl-3.0.5/test/ecdsatest.h openssl-3.0.5-new/tes /* prime KATs from NIST CAVP */ {NID_secp224r1, NID_sha224, "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" -diff -rupN --no-dereference openssl-3.0.5/test/evp_extra_test.c openssl-3.0.5-new/test/evp_extra_test.c ---- openssl-3.0.5/test/evp_extra_test.c 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/test/evp_extra_test.c 2022-07-08 10:09:53.834097977 +0200 -@@ -3306,13 +3306,12 @@ err: +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/evp_extra_test.c openssl-3.0.7-hobbled-new/test/evp_extra_test.c +--- openssl-3.0.7-hobbled/test/evp_extra_test.c 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/test/evp_extra_test.c 2022-11-28 16:00:18.709834194 +0100 +@@ -3373,13 +3373,12 @@ err: #ifndef OPENSSL_NO_EC static int ecpub_nids[] = { @@ -282,9 +282,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/evp_extra_test.c openssl-3.0.5-ne }; static int test_ecpub(int idx) -diff -rupN --no-dereference openssl-3.0.5/test/recipes/06-test_algorithmid.t openssl-3.0.5-new/test/recipes/06-test_algorithmid.t ---- openssl-3.0.5/test/recipes/06-test_algorithmid.t 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/test/recipes/06-test_algorithmid.t 2022-07-08 10:09:53.834097977 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/06-test_algorithmid.t openssl-3.0.7-hobbled-new/test/recipes/06-test_algorithmid.t +--- openssl-3.0.7-hobbled/test/recipes/06-test_algorithmid.t 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/test/recipes/06-test_algorithmid.t 2022-11-28 16:00:18.709834194 +0100 @@ -33,7 +33,7 @@ my %certs_info = 'ee-cert-ec-named-explicit' => 'ca-cert-ec-explicit', 'ee-cert-ec-named-named' => 'ca-cert-ec-named', @@ -294,9 +294,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/06-test_algorithmid.t ope ) ) ); -diff -rupN --no-dereference openssl-3.0.5/test/recipes/15-test_genec.t openssl-3.0.5-new/test/recipes/15-test_genec.t ---- openssl-3.0.5/test/recipes/15-test_genec.t 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/test/recipes/15-test_genec.t 2022-07-08 10:09:53.834097977 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/15-test_genec.t openssl-3.0.7-hobbled-new/test/recipes/15-test_genec.t +--- openssl-3.0.7-hobbled/test/recipes/15-test_genec.t 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/test/recipes/15-test_genec.t 2022-11-28 16:00:18.709834194 +0100 @@ -41,45 +41,11 @@ plan skip_all => "This test is unsupport if disabled("ec"); @@ -351,9 +351,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/15-test_genec.t openssl-3 P-224 P-256 P-384 -diff -rupN --no-dereference openssl-3.0.5/test/recipes/20-test_cli_fips.t openssl-3.0.5-new/test/recipes/20-test_cli_fips.t ---- openssl-3.0.5/test/recipes/20-test_cli_fips.t 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/test/recipes/20-test_cli_fips.t 2022-07-08 10:09:53.834097977 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/20-test_cli_fips.t openssl-3.0.7-hobbled-new/test/recipes/20-test_cli_fips.t +--- openssl-3.0.7-hobbled/test/recipes/20-test_cli_fips.t 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/test/recipes/20-test_cli_fips.t 2022-11-28 16:00:18.709834194 +0100 @@ -26,7 +26,7 @@ use platform; my $no_check = disabled("fips") || disabled('fips-securitychecks'); plan skip_all => "Test only supported in a fips build with security checks" @@ -363,7 +363,7 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/20-test_cli_fips.t openss my $fipsmodule = bldtop_file('providers', platform->dso('fips')); my $fipsconf = srctop_file("test", "fips-and-base.cnf"); -@@ -158,60 +158,6 @@ sub tsignverify { +@@ -170,60 +170,6 @@ sub tsignverify { $testtext); } @@ -424,9 +424,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/20-test_cli_fips.t openss SKIP: { skip "FIPS RSA tests because of no rsa in this build", 1 if disabled("rsa"); -diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_ecc.txt