From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/
Date: Sat, 3 Aug 2024 05:08:41 +0000 (UTC) [thread overview]
Message-ID: <1722661635.fcbeb0799f940bd8b1a9f8894e508a821d1a366d.sam@gentoo> (raw)
commit: fcbeb0799f940bd8b1a9f8894e508a821d1a366d
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 3 03:25:53 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug 3 05:07:15 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fcbeb079
dev-libs/openssl: drop obsolete patches
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/openssl-3.1.5-CVE-2024-2511.patch | 137 ---------------------
.../openssl/files/openssl-3.1.5-p11-segfault.patch | 78 ------------
.../files/openssl-3.2.1-CVE-2024-2511.patch | 137 ---------------------
.../openssl/files/openssl-3.2.1-p11-segfault.patch | 79 ------------
dev-libs/openssl/files/openssl-3.2.1-riscv.patch | 70 -----------
dev-libs/openssl/files/openssl-3.2.1-s390x.patch | 31 -----
6 files changed, 532 deletions(-)
diff --git a/dev-libs/openssl/files/openssl-3.1.5-CVE-2024-2511.patch b/dev-libs/openssl/files/openssl-3.1.5-CVE-2024-2511.patch
deleted file mode 100644
index c5b7dfe449f7..000000000000
--- a/dev-libs/openssl/files/openssl-3.1.5-CVE-2024-2511.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-https://www.openssl.org/news/secadv/20240408.txt
-https://bugs.gentoo.org/930047
-https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
-https://github.com/openssl/openssl/commit/c342f4b8bd2d0b375b0e22337057c2eab47d9b96
-
-From 7e4d731b1c07201ad9374c1cd9ac5263bdf35bce Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 5 Mar 2024 15:43:53 +0000
-Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3
-
-In TLSv1.3 we create a new session object for each ticket that we send.
-We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
-use then the new session will be added to the session cache. However, if
-early data is not in use (and therefore anti-replay protection is being
-used), then multiple threads could be resuming from the same session
-simultaneously. If this happens and a problem occurs on one of the threads,
-then the original session object could be marked as not_resumable. When we
-duplicate the session object this not_resumable status gets copied into the
-new session object. The new session object is then added to the session
-cache even though it is not_resumable.
-
-Subsequently, another bug means that the session_id_length is set to 0 for
-sessions that are marked as not_resumable - even though that session is
-still in the cache. Once this happens the session can never be removed from
-the cache. When that object gets to be the session cache tail object the
-cache never shrinks again and grows indefinitely.
-
-CVE-2024-2511
-
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/24044)
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -3737,9 +3737,10 @@ void ssl_update_cache(SSL *s, int mode)
-
- /*
- * If the session_id_length is 0, we are not supposed to cache it, and it
-- * would be rather hard to do anyway :-)
-+ * would be rather hard to do anyway :-). Also if the session has already
-+ * been marked as not_resumable we should not cache it for later reuse.
- */
-- if (s->session->session_id_length == 0)
-+ if (s->session->session_id_length == 0 || s->session->not_resumable)
- return;
-
- /*
---- a/ssl/ssl_sess.c
-+++ b/ssl/ssl_sess.c
-@@ -154,16 +154,11 @@ SSL_SESSION *SSL_SESSION_new(void)
- return ss;
- }
-
--SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
--{
-- return ssl_session_dup(src, 1);
--}
--
- /*
- * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
- * ticket == 0 then no ticket information is duplicated, otherwise it is.
- */
--SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
-+static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
- {
- SSL_SESSION *dest;
-
-@@ -287,6 +282,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
- return NULL;
- }
-
-+SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
-+{
-+ return ssl_session_dup_intern(src, 1);
-+}
-+
-+/*
-+ * Used internally when duplicating a session which might be already shared.
-+ * We will have resumed the original session. Subsequently we might have marked
-+ * it as non-resumable (e.g. in another thread) - but this copy should be ok to
-+ * resume from.
-+ */
-+SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
-+{
-+ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
-+
-+ if (sess != NULL)
-+ sess->not_resumable = 0;
-+
-+ return sess;
-+}
-+
- const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
- {
- if (len)
---- a/ssl/statem/statem_srvr.c
-+++ b/ssl/statem/statem_srvr.c
-@@ -2338,9 +2338,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
- * so the following won't overwrite an ID that we're supposed
- * to send back.
- */
-- if (s->session->not_resumable ||
-- (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
-- && !s->hit))
-+ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
-+ && !s->hit)
- s->session->session_id_length = 0;
-
- if (usetls13) {
-
-From c342f4b8bd2d0b375b0e22337057c2eab47d9b96 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Fri, 15 Mar 2024 17:58:42 +0000
-Subject: [PATCH] Hardening around not_resumable sessions
-
-Make sure we can't inadvertently use a not_resumable session
-
-Related to CVE-2024-2511
-
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/24044)
---- a/ssl/ssl_sess.c
-+++ b/ssl/ssl_sess.c
-@@ -533,6 +533,12 @@ SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
- ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©);
-
- if (ret != NULL) {
-+ if (ret->not_resumable) {
-+ /* If its not resumable then ignore this session */
-+ if (!copy)
-+ SSL_SESSION_free(ret);
-+ return NULL;
-+ }
- ssl_tsan_counter(s->session_ctx,
- &s->session_ctx->stats.sess_cb_hit);
-
diff --git a/dev-libs/openssl/files/openssl-3.1.5-p11-segfault.patch b/dev-libs/openssl/files/openssl-3.1.5-p11-segfault.patch
deleted file mode 100644
index 50bc63ef2d14..000000000000
--- a/dev-libs/openssl/files/openssl-3.1.5-p11-segfault.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-https://bugs.gentoo.org/916328
-https://github.com/opendnssec/SoftHSMv2/issues/729
-https://github.com/openssl/openssl/issues/22508
-https://github.com/openssl/openssl/commit/0058a55407d824d5b55ecc0a1cbf8931803dc238
-
-From 0058a55407d824d5b55ecc0a1cbf8931803dc238 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Fri, 15 Dec 2023 13:45:50 +0100
-Subject: [PATCH] Revert "Improved detection of engine-provided private
- "classic" keys"
-
-This reverts commit 2b74e75331a27fc89cad9c8ea6a26c70019300b5.
-
-The commit was wrong. With 3.x versions the engines must be themselves
-responsible for creating their EVP_PKEYs in a way that they are treated
-as legacy - either by using the respective set1 calls or by setting
-non-default EVP_PKEY_METHOD.
-
-The workaround has caused more problems than it solved.
-
-Fixes #22945
-
-Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/23063)
-
-(cherry picked from commit 39ea78379826fa98e8dc8c0d2b07e2c17cd68380)
---- a/crypto/engine/eng_pkey.c
-+++ b/crypto/engine/eng_pkey.c
-@@ -79,48 +79,6 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
- return NULL;
- }
-- /* We enforce check for legacy key */
-- switch (EVP_PKEY_get_id(pkey)) {
-- case EVP_PKEY_RSA:
-- {
-- RSA *rsa = EVP_PKEY_get1_RSA(pkey);
-- EVP_PKEY_set1_RSA(pkey, rsa);
-- RSA_free(rsa);
-- }
-- break;
--# ifndef OPENSSL_NO_EC
-- case EVP_PKEY_SM2:
-- case EVP_PKEY_EC:
-- {
-- EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
-- EVP_PKEY_set1_EC_KEY(pkey, ec);
-- EC_KEY_free(ec);
-- }
-- break;
--# endif
--# ifndef OPENSSL_NO_DSA
-- case EVP_PKEY_DSA:
-- {
-- DSA *dsa = EVP_PKEY_get1_DSA(pkey);
-- EVP_PKEY_set1_DSA(pkey, dsa);
-- DSA_free(dsa);
-- }
-- break;
--#endif
--# ifndef OPENSSL_NO_DH
-- case EVP_PKEY_DH:
-- {
-- DH *dh = EVP_PKEY_get1_DH(pkey);
-- EVP_PKEY_set1_DH(pkey, dh);
-- DH_free(dh);
-- }
-- break;
--#endif
-- default:
-- /*Do nothing */
-- break;
-- }
--
- return pkey;
- }
-
diff --git a/dev-libs/openssl/files/openssl-3.2.1-CVE-2024-2511.patch b/dev-libs/openssl/files/openssl-3.2.1-CVE-2024-2511.patch
deleted file mode 100644
index d5b40447d745..000000000000
--- a/dev-libs/openssl/files/openssl-3.2.1-CVE-2024-2511.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-https://www.openssl.org/news/secadv/20240408.txt
-https://bugs.gentoo.org/930047
-https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
-https://github.com/openssl/openssl/commit/4d67109432646c113887b0aa8091fb0d1b3057e6
-
-From e9d7083e241670332e0443da0f0d4ffb52829f08 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 5 Mar 2024 15:43:53 +0000
-Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3
-
-In TLSv1.3 we create a new session object for each ticket that we send.
-We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
-use then the new session will be added to the session cache. However, if
-early data is not in use (and therefore anti-replay protection is being
-used), then multiple threads could be resuming from the same session
-simultaneously. If this happens and a problem occurs on one of the threads,
-then the original session object could be marked as not_resumable. When we
-duplicate the session object this not_resumable status gets copied into the
-new session object. The new session object is then added to the session
-cache even though it is not_resumable.
-
-Subsequently, another bug means that the session_id_length is set to 0 for
-sessions that are marked as not_resumable - even though that session is
-still in the cache. Once this happens the session can never be removed from
-the cache. When that object gets to be the session cache tail object the
-cache never shrinks again and grows indefinitely.
-
-CVE-2024-2511
-
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/24043)
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -4457,9 +4457,10 @@ void ssl_update_cache(SSL_CONNECTION *s, int mode)
-
- /*
- * If the session_id_length is 0, we are not supposed to cache it, and it
-- * would be rather hard to do anyway :-)
-+ * would be rather hard to do anyway :-). Also if the session has already
-+ * been marked as not_resumable we should not cache it for later reuse.
- */
-- if (s->session->session_id_length == 0)
-+ if (s->session->session_id_length == 0 || s->session->not_resumable)
- return;
-
- /*
---- a/ssl/ssl_sess.c
-+++ b/ssl/ssl_sess.c
-@@ -127,16 +127,11 @@ SSL_SESSION *SSL_SESSION_new(void)
- return ss;
- }
-
--SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
--{
-- return ssl_session_dup(src, 1);
--}
--
- /*
- * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
- * ticket == 0 then no ticket information is duplicated, otherwise it is.
- */
--SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
-+static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
- {
- SSL_SESSION *dest;
-
-@@ -265,6 +260,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
- return NULL;
- }
-
-+SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
-+{
-+ return ssl_session_dup_intern(src, 1);
-+}
-+
-+/*
-+ * Used internally when duplicating a session which might be already shared.
-+ * We will have resumed the original session. Subsequently we might have marked
-+ * it as non-resumable (e.g. in another thread) - but this copy should be ok to
-+ * resume from.
-+ */
-+SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
-+{
-+ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
-+
-+ if (sess != NULL)
-+ sess->not_resumable = 0;
-+
-+ return sess;
-+}
-+
- const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
- {
- if (len)
---- a/ssl/statem/statem_srvr.c
-+++ b/ssl/statem/statem_srvr.c
-@@ -2445,9 +2445,8 @@ CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt)
- * so the following won't overwrite an ID that we're supposed
- * to send back.
- */
-- if (s->session->not_resumable ||
-- (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER)
-- && !s->hit))
-+ if (!(SSL_CONNECTION_GET_CTX(s)->session_cache_mode & SSL_SESS_CACHE_SERVER)
-+ && !s->hit)
- s->session->session_id_length = 0;
-
- if (usetls13) {
-
-From 4d67109432646c113887b0aa8091fb0d1b3057e6 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Fri, 15 Mar 2024 17:58:42 +0000
-Subject: [PATCH] Hardening around not_resumable sessions
-
-Make sure we can't inadvertently use a not_resumable session
-
-Related to CVE-2024-2511
-
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/24043)
---- a/ssl/ssl_sess.c
-+++ b/ssl/ssl_sess.c
-@@ -519,6 +519,12 @@ SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s,
- sess_id, sess_id_len, ©);
-
- if (ret != NULL) {
-+ if (ret->not_resumable) {
-+ /* If its not resumable then ignore this session */
-+ if (!copy)
-+ SSL_SESSION_free(ret);
-+ return NULL;
-+ }
- ssl_tsan_counter(s->session_ctx,
- &s->session_ctx->stats.sess_cb_hit);
-
diff --git a/dev-libs/openssl/files/openssl-3.2.1-p11-segfault.patch b/dev-libs/openssl/files/openssl-3.2.1-p11-segfault.patch
deleted file mode 100644
index 59e785caac7c..000000000000
--- a/dev-libs/openssl/files/openssl-3.2.1-p11-segfault.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-https://bugs.gentoo.org/916328
-https://github.com/opendnssec/SoftHSMv2/issues/729
-https://github.com/openssl/openssl/issues/22508
-https://github.com/openssl/openssl/commit/934943281267259fa928f4a5814b176525461a65
-
-From 934943281267259fa928f4a5814b176525461a65 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Fri, 15 Dec 2023 13:45:50 +0100
-Subject: [PATCH] Revert "Improved detection of engine-provided private
- "classic" keys"
-
-This reverts commit 2b74e75331a27fc89cad9c8ea6a26c70019300b5.
-
-The commit was wrong. With 3.x versions the engines must be themselves
-responsible for creating their EVP_PKEYs in a way that they are treated
-as legacy - either by using the respective set1 calls or by setting
-non-default EVP_PKEY_METHOD.
-
-The workaround has caused more problems than it solved.
-
-Fixes #22945
-
-Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/23063)
-
-(cherry picked from commit 39ea78379826fa98e8dc8c0d2b07e2c17cd68380)
---- a/crypto/engine/eng_pkey.c
-+++ b/crypto/engine/eng_pkey.c
-@@ -79,48 +79,6 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
- ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
- return NULL;
- }
-- /* We enforce check for legacy key */
-- switch (EVP_PKEY_get_id(pkey)) {
-- case EVP_PKEY_RSA:
-- {
-- RSA *rsa = EVP_PKEY_get1_RSA(pkey);
-- EVP_PKEY_set1_RSA(pkey, rsa);
-- RSA_free(rsa);
-- }
-- break;
--# ifndef OPENSSL_NO_EC
-- case EVP_PKEY_SM2:
-- case EVP_PKEY_EC:
-- {
-- EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
-- EVP_PKEY_set1_EC_KEY(pkey, ec);
-- EC_KEY_free(ec);
-- }
-- break;
--# endif
--# ifndef OPENSSL_NO_DSA
-- case EVP_PKEY_DSA:
-- {
-- DSA *dsa = EVP_PKEY_get1_DSA(pkey);
-- EVP_PKEY_set1_DSA(pkey, dsa);
-- DSA_free(dsa);
-- }
-- break;
--#endif
--# ifndef OPENSSL_NO_DH
-- case EVP_PKEY_DH:
-- {
-- DH *dh = EVP_PKEY_get1_DH(pkey);
-- EVP_PKEY_set1_DH(pkey, dh);
-- DH_free(dh);
-- }
-- break;
--#endif
-- default:
-- /*Do nothing */
-- break;
-- }
--
- return pkey;
- }
-
-
diff --git a/dev-libs/openssl/files/openssl-3.2.1-riscv.patch b/dev-libs/openssl/files/openssl-3.2.1-riscv.patch
deleted file mode 100644
index 51256cf434e2..000000000000
--- a/dev-libs/openssl/files/openssl-3.2.1-riscv.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-# Bug: https://bugs.gentoo.org/923956
-# Upstream PR: https://github.com/openssl/openssl/pull/23752
---- a/providers/implementations/ciphers/cipher_aes_gcm_hw.c
-+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw.c
-@@ -142,9 +142,9 @@ static const PROV_GCM_HW aes_gcm = {
- # include "cipher_aes_gcm_hw_armv8.inc"
- #elif defined(PPC_AES_GCM_CAPABLE) && defined(_ARCH_PPC64)
- # include "cipher_aes_gcm_hw_ppc.inc"
--#elif defined(__riscv) && __riscv_xlen == 64
-+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
- # include "cipher_aes_gcm_hw_rv64i.inc"
--#elif defined(__riscv) && __riscv_xlen == 32
-+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
- # include "cipher_aes_gcm_hw_rv32i.inc"
- #else
- const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits)
---- a/providers/implementations/ciphers/cipher_aes_hw.c
-+++ b/providers/implementations/ciphers/cipher_aes_hw.c
-@@ -142,9 +142,9 @@ const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_##mode(size_t keybits) \
- # include "cipher_aes_hw_t4.inc"
- #elif defined(S390X_aes_128_CAPABLE)
- # include "cipher_aes_hw_s390x.inc"
--#elif defined(__riscv) && __riscv_xlen == 64
-+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
- # include "cipher_aes_hw_rv64i.inc"
--#elif defined(__riscv) && __riscv_xlen == 32
-+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
- # include "cipher_aes_hw_rv32i.inc"
- #else
- /* The generic case */
---- a/providers/implementations/ciphers/cipher_aes_ocb_hw.c
-+++ b/providers/implementations/ciphers/cipher_aes_ocb_hw.c
-@@ -104,7 +104,7 @@ static const PROV_CIPHER_HW aes_t4_ocb = { \
- if (SPARC_AES_CAPABLE) \
- return &aes_t4_ocb;
-
--#elif defined(__riscv) && __riscv_xlen == 64
-+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
-
- static int cipher_hw_aes_ocb_rv64i_zknd_zkne_initkey(PROV_CIPHER_CTX *vctx,
- const unsigned char *key,
-@@ -126,7 +126,7 @@ static const PROV_CIPHER_HW aes_rv64i_zknd_zkne_ocb = { \
- if (RISCV_HAS_ZKND_AND_ZKNE()) \
- return &aes_rv64i_zknd_zkne_ocb;
-
--#elif defined(__riscv) && __riscv_xlen == 32
-+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
-
- static int cipher_hw_aes_ocb_rv32i_zknd_zkne_initkey(PROV_CIPHER_CTX *vctx,
- const unsigned char *key,
---- a/providers/implementations/ciphers/cipher_aes_xts_hw.c
-+++ b/providers/implementations/ciphers/cipher_aes_xts_hw.c
-@@ -159,7 +159,7 @@ static const PROV_CIPHER_HW aes_xts_t4 = { \
- if (SPARC_AES_CAPABLE) \
- return &aes_xts_t4;
-
--#elif defined(__riscv) && __riscv_xlen == 64
-+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
-
- static int cipher_hw_aes_xts_rv64i_zknd_zkne_initkey(PROV_CIPHER_CTX *ctx,
- const unsigned char *key,
-@@ -185,7 +185,7 @@ static const PROV_CIPHER_HW aes_xts_rv64i_zknd_zkne = { \
- if (RISCV_HAS_ZKND_AND_ZKNE()) \
- return &aes_xts_rv64i_zknd_zkne;
-
--#elif defined(__riscv) && __riscv_xlen == 32
-+#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
-
- static int cipher_hw_aes_xts_rv32i_zknd_zkne_initkey(PROV_CIPHER_CTX *ctx,
- const unsigned char *key,
diff --git a/dev-libs/openssl/files/openssl-3.2.1-s390x.patch b/dev-libs/openssl/files/openssl-3.2.1-s390x.patch
deleted file mode 100644
index 3cbf4854e12e..000000000000
--- a/dev-libs/openssl/files/openssl-3.2.1-s390x.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-https://bugs.gentoo.org/923957
-https://github.com/openssl/openssl/pull/23458
-https://github.com/openssl/openssl/commit/5fa5d59750db9df00f4871949a66020ac44f4f9c
-
-From 5fa5d59750db9df00f4871949a66020ac44f4f9c Mon Sep 17 00:00:00 2001
-From: Ingo Franzki <ifranzki@linux.ibm.com>
-Date: Fri, 2 Feb 2024 10:20:55 +0100
-Subject: [PATCH] s390x: Fix build on s390x with 'disable-asm'
-
-Do not define S390X_MOD_EXP for a NO_ASM build, this would result in
-unresolved externals for s390x_mod_exp and s390x_crt.
-
-Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
-
-Reviewed-by: Hugo Landau <hlandau@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/23458)
-
-(cherry picked from commit a5b0c568dbefddd154f99011d7ce76cfbfadb67a)
---- a/include/crypto/bn.h
-+++ b/include/crypto/bn.h
-@@ -116,7 +116,8 @@ OSSL_LIB_CTX *ossl_bn_get_libctx(BN_CTX *ctx);
-
- extern const BIGNUM ossl_bn_inv_sqrt_2;
-
--#if defined(OPENSSL_SYS_LINUX) && !defined(FIPS_MODULE) && defined (__s390x__)
-+#if defined(OPENSSL_SYS_LINUX) && !defined(FIPS_MODULE) && defined (__s390x__) \
-+ && !defined (OPENSSL_NO_ASM)
- # define S390X_MOD_EXP
- #endif
-
next reply other threads:[~2024-08-03 5:08 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-03 5:08 Sam James [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-03-28 21:06 [gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/ Conrad Kostecki
2025-01-29 19:30 Sam James
2024-12-23 20:01 Conrad Kostecki
2023-12-31 2:38 Conrad Kostecki
2023-10-29 3:53 Sam James
2023-10-04 21:45 Conrad Kostecki
2023-05-25 14:59 Mike Gilbert
2023-03-19 3:22 Sam James
2023-02-22 19:34 Mike Gilbert
2023-02-08 17:17 Sam James
2022-08-19 23:00 Sam James
2022-04-25 10:11 WANG Xuerui
2021-02-12 22:35 Conrad Kostecki
2020-12-17 14:11 Andreas K. Hüttel
2020-04-02 14:56 Mike Gilbert
2019-11-24 0:44 Aaron Bauman
2018-10-31 8:06 Lars Wendler
2018-05-12 20:26 Robin H. Johnson
2018-05-04 7:18 Lars Wendler
2016-08-26 17:56 Mike Gilbert
2016-02-26 22:51 Doug Goldstein
2016-01-17 9:01 Mike Frysinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1722661635.fcbeb0799f940bd8b1a9f8894e508a821d1a366d.sam@gentoo \
--to=sam@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox