summaryrefslogtreecommitdiff
path: root/dev-libs/openssl
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2019-12-15 18:09:03 +0000
committerV3n3RiX <venerix@redcorelinux.org>2019-12-15 18:09:03 +0000
commit7bc9c63c9da678a7e6fceb095d56c634afd22c56 (patch)
tree4a67d50a439e9af63947e5f8b6ba3719af98b6c9 /dev-libs/openssl
parentb284a3168fa91a038925d2ecf5e4791011ea5e7d (diff)
gentoo resync : 15.12.2019
Diffstat (limited to 'dev-libs/openssl')
-rw-r--r--dev-libs/openssl/Manifest8
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch283
-rw-r--r--dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch62
-rw-r--r--dev-libs/openssl/openssl-1.0.2t-r1.ebuild3
-rw-r--r--dev-libs/openssl/openssl-1.1.0l.ebuild3
-rw-r--r--dev-libs/openssl/openssl-1.1.1d-r3.ebuild (renamed from dev-libs/openssl/openssl-1.1.1d-r2.ebuild)31
6 files changed, 84 insertions, 306 deletions
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 9d29f288b472..8e0a79928788 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,11 +1,11 @@
AUX gentoo.config-1.0.2 5158 BLAKE2B bc8b8c0558f84bcbd7c55e4b974458041aa5f31f82cd740f1c4c56729ecb63d940ac6e23390b83eb1e7ed36dbed5663801415830f306bdbf56f081aec63fb48c SHA512 d39cb5824556f2c064ad148ef40b175bd124c6e58a6e59f9da6167645f98e2a5755b4c01b41a37f30c172d3a3c5d9753d1f7835d7380a429bbc0dc1989125472
AUX openssl-1.0.2a-x32-asm.patch 1561 BLAKE2B ee5e5b91e4babacff71edf36cce80fbcb2b8dbb9a7ea63a816d3a5de544fbffd8b4216d7a95bd44e718c7a83dd8b8b5ad85caed4205eab5de566b0b7e5054fc1 SHA512 fbb23393e68776e9d34953f85ba3cbb285421d50f06bd297b485c7cffc8d89ca8caff6783f21038ae668b5c75056c89dc652217ac8609b5328e2c28e70ac294c
-AUX openssl-1.0.2p-hobble-ecc.patch 10875 BLAKE2B fc8240a074f8cc354c5ae584b76b3fc895170e026767d2d99d8bd5e5028614c861dd2b3c7b955c223883062f9a057ee302ae0deecfbbed00ddc53ae8a4d50919 SHA512 29f64bacac4f61071db6caf9d92131633d2dff56d899171888cc4c8432790930ff0912cea90ad03ca59b13ca0357f812d2f0a3f42567e2bd72c260f49b2b59aa
AUX openssl-1.1.0j-parallel_install_fix.patch 515 BLAKE2B a1bcffce4dc9e0566e21e753cf1a18ee6eac92aca5880c50b33966d8ecb391f7430e1db6ea5a30ee4e3a9d77fb9e5542e864508b01c325011e368165e079a96c SHA512 0badd29ec8cffd95b2b69a4b8f8eecfc9ea0c00a812b298a650ee353e3965147fd2da1f9058d2d51744838f38168257b89aaf317287c55a7b76f16a69c781828
AUX openssl-1.1.0k-fix-test_fuzz.patch 485 BLAKE2B 4dc2ef2b2c1935c8143c939ed6b7168fb070edced8ae47732f1ae9fdabe19887f846d75c15cea33680a54058c9a99f981a3c6a35fc84c3a6c360b4d2b920bc04 SHA512 68590479f096f3da920a5d293f27babd541ce1946944d5540f78d8341b59eeda92fe24743f7351b565e06421d7a2da77e331ebe1e5168023f6602aaa7376a038
AUX openssl-1.1.0l-fix-no-ec2m-in-ec_curve.c.patch 1235 BLAKE2B 26997a474013c379a7d019d69203a5199ee17df07b28c86d06cebad3093ee62af9e4e568f3bc44ff4a5e8b555a5634d666446b35ce850c9c8668d920ef32bba6 SHA512 8ddfc077d3035b766175810b2554310935c8d1875044bf95abf8590ab5eeeb68357545566e7e8a50f95d9e62be68c72fdb58fef28497b154d44f08169645a08a
AUX openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch 4247 BLAKE2B 5e181869569f9ca34190ba11fb1c66c12cfd6760aa85f423a65761886f15c120d0262528eb81847b1ed18a5e2c7610ff96790da7dac6815ddf3d025530c06349 SHA512 eafa940295b3cdfb0e9f1d1e337b4ce793f0dc8fae0fc5d0fc8e7029b9d6a99071b6b3d2b25002b715f3d5d7dc129f48700eb19e60e115610a8c4752a6d6bbfe
AUX openssl-1.1.1d-fix-zlib.patch 1567 BLAKE2B c83a3016caa8ae6f3588a6649929d32ba890f7df776a39656bc870965aa305f89c3253b284a1f1b7bcc78b88042a01ab6fc93735d972bc4a2da1fd4f2ad225de SHA512 0b073723910cf4bd72d2e922e280cafbb807b040f4afc84f06973a45ff386b4a8505297af4894953d3fa61b8a68b42858345523705e43aa58846478976e2c566
+AUX openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch 2434 BLAKE2B ffe10db9977e70379d957df117f9e73469279673c531dd70fa78d84299efed1cc30402ca0bb5ae944b2aea649a1da1d3fa47e6b747b0f488a84f5eec2cfc10f2 SHA512 ac800f2ae4a88fcd51b61f5de5e77765b18f4a997dc334541dce995e6d3e04784752ef273fef033cde21c3d6aaf379751715b98cbce491bfd31ea4770fe78f63
DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71
@@ -13,7 +13,7 @@ DIST openssl-1.1.0l-bindist-1.0.tar.xz 13184 BLAKE2B c09e023458faff17b10d6f20c28
DIST openssl-1.1.0l.tar.gz 5294857 BLAKE2B 0e4f30f9e8a22414325bd780dc4e875e962487fbe72967f0392ace959955429192541881a98d097d7bb75ed7238b1817b0c3c2c4da04421512bd538f2b07cdd7 SHA512 81b74149f40ea7d9f7e235820a4f977844653ad1e2b302e65e712c12193f47542fe7e3385fd1e25e3dd074e4e6d04199836cbc492656f5a7692edab5e234f4ad
DIST openssl-1.1.1d-bindist-1.0.tar.xz 13180 BLAKE2B 680bd7400d3dd3930067ee7efa9718b74b30afa9be2397ad80f88031920806b6603b6469beede02b6e7a742abf5f82ebdd7c9b8e69c1ffe223e4860dc9581128 SHA512 9e4296326852010d5cebc204d1a34a34198d8d65460bc91a2bd37c80be892a5ae519513e4b0109e6b51b6faab0e171ef6cdae868868c158711558d147083c06f
DIST openssl-1.1.1d.tar.gz 8845861 BLAKE2B d3155f07b487ebd8dd4fe25396c874f9af18b5cfd7e622298d29c4f2c8ce14ad4534609d321314a4bcd0d44414e1306190340daaacd3c8fca061c04498446244 SHA512 2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7
-EBUILD openssl-1.0.2t-r1.ebuild 9848 BLAKE2B 27e23ff21c452778cf65563c571fd89837ba5c60fd783f9b55da5b40bfc1981492e172bc2757fa4dbcef553cc848ad378d37e3bb79583a850239be3e0e5fc008 SHA512 53c3a31e3dd8226ef8c24a11b6a82c97dba4251d8b09986d5d48547f0d53e93c05cb30d9591ecd945f670a4d142fc3595b1c2c44034fca4e53eccd29c4d26caf
-EBUILD openssl-1.1.0l.ebuild 9579 BLAKE2B c60a96f76591ac3e913d28e86bcfd53cabe5428707d1ce0f713908ae7c88b0624f34b6334b2745f1817b4f173d581c11eff1b4ef7a22b7a5c660523b54b8c9ab SHA512 70222a86f55a87e7811c17af0f6d642290024b7635dc3f3c6f5bebb27394c797ed021f9390b33a3fc303ef9b6c600a69e63ecf6d0713c68f0710d72bef8cb4a8
-EBUILD openssl-1.1.1d-r2.ebuild 10306 BLAKE2B 4865788cfb9f3dc1e03e1f1748009c6970f867329c8e42a7c03d56e77f671193511adffd9cc4738cadc7bf9401f8f8b51a8a1cbf15c9def30b857b0210671ffb SHA512 916025522d0f5fac0f9db404bf9898b0c71f870e309eb3a6f55dd082669783a0d7763e5d747a5c4677099feaee15e0879ca0ea71ce3692a6bab83f6b3573ce40
+EBUILD openssl-1.0.2t-r1.ebuild 9865 BLAKE2B fb3ded9fcca4a9fc97ab578747f107e1dea4ed17edaa2b0cf8b787035af9637bd1a78318f1aaedc9336686800cc6e9a564ba7fec09476bda842eaeccd946a5d1 SHA512 33be79f564388c1aa6aa093877d6012d93782257271320282377b93e4cb0e890377f24a4ff5ef0452c25c1e621c7c7880452496d0e07ece1bcdd5433e2c50c4c
+EBUILD openssl-1.1.0l.ebuild 9596 BLAKE2B b90dab20cb55693a944efa1cd6a2e9422fd7f01e618d50ba74f7f2c46c7fdf6d91621d1380e000ea9e531997dc43c38324965d1abb3c4f668cfcf0986e599c8d SHA512 699210aeaeb1796c2cabd33c917a9dec91f1d0ae7a6fd8ed3ce62f90b02e9001722615eaa767d4d479df1c3e79e6c69025f65a4353a5800a0003f36a886d9f89
+EBUILD openssl-1.1.1d-r3.ebuild 10378 BLAKE2B 43732766ccd06933805c3b5133f0a606a57340e975b10768ae044beeeaee67ecf4e4ad469364a9257b05d0dd567f602abc1b703862b74b656811ce33b20dfe75 SHA512 5caba682680e1c877c1fbfbcfdb1a8513167aacde4b2be1c96ee1026b82178d4685d1f8208616aa15c30e5b65437f294d28cb22d326e3a8adab25f3a3d43cf83
MISC metadata.xml 1273 BLAKE2B 8eb61c2bfd56f428fa4c262972c0b140662a68c95fdf5e3101624b307985f83dc6d757fc13565e467c99188de93d90ec2db6de3719e22495da67155cbaa91aa9 SHA512 3ffb56f8bc35d71c2c67b4cb97d350825260f9d78c97f4ba9462c2b08b8ef65d7f684139e99bb2f7f32698d3cb62404567b36ce849e7dc4e7f7c5b6367c723a7
diff --git a/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch b/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch
deleted file mode 100644
index 3a458a783603..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch
+++ /dev/null
@@ -1,283 +0,0 @@
-Port of Fedora's Hobble-EC patches for OpenSSL 1.0 series.
-
-From https://src.fedoraproject.org/git/rpms/openssl.git
-
-Contains parts of the following patches, rediffed. The patches are on various
-different branches.
-f23 openssl-1.0.2c-ecc-suiteb.patch
-f23 openssl-1.0.2a-fips-ec.patch
-f28 openssl-1.1.0-ec-curves.patch
-
-Signed-off-By: Robin H. Johnson <robbat2@gentoo.org>
-
---- a/apps/speed.c
-+++ b/apps/speed.c
-@@ -989,10 +989,7 @@ int MAIN(int argc, char **argv)
- } else
- # endif
- # ifndef OPENSSL_NO_ECDSA
-- if (strcmp(*argv, "ecdsap160") == 0)
-- ecdsa_doit[R_EC_P160] = 2;
-- else if (strcmp(*argv, "ecdsap192") == 0)
-- ecdsa_doit[R_EC_P192] = 2;
-+ if (0) {}
- else if (strcmp(*argv, "ecdsap224") == 0)
- ecdsa_doit[R_EC_P224] = 2;
- else if (strcmp(*argv, "ecdsap256") == 0)
-@@ -1001,36 +998,13 @@ int MAIN(int argc, char **argv)
- ecdsa_doit[R_EC_P384] = 2;
- else if (strcmp(*argv, "ecdsap521") == 0)
- ecdsa_doit[R_EC_P521] = 2;
-- else if (strcmp(*argv, "ecdsak163") == 0)
-- ecdsa_doit[R_EC_K163] = 2;
-- else if (strcmp(*argv, "ecdsak233") == 0)
-- ecdsa_doit[R_EC_K233] = 2;
-- else if (strcmp(*argv, "ecdsak283") == 0)
-- ecdsa_doit[R_EC_K283] = 2;
-- else if (strcmp(*argv, "ecdsak409") == 0)
-- ecdsa_doit[R_EC_K409] = 2;
-- else if (strcmp(*argv, "ecdsak571") == 0)
-- ecdsa_doit[R_EC_K571] = 2;
-- else if (strcmp(*argv, "ecdsab163") == 0)
-- ecdsa_doit[R_EC_B163] = 2;
-- else if (strcmp(*argv, "ecdsab233") == 0)
-- ecdsa_doit[R_EC_B233] = 2;
-- else if (strcmp(*argv, "ecdsab283") == 0)
-- ecdsa_doit[R_EC_B283] = 2;
-- else if (strcmp(*argv, "ecdsab409") == 0)
-- ecdsa_doit[R_EC_B409] = 2;
-- else if (strcmp(*argv, "ecdsab571") == 0)
-- ecdsa_doit[R_EC_B571] = 2;
- else if (strcmp(*argv, "ecdsa") == 0) {
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P224; i < R_EC_P521; i++)
- ecdsa_doit[i] = 1;
- } else
- # endif
- # ifndef OPENSSL_NO_ECDH
-- if (strcmp(*argv, "ecdhp160") == 0)
-- ecdh_doit[R_EC_P160] = 2;
-- else if (strcmp(*argv, "ecdhp192") == 0)
-- ecdh_doit[R_EC_P192] = 2;
-+ if (0) {}
- else if (strcmp(*argv, "ecdhp224") == 0)
- ecdh_doit[R_EC_P224] = 2;
- else if (strcmp(*argv, "ecdhp256") == 0)
-@@ -1039,28 +1013,8 @@ int MAIN(int argc, char **argv)
- ecdh_doit[R_EC_P384] = 2;
- else if (strcmp(*argv, "ecdhp521") == 0)
- ecdh_doit[R_EC_P521] = 2;
-- else if (strcmp(*argv, "ecdhk163") == 0)
-- ecdh_doit[R_EC_K163] = 2;
-- else if (strcmp(*argv, "ecdhk233") == 0)
-- ecdh_doit[R_EC_K233] = 2;
-- else if (strcmp(*argv, "ecdhk283") == 0)
-- ecdh_doit[R_EC_K283] = 2;
-- else if (strcmp(*argv, "ecdhk409") == 0)
-- ecdh_doit[R_EC_K409] = 2;
-- else if (strcmp(*argv, "ecdhk571") == 0)
-- ecdh_doit[R_EC_K571] = 2;
-- else if (strcmp(*argv, "ecdhb163") == 0)
-- ecdh_doit[R_EC_B163] = 2;
-- else if (strcmp(*argv, "ecdhb233") == 0)
-- ecdh_doit[R_EC_B233] = 2;
-- else if (strcmp(*argv, "ecdhb283") == 0)
-- ecdh_doit[R_EC_B283] = 2;
-- else if (strcmp(*argv, "ecdhb409") == 0)
-- ecdh_doit[R_EC_B409] = 2;
-- else if (strcmp(*argv, "ecdhb571") == 0)
-- ecdh_doit[R_EC_B571] = 2;
- else if (strcmp(*argv, "ecdh") == 0) {
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P224; i <= R_EC_P521; i++)
- ecdh_doit[i] = 1;
- } else
- # endif
-@@ -1149,21 +1103,13 @@ int MAIN(int argc, char **argv)
- BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n");
- # endif
- # ifndef OPENSSL_NO_ECDSA
-- BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
-+ BIO_printf(bio_err, "ecdsap224 "
- "ecdsap256 ecdsap384 ecdsap521\n");
-- BIO_printf(bio_err,
-- "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
-- BIO_printf(bio_err,
-- "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
- BIO_printf(bio_err, "ecdsa\n");
- # endif
- # ifndef OPENSSL_NO_ECDH
-- BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 "
-+ BIO_printf(bio_err, "ecdhp224 "
- "ecdhp256 ecdhp384 ecdhp521\n");
-- BIO_printf(bio_err,
-- "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
-- BIO_printf(bio_err,
-- "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
- BIO_printf(bio_err, "ecdh\n");
- # endif
-
-@@ -1242,11 +1188,11 @@ int MAIN(int argc, char **argv)
- for (i = 0; i < DSA_NUM; i++)
- dsa_doit[i] = 1;
- # ifndef OPENSSL_NO_ECDSA
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P224; i <= R_EC_P521; i++)
- ecdsa_doit[i] = 1;
- # endif
- # ifndef OPENSSL_NO_ECDH
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P224; i <= R_EC_P521; i++)
- ecdh_doit[i] = 1;
- # endif
- }
---- a/crypto/ec/ecp_smpl.c
-+++ b/crypto/ec/ecp_smpl.c
-@@ -187,6 +187,11 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group,
- return 0;
- }
-
-+ if (BN_num_bits(p) < 224) {
-+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
-+ return 0;
-+ }
-+
- if (ctx == NULL) {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
---- a/crypto/ecdh/ecdhtest.c
-+++ b/crypto/ecdh/ecdhtest.c
-@@ -501,11 +501,13 @@ int main(int argc, char *argv[])
- goto err;
-
- /* NIST PRIME CURVES TESTS */
-+# if 0
- if (!test_ecdh_curve
- (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out))
- goto err;
- if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out))
- goto err;
-+# endif
- if (!test_ecdh_curve
- (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out))
- goto err;
-@@ -536,13 +538,14 @@ int main(int argc, char *argv[])
- if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out))
- goto err;
- # endif
-+# if 0
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256))
- goto err;
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384))
- goto err;
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512))
- goto err;
--
-+# endif
- ret = 0;
-
- err:
---- a/crypto/ecdsa/ecdsatest.c
-+++ b/crypto/ecdsa/ecdsatest.c
-@@ -138,9 +138,12 @@ int restore_rand(void)
- }
-
- static int fbytes_counter = 0, use_fake = 0;
--static const char *numbers[8] = {
-+static const char *numbers[10] = {
-+ "651056770906015076056810763456358567190100156695615665659",
- "651056770906015076056810763456358567190100156695615665659",
- "6140507067065001063065065565667405560006161556565665656654",
-+ "8763001015071075675010661307616710783570106710677817767166"
-+ "71676178726717",
- "8763001015071075675010661307616710783570106710677817767166"
- "71676178726717",
- "7000000175690566466555057817571571075705015757757057795755"
-@@ -163,7 +166,7 @@ int fbytes(unsigned char *buf, int num)
-
- use_fake = 0;
-
-- if (fbytes_counter >= 8)
-+ if (fbytes_counter >= 10)
- return 0;
- tmp = BN_new();
- if (!tmp)
-@@ -539,8 +542,10 @@ int main(void)
- RAND_seed(rnd_seed, sizeof(rnd_seed));
-
- /* the tests */
-+# if 0
- if (!x9_62_tests(out))
- goto err;
-+# endif
- if (!test_builtin(out))
- goto err;
-
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -271,10 +271,7 @@ static const unsigned char eccurves_auto[] = {
- 0, 23, /* secp256r1 (23) */
- /* Other >= 256-bit prime curves. */
- 0, 25, /* secp521r1 (25) */
-- 0, 28, /* brainpool512r1 (28) */
-- 0, 27, /* brainpoolP384r1 (27) */
- 0, 24, /* secp384r1 (24) */
-- 0, 26, /* brainpoolP256r1 (26) */
- 0, 22, /* secp256k1 (22) */
- # ifndef OPENSSL_NO_EC2M
- /* >= 256-bit binary curves. */
-@@ -292,10 +289,7 @@ static const unsigned char eccurves_all[] = {
- 0, 23, /* secp256r1 (23) */
- /* Other >= 256-bit prime curves. */
- 0, 25, /* secp521r1 (25) */
-- 0, 28, /* brainpool512r1 (28) */
-- 0, 27, /* brainpoolP384r1 (27) */
- 0, 24, /* secp384r1 (24) */
-- 0, 26, /* brainpoolP256r1 (26) */
- 0, 22, /* secp256k1 (22) */
- # ifndef OPENSSL_NO_EC2M
- /* >= 256-bit binary curves. */
-@@ -310,13 +304,6 @@ static const unsigned char eccurves_all[] = {
- * Remaining curves disabled by default but still permitted if set
- * via an explicit callback or parameters.
- */
-- 0, 20, /* secp224k1 (20) */
-- 0, 21, /* secp224r1 (21) */
-- 0, 18, /* secp192k1 (18) */
-- 0, 19, /* secp192r1 (19) */
-- 0, 15, /* secp160k1 (15) */
-- 0, 16, /* secp160r1 (16) */
-- 0, 17, /* secp160r2 (17) */
- # ifndef OPENSSL_NO_EC2M
- 0, 8, /* sect239k1 (8) */
- 0, 6, /* sect233k1 (6) */
-@@ -351,29 +338,21 @@ static const unsigned char fips_curves_default[] = {
- 0, 9, /* sect283k1 (9) */
- 0, 10, /* sect283r1 (10) */
- # endif
-- 0, 22, /* secp256k1 (22) */
- 0, 23, /* secp256r1 (23) */
- # ifndef OPENSSL_NO_EC2M
- 0, 8, /* sect239k1 (8) */
- 0, 6, /* sect233k1 (6) */
- 0, 7, /* sect233r1 (7) */
- # endif
-- 0, 20, /* secp224k1 (20) */
-- 0, 21, /* secp224r1 (21) */
- # ifndef OPENSSL_NO_EC2M
- 0, 4, /* sect193r1 (4) */
- 0, 5, /* sect193r2 (5) */
- # endif
-- 0, 18, /* secp192k1 (18) */
-- 0, 19, /* secp192r1 (19) */
- # ifndef OPENSSL_NO_EC2M
- 0, 1, /* sect163k1 (1) */
- 0, 2, /* sect163r1 (2) */
- 0, 3, /* sect163r2 (3) */
- # endif
-- 0, 15, /* secp160k1 (15) */
-- 0, 16, /* secp160r1 (16) */
-- 0, 17, /* secp160r2 (17) */
- };
- # endif
-
diff --git a/dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch b/dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch
new file mode 100644
index 000000000000..dc8fe7146b74
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch
@@ -0,0 +1,62 @@
+From 61cc715240d2d3f9511ca88043a3e9797c11482f Mon Sep 17 00:00:00 2001
+From: Richard Levitte <levitte@openssl.org>
+Date: Thu, 3 Oct 2019 08:28:31 +0200
+Subject: [PATCH] Define AESNI_ASM if AESNI assembler is included, and use it
+
+Because we have cases where basic assembler support isn't present, but
+AESNI asssembler support is, we need a separate macro that indicates
+that, and use it.
+
+Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
+Reviewed-by: Paul Dale <paul.dale@oracle.com>
+(Merged from https://github.com/openssl/openssl/pull/10080)
+---
+ Configure | 1 +
+ crypto/evp/e_aes_cbc_hmac_sha1.c | 2 +-
+ crypto/evp/e_aes_cbc_hmac_sha256.c | 4 ++--
+ 3 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/Configure b/Configure
+index 811bee81f54..f498ac2f81b 100755
+--- a/Configure
++++ b/Configure
+@@ -1376,6 +1376,7 @@ unless ($disabled{asm}) {
+ }
+ if ($target{aes_asm_src}) {
+ push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);;
++ push @{$config{lib_defines}}, "AESNI_ASM" if ($target{aes_asm_src} =~ m/\baesni-/);;
+ # aes-ctr.fake is not a real file, only indication that assembler
+ # module implements AES_ctr32_encrypt...
+ push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//);
+diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
+index c9f5969162c..27c36b46e7a 100644
+--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
++++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
+@@ -33,7 +33,7 @@ typedef struct {
+
+ #define NO_PAYLOAD_LENGTH ((size_t)-1)
+
+-#if defined(AES_ASM) && ( \
++#if defined(AESNI_ASM) && ( \
+ defined(__x86_64) || defined(__x86_64__) || \
+ defined(_M_AMD64) || defined(_M_X64) )
+
+diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
+index d5178313ae3..cc622b6faa8 100644
+--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
++++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
+@@ -34,7 +34,7 @@ typedef struct {
+
+ # define NO_PAYLOAD_LENGTH ((size_t)-1)
+
+-#if defined(AES_ASM) && ( \
++#if defined(AESNI_ASM) && ( \
+ defined(__x86_64) || defined(__x86_64__) || \
+ defined(_M_AMD64) || defined(_M_X64) )
+
+@@ -947,4 +947,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
+ {
+ return NULL;
+ }
+-#endif
++#endif /* AESNI_ASM */
diff --git a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
index 53f5acad6bab..37ad94c9f5d1 100644
--- a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
@@ -39,7 +39,8 @@ LICENSE="openssl"
SLOT="0"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x86-linux"
IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
+RESTRICT="!bindist? ( bindist )
+ !test? ( test )"
RDEPEND=">=app-misc/c_rehash-1.7-r1
gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
diff --git a/dev-libs/openssl/openssl-1.1.0l.ebuild b/dev-libs/openssl/openssl-1.1.0l.ebuild
index deccd8443de1..1d5afcf680c7 100644
--- a/dev-libs/openssl/openssl-1.1.0l.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0l.ebuild
@@ -28,7 +28,8 @@ LICENSE="openssl"
SLOT="0/1.1" # .so version of libssl/libcrypto
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~x86-linux"
IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
+RESTRICT="!bindist? ( bindist )
+ !test? ( test )"
RDEPEND=">=app-misc/c_rehash-1.7-r1
zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
diff --git a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild b/dev-libs/openssl/openssl-1.1.1d-r3.ebuild
index 1b8d0ea6945d..774605b4bf1d 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r3.ebuild
@@ -29,7 +29,8 @@ SLOT="0/1.1" # .so version of libssl/libcrypto
[[ "${PV}" = *_pre* ]] || \
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x86-linux"
IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
+RESTRICT="!bindist? ( bindist )
+ !test? ( test )"
RDEPEND=">=app-misc/c_rehash-1.7-r1
zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
@@ -40,6 +41,7 @@ BDEPEND="
test? (
sys-apps/diffutils
sys-devel/bc
+ sys-process/procps
)"
PDEPEND="app-misc/ca-certificates"
@@ -47,6 +49,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
"${FILESDIR}"/${P}-fix-zlib.patch
"${FILESDIR}"/${P}-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch
+ "${FILESDIR}"/${P}-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch
)
S="${WORKDIR}/${MY_P}"
@@ -62,14 +65,12 @@ pkg_setup() {
[[ ${MERGE_TYPE} == binary ]] && return
# must check in pkg_setup; sysctl don't work with userpriv!
- if has test ${FEATURES}; then
- if use sctp; then
- # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
- # if sctp.auth_enable is not enabled.
- local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
- if [[ -z "${sctp_auth_status}" || ${sctp_auth_status} != 1 ]]; then
- die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
- fi
+ if has test ${FEATURES} && use sctp; then
+ # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+ # if sctp.auth_enable is not enabled.
+ local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+ if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+ die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
fi
fi
}
@@ -118,14 +119,10 @@ src_prepare() {
eapply_user #332661
- if has test ${FEATURES}; then
- if use sctp; then
- if has network-sandbox ${FEATURES}; then
- ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
- rm test/recipes/80-test_ssl_new.t || die
- eend $?
- fi
- fi
+ if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then
+ ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
+ rm test/recipes/80-test_ssl_new.t || die
+ eend $?
fi
# make sure the man pages are suffixed #302165