openssl-3.0.5-new/test/recipes/30-test_evp_data/evppkey_ecc.txt ---- openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_ecc.txt 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/test/recipes/30-test_evp_data/evppkey_ecc.txt 2022-07-08 10:09:53.836097977 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evppkey_ecc.txt openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evppkey_ecc.txt +--- openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evppkey_ecc.txt 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evppkey_ecc.txt 2022-11-28 16:00:18.711834208 +0100 @@ -1,3 +1,4 @@ + # @@ -4731,9 +4731,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_ -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity -diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_mismatch.txt openssl-3.0.5-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt ---- openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_mismatch.txt 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt 2022-07-08 10:09:53.836097977 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evppkey_mismatch.txt openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt +--- openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evppkey_mismatch.txt 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt 2022-11-28 16:00:18.711834208 +0100 @@ -31,12 +31,6 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUP x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ== -----END PUBLIC KEY----- @@ -4757,10 +4757,10 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_ - -PrivPubKeyPair = Alice-25519:KAS-ECC-CDH_K-163_C0-PUBLIC -Result = KEYPAIR_TYPE_MISMATCH -diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp.t openssl-3.0.5-new/test/recipes/30-test_evp.t ---- openssl-3.0.5/test/recipes/30-test_evp.t 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/test/recipes/30-test_evp.t 2022-07-08 10:09:53.836097977 +0200 -@@ -116,7 +116,6 @@ my @defltfiles = qw( +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/30-test_evp.t openssl-3.0.7-hobbled-new/test/recipes/30-test_evp.t +--- openssl-3.0.7-hobbled/test/recipes/30-test_evp.t 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/test/recipes/30-test_evp.t 2022-11-28 16:00:18.711834208 +0100 +@@ -117,7 +117,6 @@ my @defltfiles = qw( evppkey_kdf_tls1_prf.txt evppkey_rsa.txt ); @@ -4768,9 +4768,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp.t openssl-3.0 push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; plan tests => -diff -rupN --no-dereference openssl-3.0.5/test/recipes/65-test_cmp_protect.t openssl-3.0.5-new/test/recipes/65-test_cmp_protect.t ---- openssl-3.0.5/test/recipes/65-test_cmp_protect.t 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/test/recipes/65-test_cmp_protect.t 2022-07-08 10:09:53.836097977 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/65-test_cmp_protect.t openssl-3.0.7-hobbled-new/test/recipes/65-test_cmp_protect.t +--- openssl-3.0.7-hobbled/test/recipes/65-test_cmp_protect.t 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/test/recipes/65-test_cmp_protect.t 2022-11-28 16:00:18.711834208 +0100 @@ -7,7 +7,6 @@ # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at @@ -4788,9 +4788,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/65-test_cmp_protect.t ope my @basic_cmd = ("cmp_protect_test", data_file("server.pem"), -diff -rupN --no-dereference openssl-3.0.5/test/recipes/65-test_cmp_vfy.t openssl-3.0.5-new/test/recipes/65-test_cmp_vfy.t ---- openssl-3.0.5/test/recipes/65-test_cmp_vfy.t 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/test/recipes/65-test_cmp_vfy.t 2022-07-08 10:09:53.836097977 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/65-test_cmp_vfy.t openssl-3.0.7-hobbled-new/test/recipes/65-test_cmp_vfy.t +--- openssl-3.0.7-hobbled/test/recipes/65-test_cmp_vfy.t 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/test/recipes/65-test_cmp_vfy.t 2022-11-28 16:00:18.712834215 +0100 @@ -7,7 +7,6 @@ # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at @@ -4808,9 +4808,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/65-test_cmp_vfy.t openssl my @basic_cmd = ("cmp_vfy_test", data_file("server.crt"), data_file("client.crt"), -diff -rupN --no-dereference openssl-3.0.5/test/ssl-tests/20-cert-select.cnf openssl-3.0.5-new/test/ssl-tests/20-cert-select.cnf ---- openssl-3.0.5/test/ssl-tests/20-cert-select.cnf 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/test/ssl-tests/20-cert-select.cnf 2022-07-08 10:09:53.837097977 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/ssl-tests/20-cert-select.cnf openssl-3.0.7-hobbled-new/test/ssl-tests/20-cert-select.cnf +--- openssl-3.0.7-hobbled/test/ssl-tests/20-cert-select.cnf 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/test/ssl-tests/20-cert-select.cnf 2022-11-28 16:00:18.712834215 +0100 @@ -776,14 +776,12 @@ server = 22-ECDSA with brainpool-server client = 22-ECDSA with brainpool-client @@ -4883,9 +4883,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/ssl-tests/20-cert-select.cnf open # =========================================================== -diff -rupN --no-dereference openssl-3.0.5/test/ssl-tests/20-cert-select.cnf.in openssl-3.0.5-new/test/ssl-tests/20-cert-select.cnf.in ---- openssl-3.0.5/test/ssl-tests/20-cert-select.cnf.in 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/test/ssl-tests/20-cert-select.cnf.in 2022-07-08 10:09:53.837097977 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/ssl-tests/20-cert-select.cnf.in openssl-3.0.7-hobbled-new/test/ssl-tests/20-cert-select.cnf.in +--- openssl-3.0.7-hobbled/test/ssl-tests/20-cert-select.cnf.in 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/test/ssl-tests/20-cert-select.cnf.in 2022-11-28 16:00:18.712834215 +0100 @@ -428,21 +428,21 @@ my @tests_non_fips = ( { name => "ECDSA with brainpool", diff --git a/0012-Disable-explicit-ec.patch b/0012-Disable-explicit-ec.patch index d3989d1..636e9ff 100644 --- a/0012-Disable-explicit-ec.patch +++ b/0012-Disable-explicit-ec.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.5/crypto/ec/ec_lib.c openssl-3.0.5-new/crypto/ec/ec_lib.c ---- openssl-3.0.5/crypto/ec/ec_lib.c 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/crypto/ec/ec_lib.c 2022-07-08 10:09:54.040097982 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/crypto/ec/ec_lib.c openssl-3.0.7-hobbled-new/crypto/ec/ec_lib.c +--- openssl-3.0.7-hobbled/crypto/ec/ec_lib.c 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/crypto/ec/ec_lib.c 2022-11-28 16:00:18.970836081 +0100 @@ -1458,7 +1458,7 @@ static EC_GROUP *ec_group_explicit_to_na goto err; } @@ -10,9 +10,9 @@ diff -rupN --no-dereference openssl-3.0.5/crypto/ec/ec_lib.c openssl-3.0.5-new/c } EC_GROUP_free(dup); return ret_group; -diff -rupN --no-dereference openssl-3.0.5/providers/common/securitycheck.c openssl-3.0.5-new/providers/common/securitycheck.c ---- openssl-3.0.5/providers/common/securitycheck.c 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/providers/common/securitycheck.c 2022-07-08 10:09:54.041097982 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/providers/common/securitycheck.c openssl-3.0.7-hobbled-new/providers/common/securitycheck.c +--- openssl-3.0.7-hobbled/providers/common/securitycheck.c 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/providers/common/securitycheck.c 2022-11-28 16:00:18.970836081 +0100 @@ -92,22 +92,22 @@ int ossl_rsa_check_key(OSSL_LIB_CTX *ctx int ossl_ec_check_key(OSSL_LIB_CTX *ctx, const EC_KEY *ec, int protect) { @@ -50,10 +50,10 @@ diff -rupN --no-dereference openssl-3.0.5/providers/common/securitycheck.c opens curve_name = EC_curve_nid2nist(nid); if (curve_name == NULL) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, -diff -rupN --no-dereference openssl-3.0.5/providers/implementations/keymgmt/ec_kmgmt.c openssl-3.0.5-new/providers/implementations/keymgmt/ec_kmgmt.c ---- openssl-3.0.5/providers/implementations/keymgmt/ec_kmgmt.c 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/providers/implementations/keymgmt/ec_kmgmt.c 2022-07-08 10:09:54.041097982 +0200 -@@ -937,11 +937,8 @@ int ec_validate(const void *keydata, int +diff -rupN --no-dereference openssl-3.0.7-hobbled/providers/implementations/keymgmt/ec_kmgmt.c openssl-3.0.7-hobbled-new/providers/implementations/keymgmt/ec_kmgmt.c +--- openssl-3.0.7-hobbled/providers/implementations/keymgmt/ec_kmgmt.c 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/providers/implementations/keymgmt/ec_kmgmt.c 2022-11-28 16:00:18.970836081 +0100 +@@ -944,11 +944,8 @@ int ec_validate(const void *keydata, int if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { int flags = EC_KEY_get_flags(eck); @@ -67,7 +67,7 @@ diff -rupN --no-dereference openssl-3.0.5/providers/implementations/keymgmt/ec_k } if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { -@@ -1218,6 +1215,10 @@ static int ec_gen_assign_group(EC_KEY *e +@@ -1225,6 +1222,10 @@ static int ec_gen_assign_group(EC_KEY *e ERR_raise(ERR_LIB_PROV, PROV_R_NO_PARAMETERS_SET); return 0; } diff --git a/0024-load-legacy-prov.patch b/0024-load-legacy-prov.patch index 62edb32..07ae719 100644 --- a/0024-load-legacy-prov.patch +++ b/0024-load-legacy-prov.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.5/apps/openssl.cnf openssl-3.0.5-new/apps/openssl.cnf ---- openssl-3.0.5/apps/openssl.cnf 2022-07-08 10:09:53.054097960 +0200 -+++ openssl-3.0.5-new/apps/openssl.cnf 2022-07-08 10:09:54.234097986 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/apps/openssl.cnf openssl-3.0.7-hobbled-new/apps/openssl.cnf +--- openssl-3.0.7-hobbled/apps/openssl.cnf 2022-11-28 16:00:17.734827142 +0100 ++++ openssl-3.0.7-hobbled-new/apps/openssl.cnf 2022-11-28 16:00:19.202837759 +0100 @@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 @@ -55,9 +55,9 @@ diff -rupN --no-dereference openssl-3.0.5/apps/openssl.cnf openssl-3.0.5-new/app [ ssl_module ] -diff -rupN --no-dereference openssl-3.0.5/doc/man5/config.pod openssl-3.0.5-new/doc/man5/config.pod ---- openssl-3.0.5/doc/man5/config.pod 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/doc/man5/config.pod 2022-07-08 10:09:54.234097986 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/doc/man5/config.pod openssl-3.0.7-hobbled-new/doc/man5/config.pod +--- openssl-3.0.7-hobbled/doc/man5/config.pod 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/doc/man5/config.pod 2022-11-28 16:00:19.203837767 +0100 @@ -273,6 +273,14 @@ significant. All parameters in the section as well as sub-sections are made available to the provider. diff --git a/0051-Support-different-R_BITS-lengths-for-KBKDF.patch b/0051-Support-different-R_BITS-lengths-for-KBKDF.patch index 12c91ae..c3dc57b 100644 --- a/0051-Support-different-R_BITS-lengths-for-KBKDF.patch +++ b/0051-Support-different-R_BITS-lengths-for-KBKDF.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.5/doc/man7/EVP_KDF-KB.pod openssl-3.0.5-new/doc/man7/EVP_KDF-KB.pod ---- openssl-3.0.5/doc/man7/EVP_KDF-KB.pod 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/doc/man7/EVP_KDF-KB.pod 2022-07-08 10:09:54.423097990 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/doc/man7/EVP_KDF-KB.pod openssl-3.0.7-hobbled-new/doc/man7/EVP_KDF-KB.pod +--- openssl-3.0.7-hobbled/doc/man7/EVP_KDF-KB.pod 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/doc/man7/EVP_KDF-KB.pod 2022-11-28 16:00:19.435839445 +0100 @@ -58,6 +58,13 @@ Set to B<0> to disable use of the option (see SP800-108) that is placed between the Label and Context. The default value of B<1> will be used if unspecified. @@ -15,9 +15,9 @@ diff -rupN --no-dereference openssl-3.0.5/doc/man7/EVP_KDF-KB.pod openssl-3.0.5- =back Depending on whether mac is CMAC or HMAC, either digest or cipher is required -diff -rupN --no-dereference openssl-3.0.5/include/openssl/core_names.h openssl-3.0.5-new/include/openssl/core_names.h ---- openssl-3.0.5/include/openssl/core_names.h 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/include/openssl/core_names.h 2022-07-08 10:09:54.423097990 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/include/openssl/core_names.h openssl-3.0.7-hobbled-new/include/openssl/core_names.h +--- openssl-3.0.7-hobbled/include/openssl/core_names.h 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/include/openssl/core_names.h 2022-11-28 16:00:19.435839445 +0100 @@ -217,6 +217,7 @@ extern "C" { #define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */ #define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */ @@ -26,9 +26,9 @@ diff -rupN --no-dereference openssl-3.0.5/include/openssl/core_names.h openssl-3 #define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info" #define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info" #define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info" -diff -rupN --no-dereference openssl-3.0.5/providers/implementations/kdfs/kbkdf.c openssl-3.0.5-new/providers/implementations/kdfs/kbkdf.c ---- openssl-3.0.5/providers/implementations/kdfs/kbkdf.c 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/providers/implementations/kdfs/kbkdf.c 2022-07-08 10:09:54.424097990 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/providers/implementations/kdfs/kbkdf.c openssl-3.0.7-hobbled-new/providers/implementations/kdfs/kbkdf.c +--- openssl-3.0.7-hobbled/providers/implementations/kdfs/kbkdf.c 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/providers/implementations/kdfs/kbkdf.c 2022-11-28 16:00:19.436839452 +0100 @@ -60,6 +60,7 @@ typedef struct { EVP_MAC_CTX *ctx_init; @@ -122,9 +122,9 @@ diff -rupN --no-dereference openssl-3.0.5/providers/implementations/kdfs/kbkdf.c OSSL_PARAM_END, }; return known_settable_ctx_params; -diff -rupN --no-dereference openssl-3.0.5/test/evp_kdf_test.c openssl-3.0.5-new/test/evp_kdf_test.c ---- openssl-3.0.5/test/evp_kdf_test.c 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/test/evp_kdf_test.c 2022-07-08 10:09:54.424097990 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/evp_kdf_test.c openssl-3.0.7-hobbled-new/test/evp_kdf_test.c +--- openssl-3.0.7-hobbled/test/evp_kdf_test.c 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/test/evp_kdf_test.c 2022-11-28 16:00:19.436839452 +0100 @@ -1068,9 +1068,9 @@ static int test_kdf_kbkdf_6803_256(void) #endif @@ -248,10 +248,10 @@ diff -rupN --no-dereference openssl-3.0.5/test/evp_kdf_test.c openssl-3.0.5-new/ ADD_TEST(test_kdf_kbkdf_zero_output_size); ADD_TEST(test_kdf_kbkdf_empty_key); ADD_TEST(test_kdf_kbkdf_1byte_key); -diff -rupN --no-dereference openssl-3.0.5/test/evp_test.c openssl-3.0.5-new/test/evp_test.c ---- openssl-3.0.5/test/evp_test.c 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/test/evp_test.c 2022-07-08 10:09:54.424097990 +0200 -@@ -2746,6 +2746,12 @@ static int kdf_test_ctrl(EVP_TEST *t, EV +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/evp_test.c openssl-3.0.7-hobbled-new/test/evp_test.c +--- openssl-3.0.7-hobbled/test/evp_test.c 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/test/evp_test.c 2022-11-28 16:00:19.437839459 +0100 +@@ -2761,6 +2761,12 @@ static int kdf_test_ctrl(EVP_TEST *t, EV TEST_info("skipping, '%s' is disabled", p); t->skip = 1; } @@ -264,9 +264,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/evp_test.c openssl-3.0.5-new/test OPENSSL_free(name); return 1; } -diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt openssl-3.0.5-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt ---- openssl-3.0.5/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-3.0.5-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt 2022-07-08 10:09:54.425097990 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt +--- openssl-3.0.7-hobbled/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt 1970-01-01 01:00:00.