openssl3: 3.0.14

2024-08-25 08:56:30 +06:00 · 2024-08-25 08:56:30 +06:00 · ef5bb36157
commit ef5bb36157
parent 67e18b7f32
4 changed files with 18 additions and 13 deletions
--- a/base/openssl3/0051-Support-different-R_BITS-lengths-for-KBKDF.patch
+++ b/base/openssl3/0051-Support-different-R_BITS-lengths-for-KBKDF.patch
@ -275,16 +275,17 @@ diff --git a/test/evp_test.c b/test/evp_test.c
 index 70996195f0cb..6ae862b04403 100644
 --- a/test/evp_test.c
 +++ b/test/evp_test.c
-@@ -2639,6 +2639,12 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
-         TEST_info("skipping, '%s' is disabled", p);
+@@ -2800,6 +2800,13 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
         t->skip = 1;
     }
+ 
 +    if (p != NULL
 +        && (strcmp(name, "mac") == 0)
 +        && is_mac_disabled(p)) {
 +        TEST_info("skipping, '%s' is disabled", p);
 +        t->skip = 1;
 +    }
+
     OPENSSL_free(name);
     return 1;
 }
--- a/base/openssl3/0060-FIPS-KAT-signature-tests.patch
+++ b/base/openssl3/0060-FIPS-KAT-signature-tests.patch
@ -56,7 +56,7 @@ diff -up openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature openssl-3.0.1/c
 #define MIN_ECDSA_SIGN_ORDERBITS 64
 /*
  * It is highly unlikely that a retry will happen,
-@@ -137,6 +141,12 @@
+@@ -142,6 +146,12 @@
         goto err;
 
     do {
@ -69,16 +69,17 @@ diff -up openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature openssl-3.0.1/c
         /* get random k */
         do {
             if (dgst != NULL) {
-@@ -152,6 +162,9 @@
-                 }
+@@ -158,6 +168,10 @@
             }
-         } while (BN_is_zero(k));
+         } while (ossl_bn_is_word_fixed_top(k, 0));
+ 
 +#ifdef FIPS_MODULE
 +        }
 +#endif
- 
+
         /* compute r the x-coordinate of generator * k */
         if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
+             ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
 diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_key.c
 --- openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature	2022-04-04 13:48:52.231172299 +0200
 +++ openssl-3.0.1/crypto/ec/ec_key.c	2022-04-04 14:00:35.077368605 +0200
--- a/base/openssl3/0078-Add-FIPS-indicator-parameter-to-HKDF.patch
+++ b/base/openssl3/0078-Add-FIPS-indicator-parameter-to-HKDF.patch
@ -47,9 +47,9 @@ diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/k
 index afdb7138e1..9d28d292d8 100644
 --- a/providers/implementations/kdfs/hkdf.c
 +++ b/providers/implementations/kdfs/hkdf.c
-@@ -298,6 +298,56 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
-             return 0;
-         return OSSL_PARAM_set_size_t(p, sz);
+@@ -347,6 +347,56 @@
+         }
+         return OSSL_PARAM_set_octet_string(p, ctx->info, ctx->info_len);
     }
 +
 +#ifdef FIPS_MODULE
@ -104,10 +104,10 @@ index afdb7138e1..9d28d292d8 100644
     return -2;
 }
 
-@@ -306,6 +356,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
- {
+@@ -356,6 +406,9 @@
     static const OSSL_PARAM known_gettable_ctx_params[] = {
         OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
+         OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0),
 +#ifdef FIPS_MODULE
 +        OSSL_PARAM_int(OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR, NULL),
 +#endif /* defined(FIPS_MODULE) */
--- a/base/openssl3/openssl3.spec
+++ b/base/openssl3/openssl3.spec
@ -20,7 +20,7 @@

 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl3
-Version: 3.0.13
+Version: 3.0.14
 Release: 1%{?dist}
 Epoch: 1

@ -541,6 +541,9 @@ rm -f %{buildroot}%{_bindir}/{make,renew}-dummy-cert
 %ldconfig_scriptlets libs

 %changelog
+* Fri Jun  7 2024 Raven <raven@sysadmins.ws> - 1:3.0.14-1
+- update to 3.0.14
+
 * Tue Feb  6 2024 Raven <raven@sysadmins.ws> - 1:3.0.13-1
 - update to 3.0.13