* [gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/files/
@ 2016-05-09 15:57 Michael Haubenwallner
0 siblings, 0 replies; 7+ messages in thread
From: Michael Haubenwallner @ 2016-05-09 15:57 UTC (permalink / raw
To: gentoo-commits
commit: 565fbc870173f335bbc50f32ac7f67e5b36c2bd7
Author: Michael Haubenwallner <michael.haubenwallner <AT> ssi-schaefer <DOT> com>
AuthorDate: Mon May 9 15:29:10 2016 +0000
Commit: Michael Haubenwallner <haubi <AT> gentoo <DOT> org>
CommitDate: Mon May 9 15:29:10 2016 +0000
URL: https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=565fbc87
openssl gentoo.config-1.0.2: add Cygwin detection
dev-libs/openssl/files/gentoo.config-1.0.2 | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.2 b/dev-libs/openssl/files/gentoo.config-1.0.2
index b3f6ced..aea716d 100755
--- a/dev-libs/openssl/files/gentoo.config-1.0.2
+++ b/dev-libs/openssl/files/gentoo.config-1.0.2
@@ -34,6 +34,8 @@ if [[ $1 == "test" ]] ; then
"i386-apple-darwinX |darwin-i386-cc" \
"powerpc-apple-darwinX |darwin-ppc-cc" \
"i586-pc-winnt |winnt-parity" \
+ "i586-pc-cygwin2.0 |Cygwin" \
+ "x86_64-pc-cygwin |Cygwin-x86_64" \
"s390-ibm-linux-gnu |linux-generic32 -DB_ENDIAN" \
"s390x-linux-gnu |linux64-s390x" \
;do
@@ -57,6 +59,7 @@ fi
# Detect the operating system
case ${CHOST} in
*-aix*) system="aix";;
+ *-cygwin*) system="Cygwin";;
*-darwin*) system="darwin";;
*-freebsd*) system="BSD";;
*-hpux*) system="hpux";;
@@ -130,6 +133,12 @@ BSD)
aix)
machine=${compiler}
;;
+Cygwin)
+ case ${chost_machine} in
+ x86_64) machine=x86_64 ;;
+ *) echo ${system} ;; # Cygwin-x86 is 'Cygwin' only
+ esac
+ ;;
darwin)
case ${chost_machine} in
powerpc64) machine=ppc-cc; system=${system}64;;
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/files/
@ 2019-02-18 14:51 Michael Haubenwallner
0 siblings, 0 replies; 7+ messages in thread
From: Michael Haubenwallner @ 2019-02-18 14:51 UTC (permalink / raw
To: gentoo-commits
commit: 4e3b0bb26cca7fe669caed9d69158c82e0738bba
Author: Michael Haubenwallner <haubi <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 18 12:20:00 2019 +0000
Commit: Michael Haubenwallner <haubi <AT> gentoo <DOT> org>
CommitDate: Mon Feb 18 14:48:57 2019 +0000
URL: https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=4e3b0bb2
dev-libs/openssl: Cygwin wants setmode(0), not O_TEXT
In Cygwin, beyond the binary mode and the text mode there also is mode
zero, where the carriage return is created only for files opened on a
text mount point. Otherwise, Cygwin goes without the carriage return,
but O_TEXT would force the carriage return to be created.
Package-Manager: Portage-2.3.55.1-prefix, Repoman-2.3.12
Signed-off-by: Michael Haubenwallner <haubi <AT> gentoo.org>
.../files/openssl-1.1.1a-cygwin-binmode.patch | 38 +++++++++++++++-------
1 file changed, 27 insertions(+), 11 deletions(-)
diff --git a/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch b/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch
index 7ab2fd5065..ce9cc4975c 100644
--- a/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch
+++ b/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch
@@ -1,24 +1,40 @@
For the setmode(O_TEXT), not submitted upstream yet:
https://cygwin.com/ml/cygwin/2019-02/msg00150.html
-https://cygwin.com/ml/cygwin/2019-02/msg00190.html
+https://cygwin.com/ml/cygwin/2019-02/msg00280.html
For the chmod 644, accepted upstream:
https://github.com/openssl/openssl/pull/8226
--- openssl-1.1.1a/crypto/bio/bss_file.c.orig 2019-02-15 19:41:48.605378800 +0100
+++ openssl-1.1.1a/crypto/bio/bss_file.c 2019-02-15 19:42:53.136709200 +0100
-@@ -251,12 +251,6 @@
- } else
- _setmode(fd, _O_BINARY);
- }
--# elif defined(OPENSSL_SYS_WIN32_CYGWIN)
-- int fd = fileno((FILE *)ptr);
-- if (num & BIO_FP_TEXT)
+@@ -254,7 +254,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
+ # elif defined(OPENSSL_SYS_WIN32_CYGWIN)
+ int fd = fileno((FILE *)ptr);
+ if (num & BIO_FP_TEXT)
- setmode(fd, O_TEXT);
-- else
-- setmode(fd, O_BINARY);
++ setmode(fd, 0); /* do not force O_TEXT in Cygwin */
+ else
+ setmode(fd, O_BINARY);
# endif
+@@ -279,11 +279,15 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
+ ret = 0;
+ break;
}
- break;
+-# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32_CYGWIN)
++# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
+ if (!(num & BIO_FP_TEXT))
+ OPENSSL_strlcat(p, "b", sizeof(p));
+ else
+ OPENSSL_strlcat(p, "t", sizeof(p));
++# elif defined(OPENSSL_SYS_WIN32_CYGWIN)
++ if (!(num & BIO_FP_TEXT))
++ OPENSSL_strlcat(p, "b", sizeof(p));
++ /* else do not force DOS text mode in Cygwin */
+ # endif
+ fp = openssl_fopen(ptr, p);
+ if (fp == NULL) {
+--
+2.19.2
+
--- openssl-1.1.1a/Configurations/unix-Makefile.tmpl.orig 2019-02-15 19:47:36.464755100 +0100
+++ openssl-1.1.1a/Configurations/unix-Makefile.tmpl 2019-02-15 19:47:42.605379700 +0100
@@ -650,7 +650,7 @@
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/files/
@ 2019-02-21 7:40 Michael Haubenwallner
0 siblings, 0 replies; 7+ messages in thread
From: Michael Haubenwallner @ 2019-02-21 7:40 UTC (permalink / raw
To: gentoo-commits
commit: 05d897568b21446657001a51660e9a25172474f2
Author: Michael Haubenwallner <haubi <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 19 16:16:13 2019 +0000
Commit: Michael Haubenwallner <haubi <AT> gentoo <DOT> org>
CommitDate: Tue Feb 19 16:16:29 2019 +0000
URL: https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=05d89756
dev-libs/openssl: update cygwin bin/textmode patch
Package-Manager: Portage-2.3.55.1-prefix, Repoman-2.3.12
Signed-off-by: Michael Haubenwallner <haubi <AT> gentoo.org>
.../files/openssl-1.1.1a-cygwin-binmode.patch | 44 +++++++++++++++++-----
1 file changed, 34 insertions(+), 10 deletions(-)
diff --git a/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch b/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch
index ce9cc4975c..8e9eacef76 100644
--- a/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch
+++ b/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch
@@ -2,20 +2,29 @@ For the setmode(O_TEXT), not submitted upstream yet:
https://cygwin.com/ml/cygwin/2019-02/msg00150.html
https://cygwin.com/ml/cygwin/2019-02/msg00280.html
-For the chmod 644, accepted upstream:
+For the chmod, accepted upstream:
https://github.com/openssl/openssl/pull/8226
--- openssl-1.1.1a/crypto/bio/bss_file.c.orig 2019-02-15 19:41:48.605378800 +0100
+++ openssl-1.1.1a/crypto/bio/bss_file.c 2019-02-15 19:42:53.136709200 +0100
-@@ -254,7 +254,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
+@@ -253,9 +253,14 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
+ }
# elif defined(OPENSSL_SYS_WIN32_CYGWIN)
int fd = fileno((FILE *)ptr);
- if (num & BIO_FP_TEXT)
+- if (num & BIO_FP_TEXT)
- setmode(fd, O_TEXT);
-+ setmode(fd, 0); /* do not force O_TEXT in Cygwin */
- else
+- else
++ if (num & BIO_FP_TEXT) {
++ /* Cygwin prefers text mode with text mounts only,
++ * so we can force text mode if we do reads only. */
++ if (fcntl(fd, F_GETFL) & O_RDONLY)
++ setmode(fd, O_TEXT); /* Ignore \r with any read. */
++ else
++ setmode(fd, 0); /* allow but do not force text mode */
++ } else
setmode(fd, O_BINARY);
# endif
-@@ -279,11 +279,15 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
+ }
+@@ -279,11 +284,21 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
ret = 0;
break;
}
@@ -28,13 +37,28 @@ https://github.com/openssl/openssl/pull/8226
+# elif defined(OPENSSL_SYS_WIN32_CYGWIN)
+ if (!(num & BIO_FP_TEXT))
+ OPENSSL_strlcat(p, "b", sizeof(p));
-+ /* else do not force DOS text mode in Cygwin */
++ else if (!(num & BIO_FP_APPEND) && !(num & BIO_FP_WRITE)) {
++ /* Cygwin prefers text mode with text mounts only,
++ * so we can force text mode if we do reads only.
++ * Unfortunately, the only API to disable binmode
++ * without forcing textmode is setmode(fd, 0). */
++ OPENSSL_strlcat(p, "t", sizeof(p));
++ }
# endif
fp = openssl_fopen(ptr, p);
if (fp == NULL) {
---
-2.19.2
-
+@@ -293,6 +308,11 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
+ ret = 0;
+ break;
+ }
++# if defined(OPENSSL_SYS_WIN32_CYGWIN)
++ if ((num & BIO_FP_TEXT)
++ && ((num & BIO_FP_APPEND) || (num & BIO_FP_WRITE)))
++ setmode(fileno(fp), 0); /* allow but do not force text mode */
++# endif
+ b->ptr = fp;
+ b->init = 1;
+ BIO_clear_flags(b, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage
--- openssl-1.1.1a/Configurations/unix-Makefile.tmpl.orig 2019-02-15 19:47:36.464755100 +0100
+++ openssl-1.1.1a/Configurations/unix-Makefile.tmpl 2019-02-15 19:47:42.605379700 +0100
@@ -650,7 +650,7 @@
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/files/
@ 2019-02-26 8:24 Michael Haubenwallner
0 siblings, 0 replies; 7+ messages in thread
From: Michael Haubenwallner @ 2019-02-26 8:24 UTC (permalink / raw
To: gentoo-commits
commit: 5cb91b30730a8a444906aeb2acb981b1ac5a0217
Author: Michael Haubenwallner <haubi <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 26 08:24:09 2019 +0000
Commit: Michael Haubenwallner <haubi <AT> gentoo <DOT> org>
CommitDate: Tue Feb 26 08:24:19 2019 +0000
URL: https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=5cb91b30
dev-libs/openssl: use upstream cygwin binmode patches
Package-Manager: Portage-2.3.55.1-prefix, Repoman-2.3.12
Signed-off-by: Michael Haubenwallner <haubi <AT> gentoo.org>
.../files/openssl-1.1.1a-cygwin-binmode.patch | 79 +++++++++++-----------
1 file changed, 40 insertions(+), 39 deletions(-)
diff --git a/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch b/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch
index 8e9eacef76..f68a5dbfea 100644
--- a/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch
+++ b/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch
@@ -1,30 +1,37 @@
-For the setmode(O_TEXT), not submitted upstream yet:
-https://cygwin.com/ml/cygwin/2019-02/msg00150.html
-https://cygwin.com/ml/cygwin/2019-02/msg00280.html
-
-For the chmod, accepted upstream:
+https://github.com/openssl/openssl/pull/8249
https://github.com/openssl/openssl/pull/8226
---- openssl-1.1.1a/crypto/bio/bss_file.c.orig 2019-02-15 19:41:48.605378800 +0100
-+++ openssl-1.1.1a/crypto/bio/bss_file.c 2019-02-15 19:42:53.136709200 +0100
-@@ -253,9 +253,14 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
+
+From ba96d34ec2f8cf7823ad9ee5295f2e9b5653f2d2 Mon Sep 17 00:00:00 2001
+From: Corinna Vinschen <vinschen@redhat.com>
+Date: Fri, 15 Feb 2019 12:24:47 +0100
+Subject: [PATCH] cygwin: drop explicit O_TEXT
+
+Cygwin binaries should not enforce text mode these days, just
+use text mode if the underlying mount point requests it
+
+CLA: trivial
+
+Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
+---
+ crypto/bio/bss_file.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
+index a2b8700f22f..93ba00691bc 100644
+--- a/crypto/bio/bss_file.c
++++ b/crypto/bio/bss_file.c
+@@ -253,9 +253,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
}
# elif defined(OPENSSL_SYS_WIN32_CYGWIN)
int fd = fileno((FILE *)ptr);
- if (num & BIO_FP_TEXT)
- setmode(fd, O_TEXT);
- else
-+ if (num & BIO_FP_TEXT) {
-+ /* Cygwin prefers text mode with text mounts only,
-+ * so we can force text mode if we do reads only. */
-+ if (fcntl(fd, F_GETFL) & O_RDONLY)
-+ setmode(fd, O_TEXT); /* Ignore \r with any read. */
-+ else
-+ setmode(fd, 0); /* allow but do not force text mode */
-+ } else
++ if (!(num & BIO_FP_TEXT))
setmode(fd, O_BINARY);
# endif
}
-@@ -279,11 +284,21 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
+@@ -279,11 +277,14 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
ret = 0;
break;
}
@@ -37,31 +44,25 @@ https://github.com/openssl/openssl/pull/8226
+# elif defined(OPENSSL_SYS_WIN32_CYGWIN)
+ if (!(num & BIO_FP_TEXT))
+ OPENSSL_strlcat(p, "b", sizeof(p));
-+ else if (!(num & BIO_FP_APPEND) && !(num & BIO_FP_WRITE)) {
-+ /* Cygwin prefers text mode with text mounts only,
-+ * so we can force text mode if we do reads only.
-+ * Unfortunately, the only API to disable binmode
-+ * without forcing textmode is setmode(fd, 0). */
-+ OPENSSL_strlcat(p, "t", sizeof(p));
-+ }
# endif
fp = openssl_fopen(ptr, p);
if (fp == NULL) {
-@@ -293,6 +308,11 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
- ret = 0;
- break;
- }
-+# if defined(OPENSSL_SYS_WIN32_CYGWIN)
-+ if ((num & BIO_FP_TEXT)
-+ && ((num & BIO_FP_APPEND) || (num & BIO_FP_WRITE)))
-+ setmode(fileno(fp), 0); /* allow but do not force text mode */
-+# endif
- b->ptr = fp;
- b->init = 1;
- BIO_clear_flags(b, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage
---- openssl-1.1.1a/Configurations/unix-Makefile.tmpl.orig 2019-02-15 19:47:36.464755100 +0100
-+++ openssl-1.1.1a/Configurations/unix-Makefile.tmpl 2019-02-15 19:47:42.605379700 +0100
-@@ -650,7 +650,7 @@
+
+From fc9aa8bb86a5765f44d3167816aece4b9d954e4a Mon Sep 17 00:00:00 2001
+From: Michael Haubenwallner <michael.haubenwallner@ssi-schaefer.com>
+Date: Wed, 13 Feb 2019 16:52:04 +0100
+Subject: [PATCH] Windows/Cygwin dlls need the executable bit set
+
+CLA: trivial
+---
+ Configurations/unix-Makefile.tmpl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index 7705b03b8e2..0b744bb7af4 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -622,7 +622,7 @@ install_runtime_libs: build_libs
: {- output_off() unless windowsdll(); "" -}; \
$(ECHO) "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
cp $$s $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/files/
@ 2020-12-08 23:46 Sam James
0 siblings, 0 replies; 7+ messages in thread
From: Sam James @ 2020-12-08 23:46 UTC (permalink / raw
To: gentoo-commits
commit: 0a0c9b445c70aa6d108eefb974a4596e78088543
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 8 23:45:07 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Dec 8 23:45:07 2020 +0000
URL: https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=0a0c9b44
dev-libs/openssl: drop unused patches
Package-Manager: Portage-3.0.12-prefix, Repoman-3.0.2
Signed-off-by: Sam James <sam <AT> gentoo.org>
dev-libs/openssl/files/openssl-1.0.2l-mint.patch | 33 --
.../openssl/files/openssl-1.0.2p-hobble-ecc.patch | 283 --------------
dev-libs/openssl/files/openssl-1.1.0f-winnt.patch | 32 --
.../files/openssl-1.1.0i-CVE-2018-0734.patch | 131 -------
.../files/openssl-1.1.0i-CVE-2018-0735.patch | 44 ---
.../files/openssl-1.1.1a-cygwin-binmode.patch | 73 ----
...-1.1.1a-fix-a-minor-nit-in-hkdflabel-size.patch | 27 --
...ix-cert-with-rsa-instead-of-rsaEncryption.patch | 97 -----
...ix-some-SSL_export_keying_material-issues.patch | 420 ---------------------
...a-fix-wrong-return-value-in-ssl3_ctx_ctrl.patch | 26 --
...ure-build_SYS_str_reasons_preserves_errno.patch | 68 ----
.../openssl-1.1.1a-preserve-errno-on-dlopen.patch | 51 ---
...-system-error-number-in-a-few-more-places.patch | 57 ---
...t-reduce-stack-usage-in-tls13_hkdf_expand.patch | 56 ---
.../files/openssl-1.1.1b-CVE-2019-1543.patch | 66 ----
15 files changed, 1464 deletions(-)
diff --git a/dev-libs/openssl/files/openssl-1.0.2l-mint.patch b/dev-libs/openssl/files/openssl-1.0.2l-mint.patch
deleted file mode 100644
index 2afcb3f2de..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2l-mint.patch
+++ /dev/null
@@ -1,33 +0,0 @@
---- Configure
-+++ Configure
-@@ -502,6 +502,9 @@
- # Interix (GCC)
- "interix-gcc", "gcc:-D_ALL_SOURCE -DL_ENDIAN -DTERMIOS -O2 -Wall::-D_REENTRANT::-ldl:::::::::::::dlfcn:gnu:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-+# FreeMiNT (GCC)
-+"mint-gcc", "gcc:-O2 -fomit-frame-pointer -DB_ENDIAN -DTERMIOS::-D_REENTRANT:::BN_LLONG:::",
-+
- # Borland C++ 4.5
- "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
-
---- config
-+++ config
-@@ -170,6 +170,10 @@
- echo "${MACHINE}-whatever-linux1"; exit 0
- ;;
-
-+ FreeMiNT*)
-+ echo "m68k-atari-mint"; exit 0;
-+ ;;
-+
- GNU*)
- echo "hurd-x86"; exit 0;
- ;;
-@@ -859,6 +863,7 @@
- *-*-qnx6) OUT="QNX6" ;;
- x86-*-android|i?86-*-android) OUT="android-x86" ;;
- armv[7-9]*-*-android) OUT="android-armv7" ;;
-+ *-mint*) OUT="mint-gcc" ;;
- *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
- esac
-
diff --git a/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch b/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch
deleted file mode 100644
index 3a458a7836..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch
+++ /dev/null
@@ -1,283 +0,0 @@
-Port of Fedora's Hobble-EC patches for OpenSSL 1.0 series.
-
-From https://src.fedoraproject.org/git/rpms/openssl.git
-
-Contains parts of the following patches, rediffed. The patches are on various
-different branches.
-f23 openssl-1.0.2c-ecc-suiteb.patch
-f23 openssl-1.0.2a-fips-ec.patch
-f28 openssl-1.1.0-ec-curves.patch
-
-Signed-off-By: Robin H. Johnson <robbat2@gentoo.org>
-
---- a/apps/speed.c
-+++ b/apps/speed.c
-@@ -989,10 +989,7 @@ int MAIN(int argc, char **argv)
- } else
- # endif
- # ifndef OPENSSL_NO_ECDSA
-- if (strcmp(*argv, "ecdsap160") == 0)
-- ecdsa_doit[R_EC_P160] = 2;
-- else if (strcmp(*argv, "ecdsap192") == 0)
-- ecdsa_doit[R_EC_P192] = 2;
-+ if (0) {}
- else if (strcmp(*argv, "ecdsap224") == 0)
- ecdsa_doit[R_EC_P224] = 2;
- else if (strcmp(*argv, "ecdsap256") == 0)
-@@ -1001,36 +998,13 @@ int MAIN(int argc, char **argv)
- ecdsa_doit[R_EC_P384] = 2;
- else if (strcmp(*argv, "ecdsap521") == 0)
- ecdsa_doit[R_EC_P521] = 2;
-- else if (strcmp(*argv, "ecdsak163") == 0)
-- ecdsa_doit[R_EC_K163] = 2;
-- else if (strcmp(*argv, "ecdsak233") == 0)
-- ecdsa_doit[R_EC_K233] = 2;
-- else if (strcmp(*argv, "ecdsak283") == 0)
-- ecdsa_doit[R_EC_K283] = 2;
-- else if (strcmp(*argv, "ecdsak409") == 0)
-- ecdsa_doit[R_EC_K409] = 2;
-- else if (strcmp(*argv, "ecdsak571") == 0)
-- ecdsa_doit[R_EC_K571] = 2;
-- else if (strcmp(*argv, "ecdsab163") == 0)
-- ecdsa_doit[R_EC_B163] = 2;
-- else if (strcmp(*argv, "ecdsab233") == 0)
-- ecdsa_doit[R_EC_B233] = 2;
-- else if (strcmp(*argv, "ecdsab283") == 0)
-- ecdsa_doit[R_EC_B283] = 2;
-- else if (strcmp(*argv, "ecdsab409") == 0)
-- ecdsa_doit[R_EC_B409] = 2;
-- else if (strcmp(*argv, "ecdsab571") == 0)
-- ecdsa_doit[R_EC_B571] = 2;
- else if (strcmp(*argv, "ecdsa") == 0) {
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P224; i < R_EC_P521; i++)
- ecdsa_doit[i] = 1;
- } else
- # endif
- # ifndef OPENSSL_NO_ECDH
-- if (strcmp(*argv, "ecdhp160") == 0)
-- ecdh_doit[R_EC_P160] = 2;
-- else if (strcmp(*argv, "ecdhp192") == 0)
-- ecdh_doit[R_EC_P192] = 2;
-+ if (0) {}
- else if (strcmp(*argv, "ecdhp224") == 0)
- ecdh_doit[R_EC_P224] = 2;
- else if (strcmp(*argv, "ecdhp256") == 0)
-@@ -1039,28 +1013,8 @@ int MAIN(int argc, char **argv)
- ecdh_doit[R_EC_P384] = 2;
- else if (strcmp(*argv, "ecdhp521") == 0)
- ecdh_doit[R_EC_P521] = 2;
-- else if (strcmp(*argv, "ecdhk163") == 0)
-- ecdh_doit[R_EC_K163] = 2;
-- else if (strcmp(*argv, "ecdhk233") == 0)
-- ecdh_doit[R_EC_K233] = 2;
-- else if (strcmp(*argv, "ecdhk283") == 0)
-- ecdh_doit[R_EC_K283] = 2;
-- else if (strcmp(*argv, "ecdhk409") == 0)
-- ecdh_doit[R_EC_K409] = 2;
-- else if (strcmp(*argv, "ecdhk571") == 0)
-- ecdh_doit[R_EC_K571] = 2;
-- else if (strcmp(*argv, "ecdhb163") == 0)
-- ecdh_doit[R_EC_B163] = 2;
-- else if (strcmp(*argv, "ecdhb233") == 0)
-- ecdh_doit[R_EC_B233] = 2;
-- else if (strcmp(*argv, "ecdhb283") == 0)
-- ecdh_doit[R_EC_B283] = 2;
-- else if (strcmp(*argv, "ecdhb409") == 0)
-- ecdh_doit[R_EC_B409] = 2;
-- else if (strcmp(*argv, "ecdhb571") == 0)
-- ecdh_doit[R_EC_B571] = 2;
- else if (strcmp(*argv, "ecdh") == 0) {
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P224; i <= R_EC_P521; i++)
- ecdh_doit[i] = 1;
- } else
- # endif
-@@ -1149,21 +1103,13 @@ int MAIN(int argc, char **argv)
- BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n");
- # endif
- # ifndef OPENSSL_NO_ECDSA
-- BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
-+ BIO_printf(bio_err, "ecdsap224 "
- "ecdsap256 ecdsap384 ecdsap521\n");
-- BIO_printf(bio_err,
-- "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
-- BIO_printf(bio_err,
-- "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
- BIO_printf(bio_err, "ecdsa\n");
- # endif
- # ifndef OPENSSL_NO_ECDH
-- BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 "
-+ BIO_printf(bio_err, "ecdhp224 "
- "ecdhp256 ecdhp384 ecdhp521\n");
-- BIO_printf(bio_err,
-- "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
-- BIO_printf(bio_err,
-- "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
- BIO_printf(bio_err, "ecdh\n");
- # endif
-
-@@ -1242,11 +1188,11 @@ int MAIN(int argc, char **argv)
- for (i = 0; i < DSA_NUM; i++)
- dsa_doit[i] = 1;
- # ifndef OPENSSL_NO_ECDSA
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P224; i <= R_EC_P521; i++)
- ecdsa_doit[i] = 1;
- # endif
- # ifndef OPENSSL_NO_ECDH
-- for (i = 0; i < EC_NUM; i++)
-+ for (i = R_EC_P224; i <= R_EC_P521; i++)
- ecdh_doit[i] = 1;
- # endif
- }
---- a/crypto/ec/ecp_smpl.c
-+++ b/crypto/ec/ecp_smpl.c
-@@ -187,6 +187,11 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group,
- return 0;
- }
-
-+ if (BN_num_bits(p) < 224) {
-+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
-+ return 0;
-+ }
-+
- if (ctx == NULL) {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
---- a/crypto/ecdh/ecdhtest.c
-+++ b/crypto/ecdh/ecdhtest.c
-@@ -501,11 +501,13 @@ int main(int argc, char *argv[])
- goto err;
-
- /* NIST PRIME CURVES TESTS */
-+# if 0
- if (!test_ecdh_curve
- (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out))
- goto err;
- if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out))
- goto err;
-+# endif
- if (!test_ecdh_curve
- (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out))
- goto err;
-@@ -536,13 +538,14 @@ int main(int argc, char *argv[])
- if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out))
- goto err;
- # endif
-+# if 0
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256))
- goto err;
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384))
- goto err;
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512))
- goto err;
--
-+# endif
- ret = 0;
-
- err:
---- a/crypto/ecdsa/ecdsatest.c
-+++ b/crypto/ecdsa/ecdsatest.c
-@@ -138,9 +138,12 @@ int restore_rand(void)
- }
-
- static int fbytes_counter = 0, use_fake = 0;
--static const char *numbers[8] = {
-+static const char *numbers[10] = {
-+ "651056770906015076056810763456358567190100156695615665659",
- "651056770906015076056810763456358567190100156695615665659",
- "6140507067065001063065065565667405560006161556565665656654",
-+ "8763001015071075675010661307616710783570106710677817767166"
-+ "71676178726717",
- "8763001015071075675010661307616710783570106710677817767166"
- "71676178726717",
- "7000000175690566466555057817571571075705015757757057795755"
-@@ -163,7 +166,7 @@ int fbytes(unsigned char *buf, int num)
-
- use_fake = 0;
-
-- if (fbytes_counter >= 8)
-+ if (fbytes_counter >= 10)
- return 0;
- tmp = BN_new();
- if (!tmp)
-@@ -539,8 +542,10 @@ int main(void)
- RAND_seed(rnd_seed, sizeof(rnd_seed));
-
- /* the tests */
-+# if 0
- if (!x9_62_tests(out))
- goto err;
-+# endif
- if (!test_builtin(out))
- goto err;
-
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -271,10 +271,7 @@ static const unsigned char eccurves_auto[] = {
- 0, 23, /* secp256r1 (23) */
- /* Other >= 256-bit prime curves. */
- 0, 25, /* secp521r1 (25) */
-- 0, 28, /* brainpool512r1 (28) */
-- 0, 27, /* brainpoolP384r1 (27) */
- 0, 24, /* secp384r1 (24) */
-- 0, 26, /* brainpoolP256r1 (26) */
- 0, 22, /* secp256k1 (22) */
- # ifndef OPENSSL_NO_EC2M
- /* >= 256-bit binary curves. */
-@@ -292,10 +289,7 @@ static const unsigned char eccurves_all[] = {
- 0, 23, /* secp256r1 (23) */
- /* Other >= 256-bit prime curves. */
- 0, 25, /* secp521r1 (25) */
-- 0, 28, /* brainpool512r1 (28) */
-- 0, 27, /* brainpoolP384r1 (27) */
- 0, 24, /* secp384r1 (24) */
-- 0, 26, /* brainpoolP256r1 (26) */
- 0, 22, /* secp256k1 (22) */
- # ifndef OPENSSL_NO_EC2M
- /* >= 256-bit binary curves. */
-@@ -310,13 +304,6 @@ static const unsigned char eccurves_all[] = {
- * Remaining curves disabled by default but still permitted if set
- * via an explicit callback or parameters.
- */
-- 0, 20, /* secp224k1 (20) */
-- 0, 21, /* secp224r1 (21) */
-- 0, 18, /* secp192k1 (18) */
-- 0, 19, /* secp192r1 (19) */
-- 0, 15, /* secp160k1 (15) */
-- 0, 16, /* secp160r1 (16) */
-- 0, 17, /* secp160r2 (17) */
- # ifndef OPENSSL_NO_EC2M
- 0, 8, /* sect239k1 (8) */
- 0, 6, /* sect233k1 (6) */
-@@ -351,29 +338,21 @@ static const unsigned char fips_curves_default[] = {
- 0, 9, /* sect283k1 (9) */
- 0, 10, /* sect283r1 (10) */
- # endif
-- 0, 22, /* secp256k1 (22) */
- 0, 23, /* secp256r1 (23) */
- # ifndef OPENSSL_NO_EC2M
- 0, 8, /* sect239k1 (8) */
- 0, 6, /* sect233k1 (6) */
- 0, 7, /* sect233r1 (7) */
- # endif
-- 0, 20, /* secp224k1 (20) */
-- 0, 21, /* secp224r1 (21) */
- # ifndef OPENSSL_NO_EC2M
- 0, 4, /* sect193r1 (4) */
- 0, 5, /* sect193r2 (5) */
- # endif
-- 0, 18, /* secp192k1 (18) */
-- 0, 19, /* secp192r1 (19) */
- # ifndef OPENSSL_NO_EC2M
- 0, 1, /* sect163k1 (1) */
- 0, 2, /* sect163r1 (2) */
- 0, 3, /* sect163r2 (3) */
- # endif
-- 0, 15, /* secp160k1 (15) */
-- 0, 16, /* secp160r1 (16) */
-- 0, 17, /* secp160r2 (17) */
- };
- # endif
-
diff --git a/dev-libs/openssl/files/openssl-1.1.0f-winnt.patch b/dev-libs/openssl/files/openssl-1.1.0f-winnt.patch
deleted file mode 100644
index cb68eb9050..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.0f-winnt.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-diff -ru openssl-1.1.0f/Configurations/10-main.conf openssl-1.1.0f-.default/Configurations/10-main.conf
---- openssl-1.1.0f/Configurations/10-main.conf 2017-05-25 14:46:17.000000000 +0200
-+++ openssl-1.1.0f-.default/Configurations/10-main.conf 2017-09-28 12:56:22.544307300 +0200
-@@ -1463,6 +1463,28 @@
- multilib => "",
- apps_aux_src => add("win32_init.c"),
- },
-+ "mingwvc-parity" => {
-+ inherit_from => [ "BASE_unix", asm("x86_asm"),
-+ sub { $disabled{shared} ? () : "uplink_common" } ],
-+ cc => "gcc",
-+ cflags => combine(picker(default => "-DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE -m32 -Wall",
-+ debug => "-g -O0",
-+ release => "-O3 -fomit-frame-pointer"),
-+ threads("-D_MT")),
-+ sys_id => "WIN32",
-+ ex_libs => add("-lws2_32 -lgdi32 -lcrypt32"),
-+ bn_ops => "BN_LLONG EXPORT_VAR_AS_FN",
-+ thread_scheme => "winthreads",
-+ perlasm_scheme => "win32",
-+ dso_scheme => "win32",
-+ shared_target => "mingw-shared",
-+ shared_cflag => add("-D_WINDLL"),
-+ shared_ldflag => "-static-libgcc",
-+ shared_rcflag => "--target=pe-i386",
-+ shared_extension => ".dll",
-+ multilib => "",
-+ apps_aux_src => add("win32_init.c"),
-+ },
- "mingw64" => {
- # As for OPENSSL_USE_APPLINK. Applink makes it possible to use
- # .dll compiled with one compiler with application compiled with
diff --git a/dev-libs/openssl/files/openssl-1.1.0i-CVE-2018-0734.patch b/dev-libs/openssl/files/openssl-1.1.0i-CVE-2018-0734.patch
deleted file mode 100644
index 47b082f408..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.0i-CVE-2018-0734.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-CVE-2018-0734
-https://github.com/openssl/openssl/commit/415c33563528667868c3c653a612e6fc8736fd79
-https://github.com/openssl/openssl/commit/ef11e19d1365eea2b1851e6f540a0bf365d303e7
-
---- a/crypto/dsa/dsa_ossl.c
-+++ b/crypto/dsa/dsa_ossl.c
-@@ -11,6 +11,7 @@
-
- #include <stdio.h>
- #include "internal/cryptlib.h"
-+#include "internal/bn_int.h"
- #include <openssl/bn.h>
- #include <openssl/sha.h>
- #include "dsa_locl.h"
-@@ -25,6 +26,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
- static int dsa_init(DSA *dsa);
- static int dsa_finish(DSA *dsa);
-+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
-+ BN_CTX *ctx);
-
- static DSA_METHOD openssl_dsa_meth = {
- "OpenSSL DSA method",
-@@ -180,9 +183,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
- {
- BN_CTX *ctx = NULL;
- BIGNUM *k, *kinv = NULL, *r = *rp;
-- BIGNUM *l, *m;
-+ BIGNUM *l;
- int ret = 0;
-- int q_bits;
-+ int q_bits, q_words;
-
- if (!dsa->p || !dsa->q || !dsa->g) {
- DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
-@@ -191,8 +194,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
-
- k = BN_new();
- l = BN_new();
-- m = BN_new();
-- if (k == NULL || l == NULL || m == NULL)
-+ if (k == NULL || l == NULL)
- goto err;
-
- if (ctx_in == NULL) {
-@@ -203,9 +205,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
-
- /* Preallocate space */
- q_bits = BN_num_bits(dsa->q);
-- if (!BN_set_bit(k, q_bits)
-- || !BN_set_bit(l, q_bits)
-- || !BN_set_bit(m, q_bits))
-+ q_words = bn_get_top(dsa->q);
-+ if (!bn_wexpand(k, q_words + 2)
-+ || !bn_wexpand(l, q_words + 2))
- goto err;
-
- /* Get random k */
-@@ -240,14 +242,17 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
- * small timing information leakage. We then choose the sum that is
- * one bit longer than the modulus.
- *
-- * TODO: revisit the BN_copy aiming for a memory access agnostic
-- * conditional copy.
-+ * There are some concerns about the efficacy of doing this. More
-+ * specificly refer to the discussion starting with:
-+ * https://github.com/openssl/openssl/pull/7486#discussion_r228323705
-+ * The fix is to rework BN so these gymnastics aren't required.
- */
- if (!BN_add(l, k, dsa->q)
-- || !BN_add(m, l, dsa->q)
-- || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m))
-+ || !BN_add(k, l, dsa->q))
- goto err;
-
-+ BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2);
-+
- if ((dsa)->meth->bn_mod_exp != NULL) {
- if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
- dsa->method_mont_p))
-@@ -260,8 +265,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
- if (!BN_mod(r, r, dsa->q, ctx))
- goto err;
-
-- /* Compute part of 's = inv(k) (m + xr) mod q' */
-- if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL)
-+ /* Compute part of 's = inv(k) (m + xr) mod q' */
-+ if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL)
- goto err;
-
- BN_clear_free(*kinvp);
-@@ -275,7 +280,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
- BN_CTX_free(ctx);
- BN_clear_free(k);
- BN_clear_free(l);
-- BN_clear_free(m);
- return ret;
- }
-
-@@ -395,3 +399,31 @@ static int dsa_finish(DSA *dsa)
- BN_MONT_CTX_free(dsa->method_mont_p);
- return (1);
- }
-+
-+/*
-+ * Compute the inverse of k modulo q.
-+ * Since q is prime, Fermat's Little Theorem applies, which reduces this to
-+ * mod-exp operation. Both the exponent and modulus are public information
-+ * so a mod-exp that doesn't leak the base is sufficient. A newly allocated
-+ * BIGNUM is returned which the caller must free.
-+ */
-+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
-+ BN_CTX *ctx)
-+{
-+ BIGNUM *res = NULL;
-+ BIGNUM *r, *e;
-+
-+ if ((r = BN_new()) == NULL)
-+ return NULL;
-+
-+ BN_CTX_start(ctx);
-+ if ((e = BN_CTX_get(ctx)) != NULL
-+ && BN_set_word(r, 2)
-+ && BN_sub(e, q, r)
-+ && BN_mod_exp_mont(r, k, e, q, ctx, NULL))
-+ res = r;
-+ else
-+ BN_free(r);
-+ BN_CTX_end(ctx);
-+ return res;
-+}
diff --git a/dev-libs/openssl/files/openssl-1.1.0i-CVE-2018-0735.patch b/dev-libs/openssl/files/openssl-1.1.0i-CVE-2018-0735.patch
deleted file mode 100644
index 5762c04fa3..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.0i-CVE-2018-0735.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 56fb454d281a023b3f950d969693553d3f3ceea1 Mon Sep 17 00:00:00 2001
-From: Pauli <paul.dale@oracle.com>
-Date: Fri, 26 Oct 2018 10:54:58 +1000
-Subject: [PATCH] Timing vulnerability in ECDSA signature generation
- (CVE-2018-0735)
-
-Preallocate an extra limb for some of the big numbers to avoid a reallocation
-that can potentially provide a side channel.
-
-Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
-(Merged from https://github.com/openssl/openssl/pull/7486)
-
-(cherry picked from commit 99540ec79491f59ed8b46b4edf130e17dc907f52)
----
- crypto/ec/ec_mult.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
-index 22bb30ffa1..ff882cce20 100644
---- a/crypto/ec/ec_mult.c
-+++ b/crypto/ec/ec_mult.c
-@@ -177,8 +177,8 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
- */
- cardinality_bits = BN_num_bits(cardinality);
- group_top = bn_get_top(cardinality);
-- if ((bn_wexpand(k, group_top + 1) == NULL)
-- || (bn_wexpand(lambda, group_top + 1) == NULL))
-+ if ((bn_wexpand(k, group_top + 2) == NULL)
-+ || (bn_wexpand(lambda, group_top + 2) == NULL))
- goto err;
-
- if (!BN_copy(k, scalar))
-@@ -205,7 +205,7 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
- * k := scalar + 2*cardinality
- */
- kbit = BN_is_bit_set(lambda, cardinality_bits);
-- BN_consttime_swap(kbit, k, lambda, group_top + 1);
-+ BN_consttime_swap(kbit, k, lambda, group_top + 2);
-
- group_top = bn_get_top(group->field);
- if ((bn_wexpand(s->X, group_top) == NULL)
---
-2.19.1
-
diff --git a/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch b/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch
deleted file mode 100644
index f68a5dbfea..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-https://github.com/openssl/openssl/pull/8249
-https://github.com/openssl/openssl/pull/8226
-
-From ba96d34ec2f8cf7823ad9ee5295f2e9b5653f2d2 Mon Sep 17 00:00:00 2001
-From: Corinna Vinschen <vinschen@redhat.com>
-Date: Fri, 15 Feb 2019 12:24:47 +0100
-Subject: [PATCH] cygwin: drop explicit O_TEXT
-
-Cygwin binaries should not enforce text mode these days, just
-use text mode if the underlying mount point requests it
-
-CLA: trivial
-
-Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
----
- crypto/bio/bss_file.c | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
-index a2b8700f22f..93ba00691bc 100644
---- a/crypto/bio/bss_file.c
-+++ b/crypto/bio/bss_file.c
-@@ -253,9 +253,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
- }
- # elif defined(OPENSSL_SYS_WIN32_CYGWIN)
- int fd = fileno((FILE *)ptr);
-- if (num & BIO_FP_TEXT)
-- setmode(fd, O_TEXT);
-- else
-+ if (!(num & BIO_FP_TEXT))
- setmode(fd, O_BINARY);
- # endif
- }
-@@ -279,11 +277,14 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
- ret = 0;
- break;
- }
--# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32_CYGWIN)
-+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
- if (!(num & BIO_FP_TEXT))
- OPENSSL_strlcat(p, "b", sizeof(p));
- else
- OPENSSL_strlcat(p, "t", sizeof(p));
-+# elif defined(OPENSSL_SYS_WIN32_CYGWIN)
-+ if (!(num & BIO_FP_TEXT))
-+ OPENSSL_strlcat(p, "b", sizeof(p));
- # endif
- fp = openssl_fopen(ptr, p);
- if (fp == NULL) {
-
-From fc9aa8bb86a5765f44d3167816aece4b9d954e4a Mon Sep 17 00:00:00 2001
-From: Michael Haubenwallner <michael.haubenwallner@ssi-schaefer.com>
-Date: Wed, 13 Feb 2019 16:52:04 +0100
-Subject: [PATCH] Windows/Cygwin dlls need the executable bit set
-
-CLA: trivial
----
- Configurations/unix-Makefile.tmpl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index 7705b03b8e2..0b744bb7af4 100644
---- a/Configurations/unix-Makefile.tmpl
-+++ b/Configurations/unix-Makefile.tmpl
-@@ -622,7 +622,7 @@ install_runtime_libs: build_libs
- : {- output_off() unless windowsdll(); "" -}; \
- $(ECHO) "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
- cp $$s $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
-- chmod 644 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
-+ chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
- mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
- $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
- : {- output_on() unless windowsdll(); "" -}{- output_off() if windowsdll(); "" -}; \
diff --git a/dev-libs/openssl/files/openssl-1.1.1a-fix-a-minor-nit-in-hkdflabel-size.patch b/dev-libs/openssl/files/openssl-1.1.1a-fix-a-minor-nit-in-hkdflabel-size.patch
deleted file mode 100644
index 8014be130a..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.1a-fix-a-minor-nit-in-hkdflabel-size.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 3be71a31a1dda204bb95462a92cf7f247e64b939 Mon Sep 17 00:00:00 2001
-From: Bernd Edlinger <bernd.edlinger@hotmail.de>
-Date: Sun, 16 Dec 2018 12:43:59 +0100
-Subject: [PATCH] Fix a minor nit in the hkdflabel size
-
-Reviewed-by: Paul Dale <paul.dale@oracle.com>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7913)
-
-(cherry picked from commit 0b4233f5a4a181a6dcb7c511cd2663e500e659a4)
----
- ssl/tls13_enc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
-index c3021d18aa9..e36b7d3a066 100644
---- a/ssl/tls13_enc.c
-+++ b/ssl/tls13_enc.c
-@@ -41,7 +41,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
- * + bytes for the hash itself
- */
- unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +
-- + sizeof(label_prefix) + TLS13_MAX_LABEL_LEN
-+ + (sizeof(label_prefix) - 1) + TLS13_MAX_LABEL_LEN
- + 1 + EVP_MAX_MD_SIZE];
- WPACKET pkt;
-
diff --git a/dev-libs/openssl/files/openssl-1.1.1a-fix-cert-with-rsa-instead-of-rsaEncryption.patch b/dev-libs/openssl/files/openssl-1.1.1a-fix-cert-with-rsa-instead-of-rsaEncryption.patch
deleted file mode 100644
index 8f249e22a1..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.1a-fix-cert-with-rsa-instead-of-rsaEncryption.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-From c25ae0fff78cb3cb784ef79167329d5cd55b62de Mon Sep 17 00:00:00 2001
-From: Bernd Edlinger <bernd.edlinger@hotmail.de>
-Date: Thu, 27 Dec 2018 22:18:21 +0100
-Subject: [PATCH] Fix cert with rsa instead of rsaEncryption as public key
- algorithm
-
-Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
-(Merged from https://github.com/openssl/openssl/pull/7962)
-
-(cherry picked from commit 1f483a69bce11c940309edc437eee6e32294d5f2)
----
- crypto/rsa/rsa_ameth.c | 9 ++++++---
- test/certs/root-cert-rsa2.pem | 18 ++++++++++++++++++
- test/recipes/25-test_verify.t | 4 +++-
- 3 files changed, 27 insertions(+), 4 deletions(-)
- create mode 100644 test/certs/root-cert-rsa2.pem
-
-diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
-index a6595aec054..75debb3e0a9 100644
---- a/crypto/rsa/rsa_ameth.c
-+++ b/crypto/rsa/rsa_ameth.c
-@@ -34,7 +34,7 @@ static int rsa_param_encode(const EVP_PKEY *pkey,
-
- *pstr = NULL;
- /* If RSA it's just NULL type */
-- if (pkey->ameth->pkey_id == EVP_PKEY_RSA) {
-+ if (pkey->ameth->pkey_id != EVP_PKEY_RSA_PSS) {
- *pstrtype = V_ASN1_NULL;
- return 1;
- }
-@@ -58,7 +58,7 @@ static int rsa_param_decode(RSA *rsa, const X509_ALGOR *alg)
- int algptype;
-
- X509_ALGOR_get0(&algoid, &algptype, &algp, alg);
-- if (OBJ_obj2nid(algoid) == EVP_PKEY_RSA)
-+ if (OBJ_obj2nid(algoid) != EVP_PKEY_RSA_PSS)
- return 1;
- if (algptype == V_ASN1_UNDEF)
- return 1;
-@@ -109,7 +109,10 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
- RSA_free(rsa);
- return 0;
- }
-- EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
-+ if (!EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa)) {
-+ RSA_free(rsa);
-+ return 0;
-+ }
- return 1;
- }
-
-diff --git a/test/certs/root-cert-rsa2.pem b/test/certs/root-cert-rsa2.pem
-new file mode 100644
-index 00000000000..b817fdf3e5d
---- /dev/null
-+++ b/test/certs/root-cert-rsa2.pem
-@@ -0,0 +1,18 @@
-+-----BEGIN CERTIFICATE-----
-+MIIC7DCCAdSgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
-+IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD
-+DAdSb290IENBMIIBHTAIBgRVCAEBBQADggEPADCCAQoCggEBAOHmAPUGvKBGOHkP
-+Px5xGRNtAt8rm3Zr/KywIe3WkQhCO6VjNexSW6CiSsXWAJQDl1o9uWco0n3jIVyk
-+7cY8jY6E0Z1Uwz3ZdKKWdmdx+cYaUHez/XjuW+DjjIkjwpoi7D7UN54HzcArVREX
-+OjRCHGkNOhiw7RWUXsb9nofGHOeUGpLAXwXBc0PlA94JkckkztiOi34u4DFI0YYq
-+alUmeugLNk6XseCkydpcaUsDgAhWg6Mfsiq4wUz+xbFN1MABqu2+ziW97mmt9gfN
-+biuhiVT1aOuYCe3JYGbLM2JKA7Bo1g6rX8E1VX79Ru6669y2oqPthX9337VoIkN+
-+ZiQjr8UCAwEAAaNQME4wHQYDVR0OBBYEFI71Ja8em2uEPXyAmslTnE1y96NSMB8G
-+A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
-+KoZIhvcNAQELBQADggEBAJ0OIdog3uQ1pmsjv1Qtf1w4If1geOn5uK0EOj2wYBHt
-+NxlFn7l8d9+51QMZFO+RlQJ0s3Webyo1ReuaL2dMn2LGJhWMoSBAwrMALAENU3lv
-+8jioRbfO2OamsdpJpKxQUyUJYudNe+BoKNX/ry3rxezmsFsRr9nDMiJZpmBCXiMm
-+mFFJOJkG0CheexBbMkua4kyStIOwO4rb5bSHszVso/9ucdGHBSC7oRcJXoWSDjBx
-+PdQPPBK5g4yqL8Lz26ehgsmhRKL9k32eVyjDKcIzgpmgcPTfTqNbd1KHQJKx4ssb
-+7nEpGKHalSo5Oq5L9s9qYrUv37kwBY4OpJFtmGaodoI=
-+-----END CERTIFICATE-----
-diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
-index 6c3deab7c67..b80a1cde3ed 100644
---- a/test/recipes/25-test_verify.t
-+++ b/test/recipes/25-test_verify.t
-@@ -27,7 +27,7 @@ sub verify {
- run(app([@args]));
- }
-
--plan tests => 134;
-+plan tests => 135;
-
- # Canonical success
- ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
-@@ -361,6 +361,8 @@ ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"]
- "Not too many names and constraints to check (2)");
- ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"], ),
- "Not too many names and constraints to check (3)");
-+ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig"),
-+ "Public Key Algorithm rsa instead of rsaEncryption");
-
- SKIP: {
- skip "Ed25519 is not supported by this OpenSSL build", 1
diff --git a/dev-libs/openssl/files/openssl-1.1.1a-fix-some-SSL_export_keying_material-issues.patch b/dev-libs/openssl/files/openssl-1.1.1a-fix-some-SSL_export_keying_material-issues.patch
deleted file mode 100644
index 2db64d83e4..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.1a-fix-some-SSL_export_keying_material-issues.patch
+++ /dev/null
@@ -1,420 +0,0 @@
-From 0fb2815b873304d145ed00283454fc9f3bd35e6b Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 4 Dec 2018 08:37:04 +0000
-Subject: [PATCH] Fix some SSL_export_keying_material() issues
-
-Fix some issues in tls13_hkdf_expand() which impact the above function
-for TLSv1.3. In particular test that we can use the maximum label length
-in TLSv1.3.
-
-Reviewed-by: Tim Hudson <tjh@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7755)
----
- doc/man3/SSL_export_keying_material.pod | 3 +-
- ssl/ssl_locl.h | 2 +-
- ssl/statem/extensions.c | 2 +-
- ssl/statem/statem_clnt.c | 2 +-
- ssl/statem/statem_srvr.c | 2 +-
- ssl/tls13_enc.c | 73 +++++++++++++++++--------
- test/sslapitest.c | 48 ++++++++++++----
- test/tls13secretstest.c | 2 +-
- 8 files changed, 92 insertions(+), 42 deletions(-)
-
-diff --git a/doc/man3/SSL_export_keying_material.pod b/doc/man3/SSL_export_keying_material.pod
-index abebf911fc3..4c81a60ffbb 100644
---- a/doc/man3/SSL_export_keying_material.pod
-+++ b/doc/man3/SSL_export_keying_material.pod
-@@ -59,7 +59,8 @@ B<label> and should be B<llen> bytes long. Typically this will be a value from
- the IANA Exporter Label Registry
- (L<https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels>).
- Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard
--to be used without registration.
-+to be used without registration. TLSv1.3 imposes a maximum label length of
-+249 bytes.
-
- Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and
- above. Attempting to use it in SSLv3 will result in an error.
-diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index 70e5a1740f9..307131de93a 100644
---- a/ssl/ssl_locl.h
-+++ b/ssl/ssl_locl.h
-@@ -2461,7 +2461,7 @@ __owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md,
- const unsigned char *secret,
- const unsigned char *label, size_t labellen,
- const unsigned char *data, size_t datalen,
-- unsigned char *out, size_t outlen);
-+ unsigned char *out, size_t outlen, int fatal);
- __owur int tls13_derive_key(SSL *s, const EVP_MD *md,
- const unsigned char *secret, unsigned char *key,
- size_t keylen);
-diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
-index 63e61c6184a..716d6d23e08 100644
---- a/ssl/statem/extensions.c
-+++ b/ssl/statem/extensions.c
-@@ -1506,7 +1506,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
-
- /* Generate the binder key */
- if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash,
-- hashsize, binderkey, hashsize)) {
-+ hashsize, binderkey, hashsize, 1)) {
- /* SSLfatal() already called */
- goto err;
- }
-diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
-index 5a8f1163dfa..a0e495d8e83 100644
---- a/ssl/statem/statem_clnt.c
-+++ b/ssl/statem/statem_clnt.c
-@@ -2740,7 +2740,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
- PACKET_data(&nonce),
- PACKET_remaining(&nonce),
- s->session->master_key,
-- hashlen)) {
-+ hashlen, 1)) {
- /* SSLfatal() already called */
- goto err;
- }
-diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
-index e7c11c4bea4..a8e862ced55 100644
---- a/ssl/statem/statem_srvr.c
-+++ b/ssl/statem/statem_srvr.c
-@@ -4099,7 +4099,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
- tick_nonce,
- TICKET_NONCE_SIZE,
- s->session->master_key,
-- hashlen)) {
-+ hashlen, 1)) {
- /* SSLfatal() already called */
- goto err;
- }
-diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
-index f7ab0fa4704..c3021d18aa9 100644
---- a/ssl/tls13_enc.c
-+++ b/ssl/tls13_enc.c
-@@ -13,7 +13,7 @@
- #include <openssl/evp.h>
- #include <openssl/kdf.h>
-
--#define TLS13_MAX_LABEL_LEN 246
-+#define TLS13_MAX_LABEL_LEN 249
-
- /* Always filled with zeros */
- static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
-@@ -22,30 +22,47 @@ static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
- * Given a |secret|; a |label| of length |labellen|; and |data| of length
- * |datalen| (e.g. typically a hash of the handshake messages), derive a new
- * secret |outlen| bytes long and store it in the location pointed to be |out|.
-- * The |data| value may be zero length. Returns 1 on success 0 on failure.
-+ * The |data| value may be zero length. Any errors will be treated as fatal if
-+ * |fatal| is set. Returns 1 on success 0 on failure.
- */
- int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
- const unsigned char *label, size_t labellen,
- const unsigned char *data, size_t datalen,
-- unsigned char *out, size_t outlen)
-+ unsigned char *out, size_t outlen, int fatal)
- {
-- const unsigned char label_prefix[] = "tls13 ";
-+ static const unsigned char label_prefix[] = "tls13 ";
- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
- int ret;
- size_t hkdflabellen;
- size_t hashlen;
- /*
-- * 2 bytes for length of whole HkdfLabel + 1 byte for length of combined
-- * prefix and label + bytes for the label itself + bytes for the hash
-+ * 2 bytes for length of derived secret + 1 byte for length of combined
-+ * prefix and label + bytes for the label itself + 1 byte length of hash
-+ * + bytes for the hash itself
- */
- unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +
- + sizeof(label_prefix) + TLS13_MAX_LABEL_LEN
-- + EVP_MAX_MD_SIZE];
-+ + 1 + EVP_MAX_MD_SIZE];
- WPACKET pkt;
-
- if (pctx == NULL)
- return 0;
-
-+ if (labellen > TLS13_MAX_LABEL_LEN) {
-+ if (fatal) {
-+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
-+ ERR_R_INTERNAL_ERROR);
-+ } else {
-+ /*
-+ * Probably we have been called from SSL_export_keying_material(),
-+ * or SSL_export_keying_material_early().
-+ */
-+ SSLerr(SSL_F_TLS13_HKDF_EXPAND, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
-+ }
-+ EVP_PKEY_CTX_free(pctx);
-+ return 0;
-+ }
-+
- hashlen = EVP_MD_size(md);
-
- if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0)
-@@ -59,8 +76,11 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
- || !WPACKET_finish(&pkt)) {
- EVP_PKEY_CTX_free(pctx);
- WPACKET_cleanup(&pkt);
-- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
-- ERR_R_INTERNAL_ERROR);
-+ if (fatal)
-+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
-+ ERR_R_INTERNAL_ERROR);
-+ else
-+ SSLerr(SSL_F_TLS13_HKDF_EXPAND, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
-@@ -74,9 +94,13 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
-
- EVP_PKEY_CTX_free(pctx);
-
-- if (ret != 0)
-- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
-- ERR_R_INTERNAL_ERROR);
-+ if (ret != 0) {
-+ if (fatal)
-+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
-+ ERR_R_INTERNAL_ERROR);
-+ else
-+ SSLerr(SSL_F_TLS13_HKDF_EXPAND, ERR_R_INTERNAL_ERROR);
-+ }
-
- return ret == 0;
- }
-@@ -91,7 +115,7 @@ int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret,
- static const unsigned char keylabel[] = "key";
-
- return tls13_hkdf_expand(s, md, secret, keylabel, sizeof(keylabel) - 1,
-- NULL, 0, key, keylen);
-+ NULL, 0, key, keylen, 1);
- }
-
- /*
-@@ -104,7 +128,7 @@ int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret,
- static const unsigned char ivlabel[] = "iv";
-
- return tls13_hkdf_expand(s, md, secret, ivlabel, sizeof(ivlabel) - 1,
-- NULL, 0, iv, ivlen);
-+ NULL, 0, iv, ivlen, 1);
- }
-
- int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
-@@ -114,7 +138,7 @@ int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
- static const unsigned char finishedlabel[] = "finished";
-
- return tls13_hkdf_expand(s, md, secret, finishedlabel,
-- sizeof(finishedlabel) - 1, NULL, 0, fin, finlen);
-+ sizeof(finishedlabel) - 1, NULL, 0, fin, finlen, 1);
- }
-
- /*
-@@ -177,7 +201,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
- if (!tls13_hkdf_expand(s, md, prevsecret,
- (unsigned char *)derived_secret_label,
- sizeof(derived_secret_label) - 1, hash, mdlen,
-- preextractsec, mdlen)) {
-+ preextractsec, mdlen, 1)) {
- /* SSLfatal() already called */
- EVP_PKEY_CTX_free(pctx);
- return 0;
-@@ -337,7 +361,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
- hashlen = (size_t)hashleni;
-
- if (!tls13_hkdf_expand(s, md, insecret, label, labellen, hash, hashlen,
-- secret, hashlen)) {
-+ secret, hashlen, 1)) {
- /* SSLfatal() already called */
- goto err;
- }
-@@ -517,7 +541,8 @@ int tls13_change_cipher_state(SSL *s, int which)
- early_exporter_master_secret,
- sizeof(early_exporter_master_secret) - 1,
- hashval, hashlen,
-- s->early_exporter_master_secret, hashlen)) {
-+ s->early_exporter_master_secret, hashlen,
-+ 1)) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
- goto err;
-@@ -604,7 +629,7 @@ int tls13_change_cipher_state(SSL *s, int which)
- resumption_master_secret,
- sizeof(resumption_master_secret) - 1,
- hashval, hashlen, s->resumption_master_secret,
-- hashlen)) {
-+ hashlen, 1)) {
- /* SSLfatal() already called */
- goto err;
- }
-@@ -624,7 +649,7 @@ int tls13_change_cipher_state(SSL *s, int which)
- exporter_master_secret,
- sizeof(exporter_master_secret) - 1,
- hash, hashlen, s->exporter_master_secret,
-- hashlen)) {
-+ hashlen, 1)) {
- /* SSLfatal() already called */
- goto err;
- }
-@@ -738,10 +763,10 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
- || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
- || !tls13_hkdf_expand(s, md, s->exporter_master_secret,
- (const unsigned char *)label, llen,
-- data, datalen, exportsecret, hashsize)
-+ data, datalen, exportsecret, hashsize, 0)
- || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
- sizeof(exporterlabel) - 1, hash, hashsize,
-- out, olen))
-+ out, olen, 0))
- goto err;
-
- ret = 1;
-@@ -797,10 +822,10 @@ int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
- || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
- || !tls13_hkdf_expand(s, md, s->early_exporter_master_secret,
- (const unsigned char *)label, llen,
-- data, datalen, exportsecret, hashsize)
-+ data, datalen, exportsecret, hashsize, 0)
- || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
- sizeof(exporterlabel) - 1, hash, hashsize,
-- out, olen))
-+ out, olen, 0))
- goto err;
-
- ret = 1;
-diff --git a/test/sslapitest.c b/test/sslapitest.c
-index 108d57e4781..a4bbb4fead4 100644
---- a/test/sslapitest.c
-+++ b/test/sslapitest.c
-@@ -4028,20 +4028,25 @@ static int test_serverinfo(int tst)
- * no test vectors so all we do is test that both sides of the communication
- * produce the same results for different protocol versions.
- */
-+#define SMALL_LABEL_LEN 10
-+#define LONG_LABEL_LEN 249
- static int test_export_key_mat(int tst)
- {
- int testresult = 0;
- SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
- SSL *clientssl = NULL, *serverssl = NULL;
-- const char label[] = "test label";
-+ const char label[LONG_LABEL_LEN + 1] = "test label";
- const unsigned char context[] = "context";
- const unsigned char *emptycontext = NULL;
- unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80];
- unsigned char skeymat1[80], skeymat2[80], skeymat3[80];
-+ size_t labellen;
- const int protocols[] = {
- TLS1_VERSION,
- TLS1_1_VERSION,
- TLS1_2_VERSION,
-+ TLS1_3_VERSION,
-+ TLS1_3_VERSION,
- TLS1_3_VERSION
- };
-
-@@ -4058,7 +4063,7 @@ static int test_export_key_mat(int tst)
- return 1;
- #endif
- #ifdef OPENSSL_NO_TLS1_3
-- if (tst == 3)
-+ if (tst >= 3)
- return 1;
- #endif
- if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
-@@ -4076,33 +4081,52 @@ static int test_export_key_mat(int tst)
- SSL_ERROR_NONE)))
- goto end;
-
-+ if (tst == 5) {
-+ /*
-+ * TLSv1.3 imposes a maximum label len of 249 bytes. Check we fail if we
-+ * go over that.
-+ */
-+ if (!TEST_int_le(SSL_export_keying_material(clientssl, ckeymat1,
-+ sizeof(ckeymat1), label,
-+ LONG_LABEL_LEN + 1, context,
-+ sizeof(context) - 1, 1), 0))
-+ goto end;
-+
-+ testresult = 1;
-+ goto end;
-+ } else if (tst == 4) {
-+ labellen = LONG_LABEL_LEN;
-+ } else {
-+ labellen = SMALL_LABEL_LEN;
-+ }
-+
- if (!TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat1,
- sizeof(ckeymat1), label,
-- sizeof(label) - 1, context,
-+ labellen, context,
- sizeof(context) - 1, 1), 1)
- || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat2,
- sizeof(ckeymat2), label,
-- sizeof(label) - 1,
-+ labellen,
- emptycontext,
- 0, 1), 1)
- || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat3,
- sizeof(ckeymat3), label,
-- sizeof(label) - 1,
-+ labellen,
- NULL, 0, 0), 1)
- || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat1,
- sizeof(skeymat1), label,
-- sizeof(label) - 1,
-+ labellen,
- context,
- sizeof(context) -1, 1),
- 1)
- || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat2,
- sizeof(skeymat2), label,
-- sizeof(label) - 1,
-+ labellen,
- emptycontext,
- 0, 1), 1)
- || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat3,
- sizeof(skeymat3), label,
-- sizeof(label) - 1,
-+ labellen,
- NULL, 0, 0), 1)
- /*
- * Check that both sides created the same key material with the
-@@ -4131,10 +4155,10 @@ static int test_export_key_mat(int tst)
- * Check that an empty context and no context produce different results in
- * protocols less than TLSv1.3. In TLSv1.3 they should be the same.
- */
-- if ((tst != 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3,
-+ if ((tst < 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3,
- sizeof(ckeymat3)))
-- || (tst ==3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3,
-- sizeof(ckeymat3))))
-+ || (tst >= 3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3,
-+ sizeof(ckeymat3))))
- goto end;
-
- testresult = 1;
-@@ -5909,7 +5933,7 @@ int setup_tests(void)
- ADD_ALL_TESTS(test_custom_exts, 3);
- #endif
- ADD_ALL_TESTS(test_serverinfo, 8);
-- ADD_ALL_TESTS(test_export_key_mat, 4);
-+ ADD_ALL_TESTS(test_export_key_mat, 6);
- #ifndef OPENSSL_NO_TLS1_3
- ADD_ALL_TESTS(test_export_key_mat_early, 3);
- #endif
-diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c
-index 319df17bab0..de318df02b4 100644
---- a/test/tls13secretstest.c
-+++ b/test/tls13secretstest.c
-@@ -226,7 +226,7 @@ static int test_secret(SSL *s, unsigned char *prk,
- }
-
- if (!tls13_hkdf_expand(s, md, prk, label, labellen, hash, hashsize,
-- gensecret, hashsize)) {
-+ gensecret, hashsize, 1)) {
- TEST_error("Secret generation failed");
- return 0;
- }
diff --git a/dev-libs/openssl/files/openssl-1.1.1a-fix-wrong-return-value-in-ssl3_ctx_ctrl.patch b/dev-libs/openssl/files/openssl-1.1.1a-fix-wrong-return-value-in-ssl3_ctx_ctrl.patch
deleted file mode 100644
index c2f8bb638b..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.1a-fix-wrong-return-value-in-ssl3_ctx_ctrl.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 3ccccb91ae1c07a4310778b3d7ba74ff4ff787f0 Mon Sep 17 00:00:00 2001
-From: Paul Yang <yang.yang@baishancloud.com>
-Date: Wed, 21 Nov 2018 13:16:27 +0800
-Subject: [PATCH] Fix wrong return value in ssl3_ctx_ctrl
-
-This fixes issue #7677
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7678)
----
- ssl/s3_lib.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index 866ca4dfa9b..99ae48199c2 100644
---- a/ssl/s3_lib.c
-+++ b/ssl/s3_lib.c
-@@ -3781,7 +3781,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
- EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
- SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
- EVP_PKEY_free(pkdh);
-- return 1;
-+ return 0;
- }
- EVP_PKEY_free(ctx->cert->dh_tmp);
- ctx->cert->dh_tmp = pkdh;
diff --git a/dev-libs/openssl/files/openssl-1.1.1a-make-sure-build_SYS_str_reasons_preserves_errno.patch b/dev-libs/openssl/files/openssl-1.1.1a-make-sure-build_SYS_str_reasons_preserves_errno.patch
deleted file mode 100644
index cfa84c73a5..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.1a-make-sure-build_SYS_str_reasons_preserves_errno.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 99992ad22019e752c7b103a45f860a48b6bc0972 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Wed, 21 Nov 2018 11:44:42 +0000
-Subject: [PATCH] Make sure build_SYS_str_reasons() preserves errno
-
-This function can end up being called during ERR_get_error() if we are
-initialising. ERR_get_error() must preserve errno since it gets called via
-SSL_get_error(). If that function returns SSL_ERROR_SYSCALL then you are
-supposed to inspect errno.
-
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7680)
-
-(cherry picked from commit 71b1ceffc4c795f5db21861dd1016fbe23a53a53)
----
-
-diff --git a/crypto/err/err.c b/crypto/err/err.c
-index 03cbd73..2eeeab2 100644
---- a/crypto/err/err.c
-+++ b/crypto/err/err.c
-@@ -19,6 +19,7 @@
- #include <openssl/bio.h>
- #include <openssl/opensslconf.h>
- #include "internal/thread_once.h"
-+#include "e_os.h"
-
- static int err_load_strings(const ERR_STRING_DATA *str);
-
-@@ -201,6 +202,7 @@ static void build_SYS_str_reasons(void)
- static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
- static int init = 1;
- int i;
-+ int saveerrno = get_last_sys_error();
-
- CRYPTO_THREAD_write_lock(err_string_lock);
- if (!init) {
-@@ -229,6 +231,8 @@ static void build_SYS_str_reasons(void)
- init = 0;
-
- CRYPTO_THREAD_unlock(err_string_lock);
-+ /* openssl_strerror_r could change errno, but we want to preserve it */
-+ set_sys_error(saveerrno);
- err_load_strings(SYS_str_reasons);
- }
- #endif
-diff --git a/e_os.h b/e_os.h
-index 5340593..8e6efa9 100644
---- a/e_os.h
-+++ b/e_os.h
-@@ -49,6 +49,7 @@
-
- # define get_last_sys_error() errno
- # define clear_sys_error() errno=0
-+# define set_sys_error(e) errno=(e)
-
- /********************************************************************
- The Microsoft section
-@@ -66,8 +67,10 @@
- # ifdef WIN32
- # undef get_last_sys_error
- # undef clear_sys_error
-+# undef set_sys_error
- # define get_last_sys_error() GetLastError()
- # define clear_sys_error() SetLastError(0)
-+# define set_sys_error(e) SetLastError(e)
- # if !defined(WINNT)
- # define WIN_CONSOLE_BUG
- # endif
diff --git a/dev-libs/openssl/files/openssl-1.1.1a-preserve-errno-on-dlopen.patch b/dev-libs/openssl/files/openssl-1.1.1a-preserve-errno-on-dlopen.patch
deleted file mode 100644
index ed8f2dd96b..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.1a-preserve-errno-on-dlopen.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From ef97becf522fc4e2e9d98e6ae7bcb26651883d9a Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Wed, 21 Nov 2018 11:57:04 +0000
-Subject: [PATCH] Preserve errno on dlopen
-
-For the same reasons as in the previous commit we must preserve errno
-across dlopen calls. Some implementations (e.g. solaris) do not preserve
-errno even on a successful dlopen call.
-
-Fixes #6953
-
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7680)
-
-(cherry picked from commit 3cb4e7dc1cf92022f62b9bbdd59695885a1265ff)
----
- crypto/dso/dso_dlfcn.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c
-index ad8899c289a..4240f5f5e30 100644
---- a/crypto/dso/dso_dlfcn.c
-+++ b/crypto/dso/dso_dlfcn.c
-@@ -17,6 +17,7 @@
- #endif
-
- #include "dso_locl.h"
-+#include "e_os.h"
-
- #ifdef DSO_DLFCN
-
-@@ -99,6 +100,7 @@ static int dlfcn_load(DSO *dso)
- /* See applicable comments in dso_dl.c */
- char *filename = DSO_convert_filename(dso, NULL);
- int flags = DLOPEN_FLAG;
-+ int saveerrno = get_last_sys_error();
-
- if (filename == NULL) {
- DSOerr(DSO_F_DLFCN_LOAD, DSO_R_NO_FILENAME);
-@@ -118,6 +120,11 @@ static int dlfcn_load(DSO *dso)
- ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
- goto err;
- }
-+ /*
-+ * Some dlopen() implementations (e.g. solaris) do no preserve errno, even
-+ * on a successful call.
-+ */
-+ set_sys_error(saveerrno);
- if (!sk_void_push(dso->meth_data, (char *)ptr)) {
- DSOerr(DSO_F_DLFCN_LOAD, DSO_R_STACK_ERROR);
- goto err;
diff --git a/dev-libs/openssl/files/openssl-1.1.1a-preserve-system-error-number-in-a-few-more-places.patch b/dev-libs/openssl/files/openssl-1.1.1a-preserve-system-error-number-in-a-few-more-places.patch
deleted file mode 100644
index 84c43a3c3e..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.1a-preserve-system-error-number-in-a-few-more-places.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 145419423e1a74ae54cdbd3aed8bb15cbd53c7cc Mon Sep 17 00:00:00 2001
-From: Richard Levitte <levitte@openssl.org>
-Date: Fri, 14 Dec 2018 19:33:55 +0100
-Subject: [PATCH] ERR: preserve system error number in a few more places
-
-It turns out that intialization may change the error number, so we
-need to preserve the system error number in functions where
-initialization is called for.
-These are ERR_get_state() and err_shelve_state()
-
-Fixes #7897
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7902)
-
-(cherry picked from commit 91c5473035aaf2c0d86e4039c2a29a5b70541905)
----
- crypto/err/err.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/crypto/err/err.c b/crypto/err/err.c
-index 5cfb02d821b..aef2543d60b 100644
---- a/crypto/err/err.c
-+++ b/crypto/err/err.c
-@@ -697,6 +697,7 @@ DEFINE_RUN_ONCE_STATIC(err_do_init)
- ERR_STATE *ERR_get_state(void)
- {
- ERR_STATE *state;
-+ int saveerrno = get_last_sys_error();
-
- if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
- return NULL;
-@@ -728,6 +729,7 @@ ERR_STATE *ERR_get_state(void)
- OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
- }
-
-+ set_sys_error(saveerrno);
- return state;
- }
-
-@@ -737,6 +739,8 @@ ERR_STATE *ERR_get_state(void)
- */
- int err_shelve_state(void **state)
- {
-+ int saveerrno = get_last_sys_error();
-+
- if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
- return 0;
-
-@@ -747,6 +751,7 @@ int err_shelve_state(void **state)
- if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1))
- return 0;
-
-+ set_sys_error(saveerrno);
- return 1;
- }
-
diff --git a/dev-libs/openssl/files/openssl-1.1.1a-revert-reduce-stack-usage-in-tls13_hkdf_expand.patch b/dev-libs/openssl/files/openssl-1.1.1a-revert-reduce-stack-usage-in-tls13_hkdf_expand.patch
deleted file mode 100644
index 5ea4fb97bf..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.1a-revert-reduce-stack-usage-in-tls13_hkdf_expand.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From ed371b8cbac0d0349667558c061c1ae380cf75eb Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Mon, 3 Dec 2018 18:14:57 +0000
-Subject: [PATCH] Revert "Reduce stack usage in tls13_hkdf_expand"
-
-This reverts commit ec0c5f5693e39c5a013f81e6dd9dfd09ec65162d.
-
-SSL_export_keying_material() may use longer label lengths.
-
-Fixes #7712
-
-Reviewed-by: Tim Hudson <tjh@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/7755)
----
- ssl/tls13_enc.c | 16 ++++------------
- 1 file changed, 4 insertions(+), 12 deletions(-)
-
-diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
-index b6825d20c2d..f7ab0fa4704 100644
---- a/ssl/tls13_enc.c
-+++ b/ssl/tls13_enc.c
-@@ -13,14 +13,7 @@
- #include <openssl/evp.h>
- #include <openssl/kdf.h>
-
--/*
-- * RFC 8446, 7.1 Key Schedule, says:
-- * Note: With common hash functions, any label longer than 12 characters
-- * requires an additional iteration of the hash function to compute.
-- * The labels in this specification have all been chosen to fit within
-- * this limit.
-- */
--#define TLS13_MAX_LABEL_LEN 12
-+#define TLS13_MAX_LABEL_LEN 246
-
- /* Always filled with zeros */
- static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
-@@ -36,15 +29,14 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
- const unsigned char *data, size_t datalen,
- unsigned char *out, size_t outlen)
- {
-- static const unsigned char label_prefix[] = "tls13 ";
-+ const unsigned char label_prefix[] = "tls13 ";
- EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
- int ret;
- size_t hkdflabellen;
- size_t hashlen;
- /*
-- * 2 bytes for length of derived secret + 1 byte for length of combined
-- * prefix and label + bytes for the label itself + 1 byte length of hash
-- * + bytes for the hash itself
-+ * 2 bytes for length of whole HkdfLabel + 1 byte for length of combined
-+ * prefix and label + bytes for the label itself + bytes for the hash
- */
- unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +
- + sizeof(label_prefix) + TLS13_MAX_LABEL_LEN
diff --git a/dev-libs/openssl/files/openssl-1.1.1b-CVE-2019-1543.patch b/dev-libs/openssl/files/openssl-1.1.1b-CVE-2019-1543.patch
deleted file mode 100644
index 4d478c484c..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.1b-CVE-2019-1543.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From f426625b6ae9a7831010750490a5f0ad689c5ba3 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 5 Mar 2019 14:39:15 +0000
-Subject: [PATCH] Prevent over long nonces in ChaCha20-Poly1305
-
-ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
-every encryption operation. RFC 7539 specifies that the nonce value (IV)
-should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and
-front pads the nonce with 0 bytes if it is less than 12 bytes. However it
-also incorrectly allows a nonce to be set of up to 16 bytes. In this case
-only the last 12 bytes are significant and any additional leading bytes are
-ignored.
-
-It is a requirement of using this cipher that nonce values are unique.
-Messages encrypted using a reused nonce value are susceptible to serious
-confidentiality and integrity attacks. If an application changes the
-default nonce length to be longer than 12 bytes and then makes a change to
-the leading bytes of the nonce expecting the new value to be a new unique
-nonce then such an application could inadvertently encrypt messages with a
-reused nonce.
-
-Additionally the ignored bytes in a long nonce are not covered by the
-integrity guarantee of this cipher. Any application that relies on the
-integrity of these ignored leading bytes of a long nonce may be further
-affected.
-
-Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe
-because no such use sets such a long nonce value. However user
-applications that use this cipher directly and set a non-default nonce
-length to be longer than 12 bytes may be vulnerable.
-
-CVE-2019-1543
-
-Fixes #8345
-
-Reviewed-by: Paul Dale <paul.dale@oracle.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/8406)
-
-(cherry picked from commit 2a3d0ee9d59156c48973592331404471aca886d6)
----
- crypto/evp/e_chacha20_poly1305.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
-index c1917bb86a6..d3e2c622a1b 100644
---- a/crypto/evp/e_chacha20_poly1305.c
-+++ b/crypto/evp/e_chacha20_poly1305.c
-@@ -30,6 +30,8 @@ typedef struct {
-
- #define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
-
-+#define CHACHA20_POLY1305_MAX_IVLEN 12
-+
- static int chacha_init_key(EVP_CIPHER_CTX *ctx,
- const unsigned char user_key[CHACHA_KEY_SIZE],
- const unsigned char iv[CHACHA_CTR_SIZE], int enc)
-@@ -533,7 +535,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
- return 1;
-
- case EVP_CTRL_AEAD_SET_IVLEN:
-- if (arg <= 0 || arg > CHACHA_CTR_SIZE)
-+ if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
- return 0;
- actx->nonce_len = arg;
- return 1;
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/files/
@ 2020-12-31 21:53 Fabian Groffen
0 siblings, 0 replies; 7+ messages in thread
From: Fabian Groffen @ 2020-12-31 21:53 UTC (permalink / raw
To: gentoo-commits
commit: b45716e10a1f0a0b4d0a083636391b9d5457309f
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 31 21:53:15 2020 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Thu Dec 31 21:53:15 2020 +0000
URL: https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=b45716e1
dev-libs/openssl: add support for arm64-macos
Package-Manager: Portage-3.0.12-prefix, Repoman-3.0.2
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
dev-libs/openssl/files/gentoo.config-1.0.2 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.2 b/dev-libs/openssl/files/gentoo.config-1.0.2
index 3decbee261..98cf8a92ad 100755
--- a/dev-libs/openssl/files/gentoo.config-1.0.2
+++ b/dev-libs/openssl/files/gentoo.config-1.0.2
@@ -1,5 +1,5 @@
#!/usr/bin/env bash
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
#
# Openssl doesn't play along nicely with cross-compiling
@@ -149,6 +149,7 @@ darwin)
powerpc) machine=ppc-cc;;
i?86*) machine=i386-cc;;
x86_64) machine=x86_64-cc; system=${system}64;;
+ arm64) machine=arm64-cc; system${system}64;;
esac
;;
hpux)
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/files/
@ 2021-01-01 14:46 Fabian Groffen
0 siblings, 0 replies; 7+ messages in thread
From: Fabian Groffen @ 2021-01-01 14:46 UTC (permalink / raw
To: gentoo-commits
commit: 126e93822e416999cbf7b5f5ec18e9de15b8061c
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 1 14:46:36 2021 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Fri Jan 1 14:46:36 2021 +0000
URL: https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=126e9382
dev-libs/openssl: fix crucial typo in gentoo.config for arm64-macos
Package-Manager: Portage-3.0.12-prefix, Repoman-3.0.2
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
dev-libs/openssl/files/gentoo.config-1.0.2 | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.2 b/dev-libs/openssl/files/gentoo.config-1.0.2
index 98cf8a92ad..a47829154e 100755
--- a/dev-libs/openssl/files/gentoo.config-1.0.2
+++ b/dev-libs/openssl/files/gentoo.config-1.0.2
@@ -1,5 +1,5 @@
#!/usr/bin/env bash
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
#
# Openssl doesn't play along nicely with cross-compiling
@@ -149,7 +149,7 @@ darwin)
powerpc) machine=ppc-cc;;
i?86*) machine=i386-cc;;
x86_64) machine=x86_64-cc; system=${system}64;;
- arm64) machine=arm64-cc; system${system}64;;
+ arm64) machine=arm64-cc; system=${system}64;;
esac
;;
hpux)
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-01-01 14:47 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-02-26 8:24 [gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/files/ Michael Haubenwallner
-- strict thread matches above, loose matches on Subject: below --
2021-01-01 14:46 Fabian Groffen
2020-12-31 21:53 Fabian Groffen
2020-12-08 23:46 Sam James
2019-02-21 7:40 Michael Haubenwallner
2019-02-18 14:51 Michael Haubenwallner
2016-05-09 15:57 Michael Haubenwallner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox