Toshaan Bharvani
1 year ago
commit
45a49eef9e
43 changed files with 46462 additions and 0 deletions
@ -0,0 +1,82 @@
@@ -0,0 +1,82 @@
|
||||
UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8) |
||||
DAYS=365 |
||||
KEYLEN=2048 |
||||
TYPE=rsa:$(KEYLEN) |
||||
EXTRA_FLAGS= |
||||
ifdef SERIAL |
||||
EXTRA_FLAGS+=-set_serial $(SERIAL) |
||||
endif |
||||
|
||||
.PHONY: usage |
||||
.SUFFIXES: .key .csr .crt .pem |
||||
.PRECIOUS: %.key %.csr %.crt %.pem |
||||
|
||||
usage: |
||||
@echo "This makefile allows you to create:" |
||||
@echo " o public/private key pairs" |
||||
@echo " o SSL certificate signing requests (CSRs)" |
||||
@echo " o self-signed SSL test certificates" |
||||
@echo |
||||
@echo "To create a key pair, run \"make SOMETHING.key\"." |
||||
@echo "To create a CSR, run \"make SOMETHING.csr\"." |
||||
@echo "To create a test certificate, run \"make SOMETHING.crt\"." |
||||
@echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"." |
||||
@echo |
||||
@echo "To create a key for use with Apache, run \"make genkey\"." |
||||
@echo "To create a CSR for use with Apache, run \"make certreq\"." |
||||
@echo "To create a test certificate for use with Apache, run \"make testcert\"." |
||||
@echo |
||||
@echo "To create a test certificate with serial number other than random, add SERIAL=num" |
||||
@echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n" |
||||
@echo "Any additional options can be passed to openssl req via EXTRA_FLAGS" |
||||
@echo |
||||
@echo Examples: |
||||
@echo " make server.key" |
||||
@echo " make server.csr" |
||||
@echo " make server.crt" |
||||
@echo " make stunnel.pem" |
||||
@echo " make genkey" |
||||
@echo " make certreq" |
||||
@echo " make testcert" |
||||
@echo " make server.crt SERIAL=1" |
||||
@echo " make stunnel.pem EXTRA_FLAGS=-sha384" |
||||
@echo " make testcert DAYS=600" |
||||
|
||||
%.pem: |
||||
umask 77 ; \ |
||||
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ |
||||
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ |
||||
/usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \ |
||||
cat $$PEM1 > $@ ; \ |
||||
echo "" >> $@ ; \ |
||||
cat $$PEM2 >> $@ ; \ |
||||
$(RM) $$PEM1 $$PEM2 |
||||
|
||||
%.key: |
||||
umask 77 ; \ |
||||
/usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@ |
||||
|
||||
%.csr: %.key |
||||
umask 77 ; \ |
||||
/usr/bin/openssl req $(UTF8) -new -key $^ -out $@ |
||||
|
||||
%.crt: %.key |
||||
umask 77 ; \ |
||||
/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS) |
||||
|
||||
TLSROOT=/etc/pki/tls |
||||
KEY=$(TLSROOT)/private/localhost.key |
||||
CSR=$(TLSROOT)/certs/localhost.csr |
||||
CRT=$(TLSROOT)/certs/localhost.crt |
||||
|
||||
genkey: $(KEY) |
||||
certreq: $(CSR) |
||||
testcert: $(CRT) |
||||
|
||||
$(CSR): $(KEY) |
||||
umask 77 ; \ |
||||
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR) |
||||
|
||||
$(CRT): $(KEY) |
||||
umask 77 ; \ |
||||
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS) |
@ -0,0 +1,582 @@
@@ -0,0 +1,582 @@
|
||||
/* |
||||
* Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. |
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
||||
* |
||||
* Licensed under the OpenSSL license (the "License"). You may not use |
||||
* this file except in compliance with the License. You can obtain a copy |
||||
* in the file LICENSE in the source distribution or at |
||||
* https://www.openssl.org/source/license.html |
||||
*/ |
||||
|
||||
#include <string.h> |
||||
#include "ec_local.h" |
||||
#include <openssl/err.h> |
||||
#include <openssl/obj_mac.h> |
||||
#include <openssl/opensslconf.h> |
||||
#include "internal/nelem.h" |
||||
|
||||
typedef struct { |
||||
int field_type, /* either NID_X9_62_prime_field or |
||||
* NID_X9_62_characteristic_two_field */ |
||||
seed_len, param_len; |
||||
unsigned int cofactor; /* promoted to BN_ULONG */ |
||||
} EC_CURVE_DATA; |
||||
|
||||
/* the nist prime curves */ |
||||
static const struct { |
||||
EC_CURVE_DATA h; |
||||
unsigned char data[20 + 28 * 6]; |
||||
} _EC_NIST_PRIME_224 = { |
||||
{ |
||||
NID_X9_62_prime_field, 20, 28, 1 |
||||
}, |
||||
{ |
||||
/* seed */ |
||||
0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F, |
||||
0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5, |
||||
/* p */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
||||
0x00, 0x00, 0x00, 0x01, |
||||
/* a */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFE, |
||||
/* b */ |
||||
0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56, |
||||
0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, |
||||
0x23, 0x55, 0xFF, 0xB4, |
||||
/* x */ |
||||
0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9, |
||||
0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, |
||||
0x11, 0x5C, 0x1D, 0x21, |
||||
/* y */ |
||||
0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6, |
||||
0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99, |
||||
0x85, 0x00, 0x7e, 0x34, |
||||
/* order */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, |
||||
0x5C, 0x5C, 0x2A, 0x3D |
||||
} |
||||
}; |
||||
|
||||
static const struct { |
||||
EC_CURVE_DATA h; |
||||
unsigned char data[20 + 48 * 6]; |
||||
} _EC_NIST_PRIME_384 = { |
||||
{ |
||||
NID_X9_62_prime_field, 20, 48, 1 |
||||
}, |
||||
{ |
||||
/* seed */ |
||||
0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A, |
||||
0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73, |
||||
/* p */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
/* a */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC, |
||||
/* b */ |
||||
0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B, |
||||
0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12, |
||||
0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D, |
||||
0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF, |
||||
/* x */ |
||||
0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E, |
||||
0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98, |
||||
0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D, |
||||
0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7, |
||||
/* y */ |
||||
0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf, |
||||
0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c, |
||||
0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, |
||||
0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f, |
||||
/* order */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2, |
||||
0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 |
||||
} |
||||
}; |
||||
|
||||
static const struct { |
||||
EC_CURVE_DATA h; |
||||
unsigned char data[20 + 66 * 6]; |
||||
} _EC_NIST_PRIME_521 = { |
||||
{ |
||||
NID_X9_62_prime_field, 20, 66, 1 |
||||
}, |
||||
{ |
||||
/* seed */ |
||||
0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17, |
||||
0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA, |
||||
/* p */ |
||||
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
/* a */ |
||||
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, |
||||
/* b */ |
||||
0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A, |
||||
0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, |
||||
0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19, |
||||
0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, |
||||
0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45, |
||||
0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00, |
||||
/* x */ |
||||
0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E, |
||||
0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, |
||||
0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B, |
||||
0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, |
||||
0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E, |
||||
0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66, |
||||
/* y */ |
||||
0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, |
||||
0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, |
||||
0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, |
||||
0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, |
||||
0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, |
||||
0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, |
||||
/* order */ |
||||
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86, |
||||
0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, |
||||
0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F, |
||||
0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09 |
||||
} |
||||
}; |
||||
|
||||
static const struct { |
||||
EC_CURVE_DATA h; |
||||
unsigned char data[20 + 32 * 6]; |
||||
} _EC_X9_62_PRIME_256V1 = { |
||||
{ |
||||
NID_X9_62_prime_field, 20, 32, 1 |
||||
}, |
||||
{ |
||||
/* seed */ |
||||
0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1, |
||||
0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90, |
||||
/* p */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
/* a */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, |
||||
/* b */ |
||||
0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55, |
||||
0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, |
||||
0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B, |
||||
/* x */ |
||||
0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5, |
||||
0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, |
||||
0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96, |
||||
/* y */ |
||||
0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, |
||||
0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, |
||||
0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, |
||||
/* order */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, |
||||
0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 |
||||
} |
||||
}; |
||||
|
||||
static const struct { |
||||
EC_CURVE_DATA h; |
||||
unsigned char data[0 + 32 * 6]; |
||||
} _EC_SECG_PRIME_256K1 = { |
||||
{ |
||||
NID_X9_62_prime_field, 0, 32, 1 |
||||
}, |
||||
{ |
||||
/* no seed */ |
||||
/* p */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F, |
||||
/* a */ |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
||||
/* b */ |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, |
||||
/* x */ |
||||
0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, |
||||
0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, |
||||
0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, |
||||
/* y */ |
||||
0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc, |
||||
0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, |
||||
0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, |
||||
/* order */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, |
||||
0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41 |
||||
} |
||||
}; |
||||
|
||||
typedef struct _ec_list_element_st { |
||||
int nid; |
||||
const EC_CURVE_DATA *data; |
||||
const EC_METHOD *(*meth) (void); |
||||
const char *comment; |
||||
} ec_list_element; |
||||
|
||||
static const ec_list_element curve_list[] = { |
||||
/* prime field curves */ |
||||
/* secg curves */ |
||||
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 |
||||
{NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, |
||||
"NIST/SECG curve over a 224 bit prime field"}, |
||||
#else |
||||
{NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, |
||||
"NIST/SECG curve over a 224 bit prime field"}, |
||||
#endif |
||||
{NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, |
||||
"SECG curve over a 256 bit prime field"}, |
||||
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ |
||||
{NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, |
||||
"NIST/SECG curve over a 384 bit prime field"}, |
||||
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 |
||||
{NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method, |
||||
"NIST/SECG curve over a 521 bit prime field"}, |
||||
#else |
||||
{NID_secp521r1, &_EC_NIST_PRIME_521.h, 0, |
||||
"NIST/SECG curve over a 521 bit prime field"}, |
||||
#endif |
||||
/* X9.62 curves */ |
||||
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, |
||||
#if defined(ECP_NISTZ256_ASM) |
||||
EC_GFp_nistz256_method, |
||||
#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) |
||||
EC_GFp_nistp256_method, |
||||
#else |
||||
0, |
||||
#endif |
||||
"X9.62/SECG curve over a 256 bit prime field"}, |
||||
}; |
||||
|
||||
#define curve_list_length OSSL_NELEM(curve_list) |
||||
|
||||
static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) |
||||
{ |
||||
EC_GROUP *group = NULL; |
||||
EC_POINT *P = NULL; |
||||
BN_CTX *ctx = NULL; |
||||
BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order = |
||||
NULL; |
||||
int ok = 0; |
||||
int seed_len, param_len; |
||||
const EC_METHOD *meth; |
||||
const EC_CURVE_DATA *data; |
||||
const unsigned char *params; |
||||
|
||||
/* If no curve data curve method must handle everything */ |
||||
if (curve.data == NULL) |
||||
return EC_GROUP_new(curve.meth != NULL ? curve.meth() : NULL); |
||||
|
||||
if ((ctx = BN_CTX_new()) == NULL) { |
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); |
||||
goto err; |
||||
} |
||||
|
||||
data = curve.data; |
||||
seed_len = data->seed_len; |
||||
param_len = data->param_len; |
||||
params = (const unsigned char *)(data + 1); /* skip header */ |
||||
params += seed_len; /* skip seed */ |
||||
|
||||
if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL |
||||
|| (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL |
||||
|| (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) { |
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); |
||||
goto err; |
||||
} |
||||
|
||||
if (curve.meth != 0) { |
||||
meth = curve.meth(); |
||||
if (((group = EC_GROUP_new(meth)) == NULL) || |
||||
(!(group->meth->group_set_curve(group, p, a, b, ctx)))) { |
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); |
||||
goto err; |
||||
} |
||||
} else if (data->field_type == NID_X9_62_prime_field) { |
||||
if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { |
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); |
||||
goto err; |
||||
} |
||||
} |
||||
#ifndef OPENSSL_NO_EC2M |
||||
else { /* field_type == |
||||
* NID_X9_62_characteristic_two_field */ |
||||
|
||||
if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) { |
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); |
||||
goto err; |
||||
} |
||||
} |
||||
#endif |
||||
|
||||
EC_GROUP_set_curve_name(group, curve.nid); |
||||
|
||||
if ((P = EC_POINT_new(group)) == NULL) { |
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); |
||||
goto err; |
||||
} |
||||
|
||||
if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL |
||||
|| (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) { |
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); |
||||
goto err; |
||||
} |
||||
if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) { |
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); |
||||
goto err; |
||||
} |
||||
if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL |
||||
|| !BN_set_word(x, (BN_ULONG)data->cofactor)) { |
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); |
||||
goto err; |
||||
} |
||||
if (!EC_GROUP_set_generator(group, P, order, x)) { |
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); |
||||
goto err; |
||||
} |
||||
if (seed_len) { |
||||
if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) { |
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); |
||||
goto err; |
||||
} |
||||
} |
||||
ok = 1; |
||||
err: |
||||
if (!ok) { |
||||
EC_GROUP_free(group); |
||||
group = NULL; |
||||
} |
||||
EC_POINT_free(P); |
||||
BN_CTX_free(ctx); |
||||
BN_free(p); |
||||
BN_free(a); |
||||
BN_free(b); |
||||
BN_free(order); |
||||
BN_free(x); |
||||
BN_free(y); |
||||
return group; |
||||
} |
||||
|
||||
EC_GROUP *EC_GROUP_new_by_curve_name(int nid) |
||||
{ |
||||
size_t i; |
||||
EC_GROUP *ret = NULL; |
||||
|
||||
if (nid <= 0) |
||||
return NULL; |
||||
|
||||
for (i = 0; i < curve_list_length; i++) |
||||
if (curve_list[i].nid == nid) { |
||||
ret = ec_group_new_from_data(curve_list[i]); |
||||
break; |
||||
} |
||||
|
||||
if (ret == NULL) { |
||||
ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP); |
||||
return NULL; |
||||
} |
||||
|
||||
return ret; |
||||
} |
||||
|
||||
size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) |
||||
{ |
||||
size_t i, min; |
||||
|
||||
if (r == NULL || nitems == 0) |
||||
return curve_list_length; |
||||
|
||||
min = nitems < curve_list_length ? nitems : curve_list_length; |
||||
|
||||
for (i = 0; i < min; i++) { |
||||
r[i].nid = curve_list[i].nid; |
||||
r[i].comment = curve_list[i].comment; |
||||
} |
||||
|
||||
return curve_list_length; |
||||
} |
||||
|
||||
/* Functions to translate between common NIST curve names and NIDs */ |
||||
|
||||
typedef struct { |
||||
const char *name; /* NIST Name of curve */ |
||||
int nid; /* Curve NID */ |
||||
} EC_NIST_NAME; |
||||
|
||||
static EC_NIST_NAME nist_curves[] = { |
||||
{"B-163", NID_sect163r2}, |
||||
{"B-233", NID_sect233r1}, |
||||
{"B-283", NID_sect283r1}, |
||||
{"B-409", NID_sect409r1}, |
||||
{"B-571", NID_sect571r1}, |
||||
{"K-163", NID_sect163k1}, |
||||
{"K-233", NID_sect233k1}, |
||||
{"K-283", NID_sect283k1}, |
||||
{"K-409", NID_sect409k1}, |
||||
{"K-571", NID_sect571k1}, |
||||
{"P-192", NID_X9_62_prime192v1}, |
||||
{"P-224", NID_secp224r1}, |
||||
{"P-256", NID_X9_62_prime256v1}, |
||||
{"P-384", NID_secp384r1}, |
||||
{"P-521", NID_secp521r1} |
||||
}; |
||||
|
||||
const char *EC_curve_nid2nist(int nid) |
||||
{ |
||||
size_t i; |
||||
for (i = 0; i < OSSL_NELEM(nist_curves); i++) { |
||||
if (nist_curves[i].nid == nid) |
||||
return nist_curves[i].name; |
||||
} |
||||
return NULL; |
||||
} |
||||
|
||||
int EC_curve_nist2nid(const char *name) |
||||
{ |
||||
size_t i; |
||||
for (i = 0; i < OSSL_NELEM(nist_curves); i++) { |
||||
if (strcmp(nist_curves[i].name, name) == 0) |
||||
return nist_curves[i].nid; |
||||
} |
||||
return NID_undef; |
||||
} |
||||
|
||||
#define NUM_BN_FIELDS 6 |
||||
/* |
||||
* Validates EC domain parameter data for known named curves. |
||||
* This can be used when a curve is loaded explicitly (without a curve |
||||
* name) or to validate that domain parameters have not been modified. |
||||
* |
||||
* Returns: The nid associated with the found named curve, or NID_undef |
||||
* if not found. If there was an error it returns -1. |
||||
*/ |
||||
int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx) |
||||
{ |
||||
int ret = -1, nid, len, field_type, param_len; |
||||
size_t i, seed_len; |
||||
const unsigned char *seed, *params_seed, *params; |
||||
unsigned char *param_bytes = NULL; |
||||
const EC_CURVE_DATA *data; |
||||
const EC_POINT *generator = NULL; |
||||
const EC_METHOD *meth; |
||||
const BIGNUM *cofactor = NULL; |
||||
/* An array of BIGNUMs for (p, a, b, x, y, order) */ |
||||
BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL}; |
||||
|
||||
meth = EC_GROUP_method_of(group); |
||||
if (meth == NULL) |
||||
return -1; |
||||
/* Use the optional named curve nid as a search field */ |
||||
nid = EC_GROUP_get_curve_name(group); |
||||
field_type = EC_METHOD_get_field_type(meth); |
||||
seed_len = EC_GROUP_get_seed_len(group); |
||||
seed = EC_GROUP_get0_seed(group); |
||||
cofactor = EC_GROUP_get0_cofactor(group); |
||||
|
||||
BN_CTX_start(ctx); |
||||
|
||||
/* |
||||
* The built-in curves contains data fields (p, a, b, x, y, order) that are |
||||
* all zero-padded to be the same size. The size of the padding is |
||||
* determined by either the number of bytes in the field modulus (p) or the |
||||
* EC group order, whichever is larger. |
||||
*/ |
||||
param_len = BN_num_bytes(group->order); |
||||
len = BN_num_bytes(group->field); |
||||
if (len > param_len) |
||||
param_len = len; |
||||
|
||||
/* Allocate space to store the padded data for (p, a, b, x, y, order) */ |
||||
param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS); |
||||
if (param_bytes == NULL) |
||||
goto end; |
||||
|
||||
/* Create the bignums */ |
||||
for (i = 0; i < NUM_BN_FIELDS; ++i) { |
||||
if ((bn[i] = BN_CTX_get(ctx)) == NULL) |
||||
goto end; |
||||
} |
||||
/* |
||||
* Fill in the bn array with the same values as the internal curves |
||||
* i.e. the values are p, a, b, x, y, order. |
||||
*/ |
||||
/* Get p, a & b */ |
||||
if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx) |
||||
&& ((generator = EC_GROUP_get0_generator(group)) != NULL) |
||||
/* Get x & y */ |
||||
&& EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx) |
||||
/* Get order */ |
||||
&& EC_GROUP_get_order(group, bn[5], ctx))) |
||||
goto end; |
||||
|
||||
/* |
||||
* Convert the bignum array to bytes that are joined together to form |
||||
* a single buffer that contains data for all fields. |
||||
* (p, a, b, x, y, order) are all zero padded to be the same size. |
||||
*/ |
||||
for (i = 0; i < NUM_BN_FIELDS; ++i) { |
||||
if (BN_bn2binpad(bn[i], ¶m_bytes[i*param_len], param_len) <= 0) |
||||
goto end; |
||||
} |
||||
|
||||
for (i = 0; i < curve_list_length; i++) { |
||||
const ec_list_element curve = curve_list[i]; |
||||
|
||||
data = curve.data; |
||||
/* Get the raw order byte data */ |
||||
params_seed = (const unsigned char *)(data + 1); /* skip header */ |
||||
params = params_seed + data->seed_len; |
||||
|
||||
/* Look for unique fields in the fixed curve data */ |
||||
if (data->field_type == field_type |
||||
&& param_len == data->param_len |
||||
&& (nid <= 0 || nid == curve.nid) |
||||
/* check the optional cofactor (ignore if its zero) */ |
||||
&& (BN_is_zero(cofactor) |
||||
|| BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor)) |
||||
/* Check the optional seed (ignore if its not set) */ |
||||
&& (data->seed_len == 0 || seed_len == 0 |
||||
|| ((size_t)data->seed_len == seed_len |
||||
&& memcmp(params_seed, seed, seed_len) == 0)) |
||||
/* Check that the groups params match the built-in curve params */ |
||||
&& memcmp(param_bytes, params, param_len * NUM_BN_FIELDS) |
||||
== 0) { |
||||
ret = curve.nid; |
||||
goto end; |
||||
} |
||||
} |
||||
/* Gets here if the group was not found */ |
||||
ret = NID_undef; |
||||
end: |
||||
OPENSSL_free(param_bytes); |
||||
BN_CTX_end(ctx); |
||||
return ret; |
||||
} |
@ -0,0 +1,40 @@
@@ -0,0 +1,40 @@
|
||||
#!/bin/sh |
||||
|
||||
# Quit out if anything fails. |
||||
set -e |
||||
|
||||
# Clean out patent-or-otherwise-encumbered code. |
||||
# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway |
||||
# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore |
||||
# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore |
||||
# EC: ????????? ??/??/2020 |
||||
# SRP: ????????? ??/??/2017 - expired, we do not remove it anymore |
||||
|
||||
# Remove assembler portions of IDEA, MDC2, and RC5. |
||||
# (find crypto/rc5/asm -type f | xargs -r rm -fv) |
||||
|
||||
for c in `find crypto/bn -name "*gf2m.c"`; do |
||||
echo Destroying $c |
||||
> $c |
||||
done |
||||
|
||||
for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c"`; do |
||||
echo Destroying $c |
||||
> $c |
||||
done |
||||
|
||||
for c in `find test -name "ectest.c"`; do |
||||
echo Destroying $c |
||||
> $c |
||||
done |
||||
|
||||
for h in `find crypto ssl apps test -name "*.h"` ; do |
||||
echo Removing EC2M references from $h |
||||
cat $h | \ |
||||
awk 'BEGIN {ech=1;} \ |
||||
/^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \ |
||||
/^#[ \t]*if/ {if(ech < 1) ech--;} \ |
||||
{if(ech>0) {;print $0};} \ |
||||
/^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \ |
||||
mv $h.hobbled $h |
||||
done |
@ -0,0 +1,28 @@
@@ -0,0 +1,28 @@
|
||||
#!/bin/sh |
||||
umask 077 |
||||
|
||||
answers() { |
||||
echo -- |
||||
echo SomeState |
||||
echo SomeCity |
||||
echo SomeOrganization |
||||
echo SomeOrganizationalUnit |
||||
echo localhost.localdomain |
||||
echo root@localhost.localdomain |
||||
} |
||||
|
||||
if [ $# -eq 0 ] ; then |
||||
echo $"Usage: `basename $0` filename [...]" |
||||
exit 0 |
||||
fi |
||||
|
||||
for target in $@ ; do |
||||
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` |
||||
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` |
||||
trap "rm -f $PEM1 $PEM2" SIGINT |
||||
answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null |
||||
cat $PEM1 > ${target} |
||||
echo "" >> ${target} |
||||
cat $PEM2 >> ${target} |
||||
rm -f $PEM1 $PEM2 |
||||
done |
@ -0,0 +1,27 @@
@@ -0,0 +1,27 @@
|
||||
commit 9e885a707d604e9528b5491b78fb9c00f41193fc |
||||
Author: Tomas Mraz <tmraz@fedoraproject.org> |
||||
Date: Thu Mar 26 15:59:00 2020 +0100 |
||||
|
||||
s_server: Properly indicate ALPN protocol mismatch |
||||
|
||||
Return SSL_TLSEXT_ERR_ALERT_FATAL from alpn_select_cb so that |
||||
an alert is sent to the client on ALPN protocol mismatch. |
||||
|
||||
Fixes: #2708 |
||||
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org> |
||||
(Merged from https://github.com/openssl/openssl/pull/11415) |
||||
|
||||
diff --git a/apps/s_server.c b/apps/s_server.c |
||||
index bcc83e562c..591c6c19c5 100644 |
||||
--- a/apps/s_server.c |
||||
+++ b/apps/s_server.c |
||||
@@ -707,7 +707,7 @@ static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen, |
||||
if (SSL_select_next_proto |
||||
((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in, |
||||
inlen) != OPENSSL_NPN_NEGOTIATED) { |
||||
- return SSL_TLSEXT_ERR_NOACK; |
||||
+ return SSL_TLSEXT_ERR_ALERT_FATAL; |
||||
} |
||||
|
||||
if (!s_quiet) { |
@ -0,0 +1,12 @@
@@ -0,0 +1,12 @@
|
||||
diff -up openssl-1.1.1b/apps/ca.c.dgst openssl-1.1.1b/apps/ca.c |
||||
--- openssl-1.1.1b/apps/ca.c.dgst 2019-02-26 15:15:30.000000000 +0100 |
||||
+++ openssl-1.1.1b/apps/ca.c 2019-03-15 15:53:46.622267688 +0100 |
||||
@@ -169,7 +169,7 @@ const OPTIONS ca_options[] = { |
||||
{"enddate", OPT_ENDDATE, 's', |
||||
"YYMMDDHHMMSSZ cert notAfter (overrides -days)"}, |
||||
{"days", OPT_DAYS, 'p', "Number of days to certify the cert for"}, |
||||
- {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"}, |
||||
+ {"md", OPT_MD, 's', "md to use; see openssl help for list"}, |
||||
{"policy", OPT_POLICY, 's', "The CA 'policy' to support"}, |
||||
{"keyfile", OPT_KEYFILE, 's', "Private key"}, |
||||
{"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"}, |
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,40 @@
@@ -0,0 +1,40 @@
|
||||
diff -up openssl-1.1.1f/Configurations/10-main.conf.build openssl-1.1.1f/Configurations/10-main.conf |
||||
--- openssl-1.1.1f/Configurations/10-main.conf.build 2020-03-31 14:17:45.000000000 +0200 |
||||
+++ openssl-1.1.1f/Configurations/10-main.conf 2020-04-07 16:42:10.920546387 +0200 |
||||
@@ -678,6 +678,7 @@ my %targets = ( |
||||
cxxflags => add("-m64"), |
||||
lib_cppflags => add("-DL_ENDIAN"), |
||||
perlasm_scheme => "linux64le", |
||||
+ multilib => "64", |
||||
}, |
||||
|
||||
"linux-armv4" => { |
||||
@@ -718,6 +719,7 @@ my %targets = ( |
||||
"linux-aarch64" => { |
||||
inherit_from => [ "linux-generic64", asm("aarch64_asm") ], |
||||
perlasm_scheme => "linux64", |
||||
+ multilib => "64", |
||||
}, |
||||
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 |
||||
inherit_from => [ "linux-generic32", asm("aarch64_asm") ], |
||||
diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build openssl-1.1.1f/Configurations/unix-Makefile.tmpl |
||||
--- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build 2020-04-07 16:42:10.920546387 +0200 |
||||
+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-04-07 16:44:23.539142108 +0200 |
||||
@@ -823,7 +823,7 @@ uninstall_runtime_libs: |
||||
install_man_docs: |
||||
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) |
||||
@$(ECHO) "*** Installing manpages" |
||||
- $(PERL) $(SRCDIR)/util/process_docs.pl \ |
||||
+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ |
||||
"--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX) |
||||
|
||||
uninstall_man_docs: |
||||
@@ -835,7 +835,7 @@ uninstall_man_docs: |
||||
install_html_docs: |
||||
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) |
||||
@$(ECHO) "*** Installing HTML manpages" |
||||
- $(PERL) $(SRCDIR)/util/process_docs.pl \ |
||||
+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ |
||||
"--destdir=$(DESTDIR)$(HTMLDIR)" --type=html |
||||
|
||||
uninstall_html_docs: |
@ -0,0 +1,56 @@
@@ -0,0 +1,56 @@
|
||||
diff -up openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths openssl-1.1.1-pre8/apps/CA.pl.in |
||||
--- openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths 2018-06-20 16:48:09.000000000 +0200 |
||||
+++ openssl-1.1.1-pre8/apps/CA.pl.in 2018-07-25 17:26:58.388624296 +0200 |
||||
@@ -33,7 +33,7 @@ my $X509 = "$openssl x509"; |
||||
my $PKCS12 = "$openssl pkcs12"; |
||||
|
||||
# default openssl.cnf file has setup as per the following |
||||
-my $CATOP = "./demoCA"; |
||||
+my $CATOP = "/etc/pki/CA"; |
||||
my $CAKEY = "cakey.pem"; |
||||
my $CAREQ = "careq.pem"; |
||||
my $CACERT = "cacert.pem"; |
||||
diff -up openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths openssl-1.1.1-pre8/apps/openssl.cnf |
||||
--- openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths 2018-07-25 17:26:58.378624057 +0200 |
||||
+++ openssl-1.1.1-pre8/apps/openssl.cnf 2018-07-27 13:20:08.198513471 +0200 |
||||
@@ -23,6 +23,22 @@ oid_section = new_oids |
||||
# (Alternatively, use a configuration file that has only |
||||
# X.509v3 extensions in its main [= default] section.) |
||||
|
||||
+# Load default TLS policy configuration |
||||
+ |
||||
+openssl_conf = default_modules |
||||
+ |
||||
+[ default_modules ] |
||||
+ |
||||
+ssl_conf = ssl_module |
||||
+ |
||||
+[ ssl_module ] |
||||
+ |
||||
+system_default = crypto_policy |
||||
+ |
||||
+[ crypto_policy ] |
||||
+ |
||||
+.include = /etc/crypto-policies/back-ends/opensslcnf.config |
||||
+ |
||||
[ new_oids ] |
||||
|
||||
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. |
||||
@@ -43,7 +59,7 @@ default_ca = CA_default # The default c |
||||
#################################################################### |
||||
[ CA_default ] |
||||
|
||||
-dir = ./demoCA # Where everything is kept |
||||
+dir = /etc/pki/CA # Where everything is kept |
||||
certs = $dir/certs # Where the issued certs are kept |
||||
crl_dir = $dir/crl # Where the issued crl are kept |
||||
database = $dir/index.txt # database index file. |
||||
@@ -329,7 +345,7 @@ default_tsa = tsa_config1 # the default |
||||
[ tsa_config1 ] |
||||
|
||||
# These are used by the TSA reply generation only. |
||||
-dir = ./demoCA # TSA root directory |
||||
+dir = /etc/pki/CA # TSA root directory |
||||
serial = $dir/tsaserial # The current serial number (mandatory) |
||||
crypto_device = builtin # OpenSSL engine to use for signing |
||||
signer_cert = $dir/tsacert.pem # The TSA signing certificate |
@ -0,0 +1,179 @@
@@ -0,0 +1,179 @@
|
||||
From 3118eb64934499d93db3230748a452351d1d9a65 Mon Sep 17 00:00:00 2001 |
||||
From: Tomas Mraz <tomas@openssl.org> |
||||
Date: Mon, 28 Feb 2022 18:26:21 +0100 |
||||
Subject: [PATCH] Fix possible infinite loop in BN_mod_sqrt() |
||||
|
||||
The calculation in some cases does not finish for non-prime p. |
||||
|
||||
This fixes CVE-2022-0778. |
||||
|
||||
Based on patch by David Benjamin <davidben@google.com>. |
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org> |
||||
Reviewed-by: Matt Caswell <matt@openssl.org> |
||||
--- |
||||
crypto/bn/bn_sqrt.c | 30 ++++++++++++++++++------------ |
||||
1 file changed, 18 insertions(+), 12 deletions(-) |
||||
|
||||
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c |
||||
index 1723d5ded5a8..53b0f559855c 100644 |
||||
--- a/crypto/bn/bn_sqrt.c |
||||
+++ b/crypto/bn/bn_sqrt.c |
||||
@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) |
||||
/* |
||||
* Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks |
||||
* algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number |
||||
- * Theory", algorithm 1.5.1). 'p' must be prime! |
||||
+ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or |
||||
+ * an incorrect "result" will be returned. |
||||
*/ |
||||
{ |
||||
BIGNUM *ret = in; |
||||
@@ -301,18 +302,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) |
||||
goto vrfy; |
||||
} |
||||
|
||||
- /* find smallest i such that b^(2^i) = 1 */ |
||||
- i = 1; |
||||
- if (!BN_mod_sqr(t, b, p, ctx)) |
||||
- goto end; |
||||
- while (!BN_is_one(t)) { |
||||
- i++; |
||||
- if (i == e) { |
||||
- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); |
||||
- goto end; |
||||
+ /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */ |
||||
+ for (i = 1; i < e; i++) { |
||||
+ if (i == 1) { |
||||
+ if (!BN_mod_sqr(t, b, p, ctx)) |
||||
+ goto end; |
||||
+ |
||||
+ } else { |
||||
+ if (!BN_mod_mul(t, t, t, p, ctx)) |
||||
+ goto end; |
||||
} |
||||
- if (!BN_mod_mul(t, t, t, p, ctx)) |
||||
- goto end; |
||||
+ if (BN_is_one(t)) |
||||
+ break; |
||||
+ } |
||||
+ /* If not found, a is not a square or p is not prime. */ |
||||
+ if (i >= e) { |
||||
+ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); |
||||
+ goto end; |
||||
} |
||||
|
||||
/* t := y^2^(e - i - 1) */ |
||||
From b5fcb7e133725b8b2eb66f63f5142710ed63a6d1 Mon Sep 17 00:00:00 2001 |
||||
From: Tomas Mraz <tomas@openssl.org> |
||||
Date: Mon, 28 Feb 2022 18:26:30 +0100 |
||||
Subject: [PATCH] Add documentation of BN_mod_sqrt() |
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org> |
||||
Reviewed-by: Matt Caswell <matt@openssl.org> |
||||
--- |
||||
doc/man3/BN_add.pod | 15 +++++++++++++-- |
||||
1 file changed, 13 insertions(+), 2 deletions(-) |
||||
|
||||
diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod |
||||
index dccd4790ede7..1f5e37a4d183 100644 |
||||
--- a/doc/man3/BN_add.pod |
||||
+++ b/doc/man3/BN_add.pod |
||||
@@ -3,7 +3,7 @@ |
||||
=head1 NAME |
||||
|
||||
BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, |
||||
-BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd - |
||||
+BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd - |
||||
arithmetic operations on BIGNUMs |
||||
|
||||
=head1 SYNOPSIS |
||||
@@ -36,6 +36,8 @@ arithmetic operations on BIGNUMs |
||||
|
||||
int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); |
||||
|
||||
+ BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); |
||||
+ |
||||
int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); |
||||
|
||||
int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, |
||||
@@ -87,6 +89,12 @@ L<BN_mod_mul_reciprocal(3)>. |
||||
BN_mod_sqr() takes the square of I<a> modulo B<m> and places the |
||||
result in I<r>. |
||||
|
||||
+BN_mod_sqrt() returns the modular square root of I<a> such that |
||||
+C<in^2 = a (mod p)>. The modulus I<p> must be a |
||||
+prime, otherwise an error or an incorrect "result" will be returned. |
||||
+The result is stored into I<in> which can be NULL. The result will be |
||||
+newly allocated in that case. |
||||
+ |
||||
BN_exp() raises I<a> to the I<p>-th power and places the result in I<r> |
||||
(C<r=a^p>). This function is faster than repeated applications of |
||||
BN_mul(). |
||||
@@ -108,7 +116,10 @@ the arguments. |
||||
|
||||
=head1 RETURN VALUES |
||||
|
||||
-For all functions, 1 is returned for success, 0 on error. The return |
||||
+The BN_mod_sqrt() returns the result (possibly incorrect if I<p> is |
||||
+not a prime), or NULL. |
||||
+ |
||||
+For all remaining functions, 1 is returned for success, 0 on error. The return |
||||
value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>). |
||||
The error codes can be obtained by L<ERR_get_error(3)>. |
||||
|
||||
From 3ef5c3034e5c545f34d6929568f3f2b10ac4bdf0 Mon Sep 17 00:00:00 2001 |
||||
From: Tomas Mraz <tomas@openssl.org> |
||||
Date: Mon, 28 Feb 2022 18:26:35 +0100 |
||||
Subject: [PATCH] Add a negative testcase for BN_mod_sqrt |
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org> |
||||
Reviewed-by: Matt Caswell <matt@openssl.org> |
||||
--- |
||||
test/bntest.c | 11 ++++++++++- |
||||
test/recipes/10-test_bn_data/bnmod.txt | 12 ++++++++++++ |
||||
2 files changed, 22 insertions(+), 1 deletion(-) |
||||
|
||||
diff --git a/test/bntest.c b/test/bntest.c |
||||
index 390dd800733e..1cab660bcafb 100644 |
||||
--- a/test/bntest.c |
||||
+++ b/test/bntest.c |
||||
@@ -1729,8 +1729,17 @@ static int file_modsqrt(STANZA *s) |
||||
|| !TEST_ptr(ret2 = BN_new())) |
||||
goto err; |
||||
|
||||
+ if (BN_is_negative(mod_sqrt)) { |
||||
+ /* A negative testcase */ |
||||
+ if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx))) |
||||
+ goto err; |
||||
+ |
||||
+ st = 1; |
||||
+ goto err; |
||||
+ } |
||||
+ |
||||
/* There are two possible answers. */ |
||||
- if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx)) |
||||
+ if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx)) |
||||
|| !TEST_true(BN_sub(ret2, p, ret))) |
||||
goto err; |
||||
|
||||
diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt |
||||
index 5ea4d031f271..e28cc6bfb02e 100644 |
||||
--- a/test/recipes/10-test_bn_data/bnmod.txt |
||||
+++ b/test/recipes/10-test_bn_data/bnmod.txt |
||||
@@ -2799,3 +2799,15 @@ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f |
||||
ModSqrt = a1d52989f12f204d3d2167d9b1e6c8a6174c0c786a979a5952383b7b8bd186 |
||||
A = 2eee37cf06228a387788188e650bc6d8a2ff402931443f69156a29155eca07dcb45f3aac238d92943c0c25c896098716baa433f25bd696a142f5a69d5d937e81 |
||||
P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f |
||||
+ |
||||
+# Negative testcases for BN_mod_sqrt() |
||||
+ |
||||
+# This one triggers an infinite loop with unfixed implementation |
||||
+# It should just fail. |
||||
+ModSqrt = -1 |
||||
+A = 20a7ee |
||||
+P = 460201 |
||||
+ |
||||
+ModSqrt = -1 |
||||
+A = 65bebdb00a96fc814ec44b81f98b59fba3c30203928fa5214c51e0a97091645280c947b005847f239758482b9bfc45b066fde340d1fe32fc9c1bf02e1b2d0ed |
||||
+P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f |
@ -0,0 +1,51 @@
@@ -0,0 +1,51 @@
|
||||
diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cnf |
||||
--- openssl-1.1.1a/apps/openssl.cnf.defaults 2018-11-20 14:35:37.000000000 +0100 |
||||
+++ openssl-1.1.1a/apps/openssl.cnf 2019-01-15 13:56:50.841719776 +0100 |
||||
@@ -74,7 +74,7 @@ cert_opt = ca_default # Certificate fi |
||||
|
||||
default_days = 365 # how long to certify for |
||||
default_crl_days= 30 # how long before next CRL |
||||
-default_md = default # use public key default MD |
||||
+default_md = sha256 # use SHA-256 by default |
||||
preserve = no # keep passed DN ordering |
||||
|
||||
# A few difference way of specifying how similar the request should look |
||||
@@ -106,6 +106,7 @@ emailAddress = optional |
||||
#################################################################### |
||||
[ req ] |
||||
default_bits = 2048 |
||||
+default_md = sha256 |
||||
default_keyfile = privkey.pem |
||||
distinguished_name = req_distinguished_name |
||||
attributes = req_attributes |
||||
@@ -128,17 +129,18 @@ string_mask = utf8only |
||||
|
||||
[ req_distinguished_name ] |
||||
countryName = Country Name (2 letter code) |
||||
-countryName_default = AU |
||||
+countryName_default = XX |
||||
countryName_min = 2 |
||||
countryName_max = 2 |
||||
|
||||
stateOrProvinceName = State or Province Name (full name) |
||||
-stateOrProvinceName_default = Some-State |
||||
+#stateOrProvinceName_default = Default Province |
||||
|
||||
localityName = Locality Name (eg, city) |
||||
+localityName_default = Default City |
||||
|
||||
0.organizationName = Organization Name (eg, company) |
||||
-0.organizationName_default = Internet Widgits Pty Ltd |
||||
+0.organizationName_default = Default Company Ltd |
||||
|
||||
# we can do this but it is not needed normally :-) |
||||
#1.organizationName = Second Organization Name (eg, company) |
||||
@@ -147,7 +149,7 @@ localityName = Locality Name (eg, city |
||||
organizationalUnitName = Organizational Unit Name (eg, section) |
||||
#organizationalUnitName_default = |
||||
|
||||
-commonName = Common Name (e.g. server FQDN or YOUR name) |
||||
+commonName = Common Name (eg, your name or your server\'s hostname) |
||||
commonName_max = 64 |
||||
|
||||
emailAddress = Email Address |
@ -0,0 +1,125 @@
@@ -0,0 +1,125 @@
|
||||
Disable FIPS mode |
||||
|
||||
FIPS mode is not supported for compat-openssl11. Apply a minimal patch |
||||
that will reject explicit enabling of FIPS mode and disable automatic |
||||
activation of FIPS mode. |
||||
|
||||
To avoid regressions, keep the rest of the library as it was. |
||||
|
||||
diff -up openssl-1.1.1k/crypto/fips/fips.c.disable-fips openssl-1.1.1k/crypto/fips/fips.c |
||||
--- openssl-1.1.1k/crypto/fips/fips.c.disable-fips 2022-05-30 17:05:28.604500582 +0200 |
||||
+++ openssl-1.1.1k/crypto/fips/fips.c 2022-05-30 17:09:46.129110042 +0200 |
||||
@@ -405,13 +405,8 @@ static int verify_checksums(void) |
||||
|
||||
int FIPS_module_installed(void) |
||||
{ |
||||
- int rv; |
||||
- rv = access(FIPS_MODULE_PATH, F_OK); |
||||
- if (rv < 0 && errno != ENOENT) |
||||
- rv = 0; |
||||
- |
||||
/* Installed == true */ |
||||
- return !rv || FIPS_module_mode(); |
||||
+ return 0; |
||||
} |
||||
|
||||
int FIPS_module_mode_set(int onoff) |
||||
diff -up openssl-1.1.1k/crypto/o_fips.c.disable-fips openssl-1.1.1k/crypto/o_fips.c |
||||
--- openssl-1.1.1k/crypto/o_fips.c.disable-fips 2022-05-30 17:05:37.411658179 +0200 |
||||
+++ openssl-1.1.1k/crypto/o_fips.c 2022-05-30 17:06:25.279514707 +0200 |
||||
@@ -12,24 +12,14 @@ |
||||
|
||||
int FIPS_mode(void) |
||||
{ |
||||
-#ifdef OPENSSL_FIPS |
||||
- return FIPS_module_mode(); |
||||
-#else |
||||
/* This version of the library does not support FIPS mode. */ |
||||
return 0; |
||||
-#endif |
||||
} |
||||
|
||||
int FIPS_mode_set(int r) |
||||
{ |
||||
-#ifdef OPENSSL_FIPS |
||||
- if (r && FIPS_module_mode()) /* can be implicitly initialized by OPENSSL_init() */ |
||||
- return 1; |
||||
- return FIPS_module_mode_set(r); |
||||
-#else |
||||
if (r == 0) |
||||
return 1; |
||||
CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED); |
||||
return 0; |
||||
-#endif |
||||
} |
||||
diff -up openssl-1.1.1k/crypto/o_init.c.disable-fips openssl-1.1.1k/crypto/o_init.c |
||||
--- openssl-1.1.1k/crypto/o_init.c.disable-fips 2022-05-30 17:06:58.250104676 +0200 |
||||
+++ openssl-1.1.1k/crypto/o_init.c 2022-05-30 17:17:12.369135344 +0200 |
||||
@@ -7,55 +7,9 @@ |
||||
* https://www.openssl.org/source/license.html |
||||
*/ |
||||
|
||||
-/* for secure_getenv */ |
||||
-#define _GNU_SOURCE |
||||
#include "e_os.h" |
||||
#include <openssl/err.h> |
||||
#ifdef OPENSSL_FIPS |
||||
-# include <sys/types.h> |
||||
-# include <sys/stat.h> |
||||
-# include <fcntl.h> |
||||
-# include <unistd.h> |
||||
-# include <errno.h> |
||||
-# include <stdlib.h> |
||||
-# include <openssl/rand.h> |
||||
-# include <openssl/fips.h> |
||||
-# include "crypto/fips.h" |
||||
- |
||||
-# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" |
||||
- |
||||
-static void init_fips_mode(void) |
||||
-{ |
||||
- char buf[2] = "0"; |
||||
- int fd; |
||||
- |
||||
- if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { |
||||
- buf[0] = '1'; |
||||
- } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { |
||||
- while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; |
||||
- close(fd); |
||||
- } |
||||
- |
||||
- if (buf[0] != '1' && !FIPS_module_installed()) |
||||
- return; |
||||
- |
||||
- /* Ensure the selftests always run */ |
||||
- /* XXX: TO SOLVE - premature initialization due to selftests */ |
||||
- FIPS_mode_set(1); |
||||
- |
||||
- /* Failure reading the fips mode switch file means just not |
||||
- * switching into FIPS mode. We would break too many things |
||||
- * otherwise.. |
||||
- */ |
||||
- |
||||
- if (buf[0] != '1') { |
||||
- /* drop down to non-FIPS mode if it is not requested */ |
||||
- FIPS_mode_set(0); |
||||
- } else { |
||||
- /* abort if selftest failed */ |
||||
- FIPS_selftest_check(); |
||||
- } |
||||
-} |
||||
|
||||
/* |
||||
* Perform FIPS module power on selftest and automatic FIPS mode switch. |
||||
@@ -63,11 +17,6 @@ static void init_fips_mode(void) |
||||
|
||||
void __attribute__ ((constructor)) OPENSSL_init_library(void) |
||||
{ |
||||
- static int done = 0; |
||||
- if (done) |
||||
- return; |
||||
- done = 1; |
||||
- init_fips_mode(); |
||||
} |
||||
#endif |
||||
|
@ -0,0 +1,91 @@
@@ -0,0 +1,91 @@
|
||||
diff -up openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_client.c |
||||
--- openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200 |
||||
+++ openssl-1.1.1-pre8/apps/s_client.c 2018-07-16 18:16:40.070186323 +0200 |
||||
@@ -1681,6 +1681,9 @@ int s_client_main(int argc, char **argv) |
||||
if (sdebug) |
||||
ssl_ctx_security_debug(ctx, sdebug); |
||||
|
||||
+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION) |
||||
+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); |
||||
+ |
||||
if (!config_ctx(cctx, ssl_args, ctx)) |
||||
goto end; |
||||
|
||||
diff -up openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_server.c |
||||
--- openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200 |
||||
+++ openssl-1.1.1-pre8/apps/s_server.c 2018-07-16 18:17:17.300055551 +0200 |
||||
@@ -1760,6 +1760,9 @@ int s_server_main(int argc, char *argv[] |
||||
if (sdebug) |
||||
ssl_ctx_security_debug(ctx, sdebug); |
||||
|
||||
+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION) |
||||
+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); |
||||
+ |
||||
if (!config_ctx(cctx, ssl_args, ctx)) |
||||
goto end; |
||||
|
||||
diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.1-pre8/ssl/ssl_lib.c |
||||
--- openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 2018-06-20 16:48:13.000000000 +0200 |
||||
+++ openssl-1.1.1-pre8/ssl/ssl_lib.c 2018-07-16 18:08:20.001487652 +0200 |
||||
@@ -3016,6 +3016,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m |
||||
*/ |
||||
ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT; |
||||
|
||||
+ if (meth->version != SSL3_VERSION) { |
||||
+ /* |
||||
+ * Disable SSLv3 by default. Applications can |
||||
+ * re-enable it by configuring |
||||
+ * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); |
||||
+ * or by using the SSL_CONF API. |
||||
+ */ |
||||
+ ret->options |= SSL_OP_NO_SSLv3; |
||||
+ } |
||||
+ |
||||
ret->ext.status_type = TLSEXT_STATUSTYPE_nothing; |
||||
|
||||
/* |
||||
diff -up openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 openssl-1.1.1-pre8/test/ssl_test.c |
||||
--- openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200 |
||||
+++ openssl-1.1.1-pre8/test/ssl_test.c 2018-07-16 18:18:34.806865121 +0200 |
||||
@@ -443,6 +443,7 @@ static int test_handshake(int idx) |
||||
SSL_TEST_SERVERNAME_CB_NONE) { |
||||
if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method()))) |
||||
goto err; |
||||
+ SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3); |
||||
if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, |
||||
TLS_MAX_VERSION))) |
||||
goto err; |
||||
@@ -464,6 +465,8 @@ static int test_handshake(int idx) |
||||
if (!TEST_ptr(resume_server_ctx) |
||||
|| !TEST_ptr(resume_client_ctx)) |
||||
goto err; |
||||
+ SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3); |
||||
+ SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3); |
||||
} |
||||
} |
||||
|
||||
@@ -477,6 +480,9 @@ static int test_handshake(int idx) |
||||
|| !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0)) |
||||
goto err; |
||||
|
||||
+ SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3); |
||||
+ SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3); |
||||
+ |
||||
if (!SSL_CTX_config(server_ctx, "server") |
||||
|| !SSL_CTX_config(client_ctx, "client")) { |
||||
goto err; |
||||
diff -up openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 openssl-1.1.1-pre8/test/ssltest_old.c |
||||
--- openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200 |
||||
+++ openssl-1.1.1-pre8/test/ssltest_old.c 2018-07-16 18:08:20.002487676 +0200 |
||||
@@ -1358,6 +1358,11 @@ int main(int argc, char *argv[]) |
||||
ERR_print_errors(bio_err); |
||||
goto end; |
||||
} |
||||
+ |
||||
+ SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3); |
||||
+ SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3); |
||||
+ SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3); |
||||
+ |
||||
/* |
||||
* Since we will use low security ciphersuites and keys for testing set |
||||
* security level to zero by default. Tests can override this by adding |
@ -0,0 +1,266 @@
@@ -0,0 +1,266 @@
|
||||
diff -up openssl-1.1.1h/apps/speed.c.curves openssl-1.1.1h/apps/speed.c |
||||
--- openssl-1.1.1h/apps/speed.c.curves 2020-09-22 14:55:07.000000000 +0200 |
||||
+++ openssl-1.1.1h/apps/speed.c 2020-11-06 13:27:15.659288431 +0100 |
||||
@@ -490,90 +490,30 @@ static double rsa_results[RSA_NUM][2]; |
||||
#endif /* OPENSSL_NO_RSA */ |
||||
|
||||
enum { |
||||
- R_EC_P160, |
||||
- R_EC_P192, |
||||
R_EC_P224, |
||||
R_EC_P256, |
||||
R_EC_P384, |
||||
R_EC_P521, |
||||
-#ifndef OPENSSL_NO_EC2M |
||||
- R_EC_K163, |
||||
- R_EC_K233, |
||||
- R_EC_K283, |
||||
- R_EC_K409, |
||||
- R_EC_K571, |
||||
- R_EC_B163, |
||||
- R_EC_B233, |
||||
- R_EC_B283, |
||||
- R_EC_B409, |
||||
- R_EC_B571, |
||||
-#endif |
||||
- R_EC_BRP256R1, |
||||
- R_EC_BRP256T1, |
||||
- R_EC_BRP384R1, |
||||
- R_EC_BRP384T1, |
||||
- R_EC_BRP512R1, |
||||
- R_EC_BRP512T1, |
||||
R_EC_X25519, |
||||
R_EC_X448 |
||||
}; |
||||
|
||||
#ifndef OPENSSL_NO_EC |
||||
static OPT_PAIR ecdsa_choices[] = { |
||||
- {"ecdsap160", R_EC_P160}, |
||||
- {"ecdsap192", R_EC_P192}, |
||||
{"ecdsap224", R_EC_P224}, |
||||
{"ecdsap256", R_EC_P256}, |
||||
{"ecdsap384", R_EC_P384}, |
||||
{"ecdsap521", R_EC_P521}, |
||||
-# ifndef OPENSSL_NO_EC2M |
||||
- {"ecdsak163", R_EC_K163}, |
||||
- {"ecdsak233", R_EC_K233}, |
||||
- {"ecdsak283", R_EC_K283}, |
||||
- {"ecdsak409", R_EC_K409}, |
||||
- {"ecdsak571", R_EC_K571}, |
||||
- {"ecdsab163", R_EC_B163}, |
||||
- {"ecdsab233", R_EC_B233}, |
||||
- {"ecdsab283", R_EC_B283}, |
||||
- {"ecdsab409", R_EC_B409}, |
||||
- {"ecdsab571", R_EC_B571}, |
||||
-# endif |
||||
- {"ecdsabrp256r1", R_EC_BRP256R1}, |
||||
- {"ecdsabrp256t1", R_EC_BRP256T1}, |
||||
- {"ecdsabrp384r1", R_EC_BRP384R1}, |
||||
- {"ecdsabrp384t1", R_EC_BRP384T1}, |
||||
- {"ecdsabrp512r1", R_EC_BRP512R1}, |
||||
- {"ecdsabrp512t1", R_EC_BRP512T1} |
||||
}; |
||||
# define ECDSA_NUM OSSL_NELEM(ecdsa_choices) |
||||
|
||||
static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */ |
||||
|
||||
static const OPT_PAIR ecdh_choices[] = { |
||||
- {"ecdhp160", R_EC_P160}, |
||||
- {"ecdhp192", R_EC_P192}, |
||||
{"ecdhp224", R_EC_P224}, |
||||
{"ecdhp256", R_EC_P256}, |
||||
{"ecdhp384", R_EC_P384}, |
||||
{"ecdhp521", R_EC_P521}, |
||||
-# ifndef OPENSSL_NO_EC2M |
||||
- {"ecdhk163", R_EC_K163}, |
||||
- {"ecdhk233", R_EC_K233}, |
||||
- {"ecdhk283", R_EC_K283}, |
||||
- {"ecdhk409", R_EC_K409}, |
||||
- {"ecdhk571", R_EC_K571}, |
||||
- {"ecdhb163", R_EC_B163}, |
||||
- {"ecdhb233", R_EC_B233}, |
||||
- {"ecdhb283", R_EC_B283}, |
||||
- {"ecdhb409", R_EC_B409}, |
||||
- {"ecdhb571", R_EC_B571}, |
||||
-# endif |
||||
- {"ecdhbrp256r1", R_EC_BRP256R1}, |
||||
- {"ecdhbrp256t1", R_EC_BRP256T1}, |
||||
- {"ecdhbrp384r1", R_EC_BRP384R1}, |
||||
- {"ecdhbrp384t1", R_EC_BRP384T1}, |
||||
- {"ecdhbrp512r1", R_EC_BRP512R1}, |
||||
- {"ecdhbrp512t1", R_EC_BRP512T1}, |
||||
{"ecdhx25519", R_EC_X25519}, |
||||
{"ecdhx448", R_EC_X448} |
||||
}; |
||||
@@ -1502,31 +1442,10 @@ int speed_main(int argc, char **argv) |
||||
unsigned int bits; |
||||
} test_curves[] = { |
||||
/* Prime Curves */ |
||||
- {"secp160r1", NID_secp160r1, 160}, |
||||
- {"nistp192", NID_X9_62_prime192v1, 192}, |
||||
{"nistp224", NID_secp224r1, 224}, |
||||
{"nistp256", NID_X9_62_prime256v1, 256}, |
||||
{"nistp384", NID_secp384r1, 384}, |
||||
{"nistp521", NID_secp521r1, 521}, |
||||
-# ifndef OPENSSL_NO_EC2M |
||||
- /* Binary Curves */ |
||||
- {"nistk163", NID_sect163k1, 163}, |
||||
- {"nistk233", NID_sect233k1, 233}, |
||||
- {"nistk283", NID_sect283k1, 283}, |
||||
- {"nistk409", NID_sect409k1, 409}, |
||||
- {"nistk571", NID_sect571k1, 571}, |
||||
- {"nistb163", NID_sect163r2, 163}, |
||||
- {"nistb233", NID_sect233r1, 233}, |
||||
- {"nistb283", NID_sect283r1, 283}, |
||||
- {"nistb409", NID_sect409r1, 409}, |
||||
- {"nistb571", NID_sect571r1, 571}, |
||||
-# endif |
||||
- {"brainpoolP256r1", NID_brainpoolP256r1, 256}, |
||||
- {"brainpoolP256t1", NID_brainpoolP256t1, 256}, |
||||
- {"brainpoolP384r1", NID_brainpoolP384r1, 384}, |
||||
- {"brainpoolP384t1", NID_brainpoolP384t1, 384}, |
||||
- {"brainpoolP512r1", NID_brainpoolP512r1, 512}, |
||||
- {"brainpoolP512t1", NID_brainpoolP512t1, 512}, |
||||
/* Other and ECDH only ones */ |
||||
{"X25519", NID_X25519, 253}, |
||||
{"X448", NID_X448, 448} |
||||
@@ -2026,9 +1945,9 @@ int speed_main(int argc, char **argv) |
||||
# endif |
||||
|
||||
# ifndef OPENSSL_NO_EC |
||||
- ecdsa_c[R_EC_P160][0] = count / 1000; |
||||
- ecdsa_c[R_EC_P160][1] = count / 1000 / 2; |
||||
- for (i = R_EC_P192; i <= R_EC_P521; i++) { |
||||
+ ecdsa_c[R_EC_P224][0] = count / 1000; |
||||
+ ecdsa_c[R_EC_P224][1] = count / 1000 / 2; |
||||
+ for (i = R_EC_P256; i <= R_EC_P521; i++) { |
||||
ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2; |
||||
ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2; |
||||
if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0) |
||||
@@ -2040,7 +1959,7 @@ int speed_main(int argc, char **argv) |
||||
} |
||||
} |
||||
} |
||||
-# ifndef OPENSSL_NO_EC2M |
||||
+# if 0 |
||||
ecdsa_c[R_EC_K163][0] = count / 1000; |
||||
ecdsa_c[R_EC_K163][1] = count / 1000 / 2; |
||||
for (i = R_EC_K233; i <= R_EC_K571; i++) { |
||||
@@ -2071,8 +1990,8 @@ int speed_main(int argc, char **argv) |
||||
} |
||||
# endif |
||||
|
||||
- ecdh_c[R_EC_P160][0] = count / 1000; |
||||
- for (i = R_EC_P192; i <= R_EC_P521; i++) { |
||||
+ ecdh_c[R_EC_P224][0] = count / 1000; |
||||
+ for (i = R_EC_P256; i <= R_EC_P521; i++) { |
||||
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2; |
||||
if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0) |
||||
ecdh_doit[i] = 0; |
||||
@@ -2082,7 +2001,7 @@ int speed_main(int argc, char **argv) |
||||
} |
||||
} |
||||
} |
||||
-# ifndef OPENSSL_NO_EC2M |
||||
+# if 0 |
||||
ecdh_c[R_EC_K163][0] = count / 1000; |
||||
for (i = R_EC_K233; i <= R_EC_K571; i++) { |
||||
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2; |
||||
diff -up openssl-1.1.1h/crypto/ec/ecp_smpl.c.curves openssl-1.1.1h/crypto/ec/ecp_smpl.c |
||||
--- openssl-1.1.1h/crypto/ec/ecp_smpl.c.curves 2020-09-22 14:55:07.000000000 +0200 |
||||
+++ openssl-1.1.1h/crypto/ec/ecp_smpl.c 2020-11-06 13:27:15.659288431 +0100 |
||||
@@ -145,6 +145,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO |
||||
return 0; |
||||
} |
||||
|
||||
+ if (BN_num_bits(p) < 224) { |
||||
+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); |
||||
+ return 0; |
||||
+ } |
||||
+ |
||||
if (ctx == NULL) { |
||||
ctx = new_ctx = BN_CTX_new(); |
||||
if (ctx == NULL) |
||||
diff -up openssl-1.1.1h/test/ecdsatest.h.curves openssl-1.1.1h/test/ecdsatest.h |
||||
--- openssl-1.1.1h/test/ecdsatest.h.curves 2020-11-06 13:27:15.627288114 +0100 |
||||
+++ openssl-1.1.1h/test/ecdsatest.h 2020-11-06 13:27:15.660288441 +0100 |
||||
@@ -32,23 +32,6 @@ typedef struct { |
||||
} ecdsa_cavs_kat_t; |
||||
|
||||
static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = { |
||||
- /* prime KATs from X9.62 */ |
||||
- {NID_X9_62_prime192v1, NID_sha1, |
||||
- "616263", /* "abc" */ |
||||
- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb", |
||||
- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e" |
||||
- "5ca5c0d69716dfcb3474373902", |
||||
- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e", |
||||
- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead", |
||||
- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"}, |
||||
- {NID_X9_62_prime239v1, NID_sha1, |
||||
- "616263", /* "abc" */ |
||||
- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d", |
||||
- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e" |
||||
- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee", |
||||
- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", |
||||
- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0", |
||||
- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"}, |
||||
/* prime KATs from NIST CAVP */ |
||||
{NID_secp224r1, NID_sha224, |
||||
"699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" |
||||
--- openssl-1.1.1h/test/recipes/15-test_genec.t.ec-curves 2020-11-06 13:58:36.402895540 +0100 |
||||
+++ openssl-1.1.1h/test/recipes/15-test_genec.t 2020-11-06 13:59:38.508484498 +0100 |
||||
@@ -20,45 +20,11 @@ plan skip_all => "This test is unsupport |
||||
if disabled("ec"); |
||||
|
||||
my @prime_curves = qw( |
||||
- secp112r1 |
||||
- secp112r2 |
||||
- secp128r1 |
||||
- secp128r2 |
||||
- secp160k1 |
||||
- secp160r1 |
||||
- secp160r2 |
||||
- secp192k1 |
||||
- secp224k1 |
||||
secp224r1 |
||||
secp256k1 |
||||
secp384r1 |
||||
secp521r1 |
||||
- prime192v1 |
||||
- prime192v2 |
||||
- prime192v3 |
||||
- prime239v1 |
||||
- prime239v2 |
||||
- prime239v3 |
||||
prime256v1 |
||||
- wap-wsg-idm-ecid-wtls6 |
||||
- wap-wsg-idm-ecid-wtls7 |
||||
- wap-wsg-idm-ecid-wtls8 |
||||
- wap-wsg-idm-ecid-wtls9 |
||||
- wap-wsg-idm-ecid-wtls12 |
||||
- brainpoolP160r1 |
||||
- brainpoolP160t1 |
||||
- brainpoolP192r1 |
||||
- brainpoolP192t1 |
||||
- brainpoolP224r1 |
||||
- brainpoolP224t1 |
||||
- brainpoolP256r1 |
||||
- brainpoolP256t1 |
||||
- brainpoolP320r1 |
||||
- brainpoolP320t1 |
||||
- brainpoolP384r1 |
||||
- brainpoolP384t1 |
||||
- brainpoolP512r1 |
||||
- brainpoolP512t1 |
||||
); |
||||
|
||||
my @binary_curves = qw( |
||||
@@ -115,7 +81,6 @@ push(@other_curves, 'SM2') |
||||
if !disabled("sm2"); |
||||
|
||||
my @curve_aliases = qw( |
||||
- P-192 |
||||
P-224 |
||||
P-256 |
||||
P-384 |
@ -0,0 +1,57 @@
@@ -0,0 +1,57 @@
|
||||
diff -up openssl-1.1.1g/crypto/evp/pkey_kdf.c.edk2-build openssl-1.1.1g/crypto/evp/pkey_kdf.c |
||||
--- openssl-1.1.1g/crypto/evp/pkey_kdf.c.edk2-build 2020-05-18 12:55:53.299548432 +0200 |
||||
+++ openssl-1.1.1g/crypto/evp/pkey_kdf.c 2020-05-18 12:55:53.340548788 +0200 |
||||
@@ -12,6 +12,7 @@ |
||||
#include <openssl/evp.h> |
||||
#include <openssl/err.h> |
||||
#include <openssl/kdf.h> |
||||
+#include "internal/numbers.h" |
||||
#include "crypto/evp.h" |
||||
|
||||
static int pkey_kdf_init(EVP_PKEY_CTX *ctx) |
||||
diff -up openssl-1.1.1g/crypto/kdf/hkdf.c.edk2-build openssl-1.1.1g/crypto/kdf/hkdf.c |
||||
--- openssl-1.1.1g/crypto/kdf/hkdf.c.edk2-build 2020-05-18 12:55:53.340548788 +0200 |
||||
+++ openssl-1.1.1g/crypto/kdf/hkdf.c 2020-05-18 12:57:18.648288904 +0200 |
||||
@@ -13,6 +13,7 @@ |
||||
#include <openssl/hmac.h> |
||||
#include <openssl/kdf.h> |
||||
#include <openssl/evp.h> |
||||
+#include "internal/numbers.h" |
||||
#include "internal/cryptlib.h" |
||||
#include "crypto/evp.h" |
||||
#include "kdf_local.h" |
||||
diff -up openssl-1.1.1g/crypto/rand/rand_unix.c.edk2-build openssl-1.1.1g/crypto/rand/rand_unix.c |
||||
--- openssl-1.1.1g/crypto/rand/rand_unix.c.edk2-build 2020-05-18 12:56:05.646655554 +0200 |
||||
+++ openssl-1.1.1g/crypto/rand/rand_unix.c 2020-05-18 12:58:51.088090896 +0200 |
||||
@@ -20,7 +20,7 @@ |
||||
#include "crypto/fips.h" |
||||
#include <stdio.h> |
||||
#include "internal/dso.h" |
||||
-#ifdef __linux |
||||
+#if defined(__linux) && !defined(OPENSSL_SYS_UEFI) |
||||
# include <sys/syscall.h> |
||||
# include <sys/random.h> |
||||
# ifdef DEVRANDOM_WAIT |
||||
diff -up openssl-1.1.1g/include/crypto/fips.h.edk2-build openssl-1.1.1g/include/crypto/fips.h |
||||
--- openssl-1.1.1g/include/crypto/fips.h.edk2-build 2020-05-18 12:55:53.296548406 +0200 |
||||
+++ openssl-1.1.1g/include/crypto/fips.h 2020-05-18 12:55:53.340548788 +0200 |
||||
@@ -50,10 +50,6 @@ |
||||
#include <openssl/opensslconf.h> |
||||
#include <openssl/evp.h> |
||||
|
||||
-#ifndef OPENSSL_FIPS |
||||
-# error FIPS is disabled. |
||||
-#endif |
||||
- |
||||
#ifdef OPENSSL_FIPS |
||||
|
||||
int FIPS_module_mode_set(int onoff); |
||||
@@ -97,4 +93,8 @@ void fips_set_selftest_fail(void); |
||||
|
||||
void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); |
||||
|
||||
+#else |
||||
+ |
||||
+# define fips_in_post() 0 |
||||
+ |
||||
#endif |
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,408 @@
@@ -0,0 +1,408 @@
|
||||
diff -up openssl-1.1.1g/crypto/rand/build.info.crng-test openssl-1.1.1g/crypto/rand/build.info |
||||
--- openssl-1.1.1g/crypto/rand/build.info.crng-test 2020-04-23 13:30:45.863389837 +0200 |
||||
+++ openssl-1.1.1g/crypto/rand/build.info 2020-04-23 13:31:55.847069892 +0200 |
||||
@@ -1,6 +1,6 @@ |
||||
LIBS=../../libcrypto |
||||
SOURCE[../../libcrypto]=\ |
||||
- randfile.c rand_lib.c rand_err.c rand_egd.c \ |
||||
+ randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \ |
||||
rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c |
||||
|
||||
INCLUDE[drbg_ctr.o]=../modes |
||||
diff -up openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1g/crypto/rand/drbg_lib.c |
||||
--- openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test 2020-04-23 13:30:45.818390686 +0200 |
||||
+++ openssl-1.1.1g/crypto/rand/drbg_lib.c 2020-04-23 13:30:45.864389819 +0200 |
||||
@@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg; |
||||
|
||||
|
||||
/* NIST SP 800-90A DRBG recommends the use of a personalization string. */ |
||||
-static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG"; |
||||
+static const char ossl_pers_string[] = DRBG_DEFAULT_PERS_STRING; |
||||
|
||||
static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT; |
||||
|
||||
@@ -201,8 +201,13 @@ static RAND_DRBG *rand_drbg_new(int secu |
||||
drbg->parent = parent; |
||||
|
||||
if (parent == NULL) { |
||||
+#ifdef OPENSSL_FIPS |
||||
+ drbg->get_entropy = rand_crngt_get_entropy; |
||||
+ drbg->cleanup_entropy = rand_crngt_cleanup_entropy; |
||||
+#else |
||||
drbg->get_entropy = rand_drbg_get_entropy; |
||||
drbg->cleanup_entropy = rand_drbg_cleanup_entropy; |
||||
+#endif |
||||
#ifndef RAND_DRBG_GET_RANDOM_NONCE |
||||
drbg->get_nonce = rand_drbg_get_nonce; |
||||
drbg->cleanup_nonce = rand_drbg_cleanup_nonce; |
||||
diff -up openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1g/crypto/rand/rand_crng_test.c |
||||
--- openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test 2020-04-23 13:30:45.864389819 +0200 |
||||
+++ openssl-1.1.1g/crypto/rand/rand_crng_test.c 2020-04-23 13:30:45.864389819 +0200 |
||||
@@ -0,0 +1,118 @@ |
||||
+/* |
||||
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. |
||||
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. |
||||
+ * |
||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use |
||||
+ * this file except in compliance with the License. You can obtain a copy |
||||
+ * in the file LICENSE in the source distribution or at |
||||
+ * https://www.openssl.org/source/license.html |
||||
+ */ |
||||
+ |
||||
+/* |
||||
+ * Implementation of the FIPS 140-2 section 4.9.2 Conditional Tests. |
||||
+ */ |
||||
+ |
||||
+#include <string.h> |
||||
+#include <openssl/evp.h> |
||||
+#include "crypto/rand.h" |
||||
+#include "internal/thread_once.h" |
||||
+#include "rand_local.h" |
||||
+ |
||||
+static RAND_POOL *crngt_pool; |
||||
+static unsigned char crngt_prev[EVP_MAX_MD_SIZE]; |
||||
+ |
||||
+int (*crngt_get_entropy)(unsigned char *, unsigned char *, unsigned int *) |
||||
+ = &rand_crngt_get_entropy_cb; |
||||
+ |
||||
+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md, |
||||
+ unsigned int *md_size) |
||||
+{ |
||||
+ int r; |
||||
+ size_t n; |
||||
+ unsigned char *p; |
||||
+ |
||||
+ n = rand_pool_acquire_entropy(crngt_pool); |
||||
+ if (n >= CRNGT_BUFSIZ) { |
||||
+ p = rand_pool_detach(crngt_pool); |
||||
+ r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL); |
||||
+ if (r != 0) |
||||
+ memcpy(buf, p, CRNGT_BUFSIZ); |
||||
+ rand_pool_reattach(crngt_pool, p); |
||||
+ return r; |
||||
+ } |
||||
+ return 0; |
||||
+} |
||||
+ |
||||
+void rand_crngt_cleanup(void) |
||||
+{ |
||||
+ rand_pool_free(crngt_pool); |
||||
+ crngt_pool = NULL; |
||||
+} |
||||
+ |
||||
+int rand_crngt_init(void) |
||||
+{ |
||||
+ unsigned char buf[CRNGT_BUFSIZ]; |
||||
+ |
||||
+ if ((crngt_pool = rand_pool_new(0, 1, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL) |
||||
+ return 0; |
||||
+ if (crngt_get_entropy(buf, crngt_prev, NULL)) { |
||||
+ OPENSSL_cleanse(buf, sizeof(buf)); |
||||
+ return 1; |
||||
+ } |
||||
+ rand_crngt_cleanup(); |
||||
+ return 0; |
||||
+} |
||||
+ |
||||
+static CRYPTO_ONCE rand_crngt_init_flag = CRYPTO_ONCE_STATIC_INIT; |
||||
+DEFINE_RUN_ONCE_STATIC(do_rand_crngt_init) |
||||
+{ |
||||
+ return OPENSSL_init_crypto(0, NULL) |
||||
+ && rand_crngt_init() |
||||
+ && OPENSSL_atexit(&rand_crngt_cleanup); |
||||
+} |
||||
+ |
||||
+int rand_crngt_single_init(void) |
||||
+{ |
||||
+ return RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init); |
||||
+} |
||||
+ |
||||
+size_t rand_crngt_get_entropy(RAND_DRBG *drbg, |
||||
+ unsigned char **pout, |
||||
+ int entropy, size_t min_len, size_t max_len, |
||||
+ int prediction_resistance) |
||||
+{ |
||||
+ unsigned char buf[CRNGT_BUFSIZ], md[EVP_MAX_MD_SIZE]; |
||||
+ unsigned int sz; |
||||
+ RAND_POOL *pool; |
||||
+ size_t q, r = 0, s, t = 0; |
||||
+ int attempts = 3; |
||||
+ |
||||
+ if (!RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init)) |
||||
+ return 0; |
||||
+ |
||||
+ if ((pool = rand_pool_new(entropy, 1, min_len, max_len)) == NULL) |
||||
+ return 0; |
||||
+ |
||||
+ while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) { |
||||
+ s = q > sizeof(buf) ? sizeof(buf) : q; |
||||
+ if (!crngt_get_entropy(buf, md, &sz) |
||||
+ || memcmp(crngt_prev, md, sz) == 0 |
||||
+ || !rand_pool_add(pool, buf, s, s * 8)) |
||||
+ goto err; |
||||
+ memcpy(crngt_prev, md, sz); |
||||
+ t += s; |
||||
+ attempts++; |
||||
+ } |
||||
+ r = t; |
||||
+ *pout = rand_pool_detach(pool); |
||||
+err: |
||||
+ OPENSSL_cleanse(buf, sizeof(buf)); |
||||
+ rand_pool_free(pool); |
||||
+ return r; |
||||
+} |
||||
+ |
||||
+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg, |
||||
+ unsigned char *out, size_t outlen) |
||||
+{ |
||||
+ OPENSSL_secure_clear_free(out, outlen); |
||||
+} |
||||
diff -up openssl-1.1.1g/crypto/rand/rand_local.h.crng-test openssl-1.1.1g/crypto/rand/rand_local.h |
||||
--- openssl-1.1.1g/crypto/rand/rand_local.h.crng-test 2020-04-23 13:30:45.470397250 +0200 |
||||
+++ openssl-1.1.1g/crypto/rand/rand_local.h 2020-04-23 13:30:45.864389819 +0200 |
||||
@@ -33,7 +33,15 @@ |
||||
# define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */ |
||||
# define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */ |
||||
|
||||
- |
||||
+/* |
||||
+ * The number of bytes that constitutes an atomic lump of entropy with respect |
||||
+ * to the FIPS 140-2 section 4.9.2 Conditional Tests. The size is somewhat |
||||
+ * arbitrary, the smaller the value, the less entropy is consumed on first |
||||
+ * read but the higher the probability of the test failing by accident. |
||||
+ * |
||||
+ * The value is in bytes. |
||||
+ */ |
||||
+#define CRNGT_BUFSIZ 16 |
||||
|
||||
/* |
||||
* Maximum input size for the DRBG (entropy, nonce, personalization string) |
||||
@@ -44,6 +52,8 @@ |
||||
*/ |
||||
# define DRBG_MAX_LENGTH INT32_MAX |
||||
|
||||
+/* The default nonce */ |
||||
+# define DRBG_DEFAULT_PERS_STRING "OpenSSL NIST SP 800-90A DRBG" |
||||
|
||||
/* |
||||
* Maximum allocation size for RANDOM_POOL buffers |
||||
@@ -296,4 +306,22 @@ int rand_drbg_enable_locking(RAND_DRBG * |
||||
/* initializes the AES-CTR DRBG implementation */ |
||||
int drbg_ctr_init(RAND_DRBG *drbg); |
||||
|
||||
+/* |
||||
+ * Entropy call back for the FIPS 140-2 section 4.9.2 Conditional Tests. |
||||
+ * These need to be exposed for the unit tests. |
||||
+ */ |
||||
+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md, |
||||
+ unsigned int *md_size); |
||||
+extern int (*crngt_get_entropy)(unsigned char *buf, unsigned char *md, |
||||
+ unsigned int *md_size); |
||||
+int rand_crngt_init(void); |
||||
+void rand_crngt_cleanup(void); |
||||
+ |
||||
+/* |
||||
+ * Expose the run once initialisation function for the unit tests because. |
||||
+ * they need to restart from scratch to validate the first block is skipped |
||||
+ * properly. |
||||
+ */ |
||||
+int rand_crngt_single_init(void); |
||||
+ |
||||
#endif |
||||
diff -up openssl-1.1.1g/include/crypto/rand.h.crng-test openssl-1.1.1g/include/crypto/rand.h |
||||
--- openssl-1.1.1g/include/crypto/rand.h.crng-test 2020-04-23 13:30:45.824390573 +0200 |
||||
+++ openssl-1.1.1g/include/crypto/rand.h 2020-04-23 13:30:45.864389819 +0200 |
||||
@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN |
||||
|
||||
void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out); |
||||
|
||||
+/* CRNG test entropy filter callbacks. */ |
||||
+size_t rand_crngt_get_entropy(RAND_DRBG *drbg, |
||||
+ unsigned char **pout, |
||||
+ int entropy, size_t min_len, size_t max_len, |
||||
+ int prediction_resistance); |
||||
+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg, |
||||
+ unsigned char *out, size_t outlen); |
||||
+ |
||||
/* |
||||
* RAND_POOL functions |
||||
*/ |
||||
diff -up openssl-1.1.1g/test/drbgtest.c.crng-test openssl-1.1.1g/test/drbgtest.c |
||||
--- openssl-1.1.1g/test/drbgtest.c.crng-test 2020-04-21 14:22:39.000000000 +0200 |
||||
+++ openssl-1.1.1g/test/drbgtest.c 2020-04-23 13:30:45.865389800 +0200 |
||||
@@ -150,6 +150,31 @@ static size_t kat_nonce(RAND_DRBG *drbg, |
||||
return t->noncelen; |
||||
} |
||||
|
||||
+ /* |
||||
+ * Disable CRNG testing if it is enabled. |
||||
+ * If the DRBG is ready or in an error state, this means an instantiate cycle |
||||
+ * for which the default personalisation string is used. |
||||
+ */ |
||||
+static int disable_crngt(RAND_DRBG *drbg) |
||||
+{ |
||||
+ static const char pers[] = DRBG_DEFAULT_PERS_STRING; |
||||
+ const int instantiate = drbg->state != DRBG_UNINITIALISED; |
||||
+ |
||||
+ if (drbg->get_entropy != rand_crngt_get_entropy) |
||||
+ return 1; |
||||
+ |
||||
+ if ((instantiate && !RAND_DRBG_uninstantiate(drbg)) |
||||
+ || !TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_drbg_get_entropy, |
||||
+ &rand_drbg_cleanup_entropy, |
||||
+ &rand_drbg_get_nonce, |
||||
+ &rand_drbg_cleanup_nonce)) |
||||
+ || (instantiate |
||||
+ && !RAND_DRBG_instantiate(drbg, (const unsigned char *)pers, |
||||
+ sizeof(pers) - 1))) |
||||
+ return 0; |
||||
+ return 1; |
||||
+} |
||||
+ |
||||
static int uninstantiate(RAND_DRBG *drbg) |
||||
{ |
||||
int ret = drbg == NULL ? 1 : RAND_DRBG_uninstantiate(drbg); |
||||
@@ -175,7 +200,8 @@ static int single_kat(DRBG_SELFTEST_DATA |
||||
if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL))) |
||||
return 0; |
||||
if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL, |
||||
- kat_nonce, NULL))) { |
||||
+ kat_nonce, NULL)) |
||||
+ || !TEST_true(disable_crngt(drbg))) { |
||||
failures++; |
||||
goto err; |
||||
} |
||||
@@ -293,7 +319,8 @@ static int error_check(DRBG_SELFTEST_DAT |
||||
unsigned int reseed_counter_tmp; |
||||
int ret = 0; |
||||
|
||||
- if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL))) |
||||
+ if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL)) |
||||
+ || !TEST_true(disable_crngt(drbg))) |
||||
goto err; |
||||
|
||||
/* |
||||
@@ -740,6 +767,10 @@ static int test_rand_drbg_reseed(void) |
||||
|| !TEST_ptr_eq(private->parent, master)) |
||||
return 0; |
||||
|
||||
+ /* Disable CRNG testing for the master DRBG */ |
||||
+ if (!TEST_true(disable_crngt(master))) |
||||
+ return 0; |
||||
+ |
||||
/* uninstantiate the three global DRBGs */ |
||||
RAND_DRBG_uninstantiate(private); |
||||
RAND_DRBG_uninstantiate(public); |
||||
@@ -964,7 +995,8 @@ static int test_rand_seed(void) |
||||
size_t rand_buflen; |
||||
size_t required_seed_buflen = 0; |
||||
|
||||
- if (!TEST_ptr(master = RAND_DRBG_get0_master())) |
||||
+ if (!TEST_ptr(master = RAND_DRBG_get0_master()) |
||||
+ || !TEST_true(disable_crngt(master))) |
||||
return 0; |
||||
|
||||
#ifdef OPENSSL_RAND_SEED_NONE |
||||
@@ -1013,6 +1045,95 @@ static int test_rand_add(void) |
||||
return 1; |
||||
} |
||||
|
||||
+/* |
||||
+ * A list of the FIPS DRGB types. |
||||
+ */ |
||||
+static const struct s_drgb_types { |
||||
+ int nid; |
||||
+ int flags; |
||||
+} drgb_types[] = { |
||||
+ { NID_aes_128_ctr, 0 }, |
||||
+ { NID_aes_192_ctr, 0 }, |
||||
+ { NID_aes_256_ctr, 0 }, |
||||
+}; |
||||
+ |
||||
+/* Six cases for each covers seed sizes up to 32 bytes */ |
||||
+static const size_t crngt_num_cases = 6; |
||||
+ |
||||
+static size_t crngt_case, crngt_idx; |
||||
+ |
||||
+static int crngt_entropy_cb(unsigned char *buf, unsigned char *md, |
||||
+ unsigned int *md_size) |
||||
+{ |
||||
+ size_t i, z; |
||||
+ |
||||
+ if (!TEST_int_lt(crngt_idx, crngt_num_cases)) |
||||
+ return 0; |
||||
+ /* Generate a block of unique data unless this is the duplication point */ |
||||
+ z = crngt_idx++; |
||||
+ if (z > 0 && crngt_case == z) |
||||
+ z--; |
||||
+ for (i = 0; i < CRNGT_BUFSIZ; i++) |
||||
+ buf[i] = (unsigned char)(i + 'A' + z); |
||||
+ return EVP_Digest(buf, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL); |
||||
+} |
||||
+ |
||||
+static int test_crngt(int n) |
||||
+{ |
||||
+ const struct s_drgb_types *dt = drgb_types + n / crngt_num_cases; |
||||
+ RAND_DRBG *drbg = NULL; |
||||
+ unsigned char buff[100]; |
||||
+ size_t ent; |
||||
+ int res = 0; |
||||
+ int expect; |
||||
+ |
||||
+ if (!TEST_true(rand_crngt_single_init())) |
||||
+ return 0; |
||||
+ rand_crngt_cleanup(); |
||||
+ |
||||
+ if (!TEST_ptr(drbg = RAND_DRBG_new(dt->nid, dt->flags, NULL))) |
||||
+ return 0; |
||||
+ ent = (drbg->min_entropylen + CRNGT_BUFSIZ - 1) / CRNGT_BUFSIZ; |
||||
+ crngt_case = n % crngt_num_cases; |
||||
+ crngt_idx = 0; |
||||
+ crngt_get_entropy = &crngt_entropy_cb; |
||||
+ if (!TEST_true(rand_crngt_init())) |
||||
+ goto err; |
||||
+#ifndef OPENSSL_FIPS |
||||
+ if (!TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_crngt_get_entropy, |
||||
+ &rand_crngt_cleanup_entropy, |
||||
+ &rand_drbg_get_nonce, |
||||
+ &rand_drbg_cleanup_nonce))) |
||||
+ goto err; |
||||
+#endif |
||||
+ expect = crngt_case == 0 || crngt_case > ent; |
||||
+ if (!TEST_int_eq(RAND_DRBG_instantiate(drbg, NULL, 0), expect)) |
||||
+ goto err; |
||||
+ if (!expect) |
||||
+ goto fin; |
||||
+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0))) |
||||
+ goto err; |
||||
+ |
||||
+ expect = crngt_case == 0 || crngt_case > 2 * ent; |
||||
+ if (!TEST_int_eq(RAND_DRBG_reseed(drbg, NULL, 0, 0), expect)) |
||||
+ goto err; |
||||
+ if (!expect) |
||||
+ goto fin; |
||||
+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0))) |
||||
+ goto err; |
||||
+ |
||||
+fin: |
||||
+ res = 1; |
||||
+err: |
||||
+ if (!res) |
||||
+ TEST_note("DRBG %zd case %zd block %zd", n / crngt_num_cases, |
||||
+ crngt_case, crngt_idx); |
||||
+ uninstantiate(drbg); |
||||
+ RAND_DRBG_free(drbg); |
||||
+ crngt_get_entropy = &rand_crngt_get_entropy_cb; |
||||
+ return res; |
||||
+} |
||||
+ |
||||
int setup_tests(void) |
||||
{ |
||||
app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL); |
||||
@@ -1025,5 +1146,6 @@ int setup_tests(void) |
||||
#if defined(OPENSSL_THREADS) |
||||
ADD_TEST(test_multi_thread); |
||||
#endif |
||||
+ ADD_ALL_TESTS(test_crngt, crngt_num_cases * OSSL_NELEM(drgb_types)); |
||||
return 1; |
||||
} |
@ -0,0 +1,200 @@
@@ -0,0 +1,200 @@
|
||||
diff -up openssl-1.1.1g/crypto/ec/ec_curve.c.fips-curves openssl-1.1.1g/crypto/ec/ec_curve.c |
||||
--- openssl-1.1.1g/crypto/ec/ec_curve.c.fips-curves 2020-05-18 12:59:54.839643980 +0200 |
||||
+++ openssl-1.1.1g/crypto/ec/ec_curve.c 2020-05-18 12:59:54.852644093 +0200 |
||||
@@ -13,6 +13,7 @@ |
||||
#include <openssl/err.h> |
||||
#include <openssl/obj_mac.h> |
||||
#include <openssl/opensslconf.h> |
||||
+#include <openssl/crypto.h> |
||||
#include "internal/nelem.h" |
||||
|
||||
typedef struct { |
||||
@@ -237,6 +238,7 @@ static const struct { |
||||
|
||||
typedef struct _ec_list_element_st { |
||||
int nid; |
||||
+ int fips_allowed; |
||||
const EC_CURVE_DATA *data; |
||||
const EC_METHOD *(*meth) (void); |
||||
const char *comment; |
||||
@@ -246,23 +248,23 @@ static const ec_list_element curve_list[ |
||||
/* prime field curves */ |
||||
/* secg curves */ |
||||
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 |
||||
- {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, |
||||
+ {NID_secp224r1, 1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, |
||||
"NIST/SECG curve over a 224 bit prime field"}, |
||||
#else |
||||
- {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, |
||||
+ {NID_secp224r1, 1, &_EC_NIST_PRIME_224.h, 0, |
||||
"NIST/SECG curve over a 224 bit prime field"}, |
||||
#endif |
||||
- {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, |
||||
+ {NID_secp256k1, 0, &_EC_SECG_PRIME_256K1.h, 0, |
||||
"SECG curve over a 256 bit prime field"}, |
||||
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ |
||||
- {NID_secp384r1, &_EC_NIST_PRIME_384.h, |
||||
+ {NID_secp384r1, 1, &_EC_NIST_PRIME_384.h, |
||||
# if defined(S390X_EC_ASM) |
||||
EC_GFp_s390x_nistp384_method, |
||||
# else |
||||
0, |
||||
# endif |
||||
"NIST/SECG curve over a 384 bit prime field"}, |
||||
- {NID_secp521r1, &_EC_NIST_PRIME_521.h, |
||||
+ {NID_secp521r1, 1, &_EC_NIST_PRIME_521.h, |
||||
# if defined(S390X_EC_ASM) |
||||
EC_GFp_s390x_nistp521_method, |
||||
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) |
||||
@@ -272,7 +274,7 @@ static const ec_list_element curve_list[ |
||||
# endif |
||||
"NIST/SECG curve over a 521 bit prime field"}, |
||||
/* X9.62 curves */ |
||||
- {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, |
||||
+ {NID_X9_62_prime256v1, 1, &_EC_X9_62_PRIME_256V1.h, |
||||
#if defined(ECP_NISTZ256_ASM) |
||||
EC_GFp_nistz256_method, |
||||
# elif defined(S390X_EC_ASM) |
||||
@@ -404,6 +406,10 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int |
||||
|
||||
for (i = 0; i < curve_list_length; i++) |
||||
if (curve_list[i].nid == nid) { |
||||
+ if (!curve_list[i].fips_allowed && FIPS_mode()) { |
||||
+ ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_NOT_A_NIST_PRIME); |
||||
+ return NULL; |
||||
+ } |
||||
ret = ec_group_new_from_data(curve_list[i]); |
||||
break; |
||||
} |
||||
@@ -418,19 +424,31 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int |
||||
|
||||
size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) |
||||
{ |
||||
- size_t i, min; |
||||
+ size_t i, j, num; |
||||
+ int fips_mode = FIPS_mode(); |
||||
|
||||
- if (r == NULL || nitems == 0) |
||||
- return curve_list_length; |
||||
+ num = curve_list_length; |
||||
+ if (fips_mode) |
||||
+ for (i = 0; i < curve_list_length; i++) { |
||||
+ if (!curve_list[i].fips_allowed) |
||||
+ --num; |
||||
+ } |
||||
|
||||
- min = nitems < curve_list_length ? nitems : curve_list_length; |
||||
+ if (r == NULL || nitems == 0) { |
||||
+ return num; |
||||
+ } |
||||
|
||||
- for (i = 0; i < min; i++) { |
||||
- r[i].nid = curve_list[i].nid; |
||||
- r[i].comment = curve_list[i].comment; |
||||
+ for (i = 0, j = 0; i < curve_list_length; i++) { |
||||
+ if (j >= nitems) |
||||
+ break; |
||||
+ if (!fips_mode || curve_list[i].fips_allowed) { |
||||
+ r[j].nid = curve_list[i].nid; |
||||
+ r[j].comment = curve_list[i].comment; |
||||
+ ++j; |
||||
+ } |
||||
} |
||||
|
||||
- return curve_list_length; |
||||
+ return num; |
||||
} |
||||
|
||||
/* Functions to translate between common NIST curve names and NIDs */ |
||||
diff -up openssl-1.1.1g/ssl/t1_lib.c.fips-curves openssl-1.1.1g/ssl/t1_lib.c |
||||
--- openssl-1.1.1g/ssl/t1_lib.c.fips-curves 2020-05-18 12:59:54.797643616 +0200 |
||||
+++ openssl-1.1.1g/ssl/t1_lib.c 2020-05-18 13:03:54.748725463 +0200 |
||||
@@ -678,6 +678,36 @@ static const uint16_t tls12_sigalgs[] = |
||||
#endif |
||||
}; |
||||
|
||||
+static const uint16_t tls12_fips_sigalgs[] = { |
||||
+#ifndef OPENSSL_NO_EC |
||||
+ TLSEXT_SIGALG_ecdsa_secp256r1_sha256, |
||||
+ TLSEXT_SIGALG_ecdsa_secp384r1_sha384, |
||||
+ TLSEXT_SIGALG_ecdsa_secp521r1_sha512, |
||||
+#endif |
||||
+ |
||||
+ TLSEXT_SIGALG_rsa_pss_pss_sha256, |
||||
+ TLSEXT_SIGALG_rsa_pss_pss_sha384, |
||||
+ TLSEXT_SIGALG_rsa_pss_pss_sha512, |
||||
+ TLSEXT_SIGALG_rsa_pss_rsae_sha256, |
||||
+ TLSEXT_SIGALG_rsa_pss_rsae_sha384, |
||||
+ TLSEXT_SIGALG_rsa_pss_rsae_sha512, |
||||
+ |
||||
+ TLSEXT_SIGALG_rsa_pkcs1_sha256, |
||||
+ TLSEXT_SIGALG_rsa_pkcs1_sha384, |
||||
+ TLSEXT_SIGALG_rsa_pkcs1_sha512, |
||||
+ |
||||
+#ifndef OPENSSL_NO_EC |
||||
+ TLSEXT_SIGALG_ecdsa_sha224, |
||||
+#endif |
||||
+ TLSEXT_SIGALG_rsa_pkcs1_sha224, |
||||
+#ifndef OPENSSL_NO_DSA |
||||
+ TLSEXT_SIGALG_dsa_sha224, |
||||
+ TLSEXT_SIGALG_dsa_sha256, |
||||
+ TLSEXT_SIGALG_dsa_sha384, |
||||
+ TLSEXT_SIGALG_dsa_sha512, |
||||
+#endif |
||||
+}; |
||||
+ |
||||
#ifndef OPENSSL_NO_EC |
||||
static const uint16_t suiteb_sigalgs[] = { |
||||
TLSEXT_SIGALG_ecdsa_secp256r1_sha256, |
||||
@@ -894,6 +924,8 @@ static const SIGALG_LOOKUP *tls1_get_leg |
||||
} |
||||
if (idx < 0 || idx >= (int)OSSL_NELEM(tls_default_sigalg)) |
||||
return NULL; |
||||
+ if (FIPS_mode()) /* We do not allow legacy SHA1 signatures in FIPS mode */ |
||||
+ return NULL; |
||||
if (SSL_USE_SIGALGS(s) || idx != SSL_PKEY_RSA) { |
||||
const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(tls_default_sigalg[idx]); |
||||
|
||||
@@ -954,6 +986,9 @@ size_t tls12_get_psigalgs(SSL *s, int se |
||||
} else if (s->cert->conf_sigalgs) { |
||||
*psigs = s->cert->conf_sigalgs; |
||||
return s->cert->conf_sigalgslen; |
||||
+ } else if (FIPS_mode()) { |
||||
+ *psigs = tls12_fips_sigalgs; |
||||
+ return OSSL_NELEM(tls12_fips_sigalgs); |
||||
} else { |
||||
*psigs = tls12_sigalgs; |
||||
return OSSL_NELEM(tls12_sigalgs); |
||||
@@ -973,6 +1008,9 @@ int tls_check_sigalg_curve(const SSL *s, |
||||
if (s->cert->conf_sigalgs) { |
||||
sigs = s->cert->conf_sigalgs; |
||||
siglen = s->cert->conf_sigalgslen; |
||||
+ } else if (FIPS_mode()) { |
||||
+ sigs = tls12_fips_sigalgs; |
||||
+ siglen = OSSL_NELEM(tls12_fips_sigalgs); |
||||
} else { |
||||
sigs = tls12_sigalgs; |
||||
siglen = OSSL_NELEM(tls12_sigalgs); |
||||
@@ -1617,6 +1655,8 @@ static int tls12_sigalg_allowed(const SS |
||||
if (lu->sig == NID_id_GostR3410_2012_256 |
||||
|| lu->sig == NID_id_GostR3410_2012_512 |
||||
|| lu->sig == NID_id_GostR3410_2001) { |
||||
+ if (FIPS_mode()) |
||||
+ return 0; |
||||
/* We never allow GOST sig algs on the server with TLSv1.3 */ |
||||
if (s->server && SSL_IS_TLS13(s)) |
||||
return 0; |
||||
@@ -2842,6 +2882,13 @@ int tls_choose_sigalg(SSL *s, int fatale |
||||
const uint16_t *sent_sigs; |
||||
size_t sent_sigslen; |
||||
|
||||
+ if (fatalerrs && FIPS_mode()) { |
||||
+ /* There are no suitable legacy algorithms in FIPS mode */ |
||||
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, |
||||
+ SSL_F_TLS_CHOOSE_SIGALG, |
||||
+ SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); |
||||
+ return 0; |
||||
+ } |
||||
if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { |
||||
if (!fatalerrs) |
||||
return 1; |
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,587 @@
@@ -0,0 +1,587 @@
|
||||
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest openssl-1.1.1g/crypto/fips/fips_post.c |
||||
--- openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest 2020-04-23 13:33:12.500624151 +0200 |
||||
+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-04-23 13:33:12.618621925 +0200 |
||||
@@ -67,12 +67,18 @@ |
||||
|
||||
# include <openssl/fips.h> |
||||
# include "crypto/fips.h" |
||||
+# include "crypto/rand.h" |
||||
# include "fips_locl.h" |
||||
|
||||
/* Run all selftests */ |
||||
int FIPS_selftest(void) |
||||
{ |
||||
int rv = 1; |
||||
+ if (!rand_drbg_selftest()) { |
||||
+ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_TEST_FAILURE); |
||||
+ ERR_add_error_data(2, "Type=", "rand_drbg_selftest"); |
||||
+ rv = 0; |
||||
+ } |
||||
if (!FIPS_selftest_drbg()) |
||||
rv = 0; |
||||
if (!FIPS_selftest_sha1()) |
||||
diff -up openssl-1.1.1g/crypto/rand/build.info.drbg-selftest openssl-1.1.1g/crypto/rand/build.info |
||||
--- openssl-1.1.1g/crypto/rand/build.info.drbg-selftest 2020-04-23 13:33:12.619621907 +0200 |
||||
+++ openssl-1.1.1g/crypto/rand/build.info 2020-04-23 13:34:10.857523497 +0200 |
||||
@@ -1,6 +1,6 @@ |
||||
LIBS=../../libcrypto |
||||
SOURCE[../../libcrypto]=\ |
||||
randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \ |
||||
- rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c |
||||
+ rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c drbg_selftest.c |
||||
|
||||
INCLUDE[drbg_ctr.o]=../modes |
||||
diff -up openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest openssl-1.1.1g/crypto/rand/drbg_selftest.c |
||||
--- openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest 2020-04-23 13:33:12.619621907 +0200 |
||||
+++ openssl-1.1.1g/crypto/rand/drbg_selftest.c 2020-04-23 13:33:12.619621907 +0200 |
||||
@@ -0,0 +1,537 @@ |
||||
+/* |
||||
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. |
||||
+ * |
||||
+ * Licensed under the OpenSSL license (the "License"). You may not use |
||||
+ * this file except in compliance with the License. You can obtain a copy |
||||
+ * in the file LICENSE in the source distribution or at |
||||
+ * https://www.openssl.org/source/license.html |
||||
+ */ |
||||
+ |
||||
+#include <string.h> |
||||
+#include <stddef.h> |
||||
+#include "internal/nelem.h" |
||||
+#include <openssl/crypto.h> |
||||
+#include <openssl/err.h> |
||||
+#include <openssl/rand_drbg.h> |
||||
+#include <openssl/obj_mac.h> |
||||
+#include "internal/thread_once.h" |
||||
+#include "crypto/rand.h" |
||||
+ |
||||
+typedef struct test_ctx_st { |
||||
+ const unsigned char *entropy; |
||||
+ size_t entropylen; |
||||
+ int entropycnt; |
||||
+ const unsigned char *nonce; |
||||
+ size_t noncelen; |
||||
+ int noncecnt; |
||||
+} TEST_CTX; |
||||
+ |
||||
+static int app_data_index = -1; |
||||
+static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT; |
||||
+DEFINE_RUN_ONCE_STATIC(drbg_app_data_index_init) |
||||
+{ |
||||
+ app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL); |
||||
+ |
||||
+ return 1; |
||||
+} |
||||
+ |
||||
+enum drbg_kat_type { |
||||
+ NO_RESEED, |
||||
+ PR_FALSE, |
||||
+ PR_TRUE |
||||
+}; |
||||
+ |
||||
+enum drbg_df { |
||||
+ USE_DF, |
||||
+ NO_DF, |
||||
+ NA |
||||
+}; |
||||
+ |
||||
+struct drbg_kat_no_reseed { |
||||
+ size_t count; |
||||
+ const unsigned char *entropyin; |
||||
+ const unsigned char *nonce; |
||||
+ const unsigned char *persstr; |
||||
+ const unsigned char *addin1; |
||||
+ const unsigned char *addin2; |
||||
+ const unsigned char *retbytes; |
||||
+}; |
||||
+ |
||||
+struct drbg_kat_pr_false { |
||||
+ size_t count; |
||||
+ const unsigned char *entropyin; |
||||
+ const unsigned char *nonce; |
||||
+ const unsigned char *persstr; |
||||
+ const unsigned char *entropyinreseed; |
||||
+ const unsigned char *addinreseed; |
||||
+ const unsigned char *addin1; |
||||
+ const unsigned char *addin2; |
||||
+ const unsigned char *retbytes; |
||||
+}; |
||||
+ |
||||
+struct drbg_kat_pr_true { |
||||
+ size_t count; |
||||
+ const unsigned char *entropyin; |
||||
+ const unsigned char *nonce; |
||||
+ const unsigned char *persstr; |
||||
+ const unsigned char *entropyinpr1; |
||||
+ const unsigned char *addin1; |
||||
+ const unsigned char *entropyinpr2; |
||||
+ const unsigned char *addin2; |
||||
+ const unsigned char *retbytes; |
||||
+}; |
||||
+ |
||||
+struct drbg_kat { |
||||
+ enum drbg_kat_type type; |
||||
+ enum drbg_df df; |
||||
+ int nid; |
||||
+ |
||||
+ size_t entropyinlen; |
||||
+ size_t noncelen; |
||||
+ size_t persstrlen; |
||||
+ size_t addinlen; |
||||
+ size_t retbyteslen; |
||||
+ |
||||
+ const void *t; |
||||
+}; |
||||
+ |
||||
+/* |
||||
+ * Excerpt from test/drbg_cavs_data.c |
||||
+ * DRBG test vectors from: |
||||
+ * https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/ |
||||
+ */ |
||||
+ |
||||
+static const unsigned char kat1308_entropyin[] = { |
||||
+ 0x7c, 0x5d, 0x90, 0x70, 0x3b, 0x8a, 0xc7, 0x0f, 0x23, 0x73, 0x24, 0x9c, |
||||
+ 0xa7, 0x15, 0x41, 0x71, 0x7a, 0x31, 0xea, 0x32, 0xfc, 0x28, 0x0d, 0xd7, |
||||
+ 0x5b, 0x09, 0x01, 0x98, 0x1b, 0xe2, 0xa5, 0x53, 0xd9, 0x05, 0x32, 0x97, |
||||
+ 0xec, 0xbe, 0x86, 0xfd, 0x1c, 0x1c, 0x71, 0x4c, 0x52, 0x29, 0x9e, 0x52, |
||||
+}; |
||||
+static const unsigned char kat1308_nonce[] = {0}; |
||||
+static const unsigned char kat1308_persstr[] = { |
||||
+ 0xdc, 0x07, 0x2f, 0x68, 0xfa, 0x77, 0x03, 0x23, 0x42, 0xb0, 0xf5, 0xa2, |
||||
+ 0xd9, 0xad, 0xa1, 0xd0, 0xad, 0xa2, 0x14, 0xb4, 0xd0, 0x8e, 0xfb, 0x39, |
||||
+ 0xdd, 0xc2, 0xac, 0xfb, 0x98, 0xdf, 0x7f, 0xce, 0x4c, 0x75, 0x56, 0x45, |
||||
+ 0xcd, 0x86, 0x93, 0x74, 0x90, 0x6e, 0xf6, 0x9e, 0x85, 0x7e, 0xfb, 0xc3, |
||||
+}; |
||||
+static const unsigned char kat1308_addin0[] = { |
||||
+ 0x52, 0x25, 0xc4, 0x2f, 0x03, 0xce, 0x29, 0x71, 0xc5, 0x0b, 0xc3, 0x4e, |
||||
+ 0xad, 0x8d, 0x6f, 0x17, 0x82, 0xe1, 0xf3, 0xfd, 0xfd, 0x9b, 0x94, 0x9a, |
||||
+ 0x1d, 0xac, 0xd0, 0xd4, 0x3f, 0x2b, 0xe3, 0xab, 0x7c, 0x3d, 0x3e, 0x5a, |
||||
+ 0x68, 0xbb, 0xa4, 0x74, 0x68, 0x1a, 0xc6, 0x27, 0xff, 0xe0, 0xc0, 0x6c, |
||||
+}; |
||||
+static const unsigned char kat1308_addin1[] = { |
||||
+ 0xdc, 0x91, 0xd7, 0xb7, 0xb9, 0x94, 0x79, 0x0f, 0x06, 0xc4, 0x70, 0x19, |
||||
+ 0x33, 0x25, 0x7c, 0x96, 0x01, 0xa0, 0x62, 0xb0, 0x50, 0xe6, 0xc0, 0x3a, |
||||
+ 0x56, 0x8f, 0xc5, 0x50, 0x48, 0xc6, 0xf4, 0x49, 0xe5, 0x70, 0x16, 0x2e, |
||||
+ 0xae, 0xf2, 0x99, 0xb4, 0x2d, 0x70, 0x18, 0x16, 0xcd, 0xe0, 0x24, 0xe4, |
||||
+}; |
||||
+static const unsigned char kat1308_retbits[] = { |
||||
+ 0xde, 0xf8, 0x91, 0x1b, 0xf1, 0xe1, 0xa9, 0x97, 0xd8, 0x61, 0x84, 0xe2, |
||||
+ 0xdb, 0x83, 0x3e, 0x60, 0x45, 0xcd, 0xc8, 0x66, 0x93, 0x28, 0xc8, 0x92, |
||||
+ 0xbc, 0x25, 0xae, 0xe8, 0xb0, 0xed, 0xed, 0x16, 0x3d, 0xa5, 0xf9, 0x0f, |
||||
+ 0xb3, 0x72, 0x08, 0x84, 0xac, 0x3c, 0x3b, 0xaa, 0x5f, 0xf9, 0x7d, 0x63, |
||||
+ 0x3e, 0xde, 0x59, 0x37, 0x0e, 0x40, 0x12, 0x2b, 0xbc, 0x6c, 0x96, 0x53, |
||||
+ 0x26, 0x32, 0xd0, 0xb8, |
||||
+}; |
||||
+static const struct drbg_kat_no_reseed kat1308_t = { |
||||
+ 2, kat1308_entropyin, kat1308_nonce, kat1308_persstr, |
||||
+ kat1308_addin0, kat1308_addin1, kat1308_retbits |
||||
+}; |
||||
+static const struct drbg_kat kat1308 = { |
||||
+ NO_RESEED, NO_DF, NID_aes_256_ctr, 48, 0, 48, 48, 64, &kat1308_t |
||||
+}; |
||||
+ |
||||
+static const unsigned char kat1465_entropyin[] = { |
||||
+ 0xc9, 0x96, 0x3a, 0x15, 0x51, 0x76, 0x4f, 0xe0, 0x45, 0x82, 0x8a, 0x64, |
||||
+ 0x87, 0xbe, 0xaa, 0xc0, |
||||
+}; |
||||
+static const unsigned char kat1465_nonce[] = { |
||||
+ 0x08, 0xcd, 0x69, 0x39, 0xf8, 0x58, 0x9a, 0x85, |
||||
+}; |
||||
+static const unsigned char kat1465_persstr[] = {0}; |
||||
+static const unsigned char kat1465_entropyinreseed[] = { |
||||
+ 0x16, 0xcc, 0x35, 0x15, 0xb1, 0x17, 0xf5, 0x33, 0x80, 0x9a, 0x80, 0xc5, |
||||
+ 0x1f, 0x4b, 0x7b, 0x51, |
||||
+}; |
||||
+static const unsigned char kat1465_addinreseed[] = { |
||||
+ 0xf5, 0x3d, 0xf1, 0x2e, 0xdb, 0x28, 0x1c, 0x00, 0x7b, 0xcb, 0xb6, 0x12, |
||||
+ 0x61, 0x9f, 0x26, 0x5f, |
||||
+}; |
||||
+static const unsigned char kat1465_addin0[] = { |
||||
+ 0xe2, 0x67, 0x06, 0x62, 0x09, 0xa7, 0xcf, 0xd6, 0x84, 0x8c, 0x20, 0xf6, |
||||
+ 0x10, 0x5a, 0x73, 0x9c, |
||||
+}; |
||||
+static const unsigned char kat1465_addin1[] = { |
||||
+ 0x26, 0xfa, 0x50, 0xe1, 0xb3, 0xcb, 0x65, 0xed, 0xbc, 0x6d, 0xda, 0x18, |
||||
+ 0x47, 0x99, 0x1f, 0xeb, |
||||
+}; |
||||
+static const unsigned char kat1465_retbits[] = { |
||||
+ 0xf9, 0x47, 0xc6, 0xb0, 0x58, 0xa8, 0x66, 0x8a, 0xf5, 0x2b, 0x2a, 0x6d, |
||||
+ 0x4e, 0x24, 0x6f, 0x65, 0xbf, 0x51, 0x22, 0xbf, 0xe8, 0x8d, 0x6c, 0xeb, |
||||
+ 0xf9, 0x68, 0x7f, 0xed, 0x3b, 0xdd, 0x6b, 0xd5, 0x28, 0x47, 0x56, 0x52, |
||||
+ 0xda, 0x50, 0xf0, 0x90, 0x73, 0x95, 0x06, 0x58, 0xaf, 0x08, 0x98, 0x6e, |
||||
+ 0x24, 0x18, 0xfd, 0x2f, 0x48, 0x72, 0x57, 0xd6, 0x59, 0xab, 0xe9, 0x41, |
||||
+ 0x58, 0xdb, 0x27, 0xba, |
||||
+}; |
||||
+static const struct drbg_kat_pr_false kat1465_t = { |
||||
+ 9, kat1465_entropyin, kat1465_nonce, kat1465_persstr, |
||||
+ kat1465_entropyinreseed, kat1465_addinreseed, kat1465_addin0, |
||||
+ kat1465_addin1, kat1465_retbits |
||||
+}; |
||||
+static const struct drbg_kat kat1465 = { |
||||
+ PR_FALSE, USE_DF, NID_aes_128_ctr, 16, 8, 0, 16, 64, &kat1465_t |
||||
+}; |
||||
+ |
||||
+static const unsigned char kat3146_entropyin[] = { |
||||
+ 0xd7, 0x08, 0x42, 0x82, 0xc2, 0xd2, 0xd1, 0xde, 0x01, 0xb4, 0x36, 0xb3, |
||||
+ 0x7f, 0xbd, 0xd3, 0xdd, 0xb3, 0xc4, 0x31, 0x4f, 0x8f, 0xa7, 0x10, 0xf4, |
||||
+}; |
||||
+static const unsigned char kat3146_nonce[] = { |
||||
+ 0x7b, 0x9e, 0xcd, 0x49, 0x4f, 0x46, 0xa0, 0x08, 0x32, 0xff, 0x2e, 0xc3, |
||||
+ 0x50, 0x86, 0xca, 0xca, |
||||
+}; |
||||
+static const unsigned char kat3146_persstr[] = {0}; |
||||
+static const unsigned char kat3146_entropyinpr1[] = { |
||||
+ 0x68, 0xd0, 0x7b, 0xa4, 0xe7, 0x22, 0x19, 0xe6, 0xb6, 0x46, 0x6a, 0xda, |
||||
+ 0x8e, 0x67, 0xea, 0x63, 0x3f, 0xaf, 0x2f, 0x6c, 0x9d, 0x5e, 0x48, 0x15, |
||||
+}; |
||||
+static const unsigned char kat3146_addinpr1[] = { |
||||
+ 0x70, 0x0f, 0x54, 0xf4, 0x53, 0xde, 0xca, 0x61, 0x5c, 0x49, 0x51, 0xd1, |
||||
+ 0x41, 0xc4, 0xf1, 0x2f, 0x65, 0xfb, 0x7e, 0xbc, 0x9b, 0x14, 0xba, 0x90, |
||||
+ 0x05, 0x33, 0x7e, 0x64, 0xb7, 0x2b, 0xaf, 0x99, |
||||
+}; |
||||
+static const unsigned char kat3146_entropyinpr2[] = { |
||||
+ 0xeb, 0x77, 0xb0, 0xe9, 0x2d, 0x31, 0xc8, 0x66, 0xc5, 0xc4, 0xa7, 0xf7, |
||||
+ 0x6c, 0xb2, 0x74, 0x36, 0x4b, 0x25, 0x78, 0x04, 0xd8, 0xd7, 0xd2, 0x34, |
||||
+}; |
||||
+static const unsigned char kat3146_addinpr2[] = { |
||||
+ 0x05, 0xcd, 0x2a, 0x97, 0x5a, 0x5d, 0xfb, 0x98, 0xc1, 0xf1, 0x00, 0x0c, |
||||
+ 0xed, 0xe6, 0x2a, 0xba, 0xf0, 0x89, 0x1f, 0x5a, 0x4f, 0xd7, 0x48, 0xb3, |
||||
+ 0x24, 0xc0, 0x8a, 0x3d, 0x60, 0x59, 0x5d, 0xb6, |
||||
+}; |
||||
+static const unsigned char kat3146_retbits[] = { |
||||
+ 0x29, 0x94, 0xa4, 0xa8, 0x17, 0x3e, 0x62, 0x2f, 0x94, 0xdd, 0x40, 0x1f, |
||||
+ 0xe3, 0x7e, 0x77, 0xd4, 0x38, 0xbc, 0x0e, 0x49, 0x46, 0xf6, 0x0e, 0x28, |
||||
+ 0x91, 0xc6, 0x9c, 0xc4, 0xa6, 0xa1, 0xf8, 0x9a, 0x64, 0x5e, 0x99, 0x76, |
||||
+ 0xd0, 0x2d, 0xee, 0xde, 0xe1, 0x2c, 0x93, 0x29, 0x4b, 0x12, 0xcf, 0x87, |
||||
+ 0x03, 0x98, 0xb9, 0x74, 0x41, 0xdb, 0x3a, 0x49, 0x9f, 0x92, 0xd0, 0x45, |
||||
+ 0xd4, 0x30, 0x73, 0xbb, |
||||
+}; |
||||
+static const struct drbg_kat_pr_true kat3146_t = { |
||||
+ 10, kat3146_entropyin, kat3146_nonce, kat3146_persstr, |
||||
+ kat3146_entropyinpr1, kat3146_addinpr1, kat3146_entropyinpr2, |
||||
+ kat3146_addinpr2, kat3146_retbits |
||||
+}; |
||||
+static const struct drbg_kat kat3146 = { |
||||
+ PR_TRUE, USE_DF, NID_aes_192_ctr, 24, 16, 0, 32, 64, &kat3146_t |
||||
+}; |
||||
+ |
||||
+static const struct drbg_kat *drbg_test[] = { &kat1308, &kat1465, &kat3146 }; |
||||
+ |
||||
+static const size_t drbg_test_nelem = OSSL_NELEM(drbg_test); |
||||
+ |
||||
+static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout, |
||||
+ int entropy, size_t min_len, size_t max_len, |
||||
+ int prediction_resistance) |
||||
+{ |
||||
+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index); |
||||
+ |
||||
+ t->entropycnt++; |
||||
+ *pout = (unsigned char *)t->entropy; |
||||
+ return t->entropylen; |
||||
+} |
||||
+ |
||||
+static size_t kat_nonce(RAND_DRBG *drbg, unsigned char **pout, |
||||
+ int entropy, size_t min_len, size_t max_len) |
||||
+{ |
||||
+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index); |
||||
+ |
||||
+ t->noncecnt++; |
||||
+ *pout = (unsigned char *)t->nonce; |
||||
+ return t->noncelen; |
||||
+} |
||||
+ |
||||
+/* |
||||
+ * Do a single NO_RESEED KAT: |
||||
+ * |
||||
+ * Instantiate |
||||
+ * Generate Random Bits (pr=false) |
||||
+ * Generate Random Bits (pr=false) |
||||
+ * Uninstantiate |
||||
+ * |
||||
+ * Return 0 on failure. |
||||
+ */ |
||||
+static int single_kat_no_reseed(const struct drbg_kat *td) |
||||
+{ |
||||
+ struct drbg_kat_no_reseed *data = (struct drbg_kat_no_reseed *)td->t; |
||||
+ RAND_DRBG *drbg = NULL; |
||||
+ unsigned char *buff = NULL; |
||||
+ unsigned int flags = 0; |
||||
+ int failures = 0; |
||||
+ TEST_CTX t; |
||||
+ |
||||
+ if (td->df != USE_DF) |
||||
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF; |
||||
+ |
||||
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL) |
||||
+ return 0; |
||||
+ |
||||
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL, |
||||
+ kat_nonce, NULL)) { |
||||
+ failures++; |
||||
+ goto err; |
||||
+ } |
||||
+ memset(&t, 0, sizeof(t)); |
||||
+ t.entropy = data->entropyin; |
||||
+ t.entropylen = td->entropyinlen; |
||||
+ t.nonce = data->nonce; |
||||
+ t.noncelen = td->noncelen; |
||||
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t); |
||||
+ |
||||
+ buff = OPENSSL_malloc(td->retbyteslen); |
||||
+ if (buff == NULL) { |
||||
+ failures++; |
||||
+ goto err; |
||||
+ } |
||||
+ |
||||
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen) |
||||
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0, |
||||
+ data->addin1, td->addinlen) |
||||
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0, |
||||
+ data->addin2, td->addinlen) |
||||
+ || memcmp(data->retbytes, buff, |
||||
+ td->retbyteslen) != 0) |
||||
+ failures++; |
||||
+ |
||||
+err: |
||||
+ OPENSSL_free(buff); |
||||
+ RAND_DRBG_uninstantiate(drbg); |
||||
+ RAND_DRBG_free(drbg); |
||||
+ return failures == 0; |
||||
+} |
||||
+ |
||||
+/*- |
||||
+ * Do a single PR_FALSE KAT: |
||||
+ * |
||||
+ * Instantiate |
||||
+ * Reseed |
||||
+ * Generate Random Bits (pr=false) |
||||
+ * Generate Random Bits (pr=false) |
||||
+ * Uninstantiate |
||||
+ * |
||||
+ * Return 0 on failure. |
||||
+ */ |
||||
+static int single_kat_pr_false(const struct drbg_kat *td) |
||||
+{ |
||||
+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t; |
||||
+ RAND_DRBG *drbg = NULL; |
||||
+ unsigned char *buff = NULL; |
||||
+ unsigned int flags = 0; |
||||
+ int failures = 0; |
||||
+ TEST_CTX t; |
||||
+ |
||||
+ if (td->df != USE_DF) |
||||
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF; |
||||
+ |
||||
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL) |
||||
+ return 0; |
||||
+ |
||||
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL, |
||||
+ kat_nonce, NULL)) { |
||||
+ failures++; |
||||
+ goto err; |
||||
+ } |
||||
+ memset(&t, 0, sizeof(t)); |
||||
+ t.entropy = data->entropyin; |
||||
+ t.entropylen = td->entropyinlen; |
||||
+ t.nonce = data->nonce; |
||||
+ t.noncelen = td->noncelen; |
||||
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t); |
||||
+ |
||||
+ buff = OPENSSL_malloc(td->retbyteslen); |
||||
+ if (buff == NULL) { |
||||
+ failures++; |
||||
+ goto err; |
||||
+ } |
||||
+ |
||||
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)) |
||||
+ failures++; |
||||
+ |
||||
+ t.entropy = data->entropyinreseed; |
||||
+ t.entropylen = td->entropyinlen; |
||||
+ |
||||
+ if (!RAND_DRBG_reseed(drbg, data->addinreseed, td->addinlen, 0) |
||||
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0, |
||||
+ data->addin1, td->addinlen) |
||||
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0, |
||||
+ data->addin2, td->addinlen) |
||||
+ || memcmp(data->retbytes, buff, |
||||
+ td->retbyteslen) != 0) |
||||
+ failures++; |
||||
+ |
||||
+err: |
||||
+ OPENSSL_free(buff); |
||||
+ RAND_DRBG_uninstantiate(drbg); |
||||
+ RAND_DRBG_free(drbg); |
||||
+ return failures == 0; |
||||
+} |
||||
+ |
||||
+/*- |
||||
+ * Do a single PR_TRUE KAT: |
||||
+ * |
||||
+ * Instantiate |
||||
+ * Generate Random Bits (pr=true) |
||||
+ * Generate Random Bits (pr=true) |
||||
+ * Uninstantiate |
||||
+ * |
||||
+ * Return 0 on failure. |
||||
+ */ |
||||
+static int single_kat_pr_true(const struct drbg_kat *td) |
||||
+{ |
||||
+ struct drbg_kat_pr_true *data = (struct drbg_kat_pr_true *)td->t; |
||||
+ RAND_DRBG *drbg = NULL; |
||||
+ unsigned char *buff = NULL; |
||||
+ unsigned int flags = 0; |
||||
+ int failures = 0; |
||||
+ TEST_CTX t; |
||||
+ |
||||
+ if (td->df != USE_DF) |
||||
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF; |
||||
+ |
||||
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL) |
||||
+ return 0; |
||||
+ |
||||
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL, |
||||
+ kat_nonce, NULL)) { |
||||
+ failures++; |
||||
+ goto err; |
||||
+ } |
||||
+ memset(&t, 0, sizeof(t)); |
||||
+ t.nonce = data->nonce; |
||||
+ t.noncelen = td->noncelen; |
||||
+ t.entropy = data->entropyin; |
||||
+ t.entropylen = td->entropyinlen; |
||||
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t); |
||||
+ |
||||
+ buff = OPENSSL_malloc(td->retbyteslen); |
||||
+ if (buff == NULL) { |
||||
+ failures++; |
||||
+ goto err; |
||||
+ } |
||||
+ |
||||
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)) |
||||
+ failures++; |
||||
+ |
||||
+ t.entropy = data->entropyinpr1; |
||||
+ t.entropylen = td->entropyinlen; |
||||
+ |
||||
+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1, |
||||
+ data->addin1, td->addinlen)) |
||||
+ failures++; |
||||
+ |
||||
+ t.entropy = data->entropyinpr2; |
||||
+ t.entropylen = td->entropyinlen; |
||||
+ |
||||
+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1, |
||||
+ data->addin2, td->addinlen) |
||||
+ || memcmp(data->retbytes, buff, |
||||
+ td->retbyteslen) != 0) |
||||
+ failures++; |
||||
+ |
||||
+err: |
||||
+ OPENSSL_free(buff); |
||||
+ RAND_DRBG_uninstantiate(drbg); |
||||
+ RAND_DRBG_free(drbg); |
||||
+ return failures == 0; |
||||
+} |
||||
+ |
||||
+static int test_kats(int i) |
||||
+{ |
||||
+ const struct drbg_kat *td = drbg_test[i]; |
||||
+ int rv = 0; |
||||
+ |
||||
+ switch (td->type) { |
||||
+ case NO_RESEED: |
||||
+ if (!single_kat_no_reseed(td)) |
||||
+ goto err; |
||||
+ break; |
||||
+ case PR_FALSE: |
||||
+ if (!single_kat_pr_false(td)) |
||||
+ goto err; |
||||
+ break; |
||||
+ case PR_TRUE: |
||||
+ if (!single_kat_pr_true(td)) |
||||
+ goto err; |
||||
+ break; |
||||
+ default: /* cant happen */ |
||||
+ goto err; |
||||
+ } |
||||
+ rv = 1; |
||||
+err: |
||||
+ return rv; |
||||
+} |
||||
+ |
||||
+/*- |
||||
+ * Do one expected-error test: |
||||
+ * |
||||
+ * Instantiate with no entropy supplied |
||||
+ * |
||||
+ * Return 0 on failure. |
||||
+ */ |
||||
+static int test_drbg_sanity(const struct drbg_kat *td) |
||||
+{ |
||||
+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t; |
||||
+ RAND_DRBG *drbg = NULL; |
||||
+ unsigned int flags = 0; |
||||
+ int failures = 0; |
||||
+ TEST_CTX t; |
||||
+ |
||||
+ if (td->df != USE_DF) |
||||
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF; |
||||
+ |
||||
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL) |
||||
+ return 0; |
||||
+ |
||||
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL, |
||||
+ kat_nonce, NULL)) { |
||||
+ failures++; |
||||
+ goto err; |
||||
+ } |
||||
+ memset(&t, 0, sizeof(t)); |
||||
+ t.entropy = data->entropyin; |
||||
+ t.entropylen = 0; /* No entropy */ |
||||
+ t.nonce = data->nonce; |
||||
+ t.noncelen = td->noncelen; |
||||
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t); |
||||
+ |
||||
+ ERR_set_mark(); |
||||
+ /* This must fail. */ |
||||
+ if (RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)) |
||||
+ failures++; |
||||
+ RAND_DRBG_uninstantiate(drbg); |
||||
+ ERR_pop_to_mark(); |
||||
+ |
||||
+err: |
||||
+ RAND_DRBG_free(drbg); |
||||
+ return failures == 0; |
||||
+} |
||||
+ |
||||
+ |
||||
+int rand_drbg_selftest(void) |
||||
+{ |
||||
+ int i; |
||||
+ |
||||
+ if (!RUN_ONCE(&get_index_once, drbg_app_data_index_init)) |
||||
+ return 0; |
||||
+ |
||||
+ for (i = 0; i < drbg_test_nelem; i++) { |
||||
+ if (test_kats(i) <= 0) |
||||
+ return 0; |
||||
+ } |
||||
+ |
||||
+ if (test_drbg_sanity(&kat1465) <= 0) |
||||
+ return 0; |
||||
+ |
||||
+ return 1; |
||||
+} |
||||
diff -up openssl-1.1.1g/include/crypto/rand.h.drbg-selftest openssl-1.1.1g/include/crypto/rand.h |
||||
--- openssl-1.1.1g/include/crypto/rand.h.drbg-selftest 2020-04-23 13:33:12.587622510 +0200 |
||||
+++ openssl-1.1.1g/include/crypto/rand.h 2020-04-23 13:33:12.619621907 +0200 |
||||
@@ -140,4 +140,9 @@ void rand_pool_cleanup(void); |
||||
*/ |
||||
void rand_pool_keep_random_devices_open(int keep); |
||||
|
||||
+/* |
||||
+ * Perform the DRBG KAT selftests |
||||
+ */ |
||||
+int rand_drbg_selftest(void); |
||||
+ |
||||
#endif |
@ -0,0 +1,189 @@
@@ -0,0 +1,189 @@
|
||||
diff -up openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand openssl-1.1.1i/crypto/fips/fips.c |
||||
--- openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand 2020-12-09 10:26:41.634106328 +0100 |
||||
+++ openssl-1.1.1i/crypto/fips/fips.c 2020-12-09 10:26:41.652106475 +0100 |
||||
@@ -68,6 +68,7 @@ |
||||
|
||||
# include <openssl/fips.h> |
||||
# include "internal/thread_once.h" |
||||
+# include "crypto/rand.h" |
||||
|
||||
# ifndef PATH_MAX |
||||
# define PATH_MAX 1024 |
||||
@@ -76,6 +77,7 @@ |
||||
static int fips_selftest_fail = 0; |
||||
static int fips_mode = 0; |
||||
static int fips_started = 0; |
||||
+static int fips_post = 0; |
||||
|
||||
static int fips_is_owning_thread(void); |
||||
static int fips_set_owning_thread(void); |
||||
@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void) |
||||
fips_selftest_fail = 1; |
||||
} |
||||
|
||||
+int fips_in_post(void) |
||||
+{ |
||||
+ return fips_post; |
||||
+} |
||||
+ |
||||
/* we implement what libfipscheck does ourselves */ |
||||
|
||||
static int |
||||
@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff) |
||||
} |
||||
# endif |
||||
|
||||
+ fips_post = 1; |
||||
+ |
||||
if (!FIPS_selftest()) { |
||||
fips_selftest_fail = 1; |
||||
ret = 0; |
||||
@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff) |
||||
goto end; |
||||
} |
||||
|
||||
+ fips_post = 0; |
||||
+ |
||||
fips_set_mode(onoff); |
||||
+ /* force RNG reseed with entropy from getrandom() on next call */ |
||||
+ rand_force_reseed(); |
||||
+ |
||||
ret = 1; |
||||
goto end; |
||||
} |
||||
diff -up openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1i/crypto/rand/drbg_lib.c |
||||
--- openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand 2020-12-08 14:20:59.000000000 +0100 |
||||
+++ openssl-1.1.1i/crypto/rand/drbg_lib.c 2020-12-09 10:26:41.652106475 +0100 |
||||
@@ -1005,6 +1005,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg |
||||
return min_entropy > min_entropylen ? min_entropy : min_entropylen; |
||||
} |
||||
|
||||
+void rand_force_reseed(void) |
||||
+{ |
||||
+ RAND_DRBG *drbg; |
||||
+ |
||||
+ drbg = RAND_DRBG_get0_master(); |
||||
+ drbg->fork_id = 0; |
||||
+ |
||||
+ drbg = RAND_DRBG_get0_private(); |
||||
+ drbg->fork_id = 0; |
||||
+ |
||||
+ drbg = RAND_DRBG_get0_public(); |
||||
+ drbg->fork_id = 0; |
||||
+} |
||||
+ |
||||
/* Implements the default OpenSSL RAND_add() method */ |
||||
static int drbg_add(const void *buf, int num, double randomness) |
||||
{ |
||||
diff -up openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1i/crypto/rand/rand_unix.c |
||||
--- openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand 2020-12-08 14:20:59.000000000 +0100 |
||||
+++ openssl-1.1.1i/crypto/rand/rand_unix.c 2020-12-09 10:36:59.531221903 +0100 |
||||
@@ -17,10 +17,12 @@ |
||||
#include <openssl/crypto.h> |
||||
#include "rand_local.h" |
||||
#include "crypto/rand.h" |
||||
+#include "crypto/fips.h" |
||||
#include <stdio.h> |
||||
#include "internal/dso.h" |
||||
#ifdef __linux |
||||
# include <sys/syscall.h> |
||||
+# include <sys/random.h> |
||||
# ifdef DEVRANDOM_WAIT |
||||
# include <sys/shm.h> |
||||
# include <sys/utsname.h> |
||||
@@ -344,7 +346,7 @@ static ssize_t sysctl_random(char *buf, |
||||
* syscall_random(): Try to get random data using a system call |
||||
* returns the number of bytes returned in buf, or < 0 on error. |
||||
*/ |
||||
-static ssize_t syscall_random(void *buf, size_t buflen) |
||||
+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock) |
||||
{ |
||||
/* |
||||
* Note: 'buflen' equals the size of the buffer which is used by the |
||||
@@ -369,6 +371,7 @@ static ssize_t syscall_random(void *buf, |
||||
* Note: Sometimes getentropy() can be provided but not implemented |
||||
* internally. So we need to check errno for ENOSYS |
||||
*/ |
||||
+# if 0 |
||||
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) |
||||
extern int getentropy(void *buffer, size_t length) __attribute__((weak)); |
||||
|
||||
@@ -394,10 +397,10 @@ static ssize_t syscall_random(void *buf, |
||||
if (p_getentropy.p != NULL) |
||||
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; |
||||
# endif |
||||
- |
||||
+# endif |
||||
/* Linux supports this since version 3.17 */ |
||||
-# if defined(__linux) && defined(__NR_getrandom) |
||||
- return syscall(__NR_getrandom, buf, buflen, 0); |
||||
+# if defined(__linux) && defined(SYS_getrandom) |
||||
+ return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0); |
||||
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) |
||||
return sysctl_random(buf, buflen); |
||||
# else |
||||
@@ -633,6 +636,9 @@ size_t rand_pool_acquire_entropy(RAND_PO |
||||
size_t entropy_available; |
||||
|
||||
# if defined(OPENSSL_RAND_SEED_GETRANDOM) |
||||
+ int in_post; |
||||
+ |
||||
+ for (in_post = fips_in_post(); in_post >= 0; --in_post) { |
||||
{ |
||||
size_t bytes_needed; |
||||
unsigned char *buffer; |
||||
@@ -643,7 +649,7 @@ size_t rand_pool_acquire_entropy(RAND_PO |
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); |
||||
while (bytes_needed != 0 && attempts-- > 0) { |
||||
buffer = rand_pool_add_begin(pool, bytes_needed); |
||||
- bytes = syscall_random(buffer, bytes_needed); |
||||
+ bytes = syscall_random(buffer, bytes_needed, in_post); |
||||
if (bytes > 0) { |
||||
rand_pool_add_end(pool, bytes, 8 * bytes); |
||||
bytes_needed -= bytes; |
||||
@@ -678,8 +684,10 @@ size_t rand_pool_acquire_entropy(RAND_PO |
||||
int attempts = 3; |
||||
const int fd = get_random_device(i); |
||||
|
||||
- if (fd == -1) |
||||
+ if (fd == -1) { |
||||
+ OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]); |
||||
continue; |
||||
+ } |
||||
|
||||
while (bytes_needed != 0 && attempts-- > 0) { |
||||
buffer = rand_pool_add_begin(pool, bytes_needed); |
||||
@@ -742,7 +750,9 @@ size_t rand_pool_acquire_entropy(RAND_PO |
||||
return entropy_available; |
||||
} |
||||
# endif |
||||
- |
||||
+# ifdef OPENSSL_RAND_SEED_GETRANDOM |
||||
+ } |
||||
+# endif |
||||
return rand_pool_entropy_available(pool); |
||||
# endif |
||||
} |
||||
diff -up openssl-1.1.1i/include/crypto/fips.h.fips-post-rand openssl-1.1.1i/include/crypto/fips.h |
||||
--- openssl-1.1.1i/include/crypto/fips.h.fips-post-rand 2020-12-09 10:26:41.639106369 +0100 |
||||
+++ openssl-1.1.1i/include/crypto/fips.h 2020-12-09 10:26:41.657106516 +0100 |
||||
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void); |
||||
int FIPS_selftest_drbg(void); |
||||
int FIPS_selftest_cmac(void); |
||||
|
||||
+int fips_in_post(void); |
||||
+ |
||||
int fips_pkey_signature_test(EVP_PKEY *pkey, |
||||
const unsigned char *tbs, int tbslen, |
||||
const unsigned char *kat, |
||||
diff -up openssl-1.1.1i/include/crypto/rand.h.fips-post-rand openssl-1.1.1i/include/crypto/rand.h |
||||
--- openssl-1.1.1i/include/crypto/rand.h.fips-post-rand 2020-12-08 14:20:59.000000000 +0100 |
||||
+++ openssl-1.1.1i/include/crypto/rand.h 2020-12-09 10:26:41.657106516 +0100 |
||||
@@ -24,6 +24,7 @@ |
||||
typedef struct rand_pool_st RAND_POOL; |
||||
|
||||
void rand_cleanup_int(void); |
||||
+void rand_force_reseed(void); |
||||
void rand_drbg_cleanup_int(void); |
||||
void drbg_delete_thread_state(void); |
||||
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,500 @@
@@ -0,0 +1,500 @@
|
||||
diff -up openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl |
||||
--- openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100 |
||||
+++ openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl 2020-03-19 17:07:02.626522694 +0100 |
||||
@@ -275,6 +275,7 @@ $code.=<<___; |
||||
.align 16 |
||||
${PREFIX}_encrypt: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
movups ($inp),$inout0 # load input |
||||
mov 240($key),$rounds # key->rounds |
||||
___ |
||||
@@ -293,6 +294,7 @@ $code.=<<___; |
||||
.align 16 |
||||
${PREFIX}_decrypt: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
movups ($inp),$inout0 # load input |
||||
mov 240($key),$rounds # key->rounds |
||||
___ |
||||
@@ -613,6 +615,7 @@ $code.=<<___; |
||||
.align 16 |
||||
aesni_ecb_encrypt: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
___ |
||||
$code.=<<___ if ($win64); |
||||
lea -0x58(%rsp),%rsp |
||||
@@ -985,6 +988,7 @@ $code.=<<___; |
||||
.align 16 |
||||
aesni_ccm64_encrypt_blocks: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
___ |
||||
$code.=<<___ if ($win64); |
||||
lea -0x58(%rsp),%rsp |
||||
@@ -1077,6 +1081,7 @@ $code.=<<___; |
||||
.align 16 |
||||
aesni_ccm64_decrypt_blocks: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
___ |
||||
$code.=<<___ if ($win64); |
||||
lea -0x58(%rsp),%rsp |
||||
@@ -1203,6 +1208,7 @@ $code.=<<___; |
||||
.align 16 |
||||
aesni_ctr32_encrypt_blocks: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
cmp \$1,$len |
||||
jne .Lctr32_bulk |
||||
|
||||
@@ -1775,6 +1781,7 @@ $code.=<<___; |
||||
.align 16 |
||||
aesni_xts_encrypt: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
lea (%rsp),%r11 # frame pointer |
||||
.cfi_def_cfa_register %r11 |
||||
push %rbp |
||||
@@ -2258,6 +2265,7 @@ $code.=<<___; |
||||
.align 16 |
||||
aesni_xts_decrypt: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
lea (%rsp),%r11 # frame pointer |
||||
.cfi_def_cfa_register %r11 |
||||
push %rbp |
||||
@@ -2783,6 +2791,7 @@ $code.=<<___; |
||||
.align 32 |
||||
aesni_ocb_encrypt: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
lea (%rsp),%rax |
||||
push %rbx |
||||
.cfi_push %rbx |
||||
@@ -3249,6 +3258,7 @@ __ocb_encrypt1: |
||||
.align 32 |
||||
aesni_ocb_decrypt: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
lea (%rsp),%rax |
||||
push %rbx |
||||
.cfi_push %rbx |
||||
@@ -3737,6 +3747,7 @@ $code.=<<___; |
||||
.align 16 |
||||
${PREFIX}_cbc_encrypt: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
test $len,$len # check length |
||||
jz .Lcbc_ret |
||||
|
||||
diff -up openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl |
||||
--- openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100 |
||||
+++ openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl 2020-03-19 17:00:15.974621757 +0100 |
||||
@@ -696,6 +696,7 @@ _vpaes_schedule_mangle: |
||||
.align 16 |
||||
${PREFIX}_set_encrypt_key: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
___ |
||||
$code.=<<___ if ($win64); |
||||
lea -0xb8(%rsp),%rsp |
||||
@@ -746,6 +747,7 @@ $code.=<<___; |
||||
.align 16 |
||||
${PREFIX}_set_decrypt_key: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
___ |
||||
$code.=<<___ if ($win64); |
||||
lea -0xb8(%rsp),%rsp |
||||
@@ -801,6 +803,7 @@ $code.=<<___; |
||||
.align 16 |
||||
${PREFIX}_encrypt: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
___ |
||||
$code.=<<___ if ($win64); |
||||
lea -0xb8(%rsp),%rsp |
||||
@@ -846,6 +849,7 @@ $code.=<<___; |
||||
.align 16 |
||||
${PREFIX}_decrypt: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
___ |
||||
$code.=<<___ if ($win64); |
||||
lea -0xb8(%rsp),%rsp |
||||
@@ -897,6 +901,7 @@ $code.=<<___; |
||||
.align 16 |
||||
${PREFIX}_cbc_encrypt: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
xchg $key,$len |
||||
___ |
||||
($len,$key)=($key,$len); |
||||
diff -up openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.c |
||||
--- openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet 2020-03-17 15:31:17.000000000 +0100 |
||||
+++ openssl-1.1.1e/crypto/async/arch/async_posix.c 2020-03-19 17:00:15.974621757 +0100 |
||||
@@ -34,7 +34,9 @@ void async_local_cleanup(void) |
||||
|
||||
int async_fibre_makecontext(async_fibre *fibre) |
||||
{ |
||||
+#ifndef USE_SWAPCONTEXT |
||||
fibre->env_init = 0; |
||||
+#endif |
||||
if (getcontext(&fibre->fibre) == 0) { |
||||
fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE); |
||||
if (fibre->fibre.uc_stack.ss_sp != NULL) { |
||||
diff -up openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.h |
||||
--- openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet 2020-03-19 17:00:15.435631166 +0100 |
||||
+++ openssl-1.1.1e/crypto/async/arch/async_posix.h 2020-03-19 17:00:15.975621739 +0100 |
||||
@@ -25,17 +25,33 @@ |
||||
# define ASYNC_POSIX |
||||
# define ASYNC_ARCH |
||||
|
||||
+# ifdef __CET__ |
||||
+/* |
||||
+ * When Intel CET is enabled, makecontext will create a different |
||||
+ * shadow stack for each context. async_fibre_swapcontext cannot |
||||
+ * use _longjmp. It must call swapcontext to swap shadow stack as |
||||
+ * well as normal stack. |
||||
+ */ |
||||
+# define USE_SWAPCONTEXT |
||||
+# endif |
||||
# include <ucontext.h> |
||||
-# include <setjmp.h> |
||||
+# ifndef USE_SWAPCONTEXT |
||||
+# include <setjmp.h> |
||||
+# endif |
||||
|
||||
typedef struct async_fibre_st { |
||||
ucontext_t fibre; |
||||
+# ifndef USE_SWAPCONTEXT |
||||
jmp_buf env; |
||||
int env_init; |
||||
+# endif |
||||
} async_fibre; |
||||
|
||||
static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r) |
||||
{ |
||||
+# ifdef USE_SWAPCONTEXT |
||||
+ swapcontext(&o->fibre, &n->fibre); |
||||
+# else |
||||
o->env_init = 1; |
||||
|
||||
if (!r || !_setjmp(o->env)) { |
||||
@@ -44,6 +60,7 @@ static ossl_inline int async_fibre_swapc |
||||
else |
||||
setcontext(&n->fibre); |
||||
} |
||||
+# endif |
||||
|
||||
return 1; |
||||
} |
||||
diff -up openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl |
||||
--- openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100 |
||||
+++ openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl 2020-03-19 17:00:15.975621739 +0100 |
||||
@@ -685,6 +685,7 @@ $code.=<<___; |
||||
.align 16 |
||||
Camellia_cbc_encrypt: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
cmp \$0,%rdx |
||||
je .Lcbc_abort |
||||
push %rbx |
||||
diff -up openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl |
||||
--- openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100 |
||||
+++ openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl 2020-03-19 17:00:15.975621739 +0100 |
||||
@@ -239,6 +239,7 @@ $code=<<___; |
||||
.align 16 |
||||
gcm_gmult_4bit: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
push %rbx |
||||
.cfi_push %rbx |
||||
push %rbp # %rbp and others are pushed exclusively in |
||||
@@ -286,6 +287,7 @@ $code.=<<___; |
||||
.align 16 |
||||
gcm_ghash_4bit: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
push %rbx |
||||
.cfi_push %rbx |
||||
push %rbp |
||||
@@ -612,6 +614,7 @@ $code.=<<___; |
||||
.align 16 |
||||
gcm_gmult_clmul: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
.L_gmult_clmul: |
||||
movdqu ($Xip),$Xi |
||||
movdqa .Lbswap_mask(%rip),$T3 |
||||
@@ -663,6 +666,7 @@ $code.=<<___; |
||||
.align 32 |
||||
gcm_ghash_clmul: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
.L_ghash_clmul: |
||||
___ |
||||
$code.=<<___ if ($win64); |
||||
@@ -1166,6 +1170,7 @@ $code.=<<___; |
||||
.align 32 |
||||
gcm_gmult_avx: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
jmp .L_gmult_clmul |
||||
.cfi_endproc |
||||
.size gcm_gmult_avx,.-gcm_gmult_avx |
||||
@@ -1177,6 +1182,7 @@ $code.=<<___; |
||||
.align 32 |
||||
gcm_ghash_avx: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
___ |
||||
if ($avx) { |
||||
my ($Xip,$Htbl,$inp,$len)=@_4args; |
||||
diff -up openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet openssl-1.1.1e/crypto/perlasm/cbc.pl |
||||
--- openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100 |
||||
+++ openssl-1.1.1e/crypto/perlasm/cbc.pl 2020-03-19 17:00:15.976621722 +0100 |
||||
@@ -165,21 +165,28 @@ sub cbc |
||||
&jmp_ptr($count); |
||||
|
||||
&set_label("ej7"); |
||||
+ &endbranch() |
||||
&movb(&HB("edx"), &BP(6,$in,"",0)); |
||||
&shl("edx",8); |
||||
&set_label("ej6"); |
||||
+ &endbranch() |
||||
&movb(&HB("edx"), &BP(5,$in,"",0)); |
||||
&set_label("ej5"); |
||||
+ &endbranch() |
||||
&movb(&LB("edx"), &BP(4,$in,"",0)); |
||||
&set_label("ej4"); |
||||
+ &endbranch() |
||||
&mov("ecx", &DWP(0,$in,"",0)); |
||||
&jmp(&label("ejend")); |
||||
&set_label("ej3"); |
||||
+ &endbranch() |
||||
&movb(&HB("ecx"), &BP(2,$in,"",0)); |
||||
&shl("ecx",8); |
||||
&set_label("ej2"); |
||||
+ &endbranch() |
||||
&movb(&HB("ecx"), &BP(1,$in,"",0)); |
||||
&set_label("ej1"); |
||||
+ &endbranch() |
||||
&movb(&LB("ecx"), &BP(0,$in,"",0)); |
||||
&set_label("ejend"); |
||||
|
||||
diff -up openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl |
||||
--- openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100 |
||||
+++ openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl 2020-03-19 17:00:15.984621582 +0100 |
||||
@@ -101,6 +101,33 @@ elsif (!$gas) |
||||
$decor="\$L\$"; |
||||
} |
||||
|
||||
+my $cet_property; |
||||
+if ($flavour =~ /elf/) { |
||||
+ # Always generate .note.gnu.property section for ELF outputs to |
||||
+ # mark Intel CET support since all input files must be marked |
||||
+ # with Intel CET support in order for linker to mark output with |
||||
+ # Intel CET support. |
||||
+ my $p2align=3; $p2align=2 if ($flavour eq "elf32"); |
||||
+ $cet_property = <<_____; |
||||
+ .section ".note.gnu.property", "a" |
||||
+ .p2align $p2align |
||||
+ .long 1f - 0f |
||||
+ .long 4f - 1f |
||||
+ .long 5 |
||||
+0: |
||||
+ .asciz "GNU" |
||||
+1: |
||||
+ .p2align $p2align |
||||
+ .long 0xc0000002 |
||||
+ .long 3f - 2f |
||||
+2: |
||||
+ .long 3 |
||||
+3: |
||||
+ .p2align $p2align |
||||
+4: |
||||
+_____ |
||||
+} |
||||
+ |
||||
my $current_segment; |
||||
my $current_function; |
||||
my %globals; |
||||
@@ -1213,6 +1240,7 @@ while(defined(my $line=<>)) { |
||||
print $line,"\n"; |
||||
} |
||||
|
||||
+print "$cet_property" if ($cet_property); |
||||
print "\n$current_segment\tENDS\n" if ($current_segment && $masm); |
||||
print "END\n" if ($masm); |
||||
|
||||
diff -up openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86gas.pl |
||||
--- openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100 |
||||
+++ openssl-1.1.1e/crypto/perlasm/x86gas.pl 2020-03-19 17:00:15.985621565 +0100 |
||||
@@ -124,6 +124,7 @@ sub ::function_begin_B |
||||
push(@out,".align\t$align\n"); |
||||
push(@out,"$func:\n"); |
||||
push(@out,"$begin:\n") if ($global); |
||||
+ &::endbranch(); |
||||
$::stack=4; |
||||
} |
||||
|
||||
@@ -172,6 +173,26 @@ sub ::file_end |
||||
else { push (@out,"$tmp\n"); } |
||||
} |
||||
push(@out,$initseg) if ($initseg); |
||||
+ if ($::elf) { |
||||
+ push(@out," |
||||
+ .section \".note.gnu.property\", \"a\" |
||||
+ .p2align 2 |
||||
+ .long 1f - 0f |
||||
+ .long 4f - 1f |
||||
+ .long 5 |
||||
+0: |
||||
+ .asciz \"GNU\" |
||||
+1: |
||||
+ .p2align 2 |
||||
+ .long 0xc0000002 |
||||
+ .long 3f - 2f |
||||
+2: |
||||
+ .long 3 |
||||
+3: |
||||
+ .p2align 2 |
||||
+4: |
||||
+"); |
||||
+ } |
||||
} |
||||
|
||||
sub ::data_byte { push(@out,".byte\t".join(',',@_)."\n"); } |
||||
diff -up openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl |
||||
--- openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet 2020-03-19 17:00:38.185234015 +0100 |
||||
+++ openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl 2020-03-19 17:05:46.575850341 +0100 |
||||
@@ -2806,6 +2806,7 @@ $code.=<<___; |
||||
.align 32 |
||||
poly1305_blocks_vpmadd52: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
shr \$4,$len |
||||
jz .Lno_data_vpmadd52 # too short |
||||
|
||||
@@ -3739,6 +3740,7 @@ $code.=<<___; |
||||
.align 32 |
||||
poly1305_emit_base2_44: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
mov 0($ctx),%r8 # load hash value |
||||
mov 8($ctx),%r9 |
||||
mov 16($ctx),%r10 |
||||
diff -up openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl |
||||
--- openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet 2020-03-19 17:00:38.190233928 +0100 |
||||
+++ openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl 2020-03-19 17:05:02.598618064 +0100 |
||||
@@ -140,6 +140,7 @@ $code=<<___; |
||||
.align 16 |
||||
RC4: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
or $len,$len |
||||
jne .Lentry |
||||
ret |
||||
@@ -455,6 +456,7 @@ $code.=<<___; |
||||
.align 16 |
||||
RC4_set_key: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
lea 8($dat),$dat |
||||
lea ($inp,$len),$inp |
||||
neg $len |
||||
@@ -529,6 +531,7 @@ RC4_set_key: |
||||
.align 16 |
||||
RC4_options: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
lea .Lopts(%rip),%rax |
||||
mov OPENSSL_ia32cap_P(%rip),%edx |
||||
bt \$20,%edx |
||||
diff -up openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet openssl-1.1.1e/crypto/x86_64cpuid.pl |
||||
--- openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100 |
||||
+++ openssl-1.1.1e/crypto/x86_64cpuid.pl 2020-03-19 17:03:58.172742775 +0100 |
||||
@@ -40,6 +40,7 @@ print<<___; |
||||
.align 16 |
||||
OPENSSL_atomic_add: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
movl ($arg1),%eax |
||||
.Lspin: leaq ($arg2,%rax),%r8 |
||||
.byte 0xf0 # lock |
||||
@@ -56,6 +57,7 @@ OPENSSL_atomic_add: |
||||
.align 16 |
||||
OPENSSL_rdtsc: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
rdtsc |
||||
shl \$32,%rdx |
||||
or %rdx,%rax |
||||
@@ -68,6 +70,7 @@ OPENSSL_rdtsc: |
||||
.align 16 |
||||
OPENSSL_ia32_cpuid: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
mov %rbx,%r8 # save %rbx |
||||
.cfi_register %rbx,%r8 |
||||
|
||||
@@ -237,6 +240,7 @@ OPENSSL_ia32_cpuid: |
||||
.align 16 |
||||
OPENSSL_cleanse: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
xor %rax,%rax |
||||
cmp \$15,$arg2 |
||||
jae .Lot |
||||
@@ -274,6 +278,7 @@ OPENSSL_cleanse: |
||||
.align 16 |
||||
CRYPTO_memcmp: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
xor %rax,%rax |
||||
xor %r10,%r10 |
||||
cmp \$0,$arg3 |
||||
@@ -312,6 +317,7 @@ print<<___ if (!$win64); |
||||
.align 16 |
||||
OPENSSL_wipe_cpu: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
pxor %xmm0,%xmm0 |
||||
pxor %xmm1,%xmm1 |
||||
pxor %xmm2,%xmm2 |
||||
@@ -346,6 +352,8 @@ print<<___ if ($win64); |
||||
.type OPENSSL_wipe_cpu,\@abi-omnipotent |
||||
.align 16 |
||||
OPENSSL_wipe_cpu: |
||||
+.cfi_startproc |
||||
+ endbranch |
||||
pxor %xmm0,%xmm0 |
||||
pxor %xmm1,%xmm1 |
||||
pxor %xmm2,%xmm2 |
||||
@@ -376,6 +384,7 @@ print<<___; |
||||
.align 16 |
||||
OPENSSL_instrument_bus: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
mov $arg1,$out # tribute to Win64 |
||||
mov $arg2,$cnt |
||||
mov $arg2,$max |
||||
@@ -410,6 +419,7 @@ OPENSSL_instrument_bus: |
||||
.align 16 |
||||
OPENSSL_instrument_bus2: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
mov $arg1,$out # tribute to Win64 |
||||
mov $arg2,$cnt |
||||
mov $arg3,$max |
||||
@@ -465,6 +475,7 @@ print<<___; |
||||
.align 16 |
||||
OPENSSL_ia32_${rdop}_bytes: |
||||
.cfi_startproc |
||||
+ endbranch |
||||
xor %rax, %rax # return value |
||||
cmp \$0,$arg2 |
||||
je .Ldone_${rdop}_bytes |
@ -0,0 +1,170 @@
@@ -0,0 +1,170 @@
|
||||
diff -up openssl-1.1.1g/crypto/fips/build.info.kdf-selftest openssl-1.1.1g/crypto/fips/build.info |
||||
--- openssl-1.1.1g/crypto/fips/build.info.kdf-selftest 2020-06-03 16:08:36.274849058 +0200 |
||||
+++ openssl-1.1.1g/crypto/fips/build.info 2020-06-03 16:11:05.609079372 +0200 |
||||
@@ -5,7 +5,7 @@ SOURCE[../../libcrypto]=\ |
||||
fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ |
||||
fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \ |
||||
fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \ |
||||
- fips_dh_selftest.c fips_ers.c |
||||
+ fips_dh_selftest.c fips_kdf_selftest.c fips_ers.c |
||||
|
||||
PROGRAMS_NO_INST=\ |
||||
fips_standalone_hmac |
||||
diff -up openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c |
||||
--- openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest 2020-06-03 16:08:36.337849577 +0200 |
||||
+++ openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c 2020-06-03 16:08:36.337849577 +0200 |
||||
@@ -0,0 +1,117 @@ |
||||
+/* |
||||
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. |
||||
+ * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. |
||||
+ * |
||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use |
||||
+ * this file except in compliance with the License. You can obtain a copy |
||||
+ * in the file LICENSE in the source distribution or at |
||||
+ * https://www.openssl.org/source/license.html |
||||
+ */ |
||||
+ |
||||
+#include <string.h> |
||||
+#include <openssl/err.h> |
||||
+#include <openssl/fips.h> |
||||
+#include "crypto/fips.h" |
||||
+ |
||||
+#include <openssl/evp.h> |
||||
+#include <openssl/kdf.h> |
||||
+ |
||||
+#ifdef OPENSSL_FIPS |
||||
+int FIPS_selftest_pbkdf2(void) |
||||
+{ |
||||
+ int ret = 0; |
||||
+ EVP_KDF_CTX *kctx; |
||||
+ unsigned char out[32]; |
||||
+ |
||||
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) { |
||||
+ goto err; |
||||
+ } |
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) { |
||||
+ goto err; |
||||
+ } |
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) { |
||||
+ goto err; |
||||
+ } |
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) { |
||||
+ goto err; |
||||
+ } |
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { |
||||
+ goto err; |
||||
+ } |
||||
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { |
||||
+ goto err; |
||||
+ } |
||||
+ |
||||
+ { |
||||
+ const unsigned char expected[sizeof(out)] = { |
||||
+ 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3, |
||||
+ 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0, |
||||
+ 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf, |
||||
+ 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43 |
||||
+ }; |
||||
+ if (memcmp(out, expected, sizeof(expected))) { |
||||
+ goto err; |
||||
+ } |
||||
+ } |
||||
+ ret = 1; |
||||
+ |
||||
+err: |
||||
+ if (!ret) |
||||
+ FIPSerr(FIPS_F_FIPS_SELFTEST_PBKDF2, FIPS_R_SELFTEST_FAILED); |
||||
+ EVP_KDF_CTX_free(kctx); |
||||
+ return ret; |
||||
+} |
||||
+ |
||||
+/* Test vector from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos |
||||
+ * 5) appendix A. */ |
||||
+int FIPS_selftest_kbkdf(void) |
||||
+{ |
||||
+ int ret = 0; |
||||
+ EVP_KDF_CTX *kctx; |
||||
+ char *label = "prf", *prf_input = "test"; |
||||
+ static unsigned char input_key[] = { |
||||
+ 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28, |
||||
+ 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C, |
||||
+ }; |
||||
+ static unsigned char output[] = { |
||||
+ 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE, |
||||
+ 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86, |
||||
+ 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B, |
||||
+ 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95, |
||||
+ }; |
||||
+ unsigned char result[sizeof(output)] = { 0 }; |
||||
+ |
||||
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_KB)) == NULL) { |
||||
+ goto err; |
||||
+ } |
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, EVP_KDF_KB_MAC_TYPE_HMAC) <= 0) { |
||||
+ goto err; |
||||
+ } |
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { |
||||
+ goto err; |
||||
+ } |
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, input_key, sizeof(input_key)) <= 0) { |
||||
+ goto err; |
||||
+ } |
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, label, strlen(label)) <= 0) { |
||||
+ goto err; |
||||
+ } |
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_INFO, prf_input, strlen(prf_input)) <= 0) { |
||||
+ goto err; |
||||
+ } |
||||
+ ret = EVP_KDF_derive(kctx, result, sizeof(result)) > 0 |
||||
+ && memcmp(result, output, sizeof(output)) == 0; |
||||
+err: |
||||
+ |
||||
+ if (!ret) |
||||
+ FIPSerr(FIPS_F_FIPS_SELFTEST_KBKDF, FIPS_R_SELFTEST_FAILED); |
||||
+ EVP_KDF_CTX_free(kctx); |
||||
+ return ret; |
||||
+} |
||||
+ |
||||
+int FIPS_selftest_kdf(void) |
||||
+{ |
||||
+ return FIPS_selftest_pbkdf2() && FIPS_selftest_kbkdf(); |
||||
+} |
||||
+ |
||||
+#endif |
||||
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_post.c |
||||
--- openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest 2020-06-03 16:08:36.332849536 +0200 |
||||
+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-06-03 16:08:36.338849585 +0200 |
||||
@@ -111,6 +111,8 @@ int FIPS_selftest(void) |
||||
rv = 0; |
||||
if (!FIPS_selftest_ecdh()) |
||||
rv = 0; |
||||
+ if (!FIPS_selftest_kdf()) |
||||
+ rv = 0; |
||||
return rv; |
||||
} |
||||
|
||||
diff -up openssl-1.1.1g/include/crypto/fips.h.kdf-selftest openssl-1.1.1g/include/crypto/fips.h |
||||
--- openssl-1.1.1g/include/crypto/fips.h.kdf-selftest 2020-06-03 16:08:36.330849519 +0200 |
||||
+++ openssl-1.1.1g/include/crypto/fips.h 2020-06-03 16:08:36.338849585 +0200 |
||||
@@ -72,6 +72,9 @@ void FIPS_drbg_stick(int onoff); |
||||
int FIPS_selftest_hmac(void); |
||||
int FIPS_selftest_drbg(void); |
||||
int FIPS_selftest_cmac(void); |
||||
+int FIPS_selftest_kbkdf(void); |
||||
+int FIPS_selftest_pbkdf2(void); |
||||
+int FIPS_selftest_kdf(void); |
||||
|
||||
int fips_in_post(void); |
||||
|
||||
diff -up openssl-1.1.1g/include/openssl/fips.h.kdf-selftest openssl-1.1.1g/include/openssl/fips.h |
||||
--- openssl-1.1.1g/include/openssl/fips.h.kdf-selftest 2020-06-03 16:08:36.282849124 +0200 |
||||
+++ openssl-1.1.1g/include/openssl/fips.h 2020-06-03 16:08:36.338849585 +0200 |
||||
@@ -123,6 +123,8 @@ extern "C" { |
||||
# define FIPS_F_FIPS_SELFTEST_DSA 112 |
||||
# define FIPS_F_FIPS_SELFTEST_ECDSA 133 |
||||
# define FIPS_F_FIPS_SELFTEST_HMAC 113 |
||||
+# define FIPS_F_FIPS_SELFTEST_KBKDF 151 |
||||
+# define FIPS_F_FIPS_SELFTEST_PBKDF2 152 |
||||
# define FIPS_F_FIPS_SELFTEST_SHA1 115 |
||||
# define FIPS_F_FIPS_SELFTEST_SHA2 105 |
||||
# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143 |
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,19 @@
@@ -0,0 +1,19 @@
|
||||
diff -up openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename openssl-1.1.1-pre9/doc/man1/openssl.pod |
||||
--- openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename 2018-08-21 14:14:13.000000000 +0200 |
||||
+++ openssl-1.1.1-pre9/doc/man1/openssl.pod 2018-08-22 12:13:04.092568064 +0200 |
||||
@@ -482,13 +482,13 @@ L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)> |
||||
L<ec(1)>, L<ecparam(1)>, |
||||
L<enc(1)>, L<engine(1)>, L<errstr(1)>, L<gendsa(1)>, L<genpkey(1)>, |
||||
L<genrsa(1)>, L<nseq(1)>, L<ocsp(1)>, |
||||
-L<passwd(1)>, |
||||
L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>, |
||||
L<pkey(1)>, L<pkeyparam(1)>, L<pkeyutl(1)>, L<prime(1)>, |
||||
-L<rand(1)>, L<rehash(1)>, L<req(1)>, L<rsa(1)>, |
||||
+L<rehash(1)>, L<req(1)>, L<rsa(1)>, |
||||
L<rsautl(1)>, L<s_client(1)>, |
||||
L<s_server(1)>, L<s_time(1)>, L<sess_id(1)>, |
||||
L<smime(1)>, L<speed(1)>, L<spkac(1)>, L<srp(1)>, L<storeutl(1)>, |
||||
+L<sslpasswd(1)>, L<sslrand(1)>, |
||||
L<ts(1)>, |
||||
L<verify(1)>, L<version(1)>, L<x509(1)>, |
||||
L<crypto(7)>, L<ssl(7)>, L<x509v3_config(5)> |
@ -0,0 +1,119 @@
@@ -0,0 +1,119 @@
|
||||
diff -up openssl-1.1.1k/include/internal/cryptlib.h.conf-new openssl-1.1.1k/include/internal/cryptlib.h |
||||
--- openssl-1.1.1k/include/internal/cryptlib.h.conf-new 2021-08-30 14:19:25.209494828 +0200 |
||||
+++ openssl-1.1.1k/include/internal/cryptlib.h 2021-08-30 14:19:34.047615270 +0200 |
||||
@@ -51,7 +51,7 @@ typedef struct app_mem_info_st APP_INFO; |
||||
typedef struct mem_st MEM; |
||||
DEFINE_LHASH_OF(MEM); |
||||
|
||||
-# define OPENSSL_CONF "openssl.cnf" |
||||
+# define OPENSSL_CONF "openssl11.cnf" |
||||
|
||||
# ifndef OPENSSL_SYS_VMS |
||||
# define X509_CERT_AREA OPENSSLDIR |
||||
diff -up openssl-1.1.1k/Configurations/unix-Makefile.tmpl.new-conf openssl-1.1.1k/Configurations/unix-Makefile.tmpl |
||||
--- openssl-1.1.1k/Configurations/unix-Makefile.tmpl.new-conf 2021-10-05 11:33:47.651773153 +0200 |
||||
+++ openssl-1.1.1k/Configurations/unix-Makefile.tmpl 2021-10-05 11:34:08.273946559 +0200 |
||||
@@ -580,14 +580,14 @@ install_ssldirs: |
||||
: {- output_on() if windowsdll(); "" -}; \ |
||||
fi; \ |
||||
done |
||||
- @$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist" |
||||
- @cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" |
||||
- @chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" |
||||
- @mv -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist" |
||||
- @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \ |
||||
- $(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ |
||||
- cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ |
||||
- chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ |
||||
+ @$(ECHO) "install $(SRCDIR)/apps/openssl11.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl11.cnf.dist" |
||||
+ @cp $(SRCDIR)/apps/openssl11.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl11.cnf.new" |
||||
+ @chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl11.cnf.new" |
||||
+ @mv -f "$(DESTDIR)$(OPENSSLDIR)/openssl11.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/openssl11.cnf.dist" |
||||
+ @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl11.cnf" ]; then \ |
||||
+ $(ECHO) "install $(SRCDIR)/apps/openssl11.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl11.cnf"; \ |
||||
+ cp $(SRCDIR)/apps/openssl11.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl11.cnf"; \ |
||||
+ chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl11.cnf"; \ |
||||
fi |
||||
@$(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist" |
||||
@cp $(SRCDIR)/apps/ct_log_list.cnf "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new" |
||||
@@ -871,7 +871,7 @@ lint: |
||||
|
||||
generate_apps: |
||||
( cd $(SRCDIR); $(PERL) VMS/VMSify-conf.pl \ |
||||
- < apps/openssl.cnf > apps/openssl-vms.cnf ) |
||||
+ < apps/openssl11.cnf > apps/openssl-vms.cnf ) |
||||
|
||||
generate_crypto_bn: |
||||
( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h ) |
||||
diff -up openssl-1.1.1k/Configure.new-conf openssl-1.1.1k/Configure |
||||
--- openssl-1.1.1k/Configure.new-conf 2021-10-05 13:07:38.128588902 +0200 |
||||
+++ openssl-1.1.1k/Configure 2021-10-05 13:08:00.190795712 +0200 |
||||
@@ -35,7 +35,7 @@ my $usage="Usage: Configure [no-<cipher> |
||||
# directories bin, lib, include, share/man, share/doc/openssl |
||||
# This becomes the value of INSTALLTOP in Makefile |
||||
# (Default: /usr/local) |
||||
-# --openssldir OpenSSL data area, such as openssl.cnf, certificates and keys. |
||||
+# --openssldir OpenSSL data area, such as openssl11.cnf, certificates and keys. |
||||
# If it's a relative directory, it will be added on the directory |
||||
# given with --prefix. |
||||
# This becomes the value of OPENSSLDIR in Makefile and in C. |
||||
diff -up openssl-1.1.1k/doc/HOWTO/certificates.txt.new-conf openssl-1.1.1k/doc/HOWTO/certificates.txt |
||||
--- openssl-1.1.1k/doc/HOWTO/certificates.txt.new-conf 2021-10-05 13:09:44.705775386 +0200 |
||||
+++ openssl-1.1.1k/doc/HOWTO/certificates.txt 2021-10-05 13:09:58.621905835 +0200 |
||||
@@ -16,7 +16,7 @@ Certificate authorities should read http |
||||
In all the cases shown below, the standard configuration file, as |
||||
compiled into openssl, will be used. You may find it in /etc/, |
||||
/usr/local/ssl/ or somewhere else. By default the file is named |
||||
-openssl.cnf and is described at https://www.openssl.org/docs/apps/config.html. |
||||
+openssl11.cnf and is described at https://www.openssl.org/docs/apps/config.html. |
||||
You can specify a different configuration file using the |
||||
'-config {file}' argument with the commands shown below. |
||||
|
||||
diff -up openssl-1.1.1k/doc/man3/OPENSSL_config.pod.new-conf openssl-1.1.1k/doc/man3/OPENSSL_config.pod |
||||
--- openssl-1.1.1k/doc/man3/OPENSSL_config.pod.new-conf 2021-10-05 13:08:51.108273006 +0200 |
||||
+++ openssl-1.1.1k/doc/man3/OPENSSL_config.pod 2021-10-05 13:09:07.614427700 +0200 |
||||
@@ -15,7 +15,7 @@ OPENSSL_config, OPENSSL_no_config - simp |
||||
|
||||
=head1 DESCRIPTION |
||||
|
||||
-OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf> and |
||||
+OPENSSL_config() configures OpenSSL using the standard B<openssl11.cnf> and |
||||
reads from the application section B<appname>. If B<appname> is NULL then |
||||
the default section, B<openssl_conf>, will be used. |
||||
Errors are silently ignored. |
||||
diff -up openssl-1.1.1k/doc/man5/config.pod.new-conf openssl-1.1.1k/doc/man5/config.pod |
||||
--- openssl-1.1.1k/doc/man5/config.pod.new-conf 2021-10-05 13:10:21.497120265 +0200 |
||||
+++ openssl-1.1.1k/doc/man5/config.pod 2021-10-05 13:10:35.727253658 +0200 |
||||
@@ -7,7 +7,7 @@ config - OpenSSL CONF library configurat |
||||
=head1 DESCRIPTION |
||||
|
||||
The OpenSSL CONF library can be used to read configuration files. |
||||
-It is used for the OpenSSL master configuration file B<openssl.cnf> |
||||
+It is used for the OpenSSL master configuration file B<openssl11.cnf> |
||||
and in a few other places like B<SPKAC> files and certificate extension |
||||
files for the B<x509> utility. OpenSSL applications can also use the |
||||
CONF library for their own purposes. |
||||
diff -up openssl-1.1.1k/INSTALL.new-conf openssl-1.1.1k/INSTALL |
||||
--- openssl-1.1.1k/INSTALL.new-conf 2021-10-05 13:10:56.473448084 +0200 |
||||
+++ openssl-1.1.1k/INSTALL 2021-10-05 13:11:11.388587895 +0200 |
||||
@@ -296,7 +296,7 @@ |
||||
be undesirable if small executable size is an objective. |
||||
|
||||
no-autoload-config |
||||
- Don't automatically load the default openssl.cnf file. |
||||
+ Don't automatically load the default openssl11.cnf file. |
||||
Typically OpenSSL will automatically load a system config |
||||
file which configures default ssl options. |
||||
|
||||
diff -up openssl-1.1.1k/NEWS.new-conf openssl-1.1.1k/NEWS |
||||
--- openssl-1.1.1k/NEWS.new-conf 2021-10-05 13:11:31.092772601 +0200 |
||||
+++ openssl-1.1.1k/NEWS 2021-10-05 13:12:48.923502139 +0200 |
||||
@@ -12,6 +12,8 @@ |
||||
o Fixed an issue where an OpenSSL TLS server may crash if sent a |
||||
maliciously crafted renegotiation ClientHello message from a client |
||||
(CVE-2021-3449) |
||||
+ o This compat package provides a config file with the name openssl11.cnf |
||||
+ instead of openssl.cnf. |
||||
|
||||
Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021] |
||||
|
@ -0,0 +1,112 @@
@@ -0,0 +1,112 @@
|
||||
diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in |
||||
--- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool 2019-09-10 15:13:07.000000000 +0200 |
||||
+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in 2019-09-13 15:11:07.358687169 +0200 |
||||
@@ -147,22 +147,22 @@ our @tests = ( |
||||
{ |
||||
name => "ECDSA with brainpool", |
||||
server => { |
||||
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), |
||||
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), |
||||
- "Groups" => "brainpoolP256r1", |
||||
+ "Certificate" => test_pem("server-ecdsa-cert.pem"), |
||||
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"), |
||||
+# "Groups" => "brainpoolP256r1", |
||||
}, |
||||
client => { |
||||
#We don't restrict this to TLSv1.2, although use of brainpool |
||||
#should force this anyway so that this should succeed |
||||
"CipherString" => "aECDSA", |
||||
"RequestCAFile" => test_pem("root-cert.pem"), |
||||
- "Groups" => "brainpoolP256r1", |
||||
+# "Groups" => "brainpoolP256r1", |
||||
}, |
||||
test => { |
||||
- "ExpectedServerCertType" =>, "brainpoolP256r1", |
||||
- "ExpectedServerSignType" =>, "EC", |
||||
+# "ExpectedServerCertType" =>, "brainpoolP256r1", |
||||
+# "ExpectedServerSignType" =>, "EC", |
||||
# Note: certificate_authorities not sent for TLS < 1.3 |
||||
- "ExpectedServerCANames" =>, "empty", |
||||
+# "ExpectedServerCANames" =>, "empty", |
||||
"ExpectedResult" => "Success" |
||||
}, |
||||
}, |
||||
@@ -853,18 +853,18 @@ my @tests_tls_1_3 = ( |
||||
{ |
||||
name => "TLS 1.3 ECDSA with brainpool", |
||||
server => { |
||||
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), |
||||
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), |
||||
- "Groups" => "brainpoolP256r1", |
||||
+ "Certificate" => test_pem("server-ecdsa-cert.pem"), |
||||
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"), |
||||
+# "Groups" => "brainpoolP256r1", |
||||
}, |
||||
client => { |
||||
"RequestCAFile" => test_pem("root-cert.pem"), |
||||
- "Groups" => "brainpoolP256r1", |
||||
+# "Groups" => "brainpoolP256r1", |
||||
"MinProtocol" => "TLSv1.3", |
||||
"MaxProtocol" => "TLSv1.3" |
||||
}, |
||||
test => { |
||||
- "ExpectedResult" => "ServerFail" |
||||
+ "ExpectedResult" => "Success" |
||||
}, |
||||
}, |
||||
); |
||||
diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf |
||||
--- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool 2019-09-10 15:13:07.000000000 +0200 |
||||
+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf 2019-09-13 15:12:27.380288469 +0200 |
||||
@@ -238,23 +238,18 @@ server = 5-ECDSA with brainpool-server |
||||
client = 5-ECDSA with brainpool-client |
||||
|
||||
[5-ECDSA with brainpool-server] |
||||
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem |
||||
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem |
||||
CipherString = DEFAULT |
||||
-Groups = brainpoolP256r1 |
||||
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem |
||||
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem |
||||
|
||||
[5-ECDSA with brainpool-client] |
||||
CipherString = aECDSA |
||||
-Groups = brainpoolP256r1 |
||||
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem |
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem |
||||
VerifyMode = Peer |
||||
|
||||
[test-5] |
||||
ExpectedResult = Success |
||||
-ExpectedServerCANames = empty |
||||
-ExpectedServerCertType = brainpoolP256r1 |
||||
-ExpectedServerSignType = EC |
||||
|
||||
|
||||
# =========================================================== |
||||
@@ -1713,14 +1708,12 @@ server = 52-TLS 1.3 ECDSA with brainpool |
||||
client = 52-TLS 1.3 ECDSA with brainpool-client |
||||
|
||||
[52-TLS 1.3 ECDSA with brainpool-server] |
||||
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem |
||||
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem |
||||
CipherString = DEFAULT |
||||
-Groups = brainpoolP256r1 |
||||
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem |
||||
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem |
||||
|
||||
[52-TLS 1.3 ECDSA with brainpool-client] |
||||
CipherString = DEFAULT |
||||
-Groups = brainpoolP256r1 |
||||
MaxProtocol = TLSv1.3 |
||||
MinProtocol = TLSv1.3 |
||||
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem |
||||
@@ -1728,7 +1721,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro |
||||
VerifyMode = Peer |
||||
|
||||
[test-52] |
||||
-ExpectedResult = ServerFail |
||||
+ExpectedResult = Success |
||||
|
||||
|
||||
# =========================================================== |
@ -0,0 +1,12 @@
@@ -0,0 +1,12 @@
|
||||
diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html openssl-1.1.1f/Configurations/unix-Makefile.tmpl |
||||
--- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html 2020-04-07 16:45:21.904083989 +0200 |
||||
+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-04-07 16:45:56.218461895 +0200 |
||||
@@ -544,7 +544,7 @@ install_sw: install_dev install_engines |
||||
|
||||
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev |
||||
|
||||
-install_docs: install_man_docs install_html_docs |
||||
+install_docs: install_man_docs |
||||
|
||||
uninstall_docs: uninstall_man_docs uninstall_html_docs |
||||
$(RM) -r "$(DESTDIR)$(DOCDIR)" |
@ -0,0 +1,26 @@
@@ -0,0 +1,26 @@
|
||||
diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c |
||||
--- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify 2019-02-26 15:15:30.000000000 +0100 |
||||
+++ openssl-1.1.1b/crypto/asn1/a_verify.c 2019-02-28 11:25:31.531862873 +0100 |
||||
@@ -7,6 +7,9 @@ |
||||
* https://www.openssl.org/source/license.html |
||||
*/ |
||||
|
||||
+/* for secure_getenv */ |
||||
+#define _GNU_SOURCE |
||||
+ |
||||
#include <stdio.h> |
||||
#include <time.h> |
||||
#include <sys/types.h> |
||||
@@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it |
||||
if (ret != 2) |
||||
goto err; |
||||
ret = -1; |
||||
+ } else if ((mdnid == NID_md5 |
||||
+ && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) || |
||||
+ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) { |
||||
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, |
||||
+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); |
||||
+ goto err; |
||||
} else { |
||||
const EVP_MD *type = EVP_get_digestbynid(mdnid); |
||||
|
@ -0,0 +1,170 @@
@@ -0,0 +1,170 @@
|
||||
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_lib.c |
||||
--- openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200 |
||||
+++ openssl-1.1.1g/crypto/fips/fips_drbg_lib.c 2020-06-22 13:32:47.675852917 +0200 |
||||
@@ -337,6 +337,19 @@ static int drbg_reseed(DRBG_CTX *dctx, |
||||
int FIPS_drbg_reseed(DRBG_CTX *dctx, |
||||
const unsigned char *adin, size_t adinlen) |
||||
{ |
||||
+ int len = (int)adinlen; |
||||
+ |
||||
+ if (len < 0 || (size_t)len != adinlen) { |
||||
+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG); |
||||
+ return 0; |
||||
+ } |
||||
+ RAND_seed(adin, len); |
||||
+ return 1; |
||||
+} |
||||
+ |
||||
+int FIPS_drbg_reseed_internal(DRBG_CTX *dctx, |
||||
+ const unsigned char *adin, size_t adinlen) |
||||
+{ |
||||
return drbg_reseed(dctx, adin, adinlen, 1); |
||||
} |
||||
|
||||
@@ -358,6 +371,19 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, u |
||||
int prediction_resistance, |
||||
const unsigned char *adin, size_t adinlen) |
||||
{ |
||||
+ int len = (int)outlen; |
||||
+ |
||||
+ if (len < 0 || (size_t)len != outlen) { |
||||
+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG); |
||||
+ return 0; |
||||
+ } |
||||
+ return RAND_bytes(out, len); |
||||
+} |
||||
+ |
||||
+int FIPS_drbg_generate_internal(DRBG_CTX *dctx, unsigned char *out, size_t outlen, |
||||
+ int prediction_resistance, |
||||
+ const unsigned char *adin, size_t adinlen) |
||||
+{ |
||||
int r = 0; |
||||
|
||||
if (FIPS_selftest_failed()) { |
||||
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_rand.c |
||||
--- openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200 |
||||
+++ openssl-1.1.1g/crypto/fips/fips_drbg_rand.c 2020-06-22 13:32:47.675852917 +0200 |
||||
@@ -57,6 +57,8 @@ |
||||
#include <openssl/err.h> |
||||
#include <openssl/rand.h> |
||||
#include <openssl/fips.h> |
||||
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal |
||||
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal |
||||
#include <openssl/fips_rand.h> |
||||
#include "fips_rand_lcl.h" |
||||
|
||||
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c |
||||
--- openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg 2020-06-22 13:32:47.612852927 +0200 |
||||
+++ openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c 2020-06-22 13:32:47.675852917 +0200 |
||||
@@ -55,6 +55,8 @@ |
||||
#include <openssl/crypto.h> |
||||
#include <openssl/err.h> |
||||
#include <openssl/fips.h> |
||||
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal |
||||
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal |
||||
#include <openssl/fips_rand.h> |
||||
#include "fips_rand_lcl.h" |
||||
#include "fips_locl.h" |
||||
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_post.c |
||||
--- openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200 |
||||
+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-06-22 13:32:47.675852917 +0200 |
||||
@@ -79,8 +79,6 @@ int FIPS_selftest(void) |
||||
ERR_add_error_data(2, "Type=", "rand_drbg_selftest"); |
||||
rv = 0; |
||||
} |
||||
- if (!FIPS_selftest_drbg()) |
||||
- rv = 0; |
||||
if (!FIPS_selftest_sha1()) |
||||
rv = 0; |
||||
if (!FIPS_selftest_sha2()) |
||||
diff -up openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_rand_lib.c |
||||
--- openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.613852927 +0200 |
||||
+++ openssl-1.1.1g/crypto/fips/fips_rand_lib.c 2020-06-22 13:36:28.722817967 +0200 |
||||
@@ -120,6 +120,7 @@ void FIPS_rand_reset(void) |
||||
|
||||
int FIPS_rand_seed(const void *buf, int num) |
||||
{ |
||||
+#if 0 |
||||
if (!fips_approved_rand_meth && FIPS_module_mode()) { |
||||
FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD); |
||||
return 0; |
||||
@@ -127,10 +128,15 @@ int FIPS_rand_seed(const void *buf, int |
||||
if (fips_rand_meth && fips_rand_meth->seed) |
||||
fips_rand_meth->seed(buf, num); |
||||
return 1; |
||||
+#else |
||||
+ RAND_seed(buf, num); |
||||
+ return 1; |
||||
+#endif |
||||
} |
||||
|
||||
int FIPS_rand_bytes(unsigned char *buf, int num) |
||||
{ |
||||
+#if 0 |
||||
if (!fips_approved_rand_meth && FIPS_module_mode()) { |
||||
FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD); |
||||
return 0; |
||||
@@ -138,10 +144,14 @@ int FIPS_rand_bytes(unsigned char *buf, |
||||
if (fips_rand_meth && fips_rand_meth->bytes) |
||||
return fips_rand_meth->bytes(buf, num); |
||||
return 0; |
||||
+#else |
||||
+ return RAND_bytes(buf, num); |
||||
+#endif |
||||
} |
||||
|
||||
int FIPS_rand_status(void) |
||||
{ |
||||
+#if 0 |
||||
if (!fips_approved_rand_meth && FIPS_module_mode()) { |
||||
FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD); |
||||
return 0; |
||||
@@ -149,6 +159,9 @@ int FIPS_rand_status(void) |
||||
if (fips_rand_meth && fips_rand_meth->status) |
||||
return fips_rand_meth->status(); |
||||
return 0; |
||||
+#else |
||||
+ return RAND_status(); |
||||
+#endif |
||||
} |
||||
|
||||
/* Return instantiated strength of PRNG. For DRBG this is an internal |
||||
diff -up openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips.h |
||||
--- openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200 |
||||
+++ openssl-1.1.1g/include/openssl/fips.h 2020-06-22 13:32:47.675852917 +0200 |
||||
@@ -64,6 +64,11 @@ extern "C" { |
||||
|
||||
int FIPS_selftest(void); |
||||
int FIPS_selftest_failed(void); |
||||
+ |
||||
+ /* |
||||
+ * This function is deprecated as it performs selftest of the old FIPS drbg |
||||
+ * implementation that is not validated. |
||||
+ */ |
||||
int FIPS_selftest_drbg_all(void); |
||||
|
||||
int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, |
||||
diff -up openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips_rand.h |
||||
--- openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg 2020-06-22 13:32:47.617852926 +0200 |
||||
+++ openssl-1.1.1g/include/openssl/fips_rand.h 2020-06-22 13:32:47.675852917 +0200 |
||||
@@ -60,6 +60,20 @@ |
||||
# ifdef __cplusplus |
||||
extern "C" { |
||||
# endif |
||||
+ |
||||
+/* |
||||
+ * IMPORTANT NOTE: |
||||
+ * All functions in this header file are deprecated and should not be used |
||||
+ * as they use the old FIPS_drbg implementation that is not FIPS validated |
||||
+ * anymore. |
||||
+ * To provide backwards compatibility for applications that need FIPS compliant |
||||
+ * RNG number generation and use FIPS_drbg_generate, this function was |
||||
+ * re-wired to call the FIPS validated DRBG instance instead through |
||||
+ * the RAND_bytes() call. |
||||
+ * |
||||
+ * All these functions will be removed in future. |
||||
+ */ |
||||
+ |
||||
typedef struct drbg_ctx_st DRBG_CTX; |
||||
/* DRBG external flags */ |
||||
/* Flag for CTR mode only: use derivation function ctr_df */ |
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,160 @@
@@ -0,0 +1,160 @@
|
||||
diff -up openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1g/crypto/x509/x509_vfy.c |
||||
--- openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel 2020-04-21 14:22:39.000000000 +0200 |
||||
+++ openssl-1.1.1g/crypto/x509/x509_vfy.c 2020-06-05 17:16:54.835536823 +0200 |
||||
@@ -3225,6 +3225,7 @@ static int build_chain(X509_STORE_CTX *c |
||||
} |
||||
|
||||
static const int minbits_table[] = { 80, 112, 128, 192, 256 }; |
||||
+static const int minbits_digest_table[] = { 80, 80, 128, 192, 256 }; |
||||
static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table); |
||||
|
||||
/* |
||||
@@ -3276,6 +3277,11 @@ static int check_sig_level(X509_STORE_CT |
||||
|
||||
if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL)) |
||||
return 0; |
||||
- |
||||
- return secbits >= minbits_table[level - 1]; |
||||
+ /* |
||||
+ * Allow SHA1 in SECLEVEL 2 in non-FIPS mode or when the magic |
||||
+ * disable SHA1 flag is not set. |
||||
+ */ |
||||
+ if ((ctx->param->flags & 0x40000000) || FIPS_mode()) |
||||
+ return secbits >= minbits_table[level - 1]; |
||||
+ return secbits >= minbits_digest_table[level - 1]; |
||||
} |
||||
diff -up openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod |
||||
--- openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel 2020-04-21 14:22:39.000000000 +0200 |
||||
+++ openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod 2020-06-04 15:48:01.608178833 +0200 |
||||
@@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited |
||||
|
||||
=item B<Level 2> |
||||
|
||||
-Security level set to 112 bits of security. As a result RSA, DSA and DH keys |
||||
-shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. |
||||
+Security level set to 112 bits of security with the exception of SHA1 allowed |
||||
+for signatures. |
||||
+As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys |
||||
+shorter than 224 bits are prohibited. |
||||
In addition to the level 1 exclusions any cipher suite using RC4 is also |
||||
prohibited. SSL version 3 is also not allowed. Compression is disabled. |
||||
|
||||
diff -up openssl-1.1.1g/ssl/ssl_cert.c.seclevel openssl-1.1.1g/ssl/ssl_cert.c |
||||
--- openssl-1.1.1g/ssl/ssl_cert.c.seclevel 2020-04-21 14:22:39.000000000 +0200 |
||||
+++ openssl-1.1.1g/ssl/ssl_cert.c 2020-06-05 17:10:11.842198401 +0200 |
||||
@@ -27,6 +27,7 @@ |
||||
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, |
||||
int op, int bits, int nid, void *other, |
||||
void *ex); |
||||
+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx); |
||||
|
||||
static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT; |
||||
static volatile int ssl_x509_store_ctx_idx = -1; |
||||
@@ -396,7 +397,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_ |
||||
X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s)); |
||||
|
||||
/* Set suite B flags if needed */ |
||||
- X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s)); |
||||
+ X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s) | sha1_disable(s, NULL)); |
||||
if (!X509_STORE_CTX_set_ex_data |
||||
(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) { |
||||
goto end; |
||||
@@ -953,12 +954,33 @@ static int ssl_security_default_callback |
||||
return 0; |
||||
break; |
||||
default: |
||||
+ /* allow SHA1 in SECLEVEL 2 in non FIPS mode */ |
||||
+ if (nid == NID_sha1 && minbits == 112 && !sha1_disable(s, ctx)) |
||||
+ break; |
||||
if (bits < minbits) |
||||
return 0; |
||||
} |
||||
return 1; |
||||
} |
||||
|
||||
+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx) |
||||
+{ |
||||
+ unsigned long ret = 0x40000000; /* a magical internal value used by X509_VERIFY_PARAM */ |
||||
+ const CERT *c; |
||||
+ |
||||
+ if (FIPS_mode()) |
||||
+ return ret; |
||||
+ |
||||
+ if (ctx != NULL) { |
||||
+ c = ctx->cert; |
||||
+ } else { |
||||
+ c = s->cert; |
||||
+ } |
||||
+ if (tls1_cert_sigalgs_have_sha1(c)) |
||||
+ return 0; |
||||
+ return ret; |
||||
+} |
||||
+ |
||||
int ssl_security(const SSL *s, int op, int bits, int nid, void *other) |
||||
{ |
||||
return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex); |
||||
diff -up openssl-1.1.1g/ssl/ssl_local.h.seclevel openssl-1.1.1g/ssl/ssl_local.h |
||||
--- openssl-1.1.1g/ssl/ssl_local.h.seclevel 2020-06-04 15:48:01.602178783 +0200 |
||||
+++ openssl-1.1.1g/ssl/ssl_local.h 2020-06-05 17:02:22.666313410 +0200 |
||||
@@ -2576,6 +2576,7 @@ __owur int tls1_save_sigalgs(SSL *s, PAC |
||||
__owur int tls1_process_sigalgs(SSL *s); |
||||
__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey); |
||||
__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd); |
||||
+int tls1_cert_sigalgs_have_sha1(const CERT *c); |
||||
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs); |
||||
# ifndef OPENSSL_NO_EC |
||||
__owur int tls_check_sigalg_curve(const SSL *s, int curve); |
||||
diff -up openssl-1.1.1g/ssl/t1_lib.c.seclevel openssl-1.1.1g/ssl/t1_lib.c |
||||
--- openssl-1.1.1g/ssl/t1_lib.c.seclevel 2020-06-04 15:48:01.654179221 +0200 |
||||
+++ openssl-1.1.1g/ssl/t1_lib.c 2020-06-05 17:02:40.268459157 +0200 |
||||
@@ -2145,6 +2145,36 @@ int tls1_set_sigalgs(CERT *c, const int |
||||
return 0; |
||||
} |
||||
|
||||
+static int tls1_sigalgs_have_sha1(const uint16_t *sigalgs, size_t sigalgslen) |
||||
+{ |
||||
+ size_t i; |
||||
+ |
||||
+ for (i = 0; i < sigalgslen; i++, sigalgs++) { |
||||
+ const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs); |
||||
+ |
||||
+ if (lu == NULL) |
||||
+ continue; |
||||
+ if (lu->hash == NID_sha1) |
||||
+ return 1; |
||||
+ } |
||||
+ return 0; |
||||
+} |
||||
+ |
||||
+ |
||||
+int tls1_cert_sigalgs_have_sha1(const CERT *c) |
||||
+{ |
||||
+ if (c->client_sigalgs != NULL) { |
||||
+ if (tls1_sigalgs_have_sha1(c->client_sigalgs, c->client_sigalgslen)) |
||||
+ return 1; |
||||
+ } |
||||
+ if (c->conf_sigalgs != NULL) { |
||||
+ if (tls1_sigalgs_have_sha1(c->conf_sigalgs, c->conf_sigalgslen)) |
||||
+ return 1; |
||||
+ return 0; |
||||
+ } |
||||
+ return 1; |
||||
+} |
||||
+ |
||||
static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid) |
||||
{ |
||||
int sig_nid, use_pc_sigalgs = 0; |
||||
diff -up openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel openssl-1.1.1g/test/recipes/25-test_verify.t |
||||
--- openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel 2020-04-21 14:22:39.000000000 +0200 |
||||
+++ openssl-1.1.1g/test/recipes/25-test_verify.t 2020-06-04 15:48:01.608178833 +0200 |
||||
@@ -346,8 +346,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver |
||||
ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ), |
||||
"CA with PSS signature using SHA256"); |
||||
|
||||
-ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"), |
||||
- "Reject PSS signature using SHA1 and auth level 2"); |
||||
+ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"), |
||||
+ "Reject PSS signature using SHA1 and auth level 3"); |
||||
|
||||
ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"), |
||||
"PSS signature using SHA256 and auth level 2"); |
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,310 @@
@@ -0,0 +1,310 @@
|
||||
diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.1c/Configurations/unix-Makefile.tmpl |
||||
--- openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist 2019-05-29 15:42:27.951329271 +0200 |
||||
+++ openssl-1.1.1c/Configurations/unix-Makefile.tmpl 2019-05-29 15:42:27.974328867 +0200 |
||||
@@ -180,6 +180,10 @@ MANDIR=$(INSTALLTOP)/share/man |
||||
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) |
||||
HTMLDIR=$(DOCDIR)/html |
||||
|
||||
+{- output_off() if $config{system_ciphers_file} eq ""; "" -} |
||||
+SYSTEM_CIPHERS_FILE_DEFINE=-DSYSTEM_CIPHERS_FILE="\"{- $config{system_ciphers_file} -}\"" |
||||
+{- output_on() if $config{system_ciphers_file} eq ""; "" -} |
||||
+ |
||||
# MANSUFFIX is for the benefit of anyone who may want to have a suffix |
||||
# appended after the manpage file section number. "ssl" is popular, |
||||
# resulting in files such as config.5ssl rather than config.5. |
||||
@@ -203,6 +207,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -} |
||||
CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -} |
||||
CPPFLAGS={- our $cppflags1 = join(" ", |
||||
(map { "-D".$_} @{$config{CPPDEFINES}}), |
||||
+ "\$(SYSTEM_CIPHERS_FILE_DEFINE)", |
||||
(map { "-I".$_} @{$config{CPPINCLUDES}}), |
||||
@{$config{CPPFLAGS}}) -} |
||||
CFLAGS={- join(' ', @{$config{CFLAGS}}) -} |
||||
diff -up openssl-1.1.1c/Configure.system-cipherlist openssl-1.1.1c/Configure |
||||
--- openssl-1.1.1c/Configure.system-cipherlist 2019-05-28 15:12:21.000000000 +0200 |
||||
+++ openssl-1.1.1c/Configure 2019-05-29 15:45:10.465469533 +0200 |
||||
@@ -24,7 +24,7 @@ use OpenSSL::Glob; |
||||
my $orig_death_handler = $SIG{__DIE__}; |
||||
$SIG{__DIE__} = \&death_handler; |
||||
|
||||
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; |
||||
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; |
||||
|
||||
# Options: |
||||
# |
||||
@@ -41,6 +41,9 @@ my $usage="Usage: Configure [no-<cipher> |
||||
# This becomes the value of OPENSSLDIR in Makefile and in C. |
||||
# (Default: PREFIX/ssl) |
||||
# |
||||
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM |
||||
+# cipher is specified (default). |
||||
+# |
||||
# --cross-compile-prefix Add specified prefix to binutils components. |
||||
# |
||||
# --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for |
||||
@@ -295,6 +298,7 @@ $config{prefix}=""; |
||||
$config{openssldir}=""; |
||||
$config{processor}=""; |
||||
$config{libdir}=""; |
||||
+$config{system_ciphers_file}=""; |
||||
my $auto_threads=1; # enable threads automatically? true by default |
||||
my $default_ranlib; |
||||
|
||||
@@ -824,6 +828,10 @@ while (@argvcopy) |
||||
push @seed_sources, $x; |
||||
} |
||||
} |
||||
+ elsif (/^--system-ciphers-file=(.*)$/) |
||||
+ { |
||||
+ $config{system_ciphers_file}=$1; |
||||
+ } |
||||
elsif (/^--cross-compile-prefix=(.*)$/) |
||||
{ |
||||
$user{CROSS_COMPILE}=$1; |
||||
@@ -1016,6 +1024,8 @@ if ($target eq "HASH") { |
||||
exit 0; |
||||
} |
||||
|
||||
+chop $config{system_ciphers_file} if $config{system_ciphers_file} =~ /\/$/; |
||||
+ |
||||
print "Configuring OpenSSL version $config{version} ($config{version_num}) "; |
||||
print "for $target\n"; |
||||
|
||||
diff -up openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1c/doc/man1/ciphers.pod |
||||
--- openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist 2019-05-28 15:12:21.000000000 +0200 |
||||
+++ openssl-1.1.1c/doc/man1/ciphers.pod 2019-05-29 15:42:27.975328849 +0200 |
||||
@@ -182,6 +182,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s |
||||
|
||||
The cipher suites not enabled by B<ALL>, currently B<eNULL>. |
||||
|
||||
+=item B<PROFILE=SYSTEM> |
||||
+ |
||||
+The list of enabled cipher suites will be loaded from the system crypto policy |
||||
+configuration file B</etc/crypto-policies/back-ends/openssl.config>. |
||||
+See also L<update-crypto-policies(8)>. |
||||
+This is the default behavior unless an application explicitly sets a cipher |
||||
+list. If used in a cipher list configuration value this string must be at the |
||||
+beginning of the cipher list, otherwise it will not be recognized. |
||||
+ |
||||
=item B<HIGH> |
||||
|
||||
"High" encryption cipher suites. This currently means those with key lengths |
||||
diff -up openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist openssl-1.1.1c/include/openssl/ssl.h |
||||
--- openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist 2019-05-28 15:12:21.000000000 +0200 |
||||
+++ openssl-1.1.1c/include/openssl/ssl.h 2019-05-29 15:42:27.975328849 +0200 |
||||
@@ -186,6 +186,11 @@ extern "C" { |
||||
* throwing out anonymous and unencrypted ciphersuites! (The latter are not |
||||
* actually enabled by ALL, but "ALL:RSA" would enable some of them.) |
||||
*/ |
||||
+# ifdef SYSTEM_CIPHERS_FILE |
||||
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM" |
||||
+# else |
||||
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST |
||||
+# endif |
||||
|
||||
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ |
||||
# define SSL_SENT_SHUTDOWN 1 |
||||
diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ciph.c |
||||
--- openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200 |
||||
+++ openssl-1.1.1c/ssl/ssl_ciph.c 2019-05-29 15:42:27.976328831 +0200 |
||||
@@ -9,6 +9,8 @@ |
||||
* https://www.openssl.org/source/license.html |
||||
*/ |
||||
|
||||
+/* for secure_getenv */ |
||||
+#define _GNU_SOURCE |
||||
#include <stdio.h> |
||||
#include <ctype.h> |
||||
#include <openssl/objects.h> |
||||
@@ -1399,6 +1401,53 @@ int SSL_set_ciphersuites(SSL *s, const c |
||||
return ret; |
||||
} |
||||
|
||||
+#ifdef SYSTEM_CIPHERS_FILE |
||||
+static char *load_system_str(const char *suffix) |
||||
+{ |
||||
+ FILE *fp; |
||||
+ char buf[1024]; |
||||
+ char *new_rules; |
||||
+ const char *ciphers_path; |
||||
+ unsigned len, slen; |
||||
+ |
||||
+ if ((ciphers_path = secure_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL) |
||||
+ ciphers_path = SYSTEM_CIPHERS_FILE; |
||||
+ fp = fopen(ciphers_path, "r"); |
||||
+ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) { |
||||
+ /* cannot open or file is empty */ |
||||
+ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST); |
||||
+ } |
||||
+ |
||||
+ if (fp) |
||||
+ fclose(fp); |
||||
+ |
||||
+ slen = strlen(suffix); |
||||
+ len = strlen(buf); |
||||
+ |
||||
+ if (buf[len - 1] == '\n') { |
||||
+ len--; |
||||
+ buf[len] = 0; |
||||
+ } |
||||
+ if (buf[len - 1] == '\r') { |
||||
+ len--; |
||||
+ buf[len] = 0; |
||||
+ } |
||||
+ |
||||
+ new_rules = OPENSSL_malloc(len + slen + 1); |
||||
+ if (new_rules == 0) |
||||
+ return NULL; |
||||
+ |
||||
+ memcpy(new_rules, buf, len); |
||||
+ if (slen > 0) { |
||||
+ memcpy(&new_rules[len], suffix, slen); |
||||
+ len += slen; |
||||
+ } |
||||
+ new_rules[len] = 0; |
||||
+ |
||||
+ return new_rules; |
||||
+} |
||||
+#endif |
||||
+ |
||||
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, |
||||
STACK_OF(SSL_CIPHER) *tls13_ciphersuites, |
||||
STACK_OF(SSL_CIPHER) **cipher_list, |
||||
@@ -1412,15 +1461,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ |
||||
const char *rule_p; |
||||
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; |
||||
const SSL_CIPHER **ca_list = NULL; |
||||
+#ifdef SYSTEM_CIPHERS_FILE |
||||
+ char *new_rules = NULL; |
||||
+ |
||||
+ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) { |
||||
+ char *p = rule_str + 14; |
||||
+ |
||||
+ new_rules = load_system_str(p); |
||||
+ rule_str = new_rules; |
||||
+ } |
||||
+#endif |
||||
|
||||
/* |
||||
* Return with error if nothing to do. |
||||
*/ |
||||
if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) |
||||
- return NULL; |
||||
+ goto err; |
||||
#ifndef OPENSSL_NO_EC |
||||
if (!check_suiteb_cipher_list(ssl_method, c, &rule_str)) |
||||
- return NULL; |
||||
+ goto err; |
||||
#endif |
||||
|
||||
/* |
||||
@@ -1443,7 +1502,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ |
||||
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); |
||||
if (co_list == NULL) { |
||||
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); |
||||
- return NULL; /* Failure */ |
||||
+ goto err; |
||||
} |
||||
|
||||
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, |
||||
@@ -1509,8 +1568,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ |
||||
* in force within each class |
||||
*/ |
||||
if (!ssl_cipher_strength_sort(&head, &tail)) { |
||||
- OPENSSL_free(co_list); |
||||
- return NULL; |
||||
+ goto err; |
||||
} |
||||
|
||||
/* |
||||
@@ -1555,9 +1613,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ |
||||
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; |
||||
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); |
||||
if (ca_list == NULL) { |
||||
- OPENSSL_free(co_list); |
||||
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); |
||||
- return NULL; /* Failure */ |
||||
+ goto err; |
||||
} |
||||
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, |
||||
disabled_mkey, disabled_auth, disabled_enc, |
||||
@@ -1583,8 +1640,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ |
||||
OPENSSL_free(ca_list); /* Not needed anymore */ |
||||
|
||||
if (!ok) { /* Rule processing failure */ |
||||
- OPENSSL_free(co_list); |
||||
- return NULL; |
||||
+ goto err; |
||||
} |
||||
|
||||
/* |
||||
@@ -1592,14 +1648,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ |
||||
* if we cannot get one. |
||||
*/ |
||||
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { |
||||
- OPENSSL_free(co_list); |
||||
- return NULL; |
||||
+ goto err; |
||||
} |
||||
|
||||
+#ifdef SYSTEM_CIPHERS_FILE |
||||
+ OPENSSL_free(new_rules); /* Not needed anymore */ |
||||
+#endif |
||||
+ |
||||
/* Add TLSv1.3 ciphers first - we always prefer those if possible */ |
||||
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { |
||||
if (!sk_SSL_CIPHER_push(cipherstack, |
||||
sk_SSL_CIPHER_value(tls13_ciphersuites, i))) { |
||||
+ OPENSSL_free(co_list); |
||||
sk_SSL_CIPHER_free(cipherstack); |
||||
return NULL; |
||||
} |
||||
@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ |
||||
*cipher_list = cipherstack; |
||||
|
||||
return cipherstack; |
||||
+ |
||||
+err: |
||||
+ OPENSSL_free(co_list); |
||||
+#ifdef SYSTEM_CIPHERS_FILE |
||||
+ OPENSSL_free(new_rules); |
||||
+#endif |
||||
+ return NULL; |
||||
+ |
||||
} |
||||
|
||||
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) |
||||
diff -up openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1c/ssl/ssl_lib.c |
||||
--- openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist 2019-05-29 15:42:27.970328937 +0200 |
||||
+++ openssl-1.1.1c/ssl/ssl_lib.c 2019-05-29 15:42:27.977328814 +0200 |
||||
@@ -662,7 +662,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx |
||||
ctx->tls13_ciphersuites, |
||||
&(ctx->cipher_list), |
||||
&(ctx->cipher_list_by_id), |
||||
- SSL_DEFAULT_CIPHER_LIST, ctx->cert); |
||||
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert); |
||||
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { |
||||
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); |
||||
return 0; |
||||
@@ -2954,7 +2954,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m |
||||
if (!ssl_create_cipher_list(ret->method, |
||||
ret->tls13_ciphersuites, |
||||
&ret->cipher_list, &ret->cipher_list_by_id, |
||||
- SSL_DEFAULT_CIPHER_LIST, ret->cert) |
||||
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert) |
||||
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { |
||||
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); |
||||
goto err2; |
||||
diff -up openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist openssl-1.1.1c/test/cipherlist_test.c |
||||
--- openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200 |
||||
+++ openssl-1.1.1c/test/cipherlist_test.c 2019-05-29 15:42:27.977328814 +0200 |
||||
@@ -251,7 +251,9 @@ end: |
||||
|
||||
int setup_tests(void) |
||||
{ |
||||
+#ifndef SYSTEM_CIPHERS_FILE |
||||
ADD_TEST(test_default_cipherlist_implicit); |
||||
+#endif |
||||
ADD_TEST(test_default_cipherlist_explicit); |
||||
ADD_TEST(test_default_cipherlist_clear); |
||||
return 1; |
@ -0,0 +1,70 @@
@@ -0,0 +1,70 @@
|
||||
diff -up openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default openssl-1.1.1h/apps/openssl.cnf |
||||
--- openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default 2020-11-06 11:07:28.850100899 +0100 |
||||
+++ openssl-1.1.1h/apps/openssl.cnf 2020-11-06 11:11:28.042913791 +0100 |
||||
@@ -364,5 +348,5 @@ tsa_name = yes # Must the TSA name be i |
||||
# (optional, default: no) |
||||
ess_cert_id_chain = no # Must the ESS cert id chain be included? |
||||
# (optional, default: no) |
||||
-ess_cert_id_alg = sha1 # algorithm to compute certificate |
||||
+ess_cert_id_alg = sha256 # algorithm to compute certificate |
||||
# identifier (optional, default: sha1) |
||||
diff -up openssl-1.1.1h/apps/ts.c.ts-sha256-default openssl-1.1.1h/apps/ts.c |
||||
--- openssl-1.1.1h/apps/ts.c.ts-sha256-default 2020-09-22 14:55:07.000000000 +0200 |
||||
+++ openssl-1.1.1h/apps/ts.c 2020-11-06 11:07:28.883101220 +0100 |
||||
@@ -423,7 +423,7 @@ static TS_REQ *create_query(BIO *data_bi |
||||
ASN1_OBJECT *policy_obj = NULL; |
||||
ASN1_INTEGER *nonce_asn1 = NULL; |
||||
|
||||
- if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL) |
||||
+ if (md == NULL && (md = EVP_get_digestbyname("sha256")) == NULL) |
||||
goto err; |
||||
if ((ts_req = TS_REQ_new()) == NULL) |
||||
goto err; |
||||
diff -up openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default openssl-1.1.1h/crypto/ts/ts_conf.c |
||||
--- openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default 2020-11-06 12:03:51.226372867 +0100 |
||||
+++ openssl-1.1.1h/crypto/ts/ts_conf.c 2020-11-06 12:04:01.713488990 +0100 |
||||
@@ -476,7 +476,7 @@ int TS_CONF_set_ess_cert_id_digest(CONF |
||||
const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG); |
||||
|
||||
if (md == NULL) |
||||
- md = "sha1"; |
||||
+ md = "sha256"; |
||||
|
||||
cert_md = EVP_get_digestbyname(md); |
||||
if (cert_md == NULL) { |
||||
diff -up openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default openssl-1.1.1h/doc/man1/ts.pod |
||||
--- openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default 2020-09-22 14:55:07.000000000 +0200 |
||||
+++ openssl-1.1.1h/doc/man1/ts.pod 2020-11-06 11:07:28.883101220 +0100 |
||||
@@ -518,7 +518,7 @@ included. Default is no. (Optional) |
||||
=item B<ess_cert_id_alg> |
||||
|
||||
This option specifies the hash function to be used to calculate the TSA's |
||||
-public key certificate identifier. Default is sha1. (Optional) |
||||
+public key certificate identifier. Default is sha256. (Optional) |
||||
|
||||
=back |
||||
|
||||
@@ -530,7 +530,7 @@ openssl/apps/openssl.cnf will do. |
||||
|
||||
=head2 Time Stamp Request |
||||
|
||||
-To create a timestamp request for design1.txt with SHA-1 |
||||
+To create a timestamp request for design1.txt with SHA-256 |
||||
without nonce and policy and no certificate is required in the response: |
||||
|
||||
openssl ts -query -data design1.txt -no_nonce \ |
||||
@@ -546,12 +546,12 @@ To print the content of the previous req |
||||
|
||||
openssl ts -query -in design1.tsq -text |
||||
|
||||
-To create a timestamp request which includes the MD-5 digest |
||||
+To create a timestamp request which includes the SHA-512 digest |
||||
of design2.txt, requests the signer certificate and nonce, |
||||
specifies a policy id (assuming the tsa_policy1 name is defined in the |
||||
OID section of the config file): |
||||
|
||||
- openssl ts -query -data design2.txt -md5 \ |
||||
+ openssl ts -query -data design2.txt -sha512 \ |
||||
-tspolicy tsa_policy1 -cert -out design2.tsq |
||||
|
||||
=head2 Time Stamp Response |
@ -0,0 +1,38 @@
@@ -0,0 +1,38 @@
|
||||
diff -up openssl-1.1.1-pre8/apps/version.c.version-add-engines openssl-1.1.1-pre8/apps/version.c |
||||
--- openssl-1.1.1-pre8/apps/version.c.version-add-engines 2018-06-20 16:48:09.000000000 +0200 |
||||
+++ openssl-1.1.1-pre8/apps/version.c 2018-07-16 18:00:40.608624346 +0200 |
||||
@@ -64,7 +64,7 @@ int version_main(int argc, char **argv) |
||||
{ |
||||
int ret = 1, dirty = 0, seed = 0; |
||||
int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0; |
||||
- int engdir = 0; |
||||
+ int engdir = 0, engines = 0; |
||||
char *prog; |
||||
OPTION_CHOICE o; |
||||
|
||||
@@ -106,7 +106,7 @@ opthelp: |
||||
break; |
||||
case OPT_A: |
||||
seed = options = cflags = version = date = platform = dir = engdir |
||||
- = 1; |
||||
+ = engines = 1; |
||||
break; |
||||
} |
||||
} |
||||
@@ -188,6 +188,16 @@ opthelp: |
||||
#endif |
||||
printf("\n"); |
||||
} |
||||
+ if (engines) { |
||||
+ ENGINE *e; |
||||
+ printf("engines: "); |
||||
+ e = ENGINE_get_first(); |
||||
+ while (e) { |
||||
+ printf("%s ", ENGINE_get_id(e)); |
||||
+ e = ENGINE_get_next(e); |
||||
+ } |
||||
+ printf("\n"); |
||||
+ } |
||||
ret = 0; |
||||
end: |
||||
return ret; |
@ -0,0 +1,57 @@
@@ -0,0 +1,57 @@
|
||||
diff -up openssl-1.1.1/ssl/s3_lib.c.weak-ciphers openssl-1.1.1/ssl/s3_lib.c |
||||
--- openssl-1.1.1/ssl/s3_lib.c.weak-ciphers 2018-09-11 14:48:23.000000000 +0200 |
||||
+++ openssl-1.1.1/ssl/s3_lib.c 2018-09-17 12:53:33.850637181 +0200 |
||||
@@ -2612,7 +2612,7 @@ static SSL_CIPHER ssl3_ciphers[] = { |
||||
SSL_GOST89MAC, |
||||
TLS1_VERSION, TLS1_2_VERSION, |
||||
0, 0, |
||||
- SSL_HIGH, |
||||
+ SSL_MEDIUM, |
||||
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, |
||||
256, |
||||
256, |
||||
@@ -2644,7 +2644,7 @@ static SSL_CIPHER ssl3_ciphers[] = { |
||||
SSL_GOST89MAC12, |
||||
TLS1_VERSION, TLS1_2_VERSION, |
||||
0, 0, |
||||
- SSL_HIGH, |
||||
+ SSL_MEDIUM, |
||||
SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, |
||||
256, |
||||
256, |
||||
@@ -2753,7 +2753,7 @@ static SSL_CIPHER ssl3_ciphers[] = { |
||||
}, |
||||
#endif /* OPENSSL_NO_SEED */ |
||||
|
||||
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS |
||||
+#if 0 /* No MD5 ciphersuites */ |
||||
{ |
||||
1, |
||||
SSL3_TXT_RSA_RC4_128_MD5, |
||||
@@ -2770,6 +2770,8 @@ static SSL_CIPHER ssl3_ciphers[] = { |
||||
128, |
||||
128, |
||||
}, |
||||
+#endif |
||||
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS |
||||
{ |
||||
1, |
||||
SSL3_TXT_RSA_RC4_128_SHA, |
||||
@@ -2786,6 +2788,8 @@ static SSL_CIPHER ssl3_ciphers[] = { |
||||
128, |
||||
128, |
||||
}, |
||||
+#endif |
||||
+#if 0 |
||||
{ |
||||
1, |
||||
SSL3_TXT_ADH_RC4_128_MD5, |
||||
@@ -2802,6 +2806,8 @@ static SSL_CIPHER ssl3_ciphers[] = { |
||||
128, |
||||
128, |
||||
}, |
||||
+#endif |
||||
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS |
||||
{ |
||||
1, |
||||
TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA, |
Binary file not shown.
@ -0,0 +1,39 @@
@@ -0,0 +1,39 @@
|
||||
#!/bin/bash |
||||
|
||||
if [ $# -eq 0 ]; then |
||||
echo $"Usage: `basename $0` filename" 1>&2 |
||||
exit 1 |
||||
fi |
||||
|
||||
PEM=$1 |
||||
REQ=`/bin/mktemp /tmp/openssl.XXXXXX` |
||||
KEY=`/bin/mktemp /tmp/openssl.XXXXXX` |
||||
CRT=`/bin/mktemp /tmp/openssl.XXXXXX` |
||||
NEW=${PEM}_ |
||||
|
||||
trap "rm -f $REQ $KEY $CRT $NEW" SIGINT |
||||
|
||||
if [ ! -f $PEM ]; then |
||||
echo "$PEM: file not found" 1>&2 |
||||
exit 1 |
||||
fi |
||||
|
||||
umask 077 |
||||
|
||||
OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'` |
||||
|
||||
openssl rsa -inform pem -in $PEM -out $KEY |
||||
openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ |
||||
openssl x509 -req -in $REQ -signkey $KEY -days 365 \ |
||||
-extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT |
||||
|
||||
(cat $KEY ; echo "" ; cat $CRT) > $NEW |
||||
|
||||
chown $OWNER $NEW |
||||
|
||||
mv -f $NEW $PEM |
||||
|
||||
rm -f $REQ $KEY $CRT |
||||
|
||||
exit 0 |
||||
|
@ -0,0 +1,335 @@
@@ -0,0 +1,335 @@
|
||||
# For the curious: |
||||
# 0.9.5a soversion = 0 |
||||
# 0.9.6 soversion = 1 |
||||
# 0.9.6a soversion = 2 |
||||
# 0.9.6c soversion = 3 |
||||
# 0.9.7a soversion = 4 |
||||
# 0.9.7ef soversion = 5 |
||||
# 0.9.8ab soversion = 6 |
||||
# 0.9.8g soversion = 7 |
||||
# 0.9.8jk + EAP-FAST soversion = 8 |
||||
# 1.0.0 soversion = 10 |
||||
# 1.1.0 soversion = 1.1 (same as upstream although presence of some symbols |
||||
# depends on build configuration options) |
||||
%define soversion 1.1 |
||||
|
||||
# Arches on which we need to prevent arch conflicts on opensslconf.h, must |
||||
# also be handled in opensslconf-new.h. |
||||
%define multilib_arches %{ix86} ia64 %{mips} ppc ppc64 s390 s390x sparcv9 sparc64 x86_64 |
||||
|
||||
%global _performance_build 1 |
||||
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation |
||||
Name: compat-openssl11 |
||||
Version: 1.1.1k |
||||
Release: 4%{?dist} |
||||
Epoch: 1 |
||||
# We have to remove certain patented algorithms from the openssl source |
||||
# tarball with the hobble-openssl script which is included below. |
||||
# The original openssl upstream tarball cannot be shipped in the .src.rpm. |
||||
Source: openssl-%{version}-hobbled.tar.xz |
||||
Source1: hobble-openssl |
||||
Source2: Makefile.certificate |
||||
Source6: make-dummy-cert |
||||
Source7: renew-dummy-cert |
||||
Source12: ec_curve.c |
||||
Source13: ectest.c |
||||
# Build changes |
||||
Patch1: openssl-1.1.1-build.patch |
||||
Patch2: openssl-1.1.1-defaults.patch |
||||
Patch3: openssl-1.1.1-no-html.patch |
||||
Patch4: openssl-1.1.1-man-rename.patch |
||||
|
||||
# Functionality changes |
||||
Patch31: openssl-1.1.1-conf-paths.patch |
||||
Patch32: openssl-1.1.1-version-add-engines.patch |
||||
Patch33: openssl-1.1.1-apps-dgst.patch |
||||
Patch36: openssl-1.1.1-no-brainpool.patch |
||||
Patch37: openssl-1.1.1-ec-curves.patch |
||||
Patch38: openssl-1.1.1-no-weak-verify.patch |
||||
Patch40: openssl-1.1.1-disable-ssl3.patch |
||||
Patch41: openssl-1.1.1-system-cipherlist.patch |
||||
Patch42: openssl-1.1.1-fips.patch |
||||
Patch45: openssl-1.1.1-weak-ciphers.patch |
||||
Patch46: openssl-1.1.1-seclevel.patch |
||||
Patch47: openssl-1.1.1-ts-sha256-default.patch |
||||
Patch48: openssl-1.1.1-fips-post-rand.patch |
||||
Patch49: openssl-1.1.1-evp-kdf.patch |
||||
Patch50: openssl-1.1.1-ssh-kdf.patch |
||||
Patch51: openssl-1.1.1-intel-cet.patch |
||||
Patch60: openssl-1.1.1-krb5-kdf.patch |
||||
Patch61: openssl-1.1.1-edk2-build.patch |
||||
Patch62: openssl-1.1.1-fips-curves.patch |
||||
Patch65: openssl-1.1.1-fips-drbg-selftest.patch |
||||
Patch66: openssl-1.1.1-fips-dh.patch |
||||
Patch67: openssl-1.1.1-kdf-selftest.patch |
||||
Patch69: openssl-1.1.1-alpn-cb.patch |
||||
Patch70: openssl-1.1.1-rewire-fips-drbg.patch |
||||
Patch71: openssl-1.1.1-new-config-file.patch |
||||
# This modifies code that was patched before, but removing all FIPS patches |
||||
# comes with a much greater risk of introducing regressions. |
||||
Patch72: openssl-1.1.1-disable-fips.patch |
||||
|
||||
# Backported fixes including security fixes |
||||
Patch52: openssl-1.1.1-s390x-update.patch |
||||
Patch53: openssl-1.1.1-fips-crng-test.patch |
||||
Patch55: openssl-1.1.1-arm-update.patch |
||||
Patch56: openssl-1.1.1-s390x-ecc.patch |
||||
Patch73: openssl-1.1.1-cve-2022-0778.patch |
||||
|
||||
License: OpenSSL and ASL 2.0 |
||||
URL: http://www.openssl.org/ |
||||
BuildRequires: make |
||||
BuildRequires: gcc |
||||
BuildRequires: coreutils, perl-interpreter, sed, zlib-devel, /usr/bin/cmp |
||||
BuildRequires: lksctp-tools-devel |
||||
BuildRequires: /usr/bin/rename |
||||
BuildRequires: /usr/bin/pod2man |
||||
BuildRequires: /usr/sbin/sysctl |
||||
BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt) |
||||
BuildRequires: perl(Module::Load::Conditional), perl(File::Temp) |
||||
BuildRequires: perl(Time::HiRes) |
||||
BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy) |
||||
Requires: coreutils, crypto-policies |
||||
Conflicts: openssl < 1:3.0, openssl-libs < 1:3.0 |
||||
|
||||
%description |
||||
The OpenSSL toolkit provides support for secure communications between |
||||
machines. This version of OpenSSL package contains only the libraries |
||||
from the 1.1.1 version and is provided for compatibility with previous |
||||
releases. |
||||
|
||||
%prep |
||||
%setup -q -n openssl-%{version} |
||||
|
||||
# The hobble_openssl is called here redundantly, just to be sure. |
||||
# The tarball has already the sources removed. |
||||
%{SOURCE1} > /dev/null |
||||
|
||||
cp %{SOURCE12} crypto/ec/ |
||||
cp %{SOURCE13} test/ |
||||
|
||||
%patch1 -p1 -b .build %{?_rawbuild} |
||||
%patch2 -p1 -b .defaults |
||||
%patch3 -p1 -b .no-html %{?_rawbuild} |
||||
%patch4 -p1 -b .man-rename |
||||
|
||||
%patch31 -p1 -b .conf-paths |
||||
%patch32 -p1 -b .version-add-engines |
||||
%patch33 -p1 -b .dgst |
||||
%patch36 -p1 -b .no-brainpool |
||||
%patch37 -p1 -b .curves |
||||
%patch38 -p1 -b .no-weak-verify |
||||
%patch40 -p1 -b .disable-ssl3 |
||||
%patch41 -p1 -b .system-cipherlist |
||||
%patch42 -p1 -b .fips |
||||
%patch45 -p1 -b .weak-ciphers |
||||
%patch46 -p1 -b .seclevel |
||||
%patch47 -p1 -b .ts-sha256-default |
||||
%patch48 -p1 -b .fips-post-rand |
||||
%patch49 -p1 -b .evp-kdf |
||||
%patch50 -p1 -b .ssh-kdf |
||||
%patch51 -p1 -b .intel-cet |
||||
%patch52 -p1 -b .s390x-update |
||||
%patch53 -p1 -b .crng-test |
||||
%patch55 -p1 -b .arm-update |
||||
%patch56 -p1 -b .s390x-ecc |
||||
%patch60 -p1 -b .krb5-kdf |
||||
%patch61 -p1 -b .edk2-build |
||||
%patch62 -p1 -b .fips-curves |
||||
%patch65 -p1 -b .drbg-selftest |
||||
%patch66 -p1 -b .fips-dh |
||||
%patch67 -p1 -b .kdf-selftest |
||||
%patch69 -p1 -b .alpn-cb |
||||
%patch70 -p1 -b .rewire-fips-drbg |
||||
%patch71 -p1 -b .conf-new |
||||
%patch72 -p1 -b .disable-fips |
||||
%patch73 -p1 -b .cve-2022-0778 |
||||
|
||||
cp apps/openssl.cnf apps/openssl11.cnf |
||||
|
||||
%build |
||||
# Figure out which flags we want to use. |
||||
# default |
||||
sslarch=%{_os}-%{_target_cpu} |
||||
%ifarch %ix86 |
||||
sslarch=linux-elf |
||||
if ! echo %{_target} | grep -q i686 ; then |
||||
sslflags="no-asm 386" |
||||
fi |
||||
%endif |
||||
%ifarch x86_64 |
||||
sslflags=enable-ec_nistp_64_gcc_128 |
||||
%endif |
||||
%ifarch sparcv9 |
||||
sslarch=linux-sparcv9 |
||||
sslflags=no-asm |
||||
%endif |
||||
%ifarch sparc64 |
||||
sslarch=linux64-sparcv9 |
||||
sslflags=no-asm |
||||
%endif |
||||
%ifarch alpha alphaev56 alphaev6 alphaev67 |
||||
sslarch=linux-alpha-gcc |
||||
%endif |
||||
%ifarch s390 sh3eb sh4eb |
||||
sslarch="linux-generic32 -DB_ENDIAN" |
||||
%endif |
||||
%ifarch s390x |
||||
sslarch="linux64-s390x" |
||||
%endif |
||||
%ifarch %{arm} |
||||
sslarch=linux-armv4 |
||||
%endif |
||||
%ifarch aarch64 |
||||
sslarch=linux-aarch64 |
||||
sslflags=enable-ec_nistp_64_gcc_128 |
||||
%endif |
||||
%ifarch sh3 sh4 |
||||
sslarch=linux-generic32 |
||||
%endif |
||||
%ifarch ppc64 ppc64p7 |
||||
sslarch=linux-ppc64 |
||||
%endif |
||||
%ifarch ppc64le |
||||
sslarch="linux-ppc64le" |
||||
sslflags=enable-ec_nistp_64_gcc_128 |
||||
%endif |
||||
%ifarch mips mipsel |
||||
sslarch="linux-mips32 -mips32r2" |
||||
%endif |
||||
%ifarch mips64 mips64el |
||||
sslarch="linux64-mips64 -mips64r2" |
||||
%endif |
||||
%ifarch mips64el |
||||
sslflags=enable-ec_nistp_64_gcc_128 |
||||
%endif |
||||
%ifarch riscv64 |
||||
sslarch=linux-generic64 |
||||
%endif |
||||
|
||||
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be |
||||
# marked as not requiring an executable stack. |
||||
# Also add -DPURIFY to make using valgrind with openssl easier as we do not |
||||
# want to depend on the uninitialized memory as a source of entropy anyway. |
||||
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS" |
||||
|
||||
export HASHBANGPERL=/usr/bin/perl |
||||
|
||||
# ia64, x86_64, ppc are OK by default |
||||
# Configure the build tree. Override OpenSSL defaults with known-good defaults |
||||
# usable on all platforms. The Configure script already knows to use -fPIC and |
||||
# RPM_OPT_FLAGS, so we can skip specifiying them here. |
||||
./Configure \ |
||||
--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ |
||||
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \ |
||||
zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ |
||||
enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \ |
||||
enable-weak-ssl-ciphers \ |
||||
no-mdc2 no-ec2m no-sm2 no-sm4 \ |
||||
shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""' |
||||
|
||||
# Do not run this in a production package the FIPS symbols must be patched-in |
||||
#util/mkdef.pl crypto update |
||||
|
||||
make all |
||||
|
||||
# Clean up the .pc files |
||||
for i in libcrypto.pc libssl.pc openssl.pc ; do |
||||
sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i |
||||
done |
||||
|
||||
%check |
||||
# Verify that what was compiled actually works. |
||||
|
||||
cp apps/openssl.cnf apps/openssl11.cnf |
||||
|
||||
# Hack - either enable SCTP AUTH chunks in kernel or disable sctp for check |
||||
(sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \ |
||||
(echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' && |
||||
sed '/"zlib-dynamic" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \ |
||||
touch -r configdata.pm configdata.pm.new && \ |
||||
mv -f configdata.pm.new configdata.pm) |
||||
|
||||
# We must revert patch31 before tests otherwise they will fail |
||||
patch -p1 -R < %{PATCH31} |
||||
|
||||
OPENSSL_ENABLE_MD5_VERIFY= |
||||
export OPENSSL_ENABLE_MD5_VERIFY |
||||
OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file |
||||
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE |
||||
make test |
||||
|
||||
%define __provides_exclude_from %{_libdir}/openssl |
||||
|
||||
%install |
||||
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT |
||||
# Install OpenSSL. |
||||
install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl,%{_pkgdocdir}} |
||||
%make_install |
||||
rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion} |
||||
for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do |
||||
chmod 755 ${lib} |
||||
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion} |
||||
done |
||||
|
||||
# Delete static library |
||||
rm -f $RPM_BUILD_ROOT%{_libdir}/*.a || : |
||||
|
||||
# Delete non-devel man pages in the compat package |
||||
rm -rf $RPM_BUILD_ROOT%{_mandir}/man[157]* |
||||
|
||||
# Delete configuration files |
||||
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/* |
||||
|
||||
# Remove binaries |
||||
rm -rf $RPM_BUILD_ROOT/%{_bindir} |
||||
|
||||
# Remove useless capi engine |
||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/engines-1.1/capi.so |
||||
|
||||
# Delete devel files |
||||
rm -rf $RPM_BUILD_ROOT%{_includedir}/openssl |
||||
rm -rf $RPM_BUILD_ROOT%{_mandir}/man3* |
||||
rm -rf $RPM_BUILD_ROOT%{_libdir}/*.so |
||||
rm -rf $RPM_BUILD_ROOT%{_libdir}/pkgconfig |
||||
|
||||
# Install compat config file |
||||
install -m 644 apps/openssl11.cnf $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl11.cnf |
||||
|
||||
%files |
||||
%license LICENSE |
||||
%doc FAQ NEWS README |
||||
%attr(0755,root,root) %{_libdir}/libcrypto.so.%{version} |
||||
%attr(0755,root,root) %{_libdir}/libcrypto.so.%{soversion} |
||||
%attr(0755,root,root) %{_libdir}/libssl.so.%{version} |
||||
%attr(0755,root,root) %{_libdir}/libssl.so.%{soversion} |
||||
%attr(0755,root,root) %{_libdir}/engines-%{soversion} |
||||
%config(noreplace) %{_sysconfdir}/pki/tls/openssl11.cnf |
||||
|
||||
%dir %{_sysconfdir}/pki/tls |
||||
%attr(0644,root,root) %{_sysconfdir}/pki/tls/openssl11.cnf |
||||
|
||||
%ldconfig_scriptlets |
||||
|
||||
%changelog |
||||
* Mon May 30 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-4 |
||||
- Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates |
||||
Resolves: rhbz#2063147 |
||||
- Disable FIPS mode; it does not work and will not be certified |
||||
Resolves: rhbz#2091968 |
||||
|
||||
* Tue Oct 05 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-3 |
||||
- updates OPENSSL_CONF to openssl11.cnf. |
||||
- Related: rhbz#1947584, rhbz#2003123 |
||||
|
||||
* Mon Aug 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-2 |
||||
- Remove support for building FIPS mode binaries for the |
||||
compat libraries |
||||
- Ships openssl11.cnf as the configuration file. |
||||
- Resolves: rhbz#1993795 |
||||
- Related: rhbz#1947584 |
||||
|
||||
* Thu Apr 08 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-1 |
||||
- Repackage old openssl 1.1.1k package into compat-openssl11 |
||||
Resolves: bz#1947584 |
Loading…
Reference in new issue