public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] rebase_40beta: update to the 1.1.1g release
@ 2026-06-09 12:44 Tomas Mraz
0 siblings, 0 replies; only message in thread
From: Tomas Mraz @ 2026-06-09 12:44 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 5888d1863e5cd0547b14d9ad3825299d5de117e5
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2020-04-23T13:47:52+02:00
Stats : +55/-720 in 8 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/5888d1863e5cd0547b14d9ad3825299d5de117e5?branch=rebase_40beta
Log:
update to the 1.1.1g release
---
diff --git a/.gitignore b/.gitignore
index f42fbf0..c6aba1d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -47,3 +47,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.1.1d-hobbled.tar.xz
/openssl-1.1.1e-hobbled.tar.xz
/openssl-1.1.1f-hobbled.tar.xz
+/openssl-1.1.1g-hobbled.tar.xz
diff --git a/openssl-1.1.1-fips-crng-test.patch b/openssl-1.1.1-fips-crng-test.patch
index 80daf84..267a3ea 100644
--- a/openssl-1.1.1-fips-crng-test.patch
+++ b/openssl-1.1.1-fips-crng-test.patch
@@ -1,15 +1,17 @@
-diff -up openssl-1.1.1e/crypto/rand/build.info.crng-test openssl-1.1.1e/crypto/rand/build.info
---- openssl-1.1.1e/crypto/rand/build.info.crng-test 2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/rand/build.info 2020-03-19 16:45:52.286627241 +0100
-@@ -1,4 +1,4 @@
+diff -up openssl-1.1.1g/crypto/rand/build.info.crng-test openssl-1.1.1g/crypto/rand/build.info
+--- openssl-1.1.1g/crypto/rand/build.info.crng-test 2020-04-23 13:30:45.863389837 +0200
++++ openssl-1.1.1g/crypto/rand/build.info 2020-04-23 13:31:55.847069892 +0200
+@@ -1,6 +1,6 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
- randfile.c rand_lib.c rand_err.c rand_egd.c \
+ randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
-diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1e/crypto/rand/drbg_lib.c
---- openssl-1.1.1e/crypto/rand/drbg_lib.c.crng-test 2020-03-19 16:45:52.246627936 +0100
-+++ openssl-1.1.1e/crypto/rand/drbg_lib.c 2020-03-19 16:45:52.286627241 +0100
+
+ INCLUDE[drbg_ctr.o]=../modes
+diff -up openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1g/crypto/rand/drbg_lib.c
+--- openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test 2020-04-23 13:30:45.818390686 +0200
++++ openssl-1.1.1g/crypto/rand/drbg_lib.c 2020-04-23 13:30:45.864389819 +0200
@@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg;
@@ -33,9 +35,9 @@ diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1e/crypto/r
#ifndef RAND_DRBG_GET_RANDOM_NONCE
drbg->get_nonce = rand_drbg_get_nonce;
drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
-diff -up openssl-1.1.1e/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1e/crypto/rand/rand_crng_test.c
---- openssl-1.1.1e/crypto/rand/rand_crng_test.c.crng-test 2020-03-19 16:45:52.286627241 +0100
-+++ openssl-1.1.1e/crypto/rand/rand_crng_test.c 2020-03-19 16:45:52.286627241 +0100
+diff -up openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1g/crypto/rand/rand_crng_test.c
+--- openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test 2020-04-23 13:30:45.864389819 +0200
++++ openssl-1.1.1g/crypto/rand/rand_crng_test.c 2020-04-23 13:30:45.864389819 +0200
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
@@ -155,9 +157,9 @@ diff -up openssl-1.1.1e/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1e/cr
+{
+ OPENSSL_secure_clear_free(out, outlen);
+}
-diff -up openssl-1.1.1e/crypto/rand/rand_local.h.crng-test openssl-1.1.1e/crypto/rand/rand_local.h
---- openssl-1.1.1e/crypto/rand/rand_local.h.crng-test 2020-03-19 16:45:51.930633424 +0100
-+++ openssl-1.1.1e/crypto/rand/rand_local.h 2020-03-19 16:46:03.601430727 +0100
+diff -up openssl-1.1.1g/crypto/rand/rand_local.h.crng-test openssl-1.1.1g/crypto/rand/rand_local.h
+--- openssl-1.1.1g/crypto/rand/rand_local.h.crng-test 2020-04-23 13:30:45.470397250 +0200
++++ openssl-1.1.1g/crypto/rand/rand_local.h 2020-04-23 13:30:45.864389819 +0200
@@ -33,7 +33,15 @@
# define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */
# define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */
@@ -207,9 +209,9 @@ diff -up openssl-1.1.1e/crypto/rand/rand_local.h.crng-test openssl-1.1.1e/crypto
+int rand_crngt_single_init(void);
+
#endif
-diff -up openssl-1.1.1e/include/crypto/rand.h.crng-test openssl-1.1.1e/include/crypto/rand.h
---- openssl-1.1.1e/include/crypto/rand.h.crng-test 2020-03-19 16:45:52.250627866 +0100
-+++ openssl-1.1.1e/include/crypto/rand.h 2020-03-19 16:45:52.285627258 +0100
+diff -up openssl-1.1.1g/include/crypto/rand.h.crng-test openssl-1.1.1g/include/crypto/rand.h
+--- openssl-1.1.1g/include/crypto/rand.h.crng-test 2020-04-23 13:30:45.824390573 +0200
++++ openssl-1.1.1g/include/crypto/rand.h 2020-04-23 13:30:45.864389819 +0200
@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN
void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
@@ -225,9 +227,9 @@ diff -up openssl-1.1.1e/include/crypto/rand.h.crng-test openssl-1.1.1e/include/c
/*
* RAND_POOL functions
*/
-diff -up openssl-1.1.1e/test/drbgtest.c.crng-test openssl-1.1.1e/test/drbgtest.c
---- openssl-1.1.1e/test/drbgtest.c.crng-test 2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/test/drbgtest.c 2020-03-19 16:46:03.604430675 +0100
+diff -up openssl-1.1.1g/test/drbgtest.c.crng-test openssl-1.1.1g/test/drbgtest.c
+--- openssl-1.1.1g/test/drbgtest.c.crng-test 2020-04-21 14:22:39.000000000 +0200
++++ openssl-1.1.1g/test/drbgtest.c 2020-04-23 13:30:45.865389800 +0200
@@ -150,6 +150,31 @@ static size_t kat_nonce(RAND_DRBG *drbg,
return t->noncelen;
}
diff --git a/openssl-1.1.1-fips-drbg-selftest.patch b/openssl-1.1.1-fips-drbg-selftest.patch
index 262e7c3..b800c06 100644
--- a/openssl-1.1.1-fips-drbg-selftest.patch
+++ b/openssl-1.1.1-fips-drbg-selftest.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.1.1e/crypto/fips/fips_post.c.drbg-selftest openssl-1.1.1e/crypto/fips/fips_post.c
---- openssl-1.1.1e/crypto/fips/fips_post.c.drbg-selftest 2020-03-19 17:07:51.096676537 +0100
-+++ openssl-1.1.1e/crypto/fips/fips_post.c 2020-03-19 17:07:51.209674565 +0100
+diff -up openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest openssl-1.1.1g/crypto/fips/fips_post.c
+--- openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest 2020-04-23 13:33:12.500624151 +0200
++++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-04-23 13:33:12.618621925 +0200
@@ -67,12 +67,18 @@
# include <openssl/fips.h>
@@ -20,18 +20,20 @@ diff -up openssl-1.1.1e/crypto/fips/fips_post.c.drbg-selftest openssl-1.1.1e/cry
if (!FIPS_selftest_drbg())
rv = 0;
if (!FIPS_selftest_sha1())
-diff -up openssl-1.1.1e/crypto/rand/build.info.drbg-selftest openssl-1.1.1e/crypto/rand/build.info
---- openssl-1.1.1e/crypto/rand/build.info.drbg-selftest 2020-03-19 17:07:51.179675088 +0100
-+++ openssl-1.1.1e/crypto/rand/build.info 2020-03-19 17:08:14.005276610 +0100
-@@ -1,4 +1,4 @@
+diff -up openssl-1.1.1g/crypto/rand/build.info.drbg-selftest openssl-1.1.1g/crypto/rand/build.info
+--- openssl-1.1.1g/crypto/rand/build.info.drbg-selftest 2020-04-23 13:33:12.619621907 +0200
++++ openssl-1.1.1g/crypto/rand/build.info 2020-04-23 13:34:10.857523497 +0200
+@@ -1,6 +1,6 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
- rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
+ rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c drbg_selftest.c
-diff -up openssl-1.1.1e/crypto/rand/drbg_selftest.c.drbg-selftest openssl-1.1.1e/crypto/rand/drbg_selftest.c
---- openssl-1.1.1e/crypto/rand/drbg_selftest.c.drbg-selftest 2020-03-19 17:08:14.011276505 +0100
-+++ openssl-1.1.1e/crypto/rand/drbg_selftest.c 2020-03-19 17:08:14.011276505 +0100
+
+ INCLUDE[drbg_ctr.o]=../modes
+diff -up openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest openssl-1.1.1g/crypto/rand/drbg_selftest.c
+--- openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest 2020-04-23 13:33:12.619621907 +0200
++++ openssl-1.1.1g/crypto/rand/drbg_selftest.c 2020-04-23 13:33:12.619621907 +0200
@@ -0,0 +1,537 @@
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
@@ -570,9 +572,9 @@ diff -up openssl-1.1.1e/crypto/rand/drbg_selftest.c.drbg-selftest openssl-1.1.1e
+
+ return 1;
+}
-diff -up openssl-1.1.1e/include/crypto/rand.h.drbg-selftest openssl-1.1.1e/include/crypto/rand.h
---- openssl-1.1.1e/include/crypto/rand.h.drbg-selftest 2020-03-19 17:07:51.182675036 +0100
-+++ openssl-1.1.1e/include/crypto/rand.h 2020-03-19 17:08:14.004276627 +0100
+diff -up openssl-1.1.1g/include/crypto/rand.h.drbg-selftest openssl-1.1.1g/include/crypto/rand.h
+--- openssl-1.1.1g/include/crypto/rand.h.drbg-selftest 2020-04-23 13:33:12.587622510 +0200
++++ openssl-1.1.1g/include/crypto/rand.h 2020-04-23 13:33:12.619621907 +0200
@@ -140,4 +140,9 @@ void rand_pool_cleanup(void);
*/
void rand_pool_keep_random_devices_open(int keep);
diff --git a/openssl-1.1.1-fips.patch b/openssl-1.1.1-fips.patch
index c17f6e8..7a0580f 100644
--- a/openssl-1.1.1-fips.patch
+++ b/openssl-1.1.1-fips.patch
@@ -1,15 +1,15 @@
-diff -up openssl-1.1.1e/apps/pkcs12.c.fips openssl-1.1.1e/apps/pkcs12.c
---- openssl-1.1.1e/apps/pkcs12.c.fips 2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/apps/pkcs12.c 2020-03-17 17:30:52.020567497 +0100
-@@ -127,7 +127,7 @@ int pkcs12_main(int argc, char **argv)
+diff -up openssl-1.1.1g/apps/pkcs12.c.fips openssl-1.1.1g/apps/pkcs12.c
+--- openssl-1.1.1g/apps/pkcs12.c.fips 2020-04-23 13:26:06.975649817 +0200
++++ openssl-1.1.1g/apps/pkcs12.c 2020-04-23 13:28:27.689995889 +0200
+@@ -123,7 +123,7 @@ int pkcs12_main(int argc, char **argv)
int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
- # ifndef OPENSSL_NO_RC2
+ #ifndef OPENSSL_NO_RC2
- int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+ int cert_pbe = FIPS_mode() ? NID_pbe_WithSHA1And3_Key_TripleDES_CBC : NID_pbe_WithSHA1And40BitRC2_CBC;
- # else
+ #else
int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
- # endif
+ #endif
diff -up openssl-1.1.1e/apps/speed.c.fips openssl-1.1.1e/apps/speed.c
--- openssl-1.1.1e/apps/speed.c.fips 2020-03-17 17:30:51.997567897 +0100
+++ openssl-1.1.1e/apps/speed.c 2020-03-17 17:30:52.021567479 +0100
diff --git a/openssl-1.1.1-upstream-sync.patch b/openssl-1.1.1-upstream-sync.patch
deleted file mode 100644
index 6904a03..0000000
--- a/openssl-1.1.1-upstream-sync.patch
+++ /dev/null
@@ -1,671 +0,0 @@
-diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
-index 336afc989d..831b74ce6c 100644
---- a/crypto/ec/ec_asn1.c
-+++ b/crypto/ec/ec_asn1.c
-@@ -1297,5 +1297,7 @@ int ECDSA_size(const EC_KEY *r)
- i = i2d_ASN1_INTEGER(&bs, NULL);
- i += i; /* r and s */
- ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
-+ if (ret < 0)
-+ return 0;
- return ret;
- }
-diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
-index 3554ada827..22b00e203d 100644
---- a/crypto/ec/ec_lib.c
-+++ b/crypto/ec/ec_lib.c
-@@ -1007,14 +1007,14 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
- size_t i = 0;
- BN_CTX *new_ctx = NULL;
-
-- if ((scalar == NULL) && (num == 0)) {
-- return EC_POINT_set_to_infinity(group, r);
-- }
--
- if (!ec_point_is_compat(r, group)) {
- ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
-+
-+ if (scalar == NULL && num == 0)
-+ return EC_POINT_set_to_infinity(group, r);
-+
- for (i = 0; i < num; i++) {
- if (!ec_point_is_compat(points[i], group)) {
- ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
-diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
-index 7980a67282..d2e4773270 100644
---- a/crypto/ec/ec_mult.c
-+++ b/crypto/ec/ec_mult.c
-@@ -260,17 +260,10 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
- goto err;
- }
-
-- /*-
-- * Apply coordinate blinding for EC_POINT.
-- *
-- * The underlying EC_METHOD can optionally implement this function:
-- * ec_point_blind_coordinates() returns 0 in case of errors or 1 on
-- * success or if coordinate blinding is not implemented for this
-- * group.
-- */
-- if (!ec_point_blind_coordinates(group, p, ctx)) {
-- ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_POINT_COORDINATES_BLIND_FAILURE);
-- goto err;
-+ /* ensure input point is in affine coords for ladder step efficiency */
-+ if (!p->Z_is_one && !EC_POINT_make_affine(group, p, ctx)) {
-+ ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB);
-+ goto err;
- }
-
- /* Initialize the Montgomery ladder */
-@@ -747,6 +740,20 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
- if (r_is_at_infinity) {
- if (!EC_POINT_copy(r, val_sub[i][digit >> 1]))
- goto err;
-+
-+ /*-
-+ * Apply coordinate blinding for EC_POINT.
-+ *
-+ * The underlying EC_METHOD can optionally implement this function:
-+ * ec_point_blind_coordinates() returns 0 in case of errors or 1 on
-+ * success or if coordinate blinding is not implemented for this
-+ * group.
-+ */
-+ if (!ec_point_blind_coordinates(group, r, ctx)) {
-+ ECerr(EC_F_EC_WNAF_MUL, EC_R_POINT_COORDINATES_BLIND_FAILURE);
-+ goto err;
-+ }
-+
- r_is_at_infinity = 0;
- } else {
- if (!EC_POINT_add
-diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c
-index b354bfe9ce..6903db58ff 100644
---- a/crypto/ec/ecp_smpl.c
-+++ b/crypto/ec/ecp_smpl.c
-@@ -1372,6 +1372,7 @@ int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
- * Computes the multiplicative inverse of a in GF(p), storing the result in r.
- * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error.
- * Since we don't have a Mont structure here, SCA hardening is with blinding.
-+ * NB: "a" must be in _decoded_ form. (i.e. field_decode must precede.)
- */
- int ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
- BN_CTX *ctx)
-@@ -1431,112 +1432,133 @@ int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,
- temp = BN_CTX_get(ctx);
- if (temp == NULL) {
- ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_MALLOC_FAILURE);
-- goto err;
-+ goto end;
- }
-
-- /* make sure lambda is not zero */
-+ /*-
-+ * Make sure lambda is not zero.
-+ * If the RNG fails, we cannot blind but nevertheless want
-+ * code to continue smoothly and not clobber the error stack.
-+ */
- do {
-- if (!BN_priv_rand_range(lambda, group->field)) {
-- ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_BN_LIB);
-- goto err;
-+ ERR_set_mark();
-+ ret = BN_priv_rand_range(lambda, group->field);
-+ ERR_pop_to_mark();
-+ if (ret == 0) {
-+ ret = 1;
-+ goto end;
- }
- } while (BN_is_zero(lambda));
-
- /* if field_encode defined convert between representations */
-- if (group->meth->field_encode != NULL
-- && !group->meth->field_encode(group, lambda, lambda, ctx))
-- goto err;
-- if (!group->meth->field_mul(group, p->Z, p->Z, lambda, ctx))
-- goto err;
-- if (!group->meth->field_sqr(group, temp, lambda, ctx))
-- goto err;
-- if (!group->meth->field_mul(group, p->X, p->X, temp, ctx))
-- goto err;
-- if (!group->meth->field_mul(group, temp, temp, lambda, ctx))
-- goto err;
-- if (!group->meth->field_mul(group, p->Y, p->Y, temp, ctx))
-- goto err;
-- p->Z_is_one = 0;
-+ if ((group->meth->field_encode != NULL
-+ && !group->meth->field_encode(group, lambda, lambda, ctx))
-+ || !group->meth->field_mul(group, p->Z, p->Z, lambda, ctx)
-+ || !group->meth->field_sqr(group, temp, lambda, ctx)
-+ || !group->meth->field_mul(group, p->X, p->X, temp, ctx)
-+ || !group->meth->field_mul(group, temp, temp, lambda, ctx)
-+ || !group->meth->field_mul(group, p->Y, p->Y, temp, ctx))
-+ goto end;
-
-+ p->Z_is_one = 0;
- ret = 1;
-
-- err:
-+ end:
- BN_CTX_end(ctx);
- return ret;
- }
-
- /*-
-- * Set s := p, r := 2p.
-+ * Input:
-+ * - p: affine coordinates
-+ *
-+ * Output:
-+ * - s := p, r := 2p: blinded projective (homogeneous) coordinates
- *
- * For doubling we use Formula 3 from Izu-Takagi "A fast parallel elliptic curve
-- * multiplication resistant against side channel attacks" appendix, as described
-- * at
-+ * multiplication resistant against side channel attacks" appendix, described at
- * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#doubling-dbl-2002-it-2
-+ * simplified for Z1=1.
- *
-- * The input point p will be in randomized Jacobian projective coords:
-- * x = X/Z**2, y=Y/Z**3
-- *
-- * The output points p, s, and r are converted to standard (homogeneous)
-- * projective coords:
-- * x = X/Z, y=Y/Z
-+ * Blinding uses the equivalence relation (\lambda X, \lambda Y, \lambda Z)
-+ * for any non-zero \lambda that holds for projective (homogeneous) coords.
- */
- int ec_GFp_simple_ladder_pre(const EC_GROUP *group,
- EC_POINT *r, EC_POINT *s,
- EC_POINT *p, BN_CTX *ctx)
- {
-- BIGNUM *t1, *t2, *t3, *t4, *t5, *t6 = NULL;
-+ BIGNUM *t1, *t2, *t3, *t4, *t5 = NULL;
-
-- t1 = r->Z;
-- t2 = r->Y;
-+ t1 = s->Z;
-+ t2 = r->Z;
- t3 = s->X;
- t4 = r->X;
- t5 = s->Y;
-- t6 = s->Z;
--
-- /* convert p: (X,Y,Z) -> (XZ,Y,Z**3) */
-- if (!group->meth->field_mul(group, p->X, p->X, p->Z, ctx)
-- || !group->meth->field_sqr(group, t1, p->Z, ctx)
-- || !group->meth->field_mul(group, p->Z, p->Z, t1, ctx)
-- /* r := 2p */
-- || !group->meth->field_sqr(group, t2, p->X, ctx)
-- || !group->meth->field_sqr(group, t3, p->Z, ctx)
-- || !group->meth->field_mul(group, t4, t3, group->a, ctx)
-- || !BN_mod_sub_quick(t5, t2, t4, group->field)
-- || !BN_mod_add_quick(t2, t2, t4, group->field)
-- || !group->meth->field_sqr(group, t5, t5, ctx)
-- || !group->meth->field_mul(group, t6, t3, group->b, ctx)
-- || !group->meth->field_mul(group, t1, p->X, p->Z, ctx)
-- || !group->meth->field_mul(group, t4, t1, t6, ctx)
-- || !BN_mod_lshift_quick(t4, t4, 3, group->field)
-+
-+ if (!p->Z_is_one /* r := 2p */
-+ || !group->meth->field_sqr(group, t3, p->X, ctx)
-+ || !BN_mod_sub_quick(t4, t3, group->a, group->field)
-+ || !group->meth->field_sqr(group, t4, t4, ctx)
-+ || !group->meth->field_mul(group, t5, p->X, group->b, ctx)
-+ || !BN_mod_lshift_quick(t5, t5, 3, group->field)
- /* r->X coord output */
-- || !BN_mod_sub_quick(r->X, t5, t4, group->field)
-- || !group->meth->field_mul(group, t1, t1, t2, ctx)
-- || !group->meth->field_mul(group, t2, t3, t6, ctx)
-- || !BN_mod_add_quick(t1, t1, t2, group->field)
-+ || !BN_mod_sub_quick(r->X, t4, t5, group->field)
-+ || !BN_mod_add_quick(t1, t3, group->a, group->field)
-+ || !group->meth->field_mul(group, t2, p->X, t1, ctx)
-+ || !BN_mod_add_quick(t2, group->b, t2, group->field)
- /* r->Z coord output */
-- || !BN_mod_lshift_quick(r->Z, t1, 2, group->field)
-- || !EC_POINT_copy(s, p))
-+ || !BN_mod_lshift_quick(r->Z, t2, 2, group->field))
-+ return 0;
-+
-+ /* make sure lambda (r->Y here for storage) is not zero */
-+ do {
-+ if (!BN_priv_rand_range(r->Y, group->field))
-+ return 0;
-+ } while (BN_is_zero(r->Y));
-+
-+ /* make sure lambda (s->Z here for storage) is not zero */
-+ do {
-+ if (!BN_priv_rand_range(s->Z, group->field))
-+ return 0;
-+ } while (BN_is_zero(s->Z));
-+
-+ /* if field_encode defined convert between representations */
-+ if (group->meth->field_encode != NULL
-+ && (!group->meth->field_encode(group, r->Y, r->Y, ctx)
-+ || !group->meth->field_encode(group, s->Z, s->Z, ctx)))
-+ return 0;
-+
-+ /* blind r and s independently */
-+ if (!group->meth->field_mul(group, r->Z, r->Z, r->Y, ctx)
-+ || !group->meth->field_mul(group, r->X, r->X, r->Y, ctx)
-+ || !group->meth->field_mul(group, s->X, p->X, s->Z, ctx)) /* s := p */
- return 0;
-
- r->Z_is_one = 0;
- s->Z_is_one = 0;
-- p->Z_is_one = 0;
-
- return 1;
- }
-
- /*-
-- * Differential addition-and-doubling using Eq. (9) and (10) from Izu-Takagi
-+ * Input:
-+ * - s, r: projective (homogeneous) coordinates
-+ * - p: affine coordinates
-+ *
-+ * Output:
-+ * - s := r + s, r := 2r: projective (homogeneous) coordinates
-+ *
-+ * Differential addition-and-doubling using Eq. (9) and (10) from Izu-Takagi
- * "A fast parallel elliptic curve multiplication resistant against side channel
- * attacks", as described at
-- * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-ladd-2002-it-4
-+ * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-mladd-2002-it-4
- */
- int ec_GFp_simple_ladder_step(const EC_GROUP *group,
- EC_POINT *r, EC_POINT *s,
- EC_POINT *p, BN_CTX *ctx)
- {
- int ret = 0;
-- BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6, *t7 = NULL;
-+ BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6 = NULL;
-
- BN_CTX_start(ctx);
- t0 = BN_CTX_get(ctx);
-@@ -1546,50 +1568,47 @@ int ec_GFp_simple_ladder_step(const EC_GROUP *group,
- t4 = BN_CTX_get(ctx);
- t5 = BN_CTX_get(ctx);
- t6 = BN_CTX_get(ctx);
-- t7 = BN_CTX_get(ctx);
-
-- if (t7 == NULL
-- || !group->meth->field_mul(group, t0, r->X, s->X, ctx)
-- || !group->meth->field_mul(group, t1, r->Z, s->Z, ctx)
-- || !group->meth->field_mul(group, t2, r->X, s->Z, ctx)
-+ if (t6 == NULL
-+ || !group->meth->field_mul(group, t6, r->X, s->X, ctx)
-+ || !group->meth->field_mul(group, t0, r->Z, s->Z, ctx)
-+ || !group->meth->field_mul(group, t4, r->X, s->Z, ctx)
- || !group->meth->field_mul(group, t3, r->Z, s->X, ctx)
-- || !group->meth->field_mul(group, t4, group->a, t1, ctx)
-- || !BN_mod_add_quick(t0, t0, t4, group->field)
-- || !BN_mod_add_quick(t4, t3, t2, group->field)
-- || !group->meth->field_mul(group, t0, t4, t0, ctx)
-- || !group->meth->field_sqr(group, t1, t1, ctx)
-- || !BN_mod_lshift_quick(t7, group->b, 2, group->field)
-- || !group->meth->field_mul(group, t1, t7, t1, ctx)
-- || !BN_mod_lshift1_quick(t0, t0, group->field)
-- || !BN_mod_add_quick(t0, t1, t0, group->field)
-- || !BN_mod_sub_quick(t1, t2, t3, group->field)
-- || !group->meth->field_sqr(group, t1, t1, ctx)
-- || !group->meth->field_mul(group, t3, t1, p->X, ctx)
-- || !group->meth->field_mul(group, t0, p->Z, t0, ctx)
-- /* s->X coord output */
-- || !BN_mod_sub_quick(s->X, t0, t3, group->field)
-- /* s->Z coord output */
-- || !group->meth->field_mul(group, s->Z, p->Z, t1, ctx)
-- || !group->meth->field_sqr(group, t3, r->X, ctx)
-- || !group->meth->field_sqr(group, t2, r->Z, ctx)
-- || !group->meth->field_mul(group, t4, t2, group->a, ctx)
-- || !BN_mod_add_quick(t5, r->X, r->Z, group->field)
-- || !group->meth->field_sqr(group, t5, t5, ctx)
-- || !BN_mod_sub_quick(t5, t5, t3, group->field)
-- || !BN_mod_sub_quick(t5, t5, t2, group->field)
-- || !BN_mod_sub_quick(t6, t3, t4, group->field)
-- || !group->meth->field_sqr(group, t6, t6, ctx)
-- || !group->meth->field_mul(group, t0, t2, t5, ctx)
-- || !group->meth->field_mul(group, t0, t7, t0, ctx)
-- /* r->X coord output */
-- || !BN_mod_sub_quick(r->X, t6, t0, group->field)
-+ || !group->meth->field_mul(group, t5, group->a, t0, ctx)
-+ || !BN_mod_add_quick(t5, t6, t5, group->field)
- || !BN_mod_add_quick(t6, t3, t4, group->field)
-- || !group->meth->field_sqr(group, t3, t2, ctx)
-- || !group->meth->field_mul(group, t7, t3, t7, ctx)
-- || !group->meth->field_mul(group, t5, t5, t6, ctx)
-+ || !group->meth->field_mul(group, t5, t6, t5, ctx)
-+ || !group->meth->field_sqr(group, t0, t0, ctx)
-+ || !BN_mod_lshift_quick(t2, group->b, 2, group->field)
-+ || !group->meth->field_mul(group, t0, t2, t0, ctx)
- || !BN_mod_lshift1_quick(t5, t5, group->field)
-+ || !BN_mod_sub_quick(t3, t4, t3, group->field)
-+ /* s->Z coord output */
-+ || !group->meth->field_sqr(group, s->Z, t3, ctx)
-+ || !group->meth->field_mul(group, t4, s->Z, p->X, ctx)
-+ || !BN_mod_add_quick(t0, t0, t5, group->field)
-+ /* s->X coord output */
-+ || !BN_mod_sub_quick(s->X, t0, t4, group->field)
-+ || !group->meth->field_sqr(group, t4, r->X, ctx)
-+ || !group->meth->field_sqr(group, t5, r->Z, ctx)
-+ || !group->meth->field_mul(group, t6, t5, group->a, ctx)
-+ || !BN_mod_add_quick(t1, r->X, r->Z, group->field)
-+ || !group->meth->field_sqr(group, t1, t1, ctx)
-+ || !BN_mod_sub_quick(t1, t1, t4, group->field)
-+ || !BN_mod_sub_quick(t1, t1, t5, group->field)
-+ || !BN_mod_sub_quick(t3, t4, t6, group->field)
-+ || !group->meth->field_sqr(group, t3, t3, ctx)
-+ || !group->meth->field_mul(group, t0, t5, t1, ctx)
-+ || !group->meth->field_mul(group, t0, t2, t0, ctx)
-+ /* r->X coord output */
-+ || !BN_mod_sub_quick(r->X, t3, t0, group->field)
-+ || !BN_mod_add_quick(t3, t4, t6, group->field)
-+ || !group->meth->field_sqr(group, t4, t5, ctx)
-+ || !group->meth->field_mul(group, t4, t4, t2, ctx)
-+ || !group->meth->field_mul(group, t1, t1, t3, ctx)
-+ || !BN_mod_lshift1_quick(t1, t1, group->field)
- /* r->Z coord output */
-- || !BN_mod_add_quick(r->Z, t7, t5, group->field))
-+ || !BN_mod_add_quick(r->Z, t4, t1, group->field))
- goto err;
-
- ret = 1;
-@@ -1600,17 +1619,23 @@ int ec_GFp_simple_ladder_step(const EC_GROUP *group,
- }
-
- /*-
-+ * Input:
-+ * - s, r: projective (homogeneous) coordinates
-+ * - p: affine coordinates
-+ *
-+ * Output:
-+ * - r := (x,y): affine coordinates
-+ *
- * Recovers the y-coordinate of r using Eq. (8) from Brier-Joye, "Weierstrass
-- * Elliptic Curves and Side-Channel Attacks", modified to work in projective
-- * coordinates and return r in Jacobian projective coordinates.
-+ * Elliptic Curves and Side-Channel Attacks", modified to work in mixed
-+ * projective coords, i.e. p is affine and (r,s) in projective (homogeneous)
-+ * coords, and return r in affine coordinates.
- *
-- * X4 = two*Y1*X2*Z3*Z2*Z1;
-- * Y4 = two*b*Z3*SQR(Z2*Z1) + Z3*(a*Z2*Z1+X1*X2)*(X1*Z2+X2*Z1) - X3*SQR(X1*Z2-X2*Z1);
-- * Z4 = two*Y1*Z3*SQR(Z2)*Z1;
-+ * X4 = two*Y1*X2*Z3*Z2;
-+ * Y4 = two*b*Z3*SQR(Z2) + Z3*(a*Z2+X1*X2)*(X1*Z2+X2) - X3*SQR(X1*Z2-X2);
-+ * Z4 = two*Y1*Z3*SQR(Z2);
- *
- * Z4 != 0 because:
-- * - Z1==0 implies p is at infinity, which would have caused an early exit in
-- * the caller;
- * - Z2==0 implies r is at infinity (handled by the BN_is_zero(r->Z) branch);
- * - Z3==0 implies s is at infinity (handled by the BN_is_zero(s->Z) branch);
- * - Y1==0 implies p has order 2, so either r or s are infinity and handled by
-@@ -1627,11 +1652,7 @@ int ec_GFp_simple_ladder_post(const EC_GROUP *group,
- return EC_POINT_set_to_infinity(group, r);
-
- if (BN_is_zero(s->Z)) {
-- /* (X,Y,Z) -> (XZ,YZ**2,Z) */
-- if (!group->meth->field_mul(group, r->X, p->X, p->Z, ctx)
-- || !group->meth->field_sqr(group, r->Z, p->Z, ctx)
-- || !group->meth->field_mul(group, r->Y, p->Y, r->Z, ctx)
-- || !BN_copy(r->Z, p->Z)
-+ if (!EC_POINT_copy(r, p)
- || !EC_POINT_invert(group, r, ctx))
- return 0;
- return 1;
-@@ -1647,38 +1668,46 @@ int ec_GFp_simple_ladder_post(const EC_GROUP *group,
- t6 = BN_CTX_get(ctx);
-
- if (t6 == NULL
-- || !BN_mod_lshift1_quick(t0, p->Y, group->field)
-- || !group->meth->field_mul(group, t1, r->X, p->Z, ctx)
-- || !group->meth->field_mul(group, t2, r->Z, s->Z, ctx)
-- || !group->meth->field_mul(group, t2, t1, t2, ctx)
-- || !group->meth->field_mul(group, t3, t2, t0, ctx)
-- || !group->meth->field_mul(group, t2, r->Z, p->Z, ctx)
-- || !group->meth->field_sqr(group, t4, t2, ctx)
-- || !BN_mod_lshift1_quick(t5, group->b, group->field)
-- || !group->meth->field_mul(group, t4, t4, t5, ctx)
-- || !group->meth->field_mul(group, t6, t2, group->a, ctx)
-- || !group->meth->field_mul(group, t5, r->X, p->X, ctx)
-- || !BN_mod_add_quick(t5, t6, t5, group->field)
-- || !group->meth->field_mul(group, t6, r->Z, p->X, ctx)
-- || !BN_mod_add_quick(t2, t6, t1, group->field)
-- || !group->meth->field_mul(group, t5, t5, t2, ctx)
-- || !BN_mod_sub_quick(t6, t6, t1, group->field)
-- || !group->meth->field_sqr(group, t6, t6, ctx)
-- || !group->meth->field_mul(group, t6, t6, s->X, ctx)
-- || !BN_mod_add_quick(t4, t5, t4, group->field)
-- || !group->meth->field_mul(group, t4, t4, s->Z, ctx)
-- || !BN_mod_sub_quick(t4, t4, t6, group->field)
-- || !group->meth->field_sqr(group, t5, r->Z, ctx)
-- || !group->meth->field_mul(group, r->Z, p->Z, s->Z, ctx)
-- || !group->meth->field_mul(group, r->Z, t5, r->Z, ctx)
-- || !group->meth->field_mul(group, r->Z, r->Z, t0, ctx)
-- /* t3 := X, t4 := Y */
-- /* (X,Y,Z) -> (XZ,YZ**2,Z) */
-- || !group->meth->field_mul(group, r->X, t3, r->Z, ctx)
-+ || !BN_mod_lshift1_quick(t4, p->Y, group->field)
-+ || !group->meth->field_mul(group, t6, r->X, t4, ctx)
-+ || !group->meth->field_mul(group, t6, s->Z, t6, ctx)
-+ || !group->meth->field_mul(group, t5, r->Z, t6, ctx)
-+ || !BN_mod_lshift1_quick(t1, group->b, group->field)
-+ || !group->meth->field_mul(group, t1, s->Z, t1, ctx)
- || !group->meth->field_sqr(group, t3, r->Z, ctx)
-- || !group->meth->field_mul(group, r->Y, t4, t3, ctx))
-+ || !group->meth->field_mul(group, t2, t3, t1, ctx)
-+ || !group->meth->field_mul(group, t6, r->Z, group->a, ctx)
-+ || !group->meth->field_mul(group, t1, p->X, r->X, ctx)
-+ || !BN_mod_add_quick(t1, t1, t6, group->field)
-+ || !group->meth->field_mul(group, t1, s->Z, t1, ctx)
-+ || !group->meth->field_mul(group, t0, p->X, r->Z, ctx)
-+ || !BN_mod_add_quick(t6, r->X, t0, group->field)
-+ || !group->meth->field_mul(group, t6, t6, t1, ctx)
-+ || !BN_mod_add_quick(t6, t6, t2, group->field)
-+ || !BN_mod_sub_quick(t0, t0, r->X, group->field)
-+ || !group->meth->field_sqr(group, t0, t0, ctx)
-+ || !group->meth->field_mul(group, t0, t0, s->X, ctx)
-+ || !BN_mod_sub_quick(t0, t6, t0, group->field)
-+ || !group->meth->field_mul(group, t1, s->Z, t4, ctx)
-+ || !group->meth->field_mul(group, t1, t3, t1, ctx)
-+ || (group->meth->field_decode != NULL
-+ && !group->meth->field_decode(group, t1, t1, ctx))
-+ || !group->meth->field_inv(group, t1, t1, ctx)
-+ || (group->meth->field_encode != NULL
-+ && !group->meth->field_encode(group, t1, t1, ctx))
-+ || !group->meth->field_mul(group, r->X, t5, t1, ctx)
-+ || !group->meth->field_mul(group, r->Y, t0, t1, ctx))
- goto err;
-
-+ if (group->meth->field_set_to_one != NULL) {
-+ if (!group->meth->field_set_to_one(group, r->Z, ctx))
-+ goto err;
-+ } else {
-+ if (!BN_one(r->Z))
-+ goto err;
-+ }
-+
-+ r->Z_is_one = 1;
- ret = 1;
-
- err:
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index f28f2d2610..41625e75ad 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -508,6 +508,12 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
- ret = 1;
- break;
- }
-+ if ((x->ex_flags & EXFLAG_CA) == 0
-+ && x->ex_pathlen != -1
-+ && (ctx->param->flags & X509_V_FLAG_X509_STRICT)) {
-+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
-+ ret = 0;
-+ }
- if (ret == 0 && !verify_cb_cert(ctx, x, i, X509_V_OK))
- return 0;
- /* check_purpose() makes the callback as needed */
-diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
-index 2bc8253d2d..2eaad1a763 100644
---- a/crypto/x509v3/v3_purp.c
-+++ b/crypto/x509v3/v3_purp.c
-@@ -384,12 +384,16 @@ static void x509v3_cache_extensions(X509 *x)
- if (bs->ca)
- x->ex_flags |= EXFLAG_CA;
- if (bs->pathlen) {
-- if ((bs->pathlen->type == V_ASN1_NEG_INTEGER)
-- || !bs->ca) {
-+ if (bs->pathlen->type == V_ASN1_NEG_INTEGER) {
- x->ex_flags |= EXFLAG_INVALID;
- x->ex_pathlen = 0;
-- } else
-+ } else {
- x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
-+ if (!bs->ca && x->ex_pathlen != 0) {
-+ x->ex_flags |= EXFLAG_INVALID;
-+ x->ex_pathlen = 0;
-+ }
-+ }
- } else
- x->ex_pathlen = -1;
- BASIC_CONSTRAINTS_free(bs);
-diff --git a/doc/man3/EVP_aes.pod b/doc/man3/EVP_aes.pod
-index 4192a9ec36..7db48a427f 100644
---- a/doc/man3/EVP_aes.pod
-+++ b/doc/man3/EVP_aes.pod
-@@ -160,6 +160,13 @@ In particular, XTS-AES-128 (B<EVP_aes_128_xts>) takes input of a 256-bit key to
- achieve AES 128-bit security, and XTS-AES-256 (B<EVP_aes_256_xts>) takes input
- of a 512-bit key to achieve AES 256-bit security.
-
-+The XTS implementation in OpenSSL does not support streaming. That is there must
-+only be one L<EVP_EncryptUpdate(3)> call per L<EVP_EncryptInit_ex(3)> call (and
-+similarly with the "Decrypt" functions).
-+
-+The I<iv> parameter to L<EVP_EncryptInit_ex(3)> or L<EVP_DecryptInit_ex(3)> is
-+the XTS "tweak" value.
-+
- =back
-
- =head1 RETURN VALUES
-diff --git a/test/certs/ee-pathlen.pem b/test/certs/ee-pathlen.pem
-new file mode 100644
-index 0000000000..0bcae1d7bd
---- /dev/null
-+++ b/test/certs/ee-pathlen.pem
-@@ -0,0 +1,17 @@
-+-----BEGIN CERTIFICATE-----
-+MIICszCCAZugAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg
-+Fw0yMDA0MDMwODA0MTVaGA8yMTIwMDQwNDA4MDQxNVowGTEXMBUGA1UEAwwOc2Vy
-+dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY
-+YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT
-+5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l
-+Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1
-+U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5
-+ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn
-+iIQPYf55NB9KiR+3AgMBAAGjEDAOMAwGA1UdEwQFMAMCAQAwDQYJKoZIhvcNAQEL
-+BQADggEBAApOUnWWd09I0ts3xa1oK7eakc+fKTF4d7pbGznFNONaCR3KFRgnBVlG
-+Bm8/oehrrQ28Ad3XPSug34DQQ5kM6JIuaddx50/n4Xkgj8/fgXVA0HXizOJ3QpKC
-+IojLVajXlQHhpo72VUQuNOha0UxG9daYjS20iXRhanTm9rUz7qQZEugVQCiR0z/f
-+9NgM7FU9UaSidzH3gZu/Ufc4Ggn6nZV7LM9sf4IUV+KszS1VpcK+9phAmsB6BaAi
-+cFXvVXZjTNualQgPyPwOD8c+vVCIfIemfF5TZ6fyqpOjprWQAphwrTtfNDSmqRTz
-+FRhDf+vJERQclgUtg37EgWGKtnNQeRY=
-+-----END CERTIFICATE-----
-diff --git a/test/certs/setup.sh b/test/certs/setup.sh
-index 2d53ea5b08..bbe4842a51 100755
---- a/test/certs/setup.sh
-+++ b/test/certs/setup.sh
-@@ -154,7 +154,7 @@ openssl x509 -in sca-cert.pem -trustout \
- -addtrust anyExtendedKeyUsage -out sca+anyEKU.pem
-
- # Primary leaf cert: ee-cert
--# ee variants: expired, issuer-key2, issuer-name2
-+# ee variants: expired, issuer-key2, issuer-name2, bad-pathlen
- # trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth
- # purpose variants: client
- #
-@@ -163,6 +163,8 @@ openssl x509 -in sca-cert.pem -trustout \
- ./mkcert.sh genee server.example ee-key ee-cert2 ca-key2 ca-cert2
- ./mkcert.sh genee server.example ee-key ee-name2 ca-key ca-name2
- ./mkcert.sh genee -p clientAuth server.example ee-key ee-client ca-key ca-cert
-+./mkcert.sh genee server.example ee-key ee-pathlen ca-key ca-cert \
-+ -extfile <(echo "basicConstraints=CA:FALSE,pathlen:0")
- #
- openssl x509 -in ee-cert.pem -trustout \
- -addtrust serverAuth -out ee+serverAuth.pem
-diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
-index b80a1cde3e..0e0f5dca21 100644
---- a/test/recipes/25-test_verify.t
-+++ b/test/recipes/25-test_verify.t
-@@ -27,7 +27,7 @@ sub verify {
- run(app([@args]));
- }
-
--plan tests => 135;
-+plan tests => 137;
-
- # Canonical success
- ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
-@@ -222,6 +222,10 @@ ok(verify("ee-client", "sslclient", [qw(ee+clientAuth)], [], "-partial_chain"),
- "accept direct match with client trust");
- ok(!verify("ee-client", "sslclient", [qw(ee-clientAuth)], [], "-partial_chain"),
- "reject direct match with client mistrust");
-+ok(verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)]),
-+ "accept non-ca with pathlen:0 by default");
-+ok(!verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)], "-x509_strict"),
-+ "reject non-ca with pathlen:0 with strict flag");
-
- # Proxy certificates
- ok(!verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)]),
-diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c
-index 952f688e8b..f7e4e38d03 100644
---- a/test/sm2_internal_test.c
-+++ b/test/sm2_internal_test.c
-@@ -32,17 +32,18 @@ static size_t fake_rand_size = 0;
-
- static int get_faked_bytes(unsigned char *buf, int num)
- {
-- int i;
--
- if (fake_rand_bytes == NULL)
- return saved_rand->bytes(buf, num);
-
-- if (!TEST_size_t_le(fake_rand_bytes_offset + num, fake_rand_size))
-+ if (!TEST_size_t_gt(fake_rand_size, 0))
- return 0;
-
-- for (i = 0; i != num; ++i)
-- buf[i] = fake_rand_bytes[fake_rand_bytes_offset + i];
-- fake_rand_bytes_offset += num;
-+ while (num-- > 0) {
-+ if (fake_rand_bytes_offset >= fake_rand_size)
-+ fake_rand_bytes_offset = 0;
-+ *buf++ = fake_rand_bytes[fake_rand_bytes_offset++];
-+ }
-+
- return 1;
- }
-
-@@ -175,8 +176,7 @@ static int test_sm2_crypt(const EC_GROUP *group,
-
- start_fake_rand(k_hex);
- if (!TEST_true(sm2_encrypt(key, digest, (const uint8_t *)message, msg_len,
-- ctext, &ctext_len))
-- || !TEST_size_t_eq(fake_rand_bytes_offset, fake_rand_size)) {
-+ ctext, &ctext_len))) {
- restore_rand();
- goto done;
- }
-@@ -296,8 +296,7 @@ static int test_sm2_sign(const EC_GROUP *group,
- start_fake_rand(k_hex);
- sig = sm2_do_sign(key, EVP_sm3(), (const uint8_t *)userid, strlen(userid),
- (const uint8_t *)message, msg_len);
-- if (!TEST_ptr(sig)
-- || !TEST_size_t_eq(fake_rand_bytes_offset, fake_rand_size)) {
-+ if (!TEST_ptr(sig)) {
- restore_rand();
- goto done;
- }
diff --git a/openssl-1.1.1-version-override.patch b/openssl-1.1.1-version-override.patch
index 48d25a7..a6975fa 100644
--- a/openssl-1.1.1-version-override.patch
+++ b/openssl-1.1.1-version-override.patch
@@ -1,12 +1,12 @@
-diff -up openssl-1.1.1f/include/openssl/opensslv.h.version-override openssl-1.1.1f/include/openssl/opensslv.h
---- openssl-1.1.1f/include/openssl/opensslv.h.version-override 2020-04-07 16:46:21.792998242 +0200
-+++ openssl-1.1.1f/include/openssl/opensslv.h 2020-04-07 16:47:18.919962564 +0200
+diff -up openssl-1.1.1g/include/openssl/opensslv.h.version-override openssl-1.1.1g/include/openssl/opensslv.h
+--- openssl-1.1.1g/include/openssl/opensslv.h.version-override 2020-04-23 13:29:37.802673513 +0200
++++ openssl-1.1.1g/include/openssl/opensslv.h 2020-04-23 13:30:13.064008458 +0200
@@ -40,7 +40,7 @@ extern "C" {
* major minor fix final patch/beta)
*/
- # define OPENSSL_VERSION_NUMBER 0x1010106fL
--# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1f 31 Mar 2020"
-+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1f FIPS 31 Mar 2020"
+ # define OPENSSL_VERSION_NUMBER 0x1010107fL
+-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1g 21 Apr 2020"
++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1g FIPS 21 Apr 2020"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)
diff --git a/openssl.spec b/openssl.spec
index 065432d..a3a2e23 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
-Version: 1.1.1f
+Version: 1.1.1g
Release: 1%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
@@ -68,7 +68,6 @@ Patch65: openssl-1.1.1-fips-drbg-selftest.patch
# Backported fixes including security fixes
Patch52: openssl-1.1.1-s390x-update.patch
Patch53: openssl-1.1.1-fips-crng-test.patch
-Patch54: openssl-1.1.1-upstream-sync.patch
License: OpenSSL
URL: http://www.openssl.org/
@@ -172,7 +171,6 @@ cp %{SOURCE13} test/
%patch60 -p1 -b .krb5-kdf
%patch61 -p1 -b .intel-cet
%patch65 -p1 -b .drbg-selftest
-%patch54 -p1 -b .upstream-sync
%build
@@ -459,6 +457,9 @@ export LD_LIBRARY_PATH
%ldconfig_scriptlets libs
%changelog
+* Thu Apr 23 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-1
+- update to the 1.1.1g release
+
* Tue Apr 7 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1f-1
- update to the 1.1.1f release
diff --git a/sources b/sources
index 9c30e55..50e115e 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (openssl-1.1.1f-hobbled.tar.xz) = 551feb19c8606e86d03b05ef47294cc47048e1e2e33e0474b2e309984e034c72e04b120740e3b1aeca275fa4c52138830a724d09a861d51c133b6baa754e23d2
+SHA512 (openssl-1.1.1g-hobbled.tar.xz) = 7cd351d8fd4a028edcdc6804d8b73af7ff5693ab96cafd4f9252534d4e8e9000e22aefa45f51db490da52d89f4e5b41d02452be0b516fbb0fe84e36d5ca54971
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-09 12:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:44 [rpms/openssl] rebase_40beta: update to the 1.1.1g release Tomas Mraz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox