[rpms/openssl] rebase_40beta: fix regression in EVP_PBE

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/openssl] rebase_40beta: fix regression in EVP_PBE_scrypt() (#1688284)
@ 2026-06-09 12:44 Tomas Mraz
  0 siblings, 0 replies; only message in thread
From: Tomas Mraz @ 2026-06-09 12:44 UTC (permalink / raw)
  To: git-commits

            A new commit has been pushed.

            Repo   : rpms/openssl
            Branch : rebase_40beta
            Commit : c99b8bf7f97fa320fa92a7e33543c13276e3a2fe
            Author : Tomas Mraz <tmraz@fedoraproject.org>
            Date   : 2019-03-15T16:05:02+01:00
            Stats  : +23/-15 in 4 file(s)
            URL    : https://src.fedoraproject.org/rpms/openssl/c/c99b8bf7f97fa320fa92a7e33543c13276e3a2fe?branch=rebase_40beta

            Log:
            fix regression in EVP_PBE_scrypt() (#1688284)

fix incorrect help message in ca app (#1553206)

---
diff --git a/openssl-1.1.0-apps-dgst.patch b/openssl-1.1.0-apps-dgst.patch
deleted file mode 100644
index af10684..0000000
--- a/openssl-1.1.0-apps-dgst.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up openssl-1.1.0-pre5/apps/ca.c.dgst openssl-1.1.0-pre5/apps/ca.c
---- openssl-1.1.0-pre5/apps/ca.c.dgst	2016-04-19 16:57:52.000000000 +0200
-+++ openssl-1.1.0-pre5/apps/ca.c	2016-07-18 15:58:18.516742682 +0200
-@@ -216,7 +216,7 @@ OPTIONS ca_options[] = {
-     {"enddate", OPT_ENDDATE, 's',
-      "YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
-     {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
--    {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
-+    {"md", OPT_MD, 's', "md to use; see openssl dgst -h for list"},
-     {"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
-     {"keyfile", OPT_KEYFILE, 's', "Private key"},
-     {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},

diff --git a/openssl-1.1.1-apps-dgst.patch b/openssl-1.1.1-apps-dgst.patch
new file mode 100644
index 0000000..655b6e2
--- /dev/null
+++ b/openssl-1.1.1-apps-dgst.patch
@@ -0,0 +1,12 @@
+diff -up openssl-1.1.1b/apps/ca.c.dgst openssl-1.1.1b/apps/ca.c
+--- openssl-1.1.1b/apps/ca.c.dgst	2019-02-26 15:15:30.000000000 +0100
++++ openssl-1.1.1b/apps/ca.c	2019-03-15 15:53:46.622267688 +0100
+@@ -169,7 +169,7 @@ const OPTIONS ca_options[] = {
+     {"enddate", OPT_ENDDATE, 's',
+      "YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
+     {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
+-    {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
++    {"md", OPT_MD, 's', "md to use; see openssl help for list"},
+     {"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
+     {"keyfile", OPT_KEYFILE, 's', "Private key"},
+     {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},

diff --git a/openssl-1.1.1-evp-kdf.patch b/openssl-1.1.1-evp-kdf.patch
index e71d84a..48169fa 100644
--- a/openssl-1.1.1-evp-kdf.patch
+++ b/openssl-1.1.1-evp-kdf.patch
@@ -634,7 +634,7 @@ diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/ev
  /*
   * Maximum permitted memory allow this to be overridden with Configuration
   * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible.
-@@ -160,107 +37,39 @@ int EVP_PBE_scrypt(const char *pass, siz
+@@ -160,107 +37,43 @@ int EVP_PBE_scrypt(const char *pass, siz
                     uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
                     unsigned char *key, size_t keylen)
  {
@@ -706,6 +706,10 @@ diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/ev
 +    if (pass == NULL) {
 +        pass = empty;
 +        passlen = 0;
++    }
++    if (salt == NULL) {
++        salt = (const unsigned char *)empty;
++        saltlen = 0;
      }
 -
      if (maxmem == 0)

diff --git a/openssl.spec b/openssl.spec
index 9c89bab..f5b5845 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -22,7 +22,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.1.1b
-Release: 2%{?dist}
+Release: 3%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -47,7 +47,7 @@ Patch21: openssl-1.1.0-issuer-hash.patch
 # Functionality changes
 Patch31: openssl-1.1.1-conf-paths.patch
 Patch32: openssl-1.1.1-version-add-engines.patch
-Patch33: openssl-1.1.0-apps-dgst.patch
+Patch33: openssl-1.1.1-apps-dgst.patch
 Patch36: openssl-1.1.1-no-brainpool.patch
 Patch37: openssl-1.1.1-ec-curves.patch
 Patch38: openssl-1.1.1-no-weak-verify.patch
@@ -448,6 +448,10 @@ export LD_LIBRARY_PATH
 %ldconfig_scriptlets libs
 
 %changelog
+* Fri Mar 15 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-3
+- fix regression in EVP_PBE_scrypt() (#1688284)
+- fix incorrect help message in ca app (#1553206)
+
 * Fri Mar  1 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1b-2
 - use .include = syntax in the config file to allow it
   to be parsed by 1.0.2 version (#1668916)

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-09 12:44 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:44 [rpms/openssl] rebase_40beta: fix regression in EVP_PBE_scrypt() (#1688284) Tomas Mraz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox