forked from rpms/openssl
import openssl-1.1.1c-2.el8_1.1
This commit is contained in:
commit
9035cd7561
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
SOURCES/openssl-1.1.1c-hobbled.tar.xz
|
1
.openssl.metadata
Normal file
1
.openssl.metadata
Normal file
@ -0,0 +1 @@
|
||||
a85056adf2c2402e808bbe3201f6e473cfa8c214 SOURCES/openssl-1.1.1c-hobbled.tar.xz
|
82
SOURCES/Makefile.certificate
Normal file
82
SOURCES/Makefile.certificate
Normal file
@ -0,0 +1,82 @@
|
||||
UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
|
||||
DAYS=365
|
||||
KEYLEN=2048
|
||||
TYPE=rsa:$(KEYLEN)
|
||||
EXTRA_FLAGS=
|
||||
ifdef SERIAL
|
||||
EXTRA_FLAGS+=-set_serial $(SERIAL)
|
||||
endif
|
||||
|
||||
.PHONY: usage
|
||||
.SUFFIXES: .key .csr .crt .pem
|
||||
.PRECIOUS: %.key %.csr %.crt %.pem
|
||||
|
||||
usage:
|
||||
@echo "This makefile allows you to create:"
|
||||
@echo " o public/private key pairs"
|
||||
@echo " o SSL certificate signing requests (CSRs)"
|
||||
@echo " o self-signed SSL test certificates"
|
||||
@echo
|
||||
@echo "To create a key pair, run \"make SOMETHING.key\"."
|
||||
@echo "To create a CSR, run \"make SOMETHING.csr\"."
|
||||
@echo "To create a test certificate, run \"make SOMETHING.crt\"."
|
||||
@echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"."
|
||||
@echo
|
||||
@echo "To create a key for use with Apache, run \"make genkey\"."
|
||||
@echo "To create a CSR for use with Apache, run \"make certreq\"."
|
||||
@echo "To create a test certificate for use with Apache, run \"make testcert\"."
|
||||
@echo
|
||||
@echo "To create a test certificate with serial number other than random, add SERIAL=num"
|
||||
@echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n"
|
||||
@echo "Any additional options can be passed to openssl req via EXTRA_FLAGS"
|
||||
@echo
|
||||
@echo Examples:
|
||||
@echo " make server.key"
|
||||
@echo " make server.csr"
|
||||
@echo " make server.crt"
|
||||
@echo " make stunnel.pem"
|
||||
@echo " make genkey"
|
||||
@echo " make certreq"
|
||||
@echo " make testcert"
|
||||
@echo " make server.crt SERIAL=1"
|
||||
@echo " make stunnel.pem EXTRA_FLAGS=-sha384"
|
||||
@echo " make testcert DAYS=600"
|
||||
|
||||
%.pem:
|
||||
umask 77 ; \
|
||||
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
|
||||
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
|
||||
/usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \
|
||||
cat $$PEM1 > $@ ; \
|
||||
echo "" >> $@ ; \
|
||||
cat $$PEM2 >> $@ ; \
|
||||
$(RM) $$PEM1 $$PEM2
|
||||
|
||||
%.key:
|
||||
umask 77 ; \
|
||||
/usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@
|
||||
|
||||
%.csr: %.key
|
||||
umask 77 ; \
|
||||
/usr/bin/openssl req $(UTF8) -new -key $^ -out $@
|
||||
|
||||
%.crt: %.key
|
||||
umask 77 ; \
|
||||
/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS)
|
||||
|
||||
TLSROOT=/etc/pki/tls
|
||||
KEY=$(TLSROOT)/private/localhost.key
|
||||
CSR=$(TLSROOT)/certs/localhost.csr
|
||||
CRT=$(TLSROOT)/certs/localhost.crt
|
||||
|
||||
genkey: $(KEY)
|
||||
certreq: $(CSR)
|
||||
testcert: $(CRT)
|
||||
|
||||
$(CSR): $(KEY)
|
||||
umask 77 ; \
|
||||
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)
|
||||
|
||||
$(CRT): $(KEY)
|
||||
umask 77 ; \
|
||||
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS)
|
72
SOURCES/README.FIPS
Normal file
72
SOURCES/README.FIPS
Normal file
@ -0,0 +1,72 @@
|
||||
User guide for the FIPS Red Hat Enterprise Linux - OpenSSL Module
|
||||
=================================================================
|
||||
|
||||
This package contains libraries which comprise the FIPS 140-2
|
||||
Red Hat Enterprise Linux - OPENSSL Module.
|
||||
|
||||
The module files
|
||||
================
|
||||
/usr/lib[64]/libcrypto.so.1.1.0
|
||||
/usr/lib[64]/libssl.so.1.1.0
|
||||
/usr/lib[64]/.libcrypto.so.1.1.0.hmac
|
||||
/usr/lib[64]/.libssl.so.1.1.0.hmac
|
||||
|
||||
Dependencies
|
||||
============
|
||||
|
||||
The approved mode of operation requires kernel with /dev/urandom RNG running
|
||||
with properties as defined in the security policy of the module. This is
|
||||
provided by kernel packages with validated Red Hat Enterprise Linux Kernel
|
||||
Crytographic Module.
|
||||
|
||||
Installation
|
||||
============
|
||||
|
||||
The RPM package of the module can be installed by standard tools recommended
|
||||
for installation of RPM packages on the Red Hat Enterprise Linux system (yum,
|
||||
rpm, RHN remote management tool).
|
||||
|
||||
The RPM package dracut-fips must be installed for the approved mode of
|
||||
operation.
|
||||
|
||||
Usage and API
|
||||
=============
|
||||
|
||||
The module respects kernel command line FIPS setting. If the kernel command
|
||||
line contains option fips=1 the module will initialize in the FIPS approved
|
||||
mode of operation automatically. To allow for the automatic initialization the
|
||||
application using the module has to call one of the following API calls:
|
||||
|
||||
- void OPENSSL_init_library(void) - this will do only a basic initialization
|
||||
of the library and does initialization of the FIPS approved mode without setting
|
||||
up EVP API with supported algorithms.
|
||||
|
||||
- void OPENSSL_add_all_algorithms(void) - this API function calls
|
||||
OPENSSL_init() implicitly and also adds all approved algorithms to the EVP API
|
||||
in the approved mode
|
||||
|
||||
- void SSL_library_init(void) - it calls OPENSSL_init() implicitly and also
|
||||
adds algorithms which are necessary for TLS protocol support and initializes
|
||||
the SSL library.
|
||||
|
||||
To explicitely put the library to the approved mode the application can call
|
||||
the following function:
|
||||
|
||||
- int FIPS_mode_set(int on) - if called with 1 as a parameter it will switch
|
||||
the library from the non-approved to the approved mode. If any of the selftests
|
||||
and integrity verification tests fail, the library is put into the error state
|
||||
and 0 is returned. If they succeed the return value is 1.
|
||||
|
||||
To query the module whether it is in the approved mode or not:
|
||||
|
||||
- int FIPS_mode(void) - returns 1 if the module is in the approved mode,
|
||||
0 otherwise.
|
||||
|
||||
To query whether the module is in the error state:
|
||||
|
||||
- int FIPS_selftest_failed(void) - returns 1 if the module is in the error
|
||||
state, 0 otherwise.
|
||||
|
||||
To zeroize the FIPS RNG key and internal state the application calls:
|
||||
|
||||
- void RAND_cleanup(void)
|
470
SOURCES/ec_curve.c
Normal file
470
SOURCES/ec_curve.c
Normal file
@ -0,0 +1,470 @@
|
||||
/*
|
||||
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
#include "ec_lcl.h"
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/obj_mac.h>
|
||||
#include <openssl/opensslconf.h>
|
||||
#include "internal/nelem.h"
|
||||
|
||||
typedef struct {
|
||||
int field_type, /* either NID_X9_62_prime_field or
|
||||
* NID_X9_62_characteristic_two_field */
|
||||
seed_len, param_len;
|
||||
unsigned int cofactor; /* promoted to BN_ULONG */
|
||||
} EC_CURVE_DATA;
|
||||
|
||||
/* the nist prime curves */
|
||||
static const struct {
|
||||
EC_CURVE_DATA h;
|
||||
unsigned char data[20 + 28 * 6];
|
||||
} _EC_NIST_PRIME_224 = {
|
||||
{
|
||||
NID_X9_62_prime_field, 20, 28, 1
|
||||
},
|
||||
{
|
||||
/* seed */
|
||||
0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F,
|
||||
0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5,
|
||||
/* p */
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x01,
|
||||
/* a */
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFE,
|
||||
/* b */
|
||||
0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
|
||||
0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
|
||||
0x23, 0x55, 0xFF, 0xB4,
|
||||
/* x */
|
||||
0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
|
||||
0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
|
||||
0x11, 0x5C, 0x1D, 0x21,
|
||||
/* y */
|
||||
0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
|
||||
0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
|
||||
0x85, 0x00, 0x7e, 0x34,
|
||||
/* order */
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
|
||||
0x5C, 0x5C, 0x2A, 0x3D
|
||||
}
|
||||
};
|
||||
|
||||
static const struct {
|
||||
EC_CURVE_DATA h;
|
||||
unsigned char data[20 + 48 * 6];
|
||||
} _EC_NIST_PRIME_384 = {
|
||||
{
|
||||
NID_X9_62_prime_field, 20, 48, 1
|
||||
},
|
||||
{
|
||||
/* seed */
|
||||
0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A,
|
||||
0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73,
|
||||
/* p */
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
/* a */
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC,
|
||||
/* b */
|
||||
0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B,
|
||||
0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12,
|
||||
0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D,
|
||||
0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF,
|
||||
/* x */
|
||||
0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E,
|
||||
0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98,
|
||||
0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D,
|
||||
0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7,
|
||||
/* y */
|
||||
0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf,
|
||||
0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
|
||||
0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce,
|
||||
0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
|
||||
/* order */
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2,
|
||||
0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73
|
||||
}
|
||||
};
|
||||
|
||||
static const struct {
|
||||
EC_CURVE_DATA h;
|
||||
unsigned char data[20 + 66 * 6];
|
||||
} _EC_NIST_PRIME_521 = {
|
||||
{
|
||||
NID_X9_62_prime_field, 20, 66, 1
|
||||
},
|
||||
{
|
||||
/* seed */
|
||||
0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17,
|
||||
0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA,
|
||||
/* p */
|
||||
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
/* a */
|
||||
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
|
||||
/* b */
|
||||
0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A,
|
||||
0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3,
|
||||
0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19,
|
||||
0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1,
|
||||
0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45,
|
||||
0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00,
|
||||
/* x */
|
||||
0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E,
|
||||
0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F,
|
||||
0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B,
|
||||
0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF,
|
||||
0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E,
|
||||
0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66,
|
||||
/* y */
|
||||
0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a,
|
||||
0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
|
||||
0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee,
|
||||
0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
|
||||
0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
|
||||
0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
|
||||
/* order */
|
||||
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86,
|
||||
0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
|
||||
0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F,
|
||||
0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09
|
||||
}
|
||||
};
|
||||
|
||||
static const struct {
|
||||
EC_CURVE_DATA h;
|
||||
unsigned char data[20 + 32 * 6];
|
||||
} _EC_X9_62_PRIME_256V1 = {
|
||||
{
|
||||
NID_X9_62_prime_field, 20, 32, 1
|
||||
},
|
||||
{
|
||||
/* seed */
|
||||
0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1,
|
||||
0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90,
|
||||
/* p */
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
/* a */
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
|
||||
/* b */
|
||||
0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55,
|
||||
0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6,
|
||||
0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B,
|
||||
/* x */
|
||||
0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5,
|
||||
0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0,
|
||||
0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96,
|
||||
/* y */
|
||||
0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a,
|
||||
0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
|
||||
0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
|
||||
/* order */
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
|
||||
0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
|
||||
}
|
||||
};
|
||||
|
||||
static const struct {
|
||||
EC_CURVE_DATA h;
|
||||
unsigned char data[0 + 32 * 6];
|
||||
} _EC_SECG_PRIME_256K1 = {
|
||||
{
|
||||
NID_X9_62_prime_field, 0, 32, 1
|
||||
},
|
||||
{
|
||||
/* no seed */
|
||||
/* p */
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
|
||||
/* a */
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
/* b */
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
|
||||
/* x */
|
||||
0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95,
|
||||
0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9,
|
||||
0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98,
|
||||
/* y */
|
||||
0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc,
|
||||
0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19,
|
||||
0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8,
|
||||
/* order */
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
|
||||
0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
|
||||
}
|
||||
};
|
||||
|
||||
typedef struct _ec_list_element_st {
|
||||
int nid;
|
||||
const EC_CURVE_DATA *data;
|
||||
const EC_METHOD *(*meth) (void);
|
||||
const char *comment;
|
||||
} ec_list_element;
|
||||
|
||||
static const ec_list_element curve_list[] = {
|
||||
/* prime field curves */
|
||||
/* secg curves */
|
||||
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
{NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
|
||||
"NIST/SECG curve over a 224 bit prime field"},
|
||||
#else
|
||||
{NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
|
||||
"NIST/SECG curve over a 224 bit prime field"},
|
||||
#endif
|
||||
{NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
|
||||
"SECG curve over a 256 bit prime field"},
|
||||
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
|
||||
{NID_secp384r1, &_EC_NIST_PRIME_384.h, 0,
|
||||
"NIST/SECG curve over a 384 bit prime field"},
|
||||
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
{NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method,
|
||||
"NIST/SECG curve over a 521 bit prime field"},
|
||||
#else
|
||||
{NID_secp521r1, &_EC_NIST_PRIME_521.h, 0,
|
||||
"NIST/SECG curve over a 521 bit prime field"},
|
||||
#endif
|
||||
/* X9.62 curves */
|
||||
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
|
||||
#if defined(ECP_NISTZ256_ASM)
|
||||
EC_GFp_nistz256_method,
|
||||
#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
|
||||
EC_GFp_nistp256_method,
|
||||
#else
|
||||
0,
|
||||
#endif
|
||||
"X9.62/SECG curve over a 256 bit prime field"},
|
||||
};
|
||||
|
||||
#define curve_list_length OSSL_NELEM(curve_list)
|
||||
|
||||
static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
|
||||
{
|
||||
EC_GROUP *group = NULL;
|
||||
EC_POINT *P = NULL;
|
||||
BN_CTX *ctx = NULL;
|
||||
BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order =
|
||||
NULL;
|
||||
int ok = 0;
|
||||
int seed_len, param_len;
|
||||
const EC_METHOD *meth;
|
||||
const EC_CURVE_DATA *data;
|
||||
const unsigned char *params;
|
||||
|
||||
/* If no curve data curve method must handle everything */
|
||||
if (curve.data == NULL)
|
||||
return EC_GROUP_new(curve.meth != NULL ? curve.meth() : NULL);
|
||||
|
||||
if ((ctx = BN_CTX_new()) == NULL) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
data = curve.data;
|
||||
seed_len = data->seed_len;
|
||||
param_len = data->param_len;
|
||||
params = (const unsigned char *)(data + 1); /* skip header */
|
||||
params += seed_len; /* skip seed */
|
||||
|
||||
if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL
|
||||
|| (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL
|
||||
|| (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (curve.meth != 0) {
|
||||
meth = curve.meth();
|
||||
if (((group = EC_GROUP_new(meth)) == NULL) ||
|
||||
(!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
} else if (data->field_type == NID_X9_62_prime_field) {
|
||||
if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
#ifndef OPENSSL_NO_EC2M
|
||||
else { /* field_type ==
|
||||
* NID_X9_62_characteristic_two_field */
|
||||
|
||||
if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
EC_GROUP_set_curve_name(group, curve.nid);
|
||||
|
||||
if ((P = EC_POINT_new(group)) == NULL) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL
|
||||
|| (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL
|
||||
|| !BN_set_word(x, (BN_ULONG)data->cofactor)) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!EC_GROUP_set_generator(group, P, order, x)) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (seed_len) {
|
||||
if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
ok = 1;
|
||||
err:
|
||||
if (!ok) {
|
||||
EC_GROUP_free(group);
|
||||
group = NULL;
|
||||
}
|
||||
EC_POINT_free(P);
|
||||
BN_CTX_free(ctx);
|
||||
BN_free(p);
|
||||
BN_free(a);
|
||||
BN_free(b);
|
||||
BN_free(order);
|
||||
BN_free(x);
|
||||
BN_free(y);
|
||||
return group;
|
||||
}
|
||||
|
||||
EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
|
||||
{
|
||||
size_t i;
|
||||
EC_GROUP *ret = NULL;
|
||||
|
||||
if (nid <= 0)
|
||||
return NULL;
|
||||
|
||||
for (i = 0; i < curve_list_length; i++)
|
||||
if (curve_list[i].nid == nid) {
|
||||
ret = ec_group_new_from_data(curve_list[i]);
|
||||
break;
|
||||
}
|
||||
|
||||
if (ret == NULL) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
|
||||
{
|
||||
size_t i, min;
|
||||
|
||||
if (r == NULL || nitems == 0)
|
||||
return curve_list_length;
|
||||
|
||||
min = nitems < curve_list_length ? nitems : curve_list_length;
|
||||
|
||||
for (i = 0; i < min; i++) {
|
||||
r[i].nid = curve_list[i].nid;
|
||||
r[i].comment = curve_list[i].comment;
|
||||
}
|
||||
|
||||
return curve_list_length;
|
||||
}
|
||||
|
||||
/* Functions to translate between common NIST curve names and NIDs */
|
||||
|
||||
typedef struct {
|
||||
const char *name; /* NIST Name of curve */
|
||||
int nid; /* Curve NID */
|
||||
} EC_NIST_NAME;
|
||||
|
||||
static EC_NIST_NAME nist_curves[] = {
|
||||
{"B-163", NID_sect163r2},
|
||||
{"B-233", NID_sect233r1},
|
||||
{"B-283", NID_sect283r1},
|
||||
{"B-409", NID_sect409r1},
|
||||
{"B-571", NID_sect571r1},
|
||||
{"K-163", NID_sect163k1},
|
||||
{"K-233", NID_sect233k1},
|
||||
{"K-283", NID_sect283k1},
|
||||
{"K-409", NID_sect409k1},
|
||||
{"K-571", NID_sect571k1},
|
||||
{"P-192", NID_X9_62_prime192v1},
|
||||
{"P-224", NID_secp224r1},
|
||||
{"P-256", NID_X9_62_prime256v1},
|
||||
{"P-384", NID_secp384r1},
|
||||
{"P-521", NID_secp521r1}
|
||||
};
|
||||
|
||||
const char *EC_curve_nid2nist(int nid)
|
||||
{
|
||||
size_t i;
|
||||
for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
|
||||
if (nist_curves[i].nid == nid)
|
||||
return nist_curves[i].name;
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int EC_curve_nist2nid(const char *name)
|
||||
{
|
||||
size_t i;
|
||||
for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
|
||||
if (strcmp(nist_curves[i].name, name) == 0)
|
||||
return nist_curves[i].nid;
|
||||
}
|
||||
return NID_undef;
|
||||
}
|
920
SOURCES/ectest.c
Normal file
920
SOURCES/ectest.c
Normal file
@ -0,0 +1,920 @@
|
||||
/*
|
||||
* Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "internal/nelem.h"
|
||||
#include "testutil.h"
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
# include <openssl/ec.h>
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
# include <openssl/engine.h>
|
||||
# endif
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/obj_mac.h>
|
||||
# include <openssl/objects.h>
|
||||
# include <openssl/rand.h>
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/opensslconf.h>
|
||||
|
||||
static size_t crv_len = 0;
|
||||
static EC_builtin_curve *curves = NULL;
|
||||
|
||||
/* test multiplication with group order, long and negative scalars */
|
||||
static int group_order_tests(EC_GROUP *group)
|
||||
{
|
||||
BIGNUM *n1 = NULL, *n2 = NULL, *order = NULL;
|
||||
EC_POINT *P = NULL, *Q = NULL, *R = NULL, *S = NULL;
|
||||
const EC_POINT *G = NULL;
|
||||
BN_CTX *ctx = NULL;
|
||||
int i = 0, r = 0;
|
||||
|
||||
if (!TEST_ptr(n1 = BN_new())
|
||||
|| !TEST_ptr(n2 = BN_new())
|
||||
|| !TEST_ptr(order = BN_new())
|
||||
|| !TEST_ptr(ctx = BN_CTX_new())
|
||||
|| !TEST_ptr(G = EC_GROUP_get0_generator(group))
|
||||
|| !TEST_ptr(P = EC_POINT_new(group))
|
||||
|| !TEST_ptr(Q = EC_POINT_new(group))
|
||||
|| !TEST_ptr(R = EC_POINT_new(group))
|
||||
|| !TEST_ptr(S = EC_POINT_new(group)))
|
||||
goto err;
|
||||
|
||||
if (!TEST_true(EC_GROUP_get_order(group, order, ctx))
|
||||
|| !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
|
||||
|| !TEST_true(EC_POINT_is_at_infinity(group, Q))
|
||||
|| !TEST_true(EC_GROUP_precompute_mult(group, ctx))
|
||||
|| !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
|
||||
|| !TEST_true(EC_POINT_is_at_infinity(group, Q))
|
||||
|| !TEST_true(EC_POINT_copy(P, G))
|
||||
|| !TEST_true(BN_one(n1))
|
||||
|| !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx))
|
||||
|| !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))
|
||||
|| !TEST_true(BN_sub(n1, order, n1))
|
||||
|| !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx))
|
||||
|| !TEST_true(EC_POINT_invert(group, Q, ctx))
|
||||
|| !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)))
|
||||
goto err;
|
||||
|
||||
for (i = 1; i <= 2; i++) {
|
||||
const BIGNUM *scalars[6];
|
||||
const EC_POINT *points[6];
|
||||
|
||||
if (!TEST_true(BN_set_word(n1, i))
|
||||
/*
|
||||
* If i == 1, P will be the predefined generator for which
|
||||
* EC_GROUP_precompute_mult has set up precomputation.
|
||||
*/
|
||||
|| !TEST_true(EC_POINT_mul(group, P, n1, NULL, NULL, ctx))
|
||||
|| (i == 1 && !TEST_int_eq(0, EC_POINT_cmp(group, P, G, ctx)))
|
||||
|| !TEST_true(BN_one(n1))
|
||||
/* n1 = 1 - order */
|
||||
|| !TEST_true(BN_sub(n1, n1, order))
|
||||
|| !TEST_true(EC_POINT_mul(group, Q, NULL, P, n1, ctx))
|
||||
|| !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))
|
||||
|
||||
/* n2 = 1 + order */
|
||||
|| !TEST_true(BN_add(n2, order, BN_value_one()))
|
||||
|| !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx))
|
||||
|| !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))
|
||||
|
||||
/* n2 = (1 - order) * (1 + order) = 1 - order^2 */
|
||||
|| !TEST_true(BN_mul(n2, n1, n2, ctx))
|
||||
|| !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx))
|
||||
|| !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)))
|
||||
goto err;
|
||||
|
||||
/* n2 = order^2 - 1 */
|
||||
BN_set_negative(n2, 0);
|
||||
if (!TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx))
|
||||
/* Add P to verify the result. */
|
||||
|| !TEST_true(EC_POINT_add(group, Q, Q, P, ctx))
|
||||
|| !TEST_true(EC_POINT_is_at_infinity(group, Q))
|
||||
|
||||
/* Exercise EC_POINTs_mul, including corner cases. */
|
||||
|| !TEST_false(EC_POINT_is_at_infinity(group, P)))
|
||||
goto err;
|
||||
|
||||
scalars[0] = scalars[1] = BN_value_one();
|
||||
points[0] = points[1] = P;
|
||||
|
||||
if (!TEST_true(EC_POINTs_mul(group, R, NULL, 2, points, scalars, ctx))
|
||||
|| !TEST_true(EC_POINT_dbl(group, S, points[0], ctx))
|
||||
|| !TEST_int_eq(0, EC_POINT_cmp(group, R, S, ctx)))
|
||||
goto err;
|
||||
|
||||
scalars[0] = n1;
|
||||
points[0] = Q; /* => infinity */
|
||||
scalars[1] = n2;
|
||||
points[1] = P; /* => -P */
|
||||
scalars[2] = n1;
|
||||
points[2] = Q; /* => infinity */
|
||||
scalars[3] = n2;
|
||||
points[3] = Q; /* => infinity */
|
||||
scalars[4] = n1;
|
||||
points[4] = P; /* => P */
|
||||
scalars[5] = n2;
|
||||
points[5] = Q; /* => infinity */
|
||||
if (!TEST_true(EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx))
|
||||
|| !TEST_true(EC_POINT_is_at_infinity(group, P)))
|
||||
goto err;
|
||||
}
|
||||
|
||||
r = 1;
|
||||
err:
|
||||
if (r == 0 && i != 0)
|
||||
TEST_info(i == 1 ? "allowing precomputation" :
|
||||
"without precomputation");
|
||||
EC_POINT_free(P);
|
||||
EC_POINT_free(Q);
|
||||
EC_POINT_free(R);
|
||||
EC_POINT_free(S);
|
||||
BN_free(n1);
|
||||
BN_free(n2);
|
||||
BN_free(order);
|
||||
BN_CTX_free(ctx);
|
||||
return r;
|
||||
}
|
||||
|
||||
static int prime_field_tests(void)
|
||||
{
|
||||
BN_CTX *ctx = NULL;
|
||||
BIGNUM *p = NULL, *a = NULL, *b = NULL, *scalar3 = NULL;
|
||||
EC_GROUP *group = NULL, *tmp = NULL;
|
||||
EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL,
|
||||
*P_256 = NULL, *P_384 = NULL, *P_521 = NULL;
|
||||
EC_POINT *P = NULL, *Q = NULL, *R = NULL;
|
||||
BIGNUM *x = NULL, *y = NULL, *z = NULL, *yplusone = NULL;
|
||||
const EC_POINT *points[4];
|
||||
const BIGNUM *scalars[4];
|
||||
unsigned char buf[100];
|
||||
size_t len, r = 0;
|
||||
int k;
|
||||
|
||||
if (!TEST_ptr(ctx = BN_CTX_new())
|
||||
|| !TEST_ptr(p = BN_new())
|
||||
|| !TEST_ptr(a = BN_new())
|
||||
|| !TEST_ptr(b = BN_new())
|
||||
/*
|
||||
* applications should use EC_GROUP_new_curve_GFp so
|
||||
* that the library gets to choose the EC_METHOD
|
||||
*/
|
||||
|| !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method()))
|
||||
|| !TEST_ptr(tmp = EC_GROUP_new(EC_GROUP_method_of(group)))
|
||||
|| !TEST_true(EC_GROUP_copy(tmp, group)))
|
||||
goto err;
|
||||
EC_GROUP_free(group);
|
||||
group = tmp;
|
||||
tmp = NULL;
|
||||
|
||||
buf[0] = 0;
|
||||
if (!TEST_ptr(P = EC_POINT_new(group))
|
||||
|| !TEST_ptr(Q = EC_POINT_new(group))
|
||||
|| !TEST_ptr(R = EC_POINT_new(group))
|
||||
|| !TEST_ptr(x = BN_new())
|
||||
|| !TEST_ptr(y = BN_new())
|
||||
|| !TEST_ptr(z = BN_new())
|
||||
|| !TEST_ptr(yplusone = BN_new()))
|
||||
goto err;
|
||||
|
||||
/* Curve P-224 (FIPS PUB 186-2, App. 6) */
|
||||
|
||||
if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFF000000000000000000000001"))
|
||||
|| !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
|
||||
|| !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"))
|
||||
|| !TEST_true(BN_hex2bn(&b, "B4050A850C04B3ABF5413256"
|
||||
"5044B0B7D7BFD8BA270B39432355FFB4"))
|
||||
|| !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
|
||||
|| !TEST_true(BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B9"
|
||||
"4A03C1D356C21122343280D6115C1D21"))
|
||||
|| !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx))
|
||||
|| !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
|
||||
|| !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFF16A2E0B8F03E13DD29455C5C2A3D"))
|
||||
|| !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
|
||||
|| !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
|
||||
goto err;
|
||||
|
||||
TEST_info("NIST curve P-224 -- Generator");
|
||||
test_output_bignum("x", x);
|
||||
test_output_bignum("y", y);
|
||||
/* G_y value taken from the standard: */
|
||||
if (!TEST_true(BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6"
|
||||
"CD4375A05A07476444D5819985007E34"))
|
||||
|| !TEST_BN_eq(y, z)
|
||||
|| !TEST_true(BN_add(yplusone, y, BN_value_one()))
|
||||
/*
|
||||
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
|
||||
* and therefore setting the coordinates should fail.
|
||||
*/
|
||||
|| !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
|
||||
ctx))
|
||||
|| !TEST_int_eq(EC_GROUP_get_degree(group), 224)
|
||||
|| !group_order_tests(group)
|
||||
|| !TEST_ptr(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))
|
||||
|| !TEST_true(EC_GROUP_copy(P_224, group))
|
||||
|
||||
/* Curve P-256 (FIPS PUB 186-2, App. 6) */
|
||||
|
||||
|| !TEST_true(BN_hex2bn(&p, "FFFFFFFF000000010000000000000000"
|
||||
"00000000FFFFFFFFFFFFFFFFFFFFFFFF"))
|
||||
|| !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
|
||||
|| !TEST_true(BN_hex2bn(&a, "FFFFFFFF000000010000000000000000"
|
||||
"00000000FFFFFFFFFFFFFFFFFFFFFFFC"))
|
||||
|| !TEST_true(BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC"
|
||||
"651D06B0CC53B0F63BCE3C3E27D2604B"))
|
||||
|| !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
|
||||
|
||||
|| !TEST_true(BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F2"
|
||||
"77037D812DEB33A0F4A13945D898C296"))
|
||||
|| !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx))
|
||||
|| !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
|
||||
|| !TEST_true(BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFF"
|
||||
"BCE6FAADA7179E84F3B9CAC2FC632551"))
|
||||
|| !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
|
||||
|| !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
|
||||
goto err;
|
||||
|
||||
TEST_info("NIST curve P-256 -- Generator");
|
||||
test_output_bignum("x", x);
|
||||
test_output_bignum("y", y);
|
||||
/* G_y value taken from the standard: */
|
||||
if (!TEST_true(BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16"
|
||||
"2BCE33576B315ECECBB6406837BF51F5"))
|
||||
|| !TEST_BN_eq(y, z)
|
||||
|| !TEST_true(BN_add(yplusone, y, BN_value_one()))
|
||||
/*
|
||||
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
|
||||
* and therefore setting the coordinates should fail.
|
||||
*/
|
||||
|| !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
|
||||
ctx))
|
||||
|| !TEST_int_eq(EC_GROUP_get_degree(group), 256)
|
||||
|| !group_order_tests(group)
|
||||
|| !TEST_ptr(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))
|
||||
|| !TEST_true(EC_GROUP_copy(P_256, group))
|
||||
|
||||
/* Curve P-384 (FIPS PUB 186-2, App. 6) */
|
||||
|
||||
|| !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
|
||||
"FFFFFFFF0000000000000000FFFFFFFF"))
|
||||
|| !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
|
||||
|| !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
|
||||
"FFFFFFFF0000000000000000FFFFFFFC"))
|
||||
|| !TEST_true(BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19"
|
||||
"181D9C6EFE8141120314088F5013875A"
|
||||
"C656398D8A2ED19D2A85C8EDD3EC2AEF"))
|
||||
|| !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
|
||||
|
||||
|| !TEST_true(BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD74"
|
||||
"6E1D3B628BA79B9859F741E082542A38"
|
||||
"5502F25DBF55296C3A545E3872760AB7"))
|
||||
|| !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx))
|
||||
|| !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
|
||||
|| !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFC7634D81F4372DDF"
|
||||
"581A0DB248B0A77AECEC196ACCC52973"))
|
||||
|| !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
|
||||
|| !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
|
||||
goto err;
|
||||
|
||||
TEST_info("NIST curve P-384 -- Generator");
|
||||
test_output_bignum("x", x);
|
||||
test_output_bignum("y", y);
|
||||
/* G_y value taken from the standard: */
|
||||
if (!TEST_true(BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29"
|
||||
"F8F41DBD289A147CE9DA3113B5F0B8C0"
|
||||
"0A60B1CE1D7E819D7A431D7C90EA0E5F"))
|
||||
|| !TEST_BN_eq(y, z)
|
||||
|| !TEST_true(BN_add(yplusone, y, BN_value_one()))
|
||||
/*
|
||||
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
|
||||
* and therefore setting the coordinates should fail.
|
||||
*/
|
||||
|| !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
|
||||
ctx))
|
||||
|| !TEST_int_eq(EC_GROUP_get_degree(group), 384)
|
||||
|| !group_order_tests(group)
|
||||
|| !TEST_ptr(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))
|
||||
|| !TEST_true(EC_GROUP_copy(P_384, group))
|
||||
|
||||
/* Curve P-521 (FIPS PUB 186-2, App. 6) */
|
||||
|| !TEST_true(BN_hex2bn(&p, "1FF"
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"))
|
||||
|| !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
|
||||
|| !TEST_true(BN_hex2bn(&a, "1FF"
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC"))
|
||||
|| !TEST_true(BN_hex2bn(&b, "051"
|
||||
"953EB9618E1C9A1F929A21A0B68540EE"
|
||||
"A2DA725B99B315F3B8B489918EF109E1"
|
||||
"56193951EC7E937B1652C0BD3BB1BF07"
|
||||
"3573DF883D2C34F1EF451FD46B503F00"))
|
||||
|| !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
|
||||
|| !TEST_true(BN_hex2bn(&x, "C6"
|
||||
"858E06B70404E9CD9E3ECB662395B442"
|
||||
"9C648139053FB521F828AF606B4D3DBA"
|
||||
"A14B5E77EFE75928FE1DC127A2FFA8DE"
|
||||
"3348B3C1856A429BF97E7E31C2E5BD66"))
|
||||
|| !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx))
|
||||
|| !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
|
||||
|| !TEST_true(BN_hex2bn(&z, "1FF"
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA"
|
||||
"51868783BF2F966B7FCC0148F709A5D0"
|
||||
"3BB5C9B8899C47AEBB6FB71E91386409"))
|
||||
|| !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
|
||||
|| !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
|
||||
goto err;
|
||||
|
||||
TEST_info("NIST curve P-521 -- Generator");
|
||||
test_output_bignum("x", x);
|
||||
test_output_bignum("y", y);
|
||||
/* G_y value taken from the standard: */
|
||||
if (!TEST_true(BN_hex2bn(&z, "118"
|
||||
"39296A789A3BC0045C8A5FB42C7D1BD9"
|
||||
"98F54449579B446817AFBD17273E662C"
|
||||
"97EE72995EF42640C550B9013FAD0761"
|
||||
"353C7086A272C24088BE94769FD16650"))
|
||||
|| !TEST_BN_eq(y, z)
|
||||
|| !TEST_true(BN_add(yplusone, y, BN_value_one()))
|
||||
/*
|
||||
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
|
||||
* and therefore setting the coordinates should fail.
|
||||
*/
|
||||
|| !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
|
||||
ctx))
|
||||
|| !TEST_int_eq(EC_GROUP_get_degree(group), 521)
|
||||
|| !group_order_tests(group)
|
||||
|| !TEST_ptr(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))
|
||||
|| !TEST_true(EC_GROUP_copy(P_521, group))
|
||||
|
||||
/* more tests using the last curve */
|
||||
|
||||
/* Restore the point that got mangled in the (x, y + 1) test. */
|
||||
|| !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx))
|
||||
|| !TEST_true(EC_POINT_copy(Q, P))
|
||||
|| !TEST_false(EC_POINT_is_at_infinity(group, Q))
|
||||
|| !TEST_true(EC_POINT_dbl(group, P, P, ctx))
|
||||
|| !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
|
||||
|| !TEST_true(EC_POINT_invert(group, Q, ctx)) /* P = -2Q */
|
||||
|| !TEST_true(EC_POINT_add(group, R, P, Q, ctx))
|
||||
|| !TEST_true(EC_POINT_add(group, R, R, Q, ctx))
|
||||
|| !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */
|
||||
|| !TEST_false(EC_POINT_is_at_infinity(group, Q)))
|
||||
goto err;
|
||||
points[0] = Q;
|
||||
points[1] = Q;
|
||||
points[2] = Q;
|
||||
points[3] = Q;
|
||||
|
||||
if (!TEST_true(EC_GROUP_get_order(group, z, ctx))
|
||||
|| !TEST_true(BN_add(y, z, BN_value_one()))
|
||||
|| !TEST_BN_even(y)
|
||||
|| !TEST_true(BN_rshift1(y, y)))
|
||||
goto err;
|
||||
scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
|
||||
scalars[1] = y;
|
||||
|
||||
TEST_note("combined multiplication ...");
|
||||
|
||||
/* z is still the group order */
|
||||
if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
|
||||
|| !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
|
||||
|| !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx))
|
||||
|| !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx))
|
||||
|| !TEST_true(BN_rand(y, BN_num_bits(y), 0, 0))
|
||||
|| !TEST_true(BN_add(z, z, y)))
|
||||
goto err;
|
||||
BN_set_negative(z, 1);
|
||||
scalars[0] = y;
|
||||
scalars[1] = z; /* z = -(order + y) */
|
||||
|
||||
if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
|
||||
|| !TEST_true(EC_POINT_is_at_infinity(group, P))
|
||||
|| !TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0))
|
||||
|| !TEST_true(BN_add(z, x, y)))
|
||||
goto err;
|
||||
BN_set_negative(z, 1);
|
||||
scalars[0] = x;
|
||||
scalars[1] = y;
|
||||
scalars[2] = z; /* z = -(x+y) */
|
||||
|
||||
if (!TEST_ptr(scalar3 = BN_new()))
|
||||
goto err;
|
||||
BN_zero(scalar3);
|
||||
scalars[3] = scalar3;
|
||||
|
||||
if (!TEST_true(EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
|
||||
|| !TEST_true(EC_POINT_is_at_infinity(group, P)))
|
||||
goto err;
|
||||
|
||||
TEST_note(" ok\n");
|
||||
|
||||
|
||||
r = 1;
|
||||
err:
|
||||
BN_CTX_free(ctx);
|
||||
BN_free(p);
|
||||
BN_free(a);
|
||||
BN_free(b);
|
||||
EC_GROUP_free(group);
|
||||
EC_GROUP_free(tmp);
|
||||
EC_POINT_free(P);
|
||||
EC_POINT_free(Q);
|
||||
EC_POINT_free(R);
|
||||
BN_free(x);
|
||||
BN_free(y);
|
||||
BN_free(z);
|
||||
BN_free(yplusone);
|
||||
BN_free(scalar3);
|
||||
|
||||
EC_GROUP_free(P_224);
|
||||
EC_GROUP_free(P_256);
|
||||
EC_GROUP_free(P_384);
|
||||
EC_GROUP_free(P_521);
|
||||
return r;
|
||||
}
|
||||
|
||||
static int internal_curve_test(int n)
|
||||
{
|
||||
EC_GROUP *group = NULL;
|
||||
int nid = curves[n].nid;
|
||||
|
||||
if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) {
|
||||
TEST_info("EC_GROUP_new_curve_name() failed with curve %s\n",
|
||||
OBJ_nid2sn(nid));
|
||||
return 0;
|
||||
}
|
||||
if (!TEST_true(EC_GROUP_check(group, NULL))) {
|
||||
TEST_info("EC_GROUP_check() failed with curve %s\n", OBJ_nid2sn(nid));
|
||||
EC_GROUP_free(group);
|
||||
return 0;
|
||||
}
|
||||
EC_GROUP_free(group);
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int internal_curve_test_method(int n)
|
||||
{
|
||||
int r, nid = curves[n].nid;
|
||||
EC_GROUP *group;
|
||||
|
||||
if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) {
|
||||
TEST_info("Curve %s failed\n", OBJ_nid2sn(nid));
|
||||
return 0;
|
||||
}
|
||||
r = group_order_tests(group);
|
||||
EC_GROUP_free(group);
|
||||
return r;
|
||||
}
|
||||
|
||||
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
/*
|
||||
* nistp_test_params contains magic numbers for testing our optimized
|
||||
* implementations of several NIST curves with characteristic > 3.
|
||||
*/
|
||||
struct nistp_test_params {
|
||||
const EC_METHOD *(*meth) (void);
|
||||
int degree;
|
||||
/*
|
||||
* Qx, Qy and D are taken from
|
||||
* http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
|
||||
* Otherwise, values are standard curve parameters from FIPS 180-3
|
||||
*/
|
||||
const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
|
||||
};
|
||||
|
||||
static const struct nistp_test_params nistp_tests_params[] = {
|
||||
{
|
||||
/* P-224 */
|
||||
EC_GFp_nistp224_method,
|
||||
224,
|
||||
/* p */
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
|
||||
/* a */
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
|
||||
/* b */
|
||||
"B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
|
||||
/* Qx */
|
||||
"E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E",
|
||||
/* Qy */
|
||||
"4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555",
|
||||
/* Gx */
|
||||
"B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
|
||||
/* Gy */
|
||||
"BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
|
||||
/* order */
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
|
||||
/* d */
|
||||
"3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8",
|
||||
},
|
||||
{
|
||||
/* P-256 */
|
||||
EC_GFp_nistp256_method,
|
||||
256,
|
||||
/* p */
|
||||
"ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
|
||||
/* a */
|
||||
"ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
|
||||
/* b */
|
||||
"5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
|
||||
/* Qx */
|
||||
"b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19",
|
||||
/* Qy */
|
||||
"3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09",
|
||||
/* Gx */
|
||||
"6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
|
||||
/* Gy */
|
||||
"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
|
||||
/* order */
|
||||
"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
|
||||
/* d */
|
||||
"c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96",
|
||||
},
|
||||
{
|
||||
/* P-521 */
|
||||
EC_GFp_nistp521_method,
|
||||
521,
|
||||
/* p */
|
||||
"1ff"
|
||||
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
|
||||
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
|
||||
/* a */
|
||||
"1ff"
|
||||
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
|
||||
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
|
||||
/* b */
|
||||
"051"
|
||||
"953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e1"
|
||||
"56193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
|
||||
/* Qx */
|
||||
"0098"
|
||||
"e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e"
|
||||
"59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4",
|
||||
/* Qy */
|
||||
"0164"
|
||||
"350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8"
|
||||
"554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e",
|
||||
/* Gx */
|
||||
"c6"
|
||||
"858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dba"
|
||||
"a14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
|
||||
/* Gy */
|
||||
"118"
|
||||
"39296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c"
|
||||
"97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
|
||||
/* order */
|
||||
"1ff"
|
||||
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa"
|
||||
"51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
|
||||
/* d */
|
||||
"0100"
|
||||
"085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eee"
|
||||
"df09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722",
|
||||
},
|
||||
};
|
||||
|
||||
static int nistp_single_test(int idx)
|
||||
{
|
||||
const struct nistp_test_params *test = nistp_tests_params + idx;
|
||||
BN_CTX *ctx = NULL;
|
||||
BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL;
|
||||
BIGNUM *n = NULL, *m = NULL, *order = NULL, *yplusone = NULL;
|
||||
EC_GROUP *NISTP = NULL;
|
||||
EC_POINT *G = NULL, *P = NULL, *Q = NULL, *Q_CHECK = NULL;
|
||||
int r = 0;
|
||||
|
||||
TEST_note("NIST curve P-%d (optimised implementation):",
|
||||
test->degree);
|
||||
if (!TEST_ptr(ctx = BN_CTX_new())
|
||||
|| !TEST_ptr(p = BN_new())
|
||||
|| !TEST_ptr(a = BN_new())
|
||||
|| !TEST_ptr(b = BN_new())
|
||||
|| !TEST_ptr(x = BN_new())
|
||||
|| !TEST_ptr(y = BN_new())
|
||||
|| !TEST_ptr(m = BN_new())
|
||||
|| !TEST_ptr(n = BN_new())
|
||||
|| !TEST_ptr(order = BN_new())
|
||||
|| !TEST_ptr(yplusone = BN_new())
|
||||
|
||||
|| !TEST_ptr(NISTP = EC_GROUP_new(test->meth()))
|
||||
|| !TEST_true(BN_hex2bn(&p, test->p))
|
||||
|| !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
|
||||
|| !TEST_true(BN_hex2bn(&a, test->a))
|
||||
|| !TEST_true(BN_hex2bn(&b, test->b))
|
||||
|| !TEST_true(EC_GROUP_set_curve(NISTP, p, a, b, ctx))
|
||||
|| !TEST_ptr(G = EC_POINT_new(NISTP))
|
||||
|| !TEST_ptr(P = EC_POINT_new(NISTP))
|
||||
|| !TEST_ptr(Q = EC_POINT_new(NISTP))
|
||||
|| !TEST_ptr(Q_CHECK = EC_POINT_new(NISTP))
|
||||
|| !TEST_true(BN_hex2bn(&x, test->Qx))
|
||||
|| !TEST_true(BN_hex2bn(&y, test->Qy))
|
||||
|| !TEST_true(BN_add(yplusone, y, BN_value_one()))
|
||||
/*
|
||||
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
|
||||
* and therefore setting the coordinates should fail.
|
||||
*/
|
||||
|| !TEST_false(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x,
|
||||
yplusone, ctx))
|
||||
|| !TEST_true(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, y,
|
||||
ctx))
|
||||
|| !TEST_true(BN_hex2bn(&x, test->Gx))
|
||||
|| !TEST_true(BN_hex2bn(&y, test->Gy))
|
||||
|| !TEST_true(EC_POINT_set_affine_coordinates(NISTP, G, x, y, ctx))
|
||||
|| !TEST_true(BN_hex2bn(&order, test->order))
|
||||
|| !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
|
||||
|| !TEST_int_eq(EC_GROUP_get_degree(NISTP), test->degree))
|
||||
goto err;
|
||||
|
||||
TEST_note("NIST test vectors ... ");
|
||||
if (!TEST_true(BN_hex2bn(&n, test->d)))
|
||||
goto err;
|
||||
/* fixed point multiplication */
|
||||
EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
|
||||
if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
|
||||
goto err;
|
||||
/* random point multiplication */
|
||||
EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
|
||||
if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
|
||||
|
||||
/* set generator to P = 2*G, where G is the standard generator */
|
||||
|| !TEST_true(EC_POINT_dbl(NISTP, P, G, ctx))
|
||||
|| !TEST_true(EC_GROUP_set_generator(NISTP, P, order, BN_value_one()))
|
||||
/* set the scalar to m=n/2, where n is the NIST test scalar */
|
||||
|| !TEST_true(BN_rshift(m, n, 1)))
|
||||
goto err;
|
||||
|
||||
/* test the non-standard generator */
|
||||
/* fixed point multiplication */
|
||||
EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
|
||||
if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
|
||||
goto err;
|
||||
/* random point multiplication */
|
||||
EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
|
||||
if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
|
||||
|
||||
/*
|
||||
* We have not performed precomputation so have_precompute mult should be
|
||||
* false
|
||||
*/
|
||||
|| !TEST_false(EC_GROUP_have_precompute_mult(NISTP))
|
||||
|
||||
/* now repeat all tests with precomputation */
|
||||
|| !TEST_true(EC_GROUP_precompute_mult(NISTP, ctx))
|
||||
|| !TEST_true(EC_GROUP_have_precompute_mult(NISTP)))
|
||||
goto err;
|
||||
|
||||
/* fixed point multiplication */
|
||||
EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
|
||||
if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
|
||||
goto err;
|
||||
/* random point multiplication */
|
||||
EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
|
||||
if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
|
||||
|
||||
/* reset generator */
|
||||
|| !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one())))
|
||||
goto err;
|
||||
/* fixed point multiplication */
|
||||
EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
|
||||
if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
|
||||
goto err;
|
||||
/* random point multiplication */
|
||||
EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
|
||||
if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
|
||||
goto err;
|
||||
|
||||
/* regression test for felem_neg bug */
|
||||
if (!TEST_true(BN_set_word(m, 32))
|
||||
|| !TEST_true(BN_set_word(n, 31))
|
||||
|| !TEST_true(EC_POINT_copy(P, G))
|
||||
|| !TEST_true(EC_POINT_invert(NISTP, P, ctx))
|
||||
|| !TEST_true(EC_POINT_mul(NISTP, Q, m, P, n, ctx))
|
||||
|| !TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, G, ctx)))
|
||||
goto err;
|
||||
|
||||
r = group_order_tests(NISTP);
|
||||
err:
|
||||
EC_GROUP_free(NISTP);
|
||||
EC_POINT_free(G);
|
||||
EC_POINT_free(P);
|
||||
EC_POINT_free(Q);
|
||||
EC_POINT_free(Q_CHECK);
|
||||
BN_free(n);
|
||||
BN_free(m);
|
||||
BN_free(p);
|
||||
BN_free(a);
|
||||
BN_free(b);
|
||||
BN_free(x);
|
||||
BN_free(y);
|
||||
BN_free(order);
|
||||
BN_free(yplusone);
|
||||
BN_CTX_free(ctx);
|
||||
return r;
|
||||
}
|
||||
|
||||
/*
|
||||
* Tests a point known to cause an incorrect underflow in an old version of
|
||||
* ecp_nist521.c
|
||||
*/
|
||||
static int underflow_test(void)
|
||||
{
|
||||
BN_CTX *ctx = NULL;
|
||||
EC_GROUP *grp = NULL;
|
||||
EC_POINT *P = NULL, *Q = NULL, *R = NULL;
|
||||
BIGNUM *x1 = NULL, *y1 = NULL, *z1 = NULL, *x2 = NULL, *y2 = NULL;
|
||||
BIGNUM *k = NULL;
|
||||
int testresult = 0;
|
||||
const char *x1str =
|
||||
"1534f0077fffffe87e9adcfe000000000000000000003e05a21d2400002e031b1f4"
|
||||
"b80000c6fafa4f3c1288798d624a247b5e2ffffffffffffffefe099241900004";
|
||||
const char *p521m1 =
|
||||
"1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
|
||||
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe";
|
||||
|
||||
ctx = BN_CTX_new();
|
||||
if (!TEST_ptr(ctx))
|
||||
return 0;
|
||||
|
||||
BN_CTX_start(ctx);
|
||||
x1 = BN_CTX_get(ctx);
|
||||
y1 = BN_CTX_get(ctx);
|
||||
z1 = BN_CTX_get(ctx);
|
||||
x2 = BN_CTX_get(ctx);
|
||||
y2 = BN_CTX_get(ctx);
|
||||
k = BN_CTX_get(ctx);
|
||||
if (!TEST_ptr(k))
|
||||
goto err;
|
||||
|
||||
grp = EC_GROUP_new_by_curve_name(NID_secp521r1);
|
||||
P = EC_POINT_new(grp);
|
||||
Q = EC_POINT_new(grp);
|
||||
R = EC_POINT_new(grp);
|
||||
if (!TEST_ptr(grp) || !TEST_ptr(P) || !TEST_ptr(Q) || !TEST_ptr(R))
|
||||
goto err;
|
||||
|
||||
if (!TEST_int_gt(BN_hex2bn(&x1, x1str), 0)
|
||||
|| !TEST_int_gt(BN_hex2bn(&y1, p521m1), 0)
|
||||
|| !TEST_int_gt(BN_hex2bn(&z1, p521m1), 0)
|
||||
|| !TEST_int_gt(BN_hex2bn(&k, "02"), 0)
|
||||
|| !TEST_true(EC_POINT_set_Jprojective_coordinates_GFp(grp, P, x1,
|
||||
y1, z1, ctx))
|
||||
|| !TEST_true(EC_POINT_mul(grp, Q, NULL, P, k, ctx))
|
||||
|| !TEST_true(EC_POINT_get_affine_coordinates(grp, Q, x1, y1, ctx))
|
||||
|| !TEST_true(EC_POINT_dbl(grp, R, P, ctx))
|
||||
|| !TEST_true(EC_POINT_get_affine_coordinates(grp, R, x2, y2, ctx)))
|
||||
goto err;
|
||||
|
||||
if (!TEST_int_eq(BN_cmp(x1, x2), 0)
|
||||
|| !TEST_int_eq(BN_cmp(y1, y2), 0))
|
||||
goto err;
|
||||
|
||||
testresult = 1;
|
||||
|
||||
err:
|
||||
BN_CTX_end(ctx);
|
||||
EC_POINT_free(P);
|
||||
EC_POINT_free(Q);
|
||||
EC_POINT_free(R);
|
||||
EC_GROUP_free(grp);
|
||||
BN_CTX_free(ctx);
|
||||
|
||||
return testresult;
|
||||
}
|
||||
# endif
|
||||
|
||||
static const unsigned char p521_named[] = {
|
||||
0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23,
|
||||
};
|
||||
|
||||
static const unsigned char p521_explicit[] = {
|
||||
0x30, 0x82, 0x01, 0xc3, 0x02, 0x01, 0x01, 0x30, 0x4d, 0x06, 0x07, 0x2a,
|
||||
0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x42, 0x01, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0x30, 0x81, 0x9f, 0x04, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xfc, 0x04, 0x42, 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, 0x9a,
|
||||
0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, 0x40, 0xee, 0xa2, 0xda, 0x72,
|
||||
0x5b, 0x99, 0xb3, 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1, 0x09,
|
||||
0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, 0x93, 0x7b, 0x16, 0x52, 0xc0,
|
||||
0xbd, 0x3b, 0xb1, 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, 0x34,
|
||||
0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50, 0x3f, 0x00, 0x03, 0x15, 0x00,
|
||||
0xd0, 0x9e, 0x88, 0x00, 0x29, 0x1c, 0xb8, 0x53, 0x96, 0xcc, 0x67, 0x17,
|
||||
0x39, 0x32, 0x84, 0xaa, 0xa0, 0xda, 0x64, 0xba, 0x04, 0x81, 0x85, 0x04,
|
||||
0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, 0xe9, 0xcd, 0x9e, 0x3e,
|
||||
0xcb, 0x66, 0x23, 0x95, 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f,
|
||||
0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d, 0x3d, 0xba, 0xa1, 0x4b,
|
||||
0x5e, 0x77, 0xef, 0xe7, 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff,
|
||||
0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, 0x42, 0x9b, 0xf9, 0x7e,
|
||||
0x7e, 0x31, 0xc2, 0xe5, 0xbd, 0x66, 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78,
|
||||
0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9,
|
||||
0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17,
|
||||
0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40,
|
||||
0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86,
|
||||
0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
|
||||
0x02, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfa,
|
||||
0x51, 0x86, 0x87, 0x83, 0xbf, 0x2f, 0x96, 0x6b, 0x7f, 0xcc, 0x01, 0x48,
|
||||
0xf7, 0x09, 0xa5, 0xd0, 0x3b, 0xb5, 0xc9, 0xb8, 0x89, 0x9c, 0x47, 0xae,
|
||||
0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01,
|
||||
};
|
||||
|
||||
static int parameter_test(void)
|
||||
{
|
||||
EC_GROUP *group = NULL, *group2 = NULL;
|
||||
ECPARAMETERS *ecparameters = NULL;
|
||||
unsigned char *buf = NULL;
|
||||
int r = 0, len;
|
||||
|
||||
if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp384r1))
|
||||
|| !TEST_ptr(ecparameters = EC_GROUP_get_ecparameters(group, NULL))
|
||||
|| !TEST_ptr(group2 = EC_GROUP_new_from_ecparameters(ecparameters))
|
||||
|| !TEST_int_eq(EC_GROUP_cmp(group, group2, NULL), 0))
|
||||
goto err;
|
||||
|
||||
EC_GROUP_free(group);
|
||||
group = NULL;
|
||||
|
||||
/* Test the named curve encoding, which should be default. */
|
||||
if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp521r1))
|
||||
|| !TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0)
|
||||
|| !TEST_mem_eq(buf, len, p521_named, sizeof(p521_named)))
|
||||
goto err;
|
||||
|
||||
OPENSSL_free(buf);
|
||||
buf = NULL;
|
||||
|
||||
/*
|
||||
* Test the explicit encoding. P-521 requires correctly zero-padding the
|
||||
* curve coefficients.
|
||||
*/
|
||||
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
|
||||
if (!TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0)
|
||||
|| !TEST_mem_eq(buf, len, p521_explicit, sizeof(p521_explicit)))
|
||||
goto err;
|
||||
|
||||
r = 1;
|
||||
err:
|
||||
EC_GROUP_free(group);
|
||||
EC_GROUP_free(group2);
|
||||
ECPARAMETERS_free(ecparameters);
|
||||
OPENSSL_free(buf);
|
||||
return r;
|
||||
}
|
||||
#endif
|
||||
|
||||
int setup_tests(void)
|
||||
{
|
||||
#ifndef OPENSSL_NO_EC
|
||||
crv_len = EC_get_builtin_curves(NULL, 0);
|
||||
if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len))
|
||||
|| !TEST_true(EC_get_builtin_curves(curves, crv_len)))
|
||||
return 0;
|
||||
|
||||
ADD_TEST(parameter_test);
|
||||
ADD_TEST(prime_field_tests);
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
ADD_TEST(char2_field_tests);
|
||||
ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests));
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
ADD_ALL_TESTS(nistp_single_test, OSSL_NELEM(nistp_tests_params));
|
||||
ADD_TEST(underflow_test);
|
||||
# endif
|
||||
ADD_ALL_TESTS(internal_curve_test, crv_len);
|
||||
ADD_ALL_TESTS(internal_curve_test_method, crv_len);
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
|
||||
void cleanup_tests(void)
|
||||
{
|
||||
#ifndef OPENSSL_NO_EC
|
||||
OPENSSL_free(curves);
|
||||
#endif
|
||||
}
|
40
SOURCES/hobble-openssl
Executable file
40
SOURCES/hobble-openssl
Executable file
@ -0,0 +1,40 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Quit out if anything fails.
|
||||
set -e
|
||||
|
||||
# Clean out patent-or-otherwise-encumbered code.
|
||||
# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
|
||||
# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore
|
||||
# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore
|
||||
# EC: ????????? ??/??/2020
|
||||
# SRP: ????????? ??/??/2017 - expired, we do not remove it anymore
|
||||
|
||||
# Remove assembler portions of IDEA, MDC2, and RC5.
|
||||
# (find crypto/rc5/asm -type f | xargs -r rm -fv)
|
||||
|
||||
for c in `find crypto/bn -name "*gf2m.c"`; do
|
||||
echo Destroying $c
|
||||
> $c
|
||||
done
|
||||
|
||||
for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c"`; do
|
||||
echo Destroying $c
|
||||
> $c
|
||||
done
|
||||
|
||||
for c in `find test -name "ectest.c"`; do
|
||||
echo Destroying $c
|
||||
> $c
|
||||
done
|
||||
|
||||
for h in `find crypto ssl apps test -name "*.h"` ; do
|
||||
echo Removing EC2M references from $h
|
||||
cat $h | \
|
||||
awk 'BEGIN {ech=1;} \
|
||||
/^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
|
||||
/^#[ \t]*if/ {if(ech < 1) ech--;} \
|
||||
{if(ech>0) {;print $0};} \
|
||||
/^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
|
||||
mv $h.hobbled $h
|
||||
done
|
28
SOURCES/make-dummy-cert
Executable file
28
SOURCES/make-dummy-cert
Executable file
@ -0,0 +1,28 @@
|
||||
#!/bin/sh
|
||||
umask 077
|
||||
|
||||
answers() {
|
||||
echo --
|
||||
echo SomeState
|
||||
echo SomeCity
|
||||
echo SomeOrganization
|
||||
echo SomeOrganizationalUnit
|
||||
echo localhost.localdomain
|
||||
echo root@localhost.localdomain
|
||||
}
|
||||
|
||||
if [ $# -eq 0 ] ; then
|
||||
echo $"Usage: `basename $0` filename [...]"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
for target in $@ ; do
|
||||
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX`
|
||||
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX`
|
||||
trap "rm -f $PEM1 $PEM2" SIGINT
|
||||
answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null
|
||||
cat $PEM1 > ${target}
|
||||
echo "" >> ${target}
|
||||
cat $PEM2 >> ${target}
|
||||
rm -f $PEM1 $PEM2
|
||||
done
|
11
SOURCES/openssl-1.1.0-issuer-hash.patch
Normal file
11
SOURCES/openssl-1.1.0-issuer-hash.patch
Normal file
@ -0,0 +1,11 @@
|
||||
diff -up openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash openssl-1.1.0-pre5/crypto/x509/x509_cmp.c
|
||||
--- openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash 2016-07-18 15:16:32.788881100 +0200
|
||||
+++ openssl-1.1.0-pre5/crypto/x509/x509_cmp.c 2016-07-18 15:17:16.671871840 +0200
|
||||
@@ -87,6 +87,7 @@ unsigned long X509_issuer_and_serial_has
|
||||
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
||||
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
|
||||
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
|
||||
goto err;
|
12
SOURCES/openssl-1.1.0-no-html.patch
Normal file
12
SOURCES/openssl-1.1.0-no-html.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -up openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.nohtml openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl
|
||||
--- openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.no-html 2016-04-19 16:57:52.000000000 +0200
|
||||
+++ openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl 2016-07-18 13:58:55.060106243 +0200
|
||||
@@ -288,7 +288,7 @@ install_sw: all install_dev install_engi
|
||||
|
||||
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
|
||||
|
||||
-install_docs: install_man_docs install_html_docs
|
||||
+install_docs: install_man_docs
|
||||
|
||||
uninstall_docs: uninstall_man_docs uninstall_html_docs
|
||||
$(RM) -r -v $(DESTDIR)$(DOCDIR)
|
12
SOURCES/openssl-1.1.1-apps-dgst.patch
Normal file
12
SOURCES/openssl-1.1.1-apps-dgst.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -up openssl-1.1.1b/apps/ca.c.dgst openssl-1.1.1b/apps/ca.c
|
||||
--- openssl-1.1.1b/apps/ca.c.dgst 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/apps/ca.c 2019-03-15 15:53:46.622267688 +0100
|
||||
@@ -169,7 +169,7 @@ const OPTIONS ca_options[] = {
|
||||
{"enddate", OPT_ENDDATE, 's',
|
||||
"YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
|
||||
{"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
|
||||
- {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
|
||||
+ {"md", OPT_MD, 's', "md to use; see openssl help for list"},
|
||||
{"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
|
||||
{"keyfile", OPT_KEYFILE, 's', "Private key"},
|
||||
{"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},
|
40
SOURCES/openssl-1.1.1-build.patch
Normal file
40
SOURCES/openssl-1.1.1-build.patch
Normal file
@ -0,0 +1,40 @@
|
||||
diff -up openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl
|
||||
--- openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build 2018-06-20 16:48:09.000000000 +0200
|
||||
+++ openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl 2018-07-16 17:15:38.108831031 +0200
|
||||
@@ -680,7 +680,7 @@ uninstall_runtime:
|
||||
install_man_docs:
|
||||
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
|
||||
@$(ECHO) "*** Installing manpages"
|
||||
- $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||
+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||
--destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX)
|
||||
|
||||
uninstall_man_docs:
|
||||
@@ -692,7 +692,7 @@ uninstall_man_docs:
|
||||
install_html_docs:
|
||||
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
|
||||
@$(ECHO) "*** Installing HTML manpages"
|
||||
- $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||
+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||
--destdir=$(DESTDIR)$(HTMLDIR) --type=html
|
||||
|
||||
uninstall_html_docs:
|
||||
diff -up openssl-1.1.1-pre8/Configurations/10-main.conf.build openssl-1.1.1-pre8/Configurations/10-main.conf
|
||||
--- openssl-1.1.1-pre8/Configurations/10-main.conf.build 2018-06-20 16:48:09.000000000 +0200
|
||||
+++ openssl-1.1.1-pre8/Configurations/10-main.conf 2018-07-16 17:17:10.312045203 +0200
|
||||
@@ -693,6 +693,7 @@ my %targets = (
|
||||
cxxflags => add("-m64"),
|
||||
lib_cppflags => add("-DL_ENDIAN"),
|
||||
perlasm_scheme => "linux64le",
|
||||
+ multilib => "64",
|
||||
},
|
||||
|
||||
"linux-armv4" => {
|
||||
@@ -733,6 +734,7 @@ my %targets = (
|
||||
"linux-aarch64" => {
|
||||
inherit_from => [ "linux-generic64", asm("aarch64_asm") ],
|
||||
perlasm_scheme => "linux64",
|
||||
+ multilib => "64",
|
||||
},
|
||||
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
|
||||
inherit_from => [ "linux-generic32", asm("aarch64_asm") ],
|
56
SOURCES/openssl-1.1.1-conf-paths.patch
Normal file
56
SOURCES/openssl-1.1.1-conf-paths.patch
Normal file
@ -0,0 +1,56 @@
|
||||
diff -up openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths openssl-1.1.1-pre8/apps/CA.pl.in
|
||||
--- openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths 2018-06-20 16:48:09.000000000 +0200
|
||||
+++ openssl-1.1.1-pre8/apps/CA.pl.in 2018-07-25 17:26:58.388624296 +0200
|
||||
@@ -33,7 +33,7 @@ my $X509 = "$openssl x509";
|
||||
my $PKCS12 = "$openssl pkcs12";
|
||||
|
||||
# default openssl.cnf file has setup as per the following
|
||||
-my $CATOP = "./demoCA";
|
||||
+my $CATOP = "/etc/pki/CA";
|
||||
my $CAKEY = "cakey.pem";
|
||||
my $CAREQ = "careq.pem";
|
||||
my $CACERT = "cacert.pem";
|
||||
diff -up openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths openssl-1.1.1-pre8/apps/openssl.cnf
|
||||
--- openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths 2018-07-25 17:26:58.378624057 +0200
|
||||
+++ openssl-1.1.1-pre8/apps/openssl.cnf 2018-07-27 13:20:08.198513471 +0200
|
||||
@@ -23,6 +23,22 @@ oid_section = new_oids
|
||||
# (Alternatively, use a configuration file that has only
|
||||
# X.509v3 extensions in its main [= default] section.)
|
||||
|
||||
+# Load default TLS policy configuration
|
||||
+
|
||||
+openssl_conf = default_modules
|
||||
+
|
||||
+[ default_modules ]
|
||||
+
|
||||
+ssl_conf = ssl_module
|
||||
+
|
||||
+[ ssl_module ]
|
||||
+
|
||||
+system_default = crypto_policy
|
||||
+
|
||||
+[ crypto_policy ]
|
||||
+
|
||||
+.include /etc/crypto-policies/back-ends/opensslcnf.config
|
||||
+
|
||||
[ new_oids ]
|
||||
|
||||
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
|
||||
@@ -43,7 +59,7 @@ default_ca = CA_default # The default c
|
||||
####################################################################
|
||||
[ CA_default ]
|
||||
|
||||
-dir = ./demoCA # Where everything is kept
|
||||
+dir = /etc/pki/CA # Where everything is kept
|
||||
certs = $dir/certs # Where the issued certs are kept
|
||||
crl_dir = $dir/crl # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
||||
@@ -329,7 +345,7 @@ default_tsa = tsa_config1 # the default
|
||||
[ tsa_config1 ]
|
||||
|
||||
# These are used by the TSA reply generation only.
|
||||
-dir = ./demoCA # TSA root directory
|
||||
+dir = /etc/pki/CA # TSA root directory
|
||||
serial = $dir/tsaserial # The current serial number (mandatory)
|
||||
crypto_device = builtin # OpenSSL engine to use for signing
|
||||
signer_cert = $dir/tsacert.pem # The TSA signing certificate
|
51
SOURCES/openssl-1.1.1-defaults.patch
Normal file
51
SOURCES/openssl-1.1.1-defaults.patch
Normal file
@ -0,0 +1,51 @@
|
||||
diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cnf
|
||||
--- openssl-1.1.1a/apps/openssl.cnf.defaults 2018-11-20 14:35:37.000000000 +0100
|
||||
+++ openssl-1.1.1a/apps/openssl.cnf 2019-01-15 13:56:50.841719776 +0100
|
||||
@@ -74,7 +74,7 @@ cert_opt = ca_default # Certificate fi
|
||||
|
||||
default_days = 365 # how long to certify for
|
||||
default_crl_days= 30 # how long before next CRL
|
||||
-default_md = default # use public key default MD
|
||||
+default_md = sha256 # use SHA-256 by default
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
# A few difference way of specifying how similar the request should look
|
||||
@@ -106,6 +106,7 @@ emailAddress = optional
|
||||
####################################################################
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
+default_md = sha256
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
@@ -128,17 +129,18 @@ string_mask = utf8only
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
-countryName_default = AU
|
||||
+countryName_default = XX
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
-stateOrProvinceName_default = Some-State
|
||||
+#stateOrProvinceName_default = Default Province
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
+localityName_default = Default City
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
-0.organizationName_default = Internet Widgits Pty Ltd
|
||||
+0.organizationName_default = Default Company Ltd
|
||||
|
||||
# we can do this but it is not needed normally :-)
|
||||
#1.organizationName = Second Organization Name (eg, company)
|
||||
@@ -147,7 +149,7 @@ localityName = Locality Name (eg, city
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
#organizationalUnitName_default =
|
||||
|
||||
-commonName = Common Name (e.g. server FQDN or YOUR name)
|
||||
+commonName = Common Name (eg, your name or your server\'s hostname)
|
||||
commonName_max = 64
|
||||
|
||||
emailAddress = Email Address
|
210
SOURCES/openssl-1.1.1-ec-curves.patch
Normal file
210
SOURCES/openssl-1.1.1-ec-curves.patch
Normal file
@ -0,0 +1,210 @@
|
||||
diff -up openssl-1.1.1c/apps/speed.c.curves openssl-1.1.1c/apps/speed.c
|
||||
--- openssl-1.1.1c/apps/speed.c.curves 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/apps/speed.c 2019-05-29 15:36:53.332224470 +0200
|
||||
@@ -490,90 +490,30 @@ static double rsa_results[RSA_NUM][2];
|
||||
#endif /* OPENSSL_NO_RSA */
|
||||
|
||||
enum {
|
||||
- R_EC_P160,
|
||||
- R_EC_P192,
|
||||
R_EC_P224,
|
||||
R_EC_P256,
|
||||
R_EC_P384,
|
||||
R_EC_P521,
|
||||
-#ifndef OPENSSL_NO_EC2M
|
||||
- R_EC_K163,
|
||||
- R_EC_K233,
|
||||
- R_EC_K283,
|
||||
- R_EC_K409,
|
||||
- R_EC_K571,
|
||||
- R_EC_B163,
|
||||
- R_EC_B233,
|
||||
- R_EC_B283,
|
||||
- R_EC_B409,
|
||||
- R_EC_B571,
|
||||
-#endif
|
||||
- R_EC_BRP256R1,
|
||||
- R_EC_BRP256T1,
|
||||
- R_EC_BRP384R1,
|
||||
- R_EC_BRP384T1,
|
||||
- R_EC_BRP512R1,
|
||||
- R_EC_BRP512T1,
|
||||
R_EC_X25519,
|
||||
R_EC_X448
|
||||
};
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
static OPT_PAIR ecdsa_choices[] = {
|
||||
- {"ecdsap160", R_EC_P160},
|
||||
- {"ecdsap192", R_EC_P192},
|
||||
{"ecdsap224", R_EC_P224},
|
||||
{"ecdsap256", R_EC_P256},
|
||||
{"ecdsap384", R_EC_P384},
|
||||
{"ecdsap521", R_EC_P521},
|
||||
-# ifndef OPENSSL_NO_EC2M
|
||||
- {"ecdsak163", R_EC_K163},
|
||||
- {"ecdsak233", R_EC_K233},
|
||||
- {"ecdsak283", R_EC_K283},
|
||||
- {"ecdsak409", R_EC_K409},
|
||||
- {"ecdsak571", R_EC_K571},
|
||||
- {"ecdsab163", R_EC_B163},
|
||||
- {"ecdsab233", R_EC_B233},
|
||||
- {"ecdsab283", R_EC_B283},
|
||||
- {"ecdsab409", R_EC_B409},
|
||||
- {"ecdsab571", R_EC_B571},
|
||||
-# endif
|
||||
- {"ecdsabrp256r1", R_EC_BRP256R1},
|
||||
- {"ecdsabrp256t1", R_EC_BRP256T1},
|
||||
- {"ecdsabrp384r1", R_EC_BRP384R1},
|
||||
- {"ecdsabrp384t1", R_EC_BRP384T1},
|
||||
- {"ecdsabrp512r1", R_EC_BRP512R1},
|
||||
- {"ecdsabrp512t1", R_EC_BRP512T1}
|
||||
};
|
||||
# define ECDSA_NUM OSSL_NELEM(ecdsa_choices)
|
||||
|
||||
static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
|
||||
|
||||
static const OPT_PAIR ecdh_choices[] = {
|
||||
- {"ecdhp160", R_EC_P160},
|
||||
- {"ecdhp192", R_EC_P192},
|
||||
{"ecdhp224", R_EC_P224},
|
||||
{"ecdhp256", R_EC_P256},
|
||||
{"ecdhp384", R_EC_P384},
|
||||
{"ecdhp521", R_EC_P521},
|
||||
-# ifndef OPENSSL_NO_EC2M
|
||||
- {"ecdhk163", R_EC_K163},
|
||||
- {"ecdhk233", R_EC_K233},
|
||||
- {"ecdhk283", R_EC_K283},
|
||||
- {"ecdhk409", R_EC_K409},
|
||||
- {"ecdhk571", R_EC_K571},
|
||||
- {"ecdhb163", R_EC_B163},
|
||||
- {"ecdhb233", R_EC_B233},
|
||||
- {"ecdhb283", R_EC_B283},
|
||||
- {"ecdhb409", R_EC_B409},
|
||||
- {"ecdhb571", R_EC_B571},
|
||||
-# endif
|
||||
- {"ecdhbrp256r1", R_EC_BRP256R1},
|
||||
- {"ecdhbrp256t1", R_EC_BRP256T1},
|
||||
- {"ecdhbrp384r1", R_EC_BRP384R1},
|
||||
- {"ecdhbrp384t1", R_EC_BRP384T1},
|
||||
- {"ecdhbrp512r1", R_EC_BRP512R1},
|
||||
- {"ecdhbrp512t1", R_EC_BRP512T1},
|
||||
{"ecdhx25519", R_EC_X25519},
|
||||
{"ecdhx448", R_EC_X448}
|
||||
};
|
||||
@@ -1504,31 +1444,10 @@ int speed_main(int argc, char **argv)
|
||||
unsigned int bits;
|
||||
} test_curves[] = {
|
||||
/* Prime Curves */
|
||||
- {"secp160r1", NID_secp160r1, 160},
|
||||
- {"nistp192", NID_X9_62_prime192v1, 192},
|
||||
{"nistp224", NID_secp224r1, 224},
|
||||
{"nistp256", NID_X9_62_prime256v1, 256},
|
||||
{"nistp384", NID_secp384r1, 384},
|
||||
{"nistp521", NID_secp521r1, 521},
|
||||
-# ifndef OPENSSL_NO_EC2M
|
||||
- /* Binary Curves */
|
||||
- {"nistk163", NID_sect163k1, 163},
|
||||
- {"nistk233", NID_sect233k1, 233},
|
||||
- {"nistk283", NID_sect283k1, 283},
|
||||
- {"nistk409", NID_sect409k1, 409},
|
||||
- {"nistk571", NID_sect571k1, 571},
|
||||
- {"nistb163", NID_sect163r2, 163},
|
||||
- {"nistb233", NID_sect233r1, 233},
|
||||
- {"nistb283", NID_sect283r1, 283},
|
||||
- {"nistb409", NID_sect409r1, 409},
|
||||
- {"nistb571", NID_sect571r1, 571},
|
||||
-# endif
|
||||
- {"brainpoolP256r1", NID_brainpoolP256r1, 256},
|
||||
- {"brainpoolP256t1", NID_brainpoolP256t1, 256},
|
||||
- {"brainpoolP384r1", NID_brainpoolP384r1, 384},
|
||||
- {"brainpoolP384t1", NID_brainpoolP384t1, 384},
|
||||
- {"brainpoolP512r1", NID_brainpoolP512r1, 512},
|
||||
- {"brainpoolP512t1", NID_brainpoolP512t1, 512},
|
||||
/* Other and ECDH only ones */
|
||||
{"X25519", NID_X25519, 253},
|
||||
{"X448", NID_X448, 448}
|
||||
@@ -2028,9 +1947,9 @@ int speed_main(int argc, char **argv)
|
||||
# endif
|
||||
|
||||
# ifndef OPENSSL_NO_EC
|
||||
- ecdsa_c[R_EC_P160][0] = count / 1000;
|
||||
- ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
|
||||
- for (i = R_EC_P192; i <= R_EC_P521; i++) {
|
||||
+ ecdsa_c[R_EC_P224][0] = count / 1000;
|
||||
+ ecdsa_c[R_EC_P224][1] = count / 1000 / 2;
|
||||
+ for (i = R_EC_P256; i <= R_EC_P521; i++) {
|
||||
ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
|
||||
ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
|
||||
if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
|
||||
@@ -2042,7 +1961,7 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
}
|
||||
-# ifndef OPENSSL_NO_EC2M
|
||||
+# if 0
|
||||
ecdsa_c[R_EC_K163][0] = count / 1000;
|
||||
ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
|
||||
for (i = R_EC_K233; i <= R_EC_K571; i++) {
|
||||
@@ -2073,8 +1992,8 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
# endif
|
||||
|
||||
- ecdh_c[R_EC_P160][0] = count / 1000;
|
||||
- for (i = R_EC_P192; i <= R_EC_P521; i++) {
|
||||
+ ecdh_c[R_EC_P224][0] = count / 1000;
|
||||
+ for (i = R_EC_P256; i <= R_EC_P521; i++) {
|
||||
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
|
||||
if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
|
||||
ecdh_doit[i] = 0;
|
||||
@@ -2084,7 +2003,7 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
}
|
||||
-# ifndef OPENSSL_NO_EC2M
|
||||
+# if 0
|
||||
ecdh_c[R_EC_K163][0] = count / 1000;
|
||||
for (i = R_EC_K233; i <= R_EC_K571; i++) {
|
||||
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
|
||||
diff -up openssl-1.1.1c/crypto/ec/ecp_smpl.c.curves openssl-1.1.1c/crypto/ec/ecp_smpl.c
|
||||
--- openssl-1.1.1c/crypto/ec/ecp_smpl.c.curves 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/ec/ecp_smpl.c 2019-05-29 15:30:09.071349520 +0200
|
||||
@@ -145,6 +145,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ if (BN_num_bits(p) < 224) {
|
||||
+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
if (ctx == NULL) {
|
||||
ctx = new_ctx = BN_CTX_new();
|
||||
if (ctx == NULL)
|
||||
diff -up openssl-1.1.1c/test/ecdsatest.h.curves openssl-1.1.1c/test/ecdsatest.h
|
||||
--- openssl-1.1.1c/test/ecdsatest.h.curves 2019-05-29 15:30:09.010350595 +0200
|
||||
+++ openssl-1.1.1c/test/ecdsatest.h 2019-05-29 15:41:24.586444294 +0200
|
||||
@@ -32,23 +32,6 @@ typedef struct {
|
||||
} ecdsa_cavs_kat_t;
|
||||
|
||||
static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
|
||||
- /* prime KATs from X9.62 */
|
||||
- {NID_X9_62_prime192v1, NID_sha1,
|
||||
- "616263", /* "abc" */
|
||||
- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
|
||||
- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
|
||||
- "5ca5c0d69716dfcb3474373902",
|
||||
- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
|
||||
- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
|
||||
- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
|
||||
- {NID_X9_62_prime239v1, NID_sha1,
|
||||
- "616263", /* "abc" */
|
||||
- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
|
||||
- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
|
||||
- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
|
||||
- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
|
||||
- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
|
||||
- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
|
||||
/* prime KATs from NIST CAVP */
|
||||
{NID_secp224r1, NID_sha224,
|
||||
"699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
|
5262
SOURCES/openssl-1.1.1-evp-kdf.patch
Normal file
5262
SOURCES/openssl-1.1.1-evp-kdf.patch
Normal file
File diff suppressed because it is too large
Load Diff
407
SOURCES/openssl-1.1.1-fips-crng-test.patch
Normal file
407
SOURCES/openssl-1.1.1-fips-crng-test.patch
Normal file
@ -0,0 +1,407 @@
|
||||
diff -up openssl-1.1.1b/crypto/include/internal/rand_int.h.crng-test openssl-1.1.1b/crypto/include/internal/rand_int.h
|
||||
--- openssl-1.1.1b/crypto/include/internal/rand_int.h.crng-test 2019-05-07 08:56:33.242179136 +0200
|
||||
+++ openssl-1.1.1b/crypto/include/internal/rand_int.h 2019-05-07 09:54:14.920204875 +0200
|
||||
@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN
|
||||
|
||||
void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
|
||||
|
||||
+/* CRNG test entropy filter callbacks. */
|
||||
+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
|
||||
+ unsigned char **pout,
|
||||
+ int entropy, size_t min_len, size_t max_len,
|
||||
+ int prediction_resistance);
|
||||
+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
|
||||
+ unsigned char *out, size_t outlen);
|
||||
+
|
||||
/*
|
||||
* RAND_POOL functions
|
||||
*/
|
||||
diff -up openssl-1.1.1b/crypto/rand/build.info.crng-test openssl-1.1.1b/crypto/rand/build.info
|
||||
--- openssl-1.1.1b/crypto/rand/build.info.crng-test 2019-05-07 09:54:14.921204857 +0200
|
||||
+++ openssl-1.1.1b/crypto/rand/build.info 2019-05-07 09:55:22.730014705 +0200
|
||||
@@ -1,4 +1,4 @@
|
||||
LIBS=../../libcrypto
|
||||
SOURCE[../../libcrypto]=\
|
||||
- randfile.c rand_lib.c rand_err.c rand_egd.c \
|
||||
+ randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
|
||||
rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
|
||||
diff -up openssl-1.1.1b/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1b/crypto/rand/drbg_lib.c
|
||||
--- openssl-1.1.1b/crypto/rand/drbg_lib.c.crng-test 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/rand/drbg_lib.c 2019-05-07 10:04:51.753157224 +0200
|
||||
@@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg;
|
||||
|
||||
|
||||
/* NIST SP 800-90A DRBG recommends the use of a personalization string. */
|
||||
-static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
|
||||
+static const char ossl_pers_string[] = DRBG_DEFAULT_PERS_STRING;
|
||||
|
||||
static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
|
||||
|
||||
@@ -201,8 +201,13 @@ static RAND_DRBG *rand_drbg_new(int secu
|
||||
drbg->parent = parent;
|
||||
|
||||
if (parent == NULL) {
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+ drbg->get_entropy = rand_crngt_get_entropy;
|
||||
+ drbg->cleanup_entropy = rand_crngt_cleanup_entropy;
|
||||
+#else
|
||||
drbg->get_entropy = rand_drbg_get_entropy;
|
||||
drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
|
||||
+#endif
|
||||
#ifndef RAND_DRBG_GET_RANDOM_NONCE
|
||||
drbg->get_nonce = rand_drbg_get_nonce;
|
||||
drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
|
||||
diff -up openssl-1.1.1b/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1b/crypto/rand/rand_crng_test.c
|
||||
--- openssl-1.1.1b/crypto/rand/rand_crng_test.c.crng-test 2019-05-07 09:54:14.925204787 +0200
|
||||
+++ openssl-1.1.1b/crypto/rand/rand_crng_test.c 2019-05-07 09:54:14.932204664 +0200
|
||||
@@ -0,0 +1,118 @@
|
||||
+/*
|
||||
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
+ *
|
||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+/*
|
||||
+ * Implementation of the FIPS 140-2 section 4.9.2 Conditional Tests.
|
||||
+ */
|
||||
+
|
||||
+#include <string.h>
|
||||
+#include <openssl/evp.h>
|
||||
+#include "internal/rand_int.h"
|
||||
+#include "internal/thread_once.h"
|
||||
+#include "rand_lcl.h"
|
||||
+
|
||||
+static RAND_POOL *crngt_pool;
|
||||
+static unsigned char crngt_prev[EVP_MAX_MD_SIZE];
|
||||
+
|
||||
+int (*crngt_get_entropy)(unsigned char *, unsigned char *, unsigned int *)
|
||||
+ = &rand_crngt_get_entropy_cb;
|
||||
+
|
||||
+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
|
||||
+ unsigned int *md_size)
|
||||
+{
|
||||
+ int r;
|
||||
+ size_t n;
|
||||
+ unsigned char *p;
|
||||
+
|
||||
+ n = rand_pool_acquire_entropy(crngt_pool);
|
||||
+ if (n >= CRNGT_BUFSIZ) {
|
||||
+ p = rand_pool_detach(crngt_pool);
|
||||
+ r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
|
||||
+ if (r != 0)
|
||||
+ memcpy(buf, p, CRNGT_BUFSIZ);
|
||||
+ rand_pool_reattach(crngt_pool, p);
|
||||
+ return r;
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+void rand_crngt_cleanup(void)
|
||||
+{
|
||||
+ rand_pool_free(crngt_pool);
|
||||
+ crngt_pool = NULL;
|
||||
+}
|
||||
+
|
||||
+int rand_crngt_init(void)
|
||||
+{
|
||||
+ unsigned char buf[CRNGT_BUFSIZ];
|
||||
+
|
||||
+ if ((crngt_pool = rand_pool_new(0, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL)
|
||||
+ return 0;
|
||||
+ if (crngt_get_entropy(buf, crngt_prev, NULL)) {
|
||||
+ OPENSSL_cleanse(buf, sizeof(buf));
|
||||
+ return 1;
|
||||
+ }
|
||||
+ rand_crngt_cleanup();
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static CRYPTO_ONCE rand_crngt_init_flag = CRYPTO_ONCE_STATIC_INIT;
|
||||
+DEFINE_RUN_ONCE_STATIC(do_rand_crngt_init)
|
||||
+{
|
||||
+ return OPENSSL_init_crypto(0, NULL)
|
||||
+ && rand_crngt_init()
|
||||
+ && OPENSSL_atexit(&rand_crngt_cleanup);
|
||||
+}
|
||||
+
|
||||
+int rand_crngt_single_init(void)
|
||||
+{
|
||||
+ return RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init);
|
||||
+}
|
||||
+
|
||||
+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
|
||||
+ unsigned char **pout,
|
||||
+ int entropy, size_t min_len, size_t max_len,
|
||||
+ int prediction_resistance)
|
||||
+{
|
||||
+ unsigned char buf[CRNGT_BUFSIZ], md[EVP_MAX_MD_SIZE];
|
||||
+ unsigned int sz;
|
||||
+ RAND_POOL *pool;
|
||||
+ size_t q, r = 0, s, t = 0;
|
||||
+ int attempts = 3;
|
||||
+
|
||||
+ if (!RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init))
|
||||
+ return 0;
|
||||
+
|
||||
+ if ((pool = rand_pool_new(entropy, min_len, max_len)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) {
|
||||
+ s = q > sizeof(buf) ? sizeof(buf) : q;
|
||||
+ if (!crngt_get_entropy(buf, md, &sz)
|
||||
+ || memcmp(crngt_prev, md, sz) == 0
|
||||
+ || !rand_pool_add(pool, buf, s, s * 8))
|
||||
+ goto err;
|
||||
+ memcpy(crngt_prev, md, sz);
|
||||
+ t += s;
|
||||
+ attempts++;
|
||||
+ }
|
||||
+ r = t;
|
||||
+ *pout = rand_pool_detach(pool);
|
||||
+err:
|
||||
+ OPENSSL_cleanse(buf, sizeof(buf));
|
||||
+ rand_pool_free(pool);
|
||||
+ return r;
|
||||
+}
|
||||
+
|
||||
+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
|
||||
+ unsigned char *out, size_t outlen)
|
||||
+{
|
||||
+ OPENSSL_secure_clear_free(out, outlen);
|
||||
+}
|
||||
diff -up openssl-1.1.1b/crypto/rand/rand_lcl.h.crng-test openssl-1.1.1b/crypto/rand/rand_lcl.h
|
||||
--- openssl-1.1.1b/crypto/rand/rand_lcl.h.crng-test 2019-05-07 08:56:33.330177674 +0200
|
||||
+++ openssl-1.1.1b/crypto/rand/rand_lcl.h 2019-05-07 09:54:14.933204647 +0200
|
||||
@@ -33,7 +33,15 @@
|
||||
# define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */
|
||||
# define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */
|
||||
|
||||
-
|
||||
+/*
|
||||
+ * The number of bytes that constitutes an atomic lump of entropy with respect
|
||||
+ * to the FIPS 140-2 section 4.9.2 Conditional Tests. The size is somewhat
|
||||
+ * arbitrary, the smaller the value, the less entropy is consumed on first
|
||||
+ * read but the higher the probability of the test failing by accident.
|
||||
+ *
|
||||
+ * The value is in bytes.
|
||||
+ */
|
||||
+#define CRNGT_BUFSIZ 16
|
||||
|
||||
/*
|
||||
* Maximum input size for the DRBG (entropy, nonce, personalization string)
|
||||
@@ -44,7 +52,8 @@
|
||||
*/
|
||||
# define DRBG_MAX_LENGTH INT32_MAX
|
||||
|
||||
-
|
||||
+/* The default nonce */
|
||||
+# define DRBG_DEFAULT_PERS_STRING "OpenSSL NIST SP 800-90A DRBG"
|
||||
|
||||
/*
|
||||
* Maximum allocation size for RANDOM_POOL buffers
|
||||
@@ -290,4 +299,22 @@ int rand_drbg_enable_locking(RAND_DRBG *
|
||||
/* initializes the AES-CTR DRBG implementation */
|
||||
int drbg_ctr_init(RAND_DRBG *drbg);
|
||||
|
||||
+/*
|
||||
+ * Entropy call back for the FIPS 140-2 section 4.9.2 Conditional Tests.
|
||||
+ * These need to be exposed for the unit tests.
|
||||
+ */
|
||||
+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
|
||||
+ unsigned int *md_size);
|
||||
+extern int (*crngt_get_entropy)(unsigned char *buf, unsigned char *md,
|
||||
+ unsigned int *md_size);
|
||||
+int rand_crngt_init(void);
|
||||
+void rand_crngt_cleanup(void);
|
||||
+
|
||||
+/*
|
||||
+ * Expose the run once initialisation function for the unit tests because.
|
||||
+ * they need to restart from scratch to validate the first block is skipped
|
||||
+ * properly.
|
||||
+ */
|
||||
+int rand_crngt_single_init(void);
|
||||
+
|
||||
#endif
|
||||
diff -up openssl-1.1.1b/test/drbgtest.c.crng-test openssl-1.1.1b/test/drbgtest.c
|
||||
--- openssl-1.1.1b/test/drbgtest.c.crng-test 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/test/drbgtest.c 2019-05-07 10:06:24.706551561 +0200
|
||||
@@ -143,6 +143,31 @@ static size_t kat_nonce(RAND_DRBG *drbg,
|
||||
return t->noncelen;
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * Disable CRNG testing if it is enabled.
|
||||
+ * If the DRBG is ready or in an error state, this means an instantiate cycle
|
||||
+ * for which the default personalisation string is used.
|
||||
+ */
|
||||
+static int disable_crngt(RAND_DRBG *drbg)
|
||||
+{
|
||||
+ static const char pers[] = DRBG_DEFAULT_PERS_STRING;
|
||||
+ const int instantiate = drbg->state != DRBG_UNINITIALISED;
|
||||
+
|
||||
+ if (drbg->get_entropy != rand_crngt_get_entropy)
|
||||
+ return 1;
|
||||
+
|
||||
+ if ((instantiate && !RAND_DRBG_uninstantiate(drbg))
|
||||
+ || !TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_drbg_get_entropy,
|
||||
+ &rand_drbg_cleanup_entropy,
|
||||
+ &rand_drbg_get_nonce,
|
||||
+ &rand_drbg_cleanup_nonce))
|
||||
+ || (instantiate
|
||||
+ && !RAND_DRBG_instantiate(drbg, (const unsigned char *)pers,
|
||||
+ sizeof(pers) - 1)))
|
||||
+ return 0;
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
static int uninstantiate(RAND_DRBG *drbg)
|
||||
{
|
||||
int ret = drbg == NULL ? 1 : RAND_DRBG_uninstantiate(drbg);
|
||||
@@ -168,7 +193,8 @@ static int single_kat(DRBG_SELFTEST_DATA
|
||||
if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL)))
|
||||
return 0;
|
||||
if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||
- kat_nonce, NULL))) {
|
||||
+ kat_nonce, NULL))
|
||||
+ || !TEST_true(disable_crngt(drbg))) {
|
||||
failures++;
|
||||
goto err;
|
||||
}
|
||||
@@ -286,7 +312,8 @@ static int error_check(DRBG_SELFTEST_DAT
|
||||
unsigned int reseed_counter_tmp;
|
||||
int ret = 0;
|
||||
|
||||
- if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL)))
|
||||
+ if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL))
|
||||
+ || !TEST_true(disable_crngt(drbg)))
|
||||
goto err;
|
||||
|
||||
/*
|
||||
@@ -699,6 +726,10 @@ static int test_rand_drbg_reseed(void)
|
||||
|| !TEST_ptr_eq(private->parent, master))
|
||||
return 0;
|
||||
|
||||
+ /* Disable CRNG testing for the master DRBG */
|
||||
+ if (!TEST_true(disable_crngt(master)))
|
||||
+ return 0;
|
||||
+
|
||||
/* uninstantiate the three global DRBGs */
|
||||
RAND_DRBG_uninstantiate(private);
|
||||
RAND_DRBG_uninstantiate(public);
|
||||
@@ -919,7 +950,8 @@ static int test_rand_seed(void)
|
||||
size_t rand_buflen;
|
||||
size_t required_seed_buflen = 0;
|
||||
|
||||
- if (!TEST_ptr(master = RAND_DRBG_get0_master()))
|
||||
+ if (!TEST_ptr(master = RAND_DRBG_get0_master())
|
||||
+ || !TEST_true(disable_crngt(master)))
|
||||
return 0;
|
||||
|
||||
#ifdef OPENSSL_RAND_SEED_NONE
|
||||
@@ -968,6 +1000,95 @@ static int test_rand_add(void)
|
||||
return 1;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * A list of the FIPS DRGB types.
|
||||
+ */
|
||||
+static const struct s_drgb_types {
|
||||
+ int nid;
|
||||
+ int flags;
|
||||
+} drgb_types[] = {
|
||||
+ { NID_aes_128_ctr, 0 },
|
||||
+ { NID_aes_192_ctr, 0 },
|
||||
+ { NID_aes_256_ctr, 0 },
|
||||
+};
|
||||
+
|
||||
+/* Six cases for each covers seed sizes up to 32 bytes */
|
||||
+static const size_t crngt_num_cases = 6;
|
||||
+
|
||||
+static size_t crngt_case, crngt_idx;
|
||||
+
|
||||
+static int crngt_entropy_cb(unsigned char *buf, unsigned char *md,
|
||||
+ unsigned int *md_size)
|
||||
+{
|
||||
+ size_t i, z;
|
||||
+
|
||||
+ if (!TEST_int_lt(crngt_idx, crngt_num_cases))
|
||||
+ return 0;
|
||||
+ /* Generate a block of unique data unless this is the duplication point */
|
||||
+ z = crngt_idx++;
|
||||
+ if (z > 0 && crngt_case == z)
|
||||
+ z--;
|
||||
+ for (i = 0; i < CRNGT_BUFSIZ; i++)
|
||||
+ buf[i] = (unsigned char)(i + 'A' + z);
|
||||
+ return EVP_Digest(buf, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
|
||||
+}
|
||||
+
|
||||
+static int test_crngt(int n)
|
||||
+{
|
||||
+ const struct s_drgb_types *dt = drgb_types + n / crngt_num_cases;
|
||||
+ RAND_DRBG *drbg = NULL;
|
||||
+ unsigned char buff[100];
|
||||
+ size_t ent;
|
||||
+ int res = 0;
|
||||
+ int expect;
|
||||
+
|
||||
+ if (!TEST_true(rand_crngt_single_init()))
|
||||
+ return 0;
|
||||
+ rand_crngt_cleanup();
|
||||
+
|
||||
+ if (!TEST_ptr(drbg = RAND_DRBG_new(dt->nid, dt->flags, NULL)))
|
||||
+ return 0;
|
||||
+ ent = (drbg->min_entropylen + CRNGT_BUFSIZ - 1) / CRNGT_BUFSIZ;
|
||||
+ crngt_case = n % crngt_num_cases;
|
||||
+ crngt_idx = 0;
|
||||
+ crngt_get_entropy = &crngt_entropy_cb;
|
||||
+ if (!TEST_true(rand_crngt_init()))
|
||||
+ goto err;
|
||||
+#ifndef OPENSSL_FIPS
|
||||
+ if (!TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_crngt_get_entropy,
|
||||
+ &rand_crngt_cleanup_entropy,
|
||||
+ &rand_drbg_get_nonce,
|
||||
+ &rand_drbg_cleanup_nonce)))
|
||||
+ goto err;
|
||||
+#endif
|
||||
+ expect = crngt_case == 0 || crngt_case > ent;
|
||||
+ if (!TEST_int_eq(RAND_DRBG_instantiate(drbg, NULL, 0), expect))
|
||||
+ goto err;
|
||||
+ if (!expect)
|
||||
+ goto fin;
|
||||
+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
|
||||
+ goto err;
|
||||
+
|
||||
+ expect = crngt_case == 0 || crngt_case > 2 * ent;
|
||||
+ if (!TEST_int_eq(RAND_DRBG_reseed(drbg, NULL, 0, 0), expect))
|
||||
+ goto err;
|
||||
+ if (!expect)
|
||||
+ goto fin;
|
||||
+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
|
||||
+ goto err;
|
||||
+
|
||||
+fin:
|
||||
+ res = 1;
|
||||
+err:
|
||||
+ if (!res)
|
||||
+ TEST_note("DRBG %zd case %zd block %zd", n / crngt_num_cases,
|
||||
+ crngt_case, crngt_idx);
|
||||
+ uninstantiate(drbg);
|
||||
+ RAND_DRBG_free(drbg);
|
||||
+ crngt_get_entropy = &rand_crngt_get_entropy_cb;
|
||||
+ return res;
|
||||
+}
|
||||
+
|
||||
int setup_tests(void)
|
||||
{
|
||||
app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
|
||||
@@ -980,5 +1101,6 @@ int setup_tests(void)
|
||||
#if defined(OPENSSL_THREADS)
|
||||
ADD_TEST(test_multi_thread);
|
||||
#endif
|
||||
+ ADD_ALL_TESTS(test_crngt, crngt_num_cases * OSSL_NELEM(drgb_types));
|
||||
return 1;
|
||||
}
|
585
SOURCES/openssl-1.1.1-fips-drbg-selftest.patch
Normal file
585
SOURCES/openssl-1.1.1-fips-drbg-selftest.patch
Normal file
@ -0,0 +1,585 @@
|
||||
diff -up openssl-1.1.1c/crypto/fips/fips_post.c.drbg-selftest openssl-1.1.1c/crypto/fips/fips_post.c
|
||||
--- openssl-1.1.1c/crypto/fips/fips_post.c.drbg-selftest 2020-03-05 10:10:00.934004474 +0100
|
||||
+++ openssl-1.1.1c/crypto/fips/fips_post.c 2020-03-05 10:16:58.051865408 +0100
|
||||
@@ -67,12 +67,18 @@
|
||||
|
||||
# include <openssl/fips.h>
|
||||
# include "internal/fips_int.h"
|
||||
+# include "internal/rand_int.h"
|
||||
# include "fips_locl.h"
|
||||
|
||||
/* Run all selftests */
|
||||
int FIPS_selftest(void)
|
||||
{
|
||||
int rv = 1;
|
||||
+ if (!rand_drbg_selftest()) {
|
||||
+ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_TEST_FAILURE);
|
||||
+ ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
|
||||
+ rv = 0;
|
||||
+ }
|
||||
if (!FIPS_selftest_drbg())
|
||||
rv = 0;
|
||||
if (!FIPS_selftest_sha1())
|
||||
diff -up openssl-1.1.1c/crypto/include/internal/rand_int.h.drbg-selftest openssl-1.1.1c/crypto/include/internal/rand_int.h
|
||||
--- openssl-1.1.1c/crypto/include/internal/rand_int.h.drbg-selftest 2020-03-05 10:10:01.053002437 +0100
|
||||
+++ openssl-1.1.1c/crypto/include/internal/rand_int.h 2020-03-05 10:10:01.090001804 +0100
|
||||
@@ -139,4 +139,9 @@ void rand_pool_cleanup(void);
|
||||
*/
|
||||
void rand_pool_keep_random_devices_open(int keep);
|
||||
|
||||
+/*
|
||||
+ * Perform the DRBG KAT selftests
|
||||
+ */
|
||||
+int rand_drbg_selftest(void);
|
||||
+
|
||||
#endif
|
||||
diff -up openssl-1.1.1c/crypto/rand/build.info.drbg-selftest openssl-1.1.1c/crypto/rand/build.info
|
||||
--- openssl-1.1.1c/crypto/rand/build.info.drbg-selftest 2020-03-05 10:10:01.020003002 +0100
|
||||
+++ openssl-1.1.1c/crypto/rand/build.info 2020-03-05 10:10:01.090001804 +0100
|
||||
@@ -1,4 +1,4 @@
|
||||
LIBS=../../libcrypto
|
||||
SOURCE[../../libcrypto]=\
|
||||
randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
|
||||
- rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
|
||||
+ rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c drbg_selftest.c
|
||||
diff -up openssl-1.1.1c/crypto/rand/drbg_selftest.c.drbg-selftest openssl-1.1.1c/crypto/rand/drbg_selftest.c
|
||||
--- openssl-1.1.1c/crypto/rand/drbg_selftest.c.drbg-selftest 2020-03-05 10:10:01.090001804 +0100
|
||||
+++ openssl-1.1.1c/crypto/rand/drbg_selftest.c 2020-03-05 10:10:01.090001804 +0100
|
||||
@@ -0,0 +1,537 @@
|
||||
+/*
|
||||
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ *
|
||||
+ * Licensed under the OpenSSL license (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+#include <string.h>
|
||||
+#include <stddef.h>
|
||||
+#include "internal/nelem.h"
|
||||
+#include <openssl/crypto.h>
|
||||
+#include <openssl/err.h>
|
||||
+#include <openssl/rand_drbg.h>
|
||||
+#include <openssl/obj_mac.h>
|
||||
+#include "internal/thread_once.h"
|
||||
+#include "internal/rand_int.h"
|
||||
+
|
||||
+typedef struct test_ctx_st {
|
||||
+ const unsigned char *entropy;
|
||||
+ size_t entropylen;
|
||||
+ int entropycnt;
|
||||
+ const unsigned char *nonce;
|
||||
+ size_t noncelen;
|
||||
+ int noncecnt;
|
||||
+} TEST_CTX;
|
||||
+
|
||||
+static int app_data_index = -1;
|
||||
+static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT;
|
||||
+DEFINE_RUN_ONCE_STATIC(drbg_app_data_index_init)
|
||||
+{
|
||||
+ app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+enum drbg_kat_type {
|
||||
+ NO_RESEED,
|
||||
+ PR_FALSE,
|
||||
+ PR_TRUE
|
||||
+};
|
||||
+
|
||||
+enum drbg_df {
|
||||
+ USE_DF,
|
||||
+ NO_DF,
|
||||
+ NA
|
||||
+};
|
||||
+
|
||||
+struct drbg_kat_no_reseed {
|
||||
+ size_t count;
|
||||
+ const unsigned char *entropyin;
|
||||
+ const unsigned char *nonce;
|
||||
+ const unsigned char *persstr;
|
||||
+ const unsigned char *addin1;
|
||||
+ const unsigned char *addin2;
|
||||
+ const unsigned char *retbytes;
|
||||
+};
|
||||
+
|
||||
+struct drbg_kat_pr_false {
|
||||
+ size_t count;
|
||||
+ const unsigned char *entropyin;
|
||||
+ const unsigned char *nonce;
|
||||
+ const unsigned char *persstr;
|
||||
+ const unsigned char *entropyinreseed;
|
||||
+ const unsigned char *addinreseed;
|
||||
+ const unsigned char *addin1;
|
||||
+ const unsigned char *addin2;
|
||||
+ const unsigned char *retbytes;
|
||||
+};
|
||||
+
|
||||
+struct drbg_kat_pr_true {
|
||||
+ size_t count;
|
||||
+ const unsigned char *entropyin;
|
||||
+ const unsigned char *nonce;
|
||||
+ const unsigned char *persstr;
|
||||
+ const unsigned char *entropyinpr1;
|
||||
+ const unsigned char *addin1;
|
||||
+ const unsigned char *entropyinpr2;
|
||||
+ const unsigned char *addin2;
|
||||
+ const unsigned char *retbytes;
|
||||
+};
|
||||
+
|
||||
+struct drbg_kat {
|
||||
+ enum drbg_kat_type type;
|
||||
+ enum drbg_df df;
|
||||
+ int nid;
|
||||
+
|
||||
+ size_t entropyinlen;
|
||||
+ size_t noncelen;
|
||||
+ size_t persstrlen;
|
||||
+ size_t addinlen;
|
||||
+ size_t retbyteslen;
|
||||
+
|
||||
+ const void *t;
|
||||
+};
|
||||
+
|
||||
+/*
|
||||
+ * Excerpt from test/drbg_cavs_data.c
|
||||
+ * DRBG test vectors from:
|
||||
+ * https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/
|
||||
+ */
|
||||
+
|
||||
+static const unsigned char kat1308_entropyin[] = {
|
||||
+ 0x7c, 0x5d, 0x90, 0x70, 0x3b, 0x8a, 0xc7, 0x0f, 0x23, 0x73, 0x24, 0x9c,
|
||||
+ 0xa7, 0x15, 0x41, 0x71, 0x7a, 0x31, 0xea, 0x32, 0xfc, 0x28, 0x0d, 0xd7,
|
||||
+ 0x5b, 0x09, 0x01, 0x98, 0x1b, 0xe2, 0xa5, 0x53, 0xd9, 0x05, 0x32, 0x97,
|
||||
+ 0xec, 0xbe, 0x86, 0xfd, 0x1c, 0x1c, 0x71, 0x4c, 0x52, 0x29, 0x9e, 0x52,
|
||||
+};
|
||||
+static const unsigned char kat1308_nonce[] = {0};
|
||||
+static const unsigned char kat1308_persstr[] = {
|
||||
+ 0xdc, 0x07, 0x2f, 0x68, 0xfa, 0x77, 0x03, 0x23, 0x42, 0xb0, 0xf5, 0xa2,
|
||||
+ 0xd9, 0xad, 0xa1, 0xd0, 0xad, 0xa2, 0x14, 0xb4, 0xd0, 0x8e, 0xfb, 0x39,
|
||||
+ 0xdd, 0xc2, 0xac, 0xfb, 0x98, 0xdf, 0x7f, 0xce, 0x4c, 0x75, 0x56, 0x45,
|
||||
+ 0xcd, 0x86, 0x93, 0x74, 0x90, 0x6e, 0xf6, 0x9e, 0x85, 0x7e, 0xfb, 0xc3,
|
||||
+};
|
||||
+static const unsigned char kat1308_addin0[] = {
|
||||
+ 0x52, 0x25, 0xc4, 0x2f, 0x03, 0xce, 0x29, 0x71, 0xc5, 0x0b, 0xc3, 0x4e,
|
||||
+ 0xad, 0x8d, 0x6f, 0x17, 0x82, 0xe1, 0xf3, 0xfd, 0xfd, 0x9b, 0x94, 0x9a,
|
||||
+ 0x1d, 0xac, 0xd0, 0xd4, 0x3f, 0x2b, 0xe3, 0xab, 0x7c, 0x3d, 0x3e, 0x5a,
|
||||
+ 0x68, 0xbb, 0xa4, 0x74, 0x68, 0x1a, 0xc6, 0x27, 0xff, 0xe0, 0xc0, 0x6c,
|
||||
+};
|
||||
+static const unsigned char kat1308_addin1[] = {
|
||||
+ 0xdc, 0x91, 0xd7, 0xb7, 0xb9, 0x94, 0x79, 0x0f, 0x06, 0xc4, 0x70, 0x19,
|
||||
+ 0x33, 0x25, 0x7c, 0x96, 0x01, 0xa0, 0x62, 0xb0, 0x50, 0xe6, 0xc0, 0x3a,
|
||||
+ 0x56, 0x8f, 0xc5, 0x50, 0x48, 0xc6, 0xf4, 0x49, 0xe5, 0x70, 0x16, 0x2e,
|
||||
+ 0xae, 0xf2, 0x99, 0xb4, 0x2d, 0x70, 0x18, 0x16, 0xcd, 0xe0, 0x24, 0xe4,
|
||||
+};
|
||||
+static const unsigned char kat1308_retbits[] = {
|
||||
+ 0xde, 0xf8, 0x91, 0x1b, 0xf1, 0xe1, 0xa9, 0x97, 0xd8, 0x61, 0x84, 0xe2,
|
||||
+ 0xdb, 0x83, 0x3e, 0x60, 0x45, 0xcd, 0xc8, 0x66, 0x93, 0x28, 0xc8, 0x92,
|
||||
+ 0xbc, 0x25, 0xae, 0xe8, 0xb0, 0xed, 0xed, 0x16, 0x3d, 0xa5, 0xf9, 0x0f,
|
||||
+ 0xb3, 0x72, 0x08, 0x84, 0xac, 0x3c, 0x3b, 0xaa, 0x5f, 0xf9, 0x7d, 0x63,
|
||||
+ 0x3e, 0xde, 0x59, 0x37, 0x0e, 0x40, 0x12, 0x2b, 0xbc, 0x6c, 0x96, 0x53,
|
||||
+ 0x26, 0x32, 0xd0, 0xb8,
|
||||
+};
|
||||
+static const struct drbg_kat_no_reseed kat1308_t = {
|
||||
+ 2, kat1308_entropyin, kat1308_nonce, kat1308_persstr,
|
||||
+ kat1308_addin0, kat1308_addin1, kat1308_retbits
|
||||
+};
|
||||
+static const struct drbg_kat kat1308 = {
|
||||
+ NO_RESEED, NO_DF, NID_aes_256_ctr, 48, 0, 48, 48, 64, &kat1308_t
|
||||
+};
|
||||
+
|
||||
+static const unsigned char kat1465_entropyin[] = {
|
||||
+ 0xc9, 0x96, 0x3a, 0x15, 0x51, 0x76, 0x4f, 0xe0, 0x45, 0x82, 0x8a, 0x64,
|
||||
+ 0x87, 0xbe, 0xaa, 0xc0,
|
||||
+};
|
||||
+static const unsigned char kat1465_nonce[] = {
|
||||
+ 0x08, 0xcd, 0x69, 0x39, 0xf8, 0x58, 0x9a, 0x85,
|
||||
+};
|
||||
+static const unsigned char kat1465_persstr[] = {0};
|
||||
+static const unsigned char kat1465_entropyinreseed[] = {
|
||||
+ 0x16, 0xcc, 0x35, 0x15, 0xb1, 0x17, 0xf5, 0x33, 0x80, 0x9a, 0x80, 0xc5,
|
||||
+ 0x1f, 0x4b, 0x7b, 0x51,
|
||||
+};
|
||||
+static const unsigned char kat1465_addinreseed[] = {
|
||||
+ 0xf5, 0x3d, 0xf1, 0x2e, 0xdb, 0x28, 0x1c, 0x00, 0x7b, 0xcb, 0xb6, 0x12,
|
||||
+ 0x61, 0x9f, 0x26, 0x5f,
|
||||
+};
|
||||
+static const unsigned char kat1465_addin0[] = {
|
||||
+ 0xe2, 0x67, 0x06, 0x62, 0x09, 0xa7, 0xcf, 0xd6, 0x84, 0x8c, 0x20, 0xf6,
|
||||
+ 0x10, 0x5a, 0x73, 0x9c,
|
||||
+};
|
||||
+static const unsigned char kat1465_addin1[] = {
|
||||
+ 0x26, 0xfa, 0x50, 0xe1, 0xb3, 0xcb, 0x65, 0xed, 0xbc, 0x6d, 0xda, 0x18,
|
||||
+ 0x47, 0x99, 0x1f, 0xeb,
|
||||
+};
|
||||
+static const unsigned char kat1465_retbits[] = {
|
||||
+ 0xf9, 0x47, 0xc6, 0xb0, 0x58, 0xa8, 0x66, 0x8a, 0xf5, 0x2b, 0x2a, 0x6d,
|
||||
+ 0x4e, 0x24, 0x6f, 0x65, 0xbf, 0x51, 0x22, 0xbf, 0xe8, 0x8d, 0x6c, 0xeb,
|
||||
+ 0xf9, 0x68, 0x7f, 0xed, 0x3b, 0xdd, 0x6b, 0xd5, 0x28, 0x47, 0x56, 0x52,
|
||||
+ 0xda, 0x50, 0xf0, 0x90, 0x73, 0x95, 0x06, 0x58, 0xaf, 0x08, 0x98, 0x6e,
|
||||
+ 0x24, 0x18, 0xfd, 0x2f, 0x48, 0x72, 0x57, 0xd6, 0x59, 0xab, 0xe9, 0x41,
|
||||
+ 0x58, 0xdb, 0x27, 0xba,
|
||||
+};
|
||||
+static const struct drbg_kat_pr_false kat1465_t = {
|
||||
+ 9, kat1465_entropyin, kat1465_nonce, kat1465_persstr,
|
||||
+ kat1465_entropyinreseed, kat1465_addinreseed, kat1465_addin0,
|
||||
+ kat1465_addin1, kat1465_retbits
|
||||
+};
|
||||
+static const struct drbg_kat kat1465 = {
|
||||
+ PR_FALSE, USE_DF, NID_aes_128_ctr, 16, 8, 0, 16, 64, &kat1465_t
|
||||
+};
|
||||
+
|
||||
+static const unsigned char kat3146_entropyin[] = {
|
||||
+ 0xd7, 0x08, 0x42, 0x82, 0xc2, 0xd2, 0xd1, 0xde, 0x01, 0xb4, 0x36, 0xb3,
|
||||
+ 0x7f, 0xbd, 0xd3, 0xdd, 0xb3, 0xc4, 0x31, 0x4f, 0x8f, 0xa7, 0x10, 0xf4,
|
||||
+};
|
||||
+static const unsigned char kat3146_nonce[] = {
|
||||
+ 0x7b, 0x9e, 0xcd, 0x49, 0x4f, 0x46, 0xa0, 0x08, 0x32, 0xff, 0x2e, 0xc3,
|
||||
+ 0x50, 0x86, 0xca, 0xca,
|
||||
+};
|
||||
+static const unsigned char kat3146_persstr[] = {0};
|
||||
+static const unsigned char kat3146_entropyinpr1[] = {
|
||||
+ 0x68, 0xd0, 0x7b, 0xa4, 0xe7, 0x22, 0x19, 0xe6, 0xb6, 0x46, 0x6a, 0xda,
|
||||
+ 0x8e, 0x67, 0xea, 0x63, 0x3f, 0xaf, 0x2f, 0x6c, 0x9d, 0x5e, 0x48, 0x15,
|
||||
+};
|
||||
+static const unsigned char kat3146_addinpr1[] = {
|
||||
+ 0x70, 0x0f, 0x54, 0xf4, 0x53, 0xde, 0xca, 0x61, 0x5c, 0x49, 0x51, 0xd1,
|
||||
+ 0x41, 0xc4, 0xf1, 0x2f, 0x65, 0xfb, 0x7e, 0xbc, 0x9b, 0x14, 0xba, 0x90,
|
||||
+ 0x05, 0x33, 0x7e, 0x64, 0xb7, 0x2b, 0xaf, 0x99,
|
||||
+};
|
||||
+static const unsigned char kat3146_entropyinpr2[] = {
|
||||
+ 0xeb, 0x77, 0xb0, 0xe9, 0x2d, 0x31, 0xc8, 0x66, 0xc5, 0xc4, 0xa7, 0xf7,
|
||||
+ 0x6c, 0xb2, 0x74, 0x36, 0x4b, 0x25, 0x78, 0x04, 0xd8, 0xd7, 0xd2, 0x34,
|
||||
+};
|
||||
+static const unsigned char kat3146_addinpr2[] = {
|
||||
+ 0x05, 0xcd, 0x2a, 0x97, 0x5a, 0x5d, 0xfb, 0x98, 0xc1, 0xf1, 0x00, 0x0c,
|
||||
+ 0xed, 0xe6, 0x2a, 0xba, 0xf0, 0x89, 0x1f, 0x5a, 0x4f, 0xd7, 0x48, 0xb3,
|
||||
+ 0x24, 0xc0, 0x8a, 0x3d, 0x60, 0x59, 0x5d, 0xb6,
|
||||
+};
|
||||
+static const unsigned char kat3146_retbits[] = {
|
||||
+ 0x29, 0x94, 0xa4, 0xa8, 0x17, 0x3e, 0x62, 0x2f, 0x94, 0xdd, 0x40, 0x1f,
|
||||
+ 0xe3, 0x7e, 0x77, 0xd4, 0x38, 0xbc, 0x0e, 0x49, 0x46, 0xf6, 0x0e, 0x28,
|
||||
+ 0x91, 0xc6, 0x9c, 0xc4, 0xa6, 0xa1, 0xf8, 0x9a, 0x64, 0x5e, 0x99, 0x76,
|
||||
+ 0xd0, 0x2d, 0xee, 0xde, 0xe1, 0x2c, 0x93, 0x29, 0x4b, 0x12, 0xcf, 0x87,
|
||||
+ 0x03, 0x98, 0xb9, 0x74, 0x41, 0xdb, 0x3a, 0x49, 0x9f, 0x92, 0xd0, 0x45,
|
||||
+ 0xd4, 0x30, 0x73, 0xbb,
|
||||
+};
|
||||
+static const struct drbg_kat_pr_true kat3146_t = {
|
||||
+ 10, kat3146_entropyin, kat3146_nonce, kat3146_persstr,
|
||||
+ kat3146_entropyinpr1, kat3146_addinpr1, kat3146_entropyinpr2,
|
||||
+ kat3146_addinpr2, kat3146_retbits
|
||||
+};
|
||||
+static const struct drbg_kat kat3146 = {
|
||||
+ PR_TRUE, USE_DF, NID_aes_192_ctr, 24, 16, 0, 32, 64, &kat3146_t
|
||||
+};
|
||||
+
|
||||
+static const struct drbg_kat *drbg_test[] = { &kat1308, &kat1465, &kat3146 };
|
||||
+
|
||||
+static const size_t drbg_test_nelem = OSSL_NELEM(drbg_test);
|
||||
+
|
||||
+static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout,
|
||||
+ int entropy, size_t min_len, size_t max_len,
|
||||
+ int prediction_resistance)
|
||||
+{
|
||||
+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
|
||||
+
|
||||
+ t->entropycnt++;
|
||||
+ *pout = (unsigned char *)t->entropy;
|
||||
+ return t->entropylen;
|
||||
+}
|
||||
+
|
||||
+static size_t kat_nonce(RAND_DRBG *drbg, unsigned char **pout,
|
||||
+ int entropy, size_t min_len, size_t max_len)
|
||||
+{
|
||||
+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
|
||||
+
|
||||
+ t->noncecnt++;
|
||||
+ *pout = (unsigned char *)t->nonce;
|
||||
+ return t->noncelen;
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * Do a single NO_RESEED KAT:
|
||||
+ *
|
||||
+ * Instantiate
|
||||
+ * Generate Random Bits (pr=false)
|
||||
+ * Generate Random Bits (pr=false)
|
||||
+ * Uninstantiate
|
||||
+ *
|
||||
+ * Return 0 on failure.
|
||||
+ */
|
||||
+static int single_kat_no_reseed(const struct drbg_kat *td)
|
||||
+{
|
||||
+ struct drbg_kat_no_reseed *data = (struct drbg_kat_no_reseed *)td->t;
|
||||
+ RAND_DRBG *drbg = NULL;
|
||||
+ unsigned char *buff = NULL;
|
||||
+ unsigned int flags = 0;
|
||||
+ int failures = 0;
|
||||
+ TEST_CTX t;
|
||||
+
|
||||
+ if (td->df != USE_DF)
|
||||
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
|
||||
+
|
||||
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||
+ kat_nonce, NULL)) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ memset(&t, 0, sizeof(t));
|
||||
+ t.entropy = data->entropyin;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+ t.nonce = data->nonce;
|
||||
+ t.noncelen = td->noncelen;
|
||||
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
|
||||
+
|
||||
+ buff = OPENSSL_malloc(td->retbyteslen);
|
||||
+ if (buff == NULL) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)
|
||||
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
|
||||
+ data->addin1, td->addinlen)
|
||||
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
|
||||
+ data->addin2, td->addinlen)
|
||||
+ || memcmp(data->retbytes, buff,
|
||||
+ td->retbyteslen) != 0)
|
||||
+ failures++;
|
||||
+
|
||||
+err:
|
||||
+ OPENSSL_free(buff);
|
||||
+ RAND_DRBG_uninstantiate(drbg);
|
||||
+ RAND_DRBG_free(drbg);
|
||||
+ return failures == 0;
|
||||
+}
|
||||
+
|
||||
+/*-
|
||||
+ * Do a single PR_FALSE KAT:
|
||||
+ *
|
||||
+ * Instantiate
|
||||
+ * Reseed
|
||||
+ * Generate Random Bits (pr=false)
|
||||
+ * Generate Random Bits (pr=false)
|
||||
+ * Uninstantiate
|
||||
+ *
|
||||
+ * Return 0 on failure.
|
||||
+ */
|
||||
+static int single_kat_pr_false(const struct drbg_kat *td)
|
||||
+{
|
||||
+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
|
||||
+ RAND_DRBG *drbg = NULL;
|
||||
+ unsigned char *buff = NULL;
|
||||
+ unsigned int flags = 0;
|
||||
+ int failures = 0;
|
||||
+ TEST_CTX t;
|
||||
+
|
||||
+ if (td->df != USE_DF)
|
||||
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
|
||||
+
|
||||
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||
+ kat_nonce, NULL)) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ memset(&t, 0, sizeof(t));
|
||||
+ t.entropy = data->entropyin;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+ t.nonce = data->nonce;
|
||||
+ t.noncelen = td->noncelen;
|
||||
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
|
||||
+
|
||||
+ buff = OPENSSL_malloc(td->retbyteslen);
|
||||
+ if (buff == NULL) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
|
||||
+ failures++;
|
||||
+
|
||||
+ t.entropy = data->entropyinreseed;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+
|
||||
+ if (!RAND_DRBG_reseed(drbg, data->addinreseed, td->addinlen, 0)
|
||||
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
|
||||
+ data->addin1, td->addinlen)
|
||||
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
|
||||
+ data->addin2, td->addinlen)
|
||||
+ || memcmp(data->retbytes, buff,
|
||||
+ td->retbyteslen) != 0)
|
||||
+ failures++;
|
||||
+
|
||||
+err:
|
||||
+ OPENSSL_free(buff);
|
||||
+ RAND_DRBG_uninstantiate(drbg);
|
||||
+ RAND_DRBG_free(drbg);
|
||||
+ return failures == 0;
|
||||
+}
|
||||
+
|
||||
+/*-
|
||||
+ * Do a single PR_TRUE KAT:
|
||||
+ *
|
||||
+ * Instantiate
|
||||
+ * Generate Random Bits (pr=true)
|
||||
+ * Generate Random Bits (pr=true)
|
||||
+ * Uninstantiate
|
||||
+ *
|
||||
+ * Return 0 on failure.
|
||||
+ */
|
||||
+static int single_kat_pr_true(const struct drbg_kat *td)
|
||||
+{
|
||||
+ struct drbg_kat_pr_true *data = (struct drbg_kat_pr_true *)td->t;
|
||||
+ RAND_DRBG *drbg = NULL;
|
||||
+ unsigned char *buff = NULL;
|
||||
+ unsigned int flags = 0;
|
||||
+ int failures = 0;
|
||||
+ TEST_CTX t;
|
||||
+
|
||||
+ if (td->df != USE_DF)
|
||||
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
|
||||
+
|
||||
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||
+ kat_nonce, NULL)) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ memset(&t, 0, sizeof(t));
|
||||
+ t.nonce = data->nonce;
|
||||
+ t.noncelen = td->noncelen;
|
||||
+ t.entropy = data->entropyin;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
|
||||
+
|
||||
+ buff = OPENSSL_malloc(td->retbyteslen);
|
||||
+ if (buff == NULL) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
|
||||
+ failures++;
|
||||
+
|
||||
+ t.entropy = data->entropyinpr1;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+
|
||||
+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
|
||||
+ data->addin1, td->addinlen))
|
||||
+ failures++;
|
||||
+
|
||||
+ t.entropy = data->entropyinpr2;
|
||||
+ t.entropylen = td->entropyinlen;
|
||||
+
|
||||
+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
|
||||
+ data->addin2, td->addinlen)
|
||||
+ || memcmp(data->retbytes, buff,
|
||||
+ td->retbyteslen) != 0)
|
||||
+ failures++;
|
||||
+
|
||||
+err:
|
||||
+ OPENSSL_free(buff);
|
||||
+ RAND_DRBG_uninstantiate(drbg);
|
||||
+ RAND_DRBG_free(drbg);
|
||||
+ return failures == 0;
|
||||
+}
|
||||
+
|
||||
+static int test_kats(int i)
|
||||
+{
|
||||
+ const struct drbg_kat *td = drbg_test[i];
|
||||
+ int rv = 0;
|
||||
+
|
||||
+ switch (td->type) {
|
||||
+ case NO_RESEED:
|
||||
+ if (!single_kat_no_reseed(td))
|
||||
+ goto err;
|
||||
+ break;
|
||||
+ case PR_FALSE:
|
||||
+ if (!single_kat_pr_false(td))
|
||||
+ goto err;
|
||||
+ break;
|
||||
+ case PR_TRUE:
|
||||
+ if (!single_kat_pr_true(td))
|
||||
+ goto err;
|
||||
+ break;
|
||||
+ default: /* cant happen */
|
||||
+ goto err;
|
||||
+ }
|
||||
+ rv = 1;
|
||||
+err:
|
||||
+ return rv;
|
||||
+}
|
||||
+
|
||||
+/*-
|
||||
+ * Do one expected-error test:
|
||||
+ *
|
||||
+ * Instantiate with no entropy supplied
|
||||
+ *
|
||||
+ * Return 0 on failure.
|
||||
+ */
|
||||
+static int test_drbg_sanity(const struct drbg_kat *td)
|
||||
+{
|
||||
+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
|
||||
+ RAND_DRBG *drbg = NULL;
|
||||
+ unsigned int flags = 0;
|
||||
+ int failures = 0;
|
||||
+ TEST_CTX t;
|
||||
+
|
||||
+ if (td->df != USE_DF)
|
||||
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
|
||||
+
|
||||
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||
+ kat_nonce, NULL)) {
|
||||
+ failures++;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ memset(&t, 0, sizeof(t));
|
||||
+ t.entropy = data->entropyin;
|
||||
+ t.entropylen = 0; /* No entropy */
|
||||
+ t.nonce = data->nonce;
|
||||
+ t.noncelen = td->noncelen;
|
||||
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
|
||||
+
|
||||
+ ERR_set_mark();
|
||||
+ /* This must fail. */
|
||||
+ if (RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
|
||||
+ failures++;
|
||||
+ RAND_DRBG_uninstantiate(drbg);
|
||||
+ ERR_pop_to_mark();
|
||||
+
|
||||
+err:
|
||||
+ RAND_DRBG_free(drbg);
|
||||
+ return failures == 0;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+int rand_drbg_selftest(void)
|
||||
+{
|
||||
+ int i;
|
||||
+
|
||||
+ if (!RUN_ONCE(&get_index_once, drbg_app_data_index_init))
|
||||
+ return 0;
|
||||
+
|
||||
+ for (i = 0; i < drbg_test_nelem; i++) {
|
||||
+ if (test_kats(i) <= 0)
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if (test_drbg_sanity(&kat1465) <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
157
SOURCES/openssl-1.1.1-fips-post-rand.patch
Normal file
157
SOURCES/openssl-1.1.1-fips-post-rand.patch
Normal file
@ -0,0 +1,157 @@
|
||||
diff -up openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand openssl-1.1.1c/crypto/fips/fips.c
|
||||
--- openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand 2019-05-29 15:53:56.328216002 +0200
|
||||
+++ openssl-1.1.1c/crypto/fips/fips.c 2019-05-29 15:53:56.359215457 +0200
|
||||
@@ -68,6 +68,7 @@
|
||||
|
||||
# include <openssl/fips.h>
|
||||
# include "internal/thread_once.h"
|
||||
+# include "internal/rand_int.h"
|
||||
|
||||
# ifndef PATH_MAX
|
||||
# define PATH_MAX 1024
|
||||
@@ -76,6 +77,7 @@
|
||||
static int fips_selftest_fail = 0;
|
||||
static int fips_mode = 0;
|
||||
static int fips_started = 0;
|
||||
+static int fips_post = 0;
|
||||
|
||||
static int fips_is_owning_thread(void);
|
||||
static int fips_set_owning_thread(void);
|
||||
@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void)
|
||||
fips_selftest_fail = 1;
|
||||
}
|
||||
|
||||
+int fips_in_post(void)
|
||||
+{
|
||||
+ return fips_post;
|
||||
+}
|
||||
+
|
||||
/* we implement what libfipscheck does ourselves */
|
||||
|
||||
static int
|
||||
@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff)
|
||||
}
|
||||
# endif
|
||||
|
||||
+ fips_post = 1;
|
||||
+
|
||||
if (!FIPS_selftest()) {
|
||||
fips_selftest_fail = 1;
|
||||
ret = 0;
|
||||
@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff)
|
||||
goto end;
|
||||
}
|
||||
|
||||
+ fips_post = 0;
|
||||
+
|
||||
fips_set_mode(onoff);
|
||||
+ /* force RNG reseed with entropy from getrandom() on next call */
|
||||
+ rand_fork();
|
||||
+
|
||||
ret = 1;
|
||||
goto end;
|
||||
}
|
||||
diff -up openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand openssl-1.1.1c/crypto/include/internal/fips_int.h
|
||||
--- openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand 2019-05-29 15:53:56.337215844 +0200
|
||||
+++ openssl-1.1.1c/crypto/include/internal/fips_int.h 2019-05-29 15:53:56.359215457 +0200
|
||||
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
|
||||
int FIPS_selftest_drbg(void);
|
||||
int FIPS_selftest_cmac(void);
|
||||
|
||||
+int fips_in_post(void);
|
||||
+
|
||||
int fips_pkey_signature_test(EVP_PKEY *pkey,
|
||||
const unsigned char *tbs, int tbslen,
|
||||
const unsigned char *kat,
|
||||
diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/crypto/rand/rand_unix.c
|
||||
--- openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/rand/rand_unix.c 2019-05-29 16:54:16.471391802 +0200
|
||||
@@ -16,10 +16,12 @@
|
||||
#include <openssl/rand.h>
|
||||
#include "rand_lcl.h"
|
||||
#include "internal/rand_int.h"
|
||||
+#include "internal/fips_int.h"
|
||||
#include <stdio.h>
|
||||
#include "internal/dso.h"
|
||||
#if defined(__linux)
|
||||
-# include <asm/unistd.h>
|
||||
+# include <sys/syscall.h>
|
||||
+# include <sys/random.h>
|
||||
#endif
|
||||
#if defined(__FreeBSD__)
|
||||
# include <sys/types.h>
|
||||
@@ -279,7 +281,7 @@ static ssize_t sysctl_random(char *buf,
|
||||
* syscall_random(): Try to get random data using a system call
|
||||
* returns the number of bytes returned in buf, or < 0 on error.
|
||||
*/
|
||||
-static ssize_t syscall_random(void *buf, size_t buflen)
|
||||
+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock)
|
||||
{
|
||||
/*
|
||||
* Note: 'buflen' equals the size of the buffer which is used by the
|
||||
@@ -301,6 +303,7 @@ static ssize_t syscall_random(void *buf,
|
||||
* - Linux since 3.17 with glibc 2.25
|
||||
* - FreeBSD since 12.0 (1200061)
|
||||
*/
|
||||
+# if 0
|
||||
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
|
||||
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
|
||||
|
||||
@@ -322,10 +325,10 @@ static ssize_t syscall_random(void *buf,
|
||||
if (p_getentropy.p != NULL)
|
||||
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
||||
# endif
|
||||
-
|
||||
+# endif
|
||||
/* Linux supports this since version 3.17 */
|
||||
-# if defined(__linux) && defined(__NR_getrandom)
|
||||
- return syscall(__NR_getrandom, buf, buflen, 0);
|
||||
+# if defined(__linux) && defined(SYS_getrandom)
|
||||
+ return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
|
||||
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
||||
return sysctl_random(buf, buflen);
|
||||
# else
|
||||
@@ -475,8 +478,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
size_t bytes_needed;
|
||||
size_t entropy_available = 0;
|
||||
unsigned char *buffer;
|
||||
-
|
||||
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
|
||||
+ int in_post;
|
||||
+
|
||||
+ for (in_post = fips_in_post(); in_post >= 0; --in_post) {
|
||||
{
|
||||
ssize_t bytes;
|
||||
/* Maximum allowed number of consecutive unsuccessful attempts */
|
||||
@@ -485,7 +490,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
- bytes = syscall_random(buffer, bytes_needed);
|
||||
+ bytes = syscall_random(buffer, bytes_needed, in_post);
|
||||
if (bytes > 0) {
|
||||
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||
bytes_needed -= bytes;
|
||||
@@ -540,8 +545,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
int attempts = 3;
|
||||
const int fd = get_random_device(i);
|
||||
|
||||
- if (fd == -1)
|
||||
+ if (fd == -1) {
|
||||
+ OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]);
|
||||
continue;
|
||||
+ }
|
||||
|
||||
while (bytes_needed != 0 && attempts-- > 0) {
|
||||
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
@@ -601,7 +608,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||
}
|
||||
}
|
||||
# endif
|
||||
-
|
||||
+# ifdef OPENSSL_RAND_SEED_GETRANDOM
|
||||
+ }
|
||||
+# endif
|
||||
return rand_pool_entropy_available(pool);
|
||||
# endif
|
||||
}
|
11852
SOURCES/openssl-1.1.1-fips.patch
Normal file
11852
SOURCES/openssl-1.1.1-fips.patch
Normal file
File diff suppressed because it is too large
Load Diff
14
SOURCES/openssl-1.1.1-ignore-bound.patch
Normal file
14
SOURCES/openssl-1.1.1-ignore-bound.patch
Normal file
@ -0,0 +1,14 @@
|
||||
Do not return failure when setting version bound on fixed protocol
|
||||
version method.
|
||||
diff -up openssl-1.1.1-pre8/ssl/statem/statem_lib.c.ignore-bound openssl-1.1.1-pre8/ssl/statem/statem_lib.c
|
||||
--- openssl-1.1.1-pre8/ssl/statem/statem_lib.c.ignore-bound 2018-06-20 16:48:13.000000000 +0200
|
||||
+++ openssl-1.1.1-pre8/ssl/statem/statem_lib.c 2018-08-13 11:07:52.826304045 +0200
|
||||
@@ -1595,7 +1595,7 @@ int ssl_set_version_bound(int method_ver
|
||||
* methods are not subject to controls that disable individual protocol
|
||||
* versions.
|
||||
*/
|
||||
- return 0;
|
||||
+ return 1;
|
||||
|
||||
case TLS_ANY_VERSION:
|
||||
if (version < SSL3_VERSION || version > TLS_MAX_VERSION)
|
19
SOURCES/openssl-1.1.1-man-rename.patch
Normal file
19
SOURCES/openssl-1.1.1-man-rename.patch
Normal file
@ -0,0 +1,19 @@
|
||||
diff -up openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename openssl-1.1.1-pre9/doc/man1/openssl.pod
|
||||
--- openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename 2018-08-21 14:14:13.000000000 +0200
|
||||
+++ openssl-1.1.1-pre9/doc/man1/openssl.pod 2018-08-22 12:13:04.092568064 +0200
|
||||
@@ -482,13 +482,13 @@ L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>
|
||||
L<ec(1)>, L<ecparam(1)>,
|
||||
L<enc(1)>, L<engine(1)>, L<errstr(1)>, L<gendsa(1)>, L<genpkey(1)>,
|
||||
L<genrsa(1)>, L<nseq(1)>, L<ocsp(1)>,
|
||||
-L<passwd(1)>,
|
||||
L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>,
|
||||
L<pkey(1)>, L<pkeyparam(1)>, L<pkeyutl(1)>, L<prime(1)>,
|
||||
-L<rand(1)>, L<rehash(1)>, L<req(1)>, L<rsa(1)>,
|
||||
+L<rehash(1)>, L<req(1)>, L<rsa(1)>,
|
||||
L<rsautl(1)>, L<s_client(1)>,
|
||||
L<s_server(1)>, L<s_time(1)>, L<sess_id(1)>,
|
||||
L<smime(1)>, L<speed(1)>, L<spkac(1)>, L<srp(1)>, L<storeutl(1)>,
|
||||
+L<sslpasswd(1)>, L<sslrand(1)>,
|
||||
L<ts(1)>,
|
||||
L<verify(1)>, L<version(1)>, L<x509(1)>,
|
||||
L<crypto(7)>, L<ssl(7)>, L<x509v3_config(5)>
|
116
SOURCES/openssl-1.1.1-no-brainpool.patch
Normal file
116
SOURCES/openssl-1.1.1-no-brainpool.patch
Normal file
@ -0,0 +1,116 @@
|
||||
diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in
|
||||
--- openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in.no-brainpool 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.in 2019-05-07 11:52:35.885597934 +0200
|
||||
@@ -141,22 +141,23 @@ our @tests = (
|
||||
{
|
||||
name => "ECDSA with brainpool",
|
||||
server => {
|
||||
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
|
||||
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
|
||||
- "Groups" => "brainpoolP256r1",
|
||||
+# "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
|
||||
+# "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
|
||||
+# "Groups" => "brainpoolP256r1",
|
||||
+ "CipherString" => "aNULL",
|
||||
},
|
||||
client => {
|
||||
#We don't restrict this to TLSv1.2, although use of brainpool
|
||||
#should force this anyway so that this should succeed
|
||||
"CipherString" => "aECDSA",
|
||||
"RequestCAFile" => test_pem("root-cert.pem"),
|
||||
- "Groups" => "brainpoolP256r1",
|
||||
+# "Groups" => "brainpoolP256r1",
|
||||
},
|
||||
test => {
|
||||
- "ExpectedServerCertType" =>, "brainpoolP256r1",
|
||||
- "ExpectedServerSignType" =>, "EC",
|
||||
+# "ExpectedServerCertType" =>, "brainpoolP256r1",
|
||||
+# "ExpectedServerSignType" =>, "EC",
|
||||
# Note: certificate_authorities not sent for TLS < 1.3
|
||||
- "ExpectedServerCANames" =>, "empty",
|
||||
+# "ExpectedServerCANames" =>, "empty",
|
||||
"ExpectedResult" => "Success"
|
||||
},
|
||||
},
|
||||
@@ -787,18 +788,19 @@ my @tests_tls_1_3 = (
|
||||
{
|
||||
name => "TLS 1.3 ECDSA with brainpool",
|
||||
server => {
|
||||
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
|
||||
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
|
||||
- "Groups" => "brainpoolP256r1",
|
||||
+# "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
|
||||
+# "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
|
||||
+# "Groups" => "brainpoolP256r1",
|
||||
+ "CipherString" => "aNULL",
|
||||
},
|
||||
client => {
|
||||
"RequestCAFile" => test_pem("root-cert.pem"),
|
||||
- "Groups" => "brainpoolP256r1",
|
||||
+# "Groups" => "brainpoolP256r1",
|
||||
"MinProtocol" => "TLSv1.3",
|
||||
"MaxProtocol" => "TLSv1.3"
|
||||
},
|
||||
test => {
|
||||
- "ExpectedResult" => "ServerFail"
|
||||
+ "ExpectedResult" => "Success"
|
||||
},
|
||||
},
|
||||
);
|
||||
diff -up openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1b/test/ssl-tests/20-cert-select.conf
|
||||
--- openssl-1.1.1b/test/ssl-tests/20-cert-select.conf.no-brainpool 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/test/ssl-tests/20-cert-select.conf 2019-05-07 12:15:12.762907496 +0200
|
||||
@@ -233,23 +233,18 @@ server = 5-ECDSA with brainpool-server
|
||||
client = 5-ECDSA with brainpool-client
|
||||
|
||||
[5-ECDSA with brainpool-server]
|
||||
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
|
||||
-CipherString = DEFAULT
|
||||
-Groups = brainpoolP256r1
|
||||
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
|
||||
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
+CipherString = aNULL
|
||||
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[5-ECDSA with brainpool-client]
|
||||
CipherString = aECDSA
|
||||
-Groups = brainpoolP256r1
|
||||
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
|
||||
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-5]
|
||||
ExpectedResult = Success
|
||||
-ExpectedServerCANames = empty
|
||||
-ExpectedServerCertType = brainpoolP256r1
|
||||
-ExpectedServerSignType = EC
|
||||
|
||||
|
||||
# ===========================================================
|
||||
@@ -1577,14 +1572,12 @@ server = 47-TLS 1.3 ECDSA with brainpool
|
||||
client = 47-TLS 1.3 ECDSA with brainpool-client
|
||||
|
||||
[47-TLS 1.3 ECDSA with brainpool-server]
|
||||
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
|
||||
-CipherString = DEFAULT
|
||||
-Groups = brainpoolP256r1
|
||||
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
|
||||
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
|
||||
+CipherString = aNULL
|
||||
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
|
||||
|
||||
[47-TLS 1.3 ECDSA with brainpool-client]
|
||||
CipherString = DEFAULT
|
||||
-Groups = brainpoolP256r1
|
||||
MaxProtocol = TLSv1.3
|
||||
MinProtocol = TLSv1.3
|
||||
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
|
||||
@@ -1592,7 +1585,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
|
||||
VerifyMode = Peer
|
||||
|
||||
[test-47]
|
||||
-ExpectedResult = ServerFail
|
||||
+ExpectedResult = Success
|
||||
|
||||
|
||||
# ===========================================================
|
26
SOURCES/openssl-1.1.1-no-weak-verify.patch
Normal file
26
SOURCES/openssl-1.1.1-no-weak-verify.patch
Normal file
@ -0,0 +1,26 @@
|
||||
diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c
|
||||
--- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/asn1/a_verify.c 2019-02-28 11:25:31.531862873 +0100
|
||||
@@ -7,6 +7,9 @@
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
+/* for secure_getenv */
|
||||
+#define _GNU_SOURCE
|
||||
+
|
||||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
#include <sys/types.h>
|
||||
@@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
|
||||
if (ret != 2)
|
||||
goto err;
|
||||
ret = -1;
|
||||
+ } else if ((mdnid == NID_md5
|
||||
+ && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
|
||||
+ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
|
||||
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
|
||||
+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
|
||||
+ goto err;
|
||||
} else {
|
||||
const EVP_MD *type = EVP_get_digestbynid(mdnid);
|
||||
|
16
SOURCES/openssl-1.1.1-regression-fixes.patch
Normal file
16
SOURCES/openssl-1.1.1-regression-fixes.patch
Normal file
@ -0,0 +1,16 @@
|
||||
diff -up openssl-1.1.1b/crypto/conf/conf_lib.c.regression openssl-1.1.1b/crypto/conf/conf_lib.c
|
||||
--- openssl-1.1.1b/crypto/conf/conf_lib.c.regression 2019-02-26 15:15:30.000000000 +0100
|
||||
+++ openssl-1.1.1b/crypto/conf/conf_lib.c 2019-05-10 14:28:57.718049429 +0200
|
||||
@@ -356,8 +356,10 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(
|
||||
{
|
||||
OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret));
|
||||
|
||||
- if (ret != NULL)
|
||||
- memset(ret, 0, sizeof(*ret));
|
||||
+ if (ret == NULL)
|
||||
+ return NULL;
|
||||
+
|
||||
+ memset(ret, 0, sizeof(*ret));
|
||||
ret->flags = DEFAULT_CONF_MFLAGS;
|
||||
|
||||
return ret;
|
5509
SOURCES/openssl-1.1.1-s390x-update.patch
Normal file
5509
SOURCES/openssl-1.1.1-s390x-update.patch
Normal file
File diff suppressed because it is too large
Load Diff
65
SOURCES/openssl-1.1.1-seclevel.patch
Normal file
65
SOURCES/openssl-1.1.1-seclevel.patch
Normal file
@ -0,0 +1,65 @@
|
||||
diff -up openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1/crypto/x509/x509_vfy.c
|
||||
--- openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel 2018-09-11 14:48:22.000000000 +0200
|
||||
+++ openssl-1.1.1/crypto/x509/x509_vfy.c 2018-10-01 14:34:43.083145020 +0200
|
||||
@@ -3220,6 +3220,7 @@ static int build_chain(X509_STORE_CTX *c
|
||||
}
|
||||
|
||||
static const int minbits_table[] = { 80, 112, 128, 192, 256 };
|
||||
+static const int minbits_digest_table[] = { 80, 80, 128, 192, 256 };
|
||||
static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table);
|
||||
|
||||
/*
|
||||
@@ -3264,6 +3265,8 @@ static int check_sig_level(X509_STORE_CT
|
||||
|
||||
if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
|
||||
return 0;
|
||||
-
|
||||
- return secbits >= minbits_table[level - 1];
|
||||
+ /* Allow SHA1 in SECLEVEL 2 in non-FIPS mode */
|
||||
+ if (FIPS_mode())
|
||||
+ return secbits >= minbits_table[level - 1];
|
||||
+ return secbits >= minbits_digest_table[level - 1];
|
||||
}
|
||||
diff -up openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod
|
||||
--- openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel 2018-09-11 14:48:22.000000000 +0200
|
||||
+++ openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod 2018-10-01 14:34:43.083145020 +0200
|
||||
@@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited
|
||||
|
||||
=item B<Level 2>
|
||||
|
||||
-Security level set to 112 bits of security. As a result RSA, DSA and DH keys
|
||||
-shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited.
|
||||
+Security level set to 112 bits of security with the exception of SHA1 allowed
|
||||
+for signatures.
|
||||
+As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys
|
||||
+shorter than 224 bits are prohibited.
|
||||
In addition to the level 1 exclusions any cipher suite using RC4 is also
|
||||
prohibited. SSL version 3 is also not allowed. Compression is disabled.
|
||||
|
||||
diff -up openssl-1.1.1/ssl/ssl_cert.c.seclevel openssl-1.1.1/ssl/ssl_cert.c
|
||||
--- openssl-1.1.1/ssl/ssl_cert.c.seclevel 2018-09-11 14:48:23.000000000 +0200
|
||||
+++ openssl-1.1.1/ssl/ssl_cert.c 2018-10-12 15:29:12.673799305 +0200
|
||||
@@ -983,6 +983,9 @@ static int ssl_security_default_callback
|
||||
return 0;
|
||||
break;
|
||||
default:
|
||||
+ /* allow SHA1 in SECLEVEL 2 in non FIPS mode */
|
||||
+ if (nid == NID_sha1 && minbits == 112 && !FIPS_mode())
|
||||
+ break;
|
||||
if (bits < minbits)
|
||||
return 0;
|
||||
}
|
||||
diff -up openssl-1.1.1/test/recipes/25-test_verify.t.seclevel openssl-1.1.1/test/recipes/25-test_verify.t
|
||||
--- openssl-1.1.1/test/recipes/25-test_verify.t.seclevel 2018-09-11 14:48:24.000000000 +0200
|
||||
+++ openssl-1.1.1/test/recipes/25-test_verify.t 2018-10-01 14:34:43.084145044 +0200
|
||||
@@ -342,8 +342,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver
|
||||
ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
|
||||
"CA with PSS signature using SHA256");
|
||||
|
||||
-ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
|
||||
- "Reject PSS signature using SHA1 and auth level 2");
|
||||
+ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"),
|
||||
+ "Reject PSS signature using SHA1 and auth level 3");
|
||||
|
||||
ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
|
||||
"PSS signature using SHA256 and auth level 2");
|
5612
SOURCES/openssl-1.1.1-ssh-kdf.patch
Normal file
5612
SOURCES/openssl-1.1.1-ssh-kdf.patch
Normal file
File diff suppressed because it is too large
Load Diff
72
SOURCES/openssl-1.1.1-sslv3-keep-abi.patch
Normal file
72
SOURCES/openssl-1.1.1-sslv3-keep-abi.patch
Normal file
@ -0,0 +1,72 @@
|
||||
diff -up openssl-1.1.1/include/openssl/ssl.h.sslv3-abi openssl-1.1.1/include/openssl/ssl.h
|
||||
--- openssl-1.1.1/include/openssl/ssl.h.sslv3-abi 2018-10-01 14:15:47.926252469 +0200
|
||||
+++ openssl-1.1.1/include/openssl/ssl.h 2018-10-01 14:13:23.221851065 +0200
|
||||
@@ -1838,11 +1838,11 @@ __owur const char *SSL_get_version(const
|
||||
/* This sets the 'default' SSL version that SSL_new() will create */
|
||||
__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
|
||||
|
||||
-# ifndef OPENSSL_NO_SSL3_METHOD
|
||||
+/* # ifndef OPENSSL_NO_SSL3_METHOD */
|
||||
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */
|
||||
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void))
|
||||
DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void))
|
||||
-# endif
|
||||
+/* # endif */
|
||||
|
||||
#define SSLv23_method TLS_method
|
||||
#define SSLv23_server_method TLS_server_method
|
||||
diff -up openssl-1.1.1/ssl/methods.c.sslv3-abi openssl-1.1.1/ssl/methods.c
|
||||
--- openssl-1.1.1/ssl/methods.c.sslv3-abi 2018-09-11 14:48:23.000000000 +0200
|
||||
+++ openssl-1.1.1/ssl/methods.c 2018-10-01 13:24:46.357116737 +0200
|
||||
@@ -275,4 +275,21 @@ const SSL_METHOD *DTLSv1_client_method(v
|
||||
}
|
||||
# endif
|
||||
|
||||
+# ifdef OPENSSL_NO_SSL3_METHOD
|
||||
+const SSL_METHOD *SSLv3_method(void)
|
||||
+{
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
+const SSL_METHOD *SSLv3_server_method(void)
|
||||
+{
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
+const SSL_METHOD *SSLv3_client_method(void)
|
||||
+{
|
||||
+ return NULL;
|
||||
+}
|
||||
+# endif
|
||||
+
|
||||
#endif
|
||||
diff -up openssl-1.1.1/util/libssl.num.sslv3-abi openssl-1.1.1/util/libssl.num
|
||||
--- openssl-1.1.1/util/libssl.num.sslv3-abi 2018-09-11 14:48:25.000000000 +0200
|
||||
+++ openssl-1.1.1/util/libssl.num 2018-10-01 13:24:46.358116760 +0200
|
||||
@@ -60,7 +60,7 @@ SSL_get_rfd
|
||||
DTLSv1_listen 61 1_1_0 EXIST::FUNCTION:SOCK
|
||||
SSL_set_ssl_method 62 1_1_0 EXIST::FUNCTION:
|
||||
SSL_get0_security_ex_data 63 1_1_0 EXIST::FUNCTION:
|
||||
-SSLv3_client_method 64 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
|
||||
+SSLv3_client_method 64 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
|
||||
SSL_set_security_level 65 1_1_0 EXIST::FUNCTION:
|
||||
DTLSv1_2_method 66 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD
|
||||
SSL_get_fd 67 1_1_0 EXIST::FUNCTION:
|
||||
@@ -205,7 +205,7 @@ SSL_do_handshake
|
||||
SSL_CTX_get_ex_data 206 1_1_0 EXIST::FUNCTION:
|
||||
SSL_is_init_finished 207 1_1_0 EXIST::FUNCTION:
|
||||
SSL_CTX_set_default_verify_file 208 1_1_0 EXIST::FUNCTION:
|
||||
-SSLv3_method 209 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
|
||||
+SSLv3_method 209 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
|
||||
SSL_CTX_set_cookie_generate_cb 210 1_1_0 EXIST::FUNCTION:
|
||||
SSL_certs_clear 211 1_1_0 EXIST::FUNCTION:
|
||||
SSL_set_connect_state 212 1_1_0 EXIST::FUNCTION:
|
||||
@@ -324,7 +324,7 @@ SSL_CTX_use_RSAPrivateKey_ASN1
|
||||
SSL_CTX_use_PrivateKey_ASN1 325 1_1_0 EXIST::FUNCTION:
|
||||
SSL_CTX_get0_privatekey 326 1_1_0 EXIST::FUNCTION:
|
||||
BIO_f_ssl 327 1_1_0 EXIST::FUNCTION:
|
||||
-SSLv3_server_method 328 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
|
||||
+SSLv3_server_method 328 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
|
||||
SSL_SESSION_free 329 1_1_0 EXIST::FUNCTION:
|
||||
SSL_get_shutdown 330 1_1_0 EXIST::FUNCTION:
|
||||
SSL_get_peer_finished 331 1_1_0 EXIST::FUNCTION:
|
310
SOURCES/openssl-1.1.1-system-cipherlist.patch
Normal file
310
SOURCES/openssl-1.1.1-system-cipherlist.patch
Normal file
@ -0,0 +1,310 @@
|
||||
diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.1c/Configurations/unix-Makefile.tmpl
|
||||
--- openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist 2019-05-29 15:42:27.951329271 +0200
|
||||
+++ openssl-1.1.1c/Configurations/unix-Makefile.tmpl 2019-05-29 15:42:27.974328867 +0200
|
||||
@@ -180,6 +180,10 @@ MANDIR=$(INSTALLTOP)/share/man
|
||||
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
|
||||
HTMLDIR=$(DOCDIR)/html
|
||||
|
||||
+{- output_off() if $config{system_ciphers_file} eq ""; "" -}
|
||||
+SYSTEM_CIPHERS_FILE_DEFINE=-DSYSTEM_CIPHERS_FILE="\"{- $config{system_ciphers_file} -}\""
|
||||
+{- output_on() if $config{system_ciphers_file} eq ""; "" -}
|
||||
+
|
||||
# MANSUFFIX is for the benefit of anyone who may want to have a suffix
|
||||
# appended after the manpage file section number. "ssl" is popular,
|
||||
# resulting in files such as config.5ssl rather than config.5.
|
||||
@@ -203,6 +207,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
|
||||
CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
|
||||
CPPFLAGS={- our $cppflags1 = join(" ",
|
||||
(map { "-D".$_} @{$config{CPPDEFINES}}),
|
||||
+ "\$(SYSTEM_CIPHERS_FILE_DEFINE)",
|
||||
(map { "-I".$_} @{$config{CPPINCLUDES}}),
|
||||
@{$config{CPPFLAGS}}) -}
|
||||
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
|
||||
diff -up openssl-1.1.1c/Configure.system-cipherlist openssl-1.1.1c/Configure
|
||||
--- openssl-1.1.1c/Configure.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/Configure 2019-05-29 15:45:10.465469533 +0200
|
||||
@@ -24,7 +24,7 @@ use OpenSSL::Glob;
|
||||
my $orig_death_handler = $SIG{__DIE__};
|
||||
$SIG{__DIE__} = \&death_handler;
|
||||
|
||||
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||
|
||||
# Options:
|
||||
#
|
||||
@@ -41,6 +41,9 @@ my $usage="Usage: Configure [no-<cipher>
|
||||
# This becomes the value of OPENSSLDIR in Makefile and in C.
|
||||
# (Default: PREFIX/ssl)
|
||||
#
|
||||
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
|
||||
+# cipher is specified (default).
|
||||
+#
|
||||
# --cross-compile-prefix Add specified prefix to binutils components.
|
||||
#
|
||||
# --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for
|
||||
@@ -295,6 +298,7 @@ $config{prefix}="";
|
||||
$config{openssldir}="";
|
||||
$config{processor}="";
|
||||
$config{libdir}="";
|
||||
+$config{system_ciphers_file}="";
|
||||
my $auto_threads=1; # enable threads automatically? true by default
|
||||
my $default_ranlib;
|
||||
|
||||
@@ -824,6 +828,10 @@ while (@argvcopy)
|
||||
push @seed_sources, $x;
|
||||
}
|
||||
}
|
||||
+ elsif (/^--system-ciphers-file=(.*)$/)
|
||||
+ {
|
||||
+ $config{system_ciphers_file}=$1;
|
||||
+ }
|
||||
elsif (/^--cross-compile-prefix=(.*)$/)
|
||||
{
|
||||
$user{CROSS_COMPILE}=$1;
|
||||
@@ -1016,6 +1024,8 @@ if ($target eq "HASH") {
|
||||
exit 0;
|
||||
}
|
||||
|
||||
+chop $config{system_ciphers_file} if $config{system_ciphers_file} =~ /\/$/;
|
||||
+
|
||||
print "Configuring OpenSSL version $config{version} ($config{version_num}) ";
|
||||
print "for $target\n";
|
||||
|
||||
diff -up openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1c/doc/man1/ciphers.pod
|
||||
--- openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/doc/man1/ciphers.pod 2019-05-29 15:42:27.975328849 +0200
|
||||
@@ -182,6 +182,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
|
||||
|
||||
The cipher suites not enabled by B<ALL>, currently B<eNULL>.
|
||||
|
||||
+=item B<PROFILE=SYSTEM>
|
||||
+
|
||||
+The list of enabled cipher suites will be loaded from the system crypto policy
|
||||
+configuration file B</etc/crypto-policies/back-ends/openssl.config>.
|
||||
+See also L<update-crypto-policies(8)>.
|
||||
+This is the default behavior unless an application explicitly sets a cipher
|
||||
+list. If used in a cipher list configuration value this string must be at the
|
||||
+beginning of the cipher list, otherwise it will not be recognized.
|
||||
+
|
||||
=item B<HIGH>
|
||||
|
||||
"High" encryption cipher suites. This currently means those with key lengths
|
||||
diff -up openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist openssl-1.1.1c/include/openssl/ssl.h
|
||||
--- openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/include/openssl/ssl.h 2019-05-29 15:42:27.975328849 +0200
|
||||
@@ -186,6 +186,11 @@ extern "C" {
|
||||
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
|
||||
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
|
||||
*/
|
||||
+# ifdef SYSTEM_CIPHERS_FILE
|
||||
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
|
||||
+# else
|
||||
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST
|
||||
+# endif
|
||||
|
||||
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
|
||||
# define SSL_SENT_SHUTDOWN 1
|
||||
diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ciph.c
|
||||
--- openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/ssl/ssl_ciph.c 2019-05-29 15:42:27.976328831 +0200
|
||||
@@ -9,6 +9,8 @@
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
+/* for secure_getenv */
|
||||
+#define _GNU_SOURCE
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
#include <openssl/objects.h>
|
||||
@@ -1399,6 +1401,53 @@ int SSL_set_ciphersuites(SSL *s, const c
|
||||
return ret;
|
||||
}
|
||||
|
||||
+#ifdef SYSTEM_CIPHERS_FILE
|
||||
+static char *load_system_str(const char *suffix)
|
||||
+{
|
||||
+ FILE *fp;
|
||||
+ char buf[1024];
|
||||
+ char *new_rules;
|
||||
+ const char *ciphers_path;
|
||||
+ unsigned len, slen;
|
||||
+
|
||||
+ if ((ciphers_path = secure_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
|
||||
+ ciphers_path = SYSTEM_CIPHERS_FILE;
|
||||
+ fp = fopen(ciphers_path, "r");
|
||||
+ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) {
|
||||
+ /* cannot open or file is empty */
|
||||
+ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST);
|
||||
+ }
|
||||
+
|
||||
+ if (fp)
|
||||
+ fclose(fp);
|
||||
+
|
||||
+ slen = strlen(suffix);
|
||||
+ len = strlen(buf);
|
||||
+
|
||||
+ if (buf[len - 1] == '\n') {
|
||||
+ len--;
|
||||
+ buf[len] = 0;
|
||||
+ }
|
||||
+ if (buf[len - 1] == '\r') {
|
||||
+ len--;
|
||||
+ buf[len] = 0;
|
||||
+ }
|
||||
+
|
||||
+ new_rules = OPENSSL_malloc(len + slen + 1);
|
||||
+ if (new_rules == 0)
|
||||
+ return NULL;
|
||||
+
|
||||
+ memcpy(new_rules, buf, len);
|
||||
+ if (slen > 0) {
|
||||
+ memcpy(&new_rules[len], suffix, slen);
|
||||
+ len += slen;
|
||||
+ }
|
||||
+ new_rules[len] = 0;
|
||||
+
|
||||
+ return new_rules;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
|
||||
STACK_OF(SSL_CIPHER) **cipher_list,
|
||||
@@ -1412,15 +1461,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
const char *rule_p;
|
||||
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
|
||||
const SSL_CIPHER **ca_list = NULL;
|
||||
+#ifdef SYSTEM_CIPHERS_FILE
|
||||
+ char *new_rules = NULL;
|
||||
+
|
||||
+ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) {
|
||||
+ char *p = rule_str + 14;
|
||||
+
|
||||
+ new_rules = load_system_str(p);
|
||||
+ rule_str = new_rules;
|
||||
+ }
|
||||
+#endif
|
||||
|
||||
/*
|
||||
* Return with error if nothing to do.
|
||||
*/
|
||||
if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
|
||||
- return NULL;
|
||||
+ goto err;
|
||||
#ifndef OPENSSL_NO_EC
|
||||
if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
|
||||
- return NULL;
|
||||
+ goto err;
|
||||
#endif
|
||||
|
||||
/*
|
||||
@@ -1443,7 +1502,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
|
||||
if (co_list == NULL) {
|
||||
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
|
||||
- return NULL; /* Failure */
|
||||
+ goto err;
|
||||
}
|
||||
|
||||
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
|
||||
@@ -1509,8 +1568,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
* in force within each class
|
||||
*/
|
||||
if (!ssl_cipher_strength_sort(&head, &tail)) {
|
||||
- OPENSSL_free(co_list);
|
||||
- return NULL;
|
||||
+ goto err;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1555,9 +1613,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
|
||||
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
|
||||
if (ca_list == NULL) {
|
||||
- OPENSSL_free(co_list);
|
||||
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
|
||||
- return NULL; /* Failure */
|
||||
+ goto err;
|
||||
}
|
||||
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
|
||||
disabled_mkey, disabled_auth, disabled_enc,
|
||||
@@ -1583,8 +1640,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
OPENSSL_free(ca_list); /* Not needed anymore */
|
||||
|
||||
if (!ok) { /* Rule processing failure */
|
||||
- OPENSSL_free(co_list);
|
||||
- return NULL;
|
||||
+ goto err;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1592,14 +1648,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
* if we cannot get one.
|
||||
*/
|
||||
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
|
||||
- OPENSSL_free(co_list);
|
||||
- return NULL;
|
||||
+ goto err;
|
||||
}
|
||||
|
||||
+#ifdef SYSTEM_CIPHERS_FILE
|
||||
+ OPENSSL_free(new_rules); /* Not needed anymore */
|
||||
+#endif
|
||||
+
|
||||
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
|
||||
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
|
||||
if (!sk_SSL_CIPHER_push(cipherstack,
|
||||
sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
|
||||
+ OPENSSL_free(co_list);
|
||||
sk_SSL_CIPHER_free(cipherstack);
|
||||
return NULL;
|
||||
}
|
||||
@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||
*cipher_list = cipherstack;
|
||||
|
||||
return cipherstack;
|
||||
+
|
||||
+err:
|
||||
+ OPENSSL_free(co_list);
|
||||
+#ifdef SYSTEM_CIPHERS_FILE
|
||||
+ OPENSSL_free(new_rules);
|
||||
+#endif
|
||||
+ return NULL;
|
||||
+
|
||||
}
|
||||
|
||||
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||
diff -up openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1c/ssl/ssl_lib.c
|
||||
--- openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist 2019-05-29 15:42:27.970328937 +0200
|
||||
+++ openssl-1.1.1c/ssl/ssl_lib.c 2019-05-29 15:42:27.977328814 +0200
|
||||
@@ -662,7 +662,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
|
||||
ctx->tls13_ciphersuites,
|
||||
&(ctx->cipher_list),
|
||||
&(ctx->cipher_list_by_id),
|
||||
- SSL_DEFAULT_CIPHER_LIST, ctx->cert);
|
||||
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert);
|
||||
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
|
||||
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
|
||||
return 0;
|
||||
@@ -2954,7 +2954,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
|
||||
if (!ssl_create_cipher_list(ret->method,
|
||||
ret->tls13_ciphersuites,
|
||||
&ret->cipher_list, &ret->cipher_list_by_id,
|
||||
- SSL_DEFAULT_CIPHER_LIST, ret->cert)
|
||||
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert)
|
||||
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
|
||||
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
|
||||
goto err2;
|
||||
diff -up openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist openssl-1.1.1c/test/cipherlist_test.c
|
||||
--- openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/test/cipherlist_test.c 2019-05-29 15:42:27.977328814 +0200
|
||||
@@ -251,7 +251,9 @@ end:
|
||||
|
||||
int setup_tests(void)
|
||||
{
|
||||
+#ifndef SYSTEM_CIPHERS_FILE
|
||||
ADD_TEST(test_default_cipherlist_implicit);
|
||||
+#endif
|
||||
ADD_TEST(test_default_cipherlist_explicit);
|
||||
ADD_TEST(test_default_cipherlist_clear);
|
||||
return 1;
|
50
SOURCES/openssl-1.1.1-ts-sha256-default.patch
Normal file
50
SOURCES/openssl-1.1.1-ts-sha256-default.patch
Normal file
@ -0,0 +1,50 @@
|
||||
diff --git a/apps/ts.c b/apps/ts.c
|
||||
index 63c5210183..4ef8a72eef 100644
|
||||
--- a/apps/ts.c
|
||||
+++ b/apps/ts.c
|
||||
@@ -425,7 +425,7 @@ static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
|
||||
ASN1_OBJECT *policy_obj = NULL;
|
||||
ASN1_INTEGER *nonce_asn1 = NULL;
|
||||
|
||||
- if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
|
||||
+ if (md == NULL && (md = EVP_get_digestbyname("sha256")) == NULL)
|
||||
goto err;
|
||||
if ((ts_req = TS_REQ_new()) == NULL)
|
||||
goto err;
|
||||
diff --git a/doc/man1/ts.pod b/doc/man1/ts.pod
|
||||
index 078905a845..83b8fe4350 100644
|
||||
--- a/doc/man1/ts.pod
|
||||
+++ b/doc/man1/ts.pod
|
||||
@@ -517,7 +517,7 @@ included. Default is no. (Optional)
|
||||
=item B<ess_cert_id_alg>
|
||||
|
||||
This option specifies the hash function to be used to calculate the TSA's
|
||||
-public key certificate identifier. Default is sha1. (Optional)
|
||||
+public key certificate identifier. Default is sha256. (Optional)
|
||||
|
||||
=back
|
||||
|
||||
@@ -529,7 +529,7 @@ openssl/apps/openssl.cnf will do.
|
||||
|
||||
=head2 Time Stamp Request
|
||||
|
||||
-To create a time stamp request for design1.txt with SHA-1
|
||||
+To create a time stamp request for design1.txt with SHA-256
|
||||
without nonce and policy and no certificate is required in the response:
|
||||
|
||||
openssl ts -query -data design1.txt -no_nonce \
|
||||
@@ -545,12 +545,12 @@ To print the content of the previous request in human readable format:
|
||||
|
||||
openssl ts -query -in design1.tsq -text
|
||||
|
||||
-To create a time stamp request which includes the MD-5 digest
|
||||
+To create a time stamp request which includes the SHA-512 digest
|
||||
of design2.txt, requests the signer certificate and nonce,
|
||||
specifies a policy id (assuming the tsa_policy1 name is defined in the
|
||||
OID section of the config file):
|
||||
|
||||
- openssl ts -query -data design2.txt -md5 \
|
||||
+ openssl ts -query -data design2.txt -sha512 \
|
||||
-tspolicy tsa_policy1 -cert -out design2.tsq
|
||||
|
||||
=head2 Time Stamp Response
|
534
SOURCES/openssl-1.1.1-upstream-sync.patch
Normal file
534
SOURCES/openssl-1.1.1-upstream-sync.patch
Normal file
@ -0,0 +1,534 @@
|
||||
diff -up openssl-1.1.1c/crypto/dsa/dsa_ameth.c.sync openssl-1.1.1c/crypto/dsa/dsa_ameth.c
|
||||
--- openssl-1.1.1c/crypto/dsa/dsa_ameth.c.sync 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/dsa/dsa_ameth.c 2019-05-29 17:10:39.768187283 +0200
|
||||
@@ -503,7 +503,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey,
|
||||
|
||||
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
|
||||
*(int *)arg2 = NID_sha256;
|
||||
- return 2;
|
||||
+ return 1;
|
||||
|
||||
default:
|
||||
return -2;
|
||||
diff -up openssl-1.1.1c/crypto/err/err.c.sync openssl-1.1.1c/crypto/err/err.c
|
||||
--- openssl-1.1.1c/crypto/err/err.c.sync 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/crypto/err/err.c 2019-05-29 17:07:13.345793792 +0200
|
||||
@@ -184,8 +184,8 @@ static ERR_STRING_DATA *int_err_get_item
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ERR
|
||||
-/* A measurement on Linux 2018-11-21 showed about 3.5kib */
|
||||
-# define SPACE_SYS_STR_REASONS 4 * 1024
|
||||
+/* 2019-05-21: Russian and Ukrainian locales on Linux require more than 6,5 kB */
|
||||
+# define SPACE_SYS_STR_REASONS 8 * 1024
|
||||
# define NUM_SYS_STR_REASONS 127
|
||||
|
||||
static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
|
||||
@@ -219,21 +219,23 @@ static void build_SYS_str_reasons(void)
|
||||
ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
|
||||
|
||||
str->error = ERR_PACK(ERR_LIB_SYS, 0, i);
|
||||
- if (str->string == NULL) {
|
||||
+ /*
|
||||
+ * If we have used up all the space in strerror_pool,
|
||||
+ * there's no point in calling openssl_strerror_r()
|
||||
+ */
|
||||
+ if (str->string == NULL && cnt < sizeof(strerror_pool)) {
|
||||
if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) {
|
||||
size_t l = strlen(cur);
|
||||
|
||||
str->string = cur;
|
||||
cnt += l;
|
||||
- if (cnt > sizeof(strerror_pool))
|
||||
- cnt = sizeof(strerror_pool);
|
||||
cur += l;
|
||||
|
||||
/*
|
||||
* VMS has an unusual quirk of adding spaces at the end of
|
||||
- * some (most? all?) messages. Lets trim them off.
|
||||
+ * some (most? all?) messages. Lets trim them off.
|
||||
*/
|
||||
- while (ossl_isspace(cur[-1])) {
|
||||
+ while (cur > strerror_pool && ossl_isspace(cur[-1])) {
|
||||
cur--;
|
||||
cnt--;
|
||||
}
|
||||
diff -up openssl-1.1.1c/crypto/rand/rand_lib.c.sync openssl-1.1.1c/crypto/rand/rand_lib.c
|
||||
--- openssl-1.1.1c/crypto/rand/rand_lib.c.sync 2019-05-29 17:20:17.175099183 +0200
|
||||
+++ openssl-1.1.1c/crypto/rand/rand_lib.c 2019-05-30 11:51:20.784850208 +0200
|
||||
@@ -239,8 +239,9 @@ size_t rand_drbg_get_nonce(RAND_DRBG *dr
|
||||
struct {
|
||||
void * instance;
|
||||
int count;
|
||||
- } data = { NULL, 0 };
|
||||
+ } data;
|
||||
|
||||
+ memset(&data, 0, sizeof(data));
|
||||
pool = rand_pool_new(0, min_len, max_len);
|
||||
if (pool == NULL)
|
||||
return 0;
|
||||
From 6c2f347c78a530407b5310497080810094427920 Mon Sep 17 00:00:00 2001
|
||||
From: Matt Caswell <matt@openssl.org>
|
||||
Date: Wed, 17 Apr 2019 11:09:05 +0100
|
||||
Subject: [PATCH 1/2] Defer sending a KeyUpdate until after pending writes are
|
||||
complete
|
||||
|
||||
If we receive a KeyUpdate message (update requested) from the peer while
|
||||
we are in the middle of a write, we should defer sending the responding
|
||||
KeyUpdate message until after the current write is complete. We do this
|
||||
by waiting to send the KeyUpdate until the next time we write and there is
|
||||
no pending write data.
|
||||
|
||||
This does imply a subtle change in behaviour. Firstly the responding
|
||||
KeyUpdate message won't be sent straight away as it is now. Secondly if
|
||||
the peer sends multiple KeyUpdates without us doing any writing then we
|
||||
will only send one response, as opposed to previously where we sent a
|
||||
response for each KeyUpdate received.
|
||||
|
||||
Fixes #8677
|
||||
|
||||
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
|
||||
(Merged from https://github.com/openssl/openssl/pull/8773)
|
||||
|
||||
(cherry picked from commit feb9e31c40c49de6384dd0413685e9b5a15adc99)
|
||||
---
|
||||
ssl/record/rec_layer_s3.c | 7 +++++++
|
||||
ssl/statem/statem_clnt.c | 6 ------
|
||||
ssl/statem/statem_lib.c | 7 ++-----
|
||||
ssl/statem/statem_srvr.c | 6 ------
|
||||
4 files changed, 9 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
|
||||
index b2f97ef905..b65137c332 100644
|
||||
--- a/ssl/record/rec_layer_s3.c
|
||||
+++ b/ssl/record/rec_layer_s3.c
|
||||
@@ -373,6 +373,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
|
||||
|
||||
s->rlayer.wnum = 0;
|
||||
|
||||
+ /*
|
||||
+ * If we are supposed to be sending a KeyUpdate then go into init unless we
|
||||
+ * have writes pending - in which case we should finish doing that first.
|
||||
+ */
|
||||
+ if (wb->left == 0 && s->key_update != SSL_KEY_UPDATE_NONE)
|
||||
+ ossl_statem_set_in_init(s, 1);
|
||||
+
|
||||
/*
|
||||
* When writing early data on the server side we could be "in_init" in
|
||||
* between receiving the EoED and the CF - but we don't want to handle those
|
||||
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
|
||||
index 87800cd835..6410414fb6 100644
|
||||
--- a/ssl/statem/statem_clnt.c
|
||||
+++ b/ssl/statem/statem_clnt.c
|
||||
@@ -473,12 +473,6 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
|
||||
return WRITE_TRAN_CONTINUE;
|
||||
|
||||
case TLS_ST_CR_KEY_UPDATE:
|
||||
- if (s->key_update != SSL_KEY_UPDATE_NONE) {
|
||||
- st->hand_state = TLS_ST_CW_KEY_UPDATE;
|
||||
- return WRITE_TRAN_CONTINUE;
|
||||
- }
|
||||
- /* Fall through */
|
||||
-
|
||||
case TLS_ST_CW_KEY_UPDATE:
|
||||
case TLS_ST_CR_SESSION_TICKET:
|
||||
case TLS_ST_CW_FINISHED:
|
||||
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
|
||||
index c0482b0a90..2960dafa52 100644
|
||||
--- a/ssl/statem/statem_lib.c
|
||||
+++ b/ssl/statem/statem_lib.c
|
||||
@@ -645,12 +645,9 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
|
||||
/*
|
||||
* If we get a request for us to update our sending keys too then, we need
|
||||
* to additionally send a KeyUpdate message. However that message should
|
||||
- * not also request an update (otherwise we get into an infinite loop). We
|
||||
- * ignore a request for us to update our sending keys too if we already
|
||||
- * sent close_notify.
|
||||
+ * not also request an update (otherwise we get into an infinite loop).
|
||||
*/
|
||||
- if (updatetype == SSL_KEY_UPDATE_REQUESTED
|
||||
- && (s->shutdown & SSL_SENT_SHUTDOWN) == 0)
|
||||
+ if (updatetype == SSL_KEY_UPDATE_REQUESTED)
|
||||
s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED;
|
||||
|
||||
if (!tls13_update_key(s, 0)) {
|
||||
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
|
||||
index d454326a99..04a23320fc 100644
|
||||
--- a/ssl/statem/statem_srvr.c
|
||||
+++ b/ssl/statem/statem_srvr.c
|
||||
@@ -502,12 +502,6 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
|
||||
return WRITE_TRAN_CONTINUE;
|
||||
|
||||
case TLS_ST_SR_KEY_UPDATE:
|
||||
- if (s->key_update != SSL_KEY_UPDATE_NONE) {
|
||||
- st->hand_state = TLS_ST_SW_KEY_UPDATE;
|
||||
- return WRITE_TRAN_CONTINUE;
|
||||
- }
|
||||
- /* Fall through */
|
||||
-
|
||||
case TLS_ST_SW_KEY_UPDATE:
|
||||
st->hand_state = TLS_ST_OK;
|
||||
return WRITE_TRAN_CONTINUE;
|
||||
--
|
||||
2.20.1
|
||||
|
||||
From c8feb1039ccc4cd11e6db084df1446bf863bee1e Mon Sep 17 00:00:00 2001
|
||||
From: Matt Caswell <matt@openssl.org>
|
||||
Date: Wed, 17 Apr 2019 10:30:53 +0100
|
||||
Subject: [PATCH 2/2] Write a test for receiving a KeyUpdate (update requested)
|
||||
while writing
|
||||
|
||||
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
|
||||
(Merged from https://github.com/openssl/openssl/pull/8773)
|
||||
|
||||
(cherry picked from commit a77b4dba237d001073d2d1c5d55c674a196c949f)
|
||||
---
|
||||
test/sslapitest.c | 92 +++++++++++++++++++++++++++++++++++++++++++++
|
||||
test/ssltestlib.c | 96 +++++++++++++++++++++++++++++++++++++++++++++++
|
||||
test/ssltestlib.h | 3 ++
|
||||
3 files changed, 191 insertions(+)
|
||||
|
||||
diff --git a/test/sslapitest.c b/test/sslapitest.c
|
||||
index 2261fe4a7a..577342644d 100644
|
||||
--- a/test/sslapitest.c
|
||||
+++ b/test/sslapitest.c
|
||||
@@ -4290,6 +4290,11 @@ static int test_key_update(void)
|
||||
|| !TEST_int_eq(SSL_read(serverssl, buf, sizeof(buf)),
|
||||
strlen(mess)))
|
||||
goto end;
|
||||
+
|
||||
+ if (!TEST_int_eq(SSL_write(serverssl, mess, strlen(mess)), strlen(mess))
|
||||
+ || !TEST_int_eq(SSL_read(clientssl, buf, sizeof(buf)),
|
||||
+ strlen(mess)))
|
||||
+ goto end;
|
||||
}
|
||||
|
||||
testresult = 1;
|
||||
@@ -4302,6 +4307,91 @@ static int test_key_update(void)
|
||||
|
||||
return testresult;
|
||||
}
|
||||
+
|
||||
+/*
|
||||
+ * Test we can handle a KeyUpdate (update requested) message while write data
|
||||
+ * is pending.
|
||||
+ * Test 0: Client sends KeyUpdate while Server is writing
|
||||
+ * Test 1: Server sends KeyUpdate while Client is writing
|
||||
+ */
|
||||
+static int test_key_update_in_write(int tst)
|
||||
+{
|
||||
+ SSL_CTX *cctx = NULL, *sctx = NULL;
|
||||
+ SSL *clientssl = NULL, *serverssl = NULL;
|
||||
+ int testresult = 0;
|
||||
+ char buf[20];
|
||||
+ static char *mess = "A test message";
|
||||
+ BIO *bretry = BIO_new(bio_s_always_retry());
|
||||
+ BIO *tmp = NULL;
|
||||
+ SSL *peerupdate = NULL, *peerwrite = NULL;
|
||||
+
|
||||
+ if (!TEST_ptr(bretry)
|
||||
+ || !TEST_true(create_ssl_ctx_pair(TLS_server_method(),
|
||||
+ TLS_client_method(),
|
||||
+ TLS1_3_VERSION,
|
||||
+ 0,
|
||||
+ &sctx, &cctx, cert, privkey))
|
||||
+ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
|
||||
+ NULL, NULL))
|
||||
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
|
||||
+ SSL_ERROR_NONE)))
|
||||
+ goto end;
|
||||
+
|
||||
+ peerupdate = tst == 0 ? clientssl : serverssl;
|
||||
+ peerwrite = tst == 0 ? serverssl : clientssl;
|
||||
+
|
||||
+ if (!TEST_true(SSL_key_update(peerupdate, SSL_KEY_UPDATE_REQUESTED))
|
||||
+ || !TEST_true(SSL_do_handshake(peerupdate)))
|
||||
+ goto end;
|
||||
+
|
||||
+ /* Swap the writing endpoint's write BIO to force a retry */
|
||||
+ tmp = SSL_get_wbio(peerwrite);
|
||||
+ if (!TEST_ptr(tmp) || !TEST_true(BIO_up_ref(tmp))) {
|
||||
+ tmp = NULL;
|
||||
+ goto end;
|
||||
+ }
|
||||
+ SSL_set0_wbio(peerwrite, bretry);
|
||||
+ bretry = NULL;
|
||||
+
|
||||
+ /* Write data that we know will fail with SSL_ERROR_WANT_WRITE */
|
||||
+ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), -1)
|
||||
+ || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_WRITE))
|
||||
+ goto end;
|
||||
+
|
||||
+ /* Reinstate the original writing endpoint's write BIO */
|
||||
+ SSL_set0_wbio(peerwrite, tmp);
|
||||
+ tmp = NULL;
|
||||
+
|
||||
+ /* Now read some data - we will read the key update */
|
||||
+ if (!TEST_int_eq(SSL_read(peerwrite, buf, sizeof(buf)), -1)
|
||||
+ || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_READ))
|
||||
+ goto end;
|
||||
+
|
||||
+ /*
|
||||
+ * Complete the write we started previously and read it from the other
|
||||
+ * endpoint
|
||||
+ */
|
||||
+ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess))
|
||||
+ || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess)))
|
||||
+ goto end;
|
||||
+
|
||||
+ /* Write more data to ensure we send the KeyUpdate message back */
|
||||
+ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess))
|
||||
+ || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess)))
|
||||
+ goto end;
|
||||
+
|
||||
+ testresult = 1;
|
||||
+
|
||||
+ end:
|
||||
+ SSL_free(serverssl);
|
||||
+ SSL_free(clientssl);
|
||||
+ SSL_CTX_free(sctx);
|
||||
+ SSL_CTX_free(cctx);
|
||||
+ BIO_free(bretry);
|
||||
+ BIO_free(tmp);
|
||||
+
|
||||
+ return testresult;
|
||||
+}
|
||||
#endif /* OPENSSL_NO_TLS1_3 */
|
||||
|
||||
static int test_ssl_clear(int idx)
|
||||
@@ -5982,6 +6072,7 @@ int setup_tests(void)
|
||||
#ifndef OPENSSL_NO_TLS1_3
|
||||
ADD_ALL_TESTS(test_export_key_mat_early, 3);
|
||||
ADD_TEST(test_key_update);
|
||||
+ ADD_ALL_TESTS(test_key_update_in_write, 2);
|
||||
#endif
|
||||
ADD_ALL_TESTS(test_ssl_clear, 2);
|
||||
ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));
|
||||
@@ -6002,4 +6093,5 @@ int setup_tests(void)
|
||||
void cleanup_tests(void)
|
||||
{
|
||||
bio_s_mempacket_test_free();
|
||||
+ bio_s_always_retry_free();
|
||||
}
|
||||
diff --git a/test/ssltestlib.c b/test/ssltestlib.c
|
||||
index 05139be750..e1038620ac 100644
|
||||
--- a/test/ssltestlib.c
|
||||
+++ b/test/ssltestlib.c
|
||||
@@ -62,9 +62,11 @@ static int tls_dump_puts(BIO *bp, const char *str);
|
||||
/* Choose a sufficiently large type likely to be unused for this custom BIO */
|
||||
#define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER)
|
||||
#define BIO_TYPE_MEMPACKET_TEST 0x81
|
||||
+#define BIO_TYPE_ALWAYS_RETRY 0x82
|
||||
|
||||
static BIO_METHOD *method_tls_dump = NULL;
|
||||
static BIO_METHOD *meth_mem = NULL;
|
||||
+static BIO_METHOD *meth_always_retry = NULL;
|
||||
|
||||
/* Note: Not thread safe! */
|
||||
const BIO_METHOD *bio_f_tls_dump_filter(void)
|
||||
@@ -612,6 +614,100 @@ static int mempacket_test_puts(BIO *bio, const char *str)
|
||||
return mempacket_test_write(bio, str, strlen(str));
|
||||
}
|
||||
|
||||
+static int always_retry_new(BIO *bi);
|
||||
+static int always_retry_free(BIO *a);
|
||||
+static int always_retry_read(BIO *b, char *out, int outl);
|
||||
+static int always_retry_write(BIO *b, const char *in, int inl);
|
||||
+static long always_retry_ctrl(BIO *b, int cmd, long num, void *ptr);
|
||||
+static int always_retry_gets(BIO *bp, char *buf, int size);
|
||||
+static int always_retry_puts(BIO *bp, const char *str);
|
||||
+
|
||||
+const BIO_METHOD *bio_s_always_retry(void)
|
||||
+{
|
||||
+ if (meth_always_retry == NULL) {
|
||||
+ if (!TEST_ptr(meth_always_retry = BIO_meth_new(BIO_TYPE_ALWAYS_RETRY,
|
||||
+ "Always Retry"))
|
||||
+ || !TEST_true(BIO_meth_set_write(meth_always_retry,
|
||||
+ always_retry_write))
|
||||
+ || !TEST_true(BIO_meth_set_read(meth_always_retry,
|
||||
+ always_retry_read))
|
||||
+ || !TEST_true(BIO_meth_set_puts(meth_always_retry,
|
||||
+ always_retry_puts))
|
||||
+ || !TEST_true(BIO_meth_set_gets(meth_always_retry,
|
||||
+ always_retry_gets))
|
||||
+ || !TEST_true(BIO_meth_set_ctrl(meth_always_retry,
|
||||
+ always_retry_ctrl))
|
||||
+ || !TEST_true(BIO_meth_set_create(meth_always_retry,
|
||||
+ always_retry_new))
|
||||
+ || !TEST_true(BIO_meth_set_destroy(meth_always_retry,
|
||||
+ always_retry_free)))
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ return meth_always_retry;
|
||||
+}
|
||||
+
|
||||
+void bio_s_always_retry_free(void)
|
||||
+{
|
||||
+ BIO_meth_free(meth_always_retry);
|
||||
+}
|
||||
+
|
||||
+static int always_retry_new(BIO *bio)
|
||||
+{
|
||||
+ BIO_set_init(bio, 1);
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+static int always_retry_free(BIO *bio)
|
||||
+{
|
||||
+ BIO_set_data(bio, NULL);
|
||||
+ BIO_set_init(bio, 0);
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+static int always_retry_read(BIO *bio, char *out, int outl)
|
||||
+{
|
||||
+ BIO_set_retry_read(bio);
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
+static int always_retry_write(BIO *bio, const char *in, int inl)
|
||||
+{
|
||||
+ BIO_set_retry_write(bio);
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
+static long always_retry_ctrl(BIO *bio, int cmd, long num, void *ptr)
|
||||
+{
|
||||
+ long ret = 1;
|
||||
+
|
||||
+ switch (cmd) {
|
||||
+ case BIO_CTRL_FLUSH:
|
||||
+ BIO_set_retry_write(bio);
|
||||
+ /* fall through */
|
||||
+ case BIO_CTRL_EOF:
|
||||
+ case BIO_CTRL_RESET:
|
||||
+ case BIO_CTRL_DUP:
|
||||
+ case BIO_CTRL_PUSH:
|
||||
+ case BIO_CTRL_POP:
|
||||
+ default:
|
||||
+ ret = 0;
|
||||
+ break;
|
||||
+ }
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static int always_retry_gets(BIO *bio, char *buf, int size)
|
||||
+{
|
||||
+ BIO_set_retry_read(bio);
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
+static int always_retry_puts(BIO *bio, const char *str)
|
||||
+{
|
||||
+ BIO_set_retry_write(bio);
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
|
||||
int min_proto_version, int max_proto_version,
|
||||
SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
|
||||
diff --git a/test/ssltestlib.h b/test/ssltestlib.h
|
||||
index fa19e7d80d..56e323f5bc 100644
|
||||
--- a/test/ssltestlib.h
|
||||
+++ b/test/ssltestlib.h
|
||||
@@ -30,6 +30,9 @@ void bio_f_tls_dump_filter_free(void);
|
||||
const BIO_METHOD *bio_s_mempacket_test(void);
|
||||
void bio_s_mempacket_test_free(void);
|
||||
|
||||
+const BIO_METHOD *bio_s_always_retry(void);
|
||||
+void bio_s_always_retry_free(void);
|
||||
+
|
||||
/* Packet types - value 0 is reserved */
|
||||
#define INJECT_PACKET 1
|
||||
#define INJECT_PACKET_IGNORE_REC_SEQ 2
|
||||
--
|
||||
2.20.1
|
||||
|
||||
diff -up openssl-1.1.1c/include/internal/constant_time_locl.h.valgrind openssl-1.1.1c/include/internal/constant_time_locl.h
|
||||
--- openssl-1.1.1c/include/internal/constant_time_locl.h.valgrind 2019-05-28 15:12:21.000000000 +0200
|
||||
+++ openssl-1.1.1c/include/internal/constant_time_locl.h 2019-06-24 15:02:12.796053536 +0200
|
||||
@@ -213,18 +213,66 @@ static ossl_inline unsigned char constan
|
||||
return constant_time_eq_8((unsigned)(a), (unsigned)(b));
|
||||
}
|
||||
|
||||
+/* Returns the value unmodified, but avoids optimizations. */
|
||||
+static ossl_inline unsigned int value_barrier(unsigned int a)
|
||||
+{
|
||||
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
|
||||
+ unsigned int r;
|
||||
+ __asm__("" : "=r"(r) : "0"(a));
|
||||
+#else
|
||||
+ volatile unsigned int r = a;
|
||||
+#endif
|
||||
+ return r;
|
||||
+}
|
||||
+
|
||||
+/* Convenience method for uint32_t. */
|
||||
+static ossl_inline uint32_t value_barrier_32(uint32_t a)
|
||||
+{
|
||||
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
|
||||
+ uint32_t r;
|
||||
+ __asm__("" : "=r"(r) : "0"(a));
|
||||
+#else
|
||||
+ volatile uint32_t r = a;
|
||||
+#endif
|
||||
+ return r;
|
||||
+}
|
||||
+
|
||||
+/* Convenience method for uint64_t. */
|
||||
+static ossl_inline uint64_t value_barrier_64(uint64_t a)
|
||||
+{
|
||||
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
|
||||
+ uint64_t r;
|
||||
+ __asm__("" : "=r"(r) : "0"(a));
|
||||
+#else
|
||||
+ volatile uint64_t r = a;
|
||||
+#endif
|
||||
+ return r;
|
||||
+}
|
||||
+
|
||||
+/* Convenience method for size_t. */
|
||||
+static ossl_inline size_t value_barrier_s(size_t a)
|
||||
+{
|
||||
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
|
||||
+ size_t r;
|
||||
+ __asm__("" : "=r"(r) : "0"(a));
|
||||
+#else
|
||||
+ volatile size_t r = a;
|
||||
+#endif
|
||||
+ return r;
|
||||
+}
|
||||
+
|
||||
static ossl_inline unsigned int constant_time_select(unsigned int mask,
|
||||
unsigned int a,
|
||||
unsigned int b)
|
||||
{
|
||||
- return (mask & a) | (~mask & b);
|
||||
+ return (value_barrier(mask) & a) | (value_barrier(~mask) & b);
|
||||
}
|
||||
|
||||
static ossl_inline size_t constant_time_select_s(size_t mask,
|
||||
size_t a,
|
||||
size_t b)
|
||||
{
|
||||
- return (mask & a) | (~mask & b);
|
||||
+ return (value_barrier_s(mask) & a) | (value_barrier_s(~mask) & b);
|
||||
}
|
||||
|
||||
static ossl_inline unsigned char constant_time_select_8(unsigned char mask,
|
||||
@@ -249,13 +297,13 @@ static ossl_inline int constant_time_sel
|
||||
static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a,
|
||||
uint32_t b)
|
||||
{
|
||||
- return (mask & a) | (~mask & b);
|
||||
+ return (value_barrier_32(mask) & a) | (value_barrier_32(~mask) & b);
|
||||
}
|
||||
|
||||
static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a,
|
||||
uint64_t b)
|
||||
{
|
||||
- return (mask & a) | (~mask & b);
|
||||
+ return (value_barrier_64(mask) & a) | (value_barrier_64(~mask) & b);
|
||||
}
|
||||
|
||||
/*
|
38
SOURCES/openssl-1.1.1-version-add-engines.patch
Normal file
38
SOURCES/openssl-1.1.1-version-add-engines.patch
Normal file
@ -0,0 +1,38 @@
|
||||
diff -up openssl-1.1.1-pre8/apps/version.c.version-add-engines openssl-1.1.1-pre8/apps/version.c
|
||||
--- openssl-1.1.1-pre8/apps/version.c.version-add-engines 2018-06-20 16:48:09.000000000 +0200
|
||||
+++ openssl-1.1.1-pre8/apps/version.c 2018-07-16 18:00:40.608624346 +0200
|
||||
@@ -64,7 +64,7 @@ int version_main(int argc, char **argv)
|
||||
{
|
||||
int ret = 1, dirty = 0, seed = 0;
|
||||
int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
|
||||
- int engdir = 0;
|
||||
+ int engdir = 0, engines = 0;
|
||||
char *prog;
|
||||
OPTION_CHOICE o;
|
||||
|
||||
@@ -106,7 +106,7 @@ opthelp:
|
||||
break;
|
||||
case OPT_A:
|
||||
seed = options = cflags = version = date = platform = dir = engdir
|
||||
- = 1;
|
||||
+ = engines = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -188,6 +188,16 @@ opthelp:
|
||||
#endif
|
||||
printf("\n");
|
||||
}
|
||||
+ if (engines) {
|
||||
+ ENGINE *e;
|
||||
+ printf("engines: ");
|
||||
+ e = ENGINE_get_first();
|
||||
+ while (e) {
|
||||
+ printf("%s ", ENGINE_get_id(e));
|
||||
+ e = ENGINE_get_next(e);
|
||||
+ }
|
||||
+ printf("\n");
|
||||
+ }
|
||||
ret = 0;
|
||||
end:
|
||||
return ret;
|
12
SOURCES/openssl-1.1.1-version-override.patch
Normal file
12
SOURCES/openssl-1.1.1-version-override.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -up openssl-1.1.1c/include/openssl/opensslv.h.version-override openssl-1.1.1c/include/openssl/opensslv.h
|
||||
--- openssl-1.1.1c/include/openssl/opensslv.h.version-override 2019-05-29 15:52:30.014734859 +0200
|
||||
+++ openssl-1.1.1c/include/openssl/opensslv.h 2019-05-29 15:53:23.093800831 +0200
|
||||
@@ -40,7 +40,7 @@ extern "C" {
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x1010103fL
|
||||
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1c 28 May 2019"
|
||||
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1c FIPS 28 May 2019"
|
||||
|
||||
/*-
|
||||
* The macros below are to be used for shared library (.so, .dll, ...)
|
57
SOURCES/openssl-1.1.1-weak-ciphers.patch
Normal file
57
SOURCES/openssl-1.1.1-weak-ciphers.patch
Normal file
@ -0,0 +1,57 @@
|
||||
diff -up openssl-1.1.1/ssl/s3_lib.c.weak-ciphers openssl-1.1.1/ssl/s3_lib.c
|
||||
--- openssl-1.1.1/ssl/s3_lib.c.weak-ciphers 2018-09-11 14:48:23.000000000 +0200
|
||||
+++ openssl-1.1.1/ssl/s3_lib.c 2018-09-17 12:53:33.850637181 +0200
|
||||
@@ -2612,7 +2612,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_GOST89MAC,
|
||||
TLS1_VERSION, TLS1_2_VERSION,
|
||||
0, 0,
|
||||
- SSL_HIGH,
|
||||
+ SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
|
||||
256,
|
||||
256,
|
||||
@@ -2644,7 +2644,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
SSL_GOST89MAC12,
|
||||
TLS1_VERSION, TLS1_2_VERSION,
|
||||
0, 0,
|
||||
- SSL_HIGH,
|
||||
+ SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
|
||||
256,
|
||||
256,
|
||||
@@ -2753,7 +2753,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
},
|
||||
#endif /* OPENSSL_NO_SEED */
|
||||
|
||||
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||
+#if 0 /* No MD5 ciphersuites */
|
||||
{
|
||||
1,
|
||||
SSL3_TXT_RSA_RC4_128_MD5,
|
||||
@@ -2770,6 +2770,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
128,
|
||||
128,
|
||||
},
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||
{
|
||||
1,
|
||||
SSL3_TXT_RSA_RC4_128_SHA,
|
||||
@@ -2786,6 +2788,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
128,
|
||||
128,
|
||||
},
|
||||
+#endif
|
||||
+#if 0
|
||||
{
|
||||
1,
|
||||
SSL3_TXT_ADH_RC4_128_MD5,
|
||||
@@ -2802,6 +2806,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||
128,
|
||||
128,
|
||||
},
|
||||
+#endif
|
||||
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||
{
|
||||
1,
|
||||
TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
|
7
SOURCES/opensslconf-new-warning.h
Normal file
7
SOURCES/opensslconf-new-warning.h
Normal file
@ -0,0 +1,7 @@
|
||||
/* Prepended at openssl package build-time. Don't include this file directly,
|
||||
* use <openssl/opensslconf.h> instead. */
|
||||
|
||||
#ifndef openssl_opensslconf_multilib_redirection_h
|
||||
#error "Don't include this file directly, use <openssl/opensslconf.h> instead!"
|
||||
#endif
|
||||
|
47
SOURCES/opensslconf-new.h
Normal file
47
SOURCES/opensslconf-new.h
Normal file
@ -0,0 +1,47 @@
|
||||
/* This file is here to prevent a file conflict on multiarch systems. A
|
||||
* conflict will frequently occur because arch-specific build-time
|
||||
* configuration options are stored (and used, so they can't just be stripped
|
||||
* out) in opensslconf.h. The original opensslconf.h has been renamed.
|
||||
* DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
|
||||
|
||||
#ifdef openssl_opensslconf_multilib_redirection_h
|
||||
#error "Do not define openssl_opensslconf_multilib_redirection_h!"
|
||||
#endif
|
||||
#define openssl_opensslconf_multilib_redirection_h
|
||||
|
||||
#if defined(__i386__)
|
||||
#include "opensslconf-i386.h"
|
||||
#elif defined(__ia64__)
|
||||
#include "opensslconf-ia64.h"
|
||||
#elif defined(__mips64) && defined(__MIPSEL__)
|
||||
#include "opensslconf-mips64el.h"
|
||||
#elif defined(__mips64)
|
||||
#include "opensslconf-mips64.h"
|
||||
#elif defined(__mips) && defined(__MIPSEL__)
|
||||
#include "opensslconf-mipsel.h"
|
||||
#elif defined(__mips)
|
||||
#include "opensslconf-mips.h"
|
||||
#elif defined(__powerpc64__)
|
||||
#include <endian.h>
|
||||
#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
|
||||
#include "opensslconf-ppc64.h"
|
||||
#else
|
||||
#include "opensslconf-ppc64le.h"
|
||||
#endif
|
||||
#elif defined(__powerpc__)
|
||||
#include "opensslconf-ppc.h"
|
||||
#elif defined(__s390x__)
|
||||
#include "opensslconf-s390x.h"
|
||||
#elif defined(__s390__)
|
||||
#include "opensslconf-s390.h"
|
||||
#elif defined(__sparc__) && defined(__arch64__)
|
||||
#include "opensslconf-sparc64.h"
|
||||
#elif defined(__sparc__)
|
||||
#include "opensslconf-sparc.h"
|
||||
#elif defined(__x86_64__)
|
||||
#include "opensslconf-x86_64.h"
|
||||
#else
|
||||
#error "This openssl-devel package does not work your architecture?"
|
||||
#endif
|
||||
|
||||
#undef openssl_opensslconf_multilib_redirection_h
|
39
SOURCES/renew-dummy-cert
Executable file
39
SOURCES/renew-dummy-cert
Executable file
@ -0,0 +1,39 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ $# -eq 0 ]; then
|
||||
echo $"Usage: `basename $0` filename" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
PEM=$1
|
||||
REQ=`/bin/mktemp /tmp/openssl.XXXXXX`
|
||||
KEY=`/bin/mktemp /tmp/openssl.XXXXXX`
|
||||
CRT=`/bin/mktemp /tmp/openssl.XXXXXX`
|
||||
NEW=${PEM}_
|
||||
|
||||
trap "rm -f $REQ $KEY $CRT $NEW" SIGINT
|
||||
|
||||
if [ ! -f $PEM ]; then
|
||||
echo "$PEM: file not found" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
umask 077
|
||||
|
||||
OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'`
|
||||
|
||||
openssl rsa -inform pem -in $PEM -out $KEY
|
||||
openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ
|
||||
openssl x509 -req -in $REQ -signkey $KEY -days 365 \
|
||||
-extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT
|
||||
|
||||
(cat $KEY ; echo "" ; cat $CRT) > $NEW
|
||||
|
||||
chown $OWNER $NEW
|
||||
|
||||
mv -f $NEW $PEM
|
||||
|
||||
rm -f $REQ $KEY $CRT
|
||||
|
||||
exit 0
|
||||
|
2069
SPECS/openssl.spec
Normal file
2069
SPECS/openssl.spec
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user