* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2016-01-17 9:01 Mike Frysinger
0 siblings, 0 replies; 21+ messages in thread
From: Mike Frysinger @ 2016-01-17 9:01 UTC (permalink / raw
To: gentoo-commits
commit: 01322765ce0ea72a84f0a4065cbd47e1a750f2c4
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 17 08:44:54 2016 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun Jan 17 09:00:28 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01322765
dev-libs/openssl: fix sparc builds (mostly 64-bit)
dev-libs/openssl/files/gentoo.config-1.0.2 | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.2 b/dev-libs/openssl/files/gentoo.config-1.0.2
index b3f6ced..0528c1c 100755
--- a/dev-libs/openssl/files/gentoo.config-1.0.2
+++ b/dev-libs/openssl/files/gentoo.config-1.0.2
@@ -108,8 +108,13 @@ linux)
# sh64*) machine=elf;;
sh*b*) machine="generic32 -DB_ENDIAN";;
sh*) machine="generic32 -DL_ENDIAN";;
+ # TODO: Might want to do -mcpu probing like glibc to determine a
+ # better default for sparc-linux-gnu targets. This logic will
+ # break v7 and older systems when they use it.
sparc*v7*) machine="generic32 -DB_ENDIAN";;
- sparc64*) machine=sparcv9;;
+ sparc64*) machine=sparcv9 system=linux64;;
+ sparc*v9*) machine=sparcv9;;
+ sparc*v8*) machine=sparcv8;;
sparc*) machine=sparcv8;;
s390x*) machine=s390x system=linux64;;
s390*) machine="generic32 -DB_ENDIAN";;
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2016-02-26 22:51 Doug Goldstein
0 siblings, 0 replies; 21+ messages in thread
From: Doug Goldstein @ 2016-02-26 22:51 UTC (permalink / raw
To: gentoo-commits
commit: b59b7705da30eb4cf4eef69946757fe3d11b763f
Author: Doug Goldstein <cardoe <AT> gentoo <DOT> org>
AuthorDate: Fri Feb 26 22:51:32 2016 +0000
Commit: Doug Goldstein <cardoe <AT> gentoo <DOT> org>
CommitDate: Fri Feb 26 22:51:32 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b59b7705
dev-libs/openssl: remove no longer necessary file
Package-Manager: portage-2.2.26
Signed-off-by: Doug Goldstein <cardoe <AT> gentoo.org>
dev-libs/openssl/files/gentoo.config-1.0.1 | 164 -----------------------------
1 file changed, 164 deletions(-)
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.1 b/dev-libs/openssl/files/gentoo.config-1.0.1
deleted file mode 100644
index 24c995a..0000000
--- a/dev-libs/openssl/files/gentoo.config-1.0.1
+++ /dev/null
@@ -1,164 +0,0 @@
-#!/usr/bin/env bash
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-#
-# Openssl doesn't play along nicely with cross-compiling
-# like autotools based projects, so let's teach it new tricks.
-#
-# Review the bundled 'config' script to see why kind of targets
-# we can pass to the 'Configure' script.
-
-
-# Testing routines
-if [[ $1 == "test" ]] ; then
- for c in \
- "arm-gentoo-linux-uclibc |linux-generic32 -DL_ENDIAN" \
- "armv5b-linux-gnu |linux-armv4 -DB_ENDIAN" \
- "x86_64-pc-linux-gnu |linux-x86_64" \
- "alpha-linux-gnu |linux-alpha-gcc" \
- "alphaev56-unknown-linux-gnu |linux-alpha+bwx-gcc" \
- "i686-pc-linux-gnu |linux-elf" \
- "whatever-gentoo-freebsdX.Y |BSD-generic32" \
- "i686-gentoo-freebsdX.Y |BSD-x86-elf" \
- "sparc64-alpha-freebsdX.Y |BSD-sparc64" \
- "ia64-gentoo-freebsd5.99234 |BSD-ia64" \
- "x86_64-gentoo-freebsdX.Y |BSD-x86_64" \
- "hppa64-aldsF-linux-gnu5.3 |linux-generic32 -DB_ENDIAN" \
- "powerpc-gentOO-linux-uclibc |linux-ppc" \
- "powerpc64-unk-linux-gnu |linux-ppc64" \
- "x86_64-apple-darwinX |darwin64-x86_64-cc" \
- "powerpc64-apple-darwinX |darwin64-ppc-cc" \
- "i686-apple-darwinX |darwin-i386-cc" \
- "i386-apple-darwinX |darwin-i386-cc" \
- "powerpc-apple-darwinX |darwin-ppc-cc" \
- "i586-pc-winnt |winnt-parity" \
- "s390-ibm-linux-gnu |linux-generic32 -DB_ENDIAN" \
- "s390x-linux-gnu |linux64-s390x" \
- ;do
- CHOST=${c/|*}
- ret_want=${c/*|}
- ret_got=$(CHOST=${CHOST} "$0")
-
- if [[ ${ret_want} == "${ret_got}" ]] ; then
- echo "PASS: ${CHOST}"
- else
- echo "FAIL: ${CHOST}"
- echo -e "\twanted: ${ret_want}"
- echo -e "\twe got: ${ret_got}"
- fi
- done
- exit 0
-fi
-[[ -z ${CHOST} && -n $1 ]] && CHOST=$1
-
-
-# Detect the operating system
-case ${CHOST} in
- *-aix*) system="aix";;
- *-darwin*) system="darwin";;
- *-freebsd*) system="BSD";;
- *-hpux*) system="hpux";;
- *-linux*) system="linux";;
- *-solaris*) system="solaris";;
- *-winnt*) system="winnt";;
- x86_64-*-mingw*) system="mingw64";;
- *mingw*) system="mingw";;
- *) exit 0;;
-esac
-
-
-# Compiler munging
-compiler="gcc"
-if [[ ${CC} == "ccc" ]] ; then
- compiler=${CC}
-fi
-
-
-# Detect target arch
-machine=""
-chost_machine=${CHOST%%-*}
-case ${system} in
-linux)
- case ${chost_machine}:${ABI} in
- aarch64*be) machine="generic64 -DB_ENDIAN";;
- aarch64*) machine="generic64 -DL_ENDIAN";;
- alphaev56*|\
- alphaev[678]*)machine=alpha+bwx-${compiler};;
- alpha*) machine=alpha-${compiler};;
- armv[4-9]*b*) machine="armv4 -DB_ENDIAN";;
- armv[4-9]*) machine="armv4 -DL_ENDIAN";;
- arm*b*) machine="generic32 -DB_ENDIAN";;
- arm*) machine="generic32 -DL_ENDIAN";;
- avr*) machine="generic32 -DL_ENDIAN";;
- bfin*) machine="generic32 -DL_ENDIAN";;
- # hppa64*) machine=parisc64;;
- hppa*) machine="generic32 -DB_ENDIAN";;
- i[0-9]86*|\
- x86_64*:x86) machine=elf;;
- ia64*) machine=ia64;;
- m68*) machine="generic32 -DB_ENDIAN";;
- mips*el*) machine="generic32 -DL_ENDIAN";;
- mips*) machine="generic32 -DB_ENDIAN";;
- powerpc64*le) machine="generic64 -DL_ENDIAN";;
- powerpc64*) machine=ppc64;;
- powerpc*le) machine="generic32 -DL_ENDIAN";;
- powerpc*) machine=ppc;;
- # sh64*) machine=elf;;
- sh*b*) machine="generic32 -DB_ENDIAN";;
- sh*) machine="generic32 -DL_ENDIAN";;
- sparc*v7*) machine="generic32 -DB_ENDIAN";;
- sparc64*) machine=sparcv9;;
- sparc*) machine=sparcv8;;
- s390x*) machine=s390x system=linux64;;
- s390*) machine="generic32 -DB_ENDIAN";;
- x86_64*:x32) machine=x32;;
- x86_64*) machine=x86_64;;
- esac
- ;;
-BSD)
- case ${chost_machine} in
- alpha*) machine=generic64;;
- i[6-9]86*) machine=x86-elf;;
- ia64*) machine=ia64;;
- sparc64*) machine=sparc64;;
- x86_64*) machine=x86_64;;
- *) machine=generic32;;
- esac
- ;;
-aix)
- machine=${compiler}
- ;;
-darwin)
- case ${chost_machine} in
- powerpc64) machine=ppc-cc; system=${system}64;;
- powerpc) machine=ppc-cc;;
- i?86*) machine=i386-cc;;
- x86_64) machine=x86_64-cc; system=${system}64;;
- esac
- ;;
-hpux)
- case ${chost_machine} in
- ia64) machine=ia64-${compiler} ;;
- esac
- ;;
-solaris)
- case ${chost_machine} in
- i386) machine=x86-${compiler} ;;
- x86_64*) machine=x86_64-${compiler}; system=${system}64;;
- sparcv9*) machine=sparcv9-${compiler}; system=${system}64;;
- sparc*) machine=sparcv8-${compiler};;
- esac
- ;;
-winnt)
- machine=parity
- ;;
-mingw*)
- # special case ... no xxx-yyy style name
- echo ${system}
- ;;
-esac
-
-
-# If we have something, show it
-[[ -n ${machine} ]] && echo ${system}-${machine}
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2016-08-26 17:56 Mike Gilbert
0 siblings, 0 replies; 21+ messages in thread
From: Mike Gilbert @ 2016-08-26 17:56 UTC (permalink / raw
To: gentoo-commits
commit: 8d3725cf907f13b2243a38cb2a55282db460279f
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 26 17:56:14 2016 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Aug 26 17:56:14 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d3725cf
dev-libs/openssl: fix typo in patch filename
Package-Manager: portage-2.3.0_p22
.../files/{openssl-1.1.01-ldflags.patch => openssl-1.1.0-ldflags.patch} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
diff --git a/dev-libs/openssl/files/openssl-1.1.01-ldflags.patch b/dev-libs/openssl/files/openssl-1.1.0-ldflags.patch
similarity index 100%
rename from dev-libs/openssl/files/openssl-1.1.01-ldflags.patch
rename to dev-libs/openssl/files/openssl-1.1.0-ldflags.patch
^ permalink raw reply [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2018-05-04 7:18 Lars Wendler
0 siblings, 0 replies; 21+ messages in thread
From: Lars Wendler @ 2018-05-04 7:18 UTC (permalink / raw
To: gentoo-commits
commit: 78d4a40a859636e46a150be8f53817faabb29744
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Sat Apr 28 07:58:59 2018 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri May 4 07:18:28 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78d4a40a
dev-libs/openssl: remove unused patch
Closes: https://github.com/gentoo/gentoo/pull/8189
.../files/openssl-1.1.0g-CVE-2017-3738.patch | 77 ----------------------
1 file changed, 77 deletions(-)
diff --git a/dev-libs/openssl/files/openssl-1.1.0g-CVE-2017-3738.patch b/dev-libs/openssl/files/openssl-1.1.0g-CVE-2017-3738.patch
deleted file mode 100644
index 4b01feb8e87..00000000000
--- a/dev-libs/openssl/files/openssl-1.1.0g-CVE-2017-3738.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From e502cc86df9dafded1694fceb3228ee34d11c11a Mon Sep 17 00:00:00 2001
-From: Andy Polyakov <appro@openssl.org>
-Date: Fri, 24 Nov 2017 11:35:50 +0100
-Subject: [PATCH] bn/asm/rsaz-avx2.pl: fix digit correction bug in
- rsaz_1024_mul_avx2.
-
-Credit to OSS-Fuzz for finding this.
-
-CVE-2017-3738
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
----
- crypto/bn/asm/rsaz-avx2.pl | 15 +++++++--------
- 1 file changed, 7 insertions(+), 8 deletions(-)
-
-diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl
-index 0c1b236ef98..46d746b7d0e 100755
---- a/crypto/bn/asm/rsaz-avx2.pl
-+++ b/crypto/bn/asm/rsaz-avx2.pl
-@@ -246,7 +246,7 @@
- vmovdqu 32*8-128($ap), $ACC8
-
- lea 192(%rsp), $tp0 # 64+128=192
-- vpbroadcastq .Land_mask(%rip), $AND_MASK
-+ vmovdqu .Land_mask(%rip), $AND_MASK
- jmp .LOOP_GRANDE_SQR_1024
-
- .align 32
-@@ -1077,10 +1077,10 @@
- vpmuludq 32*6-128($np),$Yi,$TEMP1
- vpaddq $TEMP1,$ACC6,$ACC6
- vpmuludq 32*7-128($np),$Yi,$TEMP2
-- vpblendd \$3, $ZERO, $ACC9, $ACC9 # correct $ACC3
-+ vpblendd \$3, $ZERO, $ACC9, $TEMP1 # correct $ACC3
- vpaddq $TEMP2,$ACC7,$ACC7
- vpmuludq 32*8-128($np),$Yi,$TEMP0
-- vpaddq $ACC9, $ACC3, $ACC3 # correct $ACC3
-+ vpaddq $TEMP1, $ACC3, $ACC3 # correct $ACC3
- vpaddq $TEMP0,$ACC8,$ACC8
-
- mov %rbx, %rax
-@@ -1093,7 +1093,9 @@
- vmovdqu -8+32*2-128($ap),$TEMP2
-
- mov $r1, %rax
-+ vpblendd \$0xfc, $ZERO, $ACC9, $ACC9 # correct $ACC3
- imull $n0, %eax
-+ vpaddq $ACC9,$ACC4,$ACC4 # correct $ACC3
- and \$0x1fffffff, %eax
-
- imulq 16-128($ap),%rbx
-@@ -1329,15 +1331,12 @@
- # But as we underutilize resources, it's possible to correct in
- # each iteration with marginal performance loss. But then, as
- # we do it in each iteration, we can correct less digits, and
--# avoid performance penalties completely. Also note that we
--# correct only three digits out of four. This works because
--# most significant digit is subjected to less additions.
-+# avoid performance penalties completely.
-
- $TEMP0 = $ACC9;
- $TEMP3 = $Bi;
- $TEMP4 = $Yi;
- $code.=<<___;
-- vpermq \$0, $AND_MASK, $AND_MASK
- vpaddq (%rsp), $TEMP1, $ACC0
-
- vpsrlq \$29, $ACC0, $TEMP1
-@@ -1770,7 +1769,7 @@
-
- .align 64
- .Land_mask:
-- .quad 0x1fffffff,0x1fffffff,0x1fffffff,-1
-+ .quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff
- .Lscatter_permd:
- .long 0,2,4,6,7,7,7,7
- .Lgather_permd:
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2018-05-12 20:26 Robin H. Johnson
0 siblings, 0 replies; 21+ messages in thread
From: Robin H. Johnson @ 2018-05-12 20:26 UTC (permalink / raw
To: gentoo-commits
commit: 9fe32836f19db9b4c614e0e6d563ac267ba21e2f
Author: Conrad Kostecki <conrad <AT> kostecki <DOT> com>
AuthorDate: Thu Apr 26 20:18:45 2018 +0000
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sat May 12 20:25:45 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9fe32836
dev-libs/openssl: use aarch64 machine for arm64 arch
Closes: https://bugs.gentoo.org/638926
Package-Manager: Portage-2.3.24, Repoman-2.3.6
(cherry picked from commit d1a9b4ac497aa915d51b40c56f160619c62b801a)
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/7306
dev-libs/openssl/files/gentoo.config-1.0.2 | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.2 b/dev-libs/openssl/files/gentoo.config-1.0.2
index 37b83cc2e7b..d16175e6292 100644
--- a/dev-libs/openssl/files/gentoo.config-1.0.2
+++ b/dev-libs/openssl/files/gentoo.config-1.0.2
@@ -1,5 +1,5 @@
#!/usr/bin/env bash
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
#
# Openssl doesn't play along nicely with cross-compiling
@@ -81,8 +81,8 @@ chost_machine=${CHOST%%-*}
case ${system} in
linux)
case ${chost_machine}:${ABI} in
- aarch64*be*) machine="generic64 -DB_ENDIAN";;
- aarch64*) machine="generic64 -DL_ENDIAN";;
+ aarch64*be*) machine="aarch64 -DB_ENDIAN";;
+ aarch64*) machine="aarch64 -DL_ENDIAN";;
alphaev56*|\
alphaev[678]*)machine=alpha+bwx-${compiler};;
alpha*) machine=alpha-${compiler};;
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2018-10-31 8:06 Lars Wendler
0 siblings, 0 replies; 21+ messages in thread
From: Lars Wendler @ 2018-10-31 8:06 UTC (permalink / raw
To: gentoo-commits
commit: 4fef1113c26ea7ac7fb9be6da77565310908e82a
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Sun Sep 30 12:52:24 2018 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Oct 31 08:06:10 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4fef1113
dev-libs/openssl: remove unused patches
Signed-off-by: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/10026
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
.../files/openssl-1.0.2o-CVE-2018-0732.patch | 39 ---
.../openssl/files/openssl-1.0.2o-hobble-ecc.patch | 290 ---------------------
2 files changed, 329 deletions(-)
diff --git a/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch b/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch
deleted file mode 100644
index 148e7c3bc1a..00000000000
--- a/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 3984ef0b72831da8b3ece4745cac4f8575b19098 Mon Sep 17 00:00:00 2001
-From: Guido Vranken <guidovranken@gmail.com>
-Date: Mon, 11 Jun 2018 19:38:54 +0200
-Subject: [PATCH] Reject excessively large primes in DH key generation.
-
-CVE-2018-0732
-
-Signed-off-by: Guido Vranken <guidovranken@gmail.com>
-
-(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
-
-Reviewed-by: Tim Hudson <tjh@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/6457)
----
- crypto/dh/dh_key.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
-index 387558f1467..f235e0d682b 100644
---- a/crypto/dh/dh_key.c
-+++ b/crypto/dh/dh_key.c
-@@ -130,10 +130,15 @@ static int generate_key(DH *dh)
- int ok = 0;
- int generate_new_key = 0;
- unsigned l;
-- BN_CTX *ctx;
-+ BN_CTX *ctx = NULL;
- BN_MONT_CTX *mont = NULL;
- BIGNUM *pub_key = NULL, *priv_key = NULL;
-
-+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
-+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
-+ return 0;
-+ }
-+
- ctx = BN_CTX_new();
- if (ctx == NULL)
- goto err;
diff --git a/dev-libs/openssl/files/openssl-1.0.2o-hobble-ecc.patch b/dev-libs/openssl/files/openssl-1.0.2o-hobble-ecc.patch
deleted file mode 100644
index e105fe45e45..00000000000
--- a/dev-libs/openssl/files/openssl-1.0.2o-hobble-ecc.patch
+++ /dev/null
@@ -1,290 +0,0 @@
-Port of Fedora's Hobble-EC patches for OpenSSL 1.0 series.
-
-From https://src.fedoraproject.org/git/rpms/openssl.git
-
-Contains parts of the following patches, rediffed. The patches are on various
-different branches.
-f23 openssl-1.0.2c-ecc-suiteb.patch
-f23 openssl-1.0.2a-fips-ec.patch
-f28 openssl-1.1.0-ec-curves.patch
-
-Signed-off-By: Robin H. Johnson <robbat2@gentoo.org>
-
-diff -Nuar --exclude ec_curve.c -p openssl-1.0.2m.hobble/apps/speed.c openssl-1.0.2m.mod/apps/speed.c
---- openssl-1.0.2m.hobble/apps/speed.c 2017-11-02 07:32:57.000000000 -0700
-+++ openssl-1.0.2m.mod/apps/speed.c 2018-06-10 19:00:09.264550382 -0700
-@@ -989,10 +989,7 @@ int MAIN(int argc, char **argv)
- } else
- # endif
- # ifndef OPENSSL_NO_ECDSA
-- if (strcmp(*argv, "ecdsap160") == 0)
-- ecdsa_doit[R_EC_P160] = 2;
-- else if (strcmp(*argv, "ecdsap192") == 0)
-- ecdsa_doit[R_EC_P192] = 2;
-+ if (0) {}
- else if (strcmp(*argv, "ecdsap224") == 0)
- ecdsa_doit[R_EC_P224] = 2;
- else if (strcmp(*argv, "ecdsap256") == 0)
-@@ -1001,36 +998,13 @@ int MAIN(int argc, char **argv)
- ecdsa_doit[R_EC_P384] = 2;
- else if (strcmp(*argv, "ecdsap521") == 0)
- ecdsa_doit[R_EC_P521] = 2;
-- else if (strcmp(*argv, "ecdsak163") == 0)
-- ecdsa_doit[R_EC_K163] = 2;
-- else if (strcmp(*argv, "ecdsak233") == 0)
-- ecdsa_doit[R_EC_K233] = 2;
-- else if (strcmp(*argv, "ecdsak283") == 0)
-- ecdsa_doit[R_EC_K283] = 2;
-- else if (strcmp(*argv, "ecdsak409") == 0)
-- ecdsa_doit[R_EC_K409] = 2;
-- else if (strcmp(*argv, "ecdsak571") == 0)
-- ecdsa_doit[R_EC_K571] = 2;
-- else if (strcmp(*argv, "ecdsab163") == 0)
-- ecdsa_doit[R_EC_B163] = 2;
-- else if (strcmp(*argv, "ecdsab233") == 0)
-- ecdsa_doit[R_EC_B233] = 2;
-- else if (strcmp(*argv, "ecdsab283") == 0)
-- ecdsa_doit[R_EC_B283] = 2;
-- else if (strcmp(*argv, "ecdsab409") == 0)
-- ecdsa_doit[R_EC_B409] = 2;
-- else if (strcmp(*argv, "ecdsab571") == 0)
-- ecdsa_doit[R_EC_B571] = 2;
- else if (strcmp(*argv, "ecdsa") == 0) {
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P224; i < R_EC_P521; i++)
- ecdsa_doit[i] = 1;
- } else
- # endif
- # ifndef OPENSSL_NO_ECDH
-- if (strcmp(*argv, "ecdhp160") == 0)
-- ecdh_doit[R_EC_P160] = 2;
-- else if (strcmp(*argv, "ecdhp192") == 0)
-- ecdh_doit[R_EC_P192] = 2;
-+ if (0) {}
- else if (strcmp(*argv, "ecdhp224") == 0)
- ecdh_doit[R_EC_P224] = 2;
- else if (strcmp(*argv, "ecdhp256") == 0)
-@@ -1039,28 +1013,8 @@ int MAIN(int argc, char **argv)
- ecdh_doit[R_EC_P384] = 2;
- else if (strcmp(*argv, "ecdhp521") == 0)
- ecdh_doit[R_EC_P521] = 2;
-- else if (strcmp(*argv, "ecdhk163") == 0)
-- ecdh_doit[R_EC_K163] = 2;
-- else if (strcmp(*argv, "ecdhk233") == 0)
-- ecdh_doit[R_EC_K233] = 2;
-- else if (strcmp(*argv, "ecdhk283") == 0)
-- ecdh_doit[R_EC_K283] = 2;
-- else if (strcmp(*argv, "ecdhk409") == 0)
-- ecdh_doit[R_EC_K409] = 2;
-- else if (strcmp(*argv, "ecdhk571") == 0)
-- ecdh_doit[R_EC_K571] = 2;
-- else if (strcmp(*argv, "ecdhb163") == 0)
-- ecdh_doit[R_EC_B163] = 2;
-- else if (strcmp(*argv, "ecdhb233") == 0)
-- ecdh_doit[R_EC_B233] = 2;
-- else if (strcmp(*argv, "ecdhb283") == 0)
-- ecdh_doit[R_EC_B283] = 2;
-- else if (strcmp(*argv, "ecdhb409") == 0)
-- ecdh_doit[R_EC_B409] = 2;
-- else if (strcmp(*argv, "ecdhb571") == 0)
-- ecdh_doit[R_EC_B571] = 2;
- else if (strcmp(*argv, "ecdh") == 0) {
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P224; i <= R_EC_P521; i++)
- ecdh_doit[i] = 1;
- } else
- # endif
-@@ -1149,21 +1103,13 @@ int MAIN(int argc, char **argv)
- BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n");
- # endif
- # ifndef OPENSSL_NO_ECDSA
-- BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
-+ BIO_printf(bio_err, "ecdsap224 "
- "ecdsap256 ecdsap384 ecdsap521\n");
-- BIO_printf(bio_err,
-- "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
-- BIO_printf(bio_err,
-- "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
- BIO_printf(bio_err, "ecdsa\n");
- # endif
- # ifndef OPENSSL_NO_ECDH
-- BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 "
-+ BIO_printf(bio_err, "ecdhp224 "
- "ecdhp256 ecdhp384 ecdhp521\n");
-- BIO_printf(bio_err,
-- "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
-- BIO_printf(bio_err,
-- "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
- BIO_printf(bio_err, "ecdh\n");
- # endif
-
-@@ -1242,11 +1188,11 @@ int MAIN(int argc, char **argv)
- for (i = 0; i < DSA_NUM; i++)
- dsa_doit[i] = 1;
- # ifndef OPENSSL_NO_ECDSA
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P224; i <= R_EC_P521; i++)
- ecdsa_doit[i] = 1;
- # endif
- # ifndef OPENSSL_NO_ECDH
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P224; i <= R_EC_P521; i++)
- ecdh_doit[i] = 1;
- # endif
- }
-diff -Nuar --exclude ec_curve.c -p openssl-1.0.2m.hobble/crypto/ec/ecp_smpl.c openssl-1.0.2m.mod/crypto/ec/ecp_smpl.c
---- openssl-1.0.2m.hobble/crypto/ec/ecp_smpl.c 2017-11-02 07:32:57.000000000 -0700
-+++ openssl-1.0.2m.mod/crypto/ec/ecp_smpl.c 2018-06-10 18:45:36.909911848 -0700
-@@ -187,6 +187,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
- return 0;
- }
-
-+ if (BN_num_bits(p) < 224) {
-+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
-+ return 0;
-+ }
-+
- if (ctx == NULL) {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
-diff -Nuar --exclude ec_curve.c -p openssl-1.0.2m.hobble/ssl/t1_lib.c openssl-1.0.2m.mod/ssl/t1_lib.c
---- openssl-1.0.2m.hobble/ssl/t1_lib.c 2017-11-02 07:32:58.000000000 -0700
-+++ openssl-1.0.2m.mod/ssl/t1_lib.c 2018-06-10 18:46:55.329811812 -0700
-@@ -271,10 +271,7 @@ static const unsigned char eccurves_auto
- 0, 23, /* secp256r1 (23) */
- /* Other >= 256-bit prime curves. */
- 0, 25, /* secp521r1 (25) */
-- 0, 28, /* brainpool512r1 (28) */
-- 0, 27, /* brainpoolP384r1 (27) */
- 0, 24, /* secp384r1 (24) */
-- 0, 26, /* brainpoolP256r1 (26) */
- 0, 22, /* secp256k1 (22) */
- # ifndef OPENSSL_NO_EC2M
- /* >= 256-bit binary curves. */
-@@ -292,10 +289,7 @@ static const unsigned char eccurves_all[
- 0, 23, /* secp256r1 (23) */
- /* Other >= 256-bit prime curves. */
- 0, 25, /* secp521r1 (25) */
-- 0, 28, /* brainpool512r1 (28) */
-- 0, 27, /* brainpoolP384r1 (27) */
- 0, 24, /* secp384r1 (24) */
-- 0, 26, /* brainpoolP256r1 (26) */
- 0, 22, /* secp256k1 (22) */
- # ifndef OPENSSL_NO_EC2M
- /* >= 256-bit binary curves. */
-@@ -310,13 +304,6 @@ static const unsigned char eccurves_all[
- * Remaining curves disabled by default but still permitted if set
- * via an explicit callback or parameters.
- */
-- 0, 20, /* secp224k1 (20) */
-- 0, 21, /* secp224r1 (21) */
-- 0, 18, /* secp192k1 (18) */
-- 0, 19, /* secp192r1 (19) */
-- 0, 15, /* secp160k1 (15) */
-- 0, 16, /* secp160r1 (16) */
-- 0, 17, /* secp160r2 (17) */
- # ifndef OPENSSL_NO_EC2M
- 0, 8, /* sect239k1 (8) */
- 0, 6, /* sect233k1 (6) */
-@@ -351,29 +338,21 @@ static const unsigned char fips_curves_d
- 0, 9, /* sect283k1 (9) */
- 0, 10, /* sect283r1 (10) */
- # endif
-- 0, 22, /* secp256k1 (22) */
- 0, 23, /* secp256r1 (23) */
- # ifndef OPENSSL_NO_EC2M
- 0, 8, /* sect239k1 (8) */
- 0, 6, /* sect233k1 (6) */
- 0, 7, /* sect233r1 (7) */
- # endif
-- 0, 20, /* secp224k1 (20) */
-- 0, 21, /* secp224r1 (21) */
- # ifndef OPENSSL_NO_EC2M
- 0, 4, /* sect193r1 (4) */
- 0, 5, /* sect193r2 (5) */
- # endif
-- 0, 18, /* secp192k1 (18) */
-- 0, 19, /* secp192r1 (19) */
- # ifndef OPENSSL_NO_EC2M
- 0, 1, /* sect163k1 (1) */
- 0, 2, /* sect163r1 (2) */
- 0, 3, /* sect163r2 (3) */
- # endif
-- 0, 15, /* secp160k1 (15) */
-- 0, 16, /* secp160r1 (16) */
-- 0, 17, /* secp160r2 (17) */
- };
- # endif
-
-diff -up openssl-1.0.2a/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.2a/crypto/ecdh/ecdhtest.c
---- openssl-1.0.2a/crypto/ecdh/ecdhtest.c.fips-ec 2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/crypto/ecdh/ecdhtest.c 2015-04-22 19:00:19.721884512 +0200
-@@ -501,11 +501,13 @@ int main(int argc, char *argv[])
- goto err;
-
- /* NIST PRIME CURVES TESTS */
-+# if 0
- if (!test_ecdh_curve
- (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out))
- goto err;
- if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out))
- goto err;
-+# endif
- if (!test_ecdh_curve
- (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out))
- goto err;
-@@ -536,13 +538,14 @@ int main(int argc, char *argv[])
- if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out))
- goto err;
- # endif
-+# if 0
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256))
- goto err;
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384))
- goto err;
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512))
- goto err;
--
-+# endif
- ret = 0;
-
- err:
-diff -up openssl-1.0.2a/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.2a/crypto/ecdsa/ecdsatest.c
---- openssl-1.0.2a/crypto/ecdsa/ecdsatest.c.fips-ec 2015-03-19 14:19:00.000000000 +0100
-+++ openssl-1.0.2a/crypto/ecdsa/ecdsatest.c 2015-04-22 19:00:19.722884536 +0200
-@@ -138,11 +138,14 @@ int restore_rand(void)
- }
-
- static int fbytes_counter = 0;
--static const char *numbers[8] = {
-+static const char *numbers[10] = {
-+ "651056770906015076056810763456358567190100156695615665659",
- "651056770906015076056810763456358567190100156695615665659",
- "6140507067065001063065065565667405560006161556565665656654",
- "8763001015071075675010661307616710783570106710677817767166"
- "71676178726717",
-+ "8763001015071075675010661307616710783570106710677817767166"
-+ "71676178726717",
- "7000000175690566466555057817571571075705015757757057795755"
- "55657156756655",
- "1275552191113212300012030439187146164646146646466749494799",
-@@ -158,7 +161,7 @@ int fbytes(unsigned char *buf, int num)
- int ret;
- BIGNUM *tmp = NULL;
-
-- if (fbytes_counter >= 8)
-+ if (fbytes_counter >= 10)
- return 0;
- tmp = BN_new();
- if (!tmp)
-@@ -532,8 +535,10 @@ int main(void)
- RAND_seed(rnd_seed, sizeof(rnd_seed));
-
- /* the tests */
-+# if 0
- if (!x9_62_tests(out))
- goto err;
-+# endif
- if (!test_builtin(out))
- goto err;
-
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2019-11-24 0:44 Aaron Bauman
0 siblings, 0 replies; 21+ messages in thread
From: Aaron Bauman @ 2019-11-24 0:44 UTC (permalink / raw
To: gentoo-commits
commit: addd7f2abcabc67e4fd244d6374dd6945c10713d
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Fri Nov 22 08:17:48 2019 +0000
Commit: Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Sun Nov 24 00:40:20 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=addd7f2a
dev-libs/openssl: remove unused patch
Signed-off-by: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail.com>
Signed-off-by: Aaron Bauman <bman <AT> gentoo.org>
.../openssl/files/openssl-1.0.2p-hobble-ecc.patch | 283 ---------------------
1 file changed, 283 deletions(-)
diff --git a/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch b/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch
deleted file mode 100644
index 3a458a78360..00000000000
--- a/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch
+++ /dev/null
@@ -1,283 +0,0 @@
-Port of Fedora's Hobble-EC patches for OpenSSL 1.0 series.
-
-From https://src.fedoraproject.org/git/rpms/openssl.git
-
-Contains parts of the following patches, rediffed. The patches are on various
-different branches.
-f23 openssl-1.0.2c-ecc-suiteb.patch
-f23 openssl-1.0.2a-fips-ec.patch
-f28 openssl-1.1.0-ec-curves.patch
-
-Signed-off-By: Robin H. Johnson <robbat2@gentoo.org>
-
---- a/apps/speed.c
-+++ b/apps/speed.c
-@@ -989,10 +989,7 @@ int MAIN(int argc, char **argv)
- } else
- # endif
- # ifndef OPENSSL_NO_ECDSA
-- if (strcmp(*argv, "ecdsap160") == 0)
-- ecdsa_doit[R_EC_P160] = 2;
-- else if (strcmp(*argv, "ecdsap192") == 0)
-- ecdsa_doit[R_EC_P192] = 2;
-+ if (0) {}
- else if (strcmp(*argv, "ecdsap224") == 0)
- ecdsa_doit[R_EC_P224] = 2;
- else if (strcmp(*argv, "ecdsap256") == 0)
-@@ -1001,36 +998,13 @@ int MAIN(int argc, char **argv)
- ecdsa_doit[R_EC_P384] = 2;
- else if (strcmp(*argv, "ecdsap521") == 0)
- ecdsa_doit[R_EC_P521] = 2;
-- else if (strcmp(*argv, "ecdsak163") == 0)
-- ecdsa_doit[R_EC_K163] = 2;
-- else if (strcmp(*argv, "ecdsak233") == 0)
-- ecdsa_doit[R_EC_K233] = 2;
-- else if (strcmp(*argv, "ecdsak283") == 0)
-- ecdsa_doit[R_EC_K283] = 2;
-- else if (strcmp(*argv, "ecdsak409") == 0)
-- ecdsa_doit[R_EC_K409] = 2;
-- else if (strcmp(*argv, "ecdsak571") == 0)
-- ecdsa_doit[R_EC_K571] = 2;
-- else if (strcmp(*argv, "ecdsab163") == 0)
-- ecdsa_doit[R_EC_B163] = 2;
-- else if (strcmp(*argv, "ecdsab233") == 0)
-- ecdsa_doit[R_EC_B233] = 2;
-- else if (strcmp(*argv, "ecdsab283") == 0)
-- ecdsa_doit[R_EC_B283] = 2;
-- else if (strcmp(*argv, "ecdsab409") == 0)
-- ecdsa_doit[R_EC_B409] = 2;
-- else if (strcmp(*argv, "ecdsab571") == 0)
-- ecdsa_doit[R_EC_B571] = 2;
- else if (strcmp(*argv, "ecdsa") == 0) {
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P224; i < R_EC_P521; i++)
- ecdsa_doit[i] = 1;
- } else
- # endif
- # ifndef OPENSSL_NO_ECDH
-- if (strcmp(*argv, "ecdhp160") == 0)
-- ecdh_doit[R_EC_P160] = 2;
-- else if (strcmp(*argv, "ecdhp192") == 0)
-- ecdh_doit[R_EC_P192] = 2;
-+ if (0) {}
- else if (strcmp(*argv, "ecdhp224") == 0)
- ecdh_doit[R_EC_P224] = 2;
- else if (strcmp(*argv, "ecdhp256") == 0)
-@@ -1039,28 +1013,8 @@ int MAIN(int argc, char **argv)
- ecdh_doit[R_EC_P384] = 2;
- else if (strcmp(*argv, "ecdhp521") == 0)
- ecdh_doit[R_EC_P521] = 2;
-- else if (strcmp(*argv, "ecdhk163") == 0)
-- ecdh_doit[R_EC_K163] = 2;
-- else if (strcmp(*argv, "ecdhk233") == 0)
-- ecdh_doit[R_EC_K233] = 2;
-- else if (strcmp(*argv, "ecdhk283") == 0)
-- ecdh_doit[R_EC_K283] = 2;
-- else if (strcmp(*argv, "ecdhk409") == 0)
-- ecdh_doit[R_EC_K409] = 2;
-- else if (strcmp(*argv, "ecdhk571") == 0)
-- ecdh_doit[R_EC_K571] = 2;
-- else if (strcmp(*argv, "ecdhb163") == 0)
-- ecdh_doit[R_EC_B163] = 2;
-- else if (strcmp(*argv, "ecdhb233") == 0)
-- ecdh_doit[R_EC_B233] = 2;
-- else if (strcmp(*argv, "ecdhb283") == 0)
-- ecdh_doit[R_EC_B283] = 2;
-- else if (strcmp(*argv, "ecdhb409") == 0)
-- ecdh_doit[R_EC_B409] = 2;
-- else if (strcmp(*argv, "ecdhb571") == 0)
-- ecdh_doit[R_EC_B571] = 2;
- else if (strcmp(*argv, "ecdh") == 0) {
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P224; i <= R_EC_P521; i++)
- ecdh_doit[i] = 1;
- } else
- # endif
-@@ -1149,21 +1103,13 @@ int MAIN(int argc, char **argv)
- BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n");
- # endif
- # ifndef OPENSSL_NO_ECDSA
-- BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
-+ BIO_printf(bio_err, "ecdsap224 "
- "ecdsap256 ecdsap384 ecdsap521\n");
-- BIO_printf(bio_err,
-- "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
-- BIO_printf(bio_err,
-- "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
- BIO_printf(bio_err, "ecdsa\n");
- # endif
- # ifndef OPENSSL_NO_ECDH
-- BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 "
-+ BIO_printf(bio_err, "ecdhp224 "
- "ecdhp256 ecdhp384 ecdhp521\n");
-- BIO_printf(bio_err,
-- "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
-- BIO_printf(bio_err,
-- "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
- BIO_printf(bio_err, "ecdh\n");
- # endif
-
-@@ -1242,11 +1188,11 @@ int MAIN(int argc, char **argv)
- for (i = 0; i < DSA_NUM; i++)
- dsa_doit[i] = 1;
- # ifndef OPENSSL_NO_ECDSA
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P224; i <= R_EC_P521; i++)
- ecdsa_doit[i] = 1;
- # endif
- # ifndef OPENSSL_NO_ECDH
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P224; i <= R_EC_P521; i++)
- ecdh_doit[i] = 1;
- # endif
- }
---- a/crypto/ec/ecp_smpl.c
-+++ b/crypto/ec/ecp_smpl.c
-@@ -187,6 +187,11 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group,
- return 0;
- }
-
-+ if (BN_num_bits(p) < 224) {
-+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
-+ return 0;
-+ }
-+
- if (ctx == NULL) {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
---- a/crypto/ecdh/ecdhtest.c
-+++ b/crypto/ecdh/ecdhtest.c
-@@ -501,11 +501,13 @@ int main(int argc, char *argv[])
- goto err;
-
- /* NIST PRIME CURVES TESTS */
-+# if 0
- if (!test_ecdh_curve
- (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out))
- goto err;
- if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out))
- goto err;
-+# endif
- if (!test_ecdh_curve
- (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out))
- goto err;
-@@ -536,13 +538,14 @@ int main(int argc, char *argv[])
- if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out))
- goto err;
- # endif
-+# if 0
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256))
- goto err;
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384))
- goto err;
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512))
- goto err;
--
-+# endif
- ret = 0;
-
- err:
---- a/crypto/ecdsa/ecdsatest.c
-+++ b/crypto/ecdsa/ecdsatest.c
-@@ -138,9 +138,12 @@ int restore_rand(void)
- }
-
- static int fbytes_counter = 0, use_fake = 0;
--static const char *numbers[8] = {
-+static const char *numbers[10] = {
-+ "651056770906015076056810763456358567190100156695615665659",
- "651056770906015076056810763456358567190100156695615665659",
- "6140507067065001063065065565667405560006161556565665656654",
-+ "8763001015071075675010661307616710783570106710677817767166"
-+ "71676178726717",
- "8763001015071075675010661307616710783570106710677817767166"
- "71676178726717",
- "7000000175690566466555057817571571075705015757757057795755"
-@@ -163,7 +166,7 @@ int fbytes(unsigned char *buf, int num)
-
- use_fake = 0;
-
-- if (fbytes_counter >= 8)
-+ if (fbytes_counter >= 10)
- return 0;
- tmp = BN_new();
- if (!tmp)
-@@ -539,8 +542,10 @@ int main(void)
- RAND_seed(rnd_seed, sizeof(rnd_seed));
-
- /* the tests */
-+# if 0
- if (!x9_62_tests(out))
- goto err;
-+# endif
- if (!test_builtin(out))
- goto err;
-
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -271,10 +271,7 @@ static const unsigned char eccurves_auto[] = {
- 0, 23, /* secp256r1 (23) */
- /* Other >= 256-bit prime curves. */
- 0, 25, /* secp521r1 (25) */
-- 0, 28, /* brainpool512r1 (28) */
-- 0, 27, /* brainpoolP384r1 (27) */
- 0, 24, /* secp384r1 (24) */
-- 0, 26, /* brainpoolP256r1 (26) */
- 0, 22, /* secp256k1 (22) */
- # ifndef OPENSSL_NO_EC2M
- /* >= 256-bit binary curves. */
-@@ -292,10 +289,7 @@ static const unsigned char eccurves_all[] = {
- 0, 23, /* secp256r1 (23) */
- /* Other >= 256-bit prime curves. */
- 0, 25, /* secp521r1 (25) */
-- 0, 28, /* brainpool512r1 (28) */
-- 0, 27, /* brainpoolP384r1 (27) */
- 0, 24, /* secp384r1 (24) */
-- 0, 26, /* brainpoolP256r1 (26) */
- 0, 22, /* secp256k1 (22) */
- # ifndef OPENSSL_NO_EC2M
- /* >= 256-bit binary curves. */
-@@ -310,13 +304,6 @@ static const unsigned char eccurves_all[] = {
- * Remaining curves disabled by default but still permitted if set
- * via an explicit callback or parameters.
- */
-- 0, 20, /* secp224k1 (20) */
-- 0, 21, /* secp224r1 (21) */
-- 0, 18, /* secp192k1 (18) */
-- 0, 19, /* secp192r1 (19) */
-- 0, 15, /* secp160k1 (15) */
-- 0, 16, /* secp160r1 (16) */
-- 0, 17, /* secp160r2 (17) */
- # ifndef OPENSSL_NO_EC2M
- 0, 8, /* sect239k1 (8) */
- 0, 6, /* sect233k1 (6) */
-@@ -351,29 +338,21 @@ static const unsigned char fips_curves_default[] = {
- 0, 9, /* sect283k1 (9) */
- 0, 10, /* sect283r1 (10) */
- # endif
-- 0, 22, /* secp256k1 (22) */
- 0, 23, /* secp256r1 (23) */
- # ifndef OPENSSL_NO_EC2M
- 0, 8, /* sect239k1 (8) */
- 0, 6, /* sect233k1 (6) */
- 0, 7, /* sect233r1 (7) */
- # endif
-- 0, 20, /* secp224k1 (20) */
-- 0, 21, /* secp224r1 (21) */
- # ifndef OPENSSL_NO_EC2M
- 0, 4, /* sect193r1 (4) */
- 0, 5, /* sect193r2 (5) */
- # endif
-- 0, 18, /* secp192k1 (18) */
-- 0, 19, /* secp192r1 (19) */
- # ifndef OPENSSL_NO_EC2M
- 0, 1, /* sect163k1 (1) */
- 0, 2, /* sect163r1 (2) */
- 0, 3, /* sect163r2 (3) */
- # endif
-- 0, 15, /* secp160k1 (15) */
-- 0, 16, /* secp160r1 (16) */
-- 0, 17, /* secp160r2 (17) */
- };
- # endif
-
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2020-04-02 14:56 Mike Gilbert
0 siblings, 0 replies; 21+ messages in thread
From: Mike Gilbert @ 2020-04-02 14:56 UTC (permalink / raw
To: gentoo-commits
commit: 3bbd887ff1dde5c69e81d6985e4d02c1eddb793b
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 2 14:55:31 2020 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Apr 2 14:55:31 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3bbd887f
dev-libs/openssl: handle riscv64
Closes: https://bugs.gentoo.org/715908
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
dev-libs/openssl/files/gentoo.config-1.0.2 | 1 +
1 file changed, 1 insertion(+)
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.2 b/dev-libs/openssl/files/gentoo.config-1.0.2
index d16175e6292..4e88dbabf13 100644
--- a/dev-libs/openssl/files/gentoo.config-1.0.2
+++ b/dev-libs/openssl/files/gentoo.config-1.0.2
@@ -104,6 +104,7 @@ linux)
powerpc64*) machine=ppc64;;
powerpc*le*) machine="generic32 -DL_ENDIAN";;
powerpc*) machine=ppc;;
+ riscv64*) machine="generic64 -DL_ENDIAN";;
# sh64*) machine=elf;;
sh*b*) machine="generic32 -DB_ENDIAN";;
sh*) machine="generic32 -DL_ENDIAN";;
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2020-12-17 14:11 Andreas K. Hüttel
0 siblings, 0 replies; 21+ messages in thread
From: Andreas K. Hüttel @ 2020-12-17 14:11 UTC (permalink / raw
To: gentoo-commits
commit: 887a6ba925e78adef8449a7c8ea6de68278f31b2
Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 17 14:10:25 2020 +0000
Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Thu Dec 17 14:10:52 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=887a6ba9
dev-libs/openssl: Handle riscv32
Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>
dev-libs/openssl/files/gentoo.config-1.0.2 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.2 b/dev-libs/openssl/files/gentoo.config-1.0.2
index 4e88dbabf13..68d7d0ac1fc 100644
--- a/dev-libs/openssl/files/gentoo.config-1.0.2
+++ b/dev-libs/openssl/files/gentoo.config-1.0.2
@@ -1,5 +1,5 @@
#!/usr/bin/env bash
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
#
# Openssl doesn't play along nicely with cross-compiling
@@ -104,6 +104,7 @@ linux)
powerpc64*) machine=ppc64;;
powerpc*le*) machine="generic32 -DL_ENDIAN";;
powerpc*) machine=ppc;;
+ riscv32*) machine="generic32 -DL_ENDIAN";;
riscv64*) machine="generic64 -DL_ENDIAN";;
# sh64*) machine=elf;;
sh*b*) machine="generic32 -DB_ENDIAN";;
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2021-02-12 22:35 Conrad Kostecki
0 siblings, 0 replies; 21+ messages in thread
From: Conrad Kostecki @ 2021-02-12 22:35 UTC (permalink / raw
To: gentoo-commits
commit: 999c48f939670b8b499ddad74492db20e44b0c91
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Fri Feb 12 13:55:14 2021 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Fri Feb 12 22:35:46 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=999c48f9
dev-libs/openssl: remove unused patch
Closes: https://github.com/gentoo/gentoo/pull/19426
Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
.../openssl/files/openssl-1.0.2a-x32-asm.patch | 43 ----------------------
1 file changed, 43 deletions(-)
diff --git a/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch b/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch
deleted file mode 100644
index 3a005c9b099..00000000000
--- a/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
-
-From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sat, 21 Mar 2015 06:01:25 -0400
-Subject: [PATCH] crypto: use bigint in x86-64 perl
-
-When building on x32 systems where the default type is 32bit, make sure
-we can transparently represent 64bit integers. Otherwise we end up with
-build errors like:
-/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
-Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
-...
-ghash-x86_64.s: Assembler messages:
-ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
-
-We don't enable this globally as there are some cases where we'd get
-32bit values interpreted as unsigned when we need them as signed.
-
-Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
-URL: https://bugs.gentoo.org/542618
----
- crypto/perlasm/x86_64-xlate.pl | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
-index aae8288..0bf9774 100755
---- a/crypto/perlasm/x86_64-xlate.pl
-+++ b/crypto/perlasm/x86_64-xlate.pl
-@@ -195,6 +195,10 @@ my %globals;
- sub out {
- my $self = shift;
-
-+ # When building on x32 ABIs, the expanded hex value might be too
-+ # big to fit into 32bits. Enable transparent 64bit support here
-+ # so we can safely print it out.
-+ use bigint;
- if ($gas) {
- # Solaris /usr/ccs/bin/as can't handle multiplications
- # in $self->{value}
---
-2.3.3
-
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2022-04-25 10:11 WANG Xuerui
0 siblings, 0 replies; 21+ messages in thread
From: WANG Xuerui @ 2022-04-25 10:11 UTC (permalink / raw
To: gentoo-commits
commit: 41b5bf45a83c26b663aa9ea9c4e290e5ee018622
Author: WANG Xuerui <xen0n <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 25 04:16:06 2022 +0000
Commit: WANG Xuerui <xen0n <AT> gentoo <DOT> org>
CommitDate: Mon Apr 25 10:11:17 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=41b5bf45
dev-libs/openssl: fix build on loong
Just treat loongarch64 targets as generic64 for now.
This has been inside loongson-overlay for a while, and is tested on real
loong hardware.
See: https://github.com/gentoo/gentoo/pull/25189
Acked-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>
Signed-off-by: WANG Xuerui <xen0n <AT> gentoo.org>
dev-libs/openssl/files/gentoo.config-1.0.2 | 1 +
1 file changed, 1 insertion(+)
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.2 b/dev-libs/openssl/files/gentoo.config-1.0.2
index 68d7d0ac1fc1..caa569588f3c 100644
--- a/dev-libs/openssl/files/gentoo.config-1.0.2
+++ b/dev-libs/openssl/files/gentoo.config-1.0.2
@@ -97,6 +97,7 @@ linux)
i[0-9]86*|\
x86_64*:x86) machine=elf;;
ia64*) machine=ia64;;
+ loongarch64*) machine="generic64 -DL_ENDIAN";;
m68*) machine="generic32 -DB_ENDIAN";;
mips*el*) machine="generic32 -DL_ENDIAN";;
mips*) machine="generic32 -DB_ENDIAN";;
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2022-08-19 23:00 Sam James
0 siblings, 0 replies; 21+ messages in thread
From: Sam James @ 2022-08-19 23:00 UTC (permalink / raw
To: gentoo-commits
commit: 3b94f6daf15da0b5fd7142881663030d1c1a1dd2
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Fri Aug 19 18:41:11 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Aug 19 22:52:58 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3b94f6da
dev-libs/openssl: remove unused patches
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Closes: https://github.com/gentoo/gentoo/pull/26928
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../openssl-3.0.4-avx512-buffer-overflow.patch | 34 ----------------
.../files/openssl-3.0.4-fix-test-build.patch | 46 ----------------------
2 files changed, 80 deletions(-)
diff --git a/dev-libs/openssl/files/openssl-3.0.4-avx512-buffer-overflow.patch b/dev-libs/openssl/files/openssl-3.0.4-avx512-buffer-overflow.patch
deleted file mode 100644
index c72e958ff535..000000000000
--- a/dev-libs/openssl/files/openssl-3.0.4-avx512-buffer-overflow.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-https://github.com/openssl/openssl/commit/a1f7034bbd8f0730d360211f5ba0feeaef0b7b2c
-https://github.com/openssl/openssl/issues/18625
-
-From a1f7034bbd8f0730d360211f5ba0feeaef0b7b2c Mon Sep 17 00:00:00 2001
-From: Xi Ruoyao <xry111@xry111.site>
-Date: Wed, 22 Jun 2022 18:07:05 +0800
-Subject: [PATCH] rsa: fix bn_reduce_once_in_place call for
- rsaz_mod_exp_avx512_x2
-
-bn_reduce_once_in_place expects the number of BN_ULONG, but factor_size
-is moduli bit size.
-
-Fixes #18625.
-
-Signed-off-by: Xi Ruoyao <xry111@xry111.site>
-
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-Reviewed-by: Paul Dale <pauli@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/18626)
-
-(cherry picked from commit 4d8a88c134df634ba610ff8db1eb8478ac5fd345)
---- a/crypto/bn/rsaz_exp_x2.c
-+++ b/crypto/bn/rsaz_exp_x2.c
-@@ -220,6 +220,9 @@ int ossl_rsaz_mod_exp_avx512_x2(BN_ULONG *res1,
- from_words52(res1, factor_size, rr1_red);
- from_words52(res2, factor_size, rr2_red);
-
-+ /* bn_reduce_once_in_place expects number of BN_ULONG, not bit size */
-+ factor_size /= sizeof(BN_ULONG) * 8;
-+
- bn_reduce_once_in_place(res1, /*carry=*/0, m1, storage, factor_size);
- bn_reduce_once_in_place(res2, /*carry=*/0, m2, storage, factor_size);
-
-
diff --git a/dev-libs/openssl/files/openssl-3.0.4-fix-test-build.patch b/dev-libs/openssl/files/openssl-3.0.4-fix-test-build.patch
deleted file mode 100644
index f96e54f3127e..000000000000
--- a/dev-libs/openssl/files/openssl-3.0.4-fix-test-build.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-https://github.com/openssl/openssl/issues/18619
-https://github.com/openssl/openssl/pull/18634
-https://github.com/openssl/openssl/commit/665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232
-
-From 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232 Mon Sep 17 00:00:00 2001
-From: Bernd Edlinger <bernd.edlinger@hotmail.de>
-Date: Fri, 17 Jun 2022 10:25:24 +0200
-Subject: [PATCH] Fix compile issues in test/v3ext.c with no-rfc3779
-
-There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
-therefore the test cannot be compiled.
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-Reviewed-by: Paul Dale <pauli@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/18634)
-
-(cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe)
---- a/test/v3ext.c
-+++ b/test/v3ext.c
-@@ -37,6 +37,7 @@ static int test_pathlen(void)
- return ret;
- }
-
-+#ifndef OPENSSL_NO_RFC3779
- static int test_asid(void)
- {
- ASN1_INTEGER *val1 = NULL, *val2 = NULL;
-@@ -113,6 +114,7 @@ static int test_asid(void)
- ASIdentifiers_free(asid4);
- return testresult;
- }
-+#endif /* OPENSSL_NO_RFC3779 */
-
- OPT_TEST_DECLARE_USAGE("cert.pem\n")
-
-@@ -127,6 +129,8 @@ int setup_tests(void)
- return 0;
-
- ADD_TEST(test_pathlen);
-+#ifndef OPENSSL_NO_RFC3779
- ADD_TEST(test_asid);
-+#endif /* OPENSSL_NO_RFC3779 */
- return 1;
- }
-
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2023-02-08 17:17 Sam James
0 siblings, 0 replies; 21+ messages in thread
From: Sam James @ 2023-02-08 17:17 UTC (permalink / raw
To: gentoo-commits
commit: 9ecc3b0650d539516074b2659b543d175de4199f
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Wed Feb 8 16:49:57 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Feb 8 17:14:42 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ecc3b06
dev-libs/openssl: remove unused patch
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Closes: https://github.com/gentoo/gentoo/pull/29488
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../openssl/files/openssl-3.0.5-test-memcmp.patch | 24 ----------------------
1 file changed, 24 deletions(-)
diff --git a/dev-libs/openssl/files/openssl-3.0.5-test-memcmp.patch b/dev-libs/openssl/files/openssl-3.0.5-test-memcmp.patch
deleted file mode 100644
index fc84d82e87da..000000000000
--- a/dev-libs/openssl/files/openssl-3.0.5-test-memcmp.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-https://github.com/openssl/openssl/pull/18719
-
-From 7f58de577c05ae0bbd20eee9b2971cfa1cd062c8 Mon Sep 17 00:00:00 2001
-From: Gregor Jasny <gjasny@googlemail.com>
-Date: Tue, 5 Jul 2022 12:57:06 +0200
-Subject: [PATCH] Add missing header for memcmp
-
-CLA: trivial
----
- test/v3ext.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/test/v3ext.c b/test/v3ext.c
-index 926f3884b138..a8ab64b2714b 100644
---- a/test/v3ext.c
-+++ b/test/v3ext.c
-@@ -8,6 +8,7 @@
- */
-
- #include <stdio.h>
-+#include <string.h>
- #include <openssl/x509.h>
- #include <openssl/x509v3.h>
- #include <openssl/pem.h>
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2023-02-22 19:34 Mike Gilbert
0 siblings, 0 replies; 21+ messages in thread
From: Mike Gilbert @ 2023-02-22 19:34 UTC (permalink / raw
To: gentoo-commits
commit: d9d631a188bd27b62082fd93a7f434b00e458b1b
Author: Nicholas Vinson <nvinson234 <AT> gmail <DOT> com>
AuthorDate: Wed Feb 22 00:57:55 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Feb 22 19:29:31 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9d631a1
dev-libs/openssl: gentoo.config-1.0.4 clang fix
Update gentoo.config-1.0.4 to better support clang compiler toolchains
Closes: https://bugs.gentoo.org/885901
Signed-off-by: Nicholas Vinson <nvinson234 <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/29711
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
dev-libs/openssl/files/gentoo.config-1.0.4 | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.4 b/dev-libs/openssl/files/gentoo.config-1.0.4
index 573a97de3543..79f6331f090c 100644
--- a/dev-libs/openssl/files/gentoo.config-1.0.4
+++ b/dev-libs/openssl/files/gentoo.config-1.0.4
@@ -77,7 +77,9 @@ fi
# Detect target arch
machine=""
+submachine=""
chost_machine=${CHOST%%-*}
+[[ ${CC} == *clang* ]] && submachine="-clang"
case ${system} in
linux)
case ${chost_machine}:${ABI} in
@@ -95,7 +97,7 @@ linux)
# hppa64*) machine=parisc64;;
hppa*) machine="generic32 -DB_ENDIAN";;
i[0-9]86*|\
- x86_64*:x86) machine=x86;;
+ x86_64*:x86) machine=x86${submachine};;
ia64*) machine=ia64;;
loongarch64*) machine="loongarch64 -DL_ENDIAN" system=linux64;;
m68*) machine="latomic -DB_ENDIAN";;
@@ -125,7 +127,7 @@ linux)
s390x*) machine=s390x system=linux64;;
s390*) machine="generic32 -DB_ENDIAN";;
x86_64*:x32) machine=x32;;
- x86_64*) machine=x86_64;;
+ x86_64*) machine=x86_64${submachine};;
esac
;;
BSD)
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2023-03-19 3:22 Sam James
0 siblings, 0 replies; 21+ messages in thread
From: Sam James @ 2023-03-19 3:22 UTC (permalink / raw
To: gentoo-commits
commit: abfaca134102918ed6904bdd2ed08b6ea3949739
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Thu Mar 16 17:14:50 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Mar 19 03:12:42 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=abfaca13
dev-libs/openssl: remove unused file
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Closes: https://github.com/gentoo/gentoo/pull/30156
Signed-off-by: Sam James <sam <AT> gentoo.org>
dev-libs/openssl/files/gentoo.config-1.0.3 | 172 -----------------------------
1 file changed, 172 deletions(-)
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.3 b/dev-libs/openssl/files/gentoo.config-1.0.3
deleted file mode 100644
index 0662f72b6d80..000000000000
--- a/dev-libs/openssl/files/gentoo.config-1.0.3
+++ /dev/null
@@ -1,172 +0,0 @@
-#!/usr/bin/env bash
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-#
-# Openssl doesn't play along nicely with cross-compiling
-# like autotools based projects, so let's teach it new tricks.
-#
-# Review the bundled 'config' script to see why kind of targets
-# we can pass to the 'Configure' script.
-
-
-# Testing routines
-if [[ $1 == "test" ]] ; then
- for c in \
- "arm-gentoo-linux-uclibc |linux-generic32 -DL_ENDIAN" \
- "armv5b-linux-gnu |linux-armv4 -DB_ENDIAN" \
- "x86_64-pc-linux-gnu |linux-x86_64" \
- "alpha-linux-gnu |linux-alpha-gcc" \
- "alphaev56-unknown-linux-gnu |linux-alpha+bwx-gcc" \
- "i686-pc-linux-gnu |linux-elf" \
- "whatever-gentoo-freebsdX.Y |BSD-generic32" \
- "i686-gentoo-freebsdX.Y |BSD-x86-elf" \
- "sparc64-alpha-freebsdX.Y |BSD-sparc64" \
- "ia64-gentoo-freebsd5.99234 |BSD-ia64" \
- "x86_64-gentoo-freebsdX.Y |BSD-x86_64" \
- "hppa64-aldsF-linux-gnu5.3 |linux-generic32 -DB_ENDIAN" \
- "powerpc-gentOO-linux-uclibc |linux-ppc" \
- "powerpc64-unk-linux-gnu |linux-ppc64" \
- "powerpc64le-linux-gnu |linux-ppc64le" \
- "x86_64-apple-darwinX |darwin64-x86_64-cc" \
- "powerpc64-apple-darwinX |darwin64-ppc-cc" \
- "i686-apple-darwinX |darwin-i386-cc" \
- "i386-apple-darwinX |darwin-i386-cc" \
- "powerpc-apple-darwinX |darwin-ppc-cc" \
- "i586-pc-winnt |winnt-parity" \
- "s390-ibm-linux-gnu |linux-generic32 -DB_ENDIAN" \
- "s390x-linux-gnu |linux64-s390x" \
- ;do
- CHOST=${c/|*}
- ret_want=${c/*|}
- ret_got=$(CHOST=${CHOST} "$0")
-
- if [[ ${ret_want} == "${ret_got}" ]] ; then
- echo "PASS: ${CHOST}"
- else
- echo "FAIL: ${CHOST}"
- echo -e "\twanted: ${ret_want}"
- echo -e "\twe got: ${ret_got}"
- fi
- done
- exit 0
-fi
-[[ -z ${CHOST} && -n $1 ]] && CHOST=$1
-
-
-# Detect the operating system
-case ${CHOST} in
- *-aix*) system="aix";;
- *-darwin*) system="darwin";;
- *-freebsd*) system="BSD";;
- *-hpux*) system="hpux";;
- *-linux*) system="linux";;
- *-solaris*) system="solaris";;
- *-winnt*) system="winnt";;
- x86_64-*-mingw*) system="mingw64";;
- *mingw*) system="mingw";;
- *) exit 0;;
-esac
-
-
-# Compiler munging
-compiler="gcc"
-if [[ ${CC} == "ccc" ]] ; then
- compiler=${CC}
-fi
-
-
-# Detect target arch
-machine=""
-chost_machine=${CHOST%%-*}
-case ${system} in
-linux)
- case ${chost_machine}:${ABI} in
- aarch64*be*) machine="aarch64 -DB_ENDIAN";;
- aarch64*) machine="aarch64 -DL_ENDIAN";;
- alphaev56*|\
- alphaev[678]*)machine=alpha+bwx-${compiler};;
- alpha*) machine=alpha-${compiler};;
- armv[4-9]*b*) machine="armv4 -DB_ENDIAN";;
- armv[4-9]*) machine="armv4 -DL_ENDIAN";;
- arm*b*) machine="generic32 -DB_ENDIAN";;
- arm*) machine="generic32 -DL_ENDIAN";;
- avr*) machine="generic32 -DL_ENDIAN";;
- bfin*) machine="generic32 -DL_ENDIAN";;
- # hppa64*) machine=parisc64;;
- hppa*) machine="generic32 -DB_ENDIAN";;
- i[0-9]86*|\
- x86_64*:x86) machine=elf;;
- ia64*) machine=ia64;;
- loongarch64*) machine="generic64 -DL_ENDIAN";;
- m68*) machine="latomic -DB_ENDIAN";;
- mips*el*) machine="generic32 -DL_ENDIAN";;
- mips*) machine="generic32 -DB_ENDIAN";;
- powerpc64*le*)machine=ppc64le;;
- powerpc64*) machine=ppc64;;
- powerpc*le*) machine="generic32 -DL_ENDIAN";;
- powerpc*) machine=ppc;;
- riscv32*) machine="generic32 -DL_ENDIAN";;
- riscv64*) machine="generic64 -DL_ENDIAN";;
- # sh64*) machine=elf;;
- sh*b*) machine="generic32 -DB_ENDIAN";;
- sh*) machine="generic32 -DL_ENDIAN";;
- # TODO: Might want to do -mcpu probing like glibc to determine a
- # better default for sparc-linux-gnu targets. This logic will
- # break v7 and older systems when they use it.
- sparc*v7*) machine="generic32 -DB_ENDIAN";;
- sparc64*) machine=sparcv9 system=linux64;;
- sparc*v9*) machine=sparcv9;;
- sparc*v8*) machine=sparcv8;;
- sparc*) machine=sparcv8;;
- s390x*) machine=s390x system=linux64;;
- s390*) machine="generic32 -DB_ENDIAN";;
- x86_64*:x32) machine=x32;;
- x86_64*) machine=x86_64;;
- esac
- ;;
-BSD)
- case ${chost_machine} in
- alpha*) machine=generic64;;
- i[6-9]86*) machine=x86-elf;;
- ia64*) machine=ia64;;
- sparc64*) machine=sparc64;;
- x86_64*) machine=x86_64;;
- *) machine=generic32;;
- esac
- ;;
-aix)
- machine=${compiler}
- ;;
-darwin)
- case ${chost_machine} in
- powerpc64) machine=ppc-cc; system=${system}64;;
- powerpc) machine=ppc-cc;;
- i?86*) machine=i386-cc;;
- x86_64) machine=x86_64-cc; system=${system}64;;
- esac
- ;;
-hpux)
- case ${chost_machine} in
- ia64) machine=ia64-${compiler} ;;
- esac
- ;;
-solaris)
- case ${chost_machine} in
- i386) machine=x86-${compiler} ;;
- x86_64*) machine=x86_64-${compiler}; system=${system}64;;
- sparcv9*) machine=sparcv9-${compiler}; system=${system}64;;
- sparc*) machine=sparcv8-${compiler};;
- esac
- ;;
-winnt)
- machine=parity
- ;;
-mingw*)
- # special case ... no xxx-yyy style name
- echo ${system}
- ;;
-esac
-
-
-# If we have something, show it
-[[ -n ${machine} ]] && echo ${system}-${machine}
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2023-05-25 14:59 Mike Gilbert
0 siblings, 0 replies; 21+ messages in thread
From: Mike Gilbert @ 2023-05-25 14:59 UTC (permalink / raw
To: gentoo-commits
commit: 08dbfd4976e7cf1eb03ea520327769a96e877c4d
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu May 25 14:57:07 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu May 25 14:58:42 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08dbfd49
dev-libs/openssl: add support for big-endian RISC-V
Closes: https://bugs.gentoo.org/904751
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
dev-libs/openssl/files/gentoo.config-1.0.4 | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.4 b/dev-libs/openssl/files/gentoo.config-1.0.4
index 79f6331f090c..ef1c6f1768a1 100644
--- a/dev-libs/openssl/files/gentoo.config-1.0.4
+++ b/dev-libs/openssl/files/gentoo.config-1.0.4
@@ -1,5 +1,5 @@
#!/usr/bin/env bash
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
#
# Openssl doesn't play along nicely with cross-compiling
@@ -111,7 +111,9 @@ linux)
powerpc64*) machine=ppc64;;
powerpc*le*) machine="generic32 -DL_ENDIAN";;
powerpc*) machine=ppc;;
+ riscv32be*) machine="generic32 -DB_ENDIAN";;
riscv32*) machine="generic32 -DL_ENDIAN";;
+ riscv64be*) machine="riscv64 -DB_ENDIAN" system=linux64;;
riscv64*) machine="riscv64 -DL_ENDIAN" system=linux64;;
# sh64*) machine=elf;;
sh*b*) machine="generic32 -DB_ENDIAN";;
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2023-10-04 21:45 Conrad Kostecki
0 siblings, 0 replies; 21+ messages in thread
From: Conrad Kostecki @ 2023-10-04 21:45 UTC (permalink / raw
To: gentoo-commits
commit: bb6f84dc03496525a2a87ca05b91e72cd560b991
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Wed Oct 4 15:46:33 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Wed Oct 4 21:44:27 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb6f84dc
dev-libs/openssl: remove unused patches
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Closes: https://github.com/gentoo/gentoo/pull/33190
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
.../files/openssl-3.1.1-CVE-2023-2975.patch | 110 -------------------
.../files/openssl-3.1.1-CVE-2023-3446.patch | 121 ---------------------
2 files changed, 231 deletions(-)
diff --git a/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-2975.patch b/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-2975.patch
deleted file mode 100644
index 5abf60737dbd..000000000000
--- a/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-2975.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-https://github.com/openssl/openssl/commit/6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc
-https://github.com/openssl/openssl/commit/76214c4a8f3374b786811fdfeda3d98690f8faf4
-
-From 6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Tue, 4 Jul 2023 17:30:35 +0200
-Subject: [PATCH] Do not ignore empty associated data with AES-SIV mode
-
-The AES-SIV mode allows for multiple associated data items
-authenticated separately with any of these being 0 length.
-
-The provided implementation ignores such empty associated data
-which is incorrect in regards to the RFC 5297 and is also
-a security issue because such empty associated data then become
-unauthenticated if an application expects to authenticate them.
-
-Fixes CVE-2023-2975
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-Reviewed-by: Paul Dale <pauli@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/21384)
-
-(cherry picked from commit c426c281cfc23ab182f7d7d7a35229e7db1494d9)
---- a/providers/implementations/ciphers/cipher_aes_siv.c
-+++ b/providers/implementations/ciphers/cipher_aes_siv.c
-@@ -120,14 +120,18 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl,
- if (!ossl_prov_is_running())
- return 0;
-
-- if (inl == 0) {
-- *outl = 0;
-- return 1;
-- }
-+ /* Ignore just empty encryption/decryption call and not AAD. */
-+ if (out != NULL) {
-+ if (inl == 0) {
-+ if (outl != NULL)
-+ *outl = 0;
-+ return 1;
-+ }
-
-- if (outsize < inl) {
-- ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
-- return 0;
-+ if (outsize < inl) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
-+ return 0;
-+ }
- }
-
- if (ctx->hw->cipher(ctx, out, in, inl) <= 0)
-
-From 76214c4a8f3374b786811fdfeda3d98690f8faf4 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Tue, 4 Jul 2023 17:50:37 +0200
-Subject: [PATCH] Add testcases for empty associated data entries with AES-SIV
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-Reviewed-by: Paul Dale <pauli@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/21384)
-
-(cherry picked from commit 3993bb0c0c87e3ed0ab4274e4688aa814e164cfc)
---- a/test/recipes/30-test_evp_data/evpciph_aes_siv.txt
-+++ b/test/recipes/30-test_evp_data/evpciph_aes_siv.txt
-@@ -20,6 +20,19 @@ Tag = 85632d07c6e8f37f950acd320a2ecc93
- Plaintext = 112233445566778899aabbccddee
- Ciphertext = 40c02b9690c4dc04daef7f6afe5c
-
-+Cipher = aes-128-siv
-+Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-+Tag = f1c5fdeac1f15a26779c1501f9fb7588
-+Plaintext = 112233445566778899aabbccddee
-+Ciphertext = 27e946c669088ab06da58c5c831c
-+
-+Cipher = aes-128-siv
-+Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-+AAD =
-+Tag = d1022f5b3664e5a4dfaf90f85be6f28a
-+Plaintext = 112233445566778899aabbccddee
-+Ciphertext = b66cff6b8eca0b79f083b39a0901
-+
- Cipher = aes-128-siv
- Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f
- AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100
-@@ -29,6 +42,24 @@ Tag = 7bdb6e3b432667eb06f4d14bff2fbd0f
- Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553
- Ciphertext = cb900f2fddbe404326601965c889bf17dba77ceb094fa663b7a3f748ba8af829ea64ad544a272e9c485b62a3fd5c0d
-
-+Cipher = aes-128-siv
-+Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f
-+AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100
-+AAD =
-+AAD = 09f911029d74e35bd84156c5635688c0
-+Tag = 83ce6593a8fa67eb6fcd2819cedfc011
-+Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553
-+Ciphertext = 30d937b42f71f71f93fc2d8d702d3eac8dc7651eefcd81120081ff29d626f97f3de17f2969b691c91b69b652bf3a6d
-+
-+Cipher = aes-128-siv
-+Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f
-+AAD =
-+AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100
-+AAD = 09f911029d74e35bd84156c5635688c0
-+Tag = 77dd4a44f5a6b41302121ee7f378de25
-+Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553
-+Ciphertext = 0fcd664c922464c88939d71fad7aefb864e501b0848a07d39201c1067a7288f3dadf0131a823a0bc3d588e8564a5fe
-+
- Cipher = aes-192-siv
- Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfefffffefdfcfbfaf9f8f7f6f5f4f3f2f1f0
- AAD = 101112131415161718191a1b1c1d1e1f2021222324252627
-
diff --git a/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-3446.patch b/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-3446.patch
deleted file mode 100644
index 781b0c8f48b3..000000000000
--- a/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-3446.patch
+++ /dev/null
@@ -1,121 +0,0 @@
-https://github.com/openssl/openssl/commit/fc9867c1e03c22ebf56943be205202e576aabf23
-https://github.com/openssl/openssl/commit/4791e79b8803924b28c19af4d4036ad85335110d
-
-From fc9867c1e03c22ebf56943be205202e576aabf23 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Thu, 6 Jul 2023 16:36:35 +0100
-Subject: [PATCH] Fix DH_check() excessive time with over sized modulus
-
-The DH_check() function checks numerous aspects of the key or parameters
-that have been supplied. Some of those checks use the supplied modulus
-value even if it is excessively large.
-
-There is already a maximum DH modulus size (10,000 bits) over which
-OpenSSL will not generate or derive keys. DH_check() will however still
-perform various tests for validity on such a large modulus. We introduce a
-new maximum (32,768) over which DH_check() will just fail.
-
-An application that calls DH_check() and supplies a key or parameters
-obtained from an untrusted source could be vulnerable to a Denial of
-Service attack.
-
-The function DH_check() is itself called by a number of other OpenSSL
-functions. An application calling any of those other functions may
-similarly be affected. The other functions affected by this are
-DH_check_ex() and EVP_PKEY_param_check().
-
-CVE-2023-3446
-
-Reviewed-by: Paul Dale <pauli@openssl.org>
-Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
-Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/21451)
-
-(cherry picked from commit 9e0094e2aa1b3428a12d5095132f133c078d3c3d)
---- a/crypto/dh/dh_check.c
-+++ b/crypto/dh/dh_check.c
-@@ -152,6 +152,12 @@ int DH_check(const DH *dh, int *ret)
- if (nid != NID_undef)
- return 1;
-
-+ /* Don't do any checks at all with an excessively large modulus */
-+ if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
-+ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
-+ return 0;
-+ }
-+
- if (!DH_check_params(dh, ret))
- return 0;
-
---- a/include/openssl/dh.h
-+++ b/include/openssl/dh.h
-@@ -92,7 +92,11 @@ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
- # include <openssl/dherr.h>
-
- # ifndef OPENSSL_DH_MAX_MODULUS_BITS
--# define OPENSSL_DH_MAX_MODULUS_BITS 10000
-+# define OPENSSL_DH_MAX_MODULUS_BITS 10000
-+# endif
-+
-+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
-+# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768
- # endif
-
- # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
-
-From 4791e79b8803924b28c19af4d4036ad85335110d Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Fri, 7 Jul 2023 14:39:48 +0100
-Subject: [PATCH] Add a test for CVE-2023-3446
-
-Confirm that the only errors DH_check() finds with DH parameters with an
-excessively long modulus is that the modulus is too large. We should not
-be performing time consuming checks using that modulus.
-
-Reviewed-by: Paul Dale <pauli@openssl.org>
-Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
-Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/21451)
-
-(cherry picked from commit ede782b4c8868d1f09c9cd237f82b6f35b7dba8b)
---- a/test/dhtest.c
-+++ b/test/dhtest.c
-@@ -73,7 +73,7 @@ static int dh_test(void)
- goto err1;
-
- /* check fails, because p is way too small */
-- if (!DH_check(dh, &i))
-+ if (!TEST_true(DH_check(dh, &i)))
- goto err2;
- i ^= DH_MODULUS_TOO_SMALL;
- if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
-@@ -124,6 +124,17 @@ static int dh_test(void)
- /* We'll have a stale error on the queue from the above test so clear it */
- ERR_clear_error();
-
-+ /* Modulus of size: dh check max modulus bits + 1 */
-+ if (!TEST_true(BN_set_word(p, 1))
-+ || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS)))
-+ goto err3;
-+
-+ /*
-+ * We expect no checks at all for an excessively large modulus
-+ */
-+ if (!TEST_false(DH_check(dh, &i)))
-+ goto err3;
-+
- /*
- * II) key generation
- */
-@@ -138,7 +149,7 @@ static int dh_test(void)
- goto err3;
-
- /* ... and check whether it is valid */
-- if (!DH_check(a, &i))
-+ if (!TEST_true(DH_check(a, &i)))
- goto err3;
- if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
- || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
-
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2023-10-29 3:53 Sam James
0 siblings, 0 replies; 21+ messages in thread
From: Sam James @ 2023-10-29 3:53 UTC (permalink / raw
To: gentoo-commits
commit: 8bea4e7dbf4f5692edcfbc713956517791677fcd
Author: Matoro Mahri <matoro_gentoo <AT> matoro <DOT> tk>
AuthorDate: Sun Oct 29 03:50:59 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Oct 29 03:51:50 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8bea4e7d
dev-libs/openssl: add support for ARC
Signed-off-by: Matoro Mahri <matoro_gentoo <AT> matoro.tk>
Signed-off-by: Sam James <sam <AT> gentoo.org>
dev-libs/openssl/files/gentoo.config-1.0.4 | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.4 b/dev-libs/openssl/files/gentoo.config-1.0.4
index ef1c6f1768a1..5f205781ae3e 100644
--- a/dev-libs/openssl/files/gentoo.config-1.0.4
+++ b/dev-libs/openssl/files/gentoo.config-1.0.4
@@ -88,6 +88,10 @@ linux)
alphaev56*|\
alphaev[678]*)machine=alpha+bwx-${compiler};;
alpha*) machine=alpha-${compiler};;
+ arc64*b*) machine="generic64 -DB_ENDIAN";;
+ arc64*) machine="generic64 -DL_ENDIAN";;
+ arc*b*) machine="generic32 -DB_ENDIAN";;
+ arc*) machine="generic32 -DL_ENDIAN";;
armv[4-9]*b*) machine="armv4 -DB_ENDIAN";;
armv[4-9]*) machine="armv4 -DL_ENDIAN";;
arm*b*) machine="generic32 -DB_ENDIAN";;
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2023-12-31 2:38 Conrad Kostecki
0 siblings, 0 replies; 21+ messages in thread
From: Conrad Kostecki @ 2023-12-31 2:38 UTC (permalink / raw
To: gentoo-commits
commit: 414fc629d397bb756ad382342e99243dcc6ec508
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Fri Dec 29 14:04:25 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sun Dec 31 02:37:21 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=414fc629
dev-libs/openssl: remove unused patches
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Closes: https://github.com/gentoo/gentoo/pull/34537
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
.../files/openssl-3.0.9-CVE-2023-2975.patch | 109 -------------------
.../files/openssl-3.0.9-CVE-2023-3446.patch | 120 ---------------------
2 files changed, 229 deletions(-)
diff --git a/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-2975.patch b/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-2975.patch
deleted file mode 100644
index 908e57251cb9..000000000000
--- a/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-2975.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-https://github.com/openssl/openssl/commit/00e2f5eea29994d19293ec4e8c8775ba73678598
-https://github.com/openssl/openssl/commit/96318a8d21bed334d78797eca5b32790775d5f05
-
-From 00e2f5eea29994d19293ec4e8c8775ba73678598 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Tue, 4 Jul 2023 17:30:35 +0200
-Subject: [PATCH] Do not ignore empty associated data with AES-SIV mode
-
-The AES-SIV mode allows for multiple associated data items
-authenticated separately with any of these being 0 length.
-
-The provided implementation ignores such empty associated data
-which is incorrect in regards to the RFC 5297 and is also
-a security issue because such empty associated data then become
-unauthenticated if an application expects to authenticate them.
-
-Fixes CVE-2023-2975
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-Reviewed-by: Paul Dale <pauli@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/21384)
-
-(cherry picked from commit c426c281cfc23ab182f7d7d7a35229e7db1494d9)
---- a/providers/implementations/ciphers/cipher_aes_siv.c
-+++ b/providers/implementations/ciphers/cipher_aes_siv.c
-@@ -120,14 +120,18 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl,
- if (!ossl_prov_is_running())
- return 0;
-
-- if (inl == 0) {
-- *outl = 0;
-- return 1;
-- }
-+ /* Ignore just empty encryption/decryption call and not AAD. */
-+ if (out != NULL) {
-+ if (inl == 0) {
-+ if (outl != NULL)
-+ *outl = 0;
-+ return 1;
-+ }
-
-- if (outsize < inl) {
-- ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
-- return 0;
-+ if (outsize < inl) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
-+ return 0;
-+ }
- }
-
- if (ctx->hw->cipher(ctx, out, in, inl) <= 0)
-
-From 96318a8d21bed334d78797eca5b32790775d5f05 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Tue, 4 Jul 2023 17:50:37 +0200
-Subject: [PATCH] Add testcases for empty associated data entries with AES-SIV
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-Reviewed-by: Paul Dale <pauli@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/21384)
-
-(cherry picked from commit 3993bb0c0c87e3ed0ab4274e4688aa814e164cfc)
---- a/test/recipes/30-test_evp_data/evpciph_aes_siv.txt
-+++ b/test/recipes/30-test_evp_data/evpciph_aes_siv.txt
-@@ -20,6 +20,19 @@ Tag = 85632d07c6e8f37f950acd320a2ecc93
- Plaintext = 112233445566778899aabbccddee
- Ciphertext = 40c02b9690c4dc04daef7f6afe5c
-
-+Cipher = aes-128-siv
-+Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-+Tag = f1c5fdeac1f15a26779c1501f9fb7588
-+Plaintext = 112233445566778899aabbccddee
-+Ciphertext = 27e946c669088ab06da58c5c831c
-+
-+Cipher = aes-128-siv
-+Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-+AAD =
-+Tag = d1022f5b3664e5a4dfaf90f85be6f28a
-+Plaintext = 112233445566778899aabbccddee
-+Ciphertext = b66cff6b8eca0b79f083b39a0901
-+
- Cipher = aes-128-siv
- Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f
- AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100
-@@ -29,6 +42,24 @@ Tag = 7bdb6e3b432667eb06f4d14bff2fbd0f
- Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553
- Ciphertext = cb900f2fddbe404326601965c889bf17dba77ceb094fa663b7a3f748ba8af829ea64ad544a272e9c485b62a3fd5c0d
-
-+Cipher = aes-128-siv
-+Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f
-+AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100
-+AAD =
-+AAD = 09f911029d74e35bd84156c5635688c0
-+Tag = 83ce6593a8fa67eb6fcd2819cedfc011
-+Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553
-+Ciphertext = 30d937b42f71f71f93fc2d8d702d3eac8dc7651eefcd81120081ff29d626f97f3de17f2969b691c91b69b652bf3a6d
-+
-+Cipher = aes-128-siv
-+Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f
-+AAD =
-+AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100
-+AAD = 09f911029d74e35bd84156c5635688c0
-+Tag = 77dd4a44f5a6b41302121ee7f378de25
-+Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553
-+Ciphertext = 0fcd664c922464c88939d71fad7aefb864e501b0848a07d39201c1067a7288f3dadf0131a823a0bc3d588e8564a5fe
-+
- Cipher = aes-192-siv
- Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfefffffefdfcfbfaf9f8f7f6f5f4f3f2f1f0
- AAD = 101112131415161718191a1b1c1d1e1f2021222324252627
diff --git a/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-3446.patch b/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-3446.patch
deleted file mode 100644
index 1a1be6a8af51..000000000000
--- a/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-3446.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-https://github.com/openssl/openssl/commit/1fa20cf2f506113c761777127a38bce5068740eb
-https://github.com/openssl/openssl/commit/8a62fd996cb1c22383ec75b4155d54dec4a1b0ee
-
-From 1fa20cf2f506113c761777127a38bce5068740eb Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Thu, 6 Jul 2023 16:36:35 +0100
-Subject: [PATCH] Fix DH_check() excessive time with over sized modulus
-
-The DH_check() function checks numerous aspects of the key or parameters
-that have been supplied. Some of those checks use the supplied modulus
-value even if it is excessively large.
-
-There is already a maximum DH modulus size (10,000 bits) over which
-OpenSSL will not generate or derive keys. DH_check() will however still
-perform various tests for validity on such a large modulus. We introduce a
-new maximum (32,768) over which DH_check() will just fail.
-
-An application that calls DH_check() and supplies a key or parameters
-obtained from an untrusted source could be vulnerable to a Denial of
-Service attack.
-
-The function DH_check() is itself called by a number of other OpenSSL
-functions. An application calling any of those other functions may
-similarly be affected. The other functions affected by this are
-DH_check_ex() and EVP_PKEY_param_check().
-
-CVE-2023-3446
-
-Reviewed-by: Paul Dale <pauli@openssl.org>
-Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
-Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/21451)
-
-(cherry picked from commit 9e0094e2aa1b3428a12d5095132f133c078d3c3d)
---- a/crypto/dh/dh_check.c
-+++ b/crypto/dh/dh_check.c
-@@ -152,6 +152,12 @@ int DH_check(const DH *dh, int *ret)
- if (nid != NID_undef)
- return 1;
-
-+ /* Don't do any checks at all with an excessively large modulus */
-+ if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
-+ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
-+ return 0;
-+ }
-+
- if (!DH_check_params(dh, ret))
- return 0;
-
---- a/include/openssl/dh.h
-+++ b/include/openssl/dh.h
-@@ -89,7 +89,11 @@ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
- # include <openssl/dherr.h>
-
- # ifndef OPENSSL_DH_MAX_MODULUS_BITS
--# define OPENSSL_DH_MAX_MODULUS_BITS 10000
-+# define OPENSSL_DH_MAX_MODULUS_BITS 10000
-+# endif
-+
-+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
-+# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768
- # endif
-
- # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
-
-From 8a62fd996cb1c22383ec75b4155d54dec4a1b0ee Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Fri, 7 Jul 2023 14:39:48 +0100
-Subject: [PATCH] Add a test for CVE-2023-3446
-
-Confirm that the only errors DH_check() finds with DH parameters with an
-excessively long modulus is that the modulus is too large. We should not
-be performing time consuming checks using that modulus.
-
-Reviewed-by: Paul Dale <pauli@openssl.org>
-Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
-Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/21451)
-
-(cherry picked from commit ede782b4c8868d1f09c9cd237f82b6f35b7dba8b)
---- a/test/dhtest.c
-+++ b/test/dhtest.c
-@@ -73,7 +73,7 @@ static int dh_test(void)
- goto err1;
-
- /* check fails, because p is way too small */
-- if (!DH_check(dh, &i))
-+ if (!TEST_true(DH_check(dh, &i)))
- goto err2;
- i ^= DH_MODULUS_TOO_SMALL;
- if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
-@@ -124,6 +124,17 @@ static int dh_test(void)
- /* We'll have a stale error on the queue from the above test so clear it */
- ERR_clear_error();
-
-+ /* Modulus of size: dh check max modulus bits + 1 */
-+ if (!TEST_true(BN_set_word(p, 1))
-+ || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS)))
-+ goto err3;
-+
-+ /*
-+ * We expect no checks at all for an excessively large modulus
-+ */
-+ if (!TEST_false(DH_check(dh, &i)))
-+ goto err3;
-+
- /*
- * II) key generation
- */
-@@ -138,7 +149,7 @@ static int dh_test(void)
- goto err3;
-
- /* ... and check whether it is valid */
-- if (!DH_check(a, &i))
-+ if (!TEST_true(DH_check(a, &i)))
- goto err3;
- if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
- || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2024-08-03 5:08 Sam James
0 siblings, 0 replies; 21+ messages in thread
From: Sam James @ 2024-08-03 5:08 UTC (permalink / raw
To: gentoo-commits
commit: fcbeb0799f940bd8b1a9f8894e508a821d1a366d
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 3 03:25:53 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug 3 05:07:15 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fcbeb079
dev-libs/openssl: drop obsolete patches
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/openssl-3.1.5-CVE-2024-2511.patch | 137 ---------------------
.../openssl/files/openssl-3.1.5-p11-segfault.patch | 78 ------------
.../files/openssl-3.2.1-CVE-2024-2511.patch | 137 ---------------------
.../openssl/files/openssl-3.2.1-p11-segfault.patch | 79 ------------
dev-libs/openssl/files/openssl-3.2.1-riscv.patch | 70 -----------
dev-libs/openssl/files/openssl-3.2.1-s390x.patch | 31 -----
6 files changed, 532 deletions(-)
diff --git a/dev-libs/openssl/files/openssl-3.1.5-CVE-2024-2511.patch b/dev-libs/openssl/files/openssl-3.1.5-CVE-2024-2511.patch
deleted file mode 100644
index c5b7dfe449f7..000000000000
--- a/dev-libs/openssl/files/openssl-3.1.5-CVE-2024-2511.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-https://www.openssl.org/news/secadv/20240408.txt
-https://bugs.gentoo.org/930047
-https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
-https://github.com/openssl/openssl/commit/c342f4b8bd2d0b375b0e22337057c2eab47d9b96
-
-From 7e4d731b1c07201ad9374c1cd9ac5263bdf35bce Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 5 Mar 2024 15:43:53 +0000
-Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3
-
-In TLSv1.3 we create a new session object for each ticket that we send.
-We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
-use then the new session will be added to the session cache. However, if
-early data is not in use (and therefore anti-replay protection is being
-used), then multiple threads could be resuming from the same session
-simultaneously. If this happens and a problem occurs on one of the threads,
-then the original session object could be marked as not_resumable. When we
-duplicate the session object this not_resumable status gets copied into the
-new session object. The new session object is then added to the session
-cache even though it is not_resumable.
-
-Subsequently, another bug means that the session_id_length is set to 0 for
-sessions that are marked as not_resumable - even though that session is
-still in the cache. Once this happens the session can never be removed from
-the cache. When that object gets to be the session cache tail object the
-cache never shrinks again and grows indefinitely.
-
-CVE-2024-2511
-
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/24044)
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -3737,9 +3737,10 @@ void ssl_update_cache(SSL *s, int mode)
-
- /*
- * If the session_id_length is 0, we are not supposed to cache it, and it
-- * would be rather hard to do anyway :-)
-+ * would be rather hard to do anyway :-). Also if the session has already
-+ * been marked as not_resumable we should not cache it for later reuse.
- */
-- if (s->session->session_id_length == 0)
-+ if (s->session->session_id_length == 0 || s->session->not_resumable)
- return;
-
- /*
---- a/ssl/ssl_sess.c
-+++ b/ssl/ssl_sess.c
-@@ -154,16 +154,11 @@ SSL_SESSION *SSL_SESSION_new(void)
- return ss;
- }
-
--SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
--{
-- return ssl_session_dup(src, 1);
--}
--
- /*
- * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
- * ticket == 0 then no ticket information is duplicated, otherwise it is.
- */
--SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
-+static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
- {
- SSL_SESSION *dest;
-
-@@ -287,6 +282,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
- return NULL;
- }
-
-+SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
-+{
-+ return ssl_session_dup_intern(src, 1);
-+}
-+
-+/*
-+ * Used internally when duplicating a session which might be already shared.
-+ * We will have resumed the original session. Subsequently we might have marked
-+ * it as non-resumable (e.g. in another thread) - but this copy should be ok to
-+ * resume from.
-+ */
-+SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
-+{
-+ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
-+
-+ if (sess != NULL)
-+ sess->not_resumable = 0;
-+
-+ return sess;
-+}
-+
- const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
- {
- if (len)
---- a/ssl/statem/statem_srvr.c
-+++ b/ssl/statem/statem_srvr.c
-@@ -2338,9 +2338,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
- * so the following won't overwrite an ID that we're supposed
- * to send back.
- */
-- if (s->session->not_resumable ||
-- (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
-- && !s->hit))
-+ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
-+ && !s->hit)
- s->session->session_id_length = 0;
-
- if (usetls13) {
-
-From c342f4b8bd2d0b375b0e22337057c2eab47d9b96 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Fri, 15 Mar 2024 17:58:42 +0000
-Subject: [PATCH] Hardening around not_resumable sessions
-
-Make sure we can't inadvertently use a not_resumable session
-
-Related to CVE-2024-2511
-
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/24044)
---- a/ssl/ssl_sess.c
-+++ b/ssl/ssl_sess.c
-@@ -533,6 +533,12 @@ SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
- ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©);
-
- if (ret != NULL) {
-+ if (ret->not_resumable) {
-+ /* If its not resumable then ignore this session */
-+ if (!copy)
-+ SSL_SESSION_free(ret);
-+ return NULL;
-+ }
- ssl_tsan_counter(s->session_ctx,
- &s->session_ctx->stats.sess_cb_hit);
-
diff --git a/dev-libs/openssl/files/openssl-3.1.5-p11-segfault.patch b/dev-libs/openssl/files/openssl-3.1.5-p11-segfault.patch
deleted file mode 100644
index 50bc63ef2d14..000000000000
--- a/dev-libs/openssl/files/openssl-3.1.5-p11-segfault.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-https://bugs.gentoo.org/916328
-https://github.com/opendnssec/SoftHSMv2/issues/729
-https://github.com/openssl/openssl/issues/22508
-https://github.com/openssl/openssl/commit/0058a55407d824d5b55ecc0a1cbf8931803dc238
-
-From 0058a55407d824d5b55ecc0a1cbf8931803dc238 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Fri, 15 Dec 2023 13:45:50 +0100
-Subject: [PATCH] Revert "Improved detection of engine-provided private
- "classic" keys"
-
-This reverts commit 2b74e75331a27fc89cad9c8ea6a26c70019300b5.
-
-The commit was wrong. With 3.x versions the engines must be themselves
-responsible for creating their EVP_PKEYs in a way that they are treated
-as legacy - either by using the respective set1 calls or by setting
-non-default EVP_PKEY_METHOD.
-
-The workaround has caused more problems than it solved.
-
-Fixes #22945
-
-Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/23063)
-
-(cherry picked from commit 39ea78379826fa98e8dc8c0d2b07e2c17cd68380)
---- a/crypto/engine/eng_pkey.c
-+++ b/crypto/engine/eng_pkey.c
-@@ -79,48 +79,6 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
- return NULL;
- }
-- /* We enforce check for legacy key */
-- switch (EVP_PKEY_get_id(pkey)) {
-- case EVP_PKEY_RSA:
-- {
-- RSA *rsa = EVP_PKEY_get1_RSA(pkey);
-- EVP_PKEY_set1_RSA(pkey, rsa);
-- RSA_free(rsa);
-- }
-- break;
--# ifndef OPENSSL_NO_EC
-- case EVP_PKEY_SM2:
-- case EVP_PKEY_EC:
-- {
-- EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
-- EVP_PKEY_set1_EC_KEY(pkey, ec);
-- EC_KEY_free(ec);
-- }
-- break;
--# endif
--# ifndef OPENSSL_NO_DSA
-- case EVP_PKEY_DSA:
-- {
-- DSA *dsa = EVP_PKEY_get1_DSA(pkey);
-- EVP_PKEY_set1_DSA(pkey, dsa);
-- DSA_free(dsa);
-- }
-- break;
--#endif
--# ifndef OPENSSL_NO_DH
-- case EVP_PKEY_DH:
-- {
-- DH *dh = EVP_PKEY_get1_DH(pkey);
-- EVP_PKEY_set1_DH(pkey, dh);
-- DH_free(dh);
-- }
-- break;
--#endif
-- default:
-- /*Do nothing */
-- break;
-- }
--
- return pkey;
- }
-
diff --git a/dev-libs/openssl/files/openssl-3.2.1-CVE-2024-2511.patch b/dev-libs/openssl/files/openssl-3.2.1-CVE-2024-2511.patch
deleted file mode 100644
index d5b40447d745..000000000000
--- a/dev-libs/openssl/files/openssl-3.2.1-CVE-2024-2511.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-https://www.openssl.org/news/secadv/20240408.txt
-https://bugs.gentoo.org/930047
-https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
-https://github.com/openssl/openssl/commit/4d67109432646c113887b0aa8091fb0d1b3057e6
-
-From e9d7083e241670332e0443da0f0d4ffb52829f08 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 5 Mar 2024 15:43:53 +0000
-Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3
-
-In TLSv1.3 we create a new session object for each ticket that we send.
-We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
-use then the new session will be added to the session cache. However, if
-early data is not in use (and therefore anti-replay protection is being
-used), then multiple threads could be resuming from the same session
-simultaneously. If this happens and a problem occurs on one of the threads,
-then the original session object could be marked as not_resumable. When we
-duplicate the session object this not_resumable status gets copied into the
-new session object. The new session object is then added to the session
-cache even though it is not_resumable.
-
-Subsequently, another bug means that the session_id_length is set to 0 for
-sessions that are marked as not_resumable - even though that session is
-still in the cache. Once this happens the session can never be removed from
-the cache. When that object gets to be the session cache tail object the
-cache never shrinks again and grows indefinitely.
-
-CVE-2024-2511
-
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/24043)
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -4457,9 +4457,10 @@ void ssl_update_cache(SSL_CONNECTION *s, int mode)
-
- /*
- * If the session_id_length is 0, we are not supposed to cache it, and it
-- * would be rather hard to do anyway :-)
-+ * would be rather hard to do anyway :-). Also if the session has already
-+ * been marked as not_resumable we should not cache it for later reuse.
- */
-- if (s->session->session_id_length == 0)
-+ if (s->session->session_id_length == 0 || s->session->not_resumable)
- return;
-
- /*
---- a/ssl/ssl_sess.c
-+++ b/ssl/ssl_sess.c
-@@ -127,16 +127,11 @@ SSL_SESSION *SSL_SESSION_new(void)
- return ss;
- }
-
--SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
--{
-- return ssl_session_dup(src, 1);
--}
--
- /*
- * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
- * ticket == 0 then no ticket information is duplicated, otherwise it is.
- */
--SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
-+static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
- {
- SSL_SESSION *dest;
-
-@@ -265,6 +260,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
- return NULL;
- }
-
-+SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
-+{
-+ return ssl_session_dup_intern(src, 1);
-+}
-+
-+/*
-+ * Used internally when duplicating a session which might be already shared.
-+ * We will have resumed the original session. Subsequently we might have marked
-+ * it as non-resumable (e.g. in another thread) - but this copy should be ok to
-+ * resume from.
-+ */
-+SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
-+{
-+ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
-+
-+ if (sess != NULL)
-+ sess->not_resumable = 0;
-+
-+ return sess;
-+}
-+
- const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
- {
- if (len)
---- a/ssl/statem/statem_srvr.c
-+++ b/ssl/statem/statem_srvr.c
-@@ -2445,9 +2445,8 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
- * so the following won't overwrite an ID that we're supposed
- * to send back.
- */
-- if (s->session->not_resumable ||
-- (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER)
-- && !s->hit))
-+ if (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER)
-+ && !s->hit)
- s->session->session_id_length = 0;
-
- if (usetls13) {
-
-From 4d67109432646c113887b0aa8091fb0d1b3057e6 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Fri, 15 Mar 2024 17:58:42 +0000
-Subject: [PATCH] Hardening around not_resumable sessions
-
-Make sure we can't inadvertently use a not_resumable session
-
-Related to CVE-2024-2511
-
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/24043)
---- a/ssl/ssl_sess.c
-+++ b/ssl/ssl_sess.c
-@@ -519,6 +519,12 @@ SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s,
- sess_id, sess_id_len, ©);
-
- if (ret != NULL) {
-+ if (ret->not_resumable) {
-+ /* If its not resumable then ignore this session */
-+ if (!copy)
-+ SSL_SESSION_free(ret);
-+ return NULL;
-+ }
- ssl_tsan_counter(s->session_ctx,
- &s->session_ctx->stats.sess_cb_hit);
-
diff --git a/dev-libs/openssl/files/openssl-3.2.1-p11-segfault.patch b/dev-libs/openssl/files/openssl-3.2.1-p11-segfault.patch
deleted file mode 100644
index 59e785caac7c..000000000000
--- a/dev-libs/openssl/files/openssl-3.2.1-p11-segfault.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-https://bugs.gentoo.org/916328
-https://github.com/opendnssec/SoftHSMv2/issues/729
-https://github.com/openssl/openssl/issues/22508
-https://github.com/openssl/openssl/commit/934943281267259fa928f4a5814b176525461a65
-
-From 934943281267259fa928f4a5814b176525461a65 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Fri, 15 Dec 2023 13:45:50 +0100
-Subject: [PATCH] Revert "Improved detection of engine-provided private
- "classic" keys"
-
-This reverts commit 2b74e75331a27fc89cad9c8ea6a26c70019300b5.
-
-The commit was wrong. With 3.x versions the engines must be themselves
-responsible for creating their EVP_PKEYs in a way that they are treated
-as legacy - either by using the respective set1 calls or by setting
-non-default EVP_PKEY_METHOD.
-
-The workaround has caused more problems than it solved.
-
-Fixes #22945
-
-Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/23063)
-
-(cherry picked from commit 39ea78379826fa98e8dc8c0d2b07e2c17cd68380)
---- a/crypto/engine/eng_pkey.c
-+++ b/crypto/engine/eng_pkey.c
-@@ -79,48 +79,6 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
- return NULL;
- }
-- /* We enforce check for legacy key */
-- switch (EVP_PKEY_get_id(pkey)) {
-- case EVP_PKEY_RSA:
-- {
-- RSA *rsa = EVP_PKEY_get1_RSA(pkey);
-- EVP_PKEY_set1_RSA(pkey, rsa);
-- RSA_free(rsa);
-- }
-- break;
--# ifndef OPENSSL_NO_EC
-- case EVP_PKEY_SM2:
-- case EVP_PKEY_EC:
-- {
-- EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
-- EVP_PKEY_set1_EC_KEY(pkey, ec);
-- EC_KEY_free(ec);
-- }
-- break;
--# endif
--# ifndef OPENSSL_NO_DSA
-- case EVP_PKEY_DSA:
-- {
-- DSA *dsa = EVP_PKEY_get1_DSA(pkey);
-- EVP_PKEY_set1_DSA(pkey, dsa);
-- DSA_free(dsa);
-- }
-- break;
--#endif
--# ifndef OPENSSL_NO_DH
-- case EVP_PKEY_DH:
-- {
-- DH *dh = EVP_PKEY_get1_DH(pkey);
-- EVP_PKEY_set1_DH(pkey, dh);
-- DH_free(dh);
-- }
-- break;
--#endif
-- default:
-- /*Do nothing */
-- break;
-- }
--
- return pkey;
- }
-
-
diff --git a/dev-libs/openssl/files/openssl-3.2.1-riscv.patch b/dev-libs/openssl/files/openssl-3.2.1-riscv.patch
deleted file mode 100644
index 51256cf434e2..000000000000
--- a/dev-libs/openssl/files/openssl-3.2.1-riscv.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-# Bug: https://bugs.gentoo.org/923956
-# Upstream PR: https://github.com/openssl/openssl/pull/23752
---- a/providers/implementations/ciphers/cipher_aes_gcm_hw.c
-+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw.c
-@@ -142,9 +142,9 @@ static const PROV_GCM_HW aes_gcm = {
- # include "cipher_aes_gcm_hw_armv8.inc"
- #elif defined(PPC_AES_GCM_CAPABLE) && defined(_ARCH_PPC64)
- # include "cipher_aes_gcm_hw_ppc.inc"
--#elif defined(__riscv) && __riscv_xlen == 64
-+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
- # include "cipher_aes_gcm_hw_rv64i.inc"
--#elif defined(__riscv) && __riscv_xlen == 32
-+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
- # include "cipher_aes_gcm_hw_rv32i.inc"
- #else
- const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits)
---- a/providers/implementations/ciphers/cipher_aes_hw.c
-+++ b/providers/implementations/ciphers/cipher_aes_hw.c
-@@ -142,9 +142,9 @@ const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_##mode(size_t keybits) \
- # include "cipher_aes_hw_t4.inc"
- #elif defined(S390X_aes_128_CAPABLE)
- # include "cipher_aes_hw_s390x.inc"
--#elif defined(__riscv) && __riscv_xlen == 64
-+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
- # include "cipher_aes_hw_rv64i.inc"
--#elif defined(__riscv) && __riscv_xlen == 32
-+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
- # include "cipher_aes_hw_rv32i.inc"
- #else
- /* The generic case */
---- a/providers/implementations/ciphers/cipher_aes_ocb_hw.c
-+++ b/providers/implementations/ciphers/cipher_aes_ocb_hw.c
-@@ -104,7 +104,7 @@ static const PROV_CIPHER_HW aes_t4_ocb = { \
- if (SPARC_AES_CAPABLE) \
- return &aes_t4_ocb;
-
--#elif defined(__riscv) && __riscv_xlen == 64
-+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
-
- static int cipher_hw_aes_ocb_rv64i_zknd_zkne_initkey(PROV_CIPHER_CTX *vctx,
- const unsigned char *key,
-@@ -126,7 +126,7 @@ static const PROV_CIPHER_HW aes_rv64i_zknd_zkne_ocb = { \
- if (RISCV_HAS_ZKND_AND_ZKNE()) \
- return &aes_rv64i_zknd_zkne_ocb;
-
--#elif defined(__riscv) && __riscv_xlen == 32
-+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
-
- static int cipher_hw_aes_ocb_rv32i_zknd_zkne_initkey(PROV_CIPHER_CTX *vctx,
- const unsigned char *key,
---- a/providers/implementations/ciphers/cipher_aes_xts_hw.c
-+++ b/providers/implementations/ciphers/cipher_aes_xts_hw.c
-@@ -159,7 +159,7 @@ static const PROV_CIPHER_HW aes_xts_t4 = { \
- if (SPARC_AES_CAPABLE) \
- return &aes_xts_t4;
-
--#elif defined(__riscv) && __riscv_xlen == 64
-+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
-
- static int cipher_hw_aes_xts_rv64i_zknd_zkne_initkey(PROV_CIPHER_CTX *ctx,
- const unsigned char *key,
-@@ -185,7 +185,7 @@ static const PROV_CIPHER_HW aes_xts_rv64i_zknd_zkne = { \
- if (RISCV_HAS_ZKND_AND_ZKNE()) \
- return &aes_xts_rv64i_zknd_zkne;
-
--#elif defined(__riscv) && __riscv_xlen == 32
-+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
-
- static int cipher_hw_aes_xts_rv32i_zknd_zkne_initkey(PROV_CIPHER_CTX *ctx,
- const unsigned char *key,
diff --git a/dev-libs/openssl/files/openssl-3.2.1-s390x.patch b/dev-libs/openssl/files/openssl-3.2.1-s390x.patch
deleted file mode 100644
index 3cbf4854e12e..000000000000
--- a/dev-libs/openssl/files/openssl-3.2.1-s390x.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-https://bugs.gentoo.org/923957
-https://github.com/openssl/openssl/pull/23458
-https://github.com/openssl/openssl/commit/5fa5d59750db9df00f4871949a66020ac44f4f9c
-
-From 5fa5d59750db9df00f4871949a66020ac44f4f9c Mon Sep 17 00:00:00 2001
-From: Ingo Franzki <ifranzki@linux.ibm.com>
-Date: Fri, 2 Feb 2024 10:20:55 +0100
-Subject: [PATCH] s390x: Fix build on s390x with 'disable-asm'
-
-Do not define S390X_MOD_EXP for a NO_ASM build, this would result in
-unresolved externals for s390x_mod_exp and s390x_crt.
-
-Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
-
-Reviewed-by: Hugo Landau <hlandau@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/23458)
-
-(cherry picked from commit a5b0c568dbefddd154f99011d7ce76cfbfadb67a)
---- a/include/crypto/bn.h
-+++ b/include/crypto/bn.h
-@@ -116,7 +116,8 @@ OSSL_LIB_CTX *ossl_bn_get_libctx(BN_CTX *ctx);
-
- extern const BIGNUM ossl_bn_inv_sqrt_2;
-
--#if defined(OPENSSL_SYS_LINUX) && !defined(FIPS_MODULE) && defined (__s390x__)
-+#if defined(OPENSSL_SYS_LINUX) && !defined(FIPS_MODULE) && defined (__s390x__) \
-+ && !defined (OPENSSL_NO_ASM)
- # define S390X_MOD_EXP
- #endif
-
^ permalink raw reply related [flat|nested] 21+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
@ 2024-12-23 20:01 Conrad Kostecki
0 siblings, 0 replies; 21+ messages in thread
From: Conrad Kostecki @ 2024-12-23 20:01 UTC (permalink / raw
To: gentoo-commits
commit: 461af5da2a85cb794b2f4fe217f43e94201f4c59
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Wed Dec 18 16:18:20 2024 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Mon Dec 23 19:50:23 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=461af5da
dev-libs/openssl: remove unused patches
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
.../files/openssl-3.3.1-cmake-generator.patch | 55 ----
.../files/openssl-3.3.1-pkg-config-deux.patch | 303 ---------------------
.../openssl/files/openssl-3.3.1-pkg-config.patch | 31 ---
dev-libs/openssl/files/openssl-3.3.1-riscv.patch | 96 -------
4 files changed, 485 deletions(-)
diff --git a/dev-libs/openssl/files/openssl-3.3.1-cmake-generator.patch b/dev-libs/openssl/files/openssl-3.3.1-cmake-generator.patch
deleted file mode 100644
index bb8fdbe3f241..000000000000
--- a/dev-libs/openssl/files/openssl-3.3.1-cmake-generator.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-https://bugs.gentoo.org/937457
-https://github.com/openssl/openssl/commit/419fb4ea4be4c0b28c63b494ff30fa3510aba06e
-
-From 419fb4ea4be4c0b28c63b494ff30fa3510aba06e Mon Sep 17 00:00:00 2001
-From: Neil Horman <nhorman@openssl.org>
-Date: Sun, 14 Jul 2024 08:57:25 -0400
-Subject: [PATCH] Fix cmake generator
-
-PR #24678 modified some environment variables and locations that the
-cmake exporter depended on, resulting in empty directory resolution.
-Adjust build build.info and input variable names to match up again
-
-Fixes #24874
-
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/24877)
-
-(cherry picked from commit c1a27bdeb9a4f915aa92ed0e74ed48a1f9b94176)
---- a/build.info
-+++ b/build.info
-@@ -102,6 +102,11 @@ IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-|BC-)/ -}]
- ENDIF
-
- # This file sets the build directory up for CMake inclusion
-+# Note: This generation of OpenSSLConfig[Version].cmake is used
-+# for building openssl locally, and so the build variables are
-+# taken from builddata.pm rather than installdata.pm. For exportable
-+# versions of these generated files, you'll find them in the exporters
-+# directory
- GENERATE[OpenSSLConfig.cmake]=exporters/cmake/OpenSSLConfig.cmake.in
- DEPEND[OpenSSLConfig.cmake]=builddata.pm
- GENERATE[OpenSSLConfigVersion.cmake]=exporters/cmake/OpenSSLConfigVersion.cmake.in
---- a/exporters/cmake/OpenSSLConfig.cmake.in
-+++ b/exporters/cmake/OpenSSLConfig.cmake.in
-@@ -127,13 +127,13 @@ set(OPENSSL_VERSION_FIX "${OpenSSL_VERSION_PATCH}")
- set(OPENSSL_FOUND YES)
-
- # Directories and names
--set(OPENSSL_INCLUDE_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::INCLUDEDIR_REL, 1); -}")
--set(OPENSSL_LIBRARY_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::LIBDIR_REL, 1); -}")
--set(OPENSSL_ENGINES_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::ENGINESDIR_REL, 1); -}")
--set(OPENSSL_MODULES_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::MODULESDIR_REL, 1); -}")
--set(OPENSSL_RUNTIME_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::BINDIR_REL, 1); -}")
-+set(OPENSSL_LIBRARY_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::LIBDIR_REL_PREFIX, 1); -}")
-+set(OPENSSL_INCLUDE_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX, 1); -}")
-+set(OPENSSL_ENGINES_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::LIBDIR_REL_PREFIX, 1); -}/{- unixify($OpenSSL::safe::installdata::ENGINESDIR_REL_LIBDIR, 1); -}")
-+set(OPENSSL_MODULES_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::LIBDIR_REL_PREFIX, 1); -}/{- unixify($OpenSSL::safe::installdata::MODULESDIR_REL_LIBDIR, 1); -}")
-+set(OPENSSL_RUNTIME_DIR "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::BINDIR_REL_PREFIX, 1); -}")
- {- output_off() if $disabled{uplink}; "" -}
--set(OPENSSL_APPLINK_SOURCE "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::APPLINKDIR_REL, 1); -}/applink.c")
-+set(OPENSSL_APPLINK_SOURCE "${_ossl_prefix}/{- unixify($OpenSSL::safe::installdata::APPLINKDIR_REL_PREFIX, 1); -}/applink.c")
- {- output_on() if $disabled{uplink}; "" -}
- set(OPENSSL_PROGRAM "${OPENSSL_RUNTIME_DIR}/{- platform->bin('openssl') -}")
-
diff --git a/dev-libs/openssl/files/openssl-3.3.1-pkg-config-deux.patch b/dev-libs/openssl/files/openssl-3.3.1-pkg-config-deux.patch
deleted file mode 100644
index a5ad9987eb57..000000000000
--- a/dev-libs/openssl/files/openssl-3.3.1-pkg-config-deux.patch
+++ /dev/null
@@ -1,303 +0,0 @@
-https://github.com/openssl/openssl/pull/24687
-https://bugs.gentoo.org/936576
-
-https://github.com/openssl/openssl/commit/aa099dba7c80c723cf4babf5adc0c801f1c28363
-https://github.com/openssl/openssl/commit/1c437b5704c9ee5f667bc2b11e5fdf176dfb714f
-
-From aa099dba7c80c723cf4babf5adc0c801f1c28363 Mon Sep 17 00:00:00 2001
-From: Richard Levitte <levitte@openssl.org>
-Date: Thu, 20 Jun 2024 14:30:16 +0200
-Subject: [PATCH] Give util/mkinstallvars.pl more fine grained control over var
- dependencies
-
-Essentially, we try to do what GNU does. 'prefix' is used to define the
-defaults for 'exec_prefix' and 'libdir', and these are then used to define
-further directory values. util/mkinstallvars.pl is changed to reflect that
-to the best of our ability.
-
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/24687)
-
-(cherry picked from commit 6e0fd246e7a6e51f92b2ef3520bfc4414b7773c0)
----
- exporters/build.info | 2 +-
- util/mkinstallvars.pl | 133 ++++++++++++++++++++++++++----------------
- 2 files changed, 85 insertions(+), 50 deletions(-)
-
-diff --git a/exporters/build.info b/exporters/build.info
-index 86acf2df9467c..9241dc9b0a658 100644
---- a/exporters/build.info
-+++ b/exporters/build.info
-@@ -19,7 +19,7 @@ DEPEND[openssl.pc]=libcrypto.pc libssl.pc
- DEPEND[""]=openssl.pc
-
- GENERATE[../installdata.pm]=../util/mkinstallvars.pl \
-- "PREFIX=$(INSTALLTOP)" BINDIR=bin "LIBDIR=$(LIBDIR)" \
-+ "PREFIX=$(INSTALLTOP)" BINDIR=bin "LIBDIR=$(LIBDIR)" "libdir=$(libdir)" \
- INCLUDEDIR=include APPLINKDIR=include/openssl \
- "ENGINESDIR=$(ENGINESDIR)" "MODULESDIR=$(MODULESDIR)" \
- "PKGCONFIGDIR=$(PKGCONFIGDIR)" "CMAKECONFIGDIR=$(CMAKECONFIGDIR)" \
-diff --git a/util/mkinstallvars.pl b/util/mkinstallvars.pl
-index 59a432d28c601..5fadb708e1b77 100644
---- a/util/mkinstallvars.pl
-+++ b/util/mkinstallvars.pl
-@@ -11,13 +11,25 @@
- # The result is a Perl module creating the package OpenSSL::safe::installdata.
-
- use File::Spec;
-+use List::Util qw(pairs);
-
- # These are expected to be set up as absolute directories
--my @absolutes = qw(PREFIX);
-+my @absolutes = qw(PREFIX libdir);
- # These may be absolute directories, and if not, they are expected to be set up
--# as subdirectories to PREFIX
--my @subdirs = qw(BINDIR LIBDIR INCLUDEDIR APPLINKDIR ENGINESDIR MODULESDIR
-- PKGCONFIGDIR CMAKECONFIGDIR);
-+# as subdirectories to PREFIX or LIBDIR. The order of the pairs is important,
-+# since the LIBDIR subdirectories depend on the calculation of LIBDIR from
-+# PREFIX.
-+my @subdirs = pairs (PREFIX => [ qw(BINDIR LIBDIR INCLUDEDIR APPLINKDIR) ],
-+ LIBDIR => [ qw(ENGINESDIR MODULESDIR PKGCONFIGDIR
-+ CMAKECONFIGDIR) ]);
-+# For completeness, other expected variables
-+my @others = qw(VERSION LDLIBS);
-+
-+my %all = ( );
-+foreach (@absolutes) { $all{$_} = 1 }
-+foreach (@subdirs) { foreach (@{$_->[1]}) { $all{$_} = 1 } }
-+foreach (@others) { $all{$_} = 1 }
-+print STDERR "DEBUG: all keys: ", join(", ", sort keys %all), "\n";
-
- my %keys = ();
- foreach (@ARGV) {
-@@ -26,29 +38,47 @@
- $ENV{$k} = $v;
- }
-
--foreach my $k (sort keys %keys) {
-- my $v = $ENV{$k};
-- $v = File::Spec->rel2abs($v) if $v && grep { $k eq $_ } @absolutes;
-- $ENV{$k} = $v;
-+# warn if there are missing values, and also if there are unexpected values
-+foreach my $k (sort keys %all) {
-+ warn "No value given for $k\n" unless $keys{$k};
- }
- foreach my $k (sort keys %keys) {
-+ warn "Unknown variable $k\n" unless $all{$k};
-+}
-+
-+# This shouldn't be needed, but just in case we get relative paths that
-+# should be absolute, make sure they actually are.
-+foreach my $k (@absolutes) {
- my $v = $ENV{$k} || '.';
-+ print STDERR "DEBUG: $k = $v => ";
-+ $v = File::Spec->rel2abs($v) if $v;
-+ $ENV{$k} = $v;
-+ print STDERR "$k = $ENV{$k}\n";
-+}
-
-- # Absolute paths for the subdir variables are computed. This provides
-- # the usual form of values for names that have become norm, known as GNU
-- # installation paths.
-- # For the benefit of those that need it, the subdirectories are preserved
-- # as they are, using the same variable names, suffixed with '_REL', if they
-- # are indeed subdirectories.
-- if (grep { $k eq $_ } @subdirs) {
-+# Absolute paths for the subdir variables are computed. This provides
-+# the usual form of values for names that have become norm, known as GNU
-+# installation paths.
-+# For the benefit of those that need it, the subdirectories are preserved
-+# as they are, using the same variable names, suffixed with '_REL_{var}',
-+# if they are indeed subdirectories. The '{var}' part of the name tells
-+# which other variable value they are relative to.
-+foreach my $pair (@subdirs) {
-+ my ($var, $subdir_vars) = @$pair;
-+ foreach my $k (@$subdir_vars) {
-+ my $v = $ENV{$k} || '.';
-+ print STDERR "DEBUG: $k = $v => ";
- if (File::Spec->file_name_is_absolute($v)) {
-- $ENV{"${k}_REL"} = File::Spec->abs2rel($v, $ENV{PREFIX});
-+ my $kr = "${k}_REL_${var}";
-+ $ENV{$kr} = File::Spec->abs2rel($v, $ENV{$var});
-+ print STDERR "$kr = $ENV{$kr}\n";
- } else {
-- $ENV{"${k}_REL"} = $v;
-- $v = File::Spec->rel2abs($v, $ENV{PREFIX});
-+ my $kr = "${k}_REL_${var}";
-+ $ENV{$kr} = $v;
-+ $ENV{$k} = File::Spec->rel2abs($v, $ENV{$var});
-+ print STDERR "$k = $ENV{$k} , $kr = $v\n";
- }
- }
-- $ENV{$k} = $v;
- }
-
- print <<_____;
-@@ -58,36 +88,41 @@ package OpenSSL::safe::installdata;
- use warnings;
- use Exporter;
- our \@ISA = qw(Exporter);
--our \@EXPORT = qw(\$PREFIX
-- \$BINDIR \$BINDIR_REL
-- \$LIBDIR \$LIBDIR_REL
-- \$INCLUDEDIR \$INCLUDEDIR_REL
-- \$APPLINKDIR \$APPLINKDIR_REL
-- \$ENGINESDIR \$ENGINESDIR_REL
-- \$MODULESDIR \$MODULESDIR_REL
-- \$PKGCONFIGDIR \$PKGCONFIGDIR_REL
-- \$CMAKECONFIGDIR \$CMAKECONFIGDIR_REL
-- \$VERSION \@LDLIBS);
--
--our \$PREFIX = '$ENV{PREFIX}';
--our \$BINDIR = '$ENV{BINDIR}';
--our \$BINDIR_REL = '$ENV{BINDIR_REL}';
--our \$LIBDIR = '$ENV{LIBDIR}';
--our \$LIBDIR_REL = '$ENV{LIBDIR_REL}';
--our \$INCLUDEDIR = '$ENV{INCLUDEDIR}';
--our \$INCLUDEDIR_REL = '$ENV{INCLUDEDIR_REL}';
--our \$APPLINKDIR = '$ENV{APPLINKDIR}';
--our \$APPLINKDIR_REL = '$ENV{APPLINKDIR_REL}';
--our \$ENGINESDIR = '$ENV{ENGINESDIR}';
--our \$ENGINESDIR_REL = '$ENV{ENGINESDIR_REL}';
--our \$MODULESDIR = '$ENV{MODULESDIR}';
--our \$MODULESDIR_REL = '$ENV{MODULESDIR_REL}';
--our \$PKGCONFIGDIR = '$ENV{PKGCONFIGDIR}';
--our \$PKGCONFIGDIR_REL = '$ENV{PKGCONFIGDIR_REL}';
--our \$CMAKECONFIGDIR = '$ENV{CMAKECONFIGDIR}';
--our \$CMAKECONFIGDIR_REL = '$ENV{CMAKECONFIGDIR_REL}';
--our \$VERSION = '$ENV{VERSION}';
--our \@LDLIBS =
-+our \@EXPORT = qw(
-+_____
-+
-+foreach my $k (@absolutes) {
-+ print " \$$k\n";
-+}
-+foreach my $pair (@subdirs) {
-+ my ($var, $subdir_vars) = @$pair;
-+ foreach my $k (@$subdir_vars) {
-+ my $k2 = "${k}_REL_${var}";
-+ print " \$$k \$$k2\n";
-+ }
-+}
-+
-+print <<_____;
-+ \$VERSION \@LDLIBS
-+);
-+
-+_____
-+
-+foreach my $k (@absolutes) {
-+ print "our \$$k" . ' ' x (27 - length($k)) . "= '$ENV{$k}';\n";
-+}
-+foreach my $pair (@subdirs) {
-+ my ($var, $subdir_vars) = @$pair;
-+ foreach my $k (@$subdir_vars) {
-+ my $k2 = "${k}_REL_${var}";
-+ print "our \$$k" . ' ' x (27 - length($k)) . "= '$ENV{$k}';\n";
-+ print "our \$$k2" . ' ' x (27 - length($k2)) . "= '$ENV{$k2}';\n";
-+ }
-+}
-+
-+print <<_____;
-+our \$VERSION = '$ENV{VERSION}';
-+our \@LDLIBS =
- # Unix and Windows use space separation, VMS uses comma separation
- split(/ +| *, */, '$ENV{LDLIBS}');
-
-
-From 1c437b5704c9ee5f667bc2b11e5fdf176dfb714f Mon Sep 17 00:00:00 2001
-From: Richard Levitte <levitte@openssl.org>
-Date: Thu, 20 Jun 2024 14:33:15 +0200
-Subject: [PATCH] Adapt all the exporter files to the new vars from
- util/mkinstallvars.pl
-
-With this, the pkg-config files take better advantage of relative directory
-values.
-
-Fixes #24298
-
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/24687)
-
-(cherry picked from commit 30dc37d798a0428fd477d3763086e7e97b3d596f)
----
- exporters/cmake/OpenSSLConfig.cmake.in | 7 ++++---
- exporters/pkg-config/libcrypto.pc.in | 12 ++++++++----
- exporters/pkg-config/libssl.pc.in | 8 ++++++--
- exporters/pkg-config/openssl.pc.in | 8 ++++++--
- 4 files changed, 24 insertions(+), 11 deletions(-)
-
-diff --git a/exporters/cmake/OpenSSLConfig.cmake.in b/exporters/cmake/OpenSSLConfig.cmake.in
-index 2d2321931de1d..06f796158b2fa 100644
---- a/exporters/cmake/OpenSSLConfig.cmake.in
-+++ b/exporters/cmake/OpenSSLConfig.cmake.in
-@@ -89,9 +89,10 @@ unset(_ossl_undefined_targets)
- # Set up the import path, so all other import paths are made relative this file
- get_filename_component(_ossl_prefix "${CMAKE_CURRENT_LIST_FILE}" PATH)
- {-
-- # For each component in $OpenSSL::safe::installdata::CMAKECONFIGDIR_REL, have CMake
-- # out the parent directory.
-- my $d = unixify($OpenSSL::safe::installdata::CMAKECONFIGDIR_REL);
-+ # For each component in $OpenSSL::safe::installdata::CMAKECONFIGDIR relative to
-+ # $OpenSSL::safe::installdata::PREFIX, have CMake figure out the parent directory.
-+ my $d = join('/', unixify($OpenSSL::safe::installdata::LIBDIR_REL_PREFIX),
-+ unixify($OpenSSL::safe::installdata::CMAKECONFIGDIR_REL_LIBDIR));
- $OUT = '';
- $OUT .= 'get_filename_component(_ossl_prefix "${_ossl_prefix}" PATH)' . "\n"
- foreach (split '/', $d);
-diff --git a/exporters/pkg-config/libcrypto.pc.in b/exporters/pkg-config/libcrypto.pc.in
-index 14ed339f3c3a0..fbc8ea4c79b06 100644
---- a/exporters/pkg-config/libcrypto.pc.in
-+++ b/exporters/pkg-config/libcrypto.pc.in
-@@ -1,7 +1,11 @@
--libdir={- $OpenSSL::safe::installdata::LIBDIR -}
--includedir={- $OpenSSL::safe::installdata::INCLUDEDIR -}
--enginesdir={- $OpenSSL::safe::installdata::ENGINESDIR -}
--modulesdir={- $OpenSSL::safe::installdata::MODULESDIR -}
-+prefix={- $OpenSSL::safe::installdata::PREFIX -}
-+exec_prefix=${prefix}
-+libdir={- $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX
-+ ? '${exec_prefix}/' . $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX
-+ : $OpenSSL::safe::installdata::libdir -}
-+includedir=${prefix}/{- $OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX -}
-+enginesdir=${libdir}/{- $OpenSSL::safe::installdata::ENGINESDIR_REL_LIBDIR -}
-+modulesdir=${libdir}/{- $OpenSSL::safe::installdata::MODULESDIR_REL_LIBDIR -}
-
- Name: OpenSSL-libcrypto
- Description: OpenSSL cryptography library
-diff --git a/exporters/pkg-config/libssl.pc.in b/exporters/pkg-config/libssl.pc.in
-index a7828b3cc6a49..963538807bb2b 100644
---- a/exporters/pkg-config/libssl.pc.in
-+++ b/exporters/pkg-config/libssl.pc.in
-@@ -1,5 +1,9 @@
--libdir={- $OpenSSL::safe::installdata::LIBDIR -}
--includedir={- $OpenSSL::safe::installdata::INCLUDEDIR -}
-+prefix={- $OpenSSL::safe::installdata::PREFIX -}
-+exec_prefix=${prefix}
-+libdir={- $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX
-+ ? '${exec_prefix}/' . $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX
-+ : $OpenSSL::safe::installdata::libdir -}
-+includedir=${prefix}/{- $OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX -}
-
- Name: OpenSSL-libssl
- Description: Secure Sockets Layer and cryptography libraries
-diff --git a/exporters/pkg-config/openssl.pc.in b/exporters/pkg-config/openssl.pc.in
-index dbb77aa39add2..225bef9e2384d 100644
---- a/exporters/pkg-config/openssl.pc.in
-+++ b/exporters/pkg-config/openssl.pc.in
-@@ -1,5 +1,9 @@
--libdir={- $OpenSSL::safe::installdata::LIBDIR -}
--includedir={- $OpenSSL::safe::installdata::INCLUDEDIR -}
-+prefix={- $OpenSSL::safe::installdata::PREFIX -}
-+exec_prefix=${prefix}
-+libdir={- $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX
-+ ? '${exec_prefix}/' . $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX
-+ : $OpenSSL::safe::installdata::libdir -}
-+includedir=${prefix}/{- $OpenSSL::safe::installdata::INCLUDEDIR_REL_PREFIX -}
-
- Name: OpenSSL
- Description: Secure Sockets Layer and cryptography libraries and tools
diff --git a/dev-libs/openssl/files/openssl-3.3.1-pkg-config.patch b/dev-libs/openssl/files/openssl-3.3.1-pkg-config.patch
deleted file mode 100644
index b915b963509a..000000000000
--- a/dev-libs/openssl/files/openssl-3.3.1-pkg-config.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-https://github.com/openssl/openssl/pull/25018
-https://bugs.gentoo.org/936793
-
-From b7bd618fb12728b4a85b9159af95ca40a817674d Mon Sep 17 00:00:00 2001
-From: Richard Levitte <levitte@openssl.org>
-Date: Sun, 28 Jul 2024 10:47:08 +0200
-Subject: [PATCH] fix: util/mkinstallvars.pl mistreated LDLIBS on Unix (and
- Windows)
-
-Don't do comma separation on those platforms.
-
-Fixes #24986
----
- util/mkinstallvars.pl | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/util/mkinstallvars.pl b/util/mkinstallvars.pl
-index 5fadb708e1b77..e2b7d9d08321f 100644
---- a/util/mkinstallvars.pl
-+++ b/util/mkinstallvars.pl
-@@ -124,7 +124,9 @@ package OpenSSL::safe::installdata;
- our \$VERSION = '$ENV{VERSION}';
- our \@LDLIBS =
- # Unix and Windows use space separation, VMS uses comma separation
-- split(/ +| *, */, '$ENV{LDLIBS}');
-+ \$^O eq 'VMS'
-+ ? split(/ *, */, '$ENV{LDLIBS}')
-+ : split(/ +/, '$ENV{LDLIBS}');
-
- 1;
- _____
diff --git a/dev-libs/openssl/files/openssl-3.3.1-riscv.patch b/dev-libs/openssl/files/openssl-3.3.1-riscv.patch
deleted file mode 100644
index 90cad6d92a00..000000000000
--- a/dev-libs/openssl/files/openssl-3.3.1-riscv.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-# https://bugs.gentoo.org/936311
-# Taken from https://github.com/openssl/openssl/pull/24486
-
-From b1dd4a8005cf172053d986c0dd85fd104f005307 Mon Sep 17 00:00:00 2001
-From: Hongren Zheng <i@zenithal.me>
-Date: Fri, 24 May 2024 14:12:47 +0800
-Subject: [PATCH] riscv: Fix cpuid_obj asm checks for sm4/sm3
-
-Similar to #22881 / #23752
----
- crypto/sm3/sm3_local.h | 2 +-
- include/crypto/sm4_platform.h | 2 +-
- providers/implementations/ciphers/cipher_sm4_ccm_hw.c | 2 +-
- providers/implementations/ciphers/cipher_sm4_gcm_hw.c | 2 +-
- providers/implementations/ciphers/cipher_sm4_hw.c | 2 +-
- providers/implementations/ciphers/cipher_sm4_xts_hw.c | 2 +-
- 6 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/crypto/sm3/sm3_local.h b/crypto/sm3/sm3_local.h
-index d2845f9678967..a467cc98eb13e 100644
---- a/crypto/sm3/sm3_local.h
-+++ b/crypto/sm3/sm3_local.h
-@@ -39,7 +39,7 @@
- # define HWSM3_CAPABLE (OPENSSL_armcap_P & ARMV8_SM3)
- void ossl_hwsm3_block_data_order(SM3_CTX *c, const void *p, size_t num);
- # endif
--# if defined(__riscv) && __riscv_xlen == 64
-+# if defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
- # include "crypto/riscv_arch.h"
- # define HWSM3_CAPABLE 1
- void ossl_hwsm3_block_data_order(SM3_CTX *c, const void *p, size_t num);
-diff --git a/include/crypto/sm4_platform.h b/include/crypto/sm4_platform.h
-index 928dc17ff0838..4d70d291450a1 100644
---- a/include/crypto/sm4_platform.h
-+++ b/include/crypto/sm4_platform.h
-@@ -38,7 +38,7 @@ static inline int vpsm4_ex_capable(void)
- # define HWSM4_cbc_encrypt sm4_v8_cbc_encrypt
- # define HWSM4_ecb_encrypt sm4_v8_ecb_encrypt
- # define HWSM4_ctr32_encrypt_blocks sm4_v8_ctr32_encrypt_blocks
--# elif defined(__riscv) && __riscv_xlen == 64
-+# elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
- /* RV64 support */
- # include "riscv_arch.h"
- /* Zvksed extension (vector crypto SM4). */
-diff --git a/providers/implementations/ciphers/cipher_sm4_ccm_hw.c b/providers/implementations/ciphers/cipher_sm4_ccm_hw.c
-index 34f0e751e007d..293bb69d64272 100644
---- a/providers/implementations/ciphers/cipher_sm4_ccm_hw.c
-+++ b/providers/implementations/ciphers/cipher_sm4_ccm_hw.c
-@@ -59,7 +59,7 @@ static const PROV_CCM_HW ccm_sm4 = {
- ossl_ccm_generic_gettag
- };
-
--#if defined(__riscv) && __riscv_xlen == 64
-+#if defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
- # include "cipher_sm4_ccm_hw_rv64i.inc"
- #else
- const PROV_CCM_HW *ossl_prov_sm4_hw_ccm(size_t keybits)
-diff --git a/providers/implementations/ciphers/cipher_sm4_gcm_hw.c b/providers/implementations/ciphers/cipher_sm4_gcm_hw.c
-index 06ca450782ff2..e3b4e9f588807 100644
---- a/providers/implementations/ciphers/cipher_sm4_gcm_hw.c
-+++ b/providers/implementations/ciphers/cipher_sm4_gcm_hw.c
-@@ -89,7 +89,7 @@ static const PROV_GCM_HW sm4_gcm = {
- ossl_gcm_one_shot
- };
-
--#if defined(__riscv) && __riscv_xlen == 64
-+#if defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
- # include "cipher_sm4_gcm_hw_rv64i.inc"
- #else
- const PROV_GCM_HW *ossl_prov_sm4_hw_gcm(size_t keybits)
-diff --git a/providers/implementations/ciphers/cipher_sm4_hw.c b/providers/implementations/ciphers/cipher_sm4_hw.c
-index c4f2f97cccd8d..70dc66ffae233 100644
---- a/providers/implementations/ciphers/cipher_sm4_hw.c
-+++ b/providers/implementations/ciphers/cipher_sm4_hw.c
-@@ -134,7 +134,7 @@ const PROV_CIPHER_HW *ossl_prov_cipher_hw_sm4_##mode(size_t keybits) \
- return &sm4_##mode; \
- }
-
--#if defined(__riscv) && __riscv_xlen == 64
-+#if defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
- # include "cipher_sm4_hw_rv64i.inc"
- #else
- /* The generic case */
-diff --git a/providers/implementations/ciphers/cipher_sm4_xts_hw.c b/providers/implementations/ciphers/cipher_sm4_xts_hw.c
-index 6cf58e851f5d4..423598317d217 100644
---- a/providers/implementations/ciphers/cipher_sm4_xts_hw.c
-+++ b/providers/implementations/ciphers/cipher_sm4_xts_hw.c
-@@ -89,7 +89,7 @@ static const PROV_CIPHER_HW sm4_generic_xts = {
- cipher_hw_sm4_xts_copyctx
- };
-
--#if defined(__riscv) && __riscv_xlen == 64
-+#if defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
- # include "cipher_sm4_xts_hw_rv64i.inc"
- #else
- const PROV_CIPHER_HW *ossl_prov_cipher_hw_sm4_xts(size_t keybits)
^ permalink raw reply related [flat|nested] 21+ messages in thread
end of thread, other threads:[~2024-12-23 20:01 UTC | newest]
Thread overview: 21+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-05-04 7:18 [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/ Lars Wendler
-- strict thread matches above, loose matches on Subject: below --
2024-12-23 20:01 Conrad Kostecki
2024-08-03 5:08 Sam James
2023-12-31 2:38 Conrad Kostecki
2023-10-29 3:53 Sam James
2023-10-04 21:45 Conrad Kostecki
2023-05-25 14:59 Mike Gilbert
2023-03-19 3:22 Sam James
2023-02-22 19:34 Mike Gilbert
2023-02-08 17:17 Sam James
2022-08-19 23:00 Sam James
2022-04-25 10:11 WANG Xuerui
2021-02-12 22:35 Conrad Kostecki
2020-12-17 14:11 Andreas K. Hüttel
2020-04-02 14:56 Mike Gilbert
2019-11-24 0:44 Aaron Bauman
2018-10-31 8:06 Lars Wendler
2018-05-12 20:26 Robin H. Johnson
2016-08-26 17:56 Mike Gilbert
2016-02-26 22:51 Doug Goldstein
2016-01-17 9:01 Mike Frysinger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox