[rpms/openssl] rebase_40beta: add back support for secp521r1 EC curve

[rpms/openssl] rebase_40beta: add back support for secp521r1 EC curve

[Tomas Mraz]

            A new commit has been pushed.

            Repo   : rpms/openssl
            Branch : rebase_40beta
            Commit : 83d99a68af4dfed0bc8c4c651375331b7de75502
            Author : Tomas Mraz <tmraz@fedoraproject.org>
            Date   : 2013-11-08T18:16:49+01:00
            Stats  : +111/-56 in 5 file(s)
            URL    : https://src.fedoraproject.org/rpms/openssl/c/83d99a68af4dfed0bc8c4c651375331b7de75502?branch=rebase_40beta

            Log:
            add back support for secp521r1 EC curve

- add aarch64 to Configure (#969692)

---
diff --git a/ec_curve.c b/ec_curve.c
index 0690f8b..0c287bf 100644
--- a/ec_curve.c
+++ b/ec_curve.c
@@ -120,6 +120,56 @@ static const struct { EC_CURVE_DATA h; unsigned char data[20+48*6]; }
 	  0xEC,0xEC,0x19,0x6A,0xCC,0xC5,0x29,0x73 }
 	};
 
+static const struct { EC_CURVE_DATA h; unsigned char data[20+66*6]; }
+	_EC_NIST_PRIME_521 = {
+	{ NID_X9_62_prime_field,20,66,1 },
+	{ 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC,	/* seed */
+	  0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA,
+
+	  0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,
+	  0x00,0x51,0x95,0x3E,0xB9,0x61,0x8E,0x1C,0x9A,0x1F,	/* b */
+	  0x92,0x9A,0x21,0xA0,0xB6,0x85,0x40,0xEE,0xA2,0xDA,
+	  0x72,0x5B,0x99,0xB3,0x15,0xF3,0xB8,0xB4,0x89,0x91,
+	  0x8E,0xF1,0x09,0xE1,0x56,0x19,0x39,0x51,0xEC,0x7E,
+	  0x93,0x7B,0x16,0x52,0xC0,0xBD,0x3B,0xB1,0xBF,0x07,
+	  0x35,0x73,0xDF,0x88,0x3D,0x2C,0x34,0xF1,0xEF,0x45,
+	  0x1F,0xD4,0x6B,0x50,0x3F,0x00,
+	  0x00,0xC6,0x85,0x8E,0x06,0xB7,0x04,0x04,0xE9,0xCD,	/* x */
+	  0x9E,0x3E,0xCB,0x66,0x23,0x95,0xB4,0x42,0x9C,0x64,
+	  0x81,0x39,0x05,0x3F,0xB5,0x21,0xF8,0x28,0xAF,0x60,
+	  0x6B,0x4D,0x3D,0xBA,0xA1,0x4B,0x5E,0x77,0xEF,0xE7,
+	  0x59,0x28,0xFE,0x1D,0xC1,0x27,0xA2,0xFF,0xA8,0xDE,
+	  0x33,0x48,0xB3,0xC1,0x85,0x6A,0x42,0x9B,0xF9,0x7E,
+	  0x7E,0x31,0xC2,0xE5,0xBD,0x66,
+	  0x01,0x18,0x39,0x29,0x6a,0x78,0x9a,0x3b,0xc0,0x04,	/* y */
+	  0x5c,0x8a,0x5f,0xb4,0x2c,0x7d,0x1b,0xd9,0x98,0xf5,
+	  0x44,0x49,0x57,0x9b,0x44,0x68,0x17,0xaf,0xbd,0x17,
+	  0x27,0x3e,0x66,0x2c,0x97,0xee,0x72,0x99,0x5e,0xf4,
+	  0x26,0x40,0xc5,0x50,0xb9,0x01,0x3f,0xad,0x07,0x61,
+	  0x35,0x3c,0x70,0x86,0xa2,0x72,0xc2,0x40,0x88,0xbe,
+	  0x94,0x76,0x9f,0xd1,0x66,0x50,
+	  0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFA,0x51,0x86,0x87,0x83,0xBF,0x2F,
+	  0x96,0x6B,0x7F,0xCC,0x01,0x48,0xF7,0x09,0xA5,0xD0,
+	  0x3B,0xB5,0xC9,0xB8,0x89,0x9C,0x47,0xAE,0xBB,0x6F,
+	  0xB7,0x1E,0x91,0x38,0x64,0x09 }
+	};
+
 static const struct { EC_CURVE_DATA h; unsigned char data[20+32*6]; }
 	_EC_X9_62_PRIME_256V1 = {
 	{ NID_X9_62_prime_field,20,32,1 },
@@ -165,6 +215,11 @@ static const ec_list_element curve_list[] = {
 	/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
 	{ NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, "NIST/SECG curve over a 384 bit prime field" },
 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+	{ NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method, "NIST/SECG curve over a 521 bit prime field" },
+#else
+	{ NID_secp521r1, &_EC_NIST_PRIME_521.h, 0, "NIST/SECG curve over a 521 bit prime field" },
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
 	{ NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, EC_GFp_nistp256_method, "X9.62/SECG curve over a 256 bit prime field" },
 #else
 	{ NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, 0, "X9.62/SECG curve over a 256 bit prime field" },

diff --git a/openssl-1.0.1-beta2-rpmbuild.patch b/openssl-1.0.1-beta2-rpmbuild.patch
index bca5613..a4bb691 100644
--- a/openssl-1.0.1-beta2-rpmbuild.patch
+++ b/openssl-1.0.1-beta2-rpmbuild.patch
@@ -34,7 +34,7 @@ diff -up openssl-1.0.1-beta2/Configure.rpmbuild openssl-1.0.1-beta2/Configure
  #### So called "highgprs" target for z/Architecture CPUs
  # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
  # /proc/cpuinfo. The idea is to preserve most significant bits of
-@@ -373,16 +373,16 @@ my %table=(
+@@ -373,16 +373,17 @@ my %table=(
  # ldconfig and run-time linker to autodiscover. Unfortunately it
  # doesn't work just yet, because of couple of bugs in glibc
  # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
@@ -52,10 +52,11 @@ diff -up openssl-1.0.1-beta2/Configure.rpmbuild openssl-1.0.1-beta2/Configure
  # GCC 3.1 is a requirement
 -"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 +"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
++"linux-aarch64","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
  #### Alpha Linux with GNU C and Compaq C setups
  # Special notes:
  # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
-@@ -396,8 +396,8 @@ my %table=(
+@@ -396,8 +397,8 @@ my %table=(
  #
  #					<appro@fy.chalmers.se>
  #
@@ -66,7 +67,7 @@ diff -up openssl-1.0.1-beta2/Configure.rpmbuild openssl-1.0.1-beta2/Configure
  "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
  "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
  
-@@ -1678,7 +1678,7 @@ while (<IN>)
+@@ -1678,7 +1679,7 @@ while (<IN>)
  	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
  		{
  		my $sotmp = $1;

diff --git a/openssl-1.0.1e-ecc-suiteb.patch b/openssl-1.0.1e-ecc-suiteb.patch
index 95b192a..dc87b00 100644
--- a/openssl-1.0.1e-ecc-suiteb.patch
+++ b/openssl-1.0.1e-ecc-suiteb.patch
@@ -1,7 +1,7 @@
 diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
---- openssl-1.0.1e/apps/speed.c.suiteb	2013-10-18 17:38:22.288870517 +0200
-+++ openssl-1.0.1e/apps/speed.c	2013-10-18 17:38:22.336871572 +0200
-@@ -966,49 +966,21 @@ int MAIN(int argc, char **argv)
+--- openssl-1.0.1e/apps/speed.c.suiteb	2013-11-08 18:02:53.815229706 +0100
++++ openssl-1.0.1e/apps/speed.c	2013-11-08 18:04:47.016724297 +0100
+@@ -966,49 +966,23 @@ int MAIN(int argc, char **argv)
  		else
  #endif
  #ifndef OPENSSL_NO_ECDSA
@@ -11,7 +11,7 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
 -		else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
 +		if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
  		else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
--		else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
+ 		else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
 -		else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;
 -		else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;
 -		else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;
@@ -25,7 +25,7 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
  		else if (strcmp(*argv,"ecdsa") == 0)
  			{
 -			for (i=0; i < EC_NUM; i++)
-+			for (i=R_EC_P256; i <= R_EC_P384; i++)
++			for (i=R_EC_P256; i <= R_EC_P521; i++)
  				ecdsa_doit[i]=1;
  			}
  		else
@@ -37,7 +37,7 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
 -		else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
 +		if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
  		else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
--		else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
+ 		else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
 -		else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;
 -		else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;
 -		else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;
@@ -51,52 +51,52 @@ diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
  		else if (strcmp(*argv,"ecdh") == 0)
  			{
 -			for (i=0; i < EC_NUM; i++)
-+			for (i=R_EC_P256; i <= R_EC_P384; i++)
++			for (i=R_EC_P256; i <= R_EC_P521; i++)
  				ecdh_doit[i]=1;
  			}
  		else
-@@ -1097,15 +1069,11 @@ int MAIN(int argc, char **argv)
+@@ -1097,15 +1071,11 @@ int MAIN(int argc, char **argv)
  			BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");
  #endif
  #ifndef OPENSSL_NO_ECDSA
 -			BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
 -			BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
 -			BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
-+			BIO_printf(bio_err,"ecdsap256 ecdsap384\n");
++			BIO_printf(bio_err,"ecdsap256 ecdsap384 ecdsap521\n");
  			BIO_printf(bio_err,"ecdsa\n");
  #endif
  #ifndef OPENSSL_NO_ECDH
 -			BIO_printf(bio_err,"ecdhp160  ecdhp192  ecdhp224  ecdhp256  ecdhp384  ecdhp521\n");
 -			BIO_printf(bio_err,"ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");
 -			BIO_printf(bio_err,"ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
-+			BIO_printf(bio_err,"ecdhp256  ecdhp384\n");
++			BIO_printf(bio_err,"ecdhp256  ecdhp384 ecdhp521\n");
  			BIO_printf(bio_err,"ecdh\n");
  #endif
  
-@@ -1184,11 +1152,11 @@ int MAIN(int argc, char **argv)
+@@ -1184,11 +1154,11 @@ int MAIN(int argc, char **argv)
  		    if (!FIPS_mode() || i != R_DSA_512)
  			dsa_doit[i]=1;
  #ifndef OPENSSL_NO_ECDSA
 -		for (i=0; i<EC_NUM; i++)
-+		for (i=R_EC_P256; i <= R_EC_P384; i++)
++		for (i=R_EC_P256; i <= R_EC_P521; i++)
  			ecdsa_doit[i]=1;
  #endif
  #ifndef OPENSSL_NO_ECDH
 -		for (i=0; i<EC_NUM; i++)
-+		for (i=R_EC_P256; i <= R_EC_P384; i++)
++		for (i=R_EC_P256; i <= R_EC_P521; i++)
  			ecdh_doit[i]=1;
  #endif
  		}
 diff -up openssl-1.0.1e/ssl/t1_lib.c.suiteb openssl-1.0.1e/ssl/t1_lib.c
 --- openssl-1.0.1e/ssl/t1_lib.c.suiteb	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/ssl/t1_lib.c	2013-10-24 09:41:11.892179845 +0200
-@@ -204,31 +204,8 @@ static int nid_list[] =
++++ openssl-1.0.1e/ssl/t1_lib.c	2013-11-08 18:05:27.551617554 +0100
+@@ -204,31 +204,9 @@ static int nid_list[] =
  
  static int pref_list[] =
  	{
 -		NID_sect571r1, /* sect571r1 (14) */ 
 -		NID_sect571k1, /* sect571k1 (13) */ 
--		NID_secp521r1, /* secp521r1 (25) */	
+ 		NID_secp521r1, /* secp521r1 (25) */	
 -		NID_sect409k1, /* sect409k1 (11) */ 
 -		NID_sect409r1, /* sect409r1 (12) */
  		NID_secp384r1, /* secp384r1 (24) */

diff --git a/openssl-1.0.1e-fips-ec.patch b/openssl-1.0.1e-fips-ec.patch
index 567e1db..7287dae 100644
--- a/openssl-1.0.1e-fips-ec.patch
+++ b/openssl-1.0.1e-fips-ec.patch
@@ -1,6 +1,6 @@
 diff -up openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1e/crypto/ecdh/ecdh.h
---- openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec	2013-05-03 12:19:59.248301642 +0200
-+++ openssl-1.0.1e/crypto/ecdh/ecdh.h	2013-05-03 12:19:59.975317289 +0200
+--- openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec	2013-11-08 17:59:42.755019363 +0100
++++ openssl-1.0.1e/crypto/ecdh/ecdh.h	2013-11-08 17:59:43.147028002 +0100
 @@ -85,6 +85,8 @@
  extern "C" {
  #endif
@@ -12,8 +12,8 @@ diff -up openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1e/crypto/ecdh/ec
  void	  ECDH_set_default_method(const ECDH_METHOD *);
 diff -up openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1e/crypto/ecdh/ecdhtest.c
 --- openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdh/ecdhtest.c	2013-05-03 12:19:59.975317289 +0200
-@@ -323,11 +323,15 @@ int main(int argc, char *argv[])
++++ openssl-1.0.1e/crypto/ecdh/ecdhtest.c	2013-11-08 17:59:54.712282862 +0100
+@@ -323,8 +323,10 @@ int main(int argc, char *argv[])
  	if ((ctx=BN_CTX_new()) == NULL) goto err;
  
  	/* NIST PRIME CURVES TESTS */
@@ -23,15 +23,10 @@ diff -up openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1e/crypto/ecd
 +#endif
  	if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
  	if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
-+#if 0
  	if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
-+#endif
- #ifndef OPENSSL_NO_EC2M
- 	/* NIST BINARY CURVES TESTS */
- 	if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
 diff -up openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1e/crypto/ecdh/ech_lib.c
 --- openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdh/ech_lib.c	2013-05-03 12:19:59.976317311 +0200
++++ openssl-1.0.1e/crypto/ecdh/ech_lib.c	2013-11-08 17:59:43.148028024 +0100
 @@ -94,14 +94,7 @@ const ECDH_METHOD *ECDH_get_default_meth
  	{
  	if(!default_ECDH_method) 
@@ -49,7 +44,7 @@ diff -up openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1e/crypto/ecdh
  	}
 diff -up openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1e/crypto/ecdh/ech_ossl.c
 --- openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdh/ech_ossl.c	2013-05-03 12:19:59.976317311 +0200
++++ openssl-1.0.1e/crypto/ecdh/ech_ossl.c	2013-11-08 17:59:43.148028024 +0100
 @@ -79,6 +79,10 @@
  #include <openssl/obj_mac.h>
  #include <openssl/bn.h>
@@ -106,7 +101,7 @@ diff -up openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1e/crypto/ecd
  		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
 diff -up openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecdsatest.c
 --- openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdsa/ecdsatest.c	2013-05-03 12:19:59.976317311 +0200
++++ openssl-1.0.1e/crypto/ecdsa/ecdsatest.c	2013-11-08 17:59:43.148028024 +0100
 @@ -138,11 +138,14 @@ int restore_rand(void)
  	}
  
@@ -144,7 +139,7 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1e/crypto/e
  	ret = 0;
 diff -up openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_lib.c
 --- openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdsa/ecs_lib.c	2013-05-03 12:19:59.977317333 +0200
++++ openssl-1.0.1e/crypto/ecdsa/ecs_lib.c	2013-11-08 17:59:43.148028024 +0100
 @@ -81,14 +81,7 @@ const ECDSA_METHOD *ECDSA_get_default_me
  {
  	if(!default_ECDSA_method) 
@@ -162,7 +157,7 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1e/crypto/ecd
  }
 diff -up openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c
 --- openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c	2013-05-03 12:19:59.977317333 +0200
++++ openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c	2013-11-08 17:59:43.148028024 +0100
 @@ -60,6 +60,9 @@
  #include <openssl/err.h>
  #include <openssl/obj_mac.h>
@@ -214,7 +209,7 @@ diff -up openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1e/crypto/ec
  	    (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)
 diff -up openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec openssl-1.0.1e/crypto/ec/ec_key.c
 --- openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ec/ec_key.c	2013-05-03 12:19:59.978317354 +0200
++++ openssl-1.0.1e/crypto/ec/ec_key.c	2013-11-08 17:59:43.148028024 +0100
 @@ -64,9 +64,6 @@
  #include <string.h>
  #include "ec_lcl.h"
@@ -313,7 +308,7 @@ diff -up openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec openssl-1.0.1e/crypto/ec/ec_k
  			EC_R_COORDINATES_OUT_OF_RANGE);
 diff -up openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_mont.c
 --- openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ec/ecp_mont.c	2013-05-03 12:19:59.978317354 +0200
++++ openssl-1.0.1e/crypto/ec/ecp_mont.c	2013-11-08 17:59:43.149028046 +0100
 @@ -63,18 +63,11 @@
  
  #include <openssl/err.h>
@@ -343,7 +338,7 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1e/crypto/ec/ec
  
 diff -up openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_nist.c
 --- openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ec/ecp_nist.c	2013-05-03 12:19:59.978317354 +0200
++++ openssl-1.0.1e/crypto/ec/ecp_nist.c	2013-11-08 17:59:43.149028046 +0100
 @@ -67,15 +67,8 @@
  #include <openssl/obj_mac.h>
  #include "ec_lcl.h"
@@ -370,7 +365,7 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1e/crypto/ec/ec
  int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
 diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_smpl.c
 --- openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/ec/ecp_smpl.c	2013-05-03 12:19:59.979317376 +0200
++++ openssl-1.0.1e/crypto/ec/ecp_smpl.c	2013-11-08 17:59:43.149028046 +0100
 @@ -65,17 +65,10 @@
  #include <openssl/err.h>
  #include <openssl/symhacks.h>
@@ -412,7 +407,7 @@ diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ec
  		ctx = new_ctx = BN_CTX_new();
 diff -up openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1e/crypto/evp/m_ecdsa.c
 --- openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/crypto/evp/m_ecdsa.c	2013-05-03 12:19:59.979317376 +0200
++++ openssl-1.0.1e/crypto/evp/m_ecdsa.c	2013-11-08 17:59:43.149028046 +0100
 @@ -116,7 +116,6 @@
  #include <openssl/x509.h>
  
@@ -436,8 +431,8 @@ diff -up openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1e/crypto/evp/m
  #endif
 -#endif
 diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec	2013-05-03 12:19:59.980317397 +0200
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c	2013-05-03 12:19:59.980317397 +0200
+--- openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec	2013-11-08 17:59:43.149028046 +0100
++++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c	2013-11-08 17:59:43.149028046 +0100
 @@ -0,0 +1,496 @@
 +/* fips/ecdh/fips_ecdhvs.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -936,8 +931,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1e/cr
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c
---- openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec	2013-05-03 12:19:59.980317397 +0200
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c	2013-05-03 12:19:59.980317397 +0200
+--- openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec	2013-11-08 17:59:43.150028068 +0100
++++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c	2013-11-08 17:59:43.150028068 +0100
 @@ -0,0 +1,533 @@
 +/* fips/ecdsa/fips_ecdsavs.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -1473,8 +1468,8 @@ diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1e/c
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec	2013-05-03 12:19:59.981317418 +0200
-+++ openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c	2013-05-03 12:19:59.981317418 +0200
+--- openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec	2013-11-08 17:59:43.150028068 +0100
++++ openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c	2013-11-08 17:59:43.150028068 +0100
 @@ -0,0 +1,252 @@
 +/* fips/ecdh/fips_ecdh_selftest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -1729,8 +1724,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1e/
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c
---- openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec	2013-05-03 12:19:59.981317418 +0200
-+++ openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c	2013-05-03 12:19:59.981317418 +0200
+--- openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec	2013-11-08 17:59:43.150028068 +0100
++++ openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c	2013-11-08 17:59:43.150028068 +0100
 @@ -0,0 +1,167 @@
 +/* fips/ecdsa/fips_ecdsa_selftest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -1900,8 +1895,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1e
 +
 +#endif
 diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ec openssl-1.0.1e/crypto/fips/fips.h
---- openssl-1.0.1e/crypto/fips/fips.h.fips-ec	2013-05-03 12:19:59.942316578 +0200
-+++ openssl-1.0.1e/crypto/fips/fips.h	2013-05-03 12:19:59.981317418 +0200
+--- openssl-1.0.1e/crypto/fips/fips.h.fips-ec	2013-11-08 17:59:43.116027318 +0100
++++ openssl-1.0.1e/crypto/fips/fips.h	2013-11-08 17:59:43.150028068 +0100
 @@ -93,6 +93,8 @@ int FIPS_selftest_rsa(void);
  void FIPS_corrupt_dsa(void);
  void FIPS_corrupt_dsa_keygen(void);
@@ -1912,8 +1907,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ec openssl-1.0.1e/crypto/fips/fi
  void FIPS_rng_stick(void);
  void FIPS_x931_stick(int onoff);
 diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec openssl-1.0.1e/crypto/fips/fips_post.c
---- openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec	2013-05-03 12:19:59.942316578 +0200
-+++ openssl-1.0.1e/crypto/fips/fips_post.c	2013-05-03 12:19:59.982317439 +0200
+--- openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec	2013-11-08 17:59:43.117027340 +0100
++++ openssl-1.0.1e/crypto/fips/fips_post.c	2013-11-08 17:59:43.150028068 +0100
 @@ -95,8 +95,12 @@ int FIPS_selftest(void)
  		rv = 0;
  	if (!FIPS_selftest_rsa())
@@ -1928,8 +1923,8 @@ diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec openssl-1.0.1e/crypto/fi
  	}
  
 diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/Makefile
---- openssl-1.0.1e/crypto/fips/Makefile.fips-ec	2013-05-03 12:19:59.945316642 +0200
-+++ openssl-1.0.1e/crypto/fips/Makefile	2013-05-03 12:20:12.173579845 +0200
+--- openssl-1.0.1e/crypto/fips/Makefile.fips-ec	2013-11-08 17:59:43.119027384 +0100
++++ openssl-1.0.1e/crypto/fips/Makefile	2013-11-08 17:59:43.151028090 +0100
 @@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self
      fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c  fips_rand.c \
      fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
@@ -2032,9 +2027,9 @@ diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/
  fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
  fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 diff -up openssl-1.0.1e/version.map.fips-ec openssl-1.0.1e/version.map
---- openssl-1.0.1e/version.map.fips-ec	2013-05-03 12:19:59.000000000 +0200
-+++ openssl-1.0.1e/version.map	2013-05-09 11:11:08.022300608 +0200
-@@ -5,3 +5,7 @@ OPENSSL_1.0.1 {
+--- openssl-1.0.1e/version.map.fips-ec	2013-11-08 17:59:43.131027649 +0100
++++ openssl-1.0.1e/version.map	2013-11-08 17:59:43.151028090 +0100
+@@ -6,3 +6,7 @@ OPENSSL_1.0.1 {
  	    _original*;
  	    _current*;
  };

diff --git a/openssl.spec b/openssl.spec
index 7e07179..b1a0022 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1e
-Release: 30%{?dist}
+Release: 31%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -456,6 +456,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Fri Nov  8 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-31
+- add back support for secp521r1 EC curve
+- add aarch64 to Configure (#969692)
+
 * Tue Oct 29 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-30
 - fix misdetection of RDRAND support on Cyrix CPUS (from upstream) (#1022346)
 

[rpms/openssl] rebase_40beta: add back support for secp521r1 EC curve

[Tomas Mraz]

            A new commit has been pushed.

            Repo   : rpms/openssl
            Branch : rebase_40beta
            Commit : 1e5b73a1518870bb97670fc120eb94e35a69465f
            Author : Tomas Mraz <tmraz@fedoraproject.org>
            Date   : 2013-11-08T18:23:00+01:00
            Stats  : +47/-0 in 1 file(s)
            URL    : https://src.fedoraproject.org/rpms/openssl/c/1e5b73a1518870bb97670fc120eb94e35a69465f?branch=rebase_40beta

            Log:
            add back support for secp521r1 EC curve

- add aarch64 to Configure (#969692)

---
diff --git a/ectest.c b/ectest.c
index 1976979..921edcd 100644
--- a/ectest.c
+++ b/ectest.c
@@ -345,6 +345,53 @@ static void prime_field_tests(void)
 	if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
 	if (!EC_GROUP_copy(P_384, group)) ABORT;
 
+
+	/* Curve P-521 (FIPS PUB 186-2, App. 6) */
+	
+	if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
+	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+	if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
+	if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
+		"315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
+		"DF883D2C34F1EF451FD46B503F00")) ABORT;
+	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
+		"B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
+		"3C1856A429BF97E7E31C2E5BD66")) ABORT;
+	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
+		"C9B8899C47AEBB6FB71E91386409")) ABORT;
+	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+	fprintf(stdout, "\nNIST curve P-521 -- Generator:\n     x = 0x");
+	BN_print_fp(stdout, x);
+	fprintf(stdout, "\n     y = 0x");
+	BN_print_fp(stdout, y);
+	fprintf(stdout, "\n");
+	/* G_y value taken from the standard: */
+	if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
+		"B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
+		"7086A272C24088BE94769FD16650")) ABORT;
+	if (0 != BN_cmp(y, z)) ABORT;
+	
+	fprintf(stdout, "verify degree ...");
+	if (EC_GROUP_get_degree(group) != 521) ABORT;
+	fprintf(stdout, " ok\n");
+
+ 	group_order_tests(group);
+
+	if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+	if (!EC_GROUP_copy(P_521, group)) ABORT;
+
+
 	/* more tests using the last curve */
 
 	if (!EC_POINT_copy(Q, P)) ABORT;