gentoo resync : 15.12.2019

author: V3n3RiX <venerix@redcorelinux.org> 2019-12-15 18:09:03 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2019-12-15 18:09:03 +0000
commit: 7bc9c63c9da678a7e6fceb095d56c634afd22c56 (patch)
tree: 4a67d50a439e9af63947e5f8b6ba3719af98b6c9 /dev-libs/openssl
parent: b284a3168fa91a038925d2ecf5e4791011ea5e7d (diff)
6 files changed, 84 insertions, 306 deletions
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 9d29f288b472..8e0a79928788 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,11 +1,11 @@
 AUX gentoo.config-1.0.2 5158 BLAKE2B bc8b8c0558f84bcbd7c55e4b974458041aa5f31f82cd740f1c4c56729ecb63d940ac6e23390b83eb1e7ed36dbed5663801415830f306bdbf56f081aec63fb48c SHA512 d39cb5824556f2c064ad148ef40b175bd124c6e58a6e59f9da6167645f98e2a5755b4c01b41a37f30c172d3a3c5d9753d1f7835d7380a429bbc0dc1989125472
 AUX openssl-1.0.2a-x32-asm.patch 1561 BLAKE2B ee5e5b91e4babacff71edf36cce80fbcb2b8dbb9a7ea63a816d3a5de544fbffd8b4216d7a95bd44e718c7a83dd8b8b5ad85caed4205eab5de566b0b7e5054fc1 SHA512 fbb23393e68776e9d34953f85ba3cbb285421d50f06bd297b485c7cffc8d89ca8caff6783f21038ae668b5c75056c89dc652217ac8609b5328e2c28e70ac294c
-AUX openssl-1.0.2p-hobble-ecc.patch 10875 BLAKE2B fc8240a074f8cc354c5ae584b76b3fc895170e026767d2d99d8bd5e5028614c861dd2b3c7b955c223883062f9a057ee302ae0deecfbbed00ddc53ae8a4d50919 SHA512 29f64bacac4f61071db6caf9d92131633d2dff56d899171888cc4c8432790930ff0912cea90ad03ca59b13ca0357f812d2f0a3f42567e2bd72c260f49b2b59aa
 AUX openssl-1.1.0j-parallel_install_fix.patch 515 BLAKE2B a1bcffce4dc9e0566e21e753cf1a18ee6eac92aca5880c50b33966d8ecb391f7430e1db6ea5a30ee4e3a9d77fb9e5542e864508b01c325011e368165e079a96c SHA512 0badd29ec8cffd95b2b69a4b8f8eecfc9ea0c00a812b298a650ee353e3965147fd2da1f9058d2d51744838f38168257b89aaf317287c55a7b76f16a69c781828
 AUX openssl-1.1.0k-fix-test_fuzz.patch 485 BLAKE2B 4dc2ef2b2c1935c8143c939ed6b7168fb070edced8ae47732f1ae9fdabe19887f846d75c15cea33680a54058c9a99f981a3c6a35fc84c3a6c360b4d2b920bc04 SHA512 68590479f096f3da920a5d293f27babd541ce1946944d5540f78d8341b59eeda92fe24743f7351b565e06421d7a2da77e331ebe1e5168023f6602aaa7376a038
 AUX openssl-1.1.0l-fix-no-ec2m-in-ec_curve.c.patch 1235 BLAKE2B 26997a474013c379a7d019d69203a5199ee17df07b28c86d06cebad3093ee62af9e4e568f3bc44ff4a5e8b555a5634d666446b35ce850c9c8668d920ef32bba6 SHA512 8ddfc077d3035b766175810b2554310935c8d1875044bf95abf8590ab5eeeb68357545566e7e8a50f95d9e62be68c72fdb58fef28497b154d44f08169645a08a
 AUX openssl-1.1.1d-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch 4247 BLAKE2B 5e181869569f9ca34190ba11fb1c66c12cfd6760aa85f423a65761886f15c120d0262528eb81847b1ed18a5e2c7610ff96790da7dac6815ddf3d025530c06349 SHA512 eafa940295b3cdfb0e9f1d1e337b4ce793f0dc8fae0fc5d0fc8e7029b9d6a99071b6b3d2b25002b715f3d5d7dc129f48700eb19e60e115610a8c4752a6d6bbfe
 AUX openssl-1.1.1d-fix-zlib.patch 1567 BLAKE2B c83a3016caa8ae6f3588a6649929d32ba890f7df776a39656bc870965aa305f89c3253b284a1f1b7bcc78b88042a01ab6fc93735d972bc4a2da1fd4f2ad225de SHA512 0b073723910cf4bd72d2e922e280cafbb807b040f4afc84f06973a45ff386b4a8505297af4894953d3fa61b8a68b42858345523705e43aa58846478976e2c566
+AUX openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch 2434 BLAKE2B ffe10db9977e70379d957df117f9e73469279673c531dd70fa78d84299efed1cc30402ca0bb5ae944b2aea649a1da1d3fa47e6b747b0f488a84f5eec2cfc10f2 SHA512 ac800f2ae4a88fcd51b61f5de5e77765b18f4a997dc334541dce995e6d3e04784752ef273fef033cde21c3d6aaf379751715b98cbce491bfd31ea4770fe78f63
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
 DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71
@@ -13,7 +13,7 @@ DIST openssl-1.1.0l-bindist-1.0.tar.xz 13184 BLAKE2B c09e023458faff17b10d6f20c28
 DIST openssl-1.1.0l.tar.gz 5294857 BLAKE2B 0e4f30f9e8a22414325bd780dc4e875e962487fbe72967f0392ace959955429192541881a98d097d7bb75ed7238b1817b0c3c2c4da04421512bd538f2b07cdd7 SHA512 81b74149f40ea7d9f7e235820a4f977844653ad1e2b302e65e712c12193f47542fe7e3385fd1e25e3dd074e4e6d04199836cbc492656f5a7692edab5e234f4ad
 DIST openssl-1.1.1d-bindist-1.0.tar.xz 13180 BLAKE2B 680bd7400d3dd3930067ee7efa9718b74b30afa9be2397ad80f88031920806b6603b6469beede02b6e7a742abf5f82ebdd7c9b8e69c1ffe223e4860dc9581128 SHA512 9e4296326852010d5cebc204d1a34a34198d8d65460bc91a2bd37c80be892a5ae519513e4b0109e6b51b6faab0e171ef6cdae868868c158711558d147083c06f
 DIST openssl-1.1.1d.tar.gz 8845861 BLAKE2B d3155f07b487ebd8dd4fe25396c874f9af18b5cfd7e622298d29c4f2c8ce14ad4534609d321314a4bcd0d44414e1306190340daaacd3c8fca061c04498446244 SHA512 2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7
-EBUILD openssl-1.0.2t-r1.ebuild 9848 BLAKE2B 27e23ff21c452778cf65563c571fd89837ba5c60fd783f9b55da5b40bfc1981492e172bc2757fa4dbcef553cc848ad378d37e3bb79583a850239be3e0e5fc008 SHA512 53c3a31e3dd8226ef8c24a11b6a82c97dba4251d8b09986d5d48547f0d53e93c05cb30d9591ecd945f670a4d142fc3595b1c2c44034fca4e53eccd29c4d26caf
-EBUILD openssl-1.1.0l.ebuild 9579 BLAKE2B c60a96f76591ac3e913d28e86bcfd53cabe5428707d1ce0f713908ae7c88b0624f34b6334b2745f1817b4f173d581c11eff1b4ef7a22b7a5c660523b54b8c9ab SHA512 70222a86f55a87e7811c17af0f6d642290024b7635dc3f3c6f5bebb27394c797ed021f9390b33a3fc303ef9b6c600a69e63ecf6d0713c68f0710d72bef8cb4a8
-EBUILD openssl-1.1.1d-r2.ebuild 10306 BLAKE2B 4865788cfb9f3dc1e03e1f1748009c6970f867329c8e42a7c03d56e77f671193511adffd9cc4738cadc7bf9401f8f8b51a8a1cbf15c9def30b857b0210671ffb SHA512 916025522d0f5fac0f9db404bf9898b0c71f870e309eb3a6f55dd082669783a0d7763e5d747a5c4677099feaee15e0879ca0ea71ce3692a6bab83f6b3573ce40
+EBUILD openssl-1.0.2t-r1.ebuild 9865 BLAKE2B fb3ded9fcca4a9fc97ab578747f107e1dea4ed17edaa2b0cf8b787035af9637bd1a78318f1aaedc9336686800cc6e9a564ba7fec09476bda842eaeccd946a5d1 SHA512 33be79f564388c1aa6aa093877d6012d93782257271320282377b93e4cb0e890377f24a4ff5ef0452c25c1e621c7c7880452496d0e07ece1bcdd5433e2c50c4c
+EBUILD openssl-1.1.0l.ebuild 9596 BLAKE2B b90dab20cb55693a944efa1cd6a2e9422fd7f01e618d50ba74f7f2c46c7fdf6d91621d1380e000ea9e531997dc43c38324965d1abb3c4f668cfcf0986e599c8d SHA512 699210aeaeb1796c2cabd33c917a9dec91f1d0ae7a6fd8ed3ce62f90b02e9001722615eaa767d4d479df1c3e79e6c69025f65a4353a5800a0003f36a886d9f89
+EBUILD openssl-1.1.1d-r3.ebuild 10378 BLAKE2B 43732766ccd06933805c3b5133f0a606a57340e975b10768ae044beeeaee67ecf4e4ad469364a9257b05d0dd567f602abc1b703862b74b656811ce33b20dfe75 SHA512 5caba682680e1c877c1fbfbcfdb1a8513167aacde4b2be1c96ee1026b82178d4685d1f8208616aa15c30e5b65437f294d28cb22d326e3a8adab25f3a3d43cf83
 MISC metadata.xml 1273 BLAKE2B 8eb61c2bfd56f428fa4c262972c0b140662a68c95fdf5e3101624b307985f83dc6d757fc13565e467c99188de93d90ec2db6de3719e22495da67155cbaa91aa9 SHA512 3ffb56f8bc35d71c2c67b4cb97d350825260f9d78c97f4ba9462c2b08b8ef65d7f684139e99bb2f7f32698d3cb62404567b36ce849e7dc4e7f7c5b6367c723a7
diff --git a/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch b/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch
deleted file mode 100644
index 3a458a783603..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch
+++ /dev/null
@@ -1,283 +0,0 @@
-Port of Fedora's Hobble-EC patches for OpenSSL 1.0 series.
-
-From https://src.fedoraproject.org/git/rpms/openssl.git
-
-Contains parts of the following patches, rediffed. The patches are on various
-different branches.
-f23 openssl-1.0.2c-ecc-suiteb.patch
-f23 openssl-1.0.2a-fips-ec.patch
-f28 openssl-1.1.0-ec-curves.patch
-
-Signed-off-By: Robin H. Johnson <robbat2@gentoo.org>
-
---- a/apps/speed.c
-+++ b/apps/speed.c
-@@ -989,10 +989,7 @@ int MAIN(int argc, char **argv)
-         } else
- # endif
- # ifndef OPENSSL_NO_ECDSA
--        if (strcmp(*argv, "ecdsap160") == 0)
--            ecdsa_doit[R_EC_P160] = 2;
--        else if (strcmp(*argv, "ecdsap192") == 0)
--            ecdsa_doit[R_EC_P192] = 2;
-+	if (0) {}
-         else if (strcmp(*argv, "ecdsap224") == 0)
-             ecdsa_doit[R_EC_P224] = 2;
-         else if (strcmp(*argv, "ecdsap256") == 0)
-@@ -1001,36 +998,13 @@ int MAIN(int argc, char **argv)
-             ecdsa_doit[R_EC_P384] = 2;
-         else if (strcmp(*argv, "ecdsap521") == 0)
-             ecdsa_doit[R_EC_P521] = 2;
--        else if (strcmp(*argv, "ecdsak163") == 0)
--            ecdsa_doit[R_EC_K163] = 2;
--        else if (strcmp(*argv, "ecdsak233") == 0)
--            ecdsa_doit[R_EC_K233] = 2;
--        else if (strcmp(*argv, "ecdsak283") == 0)
--            ecdsa_doit[R_EC_K283] = 2;
--        else if (strcmp(*argv, "ecdsak409") == 0)
--            ecdsa_doit[R_EC_K409] = 2;
--        else if (strcmp(*argv, "ecdsak571") == 0)
--            ecdsa_doit[R_EC_K571] = 2;
--        else if (strcmp(*argv, "ecdsab163") == 0)
--            ecdsa_doit[R_EC_B163] = 2;
--        else if (strcmp(*argv, "ecdsab233") == 0)
--            ecdsa_doit[R_EC_B233] = 2;
--        else if (strcmp(*argv, "ecdsab283") == 0)
--            ecdsa_doit[R_EC_B283] = 2;
--        else if (strcmp(*argv, "ecdsab409") == 0)
--            ecdsa_doit[R_EC_B409] = 2;
--        else if (strcmp(*argv, "ecdsab571") == 0)
--            ecdsa_doit[R_EC_B571] = 2;
-         else if (strcmp(*argv, "ecdsa") == 0) {
--            for (i = 0; i < EC_NUM; i++)
-+            for (i = R_EC_P224; i < R_EC_P521; i++)
-                 ecdsa_doit[i] = 1;
-         } else
- # endif
- # ifndef OPENSSL_NO_ECDH
--        if (strcmp(*argv, "ecdhp160") == 0)
--            ecdh_doit[R_EC_P160] = 2;
--        else if (strcmp(*argv, "ecdhp192") == 0)
--            ecdh_doit[R_EC_P192] = 2;
-+	if (0) {}
-         else if (strcmp(*argv, "ecdhp224") == 0)
-             ecdh_doit[R_EC_P224] = 2;
-         else if (strcmp(*argv, "ecdhp256") == 0)
-@@ -1039,28 +1013,8 @@ int MAIN(int argc, char **argv)
-             ecdh_doit[R_EC_P384] = 2;
-         else if (strcmp(*argv, "ecdhp521") == 0)
-             ecdh_doit[R_EC_P521] = 2;
--        else if (strcmp(*argv, "ecdhk163") == 0)
--            ecdh_doit[R_EC_K163] = 2;
--        else if (strcmp(*argv, "ecdhk233") == 0)
--            ecdh_doit[R_EC_K233] = 2;
--        else if (strcmp(*argv, "ecdhk283") == 0)
--            ecdh_doit[R_EC_K283] = 2;
--        else if (strcmp(*argv, "ecdhk409") == 0)
--            ecdh_doit[R_EC_K409] = 2;
--        else if (strcmp(*argv, "ecdhk571") == 0)
--            ecdh_doit[R_EC_K571] = 2;
--        else if (strcmp(*argv, "ecdhb163") == 0)
--            ecdh_doit[R_EC_B163] = 2;
--        else if (strcmp(*argv, "ecdhb233") == 0)
--            ecdh_doit[R_EC_B233] = 2;
--        else if (strcmp(*argv, "ecdhb283") == 0)
--            ecdh_doit[R_EC_B283] = 2;
--        else if (strcmp(*argv, "ecdhb409") == 0)
--            ecdh_doit[R_EC_B409] = 2;
--        else if (strcmp(*argv, "ecdhb571") == 0)
--            ecdh_doit[R_EC_B571] = 2;
-         else if (strcmp(*argv, "ecdh") == 0) {
--            for (i = 0; i < EC_NUM; i++)
-+	    for (i = R_EC_P224; i <= R_EC_P521; i++)
-                 ecdh_doit[i] = 1;
-         } else
- # endif
-@@ -1149,21 +1103,13 @@ int MAIN(int argc, char **argv)
-             BIO_printf(bio_err, "dsa512   dsa1024  dsa2048\n");
- # endif
- # ifndef OPENSSL_NO_ECDSA
--            BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
-+            BIO_printf(bio_err, "ecdsap224 "
-                        "ecdsap256 ecdsap384 ecdsap521\n");
--            BIO_printf(bio_err,
--                       "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
--            BIO_printf(bio_err,
--                       "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
-             BIO_printf(bio_err, "ecdsa\n");
- # endif
- # ifndef OPENSSL_NO_ECDH
--            BIO_printf(bio_err, "ecdhp160  ecdhp192  ecdhp224 "
-+            BIO_printf(bio_err, "ecdhp224 "
-                        "ecdhp256  ecdhp384  ecdhp521\n");
--            BIO_printf(bio_err,
--                       "ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");
--            BIO_printf(bio_err,
--                       "ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
-             BIO_printf(bio_err, "ecdh\n");
- # endif
- 
-@@ -1242,11 +1188,11 @@ int MAIN(int argc, char **argv)
-         for (i = 0; i < DSA_NUM; i++)
-             dsa_doit[i] = 1;
- # ifndef OPENSSL_NO_ECDSA
--        for (i = 0; i < EC_NUM; i++)
-+        for (i = R_EC_P224; i <= R_EC_P521; i++)
-             ecdsa_doit[i] = 1;
- # endif
- # ifndef OPENSSL_NO_ECDH
--        for (i = 0; i < EC_NUM; i++)
-+        for (i = R_EC_P224; i <= R_EC_P521; i++)
-             ecdh_doit[i] = 1;
- # endif
-     }
---- a/crypto/ec/ecp_smpl.c
-+++ b/crypto/ec/ecp_smpl.c
-@@ -187,6 +187,11 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group,
-         return 0;
-     }
- 
-+    if (BN_num_bits(p) < 224) {
-+        ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
-+        return 0;
-+    }
-+
-     if (ctx == NULL) {
-         ctx = new_ctx = BN_CTX_new();
-         if (ctx == NULL)
---- a/crypto/ecdh/ecdhtest.c
-+++ b/crypto/ecdh/ecdhtest.c
-@@ -501,11 +501,13 @@ int main(int argc, char *argv[])
-         goto err;
- 
-     /* NIST PRIME CURVES TESTS */
-+# if 0
-     if (!test_ecdh_curve
-         (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out))
-         goto err;
-     if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out))
-         goto err;
-+# endif
-     if (!test_ecdh_curve
-         (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out))
-         goto err;
-@@ -536,13 +538,14 @@ int main(int argc, char *argv[])
-     if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out))
-         goto err;
- # endif
-+# if 0
-     if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256))
-         goto err;
-     if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384))
-         goto err;
-     if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512))
-         goto err;
--
-+# endif
-     ret = 0;
- 
-  err:
---- a/crypto/ecdsa/ecdsatest.c
-+++ b/crypto/ecdsa/ecdsatest.c
-@@ -138,9 +138,12 @@ int restore_rand(void)
- }
- 
- static int fbytes_counter = 0, use_fake = 0;
--static const char *numbers[8] = {
-+static const char *numbers[10] = {
-+    "651056770906015076056810763456358567190100156695615665659",
-     "651056770906015076056810763456358567190100156695615665659",
-     "6140507067065001063065065565667405560006161556565665656654",
-+    "8763001015071075675010661307616710783570106710677817767166"
-+        "71676178726717",
-     "8763001015071075675010661307616710783570106710677817767166"
-         "71676178726717",
-     "7000000175690566466555057817571571075705015757757057795755"
-@@ -163,7 +166,7 @@ int fbytes(unsigned char *buf, int num)
- 
-     use_fake = 0;
- 
--    if (fbytes_counter >= 8)
-+    if (fbytes_counter >= 10)
-         return 0;
-     tmp = BN_new();
-     if (!tmp)
-@@ -539,8 +542,10 @@ int main(void)
-     RAND_seed(rnd_seed, sizeof(rnd_seed));
- 
-     /* the tests */
-+# if 0
-     if (!x9_62_tests(out))
-         goto err;
-+# endif
-     if (!test_builtin(out))
-         goto err;
- 
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -271,10 +271,7 @@ static const unsigned char eccurves_auto[] = {
-     0, 23,                      /* secp256r1 (23) */
-     /* Other >= 256-bit prime curves. */
-     0, 25,                      /* secp521r1 (25) */
--    0, 28,                      /* brainpool512r1 (28) */
--    0, 27,                      /* brainpoolP384r1 (27) */
-     0, 24,                      /* secp384r1 (24) */
--    0, 26,                      /* brainpoolP256r1 (26) */
-     0, 22,                      /* secp256k1 (22) */
- # ifndef OPENSSL_NO_EC2M
-     /* >= 256-bit binary curves. */
-@@ -292,10 +289,7 @@ static const unsigned char eccurves_all[] = {
-     0, 23,                      /* secp256r1 (23) */
-     /* Other >= 256-bit prime curves. */
-     0, 25,                      /* secp521r1 (25) */
--    0, 28,                      /* brainpool512r1 (28) */
--    0, 27,                      /* brainpoolP384r1 (27) */
-     0, 24,                      /* secp384r1 (24) */
--    0, 26,                      /* brainpoolP256r1 (26) */
-     0, 22,                      /* secp256k1 (22) */
- # ifndef OPENSSL_NO_EC2M
-     /* >= 256-bit binary curves. */
-@@ -310,13 +304,6 @@ static const unsigned char eccurves_all[] = {
-      * Remaining curves disabled by default but still permitted if set
-      * via an explicit callback or parameters.
-      */
--    0, 20,                      /* secp224k1 (20) */
--    0, 21,                      /* secp224r1 (21) */
--    0, 18,                      /* secp192k1 (18) */
--    0, 19,                      /* secp192r1 (19) */
--    0, 15,                      /* secp160k1 (15) */
--    0, 16,                      /* secp160r1 (16) */
--    0, 17,                      /* secp160r2 (17) */
- # ifndef OPENSSL_NO_EC2M
-     0, 8,                       /* sect239k1 (8) */
-     0, 6,                       /* sect233k1 (6) */
-@@ -351,29 +338,21 @@ static const unsigned char fips_curves_default[] = {
-     0, 9,                       /* sect283k1 (9) */
-     0, 10,                      /* sect283r1 (10) */
- #  endif
--    0, 22,                      /* secp256k1 (22) */
-     0, 23,                      /* secp256r1 (23) */
- #  ifndef OPENSSL_NO_EC2M
-     0, 8,                       /* sect239k1 (8) */
-     0, 6,                       /* sect233k1 (6) */
-     0, 7,                       /* sect233r1 (7) */
- #  endif
--    0, 20,                      /* secp224k1 (20) */
--    0, 21,                      /* secp224r1 (21) */
- #  ifndef OPENSSL_NO_EC2M
-     0, 4,                       /* sect193r1 (4) */
-     0, 5,                       /* sect193r2 (5) */
- #  endif
--    0, 18,                      /* secp192k1 (18) */
--    0, 19,                      /* secp192r1 (19) */
- #  ifndef OPENSSL_NO_EC2M
-     0, 1,                       /* sect163k1 (1) */
-     0, 2,                       /* sect163r1 (2) */
-     0, 3,                       /* sect163r2 (3) */
- #  endif
--    0, 15,                      /* secp160k1 (15) */
--    0, 16,                      /* secp160r1 (16) */
--    0, 17,                      /* secp160r2 (17) */
- };
- # endif
- 
diff --git a/dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch b/dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch
new file mode 100644
index 000000000000..dc8fe7146b74
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1d-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch
@@ -0,0 +1,62 @@
+From 61cc715240d2d3f9511ca88043a3e9797c11482f Mon Sep 17 00:00:00 2001
+From: Richard Levitte <levitte@openssl.org>
+Date: Thu, 3 Oct 2019 08:28:31 +0200
+Subject: [PATCH] Define AESNI_ASM if AESNI assembler is included, and use it
+
+Because we have cases where basic assembler support isn't present, but
+AESNI asssembler support is, we need a separate macro that indicates
+that, and use it.
+
+Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
+Reviewed-by: Paul Dale <paul.dale@oracle.com>
+(Merged from https://github.com/openssl/openssl/pull/10080)
+---
+ Configure                          | 1 +
+ crypto/evp/e_aes_cbc_hmac_sha1.c   | 2 +-
+ crypto/evp/e_aes_cbc_hmac_sha256.c | 4 ++--
+ 3 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/Configure b/Configure
+index 811bee81f54..f498ac2f81b 100755
+--- a/Configure
++++ b/Configure
+@@ -1376,6 +1376,7 @@ unless ($disabled{asm}) {
+     }
+     if ($target{aes_asm_src}) {
+         push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);;
++        push @{$config{lib_defines}}, "AESNI_ASM" if ($target{aes_asm_src} =~ m/\baesni-/);;
+         # aes-ctr.fake is not a real file, only indication that assembler
+         # module implements AES_ctr32_encrypt...
+         push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//);
+diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
+index c9f5969162c..27c36b46e7a 100644
+--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
++++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
+@@ -33,7 +33,7 @@ typedef struct {
+ 
+ #define NO_PAYLOAD_LENGTH       ((size_t)-1)
+ 
+-#if     defined(AES_ASM) &&     ( \
++#if     defined(AESNI_ASM) &&     ( \
+         defined(__x86_64)       || defined(__x86_64__)  || \
+         defined(_M_AMD64)       || defined(_M_X64)      )
+ 
+diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
+index d5178313ae3..cc622b6faa8 100644
+--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
++++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
+@@ -34,7 +34,7 @@ typedef struct {
+ 
+ # define NO_PAYLOAD_LENGTH       ((size_t)-1)
+ 
+-#if     defined(AES_ASM) &&     ( \
++#if     defined(AESNI_ASM) &&   ( \
+         defined(__x86_64)       || defined(__x86_64__)  || \
+         defined(_M_AMD64)       || defined(_M_X64)      )
+ 
+@@ -947,4 +947,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
+ {
+     return NULL;
+ }
+-#endif
++#endif  /* AESNI_ASM */
diff --git a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
index 53f5acad6bab..37ad94c9f5d1 100644
--- a/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
@@ -39,7 +39,8 @@ LICENSE="openssl"
 SLOT="0"
 KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
+RESTRICT="!bindist? ( bindist )
+	!test? ( test )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
 	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
diff --git a/dev-libs/openssl/openssl-1.1.0l.ebuild b/dev-libs/openssl/openssl-1.1.0l.ebuild
index deccd8443de1..1d5afcf680c7 100644
--- a/dev-libs/openssl/openssl-1.1.0l.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0l.ebuild
@@ -28,7 +28,8 @@ LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
+RESTRICT="!bindist? ( bindist )
+	!test? ( test )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
 	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
diff --git a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild b/dev-libs/openssl/openssl-1.1.1d-r3.ebuild
index 1b8d0ea6945d..774605b4bf1d 100644
--- a/dev-libs/openssl/openssl-1.1.1d-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1d-r3.ebuild
@@ -29,7 +29,8 @@ SLOT="0/1.1" # .so version of libssl/libcrypto
 [[ "${PV}" = *_pre* ]] || \
 KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x86-linux"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
+RESTRICT="!bindist? ( bindist )
+	!test? ( test )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
 	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
@@ -40,6 +41,7 @@ BDEPEND="
 	test? (
 		sys-apps/diffutils
 		sys-devel/bc
+		sys-process/procps
 	)"
 PDEPEND="app-misc/ca-certificates"
 
@@ -47,6 +49,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
 	"${FILESDIR}"/${P}-fix-zlib.patch
 	"${FILESDIR}"/${P}-fix-potential-memleaks-w-BN_to_ASN1_INTEGER.patch
+	"${FILESDIR}"/${P}-reenable-the-stitched-AES-CBC-HMAC-SHA-implementations.patch
 )
 
 S="${WORKDIR}/${MY_P}"
@@ -62,14 +65,12 @@ pkg_setup() {
 	[[ ${MERGE_TYPE} == binary ]] && return
 
 	# must check in pkg_setup; sysctl don't work with userpriv!
-	if has test ${FEATURES}; then
-		if use sctp; then
-			# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-			# if sctp.auth_enable is not enabled.
-			local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-			if [[ -z "${sctp_auth_status}" || ${sctp_auth_status} != 1 ]]; then
-				die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-			fi
+	if has test ${FEATURES} && use sctp; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
 		fi
 	fi
 }
@@ -118,14 +119,10 @@ src_prepare() {
 
 	eapply_user #332661
 
-	if has test ${FEATURES}; then
-		if use sctp; then
-			if has network-sandbox ${FEATURES}; then
-				ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
-				rm test/recipes/80-test_ssl_new.t || die
-				eend $?
-			fi
-		fi
+	if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then
+		ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
+		rm test/recipes/80-test_ssl_new.t || die
+		eend $?
 	fi
 
 	# make sure the man pages are suffixed #302165
author	V3n3RiX <venerix@redcorelinux.org>	2019-12-15 18:09:03 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2019-12-15 18:09:03 +0000
commit	7bc9c63c9da678a7e6fceb095d56c634afd22c56 (patch)
tree	4a67d50a439e9af63947e5f8b6ba3719af98b6c9 /dev-libs/openssl
parent	b284a3168fa91a038925d2ecf5e4791011ea5e7d (diff)