1 |
commit: 4fef1113c26ea7ac7fb9be6da77565310908e82a |
2 |
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com> |
3 |
AuthorDate: Sun Sep 30 12:52:24 2018 +0000 |
4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Oct 31 08:06:10 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4fef1113 |
7 |
|
8 |
dev-libs/openssl: remove unused patches |
9 |
|
10 |
Signed-off-by: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail.com> |
11 |
Closes: https://github.com/gentoo/gentoo/pull/10026 |
12 |
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> |
13 |
|
14 |
.../files/openssl-1.0.2o-CVE-2018-0732.patch | 39 --- |
15 |
.../openssl/files/openssl-1.0.2o-hobble-ecc.patch | 290 --------------------- |
16 |
2 files changed, 329 deletions(-) |
17 |
|
18 |
diff --git a/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch b/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch |
19 |
deleted file mode 100644 |
20 |
index 148e7c3bc1a..00000000000 |
21 |
--- a/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch |
22 |
+++ /dev/null |
23 |
@@ -1,39 +0,0 @@ |
24 |
-From 3984ef0b72831da8b3ece4745cac4f8575b19098 Mon Sep 17 00:00:00 2001 |
25 |
-From: Guido Vranken <guidovranken@×××××.com> |
26 |
-Date: Mon, 11 Jun 2018 19:38:54 +0200 |
27 |
-Subject: [PATCH] Reject excessively large primes in DH key generation. |
28 |
- |
29 |
-CVE-2018-0732 |
30 |
- |
31 |
-Signed-off-by: Guido Vranken <guidovranken@×××××.com> |
32 |
- |
33 |
-(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe) |
34 |
- |
35 |
-Reviewed-by: Tim Hudson <tjh@×××××××.org> |
36 |
-Reviewed-by: Matt Caswell <matt@×××××××.org> |
37 |
-(Merged from https://github.com/openssl/openssl/pull/6457) |
38 |
---- |
39 |
- crypto/dh/dh_key.c | 7 ++++++- |
40 |
- 1 file changed, 6 insertions(+), 1 deletion(-) |
41 |
- |
42 |
-diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c |
43 |
-index 387558f1467..f235e0d682b 100644 |
44 |
---- a/crypto/dh/dh_key.c |
45 |
-+++ b/crypto/dh/dh_key.c |
46 |
-@@ -130,10 +130,15 @@ static int generate_key(DH *dh) |
47 |
- int ok = 0; |
48 |
- int generate_new_key = 0; |
49 |
- unsigned l; |
50 |
-- BN_CTX *ctx; |
51 |
-+ BN_CTX *ctx = NULL; |
52 |
- BN_MONT_CTX *mont = NULL; |
53 |
- BIGNUM *pub_key = NULL, *priv_key = NULL; |
54 |
- |
55 |
-+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { |
56 |
-+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); |
57 |
-+ return 0; |
58 |
-+ } |
59 |
-+ |
60 |
- ctx = BN_CTX_new(); |
61 |
- if (ctx == NULL) |
62 |
- goto err; |
63 |
|
64 |
diff --git a/dev-libs/openssl/files/openssl-1.0.2o-hobble-ecc.patch b/dev-libs/openssl/files/openssl-1.0.2o-hobble-ecc.patch |
65 |
deleted file mode 100644 |
66 |
index e105fe45e45..00000000000 |
67 |
--- a/dev-libs/openssl/files/openssl-1.0.2o-hobble-ecc.patch |
68 |
+++ /dev/null |
69 |
@@ -1,290 +0,0 @@ |
70 |
-Port of Fedora's Hobble-EC patches for OpenSSL 1.0 series. |
71 |
- |
72 |
-From https://src.fedoraproject.org/git/rpms/openssl.git |
73 |
- |
74 |
-Contains parts of the following patches, rediffed. The patches are on various |
75 |
-different branches. |
76 |
-f23 openssl-1.0.2c-ecc-suiteb.patch |
77 |
-f23 openssl-1.0.2a-fips-ec.patch |
78 |
-f28 openssl-1.1.0-ec-curves.patch |
79 |
- |
80 |
-Signed-off-By: Robin H. Johnson <robbat2@g.o> |
81 |
- |
82 |
-diff -Nuar --exclude ec_curve.c -p openssl-1.0.2m.hobble/apps/speed.c openssl-1.0.2m.mod/apps/speed.c |
83 |
---- openssl-1.0.2m.hobble/apps/speed.c 2017-11-02 07:32:57.000000000 -0700 |
84 |
-+++ openssl-1.0.2m.mod/apps/speed.c 2018-06-10 19:00:09.264550382 -0700 |
85 |
-@@ -989,10 +989,7 @@ int MAIN(int argc, char **argv) |
86 |
- } else |
87 |
- # endif |
88 |
- # ifndef OPENSSL_NO_ECDSA |
89 |
-- if (strcmp(*argv, "ecdsap160") == 0) |
90 |
-- ecdsa_doit[R_EC_P160] = 2; |
91 |
-- else if (strcmp(*argv, "ecdsap192") == 0) |
92 |
-- ecdsa_doit[R_EC_P192] = 2; |
93 |
-+ if (0) {} |
94 |
- else if (strcmp(*argv, "ecdsap224") == 0) |
95 |
- ecdsa_doit[R_EC_P224] = 2; |
96 |
- else if (strcmp(*argv, "ecdsap256") == 0) |
97 |
-@@ -1001,36 +998,13 @@ int MAIN(int argc, char **argv) |
98 |
- ecdsa_doit[R_EC_P384] = 2; |
99 |
- else if (strcmp(*argv, "ecdsap521") == 0) |
100 |
- ecdsa_doit[R_EC_P521] = 2; |
101 |
-- else if (strcmp(*argv, "ecdsak163") == 0) |
102 |
-- ecdsa_doit[R_EC_K163] = 2; |
103 |
-- else if (strcmp(*argv, "ecdsak233") == 0) |
104 |
-- ecdsa_doit[R_EC_K233] = 2; |
105 |
-- else if (strcmp(*argv, "ecdsak283") == 0) |
106 |
-- ecdsa_doit[R_EC_K283] = 2; |
107 |
-- else if (strcmp(*argv, "ecdsak409") == 0) |
108 |
-- ecdsa_doit[R_EC_K409] = 2; |
109 |
-- else if (strcmp(*argv, "ecdsak571") == 0) |
110 |
-- ecdsa_doit[R_EC_K571] = 2; |
111 |
-- else if (strcmp(*argv, "ecdsab163") == 0) |
112 |
-- ecdsa_doit[R_EC_B163] = 2; |
113 |
-- else if (strcmp(*argv, "ecdsab233") == 0) |
114 |
-- ecdsa_doit[R_EC_B233] = 2; |
115 |
-- else if (strcmp(*argv, "ecdsab283") == 0) |
116 |
-- ecdsa_doit[R_EC_B283] = 2; |
117 |
-- else if (strcmp(*argv, "ecdsab409") == 0) |
118 |
-- ecdsa_doit[R_EC_B409] = 2; |
119 |
-- else if (strcmp(*argv, "ecdsab571") == 0) |
120 |
-- ecdsa_doit[R_EC_B571] = 2; |
121 |
- else if (strcmp(*argv, "ecdsa") == 0) { |
122 |
-- for (i = 0; i < EC_NUM; i++) |
123 |
-+ for (i = R_EC_P224; i < R_EC_P521; i++) |
124 |
- ecdsa_doit[i] = 1; |
125 |
- } else |
126 |
- # endif |
127 |
- # ifndef OPENSSL_NO_ECDH |
128 |
-- if (strcmp(*argv, "ecdhp160") == 0) |
129 |
-- ecdh_doit[R_EC_P160] = 2; |
130 |
-- else if (strcmp(*argv, "ecdhp192") == 0) |
131 |
-- ecdh_doit[R_EC_P192] = 2; |
132 |
-+ if (0) {} |
133 |
- else if (strcmp(*argv, "ecdhp224") == 0) |
134 |
- ecdh_doit[R_EC_P224] = 2; |
135 |
- else if (strcmp(*argv, "ecdhp256") == 0) |
136 |
-@@ -1039,28 +1013,8 @@ int MAIN(int argc, char **argv) |
137 |
- ecdh_doit[R_EC_P384] = 2; |
138 |
- else if (strcmp(*argv, "ecdhp521") == 0) |
139 |
- ecdh_doit[R_EC_P521] = 2; |
140 |
-- else if (strcmp(*argv, "ecdhk163") == 0) |
141 |
-- ecdh_doit[R_EC_K163] = 2; |
142 |
-- else if (strcmp(*argv, "ecdhk233") == 0) |
143 |
-- ecdh_doit[R_EC_K233] = 2; |
144 |
-- else if (strcmp(*argv, "ecdhk283") == 0) |
145 |
-- ecdh_doit[R_EC_K283] = 2; |
146 |
-- else if (strcmp(*argv, "ecdhk409") == 0) |
147 |
-- ecdh_doit[R_EC_K409] = 2; |
148 |
-- else if (strcmp(*argv, "ecdhk571") == 0) |
149 |
-- ecdh_doit[R_EC_K571] = 2; |
150 |
-- else if (strcmp(*argv, "ecdhb163") == 0) |
151 |
-- ecdh_doit[R_EC_B163] = 2; |
152 |
-- else if (strcmp(*argv, "ecdhb233") == 0) |
153 |
-- ecdh_doit[R_EC_B233] = 2; |
154 |
-- else if (strcmp(*argv, "ecdhb283") == 0) |
155 |
-- ecdh_doit[R_EC_B283] = 2; |
156 |
-- else if (strcmp(*argv, "ecdhb409") == 0) |
157 |
-- ecdh_doit[R_EC_B409] = 2; |
158 |
-- else if (strcmp(*argv, "ecdhb571") == 0) |
159 |
-- ecdh_doit[R_EC_B571] = 2; |
160 |
- else if (strcmp(*argv, "ecdh") == 0) { |
161 |
-- for (i = 0; i < EC_NUM; i++) |
162 |
-+ for (i = R_EC_P224; i <= R_EC_P521; i++) |
163 |
- ecdh_doit[i] = 1; |
164 |
- } else |
165 |
- # endif |
166 |
-@@ -1149,21 +1103,13 @@ int MAIN(int argc, char **argv) |
167 |
- BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n"); |
168 |
- # endif |
169 |
- # ifndef OPENSSL_NO_ECDSA |
170 |
-- BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 " |
171 |
-+ BIO_printf(bio_err, "ecdsap224 " |
172 |
- "ecdsap256 ecdsap384 ecdsap521\n"); |
173 |
-- BIO_printf(bio_err, |
174 |
-- "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n"); |
175 |
-- BIO_printf(bio_err, |
176 |
-- "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n"); |
177 |
- BIO_printf(bio_err, "ecdsa\n"); |
178 |
- # endif |
179 |
- # ifndef OPENSSL_NO_ECDH |
180 |
-- BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 " |
181 |
-+ BIO_printf(bio_err, "ecdhp224 " |
182 |
- "ecdhp256 ecdhp384 ecdhp521\n"); |
183 |
-- BIO_printf(bio_err, |
184 |
-- "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n"); |
185 |
-- BIO_printf(bio_err, |
186 |
-- "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n"); |
187 |
- BIO_printf(bio_err, "ecdh\n"); |
188 |
- # endif |
189 |
- |
190 |
-@@ -1242,11 +1188,11 @@ int MAIN(int argc, char **argv) |
191 |
- for (i = 0; i < DSA_NUM; i++) |
192 |
- dsa_doit[i] = 1; |
193 |
- # ifndef OPENSSL_NO_ECDSA |
194 |
-- for (i = 0; i < EC_NUM; i++) |
195 |
-+ for (i = R_EC_P224; i <= R_EC_P521; i++) |
196 |
- ecdsa_doit[i] = 1; |
197 |
- # endif |
198 |
- # ifndef OPENSSL_NO_ECDH |
199 |
-- for (i = 0; i < EC_NUM; i++) |
200 |
-+ for (i = R_EC_P224; i <= R_EC_P521; i++) |
201 |
- ecdh_doit[i] = 1; |
202 |
- # endif |
203 |
- } |
204 |
-diff -Nuar --exclude ec_curve.c -p openssl-1.0.2m.hobble/crypto/ec/ecp_smpl.c openssl-1.0.2m.mod/crypto/ec/ecp_smpl.c |
205 |
---- openssl-1.0.2m.hobble/crypto/ec/ecp_smpl.c 2017-11-02 07:32:57.000000000 -0700 |
206 |
-+++ openssl-1.0.2m.mod/crypto/ec/ecp_smpl.c 2018-06-10 18:45:36.909911848 -0700 |
207 |
-@@ -187,6 +187,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO |
208 |
- return 0; |
209 |
- } |
210 |
- |
211 |
-+ if (BN_num_bits(p) < 224) { |
212 |
-+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); |
213 |
-+ return 0; |
214 |
-+ } |
215 |
-+ |
216 |
- if (ctx == NULL) { |
217 |
- ctx = new_ctx = BN_CTX_new(); |
218 |
- if (ctx == NULL) |
219 |
-diff -Nuar --exclude ec_curve.c -p openssl-1.0.2m.hobble/ssl/t1_lib.c openssl-1.0.2m.mod/ssl/t1_lib.c |
220 |
---- openssl-1.0.2m.hobble/ssl/t1_lib.c 2017-11-02 07:32:58.000000000 -0700 |
221 |
-+++ openssl-1.0.2m.mod/ssl/t1_lib.c 2018-06-10 18:46:55.329811812 -0700 |
222 |
-@@ -271,10 +271,7 @@ static const unsigned char eccurves_auto |
223 |
- 0, 23, /* secp256r1 (23) */ |
224 |
- /* Other >= 256-bit prime curves. */ |
225 |
- 0, 25, /* secp521r1 (25) */ |
226 |
-- 0, 28, /* brainpool512r1 (28) */ |
227 |
-- 0, 27, /* brainpoolP384r1 (27) */ |
228 |
- 0, 24, /* secp384r1 (24) */ |
229 |
-- 0, 26, /* brainpoolP256r1 (26) */ |
230 |
- 0, 22, /* secp256k1 (22) */ |
231 |
- # ifndef OPENSSL_NO_EC2M |
232 |
- /* >= 256-bit binary curves. */ |
233 |
-@@ -292,10 +289,7 @@ static const unsigned char eccurves_all[ |
234 |
- 0, 23, /* secp256r1 (23) */ |
235 |
- /* Other >= 256-bit prime curves. */ |
236 |
- 0, 25, /* secp521r1 (25) */ |
237 |
-- 0, 28, /* brainpool512r1 (28) */ |
238 |
-- 0, 27, /* brainpoolP384r1 (27) */ |
239 |
- 0, 24, /* secp384r1 (24) */ |
240 |
-- 0, 26, /* brainpoolP256r1 (26) */ |
241 |
- 0, 22, /* secp256k1 (22) */ |
242 |
- # ifndef OPENSSL_NO_EC2M |
243 |
- /* >= 256-bit binary curves. */ |
244 |
-@@ -310,13 +304,6 @@ static const unsigned char eccurves_all[ |
245 |
- * Remaining curves disabled by default but still permitted if set |
246 |
- * via an explicit callback or parameters. |
247 |
- */ |
248 |
-- 0, 20, /* secp224k1 (20) */ |
249 |
-- 0, 21, /* secp224r1 (21) */ |
250 |
-- 0, 18, /* secp192k1 (18) */ |
251 |
-- 0, 19, /* secp192r1 (19) */ |
252 |
-- 0, 15, /* secp160k1 (15) */ |
253 |
-- 0, 16, /* secp160r1 (16) */ |
254 |
-- 0, 17, /* secp160r2 (17) */ |
255 |
- # ifndef OPENSSL_NO_EC2M |
256 |
- 0, 8, /* sect239k1 (8) */ |
257 |
- 0, 6, /* sect233k1 (6) */ |
258 |
-@@ -351,29 +338,21 @@ static const unsigned char fips_curves_d |
259 |
- 0, 9, /* sect283k1 (9) */ |
260 |
- 0, 10, /* sect283r1 (10) */ |
261 |
- # endif |
262 |
-- 0, 22, /* secp256k1 (22) */ |
263 |
- 0, 23, /* secp256r1 (23) */ |
264 |
- # ifndef OPENSSL_NO_EC2M |
265 |
- 0, 8, /* sect239k1 (8) */ |
266 |
- 0, 6, /* sect233k1 (6) */ |
267 |
- 0, 7, /* sect233r1 (7) */ |
268 |
- # endif |
269 |
-- 0, 20, /* secp224k1 (20) */ |
270 |
-- 0, 21, /* secp224r1 (21) */ |
271 |
- # ifndef OPENSSL_NO_EC2M |
272 |
- 0, 4, /* sect193r1 (4) */ |
273 |
- 0, 5, /* sect193r2 (5) */ |
274 |
- # endif |
275 |
-- 0, 18, /* secp192k1 (18) */ |
276 |
-- 0, 19, /* secp192r1 (19) */ |
277 |
- # ifndef OPENSSL_NO_EC2M |
278 |
- 0, 1, /* sect163k1 (1) */ |
279 |
- 0, 2, /* sect163r1 (2) */ |
280 |
- 0, 3, /* sect163r2 (3) */ |
281 |
- # endif |
282 |
-- 0, 15, /* secp160k1 (15) */ |
283 |
-- 0, 16, /* secp160r1 (16) */ |
284 |
-- 0, 17, /* secp160r2 (17) */ |
285 |
- }; |
286 |
- # endif |
287 |
- |
288 |
-diff -up openssl-1.0.2a/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.2a/crypto/ecdh/ecdhtest.c |
289 |
---- openssl-1.0.2a/crypto/ecdh/ecdhtest.c.fips-ec 2015-03-19 14:30:36.000000000 +0100 |
290 |
-+++ openssl-1.0.2a/crypto/ecdh/ecdhtest.c 2015-04-22 19:00:19.721884512 +0200 |
291 |
-@@ -501,11 +501,13 @@ int main(int argc, char *argv[]) |
292 |
- goto err; |
293 |
- |
294 |
- /* NIST PRIME CURVES TESTS */ |
295 |
-+# if 0 |
296 |
- if (!test_ecdh_curve |
297 |
- (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) |
298 |
- goto err; |
299 |
- if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) |
300 |
- goto err; |
301 |
-+# endif |
302 |
- if (!test_ecdh_curve |
303 |
- (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) |
304 |
- goto err; |
305 |
-@@ -536,13 +538,14 @@ int main(int argc, char *argv[]) |
306 |
- if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) |
307 |
- goto err; |
308 |
- # endif |
309 |
-+# if 0 |
310 |
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256)) |
311 |
- goto err; |
312 |
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384)) |
313 |
- goto err; |
314 |
- if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512)) |
315 |
- goto err; |
316 |
-- |
317 |
-+# endif |
318 |
- ret = 0; |
319 |
- |
320 |
- err: |
321 |
-diff -up openssl-1.0.2a/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.2a/crypto/ecdsa/ecdsatest.c |
322 |
---- openssl-1.0.2a/crypto/ecdsa/ecdsatest.c.fips-ec 2015-03-19 14:19:00.000000000 +0100 |
323 |
-+++ openssl-1.0.2a/crypto/ecdsa/ecdsatest.c 2015-04-22 19:00:19.722884536 +0200 |
324 |
-@@ -138,11 +138,14 @@ int restore_rand(void) |
325 |
- } |
326 |
- |
327 |
- static int fbytes_counter = 0; |
328 |
--static const char *numbers[8] = { |
329 |
-+static const char *numbers[10] = { |
330 |
-+ "651056770906015076056810763456358567190100156695615665659", |
331 |
- "651056770906015076056810763456358567190100156695615665659", |
332 |
- "6140507067065001063065065565667405560006161556565665656654", |
333 |
- "8763001015071075675010661307616710783570106710677817767166" |
334 |
- "71676178726717", |
335 |
-+ "8763001015071075675010661307616710783570106710677817767166" |
336 |
-+ "71676178726717", |
337 |
- "7000000175690566466555057817571571075705015757757057795755" |
338 |
- "55657156756655", |
339 |
- "1275552191113212300012030439187146164646146646466749494799", |
340 |
-@@ -158,7 +161,7 @@ int fbytes(unsigned char *buf, int num) |
341 |
- int ret; |
342 |
- BIGNUM *tmp = NULL; |
343 |
- |
344 |
-- if (fbytes_counter >= 8) |
345 |
-+ if (fbytes_counter >= 10) |
346 |
- return 0; |
347 |
- tmp = BN_new(); |
348 |
- if (!tmp) |
349 |
-@@ -532,8 +535,10 @@ int main(void) |
350 |
- RAND_seed(rnd_seed, sizeof(rnd_seed)); |
351 |
- |
352 |
- /* the tests */ |
353 |
-+# if 0 |
354 |
- if (!x9_62_tests(out)) |
355 |
- goto err; |
356 |
-+# endif |
357 |
- if (!test_builtin(out)) |
358 |
- goto err; |
359 |
- |