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt 2022-11-28 16:00:19.437839459 +0100 @@ -0,0 +1,1843 @@ +# +# Copyright 2021-2021 The OpenSSL Project Authors. All Rights Reserved. @@ -2111,9 +2111,9 @@ diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp_data/evpkdf_k +Ctrl.hexinfo = hexinfo:8e9db3335779db688bcfe096668d9c3bc64e193e3529c430e68d09d56c837dd6c0f94678f121a68ee1feea4735da85a49d34a5290aa39f7b40de435f +Output = 6db880daac98b078ee389a2164252ded61322d661e2b49247ea921e544675d8f17af2bf66dd40d81 + -diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp.t openssl-3.0.5-new/test/recipes/30-test_evp.t ---- openssl-3.0.5/test/recipes/30-test_evp.t 2022-07-08 10:09:54.036097982 +0200 -+++ openssl-3.0.5-new/test/recipes/30-test_evp.t 2022-07-08 10:09:54.425097990 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/test/recipes/30-test_evp.t openssl-3.0.7-hobbled-new/test/recipes/30-test_evp.t +--- openssl-3.0.7-hobbled/test/recipes/30-test_evp.t 2022-11-28 16:00:18.964836038 +0100 ++++ openssl-3.0.7-hobbled-new/test/recipes/30-test_evp.t 2022-11-28 16:00:19.438839466 +0100 @@ -45,6 +45,7 @@ my @files = qw( evpciph_aes_stitched.txt evpciph_des3_common.txt diff --git a/mingw-openssl.spec b/mingw-openssl.spec index 459d295..8cf4021 100644 --- a/mingw-openssl.spec +++ b/mingw-openssl.spec @@ -14,8 +14,8 @@ %global run_tests 0 Name: mingw-openssl -Version: 3.0.5 -Release: 2%{?dist} +Version: 3.0.7 +Release: 1%{?dist} Summary: MinGW port of the OpenSSL toolkit License: OpenSSL @@ -376,6 +376,9 @@ mkdir -m700 %{buildroot}%{mingw64_sysconfdir}/pki/CA/private %changelog +* Mon Nov 28 2022 Sandro Mani - 3.0.7-1 +- Update to 3.0.7 + * Thu Jul 21 2022 Fedora Release Engineering - 3.0.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild diff --git a/openssl_compute_moddir.patch b/openssl_compute_moddir.patch index bf6b210..e4dac30 100644 --- a/openssl_compute_moddir.patch +++ b/openssl_compute_moddir.patch @@ -1,7 +1,7 @@ -diff -rupN --no-dereference openssl-3.0.5/Configurations/10-main.conf openssl-3.0.5-new/Configurations/10-main.conf ---- openssl-3.0.5/Configurations/10-main.conf 2022-07-08 10:09:52.485097947 +0200 -+++ openssl-3.0.5-new/Configurations/10-main.conf 2022-07-08 10:09:54.624097995 +0200 -@@ -1487,7 +1487,7 @@ my %targets = ( +diff -rupN --no-dereference openssl-3.0.7-hobbled/Configurations/10-main.conf openssl-3.0.7-hobbled-new/Configurations/10-main.conf +--- openssl-3.0.7-hobbled/Configurations/10-main.conf 2022-11-28 16:00:17.030822050 +0100 ++++ openssl-3.0.7-hobbled-new/Configurations/10-main.conf 2022-11-28 16:00:19.679841210 +0100 +@@ -1494,7 +1494,7 @@ my %targets = ( cppflags => combine("-DUNICODE -D_UNICODE -DWIN32_LEAN_AND_MEAN", threads("-D_MT")), lib_cppflags => "-DL_ENDIAN", @@ -10,9 +10,9 @@ diff -rupN --no-dereference openssl-3.0.5/Configurations/10-main.conf openssl-3. thread_scheme => "winthreads", dso_scheme => "win32", shared_target => "mingw-shared", -diff -rupN --no-dereference openssl-3.0.5/crypto/provider_core.c openssl-3.0.5-new/crypto/provider_core.c ---- openssl-3.0.5/crypto/provider_core.c 2022-07-05 10:57:04.000000000 +0200 -+++ openssl-3.0.5-new/crypto/provider_core.c 2022-07-08 10:09:54.624097995 +0200 +diff -rupN --no-dereference openssl-3.0.7-hobbled/crypto/provider_core.c openssl-3.0.7-hobbled-new/crypto/provider_core.c +--- openssl-3.0.7-hobbled/crypto/provider_core.c 2022-11-01 15:14:36.000000000 +0100 ++++ openssl-3.0.7-hobbled-new/crypto/provider_core.c 2022-11-28 16:00:19.679841210 +0100 @@ -32,6 +32,10 @@ #ifndef FIPS_MODULE # include diff --git a/sources b/sources index 98fbb23..4abc043 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-3.0.5-hobbled.tar.xz) = 2f5531d46a905af8d36bf81c18fa34ccc86f5bd66e6e4227bb17e2f926ef14f78057ab60cd9d55bb9d1bad3d5b56a71170e4a86708fd8352324db2e0747142cf +SHA512 (openssl-3.0.7-hobbled.tar.xz) = 1d536936503b080ad765d53ce182690dc08e682e7e099405d844307a82b020bcd019d8f85db1fb8fd0e8423ee07f485b227d6529951eb528354b1fbbd89840df