Toshaan Bharvani
1 year ago
commit
32b9a88ded
67 changed files with 27207 additions and 0 deletions
@ -0,0 +1,33 @@
@@ -0,0 +1,33 @@
|
||||
From 603a35802319c0459737e3f067369ceb990fe2e6 Mon Sep 17 00:00:00 2001 |
||||
From: Tomas Mraz <tmraz@fedoraproject.org> |
||||
Date: Thu, 24 Sep 2020 09:01:41 +0200 |
||||
Subject: Aarch64 and ppc64le use lib64 |
||||
|
||||
(Was openssl-1.1.1-build.patch) |
||||
--- |
||||
Configurations/10-main.conf | 2 ++ |
||||
1 file changed, 2 insertions(+) |
||||
|
||||
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf |
||||
index d7580bf3e1..a7dbfd7f40 100644 |
||||
--- a/Configurations/10-main.conf |
||||
+++ b/Configurations/10-main.conf |
||||
@@ -723,6 +723,7 @@ my %targets = ( |
||||
lib_cppflags => add("-DL_ENDIAN"), |
||||
asm_arch => 'ppc64', |
||||
perlasm_scheme => "linux64le", |
||||
+ multilib => "64", |
||||
}, |
||||
|
||||
"linux-armv4" => { |
||||
@@ -765,6 +766,7 @@ my %targets = ( |
||||
inherit_from => [ "linux-generic64" ], |
||||
asm_arch => 'aarch64', |
||||
perlasm_scheme => "linux64", |
||||
+ multilib => "64", |
||||
}, |
||||
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 |
||||
inherit_from => [ "linux-generic32" ], |
||||
-- |
||||
2.26.2 |
||||
|
@ -0,0 +1,68 @@
@@ -0,0 +1,68 @@
|
||||
From 41df9ae215cee9574e17e6f887c96a7c97d588f5 Mon Sep 17 00:00:00 2001 |
||||
From: Tomas Mraz <tmraz@fedoraproject.org> |
||||
Date: Thu, 24 Sep 2020 09:03:40 +0200 |
||||
Subject: Use more general default values in openssl.cnf |
||||
|
||||
Also set sha256 as default hash, although that should not be |
||||
necessary anymore. |
||||
|
||||
(was openssl-1.1.1-defaults.patch) |
||||
--- |
||||
apps/openssl.cnf | 12 +++++++----- |
||||
1 file changed, 7 insertions(+), 5 deletions(-) |
||||
|
||||
diff --git a/apps/openssl.cnf b/apps/openssl.cnf |
||||
index 97567a67be..eb25a0ac48 100644 |
||||
--- a/apps/openssl.cnf |
||||
+++ b/apps/openssl.cnf |
||||
@@ -104,7 +104,7 @@ cert_opt = ca_default # Certificate field options |
||||
|
||||
default_days = 365 # how long to certify for |
||||
default_crl_days= 30 # how long before next CRL |
||||
-default_md = default # use public key default MD |
||||
+default_md = sha256 # use SHA-256 by default |
||||
preserve = no # keep passed DN ordering |
||||
|
||||
# A few difference way of specifying how similar the request should look |
||||
@@ -136,6 +136,7 @@ emailAddress = optional |
||||
#################################################################### |
||||
[ req ] |
||||
default_bits = 2048 |
||||
+default_md = sha256 |
||||
default_keyfile = privkey.pem |
||||
distinguished_name = req_distinguished_name |
||||
attributes = req_attributes |
||||
@@ -158,17 +159,18 @@ string_mask = utf8only |
||||
|
||||
[ req_distinguished_name ] |
||||
countryName = Country Name (2 letter code) |
||||
-countryName_default = AU |
||||
+countryName_default = XX |
||||
countryName_min = 2 |
||||
countryName_max = 2 |
||||
|
||||
stateOrProvinceName = State or Province Name (full name) |
||||
-stateOrProvinceName_default = Some-State |
||||
+#stateOrProvinceName_default = Default Province |
||||
|
||||
localityName = Locality Name (eg, city) |
||||
+localityName_default = Default City |
||||
|
||||
0.organizationName = Organization Name (eg, company) |
||||
-0.organizationName_default = Internet Widgits Pty Ltd |
||||
+0.organizationName_default = Default Company Ltd |
||||
|
||||
# we can do this but it is not needed normally :-) |
||||
#1.organizationName = Second Organization Name (eg, company) |
||||
@@ -177,7 +179,7 @@ localityName = Locality Name (eg, city) |
||||
organizationalUnitName = Organizational Unit Name (eg, section) |
||||
#organizationalUnitName_default = |
||||
|
||||
-commonName = Common Name (e.g. server FQDN or YOUR name) |
||||
+commonName = Common Name (eg, your name or your server\'s hostname) |
||||
commonName_max = 64 |
||||
|
||||
emailAddress = Email Address |
||||
-- |
||||
2.26.2 |
||||
|
@ -0,0 +1,26 @@
@@ -0,0 +1,26 @@
|
||||
From 3d5755df8d09ca841c0aca2d7344db060f6cc97f Mon Sep 17 00:00:00 2001 |
||||
From: Tomas Mraz <tmraz@fedoraproject.org> |
||||
Date: Thu, 24 Sep 2020 09:05:55 +0200 |
||||
Subject: Do not install html docs |
||||
|
||||
(was openssl-1.1.1-no-html.patch) |
||||
--- |
||||
Configurations/unix-Makefile.tmpl | 2 +- |
||||
1 file changed, 1 insertion(+), 1 deletion(-) |
||||
|
||||
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl |
||||
index 342e46d24d..9f369edf0e 100644 |
||||
--- a/Configurations/unix-Makefile.tmpl |
||||
+++ b/Configurations/unix-Makefile.tmpl |
||||
@@ -554,7 +554,7 @@ install_sw: install_dev install_engines install_modules install_runtime |
||||
|
||||
uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev |
||||
|
||||
-install_docs: install_man_docs install_html_docs |
||||
+install_docs: install_man_docs |
||||
|
||||
uninstall_docs: uninstall_man_docs uninstall_html_docs |
||||
$(RM) -r $(DESTDIR)$(DOCDIR) |
||||
-- |
||||
2.26.2 |
||||
|
@ -0,0 +1,73 @@
@@ -0,0 +1,73 @@
|
||||
From 6790960076742a9053c624e26fbb87fcd5789e27 Mon Sep 17 00:00:00 2001 |
||||
From: Tomas Mraz <tmraz@fedoraproject.org> |
||||
Date: Thu, 24 Sep 2020 09:17:26 +0200 |
||||
Subject: Override default paths for the CA directory tree |
||||
|
||||
Also add default section to load crypto-policies configuration |
||||
for TLS. |
||||
|
||||
It needs to be reverted before running tests. |
||||
|
||||
(was openssl-1.1.1-conf-paths.patch) |
||||
--- |
||||
apps/CA.pl.in | 2 +- |
||||
apps/openssl.cnf | 20 ++++++++++++++++++-- |
||||
2 files changed, 19 insertions(+), 3 deletions(-) |
||||
|
||||
diff --git a/apps/CA.pl.in b/apps/CA.pl.in |
||||
index c0afb96716..d6a5fabd16 100644 |
||||
--- a/apps/CA.pl.in |
||||
+++ b/apps/CA.pl.in |
||||
@@ -29,7 +29,7 @@ my $X509 = "$openssl x509"; |
||||
my $PKCS12 = "$openssl pkcs12"; |
||||
|
||||
# Default values for various configuration settings. |
||||
-my $CATOP = "./demoCA"; |
||||
+my $CATOP = "/etc/pki/CA"; |
||||
my $CAKEY = "cakey.pem"; |
||||
my $CAREQ = "careq.pem"; |
||||
my $CACERT = "cacert.pem"; |
||||
diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf |
||||
--- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200 |
||||
+++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200 |
||||
@@ -53,6 +53,8 @@ tsa_policy3 = 1.2.3.4.5.7 |
||||
|
||||
[openssl_init] |
||||
providers = provider_sect |
||||
+# Load default TLS policy configuration |
||||
+ssl_conf = ssl_module |
||||
|
||||
# List of providers to load |
||||
[provider_sect] |
||||
@@ -64,6 +66,13 @@ default = default_sect |
||||
[default_sect] |
||||
# activate = 1 |
||||
|
||||
+[ ssl_module ] |
||||
+ |
||||
+system_default = crypto_policy |
||||
+ |
||||
+[ crypto_policy ] |
||||
+ |
||||
+.include = /etc/crypto-policies/back-ends/opensslcnf.config |
||||
|
||||
#################################################################### |
||||
[ ca ] |
||||
@@ -72,7 +81,7 @@ default_ca = CA_default # The default c |
||||
#################################################################### |
||||
[ CA_default ] |
||||
|
||||
-dir = ./demoCA # Where everything is kept |
||||
+dir = /etc/pki/CA # Where everything is kept |
||||
certs = $dir/certs # Where the issued certs are kept |
||||
crl_dir = $dir/crl # Where the issued crl are kept |
||||
database = $dir/index.txt # database index file. |
||||
@@ -304,7 +313,7 @@ default_tsa = tsa_config1 # the default |
||||
[ tsa_config1 ] |
||||
|
||||
# These are used by the TSA reply generation only. |
||||
-dir = ./demoCA # TSA root directory |
||||
+dir = /etc/pki/CA # TSA root directory |
||||
serial = $dir/tsaserial # The current serial number (mandatory) |
||||
crypto_device = builtin # OpenSSL engine to use for signing |
||||
signer_cert = $dir/tsacert.pem # The TSA signing certificate |
@ -0,0 +1,28 @@
@@ -0,0 +1,28 @@
|
||||
From 3d8fa9859501b07e02b76b5577e2915d5851e927 Mon Sep 17 00:00:00 2001 |
||||
From: Tomas Mraz <tmraz@fedoraproject.org> |
||||
Date: Thu, 24 Sep 2020 09:27:18 +0200 |
||||
Subject: apps/ca: fix md option help text |
||||
|
||||
upstreamable |
||||
|
||||
(was openssl-1.1.1-apps-dgst.patch) |
||||
--- |
||||
apps/ca.c | 2 +- |
||||
1 file changed, 1 insertion(+), 1 deletion(-) |
||||
|
||||
diff --git a/apps/ca.c b/apps/ca.c |
||||
index 0f21b4fa1c..3d4b2c1673 100755 |
||||
--- a/apps/ca.c |
||||
+++ b/apps/ca.c |
||||
@@ -209,7 +209,7 @@ const OPTIONS ca_options[] = { |
||||
{"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"}, |
||||
|
||||
OPT_SECTION("Signing"), |
||||
- {"md", OPT_MD, 's', "Digest to use, such as sha256"}, |
||||
+ {"md", OPT_MD, 's', "Digest to use, such as sha256; see openssl help for list"}, |
||||
{"keyfile", OPT_KEYFILE, 's', "The CA private key"}, |
||||
{"keyform", OPT_KEYFORM, 'f', |
||||
"Private key file format (ENGINE, other values ignored)"}, |
||||
-- |
||||
2.26.2 |
||||
|
@ -0,0 +1,29 @@
@@ -0,0 +1,29 @@
|
||||
From 3f9deff30ae6efbfe979043b00cdf649b39793c0 Mon Sep 17 00:00:00 2001 |
||||
From: Tomas Mraz <tmraz@fedoraproject.org> |
||||
Date: Thu, 24 Sep 2020 09:51:34 +0200 |
||||
Subject: Disable signature verification with totally unsafe hash algorithms |
||||
|
||||
(was openssl-1.1.1-no-weak-verify.patch) |
||||
--- |
||||
crypto/asn1/a_verify.c | 5 +++++ |
||||
1 file changed, 5 insertions(+) |
||||
|
||||
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c |
||||
index b7eed914b0..af62f0ef08 100644 |
||||
--- a/crypto/asn1/a_verify.c |
||||
+++ b/crypto/asn1/a_verify.c |
||||
@@ -152,6 +152,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, |
||||
ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); |
||||
if (ret <= 1) |
||||
goto err; |
||||
+ } else if ((mdnid == NID_md5 |
||||
+ && ossl_safe_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) || |
||||
+ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) { |
||||
+ ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); |
||||
+ goto err; |
||||
} else { |
||||
const EVP_MD *type = NULL; |
||||
|
||||
-- |
||||
2.26.2 |
||||
|
@ -0,0 +1,323 @@
@@ -0,0 +1,323 @@
|
||||
From 736d709ec194b3a763e004696df22792c62a11fc Mon Sep 17 00:00:00 2001 |
||||
From: Tomas Mraz <tmraz@fedoraproject.org> |
||||
Date: Thu, 24 Sep 2020 10:16:46 +0200 |
||||
Subject: Add support for PROFILE=SYSTEM system default cipherlist |
||||
|
||||
(was openssl-1.1.1-system-cipherlist.patch) |
||||
--- |
||||
Configurations/unix-Makefile.tmpl | 5 ++ |
||||
Configure | 10 +++- |
||||
doc/man1/openssl-ciphers.pod.in | 9 ++++ |
||||
include/openssl/ssl.h.in | 5 ++ |
||||
ssl/ssl_ciph.c | 88 +++++++++++++++++++++++++++---- |
||||
ssl/ssl_lib.c | 4 +- |
||||
test/cipherlist_test.c | 2 + |
||||
util/libcrypto.num | 1 + |
||||
8 files changed, 110 insertions(+), 14 deletions(-) |
||||
|
||||
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl |
||||
index 9f369edf0e..c52389f831 100644 |
||||
--- a/Configurations/unix-Makefile.tmpl |
||||
+++ b/Configurations/unix-Makefile.tmpl |
||||
@@ -269,6 +269,10 @@ MANDIR=$(INSTALLTOP)/share/man |
||||
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) |
||||
HTMLDIR=$(DOCDIR)/html |
||||
|
||||
+{- output_off() if $config{system_ciphers_file} eq ""; "" -} |
||||
+SYSTEM_CIPHERS_FILE_DEFINE=-DSYSTEM_CIPHERS_FILE="\"{- $config{system_ciphers_file} -}\"" |
||||
+{- output_on() if $config{system_ciphers_file} eq ""; "" -} |
||||
+ |
||||
# MANSUFFIX is for the benefit of anyone who may want to have a suffix |
||||
# appended after the manpage file section number. "ssl" is popular, |
||||
# resulting in files such as config.5ssl rather than config.5. |
||||
@@ -292,6 +296,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -} |
||||
CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -} |
||||
CPPFLAGS={- our $cppflags1 = join(" ", |
||||
(map { "-D".$_} @{$config{CPPDEFINES}}), |
||||
+ "\$(SYSTEM_CIPHERS_FILE_DEFINE)", |
||||
(map { "-I".$_} @{$config{CPPINCLUDES}}), |
||||
@{$config{CPPFLAGS}}) -} |
||||
CFLAGS={- join(' ', @{$config{CFLAGS}}) -} |
||||
diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in |
||||
index b4ed3e51d5..2122e6bdfd 100644 |
||||
--- a/doc/man1/openssl-ciphers.pod.in |
||||
+++ b/doc/man1/openssl-ciphers.pod.in |
||||
@@ -187,6 +187,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default. |
||||
|
||||
The cipher suites not enabled by B<ALL>, currently B<eNULL>. |
||||
|
||||
+=item B<PROFILE=SYSTEM> |
||||
+ |
||||
+The list of enabled cipher suites will be loaded from the system crypto policy |
||||
+configuration file B</etc/crypto-policies/back-ends/openssl.config>. |
||||
+See also L<update-crypto-policies(8)>. |
||||
+This is the default behavior unless an application explicitly sets a cipher |
||||
+list. If used in a cipher list configuration value this string must be at the |
||||
+beginning of the cipher list, otherwise it will not be recognized. |
||||
+ |
||||
=item B<HIGH> |
||||
|
||||
"High" encryption cipher suites. This currently means those with key lengths |
||||
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in |
||||
index f9a61609e4..c6f95fed3f 100644 |
||||
--- a/include/openssl/ssl.h.in |
||||
+++ b/include/openssl/ssl.h.in |
||||
@@ -209,6 +209,11 @@ extern "C" { |
||||
* throwing out anonymous and unencrypted ciphersuites! (The latter are not |
||||
* actually enabled by ALL, but "ALL:RSA" would enable some of them.) |
||||
*/ |
||||
+# ifdef SYSTEM_CIPHERS_FILE |
||||
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM" |
||||
+# else |
||||
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST OSSL_default_cipher_list() |
||||
+# endif |
||||
|
||||
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ |
||||
# define SSL_SENT_SHUTDOWN 1 |
||||
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c |
||||
index b1d3f7919e..f7cc7fed48 100644 |
||||
--- a/ssl/ssl_ciph.c |
||||
+++ b/ssl/ssl_ciph.c |
||||
@@ -1411,6 +1411,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str) |
||||
return ret; |
||||
} |
||||
|
||||
+#ifdef SYSTEM_CIPHERS_FILE |
||||
+static char *load_system_str(const char *suffix) |
||||
+{ |
||||
+ FILE *fp; |
||||
+ char buf[1024]; |
||||
+ char *new_rules; |
||||
+ const char *ciphers_path; |
||||
+ unsigned len, slen; |
||||
+ |
||||
+ if ((ciphers_path = ossl_safe_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL) |
||||
+ ciphers_path = SYSTEM_CIPHERS_FILE; |
||||
+ fp = fopen(ciphers_path, "r"); |
||||
+ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) { |
||||
+ /* cannot open or file is empty */ |
||||
+ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST); |
||||
+ } |
||||
+ |
||||
+ if (fp) |
||||
+ fclose(fp); |
||||
+ |
||||
+ slen = strlen(suffix); |
||||
+ len = strlen(buf); |
||||
+ |
||||
+ if (buf[len - 1] == '\n') { |
||||
+ len--; |
||||
+ buf[len] = 0; |
||||
+ } |
||||
+ if (buf[len - 1] == '\r') { |
||||
+ len--; |
||||
+ buf[len] = 0; |
||||
+ } |
||||
+ |
||||
+ new_rules = OPENSSL_malloc(len + slen + 1); |
||||
+ if (new_rules == 0) |
||||
+ return NULL; |
||||
+ |
||||
+ memcpy(new_rules, buf, len); |
||||
+ if (slen > 0) { |
||||
+ memcpy(&new_rules[len], suffix, slen); |
||||
+ len += slen; |
||||
+ } |
||||
+ new_rules[len] = 0; |
||||
+ |
||||
+ return new_rules; |
||||
+} |
||||
+#endif |
||||
+ |
||||
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, |
||||
STACK_OF(SSL_CIPHER) *tls13_ciphersuites, |
||||
STACK_OF(SSL_CIPHER) **cipher_list, |
||||
@@ -1425,15 +1472,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, |
||||
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; |
||||
const SSL_CIPHER **ca_list = NULL; |
||||
const SSL_METHOD *ssl_method = ctx->method; |
||||
+#ifdef SYSTEM_CIPHERS_FILE |
||||
+ char *new_rules = NULL; |
||||
+ |
||||
+ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) { |
||||
+ char *p = rule_str + 14; |
||||
+ |
||||
+ new_rules = load_system_str(p); |
||||
+ rule_str = new_rules; |
||||
+ } |
||||
+#endif |
||||
|
||||
/* |
||||
* Return with error if nothing to do. |
||||
*/ |
||||
if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) |
||||
- return NULL; |
||||
+ goto err; |
||||
|
||||
if (!check_suiteb_cipher_list(ssl_method, c, &rule_str)) |
||||
- return NULL; |
||||
+ goto err; |
||||
|
||||
/* |
||||
* To reduce the work to do we only want to process the compiled |
||||
@@ -1456,7 +1513,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, |
||||
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); |
||||
if (co_list == NULL) { |
||||
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); |
||||
- return NULL; /* Failure */ |
||||
+ goto err; |
||||
} |
||||
|
||||
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, |
||||
@@ -1522,8 +1579,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, |
||||
* in force within each class |
||||
*/ |
||||
if (!ssl_cipher_strength_sort(&head, &tail)) { |
||||
- OPENSSL_free(co_list); |
||||
- return NULL; |
||||
+ goto err; |
||||
} |
||||
|
||||
/* |
||||
@@ -1568,9 +1624,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, |
||||
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; |
||||
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); |
||||
if (ca_list == NULL) { |
||||
- OPENSSL_free(co_list); |
||||
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); |
||||
- return NULL; /* Failure */ |
||||
+ goto err; |
||||
} |
||||
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, |
||||
disabled_mkey, disabled_auth, disabled_enc, |
||||
@@ -1596,8 +1651,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, |
||||
OPENSSL_free(ca_list); /* Not needed anymore */ |
||||
|
||||
if (!ok) { /* Rule processing failure */ |
||||
- OPENSSL_free(co_list); |
||||
- return NULL; |
||||
+ goto err; |
||||
} |
||||
|
||||
/* |
||||
@@ -1605,10 +1659,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, |
||||
* if we cannot get one. |
||||
*/ |
||||
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { |
||||
- OPENSSL_free(co_list); |
||||
- return NULL; |
||||
+ goto err; |
||||
} |
||||
|
||||
+#ifdef SYSTEM_CIPHERS_FILE |
||||
+ OPENSSL_free(new_rules); /* Not needed anymore */ |
||||
+#endif |
||||
+ |
||||
/* Add TLSv1.3 ciphers first - we always prefer those if possible */ |
||||
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { |
||||
const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); |
||||
@@ -1656,6 +1714,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, |
||||
*cipher_list = cipherstack; |
||||
|
||||
return cipherstack; |
||||
+ |
||||
+err: |
||||
+ OPENSSL_free(co_list); |
||||
+#ifdef SYSTEM_CIPHERS_FILE |
||||
+ OPENSSL_free(new_rules); |
||||
+#endif |
||||
+ return NULL; |
||||
+ |
||||
} |
||||
|
||||
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) |
||||
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c |
||||
index d14d5819ba..48d491219a 100644 |
||||
--- a/ssl/ssl_lib.c |
||||
+++ b/ssl/ssl_lib.c |
||||
@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) |
||||
ctx->tls13_ciphersuites, |
||||
&(ctx->cipher_list), |
||||
&(ctx->cipher_list_by_id), |
||||
- OSSL_default_cipher_list(), ctx->cert); |
||||
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert); |
||||
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { |
||||
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); |
||||
return 0; |
||||
@@ -3193,7 +3193,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, |
||||
if (!ssl_create_cipher_list(ret, |
||||
ret->tls13_ciphersuites, |
||||
&ret->cipher_list, &ret->cipher_list_by_id, |
||||
- OSSL_default_cipher_list(), ret->cert) |
||||
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert) |
||||
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { |
||||
ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); |
||||
goto err2; |
||||
diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c |
||||
index 380f0727fc..6922a87c30 100644 |
||||
--- a/test/cipherlist_test.c |
||||
+++ b/test/cipherlist_test.c |
||||
@@ -244,7 +244,9 @@ end: |
||||
|
||||
int setup_tests(void) |
||||
{ |
||||
+#ifndef SYSTEM_CIPHERS_FILE |
||||
ADD_TEST(test_default_cipherlist_implicit); |
||||
+#endif |
||||
ADD_TEST(test_default_cipherlist_explicit); |
||||
ADD_TEST(test_default_cipherlist_clear); |
||||
return 1; |
||||
diff --git a/util/libcrypto.num b/util/libcrypto.num |
||||
index 404a706fab..e81fa9ec3e 100644 |
||||
--- a/util/libcrypto.num |
||||
+++ b/util/libcrypto.num |
||||
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION: |
||||
ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION: |
||||
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: |
||||
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: |
||||
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: |
||||
-- |
||||
2.26.2 |
||||
|
||||
diff -up openssl-3.0.0-beta1/Configure.sys-default openssl-3.0.0-beta1/Configure |
||||
--- openssl-3.0.0-beta1/Configure.sys-default 2021-06-29 11:47:58.978144386 +0200 |
||||
+++ openssl-3.0.0-beta1/Configure 2021-06-29 11:52:01.631126260 +0200 |
||||
@@ -27,7 +27,7 @@ use OpenSSL::config; |
||||
my $orig_death_handler = $SIG{__DIE__}; |
||||
$SIG{__DIE__} = \&death_handler; |
||||
|
||||
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; |
||||
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; |
||||
|
||||
my $banner = <<"EOF"; |
||||
|
||||
@@ -61,6 +61,10 @@ EOF |
||||
# given with --prefix. |
||||
# This becomes the value of OPENSSLDIR in Makefile and in C. |
||||
# (Default: PREFIX/ssl) |
||||
+# |
||||
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM |
||||
+# cipher is specified (default). |
||||
+# |
||||
# --banner=".." Output specified text instead of default completion banner |
||||
# |
||||
# -w Don't wait after showing a Configure warning |
||||
@@ -385,6 +389,7 @@ $config{prefix}=""; |
||||
$config{openssldir}=""; |
||||
$config{processor}=""; |
||||
$config{libdir}=""; |
||||
+$config{system_ciphers_file}=""; |
||||
my $auto_threads=1; # enable threads automatically? true by default |
||||
my $default_ranlib; |
||||
|
||||
@@ -987,6 +992,10 @@ while (@argvcopy) |
||||
die "FIPS key too long (64 bytes max)\n" |
||||
if length $1 > 64; |
||||
} |
||||
+ elsif (/^--system-ciphers-file=(.*)$/) |
||||
+ { |
||||
+ $config{system_ciphers_file}=$1; |
||||
+ } |
||||
elsif (/^--banner=(.*)$/) |
||||
{ |
||||
$banner = $1 . "\n"; |
@ -0,0 +1,87 @@
@@ -0,0 +1,87 @@
|
||||
From 5b2ec9a54037d7b007324bf53e067e73511cdfe4 Mon Sep 17 00:00:00 2001 |
||||
From: Tomas Mraz <tmraz@fedoraproject.org> |
||||
Date: Thu, 26 Nov 2020 14:00:16 +0100 |
||||
Subject: Add FIPS_mode() compatibility macro |
||||
|
||||
The macro calls EVP_default_properties_is_fips_enabled() on the |
||||
default context. |
||||
--- |
||||
include/openssl/crypto.h.in | 1 + |
||||
include/openssl/fips.h | 25 +++++++++++++++++++++++++ |
||||
test/property_test.c | 13 +++++++++++++ |
||||
3 files changed, 39 insertions(+) |
||||
create mode 100644 include/openssl/fips.h |
||||
|
||||
diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in |
||||
index 1036da9a2b..9d4896fcaf 100644 |
||||
--- a/include/openssl/crypto.h.in |
||||
+++ b/include/openssl/crypto.h.in |
||||
@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack_macros); |
||||
# include <openssl/opensslconf.h> |
||||
# include <openssl/cryptoerr.h> |
||||
# include <openssl/core.h> |
||||
+# include <openssl/fips.h> |
||||
|
||||
# ifdef CHARSET_EBCDIC |
||||
# include <openssl/ebcdic.h> |
||||
diff --git a/include/openssl/fips.h b/include/openssl/fips.h |
||||
new file mode 100644 |
||||
index 0000000000..c64f0f8e8f |
||||
--- /dev/null |
||||
+++ b/include/openssl/fips.h |
||||
@@ -0,0 +1,25 @@ |
||||
+/* |
||||
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. |
||||
+ * |
||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use |
||||
+ * this file except in compliance with the License. You can obtain a copy |
||||
+ * in the file LICENSE in the source distribution or at |
||||
+ * https://www.openssl.org/source/license.html |
||||
+ */ |
||||
+ |
||||
+#ifndef OPENSSL_FIPS_H |
||||
+# define OPENSSL_FIPS_H |
||||
+# pragma once |
||||
+ |
||||
+# include <openssl/macros.h> |
||||
+ |
||||
+# ifdef __cplusplus |
||||
+extern "C" { |
||||
+# endif |
||||
+ |
||||
+# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL) |
||||
+ |
||||
+# ifdef __cplusplus |
||||
+} |
||||
+# endif |
||||
+#endif |
||||
diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c |
||||
--- openssl-3.0.0-beta1/test/property_test.c.fips-macro 2021-06-29 12:14:58.851557698 +0200 |
||||
+++ openssl-3.0.0-beta1/test/property_test.c 2021-06-29 12:17:14.630143832 +0200 |
||||
@@ -488,6 +488,18 @@ static int test_property_list_to_string( |
||||
return ret; |
||||
} |
||||
|
||||
+static int test_downstream_FIPS_mode(void) |
||||
+{ |
||||
+ int ret = 0; |
||||
+ |
||||
+ ret = TEST_true(EVP_set_default_properties(NULL, "fips=yes")) |
||||
+ && TEST_true(FIPS_mode()) |
||||
+ && TEST_true(EVP_set_default_properties(NULL, "fips=no")) |
||||
+ && TEST_false(FIPS_mode()); |
||||
+ |
||||
+ return ret; |
||||
+} |
||||
+ |
||||
int setup_tests(void) |
||||
{ |
||||
ADD_TEST(test_property_string); |
||||
@@ -500,6 +512,7 @@ int setup_tests(void) |
||||
ADD_TEST(test_property); |
||||
ADD_TEST(test_query_cache_stochastic); |
||||
ADD_TEST(test_fips_mode); |
||||
+ ADD_TEST(test_downstream_FIPS_mode); |
||||
ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests)); |
||||
return 1; |
||||
} |
@ -0,0 +1,71 @@
@@ -0,0 +1,71 @@
|
||||
diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c |
||||
--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100 |
||||
+++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100 |
||||
@@ -12,11 +12,46 @@ |
||||
#include "internal/bio.h" |
||||
#include "internal/provider.h" |
||||
|
||||
+# include <sys/types.h> |
||||
+# include <sys/stat.h> |
||||
+# include <fcntl.h> |
||||
+# include <unistd.h> |
||||
+# include <openssl/evp.h> |
||||
+ |
||||
struct ossl_lib_ctx_onfree_list_st { |
||||
ossl_lib_ctx_onfree_fn *fn; |
||||
struct ossl_lib_ctx_onfree_list_st *next; |
||||
}; |
||||
|
||||
+# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" |
||||
+ |
||||
+static int kernel_fips_flag; |
||||
+ |
||||
+static void read_kernel_fips_flag(void) |
||||
+{ |
||||
+ char buf[2] = "0"; |
||||
+ int fd; |
||||
+ |
||||
+ if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { |
||||
+ buf[0] = '1'; |
||||
+ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { |
||||
+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; |
||||
+ close(fd); |
||||
+ } |
||||
+ |
||||
+ if (buf[0] == '1') { |
||||
+ kernel_fips_flag = 1; |
||||
+ } |
||||
+ |
||||
+ return; |
||||
+} |
||||
+ |
||||
+int ossl_get_kernel_fips_flag() |
||||
+{ |
||||
+ return kernel_fips_flag; |
||||
+} |
||||
+ |
||||
+ |
||||
struct ossl_lib_ctx_st { |
||||
CRYPTO_RWLOCK *lock; |
||||
CRYPTO_EX_DATA data; |
||||
@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte |
||||
|
||||
DEFINE_RUN_ONCE_STATIC(default_context_do_init) |
||||
{ |
||||
+ read_kernel_fips_flag(); |
||||
return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL) |
||||
&& context_init(&default_context_int); |
||||
} |
||||
diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/include/internal/provider.h |
||||
--- openssl-3.0.1/include/internal/provider.h.embed-fips 2022-01-11 13:13:08.323238760 +0100 |
||||
+++ openssl-3.0.1/include/internal/provider.h 2022-01-11 13:13:43.522558909 +0100 |
||||
@@ -110,6 +110,9 @@ int ossl_provider_init_as_child(OSSL_LIB |
||||
const OSSL_DISPATCH *in); |
||||
void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx); |
||||
|
||||
+/* FIPS flag access */ |
||||
+int ossl_get_kernel_fips_flag(void); |
||||
+ |
||||
# ifdef __cplusplus |
||||
} |
||||
# endif |
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,122 @@
@@ -0,0 +1,122 @@
|
||||
diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/crypto/ec/ec_asn1.c |
||||
--- openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec 2022-03-22 13:10:45.718077845 +0100 |
||||
+++ openssl-3.0.1/crypto/ec/ec_asn1.c 2022-03-22 13:12:46.626599016 +0100 |
||||
@@ -895,6 +895,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP ** |
||||
if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) |
||||
group->decoded_from_explicit_params = 1; |
||||
|
||||
+ if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) { |
||||
+ EC_GROUP_free(group); |
||||
+ ECPKPARAMETERS_free(params); |
||||
+ return NULL; |
||||
+ } |
||||
+ |
||||
if (a) { |
||||
EC_GROUP_free(*a); |
||||
*a = group; |
||||
@@ -954,6 +959,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con |
||||
goto err; |
||||
} |
||||
|
||||
+ if (EC_GROUP_check_named_curve(ret->group, 0, NULL) == NID_undef) { |
||||
+ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP); |
||||
+ goto err; |
||||
+ } |
||||
+ |
||||
ret->version = priv_key->version; |
||||
|
||||
if (priv_key->privateKey) { |
||||
diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/test/endecode_test.c |
||||
--- openssl-3.0.1/test/endecode_test.c.disable_explicit_ec 2022-03-21 16:55:46.005558779 +0100 |
||||
+++ openssl-3.0.1/test/endecode_test.c 2022-03-21 16:56:12.636792762 +0100 |
||||
@@ -57,7 +57,7 @@ static BN_CTX *bnctx = NULL; |
||||
static OSSL_PARAM_BLD *bld_prime_nc = NULL; |
||||
static OSSL_PARAM_BLD *bld_prime = NULL; |
||||
static OSSL_PARAM *ec_explicit_prime_params_nc = NULL; |
||||
-static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL; |
||||
+/*static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;*/ |
||||
|
||||
# ifndef OPENSSL_NO_EC2M |
||||
static OSSL_PARAM_BLD *bld_tri_nc = NULL; |
||||
@@ -990,9 +990,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") |
||||
DOMAIN_KEYS(ECExplicitPrimeNamedCurve); |
||||
IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC") |
||||
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") |
||||
-DOMAIN_KEYS(ECExplicitPrime2G); |
||||
-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC") |
||||
-IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC") |
||||
+/*DOMAIN_KEYS(ECExplicitPrime2G);*/ |
||||
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")*/ |
||||
+/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/ |
||||
# ifndef OPENSSL_NO_EC2M |
||||
DOMAIN_KEYS(ECExplicitTriNamedCurve); |
||||
IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC") |
||||
@@ -1318,7 +1318,7 @@ int setup_tests(void) |
||||
|| !create_ec_explicit_prime_params_namedcurve(bld_prime_nc) |
||||
|| !create_ec_explicit_prime_params(bld_prime) |
||||
|| !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc)) |
||||
- || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime)) |
||||
+/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/ |
||||
# ifndef OPENSSL_NO_EC2M |
||||
|| !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new()) |
||||
|| !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new()) |
||||
@@ -1346,7 +1346,7 @@ int setup_tests(void) |
||||
TEST_info("Generating EC keys..."); |
||||
MAKE_DOMAIN_KEYS(EC, "EC", EC_params); |
||||
MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc); |
||||
- MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit); |
||||
+/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/ |
||||
# ifndef OPENSSL_NO_EC2M |
||||
MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc); |
||||
MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit); |
||||
@@ -1389,8 +1389,8 @@ int setup_tests(void) |
||||
ADD_TEST_SUITE_LEGACY(EC); |
||||
ADD_TEST_SUITE(ECExplicitPrimeNamedCurve); |
||||
ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve); |
||||
- ADD_TEST_SUITE(ECExplicitPrime2G); |
||||
- ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G); |
||||
+/* ADD_TEST_SUITE(ECExplicitPrime2G);*/ |
||||
+/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/ |
||||
# ifndef OPENSSL_NO_EC2M |
||||
ADD_TEST_SUITE(ECExplicitTriNamedCurve); |
||||
ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve); |
||||
@@ -1427,7 +1427,7 @@ void cleanup_tests(void) |
||||
{ |
||||
#ifndef OPENSSL_NO_EC |
||||
OSSL_PARAM_free(ec_explicit_prime_params_nc); |
||||
- OSSL_PARAM_free(ec_explicit_prime_params_explicit); |
||||
+/* OSSL_PARAM_free(ec_explicit_prime_params_explicit);*/ |
||||
OSSL_PARAM_BLD_free(bld_prime_nc); |
||||
OSSL_PARAM_BLD_free(bld_prime); |
||||
# ifndef OPENSSL_NO_EC2M |
||||
@@ -1449,7 +1449,7 @@ void cleanup_tests(void) |
||||
#ifndef OPENSSL_NO_EC |
||||
FREE_DOMAIN_KEYS(EC); |
||||
FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve); |
||||
- FREE_DOMAIN_KEYS(ECExplicitPrime2G); |
||||
+/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/ |
||||
# ifndef OPENSSL_NO_EC2M |
||||
FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve); |
||||
FREE_DOMAIN_KEYS(ECExplicitTri2G); |
||||
diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt |
||||
--- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec 2022-03-25 11:20:50.920949208 +0100 |
||||
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2022-03-25 11:21:13.177147598 +0100 |
||||
@@ -121,18 +121,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEB |
||||
3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl |
||||
-----END PRIVATE KEY----- |
||||
|
||||
-PrivateKey = EC_EXPLICIT |
||||
------BEGIN PRIVATE KEY----- |
||||
-MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB |
||||
-AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA |
||||
-///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV |
||||
-AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG |
||||
-l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A |
||||
-AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk |
||||
-OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL |
||||
-46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg |
||||
------END PRIVATE KEY----- |
||||
- |
||||
PrivateKey = B-163 |
||||
-----BEGIN PRIVATE KEY----- |
||||
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K |
@ -0,0 +1,77 @@
@@ -0,0 +1,77 @@
|
||||
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c |
||||
index 78dc69082fab..8a86c9108d0d 100644 |
||||
--- a/providers/implementations/keymgmt/ec_kmgmt.c |
||||
+++ b/providers/implementations/keymgmt/ec_kmgmt.c |
||||
@@ -470,9 +470,6 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, |
||||
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 |
||||
&& (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0) |
||||
return 0; |
||||
- if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0 |
||||
- && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) |
||||
- return 0; |
||||
|
||||
tmpl = OSSL_PARAM_BLD_new(); |
||||
if (tmpl == NULL) |
||||
diff --git a/test/recipes/15-test_ecparam.t b/test/recipes/15-test_ecparam.t |
||||
index 766524e8cfa9..80bac6741290 100644 |
||||
--- a/test/recipes/15-test_ecparam.t |
||||
+++ b/test/recipes/15-test_ecparam.t |
||||
@@ -13,7 +13,7 @@ use warnings; |
||||
use File::Spec; |
||||
use File::Compare qw/compare_text/; |
||||
use OpenSSL::Glob; |
||||
-use OpenSSL::Test qw/:DEFAULT data_file/; |
||||
+use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/; |
||||
use OpenSSL::Test::Utils; |
||||
|
||||
setup("test_ecparam"); |
||||
@@ -25,7 +25,7 @@ my @valid = glob(data_file("valid", "*.pem")); |
||||
my @noncanon = glob(data_file("noncanon", "*.pem")); |
||||
my @invalid = glob(data_file("invalid", "*.pem")); |
||||
|
||||
-plan tests => 11; |
||||
+plan tests => 12; |
||||
|
||||
sub checkload { |
||||
my $files = shift; # List of files |
||||
@@ -59,6 +59,8 @@ sub checkcompare { |
||||
} |
||||
} |
||||
|
||||
+my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); |
||||
+ |
||||
subtest "Check loading valid parameters by ecparam with -check" => sub { |
||||
plan tests => scalar(@valid); |
||||
checkload(\@valid, 1, "ecparam", "-check"); |
||||
@@ -113,3 +115,31 @@ subtest "Check pkeyparam does not change the parameter file on output" => sub { |
||||
plan tests => 2 * scalar(@valid); |
||||
checkcompare(\@valid, "pkeyparam"); |
||||
}; |
||||
+ |
||||
+subtest "Check loading of fips and non-fips params" => sub { |
||||
+ plan skip_all => "FIPS is disabled" |
||||
+ if $no_fips; |
||||
+ plan tests => 3; |
||||
+ |
||||
+ my $fipsconf = srctop_file("test", "fips-and-base.cnf"); |
||||
+ my $defaultconf = srctop_file("test", "default.cnf"); |
||||
+ |
||||
+ $ENV{OPENSSL_CONF} = $fipsconf; |
||||
+ |
||||
+ ok(run(app(['openssl', 'ecparam', |
||||
+ '-in', data_file('valid', 'secp384r1-explicit.pem'), |
||||
+ '-check'])), |
||||
+ "Loading explicitly encoded valid curve"); |
||||
+ |
||||
+ ok(run(app(['openssl', 'ecparam', |
||||
+ '-in', data_file('valid', 'secp384r1-named.pem'), |
||||
+ '-check'])), |
||||
+ "Loading named valid curve"); |
||||
+ |
||||
+ ok(!run(app(['openssl', 'ecparam', |
||||
+ '-in', data_file('valid', 'secp112r1-named.pem'), |
||||
+ '-check'])), |
||||
+ "Fail loading named non-fips curve"); |
||||
+ |
||||
+ $ENV{OPENSSL_CONF} = $defaultconf; |
||||
+}; |
@ -0,0 +1,421 @@
@@ -0,0 +1,421 @@
|
||||
diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c |
||||
index 9dc143c2ac69..4d6f2a76ad20 100644 |
||||
--- a/crypto/ec/ec_err.c |
||||
+++ b/crypto/ec/ec_err.c |
||||
@@ -1,6 +1,6 @@ |
||||
/* |
||||
* Generated by util/mkerr.pl DO NOT EDIT |
||||
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. |
||||
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. |
||||
* |
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use |
||||
* this file except in compliance with the License. You can obtain a copy |
||||
@@ -35,6 +35,8 @@ static const ERR_STRING_DATA EC_str_reasons[] = { |
||||
"discriminant is zero"}, |
||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE), |
||||
"ec group new by name failure"}, |
||||
+ {ERR_PACK(ERR_LIB_EC, 0, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED), |
||||
+ "explicit params not supported"}, |
||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_FAILED_MAKING_PUBLIC_KEY), |
||||
"failed making public key"}, |
||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"}, |
||||
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c |
||||
index 2aeab7e3b6b5..f686e45f899d 100644 |
||||
--- a/crypto/ec/ec_lib.c |
||||
+++ b/crypto/ec/ec_lib.c |
||||
@@ -1387,6 +1387,7 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, |
||||
} |
||||
#endif |
||||
|
||||
+#ifndef FIPS_MODULE |
||||
/* |
||||
* Check if the explicit parameters group matches any built-in curves. |
||||
* |
||||
@@ -1424,7 +1425,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group, |
||||
* parameters with one created from a named group. |
||||
*/ |
||||
|
||||
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 |
||||
+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 |
||||
/* |
||||
* NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for |
||||
* the same curve, we prefer the SECP nid when matching explicit |
||||
@@ -1432,7 +1433,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group, |
||||
*/ |
||||
if (curve_name_nid == NID_wap_wsg_idm_ecid_wtls12) |
||||
curve_name_nid = NID_secp224r1; |
||||
-#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ |
||||
+# endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ |
||||
|
||||
ret_group = EC_GROUP_new_by_curve_name_ex(libctx, propq, curve_name_nid); |
||||
if (ret_group == NULL) |
||||
@@ -1467,6 +1468,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group, |
||||
EC_GROUP_free(ret_group); |
||||
return NULL; |
||||
} |
||||
+#endif /* FIPS_MODULE */ |
||||
|
||||
static EC_GROUP *group_new_from_name(const OSSL_PARAM *p, |
||||
OSSL_LIB_CTX *libctx, const char *propq) |
||||
@@ -1536,9 +1538,13 @@ int ossl_ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[]) |
||||
EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], |
||||
OSSL_LIB_CTX *libctx, const char *propq) |
||||
{ |
||||
- const OSSL_PARAM *ptmp, *pa, *pb; |
||||
+ const OSSL_PARAM *ptmp; |
||||
+ EC_GROUP *group = NULL; |
||||
+ |
||||
+#ifndef FIPS_MODULE |
||||
+ const OSSL_PARAM *pa, *pb; |
||||
int ok = 0; |
||||
- EC_GROUP *group = NULL, *named_group = NULL; |
||||
+ EC_GROUP *named_group = NULL; |
||||
BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL, *cofactor = NULL; |
||||
EC_POINT *point = NULL; |
||||
int field_bits = 0; |
||||
@@ -1546,6 +1552,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], |
||||
BN_CTX *bnctx = NULL; |
||||
const unsigned char *buf = NULL; |
||||
int encoding_flag = -1; |
||||
+#endif |
||||
|
||||
/* This is the simple named group case */ |
||||
ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); |
||||
@@ -1559,6 +1566,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], |
||||
} |
||||
return group; |
||||
} |
||||
+#ifdef FIPS_MODULE |
||||
+ ERR_raise(ERR_LIB_EC, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED); |
||||
+ return NULL; |
||||
+#else |
||||
/* If it gets here then we are trying explicit parameters */ |
||||
bnctx = BN_CTX_new_ex(libctx); |
||||
if (bnctx == NULL) { |
||||
@@ -1623,10 +1634,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], |
||||
/* create the EC_GROUP structure */ |
||||
group = EC_GROUP_new_curve_GFp(p, a, b, bnctx); |
||||
} else { |
||||
-#ifdef OPENSSL_NO_EC2M |
||||
+# ifdef OPENSSL_NO_EC2M |
||||
ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); |
||||
goto err; |
||||
-#else |
||||
+# else |
||||
/* create the EC_GROUP structure */ |
||||
group = EC_GROUP_new_curve_GF2m(p, a, b, NULL); |
||||
if (group != NULL) { |
||||
@@ -1636,7 +1647,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], |
||||
goto err; |
||||
} |
||||
} |
||||
-#endif /* OPENSSL_NO_EC2M */ |
||||
+# endif /* OPENSSL_NO_EC2M */ |
||||
} |
||||
|
||||
if (group == NULL) { |
||||
@@ -1733,4 +1744,5 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], |
||||
BN_CTX_free(bnctx); |
||||
|
||||
return group; |
||||
+#endif /* FIPS_MODULE */ |
||||
} |
||||
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt |
||||
index c4a94f955905..41df7127403c 100644 |
||||
--- a/crypto/err/openssl.txt |
||||
+++ b/crypto/err/openssl.txt |
||||
@@ -553,6 +553,7 @@ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing |
||||
EC_R_DECODE_ERROR:142:decode error |
||||
EC_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero |
||||
EC_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure |
||||
+EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED:127:explicit params not supported |
||||
EC_R_FAILED_MAKING_PUBLIC_KEY:166:failed making public key |
||||
EC_R_FIELD_TOO_LARGE:143:field too large |
||||
EC_R_GF2M_NOT_SUPPORTED:147:gf2m not supported |
||||
diff --git a/include/crypto/ecerr.h b/include/crypto/ecerr.h |
||||
index 07b6c7aa62dd..4658ae8fb2cd 100644 |
||||
--- a/include/crypto/ecerr.h |
||||
+++ b/include/crypto/ecerr.h |
||||
@@ -1,6 +1,6 @@ |
||||
/* |
||||
* Generated by util/mkerr.pl DO NOT EDIT |
||||
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. |
||||
+ * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. |
||||
* |
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use |
||||
* this file except in compliance with the License. You can obtain a copy |
||||
diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h |
||||
index 49088d208b2c..46405ac62d91 100644 |
||||
--- a/include/openssl/ecerr.h |
||||
+++ b/include/openssl/ecerr.h |
||||
@@ -1,6 +1,6 @@ |
||||
/* |
||||
* Generated by util/mkerr.pl DO NOT EDIT |
||||
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. |
||||
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. |
||||
* |
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use |
||||
* this file except in compliance with the License. You can obtain a copy |
||||
@@ -35,6 +35,7 @@ |
||||
# define EC_R_DECODE_ERROR 142 |
||||
# define EC_R_DISCRIMINANT_IS_ZERO 118 |
||||
# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 |
||||
+# define EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED 127 |
||||
# define EC_R_FAILED_MAKING_PUBLIC_KEY 166 |
||||
# define EC_R_FIELD_TOO_LARGE 143 |
||||
# define EC_R_GF2M_NOT_SUPPORTED 147 |
||||
diff --git a/test/endecode_test.c b/test/endecode_test.c |
||||
index 0c33dff0ee2b..3d78bea50ea3 100644 |
||||
--- a/test/endecode_test.c |
||||
+++ b/test/endecode_test.c |
||||
@@ -147,6 +147,7 @@ typedef int (checker)(const char *file, const int line, |
||||
typedef void (dumper)(const char *label, const void *data, size_t data_len); |
||||
|
||||
#define FLAG_DECODE_WITH_TYPE 0x0001 |
||||
+#define FLAG_FAIL_IF_FIPS 0x0002 |
||||
|
||||
static int test_encode_decode(const char *file, const int line, |
||||
const char *type, EVP_PKEY *pkey, |
||||
@@ -170,8 +171,19 @@ static int test_encode_decode(const char *file, const int line, |
||||
* dumping purposes. |
||||
*/ |
||||
if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection, |
||||
- output_type, output_structure, pass, pcipher)) |
||||
- || !TEST_true(check_cb(file, line, type, encoded, encoded_len)) |
||||
+ output_type, output_structure, pass, pcipher))) |
||||
+ goto end; |
||||
+ |
||||
+ if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips) { |
||||
+ if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded, |
||||
+ encoded_len, output_type, output_structure, |
||||
+ (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), |
||||
+ selection, pass))) |
||||
+ ok = 1; |
||||
+ goto end; |
||||
+ } |
||||
+ |
||||
+ if (!TEST_true(check_cb(file, line, type, encoded, encoded_len)) |
||||
|| !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len, |
||||
output_type, output_structure, |
||||
(flags & FLAG_DECODE_WITH_TYPE ? type : NULL), |
||||
@@ -525,7 +537,7 @@ static int check_unprotected_PKCS8_DER(const char *file, const int line, |
||||
return ok; |
||||
} |
||||
|
||||
-static int test_unprotected_via_DER(const char *type, EVP_PKEY *key) |
||||
+static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips) |
||||
{ |
||||
return test_encode_decode(__FILE__, __LINE__, type, key, |
||||
OSSL_KEYMGMT_SELECT_KEYPAIR |
||||
@@ -533,7 +545,7 @@ static int test_unprotected_via_DER(const char *type, EVP_PKEY *key) |
||||
"DER", "PrivateKeyInfo", NULL, NULL, |
||||
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
||||
test_mem, check_unprotected_PKCS8_DER, |
||||
- dump_der, 0); |
||||
+ dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); |
||||
} |
||||
|
||||
static int check_unprotected_PKCS8_PEM(const char *file, const int line, |
||||
@@ -547,7 +559,7 @@ static int check_unprotected_PKCS8_PEM(const char *file, const int line, |
||||
sizeof(expected_pem_header) - 1); |
||||
} |
||||
|
||||
-static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key) |
||||
+static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips) |
||||
{ |
||||
return test_encode_decode(__FILE__, __LINE__, type, key, |
||||
OSSL_KEYMGMT_SELECT_KEYPAIR |
||||
@@ -555,7 +567,7 @@ static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key) |
||||
"PEM", "PrivateKeyInfo", NULL, NULL, |
||||
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
||||
test_text, check_unprotected_PKCS8_PEM, |
||||
- dump_pem, 0); |
||||
+ dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); |
||||
} |
||||
|
||||
#ifndef OPENSSL_NO_KEYPARAMS |
||||
@@ -702,7 +714,7 @@ static int check_protected_PKCS8_DER(const char *file, const int line, |
||||
return ok; |
||||
} |
||||
|
||||
-static int test_protected_via_DER(const char *type, EVP_PKEY *key) |
||||
+static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips) |
||||
{ |
||||
return test_encode_decode(__FILE__, __LINE__, type, key, |
||||
OSSL_KEYMGMT_SELECT_KEYPAIR |
||||
@@ -711,7 +723,7 @@ static int test_protected_via_DER(const char *type, EVP_PKEY *key) |
||||
pass, pass_cipher, |
||||
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
||||
test_mem, check_protected_PKCS8_DER, |
||||
- dump_der, 0); |
||||
+ dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); |
||||
} |
||||
|
||||
static int check_protected_PKCS8_PEM(const char *file, const int line, |
||||
@@ -725,7 +737,7 @@ static int check_protected_PKCS8_PEM(const char *file, const int line, |
||||
sizeof(expected_pem_header) - 1); |
||||
} |
||||
|
||||
-static int test_protected_via_PEM(const char *type, EVP_PKEY *key) |
||||
+static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips) |
||||
{ |
||||
return test_encode_decode(__FILE__, __LINE__, type, key, |
||||
OSSL_KEYMGMT_SELECT_KEYPAIR |
||||
@@ -734,7 +746,7 @@ static int test_protected_via_PEM(const char *type, EVP_PKEY *key) |
||||
pass, pass_cipher, |
||||
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
||||
test_text, check_protected_PKCS8_PEM, |
||||
- dump_pem, 0); |
||||
+ dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); |
||||
} |
||||
|
||||
static int check_protected_legacy_PEM(const char *file, const int line, |
||||
@@ -795,14 +807,15 @@ static int check_public_DER(const char *file, const int line, |
||||
return ok; |
||||
} |
||||
|
||||
-static int test_public_via_DER(const char *type, EVP_PKEY *key) |
||||
+static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips) |
||||
{ |
||||
return test_encode_decode(__FILE__, __LINE__, type, key, |
||||
OSSL_KEYMGMT_SELECT_PUBLIC_KEY |
||||
| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, |
||||
"DER", "SubjectPublicKeyInfo", NULL, NULL, |
||||
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
||||
- test_mem, check_public_DER, dump_der, 0); |
||||
+ test_mem, check_public_DER, dump_der, |
||||
+ fips ? 0 : FLAG_FAIL_IF_FIPS); |
||||
} |
||||
|
||||
static int check_public_PEM(const char *file, const int line, |
||||
@@ -816,14 +829,15 @@ static int check_public_PEM(const char *file, const int line, |
||||
sizeof(expected_pem_header) - 1); |
||||
} |
||||
|
||||
-static int test_public_via_PEM(const char *type, EVP_PKEY *key) |
||||
+static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips) |
||||
{ |
||||
return test_encode_decode(__FILE__, __LINE__, type, key, |
||||
OSSL_KEYMGMT_SELECT_PUBLIC_KEY |
||||
| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, |
||||
"PEM", "SubjectPublicKeyInfo", NULL, NULL, |
||||
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
||||
- test_text, check_public_PEM, dump_pem, 0); |
||||
+ test_text, check_public_PEM, dump_pem, |
||||
+ fips ? 0 : FLAG_FAIL_IF_FIPS); |
||||
} |
||||
|
||||
static int check_public_MSBLOB(const char *file, const int line, |
||||
@@ -868,30 +882,30 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) |
||||
EVP_PKEY_free(template_##KEYTYPE); \ |
||||
EVP_PKEY_free(key_##KEYTYPE) |
||||
|
||||
-#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr) \ |
||||
+#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \ |
||||
static int test_unprotected_##KEYTYPE##_via_DER(void) \ |
||||
{ \ |
||||
- return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE); \ |
||||
+ return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ |
||||
} \ |
||||
static int test_unprotected_##KEYTYPE##_via_PEM(void) \ |
||||
{ \ |
||||
- return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ |
||||
+ return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ |
||||
} \ |
||||
static int test_protected_##KEYTYPE##_via_DER(void) \ |
||||
{ \ |
||||
- return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE); \ |
||||
+ return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ |
||||
} \ |
||||
static int test_protected_##KEYTYPE##_via_PEM(void) \ |
||||
{ \ |
||||
- return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ |
||||
+ return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ |
||||
} \ |
||||
static int test_public_##KEYTYPE##_via_DER(void) \ |
||||
{ \ |
||||
- return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE); \ |
||||
+ return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ |
||||
} \ |
||||
static int test_public_##KEYTYPE##_via_PEM(void) \ |
||||
{ \ |
||||
- return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ |
||||
+ return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ |
||||
} |
||||
|
||||
#define ADD_TEST_SUITE(KEYTYPE) \ |
||||
@@ -965,10 +979,10 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) |
||||
|
||||
#ifndef OPENSSL_NO_DH |
||||
DOMAIN_KEYS(DH); |
||||
-IMPLEMENT_TEST_SUITE(DH, "DH") |
||||
+IMPLEMENT_TEST_SUITE(DH, "DH", 1) |
||||
IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH") |
||||
DOMAIN_KEYS(DHX); |
||||
-IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH") |
||||
+IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1) |
||||
IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH") |
||||
/* |
||||
* DH has no support for PEM_write_bio_PrivateKey_traditional(), |
||||
@@ -977,7 +991,7 @@ IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH") |
||||
#endif |
||||
#ifndef OPENSSL_NO_DSA |
||||
DOMAIN_KEYS(DSA); |
||||
-IMPLEMENT_TEST_SUITE(DSA, "DSA") |
||||
+IMPLEMENT_TEST_SUITE(DSA, "DSA", 1) |
||||
IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA") |
||||
IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA") |
||||
IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA") |
||||
@@ -988,41 +1002,41 @@ IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA") |
||||
#endif |
||||
#ifndef OPENSSL_NO_EC |
||||
DOMAIN_KEYS(EC); |
||||
-IMPLEMENT_TEST_SUITE(EC, "EC") |
||||
+IMPLEMENT_TEST_SUITE(EC, "EC", 1) |
||||
IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC") |
||||
IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") |
||||
DOMAIN_KEYS(ECExplicitPrimeNamedCurve); |
||||
-IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC") |
||||
+IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) |
||||
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") |
||||
/*DOMAIN_KEYS(ECExplicitPrime2G);*/ |
||||
-/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")*/ |
||||
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/ |
||||
/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/ |
||||
# ifndef OPENSSL_NO_EC2M |
||||
DOMAIN_KEYS(ECExplicitTriNamedCurve); |
||||
-IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC") |
||||
+IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) |
||||
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC") |
||||
DOMAIN_KEYS(ECExplicitTri2G); |
||||
-IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC") |
||||
+IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0) |
||||
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC") |
||||
# endif |
||||
KEYS(ED25519); |
||||
-IMPLEMENT_TEST_SUITE(ED25519, "ED25519") |
||||
+IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1) |
||||
KEYS(ED448); |
||||
-IMPLEMENT_TEST_SUITE(ED448, "ED448") |
||||
+IMPLEMENT_TEST_SUITE(ED448, "ED448", 1) |
||||
KEYS(X25519); |
||||
-IMPLEMENT_TEST_SUITE(X25519, "X25519") |
||||
+IMPLEMENT_TEST_SUITE(X25519, "X25519", 1) |
||||
KEYS(X448); |
||||
-IMPLEMENT_TEST_SUITE(X448, "X448") |
||||
+IMPLEMENT_TEST_SUITE(X448, "X448", 1) |
||||
/* |
||||
* ED25519, ED448, X25519 and X448 have no support for |
||||
* PEM_write_bio_PrivateKey_traditional(), so no legacy tests. |
||||
*/ |
||||
#endif |
||||
KEYS(RSA); |
||||
-IMPLEMENT_TEST_SUITE(RSA, "RSA") |
||||
+IMPLEMENT_TEST_SUITE(RSA, "RSA", 1) |
||||
IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA") |
||||
KEYS(RSA_PSS); |
||||
-IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS") |
||||
+IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1) |
||||
/* |
||||
* RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(), |
||||
* so no legacy tests. |
@ -0,0 +1,140 @@
@@ -0,0 +1,140 @@
|
||||
diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c |
||||
index bea01fb38f66..48721369ae8f 100644 |
||||
--- a/crypto/ec/ec_backend.c |
||||
+++ b/crypto/ec/ec_backend.c |
||||
@@ -318,6 +318,11 @@ int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl, |
||||
return 0; |
||||
} |
||||
|
||||
+ if (!ossl_param_build_set_int(tmpl, params, |
||||
+ OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, |
||||
+ group->decoded_from_explicit_params)) |
||||
+ return 0; |
||||
+ |
||||
curve_nid = EC_GROUP_get_curve_name(group); |
||||
|
||||
/* |
||||
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c |
||||
index 6b0591c6c8c7..b1696d93bd6d 100644 |
||||
--- a/crypto/ec/ec_lib.c |
||||
+++ b/crypto/ec/ec_lib.c |
||||
@@ -1556,13 +1556,23 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], |
||||
/* This is the simple named group case */ |
||||
ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); |
||||
if (ptmp != NULL) { |
||||
- group = group_new_from_name(ptmp, libctx, propq); |
||||
- if (group != NULL) { |
||||
- if (!ossl_ec_group_set_params(group, params)) { |
||||
- EC_GROUP_free(group); |
||||
- group = NULL; |
||||
- } |
||||
+ int decoded = 0; |
||||
+ |
||||
+ if ((group = group_new_from_name(ptmp, libctx, propq)) == NULL) |
||||
+ return NULL; |
||||
+ if (!ossl_ec_group_set_params(group, params)) { |
||||
+ EC_GROUP_free(group); |
||||
+ return NULL; |
||||
+ } |
||||
+ |
||||
+ ptmp = OSSL_PARAM_locate_const(params, |
||||
+ OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS); |
||||
+ if (ptmp != NULL && !OSSL_PARAM_get_int(ptmp, &decoded)) { |
||||
+ ERR_raise(ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS); |
||||
+ EC_GROUP_free(group); |
||||
+ return NULL; |
||||
} |
||||
+ group->decoded_from_explicit_params = decoded > 0; |
||||
return group; |
||||
} |
||||
#ifdef FIPS_MODULE |
||||
@@ -1733,6 +1743,8 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], |
||||
EC_GROUP_free(group); |
||||
group = named_group; |
||||
} |
||||
+ /* We've imported the group from explicit parameters, set it so. */ |
||||
+ group->decoded_from_explicit_params = 1; |
||||
ok = 1; |
||||
err: |
||||
if (!ok) { |
||||
diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod |
||||
index eed83237c3b2..ee66a074f889 100644 |
||||
--- a/doc/man7/EVP_PKEY-EC.pod |
||||
+++ b/doc/man7/EVP_PKEY-EC.pod |
||||
@@ -70,8 +70,8 @@ I<order> multiplied by the I<cofactor> gives the number of points on the curve. |
||||
|
||||
=item "decoded-from-explicit" (B<OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS>) <integer> |
||||
|
||||
-Gets a flag indicating wether the key or parameters were decoded from explicit |
||||
-curve parameters. Set to 1 if so or 0 if a named curve was used. |
||||
+Sets or gets a flag indicating whether the key or parameters were decoded from |
||||
+explicit curve parameters. Set to 1 if so or 0 if a named curve was used. |
||||
|
||||
=item "use-cofactor-flag" (B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH>) <integer> |
||||
|
||||
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c |
||||
index 9260d4bf3635..7aed057cac89 100644 |
||||
--- a/providers/implementations/keymgmt/ec_kmgmt.c |
||||
+++ b/providers/implementations/keymgmt/ec_kmgmt.c |
||||
@@ -525,7 +525,8 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, |
||||
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_GENERATOR, NULL, 0), \ |
||||
OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_ORDER, NULL, 0), \ |
||||
OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_COFACTOR, NULL, 0), \ |
||||
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0) |
||||
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0), \ |
||||
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, NULL) |
||||
|
||||
# define EC_IMEXPORTABLE_PUBLIC_KEY \ |
||||
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) |
||||
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t |
||||
index 700bbd849c95..ede14864d5ac 100644 |
||||
--- a/test/recipes/25-test_verify.t |
||||
+++ b/test/recipes/25-test_verify.t |
||||
@@ -12,7 +12,7 @@ use warnings; |
||||
|
||||
use File::Spec::Functions qw/canonpath/; |
||||
use File::Copy; |
||||
-use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips with/; |
||||
+use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir ok_nofips with/; |
||||
use OpenSSL::Test::Utils; |
||||
|
||||
setup("test_verify"); |
||||
@@ -29,7 +29,7 @@ sub verify { |
||||
run(app([@args])); |
||||
} |
||||
|
||||
-plan tests => 160; |
||||
+plan tests => 163; |
||||
|
||||
# Canonical success |
||||
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), |
||||
@@ -309,6 +309,29 @@ SKIP: { |
||||
["ca-cert-ec-named"]), |
||||
"accept named curve leaf with named curve intermediate"); |
||||
} |
||||
+# Same as above but with base provider used for decoding |
||||
+SKIP: { |
||||
+ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); |
||||
+ skip "EC is not supported or FIPS is disabled", 3 |
||||
+ if disabled("ec") || $no_fips; |
||||
+ |
||||
+ my $provconf = srctop_file("test", "fips-and-base.cnf"); |
||||
+ my $provpath = bldtop_dir("providers"); |
||||
+ my @prov = ("-provider-path", $provpath); |
||||
+ $ENV{OPENSSL_CONF} = $provconf; |
||||
+ |
||||
+ ok(!verify("ee-cert-ec-explicit", "", ["root-cert"], |
||||
+ ["ca-cert-ec-named"], @prov), |
||||
+ "reject explicit curve leaf with named curve intermediate w/fips"); |
||||
+ ok(!verify("ee-cert-ec-named-explicit", "", ["root-cert"], |
||||
+ ["ca-cert-ec-explicit"], @prov), |
||||
+ "reject named curve leaf with explicit curve intermediate w/fips"); |
||||
+ ok(verify("ee-cert-ec-named-named", "", ["root-cert"], |
||||
+ ["ca-cert-ec-named"], @prov), |
||||
+ "accept named curve leaf with named curve intermediate w/fips"); |
||||
+ |
||||
+ delete $ENV{OPENSSL_CONF}; |
||||
+} |
||||
|
||||
# Depth tests, note the depth limit bounds the number of CA certificates |
||||
# between the trust-anchor and the leaf, so, for example, with a root->ca->leaf |
@ -0,0 +1,75 @@
@@ -0,0 +1,75 @@
|
||||
diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf |
||||
--- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200 |
||||
+++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200 |
||||
@@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1 |
||||
tsa_policy2 = 1.2.3.4.5.6 |
||||
tsa_policy3 = 1.2.3.4.5.7 |
||||
|
||||
-# For FIPS |
||||
-# Optionally include a file that is generated by the OpenSSL fipsinstall |
||||
-# application. This file contains configuration data required by the OpenSSL |
||||
-# fips provider. It contains a named section e.g. [fips_sect] which is |
||||
-# referenced from the [provider_sect] below. |
||||
-# Refer to the OpenSSL security policy for more information. |
||||
-# .include fipsmodule.cnf |
||||
- |
||||
[openssl_init] |
||||
providers = provider_sect |
||||
# Load default TLS policy configuration |
||||
ssl_conf = ssl_module |
||||
|
||||
-# List of providers to load |
||||
-[provider_sect] |
||||
-default = default_sect |
||||
-# The fips section name should match the section name inside the |
||||
-# included fipsmodule.cnf. |
||||
-# fips = fips_sect |
||||
+# Uncomment the sections that start with ## below to enable the legacy provider. |
||||
+# Loading the legacy provider enables support for the following algorithms: |
||||
+# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160 |
||||
+# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED |
||||
+# Key Derivation Function (KDF): PBKDF1 |
||||
+# In general it is not recommended to use the above mentioned algorithms for |
||||
+# security critical operations, as they are cryptographically weak or vulnerable |
||||
+# to side-channel attacks and as such have been deprecated. |
||||
|
||||
-# If no providers are activated explicitly, the default one is activated implicitly. |
||||
-# See man 7 OSSL_PROVIDER-default for more details. |
||||
-# |
||||
-# If you add a section explicitly activating any other provider(s), you most |
||||
-# probably need to explicitly activate the default provider, otherwise it |
||||
-# becomes unavailable in openssl. As a consequence applications depending on |
||||
-# OpenSSL may not work correctly which could lead to significant system |
||||
-# problems including inability to remotely access the system. |
||||
-[default_sect] |
||||
-# activate = 1 |
||||
+[provider_sect] |
||||
+default = default_sect |
||||
+##legacy = legacy_sect |
||||
+## |
||||
+[default_sect] |
||||
+activate = 1 |
||||
+ |
||||
+##[legacy_sect] |
||||
+##activate = 1 |
||||
|
||||
[ ssl_module ] |
||||
|
||||
diff -up openssl-3.0.0/doc/man5/config.pod.legacy-prov openssl-3.0.0/doc/man5/config.pod |
||||
--- openssl-3.0.0/doc/man5/config.pod.legacy-prov 2021-09-09 12:09:38.079040853 +0200 |
||||
+++ openssl-3.0.0/doc/man5/config.pod 2021-09-09 12:11:56.646224876 +0200 |
||||
@@ -273,6 +273,14 @@ significant. |
||||
All parameters in the section as well as sub-sections are made |
||||
available to the provider. |
||||
|
||||
+=head3 Loading the legacy provider |
||||
+ |
||||
+Uncomment the sections that start with ## in openssl.cnf |
||||
+to enable the legacy provider. |
||||
+Note: In general it is not recommended to use the above mentioned algorithms for |
||||
+security critical operations, as they are cryptographically weak or vulnerable |
||||
+to side-channel attacks and as such have been deprecated. |
||||
+ |
||||
=head3 Default provider and its activation |
||||
|
||||
If no providers are activated explicitly, the default one is activated implicitly. |
@ -0,0 +1,18 @@
@@ -0,0 +1,18 @@
|
||||
diff -up openssl-3.0.0/apps/openssl.cnf.xxx openssl-3.0.0/apps/openssl.cnf |
||||
--- openssl-3.0.0/apps/openssl.cnf.xxx 2021-11-23 16:29:50.618691603 +0100 |
||||
+++ openssl-3.0.0/apps/openssl.cnf 2021-11-23 16:28:16.872882099 +0100 |
||||
@@ -55,11 +55,11 @@ providers = provider_sect |
||||
# to side-channel attacks and as such have been deprecated. |
||||
|
||||
[provider_sect] |
||||
-default = default_sect |
||||
+##default = default_sect |
||||
##legacy = legacy_sect |
||||
## |
||||
-[default_sect] |
||||
-activate = 1 |
||||
+##[default_sect] |
||||
+##activate = 1 |
||||
|
||||
##[legacy_sect] |
||||
##activate = 1 |
@ -0,0 +1,40 @@
@@ -0,0 +1,40 @@
|
||||
diff -up openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit openssl-3.0.0/test/recipes/90-test_sslapi.t |
||||
--- openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit 2021-09-22 11:56:49.452507975 +0200 |
||||
+++ openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-09-22 11:57:19.371764742 +0200 |
||||
@@ -40,7 +40,7 @@ unless ($no_fips) { |
||||
srctop_file("test", "recipes", "90-test_sslapi_data", |
||||
"passwd.txt"), $tmpfilename, "fips", |
||||
srctop_file("test", "fips-and-base.cnf")])), |
||||
- "running sslapitest"); |
||||
+ "running sslapitest - FIPS"); |
||||
} |
||||
|
||||
unlink $tmpfilename; |
||||
diff --git a/test/sslapitest.c b/test/sslapitest.c |
||||
index e95d2657f46c..7af0eab3fce0 100644 |
||||
--- a/test/sslapitest.c |
||||
+++ b/test/sslapitest.c |
||||
@@ -1158,6 +1158,11 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls, |
||||
goto end; |
||||
} |
||||
|
||||
+ if (is_fips && strstr(cipher, "CHACHA") != NULL) { |
||||
+ testresult = TEST_skip("CHACHA is not supported in FIPS"); |
||||
+ goto end; |
||||
+ } |
||||
+ |
||||
/* Create a session based on SHA-256 */ |
||||
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), |
||||
TLS_client_method(), |
||||
@@ -1292,6 +1297,11 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher) |
||||
goto end; |
||||
} |
||||
|
||||
+ if (is_fips && strstr(cipher, "CHACHA") != NULL) { |
||||
+ testresult = TEST_skip("CHACHA is not supported in FIPS"); |
||||
+ goto end; |
||||
+ } |
||||
+ |
||||
/* Create a session based on SHA-256 */ |
||||
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), |
||||
TLS_client_method(), |
@ -0,0 +1,165 @@
@@ -0,0 +1,165 @@
|
||||
#Note: provider_conf_activate() is introduced in downstream only. It is a rewrite |
||||
#(partial) of the function provider_conf_load() under the 'if (activate) section. |
||||
#If there is any change to this section, after deleting it in provider_conf_load() |
||||
#ensure that you also add those changes to the provider_conf_activate() function. |
||||
#additionally please add this check for cnf explicitly as shown below. |
||||
#'ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;' |
||||
diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c |
||||
--- openssl-3.0.1/crypto/provider_conf.c.fipsact 2022-05-12 12:44:31.199034948 +0200 |
||||
+++ openssl-3.0.1/crypto/provider_conf.c 2022-05-12 12:49:17.468318373 +0200 |
||||
@@ -136,58 +136,18 @@ static int prov_already_activated(const |
||||
return 0; |
||||
} |
||||
|
||||
-static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, |
||||
- const char *value, const CONF *cnf) |
||||
+static int provider_conf_activate(OSSL_LIB_CTX *libctx,const char *name, |
||||
+ const char *value, const char *path, |
||||
+ int soft, const CONF *cnf) |
||||
{ |
||||
- int i; |
||||
- STACK_OF(CONF_VALUE) *ecmds; |
||||
- int soft = 0; |
||||
- OSSL_PROVIDER *prov = NULL, *actual = NULL; |
||||
- const char *path = NULL; |
||||
- long activate = 0; |
||||
int ok = 0; |
||||
- |
||||
- name = skip_dot(name); |
||||
- OSSL_TRACE1(CONF, "Configuring provider %s\n", name); |
||||
- /* Value is a section containing PROVIDER commands */ |
||||
- ecmds = NCONF_get_section(cnf, value); |
||||
- |
||||
- if (!ecmds) { |
||||
- ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, |
||||
- "section=%s not found", value); |
||||
- return 0; |
||||
- } |
||||
- |
||||
- /* Find the needed data first */ |
||||
- for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { |
||||
- CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i); |
||||
- const char *confname = skip_dot(ecmd->name); |
||||
- const char *confvalue = ecmd->value; |
||||
- |
||||
- OSSL_TRACE2(CONF, "Provider command: %s = %s\n", |
||||
- confname, confvalue); |
||||
- |
||||
- /* First handle some special pseudo confs */ |
||||
- |
||||
- /* Override provider name to use */ |
||||
- if (strcmp(confname, "identity") == 0) |
||||
- name = confvalue; |
||||
- else if (strcmp(confname, "soft_load") == 0) |
||||
- soft = 1; |
||||
- /* Load a dynamic PROVIDER */ |
||||
- else if (strcmp(confname, "module") == 0) |
||||
- path = confvalue; |
||||
- else if (strcmp(confname, "activate") == 0) |
||||
- activate = 1; |
||||
- } |
||||
- |
||||
- if (activate) { |
||||
- PROVIDER_CONF_GLOBAL *pcgbl |
||||
- = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, |
||||
- &provider_conf_ossl_ctx_method); |
||||
+ OSSL_PROVIDER *prov = NULL, *actual = NULL; |
||||
+ PROVIDER_CONF_GLOBAL *pcgbl |
||||
+ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, |
||||
+ &provider_conf_ossl_ctx_method); |
||||
|
||||
if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) { |
||||
- ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); |
||||
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); |
||||
return 0; |
||||
} |
||||
if (!prov_already_activated(name, pcgbl->activated_providers)) { |
||||
@@ -216,7 +176,7 @@ static int provider_conf_load(OSSL_LIB_C |
||||
if (path != NULL) |
||||
ossl_provider_set_module_path(prov, path); |
||||
|
||||
- ok = provider_conf_params(prov, NULL, NULL, value, cnf); |
||||
+ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1; |
||||
|
||||
if (ok) { |
||||
if (!ossl_provider_activate(prov, 1, 0)) { |
||||
@@ -244,8 +204,59 @@ static int provider_conf_load(OSSL_LIB_C |
||||
} |
||||
if (!ok) |
||||
ossl_provider_free(prov); |
||||
+ } else { /* No reason to activate the provider twice, returning OK */ |
||||
+ ok = 1; |
||||
} |
||||
CRYPTO_THREAD_unlock(pcgbl->lock); |
||||
+ return ok; |
||||
+} |
||||
+ |
||||
+static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, |
||||
+ const char *value, const CONF *cnf) |
||||
+{ |
||||
+ int i; |
||||
+ STACK_OF(CONF_VALUE) *ecmds; |
||||
+ int soft = 0; |
||||
+ const char *path = NULL; |
||||
+ long activate = 0; |
||||
+ int ok = 0; |
||||
+ |
||||
+ name = skip_dot(name); |
||||
+ OSSL_TRACE1(CONF, "Configuring provider %s\n", name); |
||||
+ /* Value is a section containing PROVIDER commands */ |
||||
+ ecmds = NCONF_get_section(cnf, value); |
||||
+ |
||||
+ if (!ecmds) { |
||||
+ ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, |
||||
+ "section=%s not found", value); |
||||
+ return 0; |
||||
+ } |
||||
+ |
||||
+ /* Find the needed data first */ |
||||
+ for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { |
||||
+ CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i); |
||||
+ const char *confname = skip_dot(ecmd->name); |
||||
+ const char *confvalue = ecmd->value; |
||||
+ |
||||
+ OSSL_TRACE2(CONF, "Provider command: %s = %s\n", |
||||
+ confname, confvalue); |
||||
+ |
||||
+ /* First handle some special pseudo confs */ |
||||
+ |
||||
+ /* Override provider name to use */ |
||||
+ if (strcmp(confname, "identity") == 0) |
||||
+ name = confvalue; |
||||
+ else if (strcmp(confname, "soft_load") == 0) |
||||
+ soft = 1; |
||||
+ /* Load a dynamic PROVIDER */ |
||||
+ else if (strcmp(confname, "module") == 0) |
||||
+ path = confvalue; |
||||
+ else if (strcmp(confname, "activate") == 0) |
||||
+ activate = 1; |
||||
+ } |
||||
+ |
||||
+ if (activate) { |
||||
+ ok = provider_conf_activate(libctx, name, value, path, soft, cnf); |
||||
} else { |
||||
OSSL_PROVIDER_INFO entry; |
||||
|
||||
@@ -306,6 +317,19 @@ static int provider_conf_init(CONF_IMODU |
||||
return 0; |
||||
} |
||||
|
||||
+ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */ |
||||
+ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf); |
||||
+ PROVIDER_CONF_GLOBAL *pcgbl |
||||
+ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, |
||||
+ &provider_conf_ossl_ctx_method); |
||||
+ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1) |
||||
+ return 0; |
||||
+ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1) |
||||
+ return 0; |
||||
+ if (EVP_default_properties_enable_fips(libctx, 1) != 1) |
||||
+ return 0; |
||||
+ } |
||||
+ |
||||
return 1; |
||||
} |
||||
|
@ -0,0 +1,223 @@
@@ -0,0 +1,223 @@
|
||||
diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/providers/fips/self_test.c |
||||
--- openssl-3.0.0/providers/fips/self_test.c.embed-hmac 2021-11-16 13:57:05.127171056 +0100 |
||||
+++ openssl-3.0.0/providers/fips/self_test.c 2021-11-16 14:07:21.963412455 +0100 |
||||
@@ -171,11 +171,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void) |
||||
} |
||||
#endif |
||||
|
||||
+#define HMAC_LEN 32 |
||||
+/* |
||||
+ * The __attribute__ ensures we've created the .rodata1 section |
||||
+ * static ensures it's zero filled |
||||
+*/ |
||||
+static const unsigned char __attribute__ ((section (".rodata1"))) fips_hmac_container[HMAC_LEN] = {0}; |
||||
+ |
||||
/* |
||||
* Calculate the HMAC SHA256 of data read using a BIO and read_cb, and verify |
||||
* the result matches the expected value. |
||||
* Return 1 if verified, or 0 if it fails. |
||||
*/ |
||||
+#ifndef __USE_GNU |
||||
+#define __USE_GNU |
||||
+#include <dlfcn.h> |
||||
+#undef __USE_GNU |
||||
+#else |
||||
+#include <dlfcn.h> |
||||
+#endif |
||||
+#include <link.h> |
||||
+ |
||||
static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, |
||||
unsigned char *expected, size_t expected_len, |
||||
OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, |
||||
@@ -183,14 +199,26 @@ static int verify_integrity(OSSL_CORE_BI |
||||
{ |
||||
int ret = 0, status; |
||||
unsigned char out[MAX_MD_SIZE]; |
||||
- unsigned char buf[INTEGRITY_BUF_SIZE]; |
||||
+ unsigned char buf[INTEGRITY_BUF_SIZE+HMAC_LEN]; |
||||
size_t bytes_read = 0, out_len = 0; |
||||
EVP_MAC *mac = NULL; |
||||
EVP_MAC_CTX *ctx = NULL; |
||||
OSSL_PARAM params[2], *p = params; |
||||
+ Dl_info info; |
||||
+ void *extra_info = NULL; |
||||
+ struct link_map *lm = NULL; |
||||
+ unsigned long paddr; |
||||
+ unsigned long off = 0; |
||||
+ int have_rest = 0; |
||||
|
||||
OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); |
||||
|
||||
+ if (!dladdr1 ((const void *)fips_hmac_container, |
||||
+ &info, &extra_info, RTLD_DL_LINKMAP)) |
||||
+ goto err; |
||||
+ lm = extra_info; |
||||
+ paddr = (unsigned long)fips_hmac_container - lm->l_addr; |
||||
+ |
||||
mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); |
||||
if (mac == NULL) |
||||
goto err; |
||||
@@ -204,12 +233,53 @@ static int verify_integrity(OSSL_CORE_BI |
||||
if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) |
||||
goto err; |
||||
|
||||
+ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read); |
||||
+ if (status != 1 || bytes_read != HMAC_LEN) |
||||
+ goto err; |
||||
+ off += HMAC_LEN; |
||||
+ |
||||
while (1) { |
||||
- status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read); |
||||
- if (status != 1) |
||||
+ status = read_ex_cb(bio, buf+HMAC_LEN, INTEGRITY_BUF_SIZE, &bytes_read); |
||||
+ if (status != 1) { |
||||
+ have_rest = 1; |
||||
+ break; |
||||
+ } |
||||
+ |
||||
+ if (bytes_read == INTEGRITY_BUF_SIZE) { /* Full block */ |
||||
+ /* Logic: |
||||
+ * We have HMAC_LEN (read before) + INTEGRITY_BUF_SIZE (read now) in buffer |
||||
+ * We calculate HMAC from first INTEGRITY_BUF_SIZE bytes |
||||
+ * and move last HMAC_LEN bytes to the beginning of the buffer |
||||
+ * |
||||
+ * If we have read (a part of) buffer fips_hmac_container |
||||
+ * we should replace it with zeros. |
||||
+ * If it is inside our current buffer, we will update now. |
||||
+ * If it intersects the upper bound, we will clean up on the next step. |
||||
+ */ |
||||
+ if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read) |
||||
+ memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN); |
||||
+ off += bytes_read; |
||||
+ |
||||
+ if (!EVP_MAC_update(ctx, buf, bytes_read)) |
||||
+ goto err; |
||||
+ memcpy (buf, buf+INTEGRITY_BUF_SIZE, HMAC_LEN); |
||||
+ } else { /* Final block */ |
||||
+ /* Logic is basically the same as in previous branch |
||||
+ * but we calculate HMAC from HMAC_LEN (rest of previous step) |
||||
+ * and bytes_read read on this step |
||||
+ * */ |
||||
+ if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read) |
||||
+ memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN); |
||||
+ if (!EVP_MAC_update(ctx, buf, bytes_read+HMAC_LEN)) |
||||
+ goto err; |
||||
+ off += bytes_read; |
||||
break; |
||||
- if (!EVP_MAC_update(ctx, buf, bytes_read)) |
||||
+ } |
||||
+ } |
||||
+ if (have_rest) { |
||||
+ if (!EVP_MAC_update(ctx, buf, HMAC_LEN)) |
||||
goto err; |
||||
+ off += HMAC_LEN; |
||||
} |
||||
if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) |
||||
goto err; |
||||
@@ -284,8 +358,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS |
||||
CRYPTO_THREAD_unlock(fips_state_lock); |
||||
} |
||||
|
||||
- if (st == NULL |
||||
- || st->module_checksum_data == NULL) { |
||||
+ if (st == NULL) { |
||||
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); |
||||
goto end; |
||||
} |
||||
@@ -294,8 +367,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS |
||||
if (ev == NULL) |
||||
goto end; |
||||
|
||||
- module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data, |
||||
- &checksum_len); |
||||
+ module_checksum = fips_hmac_container; |
||||
+ checksum_len = sizeof(fips_hmac_container); |
||||
+ |
||||
if (module_checksum == NULL) { |
||||
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); |
||||
goto end; |
||||
@@ -357,7 +431,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS |
||||
ok = 1; |
||||
end: |
||||
OSSL_SELF_TEST_free(ev); |
||||
- OPENSSL_free(module_checksum); |
||||
OPENSSL_free(indicator_checksum); |
||||
|
||||
if (st != NULL) { |
||||
diff -ruN openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t |
||||
--- openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200 |
||||
+++ openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t 2021-11-18 09:39:53.386817874 +0100 |
||||
@@ -20,7 +20,7 @@ |
||||
use lib bldtop_dir('.'); |
||||
use platform; |
||||
|
||||
-my $no_check = disabled("fips"); |
||||
+my $no_check = 1; |
||||
plan skip_all => "FIPS module config file only supported in a fips build" |
||||
if $no_check; |
||||
|
||||
diff -ruN openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t |
||||
--- openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200 |
||||
+++ openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t 2021-11-18 09:59:02.315619486 +0100 |
||||
@@ -23,7 +23,7 @@ |
||||
use lib bldtop_dir('.'); |
||||
use platform; |
||||
|
||||
-my $no_check = disabled("fips"); |
||||
+my $no_check = 1; |
||||
plan skip_all => "Test only supported in a fips build" |
||||
if $no_check; |
||||
plan tests => 1; |
||||
diff -ruN openssl-3.0.0/test/recipes/03-test_fipsinstall.t openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t |
||||
--- openssl-3.0.0/test/recipes/03-test_fipsinstall.t 2021-09-07 13:46:32.000000000 +0200 |
||||
+++ openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t 2021-11-18 09:59:55.365072074 +0100 |
||||
@@ -22,7 +22,7 @@ |
||||
use lib bldtop_dir('.'); |
||||
use platform; |
||||
|
||||
-plan skip_all => "Test only supported in a fips build" if disabled("fips"); |
||||
+plan skip_all => "Test only supported in a fips build" if 1; |
||||
|
||||
plan tests => 29; |
||||
|
||||
diff -ruN openssl-3.0.0/test/recipes/30-test_defltfips.t openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t |
||||
--- openssl-3.0.0/test/recipes/30-test_defltfips.t 2021-09-07 13:46:32.000000000 +0200 |
||||
+++ openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t 2021-11-18 10:22:54.179659682 +0100 |
||||
@@ -21,7 +21,7 @@ |
||||
use lib srctop_dir('Configurations'); |
||||
use lib bldtop_dir('.'); |
||||
|
||||
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); |
||||
+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); |
||||
|
||||
plan tests => |
||||
($no_fips ? 1 : 5); |
||||
diff -ruN openssl-3.0.0/test/recipes/80-test_ssl_new.t openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t |
||||
--- openssl-3.0.0/test/recipes/80-test_ssl_new.t 2021-09-07 13:46:32.000000000 +0200 |
||||
+++ openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t 2021-11-18 10:18:53.391721164 +0100 |
||||
@@ -23,7 +23,7 @@ |
||||
use lib srctop_dir('Configurations'); |
||||
use lib bldtop_dir('.'); |
||||
|
||||
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); |
||||
+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); |
||||
|
||||
$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); |
||||
|
||||
diff -ruN openssl-3.0.0/test/recipes/90-test_sslapi.t openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t |
||||
--- openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-11-18 10:32:17.734196705 +0100 |
||||
+++ openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t 2021-11-18 10:18:30.695538445 +0100 |
||||
@@ -18,7 +18,7 @@ |
||||
use lib srctop_dir('Configurations'); |
||||
use lib bldtop_dir('.'); |
||||
|
||||
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); |
||||
+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); |
||||
|
||||
plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" |
||||
if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); |
||||
--- /dev/null 2021-11-16 15:27:32.915000000 +0100 |
||||
+++ openssl-3.0.0/test/fipsmodule.cnf 2021-11-18 11:15:34.538060408 +0100 |
||||
@@ -0,0 +1,2 @@ |
||||
+[fips_sect] |
||||
+activate = 1 |
@ -0,0 +1,406 @@
@@ -0,0 +1,406 @@
|
||||
diff -up openssl-3.0.0/apps/fipsinstall.c.xxx openssl-3.0.0/apps/fipsinstall.c |
||||
--- openssl-3.0.0/apps/fipsinstall.c.xxx 2021-11-22 13:09:28.232560235 +0100 |
||||
+++ openssl-3.0.0/apps/fipsinstall.c 2021-11-22 13:12:22.272058910 +0100 |
||||
@@ -311,6 +311,9 @@ int fipsinstall_main(int argc, char **ar |
||||
EVP_MAC *mac = NULL; |
||||
CONF *conf = NULL; |
||||
|
||||
+ BIO_printf(bio_err, "This command is not enabled in the Red Hat Enterprise Linux OpenSSL build, please consult Red Hat documentation to learn how to enable FIPS mode\n"); |
||||
+ return 1; |
||||
+ |
||||
if ((opts = sk_OPENSSL_STRING_new_null()) == NULL) |
||||
goto end; |
||||
|
||||
diff -up openssl-3.0.0/doc/man1/openssl.pod.xxx openssl-3.0.0/doc/man1/openssl.pod |
||||
--- openssl-3.0.0/doc/man1/openssl.pod.xxx 2021-11-22 13:18:51.081406990 +0100 |
||||
+++ openssl-3.0.0/doc/man1/openssl.pod 2021-11-22 13:19:02.897508738 +0100 |
||||
@@ -158,10 +158,6 @@ Engine (loadable module) information and |
||||
|
||||
Error Number to Error String Conversion. |
||||
|
||||
-=item B<fipsinstall> |
||||
- |
||||
-FIPS configuration installation. |
||||
- |
||||
=item B<gendsa> |
||||
|
||||
Generation of DSA Private Key from Parameters. Superseded by |
||||
diff -up openssl-3.0.0/doc/man5/config.pod.xxx openssl-3.0.0/doc/man5/config.pod |
||||
--- openssl-3.0.0/doc/man5/config.pod.xxx 2021-11-22 13:24:51.359509501 +0100 |
||||
+++ openssl-3.0.0/doc/man5/config.pod 2021-11-22 13:26:02.360121820 +0100 |
||||
@@ -573,7 +573,6 @@ configuration files using that syntax wi |
||||
=head1 SEE ALSO |
||||
|
||||
L<openssl-x509(1)>, L<openssl-req(1)>, L<openssl-ca(1)>, |
||||
-L<openssl-fipsinstall(1)>, |
||||
L<ASN1_generate_nconf(3)>, |
||||
L<EVP_set_default_properties(3)>, |
||||
L<CONF_modules_load(3)>, |
||||
diff -up openssl-3.0.0/doc/man5/fips_config.pod.xxx openssl-3.0.0/doc/man5/fips_config.pod |
||||
--- openssl-3.0.0/doc/man5/fips_config.pod.xxx 2021-11-22 13:21:13.812636065 +0100 |
||||
+++ openssl-3.0.0/doc/man5/fips_config.pod 2021-11-22 13:24:12.278172847 +0100 |
||||
@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration |
||||
|
||||
=head1 DESCRIPTION |
||||
|
||||
-A separate configuration file, using the OpenSSL L<config(5)> syntax, |
||||
-is used to hold information about the FIPS module. This includes a digest |
||||
-of the shared library file, and status about the self-testing. |
||||
-This data is used automatically by the module itself for two |
||||
-purposes: |
||||
- |
||||
-=over 4 |
||||
- |
||||
-=item - Run the startup FIPS self-test known answer tests (KATS). |
||||
- |
||||
-This is normally done once, at installation time, but may also be set up to |
||||
-run each time the module is used. |
||||
- |
||||
-=item - Verify the module's checksum. |
||||
- |
||||
-This is done each time the module is used. |
||||
- |
||||
-=back |
||||
- |
||||
-This file is generated by the L<openssl-fipsinstall(1)> program, and |
||||
-used internally by the FIPS module during its initialization. |
||||
- |
||||
-The following options are supported. They should all appear in a section |
||||
-whose name is identified by the B<fips> option in the B<providers> |
||||
-section, as described in L<config(5)/Provider Configuration Module>. |
||||
- |
||||
-=over 4 |
||||
- |
||||
-=item B<activate> |
||||
- |
||||
-If present, the module is activated. The value assigned to this name is not |
||||
-significant. |
||||
- |
||||
-=item B<install-version> |
||||
- |
||||
-A version number for the fips install process. Should be 1. |
||||
- |
||||
-=item B<conditional-errors> |
||||
- |
||||
-The FIPS module normally enters an internal error mode if any self test fails. |
||||
-Once this error mode is active, no services or cryptographic algorithms are |
||||
-accessible from this point on. |
||||
-Continuous tests are a subset of the self tests (e.g., a key pair test during key |
||||
-generation, or the CRNG output test). |
||||
-Setting this value to C<0> allows the error mode to not be triggered if any |
||||
-continuous test fails. The default value of C<1> will trigger the error mode. |
||||
-Regardless of the value, the operation (e.g., key generation) that called the |
||||
-continuous test will return an error code if its continuous test fails. The |
||||
-operation may then be retried if the error mode has not been triggered. |
||||
- |
||||
-=item B<security-checks> |
||||
- |
||||
-This indicates if run-time checks related to enforcement of security parameters |
||||
-such as minimum security strength of keys and approved curve names are used. |
||||
-A value of '1' will perform the checks, otherwise if the value is '0' the checks |
||||
-are not performed and FIPS compliance must be done by procedures documented in |
||||
-the relevant Security Policy. |
||||
- |
||||
-=item B<module-mac> |
||||
- |
||||
-The calculated MAC of the FIPS provider file. |
||||
- |
||||
-=item B<install-status> |
||||
- |
||||
-An indicator that the self-tests were successfully run. |
||||
-This should only be written after the module has |
||||
-successfully passed its self tests during installation. |
||||
-If this field is not present, then the self tests will run when the module |
||||
-loads. |
||||
- |
||||
-=item B<install-mac> |
||||
- |
||||
-A MAC of the value of the B<install-status> option, to prevent accidental |
||||
-changes to that value. |
||||
-It is written-to at the same time as B<install-status> is updated. |
||||
- |
||||
-=back |
||||
- |
||||
-For example: |
||||
- |
||||
- [fips_sect] |
||||
- activate = 1 |
||||
- install-version = 1 |
||||
- conditional-errors = 1 |
||||
- security-checks = 1 |
||||
- module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC |
||||
- install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C |
||||
- install-status = INSTALL_SELF_TEST_KATS_RUN |
||||
- |
||||
-=head1 NOTES |
||||
- |
||||
-When using the FIPS provider, it is recommended that the |
||||
-B<config_diagnostics> option is enabled to prevent accidental use of |
||||
-non-FIPS validated algorithms via broken or mistaken configuration. |
||||
-See L<config(5)>. |
||||
- |
||||
-=head1 SEE ALSO |
||||
- |
||||
-L<config(5)> |
||||
-L<openssl-fipsinstall(1)> |
||||
+This command is disabled in Red Hat Enterprise Linux. The FIPS provider is |
||||
+automatically loaded when the system is booted in FIPS mode, or when the |
||||
+environment variable B<OPENSSL_FORCE_FIPS_MODE> is set. See the documentation |
||||
+for more information. |
||||
|
||||
=head1 COPYRIGHT |
||||
|
||||
diff -up openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod |
||||
--- openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx 2021-11-22 13:18:13.850086386 +0100 |
||||
+++ openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod 2021-11-22 13:18:24.607179038 +0100 |
||||
@@ -388,7 +388,6 @@ A simple self test callback is shown bel |
||||
|
||||
=head1 SEE ALSO |
||||
|
||||
-L<openssl-fipsinstall(1)>, |
||||
L<fips_config(5)>, |
||||
L<OSSL_SELF_TEST_set_callback(3)>, |
||||
L<OSSL_SELF_TEST_new(3)>, |
||||
diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in |
||||
--- openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac 2022-01-11 13:26:33.279906225 +0100 |
||||
+++ openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in 2022-01-11 13:33:18.757994419 +0100 |
||||
@@ -8,236 +8,11 @@ openssl-fipsinstall - perform FIPS confi |
||||
=head1 SYNOPSIS |
||||
|
||||
B<openssl fipsinstall> |
||||
-[B<-help>] |
||||
-[B<-in> I<configfilename>] |
||||
-[B<-out> I<configfilename>] |
||||
-[B<-module> I<modulefilename>] |
||||
-[B<-provider_name> I<providername>] |
||||
-[B<-section_name> I<sectionname>] |
||||
-[B<-verify>] |
||||
-[B<-mac_name> I<macname>] |
||||
-[B<-macopt> I<nm>:I<v>] |
||||
-[B<-noout>] |
||||
-[B<-quiet>] |
||||
-[B<-no_conditional_errors>] |
||||
-[B<-no_security_checks>] |
||||
-[B<-self_test_onload>] |
||||
-[B<-corrupt_desc> I<selftest_description>] |
||||
-[B<-corrupt_type> I<selftest_type>] |
||||
-[B<-config> I<parent_config>] |
||||
|
||||
=head1 DESCRIPTION |
||||
- |
||||
-This command is used to generate a FIPS module configuration file. |
||||
-This configuration file can be used each time a FIPS module is loaded |
||||
-in order to pass data to the FIPS module self tests. The FIPS module always |
||||
-verifies its MAC, but optionally only needs to run the KAT's once, |
||||
-at installation. |
||||
- |
||||
-The generated configuration file consists of: |
||||
- |
||||
-=over 4 |
||||
- |
||||
-=item - A MAC of the FIPS module file. |
||||
- |
||||
-=item - A test status indicator. |
||||
- |
||||
-This indicates if the Known Answer Self Tests (KAT's) have successfully run. |
||||
- |
||||
-=item - A MAC of the status indicator. |
||||
- |
||||
-=item - A control for conditional self tests errors. |
||||
- |
||||
-By default if a continuous test (e.g a key pair test) fails then the FIPS module |
||||
-will enter an error state, and no services or cryptographic algorithms will be |
||||
-able to be accessed after this point. |
||||
-The default value of '1' will cause the fips module error state to be entered. |
||||
-If the value is '0' then the module error state will not be entered. |
||||
-Regardless of whether the error state is entered or not, the current operation |
||||
-(e.g. key generation) will return an error. The user is responsible for retrying |
||||
-the operation if the module error state is not entered. |
||||
- |
||||
-=item - A control to indicate whether run-time security checks are done. |
||||
- |
||||
-This indicates if run-time checks related to enforcement of security parameters |
||||
-such as minimum security strength of keys and approved curve names are used. |
||||
-The default value of '1' will perform the checks. |
||||
-If the value is '0' the checks are not performed and FIPS compliance must |
||||
-be done by procedures documented in the relevant Security Policy. |
||||
- |
||||
-=back |
||||
- |
||||
-This file is described in L<fips_config(5)>. |
||||
- |
||||
-=head1 OPTIONS |
||||
- |
||||
-=over 4 |
||||
- |
||||
-=item B<-help> |
||||
- |
||||
-Print a usage message. |
||||
- |
||||
-=item B<-module> I<filename> |
||||
- |
||||
-Filename of the FIPS module to perform an integrity check on. |
||||
-The path provided in the filename is used to load the module when it is |
||||
-activated, and this overrides the environment variable B<OPENSSL_MODULES>. |
||||
- |
||||
-=item B<-out> I<configfilename> |
||||
- |
||||
-Filename to output the configuration data to; the default is standard output. |
||||
- |
||||
-=item B<-in> I<configfilename> |
||||
- |
||||
-Input filename to load configuration data from. |
||||
-Must be used if the B<-verify> option is specified. |
||||
- |
||||
-=item B<-verify> |
||||
- |
||||
-Verify that the input configuration file contains the correct information. |
||||
- |
||||
-=item B<-provider_name> I<providername> |
||||
- |
||||
-Name of the provider inside the configuration file. |
||||
-The default value is C<fips>. |
||||
- |
||||
-=item B<-section_name> I<sectionname> |
||||
- |
||||
-Name of the section inside the configuration file. |
||||
-The default value is C<fips_sect>. |
||||
- |
||||
-=item B<-mac_name> I<name> |
||||
- |
||||
-Specifies the name of a supported MAC algorithm which will be used. |
||||
-The MAC mechanisms that are available will depend on the options |
||||
-used when building OpenSSL. |
||||
-To see the list of supported MAC's use the command |
||||
-C<openssl list -mac-algorithms>. The default is B<HMAC>. |
||||
- |
||||
-=item B<-macopt> I<nm>:I<v> |
||||
- |
||||
-Passes options to the MAC algorithm. |
||||
-A comprehensive list of controls can be found in the EVP_MAC implementation |
||||
-documentation. |
||||
-Common control strings used for this command are: |
||||
- |
||||
-=over 4 |
||||
- |
||||
-=item B<key>:I<string> |
||||
- |
||||
-Specifies the MAC key as an alphanumeric string (use if the key contains |
||||
-printable characters only). |
||||
-The string length must conform to any restrictions of the MAC algorithm. |
||||
-A key must be specified for every MAC algorithm. |
||||
-If no key is provided, the default that was specified when OpenSSL was |
||||
-configured is used. |
||||
- |
||||
-=item B<hexkey>:I<string> |
||||
- |
||||
-Specifies the MAC key in hexadecimal form (two hex digits per byte). |
||||
-The key length must conform to any restrictions of the MAC algorithm. |
||||
-A key must be specified for every MAC algorithm. |
||||
-If no key is provided, the default that was specified when OpenSSL was |
||||
-configured is used. |
||||
- |
||||
-=item B<digest>:I<string> |
||||
- |
||||
-Used by HMAC as an alphanumeric string (use if the key contains printable |
||||
-characters only). |
||||
-The string length must conform to any restrictions of the MAC algorithm. |
||||
-To see the list of supported digests, use the command |
||||
-C<openssl list -digest-commands>. |
||||
-The default digest is SHA-256. |
||||
- |
||||
-=back |
||||
- |
||||
-=item B<-noout> |
||||
- |
||||
-Disable logging of the self tests. |
||||
- |
||||
-=item B<-no_conditional_errors> |
||||
- |
||||
-Configure the module to not enter an error state if a conditional self test |
||||
-fails as described above. |
||||
- |
||||
-=item B<-no_security_checks> |
||||
- |
||||
-Configure the module to not perform run-time security checks as described above. |
||||
- |
||||
-=item B<-self_test_onload> |
||||
- |
||||
-Do not write the two fields related to the "test status indicator" and |
||||
-"MAC status indicator" to the output configuration file. Without these fields |
||||
-the self tests KATS will run each time the module is loaded. This option could be |
||||
-used for cross compiling, since the self tests need to run at least once on each |
||||
-target machine. Once the self tests have run on the target machine the user |
||||
-could possibly then add the 2 fields into the configuration using some other |
||||
-mechanism. |
||||
- |
||||
-=item B<-quiet> |
||||
- |
||||
-Do not output pass/fail messages. Implies B<-noout>. |
||||
- |
||||
-=item B<-corrupt_desc> I<selftest_description>, |
||||
-B<-corrupt_type> I<selftest_type> |
||||
- |
||||
-The corrupt options can be used to test failure of one or more self tests by |
||||
-name. |
||||
-Either option or both may be used to select the tests to corrupt. |
||||
-Refer to the entries for B<st-desc> and B<st-type> in L<OSSL_PROVIDER-FIPS(7)> for |
||||
-values that can be used. |
||||
- |
||||
-=item B<-config> I<parent_config> |
||||
- |
||||
-Test that a FIPS provider can be loaded from the specified configuration file. |
||||
-A previous call to this application needs to generate the extra configuration |
||||
-data that is included by the base C<parent_config> configuration file. |
||||
-See L<config(5)> for further information on how to set up a provider section. |
||||
-All other options are ignored if '-config' is used. |
||||
- |
||||
-=back |
||||
- |
||||
-=head1 NOTES |
||||
- |
||||
-Self tests results are logged by default if the options B<-quiet> and B<-noout> |
||||
-are not specified, or if either of the options B<-corrupt_desc> or |
||||
-B<-corrupt_type> are used. |
||||
-If the base configuration file is set up to autoload the fips module, then the |
||||
-fips module will be loaded and self tested BEFORE the fipsinstall application |
||||
-has a chance to set up its own self test callback. As a result of this the self |
||||
-test output and the options B<-corrupt_desc> and B<-corrupt_type> will be ignored. |
||||
-For normal usage the base configuration file should use the default provider |
||||
-when generating the fips configuration file. |
||||
- |
||||
-=head1 EXAMPLES |
||||
- |
||||
-Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test |
||||
-for the module, and save the F<fips.cnf> configuration file: |
||||
- |
||||
- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips |
||||
- |
||||
-Verify that the configuration file F<fips.cnf> contains the correct info: |
||||
- |
||||
- openssl fipsinstall -module ./fips.so -in fips.cnf -provider_name fips -verify |
||||
- |
||||
-Corrupt any self tests which have the description C<SHA1>: |
||||
- |
||||
- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \ |
||||
- -corrupt_desc 'SHA1' |
||||
- |
||||
-Validate that the fips module can be loaded from a base configuration file: |
||||
- |
||||
- export OPENSSL_CONF_INCLUDE=<path of configuration files> |
||||
- export OPENSSL_MODULES=<provider-path> |
||||
- openssl fipsinstall -config' 'default.cnf' |
||||
- |
||||
- |
||||
-=head1 SEE ALSO |
||||
- |
||||
-L<config(5)>, |
||||
-L<fips_config(5)>, |
||||
-L<OSSL_PROVIDER-FIPS(7)>, |
||||
-L<EVP_MAC(3)> |
||||
+This command is disabled. |
||||
+Please consult Red Hat Enterprise Linux documentation to learn how to correctly |
||||
+enable FIPS mode on Red Hat Enterprise |
||||
|
||||
=head1 COPYRIGHT |
||||
|
@ -0,0 +1,26 @@
@@ -0,0 +1,26 @@
|
||||
diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c |
||||
--- openssl-3.0.0/apps/speed.c.beldmit 2021-12-21 15:14:04.210431584 +0100 |
||||
+++ openssl-3.0.0/apps/speed.c 2021-12-21 15:46:05.554085125 +0100 |
||||
@@ -547,6 +547,9 @@ static int EVP_MAC_loop(int algindex, vo |
||||
for (count = 0; COND(c[algindex][testnum]); count++) { |
||||
size_t outl; |
||||
|
||||
+ if (mctx == NULL) |
||||
+ return -1; |
||||
+ |
||||
if (!EVP_MAC_init(mctx, NULL, 0, NULL) |
||||
|| !EVP_MAC_update(mctx, buf, lengths[testnum]) |
||||
|| !EVP_MAC_final(mctx, mac, &outl, sizeof(mac))) |
||||
@@ -1922,8 +1925,10 @@ int speed_main(int argc, char **argv) |
||||
if (loopargs[i].mctx == NULL) |
||||
goto end; |
||||
|
||||
- if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) |
||||
- goto end; |
||||
+ if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) { |
||||
+ EVP_MAC_CTX_free(loopargs[i].mctx); |
||||
+ loopargs[i].mctx = NULL; |
||||
+ } |
||||
} |
||||
for (testnum = 0; testnum < size_num; testnum++) { |
||||
print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum], |
@ -0,0 +1,187 @@
@@ -0,0 +1,187 @@
|
||||
diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c |
||||
--- openssl-3.0.1/crypto/dh/dh_key.c.fips3 2022-07-18 16:01:41.159543735 +0200 |
||||
+++ openssl-3.0.1/crypto/dh/dh_key.c 2022-07-18 16:24:30.251388248 +0200 |
||||
@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *k |
||||
BN_MONT_CTX *mont = NULL; |
||||
BIGNUM *z = NULL, *pminus1; |
||||
int ret = -1; |
||||
+#ifdef FIPS_MODULE |
||||
+ int validate = 0; |
||||
+#endif |
||||
|
||||
if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { |
||||
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); |
||||
@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *k |
||||
return 0; |
||||
} |
||||
|
||||
+#ifdef FIPS_MODULE |
||||
+ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { |
||||
+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); |
||||
+ return 0; |
||||
+ } |
||||
+#endif |
||||
+ |
||||
ctx = BN_CTX_new_ex(dh->libctx); |
||||
if (ctx == NULL) |
||||
goto err; |
||||
@@ -262,6 +272,9 @@ static int generate_key(DH *dh) |
||||
#endif |
||||
BN_CTX *ctx = NULL; |
||||
BIGNUM *pub_key = NULL, *priv_key = NULL; |
||||
+#ifdef FIPS_MODULE |
||||
+ int validate = 0; |
||||
+#endif |
||||
|
||||
if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { |
||||
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); |
||||
@@ -354,8 +367,23 @@ static int generate_key(DH *dh) |
||||
if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key)) |
||||
goto err; |
||||
|
||||
+#ifdef FIPS_MODULE |
||||
+ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) { |
||||
+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); |
||||
+ goto err; |
||||
+ } |
||||
+#endif |
||||
+ |
||||
dh->pub_key = pub_key; |
||||
dh->priv_key = priv_key; |
||||
+#ifdef FIPS_MODULE |
||||
+ if (ossl_dh_check_pairwise(dh) <= 0) { |
||||
+ dh->pub_key = dh->priv_key = NULL; |
||||
+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID); |
||||
+ goto err; |
||||
+ } |
||||
+#endif |
||||
+ |
||||
dh->dirty_cnt++; |
||||
ok = 1; |
||||
err: |
||||
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c |
||||
diff -up openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c |
||||
--- openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 2022-07-25 13:42:46.814952053 +0200 |
||||
+++ openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c 2022-07-25 13:52:12.292065706 +0200 |
||||
@@ -488,6 +488,25 @@ int ecdh_plain_derive(void *vpecdhctx, u |
||||
} |
||||
|
||||
ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk); |
||||
+#ifdef FIPS_MODULE |
||||
+ { |
||||
+ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk)); |
||||
+ int check = 0; |
||||
+ |
||||
+ if (bn_ctx == NULL) { |
||||
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); |
||||
+ goto end; |
||||
+ } |
||||
+ |
||||
+ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx); |
||||
+ BN_CTX_free(bn_ctx); |
||||
+ |
||||
+ if (check <= 0) { |
||||
+ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY); |
||||
+ goto end; |
||||
+ } |
||||
+ } |
||||
+#endif |
||||
|
||||
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL); |
||||
|
||||
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c |
||||
--- openssl-3.0.1/crypto/ec/ec_key.c.fips3 2022-07-25 14:03:34.420222507 +0200 |
||||
+++ openssl-3.0.1/crypto/ec/ec_key.c 2022-07-25 14:09:00.728164294 +0200 |
||||
@@ -336,6 +336,11 @@ static int ec_generate_key(EC_KEY *eckey |
||||
|
||||
OSSL_SELF_TEST_get_callback(eckey->libctx, &cb, &cbarg); |
||||
ok = ecdsa_keygen_pairwise_test(eckey, cb, cbarg); |
||||
+ |
||||
+#ifdef FIPS_MODULE |
||||
+ ok &= ossl_ec_key_public_check(eckey, ctx); |
||||
+ ok &= ossl_ec_key_pairwise_check(eckey, ctx); |
||||
+#endif /* FIPS_MODULE */ |
||||
} |
||||
err: |
||||
/* Step (9): If there is an error return an invalid keypair. */ |
||||
diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_gen.c |
||||
--- openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 2022-07-25 17:02:17.807271297 +0200 |
||||
+++ openssl-3.0.1/crypto/rsa/rsa_gen.c 2022-07-25 17:18:24.931959649 +0200 |
||||
@@ -23,6 +23,7 @@ |
||||
#include <time.h> |
||||
#include "internal/cryptlib.h" |
||||
#include <openssl/bn.h> |
||||
+#include <openssl/obj_mac.h> |
||||
#include <openssl/self_test.h> |
||||
#include "prov/providercommon.h" |
||||
#include "rsa_local.h" |
||||
@@ -476,52 +476,43 @@ static int rsa_keygen(OSSL_LIB_CTX *libc |
||||
static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg) |
||||
{ |
||||
int ret = 0; |
||||
- unsigned int ciphertxt_len; |
||||
- unsigned char *ciphertxt = NULL; |
||||
- const unsigned char plaintxt[16] = {0}; |
||||
- unsigned char *decoded = NULL; |
||||
- unsigned int decoded_len; |
||||
- unsigned int plaintxt_len = (unsigned int)sizeof(plaintxt_len); |
||||
- int padding = RSA_PKCS1_PADDING; |
||||
+ unsigned int signature_len; |
||||
+ unsigned char *signature = NULL; |
||||
OSSL_SELF_TEST *st = NULL; |
||||
+ static const unsigned char dgst[] = { |
||||
+ 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, |
||||
+ 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, |
||||
+ 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 |
||||
+ }; |
||||
|
||||
st = OSSL_SELF_TEST_new(cb, cbarg); |
||||
if (st == NULL) |
||||
goto err; |
||||
OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, |
||||
+ /* No special name for RSA signature PCT*/ |
||||
OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1); |
||||
|
||||
- ciphertxt_len = RSA_size(rsa); |
||||
+ signature_len = RSA_size(rsa); |
||||
- /* |
||||
- * RSA_private_encrypt() and RSA_private_decrypt() requires the 'to' |
||||
- * parameter to be a maximum of RSA_size() - allocate space for both. |
||||
- */ |
||||
- ciphertxt = OPENSSL_zalloc(ciphertxt_len * 2); |
||||
- if (ciphertxt == NULL) |
||||
+ signature = OPENSSL_zalloc(signature_len); |
||||
+ if (signature == NULL) |
||||
goto err; |
||||
- decoded = ciphertxt + ciphertxt_len; |
||||
|
||||
- ciphertxt_len = RSA_public_encrypt(plaintxt_len, plaintxt, ciphertxt, rsa, |
||||
- padding); |
||||
- if (ciphertxt_len <= 0) |
||||
+ if (RSA_sign(NID_sha256, dgst, sizeof(dgst), signature, &signature_len, rsa) <= 0) |
||||
goto err; |
||||
- if (ciphertxt_len == plaintxt_len |
||||
- && memcmp(ciphertxt, plaintxt, plaintxt_len) == 0) |
||||
+ |
||||
+ if (signature_len <= 0) |
||||
goto err; |
||||
|
||||
- OSSL_SELF_TEST_oncorrupt_byte(st, ciphertxt); |
||||
+ OSSL_SELF_TEST_oncorrupt_byte(st, signature); |
||||
|
||||
- decoded_len = RSA_private_decrypt(ciphertxt_len, ciphertxt, decoded, rsa, |
||||
- padding); |
||||
- if (decoded_len != plaintxt_len |
||||
- || memcmp(decoded, plaintxt, decoded_len) != 0) |
||||
+ if (RSA_verify(NID_sha256, dgst, sizeof(dgst), signature, signature_len, rsa) <= 0) |
||||
goto err; |
||||
|
||||
ret = 1; |
||||
err: |
||||
OSSL_SELF_TEST_onend(st, ret); |
||||
OSSL_SELF_TEST_free(st); |
||||
- OPENSSL_free(ciphertxt); |
||||
+ OPENSSL_free(signature); |
||||
|
||||
return ret; |
||||
} |
@ -0,0 +1,751 @@
@@ -0,0 +1,751 @@
|
||||
diff -up openssl-3.0.1/providers/common/capabilities.c.fipsmin3 openssl-3.0.1/providers/common/capabilities.c |
||||
--- openssl-3.0.1/providers/common/capabilities.c.fipsmin3 2022-05-05 17:11:36.146638536 +0200 |
||||
+++ openssl-3.0.1/providers/common/capabilities.c 2022-05-05 17:12:00.138848787 +0200 |
||||
@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list |
||||
TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25), |
||||
TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26), |
||||
TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27), |
||||
-# endif |
||||
TLS_GROUP_ENTRY("x25519", "X25519", "X25519", 28), |
||||
TLS_GROUP_ENTRY("x448", "X448", "X448", 29), |
||||
+# endif |
||||
# endif /* OPENSSL_NO_EC */ |
||||
# ifndef OPENSSL_NO_DH |
||||
/* Security bit values for FFDHE groups are as per RFC 7919 */ |
||||
diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/providers/fips/fipsprov.c |
||||
--- openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 2022-05-05 11:42:58.596848856 +0200 |
||||
+++ openssl-3.0.1/providers/fips/fipsprov.c 2022-05-05 11:55:42.997562712 +0200 |
||||
@@ -54,7 +54,6 @@ static void fips_deinit_casecmp(void); |
||||
|
||||
#define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } |
||||
#define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) |
||||
- |
||||
extern OSSL_FUNC_core_thread_start_fn *c_thread_start; |
||||
int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx); |
||||
|
||||
@@ -191,13 +190,13 @@ static int fips_get_params(void *provctx |
||||
&fips_prov_ossl_ctx_method); |
||||
|
||||
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); |
||||
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) |
||||
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "Red Hat Enterprise Linux 9 - OpenSSL FIPS Provider")) |
||||
return 0; |
||||
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); |
||||
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) |
||||
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION)) |
||||
return 0; |
||||
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); |
||||
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) |
||||
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION)) |
||||
return 0; |
||||
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS); |
||||
if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running())) |
||||
@@ -281,10 +280,11 @@ static const OSSL_ALGORITHM fips_digests |
||||
* KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for |
||||
* KMAC128 and KMAC256. |
||||
*/ |
||||
- { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, |
||||
+ /* We don't certify KECCAK in our FIPS provider */ |
||||
+ /* { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, |
||||
ossl_keccak_kmac_128_functions }, |
||||
{ PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES, |
||||
- ossl_keccak_kmac_256_functions }, |
||||
+ ossl_keccak_kmac_256_functions }, */ |
||||
{ NULL, NULL, NULL } |
||||
}; |
||||
|
||||
@@ -343,8 +343,9 @@ static const OSSL_ALGORITHM_CAPABLE fips |
||||
ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, |
||||
ossl_cipher_capable_aes_cbc_hmac_sha256), |
||||
#ifndef OPENSSL_NO_DES |
||||
- ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), |
||||
- ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), |
||||
+ /* We don't certify 3DES in our FIPS provider */ |
||||
+ /* ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), |
||||
+ ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), */ |
||||
#endif /* OPENSSL_NO_DES */ |
||||
{ { NULL, NULL, NULL }, NULL } |
||||
}; |
||||
@@ -356,8 +357,9 @@ static const OSSL_ALGORITHM fips_macs[] |
||||
#endif |
||||
{ PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions }, |
||||
{ PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions }, |
||||
- { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, |
||||
- { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, |
||||
+ /* We don't certify KMAC in our FIPS provider */ |
||||
+ /*{ PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, |
||||
+ { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, */ |
||||
{ NULL, NULL, NULL } |
||||
}; |
||||
|
||||
@@ -392,8 +394,9 @@ static const OSSL_ALGORITHM fips_keyexch |
||||
#endif |
||||
#ifndef OPENSSL_NO_EC |
||||
{ PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, |
||||
- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions }, |
||||
- { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions }, |
||||
+ /* We don't certify Edwards curves in our FIPS provider */ |
||||
+ /*{ PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions }, |
||||
+ { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },*/ |
||||
#endif |
||||
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, |
||||
ossl_kdf_tls1_prf_keyexch_functions }, |
||||
@@ -403,12 +406,14 @@ static const OSSL_ALGORITHM fips_keyexch |
||||
|
||||
static const OSSL_ALGORITHM fips_signature[] = { |
||||
#ifndef OPENSSL_NO_DSA |
||||
- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, |
||||
+ /* We don't certify DSA in our FIPS provider */ |
||||
+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, */ |
||||
#endif |
||||
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, |
||||
#ifndef OPENSSL_NO_EC |
||||
- { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions }, |
||||
- { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, |
||||
+ /* We don't certify Edwards curves in our FIPS provider */ |
||||
+ /* { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions }, |
||||
+ { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, */ |
||||
{ PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, |
||||
#endif |
||||
{ PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, |
||||
@@ -438,8 +443,9 @@ static const OSSL_ALGORITHM fips_keymgmt |
||||
PROV_DESCS_DHX }, |
||||
#endif |
||||
#ifndef OPENSSL_NO_DSA |
||||
- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, |
||||
- PROV_DESCS_DSA }, |
||||
+ /* We don't certify DSA in our FIPS provider */ |
||||
+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, |
||||
+ PROV_DESCS_DSA }, */ |
||||
#endif |
||||
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions, |
||||
PROV_DESCS_RSA }, |
||||
@@ -448,14 +454,15 @@ static const OSSL_ALGORITHM fips_keymgmt |
||||
#ifndef OPENSSL_NO_EC |
||||
{ PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, |
||||
PROV_DESCS_EC }, |
||||
- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, |
||||
+ /* We don't certify Edwards curves in our FIPS provider */ |
||||
+ /* { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, |
||||
PROV_DESCS_X25519 }, |
||||
{ PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions, |
||||
PROV_DESCS_X448 }, |
||||
{ PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions, |
||||
PROV_DESCS_ED25519 }, |
||||
{ PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions, |
||||
- PROV_DESCS_ED448 }, |
||||
+ PROV_DESCS_ED448 }, */ |
||||
#endif |
||||
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, |
||||
PROV_DESCS_TLS1_PRF_SIGN }, |
||||
diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/providers/fips/self_test_data.inc |
||||
--- openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 2022-05-05 12:36:32.335069046 +0200 |
||||
+++ openssl-3.0.1/providers/fips/self_test_data.inc 2022-05-05 12:40:02.427966128 +0200 |
||||
@@ -171,6 +171,7 @@ static const ST_KAT_DIGEST st_kat_digest |
||||
/*- CIPHER TEST DATA */ |
||||
|
||||
/* DES3 test data */ |
||||
+#if 0 |
||||
static const unsigned char des_ede3_cbc_pt[] = { |
||||
0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, |
||||
0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, |
||||
@@ -191,7 +192,7 @@ static const unsigned char des_ede3_cbc_ |
||||
0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, |
||||
0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 |
||||
}; |
||||
- |
||||
+#endif |
||||
/* AES-256 GCM test data */ |
||||
static const unsigned char aes_256_gcm_key[] = { |
||||
0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, |
||||
@@ -235,6 +236,7 @@ static const unsigned char aes_128_ecb_c |
||||
}; |
||||
|
||||
static const ST_KAT_CIPHER st_kat_cipher_tests[] = { |
||||
+#if 0 |
||||
#ifndef OPENSSL_NO_DES |
||||
{ |
||||
{ |
||||
@@ -248,6 +250,7 @@ static const ST_KAT_CIPHER st_kat_cipher |
||||
ITM(des_ede3_cbc_iv), |
||||
}, |
||||
#endif |
||||
+#endif |
||||
{ |
||||
{ |
||||
OSSL_SELF_TEST_DESC_CIPHER_AES_GCM, |
||||
@@ -1424,8 +1427,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[ |
||||
# endif /* OPENSSL_NO_EC2M */ |
||||
#endif /* OPENSSL_NO_EC */ |
||||
|
||||
-#ifndef OPENSSL_NO_DSA |
||||
/* dsa 2048 */ |
||||
+#if 0 |
||||
+#ifndef OPENSSL_NO_DSA |
||||
static const unsigned char dsa_p[] = { |
||||
0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23, |
||||
0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e, |
||||
@@ -1549,8 +1553,8 @@ static const ST_KAT_PARAM dsa_key[] = { |
||||
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dsa_priv), |
||||
ST_KAT_PARAM_END() |
||||
}; |
||||
-#endif /* OPENSSL_NO_DSA */ |
||||
- |
||||
+#endif |
||||
+#endif |
||||
static const ST_KAT_SIGN st_kat_sign_tests[] = { |
||||
{ |
||||
OSSL_SELF_TEST_DESC_SIGN_RSA, |
||||
@@ -1583,6 +1587,7 @@ static const ST_KAT_SIGN st_kat_sign_tes |
||||
}, |
||||
# endif |
||||
#endif /* OPENSSL_NO_EC */ |
||||
+#if 0 |
||||
#ifndef OPENSSL_NO_DSA |
||||
{ |
||||
OSSL_SELF_TEST_DESC_SIGN_DSA, |
||||
@@ -1595,6 +1600,7 @@ static const ST_KAT_SIGN st_kat_sign_tes |
||||
*/ |
||||
}, |
||||
#endif /* OPENSSL_NO_DSA */ |
||||
+#endif |
||||
}; |
||||
|
||||
static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = { |
||||
diff -up openssl-3.0.1/test/acvp_test.c.fipsmin2 openssl-3.0.1/test/acvp_test.c |
||||
--- openssl-3.0.1/test/acvp_test.c.fipsmin2 2022-05-05 11:42:58.597848865 +0200 |
||||
+++ openssl-3.0.1/test/acvp_test.c 2022-05-05 11:43:30.141126336 +0200 |
||||
@@ -1476,6 +1476,7 @@ int setup_tests(void) |
||||
OSSL_NELEM(dh_safe_prime_keyver_data)); |
||||
#endif /* OPENSSL_NO_DH */ |
||||
|
||||
+#if 0 /* Red Hat FIPS provider doesn't have fips=yes property on DSA */ |
||||
#ifndef OPENSSL_NO_DSA |
||||
ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data)); |
||||
ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data)); |
||||
@@ -1483,6 +1484,7 @@ int setup_tests(void) |
||||
ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data)); |
||||
ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data)); |
||||
#endif /* OPENSSL_NO_DSA */ |
||||
+#endif |
||||
|
||||
#ifndef OPENSSL_NO_EC |
||||
ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data)); |
||||
diff -up openssl-3.0.1/test/evp_libctx_test.c.fipsmin3 openssl-3.0.1/test/evp_libctx_test.c |
||||
--- openssl-3.0.1/test/evp_libctx_test.c.fipsmin3 2022-05-05 14:18:46.370911817 +0200 |
||||
+++ openssl-3.0.1/test/evp_libctx_test.c 2022-05-05 14:30:02.117911993 +0200 |
||||
@@ -21,6 +21,7 @@ |
||||
*/ |
||||
#include "internal/deprecated.h" |
||||
#include <assert.h> |
||||
+#include <string.h> |
||||
#include <openssl/evp.h> |
||||
#include <openssl/provider.h> |
||||
#include <openssl/dsa.h> |
||||
@@ -725,8 +726,10 @@ int setup_tests(void) |
||||
if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name)) |
||||
return 0; |
||||
|
||||
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) |
||||
- ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); |
||||
+ if (strcmp(prov_name, "fips") != 0) { |
||||
+ ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); |
||||
+ } |
||||
#endif |
||||
#ifndef OPENSSL_NO_DH |
||||
ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3); |
||||
@@ -746,7 +750,9 @@ int setup_tests(void) |
||||
ADD_TEST(kem_invalid_keytype); |
||||
#endif |
||||
#ifndef OPENSSL_NO_DES |
||||
- ADD_TEST(test_cipher_tdes_randkey); |
||||
+ if (strcmp(prov_name, "fips") != 0) { |
||||
+ ADD_TEST(test_cipher_tdes_randkey); |
||||
+ } |
||||
#endif |
||||
return 1; |
||||
} |
||||
diff -up openssl-3.0.1/test/recipes/15-test_gendsa.t.fipsmin3 openssl-3.0.1/test/recipes/15-test_gendsa.t |
||||
--- openssl-3.0.1/test/recipes/15-test_gendsa.t.fipsmin3 2022-05-05 13:46:00.631590335 +0200 |
||||
+++ openssl-3.0.1/test/recipes/15-test_gendsa.t 2022-05-05 13:46:06.999644496 +0200 |
||||
@@ -24,7 +24,7 @@ use lib bldtop_dir('.'); |
||||
plan skip_all => "This test is unsupported in a no-dsa build" |
||||
if disabled("dsa"); |
||||
|
||||
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); |
||||
+my $no_fips = 1; |
||||
|
||||
plan tests => |
||||
($no_fips ? 0 : 2) # FIPS related tests |
||||
diff -up openssl-3.0.1/test/recipes/20-test_cli_fips.t.fipsmin3 openssl-3.0.1/test/recipes/20-test_cli_fips.t |
||||
--- openssl-3.0.1/test/recipes/20-test_cli_fips.t.fipsmin3 2022-05-05 13:47:55.217564900 +0200 |
||||
+++ openssl-3.0.1/test/recipes/20-test_cli_fips.t 2022-05-05 13:48:02.824629600 +0200 |
||||
@@ -207,8 +207,7 @@ SKIP: { |
||||
} |
||||
|
||||
SKIP : { |
||||
- skip "FIPS DSA tests because of no dsa in this build", 1 |
||||
- if disabled("dsa"); |
||||
+ skip "FIPS DSA tests because of no dsa in this build", 1; |
||||
|
||||
subtest DSA => sub { |
||||
my $testtext_prefix = 'DSA'; |
||||
diff -up openssl-3.0.1/test/recipes/80-test_cms.t.fipsmin3 openssl-3.0.1/test/recipes/80-test_cms.t |
||||
--- openssl-3.0.1/test/recipes/80-test_cms.t.fipsmin3 2022-05-05 13:55:05.257292637 +0200 |
||||
+++ openssl-3.0.1/test/recipes/80-test_cms.t 2022-05-05 13:58:35.307150750 +0200 |
||||
@@ -95,7 +95,7 @@ my @smime_pkcs7_tests = ( |
||||
\&final_compare |
||||
], |
||||
|
||||
- [ "signed content DER format, DSA key", |
||||
+ [ "signed content DER format, DSA key, no Red Hat FIPS", |
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", |
||||
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], |
||||
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", |
||||
@@ -103,7 +103,7 @@ my @smime_pkcs7_tests = ( |
||||
\&final_compare |
||||
], |
||||
|
||||
- [ "signed detached content DER format, DSA key", |
||||
+ [ "signed detached content DER format, DSA key, no Red Hat FIPS", |
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", |
||||
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], |
||||
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", |
||||
@@ -112,7 +112,7 @@ my @smime_pkcs7_tests = ( |
||||
\&final_compare |
||||
], |
||||
|
||||
- [ "signed detached content DER format, add RSA signer (with DSA existing)", |
||||
+ [ "signed detached content DER format, add RSA signer (with DSA existing), no Red Hat FIPS", |
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", |
||||
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], |
||||
[ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER", |
||||
@@ -123,7 +123,7 @@ my @smime_pkcs7_tests = ( |
||||
\&final_compare |
||||
], |
||||
|
||||
- [ "signed content test streaming BER format, DSA key", |
||||
+ [ "signed content test streaming BER format, DSA key, no Red Hat FIPS", |
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", |
||||
"-nodetach", "-stream", |
||||
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], |
||||
@@ -132,7 +132,7 @@ my @smime_pkcs7_tests = ( |
||||
\&final_compare |
||||
], |
||||
|
||||
- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", |
||||
+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no Red Hat FIPS", |
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", |
||||
"-nodetach", "-stream", |
||||
"-signer", $smrsa1, |
||||
@@ -145,7 +145,7 @@ my @smime_pkcs7_tests = ( |
||||
\&final_compare |
||||
], |
||||
|
||||
- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", |
||||
+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes, no Red Hat FIPS", |
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", |
||||
"-noattr", "-nodetach", "-stream", |
||||
"-signer", $smrsa1, |
||||
@@ -175,7 +175,7 @@ my @smime_pkcs7_tests = ( |
||||
\&zero_compare |
||||
], |
||||
|
||||
- [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", |
||||
+ [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", |
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach", |
||||
"-signer", $smrsa1, |
||||
"-signer", catfile($smdir, "smrsa2.pem"), |
||||
@@ -187,7 +187,7 @@ my @smime_pkcs7_tests = ( |
||||
\&final_compare |
||||
], |
||||
|
||||
- [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", |
||||
+ [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS", |
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, |
||||
"-signer", $smrsa1, |
||||
"-signer", catfile($smdir, "smrsa2.pem"), |
||||
@@ -247,7 +247,7 @@ my @smime_pkcs7_tests = ( |
||||
|
||||
my @smime_cms_tests = ( |
||||
|
||||
- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", |
||||
+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid, no Red Hat FIPS", |
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", |
||||
"-nodetach", "-keyid", |
||||
"-signer", $smrsa1, |
||||
@@ -260,7 +260,7 @@ my @smime_cms_tests = ( |
||||
\&final_compare |
||||
], |
||||
|
||||
- [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys", |
||||
+ [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys, no Red Hat FIPS", |
||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", |
||||
"-signer", $smrsa1, |
||||
"-signer", catfile($smdir, "smrsa2.pem"), |
||||
@@ -370,7 +370,7 @@ my @smime_cms_tests = ( |
||||
\&final_compare |
||||
], |
||||
|
||||
- [ "encrypted content test streaming PEM format, triple DES key", |
||||
+ [ "encrypted content test streaming PEM format, triple DES key, no Red Hat FIPS", |
||||
[ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", |
||||
"-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", |
||||
"-stream", "-out", "{output}.cms" ], |
||||
diff -up openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 openssl-3.0.1/test/recipes/30-test_evp.t |
||||
--- openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 2022-05-05 14:43:04.276857033 +0200 |
||||
+++ openssl-3.0.1/test/recipes/30-test_evp.t 2022-05-05 14:43:35.975138234 +0200 |
||||
@@ -43,7 +43,6 @@ my @files = qw( |
||||
evpciph_aes_cts.txt |
||||
evpciph_aes_wrap.txt |
||||
evpciph_aes_stitched.txt |
||||
- evpciph_des3_common.txt |
||||
evpkdf_hkdf.txt |
||||
evpkdf_pbkdf1.txt |
||||
evpkdf_pbkdf2.txt |
||||
@@ -66,12 +65,6 @@ push @files, qw( |
||||
evppkey_dh.txt |
||||
) unless $no_dh; |
||||
push @files, qw( |
||||
- evpkdf_x942_des.txt |
||||
- evpmac_cmac_des.txt |
||||
- ) unless $no_des; |
||||
-push @files, qw(evppkey_dsa.txt) unless $no_dsa; |
||||
-push @files, qw(evppkey_ecx.txt) unless $no_ec; |
||||
-push @files, qw( |
||||
evppkey_ecc.txt |
||||
evppkey_ecdh.txt |
||||
evppkey_ecdsa.txt |
||||
@@ -91,6 +84,7 @@ my @defltfiles = qw( |
||||
evpciph_cast5.txt |
||||
evpciph_chacha.txt |
||||
evpciph_des.txt |
||||
+ evpciph_des3_common.txt |
||||
evpciph_idea.txt |
||||
evpciph_rc2.txt |
||||
evpciph_rc4.txt |
||||
@@ -117,6 +111,12 @@ my @defltfiles = qw( |
||||
evppkey_kdf_tls1_prf.txt |
||||
evppkey_rsa.txt |
||||
); |
||||
+push @defltfiles, qw(evppkey_dsa.txt) unless $no_dsa; |
||||
+push @defltfiles, qw(evppkey_ecx.txt) unless $no_ec; |
||||
+push @defltfiles, qw( |
||||
+ evpkdf_x942_des.txt |
||||
+ evpmac_cmac_des.txt |
||||
+ ) unless $no_des; |
||||
push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; |
||||
|
||||
plan tests => |
||||
diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt |
||||
--- openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 2022-05-05 14:46:32.721700697 +0200 |
||||
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt 2022-05-05 14:51:40.205418897 +0200 |
||||
@@ -328,6 +328,7 @@ Input = 68F2E77696CE7AE8E2CA4EC588E54100 |
||||
Output = 00BDA1B7E87608BCBF470F12157F4C07 |
||||
|
||||
|
||||
+Availablein = default |
||||
Title = KMAC Tests (From NIST) |
||||
MAC = KMAC128 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
@@ -338,12 +339,14 @@ Ctrl = xof:0 |
||||
OutputSize = 32 |
||||
BlockSize = 168 |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC128 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 00010203 |
||||
Custom = "My Tagged Application" |
||||
Output = 3B1FBA963CD8B0B59E8C1A6D71888B7143651AF8BA0A7070C0979E2811324AA5 |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC128 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 |
||||
@@ -351,6 +354,7 @@ Custom = "My Tagged Application" |
||||
Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230 |
||||
Ctrl = size:32 |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC256 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 00010203 |
||||
@@ -359,12 +363,14 @@ Output = 20C570C31346F703C9AC36C61C03CB6 |
||||
OutputSize = 64 |
||||
BlockSize = 136 |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC256 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 |
||||
Custom = "" |
||||
Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69 |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC256 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 |
||||
@@ -374,12 +380,14 @@ Ctrl = size:64 |
||||
|
||||
Title = KMAC XOF Tests (From NIST) |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC128 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 00010203 |
||||
Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35 |
||||
XOF = 1 |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC128 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 00010203 |
||||
@@ -387,6 +395,7 @@ Custom = "My Tagged Application" |
||||
Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C |
||||
XOF = 1 |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC128 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 |
||||
@@ -395,6 +404,7 @@ Output = 47026C7CD793084AA0283C253EF6584 |
||||
XOF = 1 |
||||
Ctrl = size:32 |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC256 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 00010203 |
||||
@@ -402,6 +412,7 @@ Custom = "My Tagged Application" |
||||
Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B |
||||
XOF = 1 |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC256 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 |
||||
@@ -409,6 +420,7 @@ Custom = "" |
||||
Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B |
||||
XOF = 1 |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC256 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 |
||||
@@ -419,6 +431,7 @@ XOF = 1 |
||||
|
||||
Title = KMAC long customisation string (from NIST ACVP) |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC256 |
||||
Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 |
||||
Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D |
||||
@@ -429,12 +442,14 @@ XOF = 1 |
||||
|
||||
Title = KMAC XOF Tests via ctrl (From NIST) |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC128 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 00010203 |
||||
Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35 |
||||
Ctrl = xof:1 |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC128 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 00010203 |
||||
@@ -442,6 +457,7 @@ Custom = "My Tagged Application" |
||||
Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C |
||||
Ctrl = xof:1 |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC128 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 |
||||
@@ -450,6 +466,7 @@ Output = 47026C7CD793084AA0283C253EF6584 |
||||
Ctrl = xof:1 |
||||
Ctrl = size:32 |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC256 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 00010203 |
||||
@@ -457,6 +474,7 @@ Custom = "My Tagged Application" |
||||
Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B |
||||
Ctrl = xof:1 |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC256 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 |
||||
@@ -464,6 +482,7 @@ Custom = "" |
||||
Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B |
||||
Ctrl = xof:1 |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC256 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 |
||||
@@ -474,6 +493,7 @@ Ctrl = xof:1 |
||||
|
||||
Title = KMAC long customisation string via ctrl (from NIST ACVP) |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC256 |
||||
Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 |
||||
Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D |
||||
@@ -484,6 +504,7 @@ Ctrl = xof:1 |
||||
|
||||
Title = KMAC long customisation string negative test |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC128 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 |
||||
@@ -492,6 +513,7 @@ Result = MAC_INIT_ERROR |
||||
|
||||
Title = KMAC output is too large |
||||
|
||||
+Availablein = default |
||||
MAC = KMAC256 |
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 |
||||
diff -up openssl-3.0.1/test/recipes/80-test_ssl_old.t.fipsmin3 openssl-3.0.1/test/recipes/80-test_ssl_old.t |
||||
--- openssl-3.0.1/test/recipes/80-test_ssl_old.t.fipsmin3 2022-05-05 16:02:59.745500635 +0200 |
||||
+++ openssl-3.0.1/test/recipes/80-test_ssl_old.t 2022-05-05 16:10:24.071348890 +0200 |
||||
@@ -426,7 +426,7 @@ sub testssl { |
||||
my @exkeys = (); |
||||
my $ciphers = '-PSK:-SRP:@SECLEVEL=0'; |
||||
|
||||
- if (!$no_dsa) { |
||||
+ if (!$no_dsa && $provider ne "fips") { |
||||
push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey; |
||||
} |
||||
|
||||
diff -up openssl-3.0.1/test/endecode_test.c.fipsmin3 openssl-3.0.1/test/endecode_test.c |
||||
--- openssl-3.0.1/test/endecode_test.c.fipsmin3 2022-05-06 16:25:57.296926271 +0200 |
||||
+++ openssl-3.0.1/test/endecode_test.c 2022-05-06 16:27:42.712850840 +0200 |
||||
@@ -1387,6 +1387,7 @@ int setup_tests(void) |
||||
* so no legacy tests. |
||||
*/ |
||||
#endif |
||||
+ if (is_fips == 0) { |
||||
#ifndef OPENSSL_NO_DSA |
||||
ADD_TEST_SUITE(DSA); |
||||
ADD_TEST_SUITE_PARAMS(DSA); |
||||
@@ -1397,6 +1398,7 @@ int setup_tests(void) |
||||
ADD_TEST_SUITE_PROTECTED_PVK(DSA); |
||||
# endif |
||||
#endif |
||||
+ } |
||||
#ifndef OPENSSL_NO_EC |
||||
ADD_TEST_SUITE(EC); |
||||
ADD_TEST_SUITE_PARAMS(EC); |
||||
@@ -1411,10 +1413,12 @@ int setup_tests(void) |
||||
ADD_TEST_SUITE(ECExplicitTri2G); |
||||
ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); |
||||
# endif |
||||
+ if (is_fips == 0) { |
||||
ADD_TEST_SUITE(ED25519); |
||||
ADD_TEST_SUITE(ED448); |
||||
ADD_TEST_SUITE(X25519); |
||||
ADD_TEST_SUITE(X448); |
||||
+ } |
||||
/* |
||||
* ED25519, ED448, X25519 and X448 have no support for |
||||
* PEM_write_bio_PrivateKey_traditional(), so no legacy tests. |
||||
diff -up openssl-3.0.1/apps/req.c.dfc openssl-3.0.1/apps/req.c |
||||
--- openssl-3.0.1/apps/req.c.dfc 2022-05-12 13:31:21.957638329 +0200 |
||||
+++ openssl-3.0.1/apps/req.c 2022-05-12 13:31:49.587984867 +0200 |
||||
@@ -266,7 +266,7 @@ int req_main(int argc, char **argv) |
||||
unsigned long chtype = MBSTRING_ASC, reqflag = 0; |
||||
|
||||
#ifndef OPENSSL_NO_DES |
||||
- cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); |
||||
+ cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); |
||||
#endif |
||||
|
||||
prog = opt_init(argc, argv, req_options); |
||||
diff -up openssl-3.0.1/apps/ecparam.c.fips_list_curves openssl-3.0.1/apps/ecparam.c |
||||
--- openssl-3.0.1/apps/ecparam.c.fips_list_curves 2022-05-19 11:46:22.682519422 +0200 |
||||
+++ openssl-3.0.1/apps/ecparam.c 2022-05-19 11:50:44.559828701 +0200 |
||||
@@ -79,6 +79,9 @@ static int list_builtin_curves(BIO *out) |
||||
const char *comment = curves[n].comment; |
||||
const char *sname = OBJ_nid2sn(curves[n].nid); |
||||
|
||||
+ if ((curves[n].nid == NID_secp256k1) && EVP_default_properties_is_fips_enabled(NULL)) |
||||
+ continue; |
||||
+ |
||||
if (comment == NULL) |
||||
comment = "CURVE DESCRIPTION NOT AVAILABLE"; |
||||
if (sname == NULL) |
||||
diff -up openssl-3.0.1/ssl/ssl_ciph.c.nokrsa openssl-3.0.1/ssl/ssl_ciph.c |
||||
--- openssl-3.0.1/ssl/ssl_ciph.c.nokrsa 2022-05-19 13:32:32.536708638 +0200 |
||||
+++ openssl-3.0.1/ssl/ssl_ciph.c 2022-05-19 13:42:29.734002959 +0200 |
||||
@@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx) |
||||
ctx->disabled_mkey_mask = 0; |
||||
ctx->disabled_auth_mask = 0; |
||||
|
||||
+ if (EVP_default_properties_is_fips_enabled(ctx->libctx)) |
||||
+ ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK; |
||||
+ |
||||
/* |
||||
* We ignore any errors from the fetches below. They are expected to fail |
||||
* if theose algorithms are not available. |
||||
diff -up openssl-3.0.1/providers/implementations/signature/rsa_sig.c.fipskeylen openssl-3.0.1/providers/implementations/signature/rsa_sig.c |
||||
--- openssl-3.0.1/providers/implementations/signature/rsa_sig.c.fipskeylen 2022-05-23 14:58:07.764281242 +0200 |
||||
+++ openssl-3.0.1/providers/implementations/signature/rsa_sig.c 2022-05-23 15:10:29.327993616 +0200 |
||||
@@ -770,6 +770,19 @@ static int rsa_verify(void *vprsactx, co |
||||
{ |
||||
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; |
||||
size_t rslen; |
||||
+# ifdef FIPS_MODULE |
||||
+ size_t rsabits = RSA_bits(prsactx->rsa); |
||||
+ |
||||
+ if (rsabits < 2048) { |
||||
+ if (rsabits != 1024 |
||||
+ && rsabits != 1280 |
||||
+ && rsabits != 1536 |
||||
+ && rsabits != 1792) { |
||||
+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH); |
||||
+ return 0; |
||||
+ } |
||||
+ } |
||||
+# endif |
||||
|
||||
if (!ossl_prov_is_running()) |
||||
return 0; |
||||
diff -up openssl-3.0.1/ssl/t1_lib.c.groupnames openssl-3.0.1/ssl/t1_lib.c |
||||
--- openssl-3.0.1/ssl/t1_lib.c.groupnames 2022-06-17 09:42:50.866748854 +0200 |
||||
+++ openssl-3.0.1/ssl/t1_lib.c 2022-06-17 09:49:07.715973172 +0200 |
||||
@@ -345,6 +345,7 @@ static int add_provider_groups(const OSS |
||||
* it. |
||||
*/ |
||||
ret = 1; |
||||
+ (void)ERR_set_mark(); |
||||
keymgmt = EVP_KEYMGMT_fetch(ctx->libctx, ginf->algorithm, ctx->propq); |
||||
if (keymgmt != NULL) { |
||||
/* |
||||
@@ -366,6 +367,7 @@ static int add_provider_groups(const OSS |
||||
} |
||||
EVP_KEYMGMT_free(keymgmt); |
||||
} |
||||
+ (void)ERR_pop_to_mark(); |
||||
err: |
||||
if (ginf != NULL) { |
||||
OPENSSL_free(ginf->tlsname); |
||||
@@ -725,8 +727,11 @@ static int gid_cb(const char *elem, int |
||||
etmp[len] = 0; |
||||
|
||||
gid = tls1_group_name2id(garg->ctx, etmp); |
||||
- if (gid == 0) |
||||
+ if (gid == 0) { |
||||
+ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT, |
||||
+ "group '%s' cannot be set", etmp); |
||||
return 0; |
||||
+ } |
||||
for (i = 0; i < garg->gidcnt; i++) |
||||
if (garg->gid_arr[i] == gid) |
||||
return 0; |
@ -0,0 +1,22 @@
@@ -0,0 +1,22 @@
|
||||
diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c |
||||
index 5c70b2d67840..c5726c638bdd 100644 |
||||
--- a/crypto/ec/ecp_s390x_nistp.c |
||||
+++ b/crypto/ec/ecp_s390x_nistp.c |
||||
@@ -116,7 +116,7 @@ static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r, |
||||
/* Otherwise use default. */ |
||||
if (rc == -1) |
||||
rc = ossl_ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); |
||||
- OPENSSL_cleanse(param + S390X_OFF_SCALAR(len), len); |
||||
+ OPENSSL_cleanse(param, sizeof(param)); |
||||
BN_CTX_end(ctx); |
||||
BN_CTX_free(new_ctx); |
||||
return rc; |
||||
@@ -212,7 +212,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst, |
||||
|
||||
ok = 1; |
||||
ret: |
||||
- OPENSSL_cleanse(param + S390X_OFF_K(len), 2 * len); |
||||
+ OPENSSL_cleanse(param, sizeof(param)); |
||||
if (ok != 1) { |
||||
ECDSA_SIG_free(sig); |
||||
sig = NULL; |
@ -0,0 +1,39 @@
@@ -0,0 +1,39 @@
|
||||
diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/providers/fips/self_test.c |
||||
--- openssl-3.0.1/providers/fips/self_test.c.earlykats 2022-01-19 13:10:00.635830783 +0100 |
||||
+++ openssl-3.0.1/providers/fips/self_test.c 2022-01-19 13:11:43.309342656 +0100 |
||||
@@ -362,6 +362,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS |
||||
if (ev == NULL) |
||||
goto end; |
||||
|
||||
+ /* |
||||
+ * Run the KAT's before HMAC verification according to FIPS-140-3 requirements |
||||
+ */ |
||||
+ if (kats_already_passed == 0) { |
||||
+ if (!SELF_TEST_kats(ev, st->libctx)) { |
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); |
||||
+ goto end; |
||||
+ } |
||||
+ } |
||||
+ |
||||
module_checksum = fips_hmac_container; |
||||
checksum_len = sizeof(fips_hmac_container); |
||||
|
||||
@@ -411,18 +421,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS |
||||
kats_already_passed = 1; |
||||
} |
||||
} |
||||
- |
||||
- /* |
||||
- * Only runs the KAT's during installation OR on_demand(). |
||||
- * NOTE: If the installation option 'self_test_onload' is chosen then this |
||||
- * path will always be run, since kats_already_passed will always be 0. |
||||
- */ |
||||
- if (on_demand_test || kats_already_passed == 0) { |
||||
- if (!SELF_TEST_kats(ev, st->libctx)) { |
||||
- ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); |
||||
- goto end; |
||||
- } |
||||
- } |
||||
ok = 1; |
||||
end: |
||||
OSSL_SELF_TEST_free(ev); |
@ -0,0 +1,52 @@
@@ -0,0 +1,52 @@
|
||||
diff -up openssl-3.0.1/apps/s_server.c.handle-records openssl-3.0.1/apps/s_server.c |
||||
--- openssl-3.0.1/apps/s_server.c.handle-records 2022-02-03 15:26:16.803434943 +0100 |
||||
+++ openssl-3.0.1/apps/s_server.c 2022-02-03 15:34:33.358298697 +0100 |
||||
@@ -2982,7 +2982,9 @@ static int www_body(int s, int stype, in |
||||
/* Set width for a select call if needed */ |
||||
width = s + 1; |
||||
|
||||
- buf = app_malloc(bufsize, "server www buffer"); |
||||
+ /* as we use BIO_gets(), and it always null terminates data, we need |
||||
+ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */ |
||||
+ buf = app_malloc(bufsize + 1, "server www buffer"); |
||||
io = BIO_new(BIO_f_buffer()); |
||||
ssl_bio = BIO_new(BIO_f_ssl()); |
||||
if ((io == NULL) || (ssl_bio == NULL)) |
||||
@@ -3047,7 +3049,7 @@ static int www_body(int s, int stype, in |
||||
} |
||||
|
||||
for (;;) { |
||||
- i = BIO_gets(io, buf, bufsize - 1); |
||||
+ i = BIO_gets(io, buf, bufsize + 1); |
||||
if (i < 0) { /* error */ |
||||
if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) { |
||||
if (!s_quiet) |
||||
@@ -3112,7 +3114,7 @@ static int www_body(int s, int stype, in |
||||
* we're expecting to come from the client. If they haven't |
||||
* sent one there's not much we can do. |
||||
*/ |
||||
- BIO_gets(io, buf, bufsize - 1); |
||||
+ BIO_gets(io, buf, bufsize + 1); |
||||
} |
||||
|
||||
BIO_puts(io, |
||||
@@ -3401,7 +3403,9 @@ static int rev_body(int s, int stype, in |
||||
SSL *con; |
||||
BIO *io, *ssl_bio, *sbio; |
||||
|
||||
- buf = app_malloc(bufsize, "server rev buffer"); |
||||
+ /* as we use BIO_gets(), and it always null terminates data, we need |
||||
+ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */ |
||||
+ buf = app_malloc(bufsize + 1, "server rev buffer"); |
||||
io = BIO_new(BIO_f_buffer()); |
||||
ssl_bio = BIO_new(BIO_f_ssl()); |
||||
if ((io == NULL) || (ssl_bio == NULL)) |
||||
@@ -3476,7 +3480,7 @@ static int rev_body(int s, int stype, in |
||||
print_ssl_summary(con); |
||||
|
||||
for (;;) { |
||||
- i = BIO_gets(io, buf, bufsize - 1); |
||||
+ i = BIO_gets(io, buf, bufsize + 1); |
||||
if (i < 0) { /* error */ |
||||
if (!BIO_should_retry(io)) { |
||||
if (!s_quiet) |
@ -0,0 +1,489 @@
@@ -0,0 +1,489 @@
|
||||
From 243201772cc6d583fae9eba81cb2c2c7425bc564 Mon Sep 17 00:00:00 2001 |
||||
From: Clemens Lang <cllang@redhat.com> |
||||
Date: Mon, 21 Feb 2022 17:24:44 +0100 |
||||
Subject: Selectively disallow SHA1 signatures |
||||
|
||||
For RHEL 9.0, we want to phase out SHA1. One of the steps to do that is |
||||
disabling SHA1 signatures. Introduce a new configuration option in the |
||||
alg_section named 'rh-allow-sha1-signatures'. This option defaults to |
||||
false. If set to false (or unset), any signature creation or |
||||
verification operations that involve SHA1 as digest will fail. |
||||
|
||||
This also affects TLS, where the signature_algorithms extension of any |
||||
ClientHello message sent by OpenSSL will no longer include signatures |
||||
with the SHA1 digest if rh-allow-sha1-signatures is false. For servers |
||||
that request a client certificate, the same also applies for |
||||
CertificateRequest messages sent by them. |
||||
|
||||
For signatures created using the EVP_PKEY API, this is a best-effort |
||||
check that will deny signatures in cases where the digest algorithm is |
||||
known. This means, for example, that that following steps will still |
||||
work: |
||||
|
||||
$> openssl dgst -sha1 -binary -out sha1 infile |
||||
$> openssl pkeyutl -inkey key.pem -sign -in sha1 -out sha1sig |
||||
$> openssl pkeyutl -inkey key.pem -verify -sigfile sha1sig -in sha1 |
||||
|
||||
whereas these will not: |
||||
|
||||
$> openssl dgst -sha1 -binary -out sha1 infile |
||||
$> openssl pkeyutl -inkey kem.pem -sign -in sha1 -out sha1sig -pkeyopt digest:sha1 |
||||
$> openssl pkeyutl -inkey kem.pem -verify -sigfile sha1sig -in sha1 -pkeyopt digest:sha1 |
||||
|
||||
This happens because in the first case, OpenSSL's signature |
||||
implementation does not know that it is signing a SHA1 hash (it could be |
||||
signing arbitrary data). |
||||
|
||||
Resolves: rhbz#2031742 |
||||
--- |
||||
crypto/evp/evp_cnf.c | 13 ++++ |
||||
crypto/evp/m_sigver.c | 77 +++++++++++++++++++ |
||||
crypto/evp/pmeth_lib.c | 15 ++++ |
||||
doc/man5/config.pod | 11 +++ |
||||
include/internal/cryptlib.h | 3 +- |
||||
include/internal/sslconf.h | 4 + |
||||
providers/common/securitycheck.c | 20 +++++ |
||||
providers/common/securitycheck_default.c | 9 ++- |
||||
providers/implementations/signature/dsa_sig.c | 11 ++- |
||||
.../implementations/signature/ecdsa_sig.c | 4 + |
||||
providers/implementations/signature/rsa_sig.c | 20 ++++- |
||||
ssl/t1_lib.c | 8 ++ |
||||
util/libcrypto.num | 2 + |
||||
13 files changed, 188 insertions(+), 9 deletions(-) |
||||
|
||||
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c |
||||
index 0e7fe64cf9..b9d3b6d226 100644 |
||||
--- a/crypto/evp/evp_cnf.c |
||||
+++ b/crypto/evp/evp_cnf.c |
||||
@@ -10,6 +10,7 @@ |
||||
#include <stdio.h> |
||||
#include <openssl/crypto.h> |
||||
#include "internal/cryptlib.h" |
||||
+#include "internal/sslconf.h" |
||||
#include <openssl/conf.h> |
||||
#include <openssl/x509.h> |
||||
#include <openssl/x509v3.h> |
||||
@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) |
||||
ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); |
||||
return 0; |
||||
} |
||||
+ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) { |
||||
+ int m; |
||||
+ |
||||
+ /* Detailed error already reported. */ |
||||
+ if (!X509V3_get_value_bool(oval, &m)) |
||||
+ return 0; |
||||
+ |
||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed_set( |
||||
+ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) { |
||||
+ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); |
||||
+ return 0; |
||||
+ } |
||||
} else { |
||||
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, |
||||
"name=%s, value=%s", oval->name, oval->value); |
||||
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c |
||||
index 9188edbc21..db1a1d7bc3 100644 |
||||
--- a/crypto/evp/m_sigver.c |
||||
+++ b/crypto/evp/m_sigver.c |
||||
@@ -16,6 +16,71 @@ |
||||
#include "internal/numbers.h" /* includes SIZE_MAX */ |
||||
#include "evp_local.h" |
||||
|
||||
+typedef struct ossl_legacy_digest_signatures_st { |
||||
+ int allowed; |
||||
+} OSSL_LEGACY_DIGEST_SIGNATURES; |
||||
+ |
||||
+static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs) |
||||
+{ |
||||
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs; |
||||
+ |
||||
+ if (ldsigs != NULL) { |
||||
+ OPENSSL_free(ldsigs); |
||||
+ } |
||||
+} |
||||
+ |
||||
+static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) |
||||
+{ |
||||
+ return OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES)); |
||||
+} |
||||
+ |
||||
+static const OSSL_LIB_CTX_METHOD ossl_ctx_legacy_digest_signatures_method = { |
||||
+ OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, |
||||
+ ossl_ctx_legacy_digest_signatures_new, |
||||
+ ossl_ctx_legacy_digest_signatures_free, |
||||
+}; |
||||
+ |
||||
+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures( |
||||
+ OSSL_LIB_CTX *libctx, int loadconfig) |
||||
+{ |
||||
+#ifndef FIPS_MODULE |
||||
+ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) |
||||
+ return 0; |
||||
+#endif |
||||
+ |
||||
+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES, |
||||
+ &ossl_ctx_legacy_digest_signatures_method); |
||||
+} |
||||
+ |
||||
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig) |
||||
+{ |
||||
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs |
||||
+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); |
||||
+ |
||||
+#ifndef FIPS_MODULE |
||||
+ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL) |
||||
+ /* used in tests */ |
||||
+ return 1; |
||||
+#endif |
||||
+ |
||||
+ return ldsigs != NULL ? ldsigs->allowed : 0; |
||||
+} |
||||
+ |
||||
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, |
||||
+ int loadconfig) |
||||
+{ |
||||
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs |
||||
+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig); |
||||
+ |
||||
+ if (ldsigs == NULL) { |
||||
+ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); |
||||
+ return 0; |
||||
+ } |
||||
+ |
||||
+ ldsigs->allowed = allow; |
||||
+ return 1; |
||||
+} |
||||
+ |
||||
#ifndef FIPS_MODULE |
||||
|
||||
static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) |
||||
@@ -258,6 +323,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, |
||||
} |
||||
} |
||||
|
||||
+ if (ctx->reqdigest != NULL |
||||
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) |
||||
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) |
||||
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) { |
||||
+ int mdnid = EVP_MD_nid(ctx->reqdigest); |
||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0) |
||||
+ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) { |
||||
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); |
||||
+ goto err; |
||||
+ } |
||||
+ } |
||||
+ |
||||
if (ver) { |
||||
if (signature->digest_verify_init == NULL) { |
||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); |
||||
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c |
||||
index 2b9c6c2351..3c5a1e6f5d 100644 |
||||
--- a/crypto/evp/pmeth_lib.c |
||||
+++ b/crypto/evp/pmeth_lib.c |
||||
@@ -33,6 +33,7 @@ |
||||
#include "internal/ffc.h" |
||||
#include "internal/numbers.h" |
||||
#include "internal/provider.h" |
||||
+#include "internal/sslconf.h" |
||||
#include "evp_local.h" |
||||
|
||||
#ifndef FIPS_MODULE |
||||
@@ -946,6 +947,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, |
||||
return -2; |
||||
} |
||||
|
||||
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) |
||||
+ && md != NULL |
||||
+ && ctx->pkey != NULL |
||||
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac) |
||||
+ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf) |
||||
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) { |
||||
+ int mdnid = EVP_MD_nid(md); |
||||
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) |
||||
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) { |
||||
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); |
||||
+ return -1; |
||||
+ } |
||||
+ } |
||||
+ |
||||
if (fallback) |
||||
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md)); |
||||
|
||||
diff --git a/doc/man5/config.pod b/doc/man5/config.pod |
||||
index 77a8055e81..aa1be5ca7f 100644 |
||||
--- a/doc/man5/config.pod |
||||
+++ b/doc/man5/config.pod |
||||
@@ -304,6 +304,17 @@ Within the algorithm properties section, the following names have meaning: |
||||
The value may be anything that is acceptable as a property query |
||||
string for EVP_set_default_properties(). |
||||
|
||||
+=item B<rh-allow-sha1-signatures> |
||||
+ |
||||
+The value is a boolean that can be B<yes> or B<no>. If the value is not set, |
||||
+it behaves as if it was set to B<no>. |
||||
+ |
||||
+When set to B<no>, any attempt to create or verify a signature with a SHA1 |
||||
+digest will fail. For compatibility with older versions of OpenSSL, set this |
||||
+option to B<yes>. This setting also affects TLS, where signature algorithms |
||||
+that use SHA1 as digest will no longer be supported if this option is set to |
||||
+B<no>. |
||||
+ |
||||
=item B<fips_mode> (deprecated) |
||||
|
||||
The value is a boolean that can be B<yes> or B<no>. If the value is |
||||
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h |
||||
index 1291299b6e..e234341e6a 100644 |
||||
--- a/include/internal/cryptlib.h |
||||
+++ b/include/internal/cryptlib.h |
||||
@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st { |
||||
# define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16 |
||||
# define OSSL_LIB_CTX_BIO_CORE_INDEX 17 |
||||
# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 |
||||
-# define OSSL_LIB_CTX_MAX_INDEXES 19 |
||||
+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES 19 |
||||
+# define OSSL_LIB_CTX_MAX_INDEXES 20 |
||||
|
||||
# define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1 |
||||
# define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0 |
||||
diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h |
||||
index fd7f7e3331..05464b0655 100644 |
||||
--- a/include/internal/sslconf.h |
||||
+++ b/include/internal/sslconf.h |
||||
@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx); |
||||
void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, |
||||
char **arg); |
||||
|
||||
+/* Methods to support disabling all signatures with legacy digests */ |
||||
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig); |
||||
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow, |
||||
+ int loadconfig); |
||||
#endif |
||||
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c |
||||
index 699ada7c52..e534ad0a5f 100644 |
||||
--- a/providers/common/securitycheck.c |
||||
+++ b/providers/common/securitycheck.c |
||||
@@ -19,6 +19,7 @@ |
||||
#include <openssl/core_names.h> |
||||
#include <openssl/obj_mac.h> |
||||
#include "prov/securitycheck.h" |
||||
+#include "internal/sslconf.h" |
||||
|
||||
/* |
||||
* FIPS requires a minimum security strength of 112 bits (for encryption or |
||||
@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, |
||||
mdnid = -1; /* disallowed by security checks */ |
||||
} |
||||
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ |
||||
+ |
||||
+#ifndef FIPS_MODULE |
||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) |
||||
+ /* SHA1 is globally disabled, check whether we want to locally allow |
||||
+ * it. */ |
||||
+ if (mdnid == NID_sha1 && !sha1_allowed) |
||||
+ mdnid = -1; |
||||
+#endif |
||||
+ |
||||
return mdnid; |
||||
} |
||||
|
||||
@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md) |
||||
if (ossl_securitycheck_enabled(ctx)) |
||||
return ossl_digest_get_approved_nid(md) != NID_undef; |
||||
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ |
||||
+ |
||||
+#ifndef FIPS_MODULE |
||||
+ { |
||||
+ int mdnid = EVP_MD_nid(md); |
||||
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) |
||||
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) |
||||
+ return 0; |
||||
+ } |
||||
+#endif |
||||
+ |
||||
return 1; |
||||
} |
||||
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c |
||||
index de7f0d3a0a..ce54a94fbc 100644 |
||||
--- a/providers/common/securitycheck_default.c |
||||
+++ b/providers/common/securitycheck_default.c |
||||
@@ -15,6 +15,7 @@ |
||||
#include <openssl/obj_mac.h> |
||||
#include "prov/securitycheck.h" |
||||
#include "internal/nelem.h" |
||||
+#include "internal/sslconf.h" |
||||
|
||||
/* Disable the security checks in the default provider */ |
||||
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) |
||||
@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) |
||||
} |
||||
|
||||
int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, |
||||
- ossl_unused int sha1_allowed) |
||||
+ int sha1_allowed) |
||||
{ |
||||
int mdnid; |
||||
+ int ldsigs_allowed; |
||||
|
||||
static const OSSL_ITEM name_to_nid[] = { |
||||
{ NID_md5, OSSL_DIGEST_NAME_MD5 }, |
||||
@@ -36,8 +38,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, |
||||
{ NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 }, |
||||
}; |
||||
|
||||
- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1); |
||||
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0); |
||||
+ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed); |
||||
if (mdnid == NID_undef) |
||||
mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid)); |
||||
+ if (mdnid == NID_md5_sha1 && !ldsigs_allowed) |
||||
+ mdnid = -1; |
||||
return mdnid; |
||||
} |
||||
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c |
||||
index 28fd7c498e..fa3822f39f 100644 |
||||
--- a/providers/implementations/signature/dsa_sig.c |
||||
+++ b/providers/implementations/signature/dsa_sig.c |
||||
@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, |
||||
mdprops = ctx->propq; |
||||
|
||||
if (mdname != NULL) { |
||||
- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); |
||||
WPACKET pkt; |
||||
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); |
||||
- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, |
||||
- sha1_allowed); |
||||
+ int md_nid; |
||||
size_t mdname_len = strlen(mdname); |
||||
+#ifdef FIPS_MODULE |
||||
+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); |
||||
+#else |
||||
+ int sha1_allowed = 0; |
||||
+#endif |
||||
+ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, |
||||
+ sha1_allowed); |
||||
|
||||
if (md == NULL || md_nid < 0) { |
||||
if (md == NULL) |
||||
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c |
||||
index 865d49d100..99b228e82c 100644 |
||||
--- a/providers/implementations/signature/ecdsa_sig.c |
||||
+++ b/providers/implementations/signature/ecdsa_sig.c |
||||
@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, |
||||
"%s could not be fetched", mdname); |
||||
return 0; |
||||
} |
||||
+#ifdef FIPS_MODULE |
||||
sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); |
||||
+#else |
||||
+ sha1_allowed = 0; |
||||
+#endif |
||||
md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, |
||||
sha1_allowed); |
||||
if (md_nid < 0) { |
||||
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c |
||||
index 325e855333..bea397f0c1 100644 |
||||
--- a/providers/implementations/signature/rsa_sig.c |
||||
+++ b/providers/implementations/signature/rsa_sig.c |
||||
@@ -26,6 +26,7 @@ |
||||
#include "internal/cryptlib.h" |
||||
#include "internal/nelem.h" |
||||
#include "internal/sizes.h" |
||||
+#include "internal/sslconf.h" |
||||
#include "crypto/rsa.h" |
||||
#include "prov/providercommon.h" |
||||
#include "prov/implementations.h" |
||||
@@ -34,6 +35,7 @@ |
||||
#include "prov/securitycheck.h" |
||||
|
||||
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1 |
||||
+#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256 |
||||
|
||||
static OSSL_FUNC_signature_newctx_fn rsa_newctx; |
||||
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init; |
||||
@@ -289,10 +291,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, |
||||
|
||||
if (mdname != NULL) { |
||||
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); |
||||
+ int md_nid; |
||||
+ size_t mdname_len = strlen(mdname); |
||||
+#ifdef FIPS_MODULE |
||||
int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); |
||||
- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, |
||||
+#else |
||||
+ int sha1_allowed = 0; |
||||
+#endif |
||||
+ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, |
||||
sha1_allowed); |
||||
- size_t mdname_len = strlen(mdname); |
||||
|
||||
if (md == NULL |
||||
|| md_nid <= 0 |
||||
@@ -1348,8 +1355,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) |
||||
prsactx->pad_mode = pad_mode; |
||||
|
||||
if (prsactx->md == NULL && pmdname == NULL |
||||
- && pad_mode == RSA_PKCS1_PSS_PADDING) |
||||
+ && pad_mode == RSA_PKCS1_PSS_PADDING) { |
||||
pmdname = RSA_DEFAULT_DIGEST_NAME; |
||||
+#ifndef FIPS_MODULE |
||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) { |
||||
+ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY; |
||||
+ } |
||||
+#endif |
||||
+ } |
||||
+ |
||||
|
||||
if (pmgf1mdname != NULL |
||||
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops)) |
||||
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c |
||||
index fc32bb3556..4b74ee1a34 100644 |
||||
--- a/ssl/t1_lib.c |
||||
+++ b/ssl/t1_lib.c |
||||
@@ -20,6 +20,7 @@ |
||||
#include <openssl/bn.h> |
||||
#include <openssl/provider.h> |
||||
#include <openssl/param_build.h> |
||||
+#include "internal/sslconf.h" |
||||
#include "internal/nelem.h" |
||||
#include "internal/sizes.h" |
||||
#include "internal/tlsgroups.h" |
||||
@@ -1145,11 +1146,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) |
||||
= OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl)); |
||||
EVP_PKEY *tmpkey = EVP_PKEY_new(); |
||||
int ret = 0; |
||||
+ int ldsigs_allowed; |
||||
|
||||
if (cache == NULL || tmpkey == NULL) |
||||
goto err; |
||||
|
||||
ERR_set_mark(); |
||||
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0); |
||||
for (i = 0, lu = sigalg_lookup_tbl; |
||||
i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { |
||||
EVP_PKEY_CTX *pctx; |
||||
@@ -1169,6 +1172,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx) |
||||
cache[i].enabled = 0; |
||||
continue; |
||||
} |
||||
+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1) |
||||
+ && !ldsigs_allowed) { |
||||
+ cache[i].enabled = 0; |
||||
+ continue; |
||||
+ } |
||||
|
||||
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) { |
||||
cache[i].enabled = 0; |
||||
diff --git a/util/libcrypto.num b/util/libcrypto.num |
||||
index 10b4e57d79..2d3c363bb0 100644 |
||||
--- a/util/libcrypto.num |
||||
+++ b/util/libcrypto.num |
||||
@@ -5426,3 +5426,5 @@ ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION: |
||||
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: |
||||
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: |
||||
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: |
||||
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: |
||||
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: |
||||
-- |
||||
2.35.1 |
||||
|
@ -0,0 +1,95 @@
@@ -0,0 +1,95 @@
|
||||
diff -up openssl-3.0.1/crypto/pkcs12/p12_key.c.pkc12_fips openssl-3.0.1/crypto/pkcs12/p12_key.c |
||||
--- openssl-3.0.1/crypto/pkcs12/p12_key.c.pkc12_fips 2022-02-21 12:35:24.829893907 +0100 |
||||
+++ openssl-3.0.1/crypto/pkcs12/p12_key.c 2022-02-21 13:01:22.711622967 +0100 |
||||
@@ -85,17 +85,41 @@ int PKCS12_key_gen_uni_ex(unsigned char |
||||
EVP_KDF *kdf; |
||||
EVP_KDF_CTX *ctx; |
||||
OSSL_PARAM params[6], *p = params; |
||||
+ char *adjusted_propq = NULL; |
||||
|
||||
if (n <= 0) |
||||
return 0; |
||||
|
||||
- kdf = EVP_KDF_fetch(libctx, "PKCS12KDF", propq); |
||||
- if (kdf == NULL) |
||||
+ if (ossl_get_kernel_fips_flag()) { |
||||
+ const char *nofips = "-fips"; |
||||
+ size_t len = propq ? strlen(propq) + 1 + strlen(nofips) + 1 : |
||||
+ strlen(nofips) + 1; |
||||
+ char *ptr = NULL; |
||||
+ |
||||
+ adjusted_propq = OPENSSL_zalloc(len); |
||||
+ if (adjusted_propq != NULL) { |
||||
+ ptr = adjusted_propq; |
||||
+ if (propq) { |
||||
+ memcpy(ptr, propq, strlen(propq)); |
||||
+ ptr += strlen(propq); |
||||
+ *ptr = ','; |
||||
+ ptr++; |
||||
+ } |
||||
+ memcpy(ptr, nofips, strlen(nofips)); |
||||
+ } |
||||
+ } |
||||
+ |
||||
+ kdf = adjusted_propq ? EVP_KDF_fetch(libctx, "PKCS12KDF", adjusted_propq) : EVP_KDF_fetch(libctx, "PKCS12KDF", propq); |
||||
+ if (kdf == NULL) { |
||||
+ OPENSSL_free(adjusted_propq); |
||||
return 0; |
||||
+ } |
||||
ctx = EVP_KDF_CTX_new(kdf); |
||||
EVP_KDF_free(kdf); |
||||
- if (ctx == NULL) |
||||
+ if (ctx == NULL) { |
||||
+ OPENSSL_free(adjusted_propq); |
||||
return 0; |
||||
+ } |
||||
|
||||
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, |
||||
(char *)EVP_MD_get0_name(md_type), |
||||
@@ -127,6 +149,7 @@ int PKCS12_key_gen_uni_ex(unsigned char |
||||
} OSSL_TRACE_END(PKCS12_KEYGEN); |
||||
} |
||||
EVP_KDF_CTX_free(ctx); |
||||
+ OPENSSL_free(adjusted_propq); |
||||
return res; |
||||
} |
||||
|
||||
diff -up openssl-3.0.1/apps/pkcs12.c.pkc12_fips_apps openssl-3.0.1/apps/pkcs12.c |
||||
--- openssl-3.0.1/apps/pkcs12.c.pkc12_fips_apps 2022-02-21 16:37:07.908923682 +0100 |
||||
+++ openssl-3.0.1/apps/pkcs12.c 2022-02-21 17:38:44.555345633 +0100 |
||||
@@ -765,15 +765,34 @@ int pkcs12_main(int argc, char **argv) |
||||
} |
||||
if (macver) { |
||||
EVP_KDF *pkcs12kdf; |
||||
+ char *adjusted_propq = NULL; |
||||
+ const char *nofips = "-fips"; |
||||
+ size_t len = app_get0_propq() ? strlen(app_get0_propq()) + 1 + strlen(nofips) + 1 : |
||||
+ strlen(nofips) + 1; |
||||
+ char *ptr = NULL; |
||||
+ |
||||
+ adjusted_propq = OPENSSL_zalloc(len); |
||||
+ if (adjusted_propq != NULL) { |
||||
+ ptr = adjusted_propq; |
||||
+ if (app_get0_propq()) { |
||||
+ memcpy(ptr, app_get0_propq(), strlen(app_get0_propq())); |
||||
+ ptr += strlen(app_get0_propq()); |
||||
+ *ptr = ','; |
||||
+ ptr++; |
||||
+ } |
||||
+ memcpy(ptr, nofips, strlen(nofips)); |
||||
+ } |
||||
|
||||
pkcs12kdf = EVP_KDF_fetch(app_get0_libctx(), "PKCS12KDF", |
||||
- app_get0_propq()); |
||||
+ adjusted_propq ? adjusted_propq : app_get0_propq()); |
||||
if (pkcs12kdf == NULL) { |
||||
BIO_printf(bio_err, "Error verifying PKCS12 MAC; no PKCS12KDF support.\n"); |
||||
BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n"); |
||||
+ OPENSSL_free(adjusted_propq); |
||||
goto end; |
||||
} |
||||
EVP_KDF_free(pkcs12kdf); |
||||
+ OPENSSL_free(adjusted_propq); |
||||
/* If we enter empty password try no password first */ |
||||
if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { |
||||
/* If mac and crypto pass the same set it to NULL too */ |
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,206 @@
@@ -0,0 +1,206 @@
|
||||
From c63599ee9708d543205a9173207ee7167315c624 Mon Sep 17 00:00:00 2001 |
||||
From: Clemens Lang <cllang@redhat.com> |
||||
Date: Tue, 1 Mar 2022 15:44:18 +0100 |
||||
Subject: [PATCH] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes |
||||
|
||||
References: rhbz#2055796 |
||||
--- |
||||
crypto/x509/x509_vfy.c | 19 ++++++++++- |
||||
doc/man5/config.pod | 7 +++- |
||||
ssl/t1_lib.c | 64 ++++++++++++++++++++++++++++------- |
||||
test/recipes/25-test_verify.t | 7 ++-- |
||||
4 files changed, 79 insertions(+), 18 deletions(-) |
||||
|
||||
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c |
||||
index ff3ca83de6..a549c1c111 100644 |
||||
--- a/crypto/x509/x509_vfy.c |
||||
+++ b/crypto/x509/x509_vfy.c |
||||
@@ -25,6 +25,7 @@ |
||||
#include <openssl/objects.h> |
||||
#include <openssl/core_names.h> |
||||
#include "internal/dane.h" |
||||
+#include "internal/sslconf.h" |
||||
#include "crypto/x509.h" |
||||
#include "x509_local.h" |
||||
|
||||
@@ -3440,14 +3441,30 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) |
||||
{ |
||||
int secbits = -1; |
||||
int level = ctx->param->auth_level; |
||||
+ int nid; |
||||
+ OSSL_LIB_CTX *libctx = NULL; |
||||
|
||||
if (level <= 0) |
||||
return 1; |
||||
if (level > NUM_AUTH_LEVELS) |
||||
level = NUM_AUTH_LEVELS; |
||||
|
||||
- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL)) |
||||
+ if (ctx->libctx) |
||||
+ libctx = ctx->libctx; |
||||
+ else if (cert->libctx) |
||||
+ libctx = cert->libctx; |
||||
+ else |
||||
+ libctx = OSSL_LIB_CTX_get0_global_default(); |
||||
+ |
||||
+ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL)) |
||||
return 0; |
||||
|
||||
+ if (nid == NID_sha1 |
||||
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) |
||||
+ && ctx->param->auth_level < 3) |
||||
+ /* When rh-allow-sha1-signatures = yes and security level <= 2, |
||||
+ * explicitly allow SHA1 for backwards compatibility. */ |
||||
+ return 1; |
||||
+ |
||||
return secbits >= minbits_table[level - 1]; |
||||
} |
||||
diff --git a/doc/man5/config.pod b/doc/man5/config.pod |
||||
index aa1be5ca7f..aa69e2b844 100644 |
||||
--- a/doc/man5/config.pod |
||||
+++ b/doc/man5/config.pod |
||||
@@ -305,7 +305,12 @@ When set to B<no>, any attempt to create or verify a signature with a SHA1 |
||||
digest will fail. For compatibility with older versions of OpenSSL, set this |
||||
option to B<yes>. This setting also affects TLS, where signature algorithms |
||||
that use SHA1 as digest will no longer be supported if this option is set to |
||||
-B<no>. |
||||
+B<no>. Note that enabling B<rh-allow-sha1-signatures> will allow TLS signature |
||||
+algorithms that use SHA1 in security level 2, despite the definition of |
||||
+security level 2 of 112 bits of security, which SHA1 does not meet. Because |
||||
+TLS 1.1 or lower use MD5-SHA1 as pseudorandom function (PRF) to derive key |
||||
+material, disabling B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or |
||||
+newer. |
||||
|
||||
=item B<fips_mode> (deprecated) |
||||
|
||||
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c |
||||
index 4b74ee1a34..5f089de107 100644 |
||||
--- a/ssl/t1_lib.c |
||||
+++ b/ssl/t1_lib.c |
||||
@@ -20,6 +20,7 @@ |
||||
#include <openssl/bn.h> |
||||
#include <openssl/provider.h> |
||||
#include <openssl/param_build.h> |
||||
+#include "crypto/x509.h" |
||||
#include "internal/sslconf.h" |
||||
#include "internal/nelem.h" |
||||
#include "internal/sizes.h" |
||||
@@ -1561,19 +1562,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) |
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST); |
||||
return 0; |
||||
} |
||||
- /* |
||||
- * Make sure security callback allows algorithm. For historical |
||||
- * reasons we have to pass the sigalg as a two byte char array. |
||||
- */ |
||||
- sigalgstr[0] = (sig >> 8) & 0xff; |
||||
- sigalgstr[1] = sig & 0xff; |
||||
- secbits = sigalg_security_bits(s->ctx, lu); |
||||
- if (secbits == 0 || |
||||
- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, |
||||
- md != NULL ? EVP_MD_get_type(md) : NID_undef, |
||||
- (void *)sigalgstr)) { |
||||
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); |
||||
- return 0; |
||||
+ |
||||
+ if (lu->hash == NID_sha1 |
||||
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) |
||||
+ && SSL_get_security_level(s) < 3) { |
||||
+ /* when rh-allow-sha1-signatures = yes and security level <= 2, |
||||
+ * explicitly allow SHA1 for backwards compatibility */ |
||||
+ } else { |
||||
+ /* |
||||
+ * Make sure security callback allows algorithm. For historical |
||||
+ * reasons we have to pass the sigalg as a two byte char array. |
||||
+ */ |
||||
+ sigalgstr[0] = (sig >> 8) & 0xff; |
||||
+ sigalgstr[1] = sig & 0xff; |
||||
+ secbits = sigalg_security_bits(s->ctx, lu); |
||||
+ if (secbits == 0 || |
||||
+ !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, |
||||
+ md != NULL ? EVP_MD_get_type(md) : NID_undef, |
||||
+ (void *)sigalgstr)) { |
||||
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); |
||||
+ return 0; |
||||
+ } |
||||
} |
||||
/* Store the sigalg the peer uses */ |
||||
s->s3.tmp.peer_sigalg = lu; |
||||
@@ -2106,6 +2115,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) |
||||
} |
||||
} |
||||
|
||||
+ if (lu->hash == NID_sha1 |
||||
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) |
||||
+ && SSL_get_security_level(s) < 3) { |
||||
+ /* when rh-allow-sha1-signatures = yes and security level <= 2, |
||||
+ * explicitly allow SHA1 for backwards compatibility */ |
||||
+ return 1; |
||||
+ } |
||||
+ |
||||
/* Finally see if security callback allows it */ |
||||
secbits = sigalg_security_bits(s->ctx, lu); |
||||
sigalgstr[0] = (lu->sigalg >> 8) & 0xff; |
||||
@@ -2977,6 +2994,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) |
||||
{ |
||||
/* Lookup signature algorithm digest */ |
||||
int secbits, nid, pknid; |
||||
+ OSSL_LIB_CTX *libctx = NULL; |
||||
+ |
||||
/* Don't check signature if self signed */ |
||||
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) |
||||
return 1; |
||||
@@ -2985,6 +3004,25 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) |
||||
/* If digest NID not defined use signature NID */ |
||||
if (nid == NID_undef) |
||||
nid = pknid; |
||||
+ |
||||
+ if (x && x->libctx) |
||||
+ libctx = x->libctx; |
||||
+ else if (ctx && ctx->libctx) |
||||
+ libctx = ctx->libctx; |
||||
+ else if (s && s->ctx && s->ctx->libctx) |
||||
+ libctx = s->ctx->libctx; |
||||
+ else |
||||
+ libctx = OSSL_LIB_CTX_get0_global_default(); |
||||
+ |
||||
+ if (nid == NID_sha1 |
||||
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) |
||||
+ && ((s != NULL && SSL_get_security_level(s) < 3) |
||||
+ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 3) |
||||
+ )) |
||||
+ /* When rh-allow-sha1-signatures = yes and security level <= 2, |
||||
+ * explicitly allow SHA1 for backwards compatibility. */ |
||||
+ return 1; |
||||
+ |
||||
if (s) |
||||
return ssl_security(s, op, secbits, nid, x); |
||||
else |
||||
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t |
||||
index 700bbd849c..2de1d76b5e 100644 |
||||
--- a/test/recipes/25-test_verify.t |
||||
+++ b/test/recipes/25-test_verify.t |
||||
@@ -29,7 +29,7 @@ sub verify { |
||||
run(app([@args])); |
||||
} |
||||
|
||||
-plan tests => 163; |
||||
+plan tests => 162; |
||||
|
||||
# Canonical success |
||||
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), |
||||
@@ -387,8 +387,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0" |
||||
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ), |
||||
"CA with PSS signature using SHA256"); |
||||
|
||||
-ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"), |
||||
- "Reject PSS signature using SHA1 and auth level 1"); |
||||
+## rh-allow-sha1-signatures=yes allows this to pass despite -auth_level 1 |
||||
+#ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"), |
||||
+# "Reject PSS signature using SHA1 and auth level 1"); |
||||
|
||||
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"), |
||||
"PSS signature using SHA256 and auth level 2"); |
||||
-- |
||||
2.35.1 |
||||
|
@ -0,0 +1,188 @@
@@ -0,0 +1,188 @@
|
||||
From 23f1773ddf92979006d0f438523f3c73320c384f Mon Sep 17 00:00:00 2001 |
||||
From: Tomas Mraz <tomas@openssl.org> |
||||
Date: Mon, 28 Feb 2022 18:26:30 +0100 |
||||
Subject: [PATCH] Add documentation of BN_mod_sqrt() |
||||
|
||||
--- |
||||
doc/man3/BN_add.pod | 15 +++++++++++++-- |
||||
util/missingcrypto.txt | 1 - |
||||
2 files changed, 13 insertions(+), 3 deletions(-) |
||||
|
||||
diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod |
||||
index 62d3ee7205..cf6c49c0e3 100644 |
||||
--- a/doc/man3/BN_add.pod |
||||
+++ b/doc/man3/BN_add.pod |
||||
@@ -3,7 +3,7 @@ |
||||
=head1 NAME |
||||
|
||||
BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, |
||||
-BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd - |
||||
+BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd - |
||||
arithmetic operations on BIGNUMs |
||||
|
||||
=head1 SYNOPSIS |
||||
@@ -36,6 +36,8 @@ arithmetic operations on BIGNUMs |
||||
|
||||
int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); |
||||
|
||||
+ BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); |
||||
+ |
||||
int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); |
||||
|
||||
int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, |
||||
@@ -87,6 +89,12 @@ L<BN_mod_mul_reciprocal(3)>. |
||||
BN_mod_sqr() takes the square of I<a> modulo B<m> and places the |
||||
result in I<r>. |
||||
|
||||
+BN_mod_sqrt() returns the modular square root of I<a> such that |
||||
+C<in^2 = a (mod p)>. The modulus I<p> must be a |
||||
+prime, otherwise an error or an incorrect "result" will be returned. |
||||
+The result is stored into I<in> which can be NULL. The result will be |
||||
+newly allocated in that case. |
||||
+ |
||||
BN_exp() raises I<a> to the I<p>-th power and places the result in I<r> |
||||
(C<r=a^p>). This function is faster than repeated applications of |
||||
BN_mul(). |
||||
@@ -108,7 +116,10 @@ the arguments. |
||||
|
||||
=head1 RETURN VALUES |
||||
|
||||
-For all functions, 1 is returned for success, 0 on error. The return |
||||
+The BN_mod_sqrt() returns the result (possibly incorrect if I<p> is |
||||
+not a prime), or NULL. |
||||
+ |
||||
+For all remaining functions, 1 is returned for success, 0 on error. The return |
||||
value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>). |
||||
The error codes can be obtained by L<ERR_get_error(3)>. |
||||
|
||||
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt |
||||
index b61bdeb880..4d2fd7f6b7 100644 |
||||
--- a/util/missingcrypto.txt |
||||
+++ b/util/missingcrypto.txt |
||||
@@ -264,7 +264,6 @@ BN_mod_lshift(3) |
||||
BN_mod_lshift1(3) |
||||
BN_mod_lshift1_quick(3) |
||||
BN_mod_lshift_quick(3) |
||||
-BN_mod_sqrt(3) |
||||
BN_mod_sub_quick(3) |
||||
BN_nist_mod_192(3) |
||||
BN_nist_mod_224(3) |
||||
|
||||
From 46673310c9a755b2a56f53d115854983d6ada11a Mon Sep 17 00:00:00 2001 |
||||
From: Tomas Mraz <tomas@openssl.org> |
||||
Date: Mon, 28 Feb 2022 18:26:35 +0100 |
||||
Subject: [PATCH] Add a negative testcase for BN_mod_sqrt |
||||
|
||||
--- |
||||
test/bntest.c | 11 ++++++++++- |
||||
test/recipes/10-test_bn_data/bnmod.txt | 12 ++++++++++++ |
||||
2 files changed, 22 insertions(+), 1 deletion(-) |
||||
|
||||
diff --git a/test/bntest.c b/test/bntest.c |
||||
index efdb3ef963..d49f87373a 100644 |
||||
--- a/test/bntest.c |
||||
+++ b/test/bntest.c |
||||
@@ -1732,8 +1732,17 @@ static int file_modsqrt(STANZA *s) |
||||
|| !TEST_ptr(ret2 = BN_new())) |
||||
goto err; |
||||
|
||||
+ if (BN_is_negative(mod_sqrt)) { |
||||
+ /* A negative testcase */ |
||||
+ if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx))) |
||||
+ goto err; |
||||
+ |
||||
+ st = 1; |
||||
+ goto err; |
||||
+ } |
||||
+ |
||||
/* There are two possible answers. */ |
||||
- if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx)) |
||||
+ if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx)) |
||||
|| !TEST_true(BN_sub(ret2, p, ret))) |
||||
goto err; |
||||
|
||||
diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt |
||||
index e22d656091..bc8a434ea5 100644 |
||||
--- a/test/recipes/10-test_bn_data/bnmod.txt |
||||
+++ b/test/recipes/10-test_bn_data/bnmod.txt |
||||
@@ -2799,3 +2799,15 @@ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f |
||||
ModSqrt = a1d52989f12f204d3d2167d9b1e6c8a6174c0c786a979a5952383b7b8bd186 |
||||
A = 2eee37cf06228a387788188e650bc6d8a2ff402931443f69156a29155eca07dcb45f3aac238d92943c0c25c896098716baa433f25bd696a142f5a69d5d937e81 |
||||
P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f |
||||
+ |
||||
+# Negative testcases for BN_mod_sqrt() |
||||
+ |
||||
+# This one triggers an infinite loop with unfixed implementation |
||||
+# It should just fail. |
||||
+ModSqrt = -1 |
||||
+A = 20a7ee |
||||
+P = 460201 |
||||
+ |
||||
+ModSqrt = -1 |
||||
+A = 65bebdb00a96fc814ec44b81f98b59fba3c30203928fa5214c51e0a97091645280c947b005847f239758482b9bfc45b066fde340d1fe32fc9c1bf02e1b2d0ed |
||||
+P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f |
||||
|
||||
From cafcc62d7719dea73f334c9ef763d1e215fcd94d Mon Sep 17 00:00:00 2001 |
||||
From: Tomas Mraz <tomas@openssl.org> |
||||
Date: Mon, 28 Feb 2022 18:26:21 +0100 |
||||
Subject: [PATCH] Fix possible infinite loop in BN_mod_sqrt() |
||||
|
||||
The calculation in some cases does not finish for non-prime p. |
||||
|
||||
This fixes CVE-2022-0778. |
||||
|
||||
Based on patch by David Benjamin <davidben@google.com>. |
||||
--- |
||||
crypto/bn/bn_sqrt.c | 30 ++++++++++++++++++------------ |
||||
1 file changed, 18 insertions(+), 12 deletions(-) |
||||
|
||||
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c |
||||
index b663ae5ec5..c5ea7ab194 100644 |
||||
--- a/crypto/bn/bn_sqrt.c |
||||
+++ b/crypto/bn/bn_sqrt.c |
||||
@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) |
||||
/* |
||||
* Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks |
||||
* algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number |
||||
- * Theory", algorithm 1.5.1). 'p' must be prime! |
||||
+ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or |
||||
+ * an incorrect "result" will be returned. |
||||
*/ |
||||
{ |
||||
BIGNUM *ret = in; |
||||
@@ -303,18 +304,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) |
||||
goto vrfy; |
||||
} |
||||
|
||||
- /* find smallest i such that b^(2^i) = 1 */ |
||||
- i = 1; |
||||
- if (!BN_mod_sqr(t, b, p, ctx)) |
||||
- goto end; |
||||
- while (!BN_is_one(t)) { |
||||
- i++; |
||||
- if (i == e) { |
||||
- ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE); |
||||
- goto end; |
||||
+ /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */ |
||||
+ for (i = 1; i < e; i++) { |
||||
+ if (i == 1) { |
||||
+ if (!BN_mod_sqr(t, b, p, ctx)) |
||||
+ goto end; |
||||
+ |
||||
+ } else { |
||||
+ if (!BN_mod_mul(t, t, t, p, ctx)) |
||||
+ goto end; |
||||
} |
||||
- if (!BN_mod_mul(t, t, t, p, ctx)) |
||||
- goto end; |
||||
+ if (BN_is_one(t)) |
||||
+ break; |
||||
+ } |
||||
+ /* If not found, a is not a square or p is not prime. */ |
||||
+ if (i >= e) { |
||||
+ ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE); |
||||
+ goto end; |
||||
} |
||||
|
||||
/* t := y^2^(e - i - 1) */ |
||||
|
@ -0,0 +1,53 @@
@@ -0,0 +1,53 @@
|
||||
From 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62 Mon Sep 17 00:00:00 2001 |
||||
From: Tomas Mraz <tomas@openssl.org> |
||||
Date: Wed, 2 Feb 2022 17:47:26 +0100 |
||||
Subject: [PATCH] Replace size check with more meaningful pubkey check |
||||
|
||||
It does not make sense to check the size because this |
||||
function can be used in other contexts than in TLS-1.3 and |
||||
the value might not be padded to the size of p. |
||||
|
||||
However it makes sense to do the partial pubkey check because |
||||
there is no valid reason having the pubkey value outside the |
||||
1 < pubkey < p-1 bounds. |
||||
|
||||
Fixes #15465 |
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org> |
||||
(Merged from https://github.com/openssl/openssl/pull/17630) |
||||
--- |
||||
crypto/dh/dh_key.c | 11 ++++------- |
||||
1 file changed, 4 insertions(+), 7 deletions(-) |
||||
|
||||
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c |
||||
index 6b8cd550f2..c78ed618bf 100644 |
||||
--- a/crypto/dh/dh_key.c |
||||
+++ b/crypto/dh/dh_key.c |
||||
@@ -375,20 +375,17 @@ int ossl_dh_buf2key(DH *dh, const unsigned char *buf, size_t len) |
||||
int err_reason = DH_R_BN_ERROR; |
||||
BIGNUM *pubkey = NULL; |
||||
const BIGNUM *p; |
||||
- size_t p_size; |
||||
+ int ret; |
||||
|
||||
if ((pubkey = BN_bin2bn(buf, len, NULL)) == NULL) |
||||
goto err; |
||||
DH_get0_pqg(dh, &p, NULL, NULL); |
||||
- if (p == NULL || (p_size = BN_num_bytes(p)) == 0) { |
||||
+ if (p == NULL || BN_num_bytes(p) == 0) { |
||||
err_reason = DH_R_NO_PARAMETERS_SET; |
||||
goto err; |
||||
} |
||||
- /* |
||||
- * As per Section 4.2.8.1 of RFC 8446 fail if DHE's |
||||
- * public key is of size not equal to size of p |
||||
- */ |
||||
- if (BN_is_zero(pubkey) || p_size != len) { |
||||
+ /* Prevent small subgroup attacks per RFC 8446 Section 4.2.8.1 */ |
||||
+ if (!ossl_dh_check_pub_key_partial(dh, pubkey, &ret)) { |
||||
err_reason = DH_R_INVALID_PUBKEY; |
||||
goto err; |
||||
} |
||||
-- |
||||
2.35.1 |
||||
|
@ -0,0 +1,23 @@
@@ -0,0 +1,23 @@
|
||||
diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c |
||||
index e1da724bd2f4..2bee5ef19447 100644 |
||||
--- a/crypto/core_namemap.c |
||||
+++ b/crypto/core_namemap.c |
||||
@@ -409,14 +409,16 @@ static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg) |
||||
{ |
||||
const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type); |
||||
|
||||
- get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg); |
||||
+ if (cipher != NULL) |
||||
+ get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg); |
||||
} |
||||
|
||||
static void get_legacy_md_names(const OBJ_NAME *on, void *arg) |
||||
{ |
||||
const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type); |
||||
|
||||
- get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg); |
||||
+ if (md != NULL) |
||||
+ get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg); |
||||
} |
||||
|
||||
static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth, |
@ -0,0 +1,104 @@
@@ -0,0 +1,104 @@
|
||||
From 68f23e3725d9639f5b27d868fee291cabb516677 Mon Sep 17 00:00:00 2001 |
||||
From: Dmitry Belyavskiy <beldmit@gmail.com> |
||||
Date: Fri, 22 Apr 2022 18:16:56 +0200 |
||||
Subject: [PATCH 1/2] Ensure we initialized the locale before |
||||
evp_pkey_name2type |
||||
|
||||
Fixes #18158 |
||||
--- |
||||
crypto/evp/pmeth_lib.c | 2 ++ |
||||
1 file changed, 2 insertions(+) |
||||
|
||||
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c |
||||
index 2b9c6c2351da..92d25de44532 100644 |
||||
--- a/crypto/evp/pmeth_lib.c |
||||
+++ b/crypto/evp/pmeth_lib.c |
||||
@@ -27,6 +27,7 @@ |
||||
#ifndef FIPS_MODULE |
||||
# include "crypto/asn1.h" |
||||
#endif |
||||
+#include "crypto/ctype.h" |
||||
#include "crypto/evp.h" |
||||
#include "crypto/dh.h" |
||||
#include "crypto/ec.h" |
||||
@@ -199,6 +200,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, |
||||
} |
||||
#ifndef FIPS_MODULE |
||||
if (keytype != NULL) { |
||||
+ ossl_init_casecmp(); |
||||
id = evp_pkey_name2type(keytype); |
||||
if (id == NID_undef) |
||||
id = -1; |
||||
|
||||
From 51c7b2d9c30b72aeb7e8eb69799dc039d5b23e58 Mon Sep 17 00:00:00 2001 |
||||
From: Dmitry Belyavskiy <beldmit@gmail.com> |
||||
Date: Fri, 22 Apr 2022 19:26:08 +0200 |
||||
Subject: [PATCH 2/2] Testing the EVP_PKEY_CTX_new_from_name without |
||||
preliminary init |
||||
|
||||
--- |
||||
test/build.info | 6 +++++- |
||||
test/evp_pkey_ctx_new_from_name.c | 14 ++++++++++++++ |
||||
test/recipes/02-test_localetest.t | 4 +++- |
||||
3 files changed, 22 insertions(+), 2 deletions(-) |
||||
create mode 100644 test/evp_pkey_ctx_new_from_name.c |
||||
|
||||
diff --git a/test/build.info b/test/build.info |
||||
index 14a84f00a258..ee059973d31a 100644 |
||||
--- a/test/build.info |
||||
+++ b/test/build.info |
||||
@@ -37,7 +37,7 @@ IF[{- !$disabled{tests} -}] |
||||
sanitytest rsa_complex exdatatest bntest \ |
||||
ecstresstest gmdifftest pbelutest \ |
||||
destest mdc2test sha_test \ |
||||
- exptest pbetest localetest \ |
||||
+ exptest pbetest localetest evp_pkey_ctx_new_from_name\ |
||||
evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ |
||||
evp_fetch_prov_test evp_libctx_test ossl_store_test \ |
||||
v3nametest v3ext \ |
||||
@@ -139,6 +139,10 @@ IF[{- !$disabled{tests} -}] |
||||
INCLUDE[localetest]=../include ../apps/include |
||||
DEPEND[localetest]=../libcrypto libtestutil.a |
||||
|
||||
+ SOURCE[evp_pkey_ctx_new_from_name]=evp_pkey_ctx_new_from_name.c |
||||
+ INCLUDE[evp_pkey_ctx_new_from_name]=../include ../apps/include |
||||
+ DEPEND[evp_pkey_ctx_new_from_name]=../libcrypto |
||||
+ |
||||
SOURCE[pbetest]=pbetest.c |
||||
INCLUDE[pbetest]=../include ../apps/include |
||||
DEPEND[pbetest]=../libcrypto libtestutil.a |
||||
diff --git a/test/evp_pkey_ctx_new_from_name.c b/test/evp_pkey_ctx_new_from_name.c |
||||
new file mode 100644 |
||||
index 000000000000..24063ea05ea5 |
||||
--- /dev/null |
||||
+++ b/test/evp_pkey_ctx_new_from_name.c |
||||
@@ -0,0 +1,14 @@ |
||||
+#include <stdio.h> |
||||
+#include <openssl/ec.h> |
||||
+#include <openssl/evp.h> |
||||
+#include <openssl/err.h> |
||||
+ |
||||
+int main(int argc, char *argv[]) |
||||
+{ |
||||
+ EVP_PKEY_CTX *pctx = NULL; |
||||
+ |
||||
+ pctx = EVP_PKEY_CTX_new_from_name(NULL, "NO_SUCH_ALGORITHM", NULL); |
||||
+ EVP_PKEY_CTX_free(pctx); |
||||
+ |
||||
+ return 0; |
||||
+} |
||||
diff --git a/test/recipes/02-test_localetest.t b/test/recipes/02-test_localetest.t |
||||
index 1bccd57d4c63..77fba7d819ab 100644 |
||||
--- a/test/recipes/02-test_localetest.t |
||||
+++ b/test/recipes/02-test_localetest.t |
||||
@@ -15,7 +15,9 @@ setup("locale tests"); |
||||
plan skip_all => "Locale tests not available on Windows or VMS" |
||||
if $^O =~ /^(VMS|MSWin32)$/; |
||||
|
||||
-plan tests => 2; |
||||
+plan tests => 3; |
||||
+ |
||||
+ok(run(test(["evp_pkey_ctx_new_from_name"])), "running evp_pkey_ctx_new_from_name without explicit context init"); |
||||
|
||||
$ENV{LANG} = "C"; |
||||
ok(run(test(["localetest"])), "running localetest"); |
@ -0,0 +1,540 @@
@@ -0,0 +1,540 @@
|
||||
diff -up openssl-3.0.1/providers/common/securitycheck.c.rsaenc openssl-3.0.1/providers/common/securitycheck.c |
||||
--- openssl-3.0.1/providers/common/securitycheck.c.rsaenc 2022-06-24 17:14:33.634692729 +0200 |
||||
+++ openssl-3.0.1/providers/common/securitycheck.c 2022-06-24 17:16:08.966540605 +0200 |
||||
@@ -27,6 +27,7 @@ |
||||
* Set protect = 1 for encryption or signing operations, or 0 otherwise. See |
||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf. |
||||
*/ |
||||
+/* Red Hat build implements some extra limitations in providers/implementations/asymciphers/rsa_enc.c */ |
||||
int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation) |
||||
{ |
||||
int protect = 0; |
||||
diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c |
||||
--- openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad 2022-05-02 16:04:47.000091901 +0200 |
||||
+++ openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c 2022-05-02 16:14:50.922443581 +0200 |
||||
@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsac |
||||
return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT); |
||||
} |
||||
|
||||
+# ifdef FIPS_MODULE |
||||
+static int fips_padding_allowed(const PROV_RSA_CTX *prsactx) |
||||
+{ |
||||
+ if (prsactx->pad_mode == RSA_PKCS1_PADDING |
||||
+ || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) |
||||
+ return 0; |
||||
+ |
||||
+ return 1; |
||||
+} |
||||
+# endif |
||||
+ |
||||
static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, |
||||
size_t outsize, const unsigned char *in, size_t inlen) |
||||
{ |
||||
@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, u |
||||
if (!ossl_prov_is_running()) |
||||
return 0; |
||||
|
||||
+# ifdef FIPS_MODULE |
||||
+ if (fips_padding_allowed(prsactx) == 0) { |
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); |
||||
+ return 0; |
||||
+ } |
||||
+ |
||||
+ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) { |
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); |
||||
+ return 0; |
||||
+ } |
||||
+# endif |
||||
+ |
||||
if (out == NULL) { |
||||
size_t len = RSA_size(prsactx->rsa); |
||||
|
||||
@@ -202,6 +220,18 @@ static int rsa_decrypt(void *vprsactx, u |
||||
if (!ossl_prov_is_running()) |
||||
return 0; |
||||
|
||||
+# ifdef FIPS_MODULE |
||||
+ if (fips_padding_allowed(prsactx) == 0) { |
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); |
||||
+ return 0; |
||||
+ } |
||||
+ |
||||
+ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) { |
||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); |
||||
+ return 0; |
||||
+ } |
||||
+# endif |
||||
+ |
||||
if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) { |
||||
if (out == NULL) { |
||||
*outlen = SSL_MAX_MASTER_KEY_LENGTH; |
||||
diff -up openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_cms.t |
||||
--- openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad 2022-05-02 17:04:07.610782138 +0200 |
||||
+++ openssl-3.0.1/test/recipes/80-test_cms.t 2022-05-02 17:06:03.595814620 +0200 |
||||
@@ -232,7 +232,7 @@ my @smime_pkcs7_tests = ( |
||||
\&final_compare |
||||
], |
||||
|
||||
- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", |
||||
+ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS", |
||||
[ "{cmd1}", @prov, "-encrypt", "-in", $smcont, |
||||
"-aes256", "-stream", "-out", "{output}.cms", |
||||
$smrsa1, |
||||
@@ -865,5 +865,8 @@ sub check_availability { |
||||
return "$tnam: skipped, DSA disabled\n" |
||||
if ($no_dsa && $tnam =~ / DSA/); |
||||
|
||||
+ return "$tnam: skipped, Red Hat FIPS\n" |
||||
+ if ($tnam =~ /no Red Hat FIPS/); |
||||
+ |
||||
return ""; |
||||
} |
||||
diff -up openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_ssl_old.t |
||||
--- openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad 2022-05-02 17:26:37.962838053 +0200 |
||||
+++ openssl-3.0.1/test/recipes/80-test_ssl_old.t 2022-05-02 17:34:20.297950449 +0200 |
||||
@@ -483,6 +483,18 @@ sub testssl { |
||||
# the default choice if TLSv1.3 enabled |
||||
my $flag = $protocol eq "-tls1_3" ? "" : $protocol; |
||||
my $ciphersuites = ""; |
||||
+ my %redhat_skip_cipher = map {$_ => 1} qw( |
||||
+AES256-GCM-SHA384:@SECLEVEL=0 |
||||
+AES256-CCM8:@SECLEVEL=0 |
||||
+AES256-CCM:@SECLEVEL=0 |
||||
+AES128-GCM-SHA256:@SECLEVEL=0 |
||||
+AES128-CCM8:@SECLEVEL=0 |
||||
+AES128-CCM:@SECLEVEL=0 |
||||
+AES256-SHA256:@SECLEVEL=0 |
||||
+AES128-SHA256:@SECLEVEL=0 |
||||
+AES256-SHA:@SECLEVEL=0 |
||||
+AES128-SHA:@SECLEVEL=0 |
||||
+ ); |
||||
foreach my $cipher (@{$ciphersuites{$protocol}}) { |
||||
if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { |
||||
note "*****SKIPPING $protocol $cipher"; |
||||
@@ -494,11 +506,16 @@ sub testssl { |
||||
} else { |
||||
$cipher = $cipher.':@SECLEVEL=0'; |
||||
} |
||||
- ok(run(test([@ssltest, @exkeys, "-cipher", |
||||
- $cipher, |
||||
- "-ciphersuites", $ciphersuites, |
||||
- $flag || ()])), |
||||
- "Testing $cipher"); |
||||
+ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) { |
||||
+ note "*****SKIPPING $cipher in Red Hat FIPS mode"; |
||||
+ ok(1); |
||||
+ } else { |
||||
+ ok(run(test([@ssltest, @exkeys, "-cipher", |
||||
+ $cipher, |
||||
+ "-ciphersuites", $ciphersuites, |
||||
+ $flag || ()])), |
||||
+ "Testing $cipher"); |
||||
+ } |
||||
} |
||||
} |
||||
next if $protocol eq "-tls1_3"; |
||||
diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt |
||||
--- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen 2022-06-16 14:26:19.383530498 +0200 |
||||
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2022-06-16 14:39:53.637777701 +0200 |
||||
@@ -263,12 +263,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974 |
||||
Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef |
||||
|
||||
# RSA decrypt |
||||
- |
||||
+Availablein = default |
||||
Decrypt = RSA-2048 |
||||
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 |
||||
Output = "Hello World" |
||||
|
||||
# Corrupted ciphertext |
||||
+Availablein = default |
||||
Decrypt = RSA-2048 |
||||
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79 |
||||
Output = "Hello World" |
||||
@@ -665,36 +666,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mN |
||||
h90qjKHS9PvY4Q== |
||||
-----END PRIVATE KEY----- |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-1 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a |
||||
Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-1 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44 |
||||
Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-1 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb |
||||
Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-1 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755 |
||||
Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-1 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439 |
||||
Output=8da89fd9e5f974a29feffb462b49180f6cf9e802 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-1 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
@@ -719,36 +726,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64 |
||||
eG2e4XlBcKjI6A== |
||||
-----END PRIVATE KEY----- |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-2 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e |
||||
Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-2 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245 |
||||
Output=2d |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-2 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053 |
||||
Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-2 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641 |
||||
Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-2 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec |
||||
Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-2 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
@@ -773,36 +786,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+W |
||||
Ya4qnqZe1onjY5o= |
||||
-----END PRIVATE KEY----- |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-3 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80 |
||||
Output=087820b569e8fa8d |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-3 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5 |
||||
Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-3 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a |
||||
Output=d94cd0e08fa404ed89 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-3 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0 |
||||
Output=6cc641b6b61e6f963974dad23a9013284ef1 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-3 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60 |
||||
Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-3 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
@@ -827,36 +846,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/ |
||||
aD0x7TDrmEvkEro= |
||||
-----END PRIVATE KEY----- |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-4 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8 |
||||
Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-4 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e |
||||
Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-4 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065 |
||||
Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-4 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4 |
||||
Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-4 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2 |
||||
Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-4 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
@@ -881,36 +906,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/ |
||||
MSwGUGLx60i3nRyDyw== |
||||
-----END PRIVATE KEY----- |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-5 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5 |
||||
Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-5 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad |
||||
Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-5 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967 |
||||
Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-5 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf |
||||
Output=15c5b9ee1185 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-5 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723 |
||||
Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-5 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
@@ -935,36 +966,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hq |
||||
Yejn5Ly8mU2q+jBcRQ== |
||||
-----END PRIVATE KEY----- |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-6 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3 |
||||
Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-6 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f |
||||
Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-6 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65 |
||||
Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-6 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8 |
||||
Output=684e3038c5c041f7 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-6 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab |
||||
Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-6 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
@@ -989,36 +1026,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4 |
||||
FMlxv0gq65dqc3DC |
||||
-----END PRIVATE KEY----- |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-7 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1 |
||||
Output=47aae909 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-7 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6 |
||||
Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-7 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b |
||||
Output=d976fc |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-7 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac |
||||
Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-7 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478 |
||||
Output=bb47231ca5ea1d3ad46c99345d9a8a61 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-7 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
@@ -1043,36 +1086,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15E |
||||
2MiPa249Z+lh3Luj0A== |
||||
-----END PRIVATE KEY----- |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-8 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61 |
||||
Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-8 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d |
||||
Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-8 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f |
||||
Output=8604ac56328c1ab5ad917861 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-8 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0 |
||||
Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-8 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2 |
||||
Output=4a5f4914bee25de3c69341de07 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-8 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
@@ -1103,36 +1152,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSc |
||||
tKo5Eb69iFQvBb4= |
||||
-----END PRIVATE KEY----- |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-9 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72 |
||||
Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-9 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8 |
||||
Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-9 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3 |
||||
Output=fd326429df9b890e09b54b18b8f34f1e24 |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-9 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858 |
||||
Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-9 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
||||
Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e |
||||
Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d |
||||
|
||||
+Availablein = default |
||||
Decrypt=RSA-OAEP-9 |
||||
Ctrl = rsa_padding_mode:oaep |
||||
Ctrl = rsa_mgf1_md:sha1 |
@ -0,0 +1,420 @@
@@ -0,0 +1,420 @@
|
||||
diff -up openssl-3.0.1/crypto/ec/ec_backend.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_backend.c |
||||
--- openssl-3.0.1/crypto/ec/ec_backend.c.fips_kat_signature 2022-04-04 15:49:24.786455707 +0200 |
||||
+++ openssl-3.0.1/crypto/ec/ec_backend.c 2022-04-04 16:06:13.250271963 +0200 |
||||
@@ -393,6 +393,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con |
||||
const OSSL_PARAM *param_priv_key = NULL, *param_pub_key = NULL; |
||||
BN_CTX *ctx = NULL; |
||||
BIGNUM *priv_key = NULL; |
||||
+#ifdef FIPS_MODULE |
||||
+ const OSSL_PARAM *param_sign_kat_k = NULL; |
||||
+ BIGNUM *sign_kat_k = NULL; |
||||
+#endif |
||||
unsigned char *pub_key = NULL; |
||||
size_t pub_key_len; |
||||
const EC_GROUP *ecg = NULL; |
||||
@@ -408,7 +412,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con |
||||
if (include_private) |
||||
param_priv_key = |
||||
OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); |
||||
- |
||||
+#ifdef FIPS_MODULE |
||||
+ param_sign_kat_k = |
||||
+ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K); |
||||
+#endif |
||||
ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(ec)); |
||||
if (ctx == NULL) |
||||
goto err; |
||||
@@ -481,6 +489,17 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con |
||||
&& !EC_KEY_set_public_key(ec, pub_point)) |
||||
goto err; |
||||
|
||||
+#ifdef FIPS_MODULE |
||||
+ if (param_sign_kat_k) { |
||||
+ if ((sign_kat_k = BN_secure_new()) == NULL) |
||||
+ goto err; |
||||
+ BN_set_flags(sign_kat_k, BN_FLG_CONSTTIME); |
||||
+ |
||||
+ if (!OSSL_PARAM_get_BN(param_sign_kat_k, &sign_kat_k)) |
||||
+ goto err; |
||||
+ ec->sign_kat_k = sign_kat_k; |
||||
+ } |
||||
+#endif |
||||
ok = 1; |
||||
|
||||
err: |
||||
diff -up openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature openssl-3.0.1/crypto/ec/ecdsa_ossl.c |
||||
--- openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature 2022-04-04 17:01:35.725323127 +0200 |
||||
+++ openssl-3.0.1/crypto/ec/ecdsa_ossl.c 2022-04-04 17:03:42.000427050 +0200 |
||||
@@ -20,6 +20,10 @@ |
||||
#include "crypto/bn.h" |
||||
#include "ec_local.h" |
||||
|
||||
+#ifdef FIPS_MODULE |
||||
+extern int REDHAT_FIPS_signature_st; |
||||
+#endif |
||||
+ |
||||
int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, |
||||
BIGNUM **rp) |
||||
{ |
||||
@@ -126,6 +130,11 @@ static int ecdsa_sign_setup(EC_KEY *ecke |
||||
goto err; |
||||
|
||||
do { |
||||
+#ifdef FIPS_MODULE |
||||
+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) { |
||||
+ BN_copy(k, eckey->sign_kat_k); |
||||
+ } else { |
||||
+#endif |
||||
/* get random k */ |
||||
do { |
||||
if (dgst != NULL) { |
||||
@@ -141,7 +150,9 @@ static int ecdsa_sign_setup(EC_KEY *ecke |
||||
} |
||||
} |
||||
} while (BN_is_zero(k)); |
||||
- |
||||
+#ifdef FIPS_MODULE |
||||
+ } |
||||
+#endif |
||||
/* compute r the x-coordinate of generator * k */ |
||||
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { |
||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); |
||||
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_key.c |
||||
--- openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature 2022-04-04 13:48:52.231172299 +0200 |
||||
+++ openssl-3.0.1/crypto/ec/ec_key.c 2022-04-04 14:00:35.077368605 +0200 |
||||
@@ -97,6 +97,9 @@ void EC_KEY_free(EC_KEY *r) |
||||
EC_GROUP_free(r->group); |
||||
EC_POINT_free(r->pub_key); |
||||
BN_clear_free(r->priv_key); |
||||
+#ifdef FIPS_MODULE |
||||
+ BN_clear_free(r->sign_kat_k); |
||||
+#endif |
||||
OPENSSL_free(r->propq); |
||||
|
||||
OPENSSL_clear_free((void *)r, sizeof(EC_KEY)); |
||||
diff -up openssl-3.0.1/crypto/ec/ec_local.h.fips_kat_signature openssl-3.0.1/crypto/ec/ec_local.h |
||||
--- openssl-3.0.1/crypto/ec/ec_local.h.fips_kat_signature 2022-04-04 13:46:57.576161867 +0200 |
||||
+++ openssl-3.0.1/crypto/ec/ec_local.h 2022-04-04 13:48:07.827780835 +0200 |
||||
@@ -298,6 +298,9 @@ struct ec_key_st { |
||||
#ifndef FIPS_MODULE |
||||
CRYPTO_EX_DATA ex_data; |
||||
#endif |
||||
+#ifdef FIPS_MODULE |
||||
+ BIGNUM *sign_kat_k; |
||||
+#endif |
||||
CRYPTO_RWLOCK *lock; |
||||
OSSL_LIB_CTX *libctx; |
||||
char *propq; |
||||
diff -up openssl-3.0.1/include/openssl/core_names.h.fips_kat_signature openssl-3.0.1/include/openssl/core_names.h |
||||
--- openssl-3.0.1/include/openssl/core_names.h.fips_kat_signature 2022-04-04 14:06:15.717370014 +0200 |
||||
+++ openssl-3.0.1/include/openssl/core_names.h 2022-04-04 14:07:35.376071229 +0200 |
||||
@@ -293,6 +293,7 @@ extern "C" { |
||||
#define OSSL_PKEY_PARAM_DIST_ID "distid" |
||||
#define OSSL_PKEY_PARAM_PUB_KEY "pub" |
||||
#define OSSL_PKEY_PARAM_PRIV_KEY "priv" |
||||
+#define OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K "rh_sign_kat_k" |
||||
|
||||
/* Diffie-Hellman/DSA Parameters */ |
||||
#define OSSL_PKEY_PARAM_FFC_P "p" |
||||
diff -up openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.fips_kat_signature openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c |
||||
--- openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.fips_kat_signature 2022-04-04 14:21:03.043180906 +0200 |
||||
+++ openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c 2022-04-04 14:38:33.949406645 +0200 |
||||
@@ -530,7 +530,8 @@ end: |
||||
# define EC_IMEXPORTABLE_PUBLIC_KEY \ |
||||
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) |
||||
# define EC_IMEXPORTABLE_PRIVATE_KEY \ |
||||
- OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0) |
||||
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), \ |
||||
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, NULL, 0) |
||||
# define EC_IMEXPORTABLE_OTHER_PARAMETERS \ |
||||
OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), \ |
||||
OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL) |
||||
diff -up openssl-3.0.1/providers/fips/self_test_kats.c.kat openssl-3.0.1/providers/fips/self_test_kats.c |
||||
--- openssl-3.0.1/providers/fips/self_test_kats.c.kat 2022-05-10 15:10:32.502185265 +0200 |
||||
+++ openssl-3.0.1/providers/fips/self_test_kats.c 2022-05-10 15:13:21.465653720 +0200 |
||||
@@ -17,6 +17,8 @@ |
||||
#include "self_test.h" |
||||
#include "self_test_data.inc" |
||||
|
||||
+int REDHAT_FIPS_signature_st = 0; |
||||
+ |
||||
static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st, |
||||
OSSL_LIB_CTX *libctx) |
||||
{ |
||||
@@ -446,6 +448,7 @@ static int self_test_sign(const ST_KAT_S |
||||
EVP_PKEY *pkey = NULL; |
||||
unsigned char sig[256]; |
||||
BN_CTX *bnctx = NULL; |
||||
+ BIGNUM *K = NULL; |
||||
size_t siglen = sizeof(sig); |
||||
static const unsigned char dgst[] = { |
||||
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, |
||||
@@ -462,6 +465,9 @@ static int self_test_sign(const ST_KAT_S |
||||
bnctx = BN_CTX_new_ex(libctx); |
||||
if (bnctx == NULL) |
||||
goto err; |
||||
+ K = BN_CTX_get(bnctx); |
||||
+ if (K == NULL || BN_bin2bn(dgst, sizeof(dgst), K) == NULL) |
||||
+ goto err; |
||||
|
||||
bld = OSSL_PARAM_BLD_new(); |
||||
if (bld == NULL) |
||||
@@ -469,6 +475,9 @@ static int self_test_sign(const ST_KAT_S |
||||
|
||||
if (!add_params(bld, t->key, bnctx)) |
||||
goto err; |
||||
+ /* set K for ECDSA KAT tests */ |
||||
+ if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, K)) |
||||
+ goto err; |
||||
params = OSSL_PARAM_BLD_to_param(bld); |
||||
|
||||
/* Create a EVP_PKEY_CTX to load the DSA key into */ |
||||
@@ -689,11 +698,13 @@ static int self_test_kas(OSSL_SELF_TEST |
||||
static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) |
||||
{ |
||||
int i, ret = 1; |
||||
+ REDHAT_FIPS_signature_st = 1; |
||||
|
||||
for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) { |
||||
if (!self_test_sign(&st_kat_sign_tests[i], st, libctx)) |
||||
ret = 0; |
||||
} |
||||
+ REDHAT_FIPS_signature_st = 0; |
||||
return ret; |
||||
} |
||||
|
||||
diff -up openssl-3.0.1/providers/fips/self_test_data.inc.kat openssl-3.0.1/providers/fips/self_test_data.inc |
||||
--- openssl-3.0.1/providers/fips/self_test_data.inc.kat 2022-05-16 17:37:34.962807400 +0200 |
||||
+++ openssl-3.0.1/providers/fips/self_test_data.inc 2022-05-16 17:48:10.709376779 +0200 |
||||
@@ -1399,7 +1399,151 @@ static const ST_KAT_PARAM ecdsa_prime_ke |
||||
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv), |
||||
ST_KAT_PARAM_END() |
||||
}; |
||||
+static const unsigned char ec224r1_kat_sig[] = { |
||||
+0x30, 0x3c, 0x02, 0x1c, 0x2f, 0x24, 0x30, 0x96, 0x3b, 0x39, 0xe0, 0xab, 0xe2, 0x5a, 0x6f, 0xe0, |
||||
+0x40, 0x7e, 0x19, 0x30, 0x6e, 0x6a, 0xfd, 0x7a, 0x2b, 0x5d, 0xaa, 0xc2, 0x34, 0x6c, 0xc8, 0xce, |
||||
+0x02, 0x1c, 0x47, 0xe1, 0xac, 0xfd, 0xb4, 0xb8, 0x2b, 0x8c, 0x49, 0xb6, 0x36, 0xcd, 0xdd, 0x22, |
||||
+0x2a, 0x2d, 0x29, 0x64, 0x70, 0x61, 0xc3, 0x3e, 0x18, 0x51, 0xec, 0xf2, 0xad, 0x3c |
||||
+}; |
||||
|
||||
+static const char ecd_prime_curve_name384[] = "secp384r1"; |
||||
+/* |
||||
+priv: |
||||
+ 58:12:2b:94:be:29:23:13:83:f5:c4:20:e8:22:34: |
||||
+ 54:73:49:91:10:05:e9:10:e9:d7:2d:72:9c:5e:6a: |
||||
+ ba:8f:6d:d6:e4:a7:eb:e0:ae:e3:d4:c9:aa:33:87: |
||||
+ 4c:91:87 |
||||
+pub: |
||||
+ 04:d1:86:8b:f5:c4:a2:f7:a5:92:e6:85:2a:d2:92: |
||||
+ 81:97:0a:8d:fa:09:3f:84:6c:17:43:03:43:49:23: |
||||
+ 77:c4:31:f4:0a:a4:de:87:ac:5c:c0:d1:bc:e4:43: |
||||
+ 7f:8d:44:e1:3b:5f:bc:27:c8:79:0f:d0:31:9f:a7: |
||||
+ 6d:de:fb:f7:da:19:40:fd:aa:83:dc:69:ce:a6:f3: |
||||
+ 4d:65:20:1c:66:82:80:03:f7:7b:2e:f3:b3:7c:1f: |
||||
+ 11:f2:a3:bf:e8:0e:88 |
||||
+*/ |
||||
+static const unsigned char ecd_prime_priv384[] = { |
||||
+ 0x58, 0x12, 0x2b, 0x94, 0xbe, 0x29, 0x23, 0x13, 0x83, 0xf5, 0xc4, 0x20, 0xe8, 0x22, 0x34, |
||||
+ 0x54, 0x73, 0x49, 0x91, 0x10, 0x05, 0xe9, 0x10, 0xe9, 0xd7, 0x2d, 0x72, 0x9c, 0x5e, 0x6a, |
||||
+ 0xba, 0x8f, 0x6d, 0xd6, 0xe4, 0xa7, 0xeb, 0xe0, 0xae, 0xe3, 0xd4, 0xc9, 0xaa, 0x33, 0x87, |
||||
+ 0x4c, 0x91, 0x87 |
||||
+}; |
||||
+static const unsigned char ecd_prime_pub384[] = { |
||||
+ 0x04, 0xd1, 0x86, 0x8b, 0xf5, 0xc4, 0xa2, 0xf7, 0xa5, 0x92, 0xe6, 0x85, 0x2a, 0xd2, 0x92, |
||||
+ 0x81, 0x97, 0x0a, 0x8d, 0xfa, 0x09, 0x3f, 0x84, 0x6c, 0x17, 0x43, 0x03, 0x43, 0x49, 0x23, |
||||
+ 0x77, 0xc4, 0x31, 0xf4, 0x0a, 0xa4, 0xde, 0x87, 0xac, 0x5c, 0xc0, 0xd1, 0xbc, 0xe4, 0x43, |
||||
+ 0x7f, 0x8d, 0x44, 0xe1, 0x3b, 0x5f, 0xbc, 0x27, 0xc8, 0x79, 0x0f, 0xd0, 0x31, 0x9f, 0xa7, |
||||
+ 0x6d, 0xde, 0xfb, 0xf7, 0xda, 0x19, 0x40, 0xfd, 0xaa, 0x83, 0xdc, 0x69, 0xce, 0xa6, 0xf3, |
||||
+ 0x4d, 0x65, 0x20, 0x1c, 0x66, 0x82, 0x80, 0x03, 0xf7, 0x7b, 0x2e, 0xf3, 0xb3, 0x7c, 0x1f, |
||||
+ 0x11, 0xf2, 0xa3, 0xbf, 0xe8, 0x0e, 0x88 |
||||
+}; |
||||
+static const ST_KAT_PARAM ecdsa_prime_key384[] = { |
||||
+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name384), |
||||
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub384), |
||||
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv384), |
||||
+ ST_KAT_PARAM_END() |
||||
+}; |
||||
+static const unsigned char ec384r1_kat_sig[] = { |
||||
+0x30, 0x65, 0x02, 0x30, 0x1a, 0xd5, 0x57, 0x1b, 0x28, 0x0f, 0xf1, 0x68, 0x66, 0x68, 0x8a, 0x98, |
||||
+0xe3, 0x9c, 0xce, 0x7f, 0xa7, 0x68, 0xdc, 0x84, 0x5a, 0x65, 0xdc, 0x2b, 0x5d, 0x7e, 0xf3, 0x9b, |
||||
+0xa0, 0x40, 0xe8, 0x7a, 0x02, 0xc7, 0x82, 0xe0, 0x0c, 0x81, 0xa5, 0xda, 0x55, 0x27, 0xbf, 0x79, |
||||
+0xee, 0x72, 0xc2, 0x14, 0x02, 0x31, 0x00, 0xd1, 0x9d, 0x67, 0xda, 0x5a, 0xd2, 0x58, 0x68, 0xe7, |
||||
+0x71, 0x08, 0xb2, 0xa4, 0xe4, 0xe8, 0x74, 0xb4, 0x0a, 0x3d, 0x76, 0x49, 0x31, 0x17, 0x6e, 0x33, |
||||
+0x16, 0xf0, 0x00, 0x1f, 0x3c, 0x1f, 0xf9, 0x7c, 0xdb, 0x93, 0x49, 0x9c, 0x7d, 0xb3, 0xd3, 0x30, |
||||
+0x98, 0x81, 0x6f, 0xb0, 0xc9, 0x30, 0x2f |
||||
+}; |
||||
+static const char ecd_prime_curve_name521[] = "secp521r1"; |
||||
+/* |
||||
+priv: |
||||
+ 00:44:0f:96:31:a9:87:f2:5f:be:a0:bc:ef:0c:ae: |
||||
+ 58:cc:5f:f8:44:9e:89:86:7e:bf:db:ce:cb:0e:20: |
||||
+ 10:4a:11:ec:0b:51:1d:e4:91:ca:c6:40:fb:c6:69: |
||||
+ ad:68:33:9e:c8:f5:c4:c6:a5:93:a8:4d:a9:a9:a2: |
||||
+ af:fe:6d:cb:c2:3b |
||||
+pub: |
||||
+ 04:01:5f:58:a9:40:0c:ee:9b:ed:4a:f4:7a:3c:a3: |
||||
+ 89:c2:f3:7e:2c:f4:b5:53:80:ae:33:7d:36:d1:b5: |
||||
+ 18:bd:ef:a9:48:00:ea:88:ee:00:5c:ca:07:08:b5: |
||||
+ 67:4a:c3:2b:10:c6:07:b0:c2:45:37:b7:1d:e3:6c: |
||||
+ e1:bf:2c:44:18:4a:aa:01:af:75:40:6a:e3:f5:b2: |
||||
+ 7f:d1:9d:1b:8b:29:1f:91:4d:db:93:bf:bd:8c:b7: |
||||
+ 6a:8d:4b:2c:36:2a:6b:ab:54:9d:7b:31:99:a4:de: |
||||
+ c9:10:c4:f4:a3:f4:6d:94:97:62:16:a5:34:65:1f: |
||||
+ 42:cd:8b:9e:e6:db:14:5d:a9:8d:19:95:8d |
||||
+*/ |
||||
+static const unsigned char ecd_prime_priv521[] = { |
||||
+ 0x00, 0x44, 0x0f, 0x96, 0x31, 0xa9, 0x87, 0xf2, 0x5f, 0xbe, 0xa0, 0xbc, 0xef, 0x0c, 0xae, |
||||
+ 0x58, 0xcc, 0x5f, 0xf8, 0x44, 0x9e, 0x89, 0x86, 0x7e, 0xbf, 0xdb, 0xce, 0xcb, 0x0e, 0x20, |
||||
+ 0x10, 0x4a, 0x11, 0xec, 0x0b, 0x51, 0x1d, 0xe4, 0x91, 0xca, 0xc6, 0x40, 0xfb, 0xc6, 0x69, |
||||
+ 0xad, 0x68, 0x33, 0x9e, 0xc8, 0xf5, 0xc4, 0xc6, 0xa5, 0x93, 0xa8, 0x4d, 0xa9, 0xa9, 0xa2, |
||||
+ 0xaf, 0xfe, 0x6d, 0xcb, 0xc2, 0x3b |
||||
+}; |
||||
+static const unsigned char ecd_prime_pub521[] = { |
||||
+ 0x04, 0x01, 0x5f, 0x58, 0xa9, 0x40, 0x0c, 0xee, 0x9b, 0xed, 0x4a, 0xf4, 0x7a, 0x3c, 0xa3, |
||||
+ 0x89, 0xc2, 0xf3, 0x7e, 0x2c, 0xf4, 0xb5, 0x53, 0x80, 0xae, 0x33, 0x7d, 0x36, 0xd1, 0xb5, |
||||
+ 0x18, 0xbd, 0xef, 0xa9, 0x48, 0x00, 0xea, 0x88, 0xee, 0x00, 0x5c, 0xca, 0x07, 0x08, 0xb5, |
||||
+ 0x67, 0x4a, 0xc3, 0x2b, 0x10, 0xc6, 0x07, 0xb0, 0xc2, 0x45, 0x37, 0xb7, 0x1d, 0xe3, 0x6c, |
||||
+ 0xe1, 0xbf, 0x2c, 0x44, 0x18, 0x4a, 0xaa, 0x01, 0xaf, 0x75, 0x40, 0x6a, 0xe3, 0xf5, 0xb2, |
||||
+ 0x7f, 0xd1, 0x9d, 0x1b, 0x8b, 0x29, 0x1f, 0x91, 0x4d, 0xdb, 0x93, 0xbf, 0xbd, 0x8c, 0xb7, |
||||
+ 0x6a, 0x8d, 0x4b, 0x2c, 0x36, 0x2a, 0x6b, 0xab, 0x54, 0x9d, 0x7b, 0x31, 0x99, 0xa4, 0xde, |
||||
+ 0xc9, 0x10, 0xc4, 0xf4, 0xa3, 0xf4, 0x6d, 0x94, 0x97, 0x62, 0x16, 0xa5, 0x34, 0x65, 0x1f, |
||||
+ 0x42, 0xcd, 0x8b, 0x9e, 0xe6, 0xdb, 0x14, 0x5d, 0xa9, 0x8d, 0x19, 0x95, 0x8d |
||||
+}; |
||||
+static const ST_KAT_PARAM ecdsa_prime_key521[] = { |
||||
+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name521), |
||||
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub521), |
||||
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv521), |
||||
+ ST_KAT_PARAM_END() |
||||
+}; |
||||
+static const unsigned char ec521r1_kat_sig[] = { |
||||
+0x30, 0x81, 0x88, 0x02, 0x42, 0x00, 0xdf, 0x64, 0x9c, 0xc8, 0x5b, 0xdd, 0x0b, 0x7f, 0x69, 0x7e, |
||||
+0xdb, 0x83, 0x58, 0x67, 0x63, 0x43, 0xb7, 0xfa, 0x40, 0x29, 0xde, 0xb9, 0xde, 0xe9, 0x96, 0x65, |
||||
+0xe6, 0x8e, 0xf4, 0xeb, 0xd0, 0xe9, 0x6a, 0xd3, 0x27, 0x6c, 0x4d, 0x60, 0x47, 0x9c, 0x62, 0xb8, |
||||
+0x6c, 0xc1, 0x36, 0x19, 0x65, 0xff, 0xab, 0xcf, 0x24, 0xa3, 0xde, 0xd1, 0x4b, 0x1b, 0xdd, 0x89, |
||||
+0xcf, 0xf8, 0x72, 0x7b, 0x92, 0xbc, 0x02, 0x02, 0x42, 0x01, 0xf8, 0x07, 0x77, 0xb8, 0xcb, 0xa2, |
||||
+0xe2, 0x1f, 0x53, 0x9a, 0x7c, 0x16, 0xb5, 0x8e, 0xad, 0xe3, 0xc3, 0xac, 0xb7, 0xb2, 0x51, 0x8f, |
||||
+0xf9, 0x09, 0x65, 0x43, 0xf8, 0xd8, 0x3c, 0xe3, 0x5c, 0x4a, 0x5e, 0x3d, 0x6f, 0xb7, 0xbb, 0x5a, |
||||
+0x92, 0x69, 0xec, 0x71, 0xa2, 0x35, 0xe5, 0x29, 0x17, 0xaf, 0xc9, 0x69, 0xa7, 0xaa, 0x94, 0xf9, |
||||
+0xf9, 0x50, 0x87, 0x7b, 0x5d, 0x87, 0xe3, 0xd6, 0x3f, 0xb6, 0x6e |
||||
+}; |
||||
+static const char ecd_prime_curve_name256[] = "prime256v1"; |
||||
+/* |
||||
+priv: |
||||
+ 84:88:11:3f:a9:c9:9e:23:72:8b:40:cb:a2:b1:88: |
||||
+ 01:1e:92:48:af:13:2d:9b:33:8e:6d:43:40:30:c7: |
||||
+ 30:fa |
||||
+pub: |
||||
+ 04:22:58:b6:f9:01:3b:8c:a6:9b:9f:ae:75:fc:73: |
||||
+ cf:1b:f0:81:dc:55:a3:cc:5d:81:46:85:06:32:34: |
||||
+ 99:0d:c5:7e:a1:95:bb:21:73:33:40:4b:35:17:f6: |
||||
+ 8e:26:61:46:94:2c:4c:ac:9b:20:f8:08:72:25:74: |
||||
+ 98:66:c4:63:a6 |
||||
+*/ |
||||
+static const unsigned char ecd_prime_priv256[] = { |
||||
+ 0x84, 0x88, 0x11, 0x3f, 0xa9, 0xc9, 0x9e, 0x23, 0x72, 0x8b, 0x40, 0xcb, 0xa2, 0xb1, 0x88, |
||||
+ 0x01, 0x1e, 0x92, 0x48, 0xaf, 0x13, 0x2d, 0x9b, 0x33, 0x8e, 0x6d, 0x43, 0x40, 0x30, 0xc7, |
||||
+ 0x30, 0xfa |
||||
+}; |
||||
+static const unsigned char ecd_prime_pub256[] = { |
||||
+ 0x04, 0x22, 0x58, 0xb6, 0xf9, 0x01, 0x3b, 0x8c, 0xa6, 0x9b, 0x9f, 0xae, 0x75, 0xfc, 0x73, |
||||
+ 0xcf, 0x1b, 0xf0, 0x81, 0xdc, 0x55, 0xa3, 0xcc, 0x5d, 0x81, 0x46, 0x85, 0x06, 0x32, 0x34, |
||||
+ 0x99, 0x0d, 0xc5, 0x7e, 0xa1, 0x95, 0xbb, 0x21, 0x73, 0x33, 0x40, 0x4b, 0x35, 0x17, 0xf6, |
||||
+ 0x8e, 0x26, 0x61, 0x46, 0x94, 0x2c, 0x4c, 0xac, 0x9b, 0x20, 0xf8, 0x08, 0x72, 0x25, 0x74, |
||||
+ 0x98, 0x66, 0xc4, 0x63, 0xa6 |
||||
+}; |
||||
+static const ST_KAT_PARAM ecdsa_prime_key256[] = { |
||||
+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name256), |
||||
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub256), |
||||
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv256), |
||||
+ ST_KAT_PARAM_END() |
||||
+}; |
||||
+static const unsigned char ec256v1_kat_sig[] = { |
||||
+0x30, 0x46, 0x02, 0x21, 0x00, 0xc9, 0x11, 0x27, 0x06, 0x51, 0x2b, 0x50, 0x8c, 0x6b, 0xc0, 0xa6, |
||||
+0x85, 0xaa, 0xf4, 0x66, 0x0d, 0xe4, 0x54, 0x0a, 0x10, 0xb6, 0x9f, 0x87, 0xfc, 0xa2, 0xbc, 0x8f, |
||||
+0x3c, 0x58, 0xb4, 0xe9, 0x41, 0x02, 0x21, 0x00, 0xc9, 0x72, 0x94, 0xa9, 0xdd, 0x52, 0xca, 0x21, |
||||
+0x82, 0x66, 0x7a, 0x68, 0xcb, 0x1e, 0x3b, 0x12, 0x71, 0x4d, 0x56, 0xb5, 0xb7, 0xdd, 0xca, 0x2b, |
||||
+0x18, 0xa3, 0xa7, 0x08, 0x0d, 0xfa, 0x9c, 0x66 |
||||
+}; |
||||
# ifndef OPENSSL_NO_EC2M |
||||
static const char ecd_bin_curve_name[] = "sect233r1"; |
||||
static const unsigned char ecd_bin_priv[] = { |
||||
@@ -1571,8 +1715,42 @@ static const ST_KAT_SIGN st_kat_sign_tes |
||||
ecdsa_prime_key, |
||||
/* |
||||
* The ECDSA signature changes each time due to it using a random k. |
||||
- * So there is no expected KAT for this case. |
||||
+ * We provide this value in our build |
||||
+ */ |
||||
+ ITM(ec224r1_kat_sig) |
||||
+ }, |
||||
+ { |
||||
+ OSSL_SELF_TEST_DESC_SIGN_ECDSA, |
||||
+ "EC", |
||||
+ "SHA-256", |
||||
+ ecdsa_prime_key384, |
||||
+ /* |
||||
+ * The ECDSA signature changes each time due to it using a random k. |
||||
+ * We provide this value in our build |
||||
+ */ |
||||
+ ITM(ec384r1_kat_sig) |
||||
+ }, |
||||
+ { |
||||
+ OSSL_SELF_TEST_DESC_SIGN_ECDSA, |
||||
+ "EC", |
||||
+ "SHA-256", |
||||
+ ecdsa_prime_key521, |
||||
+ /* |
||||
+ * The ECDSA signature changes each time due to it using a random k. |
||||
+ * We provide this value in our build |
||||
+ */ |
||||
+ ITM(ec521r1_kat_sig) |
||||
+ }, |
||||
+ { |
||||
+ OSSL_SELF_TEST_DESC_SIGN_ECDSA, |
||||
+ "EC", |
||||
+ "SHA-256", |
||||
+ ecdsa_prime_key256, |
||||
+ /* |
||||
+ * The ECDSA signature changes each time due to it using a random k. |
||||
+ * We provide this value in our build |
||||
*/ |
||||
+ ITM(ec256v1_kat_sig) |
||||
}, |
||||
# ifndef OPENSSL_NO_EC2M |
||||
{ |
||||
diff -up openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c |
||||
--- openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat 2022-05-30 14:48:53.180999124 +0200 |
||||
+++ openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c 2022-05-30 14:58:52.841286228 +0200 |
||||
@@ -44,6 +44,10 @@ |
||||
#define S390X_OFF_RN(n) (4 * n) |
||||
#define S390X_OFF_Y(n) (4 * n) |
||||
|
||||
+#ifdef FIPS_MODULE |
||||
+extern int REDHAT_FIPS_signature_st; |
||||
+#endif |
||||
+ |
||||
static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r, |
||||
const BIGNUM *scalar, |
||||
size_t num, const EC_POINT *points[], |
||||
@@ -183,11 +187,21 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign |
||||
* because kdsa instruction constructs an in-range, invertible nonce |
||||
* internally implementing counter-measures for RNG weakness. |
||||
*/ |
||||
+#ifdef FIPS_MODULE |
||||
+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) { |
||||
+ BN_bn2binpad(eckey->sign_kat_k, param + S390X_OFF_RN(len), len); |
||||
+ /* Turns KDSA internal nonce-generation off. */ |
||||
+ fc |= S390X_KDSA_D; |
||||
+ } else { |
||||
+#endif |
||||
if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len), |
||||
(size_t)len, 0) != 1) { |
||||
ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); |
||||
goto ret; |
||||
} |
||||
+#ifdef FIPS_MODULE |
||||
+ } |
||||
+#endif |
||||
} else { |
||||
/* Reconstruct k = (k^-1)^-1. */ |
||||
if (ossl_ec_group_do_inverse_ord(group, k, kinv, NULL) == 0 |
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,466 @@
@@ -0,0 +1,466 @@
|
||||
From e3d6fca1af033d00c47bcd8f9ba28fcf1aa476aa Mon Sep 17 00:00:00 2001 |
||||
From: Clemens Lang <cllang@redhat.com> |
||||
Date: Tue, 7 Jun 2022 12:02:49 +0200 |
||||
Subject: [PATCH] fips: Expose a FIPS indicator |
||||
|
||||
FIPS 140-3 requires us to indicate whether an operation was using |
||||
approved services or not. The FIPS 140-3 implementation guidelines |
||||
provide two basic approaches to doing this: implicit indicators, and |
||||
explicit indicators. |
||||
|
||||
Implicit indicators are basically the concept of "if the operation |
||||
passes, it was approved". We were originally aiming for implicit |
||||
indicators in our copy of OpenSSL. However, this proved to be a problem, |
||||
because we wanted to certify a signature service, and FIPS 140-3 |
||||
requires that a signature service computes the digest to be signed |
||||
within the boundaries of the FIPS module. Since we were planning to |
||||
certify fips.so only, this means that EVP_PKEY_sign/EVP_PKEY_verify |
||||
would have to be blocked. Unfortunately, EVP_SignFinal uses |
||||
EVP_PKEY_sign internally, but outside of fips.so and thus outside of the |
||||
FIPS module boundary. This means that using implicit indicators in |
||||
combination with certifying only fips.so would require us to block both |
||||
EVP_PKEY_sign and EVP_SignFinal, which are the two APIs currently used |
||||
by most users of OpenSSL for signatures. |
||||
|
||||
EVP_DigestSign would be acceptable, but has only been added in 3.0 and |
||||
is thus not yet widely used. |
||||
|
||||
As a consequence, we've decided to introduce explicit indicators so that |
||||
EVP_PKEY_sign and EVP_SignFinal can continue to work for now, but |
||||
FIPS-aware applications can query the explicit indicator to check |
||||
whether the operation was approved. |
||||
|
||||
To avoid affecting the ABI and public API too much, this is implemented |
||||
as an exported symbol in fips.so and a private header, so applications |
||||
that wish to use this will have to dlopen(3) fips.so, locate the |
||||
function using dlsym(3), and then call it. These applications will have |
||||
to build against the private header in order to use the returned |
||||
pointer. |
||||
|
||||
Modify util/mkdef.pl to support exposing a symbol only for a specific |
||||
provider identified by its name and path. |
||||
|
||||
Signed-off-by: Clemens Lang <cllang@redhat.com> |
||||
--- |
||||
doc/build.info | 6 ++ |
||||
doc/man7/fips_module_indicators.pod | 154 ++++++++++++++++++++++++++++ |
||||
providers/fips/fipsprov.c | 71 +++++++++++++ |
||||
providers/fips/indicator.h | 66 ++++++++++++ |
||||
util/mkdef.pl | 25 ++++- |
||||
util/providers.num | 1 + |
||||
6 files changed, 322 insertions(+), 1 deletion(-) |
||||
create mode 100644 doc/man7/fips_module_indicators.pod |
||||
create mode 100644 providers/fips/indicator.h |
||||
|
||||
diff --git a/doc/build.info b/doc/build.info |
||||
index b0aa4297a4..af235113bb 100644 |
||||
--- a/doc/build.info |
||||
+++ b/doc/build.info |
||||
@@ -4389,6 +4389,10 @@ DEPEND[html/man7/fips_module.html]=man7/fips_module.pod |
||||
GENERATE[html/man7/fips_module.html]=man7/fips_module.pod |
||||
DEPEND[man/man7/fips_module.7]=man7/fips_module.pod |
||||
GENERATE[man/man7/fips_module.7]=man7/fips_module.pod |
||||
+DEPEND[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod |
||||
+GENERATE[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod |
||||
+DEPEND[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod |
||||
+GENERATE[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod |
||||
DEPEND[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod |
||||
GENERATE[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod |
||||
DEPEND[man/man7/life_cycle-cipher.7]=man7/life_cycle-cipher.pod |
||||
@@ -4631,6 +4635,7 @@ html/man7/ct.html \ |
||||
html/man7/des_modes.html \ |
||||
html/man7/evp.html \ |
||||
html/man7/fips_module.html \ |
||||
+html/man7/fips_module_indicators.html \ |
||||
html/man7/life_cycle-cipher.html \ |
||||
html/man7/life_cycle-digest.html \ |
||||
html/man7/life_cycle-kdf.html \ |
||||
@@ -4754,6 +4759,7 @@ man/man7/ct.7 \ |
||||
man/man7/des_modes.7 \ |
||||
man/man7/evp.7 \ |
||||
man/man7/fips_module.7 \ |
||||
+man/man7/fips_module_indicators.7 \ |
||||
man/man7/life_cycle-cipher.7 \ |
||||
man/man7/life_cycle-digest.7 \ |
||||
man/man7/life_cycle-kdf.7 \ |
||||
diff --git a/doc/man7/fips_module_indicators.pod b/doc/man7/fips_module_indicators.pod |
||||
new file mode 100644 |
||||
index 0000000000..23db2b395c |
||||
--- /dev/null |
||||
+++ b/doc/man7/fips_module_indicators.pod |
||||
@@ -0,0 +1,154 @@ |
||||
+=pod |
||||
+ |
||||
+=head1 NAME |
||||
+ |
||||
+fips_module_indicators - Red Hat OpenSSL FIPS module indicators guide |
||||
+ |
||||
+=head1 DESCRIPTION |
||||
+ |
||||
+This guide documents how the Red Hat Enterprise Linux 9 OpenSSL FIPS provider |
||||
+implements Approved Security Service Indicators according to the FIPS 140-3 |
||||
+Implementation Guidelines, section 2.4.C. See |
||||
+L<https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf> |
||||
+for the FIPS 140-3 Implementation Guidelines. |
||||
+ |
||||
+For all approved services except signatures, the Red Hat OpenSSL FIPS provider |
||||
+uses the return code as the indicator as understood by FIPS 140-3. That means |
||||
+that every operation that succeeds denotes use of an approved security service. |
||||
+Operations that do not succeed may not have been approved security services, or |
||||
+may have been used incorrectly. |
||||
+ |
||||
+For signatures, an explicit indicator API is available to determine whether |
||||
+a selected operation is an approved security service, in combination with the |
||||
+return code of the operation. For a signature operation to be approved, the |
||||
+explicit indicator must claim it as approved, and it must succeed. |
||||
+ |
||||
+=head2 Querying the explicit indicator |
||||
+ |
||||
+The Red Hat OpenSSL FIPS provider exports a symbol named |
||||
+I<redhat_ossl_query_fipsindicator> that provides information on which signature |
||||
+operations are approved security functions. To use this function, either link |
||||
+against I<fips.so> directly, or load it at runtime using dlopen(3) and |
||||
+dlsym(3). |
||||
+ |
||||
+ #include <openssl/core_dispatch.h> |
||||
+ #include "providers/fips/indicator.h" |
||||
+ |
||||
+ void *provider = dlopen("/usr/lib64/ossl-modules/fips.so", RTLD_LAZY); |
||||
+ if (provider == NULL) { |
||||
+ fprintf(stderr, "%s\n", dlerror()); |
||||
+ // handle error |
||||
+ } |
||||
+ |
||||
+ const OSSL_RH_FIPSINDICATOR_ALORITHM *(*redhat_ossl_query_fipsindicator)(int) \ |
||||
+ = dlsym(provider, "redhat_ossl_query_fipsindicator"); |
||||
+ if (redhat_ossl_query_fipsindicator == NULL) { |
||||
+ fprintf(stderr, "%s\n", dlerror()); |
||||
+ fprintf(stderr, "Does your copy of fips.so have the required Red Hat" |
||||
+ " patches?\n"); |
||||
+ // handle error |
||||
+ } |
||||
+ |
||||
+Note that this uses the I<providers/fips/indicator.h> header, which is not |
||||
+public. Install the I<openssl-debugsource> package from the I<BaseOS-debuginfo> |
||||
+repository using I<dnf debuginfo-install openssl> and include |
||||
+I</usr/src/debug/openssl-3.*/> in the compiler's include path. |
||||
+ |
||||
+I<redhat_ossl_query_fipsindicator> expects an operation ID as its only |
||||
+argument. Currently, the only supported operation ID is I<OSSL_OP_SIGNATURE> to |
||||
+obtain the indicators for signature operations. On success, the return value is |
||||
+a pointer to an array of I<OSSL_RH_FIPSINDICATOR_STRUCT>s. On failure, NULL is |
||||
+returned. The last entry in the array is indicated by I<algorithm_names> being |
||||
+NULL. |
||||
+ |
||||
+ typedef struct ossl_rh_fipsindicator_algorithm_st { |
||||
+ const char *algorithm_names; /* key */ |
||||
+ const char *property_definition; /* key */ |
||||
+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators; |
||||
+ } OSSL_RH_FIPSINDICATOR_ALGORITHM; |
||||
+ |
||||
+ typedef struct ossl_rh_fipsindicator_dispatch_st { |
||||
+ int function_id; |
||||
+ int approved; |
||||
+ } OSSL_RH_FIPSINDICATOR_DISPATCH; |
||||
+ |
||||
+The I<algorithm_names> field is a colon-separated list of algorithm names from |
||||
+one of the I<PROV_NAMES_...> constants, e.g., I<PROV_NAMES_RSA>. strtok(3) can |
||||
+be used to locate the appropriate entry. See the example below, where |
||||
+I<algorithm> contains the algorithm name to search for: |
||||
+ |
||||
+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicator_dispatch = NULL; |
||||
+ const OSSL_RH_FIPSINDICATOR_ALGORITHM *indicator = |
||||
+ redhat_ossl_query_fipsindicator(operation_id); |
||||
+ if (indicator == NULL) { |
||||
+ fprintf(stderr, "No indicator for operation, probably using implicit" |
||||
+ " indicators.\n"); |
||||
+ // handle error |
||||
+ } |
||||
+ |
||||
+ for (; indicator->algorithm_names != NULL; ++indicator) { |
||||
+ char *algorithm_names = strdup(indicator->algorithm_names); |
||||
+ if (algorithm_names == NULL) { |
||||
+ perror("strdup(3)"); |
||||
+ // handle error |
||||
+ } |
||||
+ |
||||
+ const char *algorithm_name = strtok(algorithm_names, ":"); |
||||
+ for (; algorithm_name != NULL; algorithm_name = strtok(NULL, ":")) { |
||||
+ if (strcasecmp(algorithm_name, algorithm) == 0) { |
||||
+ indicator_dispatch = indicator->indicators; |
||||
+ free(algorithm_names); |
||||
+ algorithm_names = NULL; |
||||
+ break; |
||||
+ } |
||||
+ } |
||||
+ free(algorithm_names); |
||||
+ } |
||||
+ if (indicator_dispatch == NULL) { |
||||
+ fprintf(stderr, "No indicator for algorithm %s.\n", algorithm); |
||||
+ // handle error |
||||
+ } |
||||
+ |
||||
+If an appropriate I<OSSL_RH_FIPSINDICATOR_DISPATCH> array is available for the |
||||
+given algorithm name, it maps function IDs to their approval status. The last |
||||
+entry is indicated by a zero I<function_id>. I<approved> is |
||||
+I<OSSL_RH_FIPSINDICATOR_APPROVED> if the operation is an approved security |
||||
+service, or part of an approved security service, or |
||||
+I<OSSL_RH_FIPSINDICATOR_UNAPPROVED> otherwise. Any other value is invalid. |
||||
+Function IDs are I<OSSL_FUNC_*> constants from I<openssl/core_dispatch.h>, |
||||
+e.g., I<OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE> or I<OSSL_FUNC_SIGNATURE_SIGN>. |
||||
+ |
||||
+Assuming I<function_id> is the function in question, the following code can be |
||||
+used to query the approval status: |
||||
+ |
||||
+ for (; indicator_dispatch->function_id != 0; ++indicator_dispatch) { |
||||
+ if (indicator_dispatch->function_id == function_id) { |
||||
+ switch (indicator_dispatch->approved) { |
||||
+ case OSSL_RH_FIPSINDICATOR_APPROVED: |
||||
+ // approved security service |
||||
+ break; |
||||
+ case OSSL_RH_FIPSINDICATOR_UNAPPROVED: |
||||
+ // unapproved security service |
||||
+ break; |
||||
+ default: |
||||
+ // invalid result |
||||
+ break; |
||||
+ } |
||||
+ break; |
||||
+ } |
||||
+ } |
||||
+ |
||||
+=head1 SEE ALSO |
||||
+ |
||||
+L<fips_module(7)>, L<provider(7)> |
||||
+ |
||||
+=head1 COPYRIGHT |
||||
+ |
||||
+Copyright 2022 Red Hat, Inc. All Rights Reserved. |
||||
+ |
||||
+Licensed under the Apache License 2.0 (the "License"). You may not use |
||||
+this file except in compliance with the License. You can obtain a copy |
||||
+in the file LICENSE in the source distribution or at |
||||
+L<https://www.openssl.org/source/license.html>. |
||||
+ |
||||
+=cut |
||||
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c |
||||
index de391ce067..1cfd71c5cf 100644 |
||||
--- a/providers/fips/fipsprov.c |
||||
+++ b/providers/fips/fipsprov.c |
||||
@@ -23,6 +23,7 @@ |
||||
#include "prov/seeding.h" |
||||
#include "self_test.h" |
||||
#include "internal/core.h" |
||||
+#include "indicator.h" |
||||
|
||||
static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; |
||||
static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; |
||||
@@ -425,6 +426,68 @@ static const OSSL_ALGORITHM fips_signature[] = { |
||||
{ NULL, NULL, NULL } |
||||
}; |
||||
|
||||
+static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_rsa_signature_indicators[] = { |
||||
+ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED } |
||||
+}; |
||||
+ |
||||
+static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_ecdsa_signature_indicators[] = { |
||||
+ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED }, |
||||
+ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED } |
||||
+}; |
||||
+ |
||||
+static const OSSL_RH_FIPSINDICATOR_ALGORITHM redhat_indicator_fips_signature[] = { |
||||
+ { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, |
||||
+ redhat_rsa_signature_indicators }, |
||||
+#ifndef OPENSSL_NO_EC |
||||
+ { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, |
||||
+ redhat_ecdsa_signature_indicators }, |
||||
+#endif |
||||
+ { NULL, NULL, NULL } |
||||
+}; |
||||
+ |
||||
static const OSSL_ALGORITHM fips_asym_cipher[] = { |
||||
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions }, |
||||
{ NULL, NULL, NULL } |
||||
@@ -527,6 +590,14 @@ static void fips_deinit_casecmp(void) { |
||||
freelocale(loc); |
||||
} |
||||
|
||||
+const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id) { |
||||
+ switch (operation_id) { |
||||
+ case OSSL_OP_SIGNATURE: |
||||
+ return redhat_indicator_fips_signature; |
||||
+ } |
||||
+ return NULL; |
||||
+} |
||||
+ |
||||
static void fips_teardown(void *provctx) |
||||
{ |
||||
OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx)); |
||||
diff --git a/providers/fips/indicator.h b/providers/fips/indicator.h |
||||
new file mode 100644 |
||||
index 0000000000..b323efe44c |
||||
--- /dev/null |
||||
+++ b/providers/fips/indicator.h |
||||
@@ -0,0 +1,66 @@ |
||||
+/* |
||||
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. |
||||
+ * |
||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use |
||||
+ * this file except in compliance with the License. You can obtain a copy |
||||
+ * in the file LICENSE in the source distribution or at |
||||
+ * https://www.openssl.org/source/license.html |
||||
+ */ |
||||
+ |
||||
+#ifndef OPENSSL_FIPS_INDICATOR_H |
||||
+# define OPENSSL_FIPS_INDICATOR_H |
||||
+# pragma once |
||||
+ |
||||
+# ifdef __cplusplus |
||||
+extern "C" { |
||||
+# endif |
||||
+ |
||||
+# define OSSL_RH_FIPSINDICATOR_UNAPPROVED (0) |
||||
+# define OSSL_RH_FIPSINDICATOR_APPROVED (1) |
||||
+ |
||||
+/* |
||||
+ * FIPS indicator dispatch table element. function_id numbers and the |
||||
+ * functions are defined in core_dispatch.h, see macros with |
||||
+ * 'OSSL_CORE_MAKE_FUNC' in their names. |
||||
+ * |
||||
+ * An array of these is always terminated by function_id == 0 |
||||
+ */ |
||||
+typedef struct ossl_rh_fipsindicator_dispatch_st { |
||||
+ int function_id; |
||||
+ int approved; |
||||
+} OSSL_RH_FIPSINDICATOR_DISPATCH; |
||||
+ |
||||
+/* |
||||
+ * Type to tie together algorithm names, property definition string and the |
||||
+ * algorithm implementation's FIPS indicator status in the form of a FIPS |
||||
+ * indicator dispatch table. |
||||
+ * |
||||
+ * An array of these is always terminated by algorithm_names == NULL |
||||
+ */ |
||||
+typedef struct ossl_rh_fipsindicator_algorithm_st { |
||||
+ const char *algorithm_names; /* key */ |
||||
+ const char *property_definition; /* key */ |
||||
+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators; |
||||
+} OSSL_RH_FIPSINDICATOR_ALGORITHM; |
||||
+ |
||||
+/** |
||||
+ * Query FIPS indicator status for the given operation. Possible values for |
||||
+ * 'operation_id' are currently only OSSL_OP_SIGNATURE, as all other algorithms |
||||
+ * use implicit indicators. The return value is an array of |
||||
+ * OSSL_RH_FIPSINDICATOR_ALGORITHMs, terminated by an entry with |
||||
+ * algorithm_names == NULL. 'algorithm_names' is a colon-separated list of |
||||
+ * algorithm names, 'property_definition' a comma-separated list of properties, |
||||
+ * and 'indicators' is a list of OSSL_RH_FIPSINDICATOR_DISPATCH structs. This |
||||
+ * list is terminated by function_id == 0. 'function_id' is one of the |
||||
+ * OSSL_FUNC_* constants, e.g., OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL. |
||||
+ * |
||||
+ * If there is no entry in the returned struct for the given operation_id, |
||||
+ * algorithm name, or function_id, the algorithm is unapproved. |
||||
+ */ |
||||
+const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id); |
||||
+ |
||||
+# ifdef __cplusplus |
||||
+} |
||||
+# endif |
||||
+ |
||||
+#endif |
||||
diff --git a/util/mkdef.pl b/util/mkdef.pl |
||||
index a1c76f7c97..eda39b71ee 100755 |
||||
--- a/util/mkdef.pl |
||||
+++ b/util/mkdef.pl |
||||
@@ -149,7 +149,8 @@ $ordinal_opts{filter} = |
||||
return |
||||
$item->exists() |
||||
&& platform_filter($item) |
||||
- && feature_filter($item); |
||||
+ && feature_filter($item) |
||||
+ && fips_filter($item, $name); |
||||
}; |
||||
my $ordinals = OpenSSL::Ordinals->new(from => $ordinals_file); |
||||
|
||||
@@ -205,6 +206,28 @@ sub feature_filter { |
||||
return $verdict; |
||||
} |
||||
|
||||
+sub fips_filter { |
||||
+ my $item = shift; |
||||
+ my $name = uc(shift); |
||||
+ my @features = ( $item->features() ); |
||||
+ |
||||
+ # True if no features are defined |
||||
+ return 1 if scalar @features == 0; |
||||
+ |
||||
+ my @matches = grep(/^ONLY_.*$/, @features); |
||||
+ if (@matches) { |
||||
+ # There is at least one only_* flag on this symbol, check if any of |
||||
+ # them match the name |
||||
+ for (@matches) { |
||||
+ if ($_ eq "ONLY_${name}") { |
||||
+ return 1; |
||||
+ } |
||||
+ } |
||||
+ return 0; |
||||
+ } |
||||
+ return 1; |
||||
+} |
||||
+ |
||||
sub sorter_unix { |
||||
my $by_name = OpenSSL::Ordinals::by_name(); |
||||
my %weight = ( |
||||
diff --git a/util/providers.num b/util/providers.num |
||||
index 4e2fa81b98..77879d0e5f 100644 |
||||
--- a/util/providers.num |
||||
+++ b/util/providers.num |
||||
@@ -1 +1,2 @@ |
||||
OSSL_provider_init 1 * EXIST::FUNCTION: |
||||
+redhat_ossl_query_fipsindicator 1 * EXIST::FUNCTION:ONLY_PROVIDERS/FIPS |
||||
-- |
||||
2.35.3 |
||||
|
@ -0,0 +1,13 @@
@@ -0,0 +1,13 @@
|
||||
diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c |
||||
index 2a574fbfe6aa..16f482db68a9 100644 |
||||
--- a/crypto/lhash/lhash.c |
||||
+++ b/crypto/lhash/lhash.c |
||||
@@ -100,6 +100,8 @@ void OPENSSL_LH_flush(OPENSSL_LHASH *lh) |
||||
} |
||||
lh->b[i] = NULL; |
||||
} |
||||
+ |
||||
+ lh->num_items = 0; |
||||
} |
||||
|
||||
void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data) |
@ -0,0 +1,263 @@
@@ -0,0 +1,263 @@
|
||||
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c |
||||
index 7a4a45d537..3c5f48ec0a 100644 |
||||
--- a/crypto/ocsp/ocsp_vfy.c |
||||
+++ b/crypto/ocsp/ocsp_vfy.c |
||||
@@ -59,9 +59,10 @@ static int ocsp_verify_signer(X509 *signer, int response, |
||||
|
||||
ret = X509_verify_cert(ctx); |
||||
if (ret <= 0) { |
||||
- ret = X509_STORE_CTX_get_error(ctx); |
||||
+ int err = X509_STORE_CTX_get_error(ctx); |
||||
+ |
||||
ERR_raise_data(ERR_LIB_OCSP, OCSP_R_CERTIFICATE_VERIFY_ERROR, |
||||
- "Verify error: %s", X509_verify_cert_error_string(ret)); |
||||
+ "Verify error: %s", X509_verify_cert_error_string(err)); |
||||
goto end; |
||||
} |
||||
if (chain != NULL) |
||||
diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t |
||||
index d42030cb89..34fdfcbccc 100644 |
||||
--- a/test/recipes/80-test_ocsp.t |
||||
+++ b/test/recipes/80-test_ocsp.t |
||||
@@ -35,6 +35,7 @@ sub test_ocsp { |
||||
$untrusted = $CAfile; |
||||
} |
||||
my $expected_exit = shift; |
||||
+ my $nochecks = shift; |
||||
my $outputfile = basename($inputfile, '.ors') . '.dat'; |
||||
|
||||
run(app(["openssl", "base64", "-d", |
||||
@@ -45,7 +46,8 @@ sub test_ocsp { |
||||
"-partial_chain", @check_time, |
||||
"-CAfile", catfile($ocspdir, $CAfile), |
||||
"-verify_other", catfile($ocspdir, $untrusted), |
||||
- "-no-CApath", "-no-CAstore"])), |
||||
+ "-no-CApath", "-no-CAstore", |
||||
+ $nochecks ? "-no_cert_checks" : ()])), |
||||
$title); }); |
||||
} |
||||
|
||||
@@ -55,143 +57,149 @@ subtest "=== VALID OCSP RESPONSES ===" => sub { |
||||
plan tests => 7; |
||||
|
||||
test_ocsp("NON-DELEGATED; Intermediate CA -> EE", |
||||
- "ND1.ors", "ND1_Issuer_ICA.pem", "", 0); |
||||
+ "ND1.ors", "ND1_Issuer_ICA.pem", "", 0, 0); |
||||
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", |
||||
- "ND2.ors", "ND2_Issuer_Root.pem", "", 0); |
||||
+ "ND2.ors", "ND2_Issuer_Root.pem", "", 0, 0); |
||||
test_ocsp("NON-DELEGATED; Root CA -> EE", |
||||
- "ND3.ors", "ND3_Issuer_Root.pem", "", 0); |
||||
+ "ND3.ors", "ND3_Issuer_Root.pem", "", 0, 0); |
||||
test_ocsp("NON-DELEGATED; 3-level CA hierarchy", |
||||
- "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0); |
||||
+ "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0, 0); |
||||
test_ocsp("DELEGATED; Intermediate CA -> EE", |
||||
- "D1.ors", "D1_Issuer_ICA.pem", "", 0); |
||||
+ "D1.ors", "D1_Issuer_ICA.pem", "", 0, 0); |
||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA", |
||||
- "D2.ors", "D2_Issuer_Root.pem", "", 0); |
||||
+ "D2.ors", "D2_Issuer_Root.pem", "", 0, 0); |
||||
test_ocsp("DELEGATED; Root CA -> EE", |
||||
- "D3.ors", "D3_Issuer_Root.pem", "", 0); |
||||
+ "D3.ors", "D3_Issuer_Root.pem", "", 0, 0); |
||||
}; |
||||
|
||||
subtest "=== INVALID SIGNATURE on the OCSP RESPONSE ===" => sub { |
||||
plan tests => 6; |
||||
|
||||
test_ocsp("NON-DELEGATED; Intermediate CA -> EE", |
||||
- "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); |
||||
+ "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0); |
||||
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", |
||||
- "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1); |
||||
+ "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("NON-DELEGATED; Root CA -> EE", |
||||
- "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1); |
||||
+ "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Intermediate CA -> EE", |
||||
- "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1); |
||||
+ "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA", |
||||
- "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1); |
||||
+ "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Root CA -> EE", |
||||
- "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1); |
||||
+ "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); |
||||
}; |
||||
|
||||
subtest "=== WRONG RESPONDERID in the OCSP RESPONSE ===" => sub { |
||||
plan tests => 6; |
||||
|
||||
test_ocsp("NON-DELEGATED; Intermediate CA -> EE", |
||||
- "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); |
||||
+ "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0); |
||||
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", |
||||
- "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1); |
||||
+ "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("NON-DELEGATED; Root CA -> EE", |
||||
- "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1); |
||||
+ "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Intermediate CA -> EE", |
||||
- "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1); |
||||
+ "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA", |
||||
- "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1); |
||||
+ "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Root CA -> EE", |
||||
- "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1); |
||||
+ "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); |
||||
}; |
||||
|
||||
subtest "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" => sub { |
||||
plan tests => 6; |
||||
|
||||
test_ocsp("NON-DELEGATED; Intermediate CA -> EE", |
||||
- "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); |
||||
+ "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0); |
||||
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", |
||||
- "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1); |
||||
+ "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("NON-DELEGATED; Root CA -> EE", |
||||
- "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1); |
||||
+ "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Intermediate CA -> EE", |
||||
- "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1); |
||||
+ "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA", |
||||
- "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1); |
||||
+ "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Root CA -> EE", |
||||
- "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1); |
||||
+ "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); |
||||
}; |
||||
|
||||
subtest "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" => sub { |
||||
plan tests => 6; |
||||
|
||||
test_ocsp("NON-DELEGATED; Intermediate CA -> EE", |
||||
- "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); |
||||
+ "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0); |
||||
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", |
||||
- "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1); |
||||
+ "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("NON-DELEGATED; Root CA -> EE", |
||||
- "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1); |
||||
+ "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Intermediate CA -> EE", |
||||
- "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1); |
||||
+ "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA", |
||||
- "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1); |
||||
+ "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Root CA -> EE", |
||||
- "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1); |
||||
+ "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); |
||||
}; |
||||
|
||||
subtest "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub { |
||||
plan tests => 3; |
||||
|
||||
test_ocsp("DELEGATED; Intermediate CA -> EE", |
||||
- "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1); |
||||
+ "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA", |
||||
- "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1); |
||||
+ "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Root CA -> EE", |
||||
- "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1); |
||||
+ "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); |
||||
}; |
||||
|
||||
subtest "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub { |
||||
- plan tests => 3; |
||||
+ plan tests => 6; |
||||
|
||||
test_ocsp("DELEGATED; Intermediate CA -> EE", |
||||
- "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1); |
||||
+ "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); |
||||
+ test_ocsp("DELEGATED; Root CA -> Intermediate CA", |
||||
+ "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); |
||||
+ test_ocsp("DELEGATED; Root CA -> EE", |
||||
+ "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); |
||||
+ test_ocsp("DELEGATED; Intermediate CA -> EE", |
||||
+ "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 1); |
||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA", |
||||
- "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1); |
||||
+ "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 1); |
||||
test_ocsp("DELEGATED; Root CA -> EE", |
||||
- "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1); |
||||
+ "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 1); |
||||
}; |
||||
|
||||
subtest "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" => sub { |
||||
plan tests => 6; |
||||
|
||||
test_ocsp("NON-DELEGATED; Intermediate CA -> EE", |
||||
- "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1); |
||||
+ "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1, 0); |
||||
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", |
||||
- "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1); |
||||
+ "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("NON-DELEGATED; Root CA -> EE", |
||||
- "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1); |
||||
+ "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Intermediate CA -> EE", |
||||
- "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1); |
||||
+ "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA", |
||||
- "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1); |
||||
+ "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Root CA -> EE", |
||||
- "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1); |
||||
+ "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1, 0); |
||||
}; |
||||
|
||||
subtest "=== WRONG KEY in the ISSUER CERTIFICATE ===" => sub { |
||||
plan tests => 6; |
||||
|
||||
test_ocsp("NON-DELEGATED; Intermediate CA -> EE", |
||||
- "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1); |
||||
+ "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1, 0); |
||||
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", |
||||
- "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1); |
||||
+ "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("NON-DELEGATED; Root CA -> EE", |
||||
- "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1); |
||||
+ "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Intermediate CA -> EE", |
||||
- "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1); |
||||
+ "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA", |
||||
- "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1); |
||||
+ "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1, 0); |
||||
test_ocsp("DELEGATED; Root CA -> EE", |
||||
- "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1); |
||||
+ "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1, 0); |
||||
}; |
||||
|
||||
subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub { |
||||
@@ -199,17 +207,17 @@ subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub { |
||||
|
||||
# Expect success, because we're explicitly trusting the issuer certificate. |
||||
test_ocsp("NON-DELEGATED; Intermediate CA -> EE", |
||||
- "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0); |
||||
+ "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0, 0); |
||||
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", |
||||
- "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0); |
||||
+ "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0, 0); |
||||
test_ocsp("NON-DELEGATED; Root CA -> EE", |
||||
- "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0); |
||||
+ "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0, 0); |
||||
test_ocsp("DELEGATED; Intermediate CA -> EE", |
||||
- "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0); |
||||
+ "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0, 0); |
||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA", |
||||
- "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0); |
||||
+ "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0, 0); |
||||
test_ocsp("DELEGATED; Root CA -> EE", |
||||
- "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0); |
||||
+ "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0, 0); |
||||
}; |
||||
|
||||
subtest "=== OCSP API TESTS===" => sub { |
@ -0,0 +1,58 @@
@@ -0,0 +1,58 @@
|
||||
diff --git a/tools/c_rehash.in b/tools/c_rehash.in |
||||
index d51d8856d7..a630773a02 100644 |
||||
--- a/tools/c_rehash.in |
||||
+++ b/tools/c_rehash.in |
||||
@@ -152,6 +152,23 @@ sub check_file { |
||||
return ($is_cert, $is_crl); |
||||
} |
||||
|
||||
+sub compute_hash { |
||||
+ my $fh; |
||||
+ if ( $^O eq "VMS" ) { |
||||
+ # VMS uses the open through shell |
||||
+ # The file names are safe there and list form is unsupported |
||||
+ if (!open($fh, "-|", join(' ', @_))) { |
||||
+ print STDERR "Cannot compute hash on '$fname'\n"; |
||||
+ return; |
||||
+ } |
||||
+ } else { |
||||
+ if (!open($fh, "-|", @_)) { |
||||
+ print STDERR "Cannot compute hash on '$fname'\n"; |
||||
+ return; |
||||
+ } |
||||
+ } |
||||
+ return (<$fh>, <$fh>); |
||||
+} |
||||
|
||||
# Link a certificate to its subject name hash value, each hash is of |
||||
# the form <hash>.<n> where n is an integer. If the hash value already exists |
||||
@@ -161,10 +178,12 @@ sub check_file { |
||||
|
||||
sub link_hash_cert { |
||||
my $fname = $_[0]; |
||||
- $fname =~ s/\"/\\\"/g; |
||||
- my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; |
||||
+ my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash, |
||||
+ "-fingerprint", "-noout", |
||||
+ "-in", $fname); |
||||
chomp $hash; |
||||
chomp $fprint; |
||||
+ return if !$hash; |
||||
$fprint =~ s/^.*=//; |
||||
$fprint =~ tr/://d; |
||||
my $suffix = 0; |
||||
@@ -202,10 +221,12 @@ sub link_hash_cert { |
||||
|
||||
sub link_hash_crl { |
||||
my $fname = $_[0]; |
||||
- $fname =~ s/'/'\\''/g; |
||||
- my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; |
||||
+ my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash, |
||||
+ "-fingerprint", "-noout", |
||||
+ "-in", $fname); |
||||
chomp $hash; |
||||
chomp $fprint; |
||||
+ return if !$hash; |
||||
$fprint =~ s/^.*=//; |
||||
$fprint =~ tr/://d; |
||||
my $suffix = 0; |
@ -0,0 +1,212 @@
@@ -0,0 +1,212 @@
|
||||
diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem |
||||
index 1fa449d5a098..6aa9455f09ed 100644 |
||||
--- a/test/certs/embeddedSCTs1_issuer.pem |
||||
+++ b/test/certs/embeddedSCTs1_issuer.pem |
||||
@@ -1,18 +1,18 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
-MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk |
||||
+MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk |
||||
MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX |
||||
-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw |
||||
-MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu |
||||
-c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf |
||||
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7 |
||||
-jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP |
||||
-KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL |
||||
-svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk |
||||
-tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG |
||||
-A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO |
||||
-MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB |
||||
-/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt |
||||
-OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy |
||||
-f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP |
||||
-OwqULg== |
||||
+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw |
||||
+ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy |
||||
+YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w |
||||
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG |
||||
+0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4 |
||||
+SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG |
||||
+acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw |
||||
+wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw |
||||
+CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB |
||||
+MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD |
||||
+AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq |
||||
++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo |
||||
+2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c |
||||
+Doud4XrO |
||||
-----END CERTIFICATE----- |
||||
diff --git a/test/certs/sm2-ca-cert.pem b/test/certs/sm2-ca-cert.pem |
||||
index 5677ac6c9f6a..70ce71e43091 100644 |
||||
--- a/test/certs/sm2-ca-cert.pem |
||||
+++ b/test/certs/sm2-ca-cert.pem |
||||
@@ -1,14 +1,14 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT |
||||
+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT |
||||
AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl |
||||
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe |
||||
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw |
||||
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn |
||||
-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG |
||||
-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU |
||||
-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW |
||||
-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU |
||||
-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI |
||||
-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X |
||||
-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3 |
||||
+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg |
||||
+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x |
||||
+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP |
||||
+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH |
||||
+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+ |
||||
+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O |
||||
+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp |
||||
+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1 |
||||
+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC |
||||
+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu |
||||
-----END CERTIFICATE----- |
||||
diff --git a/test/certs/sm2-root.crt b/test/certs/sm2-root.crt |
||||
index 5677ac6c9f6a..70ce71e43091 100644 |
||||
--- a/test/certs/sm2-root.crt |
||||
+++ b/test/certs/sm2-root.crt |
||||
@@ -1,14 +1,14 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT |
||||
+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT |
||||
AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl |
||||
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe |
||||
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw |
||||
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn |
||||
-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG |
||||
-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU |
||||
-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW |
||||
-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU |
||||
-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI |
||||
-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X |
||||
-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3 |
||||
+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg |
||||
+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x |
||||
+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP |
||||
+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH |
||||
+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+ |
||||
+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O |
||||
+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp |
||||
+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1 |
||||
+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC |
||||
+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu |
||||
-----END CERTIFICATE----- |
||||
diff --git a/test/certs/sm2.pem b/test/certs/sm2.pem |
||||
index 189abb137625..daf12926aff9 100644 |
||||
--- a/test/certs/sm2.pem |
||||
+++ b/test/certs/sm2.pem |
||||
@@ -1,13 +1,14 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
-MIIB6DCCAY6gAwIBAgIJAKH2BR6ITHZeMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT |
||||
-AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl |
||||
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe |
||||
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMG8xCzAJBgNVBAYTAkNOMQsw |
||||
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn |
||||
-MRAwDgYDVQQLDAdUZXN0IE9VMRswGQYDVQQDDBJUZXN0IFNNMiBTaWduIENlcnQw |
||||
-WTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQwqeNkWp7fiu1KZnuDkAucpM8piEzE |
||||
-TL1ymrcrOBvv8mhNNkeb20asbWgFQI2zOrSM99/sXGn9rM2/usM/MlcaoxowGDAJ |
||||
-BgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiEA9edBnAqT |
||||
-TNuGIUIvXsj6/nP+AzXA9HGtAIY4nrqW8LkCIHyZzhRTlxYtgfqkDl0OK5QQRCZH |
||||
-OZOfmtx613VyzXwc |
||||
+MIICNDCCAdugAwIBAgIUOMbsiFLCy2BCPtfHQSdG4R1+3BowCgYIKoEcz1UBg3Uw |
||||
+aDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzER |
||||
+MA8GA1UECgwIVGVzdCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rl |
||||
+c3QgU00yIENBMCAXDTIyMDYwMjE1NTU0OFoYDzIxMjIwNTA5MTU1NTQ4WjBvMQsw |
||||
+CQYDVQQGEwJDTjELMAkGA1UECAwCTE4xETAPBgNVBAcMCFNoZW55YW5nMREwDwYD |
||||
+VQQKDAhUZXN0IE9yZzEQMA4GA1UECwwHVGVzdCBPVTEbMBkGA1UEAwwSVGVzdCBT |
||||
+TTIgU2lnbiBDZXJ0MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEMKnjZFqe34rt |
||||
+SmZ7g5ALnKTPKYhMxEy9cpq3Kzgb7/JoTTZHm9tGrG1oBUCNszq0jPff7Fxp/azN |
||||
+v7rDPzJXGqNaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFNPl |
||||
+u8JjXkhQPiJ5bYrrq+voqBUlMB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIpSVTlXHj/ |
||||
+Rbl0MAoGCCqBHM9VAYN1A0cAMEQCIG3gG1D7T7ltn6Gz1UksBZahgBE6jmkQ9Sp9 |
||||
+/3aY5trlAiB5adxiK0avV0LEKfbzTdff9skoZpd7vje1QTW0l0HaGg== |
||||
-----END CERTIFICATE----- |
||||
diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh |
||||
index 12e8a7305402..109b9c4abc28 100644 |
||||
--- a/test/smime-certs/mksmime-certs.sh |
||||
+++ b/test/smime-certs/mksmime-certs.sh |
||||
@@ -15,23 +15,23 @@ export OPENSSL_CONF |
||||
|
||||
# Root CA: create certificate directly |
||||
CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -noenc \ |
||||
- -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650 |
||||
+ -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 36501 |
||||
|
||||
# EE RSA certificates: create request first |
||||
CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -noenc \ |
||||
-keyout smrsa1.pem -out req.pem -newkey rsa:2048 |
||||
# Sign request: end entity extensions |
||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ |
||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ |
||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem |
||||
|
||||
CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -noenc \ |
||||
-keyout smrsa2.pem -out req.pem -newkey rsa:2048 |
||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ |
||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ |
||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem |
||||
|
||||
CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -noenc \ |
||||
-keyout smrsa3.pem -out req.pem -newkey rsa:2048 |
||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ |
||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ |
||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem |
||||
|
||||
# Create DSA parameters |
||||
@@ -40,15 +40,15 @@ $OPENSSL dsaparam -out dsap.pem 2048 |
||||
|
||||
CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -noenc \ |
||||
-keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem |
||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ |
||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ |
||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem |
||||
CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -noenc \ |
||||
-keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem |
||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ |
||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ |
||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem |
||||
CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -noenc \ |
||||
-keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem |
||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ |
||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ |
||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem |
||||
|
||||
# Create EC parameters |
||||
@@ -58,16 +58,17 @@ $OPENSSL ecparam -out ecp2.pem -name K-283 |
||||
|
||||
CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -noenc \ |
||||
-keyout smec1.pem -out req.pem -newkey ec:ecp.pem |
||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ |
||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ |
||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem |
||||
CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -noenc \ |
||||
-keyout smec2.pem -out req.pem -newkey ec:ecp2.pem |
||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ |
||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ |
||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem |
||||
-CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \ |
||||
- -keyout smec3.pem -out req.pem -newkey ec:ecp.pem |
||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ |
||||
- -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem |
||||
+# Do not renew this cert as it is used for legacy data decrypt test |
||||
+#CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \ |
||||
+# -keyout smec3.pem -out req.pem -newkey ec:ecp.pem |
||||
+#$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ |
||||
+# -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem |
||||
# Create X9.42 DH parameters. |
||||
$OPENSSL genpkey -genparam -algorithm DHX -out dhp.pem |
||||
# Generate X9.42 DH key. |
||||
@@ -77,7 +78,7 @@ $OPENSSL pkey -pubout -in smdh.pem -out dhpub.pem |
||||
CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -noenc \ |
||||
-keyout smtmp.pem -out req.pem -newkey rsa:2048 |
||||
# Sign request but force public key to DH |
||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ |
||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ |
||||
-force_pubkey dhpub.pem \ |
||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdh.pem |
||||
# Remove temp files. |
@ -0,0 +1,662 @@
@@ -0,0 +1,662 @@
|
||||
diff --git a/crypto/bn/asm/ppc64-mont-fixed.pl b/crypto/bn/asm/ppc64-mont-fixed.pl |
||||
index 56df89dc27da..e69de29bb2d1 100755 |
||||
--- a/crypto/bn/asm/ppc64-mont-fixed.pl |
||||
+++ b/crypto/bn/asm/ppc64-mont-fixed.pl |
||||
@@ -1,581 +0,0 @@ |
||||
-#! /usr/bin/env perl |
||||
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. |
||||
-# |
||||
-# Licensed under the Apache License 2.0 (the "License"). You may not use |
||||
-# this file except in compliance with the License. You can obtain a copy |
||||
-# in the file LICENSE in the source distribution or at |
||||
-# https://www.openssl.org/source/license.html |
||||
- |
||||
-# ==================================================================== |
||||
-# Written by Amitay Isaacs <amitay@ozlabs.org>, Martin Schwenke |
||||
-# <martin@meltin.net> & Alastair D'Silva <alastair@d-silva.org> for |
||||
-# the OpenSSL project. |
||||
-# ==================================================================== |
||||
- |
||||
-# |
||||
-# Fixed length (n=6), unrolled PPC Montgomery Multiplication |
||||
-# |
||||
- |
||||
-# 2021 |
||||
-# |
||||
-# Although this is a generic implementation for unrolling Montgomery |
||||
-# Multiplication for arbitrary values of n, this is currently only |
||||
-# used for n = 6 to improve the performance of ECC p384. |
||||
-# |
||||
-# Unrolling allows intermediate results to be stored in registers, |
||||
-# rather than on the stack, improving performance by ~7% compared to |
||||
-# the existing PPC assembly code. |
||||
-# |
||||
-# The ISA 3.0 implementation uses combination multiply/add |
||||
-# instructions (maddld, maddhdu) to improve performance by an |
||||
-# additional ~10% on Power 9. |
||||
-# |
||||
-# Finally, saving non-volatile registers into volatile vector |
||||
-# registers instead of onto the stack saves a little more. |
||||
-# |
||||
-# On a Power 9 machine we see an overall improvement of ~18%. |
||||
-# |
||||
- |
||||
-use strict; |
||||
-use warnings; |
||||
- |
||||
-my ($flavour, $output, $dir, $xlate); |
||||
- |
||||
-# $output is the last argument if it looks like a file (it has an extension) |
||||
-# $flavour is the first argument if it doesn't look like a file |
||||
-$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; |
||||
-$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; |
||||
- |
||||
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; |
||||
-( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or |
||||
-( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or |
||||
-die "can't locate ppc-xlate.pl"; |
||||
- |
||||
-open STDOUT,"| $^X $xlate $flavour \"$output\"" |
||||
- or die "can't call $xlate: $!"; |
||||
- |
||||
-if ($flavour !~ /64/) { |
||||
- die "bad flavour ($flavour) - only ppc64 permitted"; |
||||
-} |
||||
- |
||||
-my $SIZE_T= 8; |
||||
- |
||||
-# Registers are global so the code is remotely readable |
||||
- |
||||
-# Parameters for Montgomery multiplication |
||||
-my $sp = "r1"; |
||||
-my $toc = "r2"; |
||||
-my $rp = "r3"; |
||||
-my $ap = "r4"; |
||||
-my $bp = "r5"; |
||||
-my $np = "r6"; |
||||
-my $n0 = "r7"; |
||||
-my $num = "r8"; |
||||
- |
||||
-my $i = "r9"; |
||||
-my $c0 = "r10"; |
||||
-my $bp0 = "r11"; |
||||
-my $bpi = "r11"; |
||||
-my $bpj = "r11"; |
||||
-my $tj = "r12"; |
||||
-my $apj = "r12"; |
||||
-my $npj = "r12"; |
||||
-my $lo = "r14"; |
||||
-my $c1 = "r14"; |
||||
- |
||||
-# Non-volatile registers used for tp[i] |
||||
-# |
||||
-# 12 registers are available but the limit on unrolling is 10, |
||||
-# since registers from $tp[0] to $tp[$n+1] are used. |
||||
-my @tp = ("r20" .. "r31"); |
||||
- |
||||
-# volatile VSRs for saving non-volatile GPRs - faster than stack |
||||
-my @vsrs = ("v32" .. "v46"); |
||||
- |
||||
-package Mont; |
||||
- |
||||
-sub new($$) |
||||
-{ |
||||
- my ($class, $n) = @_; |
||||
- |
||||
- if ($n > 10) { |
||||
- die "Can't unroll for BN length ${n} (maximum 10)" |
||||
- } |
||||
- |
||||
- my $self = { |
||||
- code => "", |
||||
- n => $n, |
||||
- }; |
||||
- bless $self, $class; |
||||
- |
||||
- return $self; |
||||
-} |
||||
- |
||||
-sub add_code($$) |
||||
-{ |
||||
- my ($self, $c) = @_; |
||||
- |
||||
- $self->{code} .= $c; |
||||
-} |
||||
- |
||||
-sub get_code($) |
||||
-{ |
||||
- my ($self) = @_; |
||||
- |
||||
- return $self->{code}; |
||||
-} |
||||
- |
||||
-sub get_function_name($) |
||||
-{ |
||||
- my ($self) = @_; |
||||
- |
||||
- return "bn_mul_mont_fixed_n" . $self->{n}; |
||||
-} |
||||
- |
||||
-sub get_label($$) |
||||
-{ |
||||
- my ($self, $l) = @_; |
||||
- |
||||
- return "L" . $l . "_" . $self->{n}; |
||||
-} |
||||
- |
||||
-sub get_labels($@) |
||||
-{ |
||||
- my ($self, @labels) = @_; |
||||
- |
||||
- my %out = (); |
||||
- |
||||
- foreach my $l (@labels) { |
||||
- $out{"$l"} = $self->get_label("$l"); |
||||
- } |
||||
- |
||||
- return \%out; |
||||
-} |
||||
- |
||||
-sub nl($) |
||||
-{ |
||||
- my ($self) = @_; |
||||
- |
||||
- $self->add_code("\n"); |
||||
-} |
||||
- |
||||
-sub copy_result($) |
||||
-{ |
||||
- my ($self) = @_; |
||||
- |
||||
- my ($n) = $self->{n}; |
||||
- |
||||
- for (my $j = 0; $j < $n; $j++) { |
||||
- $self->add_code(<<___); |
||||
- std $tp[$j],`$j*$SIZE_T`($rp) |
||||
-___ |
||||
- } |
||||
- |
||||
-} |
||||
- |
||||
-sub mul_mont_fixed($) |
||||
-{ |
||||
- my ($self) = @_; |
||||
- |
||||
- my ($n) = $self->{n}; |
||||
- my $fname = $self->get_function_name(); |
||||
- my $label = $self->get_labels("outer", "enter", "sub", "copy", "end"); |
||||
- |
||||
- $self->add_code(<<___); |
||||
- |
||||
-.globl .${fname} |
||||
-.align 5 |
||||
-.${fname}: |
||||
- |
||||
-___ |
||||
- |
||||
- $self->save_registers(); |
||||
- |
||||
- $self->add_code(<<___); |
||||
- ld $n0,0($n0) |
||||
- |
||||
- ld $bp0,0($bp) |
||||
- |
||||
- ld $apj,0($ap) |
||||
-___ |
||||
- |
||||
- $self->mul_c_0($tp[0], $apj, $bp0, $c0); |
||||
- |
||||
- for (my $j = 1; $j < $n - 1; $j++) { |
||||
- $self->add_code(<<___); |
||||
- ld $apj,`$j*$SIZE_T`($ap) |
||||
-___ |
||||
- $self->mul($tp[$j], $apj, $bp0, $c0); |
||||
- } |
||||
- |
||||
- $self->add_code(<<___); |
||||
- ld $apj,`($n-1)*$SIZE_T`($ap) |
||||
-___ |
||||
- |
||||
- $self->mul_last($tp[$n-1], $tp[$n], $apj, $bp0, $c0); |
||||
- |
||||
- $self->add_code(<<___); |
||||
- li $tp[$n+1],0 |
||||
- |
||||
-___ |
||||
- |
||||
- $self->add_code(<<___); |
||||
- li $i,0 |
||||
- mtctr $num |
||||
- b $label->{"enter"} |
||||
- |
||||
-.align 4 |
||||
-$label->{"outer"}: |
||||
- ldx $bpi,$bp,$i |
||||
- |
||||
- ld $apj,0($ap) |
||||
-___ |
||||
- |
||||
- $self->mul_add_c_0($tp[0], $tp[0], $apj, $bpi, $c0); |
||||
- |
||||
- for (my $j = 1; $j < $n; $j++) { |
||||
- $self->add_code(<<___); |
||||
- ld $apj,`$j*$SIZE_T`($ap) |
||||
-___ |
||||
- $self->mul_add($tp[$j], $tp[$j], $apj, $bpi, $c0); |
||||
- } |
||||
- |
||||
- $self->add_code(<<___); |
||||
- addc $tp[$n],$tp[$n],$c0 |
||||
- addze $tp[$n+1],$tp[$n+1] |
||||
-___ |
||||
- |
||||
- $self->add_code(<<___); |
||||
-.align 4 |
||||
-$label->{"enter"}: |
||||
- mulld $bpi,$tp[0],$n0 |
||||
- |
||||
- ld $npj,0($np) |
||||
-___ |
||||
- |
||||
- $self->mul_add_c_0($lo, $tp[0], $bpi, $npj, $c0); |
||||
- |
||||
- for (my $j = 1; $j < $n; $j++) { |
||||
- $self->add_code(<<___); |
||||
- ld $npj,`$j*$SIZE_T`($np) |
||||
-___ |
||||
- $self->mul_add($tp[$j-1], $tp[$j], $npj, $bpi, $c0); |
||||
- } |
||||
- |
||||
- $self->add_code(<<___); |
||||
- addc $tp[$n-1],$tp[$n],$c0 |
||||
- addze $tp[$n],$tp[$n+1] |
||||
- |
||||
- addi $i,$i,$SIZE_T |
||||
- bdnz $label->{"outer"} |
||||
- |
||||
- and. $tp[$n],$tp[$n],$tp[$n] |
||||
- bne $label->{"sub"} |
||||
- |
||||
- cmpld $tp[$n-1],$npj |
||||
- blt $label->{"copy"} |
||||
- |
||||
-$label->{"sub"}: |
||||
-___ |
||||
- |
||||
- # |
||||
- # Reduction |
||||
- # |
||||
- |
||||
- $self->add_code(<<___); |
||||
- ld $bpj,`0*$SIZE_T`($np) |
||||
- subfc $c1,$bpj,$tp[0] |
||||
- std $c1,`0*$SIZE_T`($rp) |
||||
- |
||||
-___ |
||||
- for (my $j = 1; $j < $n - 1; $j++) { |
||||
- $self->add_code(<<___); |
||||
- ld $bpj,`$j*$SIZE_T`($np) |
||||
- subfe $c1,$bpj,$tp[$j] |
||||
- std $c1,`$j*$SIZE_T`($rp) |
||||
- |
||||
-___ |
||||
- } |
||||
- |
||||
- $self->add_code(<<___); |
||||
- subfe $c1,$npj,$tp[$n-1] |
||||
- std $c1,`($n-1)*$SIZE_T`($rp) |
||||
- |
||||
-___ |
||||
- |
||||
- $self->add_code(<<___); |
||||
- addme. $tp[$n],$tp[$n] |
||||
- beq $label->{"end"} |
||||
- |
||||
-$label->{"copy"}: |
||||
-___ |
||||
- |
||||
- $self->copy_result(); |
||||
- |
||||
- $self->add_code(<<___); |
||||
- |
||||
-$label->{"end"}: |
||||
-___ |
||||
- |
||||
- $self->restore_registers(); |
||||
- |
||||
- $self->add_code(<<___); |
||||
- li r3,1 |
||||
- blr |
||||
-.size .${fname},.-.${fname} |
||||
-___ |
||||
- |
||||
-} |
||||
- |
||||
-package Mont::GPR; |
||||
- |
||||
-our @ISA = ('Mont'); |
||||
- |
||||
-sub new($$) |
||||
-{ |
||||
- my ($class, $n) = @_; |
||||
- |
||||
- return $class->SUPER::new($n); |
||||
-} |
||||
- |
||||
-sub save_registers($) |
||||
-{ |
||||
- my ($self) = @_; |
||||
- |
||||
- my $n = $self->{n}; |
||||
- |
||||
- $self->add_code(<<___); |
||||
- std $lo,-8($sp) |
||||
-___ |
||||
- |
||||
- for (my $j = 0; $j <= $n+1; $j++) { |
||||
- $self->{code}.=<<___; |
||||
- std $tp[$j],-`($j+2)*8`($sp) |
||||
-___ |
||||
- } |
||||
- |
||||
- $self->add_code(<<___); |
||||
- |
||||
-___ |
||||
-} |
||||
- |
||||
-sub restore_registers($) |
||||
-{ |
||||
- my ($self) = @_; |
||||
- |
||||
- my $n = $self->{n}; |
||||
- |
||||
- $self->add_code(<<___); |
||||
- ld $lo,-8($sp) |
||||
-___ |
||||
- |
||||
- for (my $j = 0; $j <= $n+1; $j++) { |
||||
- $self->{code}.=<<___; |
||||
- ld $tp[$j],-`($j+2)*8`($sp) |
||||
-___ |
||||
- } |
||||
- |
||||
- $self->{code} .=<<___; |
||||
- |
||||
-___ |
||||
-} |
||||
- |
||||
-# Direct translation of C mul() |
||||
-sub mul($$$$$) |
||||
-{ |
||||
- my ($self, $r, $a, $w, $c) = @_; |
||||
- |
||||
- $self->add_code(<<___); |
||||
- mulld $lo,$a,$w |
||||
- addc $r,$lo,$c |
||||
- mulhdu $c,$a,$w |
||||
- addze $c,$c |
||||
- |
||||
-___ |
||||
-} |
||||
- |
||||
-# Like mul() but $c is ignored as an input - an optimisation to save a |
||||
-# preliminary instruction that would set input $c to 0 |
||||
-sub mul_c_0($$$$$) |
||||
-{ |
||||
- my ($self, $r, $a, $w, $c) = @_; |
||||
- |
||||
- $self->add_code(<<___); |
||||
- mulld $r,$a,$w |
||||
- mulhdu $c,$a,$w |
||||
- |
||||
-___ |
||||
-} |
||||
- |
||||
-# Like mul() but does not to the final addition of CA into $c - an |
||||
-# optimisation to save an instruction |
||||
-sub mul_last($$$$$$) |
||||
-{ |
||||
- my ($self, $r1, $r2, $a, $w, $c) = @_; |
||||
- |
||||
- $self->add_code(<<___); |
||||
- mulld $lo,$a,$w |
||||
- addc $r1,$lo,$c |
||||
- mulhdu $c,$a,$w |
||||
- |
||||
- addze $r2,$c |
||||
-___ |
||||
-} |
||||
- |
||||
-# Like C mul_add() but allow $r_out and $r_in to be different |
||||
-sub mul_add($$$$$$) |
||||
-{ |
||||
- my ($self, $r_out, $r_in, $a, $w, $c) = @_; |
||||
- |
||||
- $self->add_code(<<___); |
||||
- mulld $lo,$a,$w |
||||
- addc $lo,$lo,$c |
||||
- mulhdu $c,$a,$w |
||||
- addze $c,$c |
||||
- addc $r_out,$r_in,$lo |
||||
- addze $c,$c |
||||
- |
||||
-___ |
||||
-} |
||||
- |
||||
-# Like mul_add() but $c is ignored as an input - an optimisation to save a |
||||
-# preliminary instruction that would set input $c to 0 |
||||
-sub mul_add_c_0($$$$$$) |
||||
-{ |
||||
- my ($self, $r_out, $r_in, $a, $w, $c) = @_; |
||||
- |
||||
- $self->add_code(<<___); |
||||
- mulld $lo,$a,$w |
||||
- addc $r_out,$r_in,$lo |
||||
- mulhdu $c,$a,$w |
||||
- addze $c,$c |
||||
- |
||||
-___ |
||||
-} |
||||
- |
||||
-package Mont::GPR_300; |
||||
- |
||||
-our @ISA = ('Mont::GPR'); |
||||
- |
||||
-sub new($$) |
||||
-{ |
||||
- my ($class, $n) = @_; |
||||
- |
||||
- my $mont = $class->SUPER::new($n); |
||||
- |
||||
- return $mont; |
||||
-} |
||||
- |
||||
-sub get_function_name($) |
||||
-{ |
||||
- my ($self) = @_; |
||||
- |
||||
- return "bn_mul_mont_300_fixed_n" . $self->{n}; |
||||
-} |
||||
- |
||||
-sub get_label($$) |
||||
-{ |
||||
- my ($self, $l) = @_; |
||||
- |
||||
- return "L" . $l . "_300_" . $self->{n}; |
||||
-} |
||||
- |
||||
-# Direct translation of C mul() |
||||
-sub mul($$$$$) |
||||
-{ |
||||
- my ($self, $r, $a, $w, $c, $last) = @_; |
||||
- |
||||
- $self->add_code(<<___); |
||||
- maddld $r,$a,$w,$c |
||||
- maddhdu $c,$a,$w,$c |
||||
- |
||||
-___ |
||||
-} |
||||
- |
||||
-# Save the last carry as the final entry |
||||
-sub mul_last($$$$$) |
||||
-{ |
||||
- my ($self, $r1, $r2, $a, $w, $c) = @_; |
||||
- |
||||
- $self->add_code(<<___); |
||||
- maddld $r1,$a,$w,$c |
||||
- maddhdu $r2,$a,$w,$c |
||||
- |
||||
-___ |
||||
-} |
||||
- |
||||
-# Like mul() but $c is ignored as an input - an optimisation to save a |
||||
-# preliminary instruction that would set input $c to 0 |
||||
-sub mul_c_0($$$$$) |
||||
-{ |
||||
- my ($self, $r, $a, $w, $c) = @_; |
||||
- |
||||
- $self->add_code(<<___); |
||||
- mulld $r,$a,$w |
||||
- mulhdu $c,$a,$w |
||||
- |
||||
-___ |
||||
-} |
||||
- |
||||
-# Like C mul_add() but allow $r_out and $r_in to be different |
||||
-sub mul_add($$$$$$) |
||||
-{ |
||||
- my ($self, $r_out, $r_in, $a, $w, $c) = @_; |
||||
- |
||||
- $self->add_code(<<___); |
||||
- maddld $lo,$a,$w,$c |
||||
- maddhdu $c,$a,$w,$c |
||||
- addc $r_out,$r_in,$lo |
||||
- addze $c,$c |
||||
- |
||||
-___ |
||||
-} |
||||
- |
||||
-# Like mul_add() but $c is ignored as an input - an optimisation to save a |
||||
-# preliminary instruction that would set input $c to 0 |
||||
-sub mul_add_c_0($$$$$$) |
||||
-{ |
||||
- my ($self, $r_out, $r_in, $a, $w, $c) = @_; |
||||
- |
||||
- $self->add_code(<<___); |
||||
- maddld $lo,$a,$w,$r_in |
||||
- maddhdu $c,$a,$w,$r_in |
||||
-___ |
||||
- |
||||
- if ($r_out ne $lo) { |
||||
- $self->add_code(<<___); |
||||
- mr $r_out,$lo |
||||
-___ |
||||
- } |
||||
- |
||||
- $self->nl(); |
||||
-} |
||||
- |
||||
- |
||||
-package main; |
||||
- |
||||
-my $code; |
||||
- |
||||
-$code.=<<___; |
||||
-.machine "any" |
||||
-.text |
||||
-___ |
||||
- |
||||
-my $mont; |
||||
- |
||||
-$mont = new Mont::GPR(6); |
||||
-$mont->mul_mont_fixed(); |
||||
-$code .= $mont->get_code(); |
||||
- |
||||
-$mont = new Mont::GPR_300(6); |
||||
-$mont->mul_mont_fixed(); |
||||
-$code .= $mont->get_code(); |
||||
- |
||||
-$code =~ s/\`([^\`]*)\`/eval $1/gem; |
||||
- |
||||
-$code.=<<___; |
||||
-.asciz "Montgomery Multiplication for PPC by <amitay\@ozlabs.org>, <alastair\@d-silva.org>" |
||||
-___ |
||||
- |
||||
-print $code; |
||||
-close STDOUT or die "error closing STDOUT: $!"; |
||||
diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c |
||||
index 1e9421bee213..3ee76ea96574 100644 |
||||
--- a/crypto/bn/bn_ppc.c |
||||
+++ b/crypto/bn/bn_ppc.c |
||||
@@ -19,12 +19,6 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, |
||||
const BN_ULONG *np, const BN_ULONG *n0, int num); |
||||
int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, |
||||
const BN_ULONG *np, const BN_ULONG *n0, int num); |
||||
- int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap, |
||||
- const BN_ULONG *bp, const BN_ULONG *np, |
||||
- const BN_ULONG *n0, int num); |
||||
- int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap, |
||||
- const BN_ULONG *bp, const BN_ULONG *np, |
||||
- const BN_ULONG *n0, int num); |
||||
|
||||
if (num < 4) |
||||
return 0; |
||||
@@ -40,14 +34,5 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, |
||||
* no opportunity to figure it out... |
||||
*/ |
||||
|
||||
-#if defined(_ARCH_PPC64) |
||||
- if (num == 6) { |
||||
- if (OPENSSL_ppccap_P & PPC_MADD300) |
||||
- return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num); |
||||
- else |
||||
- return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num); |
||||
- } |
||||
-#endif |
||||
- |
||||
return bn_mul_mont_int(rp, ap, bp, np, n0, num); |
||||
} |
||||
diff --git a/crypto/bn/build.info b/crypto/bn/build.info |
||||
index 987a70ae263b..4f8d0689b5ea 100644 |
||||
--- a/crypto/bn/build.info |
||||
+++ b/crypto/bn/build.info |
||||
@@ -79,7 +79,7 @@ IF[{- !$disabled{asm} -}] |
||||
|
||||
$BNASM_ppc32=bn_ppc.c bn-ppc.s ppc-mont.s |
||||
$BNDEF_ppc32=OPENSSL_BN_ASM_MONT |
||||
- $BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s |
||||
+ $BNASM_ppc64=$BNASM_ppc32 |
||||
$BNDEF_ppc64=$BNDEF_ppc32 |
||||
|
||||
$BNASM_c64xplus=asm/bn-c64xplus.asm |
||||
@@ -173,7 +173,6 @@ GENERATE[parisc-mont.s]=asm/parisc-mont.pl |
||||
GENERATE[bn-ppc.s]=asm/ppc.pl |
||||
GENERATE[ppc-mont.s]=asm/ppc-mont.pl |
||||
GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl |
||||
-GENERATE[ppc64-mont-fixed.s]=asm/ppc64-mont-fixed.pl |
||||
|
||||
GENERATE[alpha-mont.S]=asm/alpha-mont.pl |
||||
|
||||
diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt |
||||
index f36982845db4..1543ed9f7534 100644 |
||||
--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt |
||||
+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt |
||||
@@ -97,6 +97,18 @@ Key = P-256-PUBLIC |
||||
Input = "Hello World" |
||||
Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862 |
||||
|
||||
+PublicKey=P-384-PUBLIC |
||||
+-----BEGIN PUBLIC KEY----- |
||||
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAES/TlL5WEJ+u1kV+4yVlVUbTTo/2rZ7rd |
||||
+nWwwk/QlukNjDfcfQvDrfOqpTZ9kSKhd0wMxWIJJ/S/cCzCex+2EgbwW8ngAwT19 |
||||
+twD8guGxyFRaoMDTtW47/nifwYqRaIfC |
||||
+-----END PUBLIC KEY----- |
||||
+ |
||||
+DigestVerify = SHA384 |
||||
+Key = P-384-PUBLIC |
||||
+Input = "123400" |
||||
+Output = 304d0218389cb27e0bc8d21fa7e5f24cb74f58851313e696333ad68b023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52970 |
||||
+ |
||||
# Oneshot tests |
||||
OneShotDigestVerify = SHA256 |
||||
Key = P-256-PUBLIC |
@ -0,0 +1,174 @@
@@ -0,0 +1,174 @@
|
||||
diff -up openssl-3.0.1/tools/c_rehash.in.cve20222068 openssl-3.0.1/tools/c_rehash.in |
||||
--- openssl-3.0.1/tools/c_rehash.in.cve20222068 2022-06-22 13:15:57.347421765 +0200 |
||||
+++ openssl-3.0.1/tools/c_rehash.in 2022-06-22 13:16:14.797576250 +0200 |
||||
@@ -104,18 +104,41 @@ foreach (@dirlist) { |
||||
} |
||||
exit($errorcount); |
||||
|
||||
+sub copy_file { |
||||
+ my ($src_fname, $dst_fname) = @_; |
||||
+ |
||||
+ if (open(my $in, "<", $src_fname)) { |
||||
+ if (open(my $out, ">", $dst_fname)) { |
||||
+ print $out $_ while (<$in>); |
||||
+ close $out; |
||||
+ } else { |
||||
+ warn "Cannot open $dst_fname for write, $!"; |
||||
+ } |
||||
+ close $in; |
||||
+ } else { |
||||
+ warn "Cannot open $src_fname for read, $!"; |
||||
+ } |
||||
+} |
||||
+ |
||||
sub hash_dir { |
||||
+ my $dir = shift; |
||||
my %hashlist; |
||||
- print "Doing $_[0]\n"; |
||||
- chdir $_[0]; |
||||
- opendir(DIR, "."); |
||||
+ |
||||
+ print "Doing $dir\n"; |
||||
+ |
||||
+ if (!chdir $dir) { |
||||
+ print STDERR "WARNING: Cannot chdir to '$dir', $!\n"; |
||||
+ return; |
||||
+ } |
||||
+ |
||||
+ opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n"; |
||||
my @flist = sort readdir(DIR); |
||||
closedir DIR; |
||||
if ( $removelinks ) { |
||||
# Delete any existing symbolic links |
||||
foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { |
||||
if (-l $_) { |
||||
- print "unlink $_" if $verbose; |
||||
+ print "unlink $_\n" if $verbose; |
||||
unlink $_ || warn "Can't unlink $_, $!\n"; |
||||
} |
||||
} |
||||
@@ -130,13 +153,16 @@ sub hash_dir { |
||||
link_hash_cert($fname) if ($cert); |
||||
link_hash_crl($fname) if ($crl); |
||||
} |
||||
+ |
||||
+ chdir $pwd; |
||||
} |
||||
|
||||
sub check_file { |
||||
my ($is_cert, $is_crl) = (0,0); |
||||
my $fname = $_[0]; |
||||
- open IN, $fname; |
||||
- while(<IN>) { |
||||
+ |
||||
+ open(my $in, "<", $fname); |
||||
+ while(<$in>) { |
||||
if (/^-----BEGIN (.*)-----/) { |
||||
my $hdr = $1; |
||||
if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { |
||||
@@ -148,7 +174,7 @@ sub check_file { |
||||
} |
||||
} |
||||
} |
||||
- close IN; |
||||
+ close $in; |
||||
return ($is_cert, $is_crl); |
||||
} |
||||
|
||||
@@ -177,76 +203,49 @@ sub compute_hash { |
||||
# certificate fingerprints |
||||
|
||||
sub link_hash_cert { |
||||
- my $fname = $_[0]; |
||||
- my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash, |
||||
- "-fingerprint", "-noout", |
||||
- "-in", $fname); |
||||
- chomp $hash; |
||||
- chomp $fprint; |
||||
- return if !$hash; |
||||
- $fprint =~ s/^.*=//; |
||||
- $fprint =~ tr/://d; |
||||
- my $suffix = 0; |
||||
- # Search for an unused hash filename |
||||
- while(exists $hashlist{"$hash.$suffix"}) { |
||||
- # Hash matches: if fingerprint matches its a duplicate cert |
||||
- if ($hashlist{"$hash.$suffix"} eq $fprint) { |
||||
- print STDERR "WARNING: Skipping duplicate certificate $fname\n"; |
||||
- return; |
||||
- } |
||||
- $suffix++; |
||||
- } |
||||
- $hash .= ".$suffix"; |
||||
- if ($symlink_exists) { |
||||
- print "link $fname -> $hash\n" if $verbose; |
||||
- symlink $fname, $hash || warn "Can't symlink, $!"; |
||||
- } else { |
||||
- print "copy $fname -> $hash\n" if $verbose; |
||||
- if (open($in, "<", $fname)) { |
||||
- if (open($out,">", $hash)) { |
||||
- print $out $_ while (<$in>); |
||||
- close $out; |
||||
- } else { |
||||
- warn "can't open $hash for write, $!"; |
||||
- } |
||||
- close $in; |
||||
- } else { |
||||
- warn "can't open $fname for read, $!"; |
||||
- } |
||||
- } |
||||
- $hashlist{$hash} = $fprint; |
||||
+ link_hash($_[0], 'cert'); |
||||
} |
||||
|
||||
# Same as above except for a CRL. CRL links are of the form <hash>.r<n> |
||||
|
||||
sub link_hash_crl { |
||||
- my $fname = $_[0]; |
||||
- my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash, |
||||
+ link_hash($_[0], 'crl'); |
||||
+} |
||||
+ |
||||
+sub link_hash { |
||||
+ my ($fname, $type) = @_; |
||||
+ my $is_cert = $type eq 'cert'; |
||||
+ |
||||
+ my ($hash, $fprint) = compute_hash($openssl, |
||||
+ $is_cert ? "x509" : "crl", |
||||
+ $is_cert ? $x509hash : $crlhash, |
||||
"-fingerprint", "-noout", |
||||
"-in", $fname); |
||||
chomp $hash; |
||||
+ $hash =~ s/^.*=// if !$is_cert; |
||||
chomp $fprint; |
||||
return if !$hash; |
||||
$fprint =~ s/^.*=//; |
||||
$fprint =~ tr/://d; |
||||
my $suffix = 0; |
||||
# Search for an unused hash filename |
||||
- while(exists $hashlist{"$hash.r$suffix"}) { |
||||
+ my $crlmark = $is_cert ? "" : "r"; |
||||
+ while(exists $hashlist{"$hash.$crlmark$suffix"}) { |
||||
# Hash matches: if fingerprint matches its a duplicate cert |
||||
- if ($hashlist{"$hash.r$suffix"} eq $fprint) { |
||||
- print STDERR "WARNING: Skipping duplicate CRL $fname\n"; |
||||
+ if ($hashlist{"$hash.$crlmark$suffix"} eq $fprint) { |
||||
+ my $what = $is_cert ? 'certificate' : 'CRL'; |
||||
+ print STDERR "WARNING: Skipping duplicate $what $fname\n"; |
||||
return; |
||||
} |
||||
$suffix++; |
||||
} |
||||
- $hash .= ".r$suffix"; |
||||
+ $hash .= ".$crlmark$suffix"; |
||||
if ($symlink_exists) { |
||||
print "link $fname -> $hash\n" if $verbose; |
||||
symlink $fname, $hash || warn "Can't symlink, $!"; |
||||
} else { |
||||
- print "cp $fname -> $hash\n" if $verbose; |
||||
- system ("cp", $fname, $hash); |
||||
- warn "Can't copy, $!" if ($? >> 8) != 0; |
||||
+ print "copy $fname -> $hash\n" if $verbose; |
||||
+ copy_file($fname, $hash); |
||||
} |
||||
$hashlist{$hash} = $fprint; |
||||
} |
@ -0,0 +1,151 @@
@@ -0,0 +1,151 @@
|
||||
From a98f339ddd7e8f487d6e0088d4a9a42324885a93 Mon Sep 17 00:00:00 2001 |
||||
From: Alex Chernyakhovsky <achernya@google.com> |
||||
Date: Thu, 16 Jun 2022 12:00:22 +1000 |
||||
Subject: [PATCH] Fix AES OCB encrypt/decrypt for x86 AES-NI |
||||
MIME-Version: 1.0 |
||||
Content-Type: text/plain; charset=UTF-8 |
||||
Content-Transfer-Encoding: 8bit |
||||
|
||||
aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path |
||||
that performs operations on 6 16-byte blocks concurrently (the |
||||
"grandloop") and then proceeds to handle the "short" tail (which can |
||||
be anywhere from 0 to 5 blocks) that remain. |
||||
|
||||
As part of initialization, the assembly initializes $len to the true |
||||
length, less 96 bytes and converts it to a pointer so that the $inp |
||||
can be compared to it. Each iteration of "grandloop" checks to see if |
||||
there's a full 96-byte chunk to process, and if so, continues. Once |
||||
this has been exhausted, it falls through to "short", which handles |
||||
the remaining zero to five blocks. |
||||
|
||||
Unfortunately, the jump at the end of "grandloop" had a fencepost |
||||
error, doing a `jb` ("jump below") rather than `jbe` (jump below or |
||||
equal). This should be `jbe`, as $inp is pointing to the *end* of the |
||||
chunk currently being handled. If $inp == $len, that means that |
||||
there's a whole 96-byte chunk waiting to be handled. If $inp > $len, |
||||
then there's 5 or fewer 16-byte blocks left to be handled, and the |
||||
fall-through is intended. |
||||
|
||||
The net effect of `jb` instead of `jbe` is that the last 16-byte block |
||||
of the last 96-byte chunk was completely omitted. The contents of |
||||
`out` in this position were never written to. Additionally, since |
||||
those bytes were never processed, the authentication tag generated is |
||||
also incorrect. |
||||
|
||||
The same fencepost error, and identical logic, exists in both |
||||
aesni_ocb_encrypt and aesni_ocb_decrypt. |
||||
|
||||
This addresses CVE-2022-2097. |
||||
|
||||
Co-authored-by: Alejandro Sedeño <asedeno@google.com> |
||||
Co-authored-by: David Benjamin <davidben@google.com> |
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org> |
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org> |
||||
(cherry picked from commit 6ebf6d51596f51d23ccbc17930778d104a57d99c) |
||||
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93] |
||||
--- |
||||
crypto/aes/asm/aesni-x86.pl | 4 ++-- |
||||
1 file changed, 2 insertions(+), 2 deletions(-) |
||||
|
||||
diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl |
||||
index 4245fe34e17e..7cf838db170b 100644 |
||||
--- a/crypto/aes/asm/aesni-x86.pl |
||||
+++ b/crypto/aes/asm/aesni-x86.pl |
||||
@@ -2025,7 +2025,7 @@ sub aesni_generate6 |
||||
&movdqu (&QWP(-16*2,$out,$inp),$inout4); |
||||
&movdqu (&QWP(-16*1,$out,$inp),$inout5); |
||||
&cmp ($inp,$len); # done yet? |
||||
- &jb (&label("grandloop")); |
||||
+ &jbe (&label("grandloop")); |
||||
|
||||
&set_label("short"); |
||||
&add ($len,16*6); |
||||
@@ -2451,7 +2451,7 @@ sub aesni_generate6 |
||||
&pxor ($rndkey1,$inout5); |
||||
&movdqu (&QWP(-16*1,$out,$inp),$inout5); |
||||
&cmp ($inp,$len); # done yet? |
||||
- &jb (&label("grandloop")); |
||||
+ &jbe (&label("grandloop")); |
||||
|
||||
&set_label("short"); |
||||
&add ($len,16*6); |
||||
From 52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8 Mon Sep 17 00:00:00 2001 |
||||
From: Alex Chernyakhovsky <achernya@google.com> |
||||
Date: Thu, 16 Jun 2022 12:02:37 +1000 |
||||
Subject: [PATCH] AES OCB test vectors |
||||
MIME-Version: 1.0 |
||||
Content-Type: text/plain; charset=UTF-8 |
||||
Content-Transfer-Encoding: 8bit |
||||
|
||||
Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue. |
||||
|
||||
Co-authored-by: Alejandro Sedeño <asedeno@google.com> |
||||
Co-authored-by: David Benjamin <davidben@google.com> |
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org> |
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org> |
||||
(cherry picked from commit 2f19ab18a29cf9c82cdd68bc8c7e5be5061b19be) |
||||
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8] |
||||
--- |
||||
.../30-test_evp_data/evpciph_aes_ocb.txt | 50 +++++++++++++++++++ |
||||
1 file changed, 50 insertions(+) |
||||
|
||||
diff --git a/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt b/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt |
||||
index e58ee34b6b3f..de098905230b 100644 |
||||
--- a/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt |
||||
+++ b/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt |
||||
@@ -207,3 +207,53 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021 |
||||
Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486 |
||||
Operation = DECRYPT |
||||
Result = CIPHERFINAL_ERROR |
||||
+ |
||||
+#Test vectors generated to validate aesni_ocb_encrypt on x86 |
||||
+Cipher = aes-128-ocb |
||||
+Key = 000102030405060708090A0B0C0D0E0F |
||||
+IV = 000000000001020304050607 |
||||
+Tag = C14DFF7D62A13C4A3422456207453190 |
||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F |
||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B819333 |
||||
+ |
||||
+Cipher = aes-128-ocb |
||||
+Key = 000102030405060708090A0B0C0D0E0F |
||||
+IV = 000000000001020304050607 |
||||
+Tag = D47D84F6FF912C79B6A4223AB9BE2DB8 |
||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F |
||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC204 |
||||
+ |
||||
+Cipher = aes-128-ocb |
||||
+Key = 000102030405060708090A0B0C0D0E0F |
||||
+IV = 000000000001020304050607 |
||||
+Tag = 41970D13737B7BD1B5FBF49ED4412CA5 |
||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D |
||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91 |
||||
+ |
||||
+Cipher = aes-128-ocb |
||||
+Key = 000102030405060708090A0B0C0D0E0F |
||||
+IV = 000000000001020304050607 |
||||
+Tag = BE0228651ED4E48A11BDED68D953F3A0 |
||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D |
||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F |
||||
+ |
||||
+Cipher = aes-128-ocb |
||||
+Key = 000102030405060708090A0B0C0D0E0F |
||||
+IV = 000000000001020304050607 |
||||
+Tag = 17BC6E10B16E5FDC52836E7D589518C7 |
||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D |
||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B |
||||
+ |
||||
+Cipher = aes-128-ocb |
||||
+Key = 000102030405060708090A0B0C0D0E0F |
||||
+IV = 000000000001020304050607 |
||||
+Tag = E84AAC18666116990A3A37B3A5FC55BD |
||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D |
||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED |
||||
+ |
||||
+Cipher = aes-128-ocb |
||||
+Key = 000102030405060708090A0B0C0D0E0F |
||||
+IV = 000000000001020304050607 |
||||
+Tag = 3E5EA7EE064FE83B313E28D411E91EAD |
||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D |
||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED48D9E09F452F8E6FBEB76A3DED47611C |
@ -0,0 +1,56 @@
@@ -0,0 +1,56 @@
|
||||
From edceec7fe0c9a5534ae155c8398c63dd7dd95483 Mon Sep 17 00:00:00 2001 |
||||
From: Tomas Mraz <tomas@openssl.org> |
||||
Date: Thu, 5 May 2022 08:11:24 +0200 |
||||
Subject: [PATCH] EVP_PKEY_Q_keygen: Call OPENSSL_init_crypto to init |
||||
strcasecmp |
||||
|
||||
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> |
||||
Reviewed-by: Matt Caswell <matt@openssl.org> |
||||
(Merged from https://github.com/openssl/openssl/pull/18247) |
||||
|
||||
(cherry picked from commit b807c2fbab2128cf3746bb2ebd51cbe3bb6914a9) |
||||
|
||||
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483] |
||||
--- |
||||
crypto/evp/evp_lib.c | 7 +++++++ |
||||
1 file changed, 7 insertions(+) |
||||
|
||||
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c |
||||
index 3fe4743761..d9b8c0af41 100644 |
||||
--- a/crypto/evp/evp_lib.c |
||||
+++ b/crypto/evp/evp_lib.c |
||||
@@ -24,6 +24,7 @@ |
||||
#include <openssl/dh.h> |
||||
#include <openssl/ec.h> |
||||
#include "crypto/evp.h" |
||||
+#include "crypto/cryptlib.h" |
||||
#include "internal/provider.h" |
||||
#include "evp_local.h" |
||||
|
||||
@@ -1094,6 +1095,8 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) |
||||
return (ctx->flags & flags); |
||||
} |
||||
|
||||
+#if !defined(FIPS_MODULE) |
||||
+ |
||||
int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name) |
||||
{ |
||||
OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; |
||||
@@ -1169,6 +1172,8 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, |
||||
|
||||
va_start(args, type); |
||||
|
||||
+ OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL); |
||||
+ |
||||
if (OPENSSL_strcasecmp(type, "RSA") == 0) { |
||||
bits = va_arg(args, size_t); |
||||
params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits); |
||||
@@ -1189,3 +1194,5 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, |
||||
va_end(args); |
||||
return ret; |
||||
} |
||||
+ |
||||
+#endif /* !defined(FIPS_MODULE) */ |
||||
-- |
||||
2.35.3 |
||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,367 @@
@@ -0,0 +1,367 @@
|
||||
From 4a2239bd7d444c30c55b20ea8b4aeadafdfe1afd Mon Sep 17 00:00:00 2001 |
||||
From: Clemens Lang <cllang@redhat.com> |
||||
Date: Fri, 22 Jul 2022 13:59:37 +0200 |
||||
Subject: [PATCH] FIPS: Use OAEP in KATs, support fixed OAEP seed |
||||
|
||||
Review by our lab for FIPS 140-3 certification expects the RSA |
||||
encryption and decryption tests to use a supported padding mode, not raw |
||||
RSA signatures. Switch to RSA-OAEP for the self tests to fulfill that. |
||||
|
||||
The FIPS 140-3 Implementation Guidance specifies in section 10.3.A |
||||
"Cryptographic Algorithm Self-Test Requirements" that a self-test may be |
||||
a known-answer test, a comparison test, or a fault-detection test. |
||||
|
||||
Comparison tests are not an option, because they would require |
||||
a separate implementation of RSA-OAEP, which we do not have. Fault |
||||
detection tests require implementing fault detection mechanisms into the |
||||
cryptographic algorithm implementation, we we also do not have. |
||||
|
||||
As a consequence, a known-answer test must be used to test RSA |
||||
encryption and decryption, but RSA encryption with OAEP padding is not |
||||
deterministic, and thus encryption will always yield different results |
||||
that could not be compared to known answers. For this reason, this |
||||
change explicitly sets the seed in OAEP (see RFC 8017 section 7.1.1), |
||||
which is the source of randomness for RSA-OAEP, to a fixed value. This |
||||
setting is only available during self-test execution, and the parameter |
||||
set using EVP_PKEY_CTX_set_params() will be ignored otherwise. |
||||
|
||||
Signed-off-by: Clemens Lang <cllang@redhat.com> |
||||
--- |
||||
crypto/rsa/rsa_local.h | 8 ++ |
||||
crypto/rsa/rsa_oaep.c | 34 ++++++-- |
||||
include/openssl/core_names.h | 3 + |
||||
providers/fips/self_test_data.inc | 83 +++++++++++-------- |
||||
providers/fips/self_test_kats.c | 7 ++ |
||||
.../implementations/asymciphers/rsa_enc.c | 41 ++++++++- |
||||
6 files changed, 133 insertions(+), 43 deletions(-) |
||||
|
||||
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h |
||||
index ea70da05ad..dde57a1a0e 100644 |
||||
--- a/crypto/rsa/rsa_local.h |
||||
+++ b/crypto/rsa/rsa_local.h |
||||
@@ -193,4 +193,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to |
||||
int tlen, const unsigned char *from, |
||||
int flen); |
||||
|
||||
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, |
||||
+ unsigned char *to, int tlen, |
||||
+ const unsigned char *from, int flen, |
||||
+ const unsigned char *param, |
||||
+ int plen, const EVP_MD *md, |
||||
+ const EVP_MD *mgf1md, |
||||
+ const char *redhat_st_seed); |
||||
+ |
||||
#endif /* OSSL_CRYPTO_RSA_LOCAL_H */ |
||||
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c |
||||
index d9be1a4f98..b2f7f7dc4b 100644 |
||||
--- a/crypto/rsa/rsa_oaep.c |
||||
+++ b/crypto/rsa/rsa_oaep.c |
||||
@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, |
||||
param, plen, NULL, NULL); |
||||
} |
||||
|
||||
+#ifdef FIPS_MODULE |
||||
+extern int REDHAT_FIPS_asym_cipher_st; |
||||
+#endif /* FIPS_MODULE */ |
||||
+ |
||||
/* |
||||
* Perform the padding as per NIST 800-56B 7.2.2.3 |
||||
* from (K) is the key material. |
||||
@@ -51,12 +55,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, |
||||
* Step numbers are included here but not in the constant time inverse below |
||||
* to avoid complicating an already difficult enough function. |
||||
*/ |
||||
-int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, |
||||
- unsigned char *to, int tlen, |
||||
- const unsigned char *from, int flen, |
||||
- const unsigned char *param, |
||||
- int plen, const EVP_MD *md, |
||||
- const EVP_MD *mgf1md) |
||||
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx, |
||||
+ unsigned char *to, int tlen, |
||||
+ const unsigned char *from, int flen, |
||||
+ const unsigned char *param, |
||||
+ int plen, const EVP_MD *md, |
||||
+ const EVP_MD *mgf1md, |
||||
+ const char *redhat_st_seed) |
||||
{ |
||||
int rv = 0; |
||||
int i, emlen = tlen - 1; |
||||
@@ -107,6 +112,11 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, |
||||
db[emlen - flen - mdlen - 1] = 0x01; |
||||
memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen); |
||||
/* step 3d: generate random byte string */ |
||||
+#ifdef FIPS_MODULE |
||||
+ if (redhat_st_seed != NULL && REDHAT_FIPS_asym_cipher_st) { |
||||
+ memcpy(seed, redhat_st_seed, mdlen); |
||||
+ } else |
||||
+#endif |
||||
if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0) |
||||
goto err; |
||||
|
||||
@@ -138,6 +148,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, |
||||
return rv; |
||||
} |
||||
|
||||
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, |
||||
+ unsigned char *to, int tlen, |
||||
+ const unsigned char *from, int flen, |
||||
+ const unsigned char *param, |
||||
+ int plen, const EVP_MD *md, |
||||
+ const EVP_MD *mgf1md) |
||||
+{ |
||||
+ return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(libctx, to, tlen, from, |
||||
+ flen, param, plen, md, |
||||
+ mgf1md, NULL); |
||||
+} |
||||
+ |
||||
int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, |
||||
const unsigned char *from, int flen, |
||||
const unsigned char *param, int plen, |
||||
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h |
||||
index 59a6e79566..11216fb8f8 100644 |
||||
--- a/include/openssl/core_names.h |
||||
+++ b/include/openssl/core_names.h |
||||
@@ -469,6 +469,9 @@ extern "C" { |
||||
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label" |
||||
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version" |
||||
#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version" |
||||
+#ifdef FIPS_MODULE |
||||
+#define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed" |
||||
+#endif |
||||
|
||||
/* |
||||
* Encoder / decoder parameters |
||||
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc |
||||
index 4e30ec56dd..0103c87528 100644 |
||||
--- a/providers/fips/self_test_data.inc |
||||
+++ b/providers/fips/self_test_data.inc |
||||
@@ -1294,9 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = { |
||||
ST_KAT_PARAM_END() |
||||
}; |
||||
|
||||
+/*- |
||||
+ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the |
||||
+ * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient |
||||
+ * HP/UX PA-RISC compilers. |
||||
+ */ |
||||
+static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP; |
||||
+static const char oaep_fixed_seed[] = { |
||||
+ 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25, |
||||
+ 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab, |
||||
+ 0x2e, 0x4b, 0x2c, 0xe6 |
||||
+}; |
||||
+ |
||||
static const ST_KAT_PARAM rsa_enc_params[] = { |
||||
- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, |
||||
- OSSL_PKEY_RSA_PAD_MODE_NONE), |
||||
+ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep), |
||||
+ ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, |
||||
+ oaep_fixed_seed), |
||||
ST_KAT_PARAM_END() |
||||
}; |
||||
|
||||
@@ -1335,43 +1348,43 @@ static const unsigned char rsa_expected_sig[256] = { |
||||
0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6 |
||||
}; |
||||
|
||||
-static const unsigned char rsa_asym_plaintext_encrypt[256] = { |
||||
+static const unsigned char rsa_asym_plaintext_encrypt[208] = { |
||||
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, |
||||
0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, |
||||
}; |
||||
static const unsigned char rsa_asym_expected_encrypt[256] = { |
||||
- 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b, |
||||
- 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61, |
||||
- 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c, |
||||
- 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc, |
||||
- 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0, |
||||
- 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa, |
||||
- 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a, |
||||
- 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc, |
||||
- 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35, |
||||
- 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a, |
||||
- 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd, |
||||
- 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda, |
||||
- 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18, |
||||
- 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7, |
||||
- 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39, |
||||
- 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87, |
||||
- 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21, |
||||
- 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0, |
||||
- 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8, |
||||
- 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c, |
||||
- 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa, |
||||
- 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69, |
||||
- 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52, |
||||
- 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c, |
||||
- 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6, |
||||
- 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93, |
||||
- 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d, |
||||
- 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5, |
||||
- 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9, |
||||
- 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04, |
||||
- 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa, |
||||
- 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab, |
||||
+ 0x6c, 0x21, 0xc1, 0x9e, 0x94, 0xee, 0xdf, 0x74, |
||||
+ 0x3a, 0x3c, 0x7c, 0x04, 0x1a, 0x53, 0x9e, 0x7c, |
||||
+ 0x42, 0xac, 0x7e, 0x28, 0x9a, 0xb7, 0xe2, 0x4e, |
||||
+ 0x87, 0xd4, 0x00, 0x69, 0x71, 0xf0, 0x3e, 0x0b, |
||||
+ 0xc1, 0xda, 0xd6, 0xbd, 0x21, 0x39, 0x4f, 0x25, |
||||
+ 0x22, 0x1f, 0x76, 0x0d, 0x62, 0x1f, 0xa2, 0x89, |
||||
+ 0xdb, 0x38, 0x32, 0x88, 0x21, 0x1d, 0x89, 0xf1, |
||||
+ 0xe0, 0x14, 0xd4, 0xb7, 0x90, 0xfc, 0xbc, 0x50, |
||||
+ 0xb0, 0x8d, 0x5c, 0x2f, 0x49, 0x9e, 0x90, 0x17, |
||||
+ 0x9e, 0x60, 0x9f, 0xe1, 0x77, 0x4f, 0x11, 0xa2, |
||||
+ 0xcf, 0x16, 0x65, 0x2d, 0x4a, 0x2c, 0x12, 0xcb, |
||||
+ 0x1e, 0x3c, 0x29, 0x8b, 0xdc, 0x27, 0x06, 0x9d, |
||||
+ 0xf4, 0x0d, 0xe1, 0xc9, 0xeb, 0x14, 0x6a, 0x7e, |
||||
+ 0xfd, 0xa7, 0xa8, 0xa7, 0x51, 0x82, 0x62, 0x0f, |
||||
+ 0x29, 0x8d, 0x8c, 0x5e, 0xf2, 0xb8, 0xcd, 0xd3, |
||||
+ 0x51, 0x92, 0xa7, 0x25, 0x39, 0x9d, 0xdd, 0x06, |
||||
+ 0xff, 0xb1, 0xb0, 0xd5, 0x61, 0x03, 0x8f, 0x25, |
||||
+ 0x5c, 0x49, 0x12, 0xc1, 0x50, 0x67, 0x61, 0x78, |
||||
+ 0xb3, 0xe3, 0xc4, 0xf6, 0x36, 0x16, 0xa9, 0x04, |
||||
+ 0x91, 0x0a, 0x4b, 0x27, 0x28, 0x97, 0x50, 0x7c, |
||||
+ 0x65, 0x2d, 0xd0, 0x08, 0x71, 0x84, 0xe7, 0x47, |
||||
+ 0x79, 0x83, 0x91, 0x46, 0xd9, 0x8f, 0x79, 0xce, |
||||
+ 0x49, 0xcb, 0xcd, 0x8b, 0x34, 0xac, 0x61, 0xe0, |
||||
+ 0xe6, 0x55, 0xbf, 0x10, 0xe4, 0xac, 0x9a, 0xd6, |
||||
+ 0xed, 0xc1, 0xc2, 0xb6, 0xb6, 0xf7, 0x41, 0x99, |
||||
+ 0xde, 0xfa, 0xde, 0x11, 0x16, 0xa2, 0x18, 0x30, |
||||
+ 0x30, 0xdc, 0x95, 0x76, 0x2f, 0x46, 0x43, 0x20, |
||||
+ 0xc4, 0xe7, 0x50, 0xb9, 0x1e, 0xcd, 0x69, 0xbb, |
||||
+ 0x29, 0x94, 0x27, 0x9c, 0xc9, 0xab, 0xb4, 0x27, |
||||
+ 0x8b, 0x4d, 0xe1, 0xcb, 0xc1, 0x04, 0x2c, 0x66, |
||||
+ 0x41, 0x3a, 0x4d, 0xeb, 0x61, 0x4c, 0x77, 0x5a, |
||||
+ 0xee, 0xb0, 0xca, 0x99, 0x0e, 0x7f, 0xbe, 0x06 |
||||
}; |
||||
|
||||
#ifndef OPENSSL_NO_EC |
||||
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c |
||||
index 064794d9bf..b6d5e8e134 100644 |
||||
--- a/providers/fips/self_test_kats.c |
||||
+++ b/providers/fips/self_test_kats.c |
||||
@@ -647,14 +647,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) |
||||
return ret; |
||||
} |
||||
|
||||
+int REDHAT_FIPS_asym_cipher_st = 0; |
||||
+ |
||||
static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) |
||||
{ |
||||
int i, ret = 1; |
||||
|
||||
+ REDHAT_FIPS_asym_cipher_st = 1; |
||||
+ |
||||
for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) { |
||||
if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx)) |
||||
ret = 0; |
||||
} |
||||
+ |
||||
+ REDHAT_FIPS_asym_cipher_st = 0; |
||||
+ |
||||
return ret; |
||||
} |
||||
|
||||
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c |
||||
index 00cf65fcd6..83be3d8ede 100644 |
||||
--- a/providers/implementations/asymciphers/rsa_enc.c |
||||
+++ b/providers/implementations/asymciphers/rsa_enc.c |
||||
@@ -30,6 +30,9 @@ |
||||
#include "prov/implementations.h" |
||||
#include "prov/providercommon.h" |
||||
#include "prov/securitycheck.h" |
||||
+#ifdef FIPS_MODULE |
||||
+# include "crypto/rsa/rsa_local.h" |
||||
+#endif |
||||
|
||||
#include <stdlib.h> |
||||
|
||||
@@ -75,6 +78,9 @@ typedef struct { |
||||
/* TLS padding */ |
||||
unsigned int client_version; |
||||
unsigned int alt_version; |
||||
+#ifdef FIPS_MODULE |
||||
+ char *redhat_st_oaep_seed; |
||||
+#endif /* FIPS_MODULE */ |
||||
} PROV_RSA_CTX; |
||||
|
||||
static void *rsa_newctx(void *provctx) |
||||
@@ -190,12 +196,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, |
||||
return 0; |
||||
} |
||||
ret = |
||||
- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf, |
||||
+#ifdef FIPS_MODULE |
||||
+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2( |
||||
+#else |
||||
+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex( |
||||
+#endif |
||||
+ prsactx->libctx, tbuf, |
||||
rsasize, in, inlen, |
||||
prsactx->oaep_label, |
||||
prsactx->oaep_labellen, |
||||
prsactx->oaep_md, |
||||
- prsactx->mgf1_md); |
||||
+ prsactx->mgf1_md |
||||
+#ifdef FIPS_MODULE |
||||
+ , prsactx->redhat_st_oaep_seed |
||||
+#endif |
||||
+ ); |
||||
|
||||
if (!ret) { |
||||
OPENSSL_free(tbuf); |
||||
@@ -326,6 +341,9 @@ static void rsa_freectx(void *vprsactx) |
||||
EVP_MD_free(prsactx->oaep_md); |
||||
EVP_MD_free(prsactx->mgf1_md); |
||||
OPENSSL_free(prsactx->oaep_label); |
||||
+#ifdef FIPS_MODULE |
||||
+ OPENSSL_free(prsactx->redhat_st_oaep_seed); |
||||
+#endif /* FIPS_MODULE */ |
||||
|
||||
OPENSSL_free(prsactx); |
||||
} |
||||
@@ -445,6 +463,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { |
||||
NULL, 0), |
||||
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), |
||||
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), |
||||
+#ifdef FIPS_MODULE |
||||
+ OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0), |
||||
+#endif /* FIPS_MODULE */ |
||||
OSSL_PARAM_END |
||||
}; |
||||
|
||||
@@ -454,6 +475,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, |
||||
return known_gettable_ctx_params; |
||||
} |
||||
|
||||
+#ifdef FIPS_MODULE |
||||
+extern int REDHAT_FIPS_asym_cipher_st; |
||||
+#endif /* FIPS_MODULE */ |
||||
+ |
||||
static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) |
||||
{ |
||||
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; |
||||
@@ -563,6 +588,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) |
||||
prsactx->oaep_labellen = tmp_labellen; |
||||
} |
||||
|
||||
+#ifdef FIPS_MODULE |
||||
+ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED); |
||||
+ if (p != NULL && REDHAT_FIPS_asym_cipher_st) { |
||||
+ void *tmp_oaep_seed = NULL; |
||||
+ |
||||
+ if (!OSSL_PARAM_get_octet_string(p, &tmp_oaep_seed, 0, NULL)) |
||||
+ return 0; |
||||
+ OPENSSL_free(prsactx->redhat_st_oaep_seed); |
||||
+ prsactx->redhat_st_oaep_seed = (char *)tmp_oaep_seed; |
||||
+ } |
||||
+#endif /* FIPS_MODULE */ |
||||
+ |
||||
p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION); |
||||
if (p != NULL) { |
||||
unsigned int client_version; |
||||
-- |
||||
2.37.1 |
||||
|
@ -0,0 +1,313 @@
@@ -0,0 +1,313 @@
|
||||
From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001 |
||||
From: Clemens Lang <cllang@redhat.com> |
||||
Date: Fri, 15 Jul 2022 17:45:40 +0200 |
||||
Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test |
||||
|
||||
In review for FIPS 140-3, the lack of a self-test for the digest_sign |
||||
and digest_verify provider functions was highlighted as a problem. NIST |
||||
no longer provides ACVP tests for the RSA SigVer primitive (see |
||||
https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3 |
||||
recommends the use of functions that compute the digest and signature |
||||
within the module, we have been advised in our module review that the |
||||
self tests should also use the combined digest and signature APIs, i.e. |
||||
the digest_sign and digest_verify provider functions. |
||||
|
||||
Modify the signature self-test to use these instead by switching to |
||||
EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to |
||||
crypto/evp/m_sigver.c to make these functions usable in the FIPS module. |
||||
|
||||
Signed-off-by: Clemens Lang <cllang@redhat.com> |
||||
--- |
||||
crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------ |
||||
providers/fips/self_test_kats.c | 37 +++++++++++++++------------- |
||||
2 files changed, 56 insertions(+), 24 deletions(-) |
||||
|
||||
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c |
||||
index db1a1d7bc3..c94c3c53bd 100644 |
||||
--- a/crypto/evp/m_sigver.c |
||||
+++ b/crypto/evp/m_sigver.c |
||||
@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) |
||||
ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED); |
||||
return 0; |
||||
} |
||||
+#endif /* !defined(FIPS_MODULE) */ |
||||
|
||||
/* |
||||
* If we get the "NULL" md then the name comes back as "UNDEF". We want to use |
||||
@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, |
||||
reinit = 0; |
||||
if (e == NULL) |
||||
ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); |
||||
+#ifndef FIPS_MODULE |
||||
else |
||||
ctx->pctx = EVP_PKEY_CTX_new(pkey, e); |
||||
+#endif /* !defined(FIPS_MODULE) */ |
||||
} |
||||
if (ctx->pctx == NULL) |
||||
return 0; |
||||
@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, |
||||
locpctx = ctx->pctx; |
||||
ERR_set_mark(); |
||||
|
||||
+#ifndef FIPS_MODULE |
||||
if (evp_pkey_ctx_is_legacy(locpctx)) |
||||
goto legacy; |
||||
+#endif /* !defined(FIPS_MODULE) */ |
||||
|
||||
/* do not reinitialize if pkey is set or operation is different */ |
||||
if (reinit |
||||
@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, |
||||
signature = |
||||
evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, |
||||
supported_sig, locpctx->propquery); |
||||
+#ifndef FIPS_MODULE |
||||
if (signature == NULL) |
||||
goto legacy; |
||||
+#endif /* !defined(FIPS_MODULE) */ |
||||
break; |
||||
} |
||||
if (signature == NULL) |
||||
@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, |
||||
ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); |
||||
if (ctx->fetched_digest != NULL) { |
||||
ctx->digest = ctx->reqdigest = ctx->fetched_digest; |
||||
+#ifndef FIPS_MODULE |
||||
} else { |
||||
/* legacy engine support : remove the mark when this is deleted */ |
||||
ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname); |
||||
@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, |
||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); |
||||
goto err; |
||||
} |
||||
+#endif /* !defined(FIPS_MODULE) */ |
||||
} |
||||
(void)ERR_pop_to_mark(); |
||||
} |
||||
} |
||||
|
||||
+#ifndef FIPS_MODULE |
||||
if (ctx->reqdigest != NULL |
||||
&& !EVP_PKEY_is_a(locpctx->pkey, SN_hmac) |
||||
&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf) |
||||
@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, |
||||
goto err; |
||||
} |
||||
} |
||||
+#endif /* !defined(FIPS_MODULE) */ |
||||
|
||||
if (ver) { |
||||
if (signature->digest_verify_init == NULL) { |
||||
@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, |
||||
EVP_KEYMGMT_free(tmp_keymgmt); |
||||
return 0; |
||||
|
||||
+#ifndef FIPS_MODULE |
||||
legacy: |
||||
/* |
||||
* If we don't have the full support we need with provided methods, |
||||
@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, |
||||
ctx->pctx->flag_call_digest_custom = 1; |
||||
|
||||
ret = 1; |
||||
+#endif /* !defined(FIPS_MODULE) */ |
||||
|
||||
end: |
||||
#ifndef FIPS_MODULE |
||||
@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, |
||||
return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1, |
||||
NULL); |
||||
} |
||||
-#endif /* FIPS_MDOE */ |
||||
|
||||
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) |
||||
{ |
||||
@@ -541,23 +553,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) |
||||
return EVP_DigestUpdate(ctx, data, dsize); |
||||
} |
||||
|
||||
-#ifndef FIPS_MODULE |
||||
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, |
||||
size_t *siglen) |
||||
{ |
||||
- int sctx = 0, r = 0; |
||||
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; |
||||
+ int r = 0; |
||||
+#ifndef FIPS_MODULE |
||||
+ int sctx = 0; |
||||
+ EVP_PKEY_CTX *dctx; |
||||
+#endif /* !defined(FIPS_MODULE) */ |
||||
+ EVP_PKEY_CTX *pctx = ctx->pctx; |
||||
|
||||
+#ifndef FIPS_MODULE |
||||
if (pctx == NULL |
||||
|| pctx->operation != EVP_PKEY_OP_SIGNCTX |
||||
|| pctx->op.sig.algctx == NULL |
||||
|| pctx->op.sig.signature == NULL) |
||||
goto legacy; |
||||
+#endif /* !defined(FIPS_MODULE) */ |
||||
|
||||
if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) |
||||
return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, |
||||
sigret, siglen, |
||||
(siglen == NULL) ? 0 : *siglen); |
||||
+#ifndef FIPS_MODULE |
||||
dctx = EVP_PKEY_CTX_dup(pctx); |
||||
if (dctx == NULL) |
||||
return 0; |
||||
@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, |
||||
sigret, siglen, |
||||
(siglen == NULL) ? 0 : *siglen); |
||||
EVP_PKEY_CTX_free(dctx); |
||||
+#endif /* defined(FIPS_MODULE) */ |
||||
return r; |
||||
|
||||
+#ifndef FIPS_MODULE |
||||
legacy: |
||||
if (pctx == NULL || pctx->pmeth == NULL) { |
||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); |
||||
@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, |
||||
} |
||||
} |
||||
return 1; |
||||
+#endif /* !defined(FIPS_MODULE) */ |
||||
} |
||||
|
||||
int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, |
||||
@@ -669,21 +690,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, |
||||
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, |
||||
size_t siglen) |
||||
{ |
||||
- unsigned char md[EVP_MAX_MD_SIZE]; |
||||
int r = 0; |
||||
+#ifndef FIPS_MODULE |
||||
+ unsigned char md[EVP_MAX_MD_SIZE]; |
||||
unsigned int mdlen = 0; |
||||
int vctx = 0; |
||||
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; |
||||
+ EVP_PKEY_CTX *dctx; |
||||
+#endif /* !defined(FIPS_MODULE) */ |
||||
+ EVP_PKEY_CTX *pctx = ctx->pctx; |
||||
|
||||
+#ifndef FIPS_MODULE |
||||
if (pctx == NULL |
||||
|| pctx->operation != EVP_PKEY_OP_VERIFYCTX |
||||
|| pctx->op.sig.algctx == NULL |
||||
|| pctx->op.sig.signature == NULL) |
||||
goto legacy; |
||||
+#endif /* !defined(FIPS_MODULE) */ |
||||
|
||||
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) |
||||
return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, |
||||
sig, siglen); |
||||
+#ifndef FIPS_MODULE |
||||
dctx = EVP_PKEY_CTX_dup(pctx); |
||||
if (dctx == NULL) |
||||
return 0; |
||||
@@ -691,8 +718,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, |
||||
r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx, |
||||
sig, siglen); |
||||
EVP_PKEY_CTX_free(dctx); |
||||
+#endif /* !defined(FIPS_MODULE) */ |
||||
return r; |
||||
|
||||
+#ifndef FIPS_MODULE |
||||
legacy: |
||||
if (pctx == NULL || pctx->pmeth == NULL) { |
||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); |
||||
@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, |
||||
if (vctx || !r) |
||||
return r; |
||||
return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen); |
||||
+#endif /* !defined(FIPS_MODULE) */ |
||||
} |
||||
|
||||
int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, |
||||
@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, |
||||
return -1; |
||||
return EVP_DigestVerifyFinal(ctx, sigret, siglen); |
||||
} |
||||
-#endif /* FIPS_MODULE */ |
||||
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c |
||||
index b6d5e8e134..77eec075e6 100644 |
||||
--- a/providers/fips/self_test_kats.c |
||||
+++ b/providers/fips/self_test_kats.c |
||||
@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t, |
||||
int ret = 0; |
||||
OSSL_PARAM *params = NULL, *params_sig = NULL; |
||||
OSSL_PARAM_BLD *bld = NULL; |
||||
+ EVP_MD *md = NULL; |
||||
+ EVP_MD_CTX *ctx = NULL; |
||||
EVP_PKEY_CTX *sctx = NULL, *kctx = NULL; |
||||
EVP_PKEY *pkey = NULL; |
||||
- unsigned char sig[256]; |
||||
BN_CTX *bnctx = NULL; |
||||
BIGNUM *K = NULL; |
||||
+ const char *msg = "Hello World!"; |
||||
+ unsigned char sig[256]; |
||||
size_t siglen = sizeof(sig); |
||||
static const unsigned char dgst[] = { |
||||
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, |
||||
@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t, |
||||
|| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) |
||||
goto err; |
||||
|
||||
- /* Create a EVP_PKEY_CTX to use for the signing operation */ |
||||
- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); |
||||
- if (sctx == NULL |
||||
- || EVP_PKEY_sign_init(sctx) <= 0) |
||||
- goto err; |
||||
- |
||||
- /* set signature parameters */ |
||||
- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST, |
||||
- t->mdalgorithm, |
||||
- strlen(t->mdalgorithm) + 1)) |
||||
- goto err; |
||||
+ /* Create a EVP_MD_CTX to use for the signature operation, assign signature |
||||
+ * parameters and sign */ |
||||
params_sig = OSSL_PARAM_BLD_to_param(bld); |
||||
- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) |
||||
+ md = EVP_MD_fetch(libctx, "SHA256", NULL); |
||||
+ ctx = EVP_MD_CTX_new(); |
||||
+ if (md == NULL || ctx == NULL) |
||||
+ goto err; |
||||
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); |
||||
+ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0 |
||||
+ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0 |
||||
+ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0 |
||||
+ || EVP_MD_CTX_reset(ctx) <= 0) |
||||
goto err; |
||||
|
||||
- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0 |
||||
- || EVP_PKEY_verify_init(sctx) <= 0 |
||||
+ /* sctx is not freed automatically inside the FIPS module */ |
||||
+ EVP_PKEY_CTX_free(sctx); |
||||
+ sctx = NULL; |
||||
+ |
||||
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT); |
||||
+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0 |
||||
|| EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) |
||||
goto err; |
||||
|
||||
@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t, |
||||
goto err; |
||||
|
||||
OSSL_SELF_TEST_oncorrupt_byte(st, sig); |
||||
- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0) |
||||
+ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0) |
||||
goto err; |
||||
ret = 1; |
||||
err: |
||||
BN_CTX_free(bnctx); |
||||
EVP_PKEY_free(pkey); |
||||
- EVP_PKEY_CTX_free(kctx); |
||||
+ EVP_MD_free(md); |
||||
+ EVP_MD_CTX_free(ctx); |
||||
+ /* sctx is not freed automatically inside the FIPS module */ |
||||
EVP_PKEY_CTX_free(sctx); |
||||
+ EVP_PKEY_CTX_free(kctx); |
||||
OSSL_PARAM_free(params); |
||||
OSSL_PARAM_free(params_sig); |
||||
OSSL_PARAM_BLD_free(bld); |
||||
-- |
||||
2.37.1 |
||||
|
@ -0,0 +1,378 @@
@@ -0,0 +1,378 @@
|
||||
From e385647549c467fe263b68b72dd21bdfb875ee88 Mon Sep 17 00:00:00 2001 |
||||
From: Clemens Lang <cllang@redhat.com> |
||||
Date: Fri, 22 Jul 2022 17:51:16 +0200 |
||||
Subject: [PATCH 2/2] FIPS: Use FFDHE2048 in self test |
||||
|
||||
Signed-off-by: Clemens Lang <cllang@redhat.com> |
||||
--- |
||||
providers/fips/self_test_data.inc | 342 +++++++++++++++--------------- |
||||
1 file changed, 172 insertions(+), 170 deletions(-) |
||||
|
||||
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc |
||||
index a29cc650b5..1b5623833f 100644 |
||||
--- a/providers/fips/self_test_data.inc |
||||
+++ b/providers/fips/self_test_data.inc |
||||
@@ -821,188 +821,190 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] = |
||||
|
||||
#ifndef OPENSSL_NO_DH |
||||
/* DH KAT */ |
||||
+/* RFC7919 FFDHE2048 p */ |
||||
static const unsigned char dh_p[] = { |
||||
- 0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25, |
||||
- 0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0, |
||||
- 0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66, |
||||
- 0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b, |
||||
- 0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe, |
||||
- 0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce, |
||||
- 0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d, |
||||
- 0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d, |
||||
- 0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde, |
||||
- 0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb, |
||||
- 0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17, |
||||
- 0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0, |
||||
- 0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97, |
||||
- 0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9, |
||||
- 0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7, |
||||
- 0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1, |
||||
- 0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d, |
||||
- 0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82, |
||||
- 0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4, |
||||
- 0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c, |
||||
- 0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b, |
||||
- 0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50, |
||||
- 0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31, |
||||
- 0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44, |
||||
- 0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5, |
||||
- 0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80, |
||||
- 0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12, |
||||
- 0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94, |
||||
- 0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7, |
||||
- 0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1, |
||||
- 0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d, |
||||
- 0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69 |
||||
-}; |
||||
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
+ 0xad, 0xf8, 0x54, 0x58, 0xa2, 0xbb, 0x4a, 0x9a, |
||||
+ 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1, |
||||
+ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95, |
||||
+ 0xa9, 0xe1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xfb, |
||||
+ 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9, |
||||
+ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8, |
||||
+ 0xf6, 0x81, 0xb2, 0x02, 0xae, 0xc4, 0x61, 0x7a, |
||||
+ 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61, |
||||
+ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0, |
||||
+ 0x85, 0x63, 0x65, 0x55, 0x3d, 0xed, 0x1a, 0xf3, |
||||
+ 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35, |
||||
+ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77, |
||||
+ 0xe2, 0xa6, 0x89, 0xda, 0xf3, 0xef, 0xe8, 0x72, |
||||
+ 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35, |
||||
+ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a, |
||||
+ 0xbc, 0x0a, 0xb1, 0x82, 0xb3, 0x24, 0xfb, 0x61, |
||||
+ 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb, |
||||
+ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68, |
||||
+ 0x1d, 0x4f, 0x42, 0xa3, 0xde, 0x39, 0x4d, 0xf4, |
||||
+ 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19, |
||||
+ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70, |
||||
+ 0x9e, 0x02, 0xfc, 0xe1, 0xcd, 0xf7, 0xe2, 0xec, |
||||
+ 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61, |
||||
+ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff, |
||||
+ 0x8e, 0x4f, 0x12, 0x32, 0xee, 0xf2, 0x81, 0x83, |
||||
+ 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73, |
||||
+ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05, |
||||
+ 0xc5, 0x8e, 0xf1, 0x83, 0x7d, 0x16, 0x83, 0xb2, |
||||
+ 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa, |
||||
+ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97, |
||||
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff |
||||
+}; |
||||
+/* RFC7919 FFDHE2048 q */ |
||||
static const unsigned char dh_q[] = { |
||||
- 0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e, |
||||
- 0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83, |
||||
- 0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea, |
||||
- 0x11, 0xac, 0xb5, 0x7d |
||||
-}; |
||||
+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
||||
+ 0xd6, 0xfc, 0x2a, 0x2c, 0x51, 0x5d, 0xa5, 0x4d, |
||||
+ 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, |
||||
+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, |
||||
+ 0xd4, 0xf0, 0x9b, 0x20, 0x8a, 0x32, 0x19, 0xfd, |
||||
+ 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, |
||||
+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, |
||||
+ 0x7b, 0x40, 0xd9, 0x01, 0x57, 0x62, 0x30, 0xbd, |
||||
+ 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, |
||||
+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, |
||||
+ 0x42, 0xb1, 0xb2, 0xaa, 0x9e, 0xf6, 0x8d, 0x79, |
||||
+ 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, |
||||
+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, |
||||
+ 0xf1, 0x53, 0x44, 0xed, 0x79, 0xf7, 0xf4, 0x39, |
||||
+ 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, |
||||
+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, |
||||
+ 0x5e, 0x05, 0x58, 0xc1, 0x59, 0x92, 0x7d, 0xb0, |
||||
+ 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, |
||||
+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, |
||||
+ 0x0e, 0xa7, 0xa1, 0x51, 0xef, 0x1c, 0xa6, 0xfa, |
||||
+ 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, |
||||
+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, |
||||
+ 0x4f, 0x01, 0x7e, 0x70, 0xe6, 0xfb, 0xf1, 0x76, |
||||
+ 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, |
||||
+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, |
||||
+ 0xc7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xc1, |
||||
+ 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, |
||||
+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, |
||||
+ 0xe2, 0xc7, 0x78, 0xc1, 0xbe, 0x8b, 0x41, 0xd9, |
||||
+ 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, |
||||
+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, |
||||
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff |
||||
+}; |
||||
+/* RFC7919 FFDHE2048 g */ |
||||
static const unsigned char dh_g[] = { |
||||
- 0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39, |
||||
- 0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f, |
||||
- 0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0, |
||||
- 0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f, |
||||
- 0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f, |
||||
- 0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a, |
||||
- 0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4, |
||||
- 0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c, |
||||
- 0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20, |
||||
- 0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25, |
||||
- 0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53, |
||||
- 0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9, |
||||
- 0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc, |
||||
- 0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9, |
||||
- 0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43, |
||||
- 0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86, |
||||
- 0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16, |
||||
- 0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40, |
||||
- 0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23, |
||||
- 0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa, |
||||
- 0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6, |
||||
- 0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2, |
||||
- 0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61, |
||||
- 0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a, |
||||
- 0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef, |
||||
- 0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f, |
||||
- 0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3, |
||||
- 0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a, |
||||
- 0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4, |
||||
- 0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74, |
||||
- 0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4, |
||||
- 0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32 |
||||
+ 0x02 |
||||
}; |
||||
static const unsigned char dh_priv[] = { |
||||
- 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a, |
||||
- 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70, |
||||
- 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15, |
||||
- 0x40, 0xb8, 0xfc, 0xe6 |
||||
+ 0x01, 0xdc, 0x2a, 0xb9, 0x87, 0x71, 0x57, 0x0f, |
||||
+ 0xcd, 0x93, 0x65, 0x4c, 0xa1, 0xd6, 0x56, 0x6d, |
||||
+ 0xc5, 0x35, 0xd5, 0xcb, 0x4c, 0xb8, 0xad, 0x8d, |
||||
+ 0x6c, 0xdc, 0x5d, 0x6e, 0x94 |
||||
}; |
||||
static const unsigned char dh_pub[] = { |
||||
- 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04, |
||||
- 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69, |
||||
- 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59, |
||||
- 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b, |
||||
- 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c, |
||||
- 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21, |
||||
- 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06, |
||||
- 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb, |
||||
- 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2, |
||||
- 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0, |
||||
- 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83, |
||||
- 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90, |
||||
- 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2, |
||||
- 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7, |
||||
- 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0, |
||||
- 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88, |
||||
- 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb, |
||||
- 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a, |
||||
- 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97, |
||||
- 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d, |
||||
- 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf, |
||||
- 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e, |
||||
- 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f, |
||||
- 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d, |
||||
- 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1, |
||||
- 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c, |
||||
- 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47, |
||||
- 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e, |
||||
- 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f, |
||||
- 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9, |
||||
- 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c, |
||||
- 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3 |
||||
+ 0x00, 0xc4, 0x82, 0x14, 0x69, 0x16, 0x4c, 0x05, |
||||
+ 0x55, 0x2a, 0x7e, 0x55, 0x6d, 0x02, 0xbb, 0x7f, |
||||
+ 0xcc, 0x63, 0x74, 0xee, 0xcb, 0xb4, 0x98, 0x43, |
||||
+ 0x0e, 0x29, 0x43, 0x0d, 0x44, 0xc7, 0xf1, 0x23, |
||||
+ 0x81, 0xca, 0x1c, 0x5c, 0xc3, 0xff, 0x01, 0x4a, |
||||
+ 0x1a, 0x03, 0x9e, 0x5f, 0xd1, 0x4e, 0xa0, 0x0b, |
||||
+ 0xb9, 0x5c, 0x0d, 0xef, 0x14, 0x01, 0x62, 0x3c, |
||||
+ 0x8a, 0x8e, 0x60, 0xbb, 0x39, 0xd6, 0x38, 0x63, |
||||
+ 0xb7, 0x65, 0xd0, 0x0b, 0x1a, 0xaf, 0x53, 0x38, |
||||
+ 0x10, 0x0f, 0x3e, 0xeb, 0x9d, 0x0c, 0x24, 0xf6, |
||||
+ 0xe3, 0x70, 0x08, 0x8a, 0x4d, 0x01, 0xf8, 0x7a, |
||||
+ 0x87, 0x49, 0x64, 0x72, 0xb1, 0x75, 0x3b, 0x94, |
||||
+ 0xc8, 0x09, 0x2d, 0x6a, 0x63, 0xd8, 0x9a, 0x92, |
||||
+ 0xb9, 0x5b, 0x1a, 0xc3, 0x47, 0x0b, 0x63, 0x44, |
||||
+ 0x3b, 0xe3, 0xc0, 0x09, 0xc9, 0xf9, 0x02, 0x53, |
||||
+ 0xd8, 0xfb, 0x06, 0x44, 0xdb, 0xdf, 0xe8, 0x13, |
||||
+ 0x2b, 0x40, 0x6a, 0xd4, 0x13, 0x4e, 0x52, 0x30, |
||||
+ 0xd6, 0xc1, 0xd8, 0x59, 0x9d, 0x59, 0xba, 0x1b, |
||||
+ 0xbf, 0xaa, 0x6f, 0xe9, 0x3d, 0xfd, 0xff, 0x01, |
||||
+ 0x0b, 0x54, 0xe0, 0x6a, 0x4e, 0x27, 0x2b, 0x3d, |
||||
+ 0xe8, 0xef, 0xb0, 0xbe, 0x52, 0xc3, 0x52, 0x18, |
||||
+ 0x6f, 0xa3, 0x27, 0xab, 0x6c, 0x12, 0xc3, 0x81, |
||||
+ 0xcb, 0xae, 0x23, 0x11, 0xa0, 0x5d, 0xc3, 0x6f, |
||||
+ 0x23, 0x17, 0x40, 0xb3, 0x05, 0x4f, 0x5d, 0xb7, |
||||
+ 0x34, 0xbe, 0x87, 0x2c, 0xa9, 0x9e, 0x98, 0x39, |
||||
+ 0xbf, 0x2e, 0x9d, 0xad, 0x4f, 0x70, 0xad, 0xed, |
||||
+ 0x1b, 0x5e, 0x47, 0x90, 0x49, 0x2e, 0x61, 0x71, |
||||
+ 0x5f, 0x07, 0x0b, 0x35, 0x04, 0xfc, 0x53, 0xce, |
||||
+ 0x58, 0x60, 0x6c, 0x5b, 0x8b, 0xfe, 0x70, 0x04, |
||||
+ 0x2a, 0x6a, 0x98, 0x0a, 0xd0, 0x80, 0xae, 0x69, |
||||
+ 0x95, 0xf9, 0x99, 0x18, 0xfc, 0xe4, 0x8e, 0xed, |
||||
+ 0x61, 0xd9, 0x02, 0x9d, 0x4e, 0x05, 0xe9, 0xf2, |
||||
+ 0x32 |
||||
}; |
||||
static const unsigned char dh_peer_pub[] = { |
||||
- 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a, |
||||
- 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d, |
||||
- 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58, |
||||
- 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32, |
||||
- 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb, |
||||
- 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0, |
||||
- 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0, |
||||
- 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc, |
||||
- 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1, |
||||
- 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e, |
||||
- 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97, |
||||
- 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05, |
||||
- 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3, |
||||
- 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f, |
||||
- 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7, |
||||
- 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1, |
||||
- 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96, |
||||
- 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf, |
||||
- 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22, |
||||
- 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98, |
||||
- 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42, |
||||
- 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c, |
||||
- 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde, |
||||
- 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20, |
||||
- 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22, |
||||
- 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3, |
||||
- 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3, |
||||
- 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2, |
||||
- 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00, |
||||
- 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51, |
||||
- 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f, |
||||
- 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b |
||||
+ 0x00, 0xef, 0x15, 0x02, 0xf5, 0x56, 0xa3, 0x79, |
||||
+ 0x40, 0x58, 0xbc, 0xeb, 0x56, 0xad, 0xcb, 0xda, |
||||
+ 0x8c, 0xda, 0xb8, 0xd1, 0xda, 0x6f, 0x25, 0x29, |
||||
+ 0x9e, 0x43, 0x76, 0x2d, 0xb2, 0xd8, 0xbc, 0x84, |
||||
+ 0xbc, 0x85, 0xd0, 0x94, 0x8d, 0x44, 0x27, 0x57, |
||||
+ 0xe4, 0xdf, 0xc1, 0x78, 0x42, 0x8f, 0x08, 0xf5, |
||||
+ 0x74, 0xfe, 0x02, 0x56, 0xd2, 0x09, 0xc8, 0x68, |
||||
+ 0xef, 0xed, 0x18, 0xc9, 0xfd, 0x2e, 0x95, 0x6c, |
||||
+ 0xba, 0x6c, 0x00, 0x0e, 0xf5, 0xd1, 0x1b, 0xf6, |
||||
+ 0x15, 0x14, 0x5b, 0x67, 0x22, 0x7c, 0x6a, 0x20, |
||||
+ 0x76, 0x43, 0x51, 0xef, 0x5e, 0x1e, 0xf9, 0x2d, |
||||
+ 0xd6, 0xb4, 0xc5, 0xc6, 0x18, 0x33, 0xd1, 0xa3, |
||||
+ 0x3b, 0xe6, 0xdd, 0x57, 0x9d, 0xad, 0x13, 0x7a, |
||||
+ 0x53, 0xde, 0xb3, 0x97, 0xc0, 0x7e, 0xd7, 0x77, |
||||
+ 0x6b, 0xf8, 0xbd, 0x13, 0x70, 0x8c, 0xba, 0x73, |
||||
+ 0x80, 0xb3, 0x80, 0x6f, 0xfb, 0x1c, 0xda, 0x53, |
||||
+ 0x4d, 0x3c, 0x8a, 0x2e, 0xa1, 0x37, 0xce, 0xb1, |
||||
+ 0xde, 0x45, 0x97, 0x58, 0x65, 0x4d, 0xcf, 0x05, |
||||
+ 0xbb, 0xc3, 0xd7, 0x38, 0x6d, 0x0a, 0x59, 0x7a, |
||||
+ 0x99, 0x15, 0xb7, 0x9a, 0x3d, 0xfd, 0x61, 0xe5, |
||||
+ 0x1a, 0xa2, 0xcc, 0xf6, 0xfe, 0xb1, 0xee, 0xe9, |
||||
+ 0xa9, 0xe2, 0xeb, 0x06, 0xbc, 0x14, 0x6e, 0x91, |
||||
+ 0x0d, 0xf1, 0xe3, 0xbb, 0xe0, 0x7e, 0x1d, 0x31, |
||||
+ 0x79, 0xf1, 0x6d, 0x5f, 0xcb, 0xaf, 0xb2, 0x4f, |
||||
+ 0x22, 0x12, 0xbf, 0x72, 0xbd, 0xd0, 0x30, 0xe4, |
||||
+ 0x1c, 0x35, 0x96, 0x61, 0x98, 0x39, 0xfb, 0x7e, |
||||
+ 0x6d, 0x66, 0xc4, 0x69, 0x41, 0x0d, 0x0d, 0x59, |
||||
+ 0xbb, 0xa7, 0xbf, 0x34, 0xe0, 0x39, 0x36, 0x84, |
||||
+ 0x5e, 0x0e, 0x03, 0x2d, 0xcf, 0xaa, 0x02, 0x8a, |
||||
+ 0xba, 0x59, 0x88, 0x47, 0xc4, 0x4d, 0xd7, 0xbd, |
||||
+ 0x78, 0x76, 0x24, 0xf1, 0x45, 0x56, 0x44, 0xc2, |
||||
+ 0x4a, 0xc2, 0xd5, 0x3a, 0x59, 0x40, 0xab, 0x87, |
||||
+ 0x64 |
||||
}; |
||||
|
||||
static const unsigned char dh_secret_expected[] = { |
||||
- 0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a, |
||||
- 0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a, |
||||
- 0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c, |
||||
- 0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe, |
||||
- 0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2, |
||||
- 0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21, |
||||
- 0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53, |
||||
- 0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd, |
||||
- 0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87, |
||||
- 0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4, |
||||
- 0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d, |
||||
- 0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd, |
||||
- 0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33, |
||||
- 0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe, |
||||
- 0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a, |
||||
- 0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73, |
||||
- 0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad, |
||||
- 0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0, |
||||
- 0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79, |
||||
- 0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9, |
||||
- 0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2, |
||||
- 0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6, |
||||
- 0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae, |
||||
- 0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57, |
||||
- 0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a, |
||||
- 0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63, |
||||
- 0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9, |
||||
- 0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86, |
||||
- 0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5, |
||||
- 0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00, |
||||
- 0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52, |
||||
- 0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6 |
||||
+ 0x56, 0x13, 0xe3, 0x12, 0x6b, 0x5f, 0x67, 0xe5, |
||||
+ 0x08, 0xe5, 0x35, 0x0e, 0x11, 0x90, 0x9d, 0xf5, |
||||
+ 0x1a, 0x24, 0xfa, 0x42, 0xd1, 0x4a, 0x50, 0x93, |
||||
+ 0x5b, 0xf4, 0x11, 0x6f, 0xd0, 0xc3, 0xc5, 0xa5, |
||||
+ 0x80, 0xae, 0x01, 0x3d, 0x66, 0x92, 0xc0, 0x3e, |
||||
+ 0x5f, 0xe9, 0x75, 0xb6, 0x5b, 0x37, 0x82, 0x39, |
||||
+ 0x72, 0x66, 0x0b, 0xa2, 0x73, 0x94, 0xe5, 0x04, |
||||
+ 0x7c, 0x0c, 0x19, 0x9a, 0x03, 0x53, 0xc4, 0x9d, |
||||
+ 0xc1, 0x0f, 0xc3, 0xec, 0x0e, 0x2e, 0xa3, 0x7c, |
||||
+ 0x07, 0x0e, 0xaf, 0x18, 0x1d, 0xc7, 0x8b, 0x47, |
||||
+ 0x4b, 0x94, 0x05, 0x6d, 0xec, 0xdd, 0xa1, 0xae, |
||||
+ 0x7b, 0x21, 0x86, 0x53, 0xd3, 0x62, 0x38, 0x08, |
||||
+ 0xea, 0xda, 0xdc, 0xb2, 0x5a, 0x7c, 0xef, 0x19, |
||||
+ 0xf8, 0x29, 0xef, 0xf8, 0xd0, 0xfb, 0xde, 0xe8, |
||||
+ 0xb8, 0x2f, 0xb3, 0xa1, 0x16, 0xa2, 0xd0, 0x8f, |
||||
+ 0x48, 0xdc, 0x7d, 0xcb, 0xee, 0x5c, 0x06, 0x1e, |
||||
+ 0x2a, 0x66, 0xe8, 0x1f, 0xdb, 0x18, 0xe9, 0xd2, |
||||
+ 0xfd, 0xa2, 0x4e, 0x39, 0xa3, 0x2e, 0x88, 0x3d, |
||||
+ 0x7d, 0xac, 0x15, 0x18, 0x25, 0xe6, 0xba, 0xd4, |
||||
+ 0x0e, 0x89, 0x26, 0x60, 0x8f, 0xdc, 0x4a, 0xb4, |
||||
+ 0x49, 0x8f, 0x98, 0xe8, 0x62, 0x8c, 0xc6, 0x66, |
||||
+ 0x20, 0x4c, 0xe1, 0xed, 0xfc, 0x01, 0x88, 0x46, |
||||
+ 0xa7, 0x67, 0x48, 0x39, 0xc5, 0x22, 0x95, 0xa0, |
||||
+ 0x23, 0xb9, 0xd1, 0xed, 0x87, 0xcf, 0xa7, 0x70, |
||||
+ 0x1c, 0xac, 0xd3, 0xaf, 0x5c, 0x26, 0x50, 0x3c, |
||||
+ 0xe4, 0x23, 0xb6, 0xcc, 0xd7, 0xc5, 0xda, 0x2f, |
||||
+ 0xf4, 0x45, 0xf1, 0xe4, 0x40, 0xb5, 0x0a, 0x25, |
||||
+ 0x86, 0xe6, 0xde, 0x11, 0x3c, 0x46, 0x16, 0xbc, |
||||
+ 0x41, 0xc2, 0x28, 0x19, 0x81, 0x5a, 0x46, 0x02, |
||||
+ 0x87, 0xd0, 0x15, 0x0c, 0xd2, 0xfe, 0x75, 0x04, |
||||
+ 0x82, 0xd2, 0x0a, 0xb7, 0xbc, 0xc5, 0x6c, 0xb1, |
||||
+ 0x41, 0xa8, 0x2b, 0x28, 0xbb, 0x86, 0x0c, 0x89 |
||||
}; |
||||
|
||||
static const ST_KAT_PARAM dh_group[] = { |
||||
-- |
||||
2.35.3 |
||||
|
@ -0,0 +1,129 @@
@@ -0,0 +1,129 @@
|
||||
diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c |
||||
--- openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand 2022-08-03 11:09:01.301637515 +0200 |
||||
+++ openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c 2022-08-03 11:13:00.058688605 +0200 |
||||
@@ -48,6 +48,8 @@ |
||||
# include <fcntl.h> |
||||
# include <unistd.h> |
||||
# include <sys/time.h> |
||||
+# include <sys/random.h> |
||||
+# include <openssl/evp.h> |
||||
|
||||
static uint64_t get_time_stamp(void); |
||||
static uint64_t get_timer_bits(void); |
||||
@@ -342,66 +342,8 @@ static ssize_t syscall_random(void *buf, |
||||
* which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion |
||||
* between size_t and ssize_t is safe even without a range check. |
||||
*/ |
||||
- |
||||
- /* |
||||
- * Do runtime detection to find getentropy(). |
||||
- * |
||||
- * Known OSs that should support this: |
||||
- * - Darwin since 16 (OSX 10.12, IOS 10.0). |
||||
- * - Solaris since 11.3 |
||||
- * - OpenBSD since 5.6 |
||||
- * - Linux since 3.17 with glibc 2.25 |
||||
- * - FreeBSD since 12.0 (1200061) |
||||
- * |
||||
- * Note: Sometimes getentropy() can be provided but not implemented |
||||
- * internally. So we need to check errno for ENOSYS |
||||
- */ |
||||
-# if !defined(__DragonFly__) && !defined(__NetBSD__) |
||||
-# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) |
||||
- extern int getentropy(void *buffer, size_t length) __attribute__((weak)); |
||||
- |
||||
- if (getentropy != NULL) { |
||||
- if (getentropy(buf, buflen) == 0) |
||||
- return (ssize_t)buflen; |
||||
- if (errno != ENOSYS) |
||||
- return -1; |
||||
- } |
||||
-# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM) |
||||
- |
||||
- if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) |
||||
- return (ssize_t)buflen; |
||||
- |
||||
- return -1; |
||||
-# else |
||||
- union { |
||||
- void *p; |
||||
- int (*f)(void *buffer, size_t length); |
||||
- } p_getentropy; |
||||
- |
||||
- /* |
||||
- * We could cache the result of the lookup, but we normally don't |
||||
- * call this function often. |
||||
- */ |
||||
- ERR_set_mark(); |
||||
- p_getentropy.p = DSO_global_lookup("getentropy"); |
||||
- ERR_pop_to_mark(); |
||||
- if (p_getentropy.p != NULL) |
||||
- return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; |
||||
-# endif |
||||
-# endif /* !__DragonFly__ */ |
||||
- |
||||
- /* Linux supports this since version 3.17 */ |
||||
-# if defined(__linux) && defined(__NR_getrandom) |
||||
- return syscall(__NR_getrandom, buf, buflen, 0); |
||||
-# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) |
||||
- return sysctl_random(buf, buflen); |
||||
-# elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \ |
||||
- || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) |
||||
- return getrandom(buf, buflen, 0); |
||||
-# else |
||||
- errno = ENOSYS; |
||||
- return -1; |
||||
-# endif |
||||
+ /* Red Hat uses downstream patch to always seed from getrandom() */ |
||||
+ return EVP_default_properties_is_fips_enabled(NULL) ? getrandom(buf, buflen, GRND_RANDOM) : getrandom(buf, buflen, 0); |
||||
} |
||||
# endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ |
||||
|
||||
diff -up openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand openssl-3.0.1/providers/implementations/rands/drbg.c |
||||
--- openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand 2022-08-03 12:14:39.409370134 +0200 |
||||
+++ openssl-3.0.1/providers/implementations/rands/drbg.c 2022-08-03 12:19:06.320700346 +0200 |
||||
@@ -575,6 +575,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drb |
||||
#endif |
||||
} |
||||
|
||||
+#ifdef FIPS_MODULE |
||||
+ prediction_resistance = 1; |
||||
+#endif |
||||
/* Reseed using our sources in addition */ |
||||
entropylen = get_entropy(drbg, &entropy, drbg->strength, |
||||
drbg->min_entropylen, drbg->max_entropylen, |
||||
diff -up openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand openssl-3.0.1/crypto/rand/prov_seed.c |
||||
--- openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand 2022-08-04 12:17:52.148556301 +0200 |
||||
+++ openssl-3.0.1/crypto/rand/prov_seed.c 2022-08-04 12:19:41.783533552 +0200 |
||||
@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused |
||||
size_t entropy_available; |
||||
RAND_POOL *pool; |
||||
|
||||
- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len); |
||||
+ /* |
||||
+ * OpenSSL still implements an internal entropy pool of |
||||
+ * some size that is hashed to get seed data. |
||||
+ * Note that this is a conditioning step for which SP800-90C requires |
||||
+ * 64 additional bits from the entropy source to claim the requested |
||||
+ * amount of entropy. |
||||
+ */ |
||||
+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len); |
||||
if (pool == NULL) { |
||||
ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE); |
||||
return 0; |
||||
diff -up openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand openssl-3.0.1/providers/implementations/rands/crngt.c |
||||
--- openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand 2022-08-04 11:56:10.100950299 +0200 |
||||
+++ openssl-3.0.1/providers/implementations/rands/crngt.c 2022-08-04 11:59:11.241564925 +0200 |
||||
@@ -139,7 +139,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG |
||||
* to the nearest byte. If the entropy is of less than full quality, |
||||
* the amount required should be scaled up appropriately here. |
||||
*/ |
||||
- bytes_needed = (entropy + 7) / 8; |
||||
+ /* |
||||
+ * FIPS 140-3: the yet draft SP800-90C requires requested entropy |
||||
+ * + 128 bits during initial seeding |
||||
+ */ |
||||
+ bytes_needed = (entropy + 128 + 7) / 8; |
||||
if (bytes_needed < min_len) |
||||
bytes_needed = min_len; |
||||
if (bytes_needed > max_len) |
@ -0,0 +1,76 @@
@@ -0,0 +1,76 @@
|
||||
diff -up openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero openssl-3.0.1/crypto/ffc/ffc_params.c |
||||
--- openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero 2022-08-05 13:11:27.211413931 +0200 |
||||
+++ openssl-3.0.1/crypto/ffc/ffc_params.c 2022-08-05 13:11:34.151475891 +0200 |
||||
@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *pa |
||||
|
||||
void ossl_ffc_params_cleanup(FFC_PARAMS *params) |
||||
{ |
||||
- BN_free(params->p); |
||||
- BN_free(params->q); |
||||
- BN_free(params->g); |
||||
- BN_free(params->j); |
||||
+ BN_clear_free(params->p); |
||||
+ BN_clear_free(params->q); |
||||
+ BN_clear_free(params->g); |
||||
+ BN_clear_free(params->j); |
||||
OPENSSL_free(params->seed); |
||||
ossl_ffc_params_init(params); |
||||
} |
||||
diff -up openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero openssl-3.0.1/crypto/rsa/rsa_lib.c |
||||
--- openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero 2022-08-05 13:08:31.875848536 +0200 |
||||
+++ openssl-3.0.1/crypto/rsa/rsa_lib.c 2022-08-05 13:09:35.438416025 +0200 |
||||
@@ -155,8 +155,8 @@ void RSA_free(RSA *r) |
||||
|
||||
CRYPTO_THREAD_lock_free(r->lock); |
||||
|
||||
- BN_free(r->n); |
||||
- BN_free(r->e); |
||||
+ BN_clear_free(r->n); |
||||
+ BN_clear_free(r->e); |
||||
BN_clear_free(r->d); |
||||
BN_clear_free(r->p); |
||||
BN_clear_free(r->q); |
||||
diff -up openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero openssl-3.0.1/providers/implementations/kdfs/hkdf.c |
||||
--- openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero 2022-08-05 13:14:58.827303241 +0200 |
||||
+++ openssl-3.0.1/providers/implementations/kdfs/hkdf.c 2022-08-05 13:16:24.530068399 +0200 |
||||
@@ -116,7 +116,7 @@ static void kdf_hkdf_reset(void *vctx) |
||||
void *provctx = ctx->provctx; |
||||
|
||||
ossl_prov_digest_reset(&ctx->digest); |
||||
- OPENSSL_free(ctx->salt); |
||||
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len); |
||||
OPENSSL_free(ctx->prefix); |
||||
OPENSSL_free(ctx->label); |
||||
OPENSSL_clear_free(ctx->data, ctx->data_len); |
||||
diff -up openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c |
||||
--- openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero 2022-08-05 13:12:40.552068717 +0200 |
||||
+++ openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c 2022-08-05 13:13:34.324548799 +0200 |
||||
@@ -83,7 +83,7 @@ static void *kdf_pbkdf2_new(void *provct |
||||
static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx) |
||||
{ |
||||
ossl_prov_digest_reset(&ctx->digest); |
||||
- OPENSSL_free(ctx->salt); |
||||
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len); |
||||
OPENSSL_clear_free(ctx->pass, ctx->pass_len); |
||||
memset(ctx, 0, sizeof(*ctx)); |
||||
} |
||||
diff -up openssl-3.0.1/crypto/ec/ec_lib.c.fipszero openssl-3.0.1/crypto/ec/ec_lib.c |
||||
--- openssl-3.0.1/crypto/ec/ec_lib.c.fipszero 2022-08-05 13:48:32.221345774 +0200 |
||||
+++ openssl-3.0.1/crypto/ec/ec_lib.c 2022-08-05 13:49:16.138741452 +0200 |
||||
@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *g |
||||
|
||||
void EC_POINT_free(EC_POINT *point) |
||||
{ |
||||
+#ifdef FIPS_MODULE |
||||
+ EC_POINT_clear_free(point); |
||||
+#else |
||||
if (point == NULL) |
||||
return; |
||||
|
||||
if (point->meth->point_finish != 0) |
||||
point->meth->point_finish(point); |
||||
OPENSSL_free(point); |
||||
+#endif |
||||
} |
||||
|
||||
void EC_POINT_clear_free(EC_POINT *point) |
@ -0,0 +1,119 @@
@@ -0,0 +1,119 @@
|
||||
From c4b086fc4de06128695e1fe428f56d776d25e748 Mon Sep 17 00:00:00 2001 |
||||
From: Clemens Lang <cllang@redhat.com> |
||||
Date: Thu, 11 Aug 2022 09:27:12 +0200 |
||||
Subject: [PATCH] Add FIPS indicator parameter to HKDF |
||||
|
||||
NIST considers HKDF only acceptable when used as in TLS 1.3, and |
||||
otherwise unapproved. Add an explicit indicator attached to the |
||||
EVP_KDF_CTX that can be queried using EVP_KDF_CTX_get_params() to |
||||
determine whether the KDF operation was approved after performing it. |
||||
|
||||
Related: rhbz#2114772 |
||||
Signed-off-by: Clemens Lang <cllang@redhat.com> |
||||
--- |
||||
include/openssl/core_names.h | 1 + |
||||
include/openssl/kdf.h | 4 ++ |
||||
providers/implementations/kdfs/hkdf.c | 53 +++++++++++++++++++++++++++ |
||||
3 files changed, 58 insertions(+) |
||||
|
||||
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h |
||||
index 21c94d0488..87786680d7 100644 |
||||
--- a/include/openssl/core_names.h |
||||
+++ b/include/openssl/core_names.h |
||||
@@ -223,6 +223,7 @@ extern "C" { |
||||
#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo" |
||||
#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo" |
||||
#define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits" |
||||
+#define OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR "hkdf-fips-indicator" |
||||
|
||||
/* Known KDF names */ |
||||
#define OSSL_KDF_NAME_HKDF "HKDF" |
||||
diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h |
||||
index 0983230a48..869f23d8fb 100644 |
||||
--- a/include/openssl/kdf.h |
||||
+++ b/include/openssl/kdf.h |
||||
@@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *kdf, |
||||
# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 |
||||
# define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 |
||||
|
||||
+# define EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED 0 |
||||
+# define EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED 1 |
||||
+# define EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED 2 |
||||
+ |
||||
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 |
||||
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 |
||||
#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67 |
||||
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c |
||||
index afdb7138e1..9d28d292d8 100644 |
||||
--- a/providers/implementations/kdfs/hkdf.c |
||||
+++ b/providers/implementations/kdfs/hkdf.c |
||||
@@ -298,6 +298,56 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) |
||||
return 0; |
||||
return OSSL_PARAM_set_size_t(p, sz); |
||||
} |
||||
+ |
||||
+#ifdef FIPS_MODULE |
||||
+ if ((p = OSSL_PARAM_locate(params, |
||||
+ OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR)) != NULL) { |
||||
+ int fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED; |
||||
+ switch (ctx->mode) { |
||||
+ case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND: |
||||
+ /* TLS 1.3 never uses extract-and-expand */ |
||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED; |
||||
+ break; |
||||
+ case EVP_KDF_HKDF_MODE_EXTRACT_ONLY: |
||||
+ { |
||||
+ /* When TLS 1.3 uses extract, the following holds: |
||||
+ * 1. The salt length matches the hash length, and either |
||||
+ * 2.1. the key is all zeroes and matches the hash length, or |
||||
+ * 2.2. the key originates from a PSK (resumption_master_secret |
||||
+ * or some externally esablished key), or an ECDH or DH key |
||||
+ * derivation. See |
||||
+ * https://www.rfc-editor.org/rfc/rfc8446#section-7.1. |
||||
+ * Unfortunately at this point, we cannot verify where the key |
||||
+ * comes from, so all we can do is check the salt length. |
||||
+ */ |
||||
+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); |
||||
+ if (md != NULL && ctx->salt_len == EVP_MD_get_size(md)) |
||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED; |
||||
+ else |
||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED; |
||||
+ } |
||||
+ break; |
||||
+ case EVP_KDF_HKDF_MODE_EXPAND_ONLY: |
||||
+ /* When TLS 1.3 uses expand, it always provides a label that |
||||
+ * contains an uint16 for the length, followed by between 7 and 255 |
||||
+ * bytes for a label string that starts with "tls13 " or "dtls13". |
||||
+ * For compatibility with future versions, we only check for "tls" |
||||
+ * or "dtls". See |
||||
+ * https://www.rfc-editor.org/rfc/rfc8446#section-7.1 and |
||||
+ * https://www.rfc-editor.org/rfc/rfc9147#section-5.9. */ |
||||
+ if (ctx->label != NULL |
||||
+ && ctx->label_len >= 2 /* length */ + 4 /* "dtls" */ |
||||
+ && (strncmp("tls", (const char *)ctx->label + 2, 3) == 0 || |
||||
+ strncmp("dtls", (const char *)ctx->label + 2, 4) == 0)) |
||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED; |
||||
+ else |
||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED; |
||||
+ break; |
||||
+ } |
||||
+ return OSSL_PARAM_set_int(p, fips_indicator); |
||||
+ } |
||||
+#endif /* defined(FIPS_MODULE) */ |
||||
+ |
||||
return -2; |
||||
} |
||||
|
||||
@@ -306,6 +356,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx, |
||||
{ |
||||
static const OSSL_PARAM known_gettable_ctx_params[] = { |
||||
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), |
||||
+#ifdef FIPS_MODULE |
||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR, NULL), |
||||
+#endif /* defined(FIPS_MODULE) */ |
||||
OSSL_PARAM_END |
||||
}; |
||||
return known_gettable_ctx_params; |
||||
-- |
||||
2.37.1 |
||||
|
@ -0,0 +1,399 @@
@@ -0,0 +1,399 @@
|
||||
diff --git a/crypto/punycode.c b/crypto/punycode.c |
||||
index 385b4b1df4..b9b4e3d785 100644 |
||||
--- a/crypto/punycode.c |
||||
+++ b/crypto/punycode.c |
||||
@@ -123,7 +123,6 @@ int ossl_punycode_decode(const char *pEncoded, const size_t enc_len, |
||||
unsigned int bias = initial_bias; |
||||
size_t processed_in = 0, written_out = 0; |
||||
unsigned int max_out = *pout_length; |
||||
- |
||||
unsigned int basic_count = 0; |
||||
unsigned int loop; |
||||
|
||||
@@ -181,11 +180,11 @@ int ossl_punycode_decode(const char *pEncoded, const size_t enc_len, |
||||
n = n + i / (written_out + 1); |
||||
i %= (written_out + 1); |
||||
|
||||
- if (written_out > max_out) |
||||
+ if (written_out >= max_out) |
||||
return 0; |
||||
|
||||
memmove(pDecoded + i + 1, pDecoded + i, |
||||
- (written_out - i) * sizeof *pDecoded); |
||||
+ (written_out - i) * sizeof(*pDecoded)); |
||||
pDecoded[i] = n; |
||||
i++; |
||||
written_out++; |
||||
@@ -255,30 +254,35 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen) |
||||
*/ |
||||
char *outptr = out; |
||||
const char *inptr = in; |
||||
- size_t size = 0; |
||||
+ size_t size = 0, maxsize; |
||||
int result = 1; |
||||
- |
||||
+ unsigned int i, j; |
||||
unsigned int buf[LABEL_BUF_SIZE]; /* It's a hostname */ |
||||
- if (out == NULL) |
||||
+ |
||||
+ if (out == NULL) { |
||||
result = 0; |
||||
+ maxsize = 0; |
||||
+ } else { |
||||
+ maxsize = *outlen; |
||||
+ } |
||||
+ |
||||
+#define PUSHC(c) \ |
||||
+ do \ |
||||
+ if (size++ < maxsize) \ |
||||
+ *outptr++ = c; \ |
||||
+ else \ |
||||
+ result = 0; \ |
||||
+ while (0) |
||||
|
||||
while (1) { |
||||
char *tmpptr = strchr(inptr, '.'); |
||||
- size_t delta = (tmpptr) ? (size_t)(tmpptr - inptr) : strlen(inptr); |
||||
+ size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr); |
||||
|
||||
if (strncmp(inptr, "xn--", 4) != 0) { |
||||
- size += delta + 1; |
||||
- |
||||
- if (size >= *outlen - 1) |
||||
- result = 0; |
||||
- |
||||
- if (result > 0) { |
||||
- memcpy(outptr, inptr, delta + 1); |
||||
- outptr += delta + 1; |
||||
- } |
||||
+ for (i = 0; i < delta + 1; i++) |
||||
+ PUSHC(inptr[i]); |
||||
} else { |
||||
unsigned int bufsize = LABEL_BUF_SIZE; |
||||
- unsigned int i; |
||||
|
||||
if (ossl_punycode_decode(inptr + 4, delta - 4, buf, &bufsize) <= 0) |
||||
return -1; |
||||
@@ -286,26 +290,15 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen) |
||||
for (i = 0; i < bufsize; i++) { |
||||
unsigned char seed[6]; |
||||
size_t utfsize = codepoint2utf8(seed, buf[i]); |
||||
+ |
||||
if (utfsize == 0) |
||||
return -1; |
||||
|
||||
- size += utfsize; |
||||
- if (size >= *outlen - 1) |
||||
- result = 0; |
||||
- |
||||
- if (result > 0) { |
||||
- memcpy(outptr, seed, utfsize); |
||||
- outptr += utfsize; |
||||
- } |
||||
+ for (j = 0; j < utfsize; j++) |
||||
+ PUSHC(seed[j]); |
||||
} |
||||
|
||||
- if (tmpptr != NULL) { |
||||
- *outptr = '.'; |
||||
- outptr++; |
||||
- size++; |
||||
- if (size >= *outlen - 1) |
||||
- result = 0; |
||||
- } |
||||
+ PUSHC(tmpptr != NULL ? '.' : '\0'); |
||||
} |
||||
|
||||
if (tmpptr == NULL) |
||||
@@ -313,7 +306,9 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen) |
||||
|
||||
inptr = tmpptr + 1; |
||||
} |
||||
+#undef PUSHC |
||||
|
||||
+ *outlen = size; |
||||
return result; |
||||
} |
||||
|
||||
@@ -327,12 +322,11 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen) |
||||
|
||||
int ossl_a2ucompare(const char *a, const char *u) |
||||
{ |
||||
- char a_ulabel[LABEL_BUF_SIZE]; |
||||
+ char a_ulabel[LABEL_BUF_SIZE + 1]; |
||||
size_t a_size = sizeof(a_ulabel); |
||||
|
||||
- if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0) { |
||||
+ if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0) |
||||
return -1; |
||||
- } |
||||
|
||||
- return (strcmp(a_ulabel, u) == 0) ? 0 : 1; |
||||
+ return strcmp(a_ulabel, u) != 0; |
||||
} |
||||
diff --git a/test/build.info b/test/build.info |
||||
index 9d2d41e417..638f215da6 100644 |
||||
--- a/test/build.info |
||||
+++ b/test/build.info |
||||
@@ -40,7 +40,7 @@ IF[{- !$disabled{tests} -}] |
||||
exptest pbetest localetest evp_pkey_ctx_new_from_name\ |
||||
evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ |
||||
evp_fetch_prov_test evp_libctx_test ossl_store_test \ |
||||
- v3nametest v3ext \ |
||||
+ v3nametest v3ext punycode_test \ |
||||
evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ |
||||
evp_fetch_prov_test v3nametest v3ext \ |
||||
crltest danetest bad_dtls_test lhash_test sparse_array_test \ |
||||
@@ -290,6 +290,10 @@ IF[{- !$disabled{tests} -}] |
||||
INCLUDE[pkcs7_test]=../include ../apps/include |
||||
DEPEND[pkcs7_test]=../libcrypto libtestutil.a |
||||
|
||||
+ SOURCE[punycode_test]=punycode_test.c |
||||
+ INCLUDE[punycode_test]=../include ../apps/include |
||||
+ DEPEND[punycode_test]=../libcrypto.a libtestutil.a |
||||
+ |
||||
SOURCE[stack_test]=stack_test.c |
||||
INCLUDE[stack_test]=../include ../apps/include |
||||
DEPEND[stack_test]=../libcrypto libtestutil.a |
||||
diff --git a/test/punycode_test.c b/test/punycode_test.c |
||||
new file mode 100644 |
||||
index 0000000000..285ead6966 |
||||
--- /dev/null |
||||
+++ b/test/punycode_test.c |
||||
@@ -0,0 +1,219 @@ |
||||
+/* |
||||
+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. |
||||
+ * |
||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use |
||||
+ * this file except in compliance with the License. You can obtain a copy |
||||
+ * in the file LICENSE in the source distribution or at |
||||
+ * https://www.openssl.org/source/license.html |
||||
+ */ |
||||
+ |
||||
+#include <openssl/crypto.h> |
||||
+ |
||||
+#include "crypto/punycode.h" |
||||
+#include "internal/nelem.h" |
||||
+#include "testutil.h" |
||||
+ |
||||
+ |
||||
+static const struct puny_test { |
||||
+ unsigned int raw[50]; |
||||
+ const char *encoded; |
||||
+} puny_cases[] = { |
||||
+ /* Test cases from RFC 3492 */ |
||||
+ { /* Arabic (Egyptian) */ |
||||
+ { 0x0644, 0x064A, 0x0647, 0x0645, 0x0627, 0x0628, 0x062A, 0x0643, 0x0644, |
||||
+ 0x0645, 0x0648, 0x0634, 0x0639, 0x0631, 0x0628, 0x064A, 0x061F |
||||
+ }, |
||||
+ "egbpdaj6bu4bxfgehfvwxn" |
||||
+ }, |
||||
+ { /* Chinese (simplified) */ |
||||
+ { 0x4ED6, 0x4EEC, 0x4E3A, 0x4EC0, 0x4E48, 0x4E0D, 0x8BF4, 0x4E2D, 0x6587 |
||||
+ }, |
||||
+ "ihqwcrb4cv8a8dqg056pqjye" |
||||
+ }, |
||||
+ { /* Chinese (traditional) */ |
||||
+ { 0x4ED6, 0x5011, 0x7232, 0x4EC0, 0x9EBD, 0x4E0D, 0x8AAA, 0x4E2D, 0x6587 |
||||
+ }, |
||||
+ "ihqwctvzc91f659drss3x8bo0yb" |
||||
+ }, |
||||
+ { /* Czech: Pro<ccaron>prost<ecaron>nemluv<iacute><ccaron>esky */ |
||||
+ { 0x0050, 0x0072, 0x006F, 0x010D, 0x0070, 0x0072, 0x006F, 0x0073, 0x0074, |
||||
+ 0x011B, 0x006E, 0x0065, 0x006D, 0x006C, 0x0075, 0x0076, 0x00ED, 0x010D, |
||||
+ 0x0065, 0x0073, 0x006B, 0x0079 |
||||
+ }, |
||||
+ "Proprostnemluvesky-uyb24dma41a" |
||||
+ }, |
||||
+ { /* Hebrew */ |
||||
+ { 0x05DC, 0x05DE, 0x05D4, 0x05D4, 0x05DD, 0x05E4, 0x05E9, 0x05D5, 0x05D8, |
||||
+ 0x05DC, 0x05D0, 0x05DE, 0x05D3, 0x05D1, 0x05E8, 0x05D9, 0x05DD, 0x05E2, |
||||
+ 0x05D1, 0x05E8, 0x05D9, 0x05EA |
||||
+ }, |
||||
+ "4dbcagdahymbxekheh6e0a7fei0b" |
||||
+ }, |
||||
+ { /* Hindi (Devanagari) */ |
||||
+ { 0x092F, 0x0939, 0x0932, 0x094B, 0x0917, 0x0939, 0x093F, 0x0928, 0x094D, |
||||
+ 0x0926, 0x0940, 0x0915, 0x094D, 0x092F, 0x094B, 0x0902, 0x0928, 0x0939, |
||||
+ 0x0940, 0x0902, 0x092C, 0x094B, 0x0932, 0x0938, 0x0915, 0x0924, 0x0947, |
||||
+ 0x0939, 0x0948, 0x0902 |
||||
+ }, |
||||
+ "i1baa7eci9glrd9b2ae1bj0hfcgg6iyaf8o0a1dig0cd" |
||||
+ }, |
||||
+ { /* Japanese (kanji and hiragana) */ |
||||
+ { 0x306A, 0x305C, 0x307F, 0x3093, 0x306A, 0x65E5, 0x672C, 0x8A9E, 0x3092, |
||||
+ 0x8A71, 0x3057, 0x3066, 0x304F, 0x308C, 0x306A, 0x3044, 0x306E, 0x304B |
||||
+ }, |
||||
+ "n8jok5ay5dzabd5bym9f0cm5685rrjetr6pdxa" |
||||
+ }, |
||||
+ { /* Korean (Hangul syllables) */ |
||||
+ { 0xC138, 0xACC4, 0xC758, 0xBAA8, 0xB4E0, 0xC0AC, 0xB78C, 0xB4E4, 0xC774, |
||||
+ 0xD55C, 0xAD6D, 0xC5B4, 0xB97C, 0xC774, 0xD574, 0xD55C, 0xB2E4, 0xBA74, |
||||
+ 0xC5BC, 0xB9C8, 0xB098, 0xC88B, 0xC744, 0xAE4C |
||||
+ }, |
||||
+ "989aomsvi5e83db1d2a355cv1e0vak1dwrv93d5xbh15a0dt30a5jpsd879ccm6fea98c" |
||||
+ }, |
||||
+ { /* Russian (Cyrillic) */ |
||||
+ { 0x043F, 0x043E, 0x0447, 0x0435, 0x043C, 0x0443, 0x0436, 0x0435, 0x043E, |
||||
+ 0x043D, 0x0438, 0x043D, 0x0435, 0x0433, 0x043E, 0x0432, 0x043E, 0x0440, |
||||
+ 0x044F, 0x0442, 0x043F, 0x043E, 0x0440, 0x0443, 0x0441, 0x0441, 0x043A, |
||||
+ 0x0438 |
||||
+ }, |
||||
+ "b1abfaaepdrnnbgefbaDotcwatmq2g4l" |
||||
+ }, |
||||
+ { /* Spanish */ |
||||
+ { 0x0050, 0x006F, 0x0072, 0x0071, 0x0075, 0x00E9, 0x006E, 0x006F, 0x0070, |
||||
+ 0x0075, 0x0065, 0x0064, 0x0065, 0x006E, 0x0073, 0x0069, 0x006D, 0x0070, |
||||
+ 0x006C, 0x0065, 0x006D, 0x0065, 0x006E, 0x0074, 0x0065, 0x0068, 0x0061, |
||||
+ 0x0062, 0x006C, 0x0061, 0x0072, 0x0065, 0x006E, 0x0045, 0x0073, 0x0070, |
||||
+ 0x0061, 0x00F1, 0x006F, 0x006C |
||||
+ }, |
||||
+ "PorqunopuedensimplementehablarenEspaol-fmd56a" |
||||
+ }, |
||||
+ { /* Vietnamese */ |
||||
+ { 0x0054, 0x1EA1, 0x0069, 0x0073, 0x0061, 0x006F, 0x0068, 0x1ECD, 0x006B, |
||||
+ 0x0068, 0x00F4, 0x006E, 0x0067, 0x0074, 0x0068, 0x1EC3, 0x0063, 0x0068, |
||||
+ 0x1EC9, 0x006E, 0x00F3, 0x0069, 0x0074, 0x0069, 0x1EBF, 0x006E, 0x0067, |
||||
+ 0x0056, 0x0069, 0x1EC7, 0x0074 |
||||
+ }, |
||||
+ "TisaohkhngthchnitingVit-kjcr8268qyxafd2f1b9g" |
||||
+ }, |
||||
+ { /* Japanese: 3<nen>B<gumi><kinpachi><sensei> */ |
||||
+ { 0x0033, 0x5E74, 0x0042, 0x7D44, 0x91D1, 0x516B, 0x5148, 0x751F |
||||
+ }, |
||||
+ "3B-ww4c5e180e575a65lsy2b" |
||||
+ }, |
||||
+ { /* Japanese: <amuro><namie>-with-SUPER-MONKEYS */ |
||||
+ { 0x5B89, 0x5BA4, 0x5948, 0x7F8E, 0x6075, 0x002D, 0x0077, 0x0069, 0x0074, |
||||
+ 0x0068, 0x002D, 0x0053, 0x0055, 0x0050, 0x0045, 0x0052, 0x002D, 0x004D, |
||||
+ 0x004F, 0x004E, 0x004B, 0x0045, 0x0059, 0x0053 |
||||
+ }, |
||||
+ "-with-SUPER-MONKEYS-pc58ag80a8qai00g7n9n" |
||||
+ }, |
||||
+ { /* Japanese: Hello-Another-Way-<sorezore><no><basho> */ |
||||
+ { 0x0048, 0x0065, 0x006C, 0x006C, 0x006F, 0x002D, 0x0041, 0x006E, 0x006F, |
||||
+ 0x0074, 0x0068, 0x0065, 0x0072, 0x002D, 0x0057, 0x0061, 0x0079, 0x002D, |
||||
+ 0x305D, 0x308C, 0x305E, 0x308C, 0x306E, 0x5834, 0x6240 |
||||
+ }, |
||||
+ "Hello-Another-Way--fc4qua05auwb3674vfr0b" |
||||
+ }, |
||||
+ { /* Japanese: <hitotsu><yane><no><shita>2 */ |
||||
+ { 0x3072, 0x3068, 0x3064, 0x5C4B, 0x6839, 0x306E, 0x4E0B, 0x0032 |
||||
+ }, |
||||
+ "2-u9tlzr9756bt3uc0v" |
||||
+ }, |
||||
+ { /* Japanese: Maji<de>Koi<suru>5<byou><mae> */ |
||||
+ { 0x004D, 0x0061, 0x006A, 0x0069, 0x3067, 0x004B, 0x006F, 0x0069, 0x3059, |
||||
+ 0x308B, 0x0035, 0x79D2, 0x524D |
||||
+ }, |
||||
+ "MajiKoi5-783gue6qz075azm5e" |
||||
+ }, |
||||
+ { /* Japanese: <pafii>de<runba> */ |
||||
+ { 0x30D1, 0x30D5, 0x30A3, 0x30FC, 0x0064, 0x0065, 0x30EB, 0x30F3, 0x30D0 |
||||
+ }, |
||||
+ "de-jg4avhby1noc0d" |
||||
+ }, |
||||
+ { /* Japanese: <sono><supiido><de> */ |
||||
+ { 0x305D, 0x306E, 0x30B9, 0x30D4, 0x30FC, 0x30C9, 0x3067 |
||||
+ }, |
||||
+ "d9juau41awczczp" |
||||
+ }, |
||||
+ { /* -> $1.00 <- */ |
||||
+ { 0x002D, 0x003E, 0x0020, 0x0024, 0x0031, 0x002E, 0x0030, 0x0030, 0x0020, |
||||
+ 0x003C, 0x002D |
||||
+ }, |
||||
+ "-> $1.00 <--" |
||||
+ } |
||||
+}; |
||||
+ |
||||
+static int test_punycode(int n) |
||||
+{ |
||||
+ const struct puny_test *tc = puny_cases + n; |
||||
+ unsigned int buffer[50]; |
||||
+ unsigned int bsize = OSSL_NELEM(buffer); |
||||
+ size_t i; |
||||
+ |
||||
+ if (!TEST_true(ossl_punycode_decode(tc->encoded, strlen(tc->encoded), |
||||
+ buffer, &bsize))) |
||||
+ return 0; |
||||
+ for (i = 0; i < sizeof(tc->raw); i++) |
||||
+ if (tc->raw[i] == 0) |
||||
+ break; |
||||
+ if (!TEST_mem_eq(buffer, bsize * sizeof(*buffer), |
||||
+ tc->raw, i * sizeof(*tc->raw))) |
||||
+ return 0; |
||||
+ return 1; |
||||
+} |
||||
+ |
||||
+static int test_a2ulabel(void) |
||||
+{ |
||||
+ char out[50]; |
||||
+ size_t outlen; |
||||
+ |
||||
+ /* |
||||
+ * Test that no buffer correctly returns the true length. |
||||
+ * The punycode being passed in and parsed is malformed but we're not |
||||
+ * verifying that behaviour here. |
||||
+ */ |
||||
+ if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", NULL, &outlen), 0) |
||||
+ || !TEST_size_t_eq(outlen, 7) |
||||
+ || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1)) |
||||
+ return 0; |
||||
+ /* Test that a short input length returns the true length */ |
||||
+ outlen = 1; |
||||
+ if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 0) |
||||
+ || !TEST_size_t_eq(outlen, 7) |
||||
+ || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1) |
||||
+ || !TEST_str_eq(out,"\xc2\x80.b.c")) |
||||
+ return 0; |
||||
+ /* Test for an off by one on the buffer size works */ |
||||
+ outlen = 6; |
||||
+ if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 0) |
||||
+ || !TEST_size_t_eq(outlen, 7) |
||||
+ || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1) |
||||
+ || !TEST_str_eq(out,"\xc2\x80.b.c")) |
||||
+ return 0; |
||||
+ return 1; |
||||
+} |
||||
+ |
||||
+static int test_puny_overrun(void) |
||||
+{ |
||||
+ static const unsigned int out[] = { |
||||
+ 0x0033, 0x5E74, 0x0042, 0x7D44, 0x91D1, 0x516B, 0x5148, 0x751F |
||||
+ }; |
||||
+ static const char *in = "3B-ww4c5e180e575a65lsy2b"; |
||||
+ unsigned int buf[OSSL_NELEM(out)]; |
||||
+ unsigned int bsize = OSSL_NELEM(buf) - 1; |
||||
+ |
||||
+ if (!TEST_false(ossl_punycode_decode(in, strlen(in), buf, &bsize))) { |
||||
+ if (TEST_mem_eq(buf, bsize * sizeof(*buf), out, sizeof(out))) |
||||
+ TEST_error("CRITICAL: buffer overrun detected!"); |
||||
+ return 0; |
||||
+ } |
||||
+ return 1; |
||||
+} |
||||
+ |
||||
+int setup_tests(void) |
||||
+{ |
||||
+ ADD_ALL_TESTS(test_punycode, OSSL_NELEM(puny_cases)); |
||||
+ ADD_TEST(test_a2ulabel); |
||||
+ ADD_TEST(test_puny_overrun); |
||||
+ return 1; |
||||
+} |
||||
diff --git a/test/recipes/04-test_punycode.t b/test/recipes/04-test_punycode.t |
||||
new file mode 100644 |
||||
index 0000000000..de213c7e15 |
||||
--- /dev/null |
||||
+++ b/test/recipes/04-test_punycode.t |
||||
@@ -0,0 +1,11 @@ |
||||
+#! /usr/bin/env perl |
||||
+# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. |
||||
+# |
||||
+# Licensed under the Apache License 2.0 (the "License"). You may not use |
||||
+# this file except in compliance with the License. You can obtain a copy |
||||
+# in the file LICENSE in the source distribution or at |
||||
+# https://www.openssl.org/source/license.html |
||||
+ |
||||
+use OpenSSL::Test::Simple; |
||||
+ |
||||
+simple_test("test_punycode", "punycode_test"); |
@ -0,0 +1,82 @@
@@ -0,0 +1,82 @@
|
||||
UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8) |
||||
DAYS=365 |
||||
KEYLEN=2048 |
||||
TYPE=rsa:$(KEYLEN) |
||||
EXTRA_FLAGS= |
||||
ifdef SERIAL |
||||
EXTRA_FLAGS+=-set_serial $(SERIAL) |
||||
endif |
||||
|
||||
.PHONY: usage |
||||
.SUFFIXES: .key .csr .crt .pem |
||||
.PRECIOUS: %.key %.csr %.crt %.pem |
||||
|
||||
usage: |
||||
@echo "This makefile allows you to create:" |
||||
@echo " o public/private key pairs" |
||||
@echo " o SSL certificate signing requests (CSRs)" |
||||
@echo " o self-signed SSL test certificates" |
||||
@echo |
||||
@echo "To create a key pair, run \"make SOMETHING.key\"." |
||||
@echo "To create a CSR, run \"make SOMETHING.csr\"." |
||||
@echo "To create a test certificate, run \"make SOMETHING.crt\"." |
||||
@echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"." |
||||
@echo |
||||
@echo "To create a key for use with Apache, run \"make genkey\"." |
||||
@echo "To create a CSR for use with Apache, run \"make certreq\"." |
||||
@echo "To create a test certificate for use with Apache, run \"make testcert\"." |
||||
@echo |
||||
@echo "To create a test certificate with serial number other than random, add SERIAL=num" |
||||
@echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n" |
||||
@echo "Any additional options can be passed to openssl req via EXTRA_FLAGS" |
||||
@echo |
||||
@echo Examples: |
||||
@echo " make server.key" |
||||
@echo " make server.csr" |
||||
@echo " make server.crt" |
||||
@echo " make stunnel.pem" |
||||
@echo " make genkey" |
||||
@echo " make certreq" |
||||
@echo " make testcert" |
||||
@echo " make server.crt SERIAL=1" |
||||
@echo " make stunnel.pem EXTRA_FLAGS=-sha384" |
||||
@echo " make testcert DAYS=600" |
||||
|
||||
%.pem: |
||||
umask 77 ; \ |
||||
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ |
||||
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \ |
||||
/usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \ |
||||
cat $$PEM1 > $@ ; \ |
||||
echo "" >> $@ ; \ |
||||
cat $$PEM2 >> $@ ; \ |
||||
$(RM) $$PEM1 $$PEM2 |
||||
|
||||
%.key: |
||||
umask 77 ; \ |
||||
/usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@ |
||||
|
||||
%.csr: %.key |
||||
umask 77 ; \ |
||||
/usr/bin/openssl req $(UTF8) -new -key $^ -out $@ |
||||
|
||||
%.crt: %.key |
||||
umask 77 ; \ |
||||
/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS) |
||||
|
||||
TLSROOT=/etc/pki/tls |
||||
KEY=$(TLSROOT)/private/localhost.key |
||||
CSR=$(TLSROOT)/certs/localhost.csr |
||||
CRT=$(TLSROOT)/certs/localhost.crt |
||||
|
||||
genkey: $(KEY) |
||||
certreq: $(CSR) |
||||
testcert: $(CRT) |
||||
|
||||
$(CSR): $(KEY) |
||||
umask 77 ; \ |
||||
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR) |
||||
|
||||
$(CRT): $(KEY) |
||||
umask 77 ; \ |
||||
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS) |
@ -0,0 +1,7 @@
@@ -0,0 +1,7 @@
|
||||
/* Prepended at openssl package build-time. Don't include this file directly, |
||||
* use <openssl/opensslconf.h> instead. */ |
||||
|
||||
#ifndef openssl_conf_multilib_redirection_h |
||||
#error "Don't include this file directly, use <openssl/opensslconf.h> instead!" |
||||
#endif |
||||
|
@ -0,0 +1,47 @@
@@ -0,0 +1,47 @@
|
||||
/* This file is here to prevent a file conflict on multiarch systems. A |
||||
* conflict will frequently occur because arch-specific build-time |
||||
* configuration options are stored (and used, so they can't just be stripped |
||||
* out) in configuration.h. The original configuration.h has been renamed. |
||||
* DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */ |
||||
|
||||
#ifdef openssl_conf_multilib_redirection_h |
||||
#error "Do not define openssl_conf_multilib_redirection_h!" |
||||
#endif |
||||
#define openssl_conf_multilib_redirection_h |
||||
|
||||
#if defined(__i386__) |
||||
#include "configuration-i386.h" |
||||
#elif defined(__ia64__) |
||||
#include "configuration-ia64.h" |
||||
#elif defined(__mips64) && defined(__MIPSEL__) |
||||
#include "configuration-mips64el.h" |
||||
#elif defined(__mips64) |
||||
#include "configuration-mips64.h" |
||||
#elif defined(__mips) && defined(__MIPSEL__) |
||||
#include "configuration-mipsel.h" |
||||
#elif defined(__mips) |
||||
#include "configuration-mips.h" |
||||
#elif defined(__powerpc64__) |
||||
#include <endian.h> |
||||
#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ |
||||
#include "configuration-ppc64.h" |
||||
#else |
||||
#include "configuration-ppc64le.h" |
||||
#endif |
||||
#elif defined(__powerpc__) |
||||
#include "configuration-ppc.h" |
||||
#elif defined(__s390x__) |
||||
#include "configuration-s390x.h" |
||||
#elif defined(__s390__) |
||||
#include "configuration-s390.h" |
||||
#elif defined(__sparc__) && defined(__arch64__) |
||||
#include "configuration-sparc64.h" |
||||
#elif defined(__sparc__) |
||||
#include "configuration-sparc.h" |
||||
#elif defined(__x86_64__) |
||||
#include "configuration-x86_64.h" |
||||
#else |
||||
#error "The openssl-devel package does not work your architecture?" |
||||
#endif |
||||
|
||||
#undef openssl_conf_multilib_redirection_h |
@ -0,0 +1,628 @@
@@ -0,0 +1,628 @@
|
||||
/* |
||||
* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. |
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
||||
* |
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use |
||||
* this file except in compliance with the License. You can obtain a copy |
||||
* in the file LICENSE in the source distribution or at |
||||
* https://www.openssl.org/source/license.html |
||||
*/ |
||||
|
||||
/* |
||||
* ECDSA low level APIs are deprecated for public use, but still ok for |
||||
* internal use. |
||||
*/ |
||||
#include "internal/deprecated.h" |
||||
|
||||
#include <string.h> |
||||
#include "ec_local.h" |
||||
#include <openssl/err.h> |
||||
#include <openssl/obj_mac.h> |
||||
#include <openssl/objects.h> |
||||
#include <openssl/opensslconf.h> |
||||
#include "internal/nelem.h" |
||||
|
||||
typedef struct { |
||||
int field_type, /* either NID_X9_62_prime_field or |
||||
* NID_X9_62_characteristic_two_field */ |
||||
seed_len, param_len; |
||||
unsigned int cofactor; /* promoted to BN_ULONG */ |
||||
} EC_CURVE_DATA; |
||||
|
||||
/* the nist prime curves */ |
||||
static const struct { |
||||
EC_CURVE_DATA h; |
||||
unsigned char data[20 + 28 * 6]; |
||||
} _EC_NIST_PRIME_224 = { |
||||
{ |
||||
NID_X9_62_prime_field, 20, 28, 1 |
||||
}, |
||||
{ |
||||
/* seed */ |
||||
0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F, |
||||
0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5, |
||||
/* p */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
||||
0x00, 0x00, 0x00, 0x01, |
||||
/* a */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFE, |
||||
/* b */ |
||||
0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56, |
||||
0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, |
||||
0x23, 0x55, 0xFF, 0xB4, |
||||
/* x */ |
||||
0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9, |
||||
0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, |
||||
0x11, 0x5C, 0x1D, 0x21, |
||||
/* y */ |
||||
0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6, |
||||
0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99, |
||||
0x85, 0x00, 0x7e, 0x34, |
||||
/* order */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, |
||||
0x5C, 0x5C, 0x2A, 0x3D |
||||
} |
||||
}; |
||||
|
||||
static const struct { |
||||
EC_CURVE_DATA h; |
||||
unsigned char data[20 + 48 * 6]; |
||||
} _EC_NIST_PRIME_384 = { |
||||
{ |
||||
NID_X9_62_prime_field, 20, 48, 1 |
||||
}, |
||||
{ |
||||
/* seed */ |
||||
0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A, |
||||
0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73, |
||||
/* p */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
/* a */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC, |
||||
/* b */ |
||||
0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B, |
||||
0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12, |
||||
0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D, |
||||
0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF, |
||||
/* x */ |
||||
0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E, |
||||
0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98, |
||||
0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D, |
||||
0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7, |
||||
/* y */ |
||||
0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf, |
||||
0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c, |
||||
0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, |
||||
0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f, |
||||
/* order */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2, |
||||
0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 |
||||
} |
||||
}; |
||||
|
||||
static const struct { |
||||
EC_CURVE_DATA h; |
||||
unsigned char data[20 + 66 * 6]; |
||||
} _EC_NIST_PRIME_521 = { |
||||
{ |
||||
NID_X9_62_prime_field, 20, 66, 1 |
||||
}, |
||||
{ |
||||
/* seed */ |
||||
0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17, |
||||
0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA, |
||||
/* p */ |
||||
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
/* a */ |
||||
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, |
||||
/* b */ |
||||
0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A, |
||||
0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, |
||||
0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19, |
||||
0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, |
||||
0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45, |
||||
0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00, |
||||
/* x */ |
||||
0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E, |
||||
0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, |
||||
0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B, |
||||
0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, |
||||
0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E, |
||||
0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66, |
||||
/* y */ |
||||
0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, |
||||
0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, |
||||
0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, |
||||
0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, |
||||
0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, |
||||
0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, |
||||
/* order */ |
||||
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86, |
||||
0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, |
||||
0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F, |
||||
0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09 |
||||
} |
||||
}; |
||||
|
||||
static const struct { |
||||
EC_CURVE_DATA h; |
||||
unsigned char data[20 + 32 * 6]; |
||||
} _EC_X9_62_PRIME_256V1 = { |
||||
{ |
||||
NID_X9_62_prime_field, 20, 32, 1 |
||||
}, |
||||
{ |
||||
/* seed */ |
||||
0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1, |
||||
0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90, |
||||
/* p */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
/* a */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, |
||||
/* b */ |
||||
0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55, |
||||
0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, |
||||
0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B, |
||||
/* x */ |
||||
0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5, |
||||
0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, |
||||
0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96, |
||||
/* y */ |
||||
0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, |
||||
0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, |
||||
0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, |
||||
/* order */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, |
||||
0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 |
||||
} |
||||
}; |
||||
|
||||
static const struct { |
||||
EC_CURVE_DATA h; |
||||
unsigned char data[0 + 32 * 6]; |
||||
} _EC_SECG_PRIME_256K1 = { |
||||
{ |
||||
NID_X9_62_prime_field, 0, 32, 1 |
||||
}, |
||||
{ |
||||
/* no seed */ |
||||
/* p */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F, |
||||
/* a */ |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
||||
/* b */ |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, |
||||
/* x */ |
||||
0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, |
||||
0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, |
||||
0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, |
||||
/* y */ |
||||
0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc, |
||||
0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, |
||||
0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, |
||||
/* order */ |
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
||||
0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, |
||||
0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41 |
||||
} |
||||
}; |
||||
|
||||
typedef struct _ec_list_element_st { |
||||
int nid; |
||||
const EC_CURVE_DATA *data; |
||||
const EC_METHOD *(*meth) (void); |
||||
const char *comment; |
||||
} ec_list_element; |
||||
|
||||
#ifdef FIPS_MODULE |
||||
static const ec_list_element curve_list[] = { |
||||
/* prime field curves */ |
||||
/* secg curves */ |
||||
{NID_secp224r1, &_EC_NIST_PRIME_224.h, |
||||
# if !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) |
||||
EC_GFp_nistp224_method, |
||||
# else |
||||
0, |
||||
# endif |
||||
"NIST/SECG curve over a 224 bit prime field"}, |
||||
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ |
||||
{NID_secp384r1, &_EC_NIST_PRIME_384.h, |
||||
# if defined(S390X_EC_ASM) |
||||
EC_GFp_s390x_nistp384_method, |
||||
# else |
||||
0, |
||||
# endif |
||||
"NIST/SECG curve over a 384 bit prime field"}, |
||||
|
||||
{NID_secp521r1, &_EC_NIST_PRIME_521.h, |
||||
# if defined(S390X_EC_ASM) |
||||
EC_GFp_s390x_nistp521_method, |
||||
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) |
||||
EC_GFp_nistp521_method, |
||||
# else |
||||
0, |
||||
# endif |
||||
"NIST/SECG curve over a 521 bit prime field"}, |
||||
|
||||
/* X9.62 curves */ |
||||
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, |
||||
# if defined(ECP_NISTZ256_ASM) |
||||
EC_GFp_nistz256_method, |
||||
# elif defined(S390X_EC_ASM) |
||||
EC_GFp_s390x_nistp256_method, |
||||
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) |
||||
EC_GFp_nistp256_method, |
||||
# else |
||||
0, |
||||
# endif |
||||
"X9.62/SECG curve over a 256 bit prime field"}, |
||||
}; |
||||
|
||||
#else |
||||
|
||||
static const ec_list_element curve_list[] = { |
||||
/* prime field curves */ |
||||
/* secg curves */ |
||||
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 |
||||
{NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, |
||||
"NIST/SECG curve over a 224 bit prime field"}, |
||||
# else |
||||
{NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, |
||||
"NIST/SECG curve over a 224 bit prime field"}, |
||||
# endif |
||||
{NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, |
||||
"SECG curve over a 256 bit prime field"}, |
||||
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ |
||||
{NID_secp384r1, &_EC_NIST_PRIME_384.h, |
||||
# if defined(S390X_EC_ASM) |
||||
EC_GFp_s390x_nistp384_method, |
||||
# else |
||||
0, |
||||
# endif |
||||
"NIST/SECG curve over a 384 bit prime field"}, |
||||
{NID_secp521r1, &_EC_NIST_PRIME_521.h, |
||||
# if defined(S390X_EC_ASM) |
||||
EC_GFp_s390x_nistp521_method, |
||||
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) |
||||
EC_GFp_nistp521_method, |
||||
# else |
||||
0, |
||||
# endif |
||||
"NIST/SECG curve over a 521 bit prime field"}, |
||||
/* X9.62 curves */ |
||||
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, |
||||
# if defined(ECP_NISTZ256_ASM) |
||||
EC_GFp_nistz256_method, |
||||
# elif defined(S390X_EC_ASM) |
||||
EC_GFp_s390x_nistp256_method, |
||||
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) |
||||
EC_GFp_nistp256_method, |
||||
# else |
||||
0, |
||||
# endif |
||||
"X9.62/SECG curve over a 256 bit prime field"}, |
||||
}; |
||||
#endif /* FIPS_MODULE */ |
||||
|
||||
#define curve_list_length OSSL_NELEM(curve_list) |
||||
|
||||
static const ec_list_element *ec_curve_nid2curve(int nid) |
||||
{ |
||||
size_t i; |
||||
|
||||
if (nid <= 0) |
||||
return NULL; |
||||
|
||||
for (i = 0; i < curve_list_length; i++) { |
||||
if (curve_list[i].nid == nid) |
||||
return &curve_list[i]; |
||||
} |
||||
return NULL; |
||||
} |
||||
|
||||
static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx, |
||||
const char *propq, |
||||
const ec_list_element curve) |
||||
{ |
||||
EC_GROUP *group = NULL; |
||||
EC_POINT *P = NULL; |
||||
BN_CTX *ctx = NULL; |
||||
BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order = |
||||
NULL; |
||||
int ok = 0; |
||||
int seed_len, param_len; |
||||
const EC_METHOD *meth; |
||||
const EC_CURVE_DATA *data; |
||||
const unsigned char *params; |
||||
|
||||
/* If no curve data curve method must handle everything */ |
||||
if (curve.data == NULL) |
||||
return ossl_ec_group_new_ex(libctx, propq, |
||||
curve.meth != NULL ? curve.meth() : NULL); |
||||
|
||||
if ((ctx = BN_CTX_new_ex(libctx)) == NULL) { |
||||
ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); |
||||
goto err; |
||||
} |
||||
|
||||
data = curve.data; |
||||
seed_len = data->seed_len; |
||||
param_len = data->param_len; |
||||
params = (const unsigned char *)(data + 1); /* skip header */ |
||||
params += seed_len; /* skip seed */ |
||||
|
||||
if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL |
||||
|| (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL |
||||
|| (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) { |
||||
ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); |
||||
goto err; |
||||
} |
||||
|
||||
if (curve.meth != 0) { |
||||
meth = curve.meth(); |
||||
if (((group = ossl_ec_group_new_ex(libctx, propq, meth)) == NULL) || |
||||
(!(group->meth->group_set_curve(group, p, a, b, ctx)))) { |
||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); |
||||
goto err; |
||||
} |
||||
} else if (data->field_type == NID_X9_62_prime_field) { |
||||
if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { |
||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); |
||||
goto err; |
||||
} |
||||
} |
||||
#ifndef OPENSSL_NO_EC2M |
||||
else { /* field_type == |
||||
* NID_X9_62_characteristic_two_field */ |
||||
|
||||
if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) { |
||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); |
||||
goto err; |
||||
} |
||||
} |
||||
#endif |
||||
|
||||
EC_GROUP_set_curve_name(group, curve.nid); |
||||
|
||||
if ((P = EC_POINT_new(group)) == NULL) { |
||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); |
||||
goto err; |
||||
} |
||||
|
||||
if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL |
||||
|| (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) { |
||||
ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); |
||||
goto err; |
||||
} |
||||
if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) { |
||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); |
||||
goto err; |
||||
} |
||||
if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL |
||||
|| !BN_set_word(x, (BN_ULONG)data->cofactor)) { |
||||
ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); |
||||
goto err; |
||||
} |
||||
if (!EC_GROUP_set_generator(group, P, order, x)) { |
||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); |
||||
goto err; |
||||
} |
||||
if (seed_len) { |
||||
if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) { |
||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); |
||||
goto err; |
||||
} |
||||
} |
||||
ok = 1; |
||||
err: |
||||
if (!ok) { |
||||
EC_GROUP_free(group); |
||||
group = NULL; |
||||
} |
||||
EC_POINT_free(P); |
||||
BN_CTX_free(ctx); |
||||
BN_free(p); |
||||
BN_free(a); |
||||
BN_free(b); |
||||
BN_free(order); |
||||
BN_free(x); |
||||
BN_free(y); |
||||
return group; |
||||
} |
||||
|
||||
EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq, |
||||
int nid) |
||||
{ |
||||
EC_GROUP *ret = NULL; |
||||
const ec_list_element *curve; |
||||
|
||||
if ((curve = ec_curve_nid2curve(nid)) == NULL |
||||
|| (ret = ec_group_new_from_data(libctx, propq, *curve)) == NULL) { |
||||
#ifndef FIPS_MODULE |
||||
ERR_raise_data(ERR_LIB_EC, EC_R_UNKNOWN_GROUP, |
||||
"name=%s", OBJ_nid2sn(nid)); |
||||
#else |
||||
ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP); |
||||
#endif |
||||
return NULL; |
||||
} |
||||
|
||||
return ret; |
||||
} |
||||
|
||||
#ifndef FIPS_MODULE |
||||
EC_GROUP *EC_GROUP_new_by_curve_name(int nid) |
||||
{ |
||||
return EC_GROUP_new_by_curve_name_ex(NULL, NULL, nid); |
||||
} |
||||
#endif |
||||
|
||||
size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) |
||||
{ |
||||
size_t i, min; |
||||
|
||||
if (r == NULL || nitems == 0) |
||||
return curve_list_length; |
||||
|
||||
min = nitems < curve_list_length ? nitems : curve_list_length; |
||||
|
||||
for (i = 0; i < min; i++) { |
||||
r[i].nid = curve_list[i].nid; |
||||
r[i].comment = curve_list[i].comment; |
||||
} |
||||
|
||||
return curve_list_length; |
||||
} |
||||
|
||||
const char *EC_curve_nid2nist(int nid) |
||||
{ |
||||
return ossl_ec_curve_nid2nist_int(nid); |
||||
} |
||||
|
||||
int EC_curve_nist2nid(const char *name) |
||||
{ |
||||
return ossl_ec_curve_nist2nid_int(name); |
||||
} |
||||
|
||||
#define NUM_BN_FIELDS 6 |
||||
/* |
||||
* Validates EC domain parameter data for known named curves. |
||||
* This can be used when a curve is loaded explicitly (without a curve |
||||
* name) or to validate that domain parameters have not been modified. |
||||
* |
||||
* Returns: The nid associated with the found named curve, or NID_undef |
||||
* if not found. If there was an error it returns -1. |
||||
*/ |
||||
int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx) |
||||
{ |
||||
int ret = -1, nid, len, field_type, param_len; |
||||
size_t i, seed_len; |
||||
const unsigned char *seed, *params_seed, *params; |
||||
unsigned char *param_bytes = NULL; |
||||
const EC_CURVE_DATA *data; |
||||
const EC_POINT *generator = NULL; |
||||
const BIGNUM *cofactor = NULL; |
||||
/* An array of BIGNUMs for (p, a, b, x, y, order) */ |
||||
BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL}; |
||||
|
||||
/* Use the optional named curve nid as a search field */ |
||||
nid = EC_GROUP_get_curve_name(group); |
||||
field_type = EC_GROUP_get_field_type(group); |
||||
seed_len = EC_GROUP_get_seed_len(group); |
||||
seed = EC_GROUP_get0_seed(group); |
||||
cofactor = EC_GROUP_get0_cofactor(group); |
||||
|
||||
BN_CTX_start(ctx); |
||||
|
||||
/* |
||||
* The built-in curves contains data fields (p, a, b, x, y, order) that are |
||||
* all zero-padded to be the same size. The size of the padding is |
||||
* determined by either the number of bytes in the field modulus (p) or the |
||||
* EC group order, whichever is larger. |
||||
*/ |
||||
param_len = BN_num_bytes(group->order); |
||||
len = BN_num_bytes(group->field); |
||||
if (len > param_len) |
||||
param_len = len; |
||||
|
||||
/* Allocate space to store the padded data for (p, a, b, x, y, order) */ |
||||
param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS); |
||||
if (param_bytes == NULL) |
||||
goto end; |
||||
|
||||
/* Create the bignums */ |
||||
for (i = 0; i < NUM_BN_FIELDS; ++i) { |
||||
if ((bn[i] = BN_CTX_get(ctx)) == NULL) |
||||
goto end; |
||||
} |
||||
/* |
||||
* Fill in the bn array with the same values as the internal curves |
||||
* i.e. the values are p, a, b, x, y, order. |
||||
*/ |
||||
/* Get p, a & b */ |
||||
if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx) |
||||
&& ((generator = EC_GROUP_get0_generator(group)) != NULL) |
||||
/* Get x & y */ |
||||
&& EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx) |
||||
/* Get order */ |
||||
&& EC_GROUP_get_order(group, bn[5], ctx))) |
||||
goto end; |
||||
|
||||
/* |
||||
* Convert the bignum array to bytes that are joined together to form |
||||
* a single buffer that contains data for all fields. |
||||
* (p, a, b, x, y, order) are all zero padded to be the same size. |
||||
*/ |
||||
for (i = 0; i < NUM_BN_FIELDS; ++i) { |
||||
if (BN_bn2binpad(bn[i], ¶m_bytes[i*param_len], param_len) <= 0) |
||||
goto end; |
||||
} |
||||
|
||||
for (i = 0; i < curve_list_length; i++) { |
||||
const ec_list_element curve = curve_list[i]; |
||||
|
||||
data = curve.data; |
||||
/* Get the raw order byte data */ |
||||
params_seed = (const unsigned char *)(data + 1); /* skip header */ |
||||
params = params_seed + data->seed_len; |
||||
|
||||
/* Look for unique fields in the fixed curve data */ |
||||
if (data->field_type == field_type |
||||
&& param_len == data->param_len |
||||
&& (nid <= 0 || nid == curve.nid) |
||||
/* check the optional cofactor (ignore if its zero) */ |
||||
&& (BN_is_zero(cofactor) |
||||
|| BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor)) |
||||
/* Check the optional seed (ignore if its not set) */ |
||||
&& (data->seed_len == 0 || seed_len == 0 |
||||
|| ((size_t)data->seed_len == seed_len |
||||
&& memcmp(params_seed, seed, seed_len) == 0)) |
||||
/* Check that the groups params match the built-in curve params */ |
||||
&& memcmp(param_bytes, params, param_len * NUM_BN_FIELDS) |
||||
== 0) { |
||||
ret = curve.nid; |
||||
goto end; |
||||
} |
||||
} |
||||
/* Gets here if the group was not found */ |
||||
ret = NID_undef; |
||||
end: |
||||
OPENSSL_free(param_bytes); |
||||
BN_CTX_end(ctx); |
||||
return ret; |
||||
} |
@ -0,0 +1,26 @@
@@ -0,0 +1,26 @@
|
||||
#!/bin/bash |
||||
|
||||
if [ $# -ne 2 ] ; then |
||||
echo "Usage:" |
||||
echo " $0 <git-dir> <base-tag>" |
||||
exit 1 |
||||
fi |
||||
|
||||
git_dir="$1" |
||||
base_tag="$2" |
||||
|
||||
target_dir="$(pwd)" |
||||
|
||||
pushd "$git_dir" >/dev/null |
||||
git format-patch -k -o "$target_dir" "$base_tag" >/dev/null |
||||
popd >/dev/null |
||||
|
||||
echo "# Patches exported from source git" |
||||
|
||||
i=1 |
||||
for p in *.patch ; do |
||||
printf "# " |
||||
sed '/^Subject:/{s/^Subject: //;p};d' "$p" |
||||
printf "Patch%s: %s\n" $i "$p" |
||||
i=$(($i + 1)) |
||||
done |
@ -0,0 +1,40 @@
@@ -0,0 +1,40 @@
|
||||
#!/bin/sh |
||||
|
||||
# Quit out if anything fails. |
||||
set -e |
||||
|
||||
# Clean out patent-or-otherwise-encumbered code. |
||||
# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway |
||||
# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore |
||||
# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore |
||||
# EC: ????????? ??/??/2020 |
||||
# SRP: ????????? ??/??/2017 - expired, we do not remove it anymore |
||||
|
||||
# Remove assembler portions of IDEA, MDC2, and RC5. |
||||
# (find crypto/rc5/asm -type f | xargs -r rm -fv) |
||||
|
||||
for c in `find crypto/bn -name "*gf2m.c"`; do |
||||
echo Destroying $c |
||||
> $c |
||||
done |
||||
|
||||
for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c"`; do |
||||
echo Destroying $c |
||||
> $c |
||||
done |
||||
|
||||
for c in `find test -name "ectest.c"`; do |
||||
echo Destroying $c |
||||
> $c |
||||
done |
||||
|
||||
for h in `find crypto ssl apps test -name "*.h"` ; do |
||||
echo Removing EC2M references from $h |
||||
cat $h | \ |
||||
awk 'BEGIN {ech=1;} \ |
||||
/^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \ |
||||
/^#[ \t]*if/ {if(ech < 1) ech--;} \ |
||||
{if(ech>0) {;print $0};} \ |
||||
/^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \ |
||||
mv $h.hobbled $h |
||||
done |
@ -0,0 +1,28 @@
@@ -0,0 +1,28 @@
|
||||
#!/bin/sh |
||||
umask 077 |
||||
|
||||
answers() { |
||||
echo -- |
||||
echo SomeState |
||||
echo SomeCity |
||||
echo SomeOrganization |
||||
echo SomeOrganizationalUnit |
||||
echo localhost.localdomain |
||||
echo root@localhost.localdomain |
||||
} |
||||
|
||||
if [ $# -eq 0 ] ; then |
||||
echo $"Usage: `basename $0` filename [...]" |
||||
exit 0 |
||||
fi |
||||
|
||||
for target in $@ ; do |
||||
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` |
||||
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` |
||||
trap "rm -f $PEM1 $PEM2" SIGINT |
||||
answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null |
||||
cat $PEM1 > ${target} |
||||
echo "" >> ${target} |
||||
cat $PEM2 >> ${target} |
||||
rm -f $PEM1 $PEM2 |
||||
done |
Binary file not shown.
@ -0,0 +1,39 @@
@@ -0,0 +1,39 @@
|
||||
#!/bin/bash |
||||
|
||||
if [ $# -eq 0 ]; then |
||||
echo $"Usage: `basename $0` filename" 1>&2 |
||||
exit 1 |
||||
fi |
||||
|
||||
PEM=$1 |
||||
REQ=`/bin/mktemp /tmp/openssl.XXXXXX` |
||||
KEY=`/bin/mktemp /tmp/openssl.XXXXXX` |
||||
CRT=`/bin/mktemp /tmp/openssl.XXXXXX` |
||||
NEW=${PEM}_ |
||||
|
||||
trap "rm -f $REQ $KEY $CRT $NEW" SIGINT |
||||
|
||||
if [ ! -f $PEM ]; then |
||||
echo "$PEM: file not found" 1>&2 |
||||
exit 1 |
||||
fi |
||||
|
||||
umask 077 |
||||
|
||||
OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'` |
||||
|
||||
openssl rsa -inform pem -in $PEM -out $KEY |
||||
openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ |
||||
openssl x509 -req -in $REQ -signkey $KEY -days 365 \ |
||||
-extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT |
||||
|
||||
(cat $KEY ; echo "" ; cat $CRT) > $NEW |
||||
|
||||
chown $OWNER $NEW |
||||
|
||||
mv -f $NEW $PEM |
||||
|
||||
rm -f $REQ $KEY $CRT |
||||
|
||||
exit 0 |
||||
|
@ -0,0 +1,852 @@
@@ -0,0 +1,852 @@
|
||||
# For the curious: |
||||
# 0.9.8jk + EAP-FAST soversion = 8 |
||||
# 1.0.0 soversion = 10 |
||||
# 1.1.0 soversion = 1.1 (same as upstream although presence of some symbols |
||||
# depends on build configuration options) |
||||
# 3.0.0 soversion = 3 (same as upstream) |
||||
%define soversion 3 |
||||
|
||||
# Arches on which we need to prevent arch conflicts on opensslconf.h, must |
||||
# also be handled in opensslconf-new.h. |
||||
%define multilib_arches %{ix86} ia64 %{mips} ppc ppc64 s390 s390x sparcv9 sparc64 x86_64 |
||||
|
||||
%define srpmhash() %{lua: |
||||
local files = rpm.expand("%_specdir/openssl.spec") |
||||
for i, p in ipairs(patches) do |
||||
files = files.." "..p |
||||
end |
||||
for i, p in ipairs(sources) do |
||||
files = files.." "..p |
||||
end |
||||
local sha256sum = assert(io.popen("cat "..files.." 2>/dev/null | sha256sum")) |
||||
local hash = sha256sum:read("*a") |
||||
sha256sum:close() |
||||
print(string.sub(hash, 0, 16)) |
||||
} |
||||
|
||||
%global _performance_build 1 |
||||
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation |
||||
Name: openssl |
||||
Version: 3.0.1 |
||||
Release: 43%{?dist} |
||||
Epoch: 1 |
||||
# We have to remove certain patented algorithms from the openssl source |
||||
# tarball with the hobble-openssl script which is included below. |
||||
# The original openssl upstream tarball cannot be shipped in the .src.rpm. |
||||
Source: openssl-%{version}-hobbled.tar.xz |
||||
Source1: hobble-openssl |
||||
Source2: Makefile.certificate |
||||
Source3: genpatches |
||||
Source6: make-dummy-cert |
||||
Source7: renew-dummy-cert |
||||
Source9: configuration-switch.h |
||||
Source10: configuration-prefix.h |
||||
Source12: ec_curve.c |
||||
Source13: ectest.c |
||||
Source14: 0025-for-tests.patch |
||||
|
||||
# Patches exported from source git |
||||
# Aarch64 and ppc64le use lib64 |
||||
Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch |
||||
# Use more general default values in openssl.cnf |
||||
Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch |
||||
# Do not install html docs |
||||
Patch3: 0003-Do-not-install-html-docs.patch |
||||
# Override default paths for the CA directory tree |
||||
Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch |
||||
# apps/ca: fix md option help text |
||||
Patch5: 0005-apps-ca-fix-md-option-help-text.patch |
||||
# Disable signature verification with totally unsafe hash algorithms |
||||
Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch |
||||
# Add support for PROFILE=SYSTEM system default cipherlist |
||||
Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch |
||||
# Add FIPS_mode() compatibility macro |
||||
Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch |
||||
# Add check to see if fips flag is enabled in kernel |
||||
Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch |
||||
# remove unsupported EC curves |
||||
Patch11: 0011-Remove-EC-curves.patch |
||||
# Disable explicit EC curves |
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2066412 |
||||
Patch12: 0012-Disable-explicit-ec.patch |
||||
# https://github.com/openssl/openssl/pull/17981 |
||||
Patch13: 0013-FIPS-provider-explicit-ec.patch |
||||
# https://github.com/openssl/openssl/pull/17998 |
||||
Patch14: 0014-FIPS-disable-explicit-ec.patch |
||||
# https://github.com/openssl/openssl/pull/18609 |
||||
Patch15: 0015-FIPS-decoded-from-explicit.patch |
||||
# Instructions to load legacy provider in openssl.cnf |
||||
Patch24: 0024-load-legacy-prov.patch |
||||
# Tmp: test name change |
||||
Patch31: 0031-tmp-Fix-test-names.patch |
||||
# We load FIPS provider and set FIPS properties implicitly |
||||
Patch32: 0032-Force-fips.patch |
||||
# Embed HMAC into the fips.so |
||||
Patch33: 0033-FIPS-embed-hmac.patch |
||||
# Comment out fipsinstall command-line utility |
||||
Patch34: 0034.fipsinstall_disable.patch |
||||
# Skip unavailable algorithms running `openssl speed` |
||||
Patch35: 0035-speed-skip-unavailable-dgst.patch |
||||
# Extra public/private key checks required by FIPS-140-3 |
||||
Patch44: 0044-FIPS-140-3-keychecks.patch |
||||
# Minimize fips services |
||||
Patch45: 0045-FIPS-services-minimize.patch |
||||
# Backport of s390x hardening, https://github.com/openssl/openssl/pull/17486 |
||||
Patch46: 0046-FIPS-s390x-hardening.patch |
||||
# Execute KATS before HMAC verification |
||||
Patch47: 0047-FIPS-early-KATS.patch |
||||
# Backport of correctly handle 2^14 byte long records #17538 |
||||
Patch48: 0048-correctly-handle-records.patch |
||||
# Selectively disallow SHA1 signatures |
||||
Patch49: 0049-Selectively-disallow-SHA1-signatures.patch |
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2049265 |
||||
Patch50: 0050-FIPS-enable-pkcs12-mac.patch |
||||
# Backport of patch for RHEL for Edge rhbz #2027261 |
||||
Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch |
||||
# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes |
||||
Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch |
||||
# CVE 2022-0778 |
||||
Patch53: 0053-CVE-2022-0778.patch |
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2004915, backport of 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62 |
||||
Patch54: 0054-Replace-size-check-with-more-meaningful-pubkey-check.patch |
||||
# https://github.com/openssl/openssl/pull/17324 |
||||
Patch55: 0055-nonlegacy-fetch-null-deref.patch |
||||
# https://github.com/openssl/openssl/pull/18103 |
||||
Patch56: 0056-strcasecmp.patch |
||||
# https://github.com/openssl/openssl/pull/18175 |
||||
Patch57: 0057-strcasecmp-fix.patch |
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2053289 |
||||
Patch58: 0058-FIPS-limit-rsa-encrypt.patch |
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2069235 |
||||
Patch60: 0060-FIPS-KAT-signature-tests.patch |
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2087147 |
||||
Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch |
||||
Patch62: 0062-fips-Expose-a-FIPS-indicator.patch |
||||
# https://github.com/openssl/openssl/pull/18141 |
||||
Patch63: 0063-CVE-2022-1473.patch |
||||
# upstream commits 55c80c222293a972587004c185dc5653ae207a0e 2eda98790c5c2741d76d23cc1e74b0dc4f4b391a |
||||
Patch64: 0064-CVE-2022-1343.diff |
||||
# upstream commit 1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 |
||||
Patch65: 0065-CVE-2022-1292.patch |
||||
# https://github.com/openssl/openssl/pull/18444 |
||||
# https://github.com/openssl/openssl/pull/18467 |
||||
Patch66: 0066-replace-expired-certs.patch |
||||
# https://github.com/openssl/openssl/pull/18512 |
||||
Patch67: 0067-fix-ppc64-montgomery.patch |
||||
#https://github.com/openssl/openssl/commit/2c9c35870601b4a44d86ddbf512b38df38285cfa |
||||
#https://github.com/openssl/openssl/commit/8a3579a7b7067a983e69a4eda839ac408c120739 |
||||
Patch68: 0068-CVE-2022-2068.patch |
||||
# https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93 |
||||
# https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8 |
||||
Patch69: 0069-CVE-2022-2097.patch |
||||
# https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483 |
||||
Patch70: 0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch |
||||
# https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c |
||||
# https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd |
||||
Patch71: 0071-AES-GCM-performance-optimization.patch |
||||
# https://github.com/openssl/openssl/commit/f596bbe4da779b56eea34d96168b557d78e1149 |
||||
# https://github.com/openssl/openssl/commit/7e1f3ffcc5bc15fb9a12b9e3bb202f544c6ed5aa |
||||
# hunks in crypto/ppccap.c from https://github.com/openssl/openssl/commit/f5485b97b6c9977c0d39c7669b9f97a879312447 |
||||
Patch72: 0072-ChaCha20-performance-optimizations-for-ppc64le.patch |
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 |
||||
Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch |
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 |
||||
Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch |
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535 |
||||
Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch |
||||
# Downstream only. Reseed DRBG using getrandom(GRND_RANDOM) |
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2102541 |
||||
Patch76: 0076-FIPS-140-3-DRBG.patch |
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2102542 |
||||
Patch77: 0077-FIPS-140-3-zeroization.patch |
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2114772 |
||||
Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch |
||||
#https://bugzilla.redhat.com/show_bug.cgi?id=2137723 |
||||
Patch79: 0079-CVE-2022-3602.patch |
||||
|
||||
License: ASL 2.0 |
||||
URL: http://www.openssl.org/ |
||||
BuildRequires: gcc g++ |
||||
BuildRequires: coreutils, perl-interpreter, sed, zlib-devel, /usr/bin/cmp |
||||
BuildRequires: lksctp-tools-devel |
||||
BuildRequires: /usr/bin/rename |
||||
BuildRequires: /usr/bin/pod2man |
||||
BuildRequires: /usr/sbin/sysctl |
||||
BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt) |
||||
BuildRequires: perl(Module::Load::Conditional), perl(File::Temp) |
||||
BuildRequires: perl(Time::HiRes), perl(IPC::Cmd), perl(Pod::Html), perl(Digest::SHA) |
||||
BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy), perl(bigint) |
||||
BuildRequires: git-core |
||||
Requires: coreutils |
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} |
||||
|
||||
%description |
||||
The OpenSSL toolkit provides support for secure communications between |
||||
machines. OpenSSL includes a certificate management tool and shared |
||||
libraries which provide various cryptographic algorithms and |
||||
protocols. |
||||
|
||||
%package libs |
||||
Summary: A general purpose cryptography library with TLS implementation |
||||
Requires: ca-certificates >= 2008-5 |
||||
Requires: crypto-policies >= 20180730 |
||||
Recommends: openssl-pkcs11%{?_isa} |
||||
|
||||
%description libs |
||||
OpenSSL is a toolkit for supporting cryptography. The openssl-libs |
||||
package contains the libraries that are used by various applications which |
||||
support cryptographic algorithms and protocols. |
||||
|
||||
%package devel |
||||
Summary: Files for development of applications which will use OpenSSL |
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} |
||||
Requires: pkgconfig |
||||
|
||||
%description devel |
||||
OpenSSL is a toolkit for supporting cryptography. The openssl-devel |
||||
package contains include files needed to develop applications which |
||||
support various cryptographic algorithms and protocols. |
||||
|
||||
%package perl |
||||
Summary: Perl scripts provided with OpenSSL |
||||
Requires: perl-interpreter |
||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} |
||||
|
||||
%description perl |
||||
OpenSSL is a toolkit for supporting cryptography. The openssl-perl |
||||
package provides Perl scripts for converting certificates and keys |
||||
from other formats to the formats used by the OpenSSL toolkit. |
||||
|
||||
%prep |
||||
%autosetup -S git -n %{name}-%{version} |
||||
|
||||
# The hobble_openssl is called here redundantly, just to be sure. |
||||
# The tarball has already the sources removed. |
||||
%{SOURCE1} > /dev/null |
||||
|
||||
cp %{SOURCE12} crypto/ec/ |
||||
cp %{SOURCE13} test/ |
||||
|
||||
%build |
||||
# Figure out which flags we want to use. |
||||
# default |
||||
sslarch=%{_os}-%{_target_cpu} |
||||
%ifarch %ix86 |
||||
sslarch=linux-elf |
||||
if ! echo %{_target} | grep -q i686 ; then |
||||
sslflags="no-asm 386" |
||||
fi |
||||
%endif |
||||
%ifarch x86_64 |
||||
sslflags=enable-ec_nistp_64_gcc_128 |
||||
%endif |
||||
%ifarch sparcv9 |
||||
sslarch=linux-sparcv9 |
||||
sslflags=no-asm |
||||
%endif |
||||
%ifarch sparc64 |
||||
sslarch=linux64-sparcv9 |
||||
sslflags=no-asm |
||||
%endif |
||||
%ifarch alpha alphaev56 alphaev6 alphaev67 |
||||
sslarch=linux-alpha-gcc |
||||
%endif |
||||
%ifarch s390 sh3eb sh4eb |
||||
sslarch="linux-generic32 -DB_ENDIAN" |
||||
%endif |
||||
%ifarch s390x |
||||
sslarch="linux64-s390x" |
||||
%endif |
||||
%ifarch %{arm} |
||||
sslarch=linux-armv4 |
||||
%endif |
||||
%ifarch aarch64 |
||||
sslarch=linux-aarch64 |
||||
sslflags=enable-ec_nistp_64_gcc_128 |
||||
%endif |
||||
%ifarch sh3 sh4 |
||||
sslarch=linux-generic32 |
||||
%endif |
||||
%ifarch ppc64 ppc64p7 |
||||
sslarch=linux-ppc64 |
||||
%endif |
||||
%ifarch ppc64le |
||||
sslarch="linux-ppc64le" |
||||
sslflags=enable-ec_nistp_64_gcc_128 |
||||
%endif |
||||
%ifarch mips mipsel |
||||
sslarch="linux-mips32 -mips32r2" |
||||
%endif |
||||
%ifarch mips64 mips64el |
||||
sslarch="linux64-mips64 -mips64r2" |
||||
%endif |
||||
%ifarch mips64el |
||||
sslflags=enable-ec_nistp_64_gcc_128 |
||||
%endif |
||||
%ifarch riscv64 |
||||
sslarch=linux-generic64 |
||||
%endif |
||||
|
||||
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be |
||||
# marked as not requiring an executable stack. |
||||
# Also add -DPURIFY to make using valgrind with openssl easier as we do not |
||||
# want to depend on the uninitialized memory as a source of entropy anyway. |
||||
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS" |
||||
|
||||
export HASHBANGPERL=/usr/bin/perl |
||||
|
||||
%define fips %{version}-%{srpmhash} |
||||
# ia64, x86_64, ppc are OK by default |
||||
# Configure the build tree. Override OpenSSL defaults with known-good defaults |
||||
# usable on all platforms. The Configure script already knows to use -fPIC and |
||||
# RPM_OPT_FLAGS, so we can skip specifiying them here. |
||||
./Configure \ |
||||
--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ |
||||
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \ |
||||
zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ |
||||
enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\ |
||||
no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\ |
||||
shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""' |
||||
|
||||
# Do not run this in a production package the FIPS symbols must be patched-in |
||||
#util/mkdef.pl crypto update |
||||
|
||||
make %{?_smp_mflags} all |
||||
|
||||
# Clean up the .pc files |
||||
for i in libcrypto.pc libssl.pc openssl.pc ; do |
||||
sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i |
||||
done |
||||
|
||||
%check |
||||
# Verify that what was compiled actually works. |
||||
|
||||
# Hack - either enable SCTP AUTH chunks in kernel or disable sctp for check |
||||
(sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \ |
||||
(echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' && |
||||
sed '/"msan" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \ |
||||
touch -r configdata.pm configdata.pm.new && \ |
||||
mv -f configdata.pm.new configdata.pm) |
||||
|
||||
# We must revert patch4 before tests otherwise they will fail |
||||
patch -p1 -R < %{PATCH4} |
||||
#We must disable default provider before tests otherwise they will fail |
||||
patch -p1 < %{SOURCE14} |
||||
|
||||
OPENSSL_ENABLE_MD5_VERIFY= |
||||
export OPENSSL_ENABLE_MD5_VERIFY |
||||
OPENSSL_ENABLE_SHA1_SIGNATURES= |
||||
export OPENSSL_ENABLE_SHA1_SIGNATURES |
||||
OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file |
||||
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE |
||||
#embed HMAC into fips provider for test run |
||||
LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac |
||||
objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac |
||||
mv providers/fips.so.mac providers/fips.so |
||||
#run tests itself |
||||
make test HARNESS_JOBS=8 |
||||
|
||||
# Add generation of HMAC checksum of the final stripped library |
||||
# We manually copy standard definition of __spec_install_post |
||||
# and add hmac calculation/embedding to fips.so |
||||
%define __spec_install_post \ |
||||
%{?__debug_package:%{__debug_install_post}} \ |
||||
%{__arch_install_post} \ |
||||
%{__os_install_post} \ |
||||
LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so > $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \ |
||||
objcopy --update-section .rodata1=$RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac \ |
||||
mv $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so \ |
||||
rm $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \ |
||||
%{nil} |
||||
|
||||
%define __provides_exclude_from %{_libdir}/openssl |
||||
|
||||
%install |
||||
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT |
||||
# Install OpenSSL. |
||||
install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl,%{_pkgdocdir}} |
||||
%make_install |
||||
rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion} |
||||
for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do |
||||
chmod 755 ${lib} |
||||
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}` |
||||
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion} |
||||
done |
||||
|
||||
# Remove static libraries |
||||
for lib in $RPM_BUILD_ROOT%{_libdir}/*.a ; do |
||||
rm -f ${lib} |
||||
done |
||||
|
||||
# Install a makefile for generating keys and self-signed certs, and a script |
||||
# for generating them on the fly. |
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs |
||||
install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate |
||||
install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_bindir}/make-dummy-cert |
||||
install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/renew-dummy-cert |
||||
|
||||
# Move runable perl scripts to bindir |
||||
mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/*.pl $RPM_BUILD_ROOT%{_bindir} |
||||
mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir} |
||||
|
||||
# Rename man pages so that they don't conflict with other system man pages. |
||||
pushd $RPM_BUILD_ROOT%{_mandir} |
||||
mv man5/config.5ossl man5/openssl.cnf.5 |
||||
popd |
||||
|
||||
mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA |
||||
mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private |
||||
mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/certs |
||||
mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/crl |
||||
mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts |
||||
|
||||
# Ensure the config file timestamps are identical across builds to avoid |
||||
# mulitlib conflicts and unnecessary renames on upgrade |
||||
touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf |
||||
touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf |
||||
|
||||
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist |
||||
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist |
||||
#we don't use native fipsmodule.cnf because FIPS module is loaded automatically |
||||
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/fipsmodule.cnf |
||||
|
||||
# Determine which arch opensslconf.h is going to try to #include. |
||||
basearch=%{_arch} |
||||
%ifarch %{ix86} |
||||
basearch=i386 |
||||
%endif |
||||
%ifarch sparcv9 |
||||
basearch=sparc |
||||
%endif |
||||
%ifarch sparc64 |
||||
basearch=sparc64 |
||||
%endif |
||||
|
||||
# Next step of gradual disablement of SSL3. |
||||
# Make SSL3 disappear to newly built dependencies. |
||||
sed -i '/^\#ifndef OPENSSL_NO_SSL_TRACE/i\ |
||||
#ifndef OPENSSL_NO_SSL3\ |
||||
# define OPENSSL_NO_SSL3\ |
||||
#endif' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h |
||||
|
||||
%ifarch %{multilib_arches} |
||||
# Do an configuration.h switcheroo to avoid file conflicts on systems where you |
||||
# can have both a 32- and 64-bit version of the library, and they each need |
||||
# their own correct-but-different versions of opensslconf.h to be usable. |
||||
install -m644 %{SOURCE10} \ |
||||
$RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration-${basearch}.h |
||||
cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h >> \ |
||||
$RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration-${basearch}.h |
||||
install -m644 %{SOURCE9} \ |
||||
$RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h |
||||
%endif |
||||
|
||||
%files |
||||
%{!?_licensedir:%global license %%doc} |
||||
%license LICENSE.txt |
||||
%doc NEWS.md README.md |
||||
%{_bindir}/make-dummy-cert |
||||
%{_bindir}/renew-dummy-cert |
||||
%{_bindir}/openssl |
||||
%{_mandir}/man1/* |
||||
%{_mandir}/man5/* |
||||
%{_mandir}/man7/* |
||||
%{_pkgdocdir}/Makefile.certificate |
||||
%exclude %{_mandir}/man1/*.pl* |
||||
%exclude %{_mandir}/man1/tsget* |
||||
|
||||
%files libs |
||||
%{!?_licensedir:%global license %%doc} |
||||
%license LICENSE.txt |
||||
%dir %{_sysconfdir}/pki/tls |
||||
%dir %{_sysconfdir}/pki/tls/certs |
||||
%dir %{_sysconfdir}/pki/tls/misc |
||||
%dir %{_sysconfdir}/pki/tls/private |
||||
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf |
||||
%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf |
||||
%attr(0755,root,root) %{_libdir}/libcrypto.so.%{version} |
||||
%{_libdir}/libcrypto.so.%{soversion} |
||||
%attr(0755,root,root) %{_libdir}/libssl.so.%{version} |
||||
%{_libdir}/libssl.so.%{soversion} |
||||
%attr(0755,root,root) %{_libdir}/engines-%{soversion} |
||||
%attr(0755,root,root) %{_libdir}/ossl-modules |
||||
|
||||
%files devel |
||||
%doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el |
||||
%{_prefix}/include/openssl |
||||
%{_libdir}/*.so |
||||
%{_mandir}/man3/* |
||||
%{_libdir}/pkgconfig/*.pc |
||||
|
||||
%files perl |
||||
%{_bindir}/c_rehash |
||||
%{_bindir}/*.pl |
||||
%{_bindir}/tsget |
||||
%{_mandir}/man1/*.pl* |
||||
%{_mandir}/man1/tsget* |
||||
%dir %{_sysconfdir}/pki/CA |
||||
%dir %{_sysconfdir}/pki/CA/private |
||||
%dir %{_sysconfdir}/pki/CA/certs |
||||
%dir %{_sysconfdir}/pki/CA/crl |
||||
%dir %{_sysconfdir}/pki/CA/newcerts |
||||
|
||||
%ldconfig_scriptlets libs |
||||
|
||||
%changelog |
||||
* Wed Oct 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43 |
||||
- CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests |
||||
Resolves: CVE-2022-3602 |
||||
|
||||
* Wed Oct 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-42 |
||||
- CVE-2022-3602: X.509 Email Address Buffer Overflow |
||||
Resolves: CVE-2022-3602 |
||||
|
||||
* Thu Aug 11 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-41 |
||||
- Zeroize public keys as required by FIPS 140-3 |
||||
Resolves: rhbz#2115861 |
||||
- Add FIPS indicator for HKDF |
||||
Resolves: rhbz#2118388 |
||||
|
||||
* Fri Aug 05 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-40 |
||||
- Deal with DH keys in FIPS mode according FIPS-140-3 requirements |
||||
Related: rhbz#2115856 |
||||
- Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements |
||||
Related: rhbz#2115857 |
||||
- Use signature for RSA pairwise test according FIPS-140-3 requirements |
||||
Related: rhbz#2115858 |
||||
- Reseed all the parent DRBGs in chain on reseeding a DRBG |
||||
Related: rhbz#2115859 |
||||
- Zeroization according to FIPS-140-3 requirements |
||||
Related: rhbz#2115861 |
||||
|
||||
* Mon Aug 01 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-39 |
||||
- Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test |
||||
- Use Use digest_sign & digest_verify in FIPS signature self test |
||||
- Use FFDHE2048 in Diffie-Hellman FIPS self-test |
||||
Resolves: rhbz#2112978 |
||||
|
||||
* Thu Jul 14 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-38 |
||||
- Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously |
||||
initialized. |
||||
Resolves: rhbz#2107530 |
||||
- Improve AES-GCM performance on Power9 and Power10 ppc64le |
||||
Resolves: rhbz#2103044 |
||||
- Improve ChaCha20 performance on Power10 ppc64le |
||||
Resolves: rhbz#2103044 |
||||
|
||||
* Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-37 |
||||
- CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 |
||||
Resolves: CVE-2022-2097 |
||||
|
||||
* Thu Jun 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-36 |
||||
- Ciphersuites with RSAPSK KX should be filterd in FIPS mode |
||||
- Related: rhbz#2091994 |
||||
- FIPS provider should block RSA encryption for key transport. |
||||
- Other RSA encryption options should still be available if key length is enough |
||||
- Related: rhbz#2091977 |
||||
- Improve diagnostics when passing unsupported groups in TLS |
||||
- Related: rhbz#2086554 |
||||
- Fix PPC64 Montgomery multiplication bug |
||||
- Related: rhbz#2101346 |
||||
- Strict certificates validation shouldn't allow explicit EC parameters |
||||
- Related: rhbz#2085521 |
||||
- CVE-2022-2068: the c_rehash script allows command injection |
||||
- Related: rhbz#2098276 |
||||
|
||||
* Wed Jun 08 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-35 |
||||
- Add explicit indicators for signatures in FIPS mode and mark signature |
||||
primitives as unapproved. |
||||
Resolves: rhbz#2087234 |
||||
|
||||
* Fri Jun 03 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-34 |
||||
- Some OpenSSL test certificates are expired, updating |
||||
- Resolves: rhbz#2095696 |
||||
|
||||
* Thu May 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-33 |
||||
- CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory |
||||
- Resolves: rhbz#2089443 |
||||
- CVE-2022-1343 openssl: Signer certificate verification returned |
||||
inaccurate response when using OCSP_NOCHECKS |
||||
- Resolves: rhbz#2089439 |
||||
- CVE-2022-1292 openssl: c_rehash script allows command injection |
||||
- Resolves: rhbz#2090361 |
||||
- Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode" |
||||
Related: rhbz#2087234 |
||||
- Use KAT for ECDSA signature tests, s390 arch |
||||
- Resolves: rhbz#2086866 |
||||
|
||||
* Thu May 19 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-32 |
||||
- `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode |
||||
- Resolves: rhbz#2091929 |
||||
- Ciphersuites with RSA KX should be filterd in FIPS mode |
||||
- Related: rhbz#2091994 |
||||
- In FIPS mode, signature verification works with keys of arbitrary size |
||||
above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys |
||||
below 2048 bits |
||||
- Resolves: rhbz#2091938 |
||||
|
||||
* Wed May 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-31 |
||||
- Disable SHA-1 signature verification in FIPS mode |
||||
- Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode |
||||
Resolves: rhbz#2087234 |
||||
|
||||
* Mon May 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-30 |
||||
- Use KAT for ECDSA signature tests |
||||
- Resolves: rhbz#2086866 |
||||
|
||||
* Thu May 12 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-29 |
||||
- `-config` argument of openssl app should work properly in FIPS mode |
||||
- Resolves: rhbz#2085500 |
||||
- openssl req defaults on PKCS#8 encryption changed to AES-256-CBC |
||||
- Resolves: rhbz#2085499 |
||||
|
||||
* Fri May 06 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-28 |
||||
- OpenSSL should not accept custom elliptic curve parameters |
||||
- Resolves rhbz#2085508 |
||||
- OpenSSL should not accept explicit curve parameters in FIPS mode |
||||
- Resolves rhbz#2085521 |
||||
|
||||
* Fri May 06 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-27 |
||||
- Change FIPS module version to include hash of specfile, patches and sources |
||||
Resolves: rhbz#2082585 |
||||
|
||||
* Thu May 05 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-26 |
||||
- OpenSSL FIPS module should not build in non-approved algorithms |
||||
Resolves: rhbz#2082584 |
||||
|
||||
* Mon May 02 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-25 |
||||
- FIPS provider should block RSA encryption for key transport. |
||||
- Other RSA encryption options should still be available |
||||
- Resolves: rhbz#2053289 |
||||
|
||||
* Mon May 02 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-24 |
||||
- Fix occasional internal error in TLS when DHE is used |
||||
Resolves: rhbz#2080323 |
||||
|
||||
* Tue Apr 26 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-23 |
||||
- Update missing initialization patch with feedback from upstream |
||||
Resolves: rhbz#2076654 |
||||
|
||||
* Fri Apr 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-22 |
||||
- Invocation of the missing initialization |
||||
- Resolves: rhbz#2076654 |
||||
|
||||
* Wed Apr 20 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-21 |
||||
- Fix openssl curl error with LANG=tr_TR.utf8 |
||||
- Resolves: rhbz#2076654 |
||||
|
||||
* Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-20 |
||||
- Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when |
||||
no OpenSSL library context is set |
||||
- Resolves: rhbz#2063306 |
||||
|
||||
* Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-19 |
||||
- Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes |
||||
- Resolves: rhbz#2063306 |
||||
|
||||
* Wed Mar 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-18 |
||||
- CVE-2022-0778 fix |
||||
- Resolves: rhbz#2062314 |
||||
|
||||
* Thu Mar 10 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-15.1 |
||||
- Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before |
||||
setting an allowed digest with EVP_PKEY_CTX_set_signature_md() |
||||
- Resolves: rhbz#2061607 |
||||
|
||||
* Tue Mar 01 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-14.1 |
||||
- Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes |
||||
- Resolves: rhbz#2031742 |
||||
|
||||
* Fri Feb 25 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-14 |
||||
- Prevent use of SHA1 with ECDSA |
||||
- Resolves: rhbz#2031742 |
||||
|
||||
* Fri Feb 25 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-13 |
||||
- OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters |
||||
- Resolves: rhbz#1977867 |
||||
|
||||
* Thu Feb 24 2022 Peter Robinson <pbrobinson@fedoraproject.org> - 1:3.0.1-12 |
||||
- Support KBKDF (NIST SP800-108) with an R value of 8bits |
||||
- Resolves: rhbz#2027261 |
||||
|
||||
* Wed Feb 23 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-11 |
||||
- Allow SHA1 usage in MGF1 for RSASSA-PSS signatures |
||||
- Resolves: rhbz#2031742 |
||||
|
||||
* Wed Feb 23 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-10 |
||||
- rebuilt |
||||
|
||||
* Tue Feb 22 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-9 |
||||
- Allow SHA1 usage in HMAC in TLS |
||||
- Resolves: rhbz#2031742 |
||||
|
||||
* Tue Feb 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-8 |
||||
- OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters |
||||
- Resolves: rhbz#1977867 |
||||
- pkcs12 export broken in FIPS mode |
||||
- Resolves: rhbz#2049265 |
||||
|
||||
* Tue Feb 22 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-8 |
||||
- Disable SHA1 signature creation and verification by default |
||||
- Set rh-allow-sha1-signatures = yes to re-enable |
||||
- Resolves: rhbz#2031742 |
||||
|
||||
* Thu Feb 03 2022 Sahana Prasad <sahana@redhat.com> - 1:3.0.1-7 |
||||
- s_server: correctly handle 2^14 byte long records |
||||
- Resolves: rhbz#2042011 |
||||
|
||||
* Tue Feb 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-6 |
||||
- Adjust FIPS provider version |
||||
- Related: rhbz#2026445 |
||||
|
||||
* Wed Jan 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-5 |
||||
- On the s390x, zeroize all the copies of TLS premaster secret |
||||
- Related: rhbz#2040448 |
||||
|
||||
* Fri Jan 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-4 |
||||
- rebuilt |
||||
|
||||
* Fri Jan 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-3 |
||||
- KATS tests should be executed before HMAC verification |
||||
- Restoring fips=yes for SHA1 |
||||
- Related: rhbz#2026445, rhbz#2041994 |
||||
|
||||
* Thu Jan 20 2022 Sahana Prasad <sahana@redhat.com> - 1:3.0.1-2 |
||||
- Add enable-buildtest-c++ to the configure options. |
||||
- Related: rhbz#1990814 |
||||
|
||||
* Tue Jan 18 2022 Sahana Prasad <sahana@redhat.com> - 1:3.0.1-1 |
||||
- Rebase to upstream version 3.0.1 |
||||
- Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl |
||||
- Resolves: rhbz#2038910, rhbz#2035148 |
||||
|
||||
* Mon Jan 17 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-7 |
||||
- Remove algorithms we don't plan to certify from fips module |
||||
- Remove native fipsmodule.cnf |
||||
- Related: rhbz#2026445 |
||||
|
||||
* Tue Dec 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-6 |
||||
- openssl speed should run in FIPS mode |
||||
- Related: rhbz#1977318 |
||||
|
||||
* Wed Nov 24 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-5 |
||||
- rebuilt for spec cleanup |
||||
- Related: rhbz#1985362 |
||||
|
||||
* Thu Nov 18 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-4 |
||||
- Embed FIPS HMAC in fips.so |
||||
- Enforce loading FIPS provider when FIPS kernel flag is on |
||||
- Related: rhbz#1985362 |
||||
|
||||
* Thu Oct 07 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-3 |
||||
- Fix memory leak in s_client |
||||
- Related: rhbz#1996092 |
||||
|
||||
* Mon Sep 20 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-2 |
||||
- Avoid double-free on error seeding the RNG. |
||||
- KTLS and FIPS may interfere, so tests need to be tuned |
||||
- Resolves: rhbz#1952844, rhbz#1961643 |
||||
|
||||
* Thu Sep 09 2021 Sahana Prasad <sahana@redhat.com> - 1:3.0.0-1 |
||||
- Rebase to upstream version 3.0.0 |
||||
- Related: rhbz#1990814 |
||||
|
||||
* Wed Aug 25 2021 Sahana Prasad <sahana@redhat.com> - 1:3.0.0-0.beta2.7 |
||||
- Removes the dual-abi build as it not required anymore. The mass rebuild |
||||
was completed and all packages are rebuilt against Beta version. |
||||
- Resolves: rhbz#1984097 |
||||
|
||||
* Mon Aug 23 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-0.beta2.6 |
||||
- Correctly process CMS reading from /dev/stdin |
||||
- Resolves: rhbz#1986315 |
||||
|
||||
* Mon Aug 16 2021 Sahana Prasad <sahana@redhat.com> - 3.0.0-0.beta2.5 |
||||
- Add instruction for loading legacy provider in openssl.cnf |
||||
- Resolves: rhbz#1975836 |
||||
|
||||
* Mon Aug 16 2021 Sahana Prasad <sahana@redhat.com> - 3.0.0-0.beta2.4 |
||||
- Adds support for IDEA encryption. |
||||
- Resolves: rhbz#1990602 |
||||
|
||||
* Tue Aug 10 2021 Sahana Prasad <sahana@redhat.com> - 3.0.0-0.beta2.3 |
||||
- Fixes core dump in openssl req -modulus |
||||
- Fixes 'openssl req' to not ask for password when non-encrypted private key |
||||
is used |
||||
- cms: Do not try to check binary format on stdin and -rctform fix |
||||
- Resolves: rhbz#1988137, rhbz#1988468, rhbz#1988137 |
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:3.0.0-0.beta2.2.1 |
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags |
||||
Related: rhbz#1991688 |
||||
|
||||
* Wed Aug 04 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 3.0.0-0.beta2.2 |
||||
- When signature_algorithm extension is omitted, use more relevant alerts |
||||
- Resolves: rhbz#1965017 |
||||
|
||||
* Tue Aug 03 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta2.1 |
||||
- Rebase to upstream version beta2 |
||||
- Related: rhbz#1903209 |
||||
|
||||
* Thu Jul 22 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.5 |
||||
- Prevents creation of duplicate cert entries in PKCS #12 files |
||||
- Resolves: rhbz#1978670 |
||||
|
||||
* Wed Jul 21 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.4 |
||||
- NVR bump to update to OpenSSL 3.0 Beta1 |
||||
|
||||
* Mon Jul 19 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.3 |
||||
- Update patch dual-abi.patch to add the #define macros in implementation |
||||
files instead of public header files |
||||
|
||||
* Wed Jul 14 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.2 |
||||
- Removes unused patch dual-abi.patch |
||||
|
||||
* Wed Jul 14 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.1 |
||||
- Update to Beta1 version |
||||
- Includes a patch to support dual-ABI, as Beta1 brekas ABI with alpha16 |
||||
|
||||
* Tue Jul 06 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.7 |
||||
- Fixes override of openssl_conf in openssl.cnf |
||||
- Use AI_ADDRCONFIG only when explicit host name is given |
||||
- Temporarily remove fipsmodule.cnf for arch i686 |
||||
- Fixes segmentation fault in BN_lebin2bn |
||||
- Resolves: rhbz#1975847, rhbz#1976845, rhbz#1973477, rhbz#1975855 |
||||
|
||||
* Fri Jul 02 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.6 |
||||
- Adds FIPS mode compatibility patch (sahana@redhat.com) |
||||
- Related: rhbz#1977318 |
||||
|
||||
* Fri Jul 02 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.5 |
||||
- Fixes system hang issue when booted in FIPS mode (sahana@redhat.com) |
||||
- Temporarily disable downstream FIPS patches |
||||
- Related: rhbz#1977318 |
||||
|
||||
* Fri Jun 11 2021 Mohan Boddu <mboddu@redhat.com> 3.0.0-0.alpha16.4 |
||||
- Speeding up building openssl (dbelyavs@redhat.com) |
||||
Resolves: rhbz#1903209 |
||||
|
||||
* Fri Jun 04 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.3 |
||||
- Fix reading SPKAC data from stdin |
||||
- Fix incorrect OSSL_PKEY_PARAM_MAX_SIZE for ed25519 and ed448 |
||||
- Return 0 after cleanup in OPENSSL_init_crypto() |
||||
- Cleanup the peer point formats on regotiation |
||||
- Fix default digest to SHA256 |
||||
|
||||
* Thu May 27 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.2 |
||||
- Enable FIPS via config options |
||||
|
||||
* Mon May 17 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.1 |
||||
- Update to alpha 16 version |
||||
Resolves: rhbz#1952901 openssl sends alert after orderly connection close |
||||
|
||||
* Mon Apr 26 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha15.1 |
||||
- Update to alpha 15 version |
||||
Resolves: rhbz#1903209, rhbz#1952598, |
||||
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:3.0.0-0.alpha13.1.1 |
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 |
||||
|
||||
* Fri Apr 09 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha13.1 |
||||
- Update to new major release OpenSSL 3.0.0 alpha 13 |
||||
Resolves: rhbz#1903209 |
Loading…
Reference in new issue