forked from rpms/openssl
import openssl-1.1.1g-9.el8
This commit is contained in:
parent
ed72945b4b
commit
412876a99c
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/openssl-1.1.1c-hobbled.tar.xz
|
||||
SOURCES/openssl-1.1.1g-hobbled.tar.xz
|
||||
|
@ -1 +1 @@
|
||||
a85056adf2c2402e808bbe3201f6e473cfa8c214 SOURCES/openssl-1.1.1c-hobbled.tar.xz
|
||||
b55517bdc9aa61627a9896c1a3a156d5f6a4348f SOURCES/openssl-1.1.1g-hobbled.tar.xz
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
@ -9,7 +9,7 @@
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
#include "ec_lcl.h"
|
||||
#include "ec_local.h"
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/obj_mac.h>
|
||||
#include <openssl/opensslconf.h>
|
||||
@ -468,3 +468,115 @@ int EC_curve_nist2nid(const char *name)
|
||||
}
|
||||
return NID_undef;
|
||||
}
|
||||
|
||||
#define NUM_BN_FIELDS 6
|
||||
/*
|
||||
* Validates EC domain parameter data for known named curves.
|
||||
* This can be used when a curve is loaded explicitly (without a curve
|
||||
* name) or to validate that domain parameters have not been modified.
|
||||
*
|
||||
* Returns: The nid associated with the found named curve, or NID_undef
|
||||
* if not found. If there was an error it returns -1.
|
||||
*/
|
||||
int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
|
||||
{
|
||||
int ret = -1, nid, len, field_type, param_len;
|
||||
size_t i, seed_len;
|
||||
const unsigned char *seed, *params_seed, *params;
|
||||
unsigned char *param_bytes = NULL;
|
||||
const EC_CURVE_DATA *data;
|
||||
const EC_POINT *generator = NULL;
|
||||
const EC_METHOD *meth;
|
||||
const BIGNUM *cofactor = NULL;
|
||||
/* An array of BIGNUMs for (p, a, b, x, y, order) */
|
||||
BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL};
|
||||
|
||||
meth = EC_GROUP_method_of(group);
|
||||
if (meth == NULL)
|
||||
return -1;
|
||||
/* Use the optional named curve nid as a search field */
|
||||
nid = EC_GROUP_get_curve_name(group);
|
||||
field_type = EC_METHOD_get_field_type(meth);
|
||||
seed_len = EC_GROUP_get_seed_len(group);
|
||||
seed = EC_GROUP_get0_seed(group);
|
||||
cofactor = EC_GROUP_get0_cofactor(group);
|
||||
|
||||
BN_CTX_start(ctx);
|
||||
|
||||
/*
|
||||
* The built-in curves contains data fields (p, a, b, x, y, order) that are
|
||||
* all zero-padded to be the same size. The size of the padding is
|
||||
* determined by either the number of bytes in the field modulus (p) or the
|
||||
* EC group order, whichever is larger.
|
||||
*/
|
||||
param_len = BN_num_bytes(group->order);
|
||||
len = BN_num_bytes(group->field);
|
||||
if (len > param_len)
|
||||
param_len = len;
|
||||
|
||||
/* Allocate space to store the padded data for (p, a, b, x, y, order) */
|
||||
param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS);
|
||||
if (param_bytes == NULL)
|
||||
goto end;
|
||||
|
||||
/* Create the bignums */
|
||||
for (i = 0; i < NUM_BN_FIELDS; ++i) {
|
||||
if ((bn[i] = BN_CTX_get(ctx)) == NULL)
|
||||
goto end;
|
||||
}
|
||||
/*
|
||||
* Fill in the bn array with the same values as the internal curves
|
||||
* i.e. the values are p, a, b, x, y, order.
|
||||
*/
|
||||
/* Get p, a & b */
|
||||
if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx)
|
||||
&& ((generator = EC_GROUP_get0_generator(group)) != NULL)
|
||||
/* Get x & y */
|
||||
&& EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx)
|
||||
/* Get order */
|
||||
&& EC_GROUP_get_order(group, bn[5], ctx)))
|
||||
goto end;
|
||||
|
||||
/*
|
||||
* Convert the bignum array to bytes that are joined together to form
|
||||
* a single buffer that contains data for all fields.
|
||||
* (p, a, b, x, y, order) are all zero padded to be the same size.
|
||||
*/
|
||||
for (i = 0; i < NUM_BN_FIELDS; ++i) {
|
||||
if (BN_bn2binpad(bn[i], ¶m_bytes[i*param_len], param_len) <= 0)
|
||||
goto end;
|
||||
}
|
||||
|
||||
for (i = 0; i < curve_list_length; i++) {
|
||||
const ec_list_element curve = curve_list[i];
|
||||
|
||||
data = curve.data;
|
||||
/* Get the raw order byte data */
|
||||
params_seed = (const unsigned char *)(data + 1); /* skip header */
|
||||
params = params_seed + data->seed_len;
|
||||
|
||||
/* Look for unique fields in the fixed curve data */
|
||||
if (data->field_type == field_type
|
||||
&& param_len == data->param_len
|
||||
&& (nid <= 0 || nid == curve.nid)
|
||||
/* check the optional cofactor (ignore if its zero) */
|
||||
&& (BN_is_zero(cofactor)
|
||||
|| BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor))
|
||||
/* Check the optional seed (ignore if its not set) */
|
||||
&& (data->seed_len == 0 || seed_len == 0
|
||||
|| ((size_t)data->seed_len == seed_len
|
||||
&& memcmp(params_seed, seed, seed_len) == 0))
|
||||
/* Check that the groups params match the built-in curve params */
|
||||
&& memcmp(param_bytes, params, param_len * NUM_BN_FIELDS)
|
||||
== 0) {
|
||||
ret = curve.nid;
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
/* Gets here if the group was not found */
|
||||
ret = NID_undef;
|
||||
end:
|
||||
OPENSSL_free(param_bytes);
|
||||
BN_CTX_end(ctx);
|
||||
return ret;
|
||||
}
|
||||
|
550
SOURCES/ectest.c
550
SOURCES/ectest.c
@ -844,6 +844,271 @@ static const unsigned char p521_explicit[] = {
|
||||
0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01,
|
||||
};
|
||||
|
||||
/*
|
||||
* Sometime we cannot compare nids for equality, as the built-in curve table
|
||||
* includes aliases with different names for the same curve.
|
||||
*
|
||||
* This function returns TRUE (1) if the checked nids are identical, or if they
|
||||
* alias to the same curve. FALSE (0) otherwise.
|
||||
*/
|
||||
static ossl_inline
|
||||
int are_ec_nids_compatible(int n1d, int n2d)
|
||||
{
|
||||
int ret = 0;
|
||||
switch (n1d) {
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
case NID_sect113r1:
|
||||
case NID_wap_wsg_idm_ecid_wtls4:
|
||||
ret = (n2d == NID_sect113r1 || n2d == NID_wap_wsg_idm_ecid_wtls4);
|
||||
break;
|
||||
case NID_sect163k1:
|
||||
case NID_wap_wsg_idm_ecid_wtls3:
|
||||
ret = (n2d == NID_sect163k1 || n2d == NID_wap_wsg_idm_ecid_wtls3);
|
||||
break;
|
||||
case NID_sect233k1:
|
||||
case NID_wap_wsg_idm_ecid_wtls10:
|
||||
ret = (n2d == NID_sect233k1 || n2d == NID_wap_wsg_idm_ecid_wtls10);
|
||||
break;
|
||||
case NID_sect233r1:
|
||||
case NID_wap_wsg_idm_ecid_wtls11:
|
||||
ret = (n2d == NID_sect233r1 || n2d == NID_wap_wsg_idm_ecid_wtls11);
|
||||
break;
|
||||
case NID_X9_62_c2pnb163v1:
|
||||
case NID_wap_wsg_idm_ecid_wtls5:
|
||||
ret = (n2d == NID_X9_62_c2pnb163v1
|
||||
|| n2d == NID_wap_wsg_idm_ecid_wtls5);
|
||||
break;
|
||||
# endif /* OPENSSL_NO_EC2M */
|
||||
case NID_secp112r1:
|
||||
case NID_wap_wsg_idm_ecid_wtls6:
|
||||
ret = (n2d == NID_secp112r1 || n2d == NID_wap_wsg_idm_ecid_wtls6);
|
||||
break;
|
||||
case NID_secp160r2:
|
||||
case NID_wap_wsg_idm_ecid_wtls7:
|
||||
ret = (n2d == NID_secp160r2 || n2d == NID_wap_wsg_idm_ecid_wtls7);
|
||||
break;
|
||||
# ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
case NID_secp224r1:
|
||||
case NID_wap_wsg_idm_ecid_wtls12:
|
||||
ret = (n2d == NID_secp224r1 || n2d == NID_wap_wsg_idm_ecid_wtls12);
|
||||
break;
|
||||
# else
|
||||
/*
|
||||
* For SEC P-224 we want to ensure that the SECP nid is returned, as
|
||||
* that is associated with a specialized method.
|
||||
*/
|
||||
case NID_wap_wsg_idm_ecid_wtls12:
|
||||
ret = (n2d == NID_secp224r1);
|
||||
break;
|
||||
# endif /* def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
|
||||
|
||||
default:
|
||||
ret = (n1d == n2d);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* This checks that EC_GROUP_bew_from_ecparameters() returns a "named"
|
||||
* EC_GROUP for built-in curves.
|
||||
*
|
||||
* Note that it is possible to retrieve an alternative alias that does not match
|
||||
* the original nid.
|
||||
*
|
||||
* Ensure that the OPENSSL_EC_EXPLICIT_CURVE ASN1 flag is set.
|
||||
*/
|
||||
static int check_named_curve_from_ecparameters(int id)
|
||||
{
|
||||
int ret = 0, nid, tnid;
|
||||
EC_GROUP *group = NULL, *tgroup = NULL, *tmpg = NULL;
|
||||
const EC_POINT *group_gen = NULL;
|
||||
EC_POINT *other_gen = NULL;
|
||||
BIGNUM *group_cofactor = NULL, *other_cofactor = NULL;
|
||||
BIGNUM *other_gen_x = NULL, *other_gen_y = NULL;
|
||||
const BIGNUM *group_order = NULL;
|
||||
BIGNUM *other_order = NULL;
|
||||
BN_CTX *bn_ctx = NULL;
|
||||
static const unsigned char invalid_seed[] = "THIS IS NOT A VALID SEED";
|
||||
static size_t invalid_seed_len = sizeof(invalid_seed);
|
||||
ECPARAMETERS *params = NULL, *other_params = NULL;
|
||||
EC_GROUP *g_ary[8] = {NULL};
|
||||
EC_GROUP **g_next = &g_ary[0];
|
||||
ECPARAMETERS *p_ary[8] = {NULL};
|
||||
ECPARAMETERS **p_next = &p_ary[0];
|
||||
|
||||
/* Do some setup */
|
||||
nid = curves[id].nid;
|
||||
TEST_note("Curve %s", OBJ_nid2sn(nid));
|
||||
if (!TEST_ptr(bn_ctx = BN_CTX_new()))
|
||||
return ret;
|
||||
BN_CTX_start(bn_ctx);
|
||||
|
||||
if (/* Allocations */
|
||||
!TEST_ptr(group_cofactor = BN_CTX_get(bn_ctx))
|
||||
|| !TEST_ptr(other_gen_x = BN_CTX_get(bn_ctx))
|
||||
|| !TEST_ptr(other_gen_y = BN_CTX_get(bn_ctx))
|
||||
|| !TEST_ptr(other_order = BN_CTX_get(bn_ctx))
|
||||
|| !TEST_ptr(other_cofactor = BN_CTX_get(bn_ctx))
|
||||
/* Generate reference group and params */
|
||||
|| !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))
|
||||
|| !TEST_ptr(params = EC_GROUP_get_ecparameters(group, NULL))
|
||||
|| !TEST_ptr(group_gen = EC_GROUP_get0_generator(group))
|
||||
|| !TEST_ptr(group_order = EC_GROUP_get0_order(group))
|
||||
|| !TEST_true(EC_GROUP_get_cofactor(group, group_cofactor, NULL))
|
||||
/* compute `other_*` values */
|
||||
|| !TEST_ptr(tmpg = EC_GROUP_dup(group))
|
||||
|| !TEST_ptr(other_gen = EC_POINT_dup(group_gen, group))
|
||||
|| !TEST_true(EC_POINT_add(group, other_gen, group_gen, group_gen, NULL))
|
||||
|| !TEST_true(EC_POINT_get_affine_coordinates(group, other_gen,
|
||||
other_gen_x, other_gen_y, bn_ctx))
|
||||
|| !TEST_true(BN_copy(other_order, group_order))
|
||||
|| !TEST_true(BN_add_word(other_order, 1))
|
||||
|| !TEST_true(BN_copy(other_cofactor, group_cofactor))
|
||||
|| !TEST_true(BN_add_word(other_cofactor, 1)))
|
||||
goto err;
|
||||
|
||||
EC_POINT_free(other_gen);
|
||||
other_gen = NULL;
|
||||
|
||||
if (!TEST_ptr(other_gen = EC_POINT_new(tmpg))
|
||||
|| !TEST_true(EC_POINT_set_affine_coordinates(tmpg, other_gen,
|
||||
other_gen_x, other_gen_y,
|
||||
bn_ctx)))
|
||||
goto err;
|
||||
|
||||
/*
|
||||
* ###########################
|
||||
* # Actual tests start here #
|
||||
* ###########################
|
||||
*/
|
||||
|
||||
/*
|
||||
* Creating a group from built-in explicit parameters returns a
|
||||
* "named" EC_GROUP
|
||||
*/
|
||||
if (!TEST_ptr(tgroup = *g_next++ = EC_GROUP_new_from_ecparameters(params))
|
||||
|| !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef))
|
||||
goto err;
|
||||
/*
|
||||
* We cannot always guarantee the names match, as the built-in table
|
||||
* contains aliases for the same curve with different names.
|
||||
*/
|
||||
if (!TEST_true(are_ec_nids_compatible(nid, tnid))) {
|
||||
TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid));
|
||||
goto err;
|
||||
}
|
||||
/* Ensure that the OPENSSL_EC_EXPLICIT_CURVE ASN1 flag is set. */
|
||||
if (!TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), OPENSSL_EC_EXPLICIT_CURVE))
|
||||
goto err;
|
||||
|
||||
/*
|
||||
* An invalid seed in the parameters should be ignored: expect a "named"
|
||||
* group.
|
||||
*/
|
||||
if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, invalid_seed, invalid_seed_len),
|
||||
invalid_seed_len)
|
||||
|| !TEST_ptr(other_params = *p_next++ =
|
||||
EC_GROUP_get_ecparameters(tmpg, NULL))
|
||||
|| !TEST_ptr(tgroup = *g_next++ =
|
||||
EC_GROUP_new_from_ecparameters(other_params))
|
||||
|| !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)
|
||||
|| !TEST_true(are_ec_nids_compatible(nid, tnid))
|
||||
|| !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup),
|
||||
OPENSSL_EC_EXPLICIT_CURVE)) {
|
||||
TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid));
|
||||
goto err;
|
||||
}
|
||||
|
||||
/*
|
||||
* A null seed in the parameters should be ignored, as it is optional:
|
||||
* expect a "named" group.
|
||||
*/
|
||||
if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, NULL, 0), 1)
|
||||
|| !TEST_ptr(other_params = *p_next++ =
|
||||
EC_GROUP_get_ecparameters(tmpg, NULL))
|
||||
|| !TEST_ptr(tgroup = *g_next++ =
|
||||
EC_GROUP_new_from_ecparameters(other_params))
|
||||
|| !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)
|
||||
|| !TEST_true(are_ec_nids_compatible(nid, tnid))
|
||||
|| !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup),
|
||||
OPENSSL_EC_EXPLICIT_CURVE)) {
|
||||
TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid));
|
||||
goto err;
|
||||
}
|
||||
|
||||
/*
|
||||
* Check that changing any of the generator parameters does not yield a
|
||||
* match with the built-in curves
|
||||
*/
|
||||
if (/* Other gen, same group order & cofactor */
|
||||
!TEST_true(EC_GROUP_set_generator(tmpg, other_gen, group_order,
|
||||
group_cofactor))
|
||||
|| !TEST_ptr(other_params = *p_next++ =
|
||||
EC_GROUP_get_ecparameters(tmpg, NULL))
|
||||
|| !TEST_ptr(tgroup = *g_next++ =
|
||||
EC_GROUP_new_from_ecparameters(other_params))
|
||||
|| !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)
|
||||
/* Same gen & cofactor, different order */
|
||||
|| !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, other_order,
|
||||
group_cofactor))
|
||||
|| !TEST_ptr(other_params = *p_next++ =
|
||||
EC_GROUP_get_ecparameters(tmpg, NULL))
|
||||
|| !TEST_ptr(tgroup = *g_next++ =
|
||||
EC_GROUP_new_from_ecparameters(other_params))
|
||||
|| !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)
|
||||
/* The order is not an optional field, so this should fail */
|
||||
|| !TEST_false(EC_GROUP_set_generator(tmpg, group_gen, NULL,
|
||||
group_cofactor))
|
||||
/* Check that a wrong cofactor is ignored, and we still match */
|
||||
|| !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order,
|
||||
other_cofactor))
|
||||
|| !TEST_ptr(other_params = *p_next++ =
|
||||
EC_GROUP_get_ecparameters(tmpg, NULL))
|
||||
|| !TEST_ptr(tgroup = *g_next++ =
|
||||
EC_GROUP_new_from_ecparameters(other_params))
|
||||
|| !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)
|
||||
|| !TEST_true(are_ec_nids_compatible(nid, tnid))
|
||||
|| !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup),
|
||||
OPENSSL_EC_EXPLICIT_CURVE)
|
||||
/* Check that if the cofactor is not set then it still matches */
|
||||
|| !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order,
|
||||
NULL))
|
||||
|| !TEST_ptr(other_params = *p_next++ =
|
||||
EC_GROUP_get_ecparameters(tmpg, NULL))
|
||||
|| !TEST_ptr(tgroup = *g_next++ =
|
||||
EC_GROUP_new_from_ecparameters(other_params))
|
||||
|| !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)
|
||||
|| !TEST_true(are_ec_nids_compatible(nid, tnid))
|
||||
|| !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup),
|
||||
OPENSSL_EC_EXPLICIT_CURVE)
|
||||
/* check that restoring the generator passes */
|
||||
|| !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order,
|
||||
group_cofactor))
|
||||
|| !TEST_ptr(other_params = *p_next++ =
|
||||
EC_GROUP_get_ecparameters(tmpg, NULL))
|
||||
|| !TEST_ptr(tgroup = *g_next++ =
|
||||
EC_GROUP_new_from_ecparameters(other_params))
|
||||
|| !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)
|
||||
|| !TEST_true(are_ec_nids_compatible(nid, tnid))
|
||||
|| !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup),
|
||||
OPENSSL_EC_EXPLICIT_CURVE))
|
||||
goto err;
|
||||
|
||||
ret = 1;
|
||||
err:
|
||||
for (g_next = &g_ary[0]; g_next < g_ary + OSSL_NELEM(g_ary); g_next++)
|
||||
EC_GROUP_free(*g_next);
|
||||
for (p_next = &p_ary[0]; p_next < p_ary + OSSL_NELEM(g_ary); p_next++)
|
||||
ECPARAMETERS_free(*p_next);
|
||||
ECPARAMETERS_free(params);
|
||||
EC_POINT_free(other_gen);
|
||||
EC_GROUP_free(tmpg);
|
||||
EC_GROUP_free(group);
|
||||
BN_CTX_end(bn_ctx);
|
||||
BN_CTX_free(bn_ctx);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int parameter_test(void)
|
||||
{
|
||||
EC_GROUP *group = NULL, *group2 = NULL;
|
||||
@ -851,7 +1116,8 @@ static int parameter_test(void)
|
||||
unsigned char *buf = NULL;
|
||||
int r = 0, len;
|
||||
|
||||
if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp384r1))
|
||||
/* must use a curve without a special group method */
|
||||
if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp256k1))
|
||||
|| !TEST_ptr(ecparameters = EC_GROUP_get_ecparameters(group, NULL))
|
||||
|| !TEST_ptr(group2 = EC_GROUP_new_from_ecparameters(ecparameters))
|
||||
|| !TEST_int_eq(EC_GROUP_cmp(group, group2, NULL), 0))
|
||||
@ -886,7 +1152,280 @@ err:
|
||||
OPENSSL_free(buf);
|
||||
return r;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*-
|
||||
* random 256-bit explicit parameters curve, cofactor absent
|
||||
* order: 0x0c38d96a9f892b88772ec2e39614a82f4f (132 bit)
|
||||
* cofactor: 0x12bc94785251297abfafddf1565100da (125 bit)
|
||||
*/
|
||||
static const unsigned char params_cf_pass[] = {
|
||||
0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86,
|
||||
0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xe5, 0x00, 0x1f, 0xc5,
|
||||
0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d,
|
||||
0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93,
|
||||
0x44, 0x88, 0xe6, 0x91, 0x30, 0x44, 0x04, 0x20, 0xe5, 0x00, 0x1f, 0xc5,
|
||||
0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d,
|
||||
0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93,
|
||||
0x44, 0x88, 0xe6, 0x8e, 0x04, 0x20, 0x18, 0x8c, 0x59, 0x57, 0xc4, 0xbc,
|
||||
0x85, 0x57, 0xc3, 0x66, 0x9f, 0x89, 0xd5, 0x92, 0x0d, 0x7e, 0x42, 0x27,
|
||||
0x07, 0x64, 0xaa, 0x26, 0xed, 0x89, 0xc4, 0x09, 0x05, 0x4d, 0xc7, 0x23,
|
||||
0x47, 0xda, 0x04, 0x41, 0x04, 0x1b, 0x6b, 0x41, 0x0b, 0xf9, 0xfb, 0x77,
|
||||
0xfd, 0x50, 0xb7, 0x3e, 0x23, 0xa3, 0xec, 0x9a, 0x3b, 0x09, 0x31, 0x6b,
|
||||
0xfa, 0xf6, 0xce, 0x1f, 0xff, 0xeb, 0x57, 0x93, 0x24, 0x70, 0xf3, 0xf4,
|
||||
0xba, 0x7e, 0xfa, 0x86, 0x6e, 0x19, 0x89, 0xe3, 0x55, 0x6d, 0x5a, 0xe9,
|
||||
0xc0, 0x3d, 0xbc, 0xfb, 0xaf, 0xad, 0xd4, 0x7e, 0xa6, 0xe5, 0xfa, 0x1a,
|
||||
0x58, 0x07, 0x9e, 0x8f, 0x0d, 0x3b, 0xf7, 0x38, 0xca, 0x02, 0x11, 0x0c,
|
||||
0x38, 0xd9, 0x6a, 0x9f, 0x89, 0x2b, 0x88, 0x77, 0x2e, 0xc2, 0xe3, 0x96,
|
||||
0x14, 0xa8, 0x2f, 0x4f
|
||||
};
|
||||
|
||||
/*-
|
||||
* random 256-bit explicit parameters curve, cofactor absent
|
||||
* order: 0x045a75c0c17228ebd9b169a10e34a22101 (131 bit)
|
||||
* cofactor: 0x2e134b4ede82649f67a2e559d361e5fe (126 bit)
|
||||
*/
|
||||
static const unsigned char params_cf_fail[] = {
|
||||
0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86,
|
||||
0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xc8, 0x95, 0x27, 0x37,
|
||||
0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b,
|
||||
0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0,
|
||||
0x33, 0xc2, 0xea, 0x13, 0x30, 0x44, 0x04, 0x20, 0xc8, 0x95, 0x27, 0x37,
|
||||
0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b,
|
||||
0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0,
|
||||
0x33, 0xc2, 0xea, 0x10, 0x04, 0x20, 0xbf, 0xa6, 0xa8, 0x05, 0x1d, 0x09,
|
||||
0xac, 0x70, 0x39, 0xbb, 0x4d, 0xb2, 0x90, 0x8a, 0x15, 0x41, 0x14, 0x1d,
|
||||
0x11, 0x86, 0x9f, 0x13, 0xa2, 0x63, 0x1a, 0xda, 0x95, 0x22, 0x4d, 0x02,
|
||||
0x15, 0x0a, 0x04, 0x41, 0x04, 0xaf, 0x16, 0x71, 0xf9, 0xc4, 0xc8, 0x59,
|
||||
0x1d, 0xa3, 0x6f, 0xe7, 0xc3, 0x57, 0xa1, 0xfa, 0x9f, 0x49, 0x7c, 0x11,
|
||||
0x27, 0x05, 0xa0, 0x7f, 0xff, 0xf9, 0xe0, 0xe7, 0x92, 0xdd, 0x9c, 0x24,
|
||||
0x8e, 0xc7, 0xb9, 0x52, 0x71, 0x3f, 0xbc, 0x7f, 0x6a, 0x9f, 0x35, 0x70,
|
||||
0xe1, 0x27, 0xd5, 0x35, 0x8a, 0x13, 0xfa, 0xa8, 0x33, 0x3e, 0xd4, 0x73,
|
||||
0x1c, 0x14, 0x58, 0x9e, 0xc7, 0x0a, 0x87, 0x65, 0x8d, 0x02, 0x11, 0x04,
|
||||
0x5a, 0x75, 0xc0, 0xc1, 0x72, 0x28, 0xeb, 0xd9, 0xb1, 0x69, 0xa1, 0x0e,
|
||||
0x34, 0xa2, 0x21, 0x01
|
||||
};
|
||||
|
||||
/*-
|
||||
* Test two random 256-bit explicit parameters curves with absent cofactor.
|
||||
* The two curves are chosen to roughly straddle the bounds at which the lib
|
||||
* can compute the cofactor automatically, roughly 4*sqrt(p). So test that:
|
||||
*
|
||||
* - params_cf_pass: order is sufficiently close to p to compute cofactor
|
||||
* - params_cf_fail: order is too far away from p to compute cofactor
|
||||
*
|
||||
* For standards-compliant curves, cofactor is chosen as small as possible.
|
||||
* So you can see neither of these curves are fit for cryptographic use.
|
||||
*
|
||||
* Some standards even mandate an upper bound on the cofactor, e.g. SECG1 v2:
|
||||
* h <= 2**(t/8) where t is the security level of the curve, for which the lib
|
||||
* will always succeed in computing the cofactor. Neither of these curves
|
||||
* conform to that -- this is just robustness testing.
|
||||
*/
|
||||
static int cofactor_range_test(void)
|
||||
{
|
||||
EC_GROUP *group = NULL;
|
||||
BIGNUM *cf = NULL;
|
||||
int ret = 0;
|
||||
const unsigned char *b1 = (const unsigned char *)params_cf_fail;
|
||||
const unsigned char *b2 = (const unsigned char *)params_cf_pass;
|
||||
|
||||
if (!TEST_ptr(group = d2i_ECPKParameters(NULL, &b1, sizeof(params_cf_fail)))
|
||||
|| !TEST_BN_eq_zero(EC_GROUP_get0_cofactor(group))
|
||||
|| !TEST_ptr(group = d2i_ECPKParameters(&group, &b2,
|
||||
sizeof(params_cf_pass)))
|
||||
|| !TEST_int_gt(BN_hex2bn(&cf, "12bc94785251297abfafddf1565100da"), 0)
|
||||
|| !TEST_BN_eq(cf, EC_GROUP_get0_cofactor(group)))
|
||||
goto err;
|
||||
ret = 1;
|
||||
err:
|
||||
BN_free(cf);
|
||||
EC_GROUP_free(group);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*-
|
||||
* For named curves, test that:
|
||||
* - the lib correctly computes the cofactor if passed a NULL or zero cofactor
|
||||
* - a nonsensical cofactor throws an error (negative test)
|
||||
* - nonsensical orders throw errors (negative tests)
|
||||
*/
|
||||
static int cardinality_test(int n)
|
||||
{
|
||||
int ret = 0;
|
||||
int nid = curves[n].nid;
|
||||
BN_CTX *ctx = NULL;
|
||||
EC_GROUP *g1 = NULL, *g2 = NULL;
|
||||
EC_POINT *g2_gen = NULL;
|
||||
BIGNUM *g1_p = NULL, *g1_a = NULL, *g1_b = NULL, *g1_x = NULL, *g1_y = NULL,
|
||||
*g1_order = NULL, *g1_cf = NULL, *g2_cf = NULL;
|
||||
|
||||
TEST_info("Curve %s cardinality test", OBJ_nid2sn(nid));
|
||||
|
||||
if (!TEST_ptr(ctx = BN_CTX_new())
|
||||
|| !TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid))
|
||||
|| !TEST_ptr(g2 = EC_GROUP_new(EC_GROUP_method_of(g1)))) {
|
||||
EC_GROUP_free(g1);
|
||||
EC_GROUP_free(g2);
|
||||
BN_CTX_free(ctx);
|
||||
return 0;
|
||||
}
|
||||
|
||||
BN_CTX_start(ctx);
|
||||
g1_p = BN_CTX_get(ctx);
|
||||
g1_a = BN_CTX_get(ctx);
|
||||
g1_b = BN_CTX_get(ctx);
|
||||
g1_x = BN_CTX_get(ctx);
|
||||
g1_y = BN_CTX_get(ctx);
|
||||
g1_order = BN_CTX_get(ctx);
|
||||
g1_cf = BN_CTX_get(ctx);
|
||||
|
||||
if (!TEST_ptr(g2_cf = BN_CTX_get(ctx))
|
||||
/* pull out the explicit curve parameters */
|
||||
|| !TEST_true(EC_GROUP_get_curve(g1, g1_p, g1_a, g1_b, ctx))
|
||||
|| !TEST_true(EC_POINT_get_affine_coordinates(g1,
|
||||
EC_GROUP_get0_generator(g1), g1_x, g1_y, ctx))
|
||||
|| !TEST_true(BN_copy(g1_order, EC_GROUP_get0_order(g1)))
|
||||
|| !TEST_true(EC_GROUP_get_cofactor(g1, g1_cf, ctx))
|
||||
/* construct g2 manually with g1 parameters */
|
||||
|| !TEST_true(EC_GROUP_set_curve(g2, g1_p, g1_a, g1_b, ctx))
|
||||
|| !TEST_ptr(g2_gen = EC_POINT_new(g2))
|
||||
|| !TEST_true(EC_POINT_set_affine_coordinates(g2, g2_gen, g1_x, g1_y, ctx))
|
||||
/* pass NULL cofactor: lib should compute it */
|
||||
|| !TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))
|
||||
|| !TEST_true(EC_GROUP_get_cofactor(g2, g2_cf, ctx))
|
||||
|| !TEST_BN_eq(g1_cf, g2_cf)
|
||||
/* pass zero cofactor: lib should compute it */
|
||||
|| !TEST_true(BN_set_word(g2_cf, 0))
|
||||
|| !TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf))
|
||||
|| !TEST_true(EC_GROUP_get_cofactor(g2, g2_cf, ctx))
|
||||
|| !TEST_BN_eq(g1_cf, g2_cf)
|
||||
/* negative test for invalid cofactor */
|
||||
|| !TEST_true(BN_set_word(g2_cf, 0))
|
||||
|| !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one()))
|
||||
|| !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf))
|
||||
/* negative test for NULL order */
|
||||
|| !TEST_false(EC_GROUP_set_generator(g2, g2_gen, NULL, NULL))
|
||||
/* negative test for zero order */
|
||||
|| !TEST_true(BN_set_word(g1_order, 0))
|
||||
|| !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))
|
||||
/* negative test for negative order */
|
||||
|| !TEST_true(BN_set_word(g2_cf, 0))
|
||||
|| !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one()))
|
||||
|| !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))
|
||||
/* negative test for too large order */
|
||||
|| !TEST_true(BN_lshift(g1_order, g1_p, 2))
|
||||
|| !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)))
|
||||
goto err;
|
||||
ret = 1;
|
||||
err:
|
||||
EC_POINT_free(g2_gen);
|
||||
EC_GROUP_free(g1);
|
||||
EC_GROUP_free(g2);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Helper for ec_point_hex2point_test
|
||||
*
|
||||
* Self-tests EC_POINT_point2hex() against EC_POINT_hex2point() for the given
|
||||
* (group,P) pair.
|
||||
*
|
||||
* If P is NULL use point at infinity.
|
||||
*/
|
||||
static ossl_inline
|
||||
int ec_point_hex2point_test_helper(const EC_GROUP *group, const EC_POINT *P,
|
||||
point_conversion_form_t form,
|
||||
BN_CTX *bnctx)
|
||||
{
|
||||
int ret = 0;
|
||||
EC_POINT *Q = NULL, *Pinf = NULL;
|
||||
char *hex = NULL;
|
||||
|
||||
if (P == NULL) {
|
||||
/* If P is NULL use point at infinity. */
|
||||
if (!TEST_ptr(Pinf = EC_POINT_new(group))
|
||||
|| !TEST_true(EC_POINT_set_to_infinity(group, Pinf)))
|
||||
goto err;
|
||||
P = Pinf;
|
||||
}
|
||||
|
||||
if (!TEST_ptr(hex = EC_POINT_point2hex(group, P, form, bnctx))
|
||||
|| !TEST_ptr(Q = EC_POINT_hex2point(group, hex, NULL, bnctx))
|
||||
|| !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, bnctx)))
|
||||
goto err;
|
||||
|
||||
/*
|
||||
* The next check is most likely superfluous, as EC_POINT_cmp should already
|
||||
* cover this.
|
||||
* Nonetheless it increases the test coverage for EC_POINT_is_at_infinity,
|
||||
* so we include it anyway!
|
||||
*/
|
||||
if (Pinf != NULL
|
||||
&& !TEST_true(EC_POINT_is_at_infinity(group, Q)))
|
||||
goto err;
|
||||
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
EC_POINT_free(Pinf);
|
||||
OPENSSL_free(hex);
|
||||
EC_POINT_free(Q);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* This test self-validates EC_POINT_hex2point() and EC_POINT_point2hex()
|
||||
*/
|
||||
static int ec_point_hex2point_test(int id)
|
||||
{
|
||||
int ret = 0, nid;
|
||||
EC_GROUP *group = NULL;
|
||||
const EC_POINT *G = NULL;
|
||||
EC_POINT *P = NULL;
|
||||
BN_CTX * bnctx = NULL;
|
||||
|
||||
/* Do some setup */
|
||||
nid = curves[id].nid;
|
||||
if (!TEST_ptr(bnctx = BN_CTX_new())
|
||||
|| !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))
|
||||
|| !TEST_ptr(G = EC_GROUP_get0_generator(group))
|
||||
|| !TEST_ptr(P = EC_POINT_dup(G, group)))
|
||||
goto err;
|
||||
|
||||
if (!TEST_true(ec_point_hex2point_test_helper(group, P,
|
||||
POINT_CONVERSION_COMPRESSED,
|
||||
bnctx))
|
||||
|| !TEST_true(ec_point_hex2point_test_helper(group, NULL,
|
||||
POINT_CONVERSION_COMPRESSED,
|
||||
bnctx))
|
||||
|| !TEST_true(ec_point_hex2point_test_helper(group, P,
|
||||
POINT_CONVERSION_UNCOMPRESSED,
|
||||
bnctx))
|
||||
|| !TEST_true(ec_point_hex2point_test_helper(group, NULL,
|
||||
POINT_CONVERSION_UNCOMPRESSED,
|
||||
bnctx))
|
||||
|| !TEST_true(ec_point_hex2point_test_helper(group, P,
|
||||
POINT_CONVERSION_HYBRID,
|
||||
bnctx))
|
||||
|| !TEST_true(ec_point_hex2point_test_helper(group, NULL,
|
||||
POINT_CONVERSION_HYBRID,
|
||||
bnctx)))
|
||||
goto err;
|
||||
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
EC_POINT_free(P);
|
||||
EC_GROUP_free(group);
|
||||
BN_CTX_free(bnctx);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
|
||||
int setup_tests(void)
|
||||
{
|
||||
@ -897,6 +1436,8 @@ int setup_tests(void)
|
||||
return 0;
|
||||
|
||||
ADD_TEST(parameter_test);
|
||||
ADD_TEST(cofactor_range_test);
|
||||
ADD_ALL_TESTS(cardinality_test, crv_len);
|
||||
ADD_TEST(prime_field_tests);
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
ADD_TEST(char2_field_tests);
|
||||
@ -908,7 +1449,10 @@ int setup_tests(void)
|
||||
# endif
|
||||
ADD_ALL_TESTS(internal_curve_test, crv_len);
|
||||
ADD_ALL_TESTS(internal_curve_test_method, crv_len);
|
||||
#endif
|
||||
|
||||
ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len);
|
||||
ADD_ALL_TESTS(ec_point_hex2point_test, crv_len);
|
||||
#endif /* OPENSSL_NO_EC */
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
@ -1,12 +0,0 @@
|
||||
diff -up openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.nohtml openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl
|
||||
--- openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.no-html 2016-04-19 16:57:52.000000000 +0200
|
||||
+++ openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl 2016-07-18 13:58:55.060106243 +0200
|
||||
@@ -288,7 +288,7 @@ install_sw: all install_dev install_engi
|
||||
|
||||
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
|
||||
|
||||
-install_docs: install_man_docs install_html_docs
|
||||
+install_docs: install_man_docs
|
||||
|
||||
uninstall_docs: uninstall_man_docs uninstall_html_docs
|
||||
$(RM) -r -v $(DESTDIR)$(DOCDIR)
|
27
SOURCES/openssl-1.1.1-alpn-cb.patch
Normal file
27
SOURCES/openssl-1.1.1-alpn-cb.patch
Normal file
@ -0,0 +1,27 @@
|
||||
commit 9e885a707d604e9528b5491b78fb9c00f41193fc
|
||||
Author: Tomas Mraz <tmraz@fedoraproject.org>
|
||||
Date: Thu Mar 26 15:59:00 2020 +0100
|
||||
|
||||
s_server: Properly indicate ALPN protocol mismatch
|
||||
|
||||
Return SSL_TLSEXT_ERR_ALERT_FATAL from alpn_select_cb so that
|
||||
an alert is sent to the client on ALPN protocol mismatch.
|
||||
|
||||
Fixes: #2708
|
||||
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/11415)
|
||||
|
||||
diff --git a/apps/s_server.c b/apps/s_server.c
|
||||
index bcc83e562c..591c6c19c5 100644
|
||||
--- a/apps/s_server.c
|
||||
+++ b/apps/s_server.c
|
||||
@@ -707,7 +707,7 @@ static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
|
||||
if (SSL_select_next_proto
|
||||
((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in,
|
||||
inlen) != OPENSSL_NPN_NEGOTIATED) {
|
||||
- return SSL_TLSEXT_ERR_NOACK;
|
||||
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
|
||||
}
|
||||
|
||||
if (!s_quiet) {
|
@ -1,28 +1,7 @@
|
||||
diff -up openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl
|
||||
--- openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build 2018-06-20 16:48:09.000000000 +0200
|
||||
+++ openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl 2018-07-16 17:15:38.108831031 +0200
|
||||
@@ -680,7 +680,7 @@ uninstall_runtime:
|
||||
install_man_docs:
|
||||
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
|
||||
@$(ECHO) "*** Installing manpages"
|
||||
- $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||
+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||
--destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX)
|
||||
|
||||
uninstall_man_docs:
|
||||
@@ -692,7 +692,7 @@ uninstall_man_docs:
|
||||
install_html_docs:
|
||||
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
|
||||
@$(ECHO) "*** Installing HTML manpages"
|
||||
- $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||
+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||
--destdir=$(DESTDIR)$(HTMLDIR) --type=html
|
||||
|
||||
uninstall_html_docs:
|
||||
diff -up openssl-1.1.1-pre8/Configurations/10-main.conf.build openssl-1.1.1-pre8/Configurations/10-main.conf
|
||||
--- openssl-1.1.1-pre8/Configurations/10-main.conf.build 2018-06-20 16:48:09.000000000 +0200
|
||||
+++ openssl-1.1.1-pre8/Configurations/10-main.conf 2018-07-16 17:17:10.312045203 +0200
|
||||
@@ -693,6 +693,7 @@ my %targets = (
|
||||
diff -up openssl-1.1.1f/Configurations/10-main.conf.build openssl-1.1.1f/Configurations/10-main.conf
|
||||
--- openssl-1.1.1f/Configurations/10-main.conf.build 2020-03-31 14:17:45.000000000 +0200
|
||||
+++ openssl-1.1.1f/Configurations/10-main.conf 2020-04-07 16:42:10.920546387 +0200
|
||||
@@ -678,6 +678,7 @@ my %targets = (
|
||||
cxxflags => add("-m64"),
|
||||
lib_cppflags => add("-DL_ENDIAN"),
|
||||
perlasm_scheme => "linux64le",
|
||||
@ -30,7 +9,7 @@ diff -up openssl-1.1.1-pre8/Configurations/10-main.conf.build openssl-1.1.1-pre8
|
||||
},
|
||||
|
||||
"linux-armv4" => {
|
||||
@@ -733,6 +734,7 @@ my %targets = (
|
||||
@@ -718,6 +719,7 @@ my %targets = (
|
||||
"linux-aarch64" => {
|
||||
inherit_from => [ "linux-generic64", asm("aarch64_asm") ],
|
||||
perlasm_scheme => "linux64",
|
||||
@ -38,3 +17,24 @@ diff -up openssl-1.1.1-pre8/Configurations/10-main.conf.build openssl-1.1.1-pre8
|
||||
},
|
||||
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
|
||||
inherit_from => [ "linux-generic32", asm("aarch64_asm") ],
|
||||
diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build openssl-1.1.1f/Configurations/unix-Makefile.tmpl
|
||||
--- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build 2020-04-07 16:42:10.920546387 +0200
|
||||
+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-04-07 16:44:23.539142108 +0200
|
||||
@@ -823,7 +823,7 @@ uninstall_runtime_libs:
|
||||
install_man_docs:
|
||||
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
|
||||
@$(ECHO) "*** Installing manpages"
|
||||
- $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||
+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||
"--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX)
|
||||
|
||||
uninstall_man_docs:
|
||||
@@ -835,7 +835,7 @@ uninstall_man_docs:
|
||||
install_html_docs:
|
||||
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
|
||||
@$(ECHO) "*** Installing HTML manpages"
|
||||
- $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||
+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||
"--destdir=$(DESTDIR)$(HTMLDIR)" --type=html
|
||||
|
||||
uninstall_html_docs:
|
||||
|
@ -1,171 +0,0 @@
|
||||
From 30c22fa8b1d840036b8e203585738df62a03cec8 Mon Sep 17 00:00:00 2001
|
||||
From: Billy Brumley <bbrumley@gmail.com>
|
||||
Date: Thu, 5 Sep 2019 21:25:37 +0300
|
||||
Subject: [PATCH] [crypto/ec] for ECC parameters with NULL or zero cofactor,
|
||||
compute it
|
||||
|
||||
The cofactor argument to EC_GROUP_set_generator is optional, and SCA
|
||||
mitigations for ECC currently use it. So the library currently falls
|
||||
back to very old SCA-vulnerable code if the cofactor is not present.
|
||||
|
||||
This PR allows EC_GROUP_set_generator to compute the cofactor for all
|
||||
curves of cryptographic interest. Steering scalar multiplication to more
|
||||
SCA-robust code.
|
||||
|
||||
This issue affects persisted private keys in explicit parameter form,
|
||||
where the (optional) cofactor field is zero or absent.
|
||||
|
||||
It also affects curves not built-in to the library, but constructed
|
||||
programatically with explicit parameters, then calling
|
||||
EC_GROUP_set_generator with a nonsensical value (NULL, zero).
|
||||
|
||||
The very old scalar multiplication code is known to be vulnerable to
|
||||
local uarch attacks, outside of the OpenSSL threat model. New results
|
||||
suggest the code path is also vulnerable to traditional wall clock
|
||||
timing attacks.
|
||||
|
||||
CVE-2019-1547
|
||||
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
|
||||
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
|
||||
(Merged from https://github.com/openssl/openssl/pull/9781)
|
||||
---
|
||||
crypto/ec/ec_lib.c | 103 ++++++++++++++++++++++++++++++++++++++++++---
|
||||
1 file changed, 96 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
|
||||
index 8cab5a5061..1289c8608e 100644
|
||||
--- a/crypto/ec/ec_lib.c
|
||||
+++ b/crypto/ec/ec_lib.c
|
||||
@@ -265,6 +265,67 @@ int EC_METHOD_get_field_type(const EC_METHOD *meth)
|
||||
|
||||
static int ec_precompute_mont_data(EC_GROUP *);
|
||||
|
||||
+/*-
|
||||
+ * Try computing cofactor from the generator order (n) and field cardinality (q).
|
||||
+ * This works for all curves of cryptographic interest.
|
||||
+ *
|
||||
+ * Hasse thm: q + 1 - 2*sqrt(q) <= n*h <= q + 1 + 2*sqrt(q)
|
||||
+ * h_min = (q + 1 - 2*sqrt(q))/n
|
||||
+ * h_max = (q + 1 + 2*sqrt(q))/n
|
||||
+ * h_max - h_min = 4*sqrt(q)/n
|
||||
+ * So if n > 4*sqrt(q) holds, there is only one possible value for h:
|
||||
+ * h = \lfloor (h_min + h_max)/2 \rceil = \lfloor (q + 1)/n \rceil
|
||||
+ *
|
||||
+ * Otherwise, zero cofactor and return success.
|
||||
+ */
|
||||
+static int ec_guess_cofactor(EC_GROUP *group) {
|
||||
+ int ret = 0;
|
||||
+ BN_CTX *ctx = NULL;
|
||||
+ BIGNUM *q = NULL;
|
||||
+
|
||||
+ /*-
|
||||
+ * If the cofactor is too large, we cannot guess it.
|
||||
+ * The RHS of below is a strict overestimate of lg(4 * sqrt(q))
|
||||
+ */
|
||||
+ if (BN_num_bits(group->order) <= (BN_num_bits(group->field) + 1) / 2 + 3) {
|
||||
+ /* default to 0 */
|
||||
+ BN_zero(group->cofactor);
|
||||
+ /* return success */
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ if ((ctx = BN_CTX_new()) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ BN_CTX_start(ctx);
|
||||
+ if ((q = BN_CTX_get(ctx)) == NULL)
|
||||
+ goto err;
|
||||
+
|
||||
+ /* set q = 2**m for binary fields; q = p otherwise */
|
||||
+ if (group->meth->field_type == NID_X9_62_characteristic_two_field) {
|
||||
+ BN_zero(q);
|
||||
+ if (!BN_set_bit(q, BN_num_bits(group->field) - 1))
|
||||
+ goto err;
|
||||
+ } else {
|
||||
+ if (!BN_copy(q, group->field))
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ /* compute h = \lfloor (q + 1)/n \rceil = \lfloor (q + 1 + n/2)/n \rfloor */
|
||||
+ if (!BN_rshift1(group->cofactor, group->order) /* n/2 */
|
||||
+ || !BN_add(group->cofactor, group->cofactor, q) /* q + n/2 */
|
||||
+ /* q + 1 + n/2 */
|
||||
+ || !BN_add(group->cofactor, group->cofactor, BN_value_one())
|
||||
+ /* (q + 1 + n/2)/n */
|
||||
+ || !BN_div(group->cofactor, NULL, group->cofactor, group->order, ctx))
|
||||
+ goto err;
|
||||
+ ret = 1;
|
||||
+ err:
|
||||
+ BN_CTX_end(ctx);
|
||||
+ BN_CTX_free(ctx);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
|
||||
const BIGNUM *order, const BIGNUM *cofactor)
|
||||
{
|
||||
@@ -273,6 +334,34 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ /* require group->field >= 1 */
|
||||
+ if (group->field == NULL || BN_is_zero(group->field)
|
||||
+ || BN_is_negative(group->field)) {
|
||||
+ ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_INVALID_FIELD);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ /*-
|
||||
+ * - require order >= 1
|
||||
+ * - enforce upper bound due to Hasse thm: order can be no more than one bit
|
||||
+ * longer than field cardinality
|
||||
+ */
|
||||
+ if (order == NULL || BN_is_zero(order) || BN_is_negative(order)
|
||||
+ || BN_num_bits(order) > BN_num_bits(group->field) + 1) {
|
||||
+ ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_INVALID_GROUP_ORDER);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ /*-
|
||||
+ * Unfortunately the cofactor is an optional field in many standards.
|
||||
+ * Internally, the lib uses 0 cofactor as a marker for "unknown cofactor".
|
||||
+ * So accept cofactor == NULL or cofactor >= 0.
|
||||
+ */
|
||||
+ if (cofactor != NULL && BN_is_negative(cofactor)) {
|
||||
+ ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_UNKNOWN_COFACTOR);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
if (group->generator == NULL) {
|
||||
group->generator = EC_POINT_new(group);
|
||||
if (group->generator == NULL)
|
||||
@@ -281,17 +370,17 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
|
||||
if (!EC_POINT_copy(group->generator, generator))
|
||||
return 0;
|
||||
|
||||
- if (order != NULL) {
|
||||
- if (!BN_copy(group->order, order))
|
||||
- return 0;
|
||||
- } else
|
||||
- BN_zero(group->order);
|
||||
+ if (!BN_copy(group->order, order))
|
||||
+ return 0;
|
||||
|
||||
- if (cofactor != NULL) {
|
||||
+ /* Either take the provided positive cofactor, or try to compute it */
|
||||
+ if (cofactor != NULL && !BN_is_zero(cofactor)) {
|
||||
if (!BN_copy(group->cofactor, cofactor))
|
||||
return 0;
|
||||
- } else
|
||||
+ } else if (!ec_guess_cofactor(group)) {
|
||||
BN_zero(group->cofactor);
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
/*
|
||||
* Some groups have an order with
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,300 +0,0 @@
|
||||
diff -up openssl-1.1.1c/crypto/fips/fips.c.fork-safety openssl-1.1.1c/crypto/fips/fips.c
|
||||
--- openssl-1.1.1c/crypto/fips/fips.c.fork-safety 2019-11-20 11:36:22.343506961 +0100
|
||||
+++ openssl-1.1.1c/crypto/fips/fips.c 2019-11-21 17:44:32.920776849 +0100
|
||||
@@ -472,7 +472,7 @@ int FIPS_module_mode_set(int onoff)
|
||||
|
||||
fips_set_mode(onoff);
|
||||
/* force RNG reseed with entropy from getrandom() on next call */
|
||||
- rand_fork();
|
||||
+ rand_force_reseed();
|
||||
|
||||
ret = 1;
|
||||
goto end;
|
||||
diff -up openssl-1.1.1c/crypto/include/internal/rand_int.h.fork-safety openssl-1.1.1c/crypto/include/internal/rand_int.h
|
||||
--- openssl-1.1.1c/crypto/include/internal/rand_int.h.fork-safety 2019-11-20 11:36:22.382506277 +0100
|
||||
+++ openssl-1.1.1c/crypto/include/internal/rand_int.h 2019-11-21 17:45:42.102456672 +0100
|
||||
@@ -24,9 +24,9 @@
|
||||
typedef struct rand_pool_st RAND_POOL;
|
||||
|
||||
void rand_cleanup_int(void);
|
||||
+void rand_force_reseed(void);
|
||||
void rand_drbg_cleanup_int(void);
|
||||
void drbg_delete_thread_state(void);
|
||||
-void rand_fork(void);
|
||||
|
||||
/* Hardware-based seeding functions. */
|
||||
size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
|
||||
diff -up openssl-1.1.1c/crypto/init.c.fork-safety openssl-1.1.1c/crypto/init.c
|
||||
--- openssl-1.1.1c/crypto/init.c.fork-safety 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/init.c 2019-11-21 17:34:13.478597398 +0100
|
||||
@@ -847,6 +847,5 @@ void OPENSSL_fork_parent(void)
|
||||
|
||||
void OPENSSL_fork_child(void)
|
||||
{
|
||||
- rand_fork();
|
||||
}
|
||||
#endif
|
||||
diff -up openssl-1.1.1c/crypto/rand/drbg_lib.c.fork-safety openssl-1.1.1c/crypto/rand/drbg_lib.c
|
||||
--- openssl-1.1.1c/crypto/rand/drbg_lib.c.fork-safety 2019-11-20 11:36:22.383506260 +0100
|
||||
+++ openssl-1.1.1c/crypto/rand/drbg_lib.c 2019-11-21 17:46:37.583397431 +0100
|
||||
@@ -197,7 +197,7 @@ static RAND_DRBG *rand_drbg_new(int secu
|
||||
}
|
||||
|
||||
drbg->secure = secure && CRYPTO_secure_allocated(drbg);
|
||||
- drbg->fork_count = rand_fork_count;
|
||||
+ drbg->fork_id = openssl_get_fork_id();
|
||||
drbg->parent = parent;
|
||||
|
||||
if (parent == NULL) {
|
||||
@@ -583,6 +583,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg,
|
||||
int prediction_resistance,
|
||||
const unsigned char *adin, size_t adinlen)
|
||||
{
|
||||
+ int fork_id;
|
||||
int reseed_required = 0;
|
||||
|
||||
if (drbg->state != DRBG_READY) {
|
||||
@@ -608,8 +609,10 @@ int RAND_DRBG_generate(RAND_DRBG *drbg,
|
||||
return 0;
|
||||
}
|
||||
|
||||
- if (drbg->fork_count != rand_fork_count) {
|
||||
- drbg->fork_count = rand_fork_count;
|
||||
+ fork_id = openssl_get_fork_id();
|
||||
+
|
||||
+ if (drbg->fork_id != fork_id) {
|
||||
+ drbg->fork_id = fork_id;
|
||||
reseed_required = 1;
|
||||
}
|
||||
|
||||
@@ -1011,6 +1014,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
|
||||
return min_entropy > min_entropylen ? min_entropy : min_entropylen;
|
||||
}
|
||||
|
||||
+void rand_force_reseed(void)
|
||||
+{
|
||||
+ RAND_DRBG *drbg;
|
||||
+
|
||||
+ drbg = RAND_DRBG_get0_master();
|
||||
+ drbg->fork_id = 0;
|
||||
+
|
||||
+ drbg = RAND_DRBG_get0_private();
|
||||
+ drbg->fork_id = 0;
|
||||
+
|
||||
+ drbg = RAND_DRBG_get0_public();
|
||||
+ drbg->fork_id = 0;
|
||||
+}
|
||||
+
|
||||
/* Implements the default OpenSSL RAND_add() method */
|
||||
static int drbg_add(const void *buf, int num, double randomness)
|
||||
{
|
||||
diff -up openssl-1.1.1c/crypto/rand/rand_lcl.h.fork-safety openssl-1.1.1c/crypto/rand/rand_lcl.h
|
||||
--- openssl-1.1.1c/crypto/rand/rand_lcl.h.fork-safety 2019-11-20 11:36:22.383506260 +0100
|
||||
+++ openssl-1.1.1c/crypto/rand/rand_lcl.h 2019-11-21 17:34:13.485597265 +0100
|
||||
@@ -176,12 +176,12 @@ struct rand_drbg_st {
|
||||
int secure; /* 1: allocated on the secure heap, 0: otherwise */
|
||||
int type; /* the nid of the underlying algorithm */
|
||||
/*
|
||||
- * Stores the value of the rand_fork_count global as of when we last
|
||||
- * reseeded. The DRBG reseeds automatically whenever drbg->fork_count !=
|
||||
- * rand_fork_count. Used to provide fork-safety and reseed this DRBG in
|
||||
- * the child process.
|
||||
+ * Stores the return value of openssl_get_fork_id() as of when we last
|
||||
+ * reseeded. The DRBG reseeds automatically whenever drbg->fork_id !=
|
||||
+ * openssl_get_fork_id(). Used to provide fork-safety and reseed this
|
||||
+ * DRBG in the child process.
|
||||
*/
|
||||
- int fork_count;
|
||||
+ int fork_id;
|
||||
unsigned short flags; /* various external flags */
|
||||
|
||||
/*
|
||||
@@ -273,19 +273,6 @@ struct rand_drbg_st {
|
||||
/* The global RAND method, and the global buffer and DRBG instance. */
|
||||
extern RAND_METHOD rand_meth;
|
||||
|
||||
-/*
|
||||
- * A "generation count" of forks. Incremented in the child process after a
|
||||
- * fork. Since rand_fork_count is increment-only, and only ever written to in
|
||||
- * the child process of the fork, which is guaranteed to be single-threaded, no
|
||||
- * locking is needed for normal (read) accesses; the rest of pthread fork
|
||||
- * processing is assumed to introduce the necessary memory barriers. Sibling
|
||||
- * children of a given parent will produce duplicate values, but this is not
|
||||
- * problematic because the reseeding process pulls input from the system CSPRNG
|
||||
- * and/or other global sources, so the siblings will end up generating
|
||||
- * different output streams.
|
||||
- */
|
||||
-extern int rand_fork_count;
|
||||
-
|
||||
/* DRBG helpers */
|
||||
int rand_drbg_restart(RAND_DRBG *drbg,
|
||||
const unsigned char *buffer, size_t len, size_t entropy);
|
||||
diff -up openssl-1.1.1c/crypto/rand/rand_lib.c.fork-safety openssl-1.1.1c/crypto/rand/rand_lib.c
|
||||
--- openssl-1.1.1c/crypto/rand/rand_lib.c.fork-safety 2019-11-20 11:36:22.374506418 +0100
|
||||
+++ openssl-1.1.1c/crypto/rand/rand_lib.c 2019-11-21 17:34:13.487597227 +0100
|
||||
@@ -30,8 +30,6 @@ static CRYPTO_RWLOCK *rand_meth_lock;
|
||||
static const RAND_METHOD *default_RAND_meth;
|
||||
static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT;
|
||||
|
||||
-int rand_fork_count;
|
||||
-
|
||||
static CRYPTO_RWLOCK *rand_nonce_lock;
|
||||
static int rand_nonce_count;
|
||||
|
||||
@@ -303,11 +301,6 @@ void rand_drbg_cleanup_additional_data(R
|
||||
rand_pool_reattach(pool, out);
|
||||
}
|
||||
|
||||
-void rand_fork(void)
|
||||
-{
|
||||
- rand_fork_count++;
|
||||
-}
|
||||
-
|
||||
DEFINE_RUN_ONCE_STATIC(do_rand_init)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
diff -up openssl-1.1.1c/crypto/threads_none.c.fork-safety openssl-1.1.1c/crypto/threads_none.c
|
||||
--- openssl-1.1.1c/crypto/threads_none.c.fork-safety 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/threads_none.c 2019-11-21 17:34:13.489597189 +0100
|
||||
@@ -12,6 +12,11 @@
|
||||
|
||||
#if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
|
||||
|
||||
+# if defined(OPENSSL_SYS_UNIX)
|
||||
+# include <sys/types.h>
|
||||
+# include <unistd.h>
|
||||
+# endif
|
||||
+
|
||||
CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
|
||||
{
|
||||
CRYPTO_RWLOCK *lock;
|
||||
@@ -133,4 +138,12 @@ int openssl_init_fork_handlers(void)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+int openssl_get_fork_id(void)
|
||||
+{
|
||||
+# if defined(OPENSSL_SYS_UNIX)
|
||||
+ return getpid();
|
||||
+# else
|
||||
+ return 0;
|
||||
+# endif
|
||||
+}
|
||||
#endif
|
||||
diff -up openssl-1.1.1c/crypto/threads_pthread.c.fork-safety openssl-1.1.1c/crypto/threads_pthread.c
|
||||
--- openssl-1.1.1c/crypto/threads_pthread.c.fork-safety 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/threads_pthread.c 2019-11-21 17:34:13.492597131 +0100
|
||||
@@ -12,6 +12,11 @@
|
||||
|
||||
#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS)
|
||||
|
||||
+# if defined(OPENSSL_SYS_UNIX)
|
||||
+# include <sys/types.h>
|
||||
+# include <unistd.h>
|
||||
+#endif
|
||||
+
|
||||
# ifdef PTHREAD_RWLOCK_INITIALIZER
|
||||
# define USE_RWLOCK
|
||||
# endif
|
||||
@@ -193,4 +198,9 @@ int openssl_init_fork_handlers(void)
|
||||
# endif
|
||||
return 0;
|
||||
}
|
||||
+
|
||||
+int openssl_get_fork_id(void)
|
||||
+{
|
||||
+ return getpid();
|
||||
+}
|
||||
#endif
|
||||
diff -up openssl-1.1.1c/crypto/threads_win.c.fork-safety openssl-1.1.1c/crypto/threads_win.c
|
||||
--- openssl-1.1.1c/crypto/threads_win.c.fork-safety 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/threads_win.c 2019-11-21 17:34:13.495597074 +0100
|
||||
@@ -164,4 +164,8 @@ int openssl_init_fork_handlers(void)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+int openssl_get_fork_id(void)
|
||||
+{
|
||||
+ return 0;
|
||||
+}
|
||||
#endif
|
||||
diff -up openssl-1.1.1c/include/internal/cryptlib.h.fork-safety openssl-1.1.1c/include/internal/cryptlib.h
|
||||
--- openssl-1.1.1c/include/internal/cryptlib.h.fork-safety 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/include/internal/cryptlib.h 2019-11-21 17:34:13.497597036 +0100
|
||||
@@ -80,6 +80,7 @@ extern unsigned int OPENSSL_ia32cap_P[];
|
||||
void OPENSSL_showfatal(const char *fmta, ...);
|
||||
void crypto_cleanup_all_ex_data_int(void);
|
||||
int openssl_init_fork_handlers(void);
|
||||
+int openssl_get_fork_id(void);
|
||||
|
||||
char *ossl_safe_getenv(const char *name);
|
||||
|
||||
diff -up openssl-1.1.1c/test/drbgtest.c.fork-safety openssl-1.1.1c/test/drbgtest.c
|
||||
--- openssl-1.1.1c/test/drbgtest.c.fork-safety 2019-11-20 11:36:22.384506242 +0100
|
||||
+++ openssl-1.1.1c/test/drbgtest.c 2019-11-21 17:34:13.499596998 +0100
|
||||
@@ -22,6 +22,13 @@
|
||||
# include <windows.h>
|
||||
#endif
|
||||
|
||||
+
|
||||
+#if defined(OPENSSL_SYS_UNIX)
|
||||
+# include <sys/types.h>
|
||||
+# include <sys/wait.h>
|
||||
+# include <unistd.h>
|
||||
+#endif
|
||||
+
|
||||
#include "testutil.h"
|
||||
#include "drbgtest.h"
|
||||
|
||||
@@ -696,6 +703,40 @@ static int test_drbg_reseed(int expect_s
|
||||
return 1;
|
||||
}
|
||||
|
||||
+
|
||||
+#if defined(OPENSSL_SYS_UNIX)
|
||||
+/*
|
||||
+ * Test whether master, public and private DRBG are reseeded after
|
||||
+ * forking the process.
|
||||
+ */
|
||||
+static int test_drbg_reseed_after_fork(RAND_DRBG *master,
|
||||
+ RAND_DRBG *public,
|
||||
+ RAND_DRBG *private)
|
||||
+{
|
||||
+ pid_t pid;
|
||||
+ int status=0;
|
||||
+
|
||||
+ pid = fork();
|
||||
+ if (!TEST_int_ge(pid, 0))
|
||||
+ return 0;
|
||||
+
|
||||
+ if (pid > 0) {
|
||||
+ /* I'm the parent; wait for the child and check its exit code */
|
||||
+ return TEST_int_eq(waitpid(pid, &status, 0), pid) && TEST_int_eq(status, 0);
|
||||
+ }
|
||||
+
|
||||
+ /* I'm the child; check whether all three DRBGs reseed. */
|
||||
+ if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1, 0)))
|
||||
+ status = 1;
|
||||
+
|
||||
+ /* Remove hooks */
|
||||
+ unhook_drbg(master);
|
||||
+ unhook_drbg(public);
|
||||
+ unhook_drbg(private);
|
||||
+ exit(status);
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* Test whether the default rand_method (RAND_OpenSSL()) is
|
||||
* setup correctly, in particular whether reseeding works
|
||||
@@ -786,6 +827,10 @@ static int test_rand_drbg_reseed(void)
|
||||
goto error;
|
||||
reset_drbg_hook_ctx();
|
||||
|
||||
+#if defined(OPENSSL_SYS_UNIX)
|
||||
+ if (!TEST_true(test_drbg_reseed_after_fork(master, public, private)))
|
||||
+ goto error;
|
||||
+#endif
|
||||
|
||||
/* fill 'randomness' buffer with some arbitrary data */
|
||||
memset(rand_add_buf, 'r', sizeof(rand_add_buf));
|
@ -1,147 +0,0 @@
|
||||
From 08229ad838c50f644d7e928e2eef147b4308ad64 Mon Sep 17 00:00:00 2001
|
||||
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
|
||||
Date: Sun, 1 Sep 2019 00:16:28 +0200
|
||||
Subject: [PATCH] Fix a padding oracle in PKCS7_dataDecode and
|
||||
CMS_decrypt_set1_pkey
|
||||
|
||||
An attack is simple, if the first CMS_recipientInfo is valid but the
|
||||
second CMS_recipientInfo is chosen ciphertext. If the second
|
||||
recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
|
||||
encryption key will be replaced by garbage, and the message cannot be
|
||||
decoded, but if the RSA decryption fails, the correct encryption key is
|
||||
used and the recipient will not notice the attack.
|
||||
|
||||
As a work around for this potential attack the length of the decrypted
|
||||
key must be equal to the cipher default key length, in case the
|
||||
certifiate is not given and all recipientInfo are tried out.
|
||||
|
||||
The old behaviour can be re-enabled in the CMS code by setting the
|
||||
CMS_DEBUG_DECRYPT flag.
|
||||
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/9777)
|
||||
|
||||
(cherry picked from commit 5840ed0cd1e6487d247efbc1a04136a41d7b3a37)
|
||||
---
|
||||
crypto/cms/cms_env.c | 18 +++++++++++++++++-
|
||||
crypto/cms/cms_lcl.h | 2 ++
|
||||
crypto/cms/cms_smime.c | 4 ++++
|
||||
crypto/pkcs7/pk7_doit.c | 12 ++++++++----
|
||||
5 files changed, 45 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
|
||||
index bb95af75e3..25df1c40b1 100644
|
||||
--- a/crypto/cms/cms_env.c
|
||||
+++ b/crypto/cms/cms_env.c
|
||||
@@ -363,6 +363,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
|
||||
unsigned char *ek = NULL;
|
||||
size_t eklen;
|
||||
int ret = 0;
|
||||
+ size_t fixlen = 0;
|
||||
CMS_EncryptedContentInfo *ec;
|
||||
ec = cms->d.envelopedData->encryptedContentInfo;
|
||||
|
||||
@@ -371,6 +372,19 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ if (cms->d.envelopedData->encryptedContentInfo->havenocert
|
||||
+ && !cms->d.envelopedData->encryptedContentInfo->debug) {
|
||||
+ X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
|
||||
+ const EVP_CIPHER *ciph = EVP_get_cipherbyobj(calg->algorithm);
|
||||
+
|
||||
+ if (ciph == NULL) {
|
||||
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_UNKNOWN_CIPHER);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ fixlen = EVP_CIPHER_key_length(ciph);
|
||||
+ }
|
||||
+
|
||||
ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL);
|
||||
if (ktri->pctx == NULL)
|
||||
return 0;
|
||||
@@ -401,7 +415,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
|
||||
|
||||
if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen,
|
||||
ktri->encryptedKey->data,
|
||||
- ktri->encryptedKey->length) <= 0) {
|
||||
+ ktri->encryptedKey->length) <= 0
|
||||
+ || eklen == 0
|
||||
+ || (fixlen != 0 && eklen != fixlen)) {
|
||||
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
|
||||
goto err;
|
||||
}
|
||||
diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h
|
||||
index b5c06b7f6c..8eddb02493 100644
|
||||
--- a/crypto/cms/cms_lcl.h
|
||||
+++ b/crypto/cms/cms_lcl.h
|
||||
@@ -125,6 +125,8 @@ struct CMS_EncryptedContentInfo_st {
|
||||
size_t keylen;
|
||||
/* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
|
||||
int debug;
|
||||
+ /* Set to 1 if we have no cert and need extra safety measures for MMA */
|
||||
+ int havenocert;
|
||||
};
|
||||
|
||||
struct CMS_RecipientInfo_st {
|
||||
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
|
||||
index 5dcf803f4b..3a26108b8c 100644
|
||||
--- a/crypto/cms/cms_smime.c
|
||||
+++ b/crypto/cms/cms_smime.c
|
||||
@@ -743,6 +743,10 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
|
||||
cms->d.envelopedData->encryptedContentInfo->debug = 1;
|
||||
else
|
||||
cms->d.envelopedData->encryptedContentInfo->debug = 0;
|
||||
+ if (!cert)
|
||||
+ cms->d.envelopedData->encryptedContentInfo->havenocert = 1;
|
||||
+ else
|
||||
+ cms->d.envelopedData->encryptedContentInfo->havenocert = 0;
|
||||
if (!pk && !cert && !dcont && !out)
|
||||
return 1;
|
||||
if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
|
||||
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
|
||||
index ee08e602a1..15a6160cfe 100644
|
||||
--- a/crypto/pkcs7/pk7_doit.c
|
||||
+++ b/crypto/pkcs7/pk7_doit.c
|
||||
@@ -137,7 +137,8 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
|
||||
}
|
||||
|
||||
static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
|
||||
- PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey)
|
||||
+ PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey,
|
||||
+ size_t fixlen)
|
||||
{
|
||||
EVP_PKEY_CTX *pctx = NULL;
|
||||
unsigned char *ek = NULL;
|
||||
@@ -170,7 +171,9 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
|
||||
}
|
||||
|
||||
if (EVP_PKEY_decrypt(pctx, ek, &eklen,
|
||||
- ri->enc_key->data, ri->enc_key->length) <= 0) {
|
||||
+ ri->enc_key->data, ri->enc_key->length) <= 0
|
||||
+ || eklen == 0
|
||||
+ || (fixlen != 0 && eklen != fixlen)) {
|
||||
ret = 0;
|
||||
PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
@@ -499,13 +502,14 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
|
||||
ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
|
||||
|
||||
- if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
|
||||
+ if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey,
|
||||
+ EVP_CIPHER_key_length(evp_cipher)) < 0)
|
||||
goto err;
|
||||
ERR_clear_error();
|
||||
}
|
||||
} else {
|
||||
/* Only exit on fatal errors, not decrypt failure */
|
||||
- if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
|
||||
+ if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, 0) < 0)
|
||||
goto err;
|
||||
ERR_clear_error();
|
||||
}
|
||||
--
|
||||
2.20.1
|
||||
|
@ -1,17 +1,40 @@
|
||||
diff -up openssl-1.1.1c/crypto/evp/pkey_kdf.c.edk2-build openssl-1.1.1c/crypto/evp/pkey_kdf.c
|
||||
--- openssl-1.1.1c/crypto/evp/pkey_kdf.c.edk2-build 2019-11-14 16:25:09.437914854 +0100
|
||||
+++ openssl-1.1.1c/crypto/evp/pkey_kdf.c 2019-11-15 14:52:40.216905772 +0100
|
||||
diff -up openssl-1.1.1g/crypto/evp/pkey_kdf.c.edk2-build openssl-1.1.1g/crypto/evp/pkey_kdf.c
|
||||
--- openssl-1.1.1g/crypto/evp/pkey_kdf.c.edk2-build 2020-05-18 12:55:53.299548432 +0200
|
||||
+++ openssl-1.1.1g/crypto/evp/pkey_kdf.c 2020-05-18 12:55:53.340548788 +0200
|
||||
@@ -12,6 +12,7 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/kdf.h>
|
||||
+#include "internal/numbers.h"
|
||||
#include "internal/evp_int.h"
|
||||
#include "crypto/evp.h"
|
||||
|
||||
static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
|
||||
diff -up openssl-1.1.1c/crypto/include/internal/fips_int.h.edk2-build openssl-1.1.1c/crypto/include/internal/fips_int.h
|
||||
--- openssl-1.1.1c/crypto/include/internal/fips_int.h.edk2-build 2019-11-14 16:25:09.430914981 +0100
|
||||
+++ openssl-1.1.1c/crypto/include/internal/fips_int.h 2019-11-15 14:48:02.489936610 +0100
|
||||
diff -up openssl-1.1.1g/crypto/kdf/hkdf.c.edk2-build openssl-1.1.1g/crypto/kdf/hkdf.c
|
||||
--- openssl-1.1.1g/crypto/kdf/hkdf.c.edk2-build 2020-05-18 12:55:53.340548788 +0200
|
||||
+++ openssl-1.1.1g/crypto/kdf/hkdf.c 2020-05-18 12:57:18.648288904 +0200
|
||||
@@ -13,6 +13,7 @@
|
||||
#include <openssl/hmac.h>
|
||||
#include <openssl/kdf.h>
|
||||
#include <openssl/evp.h>
|
||||
+#include "internal/numbers.h"
|
||||
#include "internal/cryptlib.h"
|
||||
#include "crypto/evp.h"
|
||||
#include "kdf_local.h"
|
||||
diff -up openssl-1.1.1g/crypto/rand/rand_unix.c.edk2-build openssl-1.1.1g/crypto/rand/rand_unix.c
|
||||
--- openssl-1.1.1g/crypto/rand/rand_unix.c.edk2-build 2020-05-18 12:56:05.646655554 +0200
|
||||
+++ openssl-1.1.1g/crypto/rand/rand_unix.c 2020-05-18 12:58:51.088090896 +0200
|
||||
@@ -20,7 +20,7 @@
|
||||
#include "crypto/fips.h"
|
||||
#include <stdio.h>
|
||||
#include "internal/dso.h"
|
||||
-#ifdef __linux
|
||||
+#if defined(__linux) && !defined(OPENSSL_SYS_UEFI)
|
||||
# include <sys/syscall.h>
|
||||
# include <sys/random.h>
|
||||
# ifdef DEVRANDOM_WAIT
|
||||
diff -up openssl-1.1.1g/include/crypto/fips.h.edk2-build openssl-1.1.1g/include/crypto/fips.h
|
||||
--- openssl-1.1.1g/include/crypto/fips.h.edk2-build 2020-05-18 12:55:53.296548406 +0200
|
||||
+++ openssl-1.1.1g/include/crypto/fips.h 2020-05-18 12:55:53.340548788 +0200
|
||||
@@ -50,10 +50,6 @@
|
||||
#include <openssl/opensslconf.h>
|
||||
#include <openssl/evp.h>
|
||||
@ -32,37 +55,3 @@ diff -up openssl-1.1.1c/crypto/include/internal/fips_int.h.edk2-build openssl-1.
|
||||
+# define fips_in_post() 0
|
||||
+
|
||||
#endif
|
||||
diff -up openssl-1.1.1c/crypto/kdf/hkdf.c.edk2-build openssl-1.1.1c/crypto/kdf/hkdf.c
|
||||
--- openssl-1.1.1c/crypto/kdf/hkdf.c.edk2-build 2019-11-14 16:25:09.438914836 +0100
|
||||
+++ openssl-1.1.1c/crypto/kdf/hkdf.c 2019-11-15 14:48:53.360015134 +0100
|
||||
@@ -13,6 +13,7 @@
|
||||
#include <openssl/hmac.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/kdf.h>
|
||||
+#include "internal/numbers.h"
|
||||
#include "internal/cryptlib.h"
|
||||
#include "internal/evp_int.h"
|
||||
#include "kdf_local.h"
|
||||
diff -up openssl-1.1.1c/crypto/kdf/sshkdf.c.edk2-build openssl-1.1.1c/crypto/kdf/sshkdf.c
|
||||
--- openssl-1.1.1c/crypto/kdf/sshkdf.c.edk2-build 2019-11-14 16:25:09.452914583 +0100
|
||||
+++ openssl-1.1.1c/crypto/kdf/sshkdf.c 2019-11-15 14:53:14.769279878 +0100
|
||||
@@ -12,6 +12,7 @@
|
||||
#include <string.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/kdf.h>
|
||||
+#include "internal/numbers.h"
|
||||
#include "internal/cryptlib.h"
|
||||
#include "internal/evp_int.h"
|
||||
#include "kdf_local.h"
|
||||
diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.edk2-build openssl-1.1.1c/crypto/rand/rand_unix.c
|
||||
--- openssl-1.1.1c/crypto/rand/rand_unix.c.edk2-build 2019-11-14 16:25:09.430914981 +0100
|
||||
+++ openssl-1.1.1c/crypto/rand/rand_unix.c 2019-11-15 14:51:41.634966941 +0100
|
||||
@@ -19,7 +19,7 @@
|
||||
#include "internal/fips_int.h"
|
||||
#include <stdio.h>
|
||||
#include "internal/dso.h"
|
||||
-#if defined(__linux)
|
||||
+#if defined(__linux) && !defined(OPENSSL_SYS_UEFI)
|
||||
# include <sys/syscall.h>
|
||||
# include <sys/random.h>
|
||||
#endif
|
||||
|
@ -1,7 +1,7 @@
|
||||
diff -up openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf openssl-1.1.1b/crypto/err/openssl.txt
|
||||
--- openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/err/openssl.txt 2019-02-28 13:05:05.651521474 +0100
|
||||
@@ -743,6 +743,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn
|
||||
diff -up openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf openssl-1.1.1e/crypto/err/openssl.txt
|
||||
--- openssl-1.1.1e/crypto/err/openssl.txt.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/err/openssl.txt 2020-03-19 16:04:11.299063517 +0100
|
||||
@@ -747,6 +747,9 @@ EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestIn
|
||||
EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate
|
||||
EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex
|
||||
EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate
|
||||
@ -11,7 +11,7 @@ diff -up openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf openssl-1.1.1b/crypto/err
|
||||
EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex
|
||||
EVP_F_EVP_MD_SIZE:162:EVP_MD_size
|
||||
EVP_F_EVP_OPENINIT:102:EVP_OpenInit
|
||||
@@ -805,11 +808,30 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k
|
||||
@@ -809,12 +812,31 @@ EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_k
|
||||
EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen
|
||||
EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen
|
||||
EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen
|
||||
@ -19,6 +19,7 @@ diff -up openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf openssl-1.1.1b/crypto/err
|
||||
EVP_F_PKEY_SET_TYPE:158:pkey_set_type
|
||||
EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth
|
||||
EVP_F_RC5_CTRL:125:rc5_ctrl
|
||||
EVP_F_R_32_12_16_INIT_KEY:242:r_32_12_16_init_key
|
||||
EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_gcm_ctrl
|
||||
+EVP_F_SCRYPT_ALG:228:scrypt_alg
|
||||
EVP_F_UPDATE:173:update
|
||||
@ -42,7 +43,7 @@ diff -up openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf openssl-1.1.1b/crypto/err
|
||||
KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str
|
||||
KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive
|
||||
KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init
|
||||
@@ -821,6 +843,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc
|
||||
@@ -826,6 +848,7 @@ KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_sc
|
||||
KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str
|
||||
KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive
|
||||
KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init
|
||||
@ -50,7 +51,7 @@ diff -up openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf openssl-1.1.1b/crypto/err
|
||||
KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg
|
||||
OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
|
||||
OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid
|
||||
@@ -2264,6 +2287,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on
|
||||
@@ -2277,6 +2300,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only on
|
||||
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
|
||||
operation not supported for this keytype
|
||||
EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
|
||||
@ -58,7 +59,7 @@ diff -up openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf openssl-1.1.1b/crypto/err
|
||||
EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
|
||||
EVP_R_PBKDF2_ERROR:181:pbkdf2 error
|
||||
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
|
||||
@@ -2299,6 +2323,7 @@ KDF_R_MISSING_SEED:106:missing seed
|
||||
@@ -2313,6 +2337,7 @@ KDF_R_MISSING_SEED:106:missing seed
|
||||
KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
|
||||
KDF_R_VALUE_ERROR:108:value error
|
||||
KDF_R_VALUE_MISSING:102:value missing
|
||||
@ -66,9 +67,9 @@ diff -up openssl-1.1.1b/crypto/err/openssl.txt.evp-kdf openssl-1.1.1b/crypto/err
|
||||
OBJ_R_OID_EXISTS:102:oid exists
|
||||
OBJ_R_UNKNOWN_NID:101:unknown nid
|
||||
OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error
|
||||
diff -up openssl-1.1.1b/crypto/evp/build.info.evp-kdf openssl-1.1.1b/crypto/evp/build.info
|
||||
--- openssl-1.1.1b/crypto/evp/build.info.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/evp/build.info 2019-02-28 13:05:05.651521474 +0100
|
||||
diff -up openssl-1.1.1e/crypto/evp/build.info.evp-kdf openssl-1.1.1e/crypto/evp/build.info
|
||||
--- openssl-1.1.1e/crypto/evp/build.info.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/build.info 2020-03-19 16:04:11.300063500 +0100
|
||||
@@ -9,7 +9,8 @@ SOURCE[../../libcrypto]=\
|
||||
p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
|
||||
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
|
||||
@ -79,44 +80,37 @@ diff -up openssl-1.1.1b/crypto/evp/build.info.evp-kdf openssl-1.1.1b/crypto/evp/
|
||||
e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
|
||||
e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \
|
||||
e_chacha20_poly1305.c cmeth_lib.c
|
||||
diff -up openssl-1.1.1b/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1b/crypto/evp/e_chacha20_poly1305.c
|
||||
--- openssl-1.1.1b/crypto/evp/e_chacha20_poly1305.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/evp/e_chacha20_poly1305.c 2019-02-28 13:05:05.651521474 +0100
|
||||
@@ -14,8 +14,8 @@
|
||||
diff -up openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c
|
||||
--- openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c.evp-kdf 2020-03-19 16:04:11.300063500 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/e_chacha20_poly1305.c 2020-03-19 16:16:46.497967633 +0100
|
||||
@@ -14,9 +14,9 @@
|
||||
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/objects.h>
|
||||
-# include "evp_locl.h"
|
||||
# include "internal/evp_int.h"
|
||||
+# include "evp_locl.h"
|
||||
# include "internal/chacha.h"
|
||||
-# include "evp_local.h"
|
||||
# include "crypto/evp.h"
|
||||
# include "crypto/chacha.h"
|
||||
+# include "evp_local.h"
|
||||
|
||||
typedef struct {
|
||||
diff -up openssl-1.1.1b/crypto/evp/encode.c.evp-kdf openssl-1.1.1b/crypto/evp/encode.c
|
||||
--- openssl-1.1.1b/crypto/evp/encode.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/evp/encode.c 2019-02-28 13:05:05.651521474 +0100
|
||||
union {
|
||||
diff -up openssl-1.1.1e/crypto/evp/encode.c.evp-kdf openssl-1.1.1e/crypto/evp/encode.c
|
||||
--- openssl-1.1.1e/crypto/evp/encode.c.evp-kdf 2020-03-19 16:04:11.301063483 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/encode.c 2020-03-19 16:14:13.147628683 +0100
|
||||
@@ -11,8 +11,8 @@
|
||||
#include <limits.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/evp.h>
|
||||
-#include "evp_locl.h"
|
||||
#include "internal/evp_int.h"
|
||||
+#include "evp_locl.h"
|
||||
-#include "evp_local.h"
|
||||
#include "crypto/evp.h"
|
||||
+#include "evp_local.h"
|
||||
|
||||
static unsigned char conv_ascii2bin(unsigned char a,
|
||||
const unsigned char *table);
|
||||
diff -up openssl-1.1.1b/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1b/crypto/evp/evp_err.c
|
||||
--- openssl-1.1.1b/crypto/evp/evp_err.c.evp-kdf 2019-02-28 13:05:05.617522103 +0100
|
||||
+++ openssl-1.1.1b/crypto/evp/evp_err.c 2019-02-28 13:05:05.651521474 +0100
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -56,6 +56,9 @@ static const ERR_STRING_DATA EVP_str_fun
|
||||
diff -up openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1e/crypto/evp/evp_err.c
|
||||
--- openssl-1.1.1e/crypto/evp/evp_err.c.evp-kdf 2020-03-19 16:04:11.218064919 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/evp_err.c 2020-03-19 16:04:11.302063465 +0100
|
||||
@@ -60,6 +60,9 @@ static const ERR_STRING_DATA EVP_str_fun
|
||||
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),
|
||||
"EVP_EncryptFinal_ex"},
|
||||
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTUPDATE, 0), "EVP_EncryptUpdate"},
|
||||
@ -126,7 +120,7 @@ diff -up openssl-1.1.1b/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1b/crypto/evp/e
|
||||
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_CTX_COPY_EX, 0), "EVP_MD_CTX_copy_ex"},
|
||||
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_SIZE, 0), "EVP_MD_size"},
|
||||
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_OPENINIT, 0), "EVP_OpenInit"},
|
||||
@@ -147,10 +150,12 @@ static const ERR_STRING_DATA EVP_str_fun
|
||||
@@ -151,12 +154,14 @@ static const ERR_STRING_DATA EVP_str_fun
|
||||
"PKCS5_v2_PBKDF2_keyivgen"},
|
||||
{ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, 0),
|
||||
"PKCS5_v2_scrypt_keyivgen"},
|
||||
@ -134,12 +128,14 @@ diff -up openssl-1.1.1b/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1b/crypto/evp/e
|
||||
{ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"},
|
||||
{ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"},
|
||||
{ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"},
|
||||
{ERR_PACK(ERR_LIB_EVP, EVP_F_R_32_12_16_INIT_KEY, 0),
|
||||
"r_32_12_16_init_key"},
|
||||
{ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"},
|
||||
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_SCRYPT_ALG, 0), "scrypt_alg"},
|
||||
{ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"},
|
||||
{0, NULL}
|
||||
};
|
||||
@@ -233,6 +238,8 @@ static const ERR_STRING_DATA EVP_str_rea
|
||||
@@ -241,6 +246,8 @@ static const ERR_STRING_DATA EVP_str_rea
|
||||
"operation not supported for this keytype"},
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
|
||||
"operaton not initialized"},
|
||||
@ -148,9 +144,9 @@ diff -up openssl-1.1.1b/crypto/evp/evp_err.c.evp-kdf openssl-1.1.1b/crypto/evp/e
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
|
||||
"partially overlapping buffers"},
|
||||
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
|
||||
diff -up openssl-1.1.1b/crypto/evp/evp_locl.h.evp-kdf openssl-1.1.1b/crypto/evp/evp_locl.h
|
||||
--- openssl-1.1.1b/crypto/evp/evp_locl.h.evp-kdf 2019-02-28 13:05:05.253528831 +0100
|
||||
+++ openssl-1.1.1b/crypto/evp/evp_locl.h 2019-02-28 13:05:05.652521456 +0100
|
||||
diff -up openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf openssl-1.1.1e/crypto/evp/evp_local.h
|
||||
--- openssl-1.1.1e/crypto/evp/evp_local.h.evp-kdf 2020-03-19 16:04:10.657074629 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/evp_local.h 2020-03-19 16:04:20.722900404 +0100
|
||||
@@ -41,6 +41,11 @@ struct evp_cipher_ctx_st {
|
||||
unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
|
||||
} /* EVP_CIPHER_CTX */ ;
|
||||
@ -163,20 +159,20 @@ diff -up openssl-1.1.1b/crypto/evp/evp_locl.h.evp-kdf openssl-1.1.1b/crypto/evp/
|
||||
int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
|
||||
int passlen, ASN1_TYPE *param,
|
||||
const EVP_CIPHER *c, const EVP_MD *md,
|
||||
diff -up openssl-1.1.1b/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1b/crypto/evp/evp_pbe.c
|
||||
--- openssl-1.1.1b/crypto/evp/evp_pbe.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/evp/evp_pbe.c 2019-02-28 13:05:05.652521456 +0100
|
||||
diff -up openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf openssl-1.1.1e/crypto/evp/evp_pbe.c
|
||||
--- openssl-1.1.1e/crypto/evp/evp_pbe.c.evp-kdf 2020-03-19 16:04:20.723900386 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/evp_pbe.c 2020-03-19 16:11:56.425001210 +0100
|
||||
@@ -12,6 +12,7 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pkcs12.h>
|
||||
#include <openssl/x509.h>
|
||||
+#include "internal/evp_int.h"
|
||||
#include "evp_locl.h"
|
||||
+#include "crypto/evp.h"
|
||||
#include "evp_local.h"
|
||||
|
||||
/* Password based encryption (PBE) functions */
|
||||
diff -up openssl-1.1.1b/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1b/crypto/evp/kdf_lib.c
|
||||
--- openssl-1.1.1b/crypto/evp/kdf_lib.c.evp-kdf 2019-02-28 13:05:05.652521456 +0100
|
||||
+++ openssl-1.1.1b/crypto/evp/kdf_lib.c 2019-02-28 13:05:05.652521456 +0100
|
||||
diff -up openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1e/crypto/evp/kdf_lib.c
|
||||
--- openssl-1.1.1e/crypto/evp/kdf_lib.c.evp-kdf 2020-03-19 16:04:20.723900386 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/kdf_lib.c 2020-03-19 16:04:20.723900386 +0100
|
||||
@@ -0,0 +1,165 @@
|
||||
+/*
|
||||
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -195,10 +191,10 @@ diff -up openssl-1.1.1b/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1b/crypto/evp/k
|
||||
+#include <openssl/evp.h>
|
||||
+#include <openssl/x509v3.h>
|
||||
+#include <openssl/kdf.h>
|
||||
+#include "internal/asn1_int.h"
|
||||
+#include "internal/evp_int.h"
|
||||
+#include "crypto/asn1.h"
|
||||
+#include "crypto/evp.h"
|
||||
+#include "internal/numbers.h"
|
||||
+#include "evp_locl.h"
|
||||
+#include "evp_local.h"
|
||||
+
|
||||
+typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
|
||||
+
|
||||
@ -343,9 +339,9 @@ diff -up openssl-1.1.1b/crypto/evp/kdf_lib.c.evp-kdf openssl-1.1.1b/crypto/evp/k
|
||||
+ return ctx->kmeth->derive(ctx->impl, key, keylen);
|
||||
+}
|
||||
+
|
||||
diff -up openssl-1.1.1b/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1b/crypto/evp/p5_crpt2.c
|
||||
--- openssl-1.1.1b/crypto/evp/p5_crpt2.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/evp/p5_crpt2.c 2019-02-28 13:05:05.652521456 +0100
|
||||
diff -up openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1e/crypto/evp/p5_crpt2.c
|
||||
--- openssl-1.1.1e/crypto/evp/p5_crpt2.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/p5_crpt2.c 2020-03-19 16:17:48.822886126 +0100
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -360,13 +356,13 @@ diff -up openssl-1.1.1b/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1b/crypto/evp/
|
||||
-# include <openssl/x509.h>
|
||||
-# include <openssl/evp.h>
|
||||
-# include <openssl/hmac.h>
|
||||
-# include "evp_locl.h"
|
||||
-# include "evp_local.h"
|
||||
+#include <openssl/x509.h>
|
||||
+#include <openssl/evp.h>
|
||||
+#include <openssl/kdf.h>
|
||||
+#include <openssl/hmac.h>
|
||||
+#include "internal/evp_int.h"
|
||||
+#include "evp_locl.h"
|
||||
+#include "crypto/evp.h"
|
||||
+#include "evp_local.h"
|
||||
|
||||
/* set this to print out info about the keygen algorithm */
|
||||
/* #define OPENSSL_DEBUG_PKCS5V2 */
|
||||
@ -494,9 +490,9 @@ diff -up openssl-1.1.1b/crypto/evp/p5_crpt2.c.evp-kdf openssl-1.1.1b/crypto/evp/
|
||||
}
|
||||
|
||||
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
|
||||
diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/evp/pbe_scrypt.c
|
||||
--- openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/evp/pbe_scrypt.c 2019-02-28 13:33:18.446264056 +0100
|
||||
diff -up openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1e/crypto/evp/pbe_scrypt.c
|
||||
--- openssl-1.1.1e/crypto/evp/pbe_scrypt.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/pbe_scrypt.c 2020-03-19 16:04:20.725900352 +0100
|
||||
@@ -7,135 +7,12 @@
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
@ -682,9 +678,11 @@ diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/ev
|
||||
- */
|
||||
- if (Blen > INT_MAX) {
|
||||
- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
|
||||
- return 0;
|
||||
- }
|
||||
-
|
||||
+ if (r > UINT32_MAX || p > UINT32_MAX) {
|
||||
+ EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
- /*
|
||||
- * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in uint64_t
|
||||
- * This is combined size V, X and T (section 4)
|
||||
@ -692,21 +690,18 @@ diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/ev
|
||||
- i = UINT64_MAX / (32 * sizeof(uint32_t));
|
||||
- if (N + 2 > i / r) {
|
||||
- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
|
||||
+ if (r > UINT32_MAX || p > UINT32_MAX) {
|
||||
+ EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE);
|
||||
return 0;
|
||||
}
|
||||
- Vlen = 32 * r * (N + 2) * sizeof(uint32_t);
|
||||
|
||||
- /* check total allocated size fits in uint64_t */
|
||||
- if (Blen > UINT64_MAX - Vlen) {
|
||||
- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
|
||||
- return 0;
|
||||
+ /* Maintain existing behaviour. */
|
||||
+ if (pass == NULL) {
|
||||
+ pass = empty;
|
||||
+ passlen = 0;
|
||||
+ }
|
||||
}
|
||||
- Vlen = 32 * r * (N + 2) * sizeof(uint32_t);
|
||||
-
|
||||
- /* check total allocated size fits in uint64_t */
|
||||
- if (Blen > UINT64_MAX - Vlen) {
|
||||
- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
|
||||
- return 0;
|
||||
+ if (salt == NULL) {
|
||||
+ salt = (const unsigned char *)empty;
|
||||
+ saltlen = 0;
|
||||
@ -768,9 +763,9 @@ diff -up openssl-1.1.1b/crypto/evp/pbe_scrypt.c.evp-kdf openssl-1.1.1b/crypto/ev
|
||||
}
|
||||
+
|
||||
#endif
|
||||
diff -up openssl-1.1.1b/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1b/crypto/evp/pkey_kdf.c
|
||||
--- openssl-1.1.1b/crypto/evp/pkey_kdf.c.evp-kdf 2019-02-28 13:05:05.653521437 +0100
|
||||
+++ openssl-1.1.1b/crypto/evp/pkey_kdf.c 2019-02-28 13:05:05.653521437 +0100
|
||||
diff -up openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1e/crypto/evp/pkey_kdf.c
|
||||
--- openssl-1.1.1e/crypto/evp/pkey_kdf.c.evp-kdf 2020-03-19 16:04:20.726900334 +0100
|
||||
+++ openssl-1.1.1e/crypto/evp/pkey_kdf.c 2020-03-19 16:04:20.725900352 +0100
|
||||
@@ -0,0 +1,255 @@
|
||||
+/*
|
||||
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -786,7 +781,7 @@ diff -up openssl-1.1.1b/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1b/crypto/evp/
|
||||
+#include <openssl/evp.h>
|
||||
+#include <openssl/err.h>
|
||||
+#include <openssl/kdf.h>
|
||||
+#include "internal/evp_int.h"
|
||||
+#include "crypto/evp.h"
|
||||
+
|
||||
+static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
|
||||
+{
|
||||
@ -1027,45 +1022,17 @@ diff -up openssl-1.1.1b/crypto/evp/pkey_kdf.c.evp-kdf openssl-1.1.1b/crypto/evp/
|
||||
+ pkey_kdf_ctrl_str
|
||||
+};
|
||||
+
|
||||
diff -up openssl-1.1.1b/crypto/include/internal/evp_int.h.evp-kdf openssl-1.1.1b/crypto/include/internal/evp_int.h
|
||||
--- openssl-1.1.1b/crypto/include/internal/evp_int.h.evp-kdf 2019-02-28 13:05:05.304527888 +0100
|
||||
+++ openssl-1.1.1b/crypto/include/internal/evp_int.h 2019-02-28 13:05:05.653521437 +0100
|
||||
@@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m
|
||||
extern const EVP_PKEY_METHOD poly1305_pkey_meth;
|
||||
extern const EVP_PKEY_METHOD siphash_pkey_meth;
|
||||
|
||||
+/* struct evp_kdf_impl_st is defined by the implementation */
|
||||
+typedef struct evp_kdf_impl_st EVP_KDF_IMPL;
|
||||
+typedef struct {
|
||||
+ int type;
|
||||
+ EVP_KDF_IMPL *(*new) (void);
|
||||
+ void (*free) (EVP_KDF_IMPL *impl);
|
||||
+ void (*reset) (EVP_KDF_IMPL *impl);
|
||||
+ int (*ctrl) (EVP_KDF_IMPL *impl, int cmd, va_list args);
|
||||
+ int (*ctrl_str) (EVP_KDF_IMPL *impl, const char *type, const char *value);
|
||||
+ size_t (*size) (EVP_KDF_IMPL *impl);
|
||||
+ int (*derive) (EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen);
|
||||
+} EVP_KDF_METHOD;
|
||||
+
|
||||
+extern const EVP_KDF_METHOD pbkdf2_kdf_meth;
|
||||
+extern const EVP_KDF_METHOD scrypt_kdf_meth;
|
||||
+extern const EVP_KDF_METHOD tls1_prf_kdf_meth;
|
||||
+extern const EVP_KDF_METHOD hkdf_kdf_meth;
|
||||
+
|
||||
struct evp_md_st {
|
||||
int type;
|
||||
int pkey_type;
|
||||
diff -up openssl-1.1.1b/crypto/kdf/build.info.evp-kdf openssl-1.1.1b/crypto/kdf/build.info
|
||||
--- openssl-1.1.1b/crypto/kdf/build.info.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/kdf/build.info 2019-02-28 13:05:05.653521437 +0100
|
||||
diff -up openssl-1.1.1e/crypto/kdf/build.info.evp-kdf openssl-1.1.1e/crypto/kdf/build.info
|
||||
--- openssl-1.1.1e/crypto/kdf/build.info.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/build.info 2020-03-19 16:04:32.347699194 +0100
|
||||
@@ -1,3 +1,3 @@
|
||||
LIBS=../../libcrypto
|
||||
SOURCE[../../libcrypto]=\
|
||||
- tls1_prf.c kdf_err.c hkdf.c scrypt.c
|
||||
+ tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c
|
||||
diff -up openssl-1.1.1b/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1b/crypto/kdf/hkdf.c
|
||||
--- openssl-1.1.1b/crypto/kdf/hkdf.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/kdf/hkdf.c 2019-02-28 13:05:05.653521437 +0100
|
||||
diff -up openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1e/crypto/kdf/hkdf.c
|
||||
--- openssl-1.1.1e/crypto/kdf/hkdf.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/hkdf.c 2020-03-19 16:06:59.757147720 +0100
|
||||
@@ -8,32 +8,33 @@
|
||||
*/
|
||||
|
||||
@ -1073,11 +1040,10 @@ diff -up openssl-1.1.1b/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1b/crypto/kdf/hkdf
|
||||
+#include <stdarg.h>
|
||||
#include <string.h>
|
||||
#include <openssl/hmac.h>
|
||||
-#include <openssl/kdf.h>
|
||||
#include <openssl/kdf.h>
|
||||
#include <openssl/evp.h>
|
||||
+#include <openssl/kdf.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include "internal/evp_int.h"
|
||||
#include "crypto/evp.h"
|
||||
+#include "kdf_local.h"
|
||||
|
||||
#define HKDF_MAXBUF 1024
|
||||
@ -1198,18 +1164,18 @@ diff -up openssl-1.1.1b/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1b/crypto/kdf/hkdf
|
||||
return 1;
|
||||
|
||||
- if (p1 < 0)
|
||||
- return 0;
|
||||
-
|
||||
- if (kctx->salt != NULL)
|
||||
- OPENSSL_clear_free(kctx->salt, kctx->salt_len);
|
||||
-
|
||||
- kctx->salt = OPENSSL_memdup(p2, p1);
|
||||
- if (kctx->salt == NULL)
|
||||
+ OPENSSL_free(impl->salt);
|
||||
+ impl->salt = OPENSSL_memdup(p, len);
|
||||
+ if (impl->salt == NULL)
|
||||
return 0;
|
||||
|
||||
- if (kctx->salt != NULL)
|
||||
- OPENSSL_clear_free(kctx->salt, kctx->salt_len);
|
||||
-
|
||||
- kctx->salt = OPENSSL_memdup(p2, p1);
|
||||
- if (kctx->salt == NULL)
|
||||
- return 0;
|
||||
-
|
||||
- kctx->salt_len = p1;
|
||||
+ impl->salt_len = len;
|
||||
return 1;
|
||||
@ -1327,14 +1293,14 @@ diff -up openssl-1.1.1b/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1b/crypto/kdf/hkdf
|
||||
+static size_t kdf_hkdf_size(EVP_KDF_IMPL *impl)
|
||||
{
|
||||
- HKDF_PKEY_CTX *kctx = ctx->data;
|
||||
-
|
||||
+ if (impl->mode != EVP_KDF_HKDF_MODE_EXTRACT_ONLY)
|
||||
+ return SIZE_MAX;
|
||||
|
||||
- OPENSSL_clear_free(kctx->key, kctx->key_len);
|
||||
- OPENSSL_clear_free(kctx->salt, kctx->salt_len);
|
||||
- OPENSSL_cleanse(kctx->info, kctx->info_len);
|
||||
- memset(kctx, 0, sizeof(*kctx));
|
||||
+ if (impl->mode != EVP_KDF_HKDF_MODE_EXTRACT_ONLY)
|
||||
+ return SIZE_MAX;
|
||||
|
||||
-
|
||||
- return 1;
|
||||
+ if (impl->md == NULL) {
|
||||
+ KDFerr(KDF_F_KDF_HKDF_SIZE, KDF_R_MISSING_MESSAGE_DIGEST);
|
||||
@ -1532,9 +1498,9 @@ diff -up openssl-1.1.1b/crypto/kdf/hkdf.c.evp-kdf openssl-1.1.1b/crypto/kdf/hkdf
|
||||
|
||||
err:
|
||||
OPENSSL_cleanse(prev, sizeof(prev));
|
||||
diff -up openssl-1.1.1b/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1b/crypto/kdf/kdf_err.c
|
||||
--- openssl-1.1.1b/crypto/kdf/kdf_err.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/kdf/kdf_err.c 2019-02-28 13:05:05.654521419 +0100
|
||||
diff -up openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_err.c
|
||||
--- openssl-1.1.1e/crypto/kdf/kdf_err.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/kdf_err.c 2020-03-19 16:04:32.349699159 +0100
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
@ -1590,9 +1556,9 @@ diff -up openssl-1.1.1b/crypto/kdf/kdf_err.c.evp-kdf openssl-1.1.1b/crypto/kdf/k
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
diff -up openssl-1.1.1b/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1b/crypto/kdf/kdf_local.h
|
||||
--- openssl-1.1.1b/crypto/kdf/kdf_local.h.evp-kdf 2019-02-28 13:05:05.654521419 +0100
|
||||
+++ openssl-1.1.1b/crypto/kdf/kdf_local.h 2019-02-28 13:05:05.654521419 +0100
|
||||
diff -up openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_local.h
|
||||
--- openssl-1.1.1e/crypto/kdf/kdf_local.h.evp-kdf 2020-03-19 16:04:32.349699159 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/kdf_local.h 2020-03-19 16:04:32.349699159 +0100
|
||||
@@ -0,0 +1,22 @@
|
||||
+/*
|
||||
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -1616,9 +1582,9 @@ diff -up openssl-1.1.1b/crypto/kdf/kdf_local.h.evp-kdf openssl-1.1.1b/crypto/kdf
|
||||
+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
|
||||
+ int cmd, const char *md_name);
|
||||
+
|
||||
diff -up openssl-1.1.1b/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1b/crypto/kdf/kdf_util.c
|
||||
--- openssl-1.1.1b/crypto/kdf/kdf_util.c.evp-kdf 2019-02-28 13:05:05.654521419 +0100
|
||||
+++ openssl-1.1.1b/crypto/kdf/kdf_util.c 2019-02-28 13:05:05.654521419 +0100
|
||||
diff -up openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1e/crypto/kdf/kdf_util.c
|
||||
--- openssl-1.1.1e/crypto/kdf/kdf_util.c.evp-kdf 2020-03-19 16:04:32.350699142 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/kdf_util.c 2020-03-19 16:04:32.350699142 +0100
|
||||
@@ -0,0 +1,73 @@
|
||||
+/*
|
||||
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -1635,7 +1601,7 @@ diff -up openssl-1.1.1b/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1b/crypto/kdf/
|
||||
+#include <openssl/kdf.h>
|
||||
+#include <openssl/evp.h>
|
||||
+#include "internal/cryptlib.h"
|
||||
+#include "internal/evp_int.h"
|
||||
+#include "crypto/evp.h"
|
||||
+#include "internal/numbers.h"
|
||||
+#include "kdf_local.h"
|
||||
+
|
||||
@ -1693,9 +1659,9 @@ diff -up openssl-1.1.1b/crypto/kdf/kdf_util.c.evp-kdf openssl-1.1.1b/crypto/kdf/
|
||||
+ return call_ctrl(ctrl, impl, cmd, md);
|
||||
+}
|
||||
+
|
||||
diff -up openssl-1.1.1b/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1b/crypto/kdf/pbkdf2.c
|
||||
--- openssl-1.1.1b/crypto/kdf/pbkdf2.c.evp-kdf 2019-02-28 13:05:05.654521419 +0100
|
||||
+++ openssl-1.1.1b/crypto/kdf/pbkdf2.c 2019-02-28 13:05:05.654521419 +0100
|
||||
diff -up openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1e/crypto/kdf/pbkdf2.c
|
||||
--- openssl-1.1.1e/crypto/kdf/pbkdf2.c.evp-kdf 2020-03-19 16:04:32.374698727 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/pbkdf2.c 2020-03-19 16:04:32.374698727 +0100
|
||||
@@ -0,0 +1,264 @@
|
||||
+/*
|
||||
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -1713,7 +1679,7 @@ diff -up openssl-1.1.1b/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1b/crypto/kdf/pb
|
||||
+#include <openssl/evp.h>
|
||||
+#include <openssl/kdf.h>
|
||||
+#include "internal/cryptlib.h"
|
||||
+#include "internal/evp_int.h"
|
||||
+#include "crypto/evp.h"
|
||||
+#include "kdf_local.h"
|
||||
+
|
||||
+static void kdf_pbkdf2_reset(EVP_KDF_IMPL *impl);
|
||||
@ -1961,22 +1927,21 @@ diff -up openssl-1.1.1b/crypto/kdf/pbkdf2.c.evp-kdf openssl-1.1.1b/crypto/kdf/pb
|
||||
+ HMAC_CTX_free(hctx_tpl);
|
||||
+ return ret;
|
||||
+}
|
||||
diff -up openssl-1.1.1b/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1b/crypto/kdf/scrypt.c
|
||||
--- openssl-1.1.1b/crypto/kdf/scrypt.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/kdf/scrypt.c 2019-02-28 13:05:05.655521400 +0100
|
||||
@@ -8,25 +8,34 @@
|
||||
diff -up openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1e/crypto/kdf/scrypt.c
|
||||
--- openssl-1.1.1e/crypto/kdf/scrypt.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/scrypt.c 2020-03-19 16:11:06.215872475 +0100
|
||||
@@ -8,25 +8,35 @@
|
||||
*/
|
||||
|
||||
#include <stdlib.h>
|
||||
+#include <stdarg.h>
|
||||
#include <string.h>
|
||||
-#include <openssl/hmac.h>
|
||||
-#include <openssl/kdf.h>
|
||||
#include <openssl/hmac.h>
|
||||
#include <openssl/kdf.h>
|
||||
#include <openssl/evp.h>
|
||||
-#include "internal/cryptlib.h"
|
||||
+#include <openssl/kdf.h>
|
||||
+#include <openssl/err.h>
|
||||
#include "internal/evp_int.h"
|
||||
#include "crypto/evp.h"
|
||||
+#include "internal/numbers.h"
|
||||
+#include "kdf_local.h"
|
||||
|
||||
@ -2005,7 +1970,7 @@ diff -up openssl-1.1.1b/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1b/crypto/kdf/sc
|
||||
|
||||
/* Custom uint64_t parser since we do not have strtoull */
|
||||
static int atou64(const char *nptr, uint64_t *result)
|
||||
@@ -53,51 +62,53 @@ static int atou64(const char *nptr, uint
|
||||
@@ -53,51 +63,53 @@ static int atou64(const char *nptr, uint
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -2090,7 +2055,7 @@ diff -up openssl-1.1.1b/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1b/crypto/kdf/sc
|
||||
|
||||
if (new_buflen > 0) {
|
||||
*buffer = OPENSSL_memdup(new_buffer, new_buflen);
|
||||
@@ -105,7 +116,7 @@ static int pkey_scrypt_set_membuf(unsign
|
||||
@@ -105,7 +117,7 @@ static int pkey_scrypt_set_membuf(unsign
|
||||
*buffer = OPENSSL_malloc(1);
|
||||
}
|
||||
if (*buffer == NULL) {
|
||||
@ -2099,7 +2064,7 @@ diff -up openssl-1.1.1b/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1b/crypto/kdf/sc
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -118,149 +129,378 @@ static int is_power_of_two(uint64_t valu
|
||||
@@ -118,149 +130,378 @@ static int is_power_of_two(uint64_t valu
|
||||
return (value != 0) && ((value & (value - 1)) == 0);
|
||||
}
|
||||
|
||||
@ -2552,9 +2517,9 @@ diff -up openssl-1.1.1b/crypto/kdf/scrypt.c.evp-kdf openssl-1.1.1b/crypto/kdf/sc
|
||||
+}
|
||||
|
||||
#endif
|
||||
diff -up openssl-1.1.1b/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1b/crypto/kdf/tls1_prf.c
|
||||
--- openssl-1.1.1b/crypto/kdf/tls1_prf.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/kdf/tls1_prf.c 2019-02-28 13:05:05.655521400 +0100
|
||||
diff -up openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1e/crypto/kdf/tls1_prf.c
|
||||
--- openssl-1.1.1e/crypto/kdf/tls1_prf.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/kdf/tls1_prf.c 2020-03-19 16:10:32.317460707 +0100
|
||||
@@ -8,11 +8,15 @@
|
||||
*/
|
||||
|
||||
@ -2562,10 +2527,9 @@ diff -up openssl-1.1.1b/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1b/crypto/kdf/
|
||||
+#include <stdarg.h>
|
||||
+#include <string.h>
|
||||
#include "internal/cryptlib.h"
|
||||
-#include <openssl/kdf.h>
|
||||
#include <openssl/kdf.h>
|
||||
#include <openssl/evp.h>
|
||||
+#include <openssl/kdf.h>
|
||||
#include "internal/evp_int.h"
|
||||
#include "crypto/evp.h"
|
||||
+#include "kdf_local.h"
|
||||
|
||||
+static void kdf_tls1_prf_reset(EVP_KDF_IMPL *impl);
|
||||
@ -2665,15 +2629,15 @@ diff -up openssl-1.1.1b/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1b/crypto/kdf/
|
||||
- kctx->seclen = p1;
|
||||
+
|
||||
+ impl->seclen = len;
|
||||
+ return 1;
|
||||
+
|
||||
+ case EVP_KDF_CTRL_RESET_TLS_SEED:
|
||||
+ OPENSSL_cleanse(impl->seed, impl->seedlen);
|
||||
+ impl->seedlen = 0;
|
||||
return 1;
|
||||
|
||||
- case EVP_PKEY_CTRL_TLS_SEED:
|
||||
- if (p1 == 0 || p2 == NULL)
|
||||
+ case EVP_KDF_CTRL_RESET_TLS_SEED:
|
||||
+ OPENSSL_cleanse(impl->seed, impl->seedlen);
|
||||
+ impl->seedlen = 0;
|
||||
+ return 1;
|
||||
+
|
||||
+ case EVP_KDF_CTRL_ADD_TLS_SEED:
|
||||
+ p = va_arg(args, const unsigned char *);
|
||||
+ len = va_arg(args, size_t);
|
||||
@ -2838,9 +2802,9 @@ diff -up openssl-1.1.1b/crypto/kdf/tls1_prf.c.evp-kdf openssl-1.1.1b/crypto/kdf/
|
||||
OPENSSL_clear_free(tmp, olen);
|
||||
return 0;
|
||||
}
|
||||
diff -up openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod
|
||||
--- openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100
|
||||
+++ openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod 2019-02-28 13:05:05.655521400 +0100
|
||||
diff -up openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod
|
||||
--- openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod.evp-kdf 2020-03-19 16:04:32.377698675 +0100
|
||||
+++ openssl-1.1.1e/doc/man3/EVP_KDF_CTX.pod 2020-03-19 16:04:32.377698675 +0100
|
||||
@@ -0,0 +1,217 @@
|
||||
+=pod
|
||||
+
|
||||
@ -3059,9 +3023,9 @@ diff -up openssl-1.1.1b/doc/man3/EVP_KDF_CTX.pod.evp-kdf openssl-1.1.1b/doc/man3
|
||||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
diff -up openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod
|
||||
--- openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100
|
||||
+++ openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod 2019-02-28 13:05:05.656521382 +0100
|
||||
diff -up openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod
|
||||
--- openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod.evp-kdf 2020-03-19 16:04:32.377698675 +0100
|
||||
+++ openssl-1.1.1e/doc/man7/EVP_KDF_HKDF.pod 2020-03-19 16:04:32.377698675 +0100
|
||||
@@ -0,0 +1,180 @@
|
||||
+=pod
|
||||
+
|
||||
@ -3243,9 +3207,9 @@ diff -up openssl-1.1.1b/doc/man7/EVP_KDF_HKDF.pod.evp-kdf openssl-1.1.1b/doc/man
|
||||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
diff -up openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod
|
||||
--- openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100
|
||||
+++ openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod 2019-02-28 13:05:05.656521382 +0100
|
||||
diff -up openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod
|
||||
--- openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf 2020-03-19 16:04:32.378698658 +0100
|
||||
+++ openssl-1.1.1e/doc/man7/EVP_KDF_PBKDF2.pod 2020-03-19 16:04:32.378698658 +0100
|
||||
@@ -0,0 +1,78 @@
|
||||
+=pod
|
||||
+
|
||||
@ -3325,9 +3289,9 @@ diff -up openssl-1.1.1b/doc/man7/EVP_KDF_PBKDF2.pod.evp-kdf openssl-1.1.1b/doc/m
|
||||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
diff -up openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod
|
||||
--- openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100
|
||||
+++ openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod 2019-02-28 13:05:05.656521382 +0100
|
||||
diff -up openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod
|
||||
--- openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf 2020-03-19 16:04:32.378698658 +0100
|
||||
+++ openssl-1.1.1e/doc/man7/EVP_KDF_SCRYPT.pod 2020-03-19 16:04:32.378698658 +0100
|
||||
@@ -0,0 +1,149 @@
|
||||
+=pod
|
||||
+
|
||||
@ -3478,9 +3442,9 @@ diff -up openssl-1.1.1b/doc/man7/EVP_KDF_SCRYPT.pod.evp-kdf openssl-1.1.1b/doc/m
|
||||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
diff -up openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod
|
||||
--- openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf 2019-02-28 13:05:05.656521382 +0100
|
||||
+++ openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod 2019-02-28 13:05:05.656521382 +0100
|
||||
diff -up openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod
|
||||
--- openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf 2020-03-19 16:04:32.378698658 +0100
|
||||
+++ openssl-1.1.1e/doc/man7/EVP_KDF_TLS1_PRF.pod 2020-03-19 16:04:32.378698658 +0100
|
||||
@@ -0,0 +1,142 @@
|
||||
+=pod
|
||||
+
|
||||
@ -3624,18 +3588,38 @@ diff -up openssl-1.1.1b/doc/man7/EVP_KDF_TLS1_PRF.pod.evp-kdf openssl-1.1.1b/doc
|
||||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
diff -up openssl-1.1.1b/include/openssl/evperr.h.evp-kdf openssl-1.1.1b/include/openssl/evperr.h
|
||||
--- openssl-1.1.1b/include/openssl/evperr.h.evp-kdf 2019-02-28 13:05:05.633521807 +0100
|
||||
+++ openssl-1.1.1b/include/openssl/evperr.h 2019-02-28 13:05:05.657521363 +0100
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -51,6 +51,9 @@ int ERR_load_EVP_strings(void);
|
||||
diff -up openssl-1.1.1e/include/crypto/evp.h.evp-kdf openssl-1.1.1e/include/crypto/evp.h
|
||||
--- openssl-1.1.1e/include/crypto/evp.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/include/crypto/evp.h 2020-03-19 16:04:32.347699194 +0100
|
||||
@@ -112,6 +112,24 @@ extern const EVP_PKEY_METHOD hkdf_pkey_m
|
||||
extern const EVP_PKEY_METHOD poly1305_pkey_meth;
|
||||
extern const EVP_PKEY_METHOD siphash_pkey_meth;
|
||||
|
||||
+/* struct evp_kdf_impl_st is defined by the implementation */
|
||||
+typedef struct evp_kdf_impl_st EVP_KDF_IMPL;
|
||||
+typedef struct {
|
||||
+ int type;
|
||||
+ EVP_KDF_IMPL *(*new) (void);
|
||||
+ void (*free) (EVP_KDF_IMPL *impl);
|
||||
+ void (*reset) (EVP_KDF_IMPL *impl);
|
||||
+ int (*ctrl) (EVP_KDF_IMPL *impl, int cmd, va_list args);
|
||||
+ int (*ctrl_str) (EVP_KDF_IMPL *impl, const char *type, const char *value);
|
||||
+ size_t (*size) (EVP_KDF_IMPL *impl);
|
||||
+ int (*derive) (EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen);
|
||||
+} EVP_KDF_METHOD;
|
||||
+
|
||||
+extern const EVP_KDF_METHOD pbkdf2_kdf_meth;
|
||||
+extern const EVP_KDF_METHOD scrypt_kdf_meth;
|
||||
+extern const EVP_KDF_METHOD tls1_prf_kdf_meth;
|
||||
+extern const EVP_KDF_METHOD hkdf_kdf_meth;
|
||||
+
|
||||
struct evp_md_st {
|
||||
int type;
|
||||
int pkey_type;
|
||||
diff -up openssl-1.1.1e/include/openssl/evperr.h.evp-kdf openssl-1.1.1e/include/openssl/evperr.h
|
||||
--- openssl-1.1.1e/include/openssl/evperr.h.evp-kdf 2020-03-19 16:04:11.250064365 +0100
|
||||
+++ openssl-1.1.1e/include/openssl/evperr.h 2020-03-19 16:04:32.379698640 +0100
|
||||
@@ -58,6 +58,9 @@ int ERR_load_EVP_strings(void);
|
||||
# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219
|
||||
# define EVP_F_EVP_ENCRYPTFINAL_EX 127
|
||||
# define EVP_F_EVP_ENCRYPTUPDATE 167
|
||||
@ -3645,7 +3629,7 @@ diff -up openssl-1.1.1b/include/openssl/evperr.h.evp-kdf openssl-1.1.1b/include/
|
||||
# define EVP_F_EVP_MD_CTX_COPY_EX 110
|
||||
# define EVP_F_EVP_MD_SIZE 162
|
||||
# define EVP_F_EVP_OPENINIT 102
|
||||
@@ -113,10 +116,12 @@ int ERR_load_EVP_strings(void);
|
||||
@@ -120,11 +123,13 @@ int ERR_load_EVP_strings(void);
|
||||
# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
|
||||
# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164
|
||||
# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180
|
||||
@ -3653,12 +3637,13 @@ diff -up openssl-1.1.1b/include/openssl/evperr.h.evp-kdf openssl-1.1.1b/include/
|
||||
# define EVP_F_PKEY_SET_TYPE 158
|
||||
# define EVP_F_RC2_MAGIC_TO_METH 109
|
||||
# define EVP_F_RC5_CTRL 125
|
||||
# define EVP_F_R_32_12_16_INIT_KEY 242
|
||||
# define EVP_F_S390X_AES_GCM_CTRL 201
|
||||
+# define EVP_F_SCRYPT_ALG 228
|
||||
# define EVP_F_UPDATE 173
|
||||
|
||||
/*
|
||||
@@ -171,6 +176,7 @@ int ERR_load_EVP_strings(void);
|
||||
@@ -181,6 +186,7 @@ int ERR_load_EVP_strings(void);
|
||||
# define EVP_R_ONLY_ONESHOT_SUPPORTED 177
|
||||
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
|
||||
# define EVP_R_OPERATON_NOT_INITIALIZED 151
|
||||
@ -3666,18 +3651,10 @@ diff -up openssl-1.1.1b/include/openssl/evperr.h.evp-kdf openssl-1.1.1b/include/
|
||||
# define EVP_R_PARTIALLY_OVERLAPPING 162
|
||||
# define EVP_R_PBKDF2_ERROR 181
|
||||
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
|
||||
diff -up openssl-1.1.1b/include/openssl/kdferr.h.evp-kdf openssl-1.1.1b/include/openssl/kdferr.h
|
||||
--- openssl-1.1.1b/include/openssl/kdferr.h.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/include/openssl/kdferr.h 2019-02-28 13:05:05.657521363 +0100
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -19,6 +19,23 @@ int ERR_load_KDF_strings(void);
|
||||
diff -up openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf openssl-1.1.1e/include/openssl/kdferr.h
|
||||
--- openssl-1.1.1e/include/openssl/kdferr.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/include/openssl/kdferr.h 2020-03-19 16:04:32.379698640 +0100
|
||||
@@ -23,6 +23,23 @@ int ERR_load_KDF_strings(void);
|
||||
/*
|
||||
* KDF function codes.
|
||||
*/
|
||||
@ -3701,7 +3678,7 @@ diff -up openssl-1.1.1b/include/openssl/kdferr.h.evp-kdf openssl-1.1.1b/include/
|
||||
# define KDF_F_PKEY_HKDF_CTRL_STR 103
|
||||
# define KDF_F_PKEY_HKDF_DERIVE 102
|
||||
# define KDF_F_PKEY_HKDF_INIT 108
|
||||
@@ -30,6 +47,7 @@ int ERR_load_KDF_strings(void);
|
||||
@@ -34,6 +51,7 @@ int ERR_load_KDF_strings(void);
|
||||
# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100
|
||||
# define KDF_F_PKEY_TLS1_PRF_DERIVE 101
|
||||
# define KDF_F_PKEY_TLS1_PRF_INIT 110
|
||||
@ -3709,16 +3686,16 @@ diff -up openssl-1.1.1b/include/openssl/kdferr.h.evp-kdf openssl-1.1.1b/include/
|
||||
# define KDF_F_TLS1_PRF_ALG 111
|
||||
|
||||
/*
|
||||
@@ -47,5 +65,6 @@ int ERR_load_KDF_strings(void);
|
||||
@@ -51,5 +69,6 @@ int ERR_load_KDF_strings(void);
|
||||
# define KDF_R_UNKNOWN_PARAMETER_TYPE 103
|
||||
# define KDF_R_VALUE_ERROR 108
|
||||
# define KDF_R_VALUE_MISSING 102
|
||||
+# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112
|
||||
|
||||
#endif
|
||||
diff -up openssl-1.1.1b/include/openssl/kdf.h.evp-kdf openssl-1.1.1b/include/openssl/kdf.h
|
||||
--- openssl-1.1.1b/include/openssl/kdf.h.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/include/openssl/kdf.h 2019-02-28 13:05:05.657521363 +0100
|
||||
diff -up openssl-1.1.1e/include/openssl/kdf.h.evp-kdf openssl-1.1.1e/include/openssl/kdf.h
|
||||
--- openssl-1.1.1e/include/openssl/kdf.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/include/openssl/kdf.h 2020-03-19 16:04:32.380698623 +0100
|
||||
@@ -10,10 +10,50 @@
|
||||
#ifndef HEADER_KDF_H
|
||||
# define HEADER_KDF_H
|
||||
@ -3797,9 +3774,9 @@ diff -up openssl-1.1.1b/include/openssl/kdf.h.evp-kdf openssl-1.1.1b/include/ope
|
||||
}
|
||||
# endif
|
||||
#endif
|
||||
diff -up openssl-1.1.1b/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1b/include/openssl/ossl_typ.h
|
||||
--- openssl-1.1.1b/include/openssl/ossl_typ.h.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/include/openssl/ossl_typ.h 2019-02-28 13:05:05.657521363 +0100
|
||||
diff -up openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1e/include/openssl/ossl_typ.h
|
||||
--- openssl-1.1.1e/include/openssl/ossl_typ.h.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/include/openssl/ossl_typ.h 2020-03-19 16:04:32.381698606 +0100
|
||||
@@ -97,6 +97,8 @@ typedef struct evp_pkey_asn1_method_st E
|
||||
typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
|
||||
typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
|
||||
@ -3809,10 +3786,10 @@ diff -up openssl-1.1.1b/include/openssl/ossl_typ.h.evp-kdf openssl-1.1.1b/includ
|
||||
typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
|
||||
|
||||
typedef struct hmac_ctx_st HMAC_CTX;
|
||||
diff -up openssl-1.1.1b/test/build.info.evp-kdf openssl-1.1.1b/test/build.info
|
||||
--- openssl-1.1.1b/test/build.info.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/test/build.info 2019-02-28 13:05:05.657521363 +0100
|
||||
@@ -43,7 +43,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
|
||||
diff -up openssl-1.1.1e/test/build.info.evp-kdf openssl-1.1.1e/test/build.info
|
||||
--- openssl-1.1.1e/test/build.info.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/test/build.info 2020-03-19 16:04:32.381698606 +0100
|
||||
@@ -44,7 +44,8 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
|
||||
ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
|
||||
bio_callback_test bio_memleak_test \
|
||||
bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \
|
||||
@ -3822,7 +3799,7 @@ diff -up openssl-1.1.1b/test/build.info.evp-kdf openssl-1.1.1b/test/build.info
|
||||
asn1_encode_test asn1_decode_test asn1_string_table_test \
|
||||
x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
|
||||
recordlentest drbgtest sslbuffertest \
|
||||
@@ -335,6 +336,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
|
||||
@@ -336,6 +337,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /I
|
||||
INCLUDE[pkey_meth_kdf_test]=../include
|
||||
DEPEND[pkey_meth_kdf_test]=../libcrypto libtestutil.a
|
||||
|
||||
@ -3833,9 +3810,9 @@ diff -up openssl-1.1.1b/test/build.info.evp-kdf openssl-1.1.1b/test/build.info
|
||||
SOURCE[x509_time_test]=x509_time_test.c
|
||||
INCLUDE[x509_time_test]=../include
|
||||
DEPEND[x509_time_test]=../libcrypto libtestutil.a
|
||||
diff -up openssl-1.1.1b/test/evp_kdf_test.c.evp-kdf openssl-1.1.1b/test/evp_kdf_test.c
|
||||
--- openssl-1.1.1b/test/evp_kdf_test.c.evp-kdf 2019-02-28 13:05:05.658521345 +0100
|
||||
+++ openssl-1.1.1b/test/evp_kdf_test.c 2019-02-28 13:05:05.658521345 +0100
|
||||
diff -up openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf openssl-1.1.1e/test/evp_kdf_test.c
|
||||
--- openssl-1.1.1e/test/evp_kdf_test.c.evp-kdf 2020-03-19 16:04:32.382698588 +0100
|
||||
+++ openssl-1.1.1e/test/evp_kdf_test.c 2020-03-19 16:04:32.382698588 +0100
|
||||
@@ -0,0 +1,237 @@
|
||||
+/*
|
||||
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -4074,10 +4051,10 @@ diff -up openssl-1.1.1b/test/evp_kdf_test.c.evp-kdf openssl-1.1.1b/test/evp_kdf_
|
||||
+#endif
|
||||
+ return 1;
|
||||
+}
|
||||
diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c
|
||||
--- openssl-1.1.1b/test/evp_test.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/test/evp_test.c 2019-02-28 13:05:05.658521345 +0100
|
||||
@@ -1672,13 +1672,14 @@ static const EVP_TEST_METHOD encode_test
|
||||
diff -up openssl-1.1.1e/test/evp_test.c.evp-kdf openssl-1.1.1e/test/evp_test.c
|
||||
--- openssl-1.1.1e/test/evp_test.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/test/evp_test.c 2020-03-19 16:04:32.383698571 +0100
|
||||
@@ -1705,13 +1705,14 @@ static const EVP_TEST_METHOD encode_test
|
||||
encode_test_run,
|
||||
};
|
||||
|
||||
@ -4093,7 +4070,7 @@ diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c
|
||||
/* Expected output */
|
||||
unsigned char *output;
|
||||
size_t output_len;
|
||||
@@ -1705,16 +1706,11 @@ static int kdf_test_init(EVP_TEST *t, co
|
||||
@@ -1738,16 +1739,11 @@ static int kdf_test_init(EVP_TEST *t, co
|
||||
|
||||
if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata))))
|
||||
return 0;
|
||||
@ -4111,7 +4088,7 @@ diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c
|
||||
t->data = kdata;
|
||||
return 1;
|
||||
}
|
||||
@@ -1723,7 +1719,42 @@ static void kdf_test_cleanup(EVP_TEST *t
|
||||
@@ -1756,7 +1752,42 @@ static void kdf_test_cleanup(EVP_TEST *t
|
||||
{
|
||||
KDF_DATA *kdata = t->data;
|
||||
OPENSSL_free(kdata->output);
|
||||
@ -4155,7 +4132,7 @@ diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c
|
||||
}
|
||||
|
||||
static int kdf_test_parse(EVP_TEST *t,
|
||||
@@ -1734,7 +1765,7 @@ static int kdf_test_parse(EVP_TEST *t,
|
||||
@@ -1767,7 +1798,7 @@ static int kdf_test_parse(EVP_TEST *t,
|
||||
if (strcmp(keyword, "Output") == 0)
|
||||
return parse_bin(value, &kdata->output, &kdata->output_len);
|
||||
if (strncmp(keyword, "Ctrl", 4) == 0)
|
||||
@ -4164,7 +4141,7 @@ diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -1748,7 +1779,7 @@ static int kdf_test_run(EVP_TEST *t)
|
||||
@@ -1781,7 +1812,7 @@ static int kdf_test_run(EVP_TEST *t)
|
||||
t->err = "INTERNAL_ERROR";
|
||||
goto err;
|
||||
}
|
||||
@ -4173,7 +4150,7 @@ diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c
|
||||
t->err = "KDF_DERIVE_ERROR";
|
||||
goto err;
|
||||
}
|
||||
@@ -1774,6 +1805,106 @@ static const EVP_TEST_METHOD kdf_test_me
|
||||
@@ -1807,6 +1838,106 @@ static const EVP_TEST_METHOD kdf_test_me
|
||||
|
||||
|
||||
/**
|
||||
@ -4280,7 +4257,7 @@ diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c
|
||||
*** KEYPAIR TESTS
|
||||
**/
|
||||
|
||||
@@ -2277,6 +2408,7 @@ static const EVP_TEST_METHOD *evp_test_l
|
||||
@@ -2310,6 +2441,7 @@ static const EVP_TEST_METHOD *evp_test_l
|
||||
&digestverify_test_method,
|
||||
&encode_test_method,
|
||||
&kdf_test_method,
|
||||
@ -4288,9 +4265,9 @@ diff -up openssl-1.1.1b/test/evp_test.c.evp-kdf openssl-1.1.1b/test/evp_test.c
|
||||
&keypair_test_method,
|
||||
&keygen_test_method,
|
||||
&mac_test_method,
|
||||
diff -up openssl-1.1.1b/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1b/test/pkey_meth_kdf_test.c
|
||||
--- openssl-1.1.1b/test/pkey_meth_kdf_test.c.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/test/pkey_meth_kdf_test.c 2019-02-28 13:05:05.658521345 +0100
|
||||
diff -up openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1e/test/pkey_meth_kdf_test.c
|
||||
--- openssl-1.1.1e/test/pkey_meth_kdf_test.c.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/test/pkey_meth_kdf_test.c 2020-03-19 16:04:32.386698519 +0100
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -4494,9 +4471,9 @@ diff -up openssl-1.1.1b/test/pkey_meth_kdf_test.c.evp-kdf openssl-1.1.1b/test/pk
|
||||
}
|
||||
#endif
|
||||
|
||||
diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt
|
||||
--- openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt 2019-02-28 13:05:05.659521326 +0100
|
||||
diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt
|
||||
--- openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evpkdf.txt 2020-03-19 16:04:32.388698484 +0100
|
||||
@@ -1,5 +1,5 @@
|
||||
#
|
||||
-# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -4895,9 +4872,9 @@ diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evpkdf.txt.evp-kdf openssl
|
||||
+Ctrl.digest = digest:sha512
|
||||
+Output = 00ef42cdbfc98d29db20976608e455567fdddf14
|
||||
+
|
||||
diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt
|
||||
--- openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf 2019-02-28 13:05:05.659521326 +0100
|
||||
+++ openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt 2019-02-28 13:05:05.659521326 +0100
|
||||
diff -up openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt
|
||||
--- openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf 2020-03-19 16:04:32.389698467 +0100
|
||||
+++ openssl-1.1.1e/test/recipes/30-test_evp_data/evppkey_kdf.txt 2020-03-19 16:04:32.389698467 +0100
|
||||
@@ -0,0 +1,305 @@
|
||||
+#
|
||||
+# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -5204,9 +5181,9 @@ diff -up openssl-1.1.1b/test/recipes/30-test_evp_data/evppkey_kdf.txt.evp-kdf op
|
||||
+Ctrl.p = p:1
|
||||
+Result = INTERNAL_ERROR
|
||||
+
|
||||
diff -up openssl-1.1.1b/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1b/test/recipes/30-test_evp_kdf.t
|
||||
--- openssl-1.1.1b/test/recipes/30-test_evp_kdf.t.evp-kdf 2019-02-28 13:05:05.659521326 +0100
|
||||
+++ openssl-1.1.1b/test/recipes/30-test_evp_kdf.t 2019-02-28 13:05:05.659521326 +0100
|
||||
diff -up openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp_kdf.t
|
||||
--- openssl-1.1.1e/test/recipes/30-test_evp_kdf.t.evp-kdf 2020-03-19 16:04:32.390698450 +0100
|
||||
+++ openssl-1.1.1e/test/recipes/30-test_evp_kdf.t 2020-03-19 16:04:32.390698450 +0100
|
||||
@@ -0,0 +1,13 @@
|
||||
+#! /usr/bin/env perl
|
||||
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -5221,9 +5198,9 @@ diff -up openssl-1.1.1b/test/recipes/30-test_evp_kdf.t.evp-kdf openssl-1.1.1b/te
|
||||
+use OpenSSL::Test::Simple;
|
||||
+
|
||||
+simple_test("test_evp_kdf", "evp_kdf_test");
|
||||
diff -up openssl-1.1.1c/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1c/test/recipes/30-test_evp.t
|
||||
--- openssl-1.1.1c/test/recipes/30-test_evp.t.evp-kdf 2019-05-29 16:55:38.236960543 +0200
|
||||
+++ openssl-1.1.1c/test/recipes/30-test_evp.t 2019-05-29 16:57:46.348718012 +0200
|
||||
diff -up openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1e/test/recipes/30-test_evp.t
|
||||
--- openssl-1.1.1e/test/recipes/30-test_evp.t.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/test/recipes/30-test_evp.t 2020-03-19 16:04:32.390698450 +0100
|
||||
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/
|
||||
setup("test_evp");
|
||||
|
||||
@ -5233,11 +5210,10 @@ diff -up openssl-1.1.1c/test/recipes/30-test_evp.t.evp-kdf openssl-1.1.1c/test/r
|
||||
"evpcase.txt", "evpccmcavs.txt" );
|
||||
|
||||
plan tests => scalar(@files);
|
||||
|
||||
diff -up openssl-1.1.1b/util/libcrypto.num.evp-kdf openssl-1.1.1b/util/libcrypto.num
|
||||
--- openssl-1.1.1b/util/libcrypto.num.evp-kdf 2019-02-28 13:05:05.636521752 +0100
|
||||
+++ openssl-1.1.1b/util/libcrypto.num 2019-02-28 13:05:05.660521308 +0100
|
||||
@@ -4614,3 +4614,11 @@ FIPS_drbg_get_strength
|
||||
diff -up openssl-1.1.1e/util/libcrypto.num.evp-kdf openssl-1.1.1e/util/libcrypto.num
|
||||
--- openssl-1.1.1e/util/libcrypto.num.evp-kdf 2020-03-19 16:04:11.263064140 +0100
|
||||
+++ openssl-1.1.1e/util/libcrypto.num 2020-03-19 16:04:32.392698415 +0100
|
||||
@@ -4622,3 +4622,11 @@ FIPS_drbg_get_strength
|
||||
FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION:
|
||||
FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION:
|
||||
FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION:
|
||||
@ -5249,9 +5225,9 @@ diff -up openssl-1.1.1b/util/libcrypto.num.evp-kdf openssl-1.1.1b/util/libcrypto
|
||||
+EVP_KDF_ctrl_str 6595 1_1_1b EXIST::FUNCTION:
|
||||
+EVP_KDF_size 6596 1_1_1b EXIST::FUNCTION:
|
||||
+EVP_KDF_derive 6597 1_1_1b EXIST::FUNCTION:
|
||||
diff -up openssl-1.1.1b/util/private.num.evp-kdf openssl-1.1.1b/util/private.num
|
||||
--- openssl-1.1.1b/util/private.num.evp-kdf 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/util/private.num 2019-02-28 13:05:05.660521308 +0100
|
||||
diff -up openssl-1.1.1e/util/private.num.evp-kdf openssl-1.1.1e/util/private.num
|
||||
--- openssl-1.1.1e/util/private.num.evp-kdf 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/util/private.num 2020-03-19 16:04:32.393698398 +0100
|
||||
@@ -21,6 +21,7 @@ CRYPTO_EX_dup
|
||||
CRYPTO_EX_free datatype
|
||||
CRYPTO_EX_new datatype
|
||||
|
@ -1,33 +1,17 @@
|
||||
diff -up openssl-1.1.1b/crypto/include/internal/rand_int.h.crng-test openssl-1.1.1b/crypto/include/internal/rand_int.h
|
||||
--- openssl-1.1.1b/crypto/include/internal/rand_int.h.crng-test 2019-05-07 08:56:33.242179136 +0200
|
||||
+++ openssl-1.1.1b/crypto/include/internal/rand_int.h 2019-05-07 09:54:14.920204875 +0200
|
||||
@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN
|
||||
|
||||
void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
|
||||
|
||||
+/* CRNG test entropy filter callbacks. */
|
||||
+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
|
||||
+ unsigned char **pout,
|
||||
+ int entropy, size_t min_len, size_t max_len,
|
||||
+ int prediction_resistance);
|
||||
+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
|
||||
+ unsigned char *out, size_t outlen);
|
||||
+
|
||||
/*
|
||||
* RAND_POOL functions
|
||||
*/
|
||||
diff -up openssl-1.1.1b/crypto/rand/build.info.crng-test openssl-1.1.1b/crypto/rand/build.info
|
||||
--- openssl-1.1.1b/crypto/rand/build.info.crng-test 2019-05-07 09:54:14.921204857 +0200
|
||||
+++ openssl-1.1.1b/crypto/rand/build.info 2019-05-07 09:55:22.730014705 +0200
|
||||
@@ -1,4 +1,4 @@
|
||||
diff -up openssl-1.1.1g/crypto/rand/build.info.crng-test openssl-1.1.1g/crypto/rand/build.info
|
||||
--- openssl-1.1.1g/crypto/rand/build.info.crng-test 2020-04-23 13:30:45.863389837 +0200
|
||||
+++ openssl-1.1.1g/crypto/rand/build.info 2020-04-23 13:31:55.847069892 +0200
|
||||
@@ -1,6 +1,6 @@
|
||||
LIBS=../../libcrypto
|
||||
SOURCE[../../libcrypto]=\
|
||||
- randfile.c rand_lib.c rand_err.c rand_egd.c \
|
||||
+ randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
|
||||
rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
|
||||
diff -up openssl-1.1.1b/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1b/crypto/rand/drbg_lib.c
|
||||
--- openssl-1.1.1b/crypto/rand/drbg_lib.c.crng-test 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/rand/drbg_lib.c 2019-05-07 10:04:51.753157224 +0200
|
||||
|
||||
INCLUDE[drbg_ctr.o]=../modes
|
||||
diff -up openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1g/crypto/rand/drbg_lib.c
|
||||
--- openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test 2020-04-23 13:30:45.818390686 +0200
|
||||
+++ openssl-1.1.1g/crypto/rand/drbg_lib.c 2020-04-23 13:30:45.864389819 +0200
|
||||
@@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg;
|
||||
|
||||
|
||||
@ -51,9 +35,9 @@ diff -up openssl-1.1.1b/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1b/crypto/r
|
||||
#ifndef RAND_DRBG_GET_RANDOM_NONCE
|
||||
drbg->get_nonce = rand_drbg_get_nonce;
|
||||
drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
|
||||
diff -up openssl-1.1.1b/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1b/crypto/rand/rand_crng_test.c
|
||||
--- openssl-1.1.1b/crypto/rand/rand_crng_test.c.crng-test 2019-05-07 09:54:14.925204787 +0200
|
||||
+++ openssl-1.1.1b/crypto/rand/rand_crng_test.c 2019-05-07 09:54:14.932204664 +0200
|
||||
diff -up openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1g/crypto/rand/rand_crng_test.c
|
||||
--- openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test 2020-04-23 13:30:45.864389819 +0200
|
||||
+++ openssl-1.1.1g/crypto/rand/rand_crng_test.c 2020-04-23 13:30:45.864389819 +0200
|
||||
@@ -0,0 +1,118 @@
|
||||
+/*
|
||||
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -71,9 +55,9 @@ diff -up openssl-1.1.1b/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1b/cr
|
||||
+
|
||||
+#include <string.h>
|
||||
+#include <openssl/evp.h>
|
||||
+#include "internal/rand_int.h"
|
||||
+#include "crypto/rand.h"
|
||||
+#include "internal/thread_once.h"
|
||||
+#include "rand_lcl.h"
|
||||
+#include "rand_local.h"
|
||||
+
|
||||
+static RAND_POOL *crngt_pool;
|
||||
+static unsigned char crngt_prev[EVP_MAX_MD_SIZE];
|
||||
@ -110,7 +94,7 @@ diff -up openssl-1.1.1b/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1b/cr
|
||||
+{
|
||||
+ unsigned char buf[CRNGT_BUFSIZ];
|
||||
+
|
||||
+ if ((crngt_pool = rand_pool_new(0, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL)
|
||||
+ if ((crngt_pool = rand_pool_new(0, 1, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL)
|
||||
+ return 0;
|
||||
+ if (crngt_get_entropy(buf, crngt_prev, NULL)) {
|
||||
+ OPENSSL_cleanse(buf, sizeof(buf));
|
||||
@ -147,7 +131,7 @@ diff -up openssl-1.1.1b/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1b/cr
|
||||
+ if (!RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init))
|
||||
+ return 0;
|
||||
+
|
||||
+ if ((pool = rand_pool_new(entropy, min_len, max_len)) == NULL)
|
||||
+ if ((pool = rand_pool_new(entropy, 1, min_len, max_len)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) {
|
||||
@ -173,9 +157,9 @@ diff -up openssl-1.1.1b/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1b/cr
|
||||
+{
|
||||
+ OPENSSL_secure_clear_free(out, outlen);
|
||||
+}
|
||||
diff -up openssl-1.1.1b/crypto/rand/rand_lcl.h.crng-test openssl-1.1.1b/crypto/rand/rand_lcl.h
|
||||
--- openssl-1.1.1b/crypto/rand/rand_lcl.h.crng-test 2019-05-07 08:56:33.330177674 +0200
|
||||
+++ openssl-1.1.1b/crypto/rand/rand_lcl.h 2019-05-07 09:54:14.933204647 +0200
|
||||
diff -up openssl-1.1.1g/crypto/rand/rand_local.h.crng-test openssl-1.1.1g/crypto/rand/rand_local.h
|
||||
--- openssl-1.1.1g/crypto/rand/rand_local.h.crng-test 2020-04-23 13:30:45.470397250 +0200
|
||||
+++ openssl-1.1.1g/crypto/rand/rand_local.h 2020-04-23 13:30:45.864389819 +0200
|
||||
@@ -33,7 +33,15 @@
|
||||
# define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */
|
||||
# define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */
|
||||
@ -193,17 +177,16 @@ diff -up openssl-1.1.1b/crypto/rand/rand_lcl.h.crng-test openssl-1.1.1b/crypto/r
|
||||
|
||||
/*
|
||||
* Maximum input size for the DRBG (entropy, nonce, personalization string)
|
||||
@@ -44,7 +52,8 @@
|
||||
@@ -44,6 +52,8 @@
|
||||
*/
|
||||
# define DRBG_MAX_LENGTH INT32_MAX
|
||||
|
||||
-
|
||||
+/* The default nonce */
|
||||
+# define DRBG_DEFAULT_PERS_STRING "OpenSSL NIST SP 800-90A DRBG"
|
||||
|
||||
/*
|
||||
* Maximum allocation size for RANDOM_POOL buffers
|
||||
@@ -290,4 +299,22 @@ int rand_drbg_enable_locking(RAND_DRBG *
|
||||
@@ -296,4 +306,22 @@ int rand_drbg_enable_locking(RAND_DRBG *
|
||||
/* initializes the AES-CTR DRBG implementation */
|
||||
int drbg_ctr_init(RAND_DRBG *drbg);
|
||||
|
||||
@ -226,10 +209,28 @@ diff -up openssl-1.1.1b/crypto/rand/rand_lcl.h.crng-test openssl-1.1.1b/crypto/r
|
||||
+int rand_crngt_single_init(void);
|
||||
+
|
||||
#endif
|
||||
diff -up openssl-1.1.1b/test/drbgtest.c.crng-test openssl-1.1.1b/test/drbgtest.c
|
||||
--- openssl-1.1.1b/test/drbgtest.c.crng-test 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/test/drbgtest.c 2019-05-07 10:06:24.706551561 +0200
|
||||
@@ -143,6 +143,31 @@ static size_t kat_nonce(RAND_DRBG *drbg,
|
||||
diff -up openssl-1.1.1g/include/crypto/rand.h.crng-test openssl-1.1.1g/include/crypto/rand.h
|
||||
--- openssl-1.1.1g/include/crypto/rand.h.crng-test 2020-04-23 13:30:45.824390573 +0200
|
||||
+++ openssl-1.1.1g/include/crypto/rand.h 2020-04-23 13:30:45.864389819 +0200
|
||||
@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN
|
||||
|
||||
void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
|
||||
|
||||
+/* CRNG test entropy filter callbacks. */
|
||||
+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
|
||||
+ unsigned char **pout,
|
||||
+ int entropy, size_t min_len, size_t max_len,
|
||||
+ int prediction_resistance);
|
||||
+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
|
||||
+ unsigned char *out, size_t outlen);
|
||||
+
|
||||
/*
|
||||
* RAND_POOL functions
|
||||
*/
|
||||
diff -up openssl-1.1.1g/test/drbgtest.c.crng-test openssl-1.1.1g/test/drbgtest.c
|
||||
--- openssl-1.1.1g/test/drbgtest.c.crng-test 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/test/drbgtest.c 2020-04-23 13:30:45.865389800 +0200
|
||||
@@ -150,6 +150,31 @@ static size_t kat_nonce(RAND_DRBG *drbg,
|
||||
return t->noncelen;
|
||||
}
|
||||
|
||||
@ -261,7 +262,7 @@ diff -up openssl-1.1.1b/test/drbgtest.c.crng-test openssl-1.1.1b/test/drbgtest.c
|
||||
static int uninstantiate(RAND_DRBG *drbg)
|
||||
{
|
||||
int ret = drbg == NULL ? 1 : RAND_DRBG_uninstantiate(drbg);
|
||||
@@ -168,7 +193,8 @@ static int single_kat(DRBG_SELFTEST_DATA
|
||||
@@ -175,7 +200,8 @@ static int single_kat(DRBG_SELFTEST_DATA
|
||||
if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL)))
|
||||
return 0;
|
||||
if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||
@ -271,7 +272,7 @@ diff -up openssl-1.1.1b/test/drbgtest.c.crng-test openssl-1.1.1b/test/drbgtest.c
|
||||
failures++;
|
||||
goto err;
|
||||
}
|
||||
@@ -286,7 +312,8 @@ static int error_check(DRBG_SELFTEST_DAT
|
||||
@@ -293,7 +319,8 @@ static int error_check(DRBG_SELFTEST_DAT
|
||||
unsigned int reseed_counter_tmp;
|
||||
int ret = 0;
|
||||
|
||||
@ -281,7 +282,7 @@ diff -up openssl-1.1.1b/test/drbgtest.c.crng-test openssl-1.1.1b/test/drbgtest.c
|
||||
goto err;
|
||||
|
||||
/*
|
||||
@@ -699,6 +726,10 @@ static int test_rand_drbg_reseed(void)
|
||||
@@ -740,6 +767,10 @@ static int test_rand_drbg_reseed(void)
|
||||
|| !TEST_ptr_eq(private->parent, master))
|
||||
return 0;
|
||||
|
||||
@ -292,7 +293,7 @@ diff -up openssl-1.1.1b/test/drbgtest.c.crng-test openssl-1.1.1b/test/drbgtest.c
|
||||
/* uninstantiate the three global DRBGs */
|
||||
RAND_DRBG_uninstantiate(private);
|
||||
RAND_DRBG_uninstantiate(public);
|
||||
@@ -919,7 +950,8 @@ static int test_rand_seed(void)
|
||||
@@ -964,7 +995,8 @@ static int test_rand_seed(void)
|
||||
size_t rand_buflen;
|
||||
size_t required_seed_buflen = 0;
|
||||
|
||||
@ -302,7 +303,7 @@ diff -up openssl-1.1.1b/test/drbgtest.c.crng-test openssl-1.1.1b/test/drbgtest.c
|
||||
return 0;
|
||||
|
||||
#ifdef OPENSSL_RAND_SEED_NONE
|
||||
@@ -968,6 +1000,95 @@ static int test_rand_add(void)
|
||||
@@ -1013,6 +1045,95 @@ static int test_rand_add(void)
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -398,7 +399,7 @@ diff -up openssl-1.1.1b/test/drbgtest.c.crng-test openssl-1.1.1b/test/drbgtest.c
|
||||
int setup_tests(void)
|
||||
{
|
||||
app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
|
||||
@@ -980,5 +1101,6 @@ int setup_tests(void)
|
||||
@@ -1025,5 +1146,6 @@ int setup_tests(void)
|
||||
#if defined(OPENSSL_THREADS)
|
||||
ADD_TEST(test_multi_thread);
|
||||
#endif
|
||||
|
@ -1,6 +1,6 @@
|
||||
diff -up openssl-1.1.1c/crypto/ec/ec_curve.c.fips-curves openssl-1.1.1c/crypto/ec/ec_curve.c
|
||||
--- openssl-1.1.1c/crypto/ec/ec_curve.c.fips-curves 2019-11-25 13:18:40.719532357 +0100
|
||||
+++ openssl-1.1.1c/crypto/ec/ec_curve.c 2019-11-25 13:18:40.765531559 +0100
|
||||
diff -up openssl-1.1.1g/crypto/ec/ec_curve.c.fips-curves openssl-1.1.1g/crypto/ec/ec_curve.c
|
||||
--- openssl-1.1.1g/crypto/ec/ec_curve.c.fips-curves 2020-05-18 12:59:54.839643980 +0200
|
||||
+++ openssl-1.1.1g/crypto/ec/ec_curve.c 2020-05-18 12:59:54.852644093 +0200
|
||||
@@ -13,6 +13,7 @@
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/obj_mac.h>
|
||||
@ -106,18 +106,10 @@ diff -up openssl-1.1.1c/crypto/ec/ec_curve.c.fips-curves openssl-1.1.1c/crypto/e
|
||||
}
|
||||
|
||||
/* Functions to translate between common NIST curve names and NIDs */
|
||||
diff -up openssl-1.1.1c/ssl/t1_lib.c.fips-curves openssl-1.1.1c/ssl/t1_lib.c
|
||||
--- openssl-1.1.1c/ssl/t1_lib.c.fips-curves 2019-11-25 13:18:40.658533416 +0100
|
||||
+++ openssl-1.1.1c/ssl/t1_lib.c 2019-11-26 17:57:15.014742428 +0100
|
||||
@@ -20,6 +20,7 @@
|
||||
#include "internal/nelem.h"
|
||||
#include "ssl_locl.h"
|
||||
#include <openssl/ct.h>
|
||||
+#include <openssl/crypto.h>
|
||||
|
||||
SSL3_ENC_METHOD const TLSv1_enc_data = {
|
||||
tls1_enc,
|
||||
@@ -676,6 +677,36 @@ static const uint16_t tls12_sigalgs[] =
|
||||
diff -up openssl-1.1.1g/ssl/t1_lib.c.fips-curves openssl-1.1.1g/ssl/t1_lib.c
|
||||
--- openssl-1.1.1g/ssl/t1_lib.c.fips-curves 2020-05-18 12:59:54.797643616 +0200
|
||||
+++ openssl-1.1.1g/ssl/t1_lib.c 2020-05-18 13:03:54.748725463 +0200
|
||||
@@ -678,6 +678,36 @@ static const uint16_t tls12_sigalgs[] =
|
||||
#endif
|
||||
};
|
||||
|
||||
@ -154,20 +146,16 @@ diff -up openssl-1.1.1c/ssl/t1_lib.c.fips-curves openssl-1.1.1c/ssl/t1_lib.c
|
||||
#ifndef OPENSSL_NO_EC
|
||||
static const uint16_t suiteb_sigalgs[] = {
|
||||
TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
|
||||
@@ -890,8 +921,11 @@ static const SIGALG_LOOKUP *tls1_get_leg
|
||||
@@ -894,6 +924,8 @@ static const SIGALG_LOOKUP *tls1_get_leg
|
||||
}
|
||||
if (idx < 0 || idx >= (int)OSSL_NELEM(tls_default_sigalg))
|
||||
return NULL;
|
||||
+ if (FIPS_mode()) /* We do not allow legacy SHA1 signatures in FIPS mode */
|
||||
+ return NULL;
|
||||
if (SSL_USE_SIGALGS(s) || idx != SSL_PKEY_RSA) {
|
||||
- const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(tls_default_sigalg[idx]);
|
||||
+ const SIGALG_LOOKUP *lu;
|
||||
const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(tls_default_sigalg[idx]);
|
||||
|
||||
+ if (FIPS_mode()) /* We do not allow SHA1 signatures in FIPS mode */
|
||||
+ return NULL;
|
||||
+ lu = tls1_lookup_sigalg(tls_default_sigalg[idx]);
|
||||
if (!tls1_lookup_md(lu, NULL))
|
||||
return NULL;
|
||||
return lu;
|
||||
@@ -945,6 +979,9 @@ size_t tls12_get_psigalgs(SSL *s, int se
|
||||
@@ -954,6 +986,9 @@ size_t tls12_get_psigalgs(SSL *s, int se
|
||||
} else if (s->cert->conf_sigalgs) {
|
||||
*psigs = s->cert->conf_sigalgs;
|
||||
return s->cert->conf_sigalgslen;
|
||||
@ -177,7 +165,7 @@ diff -up openssl-1.1.1c/ssl/t1_lib.c.fips-curves openssl-1.1.1c/ssl/t1_lib.c
|
||||
} else {
|
||||
*psigs = tls12_sigalgs;
|
||||
return OSSL_NELEM(tls12_sigalgs);
|
||||
@@ -964,6 +1001,9 @@ int tls_check_sigalg_curve(const SSL *s,
|
||||
@@ -973,6 +1008,9 @@ int tls_check_sigalg_curve(const SSL *s,
|
||||
if (s->cert->conf_sigalgs) {
|
||||
sigs = s->cert->conf_sigalgs;
|
||||
siglen = s->cert->conf_sigalgslen;
|
||||
@ -187,7 +175,7 @@ diff -up openssl-1.1.1c/ssl/t1_lib.c.fips-curves openssl-1.1.1c/ssl/t1_lib.c
|
||||
} else {
|
||||
sigs = tls12_sigalgs;
|
||||
siglen = OSSL_NELEM(tls12_sigalgs);
|
||||
@@ -1582,6 +1622,8 @@ static int tls12_sigalg_allowed(SSL *s,
|
||||
@@ -1617,6 +1655,8 @@ static int tls12_sigalg_allowed(const SS
|
||||
if (lu->sig == NID_id_GostR3410_2012_256
|
||||
|| lu->sig == NID_id_GostR3410_2012_512
|
||||
|| lu->sig == NID_id_GostR3410_2001) {
|
||||
@ -196,7 +184,7 @@ diff -up openssl-1.1.1c/ssl/t1_lib.c.fips-curves openssl-1.1.1c/ssl/t1_lib.c
|
||||
/* We never allow GOST sig algs on the server with TLSv1.3 */
|
||||
if (s->server && SSL_IS_TLS13(s))
|
||||
return 0;
|
||||
@@ -2720,6 +2762,13 @@ int tls_choose_sigalg(SSL *s, int fatale
|
||||
@@ -2842,6 +2882,13 @@ int tls_choose_sigalg(SSL *s, int fatale
|
||||
const uint16_t *sent_sigs;
|
||||
size_t sent_sigslen;
|
||||
|
||||
|
2658
SOURCES/openssl-1.1.1-fips-dh.patch
Normal file
2658
SOURCES/openssl-1.1.1-fips-dh.patch
Normal file
File diff suppressed because it is too large
Load Diff
587
SOURCES/openssl-1.1.1-fips-drbg-selftest.patch
Normal file
587
SOURCES/openssl-1.1.1-fips-drbg-selftest.patch
Normal file
@ -0,0 +1,587 @@
|
||||
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest openssl-1.1.1g/crypto/fips/fips_post.c
|
||||
--- openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest 2020-04-23 13:33:12.500624151 +0200
|
||||
+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-04-23 13:33:12.618621925 +0200
|
||||
@@ -67,12 +67,18 @@
|
||||
|
||||
# include <openssl/fips.h>
|
||||
# include "crypto/fips.h"
|
||||
+# include "crypto/rand.h"
|
||||
# include "fips_locl.h"
|
||||
|
||||
/* Run all selftests */
|
||||
int FIPS_selftest(void)
|
||||
{
|
||||
int rv = 1;
|
||||
+ if (!rand_drbg_selftest()) {
|
||||
+ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_TEST_FAILURE);
|
||||
+ ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
|
||||
+ rv = 0;
|
||||
+ }
|
||||
if (!FIPS_selftest_drbg())
|
||||
rv = 0;
|
||||
if (!FIPS_selftest_sha1())
|
||||
diff -up openssl-1.1.1g/crypto/rand/build.info.drbg-selftest openssl-1.1.1g/crypto/rand/build.info
|
||||
--- openssl-1.1.1g/crypto/rand/build.info.drbg-selftest 2020-04-23 13:33:12.619621907 +0200
|
||||
+++ openssl-1.1.1g/crypto/rand/build.info 2020-04-23 13:34:10.857523497 +0200
|
||||
@@ -1,6 +1,6 @@
|
||||
LIBS=../../libcrypto
|
||||
SOURCE[../../libcrypto]=\
|
||||
randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
|
||||
- rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
|
||||
+ rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c drbg_selftest.c
|
||||
|
||||
INCLUDE[drbg_ctr.o]=../modes
|
||||
diff -up openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest openssl-1.1.1g/crypto/rand/drbg_selftest.c
|
||||
--- openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest 2020-04-23 13:33:12.619621907 +0200
|
||||
+++ openssl-1.1.1g/crypto/rand/drbg_selftest.c 2020-04-23 13:33:12.619621907 +0200
|
||||
@@ -0,0 +1,537 @@
|
||||
+/*
|
||||
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ *
|
||||
+ * Licensed under the OpenSSL license (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+#include <string.h>
|
||||
+#include <stddef.h>
|
||||
+#include "internal/nelem.h"
|
||||
+#include <openssl/crypto.h>
|
||||
+#include <openssl/err.h>
|
||||
+#include <openssl/rand_drbg.h>
|
||||
+#include <openssl/obj_mac.h>
|
||||
+#include "internal/thread_once.h"
|
||||
+#include "crypto/rand.h"
|
||||
+
|
||||
+typedef struct test_ctx_st {
|
||||
+ const unsigned char *entropy;
|
||||
+ size_t entropylen;
|
||||
+ int entropycnt;
|
||||
+ const unsigned char *nonce;
|
||||
+ size_t noncelen;
|
||||
+ int noncecnt;
|
||||
+} TEST_CTX;
|
||||
+
|
||||
+static int app_data_index = -1;
|
||||
+static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT;
|
||||
+DEFINE_RUN_ONCE_STATIC(drbg_app_data_index_init)
|
||||
+{
|
||||
+ app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+enum drbg_kat_type {
|
||||
+ NO_RESEED,
|
||||
+ PR_FALSE,
|
||||
+ PR_TRUE
|
||||
+};
|
||||
+
|
||||
+enum drbg_df {
|
||||
+ USE_DF,
|
||||
+ NO_DF,
|
||||
+ NA
|
||||
+};
|
||||
+
|
||||
+struct drbg_kat_no_reseed {
|
||||
+ size_t count;
|
||||
+ const unsigned char *entropyin;
|
||||
+ const unsigned char *nonce;
|
||||
+ const unsigned char *persstr;
|
||||
+ const unsigned char *addin1;
|
||||
+ const unsigned char *addin2;
|
||||
+ const unsigned char *retbytes;
|
||||
+};
|
||||
+
|
||||
+struct drbg_kat_pr_false {
|
||||
+ size_t count;
|
||||
+ const unsigned char *entropyin;
|
||||
+ const unsigned char *nonce;
|
||||
+ const unsigned char *persstr;
|
||||
+ const unsigned char *entropyinreseed;
|
||||
+ const unsigned char *addinreseed;
|
||||
+ const unsigned char *addin1;
|
||||
+ const unsigned char *addin2;
|
||||
+ const unsigned char *retbytes;
|
||||
+};
|
||||
+
|
||||
+struct drbg_kat_pr_true {
|
||||
+ size_t count;
|
||||
+ const unsigned char *entropyin;
|
||||
+ const unsigned char *nonce;
|
||||
+ const unsigned char *persstr;
|
||||
+ const unsigned char *entropyinpr1;
|
||||
+ const unsigned char *addin1;
|
||||
+ const unsigned char *entropyinpr2;
|
||||
+ const unsigned char *addin2;
|
||||
+ const unsigned char *retbytes;
|
||||
+};
|
||||
+
|
||||
+struct drbg_kat {
|
||||
+ enum drbg_kat_type type;
|
||||
+ enum drbg_df df;
|
||||
+ int nid;
|
||||
+
|
||||
+ size_t entropyinlen;
|
||||
+ size_t noncelen;
|
||||
+ size_t persstrlen;
|
||||
+ size_t addinlen;
|
||||
+ size_t retbyteslen;
|
||||
+
|
||||
+ const void *t;
|
||||
+};
|
||||
+
|
||||
+/*
|
||||
+ * Excerpt from test/drbg_cavs_data.c
|
||||
+ * DRBG test vectors from:
|
||||
+ * https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/
|
||||
+ */
|
||||
+
|
||||
+static const unsigned char kat1308_entropyin[] = {
|
||||
+ 0x7c, 0x5d, 0x90, 0x70, 0x3b, 0x8a, 0xc7, 0x0f, 0x23, 0x73, 0x24, 0x9c,
|
||||
+ 0xa7, 0x15, 0x41, 0x71, 0x7a, 0x31, 0xea, 0x32, 0xfc, 0x28, 0x0d, 0xd7,
|
||||
+ 0x5b, 0x09, 0x01, 0x98, 0x1b, 0xe2, 0xa5, 0x53, 0xd9, 0x05, 0x32, 0x97,
|
||||
+ 0xec, 0xbe, 0x86, 0xfd, 0x1c, 0x1c, 0x71, 0x4c, 0x52, 0x29, 0x9e, 0x52,
|
||||
+};
|
||||
+static const unsigned char kat1308_nonce[] = {0};
|
||||
+static const unsigned char kat1308_persstr[] = {
|
||||
+ 0xdc, 0x07, 0x2f, 0x68, 0xfa, 0x77, 0x03, 0x23, 0x42, 0xb0, 0xf5, 0xa2,
|
||||
+ 0xd9, 0xad, 0xa1, 0xd0, 0xad, 0xa2, 0x14, 0xb4, 0xd0, 0x8e, 0xfb, 0x39,
|
||||
+ 0xdd, 0xc2, 0xac, 0xfb, 0x98, 0xdf, 0x7f, 0xce, 0x4c, 0x75, 0x56, 0x45,
|
||||
+ 0xcd, 0x86, 0x93, 0x74, 0x90, 0x6e, 0xf6, 0x9e, 0x85, 0x7e, 0xfb, 0xc3,
|
||||
+};
|
||||
+static const unsigned char kat1308_addin0[] = {
|
||||
+ 0x52, 0x25, 0xc4, 0x2f, 0x03, 0xce, 0x29, 0x71, 0xc5, 0x0b, 0xc3, 0x4e,
|
||||
+ 0xad, 0x8d, 0x6f, 0x17, 0x82, 0xe1, 0xf3, 0xfd, 0xfd, 0x9b, 0x94, 0x9a,
|
||||
+ 0x1d, 0xac, 0xd0, 0xd4, 0x3f, 0x2b, 0xe3, 0xab, 0x7c, 0x3d, 0x3e, 0x5a,
|
||||
+ 0x68, 0xbb, 0xa4, 0x74, 0x68, 0x1a, 0xc6, 0x27, 0xff, 0xe0, 0xc0, 0x6c,
|
||||
+};
|
||||
+static const unsigned char kat1308_addin1[] = {
|
||||
+ 0xdc, 0x91, 0xd7, 0xb7, 0xb9, 0x94, 0x79, 0x0f, 0x06, 0xc4, 0x70, 0x19,
|
||||
+ 0x33, 0x25, 0x7c, 0x96, 0x01, 0xa0, 0x62, 0xb0, 0x50, 0xe6, 0xc0, 0x3a,
|
||||
+ 0x56, 0x8f, 0xc5, 0x50, 0x48, 0xc6, 0xf4, 0x49, 0xe5, 0x70, 0x16, 0x2e,
|
||||
+ 0xae, 0xf2, 0x99, 0xb4, 0x2d, 0x70, 0x18, 0x16, 0xcd, 0xe0, 0x24, 0xe4,
|
||||
+};
|
||||
+static const unsigned char kat1308_retbits[] = {
|
||||
+ 0xde, 0xf8, 0x91, 0x1b, 0xf1, 0xe1, 0xa9, 0x97, 0xd8, 0x61, 0x84, 0xe2,
|
||||
+ 0xdb, 0x83, 0x3e, 0x60, 0x45, 0xcd, 0xc8, 0x66, 0x93, 0x28, 0xc8, 0x92,
|
||||
+ 0xbc, 0x25, 0xae, 0xe8, 0xb0, 0xed, 0xed, 0x16, 0x3d, 0xa5, 0xf9, 0x0f,
|
||||
+ 0xb3, 0x72, 0x08, 0x84, 0xac, 0x3c, 0x3b, 0xaa, 0x5f, 0xf9, 0x7d, 0x63,
|
||||
+ 0x3e, 0xde, 0x59, 0x37, 0x0e, 0x40, 0x12, 0x2b, 0xbc, 0x6c, 0x96, 0x53,
|
||||
+ 0x26, 0x32, 0xd0, 0xb8,
|
||||
+};
|
||||
+static const struct drbg_kat_no_reseed kat1308_t = {
|
||||
+ 2, kat1308_entropyin, kat1308_nonce, kat1308_persstr,
|
||||
+ kat1308_addin0, kat1308_addin1, kat1308_retbits
|
||||
+};
|
||||
+static const struct drbg_kat kat1308 = {
|
||||
+ NO_RESEED, NO_DF, NID_aes_256_ctr, 48, 0, 48, 48, 64, &kat1308_t
|
||||
+};
|
||||
+
|
||||
+static const unsigned char kat1465_entropyin[] = {
|
||||
+ 0xc9, 0x96, 0x3a, 0x15, 0x51, 0x76, 0x4f, 0xe0, 0x45, 0x82, 0x8a, 0x64,
|
||||
+ 0x87, 0xbe, 0xaa, 0xc0,
|
||||
+};
|
||||
+static const unsigned char kat1465_nonce[] = {
|
||||
+ 0x08, 0xcd, 0x69, 0x39, 0xf8, 0x58, 0x9a, 0x85,
|
||||
+};
|
||||
+static const unsigned char kat1465_persstr[] = {0};
|
||||
+static const unsigned char kat1465_entropyinreseed[] = {
|
||||
+ 0x16, 0xcc, 0x35, 0x15, 0xb1, 0x17, 0xf5, 0x33, 0x80, 0x9a, 0x80, 0xc5,
|
||||
+ 0x1f, 0x4b, 0x7b, 0x51,
|
||||
+};
|
||||
+static const unsigned char kat1465_addinreseed[] = {
|
||||
+ 0xf5, 0x3d, 0xf1, 0x2e, 0xdb, 0x28, 0x1c, 0x00, 0x7b, 0xcb, 0xb6, 0x12,
|
||||
+ 0x61, 0x9f, 0x26, 0x5f,
|
||||
+};
|
||||
+static const unsigned char kat1465_addin0[] = {
|
||||
+ 0xe2, 0x67, 0x06, 0x62, 0x09, 0xa7, 0xcf, 0xd6, 0x84, 0x8c, 0x20, 0xf6,
|
||||
+ 0x10, 0x5a, 0x73, 0x9c,
|
||||
+};
|
||||
+static const unsigned char kat1465_addin1[] = {
|
||||
+ 0x26, 0xfa, 0x50, 0xe1, 0xb3, 0xcb, 0x65, 0xed, 0xbc, 0x6d, 0xda, 0x18,
|
||||
+ 0x47, 0x99, 0x1f, 0xeb,
|
||||
+};
|
||||
+static const unsigned char kat1465_retbits[] = {
|
||||
+ 0xf9, 0x47, 0xc6, 0xb0, 0x58, 0xa8, 0x66, 0x8a, 0xf5, 0x2b, 0x2a, 0x6d,
|
||||
+ 0x4e, 0x24, 0x6f, 0x65, 0xbf, 0x51, 0x22, 0xbf, 0xe8, 0x8d, 0x6c, 0xeb,
|
||||
+ 0xf9, 0x68, 0x7f, 0xed, 0x3b, 0xdd, 0x6b, 0xd5, 0x28, 0x47, 0x56, 0x52,
|
||||
+ 0xda, 0x50, 0xf0, 0x90, 0x73, 0x95, 0x06, 0x58, 0xaf, 0x08, 0x98, 0x6e,
|
||||
+ 0x24, 0x18, 0xfd, 0x2f, 0x48, 0x72, 0x57, 0xd6, 0x59, 0xab, 0xe9, 0x41,
|
||||
+ 0x58, 0xdb, 0x27, 0xba,
|
||||
+};
|
||||
+static const struct drbg_kat_pr_false kat1465_t = {
|
||||
+ 9, kat1465_entropyin, kat1465_nonce, kat1465_persstr,
|
||||
+ kat1465_entropyinreseed, kat1465_addinreseed, kat1465_addin0,
|
||||
+ kat1465_addin1, kat1465_retbits
|
||||
+};
|
||||
+static const struct drbg_kat kat1465 = {
|
||||
+ PR_FALSE, USE_DF, NID_aes_128_ctr, 16, 8, 0, 16, 64, &kat1465_t
|
||||
+};
|
||||
+
|
||||
+static const unsigned char kat3146_entropyin[] = {
|
||||
+ 0xd7, 0x08, 0x42, 0x82, 0xc2, 0xd2, 0xd1, 0xde, 0x01, 0xb4, 0x36, 0xb3,
|
||||
+ 0x7f, 0xbd, 0xd3, 0xdd, 0xb3, 0xc4, 0x31, 0x4f, 0x8f, 0xa7, 0x10, 0xf4,
|
||||
+};
|
||||
+static const unsigned char kat3146_nonce[] = {
|
||||
+ 0x7b, 0x9e, 0xcd, 0x49, 0x4f, 0x46, 0xa0, 0x08, 0x32, 0xff, 0x2e, 0xc3,
|
||||
+ 0x50, 0x86, 0xca, 0xca,
|
||||
+};
|
||||
+static const unsigned char kat3146_persstr[] = {0};
|
||||
+static const unsigned char kat3146_entropyinpr1[] = {
|
||||
+ 0x68, 0xd0, 0x7b, 0xa4, 0xe7, 0x22, 0x19, 0xe6, 0xb6, 0x46, 0x6a, 0xda,
|
||||
+ 0x8e, 0x67, 0xea, 0x63, 0x3f, 0xaf, 0x2f, 0x6c, 0x9d, 0x5e, 0x48, 0x15,
|
||||
+};
|
||||
+static const unsigned char kat3146_addinpr1[] = {
|
||||
+ 0x70, 0x0f, 0x54, 0xf4, 0x53, 0xde, 0xca, 0x61, 0x5c, 0x49, 0x51, 0xd1,
|
||||
+ 0x41, 0xc4, 0xf1, 0x2f, 0x65, 0xfb, 0x7e, 0xbc, 0x9b, 0x14, 0xba, 0x90,
|
||||
+ 0x05, 0x33, 0x7e, 0x64, 0xb7, 0x2b, 0xaf, 0x99,
|
||||
+};
|
||||
+static const unsigned char kat3146_entropyinpr2[] = {
|
||||
+ 0xeb, 0x77, 0xb0, 0xe9, 0x2d, 0x31, 0xc8, 0x66, 0xc5, 0xc4, 0xa7, 0xf7,
|
||||
+ 0x6c, 0xb2, 0x74, 0x36, 0x4b, 0x25, 0x78, 0x04, 0xd8, 0xd7, 0xd2, 0x34,
|
||||
+};
|
||||
+static const unsigned char kat3146_addinpr2[] = {
|
||||
+ 0x05, 0xcd, 0x2a, 0x97, 0x5a, 0x5d, 0xfb, 0x98, 0xc1, 0xf1, 0x00, 0x0c,
|
||||
+ 0xed, 0xe6, 0x2a, 0xba, 0xf0, 0x89, 0x1f, 0x5a, 0x4f, 0xd7, 0x48, 0xb3,
|
||||
+ 0x24, 0xc0, 0x8a, 0x3d, 0x60, 0x59, 0x5d, 0xb6,
|
||||
+};
|
||||
+static const unsigned char kat3146_retbits[] = {
|
||||
+ 0x29, 0x94, 0xa4, 0xa8, 0x17, 0x3e, 0x62, 0x2f, 0x94, 0xdd, 0x40, 0x1f,
|
||||
+ 0xe3, 0x7e, 0x77, 0xd4, 0x38, 0xbc, 0x0e, 0x49, 0x46, 0xf6, 0x0e, 0x28,
|
||||
+ 0x91, 0xc6, 0x9c, 0xc4, 0xa6, 0xa1, 0xf8, 0x9a, 0x64, 0x5e, 0x99, 0x76,
|
||||
+ 0xd0, 0x2d, 0xee, 0xde, 0xe1, 0x2c, 0x93, 0x29, 0x4b, 0x12, 0xcf, 0x87,
|
||||
+ 0x03, 0x98, 0xb9, 0x74, 0x41, 0xdb, 0x3a, 0x49, 0x9f, 0x92, 0xd0, 0x45,
|
||||
+ 0xd4, 0x30, 0x73, 0xbb,
|
||||
+};
|
||||
+static const struct drbg_kat_pr_true kat3146_t = {
|
||||
+ 10, kat3146_entropyin, kat3146_nonce, kat3146_persstr,
|
||||
+ kat3146_entropyinpr1, kat3146_addinpr1, kat3146_entropyinpr2,
|
||||
+ kat3146_addinpr2, kat3146_retbits
|
||||
+};
|
||||
+static const struct drbg_kat kat3146 = {
|
||||
+ PR_TRUE, USE_DF, NID_aes_192_ctr, 24, 16, 0, 32, 64, &kat3146_t
|
||||
+};
|
||||
+
|
||||
+static const struct drbg_kat *drbg_test[] = { &kat1308, &kat1465, &kat3146 };
|
||||
+
|
||||
+static const size_t drbg_test_nelem = OSSL_NELEM(drbg_test);
|
||||
+
|
||||
+static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout,
|
||||
+ int entropy, size_t min_len, size_t max_len,
|
||||
+ int prediction_resistance)
|
||||
+{
|
||||
+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
|
||||
+
|
||||
+ t->entropycnt++;
|
||||
+ *pout = (unsigned char *)t->entropy;
|
||||
+ return t->entropylen;
|
||||
+}
|
||||
+
|
||||
+static size_t kat_nonce(RAND_DRBG *drbg, unsigned char **pout,
|
||||
+ int entropy, size_t min_len, size_t max_len)
|
||||
+{
|
||||
+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
|
||||
+
|
||||
+ t->noncecnt++;
|
||||
+ *pout = (unsigned char *)t->nonce;
|
||||
+ return t->noncelen;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * Do a single NO_RESEED KAT:
|
||||
+ *
|
||||
+ * Instantiate
|
||||
+ * Generate Random Bits (pr=false)
|
||||
+ * Generate Random Bits (pr=false)
|
||||
+ * Uninstantiate
|
||||
+ *
|
||||
+ * Return 0 on failure.
|
||||
+ */
|
||||
+static int single_kat_no_reseed(const struct drbg_kat *td)
|
||||
+{
|
||||
+ struct drbg_kat_no_reseed *data = (struct drbg_kat_no_reseed *)td->t;
|
||||
+ RAND_DRBG *drbg = NULL;
|
||||
+ unsigned char *buff = NULL;
|
||||
+ unsigned int flags = 0;
|
||||
+ int failures = 0;
|
||||
+ TEST_CTX t;
|
||||
+
|
||||
+ if (td->df != USE_DF)
|
||||
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
|
||||
+
|
||||
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||
+ kat_nonce, NULL)) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ memset(&t, 0, sizeof(t));
|
||||
+ t.entropy = data->entropyin;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+ t.nonce = data->nonce;
|
||||
+ t.noncelen = td->noncelen;
|
||||
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
|
||||
+
|
||||
+ buff = OPENSSL_malloc(td->retbyteslen);
|
||||
+ if (buff == NULL) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)
|
||||
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
|
||||
+ data->addin1, td->addinlen)
|
||||
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
|
||||
+ data->addin2, td->addinlen)
|
||||
+ || memcmp(data->retbytes, buff,
|
||||
+ td->retbyteslen) != 0)
|
||||
+ failures++;
|
||||
+
|
||||
+err:
|
||||
+ OPENSSL_free(buff);
|
||||
+ RAND_DRBG_uninstantiate(drbg);
|
||||
+ RAND_DRBG_free(drbg);
|
||||
+ return failures == 0;
|
||||
+}
|
||||
+
|
||||
+/*-
|
||||
+ * Do a single PR_FALSE KAT:
|
||||
+ *
|
||||
+ * Instantiate
|
||||
+ * Reseed
|
||||
+ * Generate Random Bits (pr=false)
|
||||
+ * Generate Random Bits (pr=false)
|
||||
+ * Uninstantiate
|
||||
+ *
|
||||
+ * Return 0 on failure.
|
||||
+ */
|
||||
+static int single_kat_pr_false(const struct drbg_kat *td)
|
||||
+{
|
||||
+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
|
||||
+ RAND_DRBG *drbg = NULL;
|
||||
+ unsigned char *buff = NULL;
|
||||
+ unsigned int flags = 0;
|
||||
+ int failures = 0;
|
||||
+ TEST_CTX t;
|
||||
+
|
||||
+ if (td->df != USE_DF)
|
||||
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
|
||||
+
|
||||
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||
+ kat_nonce, NULL)) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ memset(&t, 0, sizeof(t));
|
||||
+ t.entropy = data->entropyin;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+ t.nonce = data->nonce;
|
||||
+ t.noncelen = td->noncelen;
|
||||
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
|
||||
+
|
||||
+ buff = OPENSSL_malloc(td->retbyteslen);
|
||||
+ if (buff == NULL) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
|
||||
+ failures++;
|
||||
+
|
||||
+ t.entropy = data->entropyinreseed;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+
|
||||
+ if (!RAND_DRBG_reseed(drbg, data->addinreseed, td->addinlen, 0)
|
||||
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
|
||||
+ data->addin1, td->addinlen)
|
||||
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
|
||||
+ data->addin2, td->addinlen)
|
||||
+ || memcmp(data->retbytes, buff,
|
||||
+ td->retbyteslen) != 0)
|
||||
+ failures++;
|
||||
+
|
||||
+err:
|
||||
+ OPENSSL_free(buff);
|
||||
+ RAND_DRBG_uninstantiate(drbg);
|
||||
+ RAND_DRBG_free(drbg);
|
||||
+ return failures == 0;
|
||||
+}
|
||||
+
|
||||
+/*-
|
||||
+ * Do a single PR_TRUE KAT:
|
||||
+ *
|
||||
+ * Instantiate
|
||||
+ * Generate Random Bits (pr=true)
|
||||
+ * Generate Random Bits (pr=true)
|
||||
+ * Uninstantiate
|
||||
+ *
|
||||
+ * Return 0 on failure.
|
||||
+ */
|
||||
+static int single_kat_pr_true(const struct drbg_kat *td)
|
||||
+{
|
||||
+ struct drbg_kat_pr_true *data = (struct drbg_kat_pr_true *)td->t;
|
||||
+ RAND_DRBG *drbg = NULL;
|
||||
+ unsigned char *buff = NULL;
|
||||
+ unsigned int flags = 0;
|
||||
+ int failures = 0;
|
||||
+ TEST_CTX t;
|
||||
+
|
||||
+ if (td->df != USE_DF)
|
||||
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
|
||||
+
|
||||
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||
+ kat_nonce, NULL)) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ memset(&t, 0, sizeof(t));
|
||||
+ t.nonce = data->nonce;
|
||||
+ t.noncelen = td->noncelen;
|
||||
+ t.entropy = data->entropyin;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
|
||||
+
|
||||
+ buff = OPENSSL_malloc(td->retbyteslen);
|
||||
+ if (buff == NULL) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
|
||||
+ failures++;
|
||||
+
|
||||
+ t.entropy = data->entropyinpr1;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+
|
||||
+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
|
||||
+ data->addin1, td->addinlen))
|
||||
+ failures++;
|
||||
+
|
||||
+ t.entropy = data->entropyinpr2;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+
|
||||
+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
|
||||
+ data->addin2, td->addinlen)
|
||||
+ || memcmp(data->retbytes, buff,
|
||||
+ td->retbyteslen) != 0)
|
||||
+ failures++;
|
||||
+
|
||||
+err:
|
||||
+ OPENSSL_free(buff);
|
||||
+ RAND_DRBG_uninstantiate(drbg);
|
||||
+ RAND_DRBG_free(drbg);
|
||||
+ return failures == 0;
|
||||
+}
|
||||
+
|
||||
+static int test_kats(int i)
|
||||
+{
|
||||
+ const struct drbg_kat *td = drbg_test[i];
|
||||
+ int rv = 0;
|
||||
+
|
||||
+ switch (td->type) {
|
||||
+ case NO_RESEED:
|
||||
+ if (!single_kat_no_reseed(td))
|
||||
+ goto err;
|
||||
+ break;
|
||||
+ case PR_FALSE:
|
||||
+ if (!single_kat_pr_false(td))
|
||||
+ goto err;
|
||||
+ break;
|
||||
+ case PR_TRUE:
|
||||
+ if (!single_kat_pr_true(td))
|
||||
+ goto err;
|
||||
+ break;
|
||||
+ default: /* cant happen */
|
||||
+ goto err;
|
||||
+ }
|
||||
+ rv = 1;
|
||||
+err:
|
||||
+ return rv;
|
||||
+}
|
||||
+
|
||||
+/*-
|
||||
+ * Do one expected-error test:
|
||||
+ *
|
||||
+ * Instantiate with no entropy supplied
|
||||
+ *
|
||||
+ * Return 0 on failure.
|
||||
+ */
|
||||
+static int test_drbg_sanity(const struct drbg_kat *td)
|
||||
+{
|
||||
+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
|
||||
+ RAND_DRBG *drbg = NULL;
|
||||
+ unsigned int flags = 0;
|
||||
+ int failures = 0;
|
||||
+ TEST_CTX t;
|
||||
+
|
||||
+ if (td->df != USE_DF)
|
||||
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
|
||||
+
|
||||
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||
+ kat_nonce, NULL)) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ memset(&t, 0, sizeof(t));
|
||||
+ t.entropy = data->entropyin;
|
||||
+ t.entropylen = 0; /* No entropy */
|
||||
+ t.nonce = data->nonce;
|
||||
+ t.noncelen = td->noncelen;
|
||||
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
|
||||
+
|
||||
+ ERR_set_mark();
|
||||
+ /* This must fail. */
|
||||
+ if (RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
|
||||
+ failures++;
|
||||
+ RAND_DRBG_uninstantiate(drbg);
|
||||
+ ERR_pop_to_mark();
|
||||
+
|
||||
+err:
|
||||
+ RAND_DRBG_free(drbg);
|
||||
+ return failures == 0;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+int rand_drbg_selftest(void)
|
||||
+{
|
||||
+ int i;
|
||||
+
|
||||
+ if (!RUN_ONCE(&get_index_once, drbg_app_data_index_init))
|
||||
+ return 0;
|
||||
+
|
||||
+ for (i = 0; i < drbg_test_nelem; i++) {
|
||||
+ if (test_kats(i) <= 0)
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if (test_drbg_sanity(&kat1465) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
diff -up openssl-1.1.1g/include/crypto/rand.h.drbg-selftest openssl-1.1.1g/include/crypto/rand.h
|
||||
--- openssl-1.1.1g/include/crypto/rand.h.drbg-selftest 2020-04-23 13:33:12.587622510 +0200
|
||||
+++ openssl-1.1.1g/include/crypto/rand.h 2020-04-23 13:33:12.619621907 +0200
|
||||
@@ -140,4 +140,9 @@ void rand_pool_cleanup(void);
|
||||
*/
|
||||
void rand_pool_keep_random_devices_open(int keep);
|
||||
|
||||
+/*
|
||||
+ * Perform the DRBG KAT selftests
|
||||
+ */
|
||||
+int rand_drbg_selftest(void);
|
||||
+
|
||||
#endif
|
@ -1,11 +1,11 @@
|
||||
diff -up openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand openssl-1.1.1c/crypto/fips/fips.c
|
||||
--- openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand 2019-05-29 15:53:56.328216002 +0200
|
||||
+++ openssl-1.1.1c/crypto/fips/fips.c 2019-05-29 15:53:56.359215457 +0200
|
||||
diff -up openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand openssl-1.1.1e/crypto/fips/fips.c
|
||||
--- openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand 2020-03-17 18:06:16.822418854 +0100
|
||||
+++ openssl-1.1.1e/crypto/fips/fips.c 2020-03-17 18:06:16.861418172 +0100
|
||||
@@ -68,6 +68,7 @@
|
||||
|
||||
# include <openssl/fips.h>
|
||||
# include "internal/thread_once.h"
|
||||
+# include "internal/rand_int.h"
|
||||
+# include "crypto/rand.h"
|
||||
|
||||
# ifndef PATH_MAX
|
||||
# define PATH_MAX 1024
|
||||
@ -46,41 +46,52 @@ diff -up openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand openssl-1.1.1c/crypto/
|
||||
+
|
||||
fips_set_mode(onoff);
|
||||
+ /* force RNG reseed with entropy from getrandom() on next call */
|
||||
+ rand_fork();
|
||||
+ rand_force_reseed();
|
||||
+
|
||||
ret = 1;
|
||||
goto end;
|
||||
}
|
||||
diff -up openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand openssl-1.1.1c/crypto/include/internal/fips_int.h
|
||||
--- openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand 2019-05-29 15:53:56.337215844 +0200
|
||||
+++ openssl-1.1.1c/crypto/include/internal/fips_int.h 2019-05-29 15:53:56.359215457 +0200
|
||||
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
|
||||
int FIPS_selftest_drbg(void);
|
||||
int FIPS_selftest_cmac(void);
|
||||
diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1e/crypto/rand/drbg_lib.c
|
||||
--- openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/rand/drbg_lib.c 2020-03-17 18:07:35.305045521 +0100
|
||||
@@ -1009,6 +1009,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
|
||||
return min_entropy > min_entropylen ? min_entropy : min_entropylen;
|
||||
}
|
||||
|
||||
+int fips_in_post(void);
|
||||
+void rand_force_reseed(void)
|
||||
+{
|
||||
+ RAND_DRBG *drbg;
|
||||
+
|
||||
int fips_pkey_signature_test(EVP_PKEY *pkey,
|
||||
const unsigned char *tbs, int tbslen,
|
||||
const unsigned char *kat,
|
||||
diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/crypto/rand/rand_unix.c
|
||||
--- openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/rand/rand_unix.c 2019-05-29 16:54:16.471391802 +0200
|
||||
@@ -16,10 +16,12 @@
|
||||
#include <openssl/rand.h>
|
||||
#include "rand_lcl.h"
|
||||
#include "internal/rand_int.h"
|
||||
+#include "internal/fips_int.h"
|
||||
+ drbg = RAND_DRBG_get0_master();
|
||||
+ drbg->fork_id = 0;
|
||||
+
|
||||
+ drbg = RAND_DRBG_get0_private();
|
||||
+ drbg->fork_id = 0;
|
||||
+
|
||||
+ drbg = RAND_DRBG_get0_public();
|
||||
+ drbg->fork_id = 0;
|
||||
+}
|
||||
+
|
||||
/* Implements the default OpenSSL RAND_add() method */
|
||||
static int drbg_add(const void *buf, int num, double randomness)
|
||||
{
|
||||
diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/crypto/rand/rand_unix.c
|
||||
--- openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/rand/rand_unix.c 2020-03-17 18:09:01.503537189 +0100
|
||||
@@ -17,10 +17,12 @@
|
||||
#include <openssl/crypto.h>
|
||||
#include "rand_local.h"
|
||||
#include "crypto/rand.h"
|
||||
+#include "crypto/fips.h"
|
||||
#include <stdio.h>
|
||||
#include "internal/dso.h"
|
||||
#if defined(__linux)
|
||||
-# include <asm/unistd.h>
|
||||
+# include <sys/syscall.h>
|
||||
#ifdef __linux
|
||||
# include <sys/syscall.h>
|
||||
+# include <sys/random.h>
|
||||
#endif
|
||||
#if defined(__FreeBSD__)
|
||||
# include <sys/types.h>
|
||||
@@ -279,7 +281,7 @@ static ssize_t sysctl_random(char *buf,
|
||||
# ifdef DEVRANDOM_WAIT
|
||||
# include <sys/shm.h>
|
||||
# include <sys/utsname.h>
|
||||
@@ -342,7 +344,7 @@ static ssize_t sysctl_random(char *buf,
|
||||
* syscall_random(): Try to get random data using a system call
|
||||
* returns the number of bytes returned in buf, or < 0 on error.
|
||||
*/
|
||||
@ -89,7 +100,7 @@ diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/cr
|
||||
{
|
||||
/*
|
||||
* Note: 'buflen' equals the size of the buffer which is used by the
|
||||
@@ -301,6 +303,7 @@ static ssize_t syscall_random(void *buf,
|
||||
@@ -364,6 +366,7 @@ static ssize_t syscall_random(void *buf,
|
||||
* - Linux since 3.17 with glibc 2.25
|
||||
* - FreeBSD since 12.0 (1200061)
|
||||
*/
|
||||
@ -97,7 +108,7 @@ diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/cr
|
||||
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
|
||||
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
|
||||
|
||||
@@ -322,10 +325,10 @@ static ssize_t syscall_random(void *buf,
|
||||
@@ -385,10 +388,10 @@ static ssize_t syscall_random(void *buf,
|
||||
if (p_getentropy.p != NULL)
|
||||
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
||||
# endif
|
||||
@ -111,19 +122,17 @@ diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/cr
|
||||
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
||||
return sysctl_random(buf, buflen);
|
||||
# else
|
||||
@@ -475,8 +478,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
size_t bytes_needed;
|
||||
size_t entropy_available = 0;
|
||||
unsigned char *buffer;
|
||||
-
|
||||
@@ -623,6 +626,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
size_t entropy_available;
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
|
||||
+ int in_post;
|
||||
+
|
||||
+ for (in_post = fips_in_post(); in_post >= 0; --in_post) {
|
||||
{
|
||||
ssize_t bytes;
|
||||
/* Maximum allowed number of consecutive unsuccessful attempts */
|
||||
@@ -485,7 +490,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
size_t bytes_needed;
|
||||
unsigned char *buffer;
|
||||
@@ -633,7 +639,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
@ -132,7 +141,7 @@ diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/cr
|
||||
if (bytes > 0) {
|
||||
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||
bytes_needed -= bytes;
|
||||
@@ -540,8 +545,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
@@ -668,8 +674,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
int attempts = 3;
|
||||
const int fd = get_random_device(i);
|
||||
|
||||
@ -144,8 +153,8 @@ diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/cr
|
||||
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
@@ -601,7 +608,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
}
|
||||
@@ -732,7 +740,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
return entropy_available;
|
||||
}
|
||||
# endif
|
||||
-
|
||||
@ -155,3 +164,26 @@ diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/cr
|
||||
return rand_pool_entropy_available(pool);
|
||||
# endif
|
||||
}
|
||||
diff -up openssl-1.1.1e/include/crypto/fips.h.fips-post-rand openssl-1.1.1e/include/crypto/fips.h
|
||||
--- openssl-1.1.1e/include/crypto/fips.h.fips-post-rand 2020-03-17 18:06:16.831418696 +0100
|
||||
+++ openssl-1.1.1e/include/crypto/fips.h 2020-03-17 18:06:16.861418172 +0100
|
||||
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
|
||||
int FIPS_selftest_drbg(void);
|
||||
int FIPS_selftest_cmac(void);
|
||||
|
||||
+int fips_in_post(void);
|
||||
+
|
||||
int fips_pkey_signature_test(EVP_PKEY *pkey,
|
||||
const unsigned char *tbs, int tbslen,
|
||||
const unsigned char *kat,
|
||||
diff -up openssl-1.1.1e/include/crypto/rand.h.fips-post-rand openssl-1.1.1e/include/crypto/rand.h
|
||||
--- openssl-1.1.1e/include/crypto/rand.h.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/include/crypto/rand.h 2020-03-17 18:07:35.303045555 +0100
|
||||
@@ -24,6 +24,7 @@
|
||||
typedef struct rand_pool_st RAND_POOL;
|
||||
|
||||
void rand_cleanup_int(void);
|
||||
+void rand_force_reseed(void);
|
||||
void rand_drbg_cleanup_int(void);
|
||||
void drbg_delete_thread_state(void);
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
500
SOURCES/openssl-1.1.1-intel-cet.patch
Normal file
500
SOURCES/openssl-1.1.1-intel-cet.patch
Normal file
@ -0,0 +1,500 @@
|
||||
diff -up openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl
|
||||
--- openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl 2020-03-19 17:07:02.626522694 +0100
|
||||
@@ -275,6 +275,7 @@ $code.=<<___;
|
||||
.align 16
|
||||
${PREFIX}_encrypt:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
movups ($inp),$inout0 # load input
|
||||
mov 240($key),$rounds # key->rounds
|
||||
___
|
||||
@@ -293,6 +294,7 @@ $code.=<<___;
|
||||
.align 16
|
||||
${PREFIX}_decrypt:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
movups ($inp),$inout0 # load input
|
||||
mov 240($key),$rounds # key->rounds
|
||||
___
|
||||
@@ -613,6 +615,7 @@ $code.=<<___;
|
||||
.align 16
|
||||
aesni_ecb_encrypt:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
lea -0x58(%rsp),%rsp
|
||||
@@ -985,6 +988,7 @@ $code.=<<___;
|
||||
.align 16
|
||||
aesni_ccm64_encrypt_blocks:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
lea -0x58(%rsp),%rsp
|
||||
@@ -1077,6 +1081,7 @@ $code.=<<___;
|
||||
.align 16
|
||||
aesni_ccm64_decrypt_blocks:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
lea -0x58(%rsp),%rsp
|
||||
@@ -1203,6 +1208,7 @@ $code.=<<___;
|
||||
.align 16
|
||||
aesni_ctr32_encrypt_blocks:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
cmp \$1,$len
|
||||
jne .Lctr32_bulk
|
||||
|
||||
@@ -1775,6 +1781,7 @@ $code.=<<___;
|
||||
.align 16
|
||||
aesni_xts_encrypt:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
lea (%rsp),%r11 # frame pointer
|
||||
.cfi_def_cfa_register %r11
|
||||
push %rbp
|
||||
@@ -2258,6 +2265,7 @@ $code.=<<___;
|
||||
.align 16
|
||||
aesni_xts_decrypt:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
lea (%rsp),%r11 # frame pointer
|
||||
.cfi_def_cfa_register %r11
|
||||
push %rbp
|
||||
@@ -2783,6 +2791,7 @@ $code.=<<___;
|
||||
.align 32
|
||||
aesni_ocb_encrypt:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
lea (%rsp),%rax
|
||||
push %rbx
|
||||
.cfi_push %rbx
|
||||
@@ -3249,6 +3258,7 @@ __ocb_encrypt1:
|
||||
.align 32
|
||||
aesni_ocb_decrypt:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
lea (%rsp),%rax
|
||||
push %rbx
|
||||
.cfi_push %rbx
|
||||
@@ -3737,6 +3747,7 @@ $code.=<<___;
|
||||
.align 16
|
||||
${PREFIX}_cbc_encrypt:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
test $len,$len # check length
|
||||
jz .Lcbc_ret
|
||||
|
||||
diff -up openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl
|
||||
--- openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl 2020-03-19 17:00:15.974621757 +0100
|
||||
@@ -696,6 +696,7 @@ _vpaes_schedule_mangle:
|
||||
.align 16
|
||||
${PREFIX}_set_encrypt_key:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
lea -0xb8(%rsp),%rsp
|
||||
@@ -746,6 +747,7 @@ $code.=<<___;
|
||||
.align 16
|
||||
${PREFIX}_set_decrypt_key:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
lea -0xb8(%rsp),%rsp
|
||||
@@ -801,6 +803,7 @@ $code.=<<___;
|
||||
.align 16
|
||||
${PREFIX}_encrypt:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
lea -0xb8(%rsp),%rsp
|
||||
@@ -846,6 +849,7 @@ $code.=<<___;
|
||||
.align 16
|
||||
${PREFIX}_decrypt:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
lea -0xb8(%rsp),%rsp
|
||||
@@ -897,6 +901,7 @@ $code.=<<___;
|
||||
.align 16
|
||||
${PREFIX}_cbc_encrypt:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
xchg $key,$len
|
||||
___
|
||||
($len,$key)=($key,$len);
|
||||
diff -up openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.c
|
||||
--- openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/async/arch/async_posix.c 2020-03-19 17:00:15.974621757 +0100
|
||||
@@ -34,7 +34,9 @@ void async_local_cleanup(void)
|
||||
|
||||
int async_fibre_makecontext(async_fibre *fibre)
|
||||
{
|
||||
+#ifndef USE_SWAPCONTEXT
|
||||
fibre->env_init = 0;
|
||||
+#endif
|
||||
if (getcontext(&fibre->fibre) == 0) {
|
||||
fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE);
|
||||
if (fibre->fibre.uc_stack.ss_sp != NULL) {
|
||||
diff -up openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.h
|
||||
--- openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet 2020-03-19 17:00:15.435631166 +0100
|
||||
+++ openssl-1.1.1e/crypto/async/arch/async_posix.h 2020-03-19 17:00:15.975621739 +0100
|
||||
@@ -25,17 +25,33 @@
|
||||
# define ASYNC_POSIX
|
||||
# define ASYNC_ARCH
|
||||
|
||||
+# ifdef __CET__
|
||||
+/*
|
||||
+ * When Intel CET is enabled, makecontext will create a different
|
||||
+ * shadow stack for each context. async_fibre_swapcontext cannot
|
||||
+ * use _longjmp. It must call swapcontext to swap shadow stack as
|
||||
+ * well as normal stack.
|
||||
+ */
|
||||
+# define USE_SWAPCONTEXT
|
||||
+# endif
|
||||
# include <ucontext.h>
|
||||
-# include <setjmp.h>
|
||||
+# ifndef USE_SWAPCONTEXT
|
||||
+# include <setjmp.h>
|
||||
+# endif
|
||||
|
||||
typedef struct async_fibre_st {
|
||||
ucontext_t fibre;
|
||||
+# ifndef USE_SWAPCONTEXT
|
||||
jmp_buf env;
|
||||
int env_init;
|
||||
+# endif
|
||||
} async_fibre;
|
||||
|
||||
static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r)
|
||||
{
|
||||
+# ifdef USE_SWAPCONTEXT
|
||||
+ swapcontext(&o->fibre, &n->fibre);
|
||||
+# else
|
||||
o->env_init = 1;
|
||||
|
||||
if (!r || !_setjmp(o->env)) {
|
||||
@@ -44,6 +60,7 @@ static ossl_inline int async_fibre_swapc
|
||||
else
|
||||
setcontext(&n->fibre);
|
||||
}
|
||||
+# endif
|
||||
|
||||
return 1;
|
||||
}
|
||||
diff -up openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl
|
||||
--- openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl 2020-03-19 17:00:15.975621739 +0100
|
||||
@@ -685,6 +685,7 @@ $code.=<<___;
|
||||
.align 16
|
||||
Camellia_cbc_encrypt:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
cmp \$0,%rdx
|
||||
je .Lcbc_abort
|
||||
push %rbx
|
||||
diff -up openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl
|
||||
--- openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl 2020-03-19 17:00:15.975621739 +0100
|
||||
@@ -239,6 +239,7 @@ $code=<<___;
|
||||
.align 16
|
||||
gcm_gmult_4bit:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
push %rbx
|
||||
.cfi_push %rbx
|
||||
push %rbp # %rbp and others are pushed exclusively in
|
||||
@@ -286,6 +287,7 @@ $code.=<<___;
|
||||
.align 16
|
||||
gcm_ghash_4bit:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
push %rbx
|
||||
.cfi_push %rbx
|
||||
push %rbp
|
||||
@@ -612,6 +614,7 @@ $code.=<<___;
|
||||
.align 16
|
||||
gcm_gmult_clmul:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
.L_gmult_clmul:
|
||||
movdqu ($Xip),$Xi
|
||||
movdqa .Lbswap_mask(%rip),$T3
|
||||
@@ -663,6 +666,7 @@ $code.=<<___;
|
||||
.align 32
|
||||
gcm_ghash_clmul:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
.L_ghash_clmul:
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
@@ -1166,6 +1170,7 @@ $code.=<<___;
|
||||
.align 32
|
||||
gcm_gmult_avx:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
jmp .L_gmult_clmul
|
||||
.cfi_endproc
|
||||
.size gcm_gmult_avx,.-gcm_gmult_avx
|
||||
@@ -1177,6 +1182,7 @@ $code.=<<___;
|
||||
.align 32
|
||||
gcm_ghash_avx:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
___
|
||||
if ($avx) {
|
||||
my ($Xip,$Htbl,$inp,$len)=@_4args;
|
||||
diff -up openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet openssl-1.1.1e/crypto/perlasm/cbc.pl
|
||||
--- openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/perlasm/cbc.pl 2020-03-19 17:00:15.976621722 +0100
|
||||
@@ -165,21 +165,28 @@ sub cbc
|
||||
&jmp_ptr($count);
|
||||
|
||||
&set_label("ej7");
|
||||
+ &endbranch()
|
||||
&movb(&HB("edx"), &BP(6,$in,"",0));
|
||||
&shl("edx",8);
|
||||
&set_label("ej6");
|
||||
+ &endbranch()
|
||||
&movb(&HB("edx"), &BP(5,$in,"",0));
|
||||
&set_label("ej5");
|
||||
+ &endbranch()
|
||||
&movb(&LB("edx"), &BP(4,$in,"",0));
|
||||
&set_label("ej4");
|
||||
+ &endbranch()
|
||||
&mov("ecx", &DWP(0,$in,"",0));
|
||||
&jmp(&label("ejend"));
|
||||
&set_label("ej3");
|
||||
+ &endbranch()
|
||||
&movb(&HB("ecx"), &BP(2,$in,"",0));
|
||||
&shl("ecx",8);
|
||||
&set_label("ej2");
|
||||
+ &endbranch()
|
||||
&movb(&HB("ecx"), &BP(1,$in,"",0));
|
||||
&set_label("ej1");
|
||||
+ &endbranch()
|
||||
&movb(&LB("ecx"), &BP(0,$in,"",0));
|
||||
&set_label("ejend");
|
||||
|
||||
diff -up openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl
|
||||
--- openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl 2020-03-19 17:00:15.984621582 +0100
|
||||
@@ -101,6 +101,33 @@ elsif (!$gas)
|
||||
$decor="\$L\$";
|
||||
}
|
||||
|
||||
+my $cet_property;
|
||||
+if ($flavour =~ /elf/) {
|
||||
+ # Always generate .note.gnu.property section for ELF outputs to
|
||||
+ # mark Intel CET support since all input files must be marked
|
||||
+ # with Intel CET support in order for linker to mark output with
|
||||
+ # Intel CET support.
|
||||
+ my $p2align=3; $p2align=2 if ($flavour eq "elf32");
|
||||
+ $cet_property = <<_____;
|
||||
+ .section ".note.gnu.property", "a"
|
||||
+ .p2align $p2align
|
||||
+ .long 1f - 0f
|
||||
+ .long 4f - 1f
|
||||
+ .long 5
|
||||
+0:
|
||||
+ .asciz "GNU"
|
||||
+1:
|
||||
+ .p2align $p2align
|
||||
+ .long 0xc0000002
|
||||
+ .long 3f - 2f
|
||||
+2:
|
||||
+ .long 3
|
||||
+3:
|
||||
+ .p2align $p2align
|
||||
+4:
|
||||
+_____
|
||||
+}
|
||||
+
|
||||
my $current_segment;
|
||||
my $current_function;
|
||||
my %globals;
|
||||
@@ -1213,6 +1240,7 @@ while(defined(my $line=<>)) {
|
||||
print $line,"\n";
|
||||
}
|
||||
|
||||
+print "$cet_property" if ($cet_property);
|
||||
print "\n$current_segment\tENDS\n" if ($current_segment && $masm);
|
||||
print "END\n" if ($masm);
|
||||
|
||||
diff -up openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86gas.pl
|
||||
--- openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/perlasm/x86gas.pl 2020-03-19 17:00:15.985621565 +0100
|
||||
@@ -124,6 +124,7 @@ sub ::function_begin_B
|
||||
push(@out,".align\t$align\n");
|
||||
push(@out,"$func:\n");
|
||||
push(@out,"$begin:\n") if ($global);
|
||||
+ &::endbranch();
|
||||
$::stack=4;
|
||||
}
|
||||
|
||||
@@ -172,6 +173,26 @@ sub ::file_end
|
||||
else { push (@out,"$tmp\n"); }
|
||||
}
|
||||
push(@out,$initseg) if ($initseg);
|
||||
+ if ($::elf) {
|
||||
+ push(@out,"
|
||||
+ .section \".note.gnu.property\", \"a\"
|
||||
+ .p2align 2
|
||||
+ .long 1f - 0f
|
||||
+ .long 4f - 1f
|
||||
+ .long 5
|
||||
+0:
|
||||
+ .asciz \"GNU\"
|
||||
+1:
|
||||
+ .p2align 2
|
||||
+ .long 0xc0000002
|
||||
+ .long 3f - 2f
|
||||
+2:
|
||||
+ .long 3
|
||||
+3:
|
||||
+ .p2align 2
|
||||
+4:
|
||||
+");
|
||||
+ }
|
||||
}
|
||||
|
||||
sub ::data_byte { push(@out,".byte\t".join(',',@_)."\n"); }
|
||||
diff -up openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl
|
||||
--- openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet 2020-03-19 17:00:38.185234015 +0100
|
||||
+++ openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl 2020-03-19 17:05:46.575850341 +0100
|
||||
@@ -2806,6 +2806,7 @@ $code.=<<___;
|
||||
.align 32
|
||||
poly1305_blocks_vpmadd52:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
shr \$4,$len
|
||||
jz .Lno_data_vpmadd52 # too short
|
||||
|
||||
@@ -3739,6 +3740,7 @@ $code.=<<___;
|
||||
.align 32
|
||||
poly1305_emit_base2_44:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
mov 0($ctx),%r8 # load hash value
|
||||
mov 8($ctx),%r9
|
||||
mov 16($ctx),%r10
|
||||
diff -up openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl
|
||||
--- openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet 2020-03-19 17:00:38.190233928 +0100
|
||||
+++ openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl 2020-03-19 17:05:02.598618064 +0100
|
||||
@@ -140,6 +140,7 @@ $code=<<___;
|
||||
.align 16
|
||||
RC4:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
or $len,$len
|
||||
jne .Lentry
|
||||
ret
|
||||
@@ -455,6 +456,7 @@ $code.=<<___;
|
||||
.align 16
|
||||
RC4_set_key:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
lea 8($dat),$dat
|
||||
lea ($inp,$len),$inp
|
||||
neg $len
|
||||
@@ -529,6 +531,7 @@ RC4_set_key:
|
||||
.align 16
|
||||
RC4_options:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
lea .Lopts(%rip),%rax
|
||||
mov OPENSSL_ia32cap_P(%rip),%edx
|
||||
bt \$20,%edx
|
||||
diff -up openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet openssl-1.1.1e/crypto/x86_64cpuid.pl
|
||||
--- openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/x86_64cpuid.pl 2020-03-19 17:03:58.172742775 +0100
|
||||
@@ -40,6 +40,7 @@ print<<___;
|
||||
.align 16
|
||||
OPENSSL_atomic_add:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
movl ($arg1),%eax
|
||||
.Lspin: leaq ($arg2,%rax),%r8
|
||||
.byte 0xf0 # lock
|
||||
@@ -56,6 +57,7 @@ OPENSSL_atomic_add:
|
||||
.align 16
|
||||
OPENSSL_rdtsc:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
rdtsc
|
||||
shl \$32,%rdx
|
||||
or %rdx,%rax
|
||||
@@ -68,6 +70,7 @@ OPENSSL_rdtsc:
|
||||
.align 16
|
||||
OPENSSL_ia32_cpuid:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
mov %rbx,%r8 # save %rbx
|
||||
.cfi_register %rbx,%r8
|
||||
|
||||
@@ -237,6 +240,7 @@ OPENSSL_ia32_cpuid:
|
||||
.align 16
|
||||
OPENSSL_cleanse:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
xor %rax,%rax
|
||||
cmp \$15,$arg2
|
||||
jae .Lot
|
||||
@@ -274,6 +278,7 @@ OPENSSL_cleanse:
|
||||
.align 16
|
||||
CRYPTO_memcmp:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
xor %rax,%rax
|
||||
xor %r10,%r10
|
||||
cmp \$0,$arg3
|
||||
@@ -312,6 +317,7 @@ print<<___ if (!$win64);
|
||||
.align 16
|
||||
OPENSSL_wipe_cpu:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
pxor %xmm0,%xmm0
|
||||
pxor %xmm1,%xmm1
|
||||
pxor %xmm2,%xmm2
|
||||
@@ -346,6 +352,8 @@ print<<___ if ($win64);
|
||||
.type OPENSSL_wipe_cpu,\@abi-omnipotent
|
||||
.align 16
|
||||
OPENSSL_wipe_cpu:
|
||||
+.cfi_startproc
|
||||
+ endbranch
|
||||
pxor %xmm0,%xmm0
|
||||
pxor %xmm1,%xmm1
|
||||
pxor %xmm2,%xmm2
|
||||
@@ -376,6 +384,7 @@ print<<___;
|
||||
.align 16
|
||||
OPENSSL_instrument_bus:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
mov $arg1,$out # tribute to Win64
|
||||
mov $arg2,$cnt
|
||||
mov $arg2,$max
|
||||
@@ -410,6 +419,7 @@ OPENSSL_instrument_bus:
|
||||
.align 16
|
||||
OPENSSL_instrument_bus2:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
mov $arg1,$out # tribute to Win64
|
||||
mov $arg2,$cnt
|
||||
mov $arg3,$max
|
||||
@@ -465,6 +475,7 @@ print<<___;
|
||||
.align 16
|
||||
OPENSSL_ia32_${rdop}_bytes:
|
||||
.cfi_startproc
|
||||
+ endbranch
|
||||
xor %rax, %rax # return value
|
||||
cmp \$0,$arg2
|
||||
je .Ldone_${rdop}_bytes
|
170
SOURCES/openssl-1.1.1-kdf-selftest.patch
Normal file
170
SOURCES/openssl-1.1.1-kdf-selftest.patch
Normal file
@ -0,0 +1,170 @@
|
||||
diff -up openssl-1.1.1g/crypto/fips/build.info.kdf-selftest openssl-1.1.1g/crypto/fips/build.info
|
||||
--- openssl-1.1.1g/crypto/fips/build.info.kdf-selftest 2020-06-03 16:08:36.274849058 +0200
|
||||
+++ openssl-1.1.1g/crypto/fips/build.info 2020-06-03 16:11:05.609079372 +0200
|
||||
@@ -5,7 +5,7 @@ SOURCE[../../libcrypto]=\
|
||||
fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
|
||||
fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
|
||||
fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
|
||||
- fips_dh_selftest.c fips_ers.c
|
||||
+ fips_dh_selftest.c fips_kdf_selftest.c fips_ers.c
|
||||
|
||||
PROGRAMS_NO_INST=\
|
||||
fips_standalone_hmac
|
||||
diff -up openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c
|
||||
--- openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest 2020-06-03 16:08:36.337849577 +0200
|
||||
+++ openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c 2020-06-03 16:08:36.337849577 +0200
|
||||
@@ -0,0 +1,117 @@
|
||||
+/*
|
||||
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
|
||||
+ *
|
||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+#include <string.h>
|
||||
+#include <openssl/err.h>
|
||||
+#include <openssl/fips.h>
|
||||
+#include "crypto/fips.h"
|
||||
+
|
||||
+#include <openssl/evp.h>
|
||||
+#include <openssl/kdf.h>
|
||||
+
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+int FIPS_selftest_pbkdf2(void)
|
||||
+{
|
||||
+ int ret = 0;
|
||||
+ EVP_KDF_CTX *kctx;
|
||||
+ unsigned char out[32];
|
||||
+
|
||||
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ {
|
||||
+ const unsigned char expected[sizeof(out)] = {
|
||||
+ 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
|
||||
+ 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
|
||||
+ 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
|
||||
+ 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
|
||||
+ };
|
||||
+ if (memcmp(out, expected, sizeof(expected))) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ }
|
||||
+ ret = 1;
|
||||
+
|
||||
+err:
|
||||
+ if (!ret)
|
||||
+ FIPSerr(FIPS_F_FIPS_SELFTEST_PBKDF2, FIPS_R_SELFTEST_FAILED);
|
||||
+ EVP_KDF_CTX_free(kctx);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+/* Test vector from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
|
||||
+ * 5) appendix A. */
|
||||
+int FIPS_selftest_kbkdf(void)
|
||||
+{
|
||||
+ int ret = 0;
|
||||
+ EVP_KDF_CTX *kctx;
|
||||
+ char *label = "prf", *prf_input = "test";
|
||||
+ static unsigned char input_key[] = {
|
||||
+ 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
|
||||
+ 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
|
||||
+ };
|
||||
+ static unsigned char output[] = {
|
||||
+ 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
|
||||
+ 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
|
||||
+ 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
|
||||
+ 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
|
||||
+ };
|
||||
+ unsigned char result[sizeof(output)] = { 0 };
|
||||
+
|
||||
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_KB)) == NULL) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, EVP_KDF_KB_MAC_TYPE_HMAC) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, input_key, sizeof(input_key)) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, label, strlen(label)) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_INFO, prf_input, strlen(prf_input)) <= 0) {
|
||||
+ goto err;
|
||||
+ }
|
||||
+ ret = EVP_KDF_derive(kctx, result, sizeof(result)) > 0
|
||||
+ && memcmp(result, output, sizeof(output)) == 0;
|
||||
+err:
|
||||
+
|
||||
+ if (!ret)
|
||||
+ FIPSerr(FIPS_F_FIPS_SELFTEST_KBKDF, FIPS_R_SELFTEST_FAILED);
|
||||
+ EVP_KDF_CTX_free(kctx);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+int FIPS_selftest_kdf(void)
|
||||
+{
|
||||
+ return FIPS_selftest_pbkdf2() && FIPS_selftest_kbkdf();
|
||||
+}
|
||||
+
|
||||
+#endif
|
||||
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_post.c
|
||||
--- openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest 2020-06-03 16:08:36.332849536 +0200
|
||||
+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-06-03 16:08:36.338849585 +0200
|
||||
@@ -111,6 +111,8 @@ int FIPS_selftest(void)
|
||||
rv = 0;
|
||||
if (!FIPS_selftest_ecdh())
|
||||
rv = 0;
|
||||
+ if (!FIPS_selftest_kdf())
|
||||
+ rv = 0;
|
||||
return rv;
|
||||
}
|
||||
|
||||
diff -up openssl-1.1.1g/include/crypto/fips.h.kdf-selftest openssl-1.1.1g/include/crypto/fips.h
|
||||
--- openssl-1.1.1g/include/crypto/fips.h.kdf-selftest 2020-06-03 16:08:36.330849519 +0200
|
||||
+++ openssl-1.1.1g/include/crypto/fips.h 2020-06-03 16:08:36.338849585 +0200
|
||||
@@ -72,6 +72,9 @@ void FIPS_drbg_stick(int onoff);
|
||||
int FIPS_selftest_hmac(void);
|
||||
int FIPS_selftest_drbg(void);
|
||||
int FIPS_selftest_cmac(void);
|
||||
+int FIPS_selftest_kbkdf(void);
|
||||
+int FIPS_selftest_pbkdf2(void);
|
||||
+int FIPS_selftest_kdf(void);
|
||||
|
||||
int fips_in_post(void);
|
||||
|
||||
diff -up openssl-1.1.1g/include/openssl/fips.h.kdf-selftest openssl-1.1.1g/include/openssl/fips.h
|
||||
--- openssl-1.1.1g/include/openssl/fips.h.kdf-selftest 2020-06-03 16:08:36.282849124 +0200
|
||||
+++ openssl-1.1.1g/include/openssl/fips.h 2020-06-03 16:08:36.338849585 +0200
|
||||
@@ -123,6 +123,8 @@ extern "C" {
|
||||
# define FIPS_F_FIPS_SELFTEST_DSA 112
|
||||
# define FIPS_F_FIPS_SELFTEST_ECDSA 133
|
||||
# define FIPS_F_FIPS_SELFTEST_HMAC 113
|
||||
+# define FIPS_F_FIPS_SELFTEST_KBKDF 151
|
||||
+# define FIPS_F_FIPS_SELFTEST_PBKDF2 152
|
||||
# define FIPS_F_FIPS_SELFTEST_SHA1 115
|
||||
# define FIPS_F_FIPS_SELFTEST_SHA2 105
|
||||
# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143
|
@ -1,7 +1,7 @@
|
||||
diff -up openssl-1.1.1c/crypto/err/openssl.txt.krb5-kdf openssl-1.1.1c/crypto/err/openssl.txt
|
||||
--- openssl-1.1.1c/crypto/err/openssl.txt.krb5-kdf 2019-11-14 16:25:09.445914709 +0100
|
||||
+++ openssl-1.1.1c/crypto/err/openssl.txt 2019-11-14 16:26:10.333811902 +0100
|
||||
@@ -816,6 +816,11 @@ EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_g
|
||||
diff -up openssl-1.1.1d/crypto/err/openssl.txt.krb5-kdf openssl-1.1.1d/crypto/err/openssl.txt
|
||||
--- openssl-1.1.1d/crypto/err/openssl.txt.krb5-kdf 2019-11-14 15:07:05.320094521 +0100
|
||||
+++ openssl-1.1.1d/crypto/err/openssl.txt 2019-11-14 15:07:05.342094129 +0100
|
||||
@@ -821,6 +821,11 @@ EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_g
|
||||
EVP_F_SCRYPT_ALG:228:scrypt_alg
|
||||
EVP_F_UPDATE:173:update
|
||||
KDF_F_HKDF_EXTRACT:112:HKDF_Extract
|
||||
@ -13,7 +13,7 @@ diff -up openssl-1.1.1c/crypto/err/openssl.txt.krb5-kdf openssl-1.1.1c/crypto/er
|
||||
KDF_F_KDF_HKDF_DERIVE:113:kdf_hkdf_derive
|
||||
KDF_F_KDF_HKDF_NEW:114:kdf_hkdf_new
|
||||
KDF_F_KDF_HKDF_SIZE:115:kdf_hkdf_size
|
||||
@@ -835,6 +840,8 @@ KDF_F_KDF_SSHKDF_NEW:133:kdf_sshkdf_new
|
||||
@@ -840,6 +845,8 @@ KDF_F_KDF_SSHKDF_NEW:133:kdf_sshkdf_new
|
||||
KDF_F_KDF_TLS1_PRF_CTRL_STR:125:kdf_tls1_prf_ctrl_str
|
||||
KDF_F_KDF_TLS1_PRF_DERIVE:126:kdf_tls1_prf_derive
|
||||
KDF_F_KDF_TLS1_PRF_NEW:127:kdf_tls1_prf_new
|
||||
@ -22,7 +22,7 @@ diff -up openssl-1.1.1c/crypto/err/openssl.txt.krb5-kdf openssl-1.1.1c/crypto/er
|
||||
KDF_F_PBKDF2_SET_MEMBUF:128:pbkdf2_set_membuf
|
||||
KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str
|
||||
KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive
|
||||
@@ -848,6 +855,9 @@ KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tl
|
||||
@@ -853,6 +860,9 @@ KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tl
|
||||
KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive
|
||||
KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init
|
||||
KDF_F_SCRYPT_SET_MEMBUF:129:scrypt_set_membuf
|
||||
@ -32,10 +32,10 @@ diff -up openssl-1.1.1c/crypto/err/openssl.txt.krb5-kdf openssl-1.1.1c/crypto/er
|
||||
KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg
|
||||
OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
|
||||
OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid
|
||||
@@ -2315,7 +2325,13 @@ EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM:
|
||||
EVP_R_UNSUPPORTED_SALT_TYPE:126:unsupported salt type
|
||||
@@ -2325,7 +2335,13 @@ EVP_R_UNSUPPORTED_SALT_TYPE:126:unsuppor
|
||||
EVP_R_WRAP_MODE_NOT_ALLOWED:170:wrap mode not allowed
|
||||
EVP_R_WRONG_FINAL_BLOCK_LENGTH:109:wrong final block length
|
||||
EVP_R_XTS_DUPLICATED_KEYS:183:xts duplicated keys
|
||||
+KDF_R_FAILED_TO_GENERATE_KEY:118:failed to generate key
|
||||
+KDF_R_INVALID_CIPHER:116:invalid cipher
|
||||
+KDF_R_INVALID_CONSTANT_LENGTH:119:invalid constant length
|
||||
@ -46,7 +46,7 @@ diff -up openssl-1.1.1c/crypto/err/openssl.txt.krb5-kdf openssl-1.1.1c/crypto/er
|
||||
KDF_R_MISSING_ITERATION_COUNT:109:missing iteration count
|
||||
KDF_R_MISSING_KEY:104:missing key
|
||||
KDF_R_MISSING_MESSAGE_DIGEST:105:missing message digest
|
||||
@@ -2330,6 +2346,7 @@ KDF_R_MISSING_XCGHASH:115:missing xcghas
|
||||
@@ -2340,6 +2356,7 @@ KDF_R_MISSING_XCGHASH:115:missing xcghas
|
||||
KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
|
||||
KDF_R_VALUE_ERROR:108:value error
|
||||
KDF_R_VALUE_MISSING:102:value missing
|
||||
@ -54,9 +54,9 @@ diff -up openssl-1.1.1c/crypto/err/openssl.txt.krb5-kdf openssl-1.1.1c/crypto/er
|
||||
KDF_R_WRONG_OUTPUT_BUFFER_SIZE:112:wrong output buffer size
|
||||
OBJ_R_OID_EXISTS:102:oid exists
|
||||
OBJ_R_UNKNOWN_NID:101:unknown nid
|
||||
diff -up openssl-1.1.1c/crypto/evp/kdf_lib.c.krb5-kdf openssl-1.1.1c/crypto/evp/kdf_lib.c
|
||||
--- openssl-1.1.1c/crypto/evp/kdf_lib.c.krb5-kdf 2019-11-14 16:25:09.445914709 +0100
|
||||
+++ openssl-1.1.1c/crypto/evp/kdf_lib.c 2019-11-14 16:25:09.475914166 +0100
|
||||
diff -up openssl-1.1.1d/crypto/evp/kdf_lib.c.krb5-kdf openssl-1.1.1d/crypto/evp/kdf_lib.c
|
||||
--- openssl-1.1.1d/crypto/evp/kdf_lib.c.krb5-kdf 2019-11-14 15:07:05.320094521 +0100
|
||||
+++ openssl-1.1.1d/crypto/evp/kdf_lib.c 2019-11-14 15:07:05.342094129 +0100
|
||||
@@ -31,6 +31,9 @@ static const EVP_KDF_METHOD *standard_me
|
||||
&tls1_prf_kdf_meth,
|
||||
&hkdf_kdf_meth,
|
||||
@ -67,9 +67,9 @@ diff -up openssl-1.1.1c/crypto/evp/kdf_lib.c.krb5-kdf openssl-1.1.1c/crypto/evp/
|
||||
};
|
||||
|
||||
DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *,
|
||||
diff -up openssl-1.1.1c/crypto/include/internal/evp_int.h.krb5-kdf openssl-1.1.1c/crypto/include/internal/evp_int.h
|
||||
--- openssl-1.1.1c/crypto/include/internal/evp_int.h.krb5-kdf 2019-11-14 16:25:09.446914691 +0100
|
||||
+++ openssl-1.1.1c/crypto/include/internal/evp_int.h 2019-11-14 16:25:09.475914166 +0100
|
||||
diff -up openssl-1.1.1d/include/crypto/evp.h.krb5-kdf openssl-1.1.1d/include/crypto/evp.h
|
||||
--- openssl-1.1.1d/include/crypto/evp.h.krb5-kdf 2019-11-14 15:07:05.320094521 +0100
|
||||
+++ openssl-1.1.1d/include/crypto/evp.h 2019-11-14 15:07:05.342094129 +0100
|
||||
@@ -130,6 +130,9 @@ extern const EVP_KDF_METHOD scrypt_kdf_m
|
||||
extern const EVP_KDF_METHOD tls1_prf_kdf_meth;
|
||||
extern const EVP_KDF_METHOD hkdf_kdf_meth;
|
||||
@ -80,17 +80,17 @@ diff -up openssl-1.1.1c/crypto/include/internal/evp_int.h.krb5-kdf openssl-1.1.1
|
||||
|
||||
struct evp_md_st {
|
||||
int type;
|
||||
diff -up openssl-1.1.1c/crypto/kdf/build.info.krb5-kdf openssl-1.1.1c/crypto/kdf/build.info
|
||||
--- openssl-1.1.1c/crypto/kdf/build.info.krb5-kdf 2019-11-14 16:25:09.446914691 +0100
|
||||
+++ openssl-1.1.1c/crypto/kdf/build.info 2019-11-14 16:25:09.475914166 +0100
|
||||
diff -up openssl-1.1.1d/crypto/kdf/build.info.krb5-kdf openssl-1.1.1d/crypto/kdf/build.info
|
||||
--- openssl-1.1.1d/crypto/kdf/build.info.krb5-kdf 2019-11-14 15:07:05.320094521 +0100
|
||||
+++ openssl-1.1.1d/crypto/kdf/build.info 2019-11-14 15:07:05.342094129 +0100
|
||||
@@ -1,3 +1,3 @@
|
||||
LIBS=../../libcrypto
|
||||
SOURCE[../../libcrypto]=\
|
||||
- tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c sshkdf.c
|
||||
+ tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c sshkdf.c kbkdf.c krb5kdf.c sskdf.c
|
||||
diff -up openssl-1.1.1c/crypto/kdf/kbkdf.c.krb5-kdf openssl-1.1.1c/crypto/kdf/kbkdf.c
|
||||
--- openssl-1.1.1c/crypto/kdf/kbkdf.c.krb5-kdf 2019-11-14 16:25:09.475914166 +0100
|
||||
+++ openssl-1.1.1c/crypto/kdf/kbkdf.c 2019-11-18 17:21:58.326635901 +0100
|
||||
diff -up openssl-1.1.1d/crypto/kdf/kbkdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/kbkdf.c
|
||||
--- openssl-1.1.1d/crypto/kdf/kbkdf.c.krb5-kdf 2019-11-14 15:07:05.343094112 +0100
|
||||
+++ openssl-1.1.1d/crypto/kdf/kbkdf.c 2019-11-18 17:21:58.326635901 +0100
|
||||
@@ -0,0 +1,540 @@
|
||||
+/*
|
||||
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -129,7 +129,7 @@ diff -up openssl-1.1.1c/crypto/kdf/kbkdf.c.krb5-kdf openssl-1.1.1c/crypto/kdf/kb
|
||||
+
|
||||
+#include "internal/numbers.h"
|
||||
+#include "internal/cryptlib.h"
|
||||
+#include "internal/evp_int.h"
|
||||
+#include "crypto/evp.h"
|
||||
+#include "kdf_local.h"
|
||||
+
|
||||
+#include "e_os.h"
|
||||
@ -632,9 +632,9 @@ diff -up openssl-1.1.1c/crypto/kdf/kbkdf.c.krb5-kdf openssl-1.1.1c/crypto/kdf/kb
|
||||
+ kbkdf_derive,
|
||||
+};
|
||||
+
|
||||
diff -up openssl-1.1.1c/crypto/kdf/kdf_err.c.krb5-kdf openssl-1.1.1c/crypto/kdf/kdf_err.c
|
||||
--- openssl-1.1.1c/crypto/kdf/kdf_err.c.krb5-kdf 2019-11-14 16:25:09.446914691 +0100
|
||||
+++ openssl-1.1.1c/crypto/kdf/kdf_err.c 2019-11-14 16:25:09.475914166 +0100
|
||||
diff -up openssl-1.1.1d/crypto/kdf/kdf_err.c.krb5-kdf openssl-1.1.1d/crypto/kdf/kdf_err.c
|
||||
--- openssl-1.1.1d/crypto/kdf/kdf_err.c.krb5-kdf 2019-11-14 15:07:05.320094521 +0100
|
||||
+++ openssl-1.1.1d/crypto/kdf/kdf_err.c 2019-11-14 15:07:05.343094112 +0100
|
||||
@@ -15,6 +15,11 @@
|
||||
|
||||
static const ERR_STRING_DATA KDF_str_functs[] = {
|
||||
@ -688,9 +688,9 @@ diff -up openssl-1.1.1c/crypto/kdf/kdf_err.c.krb5-kdf openssl-1.1.1c/crypto/kdf/
|
||||
{ERR_PACK(ERR_LIB_KDF, 0, KDF_R_WRONG_OUTPUT_BUFFER_SIZE),
|
||||
"wrong output buffer size"},
|
||||
{0, NULL}
|
||||
diff -up openssl-1.1.1c/crypto/kdf/kdf_local.h.krb5-kdf openssl-1.1.1c/crypto/kdf/kdf_local.h
|
||||
--- openssl-1.1.1c/crypto/kdf/kdf_local.h.krb5-kdf 2019-11-14 16:25:09.438914836 +0100
|
||||
+++ openssl-1.1.1c/crypto/kdf/kdf_local.h 2019-11-14 16:25:09.475914166 +0100
|
||||
diff -up openssl-1.1.1d/crypto/kdf/kdf_local.h.krb5-kdf openssl-1.1.1d/crypto/kdf/kdf_local.h
|
||||
--- openssl-1.1.1d/crypto/kdf/kdf_local.h.krb5-kdf 2019-11-14 15:07:05.313094646 +0100
|
||||
+++ openssl-1.1.1d/crypto/kdf/kdf_local.h 2019-11-14 15:07:05.344094093 +0100
|
||||
@@ -19,4 +19,6 @@ int kdf_hex2ctrl(EVP_KDF_IMPL *impl,
|
||||
int kdf_md2ctrl(EVP_KDF_IMPL *impl,
|
||||
int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
|
||||
@ -699,9 +699,9 @@ diff -up openssl-1.1.1c/crypto/kdf/kdf_local.h.krb5-kdf openssl-1.1.1c/crypto/kd
|
||||
+int kdf_cipher2ctrl(EVP_KDF_IMPL *impl,
|
||||
+ int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args),
|
||||
+ int cmd, const char *cipher_name);
|
||||
diff -up openssl-1.1.1c/crypto/kdf/kdf_util.c.krb5-kdf openssl-1.1.1c/crypto/kdf/kdf_util.c
|
||||
--- openssl-1.1.1c/crypto/kdf/kdf_util.c.krb5-kdf 2019-11-14 16:25:09.438914836 +0100
|
||||
+++ openssl-1.1.1c/crypto/kdf/kdf_util.c 2019-11-14 16:25:09.475914166 +0100
|
||||
diff -up openssl-1.1.1d/crypto/kdf/kdf_util.c.krb5-kdf openssl-1.1.1d/crypto/kdf/kdf_util.c
|
||||
--- openssl-1.1.1d/crypto/kdf/kdf_util.c.krb5-kdf 2019-11-14 15:07:05.313094646 +0100
|
||||
+++ openssl-1.1.1d/crypto/kdf/kdf_util.c 2019-11-14 15:07:05.344094093 +0100
|
||||
@@ -71,3 +71,16 @@ int kdf_md2ctrl(EVP_KDF_IMPL *impl,
|
||||
return call_ctrl(ctrl, impl, cmd, md);
|
||||
}
|
||||
@ -719,9 +719,9 @@ diff -up openssl-1.1.1c/crypto/kdf/kdf_util.c.krb5-kdf openssl-1.1.1c/crypto/kdf
|
||||
+ }
|
||||
+ return call_ctrl(ctrl, impl, cmd, cipher);
|
||||
+}
|
||||
diff -up openssl-1.1.1c/crypto/kdf/krb5kdf.c.krb5-kdf openssl-1.1.1c/crypto/kdf/krb5kdf.c
|
||||
--- openssl-1.1.1c/crypto/kdf/krb5kdf.c.krb5-kdf 2019-11-14 16:25:09.476914148 +0100
|
||||
+++ openssl-1.1.1c/crypto/kdf/krb5kdf.c 2019-11-18 17:18:13.056604404 +0100
|
||||
diff -up openssl-1.1.1d/crypto/kdf/krb5kdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/krb5kdf.c
|
||||
--- openssl-1.1.1d/crypto/kdf/krb5kdf.c.krb5-kdf 2019-11-14 15:07:05.344094093 +0100
|
||||
+++ openssl-1.1.1d/crypto/kdf/krb5kdf.c 2019-11-18 17:18:13.056604404 +0100
|
||||
@@ -0,0 +1,423 @@
|
||||
+/*
|
||||
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -741,7 +741,7 @@ diff -up openssl-1.1.1c/crypto/kdf/krb5kdf.c.krb5-kdf openssl-1.1.1c/crypto/kdf/
|
||||
+#include <openssl/kdf.h>
|
||||
+
|
||||
+#include "internal/cryptlib.h"
|
||||
+#include "internal/evp_int.h"
|
||||
+#include "crypto/evp.h"
|
||||
+#include "kdf_local.h"
|
||||
+
|
||||
+/* KRB5 KDF defined in RFC 3961, Section 5.1 */
|
||||
@ -1146,10 +1146,18 @@ diff -up openssl-1.1.1c/crypto/kdf/krb5kdf.c.krb5-kdf openssl-1.1.1c/crypto/kdf/
|
||||
+ krb5kdf_derive,
|
||||
+};
|
||||
+
|
||||
diff -up openssl-1.1.1c/crypto/kdf/sshkdf.c.krb5-kdf openssl-1.1.1c/crypto/kdf/sshkdf.c
|
||||
--- openssl-1.1.1c/crypto/kdf/sshkdf.c.krb5-kdf 2019-11-15 14:53:14.769279878 +0100
|
||||
+++ openssl-1.1.1c/crypto/kdf/sshkdf.c 2019-11-18 17:18:25.343388314 +0100
|
||||
@@ -69,6 +69,12 @@ static int kdf_sshkdf_parse_buffer_arg(u
|
||||
diff -up openssl-1.1.1d/crypto/kdf/sshkdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/sshkdf.c
|
||||
--- openssl-1.1.1d/crypto/kdf/sshkdf.c.krb5-kdf 2019-11-14 15:07:05.327094396 +0100
|
||||
+++ openssl-1.1.1d/crypto/kdf/sshkdf.c 2019-11-18 17:18:25.343388314 +0100
|
||||
@@ -12,6 +12,7 @@
|
||||
#include <string.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/kdf.h>
|
||||
+#include "internal/numbers.h"
|
||||
#include "internal/cryptlib.h"
|
||||
#include "crypto/evp.h"
|
||||
#include "kdf_local.h"
|
||||
@@ -68,6 +69,12 @@ static int kdf_sshkdf_parse_buffer_arg(u
|
||||
p = va_arg(args, const unsigned char *);
|
||||
len = va_arg(args, size_t);
|
||||
OPENSSL_clear_free(*dst, *dst_len);
|
||||
@ -1162,9 +1170,9 @@ diff -up openssl-1.1.1c/crypto/kdf/sshkdf.c.krb5-kdf openssl-1.1.1c/crypto/kdf/s
|
||||
*dst = OPENSSL_memdup(p, len);
|
||||
if (*dst == NULL)
|
||||
return 0;
|
||||
diff -up openssl-1.1.1c/crypto/kdf/sskdf.c.krb5-kdf openssl-1.1.1c/crypto/kdf/sskdf.c
|
||||
--- openssl-1.1.1c/crypto/kdf/sskdf.c.krb5-kdf 2019-11-14 16:25:09.476914148 +0100
|
||||
+++ openssl-1.1.1c/crypto/kdf/sskdf.c 2019-11-18 17:21:40.349952802 +0100
|
||||
diff -up openssl-1.1.1d/crypto/kdf/sskdf.c.krb5-kdf openssl-1.1.1d/crypto/kdf/sskdf.c
|
||||
--- openssl-1.1.1d/crypto/kdf/sskdf.c.krb5-kdf 2019-11-14 15:07:05.344094093 +0100
|
||||
+++ openssl-1.1.1d/crypto/kdf/sskdf.c 2019-11-18 17:21:40.349952802 +0100
|
||||
@@ -0,0 +1,255 @@
|
||||
+/*
|
||||
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -1210,7 +1218,7 @@ diff -up openssl-1.1.1c/crypto/kdf/sskdf.c.krb5-kdf openssl-1.1.1c/crypto/kdf/ss
|
||||
+#include <openssl/evp.h>
|
||||
+#include <openssl/kdf.h>
|
||||
+#include "internal/cryptlib.h"
|
||||
+#include "internal/evp_int.h"
|
||||
+#include "crypto/evp.h"
|
||||
+#include "kdf_local.h"
|
||||
+
|
||||
+struct evp_kdf_impl_st {
|
||||
@ -1421,9 +1429,9 @@ diff -up openssl-1.1.1c/crypto/kdf/sskdf.c.krb5-kdf openssl-1.1.1c/crypto/kdf/ss
|
||||
+ sskdf_size,
|
||||
+ sskdf_derive
|
||||
+};
|
||||
diff -up openssl-1.1.1c/crypto/objects/obj_dat.h.krb5-kdf openssl-1.1.1c/crypto/objects/obj_dat.h
|
||||
--- openssl-1.1.1c/crypto/objects/obj_dat.h.krb5-kdf 2019-11-14 16:25:09.447914673 +0100
|
||||
+++ openssl-1.1.1c/crypto/objects/obj_dat.h 2019-11-14 16:25:09.477914130 +0100
|
||||
diff -up openssl-1.1.1d/crypto/objects/obj_dat.h.krb5-kdf openssl-1.1.1d/crypto/objects/obj_dat.h
|
||||
--- openssl-1.1.1d/crypto/objects/obj_dat.h.krb5-kdf 2019-11-14 15:07:05.322094485 +0100
|
||||
+++ openssl-1.1.1d/crypto/objects/obj_dat.h 2019-11-14 15:07:05.345094076 +0100
|
||||
@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
|
||||
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */
|
||||
};
|
||||
@ -1493,9 +1501,9 @@ diff -up openssl-1.1.1c/crypto/objects/obj_dat.h.krb5-kdf openssl-1.1.1c/crypto/
|
||||
16, /* "stateOrProvinceName" */
|
||||
660, /* "streetAddress" */
|
||||
498, /* "subtreeMaximumQuality" */
|
||||
diff -up openssl-1.1.1c/crypto/objects/objects.txt.krb5-kdf openssl-1.1.1c/crypto/objects/objects.txt
|
||||
--- openssl-1.1.1c/crypto/objects/objects.txt.krb5-kdf 2019-11-14 16:25:09.447914673 +0100
|
||||
+++ openssl-1.1.1c/crypto/objects/objects.txt 2019-11-14 16:25:09.477914130 +0100
|
||||
diff -up openssl-1.1.1d/crypto/objects/objects.txt.krb5-kdf openssl-1.1.1d/crypto/objects/objects.txt
|
||||
--- openssl-1.1.1d/crypto/objects/objects.txt.krb5-kdf 2019-11-14 15:07:05.322094485 +0100
|
||||
+++ openssl-1.1.1d/crypto/objects/objects.txt 2019-11-14 15:07:05.345094076 +0100
|
||||
@@ -1603,6 +1603,15 @@ secg-scheme 14 3 : dhSinglePass-cofactor
|
||||
# NID for SSHKDF
|
||||
: SSHKDF : sshkdf
|
||||
@ -1512,9 +1520,9 @@ diff -up openssl-1.1.1c/crypto/objects/objects.txt.krb5-kdf openssl-1.1.1c/crypt
|
||||
# RFC 4556
|
||||
1 3 6 1 5 2 3 : id-pkinit
|
||||
id-pkinit 4 : pkInitClientAuth : PKINIT Client Auth
|
||||
diff -up openssl-1.1.1c/crypto/objects/obj_mac.num.krb5-kdf openssl-1.1.1c/crypto/objects/obj_mac.num
|
||||
--- openssl-1.1.1c/crypto/objects/obj_mac.num.krb5-kdf 2019-11-14 16:25:09.447914673 +0100
|
||||
+++ openssl-1.1.1c/crypto/objects/obj_mac.num 2019-11-14 16:25:09.477914130 +0100
|
||||
diff -up openssl-1.1.1d/crypto/objects/obj_mac.num.krb5-kdf openssl-1.1.1d/crypto/objects/obj_mac.num
|
||||
--- openssl-1.1.1d/crypto/objects/obj_mac.num.krb5-kdf 2019-11-14 15:07:05.322094485 +0100
|
||||
+++ openssl-1.1.1d/crypto/objects/obj_mac.num 2019-11-14 15:07:05.346094058 +0100
|
||||
@@ -1193,3 +1193,6 @@ magma_mac 1192
|
||||
hmacWithSHA512_224 1193
|
||||
hmacWithSHA512_256 1194
|
||||
@ -1522,9 +1530,9 @@ diff -up openssl-1.1.1c/crypto/objects/obj_mac.num.krb5-kdf openssl-1.1.1c/crypt
|
||||
+kbkdf 1196
|
||||
+krb5kdf 1197
|
||||
+sskdf 1198
|
||||
diff -up openssl-1.1.1c/doc/man3/EVP_KDF_CTX.pod.krb5-kdf openssl-1.1.1c/doc/man3/EVP_KDF_CTX.pod
|
||||
--- openssl-1.1.1c/doc/man3/EVP_KDF_CTX.pod.krb5-kdf 2019-11-14 16:25:09.439914818 +0100
|
||||
+++ openssl-1.1.1c/doc/man3/EVP_KDF_CTX.pod 2019-11-14 16:25:09.477914130 +0100
|
||||
diff -up openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod.krb5-kdf openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod
|
||||
--- openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod.krb5-kdf 2019-11-14 15:07:05.314094628 +0100
|
||||
+++ openssl-1.1.1d/doc/man3/EVP_KDF_CTX.pod 2019-11-14 15:07:05.346094058 +0100
|
||||
@@ -140,7 +140,14 @@ The value string is expected to be a dec
|
||||
This control expects one argument: C<EVP_MD *md>
|
||||
|
||||
@ -1541,9 +1549,9 @@ diff -up openssl-1.1.1c/doc/man3/EVP_KDF_CTX.pod.krb5-kdf openssl-1.1.1c/doc/man
|
||||
|
||||
EVP_KDF_ctrl_str() type string: "md"
|
||||
|
||||
diff -up openssl-1.1.1c/doc/man7/EVP_KDF_KB.pod.krb5-kdf openssl-1.1.1c/doc/man7/EVP_KDF_KB.pod
|
||||
--- openssl-1.1.1c/doc/man7/EVP_KDF_KB.pod.krb5-kdf 2019-11-14 16:25:09.478914112 +0100
|
||||
+++ openssl-1.1.1c/doc/man7/EVP_KDF_KB.pod 2019-11-14 16:25:09.478914112 +0100
|
||||
diff -up openssl-1.1.1d/doc/man7/EVP_KDF_KB.pod.krb5-kdf openssl-1.1.1d/doc/man7/EVP_KDF_KB.pod
|
||||
--- openssl-1.1.1d/doc/man7/EVP_KDF_KB.pod.krb5-kdf 2019-11-14 15:07:05.346094058 +0100
|
||||
+++ openssl-1.1.1d/doc/man7/EVP_KDF_KB.pod 2019-11-14 15:07:05.346094058 +0100
|
||||
@@ -0,0 +1,173 @@
|
||||
+=pod
|
||||
+
|
||||
@ -1718,9 +1726,9 @@ diff -up openssl-1.1.1c/doc/man7/EVP_KDF_KB.pod.krb5-kdf openssl-1.1.1c/doc/man7
|
||||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
diff -up openssl-1.1.1c/doc/man7/EVP_KDF_KRB5KDF.pod.krb5-kdf openssl-1.1.1c/doc/man7/EVP_KDF_KRB5KDF.pod
|
||||
--- openssl-1.1.1c/doc/man7/EVP_KDF_KRB5KDF.pod.krb5-kdf 2019-11-14 16:25:09.478914112 +0100
|
||||
+++ openssl-1.1.1c/doc/man7/EVP_KDF_KRB5KDF.pod 2019-11-14 16:25:09.478914112 +0100
|
||||
diff -up openssl-1.1.1d/doc/man7/EVP_KDF_KRB5KDF.pod.krb5-kdf openssl-1.1.1d/doc/man7/EVP_KDF_KRB5KDF.pod
|
||||
--- openssl-1.1.1d/doc/man7/EVP_KDF_KRB5KDF.pod.krb5-kdf 2019-11-14 15:07:05.346094058 +0100
|
||||
+++ openssl-1.1.1d/doc/man7/EVP_KDF_KRB5KDF.pod 2019-11-14 15:07:05.346094058 +0100
|
||||
@@ -0,0 +1,107 @@
|
||||
+=pod
|
||||
+
|
||||
@ -1829,9 +1837,9 @@ diff -up openssl-1.1.1c/doc/man7/EVP_KDF_KRB5KDF.pod.krb5-kdf openssl-1.1.1c/doc
|
||||
+
|
||||
+=cut
|
||||
+
|
||||
diff -up openssl-1.1.1c/doc/man7/EVP_KDF_SS.pod.krb5-kdf openssl-1.1.1c/doc/man7/EVP_KDF_SS.pod
|
||||
--- openssl-1.1.1c/doc/man7/EVP_KDF_SS.pod.krb5-kdf 2019-11-14 16:25:09.478914112 +0100
|
||||
+++ openssl-1.1.1c/doc/man7/EVP_KDF_SS.pod 2019-11-14 16:25:09.478914112 +0100
|
||||
diff -up openssl-1.1.1d/doc/man7/EVP_KDF_SS.pod.krb5-kdf openssl-1.1.1d/doc/man7/EVP_KDF_SS.pod
|
||||
--- openssl-1.1.1d/doc/man7/EVP_KDF_SS.pod.krb5-kdf 2019-11-14 15:07:05.346094058 +0100
|
||||
+++ openssl-1.1.1d/doc/man7/EVP_KDF_SS.pod 2019-11-14 15:07:05.346094058 +0100
|
||||
@@ -0,0 +1,146 @@
|
||||
+=pod
|
||||
+
|
||||
@ -1979,10 +1987,10 @@ diff -up openssl-1.1.1c/doc/man7/EVP_KDF_SS.pod.krb5-kdf openssl-1.1.1c/doc/man7
|
||||
+L<https://www.openssl.org/source/license.html>.
|
||||
+
|
||||
+=cut
|
||||
diff -up openssl-1.1.1c/include/openssl/kdferr.h.krb5-kdf openssl-1.1.1c/include/openssl/kdferr.h
|
||||
--- openssl-1.1.1c/include/openssl/kdferr.h.krb5-kdf 2019-11-14 16:25:09.448914655 +0100
|
||||
+++ openssl-1.1.1c/include/openssl/kdferr.h 2019-11-14 16:25:09.478914112 +0100
|
||||
@@ -20,6 +20,11 @@ int ERR_load_KDF_strings(void);
|
||||
diff -up openssl-1.1.1d/include/openssl/kdferr.h.krb5-kdf openssl-1.1.1d/include/openssl/kdferr.h
|
||||
--- openssl-1.1.1d/include/openssl/kdferr.h.krb5-kdf 2019-11-14 15:07:05.323094468 +0100
|
||||
+++ openssl-1.1.1d/include/openssl/kdferr.h 2019-11-14 15:07:05.347094040 +0100
|
||||
@@ -24,6 +24,11 @@ int ERR_load_KDF_strings(void);
|
||||
* KDF function codes.
|
||||
*/
|
||||
# define KDF_F_HKDF_EXTRACT 112
|
||||
@ -1994,7 +2002,7 @@ diff -up openssl-1.1.1c/include/openssl/kdferr.h.krb5-kdf openssl-1.1.1c/include
|
||||
# define KDF_F_KDF_HKDF_DERIVE 113
|
||||
# define KDF_F_KDF_HKDF_NEW 114
|
||||
# define KDF_F_KDF_HKDF_SIZE 115
|
||||
@@ -39,6 +44,8 @@ int ERR_load_KDF_strings(void);
|
||||
@@ -43,6 +48,8 @@ int ERR_load_KDF_strings(void);
|
||||
# define KDF_F_KDF_TLS1_PRF_CTRL_STR 125
|
||||
# define KDF_F_KDF_TLS1_PRF_DERIVE 126
|
||||
# define KDF_F_KDF_TLS1_PRF_NEW 127
|
||||
@ -2003,7 +2011,7 @@ diff -up openssl-1.1.1c/include/openssl/kdferr.h.krb5-kdf openssl-1.1.1c/include
|
||||
# define KDF_F_PBKDF2_SET_MEMBUF 128
|
||||
# define KDF_F_PKEY_HKDF_CTRL_STR 103
|
||||
# define KDF_F_PKEY_HKDF_DERIVE 102
|
||||
@@ -52,12 +59,21 @@ int ERR_load_KDF_strings(void);
|
||||
@@ -56,12 +63,21 @@ int ERR_load_KDF_strings(void);
|
||||
# define KDF_F_PKEY_TLS1_PRF_DERIVE 101
|
||||
# define KDF_F_PKEY_TLS1_PRF_INIT 110
|
||||
# define KDF_F_SCRYPT_SET_MEMBUF 129
|
||||
@ -2025,7 +2033,7 @@ diff -up openssl-1.1.1c/include/openssl/kdferr.h.krb5-kdf openssl-1.1.1c/include
|
||||
# define KDF_R_MISSING_ITERATION_COUNT 109
|
||||
# define KDF_R_MISSING_KEY 104
|
||||
# define KDF_R_MISSING_MESSAGE_DIGEST 105
|
||||
@@ -72,6 +88,7 @@ int ERR_load_KDF_strings(void);
|
||||
@@ -76,6 +92,7 @@ int ERR_load_KDF_strings(void);
|
||||
# define KDF_R_UNKNOWN_PARAMETER_TYPE 103
|
||||
# define KDF_R_VALUE_ERROR 108
|
||||
# define KDF_R_VALUE_MISSING 102
|
||||
@ -2033,9 +2041,9 @@ diff -up openssl-1.1.1c/include/openssl/kdferr.h.krb5-kdf openssl-1.1.1c/include
|
||||
# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112
|
||||
|
||||
#endif
|
||||
diff -up openssl-1.1.1c/include/openssl/kdf.h.krb5-kdf openssl-1.1.1c/include/openssl/kdf.h
|
||||
--- openssl-1.1.1c/include/openssl/kdf.h.krb5-kdf 2019-11-14 16:25:09.448914655 +0100
|
||||
+++ openssl-1.1.1c/include/openssl/kdf.h 2019-11-14 16:25:09.478914112 +0100
|
||||
diff -up openssl-1.1.1d/include/openssl/kdf.h.krb5-kdf openssl-1.1.1d/include/openssl/kdf.h
|
||||
--- openssl-1.1.1d/include/openssl/kdf.h.krb5-kdf 2019-11-14 15:07:05.323094468 +0100
|
||||
+++ openssl-1.1.1d/include/openssl/kdf.h 2019-11-14 15:07:05.347094040 +0100
|
||||
@@ -21,6 +21,9 @@ extern "C" {
|
||||
# define EVP_KDF_TLS1_PRF NID_tls1_prf
|
||||
# define EVP_KDF_HKDF NID_hkdf
|
||||
@ -2073,9 +2081,9 @@ diff -up openssl-1.1.1c/include/openssl/kdf.h.krb5-kdf openssl-1.1.1c/include/op
|
||||
/**** The legacy PKEY-based KDF API follows. ****/
|
||||
|
||||
# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL)
|
||||
diff -up openssl-1.1.1c/include/openssl/obj_mac.h.krb5-kdf openssl-1.1.1c/include/openssl/obj_mac.h
|
||||
--- openssl-1.1.1c/include/openssl/obj_mac.h.krb5-kdf 2019-11-14 16:25:09.449914637 +0100
|
||||
+++ openssl-1.1.1c/include/openssl/obj_mac.h 2019-11-14 16:25:09.479914093 +0100
|
||||
diff -up openssl-1.1.1d/include/openssl/obj_mac.h.krb5-kdf openssl-1.1.1d/include/openssl/obj_mac.h
|
||||
--- openssl-1.1.1d/include/openssl/obj_mac.h.krb5-kdf 2019-11-14 15:07:05.323094468 +0100
|
||||
+++ openssl-1.1.1d/include/openssl/obj_mac.h 2019-11-14 15:07:05.347094040 +0100
|
||||
@@ -4974,6 +4974,18 @@
|
||||
#define LN_sshkdf "sshkdf"
|
||||
#define NID_sshkdf 1203
|
||||
@ -2095,9 +2103,9 @@ diff -up openssl-1.1.1c/include/openssl/obj_mac.h.krb5-kdf openssl-1.1.1c/includ
|
||||
#define SN_id_pkinit "id-pkinit"
|
||||
#define NID_id_pkinit 1031
|
||||
#define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L
|
||||
diff -up openssl-1.1.1c/test/evp_kdf_test.c.krb5-kdf openssl-1.1.1c/test/evp_kdf_test.c
|
||||
--- openssl-1.1.1c/test/evp_kdf_test.c.krb5-kdf 2019-11-14 16:25:09.441914782 +0100
|
||||
+++ openssl-1.1.1c/test/evp_kdf_test.c 2019-11-14 16:25:09.479914093 +0100
|
||||
diff -up openssl-1.1.1d/test/evp_kdf_test.c.krb5-kdf openssl-1.1.1d/test/evp_kdf_test.c
|
||||
--- openssl-1.1.1d/test/evp_kdf_test.c.krb5-kdf 2019-11-14 15:07:05.315094610 +0100
|
||||
+++ openssl-1.1.1d/test/evp_kdf_test.c 2019-11-14 15:07:05.348094022 +0100
|
||||
@@ -225,13 +225,358 @@ err:
|
||||
}
|
||||
#endif
|
||||
@ -2457,9 +2465,9 @@ diff -up openssl-1.1.1c/test/evp_kdf_test.c.krb5-kdf openssl-1.1.1c/test/evp_kdf
|
||||
+ ADD_TEST(test_kdf_ss_hash);
|
||||
return 1;
|
||||
}
|
||||
diff -up openssl-1.1.1c/test/recipes/30-test_evp_data/evpkdf.txt.krb5-kdf openssl-1.1.1c/test/recipes/30-test_evp_data/evpkdf.txt
|
||||
--- openssl-1.1.1c/test/recipes/30-test_evp_data/evpkdf.txt.krb5-kdf 2019-11-14 16:25:09.451914601 +0100
|
||||
+++ openssl-1.1.1c/test/recipes/30-test_evp_data/evpkdf.txt 2019-11-14 16:25:09.480914075 +0100
|
||||
diff -up openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt.krb5-kdf openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt
|
||||
--- openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt.krb5-kdf 2019-11-14 15:07:05.327094396 +0100
|
||||
+++ openssl-1.1.1d/test/recipes/30-test_evp_data/evpkdf.txt 2019-11-14 15:07:05.349094005 +0100
|
||||
@@ -5286,3 +5286,559 @@ Ctrl.hexsession_id = hexsession_id:a4ebd
|
||||
Ctrl.type = type:A
|
||||
Output = FF
|
||||
|
@ -1,17 +1,16 @@
|
||||
diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in
|
||||
--- openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in 2019-05-07 11:52:35.885597934 +0200
|
||||
@@ -141,22 +141,23 @@ our @tests = (
|
||||
diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in
|
||||
--- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in 2019-09-13 15:11:07.358687169 +0200
|
||||
@@ -147,22 +147,22 @@ our @tests = (
|
||||
{
|
||||
name => "ECDSA with brainpool",
|
||||
server => {
|
||||
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
|
||||
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
|
||||
- "Groups" => "brainpoolP256r1",
|
||||
+# "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
|
||||
+# "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
|
||||
+ "Certificate" => test_pem("server-ecdsa-cert.pem"),
|
||||
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
|
||||
+# "Groups" => "brainpoolP256r1",
|
||||
+ "CipherString" => "aNULL",
|
||||
},
|
||||
client => {
|
||||
#We don't restrict this to TLSv1.2, although use of brainpool
|
||||
@ -32,17 +31,16 @@ diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool opens
|
||||
"ExpectedResult" => "Success"
|
||||
},
|
||||
},
|
||||
@@ -787,18 +788,19 @@ my @tests_tls_1_3 = (
|
||||
@@ -853,18 +853,18 @@ my @tests_tls_1_3 = (
|
||||
{
|
||||
name => "TLS 1.3 ECDSA with brainpool",
|
||||
server => {
|
||||
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
|
||||
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
|
||||
- "Groups" => "brainpoolP256r1",
|
||||
+# "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
|
||||
+# "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
|
||||
+ "Certificate" => test_pem("server-ecdsa-cert.pem"),
|
||||
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
|
||||
+# "Groups" => "brainpoolP256r1",
|
||||
+ "CipherString" => "aNULL",
|
||||
},
|
||||
client => {
|
||||
"RequestCAFile" => test_pem("root-cert.pem"),
|
||||
@ -57,20 +55,19 @@ diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool opens
|
||||
},
|
||||
},
|
||||
);
|
||||
diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1b/test/ssl-tests/20-cert-select.conf
|
||||
--- openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/test/ssl-tests/20-cert-select.conf 2019-05-07 12:15:12.762907496 +0200
|
||||
@@ -233,23 +233,18 @@ server = 5-ECDSA with brainpool-server
|
||||
diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf
|
||||
--- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool 2019-09-10 15:13:07.000000000 +0200
|
||||
+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf 2019-09-13 15:12:27.380288469 +0200
|
||||
@@ -238,23 +238,18 @@ server = 5-ECDSA with brainpool-server
|
||||
client = 5-ECDSA with brainpool-client
|
||||
|
||||
[5-ECDSA with brainpool-server]
|
||||
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
|
||||
-CipherString = DEFAULT
|
||||
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
|
||||
CipherString = DEFAULT
|
||||
-Groups = brainpoolP256r1
|
||||
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
|
||||
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
+CipherString = aNULL
|
||||
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
|
||||
|
||||
[5-ECDSA with brainpool-client]
|
||||
CipherString = aECDSA
|
||||
@ -87,28 +84,27 @@ diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-
|
||||
|
||||
|
||||
# ===========================================================
|
||||
@@ -1577,14 +1572,12 @@ server = 47-TLS 1.3 ECDSA with brainpool
|
||||
client = 47-TLS 1.3 ECDSA with brainpool-client
|
||||
@@ -1713,14 +1708,12 @@ server = 52-TLS 1.3 ECDSA with brainpool
|
||||
client = 52-TLS 1.3 ECDSA with brainpool-client
|
||||
|
||||
[47-TLS 1.3 ECDSA with brainpool-server]
|
||||
[52-TLS 1.3 ECDSA with brainpool-server]
|
||||
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
|
||||
-CipherString = DEFAULT
|
||||
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
|
||||
CipherString = DEFAULT
|
||||
-Groups = brainpoolP256r1
|
||||
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
|
||||
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
+CipherString = aNULL
|
||||
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
|
||||
|
||||
[47-TLS 1.3 ECDSA with brainpool-client]
|
||||
[52-TLS 1.3 ECDSA with brainpool-client]
|
||||
CipherString = DEFAULT
|
||||
-Groups = brainpoolP256r1
|
||||
MaxProtocol = TLSv1.3
|
||||
MinProtocol = TLSv1.3
|
||||
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
|
||||
@@ -1592,7 +1585,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
|
||||
@@ -1728,7 +1721,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-47]
|
||||
[test-52]
|
||||
-ExpectedResult = ServerFail
|
||||
+ExpectedResult = Success
|
||||
|
||||
|
12
SOURCES/openssl-1.1.1-no-html.patch
Normal file
12
SOURCES/openssl-1.1.1-no-html.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html openssl-1.1.1f/Configurations/unix-Makefile.tmpl
|
||||
--- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html 2020-04-07 16:45:21.904083989 +0200
|
||||
+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-04-07 16:45:56.218461895 +0200
|
||||
@@ -544,7 +544,7 @@ install_sw: install_dev install_engines
|
||||
|
||||
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
|
||||
|
||||
-install_docs: install_man_docs install_html_docs
|
||||
+install_docs: install_man_docs
|
||||
|
||||
uninstall_docs: uninstall_man_docs uninstall_html_docs
|
||||
$(RM) -r "$(DESTDIR)$(DOCDIR)"
|
@ -1,16 +0,0 @@
|
||||
diff -up openssl-1.1.1b/crypto/conf/conf_lib.c.regression openssl-1.1.1b/crypto/conf/conf_lib.c
|
||||
--- openssl-1.1.1b/crypto/conf/conf_lib.c.regression 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/conf/conf_lib.c 2019-05-10 14:28:57.718049429 +0200
|
||||
@@ -356,8 +356,10 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(
|
||||
{
|
||||
OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret));
|
||||
|
||||
- if (ret != NULL)
|
||||
- memset(ret, 0, sizeof(*ret));
|
||||
+ if (ret == NULL)
|
||||
+ return NULL;
|
||||
+
|
||||
+ memset(ret, 0, sizeof(*ret));
|
||||
ret->flags = DEFAULT_CONF_MFLAGS;
|
||||
|
||||
return ret;
|
44
SOURCES/openssl-1.1.1-reneg-no-extms.patch
Normal file
44
SOURCES/openssl-1.1.1-reneg-no-extms.patch
Normal file
@ -0,0 +1,44 @@
|
||||
diff -up openssl-1.1.1g/include/openssl/ssl3.h.reneg-no-extms openssl-1.1.1g/include/openssl/ssl3.h
|
||||
--- openssl-1.1.1g/include/openssl/ssl3.h.reneg-no-extms 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/include/openssl/ssl3.h 2020-06-05 15:20:22.090682776 +0200
|
||||
@@ -292,6 +292,9 @@ extern "C" {
|
||||
|
||||
# define TLS1_FLAGS_STATELESS 0x0800
|
||||
|
||||
+/* Set if extended master secret extension required on renegotiation */
|
||||
+# define TLS1_FLAGS_REQUIRED_EXTMS 0x1000
|
||||
+
|
||||
# define SSL3_MT_HELLO_REQUEST 0
|
||||
# define SSL3_MT_CLIENT_HELLO 1
|
||||
# define SSL3_MT_SERVER_HELLO 2
|
||||
diff -up openssl-1.1.1g/ssl/statem/extensions.c.reneg-no-extms openssl-1.1.1g/ssl/statem/extensions.c
|
||||
--- openssl-1.1.1g/ssl/statem/extensions.c.reneg-no-extms 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/ssl/statem/extensions.c 2020-06-05 15:22:19.677653437 +0200
|
||||
@@ -1168,14 +1168,26 @@ static int init_etm(SSL *s, unsigned int
|
||||
|
||||
static int init_ems(SSL *s, unsigned int context)
|
||||
{
|
||||
- if (!s->server)
|
||||
+ if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
|
||||
s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
|
||||
+ s->s3->flags |= TLS1_FLAGS_REQUIRED_EXTMS;
|
||||
+ }
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int final_ems(SSL *s, unsigned int context, int sent)
|
||||
{
|
||||
+ /*
|
||||
+ * Check extended master secret extension is not dropped on
|
||||
+ * renegotiation.
|
||||
+ */
|
||||
+ if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)
|
||||
+ && (s->s3->flags & TLS1_FLAGS_REQUIRED_EXTMS)) {
|
||||
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS,
|
||||
+ SSL_R_INCONSISTENT_EXTMS);
|
||||
+ return 0;
|
||||
+ }
|
||||
if (!s->server && s->hit) {
|
||||
/*
|
||||
* Check extended master secret extension is consistent with
|
170
SOURCES/openssl-1.1.1-rewire-fips-drbg.patch
Normal file
170
SOURCES/openssl-1.1.1-rewire-fips-drbg.patch
Normal file
@ -0,0 +1,170 @@
|
||||
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_lib.c
|
||||
--- openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200
|
||||
+++ openssl-1.1.1g/crypto/fips/fips_drbg_lib.c 2020-06-22 13:32:47.675852917 +0200
|
||||
@@ -337,6 +337,19 @@ static int drbg_reseed(DRBG_CTX *dctx,
|
||||
int FIPS_drbg_reseed(DRBG_CTX *dctx,
|
||||
const unsigned char *adin, size_t adinlen)
|
||||
{
|
||||
+ int len = (int)adinlen;
|
||||
+
|
||||
+ if (len < 0 || (size_t)len != adinlen) {
|
||||
+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ RAND_seed(adin, len);
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+int FIPS_drbg_reseed_internal(DRBG_CTX *dctx,
|
||||
+ const unsigned char *adin, size_t adinlen)
|
||||
+{
|
||||
return drbg_reseed(dctx, adin, adinlen, 1);
|
||||
}
|
||||
|
||||
@@ -358,6 +371,19 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, u
|
||||
int prediction_resistance,
|
||||
const unsigned char *adin, size_t adinlen)
|
||||
{
|
||||
+ int len = (int)outlen;
|
||||
+
|
||||
+ if (len < 0 || (size_t)len != outlen) {
|
||||
+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ return RAND_bytes(out, len);
|
||||
+}
|
||||
+
|
||||
+int FIPS_drbg_generate_internal(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
|
||||
+ int prediction_resistance,
|
||||
+ const unsigned char *adin, size_t adinlen)
|
||||
+{
|
||||
int r = 0;
|
||||
|
||||
if (FIPS_selftest_failed()) {
|
||||
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_rand.c
|
||||
--- openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200
|
||||
+++ openssl-1.1.1g/crypto/fips/fips_drbg_rand.c 2020-06-22 13:32:47.675852917 +0200
|
||||
@@ -57,6 +57,8 @@
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/fips.h>
|
||||
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
|
||||
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
|
||||
#include <openssl/fips_rand.h>
|
||||
#include "fips_rand_lcl.h"
|
||||
|
||||
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c
|
||||
--- openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg 2020-06-22 13:32:47.612852927 +0200
|
||||
+++ openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c 2020-06-22 13:32:47.675852917 +0200
|
||||
@@ -55,6 +55,8 @@
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/fips.h>
|
||||
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
|
||||
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
|
||||
#include <openssl/fips_rand.h>
|
||||
#include "fips_rand_lcl.h"
|
||||
#include "fips_locl.h"
|
||||
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_post.c
|
||||
--- openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200
|
||||
+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-06-22 13:32:47.675852917 +0200
|
||||
@@ -79,8 +79,6 @@ int FIPS_selftest(void)
|
||||
ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
|
||||
rv = 0;
|
||||
}
|
||||
- if (!FIPS_selftest_drbg())
|
||||
- rv = 0;
|
||||
if (!FIPS_selftest_sha1())
|
||||
rv = 0;
|
||||
if (!FIPS_selftest_sha2())
|
||||
diff -up openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_rand_lib.c
|
||||
--- openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.613852927 +0200
|
||||
+++ openssl-1.1.1g/crypto/fips/fips_rand_lib.c 2020-06-22 13:36:28.722817967 +0200
|
||||
@@ -120,6 +120,7 @@ void FIPS_rand_reset(void)
|
||||
|
||||
int FIPS_rand_seed(const void *buf, int num)
|
||||
{
|
||||
+#if 0
|
||||
if (!fips_approved_rand_meth && FIPS_module_mode()) {
|
||||
FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
|
||||
return 0;
|
||||
@@ -127,10 +128,15 @@ int FIPS_rand_seed(const void *buf, int
|
||||
if (fips_rand_meth && fips_rand_meth->seed)
|
||||
fips_rand_meth->seed(buf, num);
|
||||
return 1;
|
||||
+#else
|
||||
+ RAND_seed(buf, num);
|
||||
+ return 1;
|
||||
+#endif
|
||||
}
|
||||
|
||||
int FIPS_rand_bytes(unsigned char *buf, int num)
|
||||
{
|
||||
+#if 0
|
||||
if (!fips_approved_rand_meth && FIPS_module_mode()) {
|
||||
FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
|
||||
return 0;
|
||||
@@ -138,10 +144,14 @@ int FIPS_rand_bytes(unsigned char *buf,
|
||||
if (fips_rand_meth && fips_rand_meth->bytes)
|
||||
return fips_rand_meth->bytes(buf, num);
|
||||
return 0;
|
||||
+#else
|
||||
+ return RAND_bytes(buf, num);
|
||||
+#endif
|
||||
}
|
||||
|
||||
int FIPS_rand_status(void)
|
||||
{
|
||||
+#if 0
|
||||
if (!fips_approved_rand_meth && FIPS_module_mode()) {
|
||||
FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
|
||||
return 0;
|
||||
@@ -149,6 +159,9 @@ int FIPS_rand_status(void)
|
||||
if (fips_rand_meth && fips_rand_meth->status)
|
||||
return fips_rand_meth->status();
|
||||
return 0;
|
||||
+#else
|
||||
+ return RAND_status();
|
||||
+#endif
|
||||
}
|
||||
|
||||
/* Return instantiated strength of PRNG. For DRBG this is an internal
|
||||
diff -up openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips.h
|
||||
--- openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200
|
||||
+++ openssl-1.1.1g/include/openssl/fips.h 2020-06-22 13:32:47.675852917 +0200
|
||||
@@ -64,6 +64,11 @@ extern "C" {
|
||||
|
||||
int FIPS_selftest(void);
|
||||
int FIPS_selftest_failed(void);
|
||||
+
|
||||
+ /*
|
||||
+ * This function is deprecated as it performs selftest of the old FIPS drbg
|
||||
+ * implementation that is not validated.
|
||||
+ */
|
||||
int FIPS_selftest_drbg_all(void);
|
||||
|
||||
int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
|
||||
diff -up openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips_rand.h
|
||||
--- openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg 2020-06-22 13:32:47.617852926 +0200
|
||||
+++ openssl-1.1.1g/include/openssl/fips_rand.h 2020-06-22 13:32:47.675852917 +0200
|
||||
@@ -60,6 +60,20 @@
|
||||
# ifdef __cplusplus
|
||||
extern "C" {
|
||||
# endif
|
||||
+
|
||||
+/*
|
||||
+ * IMPORTANT NOTE:
|
||||
+ * All functions in this header file are deprecated and should not be used
|
||||
+ * as they use the old FIPS_drbg implementation that is not FIPS validated
|
||||
+ * anymore.
|
||||
+ * To provide backwards compatibility for applications that need FIPS compliant
|
||||
+ * RNG number generation and use FIPS_drbg_generate, this function was
|
||||
+ * re-wired to call the FIPS validated DRBG instance instead through
|
||||
+ * the RAND_bytes() call.
|
||||
+ *
|
||||
+ * All these functions will be removed in future.
|
||||
+ */
|
||||
+
|
||||
typedef struct drbg_ctx_st DRBG_CTX;
|
||||
/* DRBG external flags */
|
||||
/* Flag for CTR mode only: use derivation function ctr_df */
|
@ -1,6 +1,6 @@
|
||||
diff -up openssl-1.1.1c/Configurations/00-base-templates.conf.s390x-ecc openssl-1.1.1c/Configurations/00-base-templates.conf
|
||||
--- openssl-1.1.1c/Configurations/00-base-templates.conf.s390x-ecc 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/Configurations/00-base-templates.conf 2019-11-20 11:36:02.190860451 +0100
|
||||
diff -up openssl-1.1.1g/Configurations/00-base-templates.conf.s390x-ecc openssl-1.1.1g/Configurations/00-base-templates.conf
|
||||
--- openssl-1.1.1g/Configurations/00-base-templates.conf.s390x-ecc 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/Configurations/00-base-templates.conf 2020-05-18 12:45:40.855234262 +0200
|
||||
@@ -289,6 +289,7 @@ my %targets=(
|
||||
template => 1,
|
||||
cpuid_asm_src => "s390xcap.c s390xcpuid.S",
|
||||
@ -9,10 +9,10 @@ diff -up openssl-1.1.1c/Configurations/00-base-templates.conf.s390x-ecc openssl-
|
||||
aes_asm_src => "aes-s390x.S aes-ctr.fake aes-xts.fake",
|
||||
sha1_asm_src => "sha1-s390x.S sha256-s390x.S sha512-s390x.S",
|
||||
rc4_asm_src => "rc4-s390x.s",
|
||||
diff -up openssl-1.1.1c/Configure.s390x-ecc openssl-1.1.1c/Configure
|
||||
--- openssl-1.1.1c/Configure.s390x-ecc 2019-11-20 11:36:02.078862415 +0100
|
||||
+++ openssl-1.1.1c/Configure 2019-11-20 11:36:02.191860433 +0100
|
||||
@@ -1410,6 +1410,9 @@ unless ($disabled{asm}) {
|
||||
diff -up openssl-1.1.1g/Configure.s390x-ecc openssl-1.1.1g/Configure
|
||||
--- openssl-1.1.1g/Configure.s390x-ecc 2020-05-18 12:45:40.781233618 +0200
|
||||
+++ openssl-1.1.1g/Configure 2020-05-18 12:45:40.856234270 +0200
|
||||
@@ -1398,6 +1398,9 @@ unless ($disabled{asm}) {
|
||||
if ($target{ec_asm_src} =~ /ecp_nistz256/) {
|
||||
push @{$config{lib_defines}}, "ECP_NISTZ256_ASM";
|
||||
}
|
||||
@ -22,21 +22,9 @@ diff -up openssl-1.1.1c/Configure.s390x-ecc openssl-1.1.1c/Configure
|
||||
if ($target{ec_asm_src} =~ /x25519/) {
|
||||
push @{$config{lib_defines}}, "X25519_ASM";
|
||||
}
|
||||
diff -up openssl-1.1.1c/crypto/bn/asm/s390x.S.s390x-ecc openssl-1.1.1c/crypto/bn/asm/s390x.S
|
||||
--- openssl-1.1.1c/crypto/bn/asm/s390x.S.s390x-ecc 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/bn/asm/s390x.S 2019-11-20 11:36:02.191860433 +0100
|
||||
@@ -511,7 +511,7 @@ bn_mul_comba4:
|
||||
lghi zero,0
|
||||
|
||||
mul_add_c(0,0,c1,c2,c3);
|
||||
- stg c1,0*8(%r3)
|
||||
+ stg c1,0*8(%r2)
|
||||
lghi c1,0
|
||||
|
||||
mul_add_c(0,1,c2,c3,c1);
|
||||
diff -up openssl-1.1.1c/crypto/cmac/cm_pmeth.c.s390x-ecc openssl-1.1.1c/crypto/cmac/cm_pmeth.c
|
||||
--- openssl-1.1.1c/crypto/cmac/cm_pmeth.c.s390x-ecc 2019-11-20 11:36:02.078862415 +0100
|
||||
+++ openssl-1.1.1c/crypto/cmac/cm_pmeth.c 2019-11-20 11:36:02.191860433 +0100
|
||||
diff -up openssl-1.1.1g/crypto/cmac/cm_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/cmac/cm_pmeth.c
|
||||
--- openssl-1.1.1g/crypto/cmac/cm_pmeth.c.s390x-ecc 2020-05-18 12:45:40.782233627 +0200
|
||||
+++ openssl-1.1.1g/crypto/cmac/cm_pmeth.c 2020-05-18 12:45:42.661249957 +0200
|
||||
@@ -159,3 +159,8 @@ const EVP_PKEY_METHOD cmac_pkey_meth = {
|
||||
pkey_cmac_ctrl,
|
||||
pkey_cmac_ctrl_str
|
||||
@ -46,9 +34,9 @@ diff -up openssl-1.1.1c/crypto/cmac/cm_pmeth.c.s390x-ecc openssl-1.1.1c/crypto/c
|
||||
+{
|
||||
+ return &cmac_pkey_meth;
|
||||
+}
|
||||
diff -up openssl-1.1.1c/crypto/dh/dh_pmeth.c.s390x-ecc openssl-1.1.1c/crypto/dh/dh_pmeth.c
|
||||
--- openssl-1.1.1c/crypto/dh/dh_pmeth.c.s390x-ecc 2019-11-20 11:36:02.079862397 +0100
|
||||
+++ openssl-1.1.1c/crypto/dh/dh_pmeth.c 2019-11-20 11:36:02.191860433 +0100
|
||||
diff -up openssl-1.1.1g/crypto/dh/dh_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/dh/dh_pmeth.c
|
||||
--- openssl-1.1.1g/crypto/dh/dh_pmeth.c.s390x-ecc 2020-05-18 12:45:40.782233627 +0200
|
||||
+++ openssl-1.1.1g/crypto/dh/dh_pmeth.c 2020-05-18 12:45:42.661249957 +0200
|
||||
@@ -512,6 +512,11 @@ const EVP_PKEY_METHOD dh_pkey_meth = {
|
||||
pkey_dh_ctrl_str
|
||||
};
|
||||
@ -70,10 +58,10 @@ diff -up openssl-1.1.1c/crypto/dh/dh_pmeth.c.s390x-ecc openssl-1.1.1c/crypto/dh/
|
||||
+{
|
||||
+ return &dhx_pkey_meth;
|
||||
+}
|
||||
diff -up openssl-1.1.1c/crypto/dsa/dsa_pmeth.c.s390x-ecc openssl-1.1.1c/crypto/dsa/dsa_pmeth.c
|
||||
--- openssl-1.1.1c/crypto/dsa/dsa_pmeth.c.s390x-ecc 2019-11-20 11:36:02.100862029 +0100
|
||||
+++ openssl-1.1.1c/crypto/dsa/dsa_pmeth.c 2019-11-20 11:36:02.191860433 +0100
|
||||
@@ -275,3 +275,8 @@ const EVP_PKEY_METHOD dsa_pkey_meth = {
|
||||
diff -up openssl-1.1.1g/crypto/dsa/dsa_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/dsa/dsa_pmeth.c
|
||||
--- openssl-1.1.1g/crypto/dsa/dsa_pmeth.c.s390x-ecc 2020-05-18 12:45:40.783233636 +0200
|
||||
+++ openssl-1.1.1g/crypto/dsa/dsa_pmeth.c 2020-05-18 12:45:42.662249966 +0200
|
||||
@@ -271,3 +271,8 @@ const EVP_PKEY_METHOD dsa_pkey_meth = {
|
||||
pkey_dsa_ctrl,
|
||||
pkey_dsa_ctrl_str
|
||||
};
|
||||
@ -82,9 +70,9 @@ diff -up openssl-1.1.1c/crypto/dsa/dsa_pmeth.c.s390x-ecc openssl-1.1.1c/crypto/d
|
||||
+{
|
||||
+ return &dsa_pkey_meth;
|
||||
+}
|
||||
diff -up openssl-1.1.1c/crypto/ec/build.info.s390x-ecc openssl-1.1.1c/crypto/ec/build.info
|
||||
--- openssl-1.1.1c/crypto/ec/build.info.s390x-ecc 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/ec/build.info 2019-11-20 11:36:02.192860416 +0100
|
||||
diff -up openssl-1.1.1g/crypto/ec/build.info.s390x-ecc openssl-1.1.1g/crypto/ec/build.info
|
||||
--- openssl-1.1.1g/crypto/ec/build.info.s390x-ecc 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/ec/build.info 2020-05-18 12:45:42.662249966 +0200
|
||||
@@ -26,6 +26,9 @@ GENERATE[ecp_nistz256-armv8.S]=asm/ecp_n
|
||||
INCLUDE[ecp_nistz256-armv8.o]=..
|
||||
GENERATE[ecp_nistz256-ppc64.s]=asm/ecp_nistz256-ppc64.pl $(PERLASM_SCHEME)
|
||||
@ -95,9 +83,9 @@ diff -up openssl-1.1.1c/crypto/ec/build.info.s390x-ecc openssl-1.1.1c/crypto/ec/
|
||||
GENERATE[x25519-x86_64.s]=asm/x25519-x86_64.pl $(PERLASM_SCHEME)
|
||||
GENERATE[x25519-ppc64.s]=asm/x25519-ppc64.pl $(PERLASM_SCHEME)
|
||||
|
||||
diff -up openssl-1.1.1c/crypto/ec/ec_curve.c.s390x-ecc openssl-1.1.1c/crypto/ec/ec_curve.c
|
||||
--- openssl-1.1.1c/crypto/ec/ec_curve.c.s390x-ecc 2019-11-20 11:36:02.043863029 +0100
|
||||
+++ openssl-1.1.1c/crypto/ec/ec_curve.c 2019-11-20 11:36:02.192860416 +0100
|
||||
diff -up openssl-1.1.1g/crypto/ec/ec_curve.c.s390x-ecc openssl-1.1.1g/crypto/ec/ec_curve.c
|
||||
--- openssl-1.1.1g/crypto/ec/ec_curve.c.s390x-ecc 2020-05-18 12:45:40.753233375 +0200
|
||||
+++ openssl-1.1.1g/crypto/ec/ec_curve.c 2020-05-18 12:45:42.663249975 +0200
|
||||
@@ -255,20 +255,29 @@ static const ec_list_element curve_list[
|
||||
{NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
|
||||
"SECG curve over a 256 bit prime field"},
|
||||
@ -136,9 +124,9 @@ diff -up openssl-1.1.1c/crypto/ec/ec_curve.c.s390x-ecc openssl-1.1.1c/crypto/ec/
|
||||
EC_GFp_nistp256_method,
|
||||
#else
|
||||
0,
|
||||
diff -up openssl-1.1.1c/crypto/ec/ecdsa_ossl.c.s390x-ecc openssl-1.1.1c/crypto/ec/ecdsa_ossl.c
|
||||
--- openssl-1.1.1c/crypto/ec/ecdsa_ossl.c.s390x-ecc 2019-11-20 11:36:02.100862029 +0100
|
||||
+++ openssl-1.1.1c/crypto/ec/ecdsa_ossl.c 2019-11-20 11:36:02.192860416 +0100
|
||||
diff -up openssl-1.1.1g/crypto/ec/ecdsa_ossl.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecdsa_ossl.c
|
||||
--- openssl-1.1.1g/crypto/ec/ecdsa_ossl.c.s390x-ecc 2020-05-18 12:45:40.784233644 +0200
|
||||
+++ openssl-1.1.1g/crypto/ec/ecdsa_ossl.c 2020-05-18 12:45:42.664249983 +0200
|
||||
@@ -18,6 +18,41 @@
|
||||
# include <openssl/fips.h>
|
||||
#endif
|
||||
@ -181,7 +169,7 @@ diff -up openssl-1.1.1c/crypto/ec/ecdsa_ossl.c.s390x-ecc openssl-1.1.1c/crypto/e
|
||||
int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
|
||||
unsigned char *sig, unsigned int *siglen,
|
||||
const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
|
||||
@@ -145,15 +180,15 @@ static int ecdsa_sign_setup(EC_KEY *ecke
|
||||
@@ -149,15 +184,15 @@ static int ecdsa_sign_setup(EC_KEY *ecke
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -202,7 +190,7 @@ diff -up openssl-1.1.1c/crypto/ec/ecdsa_ossl.c.s390x-ecc openssl-1.1.1c/crypto/e
|
||||
{
|
||||
int ok = 0, i;
|
||||
BIGNUM *kinv = NULL, *s, *m = NULL;
|
||||
@@ -210,25 +245,25 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
@@ -218,25 +253,25 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
if (8 * dgst_len > i)
|
||||
dgst_len = (i + 7) / 8;
|
||||
if (!BN_bin2bn(dgst, dgst_len, m)) {
|
||||
@ -232,7 +220,7 @@ diff -up openssl-1.1.1c/crypto/ec/ecdsa_ossl.c.s390x-ecc openssl-1.1.1c/crypto/e
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
@@ -242,11 +277,11 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
@@ -250,11 +285,11 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
*/
|
||||
if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx)
|
||||
|| !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) {
|
||||
@ -246,7 +234,7 @@ diff -up openssl-1.1.1c/crypto/ec/ecdsa_ossl.c.s390x-ecc openssl-1.1.1c/crypto/e
|
||||
goto err;
|
||||
}
|
||||
/*
|
||||
@@ -255,7 +290,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
@@ -263,7 +298,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
*/
|
||||
if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx)
|
||||
|| !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) {
|
||||
@ -255,7 +243,7 @@ diff -up openssl-1.1.1c/crypto/ec/ecdsa_ossl.c.s390x-ecc openssl-1.1.1c/crypto/e
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -265,7 +300,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
@@ -273,7 +308,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
|
||||
* generate new kinv and r values
|
||||
*/
|
||||
if (in_kinv != NULL && in_r != NULL) {
|
||||
@ -264,7 +252,7 @@ diff -up openssl-1.1.1c/crypto/ec/ecdsa_ossl.c.s390x-ecc openssl-1.1.1c/crypto/e
|
||||
goto err;
|
||||
}
|
||||
} else {
|
||||
@@ -317,8 +352,8 @@ int ossl_ecdsa_verify(int type, const un
|
||||
@@ -325,8 +360,8 @@ int ossl_ecdsa_verify(int type, const un
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -275,7 +263,7 @@ diff -up openssl-1.1.1c/crypto/ec/ecdsa_ossl.c.s390x-ecc openssl-1.1.1c/crypto/e
|
||||
{
|
||||
int ret = -1, i;
|
||||
BN_CTX *ctx;
|
||||
@@ -338,18 +373,18 @@ int ossl_ecdsa_verify_sig(const unsigned
|
||||
@@ -346,18 +381,18 @@ int ossl_ecdsa_verify_sig(const unsigned
|
||||
/* check input values */
|
||||
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
|
||||
(pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
|
||||
@ -297,7 +285,7 @@ diff -up openssl-1.1.1c/crypto/ec/ecdsa_ossl.c.s390x-ecc openssl-1.1.1c/crypto/e
|
||||
return -1;
|
||||
}
|
||||
BN_CTX_start(ctx);
|
||||
@@ -358,26 +393,26 @@ int ossl_ecdsa_verify_sig(const unsigned
|
||||
@@ -366,26 +401,26 @@ int ossl_ecdsa_verify_sig(const unsigned
|
||||
m = BN_CTX_get(ctx);
|
||||
X = BN_CTX_get(ctx);
|
||||
if (X == NULL) {
|
||||
@ -328,7 +316,7 @@ diff -up openssl-1.1.1c/crypto/ec/ecdsa_ossl.c.s390x-ecc openssl-1.1.1c/crypto/e
|
||||
goto err;
|
||||
}
|
||||
/* digest -> m */
|
||||
@@ -388,41 +423,41 @@ int ossl_ecdsa_verify_sig(const unsigned
|
||||
@@ -396,41 +431,41 @@ int ossl_ecdsa_verify_sig(const unsigned
|
||||
if (8 * dgst_len > i)
|
||||
dgst_len = (i + 7) / 8;
|
||||
if (!BN_bin2bn(dgst, dgst_len, m)) {
|
||||
@ -378,9 +366,9 @@ diff -up openssl-1.1.1c/crypto/ec/ecdsa_ossl.c.s390x-ecc openssl-1.1.1c/crypto/e
|
||||
goto err;
|
||||
}
|
||||
/* if the signature is correct u1 is equal to sig->r */
|
||||
diff -up openssl-1.1.1c/crypto/ec/ec_err.c.s390x-ecc openssl-1.1.1c/crypto/ec/ec_err.c
|
||||
--- openssl-1.1.1c/crypto/ec/ec_err.c.s390x-ecc 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/ec/ec_err.c 2019-11-20 11:36:02.192860416 +0100
|
||||
diff -up openssl-1.1.1g/crypto/ec/ec_err.c.s390x-ecc openssl-1.1.1g/crypto/ec/ec_err.c
|
||||
--- openssl-1.1.1g/crypto/ec/ec_err.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/ec/ec_err.c 2020-05-18 12:45:42.664249983 +0200
|
||||
@@ -31,6 +31,11 @@ static const ERR_STRING_DATA EC_str_func
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_SETUP, 0), "ECDSA_sign_setup"},
|
||||
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIG_NEW, 0), "ECDSA_SIG_new"},
|
||||
@ -423,18 +411,9 @@ diff -up openssl-1.1.1c/crypto/ec/ec_err.c.s390x-ecc openssl-1.1.1c/crypto/ec/ec
|
||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING),
|
||||
"curve does not support signing"},
|
||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_D2I_ECPKPARAMETERS_FAILURE),
|
||||
diff -up openssl-1.1.1c/crypto/ec/ec_lcl.h.s390x-ecc openssl-1.1.1c/crypto/ec/ec_lcl.h
|
||||
--- openssl-1.1.1c/crypto/ec/ec_lcl.h.s390x-ecc 2019-11-20 11:36:01.676869466 +0100
|
||||
+++ openssl-1.1.1c/crypto/ec/ec_lcl.h 2019-11-20 11:36:02.192860416 +0100
|
||||
@@ -154,7 +154,7 @@ struct ec_method_st {
|
||||
int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
|
||||
const BIGNUM *b, BN_CTX *);
|
||||
/*-
|
||||
- * 'field_inv' computes the multipicative inverse of a in the field,
|
||||
+ * 'field_inv' computes the multiplicative inverse of a in the field,
|
||||
* storing the result in r.
|
||||
*
|
||||
* If 'a' is zero (or equivalent), you'll get an EC_R_CANNOT_INVERT error.
|
||||
diff -up openssl-1.1.1g/crypto/ec/ec_local.h.s390x-ecc openssl-1.1.1g/crypto/ec/ec_local.h
|
||||
--- openssl-1.1.1g/crypto/ec/ec_local.h.s390x-ecc 2020-05-18 12:45:40.554231646 +0200
|
||||
+++ openssl-1.1.1g/crypto/ec/ec_local.h 2020-05-18 12:45:44.564266496 +0200
|
||||
@@ -179,6 +179,14 @@ struct ec_method_st {
|
||||
/* custom ECDH operation */
|
||||
int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen,
|
||||
@ -462,7 +441,7 @@ diff -up openssl-1.1.1c/crypto/ec/ec_lcl.h.s390x-ecc openssl-1.1.1c/crypto/ec/ec
|
||||
|
||||
size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
|
||||
unsigned char *buf, size_t len);
|
||||
@@ -649,6 +662,13 @@ int ossl_ecdsa_verify(int type, const un
|
||||
@@ -651,6 +664,13 @@ int ossl_ecdsa_verify(int type, const un
|
||||
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
|
||||
int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
||||
const ECDSA_SIG *sig, EC_KEY *eckey);
|
||||
@ -476,9 +455,9 @@ diff -up openssl-1.1.1c/crypto/ec/ec_lcl.h.s390x-ecc openssl-1.1.1c/crypto/ec/ec
|
||||
|
||||
int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
|
||||
const uint8_t public_key[32], const uint8_t private_key[32]);
|
||||
diff -up openssl-1.1.1c/crypto/ec/ec_pmeth.c.s390x-ecc openssl-1.1.1c/crypto/ec/ec_pmeth.c
|
||||
--- openssl-1.1.1c/crypto/ec/ec_pmeth.c.s390x-ecc 2019-11-20 11:36:02.101862012 +0100
|
||||
+++ openssl-1.1.1c/crypto/ec/ec_pmeth.c 2019-11-20 11:36:02.193860398 +0100
|
||||
diff -up openssl-1.1.1g/crypto/ec/ec_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/ec/ec_pmeth.c
|
||||
--- openssl-1.1.1g/crypto/ec/ec_pmeth.c.s390x-ecc 2020-05-18 12:45:40.784233644 +0200
|
||||
+++ openssl-1.1.1g/crypto/ec/ec_pmeth.c 2020-05-18 12:45:44.565266505 +0200
|
||||
@@ -474,3 +474,8 @@ const EVP_PKEY_METHOD ec_pkey_meth = {
|
||||
pkey_ec_ctrl,
|
||||
pkey_ec_ctrl_str
|
||||
@ -488,9 +467,9 @@ diff -up openssl-1.1.1c/crypto/ec/ec_pmeth.c.s390x-ecc openssl-1.1.1c/crypto/ec/
|
||||
+{
|
||||
+ return &ec_pkey_meth;
|
||||
+}
|
||||
diff -up openssl-1.1.1c/crypto/ec/ecp_mont.c.s390x-ecc openssl-1.1.1c/crypto/ec/ecp_mont.c
|
||||
--- openssl-1.1.1c/crypto/ec/ecp_mont.c.s390x-ecc 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/ec/ecp_mont.c 2019-11-20 11:36:02.193860398 +0100
|
||||
diff -up openssl-1.1.1g/crypto/ec/ecp_mont.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecp_mont.c
|
||||
--- openssl-1.1.1g/crypto/ec/ecp_mont.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/ec/ecp_mont.c 2020-05-18 12:45:44.567266523 +0200
|
||||
@@ -63,6 +63,9 @@ const EC_METHOD *EC_GFp_mont_method(void
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
@ -501,9 +480,9 @@ diff -up openssl-1.1.1c/crypto/ec/ecp_mont.c.s390x-ecc openssl-1.1.1c/crypto/ec/
|
||||
0, /* field_inverse_mod_ord */
|
||||
ec_GFp_simple_blind_coordinates,
|
||||
ec_GFp_simple_ladder_pre,
|
||||
diff -up openssl-1.1.1c/crypto/ec/ecp_nist.c.s390x-ecc openssl-1.1.1c/crypto/ec/ecp_nist.c
|
||||
--- openssl-1.1.1c/crypto/ec/ecp_nist.c.s390x-ecc 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/ec/ecp_nist.c 2019-11-20 11:36:02.193860398 +0100
|
||||
diff -up openssl-1.1.1g/crypto/ec/ecp_nist.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecp_nist.c
|
||||
--- openssl-1.1.1g/crypto/ec/ecp_nist.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/ec/ecp_nist.c 2020-05-18 12:45:44.567266523 +0200
|
||||
@@ -65,6 +65,9 @@ const EC_METHOD *EC_GFp_nist_method(void
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
@ -514,9 +493,9 @@ diff -up openssl-1.1.1c/crypto/ec/ecp_nist.c.s390x-ecc openssl-1.1.1c/crypto/ec/
|
||||
0, /* field_inverse_mod_ord */
|
||||
ec_GFp_simple_blind_coordinates,
|
||||
ec_GFp_simple_ladder_pre,
|
||||
diff -up openssl-1.1.1c/crypto/ec/ecp_nistp224.c.s390x-ecc openssl-1.1.1c/crypto/ec/ecp_nistp224.c
|
||||
--- openssl-1.1.1c/crypto/ec/ecp_nistp224.c.s390x-ecc 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/ec/ecp_nistp224.c 2019-11-20 11:36:02.193860398 +0100
|
||||
diff -up openssl-1.1.1g/crypto/ec/ecp_nistp224.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecp_nistp224.c
|
||||
--- openssl-1.1.1g/crypto/ec/ecp_nistp224.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/ec/ecp_nistp224.c 2020-05-18 12:45:44.568266531 +0200
|
||||
@@ -292,6 +292,9 @@ const EC_METHOD *EC_GFp_nistp224_method(
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
@ -527,10 +506,10 @@ diff -up openssl-1.1.1c/crypto/ec/ecp_nistp224.c.s390x-ecc openssl-1.1.1c/crypto
|
||||
0, /* field_inverse_mod_ord */
|
||||
0, /* blind_coordinates */
|
||||
0, /* ladder_pre */
|
||||
diff -up openssl-1.1.1c/crypto/ec/ecp_nistp256.c.s390x-ecc openssl-1.1.1c/crypto/ec/ecp_nistp256.c
|
||||
--- openssl-1.1.1c/crypto/ec/ecp_nistp256.c.s390x-ecc 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/ec/ecp_nistp256.c 2019-11-20 11:36:02.194860380 +0100
|
||||
@@ -1823,6 +1823,9 @@ const EC_METHOD *EC_GFp_nistp256_method(
|
||||
diff -up openssl-1.1.1g/crypto/ec/ecp_nistp256.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecp_nistp256.c
|
||||
--- openssl-1.1.1g/crypto/ec/ecp_nistp256.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/ec/ecp_nistp256.c 2020-05-18 12:45:44.568266531 +0200
|
||||
@@ -1829,6 +1829,9 @@ const EC_METHOD *EC_GFp_nistp256_method(
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
@ -540,10 +519,10 @@ diff -up openssl-1.1.1c/crypto/ec/ecp_nistp256.c.s390x-ecc openssl-1.1.1c/crypto
|
||||
0, /* field_inverse_mod_ord */
|
||||
0, /* blind_coordinates */
|
||||
0, /* ladder_pre */
|
||||
diff -up openssl-1.1.1c/crypto/ec/ecp_nistp521.c.s390x-ecc openssl-1.1.1c/crypto/ec/ecp_nistp521.c
|
||||
--- openssl-1.1.1c/crypto/ec/ecp_nistp521.c.s390x-ecc 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/ec/ecp_nistp521.c 2019-11-20 11:36:02.194860380 +0100
|
||||
@@ -1665,6 +1665,9 @@ const EC_METHOD *EC_GFp_nistp521_method(
|
||||
diff -up openssl-1.1.1g/crypto/ec/ecp_nistp521.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecp_nistp521.c
|
||||
--- openssl-1.1.1g/crypto/ec/ecp_nistp521.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/ec/ecp_nistp521.c 2020-05-18 12:45:44.569266540 +0200
|
||||
@@ -1669,6 +1669,9 @@ const EC_METHOD *EC_GFp_nistp521_method(
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
@ -553,10 +532,10 @@ diff -up openssl-1.1.1c/crypto/ec/ecp_nistp521.c.s390x-ecc openssl-1.1.1c/crypto
|
||||
0, /* field_inverse_mod_ord */
|
||||
0, /* blind_coordinates */
|
||||
0, /* ladder_pre */
|
||||
diff -up openssl-1.1.1c/crypto/ec/ecp_nistz256.c.s390x-ecc openssl-1.1.1c/crypto/ec/ecp_nistz256.c
|
||||
--- openssl-1.1.1c/crypto/ec/ecp_nistz256.c.s390x-ecc 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/ec/ecp_nistz256.c 2019-11-20 11:36:02.195860363 +0100
|
||||
@@ -1689,6 +1689,9 @@ const EC_METHOD *EC_GFp_nistz256_method(
|
||||
diff -up openssl-1.1.1g/crypto/ec/ecp_nistz256.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecp_nistz256.c
|
||||
--- openssl-1.1.1g/crypto/ec/ecp_nistz256.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/ec/ecp_nistz256.c 2020-05-18 12:45:44.570266549 +0200
|
||||
@@ -1720,6 +1720,9 @@ const EC_METHOD *EC_GFp_nistz256_method(
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
ecdh_simple_compute_key,
|
||||
@ -566,9 +545,9 @@ diff -up openssl-1.1.1c/crypto/ec/ecp_nistz256.c.s390x-ecc openssl-1.1.1c/crypto
|
||||
ecp_nistz256_inv_mod_ord, /* can be #define-d NULL */
|
||||
0, /* blind_coordinates */
|
||||
0, /* ladder_pre */
|
||||
diff -up openssl-1.1.1c/crypto/ec/ecp_s390x_nistp.c.s390x-ecc openssl-1.1.1c/crypto/ec/ecp_s390x_nistp.c
|
||||
--- openssl-1.1.1c/crypto/ec/ecp_s390x_nistp.c.s390x-ecc 2019-11-20 11:36:02.195860363 +0100
|
||||
+++ openssl-1.1.1c/crypto/ec/ecp_s390x_nistp.c 2019-11-20 11:36:02.195860363 +0100
|
||||
diff -up openssl-1.1.1g/crypto/ec/ecp_s390x_nistp.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecp_s390x_nistp.c
|
||||
--- openssl-1.1.1g/crypto/ec/ecp_s390x_nistp.c.s390x-ecc 2020-05-18 12:45:44.571266557 +0200
|
||||
+++ openssl-1.1.1g/crypto/ec/ecp_s390x_nistp.c 2020-05-18 12:45:44.571266557 +0200
|
||||
@@ -0,0 +1,394 @@
|
||||
+/*
|
||||
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -583,7 +562,7 @@ diff -up openssl-1.1.1c/crypto/ec/ecp_s390x_nistp.c.s390x-ecc openssl-1.1.1c/cry
|
||||
+#include <string.h>
|
||||
+#include <openssl/err.h>
|
||||
+#include <openssl/rand.h>
|
||||
+#include "ec_lcl.h"
|
||||
+#include "ec_local.h"
|
||||
+#include "s390x_arch.h"
|
||||
+
|
||||
+/* Size of parameter blocks */
|
||||
@ -964,9 +943,9 @@ diff -up openssl-1.1.1c/crypto/ec/ecp_s390x_nistp.c.s390x-ecc openssl-1.1.1c/cry
|
||||
+EC_GFP_S390X_NISTP_METHOD(256)
|
||||
+EC_GFP_S390X_NISTP_METHOD(384)
|
||||
+EC_GFP_S390X_NISTP_METHOD(521)
|
||||
diff -up openssl-1.1.1c/crypto/ec/ecp_smpl.c.s390x-ecc openssl-1.1.1c/crypto/ec/ecp_smpl.c
|
||||
--- openssl-1.1.1c/crypto/ec/ecp_smpl.c.s390x-ecc 2019-11-20 11:36:02.066862626 +0100
|
||||
+++ openssl-1.1.1c/crypto/ec/ecp_smpl.c 2019-11-20 11:36:02.195860363 +0100
|
||||
diff -up openssl-1.1.1g/crypto/ec/ecp_smpl.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecp_smpl.c
|
||||
--- openssl-1.1.1g/crypto/ec/ecp_smpl.c.s390x-ecc 2020-05-18 12:45:40.769233514 +0200
|
||||
+++ openssl-1.1.1g/crypto/ec/ecp_smpl.c 2020-05-18 12:45:44.572266566 +0200
|
||||
@@ -64,6 +64,9 @@ const EC_METHOD *EC_GFp_simple_method(vo
|
||||
0, /* keycopy */
|
||||
0, /* keyfinish */
|
||||
@ -977,9 +956,9 @@ diff -up openssl-1.1.1c/crypto/ec/ecp_smpl.c.s390x-ecc openssl-1.1.1c/crypto/ec/
|
||||
0, /* field_inverse_mod_ord */
|
||||
ec_GFp_simple_blind_coordinates,
|
||||
ec_GFp_simple_ladder_pre,
|
||||
diff -up openssl-1.1.1c/crypto/ec/ecx_meth.c.s390x-ecc openssl-1.1.1c/crypto/ec/ecx_meth.c
|
||||
--- openssl-1.1.1c/crypto/ec/ecx_meth.c.s390x-ecc 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/ec/ecx_meth.c 2019-11-20 11:36:02.196860345 +0100
|
||||
diff -up openssl-1.1.1g/crypto/ec/ecx_meth.c.s390x-ecc openssl-1.1.1g/crypto/ec/ecx_meth.c
|
||||
--- openssl-1.1.1g/crypto/ec/ecx_meth.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/ec/ecx_meth.c 2020-05-18 12:45:44.573266575 +0200
|
||||
@@ -20,6 +20,7 @@
|
||||
#define X25519_BITS 253
|
||||
#define X25519_SECURITY_BITS 128
|
||||
@ -995,7 +974,7 @@ diff -up openssl-1.1.1c/crypto/ec/ecx_meth.c.s390x-ecc openssl-1.1.1c/crypto/ec/
|
||||
+
|
||||
+#ifdef S390X_EC_ASM
|
||||
+# include "s390x_arch.h"
|
||||
+# include "internal/constant_time_locl.h"
|
||||
+# include "internal/constant_time.h"
|
||||
+
|
||||
+static void s390x_x25519_mod_p(unsigned char u[32])
|
||||
+{
|
||||
@ -1655,10 +1634,10 @@ diff -up openssl-1.1.1c/crypto/ec/ecx_meth.c.s390x-ecc openssl-1.1.1c/crypto/ec/
|
||||
+#endif
|
||||
+ return &ed448_pkey_meth;
|
||||
+}
|
||||
diff -up openssl-1.1.1c/crypto/err/openssl.txt.s390x-ecc openssl-1.1.1c/crypto/err/openssl.txt
|
||||
--- openssl-1.1.1c/crypto/err/openssl.txt.s390x-ecc 2019-11-20 11:36:02.158861012 +0100
|
||||
+++ openssl-1.1.1c/crypto/err/openssl.txt 2019-11-20 11:36:02.196860345 +0100
|
||||
@@ -495,6 +495,11 @@ EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex
|
||||
diff -up openssl-1.1.1g/crypto/err/openssl.txt.s390x-ecc openssl-1.1.1g/crypto/err/openssl.txt
|
||||
--- openssl-1.1.1g/crypto/err/openssl.txt.s390x-ecc 2020-05-18 12:45:40.834234079 +0200
|
||||
+++ openssl-1.1.1g/crypto/err/openssl.txt 2020-05-18 12:45:44.575266592 +0200
|
||||
@@ -496,6 +496,11 @@ EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex
|
||||
EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup
|
||||
EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new
|
||||
EC_F_ECDSA_VERIFY:253:ECDSA_verify
|
||||
@ -1670,7 +1649,7 @@ diff -up openssl-1.1.1c/crypto/err/openssl.txt.s390x-ecc openssl-1.1.1c/crypto/e
|
||||
EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
|
||||
EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
|
||||
EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
|
||||
@@ -656,6 +661,7 @@ EC_F_NISTP521_PRE_COMP_NEW:237:nistp521_
|
||||
@@ -657,6 +662,7 @@ EC_F_NISTP521_PRE_COMP_NEW:237:nistp521_
|
||||
EC_F_O2I_ECPUBLICKEY:152:o2i_ECPublicKey
|
||||
EC_F_OLD_EC_PRIV_DECODE:222:old_ec_priv_decode
|
||||
EC_F_OSSL_ECDH_COMPUTE_KEY:247:ossl_ecdh_compute_key
|
||||
@ -1678,7 +1657,7 @@ diff -up openssl-1.1.1c/crypto/err/openssl.txt.s390x-ecc openssl-1.1.1c/crypto/e
|
||||
EC_F_OSSL_ECDSA_SIGN_SIG:249:ossl_ecdsa_sign_sig
|
||||
EC_F_OSSL_ECDSA_VERIFY_SIG:250:ossl_ecdsa_verify_sig
|
||||
EC_F_PKEY_ECD_CTRL:271:pkey_ecd_ctrl
|
||||
@@ -671,6 +677,12 @@ EC_F_PKEY_EC_KDF_DERIVE:283:pkey_ec_kdf_
|
||||
@@ -672,6 +678,12 @@ EC_F_PKEY_EC_KDF_DERIVE:283:pkey_ec_kdf_
|
||||
EC_F_PKEY_EC_KEYGEN:199:pkey_ec_keygen
|
||||
EC_F_PKEY_EC_PARAMGEN:219:pkey_ec_paramgen
|
||||
EC_F_PKEY_EC_SIGN:218:pkey_ec_sign
|
||||
@ -1691,7 +1670,7 @@ diff -up openssl-1.1.1c/crypto/err/openssl.txt.s390x-ecc openssl-1.1.1c/crypto/e
|
||||
EC_F_VALIDATE_ECX_DERIVE:278:validate_ecx_derive
|
||||
ENGINE_F_DIGEST_UPDATE:198:digest_update
|
||||
ENGINE_F_DYNAMIC_CTRL:180:dynamic_ctrl
|
||||
@@ -2149,6 +2161,7 @@ EC_R_BUFFER_TOO_SMALL:100:buffer too sma
|
||||
@@ -2160,6 +2172,7 @@ EC_R_BUFFER_TOO_SMALL:100:buffer too sma
|
||||
EC_R_CANNOT_INVERT:165:cannot invert
|
||||
EC_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range
|
||||
EC_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh
|
||||
@ -1699,11 +1678,11 @@ diff -up openssl-1.1.1c/crypto/err/openssl.txt.s390x-ecc openssl-1.1.1c/crypto/e
|
||||
EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
|
||||
EC_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure
|
||||
EC_R_DECODE_ERROR:142:decode error
|
||||
diff -up openssl-1.1.1c/crypto/evp/pmeth_lib.c.s390x-ecc openssl-1.1.1c/crypto/evp/pmeth_lib.c
|
||||
--- openssl-1.1.1c/crypto/evp/pmeth_lib.c.s390x-ecc 2019-11-20 11:36:02.105861942 +0100
|
||||
+++ openssl-1.1.1c/crypto/evp/pmeth_lib.c 2019-11-20 11:36:02.197860328 +0100
|
||||
diff -up openssl-1.1.1g/crypto/evp/pmeth_lib.c.s390x-ecc openssl-1.1.1g/crypto/evp/pmeth_lib.c
|
||||
--- openssl-1.1.1g/crypto/evp/pmeth_lib.c.s390x-ecc 2020-05-18 12:45:40.787233671 +0200
|
||||
+++ openssl-1.1.1g/crypto/evp/pmeth_lib.c 2020-05-18 12:45:44.576266601 +0200
|
||||
@@ -17,60 +17,67 @@
|
||||
#include "internal/evp_int.h"
|
||||
#include "crypto/evp.h"
|
||||
#include "internal/numbers.h"
|
||||
|
||||
+typedef const EVP_PKEY_METHOD *(*pmeth_fn)(void);
|
||||
@ -1833,9 +1812,9 @@ diff -up openssl-1.1.1c/crypto/evp/pmeth_lib.c.s390x-ecc openssl-1.1.1c/crypto/e
|
||||
if (app_pkey_methods == NULL)
|
||||
return NULL;
|
||||
idx -= OSSL_NELEM(standard_methods);
|
||||
diff -up openssl-1.1.1c/crypto/hmac/hm_pmeth.c.s390x-ecc openssl-1.1.1c/crypto/hmac/hm_pmeth.c
|
||||
--- openssl-1.1.1c/crypto/hmac/hm_pmeth.c.s390x-ecc 2019-11-20 11:36:02.115861766 +0100
|
||||
+++ openssl-1.1.1c/crypto/hmac/hm_pmeth.c 2019-11-20 11:36:02.197860328 +0100
|
||||
diff -up openssl-1.1.1g/crypto/hmac/hm_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/hmac/hm_pmeth.c
|
||||
--- openssl-1.1.1g/crypto/hmac/hm_pmeth.c.s390x-ecc 2020-05-18 12:45:40.796233749 +0200
|
||||
+++ openssl-1.1.1g/crypto/hmac/hm_pmeth.c 2020-05-18 12:45:44.576266601 +0200
|
||||
@@ -210,3 +210,8 @@ const EVP_PKEY_METHOD hmac_pkey_meth = {
|
||||
pkey_hmac_ctrl,
|
||||
pkey_hmac_ctrl_str
|
||||
@ -1845,35 +1824,9 @@ diff -up openssl-1.1.1c/crypto/hmac/hm_pmeth.c.s390x-ecc openssl-1.1.1c/crypto/h
|
||||
+{
|
||||
+ return &hmac_pkey_meth;
|
||||
+}
|
||||
diff -up openssl-1.1.1c/crypto/include/internal/evp_int.h.s390x-ecc openssl-1.1.1c/crypto/include/internal/evp_int.h
|
||||
--- openssl-1.1.1c/crypto/include/internal/evp_int.h.s390x-ecc 2019-11-20 11:36:02.158861012 +0100
|
||||
+++ openssl-1.1.1c/crypto/include/internal/evp_int.h 2019-11-20 11:36:02.197860328 +0100
|
||||
@@ -459,3 +459,22 @@ void evp_encode_ctx_set_flags(EVP_ENCODE
|
||||
#define EVP_ENCODE_CTX_NO_NEWLINES 1
|
||||
/* Use the SRP base64 alphabet instead of the standard one */
|
||||
#define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2
|
||||
+
|
||||
+const EVP_PKEY_METHOD *cmac_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *dh_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *dhx_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *dsa_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *ec_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *sm2_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *ecx25519_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *ecx448_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *ed25519_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *ed448_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *hmac_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *rsa_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *rsa_pss_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *scrypt_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *tls1_prf_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *hkdf_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *poly1305_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *siphash_pkey_method(void);
|
||||
diff -up openssl-1.1.1c/crypto/kdf/hkdf.c.s390x-ecc openssl-1.1.1c/crypto/kdf/hkdf.c
|
||||
--- openssl-1.1.1c/crypto/kdf/hkdf.c.s390x-ecc 2019-11-20 11:36:02.148861187 +0100
|
||||
+++ openssl-1.1.1c/crypto/kdf/hkdf.c 2019-11-20 11:36:02.198860310 +0100
|
||||
diff -up openssl-1.1.1g/crypto/kdf/hkdf.c.s390x-ecc openssl-1.1.1g/crypto/kdf/hkdf.c
|
||||
--- openssl-1.1.1g/crypto/kdf/hkdf.c.s390x-ecc 2020-05-18 12:45:40.826234009 +0200
|
||||
+++ openssl-1.1.1g/crypto/kdf/hkdf.c 2020-05-18 12:45:44.577266609 +0200
|
||||
@@ -233,6 +233,11 @@ const EVP_KDF_METHOD hkdf_kdf_meth = {
|
||||
kdf_hkdf_derive
|
||||
};
|
||||
@ -1886,10 +1839,10 @@ diff -up openssl-1.1.1c/crypto/kdf/hkdf.c.s390x-ecc openssl-1.1.1c/crypto/kdf/hk
|
||||
static int HKDF(const EVP_MD *evp_md,
|
||||
const unsigned char *salt, size_t salt_len,
|
||||
const unsigned char *key, size_t key_len,
|
||||
diff -up openssl-1.1.1c/crypto/kdf/scrypt.c.s390x-ecc openssl-1.1.1c/crypto/kdf/scrypt.c
|
||||
--- openssl-1.1.1c/crypto/kdf/scrypt.c.s390x-ecc 2019-11-20 11:36:02.149861170 +0100
|
||||
+++ openssl-1.1.1c/crypto/kdf/scrypt.c 2019-11-20 11:36:02.198860310 +0100
|
||||
@@ -503,4 +503,9 @@ static int scrypt_alg(const char *pass,
|
||||
diff -up openssl-1.1.1g/crypto/kdf/scrypt.c.s390x-ecc openssl-1.1.1g/crypto/kdf/scrypt.c
|
||||
--- openssl-1.1.1g/crypto/kdf/scrypt.c.s390x-ecc 2020-05-18 12:45:40.827234018 +0200
|
||||
+++ openssl-1.1.1g/crypto/kdf/scrypt.c 2020-05-18 12:45:44.578266618 +0200
|
||||
@@ -504,4 +504,9 @@ static int scrypt_alg(const char *pass,
|
||||
return rv;
|
||||
}
|
||||
|
||||
@ -1899,9 +1852,9 @@ diff -up openssl-1.1.1c/crypto/kdf/scrypt.c.s390x-ecc openssl-1.1.1c/crypto/kdf/
|
||||
+}
|
||||
+
|
||||
#endif
|
||||
diff -up openssl-1.1.1c/crypto/kdf/tls1_prf.c.s390x-ecc openssl-1.1.1c/crypto/kdf/tls1_prf.c
|
||||
--- openssl-1.1.1c/crypto/kdf/tls1_prf.c.s390x-ecc 2019-11-20 11:36:02.149861170 +0100
|
||||
+++ openssl-1.1.1c/crypto/kdf/tls1_prf.c 2019-11-20 11:36:02.198860310 +0100
|
||||
diff -up openssl-1.1.1g/crypto/kdf/tls1_prf.c.s390x-ecc openssl-1.1.1g/crypto/kdf/tls1_prf.c
|
||||
--- openssl-1.1.1g/crypto/kdf/tls1_prf.c.s390x-ecc 2020-05-18 12:45:40.828234027 +0200
|
||||
+++ openssl-1.1.1g/crypto/kdf/tls1_prf.c 2020-05-18 12:45:44.578266618 +0200
|
||||
@@ -168,6 +168,11 @@ const EVP_KDF_METHOD tls1_prf_kdf_meth =
|
||||
kdf_tls1_prf_derive
|
||||
};
|
||||
@ -1914,9 +1867,9 @@ diff -up openssl-1.1.1c/crypto/kdf/tls1_prf.c.s390x-ecc openssl-1.1.1c/crypto/kd
|
||||
static int tls1_prf_P_hash(const EVP_MD *md,
|
||||
const unsigned char *sec, size_t sec_len,
|
||||
const unsigned char *seed, size_t seed_len,
|
||||
diff -up openssl-1.1.1c/crypto/poly1305/poly1305_pmeth.c.s390x-ecc openssl-1.1.1c/crypto/poly1305/poly1305_pmeth.c
|
||||
--- openssl-1.1.1c/crypto/poly1305/poly1305_pmeth.c.s390x-ecc 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/poly1305/poly1305_pmeth.c 2019-11-20 11:36:02.199860293 +0100
|
||||
diff -up openssl-1.1.1g/crypto/poly1305/poly1305_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/poly1305/poly1305_pmeth.c
|
||||
--- openssl-1.1.1g/crypto/poly1305/poly1305_pmeth.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/poly1305/poly1305_pmeth.c 2020-05-18 12:45:44.579266627 +0200
|
||||
@@ -192,3 +192,8 @@ const EVP_PKEY_METHOD poly1305_pkey_meth
|
||||
pkey_poly1305_ctrl,
|
||||
pkey_poly1305_ctrl_str
|
||||
@ -1926,9 +1879,9 @@ diff -up openssl-1.1.1c/crypto/poly1305/poly1305_pmeth.c.s390x-ecc openssl-1.1.1
|
||||
+{
|
||||
+ return &poly1305_pkey_meth;
|
||||
+}
|
||||
diff -up openssl-1.1.1c/crypto/rsa/rsa_pmeth.c.s390x-ecc openssl-1.1.1c/crypto/rsa/rsa_pmeth.c
|
||||
--- openssl-1.1.1c/crypto/rsa/rsa_pmeth.c.s390x-ecc 2019-11-20 11:36:02.117861731 +0100
|
||||
+++ openssl-1.1.1c/crypto/rsa/rsa_pmeth.c 2019-11-20 11:36:02.199860293 +0100
|
||||
diff -up openssl-1.1.1g/crypto/rsa/rsa_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/rsa/rsa_pmeth.c
|
||||
--- openssl-1.1.1g/crypto/rsa/rsa_pmeth.c.s390x-ecc 2020-05-18 12:45:40.798233766 +0200
|
||||
+++ openssl-1.1.1g/crypto/rsa/rsa_pmeth.c 2020-05-18 12:45:44.580266635 +0200
|
||||
@@ -789,6 +789,11 @@ const EVP_PKEY_METHOD rsa_pkey_meth = {
|
||||
pkey_rsa_ctrl_str
|
||||
};
|
||||
@ -1950,9 +1903,9 @@ diff -up openssl-1.1.1c/crypto/rsa/rsa_pmeth.c.s390x-ecc openssl-1.1.1c/crypto/r
|
||||
+{
|
||||
+ return &rsa_pss_pkey_meth;
|
||||
+}
|
||||
diff -up openssl-1.1.1c/crypto/s390x_arch.h.s390x-ecc openssl-1.1.1c/crypto/s390x_arch.h
|
||||
--- openssl-1.1.1c/crypto/s390x_arch.h.s390x-ecc 2019-11-20 11:36:01.867866116 +0100
|
||||
+++ openssl-1.1.1c/crypto/s390x_arch.h 2019-11-20 11:36:02.199860293 +0100
|
||||
diff -up openssl-1.1.1g/crypto/s390x_arch.h.s390x-ecc openssl-1.1.1g/crypto/s390x_arch.h
|
||||
--- openssl-1.1.1g/crypto/s390x_arch.h.s390x-ecc 2020-05-18 12:45:40.603232072 +0200
|
||||
+++ openssl-1.1.1g/crypto/s390x_arch.h 2020-05-18 12:45:44.580266635 +0200
|
||||
@@ -26,6 +26,12 @@ void s390x_kmf(const unsigned char *in,
|
||||
unsigned int fc, void *param);
|
||||
void s390x_kma(const unsigned char *aad, size_t alen, const unsigned char *in,
|
||||
@ -2023,9 +1976,9 @@ diff -up openssl-1.1.1c/crypto/s390x_arch.h.s390x-ecc openssl-1.1.1c/crypto/s390
|
||||
+# define S390X_KDSA_D 0x80
|
||||
|
||||
#endif
|
||||
diff -up openssl-1.1.1c/crypto/s390xcpuid.pl.s390x-ecc openssl-1.1.1c/crypto/s390xcpuid.pl
|
||||
--- openssl-1.1.1c/crypto/s390xcpuid.pl.s390x-ecc 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/s390xcpuid.pl 2019-11-20 11:36:02.199860293 +0100
|
||||
diff -up openssl-1.1.1g/crypto/s390xcpuid.pl.s390x-ecc openssl-1.1.1g/crypto/s390xcpuid.pl
|
||||
--- openssl-1.1.1g/crypto/s390xcpuid.pl.s390x-ecc 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/s390xcpuid.pl 2020-05-18 12:45:44.581266644 +0200
|
||||
@@ -58,6 +58,10 @@ OPENSSL_s390x_facilities:
|
||||
stg %r0,S390X_PRNO+8(%r4)
|
||||
stg %r0,S390X_KMA(%r4)
|
||||
@ -2195,9 +2148,9 @@ diff -up openssl-1.1.1c/crypto/s390xcpuid.pl.s390x-ecc openssl-1.1.1c/crypto/s39
|
||||
$code.=<<___;
|
||||
.section .init
|
||||
brasl $ra,OPENSSL_cpuid_setup
|
||||
diff -up openssl-1.1.1c/crypto/siphash/siphash_pmeth.c.s390x-ecc openssl-1.1.1c/crypto/siphash/siphash_pmeth.c
|
||||
--- openssl-1.1.1c/crypto/siphash/siphash_pmeth.c.s390x-ecc 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/siphash/siphash_pmeth.c 2019-11-20 11:36:02.200860275 +0100
|
||||
diff -up openssl-1.1.1g/crypto/siphash/siphash_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/siphash/siphash_pmeth.c
|
||||
--- openssl-1.1.1g/crypto/siphash/siphash_pmeth.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/siphash/siphash_pmeth.c 2020-05-18 12:45:44.581266644 +0200
|
||||
@@ -203,3 +203,8 @@ const EVP_PKEY_METHOD siphash_pkey_meth
|
||||
pkey_siphash_ctrl,
|
||||
pkey_siphash_ctrl_str
|
||||
@ -2207,10 +2160,10 @@ diff -up openssl-1.1.1c/crypto/siphash/siphash_pmeth.c.s390x-ecc openssl-1.1.1c/
|
||||
+{
|
||||
+ return &siphash_pkey_meth;
|
||||
+}
|
||||
diff -up openssl-1.1.1c/crypto/sm2/sm2_pmeth.c.s390x-ecc openssl-1.1.1c/crypto/sm2/sm2_pmeth.c
|
||||
--- openssl-1.1.1c/crypto/sm2/sm2_pmeth.c.s390x-ecc 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/sm2/sm2_pmeth.c 2019-11-20 11:36:02.200860275 +0100
|
||||
@@ -323,3 +323,8 @@ const EVP_PKEY_METHOD sm2_pkey_meth = {
|
||||
diff -up openssl-1.1.1g/crypto/sm2/sm2_pmeth.c.s390x-ecc openssl-1.1.1g/crypto/sm2/sm2_pmeth.c
|
||||
--- openssl-1.1.1g/crypto/sm2/sm2_pmeth.c.s390x-ecc 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/sm2/sm2_pmeth.c 2020-05-18 12:45:44.582266653 +0200
|
||||
@@ -327,3 +327,8 @@ const EVP_PKEY_METHOD sm2_pkey_meth = {
|
||||
|
||||
pkey_sm2_digest_custom
|
||||
};
|
||||
@ -2219,10 +2172,36 @@ diff -up openssl-1.1.1c/crypto/sm2/sm2_pmeth.c.s390x-ecc openssl-1.1.1c/crypto/s
|
||||
+{
|
||||
+ return &sm2_pkey_meth;
|
||||
+}
|
||||
diff -up openssl-1.1.1c/include/internal/constant_time_locl.h.s390x-ecc openssl-1.1.1c/include/internal/constant_time_locl.h
|
||||
--- openssl-1.1.1c/include/internal/constant_time_locl.h.s390x-ecc 2019-11-20 11:36:02.176860696 +0100
|
||||
+++ openssl-1.1.1c/include/internal/constant_time_locl.h 2019-11-20 11:36:02.200860275 +0100
|
||||
@@ -347,6 +347,34 @@ static ossl_inline void constant_time_co
|
||||
diff -up openssl-1.1.1g/include/crypto/evp.h.s390x-ecc openssl-1.1.1g/include/crypto/evp.h
|
||||
--- openssl-1.1.1g/include/crypto/evp.h.s390x-ecc 2020-05-18 12:45:40.834234079 +0200
|
||||
+++ openssl-1.1.1g/include/crypto/evp.h 2020-05-18 12:45:44.577266609 +0200
|
||||
@@ -459,3 +459,22 @@ void evp_encode_ctx_set_flags(EVP_ENCODE
|
||||
#define EVP_ENCODE_CTX_NO_NEWLINES 1
|
||||
/* Use the SRP base64 alphabet instead of the standard one */
|
||||
#define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2
|
||||
+
|
||||
+const EVP_PKEY_METHOD *cmac_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *dh_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *dhx_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *dsa_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *ec_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *sm2_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *ecx25519_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *ecx448_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *ed25519_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *ed448_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *hmac_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *rsa_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *rsa_pss_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *scrypt_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *tls1_prf_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *hkdf_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *poly1305_pkey_method(void);
|
||||
+const EVP_PKEY_METHOD *siphash_pkey_method(void);
|
||||
diff -up openssl-1.1.1g/include/internal/constant_time.h.s390x-ecc openssl-1.1.1g/include/internal/constant_time.h
|
||||
--- openssl-1.1.1g/include/internal/constant_time.h.s390x-ecc 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/include/internal/constant_time.h 2020-05-18 12:45:44.582266653 +0200
|
||||
@@ -353,6 +353,34 @@ static ossl_inline void constant_time_co
|
||||
}
|
||||
|
||||
/*
|
||||
@ -2257,10 +2236,10 @@ diff -up openssl-1.1.1c/include/internal/constant_time_locl.h.s390x-ecc openssl-
|
||||
* table is a two dimensional array of bytes. Each row has rowsize elements.
|
||||
* Copies row number idx into out. rowsize and numrows are not considered
|
||||
* private.
|
||||
diff -up openssl-1.1.1c/include/openssl/ecerr.h.s390x-ecc openssl-1.1.1c/include/openssl/ecerr.h
|
||||
--- openssl-1.1.1c/include/openssl/ecerr.h.s390x-ecc 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/include/openssl/ecerr.h 2019-11-20 11:36:02.200860275 +0100
|
||||
@@ -38,6 +38,11 @@ int ERR_load_EC_strings(void);
|
||||
diff -up openssl-1.1.1g/include/openssl/ecerr.h.s390x-ecc openssl-1.1.1g/include/openssl/ecerr.h
|
||||
--- openssl-1.1.1g/include/openssl/ecerr.h.s390x-ecc 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/include/openssl/ecerr.h 2020-05-18 12:45:44.583266662 +0200
|
||||
@@ -42,6 +42,11 @@ int ERR_load_EC_strings(void);
|
||||
# define EC_F_ECDSA_SIGN_SETUP 248
|
||||
# define EC_F_ECDSA_SIG_NEW 265
|
||||
# define EC_F_ECDSA_VERIFY 253
|
||||
@ -2272,7 +2251,7 @@ diff -up openssl-1.1.1c/include/openssl/ecerr.h.s390x-ecc openssl-1.1.1c/include
|
||||
# define EC_F_ECD_ITEM_VERIFY 270
|
||||
# define EC_F_ECKEY_PARAM2TYPE 223
|
||||
# define EC_F_ECKEY_PARAM_DECODE 212
|
||||
@@ -181,6 +186,7 @@ int ERR_load_EC_strings(void);
|
||||
@@ -185,6 +190,7 @@ int ERR_load_EC_strings(void);
|
||||
# define EC_F_O2I_ECPUBLICKEY 152
|
||||
# define EC_F_OLD_EC_PRIV_DECODE 222
|
||||
# define EC_F_OSSL_ECDH_COMPUTE_KEY 247
|
||||
@ -2280,7 +2259,7 @@ diff -up openssl-1.1.1c/include/openssl/ecerr.h.s390x-ecc openssl-1.1.1c/include
|
||||
# define EC_F_OSSL_ECDSA_SIGN_SIG 249
|
||||
# define EC_F_OSSL_ECDSA_VERIFY_SIG 250
|
||||
# define EC_F_PKEY_ECD_CTRL 271
|
||||
@@ -196,6 +202,12 @@ int ERR_load_EC_strings(void);
|
||||
@@ -200,6 +206,12 @@ int ERR_load_EC_strings(void);
|
||||
# define EC_F_PKEY_EC_KEYGEN 199
|
||||
# define EC_F_PKEY_EC_PARAMGEN 219
|
||||
# define EC_F_PKEY_EC_SIGN 218
|
||||
@ -2293,7 +2272,7 @@ diff -up openssl-1.1.1c/include/openssl/ecerr.h.s390x-ecc openssl-1.1.1c/include
|
||||
# define EC_F_VALIDATE_ECX_DERIVE 278
|
||||
|
||||
/*
|
||||
@@ -208,6 +220,7 @@ int ERR_load_EC_strings(void);
|
||||
@@ -212,6 +224,7 @@ int ERR_load_EC_strings(void);
|
||||
# define EC_R_CANNOT_INVERT 165
|
||||
# define EC_R_COORDINATES_OUT_OF_RANGE 146
|
||||
# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160
|
||||
@ -2301,9 +2280,9 @@ diff -up openssl-1.1.1c/include/openssl/ecerr.h.s390x-ecc openssl-1.1.1c/include
|
||||
# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159
|
||||
# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117
|
||||
# define EC_R_DECODE_ERROR 142
|
||||
diff -up openssl-1.1.1c/test/recipes/30-test_evp_data/evppkey.txt.s390x-ecc openssl-1.1.1c/test/recipes/30-test_evp_data/evppkey.txt
|
||||
--- openssl-1.1.1c/test/recipes/30-test_evp_data/evppkey.txt.s390x-ecc 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/test/recipes/30-test_evp_data/evppkey.txt 2019-11-20 11:36:02.203860223 +0100
|
||||
diff -up openssl-1.1.1g/test/recipes/30-test_evp_data/evppkey.txt.s390x-ecc openssl-1.1.1g/test/recipes/30-test_evp_data/evppkey.txt
|
||||
--- openssl-1.1.1g/test/recipes/30-test_evp_data/evppkey.txt.s390x-ecc 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/test/recipes/30-test_evp_data/evppkey.txt 2020-05-18 12:45:44.590266722 +0200
|
||||
@@ -814,6 +814,8 @@ PublicKeyRaw=Bob-448-PUBLIC-Raw:X448:3eb
|
||||
|
||||
PrivPubKeyPair = Bob-448-Raw:Bob-448-PUBLIC-Raw
|
||||
|
@ -1,13 +1,6 @@
|
||||
diff -up openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl.s390x-update openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl
|
||||
--- openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl.s390x-update 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl 2019-05-06 10:54:00.035367605 +0200
|
||||
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/env perl
|
||||
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
diff -up openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl.s390x-update openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl
|
||||
--- openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl.s390x-update 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/chacha/asm/chacha-s390x.pl 2020-03-19 16:45:05.483440129 +0100
|
||||
@@ -20,41 +20,53 @@
|
||||
#
|
||||
# 3 times faster than compiler-generated code.
|
||||
@ -472,7 +465,7 @@ diff -up openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl.s390x-update openssl-1
|
||||
+ vsldb (@b[$_],@b[$_],@b[$_],$odd?12:4) for (0..5);
|
||||
+ vsldb (@d[$_],@d[$_],@d[$_],$odd?4:12) for (0..5);
|
||||
}
|
||||
-close STDOUT;
|
||||
-close STDOUT or die "error closing STDOUT: $!";
|
||||
+
|
||||
+PERLASM_BEGIN($output);
|
||||
+
|
||||
@ -1290,9 +1283,9 @@ diff -up openssl-1.1.1b/crypto/chacha/asm/chacha-s390x.pl.s390x-update openssl-1
|
||||
+ALIGN (4);
|
||||
+
|
||||
+PERLASM_END();
|
||||
diff -up openssl-1.1.1b/crypto/perlasm/s390x.pm.s390x-update openssl-1.1.1b/crypto/perlasm/s390x.pm
|
||||
--- openssl-1.1.1b/crypto/perlasm/s390x.pm.s390x-update 2019-05-06 10:54:00.037367571 +0200
|
||||
+++ openssl-1.1.1b/crypto/perlasm/s390x.pm 2019-05-06 10:54:00.038367554 +0200
|
||||
diff -up openssl-1.1.1e/crypto/perlasm/s390x.pm.s390x-update openssl-1.1.1e/crypto/perlasm/s390x.pm
|
||||
--- openssl-1.1.1e/crypto/perlasm/s390x.pm.s390x-update 2020-03-19 16:20:22.039227394 +0100
|
||||
+++ openssl-1.1.1e/crypto/perlasm/s390x.pm 2020-03-19 16:20:22.039227394 +0100
|
||||
@@ -0,0 +1,3060 @@
|
||||
+#!/usr/bin/env perl
|
||||
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
@ -4354,9 +4347,9 @@ diff -up openssl-1.1.1b/crypto/perlasm/s390x.pm.s390x-update openssl-1.1.1b/cryp
|
||||
+}
|
||||
+
|
||||
+1;
|
||||
diff -up openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl
|
||||
--- openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl 2019-05-06 10:54:00.036367588 +0200
|
||||
diff -up openssl-1.1.1e/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update openssl-1.1.1e/crypto/poly1305/asm/poly1305-s390x.pl
|
||||
--- openssl-1.1.1e/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update 2020-03-19 16:20:22.041227359 +0100
|
||||
+++ openssl-1.1.1e/crypto/poly1305/asm/poly1305-s390x.pl 2020-03-19 16:23:22.364098257 +0100
|
||||
@@ -24,204 +24,961 @@
|
||||
#
|
||||
# On side note, z13 enables vector base 2^26 implementation...
|
||||
@ -5494,11 +5487,11 @@ diff -up openssl-1.1.1b/crypto/poly1305/asm/poly1305-s390x.pl.s390x-update opens
|
||||
+STRING ("\"Poly1305 for s390x, CRYPTOGAMS by <appro\@openssl.org>\"");
|
||||
|
||||
-print $code;
|
||||
-close STDOUT;
|
||||
-close STDOUT or die "error closing STDOUT: $!";
|
||||
+PERLASM_END();
|
||||
diff -up openssl-1.1.1b/crypto/poly1305/build.info.s390x-update openssl-1.1.1b/crypto/poly1305/build.info
|
||||
--- openssl-1.1.1b/crypto/poly1305/build.info.s390x-update 2019-05-06 10:54:00.036367588 +0200
|
||||
+++ openssl-1.1.1b/crypto/poly1305/build.info 2019-05-06 10:56:14.964105164 +0200
|
||||
diff -up openssl-1.1.1e/crypto/poly1305/build.info.s390x-update openssl-1.1.1e/crypto/poly1305/build.info
|
||||
--- openssl-1.1.1e/crypto/poly1305/build.info.s390x-update 2020-03-17 15:31:17.000000000 +0100
|
||||
+++ openssl-1.1.1e/crypto/poly1305/build.info 2020-03-19 16:20:22.042227342 +0100
|
||||
@@ -18,6 +18,7 @@ INCLUDE[poly1305-armv8.o]=..
|
||||
GENERATE[poly1305-mips.S]=asm/poly1305-mips.pl $(PERLASM_SCHEME)
|
||||
INCLUDE[poly1305-mips.o]=..
|
||||
|
@ -1,7 +1,7 @@
|
||||
diff -up openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1/crypto/x509/x509_vfy.c
|
||||
--- openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel 2018-09-11 14:48:22.000000000 +0200
|
||||
+++ openssl-1.1.1/crypto/x509/x509_vfy.c 2018-10-01 14:34:43.083145020 +0200
|
||||
@@ -3220,6 +3220,7 @@ static int build_chain(X509_STORE_CTX *c
|
||||
diff -up openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1g/crypto/x509/x509_vfy.c
|
||||
--- openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/crypto/x509/x509_vfy.c 2020-06-05 17:16:54.835536823 +0200
|
||||
@@ -3225,6 +3225,7 @@ static int build_chain(X509_STORE_CTX *c
|
||||
}
|
||||
|
||||
static const int minbits_table[] = { 80, 112, 128, 192, 256 };
|
||||
@ -9,20 +9,23 @@ diff -up openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1/crypto/x509
|
||||
static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table);
|
||||
|
||||
/*
|
||||
@@ -3264,6 +3265,8 @@ static int check_sig_level(X509_STORE_CT
|
||||
@@ -3276,6 +3277,11 @@ static int check_sig_level(X509_STORE_CT
|
||||
|
||||
if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
|
||||
return 0;
|
||||
-
|
||||
- return secbits >= minbits_table[level - 1];
|
||||
+ /* Allow SHA1 in SECLEVEL 2 in non-FIPS mode */
|
||||
+ if (FIPS_mode())
|
||||
+ /*
|
||||
+ * Allow SHA1 in SECLEVEL 2 in non-FIPS mode or when the magic
|
||||
+ * disable SHA1 flag is not set.
|
||||
+ */
|
||||
+ if ((ctx->param->flags & 0x40000000) || FIPS_mode())
|
||||
+ return secbits >= minbits_table[level - 1];
|
||||
+ return secbits >= minbits_digest_table[level - 1];
|
||||
}
|
||||
diff -up openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod
|
||||
--- openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel 2018-09-11 14:48:22.000000000 +0200
|
||||
+++ openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod 2018-10-01 14:34:43.083145020 +0200
|
||||
diff -up openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod
|
||||
--- openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod 2020-06-04 15:48:01.608178833 +0200
|
||||
@@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited
|
||||
|
||||
=item B<Level 2>
|
||||
@ -36,23 +39,115 @@ diff -up openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-
|
||||
In addition to the level 1 exclusions any cipher suite using RC4 is also
|
||||
prohibited. SSL version 3 is also not allowed. Compression is disabled.
|
||||
|
||||
diff -up openssl-1.1.1/ssl/ssl_cert.c.seclevel openssl-1.1.1/ssl/ssl_cert.c
|
||||
--- openssl-1.1.1/ssl/ssl_cert.c.seclevel 2018-09-11 14:48:23.000000000 +0200
|
||||
+++ openssl-1.1.1/ssl/ssl_cert.c 2018-10-12 15:29:12.673799305 +0200
|
||||
@@ -983,6 +983,9 @@ static int ssl_security_default_callback
|
||||
diff -up openssl-1.1.1g/ssl/ssl_cert.c.seclevel openssl-1.1.1g/ssl/ssl_cert.c
|
||||
--- openssl-1.1.1g/ssl/ssl_cert.c.seclevel 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/ssl/ssl_cert.c 2020-06-05 17:10:11.842198401 +0200
|
||||
@@ -27,6 +27,7 @@
|
||||
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
|
||||
int op, int bits, int nid, void *other,
|
||||
void *ex);
|
||||
+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx);
|
||||
|
||||
static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
|
||||
static volatile int ssl_x509_store_ctx_idx = -1;
|
||||
@@ -396,7 +397,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_
|
||||
X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s));
|
||||
|
||||
/* Set suite B flags if needed */
|
||||
- X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
|
||||
+ X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s) | sha1_disable(s, NULL));
|
||||
if (!X509_STORE_CTX_set_ex_data
|
||||
(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
|
||||
goto end;
|
||||
@@ -953,12 +954,33 @@ static int ssl_security_default_callback
|
||||
return 0;
|
||||
break;
|
||||
default:
|
||||
+ /* allow SHA1 in SECLEVEL 2 in non FIPS mode */
|
||||
+ if (nid == NID_sha1 && minbits == 112 && !FIPS_mode())
|
||||
+ if (nid == NID_sha1 && minbits == 112 && !sha1_disable(s, ctx))
|
||||
+ break;
|
||||
if (bits < minbits)
|
||||
return 0;
|
||||
}
|
||||
diff -up openssl-1.1.1/test/recipes/25-test_verify.t.seclevel openssl-1.1.1/test/recipes/25-test_verify.t
|
||||
--- openssl-1.1.1/test/recipes/25-test_verify.t.seclevel 2018-09-11 14:48:24.000000000 +0200
|
||||
+++ openssl-1.1.1/test/recipes/25-test_verify.t 2018-10-01 14:34:43.084145044 +0200
|
||||
@@ -342,8 +342,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver
|
||||
return 1;
|
||||
}
|
||||
|
||||
+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx)
|
||||
+{
|
||||
+ unsigned long ret = 0x40000000; /* a magical internal value used by X509_VERIFY_PARAM */
|
||||
+ const CERT *c;
|
||||
+
|
||||
+ if (FIPS_mode())
|
||||
+ return ret;
|
||||
+
|
||||
+ if (ctx != NULL) {
|
||||
+ c = ctx->cert;
|
||||
+ } else {
|
||||
+ c = s->cert;
|
||||
+ }
|
||||
+ if (tls1_cert_sigalgs_have_sha1(c))
|
||||
+ return 0;
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
int ssl_security(const SSL *s, int op, int bits, int nid, void *other)
|
||||
{
|
||||
return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex);
|
||||
diff -up openssl-1.1.1g/ssl/ssl_local.h.seclevel openssl-1.1.1g/ssl/ssl_local.h
|
||||
--- openssl-1.1.1g/ssl/ssl_local.h.seclevel 2020-06-04 15:48:01.602178783 +0200
|
||||
+++ openssl-1.1.1g/ssl/ssl_local.h 2020-06-05 17:02:22.666313410 +0200
|
||||
@@ -2576,6 +2576,7 @@ __owur int tls1_save_sigalgs(SSL *s, PAC
|
||||
__owur int tls1_process_sigalgs(SSL *s);
|
||||
__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
|
||||
__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
|
||||
+int tls1_cert_sigalgs_have_sha1(const CERT *c);
|
||||
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
|
||||
# ifndef OPENSSL_NO_EC
|
||||
__owur int tls_check_sigalg_curve(const SSL *s, int curve);
|
||||
diff -up openssl-1.1.1g/ssl/t1_lib.c.seclevel openssl-1.1.1g/ssl/t1_lib.c
|
||||
--- openssl-1.1.1g/ssl/t1_lib.c.seclevel 2020-06-04 15:48:01.654179221 +0200
|
||||
+++ openssl-1.1.1g/ssl/t1_lib.c 2020-06-05 17:02:40.268459157 +0200
|
||||
@@ -2145,6 +2145,36 @@ int tls1_set_sigalgs(CERT *c, const int
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static int tls1_sigalgs_have_sha1(const uint16_t *sigalgs, size_t sigalgslen)
|
||||
+{
|
||||
+ size_t i;
|
||||
+
|
||||
+ for (i = 0; i < sigalgslen; i++, sigalgs++) {
|
||||
+ const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs);
|
||||
+
|
||||
+ if (lu == NULL)
|
||||
+ continue;
|
||||
+ if (lu->hash == NID_sha1)
|
||||
+ return 1;
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+int tls1_cert_sigalgs_have_sha1(const CERT *c)
|
||||
+{
|
||||
+ if (c->client_sigalgs != NULL) {
|
||||
+ if (tls1_sigalgs_have_sha1(c->client_sigalgs, c->client_sigalgslen))
|
||||
+ return 1;
|
||||
+ }
|
||||
+ if (c->conf_sigalgs != NULL) {
|
||||
+ if (tls1_sigalgs_have_sha1(c->conf_sigalgs, c->conf_sigalgslen))
|
||||
+ return 1;
|
||||
+ return 0;
|
||||
+ }
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid)
|
||||
{
|
||||
int sig_nid, use_pc_sigalgs = 0;
|
||||
diff -up openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel openssl-1.1.1g/test/recipes/25-test_verify.t
|
||||
--- openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel 2020-04-21 14:22:39.000000000 +0200
|
||||
+++ openssl-1.1.1g/test/recipes/25-test_verify.t 2020-06-04 15:48:01.608178833 +0200
|
||||
@@ -346,8 +346,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver
|
||||
ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
|
||||
"CA with PSS signature using SHA256");
|
||||
|
||||
|
@ -51,10 +51,10 @@ index 05f5cec3a9..811fe727f6 100644
|
||||
};
|
||||
|
||||
DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *,
|
||||
diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h
|
||||
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
|
||||
index a109e561b3..8c313c65ac 100644
|
||||
--- a/crypto/include/internal/evp_int.h
|
||||
+++ b/crypto/include/internal/evp_int.h
|
||||
--- a/include/crypto/evp.h
|
||||
+++ b/include/crypto/evp.h
|
||||
@@ -129,6 +129,7 @@ extern const EVP_KDF_METHOD pbkdf2_kdf_meth;
|
||||
extern const EVP_KDF_METHOD scrypt_kdf_meth;
|
||||
extern const EVP_KDF_METHOD tls1_prf_kdf_meth;
|
||||
@ -119,7 +119,7 @@ index 0000000000..24f37cbed4
|
||||
+#include <openssl/evp.h>
|
||||
+#include <openssl/kdf.h>
|
||||
+#include "internal/cryptlib.h"
|
||||
+#include "internal/evp_int.h"
|
||||
+#include "crypto/evp.h"
|
||||
+#include "kdf_local.h"
|
||||
+
|
||||
+/* See RFC 4253, Section 7.2 */
|
||||
|
@ -1,26 +0,0 @@
|
||||
diff -up openssl-1.1.1c/ssl/record/ssl3_record.c.compliance openssl-1.1.1c/ssl/record/ssl3_record.c
|
||||
--- openssl-1.1.1c/ssl/record/ssl3_record.c.compliance 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/ssl/record/ssl3_record.c 2019-11-25 13:10:53.890637381 +0100
|
||||
@@ -559,7 +559,7 @@ int ssl3_get_record(SSL *s)
|
||||
RECORD_LAYER_reset_read_sequence(&s->rlayer);
|
||||
return 1;
|
||||
}
|
||||
- SSLfatal(s, SSL_AD_DECRYPTION_FAILED, SSL_F_SSL3_GET_RECORD,
|
||||
+ SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,
|
||||
SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
|
||||
return -1;
|
||||
}
|
||||
diff -up openssl-1.1.1c/ssl/statem/extensions_srvr.c.compliance openssl-1.1.1c/ssl/statem/extensions_srvr.c
|
||||
--- openssl-1.1.1c/ssl/statem/extensions_srvr.c.compliance 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/ssl/statem/extensions_srvr.c 2019-11-25 13:12:59.329459528 +0100
|
||||
@@ -1487,6 +1487,10 @@ EXT_RETURN tls_construct_stoc_status_req
|
||||
unsigned int context, X509 *x,
|
||||
size_t chainidx)
|
||||
{
|
||||
+ /* We don't currently support this extension inside a CertificateRequest */
|
||||
+ if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST)
|
||||
+ return EXT_RETURN_NOT_SENT;
|
||||
+
|
||||
if (!s->ext.status_expected)
|
||||
return EXT_RETURN_NOT_SENT;
|
||||
|
@ -1,534 +0,0 @@
|
||||
diff -up openssl-1.1.1c/crypto/dsa/dsa_ameth.c.sync openssl-1.1.1c/crypto/dsa/dsa_ameth.c
|
||||
--- openssl-1.1.1c/crypto/dsa/dsa_ameth.c.sync 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/dsa/dsa_ameth.c 2019-05-29 17:10:39.768187283 +0200
|
||||
@@ -503,7 +503,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey,
|
||||
|
||||
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
|
||||
*(int *)arg2 = NID_sha256;
|
||||
- return 2;
|
||||
+ return 1;
|
||||
|
||||
default:
|
||||
return -2;
|
||||
diff -up openssl-1.1.1c/crypto/err/err.c.sync openssl-1.1.1c/crypto/err/err.c
|
||||
--- openssl-1.1.1c/crypto/err/err.c.sync 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/err/err.c 2019-05-29 17:07:13.345793792 +0200
|
||||
@@ -184,8 +184,8 @@ static ERR_STRING_DATA *int_err_get_item
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ERR
|
||||
-/* A measurement on Linux 2018-11-21 showed about 3.5kib */
|
||||
-# define SPACE_SYS_STR_REASONS 4 * 1024
|
||||
+/* 2019-05-21: Russian and Ukrainian locales on Linux require more than 6,5 kB */
|
||||
+# define SPACE_SYS_STR_REASONS 8 * 1024
|
||||
# define NUM_SYS_STR_REASONS 127
|
||||
|
||||
static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
|
||||
@@ -219,21 +219,23 @@ static void build_SYS_str_reasons(void)
|
||||
ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
|
||||
|
||||
str->error = ERR_PACK(ERR_LIB_SYS, 0, i);
|
||||
- if (str->string == NULL) {
|
||||
+ /*
|
||||
+ * If we have used up all the space in strerror_pool,
|
||||
+ * there's no point in calling openssl_strerror_r()
|
||||
+ */
|
||||
+ if (str->string == NULL && cnt < sizeof(strerror_pool)) {
|
||||
if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) {
|
||||
size_t l = strlen(cur);
|
||||
|
||||
str->string = cur;
|
||||
cnt += l;
|
||||
- if (cnt > sizeof(strerror_pool))
|
||||
- cnt = sizeof(strerror_pool);
|
||||
cur += l;
|
||||
|
||||
/*
|
||||
* VMS has an unusual quirk of adding spaces at the end of
|
||||
- * some (most? all?) messages. Lets trim them off.
|
||||
+ * some (most? all?) messages. Lets trim them off.
|
||||
*/
|
||||
- while (ossl_isspace(cur[-1])) {
|
||||
+ while (cur > strerror_pool && ossl_isspace(cur[-1])) {
|
||||
cur--;
|
||||
cnt--;
|
||||
}
|
||||
diff -up openssl-1.1.1c/crypto/rand/rand_lib.c.sync openssl-1.1.1c/crypto/rand/rand_lib.c
|
||||
--- openssl-1.1.1c/crypto/rand/rand_lib.c.sync 2019-05-29 17:20:17.175099183 +0200
|
||||
+++ openssl-1.1.1c/crypto/rand/rand_lib.c 2019-05-30 11:51:20.784850208 +0200
|
||||
@@ -239,8 +239,9 @@ size_t rand_drbg_get_nonce(RAND_DRBG *dr
|
||||
struct {
|
||||
void * instance;
|
||||
int count;
|
||||
- } data = { NULL, 0 };
|
||||
+ } data;
|
||||
|
||||
+ memset(&data, 0, sizeof(data));
|
||||
pool = rand_pool_new(0, min_len, max_len);
|
||||
if (pool == NULL)
|
||||
return 0;
|
||||
From 6c2f347c78a530407b5310497080810094427920 Mon Sep 17 00:00:00 2001
|
||||
From: Matt Caswell <matt@openssl.org>
|
||||
Date: Wed, 17 Apr 2019 11:09:05 +0100
|
||||
Subject: [PATCH 1/2] Defer sending a KeyUpdate until after pending writes are
|
||||
complete
|
||||
|
||||
If we receive a KeyUpdate message (update requested) from the peer while
|
||||
we are in the middle of a write, we should defer sending the responding
|
||||
KeyUpdate message until after the current write is complete. We do this
|
||||
by waiting to send the KeyUpdate until the next time we write and there is
|
||||
no pending write data.
|
||||
|
||||
This does imply a subtle change in behaviour. Firstly the responding
|
||||
KeyUpdate message won't be sent straight away as it is now. Secondly if
|
||||
the peer sends multiple KeyUpdates without us doing any writing then we
|
||||
will only send one response, as opposed to previously where we sent a
|
||||
response for each KeyUpdate received.
|
||||
|
||||
Fixes #8677
|
||||
|
||||
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
|
||||
(Merged from https://github.com/openssl/openssl/pull/8773)
|
||||
|
||||
(cherry picked from commit feb9e31c40c49de6384dd0413685e9b5a15adc99)
|
||||
---
|
||||
ssl/record/rec_layer_s3.c | 7 +++++++
|
||||
ssl/statem/statem_clnt.c | 6 ------
|
||||
ssl/statem/statem_lib.c | 7 ++-----
|
||||
ssl/statem/statem_srvr.c | 6 ------
|
||||
4 files changed, 9 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
|
||||
index b2f97ef905..b65137c332 100644
|
||||
--- a/ssl/record/rec_layer_s3.c
|
||||
+++ b/ssl/record/rec_layer_s3.c
|
||||
@@ -373,6 +373,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
|
||||
|
||||
s->rlayer.wnum = 0;
|
||||
|
||||
+ /*
|
||||
+ * If we are supposed to be sending a KeyUpdate then go into init unless we
|
||||
+ * have writes pending - in which case we should finish doing that first.
|
||||
+ */
|
||||
+ if (wb->left == 0 && s->key_update != SSL_KEY_UPDATE_NONE)
|
||||
+ ossl_statem_set_in_init(s, 1);
|
||||
+
|
||||
/*
|
||||
* When writing early data on the server side we could be "in_init" in
|
||||
* between receiving the EoED and the CF - but we don't want to handle those
|
||||
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
|
||||
index 87800cd835..6410414fb6 100644
|
||||
--- a/ssl/statem/statem_clnt.c
|
||||
+++ b/ssl/statem/statem_clnt.c
|
||||
@@ -473,12 +473,6 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
|
||||
return WRITE_TRAN_CONTINUE;
|
||||
|
||||
case TLS_ST_CR_KEY_UPDATE:
|
||||
- if (s->key_update != SSL_KEY_UPDATE_NONE) {
|
||||
- st->hand_state = TLS_ST_CW_KEY_UPDATE;
|
||||
- return WRITE_TRAN_CONTINUE;
|
||||
- }
|
||||
- /* Fall through */
|
||||
-
|
||||
case TLS_ST_CW_KEY_UPDATE:
|
||||
case TLS_ST_CR_SESSION_TICKET:
|
||||
case TLS_ST_CW_FINISHED:
|
||||
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
|
||||
index c0482b0a90..2960dafa52 100644
|
||||
--- a/ssl/statem/statem_lib.c
|
||||
+++ b/ssl/statem/statem_lib.c
|
||||
@@ -645,12 +645,9 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
|
||||
/*
|
||||
* If we get a request for us to update our sending keys too then, we need
|
||||
* to additionally send a KeyUpdate message. However that message should
|
||||
- * not also request an update (otherwise we get into an infinite loop). We
|
||||
- * ignore a request for us to update our sending keys too if we already
|
||||
- * sent close_notify.
|
||||
+ * not also request an update (otherwise we get into an infinite loop).
|
||||
*/
|
||||
- if (updatetype == SSL_KEY_UPDATE_REQUESTED
|
||||
- && (s->shutdown & SSL_SENT_SHUTDOWN) == 0)
|
||||
+ if (updatetype == SSL_KEY_UPDATE_REQUESTED)
|
||||
s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED;
|
||||
|
||||
if (!tls13_update_key(s, 0)) {
|
||||
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
|
||||
index d454326a99..04a23320fc 100644
|
||||
--- a/ssl/statem/statem_srvr.c
|
||||
+++ b/ssl/statem/statem_srvr.c
|
||||
@@ -502,12 +502,6 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
|
||||
return WRITE_TRAN_CONTINUE;
|
||||
|
||||
case TLS_ST_SR_KEY_UPDATE:
|
||||
- if (s->key_update != SSL_KEY_UPDATE_NONE) {
|
||||
- st->hand_state = TLS_ST_SW_KEY_UPDATE;
|
||||
- return WRITE_TRAN_CONTINUE;
|
||||
- }
|
||||
- /* Fall through */
|
||||
-
|
||||
case TLS_ST_SW_KEY_UPDATE:
|
||||
st->hand_state = TLS_ST_OK;
|
||||
return WRITE_TRAN_CONTINUE;
|
||||
--
|
||||
2.20.1
|
||||
|
||||
From c8feb1039ccc4cd11e6db084df1446bf863bee1e Mon Sep 17 00:00:00 2001
|
||||
From: Matt Caswell <matt@openssl.org>
|
||||
Date: Wed, 17 Apr 2019 10:30:53 +0100
|
||||
Subject: [PATCH 2/2] Write a test for receiving a KeyUpdate (update requested)
|
||||
while writing
|
||||
|
||||
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
|
||||
(Merged from https://github.com/openssl/openssl/pull/8773)
|
||||
|
||||
(cherry picked from commit a77b4dba237d001073d2d1c5d55c674a196c949f)
|
||||
---
|
||||
test/sslapitest.c | 92 +++++++++++++++++++++++++++++++++++++++++++++
|
||||
test/ssltestlib.c | 96 +++++++++++++++++++++++++++++++++++++++++++++++
|
||||
test/ssltestlib.h | 3 ++
|
||||
3 files changed, 191 insertions(+)
|
||||
|
||||
diff --git a/test/sslapitest.c b/test/sslapitest.c
|
||||
index 2261fe4a7a..577342644d 100644
|
||||
--- a/test/sslapitest.c
|
||||
+++ b/test/sslapitest.c
|
||||
@@ -4290,6 +4290,11 @@ static int test_key_update(void)
|
||||
|| !TEST_int_eq(SSL_read(serverssl, buf, sizeof(buf)),
|
||||
strlen(mess)))
|
||||
goto end;
|
||||
+
|
||||
+ if (!TEST_int_eq(SSL_write(serverssl, mess, strlen(mess)), strlen(mess))
|
||||
+ || !TEST_int_eq(SSL_read(clientssl, buf, sizeof(buf)),
|
||||
+ strlen(mess)))
|
||||
+ goto end;
|
||||
}
|
||||
|
||||
testresult = 1;
|
||||
@@ -4302,6 +4307,91 @@ static int test_key_update(void)
|
||||
|
||||
return testresult;
|
||||
}
|
||||
+
|
||||
+/*
|
||||
+ * Test we can handle a KeyUpdate (update requested) message while write data
|
||||
+ * is pending.
|
||||
+ * Test 0: Client sends KeyUpdate while Server is writing
|
||||
+ * Test 1: Server sends KeyUpdate while Client is writing
|
||||
+ */
|
||||
+static int test_key_update_in_write(int tst)
|
||||
+{
|
||||
+ SSL_CTX *cctx = NULL, *sctx = NULL;
|
||||
+ SSL *clientssl = NULL, *serverssl = NULL;
|
||||
+ int testresult = 0;
|
||||
+ char buf[20];
|
||||
+ static char *mess = "A test message";
|
||||
+ BIO *bretry = BIO_new(bio_s_always_retry());
|
||||
+ BIO *tmp = NULL;
|
||||
+ SSL *peerupdate = NULL, *peerwrite = NULL;
|
||||
+
|
||||
+ if (!TEST_ptr(bretry)
|
||||
+ || !TEST_true(create_ssl_ctx_pair(TLS_server_method(),
|
||||
+ TLS_client_method(),
|
||||
+ TLS1_3_VERSION,
|
||||
+ 0,
|
||||
+ &sctx, &cctx, cert, privkey))
|
||||
+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
|
||||
+ NULL, NULL))
|
||||
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
|
||||
+ SSL_ERROR_NONE)))
|
||||
+ goto end;
|
||||
+
|
||||
+ peerupdate = tst == 0 ? clientssl : serverssl;
|
||||
+ peerwrite = tst == 0 ? serverssl : clientssl;
|
||||
+
|
||||
+ if (!TEST_true(SSL_key_update(peerupdate, SSL_KEY_UPDATE_REQUESTED))
|
||||
+ || !TEST_true(SSL_do_handshake(peerupdate)))
|
||||
+ goto end;
|
||||
+
|
||||
+ /* Swap the writing endpoint's write BIO to force a retry */
|
||||
+ tmp = SSL_get_wbio(peerwrite);
|
||||
+ if (!TEST_ptr(tmp) || !TEST_true(BIO_up_ref(tmp))) {
|
||||
+ tmp = NULL;
|
||||
+ goto end;
|
||||
+ }
|
||||
+ SSL_set0_wbio(peerwrite, bretry);
|
||||
+ bretry = NULL;
|
||||
+
|
||||
+ /* Write data that we know will fail with SSL_ERROR_WANT_WRITE */
|
||||
+ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), -1)
|
||||
+ || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_WRITE))
|
||||
+ goto end;
|
||||
+
|
||||
+ /* Reinstate the original writing endpoint's write BIO */
|
||||
+ SSL_set0_wbio(peerwrite, tmp);
|
||||
+ tmp = NULL;
|
||||
+
|
||||
+ /* Now read some data - we will read the key update */
|
||||
+ if (!TEST_int_eq(SSL_read(peerwrite, buf, sizeof(buf)), -1)
|
||||
+ || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_READ))
|
||||
+ goto end;
|
||||
+
|
||||
+ /*
|
||||
+ * Complete the write we started previously and read it from the other
|
||||
+ * endpoint
|
||||
+ */
|
||||
+ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess))
|
||||
+ || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess)))
|
||||
+ goto end;
|
||||
+
|
||||
+ /* Write more data to ensure we send the KeyUpdate message back */
|
||||
+ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess))
|
||||
+ || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess)))
|
||||
+ goto end;
|
||||
+
|
||||
+ testresult = 1;
|
||||
+
|
||||
+ end:
|
||||
+ SSL_free(serverssl);
|
||||
+ SSL_free(clientssl);
|
||||
+ SSL_CTX_free(sctx);
|
||||
+ SSL_CTX_free(cctx);
|
||||
+ BIO_free(bretry);
|
||||
+ BIO_free(tmp);
|
||||
+
|
||||
+ return testresult;
|
||||
+}
|
||||
#endif /* OPENSSL_NO_TLS1_3 */
|
||||
|
||||
static int test_ssl_clear(int idx)
|
||||
@@ -5982,6 +6072,7 @@ int setup_tests(void)
|
||||
#ifndef OPENSSL_NO_TLS1_3
|
||||
ADD_ALL_TESTS(test_export_key_mat_early, 3);
|
||||
ADD_TEST(test_key_update);
|
||||
+ ADD_ALL_TESTS(test_key_update_in_write, 2);
|
||||
#endif
|
||||
ADD_ALL_TESTS(test_ssl_clear, 2);
|
||||
ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));
|
||||
@@ -6002,4 +6093,5 @@ int setup_tests(void)
|
||||
void cleanup_tests(void)
|
||||
{
|
||||
bio_s_mempacket_test_free();
|
||||
+ bio_s_always_retry_free();
|
||||
}
|
||||
diff --git a/test/ssltestlib.c b/test/ssltestlib.c
|
||||
index 05139be750..e1038620ac 100644
|
||||
--- a/test/ssltestlib.c
|
||||
+++ b/test/ssltestlib.c
|
||||
@@ -62,9 +62,11 @@ static int tls_dump_puts(BIO *bp, const char *str);
|
||||
/* Choose a sufficiently large type likely to be unused for this custom BIO */
|
||||
#define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER)
|
||||
#define BIO_TYPE_MEMPACKET_TEST 0x81
|
||||
+#define BIO_TYPE_ALWAYS_RETRY 0x82
|
||||
|
||||
static BIO_METHOD *method_tls_dump = NULL;
|
||||
static BIO_METHOD *meth_mem = NULL;
|
||||
+static BIO_METHOD *meth_always_retry = NULL;
|
||||
|
||||
/* Note: Not thread safe! */
|
||||
const BIO_METHOD *bio_f_tls_dump_filter(void)
|
||||
@@ -612,6 +614,100 @@ static int mempacket_test_puts(BIO *bio, const char *str)
|
||||
return mempacket_test_write(bio, str, strlen(str));
|
||||
}
|
||||
|
||||
+static int always_retry_new(BIO *bi);
|
||||
+static int always_retry_free(BIO *a);
|
||||
+static int always_retry_read(BIO *b, char *out, int outl);
|
||||
+static int always_retry_write(BIO *b, const char *in, int inl);
|
||||
+static long always_retry_ctrl(BIO *b, int cmd, long num, void *ptr);
|
||||
+static int always_retry_gets(BIO *bp, char *buf, int size);
|
||||
+static int always_retry_puts(BIO *bp, const char *str);
|
||||
+
|
||||
+const BIO_METHOD *bio_s_always_retry(void)
|
||||
+{
|
||||
+ if (meth_always_retry == NULL) {
|
||||
+ if (!TEST_ptr(meth_always_retry = BIO_meth_new(BIO_TYPE_ALWAYS_RETRY,
|
||||
+ "Always Retry"))
|
||||
+ || !TEST_true(BIO_meth_set_write(meth_always_retry,
|
||||
+ always_retry_write))
|
||||
+ || !TEST_true(BIO_meth_set_read(meth_always_retry,
|
||||
+ always_retry_read))
|
||||
+ || !TEST_true(BIO_meth_set_puts(meth_always_retry,
|
||||
+ always_retry_puts))
|
||||
+ || !TEST_true(BIO_meth_set_gets(meth_always_retry,
|
||||
+ always_retry_gets))
|
||||
+ || !TEST_true(BIO_meth_set_ctrl(meth_always_retry,
|
||||
+ always_retry_ctrl))
|
||||
+ || !TEST_true(BIO_meth_set_create(meth_always_retry,
|
||||
+ always_retry_new))
|
||||
+ || !TEST_true(BIO_meth_set_destroy(meth_always_retry,
|
||||
+ always_retry_free)))
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ return meth_always_retry;
|
||||
+}
|
||||
+
|
||||
+void bio_s_always_retry_free(void)
|
||||
+{
|
||||
+ BIO_meth_free(meth_always_retry);
|
||||
+}
|
||||
+
|
||||
+static int always_retry_new(BIO *bio)
|
||||
+{
|
||||
+ BIO_set_init(bio, 1);
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+static int always_retry_free(BIO *bio)
|
||||
+{
|
||||
+ BIO_set_data(bio, NULL);
|
||||
+ BIO_set_init(bio, 0);
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+static int always_retry_read(BIO *bio, char *out, int outl)
|
||||
+{
|
||||
+ BIO_set_retry_read(bio);
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
+static int always_retry_write(BIO *bio, const char *in, int inl)
|
||||
+{
|
||||
+ BIO_set_retry_write(bio);
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
+static long always_retry_ctrl(BIO *bio, int cmd, long num, void *ptr)
|
||||
+{
|
||||
+ long ret = 1;
|
||||
+
|
||||
+ switch (cmd) {
|
||||
+ case BIO_CTRL_FLUSH:
|
||||
+ BIO_set_retry_write(bio);
|
||||
+ /* fall through */
|
||||
+ case BIO_CTRL_EOF:
|
||||
+ case BIO_CTRL_RESET:
|
||||
+ case BIO_CTRL_DUP:
|
||||
+ case BIO_CTRL_PUSH:
|
||||
+ case BIO_CTRL_POP:
|
||||
+ default:
|
||||
+ ret = 0;
|
||||
+ break;
|
||||
+ }
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static int always_retry_gets(BIO *bio, char *buf, int size)
|
||||
+{
|
||||
+ BIO_set_retry_read(bio);
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
+static int always_retry_puts(BIO *bio, const char *str)
|
||||
+{
|
||||
+ BIO_set_retry_write(bio);
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
|
||||
int min_proto_version, int max_proto_version,
|
||||
SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
|
||||
diff --git a/test/ssltestlib.h b/test/ssltestlib.h
|
||||
index fa19e7d80d..56e323f5bc 100644
|
||||
--- a/test/ssltestlib.h
|
||||
+++ b/test/ssltestlib.h
|
||||
@@ -30,6 +30,9 @@ void bio_f_tls_dump_filter_free(void);
|
||||
const BIO_METHOD *bio_s_mempacket_test(void);
|
||||
void bio_s_mempacket_test_free(void);
|
||||
|
||||
+const BIO_METHOD *bio_s_always_retry(void);
|
||||
+void bio_s_always_retry_free(void);
|
||||
+
|
||||
/* Packet types - value 0 is reserved */
|
||||
#define INJECT_PACKET 1
|
||||
#define INJECT_PACKET_IGNORE_REC_SEQ 2
|
||||
--
|
||||
2.20.1
|
||||
|
||||
diff -up openssl-1.1.1c/include/internal/constant_time_locl.h.valgrind openssl-1.1.1c/include/internal/constant_time_locl.h
|
||||
--- openssl-1.1.1c/include/internal/constant_time_locl.h.valgrind 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/include/internal/constant_time_locl.h 2019-06-24 15:02:12.796053536 +0200
|
||||
@@ -213,18 +213,66 @@ static ossl_inline unsigned char constan
|
||||
return constant_time_eq_8((unsigned)(a), (unsigned)(b));
|
||||
}
|
||||
|
||||
+/* Returns the value unmodified, but avoids optimizations. */
|
||||
+static ossl_inline unsigned int value_barrier(unsigned int a)
|
||||
+{
|
||||
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
|
||||
+ unsigned int r;
|
||||
+ __asm__("" : "=r"(r) : "0"(a));
|
||||
+#else
|
||||
+ volatile unsigned int r = a;
|
||||
+#endif
|
||||
+ return r;
|
||||
+}
|
||||
+
|
||||
+/* Convenience method for uint32_t. */
|
||||
+static ossl_inline uint32_t value_barrier_32(uint32_t a)
|
||||
+{
|
||||
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
|
||||
+ uint32_t r;
|
||||
+ __asm__("" : "=r"(r) : "0"(a));
|
||||
+#else
|
||||
+ volatile uint32_t r = a;
|
||||
+#endif
|
||||
+ return r;
|
||||
+}
|
||||
+
|
||||
+/* Convenience method for uint64_t. */
|
||||
+static ossl_inline uint64_t value_barrier_64(uint64_t a)
|
||||
+{
|
||||
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
|
||||
+ uint64_t r;
|
||||
+ __asm__("" : "=r"(r) : "0"(a));
|
||||
+#else
|
||||
+ volatile uint64_t r = a;
|
||||
+#endif
|
||||
+ return r;
|
||||
+}
|
||||
+
|
||||
+/* Convenience method for size_t. */
|
||||
+static ossl_inline size_t value_barrier_s(size_t a)
|
||||
+{
|
||||
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
|
||||
+ size_t r;
|
||||
+ __asm__("" : "=r"(r) : "0"(a));
|
||||
+#else
|
||||
+ volatile size_t r = a;
|
||||
+#endif
|
||||
+ return r;
|
||||
+}
|
||||
+
|
||||
static ossl_inline unsigned int constant_time_select(unsigned int mask,
|
||||
unsigned int a,
|
||||
unsigned int b)
|
||||
{
|
||||
- return (mask & a) | (~mask & b);
|
||||
+ return (value_barrier(mask) & a) | (value_barrier(~mask) & b);
|
||||
}
|
||||
|
||||
static ossl_inline size_t constant_time_select_s(size_t mask,
|
||||
size_t a,
|
||||
size_t b)
|
||||
{
|
||||
- return (mask & a) | (~mask & b);
|
||||
+ return (value_barrier_s(mask) & a) | (value_barrier_s(~mask) & b);
|
||||
}
|
||||
|
||||
static ossl_inline unsigned char constant_time_select_8(unsigned char mask,
|
||||
@@ -249,13 +297,13 @@ static ossl_inline int constant_time_sel
|
||||
static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a,
|
||||
uint32_t b)
|
||||
{
|
||||
- return (mask & a) | (~mask & b);
|
||||
+ return (value_barrier_32(mask) & a) | (value_barrier_32(~mask) & b);
|
||||
}
|
||||
|
||||
static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a,
|
||||
uint64_t b)
|
||||
{
|
||||
- return (mask & a) | (~mask & b);
|
||||
+ return (value_barrier_64(mask) & a) | (value_barrier_64(~mask) & b);
|
||||
}
|
||||
|
||||
/*
|
@ -1,12 +1,12 @@
|
||||
diff -up openssl-1.1.1c/include/openssl/opensslv.h.version-override openssl-1.1.1c/include/openssl/opensslv.h
|
||||
--- openssl-1.1.1c/include/openssl/opensslv.h.version-override 2019-05-29 15:52:30.014734859 +0200
|
||||
+++ openssl-1.1.1c/include/openssl/opensslv.h 2019-05-29 15:53:23.093800831 +0200
|
||||
diff -up openssl-1.1.1g/include/openssl/opensslv.h.version-override openssl-1.1.1g/include/openssl/opensslv.h
|
||||
--- openssl-1.1.1g/include/openssl/opensslv.h.version-override 2020-04-23 13:29:37.802673513 +0200
|
||||
+++ openssl-1.1.1g/include/openssl/opensslv.h 2020-04-23 13:30:13.064008458 +0200
|
||||
@@ -40,7 +40,7 @@ extern "C" {
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x1010103fL
|
||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1c 28 May 2019"
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1c FIPS 28 May 2019"
|
||||
# define OPENSSL_VERSION_NUMBER 0x1010107fL
|
||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1g 21 Apr 2020"
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1g FIPS 21 Apr 2020"
|
||||
|
||||
/*-
|
||||
* The macros below are to be used for shared library (.so, .dll, ...)
|
||||
|
@ -21,8 +21,8 @@
|
||||
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.1.1c
|
||||
Release: 12%{?dist}
|
||||
Version: 1.1.1g
|
||||
Release: 9%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -40,7 +40,7 @@ Source13: ectest.c
|
||||
# Build changes
|
||||
Patch1: openssl-1.1.1-build.patch
|
||||
Patch2: openssl-1.1.1-defaults.patch
|
||||
Patch3: openssl-1.1.0-no-html.patch
|
||||
Patch3: openssl-1.1.1-no-html.patch
|
||||
Patch4: openssl-1.1.1-man-rename.patch
|
||||
# Bug fixes
|
||||
Patch21: openssl-1.1.0-issuer-hash.patch
|
||||
@ -62,23 +62,23 @@ Patch47: openssl-1.1.1-ts-sha256-default.patch
|
||||
Patch48: openssl-1.1.1-fips-post-rand.patch
|
||||
Patch49: openssl-1.1.1-evp-kdf.patch
|
||||
Patch50: openssl-1.1.1-ssh-kdf.patch
|
||||
Patch51: openssl-1.1.1-intel-cet.patch
|
||||
Patch60: openssl-1.1.1-krb5-kdf.patch
|
||||
Patch61: openssl-1.1.1-edk2-build.patch
|
||||
Patch62: openssl-1.1.1-fips-curves.patch
|
||||
Patch65: openssl-1.1.1-fips-drbg-selftest.patch
|
||||
Patch66: openssl-1.1.1-fips-dh.patch
|
||||
Patch67: openssl-1.1.1-kdf-selftest.patch
|
||||
Patch68: openssl-1.1.1-reneg-no-extms.patch
|
||||
Patch69: openssl-1.1.1-alpn-cb.patch
|
||||
Patch70: openssl-1.1.1-rewire-fips-drbg.patch
|
||||
# Backported fixes including security fixes
|
||||
Patch51: openssl-1.1.1-upstream-sync.patch
|
||||
Patch52: openssl-1.1.1-s390x-update.patch
|
||||
Patch53: openssl-1.1.1-fips-crng-test.patch
|
||||
Patch54: openssl-1.1.1-regression-fixes.patch
|
||||
Patch55: openssl-1.1.1-arm-update.patch
|
||||
Patch56: openssl-1.1.1-s390x-ecc.patch
|
||||
Patch57: openssl-1.1.1-cve-2019-1547.patch
|
||||
Patch58: openssl-1.1.1-cve-2019-1563.patch
|
||||
Patch59: openssl-1.1.1-cve-2019-1549.patch
|
||||
Patch63: openssl-1.1.1-tls-compliance.patch
|
||||
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
License: OpenSSL and ASL 2.0
|
||||
URL: http://www.openssl.org/
|
||||
BuildRequires: gcc
|
||||
BuildRequires: coreutils, perl-interpreter, sed, zlib-devel, /usr/bin/cmp
|
||||
@ -89,6 +89,7 @@ BuildRequires: /usr/sbin/sysctl
|
||||
BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt)
|
||||
BuildRequires: perl(Module::Load::Conditional), perl(File::Temp)
|
||||
BuildRequires: perl(Time::HiRes)
|
||||
BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy)
|
||||
Requires: coreutils
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
|
||||
@ -100,7 +101,6 @@ protocols.
|
||||
|
||||
%package libs
|
||||
Summary: A general purpose cryptography library with TLS implementation
|
||||
Group: System Environment/Libraries
|
||||
Requires: ca-certificates >= 2008-5
|
||||
Requires: crypto-policies >= 20180730
|
||||
Recommends: openssl-pkcs11%{?_isa}
|
||||
@ -116,7 +116,6 @@ support cryptographic algorithms and protocols.
|
||||
|
||||
%package devel
|
||||
Summary: Files for development of applications which will use OpenSSL
|
||||
Group: Development/Libraries
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: krb5-devel%{?_isa}, zlib-devel%{?_isa}
|
||||
Requires: pkgconfig
|
||||
@ -128,7 +127,6 @@ support various cryptographic algorithms and protocols.
|
||||
|
||||
%package static
|
||||
Summary: Libraries for static linking of applications which will use OpenSSL
|
||||
Group: Development/Libraries
|
||||
Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description static
|
||||
@ -139,7 +137,6 @@ protocols.
|
||||
|
||||
%package perl
|
||||
Summary: Perl scripts provided with OpenSSL
|
||||
Group: Applications/Internet
|
||||
Requires: perl-interpreter
|
||||
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
|
||||
@ -182,19 +179,21 @@ cp %{SOURCE13} test/
|
||||
%patch48 -p1 -b .fips-post-rand
|
||||
%patch49 -p1 -b .evp-kdf
|
||||
%patch50 -p1 -b .ssh-kdf
|
||||
%patch51 -p1 -b .upstream-sync
|
||||
%patch51 -p1 -b .intel-cet
|
||||
%patch52 -p1 -b .s390x-update
|
||||
%patch53 -p1 -b .crng-test
|
||||
%patch54 -p1 -b .regression
|
||||
%patch55 -p1 -b .arm-update
|
||||
%patch56 -p1 -b .s390x-ecc
|
||||
%patch57 -p1 -b .compute-cofactor
|
||||
%patch58 -p1 -b .cms-padding-oracle
|
||||
%patch59 -p1 -b .fork-safety
|
||||
%patch60 -p1 -b .krb5-kdf
|
||||
%patch61 -p1 -b .edk2-build
|
||||
%patch62 -p1 -b .fips-curves
|
||||
%patch63 -p1 -b .compliance
|
||||
%patch65 -p1 -b .drbg-selftest
|
||||
%patch66 -p1 -b .fips-dh
|
||||
%patch67 -p1 -b .kdf-selftest
|
||||
%patch68 -p1 -b .reneg-no-extms
|
||||
%patch69 -p1 -b .alpn-cb
|
||||
%patch70 -p1 -b .rewire-fips-drbg
|
||||
|
||||
|
||||
%build
|
||||
# Figure out which flags we want to use.
|
||||
@ -478,6 +477,34 @@ export LD_LIBRARY_PATH
|
||||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Tue Jun 23 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-9
|
||||
- Rewire FIPS_drbg API to use the RAND_DRBG
|
||||
- Use the well known DH groups in TLS even for 2048 and 1024 bit parameters
|
||||
|
||||
* Mon Jun 8 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-7
|
||||
- Disallow dropping Extended Master Secret extension
|
||||
on renegotiation
|
||||
- Return alert from s_server if ALPN protocol does not match
|
||||
- SHA1 is allowed in @SECLEVEL=2 only if allowed by
|
||||
TLS SigAlgs configuration
|
||||
|
||||
* Wed Jun 3 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-6
|
||||
- Add FIPS selftest for PBKDF2 and KBKDF
|
||||
|
||||
* Wed May 27 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-5
|
||||
- Allow only well known DH groups in the FIPS mode
|
||||
|
||||
* Mon May 18 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-1
|
||||
- update to the 1.1.1g release
|
||||
- FIPS module installed state definition is modified
|
||||
|
||||
* Thu Mar 5 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-15
|
||||
- add selftest of the RAND_DRBG implementation
|
||||
|
||||
* Wed Feb 19 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-14
|
||||
- fix incorrect error return value from FIPS_selftest_dsa
|
||||
- S390x: properly restore SIGILL signal handler
|
||||
|
||||
* Wed Dec 4 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-12
|
||||
- additional fix for the edk2 build
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user