gentoo resync : 06.08.2019

3 files changed, 19 insertions, 273 deletions

diff --git a/dev-libs/openssl/files/openssl-1.1.0k-fix-test_fuzz.patch b/dev-libs/openssl/files/openssl-1.1.0k-fix-test_fuzz.patch
new file mode 100644
index 000000000000..2c4cc31257ca
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.0k-fix-test_fuzz.patch
@@ -0,0 +1,19 @@
+Test fuzz was forgotten when
+
+   Perl: Use our own globbing wrapper rather than File::Glob::glob
+
+was backported to openssl-1.1.0 branch.
+
+Link: https://github.com/openssl/openssl/commit/b81cfa07ada850fd287d0a0c82ba280907f18ce7
+
+--- a/test/recipes/90-test_fuzz.t
++++ b/test/recipes/90-test_fuzz.t
+@@ -9,7 +9,7 @@
+ use strict;
+ use warnings;
+ 
+-use if $^O ne "VMS", 'File::Glob' => qw/glob/;
++use OpenSSL::Glob;
+ use OpenSSL::Test qw/:DEFAULT srctop_file/;
+ use OpenSSL::Test::Utils;
+ 
diff --git a/dev-libs/openssl/files/openssl-1.1.1b-CVE-2019-1543.patch b/dev-libs/openssl/files/openssl-1.1.1b-CVE-2019-1543.patch
deleted file mode 100644
index 4d478c484c90..000000000000
--- a/dev-libs/openssl/files/openssl-1.1.1b-CVE-2019-1543.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From f426625b6ae9a7831010750490a5f0ad689c5ba3 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 5 Mar 2019 14:39:15 +0000
-Subject: [PATCH] Prevent over long nonces in ChaCha20-Poly1305
-
-ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
-every encryption operation. RFC 7539 specifies that the nonce value (IV)
-should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and
-front pads the nonce with 0 bytes if it is less than 12 bytes. However it
-also incorrectly allows a nonce to be set of up to 16 bytes. In this case
-only the last 12 bytes are significant and any additional leading bytes are
-ignored.
-
-It is a requirement of using this cipher that nonce values are unique.
-Messages encrypted using a reused nonce value are susceptible to serious
-confidentiality and integrity attacks. If an application changes the
-default nonce length to be longer than 12 bytes and then makes a change to
-the leading bytes of the nonce expecting the new value to be a new unique
-nonce then such an application could inadvertently encrypt messages with a
-reused nonce.
-
-Additionally the ignored bytes in a long nonce are not covered by the
-integrity guarantee of this cipher. Any application that relies on the
-integrity of these ignored leading bytes of a long nonce may be further
-affected.
-
-Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe
-because no such use sets such a long nonce value. However user
-applications that use this cipher directly and set a non-default nonce
-length to be longer than 12 bytes may be vulnerable.
-
-CVE-2019-1543
-
-Fixes #8345
-
-Reviewed-by: Paul Dale <paul.dale@oracle.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/8406)
-
-(cherry picked from commit 2a3d0ee9d59156c48973592331404471aca886d6)
----
- crypto/evp/e_chacha20_poly1305.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
-index c1917bb86a6..d3e2c622a1b 100644
---- a/crypto/evp/e_chacha20_poly1305.c
-+++ b/crypto/evp/e_chacha20_poly1305.c
-@@ -30,6 +30,8 @@ typedef struct {
- 
- #define data(ctx)   ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
- 
-+#define CHACHA20_POLY1305_MAX_IVLEN     12
-+
- static int chacha_init_key(EVP_CIPHER_CTX *ctx,
-                            const unsigned char user_key[CHACHA_KEY_SIZE],
-                            const unsigned char iv[CHACHA_CTR_SIZE], int enc)
-@@ -533,7 +535,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
-         return 1;
- 
-     case EVP_CTRL_AEAD_SET_IVLEN:
--        if (arg <= 0 || arg > CHACHA_CTR_SIZE)
-+        if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
-             return 0;
-         actx->nonce_len = arg;
-         return 1;
diff --git a/dev-libs/openssl/files/openssl-1.1.1b-ec-curves-patch.patch b/dev-libs/openssl/files/openssl-1.1.1b-ec-curves-patch.patch
deleted file mode 100644
index c1f53c838230..000000000000
--- a/dev-libs/openssl/files/openssl-1.1.1b-ec-curves-patch.patch
+++ /dev/null
@@ -1,207 +0,0 @@
-Based on openssl-1.1.1-ec-curves.patch.
-
-Updated for OpenSSL change b6d41ff73392df5af9c931c902ae4cd75c5b61ea.
-
---- a/apps/speed.c
-+++ b/apps/speed.c
-@@ -489,82 +489,28 @@ static const OPT_PAIR rsa_choices[] = {
- static double rsa_results[RSA_NUM][2];  /* 2 ops: sign then verify */
- #endif /* OPENSSL_NO_RSA */
- 
--#define R_EC_P160    0
--#define R_EC_P192    1
--#define R_EC_P224    2
--#define R_EC_P256    3
--#define R_EC_P384    4
--#define R_EC_P521    5
--#define R_EC_K163    6
--#define R_EC_K233    7
--#define R_EC_K283    8
--#define R_EC_K409    9
--#define R_EC_K571    10
--#define R_EC_B163    11
--#define R_EC_B233    12
--#define R_EC_B283    13
--#define R_EC_B409    14
--#define R_EC_B571    15
--#define R_EC_BRP256R1  16
--#define R_EC_BRP256T1  17
--#define R_EC_BRP384R1  18
--#define R_EC_BRP384T1  19
--#define R_EC_BRP512R1  20
--#define R_EC_BRP512T1  21
--#define R_EC_X25519  22
--#define R_EC_X448    23
-+#define R_EC_P224    0
-+#define R_EC_P256    1
-+#define R_EC_P384    2
-+#define R_EC_P521    3
-+#define R_EC_X25519  4
-+#define R_EC_X448    5
- #ifndef OPENSSL_NO_EC
- static OPT_PAIR ecdsa_choices[] = {
--    {"ecdsap160", R_EC_P160},
--    {"ecdsap192", R_EC_P192},
-     {"ecdsap224", R_EC_P224},
-     {"ecdsap256", R_EC_P256},
-     {"ecdsap384", R_EC_P384},
-     {"ecdsap521", R_EC_P521},
--    {"ecdsak163", R_EC_K163},
--    {"ecdsak233", R_EC_K233},
--    {"ecdsak283", R_EC_K283},
--    {"ecdsak409", R_EC_K409},
--    {"ecdsak571", R_EC_K571},
--    {"ecdsab163", R_EC_B163},
--    {"ecdsab233", R_EC_B233},
--    {"ecdsab283", R_EC_B283},
--    {"ecdsab409", R_EC_B409},
--    {"ecdsab571", R_EC_B571},
--    {"ecdsabrp256r1", R_EC_BRP256R1},
--    {"ecdsabrp256t1", R_EC_BRP256T1},
--    {"ecdsabrp384r1", R_EC_BRP384R1},
--    {"ecdsabrp384t1", R_EC_BRP384T1},
--    {"ecdsabrp512r1", R_EC_BRP512R1},
--    {"ecdsabrp512t1", R_EC_BRP512T1}
- };
- # define ECDSA_NUM       OSSL_NELEM(ecdsa_choices)
- 
- static double ecdsa_results[ECDSA_NUM][2];    /* 2 ops: sign then verify */
- 
- static const OPT_PAIR ecdh_choices[] = {
--    {"ecdhp160", R_EC_P160},
--    {"ecdhp192", R_EC_P192},
-     {"ecdhp224", R_EC_P224},
-     {"ecdhp256", R_EC_P256},
-     {"ecdhp384", R_EC_P384},
-     {"ecdhp521", R_EC_P521},
--    {"ecdhk163", R_EC_K163},
--    {"ecdhk233", R_EC_K233},
--    {"ecdhk283", R_EC_K283},
--    {"ecdhk409", R_EC_K409},
--    {"ecdhk571", R_EC_K571},
--    {"ecdhb163", R_EC_B163},
--    {"ecdhb233", R_EC_B233},
--    {"ecdhb283", R_EC_B283},
--    {"ecdhb409", R_EC_B409},
--    {"ecdhb571", R_EC_B571},
--    {"ecdhbrp256r1", R_EC_BRP256R1},
--    {"ecdhbrp256t1", R_EC_BRP256T1},
--    {"ecdhbrp384r1", R_EC_BRP384R1},
--    {"ecdhbrp384t1", R_EC_BRP384T1},
--    {"ecdhbrp512r1", R_EC_BRP512R1},
--    {"ecdhbrp512t1", R_EC_BRP512T1},
-     {"ecdhx25519", R_EC_X25519},
-     {"ecdhx448", R_EC_X448}
- };
-@@ -1495,29 +1441,10 @@ int speed_main(int argc, char **argv)
-         unsigned int bits;
-     } test_curves[] = {
-         /* Prime Curves */
--        {"secp160r1", NID_secp160r1, 160},
--        {"nistp192", NID_X9_62_prime192v1, 192},
-         {"nistp224", NID_secp224r1, 224},
-         {"nistp256", NID_X9_62_prime256v1, 256},
-         {"nistp384", NID_secp384r1, 384},
-         {"nistp521", NID_secp521r1, 521},
--        /* Binary Curves */
--        {"nistk163", NID_sect163k1, 163},
--        {"nistk233", NID_sect233k1, 233},
--        {"nistk283", NID_sect283k1, 283},
--        {"nistk409", NID_sect409k1, 409},
--        {"nistk571", NID_sect571k1, 571},
--        {"nistb163", NID_sect163r2, 163},
--        {"nistb233", NID_sect233r1, 233},
--        {"nistb283", NID_sect283r1, 283},
--        {"nistb409", NID_sect409r1, 409},
--        {"nistb571", NID_sect571r1, 571},
--        {"brainpoolP256r1", NID_brainpoolP256r1, 256},
--        {"brainpoolP256t1", NID_brainpoolP256t1, 256},
--        {"brainpoolP384r1", NID_brainpoolP384r1, 384},
--        {"brainpoolP384t1", NID_brainpoolP384t1, 384},
--        {"brainpoolP512r1", NID_brainpoolP512r1, 512},
--        {"brainpoolP512t1", NID_brainpoolP512t1, 512},
-         /* Other and ECDH only ones */
-         {"X25519", NID_X25519, 253},
-         {"X448", NID_X448, 448}
-@@ -2017,9 +1944,9 @@ int speed_main(int argc, char **argv)
- #  endif
- 
- #  ifndef OPENSSL_NO_EC
--    ecdsa_c[R_EC_P160][0] = count / 1000;
--    ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
--    for (i = R_EC_P192; i <= R_EC_P521; i++) {
-+    ecdsa_c[R_EC_P224][0] = count / 1000;
-+    ecdsa_c[R_EC_P224][1] = count / 1000 / 2;
-+    for (i = R_EC_P256; i <= R_EC_P521; i++) {
-         ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
-         ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
-         if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
-@@ -2031,6 +1958,7 @@ int speed_main(int argc, char **argv)
-             }
-         }
-     }
-+#if 0
-     ecdsa_c[R_EC_K163][0] = count / 1000;
-     ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
-     for (i = R_EC_K233; i <= R_EC_K571; i++) {
-@@ -2059,9 +1987,9 @@ int speed_main(int argc, char **argv)
-             }
-         }
-     }
--
--    ecdh_c[R_EC_P160][0] = count / 1000;
--    for (i = R_EC_P192; i <= R_EC_P521; i++) {
-+#endif
-+    ecdh_c[R_EC_P224][0] = count / 1000;
-+    for (i = R_EC_P256; i <= R_EC_P521; i++) {
-         ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
-         if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
-             ecdh_doit[i] = 0;
-@@ -2071,6 +1999,7 @@ int speed_main(int argc, char **argv)
-             }
-         }
-     }
-+#if 0
-     ecdh_c[R_EC_K163][0] = count / 1000;
-     for (i = R_EC_K233; i <= R_EC_K571; i++) {
-         ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
-@@ -2116,6 +2045,7 @@ int speed_main(int argc, char **argv)
-             }
-         }
-     }
-+#endif
-     /* default iteration count for the last two EC Curves */
-     ecdh_c[R_EC_X25519][0] = count / 1800;
-     ecdh_c[R_EC_X448][0] = count / 7200;
---- a/crypto/ec/ecp_smpl.c
-+++ b/crypto/ec/ecp_smpl.c
-@@ -145,6 +145,11 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group,
-         return 0;
-     }
- 
-+    if (BN_num_bits(p) < 224) {
-+        ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
-+        return 0;
-+    }
-+
-     if (ctx == NULL) {
-         ctx = new_ctx = BN_CTX_new();
-         if (ctx == NULL)
---- a/test/ecdsatest.c
-+++ b/test/ecdsatest.c
-@@ -176,6 +176,7 @@ static int x9_62_tests(void)
-     if (!change_rand())
-         goto x962_err;
- 
-+#if 0
-     if (!TEST_true(x9_62_test_internal(NID_X9_62_prime192v1,
-                  "3342403536405981729393488334694600415596881826869351677613",
-                  "5735822328888155254683894997897571951568553642892029982342")))
-@@ -186,6 +187,7 @@ static int x9_62_tests(void)
-                  "3238135532097973577080787768312505059318910517550078427819"
-                              "78505179448783")))
-         goto x962_err;
-+#endif
- 
- # ifndef OPENSSL_NO_EC2M
-     if (!TEST_true(x9_62_test_internal(NID_X9_62_c2tnb191v1,