diff --git a/.gitignore b/.gitignore index f26a0c8..d9c2c56 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-3.0.0-hobbled.tar.xz /openssl-3.0.2-hobbled.tar.gz /openssl-3.0.3-hobbled.tar.gz +/openssl-3.0.5-hobbled.tar.xz diff --git a/0001-Aarch64-and-ppc64le-use-lib64.patch b/0001-Aarch64-and-ppc64le-use-lib64.patch index dc58a13..1afde99 100644 --- a/0001-Aarch64-and-ppc64le-use-lib64.patch +++ b/0001-Aarch64-and-ppc64le-use-lib64.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.3/Configurations/10-main.conf openssl-3.0.3-new/Configurations/10-main.conf ---- openssl-3.0.3/Configurations/10-main.conf 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/Configurations/10-main.conf 2022-06-02 14:30:31.646053344 +0200 +diff -rupN --no-dereference openssl-3.0.5/Configurations/10-main.conf openssl-3.0.5-new/Configurations/10-main.conf +--- openssl-3.0.5/Configurations/10-main.conf 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/Configurations/10-main.conf 2022-07-08 10:09:52.290097943 +0200 @@ -730,6 +730,7 @@ my %targets = ( lib_cppflags => add("-DL_ENDIAN"), asm_arch => 'ppc64', diff --git a/0002-Use-more-general-default-values-in-openssl.cnf.patch b/0002-Use-more-general-default-values-in-openssl.cnf.patch index cf8fda6..9136e82 100644 --- a/0002-Use-more-general-default-values-in-openssl.cnf.patch +++ b/0002-Use-more-general-default-values-in-openssl.cnf.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.3/apps/openssl.cnf openssl-3.0.3-new/apps/openssl.cnf ---- openssl-3.0.3/apps/openssl.cnf 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/apps/openssl.cnf 2022-06-02 14:30:31.876053349 +0200 +diff -rupN --no-dereference openssl-3.0.5/apps/openssl.cnf openssl-3.0.5-new/apps/openssl.cnf +--- openssl-3.0.5/apps/openssl.cnf 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/apps/openssl.cnf 2022-07-08 10:09:52.488097947 +0200 @@ -111,7 +111,7 @@ cert_opt = ca_default # Certificate fi default_days = 365 # how long to certify for diff --git a/0003-Do-not-install-html-docs.patch b/0003-Do-not-install-html-docs.patch index ecd546f..134f152 100644 --- a/0003-Do-not-install-html-docs.patch +++ b/0003-Do-not-install-html-docs.patch @@ -1,7 +1,7 @@ -diff -rupN --no-dereference openssl-3.0.3/Configurations/unix-Makefile.tmpl openssl-3.0.3-new/Configurations/unix-Makefile.tmpl ---- openssl-3.0.3/Configurations/unix-Makefile.tmpl 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/Configurations/unix-Makefile.tmpl 2022-06-02 14:30:32.079053354 +0200 -@@ -610,7 +610,7 @@ install_sw: install_dev install_engines +diff -rupN --no-dereference openssl-3.0.5/Configurations/unix-Makefile.tmpl openssl-3.0.5-new/Configurations/unix-Makefile.tmpl +--- openssl-3.0.5/Configurations/unix-Makefile.tmpl 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/Configurations/unix-Makefile.tmpl 2022-07-08 10:09:52.683097951 +0200 +@@ -611,7 +611,7 @@ install_sw: install_dev install_engines uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev diff --git a/0004-Override-default-paths-for-the-CA-directory-tree.patch b/0004-Override-default-paths-for-the-CA-directory-tree.patch index b0d5256..e43cb74 100644 --- a/0004-Override-default-paths-for-the-CA-directory-tree.patch +++ b/0004-Override-default-paths-for-the-CA-directory-tree.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.3/apps/CA.pl.in openssl-3.0.3-new/apps/CA.pl.in ---- openssl-3.0.3/apps/CA.pl.in 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/apps/CA.pl.in 2022-06-02 14:30:32.267053358 +0200 +diff -rupN --no-dereference openssl-3.0.5/apps/CA.pl.in openssl-3.0.5-new/apps/CA.pl.in +--- openssl-3.0.5/apps/CA.pl.in 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/apps/CA.pl.in 2022-07-08 10:09:52.871097956 +0200 @@ -29,7 +29,7 @@ my $X509 = "$openssl x509"; my $PKCS12 = "$openssl pkcs12"; @@ -10,9 +10,9 @@ diff -rupN --no-dereference openssl-3.0.3/apps/CA.pl.in openssl-3.0.3-new/apps/C my $CAKEY = "cakey.pem"; my $CAREQ = "careq.pem"; my $CACERT = "cacert.pem"; -diff -rupN --no-dereference openssl-3.0.3/apps/openssl.cnf openssl-3.0.3-new/apps/openssl.cnf ---- openssl-3.0.3/apps/openssl.cnf 2022-06-02 14:30:32.076053354 +0200 -+++ openssl-3.0.3-new/apps/openssl.cnf 2022-06-02 14:30:32.267053358 +0200 +diff -rupN --no-dereference openssl-3.0.5/apps/openssl.cnf openssl-3.0.5-new/apps/openssl.cnf +--- openssl-3.0.5/apps/openssl.cnf 2022-07-08 10:09:52.679097951 +0200 ++++ openssl-3.0.5-new/apps/openssl.cnf 2022-07-08 10:09:52.871097956 +0200 @@ -52,6 +52,8 @@ tsa_policy3 = 1.2.3.4.5.7 [openssl_init] diff --git a/0005-apps-ca-fix-md-option-help-text.patch b/0005-apps-ca-fix-md-option-help-text.patch index eb3800b..36586f1 100644 --- a/0005-apps-ca-fix-md-option-help-text.patch +++ b/0005-apps-ca-fix-md-option-help-text.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.3/apps/ca.c openssl-3.0.3-new/apps/ca.c ---- openssl-3.0.3/apps/ca.c 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/apps/ca.c 2022-06-02 14:30:32.456053362 +0200 +diff -rupN --no-dereference openssl-3.0.5/apps/ca.c openssl-3.0.5-new/apps/ca.c +--- openssl-3.0.5/apps/ca.c 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/apps/ca.c 2022-07-08 10:09:53.057097960 +0200 @@ -210,7 +210,7 @@ const OPTIONS ca_options[] = { {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"}, diff --git a/0006-Disable-signature-verification-with-totally-unsafe-h.patch b/0006-Disable-signature-verification-with-totally-unsafe-h.patch index 266ebc9..cdea72e 100644 --- a/0006-Disable-signature-verification-with-totally-unsafe-h.patch +++ b/0006-Disable-signature-verification-with-totally-unsafe-h.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.3/crypto/asn1/a_verify.c openssl-3.0.3-new/crypto/asn1/a_verify.c ---- openssl-3.0.3/crypto/asn1/a_verify.c 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/crypto/asn1/a_verify.c 2022-06-02 14:30:32.645053367 +0200 +diff -rupN --no-dereference openssl-3.0.5/crypto/asn1/a_verify.c openssl-3.0.5-new/crypto/asn1/a_verify.c +--- openssl-3.0.5/crypto/asn1/a_verify.c 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/crypto/asn1/a_verify.c 2022-07-08 10:09:53.250097964 +0200 @@ -153,6 +153,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); if (ret <= 1) diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch index 8b7d213..8ba6e2e 100644 --- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.3/Configurations/unix-Makefile.tmpl openssl-3.0.3-new/Configurations/unix-Makefile.tmpl ---- openssl-3.0.3/Configurations/unix-Makefile.tmpl 2022-06-02 14:30:32.263053358 +0200 -+++ openssl-3.0.3-new/Configurations/unix-Makefile.tmpl 2022-06-02 14:30:32.842053371 +0200 +diff -rupN --no-dereference openssl-3.0.5/Configurations/unix-Makefile.tmpl openssl-3.0.5-new/Configurations/unix-Makefile.tmpl +--- openssl-3.0.5/Configurations/unix-Makefile.tmpl 2022-07-08 10:09:52.868097956 +0200 ++++ openssl-3.0.5-new/Configurations/unix-Makefile.tmpl 2022-07-08 10:09:53.438097968 +0200 @@ -315,6 +315,10 @@ MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) HTMLDIR=$(DOCDIR)/html @@ -20,10 +20,10 @@ diff -rupN --no-dereference openssl-3.0.3/Configurations/unix-Makefile.tmpl open (map { "-I".$_} @{$config{CPPINCLUDES}}), @{$config{CPPFLAGS}}) -} CFLAGS={- join(' ', @{$config{CFLAGS}}) -} -diff -rupN --no-dereference openssl-3.0.3/Configure openssl-3.0.3-new/Configure ---- openssl-3.0.3/Configure 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/Configure 2022-06-02 14:30:32.847053371 +0200 -@@ -27,7 +27,7 @@ use OpenSSL::config; +diff -rupN --no-dereference openssl-3.0.5/Configure openssl-3.0.5-new/Configure +--- openssl-3.0.5/Configure 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/Configure 2022-07-08 10:09:53.439097968 +0200 +@@ -28,7 +28,7 @@ use OpenSSL::config; my $orig_death_handler = $SIG{__DIE__}; $SIG{__DIE__} = \&death_handler; @@ -32,7 +32,7 @@ diff -rupN --no-dereference openssl-3.0.3/Configure openssl-3.0.3-new/Configure my $banner = <<"EOF"; -@@ -61,6 +61,10 @@ EOF +@@ -62,6 +62,10 @@ EOF # given with --prefix. # This becomes the value of OPENSSLDIR in Makefile and in C. # (Default: PREFIX/ssl) @@ -43,7 +43,7 @@ diff -rupN --no-dereference openssl-3.0.3/Configure openssl-3.0.3-new/Configure # --banner=".." Output specified text instead of default completion banner # # -w Don't wait after showing a Configure warning -@@ -387,6 +391,7 @@ $config{prefix}=""; +@@ -388,6 +392,7 @@ $config{prefix}=""; $config{openssldir}=""; $config{processor}=""; $config{libdir}=""; @@ -51,7 +51,7 @@ diff -rupN --no-dereference openssl-3.0.3/Configure openssl-3.0.3-new/Configure my $auto_threads=1; # enable threads automatically? true by default my $default_ranlib; -@@ -989,6 +994,10 @@ while (@argvcopy) +@@ -990,6 +995,10 @@ while (@argvcopy) die "FIPS key too long (64 bytes max)\n" if length $1 > 64; } @@ -62,9 +62,9 @@ diff -rupN --no-dereference openssl-3.0.3/Configure openssl-3.0.3-new/Configure elsif (/^--banner=(.*)$/) { $banner = $1 . "\n"; -diff -rupN --no-dereference openssl-3.0.3/doc/man1/openssl-ciphers.pod.in openssl-3.0.3-new/doc/man1/openssl-ciphers.pod.in ---- openssl-3.0.3/doc/man1/openssl-ciphers.pod.in 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/doc/man1/openssl-ciphers.pod.in 2022-06-02 14:30:32.843053371 +0200 +diff -rupN --no-dereference openssl-3.0.5/doc/man1/openssl-ciphers.pod.in openssl-3.0.5-new/doc/man1/openssl-ciphers.pod.in +--- openssl-3.0.5/doc/man1/openssl-ciphers.pod.in 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/doc/man1/openssl-ciphers.pod.in 2022-07-08 10:09:53.439097968 +0200 @@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B cipher s The cipher suites not enabled by B, currently B. @@ -81,9 +81,9 @@ diff -rupN --no-dereference openssl-3.0.3/doc/man1/openssl-ciphers.pod.in openss =item B "High" encryption cipher suites. This currently means those with key lengths -diff -rupN --no-dereference openssl-3.0.3/include/openssl/ssl.h.in openssl-3.0.3-new/include/openssl/ssl.h.in ---- openssl-3.0.3/include/openssl/ssl.h.in 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/include/openssl/ssl.h.in 2022-06-02 14:30:32.843053371 +0200 +diff -rupN --no-dereference openssl-3.0.5/include/openssl/ssl.h.in openssl-3.0.5-new/include/openssl/ssl.h.in +--- openssl-3.0.5/include/openssl/ssl.h.in 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/include/openssl/ssl.h.in 2022-07-08 10:09:53.439097968 +0200 @@ -205,6 +205,11 @@ extern "C" { * throwing out anonymous and unencrypted ciphersuites! (The latter are not * actually enabled by ALL, but "ALL:RSA" would enable some of them.) @@ -96,9 +96,9 @@ diff -rupN --no-dereference openssl-3.0.3/include/openssl/ssl.h.in openssl-3.0.3 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 -diff -rupN --no-dereference openssl-3.0.3/ssl/ssl_ciph.c openssl-3.0.3-new/ssl/ssl_ciph.c ---- openssl-3.0.3/ssl/ssl_ciph.c 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/ssl/ssl_ciph.c 2022-06-02 14:30:32.844053371 +0200 +diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.5-new/ssl/ssl_ciph.c +--- openssl-3.0.5/ssl/ssl_ciph.c 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/ssl/ssl_ciph.c 2022-07-08 10:09:53.440097968 +0200 @@ -1436,6 +1436,53 @@ int SSL_set_ciphersuites(SSL *s, const c return ret; } @@ -252,9 +252,9 @@ diff -rupN --no-dereference openssl-3.0.3/ssl/ssl_ciph.c openssl-3.0.3-new/ssl/s } char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) -diff -rupN --no-dereference openssl-3.0.3/ssl/ssl_lib.c openssl-3.0.3-new/ssl/ssl_lib.c ---- openssl-3.0.3/ssl/ssl_lib.c 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/ssl/ssl_lib.c 2022-06-02 14:30:32.845053371 +0200 +diff -rupN --no-dereference openssl-3.0.5/ssl/ssl_lib.c openssl-3.0.5-new/ssl/ssl_lib.c +--- openssl-3.0.5/ssl/ssl_lib.c 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/ssl/ssl_lib.c 2022-07-08 10:09:53.441097968 +0200 @@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx ctx->tls13_ciphersuites, &(ctx->cipher_list), @@ -273,9 +273,9 @@ diff -rupN --no-dereference openssl-3.0.3/ssl/ssl_lib.c openssl-3.0.3-new/ssl/ss || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; -diff -rupN --no-dereference openssl-3.0.3/test/cipherlist_test.c openssl-3.0.3-new/test/cipherlist_test.c ---- openssl-3.0.3/test/cipherlist_test.c 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/test/cipherlist_test.c 2022-06-02 14:30:32.845053371 +0200 +diff -rupN --no-dereference openssl-3.0.5/test/cipherlist_test.c openssl-3.0.5-new/test/cipherlist_test.c +--- openssl-3.0.5/test/cipherlist_test.c 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/test/cipherlist_test.c 2022-07-08 10:09:53.441097968 +0200 @@ -246,7 +246,9 @@ end: int setup_tests(void) @@ -286,9 +286,9 @@ diff -rupN --no-dereference openssl-3.0.3/test/cipherlist_test.c openssl-3.0.3-n ADD_TEST(test_default_cipherlist_explicit); ADD_TEST(test_default_cipherlist_clear); return 1; -diff -rupN --no-dereference openssl-3.0.3/util/libcrypto.num openssl-3.0.3-new/util/libcrypto.num ---- openssl-3.0.3/util/libcrypto.num 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/util/libcrypto.num 2022-06-02 14:30:32.846053371 +0200 +diff -rupN --no-dereference openssl-3.0.5/util/libcrypto.num openssl-3.0.5-new/util/libcrypto.num +--- openssl-3.0.5/util/libcrypto.num 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/util/libcrypto.num 2022-07-08 10:09:53.442097968 +0200 @@ -5427,3 +5427,4 @@ EVP_PKEY_get0_provider EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: diff --git a/0008-Add-FIPS_mode-compatibility-macro.patch b/0008-Add-FIPS_mode-compatibility-macro.patch index 11833b2..ea82120 100644 --- a/0008-Add-FIPS_mode-compatibility-macro.patch +++ b/0008-Add-FIPS_mode-compatibility-macro.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.3/include/openssl/crypto.h.in openssl-3.0.3-new/include/openssl/crypto.h.in ---- openssl-3.0.3/include/openssl/crypto.h.in 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/include/openssl/crypto.h.in 2022-06-02 14:30:33.049053376 +0200 +diff -rupN --no-dereference openssl-3.0.5/include/openssl/crypto.h.in openssl-3.0.5-new/include/openssl/crypto.h.in +--- openssl-3.0.5/include/openssl/crypto.h.in 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/include/openssl/crypto.h.in 2022-07-08 10:09:53.638097973 +0200 @@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack # include # include @@ -9,9 +9,9 @@ diff -rupN --no-dereference openssl-3.0.3/include/openssl/crypto.h.in openssl-3. # ifdef CHARSET_EBCDIC # include -diff -rupN --no-dereference openssl-3.0.3/include/openssl/fips.h openssl-3.0.3-new/include/openssl/fips.h ---- openssl-3.0.3/include/openssl/fips.h 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-3.0.3-new/include/openssl/fips.h 2022-06-02 14:30:33.049053376 +0200 +diff -rupN --no-dereference openssl-3.0.5/include/openssl/fips.h openssl-3.0.5-new/include/openssl/fips.h +--- openssl-3.0.5/include/openssl/fips.h 1970-01-01 01:00:00.000000000 +0100 ++++ openssl-3.0.5-new/include/openssl/fips.h 2022-07-08 10:09:53.638097973 +0200 @@ -0,0 +1,25 @@ +/* + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. @@ -38,9 +38,9 @@ diff -rupN --no-dereference openssl-3.0.3/include/openssl/fips.h openssl-3.0.3-n +} +# endif +#endif -diff -rupN --no-dereference openssl-3.0.3/test/property_test.c openssl-3.0.3-new/test/property_test.c ---- openssl-3.0.3/test/property_test.c 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/test/property_test.c 2022-06-02 14:30:33.050053376 +0200 +diff -rupN --no-dereference openssl-3.0.5/test/property_test.c openssl-3.0.5-new/test/property_test.c +--- openssl-3.0.5/test/property_test.c 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/test/property_test.c 2022-07-08 10:09:53.638097973 +0200 @@ -624,6 +624,18 @@ static int test_property_list_to_string( return ret; } diff --git a/0011-Remove-EC-curves.patch b/0011-Remove-EC-curves.patch index 6434baf..f35da1b 100644 --- a/0011-Remove-EC-curves.patch +++ b/0011-Remove-EC-curves.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.3/apps/speed.c openssl-3.0.3-new/apps/speed.c ---- openssl-3.0.3/apps/speed.c 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/apps/speed.c 2022-06-02 14:30:33.247053380 +0200 +diff -rupN --no-dereference openssl-3.0.5/apps/speed.c openssl-3.0.5-new/apps/speed.c +--- openssl-3.0.5/apps/speed.c 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/apps/speed.c 2022-07-08 10:09:53.832097977 +0200 @@ -365,68 +365,23 @@ static double ffdh_results[FFDH_NUM][1]; #endif /* OPENSSL_NO_DH */ @@ -115,9 +115,9 @@ diff -rupN --no-dereference openssl-3.0.3/apps/speed.c openssl-3.0.3-new/apps/sp #ifndef OPENSSL_NO_SM2 OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2); -diff -rupN --no-dereference openssl-3.0.3/crypto/evp/ec_support.c openssl-3.0.3-new/crypto/evp/ec_support.c ---- openssl-3.0.3/crypto/evp/ec_support.c 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/crypto/evp/ec_support.c 2022-06-02 14:30:33.246053380 +0200 +diff -rupN --no-dereference openssl-3.0.5/crypto/evp/ec_support.c openssl-3.0.5-new/crypto/evp/ec_support.c +--- openssl-3.0.5/crypto/evp/ec_support.c 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/crypto/evp/ec_support.c 2022-07-08 10:09:53.832097977 +0200 @@ -20,99 +20,12 @@ typedef struct ec_name2nid_st { static const EC_NAME2NID curve_list[] = { /* prime field curves */ @@ -218,9 +218,9 @@ diff -rupN --no-dereference openssl-3.0.3/crypto/evp/ec_support.c openssl-3.0.3- }; const char *OSSL_EC_curve_nid2name(int nid) -diff -rupN --no-dereference openssl-3.0.3/test/acvp_test.inc openssl-3.0.3-new/test/acvp_test.inc ---- openssl-3.0.3/test/acvp_test.inc 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/test/acvp_test.inc 2022-06-02 14:30:33.246053380 +0200 +diff -rupN --no-dereference openssl-3.0.5/test/acvp_test.inc openssl-3.0.5-new/test/acvp_test.inc +--- openssl-3.0.5/test/acvp_test.inc 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/test/acvp_test.inc 2022-07-08 10:09:53.832097977 +0200 @@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_ }; static const struct ecdsa_sigver_st ecdsa_sigver_data[] = { @@ -237,9 +237,9 @@ diff -rupN --no-dereference openssl-3.0.3/test/acvp_test.inc openssl-3.0.3-new/t "SHA2-512", "P-521", ITM(ecdsa_sigver_msg1), -diff -rupN --no-dereference openssl-3.0.3/test/ecdsatest.h openssl-3.0.3-new/test/ecdsatest.h ---- openssl-3.0.3/test/ecdsatest.h 2022-06-01 12:19:09.000000000 +0200 -+++ openssl-3.0.3-new/test/ecdsatest.h 2022-06-02 14:30:33.243053380 +0200 +diff -rupN --no-dereference openssl-3.0.5/test/ecdsatest.h openssl-3.0.5-new/test/ecdsatest.h +--- openssl-3.0.5/test/ecdsatest.h 2022-07-05 13:32:40.000000000 +0200 ++++ openssl-3.0.5-new/test/ecdsatest.h 2022-07-08 10:09:53.833097977 +0200 @@ -32,23 +32,6 @@ typedef struct { } ecdsa_cavs_kat_t; @@ -264,10 +264,10 @@ diff -rupN --no-dereference openssl-3.0.3/test/ecdsatest.h openssl-3.0.3-new/tes /* prime KATs from NIST CAVP */ {NID_secp224r1, NID_sha224, "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" -diff -rupN --no-dereference openssl-3.0.3/test/evp_extra_test.c openssl-3.0.3-new/test/evp_extra_test.c ---- openssl-3.0.3/test/evp_extra_test.c 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/test/evp_extra_test.c 2022-06-02 14:30:33.247053380 +0200 -@@ -3269,13 +3269,12 @@ err: +diff -rupN --no-dereference openssl-3.0.5/test/evp_extra_test.c openssl-3.0.5-new/test/evp_extra_test.c +--- openssl-3.0.5/test/evp_extra_test.c 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/test/evp_extra_test.c 2022-07-08 10:09:53.834097977 +0200 +@@ -3306,13 +3306,12 @@ err: #ifndef OPENSSL_NO_EC static int ecpub_nids[] = { @@ -282,9 +282,9 @@ diff -rupN --no-dereference openssl-3.0.3/test/evp_extra_test.c openssl-3.0.3-ne }; static int test_ecpub(int idx) -diff -rupN --no-dereference openssl-3.0.3/test/recipes/06-test_algorithmid.t openssl-3.0.3-new/test/recipes/06-test_algorithmid.t ---- openssl-3.0.3/test/recipes/06-test_algorithmid.t 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/test/recipes/06-test_algorithmid.t 2022-06-02 14:30:33.243053380 +0200 +diff -rupN --no-dereference openssl-3.0.5/test/recipes/06-test_algorithmid.t openssl-3.0.5-new/test/recipes/06-test_algorithmid.t +--- openssl-3.0.5/test/recipes/06-test_algorithmid.t 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/test/recipes/06-test_algorithmid.t 2022-07-08 10:09:53.834097977 +0200 @@ -33,7 +33,7 @@ my %certs_info = 'ee-cert-ec-named-explicit' => 'ca-cert-ec-explicit', 'ee-cert-ec-named-named' => 'ca-cert-ec-named', @@ -294,9 +294,9 @@ diff -rupN --no-dereference openssl-3.0.3/test/recipes/06-test_algorithmid.t ope ) ) ); -diff -rupN --no-dereference openssl-3.0.3/test/recipes/15-test_genec.t openssl-3.0.3-new/test/recipes/15-test_genec.t ---- openssl-3.0.3/test/recipes/15-test_genec.t 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/test/recipes/15-test_genec.t 2022-06-02 14:30:33.243053380 +0200 +diff -rupN --no-dereference openssl-3.0.5/test/recipes/15-test_genec.t openssl-3.0.5-new/test/recipes/15-test_genec.t +--- openssl-3.0.5/test/recipes/15-test_genec.t 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/test/recipes/15-test_genec.t 2022-07-08 10:09:53.834097977 +0200 @@ -41,45 +41,11 @@ plan skip_all => "This test is unsupport if disabled("ec"); @@ -351,9 +351,9 @@ diff -rupN --no-dereference openssl-3.0.3/test/recipes/15-test_genec.t openssl-3 P-224 P-256 P-384 -diff -rupN --no-dereference openssl-3.0.3/test/recipes/20-test_cli_fips.t openssl-3.0.3-new/test/recipes/20-test_cli_fips.t ---- openssl-3.0.3/test/recipes/20-test_cli_fips.t 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/test/recipes/20-test_cli_fips.t 2022-06-02 14:30:33.244053380 +0200 +diff -rupN --no-dereference openssl-3.0.5/test/recipes/20-test_cli_fips.t openssl-3.0.5-new/test/recipes/20-test_cli_fips.t +--- openssl-3.0.5/test/recipes/20-test_cli_fips.t 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/test/recipes/20-test_cli_fips.t 2022-07-08 10:09:53.834097977 +0200 @@ -26,7 +26,7 @@ use platform; my $no_check = disabled("fips") || disabled('fips-securitychecks'); plan skip_all => "Test only supported in a fips build with security checks" @@ -424,9 +424,9 @@ diff -rupN --no-dereference openssl-3.0.3/test/recipes/20-test_cli_fips.t openss SKIP: { skip "FIPS RSA tests because of no rsa in this build", 1 if disabled("rsa"); -diff -rupN --no-dereference openssl-3.0.3/test/recipes/30-test_evp_data/evppkey_ecc.txt openssl-3.0.3-new/test/recipes/30-test_evp_data/evppkey_ecc.txt ---- openssl-3.0.3/test/recipes/30-test_evp_data/evppkey_ecc.txt 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/test/recipes/30-test_evp_data/evppkey_ecc.txt 2022-06-02 14:30:33.249053380 +0200 +diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_ecc.txt openssl-3.0.5-new/test/recipes/30-test_evp_data/evppkey_ecc.txt +--- openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_ecc.txt 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/test/recipes/30-test_evp_data/evppkey_ecc.txt 2022-07-08 10:09:53.836097977 +0200 @@ -1,3 +1,4 @@ + # @@ -4731,9 +4731,9 @@ diff -rupN --no-dereference openssl-3.0.3/test/recipes/30-test_evp_data/evppkey_ -Ctrl=ecdh_cofactor_mode:1 -Result=DERIVE_ERROR -Reason=point at infinity -diff -rupN --no-dereference openssl-3.0.3/test/recipes/30-test_evp_data/evppkey_mismatch.txt openssl-3.0.3-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt ---- openssl-3.0.3/test/recipes/30-test_evp_data/evppkey_mismatch.txt 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt 2022-06-02 14:30:33.247053380 +0200 +diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_mismatch.txt openssl-3.0.5-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt +--- openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_mismatch.txt 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/test/recipes/30-test_evp_data/evppkey_mismatch.txt 2022-07-08 10:09:53.836097977 +0200 @@ -31,12 +31,6 @@ MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUP x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ== -----END PUBLIC KEY----- @@ -4757,9 +4757,9 @@ diff -rupN --no-dereference openssl-3.0.3/test/recipes/30-test_evp_data/evppkey_ - -PrivPubKeyPair = Alice-25519:KAS-ECC-CDH_K-163_C0-PUBLIC -Result = KEYPAIR_TYPE_MISMATCH -diff -rupN --no-dereference openssl-3.0.3/test/recipes/30-test_evp.t openssl-3.0.3-new/test/recipes/30-test_evp.t ---- openssl-3.0.3/test/recipes/30-test_evp.t 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/test/recipes/30-test_evp.t 2022-06-02 14:30:33.248053380 +0200 +diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp.t openssl-3.0.5-new/test/recipes/30-test_evp.t +--- openssl-3.0.5/test/recipes/30-test_evp.t 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/test/recipes/30-test_evp.t 2022-07-08 10:09:53.836097977 +0200 @@ -116,7 +116,6 @@ my @defltfiles = qw( evppkey_kdf_tls1_prf.txt evppkey_rsa.txt @@ -4768,9 +4768,9 @@ diff -rupN --no-dereference openssl-3.0.3/test/recipes/30-test_evp.t openssl-3.0 push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; plan tests => -diff -rupN --no-dereference openssl-3.0.3/test/recipes/65-test_cmp_protect.t openssl-3.0.3-new/test/recipes/65-test_cmp_protect.t ---- openssl-3.0.3/test/recipes/65-test_cmp_protect.t 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/test/recipes/65-test_cmp_protect.t 2022-06-02 14:30:33.246053380 +0200 +diff -rupN --no-dereference openssl-3.0.5/test/recipes/65-test_cmp_protect.t openssl-3.0.5-new/test/recipes/65-test_cmp_protect.t +--- openssl-3.0.5/test/recipes/65-test_cmp_protect.t 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/test/recipes/65-test_cmp_protect.t 2022-07-08 10:09:53.836097977 +0200 @@ -7,7 +7,6 @@ # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at @@ -4788,9 +4788,9 @@ diff -rupN --no-dereference openssl-3.0.3/test/recipes/65-test_cmp_protect.t ope my @basic_cmd = ("cmp_protect_test", data_file("server.pem"), -diff -rupN --no-dereference openssl-3.0.3/test/recipes/65-test_cmp_vfy.t openssl-3.0.3-new/test/recipes/65-test_cmp_vfy.t ---- openssl-3.0.3/test/recipes/65-test_cmp_vfy.t 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/test/recipes/65-test_cmp_vfy.t 2022-06-02 14:30:33.246053380 +0200 +diff -rupN --no-dereference openssl-3.0.5/test/recipes/65-test_cmp_vfy.t openssl-3.0.5-new/test/recipes/65-test_cmp_vfy.t +--- openssl-3.0.5/test/recipes/65-test_cmp_vfy.t 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/test/recipes/65-test_cmp_vfy.t 2022-07-08 10:09:53.836097977 +0200 @@ -7,7 +7,6 @@ # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at @@ -4808,9 +4808,9 @@ diff -rupN --no-dereference openssl-3.0.3/test/recipes/65-test_cmp_vfy.t openssl my @basic_cmd = ("cmp_vfy_test", data_file("server.crt"), data_file("client.crt"), -diff -rupN --no-dereference openssl-3.0.3/test/ssl-tests/20-cert-select.cnf openssl-3.0.3-new/test/ssl-tests/20-cert-select.cnf ---- openssl-3.0.3/test/ssl-tests/20-cert-select.cnf 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/test/ssl-tests/20-cert-select.cnf 2022-06-02 14:30:33.245053380 +0200 +diff -rupN --no-dereference openssl-3.0.5/test/ssl-tests/20-cert-select.cnf openssl-3.0.5-new/test/ssl-tests/20-cert-select.cnf +--- openssl-3.0.5/test/ssl-tests/20-cert-select.cnf 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/test/ssl-tests/20-cert-select.cnf 2022-07-08 10:09:53.837097977 +0200 @@ -776,14 +776,12 @@ server = 22-ECDSA with brainpool-server client = 22-ECDSA with brainpool-client @@ -4883,9 +4883,9 @@ diff -rupN --no-dereference openssl-3.0.3/test/ssl-tests/20-cert-select.cnf open # =========================================================== -diff -rupN --no-dereference openssl-3.0.3/test/ssl-tests/20-cert-select.cnf.in openssl-3.0.3-new/test/ssl-tests/20-cert-select.cnf.in ---- openssl-3.0.3/test/ssl-tests/20-cert-select.cnf.in 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/test/ssl-tests/20-cert-select.cnf.in 2022-06-02 14:30:33.245053380 +0200 +diff -rupN --no-dereference openssl-3.0.5/test/ssl-tests/20-cert-select.cnf.in openssl-3.0.5-new/test/ssl-tests/20-cert-select.cnf.in +--- openssl-3.0.5/test/ssl-tests/20-cert-select.cnf.in 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/test/ssl-tests/20-cert-select.cnf.in 2022-07-08 10:09:53.837097977 +0200 @@ -428,21 +428,21 @@ my @tests_non_fips = ( { name => "ECDSA with brainpool", diff --git a/0012-Disable-explicit-ec.patch b/0012-Disable-explicit-ec.patch index 6160f53..d3989d1 100644 --- a/0012-Disable-explicit-ec.patch +++ b/0012-Disable-explicit-ec.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.3/crypto/ec/ec_lib.c openssl-3.0.3-new/crypto/ec/ec_lib.c ---- openssl-3.0.3/crypto/ec/ec_lib.c 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/crypto/ec/ec_lib.c 2022-06-02 14:30:33.453053385 +0200 +diff -rupN --no-dereference openssl-3.0.5/crypto/ec/ec_lib.c openssl-3.0.5-new/crypto/ec/ec_lib.c +--- openssl-3.0.5/crypto/ec/ec_lib.c 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/crypto/ec/ec_lib.c 2022-07-08 10:09:54.040097982 +0200 @@ -1458,7 +1458,7 @@ static EC_GROUP *ec_group_explicit_to_na goto err; } @@ -10,9 +10,9 @@ diff -rupN --no-dereference openssl-3.0.3/crypto/ec/ec_lib.c openssl-3.0.3-new/c } EC_GROUP_free(dup); return ret_group; -diff -rupN --no-dereference openssl-3.0.3/providers/common/securitycheck.c openssl-3.0.3-new/providers/common/securitycheck.c ---- openssl-3.0.3/providers/common/securitycheck.c 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/providers/common/securitycheck.c 2022-06-02 14:30:33.454053385 +0200 +diff -rupN --no-dereference openssl-3.0.5/providers/common/securitycheck.c openssl-3.0.5-new/providers/common/securitycheck.c +--- openssl-3.0.5/providers/common/securitycheck.c 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/providers/common/securitycheck.c 2022-07-08 10:09:54.041097982 +0200 @@ -92,22 +92,22 @@ int ossl_rsa_check_key(OSSL_LIB_CTX *ctx int ossl_ec_check_key(OSSL_LIB_CTX *ctx, const EC_KEY *ec, int protect) { @@ -50,10 +50,10 @@ diff -rupN --no-dereference openssl-3.0.3/providers/common/securitycheck.c opens curve_name = EC_curve_nid2nist(nid); if (curve_name == NULL) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, -diff -rupN --no-dereference openssl-3.0.3/providers/implementations/keymgmt/ec_kmgmt.c openssl-3.0.3-new/providers/implementations/keymgmt/ec_kmgmt.c ---- openssl-3.0.3/providers/implementations/keymgmt/ec_kmgmt.c 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/providers/implementations/keymgmt/ec_kmgmt.c 2022-06-02 14:30:33.454053385 +0200 -@@ -932,11 +932,8 @@ int ec_validate(const void *keydata, int +diff -rupN --no-dereference openssl-3.0.5/providers/implementations/keymgmt/ec_kmgmt.c openssl-3.0.5-new/providers/implementations/keymgmt/ec_kmgmt.c +--- openssl-3.0.5/providers/implementations/keymgmt/ec_kmgmt.c 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/providers/implementations/keymgmt/ec_kmgmt.c 2022-07-08 10:09:54.041097982 +0200 +@@ -937,11 +937,8 @@ int ec_validate(const void *keydata, int if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { int flags = EC_KEY_get_flags(eck); @@ -67,7 +67,7 @@ diff -rupN --no-dereference openssl-3.0.3/providers/implementations/keymgmt/ec_k } if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { -@@ -1213,6 +1210,10 @@ static int ec_gen_assign_group(EC_KEY *e +@@ -1218,6 +1215,10 @@ static int ec_gen_assign_group(EC_KEY *e ERR_raise(ERR_LIB_PROV, PROV_R_NO_PARAMETERS_SET); return 0; } diff --git a/0024-load-legacy-prov.patch b/0024-load-legacy-prov.patch index 6592f35..62edb32 100644 --- a/0024-load-legacy-prov.patch +++ b/0024-load-legacy-prov.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.3/apps/openssl.cnf openssl-3.0.3-new/apps/openssl.cnf ---- openssl-3.0.3/apps/openssl.cnf 2022-06-02 14:30:32.453053362 +0200 -+++ openssl-3.0.3-new/apps/openssl.cnf 2022-06-02 14:30:33.645053389 +0200 +diff -rupN --no-dereference openssl-3.0.5/apps/openssl.cnf openssl-3.0.5-new/apps/openssl.cnf +--- openssl-3.0.5/apps/openssl.cnf 2022-07-08 10:09:53.054097960 +0200 ++++ openssl-3.0.5-new/apps/openssl.cnf 2022-07-08 10:09:54.234097986 +0200 @@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 @@ -55,9 +55,9 @@ diff -rupN --no-dereference openssl-3.0.3/apps/openssl.cnf openssl-3.0.3-new/app [ ssl_module ] -diff -rupN --no-dereference openssl-3.0.3/doc/man5/config.pod openssl-3.0.3-new/doc/man5/config.pod ---- openssl-3.0.3/doc/man5/config.pod 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/doc/man5/config.pod 2022-06-02 14:30:33.646053389 +0200 +diff -rupN --no-dereference openssl-3.0.5/doc/man5/config.pod openssl-3.0.5-new/doc/man5/config.pod +--- openssl-3.0.5/doc/man5/config.pod 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/doc/man5/config.pod 2022-07-08 10:09:54.234097986 +0200 @@ -273,6 +273,14 @@ significant. All parameters in the section as well as sub-sections are made available to the provider. diff --git a/0051-Support-different-R_BITS-lengths-for-KBKDF.patch b/0051-Support-different-R_BITS-lengths-for-KBKDF.patch index 2579135..12c91ae 100644 --- a/0051-Support-different-R_BITS-lengths-for-KBKDF.patch +++ b/0051-Support-different-R_BITS-lengths-for-KBKDF.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openssl-3.0.3/doc/man7/EVP_KDF-KB.pod openssl-3.0.3-new/doc/man7/EVP_KDF-KB.pod ---- openssl-3.0.3/doc/man7/EVP_KDF-KB.pod 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/doc/man7/EVP_KDF-KB.pod 2022-06-02 14:30:33.841053393 +0200 +diff -rupN --no-dereference openssl-3.0.5/doc/man7/EVP_KDF-KB.pod openssl-3.0.5-new/doc/man7/EVP_KDF-KB.pod +--- openssl-3.0.5/doc/man7/EVP_KDF-KB.pod 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/doc/man7/EVP_KDF-KB.pod 2022-07-08 10:09:54.423097990 +0200 @@ -58,6 +58,13 @@ Set to B<0> to disable use of the option (see SP800-108) that is placed between the Label and Context. The default value of B<1> will be used if unspecified. @@ -15,9 +15,9 @@ diff -rupN --no-dereference openssl-3.0.3/doc/man7/EVP_KDF-KB.pod openssl-3.0.3- =back Depending on whether mac is CMAC or HMAC, either digest or cipher is required -diff -rupN --no-dereference openssl-3.0.3/include/openssl/core_names.h openssl-3.0.3-new/include/openssl/core_names.h ---- openssl-3.0.3/include/openssl/core_names.h 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/include/openssl/core_names.h 2022-06-02 14:30:33.842053393 +0200 +diff -rupN --no-dereference openssl-3.0.5/include/openssl/core_names.h openssl-3.0.5-new/include/openssl/core_names.h +--- openssl-3.0.5/include/openssl/core_names.h 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/include/openssl/core_names.h 2022-07-08 10:09:54.423097990 +0200 @@ -217,6 +217,7 @@ extern "C" { #define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */ #define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */ @@ -26,9 +26,9 @@ diff -rupN --no-dereference openssl-3.0.3/include/openssl/core_names.h openssl-3 #define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info" #define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info" #define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info" -diff -rupN --no-dereference openssl-3.0.3/providers/implementations/kdfs/kbkdf.c openssl-3.0.3-new/providers/implementations/kdfs/kbkdf.c ---- openssl-3.0.3/providers/implementations/kdfs/kbkdf.c 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/providers/implementations/kdfs/kbkdf.c 2022-06-02 14:30:33.842053393 +0200 +diff -rupN --no-dereference openssl-3.0.5/providers/implementations/kdfs/kbkdf.c openssl-3.0.5-new/providers/implementations/kdfs/kbkdf.c +--- openssl-3.0.5/providers/implementations/kdfs/kbkdf.c 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/providers/implementations/kdfs/kbkdf.c 2022-07-08 10:09:54.424097990 +0200 @@ -60,6 +60,7 @@ typedef struct { EVP_MAC_CTX *ctx_init; @@ -122,9 +122,9 @@ diff -rupN --no-dereference openssl-3.0.3/providers/implementations/kdfs/kbkdf.c OSSL_PARAM_END, }; return known_settable_ctx_params; -diff -rupN --no-dereference openssl-3.0.3/test/evp_kdf_test.c openssl-3.0.3-new/test/evp_kdf_test.c ---- openssl-3.0.3/test/evp_kdf_test.c 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/test/evp_kdf_test.c 2022-06-02 14:30:33.842053393 +0200 +diff -rupN --no-dereference openssl-3.0.5/test/evp_kdf_test.c openssl-3.0.5-new/test/evp_kdf_test.c +--- openssl-3.0.5/test/evp_kdf_test.c 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/test/evp_kdf_test.c 2022-07-08 10:09:54.424097990 +0200 @@ -1068,9 +1068,9 @@ static int test_kdf_kbkdf_6803_256(void) #endif @@ -248,10 +248,10 @@ diff -rupN --no-dereference openssl-3.0.3/test/evp_kdf_test.c openssl-3.0.3-new/ ADD_TEST(test_kdf_kbkdf_zero_output_size); ADD_TEST(test_kdf_kbkdf_empty_key); ADD_TEST(test_kdf_kbkdf_1byte_key); -diff -rupN --no-dereference openssl-3.0.3/test/evp_test.c openssl-3.0.3-new/test/evp_test.c ---- openssl-3.0.3/test/evp_test.c 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/test/evp_test.c 2022-06-02 14:30:33.843053393 +0200 -@@ -2742,6 +2742,12 @@ static int kdf_test_ctrl(EVP_TEST *t, EV +diff -rupN --no-dereference openssl-3.0.5/test/evp_test.c openssl-3.0.5-new/test/evp_test.c +--- openssl-3.0.5/test/evp_test.c 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/test/evp_test.c 2022-07-08 10:09:54.424097990 +0200 +@@ -2746,6 +2746,12 @@ static int kdf_test_ctrl(EVP_TEST *t, EV TEST_info("skipping, '%s' is disabled", p); t->skip = 1; } @@ -264,9 +264,9 @@ diff -rupN --no-dereference openssl-3.0.3/test/evp_test.c openssl-3.0.3-new/test OPENSSL_free(name); return 1; } -diff -rupN --no-dereference openssl-3.0.3/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt openssl-3.0.3-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt ---- openssl-3.0.3/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-3.0.3-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt 2022-06-02 14:30:33.847053394 +0200 +diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt openssl-3.0.5-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt +--- openssl-3.0.5/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt 1970-01-01 01:00:00.000000000 +0100 ++++ openssl-3.0.5-new/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt 2022-07-08 10:09:54.425097990 +0200 @@ -0,0 +1,1843 @@ +# +# Copyright 2021-2021 The OpenSSL Project Authors. All Rights Reserved. @@ -2111,9 +2111,9 @@ diff -rupN --no-dereference openssl-3.0.3/test/recipes/30-test_evp_data/evpkdf_k +Ctrl.hexinfo = hexinfo:8e9db3335779db688bcfe096668d9c3bc64e193e3529c430e68d09d56c837dd6c0f94678f121a68ee1feea4735da85a49d34a5290aa39f7b40de435f +Output = 6db880daac98b078ee389a2164252ded61322d661e2b49247ea921e544675d8f17af2bf66dd40d81 + -diff -rupN --no-dereference openssl-3.0.3/test/recipes/30-test_evp.t openssl-3.0.3-new/test/recipes/30-test_evp.t ---- openssl-3.0.3/test/recipes/30-test_evp.t 2022-06-02 14:30:33.449053385 +0200 -+++ openssl-3.0.3-new/test/recipes/30-test_evp.t 2022-06-02 14:30:33.843053393 +0200 +diff -rupN --no-dereference openssl-3.0.5/test/recipes/30-test_evp.t openssl-3.0.5-new/test/recipes/30-test_evp.t +--- openssl-3.0.5/test/recipes/30-test_evp.t 2022-07-08 10:09:54.036097982 +0200 ++++ openssl-3.0.5-new/test/recipes/30-test_evp.t 2022-07-08 10:09:54.425097990 +0200 @@ -45,6 +45,7 @@ my @files = qw( evpciph_aes_stitched.txt evpciph_des3_common.txt diff --git a/mingw-openssl.spec b/mingw-openssl.spec index 3f96849..c739498 100644 --- a/mingw-openssl.spec +++ b/mingw-openssl.spec @@ -14,7 +14,7 @@ %global run_tests 0 Name: mingw-openssl -Version: 3.0.3 +Version: 3.0.5 Release: 1%{?dist} Summary: MinGW port of the OpenSSL toolkit @@ -24,7 +24,7 @@ URL: http://www.openssl.org/ # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. # The original openssl upstream tarball cannot be shipped in the .src.rpm. -Source: openssl-%{version}-hobbled.tar.gz +Source: openssl-%{version}-hobbled.tar.xz Source1: hobble-openssl Source2: Makefile.certificate Source3: genpatches @@ -376,6 +376,9 @@ mkdir -m700 %{buildroot}%{mingw64_sysconfdir}/pki/CA/private %changelog +* Fri Jul 08 2022 Sandro Mani - 3.0.5-1 +- Update to 3.0.5 + * Thu Jun 02 2022 Sandro Mani - 3.0.3-1 - Update to 3.0.3 diff --git a/openssl_compute_moddir.patch b/openssl_compute_moddir.patch index c8adeb8..bf6b210 100644 --- a/openssl_compute_moddir.patch +++ b/openssl_compute_moddir.patch @@ -1,7 +1,7 @@ -diff -rupN --no-dereference openssl-3.0.3/Configurations/10-main.conf openssl-3.0.3-new/Configurations/10-main.conf ---- openssl-3.0.3/Configurations/10-main.conf 2022-06-02 14:30:31.872053349 +0200 -+++ openssl-3.0.3-new/Configurations/10-main.conf 2022-06-02 14:30:34.045053398 +0200 -@@ -1479,7 +1479,7 @@ my %targets = ( +diff -rupN --no-dereference openssl-3.0.5/Configurations/10-main.conf openssl-3.0.5-new/Configurations/10-main.conf +--- openssl-3.0.5/Configurations/10-main.conf 2022-07-08 10:09:52.485097947 +0200 ++++ openssl-3.0.5-new/Configurations/10-main.conf 2022-07-08 10:09:54.624097995 +0200 +@@ -1487,7 +1487,7 @@ my %targets = ( cppflags => combine("-DUNICODE -D_UNICODE -DWIN32_LEAN_AND_MEAN", threads("-D_MT")), lib_cppflags => "-DL_ENDIAN", @@ -10,10 +10,10 @@ diff -rupN --no-dereference openssl-3.0.3/Configurations/10-main.conf openssl-3. thread_scheme => "winthreads", dso_scheme => "win32", shared_target => "mingw-shared", -diff -rupN --no-dereference openssl-3.0.3/crypto/provider_core.c openssl-3.0.3-new/crypto/provider_core.c ---- openssl-3.0.3/crypto/provider_core.c 2022-05-03 15:32:01.000000000 +0200 -+++ openssl-3.0.3-new/crypto/provider_core.c 2022-06-02 14:30:34.045053398 +0200 -@@ -27,6 +27,10 @@ +diff -rupN --no-dereference openssl-3.0.5/crypto/provider_core.c openssl-3.0.5-new/crypto/provider_core.c +--- openssl-3.0.5/crypto/provider_core.c 2022-07-05 10:57:04.000000000 +0200 ++++ openssl-3.0.5-new/crypto/provider_core.c 2022-07-08 10:09:54.624097995 +0200 +@@ -32,6 +32,10 @@ #ifndef FIPS_MODULE # include #endif @@ -24,7 +24,7 @@ diff -rupN --no-dereference openssl-3.0.3/crypto/provider_core.c openssl-3.0.3-n /* * This file defines and uses a number of different structures: -@@ -872,6 +876,27 @@ static int provider_init(OSSL_PROVIDER * +@@ -882,6 +886,27 @@ static int provider_init(OSSL_PROVIDER * if (load_dir == NULL) { load_dir = ossl_safe_getenv("OPENSSL_MODULES"); diff --git a/sources b/sources index 134d27a..98fbb23 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-3.0.3-hobbled.tar.gz) = 474a6309e0457ad33ec4b5f98606ba7ee6fa15dd0abb26a1da80fa37e3fc0ec535b858e03aceb4ce675dcce6a26796c802d8bf8ebb4adc350e6b3ea95810a61b +SHA512 (openssl-3.0.5-hobbled.tar.xz) = 2f5531d46a905af8d36bf81c18fa34ccc86f5bd66e6e4227bb17e2f926ef14f78057ab60cd9d55bb9d1bad3d5b56a71170e4a86708fd8352324db2e0747142cf