diff options
author | Timo Teräs <timo.teras@iki.fi> | 2015-06-15 09:04:14 +0300 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2015-06-15 09:04:14 +0300 |
commit | a8bbba3e396f8d330826e427b6ac924823e36034 (patch) | |
tree | 0e195cd3840dcde03f760a3a6a1a685e47beb903 /main/openssl | |
parent | d77c2522f6b3a2dd15ac19a0a846a152c7753f03 (diff) | |
download | aports-a8bbba3e396f8d330826e427b6ac924823e36034.tar.bz2 aports-a8bbba3e396f8d330826e427b6ac924823e36034.tar.xz |
main/openssl: upgrade to 1.0.2c
Diffstat (limited to 'main/openssl')
-rw-r--r-- | main/openssl/0100-fix-hmac-abi.patch | 122 | ||||
-rw-r--r-- | main/openssl/APKBUILD | 12 |
2 files changed, 4 insertions, 130 deletions
diff --git a/main/openssl/0100-fix-hmac-abi.patch b/main/openssl/0100-fix-hmac-abi.patch deleted file mode 100644 index 6f3d187d3a..0000000000 --- a/main/openssl/0100-fix-hmac-abi.patch +++ /dev/null @@ -1,122 +0,0 @@ -From 1030f89f5ea238820645e3d34049eb1bd30e81c4 Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Fri, 12 Jun 2015 13:08:04 +0100 -Subject: [PATCH] Fix ABI break with HMAC - -Recent HMAC changes broke ABI compatibility due to a new field in HMAC_CTX. -This backs that change out, and does it a different way. - -Thanks to Timo Teras for the concept. - -Conflicts: - crypto/hmac/hmac.c - -Reviewed-by: Richard Levitte <levitte@openssl.org> ---- - crypto/hmac/hmac.c | 19 +++++++------------ - crypto/hmac/hmac.h | 1 - - crypto/hmac/hmactest.c | 7 ++++++- - 3 files changed, 13 insertions(+), 14 deletions(-) - -diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c -index 15a9a21..51a0a3e 100644 ---- a/crypto/hmac/hmac.c -+++ b/crypto/hmac/hmac.c -@@ -97,6 +97,9 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - return FIPS_hmac_init_ex(ctx, key, len, md, NULL); - } - #endif -+ /* If we are changing MD then we must have a key */ -+ if (md != NULL && md != ctx->md && (key == NULL || len < 0)) -+ return 0; - - if (md != NULL) { - reset = 1; -@@ -107,9 +110,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - return 0; - } - -- if (!ctx->key_init && key == NULL) -- return 0; -- - if (key != NULL) { - reset = 1; - j = EVP_MD_block_size(md); -@@ -131,7 +131,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - if (ctx->key_length != HMAC_MAX_MD_CBLOCK) - memset(&ctx->key[ctx->key_length], 0, - HMAC_MAX_MD_CBLOCK - ctx->key_length); -- ctx->key_init = 1; - } - - if (reset) { -@@ -169,7 +168,7 @@ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) - if (FIPS_mode() && !ctx->i_ctx.engine) - return FIPS_hmac_update(ctx, data, len); - #endif -- if (!ctx->key_init) -+ if (!ctx->md) - return 0; - - return EVP_DigestUpdate(&ctx->md_ctx, data, len); -@@ -184,7 +183,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) - return FIPS_hmac_final(ctx, md, len); - #endif - -- if (!ctx->key_init) -+ if (!ctx->md) - goto err; - - if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i)) -@@ -205,7 +204,6 @@ void HMAC_CTX_init(HMAC_CTX *ctx) - EVP_MD_CTX_init(&ctx->i_ctx); - EVP_MD_CTX_init(&ctx->o_ctx); - EVP_MD_CTX_init(&ctx->md_ctx); -- ctx->key_init = 0; - ctx->md = NULL; - } - -@@ -217,11 +215,8 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) - goto err; - if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx)) - goto err; -- dctx->key_init = sctx->key_init; -- if (sctx->key_init) { -- memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); -- dctx->key_length = sctx->key_length; -- } -+ memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); -+ dctx->key_length = sctx->key_length; - dctx->md = sctx->md; - return 1; - err: -diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h -index f8e9f5e..b8b55cd 100644 ---- a/crypto/hmac/hmac.h -+++ b/crypto/hmac/hmac.h -@@ -79,7 +79,6 @@ typedef struct hmac_ctx_st { - EVP_MD_CTX o_ctx; - unsigned int key_length; - unsigned char key[HMAC_MAX_MD_CBLOCK]; -- int key_init; - } HMAC_CTX; - - # define HMAC_size(e) (EVP_MD_size((e)->md)) -diff --git a/crypto/hmac/hmactest.c b/crypto/hmac/hmactest.c -index 86b6c25..271d0eb 100644 ---- a/crypto/hmac/hmactest.c -+++ b/crypto/hmac/hmactest.c -@@ -233,7 +233,12 @@ int main(int argc, char *argv[]) - err++; - goto test6; - } -- if (!HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) { -+ if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) { -+ printf("Should disallow changing MD without a new key (test 5)\n"); -+ err++; -+ goto test6; -+ } -+ if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) { - printf("Failed to reinitialise HMAC (test 5)\n"); - err++; - goto test6; diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index 1d3e3dce03..1680dc9635 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Timo Teras <timo.teras@iki.fi> pkgname=openssl -pkgver=1.0.2b +pkgver=1.0.2c pkgrel=0 pkgdesc="Toolkit for SSL v2/v3 and TLS v1" url="http://openssl.org" @@ -25,7 +25,6 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch 0009-no-rpath.patch 0010-ssl-env-zlib.patch - 0100-fix-hmac-abi.patch 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch 1002-backport-changes-from-upstream-padlock-module.patch 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch @@ -118,7 +117,7 @@ libssl() { done } -md5sums="7729b259e2dea7d60b32fc3934d6984b openssl-1.0.2b.tar.gz +md5sums="8c8d81a9ae7005276e486702edbcd4b6 openssl-1.0.2c.tar.gz 0df9ba76033b23ab881216d4f469c81e 0001-fix-manpages.patch 67bdfe450143a41042d2c318003e963a 0002-busybox-basename.patch 84c03f201f55ca7fbfde364cfdfc9cf4 0003-use-termios.patch @@ -129,12 +128,11 @@ md5sums="7729b259e2dea7d60b32fc3934d6984b openssl-1.0.2b.tar.gz 7a2f9c883ecdfca3087062df4a68150a 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch 28e89dd715fc4ed85e747bd7306f2970 0009-no-rpath.patch 742ee13d88b13414248f329a09f9a92d 0010-ssl-env-zlib.patch -fac937e81323b5739d46c46626d102a7 0100-fix-hmac-abi.patch 25091afb907de2b504f8bad6bf70002c 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch aa16c89b283faf0fe546e3f897279c44 1002-backport-changes-from-upstream-padlock-module.patch 57cca845e22c178c3b317010be56edf0 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch 2ac874d1249f5f68d8c7cd58d157d29a 1004-crypto-engine-autoload-padlock-dynamic-engine.patch" -sha256sums="d5d488cc9f0a07974195a7427094ea3cab9800a4e90178b989aa621fbc238e3f openssl-1.0.2b.tar.gz +sha256sums="0038ba37f35a6367c58f17a7a7f687953ef8ce4f9684bbdec63e62515ed36a83 openssl-1.0.2c.tar.gz 4383de0433cb11696346660ae736f120511a7cd0d6ff14543080e0bb93e45ebb 0001-fix-manpages.patch b449fb998b5f60a3a1779ac2f432b2c7f08ae52fc6dfa98bca37d735f863d400 0002-busybox-basename.patch c3e6a9710726dac72e3eeffd78961d3bae67a480f6bde7890e066547da25cdfd 0003-use-termios.patch @@ -145,12 +143,11 @@ c934b5d1a2cb58b5235da2dfee423f0f66bb83e1d479f511b444751899637c37 0007-reimpleme 1030f885dc76f352854a7a95d73e68cfd1479c5f9ee198d6afef6b0755ee1c81 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch 6b7ac5c9db430d9d3e8aaf87e0e95aa8a0ef460517d6563cca24014d4d890fbc 0009-no-rpath.patch fa2e3101ca7c6daed7ea063860d586424be7590b1cec4302bc2beee1a3c6039f 0010-ssl-env-zlib.patch -4674ac44b550971cadc566329acad7e11ee0a2581a1f25d4865a412ad0b4340f 0100-fix-hmac-abi.patch 2eddcb7ab342285cb637ce6b6be143cca835f449f35dd9bb8c7b9167ba2117a7 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260 1002-backport-changes-from-upstream-padlock-module.patch c10b8aaf56a4f4f79ca195fc587e0bb533f643e777d7a3e6fb0350399a6060ea 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch 2f7c850af078a3ae71b2dd38d5d0b3964ea4262e52673e36ff33498cc6223e6c 1004-crypto-engine-autoload-padlock-dynamic-engine.patch" -sha512sums="563eb662113668bb9ccf17a6e36697ad6392321ac1a32aa2cada9d8f4047651c2fa4da61f508ee3e1834fea343dbba189e09c1d6cabe5d1de5e3e6d022c31f4f openssl-1.0.2b.tar.gz +sha512sums="2a68e8b017d0d3e34e4f9d33b77abd960b3d04e418f106e852684a2ff247dc8ea390b7d6a42d130fd84d821a15e84e77b68b3677433433ef5c10d156333b9dae openssl-1.0.2c.tar.gz b7142256c25f208a42078e2cbdd5165aac833f0453fea0915c63d34d8177e4bb01aeb6676d8cadb988539c181a0d21991bb05a5443580053e75bc8c047b7db17 0001-fix-manpages.patch 2244f46cb18e6b98f075051dd2446c47f7590abccd108fbab707f168a20cad8d32220d704635973f09e3b2879f523be5160f1ffbc12ab3900f8a8891dc855c5c 0002-busybox-basename.patch 58e42058a0c8086c49d681b1e226da39a8cf8cb88c51cf739dec2ff12e1bb5d7208ac5033264b186d58e9bdfe992fe9ddb95701d01caf1824396b2cefe30c0a4 0003-use-termios.patch @@ -161,7 +158,6 @@ fc4e383ec85c6543e4e82520904122a5a5601c68042ece1e95a0cae95e02d89174f06f78ba2f8aac 17ad683bb91a3a3c5bcc456c8aed7f0b42414c6de06ebafa4753af93c42d9827c9978a43d4d53d741a45df7f7895c6f6163172af57cc7b391cfd15f45ce6c351 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch 5dbbc01985190ae1254350fb12565beb6abb916b6a7bb1f0f22d9762b1e575d124aaf9aa4cfe5f908e420978f691072d48c61a72660f09dfd6d9a2f83f862bc1 0009-no-rpath.patch 5febe20948e3f12d981e378e1f4ea538711657aacb6865a1aa91339d4a04277e250f490a1f2abc2c6f290bdc2b1bffdba1d00983b4c09f7ea983eef8163f9420 0010-ssl-env-zlib.patch -688a686d4993118d3be95c2cb8e22964af81e58a79ba22ff54d47c925a920996a0d1f8fd02d8f96a034db2351d5b1bc4e61d1e74a733bb254c9fbfdeed1d8d38 0100-fix-hmac-abi.patch 8c181760d7a149aa18d246d50f1c0438ffb63c98677b05306dfc00400ad0429b47d31e7c8d85126005c67f743d23e7a8a81174ffe98556f4caf9cf6b04d9ff17 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch a3555440b5f544bfd6b9ad97557d8f4c1d673f6a35219f65056a72035d186be5f354717ddf9784899b602464d48657b090ade24379552d43af97609c0f48c389 1002-backport-changes-from-upstream-padlock-module.patch 6353c7a94016c20db5d683dde37775f6780952ecdb1a5f39f878d04ba37f6ad79ae10fb6d65d181d912505a5d1e22463004cd855d548b364c00b120da2b0fdbc 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch |