diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2019-12-15 18:09:03 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2019-12-15 18:09:03 +0000 |
commit | 7bc9c63c9da678a7e6fceb095d56c634afd22c56 (patch) | |
tree | 4a67d50a439e9af63947e5f8b6ba3719af98b6c9 /dev-libs/openssl | |
parent | b284a3168fa91a038925d2ecf5e4791011ea5e7d (diff) |
gentoo resync : 15.12.2019
Diffstat (limited to 'dev-libs/openssl')
-rw-r--r-- | dev-libs/openssl/Manifest | 8 | ||||
-rw-r--r-- | dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch | 283 | ||||
-rw-r--r-- | dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch | 62 | ||||
-rw-r--r-- | dev-libs/openssl/openssl-1.0.2t-r1.ebuild | 3 | ||||
-rw-r--r-- | dev-libs/openssl/openssl-1.1.0l.ebuild | 3 | ||||
-rw-r--r-- | dev-libs/openssl/openssl-1.1.1d-r3.ebuild (renamed from dev-libs/openssl/openssl-1.1.1d-r2.ebuild) | 31 |
6 files changed, 84 insertions, 306 deletions
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index 9d29f288b472..8e0a79928788 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -1,11 +1,11 @@ AUX gentoo.config-1.0.2 5158 BLAKE2B bc8b8c0558f84bcbd7c55e4b974458041aa5f31f82cd740f1c4c56729ecb63d940ac6e23390b83eb1e7ed36dbed5663801415830f306bdbf56f081aec63fb48c SHA512 d39cb5824556f2c064ad148ef40b175bd124c6e58a6e59f9da6167645f98e2a5755b4c01b41a37f30c172d3a3c5d9753d1f7835d7380a429bbc0dc1989125472 AUX openssl-1.0.2a-x32-asm.patch 1561 BLAKE2B ee5e5b91e4babacff71edf36cce80fbcb2b8dbb9a7ea63a816d3a5de544fbffd8b4216d7a95bd44e718c7a83dd8b8b5ad85caed4205eab5de566b0b7e5054fc1 SHA512 fbb23393e68776e9d34953f85ba3cbb285421d50f06bd297b485c7cffc8d89ca8caff6783f21038ae668b5c75056c89dc652217ac8609b5328e2c28e70ac294c -AUX openssl-1.0.2p-hobble-ecc.patch 10875 BLAKE2B fc8240a074f8cc354c5ae584b76b3fc895170e026767d2d99d8bd5e5028614c861dd2b3c7b955c223883062f9a057ee302ae0deecfbbed00ddc53ae8a4d50919 SHA512 29f64bacac4f61071db6caf9d92131633d2dff56d899171888cc4c8432790930ff0912cea90ad03ca59b13ca0357f812d2f0a3f42567e2bd72c260f49b2b59aa AUX openssl-1.1.0j-parallel_install_fix.patch 515 BLAKE2B a1bcffce4dc9e0566e21e753cf1a18ee6eac92aca5880c50b33966d8ecb391f7430e1db6ea5a30ee4e3a9d77fb9e5542e864508b01c325011e368165e079a96c SHA512 0badd29ec8cffd95b2b69a4b8f8eecfc9ea0c00a812b298a650ee353e3965147fd2da1f9058d2d51744838f38168257b89aaf317287c55a7b76f16a69c781828 AUX openssl-1.1.0k-fix-test_fuzz.patch 485 BLAKE2B 4dc2ef2b2c1935c8143c939ed6b7168fb070edced8ae47732f1ae9fdabe19887f846d75c15cea33680a54058c9a99f981a3c6a35fc84c3a6c360b4d2b920bc04 SHA512 68590479f096f3da920a5d293f27babd541ce1946944d5540f78d8341b59eeda92fe24743f7351b565e06421d7a2da77e331ebe1e5168023f6602aaa7376a038 AUX openssl-1.1.0l-fix-no-ec2m-in-ec_curve.c.patch 1235 BLAKE2B 26997a474013c379a7d019d69203a5199ee17df07b28c86d06cebad3093ee62af9e4e568f3bc44ff4a5e8b555a5634d666446b35ce850c9c8668d920ef32bba6 SHA512 8ddfc077d3035b766175810b2554310935c8d1875044bf95abf8590ab5eeeb68357545566e7e8a50f95d9e62be68c72fdb58fef28497b154d44f08169645a08a AUX openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch 4247 BLAKE2B 5e181869569f9ca34190ba11fb1c66c12cfd6760aa85f423a65761886f15c120d0262528eb81847b1ed18a5e2c7610ff96790da7dac6815ddf3d025530c06349 SHA512 eafa940295b3cdfb0e9f1d1e337b4ce793f0dc8fae0fc5d0fc8e7029b9d6a99071b6b3d2b25002b715f3d5d7dc129f48700eb19e60e115610a8c4752a6d6bbfe AUX openssl-1.1.1d-fix-zlib.patch 1567 BLAKE2B c83a3016caa8ae6f3588a6649929d32ba890f7df776a39656bc870965aa305f89c3253b284a1f1b7bcc78b88042a01ab6fc93735d972bc4a2da1fd4f2ad225de SHA512 0b073723910cf4bd72d2e922e280cafbb807b040f4afc84f06973a45ff386b4a8505297af4894953d3fa61b8a68b42858345523705e43aa58846478976e2c566 +AUX openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch 2434 BLAKE2B ffe10db9977e70379d957df117f9e73469279673c531dd70fa78d84299efed1cc30402ca0bb5ae944b2aea649a1da1d3fa47e6b747b0f488a84f5eec2cfc10f2 SHA512 ac800f2ae4a88fcd51b61f5de5e77765b18f4a997dc334541dce995e6d3e04784752ef273fef033cde21c3d6aaf379751715b98cbce491bfd31ea4770fe78f63 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6 DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71 @@ -13,7 +13,7 @@ DIST openssl-1.1.0l-bindist-1.0.tar.xz 13184 BLAKE2B c09e023458faff17b10d6f20c28 DIST openssl-1.1.0l.tar.gz 5294857 BLAKE2B 0e4f30f9e8a22414325bd780dc4e875e962487fbe72967f0392ace959955429192541881a98d097d7bb75ed7238b1817b0c3c2c4da04421512bd538f2b07cdd7 SHA512 81b74149f40ea7d9f7e235820a4f977844653ad1e2b302e65e712c12193f47542fe7e3385fd1e25e3dd074e4e6d04199836cbc492656f5a7692edab5e234f4ad DIST openssl-1.1.1d-bindist-1.0.tar.xz 13180 BLAKE2B 680bd7400d3dd3930067ee7efa9718b74b30afa9be2397ad80f88031920806b6603b6469beede02b6e7a742abf5f82ebdd7c9b8e69c1ffe223e4860dc9581128 SHA512 9e4296326852010d5cebc204d1a34a34198d8d65460bc91a2bd37c80be892a5ae519513e4b0109e6b51b6faab0e171ef6cdae868868c158711558d147083c06f DIST openssl-1.1.1d.tar.gz 8845861 BLAKE2B d3155f07b487ebd8dd4fe25396c874f9af18b5cfd7e622298d29c4f2c8ce14ad4534609d321314a4bcd0d44414e1306190340daaacd3c8fca061c04498446244 SHA512 2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7 -EBUILD openssl-1.0.2t-r1.ebuild 9848 BLAKE2B 27e23ff21c452778cf65563c571fd89837ba5c60fd783f9b55da5b40bfc1981492e172bc2757fa4dbcef553cc848ad378d37e3bb79583a850239be3e0e5fc008 SHA512 53c3a31e3dd8226ef8c24a11b6a82c97dba4251d8b09986d5d48547f0d53e93c05cb30d9591ecd945f670a4d142fc3595b1c2c44034fca4e53eccd29c4d26caf -EBUILD openssl-1.1.0l.ebuild 9579 BLAKE2B c60a96f76591ac3e913d28e86bcfd53cabe5428707d1ce0f713908ae7c88b0624f34b6334b2745f1817b4f173d581c11eff1b4ef7a22b7a5c660523b54b8c9ab SHA512 70222a86f55a87e7811c17af0f6d642290024b7635dc3f3c6f5bebb27394c797ed021f9390b33a3fc303ef9b6c600a69e63ecf6d0713c68f0710d72bef8cb4a8 -EBUILD openssl-1.1.1d-r2.ebuild 10306 BLAKE2B 4865788cfb9f3dc1e03e1f1748009c6970f867329c8e42a7c03d56e77f671193511adffd9cc4738cadc7bf9401f8f8b51a8a1cbf15c9def30b857b0210671ffb SHA512 916025522d0f5fac0f9db404bf9898b0c71f870e309eb3a6f55dd082669783a0d7763e5d747a5c4677099feaee15e0879ca0ea71ce3692a6bab83f6b3573ce40 +EBUILD openssl-1.0.2t-r1.ebuild 9865 BLAKE2B fb3ded9fcca4a9fc97ab578747f107e1dea4ed17edaa2b0cf8b787035af9637bd1a78318f1aaedc9336686800cc6e9a564ba7fec09476bda842eaeccd946a5d1 SHA512 33be79f564388c1aa6aa093877d6012d93782257271320282377b93e4cb0e890377f24a4ff5ef0452c25c1e621c7c7880452496d0e07ece1bcdd5433e2c50c4c +EBUILD openssl-1.1.0l.ebuild 9596 BLAKE2B b90dab20cb55693a944efa1cd6a2e9422fd7f01e618d50ba74f7f2c46c7fdf6d91621d1380e000ea9e531997dc43c38324965d1abb3c4f668cfcf0986e599c8d SHA512 699210aeaeb1796c2cabd33c917a9dec91f1d0ae7a6fd8ed3ce62f90b02e9001722615eaa767d4d479df1c3e79e6c69025f65a4353a5800a0003f36a886d9f89 +EBUILD openssl-1.1.1d-r3.ebuild 10378 BLAKE2B 43732766ccd06933805c3b5133f0a606a57340e975b10768ae044beeeaee67ecf4e4ad469364a9257b05d0dd567f602abc1b703862b74b656811ce33b20dfe75 SHA512 5caba682680e1c877c1fbfbcfdb1a8513167aacde4b2be1c96ee1026b82178d4685d1f8208616aa15c30e5b65437f294d28cb22d326e3a8adab25f3a3d43cf83 MISC metadata.xml 1273 BLAKE2B 8eb61c2bfd56f428fa4c262972c0b140662a68c95fdf5e3101624b307985f83dc6d757fc13565e467c99188de93d90ec2db6de3719e22495da67155cbaa91aa9 SHA512 3ffb56f8bc35d71c2c67b4cb97d350825260f9d78c97f4ba9462c2b08b8ef65d7f684139e99bb2f7f32698d3cb62404567b36ce849e7dc4e7f7c5b6367c723a7 diff --git a/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch b/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch deleted file mode 100644 index 3a458a783603..000000000000 --- a/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch +++ /dev/null @@ -1,283 +0,0 @@ -Port of Fedora's Hobble-EC patches for OpenSSL 1.0 series. - -From https://src.fedoraproject.org/git/rpms/openssl.git - -Contains parts of the following patches, rediffed. The patches are on various -different branches. -f23 openssl-1.0.2c-ecc-suiteb.patch -f23 openssl-1.0.2a-fips-ec.patch -f28 openssl-1.1.0-ec-curves.patch - -Signed-off-By: Robin H. Johnson <robbat2@gentoo.org> - ---- a/apps/speed.c -+++ b/apps/speed.c -@@ -989,10 +989,7 @@ int MAIN(int argc, char **argv) - } else - # endif - # ifndef OPENSSL_NO_ECDSA -- if (strcmp(*argv, "ecdsap160") == 0) -- ecdsa_doit[R_EC_P160] = 2; -- else if (strcmp(*argv, "ecdsap192") == 0) -- ecdsa_doit[R_EC_P192] = 2; -+ if (0) {} - else if (strcmp(*argv, "ecdsap224") == 0) - ecdsa_doit[R_EC_P224] = 2; - else if (strcmp(*argv, "ecdsap256") == 0) -@@ -1001,36 +998,13 @@ int MAIN(int argc, char **argv) - ecdsa_doit[R_EC_P384] = 2; - else if (strcmp(*argv, "ecdsap521") == 0) - ecdsa_doit[R_EC_P521] = 2; -- else if (strcmp(*argv, "ecdsak163") == 0) -- ecdsa_doit[R_EC_K163] = 2; -- else if (strcmp(*argv, "ecdsak233") == 0) -- ecdsa_doit[R_EC_K233] = 2; -- else if (strcmp(*argv, "ecdsak283") == 0) -- ecdsa_doit[R_EC_K283] = 2; -- else if (strcmp(*argv, "ecdsak409") == 0) -- ecdsa_doit[R_EC_K409] = 2; -- else if (strcmp(*argv, "ecdsak571") == 0) -- ecdsa_doit[R_EC_K571] = 2; -- else if (strcmp(*argv, "ecdsab163") == 0) -- ecdsa_doit[R_EC_B163] = 2; -- else if (strcmp(*argv, "ecdsab233") == 0) -- ecdsa_doit[R_EC_B233] = 2; -- else if (strcmp(*argv, "ecdsab283") == 0) -- ecdsa_doit[R_EC_B283] = 2; -- else if (strcmp(*argv, "ecdsab409") == 0) -- ecdsa_doit[R_EC_B409] = 2; -- else if (strcmp(*argv, "ecdsab571") == 0) -- ecdsa_doit[R_EC_B571] = 2; - else if (strcmp(*argv, "ecdsa") == 0) { -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P224; i < R_EC_P521; i++) - ecdsa_doit[i] = 1; - } else - # endif - # ifndef OPENSSL_NO_ECDH -- if (strcmp(*argv, "ecdhp160") == 0) -- ecdh_doit[R_EC_P160] = 2; -- else if (strcmp(*argv, "ecdhp192") == 0) -- ecdh_doit[R_EC_P192] = 2; -+ if (0) {} - else if (strcmp(*argv, "ecdhp224") == 0) - ecdh_doit[R_EC_P224] = 2; - else if (strcmp(*argv, "ecdhp256") == 0) -@@ -1039,28 +1013,8 @@ int MAIN(int argc, char **argv) - ecdh_doit[R_EC_P384] = 2; - else if (strcmp(*argv, "ecdhp521") == 0) - ecdh_doit[R_EC_P521] = 2; -- else if (strcmp(*argv, "ecdhk163") == 0) -- ecdh_doit[R_EC_K163] = 2; -- else if (strcmp(*argv, "ecdhk233") == 0) -- ecdh_doit[R_EC_K233] = 2; -- else if (strcmp(*argv, "ecdhk283") == 0) -- ecdh_doit[R_EC_K283] = 2; -- else if (strcmp(*argv, "ecdhk409") == 0) -- ecdh_doit[R_EC_K409] = 2; -- else if (strcmp(*argv, "ecdhk571") == 0) -- ecdh_doit[R_EC_K571] = 2; -- else if (strcmp(*argv, "ecdhb163") == 0) -- ecdh_doit[R_EC_B163] = 2; -- else if (strcmp(*argv, "ecdhb233") == 0) -- ecdh_doit[R_EC_B233] = 2; -- else if (strcmp(*argv, "ecdhb283") == 0) -- ecdh_doit[R_EC_B283] = 2; -- else if (strcmp(*argv, "ecdhb409") == 0) -- ecdh_doit[R_EC_B409] = 2; -- else if (strcmp(*argv, "ecdhb571") == 0) -- ecdh_doit[R_EC_B571] = 2; - else if (strcmp(*argv, "ecdh") == 0) { -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P224; i <= R_EC_P521; i++) - ecdh_doit[i] = 1; - } else - # endif -@@ -1149,21 +1103,13 @@ int MAIN(int argc, char **argv) - BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n"); - # endif - # ifndef OPENSSL_NO_ECDSA -- BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 " -+ BIO_printf(bio_err, "ecdsap224 " - "ecdsap256 ecdsap384 ecdsap521\n"); -- BIO_printf(bio_err, -- "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n"); -- BIO_printf(bio_err, -- "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n"); - BIO_printf(bio_err, "ecdsa\n"); - # endif - # ifndef OPENSSL_NO_ECDH -- BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 " -+ BIO_printf(bio_err, "ecdhp224 " - "ecdhp256 ecdhp384 ecdhp521\n"); -- BIO_printf(bio_err, -- "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n"); -- BIO_printf(bio_err, -- "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n"); - BIO_printf(bio_err, "ecdh\n"); - # endif - -@@ -1242,11 +1188,11 @@ int MAIN(int argc, char **argv) - for (i = 0; i < DSA_NUM; i++) - dsa_doit[i] = 1; - # ifndef OPENSSL_NO_ECDSA -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P224; i <= R_EC_P521; i++) - ecdsa_doit[i] = 1; - # endif - # ifndef OPENSSL_NO_ECDH -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P224; i <= R_EC_P521; i++) - ecdh_doit[i] = 1; - # endif - } ---- a/crypto/ec/ecp_smpl.c -+++ b/crypto/ec/ecp_smpl.c -@@ -187,6 +187,11 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group, - return 0; - } - -+ if (BN_num_bits(p) < 224) { -+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); -+ return 0; -+ } -+ - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) ---- a/crypto/ecdh/ecdhtest.c -+++ b/crypto/ecdh/ecdhtest.c -@@ -501,11 +501,13 @@ int main(int argc, char *argv[]) - goto err; - - /* NIST PRIME CURVES TESTS */ -+# if 0 - if (!test_ecdh_curve - (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) - goto err; - if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) - goto err; -+# endif - if (!test_ecdh_curve - (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) - goto err; -@@ -536,13 +538,14 @@ int main(int argc, char *argv[]) - if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) - goto err; - # endif -+# if 0 - if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256)) - goto err; - if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384)) - goto err; - if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512)) - goto err; -- -+# endif - ret = 0; - - err: ---- a/crypto/ecdsa/ecdsatest.c -+++ b/crypto/ecdsa/ecdsatest.c -@@ -138,9 +138,12 @@ int restore_rand(void) - } - - static int fbytes_counter = 0, use_fake = 0; --static const char *numbers[8] = { -+static const char *numbers[10] = { -+ "651056770906015076056810763456358567190100156695615665659", - "651056770906015076056810763456358567190100156695615665659", - "6140507067065001063065065565667405560006161556565665656654", -+ "8763001015071075675010661307616710783570106710677817767166" -+ "71676178726717", - "8763001015071075675010661307616710783570106710677817767166" - "71676178726717", - "7000000175690566466555057817571571075705015757757057795755" -@@ -163,7 +166,7 @@ int fbytes(unsigned char *buf, int num) - - use_fake = 0; - -- if (fbytes_counter >= 8) -+ if (fbytes_counter >= 10) - return 0; - tmp = BN_new(); - if (!tmp) -@@ -539,8 +542,10 @@ int main(void) - RAND_seed(rnd_seed, sizeof(rnd_seed)); - - /* the tests */ -+# if 0 - if (!x9_62_tests(out)) - goto err; -+# endif - if (!test_builtin(out)) - goto err; - ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -271,10 +271,7 @@ static const unsigned char eccurves_auto[] = { - 0, 23, /* secp256r1 (23) */ - /* Other >= 256-bit prime curves. */ - 0, 25, /* secp521r1 (25) */ -- 0, 28, /* brainpool512r1 (28) */ -- 0, 27, /* brainpoolP384r1 (27) */ - 0, 24, /* secp384r1 (24) */ -- 0, 26, /* brainpoolP256r1 (26) */ - 0, 22, /* secp256k1 (22) */ - # ifndef OPENSSL_NO_EC2M - /* >= 256-bit binary curves. */ -@@ -292,10 +289,7 @@ static const unsigned char eccurves_all[] = { - 0, 23, /* secp256r1 (23) */ - /* Other >= 256-bit prime curves. */ - 0, 25, /* secp521r1 (25) */ -- 0, 28, /* brainpool512r1 (28) */ -- 0, 27, /* brainpoolP384r1 (27) */ - 0, 24, /* secp384r1 (24) */ -- 0, 26, /* brainpoolP256r1 (26) */ - 0, 22, /* secp256k1 (22) */ - # ifndef OPENSSL_NO_EC2M - /* >= 256-bit binary curves. */ -@@ -310,13 +304,6 @@ static const unsigned char eccurves_all[] = { - * Remaining curves disabled by default but still permitted if set - * via an explicit callback or parameters. - */ -- 0, 20, /* secp224k1 (20) */ -- 0, 21, /* secp224r1 (21) */ -- 0, 18, /* secp192k1 (18) */ -- 0, 19, /* secp192r1 (19) */ -- 0, 15, /* secp160k1 (15) */ -- 0, 16, /* secp160r1 (16) */ -- 0, 17, /* secp160r2 (17) */ - # ifndef OPENSSL_NO_EC2M - 0, 8, /* sect239k1 (8) */ - 0, 6, /* sect233k1 (6) */ -@@ -351,29 +338,21 @@ static const unsigned char fips_curves_default[] = { - 0, 9, /* sect283k1 (9) */ - 0, 10, /* sect283r1 (10) */ - # endif -- 0, 22, /* secp256k1 (22) */ - 0, 23, /* secp256r1 (23) */ - # ifndef OPENSSL_NO_EC2M - 0, 8, /* sect239k1 (8) */ - 0, 6, /* sect233k1 (6) */ - 0, 7, /* sect233r1 (7) */ - # endif -- 0, 20, /* secp224k1 (20) */ -- 0, 21, /* secp224r1 (21) */ - # ifndef OPENSSL_NO_EC2M - 0, 4, /* sect193r1 (4) */ - 0, 5, /* sect193r2 (5) */ - # endif -- 0, 18, /* secp192k1 (18) */ -- 0, 19, /* secp192r1 (19) */ - # ifndef OPENSSL_NO_EC2M - 0, 1, /* sect163k1 (1) */ - 0, 2, /* sect163r1 (2) */ - 0, 3, /* sect163r2 (3) */ - # endif -- 0, 15, /* secp160k1 (15) */ -- 0, 16, /* secp160r1 (16) */ -- 0, 17, /* secp160r2 (17) */ - }; - # endif - diff --git a/dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch b/dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch new file mode 100644 index 000000000000..dc8fe7146b74 --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch @@ -0,0 +1,62 @@ +From 61cc715240d2d3f9511ca88043a3e9797c11482f Mon Sep 17 00:00:00 2001 +From: Richard Levitte <levitte@openssl.org> +Date: Thu, 3 Oct 2019 08:28:31 +0200 +Subject: [PATCH] Define AESNI_ASM if AESNI assembler is included, and use it + +Because we have cases where basic assembler support isn't present, but +AESNI asssembler support is, we need a separate macro that indicates +that, and use it. + +Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> +Reviewed-by: Paul Dale <paul.dale@oracle.com> +(Merged from https://github.com/openssl/openssl/pull/10080) +--- + Configure | 1 + + crypto/evp/e_aes_cbc_hmac_sha1.c | 2 +- + crypto/evp/e_aes_cbc_hmac_sha256.c | 4 ++-- + 3 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/Configure b/Configure +index 811bee81f54..f498ac2f81b 100755 +--- a/Configure ++++ b/Configure +@@ -1376,6 +1376,7 @@ unless ($disabled{asm}) { + } + if ($target{aes_asm_src}) { + push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);; ++ push @{$config{lib_defines}}, "AESNI_ASM" if ($target{aes_asm_src} =~ m/\baesni-/);; + # aes-ctr.fake is not a real file, only indication that assembler + # module implements AES_ctr32_encrypt... + push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//); +diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c +index c9f5969162c..27c36b46e7a 100644 +--- a/crypto/evp/e_aes_cbc_hmac_sha1.c ++++ b/crypto/evp/e_aes_cbc_hmac_sha1.c +@@ -33,7 +33,7 @@ typedef struct { + + #define NO_PAYLOAD_LENGTH ((size_t)-1) + +-#if defined(AES_ASM) && ( \ ++#if defined(AESNI_ASM) && ( \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) ) + +diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c +index d5178313ae3..cc622b6faa8 100644 +--- a/crypto/evp/e_aes_cbc_hmac_sha256.c ++++ b/crypto/evp/e_aes_cbc_hmac_sha256.c +@@ -34,7 +34,7 @@ typedef struct { + + # define NO_PAYLOAD_LENGTH ((size_t)-1) + +-#if defined(AES_ASM) && ( \ ++#if defined(AESNI_ASM) && ( \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) ) + +@@ -947,4 +947,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) + { + return NULL; + } +-#endif ++#endif /* AESNI_ASM */ diff --git a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild index 53f5acad6bab..37ad94c9f5d1 100644 --- a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild +++ b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild @@ -39,7 +39,8 @@ LICENSE="openssl" SLOT="0" KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x86-linux" IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist )" +RESTRICT="!bindist? ( bindist ) + !test? ( test )" RDEPEND=">=app-misc/c_rehash-1.7-r1 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) diff --git a/dev-libs/openssl/openssl-1.1.0l.ebuild b/dev-libs/openssl/openssl-1.1.0l.ebuild index deccd8443de1..1d5afcf680c7 100644 --- a/dev-libs/openssl/openssl-1.1.0l.ebuild +++ b/dev-libs/openssl/openssl-1.1.0l.ebuild @@ -28,7 +28,8 @@ LICENSE="openssl" SLOT="0/1.1" # .so version of libssl/libcrypto KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~x86-linux" IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist )" +RESTRICT="!bindist? ( bindist ) + !test? ( test )" RDEPEND=">=app-misc/c_rehash-1.7-r1 zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" diff --git a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild b/dev-libs/openssl/openssl-1.1.1d-r3.ebuild index 1b8d0ea6945d..774605b4bf1d 100644 --- a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild +++ b/dev-libs/openssl/openssl-1.1.1d-r3.ebuild @@ -29,7 +29,8 @@ SLOT="0/1.1" # .so version of libssl/libcrypto [[ "${PV}" = *_pre* ]] || \ KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x86-linux" IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib" -RESTRICT="!bindist? ( bindist )" +RESTRICT="!bindist? ( bindist ) + !test? ( test )" RDEPEND=">=app-misc/c_rehash-1.7-r1 zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )" @@ -40,6 +41,7 @@ BDEPEND=" test? ( sys-apps/diffutils sys-devel/bc + sys-process/procps )" PDEPEND="app-misc/ca-certificates" @@ -47,6 +49,7 @@ PATCHES=( "${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602 "${FILESDIR}"/${P}-fix-zlib.patch "${FILESDIR}"/${P}-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch + "${FILESDIR}"/${P}-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch ) S="${WORKDIR}/${MY_P}" @@ -62,14 +65,12 @@ pkg_setup() { [[ ${MERGE_TYPE} == binary ]] && return # must check in pkg_setup; sysctl don't work with userpriv! - if has test ${FEATURES}; then - if use sctp; then - # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" - # if sctp.auth_enable is not enabled. - local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) - if [[ -z "${sctp_auth_status}" || ${sctp_auth_status} != 1 ]]; then - die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" - fi + if has test ${FEATURES} && use sctp; then + # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" + # if sctp.auth_enable is not enabled. + local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) + if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then + die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" fi fi } @@ -118,14 +119,10 @@ src_prepare() { eapply_user #332661 - if has test ${FEATURES}; then - if use sctp; then - if has network-sandbox ${FEATURES}; then - ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox" - rm test/recipes/80-test_ssl_new.t || die - eend $? - fi - fi + if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then + ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox" + rm test/recipes/80-test_ssl_new.t || die + eend $? fi # make sure the man pages are suffixed #302165 |