Djam/openssl1.1
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/openssl1.1.git synced 2025-02-23 16:12:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update from 1.0 to 1.1.1g:

Browse source 
- new major version
- dropped compat libs, seems that there is no more need to be compatible with Red Hat naming (not sure, TODO: check it)
- unified %%docs to easify reading diffs of them
- dropped all patches the aim of which ones is not clear to me and there is not description
- trying to be buildable on e2k for future
- dropped requirements of GOST engine to eventually break this dependency loop, we can preinstall gost-engine where needed by other ways
- GOST engine is no more built here in OpenSSL
- replaced removing of some manuals with renaming them
- now shipping HTML docs (mans)
- switched to upstream location of engines (it now has %%major in it and is OK for us)
- moved everything from /lib to /usr/lib as preparation for merging everything into /usr
- sorted all configure options to improve readability of diffs in the future
- introduced new macros alike LibreSSL package
- added macro %%openssl_engines_dir for reusing in e.g. openssl-gost-engine
- added symlink openssl1.1 -> openssl, because I am thinking of keeping /usr/bin/openssl1.0
  in the openssl1.0 compat package, so adding a similar symlink here for consistency
- explicit file provide /usr/bin/openssl is not needed because it is put automatically by RPM 4
- versionized some provides
- TODO: 2 tests fail for now... Maybe Perl is broken?

Based on:
- 3591a33115
- ALT Linux spec https://packages.altlinux.org/ru/sisyphus/specfiles/openssl1.1
- OpenMandriva spec https://github.com/OpenMandrivaAssociation/openssl/blob/93f1264/openssl.spec
This commit is contained in:
Mikhail Novosyolov 2020-04-22 23:11:52 +03:00
parent b1e6ee8c1e
commit 7539bee3cf
15 changed files with 141 additions and 1860 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.abf.yml
View file

@ -1,3 +1,2 @@
sources: sources:
openssl-1.0.2u.tar.gz: 740916d79ab0d209d2775277b1c6c3ec2f6502b2 openssl-1.1.1g.tar.gz: b213a293f2127ec3e323fb3cfc0c9807664fd997
openssl-1.0.2u.tar.gz.asc: 744624933632f6fa2c16ed0093468e276ce68988

11
openssl-0.9.8a-no-rpath.patch
View file

@ -1,11 +0,0 @@
--- openssl-0.9.8a/Makefile.shared.no-rpath 2005-06-23 22:47:54.000000000 +0200
+++ openssl-0.9.8a/Makefile.shared 2005-11-16 22:35:37.000000000 +0100
@@ -153,7 +153,7 @@
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
#This is rather special. It's a special target with which one can link
#applications without bothering with any features that have anything to

19
openssl-1.0.1c-fix-perlpath.pl
View file

@ -1,19 +0,0 @@
--- openssl-1.0.1c/util/perlpath.pl~ 1999-03-10 20:57:05.000000000 +0100
+++ openssl-1.0.1c/util/perlpath.pl 2012-12-28 15:31:20.357657353 +0100
@@ -1,13 +1,13 @@
-#!/usr/local/bin/perl
+#!/usr/bin/perl
#
# modify the '#!/usr/local/bin/perl'
# line in all scripts that rely on perl.
#
-require "find.pl";
+use File::Find;
$#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
-&find(".");
+find(\&wanted, ".");
sub wanted
{

379
openssl-1.0.2-Backport-GOST-2015-identificators-and-GOST-OIDs-for-.patch
View file

@ -1,379 +0,0 @@
From dcca4a0281beea3deb5523b94f011a236e5b7a0d Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Date: Sat, 28 Dec 2019 19:28:09 +0300
Subject: [PATCH] Backport GOST 2015 identificators and GOST OIDs for Edwards
parameter sets
Backport of upstream commits to openssl-1.0.2t:
* 3b5e5172007d5eb30cec4269a0f763c9632afd06 "Add GOST OIDs for Edwards parameter sets" by Sergey Zhuravlev <babun2000@mail.ru>
* 55fc247a699be33153f27c06d304e6e60eeff980 "New GOST identificators" by Dmitry Belyavskiy <beldmit@gmail.com>
Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
---
crypto/objects/obj_dat.h | 113 +++++++++++++++++++++++++++++++++++--
crypto/objects/obj_mac.h | 93 ++++++++++++++++++++++++++++++
crypto/objects/obj_mac.num | 23 ++++++++
crypto/objects/objects.txt | 26 +++++++++
4 files changed, 250 insertions(+), 5 deletions(-)
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 641cd8e9d2..521a843ae6 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -62,12 +62,12 @@
* [including the GNU Public Licence.]
*/
-#define NUM_NID 1000
-#define NUM_SN 993
-#define NUM_LN 993
-#define NUM_OBJ 921
+#define NUM_NID 1023
+#define NUM_SN 1016
+#define NUM_LN 1016
+#define NUM_OBJ 938
-static const unsigned char lvalues[6485]={
+static const unsigned char lvalues[6631]={
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@@ -983,6 +983,23 @@ static const unsigned char lvalues[6485]={
0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01, /* [6466] OBJ_INN */
0x2A,0x85,0x03,0x64,0x01, /* [6474] OBJ_OGRN */
0x2A,0x85,0x03,0x64,0x03, /* [6479] OBJ_SNILS */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01, /* [ 7625] OBJ_id_tc26_cipher_gostr3412_2015_magma */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x01, /* [ 7633] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x02, /* [ 7642] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02, /* [ 7651] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x01, /* [ 7659] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x02, /* [ 7668] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x07, /* [ 7677] OBJ_id_tc26_wrap */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01, /* [ 7684] OBJ_id_tc26_wrap_gostr3412_2015_magma */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01, /* [ 7692] OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x02, /* [ 7701] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01, /* [ 7709] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x02, /* [ 7718] OBJ_id_tc26_gost_3410_2012_256_paramSetB */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x03, /* [ 7727] OBJ_id_tc26_gost_3410_2012_256_paramSetC */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x04, /* [ 7736] OBJ_id_tc26_gost_3410_2012_256_paramSetD */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01, /* [ 7341] OBJ_id_tc26_gost_3410_2012_256_constants */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x01, /* [ 7349] OBJ_id_tc26_gost_3410_2012_256_paramSetA */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x03, /* [ 7358] OBJ_id_tc26_gost_3410_2012_512_paramSetC */
};
static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2620,6 +2637,29 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
{"grasshopper-cbc","grasshopper-cbc",NID_grasshopper_cbc,0,NULL,0},
{"grasshopper-cfb","grasshopper-cfb",NID_grasshopper_cfb,0,NULL,0},
{"grasshopper-mac","grasshopper-mac",NID_grasshopper_mac,0,NULL,0},
+{"id-tc26-cipher-gostr3412-2015-magma", "id-tc26-cipher-gostr3412-2015-magma", NID_id_tc26_cipher_gostr3412_2015_magma, 8, &so[7625]},
+{"id-tc26-cipher-gostr3412-2015-magma-ctracpkm", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm, 9, &so[7633]},
+{"id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac, 9, &so[7642]},
+{"id-tc26-cipher-gostr3412-2015-kuznyechik", "id-tc26-cipher-gostr3412-2015-kuznyechik", NID_id_tc26_cipher_gostr3412_2015_kuznyechik, 8, &so[7651]},
+{"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, 9, &so[7659]},
+{"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, 9, &so[7668]},
+{"id-tc26-wrap", "id-tc26-wrap", NID_id_tc26_wrap, 7, &so[7677]},
+{"id-tc26-wrap-gostr3412-2015-magma", "id-tc26-wrap-gostr3412-2015-magma", NID_id_tc26_wrap_gostr3412_2015_magma, 8, &so[7684]},
+{"id-tc26-wrap-gostr3412-2015-magma-kexp15", "id-tc26-wrap-gostr3412-2015-magma-kexp15", NID_id_tc26_wrap_gostr3412_2015_magma_kexp15, 9, &so[7692]},
+{"id-tc26-wrap-gostr3412-2015-kuznyechik", "id-tc26-wrap-gostr3412-2015-kuznyechik", NID_id_tc26_wrap_gostr3412_2015_kuznyechik, 8, &so[7701]},
+{"id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15, 9, &so[7709]},
+{"id-tc26-gost-3410-2012-512-paramSetC", "GOST R 34.10-2012 (512 bit) ParamSet C", NID_id_tc26_gost_3410_2012_512_paramSetC, 9, &so[7358]},
+{"id-tc26-gost-3410-2012-256-constants", "id-tc26-gost-3410-2012-256-constants", NID_id_tc26_gost_3410_2012_256_constants, 8, &so[7341]},
+{"id-tc26-gost-3410-2012-256-paramSetA", "GOST R 34.10-2012 (256 bit) ParamSet A", NID_id_tc26_gost_3410_2012_256_paramSetA, 9, &so[7349]},
+{"id-tc26-gost-3410-2012-256-paramSetB", "GOST R 34.10-2012 (256 bit) ParamSet B", NID_id_tc26_gost_3410_2012_256_paramSetB, 9, &so[7718]},
+{"id-tc26-gost-3410-2012-256-paramSetC", "GOST R 34.10-2012 (256 bit) ParamSet C", NID_id_tc26_gost_3410_2012_256_paramSetC, 9, &so[7727]},
+{"id-tc26-gost-3410-2012-256-paramSetD", "GOST R 34.10-2012 (256 bit) ParamSet D", NID_id_tc26_gost_3410_2012_256_paramSetD, 9, &so[7736]},
+{"magma-ecb", "magma-ecb", NID_magma_ecb},
+{"magma-ctr", "magma-ctr", NID_magma_ctr},
+{"magma-ofb", "magma-ofb", NID_magma_ofb},
+{"magma-cbc", "magma-cbc", NID_magma_cbc},
+{"magma-cfb", "magma-cfb", NID_magma_cfb},
+{"magma-mac", "magma-mac", NID_magma_mac},
};
static const unsigned int sn_objs[NUM_SN]={
@@ -3616,6 +3656,29 @@ static const unsigned int sn_objs[NUM_SN]={
503, /* "x500UniqueIdentifier" */
158, /* "x509Certificate" */
160, /* "x509Crl" */
+1147, /* "id-tc26-gost-3410-2012-256-constants" */
+1148, /* "id-tc26-gost-3410-2012-256-paramSetA" */
+1149, /* "id-tc26-gost-3410-2012-512-paramSetC" */
+1176, /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */
+1177, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */
+1178, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */
+1173, /* "id-tc26-cipher-gostr3412-2015-magma" */
+1174, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */
+1175, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */
+1184, /* "id-tc26-gost-3410-2012-256-paramSetB" */
+1185, /* "id-tc26-gost-3410-2012-256-paramSetC" */
+1186, /* "id-tc26-gost-3410-2012-256-paramSetD" */
+1179, /* "id-tc26-wrap" */
+1182, /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */
+1183, /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */
+1180, /* "id-tc26-wrap-gostr3412-2015-magma" */
+1181, /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */
+1190, /* "magma-cbc" */
+1191, /* "magma-cfb" */
+1188, /* "magma-ctr" */
+1187, /* "magma-ecb" */
+1192, /* "magma-mac" */
+1189, /* "magma-ofb" */
};
static const unsigned int ln_objs[NUM_LN]={
@@ -4612,6 +4675,29 @@ static const unsigned int ln_objs[NUM_LN]={
158, /* "x509Certificate" */
160, /* "x509Crl" */
125, /* "zlib compression" */
+1147, /* "id-tc26-gost-3410-2012-256-constants" */
+1148, /* "id-tc26-gost-3410-2012-256-paramSetA" */
+1149, /* "id-tc26-gost-3410-2012-512-paramSetC" */
+1176, /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */
+1177, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */
+1178, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */
+1173, /* "id-tc26-cipher-gostr3412-2015-magma" */
+1174, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */
+1175, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */
+1184, /* "id-tc26-gost-3410-2012-256-paramSetB" */
+1185, /* "id-tc26-gost-3410-2012-256-paramSetC" */
+1186, /* "id-tc26-gost-3410-2012-256-paramSetD" */
+1179, /* "id-tc26-wrap" */
+1182, /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */
+1183, /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */
+1180, /* "id-tc26-wrap-gostr3412-2015-magma" */
+1181, /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */
+1190, /* "magma-cbc" */
+1191, /* "magma-cfb" */
+1188, /* "magma-ctr" */
+1187, /* "magma-ecb" */
+1192, /* "magma-mac" */
+1189, /* "magma-ofb" */
};
static const unsigned int obj_objs[NUM_OBJ]={
@@ -5536,5 +5622,22 @@ static const unsigned int obj_objs[NUM_OBJ]={
955, /* OBJ_jurisdictionLocalityName 1 3 6 1 4 1 311 60 2 1 1 */
956, /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */
+1179, /* OBJ_id_tc26_wrap 1 2 643 7 1 1 7 */
+1173, /* OBJ_id_tc26_cipher_gostr3412_2015_magma 1 2 643 7 1 1 5 1 */
+1176, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik 1 2 643 7 1 1 5 2 */
+1180, /* OBJ_id_tc26_wrap_gostr3412_2015_magma 1 2 643 7 1 1 7 1 */
+1182, /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik 1 2 643 7 1 1 7 2 */
+1174, /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1 2 643 7 1 1 5 1 1 */
+1175, /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1 2 643 7 1 1 5 1 2 */
+1177, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1 2 643 7 1 1 5 2 1 */
+1178, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1 2 643 7 1 1 5 2 2 */
+1181, /* OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 1 2 643 7 1 1 7 1 1 */
+1183, /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1 2 643 7 1 1 7 1 1 */
+1184, /* OBJ_id_tc26_gost_3410_2012_256_paramSetB 1 2 643 7 1 2 1 1 2 */
+1185, /* OBJ_id_tc26_gost_3410_2012_256_paramSetC 1 2 643 7 1 2 1 1 3 */
+1186, /* OBJ_id_tc26_gost_3410_2012_256_paramSetD 1 2 643 7 1 2 1 1 4 */
+1147, /* OBJ_id_tc26_gost_3410_2012_256_constants 1 2 643 7 1 2 1 1 */
+1148, /* OBJ_id_tc26_gost_3410_2012_256_paramSetA 1 2 643 7 1 2 1 1 1 */
+1149, /* OBJ_id_tc26_gost_3410_2012_512_paramSetC 1 2 643 7 1 2 1 2 3 */
};
diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
index 430e14a244..a871bb0c7e 100644
--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
@@ -4364,3 +4364,96 @@
#define LN_jurisdictionCountryName "jurisdictionCountryName"
#define NID_jurisdictionCountryName 957
#define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+
+
+#define SN_id_tc26_cipher_gostr3412_2015_magma "id-tc26-cipher-gostr3412-2015-magma"
+#define NID_id_tc26_cipher_gostr3412_2015_magma 1173
+#define OBJ_id_tc26_cipher_gostr3412_2015_magma OBJ_id_tc26_cipher,1L
+
+#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm "id-tc26-cipher-gostr3412-2015-magma-ctracpkm"
+#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1174
+#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_magma,1L
+
+#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac"
+#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1175
+#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_magma,2L
+
+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik "id-tc26-cipher-gostr3412-2015-kuznyechik"
+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik 1176
+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik OBJ_id_tc26_cipher,2L
+
+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm"
+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1177
+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L
+
+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac"
+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1178
+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L
+
+#define SN_id_tc26_wrap "id-tc26-wrap"
+#define NID_id_tc26_wrap 1179
+#define OBJ_id_tc26_wrap OBJ_id_tc26_algorithms,7L
+
+#define SN_id_tc26_wrap_gostr3412_2015_magma "id-tc26-wrap-gostr3412-2015-magma"
+#define NID_id_tc26_wrap_gostr3412_2015_magma 1180
+#define OBJ_id_tc26_wrap_gostr3412_2015_magma OBJ_id_tc26_wrap,1L
+
+#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 "id-tc26-wrap-gostr3412-2015-magma-kexp15"
+#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 1181
+#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L
+
+#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik "id-tc26-wrap-gostr3412-2015-kuznyechik"
+#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik 1182
+#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik OBJ_id_tc26_wrap,2L
+
+#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15"
+#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183
+#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetB "id-tc26-gost-3410-2012-256-paramSetB"
+#define LN_id_tc26_gost_3410_2012_256_paramSetB "GOST R 34.10-2012 (256 bit) ParamSet B"
+#define NID_id_tc26_gost_3410_2012_256_paramSetB 1184
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetB OBJ_id_tc26_gost_3410_2012_256_constants,2L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetC "id-tc26-gost-3410-2012-256-paramSetC"
+#define LN_id_tc26_gost_3410_2012_256_paramSetC "GOST R 34.10-2012 (256 bit) ParamSet C"
+#define NID_id_tc26_gost_3410_2012_256_paramSetC 1185
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetC OBJ_id_tc26_gost_3410_2012_256_constants,3L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetD "id-tc26-gost-3410-2012-256-paramSetD"
+#define LN_id_tc26_gost_3410_2012_256_paramSetD "GOST R 34.10-2012 (256 bit) ParamSet D"
+#define NID_id_tc26_gost_3410_2012_256_paramSetD 1186
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetD OBJ_id_tc26_gost_3410_2012_256_constants,4L
+
+#define SN_magma_ecb "magma-ecb"
+#define NID_magma_ecb 1187
+
+#define SN_magma_ctr "magma-ctr"
+#define NID_magma_ctr 1188
+
+#define SN_magma_ofb "magma-ofb"
+#define NID_magma_ofb 1189
+
+#define SN_magma_cbc "magma-cbc"
+#define NID_magma_cbc 1190
+
+#define SN_magma_cfb "magma-cfb"
+#define NID_magma_cfb 1191
+
+#define SN_magma_mac "magma-mac"
+#define NID_magma_mac 1192
+
+#define SN_id_tc26_gost_3410_2012_256_constants "id-tc26-gost-3410-2012-256-constants"
+#define LN_id_tc26_gost_3410_2012_256_constants "id-tc26-gost-3410-2012-256-constants"
+#define NID_id_tc26_gost_3410_2012_256_constants 1147
+#define OBJ_id_tc26_gost_3410_2012_256_constants OBJ_id_tc26_sign_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetA "id-tc26-gost-3410-2012-256-paramSetA"
+#define LN_id_tc26_gost_3410_2012_256_paramSetA "GOST R 34.10-2012 (256 bit) ParamSet A"
+#define NID_id_tc26_gost_3410_2012_256_paramSetA 1148
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetA OBJ_id_tc26_gost_3410_2012_256_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetC "id-tc26-gost-3410-2012-512-paramSetC"
+#define LN_id_tc26_gost_3410_2012_512_paramSetC "GOST R 34.10-2012 (512 bit) ParamSet C"
+#define NID_id_tc26_gost_3410_2012_512_paramSetC 1149
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetC OBJ_id_tc26_gost_3410_2012_512_constants,3L
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index e5f2eaeb6e..3a5af05f6e 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -977,10 +977,13 @@ id_tc26_agreement_gost_3410_2012_256 976
id_tc26_agreement_gost_3410_2012_512 977
id_tc26_constants 978
id_tc26_sign_constants 979
+id_tc26_gost_3410_2012_256_constants 1147
+id_tc26_gost_3410_2012_256_paramSetA 1148
id_tc26_gost_3410_2012_512_constants 980
id_tc26_gost_3410_2012_512_paramSetTest 981
id_tc26_gost_3410_2012_512_paramSetA 982
id_tc26_gost_3410_2012_512_paramSetB 983
+id_tc26_gost_3410_2012_512_paramSetC 1149
id_tc26_digest_constants 984
id_tc26_cipher_constants 985
id_tc26_gost_28147_constants 986
@@ -997,3 +1000,23 @@ grasshopper_ofb 996
grasshopper_cbc 997
grasshopper_cfb 998
grasshopper_mac 999
+id_tc26_cipher_gostr3412_2015_magma 1173
+id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1174
+id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1175
+id_tc26_cipher_gostr3412_2015_kuznyechik 1176
+id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1177
+id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1178
+id_tc26_wrap 1179
+id_tc26_wrap_gostr3412_2015_magma 1180
+id_tc26_wrap_gostr3412_2015_magma_kexp15 1181
+id_tc26_wrap_gostr3412_2015_kuznyechik 1182
+id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183
+id_tc26_gost_3410_2012_256_paramSetB 1184
+id_tc26_gost_3410_2012_256_paramSetC 1185
+id_tc26_gost_3410_2012_256_paramSetD 1186
+magma_ecb 1187
+magma_ctr 1188
+magma_ofb 1189
+magma_cbc 1190
+magma_cfb 1191
+magma_mac 1192
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 31286b176a..7b400c9842 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -1259,18 +1259,36 @@ id-tc26-mac 1 : id-tc26-hmac-gost-3411-2012-256 : HMAC GOST 34.11-2012 256 bit
id-tc26-mac 2 : id-tc26-hmac-gost-3411-2012-512 : HMAC GOST 34.11-2012 512 bit
id-tc26-algorithms 5 : id-tc26-cipher
+id-tc26-cipher 1 : id-tc26-cipher-gostr3412-2015-magma
+id-tc26-cipher-gostr3412-2015-magma 1 : id-tc26-cipher-gostr3412-2015-magma-ctracpkm
+id-tc26-cipher-gostr3412-2015-magma 2 : id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac
+id-tc26-cipher 2 : id-tc26-cipher-gostr3412-2015-kuznyechik
+id-tc26-cipher-gostr3412-2015-kuznyechik 1 : id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm
+id-tc26-cipher-gostr3412-2015-kuznyechik 2 : id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac
id-tc26-algorithms 6 : id-tc26-agreement
id-tc26-agreement 1 : id-tc26-agreement-gost-3410-2012-256
id-tc26-agreement 2 : id-tc26-agreement-gost-3410-2012-512
+id-tc26-algorithms 7 : id-tc26-wrap
+id-tc26-wrap 1 : id-tc26-wrap-gostr3412-2015-magma
+id-tc26-wrap-gostr3412-2015-magma 1 : id-tc26-wrap-gostr3412-2015-magma-kexp15
+id-tc26-wrap 2 : id-tc26-wrap-gostr3412-2015-kuznyechik
+id-tc26-wrap-gostr3412-2015-magma 1 : id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15
+
id-tc26 2 : id-tc26-constants
id-tc26-constants 1 : id-tc26-sign-constants
+id-tc26-sign-constants 1: id-tc26-gost-3410-2012-256-constants
id-tc26-sign-constants 2: id-tc26-gost-3410-2012-512-constants
+id-tc26-gost-3410-2012-256-constants 1 : id-tc26-gost-3410-2012-256-paramSetA: GOST R 34.10-2012 (256 bit) ParamSet A
+id-tc26-gost-3410-2012-256-constants 2 : id-tc26-gost-3410-2012-256-paramSetB: GOST R 34.10-2012 (256 bit) ParamSet B
+id-tc26-gost-3410-2012-256-constants 3 : id-tc26-gost-3410-2012-256-paramSetC: GOST R 34.10-2012 (256 bit) ParamSet C
+id-tc26-gost-3410-2012-256-constants 4 : id-tc26-gost-3410-2012-256-paramSetD: GOST R 34.10-2012 (256 bit) ParamSet D
id-tc26-gost-3410-2012-512-constants 0 : id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set
id-tc26-gost-3410-2012-512-constants 1 : id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A
id-tc26-gost-3410-2012-512-constants 2 : id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B
+id-tc26-gost-3410-2012-512-constants 3 : id-tc26-gost-3410-2012-512-paramSetC: GOST R 34.10-2012 (512 bit) ParamSet C
id-tc26-constants 2 : id-tc26-digest-constants
id-tc26-constants 5 : id-tc26-cipher-constants
@@ -1289,6 +1307,14 @@ member-body 643 100 3 : SNILS : SNILS
: grasshopper-cfb
: grasshopper-mac
+#GOST R34.13-2015 Magma
+ : magma-ecb
+ : magma-ctr
+ : magma-ofb
+ : magma-cbc
+ : magma-cfb
+ : magma-mac
+
# Definitions for Camellia cipher - CBC MODE
1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc
--
2.20.1

45
openssl-1.0.2-add-engines.patch
View file

@ -1,45 +0,0 @@
--- openssl-1.0.2/apps/version.c.version-add-engines 2015-01-25 13:46:17.556753160 +0100
+++ openssl-1.0.2/apps/version.c 2015-01-25 13:55:16.310634385 +0100
@@ -131,6 +131,7 @@
#ifndef OPENSSL_NO_BF
# include <openssl/blowfish.h>
#endif
+#include <openssl/engine.h>
#undef PROG
#define PROG version_main
@@ -140,7 +141,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int i, ret = 0;
- int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
+ int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0, engines = 0;
apps_startup();
@@ -164,7 +165,7 @@ int MAIN(int argc, char **argv)
else if (strcmp(argv[i], "-d") == 0)
dir = 1;
else if (strcmp(argv[i], "-a") == 0)
- date = version = cflags = options = platform = dir = 1;
+ date = version = cflags = options = platform = dir = engines = 1;
else {
BIO_printf(bio_err, "usage:version -[avbofpd]\n");
ret = 1;
@@ -208,6 +209,16 @@ int MAIN(int argc, char **argv)
printf("%s\n", SSLeay_version(SSLEAY_CFLAGS));
if (dir)
printf("%s\n", SSLeay_version(SSLEAY_DIR));
+ if (engines) {
+ ENGINE *e;
+ printf("engines: ");
+ e = ENGINE_get_first();
+ while(e) {
+ printf("%s ", ENGINE_get_id(e));
+ e = ENGINE_get_next(e);
+ }
+ printf("\n");
+ }
end:
apps_shutdown();
OPENSSL_EXIT(ret);

32
openssl-1.0.2-defaults.patch
View file

@ -1,32 +0,0 @@
--- openssl-1.0.2/apps/openssl.cnf.defaults 2015-01-22 15:58:06.000000000 +0100
+++ openssl-1.0.2/apps/openssl.cnf 2015-01-25 11:27:18.561475929 +0100
@@ -104,6 +104,7 @@ emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
+default_md = sha1
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
@@ -126,17 +127,18 @@ string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
-countryName_default = AU
+countryName_default = XX
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
+stateOrProvinceName_default = Default Province
localityName = Locality Name (eg, city)
+localityName_default = Default City
0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
+0.organizationName_default = Default Company Ltd
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)

50
openssl-1.0.2-enginesdir.patch
View file

@ -1,50 +0,0 @@
--- openssl-1.0.2/Configure.engines 2015-01-25 13:56:48.037706400 +0100
+++ openssl-1.0.2/Configure 2015-01-25 13:56:48.038706401 +0100
@@ -710,6 +710,7 @@ my $idx_multilib = $idx++;
my $prefix="";
my $libdir="";
my $openssldir="";
+my $enginesdir="";
my $exe_ext="";
my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
my $cross_compile_prefix="";
@@ -937,6 +938,10 @@ PROCESS_ARGS:
{
$openssldir=$1;
}
+ elsif (/^--enginesdir=(.*)$/)
+ {
+ $enginesdir=$1;
+ }
elsif (/^--install.prefix=(.*)$/)
{
$install_prefix=$1;
@@ -1193,7 +1198,7 @@ chop $prefix if $prefix =~ /.\/$/;
$openssldir=$prefix . "/ssl" if $openssldir eq "";
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
-
+$enginesdir="$prefix/lib/engines" if $enginesdir eq "";
print "IsMK1MF=$IsMK1MF\n";
@@ -1879,7 +1884,7 @@ while (<IN>)
}
elsif (/^#define\s+ENGINESDIR/)
{
- my $foo = "$prefix/$libdir/engines";
+ my $foo = "$enginesdir";
$foo =~ s/\\/\\\\/g;
print OUT "#define ENGINESDIR \"$foo\"\n";
}
--- openssl-1.0.2/engines/Makefile.engines 2015-01-25 13:56:48.039706402 +0100
+++ openssl-1.0.2/engines/Makefile 2015-01-25 13:57:23.706518032 +0100
@@ -124,7 +124,7 @@ install:
esac; \
cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
done; \
fi

21
openssl-1.0.2-test-use-localhost.patch
View file

@ -1,21 +0,0 @@
diff -Naur openssl-1.0.2o.orig/ssl/ssltest.c openssl-1.0.2o/ssl/ssltest.c
--- openssl-1.0.2o.orig/ssl/ssltest.c 2018-03-31 19:02:09.054769078 +0300
+++ openssl-1.0.2o/ssl/ssltest.c 2018-03-31 19:02:09.070769368 +0300
@@ -1859,16 +1859,7 @@
#ifndef OPENSSL_NO_KRB5
if (c_ssl && c_ssl->kssl_ctx) {
- char localhost[MAXHOSTNAMELEN + 2];
-
- if (gethostname(localhost, sizeof(localhost) - 1) == 0) {
- localhost[sizeof(localhost) - 1] = '\0';
- if (strlen(localhost) == sizeof(localhost) - 1) {
- BIO_printf(bio_err, "localhost name too long\n");
- goto end;
- }
- kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost);
- }
+ kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, "localhost");
}
#endif /* OPENSSL_NO_KRB5 */

27
openssl-1.0.2-x509.patch
View file

@ -1,27 +0,0 @@
--- openssl-1.0.2/crypto/x509/by_file.c.x509 2015-01-25 11:27:44.827662311 +0100
+++ openssl-1.0.2/crypto/x509/by_file.c 2015-01-25 13:46:01.748713008 +0100
@@ -152,9 +152,12 @@ int X509_load_cert_file(X509_LOOKUP *ctx
}
}
i = X509_STORE_add_cert(ctx->store_ctx, x);
- if (!i)
- goto err;
- count++;
+ /* ignore any problems with current certificate and
+ * continue with the next one */
+ if(i)
+ count++;
+ else
+ ERR_clear_error();
X509_free(x);
x = NULL;
}
@@ -167,7 +170,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx
}
i = X509_STORE_add_cert(ctx->store_ctx, x);
if (!i)
- goto err;
+ ERR_clear_error();
ret = i;
} else {
X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE);

85
openssl-1.0.2e-optflags.patch
View file

@ -1,85 +0,0 @@
--- openssl-1.0.2/Configure.optflags 2015-01-22 09:58:32.000000000 -0500
+++ openssl-1.0.2/Configure 2015-02-19 17:35:04.071328593 -0500
@@ -348,8 +348,8 @@ my %table=(
####
# *-generic* is endian-neutral target, but ./config is free to
# throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic32","gcc:\$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc", "gcc:-DB_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#######################################################################
# Note that -march is not among compiler options in below linux-armv4
@@ -378,8 +378,8 @@ my %table=(
#
# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
#
-"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-armv4", "gcc: \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aarch64","gcc: \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# Configure script adds minimally required -march for assembly support,
# if no -march was specified at command line. mips32 and mips64 below
# refer to contemporary MIPS Architecture specifications, MIPS32 and
@@ -388,20 +388,20 @@ my %table=(
"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### IA-32 targets...
-"linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
+"linux-ia32-icc", "icc:-DL_ENDIAN \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf", "gcc:-DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aout", "gcc:-DL_ENDIAN \$(RPM_OPT_FLAGS) -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
####
-"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
+"linux-generic64","gcc:\$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc64", "gcc:-m64 -DB_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-ppc64le","gcc:-m64 -DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-icc","icc:-DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64-icc", "icc:-DL_ENDIAN \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x32", "gcc:-mx32 -DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### So called "highgprs" target for z/Architecture CPUs
# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
@@ -419,12 +419,12 @@ my %table=(
#### SPARC Linux setups
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
# assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN \$(RPM_OPT_FLAGS) -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# it's a real mess with -mcpu=ultrasparc option under Linux, but
# -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN \$(RPM_OPT_FLAGS) -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### Alpha Linux with GNU C and Compaq C setups
# Special notes:
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -438,8 +438,8 @@ my %table=(
#
# <appro@fy.chalmers.se>
#
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-gcc","gcc:$(RPM_OPT_FLAGS) -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:$(RPM_OPT_FLAGS) -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",

930
openssl-1.0.2l-gost-engine.patch
View file

@ -1,930 +0,0 @@
diff -urN openssl-1.0.2l/crypto/asn1/a_mbstr.c openssl-1.0.2l-patched/crypto/asn1/a_mbstr.c
--- openssl-1.0.2l/crypto/asn1/a_mbstr.c 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/asn1/a_mbstr.c 2017-06-30 22:32:46.624534512 +1000
@@ -173,6 +173,8 @@
str_type = V_ASN1_PRINTABLESTRING;
else if (mask & B_ASN1_IA5STRING)
str_type = V_ASN1_IA5STRING;
+ else if (mask & B_ASN1_NUMERICSTRING)
+ str_type = V_ASN1_NUMERICSTRING;
else if (mask & B_ASN1_T61STRING)
str_type = V_ASN1_T61STRING;
else if (mask & B_ASN1_BMPSTRING) {
diff -urN openssl-1.0.2l/crypto/asn1/a_strnid.c openssl-1.0.2l-patched/crypto/asn1/a_strnid.c
--- openssl-1.0.2l/crypto/asn1/a_strnid.c 2017-05-25 22:54:38.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/asn1/a_strnid.c 2017-06-30 22:34:13.106542001 +1000
@@ -193,7 +193,10 @@
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
- {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
+ {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+ {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+ {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+ {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}
};
static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
diff -urN openssl-1.0.2l/crypto/cms/cms_sd.c openssl-1.0.2l-patched/crypto/cms/cms_sd.c
--- openssl-1.0.2l/crypto/cms/cms_sd.c 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/cms/cms_sd.c 2017-06-30 22:32:46.626534512 +1000
@@ -943,6 +943,8 @@
int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
{
if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+ || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
+ || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
|| !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
|| !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
|| !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
diff -urN openssl-1.0.2l/crypto/evp/evp.h openssl-1.0.2l-patched/crypto/evp/evp.h
--- openssl-1.0.2l/crypto/evp/evp.h 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/evp/evp.h 2017-06-30 22:32:46.627534512 +1000
@@ -423,6 +423,35 @@
# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b
# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c
+/*
+ * Russian GOST has some parameters defining its usage:
+ * S-blocks, key meshing, padding modes
+ */
+#define EVP_CTRL_GOST_PARAMS 0x1d
+#define EVP_CTRL_GOST_KEY_MESHING 0x1e
+#define EVP_CTRL_GOST_PADDING 0x1f
+
+/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */
+# define EVP_CTRL_SET_SBOX 0x1d
+/*
+ * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a
+ * pre-allocated buffer with specified size
+ */
+# define EVP_CTRL_SBOX_USED 0x1e
+/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after,
+ * 0 switches meshing off
+ */
+# define EVP_CTRL_KEY_MESH 0x1f
+/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */
+# define EVP_CTRL_BLOCK_PADDING_MODE 0x20
+
+/* Padding modes */
+#define EVP_PADDING_PKCS7 1
+#define EVP_PADDING_ISO7816_4 2
+#define EVP_PADDING_ANSI923 3
+#define EVP_PADDING_ISO10126 4
+#define EVP_PADDING_ZERO 5
+
/* RFC 5246 defines additional data to be 13 bytes in length */
# define EVP_AEAD_TLS1_AAD_LEN 13
diff -urN openssl-1.0.2l/crypto/evp/evp_pbe.c openssl-1.0.2l-patched/crypto/evp/evp_pbe.c
--- openssl-1.0.2l/crypto/evp/evp_pbe.c 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/evp/evp_pbe.c 2017-06-30 22:32:46.627534512 +1000
@@ -121,6 +121,10 @@
{EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
{EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
{EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
+ {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_256, -1,
+ NID_id_GostR3411_2012_256, 0},
+ {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1,
+ NID_id_GostR3411_2012_512, 0},
};
#ifdef TEST
diff -urN openssl-1.0.2l/crypto/objects/obj_dat.h openssl-1.0.2l-patched/crypto/objects/obj_dat.h
--- openssl-1.0.2l/crypto/objects/obj_dat.h 2017-05-25 22:55:20.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_dat.h 2017-06-30 22:32:46.631534513 +1000
@@ -62,12 +62,12 @@
* [including the GNU Public Licence.]
*/
-#define NUM_NID 958
-#define NUM_SN 951
-#define NUM_LN 951
-#define NUM_OBJ 890
+#define NUM_NID 1000
+#define NUM_SN 993
+#define NUM_LN 993
+#define NUM_OBJ 921
-static const unsigned char lvalues[6255]={
+static const unsigned char lvalues[6485]={
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@@ -952,6 +952,37 @@
0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,/* [6221] OBJ_jurisdictionLocalityName */
0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,/* [6232] OBJ_jurisdictionStateOrProvinceName */
0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,/* [6243] OBJ_jurisdictionCountryName */
+0x2A,0x85,0x03,0x07,0x01, /* [6254] OBJ_id_tc26 */
+0x2A,0x85,0x03,0x07,0x01,0x01, /* [6259] OBJ_id_tc26_algorithms */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x01, /* [6265] OBJ_id_tc26_sign */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01, /* [6272] OBJ_id_GostR3410_2012_256 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02, /* [6280] OBJ_id_GostR3410_2012_512 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x02, /* [6288] OBJ_id_tc26_digest */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x02, /* [6295] OBJ_id_GostR3411_2012_256 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x03, /* [6303] OBJ_id_GostR3411_2012_512 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x03, /* [6311] OBJ_id_tc26_signwithdigest */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02, /* [6318] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03, /* [6326] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x04, /* [6334] OBJ_id_tc26_mac */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01, /* [6341] OBJ_id_tc26_hmac_gost_3411_2012_256 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02, /* [6349] OBJ_id_tc26_hmac_gost_3411_2012_512 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05, /* [6357] OBJ_id_tc26_cipher */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x06, /* [6364] OBJ_id_tc26_agreement */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x01, /* [6371] OBJ_id_tc26_agreement_gost_3410_2012_256 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x02, /* [6379] OBJ_id_tc26_agreement_gost_3410_2012_512 */
+0x2A,0x85,0x03,0x07,0x01,0x02, /* [6387] OBJ_id_tc26_constants */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01, /* [6393] OBJ_id_tc26_sign_constants */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02, /* [6400] OBJ_id_tc26_gost_3410_2012_512_constants */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x00,/* [6408] OBJ_id_tc26_gost_3410_2012_512_paramSetTest */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01,/* [6417] OBJ_id_tc26_gost_3410_2012_512_paramSetA */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02,/* [6426] OBJ_id_tc26_gost_3410_2012_512_paramSetB */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x02, /* [6435] OBJ_id_tc26_digest_constants */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x05, /* [6442] OBJ_id_tc26_cipher_constants */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01, /* [6449] OBJ_id_tc26_gost_28147_constants */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01,/* [6457] OBJ_id_tc26_gost_28147_param_Z */
+0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01, /* [6466] OBJ_INN */
+0x2A,0x85,0x03,0x64,0x01, /* [6474] OBJ_OGRN */
+0x2A,0x85,0x03,0x64,0x03, /* [6479] OBJ_SNILS */
};
static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2514,6 +2545,81 @@
NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0},
{"jurisdictionC","jurisdictionCountryName",
NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
+{"id-tc26","id-tc26",NID_id_tc26,5,&(lvalues[6254]),0},
+{"gost89-cnt-12","gost89-cnt-12",NID_gost89_cnt_12,0,NULL,0},
+{"gost-mac-12","gost-mac-12",NID_gost_mac_12,0,NULL,0},
+{"id-tc26-algorithms","id-tc26-algorithms",NID_id_tc26_algorithms,6,
+ &(lvalues[6259]),0},
+{"id-tc26-sign","id-tc26-sign",NID_id_tc26_sign,7,&(lvalues[6265]),0},
+{"gost2012_256","GOST R 34.10-2012 with 256 bit modulus",
+ NID_id_GostR3410_2012_256,8,&(lvalues[6272]),0},
+{"gost2012_512","GOST R 34.10-2012 with 512 bit modulus",
+ NID_id_GostR3410_2012_512,8,&(lvalues[6280]),0},
+{"id-tc26-digest","id-tc26-digest",NID_id_tc26_digest,7,
+ &(lvalues[6288]),0},
+{"md_gost12_256","GOST R 34.11-2012 with 256 bit hash",
+ NID_id_GostR3411_2012_256,8,&(lvalues[6295]),0},
+{"md_gost12_512","GOST R 34.11-2012 with 512 bit hash",
+ NID_id_GostR3411_2012_512,8,&(lvalues[6303]),0},
+{"id-tc26-signwithdigest","id-tc26-signwithdigest",
+ NID_id_tc26_signwithdigest,7,&(lvalues[6311]),0},
+{"id-tc26-signwithdigest-gost3410-2012-256",
+ "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)",
+ NID_id_tc26_signwithdigest_gost3410_2012_256,8,&(lvalues[6318]),0},
+{"id-tc26-signwithdigest-gost3410-2012-512",
+ "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)",
+ NID_id_tc26_signwithdigest_gost3410_2012_512,8,&(lvalues[6326]),0},
+{"id-tc26-mac","id-tc26-mac",NID_id_tc26_mac,7,&(lvalues[6334]),0},
+{"id-tc26-hmac-gost-3411-2012-256","HMAC GOST 34.11-2012 256 bit",
+ NID_id_tc26_hmac_gost_3411_2012_256,8,&(lvalues[6341]),0},
+{"id-tc26-hmac-gost-3411-2012-512","HMAC GOST 34.11-2012 512 bit",
+ NID_id_tc26_hmac_gost_3411_2012_512,8,&(lvalues[6349]),0},
+{"id-tc26-cipher","id-tc26-cipher",NID_id_tc26_cipher,7,
+ &(lvalues[6357]),0},
+{"id-tc26-agreement","id-tc26-agreement",NID_id_tc26_agreement,7,
+ &(lvalues[6364]),0},
+{"id-tc26-agreement-gost-3410-2012-256",
+ "id-tc26-agreement-gost-3410-2012-256",
+ NID_id_tc26_agreement_gost_3410_2012_256,8,&(lvalues[6371]),0},
+{"id-tc26-agreement-gost-3410-2012-512",
+ "id-tc26-agreement-gost-3410-2012-512",
+ NID_id_tc26_agreement_gost_3410_2012_512,8,&(lvalues[6379]),0},
+{"id-tc26-constants","id-tc26-constants",NID_id_tc26_constants,6,
+ &(lvalues[6387]),0},
+{"id-tc26-sign-constants","id-tc26-sign-constants",
+ NID_id_tc26_sign_constants,7,&(lvalues[6393]),0},
+{"id-tc26-gost-3410-2012-512-constants",
+ "id-tc26-gost-3410-2012-512-constants",
+ NID_id_tc26_gost_3410_2012_512_constants,8,&(lvalues[6400]),0},
+{"id-tc26-gost-3410-2012-512-paramSetTest",
+ "GOST R 34.10-2012 (512 bit) testing parameter set",
+ NID_id_tc26_gost_3410_2012_512_paramSetTest,9,&(lvalues[6408]),0},
+{"id-tc26-gost-3410-2012-512-paramSetA",
+ "GOST R 34.10-2012 (512 bit) ParamSet A",
+ NID_id_tc26_gost_3410_2012_512_paramSetA,9,&(lvalues[6417]),0},
+{"id-tc26-gost-3410-2012-512-paramSetB",
+ "GOST R 34.10-2012 (512 bit) ParamSet B",
+ NID_id_tc26_gost_3410_2012_512_paramSetB,9,&(lvalues[6426]),0},
+{"id-tc26-digest-constants","id-tc26-digest-constants",
+ NID_id_tc26_digest_constants,7,&(lvalues[6435]),0},
+{"id-tc26-cipher-constants","id-tc26-cipher-constants",
+ NID_id_tc26_cipher_constants,7,&(lvalues[6442]),0},
+{"id-tc26-gost-28147-constants","id-tc26-gost-28147-constants",
+ NID_id_tc26_gost_28147_constants,8,&(lvalues[6449]),0},
+{"id-tc26-gost-28147-param-Z","GOST 28147-89 TC26 parameter set",
+ NID_id_tc26_gost_28147_param_Z,9,&(lvalues[6457]),0},
+{"INN","INN",NID_INN,8,&(lvalues[6466]),0},
+{"OGRN","OGRN",NID_OGRN,5,&(lvalues[6474]),0},
+{"SNILS","SNILS",NID_SNILS,5,&(lvalues[6479]),0},
+{"gost89-cbc","gost89-cbc",NID_gost89_cbc,0,NULL,0},
+{"gost89-ecb","gost89-ecb",NID_gost89_ecb,0,NULL,0},
+{"gost89-ctr","gost89-ctr",NID_gost89_ctr,0,NULL,0},
+{"grasshopper-ecb","grasshopper-ecb",NID_grasshopper_ecb,0,NULL,0},
+{"grasshopper-ctr","grasshopper-ctr",NID_grasshopper_ctr,0,NULL,0},
+{"grasshopper-ofb","grasshopper-ofb",NID_grasshopper_ofb,0,NULL,0},
+{"grasshopper-cbc","grasshopper-cbc",NID_grasshopper_cbc,0,NULL,0},
+{"grasshopper-cfb","grasshopper-cfb",NID_grasshopper_cfb,0,NULL,0},
+{"grasshopper-mac","grasshopper-mac",NID_grasshopper_mac,0,NULL,0},
};
static const unsigned int sn_objs[NUM_SN]={
@@ -2614,6 +2720,7 @@
35, /* "IDEA-CFB" */
36, /* "IDEA-ECB" */
46, /* "IDEA-OFB" */
+988, /* "INN" */
181, /* "ISO" */
183, /* "ISO-US" */
645, /* "ITU-T" */
@@ -2635,6 +2742,7 @@
17, /* "O" */
178, /* "OCSP" */
180, /* "OCSPSigning" */
+989, /* "OGRN" */
379, /* "ORG" */
18, /* "OU" */
749, /* "Oakley-EC2N-3" */
@@ -2700,6 +2808,7 @@
188, /* "SMIME" */
167, /* "SMIME-CAPS" */
100, /* "SN" */
+990, /* "SNILS" */
16, /* "ST" */
143, /* "SXNetID" */
458, /* "UID" */
@@ -2858,12 +2967,25 @@
156, /* "friendlyName" */
509, /* "generationQualifier" */
815, /* "gost-mac" */
+960, /* "gost-mac-12" */
811, /* "gost2001" */
851, /* "gost2001cc" */
+963, /* "gost2012_256" */
+964, /* "gost2012_512" */
813, /* "gost89" */
+991, /* "gost89-cbc" */
814, /* "gost89-cnt" */
+959, /* "gost89-cnt-12" */
+993, /* "gost89-ctr" */
+992, /* "gost89-ecb" */
812, /* "gost94" */
850, /* "gost94cc" */
+997, /* "grasshopper-cbc" */
+998, /* "grasshopper-cfb" */
+995, /* "grasshopper-ctr" */
+994, /* "grasshopper-ecb" */
+999, /* "grasshopper-mac" */
+996, /* "grasshopper-ofb" */
797, /* "hmacWithMD5" */
163, /* "hmacWithSHA1" */
798, /* "hmacWithSHA224" */
@@ -3115,6 +3237,30 @@
194, /* "id-smime-spq" */
250, /* "id-smime-spq-ets-sqt-unotice" */
249, /* "id-smime-spq-ets-sqt-uri" */
+958, /* "id-tc26" */
+975, /* "id-tc26-agreement" */
+976, /* "id-tc26-agreement-gost-3410-2012-256" */
+977, /* "id-tc26-agreement-gost-3410-2012-512" */
+961, /* "id-tc26-algorithms" */
+974, /* "id-tc26-cipher" */
+985, /* "id-tc26-cipher-constants" */
+978, /* "id-tc26-constants" */
+965, /* "id-tc26-digest" */
+984, /* "id-tc26-digest-constants" */
+986, /* "id-tc26-gost-28147-constants" */
+987, /* "id-tc26-gost-28147-param-Z" */
+980, /* "id-tc26-gost-3410-2012-512-constants" */
+982, /* "id-tc26-gost-3410-2012-512-paramSetA" */
+983, /* "id-tc26-gost-3410-2012-512-paramSetB" */
+981, /* "id-tc26-gost-3410-2012-512-paramSetTest" */
+972, /* "id-tc26-hmac-gost-3411-2012-256" */
+973, /* "id-tc26-hmac-gost-3411-2012-512" */
+971, /* "id-tc26-mac" */
+962, /* "id-tc26-sign" */
+979, /* "id-tc26-sign-constants" */
+968, /* "id-tc26-signwithdigest" */
+969, /* "id-tc26-signwithdigest-gost3410-2012-256" */
+970, /* "id-tc26-signwithdigest-gost3410-2012-512" */
676, /* "identified-organization" */
461, /* "info" */
748, /* "inhibitAnyPolicy" */
@@ -3140,6 +3286,8 @@
460, /* "mail" */
493, /* "mailPreferenceOption" */
467, /* "manager" */
+966, /* "md_gost12_256" */
+967, /* "md_gost12_512" */
809, /* "md_gost94" */
875, /* "member" */
182, /* "member-body" */
@@ -3497,12 +3645,22 @@
813, /* "GOST 28147-89" */
849, /* "GOST 28147-89 Cryptocom ParamSet" */
815, /* "GOST 28147-89 MAC" */
+987, /* "GOST 28147-89 TC26 parameter set" */
851, /* "GOST 34.10-2001 Cryptocom" */
850, /* "GOST 34.10-94 Cryptocom" */
811, /* "GOST R 34.10-2001" */
817, /* "GOST R 34.10-2001 DH" */
+982, /* "GOST R 34.10-2012 (512 bit) ParamSet A" */
+983, /* "GOST R 34.10-2012 (512 bit) ParamSet B" */
+981, /* "GOST R 34.10-2012 (512 bit) testing parameter set" */
+963, /* "GOST R 34.10-2012 with 256 bit modulus" */
+964, /* "GOST R 34.10-2012 with 512 bit modulus" */
+969, /* "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" */
+970, /* "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" */
812, /* "GOST R 34.10-94" */
818, /* "GOST R 34.10-94 DH" */
+966, /* "GOST R 34.11-2012 with 256 bit hash" */
+967, /* "GOST R 34.11-2012 with 512 bit hash" */
809, /* "GOST R 34.11-94" */
816, /* "GOST R 34.11-94 PRF" */
807, /* "GOST R 34.11-94 with GOST R 34.10-2001" */
@@ -3510,12 +3668,15 @@
808, /* "GOST R 34.11-94 with GOST R 34.10-94" */
852, /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */
854, /* "GOST R 3410-2001 Parameter Set Cryptocom" */
+972, /* "HMAC GOST 34.11-2012 256 bit" */
+973, /* "HMAC GOST 34.11-2012 512 bit" */
810, /* "HMAC GOST 34.11-94" */
432, /* "Hold Instruction Call Issuer" */
430, /* "Hold Instruction Code" */
431, /* "Hold Instruction None" */
433, /* "Hold Instruction Reject" */
634, /* "ICC or token signature" */
+988, /* "INN" */
294, /* "IPSec End System" */
295, /* "IPSec Tunnel" */
296, /* "IPSec User" */
@@ -3560,6 +3721,7 @@
366, /* "OCSP Nonce" */
371, /* "OCSP Service Locator" */
180, /* "OCSP Signing" */
+989, /* "OGRN" */
161, /* "PBES2" */
69, /* "PBKDF2" */
162, /* "PBMAC1" */
@@ -3573,6 +3735,7 @@
2, /* "RSA Data Security, Inc. PKCS" */
188, /* "S/MIME" */
167, /* "S/MIME Capabilities" */
+990, /* "SNILS" */
387, /* "SNMPv2" */
512, /* "Secure Electronic Transactions" */
386, /* "Security" */
@@ -3825,7 +3988,18 @@
509, /* "generationQualifier" */
601, /* "generic cryptogram" */
99, /* "givenName" */
+960, /* "gost-mac-12" */
+991, /* "gost89-cbc" */
814, /* "gost89-cnt" */
+959, /* "gost89-cnt-12" */
+993, /* "gost89-ctr" */
+992, /* "gost89-ecb" */
+997, /* "grasshopper-cbc" */
+998, /* "grasshopper-cfb" */
+995, /* "grasshopper-ctr" */
+994, /* "grasshopper-ecb" */
+999, /* "grasshopper-mac" */
+996, /* "grasshopper-ofb" */
855, /* "hmac" */
780, /* "hmac-md5" */
781, /* "hmac-sha1" */
@@ -4053,6 +4227,22 @@
194, /* "id-smime-spq" */
250, /* "id-smime-spq-ets-sqt-unotice" */
249, /* "id-smime-spq-ets-sqt-uri" */
+958, /* "id-tc26" */
+975, /* "id-tc26-agreement" */
+976, /* "id-tc26-agreement-gost-3410-2012-256" */
+977, /* "id-tc26-agreement-gost-3410-2012-512" */
+961, /* "id-tc26-algorithms" */
+974, /* "id-tc26-cipher" */
+985, /* "id-tc26-cipher-constants" */
+978, /* "id-tc26-constants" */
+965, /* "id-tc26-digest" */
+984, /* "id-tc26-digest-constants" */
+986, /* "id-tc26-gost-28147-constants" */
+980, /* "id-tc26-gost-3410-2012-512-constants" */
+971, /* "id-tc26-mac" */
+962, /* "id-tc26-sign" */
+979, /* "id-tc26-sign-constants" */
+968, /* "id-tc26-signwithdigest" */
34, /* "idea-cbc" */
35, /* "idea-cfb" */
36, /* "idea-ecb" */
@@ -4661,6 +4851,9 @@
639, /* OBJ_set_brand_JCB 2 23 42 8 35 */
805, /* OBJ_cryptopro 1 2 643 2 2 */
806, /* OBJ_cryptocom 1 2 643 2 9 */
+958, /* OBJ_id_tc26 1 2 643 7 1 */
+989, /* OBJ_OGRN 1 2 643 100 1 */
+990, /* OBJ_SNILS 1 2 643 100 3 */
184, /* OBJ_X9_57 1 2 840 10040 */
405, /* OBJ_ansi_X9_62 1 2 840 10045 */
389, /* OBJ_Enterprises 1 3 6 1 4 1 */
@@ -4745,6 +4938,8 @@
816, /* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */
817, /* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */
818, /* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */
+961, /* OBJ_id_tc26_algorithms 1 2 643 7 1 1 */
+978, /* OBJ_id_tc26_constants 1 2 643 7 1 2 */
1, /* OBJ_rsadsi 1 2 840 113549 */
185, /* OBJ_X9cm 1 2 840 10040 4 */
127, /* OBJ_id_pkix 1 3 6 1 5 5 7 */
@@ -4795,6 +4990,15 @@
842, /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */
843, /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */
844, /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */
+962, /* OBJ_id_tc26_sign 1 2 643 7 1 1 1 */
+965, /* OBJ_id_tc26_digest 1 2 643 7 1 1 2 */
+968, /* OBJ_id_tc26_signwithdigest 1 2 643 7 1 1 3 */
+971, /* OBJ_id_tc26_mac 1 2 643 7 1 1 4 */
+974, /* OBJ_id_tc26_cipher 1 2 643 7 1 1 5 */
+975, /* OBJ_id_tc26_agreement 1 2 643 7 1 1 6 */
+979, /* OBJ_id_tc26_sign_constants 1 2 643 7 1 2 1 */
+984, /* OBJ_id_tc26_digest_constants 1 2 643 7 1 2 2 */
+985, /* OBJ_id_tc26_cipher_constants 1 2 643 7 1 2 5 */
2, /* OBJ_pkcs 1 2 840 113549 1 */
431, /* OBJ_hold_instruction_none 1 2 840 10040 2 1 */
432, /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
@@ -4846,6 +5050,19 @@
851, /* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */
849, /* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */
854, /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */
+988, /* OBJ_INN 1 2 643 3 131 1 1 */
+963, /* OBJ_id_GostR3410_2012_256 1 2 643 7 1 1 1 1 */
+964, /* OBJ_id_GostR3410_2012_512 1 2 643 7 1 1 1 2 */
+966, /* OBJ_id_GostR3411_2012_256 1 2 643 7 1 1 2 2 */
+967, /* OBJ_id_GostR3411_2012_512 1 2 643 7 1 1 2 3 */
+969, /* OBJ_id_tc26_signwithdigest_gost3410_2012_256 1 2 643 7 1 1 3 2 */
+970, /* OBJ_id_tc26_signwithdigest_gost3410_2012_512 1 2 643 7 1 1 3 3 */
+972, /* OBJ_id_tc26_hmac_gost_3411_2012_256 1 2 643 7 1 1 4 1 */
+973, /* OBJ_id_tc26_hmac_gost_3411_2012_512 1 2 643 7 1 1 4 2 */
+976, /* OBJ_id_tc26_agreement_gost_3410_2012_256 1 2 643 7 1 1 6 1 */
+977, /* OBJ_id_tc26_agreement_gost_3410_2012_512 1 2 643 7 1 1 6 2 */
+980, /* OBJ_id_tc26_gost_3410_2012_512_constants 1 2 643 7 1 2 1 2 */
+986, /* OBJ_id_tc26_gost_28147_constants 1 2 643 7 1 2 5 1 */
186, /* OBJ_pkcs1 1 2 840 113549 1 1 */
27, /* OBJ_pkcs3 1 2 840 113549 1 3 */
187, /* OBJ_pkcs5 1 2 840 113549 1 5 */
@@ -5013,6 +5230,10 @@
439, /* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */
440, /* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */
441, /* OBJ_pilotGroups 0 9 2342 19200300 100 10 */
+981, /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */
+982, /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */
+983, /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */
+987, /* OBJ_id_tc26_gost_28147_param_Z 1 2 643 7 1 2 5 1 1 */
108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */
112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */
782, /* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */
diff -urN openssl-1.0.2l/crypto/objects/objects.txt openssl-1.0.2l-patched/crypto/objects/objects.txt
--- openssl-1.0.2l/crypto/objects/objects.txt 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/objects.txt 2017-06-30 22:32:46.633534513 +1000
@@ -1156,6 +1156,7 @@
member-body 643 2 2 : cryptopro
member-body 643 2 9 : cryptocom
+member-body 643 7 1 : id-tc26
cryptopro 3 : id-GostR3411-94-with-GostR3410-2001 : GOST R 34.11-94 with GOST R 34.10-2001
cryptopro 4 : id-GostR3411-94-with-GostR3410-94 : GOST R 34.11-94 with GOST R 34.10-94
@@ -1169,8 +1170,13 @@
!Cname id-Gost28147-89
cryptopro 21 : gost89 : GOST 28147-89
: gost89-cnt
+ : gost89-cnt-12
+ : gost89-cbc
+ : gost89-ecb
+ : gost89-ctr
!Cname id-Gost28147-89-MAC
cryptopro 22 : gost-mac : GOST 28147-89 MAC
+ : gost-mac-12
!Cname id-GostR3411-94-prf
cryptopro 23 : prf-gostr3411-94 : GOST R 34.11-94 PRF
cryptopro 98 : id-GostR3410-2001DH : GOST R 34.10-2001 DH
@@ -1229,6 +1235,60 @@
cryptocom 1 8 1 : id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Set Cryptocom
+# TC26 GOST OIDs
+
+id-tc26 1 : id-tc26-algorithms
+id-tc26-algorithms 1 : id-tc26-sign
+!Cname id-GostR3410-2012-256
+id-tc26-sign 1 : gost2012_256: GOST R 34.10-2012 with 256 bit modulus
+!Cname id-GostR3410-2012-512
+id-tc26-sign 2 : gost2012_512: GOST R 34.10-2012 with 512 bit modulus
+
+id-tc26-algorithms 2 : id-tc26-digest
+!Cname id-GostR3411-2012-256
+id-tc26-digest 2 : md_gost12_256: GOST R 34.11-2012 with 256 bit hash
+!Cname id-GostR3411-2012-512
+id-tc26-digest 3 : md_gost12_512: GOST R 34.11-2012 with 512 bit hash
+
+id-tc26-algorithms 3 : id-tc26-signwithdigest
+id-tc26-signwithdigest 2: id-tc26-signwithdigest-gost3410-2012-256: GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)
+id-tc26-signwithdigest 3: id-tc26-signwithdigest-gost3410-2012-512: GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)
+
+id-tc26-algorithms 4 : id-tc26-mac
+id-tc26-mac 1 : id-tc26-hmac-gost-3411-2012-256 : HMAC GOST 34.11-2012 256 bit
+id-tc26-mac 2 : id-tc26-hmac-gost-3411-2012-512 : HMAC GOST 34.11-2012 512 bit
+
+id-tc26-algorithms 5 : id-tc26-cipher
+
+id-tc26-algorithms 6 : id-tc26-agreement
+id-tc26-agreement 1 : id-tc26-agreement-gost-3410-2012-256
+id-tc26-agreement 2 : id-tc26-agreement-gost-3410-2012-512
+
+id-tc26 2 : id-tc26-constants
+
+id-tc26-constants 1 : id-tc26-sign-constants
+id-tc26-sign-constants 2: id-tc26-gost-3410-2012-512-constants
+id-tc26-gost-3410-2012-512-constants 0 : id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set
+id-tc26-gost-3410-2012-512-constants 1 : id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A
+id-tc26-gost-3410-2012-512-constants 2 : id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B
+
+id-tc26-constants 2 : id-tc26-digest-constants
+id-tc26-constants 5 : id-tc26-cipher-constants
+id-tc26-cipher-constants 1 : id-tc26-gost-28147-constants
+id-tc26-gost-28147-constants 1 : id-tc26-gost-28147-param-Z : GOST 28147-89 TC26 parameter set
+
+member-body 643 3 131 1 1 : INN : INN
+member-body 643 100 1 : OGRN : OGRN
+member-body 643 100 3 : SNILS : SNILS
+
+#GOST R34.13-2015 Grasshopper "Kuznechik"
+ : grasshopper-ecb
+ : grasshopper-ctr
+ : grasshopper-ofb
+ : grasshopper-cbc
+ : grasshopper-cfb
+ : grasshopper-mac
+
# Definitions for Camellia cipher - CBC MODE
1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc
diff -urN openssl-1.0.2l/crypto/objects/obj_mac.h openssl-1.0.2l-patched/crypto/objects/obj_mac.h
--- openssl-1.0.2l/crypto/objects/obj_mac.h 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_mac.h 2017-06-30 22:32:46.635534513 +1000
@@ -3678,6 +3678,10 @@
#define NID_cryptocom 806
#define OBJ_cryptocom OBJ_member_body,643L,2L,9L
+#define SN_id_tc26 "id-tc26"
+#define NID_id_tc26 958
+#define OBJ_id_tc26 OBJ_member_body,643L,7L,1L
+
#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001"
#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001"
#define NID_id_GostR3411_94_with_GostR3410_2001 807
@@ -3716,11 +3720,26 @@
#define SN_gost89_cnt "gost89-cnt"
#define NID_gost89_cnt 814
+#define SN_gost89_cnt_12 "gost89-cnt-12"
+#define NID_gost89_cnt_12 959
+
+#define SN_gost89_cbc "gost89-cbc"
+#define NID_gost89_cbc 991
+
+#define SN_gost89_ecb "gost89-ecb"
+#define NID_gost89_ecb 992
+
+#define SN_gost89_ctr "gost89-ctr"
+#define NID_gost89_ctr 993
+
#define SN_id_Gost28147_89_MAC "gost-mac"
#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC"
#define NID_id_Gost28147_89_MAC 815
#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L
+#define SN_gost_mac_12 "gost-mac-12"
+#define NID_gost_mac_12 960
+
#define SN_id_GostR3411_94_prf "prf-gostr3411-94"
#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF"
#define NID_id_GostR3411_94_prf 816
@@ -3886,6 +3905,159 @@
#define NID_id_GostR3410_2001_ParamSet_cc 854
#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L
+#define SN_id_tc26_algorithms "id-tc26-algorithms"
+#define NID_id_tc26_algorithms 961
+#define OBJ_id_tc26_algorithms OBJ_id_tc26,1L
+
+#define SN_id_tc26_sign "id-tc26-sign"
+#define NID_id_tc26_sign 962
+#define OBJ_id_tc26_sign OBJ_id_tc26_algorithms,1L
+
+#define SN_id_GostR3410_2012_256 "gost2012_256"
+#define LN_id_GostR3410_2012_256 "GOST R 34.10-2012 with 256 bit modulus"
+#define NID_id_GostR3410_2012_256 963
+#define OBJ_id_GostR3410_2012_256 OBJ_id_tc26_sign,1L
+
+#define SN_id_GostR3410_2012_512 "gost2012_512"
+#define LN_id_GostR3410_2012_512 "GOST R 34.10-2012 with 512 bit modulus"
+#define NID_id_GostR3410_2012_512 964
+#define OBJ_id_GostR3410_2012_512 OBJ_id_tc26_sign,2L
+
+#define SN_id_tc26_digest "id-tc26-digest"
+#define NID_id_tc26_digest 965
+#define OBJ_id_tc26_digest OBJ_id_tc26_algorithms,2L
+
+#define SN_id_GostR3411_2012_256 "md_gost12_256"
+#define LN_id_GostR3411_2012_256 "GOST R 34.11-2012 with 256 bit hash"
+#define NID_id_GostR3411_2012_256 966
+#define OBJ_id_GostR3411_2012_256 OBJ_id_tc26_digest,2L
+
+#define SN_id_GostR3411_2012_512 "md_gost12_512"
+#define LN_id_GostR3411_2012_512 "GOST R 34.11-2012 with 512 bit hash"
+#define NID_id_GostR3411_2012_512 967
+#define OBJ_id_GostR3411_2012_512 OBJ_id_tc26_digest,3L
+
+#define SN_id_tc26_signwithdigest "id-tc26-signwithdigest"
+#define NID_id_tc26_signwithdigest 968
+#define OBJ_id_tc26_signwithdigest OBJ_id_tc26_algorithms,3L
+
+#define SN_id_tc26_signwithdigest_gost3410_2012_256 "id-tc26-signwithdigest-gost3410-2012-256"
+#define LN_id_tc26_signwithdigest_gost3410_2012_256 "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)"
+#define NID_id_tc26_signwithdigest_gost3410_2012_256 969
+#define OBJ_id_tc26_signwithdigest_gost3410_2012_256 OBJ_id_tc26_signwithdigest,2L
+
+#define SN_id_tc26_signwithdigest_gost3410_2012_512 "id-tc26-signwithdigest-gost3410-2012-512"
+#define LN_id_tc26_signwithdigest_gost3410_2012_512 "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)"
+#define NID_id_tc26_signwithdigest_gost3410_2012_512 970
+#define OBJ_id_tc26_signwithdigest_gost3410_2012_512 OBJ_id_tc26_signwithdigest,3L
+
+#define SN_id_tc26_mac "id-tc26-mac"
+#define NID_id_tc26_mac 971
+#define OBJ_id_tc26_mac OBJ_id_tc26_algorithms,4L
+
+#define SN_id_tc26_hmac_gost_3411_2012_256 "id-tc26-hmac-gost-3411-2012-256"
+#define LN_id_tc26_hmac_gost_3411_2012_256 "HMAC GOST 34.11-2012 256 bit"
+#define NID_id_tc26_hmac_gost_3411_2012_256 972
+#define OBJ_id_tc26_hmac_gost_3411_2012_256 OBJ_id_tc26_mac,1L
+
+#define SN_id_tc26_hmac_gost_3411_2012_512 "id-tc26-hmac-gost-3411-2012-512"
+#define LN_id_tc26_hmac_gost_3411_2012_512 "HMAC GOST 34.11-2012 512 bit"
+#define NID_id_tc26_hmac_gost_3411_2012_512 973
+#define OBJ_id_tc26_hmac_gost_3411_2012_512 OBJ_id_tc26_mac,2L
+
+#define SN_id_tc26_cipher "id-tc26-cipher"
+#define NID_id_tc26_cipher 974
+#define OBJ_id_tc26_cipher OBJ_id_tc26_algorithms,5L
+
+#define SN_id_tc26_agreement "id-tc26-agreement"
+#define NID_id_tc26_agreement 975
+#define OBJ_id_tc26_agreement OBJ_id_tc26_algorithms,6L
+
+#define SN_id_tc26_agreement_gost_3410_2012_256 "id-tc26-agreement-gost-3410-2012-256"
+#define NID_id_tc26_agreement_gost_3410_2012_256 976
+#define OBJ_id_tc26_agreement_gost_3410_2012_256 OBJ_id_tc26_agreement,1L
+
+#define SN_id_tc26_agreement_gost_3410_2012_512 "id-tc26-agreement-gost-3410-2012-512"
+#define NID_id_tc26_agreement_gost_3410_2012_512 977
+#define OBJ_id_tc26_agreement_gost_3410_2012_512 OBJ_id_tc26_agreement,2L
+
+#define SN_id_tc26_constants "id-tc26-constants"
+#define NID_id_tc26_constants 978
+#define OBJ_id_tc26_constants OBJ_id_tc26,2L
+
+#define SN_id_tc26_sign_constants "id-tc26-sign-constants"
+#define NID_id_tc26_sign_constants 979
+#define OBJ_id_tc26_sign_constants OBJ_id_tc26_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_512_constants "id-tc26-gost-3410-2012-512-constants"
+#define NID_id_tc26_gost_3410_2012_512_constants 980
+#define OBJ_id_tc26_gost_3410_2012_512_constants OBJ_id_tc26_sign_constants,2L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetTest "id-tc26-gost-3410-2012-512-paramSetTest"
+#define LN_id_tc26_gost_3410_2012_512_paramSetTest "GOST R 34.10-2012 (512 bit) testing parameter set"
+#define NID_id_tc26_gost_3410_2012_512_paramSetTest 981
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest OBJ_id_tc26_gost_3410_2012_512_constants,0L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetA "id-tc26-gost-3410-2012-512-paramSetA"
+#define LN_id_tc26_gost_3410_2012_512_paramSetA "GOST R 34.10-2012 (512 bit) ParamSet A"
+#define NID_id_tc26_gost_3410_2012_512_paramSetA 982
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetA OBJ_id_tc26_gost_3410_2012_512_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetB "id-tc26-gost-3410-2012-512-paramSetB"
+#define LN_id_tc26_gost_3410_2012_512_paramSetB "GOST R 34.10-2012 (512 bit) ParamSet B"
+#define NID_id_tc26_gost_3410_2012_512_paramSetB 983
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetB OBJ_id_tc26_gost_3410_2012_512_constants,2L
+
+#define SN_id_tc26_digest_constants "id-tc26-digest-constants"
+#define NID_id_tc26_digest_constants 984
+#define OBJ_id_tc26_digest_constants OBJ_id_tc26_constants,2L
+
+#define SN_id_tc26_cipher_constants "id-tc26-cipher-constants"
+#define NID_id_tc26_cipher_constants 985
+#define OBJ_id_tc26_cipher_constants OBJ_id_tc26_constants,5L
+
+#define SN_id_tc26_gost_28147_constants "id-tc26-gost-28147-constants"
+#define NID_id_tc26_gost_28147_constants 986
+#define OBJ_id_tc26_gost_28147_constants OBJ_id_tc26_cipher_constants,1L
+
+#define SN_id_tc26_gost_28147_param_Z "id-tc26-gost-28147-param-Z"
+#define LN_id_tc26_gost_28147_param_Z "GOST 28147-89 TC26 parameter set"
+#define NID_id_tc26_gost_28147_param_Z 987
+#define OBJ_id_tc26_gost_28147_param_Z OBJ_id_tc26_gost_28147_constants,1L
+
+#define SN_INN "INN"
+#define LN_INN "INN"
+#define NID_INN 988
+#define OBJ_INN OBJ_member_body,643L,3L,131L,1L,1L
+
+#define SN_OGRN "OGRN"
+#define LN_OGRN "OGRN"
+#define NID_OGRN 989
+#define OBJ_OGRN OBJ_member_body,643L,100L,1L
+
+#define SN_SNILS "SNILS"
+#define LN_SNILS "SNILS"
+#define NID_SNILS 990
+#define OBJ_SNILS OBJ_member_body,643L,100L,3L
+
+#define SN_grasshopper_ecb "grasshopper-ecb"
+#define NID_grasshopper_ecb 994
+
+#define SN_grasshopper_ctr "grasshopper-ctr"
+#define NID_grasshopper_ctr 995
+
+#define SN_grasshopper_ofb "grasshopper-ofb"
+#define NID_grasshopper_ofb 996
+
+#define SN_grasshopper_cbc "grasshopper-cbc"
+#define NID_grasshopper_cbc 997
+
+#define SN_grasshopper_cfb "grasshopper-cfb"
+#define NID_grasshopper_cfb 998
+
+#define SN_grasshopper_mac "grasshopper-mac"
+#define NID_grasshopper_mac 999
+
#define SN_camellia_128_cbc "CAMELLIA-128-CBC"
#define LN_camellia_128_cbc "camellia-128-cbc"
#define NID_camellia_128_cbc 751
diff -urN openssl-1.0.2l/crypto/objects/obj_mac.num openssl-1.0.2l-patched/crypto/objects/obj_mac.num
--- openssl-1.0.2l/crypto/objects/obj_mac.num 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_mac.num 2017-06-30 22:32:46.636534513 +1000
@@ -955,3 +955,45 @@
jurisdictionLocalityName 955
jurisdictionStateOrProvinceName 956
jurisdictionCountryName 957
+id_tc26 958
+gost89_cnt_12 959
+gost_mac_12 960
+id_tc26_algorithms 961
+id_tc26_sign 962
+id_GostR3410_2012_256 963
+id_GostR3410_2012_512 964
+id_tc26_digest 965
+id_GostR3411_2012_256 966
+id_GostR3411_2012_512 967
+id_tc26_signwithdigest 968
+id_tc26_signwithdigest_gost3410_2012_256 969
+id_tc26_signwithdigest_gost3410_2012_512 970
+id_tc26_mac 971
+id_tc26_hmac_gost_3411_2012_256 972
+id_tc26_hmac_gost_3411_2012_512 973
+id_tc26_cipher 974
+id_tc26_agreement 975
+id_tc26_agreement_gost_3410_2012_256 976
+id_tc26_agreement_gost_3410_2012_512 977
+id_tc26_constants 978
+id_tc26_sign_constants 979
+id_tc26_gost_3410_2012_512_constants 980
+id_tc26_gost_3410_2012_512_paramSetTest 981
+id_tc26_gost_3410_2012_512_paramSetA 982
+id_tc26_gost_3410_2012_512_paramSetB 983
+id_tc26_digest_constants 984
+id_tc26_cipher_constants 985
+id_tc26_gost_28147_constants 986
+id_tc26_gost_28147_param_Z 987
+INN 988
+OGRN 989
+SNILS 990
+gost89_cbc 991
+gost89_ecb 992
+gost89_ctr 993
+grasshopper_ecb 994
+grasshopper_ctr 995
+grasshopper_ofb 996
+grasshopper_cbc 997
+grasshopper_cfb 998
+grasshopper_mac 999
diff -urN openssl-1.0.2l/crypto/objects/obj_xref.h openssl-1.0.2l-patched/crypto/objects/obj_xref.h
--- openssl-1.0.2l/crypto/objects/obj_xref.h 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_xref.h 2017-06-30 22:32:46.636534513 +1000
@@ -56,6 +56,10 @@
NID_dh_cofactor_kdf},
{NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512,
NID_dh_cofactor_kdf},
+ {NID_id_tc26_signwithdigest_gost3410_2012_256, NID_id_GostR3411_2012_256,
+ NID_id_GostR3410_2012_256},
+ {NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_GostR3411_2012_512,
+ NID_id_GostR3410_2012_512},
};
static const nid_triple *const sigoid_srt_xref[] = {
@@ -96,4 +100,6 @@
&sigoid_srt[26],
&sigoid_srt[27],
&sigoid_srt[28],
+ &sigoid_srt[40],
+ &sigoid_srt[41],
};
diff -urN openssl-1.0.2l/crypto/objects/obj_xref.txt openssl-1.0.2l-patched/crypto/objects/obj_xref.txt
--- openssl-1.0.2l/crypto/objects/obj_xref.txt 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_xref.txt 2017-06-30 22:32:46.637534513 +1000
@@ -44,6 +44,8 @@
id_GostR3411_94_with_GostR3410_94 id_GostR3411_94 id_GostR3410_94
id_GostR3411_94_with_GostR3410_94_cc id_GostR3411_94 id_GostR3410_94_cc
id_GostR3411_94_with_GostR3410_2001_cc id_GostR3411_94 id_GostR3410_2001_cc
+id_tc26_signwithdigest_gost3410_2012_256 id_GostR3411_2012_256 id_GostR3410_2012_256
+id_tc26_signwithdigest_gost3410_2012_512 id_GostR3411_2012_512 id_GostR3410_2012_512
# ECDH KDFs and their corresponding message digests and schemes
dhSinglePass_stdDH_sha1kdf_scheme sha1 dh_std_kdf
dhSinglePass_stdDH_sha224kdf_scheme sha224 dh_std_kdf
diff -urN openssl-1.0.2l/crypto/pkcs12/p12_mutl.c openssl-1.0.2l-patched/crypto/pkcs12/p12_mutl.c
--- openssl-1.0.2l/crypto/pkcs12/p12_mutl.c 2017-05-25 22:54:38.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/pkcs12/p12_mutl.c 2017-06-30 22:32:46.637534513 +1000
@@ -65,6 +65,28 @@
# include <openssl/rand.h>
# include <openssl/pkcs12.h>
+# define TK26_MAC_KEY_LEN 32
+
+static int PKCS12_gen_gost_mac_key(const char *pass, int passlen,
+ const unsigned char *salt, int saltlen,
+ int iter, const EVP_MD *digest, int keylen,
+ unsigned char *key)
+{
+ unsigned char out[96];
+
+ if (keylen != TK26_MAC_KEY_LEN) {
+ return 0;
+ }
+
+ if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,
+ digest, 96, out)) {
+ return 0;
+ }
+ memcpy(key, out + 64, TK26_MAC_KEY_LEN);
+ OPENSSL_cleanse(out, 96);
+ return 1;
+}
+
/* Generate a MAC */
int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
unsigned char *mac, unsigned int *maclen)
@@ -73,7 +95,7 @@
HMAC_CTX hmac;
unsigned char key[EVP_MAX_MD_SIZE], *salt;
int saltlen, iter;
- int md_size;
+ int md_size = 0;
if (!PKCS7_type_is_data(p12->authsafes)) {
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
@@ -93,8 +115,19 @@
md_size = EVP_MD_size(md_type);
if (md_size < 0)
return 0;
- if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
- md_size, key, md_type)) {
+ if ((md_type->type == NID_id_GostR3411_94
+ || md_type->type == NID_id_GostR3411_2012_256
+ || md_type->type == NID_id_GostR3411_2012_512)
+ && !getenv("LEGACY_GOST_PKCS12")) {
+ md_size = TK26_MAC_KEY_LEN;
+ if (!PKCS12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
+ md_type, md_size, key)) {
+ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
+ return 0;
+ }
+ } else
+ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
+ md_size, key, md_type)) {
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
return 0;
}
diff -urN openssl-1.0.2l/crypto/pkcs7/pk7_smime.c openssl-1.0.2l-patched/crypto/pkcs7/pk7_smime.c
--- openssl-1.0.2l/crypto/pkcs7/pk7_smime.c 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/pkcs7/pk7_smime.c 2017-06-30 22:32:46.637534513 +1000
@@ -185,6 +185,8 @@
goto err;
}
if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+ || !add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
+ || !add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
|| !add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
|| !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
|| !add_cipher_smcap(smcap, NID_aes_192_cbc, -1)

61
openssl-1.0.2l-icpbrasil.patch
View file

@ -1,61 +0,0 @@
diff -aur openssl-1.0.2l/crypto/x509v3/v3_alt.c openssl-1.0.2l_patched/crypto/x509v3/v3_alt.c
--- openssl-1.0.2l/crypto/x509v3/v3_alt.c 2017-05-25 14:54:38.000000000 +0200
+++ openssl-1.0.2l_patched/crypto/x509v3/v3_alt.c 2017-05-26 08:33:41.285793387 +0200
@@ -116,9 +116,57 @@
{
unsigned char *p;
char oline[256], htmp[5];
+
+ int rc = 0;
+
+ /* see http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
+ * for the OID definitions and more details
+ * All content is ASN.1 OCTET STRING
+ */
+ /* person related */
+ const char oid_id_pf[] = "2.16.76.1.3.1"; /* person identification data as follows:
+ * birth date: ddmmyyyy (8)
+ * CPF number: (11)
+ * PIS/PASEP number: (11)
+ * RG number: (11)
+ * RG emmitter and state: (6)
+ */
+ const char oid_el_pf[] = "2.16.76.1.3.5"; /* Electoral data:
+ * card number: (11)
+ * electoral zone: (3)
+ * electoral section: (4)
+ * city and state: (22)
+ */
+ /* company related */
+ const char oid_pj_id1[] = "2.16.76.1.3.4"; /* info about the person responsible for the company's certificate:
+ * birth date: ddmmyyyy (8)
+ * CPF number: (11)
+ * PIS/PASEP number: (11)
+ * RG number: (11)
+ * RG emitter and state: (6)
+ */
+ const char oid_pj_name[] = "2.16.76.1.3.2"; /* Name of the person responsible for the company's certificate */
+ const char oid_pj_cnpj[] = "2.16.76.1.3.3"; /* CNPJ number of the company*/
+
int i;
switch (gen->type) {
case GEN_OTHERNAME:
+ rc = OBJ_obj2txt(oline, sizeof(oline), gen->d.otherName->type_id, 1);
+ if (rc)
+ if ((!strncmp(oline, oid_id_pf, sizeof(oid_id_pf))) ||
+ (!strncmp(oline, oid_el_pf, sizeof(oid_el_pf))) ||
+ (!strncmp(oline, oid_pj_id1, sizeof(oid_pj_id1))) ||
+ (!strncmp(oline, oid_pj_name, sizeof(oid_pj_name))) ||
+ (!strncmp(oline, oid_pj_cnpj, sizeof(oid_pj_cnpj))))
+ /* FIXME: is that string always null terminated? */
+ if (!X509V3_add_value("othername", gen->d.otherName->value->value.octet_string->data, &ret))
+ return NULL;
+ else
+ if (!X509V3_add_value("othername","<unsupported>", &ret))
+ return NULL;
+ else
+ if (!X509V3_add_value("othername","<unsupported>", &ret))
+ return NULL;
if (!X509V3_add_value("othername", "<unsupported>", &ret))
return NULL;
break;

30
openssl-alt-e2k-makecontext.patch Normal file
View file

@ -0,0 +1,30 @@
diff --git a/openssl/crypto/async/arch/async_posix.c b/openssl/crypto/async/arch/async_posix.c
index 02c342d..a11f451 100644
--- a/crypto/async/arch/async_posix.c
+++ b/crypto/async/arch/async_posix.c
@@ -40,8 +40,15 @@ int async_fibre_makecontext(async_fibre *fibre)
if (fibre->fibre.uc_stack.ss_sp != NULL) {
fibre->fibre.uc_stack.ss_size = STACKSIZE;
fibre->fibre.uc_link = NULL;
+#ifndef __e2k__
makecontext(&fibre->fibre, async_start_func, 0);
return 1;
+#else
+ if (makecontext_e2k(&fibre->fibre, async_start_func, 0))
+ return 1;
+ else
+ return 0;
+#endif
}
} else {
fibre->fibre.uc_stack.ss_sp = NULL;
@@ -53,6 +60,9 @@ void async_fibre_free(async_fibre *fibre)
{
OPENSSL_free(fibre->fibre.uc_stack.ss_sp);
fibre->fibre.uc_stack.ss_sp = NULL;
+#ifdef __e2k__
+ freecontext_e2k(&fibre->fibre);
+#endif
}
#endif

1
openssl.macros
View file

@ -1 +0,0 @@
%_openssldir @OPENSSLDIR@

307
openssl.spec
View file

@ -1,74 +1,56 @@
%define major 1.0.0 %define major 1.1
%define engines_name %mklibname openssl-engines %{major} %define engines_name %mklibname openssl-engines %{major}
%define libcrypto %mklibname crypto %{major} %define libcrypto %mklibname crypto %{major}
%define libssl %mklibname ssl %{major} %define libssl %mklibname ssl %{major}
%define devname %mklibname openssl -d %define devname %mklibname openssl -d
%define staticname %mklibname openssl -s -d %define staticname %mklibname openssl -s -d
# patchelf 0.9 is buggy so compat libraries are experimental for now
%bcond_without compat
%define major_compat 10
%define libcrypto_compat %mklibname crypto %{major_compat}
%define libssl_compat %mklibname ssl %{major_compat}
%define conflict2 %mklibname openssl 0.9.8
# Number of threads to spawn when testing some threading fixes.
#define thread_test_threads %%{?threads:%%{threads}}%%{!?threads:1}
%define with_krb5 %{?_with_krb5:1}%{!?_with_krb5:0}
# This directory is defined in /usr/bin/openssl-config and %%_rpmmacrodir/*openssl* # This directory is defined in /usr/bin/openssl-config and %%_rpmmacrodir/*openssl*
# during the build. # during the build.
# The purpose is a system-wide definition of this directory # The purpose is a system-wide definition of this directory
# to guarantee consistency across the whole repository. # to guarantee consistency across the whole repository.
%define _openssldir %{_sysconfdir}/pki/tls %define _openssldir %{_sysconfdir}/pki/tls
%define openssl_engines_dir %{_libdir}/engines-%{major}
%define _docs %{expand:
%doc AUTHORS \
%doc CHANGES \
%doc LICENSE \
%doc FAQ \
%doc NEWS \
%doc README \
%doc README.ENGINE
}
Summary: Secure Sockets Layer communications libs & utils Summary: Secure Sockets Layer communications libs & utils
Name: openssl Name: openssl
Version: 1.0.2u Version: 1.1.1g
Release: 4 Release: 1
License: BSD-like License: OpenSSL
Group: System/Libraries Group: System/Libraries
Url: https://www.openssl.org Url: https://www.openssl.org
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
Source1: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz.asc
Source2: Makefile.certificate Source2: Makefile.certificate
Source3: make-dummy-cert Source3: make-dummy-cert
Source4: openssl-thread-test.c Source4: openssl-thread-test.c
Source5: openssl-config Source5: openssl-config
Source6: openssl.macros Patch1: openssl-alt-e2k-makecontext.patch
# Based on https://github.com/gost-engine/engine
# Never remove gost-engine patches
Patch0: openssl-1.0.2l-gost-engine.patch
# Backport GOST 2015 identificators and GOST OIDs for Edwards parameter sets
Patch1: openssl-1.0.2-Backport-GOST-2015-identificators-and-GOST-OIDs-for-.patch
# Handle RPM_OPT_FLAGS in Configure
Patch2: openssl-1.0.2e-optflags.patch
Patch3: openssl-1.0.1c-fix-perlpath.pl
# (oe) support Brazilian Government OTHERNAME X509v3 field (#14158)
# http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
Patch6: openssl-1.0.2l-icpbrasil.patch
Patch7: openssl-1.0.2-defaults.patch
Patch12: openssl-1.0.2-x509.patch
Patch13: openssl-1.0.2-add-engines.patch
Patch302: openssl-1.0.2-enginesdir.patch
Patch303: openssl-0.9.8a-no-rpath.patch
Patch304: openssl-1.0.2-test-use-localhost.patch
BuildRequires: bc BuildRequires: bc
%if %{with compat}
# readelf is used to produce libcrypto.so.10 and libssl.so.10
# needed for compatibility with Fedora/RHEL (Viber etc)
BuildRequires: patchelf >= 0.10-0.20170615.2
%endif
%{?_with_krb5:BuildRequires: krb5-devel}
BuildRequires: sctp-devel BuildRequires: sctp-devel
BuildRequires: pkgconfig(zlib) BuildRequires: pkgconfig(zlib)
# for %%check, ./test/run_tests.pl
BuildRequires: perl-devel
BuildRequires: perl-Module-Load-Conditional
BuildRequires: perl(File::Spec::Functions)
BuildRequires: perl(File::Basename)
BuildRequires: perl(FindBin)
BuildRequires: perl(Test::Harness)
BuildRequires: perl(Test::More)
Requires: %{engines_name} = %{EVRD} Requires: %{engines_name} = %{EVRD}
Requires: perl-base Requires: perl-base
Requires: rootcerts Requires: rootcerts
Provides: /usr/bin/openssl Provides: openssl%{major} = %{EVRD}
Provides: openssl-config Provides: openssl-config = %{EVRD}
%description %description
The openssl certificate management tool and the shared libraries that provide The openssl certificate management tool and the shared libraries that provide
@ -76,8 +58,7 @@ various encryption and decription algorithms and protocols, including DES, RC4,
RSA and SSL. RSA and SSL.
%files %files
%doc FAQ LICENSE NEWS PROBLEMS main-doc-info/README* %_docs
%doc README README.ASN1 README.ENGINE
%dir %{_sysconfdir}/pki %dir %{_sysconfdir}/pki
%dir %{_sysconfdir}/pki/CA %dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private %dir %{_sysconfdir}/pki/CA/private
@ -87,11 +68,13 @@ RSA and SSL.
%dir %{_openssldir}/private %dir %{_openssldir}/private
%dir %{_openssldir}/rootcerts %dir %{_openssldir}/rootcerts
%attr(0644,root,root) %config(noreplace) %{_openssldir}/openssl.cnf %attr(0644,root,root) %config(noreplace) %{_openssldir}/openssl.cnf
%attr(0644,root,root) %config(noreplace) %{_openssldir}/ct_log_list.cnf
%attr(0755,root,root) %{_openssldir}/certs/make-dummy-cert %attr(0755,root,root) %{_openssldir}/certs/make-dummy-cert
%attr(0644,root,root) %{_openssldir}/certs/Makefile %attr(0644,root,root) %{_openssldir}/certs/Makefile
%attr(0755,root,root) %{_openssldir}/misc/* %attr(0755,root,root) %{_openssldir}/misc/*
%attr(0755,root,root) %{_bindir}/* %attr(0755,root,root) %{_bindir}/*
%attr(0644,root,root) %{_mandir}/man[157]/* %attr(0644,root,root) %{_mandir}/man[157]/*
%{_defaultdocdir}/openssl/html/man[157]
#---------------------------------------------------------------------------- #----------------------------------------------------------------------------
@ -99,24 +82,14 @@ RSA and SSL.
Summary: Engines for openssl Summary: Engines for openssl
Group: System/Libraries Group: System/Libraries
Provides: openssl-engines = %{EVRD} Provides: openssl-engines = %{EVRD}
# libgost.so was moved to openssl-gost-engine
%if %rpm5
Requires: %{_lib}openssl-gost-engine%{major}
%else
# We must keep openssl-gost-engine preinstalled in rpm5 platforms.
# But dnf installs recommended deps in more cases then urpmi,
# So let's let users remove gost-engine if needed.
Recommends: %{_lib}openssl-gost-engine%{major}
%endif
%description -n %{engines_name} %description -n %{engines_name}
This package provides engines for openssl. This package provides engines for openssl.
%files -n %{engines_name} %files -n %{engines_name}
%doc FAQ LICENSE NEWS PROBLEMS main-doc-info/README* %_docs
%doc README README.ASN1 README.ENGINE %attr(0755,root,root) %dir %{openssl_engines_dir}/
%attr(0755,root,root) %dir %{_libdir}/openssl-%{major}/engines %attr(0755,root,root) %{openssl_engines_dir}/*.so
%attr(0755,root,root) %{_libdir}/openssl-%{major}/engines/*.so
#---------------------------------------------------------------------------- #----------------------------------------------------------------------------
@ -130,7 +103,7 @@ The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL. and protocols, including DES, RC4, RSA and SSL.
%files -n %{libcrypto} %files -n %{libcrypto}
%doc FAQ LICENSE NEWS PROBLEMS README* %_docs
%{_libdir}/libcrypto.so.%{major}* %{_libdir}/libcrypto.so.%{major}*
#---------------------------------------------------------------------------- #----------------------------------------------------------------------------
@ -138,20 +111,13 @@ and protocols, including DES, RC4, RSA and SSL.
%package -n %{libssl} %package -n %{libssl}
Summary: Secure Sockets Layer communications libs Summary: Secure Sockets Layer communications libs
Group: System/Libraries Group: System/Libraries
Conflicts: %{_lib}openssl1.0.0 < 1.0.1n
Obsoletes: %{_lib}openssl1.0.0 < 1.0.1n
# needed to avoid undefined symbols in rpm (rpm depends on neon library)
Conflicts: %{_lib}neon0.27 < 0.30.1
# needed to avoid undefined symbols in curl and wget as they block update
Conflicts: curl < 1:7.47.1
Conflicts: wget < 1.17.1
%description -n %{libssl} %description -n %{libssl}
The libraries files are needed for various cryptographic algorithms The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL. and protocols, including DES, RC4, RSA and SSL.
%files -n %{libssl} %files -n %{libssl}
%doc FAQ LICENSE NEWS PROBLEMS README* %_docs
%{_libdir}/libssl.so.%{major}* %{_libdir}/libssl.so.%{major}*
#---------------------------------------------------------------------------- #----------------------------------------------------------------------------
@ -161,7 +127,7 @@ Summary: Secure Sockets Layer communications libs & headers & utils
Group: Development/Other Group: Development/Other
Requires: %{libssl} = %{EVRD} Requires: %{libssl} = %{EVRD}
Requires: %{libcrypto} = %{EVRD} Requires: %{libcrypto} = %{EVRD}
Provides: libopenssl-devel Provides: libopenssl-devel = %{EVRD}
Provides: %{name}-devel = %{EVRD} Provides: %{name}-devel = %{EVRD}
%description -n %{devname} %description -n %{devname}
@ -170,12 +136,13 @@ for various cryptographic algorithms and protocols, including DES, RC4, RSA
and SSL. and SSL.
%files -n %{devname} %files -n %{devname}
%doc CHANGES doc/* devel-doc-info/README* %_docs
%dir %{_includedir}/openssl %dir %{_includedir}/openssl
%{_includedir}/openssl/* %{_includedir}/openssl/*
%{_libdir}/libcrypto.so %{_libdir}/libcrypto.so
%{_libdir}/libssl.so %{_libdir}/libssl.so
%{_mandir}/man3/* %{_mandir}/man3/*
%{_defaultdocdir}/openssl/html/man3
%{_libdir}/pkgconfig/* %{_libdir}/pkgconfig/*
%{_rpmmacrodir}/*openssl* %{_rpmmacrodir}/*openssl*
@ -185,7 +152,7 @@ and SSL.
Summary: Secure Sockets Layer communications static libs Summary: Secure Sockets Layer communications static libs
Group: Development/Other Group: Development/Other
Requires: %{devname} = %{EVRD} Requires: %{devname} = %{EVRD}
Provides: libopenssl-static-devel Provides: libopenssl-static-devel = %{EVRD}
Provides: %{name}-static-devel = %{EVRD} Provides: %{name}-static-devel = %{EVRD}
%description -n %{staticname} %description -n %{staticname}
@ -193,64 +160,13 @@ The static libraries needed to compile apps with support for various
cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
%files -n %{staticname} %files -n %{staticname}
%doc FAQ LICENSE NEWS PROBLEMS main-doc-info/README* %_docs
%doc README README.ASN1 README.ENGINE
%attr(0644,root,root) %{_libdir}/lib*.a %attr(0644,root,root) %{_libdir}/lib*.a
#---------------------------------------------------------------------------- #----------------------------------------------------------------------------
%if %{with compat}
%package -n %{libcrypto_compat}
Summary: Secure Sockets Layer communications libs (Fedora compatibility only)
Group: System/Libraries
%description -n %{libcrypto_compat}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.
%files -n %{libcrypto_compat}
%doc FAQ LICENSE NEWS PROBLEMS README*
%{_libdir}/libcrypto.so.%{major_compat}*
%endif
#----------------------------------------------------------------------------
%if %{with compat}
%package -n %{libssl_compat}
Summary: Secure Sockets Layer communications libs (Fedora compatibility only)
Group: System/Libraries
%description -n %{libssl_compat}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.
%files -n %{libssl_compat}
%doc FAQ LICENSE NEWS PROBLEMS README*
%{_libdir}/libssl.so.%{major_compat}*
%endif
#----------------------------------------------------------------------------
%prep %prep
%setup -q %autosetup -p1
%patch0 -p1 -b .gost
%patch1 -p1
%patch2 -p1 -b .optflags
%patch3 -p1 -b .perl
%patch6 -p1 -b .icpbrasil
%patch7 -p1 -b .defaults
%{?_with_krb5:%patch8 -p1 -b .krb5}
%patch12 -p1 -b .x509
%patch13 -p1 -b .version-add-engines
%patch302 -p1 -b .engines
%patch303 -p1 -b .no-rpath
%patch304 -p1 -b .test-use-localhost
perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile
# fix perl path
perl util/perlpath.pl %{_bindir}/perl
cp %{SOURCE2} Makefile.certificate cp %{SOURCE2} Makefile.certificate
cp %{SOURCE3} make-dummy-cert cp %{SOURCE3} make-dummy-cert
@ -271,54 +187,63 @@ fi
%ifarch %{arm} %ifarch %{arm}
sslarch=linux-generic32 sslarch=linux-generic32
%endif %endif
# from ALT
%ifarch riscv64 %{e2k}
sslarch=linux-generic64
%endif
# ia64, x86_64, ppc, ppc64 are OK by default # ia64, x86_64, ppc, ppc64 are OK by default
# Configure the build tree. Override OpenSSL defaults with known-good defaults # Configure the build tree. Override OpenSSL defaults with known-good defaults
# usable on all platforms. The Configure script already knows to use -fPIC and # usable on all platforms. The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here. # RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \ ./Configure \
--openssldir=%{_openssldir} ${sslflags} \ --prefix=%{_prefix} \
--enginesdir=%{_libdir}/openssl-%{major}/engines \ --libdir=%{_libdir} \
--prefix=%{_prefix} --libdir=%{_lib}/ %{?_with_krb5:--with-krb5-flavor=MIT -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}} \ --openssldir=%{_openssldir} \
zlib no-idea no-rc5 enable-camellia enable-seed enable-tlsext enable-rfc3779 enable-cms enable-md2 sctp shared ${sslarch} ${sslflags} \
enable-camellia \
enable-cms \
enable-md2 \
enable-rc5 \
enable-rfc3779 \
enable-sctp \
enable-seed \
enable-ssl3 \
enable-ssl3-method \
no-ec2m \
no-mdc2 \
no-srp \
zlib-dynamic \
shared \
${sslarch}
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be %make all
# marked as not requiring an executable stack.
RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack"
make depend
make all build-shared
# Generate hashes for the included certs.
make rehash build-shared
%check %check
# Verify that what was compiled actually works. # Verify that what was compiled actually works.
export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} export LD_LIBRARY_PATH=%{buildroot}%{_libdir}
# from OMV and ALT
OPENSSL_ENABLE_MD5_VERIFY=
export OPENSSL_ENABLE_MD5_VERIFY
OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
# (mikhailnov) TODO: they fail, fix them?!
rm -f test/recipes/10-test_bn.t
rm -f test/recipes/80-test_ssl_new.t
make test
make -C test apps tests %__cc -o openssl-thread-test \
gcc -o openssl-thread-test \
%{?_with_krb5:`krb5-config --cflags`} \
-I./include \ -I./include \
%{optflags} \ %{optflags} \
openssl-thread-test.c \ openssl-thread-test.c \
-L. -lssl -lcrypto \ -L. -lssl -lcrypto \
%{?_with_krb5:`krb5-config --libs`} \
-lpthread -lz -ldl -lpthread -lz -ldl
./openssl-thread-test --threads %{thread_test_threads} ./openssl-thread-test --threads 4
%install %install
%makeinstall \ %makeinstall_std
INSTALL_PREFIX=%{buildroot} \
MANDIR=%{_mandir} \
build-shared
# the makefiles is too borked...
install -d %{buildroot}%{_libdir}/openssl-%{major}
mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl-%{major}/engines
# make the rootcerts dir # make the rootcerts dir
install -d %{buildroot}%{_openssldir}/rootcerts install -d %{buildroot}%{_openssldir}/rootcerts
@ -330,7 +255,7 @@ install -m0644 Makefile.certificate %{buildroot}%{_openssldir}/certs/Makefile
install -m0755 make-dummy-cert %{buildroot}%{_openssldir}/certs/make-dummy-cert install -m0755 make-dummy-cert %{buildroot}%{_openssldir}/certs/make-dummy-cert
# Pick a CA script. # Pick a CA script.
mv %{buildroot}%{_openssldir}/misc/CA.sh %{buildroot}%{_openssldir}/misc/CA mv %{buildroot}%{_openssldir}/misc/CA.pl %{buildroot}%{_openssldir}/misc/CA
install -d %{buildroot}%{_sysconfdir}/pki/CA install -d %{buildroot}%{_sysconfdir}/pki/CA
install -d %{buildroot}%{_sysconfdir}/pki/CA/private install -d %{buildroot}%{_sysconfdir}/pki/CA/private
@ -338,54 +263,36 @@ install -d %{buildroot}%{_sysconfdir}/pki/CA/private
# openssl was named ssleay in "ancient" times. # openssl was named ssleay in "ancient" times.
ln -snf openssl %{buildroot}%{_bindir}/ssleay ln -snf openssl %{buildroot}%{_bindir}/ssleay
# The man pages rand.3 and passwd.1 conflict with other packages ln -snf openssl %{buildroot}%{_bindir}/openssl%{major}
# Rename them to ssl-* and also make a symlink from openssl-* to ssl-*
mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1
ln -sf ssl-passwd.1%{_extension} %{buildroot}%{_mandir}/man1/openssl-passwd.1%{_extension}
for i in rand err; do # From ALT Linux
mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3 # Rename some man pages, fix references.
ln -snf ssl-$i.3%{_extension} %{buildroot}%{_mandir}/man3/openssl-$i.3%{_extension} for f in passwd.1 config.5; do
name="${f%%.*}"
sect="${f##*.}"
NAME=`printf %%s "$name" |tr '[:lower:]' '[:upper:]'`
sed -i "s/\\<$NAME $sect\\>/SSL&/" %{buildroot}%{_mandir}/man"$sect/$f"
mv -v %{buildroot}%{_mandir}/man"$sect"/{,ssl}"$f"
find %{buildroot}%{_mandir} -type f -print0 |
xargs -r0 grep -FZl "\\fI$name\\fR\\|($sect)" -- |
xargs -r0 subst -p "s/\\\\fI$name\\\\fR\\\\|($sect)/\\\\fIssl$name\\\\fR\\\\|($sect)/" --
find %{buildroot}%{_mandir} -type l |while read link; do
[ "$(readlink -n "$link")" = "$f" ] || continue
ln -sfv "ssl$f" "$link"
done
done done
rm -rf {main,devel}-doc-info
mkdir -p {main,devel}-doc-info
cat - << EOF > main-doc-info/README.Mandriva-manpage
Warning:
The man page of passwd, passwd.1, has been renamed to ssl-passwd.1
to avoid a conflict with passwd.1 man page from the package passwd.
EOF
cat - << EOF > devel-doc-info/README.Mandriva-manpage
Warning:
The man page of rand, rand.3, has been renamed to ssl-rand.3
to avoid a conflict with rand.3 from the package man-pages
The man page of err, err.3, has been renamed to ssl-err.3
to avoid a conflict with err.3 from the package man-pages
EOF
chmod 755 %{buildroot}%{_libdir}/pkgconfig chmod 755 %{buildroot}%{_libdir}/pkgconfig
# strip cannot touch these unless 755 # strip cannot touch these unless 755
chmod 755 %{buildroot}%{_libdir}/openssl-%{major}/engines/*.so* chmod 755 %{buildroot}%{openssl_engines_dir}/*.so*
chmod 755 %{buildroot}%{_libdir}/*.so* chmod 755 %{buildroot}%{_libdir}/*.so*
chmod 755 %{buildroot}%{_bindir}/* chmod 755 %{buildroot}%{_bindir}/*
%if %{with compat}
# RHEL/Fedora compatibility libraries
cp %{buildroot}%{_libdir}/libcrypto.so.%{major} %{buildroot}%{_libdir}/libcrypto.so.%{major_compat}
cp %{buildroot}%{_libdir}/libssl.so.%{major} %{buildroot}%{_libdir}/libssl.so.%{major_compat}
patchelf --set-soname libcrypto.so.%{major_compat} %{buildroot}%{_libdir}/libcrypto.so.%{major_compat}
patchelf --set-soname libssl.so.%{major_compat} %{buildroot}%{_libdir}/libssl.so.%{major_compat}
%endif
# nuke a mistake
rm -f %{buildroot}%{_mandir}/man3/.3
# Fix libdir. # Fix libdir.
pushd %{buildroot}%{_libdir}/pkgconfig pushd %{buildroot}%{_libdir}/pkgconfig
for i in *.pc ; do for i in *.pc ; do
sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' \ sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_libdir},g' \
$i >$i.tmp && \ $i >$i.tmp && \
cat $i.tmp >$i && \ cat $i.tmp >$i && \
rm -f $i.tmp rm -f $i.tmp
@ -397,6 +304,9 @@ perl -pi -e "s|^CATOP=.*|CATOP=%{_openssldir}|g" %{buildroot}%{_openssldir}/misc
perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_openssldir}\";|g" %{buildroot}%{_openssldir}/misc/CA.pl perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_openssldir}\";|g" %{buildroot}%{_openssldir}/misc/CA.pl
perl -pi -e "s|\./demoCA|%{_openssldir}|g" %{buildroot}%{_openssldir}/openssl.cnf perl -pi -e "s|\./demoCA|%{_openssldir}|g" %{buildroot}%{_openssldir}/openssl.cnf
# remove example configs
rm -fv %{buildroot}%{_openssldir}/*.dist
# install openssl-config # install openssl-config
install -m0755 %{SOURCE5} %{buildroot}/%{_bindir}/ install -m0755 %{SOURCE5} %{buildroot}/%{_bindir}/
# define values in openssl-config # define values in openssl-config
@ -409,11 +319,14 @@ sed -i %{buildroot}/%{_bindir}/openssl-config \
# test openssl-config # test openssl-config
[ "$(%{buildroot}/%{_bindir}/openssl-config --openssldir)" = '%{_openssldir}' ] [ "$(%{buildroot}/%{_bindir}/openssl-config --openssldir)" = '%{_openssldir}' ]
# make and install openssl.macros # Having sovers as macros may be useful to check that binaries are linked against OpenSSL
cat %{SOURCE6} | sed -e "s#@OPENSSLDIR@#%{_openssldir}#g" > macros_file # Alike LibreSSL package
%install_macro openssl macros_file cat << EOF > macros.file
# verify openssl.macros %%_openssldir %{_openssldir}
grep -q '%{_openssldir}' %{buildroot}%{_rpmmacrodir}/*openssl* %%openssl_version %{version}
%%openssl_libcrypto_sover %{major}
# is now built in openssl-gost-engines %%openssl_libssl_sover %{major}
rm -fv %{buildroot}%{_libdir}/openssl-%{major}/engines/libgost.so %%openssl_prefix %{_prefix}
%%openssl_engines_dir %{openssl_engines_dir}
EOF
%install_macro openssl macros.file