Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: openssl

openssl (1.1.1d-2ubuntu6) focal; urgency=medium * Revert version number change to 1.1.1e-dev. -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 06 Mar 2020 04:08:51 +0000 openssl (1.1.1d-2ubuntu4) focal; urgency=medium * Apply 1_1_1-stable branch patches * Apply s390x ECC assembly pack improvements -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 26 Feb 2020 21:54:47 +0000 openssl (1.1.1d-2ubuntu3) focal; urgency=medium * Use perl:native in the autopkgtest for installability on i386. -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 16 Jan 2020 14:15:26 +0000 openssl (1.1.1d-2ubuntu2) focal; urgency=low * Merge from Debian unstable. Remaining changes: - Replace duplicate files in the doc directory with symlinks. - debian/libssl1.1.postinst: + Display a system restart required notification on libssl1.1 upgrade on servers. + Use a different priority for libssl1.1/restart-services depending on whether a desktop, or server dist-upgrade is being performed. + Bump version check to to 1.1.1. + Import libraries/restart-without-asking template as used by above. - Revert "Enable system default config to enforce TLS1.2 as a minimum" & "Increase default security level from 1 to 2". - Reword the NEWS entry, as applicable on Ubuntu. - Cherrypick s390x SIMD acceleration patches for poly1305 and chacha20 from master. * Set OPENSSL_TLS_SECURITY_LEVEL=2 as compiled-in minimum security level. Change meaning of SECURITY_LEVEL=2 to prohibit TLS versions below 1.2 and update documentation. Previous default of 1, can be set by calling SSL_CTX_set_security_level(), SSL_set_security_level() or using ':@SECLEVEL=1' CipherString value in openssl.cfg. -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 08 Jan 2020 17:17:41 +0000

Modifications :
  1. Download patch debian/patches/0066-crypto-bn-fix-a-few-small-timing-leaks-in-BN_lshift1.patch

    --- 1.1.1d-2/debian/patches/0066-crypto-bn-fix-a-few-small-timing-leaks-in-BN_lshift1.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0066-crypto-bn-fix-a-few-small-timing-leaks-in-BN_lshift1.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,78 @@ +From 4f75d1d0cafb759407f6b44c0de52a9f2c2451dc Mon Sep 17 00:00:00 2001 +From: Billy Brumley <bbrumley@gmail.com> +Date: Thu, 17 Oct 2019 23:30:18 +0300 +Subject: [PATCH 066/230] [crypto/bn] fix a few small timing leaks in + BN_lshift1 and BN_rshift1 + +Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> +Reviewed-by: Paul Dale <paul.dale@oracle.com> +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10209) + +(cherry picked from commit 305bf9c8668aff78e668131061f4eb088457be5f) +--- + crypto/bn/bn_shift.c | 23 ++++++++++------------- + 1 file changed, 10 insertions(+), 13 deletions(-) + +diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c +index 0c84d26cc5..210a83f586 100644 +--- a/crypto/bn/bn_shift.c ++++ b/crypto/bn/bn_shift.c +@@ -34,12 +34,10 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) + for (i = 0; i < a->top; i++) { + t = *(ap++); + *(rp++) = ((t << 1) | c) & BN_MASK2; +- c = (t & BN_TBIT) ? 1 : 0; +- } +- if (c) { +- *rp = 1; +- r->top++; ++ c = t >> (BN_BITS2 - 1); + } ++ *rp = c; ++ r->top += c; + bn_check_top(r); + return 1; + } +@@ -47,7 +45,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) + int BN_rshift1(BIGNUM *r, const BIGNUM *a) + { + BN_ULONG *ap, *rp, t, c; +- int i, j; ++ int i; + + bn_check_top(r); + bn_check_top(a); +@@ -58,23 +56,22 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) + } + i = a->top; + ap = a->d; +- j = i - (ap[i - 1] == 1); + if (a != r) { +- if (bn_wexpand(r, j) == NULL) ++ if (bn_wexpand(r, i) == NULL) + return 0; + r->neg = a->neg; + } + rp = r->d; ++ r->top = i; + t = ap[--i]; +- c = (t & 1) ? BN_TBIT : 0; +- if (t >>= 1) +- rp[i] = t; ++ rp[i] = t >> 1; ++ c = t << (BN_BITS2 - 1); ++ r->top -= (t == 1); + while (i > 0) { + t = ap[--i]; + rp[i] = ((t >> 1) & BN_MASK2) | c; +- c = (t & 1) ? BN_TBIT : 0; ++ c = t << (BN_BITS2 - 1); + } +- r->top = j; + if (!r->top) + r->neg = 0; /* don't allow negative zero */ + bn_check_top(r); +-- +2.25.1 +
  2. Download patch debian/patches/0062-Fix-an-s_server-arbitrary-file-read-issue-on-Windows.patch

    --- 1.1.1d-2/debian/patches/0062-Fix-an-s_server-arbitrary-file-read-issue-on-Windows.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0062-Fix-an-s_server-arbitrary-file-read-issue-on-Windows.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,73 @@ +From 325c9ac198c822ca634a12d3856341c5044c66d0 Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Fri, 18 Oct 2019 16:40:44 +0100 +Subject: [PATCH 062/230] Fix an s_server arbitrary file read issue on Windows + +Running s_server in WWW mode on Windows can allow a client to read files +outside the s_server directory by including backslashes in the name, e.g. + +GET /..\myfile.txt HTTP/1.0 + +There exists a check for this for Unix paths but it is not sufficient +for Windows. + +Since s_server is a test tool no CVE is assigned. + +Thanks to Jobert Abma for reporting this. + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10215) + +(cherry picked from commit 0a4d6c67480a4d2fce514e08d3efe571f2ee99c9) +--- + apps/s_server.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/apps/s_server.c b/apps/s_server.c +index b80032c76c..2248a432e2 100644 +--- a/apps/s_server.c ++++ b/apps/s_server.c +@@ -3205,6 +3205,12 @@ static int www_body(int s, int stype, int prot, unsigned char *context) + if (e[0] == ' ') + break; + ++ if (e[0] == ':') { ++ /* Windows drive. We treat this the same way as ".." */ ++ dot = -1; ++ break; ++ } ++ + switch (dot) { + case 1: + dot = (e[0] == '.') ? 2 : 0; +@@ -3213,11 +3219,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context) + dot = (e[0] == '.') ? 3 : 0; + break; + case 3: +- dot = (e[0] == '/') ? -1 : 0; ++ dot = (e[0] == '/' || e[0] == '\\') ? -1 : 0; + break; + } + if (dot == 0) +- dot = (e[0] == '/') ? 1 : 0; ++ dot = (e[0] == '/' || e[0] == '\\') ? 1 : 0; + } + dot = (dot == 3) || (dot == -1); /* filename contains ".." + * component */ +@@ -3231,11 +3237,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context) + + if (dot) { + BIO_puts(io, text); +- BIO_printf(io, "'%s' contains '..' reference\r\n", p); ++ BIO_printf(io, "'%s' contains '..' or ':'\r\n", p); + break; + } + +- if (*p == '/') { ++ if (*p == '/' || *p == '\\') { + BIO_puts(io, text); + BIO_printf(io, "'%s' is an invalid path\r\n", p); + break; +-- +2.25.1 +
  3. Download patch debian/patches/0033-Add-documentation-for-PEM_-read-write-_bio_Parameter.patch

    --- 1.1.1d-2/debian/patches/0033-Add-documentation-for-PEM_-read-write-_bio_Parameter.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0033-Add-documentation-for-PEM_-read-write-_bio_Parameter.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,54 @@ +From 95e4ee81decfd7c832e499ca99b3e49886fe96c1 Mon Sep 17 00:00:00 2001 +From: Richard Levitte <levitte@openssl.org> +Date: Mon, 7 Oct 2019 07:23:32 +0200 +Subject: [PATCH 033/230] Add documentation for + PEM_{read,write}_bio_Parameters() + +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10113) + +(cherry picked from commit 9a6abb95be42b88c7c5ebc8c97f14afdc5919aa1) +--- + doc/man3/PEM_read_bio_PrivateKey.pod | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod +index 7c381e85fe..a8306500fb 100644 +--- a/doc/man3/PEM_read_bio_PrivateKey.pod ++++ b/doc/man3/PEM_read_bio_PrivateKey.pod +@@ -15,7 +15,8 @@ PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, + PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, + PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, + PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, +-PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, ++PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters, PEM_write_bio_Parameters, ++PEM_read_bio_DSAparams, PEM_read_DSAparams, + PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, + PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, + PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, +@@ -110,6 +111,9 @@ PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines + int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x); + int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x); + ++ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); ++ int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x); ++ + DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u); + DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u); + int PEM_write_bio_DSAparams(BIO *bp, DSA *x); +@@ -216,6 +220,12 @@ a DSA structure. The public key is encoded using a + SubjectPublicKeyInfo structure and an error occurs if the public + key is not DSA. + ++The B<Parameters> functions read or write key parameters in PEM format using ++an EVP_PKEY structure. The encoding depends on the type of key; for DSA key ++parameters, it will be a Dss-Parms structure as defined in RFC2459, and for DH ++key parameters, it will be a PKCS#3 DHparameter structure. I<These functions ++only exist for the B<BIO> type>. ++ + The B<DSAparams> functions process DSA parameters using a DSA + structure. The parameters are encoded using a Dss-Parms structure + as defined in RFC2459. +-- +2.25.1 +
  4. Download patch debian/patches/0039-ec_asn1.c-Avoid-injecting-seed-when-built-in-matches.patch

    --- 1.1.1d-2/debian/patches/0039-ec_asn1.c-Avoid-injecting-seed-when-built-in-matches.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0039-ec_asn1.c-Avoid-injecting-seed-when-built-in-matches.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,60 @@ +From ac8881e160632a8de6ca123a9f85b2e6f8ae173b Mon Sep 17 00:00:00 2001 +From: Nicola Tuveri <nic.tuv@gmail.com> +Date: Thu, 10 Oct 2019 20:30:58 +0300 +Subject: [PATCH 039/230] [ec_asn1.c] Avoid injecting seed when built-in + matches + +An unintended consequence of https://github.com/openssl/openssl/pull/9808 +is that when an explicit parameters curve is matched against one of the +well-known builtin curves we automatically inherit also the associated +seed parameter, even if the input parameters excluded such +parameter. + +This later affects the serialization of such parsed keys, causing their +input DER encoding and output DER encoding to differ due to the +additional optional field. + +This does not cause problems internally but could affect external +applications, as reported in +https://github.com/openssl/openssl/pull/9811#issuecomment-536153288 + +This commit fixes the issue by conditionally clearing the seed field if +the original input parameters did not include it. + +Reviewed-by: Matt Caswell <matt@openssl.org> +Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> +(Merged from https://github.com/openssl/openssl/pull/10140) + +(cherry picked from commit f97a8af2f3f3573f0759693117c9d33d2a63c27e) +--- + crypto/ec/ec_asn1.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c +index f14d1b5249..336afc989d 100644 +--- a/crypto/ec/ec_asn1.c ++++ b/crypto/ec/ec_asn1.c +@@ -849,6 +849,20 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) + * serialized using explicit parameters by default. + */ + EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE); ++ ++ /* ++ * If the input params do not contain the optional seed field we make ++ * sure it is not added to the returned group. ++ * ++ * The seed field is not really used inside libcrypto anyway, and ++ * adding it to parsed explicit parameter keys would alter their DER ++ * encoding output (because of the extra field) which could impact ++ * applications fingerprinting keys by their DER encoding. ++ */ ++ if (params->curve->seed == NULL) { ++ if (EC_GROUP_set_seed(ret, NULL, 0) != 1) ++ goto err; ++ } + } + + ok = 1; +-- +2.25.1 +
  5. Download patch debian/patches/0053-fixed-the-RETURN-VALUES-section-in-the-EC_GROUP-docu.patch
  6. Download patch debian/patches/0005-Fix-potential-memory-leaks-with-BN_to_ASN1_INTEGER.patch

    --- 1.1.1d-2/debian/patches/0005-Fix-potential-memory-leaks-with-BN_to_ASN1_INTEGER.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0005-Fix-potential-memory-leaks-with-BN_to_ASN1_INTEGER.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,110 @@ +From 515c728dbaa92211d2eafb0041ab9fcd258fdc41 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger <bernd.edlinger@hotmail.de> +Date: Mon, 9 Sep 2019 19:12:25 +0200 +Subject: [PATCH 005/230] Fix potential memory leaks with BN_to_ASN1_INTEGER + +Reviewed-by: Paul Dale <paul.dale@oracle.com> +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/9833) + +(cherry picked from commit f28bc7d386b25fb75625d0c62c6b2e6d21de0d09) +--- + crypto/ec/ec_asn1.c | 7 +++++-- + crypto/x509v3/v3_asid.c | 26 ++++++++++++++++++++------ + 2 files changed, 25 insertions(+), 8 deletions(-) + +diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c +index 1ce1181fc1..7cbf8de981 100644 +--- a/crypto/ec/ec_asn1.c ++++ b/crypto/ec/ec_asn1.c +@@ -446,6 +446,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + unsigned char *buffer = NULL; + const EC_POINT *point = NULL; + point_conversion_form_t form; ++ ASN1_INTEGER *orig; + + if (params == NULL) { + if ((ret = ECPARAMETERS_new()) == NULL) { +@@ -496,8 +497,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB); + goto err; + } +- ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); ++ ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order); + if (ret->order == NULL) { ++ ret->order = orig; + ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB); + goto err; + } +@@ -505,8 +507,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, + /* set the cofactor (optional) */ + tmp = EC_GROUP_get0_cofactor(group); + if (tmp != NULL) { +- ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); ++ ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor); + if (ret->cofactor == NULL) { ++ ret->cofactor = orig; + ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB); + goto err; + } +diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c +index 089f2ae29f..ef2d64826f 100644 +--- a/crypto/x509v3/v3_asid.c ++++ b/crypto/x509v3/v3_asid.c +@@ -256,6 +256,7 @@ static int extract_min_max(ASIdOrRange *aor, + static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) + { + ASN1_INTEGER *a_max_plus_one = NULL; ++ ASN1_INTEGER *orig; + BIGNUM *bn = NULL; + int i, ret = 0; + +@@ -298,9 +299,15 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) + */ + if ((bn == NULL && (bn = BN_new()) == NULL) || + ASN1_INTEGER_to_BN(a_max, bn) == NULL || +- !BN_add_word(bn, 1) || +- (a_max_plus_one = +- BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { ++ !BN_add_word(bn, 1)) { ++ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, ++ ERR_R_MALLOC_FAILURE); ++ goto done; ++ } ++ ++ if ((a_max_plus_one = ++ BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { ++ a_max_plus_one = orig; + X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, + ERR_R_MALLOC_FAILURE); + goto done; +@@ -351,6 +358,7 @@ int X509v3_asid_is_canonical(ASIdentifiers *asid) + static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) + { + ASN1_INTEGER *a_max_plus_one = NULL; ++ ASN1_INTEGER *orig; + BIGNUM *bn = NULL; + int i, ret = 0; + +@@ -416,9 +424,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) + */ + if ((bn == NULL && (bn = BN_new()) == NULL) || + ASN1_INTEGER_to_BN(a_max, bn) == NULL || +- !BN_add_word(bn, 1) || +- (a_max_plus_one = +- BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { ++ !BN_add_word(bn, 1)) { ++ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ++ ERR_R_MALLOC_FAILURE); ++ goto done; ++ } ++ ++ if ((a_max_plus_one = ++ BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { ++ a_max_plus_one = orig; + X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, + ERR_R_MALLOC_FAILURE); + goto done; +-- +2.25.1 +
  7. Download patch debian/patches/0091-Allow-specifying-the-tag-after-AAD-in-CCM-mode-2.patch

    --- 1.1.1d-2/debian/patches/0091-Allow-specifying-the-tag-after-AAD-in-CCM-mode-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0091-Allow-specifying-the-tag-after-AAD-in-CCM-mode-2.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,71 @@ +From a13dddea6b71743116e86e39d446b9fb43e1799e Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Sat, 2 Nov 2019 00:02:47 +0100 +Subject: [PATCH 091/230] Allow specifying the tag after AAD in CCM mode (2) + +In addition to 67c81ec3 which introduced this behavior in CCM mode +docs but only implemented it for AES-CCM. + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Paul Dale <paul.dale@oracle.com> +(Merged from https://github.com/openssl/openssl/pull/10331) + +(cherry picked from commit f7382fbbd846dd3bdea6b8c03b6af22faf0ab94f) + +Conflicts: + test/recipes/30-test_evp_data/evpciph.txt +--- + crypto/evp/e_aria.c | 7 +++++-- + test/recipes/30-test_evp_data/evpciph.txt | 10 ++++++++++ + 2 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c +index 0bebbb6fc2..1cc6dd91a9 100644 +--- a/crypto/evp/e_aria.c ++++ b/crypto/evp/e_aria.c +@@ -695,8 +695,6 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + if (!cctx->iv_set) + return -1; + +- if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) +- return -1; + if (!out) { + if (!in) { + if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), +@@ -711,6 +709,11 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + CRYPTO_ccm128_aad(ccm, in, len); + return len; + } ++ ++ /* The tag must be set before actually decrypting data */ ++ if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) ++ return -1; ++ + /* If not set length yet do it */ + if (!cctx->len_set) { + if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), +diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt +index 29c317a158..1c02ea1e9c 100644 +--- a/test/recipes/30-test_evp_data/evpciph.txt ++++ b/test/recipes/30-test_evp_data/evpciph.txt +@@ -2358,6 +2358,16 @@ Tag = 3615b7f90a651de15da20fb6 + Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5 + Ciphertext = ff78128ee18ee3cb9fb0d20726a017ff67fbd09d3a4c38aa32f6d306d3fdda378e459b83ed005507449d6cd981a4c1e3ff4193870c276ef09b6317a01a2283206ae4b4be0d0b235422c8abb00122410656b75e1ffc7fb49c0d0c5d6169aa7623610579968037aee8e83fc26264ea866590fd620aa3c0a5f323d953aa7f8defb0d0d60ab5a9de44dbaf8eae74ea3ab5f30594154f405fd630aa4c4d5603efdfa1 + ++# Test that the tag can be set after specifying AAD. ++Cipher = ARIA-256-CCM ++Key = 0c5ffd37a11edc42c325287fc0604f2e3e8cd5671a00fe3216aa5eb105783b54 ++IV = 000020e8f5eb00000000315e ++AAD = 8008315ebf2e6fe020e8f5eb ++Tag = 3615b7f90a651de15da20fb6 ++SetTagLate = TRUE ++Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5 ++Ciphertext = ff78128ee18ee3cb9fb0d20726a017ff67fbd09d3a4c38aa32f6d306d3fdda378e459b83ed005507449d6cd981a4c1e3ff4193870c276ef09b6317a01a2283206ae4b4be0d0b235422c8abb00122410656b75e1ffc7fb49c0d0c5d6169aa7623610579968037aee8e83fc26264ea866590fd620aa3c0a5f323d953aa7f8defb0d0d60ab5a9de44dbaf8eae74ea3ab5f30594154f405fd630aa4c4d5603efdfa1 ++ + + Title = SEED test vectors from RFC4269 + +-- +2.25.1 +
  8. Download patch debian/patches/0029-Define-AESNI_ASM-if-AESNI-assembler-is-included-and-.patch

    --- 1.1.1d-2/debian/patches/0029-Define-AESNI_ASM-if-AESNI-assembler-is-included-and-.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0029-Define-AESNI_ASM-if-AESNI-assembler-is-included-and-.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,66 @@ +From 61cc715240d2d3f9511ca88043a3e9797c11482f Mon Sep 17 00:00:00 2001 +From: Richard Levitte <levitte@openssl.org> +Date: Thu, 3 Oct 2019 08:28:31 +0200 +Subject: [PATCH 029/230] Define AESNI_ASM if AESNI assembler is included, and + use it + +Because we have cases where basic assembler support isn't present, but +AESNI asssembler support is, we need a separate macro that indicates +that, and use it. + +Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> +Reviewed-by: Paul Dale <paul.dale@oracle.com> +(Merged from https://github.com/openssl/openssl/pull/10080) +--- + Configure | 1 + + crypto/evp/e_aes_cbc_hmac_sha1.c | 2 +- + crypto/evp/e_aes_cbc_hmac_sha256.c | 4 ++-- + 3 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/Configure b/Configure +index 811bee81f5..f498ac2f81 100755 +--- a/Configure ++++ b/Configure +@@ -1376,6 +1376,7 @@ unless ($disabled{asm}) { + } + if ($target{aes_asm_src}) { + push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);; ++ push @{$config{lib_defines}}, "AESNI_ASM" if ($target{aes_asm_src} =~ m/\baesni-/);; + # aes-ctr.fake is not a real file, only indication that assembler + # module implements AES_ctr32_encrypt... + push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//); +diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c +index c9f5969162..27c36b46e7 100644 +--- a/crypto/evp/e_aes_cbc_hmac_sha1.c ++++ b/crypto/evp/e_aes_cbc_hmac_sha1.c +@@ -33,7 +33,7 @@ typedef struct { + + #define NO_PAYLOAD_LENGTH ((size_t)-1) + +-#if defined(AES_ASM) && ( \ ++#if defined(AESNI_ASM) && ( \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) ) + +diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c +index d5178313ae..cc622b6faa 100644 +--- a/crypto/evp/e_aes_cbc_hmac_sha256.c ++++ b/crypto/evp/e_aes_cbc_hmac_sha256.c +@@ -34,7 +34,7 @@ typedef struct { + + # define NO_PAYLOAD_LENGTH ((size_t)-1) + +-#if defined(AES_ASM) && ( \ ++#if defined(AESNI_ASM) && ( \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) ) + +@@ -947,4 +947,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) + { + return NULL; + } +-#endif ++#endif /* AESNI_ASM */ +-- +2.25.1 +
  9. Download patch debian/patches/0055-Improve-formatting-for-man3-EC_GROUP_new.pod.patch

    --- 1.1.1d-2/debian/patches/0055-Improve-formatting-for-man3-EC_GROUP_new.pod.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0055-Improve-formatting-for-man3-EC_GROUP_new.pod.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,160 @@ +From 383ba7ade7b8202231220afb67320838eefcbe1a Mon Sep 17 00:00:00 2001 +From: Nicola Tuveri <nic.tuv@gmail.com> +Date: Tue, 22 Oct 2019 12:23:22 +0300 +Subject: [PATCH 055/230] Improve formatting for man3/EC_GROUP_new.pod + +- Use `()` to qualify function names, consistently +- Limit line width to 80 chars + +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10235) +--- + doc/man3/EC_GROUP_new.pod | 96 +++++++++++++++++++++++---------------- + 1 file changed, 56 insertions(+), 40 deletions(-) + +diff --git a/doc/man3/EC_GROUP_new.pod b/doc/man3/EC_GROUP_new.pod +index 1eee494927..4269993ecb 100644 +--- a/doc/man3/EC_GROUP_new.pod ++++ b/doc/man3/EC_GROUP_new.pod +@@ -57,49 +57,61 @@ objects + + =head1 DESCRIPTION + +-Within the library there are two forms of elliptic curve that are of interest. The first form is those defined over the +-prime field Fp. The elements of Fp are the integers 0 to p-1, where p is a prime number. This gives us a revised ++Within the library there are two forms of elliptic curve that are of interest. ++The first form is those defined over the prime field Fp. The elements of Fp are ++the integers 0 to p-1, where p is a prime number. This gives us a revised + elliptic curve equation as follows: + + y^2 mod p = x^3 +ax + b mod p + +-The second form is those defined over a binary field F2^m where the elements of the field are integers of length at +-most m bits. For this form the elliptic curve equation is modified to: ++The second form is those defined over a binary field F2^m where the elements of ++the field are integers of length at most m bits. For this form the elliptic ++curve equation is modified to: + + y^2 + xy = x^3 + ax^2 + b (where b != 0) + +-Operations in a binary field are performed relative to an B<irreducible polynomial>. All such curves with OpenSSL +-use a trinomial or a pentanomial for this parameter. ++Operations in a binary field are performed relative to an B<irreducible ++polynomial>. All such curves with OpenSSL use a trinomial or a pentanomial for ++this parameter. + +-A new curve can be constructed by calling EC_GROUP_new, using the implementation provided by B<meth> (see +-L<EC_GFp_simple_method(3)>). It is then necessary to call EC_GROUP_set_curve() to set the curve parameters. +-EC_GROUP_new_from_ecparameters() will create a group from the +-specified B<params> and +-EC_GROUP_new_from_ecpkparameters() will create a group from the specific PK B<params>. ++A new curve can be constructed by calling EC_GROUP_new(), using the ++implementation provided by B<meth> (see L<EC_GFp_simple_method(3)>). It is then ++necessary to call EC_GROUP_set_curve() to set the curve parameters. ++EC_GROUP_new_from_ecparameters() will create a group from the specified ++B<params> and EC_GROUP_new_from_ecpkparameters() will create a group from the ++specific PK B<params>. + +-EC_GROUP_set_curve() sets the curve parameters B<p>, B<a> and B<b>. For a curve over Fp B<b> +-is the prime for the field. For a curve over F2^m B<p> represents the irreducible polynomial - each bit +-represents a term in the polynomial. Therefore there will either be three or five bits set dependent on whether +-the polynomial is a trinomial or a pentanomial. ++EC_GROUP_set_curve() sets the curve parameters B<p>, B<a> and B<b>. For a curve ++over Fp B<b> is the prime for the field. For a curve over F2^m B<p> represents ++the irreducible polynomial - each bit represents a term in the polynomial. ++Therefore there will either be three or five bits set dependent on whether the ++polynomial is a trinomial or a pentanomial. + + EC_group_get_curve() obtains the previously set curve parameters. + +-EC_GROUP_set_curve_GFp() and EC_GROUP_set_curve_GF2m() are synonyms for EC_GROUP_set_curve(). They are defined for +-backwards compatibility only and should not be used. +- +-EC_GROUP_get_curve_GFp() and EC_GROUP_get_curve_GF2m() are synonyms for EC_GROUP_get_curve(). They are defined for +-backwards compatibility only and should not be used. +- +-The functions EC_GROUP_new_curve_GFp and EC_GROUP_new_curve_GF2m are shortcuts for calling EC_GROUP_new and then the +-EC_GROUP_set_curve function. An appropriate default implementation method will be used. +- +-Whilst the library can be used to create any curve using the functions described above, there are also a number of +-predefined curves that are available. In order to obtain a list of all of the predefined curves, call the function +-EC_get_builtin_curves. The parameter B<r> should be an array of EC_builtin_curve structures of size B<nitems>. The function +-will populate the B<r> array with information about the builtin curves. If B<nitems> is less than the total number of +-curves available, then the first B<nitems> curves will be returned. Otherwise the total number of curves will be +-provided. The return value is the total number of curves available (whether that number has been populated in B<r> or +-not). Passing a NULL B<r>, or setting B<nitems> to 0 will do nothing other than return the total number of curves available. ++EC_GROUP_set_curve_GFp() and EC_GROUP_set_curve_GF2m() are synonyms for ++EC_GROUP_set_curve(). They are defined for backwards compatibility only and ++should not be used. ++ ++EC_GROUP_get_curve_GFp() and EC_GROUP_get_curve_GF2m() are synonyms for ++EC_GROUP_get_curve(). They are defined for backwards compatibility only and ++should not be used. ++ ++The functions EC_GROUP_new_curve_GFp() and EC_GROUP_new_curve_GF2m() are ++shortcuts for calling EC_GROUP_new() and then the EC_GROUP_set_curve() function. ++An appropriate default implementation method will be used. ++ ++Whilst the library can be used to create any curve using the functions described ++above, there are also a number of predefined curves that are available. In order ++to obtain a list of all of the predefined curves, call the function ++EC_get_builtin_curves(). The parameter B<r> should be an array of ++EC_builtin_curve structures of size B<nitems>. The function will populate the ++B<r> array with information about the builtin curves. If B<nitems> is less than ++the total number of curves available, then the first B<nitems> curves will be ++returned. Otherwise the total number of curves will be provided. The return ++value is the total number of curves available (whether that number has been ++populated in B<r> or not). Passing a NULL B<r>, or setting B<nitems> to 0 will ++do nothing other than return the total number of curves available. + The EC_builtin_curve structure is defined as follows: + + typedef struct { +@@ -107,24 +119,28 @@ The EC_builtin_curve structure is defined as follows: + const char *comment; + } EC_builtin_curve; + +-Each EC_builtin_curve item has a unique integer id (B<nid>), and a human readable comment string describing the curve. ++Each EC_builtin_curve item has a unique integer id (B<nid>), and a human ++readable comment string describing the curve. + +-In order to construct a builtin curve use the function EC_GROUP_new_by_curve_name and provide the B<nid> of the curve to ++In order to construct a builtin curve use the function ++EC_GROUP_new_by_curve_name() and provide the B<nid> of the curve to + be constructed. + +-EC_GROUP_free frees the memory associated with the EC_GROUP. ++EC_GROUP_free() frees the memory associated with the EC_GROUP. + If B<group> is NULL nothing is done. + +-EC_GROUP_clear_free destroys any sensitive data held within the EC_GROUP and then frees its memory. +-If B<group> is NULL nothing is done. ++EC_GROUP_clear_free() destroys any sensitive data held within the EC_GROUP and ++then frees its memory. If B<group> is NULL nothing is done. + + =head1 RETURN VALUES + +-All EC_GROUP_new* functions return a pointer to the newly constructed group, or NULL on error. ++All EC_GROUP_new* functions return a pointer to the newly constructed group, or ++NULL on error. + +-EC_get_builtin_curves returns the number of builtin curves that are available. ++EC_get_builtin_curves() returns the number of builtin curves that are available. + +-EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m return 1 on success or 0 on error. ++EC_GROUP_set_curve_GFp(), EC_GROUP_get_curve_GFp(), EC_GROUP_set_curve_GF2m(), ++EC_GROUP_get_curve_GF2m() return 1 on success or 0 on error. + + =head1 SEE ALSO + +@@ -134,7 +150,7 @@ L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)> + + =head1 COPYRIGHT + +-Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. ++Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved. + + Licensed under the OpenSSL license (the "License"). You may not use + this file except in compliance with the License. You can obtain a copy +-- +2.25.1 +
  10. Download patch debian/patches/0052-Move-random-related-defines-from-e_os.h-to-rand_unix.patch
  11. Download patch debian/patches/0086-chacha_enc.c-fix-for-EBCDIC-platforms.patch

    --- 1.1.1d-2/debian/patches/0086-chacha_enc.c-fix-for-EBCDIC-platforms.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0086-chacha_enc.c-fix-for-EBCDIC-platforms.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,54 @@ +From 1e5565ddc20062f6bc581ed3a7825827833b8a32 Mon Sep 17 00:00:00 2001 +From: Joerg Schmidbauer <jschmidb@de.ibm.com> +Date: Tue, 12 Nov 2019 10:26:47 +0100 +Subject: [PATCH 086/230] chacha_enc.c: fix for EBCDIC platforms + +Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com> + +Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10417) + +(cherry picked from commit c31950b964a2f3f7b9e6ad98076954178ee1e77d) +--- + crypto/chacha/chacha_enc.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/crypto/chacha/chacha_enc.c b/crypto/chacha/chacha_enc.c +index afe5b5136a..18251eac08 100644 +--- a/crypto/chacha/chacha_enc.c ++++ b/crypto/chacha/chacha_enc.c +@@ -12,6 +12,7 @@ + #include <string.h> + + #include "crypto/chacha.h" ++#include "crypto/ctype.h" + + typedef unsigned int u32; + typedef unsigned char u8; +@@ -78,10 +79,18 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, + size_t todo, i; + + /* sigma constant "expand 32-byte k" in little-endian encoding */ +- input[0] = ((u32)'e') | ((u32)'x'<<8) | ((u32)'p'<<16) | ((u32)'a'<<24); +- input[1] = ((u32)'n') | ((u32)'d'<<8) | ((u32)' '<<16) | ((u32)'3'<<24); +- input[2] = ((u32)'2') | ((u32)'-'<<8) | ((u32)'b'<<16) | ((u32)'y'<<24); +- input[3] = ((u32)'t') | ((u32)'e'<<8) | ((u32)' '<<16) | ((u32)'k'<<24); ++ input[0] = ((u32)ossl_toascii('e')) | ((u32)ossl_toascii('x') << 8) ++ | ((u32)ossl_toascii('p') << 16) ++ | ((u32)ossl_toascii('a') << 24); ++ input[1] = ((u32)ossl_toascii('n')) | ((u32)ossl_toascii('d') << 8) ++ | ((u32)ossl_toascii(' ') << 16) ++ | ((u32)ossl_toascii('3') << 24); ++ input[2] = ((u32)ossl_toascii('2')) | ((u32)ossl_toascii('-') << 8) ++ | ((u32)ossl_toascii('b') << 16) ++ | ((u32)ossl_toascii('y') << 24); ++ input[3] = ((u32)ossl_toascii('t')) | ((u32)ossl_toascii('e') << 8) ++ | ((u32)ossl_toascii(' ') << 16) ++ | ((u32)ossl_toascii('k') << 24); + + input[4] = key[0]; + input[5] = key[1]; +-- +2.25.1 +
  12. Download patch debian/patches/0041-Add-missing-EVP_MD-documentation.patch
  13. Download patch debian/patches/0068-Fix-potential-memory-leak-in-dh_ameth.c.patch

    --- 1.1.1d-2/debian/patches/0068-Fix-potential-memory-leak-in-dh_ameth.c.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0068-Fix-potential-memory-leak-in-dh_ameth.c.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,33 @@ +From c38761171f428d80cd7906b12a0cdac6d1285a7d Mon Sep 17 00:00:00 2001 +From: Scott Wilson <scott@sawilson.xyz> +Date: Thu, 31 Oct 2019 22:37:51 +1100 +Subject: [PATCH 068/230] Fix potential memory leak in dh_ameth.c + +Free dukm in error handling of dh_cms_encrypt() + +Fixes #10294 + +Reviewed-by: Matt Caswell <matt@openssl.org> +Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> +(Merged from https://github.com/openssl/openssl/pull/10310) + +(cherry picked from commit 6624e1f7b6a397948561e9cc2774f0c8af1d2c79) +--- + crypto/dh/dh_ameth.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c +index 60af9e2159..d53004080d 100644 +--- a/crypto/dh/dh_ameth.c ++++ b/crypto/dh/dh_ameth.c +@@ -901,6 +901,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) + err: + OPENSSL_free(penc); + X509_ALGOR_free(wrap_alg); ++ OPENSSL_free(dukm); + return rv; + } + +-- +2.25.1 +
  14. Download patch debian/patches/0054-Update-dgst.c-to-show-a-list-of-message-digests.patch

    --- 1.1.1d-2/debian/patches/0054-Update-dgst.c-to-show-a-list-of-message-digests.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0054-Update-dgst.c-to-show-a-list-of-message-digests.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,188 @@ +From c22987ce97c9ab8e5abb83388771208ac716cf22 Mon Sep 17 00:00:00 2001 +From: agnosticdev <agnosticdev@gmail.com> +Date: Mon, 16 Sep 2019 07:09:01 -0500 +Subject: [PATCH 054/230] Update dgst.c to show a list of message digests + +Fixes #9893 + +Reviewed-by: Paul Dale <paul.dale@oracle.com> +Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> +(Merged from https://github.com/openssl/openssl/pull/10219) +--- + apps/dgst.c | 46 +++++++++++++++++++++++++++++++++++++++++++++- + apps/enc.c | 3 ++- + doc/man1/dgst.pod | 5 +++++ + doc/man1/enc.pod | 9 ++++++++- + 4 files changed, 60 insertions(+), 3 deletions(-) + +diff --git a/apps/dgst.c b/apps/dgst.c +index 9223133eb2..82b8d02cee 100644 +--- a/apps/dgst.c ++++ b/apps/dgst.c +@@ -19,6 +19,7 @@ + #include <openssl/x509.h> + #include <openssl/pem.h> + #include <openssl/hmac.h> ++#include <ctype.h> + + #undef BUFSIZE + #define BUFSIZE 1024*8 +@@ -27,9 +28,15 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, + EVP_PKEY *key, unsigned char *sigin, int siglen, + const char *sig_name, const char *md_name, + const char *file); ++static void show_digests(const OBJ_NAME *name, void *bio_); ++ ++struct doall_dgst_digests { ++ BIO *bio; ++ int n; ++}; + + typedef enum OPTION_choice { +- OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, ++ OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_LIST, + OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY, + OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL, + OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT, +@@ -43,6 +50,7 @@ const OPTIONS dgst_options[] = { + {OPT_HELP_STR, 1, '-', + " file... files to digest (default is stdin)\n"}, + {"help", OPT_HELP, '-', "Display this summary"}, ++ {"list", OPT_LIST, '-', "List digests"}, + {"c", OPT_C, '-', "Print the digest with separating colons"}, + {"r", OPT_R, '-', "Print the digest in coreutils format"}, + {"out", OPT_OUT, '>', "Output to filename rather than stdout"}, +@@ -91,6 +99,7 @@ int dgst_main(int argc, char **argv) + int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0; + unsigned char *buf = NULL, *sigbuf = NULL; + int engine_impl = 0; ++ struct doall_dgst_digests dec; + + prog = opt_progname(argv[0]); + buf = app_malloc(BUFSIZE, "I/O buffer"); +@@ -108,6 +117,15 @@ int dgst_main(int argc, char **argv) + opt_help(dgst_options); + ret = 0; + goto end; ++ case OPT_LIST: ++ BIO_printf(bio_out, "Supported digests:\n"); ++ dec.bio = bio_out; ++ dec.n = 0; ++ OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, ++ show_digests, &dec); ++ BIO_printf(bio_out, "\n"); ++ ret = 0; ++ goto end; + case OPT_C: + separator = 1; + break; +@@ -413,6 +431,32 @@ int dgst_main(int argc, char **argv) + return ret; + } + ++static void show_digests(const OBJ_NAME *name, void *arg) ++{ ++ struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg; ++ const EVP_MD *md = NULL; ++ ++ /* Filter out signed digests (a.k.a signature algorithms) */ ++ if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL) ++ return; ++ ++ if (!islower((unsigned char)*name->name)) ++ return; ++ ++ /* Filter out message digests that we cannot use */ ++ md = EVP_get_digestbyname(name->name); ++ if (md == NULL) ++ return; ++ ++ BIO_printf(dec->bio, "-%-25s", name->name); ++ if (++dec->n == 3) { ++ BIO_printf(dec->bio, "\n"); ++ dec->n = 0; ++ } else { ++ BIO_printf(dec->bio, " "); ++ } ++} ++ + /* + * The newline_escape_filename function performs newline escaping for any + * filename that contains a newline. This function also takes a pointer +diff --git a/apps/enc.c b/apps/enc.c +index d1772f3eb9..ddf51e0dba 100644 +--- a/apps/enc.c ++++ b/apps/enc.c +@@ -50,7 +50,8 @@ typedef enum OPTION_choice { + + const OPTIONS enc_options[] = { + {"help", OPT_HELP, '-', "Display this summary"}, +- {"ciphers", OPT_LIST, '-', "List ciphers"}, ++ {"list", OPT_LIST, '-', "List ciphers"}, ++ {"ciphers", OPT_LIST, '-', "Alias for -list"}, + {"in", OPT_IN, '<', "Input file"}, + {"out", OPT_OUT, '>', "Output file"}, + {"pass", OPT_PASS, 's', "Passphrase source"}, +diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod +index 6d48523c99..ea2c4e3e15 100644 +--- a/doc/man1/dgst.pod ++++ b/doc/man1/dgst.pod +@@ -12,6 +12,7 @@ B<openssl dgst> + [B<-help>] + [B<-c>] + [B<-d>] ++[B<-list>] + [B<-hex>] + [B<-binary>] + [B<-r>] +@@ -67,6 +68,10 @@ B<hex> format output is used. + + Print out BIO debugging information. + ++=item B<-list> ++ ++Prints out a list of supported message digests. ++ + =item B<-hex> + + Digest is to be output as a hex dump. This is the default case for a "normal" +diff --git a/doc/man1/enc.pod b/doc/man1/enc.pod +index a3e0b03b20..6f20ac1fc7 100644 +--- a/doc/man1/enc.pod ++++ b/doc/man1/enc.pod +@@ -9,6 +9,7 @@ enc - symmetric cipher routines + + B<openssl enc -I<cipher>> + [B<-help>] ++[B<-list>] + [B<-ciphers>] + [B<-in filename>] + [B<-out filename>] +@@ -56,10 +57,14 @@ either by itself or in addition to the encryption or decryption. + + Print out a usage message. + +-=item B<-ciphers> ++=item B<-list> + + List all supported ciphers. + ++=item B<-ciphers> ++ ++Alias of -list to display all supported ciphers. ++ + =item B<-in filename> + + The input filename, standard input by default. +@@ -419,6 +424,8 @@ certain parameters. So if, for example, you want to use RC2 with a + + The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. + ++The B<-list> option was added in OpenSSL 1.1.1e. ++ + =head1 COPYRIGHT + + Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +-- +2.25.1 +
  15. Download patch debian/patches/0006-Add-a-minimal-windows-build-config-for-AppVeyor.patch

    --- 1.1.1d-2/debian/patches/0006-Add-a-minimal-windows-build-config-for-AppVeyor.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0006-Add-a-minimal-windows-build-config-for-AppVeyor.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,37 @@ +From 8ff728d430f4087ddfffed6adf1c25ec6433b71c Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger <bernd.edlinger@hotmail.de> +Date: Fri, 13 Sep 2019 09:05:08 +0200 +Subject: [PATCH 006/230] Add a minimal windows build config for AppVeyor + +[extended tests] + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/9886) +--- + appveyor.yml | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/appveyor.yml b/appveyor.yml +index 24966c0faa..f17fea5ce2 100644 +--- a/appveyor.yml ++++ b/appveyor.yml +@@ -10,6 +10,7 @@ environment: + configuration: + - shared + - plain ++ - minimal + + before_build: + - ps: >- +@@ -23,6 +24,8 @@ before_build: + - ps: >- + If ($env:Configuration -Match "shared") { + $env:SHARED="no-makedepend" ++ } ElseIf ($env:Configuration -Match "minimal") { ++ $env:SHARED="no-shared no-dso no-makedepend no-autoload-config no-engine no-comp no-cms no-dh no-dsa no-ec2m no-srp no-des no-mdc2 no-md4 no-rc2 no-rc4 no-bf no-camellia no-cast no-idea no-seed no-whirlpool no-ocsp no-sm2 no-sm3 no-sm4 no-ssl3 no-ssl3-method no-psk no-heartbeats no-nextprotoneg no-sctp no-srtp no-asm -DOPENSSL_SMALL_FOOTPRINT" + } Else { + $env:SHARED="no-shared no-makedepend" + } +-- +2.25.1 +
  16. Download patch debian/patches/0027-Fix-iOS-simulator-build.patch

    --- 1.1.1d-2/debian/patches/0027-Fix-iOS-simulator-build.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0027-Fix-iOS-simulator-build.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,30 @@ +From 6f3ccda84fb0995166252cc0db2ff3df17539b2b Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger <bernd.edlinger@hotmail.de> +Date: Tue, 24 Sep 2019 19:38:18 +0200 +Subject: [PATCH 027/230] Fix iOS simulator build + +Fixes #9999 + +Reviewed-by: Shane Lontis <shane.lontis@oracle.com> +Reviewed-by: Paul Dale <paul.dale@oracle.com> +(Merged from https://github.com/openssl/openssl/pull/10002) +--- + crypto/evp/e_aes.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c +index 1ca2c312a3..4b738b928e 100644 +--- a/crypto/evp/e_aes.c ++++ b/crypto/evp/e_aes.c +@@ -176,7 +176,7 @@ static void ctr64_inc(unsigned char *counter) + # define HWAES_xts_decrypt aes_p8_xts_decrypt + #endif + +-#if !defined(OPENSSL_NO_ASM) && ( \ ++#if defined(OPENSSL_CPUID_OBJ) && ( \ + ((defined(__i386) || defined(__i386__) || \ + defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ + defined(__x86_64) || defined(__x86_64__) || \ +-- +2.25.1 +
  17. Download patch debian/patches/0044-issue-8493-Fix-for-filenames-with-newlines-using-ope.patch

    --- 1.1.1d-2/debian/patches/0044-issue-8493-Fix-for-filenames-with-newlines-using-ope.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0044-issue-8493-Fix-for-filenames-with-newlines-using-ope.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,147 @@ +From 109a00269daf671e5652495d00a7302995029129 Mon Sep 17 00:00:00 2001 +From: Pauli <paul.dale@oracle.com> +Date: Sat, 30 Mar 2019 11:22:51 +1000 +Subject: [PATCH 044/230] issue-8493: Fix for filenames with newlines using + openssl dgst + +The output format now matches coreutils *dgst tools. + +[ edited to remove trailing white space ] + +Reviewed-by: Richard Levitte <levitte@openssl.org> +Reviewed-by: Paul Dale <paul.dale@oracle.com> + +(cherry picked from commit f3448f5481a8d1f6fbf5fd05caaca229af0b87f7) + +Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> +Reviewed-by: Matt Caswell <matt@openssl.org> +Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> +(Merged from https://github.com/openssl/openssl/pull/10094) +--- + CHANGES | 5 +++++ + apps/dgst.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++- + doc/man1/dgst.pod | 3 ++- + test/README | 2 +- + 4 files changed, 55 insertions(+), 3 deletions(-) + +diff --git a/CHANGES b/CHANGES +index a10d679ddb..c64247dc91 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -9,6 +9,11 @@ + + Changes between 1.1.1d and 1.1.1e [xx XXX xxxx] + ++ *) Added newline escaping functionality to a filename when using openssl dgst. ++ This output format is to replicate the output format found in the '*sum' ++ checksum programs. This aims to preserve backward compatibility. ++ [Matt Eaton, Richard Levitte, and Paul Dale] ++ + *) Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just + the first value. + [Jon Spillett] +diff --git a/apps/dgst.c b/apps/dgst.c +index d6f5a0e2e7..9223133eb2 100644 +--- a/apps/dgst.c ++++ b/apps/dgst.c +@@ -413,13 +413,52 @@ int dgst_main(int argc, char **argv) + return ret; + } + ++/* ++ * The newline_escape_filename function performs newline escaping for any ++ * filename that contains a newline. This function also takes a pointer ++ * to backslash. The backslash pointer is a flag to indicating whether a newline ++ * is present in the filename. If a newline is present, the backslash flag is ++ * set and the output format will contain a backslash at the beginning of the ++ * digest output. This output format is to replicate the output format found ++ * in the '*sum' checksum programs. This aims to preserve backward ++ * compatibility. ++ */ ++static const char *newline_escape_filename(const char *file, int * backslash) ++{ ++ size_t i, e = 0, length = strlen(file), newline_count = 0, mem_len = 0; ++ char *file_cpy = NULL; ++ ++ for (i = 0; i < length; i++) ++ if (file[i] == '\n') ++ newline_count++; ++ ++ mem_len = length + newline_count + 1; ++ file_cpy = app_malloc(mem_len, file); ++ i = 0; ++ ++ while(e < length) { ++ const char c = file[e]; ++ if (c == '\n') { ++ file_cpy[i++] = '\\'; ++ file_cpy[i++] = 'n'; ++ *backslash = 1; ++ } else { ++ file_cpy[i++] = c; ++ } ++ e++; ++ } ++ file_cpy[i] = '\0'; ++ return (const char*)file_cpy; ++} ++ ++ + int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, + EVP_PKEY *key, unsigned char *sigin, int siglen, + const char *sig_name, const char *md_name, + const char *file) + { + size_t len; +- int i; ++ int i, backslash = 0; + + while (BIO_pending(bp) || !BIO_eof(bp)) { + i = BIO_read(bp, (char *)buf, BUFSIZE); +@@ -467,9 +506,16 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, + if (binout) { + BIO_write(out, buf, len); + } else if (sep == 2) { ++ file = newline_escape_filename(file, &backslash); ++ ++ if (backslash == 1) ++ BIO_puts(out, "\\"); ++ + for (i = 0; i < (int)len; i++) + BIO_printf(out, "%02x", buf[i]); ++ + BIO_printf(out, " *%s\n", file); ++ OPENSSL_free((char *)file); + } else { + if (sig_name != NULL) { + BIO_puts(out, sig_name); +diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod +index ce06ac5116..6d48523c99 100644 +--- a/doc/man1/dgst.pod ++++ b/doc/man1/dgst.pod +@@ -79,7 +79,8 @@ Output the digest or signature in binary form. + + =item B<-r> + +-Output the digest in the "coreutils" format used by programs like B<sha1sum>. ++Output the digest in the "coreutils" format, including newlines. ++Used by programs like B<sha1sum>. + + =item B<-out filename> + +diff --git a/test/README b/test/README +index 37722e79f3..ebe7784605 100644 +--- a/test/README ++++ b/test/README +@@ -114,7 +114,7 @@ Generic form of C test executables + int observed; + + observed = function(); /* Call the code under test */ +- if (!TEST_int_equal(observed, 2)) /* Check the result is correct */ ++ if (!TEST_int_eq(observed, 2)) /* Check the result is correct */ + goto end; /* Exit on failure - optional */ + + testresult = 1; /* Mark the test case a success */ +-- +2.25.1 +
  18. Download patch debian/patches/0035-ssl-statem-statem_lib.c-make-servercontext-clientcon.patch

    --- 1.1.1d-2/debian/patches/0035-ssl-statem-statem_lib.c-make-servercontext-clientcon.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0035-ssl-statem-statem_lib.c-make-servercontext-clientcon.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,48 @@ +From d8e8ed0220f0656a6e7e384ef4d7e1757b48fd95 Mon Sep 17 00:00:00 2001 +From: Artiom Vaskov <velemas@gmail.com> +Date: Thu, 12 Sep 2019 13:40:32 +0300 +Subject: [PATCH 035/230] ssl/statem/statem_lib.c: make + servercontext/clientcontext arrays of chars instead of char pointers to fix + EBCDIC builds. + +Fixes #9869 + +CLA:trivial + +Reviewed-by: Richard Levitte <levitte@openssl.org> +Reviewed-by: Matt Caswell <matt@openssl.org> +Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> +(Merged from https://github.com/openssl/openssl/pull/9878) +--- + ssl/statem/statem_lib.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c +index bd1d34f3b6..3ca4ce79a2 100644 +--- a/ssl/statem/statem_lib.c ++++ b/ssl/statem/statem_lib.c +@@ -169,17 +169,17 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, + void **hdata, size_t *hdatalen) + { + #ifdef CHARSET_EBCDIC +- static const char *servercontext = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, ++ static const char servercontext[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, + 0x33, 0x2c, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, + 0x69, 0x66, 0x79, 0x00 }; +- static const char *clientcontext = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, ++ static const char clientcontext[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, + 0x33, 0x2c, 0x20, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, + 0x69, 0x66, 0x79, 0x00 }; + #else +- static const char *servercontext = "TLS 1.3, server CertificateVerify"; +- static const char *clientcontext = "TLS 1.3, client CertificateVerify"; ++ static const char servercontext[] = "TLS 1.3, server CertificateVerify"; ++ static const char clientcontext[] = "TLS 1.3, client CertificateVerify"; + #endif + if (SSL_IS_TLS13(s)) { + size_t hashlen; +-- +2.25.1 +
  19. Download patch debian/patches/0093-ECDSA-don-t-clear-free-memory-after-verify.patch

    --- 1.1.1d-2/debian/patches/0093-ECDSA-don-t-clear-free-memory-after-verify.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0093-ECDSA-don-t-clear-free-memory-after-verify.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,32 @@ +From cf5afa4d28bda819f431aa6d933413a72172ce4b Mon Sep 17 00:00:00 2001 +From: Pauli <paul.dale@oracle.com> +Date: Wed, 20 Nov 2019 13:20:01 +1000 +Subject: [PATCH 093/230] ECDSA: don't clear free memory after verify. + +Verifications are public, there is no need to clear the used storage before +freeing it. + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10475) + +(cherry picked from commit cff7d199e0dc51ae939de5fb7702aab2a9ef30fc) +--- + crypto/ec/ecdsa_ossl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c +index c6158616a2..1da87bfb5e 100644 +--- a/crypto/ec/ecdsa_ossl.c ++++ b/crypto/ec/ecdsa_ossl.c +@@ -309,7 +309,7 @@ int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, + goto err; + ret = ECDSA_do_verify(dgst, dgst_len, s, eckey); + err: +- OPENSSL_clear_free(der, derlen); ++ OPENSSL_free(der); + ECDSA_SIG_free(s); + return ret; + } +-- +2.25.1 +
  20. Download patch debian/patches/0063-Suppress-an-error-when-doing-SM2-sign-verify-ops.patch

    --- 1.1.1d-2/debian/patches/0063-Suppress-an-error-when-doing-SM2-sign-verify-ops.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0063-Suppress-an-error-when-doing-SM2-sign-verify-ops.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,34 @@ +From 9cebf0d179e9a2baadabbac1f310c053ce4b8e57 Mon Sep 17 00:00:00 2001 +From: Paul Yang <kaishen.yy@antfin.com> +Date: Mon, 28 Oct 2019 20:14:53 +0800 +Subject: [PATCH 063/230] Suppress an error when doing SM2 sign/verify ops + +This was fixed in #8321 right after the 1.1.1 was released but never +back ported to 1.1.1. Now fix it. + +Issue reported from lua-openssl project. + +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10278) +--- + crypto/sm2/sm2_pmeth.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c +index 62a5b5534d..b42a14c32f 100644 +--- a/crypto/sm2/sm2_pmeth.c ++++ b/crypto/sm2/sm2_pmeth.c +@@ -220,6 +220,10 @@ static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + *(size_t *)p2 = smctx->id_len; + return 1; + ++ case EVP_PKEY_CTRL_DIGESTINIT: ++ /* nothing to be inited, this is to suppress the error... */ ++ return 1; ++ + default: + return -2; + } +-- +2.25.1 +
  21. Download patch debian/patches/0042-Document-and-add-macros-for-additional-DSA-options.patch

    --- 1.1.1d-2/debian/patches/0042-Document-and-add-macros-for-additional-DSA-options.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0042-Document-and-add-macros-for-additional-DSA-options.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,123 @@ +From 44301079c8ad3c150cd4d11e4781bc1b144ee9ed Mon Sep 17 00:00:00 2001 +From: David Benjamin <davidben@google.com> +Date: Fri, 25 Jan 2019 13:56:45 -0600 +Subject: [PATCH 042/230] Document and add macros for additional DSA options + +EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS and EVP_PKEY_CTRL_DSA_PARAMGEN_MD are only +exposed from EVP_PKEY_CTX_ctrl, which means callers must write more error-prone +code (see also issue #1319). Add the missing wrapper macros and document them. + +Reviewed-by: Matt Caswell <matt@openssl.org> + +(cherry picked from commit a97faad76a1be22eadd6c1a39972ad5e095d9e80) + +Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> +Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> +(Merged from https://github.com/openssl/openssl/pull/10094) +--- + crypto/dsa/dsa_pmeth.c | 8 ++------ + doc/man3/EVP_PKEY_CTX_ctrl.pod | 16 +++++++++++++++- + include/openssl/dsa.h | 6 ++++++ + util/private.num | 2 ++ + 4 files changed, 25 insertions(+), 7 deletions(-) + +diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c +index 80e5735d83..4ca3747a46 100644 +--- a/crypto/dsa/dsa_pmeth.c ++++ b/crypto/dsa/dsa_pmeth.c +@@ -178,9 +178,7 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, + } + if (strcmp(type, "dsa_paramgen_q_bits") == 0) { + int qbits = atoi(value); +- return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, +- EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, +- NULL); ++ return EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits); + } + if (strcmp(type, "dsa_paramgen_md") == 0) { + const EVP_MD *md = EVP_get_digestbyname(value); +@@ -189,9 +187,7 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, + DSAerr(DSA_F_PKEY_DSA_CTRL_STR, DSA_R_INVALID_DIGEST_TYPE); + return 0; + } +- return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, +- EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, +- (void *)md); ++ return EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md); + } + return -2; + } +diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod +index 75fad0f70c..16d8462a42 100644 +--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod ++++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod +@@ -23,6 +23,8 @@ EVP_PKEY_CTX_get_rsa_oaep_md, + EVP_PKEY_CTX_set0_rsa_oaep_label, + EVP_PKEY_CTX_get0_rsa_oaep_label, + EVP_PKEY_CTX_set_dsa_paramgen_bits, ++EVP_PKEY_CTX_set_dsa_paramgen_q_bits, ++EVP_PKEY_CTX_set_dsa_paramgen_md, + EVP_PKEY_CTX_set_dh_paramgen_prime_len, + EVP_PKEY_CTX_set_dh_paramgen_subprime_len, + EVP_PKEY_CTX_set_dh_paramgen_generator, +@@ -93,6 +95,8 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len + #include <openssl/dsa.h> + + int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); ++ int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits); ++ int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + + #include <openssl/dh.h> + +@@ -255,7 +259,17 @@ by the library and should not be freed by the caller. + =head2 DSA parameters + + The EVP_PKEY_CTX_set_dsa_paramgen_bits() macro sets the number of bits used +-for DSA parameter generation to B<bits>. If not specified 1024 is used. ++for DSA parameter generation to B<nbits>. If not specified, 1024 is used. ++ ++The EVP_PKEY_CTX_set_dsa_paramgen_q_bits() macro sets the number of bits in the ++subprime parameter B<q> for DSA parameter generation to B<qbits>. If not ++specified, 160 is used. If a digest function is specified below, this parameter ++is ignored and instead, the number of bits in B<q> matches the size of the ++digest. ++ ++The EVP_PKEY_CTX_set_dsa_paramgen_md() macro sets the digest function used for ++DSA parameter generation to B<md>. If not specified, one of SHA-1, SHA-224, or ++SHA-256 is selected to match the bit length of B<q> above. + + =head2 DH parameters + +diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h +index 822eff347a..6d8a18a4ad 100644 +--- a/include/openssl/dsa.h ++++ b/include/openssl/dsa.h +@@ -162,6 +162,12 @@ DH *DSA_dup_DH(const DSA *r); + # define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) ++# define EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ ++ EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL) ++# define EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md) \ ++ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ ++ EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md)) + + # define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) + # define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) +diff --git a/util/private.num b/util/private.num +index a6ef44e4a6..ecf00bb3fe 100644 +--- a/util/private.num ++++ b/util/private.num +@@ -228,6 +228,8 @@ EVP_PKEY_CTX_set_dh_pad define + EVP_PKEY_CTX_set_dh_rfc5114 define + EVP_PKEY_CTX_set_dhx_rfc5114 define + EVP_PKEY_CTX_set_dsa_paramgen_bits define ++EVP_PKEY_CTX_set_dsa_paramgen_q_bits define ++EVP_PKEY_CTX_set_dsa_paramgen_md define + EVP_PKEY_CTX_set_ec_param_enc define + EVP_PKEY_CTX_set_ec_paramgen_curve_nid define + EVP_PKEY_CTX_set_ecdh_cofactor_mode define +-- +2.25.1 +
  22. Download patch debian/patches/0009-Fix-small-typo-in-doc-for-X509_STORE_CTX_new.patch

    --- 1.1.1d-2/debian/patches/0009-Fix-small-typo-in-doc-for-X509_STORE_CTX_new.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0009-Fix-small-typo-in-doc-for-X509_STORE_CTX_new.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,32 @@ +From 9f8deee2437085a366d16d47352d0e63dae78f4a Mon Sep 17 00:00:00 2001 +From: Jan-Frederik Rieckers <rieckers@uni-bremen.de> +Date: Fri, 13 Sep 2019 19:34:14 +0200 +Subject: [PATCH 009/230] Fix small typo in doc for X509_STORE_CTX_new + +CLA: trivial + +Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/9894) + +(cherry picked from commit 64c1e74572f16a3e7c225f66fe85a3451ad39e68) +--- + doc/man3/X509_STORE_CTX_new.pod | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod +index 472db508bc..c5042858be 100644 +--- a/doc/man3/X509_STORE_CTX_new.pod ++++ b/doc/man3/X509_STORE_CTX_new.pod +@@ -28,7 +28,7 @@ X509_STORE_CTX_verify_fn + void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); + + void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x); +- STACK_OF(X509) *X509_STORE_CTX_get0_chain(X609_STORE_CTX *ctx); ++ STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); + void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain); + void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); + +-- +2.25.1 +
  23. Download patch debian/control

    --- 1.1.1d-2/debian/control 2019-09-27 21:06:41.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/control 2019-10-13 04:56:25.000000000 +0000 @@ -2,7 +2,8 @@ Source: openssl Build-Depends: debhelper (>= 11), m4, bc, dpkg-dev (>= 1.15.7) Section: utils Priority: optional -Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> Uploaders: Christoph Martin <christoph.martin@uni-mainz.de>, Kurt Roeckx <kurt@roeckx.be>, Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Standards-Version: 4.2.1 Vcs-Browser: https://salsa.debian.org/debian/openssl
  24. Download patch debian/patches/0076-conf_def.c-Avoid-calling-strlen-in-a-loop.patch

    --- 1.1.1d-2/debian/patches/0076-conf_def.c-Avoid-calling-strlen-in-a-loop.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0076-conf_def.c-Avoid-calling-strlen-in-a-loop.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,60 @@ +From 30bd3e51600b53ec0a2df2d952bf2624309f3952 Mon Sep 17 00:00:00 2001 +From: raniervf <ranier_gyn@hotmail.com> +Date: Mon, 4 Nov 2019 22:32:43 -0300 +Subject: [PATCH 076/230] conf_def.c: Avoid calling strlen() in a loop + +Reviewed-by: Matt Caswell <matt@openssl.org> +Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> +(Merged from https://github.com/openssl/openssl/pull/10361) + +(cherry picked from commit d1c1fb2d41a627293483d832aaffcb6eca9075f9) +--- + crypto/conf/conf_def.c | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) + +diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c +index 8e3f42a0ca..ca76fa3679 100644 +--- a/crypto/conf/conf_def.c ++++ b/crypto/conf/conf_def.c +@@ -703,7 +703,9 @@ static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx, + static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) + { + const char *filename; ++ size_t pathlen; + ++ pathlen = strlen(path); + while ((filename = OPENSSL_DIR_read(dirctx, path)) != NULL) { + size_t namelen; + +@@ -716,7 +718,7 @@ static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) + char *newpath; + BIO *bio; + +- newlen = strlen(path) + namelen + 2; ++ newlen = pathlen + namelen + 2; + newpath = OPENSSL_zalloc(newlen); + if (newpath == NULL) { + CONFerr(CONF_F_GET_NEXT_FILE, ERR_R_MALLOC_FAILURE); +@@ -727,14 +729,11 @@ static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) + * If the given path isn't clear VMS syntax, + * we treat it as on Unix. + */ +- { +- size_t pathlen = strlen(path); +- +- if (path[pathlen - 1] == ']' || path[pathlen - 1] == '>' +- || path[pathlen - 1] == ':') { +- /* Clear VMS directory syntax, just copy as is */ +- OPENSSL_strlcpy(newpath, path, newlen); +- } ++ if (path[pathlen - 1] == ']' ++ || path[pathlen - 1] == '>' ++ || path[pathlen - 1] == ':') { ++ /* Clear VMS directory syntax, just copy as is */ ++ OPENSSL_strlcpy(newpath, path, newlen); + } + #endif + if (newpath[0] == '\0') { +-- +2.25.1 +
  25. Download patch debian/patches/0026-Add-arm64-in-test-matrix-on-TravisCI.patch

    --- 1.1.1d-2/debian/patches/0026-Add-arm64-in-test-matrix-on-TravisCI.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0026-Add-arm64-in-test-matrix-on-TravisCI.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,34 @@ +From 5a604dfd86d0fee4f9abc257b2a81017ecc558d1 Mon Sep 17 00:00:00 2001 +From: "Fangming.Fang" <fangming.fang@arm.com> +Date: Sun, 29 Sep 2019 05:58:19 +0000 +Subject: [PATCH 026/230] Add arm64 in test matrix on TravisCI. + +Change-Id: I5d2b729699cfd8e80c3df17db4a9d2edcbf64454 + +Reviewed-by: Shane Lontis <shane.lontis@oracle.com> +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10046) + +(cherry picked from commit 0399aba7e05ea9bb1a58bd2e1b164f353f6ef1c9) +--- + .travis.yml | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/.travis.yml b/.travis.yml +index 88b8efc65a..cc0d082b77 100644 +--- a/.travis.yml ++++ b/.travis.yml +@@ -32,6 +32,10 @@ env: + + matrix: + include: ++ - os: linux ++ arch: arm64 ++ compiler: gcc ++ env: CONFIG_OPTS="--strict-warnings" + - os: linux-ppc64le + sudo: false + compiler: clang +-- +2.25.1 +
  26. Download patch debian/patches/0011-Fix-building-statically-without-any-dso-support.patch

    --- 1.1.1d-2/debian/patches/0011-Fix-building-statically-without-any-dso-support.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0011-Fix-building-statically-without-any-dso-support.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,80 @@ +From 8dcd57461972dceaaf014b71d173d0a8758e7054 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger <bernd.edlinger@hotmail.de> +Date: Fri, 13 Sep 2019 10:45:29 +0200 +Subject: [PATCH 011/230] Fix building statically without any dso support + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/9889) +--- + Configure | 5 +++-- + INSTALL | 3 +++ + crypto/include/internal/dso_conf.h.in | 2 +- + 3 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/Configure b/Configure +index 5a699836f3..811bee81f5 100755 +--- a/Configure ++++ b/Configure +@@ -346,6 +346,7 @@ my @disablables = ( + "dgram", + "dh", + "dsa", ++ "dso", + "dtls", + "dynamic-engine", + "ec", +@@ -423,7 +424,6 @@ my %deprecated_disablables = ( + "buf-freelists" => undef, + "ripemd" => "rmd160", + "ui" => "ui-console", +- "dso" => "", # Empty string means we're silent about it + ); + + # All of the following are disabled by default: +@@ -480,6 +480,7 @@ my @disable_cascades = ( + # Without position independent code, there can be no shared libraries or DSOs + "pic" => [ "shared" ], + "shared" => [ "dynamic-engine" ], ++ "dso" => [ "dynamic-engine" ], + "engine" => [ "afalgeng", "devcryptoeng" ], + + # no-autoalginit is only useful when building non-shared +@@ -1181,7 +1182,7 @@ foreach my $what (sort keys %disabled) { + my $macro = $disabled_info{$what}->{macro} = "OPENSSL_NO_$WHAT"; + + if ((grep { $what eq $_ } @{$config{sdirs}}) +- && $what ne 'async' && $what ne 'err') { ++ && $what ne 'async' && $what ne 'err' && $what ne 'dso') { + @{$config{sdirs}} = grep { $what ne $_} @{$config{sdirs}}; + $disabled_info{$what}->{skipped} = [ catdir('crypto', $what) ]; + +diff --git a/INSTALL b/INSTALL +index 2119cbae9e..f61c6de05e 100644 +--- a/INSTALL ++++ b/INSTALL +@@ -351,6 +351,9 @@ + Don't build support for datagram based BIOs. Selecting this + option will also force the disabling of DTLS. + ++ no-dso ++ Don't build support for loading Dynamic Shared Objects. ++ + enable-devcryptoeng + Build the /dev/crypto engine. It is automatically selected + on BSD implementations, in which case it can be disabled with +diff --git a/crypto/include/internal/dso_conf.h.in b/crypto/include/internal/dso_conf.h.in +index 2a76818b50..b2ace48a80 100644 +--- a/crypto/include/internal/dso_conf.h.in ++++ b/crypto/include/internal/dso_conf.h.in +@@ -16,7 +16,7 @@ + # has support compiled in for them. Currently each method is enabled + # by a define "DSO_<name>" ... we translate the "dso_scheme" config + # string entry into using the following logic; +- my $scheme = uc $target{dso_scheme}; ++ my $scheme = $disabled{dso} ? undef : uc $target{dso_scheme}; + if (!$scheme) { + $scheme = "NONE"; + } +-- +2.25.1 +
  27. Download patch debian/patches/0088-travis.yml-add-arch-s390x-target.patch

    --- 1.1.1d-2/debian/patches/0088-travis.yml-add-arch-s390x-target.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0088-travis.yml-add-arch-s390x-target.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,33 @@ +From f3d32d3cbaf3edaed3c12ff4dbba5d23cb4519d7 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Thu, 14 Nov 2019 10:34:02 +0100 +Subject: [PATCH 088/230] travis.yml: add arch s390x target + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10446) + +(cherry picked from commit 985412f8c14853b9936852bc7ef4d9438db27b88) +--- + .travis.yml | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/.travis.yml b/.travis.yml +index 67ec1a1d21..455ccd628f 100644 +--- a/.travis.yml ++++ b/.travis.yml +@@ -36,6 +36,10 @@ matrix: + arch: arm64 + compiler: gcc + env: CONFIG_OPTS="--strict-warnings" ++ - os: linux ++ arch: s390x ++ compiler: gcc ++ env: CONFIG_OPTS="--strict-warnings" + - os: linux-ppc64le + sudo: false + compiler: clang +-- +2.25.1 +
  28. Download patch debian/patches/0020-Fix-a-bundle-of-mischecks-of-return-values.patch

    --- 1.1.1d-2/debian/patches/0020-Fix-a-bundle-of-mischecks-of-return-values.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0020-Fix-a-bundle-of-mischecks-of-return-values.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,65 @@ +From f5517d95217fb5ec152a70be7fc4f399925efeb2 Mon Sep 17 00:00:00 2001 +From: Paul Yang <kaishen.yy@antfin.com> +Date: Mon, 30 Sep 2019 14:05:31 +0800 +Subject: [PATCH 020/230] Fix a bundle of mischecks of return values + +Several EVP_PKEY_xxxx functions return 0 and a negative value for +indicating errors. Some places call these functions with a zero return +value check only, which misses the check for the negative scenarios. + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10055) + +(cherry picked from commit 7e3ae24832e0705583b1471febf3dc0eb1cc021f) +--- + apps/speed.c | 12 ++++++------ + crypto/cms/cms_kari.c | 2 +- + 2 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/apps/speed.c b/apps/speed.c +index 7f8ba7c096..d396b3acca 100644 +--- a/apps/speed.c ++++ b/apps/speed.c +@@ -3006,7 +3006,7 @@ int speed_main(int argc, char **argv) + pctx = NULL; + } + if (kctx == NULL || /* keygen ctx is not null */ +- !EVP_PKEY_keygen_init(kctx) /* init keygen ctx */ ) { ++ EVP_PKEY_keygen_init(kctx) <= 0/* init keygen ctx */ ) { + ecdh_checks = 0; + BIO_printf(bio_err, "ECDH keygen failure.\n"); + ERR_print_errors(bio_err); +@@ -3014,12 +3014,12 @@ int speed_main(int argc, char **argv) + break; + } + +- if (!EVP_PKEY_keygen(kctx, &key_A) || /* generate secret key A */ +- !EVP_PKEY_keygen(kctx, &key_B) || /* generate secret key B */ ++ if (EVP_PKEY_keygen(kctx, &key_A) <= 0 || /* generate secret key A */ ++ EVP_PKEY_keygen(kctx, &key_B) <= 0 || /* generate secret key B */ + !(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || /* derivation ctx from skeyA */ +- !EVP_PKEY_derive_init(ctx) || /* init derivation ctx */ +- !EVP_PKEY_derive_set_peer(ctx, key_B) || /* set peer pubkey in ctx */ +- !EVP_PKEY_derive(ctx, NULL, &outlen) || /* determine max length */ ++ EVP_PKEY_derive_init(ctx) <= 0 || /* init derivation ctx */ ++ EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 || /* set peer pubkey in ctx */ ++ EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 || /* determine max length */ + outlen == 0 || /* ensure outlen is a valid size */ + outlen > MAX_ECDH_SIZE /* avoid buffer overflow */ ) { + ecdh_checks = 0; +diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c +index 3980bf8f3f..cafc3040ac 100644 +--- a/crypto/cms/cms_kari.c ++++ b/crypto/cms/cms_kari.c +@@ -162,7 +162,7 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk) + if (!pk) + return 1; + pctx = EVP_PKEY_CTX_new(pk, NULL); +- if (!pctx || !EVP_PKEY_derive_init(pctx)) ++ if (!pctx || EVP_PKEY_derive_init(pctx) <= 0) + goto err; + kari->pctx = pctx; + return 1; +-- +2.25.1 +
  29. Download patch debian/libssl1.1.templates

    --- 1.1.1d-2/debian/libssl1.1.templates 2019-09-27 21:06:25.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/libssl1.1.templates 2019-10-13 04:56:26.000000000 +0000 @@ -28,3 +28,15 @@ _Description: Failure restarting some se You will need to start these manually by running '/etc/init.d/<service> start'. +Template: libraries/restart-without-asking +Type: boolean +Default: false +_Description: Restart services during package upgrades without asking? + There are services installed on your system which need to be restarted + when certain libraries, such as libpam, libc, and libssl, are upgraded. + Since these restarts may cause interruptions of service for the system, + you will normally be prompted on each upgrade for the list of services + you wish to restart. You can choose this option to avoid being prompted; + instead, all necessary restarts will be done for you automatically so you + can avoid being asked questions on each library upgrade. +
  30. Download patch debian/patches/0031-Fix-typo-in-comment.patch

    --- 1.1.1d-2/debian/patches/0031-Fix-typo-in-comment.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0031-Fix-typo-in-comment.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,29 @@ +From a10765c2e0e94d2cd30711339d2ba3f3a244a206 Mon Sep 17 00:00:00 2001 +From: Pauli <paul.dale@oracle.com> +Date: Sun, 6 Oct 2019 13:39:01 +1000 +Subject: [PATCH 031/230] Fix typo in comment + +Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> +(Merged from https://github.com/openssl/openssl/pull/10105) + +(cherry picked from commit 89e5aaa1d72058404d3ea06bfaeff5334aba202d) +--- + e_os.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/e_os.h b/e_os.h +index 2f8e3fe349..f607045e14 100644 +--- a/e_os.h ++++ b/e_os.h +@@ -42,7 +42,7 @@ + # endif + /* + * Some operating systems do not permit select(2) on their random devices, +- * defining this to zero will force the used of read(2) to extract one byte ++ * defining this to zero will force the use of read(2) to extract one byte + * from /dev/random. + */ + # ifndef DEVRANDM_WAIT_USE_SELECT +-- +2.25.1 +
  31. Download patch debian/patches/0015-Reorganize-private-crypto-header-files.patch
  32. Download patch debian/patches/0007-Add-a-minimal-linux-build-target-for-Travis.patch

    --- 1.1.1d-2/debian/patches/0007-Add-a-minimal-linux-build-target-for-Travis.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0007-Add-a-minimal-linux-build-target-for-Travis.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,43 @@ +From 32bfa2e66ef81d2bc7e1ae1896efca01d03cdc10 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger <bernd.edlinger@hotmail.de> +Date: Fri, 13 Sep 2019 09:24:53 +0200 +Subject: [PATCH 007/230] Add a minimal linux build target for Travis + +[extended tests] + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/9888) +--- + .travis.yml | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/.travis.yml b/.travis.yml +index b9a2f58776..88b8efc65a 100644 +--- a/.travis.yml ++++ b/.travis.yml +@@ -132,6 +132,9 @@ matrix: + # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide + - flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics + script: true ++ - os: linux ++ compiler: gcc ++ env: EXTENDED_TEST="yes" CONFIGURE_TARGET="linux-generic32" CONFIG_OPTS="--strict-warnings no-shared no-dso no-pic no-autoload-config no-engine no-comp no-cms no-dh no-dsa no-ec2m no-srp no-des no-mdc2 no-md4 no-rc2 no-rc4 no-bf no-camellia no-cast no-idea no-seed no-whirlpool no-ocsp no-sm2 no-sm3 no-sm4 no-ssl3 no-ssl3-method no-psk no-heartbeats no-nextprotoneg no-sctp no-srtp no-asm -DOPENSSL_SMALL_FOOTPRINT" + exclude: + - os: linux + compiler: clang +@@ -175,7 +178,11 @@ before_script: + elif which ccache >/dev/null; then + CC="ccache $CC"; + fi; +- $srcdir/config -v $CONFIG_OPTS; ++ if [ -n "$CONFIGURE_TARGET" ]; then ++ $srcdir/Configure $CONFIGURE_TARGET $CONFIG_OPTS; ++ else ++ $srcdir/config -v $CONFIG_OPTS; ++ fi; + fi + - ./configdata.pm --dump + - cd $top +-- +2.25.1 +
  33. Download patch debian/patches/0096-Fix-a-race-condition-in-SNI-handling.patch

    --- 1.1.1d-2/debian/patches/0096-Fix-a-race-condition-in-SNI-handling.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0096-Fix-a-race-condition-in-SNI-handling.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,54 @@ +From 328fd8833395b95bf0b07490b008c1dc927ce362 Mon Sep 17 00:00:00 2001 +From: Benjamin Kaduk <bkaduk@akamai.com> +Date: Wed, 13 Nov 2019 09:42:19 -0800 +Subject: [PATCH 096/230] Fix a race condition in SNI handling + +As was done for ciphers, supported groups, and EC point formats in +https://github.com/openssl/openssl/pull/9162, only write the negotiated +SNI hostname value to the session object when not resuming, even for +TLS 1.3 resumptions. Otherwise, when using a stateful session cache +(as is done by default when 0-RTT data is enabled), we can have multiple +SSLs active using the same in-memory session object, which leads to +double-frees and similar race conditions in the SNI handler prior +to this commit. + +Fortunately, since draft-ietf-tls-tls13-22, there is no requirement +that the SNI hostname be preserved across TLS 1.3 resumption, and thus +not a need to continually update the session object with the "current" +value (to be used when producing session tickets, so that the subsequent +resumption can be checked against the current value). So we can just +relax the logic and only write to the session object for initial handshakes. +This still leaves us in a somewhat inconsistent state, since if the SNI value +does change across handshakes, the session object will continue to record +the initial handshake's value, even if that bears no relation to the +current handshake. The current SSL_get_servername() implementation +prefers the value from the session if s->hit, but a more complete fix +for that and related issues is underway in +https://github.com/openssl/openssl/pull/10018; there is no need to wait +for the complete fix for SNI name handling in order to close the +race condition and avoid runtime crashes. + +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10441) + +(cherry picked from commit 2a5385511051d33be8d2b20d7669d8b1862fe510) +--- + ssl/statem/extensions.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c +index 1ac37fe246..86a737a6a0 100644 +--- a/ssl/statem/extensions.c ++++ b/ssl/statem/extensions.c +@@ -950,7 +950,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent) + */ + if (s->server) { + /* TODO(OpenSSL1.2) revisit !sent case */ +- if (sent && ret == SSL_TLSEXT_ERR_OK && (!s->hit || SSL_IS_TLS13(s))) { ++ if (sent && ret == SSL_TLSEXT_ERR_OK && !s->hit) { + /* Only store the hostname in the session if we accepted it. */ + OPENSSL_free(s->session->ext.hostname); + s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname); +-- +2.25.1 +
  34. Download patch debian/patches/0070-Add-test-cases-for-min-max-protocol-API.patch

    --- 1.1.1d-2/debian/patches/0070-Add-test-cases-for-min-max-protocol-API.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0070-Add-test-cases-for-min-max-protocol-API.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,127 @@ +From c4ab488399186925c8aaa3678eb1b9c79db656e3 Mon Sep 17 00:00:00 2001 +From: Christian Heimes <christian@python.org> +Date: Sun, 21 Jan 2018 13:19:05 +0100 +Subject: [PATCH 070/230] Add test cases for min/max protocol API + +Signed-off-by: Christian Heimes <christian@python.org> + +Reviewed-by: Paul Dale <paul.dale@oracle.com> +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/6553) + +(cherry picked from commit 132b5facf8d681db5dfa45828d8b02f1bf5df64b) +--- + test/build.info | 6 +++- + test/ssl_ctx_test.c | 76 +++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 81 insertions(+), 1 deletion(-) + create mode 100644 test/ssl_ctx_test.c + +diff --git a/test/build.info b/test/build.info +index a1822ab706..db28dd97f7 100644 +--- a/test/build.info ++++ b/test/build.info +@@ -51,7 +51,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN + recordlentest drbgtest drbg_cavs_test sslbuffertest \ + time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \ + servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \ +- sysdefaulttest errtest gosttest ++ sysdefaulttest errtest ssl_ctx_test gosttest + + SOURCE[versions]=versions.c + INCLUDE[versions]=../include +@@ -560,6 +560,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN + DEPEND[gosttest]=../libcrypto ../libssl libtestutil.a + ENDIF + ++ SOURCE[ssl_ctx_test]=ssl_ctx_test.c ++ INCLUDE[ssl_ctx_test]=../include ++ DEPEND[ssl_ctx_test]=../libcrypto ../libssl libtestutil.a ++ + {- + use File::Spec::Functions; + use File::Basename; +diff --git a/test/ssl_ctx_test.c b/test/ssl_ctx_test.c +new file mode 100644 +index 0000000000..87d476d9ec +--- /dev/null ++++ b/test/ssl_ctx_test.c +@@ -0,0 +1,76 @@ ++/* ++ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the OpenSSL license (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#include "testutil.h" ++#include <openssl/ssl.h> ++ ++typedef struct { ++ int min_version; ++ int max_version; ++ int min_ok; ++ int max_ok; ++ int expected_min; ++ int expected_max; ++} version_test; ++ ++static const version_test version_testdata[] = { ++ /* min max ok expected min expected max */ ++ {0, 0, 1, 1, 0, 0}, ++ {TLS1_VERSION, TLS1_2_VERSION, 1, 1, TLS1_VERSION, TLS1_2_VERSION}, ++ {TLS1_2_VERSION, TLS1_2_VERSION, 1, 1, TLS1_2_VERSION, TLS1_2_VERSION}, ++ {TLS1_2_VERSION, TLS1_1_VERSION, 1, 0, TLS1_2_VERSION, 0}, ++ {7, 42, 0, 0, 0, 0}, ++}; ++ ++static int test_set_min_max_version(int idx_tst) ++{ ++ SSL_CTX *ctx = NULL; ++ SSL *ssl = NULL; ++ int testresult = 0; ++ version_test t = version_testdata[idx_tst]; ++ ++ ctx = SSL_CTX_new(TLS_server_method()); ++ if (ctx == NULL) ++ goto end; ++ ++ ssl = SSL_new(ctx); ++ if (ssl == NULL) ++ goto end; ++ ++ if (!TEST_int_eq(SSL_CTX_set_min_proto_version(ctx, t.min_version), t.min_ok)) ++ goto end; ++ if (!TEST_int_eq(SSL_CTX_set_max_proto_version(ctx, t.max_version), t.max_ok)) ++ goto end; ++ if (!TEST_int_eq(SSL_CTX_get_min_proto_version(ctx), t.expected_min)) ++ goto end; ++ if (!TEST_int_eq(SSL_CTX_get_max_proto_version(ctx), t.expected_max)) ++ goto end; ++ ++ if (!TEST_int_eq(SSL_set_min_proto_version(ssl, t.min_version), t.min_ok)) ++ goto end; ++ if (!TEST_int_eq(SSL_set_max_proto_version(ssl, t.max_version), t.max_ok)) ++ goto end; ++ if (!TEST_int_eq(SSL_get_min_proto_version(ssl), t.expected_min)) ++ goto end; ++ if (!TEST_int_eq(SSL_get_max_proto_version(ssl), t.expected_max)) ++ goto end; ++ ++ testresult = 1; ++ ++ end: ++ SSL_free(ssl); ++ SSL_CTX_free(ctx); ++ return testresult; ++} ++ ++int setup_tests(void) ++{ ++ ADD_ALL_TESTS(test_set_min_max_version, sizeof(version_testdata) / sizeof(version_test)); ++ return 1; ++} +-- +2.25.1 +
  35. Download patch debian/patches/0065-Fix-find-rm-command-in-Unix-clean-recipe.patch

    --- 1.1.1d-2/debian/patches/0065-Fix-find-rm-command-in-Unix-clean-recipe.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0065-Fix-find-rm-command-in-Unix-clean-recipe.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,42 @@ +From ac613b900694243edb2808f6df5f6072f2f0a5b9 Mon Sep 17 00:00:00 2001 +From: Tanzinul Islam <t_17_7@hotmail.com> +Date: Fri, 25 Oct 2019 17:47:25 +0100 +Subject: [PATCH 065/230] Fix find/rm command in Unix clean recipe + +The `./pyca-cryptography/.travis/downstream.d` subdirectory that causes the `rm` command to fail (albeit harmlessly, but with a warning from `make` nonetheless). + +>rm -f `find . -name '*.d' \! -name '.*' -print` +>rm: cannot remove './pyca-cryptography/.travis/downstream.d': Is a directory +>make: [Makefile:1910: clean] Error 1 (ignored) + +Exclude directories from being matched by the `find` commands. + +CLA: trivial + +Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10264) + +(cherry picked from commit 38b71bd4704ee1746e862f5a7a4e170fd84a5eb0) +--- + Configurations/unix-Makefile.tmpl | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index 7db7578a4b..9bf54f2127 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -516,8 +516,8 @@ libclean: + clean: libclean + $(RM) $(PROGRAMS) $(TESTPROGS) $(ENGINES) $(SCRIPTS) + $(RM) $(GENERATED_MANDATORY) $(GENERATED) +- -$(RM) `find . -name '*{- $depext -}' \! -name '.*' -print` +- -$(RM) `find . -name '*{- $objext -}' \! -name '.*' -print` ++ -$(RM) `find . -name '*{- $depext -}' \! -name '.*' \! -type d -print` ++ -$(RM) `find . -name '*{- $objext -}' \! -name '.*' \! -type d -print` + $(RM) core + $(RM) tags TAGS doc-nits + $(RM) -r test/test-runs +-- +2.25.1 +
  36. Download patch debian/patches/0040-Ignore-duplicated-undocumented-things.patch

    --- 1.1.1d-2/debian/patches/0040-Ignore-duplicated-undocumented-things.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0040-Ignore-duplicated-undocumented-things.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,78 @@ +From 3fb4bdabc2cb23eeff8309b5abdc61bbedbc6bea Mon Sep 17 00:00:00 2001 +From: Rich Salz <rsalz@akamai.com> +Date: Wed, 17 Oct 2018 10:25:00 -0400 +Subject: [PATCH 040/230] Ignore duplicated undocumented things + +Reviewed-by: Richard Levitte <levitte@openssl.org> +Reviewed-by: Paul Yang <yang.yang@baishancloud.com> + +(cherry picked from commit ee4afacd96f5bfbe7662c8f0ec4464c6eee4c450) + +Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> +Reviewed-by: Matt Caswell <matt@openssl.org> +Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> +(Merged from https://github.com/openssl/openssl/pull/10094) +--- + util/find-doc-nits | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/util/find-doc-nits b/util/find-doc-nits +index 699887a267..f2fd85ce8e 100755 +--- a/util/find-doc-nits ++++ b/util/find-doc-nits +@@ -35,7 +35,7 @@ Find small errors (nits) in documentation. Options: + -l Print bogus links + -n Print nits in POD pages + -p Warn if non-public name documented (implies -n) +- -u List undocumented functions ++ -u Count undocumented functions + -h Print this help message + -c List undocumented commands and options + EOF +@@ -294,6 +294,7 @@ my %docced; + sub checkmacros() + { + my $count = 0; ++ my %seen; + + print "# Checking macros (approximate)\n"; + foreach my $f ( glob('include/openssl/*.h') ) { +@@ -305,7 +306,7 @@ sub checkmacros() + while ( <IN> ) { + next unless /^#\s*define\s*(\S+)\(/; + my $macro = $1; +- next if $docced{$macro}; ++ next if $docced{$macro} || defined $seen{$macro}; + next if $macro =~ /i2d_/ + || $macro =~ /d2i_/ + || $macro =~ /DEPRECATEDIN/ +@@ -313,6 +314,7 @@ sub checkmacros() + || $macro =~ /DECLARE_/; + print "$f:$macro\n" if $opt_d; + $count++; ++ $seen{$macro} = 1; + } + close(IN); + } +@@ -324,15 +326,17 @@ sub printem() + my $libname = shift; + my $numfile = shift; + my $count = 0; ++ my %seen; + + foreach my $func ( &parsenum($numfile) ) { +- next if $docced{$func}; ++ next if $docced{$func} || defined $seen{$func}; + + # Skip ASN1 utilities + next if $func =~ /^ASN1_/; + + print "$libname:$func\n" if $opt_d; + $count++; ++ $seen{$func} = 1; + } + print "# Found $count missing from $numfile\n\n"; + } +-- +2.25.1 +
  37. Download patch debian/patches/0079-Workaround-for-Windows-based-GOST-implementations.patch

    --- 1.1.1d-2/debian/patches/0079-Workaround-for-Windows-based-GOST-implementations.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0079-Workaround-for-Windows-based-GOST-implementations.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,52 @@ +From eed2c919fc9ae7e1b3e4cfb2da23655bca263dea Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy <beldmit@gmail.com> +Date: Thu, 7 Nov 2019 18:17:35 +0300 +Subject: [PATCH 079/230] Workaround for Windows-based GOST implementations + +Many Windows-based GOST TLS implementations are unable to extend the +list of supported SignatureAlgorithms because of lack of the necessary +callback in Windows. So for TLS 1.2 it makes sense to imply the support +of GOST algorithms in case when the GOST ciphersuites are present. + +This is a backport of #10377 to 1.1.1 branch + +Reviewed-by: Paul Dale <paul.dale@oracle.com> +(Merged from https://github.com/openssl/openssl/pull/10378) +--- + ssl/t1_lib.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index 9a6328449f..8498528b71 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -2774,6 +2774,26 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) + #endif + break; + } ++#ifndef OPENSSL_NO_GOST ++ /* ++ * Some Windows-based implementations do not send GOST algorithms indication ++ * in supported_algorithms extension, so when we have GOST-based ciphersuite, ++ * we have to assume GOST support. ++ */ ++ if (i == s->shared_sigalgslen && s->s3->tmp.new_cipher->algorithm_auth & (SSL_aGOST01 | SSL_aGOST12)) { ++ if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { ++ if (!fatalerrs) ++ return 1; ++ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ++ SSL_F_TLS_CHOOSE_SIGALG, ++ SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); ++ return 0; ++ } else { ++ i = 0; ++ sig_idx = lu->sig_idx; ++ } ++ } ++#endif + if (i == s->shared_sigalgslen) { + if (!fatalerrs) + return 1; +-- +2.25.1 +
  38. Download patch debian/patches/0022-Add-defines-for-__NR_getrandom-for-all-Linux-archite.patch

    --- 1.1.1d-2/debian/patches/0022-Add-defines-for-__NR_getrandom-for-all-Linux-archite.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0022-Add-defines-for-__NR_getrandom-for-all-Linux-archite.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,84 @@ +From eee565ec4b8509b53ee280e8f37243bc5cb5f535 Mon Sep 17 00:00:00 2001 +From: Kurt Roeckx <kurt@roeckx.be> +Date: Sat, 28 Sep 2019 14:59:32 +0200 +Subject: [PATCH 022/230] Add defines for __NR_getrandom for all Linux + architectures + +Fixes: #10015 + +Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> +GH: #10044 +(cherry picked from commit 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02) +--- + crypto/rand/rand_unix.c | 52 ++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 49 insertions(+), 3 deletions(-) + +diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c +index 2997d3ee62..f88470d35f 100644 +--- a/crypto/rand/rand_unix.c ++++ b/crypto/rand/rand_unix.c +@@ -282,12 +282,58 @@ static ssize_t sysctl_random(char *buf, size_t buflen) + # if defined(OPENSSL_RAND_SEED_GETRANDOM) + + # if defined(__linux) && !defined(__NR_getrandom) +-# if defined(__arm__) && defined(__NR_SYSCALL_BASE) ++# if defined(__arm__) + # define __NR_getrandom (__NR_SYSCALL_BASE+384) + # elif defined(__i386__) + # define __NR_getrandom 355 +-# elif defined(__x86_64__) && !defined(__ILP32__) +-# define __NR_getrandom 318 ++# elif defined(__x86_64__) ++# if defined(__ILP32__) ++# define __NR_getrandom (__X32_SYSCALL_BIT + 318) ++# else ++# define __NR_getrandom 318 ++# endif ++# elif defined(__xtensa__) ++# define __NR_getrandom 338 ++# elif defined(__s390__) || defined(__s390x__) ++# define __NR_getrandom 349 ++# elif defined(__bfin__) ++# define __NR_getrandom 389 ++# elif defined(__powerpc__) ++# define __NR_getrandom 359 ++# elif defined(__mips__) || defined(__mips64) ++# if _MIPS_SIM == _MIPS_SIM_ABI32 ++# define __NR_getrandom (__NR_Linux + 353) ++# elif _MIPS_SIM == _MIPS_SIM_ABI64 ++# define __NR_getrandom (__NR_Linux + 313) ++# elif _MIPS_SIM == _MIPS_SIM_NABI32 ++# define __NR_getrandom (__NR_Linux + 317) ++# endif ++# elif defined(__hppa__) ++# define __NR_getrandom (__NR_Linux + 339) ++# elif defined(__sparc__) ++# define __NR_getrandom 347 ++# elif defined(__ia64__) ++# define __NR_getrandom 1339 ++# elif defined(__alpha__) ++# define __NR_getrandom 511 ++# elif defined(__sh__) ++# if defined(__SH5__) ++# define __NR_getrandom 373 ++# else ++# define __NR_getrandom 384 ++# endif ++# elif defined(__avr32__) ++# define __NR_getrandom 317 ++# elif defined(__microblaze__) ++# define __NR_getrandom 385 ++# elif defined(__m68k__) ++# define __NR_getrandom 352 ++# elif defined(__cris__) ++# define __NR_getrandom 356 ++# elif defined(__aarch64__) ++# define __NR_getrandom 278 ++# else /* generic */ ++# define __NR_getrandom 278 + # endif + # endif + +-- +2.25.1 +
  39. Download patch debian/patches/0017-Fix-header-file-include-guard-names.patch
  40. Download patch debian/patches/0094-Engine-Add-NULL-check.patch

    --- 1.1.1d-2/debian/patches/0094-Engine-Add-NULL-check.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0094-Engine-Add-NULL-check.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,32 @@ +From 333853fae6512ff71bf1b6da951ca0069c878c92 Mon Sep 17 00:00:00 2001 +From: Pauli <paul.dale@oracle.com> +Date: Wed, 20 Nov 2019 13:07:04 +1000 +Subject: [PATCH 094/230] Engine: Add NULL check. + +Add NULL check for return from pkey_asn1_meths. + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10473) + +(cherry picked from commit 9bada854de16bcc1a9dc199b4b352b19ab6897fc) +--- + crypto/engine/tb_asnmth.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c +index 130b289fec..72850b9398 100644 +--- a/crypto/engine/tb_asnmth.c ++++ b/crypto/engine/tb_asnmth.c +@@ -147,7 +147,8 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0); + for (i = 0; i < nidcount; i++) { + e->pkey_asn1_meths(e, &ameth, NULL, nids[i]); +- if (((int)strlen(ameth->pem_str) == len) ++ if (ameth != NULL ++ && ((int)strlen(ameth->pem_str) == len) + && strncasecmp(ameth->pem_str, str, len) == 0) + return ameth; + } +-- +2.25.1 +
  41. Download patch debian/patches/0043-Add-documentation-for-the-sigopt-option.patch

    --- 1.1.1d-2/debian/patches/0043-Add-documentation-for-the-sigopt-option.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0043-Add-documentation-for-the-sigopt-option.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,116 @@ +From 3c682fad5f6aaaa567bd395741a7864dc4947402 Mon Sep 17 00:00:00 2001 +From: Pauli <paul.dale@oracle.com> +Date: Tue, 19 Mar 2019 11:22:32 +1000 +Subject: [PATCH 043/230] Add documentation for the -sigopt option. + +Reviewed-by: Paul Yang <yang.yang@baishancloud.com> + +(cherry picked from commit d7b2124a428f9e00ed7647554b5be7153aac71f6) + +Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> +Reviewed-by: Matt Caswell <matt@openssl.org> +Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> +(Merged from https://github.com/openssl/openssl/pull/10094) +--- + doc/man1/ca.pod | 6 ++++++ + doc/man1/dgst.pod | 1 + + doc/man1/req.pod | 8 +++++++- + doc/man1/x509.pod | 6 ++++++ + 4 files changed, 20 insertions(+), 1 deletion(-) + +diff --git a/doc/man1/ca.pod b/doc/man1/ca.pod +index 7385a00941..27bb31493a 100644 +--- a/doc/man1/ca.pod ++++ b/doc/man1/ca.pod +@@ -51,6 +51,7 @@ B<openssl> B<ca> + [B<-engine id>] + [B<-subj arg>] + [B<-utf8>] ++[B<-sigopt nm:v>] + [B<-create_serial>] + [B<-rand_serial>] + [B<-multivalue-rdn>] +@@ -134,6 +135,11 @@ The private key to sign requests with. + The format of the data in the private key file. + The default is PEM. + ++=item B<-sigopt nm:v> ++ ++Pass options to the signature algorithm during sign or verify operations. ++Names and values of these options are algorithm-specific. ++ + =item B<-key password> + + The password used to encrypt the private key. Since on some +diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod +index 66a6697eb1..ce06ac5116 100644 +--- a/doc/man1/dgst.pod ++++ b/doc/man1/dgst.pod +@@ -22,6 +22,7 @@ B<openssl dgst> + [B<-verify filename>] + [B<-prverify filename>] + [B<-signature filename>] ++[B<-sigopt nm:v>] + [B<-hmac key>] + [B<-fips-fingerprint>] + [B<-rand file...>] +diff --git a/doc/man1/req.pod b/doc/man1/req.pod +index a9b5b1690a..730c59079d 100644 +--- a/doc/man1/req.pod ++++ b/doc/man1/req.pod +@@ -46,6 +46,7 @@ B<openssl> B<req> + [B<-reqopt>] + [B<-subject>] + [B<-subj arg>] ++[B<-sigopt nm:v>] + [B<-batch>] + [B<-verbose>] + [B<-engine id>] +@@ -82,6 +83,11 @@ This specifies the input filename to read a request from or standard input + if this option is not specified. A request is only read if the creation + options (B<-new> and B<-newkey>) are not specified. + ++=item B<-sigopt nm:v> ++ ++Pass options to the signature algorithm during sign or verify operations. ++Names and values of these options are algorithm-specific. ++ + =item B<-passin arg> + + The input file password source. For more information about the format of B<arg> +@@ -689,7 +695,7 @@ L<x509v3_config(5)> + + =head1 COPYRIGHT + +-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. ++Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + + Licensed under the OpenSSL license (the "License"). You may not use + this file except in compliance with the License. You can obtain a copy +diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod +index 7878753414..503d5e9fd4 100644 +--- a/doc/man1/x509.pod ++++ b/doc/man1/x509.pod +@@ -61,6 +61,7 @@ B<openssl> B<x509> + [B<-clrext>] + [B<-extfile filename>] + [B<-extensions section>] ++[B<-sigopt nm:v>] + [B<-rand file...>] + [B<-writerand file>] + [B<-engine id>] +@@ -366,6 +367,11 @@ If the input is a certificate request then a self signed certificate + is created using the supplied private key using the subject name in + the request. + ++=item B<-sigopt nm:v> ++ ++Pass options to the signature algorithm during sign or verify operations. ++Names and values of these options are algorithm-specific. ++ + =item B<-passin arg> + + The key password source. For more information about the format of B<arg> +-- +2.25.1 +
  42. Download patch debian/patches/0074-BIO_s_connect-add-an-error-state-and-use-it.patch

    --- 1.1.1d-2/debian/patches/0074-BIO_s_connect-add-an-error-state-and-use-it.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0074-BIO_s_connect-add-an-error-state-and-use-it.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,57 @@ +From f6483fc2db36fbfd622b6aff19d8ebfaa274c996 Mon Sep 17 00:00:00 2001 +From: Richard Levitte <levitte@openssl.org> +Date: Tue, 13 Nov 2018 15:17:21 +0100 +Subject: [PATCH 074/230] BIO_s_connect: add an error state and use it + +If no connection could be made, addr_iter will eventually end up being +NULL, and if the user didn't check the returned error value, the +BIO_CONN_S_CONNECT code will be performed again and will crash. + +So instead, we add a state BIO_CONN_S_CONNECT_ERROR that we enter into +when we run out of addresses to try. That state will just simply say +"error" back, until the user does something better with the BIO, such +as free it or reset it. + +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10333) +--- + crypto/bio/bss_conn.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c +index 264e25a1c2..ad299ac716 100644 +--- a/crypto/bio/bss_conn.c ++++ b/crypto/bio/bss_conn.c +@@ -54,6 +54,7 @@ void BIO_CONNECT_free(BIO_CONNECT *a); + #define BIO_CONN_S_CONNECT 4 + #define BIO_CONN_S_OK 5 + #define BIO_CONN_S_BLOCKED_CONNECT 6 ++#define BIO_CONN_S_CONNECT_ERROR 7 + + static const BIO_METHOD methods_connectp = { + BIO_TYPE_CONNECT, +@@ -174,7 +175,8 @@ static int conn_state(BIO *b, BIO_CONNECT *c) + ERR_add_error_data(4, + "hostname=", c->param_hostname, + " service=", c->param_service); +- BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR); ++ c->state = BIO_CONN_S_CONNECT_ERROR; ++ break; + } + goto exit_loop; + } else { +@@ -197,6 +199,11 @@ static int conn_state(BIO *b, BIO_CONNECT *c) + c->state = BIO_CONN_S_OK; + break; + ++ case BIO_CONN_S_CONNECT_ERROR: ++ BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR); ++ ret = 0; ++ goto exit_loop; ++ + case BIO_CONN_S_OK: + ret = 1; + goto exit_loop; +-- +2.25.1 +
  43. Download patch debian/patches/0064-apps-dgst.c-allocate-a-new-signature-buffer.patch

    --- 1.1.1d-2/debian/patches/0064-apps-dgst.c-allocate-a-new-signature-buffer.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0064-apps-dgst.c-allocate-a-new-signature-buffer.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,100 @@ +From 43a8f91f00e35b20e33c393f5b79215c277c508e Mon Sep 17 00:00:00 2001 +From: Pavel Karagodin <nblka0@gmail.com> +Date: Mon, 28 Oct 2019 09:12:06 +0700 +Subject: [PATCH 064/230] apps/dgst.c: allocate a new signature buffer + +... if the fixed-size buffer is too small. + +Fixes #9732 + +Reviewed-by: Matt Caswell <matt@openssl.org> +Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> +(Merged from https://github.com/openssl/openssl/pull/10276) + +(cherry picked from commit 7c2d95d47ccb3797f0da6bd4446747c6eee07b87) +--- + apps/dgst.c | 34 ++++++++++++++++++++++++---------- + 1 file changed, 24 insertions(+), 10 deletions(-) + +diff --git a/apps/dgst.c b/apps/dgst.c +index 82b8d02cee..e595f7d818 100644 +--- a/apps/dgst.c ++++ b/apps/dgst.c +@@ -501,15 +501,16 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, + const char *sig_name, const char *md_name, + const char *file) + { +- size_t len; +- int i, backslash = 0; ++ size_t len = BUFSIZE; ++ int i, backslash = 0, ret = 1; ++ unsigned char *sigbuf = NULL; + + while (BIO_pending(bp) || !BIO_eof(bp)) { + i = BIO_read(bp, (char *)buf, BUFSIZE); + if (i < 0) { + BIO_printf(bio_err, "Read Error in %s\n", file); + ERR_print_errors(bio_err); +- return 1; ++ goto end; + } + if (i == 0) + break; +@@ -522,28 +523,35 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, + BIO_printf(out, "Verified OK\n"); + } else if (i == 0) { + BIO_printf(out, "Verification Failure\n"); +- return 1; ++ goto end; + } else { + BIO_printf(bio_err, "Error Verifying Data\n"); + ERR_print_errors(bio_err); +- return 1; ++ goto end; + } +- return 0; ++ ret = 0; ++ goto end; + } + if (key != NULL) { + EVP_MD_CTX *ctx; ++ int pkey_len; + BIO_get_md_ctx(bp, &ctx); +- len = BUFSIZE; ++ pkey_len = EVP_PKEY_size(key); ++ if (pkey_len > BUFSIZE) { ++ len = pkey_len; ++ sigbuf = app_malloc(len, "Signature buffer"); ++ buf = sigbuf; ++ } + if (!EVP_DigestSignFinal(ctx, buf, &len)) { + BIO_printf(bio_err, "Error Signing Data\n"); + ERR_print_errors(bio_err); +- return 1; ++ goto end; + } + } else { + len = BIO_gets(bp, (char *)buf, BUFSIZE); + if ((int)len < 0) { + ERR_print_errors(bio_err); +- return 1; ++ goto end; + } + } + +@@ -578,5 +586,11 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, + } + BIO_printf(out, "\n"); + } +- return 0; ++ ++ ret = 0; ++ end: ++ if (sigbuf != NULL) ++ OPENSSL_clear_free(sigbuf, len); ++ ++ return ret; + } +-- +2.25.1 +
  44. Download patch debian/patches/0050-Add-GCD-testing-infrastructure.patch
  45. Download patch debian/patches/0047-crypto-asn1-x_bignum.c-Explicit-test-against-NULL.patch

    --- 1.1.1d-2/debian/patches/0047-crypto-asn1-x_bignum.c-Explicit-test-against-NULL.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0047-crypto-asn1-x_bignum.c-Explicit-test-against-NULL.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,60 @@ +From bf585d60fc4de00724a099faa66229ddafbebe00 Mon Sep 17 00:00:00 2001 +From: Cesar Pereida Garcia <cesar.pereidagarcia@tut.fi> +Date: Thu, 12 Sep 2019 16:58:50 +0300 +Subject: [PATCH 047/230] [crypto/asn1/x_bignum.c] Explicit test against NULL + +As a fixup to https://github.com/openssl/openssl/pull/9779 to better +conform to the project code style guidelines, this commit amends the +original changeset to explicitly test against NULL, i.e. writing + +``` +if (p != NULL) +``` + +rather than + +``` +if (!p) +``` + +Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/9881) +--- + crypto/asn1/x_bignum.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c +index 6c93ea7510..c6b3accd3a 100644 +--- a/crypto/asn1/x_bignum.c ++++ b/crypto/asn1/x_bignum.c +@@ -82,7 +82,7 @@ static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it) + + static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- if (!*pval) ++ if (*pval == NULL) + return; + if (it->size & BN_SENSITIVE) + BN_clear_free((BIGNUM *)*pval); +@@ -96,7 +96,7 @@ static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + { + BIGNUM *bn; + int pad; +- if (!*pval) ++ if (*pval == NULL) + return -1; + bn = (BIGNUM *)*pval; + /* If MSB set in an octet we need a padding byte */ +@@ -133,7 +133,7 @@ static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + int ret; + BIGNUM *bn; + +- if (!*pval && !bn_secure_new(pval, it)) ++ if (*pval == NULL && !bn_secure_new(pval, it)) + return 0; + + ret = bn_c2i(pval, cont, len, utype, free_cont, it); +-- +2.25.1 +
  46. Download patch debian/patches/0021-Correct-the-function-names-in-SSL_CTX_set_stateless_.patch

    --- 1.1.1d-2/debian/patches/0021-Correct-the-function-names-in-SSL_CTX_set_stateless_.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0021-Correct-the-function-names-in-SSL_CTX_set_stateless_.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,150 @@ +From b6390e8460058b89a9cced913f9d627817c80f84 Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Fri, 27 Sep 2019 11:24:26 +0100 +Subject: [PATCH 021/230] Correct the function names in + SSL_CTX_set_stateless_cookie_generate_cb.pod + +Although the synopsis used the correct function names, the description did +not. Also the description of the equivalent DTLSv1_listen() callbacks was +missing, so these have been added. + +Fixes #10030 + +Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> +(Merged from https://github.com/openssl/openssl/pull/10033) + +(cherry picked from commit 84f471ecab76a16281a16c53d259bbcae358816f) +--- + doc/man3/DTLSv1_listen.pod | 12 ++-- + ...L_CTX_set_stateless_cookie_generate_cb.pod | 69 ++++++++++++++----- + 2 files changed, 60 insertions(+), 21 deletions(-) + +diff --git a/doc/man3/DTLSv1_listen.pod b/doc/man3/DTLSv1_listen.pod +index 76be40b68f..98511a475f 100644 +--- a/doc/man3/DTLSv1_listen.pod ++++ b/doc/man3/DTLSv1_listen.pod +@@ -66,9 +66,9 @@ the peer and continue the handshake in a connected state. + + Prior to calling DTLSv1_listen() user code must ensure that cookie generation + and verification callbacks have been set up using +-SSL_CTX_set_cookie_generate_cb() and SSL_CTX_set_cookie_verify_cb() +-respectively. For SSL_stateless(), SSL_CTX_set_stateless_cookie_generate_cb() +-and SSL_CTX_set_stateless_cookie_verify_cb() must be used instead. ++L<SSL_CTX_set_cookie_generate_cb(3)> and L<SSL_CTX_set_cookie_verify_cb(3)> ++respectively. For SSL_stateless(), L<SSL_CTX_set_stateless_cookie_generate_cb(3)> ++and L<SSL_CTX_set_stateless_cookie_verify_cb(3)> must be used instead. + + Since DTLSv1_listen() operates entirely statelessly whilst processing incoming + ClientHellos it is unable to process fragmented messages (since this would +@@ -112,8 +112,10 @@ errors as non-fatal), whilst return codes >0 indicate success. + + =head1 SEE ALSO + +-L<SSL_get_error(3)>, L<SSL_accept(3)>, +-L<ssl(7)>, L<bio(7)> ++L<SSL_CTX_set_cookie_generate_cb(3)>, L<SSL_CTX_set_cookie_verify_cb(3)>, ++L<SSL_CTX_set_stateless_cookie_generate_cb(3)>, ++L<SSL_CTX_set_stateless_cookie_verify_cb(3)>, L<SSL_get_error(3)>, ++L<SSL_accept(3)>, L<ssl(7)>, L<bio(7)> + + =head1 HISTORY + +diff --git a/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod b/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod +index f29153ed25..aa167f6332 100644 +--- a/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod ++++ b/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod +@@ -3,7 +3,9 @@ + =head1 NAME + + SSL_CTX_set_stateless_cookie_generate_cb, +-SSL_CTX_set_stateless_cookie_verify_cb ++SSL_CTX_set_stateless_cookie_verify_cb, ++SSL_CTX_set_cookie_generate_cb, ++SSL_CTX_set_cookie_verify_cb + - Callback functions for stateless TLS1.3 cookies + + =head1 SYNOPSIS +@@ -21,22 +23,51 @@ SSL_CTX_set_stateless_cookie_verify_cb + const unsigned char *cookie, + size_t cookie_len)); + ++ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, ++ int (*app_gen_cookie_cb) (SSL *ssl, ++ unsigned char ++ *cookie, ++ unsigned int ++ *cookie_len)); ++ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, ++ int (*app_verify_cookie_cb) (SSL *ssl, ++ const unsigned ++ char *cookie, ++ unsigned int ++ cookie_len)); ++ + =head1 DESCRIPTION + +-SSL_CTX_set_cookie_generate_cb() sets the callback used by L<SSL_stateless(3)> +-to generate the application-controlled portion of the cookie provided to clients +-in the HelloRetryRequest transmitted as a response to a ClientHello with a +-missing or invalid cookie. gen_stateless_cookie_cb() must write at most +-SSL_COOKIE_LENGTH bytes into B<cookie>, and must write the number of bytes +-written to B<cookie_len>. If a cookie cannot be generated, a zero return value +-can be used to abort the handshake. +- +-SSL_CTX_set_cookie_verify_cb() sets the callback used by L<SSL_stateless(3)> to +-determine whether the application-controlled portion of a ClientHello cookie is +-valid. A nonzero return value from app_verify_cookie_cb() communicates that the +-cookie is valid. The integrity of the entire cookie, including the +-application-controlled portion, is automatically verified by HMAC before +-verify_stateless_cookie_cb() is called. ++SSL_CTX_set_stateless_cookie_generate_cb() sets the callback used by ++L<SSL_stateless(3)> to generate the application-controlled portion of the cookie ++provided to clients in the HelloRetryRequest transmitted as a response to a ++ClientHello with a missing or invalid cookie. gen_stateless_cookie_cb() must ++write at most SSL_COOKIE_LENGTH bytes into B<cookie>, and must write the number ++of bytes written to B<cookie_len>. If a cookie cannot be generated, a zero ++return value can be used to abort the handshake. ++ ++SSL_CTX_set_stateless_cookie_verify_cb() sets the callback used by ++L<SSL_stateless(3)> to determine whether the application-controlled portion of a ++ClientHello cookie is valid. The cookie data is pointed to by B<cookie> and is of ++length B<cookie_len>. A nonzero return value from verify_stateless_cookie_cb() ++communicates that the cookie is valid. The integrity of the entire cookie, ++including the application-controlled portion, is automatically verified by HMAC ++before verify_stateless_cookie_cb() is called. ++ ++SSL_CTX_set_cookie_generate_cb() sets the callback used by L<DTLSv1_listen(3)> ++to generate the cookie provided to clients in the HelloVerifyRequest transmitted ++as a response to a ClientHello with a missing or invalid cookie. ++app_gen_cookie_cb() must write at most DTLS1_COOKIE_LENGTH bytes into ++B<cookie>, and must write the number of bytes written to B<cookie_len>. If a ++cookie cannot be generated, a zero return value can be used to abort the ++handshake. ++ ++SSL_CTX_set_cookie_verify_cb() sets the callback used by L<DTLSv1_listen(3)> to ++determine whether the cookie in a ClientHello is valid. The cookie data is ++pointed to by B<cookie> and is of length B<cookie_len>. A nonzero return value ++from app_verify_cookie_cb() communicates that the cookie is valid. The ++integrity of the cookie is not verified by OpenSSL. This is an application ++responsibility. + + =head1 RETURN VALUES + +@@ -44,7 +75,13 @@ Neither function returns a value. + + =head1 SEE ALSO + +-L<SSL_stateless(3)> ++L<SSL_stateless(3)>, ++L<DTLSv1_listen(3)> ++ ++=head1 HISTORY ++ ++SSL_CTX_set_stateless_cookie_generate_cb() and ++SSL_CTX_set_stateless_cookie_verify_cb() were added in OpenSSL 1.1.1. + + =head1 COPYRIGHT + +-- +2.25.1 +
  47. Download patch debian/patches/0010-clearing-the-ecx-private-key-memory.patch

    --- 1.1.1d-2/debian/patches/0010-clearing-the-ecx-private-key-memory.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0010-clearing-the-ecx-private-key-memory.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,30 @@ +From 94ae5d82833a534e05bb61feea9ad4a765fad502 Mon Sep 17 00:00:00 2001 +From: ManishPatidar1 <mann.patidar@gmail.com> +Date: Mon, 9 Sep 2019 19:02:56 +0530 +Subject: [PATCH 010/230] clearing the ecx private key memory + +Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/9830) + +(cherry picked from commit 6ef03ea98fac501e6d6e33bac6ad3c92ea074712) +--- + crypto/ec/ecx_meth.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c +index c87419b5db..55429642fd 100644 +--- a/crypto/ec/ecx_meth.c ++++ b/crypto/ec/ecx_meth.c +@@ -191,7 +191,7 @@ static int ecx_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) + } + + rv = ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, plen, KEY_OP_PRIVATE); +- ASN1_OCTET_STRING_free(oct); ++ ASN1_STRING_clear_free(oct); + return rv; + } + +-- +2.25.1 +
  48. Download patch debian/patches/0038-Configure-accept-Windows-style-compiler-options.patch

    --- 1.1.1d-2/debian/patches/0038-Configure-accept-Windows-style-compiler-options.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0038-Configure-accept-Windows-style-compiler-options.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,118 @@ +From df22cbb555430b7206a8d30cb41f4e28b9e28370 Mon Sep 17 00:00:00 2001 +From: "Dr. Matthias St. Pierre" <Matthias.St.Pierre@ncp-e.com> +Date: Sat, 21 Sep 2019 00:14:16 +0200 +Subject: [PATCH 038/230] Configure: accept Windows style compiler options + +Currently the Configure command only supports passing UNIX style +options (`-opt`) to the compiler. Passing Windows style options +(`/opt`) yields an error. Fortunately, the compiler accepts both +types of options, nevertheless this commit fixes that discrimination +of Windows users. + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/9961) + +(cherry picked from commit f246f54f18d380791cc60be4aea0fbc7253a9a20) +--- + Configure | 28 ++++++++++++++++++++++++---- + INSTALL | 15 ++++++++++++--- + 2 files changed, 36 insertions(+), 7 deletions(-) + +diff --git a/Configure b/Configure +index f498ac2f81..59313117f0 100755 +--- a/Configure ++++ b/Configure +@@ -69,7 +69,15 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx + # no-sse2 disables IA-32 SSE2 code in assembly modules, the above + # mentioned '386' option implies this one + # no-<cipher> build without specified algorithm (rsa, idea, rc5, ...) +-# -<xxx> +<xxx> compiler options are passed through ++# -<xxx> +<xxx> All options which are unknown to the 'Configure' script are ++# /<xxx> passed through to the compiler. Unix-style options beginning ++# with a '-' or '+' are recognized, as well as Windows-style ++# options beginning with a '/'. If the option contains arguments ++# separated by spaces, then the URL-style notation %20 can be ++# used for the space character in order to avoid having to quote ++# the option. For example, -opt%20arg gets expanded to -opt arg. ++# In fact, any ASCII character can be encoded as %xx using its ++# hexadecimal encoding. + # -static while -static is also a pass-through compiler option (and + # as such is limited to environments where it's actually + # meaningful), it triggers a number configuration options, +@@ -777,7 +785,7 @@ while (@argvcopy) + { + die "FIPS mode not supported\n"; + } +- elsif (/^[-+]/) ++ elsif (m|^[-+/]|) + { + if (/^--prefix=(.*)$/) + { +@@ -854,11 +862,11 @@ while (@argvcopy) + { + push @{$useradd{LDFLAGS}}, $_; + } +- elsif (/^-D(.*)$/) ++ elsif (m|^[-/]D(.*)$|) + { + push @{$useradd{CPPDEFINES}}, $1; + } +- elsif (/^-I(.*)$/) ++ elsif (m|^[-/]I(.*)$|) + { + push @{$useradd{CPPINCLUDES}}, $1; + } +@@ -868,11 +876,23 @@ while (@argvcopy) + } + else # common if (/^[-+]/), just pass down... + { ++ # Treat %xx as an ASCII code (e.g. replace %20 by a space character). ++ # This provides a simple way to pass options with arguments separated ++ # by spaces without quoting (e.g. -opt%20arg translates to -opt arg). + $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; + push @{$useradd{CFLAGS}}, $_; + push @{$useradd{CXXFLAGS}}, $_; + } + } ++ elsif (m|^/|) ++ { ++ # Treat %xx as an ASCII code (e.g. replace %20 by a space character). ++ # This provides a simple way to pass options with arguments separated ++ # by spaces without quoting (e.g. /opt%20arg translates to /opt arg). ++ $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; ++ push @{$useradd{CFLAGS}}, $_; ++ push @{$useradd{CXXFLAGS}}, $_; ++ } + else + { + die "target already defined - $target (offending arg: $_)\n" if ($target ne ""); +diff --git a/INSTALL b/INSTALL +index f61c6de05e..c4c65c113b 100644 +--- a/INSTALL ++++ b/INSTALL +@@ -608,10 +608,19 @@ + Take note of the VAR=value documentation below and how + these flags interact with those variables. + +- -xxx, +xxx ++ -xxx, +xxx, /xxx + Additional options that are not otherwise recognised are +- passed through as they are to the compiler as well. Again, +- consult your compiler documentation. ++ passed through as they are to the compiler as well. ++ Unix-style options beginning with a '-' or '+' and ++ Windows-style options beginning with a '/' are recognized. ++ Again, consult your compiler documentation. ++ ++ If the option contains arguments separated by spaces, ++ then the URL-style notation %20 can be used for the space ++ character in order to avoid having to quote the option. ++ For example, -opt%20arg gets expanded to -opt arg. ++ In fact, any ASCII character can be encoded as %xx using its ++ hexadecimal encoding. + + Take note of the VAR=value documentation below and how + these flags interact with those variables. +-- +2.25.1 +
  49. Download patch debian/patches/0087-testutil-init.c-rename-to-testutil-testutil_init.c.patch

    --- 1.1.1d-2/debian/patches/0087-testutil-init.c-rename-to-testutil-testutil_init.c.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0087-testutil-init.c-rename-to-testutil-testutil_init.c.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,42 @@ +From 31c3127a94506700a045d00bfe6333cf1258db07 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Wed, 13 Nov 2019 18:39:51 +0100 +Subject: [PATCH 087/230] testutil/init.c rename to testutil/testutil_init.c + +Avoid conflicts with some linkers. + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10439) + +(cherry picked from commit e74b5dcf16dfd7c91d9f9a7e69c447f00d778e17) + +Conflicts: + test/build.info +--- + test/build.info | 2 +- + test/testutil/{init.c => testutil_init.c} | 0 + 2 files changed, 1 insertion(+), 1 deletion(-) + rename test/testutil/{init.c => testutil_init.c} (100%) + +diff --git a/test/build.info b/test/build.info +index db28dd97f7..9b57edf518 100644 +--- a/test/build.info ++++ b/test/build.info +@@ -12,7 +12,7 @@ IF[{- !$disabled{tests} -}] + SOURCE[libtestutil.a]=testutil/basic_output.c testutil/output_helpers.c \ + testutil/driver.c testutil/tests.c testutil/cb.c testutil/stanza.c \ + testutil/format_output.c testutil/tap_bio.c \ +- testutil/test_cleanup.c testutil/main.c testutil/init.c \ ++ testutil/test_cleanup.c testutil/main.c testutil/testutil_init.c \ + testutil/random.c + INCLUDE[libtestutil.a]=../include + DEPEND[libtestutil.a]=../libcrypto +diff --git a/test/testutil/init.c b/test/testutil/testutil_init.c +similarity index 100% +rename from test/testutil/init.c +rename to test/testutil/testutil_init.c +-- +2.25.1 +
  50. Download patch debian/patches/0081-SSL-Document-SSL_add_-file-dir-_cert_subjects_to_sta.patch

    --- 1.1.1d-2/debian/patches/0081-SSL-Document-SSL_add_-file-dir-_cert_subjects_to_sta.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0081-SSL-Document-SSL_add_-file-dir-_cert_subjects_to_sta.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,113 @@ +From 9fc977c76d20226d4640a7b9a3f84e4216571184 Mon Sep 17 00:00:00 2001 +From: Richard Levitte <levitte@openssl.org> +Date: Sun, 10 Nov 2019 15:44:00 +0100 +Subject: [PATCH 081/230] SSL: Document + SSL_add_{file,dir}_cert_subjects_to_stack() + +This also removes the incorrect documentation comments by those +functions. + +Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> +(Merged from https://github.com/openssl/openssl/pull/10403) +--- + doc/man3/SSL_load_client_CA_file.pod | 19 +++++++++++++++++-- + ssl/ssl_cert.c | 28 ---------------------------- + 2 files changed, 17 insertions(+), 30 deletions(-) + +diff --git a/doc/man3/SSL_load_client_CA_file.pod b/doc/man3/SSL_load_client_CA_file.pod +index a6cfb308d3..f354ef4177 100644 +--- a/doc/man3/SSL_load_client_CA_file.pod ++++ b/doc/man3/SSL_load_client_CA_file.pod +@@ -2,7 +2,10 @@ + + =head1 NAME + +-SSL_load_client_CA_file - load certificate names from file ++SSL_load_client_CA_file, ++SSL_add_file_cert_subjects_to_stack, ++SSL_add_dir_cert_subjects_to_stack ++- load certificate names + + =head1 SYNOPSIS + +@@ -10,11 +13,23 @@ SSL_load_client_CA_file - load certificate names from file + + STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); + ++ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, ++ const char *file) ++ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, ++ const char *dir) ++ + =head1 DESCRIPTION + +-SSL_load_client_CA_file() reads certificates from B<file> and returns ++SSL_load_client_CA_file() reads certificates from I<file> and returns + a STACK_OF(X509_NAME) with the subject names found. + ++SSL_add_file_cert_subjects_to_stack() reads certificates from I<file>, ++and adds their subject name to the already existing I<stack>. ++ ++SSL_add_dir_cert_subjects_to_stack() reads certificates from every ++file in the directory I<dir>, and adds their subject name to the ++already existing I<stack>. ++ + =head1 NOTES + + SSL_load_client_CA_file() reads a file of PEM formatted certificates and +diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c +index b56099e33c..5d3e83f328 100644 +--- a/ssl/ssl_cert.c ++++ b/ssl/ssl_cert.c +@@ -601,14 +601,6 @@ static unsigned long xname_hash(const X509_NAME *a) + return X509_NAME_hash((X509_NAME *)a); + } + +-/** +- * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; +- * it doesn't really have anything to do with clients (except that a common use +- * for a stack of CAs is to send it to the client). Actually, it doesn't have +- * much to do with CAs, either, since it will load any old cert. +- * \param file the file containing one or more certs. +- * \return a ::STACK containing the certs. +- */ + STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) + { + BIO *in = BIO_new(BIO_s_file()); +@@ -666,15 +658,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) + return ret; + } + +-/** +- * Add a file of certs to a stack. +- * \param stack the stack to add to. +- * \param file the file to add from. All certs in this file that are not +- * already in the stack will be added. +- * \return 1 for success, 0 for failure. Note that in the case of failure some +- * certs may have been added to \c stack. +- */ +- + int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, + const char *file) + { +@@ -725,17 +708,6 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, + return ret; + } + +-/** +- * Add a directory of certs to a stack. +- * \param stack the stack to append to. +- * \param dir the directory to append from. All files in this directory will be +- * examined as potential certs. Any that are acceptable to +- * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be +- * included. +- * \return 1 for success, 0 for failure. Note that in the case of failure some +- * certs may have been added to \c stack. +- */ +- + int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, + const char *dir) + { +-- +2.25.1 +
  51. Download patch debian/patches/0008-Do-no-mention-private-headers-in-public-headers.patch

    --- 1.1.1d-2/debian/patches/0008-Do-no-mention-private-headers-in-public-headers.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0008-Do-no-mention-private-headers-in-public-headers.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,57 @@ +From b8f2701c38cf07f364a9899dfc20c972a9dafaef Mon Sep 17 00:00:00 2001 +From: Richard Levitte <levitte@openssl.org> +Date: Mon, 9 Sep 2019 02:41:26 +0200 +Subject: [PATCH 008/230] Do no mention private headers in public headers + +Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> +(Merged from https://github.com/openssl/openssl/pull/9812) + +(cherry picked from commit bd9faf117db1e53b2ad2ee9cbfe8def8c98ecb7b) +--- + include/openssl/ct.h | 2 -- + include/openssl/dtls1.h | 2 +- + include/openssl/evp.h | 2 +- + 3 files changed, 2 insertions(+), 4 deletions(-) + +diff --git a/include/openssl/ct.h b/include/openssl/ct.h +index d4262fa048..ebdba34d67 100644 +--- a/include/openssl/ct.h ++++ b/include/openssl/ct.h +@@ -463,8 +463,6 @@ __owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); + + /* + * Loads the default CT log list into a |store|. +- * See internal/cryptlib.h for the environment variable and file path that are +- * consulted to find the default file. + * Returns 1 if loading is successful, or 0 otherwise. + */ + __owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); +diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h +index a312e386cf..d55ca9c332 100644 +--- a/include/openssl/dtls1.h ++++ b/include/openssl/dtls1.h +@@ -43,7 +43,7 @@ extern "C" { + + # define DTLS1_AL_HEADER_LENGTH 2 + +-/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ ++/* Timeout multipliers */ + # define DTLS1_TMO_READ_COUNT 2 + # define DTLS1_TMO_WRITE_COUNT 2 + +diff --git a/include/openssl/evp.h b/include/openssl/evp.h +index 545654a98b..8abcd8a8a3 100644 +--- a/include/openssl/evp.h ++++ b/include/openssl/evp.h +@@ -180,7 +180,7 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + * if the following flag is set. + */ + # define EVP_MD_CTX_FLAG_FINALISE 0x0200 +-/* NOTE: 0x0400 is reserved for internal usage in evp_int.h */ ++/* NOTE: 0x0400 is reserved for internal usage */ + + EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); + EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); +-- +2.25.1 +
  52. Download patch debian/patches/0051-rand_unix.c-correct-include-guard-comments.patch

    --- 1.1.1d-2/debian/patches/0051-rand_unix.c-correct-include-guard-comments.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0051-rand_unix.c-correct-include-guard-comments.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,37 @@ +From 10cb54d75b401f034ead4e59fe1e2fba166085d3 Mon Sep 17 00:00:00 2001 +From: "Dr. Matthias St. Pierre" <Matthias.St.Pierre@ncp-e.com> +Date: Mon, 30 Sep 2019 09:05:44 +0200 +Subject: [PATCH 051/230] rand_unix.c: correct include guard comments + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10050) + +(cherry picked from commit 2a7e6ed86be20bd472696a3eafe5d20ec9579dab) +--- + crypto/rand/rand_unix.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c +index f88470d35f..58d47367ac 100644 +--- a/crypto/rand/rand_unix.c ++++ b/crypto/rand/rand_unix.c +@@ -80,7 +80,8 @@ static uint64_t get_timer_bits(void); + # define OSSL_POSIX_TIMER_OKAY + # endif + # endif +-#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ ++#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) ++ || defined(__DJGPP__) */ + + #if defined(OPENSSL_RAND_SEED_NONE) + /* none means none. this simplifies the following logic */ +@@ -860,4 +861,5 @@ static uint64_t get_timer_bits(void) + # endif + return time(NULL); + } +-#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ ++#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) ++ || defined(__DJGPP__) */ +-- +2.25.1 +
  53. Download patch debian/patches/0032-Send-bad_record_mac-instead-of-decryption_failed.patch

    --- 1.1.1d-2/debian/patches/0032-Send-bad_record_mac-instead-of-decryption_failed.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0032-Send-bad_record_mac-instead-of-decryption_failed.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,38 @@ +From f1fd279cceb9eb7a0294a1eab8345c3193f40a0a Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Fri, 4 Oct 2019 14:01:21 +0100 +Subject: [PATCH 032/230] Send bad_record_mac instead of decryption_failed + +The decryption failed alert was deprecated a long time ago. It can +provide an attacker too much information to be able to distinguish between +MAC failures and decryption failures and can lead to oracle attacks. +Instead we should always use the bad_record_mac alert for these issues. +This fixes one instance that still exists. It does not represent a +security issue in this case because it is only ever sent if the record is +publicly invalid, i.e. we have detected it is invalid without using any +secret material. + +Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> +(Merged from https://github.com/openssl/openssl/pull/10093) + +(cherry picked from commit 37133290832ac2d1389926eba7325125fdacbe8d) +--- + ssl/record/ssl3_record.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c +index d116ff0e90..d406adfb93 100644 +--- a/ssl/record/ssl3_record.c ++++ b/ssl/record/ssl3_record.c +@@ -559,7 +559,7 @@ int ssl3_get_record(SSL *s) + RECORD_LAYER_reset_read_sequence(&s->rlayer); + return 1; + } +- SSLfatal(s, SSL_AD_DECRYPTION_FAILED, SSL_F_SSL3_GET_RECORD, ++ SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD, + SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); + return -1; + } +-- +2.25.1 +
  54. Download patch debian/libssl1.1.postinst

    --- 1.1.1d-2/debian/libssl1.1.postinst 2019-09-27 21:06:25.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/libssl1.1.postinst 2019-10-13 04:56:25.000000000 +0000 @@ -57,7 +57,9 @@ filerc() { if [ "$1" = "configure" ] then if [ ! -z "$2" ]; then - if dpkg --compare-versions "$2" lt 1.0.1g-2; then + # This triggers services restarting, so limit this to major upgrades + # only. Security updates should not restart services automatically. + if dpkg --compare-versions "$2" lt 1.1.1-1ubuntu2.1~18.04.2; then echo -n "Checking for services that may need to be restarted..." check="amanda-server anon-proxy apache2 apache-ssl" check="$check apf-firewall asterisk bacula-director-common" @@ -102,7 +104,7 @@ then ") echo "done." fi - if dpkg --compare-versions "$2" lt 1.0.1g-3; then + if dpkg --compare-versions "$2" lt 1.1.1-1ubuntu2.1~18.04.2; then echo -n "Checking for services that may need to be restarted..." check2="chef chef-expander chef-server-api" check2="$check2 chef-solr pound postgresql-common" @@ -152,7 +154,11 @@ then if [ "x$RET" != xtrue ]; then db_reset libssl1.1/restart-services db_set libssl1.1/restart-services "$services" - db_input critical libssl1.1/restart-services || true + if [ "$RELEASE_UPGRADE_MODE" = desktop ]; then + db_input medium libssl1.1/restart-services || true + else + db_input critical libssl1.1/restart-services || true + fi db_go || true db_get libssl1.1/restart-services @@ -200,7 +206,20 @@ then # Shut down the frontend, to make sure none of the # restarted services keep a connection open to it db_stop + fi # end upgrading and $2 lt 0.9.8c-2 + + # Here we issue the reboot notification for upgrades and + # security updates. We do want services to be restarted when we + # update for a security issue, but planned by the sysadmin, not + # automatically. + + # Only issue the reboot notification for servers; we proxy this by + # testing that the X server is not running (LP: #244250) + if ! pidof /usr/lib/xorg/Xorg > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then + /usr/share/update-notifier/notify-reboot-required + fi + fi # Upgrading fi
  55. Download patch debian/patches/0095-EVP-p_lib-Add-NULL-check-to-EVP_PKEY_missing_paramet.patch

    --- 1.1.1d-2/debian/patches/0095-EVP-p_lib-Add-NULL-check-to-EVP_PKEY_missing_paramet.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0095-EVP-p_lib-Add-NULL-check-to-EVP_PKEY_missing_paramet.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,33 @@ +From f6f371d472262e9525107074d93828b68acdbbdf Mon Sep 17 00:00:00 2001 +From: Pauli <paul.dale@oracle.com> +Date: Wed, 20 Nov 2019 13:14:39 +1000 +Subject: [PATCH 095/230] EVP p_lib: Add NULL check to + EVP_PKEY_missing_parameters. + +Check for NULL and return error if so. +This can possibly be called from apps/ca.c with a NULL argument. + +Reviewed-by: Paul Yang <kaishen.yy@antfin.com> +(Merged from https://github.com/openssl/openssl/pull/10474) + +(cherry picked from commit ab5c77b4766e0992751d86560193ca42b49cf316) +--- + crypto/evp/p_lib.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c +index 72a23b4d5f..451bc95eae 100644 +--- a/crypto/evp/p_lib.c ++++ b/crypto/evp/p_lib.c +@@ -102,7 +102,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) + + int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) + { +- if (pkey->ameth && pkey->ameth->param_missing) ++ if (pkey != NULL && pkey->ameth && pkey->ameth->param_missing) + return pkey->ameth->param_missing(pkey); + return 0; + } +-- +2.25.1 +
  56. Download patch debian/patches/0085-Extend-docs-for-EC_POINT-conversion-functions.patch

    --- 1.1.1d-2/debian/patches/0085-Extend-docs-for-EC_POINT-conversion-functions.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0085-Extend-docs-for-EC_POINT-conversion-functions.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,59 @@ +From 3c25ac2d2e614c16a8b76e0b863eb761ab436804 Mon Sep 17 00:00:00 2001 +From: Nicola Tuveri <nic.tuv@gmail.com> +Date: Tue, 12 Nov 2019 00:52:00 +0200 +Subject: [PATCH 085/230] Extend docs for EC_POINT conversion functions + +Add more explicit documentation about the relation between +EC_POINT_point2oct(), EC_POINT_point2hex(), EC_POINT_point2bn() and +their reverse. + +In particular highlight that EC_POINT_point2oct() and +EC_POINT_oct2point() conform to, respectively, Sec. 2.3.3 and Sec. 2.3.4 +of the SECG SEC 1 standard (which is the normative reference for the +already mentioned RFC 5480), highlighting with a note how this affect +the encoding/decoding of the point at infinity (which in contrast with +any other valid generic point of a curve is assigned an exceptional +fixed octet string encoding, i.e., 0x00). + +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10329) + +(cherry picked from commit 3cc26f2eba8a8c16ac559e68c05c094d7ea6bd8b) +--- + doc/man3/EC_POINT_new.pod | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/doc/man3/EC_POINT_new.pod b/doc/man3/EC_POINT_new.pod +index 796f6666dd..8cadaa75f1 100644 +--- a/doc/man3/EC_POINT_new.pod ++++ b/doc/man3/EC_POINT_new.pod +@@ -171,6 +171,26 @@ The functions EC_POINT_point2oct(), EC_POINT_oct2point(), EC_POINT_point2bn(), + EC_POINT_bn2point(), EC_POINT_point2hex() and EC_POINT_hex2point() convert from + and to EC_POINTs for the formats: octet, BIGNUM and hexadecimal respectively. + ++The function EC_POINT_point2oct() encodes the given curve point B<p> as an ++octet string into the buffer B<buf> of size B<len>, using the specified ++conversion form B<form>. ++The encoding conforms with Sec. 2.3.3 of the SECG SEC 1 ("Elliptic Curve ++Cryptography") standard. ++Similarly the function EC_POINT_oct2point() decodes a curve point into B<p> from ++the octet string contained in the given buffer B<buf> of size B<len>, conforming ++to Sec. 2.3.4 of the SECG SEC 1 ("Elliptic Curve Cryptography") standard. ++ ++The functions EC_POINT_point2hex() and EC_POINT_point2bn() convert a point B<p>, ++respectively, to the hexadecimal or BIGNUM representation of the same ++encoding of the function EC_POINT_point2oct(). ++Vice versa, similarly to the function EC_POINT_oct2point(), the functions ++EC_POINT_hex2point() and EC_POINT_point2bn() decode the hexadecimal or ++BIGNUM representation into the EC_POINT B<p>. ++ ++Notice that, according to the standard, the octet string encoding of the point ++at infinity for a given curve is fixed to a single octet of value zero and that, ++vice versa, a single octet of size zero is decoded as the point at infinity. ++ + The function EC_POINT_point2oct() must be supplied with a buffer long enough to + store the octet form. The return value provides the number of octets stored. + Calling the function with a NULL buffer will not perform the conversion but +-- +2.25.1 +
  57. Download patch debian/patches/0001-Prepare-for-1.1.1e-dev.patch

    --- 1.1.1d-2/debian/patches/0001-Prepare-for-1.1.1e-dev.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0001-Prepare-for-1.1.1e-dev.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,72 @@ +From 5c184ff280ee042e3b7e07701b61adbcbe2958d7 Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Tue, 10 Sep 2019 14:14:31 +0100 +Subject: [PATCH 001/230] Prepare for 1.1.1e-dev + +Reviewed-by: Richard Levitte <levitte@openssl.org> +--- + CHANGES | 4 ++++ + NEWS | 4 ++++ + README | 2 +- + include/openssl/opensslv.h | 4 ++-- + 4 files changed, 11 insertions(+), 3 deletions(-) + +diff --git a/CHANGES b/CHANGES +index c6ca343948..18e47078b6 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -7,6 +7,10 @@ + https://github.com/openssl/openssl/commits/ and pick the appropriate + release branch. + ++ Changes between 1.1.1d and 1.1.1e [xx XXX xxxx] ++ ++ *) ++ + Changes between 1.1.1c and 1.1.1d [10 Sep 2019] + + *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random +diff --git a/NEWS b/NEWS +index 1c88dee353..4af390505d 100644 +--- a/NEWS ++++ b/NEWS +@@ -5,6 +5,10 @@ + This file gives a brief overview of the major changes between each OpenSSL + release. For more details please read the CHANGES file. + ++ Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [under development] ++ ++ o ++ + Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] + + o Fixed a fork protection issue (CVE-2019-1549) +diff --git a/README b/README +index 51bb4789be..dc608cc25e 100644 +--- a/README ++++ b/README +@@ -1,5 +1,5 @@ + +- OpenSSL 1.1.1d 10 Sep 2019 ++ OpenSSL 1.1.1e-dev + + Copyright (c) 1998-2019 The OpenSSL Project + Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson +diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h +index c28e632c44..032fb78c1c 100644 +--- a/include/openssl/opensslv.h ++++ b/include/openssl/opensslv.h +@@ -39,8 +39,8 @@ extern "C" { + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-# define OPENSSL_VERSION_NUMBER 0x1010104fL +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1d 10 Sep 2019" ++# define OPENSSL_VERSION_NUMBER 0x10101050L ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1e-dev xx XXX xxxx" + + /*- + * The macros below are to be used for shared library (.so, .dll, ...) +-- +2.25.1 +
  58. Download patch debian/patches/0084-Add-self-test-for-EC_POINT_hex2point.patch

    --- 1.1.1d-2/debian/patches/0084-Add-self-test-for-EC_POINT_hex2point.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0084-Add-self-test-for-EC_POINT_hex2point.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,141 @@ +From f59967cb72a042a1ecb9e686f3494e4a6a38e173 Mon Sep 17 00:00:00 2001 +From: Nicola Tuveri <nic.tuv@gmail.com> +Date: Fri, 1 Nov 2019 22:09:40 +0200 +Subject: [PATCH 084/230] Add self-test for EC_POINT_hex2point + +Adds tests for each curve to ensure that encodings obtained through +EC_POINT_hex2point() can be fed to EC_POINT_point2hex() yielding a point +identical to the one from which the encoding is generated. + +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10329) + +(cherry picked from commit 35ed029b5a488924890fda2487c87f664361a33b) +--- + test/ectest.c | 103 +++++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 102 insertions(+), 1 deletion(-) + +diff --git a/test/ectest.c b/test/ectest.c +index 136dc741eb..5c01cc95dd 100644 +--- a/test/ectest.c ++++ b/test/ectest.c +@@ -1999,7 +1999,107 @@ static int cardinality_test(int n) + BN_CTX_free(ctx); + return ret; + } +-#endif ++ ++/* ++ * Helper for ec_point_hex2point_test ++ * ++ * Self-tests EC_POINT_point2hex() against EC_POINT_hex2point() for the given ++ * (group,P) pair. ++ * ++ * If P is NULL use point at infinity. ++ */ ++static ossl_inline ++int ec_point_hex2point_test_helper(const EC_GROUP *group, const EC_POINT *P, ++ point_conversion_form_t form, ++ BN_CTX *bnctx) ++{ ++ int ret = 0; ++ EC_POINT *Q = NULL, *Pinf = NULL; ++ char *hex = NULL; ++ ++ if (P == NULL) { ++ /* If P is NULL use point at infinity. */ ++ if (!TEST_ptr(Pinf = EC_POINT_new(group)) ++ || !TEST_true(EC_POINT_set_to_infinity(group, Pinf))) ++ goto err; ++ P = Pinf; ++ } ++ ++ if (!TEST_ptr(hex = EC_POINT_point2hex(group, P, form, bnctx)) ++ || !TEST_ptr(Q = EC_POINT_hex2point(group, hex, NULL, bnctx)) ++ || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, bnctx))) ++ goto err; ++ ++ /* ++ * The next check is most likely superfluous, as EC_POINT_cmp should already ++ * cover this. ++ * Nonetheless it increases the test coverage for EC_POINT_is_at_infinity, ++ * so we include it anyway! ++ */ ++ if (Pinf != NULL ++ && !TEST_true(EC_POINT_is_at_infinity(group, Q))) ++ goto err; ++ ++ ret = 1; ++ ++ err: ++ EC_POINT_free(Pinf); ++ OPENSSL_free(hex); ++ EC_POINT_free(Q); ++ ++ return ret; ++} ++ ++/* ++ * This test self-validates EC_POINT_hex2point() and EC_POINT_point2hex() ++ */ ++static int ec_point_hex2point_test(int id) ++{ ++ int ret = 0, nid; ++ EC_GROUP *group = NULL; ++ const EC_POINT *G = NULL; ++ EC_POINT *P = NULL; ++ BN_CTX * bnctx = NULL; ++ ++ /* Do some setup */ ++ nid = curves[id].nid; ++ if (!TEST_ptr(bnctx = BN_CTX_new()) ++ || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) ++ || !TEST_ptr(G = EC_GROUP_get0_generator(group)) ++ || !TEST_ptr(P = EC_POINT_dup(G, group))) ++ goto err; ++ ++ if (!TEST_true(ec_point_hex2point_test_helper(group, P, ++ POINT_CONVERSION_COMPRESSED, ++ bnctx)) ++ || !TEST_true(ec_point_hex2point_test_helper(group, NULL, ++ POINT_CONVERSION_COMPRESSED, ++ bnctx)) ++ || !TEST_true(ec_point_hex2point_test_helper(group, P, ++ POINT_CONVERSION_UNCOMPRESSED, ++ bnctx)) ++ || !TEST_true(ec_point_hex2point_test_helper(group, NULL, ++ POINT_CONVERSION_UNCOMPRESSED, ++ bnctx)) ++ || !TEST_true(ec_point_hex2point_test_helper(group, P, ++ POINT_CONVERSION_HYBRID, ++ bnctx)) ++ || !TEST_true(ec_point_hex2point_test_helper(group, NULL, ++ POINT_CONVERSION_HYBRID, ++ bnctx))) ++ goto err; ++ ++ ret = 1; ++ ++ err: ++ EC_POINT_free(P); ++ EC_GROUP_free(group); ++ BN_CTX_free(bnctx); ++ ++ return ret; ++} ++ ++#endif /* OPENSSL_NO_EC */ + + int setup_tests(void) + { +@@ -2025,6 +2125,7 @@ int setup_tests(void) + ADD_ALL_TESTS(internal_curve_test_method, crv_len); + + ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len); ++ ADD_ALL_TESTS(ec_point_hex2point_test, crv_len); + #endif /* OPENSSL_NO_EC */ + return 1; + } +-- +2.25.1 +
  59. Download patch debian/patches/0059-Cleanup-hardcoded-cipher-suite-codepoints-in-s_serve.patch

    --- 1.1.1d-2/debian/patches/0059-Cleanup-hardcoded-cipher-suite-codepoints-in-s_serve.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0059-Cleanup-hardcoded-cipher-suite-codepoints-in-s_serve.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,36 @@ +From c2183fdc1a9cd60bbfe8823822def0d09aa5ef3a Mon Sep 17 00:00:00 2001 +From: Johannes Bauer <joe@johannes-bauer.com> +Date: Wed, 23 Oct 2019 14:03:32 +0200 +Subject: [PATCH 059/230] Cleanup hardcoded cipher suite codepoints in s_server + +The hardcoded code points for TLSv1.3 cipher suites are used in the TLS +PSK server callback. However, they seem to have been refactored a while +ago to use tls13_aes128gcmsha256_id, so these defines are not necessary +within the s_server code anymore. + +Reviewed-by: Richard Levitte <levitte@openssl.org> +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10243) + +(cherry picked from commit aed8c47cbcc8a289bea433ead2effea035187260) +--- + apps/s_server.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/apps/s_server.c b/apps/s_server.c +index 929a08bd85..b80032c76c 100644 +--- a/apps/s_server.c ++++ b/apps/s_server.c +@@ -180,9 +180,6 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, + } + #endif + +-#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") +-#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") +- + static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, + size_t identity_len, SSL_SESSION **sess) + { +-- +2.25.1 +
  60. Download patch debian/patches/0046-Fix-an-incorrect-macro.patch

    --- 1.1.1d-2/debian/patches/0046-Fix-an-incorrect-macro.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0046-Fix-an-incorrect-macro.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,34 @@ +From 7bcd13cebd9ebc6cf6026fff999beb34504a8068 Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Thu, 6 Jun 2019 12:14:59 +0100 +Subject: [PATCH 046/230] Fix an incorrect macro + +A macro was missing a space which was confusing find-doc-nits + +Reviewed-by: Richard Levitte <levitte@openssl.org> + +(cherry picked from commit 8caab503ba004abb555d636c1ca9f7bcde79657f) + +Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> +Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> +(Merged from https://github.com/openssl/openssl/pull/10094) +--- + include/openssl/ocsp.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h +index 8582fe1ee1..4d759a49de 100644 +--- a/include/openssl/ocsp.h ++++ b/include/openssl/ocsp.h +@@ -123,7 +123,7 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC; + (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \ + bp,(char **)(x),cb,NULL) + +-# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ ++# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) (OCSP_RESPONSE *)PEM_ASN1_read_bio(\ + (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \ + bp,(char **)(x),cb,NULL) + +-- +2.25.1 +
  61. Download patch debian/patches/0016-Reorganize-local-header-files.patch
  62. Download patch debian/patches/0090-s390x-assembly-pack-fix-bn_mul_comba4.patch

    --- 1.1.1d-2/debian/patches/0090-s390x-assembly-pack-fix-bn_mul_comba4.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0090-s390x-assembly-pack-fix-bn_mul_comba4.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,31 @@ +From 62c20887be277df27b287451615c90515784a02b Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Fri, 15 Nov 2019 10:52:03 +0100 +Subject: [PATCH 090/230] s390x assembly pack: fix bn_mul_comba4 + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Paul Dale <paul.dale@oracle.com> +(Merged from https://github.com/openssl/openssl/pull/10454) + +(cherry picked from commit 97a986f78289fef71bf8778dc4763458e983750c) +--- + crypto/bn/asm/s390x.S | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/bn/asm/s390x.S b/crypto/bn/asm/s390x.S +index 292a7a9998..b666c41a88 100644 +--- a/crypto/bn/asm/s390x.S ++++ b/crypto/bn/asm/s390x.S +@@ -511,7 +511,7 @@ bn_mul_comba4: + lghi zero,0 + + mul_add_c(0,0,c1,c2,c3); +- stg c1,0*8(%r3) ++ stg c1,0*8(%r2) + lghi c1,0 + + mul_add_c(0,1,c2,c3,c1); +-- +2.25.1 +
  63. Download patch debian/patches/0072-s390x-assembly-pack-enable-clang-build.patch

    --- 1.1.1d-2/debian/patches/0072-s390x-assembly-pack-enable-clang-build.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0072-s390x-assembly-pack-enable-clang-build.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,99 @@ +From 72f4d2f8eb0a95bbac7e247ff571bbef4158018c Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Fri, 1 Nov 2019 23:29:04 +0100 +Subject: [PATCH 072/230] s390x assembly pack: enable clang build + +clang imposes some restrictions on the assembler code that +gcc does not. + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10330) + +(cherry picked from commit 6f93f06135cbbd36c3fe98d63717e8303a5d559b) + +Conflicts: + crypto/perlasm/s390x.pm (non-existant) + crypto/s390xcpuid.pl (code to be changed non-existant) +--- + crypto/bn/asm/s390x-mont.pl | 8 ++++---- + crypto/rc4/asm/rc4-s390x.pl | 8 ++++---- + 2 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl +index c2fc5adffe..21b935a962 100644 +--- a/crypto/bn/asm/s390x-mont.pl ++++ b/crypto/bn/asm/s390x-mont.pl +@@ -145,7 +145,7 @@ $code.=<<___; + lghi $NHI,0 + alcgr $NHI,$nhi + +- la $j,8(%r0) # j=1 ++ la $j,8 # j=1 + lr $count,$num + + .align 16 +@@ -197,7 +197,7 @@ $code.=<<___; + lghi $NHI,0 + alcgr $NHI,$nhi + +- la $j,8(%r0) # j=1 ++ la $j,8 # j=1 + lr $count,$num + + .align 16 +@@ -241,7 +241,7 @@ $code.=<<___; + la $ap,$stdframe($sp) + ahi $num,1 # restore $num, incidentally clears "borrow" + +- la $j,0(%r0) ++ la $j,0 + lr $count,$num + .Lsub: lg $alo,0($j,$ap) + lg $nlo,0($j,$np) +@@ -255,7 +255,7 @@ $code.=<<___; + lghi $NHI,-1 + xgr $NHI,$AHI + +- la $j,0(%r0) ++ la $j,0 + lgr $count,$num + .Lcopy: lg $ahi,$stdframe($j,$sp) # conditional copy + lg $alo,0($j,$rp) +diff --git a/crypto/rc4/asm/rc4-s390x.pl b/crypto/rc4/asm/rc4-s390x.pl +index 469f110faf..984afaab5c 100644 +--- a/crypto/rc4/asm/rc4-s390x.pl ++++ b/crypto/rc4/asm/rc4-s390x.pl +@@ -184,7 +184,7 @@ $code.=<<___; + RC4_set_key: + stm${g} %r6,%r8,6*$SIZE_T($sp) + lhi $cnt,256 +- la $idx,0(%r0) ++ la $idx,0 + sth $idx,0($key) + .align 4 + .L1stloop: +@@ -194,8 +194,8 @@ RC4_set_key: + + lghi $ikey,-256 + lr $cnt,$len +- la $iinp,0(%r0) +- la $idx,0(%r0) ++ la $iinp,0 ++ la $idx,0 + .align 16 + .L2ndloop: + llgc $acc,2+256($ikey,$key) +@@ -212,7 +212,7 @@ RC4_set_key: + jz .Ldone + brct $cnt,.L2ndloop + lr $cnt,$len +- la $iinp,0(%r0) ++ la $iinp,0 + j .L2ndloop + .Ldone: + lm${g} %r6,%r8,6*$SIZE_T($sp) +-- +2.25.1 +
  64. Download patch debian/patches/0057-Update-control-logic-for-BN_gcd.patch

    --- 1.1.1d-2/debian/patches/0057-Update-control-logic-for-BN_gcd.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0057-Update-control-logic-for-BN_gcd.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,58 @@ +From 85728d08ae00f9b9305bee442988eb7d56ff1304 Mon Sep 17 00:00:00 2001 +From: Cesar Pereida Garcia <cesar.pereidagarcia@tut.fi> +Date: Mon, 21 Oct 2019 14:41:01 +0300 +Subject: [PATCH 057/230] Update control logic for BN_gcd + +PR https://github.com/openssl/openssl/pull/10122 introduced changes to +the BN_gcd function and the control logic inside it accessed `g->d[0]` +irrespective of `g->top`. + +When BN_add is called, in case the result is zero, `BN_zero` is called. +The latter behaves differently depending on the API compatibility level +flag: normally `g->d[0]` is cleared but in `no-deprecated` builds only +`g->top` is set to zero. + +This commit uses bitwise logic to ensure that `g` is treated as zero if +`g->top` is zero, irrespective of `g->d[0]`. + +Co-authored-by: Nicola Tuveri <nic.tuv@gmail.com> + +(cherry picked from commit 8aca4bfe8213402c80abc06fe25121461f79128d) + +Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10232) +--- + crypto/bn/bn_gcd.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c +index 7305543b55..ef81acb77b 100644 +--- a/crypto/bn/bn_gcd.c ++++ b/crypto/bn/bn_gcd.c +@@ -593,7 +593,9 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) + + for (i = 0; i < m; i++) { + /* conditionally flip signs if delta is positive and g is odd */ +- cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1; ++ cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1 ++ /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ ++ & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))); + delta = (-cond & -delta) | ((cond - 1) & delta); + r->neg ^= cond; + /* swap */ +@@ -603,7 +605,10 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) + delta++; + if (!BN_add(temp, g, r)) + goto err; +- BN_consttime_swap(g->d[0] & 1, g, temp, top); ++ BN_consttime_swap(g->d[0] & 1 /* g is odd */ ++ /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ ++ & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))), ++ g, temp, top); + if (!BN_rshift1(g, g)) + goto err; + } +-- +2.25.1 +
  65. Download patch debian/patches/0036-Fix-unused-goto-label-gcc-warning.patch

    --- 1.1.1d-2/debian/patches/0036-Fix-unused-goto-label-gcc-warning.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0036-Fix-unused-goto-label-gcc-warning.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,41 @@ +From 4a8392e20353fcd2b69bf4df7bf4d4edcb14605f Mon Sep 17 00:00:00 2001 +From: Viktor Szakats <vszakats@users.noreply.github.com> +Date: Tue, 10 Sep 2019 22:47:57 +0000 +Subject: [PATCH 036/230] Fix unused goto label gcc warning + +On systems with undefined AI_ADDRCONFIG and AI_NUMERICHOST: + +x86_64-w64-mingw32-gcc -I. -Icrypto/include -Iinclude -m64 -Wall -O3 -fno-ident ... +crypto/bio/b_addr.c: In function 'BIO_lookup_ex': +crypto/bio/b_addr.c:699:7: warning: label 'retry' defined but not used [-Wunused-label] + retry: + ^~~~~ + +Regression from: 3f91ede9aea70774d9b5d509bc76d484ebaff6aa + +Reviewed-by: Paul Dale <paul.dale@oracle.com> +Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> +(Merged from https://github.com/openssl/openssl/pull/9856) + +(cherry picked from commit be66a15cc1a4c3cc68fa854ceea321ca57f96304) +--- + crypto/bio/b_addr.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c +index 5b9a485a80..d11268b6dc 100644 +--- a/crypto/bio/b_addr.c ++++ b/crypto/bio/b_addr.c +@@ -696,7 +696,9 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type, + /* Note that |res| SHOULD be a 'struct addrinfo **' thanks to + * macro magic in bio_local.h + */ ++# if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST) + retry: ++# endif + switch ((gai_ret = getaddrinfo(host, service, &hints, res))) { + # ifdef EAI_SYSTEM + case EAI_SYSTEM: +-- +2.25.1 +
  66. Download patch debian/patches/0025-doc-EVP_DigestInit-clears-all-flags.patch

    --- 1.1.1d-2/debian/patches/0025-doc-EVP_DigestInit-clears-all-flags.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0025-doc-EVP_DigestInit-clears-all-flags.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,35 @@ +From 45ab67614a224bfbe0dd3500f535ef6db43451ef Mon Sep 17 00:00:00 2001 +From: Christian Heimes <christian@python.org> +Date: Fri, 27 Sep 2019 11:08:43 +0200 +Subject: [PATCH 025/230] doc: EVP_DigestInit clears all flags + +Mention that EVP_DigestInit() also clears all flags. + +Fixes: 10031 +Signed-off-by: Christian Heimes <christian@python.org> + +Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> +Reviewed-by: Paul Dale <paul.dale@oracle.com> +(Merged from https://github.com/openssl/openssl/pull/10032) + +(cherry picked from commit 091aab66a6dbc3a3ecee7684aa30811b342f04e7) +--- + doc/man3/EVP_DigestInit.pod | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod +index a24d7bf0c7..d5cbee45ca 100644 +--- a/doc/man3/EVP_DigestInit.pod ++++ b/doc/man3/EVP_DigestInit.pod +@@ -122,7 +122,7 @@ few bytes. + =item EVP_DigestInit() + + Behaves in the same way as EVP_DigestInit_ex() except it always uses the +-default digest implementation. ++default digest implementation and calls EVP_MD_CTX_reset(). + + =item EVP_DigestFinal() + +-- +2.25.1 +
  67. Download patch debian/patches/0034-Fix-reference-to-PEM-docs.patch

    --- 1.1.1d-2/debian/patches/0034-Fix-reference-to-PEM-docs.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0034-Fix-reference-to-PEM-docs.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,53 @@ +From f736feeabfe6febdf3c359b6d7fff5e692f9a426 Mon Sep 17 00:00:00 2001 +From: Rich Salz <rsalz@akamai.com> +Date: Sat, 5 Oct 2019 13:48:50 -0400 +Subject: [PATCH 034/230] Fix reference to PEM docs + +Reviewed-by: Richard Levitte <levitte@openssl.org> +Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> +(Merged from https://github.com/openssl/openssl/pull/10101) + +(cherry picked from commit 120cc034271e9ab52f92840a16784228e50564f9) +--- + doc/man3/PEM_bytes_read_bio.pod | 4 ++-- + doc/man3/PEM_read_bio_ex.pod | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/doc/man3/PEM_bytes_read_bio.pod b/doc/man3/PEM_bytes_read_bio.pod +index 3a5bfee996..eb2fb2059e 100644 +--- a/doc/man3/PEM_bytes_read_bio.pod ++++ b/doc/man3/PEM_bytes_read_bio.pod +@@ -17,7 +17,8 @@ PEM_bytes_read_bio, PEM_bytes_read_bio_secmem - read a PEM-encoded data structur + + =head1 DESCRIPTION + +-PEM_bytes_read_bio() reads PEM-formatted (RFC 1421) data from the BIO ++PEM_bytes_read_bio() reads PEM-formatted (IETF RFC 1421 and IETF RFC 7468) ++data from the BIO + I<bp> for the data type given in I<name> (RSA PRIVATE KEY, CERTIFICATE, + etc.). If multiple PEM-encoded data structures are present in the same + stream, PEM_bytes_read_bio() will skip non-matching data types and +@@ -66,7 +67,6 @@ PEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 for success or + + =head1 SEE ALSO + +-L<PEM(3)>, + L<PEM_read_bio_ex(3)>, + L<passphrase-encoding(7)> + +diff --git a/doc/man3/PEM_read_bio_ex.pod b/doc/man3/PEM_read_bio_ex.pod +index a16b0ede5a..9748e74e0f 100644 +--- a/doc/man3/PEM_read_bio_ex.pod ++++ b/doc/man3/PEM_read_bio_ex.pod +@@ -52,7 +52,7 @@ PEM_read_bio_ex() returns 1 for success or 0 for failure. + + =head1 SEE ALSO + +-L<PEM(3)> ++L<PEM_bytes_read_bio(3)> + + =head1 HISTORY + +-- +2.25.1 +
  68. Download patch debian/patches/0012-apps-pkcs12-print-multiple-PKCS-12-safeBag-attribute.patch

    --- 1.1.1d-2/debian/patches/0012-apps-pkcs12-print-multiple-PKCS-12-safeBag-attribute.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0012-apps-pkcs12-print-multiple-PKCS-12-safeBag-attribute.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,135 @@ +From 58f0a4f16b6e7f876f8ba68e4e850304a729cd5c Mon Sep 17 00:00:00 2001 +From: Jon Spillett <jon.spillett@oracle.com> +Date: Mon, 2 Sep 2019 10:06:29 +1000 +Subject: [PATCH 012/230] apps/pkcs12: print multiple PKCS#12 safeBag attribute + values if present + +Currently the pkcs12 app will only ever print the first value of a multi-value +attribute. This is OK for some attributes (e.g. friendlyName, localKeyId) but +may miss values for other attributes. + +Reviewed-by: Matt Caswell <matt@openssl.org> +Reviewed-by: Richard Levitte <levitte@openssl.org> +Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> +(Merged from https://github.com/openssl/openssl/pull/9751) + +(cherry picked from commit dbcc7b45670483cc89428afe1d3c363ef83d76df) +--- + CHANGES | 4 +++- + apps/pkcs12.c | 64 ++++++++++++++++++++++++++++++--------------------- + 2 files changed, 41 insertions(+), 27 deletions(-) + +diff --git a/CHANGES b/CHANGES +index 18e47078b6..a10d679ddb 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -9,7 +9,9 @@ + + Changes between 1.1.1d and 1.1.1e [xx XXX xxxx] + +- *) ++ *) Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just ++ the first value. ++ [Jon Spillett] + + Changes between 1.1.1c and 1.1.1d [10 Sep 2019] + +diff --git a/apps/pkcs12.c b/apps/pkcs12.c +index d0600b3760..3603b60c19 100644 +--- a/apps/pkcs12.c ++++ b/apps/pkcs12.c +@@ -41,6 +41,7 @@ int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags, + int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags, + const char *pass, int passlen, + int options, char *pempass, const EVP_CIPHER *enc); ++void print_attribute(BIO *out, const ASN1_TYPE *av); + int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, + const char *name); + void hex_prin(BIO *out, unsigned char *buf, int len); +@@ -878,6 +879,38 @@ int cert_load(BIO *in, STACK_OF(X509) *sk) + return ret; + } + ++/* Generalised x509 attribute value print */ ++ ++void print_attribute(BIO *out, const ASN1_TYPE *av) ++{ ++ char *value; ++ ++ switch (av->type) { ++ case V_ASN1_BMPSTRING: ++ value = OPENSSL_uni2asc(av->value.bmpstring->data, ++ av->value.bmpstring->length); ++ BIO_printf(out, "%s\n", value); ++ OPENSSL_free(value); ++ break; ++ ++ case V_ASN1_OCTET_STRING: ++ hex_prin(out, av->value.octet_string->data, ++ av->value.octet_string->length); ++ BIO_printf(out, "\n"); ++ break; ++ ++ case V_ASN1_BIT_STRING: ++ hex_prin(out, av->value.bit_string->data, ++ av->value.bit_string->length); ++ BIO_printf(out, "\n"); ++ break; ++ ++ default: ++ BIO_printf(out, "<Unsupported tag %d>\n", av->type); ++ break; ++ } ++} ++ + /* Generalised attribute print: handle PKCS#8 and bag attributes */ + + int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, +@@ -885,8 +918,7 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, + { + X509_ATTRIBUTE *attr; + ASN1_TYPE *av; +- char *value; +- int i, attr_nid; ++ int i, j, attr_nid; + if (!attrlst) { + BIO_printf(out, "%s: <No Attributes>\n", name); + return 1; +@@ -910,30 +942,10 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, + } + + if (X509_ATTRIBUTE_count(attr)) { +- av = X509_ATTRIBUTE_get0_type(attr, 0); +- switch (av->type) { +- case V_ASN1_BMPSTRING: +- value = OPENSSL_uni2asc(av->value.bmpstring->data, +- av->value.bmpstring->length); +- BIO_printf(out, "%s\n", value); +- OPENSSL_free(value); +- break; +- +- case V_ASN1_OCTET_STRING: +- hex_prin(out, av->value.octet_string->data, +- av->value.octet_string->length); +- BIO_printf(out, "\n"); +- break; +- +- case V_ASN1_BIT_STRING: +- hex_prin(out, av->value.bit_string->data, +- av->value.bit_string->length); +- BIO_printf(out, "\n"); +- break; +- +- default: +- BIO_printf(out, "<Unsupported tag %d>\n", av->type); +- break; ++ for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) ++ { ++ av = X509_ATTRIBUTE_get0_type(attr, j); ++ print_attribute(out, av); + } + } else { + BIO_printf(out, "<No Values>\n"); +-- +2.25.1 +
  69. Download patch debian/patches/0037-Ignore-empty-ALPN-elements-in-CLI-args.patch

    --- 1.1.1d-2/debian/patches/0037-Ignore-empty-ALPN-elements-in-CLI-args.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0037-Ignore-empty-ALPN-elements-in-CLI-args.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,69 @@ +From bc458b0dd00acf8114dee7e4ac6423288a570697 Mon Sep 17 00:00:00 2001 +From: Viktor Dukhovni <openssl-users@dukhovni.org> +Date: Fri, 11 Oct 2019 17:52:19 -0400 +Subject: [PATCH 037/230] Ignore empty ALPN elements in CLI args + +Reviewed-by: Matt Caswell <matt@openssl.org> +--- + apps/apps.c | 30 +++++++++++++++++++++++++----- + 1 file changed, 25 insertions(+), 5 deletions(-) + +diff --git a/apps/apps.c b/apps/apps.c +index 7177c5d982..c06241abb9 100644 +--- a/apps/apps.c ++++ b/apps/apps.c +@@ -1962,26 +1962,46 @@ unsigned char *next_protos_parse(size_t *outlen, const char *in) + size_t len; + unsigned char *out; + size_t i, start = 0; ++ size_t skipped = 0; + + len = strlen(in); +- if (len >= 65535) ++ if (len == 0 || len >= 65535) + return NULL; + +- out = app_malloc(strlen(in) + 1, "NPN buffer"); ++ out = app_malloc(len + 1, "NPN buffer"); + for (i = 0; i <= len; ++i) { + if (i == len || in[i] == ',') { ++ /* ++ * Zero-length ALPN elements are invalid on the wire, we could be ++ * strict and reject the entire string, but just ignoring extra ++ * commas seems harmless and more friendly. ++ * ++ * Every comma we skip in this way puts the input buffer another ++ * byte ahead of the output buffer, so all stores into the output ++ * buffer need to be decremented by the number commas skipped. ++ */ ++ if (i == start) { ++ ++start; ++ ++skipped; ++ continue; ++ } + if (i - start > 255) { + OPENSSL_free(out); + return NULL; + } +- out[start] = (unsigned char)(i - start); ++ out[start-skipped] = (unsigned char)(i - start); + start = i + 1; + } else { +- out[i + 1] = in[i]; ++ out[i + 1 - skipped] = in[i]; + } + } + +- *outlen = len + 1; ++ if (len <= skipped) { ++ OPENSSL_free(out); ++ return NULL; ++ } ++ ++ *outlen = len + 1 - skipped; + return out; + } + +-- +2.25.1 +
  70. Download patch debian/patches/0003-crypto-threads_win.c-fix-preprocessor-indentation.patch

    --- 1.1.1d-2/debian/patches/0003-crypto-threads_win.c-fix-preprocessor-indentation.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0003-crypto-threads_win.c-fix-preprocessor-indentation.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,37 @@ +From a44e1b2f20e4ac5e2ac11b63e1ae935981ea9428 Mon Sep 17 00:00:00 2001 +From: "Dr. Matthias St. Pierre" <Matthias.St.Pierre@ncp-e.com> +Date: Wed, 11 Sep 2019 10:40:18 +0200 +Subject: [PATCH 003/230] crypto/threads_win.c: fix preprocessor indentation + +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/9860) +--- + crypto/threads_win.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/crypto/threads_win.c b/crypto/threads_win.c +index 44a360fcab..ba25d2719a 100644 +--- a/crypto/threads_win.c ++++ b/crypto/threads_win.c +@@ -24,15 +24,15 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) + return NULL; + } + +-#if !defined(_WIN32_WCE) ++# if !defined(_WIN32_WCE) + /* 0x400 is the spin count value suggested in the documentation */ + if (!InitializeCriticalSectionAndSpinCount(lock, 0x400)) { + OPENSSL_free(lock); + return NULL; + } +-#else ++# else + InitializeCriticalSection(lock); +-#endif ++# endif + + return lock; + } +-- +2.25.1 +
  71. Download patch debian/patches/0069-md4-md5-macros-should-not-include-the-line-following.patch

    --- 1.1.1d-2/debian/patches/0069-md4-md5-macros-should-not-include-the-line-following.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0069-md4-md5-macros-should-not-include-the-line-following.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,46 @@ +From ef0be09e045a934e2bb07337218fc336f7f722d7 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Thu, 31 Oct 2019 14:17:31 +0100 +Subject: [PATCH 069/230] md4/md5: macros should not include the line following + them + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10311) + +(cherry picked from commit 351ba5bd27645d5b5a2bc643b2709bd30bcdf09c) +--- + crypto/md4/md4_local.h | 2 +- + crypto/md5/md5_local.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/crypto/md4/md4_local.h b/crypto/md4/md4_local.h +index 391fee8869..5f05720e97 100644 +--- a/crypto/md4/md4_local.h ++++ b/crypto/md4/md4_local.h +@@ -53,7 +53,7 @@ void md4_block_data_order(MD4_CTX *c, const void *p, size_t num); + + #define R1(a,b,c,d,k,s,t) { \ + a+=((k)+(t)+G((b),(c),(d))); \ +- a=ROTATE(a,s); };\ ++ a=ROTATE(a,s); }; + + #define R2(a,b,c,d,k,s,t) { \ + a+=((k)+(t)+H((b),(c),(d))); \ +diff --git a/crypto/md5/md5_local.h b/crypto/md5/md5_local.h +index 9e537ed15b..b0087bea81 100644 +--- a/crypto/md5/md5_local.h ++++ b/crypto/md5/md5_local.h +@@ -62,7 +62,7 @@ void md5_block_data_order(MD5_CTX *c, const void *p, size_t num); + #define R0(a,b,c,d,k,s,t) { \ + a+=((k)+(t)+F((b),(c),(d))); \ + a=ROTATE(a,s); \ +- a+=b; };\ ++ a+=b; }; + + #define R1(a,b,c,d,k,s,t) { \ + a+=((k)+(t)+G((b),(c),(d))); \ +-- +2.25.1 +
  72. Download patch debian/patches/0002-crypto-threads_none.c-fix-syntax-error-in-openssl_ge.patch

    --- 1.1.1d-2/debian/patches/0002-crypto-threads_none.c-fix-syntax-error-in-openssl_ge.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0002-crypto-threads_none.c-fix-syntax-error-in-openssl_ge.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,30 @@ +From c3656cc594daac8167721dde7220f0e59ae146fc Mon Sep 17 00:00:00 2001 +From: "Dr. Matthias St. Pierre" <Matthias.St.Pierre@ncp-e.com> +Date: Wed, 11 Sep 2019 10:25:43 +0200 +Subject: [PATCH 002/230] crypto/threads_none.c: fix syntax error in + openssl_get_fork_id() + +Fixes #9858 + +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/9860) +--- + crypto/threads_none.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/threads_none.c b/crypto/threads_none.c +index aabf0e0dc0..aaaaae872a 100644 +--- a/crypto/threads_none.c ++++ b/crypto/threads_none.c +@@ -143,7 +143,7 @@ int openssl_get_fork_id(void) + # if defined(OPENSSL_SYS_UNIX) + return getpid(); + # else +- return return 0; ++ return 0; + # endif + } + #endif +-- +2.25.1 +
  73. Download patch debian/patches/0080-Fix-misspelled-resumption_label-for-CHARSET_EBCDIC.patch

    --- 1.1.1d-2/debian/patches/0080-Fix-misspelled-resumption_label-for-CHARSET_EBCDIC.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0080-Fix-misspelled-resumption_label-for-CHARSET_EBCDIC.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,35 @@ +From 380aecb611418ab451992c8fad7319b534122907 Mon Sep 17 00:00:00 2001 +From: Ido Ben-Natan <ido.bennatan@gmail.com> +Date: Sat, 9 Nov 2019 15:04:39 +0200 +Subject: [PATCH 080/230] Fix misspelled resumption_label for CHARSET_EBCDIC + +The resumption_label variable when CHARSET_EBCDIC was enabled, was misspelled. +Instead of evaluating to 'res binder' as expected, it evaluated to 'red binder'. + +CLA: trivial + +Reviewed-by: Kurt Roeckx <kurt@roeckx.be> +Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> +(Merged from https://github.com/openssl/openssl/pull/10396) + +(cherry picked from commit 6ed12cec7216c3e81b58f5cafa41775e456feaee) +--- + ssl/statem/extensions.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c +index ae3354c1bc..1ac37fe246 100644 +--- a/ssl/statem/extensions.c ++++ b/ssl/statem/extensions.c +@@ -1449,7 +1449,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, + unsigned char finishedkey[EVP_MAX_MD_SIZE], tmpbinder[EVP_MAX_MD_SIZE]; + unsigned char *early_secret; + #ifdef CHARSET_EBCDIC +- static const unsigned char resumption_label[] = { 0x72, 0x65, 0x64, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 }; ++ static const unsigned char resumption_label[] = { 0x72, 0x65, 0x73, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 }; + static const unsigned char external_label[] = { 0x65, 0x78, 0x74, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 }; + #else + static const unsigned char resumption_label[] = "res binder"; +-- +2.25.1 +
  74. Download patch debian/patches/0056-Fix-doc-for-EC_GROUP_set_curve.patch

    --- 1.1.1d-2/debian/patches/0056-Fix-doc-for-EC_GROUP_set_curve.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0056-Fix-doc-for-EC_GROUP_set_curve.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,34 @@ +From 77f945bc9831862be7fdb35b438d494d054878c5 Mon Sep 17 00:00:00 2001 +From: Nicola Tuveri <nic.tuv@gmail.com> +Date: Mon, 21 Oct 2019 16:07:22 +0300 +Subject: [PATCH 056/230] Fix doc for EC_GROUP_set_curve() + +(cherry picked from commit eb2ff0408ac6e934e05db7ed4006855c018584f1) + +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10235) +--- + doc/man3/EC_GROUP_new.pod | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/doc/man3/EC_GROUP_new.pod b/doc/man3/EC_GROUP_new.pod +index 4269993ecb..c80b191785 100644 +--- a/doc/man3/EC_GROUP_new.pod ++++ b/doc/man3/EC_GROUP_new.pod +@@ -82,10 +82,12 @@ B<params> and EC_GROUP_new_from_ecpkparameters() will create a group from the + specific PK B<params>. + + EC_GROUP_set_curve() sets the curve parameters B<p>, B<a> and B<b>. For a curve +-over Fp B<b> is the prime for the field. For a curve over F2^m B<p> represents ++over Fp B<p> is the prime for the field. For a curve over F2^m B<p> represents + the irreducible polynomial - each bit represents a term in the polynomial. + Therefore there will either be three or five bits set dependent on whether the + polynomial is a trinomial or a pentanomial. ++In either case, B<a> and B<b> represents the coefficients a and b from the ++relevant equation introduced above. + + EC_group_get_curve() obtains the previously set curve parameters. + +-- +2.25.1 +
  75. Download patch debian/patches/0078-Fix-strict-warnings-build.patch

    --- 1.1.1d-2/debian/patches/0078-Fix-strict-warnings-build.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0078-Fix-strict-warnings-build.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,34 @@ +From 1d7990451b4e69ac179a134c69551e557633c709 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer <patrick.steuer@de.ibm.com> +Date: Thu, 15 Aug 2019 23:13:53 +0200 +Subject: [PATCH 078/230] Fix --strict-warnings build + +Appease -Wstring-plus-int. + +Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> + +Reviewed-by: Kurt Roeckx <kurt@roeckx.be> +Reviewed-by: Paul Dale <paul.dale@oracle.com> +(Merged from https://github.com/openssl/openssl/pull/9608) + +(cherry picked from commit e0249827b3fa81ff6c59fb14ef85d38361dd5e31) +--- + test/test_test.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/test_test.c b/test/test_test.c +index 0af2eaeb8a..74a230c196 100644 +--- a/test/test_test.c ++++ b/test/test_test.c +@@ -491,7 +491,7 @@ static int test_single_eval(void) + && TEST_ptr_eq(p, buf + 1) + && TEST_ptr_null(p = NULL) + /* strings */ +- && TEST_str_eq(p = "123456" + 1, "23456") ++ && TEST_str_eq(p = &("123456"[1]), "23456") + && TEST_str_eq("3456", ++p) + && TEST_str_ne(p++, "456") + /* memory */ +-- +2.25.1 +
  76. Download patch debian/patches/0077-Fix-a-Warray-bounds-gcc-warning-in-OPENSSL_DIR_read.patch

    --- 1.1.1d-2/debian/patches/0077-Fix-a-Warray-bounds-gcc-warning-in-OPENSSL_DIR_read.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0077-Fix-a-Warray-bounds-gcc-warning-in-OPENSSL_DIR_read.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,37 @@ +From eb67b2616c737fba2cb1207f70d3ecd003844705 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger <bernd.edlinger@hotmail.de> +Date: Sun, 3 Nov 2019 17:34:23 +0100 +Subject: [PATCH 077/230] Fix a -Warray-bounds gcc warning in OPENSSL_DIR_read + +'__builtin_strncpy' offset [275, 4095] from the object at +'direntry' is out of the bounds of referenced subobject 'd_name' +with type 'char[256]' at offset 19 + +Reviewed-by: Kurt Roeckx <kurt@roeckx.be> +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10343) + +(cherry picked from commit db5cf86535b305378308c58c52596994e1ece1e6) +--- + crypto/LPdir_unix.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/crypto/LPdir_unix.c b/crypto/LPdir_unix.c +index b1022895c8..bbbec0aee1 100644 +--- a/crypto/LPdir_unix.c ++++ b/crypto/LPdir_unix.c +@@ -131,9 +131,8 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) + return 0; + } + +- strncpy((*ctx)->entry_name, direntry->d_name, +- sizeof((*ctx)->entry_name) - 1); +- (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0'; ++ OPENSSL_strlcpy((*ctx)->entry_name, direntry->d_name, ++ sizeof((*ctx)->entry_name)); + #ifdef __VMS + if ((*ctx)->expect_file_generations) { + char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name); +-- +2.25.1 +
  77. Download patch debian/patches/0067-Fix-SYNOPSIS-for-ASN1_ENUMERATED_get_int64-and-ASN1_.patch

    --- 1.1.1d-2/debian/patches/0067-Fix-SYNOPSIS-for-ASN1_ENUMERATED_get_int64-and-ASN1_.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0067-Fix-SYNOPSIS-for-ASN1_ENUMERATED_get_int64-and-ASN1_.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,35 @@ +From 689c07b8d502301d82e09c1db04daf3c13b1d35d Mon Sep 17 00:00:00 2001 +From: Jakub Zelenka <jakub.openssl@gmail.com> +Date: Sun, 8 Sep 2019 17:38:35 +0100 +Subject: [PATCH 067/230] Fix SYNOPSIS for ASN1_ENUMERATED_get_int64 and + ASN1_ENUMERATED_set_int64 + +Reviewed-by: Richard Levitte <levitte@openssl.org> +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/9823) + +(cherry picked from commit 2aa28a1abc893fb16b99ba77e2fecb1cbc8769c7) +--- + doc/man3/ASN1_INTEGER_get_int64.pod | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/doc/man3/ASN1_INTEGER_get_int64.pod b/doc/man3/ASN1_INTEGER_get_int64.pod +index 9b73290742..ac6a5799df 100644 +--- a/doc/man3/ASN1_INTEGER_get_int64.pod ++++ b/doc/man3/ASN1_INTEGER_get_int64.pod +@@ -22,10 +22,10 @@ ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_s + ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); + BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); + +- int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_INTEGER *a); ++ int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); + long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); + +- int ASN1_ENUMERATED_set_int64(ASN1_INTEGER *a, int64_t r); ++ int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); + int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); + + ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); +-- +2.25.1 +
  78. Download patch debian/patches/0023-Fix-long-name-of-some-Microsoft-objects.patch

    --- 1.1.1d-2/debian/patches/0023-Fix-long-name-of-some-Microsoft-objects.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0023-Fix-long-name-of-some-Microsoft-objects.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,84 @@ +From 9e2747646de3de12179a2635da9f6c76ab0ed6fb Mon Sep 17 00:00:00 2001 +From: Michael Osipov <michael.osipov@siemens.com> +Date: Fri, 27 Sep 2019 09:04:53 +0200 +Subject: [PATCH 023/230] Fix long name of some Microsoft objects + +CLA: trivial + +Reviewed-by: Richard Levitte <levitte@openssl.org> +Reviewed-by: Matt Caswell <matt@openssl.org> +Reviewed-by: Paul Dale <paul.dale@oracle.com> +(Merged from https://github.com/openssl/openssl/pull/10029) + +(cherry picked from commit 648b53b88ea55b4c2f2c8c57d041075731db5f95) +--- + crypto/objects/obj_dat.h | 8 ++++---- + crypto/objects/objects.txt | 4 ++-- + include/openssl/obj_mac.h | 4 ++-- + 3 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h +index ea91db660b..3cb0de78e8 100644 +--- a/crypto/objects/obj_dat.h ++++ b/crypto/objects/obj_dat.h +@@ -1728,8 +1728,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { + {"ITU-T", "itu-t", NID_itu_t}, + {"JOINT-ISO-ITU-T", "joint-iso-itu-t", NID_joint_iso_itu_t}, + {"international-organizations", "International Organizations", NID_international_organizations, 1, &so[4439]}, +- {"msSmartcardLogin", "Microsoft Smartcardlogin", NID_ms_smartcard_login, 10, &so[4440]}, +- {"msUPN", "Microsoft Universal Principal Name", NID_ms_upn, 10, &so[4450]}, ++ {"msSmartcardLogin", "Microsoft Smartcard Login", NID_ms_smartcard_login, 10, &so[4440]}, ++ {"msUPN", "Microsoft User Principal Name", NID_ms_upn, 10, &so[4450]}, + {"AES-128-CFB1", "aes-128-cfb1", NID_aes_128_cfb1}, + {"AES-192-CFB1", "aes-192-cfb1", NID_aes_192_cfb1}, + {"AES-256-CFB1", "aes-256-cfb1", NID_aes_256_cfb1}, +@@ -3578,9 +3578,9 @@ static const unsigned int ln_objs[NUM_LN] = { + 134, /* "Microsoft Individual Code Signing" */ + 856, /* "Microsoft Local Key set" */ + 137, /* "Microsoft Server Gated Crypto" */ +- 648, /* "Microsoft Smartcardlogin" */ ++ 648, /* "Microsoft Smartcard Login" */ + 136, /* "Microsoft Trust List Signing" */ +- 649, /* "Microsoft Universal Principal Name" */ ++ 649, /* "Microsoft User Principal Name" */ + 393, /* "NULL" */ + 404, /* "NULL" */ + 72, /* "Netscape Base Url" */ +diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt +index 5b2bb54eb9..c49d4c568b 100644 +--- a/crypto/objects/objects.txt ++++ b/crypto/objects/objects.txt +@@ -426,9 +426,9 @@ rsadsi 3 8 : RC5-CBC : rc5-cbc + !Cname ms-efs + 1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File System + !Cname ms-smartcard-login +-1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcardlogin ++1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcard Login + !Cname ms-upn +-1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft Universal Principal Name ++1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft User Principal Name + + 1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc + : IDEA-ECB : idea-ecb +diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h +index 47dafe48d0..ac2ac325da 100644 +--- a/include/openssl/obj_mac.h ++++ b/include/openssl/obj_mac.h +@@ -1290,12 +1290,12 @@ + #define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L + + #define SN_ms_smartcard_login "msSmartcardLogin" +-#define LN_ms_smartcard_login "Microsoft Smartcardlogin" ++#define LN_ms_smartcard_login "Microsoft Smartcard Login" + #define NID_ms_smartcard_login 648 + #define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L + + #define SN_ms_upn "msUPN" +-#define LN_ms_upn "Microsoft Universal Principal Name" ++#define LN_ms_upn "Microsoft User Principal Name" + #define NID_ms_upn 649 + #define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L + +-- +2.25.1 +
  79. Download patch debian/patches/0071-VMS-Added-new-method-to-gather-entropy-on-VMS-based-.patch

    --- 1.1.1d-2/debian/patches/0071-VMS-Added-new-method-to-gather-entropy-on-VMS-based-.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0071-VMS-Added-new-method-to-gather-entropy-on-VMS-based-.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,172 @@ +From 0a71b62107e7175d9bbecf9458bbc0bcbf05d148 Mon Sep 17 00:00:00 2001 +From: Richard Levitte <levitte@openssl.org> +Date: Mon, 13 May 2019 17:15:14 -0700 +Subject: [PATCH 071/230] VMS: Added new method to gather entropy on VMS, based + on SYS$GET_ENTROPY. + +This system services is based on FreeBSD 12's getentropy(), and is +therefore treated the same way as getentropy() with regards to amount +of entropy bits per data bit. + +Reviewed-by: Paul Dale <paul.dale@oracle.com> +(Merged from https://github.com/openssl/openssl/pull/8926) + +(cherry picked from commit 8b9896eb293a0861f0b8c191b7a278f176b729e6) +--- + CHANGES | 4 ++ + crypto/rand/rand_vms.c | 99 +++++++++++++++++++++++++++++++++++++----- + 2 files changed, 93 insertions(+), 10 deletions(-) + +diff --git a/CHANGES b/CHANGES +index c64247dc91..58e98dd391 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -9,6 +9,10 @@ + + Changes between 1.1.1d and 1.1.1e [xx XXX xxxx] + ++ *) Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. ++ The presence of this system service is determined at run-time. ++ [Richard Levitte] ++ + *) Added newline escaping functionality to a filename when using openssl dgst. + This output format is to replicate the output format found in the '*sum' + checksum programs. This aims to preserve backward compatibility. +diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c +index c0581ce6db..b24d10a122 100644 +--- a/crypto/rand/rand_vms.c ++++ b/crypto/rand/rand_vms.c +@@ -32,10 +32,21 @@ + # pragma message disable DOLLARID + # endif + ++# include <dlfcn.h> /* SYS$GET_ENTROPY presence */ ++ + # ifndef OPENSSL_RAND_SEED_OS + # error "Unsupported seeding method configured; must be os" + # endif + ++/* ++ * DATA COLLECTION METHOD ++ * ====================== ++ * ++ * This is a method to get low quality entropy. ++ * It works by collecting all kinds of statistical data that ++ * VMS offers and using them as random seed. ++ */ ++ + /* We need to make sure we have the right size pointer in some cases */ + # if __INITIAL_POINTER_SIZE == 64 + # pragma pointer_size save +@@ -330,7 +341,7 @@ static void massage_JPI(ILE3 *items) + */ + #define ENTROPY_FACTOR 20 + +-size_t rand_pool_acquire_entropy(RAND_POOL *pool) ++size_t data_collect_method(RAND_POOL *pool) + { + ILE3 JPI_items_64bit[OSSL_NELEM(JPI_item_data_64bit) + 1]; + ILE3 RMI_items_64bit[OSSL_NELEM(RMI_item_data_64bit) + 1]; +@@ -445,15 +456,9 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) + * If we can't feed the requirements from the caller, we're in deep trouble. + */ + if (!ossl_assert(total_length >= bytes_needed)) { +- char neededstr[20]; +- char availablestr[20]; +- +- BIO_snprintf(neededstr, sizeof(neededstr), "%zu", bytes_needed); +- BIO_snprintf(availablestr, sizeof(availablestr), "%zu", total_length); +- RANDerr(RAND_F_RAND_POOL_ACQUIRE_ENTROPY, +- RAND_R_RANDOM_POOL_UNDERFLOW); +- ERR_add_error_data(4, "Needed: ", neededstr, ", Available: ", +- availablestr); ++ ERR_raise_data(ERR_LIB_RAND, RAND_R_RANDOM_POOL_UNDERFLOW, ++ "Needed: %zu, Available: %zu", ++ bytes_needed, total_length); + return 0; + } + +@@ -494,6 +499,80 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) + return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); + } + ++/* ++ * SYS$GET_ENTROPY METHOD ++ * ====================== ++ * ++ * This is a high entropy method based on a new system service that is ++ * based on getentropy() from FreeBSD 12. It's only used if available, ++ * and its availability is detected at run-time. ++ * ++ * We assume that this function provides full entropy random output. ++ */ ++#define PUBLIC_VECTORS "SYS$LIBRARY:SYS$PUBLIC_VECTORS.EXE" ++#define GET_ENTROPY "SYS$GET_ENTROPY" ++ ++static int get_entropy_address_flag = 0; ++static int (*get_entropy_address)(void *buffer, size_t buffer_size) = NULL; ++static int init_get_entropy_address(void) ++{ ++ if (get_entropy_address_flag == 0) ++ get_entropy_address = dlsym(dlopen(PUBLIC_VECTORS, 0), GET_ENTROPY); ++ get_entropy_address_flag = 1; ++ return get_entropy_address != NULL; ++} ++ ++size_t get_entropy_method(RAND_POOL *pool) ++{ ++ /* ++ * The documentation says that SYS$GET_ENTROPY will give a maximum of ++ * 256 bytes of data. ++ */ ++ unsigned char buffer[256]; ++ size_t bytes_needed; ++ size_t bytes_to_get = 0; ++ uint32_t status; ++ ++ for (bytes_needed = rand_pool_bytes_needed(pool, 1); ++ bytes_needed > 0; ++ bytes_needed -= bytes_to_get) { ++ bytes_to_get = ++ bytes_needed > sizeof(buffer) ? sizeof(buffer) : bytes_needed; ++ ++ status = get_entropy_address(buffer, bytes_to_get); ++ if (status == SS$_RETRY) { ++ /* Set to zero so the loop doesn't diminish |bytes_needed| */ ++ bytes_to_get = 0; ++ /* Should sleep some amount of time */ ++ continue; ++ } ++ ++ if (status != SS$_NORMAL) { ++ lib$signal(status); ++ return 0; ++ } ++ ++ rand_pool_add(pool, buffer, bytes_to_get, 8 * bytes_to_get); ++ } ++ ++ return rand_pool_entropy_available(pool); ++} ++ ++/* ++ * MAIN ENTROPY ACQUISITION FUNCTIONS ++ * ================================== ++ * ++ * These functions are called by the RAND / DRBG functions ++ */ ++ ++size_t rand_pool_acquire_entropy(RAND_POOL *pool) ++{ ++ if (init_get_entropy_address()) ++ return get_entropy_method(pool); ++ return data_collect_method(pool); ++} ++ ++ + int rand_pool_add_additional_data(RAND_POOL *pool) + { + struct { +-- +2.25.1 +
  80. Download patch debian/patches/0058-Enable-runtime-testing-of-no-deprecated-builds-in-Tr.patch

    --- 1.1.1d-2/debian/patches/0058-Enable-runtime-testing-of-no-deprecated-builds-in-Tr.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0058-Enable-runtime-testing-of-no-deprecated-builds-in-Tr.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,31 @@ +From 432d6953d65e7229ac138c49357856cc494ff438 Mon Sep 17 00:00:00 2001 +From: Cesar Pereida Garcia <cesar.pereidagarcia@tut.fi> +Date: Mon, 21 Oct 2019 14:53:51 +0300 +Subject: [PATCH 058/230] Enable runtime testing of no-deprecated builds in + Travis + +(cherry picked from commit c89799605b833f769ce4cfd879bb291f49b133be) + +Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10232) +--- + .travis.yml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/.travis.yml b/.travis.yml +index cc0d082b77..67ec1a1d21 100644 +--- a/.travis.yml ++++ b/.travis.yml +@@ -52,7 +52,7 @@ matrix: + env: CONFIG_OPTS="--strict-warnings" COMMENT="Move to the BORINGTEST build when interoperable" + - os: linux + compiler: clang +- env: CONFIG_OPTS="--strict-warnings -D__NO_STRING_INLINES no-deprecated" BUILDONLY="yes" ++ env: CONFIG_OPTS="--strict-warnings -D__NO_STRING_INLINES no-deprecated" + - os: linux + addons: + apt: +-- +2.25.1 +
  81. Download patch debian/patches/0014-DOC-fix-documentation-of-som-EVP_MD_CTX-functions.patch

    --- 1.1.1d-2/debian/patches/0014-DOC-fix-documentation-of-som-EVP_MD_CTX-functions.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0014-DOC-fix-documentation-of-som-EVP_MD_CTX-functions.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,37 @@ +From 61df2198e20ca47a4e8418c5bc47a362fd491ea3 Mon Sep 17 00:00:00 2001 +From: Richard Levitte <levitte@openssl.org> +Date: Tue, 24 Sep 2019 13:22:13 +0200 +Subject: [PATCH 014/230] DOC: fix documentation of som EVP_MD_CTX functions + +They were documented to take an EVP_MD pointer, when they really take +an EVP_MD_CTX pointer. + +Fixes #9993 + +Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/9997) +--- + doc/man3/EVP_DigestInit.pod | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod +index 3e3e342297..a24d7bf0c7 100644 +--- a/doc/man3/EVP_DigestInit.pod ++++ b/doc/man3/EVP_DigestInit.pod +@@ -44,9 +44,9 @@ EVP_MD_CTX_set_pkey_ctx - EVP digest routines + int EVP_MD_block_size(const EVP_MD *md); + + const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +- int EVP_MD_CTX_size(const EVP_MD *ctx); +- int EVP_MD_CTX_block_size(const EVP_MD *ctx); +- int EVP_MD_CTX_type(const EVP_MD *ctx); ++ int EVP_MD_CTX_size(const EVP_MD_CTX *ctx); ++ int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx); ++ int EVP_MD_CTX_type(const EVP_MD_CTX *ctx); + void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); + + const EVP_MD *EVP_md_null(void); +-- +2.25.1 +
  82. Download patch debian/patches/0061-Fix-a-copy-paste-error-in-the-TLSv1.3-server-side-PS.patch

    --- 1.1.1d-2/debian/patches/0061-Fix-a-copy-paste-error-in-the-TLSv1.3-server-side-PS.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0061-Fix-a-copy-paste-error-in-the-TLSv1.3-server-side-PS.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,39 @@ +From 3a9080d6f486c270457b9f2b0da15d2702539f98 Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Wed, 23 Oct 2019 19:32:05 +0100 +Subject: [PATCH 061/230] Fix a copy&paste error in the TLSv1.3 server side PSK + documentation + +The introductory paragraph for the TLSv1.3 server side PSK documentation +is a copy & paste of the client side documentation which has not been +updated with the server side equivalent information. + +Reviewed-by: Paul Dale <paul.dale@oracle.com> +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10245) + +(cherry picked from commit c549cb46e0d3cb4e611acafae5f919b4a8df4007) +--- + doc/man3/SSL_CTX_use_psk_identity_hint.pod | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/doc/man3/SSL_CTX_use_psk_identity_hint.pod b/doc/man3/SSL_CTX_use_psk_identity_hint.pod +index c8f7526610..0957ade5e1 100644 +--- a/doc/man3/SSL_CTX_use_psk_identity_hint.pod ++++ b/doc/man3/SSL_CTX_use_psk_identity_hint.pod +@@ -39,9 +39,9 @@ SSL_set_psk_find_session_callback + + =head1 DESCRIPTION + +-A client application wishing to use TLSv1.3 PSKs should set a callback +-using either SSL_CTX_set_psk_use_session_callback() or +-SSL_set_psk_use_session_callback() as appropriate. ++A server application wishing to use TLSv1.3 PSKs should set a callback ++using either SSL_CTX_set_psk_find_session_callback() or ++SSL_set_psk_find_session_callback() as appropriate. + + The callback function is given a pointer to the SSL connection in B<ssl> and + an identity in B<identity> of length B<identity_len>. The callback function +-- +2.25.1 +
  83. Download patch debian/patches/0048-Unify-BN_rshift-design.patch

    --- 1.1.1d-2/debian/patches/0048-Unify-BN_rshift-design.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0048-Unify-BN_rshift-design.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,98 @@ +From d63332a5f204195ed6922abf62a7ac7d0d0c7fd6 Mon Sep 17 00:00:00 2001 +From: Cesar Pereida Garcia <cesar.pereidagarcia@tut.fi> +Date: Wed, 16 Oct 2019 12:10:18 +0300 +Subject: [PATCH 048/230] Unify BN_rshift design + +This commit aims at refactoring the `BN_rshift` by making it a wrapper +around `bn_rshift_fixed_top`, in order to match the current design of +`BN_lshift`, as suggested in the discussion at +https://github.com/openssl/openssl/pull/10122#discussion_r332474277 . + +As described in the code, by refactoring this function, `BN_rshift` +provides a constant-time behavior for sufficiently[!] zero-padded inputs +under the following assumptions: `|n < BN_BITS2|` or `|n / BN_BITS2|` +being non-secret. + +Notice that `BN_rshift` returns a canonical representation of the +BIGNUM, if a `fixed_top` representation is required, the caller should +call `bn_rshift_fixed_top` instead. + +(cherry picked from commit 8eba6de59e2b06f23c214344423a5a618d1c9ffd) + +Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10196) +--- + crypto/bn/bn_shift.c | 48 +++++--------------------------------------- + 1 file changed, 5 insertions(+), 43 deletions(-) + +diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c +index 60c6ee418e..0c84d26cc5 100644 +--- a/crypto/bn/bn_shift.c ++++ b/crypto/bn/bn_shift.c +@@ -152,57 +152,19 @@ int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n) + + int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) + { +- int i, j, nw, lb, rb; +- BN_ULONG *t, *f; +- BN_ULONG l, tmp; +- +- bn_check_top(r); +- bn_check_top(a); ++ int ret = 0; + + if (n < 0) { + BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + +- nw = n / BN_BITS2; +- rb = n % BN_BITS2; +- lb = BN_BITS2 - rb; +- if (nw >= a->top || a->top == 0) { +- BN_zero(r); +- return 1; +- } +- i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2; +- if (r != a) { +- if (bn_wexpand(r, i) == NULL) +- return 0; +- r->neg = a->neg; +- } else { +- if (n == 0) +- return 1; /* or the copying loop will go berserk */ +- } +- +- f = &(a->d[nw]); +- t = r->d; +- j = a->top - nw; +- r->top = i; ++ ret = bn_rshift_fixed_top(r, a, n); + +- if (rb == 0) { +- for (i = j; i != 0; i--) +- *(t++) = *(f++); +- } else { +- l = *(f++); +- for (i = j - 1; i != 0; i--) { +- tmp = (l >> rb) & BN_MASK2; +- l = *(f++); +- *(t++) = (tmp | (l << lb)) & BN_MASK2; +- } +- if ((l = (l >> rb) & BN_MASK2)) +- *(t) = l; +- } +- if (!r->top) +- r->neg = 0; /* don't allow negative zero */ ++ bn_correct_top(r); + bn_check_top(r); +- return 1; ++ ++ return ret; + } + + /* +-- +2.25.1 +
  84. Download patch debian/patches/0004-BIO_f_zlib-Properly-handle-BIO_CTRL_PENDING-and-BIO_.patch

    --- 1.1.1d-2/debian/patches/0004-BIO_f_zlib-Properly-handle-BIO_CTRL_PENDING-and-BIO_.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0004-BIO_f_zlib-Properly-handle-BIO_CTRL_PENDING-and-BIO_.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,55 @@ +From 86ed78676c660b553696cc10c682962522dfeb6c Mon Sep 17 00:00:00 2001 +From: Tomas Mraz <tmraz@fedoraproject.org> +Date: Thu, 12 Sep 2019 12:27:36 +0200 +Subject: [PATCH 004/230] BIO_f_zlib: Properly handle BIO_CTRL_PENDING and + BIO_CTRL_WPENDING calls. + +There can be data to write in output buffer and data to read that were +not yet read in the input stream. + +Fixes #9866 + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/9877) + +(cherry picked from commit 6beb8b39ba8e4cb005c1fcd2586ba19e17f04b95) +--- + crypto/comp/c_zlib.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c +index d688deee5f..7c1be358fd 100644 +--- a/crypto/comp/c_zlib.c ++++ b/crypto/comp/c_zlib.c +@@ -598,6 +598,28 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) + BIO_copy_next_retry(b); + break; + ++ case BIO_CTRL_WPENDING: ++ if (ctx->obuf == NULL) ++ return 0; ++ ++ if (ctx->odone) { ++ ret = ctx->ocount; ++ } else { ++ ret = ctx->ocount; ++ if (ret == 0) ++ /* Unknown amount pending but we are not finished */ ++ ret = 1; ++ } ++ if (ret == 0) ++ ret = BIO_ctrl(next, cmd, num, ptr); ++ break; ++ ++ case BIO_CTRL_PENDING: ++ ret = ctx->zin.avail_in; ++ if (ret == 0) ++ ret = BIO_ctrl(next, cmd, num, ptr); ++ break; ++ + default: + ret = BIO_ctrl(next, cmd, num, ptr); + break; +-- +2.25.1 +
  85. Download patch debian/patches/0092-Fix-sha512_block_data_order_avx2-backtrace-info.patch

    --- 1.1.1d-2/debian/patches/0092-Fix-sha512_block_data_order_avx2-backtrace-info.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0092-Fix-sha512_block_data_order_avx2-backtrace-info.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,157 @@ +From 1ae28ac78171207399b3cf725430ebc0052c67de Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger <bernd.edlinger@hotmail.de> +Date: Sun, 18 Aug 2019 01:54:41 +0200 +Subject: [PATCH 092/230] Fix sha512_block_data_order_avx2 backtrace info + +We store a secondary frame pointer info for the debugger +in the red zone. + +Fixes #8853 + +[extended tests] + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/9624) + +(cherry picked from commit 9ce91035bcf7d74fe15c94650f3bc1f89b7c0f07) +--- + crypto/sha/asm/sha512-x86_64.pl | 78 ++++++++++++++++++++++++++++----- + 1 file changed, 68 insertions(+), 10 deletions(-) + +diff --git a/crypto/sha/asm/sha512-x86_64.pl b/crypto/sha/asm/sha512-x86_64.pl +index f2ebdfdb68..2e3b4fd2fe 100755 +--- a/crypto/sha/asm/sha512-x86_64.pl ++++ b/crypto/sha/asm/sha512-x86_64.pl +@@ -1992,7 +1992,23 @@ $code.=<<___; + vmovdqa $t0,0x00(%rsp) + xor $a1,$a1 + vmovdqa $t1,0x20(%rsp) ++___ ++$code.=<<___ if (!$win64); ++# temporarily use %rdi as frame pointer ++ mov $_rsp,%rdi ++.cfi_def_cfa %rdi,8 ++___ ++$code.=<<___; + lea -$PUSH8(%rsp),%rsp ++___ ++$code.=<<___ if (!$win64); ++# the frame info is at $_rsp, but the stack is moving... ++# so a second frame pointer is saved at -8(%rsp) ++# that is in the red zone ++ mov %rdi,-8(%rsp) ++.cfi_cfa_expression %rsp-8,deref,+8 ++___ ++$code.=<<___; + mov $B,$a3 + vmovdqa $t2,0x00(%rsp) + xor $C,$a3 # magic +@@ -2012,7 +2028,18 @@ my @X = @_; + my @insns = (&$body,&$body,&$body,&$body); # 96 instructions + my $base = "+2*$PUSH8(%rsp)"; + +- &lea ("%rsp","-$PUSH8(%rsp)") if (($j%2)==0); ++ if (($j%2)==0) { ++ &lea ("%rsp","-$PUSH8(%rsp)"); ++$code.=<<___ if (!$win64); ++.cfi_cfa_expression %rsp+`$PUSH8-8`,deref,+8 ++# copy secondary frame pointer to new location again at -8(%rsp) ++ pushq $PUSH8-8(%rsp) ++.cfi_cfa_expression %rsp,deref,+8 ++ lea 8(%rsp),%rsp ++.cfi_cfa_expression %rsp-8,deref,+8 ++___ ++ } ++ + foreach (Xupdate_256_AVX()) { # 29 instructions + eval; + eval(shift(@insns)); +@@ -2083,7 +2110,23 @@ $code.=<<___; + vmovdqa $t2,0x40(%rsp) + vpaddq 0x40($Tbl),@X[6],$t2 + vmovdqa $t3,0x60(%rsp) ++___ ++$code.=<<___ if (!$win64); ++# temporarily use %rdi as frame pointer ++ mov $_rsp,%rdi ++.cfi_def_cfa %rdi,8 ++___ ++$code.=<<___; + lea -$PUSH8(%rsp),%rsp ++___ ++$code.=<<___ if (!$win64); ++# the frame info is at $_rsp, but the stack is moving... ++# so a second frame pointer is saved at -8(%rsp) ++# that is in the red zone ++ mov %rdi,-8(%rsp) ++.cfi_cfa_expression %rsp-8,deref,+8 ++___ ++$code.=<<___; + vpaddq 0x60($Tbl),@X[7],$t3 + vmovdqa $t0,0x00(%rsp) + xor $a1,$a1 +@@ -2107,7 +2150,18 @@ my @X = @_; + my @insns = (&$body,&$body); # 48 instructions + my $base = "+2*$PUSH8(%rsp)"; + +- &lea ("%rsp","-$PUSH8(%rsp)") if (($j%4)==0); ++ if (($j%4)==0) { ++ &lea ("%rsp","-$PUSH8(%rsp)"); ++$code.=<<___ if (!$win64); ++.cfi_cfa_expression %rsp+`$PUSH8-8`,deref,+8 ++# copy secondary frame pointer to new location again at -8(%rsp) ++ pushq $PUSH8-8(%rsp) ++.cfi_cfa_expression %rsp,deref,+8 ++ lea 8(%rsp),%rsp ++.cfi_cfa_expression %rsp-8,deref,+8 ++___ ++ } ++ + foreach (Xupdate_512_AVX()) { # 23 instructions + eval; + if ($_ !~ /\;$/) { +@@ -2182,6 +2236,8 @@ $code.=<<___; + add $a1,$A + #mov `2*$SZ*$rounds+8`(%rsp),$inp # $_inp + lea `2*$SZ*($rounds-8)`(%rsp),%rsp ++# restore frame pointer to original location at $_rsp ++.cfi_cfa_expression $_rsp,deref,+8 + + add $SZ*0($ctx),$A + add $SZ*1($ctx),$B +@@ -2207,22 +2263,24 @@ $code.=<<___; + + jbe .Loop_avx2 + lea (%rsp),$Tbl ++# temporarily use $Tbl as index to $_rsp ++# this avoids the need to save a secondary frame pointer at -8(%rsp) ++.cfi_cfa_expression $Tbl+`16*$SZ+3*8`,deref,+8 + + .Ldone_avx2: +- lea ($Tbl),%rsp +- mov $_rsp,%rsi ++ mov `16*$SZ+3*8`($Tbl),%rsi + .cfi_def_cfa %rsi,8 + vzeroupper + ___ + $code.=<<___ if ($win64); +- movaps 16*$SZ+32(%rsp),%xmm6 +- movaps 16*$SZ+48(%rsp),%xmm7 +- movaps 16*$SZ+64(%rsp),%xmm8 +- movaps 16*$SZ+80(%rsp),%xmm9 ++ movaps 16*$SZ+32($Tbl),%xmm6 ++ movaps 16*$SZ+48($Tbl),%xmm7 ++ movaps 16*$SZ+64($Tbl),%xmm8 ++ movaps 16*$SZ+80($Tbl),%xmm9 + ___ + $code.=<<___ if ($win64 && $SZ>4); +- movaps 16*$SZ+96(%rsp),%xmm10 +- movaps 16*$SZ+112(%rsp),%xmm11 ++ movaps 16*$SZ+96($Tbl),%xmm10 ++ movaps 16*$SZ+112($Tbl),%xmm11 + ___ + $code.=<<___; + mov -48(%rsi),%r15 +-- +2.25.1 +
  86. Download patch debian/patches/0045-i2d_PublicKey-was-listed-in-2-different-man-pages.patch

    --- 1.1.1d-2/debian/patches/0045-i2d_PublicKey-was-listed-in-2-different-man-pages.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0045-i2d_PublicKey-was-listed-in-2-different-man-pages.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,34 @@ +From abf92a9715383656881fb37777c6507c68b18e66 Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Thu, 6 Jun 2019 12:14:28 +0100 +Subject: [PATCH 045/230] i2d_PublicKey was listed in 2 different man pages + +find-doc-nits complains if a symbol is documented in more than one +location. + +Reviewed-by: Richard Levitte <levitte@openssl.org> + +(cherry picked from commit 4ff4e53f816855b07fc02dc931dd57b2ae324aa1) + +Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> +Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> +(Merged from https://github.com/openssl/openssl/pull/10094) +--- + doc/man3/d2i_X509.pod | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod +index e36270f739..075f87295a 100644 +--- a/doc/man3/d2i_X509.pod ++++ b/doc/man3/d2i_X509.pod +@@ -307,7 +307,6 @@ i2d_POLICYQUALINFO, + i2d_PROFESSION_INFO, + i2d_PROXY_CERT_INFO_EXTENSION, + i2d_PROXY_POLICY, +-i2d_PublicKey, + i2d_RSAPrivateKey, + i2d_RSAPrivateKey_bio, + i2d_RSAPrivateKey_fp, +-- +2.25.1 +
  87. Download patch debian/patches/0083-Fix-EC_POINT_bn2point-for-BN_zero.patch

    --- 1.1.1d-2/debian/patches/0083-Fix-EC_POINT_bn2point-for-BN_zero.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0083-Fix-EC_POINT_bn2point-for-BN_zero.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,51 @@ +From 6f6adf1d7bf44abfae96a52c791a69cf694fd7f8 Mon Sep 17 00:00:00 2001 +From: Nicola Tuveri <nic.tuv@gmail.com> +Date: Fri, 1 Nov 2019 22:38:21 +0200 +Subject: [PATCH 083/230] Fix EC_POINT_bn2point() for BN_zero() + +EC_POINT_bn2point() rejected BIGNUMs with a zero value. + +This behavior indirectly caused failures when converting a point +at infinity through EC_POINT_point2hex() and then back to a point with +EC_POINT_hex2point(). + +With this change such BIGNUMs are treated like any other and exported to +an octet buffer filled with zero. +It is then EC_POINT_oct2point() (either the default implementation or +the custom one in group->meth->oct2point) to determine if such encoding +maps to a valid point (generally the point at infinity is encoded as +0x00). + +Fixes #10258 + +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10329) + +(cherry picked from commit d47c10875656790d146f62ac3c437db54c58dbf7) +--- + crypto/ec/ec_print.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/crypto/ec/ec_print.c b/crypto/ec/ec_print.c +index f2525cbaa6..660fc400fb 100644 +--- a/crypto/ec/ec_print.c ++++ b/crypto/ec/ec_print.c +@@ -39,13 +39,13 @@ EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, + EC_POINT *ret; + + if ((buf_len = BN_num_bytes(bn)) == 0) +- return NULL; ++ buf_len = 1; + if ((buf = OPENSSL_malloc(buf_len)) == NULL) { + ECerr(EC_F_EC_POINT_BN2POINT, ERR_R_MALLOC_FAILURE); + return NULL; + } + +- if (!BN_bn2bin(bn, buf)) { ++ if (!BN_bn2binpad(bn, buf, buf_len)) { + OPENSSL_free(buf); + return NULL; + } +-- +2.25.1 +
  88. Download patch debian/patches/0075-Configure-Make-strict-warnings-meaningful-with-MSVC-.patch

    --- 1.1.1d-2/debian/patches/0075-Configure-Make-strict-warnings-meaningful-with-MSVC-.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0075-Configure-Make-strict-warnings-meaningful-with-MSVC-.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,87 @@ +From 53a5e9b561d0cc1c1c9a7ab9b0dbc91dd5e3623a Mon Sep 17 00:00:00 2001 +From: Richard Levitte <levitte@openssl.org> +Date: Tue, 29 Oct 2019 13:37:54 +0100 +Subject: [PATCH 075/230] Configure: Make --strict-warnings meaningful with + MSVC cl + +We also add this to our x86_64 builds on appveyor + +(cherry picked from commit b4a7b4ec4acc712b1f22a83966ac986b510f25d8) + +Reviewed-by: Tim Hudson <tjh@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10365) +--- + Configurations/10-main.conf | 1 - + Configure | 23 ++++++++++++++++++----- + appveyor.yml | 2 +- + 3 files changed, 19 insertions(+), 7 deletions(-) + +diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf +index 97be7b95a9..fc04f8e661 100644 +--- a/Configurations/10-main.conf ++++ b/Configurations/10-main.conf +@@ -1313,7 +1313,6 @@ my %targets = ( + "VC-WIN32" => { + inherit_from => [ "VC-noCE-common", asm("x86_asm"), + sub { $disabled{shared} ? () : "uplink_common" } ], +- CFLAGS => add("/WX"), + AS => sub { vc_win32_info()->{AS} }, + ASFLAGS => sub { vc_win32_info()->{ASFLAGS} }, + asoutflag => sub { vc_win32_info()->{asoutflag} }, +diff --git a/Configure b/Configure +index 59313117f0..a6aae00fd4 100755 +--- a/Configure ++++ b/Configure +@@ -160,6 +160,10 @@ my @clang_devteam_warn = qw( + -Wmissing-variable-declarations + ); + ++my @cl_devteam_warn = qw( ++ /WX ++); ++ + # This adds backtrace information to the memory leak info. Is only used + # when crypto-mdebug-backtrace is enabled. + my $memleak_devteam_backtrace = "-rdynamic"; +@@ -1523,11 +1527,20 @@ if ($strict_warnings) + my $wopt; + my $gccver = $predefined_C{__GNUC__} // -1; + +- warn "WARNING --strict-warnings requires gcc[>=4] or gcc-alike" +- unless $gccver >= 4; +- push @strict_warnings_collection, @gcc_devteam_warn; +- push @strict_warnings_collection, @clang_devteam_warn +- if (defined($predefined_C{__clang__})); ++ if ($gccver >= 4) ++ { ++ push @strict_warnings_collection, @gcc_devteam_warn; ++ push @strict_warnings_collection, @clang_devteam_warn ++ if (defined($predefined_C{__clang__})); ++ } ++ elsif ($config{target} =~ /^VC-/) ++ { ++ push @strict_warnings_collection, @cl_devteam_warn; ++ } ++ else ++ { ++ warn "WARNING --strict-warnings requires gcc[>=4] or gcc-alike, or MSVC" ++ } + } + + if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) { +diff --git a/appveyor.yml b/appveyor.yml +index f17fea5ce2..84099e1f13 100644 +--- a/appveyor.yml ++++ b/appveyor.yml +@@ -16,7 +16,7 @@ before_build: + - ps: >- + If ($env:Platform -Match "x86") { + $env:VCVARS_PLATFORM="x86" +- $env:TARGET="VC-WIN32 no-asm" ++ $env:TARGET="VC-WIN32 no-asm --strict-warnings" + } Else { + $env:VCVARS_PLATFORM="amd64" + $env:TARGET="VC-WIN64A-masm" +-- +2.25.1 +
  89. Download patch debian/patches/0028-rsa-replace-magic-number-11-by-RSA_PKCS1_PADDING_SIZ.patch

    --- 1.1.1d-2/debian/patches/0028-rsa-replace-magic-number-11-by-RSA_PKCS1_PADDING_SIZ.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0028-rsa-replace-magic-number-11-by-RSA_PKCS1_PADDING_SIZ.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,141 @@ +From 1a9a56865cb66d9fca067ba00d0e030f4b6974aa Mon Sep 17 00:00:00 2001 +From: "Dr. Matthias St. Pierre" <Matthias.St.Pierre@ncp-e.com> +Date: Thu, 3 Oct 2019 14:20:52 +0200 +Subject: [PATCH 028/230] rsa: replace magic number '11' by + RSA_PKCS1_PADDING_SIZE + +Suggested by Matt Hart + +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10084) + +(cherry picked from commit f1d1903dd3dd1d68a5eae190b8c2a88bfe0a68ac) +--- + crypto/rsa/rsa_pk1.c | 22 +++++++++++----------- + crypto/rsa/rsa_ssl.c | 20 ++++++++++---------- + 2 files changed, 21 insertions(+), 21 deletions(-) + +diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c +index 5deab15173..a3d0b7cef8 100644 +--- a/crypto/rsa/rsa_pk1.c ++++ b/crypto/rsa/rsa_pk1.c +@@ -57,7 +57,7 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + * D - data. + */ + +- if (num < 11) ++ if (num < RSA_PKCS1_PADDING_SIZE) + return -1; + + /* Accept inputs with and without the leading 0-byte. */ +@@ -120,7 +120,7 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + int i, j; + unsigned char *p; + +- if (flen > (tlen - 11)) { ++ if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2, + RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return 0; +@@ -169,7 +169,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + * section 7.2.2. + */ + +- if (flen > num || num < 11) { ++ if (flen > num || num < RSA_PKCS1_PADDING_SIZE) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, + RSA_R_PKCS_DECODING_ERROR); + return -1; +@@ -226,8 +226,8 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + good &= constant_time_ge(tlen, mlen); + + /* +- * Move the result in-place by |num|-11-|mlen| bytes to the left. +- * Then if |good| move |mlen| bytes from |em|+11 to |to|. ++ * Move the result in-place by |num|-RSA_PKCS1_PADDING_SIZE-|mlen| bytes to the left. ++ * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to |to|. + * Otherwise leave |to| unchanged. + * Copy the memory back in a way that does not reveal the size of + * the data being copied via a timing side channel. This requires copying +@@ -235,16 +235,16 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + * length. Clear bits do a non-copy with identical access pattern. + * The loop below has overall complexity of O(N*log(N)). + */ +- tlen = constant_time_select_int(constant_time_lt(num - 11, tlen), +- num - 11, tlen); +- for (msg_index = 1; msg_index < num - 11; msg_index <<= 1) { +- mask = ~constant_time_eq(msg_index & (num - 11 - mlen), 0); +- for (i = 11; i < num - msg_index; i++) ++ tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen), ++ num - RSA_PKCS1_PADDING_SIZE, tlen); ++ for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) { ++ mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0); ++ for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++) + em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]); + } + for (i = 0; i < tlen; i++) { + mask = good & constant_time_lt(i, mlen); +- to[i] = constant_time_select_8(mask, em[i + 11], to[i]); ++ to[i] = constant_time_select_8(mask, em[i + RSA_PKCS1_PADDING_SIZE], to[i]); + } + + OPENSSL_clear_free(em, num); +diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c +index 0a659bc49c..1f155be175 100644 +--- a/crypto/rsa/rsa_ssl.c ++++ b/crypto/rsa/rsa_ssl.c +@@ -20,7 +20,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, + int i, j; + unsigned char *p; + +- if (flen > (tlen - 11)) { ++ if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { + RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23, + RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return 0; +@@ -70,7 +70,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, + if (tlen <= 0 || flen <= 0) + return -1; + +- if (flen > num || num < 11) { ++ if (flen > num || num < RSA_PKCS1_PADDING_SIZE) { + RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL); + return -1; + } +@@ -141,8 +141,8 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, + err = constant_time_select_int(mask | good, err, RSA_R_DATA_TOO_LARGE); + + /* +- * Move the result in-place by |num|-11-|mlen| bytes to the left. +- * Then if |good| move |mlen| bytes from |em|+11 to |to|. ++ * Move the result in-place by |num|-RSA_PKCS1_PADDING_SIZE-|mlen| bytes to the left. ++ * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to |to|. + * Otherwise leave |to| unchanged. + * Copy the memory back in a way that does not reveal the size of + * the data being copied via a timing side channel. This requires copying +@@ -150,16 +150,16 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, + * length. Clear bits do a non-copy with identical access pattern. + * The loop below has overall complexity of O(N*log(N)). + */ +- tlen = constant_time_select_int(constant_time_lt(num - 11, tlen), +- num - 11, tlen); +- for (msg_index = 1; msg_index < num - 11; msg_index <<= 1) { +- mask = ~constant_time_eq(msg_index & (num - 11 - mlen), 0); +- for (i = 11; i < num - msg_index; i++) ++ tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen), ++ num - RSA_PKCS1_PADDING_SIZE, tlen); ++ for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) { ++ mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0); ++ for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++) + em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]); + } + for (i = 0; i < tlen; i++) { + mask = good & constant_time_lt(i, mlen); +- to[i] = constant_time_select_8(mask, em[i + 11], to[i]); ++ to[i] = constant_time_select_8(mask, em[i + RSA_PKCS1_PADDING_SIZE], to[i]); + } + + OPENSSL_clear_free(em, num); +-- +2.25.1 +
  90. Download patch debian/patches/0018-Add-util-fix-includes-script.patch

    --- 1.1.1d-2/debian/patches/0018-Add-util-fix-includes-script.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0018-Add-util-fix-includes-script.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,65 @@ +From ea21f6f88e4699d231f7ef51eb774f343b39d6ab Mon Sep 17 00:00:00 2001 +From: "Dr. Matthias St. Pierre" <Matthias.St.Pierre@ncp-e.com> +Date: Fri, 27 Sep 2019 23:58:12 +0200 +Subject: [PATCH 018/230] Add util/fix-includes script + +This script contains all adjustments to header files which were made +during the reorganization of the header files. It is meant as an aid +for other contributors which encounter preprocessor #include errors +after rebasing over this pull request. Simply running + + util/fix-includes + +from the root of the source directory should hopefully fix the problem. + +Note: such #include errors are expected only for pull requests which +add a lot of new code, in particular new compilation modules. + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/9681) +--- + util/fix-includes | 19 +++++++++++++++++++ + util/fix-includes.sed | 5 +++++ + 2 files changed, 24 insertions(+) + create mode 100755 util/fix-includes + create mode 100644 util/fix-includes.sed + +diff --git a/util/fix-includes b/util/fix-includes +new file mode 100755 +index 0000000000..c49163875b +--- /dev/null ++++ b/util/fix-includes +@@ -0,0 +1,19 @@ ++#!/bin/sh ++# ++# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++find -name ossl_typ.h -o \( \ ++ -name '*.h' -o \ ++ -name '*.h.in' -o \ ++ -name '*.c' -o \ ++ -name '*.ec' -o \ ++ -name 'README*' -o \ ++ -name '*.pod' -o \ ++ -name '*.conf' \ ++ \) -exec sed -E -i \ ++ -f util/fix-includes.sed {} \; +diff --git a/util/fix-includes.sed b/util/fix-includes.sed +new file mode 100644 +index 0000000000..fb0d652875 +--- /dev/null ++++ b/util/fix-includes.sed +@@ -0,0 +1,5 @@ ++s|internal/([a-z0-9_]+)_int\.h|crypto/\1.h|g ; ++s@internal/(aria.h|async.h|bn_conf.h|bn_dh.h|bn_srp.h|chacha.h|ctype.h|__DECC_INCLUDE_EPILOGUE.H|__DECC_INCLUDE_PROLOGUE.H|dso_conf.h|engine.h|lhash.h|md32_common.h|objects.h|poly1305.h|sha.h|siphash.h|sm2err.h|sm2.h|sm3.h|sm4.h|store.h|foobar)@crypto/\1@g ; ++s/constant_time_locl/constant_time/g ; ++s/_lo?cl\.h/_local.h/g ; ++s/_int\.h/_local.h/g ; +-- +2.25.1 +
  91. Download patch debian/patches/0060-Allow-EVP_PKEY_get0_RSA-for-RSA-PSS-keys.patch

    --- 1.1.1d-2/debian/patches/0060-Allow-EVP_PKEY_get0_RSA-for-RSA-PSS-keys.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0060-Allow-EVP_PKEY_get0_RSA-for-RSA-PSS-keys.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,34 @@ +From 4088b9263676748f5426cae1bcff132825a48d2a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tniessen@tnie.de> +Date: Fri, 18 Oct 2019 20:44:49 +0200 +Subject: [PATCH 060/230] Allow EVP_PKEY_get0_RSA for RSA-PSS keys + +RSA-PSS keys use the same internal structure as RSA keys but do not +allow accessing it through EVP_PKEY_get0_RSA. This commit changes that +behavior. + +Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> +Reviewed-by: Matt Caswell <matt@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10217) + +(cherry picked from commit 465a58b117d5a85623f3998d6fbf2fe8712a5604) +--- + crypto/evp/p_lib.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c +index e57fa9e289..72a23b4d5f 100644 +--- a/crypto/evp/p_lib.c ++++ b/crypto/evp/p_lib.c +@@ -465,7 +465,7 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) + + RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) + { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) { + EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY); + return NULL; + } +-- +2.25.1 +
  92. Download patch debian/patches/0089-Add-missing-EVP_PKEY_METHOD-accessors-for-digestsign.patch

    --- 1.1.1d-2/debian/patches/0089-Add-missing-EVP_PKEY_METHOD-accessors-for-digestsign.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0089-Add-missing-EVP_PKEY_METHOD-accessors-for-digestsign.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,192 @@ +From 460a0b2b138fb690577d9b5b5782d5776285be0f Mon Sep 17 00:00:00 2001 +From: Anthony Hu <anth_hu@hotmail.com> +Date: Thu, 7 Nov 2019 21:47:53 -0500 +Subject: [PATCH 089/230] Add missing EVP_PKEY_METHOD accessors for digestsign + and digestverify + +Reviewed-by: Paul Dale <paul.dale@oracle.com> +Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> +(Merged from https://github.com/openssl/openssl/pull/10388) + +(cherry picked from commit 2555285fa5e4248ad4a5a0bc14ae4606443856c2) +--- + crypto/evp/pmeth_lib.c | 32 ++++++++++++++++++++++++++++++++ + doc/man3/EVP_PKEY_meth_new.pod | 32 ++++++++++++++++++++++++++++++-- + include/openssl/evp.h | 28 ++++++++++++++++++++++++++++ + util/libcrypto.num | 4 ++++ + 4 files changed, 94 insertions(+), 2 deletions(-) + +diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c +index d44063de53..603ccd8352 100644 +--- a/crypto/evp/pmeth_lib.c ++++ b/crypto/evp/pmeth_lib.c +@@ -642,6 +642,21 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + pmeth->ctrl_str = ctrl_str; + } + ++void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, ++ int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, ++ const unsigned char *tbs, size_t tbslen)) ++{ ++ pmeth->digestsign = digestsign; ++} ++ ++void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, ++ int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, ++ size_t siglen, const unsigned char *tbs, ++ size_t tbslen)) ++{ ++ pmeth->digestverify = digestverify; ++} ++ + void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)) + { +@@ -834,6 +849,23 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, + *pctrl_str = pmeth->ctrl_str; + } + ++void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, ++ int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, ++ const unsigned char *tbs, size_t tbslen)) ++{ ++ if (digestsign) ++ *digestsign = pmeth->digestsign; ++} ++ ++void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, ++ int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, ++ size_t siglen, const unsigned char *tbs, ++ size_t tbslen)) ++{ ++ if (digestverify) ++ *digestverify = pmeth->digestverify; ++} ++ + void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)) + { +diff --git a/doc/man3/EVP_PKEY_meth_new.pod b/doc/man3/EVP_PKEY_meth_new.pod +index 8a167ce0d6..106873d9ac 100644 +--- a/doc/man3/EVP_PKEY_meth_new.pod ++++ b/doc/man3/EVP_PKEY_meth_new.pod +@@ -8,14 +8,18 @@ EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, + EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, + EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, + EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, +-EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, EVP_PKEY_meth_set_check, ++EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, ++EVP_PKEY_meth_set_digestsign, EVP_PKEY_meth_set_digestverify, ++EVP_PKEY_meth_set_check, + EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check, + EVP_PKEY_meth_set_digest_custom, + EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, + EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, + EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, + EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, +-EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, EVP_PKEY_meth_get_check, ++EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, ++EVP_PKEY_meth_get_digestsign, EVP_PKEY_meth_get_digestverify, ++EVP_PKEY_meth_get_check, + EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, + EVP_PKEY_meth_get_digest_custom, + EVP_PKEY_meth_remove +@@ -112,6 +116,18 @@ EVP_PKEY_meth_remove + int (*ctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); ++ void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, ++ int (*digestsign) (EVP_MD_CTX *ctx, ++ unsigned char *sig, ++ size_t *siglen, ++ const unsigned char *tbs, ++ size_t tbslen)); ++ void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, ++ int (*digestverify) (EVP_MD_CTX *ctx, ++ const unsigned char *sig, ++ size_t siglen, ++ const unsigned char *tbs, ++ size_t tbslen)); + void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, +@@ -200,6 +216,18 @@ EVP_PKEY_meth_remove + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); ++ void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, ++ int (**digestsign) (EVP_MD_CTX *ctx, ++ unsigned char *sig, ++ size_t *siglen, ++ const unsigned char *tbs, ++ size_t tbslen)); ++ void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, ++ int (**digestverify) (EVP_MD_CTX *ctx, ++ const unsigned char *sig, ++ size_t siglen, ++ const unsigned char *tbs, ++ size_t tbslen)); + void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, +diff --git a/include/openssl/evp.h b/include/openssl/evp.h +index 8abcd8a8a3..a411f3f2f9 100644 +--- a/include/openssl/evp.h ++++ b/include/openssl/evp.h +@@ -1512,6 +1512,20 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + const char *type, + const char *value)); + ++void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, ++ int (*digestsign) (EVP_MD_CTX *ctx, ++ unsigned char *sig, ++ size_t *siglen, ++ const unsigned char *tbs, ++ size_t tbslen)); ++ ++void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, ++ int (*digestverify) (EVP_MD_CTX *ctx, ++ const unsigned char *sig, ++ size_t siglen, ++ const unsigned char *tbs, ++ size_t tbslen)); ++ + void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); + +@@ -1617,6 +1631,20 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, + const char *type, + const char *value)); + ++void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, ++ int (**digestsign) (EVP_MD_CTX *ctx, ++ unsigned char *sig, ++ size_t *siglen, ++ const unsigned char *tbs, ++ size_t tbslen)); ++ ++void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, ++ int (**digestverify) (EVP_MD_CTX *ctx, ++ const unsigned char *sig, ++ size_t siglen, ++ const unsigned char *tbs, ++ size_t tbslen)); ++ + void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); + +diff --git a/util/libcrypto.num b/util/libcrypto.num +index bf8b803c4c..1dde397bed 100644 +--- a/util/libcrypto.num ++++ b/util/libcrypto.num +@@ -4582,3 +4582,7 @@ OPENSSL_INIT_set_config_file_flags 4535 1_1_1b EXIST::FUNCTION:STDIO + EVP_PKEY_get0_engine 4536 1_1_1c EXIST::FUNCTION:ENGINE + X509_get0_authority_serial 4537 1_1_1d EXIST::FUNCTION: + X509_get0_authority_issuer 4538 1_1_1d EXIST::FUNCTION: ++EVP_PKEY_meth_set_digestsign 4539 1_1_1e EXIST::FUNCTION: ++EVP_PKEY_meth_set_digestverify 4540 1_1_1e EXIST::FUNCTION: ++EVP_PKEY_meth_get_digestverify 4541 1_1_1e EXIST::FUNCTION: ++EVP_PKEY_meth_get_digestsign 4542 1_1_1e EXIST::FUNCTION: +-- +2.25.1 +
  93. Download patch debian/patches/0024-Do-not-print-extensions-in-Certificate-message-for-T.patch

    --- 1.1.1d-2/debian/patches/0024-Do-not-print-extensions-in-Certificate-message-for-T.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0024-Do-not-print-extensions-in-Certificate-message-for-T.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,39 @@ +From 51f879a31f926ba12b783c68f4ba9e4ee490145f Mon Sep 17 00:00:00 2001 +From: Daniil Zotkin <zotkin@rutoken.ru> +Date: Tue, 24 Sep 2019 11:08:23 +0300 +Subject: [PATCH 024/230] Do not print extensions in Certificate message for + TLS1.2 and lower + +According to RFC8446 CertificateEntry in Certificate message contains +extensions that were not present in the Certificate message in RFC5246. + +CLA: trivial + +Reviewed-by: Matt Caswell <matt@openssl.org> +Reviewed-by: Paul Dale <paul.dale@oracle.com> +(Merged from https://github.com/openssl/openssl/pull/9994) + +(cherry picked from commit 65c76cd2c9e8da9468dd490b334e56c51dbef582) +--- + ssl/t1_trce.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c +index 0559fba9d9..5c84339314 100644 +--- a/ssl/t1_trce.c ++++ b/ssl/t1_trce.c +@@ -1246,8 +1246,9 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server, + while (clen > 0) { + if (!ssl_print_certificate(bio, indent + 2, &msg, &clen)) + return 0; +- if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE, +- &msg, &clen)) ++ if (SSL_IS_TLS13(ssl) ++ && !ssl_print_extensions(bio, indent + 2, server, ++ SSL3_MT_CERTIFICATE, &msg, &clen)) + return 0; + + } +-- +2.25.1 +
  94. Download patch debian/patches/0049-Constant-time-GCD-function.patch
  95. Download patch debian/patches/0030-init_buf-memory-can-be-freed-when-DTLS-is-used-over-.patch

    --- 1.1.1d-2/debian/patches/0030-init_buf-memory-can-be-freed-when-DTLS-is-used-over-.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0030-init_buf-memory-can-be-freed-when-DTLS-is-used-over-.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,50 @@ +From a80de34b2769c35270d45bbae67c4b219c99156d Mon Sep 17 00:00:00 2001 +From: NaveenShivanna86 <navin.shivanna@gmail.com> +Date: Wed, 21 Aug 2019 11:58:29 +0530 +Subject: [PATCH 030/230] 'init_buf' memory can be freed when DTLS is used over + SCTP (not over UDP). + +Reviewed-by: Matt Caswell <matt@openssl.org> +Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> +(Merged from https://github.com/openssl/openssl/pull/9653) + +(cherry picked from commit e7c27a6c3716843f8412fd96311b70ac84b785f9) +--- + ssl/statem/statem_lib.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c +index ed52b18d3a..bd1d34f3b6 100644 +--- a/ssl/statem/statem_lib.c ++++ b/ssl/statem/statem_lib.c +@@ -1033,14 +1033,25 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) + int cleanuphand = s->statem.cleanuphand; + + if (clearbufs) { +- if (!SSL_IS_DTLS(s)) { ++ if (!SSL_IS_DTLS(s) ++#ifndef OPENSSL_NO_SCTP + /* +- * We don't do this in DTLS because we may still need the init_buf ++ * RFC6083: SCTP provides a reliable and in-sequence transport service for DTLS ++ * messages that require it. Therefore, DTLS procedures for retransmissions ++ * MUST NOT be used. ++ * Hence the init_buf can be cleared when DTLS over SCTP as transport is used. ++ */ ++ || BIO_dgram_is_sctp(SSL_get_wbio(s)) ++#endif ++ ) { ++ /* ++ * We don't do this in DTLS over UDP because we may still need the init_buf + * in case there are any unexpected retransmits + */ + BUF_MEM_free(s->init_buf); + s->init_buf = NULL; + } ++ + if (!ssl_free_wbio_buffer(s)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_FINISH_HANDSHAKE, + ERR_R_INTERNAL_ERROR); +-- +2.25.1 +
  96. Download patch debian/patches/0019-Fix-a-return-value-bug-in-apps-speed.c.patch

    --- 1.1.1d-2/debian/patches/0019-Fix-a-return-value-bug-in-apps-speed.c.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0019-Fix-a-return-value-bug-in-apps-speed.c.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,34 @@ +From 312674e5148a44843202040006f47fc374902f88 Mon Sep 17 00:00:00 2001 +From: Paul Yang <kaishen.yy@antfin.com> +Date: Mon, 30 Sep 2019 11:33:24 +0800 +Subject: [PATCH 019/230] Fix a return value bug in apps/speed.c + +Those functions returns less than and equal to 0 to indicate an error +occured. + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10054) + +(cherry picked from commit 94bd168a9e31d1ab4986e94056dfae71ec5f051f) +--- + apps/speed.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/apps/speed.c b/apps/speed.c +index 20149506cc..7f8ba7c096 100644 +--- a/apps/speed.c ++++ b/apps/speed.c +@@ -3106,8 +3106,8 @@ int speed_main(int argc, char **argv) + + if ((ed_pctx = EVP_PKEY_CTX_new_id(test_ed_curves[testnum].nid, NULL)) + == NULL +- || !EVP_PKEY_keygen_init(ed_pctx) +- || !EVP_PKEY_keygen(ed_pctx, &ed_pkey)) { ++ || EVP_PKEY_keygen_init(ed_pctx) <= 0 ++ || EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) { + st = 0; + EVP_PKEY_CTX_free(ed_pctx); + break; +-- +2.25.1 +
  97. Download patch debian/patches/0073-Don-t-leak-memory-in-the-event-of-a-failure-in-i2v_G.patch

    --- 1.1.1d-2/debian/patches/0073-Don-t-leak-memory-in-the-event-of-a-failure-in-i2v_G.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0073-Don-t-leak-memory-in-the-event-of-a-failure-in-i2v_G.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,58 @@ +From 7bb50cbc4af78a0c8d36fdf2c141ad1330125e2f Mon Sep 17 00:00:00 2001 +From: Matt Caswell <matt@openssl.org> +Date: Wed, 30 Oct 2019 13:20:33 +0000 +Subject: [PATCH 073/230] Don't leak memory in the event of a failure in + i2v_GENERAL_NAMES + +i2v_GENERAL_NAMES call i2v_GENERAL_NAME repeatedly as required. Each +time i2v_GENERAL_NAME gets called it allocates adds data to the passed in +stack and then returns a pointer to the stack, or NULL on failure. If +the passed in stack is itself NULL then it allocates one. + +i2v_GENERAL_NAMES was not correctly handling the case where a NULL gets +returned from i2v_GENERAL_NAME. If a stack had already been allocated then +it just leaked it. + +Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> +Reviewed-by: Viktor Dukhovni <viktor@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10300) + +(cherry picked from commit 45b244620a74248b46ebe1c85e86437b9641447a) +--- + crypto/x509v3/v3_alt.c | 17 +++++++++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) + +diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c +index dfcb9094f4..7ac2911b91 100644 +--- a/crypto/x509v3/v3_alt.c ++++ b/crypto/x509v3/v3_alt.c +@@ -52,11 +52,24 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, + { + int i; + GENERAL_NAME *gen; ++ STACK_OF(CONF_VALUE) *tmpret = NULL, *origret = ret; ++ + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { + gen = sk_GENERAL_NAME_value(gens, i); +- ret = i2v_GENERAL_NAME(method, gen, ret); ++ /* ++ * i2v_GENERAL_NAME allocates ret if it is NULL. If something goes ++ * wrong we need to free the stack - but only if it was empty when we ++ * originally entered this function. ++ */ ++ tmpret = i2v_GENERAL_NAME(method, gen, ret); ++ if (tmpret == NULL) { ++ if (origret == NULL) ++ sk_CONF_VALUE_pop_free(ret, X509V3_conf_free); ++ return NULL; ++ } ++ ret = tmpret; + } +- if (!ret) ++ if (ret == NULL) + return sk_CONF_VALUE_new_null(); + return ret; + } +-- +2.25.1 +
  98. Download patch debian/patches/0013-Use-the-correct-maximum-indent.patch

    --- 1.1.1d-2/debian/patches/0013-Use-the-correct-maximum-indent.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0013-Use-the-correct-maximum-indent.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,34 @@ +From c8d66837ad4f6b5be5b8b291753900de977f1dd1 Mon Sep 17 00:00:00 2001 +From: Kurt Roeckx <kurt@roeckx.be> +Date: Fri, 20 Sep 2019 20:26:42 +0200 +Subject: [PATCH 013/230] Use the correct maximum indent + +Found by OSS-Fuzz + +Reviewed-by: Richard Levitte <levitte@openssl.org> +Reviewed-by: Paul Dale <paul.dale@oracle.com> + +GH: #9959 +(cherry picked from commit a6105ef40d65b35818f2b8ae8ca9e57ca6956d1d) +--- + crypto/bio/b_dump.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c +index 0d06414e7d..45f1c523ce 100644 +--- a/crypto/bio/b_dump.c ++++ b/crypto/bio/b_dump.c +@@ -36,8 +36,8 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), + + if (indent < 0) + indent = 0; +- else if (indent > 128) +- indent = 128; ++ else if (indent > 64) ++ indent = 64; + + dump_width = DUMP_WIDTH_LESS_INDENT(indent); + rows = len / dump_width; +-- +2.25.1 +
  99. Download patch debian/libssl1.1.NEWS

    --- 1.1.1d-2/debian/libssl1.1.NEWS 2019-09-27 21:06:41.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/libssl1.1.NEWS 2020-01-08 17:17:41.000000000 +0000 @@ -1,30 +1,38 @@ -openssl (1.1.1-2) unstable; urgency=medium +openssl (1.1.1d-2ubuntu2) focal; urgency=medium - Following various security recommendations, the default minimum TLS version - has been changed from TLSv1 to TLSv1.2. Mozilla, Microsoft, Google and Apple - plan to do same around March 2020. - - The default security level for TLS connections has also be increased from - level 1 to level 2. This moves from the 80 bit security level to the 112 bit - security level and will require 2048 bit or larger RSA and DHE keys, 224 bit - or larger ECC keys, and SHA-2. - - The system wide settings can be changed in /etc/ssl/openssl.cnf. Applications - might also have a way to override the defaults. - - In the default /etc/ssl/openssl.cnf there is a MinProtocol and CipherString - line. The CipherString can also sets the security level. Information about the - security levels can be found in the SSL_CTX_set_security_level(3ssl) manpage. - The list of valid strings for the minimum protocol version can be found in - SSL_CONF_cmd(3ssl). Other information can be found in ciphers(1ssl) and - config(5ssl). + The default security level for TLS connections was increased from + level 1 to level 2. This moves from the 80 bit security level to the + 112 bit security level and will require 2048 bit or larger RSA and + DHE keys, 224 bit or larger ECC keys, SHA-2, TLSv1.2 or DTLSv1.2. + + The system wide settings can be changed in + /etc/ssl/openssl.cnf. Applications might also have a way to override + the defaults. + + In the default /etc/ssl/openssl.cnf one can add sections to specify + CipherString. The CipherString can be used to set the security + level. Information about the security levels can be found in the + SSL_CTX_set_security_level(3ssl) manpage. Other information can be + found in ciphers(1ssl) and config(5ssl). Changing back the defaults in /etc/ssl/openssl.cnf to previous system wide - defaults can be done using: - MinProtocol = None - CipherString = DEFAULT + defaults can be by adding at the top of the file: + + # System default + openssl_conf = default_conf + + and adding at the bottom of the file: + + [default_conf] + ssl_conf = ssl_sect + + [ssl_sect] + system_default = system_default_sect + + [system_default_sect] + CipherString = DEFAULT:@SECLEVEL=1 It's recommended that you contact the remote site in case the defaults cause problems. - -- Kurt Roeckx <kurt@roeckx.be> Sun, 28 Oct 2018 20:58:35 +0100 + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 08 Jan 2020 17:17:41 +0000 \ No newline at end of file
  100. Download patch debian/patches/0082-Add-more-tests-for-apps-req.patch

    --- 1.1.1d-2/debian/patches/0082-Add-more-tests-for-apps-req.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.1.1d-2ubuntu6/debian/patches/0082-Add-more-tests-for-apps-req.patch 2020-03-04 09:49:22.000000000 +0000 @@ -0,0 +1,161 @@ +From bd2931bf45bf35f1b3a3eb6ec4b4bb64fcdfdbfa Mon Sep 17 00:00:00 2001 +From: Nicola Tuveri <nic.tuv@gmail.com> +Date: Thu, 31 Oct 2019 17:17:31 +0200 +Subject: [PATCH 082/230] Add more tests for apps/req + +https://github.com/openssl/openssl/issues/10224#issuecomment-546593113 +highlighted that existing testing infrastructure is not covering common +usage patterns of the `req` app. + +This commit explicitly adds request generations thorugh the CLI using +RSA, DSA and ECDSA (P-256) keys. + +(cherry picked from commit b2a7310af0dd190712bae2e462a7708483dd4628) + +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/10369) +--- + test/recipes/25-test_req.t | 100 +++++++++++++++++++++++++++++-------- + 1 file changed, 80 insertions(+), 20 deletions(-) + +diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t +index 17a98dc9d1..cb30061fca 100644 +--- a/test/recipes/25-test_req.t ++++ b/test/recipes/25-test_req.t +@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; + + setup("test_req"); + +-plan tests => 9; ++plan tests => 12; + + require_ok(srctop_file('test','recipes','tconversion.pl')); + +@@ -46,24 +46,84 @@ ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2]))); + ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3]))); + ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3]))); + ++subtest "generating certificate requests with RSA" => sub { ++ plan tests => 2; ++ ++ SKIP: { ++ skip "RSA is not supported by this OpenSSL build", 2 ++ if disabled("rsa"); ++ ++ ok(run(app(["openssl", "req", ++ "-config", srctop_file("test", "test.cnf"), ++ "-new", "-out", "testreq.pem", "-utf8", ++ "-key", srctop_file("test", "testrsa.pem")])), ++ "Generating request"); ++ ++ ok(run(app(["openssl", "req", ++ "-config", srctop_file("test", "test.cnf"), ++ "-verify", "-in", "testreq.pem", "-noout"])), ++ "Verifying signature on request"); ++ } ++}; ++ ++subtest "generating certificate requests with DSA" => sub { ++ plan tests => 2; ++ ++ SKIP: { ++ skip "DSA is not supported by this OpenSSL build", 2 ++ if disabled("dsa"); ++ ++ ok(run(app(["openssl", "req", ++ "-config", srctop_file("test", "test.cnf"), ++ "-new", "-out", "testreq.pem", "-utf8", ++ "-key", srctop_file("test", "testdsa.pem")])), ++ "Generating request"); ++ ++ ok(run(app(["openssl", "req", ++ "-config", srctop_file("test", "test.cnf"), ++ "-verify", "-in", "testreq.pem", "-noout"])), ++ "Verifying signature on request"); ++ } ++}; ++ ++subtest "generating certificate requests with ECDSA" => sub { ++ plan tests => 2; ++ ++ SKIP: { ++ skip "ECDSA is not supported by this OpenSSL build", 2 ++ if disabled("ec"); ++ ++ ok(run(app(["openssl", "req", ++ "-config", srctop_file("test", "test.cnf"), ++ "-new", "-out", "testreq.pem", "-utf8", ++ "-key", srctop_file("test", "testec-p256.pem")])), ++ "Generating request"); ++ ++ ok(run(app(["openssl", "req", ++ "-config", srctop_file("test", "test.cnf"), ++ "-verify", "-in", "testreq.pem", "-noout"])), ++ "Verifying signature on request"); ++ } ++}; ++ + subtest "generating certificate requests" => sub { + plan tests => 2; + + ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), +- @req_new, "-out", "testreq.pem"])), ++ @req_new, "-out", "testreq.pem"])), + "Generating request"); + + ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), +- "-verify", "-in", "testreq.pem", "-noout"])), ++ "-verify", "-in", "testreq.pem", "-noout"])), + "Verifying signature on request"); + }; + + my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf")); + + run_conversion('req conversions', +- "testreq.pem"); ++ "testreq.pem"); + run_conversion('req conversions -- testreq2', +- srctop_file("test", "testreq2.pem")); ++ srctop_file("test", "testreq2.pem")); + + unlink "testkey.pem", "testreq.pem"; + +@@ -72,20 +132,20 @@ sub run_conversion { + my $reqfile = shift; + + subtest $title => sub { +- run(app(["openssl", @openssl_args, +- "-in", $reqfile, "-inform", "p", +- "-noout", "-text"], +- stderr => "req-check.err", stdout => undef)); +- open DATA, "req-check.err"; +- SKIP: { +- plan skip_all => "skipping req conversion test for $reqfile" +- if grep /Unknown Public Key/, map { s/\R//; } <DATA>; +- +- tconversion("req", $reqfile, @openssl_args); +- } +- close DATA; +- unlink "req-check.err"; +- +- done_testing(); ++ run(app(["openssl", @openssl_args, ++ "-in", $reqfile, "-inform", "p", ++ "-noout", "-text"], ++ stderr => "req-check.err", stdout => undef)); ++ open DATA, "req-check.err"; ++ SKIP: { ++ plan skip_all => "skipping req conversion test for $reqfile" ++ if grep /Unknown Public Key/, map { s/\R//; } <DATA>; ++ ++ tconversion("req", $reqfile, @openssl_args); ++ } ++ close DATA; ++ unlink "req-check.err"; ++ ++ done_testing(); + }; + } +-- +2.25.1 +
  101. ...

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: openssl-ibmca

openssl-ibmca (2.1.0-0ubuntu1) eoan; urgency=medium * New upstream release LP: #1836865 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 07 Oct 2019 11:30:34 +0100 openssl-ibmca (2.0.3-0ubuntu1) eoan; urgency=medium * New upstream release LP: #1826198 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 30 Apr 2019 12:34:27 +0100 openssl-ibmca (2.0.2-0ubuntu2) disco; urgency=medium * Rework error string init and exit. LP: #1819487 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 18 Mar 2019 15:03:08 +0000 openssl-ibmca (2.0.2-0ubuntu1) disco; urgency=medium * New upstream release LP: #1804233 LP: #1806483 * Drop dlopen-soname.patch, applied upstream. * Update watch file to github.com. -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 10 Dec 2018 11:21:56 +1100 openssl-ibmca (2.0.0-0ubuntu2) cosmic; urgency=medium * Disable test-suite, as it appears to fail on launchpad builders, yet passes locally when uncontained. -- Dimitri John Ledkov 🌈 <xnox@ubuntu.com> Fri, 15 Jun 2018 12:44:40 +0100 openssl-ibmca (2.0.0-0ubuntu1) cosmic; urgency=medium * New upstream release. LP: #1776209 * Update debian/copyright to Apache-2 -- Dimitri John Ledkov 🌈 <xnox@ubuntu.com> Thu, 14 Jun 2018 12:10:32 +0100 openssl-ibmca (1.4.1-0ubuntu1) bionic; urgency=medium * New upstream release * Update watch file to point at github * Build against openssl1.1 with openssl1.1 engine paths LP: #1747626 -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 23 Feb 2018 18:06:36 +0000 openssl-ibmca (1.4.0-0ubuntu2) bionic; urgency=high * No change rebuild against openssl1.1. -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 06 Feb 2018 17:54:51 +0000 openssl-ibmca (1.4.0-0ubuntu1) artful; urgency=medium * New upstream release * Drop patches applied upstream -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 28 Sep 2017 11:13:14 -0400 openssl-ibmca (1.3.0-0ubuntu5) artful; urgency=medium * Apply upstream patch to resolve crashes when libssl attempts to initialise engine a few times too many. LP: #1543455 -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 26 Jul 2017 08:48:51 +0100 openssl-ibmca (1.3.0-0ubuntu4) zesty; urgency=medium * Build against libica.so.3. -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 30 Nov 2016 10:24:29 +0000 openssl-ibmca (1.3.0-0ubuntu3) zesty; urgency=medium * Attempt to dlopen libica.so.2, if libica.so (or ctrl provided one) fails. LP: #1605511 * Add depends on libica2. -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 04 Oct 2016 15:25:59 +0100 openssl-ibmca (1.3.0-0ubuntu2) xenial; urgency=medium * Correct license information. LP: 1543682 * Add watch file. * Resolves LP: #1538864 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 15 Feb 2016 16:32:05 +0000 openssl-ibmca (1.3.0-0ubuntu1) xenial; urgency=medium * Initial release. -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 05 Feb 2016 06:16:50 +0000

Modifications :
  1. Download patch src/test/Makefile.linux

    --- 1.4.0-1/src/test/Makefile.linux 2017-09-08 17:54:06.000000000 +0000 +++ 2.1.0-0ubuntu1/src/test/Makefile.linux 2019-09-09 00:07:21.000000000 +0000 @@ -8,7 +8,7 @@ all: $(TARGETS) # Every target is created from a single .c file. %: %.c - gcc $(OPTS) -lica -lcrypto -o $@ $^ + gcc $(OPTS) -o $@ $^ -lica -lcrypto clean: rm -f $(TARGETS)
  2. Download patch README.md

    --- 1.4.0-1/README.md 2017-09-08 17:54:06.000000000 +0000 +++ 2.1.0-0ubuntu1/README.md 2019-09-09 00:07:21.000000000 +0000 @@ -8,14 +8,14 @@ cryptographic operations. The build requirements are: * openssl-devel >= 0.9.8 - * libica-devel >= 3.1.1 + * libica-devel >= 3.3.0 * autoconf * automake * libtool The runtime requirements are: * openssl >= 0.9.8 - * libica >= 3.1.1 + * libica >= 3.3.0 ## Installing @@ -27,8 +27,8 @@ $ sudo make install ``` This will configure, build and install the package in a default location, -which is `/usr/local/lib`. It means that the libibmca.so will be installed in -`/usr/local/lib/libibmca.so` by default. If you want to install it anywhere +which is `/usr/local/lib`. It means that the ibmca.so will be installed in +`/usr/local/lib/ibmca.so` by default. If you want to install it anywhere else, run "configure" passing the new location via prefix argument, for example: @@ -38,38 +38,11 @@ $ ./configure --prefix=/usr --libdir=/us ## Enabling IBMCA -Included in this package there is a sample `openssl.cnf` file -(`openssl.cnf.sample`), which can be used to turn on use of the IBMCA engine in -apps where OpenSSL config support is compiled in. - -In order to enable IBMCA, use the following instructions to apply the -configurations from `openssl.cnf.sample` to the `openssl.cnf` file installed -in the host by the OpenSSL package. **WARNING:** you may want to save the -original `openssl.cnf` file before changing it. - -In `openssl.cnf.sample`, the *dynamic_path* variable is set to the default -location, which is `/usr/local/lib/libibmca.so` by default. However, if the -libibmca.so library has been installed anywhere else, then update the -*dynamic_path* variable. +Apps with compiled-in OpenSSL config support can enable the engine via +an OpenSSL configuration file. Refer to config(5). A sample OpenSSL +configuration file (`openssl.cnf.sample`) is included in this package. -Locate where the `openssl.cnf` file has been installed in the host and append -the content of the `openssl.cnf.sample` file to it. - -``` -$ rpm -ql openssl | grep openssl.cnf -$ cat openssl.cnf.sample >> /path/to/openssl.cnf -``` - -In `openssl.cnf` file, move the *openssl_conf* variable from the bottom to the -top of the file, such as in the example below: - -``` -HOME = . -RANDFILE = $ENV::HOME/.rnd -openssl_conf = openssl_def -``` - -Finally, check if the IBMCA is now enabled. The command below should return the +If the engine is configured properly, the command below should return the IBMCA engine and all the supported cryptographic methods. ```
  3. Download patch src/ibmca_digest.c
  4. Download patch test/3des-cbc-test.pl

    --- 1.4.0-1/test/3des-cbc-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/3des-cbc-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("des-ede3-cbc", 24, 8);
  5. Download patch test/Makefile.am

    --- 1.4.0-1/test/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/Makefile.am 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,24 @@ +TESTS = \ +des-ecb-test.pl \ +des-cbc-test.pl \ +des-cfb-test.pl \ +des-ofb-test.pl \ +3des-ecb-test.pl \ +3des-cbc-test.pl \ +3des-cfb-test.pl \ +3des-ofb-test.pl \ +aes-128-ecb-test.pl \ +aes-128-cbc-test.pl \ +aes-128-cfb-test.pl \ +aes-128-ofb-test.pl \ +aes-192-ecb-test.pl \ +aes-192-cbc-test.pl \ +aes-192-cfb-test.pl \ +aes-192-ofb-test.pl \ +aes-256-ecb-test.pl \ +aes-256-cbc-test.pl \ +aes-256-cfb-test.pl \ +aes-256-ofb-test.pl + +AM_TESTS_ENVIRONMENT = export IBMCA_TEST_PATH=${top_builddir}/src/.libs/ibmca.so IBMCA_OPENSSL_TEST_CONF=${srcdir}/openssl-test.cnf PERL5LIB=${srcdir}; +EXTRA_DIST = ${TESTS} test.pm openssl-test.cnf
  6. Download patch test/aes-128-ofb-test.pl

    --- 1.4.0-1/test/aes-128-ofb-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/aes-128-ofb-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("aes-128-ofb", 16, 16);
  7. Download patch src/ibmca_cipher.c
  8. Download patch debian/README.source

    --- 1.4.0-1/debian/README.source 2017-09-20 14:18:57.000000000 +0000 +++ 2.1.0-0ubuntu1/debian/README.source 1970-01-01 00:00:00.000000000 +0000 @@ -1,64 +0,0 @@ -# OpenSSL-ibmca - -OpenSSL engine that uses the libica library under s390x to accelerate -cryptographic operations. - - -## Requirements - -The build requirements are: - * openssl-devel >= 0.9.8 - * libica-devel >= 3.1.1 - * autoconf - * automake - * libtool - -The runtime requirements are: - * openssl >= 0.9.8 - * libica >= 3.1.1 - - -## Installing - -``` -$ ./configure [--enable-debug] -$ make -$ sudo make install -``` - -This will configure, build and install the package in a default location, -which is `/usr/local/lib`. It means that the libibmca.so will be installed in -`/usr/local/lib/libibmca.so` by default. If you want to install it anywhere -else, run "configure" passing the new location via prefix argument, for -example: - -``` -$ ./configure --prefix=/usr --libdir=/usr/lib64/openssl/engines -``` - - -## Support - -To report a bug please submit a - [ticket](https://github.com/opencryptoki/openssl-ibmca/issues) including the - following information in the issue description: - -* bug description -* distro release -* openssl-ibmca package version -* libica package version -* steps to reproduce the bug - -Regarding technical or usage questions, send email to - [opencryptoki-tech]( - https://sourceforge.net/p/opencryptoki/mailman/opencryptoki-tech) or - [opencryptoki-users]( - https://sourceforge.net/p/opencryptoki/mailman/opencryptoki-users) - mailing list respectively. - - -## Contributing - -See [CONTRIBUTING.md](https://github.com/opencryptoki/openssl-ibmca/blob/master/CONTRIBUTING.md). - - -- Paulo Vital <pvital@gmail.com> Wed, 20 Sep 2017 11:10:45 -0300
  9. Download patch debian/rules

    --- 1.4.0-1/debian/rules 2017-09-20 14:18:57.000000000 +0000 +++ 2.1.0-0ubuntu1/debian/rules 2018-12-10 00:21:56.000000000 +0000 @@ -1,31 +1,15 @@ #!/usr/bin/make -f -# See debhelper(7) (uncomment to enable) -# output every command that modifies files on the build system. -#export DH_VERBOSE = 1 - -# see FEATURE AREAS in dpkg-buildflags(1) export DEB_BUILD_MAINT_OPTIONS = hardening=+all -# see ENVIRONMENT in dpkg-buildflags(1) -# package maintainers to append CFLAGS -#export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic -# package maintainers to append LDFLAGS -#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed - %: - dh $@ - -# dh_make generated override targets -# This is example for Cmake (See https://bugs.debian.org/641051 ) -#override_dh_auto_configure: -# dh_auto_configure -- # -DCMAKE_LIBRARY_PATH=$(DEB_HOST_MULTIARCH) + dh $@ --with autoreconf override_dh_auto_configure: - dh_auto_configure -- --libdir=/usr/lib/$(DEB_HOST_MULTIARCH)/openssl-1.0.2/engines/ + dh_auto_configure -- --libdir=/usr/lib/$(DEB_HOST_MULTIARCH)/engines-1.1 override_dh_auto_install: dh_auto_install - - # Remove useless files find debian -name '*.la' -delete +override_dh_auto_test: + -dh_auto_test
  10. Download patch src/ibmca_pkey.c
  11. Download patch test/openssl-test.cnf

    --- 1.4.0-1/test/openssl-test.cnf 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/openssl-test.cnf 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,20 @@ +openssl_conf = openssl_def + +[openssl_def] +engines = engine_section + +[engine_section] +ibmca = ibmca_section + +[ibmca_section] +dynamic_path = $ENV::IBMCA_TEST_PATH +engine_id = ibmca +init = 1 + +# OpenSSL < 1.1.0 +# ALL = RSA,DSA,DH,RAND,CIPHERS,DIGESTS,PKEY,ECDH,ECDSA +# PKEY = PKEY_CRYPTO,PKEY_ASN1 +# OpenSSL >= 1.1.0 +# ALL = RSA,DSA,DH,RAND,CIPHERS,DIGESTS,PKEY,EC +# PKEY = PKEY_CRYPTO,PKEY_ASN1 +default_algorithms = ALL
  12. Download patch debian/dirs

    --- 1.4.0-1/debian/dirs 2017-09-20 14:18:57.000000000 +0000 +++ 2.1.0-0ubuntu1/debian/dirs 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -usr/lib
  13. Download patch debian/patches/libica_soname.patch

    --- 1.4.0-1/debian/patches/libica_soname.patch 2017-09-20 14:18:57.000000000 +0000 +++ 2.1.0-0ubuntu1/debian/patches/libica_soname.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,15 +0,0 @@ -Description: Setting libica so name to libica.so.3 -Author: Paulo Vital <pvital@gmail.com> -Last-Update: 2017-09-20 - ---- a/src/e_ibmca.c -+++ b/src/e_ibmca.c -@@ -46,7 +46,7 @@ - #include "e_ibmca_err.h" - - #define IBMCA_LIB_NAME "ibmca engine" --#define LIBICA_SHARED_LIB "libica.so" -+#define LIBICA_SHARED_LIB "libica.so.3" - - #define AP_PATH "/sys/devices/ap" -
  14. Download patch src/openssl.cnf.sample

    --- 1.4.0-1/src/openssl.cnf.sample 2017-09-08 17:54:06.000000000 +0000 +++ 2.1.0-0ubuntu1/src/openssl.cnf.sample 2019-09-09 00:07:21.000000000 +0000 @@ -13,17 +13,14 @@ openssl_conf = openssl_def [openssl_def] engines = engine_section - [engine_section] ibmca = ibmca_section - [ibmca_section] - -# The openssl engine path for libibmca.so. -# Set the dynamic_path to where the libibmca.so engine +# The openssl engine path for ibmca.so. +# Set the dynamic_path to where the ibmca.so engine # resides on the system. -dynamic_path = /usr/local/lib/libibmca.so +dynamic_path = /usr/local/lib/ibmca.so engine_id = ibmca init = 1 @@ -36,17 +33,35 @@ init = 1 # RSA # - RSA encrypt, decrypt, sign and verify, key lengths 512-4096 # +# DH +# - DH key exchange +# +# DSA +# - DSA sign and verify +# # RAND # - Hardware random number generation # +# ECDSA (OpenSSL < 1.1.0) +# - Elliptic Curve DSA sign and verify +# +# ECDH (OpenSSL < 1.1.0) +# - Elliptic Curve DH key exchange +# +# EC (OpenSSL >= 1.1.0) +# - Elliptic Curve DSA sign and verify, Elliptic Curve DH key exchange +# # CIPHERS -# - DES-ECB, DES-CBC, DES-CFB, DES-OFB, DES-EDE3, DES-EDE3-CBC, DES-EDE3-CFB, -# DES-EDE3-OFB, AES-128-ECB, AES-128-CBC, AES-128-CFB, AES-128-OFB, -# AES-192-ECB, AES-192-CBC, AES-192-CFB, AES-192-OFB, AES-256-ECB, -# AES-256-CBC, AES-256-CFB, AES-256-OFB symmetric crypto +# - DES-ECB, DES-CBC, DES-CFB, DES-OFB, +# DES-EDE3, DES-EDE3-CBC, DES-EDE3-CFB, DES-EDE3-OFB, +# AES-128-ECB, AES-128-CBC, AES-128-CFB, AES-128-OFB, id-aes128-GCM, +# AES-192-ECB, AES-192-CBC, AES-192-CFB, AES-192-OFB, id-aes192-GCM, +# AES-256-ECB, AES-256-CBC, AES-256-CFB, AES-256-OFB, id-aes256-GCM ciphers # # DIGESTS # - SHA1, SHA256, SHA512 digests # +# PKEY_CRYPTO +# - X25519, X448, ED25519, ED448 default_algorithms = ALL -#default_algorithms = RAND,RSA,CIPHERS,DIGESTS +#default_algorithms = PKEY_CRYPTO,RAND,RSA,DH,DSA,CIPHERS,DIGESTS
  15. Download patch src/e_ibmca_err.c
  16. Download patch debian/control

    --- 1.4.0-1/debian/control 2017-09-20 14:18:57.000000000 +0000 +++ 2.1.0-0ubuntu1/debian/control 2018-12-10 00:21:56.000000000 +0000 @@ -1,17 +1,15 @@ Source: openssl-ibmca Priority: optional -Maintainer: Paulo Vital <pvital@gmail.com> -Build-Depends: debhelper (>= 10), dh-autoreconf, libica-dev, libssl-dev -Standards-Version: 4.0.0 +Maintainer: Dimitri John Ledkov <xnox@ubuntu.com> +Build-Depends: debhelper (>=10), libica-dev, libssl-dev +Standards-Version: 4.1.4 Section: libs -Homepage: https://github.com/opencryptoki/openssl-ibmca +Homepage: http://sourceforge.net/projects/opencryptoki/files/libica%20OpenSSL%20Engine Package: openssl-ibmca Architecture: s390 s390x Depends: libica3, ${shlibs:Depends}, ${misc:Depends} -Description: libica engine for OpenSSL - This package provides an OpenSSL engine to enable hardware acceleration - of cryptographic functions in OpenSSL, and all applications that use - OpenSSL. - . - This package is specific for s390x architecture. +Description: libica based hardware acceleration engine for OpenSSL + This package provides an OpenSSL engine to enable hardware + acceleration of cryptographic functions in OpenSSL, and all + applications that use OpenSSL.
  17. Download patch test/des-ecb-test.pl

    --- 1.4.0-1/test/des-ecb-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/des-ecb-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("des-ecb", 8, 0);
  18. Download patch test/aes-128-cfb-test.pl

    --- 1.4.0-1/test/aes-128-cfb-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/aes-128-cfb-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("aes-128-cfb", 16, 16);
  19. Download patch debian/examples

    --- 1.4.0-1/debian/examples 2017-09-20 14:18:57.000000000 +0000 +++ 2.1.0-0ubuntu1/debian/examples 2018-12-10 00:21:56.000000000 +0000 @@ -1 +1 @@ - src/openssl.cnf.sample +src/openssl.cnf.sample
  20. Download patch ibmca.map

    --- 1.4.0-1/ibmca.map 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/ibmca.map 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,9 @@ +IBMCA_2.0.0 { + global: + v_check; + bind_engine; + ENGINE_load_ibmca; + + local: + *; +};
  21. Download patch ChangeLog

    --- 1.4.0-1/ChangeLog 2017-09-08 17:54:06.000000000 +0000 +++ 2.1.0-0ubuntu1/ChangeLog 2019-09-09 00:07:21.000000000 +0000 @@ -1,3 +1,32 @@ +* openssl-ibmca 2.1.0 +- Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448 + +* openssl-ibmca 2.0.3 +- Add MSA9 CPACF support for ECDSA sign/verify + +* openssl-ibmca 2.0.2 +- Fix doing rsa-me, altough rsa-crt would be possible. + +* openssl-ibmca 2.0.1 +- Dont fail when a libica symbol cannot be resolved. + +* openssl-ibmca 2.0.0 +- Add ECC support. +- Add check and distcheck make-targets. +- Project cleanup, code was broken into multiple files and coding style cleanup. +- Improvements to compat macros for openssl. +- Don't disable libica sw fallbacks. +- Fix dlclose logic. + +* openssl-ibmca 1.4.1 +- Fix structure size for aes-256-ecb/cbc/cfb/ofb +- Update man page +- Switch to ibmca.so filename to allow standalone use +- Switch off Libica fallback mode if available +- Make sure ibmca_init only runs once +- Provide simple macro for DEBUG_PRINTF possibility +- Cleanup and slight rework of function set_supported_meths + * openssl-ibmca 1.4.0 - Re-license to Apache License v2.0 - Fix aes_gcm initialization.
  22. Download patch src/e_ibmca_err.h

    --- 1.4.0-1/src/e_ibmca_err.h 2017-09-08 17:54:06.000000000 +0000 +++ 2.1.0-0ubuntu1/src/e_ibmca_err.h 2019-09-09 00:07:21.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright [2005-2017] International Business Machines Corp. + * Copyright [2005-2018] International Business Machines Corp. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,9 +19,6 @@ #define HEADER_IBMCA_ERR_H /* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_IBMCA_strings(void); void ERR_unload_IBMCA_strings(void); void ERR_IBMCA_error(int function, int reason, char *file, int line); @@ -30,41 +27,74 @@ void ERR_IBMCA_error(int function, int r /* Error codes for the IBMCA functions. */ /* Function codes. */ -#define IBMCA_F_IBMCA_CTRL 100 -#define IBMCA_F_IBMCA_FINISH 101 -#define IBMCA_F_IBMCA_INIT 102 -#define IBMCA_F_IBMCA_MOD_EXP 103 -#define IBMCA_F_IBMCA_MOD_EXP_CRT 104 -#define IBMCA_F_IBMCA_RAND_BYTES 105 -#define IBMCA_F_IBMCA_RSA_MOD_EXP 106 -#define IBMCA_F_IBMCA_DES_CIPHER 107 -#define IBMCA_F_IBMCA_TDES_CIPHER 108 -#define IBMCA_F_IBMCA_SHA1_UPDATE 109 -#define IBMCA_F_IBMCA_SHA1_FINAL 110 -#define IBMCA_F_IBMCA_AES_128_CIPHER 111 -#define IBMCA_F_IBMCA_AES_192_CIPHER 112 -#define IBMCA_F_IBMCA_AES_256_CIPHER 113 -#define IBMCA_F_IBMCA_SHA256_UPDATE 114 -#define IBMCA_F_IBMCA_SHA256_FINAL 115 -#define IBMCA_F_IBMCA_SHA512_UPDATE 116 -#define IBMCA_F_IBMCA_SHA512_FINAL 117 +#define IBMCA_F_IBMCA_CTRL 100 +#define IBMCA_F_IBMCA_FINISH 101 +#define IBMCA_F_IBMCA_INIT 102 +#define IBMCA_F_IBMCA_MOD_EXP 103 +#define IBMCA_F_IBMCA_MOD_EXP_CRT 104 +#define IBMCA_F_IBMCA_RAND_BYTES 105 +#define IBMCA_F_IBMCA_RSA_MOD_EXP 106 +#define IBMCA_F_IBMCA_DES_CIPHER 107 +#define IBMCA_F_IBMCA_TDES_CIPHER 108 +#define IBMCA_F_IBMCA_SHA1_UPDATE 109 +#define IBMCA_F_IBMCA_SHA1_FINAL 110 +#define IBMCA_F_IBMCA_AES_128_CIPHER 111 +#define IBMCA_F_IBMCA_AES_192_CIPHER 112 +#define IBMCA_F_IBMCA_AES_256_CIPHER 113 +#define IBMCA_F_IBMCA_SHA256_UPDATE 114 +#define IBMCA_F_IBMCA_SHA256_FINAL 115 +#define IBMCA_F_IBMCA_SHA512_UPDATE 116 +#define IBMCA_F_IBMCA_SHA512_FINAL 117 +#define IBMCA_F_IBMCA_EC_KEY_GEN 120 +#define IBMCA_F_IBMCA_ECDH_COMPUTE_KEY 121 +#define IBMCA_F_IBMCA_ECDSA_SIGN 122 +#define IBMCA_F_IBMCA_ECDSA_SIGN_SIG 123 +#define IBMCA_F_IBMCA_ECDSA_DO_SIGN 124 +#define IBMCA_F_IBMCA_ECDSA_VERIFY 125 +#define IBMCA_F_IBMCA_ECDSA_VERIFY_SIG 126 +#define IBMCA_F_ICA_EC_KEY_NEW 127 +#define IBMCA_F_ICA_EC_KEY_INIT 128 +#define IBMCA_F_ICA_EC_KEY_GENERATE 129 +#define IBMCA_F_ICA_EC_KEY_GET_PUBLIC_KEY 130 +#define IBMCA_F_ICA_EC_KEY_GET_PRIVATE_KEY 131 +#define IBMCA_F_ICA_ECDH_DERIVE_SECRET 132 +#define IBMCA_F_ICA_ECDSA_SIGN 133 +#define IBMCA_F_ICA_ECDSA_VERIFY 134 +#define IBMCA_F_IBMCA_X25519_KEYGEN 140 +#define IBMCA_F_IBMCA_X25519_DERIVE 141 +#define IBMCA_F_IBMCA_X448_KEYGEN 142 +#define IBMCA_F_IBMCA_X448_DERIVE 143 +#define IBMCA_F_IBMCA_ED25519_KEYGEN 144 +#define IBMCA_F_IBMCA_ED448_KEYGEN 145 +#define IBMCA_F_IBMCA_ED25519_SIGN 146 +#define IBMCA_F_IBMCA_ED448_SIGN 147 +#define IBMCA_F_IBMCA_ED25519_VERIFY 148 +#define IBMCA_F_IBMCA_ED448_VERIFY 149 /* Reason codes. */ -#define IBMCA_R_ALREADY_LOADED 100 -#define IBMCA_R_BN_CTX_FULL 101 -#define IBMCA_R_BN_EXPAND_FAIL 102 -#define IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 -#define IBMCA_R_DSO_FAILURE 104 -#define IBMCA_R_MEXP_LENGTH_TO_LARGE 110 -#define IBMCA_R_MISSING_KEY_COMPONENTS 105 -#define IBMCA_R_NOT_INITIALISED 106 -#define IBMCA_R_NOT_LOADED 107 -#define IBMCA_R_OPERANDS_TO_LARGE 111 -#define IBMCA_R_OUTLEN_TO_LARGE 112 -#define IBMCA_R_REQUEST_FAILED 108 -#define IBMCA_R_UNDERFLOW_CONDITION 113 -#define IBMCA_R_UNDERFLOW_KEYRECORD 114 -#define IBMCA_R_UNIT_FAILURE 109 -#define IBMCA_R_CIPHER_MODE_NOT_SUPPORTED 115 +#define IBMCA_R_ALREADY_LOADED 100 +#define IBMCA_R_BN_CTX_FULL 101 +#define IBMCA_R_BN_EXPAND_FAIL 102 +#define IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 +#define IBMCA_R_DSO_FAILURE 104 +#define IBMCA_R_MEXP_LENGTH_TO_LARGE 110 +#define IBMCA_R_MISSING_KEY_COMPONENTS 105 +#define IBMCA_R_NOT_INITIALISED 106 +#define IBMCA_R_NOT_LOADED 107 +#define IBMCA_R_OPERANDS_TO_LARGE 111 +#define IBMCA_R_OUTLEN_TO_LARGE 112 +#define IBMCA_R_REQUEST_FAILED 108 +#define IBMCA_R_UNDERFLOW_CONDITION 113 +#define IBMCA_R_UNDERFLOW_KEYRECORD 114 +#define IBMCA_R_UNIT_FAILURE 109 +#define IBMCA_R_CIPHER_MODE_NOT_SUPPORTED 115 +#define IBMCA_R_EC_INVALID_PARM 120 +#define IBMCA_R_EC_UNSUPPORTED_CURVE 121 +#define IBMCA_R_EC_INTERNAL_ERROR 122 +#define IBMCA_R_EC_ICA_EC_KEY_INIT 123 +#define IBMCA_R_EC_CURVE_DOES_NOT_SUPPORT_SIGNING 159 +#define IBMCA_R_PKEY_INTERNAL_ERROR 160 +#define IBMCA_R_PKEY_KEYGEN_FAILED 161 +#define IBMCA_R_PKEY_KEYS_NOT_SET 162 #endif
  23. Download patch configure.ac

    --- 1.4.0-1/configure.ac 2017-09-08 17:54:06.000000000 +0000 +++ 2.1.0-0ubuntu1/configure.ac 2019-09-09 00:07:21.000000000 +0000 @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. # See autoconf and autoscan online documentation for details. -AC_INIT([openssl-ibmca], [1.4.0], [opencryptoki-users@lists.sf.net]) +AC_INIT([openssl-ibmca], [2.1.0], [opencryptoki-users@lists.sf.net]) AC_CONFIG_SRCDIR([src/e_ibmca.c]) # sanity check AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) @@ -23,16 +23,16 @@ fi # Checks for programs. AC_DISABLE_STATIC AC_PROG_CC -AC_PROG_LIBTOOL +LT_INIT # Checks for libraries. AC_CHECK_LIB([crypto], [RAND_add], [], AC_MSG_ERROR([*** openssl >= 0.9.8 is required ***])) -AC_CHECK_LIB([ica], [ica_get_functionlist], [], AC_MSG_ERROR([*** libica >= 2.4.0 is required ***])) +AC_CHECK_LIB([ica], [ica_get_functionlist], [], AC_MSG_ERROR([*** libica >= 3.3.0 is required ***])) # Checks for header files. AC_CHECK_HEADERS([arpa/inet.h fcntl.h malloc.h netdb.h netinet/in.h stddef.h stdlib.h \ string.h strings.h sys/ioctl.h sys/param.h sys/socket.h sys/time.h unistd.h]) -AC_CHECK_HEADER([ica_api.h], [], AC_MSG_ERROR([*** libica-devel >= 2.4.0 is required ***])) +AC_CHECK_HEADER([ica_api.h], [], AC_MSG_ERROR([*** libica-devel >= 3.3.0 is required ***])) # Checks for typedefs, structures, and compiler characteristics. @@ -44,12 +44,13 @@ AC_TYPE_SSIZE_T # Checks for library functions. AC_CHECK_FUNCS([gethostbyaddr gethostbyname memset strcasecmp strncasecmp strstr malloc]) AC_CHECK_DECLS([ICA_FLAG_DHW,ica_get_functionlist,ica_open_adapter,DES_ECB], [], - AC_MSG_ERROR([*** libica >= 2.4.0 and libica-devel >= 2.4.0 are required ***]), + AC_MSG_ERROR([*** libica >= 3.3.0 and libica-devel >= 3.3.0 are required ***]), [#include <ica_api.h>]) AC_CONFIG_FILES([ Makefile src/Makefile + test/Makefile src/doc/Makefile]) AC_OUTPUT
  24. Download patch src/ibmca_dsa.c

    --- 1.4.0-1/src/ibmca_dsa.c 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/src/ibmca_dsa.c 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,136 @@ +/* + * Copyright [2005-2018] International Business Machines Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <openssl/dsa.h> +#include "ibmca.h" + +#ifndef OPENSSL_NO_DSA + +/* This code was liberated and adapted from the commented-out code in + * dsa_ossl.c. Because of the unoptimised form of the Ibmca acceleration + * (it doesn't have a CRT form for RSA), this function means that an + * Ibmca system running with a DSA server certificate can handshake + * around 5 or 6 times faster/more than an equivalent system running with + * RSA. Just check out the "signs" statistics from the RSA and DSA parts + * of "openssl speed -engine ibmca dsa1024 rsa1024". */ +#ifdef OLDER_OPENSSL +static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, + BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, + BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) +#else +static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, const BIGNUM *a1, + const BIGNUM *p1, const BIGNUM *a2, + const BIGNUM *p2, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *in_mont) +#endif +{ + BIGNUM *t; + int to_return = 0; + + t = BN_new(); + /* let rr = a1 ^ p1 mod m */ + if (!ibmca_mod_exp(rr, a1, p1, m, ctx)) + goto end; + /* let t = a2 ^ p2 mod m */ + if (!ibmca_mod_exp(t, a2, p2, m, ctx)) + goto end; + /* let rr = rr * t mod m */ + if (!BN_mod_mul(rr, rr, t, m, ctx)) + goto end; + + to_return = 1; + +end: + BN_free(t); + + return to_return; +} + +#ifdef OLDER_OPENSSL +static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx) +#else +static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx) +#endif +{ + return ibmca_mod_exp(r, a, p, m, ctx); +} + + +#ifdef OLDER_OPENSSL +static DSA_METHOD dsa_m = { + "Ibmca DSA method", /* name */ + NULL, /* dsa_do_sign */ + NULL, /* dsa_sign_setup */ + NULL, /* dsa_do_verify */ + ibmca_dsa_mod_exp, /* dsa_mod_exp */ + ibmca_mod_exp_dsa, /* bn_mod_exp */ + NULL, /* init */ + NULL, /* finish */ + DSA_FLAG_FIPS_METHOD, /* flags */ + NULL /* app_data */ +}; + +DSA_METHOD *ibmca_dsa(void) +{ + const DSA_METHOD *meth1 = DSA_OpenSSL(); + + dsa_m.dsa_do_sign = meth1->dsa_do_sign; + dsa_m.dsa_sign_setup = meth1->dsa_sign_setup; + dsa_m.dsa_do_verify = meth1->dsa_do_verify; + + return &dsa_m; +} + +#else +static DSA_METHOD *dsa_m = NULL; +DSA_METHOD *ibmca_dsa(void) +{ + const DSA_METHOD *meth1; + DSA_METHOD *method; + + if (dsa_m != NULL) + goto done; + + if ((method = DSA_meth_new("Ibmca DSA method", 0)) == NULL + || (meth1 = DSA_OpenSSL()) == NULL + || !DSA_meth_set_sign(method, DSA_meth_get_sign(meth1)) + || !DSA_meth_set_sign_setup(method, DSA_meth_get_sign_setup(meth1)) + || !DSA_meth_set_verify(method, DSA_meth_get_verify(meth1)) + || !DSA_meth_set_mod_exp(method, ibmca_dsa_mod_exp) + || !DSA_meth_set_bn_mod_exp(method, ibmca_mod_exp_dsa) + || !DSA_meth_set_flags(method, DSA_FLAG_FIPS_METHOD)) { + DSA_meth_free(method); + method = NULL; + meth1 = NULL; + } + + dsa_m = method; + +done: + return dsa_m; +} + +void ibmca_dsa_destroy(void) +{ + DSA_meth_free(dsa_m); +} +#endif +#endif /* endif OPENSSL_NO_DSA */
  25. Download patch test/des-ofb-test.pl

    --- 1.4.0-1/test/des-ofb-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/des-ofb-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("des-ofb", 8, 8);
  26. Download patch test/aes-128-cbc-test.pl

    --- 1.4.0-1/test/aes-128-cbc-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/aes-128-cbc-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("aes-128-cbc", 16, 16);
  27. Download patch test/aes-256-ecb-test.pl

    --- 1.4.0-1/test/aes-256-ecb-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/aes-256-ecb-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("aes-256-ecb", 32, 0);
  28. Download patch test/aes-192-ecb-test.pl

    --- 1.4.0-1/test/aes-192-ecb-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/aes-192-ecb-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("aes-192-ecb", 24, 0);
  29. Download patch src/ibmca_rsa.c
  30. Download patch test/aes-256-ofb-test.pl

    --- 1.4.0-1/test/aes-256-ofb-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/aes-256-ofb-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("aes-256-ofb", 32, 16);
  31. Download patch test/aes-192-ofb-test.pl

    --- 1.4.0-1/test/aes-192-ofb-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/aes-192-ofb-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("aes-192-ofb", 24, 16);
  32. Download patch src/ibmca_dh.c

    --- 1.4.0-1/src/ibmca_dh.c 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/src/ibmca_dh.c 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,87 @@ +/* + * Copyright [2005-2018] International Business Machines Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <openssl/dh.h> +#include "ibmca.h" + +#ifndef OPENSSL_NO_DH + +/* This function is aliased to mod_exp (with the dh and mont dropped). */ +static int ibmca_mod_exp_dh(DH const *dh, BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) +{ + return ibmca_mod_exp(r, a, p, m, ctx); +} + + +#ifdef OLDER_OPENSSL +static DH_METHOD dh_m = { + "Ibmca DH method", /* name */ + NULL, /* generate_key */ + NULL, /* compute_key */ + ibmca_mod_exp_dh, /* bn_mod_exp */ + NULL, /* init */ + NULL, /* finish */ + DH_FLAG_FIPS_METHOD, /* flags */ + NULL /* app_data */ +}; + +DH_METHOD *ibmca_dh(void) +{ + const DH_METHOD *meth1 = DH_OpenSSL(); + + dh_m.generate_key = meth1->generate_key; + dh_m.compute_key = meth1->compute_key; + + return &dh_m; +} + +#else +static DH_METHOD *dh_m = NULL; +DH_METHOD *ibmca_dh(void) +{ + const DH_METHOD *meth1; + DH_METHOD *method; + + if (dh_m != NULL) + goto done; + + if ((method = DH_meth_new("Ibmca DH method", 0)) == NULL + || (meth1 = DH_OpenSSL()) == NULL + || !DH_meth_set_generate_key(method, DH_meth_get_generate_key(meth1)) + || !DH_meth_set_compute_key(method, DH_meth_get_compute_key(meth1)) + || !DH_meth_set_bn_mod_exp(method, ibmca_mod_exp_dh) + || !DH_meth_set_flags(method, DH_FLAG_FIPS_METHOD)) { + DH_meth_free(method); + method = NULL; + meth1 = NULL; + } + + dh_m = method; + +done: + return dh_m; +} + +void ibmca_dh_destroy(void) +{ + DH_meth_free(dh_m); +} +#endif + +#endif /* end OPENSSL_NO_DH */
  33. Download patch src/test/ibmca_mechaList_test.c
  34. Download patch test/test.pm

    --- 1.4.0-1/test/test.pm 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/test.pm 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,47 @@ +#!/usr/bin/env perl + +use strict; +use warnings; + +package test; + +sub cipher { + my $tests = 50; + my $max_file_size = 1024; + my $eng = "OPENSSL_CONF=$ENV{IBMCA_OPENSSL_TEST_CONF}"; + my @hex = ("a".."f", "0".."9"); + + my ($cipher,$keylen,$ivlen) = @_; + + # skip if engine not loaded + exit(77) unless (`$eng openssl engine -c` =~ m/ibmca/); + + for my $i (1..$tests) { + my $bytes = 1 + int(rand($max_file_size)); + my $key = ""; + $key .= $hex[rand(@hex)] for (1..$keylen); + my $iv = ""; + if ($ivlen > 0) { + $iv .= $hex[rand(@hex)] for (1..$ivlen); + $iv = "-iv $iv"; + } + + # engine enc, no-engine dec + `openssl rand $bytes > data.in`; + `$eng openssl $cipher -e -K $key $iv -in data.in -out data.enc`; + `openssl $cipher -d -K $key $iv -in data.enc -out data.dec`; + `cmp data.in data.dec`; + exit(1) if ($?); + + # no-engine enc, engine dec + `openssl rand $bytes > data.in`; + `openssl $cipher -e -K $key $iv -in data.in -out data.enc`; + `$eng openssl $cipher -d -K $key $iv -in data.enc -out data.dec`; + `cmp data.in data.dec`; + exit(1) if ($?); + } + + `rm -f data.in data.enc data.dec`; +} + +1;
  35. Download patch src/Makefile.am

    --- 1.4.0-1/src/Makefile.am 2017-09-08 17:54:06.000000000 +0000 +++ 2.1.0-0ubuntu1/src/Makefile.am 2019-09-09 00:07:21.000000000 +0000 @@ -1,10 +1,22 @@ -lib_LTLIBRARIES=libibmca.la +VERSION = 2:1:0 -libibmca_la_SOURCES=e_ibmca.c e_ibmca_err.c -libibmca_la_LIBADD=-ldl -libibmca_la_LDFLAGS=-module -version-info 0:2:0 -shared -no-undefined -avoid-version +lib_LTLIBRARIES=ibmca.la -dist_libibmca_la_SOURCES=e_ibmca_err.h e_os.h cryptlib.h +ibmca_la_SOURCES=e_ibmca.c \ + e_ibmca_err.c \ + ibmca_cipher.c \ + ibmca_digest.c \ + ibmca_rsa.c \ + ibmca_dsa.c \ + ibmca_dh.c \ + ibmca_ec.c \ + ibmca_pkey.c + +ibmca_la_LIBADD=-ldl +ibmca_la_LDFLAGS=-module -version-number ${VERSION} -shared -no-undefined \ + -avoid-version -Wl,--version-script=${srcdir}/../ibmca.map + +dist_ibmca_la_SOURCES=ibmca.h e_ibmca_err.h EXTRA_DIST = openssl.cnf.sample ACLOCAL_AMFLAGS = -I m4
  36. Download patch test/des-cfb-test.pl

    --- 1.4.0-1/test/des-cfb-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/des-cfb-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("des-cfb", 8, 8);
  37. Download patch test/3des-ecb-test.pl

    --- 1.4.0-1/test/3des-ecb-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/3des-ecb-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("des-ede3", 24, 0);
  38. Download patch src/e_ibmca.c
  39. Download patch debian/watch

    --- 1.4.0-1/debian/watch 2017-09-20 14:18:57.000000000 +0000 +++ 2.1.0-0ubuntu1/debian/watch 2018-12-10 00:21:56.000000000 +0000 @@ -1,4 +1,4 @@ version=4 -opts="mode=git, pgpmode=none" \ -https://github.com/opencryptoki/openssl-ibmca.git refs/tags/v?(.*) \ -debian /bin/sh uupdate +opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%openssl-ibmca-$1.tar.gz%" \ + https://github.com/opencryptoki/openssl-ibmca/tags \ + (?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
  40. Download patch test/des-cbc-test.pl

    --- 1.4.0-1/test/des-cbc-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/des-cbc-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("des-cbc", 8, 8);
  41. Download patch debian/patches/series

    --- 1.4.0-1/debian/patches/series 2017-09-20 13:40:30.000000000 +0000 +++ 2.1.0-0ubuntu1/debian/patches/series 2019-04-30 11:34:27.000000000 +0000 @@ -1,2 +1 @@ openssl-config.patch -libica_soname.patch
  42. Download patch test/aes-256-cfb-test.pl

    --- 1.4.0-1/test/aes-256-cfb-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/aes-256-cfb-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("aes-256-cfb", 32, 16);
  43. Download patch test/aes-192-cfb-test.pl

    --- 1.4.0-1/test/aes-192-cfb-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/aes-192-cfb-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("aes-192-cfb", 24, 16);
  44. Download patch debian/README.Debian

    --- 1.4.0-1/debian/README.Debian 2017-09-20 14:18:57.000000000 +0000 +++ 2.1.0-0ubuntu1/debian/README.Debian 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ -openssl-ibmca for Debian ------------------------ - -In order to enable IBMCA, use the following instructions to apply the -configurations from `openssl.cnf.sample` to the `openssl.cnf` file installed -in the host by the OpenSSL package. **WARNING:** you may want to save the -original `openssl.cnf` file before changing it. - -In `openssl.cnf.sample`, the *dynamic_path* variable is set to the default -location in Debian, which is -/usr/lib/s390x-linux-gnu/openssl-1.0.2/engine/libibmca.so - -Append the `openssl.cnf.sample` file to it `/etc/ssl/openssl.cnf` file; - -``` -$ cat /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample >> /etc/ssl/openssl.cnf -``` - -In `openssl.cnf` file, move the *openssl_conf* variable from the bottom to the -top of the file, such as in the example below: - -``` -HOME = . -RANDFILE = $ENV::HOME/.rnd -openssl_conf = openssl_def -``` - -Finally, check if the IBMCA is now enabled. The command below should return the -IBMCA engine and all the supported cryptographic methods. - -``` -$ openssl engine -c -(dynamic) Dynamic engine loading support -(ibmca) Ibmca hardware engine support -[RAND, DES-ECB, DES-CBC, DES-OFB, DES-CFB, DES-EDE3, DES-EDE3-CBC, DES-EDE3-OFB, - DES-EDE3-CFB, AES-128-ECB, AES-192-ECB, AES-256-ECB, AES-128-CBC, AES-192-CBC, - AES-256-CBC, AES-128-OFB, AES-192-OFB, AES-256-OFB, AES-128-CFB, AES-192-CFB, - AES-256-CFB, id-aes128-GCM, id-aes192-GCM, id-aes256-GCM, SHA1, SHA256, SHA512] -$ -``` - - -- Paulo Vital <pvital@gmail.com> Wed, 20 Sep 2017 10:47:45 -0300
  45. Download patch test/3des-ofb-test.pl

    --- 1.4.0-1/test/3des-ofb-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/3des-ofb-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("des-ede3-ofb", 24, 8);
  46. Download patch debian/patches/openssl-config.patch

    --- 1.4.0-1/debian/patches/openssl-config.patch 2017-09-20 14:18:57.000000000 +0000 +++ 2.1.0-0ubuntu1/debian/patches/openssl-config.patch 2018-12-10 00:21:56.000000000 +0000 @@ -1,15 +1,14 @@ -Description: correct engine location to the multiarch location -Author: Paulo Vital <pvital@gmail.com> -Last-Update: 2017-09-20 - +Description: correct engine location to the multiarch locationIndex: openssl-ibmca-1.3.0/src/openssl.cnf.sample +=================================================================== --- a/src/openssl.cnf.sample +++ b/src/openssl.cnf.sample -@@ -23,7 +23,7 @@ - # The openssl engine path for libibmca.so. - # Set the dynamic_path to where the libibmca.so engine +@@ -23,7 +23,8 @@ + # The openssl engine path for ibmca.so. + # Set the dynamic_path to where the ibmca.so engine # resides on the system. --dynamic_path = /usr/local/lib/libibmca.so -+dynamic_path = /usr/lib/s390x-linux-gnu/openssl-1.0.2/engines/libibmca.so +-dynamic_path = /usr/local/lib/ibmca.so ++dynamic_path = /usr/lib/s390x-linux-gnu/engines-1.1/ibmca.so ++ engine_id = ibmca init = 1
  47. Download patch src/ibmca_ec.c
  48. Download patch test/aes-256-cbc-test.pl

    --- 1.4.0-1/test/aes-256-cbc-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/aes-256-cbc-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("aes-256-cbc", 32, 16);
  49. Download patch test/aes-192-cbc-test.pl

    --- 1.4.0-1/test/aes-192-cbc-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/aes-192-cbc-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("aes-192-cbc", 24, 16);
  50. Download patch debian/docs

    --- 1.4.0-1/debian/docs 2017-09-20 14:18:57.000000000 +0000 +++ 2.1.0-0ubuntu1/debian/docs 1970-01-01 00:00:00.000000000 +0000 @@ -1,2 +0,0 @@ -debian/README.source -debian/README.Debian
  51. Download patch src/doc/ibmca.man

    --- 1.4.0-1/src/doc/ibmca.man 2017-09-08 17:54:06.000000000 +0000 +++ 2.1.0-0ubuntu1/src/doc/ibmca.man 2019-09-09 00:07:21.000000000 +0000 @@ -7,8 +7,7 @@ accelerate cryptographic operations. .SH DESCRIPTION IBMCA accelerates cryptographic operations of applications that use OpenSSL. -The engine can be configured by the IBMCA configuration file. The OpenSSL -configuration file is only needed to attach the engine. +The engine can be configured by the OpenSSL configuration file. .SS openssl.cnf The OpenSSL configuration file can have an IBMCA section. This section includes @@ -25,7 +24,7 @@ discover control commands. Options for the IBMCA section in openssl.cnf: .PP dynamic_path = -.I /path/to/libibmca.so +.I /path/to/ibmca.so .RS Set the path to the IBMCA shared object file allowing OpenSSL to find the file. .RE
  52. Download patch test/3des-cfb-test.pl

    --- 1.4.0-1/test/3des-cfb-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/3des-cfb-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("des-ede3-cfb", 24, 8);
  53. Download patch test/aes-128-ecb-test.pl

    --- 1.4.0-1/test/aes-128-ecb-test.pl 1970-01-01 00:00:00.000000000 +0000 +++ 2.1.0-0ubuntu1/test/aes-128-ecb-test.pl 2019-09-09 00:07:21.000000000 +0000 @@ -0,0 +1,7 @@ +#!/usr/bin/env perl + +use strict; +use warnings; +use test; + +test::cipher("aes-128-ecb", 16, 0);
  54. Download patch Makefile.am

    --- 1.4.0-1/Makefile.am 2017-09-08 17:54:06.000000000 +0000 +++ 2.1.0-0ubuntu1/Makefile.am 2019-09-09 00:07:21.000000000 +0000 @@ -1,4 +1,4 @@ ACLOCAL_AMFLAGS = -I m4 -SUBDIRS = src +SUBDIRS = src test -EXTRA_DIST = openssl-ibmca.spec bootstrap.sh cleanup.sh +EXTRA_DIST = openssl-ibmca.spec bootstrap.sh cleanup.sh
  55. Download patch src/ibmca.h
  56. Download patch openssl-ibmca.spec

    --- 1.4.0-1/openssl-ibmca.spec 2017-09-08 17:54:06.000000000 +0000 +++ 2.1.0-0ubuntu1/openssl-ibmca.spec 2019-09-09 00:07:21.000000000 +0000 @@ -1,19 +1,17 @@ +%global enginesdir %(pkg-config --variable=enginesdir libcrypto) + Name: openssl-ibmca -Version: 1.4.0 -Release: 0 +Version: 2.1.0 +Release: 1%{?dist} Summary: An IBMCA OpenSSL dynamic engine -Group: Hardware/Other License: ASL 2.0 -Source: https://github.com/opencryptoki/%{name}/archive/v%{version}.tar.gz +URL: https://github.com/opencryptoki/openssl-ibmca +Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz -BuildRequires: openssl-devel >= 0.9.8, - libica-devel >= 3.1.1, - autoconf, - automake, - libtool -Requires: openssl >= 0.9.8, - libica >= 3.1.1 +Requires: openssl >= 0.9.8 libica >= 3.3.0 +BuildRequires: openssl-devel >= 0.9.8 libica-devel >= 3.3.0 +BuildRequires: autoconf automake libtool ExclusiveArch: s390 s390x @@ -22,28 +20,58 @@ This package contains a shared object Op to libica, a library enabling the IBM s390/x CPACF crypto instructions. %prep -%setup -q +%setup -q -n %{name}-%{version} + +./bootstrap.sh %build -%configure -make +%configure --libdir=%{enginesdir} +%make_build %install -%makeinstall -rm -f $RPM_BUILD_ROOT%{_libdir}/libibmca.la -mkdir -p $RPM_BUILD_ROOT%{_libdir}/openssl/engines -mv $RPM_BUILD_ROOT%{_libdir}/lib* $RPM_BUILD_ROOT%{_libdir}/openssl/engines +%make_install +rm -f $RPM_BUILD_ROOT%{enginesdir}/ibmca.la -%post -p /sbin/ldconfig +pushd src +sed -e 's|/usr/local/lib|%{_libdir}/openssl/engines|' openssl.cnf.sample > openssl.cnf.sample.%{_arch} +popd -%postun -p /sbin/ldconfig %files -%doc README INSTALL src/openssl.cnf.sample -%{_mandir}/man5/* -%{_libdir}/openssl/engines/* +%license LICENSE +%doc ChangeLog README.md src/openssl.cnf.sample.%{_arch} +%{enginesdir}/ibmca.so +%{_mandir}/man5/ibmca.5* %changelog +* Mon Sep 09 2019 Patrick Steuer <patrick.steuer@de.ibm.com> 2.1.0 +- Update Version + +* Tue Apr 23 2019 Patrick Steuer <patrick.steuer@de.ibm.com> 2.0.3 +- Update Version + +* Tue Nov 27 2018 Patrick Steuer <patrick.steuer@de.ibm.com> 2.0.2 +- Update Version + +* Thu Nov 08 2018 Patrick Steuer <patrick.steuer@de.ibm.com> 2.0.1 +- Update Version + +* Wed Jun 06 2018 Eduardo Barretto <ebarretto@linux.vnet.ibm.com> 2.0.0 +- Update Version +- Update libica version required for building ibmca + +* Wed Feb 21 2018 Eduardo Barretto <ebarretto@linux.vnet.ibm.com> 1.4.1 +- Updated to 1.4.1 + +* Thu Jan 25 2018 Eduardo Barretto <ebarretto@linux.vnet.ibm.com> +- Update engine filename +- Spec cleanup + +* Thu Oct 26 2017 Patrick Steuer <patrick.steuer@de.ibm.com> +- Fix build warning about comma and newlines +- Remove INSTALL file from doc +- Fix README name on doc + * Fri Sep 8 2017 Paulo Vital <pvital@linux.vnet.ibm.com> 1.4.0 - Update new License - Update Source and URL pointing to GitHub
  57. Download patch debian/copyright

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: r-cran-openssl

r-cran-openssl (1.4.1+dfsg-2ubuntu1) focal; urgency=medium * Merge from Debian unstable. Remaining changes: - Disable test_google.R, which requires network access. -- Logan Rosen <logan@ubuntu.com> Sun, 16 Feb 2020 17:26:00 -0500

Modifications :
  1. Download patch debian/control

    --- 1.4.1+dfsg-2/debian/control 2019-08-17 09:27:53.000000000 +0000 +++ 1.4.1+dfsg-2ubuntu1/debian/control 2019-08-17 17:20:13.000000000 +0000 @@ -1,5 +1,6 @@ Source: r-cran-openssl -Maintainer: Debian R Packages Maintainers <r-pkg-team@alioth-lists.debian.net> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Debian R Packages Maintainers <r-pkg-team@alioth-lists.debian.net> Uploaders: Andreas Tille <tille@debian.org> Section: gnu-r Priority: optional
  2. Download patch debian/tests/run-unit-test

    --- 1.4.1+dfsg-2/debian/tests/run-unit-test 2019-08-17 09:27:53.000000000 +0000 +++ 1.4.1+dfsg-2ubuntu1/debian/tests/run-unit-test 2019-08-17 17:20:14.000000000 +0000 @@ -8,5 +8,6 @@ if [ "$ADTTMP" = "" ] ; then fi cd $ADTTMP cp -a /usr/share/doc/${pkg}/tests/* $ADTTMP +rm -f testthat/test_google.R LC_ALL=C R --no-save < testthat.R rm -fr $ADTTMP/*
  1. openssl
  2. openssl-ibmca
  3. r-cran-openssl