From 7539bee3cf8bd87771831cce4470dc6e10f28323 Mon Sep 17 00:00:00 2001 From: Mikhail Novosyolov Date: Wed, 22 Apr 2020 23:11:52 +0300 Subject: [PATCH 1/5] Update from 1.0 to 1.1.1g: - new major version - dropped compat libs, seems that there is no more need to be compatible with Red Hat naming (not sure, TODO: check it) - unified %%docs to easify reading diffs of them - dropped all patches the aim of which ones is not clear to me and there is not description - trying to be buildable on e2k for future - dropped requirements of GOST engine to eventually break this dependency loop, we can preinstall gost-engine where needed by other ways - GOST engine is no more built here in OpenSSL - replaced removing of some manuals with renaming them - now shipping HTML docs (mans) - switched to upstream location of engines (it now has %%major in it and is OK for us) - moved everything from /lib to /usr/lib as preparation for merging everything into /usr - sorted all configure options to improve readability of diffs in the future - introduced new macros alike LibreSSL package - added macro %%openssl_engines_dir for reusing in e.g. openssl-gost-engine - added symlink openssl1.1 -> openssl, because I am thinking of keeping /usr/bin/openssl1.0 in the openssl1.0 compat package, so adding a similar symlink here for consistency - explicit file provide /usr/bin/openssl is not needed because it is put automatically by RPM 4 - versionized some provides - TODO: 2 tests fail for now... Maybe Perl is broken? Based on: - https://abf.io/import/openssl/commit/3591a331152393977000ef3d734e3f1301ecaacf - ALT Linux spec https://packages.altlinux.org/ru/sisyphus/specfiles/openssl1.1 - OpenMandriva spec https://github.com/OpenMandrivaAssociation/openssl/blob/93f1264/openssl.spec --- .abf.yml | 3 +- openssl-0.9.8a-no-rpath.patch | 11 - openssl-1.0.1c-fix-perlpath.pl | 19 - ...15-identificators-and-GOST-OIDs-for-.patch | 379 ------- openssl-1.0.2-add-engines.patch | 45 - openssl-1.0.2-defaults.patch | 32 - openssl-1.0.2-enginesdir.patch | 50 - openssl-1.0.2-test-use-localhost.patch | 21 - openssl-1.0.2-x509.patch | 27 - openssl-1.0.2e-optflags.patch | 85 -- openssl-1.0.2l-gost-engine.patch | 930 ------------------ openssl-1.0.2l-icpbrasil.patch | 61 -- openssl-alt-e2k-makecontext.patch | 30 + openssl.macros | 1 - openssl.spec | 307 +++--- 15 files changed, 141 insertions(+), 1860 deletions(-) delete mode 100644 openssl-0.9.8a-no-rpath.patch delete mode 100644 openssl-1.0.1c-fix-perlpath.pl delete mode 100644 openssl-1.0.2-Backport-GOST-2015-identificators-and-GOST-OIDs-for-.patch delete mode 100644 openssl-1.0.2-add-engines.patch delete mode 100644 openssl-1.0.2-defaults.patch delete mode 100644 openssl-1.0.2-enginesdir.patch delete mode 100644 openssl-1.0.2-test-use-localhost.patch delete mode 100644 openssl-1.0.2-x509.patch delete mode 100644 openssl-1.0.2e-optflags.patch delete mode 100644 openssl-1.0.2l-gost-engine.patch delete mode 100644 openssl-1.0.2l-icpbrasil.patch create mode 100644 openssl-alt-e2k-makecontext.patch delete mode 100644 openssl.macros diff --git a/.abf.yml b/.abf.yml index e30cf45..568ee89 100644 --- a/.abf.yml +++ b/.abf.yml @@ -1,3 +1,2 @@ sources: - openssl-1.0.2u.tar.gz: 740916d79ab0d209d2775277b1c6c3ec2f6502b2 - openssl-1.0.2u.tar.gz.asc: 744624933632f6fa2c16ed0093468e276ce68988 + openssl-1.1.1g.tar.gz: b213a293f2127ec3e323fb3cfc0c9807664fd997 diff --git a/openssl-0.9.8a-no-rpath.patch b/openssl-0.9.8a-no-rpath.patch deleted file mode 100644 index 8f8fb91..0000000 --- a/openssl-0.9.8a-no-rpath.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- openssl-0.9.8a/Makefile.shared.no-rpath 2005-06-23 22:47:54.000000000 +0200 -+++ openssl-0.9.8a/Makefile.shared 2005-11-16 22:35:37.000000000 +0100 -@@ -153,7 +153,7 @@ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - --DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" -+DO_GNU_APP=LDFLAGS="$(CFLAGS)" - - #This is rather special. It's a special target with which one can link - #applications without bothering with any features that have anything to diff --git a/openssl-1.0.1c-fix-perlpath.pl b/openssl-1.0.1c-fix-perlpath.pl deleted file mode 100644 index db555f1..0000000 --- a/openssl-1.0.1c-fix-perlpath.pl +++ /dev/null @@ -1,19 +0,0 @@ ---- openssl-1.0.1c/util/perlpath.pl~ 1999-03-10 20:57:05.000000000 +0100 -+++ openssl-1.0.1c/util/perlpath.pl 2012-12-28 15:31:20.357657353 +0100 -@@ -1,13 +1,13 @@ --#!/usr/local/bin/perl -+#!/usr/bin/perl - # - # modify the '#!/usr/local/bin/perl' - # line in all scripts that rely on perl. - # - --require "find.pl"; -+use File::Find; - - $#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n"; --&find("."); -+find(\&wanted, "."); - - sub wanted - { diff --git a/openssl-1.0.2-Backport-GOST-2015-identificators-and-GOST-OIDs-for-.patch b/openssl-1.0.2-Backport-GOST-2015-identificators-and-GOST-OIDs-for-.patch deleted file mode 100644 index 3871028..0000000 --- a/openssl-1.0.2-Backport-GOST-2015-identificators-and-GOST-OIDs-for-.patch +++ /dev/null @@ -1,379 +0,0 @@ -From dcca4a0281beea3deb5523b94f011a236e5b7a0d Mon Sep 17 00:00:00 2001 -From: Mikhail Novosyolov -Date: Sat, 28 Dec 2019 19:28:09 +0300 -Subject: [PATCH] Backport GOST 2015 identificators and GOST OIDs for Edwards - parameter sets - -Backport of upstream commits to openssl-1.0.2t: -* 3b5e5172007d5eb30cec4269a0f763c9632afd06 "Add GOST OIDs for Edwards parameter sets" by Sergey Zhuravlev -* 55fc247a699be33153f27c06d304e6e60eeff980 "New GOST identificators" by Dmitry Belyavskiy - -Signed-off-by: Mikhail Novosyolov ---- - crypto/objects/obj_dat.h | 113 +++++++++++++++++++++++++++++++++++-- - crypto/objects/obj_mac.h | 93 ++++++++++++++++++++++++++++++ - crypto/objects/obj_mac.num | 23 ++++++++ - crypto/objects/objects.txt | 26 +++++++++ - 4 files changed, 250 insertions(+), 5 deletions(-) - -diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h -index 641cd8e9d2..521a843ae6 100644 ---- a/crypto/objects/obj_dat.h -+++ b/crypto/objects/obj_dat.h -@@ -62,12 +62,12 @@ - * [including the GNU Public Licence.] - */ - --#define NUM_NID 1000 --#define NUM_SN 993 --#define NUM_LN 993 --#define NUM_OBJ 921 -+#define NUM_NID 1023 -+#define NUM_SN 1016 -+#define NUM_LN 1016 -+#define NUM_OBJ 938 - --static const unsigned char lvalues[6485]={ -+static const unsigned char lvalues[6631]={ - 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ -@@ -983,6 +983,23 @@ static const unsigned char lvalues[6485]={ - 0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01, /* [6466] OBJ_INN */ - 0x2A,0x85,0x03,0x64,0x01, /* [6474] OBJ_OGRN */ - 0x2A,0x85,0x03,0x64,0x03, /* [6479] OBJ_SNILS */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01, /* [ 7625] OBJ_id_tc26_cipher_gostr3412_2015_magma */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x01, /* [ 7633] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x02, /* [ 7642] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02, /* [ 7651] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x01, /* [ 7659] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x02, /* [ 7668] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x07, /* [ 7677] OBJ_id_tc26_wrap */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01, /* [ 7684] OBJ_id_tc26_wrap_gostr3412_2015_magma */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01, /* [ 7692] OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x02, /* [ 7701] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01, /* [ 7709] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 */ -+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x02, /* [ 7718] OBJ_id_tc26_gost_3410_2012_256_paramSetB */ -+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x03, /* [ 7727] OBJ_id_tc26_gost_3410_2012_256_paramSetC */ -+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x04, /* [ 7736] OBJ_id_tc26_gost_3410_2012_256_paramSetD */ -+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01, /* [ 7341] OBJ_id_tc26_gost_3410_2012_256_constants */ -+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x01, /* [ 7349] OBJ_id_tc26_gost_3410_2012_256_paramSetA */ -+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x03, /* [ 7358] OBJ_id_tc26_gost_3410_2012_512_paramSetC */ - }; - - static const ASN1_OBJECT nid_objs[NUM_NID]={ -@@ -2620,6 +2637,29 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ - {"grasshopper-cbc","grasshopper-cbc",NID_grasshopper_cbc,0,NULL,0}, - {"grasshopper-cfb","grasshopper-cfb",NID_grasshopper_cfb,0,NULL,0}, - {"grasshopper-mac","grasshopper-mac",NID_grasshopper_mac,0,NULL,0}, -+{"id-tc26-cipher-gostr3412-2015-magma", "id-tc26-cipher-gostr3412-2015-magma", NID_id_tc26_cipher_gostr3412_2015_magma, 8, &so[7625]}, -+{"id-tc26-cipher-gostr3412-2015-magma-ctracpkm", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm, 9, &so[7633]}, -+{"id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac, 9, &so[7642]}, -+{"id-tc26-cipher-gostr3412-2015-kuznyechik", "id-tc26-cipher-gostr3412-2015-kuznyechik", NID_id_tc26_cipher_gostr3412_2015_kuznyechik, 8, &so[7651]}, -+{"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, 9, &so[7659]}, -+{"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, 9, &so[7668]}, -+{"id-tc26-wrap", "id-tc26-wrap", NID_id_tc26_wrap, 7, &so[7677]}, -+{"id-tc26-wrap-gostr3412-2015-magma", "id-tc26-wrap-gostr3412-2015-magma", NID_id_tc26_wrap_gostr3412_2015_magma, 8, &so[7684]}, -+{"id-tc26-wrap-gostr3412-2015-magma-kexp15", "id-tc26-wrap-gostr3412-2015-magma-kexp15", NID_id_tc26_wrap_gostr3412_2015_magma_kexp15, 9, &so[7692]}, -+{"id-tc26-wrap-gostr3412-2015-kuznyechik", "id-tc26-wrap-gostr3412-2015-kuznyechik", NID_id_tc26_wrap_gostr3412_2015_kuznyechik, 8, &so[7701]}, -+{"id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15, 9, &so[7709]}, -+{"id-tc26-gost-3410-2012-512-paramSetC", "GOST R 34.10-2012 (512 bit) ParamSet C", NID_id_tc26_gost_3410_2012_512_paramSetC, 9, &so[7358]}, -+{"id-tc26-gost-3410-2012-256-constants", "id-tc26-gost-3410-2012-256-constants", NID_id_tc26_gost_3410_2012_256_constants, 8, &so[7341]}, -+{"id-tc26-gost-3410-2012-256-paramSetA", "GOST R 34.10-2012 (256 bit) ParamSet A", NID_id_tc26_gost_3410_2012_256_paramSetA, 9, &so[7349]}, -+{"id-tc26-gost-3410-2012-256-paramSetB", "GOST R 34.10-2012 (256 bit) ParamSet B", NID_id_tc26_gost_3410_2012_256_paramSetB, 9, &so[7718]}, -+{"id-tc26-gost-3410-2012-256-paramSetC", "GOST R 34.10-2012 (256 bit) ParamSet C", NID_id_tc26_gost_3410_2012_256_paramSetC, 9, &so[7727]}, -+{"id-tc26-gost-3410-2012-256-paramSetD", "GOST R 34.10-2012 (256 bit) ParamSet D", NID_id_tc26_gost_3410_2012_256_paramSetD, 9, &so[7736]}, -+{"magma-ecb", "magma-ecb", NID_magma_ecb}, -+{"magma-ctr", "magma-ctr", NID_magma_ctr}, -+{"magma-ofb", "magma-ofb", NID_magma_ofb}, -+{"magma-cbc", "magma-cbc", NID_magma_cbc}, -+{"magma-cfb", "magma-cfb", NID_magma_cfb}, -+{"magma-mac", "magma-mac", NID_magma_mac}, - }; - - static const unsigned int sn_objs[NUM_SN]={ -@@ -3616,6 +3656,29 @@ static const unsigned int sn_objs[NUM_SN]={ - 503, /* "x500UniqueIdentifier" */ - 158, /* "x509Certificate" */ - 160, /* "x509Crl" */ -+1147, /* "id-tc26-gost-3410-2012-256-constants" */ -+1148, /* "id-tc26-gost-3410-2012-256-paramSetA" */ -+1149, /* "id-tc26-gost-3410-2012-512-paramSetC" */ -+1176, /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */ -+1177, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */ -+1178, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */ -+1173, /* "id-tc26-cipher-gostr3412-2015-magma" */ -+1174, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */ -+1175, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */ -+1184, /* "id-tc26-gost-3410-2012-256-paramSetB" */ -+1185, /* "id-tc26-gost-3410-2012-256-paramSetC" */ -+1186, /* "id-tc26-gost-3410-2012-256-paramSetD" */ -+1179, /* "id-tc26-wrap" */ -+1182, /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */ -+1183, /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */ -+1180, /* "id-tc26-wrap-gostr3412-2015-magma" */ -+1181, /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */ -+1190, /* "magma-cbc" */ -+1191, /* "magma-cfb" */ -+1188, /* "magma-ctr" */ -+1187, /* "magma-ecb" */ -+1192, /* "magma-mac" */ -+1189, /* "magma-ofb" */ - }; - - static const unsigned int ln_objs[NUM_LN]={ -@@ -4612,6 +4675,29 @@ static const unsigned int ln_objs[NUM_LN]={ - 158, /* "x509Certificate" */ - 160, /* "x509Crl" */ - 125, /* "zlib compression" */ -+1147, /* "id-tc26-gost-3410-2012-256-constants" */ -+1148, /* "id-tc26-gost-3410-2012-256-paramSetA" */ -+1149, /* "id-tc26-gost-3410-2012-512-paramSetC" */ -+1176, /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */ -+1177, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */ -+1178, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */ -+1173, /* "id-tc26-cipher-gostr3412-2015-magma" */ -+1174, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */ -+1175, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */ -+1184, /* "id-tc26-gost-3410-2012-256-paramSetB" */ -+1185, /* "id-tc26-gost-3410-2012-256-paramSetC" */ -+1186, /* "id-tc26-gost-3410-2012-256-paramSetD" */ -+1179, /* "id-tc26-wrap" */ -+1182, /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */ -+1183, /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */ -+1180, /* "id-tc26-wrap-gostr3412-2015-magma" */ -+1181, /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */ -+1190, /* "magma-cbc" */ -+1191, /* "magma-cfb" */ -+1188, /* "magma-ctr" */ -+1187, /* "magma-ecb" */ -+1192, /* "magma-mac" */ -+1189, /* "magma-ofb" */ - }; - - static const unsigned int obj_objs[NUM_OBJ]={ -@@ -5536,5 +5622,22 @@ static const unsigned int obj_objs[NUM_OBJ]={ - 955, /* OBJ_jurisdictionLocalityName 1 3 6 1 4 1 311 60 2 1 1 */ - 956, /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */ - 957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */ -+1179, /* OBJ_id_tc26_wrap 1 2 643 7 1 1 7 */ -+1173, /* OBJ_id_tc26_cipher_gostr3412_2015_magma 1 2 643 7 1 1 5 1 */ -+1176, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik 1 2 643 7 1 1 5 2 */ -+1180, /* OBJ_id_tc26_wrap_gostr3412_2015_magma 1 2 643 7 1 1 7 1 */ -+1182, /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik 1 2 643 7 1 1 7 2 */ -+1174, /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1 2 643 7 1 1 5 1 1 */ -+1175, /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1 2 643 7 1 1 5 1 2 */ -+1177, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1 2 643 7 1 1 5 2 1 */ -+1178, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1 2 643 7 1 1 5 2 2 */ -+1181, /* OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 1 2 643 7 1 1 7 1 1 */ -+1183, /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1 2 643 7 1 1 7 1 1 */ -+1184, /* OBJ_id_tc26_gost_3410_2012_256_paramSetB 1 2 643 7 1 2 1 1 2 */ -+1185, /* OBJ_id_tc26_gost_3410_2012_256_paramSetC 1 2 643 7 1 2 1 1 3 */ -+1186, /* OBJ_id_tc26_gost_3410_2012_256_paramSetD 1 2 643 7 1 2 1 1 4 */ -+1147, /* OBJ_id_tc26_gost_3410_2012_256_constants 1 2 643 7 1 2 1 1 */ -+1148, /* OBJ_id_tc26_gost_3410_2012_256_paramSetA 1 2 643 7 1 2 1 1 1 */ -+1149, /* OBJ_id_tc26_gost_3410_2012_512_paramSetC 1 2 643 7 1 2 1 2 3 */ - }; - -diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h -index 430e14a244..a871bb0c7e 100644 ---- a/crypto/objects/obj_mac.h -+++ b/crypto/objects/obj_mac.h -@@ -4364,3 +4364,96 @@ - #define LN_jurisdictionCountryName "jurisdictionCountryName" - #define NID_jurisdictionCountryName 957 - #define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L -+ -+ -+#define SN_id_tc26_cipher_gostr3412_2015_magma "id-tc26-cipher-gostr3412-2015-magma" -+#define NID_id_tc26_cipher_gostr3412_2015_magma 1173 -+#define OBJ_id_tc26_cipher_gostr3412_2015_magma OBJ_id_tc26_cipher,1L -+ -+#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" -+#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1174 -+#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_magma,1L -+ -+#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" -+#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1175 -+#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_magma,2L -+ -+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik "id-tc26-cipher-gostr3412-2015-kuznyechik" -+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik 1176 -+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik OBJ_id_tc26_cipher,2L -+ -+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" -+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1177 -+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L -+ -+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" -+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1178 -+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L -+ -+#define SN_id_tc26_wrap "id-tc26-wrap" -+#define NID_id_tc26_wrap 1179 -+#define OBJ_id_tc26_wrap OBJ_id_tc26_algorithms,7L -+ -+#define SN_id_tc26_wrap_gostr3412_2015_magma "id-tc26-wrap-gostr3412-2015-magma" -+#define NID_id_tc26_wrap_gostr3412_2015_magma 1180 -+#define OBJ_id_tc26_wrap_gostr3412_2015_magma OBJ_id_tc26_wrap,1L -+ -+#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 "id-tc26-wrap-gostr3412-2015-magma-kexp15" -+#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 1181 -+#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L -+ -+#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik "id-tc26-wrap-gostr3412-2015-kuznyechik" -+#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik 1182 -+#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik OBJ_id_tc26_wrap,2L -+ -+#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" -+#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183 -+#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L -+ -+#define SN_id_tc26_gost_3410_2012_256_paramSetB "id-tc26-gost-3410-2012-256-paramSetB" -+#define LN_id_tc26_gost_3410_2012_256_paramSetB "GOST R 34.10-2012 (256 bit) ParamSet B" -+#define NID_id_tc26_gost_3410_2012_256_paramSetB 1184 -+#define OBJ_id_tc26_gost_3410_2012_256_paramSetB OBJ_id_tc26_gost_3410_2012_256_constants,2L -+ -+#define SN_id_tc26_gost_3410_2012_256_paramSetC "id-tc26-gost-3410-2012-256-paramSetC" -+#define LN_id_tc26_gost_3410_2012_256_paramSetC "GOST R 34.10-2012 (256 bit) ParamSet C" -+#define NID_id_tc26_gost_3410_2012_256_paramSetC 1185 -+#define OBJ_id_tc26_gost_3410_2012_256_paramSetC OBJ_id_tc26_gost_3410_2012_256_constants,3L -+ -+#define SN_id_tc26_gost_3410_2012_256_paramSetD "id-tc26-gost-3410-2012-256-paramSetD" -+#define LN_id_tc26_gost_3410_2012_256_paramSetD "GOST R 34.10-2012 (256 bit) ParamSet D" -+#define NID_id_tc26_gost_3410_2012_256_paramSetD 1186 -+#define OBJ_id_tc26_gost_3410_2012_256_paramSetD OBJ_id_tc26_gost_3410_2012_256_constants,4L -+ -+#define SN_magma_ecb "magma-ecb" -+#define NID_magma_ecb 1187 -+ -+#define SN_magma_ctr "magma-ctr" -+#define NID_magma_ctr 1188 -+ -+#define SN_magma_ofb "magma-ofb" -+#define NID_magma_ofb 1189 -+ -+#define SN_magma_cbc "magma-cbc" -+#define NID_magma_cbc 1190 -+ -+#define SN_magma_cfb "magma-cfb" -+#define NID_magma_cfb 1191 -+ -+#define SN_magma_mac "magma-mac" -+#define NID_magma_mac 1192 -+ -+#define SN_id_tc26_gost_3410_2012_256_constants "id-tc26-gost-3410-2012-256-constants" -+#define LN_id_tc26_gost_3410_2012_256_constants "id-tc26-gost-3410-2012-256-constants" -+#define NID_id_tc26_gost_3410_2012_256_constants 1147 -+#define OBJ_id_tc26_gost_3410_2012_256_constants OBJ_id_tc26_sign_constants,1L -+ -+#define SN_id_tc26_gost_3410_2012_256_paramSetA "id-tc26-gost-3410-2012-256-paramSetA" -+#define LN_id_tc26_gost_3410_2012_256_paramSetA "GOST R 34.10-2012 (256 bit) ParamSet A" -+#define NID_id_tc26_gost_3410_2012_256_paramSetA 1148 -+#define OBJ_id_tc26_gost_3410_2012_256_paramSetA OBJ_id_tc26_gost_3410_2012_256_constants,1L -+ -+#define SN_id_tc26_gost_3410_2012_512_paramSetC "id-tc26-gost-3410-2012-512-paramSetC" -+#define LN_id_tc26_gost_3410_2012_512_paramSetC "GOST R 34.10-2012 (512 bit) ParamSet C" -+#define NID_id_tc26_gost_3410_2012_512_paramSetC 1149 -+#define OBJ_id_tc26_gost_3410_2012_512_paramSetC OBJ_id_tc26_gost_3410_2012_512_constants,3L -diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num -index e5f2eaeb6e..3a5af05f6e 100644 ---- a/crypto/objects/obj_mac.num -+++ b/crypto/objects/obj_mac.num -@@ -977,10 +977,13 @@ id_tc26_agreement_gost_3410_2012_256 976 - id_tc26_agreement_gost_3410_2012_512 977 - id_tc26_constants 978 - id_tc26_sign_constants 979 -+id_tc26_gost_3410_2012_256_constants 1147 -+id_tc26_gost_3410_2012_256_paramSetA 1148 - id_tc26_gost_3410_2012_512_constants 980 - id_tc26_gost_3410_2012_512_paramSetTest 981 - id_tc26_gost_3410_2012_512_paramSetA 982 - id_tc26_gost_3410_2012_512_paramSetB 983 -+id_tc26_gost_3410_2012_512_paramSetC 1149 - id_tc26_digest_constants 984 - id_tc26_cipher_constants 985 - id_tc26_gost_28147_constants 986 -@@ -997,3 +1000,23 @@ grasshopper_ofb 996 - grasshopper_cbc 997 - grasshopper_cfb 998 - grasshopper_mac 999 -+id_tc26_cipher_gostr3412_2015_magma 1173 -+id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1174 -+id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1175 -+id_tc26_cipher_gostr3412_2015_kuznyechik 1176 -+id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1177 -+id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1178 -+id_tc26_wrap 1179 -+id_tc26_wrap_gostr3412_2015_magma 1180 -+id_tc26_wrap_gostr3412_2015_magma_kexp15 1181 -+id_tc26_wrap_gostr3412_2015_kuznyechik 1182 -+id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183 -+id_tc26_gost_3410_2012_256_paramSetB 1184 -+id_tc26_gost_3410_2012_256_paramSetC 1185 -+id_tc26_gost_3410_2012_256_paramSetD 1186 -+magma_ecb 1187 -+magma_ctr 1188 -+magma_ofb 1189 -+magma_cbc 1190 -+magma_cfb 1191 -+magma_mac 1192 -diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt -index 31286b176a..7b400c9842 100644 ---- a/crypto/objects/objects.txt -+++ b/crypto/objects/objects.txt -@@ -1259,18 +1259,36 @@ id-tc26-mac 1 : id-tc26-hmac-gost-3411-2012-256 : HMAC GOST 34.11-2012 256 bit - id-tc26-mac 2 : id-tc26-hmac-gost-3411-2012-512 : HMAC GOST 34.11-2012 512 bit - - id-tc26-algorithms 5 : id-tc26-cipher -+id-tc26-cipher 1 : id-tc26-cipher-gostr3412-2015-magma -+id-tc26-cipher-gostr3412-2015-magma 1 : id-tc26-cipher-gostr3412-2015-magma-ctracpkm -+id-tc26-cipher-gostr3412-2015-magma 2 : id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac -+id-tc26-cipher 2 : id-tc26-cipher-gostr3412-2015-kuznyechik -+id-tc26-cipher-gostr3412-2015-kuznyechik 1 : id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm -+id-tc26-cipher-gostr3412-2015-kuznyechik 2 : id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac - - id-tc26-algorithms 6 : id-tc26-agreement - id-tc26-agreement 1 : id-tc26-agreement-gost-3410-2012-256 - id-tc26-agreement 2 : id-tc26-agreement-gost-3410-2012-512 - -+id-tc26-algorithms 7 : id-tc26-wrap -+id-tc26-wrap 1 : id-tc26-wrap-gostr3412-2015-magma -+id-tc26-wrap-gostr3412-2015-magma 1 : id-tc26-wrap-gostr3412-2015-magma-kexp15 -+id-tc26-wrap 2 : id-tc26-wrap-gostr3412-2015-kuznyechik -+id-tc26-wrap-gostr3412-2015-magma 1 : id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15 -+ - id-tc26 2 : id-tc26-constants - - id-tc26-constants 1 : id-tc26-sign-constants -+id-tc26-sign-constants 1: id-tc26-gost-3410-2012-256-constants - id-tc26-sign-constants 2: id-tc26-gost-3410-2012-512-constants -+id-tc26-gost-3410-2012-256-constants 1 : id-tc26-gost-3410-2012-256-paramSetA: GOST R 34.10-2012 (256 bit) ParamSet A -+id-tc26-gost-3410-2012-256-constants 2 : id-tc26-gost-3410-2012-256-paramSetB: GOST R 34.10-2012 (256 bit) ParamSet B -+id-tc26-gost-3410-2012-256-constants 3 : id-tc26-gost-3410-2012-256-paramSetC: GOST R 34.10-2012 (256 bit) ParamSet C -+id-tc26-gost-3410-2012-256-constants 4 : id-tc26-gost-3410-2012-256-paramSetD: GOST R 34.10-2012 (256 bit) ParamSet D - id-tc26-gost-3410-2012-512-constants 0 : id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set - id-tc26-gost-3410-2012-512-constants 1 : id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A - id-tc26-gost-3410-2012-512-constants 2 : id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B -+id-tc26-gost-3410-2012-512-constants 3 : id-tc26-gost-3410-2012-512-paramSetC: GOST R 34.10-2012 (512 bit) ParamSet C - - id-tc26-constants 2 : id-tc26-digest-constants - id-tc26-constants 5 : id-tc26-cipher-constants -@@ -1289,6 +1307,14 @@ member-body 643 100 3 : SNILS : SNILS - : grasshopper-cfb - : grasshopper-mac - -+#GOST R34.13-2015 Magma -+ : magma-ecb -+ : magma-ctr -+ : magma-ofb -+ : magma-cbc -+ : magma-cfb -+ : magma-mac -+ - # Definitions for Camellia cipher - CBC MODE - - 1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc --- -2.20.1 - diff --git a/openssl-1.0.2-add-engines.patch b/openssl-1.0.2-add-engines.patch deleted file mode 100644 index d70d17d..0000000 --- a/openssl-1.0.2-add-engines.patch +++ /dev/null @@ -1,45 +0,0 @@ ---- openssl-1.0.2/apps/version.c.version-add-engines 2015-01-25 13:46:17.556753160 +0100 -+++ openssl-1.0.2/apps/version.c 2015-01-25 13:55:16.310634385 +0100 -@@ -131,6 +131,7 @@ - #ifndef OPENSSL_NO_BF - # include - #endif -+#include - - #undef PROG - #define PROG version_main -@@ -140,7 +141,7 @@ int MAIN(int, char **); - int MAIN(int argc, char **argv) - { - int i, ret = 0; -- int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0; -+ int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0, engines = 0; - - apps_startup(); - -@@ -164,7 +165,7 @@ int MAIN(int argc, char **argv) - else if (strcmp(argv[i], "-d") == 0) - dir = 1; - else if (strcmp(argv[i], "-a") == 0) -- date = version = cflags = options = platform = dir = 1; -+ date = version = cflags = options = platform = dir = engines = 1; - else { - BIO_printf(bio_err, "usage:version -[avbofpd]\n"); - ret = 1; -@@ -208,6 +209,16 @@ int MAIN(int argc, char **argv) - printf("%s\n", SSLeay_version(SSLEAY_CFLAGS)); - if (dir) - printf("%s\n", SSLeay_version(SSLEAY_DIR)); -+ if (engines) { -+ ENGINE *e; -+ printf("engines: "); -+ e = ENGINE_get_first(); -+ while(e) { -+ printf("%s ", ENGINE_get_id(e)); -+ e = ENGINE_get_next(e); -+ } -+ printf("\n"); -+ } - end: - apps_shutdown(); - OPENSSL_EXIT(ret); diff --git a/openssl-1.0.2-defaults.patch b/openssl-1.0.2-defaults.patch deleted file mode 100644 index b5b070a..0000000 --- a/openssl-1.0.2-defaults.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- openssl-1.0.2/apps/openssl.cnf.defaults 2015-01-22 15:58:06.000000000 +0100 -+++ openssl-1.0.2/apps/openssl.cnf 2015-01-25 11:27:18.561475929 +0100 -@@ -104,6 +104,7 @@ emailAddress = optional - #################################################################### - [ req ] - default_bits = 2048 -+default_md = sha1 - default_keyfile = privkey.pem - distinguished_name = req_distinguished_name - attributes = req_attributes -@@ -126,17 +127,18 @@ string_mask = utf8only - - [ req_distinguished_name ] - countryName = Country Name (2 letter code) --countryName_default = AU -+countryName_default = XX - countryName_min = 2 - countryName_max = 2 - - stateOrProvinceName = State or Province Name (full name) --stateOrProvinceName_default = Some-State -+stateOrProvinceName_default = Default Province - - localityName = Locality Name (eg, city) -+localityName_default = Default City - - 0.organizationName = Organization Name (eg, company) --0.organizationName_default = Internet Widgits Pty Ltd -+0.organizationName_default = Default Company Ltd - - # we can do this but it is not needed normally :-) - #1.organizationName = Second Organization Name (eg, company) diff --git a/openssl-1.0.2-enginesdir.patch b/openssl-1.0.2-enginesdir.patch deleted file mode 100644 index a87df5b..0000000 --- a/openssl-1.0.2-enginesdir.patch +++ /dev/null @@ -1,50 +0,0 @@ ---- openssl-1.0.2/Configure.engines 2015-01-25 13:56:48.037706400 +0100 -+++ openssl-1.0.2/Configure 2015-01-25 13:56:48.038706401 +0100 -@@ -710,6 +710,7 @@ my $idx_multilib = $idx++; - my $prefix=""; - my $libdir=""; - my $openssldir=""; -+my $enginesdir=""; - my $exe_ext=""; - my $install_prefix= "$ENV{'INSTALL_PREFIX'}"; - my $cross_compile_prefix=""; -@@ -937,6 +938,10 @@ PROCESS_ARGS: - { - $openssldir=$1; - } -+ elsif (/^--enginesdir=(.*)$/) -+ { -+ $enginesdir=$1; -+ } - elsif (/^--install.prefix=(.*)$/) - { - $install_prefix=$1; -@@ -1193,7 +1198,7 @@ chop $prefix if $prefix =~ /.\/$/; - - $openssldir=$prefix . "/ssl" if $openssldir eq ""; - $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; -- -+$enginesdir="$prefix/lib/engines" if $enginesdir eq ""; - - print "IsMK1MF=$IsMK1MF\n"; - -@@ -1879,7 +1884,7 @@ while () - } - elsif (/^#define\s+ENGINESDIR/) - { -- my $foo = "$prefix/$libdir/engines"; -+ my $foo = "$enginesdir"; - $foo =~ s/\\/\\\\/g; - print OUT "#define ENGINESDIR \"$foo\"\n"; - } ---- openssl-1.0.2/engines/Makefile.engines 2015-01-25 13:56:48.039706402 +0100 -+++ openssl-1.0.2/engines/Makefile 2015-01-25 13:57:23.706518032 +0100 -@@ -124,7 +124,7 @@ install: - esac; \ - cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ - fi; \ -- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ - done; \ - fi diff --git a/openssl-1.0.2-test-use-localhost.patch b/openssl-1.0.2-test-use-localhost.patch deleted file mode 100644 index d6b273c..0000000 --- a/openssl-1.0.2-test-use-localhost.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -Naur openssl-1.0.2o.orig/ssl/ssltest.c openssl-1.0.2o/ssl/ssltest.c ---- openssl-1.0.2o.orig/ssl/ssltest.c 2018-03-31 19:02:09.054769078 +0300 -+++ openssl-1.0.2o/ssl/ssltest.c 2018-03-31 19:02:09.070769368 +0300 -@@ -1859,16 +1859,7 @@ - - #ifndef OPENSSL_NO_KRB5 - if (c_ssl && c_ssl->kssl_ctx) { -- char localhost[MAXHOSTNAMELEN + 2]; -- -- if (gethostname(localhost, sizeof(localhost) - 1) == 0) { -- localhost[sizeof(localhost) - 1] = '\0'; -- if (strlen(localhost) == sizeof(localhost) - 1) { -- BIO_printf(bio_err, "localhost name too long\n"); -- goto end; -- } -- kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost); -- } -+ kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, "localhost"); - } - #endif /* OPENSSL_NO_KRB5 */ - diff --git a/openssl-1.0.2-x509.patch b/openssl-1.0.2-x509.patch deleted file mode 100644 index 6309e88..0000000 --- a/openssl-1.0.2-x509.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- openssl-1.0.2/crypto/x509/by_file.c.x509 2015-01-25 11:27:44.827662311 +0100 -+++ openssl-1.0.2/crypto/x509/by_file.c 2015-01-25 13:46:01.748713008 +0100 -@@ -152,9 +152,12 @@ int X509_load_cert_file(X509_LOOKUP *ctx - } - } - i = X509_STORE_add_cert(ctx->store_ctx, x); -- if (!i) -- goto err; -- count++; -+ /* ignore any problems with current certificate and -+ * continue with the next one */ -+ if(i) -+ count++; -+ else -+ ERR_clear_error(); - X509_free(x); - x = NULL; - } -@@ -167,7 +170,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx - } - i = X509_STORE_add_cert(ctx->store_ctx, x); - if (!i) -- goto err; -+ ERR_clear_error(); - ret = i; - } else { - X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE); diff --git a/openssl-1.0.2e-optflags.patch b/openssl-1.0.2e-optflags.patch deleted file mode 100644 index 85d34d7..0000000 --- a/openssl-1.0.2e-optflags.patch +++ /dev/null @@ -1,85 +0,0 @@ ---- openssl-1.0.2/Configure.optflags 2015-01-22 09:58:32.000000000 -0500 -+++ openssl-1.0.2/Configure 2015-02-19 17:35:04.071328593 -0500 -@@ -348,8 +348,8 @@ my %table=( - #### - # *-generic* is endian-neutral target, but ./config is free to - # throw in -D[BL]_ENDIAN, whichever appropriate... --"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-generic32","gcc:\$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-ppc", "gcc:-DB_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - - ####################################################################### - # Note that -march is not among compiler options in below linux-armv4 -@@ -378,8 +378,8 @@ my %table=( - # - # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 - # --"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-armv4", "gcc: \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-aarch64","gcc: \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - # Configure script adds minimally required -march for assembly support, - # if no -march was specified at command line. mips32 and mips64 below - # refer to contemporary MIPS Architecture specifications, MIPS32 and -@@ -388,20 +388,20 @@ my %table=( - "linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", - "linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - #### IA-32 targets... --"linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", -+"linux-ia32-icc", "icc:-DL_ENDIAN \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-elf", "gcc:-DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-aout", "gcc:-DL_ENDIAN \$(RPM_OPT_FLAGS) -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", - #### --"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", --"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", --"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", --"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", --"debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", --"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", --"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", -+"linux-generic64","gcc:\$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-ppc64", "gcc:-m64 -DB_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux-ppc64le","gcc:-m64 -DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", -+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-ia64-icc","icc:-DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-x86_64", "gcc:-m64 -DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux-x86_64-icc", "icc:-DL_ENDIAN \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux-x32", "gcc:-mx32 -DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", - "linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - #### So called "highgprs" target for z/Architecture CPUs - # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see -@@ -419,12 +419,12 @@ my %table=( - #### SPARC Linux setups - # Ray Miller has patiently - # assisted with debugging of following two configs. --"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN \$(RPM_OPT_FLAGS) -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - # it's a real mess with -mcpu=ultrasparc option under Linux, but - # -Wa,-Av8plus should do the trick no matter what. --"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN \$(RPM_OPT_FLAGS) -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - # GCC 3.1 is a requirement --"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - #### Alpha Linux with GNU C and Compaq C setups - # Special notes: - # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you -@@ -438,8 +438,8 @@ my %table=( - # - # - # --"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-alpha-gcc","gcc:$(RPM_OPT_FLAGS) -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-alpha+bwx-gcc","gcc:$(RPM_OPT_FLAGS) -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - diff --git a/openssl-1.0.2l-gost-engine.patch b/openssl-1.0.2l-gost-engine.patch deleted file mode 100644 index 7eebb8e..0000000 --- a/openssl-1.0.2l-gost-engine.patch +++ /dev/null @@ -1,930 +0,0 @@ -diff -urN openssl-1.0.2l/crypto/asn1/a_mbstr.c openssl-1.0.2l-patched/crypto/asn1/a_mbstr.c ---- openssl-1.0.2l/crypto/asn1/a_mbstr.c 2017-05-25 22:54:34.134746123 +1000 -+++ openssl-1.0.2l-patched/crypto/asn1/a_mbstr.c 2017-06-30 22:32:46.624534512 +1000 -@@ -173,6 +173,8 @@ - str_type = V_ASN1_PRINTABLESTRING; - else if (mask & B_ASN1_IA5STRING) - str_type = V_ASN1_IA5STRING; -+ else if (mask & B_ASN1_NUMERICSTRING) -+ str_type = V_ASN1_NUMERICSTRING; - else if (mask & B_ASN1_T61STRING) - str_type = V_ASN1_T61STRING; - else if (mask & B_ASN1_BMPSTRING) { -diff -urN openssl-1.0.2l/crypto/asn1/a_strnid.c openssl-1.0.2l-patched/crypto/asn1/a_strnid.c ---- openssl-1.0.2l/crypto/asn1/a_strnid.c 2017-05-25 22:54:38.134746123 +1000 -+++ openssl-1.0.2l-patched/crypto/asn1/a_strnid.c 2017-06-30 22:34:13.106542001 +1000 -@@ -193,7 +193,10 @@ - {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, - {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, - {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, -- {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK} -+ {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, -+ {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, -+ {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, -+ {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK} - }; - - static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, -diff -urN openssl-1.0.2l/crypto/cms/cms_sd.c openssl-1.0.2l-patched/crypto/cms/cms_sd.c ---- openssl-1.0.2l/crypto/cms/cms_sd.c 2017-05-25 22:54:34.134746123 +1000 -+++ openssl-1.0.2l-patched/crypto/cms/cms_sd.c 2017-06-30 22:32:46.626534512 +1000 -@@ -943,6 +943,8 @@ - int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) - { - if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) -+ || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1) -+ || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1) - || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) - || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) - || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) -diff -urN openssl-1.0.2l/crypto/evp/evp.h openssl-1.0.2l-patched/crypto/evp/evp.h ---- openssl-1.0.2l/crypto/evp/evp.h 2017-05-25 22:54:34.134746123 +1000 -+++ openssl-1.0.2l-patched/crypto/evp/evp.h 2017-06-30 22:32:46.627534512 +1000 -@@ -423,6 +423,35 @@ - # define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b - # define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c - -+/* -+ * Russian GOST has some parameters defining its usage: -+ * S-blocks, key meshing, padding modes -+ */ -+#define EVP_CTRL_GOST_PARAMS 0x1d -+#define EVP_CTRL_GOST_KEY_MESHING 0x1e -+#define EVP_CTRL_GOST_PADDING 0x1f -+ -+/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */ -+# define EVP_CTRL_SET_SBOX 0x1d -+/* -+ * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a -+ * pre-allocated buffer with specified size -+ */ -+# define EVP_CTRL_SBOX_USED 0x1e -+/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after, -+ * 0 switches meshing off -+ */ -+# define EVP_CTRL_KEY_MESH 0x1f -+/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */ -+# define EVP_CTRL_BLOCK_PADDING_MODE 0x20 -+ -+/* Padding modes */ -+#define EVP_PADDING_PKCS7 1 -+#define EVP_PADDING_ISO7816_4 2 -+#define EVP_PADDING_ANSI923 3 -+#define EVP_PADDING_ISO10126 4 -+#define EVP_PADDING_ZERO 5 -+ - /* RFC 5246 defines additional data to be 13 bytes in length */ - # define EVP_AEAD_TLS1_AAD_LEN 13 - -diff -urN openssl-1.0.2l/crypto/evp/evp_pbe.c openssl-1.0.2l-patched/crypto/evp/evp_pbe.c ---- openssl-1.0.2l/crypto/evp/evp_pbe.c 2017-05-25 22:54:34.134746123 +1000 -+++ openssl-1.0.2l-patched/crypto/evp/evp_pbe.c 2017-06-30 22:32:46.627534512 +1000 -@@ -121,6 +121,10 @@ - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0}, - {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0}, -+ {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_256, -1, -+ NID_id_GostR3411_2012_256, 0}, -+ {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1, -+ NID_id_GostR3411_2012_512, 0}, - }; - - #ifdef TEST -diff -urN openssl-1.0.2l/crypto/objects/obj_dat.h openssl-1.0.2l-patched/crypto/objects/obj_dat.h ---- openssl-1.0.2l/crypto/objects/obj_dat.h 2017-05-25 22:55:20.134746123 +1000 -+++ openssl-1.0.2l-patched/crypto/objects/obj_dat.h 2017-06-30 22:32:46.631534513 +1000 -@@ -62,12 +62,12 @@ - * [including the GNU Public Licence.] - */ - --#define NUM_NID 958 --#define NUM_SN 951 --#define NUM_LN 951 --#define NUM_OBJ 890 -+#define NUM_NID 1000 -+#define NUM_SN 993 -+#define NUM_LN 993 -+#define NUM_OBJ 921 - --static const unsigned char lvalues[6255]={ -+static const unsigned char lvalues[6485]={ - 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ -@@ -952,6 +952,37 @@ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,/* [6221] OBJ_jurisdictionLocalityName */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,/* [6232] OBJ_jurisdictionStateOrProvinceName */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,/* [6243] OBJ_jurisdictionCountryName */ -+0x2A,0x85,0x03,0x07,0x01, /* [6254] OBJ_id_tc26 */ -+0x2A,0x85,0x03,0x07,0x01,0x01, /* [6259] OBJ_id_tc26_algorithms */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x01, /* [6265] OBJ_id_tc26_sign */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01, /* [6272] OBJ_id_GostR3410_2012_256 */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02, /* [6280] OBJ_id_GostR3410_2012_512 */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x02, /* [6288] OBJ_id_tc26_digest */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x02, /* [6295] OBJ_id_GostR3411_2012_256 */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x03, /* [6303] OBJ_id_GostR3411_2012_512 */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x03, /* [6311] OBJ_id_tc26_signwithdigest */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02, /* [6318] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03, /* [6326] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x04, /* [6334] OBJ_id_tc26_mac */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01, /* [6341] OBJ_id_tc26_hmac_gost_3411_2012_256 */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02, /* [6349] OBJ_id_tc26_hmac_gost_3411_2012_512 */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x05, /* [6357] OBJ_id_tc26_cipher */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x06, /* [6364] OBJ_id_tc26_agreement */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x01, /* [6371] OBJ_id_tc26_agreement_gost_3410_2012_256 */ -+0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x02, /* [6379] OBJ_id_tc26_agreement_gost_3410_2012_512 */ -+0x2A,0x85,0x03,0x07,0x01,0x02, /* [6387] OBJ_id_tc26_constants */ -+0x2A,0x85,0x03,0x07,0x01,0x02,0x01, /* [6393] OBJ_id_tc26_sign_constants */ -+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02, /* [6400] OBJ_id_tc26_gost_3410_2012_512_constants */ -+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x00,/* [6408] OBJ_id_tc26_gost_3410_2012_512_paramSetTest */ -+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01,/* [6417] OBJ_id_tc26_gost_3410_2012_512_paramSetA */ -+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02,/* [6426] OBJ_id_tc26_gost_3410_2012_512_paramSetB */ -+0x2A,0x85,0x03,0x07,0x01,0x02,0x02, /* [6435] OBJ_id_tc26_digest_constants */ -+0x2A,0x85,0x03,0x07,0x01,0x02,0x05, /* [6442] OBJ_id_tc26_cipher_constants */ -+0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01, /* [6449] OBJ_id_tc26_gost_28147_constants */ -+0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01,/* [6457] OBJ_id_tc26_gost_28147_param_Z */ -+0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01, /* [6466] OBJ_INN */ -+0x2A,0x85,0x03,0x64,0x01, /* [6474] OBJ_OGRN */ -+0x2A,0x85,0x03,0x64,0x03, /* [6479] OBJ_SNILS */ - }; - - static const ASN1_OBJECT nid_objs[NUM_NID]={ -@@ -2514,6 +2545,81 @@ - NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0}, - {"jurisdictionC","jurisdictionCountryName", - NID_jurisdictionCountryName,11,&(lvalues[6243]),0}, -+{"id-tc26","id-tc26",NID_id_tc26,5,&(lvalues[6254]),0}, -+{"gost89-cnt-12","gost89-cnt-12",NID_gost89_cnt_12,0,NULL,0}, -+{"gost-mac-12","gost-mac-12",NID_gost_mac_12,0,NULL,0}, -+{"id-tc26-algorithms","id-tc26-algorithms",NID_id_tc26_algorithms,6, -+ &(lvalues[6259]),0}, -+{"id-tc26-sign","id-tc26-sign",NID_id_tc26_sign,7,&(lvalues[6265]),0}, -+{"gost2012_256","GOST R 34.10-2012 with 256 bit modulus", -+ NID_id_GostR3410_2012_256,8,&(lvalues[6272]),0}, -+{"gost2012_512","GOST R 34.10-2012 with 512 bit modulus", -+ NID_id_GostR3410_2012_512,8,&(lvalues[6280]),0}, -+{"id-tc26-digest","id-tc26-digest",NID_id_tc26_digest,7, -+ &(lvalues[6288]),0}, -+{"md_gost12_256","GOST R 34.11-2012 with 256 bit hash", -+ NID_id_GostR3411_2012_256,8,&(lvalues[6295]),0}, -+{"md_gost12_512","GOST R 34.11-2012 with 512 bit hash", -+ NID_id_GostR3411_2012_512,8,&(lvalues[6303]),0}, -+{"id-tc26-signwithdigest","id-tc26-signwithdigest", -+ NID_id_tc26_signwithdigest,7,&(lvalues[6311]),0}, -+{"id-tc26-signwithdigest-gost3410-2012-256", -+ "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)", -+ NID_id_tc26_signwithdigest_gost3410_2012_256,8,&(lvalues[6318]),0}, -+{"id-tc26-signwithdigest-gost3410-2012-512", -+ "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)", -+ NID_id_tc26_signwithdigest_gost3410_2012_512,8,&(lvalues[6326]),0}, -+{"id-tc26-mac","id-tc26-mac",NID_id_tc26_mac,7,&(lvalues[6334]),0}, -+{"id-tc26-hmac-gost-3411-2012-256","HMAC GOST 34.11-2012 256 bit", -+ NID_id_tc26_hmac_gost_3411_2012_256,8,&(lvalues[6341]),0}, -+{"id-tc26-hmac-gost-3411-2012-512","HMAC GOST 34.11-2012 512 bit", -+ NID_id_tc26_hmac_gost_3411_2012_512,8,&(lvalues[6349]),0}, -+{"id-tc26-cipher","id-tc26-cipher",NID_id_tc26_cipher,7, -+ &(lvalues[6357]),0}, -+{"id-tc26-agreement","id-tc26-agreement",NID_id_tc26_agreement,7, -+ &(lvalues[6364]),0}, -+{"id-tc26-agreement-gost-3410-2012-256", -+ "id-tc26-agreement-gost-3410-2012-256", -+ NID_id_tc26_agreement_gost_3410_2012_256,8,&(lvalues[6371]),0}, -+{"id-tc26-agreement-gost-3410-2012-512", -+ "id-tc26-agreement-gost-3410-2012-512", -+ NID_id_tc26_agreement_gost_3410_2012_512,8,&(lvalues[6379]),0}, -+{"id-tc26-constants","id-tc26-constants",NID_id_tc26_constants,6, -+ &(lvalues[6387]),0}, -+{"id-tc26-sign-constants","id-tc26-sign-constants", -+ NID_id_tc26_sign_constants,7,&(lvalues[6393]),0}, -+{"id-tc26-gost-3410-2012-512-constants", -+ "id-tc26-gost-3410-2012-512-constants", -+ NID_id_tc26_gost_3410_2012_512_constants,8,&(lvalues[6400]),0}, -+{"id-tc26-gost-3410-2012-512-paramSetTest", -+ "GOST R 34.10-2012 (512 bit) testing parameter set", -+ NID_id_tc26_gost_3410_2012_512_paramSetTest,9,&(lvalues[6408]),0}, -+{"id-tc26-gost-3410-2012-512-paramSetA", -+ "GOST R 34.10-2012 (512 bit) ParamSet A", -+ NID_id_tc26_gost_3410_2012_512_paramSetA,9,&(lvalues[6417]),0}, -+{"id-tc26-gost-3410-2012-512-paramSetB", -+ "GOST R 34.10-2012 (512 bit) ParamSet B", -+ NID_id_tc26_gost_3410_2012_512_paramSetB,9,&(lvalues[6426]),0}, -+{"id-tc26-digest-constants","id-tc26-digest-constants", -+ NID_id_tc26_digest_constants,7,&(lvalues[6435]),0}, -+{"id-tc26-cipher-constants","id-tc26-cipher-constants", -+ NID_id_tc26_cipher_constants,7,&(lvalues[6442]),0}, -+{"id-tc26-gost-28147-constants","id-tc26-gost-28147-constants", -+ NID_id_tc26_gost_28147_constants,8,&(lvalues[6449]),0}, -+{"id-tc26-gost-28147-param-Z","GOST 28147-89 TC26 parameter set", -+ NID_id_tc26_gost_28147_param_Z,9,&(lvalues[6457]),0}, -+{"INN","INN",NID_INN,8,&(lvalues[6466]),0}, -+{"OGRN","OGRN",NID_OGRN,5,&(lvalues[6474]),0}, -+{"SNILS","SNILS",NID_SNILS,5,&(lvalues[6479]),0}, -+{"gost89-cbc","gost89-cbc",NID_gost89_cbc,0,NULL,0}, -+{"gost89-ecb","gost89-ecb",NID_gost89_ecb,0,NULL,0}, -+{"gost89-ctr","gost89-ctr",NID_gost89_ctr,0,NULL,0}, -+{"grasshopper-ecb","grasshopper-ecb",NID_grasshopper_ecb,0,NULL,0}, -+{"grasshopper-ctr","grasshopper-ctr",NID_grasshopper_ctr,0,NULL,0}, -+{"grasshopper-ofb","grasshopper-ofb",NID_grasshopper_ofb,0,NULL,0}, -+{"grasshopper-cbc","grasshopper-cbc",NID_grasshopper_cbc,0,NULL,0}, -+{"grasshopper-cfb","grasshopper-cfb",NID_grasshopper_cfb,0,NULL,0}, -+{"grasshopper-mac","grasshopper-mac",NID_grasshopper_mac,0,NULL,0}, - }; - - static const unsigned int sn_objs[NUM_SN]={ -@@ -2614,6 +2720,7 @@ - 35, /* "IDEA-CFB" */ - 36, /* "IDEA-ECB" */ - 46, /* "IDEA-OFB" */ -+988, /* "INN" */ - 181, /* "ISO" */ - 183, /* "ISO-US" */ - 645, /* "ITU-T" */ -@@ -2635,6 +2742,7 @@ - 17, /* "O" */ - 178, /* "OCSP" */ - 180, /* "OCSPSigning" */ -+989, /* "OGRN" */ - 379, /* "ORG" */ - 18, /* "OU" */ - 749, /* "Oakley-EC2N-3" */ -@@ -2700,6 +2808,7 @@ - 188, /* "SMIME" */ - 167, /* "SMIME-CAPS" */ - 100, /* "SN" */ -+990, /* "SNILS" */ - 16, /* "ST" */ - 143, /* "SXNetID" */ - 458, /* "UID" */ -@@ -2858,12 +2967,25 @@ - 156, /* "friendlyName" */ - 509, /* "generationQualifier" */ - 815, /* "gost-mac" */ -+960, /* "gost-mac-12" */ - 811, /* "gost2001" */ - 851, /* "gost2001cc" */ -+963, /* "gost2012_256" */ -+964, /* "gost2012_512" */ - 813, /* "gost89" */ -+991, /* "gost89-cbc" */ - 814, /* "gost89-cnt" */ -+959, /* "gost89-cnt-12" */ -+993, /* "gost89-ctr" */ -+992, /* "gost89-ecb" */ - 812, /* "gost94" */ - 850, /* "gost94cc" */ -+997, /* "grasshopper-cbc" */ -+998, /* "grasshopper-cfb" */ -+995, /* "grasshopper-ctr" */ -+994, /* "grasshopper-ecb" */ -+999, /* "grasshopper-mac" */ -+996, /* "grasshopper-ofb" */ - 797, /* "hmacWithMD5" */ - 163, /* "hmacWithSHA1" */ - 798, /* "hmacWithSHA224" */ -@@ -3115,6 +3237,30 @@ - 194, /* "id-smime-spq" */ - 250, /* "id-smime-spq-ets-sqt-unotice" */ - 249, /* "id-smime-spq-ets-sqt-uri" */ -+958, /* "id-tc26" */ -+975, /* "id-tc26-agreement" */ -+976, /* "id-tc26-agreement-gost-3410-2012-256" */ -+977, /* "id-tc26-agreement-gost-3410-2012-512" */ -+961, /* "id-tc26-algorithms" */ -+974, /* "id-tc26-cipher" */ -+985, /* "id-tc26-cipher-constants" */ -+978, /* "id-tc26-constants" */ -+965, /* "id-tc26-digest" */ -+984, /* "id-tc26-digest-constants" */ -+986, /* "id-tc26-gost-28147-constants" */ -+987, /* "id-tc26-gost-28147-param-Z" */ -+980, /* "id-tc26-gost-3410-2012-512-constants" */ -+982, /* "id-tc26-gost-3410-2012-512-paramSetA" */ -+983, /* "id-tc26-gost-3410-2012-512-paramSetB" */ -+981, /* "id-tc26-gost-3410-2012-512-paramSetTest" */ -+972, /* "id-tc26-hmac-gost-3411-2012-256" */ -+973, /* "id-tc26-hmac-gost-3411-2012-512" */ -+971, /* "id-tc26-mac" */ -+962, /* "id-tc26-sign" */ -+979, /* "id-tc26-sign-constants" */ -+968, /* "id-tc26-signwithdigest" */ -+969, /* "id-tc26-signwithdigest-gost3410-2012-256" */ -+970, /* "id-tc26-signwithdigest-gost3410-2012-512" */ - 676, /* "identified-organization" */ - 461, /* "info" */ - 748, /* "inhibitAnyPolicy" */ -@@ -3140,6 +3286,8 @@ - 460, /* "mail" */ - 493, /* "mailPreferenceOption" */ - 467, /* "manager" */ -+966, /* "md_gost12_256" */ -+967, /* "md_gost12_512" */ - 809, /* "md_gost94" */ - 875, /* "member" */ - 182, /* "member-body" */ -@@ -3497,12 +3645,22 @@ - 813, /* "GOST 28147-89" */ - 849, /* "GOST 28147-89 Cryptocom ParamSet" */ - 815, /* "GOST 28147-89 MAC" */ -+987, /* "GOST 28147-89 TC26 parameter set" */ - 851, /* "GOST 34.10-2001 Cryptocom" */ - 850, /* "GOST 34.10-94 Cryptocom" */ - 811, /* "GOST R 34.10-2001" */ - 817, /* "GOST R 34.10-2001 DH" */ -+982, /* "GOST R 34.10-2012 (512 bit) ParamSet A" */ -+983, /* "GOST R 34.10-2012 (512 bit) ParamSet B" */ -+981, /* "GOST R 34.10-2012 (512 bit) testing parameter set" */ -+963, /* "GOST R 34.10-2012 with 256 bit modulus" */ -+964, /* "GOST R 34.10-2012 with 512 bit modulus" */ -+969, /* "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" */ -+970, /* "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" */ - 812, /* "GOST R 34.10-94" */ - 818, /* "GOST R 34.10-94 DH" */ -+966, /* "GOST R 34.11-2012 with 256 bit hash" */ -+967, /* "GOST R 34.11-2012 with 512 bit hash" */ - 809, /* "GOST R 34.11-94" */ - 816, /* "GOST R 34.11-94 PRF" */ - 807, /* "GOST R 34.11-94 with GOST R 34.10-2001" */ -@@ -3510,12 +3668,15 @@ - 808, /* "GOST R 34.11-94 with GOST R 34.10-94" */ - 852, /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */ - 854, /* "GOST R 3410-2001 Parameter Set Cryptocom" */ -+972, /* "HMAC GOST 34.11-2012 256 bit" */ -+973, /* "HMAC GOST 34.11-2012 512 bit" */ - 810, /* "HMAC GOST 34.11-94" */ - 432, /* "Hold Instruction Call Issuer" */ - 430, /* "Hold Instruction Code" */ - 431, /* "Hold Instruction None" */ - 433, /* "Hold Instruction Reject" */ - 634, /* "ICC or token signature" */ -+988, /* "INN" */ - 294, /* "IPSec End System" */ - 295, /* "IPSec Tunnel" */ - 296, /* "IPSec User" */ -@@ -3560,6 +3721,7 @@ - 366, /* "OCSP Nonce" */ - 371, /* "OCSP Service Locator" */ - 180, /* "OCSP Signing" */ -+989, /* "OGRN" */ - 161, /* "PBES2" */ - 69, /* "PBKDF2" */ - 162, /* "PBMAC1" */ -@@ -3573,6 +3735,7 @@ - 2, /* "RSA Data Security, Inc. PKCS" */ - 188, /* "S/MIME" */ - 167, /* "S/MIME Capabilities" */ -+990, /* "SNILS" */ - 387, /* "SNMPv2" */ - 512, /* "Secure Electronic Transactions" */ - 386, /* "Security" */ -@@ -3825,7 +3988,18 @@ - 509, /* "generationQualifier" */ - 601, /* "generic cryptogram" */ - 99, /* "givenName" */ -+960, /* "gost-mac-12" */ -+991, /* "gost89-cbc" */ - 814, /* "gost89-cnt" */ -+959, /* "gost89-cnt-12" */ -+993, /* "gost89-ctr" */ -+992, /* "gost89-ecb" */ -+997, /* "grasshopper-cbc" */ -+998, /* "grasshopper-cfb" */ -+995, /* "grasshopper-ctr" */ -+994, /* "grasshopper-ecb" */ -+999, /* "grasshopper-mac" */ -+996, /* "grasshopper-ofb" */ - 855, /* "hmac" */ - 780, /* "hmac-md5" */ - 781, /* "hmac-sha1" */ -@@ -4053,6 +4227,22 @@ - 194, /* "id-smime-spq" */ - 250, /* "id-smime-spq-ets-sqt-unotice" */ - 249, /* "id-smime-spq-ets-sqt-uri" */ -+958, /* "id-tc26" */ -+975, /* "id-tc26-agreement" */ -+976, /* "id-tc26-agreement-gost-3410-2012-256" */ -+977, /* "id-tc26-agreement-gost-3410-2012-512" */ -+961, /* "id-tc26-algorithms" */ -+974, /* "id-tc26-cipher" */ -+985, /* "id-tc26-cipher-constants" */ -+978, /* "id-tc26-constants" */ -+965, /* "id-tc26-digest" */ -+984, /* "id-tc26-digest-constants" */ -+986, /* "id-tc26-gost-28147-constants" */ -+980, /* "id-tc26-gost-3410-2012-512-constants" */ -+971, /* "id-tc26-mac" */ -+962, /* "id-tc26-sign" */ -+979, /* "id-tc26-sign-constants" */ -+968, /* "id-tc26-signwithdigest" */ - 34, /* "idea-cbc" */ - 35, /* "idea-cfb" */ - 36, /* "idea-ecb" */ -@@ -4661,6 +4851,9 @@ - 639, /* OBJ_set_brand_JCB 2 23 42 8 35 */ - 805, /* OBJ_cryptopro 1 2 643 2 2 */ - 806, /* OBJ_cryptocom 1 2 643 2 9 */ -+958, /* OBJ_id_tc26 1 2 643 7 1 */ -+989, /* OBJ_OGRN 1 2 643 100 1 */ -+990, /* OBJ_SNILS 1 2 643 100 3 */ - 184, /* OBJ_X9_57 1 2 840 10040 */ - 405, /* OBJ_ansi_X9_62 1 2 840 10045 */ - 389, /* OBJ_Enterprises 1 3 6 1 4 1 */ -@@ -4745,6 +4938,8 @@ - 816, /* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */ - 817, /* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */ - 818, /* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */ -+961, /* OBJ_id_tc26_algorithms 1 2 643 7 1 1 */ -+978, /* OBJ_id_tc26_constants 1 2 643 7 1 2 */ - 1, /* OBJ_rsadsi 1 2 840 113549 */ - 185, /* OBJ_X9cm 1 2 840 10040 4 */ - 127, /* OBJ_id_pkix 1 3 6 1 5 5 7 */ -@@ -4795,6 +4990,15 @@ - 842, /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */ - 843, /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */ - 844, /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */ -+962, /* OBJ_id_tc26_sign 1 2 643 7 1 1 1 */ -+965, /* OBJ_id_tc26_digest 1 2 643 7 1 1 2 */ -+968, /* OBJ_id_tc26_signwithdigest 1 2 643 7 1 1 3 */ -+971, /* OBJ_id_tc26_mac 1 2 643 7 1 1 4 */ -+974, /* OBJ_id_tc26_cipher 1 2 643 7 1 1 5 */ -+975, /* OBJ_id_tc26_agreement 1 2 643 7 1 1 6 */ -+979, /* OBJ_id_tc26_sign_constants 1 2 643 7 1 2 1 */ -+984, /* OBJ_id_tc26_digest_constants 1 2 643 7 1 2 2 */ -+985, /* OBJ_id_tc26_cipher_constants 1 2 643 7 1 2 5 */ - 2, /* OBJ_pkcs 1 2 840 113549 1 */ - 431, /* OBJ_hold_instruction_none 1 2 840 10040 2 1 */ - 432, /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */ -@@ -4846,6 +5050,19 @@ - 851, /* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */ - 849, /* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */ - 854, /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */ -+988, /* OBJ_INN 1 2 643 3 131 1 1 */ -+963, /* OBJ_id_GostR3410_2012_256 1 2 643 7 1 1 1 1 */ -+964, /* OBJ_id_GostR3410_2012_512 1 2 643 7 1 1 1 2 */ -+966, /* OBJ_id_GostR3411_2012_256 1 2 643 7 1 1 2 2 */ -+967, /* OBJ_id_GostR3411_2012_512 1 2 643 7 1 1 2 3 */ -+969, /* OBJ_id_tc26_signwithdigest_gost3410_2012_256 1 2 643 7 1 1 3 2 */ -+970, /* OBJ_id_tc26_signwithdigest_gost3410_2012_512 1 2 643 7 1 1 3 3 */ -+972, /* OBJ_id_tc26_hmac_gost_3411_2012_256 1 2 643 7 1 1 4 1 */ -+973, /* OBJ_id_tc26_hmac_gost_3411_2012_512 1 2 643 7 1 1 4 2 */ -+976, /* OBJ_id_tc26_agreement_gost_3410_2012_256 1 2 643 7 1 1 6 1 */ -+977, /* OBJ_id_tc26_agreement_gost_3410_2012_512 1 2 643 7 1 1 6 2 */ -+980, /* OBJ_id_tc26_gost_3410_2012_512_constants 1 2 643 7 1 2 1 2 */ -+986, /* OBJ_id_tc26_gost_28147_constants 1 2 643 7 1 2 5 1 */ - 186, /* OBJ_pkcs1 1 2 840 113549 1 1 */ - 27, /* OBJ_pkcs3 1 2 840 113549 1 3 */ - 187, /* OBJ_pkcs5 1 2 840 113549 1 5 */ -@@ -5013,6 +5230,10 @@ - 439, /* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */ - 440, /* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */ - 441, /* OBJ_pilotGroups 0 9 2342 19200300 100 10 */ -+981, /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */ -+982, /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */ -+983, /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */ -+987, /* OBJ_id_tc26_gost_28147_param_Z 1 2 643 7 1 2 5 1 1 */ - 108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ - 112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ - 782, /* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */ -diff -urN openssl-1.0.2l/crypto/objects/objects.txt openssl-1.0.2l-patched/crypto/objects/objects.txt ---- openssl-1.0.2l/crypto/objects/objects.txt 2017-05-25 22:54:34.134746123 +1000 -+++ openssl-1.0.2l-patched/crypto/objects/objects.txt 2017-06-30 22:32:46.633534513 +1000 -@@ -1156,6 +1156,7 @@ - - member-body 643 2 2 : cryptopro - member-body 643 2 9 : cryptocom -+member-body 643 7 1 : id-tc26 - - cryptopro 3 : id-GostR3411-94-with-GostR3410-2001 : GOST R 34.11-94 with GOST R 34.10-2001 - cryptopro 4 : id-GostR3411-94-with-GostR3410-94 : GOST R 34.11-94 with GOST R 34.10-94 -@@ -1169,8 +1170,13 @@ - !Cname id-Gost28147-89 - cryptopro 21 : gost89 : GOST 28147-89 - : gost89-cnt -+ : gost89-cnt-12 -+ : gost89-cbc -+ : gost89-ecb -+ : gost89-ctr - !Cname id-Gost28147-89-MAC - cryptopro 22 : gost-mac : GOST 28147-89 MAC -+ : gost-mac-12 - !Cname id-GostR3411-94-prf - cryptopro 23 : prf-gostr3411-94 : GOST R 34.11-94 PRF - cryptopro 98 : id-GostR3410-2001DH : GOST R 34.10-2001 DH -@@ -1229,6 +1235,60 @@ - - cryptocom 1 8 1 : id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Set Cryptocom - -+# TC26 GOST OIDs -+ -+id-tc26 1 : id-tc26-algorithms -+id-tc26-algorithms 1 : id-tc26-sign -+!Cname id-GostR3410-2012-256 -+id-tc26-sign 1 : gost2012_256: GOST R 34.10-2012 with 256 bit modulus -+!Cname id-GostR3410-2012-512 -+id-tc26-sign 2 : gost2012_512: GOST R 34.10-2012 with 512 bit modulus -+ -+id-tc26-algorithms 2 : id-tc26-digest -+!Cname id-GostR3411-2012-256 -+id-tc26-digest 2 : md_gost12_256: GOST R 34.11-2012 with 256 bit hash -+!Cname id-GostR3411-2012-512 -+id-tc26-digest 3 : md_gost12_512: GOST R 34.11-2012 with 512 bit hash -+ -+id-tc26-algorithms 3 : id-tc26-signwithdigest -+id-tc26-signwithdigest 2: id-tc26-signwithdigest-gost3410-2012-256: GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit) -+id-tc26-signwithdigest 3: id-tc26-signwithdigest-gost3410-2012-512: GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit) -+ -+id-tc26-algorithms 4 : id-tc26-mac -+id-tc26-mac 1 : id-tc26-hmac-gost-3411-2012-256 : HMAC GOST 34.11-2012 256 bit -+id-tc26-mac 2 : id-tc26-hmac-gost-3411-2012-512 : HMAC GOST 34.11-2012 512 bit -+ -+id-tc26-algorithms 5 : id-tc26-cipher -+ -+id-tc26-algorithms 6 : id-tc26-agreement -+id-tc26-agreement 1 : id-tc26-agreement-gost-3410-2012-256 -+id-tc26-agreement 2 : id-tc26-agreement-gost-3410-2012-512 -+ -+id-tc26 2 : id-tc26-constants -+ -+id-tc26-constants 1 : id-tc26-sign-constants -+id-tc26-sign-constants 2: id-tc26-gost-3410-2012-512-constants -+id-tc26-gost-3410-2012-512-constants 0 : id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set -+id-tc26-gost-3410-2012-512-constants 1 : id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A -+id-tc26-gost-3410-2012-512-constants 2 : id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B -+ -+id-tc26-constants 2 : id-tc26-digest-constants -+id-tc26-constants 5 : id-tc26-cipher-constants -+id-tc26-cipher-constants 1 : id-tc26-gost-28147-constants -+id-tc26-gost-28147-constants 1 : id-tc26-gost-28147-param-Z : GOST 28147-89 TC26 parameter set -+ -+member-body 643 3 131 1 1 : INN : INN -+member-body 643 100 1 : OGRN : OGRN -+member-body 643 100 3 : SNILS : SNILS -+ -+#GOST R34.13-2015 Grasshopper "Kuznechik" -+ : grasshopper-ecb -+ : grasshopper-ctr -+ : grasshopper-ofb -+ : grasshopper-cbc -+ : grasshopper-cfb -+ : grasshopper-mac -+ - # Definitions for Camellia cipher - CBC MODE - - 1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc -diff -urN openssl-1.0.2l/crypto/objects/obj_mac.h openssl-1.0.2l-patched/crypto/objects/obj_mac.h ---- openssl-1.0.2l/crypto/objects/obj_mac.h 2017-05-25 22:54:34.134746123 +1000 -+++ openssl-1.0.2l-patched/crypto/objects/obj_mac.h 2017-06-30 22:32:46.635534513 +1000 -@@ -3678,6 +3678,10 @@ - #define NID_cryptocom 806 - #define OBJ_cryptocom OBJ_member_body,643L,2L,9L - -+#define SN_id_tc26 "id-tc26" -+#define NID_id_tc26 958 -+#define OBJ_id_tc26 OBJ_member_body,643L,7L,1L -+ - #define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" - #define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" - #define NID_id_GostR3411_94_with_GostR3410_2001 807 -@@ -3716,11 +3720,26 @@ - #define SN_gost89_cnt "gost89-cnt" - #define NID_gost89_cnt 814 - -+#define SN_gost89_cnt_12 "gost89-cnt-12" -+#define NID_gost89_cnt_12 959 -+ -+#define SN_gost89_cbc "gost89-cbc" -+#define NID_gost89_cbc 991 -+ -+#define SN_gost89_ecb "gost89-ecb" -+#define NID_gost89_ecb 992 -+ -+#define SN_gost89_ctr "gost89-ctr" -+#define NID_gost89_ctr 993 -+ - #define SN_id_Gost28147_89_MAC "gost-mac" - #define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" - #define NID_id_Gost28147_89_MAC 815 - #define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L - -+#define SN_gost_mac_12 "gost-mac-12" -+#define NID_gost_mac_12 960 -+ - #define SN_id_GostR3411_94_prf "prf-gostr3411-94" - #define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" - #define NID_id_GostR3411_94_prf 816 -@@ -3886,6 +3905,159 @@ - #define NID_id_GostR3410_2001_ParamSet_cc 854 - #define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L - -+#define SN_id_tc26_algorithms "id-tc26-algorithms" -+#define NID_id_tc26_algorithms 961 -+#define OBJ_id_tc26_algorithms OBJ_id_tc26,1L -+ -+#define SN_id_tc26_sign "id-tc26-sign" -+#define NID_id_tc26_sign 962 -+#define OBJ_id_tc26_sign OBJ_id_tc26_algorithms,1L -+ -+#define SN_id_GostR3410_2012_256 "gost2012_256" -+#define LN_id_GostR3410_2012_256 "GOST R 34.10-2012 with 256 bit modulus" -+#define NID_id_GostR3410_2012_256 963 -+#define OBJ_id_GostR3410_2012_256 OBJ_id_tc26_sign,1L -+ -+#define SN_id_GostR3410_2012_512 "gost2012_512" -+#define LN_id_GostR3410_2012_512 "GOST R 34.10-2012 with 512 bit modulus" -+#define NID_id_GostR3410_2012_512 964 -+#define OBJ_id_GostR3410_2012_512 OBJ_id_tc26_sign,2L -+ -+#define SN_id_tc26_digest "id-tc26-digest" -+#define NID_id_tc26_digest 965 -+#define OBJ_id_tc26_digest OBJ_id_tc26_algorithms,2L -+ -+#define SN_id_GostR3411_2012_256 "md_gost12_256" -+#define LN_id_GostR3411_2012_256 "GOST R 34.11-2012 with 256 bit hash" -+#define NID_id_GostR3411_2012_256 966 -+#define OBJ_id_GostR3411_2012_256 OBJ_id_tc26_digest,2L -+ -+#define SN_id_GostR3411_2012_512 "md_gost12_512" -+#define LN_id_GostR3411_2012_512 "GOST R 34.11-2012 with 512 bit hash" -+#define NID_id_GostR3411_2012_512 967 -+#define OBJ_id_GostR3411_2012_512 OBJ_id_tc26_digest,3L -+ -+#define SN_id_tc26_signwithdigest "id-tc26-signwithdigest" -+#define NID_id_tc26_signwithdigest 968 -+#define OBJ_id_tc26_signwithdigest OBJ_id_tc26_algorithms,3L -+ -+#define SN_id_tc26_signwithdigest_gost3410_2012_256 "id-tc26-signwithdigest-gost3410-2012-256" -+#define LN_id_tc26_signwithdigest_gost3410_2012_256 "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" -+#define NID_id_tc26_signwithdigest_gost3410_2012_256 969 -+#define OBJ_id_tc26_signwithdigest_gost3410_2012_256 OBJ_id_tc26_signwithdigest,2L -+ -+#define SN_id_tc26_signwithdigest_gost3410_2012_512 "id-tc26-signwithdigest-gost3410-2012-512" -+#define LN_id_tc26_signwithdigest_gost3410_2012_512 "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" -+#define NID_id_tc26_signwithdigest_gost3410_2012_512 970 -+#define OBJ_id_tc26_signwithdigest_gost3410_2012_512 OBJ_id_tc26_signwithdigest,3L -+ -+#define SN_id_tc26_mac "id-tc26-mac" -+#define NID_id_tc26_mac 971 -+#define OBJ_id_tc26_mac OBJ_id_tc26_algorithms,4L -+ -+#define SN_id_tc26_hmac_gost_3411_2012_256 "id-tc26-hmac-gost-3411-2012-256" -+#define LN_id_tc26_hmac_gost_3411_2012_256 "HMAC GOST 34.11-2012 256 bit" -+#define NID_id_tc26_hmac_gost_3411_2012_256 972 -+#define OBJ_id_tc26_hmac_gost_3411_2012_256 OBJ_id_tc26_mac,1L -+ -+#define SN_id_tc26_hmac_gost_3411_2012_512 "id-tc26-hmac-gost-3411-2012-512" -+#define LN_id_tc26_hmac_gost_3411_2012_512 "HMAC GOST 34.11-2012 512 bit" -+#define NID_id_tc26_hmac_gost_3411_2012_512 973 -+#define OBJ_id_tc26_hmac_gost_3411_2012_512 OBJ_id_tc26_mac,2L -+ -+#define SN_id_tc26_cipher "id-tc26-cipher" -+#define NID_id_tc26_cipher 974 -+#define OBJ_id_tc26_cipher OBJ_id_tc26_algorithms,5L -+ -+#define SN_id_tc26_agreement "id-tc26-agreement" -+#define NID_id_tc26_agreement 975 -+#define OBJ_id_tc26_agreement OBJ_id_tc26_algorithms,6L -+ -+#define SN_id_tc26_agreement_gost_3410_2012_256 "id-tc26-agreement-gost-3410-2012-256" -+#define NID_id_tc26_agreement_gost_3410_2012_256 976 -+#define OBJ_id_tc26_agreement_gost_3410_2012_256 OBJ_id_tc26_agreement,1L -+ -+#define SN_id_tc26_agreement_gost_3410_2012_512 "id-tc26-agreement-gost-3410-2012-512" -+#define NID_id_tc26_agreement_gost_3410_2012_512 977 -+#define OBJ_id_tc26_agreement_gost_3410_2012_512 OBJ_id_tc26_agreement,2L -+ -+#define SN_id_tc26_constants "id-tc26-constants" -+#define NID_id_tc26_constants 978 -+#define OBJ_id_tc26_constants OBJ_id_tc26,2L -+ -+#define SN_id_tc26_sign_constants "id-tc26-sign-constants" -+#define NID_id_tc26_sign_constants 979 -+#define OBJ_id_tc26_sign_constants OBJ_id_tc26_constants,1L -+ -+#define SN_id_tc26_gost_3410_2012_512_constants "id-tc26-gost-3410-2012-512-constants" -+#define NID_id_tc26_gost_3410_2012_512_constants 980 -+#define OBJ_id_tc26_gost_3410_2012_512_constants OBJ_id_tc26_sign_constants,2L -+ -+#define SN_id_tc26_gost_3410_2012_512_paramSetTest "id-tc26-gost-3410-2012-512-paramSetTest" -+#define LN_id_tc26_gost_3410_2012_512_paramSetTest "GOST R 34.10-2012 (512 bit) testing parameter set" -+#define NID_id_tc26_gost_3410_2012_512_paramSetTest 981 -+#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest OBJ_id_tc26_gost_3410_2012_512_constants,0L -+ -+#define SN_id_tc26_gost_3410_2012_512_paramSetA "id-tc26-gost-3410-2012-512-paramSetA" -+#define LN_id_tc26_gost_3410_2012_512_paramSetA "GOST R 34.10-2012 (512 bit) ParamSet A" -+#define NID_id_tc26_gost_3410_2012_512_paramSetA 982 -+#define OBJ_id_tc26_gost_3410_2012_512_paramSetA OBJ_id_tc26_gost_3410_2012_512_constants,1L -+ -+#define SN_id_tc26_gost_3410_2012_512_paramSetB "id-tc26-gost-3410-2012-512-paramSetB" -+#define LN_id_tc26_gost_3410_2012_512_paramSetB "GOST R 34.10-2012 (512 bit) ParamSet B" -+#define NID_id_tc26_gost_3410_2012_512_paramSetB 983 -+#define OBJ_id_tc26_gost_3410_2012_512_paramSetB OBJ_id_tc26_gost_3410_2012_512_constants,2L -+ -+#define SN_id_tc26_digest_constants "id-tc26-digest-constants" -+#define NID_id_tc26_digest_constants 984 -+#define OBJ_id_tc26_digest_constants OBJ_id_tc26_constants,2L -+ -+#define SN_id_tc26_cipher_constants "id-tc26-cipher-constants" -+#define NID_id_tc26_cipher_constants 985 -+#define OBJ_id_tc26_cipher_constants OBJ_id_tc26_constants,5L -+ -+#define SN_id_tc26_gost_28147_constants "id-tc26-gost-28147-constants" -+#define NID_id_tc26_gost_28147_constants 986 -+#define OBJ_id_tc26_gost_28147_constants OBJ_id_tc26_cipher_constants,1L -+ -+#define SN_id_tc26_gost_28147_param_Z "id-tc26-gost-28147-param-Z" -+#define LN_id_tc26_gost_28147_param_Z "GOST 28147-89 TC26 parameter set" -+#define NID_id_tc26_gost_28147_param_Z 987 -+#define OBJ_id_tc26_gost_28147_param_Z OBJ_id_tc26_gost_28147_constants,1L -+ -+#define SN_INN "INN" -+#define LN_INN "INN" -+#define NID_INN 988 -+#define OBJ_INN OBJ_member_body,643L,3L,131L,1L,1L -+ -+#define SN_OGRN "OGRN" -+#define LN_OGRN "OGRN" -+#define NID_OGRN 989 -+#define OBJ_OGRN OBJ_member_body,643L,100L,1L -+ -+#define SN_SNILS "SNILS" -+#define LN_SNILS "SNILS" -+#define NID_SNILS 990 -+#define OBJ_SNILS OBJ_member_body,643L,100L,3L -+ -+#define SN_grasshopper_ecb "grasshopper-ecb" -+#define NID_grasshopper_ecb 994 -+ -+#define SN_grasshopper_ctr "grasshopper-ctr" -+#define NID_grasshopper_ctr 995 -+ -+#define SN_grasshopper_ofb "grasshopper-ofb" -+#define NID_grasshopper_ofb 996 -+ -+#define SN_grasshopper_cbc "grasshopper-cbc" -+#define NID_grasshopper_cbc 997 -+ -+#define SN_grasshopper_cfb "grasshopper-cfb" -+#define NID_grasshopper_cfb 998 -+ -+#define SN_grasshopper_mac "grasshopper-mac" -+#define NID_grasshopper_mac 999 -+ - #define SN_camellia_128_cbc "CAMELLIA-128-CBC" - #define LN_camellia_128_cbc "camellia-128-cbc" - #define NID_camellia_128_cbc 751 -diff -urN openssl-1.0.2l/crypto/objects/obj_mac.num openssl-1.0.2l-patched/crypto/objects/obj_mac.num ---- openssl-1.0.2l/crypto/objects/obj_mac.num 2017-05-25 22:54:34.134746123 +1000 -+++ openssl-1.0.2l-patched/crypto/objects/obj_mac.num 2017-06-30 22:32:46.636534513 +1000 -@@ -955,3 +955,45 @@ - jurisdictionLocalityName 955 - jurisdictionStateOrProvinceName 956 - jurisdictionCountryName 957 -+id_tc26 958 -+gost89_cnt_12 959 -+gost_mac_12 960 -+id_tc26_algorithms 961 -+id_tc26_sign 962 -+id_GostR3410_2012_256 963 -+id_GostR3410_2012_512 964 -+id_tc26_digest 965 -+id_GostR3411_2012_256 966 -+id_GostR3411_2012_512 967 -+id_tc26_signwithdigest 968 -+id_tc26_signwithdigest_gost3410_2012_256 969 -+id_tc26_signwithdigest_gost3410_2012_512 970 -+id_tc26_mac 971 -+id_tc26_hmac_gost_3411_2012_256 972 -+id_tc26_hmac_gost_3411_2012_512 973 -+id_tc26_cipher 974 -+id_tc26_agreement 975 -+id_tc26_agreement_gost_3410_2012_256 976 -+id_tc26_agreement_gost_3410_2012_512 977 -+id_tc26_constants 978 -+id_tc26_sign_constants 979 -+id_tc26_gost_3410_2012_512_constants 980 -+id_tc26_gost_3410_2012_512_paramSetTest 981 -+id_tc26_gost_3410_2012_512_paramSetA 982 -+id_tc26_gost_3410_2012_512_paramSetB 983 -+id_tc26_digest_constants 984 -+id_tc26_cipher_constants 985 -+id_tc26_gost_28147_constants 986 -+id_tc26_gost_28147_param_Z 987 -+INN 988 -+OGRN 989 -+SNILS 990 -+gost89_cbc 991 -+gost89_ecb 992 -+gost89_ctr 993 -+grasshopper_ecb 994 -+grasshopper_ctr 995 -+grasshopper_ofb 996 -+grasshopper_cbc 997 -+grasshopper_cfb 998 -+grasshopper_mac 999 -diff -urN openssl-1.0.2l/crypto/objects/obj_xref.h openssl-1.0.2l-patched/crypto/objects/obj_xref.h ---- openssl-1.0.2l/crypto/objects/obj_xref.h 2017-05-25 22:54:34.134746123 +1000 -+++ openssl-1.0.2l-patched/crypto/objects/obj_xref.h 2017-06-30 22:32:46.636534513 +1000 -@@ -56,6 +56,10 @@ - NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512, - NID_dh_cofactor_kdf}, -+ {NID_id_tc26_signwithdigest_gost3410_2012_256, NID_id_GostR3411_2012_256, -+ NID_id_GostR3410_2012_256}, -+ {NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_GostR3411_2012_512, -+ NID_id_GostR3410_2012_512}, - }; - - static const nid_triple *const sigoid_srt_xref[] = { -@@ -96,4 +100,6 @@ - &sigoid_srt[26], - &sigoid_srt[27], - &sigoid_srt[28], -+ &sigoid_srt[40], -+ &sigoid_srt[41], - }; -diff -urN openssl-1.0.2l/crypto/objects/obj_xref.txt openssl-1.0.2l-patched/crypto/objects/obj_xref.txt ---- openssl-1.0.2l/crypto/objects/obj_xref.txt 2017-05-25 22:54:34.134746123 +1000 -+++ openssl-1.0.2l-patched/crypto/objects/obj_xref.txt 2017-06-30 22:32:46.637534513 +1000 -@@ -44,6 +44,8 @@ - id_GostR3411_94_with_GostR3410_94 id_GostR3411_94 id_GostR3410_94 - id_GostR3411_94_with_GostR3410_94_cc id_GostR3411_94 id_GostR3410_94_cc - id_GostR3411_94_with_GostR3410_2001_cc id_GostR3411_94 id_GostR3410_2001_cc -+id_tc26_signwithdigest_gost3410_2012_256 id_GostR3411_2012_256 id_GostR3410_2012_256 -+id_tc26_signwithdigest_gost3410_2012_512 id_GostR3411_2012_512 id_GostR3410_2012_512 - # ECDH KDFs and their corresponding message digests and schemes - dhSinglePass_stdDH_sha1kdf_scheme sha1 dh_std_kdf - dhSinglePass_stdDH_sha224kdf_scheme sha224 dh_std_kdf -diff -urN openssl-1.0.2l/crypto/pkcs12/p12_mutl.c openssl-1.0.2l-patched/crypto/pkcs12/p12_mutl.c ---- openssl-1.0.2l/crypto/pkcs12/p12_mutl.c 2017-05-25 22:54:38.134746123 +1000 -+++ openssl-1.0.2l-patched/crypto/pkcs12/p12_mutl.c 2017-06-30 22:32:46.637534513 +1000 -@@ -65,6 +65,28 @@ - # include - # include - -+# define TK26_MAC_KEY_LEN 32 -+ -+static int PKCS12_gen_gost_mac_key(const char *pass, int passlen, -+ const unsigned char *salt, int saltlen, -+ int iter, const EVP_MD *digest, int keylen, -+ unsigned char *key) -+{ -+ unsigned char out[96]; -+ -+ if (keylen != TK26_MAC_KEY_LEN) { -+ return 0; -+ } -+ -+ if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, -+ digest, 96, out)) { -+ return 0; -+ } -+ memcpy(key, out + 64, TK26_MAC_KEY_LEN); -+ OPENSSL_cleanse(out, 96); -+ return 1; -+} -+ - /* Generate a MAC */ - int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *mac, unsigned int *maclen) -@@ -73,7 +95,7 @@ - HMAC_CTX hmac; - unsigned char key[EVP_MAX_MD_SIZE], *salt; - int saltlen, iter; -- int md_size; -+ int md_size = 0; - - if (!PKCS7_type_is_data(p12->authsafes)) { - PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA); -@@ -93,8 +115,19 @@ - md_size = EVP_MD_size(md_type); - if (md_size < 0) - return 0; -- if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, -- md_size, key, md_type)) { -+ if ((md_type->type == NID_id_GostR3411_94 -+ || md_type->type == NID_id_GostR3411_2012_256 -+ || md_type->type == NID_id_GostR3411_2012_512) -+ && !getenv("LEGACY_GOST_PKCS12")) { -+ md_size = TK26_MAC_KEY_LEN; -+ if (!PKCS12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter, -+ md_type, md_size, key)) { -+ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); -+ return 0; -+ } -+ } else -+ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, -+ md_size, key, md_type)) { - PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); - return 0; - } -diff -urN openssl-1.0.2l/crypto/pkcs7/pk7_smime.c openssl-1.0.2l-patched/crypto/pkcs7/pk7_smime.c ---- openssl-1.0.2l/crypto/pkcs7/pk7_smime.c 2017-05-25 22:54:34.134746123 +1000 -+++ openssl-1.0.2l-patched/crypto/pkcs7/pk7_smime.c 2017-06-30 22:32:46.637534513 +1000 -@@ -185,6 +185,8 @@ - goto err; - } - if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) -+ || !add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1) -+ || !add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1) - || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) - || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) - || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) diff --git a/openssl-1.0.2l-icpbrasil.patch b/openssl-1.0.2l-icpbrasil.patch deleted file mode 100644 index 3b178ec..0000000 --- a/openssl-1.0.2l-icpbrasil.patch +++ /dev/null @@ -1,61 +0,0 @@ -diff -aur openssl-1.0.2l/crypto/x509v3/v3_alt.c openssl-1.0.2l_patched/crypto/x509v3/v3_alt.c ---- openssl-1.0.2l/crypto/x509v3/v3_alt.c 2017-05-25 14:54:38.000000000 +0200 -+++ openssl-1.0.2l_patched/crypto/x509v3/v3_alt.c 2017-05-26 08:33:41.285793387 +0200 -@@ -116,9 +116,57 @@ - { - unsigned char *p; - char oline[256], htmp[5]; -+ -+ int rc = 0; -+ -+ /* see http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF -+ * for the OID definitions and more details -+ * All content is ASN.1 OCTET STRING -+ */ -+ /* person related */ -+ const char oid_id_pf[] = "2.16.76.1.3.1"; /* person identification data as follows: -+ * birth date: ddmmyyyy (8) -+ * CPF number: (11) -+ * PIS/PASEP number: (11) -+ * RG number: (11) -+ * RG emmitter and state: (6) -+ */ -+ const char oid_el_pf[] = "2.16.76.1.3.5"; /* Electoral data: -+ * card number: (11) -+ * electoral zone: (3) -+ * electoral section: (4) -+ * city and state: (22) -+ */ -+ /* company related */ -+ const char oid_pj_id1[] = "2.16.76.1.3.4"; /* info about the person responsible for the company's certificate: -+ * birth date: ddmmyyyy (8) -+ * CPF number: (11) -+ * PIS/PASEP number: (11) -+ * RG number: (11) -+ * RG emitter and state: (6) -+ */ -+ const char oid_pj_name[] = "2.16.76.1.3.2"; /* Name of the person responsible for the company's certificate */ -+ const char oid_pj_cnpj[] = "2.16.76.1.3.3"; /* CNPJ number of the company*/ -+ - int i; - switch (gen->type) { - case GEN_OTHERNAME: -+ rc = OBJ_obj2txt(oline, sizeof(oline), gen->d.otherName->type_id, 1); -+ if (rc) -+ if ((!strncmp(oline, oid_id_pf, sizeof(oid_id_pf))) || -+ (!strncmp(oline, oid_el_pf, sizeof(oid_el_pf))) || -+ (!strncmp(oline, oid_pj_id1, sizeof(oid_pj_id1))) || -+ (!strncmp(oline, oid_pj_name, sizeof(oid_pj_name))) || -+ (!strncmp(oline, oid_pj_cnpj, sizeof(oid_pj_cnpj)))) -+ /* FIXME: is that string always null terminated? */ -+ if (!X509V3_add_value("othername", gen->d.otherName->value->value.octet_string->data, &ret)) -+ return NULL; -+ else -+ if (!X509V3_add_value("othername","", &ret)) -+ return NULL; -+ else -+ if (!X509V3_add_value("othername","", &ret)) -+ return NULL; - if (!X509V3_add_value("othername", "", &ret)) - return NULL; - break; diff --git a/openssl-alt-e2k-makecontext.patch b/openssl-alt-e2k-makecontext.patch new file mode 100644 index 0000000..d1361c4 --- /dev/null +++ b/openssl-alt-e2k-makecontext.patch @@ -0,0 +1,30 @@ +diff --git a/openssl/crypto/async/arch/async_posix.c b/openssl/crypto/async/arch/async_posix.c +index 02c342d..a11f451 100644 +--- a/crypto/async/arch/async_posix.c ++++ b/crypto/async/arch/async_posix.c +@@ -40,8 +40,15 @@ int async_fibre_makecontext(async_fibre *fibre) + if (fibre->fibre.uc_stack.ss_sp != NULL) { + fibre->fibre.uc_stack.ss_size = STACKSIZE; + fibre->fibre.uc_link = NULL; ++#ifndef __e2k__ + makecontext(&fibre->fibre, async_start_func, 0); + return 1; ++#else ++ if (makecontext_e2k(&fibre->fibre, async_start_func, 0)) ++ return 1; ++ else ++ return 0; ++#endif + } + } else { + fibre->fibre.uc_stack.ss_sp = NULL; +@@ -53,6 +60,9 @@ void async_fibre_free(async_fibre *fibre) + { + OPENSSL_free(fibre->fibre.uc_stack.ss_sp); + fibre->fibre.uc_stack.ss_sp = NULL; ++#ifdef __e2k__ ++ freecontext_e2k(&fibre->fibre); ++#endif + } + + #endif diff --git a/openssl.macros b/openssl.macros deleted file mode 100644 index 08db08c..0000000 --- a/openssl.macros +++ /dev/null @@ -1 +0,0 @@ -%_openssldir @OPENSSLDIR@ diff --git a/openssl.spec b/openssl.spec index 9ec3808..40e9cd0 100644 --- a/openssl.spec +++ b/openssl.spec @@ -1,74 +1,56 @@ -%define major 1.0.0 +%define major 1.1 %define engines_name %mklibname openssl-engines %{major} %define libcrypto %mklibname crypto %{major} %define libssl %mklibname ssl %{major} %define devname %mklibname openssl -d %define staticname %mklibname openssl -s -d -# patchelf 0.9 is buggy so compat libraries are experimental for now -%bcond_without compat -%define major_compat 10 -%define libcrypto_compat %mklibname crypto %{major_compat} -%define libssl_compat %mklibname ssl %{major_compat} - -%define conflict2 %mklibname openssl 0.9.8 - -# Number of threads to spawn when testing some threading fixes. -#define thread_test_threads %%{?threads:%%{threads}}%%{!?threads:1} - -%define with_krb5 %{?_with_krb5:1}%{!?_with_krb5:0} - # This directory is defined in /usr/bin/openssl-config and %%_rpmmacrodir/*openssl* # during the build. # The purpose is a system-wide definition of this directory # to guarantee consistency across the whole repository. %define _openssldir %{_sysconfdir}/pki/tls +%define openssl_engines_dir %{_libdir}/engines-%{major} + +%define _docs %{expand: +%doc AUTHORS \ +%doc CHANGES \ +%doc LICENSE \ +%doc FAQ \ +%doc NEWS \ +%doc README \ +%doc README.ENGINE +} Summary: Secure Sockets Layer communications libs & utils Name: openssl -Version: 1.0.2u -Release: 4 -License: BSD-like +Version: 1.1.1g +Release: 1 +License: OpenSSL Group: System/Libraries Url: https://www.openssl.org Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz -Source1: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz.asc Source2: Makefile.certificate Source3: make-dummy-cert Source4: openssl-thread-test.c Source5: openssl-config -Source6: openssl.macros -# Based on https://github.com/gost-engine/engine -# Never remove gost-engine patches -Patch0: openssl-1.0.2l-gost-engine.patch -# Backport GOST 2015 identificators and GOST OIDs for Edwards parameter sets -Patch1: openssl-1.0.2-Backport-GOST-2015-identificators-and-GOST-OIDs-for-.patch -# Handle RPM_OPT_FLAGS in Configure -Patch2: openssl-1.0.2e-optflags.patch -Patch3: openssl-1.0.1c-fix-perlpath.pl -# (oe) support Brazilian Government OTHERNAME X509v3 field (#14158) -# http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF -Patch6: openssl-1.0.2l-icpbrasil.patch -Patch7: openssl-1.0.2-defaults.patch -Patch12: openssl-1.0.2-x509.patch -Patch13: openssl-1.0.2-add-engines.patch -Patch302: openssl-1.0.2-enginesdir.patch -Patch303: openssl-0.9.8a-no-rpath.patch -Patch304: openssl-1.0.2-test-use-localhost.patch +Patch1: openssl-alt-e2k-makecontext.patch BuildRequires: bc -%if %{with compat} -# readelf is used to produce libcrypto.so.10 and libssl.so.10 -# needed for compatibility with Fedora/RHEL (Viber etc) -BuildRequires: patchelf >= 0.10-0.20170615.2 -%endif -%{?_with_krb5:BuildRequires: krb5-devel} BuildRequires: sctp-devel BuildRequires: pkgconfig(zlib) +# for %%check, ./test/run_tests.pl +BuildRequires: perl-devel +BuildRequires: perl-Module-Load-Conditional +BuildRequires: perl(File::Spec::Functions) +BuildRequires: perl(File::Basename) +BuildRequires: perl(FindBin) +BuildRequires: perl(Test::Harness) +BuildRequires: perl(Test::More) Requires: %{engines_name} = %{EVRD} Requires: perl-base Requires: rootcerts -Provides: /usr/bin/openssl -Provides: openssl-config +Provides: openssl%{major} = %{EVRD} +Provides: openssl-config = %{EVRD} %description The openssl certificate management tool and the shared libraries that provide @@ -76,8 +58,7 @@ various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. %files -%doc FAQ LICENSE NEWS PROBLEMS main-doc-info/README* -%doc README README.ASN1 README.ENGINE +%_docs %dir %{_sysconfdir}/pki %dir %{_sysconfdir}/pki/CA %dir %{_sysconfdir}/pki/CA/private @@ -87,11 +68,13 @@ RSA and SSL. %dir %{_openssldir}/private %dir %{_openssldir}/rootcerts %attr(0644,root,root) %config(noreplace) %{_openssldir}/openssl.cnf +%attr(0644,root,root) %config(noreplace) %{_openssldir}/ct_log_list.cnf %attr(0755,root,root) %{_openssldir}/certs/make-dummy-cert %attr(0644,root,root) %{_openssldir}/certs/Makefile %attr(0755,root,root) %{_openssldir}/misc/* %attr(0755,root,root) %{_bindir}/* %attr(0644,root,root) %{_mandir}/man[157]/* +%{_defaultdocdir}/openssl/html/man[157] #---------------------------------------------------------------------------- @@ -99,24 +82,14 @@ RSA and SSL. Summary: Engines for openssl Group: System/Libraries Provides: openssl-engines = %{EVRD} -# libgost.so was moved to openssl-gost-engine -%if %rpm5 -Requires: %{_lib}openssl-gost-engine%{major} -%else -# We must keep openssl-gost-engine preinstalled in rpm5 platforms. -# But dnf installs recommended deps in more cases then urpmi, -# So let's let users remove gost-engine if needed. -Recommends: %{_lib}openssl-gost-engine%{major} -%endif %description -n %{engines_name} This package provides engines for openssl. %files -n %{engines_name} -%doc FAQ LICENSE NEWS PROBLEMS main-doc-info/README* -%doc README README.ASN1 README.ENGINE -%attr(0755,root,root) %dir %{_libdir}/openssl-%{major}/engines -%attr(0755,root,root) %{_libdir}/openssl-%{major}/engines/*.so +%_docs +%attr(0755,root,root) %dir %{openssl_engines_dir}/ +%attr(0755,root,root) %{openssl_engines_dir}/*.so #---------------------------------------------------------------------------- @@ -130,7 +103,7 @@ The libraries files are needed for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %files -n %{libcrypto} -%doc FAQ LICENSE NEWS PROBLEMS README* +%_docs %{_libdir}/libcrypto.so.%{major}* #---------------------------------------------------------------------------- @@ -138,20 +111,13 @@ and protocols, including DES, RC4, RSA and SSL. %package -n %{libssl} Summary: Secure Sockets Layer communications libs Group: System/Libraries -Conflicts: %{_lib}openssl1.0.0 < 1.0.1n -Obsoletes: %{_lib}openssl1.0.0 < 1.0.1n -# needed to avoid undefined symbols in rpm (rpm depends on neon library) -Conflicts: %{_lib}neon0.27 < 0.30.1 -# needed to avoid undefined symbols in curl and wget as they block update -Conflicts: curl < 1:7.47.1 -Conflicts: wget < 1.17.1 %description -n %{libssl} The libraries files are needed for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %files -n %{libssl} -%doc FAQ LICENSE NEWS PROBLEMS README* +%_docs %{_libdir}/libssl.so.%{major}* #---------------------------------------------------------------------------- @@ -161,7 +127,7 @@ Summary: Secure Sockets Layer communications libs & headers & utils Group: Development/Other Requires: %{libssl} = %{EVRD} Requires: %{libcrypto} = %{EVRD} -Provides: libopenssl-devel +Provides: libopenssl-devel = %{EVRD} Provides: %{name}-devel = %{EVRD} %description -n %{devname} @@ -170,12 +136,13 @@ for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %files -n %{devname} -%doc CHANGES doc/* devel-doc-info/README* +%_docs %dir %{_includedir}/openssl %{_includedir}/openssl/* %{_libdir}/libcrypto.so %{_libdir}/libssl.so %{_mandir}/man3/* +%{_defaultdocdir}/openssl/html/man3 %{_libdir}/pkgconfig/* %{_rpmmacrodir}/*openssl* @@ -185,7 +152,7 @@ and SSL. Summary: Secure Sockets Layer communications static libs Group: Development/Other Requires: %{devname} = %{EVRD} -Provides: libopenssl-static-devel +Provides: libopenssl-static-devel = %{EVRD} Provides: %{name}-static-devel = %{EVRD} %description -n %{staticname} @@ -193,64 +160,13 @@ The static libraries needed to compile apps with support for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %files -n %{staticname} -%doc FAQ LICENSE NEWS PROBLEMS main-doc-info/README* -%doc README README.ASN1 README.ENGINE +%_docs %attr(0644,root,root) %{_libdir}/lib*.a #---------------------------------------------------------------------------- -%if %{with compat} -%package -n %{libcrypto_compat} -Summary: Secure Sockets Layer communications libs (Fedora compatibility only) -Group: System/Libraries - -%description -n %{libcrypto_compat} -The libraries files are needed for various cryptographic algorithms -and protocols, including DES, RC4, RSA and SSL. - -%files -n %{libcrypto_compat} -%doc FAQ LICENSE NEWS PROBLEMS README* -%{_libdir}/libcrypto.so.%{major_compat}* -%endif - -#---------------------------------------------------------------------------- - -%if %{with compat} -%package -n %{libssl_compat} -Summary: Secure Sockets Layer communications libs (Fedora compatibility only) -Group: System/Libraries - -%description -n %{libssl_compat} -The libraries files are needed for various cryptographic algorithms -and protocols, including DES, RC4, RSA and SSL. - -%files -n %{libssl_compat} -%doc FAQ LICENSE NEWS PROBLEMS README* -%{_libdir}/libssl.so.%{major_compat}* -%endif - -#---------------------------------------------------------------------------- - %prep -%setup -q -%patch0 -p1 -b .gost -%patch1 -p1 -%patch2 -p1 -b .optflags -%patch3 -p1 -b .perl -%patch6 -p1 -b .icpbrasil -%patch7 -p1 -b .defaults -%{?_with_krb5:%patch8 -p1 -b .krb5} -%patch12 -p1 -b .x509 -%patch13 -p1 -b .version-add-engines - -%patch302 -p1 -b .engines -%patch303 -p1 -b .no-rpath -%patch304 -p1 -b .test-use-localhost - -perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile - -# fix perl path -perl util/perlpath.pl %{_bindir}/perl +%autosetup -p1 cp %{SOURCE2} Makefile.certificate cp %{SOURCE3} make-dummy-cert @@ -271,54 +187,63 @@ fi %ifarch %{arm} sslarch=linux-generic32 %endif +# from ALT +%ifarch riscv64 %{e2k} +sslarch=linux-generic64 +%endif # ia64, x86_64, ppc, ppc64 are OK by default # Configure the build tree. Override OpenSSL defaults with known-good defaults # usable on all platforms. The Configure script already knows to use -fPIC and # RPM_OPT_FLAGS, so we can skip specifiying them here. ./Configure \ - --openssldir=%{_openssldir} ${sslflags} \ - --enginesdir=%{_libdir}/openssl-%{major}/engines \ - --prefix=%{_prefix} --libdir=%{_lib}/ %{?_with_krb5:--with-krb5-flavor=MIT -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}} \ - zlib no-idea no-rc5 enable-camellia enable-seed enable-tlsext enable-rfc3779 enable-cms enable-md2 sctp shared ${sslarch} + --prefix=%{_prefix} \ + --libdir=%{_libdir} \ + --openssldir=%{_openssldir} \ + ${sslflags} \ + enable-camellia \ + enable-cms \ + enable-md2 \ + enable-rc5 \ + enable-rfc3779 \ + enable-sctp \ + enable-seed \ + enable-ssl3 \ + enable-ssl3-method \ + no-ec2m \ + no-mdc2 \ + no-srp \ + zlib-dynamic \ + shared \ + ${sslarch} -# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be -# marked as not requiring an executable stack. -RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack" - -make depend -make all build-shared - -# Generate hashes for the included certs. -make rehash build-shared +%make all %check # Verify that what was compiled actually works. -export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} +export LD_LIBRARY_PATH=%{buildroot}%{_libdir} +# from OMV and ALT +OPENSSL_ENABLE_MD5_VERIFY= +export OPENSSL_ENABLE_MD5_VERIFY +OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file +export OPENSSL_SYSTEM_CIPHERS_OVERRIDE +# (mikhailnov) TODO: they fail, fix them?! +rm -f test/recipes/10-test_bn.t +rm -f test/recipes/80-test_ssl_new.t +make test -make -C test apps tests - -gcc -o openssl-thread-test \ - %{?_with_krb5:`krb5-config --cflags`} \ +%__cc -o openssl-thread-test \ -I./include \ %{optflags} \ openssl-thread-test.c \ -L. -lssl -lcrypto \ - %{?_with_krb5:`krb5-config --libs`} \ -lpthread -lz -ldl -./openssl-thread-test --threads %{thread_test_threads} +./openssl-thread-test --threads 4 %install -%makeinstall \ - INSTALL_PREFIX=%{buildroot} \ - MANDIR=%{_mandir} \ - build-shared - -# the makefiles is too borked... -install -d %{buildroot}%{_libdir}/openssl-%{major} -mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl-%{major}/engines +%makeinstall_std # make the rootcerts dir install -d %{buildroot}%{_openssldir}/rootcerts @@ -330,7 +255,7 @@ install -m0644 Makefile.certificate %{buildroot}%{_openssldir}/certs/Makefile install -m0755 make-dummy-cert %{buildroot}%{_openssldir}/certs/make-dummy-cert # Pick a CA script. -mv %{buildroot}%{_openssldir}/misc/CA.sh %{buildroot}%{_openssldir}/misc/CA +mv %{buildroot}%{_openssldir}/misc/CA.pl %{buildroot}%{_openssldir}/misc/CA install -d %{buildroot}%{_sysconfdir}/pki/CA install -d %{buildroot}%{_sysconfdir}/pki/CA/private @@ -338,54 +263,36 @@ install -d %{buildroot}%{_sysconfdir}/pki/CA/private # openssl was named ssleay in "ancient" times. ln -snf openssl %{buildroot}%{_bindir}/ssleay -# The man pages rand.3 and passwd.1 conflict with other packages -# Rename them to ssl-* and also make a symlink from openssl-* to ssl-* -mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1 -ln -sf ssl-passwd.1%{_extension} %{buildroot}%{_mandir}/man1/openssl-passwd.1%{_extension} +ln -snf openssl %{buildroot}%{_bindir}/openssl%{major} -for i in rand err; do - mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3 - ln -snf ssl-$i.3%{_extension} %{buildroot}%{_mandir}/man3/openssl-$i.3%{_extension} +# From ALT Linux +# Rename some man pages, fix references. +for f in passwd.1 config.5; do +name="${f%%.*}" +sect="${f##*.}" +NAME=`printf %%s "$name" |tr '[:lower:]' '[:upper:]'` +sed -i "s/\\<$NAME $sect\\>/SSL&/" %{buildroot}%{_mandir}/man"$sect/$f" +mv -v %{buildroot}%{_mandir}/man"$sect"/{,ssl}"$f" +find %{buildroot}%{_mandir} -type f -print0 | +xargs -r0 grep -FZl "\\fI$name\\fR\\|($sect)" -- | +xargs -r0 subst -p "s/\\\\fI$name\\\\fR\\\\|($sect)/\\\\fIssl$name\\\\fR\\\\|($sect)/" -- +find %{buildroot}%{_mandir} -type l |while read link; do +[ "$(readlink -n "$link")" = "$f" ] || continue +ln -sfv "ssl$f" "$link" +done done - -rm -rf {main,devel}-doc-info -mkdir -p {main,devel}-doc-info -cat - << EOF > main-doc-info/README.Mandriva-manpage -Warning: -The man page of passwd, passwd.1, has been renamed to ssl-passwd.1 -to avoid a conflict with passwd.1 man page from the package passwd. -EOF - -cat - << EOF > devel-doc-info/README.Mandriva-manpage -Warning: -The man page of rand, rand.3, has been renamed to ssl-rand.3 -to avoid a conflict with rand.3 from the package man-pages -The man page of err, err.3, has been renamed to ssl-err.3 -to avoid a conflict with err.3 from the package man-pages -EOF chmod 755 %{buildroot}%{_libdir}/pkgconfig # strip cannot touch these unless 755 -chmod 755 %{buildroot}%{_libdir}/openssl-%{major}/engines/*.so* +chmod 755 %{buildroot}%{openssl_engines_dir}/*.so* chmod 755 %{buildroot}%{_libdir}/*.so* chmod 755 %{buildroot}%{_bindir}/* -%if %{with compat} -# RHEL/Fedora compatibility libraries -cp %{buildroot}%{_libdir}/libcrypto.so.%{major} %{buildroot}%{_libdir}/libcrypto.so.%{major_compat} -cp %{buildroot}%{_libdir}/libssl.so.%{major} %{buildroot}%{_libdir}/libssl.so.%{major_compat} -patchelf --set-soname libcrypto.so.%{major_compat} %{buildroot}%{_libdir}/libcrypto.so.%{major_compat} -patchelf --set-soname libssl.so.%{major_compat} %{buildroot}%{_libdir}/libssl.so.%{major_compat} -%endif - -# nuke a mistake -rm -f %{buildroot}%{_mandir}/man3/.3 - # Fix libdir. pushd %{buildroot}%{_libdir}/pkgconfig for i in *.pc ; do - sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' \ + sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_libdir},g' \ $i >$i.tmp && \ cat $i.tmp >$i && \ rm -f $i.tmp @@ -397,6 +304,9 @@ perl -pi -e "s|^CATOP=.*|CATOP=%{_openssldir}|g" %{buildroot}%{_openssldir}/misc perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_openssldir}\";|g" %{buildroot}%{_openssldir}/misc/CA.pl perl -pi -e "s|\./demoCA|%{_openssldir}|g" %{buildroot}%{_openssldir}/openssl.cnf +# remove example configs +rm -fv %{buildroot}%{_openssldir}/*.dist + # install openssl-config install -m0755 %{SOURCE5} %{buildroot}/%{_bindir}/ # define values in openssl-config @@ -409,11 +319,14 @@ sed -i %{buildroot}/%{_bindir}/openssl-config \ # test openssl-config [ "$(%{buildroot}/%{_bindir}/openssl-config --openssldir)" = '%{_openssldir}' ] -# make and install openssl.macros -cat %{SOURCE6} | sed -e "s#@OPENSSLDIR@#%{_openssldir}#g" > macros_file -%install_macro openssl macros_file -# verify openssl.macros -grep -q '%{_openssldir}' %{buildroot}%{_rpmmacrodir}/*openssl* - -# is now built in openssl-gost-engines -rm -fv %{buildroot}%{_libdir}/openssl-%{major}/engines/libgost.so +# Having sovers as macros may be useful to check that binaries are linked against OpenSSL +# Alike LibreSSL package +cat << EOF > macros.file +%%_openssldir %{_openssldir} +%%openssl_version %{version} +%%openssl_libcrypto_sover %{major} +%%openssl_libssl_sover %{major} +%%openssl_prefix %{_prefix} +%%openssl_engines_dir %{openssl_engines_dir} +EOF +%install_macro openssl macros.file From f0ada0da9aff4936ed23b570932228da7d85e719 Mon Sep 17 00:00:00 2001 From: Mikhail Novosyolov Date: Thu, 23 Apr 2020 01:59:39 +0300 Subject: [PATCH 2/5] Add %%openssl_major macro --- openssl.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/openssl.spec b/openssl.spec index 40e9cd0..4532bd8 100644 --- a/openssl.spec +++ b/openssl.spec @@ -25,7 +25,7 @@ Summary: Secure Sockets Layer communications libs & utils Name: openssl Version: 1.1.1g -Release: 1 +Release: 2 License: OpenSSL Group: System/Libraries Url: https://www.openssl.org @@ -324,6 +324,7 @@ sed -i %{buildroot}/%{_bindir}/openssl-config \ cat << EOF > macros.file %%_openssldir %{_openssldir} %%openssl_version %{version} +%%openssl_major %{major} %%openssl_libcrypto_sover %{major} %%openssl_libssl_sover %{major} %%openssl_prefix %{_prefix} From 09fb62e45343e0108986567f37301988551e3281 Mon Sep 17 00:00:00 2001 From: Mikhail Novosyolov Date: Sun, 28 Jun 2020 22:19:58 +0300 Subject: [PATCH 3/5] Fix building HTML docs (they were empty due to missing pod2html), deal with rpmlint --- openssl.rpmlintrc | 2 ++ openssl.spec | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 openssl.rpmlintrc diff --git a/openssl.rpmlintrc b/openssl.rpmlintrc new file mode 100644 index 0000000..91e6407 --- /dev/null +++ b/openssl.rpmlintrc @@ -0,0 +1,2 @@ +# HTML docs must not be compressed to be usable +addFilter("W: manpage-not-compressed.*.html") diff --git a/openssl.spec b/openssl.spec index 4532bd8..411fe2d 100644 --- a/openssl.spec +++ b/openssl.spec @@ -25,11 +25,12 @@ Summary: Secure Sockets Layer communications libs & utils Name: openssl Version: 1.1.1g -Release: 2 +Release: 3 License: OpenSSL Group: System/Libraries Url: https://www.openssl.org Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz +Source1: openssl.rpmlintrc Source2: Makefile.certificate Source3: make-dummy-cert Source4: openssl-thread-test.c @@ -46,6 +47,8 @@ BuildRequires: perl(File::Basename) BuildRequires: perl(FindBin) BuildRequires: perl(Test::Harness) BuildRequires: perl(Test::More) +BuildRequires: /usr/bin/pod2html +BuildRequires: /usr/bin/pod2man Requires: %{engines_name} = %{EVRD} Requires: perl-base Requires: rootcerts From 2e9799dcab7defc6f6415537288826afd79b7260 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B5=D0=B9-=D0=97?= Date: Mon, 7 Sep 2020 01:57:50 +0000 Subject: [PATCH 4/5] Release bump --- openssl.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssl.spec b/openssl.spec index 411fe2d..c0f7aaa 100644 --- a/openssl.spec +++ b/openssl.spec @@ -25,7 +25,7 @@ Summary: Secure Sockets Layer communications libs & utils Name: openssl Version: 1.1.1g -Release: 3 +Release: 4 License: OpenSSL Group: System/Libraries Url: https://www.openssl.org From a3431e535d8c3b08da9496012f195f3eadb443f0 Mon Sep 17 00:00:00 2001 From: Mikhail Novosyolov Date: Tue, 8 Sep 2020 00:12:57 +0300 Subject: [PATCH 5/5] explicitly list files from /usr/bin/ --- openssl.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/openssl.spec b/openssl.spec index c0f7aaa..71dbe5a 100644 --- a/openssl.spec +++ b/openssl.spec @@ -25,7 +25,7 @@ Summary: Secure Sockets Layer communications libs & utils Name: openssl Version: 1.1.1g -Release: 4 +Release: 5 License: OpenSSL Group: System/Libraries Url: https://www.openssl.org @@ -75,7 +75,11 @@ RSA and SSL. %attr(0755,root,root) %{_openssldir}/certs/make-dummy-cert %attr(0644,root,root) %{_openssldir}/certs/Makefile %attr(0755,root,root) %{_openssldir}/misc/* -%attr(0755,root,root) %{_bindir}/* +%attr(0755,root,root) %{_bindir}/c_rehash +%attr(0755,root,root) %{_bindir}/openssl +%attr(0755,root,root) %{_bindir}/openssl%{major} +%attr(0755,root,root) %{_bindir}/openssl-config +%attr(0755,root,root) %{_bindir}/ssleay %attr(0644,root,root) %{_mandir}/man[157]/* %{_defaultdocdir}/openssl/html/man[157]