public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] rebase_40beta: update to the 1.1.1f release
@ 2026-06-09 12:44 Tomas Mraz
0 siblings, 0 replies; only message in thread
From: Tomas Mraz @ 2026-06-09 12:44 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 5004ccfb250b6b8e6e1ac40ee91433090dc19366
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2020-04-07T16:50:53+02:00
Stats : +716/-160 in 9 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/5004ccfb250b6b8e6e1ac40ee91433090dc19366?branch=rebase_40beta
Log:
update to the 1.1.1f release
---
diff --git a/.gitignore b/.gitignore
index d7d7167..f42fbf0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -46,3 +46,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.1.1c-hobbled.tar.xz
/openssl-1.1.1d-hobbled.tar.xz
/openssl-1.1.1e-hobbled.tar.xz
+/openssl-1.1.1f-hobbled.tar.xz
diff --git a/openssl-1.1.1-build.patch b/openssl-1.1.1-build.patch
index cfe20f6..c0ef62b 100644
--- a/openssl-1.1.1-build.patch
+++ b/openssl-1.1.1-build.patch
@@ -1,28 +1,7 @@
-diff -up openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl
---- openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build 2018-06-20 16:48:09.000000000 +0200
-+++ openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl 2018-07-16 17:15:38.108831031 +0200
-@@ -680,7 +680,7 @@ uninstall_runtime:
- install_man_docs:
- @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
- @$(ECHO) "*** Installing manpages"
-- $(PERL) $(SRCDIR)/util/process_docs.pl \
-+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
- --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX)
-
- uninstall_man_docs:
-@@ -692,7 +692,7 @@ uninstall_man_docs:
- install_html_docs:
- @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
- @$(ECHO) "*** Installing HTML manpages"
-- $(PERL) $(SRCDIR)/util/process_docs.pl \
-+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
- --destdir=$(DESTDIR)$(HTMLDIR) --type=html
-
- uninstall_html_docs:
-diff -up openssl-1.1.1-pre8/Configurations/10-main.conf.build openssl-1.1.1-pre8/Configurations/10-main.conf
---- openssl-1.1.1-pre8/Configurations/10-main.conf.build 2018-06-20 16:48:09.000000000 +0200
-+++ openssl-1.1.1-pre8/Configurations/10-main.conf 2018-07-16 17:17:10.312045203 +0200
-@@ -693,6 +693,7 @@ my %targets = (
+diff -up openssl-1.1.1f/Configurations/10-main.conf.build openssl-1.1.1f/Configurations/10-main.conf
+--- openssl-1.1.1f/Configurations/10-main.conf.build 2020-03-31 14:17:45.000000000 +0200
++++ openssl-1.1.1f/Configurations/10-main.conf 2020-04-07 16:42:10.920546387 +0200
+@@ -678,6 +678,7 @@ my %targets = (
cxxflags => add("-m64"),
lib_cppflags => add("-DL_ENDIAN"),
perlasm_scheme => "linux64le",
@@ -30,7 +9,7 @@ diff -up openssl-1.1.1-pre8/Configurations/10-main.conf.build openssl-1.1.1-pre8
},
"linux-armv4" => {
-@@ -733,6 +734,7 @@ my %targets = (
+@@ -718,6 +719,7 @@ my %targets = (
"linux-aarch64" => {
inherit_from => [ "linux-generic64", asm("aarch64_asm") ],
perlasm_scheme => "linux64",
@@ -38,3 +17,24 @@ diff -up openssl-1.1.1-pre8/Configurations/10-main.conf.build openssl-1.1.1-pre8
},
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
inherit_from => [ "linux-generic32", asm("aarch64_asm") ],
+diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build openssl-1.1.1f/Configurations/unix-Makefile.tmpl
+--- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build 2020-04-07 16:42:10.920546387 +0200
++++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-04-07 16:44:23.539142108 +0200
+@@ -823,7 +823,7 @@ uninstall_runtime_libs:
+ install_man_docs:
+ @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+ @$(ECHO) "*** Installing manpages"
+- $(PERL) $(SRCDIR)/util/process_docs.pl \
++ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
+ "--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX)
+
+ uninstall_man_docs:
+@@ -835,7 +835,7 @@ uninstall_man_docs:
+ install_html_docs:
+ @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+ @$(ECHO) "*** Installing HTML manpages"
+- $(PERL) $(SRCDIR)/util/process_docs.pl \
++ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
+ "--destdir=$(DESTDIR)$(HTMLDIR)" --type=html
+
+ uninstall_html_docs:
diff --git a/openssl-1.1.1-eof-error-revert.patch b/openssl-1.1.1-eof-error-revert.patch
deleted file mode 100644
index cfb0d6d..0000000
--- a/openssl-1.1.1-eof-error-revert.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-diff -up openssl-1.1.1e/CHANGES.eof-revert openssl-1.1.1e/CHANGES
---- openssl-1.1.1e/CHANGES.eof-revert 2020-03-26 15:07:42.123628736 +0100
-+++ openssl-1.1.1e/CHANGES 2020-03-26 15:10:13.309733024 +0100
-@@ -8,7 +8,8 @@
- release branch.
-
- Changes between 1.1.1d and 1.1.1e [17 Mar 2020]
-- *) Properly detect EOF while reading in libssl. Previously if we hit an EOF
-+ *) **** REVERTED on 1.1.1 branch after 1.1.1e release ****
-+ Properly detect EOF while reading in libssl. Previously if we hit an EOF
- while reading in libssl then we would report an error back to the
- application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
- an error to the stack (which means we instead return SSL_ERROR_SSL) and
-diff -up openssl-1.1.1e/crypto/err/openssl.txt.eof-revert openssl-1.1.1e/crypto/err/openssl.txt
---- openssl-1.1.1e/crypto/err/openssl.txt.eof-revert 2020-03-26 15:07:42.085629464 +0100
-+++ openssl-1.1.1e/crypto/err/openssl.txt 2020-03-26 15:07:42.124628717 +0100
-@@ -2901,7 +2901,6 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:2
- SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
- SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
- SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
--SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading
- SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
- SSL_R_UNEXPECTED_RECORD:245:unexpected record
- SSL_R_UNINITIALIZED:276:uninitialized
-diff -up openssl-1.1.1e/doc/man3/SSL_get_error.pod.eof-revert openssl-1.1.1e/doc/man3/SSL_get_error.pod
---- openssl-1.1.1e/doc/man3/SSL_get_error.pod.eof-revert 2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/doc/man3/SSL_get_error.pod 2020-03-26 15:07:42.125628698 +0100
-@@ -155,6 +155,18 @@ connection and SSL_shutdown() must not b
-
- =back
-
-+=head1 BUGS
-+
-+The B<SSL_ERROR_SYSCALL> with B<errno> value of 0 indicates unexpected EOF from
-+the peer. This will be properly reported as B<SSL_ERROR_SSL> with reason
-+code B<SSL_R_UNEXPECTED_EOF_WHILE_READING> in the OpenSSL 3.0 release because
-+it is truly a TLS protocol error to terminate the connection without
-+a SSL_shutdown().
-+
-+The issue is kept unfixed in OpenSSL 1.1.1 releases because many applications
-+which choose to ignore this protocol error depend on the existing way of
-+reporting the error.
-+
- =head1 SEE ALSO
-
- L<ssl(7)>
-diff -up openssl-1.1.1e/include/openssl/sslerr.h.eof-revert openssl-1.1.1e/include/openssl/sslerr.h
---- openssl-1.1.1e/include/openssl/sslerr.h.eof-revert 2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/include/openssl/sslerr.h 2020-03-26 15:07:42.125628698 +0100
-@@ -1,6 +1,6 @@
- /*
- * Generated by util/mkerr.pl DO NOT EDIT
-- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
-@@ -734,7 +734,6 @@ int ERR_load_SSL_strings(void);
- # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
- # define SSL_R_UNEXPECTED_CCS_MESSAGE 262
- # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178
--# define SSL_R_UNEXPECTED_EOF_WHILE_READING 294
- # define SSL_R_UNEXPECTED_MESSAGE 244
- # define SSL_R_UNEXPECTED_RECORD 245
- # define SSL_R_UNINITIALIZED 276
-diff -up openssl-1.1.1e/ssl/record/rec_layer_s3.c.eof-revert openssl-1.1.1e/ssl/record/rec_layer_s3.c
---- openssl-1.1.1e/ssl/record/rec_layer_s3.c.eof-revert 2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/ssl/record/rec_layer_s3.c 2020-03-26 15:07:42.125628698 +0100
-@@ -296,12 +296,6 @@ int ssl3_read_n(SSL *s, size_t n, size_t
- ret = BIO_read(s->rbio, pkt + len + left, max - left);
- if (ret >= 0)
- bioread = ret;
-- if (ret <= 0
-- && !BIO_should_retry(s->rbio)
-- && BIO_eof(s->rbio)) {
-- SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_READ_N,
-- SSL_R_UNEXPECTED_EOF_WHILE_READING);
-- }
- } else {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
- SSL_R_READ_BIO_NOT_SET);
-diff -up openssl-1.1.1e/ssl/ssl_err.c.eof-revert openssl-1.1.1e/ssl/ssl_err.c
---- openssl-1.1.1e/ssl/ssl_err.c.eof-revert 2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/ssl/ssl_err.c 2020-03-26 15:07:42.126628679 +0100
-@@ -1,6 +1,6 @@
- /*
- * Generated by util/mkerr.pl DO NOT EDIT
-- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
-@@ -1205,8 +1205,6 @@ static const ERR_STRING_DATA SSL_str_rea
- "unexpected ccs message"},
- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
- "unexpected end of early data"},
-- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING),
-- "unexpected eof while reading"},
- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"},
- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
diff --git a/openssl-1.1.1-no-html.patch b/openssl-1.1.1-no-html.patch
index 6688d1c..d0e335e 100644
--- a/openssl-1.1.1-no-html.patch
+++ b/openssl-1.1.1-no-html.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.1.1d/Configurations/unix-Makefile.tmpl.no-html openssl-1.1.1d/Configurations/unix-Makefile.tmpl
---- openssl-1.1.1d/Configurations/unix-Makefile.tmpl.no-html 2019-09-13 15:00:32.976774673 +0200
-+++ openssl-1.1.1d/Configurations/unix-Makefile.tmpl 2019-09-13 15:02:22.283864321 +0200
+diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html openssl-1.1.1f/Configurations/unix-Makefile.tmpl
+--- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html 2020-04-07 16:45:21.904083989 +0200
++++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-04-07 16:45:56.218461895 +0200
@@ -544,7 +544,7 @@ install_sw: install_dev install_engines
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
@@ -9,4 +9,4 @@ diff -up openssl-1.1.1d/Configurations/unix-Makefile.tmpl.no-html openssl-1.1.1d
+install_docs: install_man_docs
uninstall_docs: uninstall_man_docs uninstall_html_docs
- $(RM) -r $(DESTDIR)$(DOCDIR)
+ $(RM) -r "$(DESTDIR)$(DOCDIR)"
diff --git a/openssl-1.1.1-regression-fixes.patch b/openssl-1.1.1-regression-fixes.patch
deleted file mode 100644
index 11099a1..0000000
--- a/openssl-1.1.1-regression-fixes.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -up openssl-1.1.1b/crypto/conf/conf_lib.c.regression openssl-1.1.1b/crypto/conf/conf_lib.c
---- openssl-1.1.1b/crypto/conf/conf_lib.c.regression 2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/conf/conf_lib.c 2019-05-10 14:28:57.718049429 +0200
-@@ -356,8 +356,10 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(
- {
- OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret));
-
-- if (ret != NULL)
-- memset(ret, 0, sizeof(*ret));
-+ if (ret == NULL)
-+ return NULL;
-+
-+ memset(ret, 0, sizeof(*ret));
- ret->flags = DEFAULT_CONF_MFLAGS;
-
- return ret;
diff --git a/openssl-1.1.1-upstream-sync.patch b/openssl-1.1.1-upstream-sync.patch
new file mode 100644
index 0000000..6904a03
--- /dev/null
+++ b/openssl-1.1.1-upstream-sync.patch
@@ -0,0 +1,671 @@
+diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
+index 336afc989d..831b74ce6c 100644
+--- a/crypto/ec/ec_asn1.c
++++ b/crypto/ec/ec_asn1.c
+@@ -1297,5 +1297,7 @@ int ECDSA_size(const EC_KEY *r)
+ i = i2d_ASN1_INTEGER(&bs, NULL);
+ i += i; /* r and s */
+ ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
++ if (ret < 0)
++ return 0;
+ return ret;
+ }
+diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
+index 3554ada827..22b00e203d 100644
+--- a/crypto/ec/ec_lib.c
++++ b/crypto/ec/ec_lib.c
+@@ -1007,14 +1007,14 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+ size_t i = 0;
+ BN_CTX *new_ctx = NULL;
+
+- if ((scalar == NULL) && (num == 0)) {
+- return EC_POINT_set_to_infinity(group, r);
+- }
+-
+ if (!ec_point_is_compat(r, group)) {
+ ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
++
++ if (scalar == NULL && num == 0)
++ return EC_POINT_set_to_infinity(group, r);
++
+ for (i = 0; i < num; i++) {
+ if (!ec_point_is_compat(points[i], group)) {
+ ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
+index 7980a67282..d2e4773270 100644
+--- a/crypto/ec/ec_mult.c
++++ b/crypto/ec/ec_mult.c
+@@ -260,17 +260,10 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
+ goto err;
+ }
+
+- /*-
+- * Apply coordinate blinding for EC_POINT.
+- *
+- * The underlying EC_METHOD can optionally implement this function:
+- * ec_point_blind_coordinates() returns 0 in case of errors or 1 on
+- * success or if coordinate blinding is not implemented for this
+- * group.
+- */
+- if (!ec_point_blind_coordinates(group, p, ctx)) {
+- ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_POINT_COORDINATES_BLIND_FAILURE);
+- goto err;
++ /* ensure input point is in affine coords for ladder step efficiency */
++ if (!p->Z_is_one && !EC_POINT_make_affine(group, p, ctx)) {
++ ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB);
++ goto err;
+ }
+
+ /* Initialize the Montgomery ladder */
+@@ -747,6 +740,20 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+ if (r_is_at_infinity) {
+ if (!EC_POINT_copy(r, val_sub[i][digit >> 1]))
+ goto err;
++
++ /*-
++ * Apply coordinate blinding for EC_POINT.
++ *
++ * The underlying EC_METHOD can optionally implement this function:
++ * ec_point_blind_coordinates() returns 0 in case of errors or 1 on
++ * success or if coordinate blinding is not implemented for this
++ * group.
++ */
++ if (!ec_point_blind_coordinates(group, r, ctx)) {
++ ECerr(EC_F_EC_WNAF_MUL, EC_R_POINT_COORDINATES_BLIND_FAILURE);
++ goto err;
++ }
++
+ r_is_at_infinity = 0;
+ } else {
+ if (!EC_POINT_add
+diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c
+index b354bfe9ce..6903db58ff 100644
+--- a/crypto/ec/ecp_smpl.c
++++ b/crypto/ec/ecp_smpl.c
+@@ -1372,6 +1372,7 @@ int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+ * Computes the multiplicative inverse of a in GF(p), storing the result in r.
+ * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error.
+ * Since we don't have a Mont structure here, SCA hardening is with blinding.
++ * NB: "a" must be in _decoded_ form. (i.e. field_decode must precede.)
+ */
+ int ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+ BN_CTX *ctx)
+@@ -1431,112 +1432,133 @@ int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,
+ temp = BN_CTX_get(ctx);
+ if (temp == NULL) {
+ ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_MALLOC_FAILURE);
+- goto err;
++ goto end;
+ }
+
+- /* make sure lambda is not zero */
++ /*-
++ * Make sure lambda is not zero.
++ * If the RNG fails, we cannot blind but nevertheless want
++ * code to continue smoothly and not clobber the error stack.
++ */
+ do {
+- if (!BN_priv_rand_range(lambda, group->field)) {
+- ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_BN_LIB);
+- goto err;
++ ERR_set_mark();
++ ret = BN_priv_rand_range(lambda, group->field);
++ ERR_pop_to_mark();
++ if (ret == 0) {
++ ret = 1;
++ goto end;
+ }
+ } while (BN_is_zero(lambda));
+
+ /* if field_encode defined convert between representations */
+- if (group->meth->field_encode != NULL
+- && !group->meth->field_encode(group, lambda, lambda, ctx))
+- goto err;
+- if (!group->meth->field_mul(group, p->Z, p->Z, lambda, ctx))
+- goto err;
+- if (!group->meth->field_sqr(group, temp, lambda, ctx))
+- goto err;
+- if (!group->meth->field_mul(group, p->X, p->X, temp, ctx))
+- goto err;
+- if (!group->meth->field_mul(group, temp, temp, lambda, ctx))
+- goto err;
+- if (!group->meth->field_mul(group, p->Y, p->Y, temp, ctx))
+- goto err;
+- p->Z_is_one = 0;
++ if ((group->meth->field_encode != NULL
++ && !group->meth->field_encode(group, lambda, lambda, ctx))
++ || !group->meth->field_mul(group, p->Z, p->Z, lambda, ctx)
++ || !group->meth->field_sqr(group, temp, lambda, ctx)
++ || !group->meth->field_mul(group, p->X, p->X, temp, ctx)
++ || !group->meth->field_mul(group, temp, temp, lambda, ctx)
++ || !group->meth->field_mul(group, p->Y, p->Y, temp, ctx))
++ goto end;
+
++ p->Z_is_one = 0;
+ ret = 1;
+
+- err:
++ end:
+ BN_CTX_end(ctx);
+ return ret;
+ }
+
+ /*-
+- * Set s := p, r := 2p.
++ * Input:
++ * - p: affine coordinates
++ *
++ * Output:
++ * - s := p, r := 2p: blinded projective (homogeneous) coordinates
+ *
+ * For doubling we use Formula 3 from Izu-Takagi "A fast parallel elliptic curve
+- * multiplication resistant against side channel attacks" appendix, as described
+- * at
++ * multiplication resistant against side channel attacks" appendix, described at
+ * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#doubling-dbl-2002-it-2
++ * simplified for Z1=1.
+ *
+- * The input point p will be in randomized Jacobian projective coords:
+- * x = X/Z**2, y=Y/Z**3
+- *
+- * The output points p, s, and r are converted to standard (homogeneous)
+- * projective coords:
+- * x = X/Z, y=Y/Z
++ * Blinding uses the equivalence relation (\lambda X, \lambda Y, \lambda Z)
++ * for any non-zero \lambda that holds for projective (homogeneous) coords.
+ */
+ int ec_GFp_simple_ladder_pre(const EC_GROUP *group,
+ EC_POINT *r, EC_POINT *s,
+ EC_POINT *p, BN_CTX *ctx)
+ {
+- BIGNUM *t1, *t2, *t3, *t4, *t5, *t6 = NULL;
++ BIGNUM *t1, *t2, *t3, *t4, *t5 = NULL;
+
+- t1 = r->Z;
+- t2 = r->Y;
++ t1 = s->Z;
++ t2 = r->Z;
+ t3 = s->X;
+ t4 = r->X;
+ t5 = s->Y;
+- t6 = s->Z;
+-
+- /* convert p: (X,Y,Z) -> (XZ,Y,Z**3) */
+- if (!group->meth->field_mul(group, p->X, p->X, p->Z, ctx)
+- || !group->meth->field_sqr(group, t1, p->Z, ctx)
+- || !group->meth->field_mul(group, p->Z, p->Z, t1, ctx)
+- /* r := 2p */
+- || !group->meth->field_sqr(group, t2, p->X, ctx)
+- || !group->meth->field_sqr(group, t3, p->Z, ctx)
+- || !group->meth->field_mul(group, t4, t3, group->a, ctx)
+- || !BN_mod_sub_quick(t5, t2, t4, group->field)
+- || !BN_mod_add_quick(t2, t2, t4, group->field)
+- || !group->meth->field_sqr(group, t5, t5, ctx)
+- || !group->meth->field_mul(group, t6, t3, group->b, ctx)
+- || !group->meth->field_mul(group, t1, p->X, p->Z, ctx)
+- || !group->meth->field_mul(group, t4, t1, t6, ctx)
+- || !BN_mod_lshift_quick(t4, t4, 3, group->field)
++
++ if (!p->Z_is_one /* r := 2p */
++ || !group->meth->field_sqr(group, t3, p->X, ctx)
++ || !BN_mod_sub_quick(t4, t3, group->a, group->field)
++ || !group->meth->field_sqr(group, t4, t4, ctx)
++ || !group->meth->field_mul(group, t5, p->X, group->b, ctx)
++ || !BN_mod_lshift_quick(t5, t5, 3, group->field)
+ /* r->X coord output */
+- || !BN_mod_sub_quick(r->X, t5, t4, group->field)
+- || !group->meth->field_mul(group, t1, t1, t2, ctx)
+- || !group->meth->field_mul(group, t2, t3, t6, ctx)
+- || !BN_mod_add_quick(t1, t1, t2, group->field)
++ || !BN_mod_sub_quick(r->X, t4, t5, group->field)
++ || !BN_mod_add_quick(t1, t3, group->a, group->field)
++ || !group->meth->field_mul(group, t2, p->X, t1, ctx)
++ || !BN_mod_add_quick(t2, group->b, t2, group->field)
+ /* r->Z coord output */
+- || !BN_mod_lshift_quick(r->Z, t1, 2, group->field)
+- || !EC_POINT_copy(s, p))
++ || !BN_mod_lshift_quick(r->Z, t2, 2, group->field))
++ return 0;
++
++ /* make sure lambda (r->Y here for storage) is not zero */
++ do {
++ if (!BN_priv_rand_range(r->Y, group->field))
++ return 0;
++ } while (BN_is_zero(r->Y));
++
++ /* make sure lambda (s->Z here for storage) is not zero */
++ do {
++ if (!BN_priv_rand_range(s->Z, group->field))
++ return 0;
++ } while (BN_is_zero(s->Z));
++
++ /* if field_encode defined convert between representations */
++ if (group->meth->field_encode != NULL
++ && (!group->meth->field_encode(group, r->Y, r->Y, ctx)
++ || !group->meth->field_encode(group, s->Z, s->Z, ctx)))
++ return 0;
++
++ /* blind r and s independently */
++ if (!group->meth->field_mul(group, r->Z, r->Z, r->Y, ctx)
++ || !group->meth->field_mul(group, r->X, r->X, r->Y, ctx)
++ || !group->meth->field_mul(group, s->X, p->X, s->Z, ctx)) /* s := p */
+ return 0;
+
+ r->Z_is_one = 0;
+ s->Z_is_one = 0;
+- p->Z_is_one = 0;
+
+ return 1;
+ }
+
+ /*-
+- * Differential addition-and-doubling using Eq. (9) and (10) from Izu-Takagi
++ * Input:
++ * - s, r: projective (homogeneous) coordinates
++ * - p: affine coordinates
++ *
++ * Output:
++ * - s := r + s, r := 2r: projective (homogeneous) coordinates
++ *
++ * Differential addition-and-doubling using Eq. (9) and (10) from Izu-Takagi
+ * "A fast parallel elliptic curve multiplication resistant against side channel
+ * attacks", as described at
+- * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-ladd-2002-it-4
++ * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-mladd-2002-it-4
+ */
+ int ec_GFp_simple_ladder_step(const EC_GROUP *group,
+ EC_POINT *r, EC_POINT *s,
+ EC_POINT *p, BN_CTX *ctx)
+ {
+ int ret = 0;
+- BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6, *t7 = NULL;
++ BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6 = NULL;
+
+ BN_CTX_start(ctx);
+ t0 = BN_CTX_get(ctx);
+@@ -1546,50 +1568,47 @@ int ec_GFp_simple_ladder_step(const EC_GROUP *group,
+ t4 = BN_CTX_get(ctx);
+ t5 = BN_CTX_get(ctx);
+ t6 = BN_CTX_get(ctx);
+- t7 = BN_CTX_get(ctx);
+
+- if (t7 == NULL
+- || !group->meth->field_mul(group, t0, r->X, s->X, ctx)
+- || !group->meth->field_mul(group, t1, r->Z, s->Z, ctx)
+- || !group->meth->field_mul(group, t2, r->X, s->Z, ctx)
++ if (t6 == NULL
++ || !group->meth->field_mul(group, t6, r->X, s->X, ctx)
++ || !group->meth->field_mul(group, t0, r->Z, s->Z, ctx)
++ || !group->meth->field_mul(group, t4, r->X, s->Z, ctx)
+ || !group->meth->field_mul(group, t3, r->Z, s->X, ctx)
+- || !group->meth->field_mul(group, t4, group->a, t1, ctx)
+- || !BN_mod_add_quick(t0, t0, t4, group->field)
+- || !BN_mod_add_quick(t4, t3, t2, group->field)
+- || !group->meth->field_mul(group, t0, t4, t0, ctx)
+- || !group->meth->field_sqr(group, t1, t1, ctx)
+- || !BN_mod_lshift_quick(t7, group->b, 2, group->field)
+- || !group->meth->field_mul(group, t1, t7, t1, ctx)
+- || !BN_mod_lshift1_quick(t0, t0, group->field)
+- || !BN_mod_add_quick(t0, t1, t0, group->field)
+- || !BN_mod_sub_quick(t1, t2, t3, group->field)
+- || !group->meth->field_sqr(group, t1, t1, ctx)
+- || !group->meth->field_mul(group, t3, t1, p->X, ctx)
+- || !group->meth->field_mul(group, t0, p->Z, t0, ctx)
+- /* s->X coord output */
+- || !BN_mod_sub_quick(s->X, t0, t3, group->field)
+- /* s->Z coord output */
+- || !group->meth->field_mul(group, s->Z, p->Z, t1, ctx)
+- || !group->meth->field_sqr(group, t3, r->X, ctx)
+- || !group->meth->field_sqr(group, t2, r->Z, ctx)
+- || !group->meth->field_mul(group, t4, t2, group->a, ctx)
+- || !BN_mod_add_quick(t5, r->X, r->Z, group->field)
+- || !group->meth->field_sqr(group, t5, t5, ctx)
+- || !BN_mod_sub_quick(t5, t5, t3, group->field)
+- || !BN_mod_sub_quick(t5, t5, t2, group->field)
+- || !BN_mod_sub_quick(t6, t3, t4, group->field)
+- || !group->meth->field_sqr(group, t6, t6, ctx)
+- || !group->meth->field_mul(group, t0, t2, t5, ctx)
+- || !group->meth->field_mul(group, t0, t7, t0, ctx)
+- /* r->X coord output */
+- || !BN_mod_sub_quick(r->X, t6, t0, group->field)
++ || !group->meth->field_mul(group, t5, group->a, t0, ctx)
++ || !BN_mod_add_quick(t5, t6, t5, group->field)
+ || !BN_mod_add_quick(t6, t3, t4, group->field)
+- || !group->meth->field_sqr(group, t3, t2, ctx)
+- || !group->meth->field_mul(group, t7, t3, t7, ctx)
+- || !group->meth->field_mul(group, t5, t5, t6, ctx)
++ || !group->meth->field_mul(group, t5, t6, t5, ctx)
++ || !group->meth->field_sqr(group, t0, t0, ctx)
++ || !BN_mod_lshift_quick(t2, group->b, 2, group->field)
++ || !group->meth->field_mul(group, t0, t2, t0, ctx)
+ || !BN_mod_lshift1_quick(t5, t5, group->field)
++ || !BN_mod_sub_quick(t3, t4, t3, group->field)
++ /* s->Z coord output */
++ || !group->meth->field_sqr(group, s->Z, t3, ctx)
++ || !group->meth->field_mul(group, t4, s->Z, p->X, ctx)
++ || !BN_mod_add_quick(t0, t0, t5, group->field)
++ /* s->X coord output */
++ || !BN_mod_sub_quick(s->X, t0, t4, group->field)
++ || !group->meth->field_sqr(group, t4, r->X, ctx)
++ || !group->meth->field_sqr(group, t5, r->Z, ctx)
++ || !group->meth->field_mul(group, t6, t5, group->a, ctx)
++ || !BN_mod_add_quick(t1, r->X, r->Z, group->field)
++ || !group->meth->field_sqr(group, t1, t1, ctx)
++ || !BN_mod_sub_quick(t1, t1, t4, group->field)
++ || !BN_mod_sub_quick(t1, t1, t5, group->field)
++ || !BN_mod_sub_quick(t3, t4, t6, group->field)
++ || !group->meth->field_sqr(group, t3, t3, ctx)
++ || !group->meth->field_mul(group, t0, t5, t1, ctx)
++ || !group->meth->field_mul(group, t0, t2, t0, ctx)
++ /* r->X coord output */
++ || !BN_mod_sub_quick(r->X, t3, t0, group->field)
++ || !BN_mod_add_quick(t3, t4, t6, group->field)
++ || !group->meth->field_sqr(group, t4, t5, ctx)
++ || !group->meth->field_mul(group, t4, t4, t2, ctx)
++ || !group->meth->field_mul(group, t1, t1, t3, ctx)
++ || !BN_mod_lshift1_quick(t1, t1, group->field)
+ /* r->Z coord output */
+- || !BN_mod_add_quick(r->Z, t7, t5, group->field))
++ || !BN_mod_add_quick(r->Z, t4, t1, group->field))
+ goto err;
+
+ ret = 1;
+@@ -1600,17 +1619,23 @@ int ec_GFp_simple_ladder_step(const EC_GROUP *group,
+ }
+
+ /*-
++ * Input:
++ * - s, r: projective (homogeneous) coordinates
++ * - p: affine coordinates
++ *
++ * Output:
++ * - r := (x,y): affine coordinates
++ *
+ * Recovers the y-coordinate of r using Eq. (8) from Brier-Joye, "Weierstrass
+- * Elliptic Curves and Side-Channel Attacks", modified to work in projective
+- * coordinates and return r in Jacobian projective coordinates.
++ * Elliptic Curves and Side-Channel Attacks", modified to work in mixed
++ * projective coords, i.e. p is affine and (r,s) in projective (homogeneous)
++ * coords, and return r in affine coordinates.
+ *
+- * X4 = two*Y1*X2*Z3*Z2*Z1;
+- * Y4 = two*b*Z3*SQR(Z2*Z1) + Z3*(a*Z2*Z1+X1*X2)*(X1*Z2+X2*Z1) - X3*SQR(X1*Z2-X2*Z1);
+- * Z4 = two*Y1*Z3*SQR(Z2)*Z1;
++ * X4 = two*Y1*X2*Z3*Z2;
++ * Y4 = two*b*Z3*SQR(Z2) + Z3*(a*Z2+X1*X2)*(X1*Z2+X2) - X3*SQR(X1*Z2-X2);
++ * Z4 = two*Y1*Z3*SQR(Z2);
+ *
+ * Z4 != 0 because:
+- * - Z1==0 implies p is at infinity, which would have caused an early exit in
+- * the caller;
+ * - Z2==0 implies r is at infinity (handled by the BN_is_zero(r->Z) branch);
+ * - Z3==0 implies s is at infinity (handled by the BN_is_zero(s->Z) branch);
+ * - Y1==0 implies p has order 2, so either r or s are infinity and handled by
+@@ -1627,11 +1652,7 @@ int ec_GFp_simple_ladder_post(const EC_GROUP *group,
+ return EC_POINT_set_to_infinity(group, r);
+
+ if (BN_is_zero(s->Z)) {
+- /* (X,Y,Z) -> (XZ,YZ**2,Z) */
+- if (!group->meth->field_mul(group, r->X, p->X, p->Z, ctx)
+- || !group->meth->field_sqr(group, r->Z, p->Z, ctx)
+- || !group->meth->field_mul(group, r->Y, p->Y, r->Z, ctx)
+- || !BN_copy(r->Z, p->Z)
++ if (!EC_POINT_copy(r, p)
+ || !EC_POINT_invert(group, r, ctx))
+ return 0;
+ return 1;
+@@ -1647,38 +1668,46 @@ int ec_GFp_simple_ladder_post(const EC_GROUP *group,
+ t6 = BN_CTX_get(ctx);
+
+ if (t6 == NULL
+- || !BN_mod_lshift1_quick(t0, p->Y, group->field)
+- || !group->meth->field_mul(group, t1, r->X, p->Z, ctx)
+- || !group->meth->field_mul(group, t2, r->Z, s->Z, ctx)
+- || !group->meth->field_mul(group, t2, t1, t2, ctx)
+- || !group->meth->field_mul(group, t3, t2, t0, ctx)
+- || !group->meth->field_mul(group, t2, r->Z, p->Z, ctx)
+- || !group->meth->field_sqr(group, t4, t2, ctx)
+- || !BN_mod_lshift1_quick(t5, group->b, group->field)
+- || !group->meth->field_mul(group, t4, t4, t5, ctx)
+- || !group->meth->field_mul(group, t6, t2, group->a, ctx)
+- || !group->meth->field_mul(group, t5, r->X, p->X, ctx)
+- || !BN_mod_add_quick(t5, t6, t5, group->field)
+- || !group->meth->field_mul(group, t6, r->Z, p->X, ctx)
+- || !BN_mod_add_quick(t2, t6, t1, group->field)
+- || !group->meth->field_mul(group, t5, t5, t2, ctx)
+- || !BN_mod_sub_quick(t6, t6, t1, group->field)
+- || !group->meth->field_sqr(group, t6, t6, ctx)
+- || !group->meth->field_mul(group, t6, t6, s->X, ctx)
+- || !BN_mod_add_quick(t4, t5, t4, group->field)
+- || !group->meth->field_mul(group, t4, t4, s->Z, ctx)
+- || !BN_mod_sub_quick(t4, t4, t6, group->field)
+- || !group->meth->field_sqr(group, t5, r->Z, ctx)
+- || !group->meth->field_mul(group, r->Z, p->Z, s->Z, ctx)
+- || !group->meth->field_mul(group, r->Z, t5, r->Z, ctx)
+- || !group->meth->field_mul(group, r->Z, r->Z, t0, ctx)
+- /* t3 := X, t4 := Y */
+- /* (X,Y,Z) -> (XZ,YZ**2,Z) */
+- || !group->meth->field_mul(group, r->X, t3, r->Z, ctx)
++ || !BN_mod_lshift1_quick(t4, p->Y, group->field)
++ || !group->meth->field_mul(group, t6, r->X, t4, ctx)
++ || !group->meth->field_mul(group, t6, s->Z, t6, ctx)
++ || !group->meth->field_mul(group, t5, r->Z, t6, ctx)
++ || !BN_mod_lshift1_quick(t1, group->b, group->field)
++ || !group->meth->field_mul(group, t1, s->Z, t1, ctx)
+ || !group->meth->field_sqr(group, t3, r->Z, ctx)
+- || !group->meth->field_mul(group, r->Y, t4, t3, ctx))
++ || !group->meth->field_mul(group, t2, t3, t1, ctx)
++ || !group->meth->field_mul(group, t6, r->Z, group->a, ctx)
++ || !group->meth->field_mul(group, t1, p->X, r->X, ctx)
++ || !BN_mod_add_quick(t1, t1, t6, group->field)
++ || !group->meth->field_mul(group, t1, s->Z, t1, ctx)
++ || !group->meth->field_mul(group, t0, p->X, r->Z, ctx)
++ || !BN_mod_add_quick(t6, r->X, t0, group->field)
++ || !group->meth->field_mul(group, t6, t6, t1, ctx)
++ || !BN_mod_add_quick(t6, t6, t2, group->field)
++ || !BN_mod_sub_quick(t0, t0, r->X, group->field)
++ || !group->meth->field_sqr(group, t0, t0, ctx)
++ || !group->meth->field_mul(group, t0, t0, s->X, ctx)
++ || !BN_mod_sub_quick(t0, t6, t0, group->field)
++ || !group->meth->field_mul(group, t1, s->Z, t4, ctx)
++ || !group->meth->field_mul(group, t1, t3, t1, ctx)
++ || (group->meth->field_decode != NULL
++ && !group->meth->field_decode(group, t1, t1, ctx))
++ || !group->meth->field_inv(group, t1, t1, ctx)
++ || (group->meth->field_encode != NULL
++ && !group->meth->field_encode(group, t1, t1, ctx))
++ || !group->meth->field_mul(group, r->X, t5, t1, ctx)
++ || !group->meth->field_mul(group, r->Y, t0, t1, ctx))
+ goto err;
+
++ if (group->meth->field_set_to_one != NULL) {
++ if (!group->meth->field_set_to_one(group, r->Z, ctx))
++ goto err;
++ } else {
++ if (!BN_one(r->Z))
++ goto err;
++ }
++
++ r->Z_is_one = 1;
+ ret = 1;
+
+ err:
+diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
+index f28f2d2610..41625e75ad 100644
+--- a/crypto/x509/x509_vfy.c
++++ b/crypto/x509/x509_vfy.c
+@@ -508,6 +508,12 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
+ ret = 1;
+ break;
+ }
++ if ((x->ex_flags & EXFLAG_CA) == 0
++ && x->ex_pathlen != -1
++ && (ctx->param->flags & X509_V_FLAG_X509_STRICT)) {
++ ctx->error = X509_V_ERR_INVALID_EXTENSION;
++ ret = 0;
++ }
+ if (ret == 0 && !verify_cb_cert(ctx, x, i, X509_V_OK))
+ return 0;
+ /* check_purpose() makes the callback as needed */
+diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
+index 2bc8253d2d..2eaad1a763 100644
+--- a/crypto/x509v3/v3_purp.c
++++ b/crypto/x509v3/v3_purp.c
+@@ -384,12 +384,16 @@ static void x509v3_cache_extensions(X509 *x)
+ if (bs->ca)
+ x->ex_flags |= EXFLAG_CA;
+ if (bs->pathlen) {
+- if ((bs->pathlen->type == V_ASN1_NEG_INTEGER)
+- || !bs->ca) {
++ if (bs->pathlen->type == V_ASN1_NEG_INTEGER) {
+ x->ex_flags |= EXFLAG_INVALID;
+ x->ex_pathlen = 0;
+- } else
++ } else {
+ x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
++ if (!bs->ca && x->ex_pathlen != 0) {
++ x->ex_flags |= EXFLAG_INVALID;
++ x->ex_pathlen = 0;
++ }
++ }
+ } else
+ x->ex_pathlen = -1;
+ BASIC_CONSTRAINTS_free(bs);
+diff --git a/doc/man3/EVP_aes.pod b/doc/man3/EVP_aes.pod
+index 4192a9ec36..7db48a427f 100644
+--- a/doc/man3/EVP_aes.pod
++++ b/doc/man3/EVP_aes.pod
+@@ -160,6 +160,13 @@ In particular, XTS-AES-128 (B<EVP_aes_128_xts>) takes input of a 256-bit key to
+ achieve AES 128-bit security, and XTS-AES-256 (B<EVP_aes_256_xts>) takes input
+ of a 512-bit key to achieve AES 256-bit security.
+
++The XTS implementation in OpenSSL does not support streaming. That is there must
++only be one L<EVP_EncryptUpdate(3)> call per L<EVP_EncryptInit_ex(3)> call (and
++similarly with the "Decrypt" functions).
++
++The I<iv> parameter to L<EVP_EncryptInit_ex(3)> or L<EVP_DecryptInit_ex(3)> is
++the XTS "tweak" value.
++
+ =back
+
+ =head1 RETURN VALUES
+diff --git a/test/certs/ee-pathlen.pem b/test/certs/ee-pathlen.pem
+new file mode 100644
+index 0000000000..0bcae1d7bd
+--- /dev/null
++++ b/test/certs/ee-pathlen.pem
+@@ -0,0 +1,17 @@
++-----BEGIN CERTIFICATE-----
++MIICszCCAZugAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
++Fw0yMDA0MDMwODA0MTVaGA8yMTIwMDQwNDA4MDQxNVowGTEXMBUGA1UEAwwOc2Vy
++dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
++YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
++5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
++Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
++U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
++ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
++iIQPYf55NB9KiR+3AgMBAAGjEDAOMAwGA1UdEwQFMAMCAQAwDQYJKoZIhvcNAQEL
++BQADggEBAApOUnWWd09I0ts3xa1oK7eakc+fKTF4d7pbGznFNONaCR3KFRgnBVlG
++Bm8/oehrrQ28Ad3XPSug34DQQ5kM6JIuaddx50/n4Xkgj8/fgXVA0HXizOJ3QpKC
++IojLVajXlQHhpo72VUQuNOha0UxG9daYjS20iXRhanTm9rUz7qQZEugVQCiR0z/f
++9NgM7FU9UaSidzH3gZu/Ufc4Ggn6nZV7LM9sf4IUV+KszS1VpcK+9phAmsB6BaAi
++cFXvVXZjTNualQgPyPwOD8c+vVCIfIemfF5TZ6fyqpOjprWQAphwrTtfNDSmqRTz
++FRhDf+vJERQclgUtg37EgWGKtnNQeRY=
++-----END CERTIFICATE-----
+diff --git a/test/certs/setup.sh b/test/certs/setup.sh
+index 2d53ea5b08..bbe4842a51 100755
+--- a/test/certs/setup.sh
++++ b/test/certs/setup.sh
+@@ -154,7 +154,7 @@ openssl x509 -in sca-cert.pem -trustout \
+ -addtrust anyExtendedKeyUsage -out sca+anyEKU.pem
+
+ # Primary leaf cert: ee-cert
+-# ee variants: expired, issuer-key2, issuer-name2
++# ee variants: expired, issuer-key2, issuer-name2, bad-pathlen
+ # trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth
+ # purpose variants: client
+ #
+@@ -163,6 +163,8 @@ openssl x509 -in sca-cert.pem -trustout \
+ ./mkcert.sh genee server.example ee-key ee-cert2 ca-key2 ca-cert2
+ ./mkcert.sh genee server.example ee-key ee-name2 ca-key ca-name2
+ ./mkcert.sh genee -p clientAuth server.example ee-key ee-client ca-key ca-cert
++./mkcert.sh genee server.example ee-key ee-pathlen ca-key ca-cert \
++ -extfile <(echo "basicConstraints=CA:FALSE,pathlen:0")
+ #
+ openssl x509 -in ee-cert.pem -trustout \
+ -addtrust serverAuth -out ee+serverAuth.pem
+diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
+index b80a1cde3e..0e0f5dca21 100644
+--- a/test/recipes/25-test_verify.t
++++ b/test/recipes/25-test_verify.t
+@@ -27,7 +27,7 @@ sub verify {
+ run(app([@args]));
+ }
+
+-plan tests => 135;
++plan tests => 137;
+
+ # Canonical success
+ ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
+@@ -222,6 +222,10 @@ ok(verify("ee-client", "sslclient", [qw(ee+clientAuth)], [], "-partial_chain"),
+ "accept direct match with client trust");
+ ok(!verify("ee-client", "sslclient", [qw(ee-clientAuth)], [], "-partial_chain"),
+ "reject direct match with client mistrust");
++ok(verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
++ "accept non-ca with pathlen:0 by default");
++ok(!verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)], "-x509_strict"),
++ "reject non-ca with pathlen:0 with strict flag");
+
+ # Proxy certificates
+ ok(!verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)]),
+diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c
+index 952f688e8b..f7e4e38d03 100644
+--- a/test/sm2_internal_test.c
++++ b/test/sm2_internal_test.c
+@@ -32,17 +32,18 @@ static size_t fake_rand_size = 0;
+
+ static int get_faked_bytes(unsigned char *buf, int num)
+ {
+- int i;
+-
+ if (fake_rand_bytes == NULL)
+ return saved_rand->bytes(buf, num);
+
+- if (!TEST_size_t_le(fake_rand_bytes_offset + num, fake_rand_size))
++ if (!TEST_size_t_gt(fake_rand_size, 0))
+ return 0;
+
+- for (i = 0; i != num; ++i)
+- buf[i] = fake_rand_bytes[fake_rand_bytes_offset + i];
+- fake_rand_bytes_offset += num;
++ while (num-- > 0) {
++ if (fake_rand_bytes_offset >= fake_rand_size)
++ fake_rand_bytes_offset = 0;
++ *buf++ = fake_rand_bytes[fake_rand_bytes_offset++];
++ }
++
+ return 1;
+ }
+
+@@ -175,8 +176,7 @@ static int test_sm2_crypt(const EC_GROUP *group,
+
+ start_fake_rand(k_hex);
+ if (!TEST_true(sm2_encrypt(key, digest, (const uint8_t *)message, msg_len,
+- ctext, &ctext_len))
+- || !TEST_size_t_eq(fake_rand_bytes_offset, fake_rand_size)) {
++ ctext, &ctext_len))) {
+ restore_rand();
+ goto done;
+ }
+@@ -296,8 +296,7 @@ static int test_sm2_sign(const EC_GROUP *group,
+ start_fake_rand(k_hex);
+ sig = sm2_do_sign(key, EVP_sm3(), (const uint8_t *)userid, strlen(userid),
+ (const uint8_t *)message, msg_len);
+- if (!TEST_ptr(sig)
+- || !TEST_size_t_eq(fake_rand_bytes_offset, fake_rand_size)) {
++ if (!TEST_ptr(sig)) {
+ restore_rand();
+ goto done;
+ }
diff --git a/openssl-1.1.1-version-override.patch b/openssl-1.1.1-version-override.patch
index 8404d7f..48d25a7 100644
--- a/openssl-1.1.1-version-override.patch
+++ b/openssl-1.1.1-version-override.patch
@@ -1,12 +1,12 @@
-diff -up openssl-1.1.1e/include/openssl/opensslv.h.version-override openssl-1.1.1e/include/openssl/opensslv.h
---- openssl-1.1.1e/include/openssl/opensslv.h.version-override 2020-03-17 18:05:00.750749987 +0100
-+++ openssl-1.1.1e/include/openssl/opensslv.h 2020-03-17 18:05:41.404038619 +0100
+diff -up openssl-1.1.1f/include/openssl/opensslv.h.version-override openssl-1.1.1f/include/openssl/opensslv.h
+--- openssl-1.1.1f/include/openssl/opensslv.h.version-override 2020-04-07 16:46:21.792998242 +0200
++++ openssl-1.1.1f/include/openssl/opensslv.h 2020-04-07 16:47:18.919962564 +0200
@@ -40,7 +40,7 @@ extern "C" {
* major minor fix final patch/beta)
*/
- # define OPENSSL_VERSION_NUMBER 0x1010105fL
--# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1e 17 Mar 2020"
-+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1e FIPS 17 Mar 2020"
+ # define OPENSSL_VERSION_NUMBER 0x1010106fL
+-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1f 31 Mar 2020"
++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1f FIPS 31 Mar 2020"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)
diff --git a/openssl.spec b/openssl.spec
index 06667b6..065432d 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,8 +21,8 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
-Version: 1.1.1e
-Release: 2%{?dist}
+Version: 1.1.1f
+Release: 1%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -68,8 +68,7 @@ Patch65: openssl-1.1.1-fips-drbg-selftest.patch
# Backported fixes including security fixes
Patch52: openssl-1.1.1-s390x-update.patch
Patch53: openssl-1.1.1-fips-crng-test.patch
-Patch54: openssl-1.1.1-regression-fixes.patch
-Patch55: openssl-1.1.1-eof-error-revert.patch
+Patch54: openssl-1.1.1-upstream-sync.patch
License: OpenSSL
URL: http://www.openssl.org/
@@ -170,11 +169,10 @@ cp %{SOURCE13} test/
%patch50 -p1 -b .ssh-kdf
%patch52 -p1 -b .s390x-update
%patch53 -p1 -b .crng-test
-%patch54 -p1 -b .regression
%patch60 -p1 -b .krb5-kdf
%patch61 -p1 -b .intel-cet
%patch65 -p1 -b .drbg-selftest
-%patch55 -p1 -b .eof-revert
+%patch54 -p1 -b .upstream-sync
%build
@@ -461,6 +459,9 @@ export LD_LIBRARY_PATH
%ldconfig_scriptlets libs
%changelog
+* Tue Apr 7 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1f-1
+- update to the 1.1.1f release
+
* Thu Mar 26 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1e-2
- revert the unexpected EOF error reporting change as it is
too disruptive for the stable release branch
diff --git a/sources b/sources
index 323aa7a..9c30e55 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (openssl-1.1.1e-hobbled.tar.xz) = b0b415b376e12d7a74eeb915315741a9d4d3cef953969edb632d4683ea088e607ebeba37c4be0c781ca839ec20c108166faf5e228d7642217f86f7ab1a3ef15a
+SHA512 (openssl-1.1.1f-hobbled.tar.xz) = 551feb19c8606e86d03b05ef47294cc47048e1e2e33e0474b2e309984e034c72e04b120740e3b1aeca275fa4c52138830a724d09a861d51c133b6baa754e23d2
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-09 12:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:44 [rpms/openssl] rebase_40beta: update to the 1.1.1f release Tomas Mraz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox