Tuesday, March 14, 2023

[new] security/openssl/3.1

Released today: https://www.openssl.org/news/openssl-3.1-notes.html

This doesn't need to make the 7.3 release, but I guess it would be nice
to have. Since it is quarantined under eopenssl31, I don't expect any
impact on ports.

The changelog contains nothing particularly exciting except that there's
initial RiscV assembly support. It looks like that assembly is already
x-only clean, so I left the noexeconly exemption.

It would be nice if someone could run regress on riscv64 to confirm.

I took the 3.0 port, attempted to adjust the PKGSPEC line, dropped a
@conflict from the PLIST, ran s/30/31/g over the Makefile and reset the
SHLIBVER to 0.0 (should that be ahead of 3.0?). That's about it.

I refreshed the patches and needed to adjust the armv8 assembly a little.

Passes regress on an amd64 machine with PKU and arm64 (beware, it takes
forever).


There's one failing test case on sparc64. Not sure if that's new.
I'll look more closely:

../../util/wrap.pl ../../test/ssl_test 02-protocol-version.cnf.default default => 139
not ok 6 - running CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs test/ssl_test test/
ssl-tests/02-protocol-version.cnf default

#0 0x00000066c7e33610 in aes256_t4_cbc_encrypt ()
from /usr/ports/pobj/openssl-3.1.0/openssl-3.1.0/libcrypto.so.0.0
#1 0x00000066c8089674 in ossl_cipher_hw_generic_cbc ()
from /usr/ports/pobj/openssl-3.1.0/openssl-3.1.0/libcrypto.so.0.0
#2 0x00000066c808616c in ossl_cipher_generic_block_update ()
from /usr/ports/pobj/openssl-3.1.0/openssl-3.1.0/libcrypto.so.0.0
#3 0x00000066c7f503e8 in EVP_EncryptUpdate ()
from /usr/ports/pobj/openssl-3.1.0/openssl-3.1.0/libcrypto.so.0.0
#4 0x00000066f06d35dc in tls_construct_new_session_ticket ()
from /usr/ports/pobj/openssl-3.1.0/openssl-3.1.0/libssl.so.0.0
#5 0x00000066f06c2dec in state_machine ()
from /usr/ports/pobj/openssl-3.1.0/openssl-3.1.0/libssl.so.0.0
#6 0x00000066f068fd60 in SSL_do_handshake ()

No comments:

Post a Comment