forked from rpms/openssl
import openssl-3.0.7-5.el9
This commit is contained in:
parent
6dfb655bae
commit
d889221645
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/openssl-3.0.1-hobbled.tar.xz
|
SOURCES/openssl-3.0.7-hobbled.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
1170b5119f0e591f6a2515d099abd06d0184f77c SOURCES/openssl-3.0.1-hobbled.tar.xz
|
54ab0e36f279f260196ac3274631bee93ab01d81 SOURCES/openssl-3.0.7-hobbled.tar.gz
|
||||||
|
@ -272,9 +272,9 @@ index 404a706fab..e81fa9ec3e 100644
|
|||||||
--- a/util/libcrypto.num
|
--- a/util/libcrypto.num
|
||||||
+++ b/util/libcrypto.num
|
+++ b/util/libcrypto.num
|
||||||
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION:
|
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION:
|
||||||
ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
|
|
||||||
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
|
|
||||||
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
|
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
|
||||||
|
OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
|
||||||
|
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
|
||||||
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
||||||
--
|
--
|
||||||
2.26.2
|
2.26.2
|
||||||
|
@ -12,24 +12,12 @@ default context.
|
|||||||
3 files changed, 39 insertions(+)
|
3 files changed, 39 insertions(+)
|
||||||
create mode 100644 include/openssl/fips.h
|
create mode 100644 include/openssl/fips.h
|
||||||
|
|
||||||
diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in
|
|
||||||
index 1036da9a2b..9d4896fcaf 100644
|
|
||||||
--- a/include/openssl/crypto.h.in
|
|
||||||
+++ b/include/openssl/crypto.h.in
|
|
||||||
@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack_macros);
|
|
||||||
# include <openssl/opensslconf.h>
|
|
||||||
# include <openssl/cryptoerr.h>
|
|
||||||
# include <openssl/core.h>
|
|
||||||
+# include <openssl/fips.h>
|
|
||||||
|
|
||||||
# ifdef CHARSET_EBCDIC
|
|
||||||
# include <openssl/ebcdic.h>
|
|
||||||
diff --git a/include/openssl/fips.h b/include/openssl/fips.h
|
diff --git a/include/openssl/fips.h b/include/openssl/fips.h
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000000..c64f0f8e8f
|
index 0000000000..c64f0f8e8f
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/include/openssl/fips.h
|
+++ b/include/openssl/fips.h
|
||||||
@@ -0,0 +1,25 @@
|
@@ -0,0 +1,26 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
|
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
+ *
|
+ *
|
||||||
@ -43,6 +31,7 @@ index 0000000000..c64f0f8e8f
|
|||||||
+# define OPENSSL_FIPS_H
|
+# define OPENSSL_FIPS_H
|
||||||
+# pragma once
|
+# pragma once
|
||||||
+
|
+
|
||||||
|
+# include <openssl/evp.h>
|
||||||
+# include <openssl/macros.h>
|
+# include <openssl/macros.h>
|
||||||
+
|
+
|
||||||
+# ifdef __cplusplus
|
+# ifdef __cplusplus
|
||||||
@ -58,10 +47,11 @@ index 0000000000..c64f0f8e8f
|
|||||||
diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c
|
diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c
|
||||||
--- openssl-3.0.0-beta1/test/property_test.c.fips-macro 2021-06-29 12:14:58.851557698 +0200
|
--- openssl-3.0.0-beta1/test/property_test.c.fips-macro 2021-06-29 12:14:58.851557698 +0200
|
||||||
+++ openssl-3.0.0-beta1/test/property_test.c 2021-06-29 12:17:14.630143832 +0200
|
+++ openssl-3.0.0-beta1/test/property_test.c 2021-06-29 12:17:14.630143832 +0200
|
||||||
@@ -488,6 +488,18 @@ static int test_property_list_to_string(
|
@@ -488,6 +488,19 @@ static int test_property_list_to_string(
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
+#include <openssl/fips.h>
|
||||||
+static int test_downstream_FIPS_mode(void)
|
+static int test_downstream_FIPS_mode(void)
|
||||||
+{
|
+{
|
||||||
+ int ret = 0;
|
+ int ret = 0;
|
||||||
|
@ -2,8 +2,8 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1
|
|||||||
--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100
|
--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100
|
||||||
+++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100
|
+++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100
|
||||||
@@ -12,11 +12,46 @@
|
@@ -12,11 +12,46 @@
|
||||||
#include "internal/bio.h"
|
|
||||||
#include "internal/provider.h"
|
#include "internal/provider.h"
|
||||||
|
#include "crypto/ctype.h"
|
||||||
|
|
||||||
+# include <sys/types.h>
|
+# include <sys/types.h>
|
||||||
+# include <sys/stat.h>
|
+# include <sys/stat.h>
|
||||||
|
@ -5011,3 +5011,15 @@ diff -up openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remov
|
|||||||
Title=prime256v1 curve tests
|
Title=prime256v1 curve tests
|
||||||
|
|
||||||
PrivateKey=ALICE_cf_prime256v1
|
PrivateKey=ALICE_cf_prime256v1
|
||||||
|
diff -up openssl-3.0.7/test/recipes/15-test_ec.t.skipshort openssl-3.0.7/test/recipes/15-test_ec.t
|
||||||
|
--- openssl-3.0.7/test/recipes/15-test_ec.t.skipshort 2022-11-23 12:40:55.324395782 +0100
|
||||||
|
+++ openssl-3.0.7/test/recipes/15-test_ec.t 2022-11-23 12:42:12.478094387 +0100
|
||||||
|
@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key
|
||||||
|
|
||||||
|
subtest 'Check loading of fips and non-fips keys' => sub {
|
||||||
|
plan skip_all => "FIPS is disabled"
|
||||||
|
- if $no_fips;
|
||||||
|
+ if 1; #Red Hat specific, original value is $no_fips;
|
||||||
|
|
||||||
|
plan tests => 2;
|
||||||
|
|
||||||
|
@ -40,17 +40,17 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te
|
|||||||
static OSSL_PARAM_BLD *bld_tri_nc = NULL;
|
static OSSL_PARAM_BLD *bld_tri_nc = NULL;
|
||||||
@@ -990,9 +990,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
|
@@ -990,9 +990,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
|
||||||
DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
|
DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
|
||||||
IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
|
IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
|
||||||
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
|
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
|
||||||
-DOMAIN_KEYS(ECExplicitPrime2G);
|
-DOMAIN_KEYS(ECExplicitPrime2G);
|
||||||
-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")
|
-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
|
||||||
-IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
|
-IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
|
||||||
+/*DOMAIN_KEYS(ECExplicitPrime2G);*/
|
+/*DOMAIN_KEYS(ECExplicitPrime2G);*/
|
||||||
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")*/
|
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
|
||||||
+/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
|
+/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
|
||||||
# ifndef OPENSSL_NO_EC2M
|
# ifndef OPENSSL_NO_EC2M
|
||||||
DOMAIN_KEYS(ECExplicitTriNamedCurve);
|
DOMAIN_KEYS(ECExplicitTriNamedCurve);
|
||||||
IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
|
IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
|
||||||
@@ -1318,7 +1318,7 @@ int setup_tests(void)
|
@@ -1318,7 +1318,7 @@ int setup_tests(void)
|
||||||
|| !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
|
|| !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
|
||||||
|| !create_ec_explicit_prime_params(bld_prime)
|
|| !create_ec_explicit_prime_params(bld_prime)
|
||||||
|
@ -1,77 +0,0 @@
|
|||||||
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
|
|
||||||
index 78dc69082fab..8a86c9108d0d 100644
|
|
||||||
--- a/providers/implementations/keymgmt/ec_kmgmt.c
|
|
||||||
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
|
|
||||||
@@ -470,9 +470,6 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
|
|
||||||
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
|
|
||||||
&& (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
|
|
||||||
return 0;
|
|
||||||
- if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0
|
|
||||||
- && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
|
|
||||||
- return 0;
|
|
||||||
|
|
||||||
tmpl = OSSL_PARAM_BLD_new();
|
|
||||||
if (tmpl == NULL)
|
|
||||||
diff --git a/test/recipes/15-test_ecparam.t b/test/recipes/15-test_ecparam.t
|
|
||||||
index 766524e8cfa9..80bac6741290 100644
|
|
||||||
--- a/test/recipes/15-test_ecparam.t
|
|
||||||
+++ b/test/recipes/15-test_ecparam.t
|
|
||||||
@@ -13,7 +13,7 @@ use warnings;
|
|
||||||
use File::Spec;
|
|
||||||
use File::Compare qw/compare_text/;
|
|
||||||
use OpenSSL::Glob;
|
|
||||||
-use OpenSSL::Test qw/:DEFAULT data_file/;
|
|
||||||
+use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/;
|
|
||||||
use OpenSSL::Test::Utils;
|
|
||||||
|
|
||||||
setup("test_ecparam");
|
|
||||||
@@ -25,7 +25,7 @@ my @valid = glob(data_file("valid", "*.pem"));
|
|
||||||
my @noncanon = glob(data_file("noncanon", "*.pem"));
|
|
||||||
my @invalid = glob(data_file("invalid", "*.pem"));
|
|
||||||
|
|
||||||
-plan tests => 11;
|
|
||||||
+plan tests => 12;
|
|
||||||
|
|
||||||
sub checkload {
|
|
||||||
my $files = shift; # List of files
|
|
||||||
@@ -59,6 +59,8 @@ sub checkcompare {
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
|
||||||
+
|
|
||||||
subtest "Check loading valid parameters by ecparam with -check" => sub {
|
|
||||||
plan tests => scalar(@valid);
|
|
||||||
checkload(\@valid, 1, "ecparam", "-check");
|
|
||||||
@@ -113,3 +115,31 @@ subtest "Check pkeyparam does not change the parameter file on output" => sub {
|
|
||||||
plan tests => 2 * scalar(@valid);
|
|
||||||
checkcompare(\@valid, "pkeyparam");
|
|
||||||
};
|
|
||||||
+
|
|
||||||
+subtest "Check loading of fips and non-fips params" => sub {
|
|
||||||
+ plan skip_all => "FIPS is disabled"
|
|
||||||
+ if $no_fips;
|
|
||||||
+ plan tests => 3;
|
|
||||||
+
|
|
||||||
+ my $fipsconf = srctop_file("test", "fips-and-base.cnf");
|
|
||||||
+ my $defaultconf = srctop_file("test", "default.cnf");
|
|
||||||
+
|
|
||||||
+ $ENV{OPENSSL_CONF} = $fipsconf;
|
|
||||||
+
|
|
||||||
+ ok(run(app(['openssl', 'ecparam',
|
|
||||||
+ '-in', data_file('valid', 'secp384r1-explicit.pem'),
|
|
||||||
+ '-check'])),
|
|
||||||
+ "Loading explicitly encoded valid curve");
|
|
||||||
+
|
|
||||||
+ ok(run(app(['openssl', 'ecparam',
|
|
||||||
+ '-in', data_file('valid', 'secp384r1-named.pem'),
|
|
||||||
+ '-check'])),
|
|
||||||
+ "Loading named valid curve");
|
|
||||||
+
|
|
||||||
+ ok(!run(app(['openssl', 'ecparam',
|
|
||||||
+ '-in', data_file('valid', 'secp112r1-named.pem'),
|
|
||||||
+ '-check'])),
|
|
||||||
+ "Fail loading named non-fips curve");
|
|
||||||
+
|
|
||||||
+ $ENV{OPENSSL_CONF} = $defaultconf;
|
|
||||||
+};
|
|
@ -1,421 +0,0 @@
|
|||||||
diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
|
|
||||||
index 9dc143c2ac69..4d6f2a76ad20 100644
|
|
||||||
--- a/crypto/ec/ec_err.c
|
|
||||||
+++ b/crypto/ec/ec_err.c
|
|
||||||
@@ -1,6 +1,6 @@
|
|
||||||
/*
|
|
||||||
* Generated by util/mkerr.pl DO NOT EDIT
|
|
||||||
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
|
||||||
@@ -35,6 +35,8 @@ static const ERR_STRING_DATA EC_str_reasons[] = {
|
|
||||||
"discriminant is zero"},
|
|
||||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
|
|
||||||
"ec group new by name failure"},
|
|
||||||
+ {ERR_PACK(ERR_LIB_EC, 0, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED),
|
|
||||||
+ "explicit params not supported"},
|
|
||||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_FAILED_MAKING_PUBLIC_KEY),
|
|
||||||
"failed making public key"},
|
|
||||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"},
|
|
||||||
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
|
|
||||||
index 2aeab7e3b6b5..f686e45f899d 100644
|
|
||||||
--- a/crypto/ec/ec_lib.c
|
|
||||||
+++ b/crypto/ec/ec_lib.c
|
|
||||||
@@ -1387,6 +1387,7 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
/*
|
|
||||||
* Check if the explicit parameters group matches any built-in curves.
|
|
||||||
*
|
|
||||||
@@ -1424,7 +1425,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
|
|
||||||
* parameters with one created from a named group.
|
|
||||||
*/
|
|
||||||
|
|
||||||
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
|
||||||
+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
|
||||||
/*
|
|
||||||
* NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for
|
|
||||||
* the same curve, we prefer the SECP nid when matching explicit
|
|
||||||
@@ -1432,7 +1433,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
|
|
||||||
*/
|
|
||||||
if (curve_name_nid == NID_wap_wsg_idm_ecid_wtls12)
|
|
||||||
curve_name_nid = NID_secp224r1;
|
|
||||||
-#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
|
|
||||||
+# endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
|
|
||||||
|
|
||||||
ret_group = EC_GROUP_new_by_curve_name_ex(libctx, propq, curve_name_nid);
|
|
||||||
if (ret_group == NULL)
|
|
||||||
@@ -1467,6 +1468,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
|
|
||||||
EC_GROUP_free(ret_group);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
+#endif /* FIPS_MODULE */
|
|
||||||
|
|
||||||
static EC_GROUP *group_new_from_name(const OSSL_PARAM *p,
|
|
||||||
OSSL_LIB_CTX *libctx, const char *propq)
|
|
||||||
@@ -1536,9 +1538,13 @@ int ossl_ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[])
|
|
||||||
EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
||||||
OSSL_LIB_CTX *libctx, const char *propq)
|
|
||||||
{
|
|
||||||
- const OSSL_PARAM *ptmp, *pa, *pb;
|
|
||||||
+ const OSSL_PARAM *ptmp;
|
|
||||||
+ EC_GROUP *group = NULL;
|
|
||||||
+
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
+ const OSSL_PARAM *pa, *pb;
|
|
||||||
int ok = 0;
|
|
||||||
- EC_GROUP *group = NULL, *named_group = NULL;
|
|
||||||
+ EC_GROUP *named_group = NULL;
|
|
||||||
BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL, *cofactor = NULL;
|
|
||||||
EC_POINT *point = NULL;
|
|
||||||
int field_bits = 0;
|
|
||||||
@@ -1546,6 +1552,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
||||||
BN_CTX *bnctx = NULL;
|
|
||||||
const unsigned char *buf = NULL;
|
|
||||||
int encoding_flag = -1;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
/* This is the simple named group case */
|
|
||||||
ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
|
|
||||||
@@ -1559,6 +1566,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
||||||
}
|
|
||||||
return group;
|
|
||||||
}
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ ERR_raise(ERR_LIB_EC, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED);
|
|
||||||
+ return NULL;
|
|
||||||
+#else
|
|
||||||
/* If it gets here then we are trying explicit parameters */
|
|
||||||
bnctx = BN_CTX_new_ex(libctx);
|
|
||||||
if (bnctx == NULL) {
|
|
||||||
@@ -1623,10 +1634,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
||||||
/* create the EC_GROUP structure */
|
|
||||||
group = EC_GROUP_new_curve_GFp(p, a, b, bnctx);
|
|
||||||
} else {
|
|
||||||
-#ifdef OPENSSL_NO_EC2M
|
|
||||||
+# ifdef OPENSSL_NO_EC2M
|
|
||||||
ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED);
|
|
||||||
goto err;
|
|
||||||
-#else
|
|
||||||
+# else
|
|
||||||
/* create the EC_GROUP structure */
|
|
||||||
group = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
|
|
||||||
if (group != NULL) {
|
|
||||||
@@ -1636,7 +1647,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
-#endif /* OPENSSL_NO_EC2M */
|
|
||||||
+# endif /* OPENSSL_NO_EC2M */
|
|
||||||
}
|
|
||||||
|
|
||||||
if (group == NULL) {
|
|
||||||
@@ -1733,4 +1744,5 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
||||||
BN_CTX_free(bnctx);
|
|
||||||
|
|
||||||
return group;
|
|
||||||
+#endif /* FIPS_MODULE */
|
|
||||||
}
|
|
||||||
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
|
|
||||||
index c4a94f955905..41df7127403c 100644
|
|
||||||
--- a/crypto/err/openssl.txt
|
|
||||||
+++ b/crypto/err/openssl.txt
|
|
||||||
@@ -553,6 +553,7 @@ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
|
|
||||||
EC_R_DECODE_ERROR:142:decode error
|
|
||||||
EC_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero
|
|
||||||
EC_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure
|
|
||||||
+EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED:127:explicit params not supported
|
|
||||||
EC_R_FAILED_MAKING_PUBLIC_KEY:166:failed making public key
|
|
||||||
EC_R_FIELD_TOO_LARGE:143:field too large
|
|
||||||
EC_R_GF2M_NOT_SUPPORTED:147:gf2m not supported
|
|
||||||
diff --git a/include/crypto/ecerr.h b/include/crypto/ecerr.h
|
|
||||||
index 07b6c7aa62dd..4658ae8fb2cd 100644
|
|
||||||
--- a/include/crypto/ecerr.h
|
|
||||||
+++ b/include/crypto/ecerr.h
|
|
||||||
@@ -1,6 +1,6 @@
|
|
||||||
/*
|
|
||||||
* Generated by util/mkerr.pl DO NOT EDIT
|
|
||||||
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
+ * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
|
||||||
diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h
|
|
||||||
index 49088d208b2c..46405ac62d91 100644
|
|
||||||
--- a/include/openssl/ecerr.h
|
|
||||||
+++ b/include/openssl/ecerr.h
|
|
||||||
@@ -1,6 +1,6 @@
|
|
||||||
/*
|
|
||||||
* Generated by util/mkerr.pl DO NOT EDIT
|
|
||||||
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
|
||||||
@@ -35,6 +35,7 @@
|
|
||||||
# define EC_R_DECODE_ERROR 142
|
|
||||||
# define EC_R_DISCRIMINANT_IS_ZERO 118
|
|
||||||
# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119
|
|
||||||
+# define EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED 127
|
|
||||||
# define EC_R_FAILED_MAKING_PUBLIC_KEY 166
|
|
||||||
# define EC_R_FIELD_TOO_LARGE 143
|
|
||||||
# define EC_R_GF2M_NOT_SUPPORTED 147
|
|
||||||
diff --git a/test/endecode_test.c b/test/endecode_test.c
|
|
||||||
index 0c33dff0ee2b..3d78bea50ea3 100644
|
|
||||||
--- a/test/endecode_test.c
|
|
||||||
+++ b/test/endecode_test.c
|
|
||||||
@@ -147,6 +147,7 @@ typedef int (checker)(const char *file, const int line,
|
|
||||||
typedef void (dumper)(const char *label, const void *data, size_t data_len);
|
|
||||||
|
|
||||||
#define FLAG_DECODE_WITH_TYPE 0x0001
|
|
||||||
+#define FLAG_FAIL_IF_FIPS 0x0002
|
|
||||||
|
|
||||||
static int test_encode_decode(const char *file, const int line,
|
|
||||||
const char *type, EVP_PKEY *pkey,
|
|
||||||
@@ -170,8 +171,19 @@ static int test_encode_decode(const char *file, const int line,
|
|
||||||
* dumping purposes.
|
|
||||||
*/
|
|
||||||
if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection,
|
|
||||||
- output_type, output_structure, pass, pcipher))
|
|
||||||
- || !TEST_true(check_cb(file, line, type, encoded, encoded_len))
|
|
||||||
+ output_type, output_structure, pass, pcipher)))
|
|
||||||
+ goto end;
|
|
||||||
+
|
|
||||||
+ if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips) {
|
|
||||||
+ if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded,
|
|
||||||
+ encoded_len, output_type, output_structure,
|
|
||||||
+ (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
|
|
||||||
+ selection, pass)))
|
|
||||||
+ ok = 1;
|
|
||||||
+ goto end;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (!TEST_true(check_cb(file, line, type, encoded, encoded_len))
|
|
||||||
|| !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len,
|
|
||||||
output_type, output_structure,
|
|
||||||
(flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
|
|
||||||
@@ -525,7 +537,7 @@ static int check_unprotected_PKCS8_DER(const char *file, const int line,
|
|
||||||
return ok;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
|
|
||||||
+static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips)
|
|
||||||
{
|
|
||||||
return test_encode_decode(__FILE__, __LINE__, type, key,
|
|
||||||
OSSL_KEYMGMT_SELECT_KEYPAIR
|
|
||||||
@@ -533,7 +545,7 @@ static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
|
|
||||||
"DER", "PrivateKeyInfo", NULL, NULL,
|
|
||||||
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
|
||||||
test_mem, check_unprotected_PKCS8_DER,
|
|
||||||
- dump_der, 0);
|
|
||||||
+ dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int check_unprotected_PKCS8_PEM(const char *file, const int line,
|
|
||||||
@@ -547,7 +559,7 @@ static int check_unprotected_PKCS8_PEM(const char *file, const int line,
|
|
||||||
sizeof(expected_pem_header) - 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
|
|
||||||
+static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips)
|
|
||||||
{
|
|
||||||
return test_encode_decode(__FILE__, __LINE__, type, key,
|
|
||||||
OSSL_KEYMGMT_SELECT_KEYPAIR
|
|
||||||
@@ -555,7 +567,7 @@ static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
|
|
||||||
"PEM", "PrivateKeyInfo", NULL, NULL,
|
|
||||||
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
|
||||||
test_text, check_unprotected_PKCS8_PEM,
|
|
||||||
- dump_pem, 0);
|
|
||||||
+ dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_KEYPARAMS
|
|
||||||
@@ -702,7 +714,7 @@ static int check_protected_PKCS8_DER(const char *file, const int line,
|
|
||||||
return ok;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int test_protected_via_DER(const char *type, EVP_PKEY *key)
|
|
||||||
+static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips)
|
|
||||||
{
|
|
||||||
return test_encode_decode(__FILE__, __LINE__, type, key,
|
|
||||||
OSSL_KEYMGMT_SELECT_KEYPAIR
|
|
||||||
@@ -711,7 +723,7 @@ static int test_protected_via_DER(const char *type, EVP_PKEY *key)
|
|
||||||
pass, pass_cipher,
|
|
||||||
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
|
||||||
test_mem, check_protected_PKCS8_DER,
|
|
||||||
- dump_der, 0);
|
|
||||||
+ dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int check_protected_PKCS8_PEM(const char *file, const int line,
|
|
||||||
@@ -725,7 +737,7 @@ static int check_protected_PKCS8_PEM(const char *file, const int line,
|
|
||||||
sizeof(expected_pem_header) - 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
|
|
||||||
+static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips)
|
|
||||||
{
|
|
||||||
return test_encode_decode(__FILE__, __LINE__, type, key,
|
|
||||||
OSSL_KEYMGMT_SELECT_KEYPAIR
|
|
||||||
@@ -734,7 +746,7 @@ static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
|
|
||||||
pass, pass_cipher,
|
|
||||||
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
|
||||||
test_text, check_protected_PKCS8_PEM,
|
|
||||||
- dump_pem, 0);
|
|
||||||
+ dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int check_protected_legacy_PEM(const char *file, const int line,
|
|
||||||
@@ -795,14 +807,15 @@ static int check_public_DER(const char *file, const int line,
|
|
||||||
return ok;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int test_public_via_DER(const char *type, EVP_PKEY *key)
|
|
||||||
+static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips)
|
|
||||||
{
|
|
||||||
return test_encode_decode(__FILE__, __LINE__, type, key,
|
|
||||||
OSSL_KEYMGMT_SELECT_PUBLIC_KEY
|
|
||||||
| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
|
|
||||||
"DER", "SubjectPublicKeyInfo", NULL, NULL,
|
|
||||||
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
|
||||||
- test_mem, check_public_DER, dump_der, 0);
|
|
||||||
+ test_mem, check_public_DER, dump_der,
|
|
||||||
+ fips ? 0 : FLAG_FAIL_IF_FIPS);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int check_public_PEM(const char *file, const int line,
|
|
||||||
@@ -816,14 +829,15 @@ static int check_public_PEM(const char *file, const int line,
|
|
||||||
sizeof(expected_pem_header) - 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int test_public_via_PEM(const char *type, EVP_PKEY *key)
|
|
||||||
+static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips)
|
|
||||||
{
|
|
||||||
return test_encode_decode(__FILE__, __LINE__, type, key,
|
|
||||||
OSSL_KEYMGMT_SELECT_PUBLIC_KEY
|
|
||||||
| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
|
|
||||||
"PEM", "SubjectPublicKeyInfo", NULL, NULL,
|
|
||||||
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
|
||||||
- test_text, check_public_PEM, dump_pem, 0);
|
|
||||||
+ test_text, check_public_PEM, dump_pem,
|
|
||||||
+ fips ? 0 : FLAG_FAIL_IF_FIPS);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int check_public_MSBLOB(const char *file, const int line,
|
|
||||||
@@ -868,30 +882,30 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
|
|
||||||
EVP_PKEY_free(template_##KEYTYPE); \
|
|
||||||
EVP_PKEY_free(key_##KEYTYPE)
|
|
||||||
|
|
||||||
-#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr) \
|
|
||||||
+#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \
|
|
||||||
static int test_unprotected_##KEYTYPE##_via_DER(void) \
|
|
||||||
{ \
|
|
||||||
- return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
|
|
||||||
+ return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
|
|
||||||
} \
|
|
||||||
static int test_unprotected_##KEYTYPE##_via_PEM(void) \
|
|
||||||
{ \
|
|
||||||
- return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
|
|
||||||
+ return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
|
|
||||||
} \
|
|
||||||
static int test_protected_##KEYTYPE##_via_DER(void) \
|
|
||||||
{ \
|
|
||||||
- return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
|
|
||||||
+ return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
|
|
||||||
} \
|
|
||||||
static int test_protected_##KEYTYPE##_via_PEM(void) \
|
|
||||||
{ \
|
|
||||||
- return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
|
|
||||||
+ return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
|
|
||||||
} \
|
|
||||||
static int test_public_##KEYTYPE##_via_DER(void) \
|
|
||||||
{ \
|
|
||||||
- return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE); \
|
|
||||||
+ return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
|
|
||||||
} \
|
|
||||||
static int test_public_##KEYTYPE##_via_PEM(void) \
|
|
||||||
{ \
|
|
||||||
- return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
|
|
||||||
+ return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
|
|
||||||
}
|
|
||||||
|
|
||||||
#define ADD_TEST_SUITE(KEYTYPE) \
|
|
||||||
@@ -965,10 +979,10 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
|
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_DH
|
|
||||||
DOMAIN_KEYS(DH);
|
|
||||||
-IMPLEMENT_TEST_SUITE(DH, "DH")
|
|
||||||
+IMPLEMENT_TEST_SUITE(DH, "DH", 1)
|
|
||||||
IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH")
|
|
||||||
DOMAIN_KEYS(DHX);
|
|
||||||
-IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH")
|
|
||||||
+IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1)
|
|
||||||
IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
|
|
||||||
/*
|
|
||||||
* DH has no support for PEM_write_bio_PrivateKey_traditional(),
|
|
||||||
@@ -977,7 +991,7 @@ IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
|
|
||||||
#endif
|
|
||||||
#ifndef OPENSSL_NO_DSA
|
|
||||||
DOMAIN_KEYS(DSA);
|
|
||||||
-IMPLEMENT_TEST_SUITE(DSA, "DSA")
|
|
||||||
+IMPLEMENT_TEST_SUITE(DSA, "DSA", 1)
|
|
||||||
IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
|
|
||||||
IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
|
|
||||||
IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
|
|
||||||
@@ -988,41 +1002,41 @@ IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
|
|
||||||
#endif
|
|
||||||
#ifndef OPENSSL_NO_EC
|
|
||||||
DOMAIN_KEYS(EC);
|
|
||||||
-IMPLEMENT_TEST_SUITE(EC, "EC")
|
|
||||||
+IMPLEMENT_TEST_SUITE(EC, "EC", 1)
|
|
||||||
IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC")
|
|
||||||
IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
|
|
||||||
DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
|
|
||||||
-IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
|
|
||||||
+IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
|
|
||||||
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
|
|
||||||
/*DOMAIN_KEYS(ECExplicitPrime2G);*/
|
|
||||||
-/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")*/
|
|
||||||
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
|
|
||||||
/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
|
|
||||||
# ifndef OPENSSL_NO_EC2M
|
|
||||||
DOMAIN_KEYS(ECExplicitTriNamedCurve);
|
|
||||||
-IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
|
|
||||||
+IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
|
|
||||||
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
|
|
||||||
DOMAIN_KEYS(ECExplicitTri2G);
|
|
||||||
-IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC")
|
|
||||||
+IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0)
|
|
||||||
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
|
|
||||||
# endif
|
|
||||||
KEYS(ED25519);
|
|
||||||
-IMPLEMENT_TEST_SUITE(ED25519, "ED25519")
|
|
||||||
+IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1)
|
|
||||||
KEYS(ED448);
|
|
||||||
-IMPLEMENT_TEST_SUITE(ED448, "ED448")
|
|
||||||
+IMPLEMENT_TEST_SUITE(ED448, "ED448", 1)
|
|
||||||
KEYS(X25519);
|
|
||||||
-IMPLEMENT_TEST_SUITE(X25519, "X25519")
|
|
||||||
+IMPLEMENT_TEST_SUITE(X25519, "X25519", 1)
|
|
||||||
KEYS(X448);
|
|
||||||
-IMPLEMENT_TEST_SUITE(X448, "X448")
|
|
||||||
+IMPLEMENT_TEST_SUITE(X448, "X448", 1)
|
|
||||||
/*
|
|
||||||
* ED25519, ED448, X25519 and X448 have no support for
|
|
||||||
* PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
|
|
||||||
*/
|
|
||||||
#endif
|
|
||||||
KEYS(RSA);
|
|
||||||
-IMPLEMENT_TEST_SUITE(RSA, "RSA")
|
|
||||||
+IMPLEMENT_TEST_SUITE(RSA, "RSA", 1)
|
|
||||||
IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
|
|
||||||
KEYS(RSA_PSS);
|
|
||||||
-IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS")
|
|
||||||
+IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1)
|
|
||||||
/*
|
|
||||||
* RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
|
|
||||||
* so no legacy tests.
|
|
@ -1,140 +0,0 @@
|
|||||||
diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c
|
|
||||||
index bea01fb38f66..48721369ae8f 100644
|
|
||||||
--- a/crypto/ec/ec_backend.c
|
|
||||||
+++ b/crypto/ec/ec_backend.c
|
|
||||||
@@ -318,6 +318,11 @@ int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (!ossl_param_build_set_int(tmpl, params,
|
|
||||||
+ OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS,
|
|
||||||
+ group->decoded_from_explicit_params))
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
curve_nid = EC_GROUP_get_curve_name(group);
|
|
||||||
|
|
||||||
/*
|
|
||||||
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
|
|
||||||
index 6b0591c6c8c7..b1696d93bd6d 100644
|
|
||||||
--- a/crypto/ec/ec_lib.c
|
|
||||||
+++ b/crypto/ec/ec_lib.c
|
|
||||||
@@ -1556,13 +1556,23 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
||||||
/* This is the simple named group case */
|
|
||||||
ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
|
|
||||||
if (ptmp != NULL) {
|
|
||||||
- group = group_new_from_name(ptmp, libctx, propq);
|
|
||||||
- if (group != NULL) {
|
|
||||||
- if (!ossl_ec_group_set_params(group, params)) {
|
|
||||||
- EC_GROUP_free(group);
|
|
||||||
- group = NULL;
|
|
||||||
- }
|
|
||||||
+ int decoded = 0;
|
|
||||||
+
|
|
||||||
+ if ((group = group_new_from_name(ptmp, libctx, propq)) == NULL)
|
|
||||||
+ return NULL;
|
|
||||||
+ if (!ossl_ec_group_set_params(group, params)) {
|
|
||||||
+ EC_GROUP_free(group);
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ ptmp = OSSL_PARAM_locate_const(params,
|
|
||||||
+ OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS);
|
|
||||||
+ if (ptmp != NULL && !OSSL_PARAM_get_int(ptmp, &decoded)) {
|
|
||||||
+ ERR_raise(ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS);
|
|
||||||
+ EC_GROUP_free(group);
|
|
||||||
+ return NULL;
|
|
||||||
}
|
|
||||||
+ group->decoded_from_explicit_params = decoded > 0;
|
|
||||||
return group;
|
|
||||||
}
|
|
||||||
#ifdef FIPS_MODULE
|
|
||||||
@@ -1733,6 +1743,8 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
|
||||||
EC_GROUP_free(group);
|
|
||||||
group = named_group;
|
|
||||||
}
|
|
||||||
+ /* We've imported the group from explicit parameters, set it so. */
|
|
||||||
+ group->decoded_from_explicit_params = 1;
|
|
||||||
ok = 1;
|
|
||||||
err:
|
|
||||||
if (!ok) {
|
|
||||||
diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod
|
|
||||||
index eed83237c3b2..ee66a074f889 100644
|
|
||||||
--- a/doc/man7/EVP_PKEY-EC.pod
|
|
||||||
+++ b/doc/man7/EVP_PKEY-EC.pod
|
|
||||||
@@ -70,8 +70,8 @@ I<order> multiplied by the I<cofactor> gives the number of points on the curve.
|
|
||||||
|
|
||||||
=item "decoded-from-explicit" (B<OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS>) <integer>
|
|
||||||
|
|
||||||
-Gets a flag indicating wether the key or parameters were decoded from explicit
|
|
||||||
-curve parameters. Set to 1 if so or 0 if a named curve was used.
|
|
||||||
+Sets or gets a flag indicating whether the key or parameters were decoded from
|
|
||||||
+explicit curve parameters. Set to 1 if so or 0 if a named curve was used.
|
|
||||||
|
|
||||||
=item "use-cofactor-flag" (B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH>) <integer>
|
|
||||||
|
|
||||||
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
|
|
||||||
index 9260d4bf3635..7aed057cac89 100644
|
|
||||||
--- a/providers/implementations/keymgmt/ec_kmgmt.c
|
|
||||||
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
|
|
||||||
@@ -525,7 +525,8 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
|
|
||||||
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_GENERATOR, NULL, 0), \
|
|
||||||
OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_ORDER, NULL, 0), \
|
|
||||||
OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_COFACTOR, NULL, 0), \
|
|
||||||
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0)
|
|
||||||
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0), \
|
|
||||||
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, NULL)
|
|
||||||
|
|
||||||
# define EC_IMEXPORTABLE_PUBLIC_KEY \
|
|
||||||
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
|
|
||||||
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
|
|
||||||
index 700bbd849c95..ede14864d5ac 100644
|
|
||||||
--- a/test/recipes/25-test_verify.t
|
|
||||||
+++ b/test/recipes/25-test_verify.t
|
|
||||||
@@ -12,7 +12,7 @@ use warnings;
|
|
||||||
|
|
||||||
use File::Spec::Functions qw/canonpath/;
|
|
||||||
use File::Copy;
|
|
||||||
-use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips with/;
|
|
||||||
+use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir ok_nofips with/;
|
|
||||||
use OpenSSL::Test::Utils;
|
|
||||||
|
|
||||||
setup("test_verify");
|
|
||||||
@@ -29,7 +29,7 @@ sub verify {
|
|
||||||
run(app([@args]));
|
|
||||||
}
|
|
||||||
|
|
||||||
-plan tests => 160;
|
|
||||||
+plan tests => 163;
|
|
||||||
|
|
||||||
# Canonical success
|
|
||||||
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
|
|
||||||
@@ -309,6 +309,29 @@ SKIP: {
|
|
||||||
["ca-cert-ec-named"]),
|
|
||||||
"accept named curve leaf with named curve intermediate");
|
|
||||||
}
|
|
||||||
+# Same as above but with base provider used for decoding
|
|
||||||
+SKIP: {
|
|
||||||
+ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
|
||||||
+ skip "EC is not supported or FIPS is disabled", 3
|
|
||||||
+ if disabled("ec") || $no_fips;
|
|
||||||
+
|
|
||||||
+ my $provconf = srctop_file("test", "fips-and-base.cnf");
|
|
||||||
+ my $provpath = bldtop_dir("providers");
|
|
||||||
+ my @prov = ("-provider-path", $provpath);
|
|
||||||
+ $ENV{OPENSSL_CONF} = $provconf;
|
|
||||||
+
|
|
||||||
+ ok(!verify("ee-cert-ec-explicit", "", ["root-cert"],
|
|
||||||
+ ["ca-cert-ec-named"], @prov),
|
|
||||||
+ "reject explicit curve leaf with named curve intermediate w/fips");
|
|
||||||
+ ok(!verify("ee-cert-ec-named-explicit", "", ["root-cert"],
|
|
||||||
+ ["ca-cert-ec-explicit"], @prov),
|
|
||||||
+ "reject named curve leaf with explicit curve intermediate w/fips");
|
|
||||||
+ ok(verify("ee-cert-ec-named-named", "", ["root-cert"],
|
|
||||||
+ ["ca-cert-ec-named"], @prov),
|
|
||||||
+ "accept named curve leaf with named curve intermediate w/fips");
|
|
||||||
+
|
|
||||||
+ delete $ENV{OPENSSL_CONF};
|
|
||||||
+}
|
|
||||||
|
|
||||||
# Depth tests, note the depth limit bounds the number of CA certificates
|
|
||||||
# between the trust-anchor and the leaf, so, for example, with a root->ca->leaf
|
|
@ -2,9 +2,9 @@ diff -up openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit openssl-3.0.0/test/
|
|||||||
--- openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit 2021-09-22 11:56:49.452507975 +0200
|
--- openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit 2021-09-22 11:56:49.452507975 +0200
|
||||||
+++ openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-09-22 11:57:19.371764742 +0200
|
+++ openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-09-22 11:57:19.371764742 +0200
|
||||||
@@ -40,7 +40,7 @@ unless ($no_fips) {
|
@@ -40,7 +40,7 @@ unless ($no_fips) {
|
||||||
srctop_file("test", "recipes", "90-test_sslapi_data",
|
"recipes",
|
||||||
"passwd.txt"), $tmpfilename, "fips",
|
"90-test_sslapi_data",
|
||||||
srctop_file("test", "fips-and-base.cnf")])),
|
"dhparams.pem")])),
|
||||||
- "running sslapitest");
|
- "running sslapitest");
|
||||||
+ "running sslapitest - FIPS");
|
+ "running sslapitest - FIPS");
|
||||||
}
|
}
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/providers/fips/self_test.c
|
diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/providers/fips/self_test.c
|
||||||
--- openssl-3.0.0/providers/fips/self_test.c.embed-hmac 2021-11-16 13:57:05.127171056 +0100
|
--- openssl-3.0.7/providers/fips/self_test.c.embed-hmac 2023-01-05 10:03:44.864869710 +0100
|
||||||
+++ openssl-3.0.0/providers/fips/self_test.c 2021-11-16 14:07:21.963412455 +0100
|
+++ openssl-3.0.7/providers/fips/self_test.c 2023-01-05 10:15:17.041606472 +0100
|
||||||
@@ -171,11 +171,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void)
|
@@ -172,11 +172,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -29,13 +29,7 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi
|
|||||||
static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
|
static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
|
||||||
unsigned char *expected, size_t expected_len,
|
unsigned char *expected, size_t expected_len,
|
||||||
OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
|
OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
|
||||||
@@ -183,14 +199,26 @@ static int verify_integrity(OSSL_CORE_BI
|
@@ -189,9 +205,20 @@ static int verify_integrity(OSSL_CORE_BI
|
||||||
{
|
|
||||||
int ret = 0, status;
|
|
||||||
unsigned char out[MAX_MD_SIZE];
|
|
||||||
- unsigned char buf[INTEGRITY_BUF_SIZE];
|
|
||||||
+ unsigned char buf[INTEGRITY_BUF_SIZE+HMAC_LEN];
|
|
||||||
size_t bytes_read = 0, out_len = 0;
|
|
||||||
EVP_MAC *mac = NULL;
|
EVP_MAC *mac = NULL;
|
||||||
EVP_MAC_CTX *ctx = NULL;
|
EVP_MAC_CTX *ctx = NULL;
|
||||||
OSSL_PARAM params[2], *p = params;
|
OSSL_PARAM params[2], *p = params;
|
||||||
@ -44,7 +38,6 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi
|
|||||||
+ struct link_map *lm = NULL;
|
+ struct link_map *lm = NULL;
|
||||||
+ unsigned long paddr;
|
+ unsigned long paddr;
|
||||||
+ unsigned long off = 0;
|
+ unsigned long off = 0;
|
||||||
+ int have_rest = 0;
|
|
||||||
|
|
||||||
OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
|
OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
|
||||||
|
|
||||||
@ -57,64 +50,52 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi
|
|||||||
mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
|
mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
|
||||||
if (mac == NULL)
|
if (mac == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
@@ -204,12 +233,53 @@ static int verify_integrity(OSSL_CORE_BI
|
@@ -205,13 +233,42 @@ static int verify_integrity(OSSL_CORE_BI
|
||||||
if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
|
if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
+ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read);
|
- while (1) {
|
||||||
+ if (status != 1 || bytes_read != HMAC_LEN)
|
|
||||||
+ goto err;
|
|
||||||
+ off += HMAC_LEN;
|
|
||||||
+
|
|
||||||
while (1) {
|
|
||||||
- status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read);
|
- status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read);
|
||||||
- if (status != 1)
|
+ while ((off + INTEGRITY_BUF_SIZE) <= paddr) {
|
||||||
+ status = read_ex_cb(bio, buf+HMAC_LEN, INTEGRITY_BUF_SIZE, &bytes_read);
|
+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
|
||||||
+ if (status != 1) {
|
if (status != 1)
|
||||||
+ have_rest = 1;
|
break;
|
||||||
+ break;
|
if (!EVP_MAC_update(ctx, buf, bytes_read))
|
||||||
+ }
|
goto err;
|
||||||
+
|
|
||||||
+ if (bytes_read == INTEGRITY_BUF_SIZE) { /* Full block */
|
|
||||||
+ /* Logic:
|
|
||||||
+ * We have HMAC_LEN (read before) + INTEGRITY_BUF_SIZE (read now) in buffer
|
|
||||||
+ * We calculate HMAC from first INTEGRITY_BUF_SIZE bytes
|
|
||||||
+ * and move last HMAC_LEN bytes to the beginning of the buffer
|
|
||||||
+ *
|
|
||||||
+ * If we have read (a part of) buffer fips_hmac_container
|
|
||||||
+ * we should replace it with zeros.
|
|
||||||
+ * If it is inside our current buffer, we will update now.
|
|
||||||
+ * If it intersects the upper bound, we will clean up on the next step.
|
|
||||||
+ */
|
|
||||||
+ if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read)
|
|
||||||
+ memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN);
|
|
||||||
+ off += bytes_read;
|
+ off += bytes_read;
|
||||||
|
}
|
||||||
+
|
+
|
||||||
|
+ if (off + INTEGRITY_BUF_SIZE > paddr) {
|
||||||
|
+ int delta = paddr - off;
|
||||||
|
+ status = read_ex_cb(bio, buf, delta, &bytes_read);
|
||||||
|
+ if (status != 1)
|
||||||
|
+ goto err;
|
||||||
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
|
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
|
||||||
+ goto err;
|
+ goto err;
|
||||||
+ memcpy (buf, buf+INTEGRITY_BUF_SIZE, HMAC_LEN);
|
+ off += bytes_read;
|
||||||
+ } else { /* Final block */
|
+
|
||||||
+ /* Logic is basically the same as in previous branch
|
+ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read);
|
||||||
+ * but we calculate HMAC from HMAC_LEN (rest of previous step)
|
+ memset(buf, 0, HMAC_LEN);
|
||||||
+ * and bytes_read read on this step
|
+ if (status != 1)
|
||||||
+ * */
|
+ goto err;
|
||||||
+ if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read)
|
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
|
||||||
+ memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN);
|
|
||||||
+ if (!EVP_MAC_update(ctx, buf, bytes_read+HMAC_LEN))
|
|
||||||
+ goto err;
|
+ goto err;
|
||||||
+ off += bytes_read;
|
+ off += bytes_read;
|
||||||
break;
|
|
||||||
- if (!EVP_MAC_update(ctx, buf, bytes_read))
|
|
||||||
+ }
|
+ }
|
||||||
|
+
|
||||||
|
+ while (bytes_read > 0) {
|
||||||
|
+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
|
||||||
|
+ if (status != 1)
|
||||||
|
+ break;
|
||||||
|
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
|
||||||
|
+ goto err;
|
||||||
|
+ off += bytes_read;
|
||||||
+ }
|
+ }
|
||||||
+ if (have_rest) {
|
+
|
||||||
+ if (!EVP_MAC_update(ctx, buf, HMAC_LEN))
|
|
||||||
goto err;
|
|
||||||
+ off += HMAC_LEN;
|
|
||||||
}
|
|
||||||
if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
|
if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
|
||||||
goto err;
|
goto err;
|
||||||
@@ -284,8 +358,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
|
||||||
|
@@ -285,8 +342,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
||||||
CRYPTO_THREAD_unlock(fips_state_lock);
|
CRYPTO_THREAD_unlock(fips_state_lock);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -124,7 +105,7 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi
|
|||||||
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
|
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
@@ -294,8 +367,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
@@ -305,8 +361,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
||||||
if (ev == NULL)
|
if (ev == NULL)
|
||||||
goto end;
|
goto end;
|
||||||
|
|
||||||
@ -136,7 +117,7 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi
|
|||||||
if (module_checksum == NULL) {
|
if (module_checksum == NULL) {
|
||||||
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
|
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
|
||||||
goto end;
|
goto end;
|
||||||
@@ -357,7 +431,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
@@ -356,7 +413,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
||||||
ok = 1;
|
ok = 1;
|
||||||
end:
|
end:
|
||||||
OSSL_SELF_TEST_free(ev);
|
OSSL_SELF_TEST_free(ev);
|
||||||
|
@ -11,16 +11,3 @@ diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c
|
|||||||
if (!EVP_MAC_init(mctx, NULL, 0, NULL)
|
if (!EVP_MAC_init(mctx, NULL, 0, NULL)
|
||||||
|| !EVP_MAC_update(mctx, buf, lengths[testnum])
|
|| !EVP_MAC_update(mctx, buf, lengths[testnum])
|
||||||
|| !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
|
|| !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
|
||||||
@@ -1922,8 +1925,10 @@ int speed_main(int argc, char **argv)
|
|
||||||
if (loopargs[i].mctx == NULL)
|
|
||||||
goto end;
|
|
||||||
|
|
||||||
- if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
|
|
||||||
- goto end;
|
|
||||||
+ if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) {
|
|
||||||
+ EVP_MAC_CTX_free(loopargs[i].mctx);
|
|
||||||
+ loopargs[i].mctx = NULL;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
for (testnum = 0; testnum < size_num; testnum++) {
|
|
||||||
print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],
|
|
||||||
|
@ -717,35 +717,3 @@ diff -up openssl-3.0.1/providers/implementations/signature/rsa_sig.c.fipskeylen
|
|||||||
|
|
||||||
if (!ossl_prov_is_running())
|
if (!ossl_prov_is_running())
|
||||||
return 0;
|
return 0;
|
||||||
diff -up openssl-3.0.1/ssl/t1_lib.c.groupnames openssl-3.0.1/ssl/t1_lib.c
|
|
||||||
--- openssl-3.0.1/ssl/t1_lib.c.groupnames 2022-06-17 09:42:50.866748854 +0200
|
|
||||||
+++ openssl-3.0.1/ssl/t1_lib.c 2022-06-17 09:49:07.715973172 +0200
|
|
||||||
@@ -345,6 +345,7 @@ static int add_provider_groups(const OSS
|
|
||||||
* it.
|
|
||||||
*/
|
|
||||||
ret = 1;
|
|
||||||
+ (void)ERR_set_mark();
|
|
||||||
keymgmt = EVP_KEYMGMT_fetch(ctx->libctx, ginf->algorithm, ctx->propq);
|
|
||||||
if (keymgmt != NULL) {
|
|
||||||
/*
|
|
||||||
@@ -366,6 +367,7 @@ static int add_provider_groups(const OSS
|
|
||||||
}
|
|
||||||
EVP_KEYMGMT_free(keymgmt);
|
|
||||||
}
|
|
||||||
+ (void)ERR_pop_to_mark();
|
|
||||||
err:
|
|
||||||
if (ginf != NULL) {
|
|
||||||
OPENSSL_free(ginf->tlsname);
|
|
||||||
@@ -725,8 +727,11 @@ static int gid_cb(const char *elem, int
|
|
||||||
etmp[len] = 0;
|
|
||||||
|
|
||||||
gid = tls1_group_name2id(garg->ctx, etmp);
|
|
||||||
- if (gid == 0)
|
|
||||||
+ if (gid == 0) {
|
|
||||||
+ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT,
|
|
||||||
+ "group '%s' cannot be set", etmp);
|
|
||||||
return 0;
|
|
||||||
+ }
|
|
||||||
for (i = 0; i < garg->gidcnt; i++)
|
|
||||||
if (garg->gid_arr[i] == gid)
|
|
||||||
return 0;
|
|
||||||
|
@ -1,22 +0,0 @@
|
|||||||
diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
|
|
||||||
index 5c70b2d67840..c5726c638bdd 100644
|
|
||||||
--- a/crypto/ec/ecp_s390x_nistp.c
|
|
||||||
+++ b/crypto/ec/ecp_s390x_nistp.c
|
|
||||||
@@ -116,7 +116,7 @@ static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r,
|
|
||||||
/* Otherwise use default. */
|
|
||||||
if (rc == -1)
|
|
||||||
rc = ossl_ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
|
|
||||||
- OPENSSL_cleanse(param + S390X_OFF_SCALAR(len), len);
|
|
||||||
+ OPENSSL_cleanse(param, sizeof(param));
|
|
||||||
BN_CTX_end(ctx);
|
|
||||||
BN_CTX_free(new_ctx);
|
|
||||||
return rc;
|
|
||||||
@@ -212,7 +212,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst,
|
|
||||||
|
|
||||||
ok = 1;
|
|
||||||
ret:
|
|
||||||
- OPENSSL_cleanse(param + S390X_OFF_K(len), 2 * len);
|
|
||||||
+ OPENSSL_cleanse(param, sizeof(param));
|
|
||||||
if (ok != 1) {
|
|
||||||
ECDSA_SIG_free(sig);
|
|
||||||
sig = NULL;
|
|
@ -1,52 +0,0 @@
|
|||||||
diff -up openssl-3.0.1/apps/s_server.c.handle-records openssl-3.0.1/apps/s_server.c
|
|
||||||
--- openssl-3.0.1/apps/s_server.c.handle-records 2022-02-03 15:26:16.803434943 +0100
|
|
||||||
+++ openssl-3.0.1/apps/s_server.c 2022-02-03 15:34:33.358298697 +0100
|
|
||||||
@@ -2982,7 +2982,9 @@ static int www_body(int s, int stype, in
|
|
||||||
/* Set width for a select call if needed */
|
|
||||||
width = s + 1;
|
|
||||||
|
|
||||||
- buf = app_malloc(bufsize, "server www buffer");
|
|
||||||
+ /* as we use BIO_gets(), and it always null terminates data, we need
|
|
||||||
+ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */
|
|
||||||
+ buf = app_malloc(bufsize + 1, "server www buffer");
|
|
||||||
io = BIO_new(BIO_f_buffer());
|
|
||||||
ssl_bio = BIO_new(BIO_f_ssl());
|
|
||||||
if ((io == NULL) || (ssl_bio == NULL))
|
|
||||||
@@ -3047,7 +3049,7 @@ static int www_body(int s, int stype, in
|
|
||||||
}
|
|
||||||
|
|
||||||
for (;;) {
|
|
||||||
- i = BIO_gets(io, buf, bufsize - 1);
|
|
||||||
+ i = BIO_gets(io, buf, bufsize + 1);
|
|
||||||
if (i < 0) { /* error */
|
|
||||||
if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) {
|
|
||||||
if (!s_quiet)
|
|
||||||
@@ -3112,7 +3114,7 @@ static int www_body(int s, int stype, in
|
|
||||||
* we're expecting to come from the client. If they haven't
|
|
||||||
* sent one there's not much we can do.
|
|
||||||
*/
|
|
||||||
- BIO_gets(io, buf, bufsize - 1);
|
|
||||||
+ BIO_gets(io, buf, bufsize + 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
BIO_puts(io,
|
|
||||||
@@ -3401,7 +3403,9 @@ static int rev_body(int s, int stype, in
|
|
||||||
SSL *con;
|
|
||||||
BIO *io, *ssl_bio, *sbio;
|
|
||||||
|
|
||||||
- buf = app_malloc(bufsize, "server rev buffer");
|
|
||||||
+ /* as we use BIO_gets(), and it always null terminates data, we need
|
|
||||||
+ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */
|
|
||||||
+ buf = app_malloc(bufsize + 1, "server rev buffer");
|
|
||||||
io = BIO_new(BIO_f_buffer());
|
|
||||||
ssl_bio = BIO_new(BIO_f_ssl());
|
|
||||||
if ((io == NULL) || (ssl_bio == NULL))
|
|
||||||
@@ -3476,7 +3480,7 @@ static int rev_body(int s, int stype, in
|
|
||||||
print_ssl_summary(con);
|
|
||||||
|
|
||||||
for (;;) {
|
|
||||||
- i = BIO_gets(io, buf, bufsize - 1);
|
|
||||||
+ i = BIO_gets(io, buf, bufsize + 1);
|
|
||||||
if (i < 0) { /* error */
|
|
||||||
if (!BIO_should_retry(io)) {
|
|
||||||
if (!s_quiet)
|
|
@ -479,8 +479,8 @@ index 10b4e57d79..2d3c363bb0 100644
|
|||||||
--- a/util/libcrypto.num
|
--- a/util/libcrypto.num
|
||||||
+++ b/util/libcrypto.num
|
+++ b/util/libcrypto.num
|
||||||
@@ -5426,3 +5426,5 @@ ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
|
@@ -5426,3 +5426,5 @@ ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
|
||||||
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
|
OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
|
||||||
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
|
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
|
||||||
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
||||||
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
||||||
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
||||||
|
@ -1,188 +0,0 @@
|
|||||||
From 23f1773ddf92979006d0f438523f3c73320c384f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tomas Mraz <tomas@openssl.org>
|
|
||||||
Date: Mon, 28 Feb 2022 18:26:30 +0100
|
|
||||||
Subject: [PATCH] Add documentation of BN_mod_sqrt()
|
|
||||||
|
|
||||||
---
|
|
||||||
doc/man3/BN_add.pod | 15 +++++++++++++--
|
|
||||||
util/missingcrypto.txt | 1 -
|
|
||||||
2 files changed, 13 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod
|
|
||||||
index 62d3ee7205..cf6c49c0e3 100644
|
|
||||||
--- a/doc/man3/BN_add.pod
|
|
||||||
+++ b/doc/man3/BN_add.pod
|
|
||||||
@@ -3,7 +3,7 @@
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
|
|
||||||
-BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd -
|
|
||||||
+BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd -
|
|
||||||
arithmetic operations on BIGNUMs
|
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
|
||||||
@@ -36,6 +36,8 @@ arithmetic operations on BIGNUMs
|
|
||||||
|
|
||||||
int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
|
|
||||||
|
|
||||||
+ BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
|
|
||||||
+
|
|
||||||
int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
|
|
||||||
|
|
||||||
int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
|
|
||||||
@@ -87,6 +89,12 @@ L<BN_mod_mul_reciprocal(3)>.
|
|
||||||
BN_mod_sqr() takes the square of I<a> modulo B<m> and places the
|
|
||||||
result in I<r>.
|
|
||||||
|
|
||||||
+BN_mod_sqrt() returns the modular square root of I<a> such that
|
|
||||||
+C<in^2 = a (mod p)>. The modulus I<p> must be a
|
|
||||||
+prime, otherwise an error or an incorrect "result" will be returned.
|
|
||||||
+The result is stored into I<in> which can be NULL. The result will be
|
|
||||||
+newly allocated in that case.
|
|
||||||
+
|
|
||||||
BN_exp() raises I<a> to the I<p>-th power and places the result in I<r>
|
|
||||||
(C<r=a^p>). This function is faster than repeated applications of
|
|
||||||
BN_mul().
|
|
||||||
@@ -108,7 +116,10 @@ the arguments.
|
|
||||||
|
|
||||||
=head1 RETURN VALUES
|
|
||||||
|
|
||||||
-For all functions, 1 is returned for success, 0 on error. The return
|
|
||||||
+The BN_mod_sqrt() returns the result (possibly incorrect if I<p> is
|
|
||||||
+not a prime), or NULL.
|
|
||||||
+
|
|
||||||
+For all remaining functions, 1 is returned for success, 0 on error. The return
|
|
||||||
value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>).
|
|
||||||
The error codes can be obtained by L<ERR_get_error(3)>.
|
|
||||||
|
|
||||||
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
|
|
||||||
index b61bdeb880..4d2fd7f6b7 100644
|
|
||||||
--- a/util/missingcrypto.txt
|
|
||||||
+++ b/util/missingcrypto.txt
|
|
||||||
@@ -264,7 +264,6 @@ BN_mod_lshift(3)
|
|
||||||
BN_mod_lshift1(3)
|
|
||||||
BN_mod_lshift1_quick(3)
|
|
||||||
BN_mod_lshift_quick(3)
|
|
||||||
-BN_mod_sqrt(3)
|
|
||||||
BN_mod_sub_quick(3)
|
|
||||||
BN_nist_mod_192(3)
|
|
||||||
BN_nist_mod_224(3)
|
|
||||||
|
|
||||||
From 46673310c9a755b2a56f53d115854983d6ada11a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tomas Mraz <tomas@openssl.org>
|
|
||||||
Date: Mon, 28 Feb 2022 18:26:35 +0100
|
|
||||||
Subject: [PATCH] Add a negative testcase for BN_mod_sqrt
|
|
||||||
|
|
||||||
---
|
|
||||||
test/bntest.c | 11 ++++++++++-
|
|
||||||
test/recipes/10-test_bn_data/bnmod.txt | 12 ++++++++++++
|
|
||||||
2 files changed, 22 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/test/bntest.c b/test/bntest.c
|
|
||||||
index efdb3ef963..d49f87373a 100644
|
|
||||||
--- a/test/bntest.c
|
|
||||||
+++ b/test/bntest.c
|
|
||||||
@@ -1732,8 +1732,17 @@ static int file_modsqrt(STANZA *s)
|
|
||||||
|| !TEST_ptr(ret2 = BN_new()))
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
+ if (BN_is_negative(mod_sqrt)) {
|
|
||||||
+ /* A negative testcase */
|
|
||||||
+ if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx)))
|
|
||||||
+ goto err;
|
|
||||||
+
|
|
||||||
+ st = 1;
|
|
||||||
+ goto err;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* There are two possible answers. */
|
|
||||||
- if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx))
|
|
||||||
+ if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx))
|
|
||||||
|| !TEST_true(BN_sub(ret2, p, ret)))
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt
|
|
||||||
index e22d656091..bc8a434ea5 100644
|
|
||||||
--- a/test/recipes/10-test_bn_data/bnmod.txt
|
|
||||||
+++ b/test/recipes/10-test_bn_data/bnmod.txt
|
|
||||||
@@ -2799,3 +2799,15 @@ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
|
|
||||||
ModSqrt = a1d52989f12f204d3d2167d9b1e6c8a6174c0c786a979a5952383b7b8bd186
|
|
||||||
A = 2eee37cf06228a387788188e650bc6d8a2ff402931443f69156a29155eca07dcb45f3aac238d92943c0c25c896098716baa433f25bd696a142f5a69d5d937e81
|
|
||||||
P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
|
|
||||||
+
|
|
||||||
+# Negative testcases for BN_mod_sqrt()
|
|
||||||
+
|
|
||||||
+# This one triggers an infinite loop with unfixed implementation
|
|
||||||
+# It should just fail.
|
|
||||||
+ModSqrt = -1
|
|
||||||
+A = 20a7ee
|
|
||||||
+P = 460201
|
|
||||||
+
|
|
||||||
+ModSqrt = -1
|
|
||||||
+A = 65bebdb00a96fc814ec44b81f98b59fba3c30203928fa5214c51e0a97091645280c947b005847f239758482b9bfc45b066fde340d1fe32fc9c1bf02e1b2d0ed
|
|
||||||
+P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
|
|
||||||
|
|
||||||
From cafcc62d7719dea73f334c9ef763d1e215fcd94d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tomas Mraz <tomas@openssl.org>
|
|
||||||
Date: Mon, 28 Feb 2022 18:26:21 +0100
|
|
||||||
Subject: [PATCH] Fix possible infinite loop in BN_mod_sqrt()
|
|
||||||
|
|
||||||
The calculation in some cases does not finish for non-prime p.
|
|
||||||
|
|
||||||
This fixes CVE-2022-0778.
|
|
||||||
|
|
||||||
Based on patch by David Benjamin <davidben@google.com>.
|
|
||||||
---
|
|
||||||
crypto/bn/bn_sqrt.c | 30 ++++++++++++++++++------------
|
|
||||||
1 file changed, 18 insertions(+), 12 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
|
|
||||||
index b663ae5ec5..c5ea7ab194 100644
|
|
||||||
--- a/crypto/bn/bn_sqrt.c
|
|
||||||
+++ b/crypto/bn/bn_sqrt.c
|
|
||||||
@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
|
|
||||||
/*
|
|
||||||
* Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks
|
|
||||||
* algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number
|
|
||||||
- * Theory", algorithm 1.5.1). 'p' must be prime!
|
|
||||||
+ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or
|
|
||||||
+ * an incorrect "result" will be returned.
|
|
||||||
*/
|
|
||||||
{
|
|
||||||
BIGNUM *ret = in;
|
|
||||||
@@ -303,18 +304,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
|
|
||||||
goto vrfy;
|
|
||||||
}
|
|
||||||
|
|
||||||
- /* find smallest i such that b^(2^i) = 1 */
|
|
||||||
- i = 1;
|
|
||||||
- if (!BN_mod_sqr(t, b, p, ctx))
|
|
||||||
- goto end;
|
|
||||||
- while (!BN_is_one(t)) {
|
|
||||||
- i++;
|
|
||||||
- if (i == e) {
|
|
||||||
- ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE);
|
|
||||||
- goto end;
|
|
||||||
+ /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */
|
|
||||||
+ for (i = 1; i < e; i++) {
|
|
||||||
+ if (i == 1) {
|
|
||||||
+ if (!BN_mod_sqr(t, b, p, ctx))
|
|
||||||
+ goto end;
|
|
||||||
+
|
|
||||||
+ } else {
|
|
||||||
+ if (!BN_mod_mul(t, t, t, p, ctx))
|
|
||||||
+ goto end;
|
|
||||||
}
|
|
||||||
- if (!BN_mod_mul(t, t, t, p, ctx))
|
|
||||||
- goto end;
|
|
||||||
+ if (BN_is_one(t))
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ /* If not found, a is not a square or p is not prime. */
|
|
||||||
+ if (i >= e) {
|
|
||||||
+ ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE);
|
|
||||||
+ goto end;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* t := y^2^(e - i - 1) */
|
|
||||||
|
|
@ -1,53 +0,0 @@
|
|||||||
From 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tomas Mraz <tomas@openssl.org>
|
|
||||||
Date: Wed, 2 Feb 2022 17:47:26 +0100
|
|
||||||
Subject: [PATCH] Replace size check with more meaningful pubkey check
|
|
||||||
|
|
||||||
It does not make sense to check the size because this
|
|
||||||
function can be used in other contexts than in TLS-1.3 and
|
|
||||||
the value might not be padded to the size of p.
|
|
||||||
|
|
||||||
However it makes sense to do the partial pubkey check because
|
|
||||||
there is no valid reason having the pubkey value outside the
|
|
||||||
1 < pubkey < p-1 bounds.
|
|
||||||
|
|
||||||
Fixes #15465
|
|
||||||
|
|
||||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
|
||||||
(Merged from https://github.com/openssl/openssl/pull/17630)
|
|
||||||
---
|
|
||||||
crypto/dh/dh_key.c | 11 ++++-------
|
|
||||||
1 file changed, 4 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
|
|
||||||
index 6b8cd550f2..c78ed618bf 100644
|
|
||||||
--- a/crypto/dh/dh_key.c
|
|
||||||
+++ b/crypto/dh/dh_key.c
|
|
||||||
@@ -375,20 +375,17 @@ int ossl_dh_buf2key(DH *dh, const unsigned char *buf, size_t len)
|
|
||||||
int err_reason = DH_R_BN_ERROR;
|
|
||||||
BIGNUM *pubkey = NULL;
|
|
||||||
const BIGNUM *p;
|
|
||||||
- size_t p_size;
|
|
||||||
+ int ret;
|
|
||||||
|
|
||||||
if ((pubkey = BN_bin2bn(buf, len, NULL)) == NULL)
|
|
||||||
goto err;
|
|
||||||
DH_get0_pqg(dh, &p, NULL, NULL);
|
|
||||||
- if (p == NULL || (p_size = BN_num_bytes(p)) == 0) {
|
|
||||||
+ if (p == NULL || BN_num_bytes(p) == 0) {
|
|
||||||
err_reason = DH_R_NO_PARAMETERS_SET;
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
- /*
|
|
||||||
- * As per Section 4.2.8.1 of RFC 8446 fail if DHE's
|
|
||||||
- * public key is of size not equal to size of p
|
|
||||||
- */
|
|
||||||
- if (BN_is_zero(pubkey) || p_size != len) {
|
|
||||||
+ /* Prevent small subgroup attacks per RFC 8446 Section 4.2.8.1 */
|
|
||||||
+ if (!ossl_dh_check_pub_key_partial(dh, pubkey, &ret)) {
|
|
||||||
err_reason = DH_R_INVALID_PUBKEY;
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.35.1
|
|
||||||
|
|
@ -1,23 +0,0 @@
|
|||||||
diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
|
|
||||||
index e1da724bd2f4..2bee5ef19447 100644
|
|
||||||
--- a/crypto/core_namemap.c
|
|
||||||
+++ b/crypto/core_namemap.c
|
|
||||||
@@ -409,14 +409,16 @@ static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg)
|
|
||||||
{
|
|
||||||
const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type);
|
|
||||||
|
|
||||||
- get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
|
|
||||||
+ if (cipher != NULL)
|
|
||||||
+ get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
|
|
||||||
{
|
|
||||||
const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type);
|
|
||||||
|
|
||||||
- get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
|
|
||||||
+ if (md != NULL)
|
|
||||||
+ get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
|
|
File diff suppressed because it is too large
Load Diff
@ -1,104 +0,0 @@
|
|||||||
From 68f23e3725d9639f5b27d868fee291cabb516677 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Dmitry Belyavskiy <beldmit@gmail.com>
|
|
||||||
Date: Fri, 22 Apr 2022 18:16:56 +0200
|
|
||||||
Subject: [PATCH 1/2] Ensure we initialized the locale before
|
|
||||||
evp_pkey_name2type
|
|
||||||
|
|
||||||
Fixes #18158
|
|
||||||
---
|
|
||||||
crypto/evp/pmeth_lib.c | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
|
|
||||||
index 2b9c6c2351da..92d25de44532 100644
|
|
||||||
--- a/crypto/evp/pmeth_lib.c
|
|
||||||
+++ b/crypto/evp/pmeth_lib.c
|
|
||||||
@@ -27,6 +27,7 @@
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
# include "crypto/asn1.h"
|
|
||||||
#endif
|
|
||||||
+#include "crypto/ctype.h"
|
|
||||||
#include "crypto/evp.h"
|
|
||||||
#include "crypto/dh.h"
|
|
||||||
#include "crypto/ec.h"
|
|
||||||
@@ -199,6 +200,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,
|
|
||||||
}
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
if (keytype != NULL) {
|
|
||||||
+ ossl_init_casecmp();
|
|
||||||
id = evp_pkey_name2type(keytype);
|
|
||||||
if (id == NID_undef)
|
|
||||||
id = -1;
|
|
||||||
|
|
||||||
From 51c7b2d9c30b72aeb7e8eb69799dc039d5b23e58 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Dmitry Belyavskiy <beldmit@gmail.com>
|
|
||||||
Date: Fri, 22 Apr 2022 19:26:08 +0200
|
|
||||||
Subject: [PATCH 2/2] Testing the EVP_PKEY_CTX_new_from_name without
|
|
||||||
preliminary init
|
|
||||||
|
|
||||||
---
|
|
||||||
test/build.info | 6 +++++-
|
|
||||||
test/evp_pkey_ctx_new_from_name.c | 14 ++++++++++++++
|
|
||||||
test/recipes/02-test_localetest.t | 4 +++-
|
|
||||||
3 files changed, 22 insertions(+), 2 deletions(-)
|
|
||||||
create mode 100644 test/evp_pkey_ctx_new_from_name.c
|
|
||||||
|
|
||||||
diff --git a/test/build.info b/test/build.info
|
|
||||||
index 14a84f00a258..ee059973d31a 100644
|
|
||||||
--- a/test/build.info
|
|
||||||
+++ b/test/build.info
|
|
||||||
@@ -37,7 +37,7 @@ IF[{- !$disabled{tests} -}]
|
|
||||||
sanitytest rsa_complex exdatatest bntest \
|
|
||||||
ecstresstest gmdifftest pbelutest \
|
|
||||||
destest mdc2test sha_test \
|
|
||||||
- exptest pbetest localetest \
|
|
||||||
+ exptest pbetest localetest evp_pkey_ctx_new_from_name\
|
|
||||||
evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
|
|
||||||
evp_fetch_prov_test evp_libctx_test ossl_store_test \
|
|
||||||
v3nametest v3ext \
|
|
||||||
@@ -139,6 +139,10 @@ IF[{- !$disabled{tests} -}]
|
|
||||||
INCLUDE[localetest]=../include ../apps/include
|
|
||||||
DEPEND[localetest]=../libcrypto libtestutil.a
|
|
||||||
|
|
||||||
+ SOURCE[evp_pkey_ctx_new_from_name]=evp_pkey_ctx_new_from_name.c
|
|
||||||
+ INCLUDE[evp_pkey_ctx_new_from_name]=../include ../apps/include
|
|
||||||
+ DEPEND[evp_pkey_ctx_new_from_name]=../libcrypto
|
|
||||||
+
|
|
||||||
SOURCE[pbetest]=pbetest.c
|
|
||||||
INCLUDE[pbetest]=../include ../apps/include
|
|
||||||
DEPEND[pbetest]=../libcrypto libtestutil.a
|
|
||||||
diff --git a/test/evp_pkey_ctx_new_from_name.c b/test/evp_pkey_ctx_new_from_name.c
|
|
||||||
new file mode 100644
|
|
||||||
index 000000000000..24063ea05ea5
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/test/evp_pkey_ctx_new_from_name.c
|
|
||||||
@@ -0,0 +1,14 @@
|
|
||||||
+#include <stdio.h>
|
|
||||||
+#include <openssl/ec.h>
|
|
||||||
+#include <openssl/evp.h>
|
|
||||||
+#include <openssl/err.h>
|
|
||||||
+
|
|
||||||
+int main(int argc, char *argv[])
|
|
||||||
+{
|
|
||||||
+ EVP_PKEY_CTX *pctx = NULL;
|
|
||||||
+
|
|
||||||
+ pctx = EVP_PKEY_CTX_new_from_name(NULL, "NO_SUCH_ALGORITHM", NULL);
|
|
||||||
+ EVP_PKEY_CTX_free(pctx);
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
diff --git a/test/recipes/02-test_localetest.t b/test/recipes/02-test_localetest.t
|
|
||||||
index 1bccd57d4c63..77fba7d819ab 100644
|
|
||||||
--- a/test/recipes/02-test_localetest.t
|
|
||||||
+++ b/test/recipes/02-test_localetest.t
|
|
||||||
@@ -15,7 +15,9 @@ setup("locale tests");
|
|
||||||
plan skip_all => "Locale tests not available on Windows or VMS"
|
|
||||||
if $^O =~ /^(VMS|MSWin32)$/;
|
|
||||||
|
|
||||||
-plan tests => 2;
|
|
||||||
+plan tests => 3;
|
|
||||||
+
|
|
||||||
+ok(run(test(["evp_pkey_ctx_new_from_name"])), "running evp_pkey_ctx_new_from_name without explicit context init");
|
|
||||||
|
|
||||||
$ENV{LANG} = "C";
|
|
||||||
ok(run(test(["localetest"])), "running localetest");
|
|
@ -567,554 +567,4 @@ index 8c52b637fc..ff75c5b6ec 100644
|
|||||||
+ }
|
+ }
|
||||||
|
|
||||||
SKIP: {
|
SKIP: {
|
||||||
skip "No IPv4 available on this machine", 1
|
skip "No IPv4 available on this machine", 4
|
||||||
diff --git a/test/smime-certs/smdh.pem b/test/smime-certs/smdh.pem
|
|
||||||
index 7d66a6b421..894461f6da 100644
|
|
||||||
--- a/test/smime-certs/smdh.pem
|
|
||||||
+++ b/test/smime-certs/smdh.pem
|
|
||||||
@@ -14,10 +14,10 @@ ta+9S7L4zNsvbg8RtJyH8i4CHQCY12PTXj6Ipxbqq4d1Q+AoUqnN/H9lAS46teXv
|
|
||||||
BB8CHQCGE6pxpX5lWcH6+TGLDoLo3T5L2/5KTd0tRNdj
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIFljCCBH6gAwIBAgIUYmx57362u3KsYCqtKby2mYi+pLMwDQYJKoZIhvcNAQEL
|
|
||||||
+MIIFljCCBH6gAwIBAgIUMNF4DNf+H6AXGApe99UrJWFcAnwwDQYJKoZIhvcNAQEL
|
|
||||||
BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIxMDExNTEwMDk1MloXDTMwMTEy
|
|
||||||
-NDEwMDk1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MzM0NloXDTMyMDMz
|
|
||||||
+MTE0MzM0NlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIERIICMxMIIDQjCCAjUGByqGSM4+AgEw
|
|
||||||
ggIoAoIBAQCCyx9ZhD6HY5xgusGDrJZJ+FdTe9OxD/p9DQNKqoLyJ10TAUXuycoz
|
|
||||||
VqDAD4v1wsOAPH0TDOX9Ns87PXgTbd6DpSJtF1ZLW+1pklZs2m0cLl4raOe8CZGH
|
|
||||||
@@ -38,10 +38,10 @@ Ixe06fY0eA9sfxx7+4lm2Jhw7XaIfguo8mgrfWjBzkkT2mcAHss/fdKcXNYrg+A+
|
|
||||||
xgApPiyuy7S4YkQSsdV5Ns8UFttBCuojzEuWQ49fMZcv/rIHSHSxpbg2Sdka+d6h
|
|
||||||
wOQHK6NgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYE
|
|
||||||
FLG7SOccVVRWmPw87GRrYH/NCegTMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaI
|
|
||||||
-qSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQA5r5k39ghJIgQKjOXSffhtAaBPT0Um
|
|
||||||
-WtLjijp/iBUAowFpncDRIp+Ng7n/feJHDdnh59H0ZHGljWqZ3rgG3HjjArvG+iUm
|
|
||||||
-6aaS4KdM6OwK60JTUXBQ/InISXzrZof2oZ5BjO6L6yV6cpaYOLlLo3QjU8HE54G9
|
|
||||||
-7UyR48NSvhwPw+vS1Abjib+K1En/ctnlm0CurHgP56LrJxguFZZP6+UjCnEy0wxm
|
|
||||||
-VRr+y4+IgWikdOumMelJ+x9O9R7EPVfwQ9TYBtpo5hZQiGhSJ3Di9LZO5i0h2xjj
|
|
||||||
-AhtR8zmzusFX2Ruh2dXQWeNx/dMEcYRJLU1P+IxUq2g1GUiCgq2Xc7ZY
|
|
||||||
+qSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQB9J2dIIbIAiB8ToXJcyO7HRPhdWC/Y
|
|
||||||
+TE8cqeL+JiWNvIMB9fl2gOx6gj2h+yEr3lCpK/XDoWOs576UScS/vvs6fOjFHfkb
|
|
||||||
+L4i9nHXD2KizXkM2hr9FzTRXd9c3XXLyB9t1z38qcpOMxoxAbnH8hWLQDPjFdArC
|
|
||||||
+KWIqK/Vqxz4ZcIveM9GcVf78FU2DbQF4pwHjO9TsG7AbXiV4PXyJK75W5okAbZmQ
|
|
||||||
+EmMmVXEJdXSOS4prP8DCW/LYJ5UddsVZba2BCHD3c1c2YTA4GsP3ZMoXvQoyj0L2
|
|
||||||
+/xazs/AS373Of6H0s00itRTFABxve1I7kE5dQdc3oZjn6A/DbfjYUmr5
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/smime-certs/smdsa1.pem b/test/smime-certs/smdsa1.pem
|
|
||||||
index b424f6704e..597d98f827 100644
|
|
||||||
--- a/test/smime-certs/smdsa1.pem
|
|
||||||
+++ b/test/smime-certs/smdsa1.pem
|
|
||||||
@@ -14,34 +14,34 @@ Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
|
|
||||||
TQMsxQQjAiEAkolGvb/76X3vm5Ov09ezqyBYt9cdj/FLH7DyMkxO7X0=
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIFkDCCBHigAwIBAgIJANk5lu6mSyBDMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
|
|
||||||
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
|
|
||||||
-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx
|
|
||||||
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
|
|
||||||
-ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8
|
|
||||||
-uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS
|
|
||||||
-7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS
|
|
||||||
-wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1
|
|
||||||
-+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9
|
|
||||||
-Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D
|
|
||||||
-AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb
|
|
||||||
-0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu
|
|
||||||
-g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4
|
|
||||||
-0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv
|
|
||||||
-yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf
|
|
||||||
-7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P
|
|
||||||
-aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAGXSQADbuRIZBjiQ6NikwZl+x
|
|
||||||
-EDEffIE0RWbvwf1tfWxw4ZvanO/djyz5FePO0AIJDBCLUjr9D32nkmIG1Hu3dWgV
|
|
||||||
-86knQsM6uFiMSzY9nkJGZOlH3w4NHLE78pk75xR1sg1MEZr4x/t+a/ea9Y4AXklE
|
|
||||||
-DCcaHtpMGeAx3ZAqSKec+zQOOA73JWP1/gYHGdYyTQpQtwRTsh0Gi5mOOdpoJ0vp
|
|
||||||
-O83xYbFCZ+ZZKX1RWOjJe2OQBRtw739q1nRga1VMLAT/LFSQsSE3IOp8hiWbjnit
|
|
||||||
-1SE6q3II2a/aHZH/x4OzszfmtQfmerty3eQSq3bgajfxCsccnRjSbLeNiazRSKNg
|
|
||||||
-MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFNHQYTOO
|
|
||||||
-xaZ/N68OpxqjHKuatw6sMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs
|
|
||||||
-MA0GCSqGSIb3DQEBBQUAA4IBAQAAiLociMMXcLkO/uKjAjCIQMrsghrOrxn4ZGBx
|
|
||||||
-d/mCTeqPxhcrX2UorwxVCKI2+Dmz5dTC2xKprtvkiIadJamJmxYYzeF1pgRriFN3
|
|
||||||
-MkmMMkTbe/ekSvSeMtHQ2nHDCAJIaA/k9akWfA0+26Ec25/JKMrl3LttllsJMK1z
|
|
||||||
-Xj7TcQpAIWORKWSNxY/ezM34+9ABHDZB2waubFqS+irlZsn38aZRuUI0K67fuuIt
|
|
||||||
-17vMUBqQpe2hfNAjpZ8dIpEdAGjQ6izV2uwP1lXbiaK9U4dvUqmwyCIPniX7Hpaf
|
|
||||||
-0VnX0mEViXMT6vWZTjLBUv0oKmO7xBkWHIaaX6oyF32pK5AO
|
|
||||||
+MIIFmzCCBIOgAwIBAgIUWGMqmBZZ1ykguVDk2Whn+2uKMA0wDQYJKoZIhvcNAQEL
|
|
||||||
+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjA0OFoXDTMyMDMz
|
|
||||||
+MTE0MjA0OFowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMTCCA0YwggI5BgcqhkjOOAQB
|
|
||||||
+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw
|
|
||||||
+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs
|
|
||||||
+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4
|
|
||||||
+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt
|
|
||||||
+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J
|
|
||||||
+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0
|
|
||||||
+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3
|
|
||||||
+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ
|
|
||||||
+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV
|
|
||||||
+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv
|
|
||||||
+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA
|
|
||||||
+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAZdJAANu5E
|
|
||||||
+hkGOJDo2KTBmX7EQMR98gTRFZu/B/W19bHDhm9qc792PLPkV487QAgkMEItSOv0P
|
|
||||||
+faeSYgbUe7d1aBXzqSdCwzq4WIxLNj2eQkZk6UffDg0csTvymTvnFHWyDUwRmvjH
|
|
||||||
++35r95r1jgBeSUQMJxoe2kwZ4DHdkCpIp5z7NA44DvclY/X+BgcZ1jJNClC3BFOy
|
|
||||||
+HQaLmY452mgnS+k7zfFhsUJn5lkpfVFY6Ml7Y5AFG3Dvf2rWdGBrVUwsBP8sVJCx
|
|
||||||
+ITcg6nyGJZuOeK3VITqrcgjZr9odkf/Hg7OzN+a1B+Z6u3Ld5BKrduBqN/EKxxyd
|
|
||||||
+GNJst42JrNFIo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV
|
|
||||||
+HQ4EFgQU0dBhM47Fpn83rw6nGqMcq5q3DqwwHwYDVR0jBBgwFoAUyZFTCmN7FluL
|
|
||||||
+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAC3W5L4plRWiaX03PncMHnaL
|
|
||||||
+sp48+2jJen4avzNpRZF/bTQ621x/KLWelbMzBTMxU6jtU1LwCvsiOTSenUZ6W5vq
|
|
||||||
+TGy6nwkMUrBN0nHmymVz5v40VBLtc2/5xF9UBZ1GMnmYko+d7VHBD6qu4hpi6OD1
|
|
||||||
+3Z2kxCRaZ87y3IbVnl6zqdqxDxKCj4Ca+TT6AApm/MYVwpuvCVmuXrBBvJYTFFeZ
|
|
||||||
+2J90jHlQep2rAaZu41oiIlmQUEf9flV0iPYjj+Pqdzr9ovWVbqt7l1WKOBDYdzJW
|
|
||||||
+fQ8TvFSExkDQsDc0nkkLIfJBFUFuOpNmODvq+Ac8AGUBnl/Z3pAV4KVnnobIXHw=
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/smime-certs/smdsa2.pem b/test/smime-certs/smdsa2.pem
|
|
||||||
index 648447fc89..a995f665bb 100644
|
|
||||||
--- a/test/smime-certs/smdsa2.pem
|
|
||||||
+++ b/test/smime-certs/smdsa2.pem
|
|
||||||
@@ -14,34 +14,34 @@ Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
|
|
||||||
TQMsxQQiAiAdCUJ5n2Q9hIynN8BMpnRcdfH696BKejGx+2Mr2kfnnA==
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIFkDCCBHigAwIBAgIJANk5lu6mSyBEMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
|
|
||||||
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
|
|
||||||
-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx
|
|
||||||
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
|
|
||||||
-ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8
|
|
||||||
-uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS
|
|
||||||
-7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS
|
|
||||||
-wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1
|
|
||||||
-+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9
|
|
||||||
-Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D
|
|
||||||
-AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb
|
|
||||||
-0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu
|
|
||||||
-g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4
|
|
||||||
-0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv
|
|
||||||
-yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf
|
|
||||||
-7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P
|
|
||||||
-aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAItQlFu0t7Mw1HHROuuwKLS+E
|
|
||||||
-h2WNNZP96MLQTygOVlqgaJY+1mJLzvl/51LLH6YezX0t89Z2Dm/3SOJEdNrdbIEt
|
|
||||||
-tbu5rzymXxFhc8uaIYZFhST38oQwJOjM8wFitAQESe6/9HZjkexMqSqx/r5aEKTa
|
|
||||||
-LBinqA1BJRI72So1/1dv8P99FavPADdj8V7fAccReKEQKnfnwA7mrnD+OlIqFKFn
|
|
||||||
-3wCGk8Sw7tSJ9g6jgCI+zFwrKn2w+w+iot/Ogxl9yMAtKmAd689IAZr5GPPvV2y0
|
|
||||||
-KOogCiUYgSTSawZhr+rjyFavfI5dBWzMq4tKx/zAi6MJ+6hGJjJ8jHoT9JAPmaNg
|
|
||||||
-MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFGaxw04k
|
|
||||||
-qpufeGZC+TTBq8oMnXyrMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs
|
|
||||||
-MA0GCSqGSIb3DQEBBQUAA4IBAQCk2Xob1ICsdHYx/YsBzY6E1eEwcI4RZbZ3hEXp
|
|
||||||
-VA72/Mbz60gjv1OwE5Ay4j+xG7IpTio6y2A9ZNepGpzidYcsL/Lx9Sv1LlN0Ukzb
|
|
||||||
-uk6Czd2sZJp+PFMTTrgCd5rXKnZs/0D84Vci611vGMA1hnUnbAnBBmgLXe9pDNRV
|
|
||||||
-6mhmCLLjJ4GOr5Wxt/hhknr7V2e1VMx3Q47GZhc0o/gExfhxXA8+gicM0nEYNakD
|
|
||||||
-2A1F0qDhQGakjuofANHhjdUDqKJ1sxurAy80fqb0ddzJt2el89iXKN+aXx/zEX96
|
|
||||||
-GI5ON7z/bkVwIi549lUOpWb2Mved61NBzCLKVP7HSuEIsC/I
|
|
||||||
+MIIFmzCCBIOgAwIBAgIUXgHGnvOCmrOH9biRq3yTCcDsliUwDQYJKoZIhvcNAQEL
|
|
||||||
+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjIyNloXDTMyMDMz
|
|
||||||
+MTE0MjIyNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMjCCA0YwggI5BgcqhkjOOAQB
|
|
||||||
+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw
|
|
||||||
+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs
|
|
||||||
+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4
|
|
||||||
+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt
|
|
||||||
+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J
|
|
||||||
+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0
|
|
||||||
+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3
|
|
||||||
+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ
|
|
||||||
+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV
|
|
||||||
+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv
|
|
||||||
+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA
|
|
||||||
+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAi1CUW7S3s
|
|
||||||
+zDUcdE667AotL4SHZY01k/3owtBPKA5WWqBolj7WYkvO+X/nUssfph7NfS3z1nYO
|
|
||||||
+b/dI4kR02t1sgS21u7mvPKZfEWFzy5ohhkWFJPfyhDAk6MzzAWK0BARJ7r/0dmOR
|
|
||||||
+7EypKrH+vloQpNosGKeoDUElEjvZKjX/V2/w/30Vq88AN2PxXt8BxxF4oRAqd+fA
|
|
||||||
+DuaucP46UioUoWffAIaTxLDu1In2DqOAIj7MXCsqfbD7D6Ki386DGX3IwC0qYB3r
|
|
||||||
+z0gBmvkY8+9XbLQo6iAKJRiBJNJrBmGv6uPIVq98jl0FbMyri0rH/MCLown7qEYm
|
|
||||||
+MnyMehP0kA+Zo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV
|
|
||||||
+HQ4EFgQUZrHDTiSqm594ZkL5NMGrygydfKswHwYDVR0jBBgwFoAUyZFTCmN7FluL
|
|
||||||
+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBADhpm4d9pgdWTiX1ci4qxOat
|
|
||||||
+MK+eAc3y8dwjacwiTD94fFy+MFzItAI2msF+ILXDCYDUpFZpBjlCNRzMu/ETghJx
|
|
||||||
+53g4Hg6ioYmtLcYIAFQVIz4skdgV8npztK3ZQMSN3dcateZBf8KaEdP+cRtQs4IW
|
|
||||||
+Y+EAZ6Fve2j/kz1x/cmhSFQdWhhS+WzYUCY+FLWDXMuNLh7rDWy1t8VaRHLBU4TU
|
|
||||||
+q6W/qDaN2e6dKrzjEkqUstdGZ+JAkAZ+6CIABEnHeco1dEQUU5Atry7djeRhY68r
|
|
||||||
+us++ajRd6DLWXrD4KePyTYSPc7rAcbBBYSwe48cTxlPfKItTCrRXmWJHCCZ0UBA=
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/smime-certs/smdsa3.pem b/test/smime-certs/smdsa3.pem
|
|
||||||
index 77acc5e46f..9f703e52f0 100644
|
|
||||||
--- a/test/smime-certs/smdsa3.pem
|
|
||||||
+++ b/test/smime-certs/smdsa3.pem
|
|
||||||
@@ -14,34 +14,34 @@ Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
|
|
||||||
TQMsxQQjAiEArJr6p2zTbhRppQurHGTdmdYHqrDdZH4MCsD9tQCw1xY=
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIFkDCCBHigAwIBAgIJANk5lu6mSyBFMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
|
|
||||||
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
|
|
||||||
-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx
|
|
||||||
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
|
|
||||||
-ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8
|
|
||||||
-uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS
|
|
||||||
-7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS
|
|
||||||
-wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1
|
|
||||||
-+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9
|
|
||||||
-Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D
|
|
||||||
-AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb
|
|
||||||
-0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu
|
|
||||||
-g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4
|
|
||||||
-0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv
|
|
||||||
-yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf
|
|
||||||
-7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P
|
|
||||||
-aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAcXvtfiJfIZ0wgGpN72ZeGrJ9
|
|
||||||
-msUXOxow7w3fDbP8r8nfVkBNbfha8rx0eY6fURFVZzIOd8EHGKypcH1gS6eZNucf
|
|
||||||
-zgsH1g5r5cRahMZmgGXBEBsWrh2IaDG7VSKt+9ghz27EKgjAQCzyHQL5FCJgR2p7
|
|
||||||
-cv0V4SRqgiAGYlJ191k2WtLOsVd8kX//jj1l8TUgE7TqpuSEpaSyQ4nzJROpZWZp
|
|
||||||
-N1RwFmCURReykABU/Nzin/+rZnvZrp8WoXSXEqxeB4mShRSaH57xFnJCpRwKJ4qS
|
|
||||||
-2uhATzJaKH7vu63k3DjftbSBVh+32YXwtHc+BGjs8S2aDtCW3FtDA7Z6J8BIxaNg
|
|
||||||
-MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFMJxatDE
|
|
||||||
-FCEFGl4uoiQQ1050Ju9RMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs
|
|
||||||
-MA0GCSqGSIb3DQEBBQUAA4IBAQBGZD1JnMep39KMOhD0iBTmyjhtcnRemckvRask
|
|
||||||
-pS/CqPwo+M+lPNdxpLU2w9b0QhPnj0yAS/BS1yBjsLGY4DP156k4Q3QOhwsrTmrK
|
|
||||||
-YOxg0w7DOpkv5g11YLJpHsjSOwg5uIMoefL8mjQK6XOFOmQXHJrUtGulu+fs6FlM
|
|
||||||
-khGJcW4xYVPK0x/mHvTT8tQaTTkgTdVHObHF5Dyx/F9NMpB3RFguQPk2kT4lJc4i
|
|
||||||
-Up8T9mLzaxz6xc4wwh8h70Zw81lkGYhX+LRk3sfd/REq9x4QXQNP9t9qU1CgrBzv
|
|
||||||
-4orzt9cda4r+rleSg2XjWnXzMydE6DuwPVPZlqnLbSYUy660
|
|
||||||
+MIIFmzCCBIOgAwIBAgIUMMzeluWS9FTgzFM2PCI6rSt0++QwDQYJKoZIhvcNAQEL
|
|
||||||
+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjI0MloXDTMyMDMz
|
|
||||||
+MTE0MjI0MlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMzCCA0YwggI5BgcqhkjOOAQB
|
|
||||||
+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw
|
|
||||||
+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs
|
|
||||||
+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4
|
|
||||||
+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt
|
|
||||||
+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J
|
|
||||||
+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0
|
|
||||||
+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3
|
|
||||||
+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ
|
|
||||||
+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV
|
|
||||||
+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv
|
|
||||||
+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA
|
|
||||||
+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQBxe+1+Il8h
|
|
||||||
+nTCAak3vZl4asn2axRc7GjDvDd8Ns/yvyd9WQE1t+FryvHR5jp9REVVnMg53wQcY
|
|
||||||
+rKlwfWBLp5k25x/OCwfWDmvlxFqExmaAZcEQGxauHYhoMbtVIq372CHPbsQqCMBA
|
|
||||||
+LPIdAvkUImBHanty/RXhJGqCIAZiUnX3WTZa0s6xV3yRf/+OPWXxNSATtOqm5ISl
|
|
||||||
+pLJDifMlE6llZmk3VHAWYJRFF7KQAFT83OKf/6tme9munxahdJcSrF4HiZKFFJof
|
|
||||||
+nvEWckKlHAonipLa6EBPMloofu+7reTcON+1tIFWH7fZhfC0dz4EaOzxLZoO0Jbc
|
|
||||||
+W0MDtnonwEjFo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV
|
|
||||||
+HQ4EFgQUwnFq0MQUIQUaXi6iJBDXTnQm71EwHwYDVR0jBBgwFoAUyZFTCmN7FluL
|
|
||||||
+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAJNW/oEmpz6jZ7EjUkHhxDXR
|
|
||||||
+egsZVjBO+E2hPCciEoZaM6jIDYphrCVbdOOyy1RvLBv3SRblaECmInsRpCNwf5B5
|
|
||||||
+OaGN3hdsvx23IKnLJ7EKDauIOGhkzCMWjO8tez48UL0Wgta0+TpuiOT+UBoKb9fw
|
|
||||||
+f0f4ab9wD9pED7ghMKlwI6/oppS4PrhwYS2nwYwGXpmgu6QZDln/cgoU7cQV7r3J
|
|
||||||
+deMCpKGPyS429B9mUxlggZYvvJOm35ZiI7UAcGhJWIUrdXBxqx3DQ3CSf75vGP87
|
|
||||||
+2vn6ZoXRXSLfE48GpUtQzP6/gZti68vZrHdzKWTyZxMs4+PGoHrW5hbNDsghKDs=
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/smime-certs/smec1.pem b/test/smime-certs/smec1.pem
|
|
||||||
index 75a862666b..05754f3963 100644
|
|
||||||
--- a/test/smime-certs/smec1.pem
|
|
||||||
+++ b/test/smime-certs/smec1.pem
|
|
||||||
@@ -4,19 +4,19 @@ DMlYvkj0SmLmYvWULe2LfyXRmpWhRANCAAS+SIj2FY2DouPRuNDp9WVpsqef58tV
|
|
||||||
3gIwV0EOV/xyYTzZhufZi/aBcXugWR1x758x4nHus2uEuEFi3Mr3K3+x
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIICoDCCAYigAwIBAgIJANk5lu6mSyBGMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
|
|
||||||
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
|
|
||||||
-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx
|
|
||||||
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU
|
|
||||||
-ZXN0IFMvTUlNRSBFRSBFQyAjMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABL5I
|
|
||||||
-iPYVjYOi49G40On1ZWmyp5/ny1XeAjBXQQ5X/HJhPNmG59mL9oFxe6BZHXHvnzHi
|
|
||||||
-ce6za4S4QWLcyvcrf7GjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg
|
|
||||||
-MB0GA1UdDgQWBBR/ybxC2DI+Jydhx1FMgPbMTmLzRzAfBgNVHSMEGDAWgBTJkVMK
|
|
||||||
-Y3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEAdk9si83JjtgHHHGy
|
|
||||||
-WcgWDfM0jzlWBsgFNQ9DwAuB7gJd/LG+5Ocajg5XdA5FXAdKkfwI6be3PdcVs3Bt
|
|
||||||
-7f/fdKfBxfr9/SvFHnK7PVAX2x1wwS4HglX1lfoyq1boSvsiJOnAX3jsqXJ9TJiV
|
|
||||||
-FlgRVnhnrw6zz3Xs/9ZDMTENUrqDHPNsDkKEi+9SqIsqDXpMCrGHP4ic+S8Rov1y
|
|
||||||
-S+0XioMxVyXDp6XcL4PQ/NgHbw5/+UcS0me0atZ6pW68C0vi6xeU5vxojyuZxMI1
|
|
||||||
-DXXwMhOXWaKff7KNhXDUN0g58iWlnyaCz4XQwFsbbFs88TQ1+e/aj3bbwTxUeyN7
|
|
||||||
-qtcHJA==
|
|
||||||
+MIICqzCCAZOgAwIBAgIUZsuXIOmILju0nz1jVSgag5GrPyMwDQYJKoZIhvcNAQEL
|
|
||||||
+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjUyNFoXDTMyMDMz
|
|
||||||
+MTE0MjUyNFowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMxMFkwEwYHKoZIzj0CAQYIKoZI
|
|
||||||
+zj0DAQcDQgAEvkiI9hWNg6Lj0bjQ6fVlabKnn+fLVd4CMFdBDlf8cmE82Ybn2Yv2
|
|
||||||
+gXF7oFkdce+fMeJx7rNrhLhBYtzK9yt/saNgMF4wDAYDVR0TAQH/BAIwADAOBgNV
|
|
||||||
+HQ8BAf8EBAMCBeAwHQYDVR0OBBYEFH/JvELYMj4nJ2HHUUyA9sxOYvNHMB8GA1Ud
|
|
||||||
+IwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQCp
|
|
||||||
+sSEupiqT7S6oPS/5qtRF6POyxmhkH/Eh+RJitOODutxneJh+NdDqAQAOCexqcsF9
|
|
||||||
+1BH9hB/H6b3mS4CbcRG6R/EwzqMPUgy8OYXTrqWI9jzMKGyrBo59QFfGrwP1h8hj
|
|
||||||
+weVOVQU1iOloWPOfvMHehjX1Wt79/6BMMBvw+2qXXLAw2xpLFa4lU6HSoTiwoS5R
|
|
||||||
+mimrHnZ9tQZb54bsvdrW84kV3u1FIQ5G7jAduu97Wfr3eZGaJhW1MZLeoL7Z4Usy
|
|
||||||
+hRd2TJ6bZanb+wUJBcHOeW5ETj9MPtPsGIp8vETmY5XDm4UlX6tp4gAe4oeoIXFQ
|
|
||||||
+V5ASvNRiGWIJK5XF+zRY
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/smime-certs/smec2.pem b/test/smime-certs/smec2.pem
|
|
||||||
index 457297a760..7c502d8799 100644
|
|
||||||
--- a/test/smime-certs/smec2.pem
|
|
||||||
+++ b/test/smime-certs/smec2.pem
|
|
||||||
@@ -5,19 +5,19 @@ uCzLYF/8j1Scn/spczoC9vNzVhNw+Lg7dnjNL4EDIyYZLl7E0v69luzbvy+q44/8
|
|
||||||
6bQ=
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIICpTCCAY2gAwIBAgIJANk5lu6mSyBHMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
|
|
||||||
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
|
|
||||||
-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx
|
|
||||||
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU
|
|
||||||
-ZXN0IFMvTUlNRSBFRSBFQyAjMjBeMBAGByqGSM49AgEGBSuBBAAQA0oABAXbOzq+
|
|
||||||
-huahP4z4/b70tntqy8UE2Lu4LMtgX/yPVJyf+ylzOgL283NWE3D4uDt2eM0vgQMj
|
|
||||||
-JhkuXsTS/r2W7Nu/L6rjj/zptKNgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8E
|
|
||||||
-BAMCBeAwHQYDVR0OBBYEFGf+QSQlkN20PsNN7x+jmQIJBDcXMB8GA1UdIwQYMBaA
|
|
||||||
-FMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBBQUAA4IBAQBaBBryl2Ez
|
|
||||||
-ftBrGENXMKQP3bBEw4n9ely6HvYQi9IC7HyK0ktz7B2FcJ4z96q38JN3cLxV0DhK
|
|
||||||
-xT/72pFmQwZVJngvRaol0k1B+bdmM03llxCw/uNNZejixDjHUI9gEfbigehd7QY0
|
|
||||||
-uYDu4k4O35/z/XPQ6O5Kzw+J2vdzU8GXlMBbWeZWAmEfLGbk3Ux0ouITnSz0ty5P
|
|
||||||
-rkHTo0uprlFcZAsrsNY5v5iuomYT7ZXAR3sqGZL1zPOKBnyfXeNFUfnKsZW7Fnlq
|
|
||||||
-IlYBQIjqR1HGxxgCSy66f1oplhxSch4PUpk5tqrs6LeOqc2+xROy1T5YrB3yjVs0
|
|
||||||
-4ZdCllHZkhop
|
|
||||||
+MIICsDCCAZigAwIBAgIUWJSICrM9ZdmN6/jF/PoKng63XR0wDQYJKoZIhvcNAQEL
|
|
||||||
+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjgxOVoXDTMyMDMz
|
|
||||||
+MTE0MjgxOVowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMyMF4wEAYHKoZIzj0CAQYFK4EE
|
|
||||||
+ABADSgAEBds7Or6G5qE/jPj9vvS2e2rLxQTYu7gsy2Bf/I9UnJ/7KXM6Avbzc1YT
|
|
||||||
+cPi4O3Z4zS+BAyMmGS5exNL+vZbs278vquOP/Om0o2AwXjAMBgNVHRMBAf8EAjAA
|
|
||||||
+MA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUZ/5BJCWQ3bQ+w03vH6OZAgkENxcw
|
|
||||||
+HwYDVR0jBBgwFoAUyZFTCmN7FluLvUTwdoipJObltmwwDQYJKoZIhvcNAQELBQAD
|
|
||||||
+ggEBACMGL6tuV/1lfrnx7TN/CnWdLEp55AlmzJ3MT9dXSOO1/df/fO3uAiiBNMyQ
|
|
||||||
+Rcf4vOeBZEk/Xq6GIaAbuuT5ECg50uopEGjUDR9sRWC5yiw2CRQ5ZWTcqMapv+E5
|
|
||||||
+7/1/tpaVHy+ZkJpbTV6O9gogEPy6uoft+tsel6NFoAj9ulkjuX9TortkVGPTfedd
|
|
||||||
+oevI32G3z4L4Gv1PCZvFMwEIiAuFDZBbD86gw7rH4BNihRujJRhpnxeRu8zJYB60
|
|
||||||
+cNeR2N7humdUy5uZnj6YHy3g2j0EDKOITHydIvL1KkSlihQrxEX5kMRr9RWRyFXJ
|
|
||||||
+/UfNk+5Y3g5Mm642MLvjBEUqurw=
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/smime-certs/smec3.pem b/test/smime-certs/smec3.pem
|
|
||||||
index 90eac867d0..5110e2984b 100644
|
|
||||||
--- a/test/smime-certs/smec3.pem
|
|
||||||
+++ b/test/smime-certs/smec3.pem
|
|
||||||
@@ -4,19 +4,19 @@ zSy+knGorGWZBGG5p//ke0WUSbqhRANCAARH8uHBHkuOfuyXgJj7V3lNqUEPiQNo
|
|
||||||
xG8ntGjVmKRHfywdUoQJ1PgfbkCEsBk334rRFmja1r+MYyqn/A9ARiGB
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIICoDCCAYigAwIBAgIJAPaEOllWs/pjMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNV
|
|
||||||
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
|
|
||||||
-TUlNRSBSU0EgUm9vdDAeFw0xNzA4MTAxNTQyMDhaFw0yNzA2MTkxNTQyMDhaMEQx
|
|
||||||
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU
|
|
||||||
-ZXN0IFMvTUlNRSBFRSBFQyAjMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEfy
|
|
||||||
-4cEeS45+7JeAmPtXeU2pQQ+JA2jEbye0aNWYpEd/LB1ShAnU+B9uQISwGTffitEW
|
|
||||||
-aNrWv4xjKqf8D0BGIYGjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg
|
|
||||||
-MB0GA1UdDgQWBBQLR+H9CmAY/KDyXWdVUM9FP766WzAfBgNVHSMEGDAWgBT3YQTy
|
|
||||||
-KJTdSIrnOcPj3pm5oVNtazANBgkqhkiG9w0BAQsFAAOCAQEAmMRuf8Iz5fr9f0GA
|
|
||||||
-HaNiOM5S7AIfZ6W7zzdeF63EF1j9HqP1DJsUW4y5b9azWmpp62kKuNaM4CGPUVvm
|
|
||||||
-diLKJVlrDcc+6lW9oROpnBsskhjqFMTjTANPQSAKZeKiG2W3U8Q103VQpuYvE4Nj
|
|
||||||
-OU9JT+5e4RZS7wxYk/IsvnyF/DkoF1FTMHo9/3Wiw4V4KRhpJIPnqojWNcfipmhM
|
|
||||||
-UDpbw0Oyj5fE7x6wvaoOUr8GNJE5NudtV/5QDh9REkjyKUdVYsuUrWwKqn3NT8EI
|
|
||||||
-OLl8wx3RqA8htRg/W+SoESx87rvW1saPGvfypBp4cl18B1IzTlC+FMbHFJvZqQn8
|
|
||||||
-Ci1l4Q==
|
|
||||||
+MIICqzCCAZOgAwIBAgIUSG5MT0bOz48OfBayRWfoQwUcA50wDQYJKoZIhvcNAQEL
|
|
||||||
+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0Mjg1MloXDTMyMDMz
|
|
||||||
+MTE0Mjg1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMzMFkwEwYHKoZIzj0CAQYIKoZI
|
|
||||||
+zj0DAQcDQgAER/LhwR5Ljn7sl4CY+1d5TalBD4kDaMRvJ7Ro1ZikR38sHVKECdT4
|
|
||||||
+H25AhLAZN9+K0RZo2ta/jGMqp/wPQEYhgaNgMF4wDAYDVR0TAQH/BAIwADAOBgNV
|
|
||||||
+HQ8BAf8EBAMCBeAwHQYDVR0OBBYEFAtH4f0KYBj8oPJdZ1VQz0U/vrpbMB8GA1Ud
|
|
||||||
+IwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQBY
|
|
||||||
+xXTNWQz38q37bRjyl6FWMdIaVRkle1Qzjo0bAVHsrYNwY36PBnJpfZE8aJS6WwD2
|
|
||||||
+PUHWVLc0zd50pXbAa41FlquOdP5FNa8wOc+jHIiyWaE8SEdt0jsxPRTJ9kElXuJ5
|
|
||||||
+wFx7icmRde7DWLG32SWwR1pFi4R/aDOOxpTzUuYvKuawfAUVQtQyCz8sahbmI8EW
|
|
||||||
+H0KDuiyuncq1YjvHfaUR7QKijMJ0eBRsjUls0HeMjkehBkTrz78u7TJBWKE/BCiB
|
|
||||||
+HzuZeMqHpSXtK6ZCRtQXTLv0HyenFmbdVSDiOFSnvdL5lyLT3aFQ19DVtGFCAUwZ
|
|
||||||
+HQdD3KNn4i073Z7Ia2Xa
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/smime-certs/smroot.pem b/test/smime-certs/smroot.pem
|
|
||||||
index d1a253f409..f62a54e2a3 100644
|
|
||||||
--- a/test/smime-certs/smroot.pem
|
|
||||||
+++ b/test/smime-certs/smroot.pem
|
|
||||||
@@ -27,23 +27,23 @@ vHkSiWpJUvZCuKG8Foh5pm9hU0qb+rbQV7NhLJ02qn1AMGO3F/WKrHPPY8/b9YhQ
|
|
||||||
KfvPCYimQwBjVrEnSntLPR0=
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIDbjCCAlagAwIBAgIJAMc+8VKBJ/S9MA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
|
|
||||||
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
|
|
||||||
-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MjlaFw0yMzA3MTUxNzI4MjlaMEQx
|
|
||||||
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU
|
|
||||||
-ZXN0IFMvTUlNRSBSU0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
|
|
||||||
-ggEBALLJBcQPkfJVbCqdfLOZjfXvIxQmsh+wq9EQbYLr3V0k0eA2D6irmyO39/OT
|
|
||||||
-JLzgC906KJwCxqjhxgsO6W2FoulsLuawQGG/ACKXQU1vmDcRG6l7Uq5N1RXVS4P+
|
|
||||||
-LpLZWho1dQEGfWsP1ZwEFzSWfH/ha33Z5BMjr3bmm3tkc9DDY6WntNAMSXKLmo/E
|
|
||||||
-J6bi5PSDfNtmxaqaawgxdu74rd0SmvOoDW5wpdvFSZk2QzBWzZcKaUvGtFSPwLf/
|
|
||||||
-MQ20fXsdYLOeFH8hVxWSAi6SWR6IOwSFta9RC6ZVdHug+H8I9kBuMaqrmZW54dIe
|
|
||||||
-untusFVkodm+hSRrbxAtaK2rVbkCAwEAAaNjMGEwHQYDVR0OBBYEFMmRUwpjexZb
|
|
||||||
-i71E8HaIqSTm5bZsMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA8G
|
|
||||||
-A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IB
|
|
||||||
-AQAwpIVWQey2u/XoQSMSu0jd0EZvU+lhLaFrDy/AHQeG3yX1+SAOM6f6w+efPvyb
|
|
||||||
-Op1NPI9UkMPb4PCg9YC7jgYokBkvAcI7J4FcuDKMVhyCD3cljp0ouuKruvEf4FBl
|
|
||||||
-zyQ9pLqA97TuG8g1hLTl8G90NzTRcmKpmhs18BmCxiqHcTfoIpb3QvPkDX8R7LVt
|
|
||||||
-9BUGgPY+8ELCgw868TuHh/Cnc67gBtRjBp0sCYVzGZmKsO5f1XdHrAZKYN5mEp0C
|
|
||||||
-7/OqcDoFqORTquLeycg1At/9GqhDEgxNrqA+YEsPbLGAfsNuXUsXs2ubpGsOZxKt
|
|
||||||
-Emsny2ah6fU2z7PztrUy/A80
|
|
||||||
+MIIDeTCCAmGgAwIBAgIUF/2lFo3fH3uYuFalQVSIFqcYtd4wDQYJKoZIhvcNAQEL
|
|
||||||
+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDE1MloXDTMyMDUy
|
|
||||||
+MDE0MDE1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MIIBIjANBgkqhkiG9w0BAQEF
|
|
||||||
+AAOCAQ8AMIIBCgKCAQEAsskFxA+R8lVsKp18s5mN9e8jFCayH7Cr0RBtguvdXSTR
|
|
||||||
+4DYPqKubI7f385MkvOAL3ToonALGqOHGCw7pbYWi6Wwu5rBAYb8AIpdBTW+YNxEb
|
|
||||||
+qXtSrk3VFdVLg/4uktlaGjV1AQZ9aw/VnAQXNJZ8f+FrfdnkEyOvduabe2Rz0MNj
|
|
||||||
+pae00AxJcouaj8QnpuLk9IN822bFqpprCDF27vit3RKa86gNbnCl28VJmTZDMFbN
|
|
||||||
+lwppS8a0VI/At/8xDbR9ex1gs54UfyFXFZICLpJZHog7BIW1r1ELplV0e6D4fwj2
|
|
||||||
+QG4xqquZlbnh0h66e26wVWSh2b6FJGtvEC1oratVuQIDAQABo2MwYTAdBgNVHQ4E
|
|
||||||
+FgQUyZFTCmN7FluLvUTwdoipJObltmwwHwYDVR0jBBgwFoAUyZFTCmN7FluLvUTw
|
|
||||||
+doipJObltmwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
|
|
||||||
+hvcNAQELBQADggEBAFUbNCqSA5JTIk4wkLiDxs6sGVgSGS/XyFurT5WtyLwR6eiN
|
|
||||||
+r1Osq3DrF1805xzOjFfk3yYk2ctMMMXVEfXZavfNWgGSyUi6GrS+X1+y5snMpP7Z
|
|
||||||
+tFlb7iXxiSn5lUE1IS3y9bAlWUwTnOwdX2RuALVAzQ6oAvGIIOhb7FTkMqwsQBDx
|
|
||||||
+kBA9sgdCKv4d7zgFGdDMh1PGuia7+ZPWS9Nt3+WfRKzy4cf2p8+FTWkv1z7PtCSo
|
|
||||||
+bZySoXgav6WYGdA0VZY29HzVWC5d/LwSkeJr7pw09UjXBPnrDHbJRa+4JpwwsMT2
|
|
||||||
+b1E+cp36aagmQW97e8dCf3VzZWcD2bNJ9QM59d8=
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/smime-certs/smrsa1.pem b/test/smime-certs/smrsa1.pem
|
|
||||||
index d0d0b9e66b..7eb331e2c9 100644
|
|
||||||
--- a/test/smime-certs/smrsa1.pem
|
|
||||||
+++ b/test/smime-certs/smrsa1.pem
|
|
||||||
@@ -27,23 +27,23 @@ iCwzDT6AJj63cS3VRO2ait3ZiLdpKdSNNW2WrlZs8FZr/mVutGEcWho8BugGMWST
|
|
||||||
zQpuMJliRlrq/5JkIbH6SA==
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBAMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
|
|
||||||
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
|
|
||||||
-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx
|
|
||||||
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
|
|
||||||
-ZXN0IFMvTUlNRSBFRSBSU0EgIzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
|
|
||||||
-AoIBAQDXr9uzB/20QXKCxhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK
|
|
||||||
-2bcj54XB26i1kXuOrxID3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt
|
|
||||||
-+W6lSd6Hmfrk4GmE9LTU/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JF
|
|
||||||
-Yg4c7qt5RCk/w8kwrQ0DorQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSe
|
|
||||||
-bvt0APeqgRxSpCxqYnHsCoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxM
|
|
||||||
-kjpJSv3/ekDG2CHYxXSHXxpJstxZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD
|
|
||||||
-VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBTmjc+lrTQuYx/VBOBGjMvufajvhDAfBgNV
|
|
||||||
-HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA
|
|
||||||
-dr2IRXcFtlF16kKWs1VTaFIHHNQrfSVHBkhKblPX3f/0s/i3eXgwKUu7Hnb6T3/o
|
|
||||||
-E8L+e4ioQNhahTLt9ruJNHWA/QDwOfkqM3tshCs2xOD1Cpy7Bd3Dn0YBrHKyNXRK
|
|
||||||
-WelGp+HetSXJGW4IZJP7iES7Um0DGktLabhZbe25EnthRDBjNnaAmcofHECWESZp
|
|
||||||
-lEHczGZfS9tRbzOCofxvgLbF64H7wYSyjAe6R8aain0VRbIusiD4tCHX/lOMh9xT
|
|
||||||
-GNBW8zTL+tV9H1unjPMORLnT0YQ3oAyEND0jCu0ACA1qGl+rzxhF6bQcTUNEbRMu
|
|
||||||
-9Hjq6s316fk4Ne0EUF3PbA==
|
|
||||||
+MIIDdzCCAl+gAwIBAgIUNrEw2I4NEV0Nbo7AVOF9z4mPBiYwDQYJKoZIhvcNAQEL
|
|
||||||
+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDczN1oXDTMyMDMz
|
|
||||||
+MTE0MDczN1owRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMTCCASIwDQYJKoZIhvcNAQEB
|
|
||||||
+BQADggEPADCCAQoCggEBANev27MH/bRBcoLGGR82cm+XbGXWHN05ytCYCqj4AABw
|
|
||||||
+D8Pj0ia4kNVBForZtyPnhcHbqLWRe46vEgPf961RvzK51/Hw4BXCHwbTFUDjOGvy
|
|
||||||
+5dbzlba0Gvi/Qu35bqVJ3oeZ+uTgaYT0tNT+/OX0dQ9bpJlKE3UbSdjqh5Re8uLS
|
|
||||||
+9qwRQq/drnVPokViDhzuq3lEKT/DyTCtDQOitDAJ2Q48QiILhv6c9K0XXZJWblvH
|
|
||||||
+yttjOKjG5j891J5u+3QA96qBHFKkLGpicewKg14fNKsZdw/QI7MV5Q7Pa12uGYfT
|
|
||||||
+0ktsZmziduiM/EySOklK/f96QMbYIdjFdIdfGkmy3FkCAwEAAaNgMF4wDAYDVR0T
|
|
||||||
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFOaNz6WtNC5jH9UE4EaM
|
|
||||||
+y+59qO+EMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3
|
|
||||||
+DQEBCwUAA4IBAQBMz3Ef3U0blTGhfP9HIBq09fWCgUN3aDDLZ/B6biFfWM87wlAm
|
|
||||||
+CdIuy2jhiEt8Ld8U9y8dbO7c2gzHBGc9FhScBkfQInrbhSctXL/r/wOc0divK9rq
|
|
||||||
+oXL2cL/CFfzcYPWNN3w6JAJyOhkhWnqF+/0T8+NdiRLE3a9NfX3a83GpfBVccYKQ
|
|
||||||
+kKKeVIw2K1dYbtlSo1HwOckxqUzN00IPs3xC8U9KNXKy7o0kdetKhk70DzXQ64j0
|
|
||||||
+EcmXxqPaCkgo3fl9z9nzKlWhg/qIi/1Bd1bpMP8IXAPEURDqhi0KI0w9GPCQRjfY
|
|
||||||
+7NwXrLEayBoL8TNxcJ3FwdI20+bmhhILBZgO
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/smime-certs/smrsa2.pem b/test/smime-certs/smrsa2.pem
|
|
||||||
index 2f17cb2978..4262742176 100644
|
|
||||||
--- a/test/smime-certs/smrsa2.pem
|
|
||||||
+++ b/test/smime-certs/smrsa2.pem
|
|
||||||
@@ -27,23 +27,23 @@ hT8V87esr/QzLVpjLedQDW8Xb7GiO3BsU/gVC9VcngenbL7JObl3NgvdreIYo6+n
|
|
||||||
yrLyf+8hjm6H6zkjqiOkHAl+
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBBMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
|
|
||||||
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
|
|
||||||
-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx
|
|
||||||
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
|
|
||||||
-ZXN0IFMvTUlNRSBFRSBSU0EgIzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
|
|
||||||
-AoIBAQDcYC4tS2Uvn1Z2iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iF
|
|
||||||
-AzAnwqR/UB1R67ETrsWqV8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFp
|
|
||||||
-cXepPWQacpuBq2VvcKRDlDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS
|
|
||||||
-0PZ9EZB63T1gmwaK1Rd5U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1
|
|
||||||
-NcojhptIWyI0r7dgn5J3NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0
|
|
||||||
-EFWyQf7iDxGaA93Y9ePBJv5iFZVZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD
|
|
||||||
-VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBT0arpyYMHXDPVL7MvzE+lx71L7sjAfBgNV
|
|
||||||
-HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA
|
|
||||||
-I8nM42am3aImkZyrw8iGkaGhKyi/dfajSWx6B9izBUh+3FleBnUxxOA+mn7M8C47
|
|
||||||
-Ne18iaaWK8vEux9KYTIY8BzXQZL1AuZ896cXEc6bGKsME37JSsocfuB5BIGWlYLv
|
|
||||||
-/ON5/SJ0iVFj4fAp8z7Vn5qxRJj9BhZDxaO1Raa6cz6pm0imJy9v8y01TI6HsK8c
|
|
||||||
-XJQLs7/U4Qb91K+IDNX/lgW3hzWjifNpIpT5JyY3DUgbkD595LFV5DDMZd0UOqcv
|
|
||||||
-6cyN42zkX8a0TWr3i5wu7pw4k1oD19RbUyljyleEp0DBauIct4GARdBGgi5y1H2i
|
|
||||||
-NzYzLAPBkHCMY0Is3KKIBw==
|
|
||||||
+MIIDdzCCAl+gAwIBAgIUdWyHziJTdWjooy8SanPMwLxNsPEwDQYJKoZIhvcNAQEL
|
|
||||||
+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDkyNVoXDTMyMDMz
|
|
||||||
+MTE0MDkyNVowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMjCCASIwDQYJKoZIhvcNAQEB
|
|
||||||
+BQADggEPADCCAQoCggEBANxgLi1LZS+fVnaIOC1+QkDm0CqBs3pfjIrTZG1UfnF6
|
|
||||||
+RX37r55O3/1L6IUDMCfCpH9QHVHrsROuxapXy73EuDl8cjAiSa73/o/fVRT1yCE7
|
|
||||||
+snWVyuEe+igdoWlxd6k9ZBpym4GrZW9wpEOUN9WZ0znPp5Ld1Jk9M4ww//GTieFk
|
|
||||||
+HyZzDbuqJxw+J5LQ9n0RkHrdPWCbBorVF3lT3g+XT7OkOqFWK5eYF+IgNaOPPQHM
|
|
||||||
+ecdLPlGDhLehcXU1yiOGm0hbIjSvt2Cfknc3ELiSAp2PPKzGjqJZ3ScuDPuHSNR2
|
|
||||||
+Pv0Q6Kzh+D0bh/QQVbJB/uIPEZoD3dj148Em/mIVlVkCAwEAAaNgMF4wDAYDVR0T
|
|
||||||
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFPRqunJgwdcM9Uvsy/MT
|
|
||||||
+6XHvUvuyMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3
|
|
||||||
+DQEBCwUAA4IBAQBz02v4hd+EjW5NaMubkqPbgUTDRKdRq1RZM+C6m1MTMKy+8zTD
|
|
||||||
+QSKRCFf0UmSPMsdTArry9x15fmHIJW21F3bw4ISeVXRyzBhOnrGKXUt2Lg9c2MLa
|
|
||||||
+9C394ex0vw4ZGSNkrIARbM3084Chegs4PLMWLFam1H5J6wpvH8iXXYvhESW98luv
|
|
||||||
+i3HVQzqLXw7/9XHxf8RnrRcy/WhAA+KegAQMGHTo5KPLliXtypYdCxBHNcmOwJlR
|
|
||||||
+pSOp6fxhiRKN5DzcBPHOE/brZc4aNGgBHZgGg1g1Wb2lAylopgJrbyNkhEEwHVNM
|
|
||||||
+1uLCnXKV1nX+EiMKkhSV761ozdhMGljYb+GE
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/smime-certs/smrsa3.pem b/test/smime-certs/smrsa3.pem
|
|
||||||
index 14c27f64aa..f7dca3a004 100644
|
|
||||||
--- a/test/smime-certs/smrsa3.pem
|
|
||||||
+++ b/test/smime-certs/smrsa3.pem
|
|
||||||
@@ -27,23 +27,23 @@ yzYMXLmervN7c1jJe2Y2MYv6hE+Ypj1xGW4w7s8WNKmVzLv97beisD9AZrS7sXfF
|
|
||||||
RvOAi5wVkYylDxV4238MAZIq
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBCMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
|
|
||||||
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
|
|
||||||
-TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx
|
|
||||||
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
|
|
||||||
-ZXN0IFMvTUlNRSBFRSBSU0EgIzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
|
|
||||||
-AoIBAQCyK+BTAOJKJjjiOhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVC
|
|
||||||
-FoVBz5doMf3M6QIS2jL3Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsF
|
|
||||||
-STxytUVpfcByrubWiLKX63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuW
|
|
||||||
-m/gavozkK103gQ+dUq4HXamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enha
|
|
||||||
-v2sXDfOmZp/DYf9IqS7lvFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p
|
|
||||||
-1diWRpaSn62bbkRN49j6L2dVb+DfAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD
|
|
||||||
-VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBQ6CkW5sa6HrBsWvuPOvMjyL5AnsDAfBgNV
|
|
||||||
-HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA
|
|
||||||
-JhcrD7AKafVzlncA3cZ6epAruj1xwcfiE+EbuAaeWEGjoSltmevcjgoIxvijRVcp
|
|
||||||
-sCbNmHJZ/siQlqzWjjf3yoERvLDqngJZZpQeocMIbLRQf4wgLAuiBcvT52wTE+sa
|
|
||||||
-VexeETDy5J1OW3wE4A3rkdBp6hLaymlijFNnd5z/bP6w3AcIMWm45yPm0skM8RVr
|
|
||||||
-O3UstEFYD/iy+p+Y/YZDoxYQSW5Vl+NkpGmc5bzet8gQz4JeXtH3z5zUGoDM4XK7
|
|
||||||
-tXP3yUi2eecCbyjh/wgaQiVdylr1Kv3mxXcTl+cFO22asDkh0R/y72nTCu5fSILY
|
|
||||||
-CscFo2Z2pYROGtZDmYqhRw==
|
|
||||||
+MIIDdzCCAl+gAwIBAgIUAKvI4FWjFLx8iBGifOW3mG/xkT0wDQYJKoZIhvcNAQEL
|
|
||||||
+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MTEwNloXDTMyMDMz
|
|
||||||
+MTE0MTEwNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMzCCASIwDQYJKoZIhvcNAQEB
|
|
||||||
+BQADggEPADCCAQoCggEBALIr4FMA4komOOI6FjrQ15mPMYZnEQF8KbrafSbCTO6x
|
|
||||||
+b9X97re7CPq45UIWhUHPl2gx/czpAhLaMvcDDpCzn69y4sDSAeuojCNhDPVRnkRM
|
|
||||||
+sosptDDpg4hV+wVJPHK1RWl9wHKu5taIspfre2F4bX8hWiQMr/3+TnYrK37BwKO5
|
|
||||||
+FvsAlAWPY4sNG5ab+Bq+jOQrXTeBD51SrgddqZky1OrUSFA59zQhR4I4QvrHPiPO
|
|
||||||
+Ucd/Mt2S9vsSeFq/axcN86Zmn8Nh/0ipLuW8WSQg09VtgUFN7Fo9mUXCakZGOSaj
|
|
||||||
+If/D4mVynOz7DqnV2JZGlpKfrZtuRE3j2PovZ1Vv4N8CAwEAAaNgMF4wDAYDVR0T
|
|
||||||
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFDoKRbmxroesGxa+4868
|
|
||||||
+yPIvkCewMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3
|
|
||||||
+DQEBCwUAA4IBAQBfCCzWyZzIvq/ci6E74ovJ8mMel5Z9MU9EcvY0k7pJSUbpCg3c
|
|
||||||
+P48CiAzt8r8Em4AymADfK1pYvvpTNVpU/USbdKR1hyxZjqWrYdsY7tlVuvZ92oFs
|
|
||||||
+s3komuKHCx2SQAe5b+LWjC1Bf8JUFx+XTjYb/BBg7nQRwi3TkYVVmW7hXLYvf4Jn
|
|
||||||
+Uyu0x02pDzUu+62jeYbNIVJnYwSU0gLHEo81QmNs06RLjnAhbneUZ6P6YuJOdDo7
|
|
||||||
+xMw/ywijZM0FxsWxRSsCBwavhabg1Kb1lO//pbgcSa9T0D7ax1XoMni3RJnHj6gu
|
|
||||||
+r0Mi3QjgZaxghR3TPh83dQLilECYDuD0uTzf
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
--
|
|
||||||
2.35.3
|
|
||||||
|
|
||||||
|
@ -325,7 +325,7 @@ index de391ce067..1cfd71c5cf 100644
|
|||||||
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions },
|
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions },
|
||||||
{ NULL, NULL, NULL }
|
{ NULL, NULL, NULL }
|
||||||
@@ -527,6 +590,14 @@ static void fips_deinit_casecmp(void) {
|
@@ -527,6 +590,14 @@ static void fips_deinit_casecmp(void) {
|
||||||
freelocale(loc);
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
+const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id) {
|
+const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id) {
|
||||||
|
@ -1,13 +0,0 @@
|
|||||||
diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
|
|
||||||
index 2a574fbfe6aa..16f482db68a9 100644
|
|
||||||
--- a/crypto/lhash/lhash.c
|
|
||||||
+++ b/crypto/lhash/lhash.c
|
|
||||||
@@ -100,6 +100,8 @@ void OPENSSL_LH_flush(OPENSSL_LHASH *lh)
|
|
||||||
}
|
|
||||||
lh->b[i] = NULL;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ lh->num_items = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data)
|
|
@ -1,263 +0,0 @@
|
|||||||
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
|
|
||||||
index 7a4a45d537..3c5f48ec0a 100644
|
|
||||||
--- a/crypto/ocsp/ocsp_vfy.c
|
|
||||||
+++ b/crypto/ocsp/ocsp_vfy.c
|
|
||||||
@@ -59,9 +59,10 @@ static int ocsp_verify_signer(X509 *signer, int response,
|
|
||||||
|
|
||||||
ret = X509_verify_cert(ctx);
|
|
||||||
if (ret <= 0) {
|
|
||||||
- ret = X509_STORE_CTX_get_error(ctx);
|
|
||||||
+ int err = X509_STORE_CTX_get_error(ctx);
|
|
||||||
+
|
|
||||||
ERR_raise_data(ERR_LIB_OCSP, OCSP_R_CERTIFICATE_VERIFY_ERROR,
|
|
||||||
- "Verify error: %s", X509_verify_cert_error_string(ret));
|
|
||||||
+ "Verify error: %s", X509_verify_cert_error_string(err));
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
if (chain != NULL)
|
|
||||||
diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t
|
|
||||||
index d42030cb89..34fdfcbccc 100644
|
|
||||||
--- a/test/recipes/80-test_ocsp.t
|
|
||||||
+++ b/test/recipes/80-test_ocsp.t
|
|
||||||
@@ -35,6 +35,7 @@ sub test_ocsp {
|
|
||||||
$untrusted = $CAfile;
|
|
||||||
}
|
|
||||||
my $expected_exit = shift;
|
|
||||||
+ my $nochecks = shift;
|
|
||||||
my $outputfile = basename($inputfile, '.ors') . '.dat';
|
|
||||||
|
|
||||||
run(app(["openssl", "base64", "-d",
|
|
||||||
@@ -45,7 +46,8 @@ sub test_ocsp {
|
|
||||||
"-partial_chain", @check_time,
|
|
||||||
"-CAfile", catfile($ocspdir, $CAfile),
|
|
||||||
"-verify_other", catfile($ocspdir, $untrusted),
|
|
||||||
- "-no-CApath", "-no-CAstore"])),
|
|
||||||
+ "-no-CApath", "-no-CAstore",
|
|
||||||
+ $nochecks ? "-no_cert_checks" : ()])),
|
|
||||||
$title); });
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -55,143 +57,149 @@ subtest "=== VALID OCSP RESPONSES ===" => sub {
|
|
||||||
plan tests => 7;
|
|
||||||
|
|
||||||
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "ND1.ors", "ND1_Issuer_ICA.pem", "", 0);
|
|
||||||
+ "ND1.ors", "ND1_Issuer_ICA.pem", "", 0, 0);
|
|
||||||
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "ND2.ors", "ND2_Issuer_Root.pem", "", 0);
|
|
||||||
+ "ND2.ors", "ND2_Issuer_Root.pem", "", 0, 0);
|
|
||||||
test_ocsp("NON-DELEGATED; Root CA -> EE",
|
|
||||||
- "ND3.ors", "ND3_Issuer_Root.pem", "", 0);
|
|
||||||
+ "ND3.ors", "ND3_Issuer_Root.pem", "", 0, 0);
|
|
||||||
test_ocsp("NON-DELEGATED; 3-level CA hierarchy",
|
|
||||||
- "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0);
|
|
||||||
+ "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0, 0);
|
|
||||||
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "D1.ors", "D1_Issuer_ICA.pem", "", 0);
|
|
||||||
+ "D1.ors", "D1_Issuer_ICA.pem", "", 0, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "D2.ors", "D2_Issuer_Root.pem", "", 0);
|
|
||||||
+ "D2.ors", "D2_Issuer_Root.pem", "", 0, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> EE",
|
|
||||||
- "D3.ors", "D3_Issuer_Root.pem", "", 0);
|
|
||||||
+ "D3.ors", "D3_Issuer_Root.pem", "", 0, 0);
|
|
||||||
};
|
|
||||||
|
|
||||||
subtest "=== INVALID SIGNATURE on the OCSP RESPONSE ===" => sub {
|
|
||||||
plan tests => 6;
|
|
||||||
|
|
||||||
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
|
|
||||||
+ "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
|
|
||||||
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
|
|
||||||
+ "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("NON-DELEGATED; Root CA -> EE",
|
|
||||||
- "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
|
|
||||||
+ "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1);
|
|
||||||
+ "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1);
|
|
||||||
+ "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> EE",
|
|
||||||
- "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1);
|
|
||||||
+ "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
|
|
||||||
};
|
|
||||||
|
|
||||||
subtest "=== WRONG RESPONDERID in the OCSP RESPONSE ===" => sub {
|
|
||||||
plan tests => 6;
|
|
||||||
|
|
||||||
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
|
|
||||||
+ "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
|
|
||||||
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
|
|
||||||
+ "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("NON-DELEGATED; Root CA -> EE",
|
|
||||||
- "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
|
|
||||||
+ "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1);
|
|
||||||
+ "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1);
|
|
||||||
+ "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> EE",
|
|
||||||
- "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1);
|
|
||||||
+ "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
|
|
||||||
};
|
|
||||||
|
|
||||||
subtest "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" => sub {
|
|
||||||
plan tests => 6;
|
|
||||||
|
|
||||||
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
|
|
||||||
+ "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
|
|
||||||
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
|
|
||||||
+ "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("NON-DELEGATED; Root CA -> EE",
|
|
||||||
- "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
|
|
||||||
+ "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1);
|
|
||||||
+ "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1);
|
|
||||||
+ "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> EE",
|
|
||||||
- "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1);
|
|
||||||
+ "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
|
|
||||||
};
|
|
||||||
|
|
||||||
subtest "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" => sub {
|
|
||||||
plan tests => 6;
|
|
||||||
|
|
||||||
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
|
|
||||||
+ "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
|
|
||||||
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
|
|
||||||
+ "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("NON-DELEGATED; Root CA -> EE",
|
|
||||||
- "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
|
|
||||||
+ "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1);
|
|
||||||
+ "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1);
|
|
||||||
+ "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> EE",
|
|
||||||
- "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1);
|
|
||||||
+ "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
|
|
||||||
};
|
|
||||||
|
|
||||||
subtest "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub {
|
|
||||||
plan tests => 3;
|
|
||||||
|
|
||||||
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1);
|
|
||||||
+ "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1);
|
|
||||||
+ "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> EE",
|
|
||||||
- "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1);
|
|
||||||
+ "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
|
|
||||||
};
|
|
||||||
|
|
||||||
subtest "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub {
|
|
||||||
- plan tests => 3;
|
|
||||||
+ plan tests => 6;
|
|
||||||
|
|
||||||
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1);
|
|
||||||
+ "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
|
|
||||||
+ test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
+ "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
|
|
||||||
+ test_ocsp("DELEGATED; Root CA -> EE",
|
|
||||||
+ "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
|
|
||||||
+ test_ocsp("DELEGATED; Intermediate CA -> EE",
|
|
||||||
+ "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 1);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1);
|
|
||||||
+ "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 1);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> EE",
|
|
||||||
- "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1);
|
|
||||||
+ "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 1);
|
|
||||||
};
|
|
||||||
|
|
||||||
subtest "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" => sub {
|
|
||||||
plan tests => 6;
|
|
||||||
|
|
||||||
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1);
|
|
||||||
+ "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1, 0);
|
|
||||||
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1);
|
|
||||||
+ "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("NON-DELEGATED; Root CA -> EE",
|
|
||||||
- "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1);
|
|
||||||
+ "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1);
|
|
||||||
+ "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1);
|
|
||||||
+ "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> EE",
|
|
||||||
- "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1);
|
|
||||||
+ "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1, 0);
|
|
||||||
};
|
|
||||||
|
|
||||||
subtest "=== WRONG KEY in the ISSUER CERTIFICATE ===" => sub {
|
|
||||||
plan tests => 6;
|
|
||||||
|
|
||||||
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1);
|
|
||||||
+ "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1, 0);
|
|
||||||
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1);
|
|
||||||
+ "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("NON-DELEGATED; Root CA -> EE",
|
|
||||||
- "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1);
|
|
||||||
+ "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1);
|
|
||||||
+ "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1);
|
|
||||||
+ "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> EE",
|
|
||||||
- "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1);
|
|
||||||
+ "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1, 0);
|
|
||||||
};
|
|
||||||
|
|
||||||
subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub {
|
|
||||||
@@ -199,17 +207,17 @@ subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub {
|
|
||||||
|
|
||||||
# Expect success, because we're explicitly trusting the issuer certificate.
|
|
||||||
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0);
|
|
||||||
+ "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0, 0);
|
|
||||||
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0);
|
|
||||||
+ "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0, 0);
|
|
||||||
test_ocsp("NON-DELEGATED; Root CA -> EE",
|
|
||||||
- "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0);
|
|
||||||
+ "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0, 0);
|
|
||||||
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
|
||||||
- "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0);
|
|
||||||
+ "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
|
||||||
- "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0);
|
|
||||||
+ "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0, 0);
|
|
||||||
test_ocsp("DELEGATED; Root CA -> EE",
|
|
||||||
- "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0);
|
|
||||||
+ "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0, 0);
|
|
||||||
};
|
|
||||||
|
|
||||||
subtest "=== OCSP API TESTS===" => sub {
|
|
@ -1,58 +0,0 @@
|
|||||||
diff --git a/tools/c_rehash.in b/tools/c_rehash.in
|
|
||||||
index d51d8856d7..a630773a02 100644
|
|
||||||
--- a/tools/c_rehash.in
|
|
||||||
+++ b/tools/c_rehash.in
|
|
||||||
@@ -152,6 +152,23 @@ sub check_file {
|
|
||||||
return ($is_cert, $is_crl);
|
|
||||||
}
|
|
||||||
|
|
||||||
+sub compute_hash {
|
|
||||||
+ my $fh;
|
|
||||||
+ if ( $^O eq "VMS" ) {
|
|
||||||
+ # VMS uses the open through shell
|
|
||||||
+ # The file names are safe there and list form is unsupported
|
|
||||||
+ if (!open($fh, "-|", join(' ', @_))) {
|
|
||||||
+ print STDERR "Cannot compute hash on '$fname'\n";
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+ } else {
|
|
||||||
+ if (!open($fh, "-|", @_)) {
|
|
||||||
+ print STDERR "Cannot compute hash on '$fname'\n";
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ return (<$fh>, <$fh>);
|
|
||||||
+}
|
|
||||||
|
|
||||||
# Link a certificate to its subject name hash value, each hash is of
|
|
||||||
# the form <hash>.<n> where n is an integer. If the hash value already exists
|
|
||||||
@@ -161,10 +178,12 @@ sub check_file {
|
|
||||||
|
|
||||||
sub link_hash_cert {
|
|
||||||
my $fname = $_[0];
|
|
||||||
- $fname =~ s/\"/\\\"/g;
|
|
||||||
- my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
|
|
||||||
+ my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
|
|
||||||
+ "-fingerprint", "-noout",
|
|
||||||
+ "-in", $fname);
|
|
||||||
chomp $hash;
|
|
||||||
chomp $fprint;
|
|
||||||
+ return if !$hash;
|
|
||||||
$fprint =~ s/^.*=//;
|
|
||||||
$fprint =~ tr/://d;
|
|
||||||
my $suffix = 0;
|
|
||||||
@@ -202,10 +221,12 @@ sub link_hash_cert {
|
|
||||||
|
|
||||||
sub link_hash_crl {
|
|
||||||
my $fname = $_[0];
|
|
||||||
- $fname =~ s/'/'\\''/g;
|
|
||||||
- my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
|
|
||||||
+ my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
|
|
||||||
+ "-fingerprint", "-noout",
|
|
||||||
+ "-in", $fname);
|
|
||||||
chomp $hash;
|
|
||||||
chomp $fprint;
|
|
||||||
+ return if !$hash;
|
|
||||||
$fprint =~ s/^.*=//;
|
|
||||||
$fprint =~ tr/://d;
|
|
||||||
my $suffix = 0;
|
|
@ -1,212 +0,0 @@
|
|||||||
diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem
|
|
||||||
index 1fa449d5a098..6aa9455f09ed 100644
|
|
||||||
--- a/test/certs/embeddedSCTs1_issuer.pem
|
|
||||||
+++ b/test/certs/embeddedSCTs1_issuer.pem
|
|
||||||
@@ -1,18 +1,18 @@
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
|
|
||||||
+MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
|
|
||||||
MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
|
|
||||||
-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
|
|
||||||
-MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu
|
|
||||||
-c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf
|
|
||||||
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7
|
|
||||||
-jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP
|
|
||||||
-KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL
|
|
||||||
-svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk
|
|
||||||
-tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG
|
|
||||||
-A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO
|
|
||||||
-MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB
|
|
||||||
-/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt
|
|
||||||
-OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy
|
|
||||||
-f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP
|
|
||||||
-OwqULg==
|
|
||||||
+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
|
|
||||||
+ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
|
|
||||||
+YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
|
|
||||||
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
|
|
||||||
+0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
|
|
||||||
+SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
|
|
||||||
+acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
|
|
||||||
+wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
|
|
||||||
+CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
|
|
||||||
+MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
|
|
||||||
+AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
|
|
||||||
++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
|
|
||||||
+2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
|
|
||||||
+Doud4XrO
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/certs/sm2-ca-cert.pem b/test/certs/sm2-ca-cert.pem
|
|
||||||
index 5677ac6c9f6a..70ce71e43091 100644
|
|
||||||
--- a/test/certs/sm2-ca-cert.pem
|
|
||||||
+++ b/test/certs/sm2-ca-cert.pem
|
|
||||||
@@ -1,14 +1,14 @@
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
|
||||||
+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
|
||||||
AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
|
|
||||||
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
|
|
||||||
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw
|
|
||||||
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
|
|
||||||
-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG
|
|
||||||
-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU
|
|
||||||
-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW
|
|
||||||
-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU
|
|
||||||
-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI
|
|
||||||
-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X
|
|
||||||
-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3
|
|
||||||
+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg
|
|
||||||
+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x
|
|
||||||
+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP
|
|
||||||
+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH
|
|
||||||
+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+
|
|
||||||
+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O
|
|
||||||
+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp
|
|
||||||
+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1
|
|
||||||
+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC
|
|
||||||
+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/certs/sm2-root.crt b/test/certs/sm2-root.crt
|
|
||||||
index 5677ac6c9f6a..70ce71e43091 100644
|
|
||||||
--- a/test/certs/sm2-root.crt
|
|
||||||
+++ b/test/certs/sm2-root.crt
|
|
||||||
@@ -1,14 +1,14 @@
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
|
||||||
+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
|
||||||
AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
|
|
||||||
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
|
|
||||||
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw
|
|
||||||
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
|
|
||||||
-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG
|
|
||||||
-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU
|
|
||||||
-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW
|
|
||||||
-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU
|
|
||||||
-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI
|
|
||||||
-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X
|
|
||||||
-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3
|
|
||||||
+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg
|
|
||||||
+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x
|
|
||||||
+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP
|
|
||||||
+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH
|
|
||||||
+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+
|
|
||||||
+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O
|
|
||||||
+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp
|
|
||||||
+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1
|
|
||||||
+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC
|
|
||||||
+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/certs/sm2.pem b/test/certs/sm2.pem
|
|
||||||
index 189abb137625..daf12926aff9 100644
|
|
||||||
--- a/test/certs/sm2.pem
|
|
||||||
+++ b/test/certs/sm2.pem
|
|
||||||
@@ -1,13 +1,14 @@
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIB6DCCAY6gAwIBAgIJAKH2BR6ITHZeMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
|
||||||
-AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
|
|
||||||
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
|
|
||||||
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMG8xCzAJBgNVBAYTAkNOMQsw
|
|
||||||
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
|
|
||||||
-MRAwDgYDVQQLDAdUZXN0IE9VMRswGQYDVQQDDBJUZXN0IFNNMiBTaWduIENlcnQw
|
|
||||||
-WTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQwqeNkWp7fiu1KZnuDkAucpM8piEzE
|
|
||||||
-TL1ymrcrOBvv8mhNNkeb20asbWgFQI2zOrSM99/sXGn9rM2/usM/MlcaoxowGDAJ
|
|
||||||
-BgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiEA9edBnAqT
|
|
||||||
-TNuGIUIvXsj6/nP+AzXA9HGtAIY4nrqW8LkCIHyZzhRTlxYtgfqkDl0OK5QQRCZH
|
|
||||||
-OZOfmtx613VyzXwc
|
|
||||||
+MIICNDCCAdugAwIBAgIUOMbsiFLCy2BCPtfHQSdG4R1+3BowCgYIKoEcz1UBg3Uw
|
|
||||||
+aDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzER
|
|
||||||
+MA8GA1UECgwIVGVzdCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rl
|
|
||||||
+c3QgU00yIENBMCAXDTIyMDYwMjE1NTU0OFoYDzIxMjIwNTA5MTU1NTQ4WjBvMQsw
|
|
||||||
+CQYDVQQGEwJDTjELMAkGA1UECAwCTE4xETAPBgNVBAcMCFNoZW55YW5nMREwDwYD
|
|
||||||
+VQQKDAhUZXN0IE9yZzEQMA4GA1UECwwHVGVzdCBPVTEbMBkGA1UEAwwSVGVzdCBT
|
|
||||||
+TTIgU2lnbiBDZXJ0MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEMKnjZFqe34rt
|
|
||||||
+SmZ7g5ALnKTPKYhMxEy9cpq3Kzgb7/JoTTZHm9tGrG1oBUCNszq0jPff7Fxp/azN
|
|
||||||
+v7rDPzJXGqNaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFNPl
|
|
||||||
+u8JjXkhQPiJ5bYrrq+voqBUlMB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIpSVTlXHj/
|
|
||||||
+Rbl0MAoGCCqBHM9VAYN1A0cAMEQCIG3gG1D7T7ltn6Gz1UksBZahgBE6jmkQ9Sp9
|
|
||||||
+/3aY5trlAiB5adxiK0avV0LEKfbzTdff9skoZpd7vje1QTW0l0HaGg==
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh
|
|
||||||
index 12e8a7305402..109b9c4abc28 100644
|
|
||||||
--- a/test/smime-certs/mksmime-certs.sh
|
|
||||||
+++ b/test/smime-certs/mksmime-certs.sh
|
|
||||||
@@ -15,23 +15,23 @@ export OPENSSL_CONF
|
|
||||||
|
|
||||||
# Root CA: create certificate directly
|
|
||||||
CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -noenc \
|
|
||||||
- -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650
|
|
||||||
+ -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 36501
|
|
||||||
|
|
||||||
# EE RSA certificates: create request first
|
|
||||||
CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -noenc \
|
|
||||||
-keyout smrsa1.pem -out req.pem -newkey rsa:2048
|
|
||||||
# Sign request: end entity extensions
|
|
||||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
||||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
||||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem
|
|
||||||
|
|
||||||
CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -noenc \
|
|
||||||
-keyout smrsa2.pem -out req.pem -newkey rsa:2048
|
|
||||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
||||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
||||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem
|
|
||||||
|
|
||||||
CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -noenc \
|
|
||||||
-keyout smrsa3.pem -out req.pem -newkey rsa:2048
|
|
||||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
||||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
||||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem
|
|
||||||
|
|
||||||
# Create DSA parameters
|
|
||||||
@@ -40,15 +40,15 @@ $OPENSSL dsaparam -out dsap.pem 2048
|
|
||||||
|
|
||||||
CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -noenc \
|
|
||||||
-keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem
|
|
||||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
||||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
||||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem
|
|
||||||
CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -noenc \
|
|
||||||
-keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem
|
|
||||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
||||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
||||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem
|
|
||||||
CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -noenc \
|
|
||||||
-keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem
|
|
||||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
||||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
||||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem
|
|
||||||
|
|
||||||
# Create EC parameters
|
|
||||||
@@ -58,16 +58,17 @@ $OPENSSL ecparam -out ecp2.pem -name K-283
|
|
||||||
|
|
||||||
CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -noenc \
|
|
||||||
-keyout smec1.pem -out req.pem -newkey ec:ecp.pem
|
|
||||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
||||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
||||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem
|
|
||||||
CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -noenc \
|
|
||||||
-keyout smec2.pem -out req.pem -newkey ec:ecp2.pem
|
|
||||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
||||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
||||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem
|
|
||||||
-CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \
|
|
||||||
- -keyout smec3.pem -out req.pem -newkey ec:ecp.pem
|
|
||||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
||||||
- -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem
|
|
||||||
+# Do not renew this cert as it is used for legacy data decrypt test
|
|
||||||
+#CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \
|
|
||||||
+# -keyout smec3.pem -out req.pem -newkey ec:ecp.pem
|
|
||||||
+#$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
||||||
+# -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem
|
|
||||||
# Create X9.42 DH parameters.
|
|
||||||
$OPENSSL genpkey -genparam -algorithm DHX -out dhp.pem
|
|
||||||
# Generate X9.42 DH key.
|
|
||||||
@@ -77,7 +78,7 @@ $OPENSSL pkey -pubout -in smdh.pem -out dhpub.pem
|
|
||||||
CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -noenc \
|
|
||||||
-keyout smtmp.pem -out req.pem -newkey rsa:2048
|
|
||||||
# Sign request but force public key to DH
|
|
||||||
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
|
||||||
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
|
||||||
-force_pubkey dhpub.pem \
|
|
||||||
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdh.pem
|
|
||||||
# Remove temp files.
|
|
@ -1,662 +0,0 @@
|
|||||||
diff --git a/crypto/bn/asm/ppc64-mont-fixed.pl b/crypto/bn/asm/ppc64-mont-fixed.pl
|
|
||||||
index 56df89dc27da..e69de29bb2d1 100755
|
|
||||||
--- a/crypto/bn/asm/ppc64-mont-fixed.pl
|
|
||||||
+++ b/crypto/bn/asm/ppc64-mont-fixed.pl
|
|
||||||
@@ -1,581 +0,0 @@
|
|
||||||
-#! /usr/bin/env perl
|
|
||||||
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
-#
|
|
||||||
-# Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
||||||
-# this file except in compliance with the License. You can obtain a copy
|
|
||||||
-# in the file LICENSE in the source distribution or at
|
|
||||||
-# https://www.openssl.org/source/license.html
|
|
||||||
-
|
|
||||||
-# ====================================================================
|
|
||||||
-# Written by Amitay Isaacs <amitay@ozlabs.org>, Martin Schwenke
|
|
||||||
-# <martin@meltin.net> & Alastair D'Silva <alastair@d-silva.org> for
|
|
||||||
-# the OpenSSL project.
|
|
||||||
-# ====================================================================
|
|
||||||
-
|
|
||||||
-#
|
|
||||||
-# Fixed length (n=6), unrolled PPC Montgomery Multiplication
|
|
||||||
-#
|
|
||||||
-
|
|
||||||
-# 2021
|
|
||||||
-#
|
|
||||||
-# Although this is a generic implementation for unrolling Montgomery
|
|
||||||
-# Multiplication for arbitrary values of n, this is currently only
|
|
||||||
-# used for n = 6 to improve the performance of ECC p384.
|
|
||||||
-#
|
|
||||||
-# Unrolling allows intermediate results to be stored in registers,
|
|
||||||
-# rather than on the stack, improving performance by ~7% compared to
|
|
||||||
-# the existing PPC assembly code.
|
|
||||||
-#
|
|
||||||
-# The ISA 3.0 implementation uses combination multiply/add
|
|
||||||
-# instructions (maddld, maddhdu) to improve performance by an
|
|
||||||
-# additional ~10% on Power 9.
|
|
||||||
-#
|
|
||||||
-# Finally, saving non-volatile registers into volatile vector
|
|
||||||
-# registers instead of onto the stack saves a little more.
|
|
||||||
-#
|
|
||||||
-# On a Power 9 machine we see an overall improvement of ~18%.
|
|
||||||
-#
|
|
||||||
-
|
|
||||||
-use strict;
|
|
||||||
-use warnings;
|
|
||||||
-
|
|
||||||
-my ($flavour, $output, $dir, $xlate);
|
|
||||||
-
|
|
||||||
-# $output is the last argument if it looks like a file (it has an extension)
|
|
||||||
-# $flavour is the first argument if it doesn't look like a file
|
|
||||||
-$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
|
|
||||||
-$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
|
|
||||||
-
|
|
||||||
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
|
|
||||||
-( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
|
|
||||||
-( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
|
|
||||||
-die "can't locate ppc-xlate.pl";
|
|
||||||
-
|
|
||||||
-open STDOUT,"| $^X $xlate $flavour \"$output\""
|
|
||||||
- or die "can't call $xlate: $!";
|
|
||||||
-
|
|
||||||
-if ($flavour !~ /64/) {
|
|
||||||
- die "bad flavour ($flavour) - only ppc64 permitted";
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-my $SIZE_T= 8;
|
|
||||||
-
|
|
||||||
-# Registers are global so the code is remotely readable
|
|
||||||
-
|
|
||||||
-# Parameters for Montgomery multiplication
|
|
||||||
-my $sp = "r1";
|
|
||||||
-my $toc = "r2";
|
|
||||||
-my $rp = "r3";
|
|
||||||
-my $ap = "r4";
|
|
||||||
-my $bp = "r5";
|
|
||||||
-my $np = "r6";
|
|
||||||
-my $n0 = "r7";
|
|
||||||
-my $num = "r8";
|
|
||||||
-
|
|
||||||
-my $i = "r9";
|
|
||||||
-my $c0 = "r10";
|
|
||||||
-my $bp0 = "r11";
|
|
||||||
-my $bpi = "r11";
|
|
||||||
-my $bpj = "r11";
|
|
||||||
-my $tj = "r12";
|
|
||||||
-my $apj = "r12";
|
|
||||||
-my $npj = "r12";
|
|
||||||
-my $lo = "r14";
|
|
||||||
-my $c1 = "r14";
|
|
||||||
-
|
|
||||||
-# Non-volatile registers used for tp[i]
|
|
||||||
-#
|
|
||||||
-# 12 registers are available but the limit on unrolling is 10,
|
|
||||||
-# since registers from $tp[0] to $tp[$n+1] are used.
|
|
||||||
-my @tp = ("r20" .. "r31");
|
|
||||||
-
|
|
||||||
-# volatile VSRs for saving non-volatile GPRs - faster than stack
|
|
||||||
-my @vsrs = ("v32" .. "v46");
|
|
||||||
-
|
|
||||||
-package Mont;
|
|
||||||
-
|
|
||||||
-sub new($$)
|
|
||||||
-{
|
|
||||||
- my ($class, $n) = @_;
|
|
||||||
-
|
|
||||||
- if ($n > 10) {
|
|
||||||
- die "Can't unroll for BN length ${n} (maximum 10)"
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- my $self = {
|
|
||||||
- code => "",
|
|
||||||
- n => $n,
|
|
||||||
- };
|
|
||||||
- bless $self, $class;
|
|
||||||
-
|
|
||||||
- return $self;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-sub add_code($$)
|
|
||||||
-{
|
|
||||||
- my ($self, $c) = @_;
|
|
||||||
-
|
|
||||||
- $self->{code} .= $c;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-sub get_code($)
|
|
||||||
-{
|
|
||||||
- my ($self) = @_;
|
|
||||||
-
|
|
||||||
- return $self->{code};
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-sub get_function_name($)
|
|
||||||
-{
|
|
||||||
- my ($self) = @_;
|
|
||||||
-
|
|
||||||
- return "bn_mul_mont_fixed_n" . $self->{n};
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-sub get_label($$)
|
|
||||||
-{
|
|
||||||
- my ($self, $l) = @_;
|
|
||||||
-
|
|
||||||
- return "L" . $l . "_" . $self->{n};
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-sub get_labels($@)
|
|
||||||
-{
|
|
||||||
- my ($self, @labels) = @_;
|
|
||||||
-
|
|
||||||
- my %out = ();
|
|
||||||
-
|
|
||||||
- foreach my $l (@labels) {
|
|
||||||
- $out{"$l"} = $self->get_label("$l");
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- return \%out;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-sub nl($)
|
|
||||||
-{
|
|
||||||
- my ($self) = @_;
|
|
||||||
-
|
|
||||||
- $self->add_code("\n");
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-sub copy_result($)
|
|
||||||
-{
|
|
||||||
- my ($self) = @_;
|
|
||||||
-
|
|
||||||
- my ($n) = $self->{n};
|
|
||||||
-
|
|
||||||
- for (my $j = 0; $j < $n; $j++) {
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- std $tp[$j],`$j*$SIZE_T`($rp)
|
|
||||||
-___
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-sub mul_mont_fixed($)
|
|
||||||
-{
|
|
||||||
- my ($self) = @_;
|
|
||||||
-
|
|
||||||
- my ($n) = $self->{n};
|
|
||||||
- my $fname = $self->get_function_name();
|
|
||||||
- my $label = $self->get_labels("outer", "enter", "sub", "copy", "end");
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
-
|
|
||||||
-.globl .${fname}
|
|
||||||
-.align 5
|
|
||||||
-.${fname}:
|
|
||||||
-
|
|
||||||
-___
|
|
||||||
-
|
|
||||||
- $self->save_registers();
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- ld $n0,0($n0)
|
|
||||||
-
|
|
||||||
- ld $bp0,0($bp)
|
|
||||||
-
|
|
||||||
- ld $apj,0($ap)
|
|
||||||
-___
|
|
||||||
-
|
|
||||||
- $self->mul_c_0($tp[0], $apj, $bp0, $c0);
|
|
||||||
-
|
|
||||||
- for (my $j = 1; $j < $n - 1; $j++) {
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- ld $apj,`$j*$SIZE_T`($ap)
|
|
||||||
-___
|
|
||||||
- $self->mul($tp[$j], $apj, $bp0, $c0);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- ld $apj,`($n-1)*$SIZE_T`($ap)
|
|
||||||
-___
|
|
||||||
-
|
|
||||||
- $self->mul_last($tp[$n-1], $tp[$n], $apj, $bp0, $c0);
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- li $tp[$n+1],0
|
|
||||||
-
|
|
||||||
-___
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- li $i,0
|
|
||||||
- mtctr $num
|
|
||||||
- b $label->{"enter"}
|
|
||||||
-
|
|
||||||
-.align 4
|
|
||||||
-$label->{"outer"}:
|
|
||||||
- ldx $bpi,$bp,$i
|
|
||||||
-
|
|
||||||
- ld $apj,0($ap)
|
|
||||||
-___
|
|
||||||
-
|
|
||||||
- $self->mul_add_c_0($tp[0], $tp[0], $apj, $bpi, $c0);
|
|
||||||
-
|
|
||||||
- for (my $j = 1; $j < $n; $j++) {
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- ld $apj,`$j*$SIZE_T`($ap)
|
|
||||||
-___
|
|
||||||
- $self->mul_add($tp[$j], $tp[$j], $apj, $bpi, $c0);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- addc $tp[$n],$tp[$n],$c0
|
|
||||||
- addze $tp[$n+1],$tp[$n+1]
|
|
||||||
-___
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
-.align 4
|
|
||||||
-$label->{"enter"}:
|
|
||||||
- mulld $bpi,$tp[0],$n0
|
|
||||||
-
|
|
||||||
- ld $npj,0($np)
|
|
||||||
-___
|
|
||||||
-
|
|
||||||
- $self->mul_add_c_0($lo, $tp[0], $bpi, $npj, $c0);
|
|
||||||
-
|
|
||||||
- for (my $j = 1; $j < $n; $j++) {
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- ld $npj,`$j*$SIZE_T`($np)
|
|
||||||
-___
|
|
||||||
- $self->mul_add($tp[$j-1], $tp[$j], $npj, $bpi, $c0);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- addc $tp[$n-1],$tp[$n],$c0
|
|
||||||
- addze $tp[$n],$tp[$n+1]
|
|
||||||
-
|
|
||||||
- addi $i,$i,$SIZE_T
|
|
||||||
- bdnz $label->{"outer"}
|
|
||||||
-
|
|
||||||
- and. $tp[$n],$tp[$n],$tp[$n]
|
|
||||||
- bne $label->{"sub"}
|
|
||||||
-
|
|
||||||
- cmpld $tp[$n-1],$npj
|
|
||||||
- blt $label->{"copy"}
|
|
||||||
-
|
|
||||||
-$label->{"sub"}:
|
|
||||||
-___
|
|
||||||
-
|
|
||||||
- #
|
|
||||||
- # Reduction
|
|
||||||
- #
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- ld $bpj,`0*$SIZE_T`($np)
|
|
||||||
- subfc $c1,$bpj,$tp[0]
|
|
||||||
- std $c1,`0*$SIZE_T`($rp)
|
|
||||||
-
|
|
||||||
-___
|
|
||||||
- for (my $j = 1; $j < $n - 1; $j++) {
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- ld $bpj,`$j*$SIZE_T`($np)
|
|
||||||
- subfe $c1,$bpj,$tp[$j]
|
|
||||||
- std $c1,`$j*$SIZE_T`($rp)
|
|
||||||
-
|
|
||||||
-___
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- subfe $c1,$npj,$tp[$n-1]
|
|
||||||
- std $c1,`($n-1)*$SIZE_T`($rp)
|
|
||||||
-
|
|
||||||
-___
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- addme. $tp[$n],$tp[$n]
|
|
||||||
- beq $label->{"end"}
|
|
||||||
-
|
|
||||||
-$label->{"copy"}:
|
|
||||||
-___
|
|
||||||
-
|
|
||||||
- $self->copy_result();
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
-
|
|
||||||
-$label->{"end"}:
|
|
||||||
-___
|
|
||||||
-
|
|
||||||
- $self->restore_registers();
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- li r3,1
|
|
||||||
- blr
|
|
||||||
-.size .${fname},.-.${fname}
|
|
||||||
-___
|
|
||||||
-
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-package Mont::GPR;
|
|
||||||
-
|
|
||||||
-our @ISA = ('Mont');
|
|
||||||
-
|
|
||||||
-sub new($$)
|
|
||||||
-{
|
|
||||||
- my ($class, $n) = @_;
|
|
||||||
-
|
|
||||||
- return $class->SUPER::new($n);
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-sub save_registers($)
|
|
||||||
-{
|
|
||||||
- my ($self) = @_;
|
|
||||||
-
|
|
||||||
- my $n = $self->{n};
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- std $lo,-8($sp)
|
|
||||||
-___
|
|
||||||
-
|
|
||||||
- for (my $j = 0; $j <= $n+1; $j++) {
|
|
||||||
- $self->{code}.=<<___;
|
|
||||||
- std $tp[$j],-`($j+2)*8`($sp)
|
|
||||||
-___
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
-
|
|
||||||
-___
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-sub restore_registers($)
|
|
||||||
-{
|
|
||||||
- my ($self) = @_;
|
|
||||||
-
|
|
||||||
- my $n = $self->{n};
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- ld $lo,-8($sp)
|
|
||||||
-___
|
|
||||||
-
|
|
||||||
- for (my $j = 0; $j <= $n+1; $j++) {
|
|
||||||
- $self->{code}.=<<___;
|
|
||||||
- ld $tp[$j],-`($j+2)*8`($sp)
|
|
||||||
-___
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- $self->{code} .=<<___;
|
|
||||||
-
|
|
||||||
-___
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-# Direct translation of C mul()
|
|
||||||
-sub mul($$$$$)
|
|
||||||
-{
|
|
||||||
- my ($self, $r, $a, $w, $c) = @_;
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- mulld $lo,$a,$w
|
|
||||||
- addc $r,$lo,$c
|
|
||||||
- mulhdu $c,$a,$w
|
|
||||||
- addze $c,$c
|
|
||||||
-
|
|
||||||
-___
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-# Like mul() but $c is ignored as an input - an optimisation to save a
|
|
||||||
-# preliminary instruction that would set input $c to 0
|
|
||||||
-sub mul_c_0($$$$$)
|
|
||||||
-{
|
|
||||||
- my ($self, $r, $a, $w, $c) = @_;
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- mulld $r,$a,$w
|
|
||||||
- mulhdu $c,$a,$w
|
|
||||||
-
|
|
||||||
-___
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-# Like mul() but does not to the final addition of CA into $c - an
|
|
||||||
-# optimisation to save an instruction
|
|
||||||
-sub mul_last($$$$$$)
|
|
||||||
-{
|
|
||||||
- my ($self, $r1, $r2, $a, $w, $c) = @_;
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- mulld $lo,$a,$w
|
|
||||||
- addc $r1,$lo,$c
|
|
||||||
- mulhdu $c,$a,$w
|
|
||||||
-
|
|
||||||
- addze $r2,$c
|
|
||||||
-___
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-# Like C mul_add() but allow $r_out and $r_in to be different
|
|
||||||
-sub mul_add($$$$$$)
|
|
||||||
-{
|
|
||||||
- my ($self, $r_out, $r_in, $a, $w, $c) = @_;
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- mulld $lo,$a,$w
|
|
||||||
- addc $lo,$lo,$c
|
|
||||||
- mulhdu $c,$a,$w
|
|
||||||
- addze $c,$c
|
|
||||||
- addc $r_out,$r_in,$lo
|
|
||||||
- addze $c,$c
|
|
||||||
-
|
|
||||||
-___
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-# Like mul_add() but $c is ignored as an input - an optimisation to save a
|
|
||||||
-# preliminary instruction that would set input $c to 0
|
|
||||||
-sub mul_add_c_0($$$$$$)
|
|
||||||
-{
|
|
||||||
- my ($self, $r_out, $r_in, $a, $w, $c) = @_;
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- mulld $lo,$a,$w
|
|
||||||
- addc $r_out,$r_in,$lo
|
|
||||||
- mulhdu $c,$a,$w
|
|
||||||
- addze $c,$c
|
|
||||||
-
|
|
||||||
-___
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-package Mont::GPR_300;
|
|
||||||
-
|
|
||||||
-our @ISA = ('Mont::GPR');
|
|
||||||
-
|
|
||||||
-sub new($$)
|
|
||||||
-{
|
|
||||||
- my ($class, $n) = @_;
|
|
||||||
-
|
|
||||||
- my $mont = $class->SUPER::new($n);
|
|
||||||
-
|
|
||||||
- return $mont;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-sub get_function_name($)
|
|
||||||
-{
|
|
||||||
- my ($self) = @_;
|
|
||||||
-
|
|
||||||
- return "bn_mul_mont_300_fixed_n" . $self->{n};
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-sub get_label($$)
|
|
||||||
-{
|
|
||||||
- my ($self, $l) = @_;
|
|
||||||
-
|
|
||||||
- return "L" . $l . "_300_" . $self->{n};
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-# Direct translation of C mul()
|
|
||||||
-sub mul($$$$$)
|
|
||||||
-{
|
|
||||||
- my ($self, $r, $a, $w, $c, $last) = @_;
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- maddld $r,$a,$w,$c
|
|
||||||
- maddhdu $c,$a,$w,$c
|
|
||||||
-
|
|
||||||
-___
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-# Save the last carry as the final entry
|
|
||||||
-sub mul_last($$$$$)
|
|
||||||
-{
|
|
||||||
- my ($self, $r1, $r2, $a, $w, $c) = @_;
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- maddld $r1,$a,$w,$c
|
|
||||||
- maddhdu $r2,$a,$w,$c
|
|
||||||
-
|
|
||||||
-___
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-# Like mul() but $c is ignored as an input - an optimisation to save a
|
|
||||||
-# preliminary instruction that would set input $c to 0
|
|
||||||
-sub mul_c_0($$$$$)
|
|
||||||
-{
|
|
||||||
- my ($self, $r, $a, $w, $c) = @_;
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- mulld $r,$a,$w
|
|
||||||
- mulhdu $c,$a,$w
|
|
||||||
-
|
|
||||||
-___
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-# Like C mul_add() but allow $r_out and $r_in to be different
|
|
||||||
-sub mul_add($$$$$$)
|
|
||||||
-{
|
|
||||||
- my ($self, $r_out, $r_in, $a, $w, $c) = @_;
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- maddld $lo,$a,$w,$c
|
|
||||||
- maddhdu $c,$a,$w,$c
|
|
||||||
- addc $r_out,$r_in,$lo
|
|
||||||
- addze $c,$c
|
|
||||||
-
|
|
||||||
-___
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-# Like mul_add() but $c is ignored as an input - an optimisation to save a
|
|
||||||
-# preliminary instruction that would set input $c to 0
|
|
||||||
-sub mul_add_c_0($$$$$$)
|
|
||||||
-{
|
|
||||||
- my ($self, $r_out, $r_in, $a, $w, $c) = @_;
|
|
||||||
-
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- maddld $lo,$a,$w,$r_in
|
|
||||||
- maddhdu $c,$a,$w,$r_in
|
|
||||||
-___
|
|
||||||
-
|
|
||||||
- if ($r_out ne $lo) {
|
|
||||||
- $self->add_code(<<___);
|
|
||||||
- mr $r_out,$lo
|
|
||||||
-___
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- $self->nl();
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-
|
|
||||||
-package main;
|
|
||||||
-
|
|
||||||
-my $code;
|
|
||||||
-
|
|
||||||
-$code.=<<___;
|
|
||||||
-.machine "any"
|
|
||||||
-.text
|
|
||||||
-___
|
|
||||||
-
|
|
||||||
-my $mont;
|
|
||||||
-
|
|
||||||
-$mont = new Mont::GPR(6);
|
|
||||||
-$mont->mul_mont_fixed();
|
|
||||||
-$code .= $mont->get_code();
|
|
||||||
-
|
|
||||||
-$mont = new Mont::GPR_300(6);
|
|
||||||
-$mont->mul_mont_fixed();
|
|
||||||
-$code .= $mont->get_code();
|
|
||||||
-
|
|
||||||
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
|
|
||||||
-
|
|
||||||
-$code.=<<___;
|
|
||||||
-.asciz "Montgomery Multiplication for PPC by <amitay\@ozlabs.org>, <alastair\@d-silva.org>"
|
|
||||||
-___
|
|
||||||
-
|
|
||||||
-print $code;
|
|
||||||
-close STDOUT or die "error closing STDOUT: $!";
|
|
||||||
diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c
|
|
||||||
index 1e9421bee213..3ee76ea96574 100644
|
|
||||||
--- a/crypto/bn/bn_ppc.c
|
|
||||||
+++ b/crypto/bn/bn_ppc.c
|
|
||||||
@@ -19,12 +19,6 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
|
||||||
const BN_ULONG *np, const BN_ULONG *n0, int num);
|
|
||||||
int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
|
||||||
const BN_ULONG *np, const BN_ULONG *n0, int num);
|
|
||||||
- int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
|
|
||||||
- const BN_ULONG *bp, const BN_ULONG *np,
|
|
||||||
- const BN_ULONG *n0, int num);
|
|
||||||
- int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
|
|
||||||
- const BN_ULONG *bp, const BN_ULONG *np,
|
|
||||||
- const BN_ULONG *n0, int num);
|
|
||||||
|
|
||||||
if (num < 4)
|
|
||||||
return 0;
|
|
||||||
@@ -40,14 +34,5 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
|
||||||
* no opportunity to figure it out...
|
|
||||||
*/
|
|
||||||
|
|
||||||
-#if defined(_ARCH_PPC64)
|
|
||||||
- if (num == 6) {
|
|
||||||
- if (OPENSSL_ppccap_P & PPC_MADD300)
|
|
||||||
- return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
|
|
||||||
- else
|
|
||||||
- return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
return bn_mul_mont_int(rp, ap, bp, np, n0, num);
|
|
||||||
}
|
|
||||||
diff --git a/crypto/bn/build.info b/crypto/bn/build.info
|
|
||||||
index 987a70ae263b..4f8d0689b5ea 100644
|
|
||||||
--- a/crypto/bn/build.info
|
|
||||||
+++ b/crypto/bn/build.info
|
|
||||||
@@ -79,7 +79,7 @@ IF[{- !$disabled{asm} -}]
|
|
||||||
|
|
||||||
$BNASM_ppc32=bn_ppc.c bn-ppc.s ppc-mont.s
|
|
||||||
$BNDEF_ppc32=OPENSSL_BN_ASM_MONT
|
|
||||||
- $BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s
|
|
||||||
+ $BNASM_ppc64=$BNASM_ppc32
|
|
||||||
$BNDEF_ppc64=$BNDEF_ppc32
|
|
||||||
|
|
||||||
$BNASM_c64xplus=asm/bn-c64xplus.asm
|
|
||||||
@@ -173,7 +173,6 @@ GENERATE[parisc-mont.s]=asm/parisc-mont.pl
|
|
||||||
GENERATE[bn-ppc.s]=asm/ppc.pl
|
|
||||||
GENERATE[ppc-mont.s]=asm/ppc-mont.pl
|
|
||||||
GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl
|
|
||||||
-GENERATE[ppc64-mont-fixed.s]=asm/ppc64-mont-fixed.pl
|
|
||||||
|
|
||||||
GENERATE[alpha-mont.S]=asm/alpha-mont.pl
|
|
||||||
|
|
||||||
diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
|
||||||
index f36982845db4..1543ed9f7534 100644
|
|
||||||
--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
|
||||||
+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
|
||||||
@@ -97,6 +97,18 @@ Key = P-256-PUBLIC
|
|
||||||
Input = "Hello World"
|
|
||||||
Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
|
|
||||||
|
|
||||||
+PublicKey=P-384-PUBLIC
|
|
||||||
+-----BEGIN PUBLIC KEY-----
|
|
||||||
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAES/TlL5WEJ+u1kV+4yVlVUbTTo/2rZ7rd
|
|
||||||
+nWwwk/QlukNjDfcfQvDrfOqpTZ9kSKhd0wMxWIJJ/S/cCzCex+2EgbwW8ngAwT19
|
|
||||||
+twD8guGxyFRaoMDTtW47/nifwYqRaIfC
|
|
||||||
+-----END PUBLIC KEY-----
|
|
||||||
+
|
|
||||||
+DigestVerify = SHA384
|
|
||||||
+Key = P-384-PUBLIC
|
|
||||||
+Input = "123400"
|
|
||||||
+Output = 304d0218389cb27e0bc8d21fa7e5f24cb74f58851313e696333ad68b023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52970
|
|
||||||
+
|
|
||||||
# Oneshot tests
|
|
||||||
OneShotDigestVerify = SHA256
|
|
||||||
Key = P-256-PUBLIC
|
|
703
SOURCES/0067-ppc64le-Montgomery-multiply.patch
Normal file
703
SOURCES/0067-ppc64le-Montgomery-multiply.patch
Normal file
@ -0,0 +1,703 @@
|
|||||||
|
From 33ffd36afa7594aeb958a925f521cb287ca850c8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Rohan McLure <rohanmclure@linux.ibm.com>
|
||||||
|
Date: Mon, 27 Jun 2022 12:14:55 +1000
|
||||||
|
Subject: [PATCH 1/2] Revert "Revert "bn: Add fixed length (n=6), unrolled PPC
|
||||||
|
Montgomery Multiplication""
|
||||||
|
|
||||||
|
This reverts commit 712d9cc90e355b2c98a959d4e9398610d2269c9e.
|
||||||
|
---
|
||||||
|
crypto/bn/asm/ppc64-mont-fixed.pl | 581 ++++++++++++++++++++++++++++++
|
||||||
|
crypto/bn/bn_ppc.c | 15 +
|
||||||
|
crypto/bn/build.info | 3 +-
|
||||||
|
3 files changed, 598 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/bn/asm/ppc64-mont-fixed.pl b/crypto/bn/asm/ppc64-mont-fixed.pl
|
||||||
|
index e69de29bb2d1..0fb397bc5f12 100755
|
||||||
|
--- a/crypto/bn/asm/ppc64-mont-fixed.pl
|
||||||
|
+++ b/crypto/bn/asm/ppc64-mont-fixed.pl
|
||||||
|
@@ -0,0 +1,581 @@
|
||||||
|
+#! /usr/bin/env perl
|
||||||
|
+# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
+#
|
||||||
|
+# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
|
+# this file except in compliance with the License. You can obtain a copy
|
||||||
|
+# in the file LICENSE in the source distribution or at
|
||||||
|
+# https://www.openssl.org/source/license.html
|
||||||
|
+
|
||||||
|
+# ====================================================================
|
||||||
|
+# Written by Amitay Isaacs <amitay@ozlabs.org>, Martin Schwenke
|
||||||
|
+# <martin@meltin.net> & Alastair D'Silva <alastair@d-silva.org> for
|
||||||
|
+# the OpenSSL project.
|
||||||
|
+# ====================================================================
|
||||||
|
+
|
||||||
|
+#
|
||||||
|
+# Fixed length (n=6), unrolled PPC Montgomery Multiplication
|
||||||
|
+#
|
||||||
|
+
|
||||||
|
+# 2021
|
||||||
|
+#
|
||||||
|
+# Although this is a generic implementation for unrolling Montgomery
|
||||||
|
+# Multiplication for arbitrary values of n, this is currently only
|
||||||
|
+# used for n = 6 to improve the performance of ECC p384.
|
||||||
|
+#
|
||||||
|
+# Unrolling allows intermediate results to be stored in registers,
|
||||||
|
+# rather than on the stack, improving performance by ~7% compared to
|
||||||
|
+# the existing PPC assembly code.
|
||||||
|
+#
|
||||||
|
+# The ISA 3.0 implementation uses combination multiply/add
|
||||||
|
+# instructions (maddld, maddhdu) to improve performance by an
|
||||||
|
+# additional ~10% on Power 9.
|
||||||
|
+#
|
||||||
|
+# Finally, saving non-volatile registers into volatile vector
|
||||||
|
+# registers instead of onto the stack saves a little more.
|
||||||
|
+#
|
||||||
|
+# On a Power 9 machine we see an overall improvement of ~18%.
|
||||||
|
+#
|
||||||
|
+
|
||||||
|
+use strict;
|
||||||
|
+use warnings;
|
||||||
|
+
|
||||||
|
+my ($flavour, $output, $dir, $xlate);
|
||||||
|
+
|
||||||
|
+# $output is the last argument if it looks like a file (it has an extension)
|
||||||
|
+# $flavour is the first argument if it doesn't look like a file
|
||||||
|
+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
|
||||||
|
+$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
|
||||||
|
+
|
||||||
|
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
|
||||||
|
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
|
||||||
|
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
|
||||||
|
+die "can't locate ppc-xlate.pl";
|
||||||
|
+
|
||||||
|
+open STDOUT,"| $^X $xlate $flavour \"$output\""
|
||||||
|
+ or die "can't call $xlate: $!";
|
||||||
|
+
|
||||||
|
+if ($flavour !~ /64/) {
|
||||||
|
+ die "bad flavour ($flavour) - only ppc64 permitted";
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+my $SIZE_T= 8;
|
||||||
|
+
|
||||||
|
+# Registers are global so the code is remotely readable
|
||||||
|
+
|
||||||
|
+# Parameters for Montgomery multiplication
|
||||||
|
+my $sp = "r1";
|
||||||
|
+my $toc = "r2";
|
||||||
|
+my $rp = "r3";
|
||||||
|
+my $ap = "r4";
|
||||||
|
+my $bp = "r5";
|
||||||
|
+my $np = "r6";
|
||||||
|
+my $n0 = "r7";
|
||||||
|
+my $num = "r8";
|
||||||
|
+
|
||||||
|
+my $i = "r9";
|
||||||
|
+my $c0 = "r10";
|
||||||
|
+my $bp0 = "r11";
|
||||||
|
+my $bpi = "r11";
|
||||||
|
+my $bpj = "r11";
|
||||||
|
+my $tj = "r12";
|
||||||
|
+my $apj = "r12";
|
||||||
|
+my $npj = "r12";
|
||||||
|
+my $lo = "r14";
|
||||||
|
+my $c1 = "r14";
|
||||||
|
+
|
||||||
|
+# Non-volatile registers used for tp[i]
|
||||||
|
+#
|
||||||
|
+# 12 registers are available but the limit on unrolling is 10,
|
||||||
|
+# since registers from $tp[0] to $tp[$n+1] are used.
|
||||||
|
+my @tp = ("r20" .. "r31");
|
||||||
|
+
|
||||||
|
+# volatile VSRs for saving non-volatile GPRs - faster than stack
|
||||||
|
+my @vsrs = ("v32" .. "v46");
|
||||||
|
+
|
||||||
|
+package Mont;
|
||||||
|
+
|
||||||
|
+sub new($$)
|
||||||
|
+{
|
||||||
|
+ my ($class, $n) = @_;
|
||||||
|
+
|
||||||
|
+ if ($n > 10) {
|
||||||
|
+ die "Can't unroll for BN length ${n} (maximum 10)"
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ my $self = {
|
||||||
|
+ code => "",
|
||||||
|
+ n => $n,
|
||||||
|
+ };
|
||||||
|
+ bless $self, $class;
|
||||||
|
+
|
||||||
|
+ return $self;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+sub add_code($$)
|
||||||
|
+{
|
||||||
|
+ my ($self, $c) = @_;
|
||||||
|
+
|
||||||
|
+ $self->{code} .= $c;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+sub get_code($)
|
||||||
|
+{
|
||||||
|
+ my ($self) = @_;
|
||||||
|
+
|
||||||
|
+ return $self->{code};
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+sub get_function_name($)
|
||||||
|
+{
|
||||||
|
+ my ($self) = @_;
|
||||||
|
+
|
||||||
|
+ return "bn_mul_mont_fixed_n" . $self->{n};
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+sub get_label($$)
|
||||||
|
+{
|
||||||
|
+ my ($self, $l) = @_;
|
||||||
|
+
|
||||||
|
+ return "L" . $l . "_" . $self->{n};
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+sub get_labels($@)
|
||||||
|
+{
|
||||||
|
+ my ($self, @labels) = @_;
|
||||||
|
+
|
||||||
|
+ my %out = ();
|
||||||
|
+
|
||||||
|
+ foreach my $l (@labels) {
|
||||||
|
+ $out{"$l"} = $self->get_label("$l");
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return \%out;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+sub nl($)
|
||||||
|
+{
|
||||||
|
+ my ($self) = @_;
|
||||||
|
+
|
||||||
|
+ $self->add_code("\n");
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+sub copy_result($)
|
||||||
|
+{
|
||||||
|
+ my ($self) = @_;
|
||||||
|
+
|
||||||
|
+ my ($n) = $self->{n};
|
||||||
|
+
|
||||||
|
+ for (my $j = 0; $j < $n; $j++) {
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ std $tp[$j],`$j*$SIZE_T`($rp)
|
||||||
|
+___
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+sub mul_mont_fixed($)
|
||||||
|
+{
|
||||||
|
+ my ($self) = @_;
|
||||||
|
+
|
||||||
|
+ my ($n) = $self->{n};
|
||||||
|
+ my $fname = $self->get_function_name();
|
||||||
|
+ my $label = $self->get_labels("outer", "enter", "sub", "copy", "end");
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+
|
||||||
|
+.globl .${fname}
|
||||||
|
+.align 5
|
||||||
|
+.${fname}:
|
||||||
|
+
|
||||||
|
+___
|
||||||
|
+
|
||||||
|
+ $self->save_registers();
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ ld $n0,0($n0)
|
||||||
|
+
|
||||||
|
+ ld $bp0,0($bp)
|
||||||
|
+
|
||||||
|
+ ld $apj,0($ap)
|
||||||
|
+___
|
||||||
|
+
|
||||||
|
+ $self->mul_c_0($tp[0], $apj, $bp0, $c0);
|
||||||
|
+
|
||||||
|
+ for (my $j = 1; $j < $n - 1; $j++) {
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ ld $apj,`$j*$SIZE_T`($ap)
|
||||||
|
+___
|
||||||
|
+ $self->mul($tp[$j], $apj, $bp0, $c0);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ ld $apj,`($n-1)*$SIZE_T`($ap)
|
||||||
|
+___
|
||||||
|
+
|
||||||
|
+ $self->mul_last($tp[$n-1], $tp[$n], $apj, $bp0, $c0);
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ li $tp[$n+1],0
|
||||||
|
+
|
||||||
|
+___
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ li $i,0
|
||||||
|
+ mtctr $num
|
||||||
|
+ b $label->{"enter"}
|
||||||
|
+
|
||||||
|
+.align 4
|
||||||
|
+$label->{"outer"}:
|
||||||
|
+ ldx $bpi,$bp,$i
|
||||||
|
+
|
||||||
|
+ ld $apj,0($ap)
|
||||||
|
+___
|
||||||
|
+
|
||||||
|
+ $self->mul_add_c_0($tp[0], $tp[0], $apj, $bpi, $c0);
|
||||||
|
+
|
||||||
|
+ for (my $j = 1; $j < $n; $j++) {
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ ld $apj,`$j*$SIZE_T`($ap)
|
||||||
|
+___
|
||||||
|
+ $self->mul_add($tp[$j], $tp[$j], $apj, $bpi, $c0);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ addc $tp[$n],$tp[$n],$c0
|
||||||
|
+ addze $tp[$n+1],$tp[$n+1]
|
||||||
|
+___
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+.align 4
|
||||||
|
+$label->{"enter"}:
|
||||||
|
+ mulld $bpi,$tp[0],$n0
|
||||||
|
+
|
||||||
|
+ ld $npj,0($np)
|
||||||
|
+___
|
||||||
|
+
|
||||||
|
+ $self->mul_add_c_0($lo, $tp[0], $bpi, $npj, $c0);
|
||||||
|
+
|
||||||
|
+ for (my $j = 1; $j < $n; $j++) {
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ ld $npj,`$j*$SIZE_T`($np)
|
||||||
|
+___
|
||||||
|
+ $self->mul_add($tp[$j-1], $tp[$j], $npj, $bpi, $c0);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ addc $tp[$n-1],$tp[$n],$c0
|
||||||
|
+ addze $tp[$n],$tp[$n+1]
|
||||||
|
+
|
||||||
|
+ addi $i,$i,$SIZE_T
|
||||||
|
+ bdnz $label->{"outer"}
|
||||||
|
+
|
||||||
|
+ and. $tp[$n],$tp[$n],$tp[$n]
|
||||||
|
+ bne $label->{"sub"}
|
||||||
|
+
|
||||||
|
+ cmpld $tp[$n-1],$npj
|
||||||
|
+ blt $label->{"copy"}
|
||||||
|
+
|
||||||
|
+$label->{"sub"}:
|
||||||
|
+___
|
||||||
|
+
|
||||||
|
+ #
|
||||||
|
+ # Reduction
|
||||||
|
+ #
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ ld $bpj,`0*$SIZE_T`($np)
|
||||||
|
+ subfc $c1,$bpj,$tp[0]
|
||||||
|
+ std $c1,`0*$SIZE_T`($rp)
|
||||||
|
+
|
||||||
|
+___
|
||||||
|
+ for (my $j = 1; $j < $n - 1; $j++) {
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ ld $bpj,`$j*$SIZE_T`($np)
|
||||||
|
+ subfe $c1,$bpj,$tp[$j]
|
||||||
|
+ std $c1,`$j*$SIZE_T`($rp)
|
||||||
|
+
|
||||||
|
+___
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ subfe $c1,$npj,$tp[$n-1]
|
||||||
|
+ std $c1,`($n-1)*$SIZE_T`($rp)
|
||||||
|
+
|
||||||
|
+___
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ addme. $tp[$n],$tp[$n]
|
||||||
|
+ beq $label->{"end"}
|
||||||
|
+
|
||||||
|
+$label->{"copy"}:
|
||||||
|
+___
|
||||||
|
+
|
||||||
|
+ $self->copy_result();
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+
|
||||||
|
+$label->{"end"}:
|
||||||
|
+___
|
||||||
|
+
|
||||||
|
+ $self->restore_registers();
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ li r3,1
|
||||||
|
+ blr
|
||||||
|
+.size .${fname},.-.${fname}
|
||||||
|
+___
|
||||||
|
+
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+package Mont::GPR;
|
||||||
|
+
|
||||||
|
+our @ISA = ('Mont');
|
||||||
|
+
|
||||||
|
+sub new($$)
|
||||||
|
+{
|
||||||
|
+ my ($class, $n) = @_;
|
||||||
|
+
|
||||||
|
+ return $class->SUPER::new($n);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+sub save_registers($)
|
||||||
|
+{
|
||||||
|
+ my ($self) = @_;
|
||||||
|
+
|
||||||
|
+ my $n = $self->{n};
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ std $lo,-8($sp)
|
||||||
|
+___
|
||||||
|
+
|
||||||
|
+ for (my $j = 0; $j <= $n+1; $j++) {
|
||||||
|
+ $self->{code}.=<<___;
|
||||||
|
+ std $tp[$j],-`($j+2)*8`($sp)
|
||||||
|
+___
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+
|
||||||
|
+___
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+sub restore_registers($)
|
||||||
|
+{
|
||||||
|
+ my ($self) = @_;
|
||||||
|
+
|
||||||
|
+ my $n = $self->{n};
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ ld $lo,-8($sp)
|
||||||
|
+___
|
||||||
|
+
|
||||||
|
+ for (my $j = 0; $j <= $n+1; $j++) {
|
||||||
|
+ $self->{code}.=<<___;
|
||||||
|
+ ld $tp[$j],-`($j+2)*8`($sp)
|
||||||
|
+___
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ $self->{code} .=<<___;
|
||||||
|
+
|
||||||
|
+___
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+# Direct translation of C mul()
|
||||||
|
+sub mul($$$$$)
|
||||||
|
+{
|
||||||
|
+ my ($self, $r, $a, $w, $c) = @_;
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ mulld $lo,$a,$w
|
||||||
|
+ addc $r,$lo,$c
|
||||||
|
+ mulhdu $c,$a,$w
|
||||||
|
+ addze $c,$c
|
||||||
|
+
|
||||||
|
+___
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+# Like mul() but $c is ignored as an input - an optimisation to save a
|
||||||
|
+# preliminary instruction that would set input $c to 0
|
||||||
|
+sub mul_c_0($$$$$)
|
||||||
|
+{
|
||||||
|
+ my ($self, $r, $a, $w, $c) = @_;
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ mulld $r,$a,$w
|
||||||
|
+ mulhdu $c,$a,$w
|
||||||
|
+
|
||||||
|
+___
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+# Like mul() but does not to the final addition of CA into $c - an
|
||||||
|
+# optimisation to save an instruction
|
||||||
|
+sub mul_last($$$$$$)
|
||||||
|
+{
|
||||||
|
+ my ($self, $r1, $r2, $a, $w, $c) = @_;
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ mulld $lo,$a,$w
|
||||||
|
+ addc $r1,$lo,$c
|
||||||
|
+ mulhdu $c,$a,$w
|
||||||
|
+
|
||||||
|
+ addze $r2,$c
|
||||||
|
+___
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+# Like C mul_add() but allow $r_out and $r_in to be different
|
||||||
|
+sub mul_add($$$$$$)
|
||||||
|
+{
|
||||||
|
+ my ($self, $r_out, $r_in, $a, $w, $c) = @_;
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ mulld $lo,$a,$w
|
||||||
|
+ addc $lo,$lo,$c
|
||||||
|
+ mulhdu $c,$a,$w
|
||||||
|
+ addze $c,$c
|
||||||
|
+ addc $r_out,$r_in,$lo
|
||||||
|
+ addze $c,$c
|
||||||
|
+
|
||||||
|
+___
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+# Like mul_add() but $c is ignored as an input - an optimisation to save a
|
||||||
|
+# preliminary instruction that would set input $c to 0
|
||||||
|
+sub mul_add_c_0($$$$$$)
|
||||||
|
+{
|
||||||
|
+ my ($self, $r_out, $r_in, $a, $w, $c) = @_;
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ mulld $lo,$a,$w
|
||||||
|
+ addc $r_out,$r_in,$lo
|
||||||
|
+ mulhdu $c,$a,$w
|
||||||
|
+ addze $c,$c
|
||||||
|
+
|
||||||
|
+___
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+package Mont::GPR_300;
|
||||||
|
+
|
||||||
|
+our @ISA = ('Mont::GPR');
|
||||||
|
+
|
||||||
|
+sub new($$)
|
||||||
|
+{
|
||||||
|
+ my ($class, $n) = @_;
|
||||||
|
+
|
||||||
|
+ my $mont = $class->SUPER::new($n);
|
||||||
|
+
|
||||||
|
+ return $mont;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+sub get_function_name($)
|
||||||
|
+{
|
||||||
|
+ my ($self) = @_;
|
||||||
|
+
|
||||||
|
+ return "bn_mul_mont_300_fixed_n" . $self->{n};
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+sub get_label($$)
|
||||||
|
+{
|
||||||
|
+ my ($self, $l) = @_;
|
||||||
|
+
|
||||||
|
+ return "L" . $l . "_300_" . $self->{n};
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+# Direct translation of C mul()
|
||||||
|
+sub mul($$$$$)
|
||||||
|
+{
|
||||||
|
+ my ($self, $r, $a, $w, $c, $last) = @_;
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ maddld $r,$a,$w,$c
|
||||||
|
+ maddhdu $c,$a,$w,$c
|
||||||
|
+
|
||||||
|
+___
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+# Save the last carry as the final entry
|
||||||
|
+sub mul_last($$$$$)
|
||||||
|
+{
|
||||||
|
+ my ($self, $r1, $r2, $a, $w, $c) = @_;
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ maddld $r1,$a,$w,$c
|
||||||
|
+ maddhdu $r2,$a,$w,$c
|
||||||
|
+
|
||||||
|
+___
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+# Like mul() but $c is ignored as an input - an optimisation to save a
|
||||||
|
+# preliminary instruction that would set input $c to 0
|
||||||
|
+sub mul_c_0($$$$$)
|
||||||
|
+{
|
||||||
|
+ my ($self, $r, $a, $w, $c) = @_;
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ mulld $r,$a,$w
|
||||||
|
+ mulhdu $c,$a,$w
|
||||||
|
+
|
||||||
|
+___
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+# Like C mul_add() but allow $r_out and $r_in to be different
|
||||||
|
+sub mul_add($$$$$$)
|
||||||
|
+{
|
||||||
|
+ my ($self, $r_out, $r_in, $a, $w, $c) = @_;
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ maddld $lo,$a,$w,$c
|
||||||
|
+ maddhdu $c,$a,$w,$c
|
||||||
|
+ addc $r_out,$r_in,$lo
|
||||||
|
+ addze $c,$c
|
||||||
|
+
|
||||||
|
+___
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+# Like mul_add() but $c is ignored as an input - an optimisation to save a
|
||||||
|
+# preliminary instruction that would set input $c to 0
|
||||||
|
+sub mul_add_c_0($$$$$$)
|
||||||
|
+{
|
||||||
|
+ my ($self, $r_out, $r_in, $a, $w, $c) = @_;
|
||||||
|
+
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ maddld $lo,$a,$w,$r_in
|
||||||
|
+ maddhdu $c,$a,$w,$r_in
|
||||||
|
+___
|
||||||
|
+
|
||||||
|
+ if ($r_out ne $lo) {
|
||||||
|
+ $self->add_code(<<___);
|
||||||
|
+ mr $r_out,$lo
|
||||||
|
+___
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ $self->nl();
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+package main;
|
||||||
|
+
|
||||||
|
+my $code;
|
||||||
|
+
|
||||||
|
+$code.=<<___;
|
||||||
|
+.machine "any"
|
||||||
|
+.text
|
||||||
|
+___
|
||||||
|
+
|
||||||
|
+my $mont;
|
||||||
|
+
|
||||||
|
+$mont = new Mont::GPR(6);
|
||||||
|
+$mont->mul_mont_fixed();
|
||||||
|
+$code .= $mont->get_code();
|
||||||
|
+
|
||||||
|
+$mont = new Mont::GPR_300(6);
|
||||||
|
+$mont->mul_mont_fixed();
|
||||||
|
+$code .= $mont->get_code();
|
||||||
|
+
|
||||||
|
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
|
||||||
|
+
|
||||||
|
+$code.=<<___;
|
||||||
|
+.asciz "Montgomery Multiplication for PPC by <amitay\@ozlabs.org>, <alastair\@d-silva.org>"
|
||||||
|
+___
|
||||||
|
+
|
||||||
|
+print $code;
|
||||||
|
+close STDOUT or die "error closing STDOUT: $!";
|
||||||
|
diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c
|
||||||
|
index 3ee76ea96574..1e9421bee213 100644
|
||||||
|
--- a/crypto/bn/bn_ppc.c
|
||||||
|
+++ b/crypto/bn/bn_ppc.c
|
||||||
|
@@ -19,6 +19,12 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||||
|
const BN_ULONG *np, const BN_ULONG *n0, int num);
|
||||||
|
int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||||
|
const BN_ULONG *np, const BN_ULONG *n0, int num);
|
||||||
|
+ int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
|
||||||
|
+ const BN_ULONG *bp, const BN_ULONG *np,
|
||||||
|
+ const BN_ULONG *n0, int num);
|
||||||
|
+ int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
|
||||||
|
+ const BN_ULONG *bp, const BN_ULONG *np,
|
||||||
|
+ const BN_ULONG *n0, int num);
|
||||||
|
|
||||||
|
if (num < 4)
|
||||||
|
return 0;
|
||||||
|
@@ -34,5 +40,14 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||||
|
* no opportunity to figure it out...
|
||||||
|
*/
|
||||||
|
|
||||||
|
+#if defined(_ARCH_PPC64) && !defined(__ILP32__)
|
||||||
|
+ if (num == 6) {
|
||||||
|
+ if (OPENSSL_ppccap_P & PPC_MADD300)
|
||||||
|
+ return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
|
||||||
|
+ else
|
||||||
|
+ return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
return bn_mul_mont_int(rp, ap, bp, np, n0, num);
|
||||||
|
}
|
||||||
|
diff --git a/crypto/bn/build.info b/crypto/bn/build.info
|
||||||
|
index 4f8d0689b5ea..987a70ae263b 100644
|
||||||
|
--- a/crypto/bn/build.info
|
||||||
|
+++ b/crypto/bn/build.info
|
||||||
|
@@ -79,7 +79,7 @@ IF[{- !$disabled{asm} -}]
|
||||||
|
|
||||||
|
$BNASM_ppc32=bn_ppc.c bn-ppc.s ppc-mont.s
|
||||||
|
$BNDEF_ppc32=OPENSSL_BN_ASM_MONT
|
||||||
|
- $BNASM_ppc64=$BNASM_ppc32
|
||||||
|
+ $BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s
|
||||||
|
$BNDEF_ppc64=$BNDEF_ppc32
|
||||||
|
|
||||||
|
$BNASM_c64xplus=asm/bn-c64xplus.asm
|
||||||
|
@@ -173,6 +173,7 @@ GENERATE[parisc-mont.s]=asm/parisc-mont.pl
|
||||||
|
GENERATE[bn-ppc.s]=asm/ppc.pl
|
||||||
|
GENERATE[ppc-mont.s]=asm/ppc-mont.pl
|
||||||
|
GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl
|
||||||
|
+GENERATE[ppc64-mont-fixed.s]=asm/ppc64-mont-fixed.pl
|
||||||
|
|
||||||
|
GENERATE[alpha-mont.S]=asm/alpha-mont.pl
|
||||||
|
|
||||||
|
|
||||||
|
From 01ebad0d6e3a09bc9e32350b402901471610a3dc Mon Sep 17 00:00:00 2001
|
||||||
|
From: Rohan McLure <rohanmclure@linux.ibm.com>
|
||||||
|
Date: Thu, 30 Jun 2022 16:21:06 +1000
|
||||||
|
Subject: [PATCH 2/2] Fix unrolled montgomery multiplication for POWER9
|
||||||
|
|
||||||
|
In the reference C implementation in bn_asm.c, tp[num + 1] contains the
|
||||||
|
carry bit for accumulations into tp[num]. tp[num + 1] is only ever
|
||||||
|
assigned, never itself incremented.
|
||||||
|
---
|
||||||
|
crypto/bn/asm/ppc64-mont-fixed.pl | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/bn/asm/ppc64-mont-fixed.pl b/crypto/bn/asm/ppc64-mont-fixed.pl
|
||||||
|
index 0fb397bc5f12..e27d0ad93d85 100755
|
||||||
|
--- a/crypto/bn/asm/ppc64-mont-fixed.pl
|
||||||
|
+++ b/crypto/bn/asm/ppc64-mont-fixed.pl
|
||||||
|
@@ -63,6 +63,7 @@
|
||||||
|
# Registers are global so the code is remotely readable
|
||||||
|
|
||||||
|
# Parameters for Montgomery multiplication
|
||||||
|
+my $ze = "r0";
|
||||||
|
my $sp = "r1";
|
||||||
|
my $toc = "r2";
|
||||||
|
my $rp = "r3";
|
||||||
|
@@ -192,6 +193,7 @@ ($)
|
||||||
|
$self->save_registers();
|
||||||
|
|
||||||
|
$self->add_code(<<___);
|
||||||
|
+ li $ze,0
|
||||||
|
ld $n0,0($n0)
|
||||||
|
|
||||||
|
ld $bp0,0($bp)
|
||||||
|
@@ -242,7 +244,7 @@ ($)
|
||||||
|
|
||||||
|
$self->add_code(<<___);
|
||||||
|
addc $tp[$n],$tp[$n],$c0
|
||||||
|
- addze $tp[$n+1],$tp[$n+1]
|
||||||
|
+ addze $tp[$n+1],$ze
|
||||||
|
___
|
||||||
|
|
||||||
|
$self->add_code(<<___);
|
||||||
|
@@ -272,7 +274,7 @@ ($)
|
||||||
|
and. $tp[$n],$tp[$n],$tp[$n]
|
||||||
|
bne $label->{"sub"}
|
||||||
|
|
||||||
|
- cmpld $tp[$n-1],$npj
|
||||||
|
+ cmpld $tp[$n-1],$npj
|
||||||
|
blt $label->{"copy"}
|
||||||
|
|
||||||
|
$label->{"sub"}:
|
@ -1,174 +0,0 @@
|
|||||||
diff -up openssl-3.0.1/tools/c_rehash.in.cve20222068 openssl-3.0.1/tools/c_rehash.in
|
|
||||||
--- openssl-3.0.1/tools/c_rehash.in.cve20222068 2022-06-22 13:15:57.347421765 +0200
|
|
||||||
+++ openssl-3.0.1/tools/c_rehash.in 2022-06-22 13:16:14.797576250 +0200
|
|
||||||
@@ -104,18 +104,41 @@ foreach (@dirlist) {
|
|
||||||
}
|
|
||||||
exit($errorcount);
|
|
||||||
|
|
||||||
+sub copy_file {
|
|
||||||
+ my ($src_fname, $dst_fname) = @_;
|
|
||||||
+
|
|
||||||
+ if (open(my $in, "<", $src_fname)) {
|
|
||||||
+ if (open(my $out, ">", $dst_fname)) {
|
|
||||||
+ print $out $_ while (<$in>);
|
|
||||||
+ close $out;
|
|
||||||
+ } else {
|
|
||||||
+ warn "Cannot open $dst_fname for write, $!";
|
|
||||||
+ }
|
|
||||||
+ close $in;
|
|
||||||
+ } else {
|
|
||||||
+ warn "Cannot open $src_fname for read, $!";
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
sub hash_dir {
|
|
||||||
+ my $dir = shift;
|
|
||||||
my %hashlist;
|
|
||||||
- print "Doing $_[0]\n";
|
|
||||||
- chdir $_[0];
|
|
||||||
- opendir(DIR, ".");
|
|
||||||
+
|
|
||||||
+ print "Doing $dir\n";
|
|
||||||
+
|
|
||||||
+ if (!chdir $dir) {
|
|
||||||
+ print STDERR "WARNING: Cannot chdir to '$dir', $!\n";
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n";
|
|
||||||
my @flist = sort readdir(DIR);
|
|
||||||
closedir DIR;
|
|
||||||
if ( $removelinks ) {
|
|
||||||
# Delete any existing symbolic links
|
|
||||||
foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
|
|
||||||
if (-l $_) {
|
|
||||||
- print "unlink $_" if $verbose;
|
|
||||||
+ print "unlink $_\n" if $verbose;
|
|
||||||
unlink $_ || warn "Can't unlink $_, $!\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -130,13 +153,16 @@ sub hash_dir {
|
|
||||||
link_hash_cert($fname) if ($cert);
|
|
||||||
link_hash_crl($fname) if ($crl);
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ chdir $pwd;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub check_file {
|
|
||||||
my ($is_cert, $is_crl) = (0,0);
|
|
||||||
my $fname = $_[0];
|
|
||||||
- open IN, $fname;
|
|
||||||
- while(<IN>) {
|
|
||||||
+
|
|
||||||
+ open(my $in, "<", $fname);
|
|
||||||
+ while(<$in>) {
|
|
||||||
if (/^-----BEGIN (.*)-----/) {
|
|
||||||
my $hdr = $1;
|
|
||||||
if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
|
|
||||||
@@ -148,7 +174,7 @@ sub check_file {
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
- close IN;
|
|
||||||
+ close $in;
|
|
||||||
return ($is_cert, $is_crl);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -177,76 +203,49 @@ sub compute_hash {
|
|
||||||
# certificate fingerprints
|
|
||||||
|
|
||||||
sub link_hash_cert {
|
|
||||||
- my $fname = $_[0];
|
|
||||||
- my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
|
|
||||||
- "-fingerprint", "-noout",
|
|
||||||
- "-in", $fname);
|
|
||||||
- chomp $hash;
|
|
||||||
- chomp $fprint;
|
|
||||||
- return if !$hash;
|
|
||||||
- $fprint =~ s/^.*=//;
|
|
||||||
- $fprint =~ tr/://d;
|
|
||||||
- my $suffix = 0;
|
|
||||||
- # Search for an unused hash filename
|
|
||||||
- while(exists $hashlist{"$hash.$suffix"}) {
|
|
||||||
- # Hash matches: if fingerprint matches its a duplicate cert
|
|
||||||
- if ($hashlist{"$hash.$suffix"} eq $fprint) {
|
|
||||||
- print STDERR "WARNING: Skipping duplicate certificate $fname\n";
|
|
||||||
- return;
|
|
||||||
- }
|
|
||||||
- $suffix++;
|
|
||||||
- }
|
|
||||||
- $hash .= ".$suffix";
|
|
||||||
- if ($symlink_exists) {
|
|
||||||
- print "link $fname -> $hash\n" if $verbose;
|
|
||||||
- symlink $fname, $hash || warn "Can't symlink, $!";
|
|
||||||
- } else {
|
|
||||||
- print "copy $fname -> $hash\n" if $verbose;
|
|
||||||
- if (open($in, "<", $fname)) {
|
|
||||||
- if (open($out,">", $hash)) {
|
|
||||||
- print $out $_ while (<$in>);
|
|
||||||
- close $out;
|
|
||||||
- } else {
|
|
||||||
- warn "can't open $hash for write, $!";
|
|
||||||
- }
|
|
||||||
- close $in;
|
|
||||||
- } else {
|
|
||||||
- warn "can't open $fname for read, $!";
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
- $hashlist{$hash} = $fprint;
|
|
||||||
+ link_hash($_[0], 'cert');
|
|
||||||
}
|
|
||||||
|
|
||||||
# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
|
|
||||||
|
|
||||||
sub link_hash_crl {
|
|
||||||
- my $fname = $_[0];
|
|
||||||
- my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
|
|
||||||
+ link_hash($_[0], 'crl');
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+sub link_hash {
|
|
||||||
+ my ($fname, $type) = @_;
|
|
||||||
+ my $is_cert = $type eq 'cert';
|
|
||||||
+
|
|
||||||
+ my ($hash, $fprint) = compute_hash($openssl,
|
|
||||||
+ $is_cert ? "x509" : "crl",
|
|
||||||
+ $is_cert ? $x509hash : $crlhash,
|
|
||||||
"-fingerprint", "-noout",
|
|
||||||
"-in", $fname);
|
|
||||||
chomp $hash;
|
|
||||||
+ $hash =~ s/^.*=// if !$is_cert;
|
|
||||||
chomp $fprint;
|
|
||||||
return if !$hash;
|
|
||||||
$fprint =~ s/^.*=//;
|
|
||||||
$fprint =~ tr/://d;
|
|
||||||
my $suffix = 0;
|
|
||||||
# Search for an unused hash filename
|
|
||||||
- while(exists $hashlist{"$hash.r$suffix"}) {
|
|
||||||
+ my $crlmark = $is_cert ? "" : "r";
|
|
||||||
+ while(exists $hashlist{"$hash.$crlmark$suffix"}) {
|
|
||||||
# Hash matches: if fingerprint matches its a duplicate cert
|
|
||||||
- if ($hashlist{"$hash.r$suffix"} eq $fprint) {
|
|
||||||
- print STDERR "WARNING: Skipping duplicate CRL $fname\n";
|
|
||||||
+ if ($hashlist{"$hash.$crlmark$suffix"} eq $fprint) {
|
|
||||||
+ my $what = $is_cert ? 'certificate' : 'CRL';
|
|
||||||
+ print STDERR "WARNING: Skipping duplicate $what $fname\n";
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
$suffix++;
|
|
||||||
}
|
|
||||||
- $hash .= ".r$suffix";
|
|
||||||
+ $hash .= ".$crlmark$suffix";
|
|
||||||
if ($symlink_exists) {
|
|
||||||
print "link $fname -> $hash\n" if $verbose;
|
|
||||||
symlink $fname, $hash || warn "Can't symlink, $!";
|
|
||||||
} else {
|
|
||||||
- print "cp $fname -> $hash\n" if $verbose;
|
|
||||||
- system ("cp", $fname, $hash);
|
|
||||||
- warn "Can't copy, $!" if ($? >> 8) != 0;
|
|
||||||
+ print "copy $fname -> $hash\n" if $verbose;
|
|
||||||
+ copy_file($fname, $hash);
|
|
||||||
}
|
|
||||||
$hashlist{$hash} = $fprint;
|
|
||||||
}
|
|
@ -1,151 +0,0 @@
|
|||||||
From a98f339ddd7e8f487d6e0088d4a9a42324885a93 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Alex Chernyakhovsky <achernya@google.com>
|
|
||||||
Date: Thu, 16 Jun 2022 12:00:22 +1000
|
|
||||||
Subject: [PATCH] Fix AES OCB encrypt/decrypt for x86 AES-NI
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
|
|
||||||
that performs operations on 6 16-byte blocks concurrently (the
|
|
||||||
"grandloop") and then proceeds to handle the "short" tail (which can
|
|
||||||
be anywhere from 0 to 5 blocks) that remain.
|
|
||||||
|
|
||||||
As part of initialization, the assembly initializes $len to the true
|
|
||||||
length, less 96 bytes and converts it to a pointer so that the $inp
|
|
||||||
can be compared to it. Each iteration of "grandloop" checks to see if
|
|
||||||
there's a full 96-byte chunk to process, and if so, continues. Once
|
|
||||||
this has been exhausted, it falls through to "short", which handles
|
|
||||||
the remaining zero to five blocks.
|
|
||||||
|
|
||||||
Unfortunately, the jump at the end of "grandloop" had a fencepost
|
|
||||||
error, doing a `jb` ("jump below") rather than `jbe` (jump below or
|
|
||||||
equal). This should be `jbe`, as $inp is pointing to the *end* of the
|
|
||||||
chunk currently being handled. If $inp == $len, that means that
|
|
||||||
there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
|
|
||||||
then there's 5 or fewer 16-byte blocks left to be handled, and the
|
|
||||||
fall-through is intended.
|
|
||||||
|
|
||||||
The net effect of `jb` instead of `jbe` is that the last 16-byte block
|
|
||||||
of the last 96-byte chunk was completely omitted. The contents of
|
|
||||||
`out` in this position were never written to. Additionally, since
|
|
||||||
those bytes were never processed, the authentication tag generated is
|
|
||||||
also incorrect.
|
|
||||||
|
|
||||||
The same fencepost error, and identical logic, exists in both
|
|
||||||
aesni_ocb_encrypt and aesni_ocb_decrypt.
|
|
||||||
|
|
||||||
This addresses CVE-2022-2097.
|
|
||||||
|
|
||||||
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
|
|
||||||
Co-authored-by: David Benjamin <davidben@google.com>
|
|
||||||
|
|
||||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
|
||||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
||||||
(cherry picked from commit 6ebf6d51596f51d23ccbc17930778d104a57d99c)
|
|
||||||
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93]
|
|
||||||
---
|
|
||||||
crypto/aes/asm/aesni-x86.pl | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl
|
|
||||||
index 4245fe34e17e..7cf838db170b 100644
|
|
||||||
--- a/crypto/aes/asm/aesni-x86.pl
|
|
||||||
+++ b/crypto/aes/asm/aesni-x86.pl
|
|
||||||
@@ -2025,7 +2025,7 @@ sub aesni_generate6
|
|
||||||
&movdqu (&QWP(-16*2,$out,$inp),$inout4);
|
|
||||||
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
|
|
||||||
&cmp ($inp,$len); # done yet?
|
|
||||||
- &jb (&label("grandloop"));
|
|
||||||
+ &jbe (&label("grandloop"));
|
|
||||||
|
|
||||||
&set_label("short");
|
|
||||||
&add ($len,16*6);
|
|
||||||
@@ -2451,7 +2451,7 @@ sub aesni_generate6
|
|
||||||
&pxor ($rndkey1,$inout5);
|
|
||||||
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
|
|
||||||
&cmp ($inp,$len); # done yet?
|
|
||||||
- &jb (&label("grandloop"));
|
|
||||||
+ &jbe (&label("grandloop"));
|
|
||||||
|
|
||||||
&set_label("short");
|
|
||||||
&add ($len,16*6);
|
|
||||||
From 52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Alex Chernyakhovsky <achernya@google.com>
|
|
||||||
Date: Thu, 16 Jun 2022 12:02:37 +1000
|
|
||||||
Subject: [PATCH] AES OCB test vectors
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.
|
|
||||||
|
|
||||||
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
|
|
||||||
Co-authored-by: David Benjamin <davidben@google.com>
|
|
||||||
|
|
||||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
|
||||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
||||||
(cherry picked from commit 2f19ab18a29cf9c82cdd68bc8c7e5be5061b19be)
|
|
||||||
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8]
|
|
||||||
---
|
|
||||||
.../30-test_evp_data/evpciph_aes_ocb.txt | 50 +++++++++++++++++++
|
|
||||||
1 file changed, 50 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt b/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt
|
|
||||||
index e58ee34b6b3f..de098905230b 100644
|
|
||||||
--- a/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt
|
|
||||||
+++ b/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt
|
|
||||||
@@ -207,3 +207,53 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021
|
|
||||||
Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486
|
|
||||||
Operation = DECRYPT
|
|
||||||
Result = CIPHERFINAL_ERROR
|
|
||||||
+
|
|
||||||
+#Test vectors generated to validate aesni_ocb_encrypt on x86
|
|
||||||
+Cipher = aes-128-ocb
|
|
||||||
+Key = 000102030405060708090A0B0C0D0E0F
|
|
||||||
+IV = 000000000001020304050607
|
|
||||||
+Tag = C14DFF7D62A13C4A3422456207453190
|
|
||||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B819333
|
|
||||||
+
|
|
||||||
+Cipher = aes-128-ocb
|
|
||||||
+Key = 000102030405060708090A0B0C0D0E0F
|
|
||||||
+IV = 000000000001020304050607
|
|
||||||
+Tag = D47D84F6FF912C79B6A4223AB9BE2DB8
|
|
||||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F
|
|
||||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC204
|
|
||||||
+
|
|
||||||
+Cipher = aes-128-ocb
|
|
||||||
+Key = 000102030405060708090A0B0C0D0E0F
|
|
||||||
+IV = 000000000001020304050607
|
|
||||||
+Tag = 41970D13737B7BD1B5FBF49ED4412CA5
|
|
||||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D
|
|
||||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91
|
|
||||||
+
|
|
||||||
+Cipher = aes-128-ocb
|
|
||||||
+Key = 000102030405060708090A0B0C0D0E0F
|
|
||||||
+IV = 000000000001020304050607
|
|
||||||
+Tag = BE0228651ED4E48A11BDED68D953F3A0
|
|
||||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D
|
|
||||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F
|
|
||||||
+
|
|
||||||
+Cipher = aes-128-ocb
|
|
||||||
+Key = 000102030405060708090A0B0C0D0E0F
|
|
||||||
+IV = 000000000001020304050607
|
|
||||||
+Tag = 17BC6E10B16E5FDC52836E7D589518C7
|
|
||||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D
|
|
||||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B
|
|
||||||
+
|
|
||||||
+Cipher = aes-128-ocb
|
|
||||||
+Key = 000102030405060708090A0B0C0D0E0F
|
|
||||||
+IV = 000000000001020304050607
|
|
||||||
+Tag = E84AAC18666116990A3A37B3A5FC55BD
|
|
||||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D
|
|
||||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED
|
|
||||||
+
|
|
||||||
+Cipher = aes-128-ocb
|
|
||||||
+Key = 000102030405060708090A0B0C0D0E0F
|
|
||||||
+IV = 000000000001020304050607
|
|
||||||
+Tag = 3E5EA7EE064FE83B313E28D411E91EAD
|
|
||||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D
|
|
||||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED48D9E09F452F8E6FBEB76A3DED47611C
|
|
@ -1,56 +0,0 @@
|
|||||||
From edceec7fe0c9a5534ae155c8398c63dd7dd95483 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tomas Mraz <tomas@openssl.org>
|
|
||||||
Date: Thu, 5 May 2022 08:11:24 +0200
|
|
||||||
Subject: [PATCH] EVP_PKEY_Q_keygen: Call OPENSSL_init_crypto to init
|
|
||||||
strcasecmp
|
|
||||||
|
|
||||||
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
|
||||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
||||||
(Merged from https://github.com/openssl/openssl/pull/18247)
|
|
||||||
|
|
||||||
(cherry picked from commit b807c2fbab2128cf3746bb2ebd51cbe3bb6914a9)
|
|
||||||
|
|
||||||
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483]
|
|
||||||
---
|
|
||||||
crypto/evp/evp_lib.c | 7 +++++++
|
|
||||||
1 file changed, 7 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
|
|
||||||
index 3fe4743761..d9b8c0af41 100644
|
|
||||||
--- a/crypto/evp/evp_lib.c
|
|
||||||
+++ b/crypto/evp/evp_lib.c
|
|
||||||
@@ -24,6 +24,7 @@
|
|
||||||
#include <openssl/dh.h>
|
|
||||||
#include <openssl/ec.h>
|
|
||||||
#include "crypto/evp.h"
|
|
||||||
+#include "crypto/cryptlib.h"
|
|
||||||
#include "internal/provider.h"
|
|
||||||
#include "evp_local.h"
|
|
||||||
|
|
||||||
@@ -1094,6 +1095,8 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
|
|
||||||
return (ctx->flags & flags);
|
|
||||||
}
|
|
||||||
|
|
||||||
+#if !defined(FIPS_MODULE)
|
|
||||||
+
|
|
||||||
int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name)
|
|
||||||
{
|
|
||||||
OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
|
||||||
@@ -1169,6 +1172,8 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
|
|
||||||
|
|
||||||
va_start(args, type);
|
|
||||||
|
|
||||||
+ OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL);
|
|
||||||
+
|
|
||||||
if (OPENSSL_strcasecmp(type, "RSA") == 0) {
|
|
||||||
bits = va_arg(args, size_t);
|
|
||||||
params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);
|
|
||||||
@@ -1189,3 +1194,5 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
|
|
||||||
va_end(args);
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
--
|
|
||||||
2.35.3
|
|
||||||
|
|
@ -1311,7 +1311,7 @@ index c12cb9c..2a819b2 100644
|
|||||||
|
|
||||||
$CHACHAASM_c64xplus=chacha-c64xplus.s
|
$CHACHAASM_c64xplus=chacha-c64xplus.s
|
||||||
@@ -29,6 +29,7 @@ SOURCE[../../libcrypto]=$CHACHAASM
|
@@ -29,6 +29,7 @@ SOURCE[../../libcrypto]=$CHACHAASM
|
||||||
GENERATE[chacha-x86.s]=asm/chacha-x86.pl
|
GENERATE[chacha-x86.S]=asm/chacha-x86.pl
|
||||||
GENERATE[chacha-x86_64.s]=asm/chacha-x86_64.pl
|
GENERATE[chacha-x86_64.s]=asm/chacha-x86_64.pl
|
||||||
GENERATE[chacha-ppc.s]=asm/chacha-ppc.pl
|
GENERATE[chacha-ppc.s]=asm/chacha-ppc.pl
|
||||||
+GENERATE[chachap10-ppc.s]=asm/chachap10-ppc.pl
|
+GENERATE[chachap10-ppc.s]=asm/chachap10-ppc.pl
|
||||||
|
@ -136,10 +136,17 @@ diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.i
|
|||||||
index 4e30ec56dd..0103c87528 100644
|
index 4e30ec56dd..0103c87528 100644
|
||||||
--- a/providers/fips/self_test_data.inc
|
--- a/providers/fips/self_test_data.inc
|
||||||
+++ b/providers/fips/self_test_data.inc
|
+++ b/providers/fips/self_test_data.inc
|
||||||
@@ -1294,9 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
|
@@ -1294,15 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
|
||||||
ST_KAT_PARAM_END()
|
ST_KAT_PARAM_END()
|
||||||
};
|
};
|
||||||
|
|
||||||
|
-/*-
|
||||||
|
- * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the
|
||||||
|
- * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
|
||||||
|
- * HP/UX PA-RISC compilers.
|
||||||
|
- */
|
||||||
|
-static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE;
|
||||||
|
-
|
||||||
+/*-
|
+/*-
|
||||||
+ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the
|
+ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the
|
||||||
+ * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
|
+ * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
|
||||||
@ -153,8 +160,7 @@ index 4e30ec56dd..0103c87528 100644
|
|||||||
+};
|
+};
|
||||||
+
|
+
|
||||||
static const ST_KAT_PARAM rsa_enc_params[] = {
|
static const ST_KAT_PARAM rsa_enc_params[] = {
|
||||||
- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE,
|
- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none),
|
||||||
- OSSL_PKEY_RSA_PAD_MODE_NONE),
|
|
||||||
+ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep),
|
+ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep),
|
||||||
+ ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED,
|
+ ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED,
|
||||||
+ oaep_fixed_seed),
|
+ oaep_fixed_seed),
|
||||||
|
@ -149,14 +149,14 @@ index db1a1d7bc3..c94c3c53bd 100644
|
|||||||
if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
|
if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
|
||||||
return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
|
return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
|
||||||
sigret, siglen,
|
sigret, siglen,
|
||||||
(siglen == NULL) ? 0 : *siglen);
|
sigret == NULL ? 0 : *siglen);
|
||||||
+#ifndef FIPS_MODULE
|
+#ifndef FIPS_MODULE
|
||||||
dctx = EVP_PKEY_CTX_dup(pctx);
|
dctx = EVP_PKEY_CTX_dup(pctx);
|
||||||
if (dctx == NULL)
|
if (dctx == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
||||||
sigret, siglen,
|
sigret, siglen,
|
||||||
(siglen == NULL) ? 0 : *siglen);
|
*siglen);
|
||||||
EVP_PKEY_CTX_free(dctx);
|
EVP_PKEY_CTX_free(dctx);
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
return r;
|
return r;
|
||||||
|
@ -1,50 +1,69 @@
|
|||||||
From c4b086fc4de06128695e1fe428f56d776d25e748 Mon Sep 17 00:00:00 2001
|
From 0c4aaedf29a1ed1559762515bfeaa5923925e18f Mon Sep 17 00:00:00 2001
|
||||||
From: Clemens Lang <cllang@redhat.com>
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
Date: Thu, 11 Aug 2022 09:27:12 +0200
|
Date: Thu, 11 Aug 2022 09:27:12 +0200
|
||||||
Subject: [PATCH] Add FIPS indicator parameter to HKDF
|
Subject: [PATCH 1/2] Add FIPS indicator parameter to HKDF
|
||||||
|
|
||||||
NIST considers HKDF only acceptable when used as in TLS 1.3, and
|
NIST considers HKDF only acceptable when used as in TLS 1.3, and
|
||||||
otherwise unapproved. Add an explicit indicator attached to the
|
otherwise unapproved. Add an explicit indicator attached to the
|
||||||
EVP_KDF_CTX that can be queried using EVP_KDF_CTX_get_params() to
|
EVP_KDF_CTX that can be queried using EVP_KDF_CTX_get_params() to
|
||||||
determine whether the KDF operation was approved after performing it.
|
determine whether the KDF operation was approved after performing it.
|
||||||
|
|
||||||
Related: rhbz#2114772
|
|
||||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
Related: rhbz#2114772
|
||||||
---
|
---
|
||||||
|
include/crypto/evp.h | 7 ++++
|
||||||
include/openssl/core_names.h | 1 +
|
include/openssl/core_names.h | 1 +
|
||||||
include/openssl/kdf.h | 4 ++
|
include/openssl/kdf.h | 4 ++
|
||||||
providers/implementations/kdfs/hkdf.c | 53 +++++++++++++++++++++++++++
|
providers/implementations/kdfs/hkdf.c | 53 +++++++++++++++++++++++++++
|
||||||
3 files changed, 58 insertions(+)
|
4 files changed, 65 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
|
||||||
|
index e70d8e9e84..76fb990de4 100644
|
||||||
|
--- a/include/crypto/evp.h
|
||||||
|
+++ b/include/crypto/evp.h
|
||||||
|
@@ -219,6 +219,13 @@ struct evp_mac_st {
|
||||||
|
OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params;
|
||||||
|
};
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+/* According to NIST Special Publication 800-131Ar2, Section 8: Deriving
|
||||||
|
+ * Additional Keys from a Cryptographic Key, "[t]he length of the
|
||||||
|
+ * key-derivation key [i.e., the input key] shall be at least 112 bits". */
|
||||||
|
+# define EVP_KDF_FIPS_MIN_KEY_LEN (112 / 8)
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
struct evp_kdf_st {
|
||||||
|
OSSL_PROVIDER *prov;
|
||||||
|
int name_id;
|
||||||
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
||||||
index 21c94d0488..87786680d7 100644
|
index 21c94d0488..c019afbbb0 100644
|
||||||
--- a/include/openssl/core_names.h
|
--- a/include/openssl/core_names.h
|
||||||
+++ b/include/openssl/core_names.h
|
+++ b/include/openssl/core_names.h
|
||||||
@@ -223,6 +223,7 @@ extern "C" {
|
@@ -223,6 +223,7 @@ extern "C" {
|
||||||
#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
|
#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
|
||||||
#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
|
#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
|
||||||
#define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
|
#define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
|
||||||
+#define OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR "hkdf-fips-indicator"
|
+#define OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator"
|
||||||
|
|
||||||
/* Known KDF names */
|
/* Known KDF names */
|
||||||
#define OSSL_KDF_NAME_HKDF "HKDF"
|
#define OSSL_KDF_NAME_HKDF "HKDF"
|
||||||
diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
|
diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
|
||||||
index 0983230a48..869f23d8fb 100644
|
index 0983230a48..86171635ea 100644
|
||||||
--- a/include/openssl/kdf.h
|
--- a/include/openssl/kdf.h
|
||||||
+++ b/include/openssl/kdf.h
|
+++ b/include/openssl/kdf.h
|
||||||
@@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *kdf,
|
@@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *kdf,
|
||||||
# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1
|
# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1
|
||||||
# define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2
|
# define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2
|
||||||
|
|
||||||
+# define EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED 0
|
+# define EVP_KDF_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
|
||||||
+# define EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED 1
|
+# define EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED 1
|
||||||
+# define EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED 2
|
+# define EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
|
||||||
+
|
+
|
||||||
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65
|
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65
|
||||||
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66
|
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66
|
||||||
#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
|
#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
|
||||||
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
|
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
|
||||||
index afdb7138e1..9d28d292d8 100644
|
index afdb7138e1..6f06fa58fe 100644
|
||||||
--- a/providers/implementations/kdfs/hkdf.c
|
--- a/providers/implementations/kdfs/hkdf.c
|
||||||
+++ b/providers/implementations/kdfs/hkdf.c
|
+++ b/providers/implementations/kdfs/hkdf.c
|
||||||
@@ -298,6 +298,56 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
@@ -298,6 +298,56 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
||||||
@ -53,13 +72,13 @@ index afdb7138e1..9d28d292d8 100644
|
|||||||
}
|
}
|
||||||
+
|
+
|
||||||
+#ifdef FIPS_MODULE
|
+#ifdef FIPS_MODULE
|
||||||
+ if ((p = OSSL_PARAM_locate(params,
|
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR))
|
||||||
+ OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR)) != NULL) {
|
+ != NULL) {
|
||||||
+ int fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED;
|
+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_UNDETERMINED;
|
||||||
+ switch (ctx->mode) {
|
+ switch (ctx->mode) {
|
||||||
+ case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
|
+ case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
|
||||||
+ /* TLS 1.3 never uses extract-and-expand */
|
+ /* TLS 1.3 never uses extract-and-expand */
|
||||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
|
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
+ break;
|
+ break;
|
||||||
+ case EVP_KDF_HKDF_MODE_EXTRACT_ONLY:
|
+ case EVP_KDF_HKDF_MODE_EXTRACT_ONLY:
|
||||||
+ {
|
+ {
|
||||||
@ -74,10 +93,10 @@ index afdb7138e1..9d28d292d8 100644
|
|||||||
+ * comes from, so all we can do is check the salt length.
|
+ * comes from, so all we can do is check the salt length.
|
||||||
+ */
|
+ */
|
||||||
+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
|
+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
|
||||||
+ if (md != NULL && ctx->salt_len == EVP_MD_get_size(md))
|
+ if (md != NULL && ctx->salt_len == (size_t) EVP_MD_get_size(md))
|
||||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED;
|
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||||
+ else
|
+ else
|
||||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
|
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
+ }
|
+ }
|
||||||
+ break;
|
+ break;
|
||||||
+ case EVP_KDF_HKDF_MODE_EXPAND_ONLY:
|
+ case EVP_KDF_HKDF_MODE_EXPAND_ONLY:
|
||||||
@ -92,9 +111,9 @@ index afdb7138e1..9d28d292d8 100644
|
|||||||
+ && ctx->label_len >= 2 /* length */ + 4 /* "dtls" */
|
+ && ctx->label_len >= 2 /* length */ + 4 /* "dtls" */
|
||||||
+ && (strncmp("tls", (const char *)ctx->label + 2, 3) == 0 ||
|
+ && (strncmp("tls", (const char *)ctx->label + 2, 3) == 0 ||
|
||||||
+ strncmp("dtls", (const char *)ctx->label + 2, 4) == 0))
|
+ strncmp("dtls", (const char *)ctx->label + 2, 4) == 0))
|
||||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED;
|
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||||
+ else
|
+ else
|
||||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
|
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
+ break;
|
+ break;
|
||||||
+ }
|
+ }
|
||||||
+ return OSSL_PARAM_set_int(p, fips_indicator);
|
+ return OSSL_PARAM_set_int(p, fips_indicator);
|
||||||
@ -109,11 +128,11 @@ index afdb7138e1..9d28d292d8 100644
|
|||||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||||
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||||
+#ifdef FIPS_MODULE
|
+#ifdef FIPS_MODULE
|
||||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR, NULL),
|
+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
OSSL_PARAM_END
|
OSSL_PARAM_END
|
||||||
};
|
};
|
||||||
return known_gettable_ctx_params;
|
return known_gettable_ctx_params;
|
||||||
--
|
--
|
||||||
2.37.1
|
2.38.1
|
||||||
|
|
||||||
|
3154
SOURCES/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
Normal file
3154
SOURCES/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
Normal file
File diff suppressed because it is too large
Load Diff
288
SOURCES/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
Normal file
288
SOURCES/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
Normal file
@ -0,0 +1,288 @@
|
|||||||
|
From 4de5fa26873297f5c2eeed53e5c988437f837f55 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Thu, 17 Nov 2022 13:53:31 +0100
|
||||||
|
Subject: [PATCH] signature: Remove X9.31 padding from FIPS prov
|
||||||
|
|
||||||
|
The current draft of FIPS 186-5 [1] no longer contains specifications
|
||||||
|
for X9.31 signature padding. Instead, it contains the following
|
||||||
|
information in Appendix E:
|
||||||
|
|
||||||
|
> ANSI X9.31 was withdrawn, so X9.31 RSA signatures were removed from
|
||||||
|
> this standard.
|
||||||
|
|
||||||
|
Since this situation is unlikely to change in future revisions of the
|
||||||
|
draft, and future FIPS 140-3 validations of the provider will require
|
||||||
|
X9.31 to be disabled or marked as not approved with an explicit
|
||||||
|
indicator, disallow this padding mode now.
|
||||||
|
|
||||||
|
Remove the X9.31 tests from the acvp test, since they will always fail
|
||||||
|
now.
|
||||||
|
|
||||||
|
[1]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
---
|
||||||
|
providers/implementations/signature/rsa_sig.c | 6 +
|
||||||
|
test/acvp_test.inc | 214 ------------------
|
||||||
|
2 files changed, 6 insertions(+), 214 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
||||||
|
index 34f45175e8..49e7f9158a 100644
|
||||||
|
--- a/providers/implementations/signature/rsa_sig.c
|
||||||
|
+++ b/providers/implementations/signature/rsa_sig.c
|
||||||
|
@@ -1233,7 +1233,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
||||||
|
err_extra_text = "No padding not allowed with RSA-PSS";
|
||||||
|
goto cont;
|
||||||
|
case RSA_X931_PADDING:
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
err_extra_text = "X.931 padding not allowed with RSA-PSS";
|
||||||
|
+#else /* !defined(FIPS_MODULE) */
|
||||||
|
+ err_extra_text = "X.931 padding no longer allowed in FIPS mode,"
|
||||||
|
+ " since it was removed from FIPS 186-5";
|
||||||
|
+ goto bad_pad;
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
cont:
|
||||||
|
if (RSA_test_flags(prsactx->rsa,
|
||||||
|
RSA_FLAG_TYPE_MASK) == RSA_FLAG_TYPE_RSA)
|
||||||
|
diff --git a/test/acvp_test.inc b/test/acvp_test.inc
|
||||||
|
index 73b24bdb0c..96a72073f9 100644
|
||||||
|
--- a/test/acvp_test.inc
|
||||||
|
+++ b/test/acvp_test.inc
|
||||||
|
@@ -1204,13 +1204,6 @@ static const struct rsa_siggen_st rsa_siggen_data[] = {
|
||||||
|
ITM(rsa_siggen0_msg),
|
||||||
|
NO_PSS_SALT_LEN,
|
||||||
|
},
|
||||||
|
- {
|
||||||
|
- "x931",
|
||||||
|
- 2048,
|
||||||
|
- "SHA384",
|
||||||
|
- ITM(rsa_siggen0_msg),
|
||||||
|
- NO_PSS_SALT_LEN,
|
||||||
|
- },
|
||||||
|
{
|
||||||
|
"pss",
|
||||||
|
2048,
|
||||||
|
@@ -1622,202 +1615,6 @@ static const unsigned char rsa_sigverpss_1_sig[] = {
|
||||||
|
0x5c, 0xea, 0x8a, 0x92, 0x31, 0xd2, 0x11, 0x4b,
|
||||||
|
};
|
||||||
|
|
||||||
|
-static const unsigned char rsa_sigverx931_0_n[] = {
|
||||||
|
- 0xa0, 0x16, 0x14, 0x80, 0x8b, 0x17, 0x2b, 0xad,
|
||||||
|
- 0xd7, 0x07, 0x31, 0x6d, 0xfc, 0xba, 0x25, 0x83,
|
||||||
|
- 0x09, 0xa0, 0xf7, 0x71, 0xc6, 0x06, 0x22, 0x87,
|
||||||
|
- 0xd6, 0xbd, 0x13, 0xd9, 0xfe, 0x7c, 0xf7, 0xe6,
|
||||||
|
- 0x48, 0xdb, 0x27, 0xd8, 0xa5, 0x49, 0x8e, 0x8c,
|
||||||
|
- 0xea, 0xbe, 0xe0, 0x04, 0x6f, 0x3d, 0x3b, 0x73,
|
||||||
|
- 0xdc, 0xc5, 0xd4, 0xdc, 0x85, 0xef, 0xea, 0x10,
|
||||||
|
- 0x46, 0xf3, 0x88, 0xb9, 0x93, 0xbc, 0xa0, 0xb6,
|
||||||
|
- 0x06, 0x02, 0x82, 0xb4, 0x2d, 0x54, 0xec, 0x79,
|
||||||
|
- 0x50, 0x8a, 0xfc, 0xfa, 0x62, 0x45, 0xbb, 0xd7,
|
||||||
|
- 0x26, 0xcd, 0x88, 0xfa, 0xe8, 0x0f, 0x26, 0x5b,
|
||||||
|
- 0x1f, 0x21, 0x3f, 0x3b, 0x5d, 0x98, 0x3f, 0x02,
|
||||||
|
- 0x8c, 0xa1, 0xbf, 0xc0, 0x70, 0x4d, 0xd1, 0x41,
|
||||||
|
- 0xfd, 0xb9, 0x55, 0x12, 0x90, 0xc8, 0x6e, 0x0f,
|
||||||
|
- 0x19, 0xa8, 0x5c, 0x31, 0xd6, 0x16, 0x0e, 0xdf,
|
||||||
|
- 0x08, 0x84, 0xcd, 0x4b, 0xfd, 0x28, 0x8d, 0x7d,
|
||||||
|
- 0x6e, 0xea, 0xc7, 0x95, 0x4a, 0xc3, 0x84, 0x54,
|
||||||
|
- 0x7f, 0xb0, 0x20, 0x29, 0x96, 0x39, 0x4c, 0x3e,
|
||||||
|
- 0x85, 0xec, 0x22, 0xdd, 0xb9, 0x14, 0xbb, 0x04,
|
||||||
|
- 0x2f, 0x4c, 0x0c, 0xe3, 0xfa, 0xae, 0x47, 0x79,
|
||||||
|
- 0x59, 0x8e, 0x4e, 0x7d, 0x4a, 0x17, 0xae, 0x16,
|
||||||
|
- 0x38, 0x66, 0x4e, 0xff, 0x45, 0x7f, 0xac, 0x5e,
|
||||||
|
- 0x75, 0x9f, 0x51, 0x18, 0xe6, 0xad, 0x6b, 0x8b,
|
||||||
|
- 0x3d, 0x08, 0x4d, 0x9a, 0xd2, 0x11, 0xba, 0xa8,
|
||||||
|
- 0xc3, 0xb5, 0x17, 0xb5, 0xdf, 0xe7, 0x39, 0x89,
|
||||||
|
- 0x27, 0x7b, 0xeb, 0xf4, 0xe5, 0x7e, 0xa9, 0x7b,
|
||||||
|
- 0x39, 0x40, 0x6f, 0xe4, 0x82, 0x14, 0x3d, 0x62,
|
||||||
|
- 0xb6, 0xd4, 0x43, 0xd0, 0x0a, 0x2f, 0xc1, 0x73,
|
||||||
|
- 0x3d, 0x99, 0x37, 0xbe, 0x62, 0x13, 0x6a, 0x8b,
|
||||||
|
- 0xeb, 0xc5, 0x64, 0xd5, 0x2a, 0x8b, 0x4f, 0x7f,
|
||||||
|
- 0x82, 0x48, 0x69, 0x3e, 0x08, 0x1b, 0xb5, 0x77,
|
||||||
|
- 0xd3, 0xdc, 0x1b, 0x2c, 0xe5, 0x59, 0xf6, 0x33,
|
||||||
|
- 0x47, 0xa0, 0x0f, 0xff, 0x8a, 0x6a, 0x1d, 0x66,
|
||||||
|
- 0x24, 0x67, 0x36, 0x7d, 0x21, 0xda, 0xc1, 0xd4,
|
||||||
|
- 0x11, 0x6c, 0xe8, 0x5f, 0xd7, 0x8a, 0x53, 0x5c,
|
||||||
|
- 0xb2, 0xe2, 0xf9, 0x14, 0x29, 0x0f, 0xcf, 0x28,
|
||||||
|
- 0x32, 0x4f, 0xc6, 0x17, 0xf6, 0xbc, 0x0e, 0xb8,
|
||||||
|
- 0x99, 0x7c, 0x14, 0xa3, 0x40, 0x3f, 0xf3, 0xe4,
|
||||||
|
- 0x31, 0xbe, 0x54, 0x64, 0x5a, 0xad, 0x1d, 0xb0,
|
||||||
|
- 0x37, 0xcc, 0xd9, 0x0b, 0xa4, 0xbc, 0xe0, 0x07,
|
||||||
|
- 0x37, 0xd1, 0xe1, 0x65, 0xc6, 0x53, 0xfe, 0x60,
|
||||||
|
- 0x6a, 0x64, 0xa4, 0x01, 0x00, 0xf3, 0x5b, 0x9a,
|
||||||
|
- 0x28, 0x61, 0xde, 0x7a, 0xd7, 0x0d, 0x56, 0x1e,
|
||||||
|
- 0x4d, 0xa8, 0x6a, 0xb5, 0xf2, 0x86, 0x2a, 0x4e,
|
||||||
|
- 0xaa, 0x37, 0x23, 0x5a, 0x3b, 0x69, 0x66, 0x81,
|
||||||
|
- 0xc8, 0x8e, 0x1b, 0x31, 0x0f, 0x28, 0x31, 0x9a,
|
||||||
|
- 0x2d, 0xe5, 0x79, 0xcc, 0xa4, 0xca, 0x60, 0x45,
|
||||||
|
- 0xf7, 0x83, 0x73, 0x5a, 0x01, 0x29, 0xda, 0xf7,
|
||||||
|
-
|
||||||
|
-};
|
||||||
|
-static const unsigned char rsa_sigverx931_0_e[] = {
|
||||||
|
- 0x01, 0x00, 0x01,
|
||||||
|
-};
|
||||||
|
-static const unsigned char rsa_sigverx931_0_msg[] = {
|
||||||
|
- 0x82, 0x2e, 0x41, 0x70, 0x9d, 0x1f, 0xe9, 0x47,
|
||||||
|
- 0xec, 0xf1, 0x79, 0xcc, 0x05, 0xef, 0xdb, 0xcd,
|
||||||
|
- 0xca, 0x8b, 0x8e, 0x61, 0x45, 0xad, 0xa6, 0xd9,
|
||||||
|
- 0xd7, 0x4b, 0x15, 0xf4, 0x92, 0x3a, 0x2a, 0x52,
|
||||||
|
- 0xe3, 0x44, 0x57, 0x2b, 0x74, 0x7a, 0x37, 0x41,
|
||||||
|
- 0x50, 0xcb, 0xcf, 0x13, 0x49, 0xd6, 0x15, 0x54,
|
||||||
|
- 0x97, 0xfd, 0xae, 0x9b, 0xc1, 0xbb, 0xfc, 0x5c,
|
||||||
|
- 0xc1, 0x37, 0x58, 0x17, 0x63, 0x19, 0x9c, 0xcf,
|
||||||
|
- 0xee, 0x9c, 0xe5, 0xbe, 0x06, 0xe4, 0x97, 0x47,
|
||||||
|
- 0xd1, 0x93, 0xa1, 0x2c, 0x59, 0x97, 0x02, 0x01,
|
||||||
|
- 0x31, 0x45, 0x8c, 0xe1, 0x5c, 0xac, 0xe7, 0x5f,
|
||||||
|
- 0x6a, 0x23, 0xda, 0xbf, 0xe4, 0x25, 0xc6, 0x67,
|
||||||
|
- 0xea, 0x5f, 0x73, 0x90, 0x1b, 0x06, 0x0f, 0x41,
|
||||||
|
- 0xb5, 0x6e, 0x74, 0x7e, 0xfd, 0xd9, 0xaa, 0xbd,
|
||||||
|
- 0xe2, 0x8d, 0xad, 0x99, 0xdd, 0x29, 0x70, 0xca,
|
||||||
|
- 0x1b, 0x38, 0x21, 0x55, 0xde, 0x07, 0xaf, 0x00,
|
||||||
|
-
|
||||||
|
-};
|
||||||
|
-static const unsigned char rsa_sigverx931_0_sig[] = {
|
||||||
|
- 0x29, 0xa9, 0x3a, 0x8e, 0x9e, 0x90, 0x1b, 0xdb,
|
||||||
|
- 0xaf, 0x0b, 0x47, 0x5b, 0xb5, 0xc3, 0x8c, 0xc3,
|
||||||
|
- 0x70, 0xbe, 0x73, 0xf9, 0x65, 0x8e, 0xc6, 0x1e,
|
||||||
|
- 0x95, 0x0b, 0xdb, 0x24, 0x76, 0x79, 0xf1, 0x00,
|
||||||
|
- 0x71, 0xcd, 0xc5, 0x6a, 0x7b, 0xd2, 0x8b, 0x18,
|
||||||
|
- 0xc4, 0xdd, 0xf1, 0x2a, 0x31, 0x04, 0x3f, 0xfc,
|
||||||
|
- 0x36, 0x06, 0x20, 0x71, 0x3d, 0x62, 0xf2, 0xb5,
|
||||||
|
- 0x79, 0x0a, 0xd5, 0xd2, 0x81, 0xf1, 0xb1, 0x4f,
|
||||||
|
- 0x9a, 0x17, 0xe8, 0x67, 0x64, 0x48, 0x09, 0x75,
|
||||||
|
- 0xff, 0x2d, 0xee, 0x36, 0xca, 0xca, 0x1d, 0x74,
|
||||||
|
- 0x99, 0xbe, 0x5c, 0x94, 0x31, 0xcc, 0x12, 0xf4,
|
||||||
|
- 0x59, 0x7e, 0x17, 0x00, 0x4f, 0x7b, 0xa4, 0xb1,
|
||||||
|
- 0xda, 0xdb, 0x3e, 0xa4, 0x34, 0x10, 0x4a, 0x19,
|
||||||
|
- 0x0a, 0xd2, 0xa7, 0xa0, 0xc5, 0xe6, 0xef, 0x82,
|
||||||
|
- 0xd4, 0x2e, 0x21, 0xbe, 0x15, 0x73, 0xac, 0xef,
|
||||||
|
- 0x05, 0xdb, 0x6a, 0x8a, 0x1a, 0xcb, 0x8e, 0xa5,
|
||||||
|
- 0xee, 0xfb, 0x28, 0xbf, 0x96, 0xa4, 0x2b, 0xd2,
|
||||||
|
- 0x85, 0x2b, 0x20, 0xc3, 0xaf, 0x9a, 0x32, 0x04,
|
||||||
|
- 0xa0, 0x49, 0x24, 0x47, 0xd0, 0x09, 0xf7, 0xcf,
|
||||||
|
- 0x73, 0xb6, 0xf6, 0x70, 0xda, 0x3b, 0xf8, 0x5a,
|
||||||
|
- 0x28, 0x2e, 0x14, 0x6c, 0x52, 0xbd, 0x2a, 0x7c,
|
||||||
|
- 0x8e, 0xc1, 0xa8, 0x0e, 0xb1, 0x1e, 0x6b, 0x8d,
|
||||||
|
- 0x76, 0xea, 0x70, 0x81, 0xa0, 0x02, 0x63, 0x74,
|
||||||
|
- 0xbc, 0x7e, 0xb9, 0xac, 0x0e, 0x7b, 0x1b, 0x75,
|
||||||
|
- 0x82, 0xe2, 0x98, 0x4e, 0x24, 0x55, 0xd4, 0xbd,
|
||||||
|
- 0x14, 0xde, 0x58, 0x56, 0x3a, 0x5d, 0x4e, 0x57,
|
||||||
|
- 0x0d, 0x54, 0x74, 0xe8, 0x86, 0x8c, 0xcb, 0x07,
|
||||||
|
- 0x9f, 0x0b, 0xfb, 0xc2, 0x08, 0x5c, 0xd7, 0x05,
|
||||||
|
- 0x3b, 0xc8, 0xd2, 0x15, 0x68, 0x8f, 0x3d, 0x3c,
|
||||||
|
- 0x4e, 0x85, 0xa9, 0x25, 0x6f, 0xf5, 0x2e, 0xca,
|
||||||
|
- 0xca, 0xa8, 0x27, 0x89, 0x61, 0x4e, 0x1f, 0x57,
|
||||||
|
- 0x2d, 0x99, 0x10, 0x3f, 0xbc, 0x9e, 0x96, 0x5e,
|
||||||
|
- 0x2f, 0x0a, 0x25, 0xa7, 0x5c, 0xea, 0x65, 0x2a,
|
||||||
|
- 0x22, 0x35, 0xa3, 0xf9, 0x13, 0x89, 0x05, 0x2e,
|
||||||
|
- 0x19, 0x73, 0x1d, 0x70, 0x74, 0x98, 0x15, 0x4b,
|
||||||
|
- 0xab, 0x56, 0x52, 0xe0, 0x01, 0x42, 0x95, 0x6a,
|
||||||
|
- 0x46, 0x2c, 0x78, 0xff, 0x26, 0xbc, 0x48, 0x10,
|
||||||
|
- 0x38, 0x25, 0xab, 0x32, 0x7c, 0x79, 0x7c, 0x5d,
|
||||||
|
- 0x6f, 0x45, 0x54, 0x74, 0x2d, 0x93, 0x56, 0x52,
|
||||||
|
- 0x11, 0x34, 0x1e, 0xe3, 0x4b, 0x6a, 0x17, 0x4f,
|
||||||
|
- 0x37, 0x14, 0x75, 0xac, 0xa3, 0xa1, 0xca, 0xda,
|
||||||
|
- 0x38, 0x06, 0xa9, 0x78, 0xb9, 0x5d, 0xd0, 0x59,
|
||||||
|
- 0x1b, 0x5d, 0x1e, 0xc2, 0x0b, 0xfb, 0x39, 0x37,
|
||||||
|
- 0x44, 0x85, 0xb6, 0x36, 0x06, 0x95, 0xbc, 0x15,
|
||||||
|
- 0x35, 0xb9, 0xe6, 0x27, 0x42, 0xe3, 0xc8, 0xec,
|
||||||
|
- 0x30, 0x37, 0x20, 0x26, 0x9a, 0x11, 0x61, 0xc0,
|
||||||
|
- 0xdb, 0xb2, 0x5a, 0x26, 0x78, 0x27, 0xb9, 0x13,
|
||||||
|
- 0xc9, 0x1a, 0xa7, 0x67, 0x93, 0xe8, 0xbe, 0xcb,
|
||||||
|
-};
|
||||||
|
-
|
||||||
|
-#define rsa_sigverx931_1_n rsa_sigverx931_0_n
|
||||||
|
-#define rsa_sigverx931_1_e rsa_sigverx931_0_e
|
||||||
|
-static const unsigned char rsa_sigverx931_1_msg[] = {
|
||||||
|
- 0x79, 0x02, 0xb9, 0xd2, 0x3e, 0x84, 0x02, 0xc8,
|
||||||
|
- 0x2a, 0x94, 0x92, 0x14, 0x8d, 0xd5, 0xd3, 0x8d,
|
||||||
|
- 0xb2, 0xf6, 0x00, 0x8b, 0x61, 0x2c, 0xd2, 0xf9,
|
||||||
|
- 0xa8, 0xe0, 0x5d, 0xac, 0xdc, 0xa5, 0x34, 0xf3,
|
||||||
|
- 0xda, 0x6c, 0xd4, 0x70, 0x92, 0xfb, 0x40, 0x26,
|
||||||
|
- 0xc7, 0x9b, 0xe8, 0xd2, 0x10, 0x11, 0xcf, 0x7f,
|
||||||
|
- 0x23, 0xd0, 0xed, 0x55, 0x52, 0x6d, 0xd3, 0xb2,
|
||||||
|
- 0x56, 0x53, 0x8d, 0x7c, 0x4c, 0xb8, 0xcc, 0xb5,
|
||||||
|
- 0xfd, 0xd0, 0x45, 0x4f, 0x62, 0x40, 0x54, 0x42,
|
||||||
|
- 0x68, 0xd5, 0xe5, 0xdd, 0xf0, 0x76, 0x94, 0x59,
|
||||||
|
- 0x1a, 0x57, 0x13, 0xb4, 0xc3, 0x70, 0xcc, 0xbd,
|
||||||
|
- 0x4c, 0x2e, 0xc8, 0x6b, 0x9d, 0x68, 0xd0, 0x72,
|
||||||
|
- 0x6a, 0x94, 0xd2, 0x18, 0xb5, 0x3b, 0x86, 0x45,
|
||||||
|
- 0x95, 0xaa, 0x50, 0xda, 0x35, 0xeb, 0x69, 0x44,
|
||||||
|
- 0x1f, 0xf3, 0x3a, 0x51, 0xbb, 0x1d, 0x08, 0x42,
|
||||||
|
- 0x12, 0xd7, 0xd6, 0x21, 0xd8, 0x9b, 0x87, 0x55,
|
||||||
|
-};
|
||||||
|
-
|
||||||
|
-static const unsigned char rsa_sigverx931_1_sig[] = {
|
||||||
|
- 0x3b, 0xba, 0xb3, 0xb1, 0xb2, 0x6a, 0x29, 0xb5,
|
||||||
|
- 0xf9, 0x94, 0xf1, 0x00, 0x5c, 0x16, 0x67, 0x67,
|
||||||
|
- 0x73, 0xd3, 0xde, 0x7e, 0x07, 0xfa, 0xaa, 0x95,
|
||||||
|
- 0xeb, 0x5a, 0x55, 0xdc, 0xb2, 0xa9, 0x70, 0x5a,
|
||||||
|
- 0xee, 0x8f, 0x8d, 0x69, 0x85, 0x2b, 0x00, 0xe3,
|
||||||
|
- 0xdc, 0xe2, 0x73, 0x9b, 0x68, 0xeb, 0x93, 0x69,
|
||||||
|
- 0x08, 0x03, 0x17, 0xd6, 0x50, 0x21, 0x14, 0x23,
|
||||||
|
- 0x8c, 0xe6, 0x54, 0x3a, 0xd9, 0xfc, 0x8b, 0x14,
|
||||||
|
- 0x81, 0xb1, 0x8b, 0x9d, 0xd2, 0xbe, 0x58, 0x75,
|
||||||
|
- 0x94, 0x74, 0x93, 0xc9, 0xbb, 0x4e, 0xf6, 0x1f,
|
||||||
|
- 0x73, 0x7d, 0x1a, 0x5f, 0xbd, 0xbf, 0x59, 0x37,
|
||||||
|
- 0x5b, 0x98, 0x54, 0xad, 0x3a, 0xef, 0xa0, 0xef,
|
||||||
|
- 0xcb, 0xc3, 0xe8, 0x84, 0xd8, 0x3d, 0xf5, 0x60,
|
||||||
|
- 0xb8, 0xc3, 0x8d, 0x1e, 0x78, 0xa0, 0x91, 0x94,
|
||||||
|
- 0xb7, 0xd7, 0xb1, 0xd4, 0xe2, 0xee, 0x81, 0x93,
|
||||||
|
- 0xfc, 0x41, 0xf0, 0x31, 0xbb, 0x03, 0x52, 0xde,
|
||||||
|
- 0x80, 0x20, 0x3a, 0x68, 0xe6, 0xc5, 0x50, 0x1b,
|
||||||
|
- 0x08, 0x3f, 0x40, 0xde, 0xb3, 0xe5, 0x81, 0x99,
|
||||||
|
- 0x7f, 0xdb, 0xb6, 0x5d, 0x61, 0x27, 0xd4, 0xfb,
|
||||||
|
- 0xcd, 0xc5, 0x7a, 0xea, 0xde, 0x7a, 0x66, 0xef,
|
||||||
|
- 0x55, 0x3f, 0x85, 0xea, 0x84, 0xc5, 0x0a, 0xf6,
|
||||||
|
- 0x3c, 0x40, 0x38, 0xf7, 0x6c, 0x66, 0xe5, 0xbe,
|
||||||
|
- 0x61, 0x41, 0xd3, 0xb1, 0x08, 0xe1, 0xb4, 0xf9,
|
||||||
|
- 0x6e, 0xf6, 0x0e, 0x4a, 0x72, 0x6c, 0x61, 0x63,
|
||||||
|
- 0x3e, 0x41, 0x33, 0x94, 0xd6, 0x27, 0xa4, 0xd9,
|
||||||
|
- 0x3a, 0x20, 0x2b, 0x39, 0xea, 0xe5, 0x82, 0x48,
|
||||||
|
- 0xd6, 0x5b, 0x58, 0x85, 0x44, 0xb0, 0xd2, 0xfd,
|
||||||
|
- 0xfb, 0x3e, 0xeb, 0x78, 0xac, 0xbc, 0xba, 0x16,
|
||||||
|
- 0x92, 0x0e, 0x20, 0xc1, 0xb2, 0xd1, 0x92, 0xa8,
|
||||||
|
- 0x00, 0x88, 0xc0, 0x41, 0x46, 0x38, 0xb6, 0x54,
|
||||||
|
- 0x70, 0x0c, 0x00, 0x62, 0x97, 0x6a, 0x8e, 0x66,
|
||||||
|
- 0x5a, 0xa1, 0x6c, 0xf7, 0x6d, 0xc2, 0x27, 0x56,
|
||||||
|
- 0x60, 0x5b, 0x0c, 0x52, 0xac, 0x5c, 0xae, 0x99,
|
||||||
|
- 0x55, 0x11, 0x62, 0x52, 0x09, 0x48, 0x53, 0x90,
|
||||||
|
- 0x3c, 0x0b, 0xd4, 0xdc, 0x7b, 0xe3, 0x4c, 0xe3,
|
||||||
|
- 0xa8, 0x6d, 0xc5, 0xdf, 0xc1, 0x5c, 0x59, 0x25,
|
||||||
|
- 0x99, 0x30, 0xde, 0x57, 0x6a, 0x84, 0x25, 0x34,
|
||||||
|
- 0x3e, 0x64, 0x11, 0xdb, 0x7a, 0x82, 0x8e, 0x70,
|
||||||
|
- 0xd2, 0x5c, 0x0e, 0x81, 0xa0, 0x24, 0x53, 0x75,
|
||||||
|
- 0x98, 0xd6, 0x10, 0x01, 0x6a, 0x14, 0xed, 0xc3,
|
||||||
|
- 0x6f, 0xc4, 0x18, 0xb8, 0xd2, 0x9f, 0x59, 0x53,
|
||||||
|
- 0x81, 0x3a, 0x86, 0x31, 0xfc, 0x9e, 0xbf, 0x6c,
|
||||||
|
- 0x52, 0x93, 0x86, 0x9c, 0xaa, 0x6c, 0x6f, 0x07,
|
||||||
|
- 0x8a, 0x40, 0x33, 0x64, 0xb2, 0x70, 0x48, 0x85,
|
||||||
|
- 0x05, 0x59, 0x65, 0x2d, 0x6b, 0x9a, 0xad, 0xab,
|
||||||
|
- 0x20, 0x7e, 0x02, 0x6d, 0xde, 0xcf, 0x22, 0x0b,
|
||||||
|
- 0xea, 0x6e, 0xbd, 0x1c, 0x39, 0x3a, 0xfd, 0xa4,
|
||||||
|
- 0xde, 0x54, 0xae, 0xde, 0x5e, 0xf7, 0xb0, 0x6d,
|
||||||
|
-};
|
||||||
|
-
|
||||||
|
static const struct rsa_sigver_st rsa_sigver_data[] = {
|
||||||
|
{
|
||||||
|
"pkcs1", /* pkcs1v1.5 */
|
||||||
|
@@ -1841,17 +1638,6 @@ static const struct rsa_sigver_st rsa_sigver_data[] = {
|
||||||
|
NO_PSS_SALT_LEN,
|
||||||
|
FAIL
|
||||||
|
},
|
||||||
|
- {
|
||||||
|
- "x931",
|
||||||
|
- 3072,
|
||||||
|
- "SHA256",
|
||||||
|
- ITM(rsa_sigverx931_1_msg),
|
||||||
|
- ITM(rsa_sigverx931_1_n),
|
||||||
|
- ITM(rsa_sigverx931_1_e),
|
||||||
|
- ITM(rsa_sigverx931_1_sig),
|
||||||
|
- NO_PSS_SALT_LEN,
|
||||||
|
- FAIL
|
||||||
|
- },
|
||||||
|
{
|
||||||
|
"pss",
|
||||||
|
4096,
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -0,0 +1,74 @@
|
|||||||
|
From 185fbbfea732588187c81d1b2cafb3e1fae9eb77 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Thu, 17 Nov 2022 16:38:45 +0100
|
||||||
|
Subject: [PATCH 2/2] kbkdf: Add explicit FIPS indicator for key length
|
||||||
|
|
||||||
|
NIST SP 800-131Ar2, section 8 "Deriving Additional Keys from
|
||||||
|
a Cryptographic Key" says that for KDFs defined in SP 800-108, "[t]he
|
||||||
|
length of the key-derivation key shall be at least 112 bits". It further
|
||||||
|
specifies that HMAC-based KDFs "with a key whose length is at least 112
|
||||||
|
bits" are acceptable.
|
||||||
|
|
||||||
|
Add an explicit indicator for SP 800-108 KDFs that will mark shorter key
|
||||||
|
lengths as unapproved. The indicator can be queried from the EVP_KDF_CTX
|
||||||
|
object using EVP_KDF_CTX_get_params() with the
|
||||||
|
OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR
|
||||||
|
parameter.
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
---
|
||||||
|
providers/implementations/kdfs/kbkdf.c | 32 +++++++++++++++++++++-----
|
||||||
|
1 file changed, 26 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
|
||||||
|
index a542f84dfa..93a8a10537 100644
|
||||||
|
--- a/providers/implementations/kdfs/kbkdf.c
|
||||||
|
+++ b/providers/implementations/kdfs/kbkdf.c
|
||||||
|
@@ -365,18 +365,38 @@ static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
||||||
|
OSSL_PARAM *p;
|
||||||
|
|
||||||
|
p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE);
|
||||||
|
- if (p == NULL)
|
||||||
|
- return -2;
|
||||||
|
+ if (p != NULL)
|
||||||
|
+ /* KBKDF can produce results as large as you like. */
|
||||||
|
+ return OSSL_PARAM_set_size_t(p, SIZE_MAX);
|
||||||
|
+
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR);
|
||||||
|
+ if (p != NULL) {
|
||||||
|
+ KBKDF *ctx = (KBKDF *)vctx;
|
||||||
|
+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||||
|
+ /* According to NIST Special Publication 800-131Ar2, Section 8:
|
||||||
|
+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
|
||||||
|
+ * the key-derivation key [i.e., the input key] shall be at least 112
|
||||||
|
+ * bits". */
|
||||||
|
+ if (ctx->ki_len < EVP_KDF_FIPS_MIN_KEY_LEN)
|
||||||
|
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
|
+ return OSSL_PARAM_set_int(p, fips_indicator);
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
- /* KBKDF can produce results as large as you like. */
|
||||||
|
- return OSSL_PARAM_set_size_t(p, SIZE_MAX);
|
||||||
|
+ return -2;
|
||||||
|
}
|
||||||
|
|
||||||
|
static const OSSL_PARAM *kbkdf_gettable_ctx_params(ossl_unused void *ctx,
|
||||||
|
ossl_unused void *provctx)
|
||||||
|
{
|
||||||
|
- static const OSSL_PARAM known_gettable_ctx_params[] =
|
||||||
|
- { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), OSSL_PARAM_END };
|
||||||
|
+ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||||
|
+ OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),
|
||||||
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
|
+ OSSL_PARAM_END
|
||||||
|
+ };
|
||||||
|
return known_gettable_ctx_params;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -0,0 +1,112 @@
|
|||||||
|
From e1eba21921ceeffa45ffd2115868c14e4c7fb8d9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Thu, 17 Nov 2022 18:08:24 +0100
|
||||||
|
Subject: [PATCH] hmac: Add explicit FIPS indicator for key length
|
||||||
|
|
||||||
|
NIST SP 800-131Ar2, table 9 "Approval Status of MAC Algorithms"
|
||||||
|
specifies key lengths < 112 bytes are disallowed for HMAC generation and
|
||||||
|
are legacy use for HMAC verification.
|
||||||
|
|
||||||
|
Add an explicit indicator that will mark shorter key lengths as
|
||||||
|
unsupported. The indicator can be queries from the EVP_MAC_CTX object
|
||||||
|
using EVP_MAC_CTX_get_params() with the
|
||||||
|
OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR
|
||||||
|
parameter.
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
---
|
||||||
|
include/crypto/evp.h | 7 +++++++
|
||||||
|
include/openssl/core_names.h | 1 +
|
||||||
|
include/openssl/evp.h | 3 +++
|
||||||
|
providers/implementations/macs/hmac_prov.c | 17 +++++++++++++++++
|
||||||
|
4 files changed, 28 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
|
||||||
|
index 76fb990de4..1e2240516e 100644
|
||||||
|
--- a/include/crypto/evp.h
|
||||||
|
+++ b/include/crypto/evp.h
|
||||||
|
@@ -196,6 +196,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void);
|
||||||
|
const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
|
||||||
|
const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+/* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms specifies key
|
||||||
|
+ * lengths < 112 bytes are disallowed for HMAC generation and legacy use for
|
||||||
|
+ * HMAC verification. */
|
||||||
|
+# define EVP_HMAC_GEN_FIPS_MIN_KEY_LEN (112 / 8)
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
struct evp_mac_st {
|
||||||
|
OSSL_PROVIDER *prov;
|
||||||
|
int name_id;
|
||||||
|
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
||||||
|
index c019afbbb0..94fab83193 100644
|
||||||
|
--- a/include/openssl/core_names.h
|
||||||
|
+++ b/include/openssl/core_names.h
|
||||||
|
@@ -173,6 +173,7 @@ extern "C" {
|
||||||
|
#define OSSL_MAC_PARAM_SIZE "size" /* size_t */
|
||||||
|
#define OSSL_MAC_PARAM_BLOCK_SIZE "block-size" /* size_t */
|
||||||
|
#define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size" /* size_t */
|
||||||
|
+#define OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator"
|
||||||
|
|
||||||
|
/* Known MAC names */
|
||||||
|
#define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC"
|
||||||
|
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
|
||||||
|
index 49e8e1df78..a5e78efd6e 100644
|
||||||
|
--- a/include/openssl/evp.h
|
||||||
|
+++ b/include/openssl/evp.h
|
||||||
|
@@ -1192,6 +1192,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
|
||||||
|
void *arg);
|
||||||
|
|
||||||
|
/* MAC stuff */
|
||||||
|
+# define EVP_MAC_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
|
||||||
|
+# define EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED 1
|
||||||
|
+# define EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
|
||||||
|
|
||||||
|
EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
|
||||||
|
const char *properties);
|
||||||
|
diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
|
||||||
|
index 52ebb08b8f..cf5c3ecbe7 100644
|
||||||
|
--- a/providers/implementations/macs/hmac_prov.c
|
||||||
|
+++ b/providers/implementations/macs/hmac_prov.c
|
||||||
|
@@ -21,6 +21,8 @@
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
#include <openssl/hmac.h>
|
||||||
|
|
||||||
|
+#include "crypto/evp.h"
|
||||||
|
+
|
||||||
|
#include "prov/implementations.h"
|
||||||
|
#include "prov/provider_ctx.h"
|
||||||
|
#include "prov/provider_util.h"
|
||||||
|
@@ -244,6 +246,9 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl,
|
||||||
|
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||||
|
OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
|
||||||
|
OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ OSSL_PARAM_int(OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR, NULL),
|
||||||
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
|
OSSL_PARAM_END
|
||||||
|
};
|
||||||
|
static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx,
|
||||||
|
@@ -265,6 +270,18 @@ static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
|
||||||
|
&& !OSSL_PARAM_set_int(p, hmac_block_size(macctx)))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR)) != NULL) {
|
||||||
|
+ int fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||||
|
+ /* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms
|
||||||
|
+ * specifies key lengths < 112 bytes are disallowed for HMAC generation
|
||||||
|
+ * and legacy use for HMAC verification. */
|
||||||
|
+ if (macctx->keylen < EVP_HMAC_GEN_FIPS_MIN_KEY_LEN)
|
||||||
|
+ fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
|
+ return OSSL_PARAM_set_int(p, fips_indicator);
|
||||||
|
+ }
|
||||||
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
|
+
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -0,0 +1,86 @@
|
|||||||
|
From 754862899058cfb5f2341c81f9e04dd2f7b37056 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Thu, 17 Nov 2022 18:37:17 +0100
|
||||||
|
Subject: [PATCH] pbkdf2: Set minimum password length of 8 bytes
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
The Implementation Guidance for FIPS 140-3 says in section D.N
|
||||||
|
"Password-Based Key Derivation for Storage Applications" that "the
|
||||||
|
vendor shall document in the module’s Security Policy the length of
|
||||||
|
a password/passphrase used in key derivation and establish an upper
|
||||||
|
bound for the probability of having this parameter guessed at random.
|
||||||
|
This probability shall take into account not only the length of the
|
||||||
|
password/passphrase, but also the difficulty of guessing it. The
|
||||||
|
decision on the minimum length of a password used for key derivation is
|
||||||
|
the vendor’s, but the vendor shall at a minimum informally justify the
|
||||||
|
decision."
|
||||||
|
|
||||||
|
We are choosing a minimum password length of 8 bytes, because NIST's
|
||||||
|
ACVP testing uses passwords as short as 8 bytes, and requiring longer
|
||||||
|
passwords combined with an implicit indicator (i.e., returning an error)
|
||||||
|
would cause the module to fail ACVP testing.
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
---
|
||||||
|
providers/implementations/kdfs/pbkdf2.c | 27 ++++++++++++++++++++++++-
|
||||||
|
1 file changed, 26 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
|
||||||
|
index 2a0ae63acc..aa0adce5e6 100644
|
||||||
|
--- a/providers/implementations/kdfs/pbkdf2.c
|
||||||
|
+++ b/providers/implementations/kdfs/pbkdf2.c
|
||||||
|
@@ -35,6 +35,21 @@
|
||||||
|
#define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF
|
||||||
|
#define KDF_PBKDF2_MIN_ITERATIONS 1000
|
||||||
|
#define KDF_PBKDF2_MIN_SALT_LEN (128 / 8)
|
||||||
|
+/* The Implementation Guidance for FIPS 140-3 says in section D.N
|
||||||
|
+ * "Password-Based Key Derivation for Storage Applications" that "the vendor
|
||||||
|
+ * shall document in the module’s Security Policy the length of
|
||||||
|
+ * a password/passphrase used in key derivation and establish an upper bound
|
||||||
|
+ * for the probability of having this parameter guessed at random. This
|
||||||
|
+ * probability shall take into account not only the length of the
|
||||||
|
+ * password/passphrase, but also the difficulty of guessing it. The decision on
|
||||||
|
+ * the minimum length of a password used for key derivation is the vendor’s,
|
||||||
|
+ * but the vendor shall at a minimum informally justify the decision."
|
||||||
|
+ *
|
||||||
|
+ * We are choosing a minimum password length of 8 bytes, because NIST's ACVP
|
||||||
|
+ * testing uses passwords as short as 8 bytes, and requiring longer passwords
|
||||||
|
+ * combined with an implicit indicator (i.e., returning an error) would cause
|
||||||
|
+ * the module to fail ACVP testing. */
|
||||||
|
+#define KDF_PBKDF2_MIN_PASSWORD_LEN (8)
|
||||||
|
|
||||||
|
static OSSL_FUNC_kdf_newctx_fn kdf_pbkdf2_new;
|
||||||
|
static OSSL_FUNC_kdf_freectx_fn kdf_pbkdf2_free;
|
||||||
|
@@ -186,9 +201,15 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
|
||||||
|
ctx->lower_bound_checks = pkcs5 == 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL)
|
||||||
|
+ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL) {
|
||||||
|
+ if (ctx->lower_bound_checks != 0
|
||||||
|
+ && p->data_size < KDF_PBKDF2_MIN_PASSWORD_LEN) {
|
||||||
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
if (!pbkdf2_set_membuf(&ctx->pass, &ctx->pass_len, p))
|
||||||
|
return 0;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) {
|
||||||
|
if (ctx->lower_bound_checks != 0
|
||||||
|
@@ -297,6 +318,10 @@ static int pbkdf2_derive(const char *pass, size_t passlen,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (lower_bound_checks) {
|
||||||
|
+ if (passlen < KDF_PBKDF2_MIN_PASSWORD_LEN) {
|
||||||
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
if ((keylen * 8) < KDF_PBKDF2_MIN_KEY_LEN_BITS) {
|
||||||
|
ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
|
||||||
|
return 0;
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
113
SOURCES/0085-FIPS-RSA-disable-shake.patch
Normal file
113
SOURCES/0085-FIPS-RSA-disable-shake.patch
Normal file
@ -0,0 +1,113 @@
|
|||||||
|
From 52b347703ba2b98a0efee86c1a483c2f0f9f73d6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Wed, 11 Jan 2023 12:52:59 +0100
|
||||||
|
Subject: [PATCH] rsa: Disallow SHAKE in OAEP and PSS in FIPS prov
|
||||||
|
|
||||||
|
According to FIPS 140-3 IG, section C.C, the SHAKE digest algorithms
|
||||||
|
must not be used in higher-level algorithms (such as RSA-OAEP and
|
||||||
|
RSASSA-PSS):
|
||||||
|
|
||||||
|
"To be used in an approved mode of operation, the SHA-3 hash functions
|
||||||
|
may be implemented either as part of an approved higher-level algorithm,
|
||||||
|
for example, a digital signature algorithm, or as the standalone
|
||||||
|
functions. The SHAKE128 and SHAKE256 extendable-output functions may
|
||||||
|
only be used as the standalone algorithms."
|
||||||
|
|
||||||
|
Add a check to prevent their use as message digest in PSS signatures and
|
||||||
|
as MGF1 hash function in both OAEP and PSS.
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
---
|
||||||
|
crypto/rsa/rsa_oaep.c | 28 ++++++++++++++++++++++++++++
|
||||||
|
crypto/rsa/rsa_pss.c | 16 ++++++++++++++++
|
||||||
|
2 files changed, 44 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
|
||||||
|
index d9be1a4f98..dfe9c9f0e8 100644
|
||||||
|
--- a/crypto/rsa/rsa_oaep.c
|
||||||
|
+++ b/crypto/rsa/rsa_oaep.c
|
||||||
|
@@ -73,9 +73,23 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
|
||||||
|
return 0;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) {
|
||||||
|
+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
if (mgf1md == NULL)
|
||||||
|
mgf1md = md;
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) {
|
||||||
|
+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
mdlen = EVP_MD_get_size(md);
|
||||||
|
if (mdlen <= 0) {
|
||||||
|
ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH);
|
||||||
|
@@ -181,9 +195,23 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) {
|
||||||
|
+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
if (mgf1md == NULL)
|
||||||
|
mgf1md = md;
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) {
|
||||||
|
+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
mdlen = EVP_MD_get_size(md);
|
||||||
|
|
||||||
|
if (tlen <= 0 || flen <= 0)
|
||||||
|
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
|
||||||
|
index 33874bfef8..e8681b0351 100644
|
||||||
|
--- a/crypto/rsa/rsa_pss.c
|
||||||
|
+++ b/crypto/rsa/rsa_pss.c
|
||||||
|
@@ -53,6 +53,14 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
|
||||||
|
if (mgf1Hash == NULL)
|
||||||
|
mgf1Hash = Hash;
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256"))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256"))
|
||||||
|
+ goto err;
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
hLen = EVP_MD_get_size(Hash);
|
||||||
|
if (hLen < 0)
|
||||||
|
goto err;
|
||||||
|
@@ -164,6 +172,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
|
||||||
|
if (mgf1Hash == NULL)
|
||||||
|
mgf1Hash = Hash;
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256"))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256"))
|
||||||
|
+ goto err;
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
hLen = EVP_MD_get_size(Hash);
|
||||||
|
if (hLen < 0)
|
||||||
|
goto err;
|
||||||
|
--
|
||||||
|
2.39.0
|
||||||
|
|
110
SOURCES/0088-signature-Add-indicator-for-PSS-salt-length.patch
Normal file
110
SOURCES/0088-signature-Add-indicator-for-PSS-salt-length.patch
Normal file
@ -0,0 +1,110 @@
|
|||||||
|
From a325a23bc83f4efd60130001c417ca5b96bdbff1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Thu, 17 Nov 2022 19:33:02 +0100
|
||||||
|
Subject: [PATCH 1/3] signature: Add indicator for PSS salt length
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection
|
||||||
|
5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the
|
||||||
|
salt (sLen) shall satisfy 0 ≤ sLen ≤ hLen, where hLen is the length of
|
||||||
|
the hash function output block (in bytes)."
|
||||||
|
|
||||||
|
It is not exactly clear from this text whether hLen refers to the
|
||||||
|
message digest or the hash function used for the mask generation
|
||||||
|
function MGF1. PKCS#1 v2.1 suggests it is the former:
|
||||||
|
|
||||||
|
| Typical salt lengths in octets are hLen (the length of the output of
|
||||||
|
| the hash function Hash) and 0. In both cases the security of
|
||||||
|
| RSASSA-PSS can be closely related to the hardness of inverting RSAVP1.
|
||||||
|
| Bellare and Rogaway [4] give a tight lower bound for the security of
|
||||||
|
| the original RSA-PSS scheme, which corresponds roughly to the former
|
||||||
|
| case, while Coron [12] gives a lower bound for the related Full Domain
|
||||||
|
| Hashing scheme, which corresponds roughly to the latter case. In [13]
|
||||||
|
| Coron provides a general treatment with various salt lengths ranging
|
||||||
|
| from 0 to hLen; see [27] for discussion. See also [31], which adapts
|
||||||
|
| the security proofs in [4][13] to address the differences between the
|
||||||
|
| original and the present version of RSA-PSS as listed in Note 1 above.
|
||||||
|
|
||||||
|
Since OpenSSL defaults to creating signatures with the maximum salt
|
||||||
|
length, blocking the use of longer salts would probably lead to
|
||||||
|
significant problems in practice. Instead, introduce an explicit
|
||||||
|
indicator that can be obtained from the EVP_PKEY_CTX object using
|
||||||
|
EVP_PKEY_CTX_get_params() with the
|
||||||
|
OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR
|
||||||
|
parameter.
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
---
|
||||||
|
include/openssl/core_names.h | 1 +
|
||||||
|
include/openssl/evp.h | 4 ++++
|
||||||
|
providers/implementations/signature/rsa_sig.c | 18 ++++++++++++++++++
|
||||||
|
3 files changed, 23 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
||||||
|
index 94fab83193..69c59f0b46 100644
|
||||||
|
--- a/include/openssl/core_names.h
|
||||||
|
+++ b/include/openssl/core_names.h
|
||||||
|
@@ -453,6 +453,7 @@ extern "C" {
|
||||||
|
#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES \
|
||||||
|
OSSL_PKEY_PARAM_MGF1_PROPERTIES
|
||||||
|
#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
|
||||||
|
+#define OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator"
|
||||||
|
|
||||||
|
/* Asym cipher parameters */
|
||||||
|
#define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
|
||||||
|
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
|
||||||
|
index a5e78efd6e..f239200465 100644
|
||||||
|
--- a/include/openssl/evp.h
|
||||||
|
+++ b/include/openssl/evp.h
|
||||||
|
@@ -797,6 +797,10 @@ __owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
|
||||||
|
__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
|
||||||
|
int *outl);
|
||||||
|
|
||||||
|
+# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
|
||||||
|
+# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_APPROVED 1
|
||||||
|
+# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
|
||||||
|
+
|
||||||
|
__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
|
||||||
|
EVP_PKEY *pkey);
|
||||||
|
__owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
|
||||||
|
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
||||||
|
index 49e7f9158a..0c45008a00 100644
|
||||||
|
--- a/providers/implementations/signature/rsa_sig.c
|
||||||
|
+++ b/providers/implementations/signature/rsa_sig.c
|
||||||
|
@@ -1127,6 +1127,21 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR);
|
||||||
|
+ if (p != NULL) {
|
||||||
|
+ int fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_APPROVED;
|
||||||
|
+ if (prsactx->pad_mode == RSA_PKCS1_PSS_PADDING) {
|
||||||
|
+ if (prsactx->md == NULL) {
|
||||||
|
+ fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_UNDETERMINED;
|
||||||
|
+ } else if (rsa_pss_compute_saltlen(prsactx) > EVP_MD_get_size(prsactx->md)) {
|
||||||
|
+ fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ return OSSL_PARAM_set_int(p, fips_indicator);
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1136,6 +1151,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||||
|
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
|
||||||
|
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0),
|
||||||
|
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0),
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR, NULL),
|
||||||
|
+#endif
|
||||||
|
OSSL_PARAM_END
|
||||||
|
};
|
||||||
|
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
114
SOURCES/0089-PSS-salt-length-from-provider.patch
Normal file
114
SOURCES/0089-PSS-salt-length-from-provider.patch
Normal file
@ -0,0 +1,114 @@
|
|||||||
|
From 0879fac692cb1bff0ec4c196cb364d970ad3ecec Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Mon, 21 Nov 2022 14:33:57 +0100
|
||||||
|
Subject: [PATCH 2/3] Obtain PSS salt length from provider
|
||||||
|
|
||||||
|
Rather than computing the PSS salt length again in core using
|
||||||
|
ossl_rsa_ctx_to_pss_string, which calls rsa_ctx_to_pss and computes the
|
||||||
|
salt length, obtain it from the provider using the
|
||||||
|
OSSL_SIGNATURE_PARAM_ALGORITHM_ID param to handle the case where the
|
||||||
|
interpretation of the magic constants in the provider differs from that
|
||||||
|
of OpenSSL core.
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
---
|
||||||
|
crypto/cms/cms_rsa.c | 19 +++++++++++++++----
|
||||||
|
crypto/rsa/rsa_ameth.c | 34 +++++++++++++++++++++-------------
|
||||||
|
2 files changed, 36 insertions(+), 17 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
|
||||||
|
index 20ed816918..997567fdbf 100644
|
||||||
|
--- a/crypto/cms/cms_rsa.c
|
||||||
|
+++ b/crypto/cms/cms_rsa.c
|
||||||
|
@@ -10,6 +10,7 @@
|
||||||
|
#include <assert.h>
|
||||||
|
#include <openssl/cms.h>
|
||||||
|
#include <openssl/err.h>
|
||||||
|
+#include <openssl/core_names.h>
|
||||||
|
#include "crypto/asn1.h"
|
||||||
|
#include "crypto/rsa.h"
|
||||||
|
#include "cms_local.h"
|
||||||
|
@@ -191,7 +192,10 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
|
||||||
|
int pad_mode = RSA_PKCS1_PADDING;
|
||||||
|
X509_ALGOR *alg;
|
||||||
|
EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
|
||||||
|
- ASN1_STRING *os = NULL;
|
||||||
|
+ unsigned char aid[128];
|
||||||
|
+ const unsigned char *pp = aid;
|
||||||
|
+ size_t aid_len = 0;
|
||||||
|
+ OSSL_PARAM params[2];
|
||||||
|
|
||||||
|
CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
|
||||||
|
if (pkctx != NULL) {
|
||||||
|
@@ -205,10 +209,17 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
|
||||||
|
/* We don't support it */
|
||||||
|
if (pad_mode != RSA_PKCS1_PSS_PADDING)
|
||||||
|
return 0;
|
||||||
|
- os = ossl_rsa_ctx_to_pss_string(pkctx);
|
||||||
|
- if (os == NULL)
|
||||||
|
+
|
||||||
|
+ params[0] = OSSL_PARAM_construct_octet_string(
|
||||||
|
+ OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid));
|
||||||
|
+ params[1] = OSSL_PARAM_construct_end();
|
||||||
|
+
|
||||||
|
+ if (EVP_PKEY_CTX_get_params(pkctx, params) <= 0)
|
||||||
|
+ return 0;
|
||||||
|
+ if ((aid_len = params[0].return_size) == 0)
|
||||||
|
+ return 0;
|
||||||
|
+ if (d2i_X509_ALGOR(&alg, &pp, aid_len) == NULL)
|
||||||
|
return 0;
|
||||||
|
- X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
|
||||||
|
index c15554505b..61ec53d424 100644
|
||||||
|
--- a/crypto/rsa/rsa_ameth.c
|
||||||
|
+++ b/crypto/rsa/rsa_ameth.c
|
||||||
|
@@ -637,22 +637,30 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn,
|
||||||
|
if (pad_mode == RSA_PKCS1_PADDING)
|
||||||
|
return 2;
|
||||||
|
if (pad_mode == RSA_PKCS1_PSS_PADDING) {
|
||||||
|
- ASN1_STRING *os1 = NULL;
|
||||||
|
- os1 = ossl_rsa_ctx_to_pss_string(pkctx);
|
||||||
|
- if (!os1)
|
||||||
|
+ unsigned char aid[128];
|
||||||
|
+ size_t aid_len = 0;
|
||||||
|
+ OSSL_PARAM params[2];
|
||||||
|
+
|
||||||
|
+ params[0] = OSSL_PARAM_construct_octet_string(
|
||||||
|
+ OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid));
|
||||||
|
+ params[1] = OSSL_PARAM_construct_end();
|
||||||
|
+
|
||||||
|
+ if (EVP_PKEY_CTX_get_params(pkctx, params) <= 0)
|
||||||
|
return 0;
|
||||||
|
- /* Duplicate parameters if we have to */
|
||||||
|
- if (alg2) {
|
||||||
|
- ASN1_STRING *os2 = ASN1_STRING_dup(os1);
|
||||||
|
- if (!os2) {
|
||||||
|
- ASN1_STRING_free(os1);
|
||||||
|
+ if ((aid_len = params[0].return_size) == 0)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ if (alg1 != NULL) {
|
||||||
|
+ const unsigned char *pp = aid;
|
||||||
|
+ if (d2i_X509_ALGOR(&alg1, &pp, aid_len) == NULL)
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+ if (alg2 != NULL) {
|
||||||
|
+ const unsigned char *pp = aid;
|
||||||
|
+ if (d2i_X509_ALGOR(&alg2, &pp, aid_len) == NULL)
|
||||||
|
return 0;
|
||||||
|
- }
|
||||||
|
- X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
|
||||||
|
- V_ASN1_SEQUENCE, os2);
|
||||||
|
}
|
||||||
|
- X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
|
||||||
|
- V_ASN1_SEQUENCE, os1);
|
||||||
|
+
|
||||||
|
return 3;
|
||||||
|
}
|
||||||
|
return 2;
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
338
SOURCES/0090-signature-Clamp-PSS-salt-len-to-MD-len.patch
Normal file
338
SOURCES/0090-signature-Clamp-PSS-salt-len-to-MD-len.patch
Normal file
@ -0,0 +1,338 @@
|
|||||||
|
From 9cc914ff3e1fda124bdc76d72ebc9349ec19f8ae Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Fri, 18 Nov 2022 12:35:33 +0100
|
||||||
|
Subject: [PATCH 3/3] signature: Clamp PSS salt len to MD len
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection
|
||||||
|
5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the
|
||||||
|
salt (sLen) shall satisfy 0 <= sLen <= hLen, where hLen is the length of
|
||||||
|
the hash function output block (in bytes)."
|
||||||
|
|
||||||
|
Introduce a new option RSA_PSS_SALTLEN_AUTO_DIGEST_MAX and make it the
|
||||||
|
default. The new value will behave like RSA_PSS_SALTLEN_AUTO, but will
|
||||||
|
not use more than the digest legth when signing, so that FIPS 186-4 is
|
||||||
|
not violated. This value has two advantages when compared with
|
||||||
|
RSA_PSS_SALTLEN_DIGEST: (1) It will continue to do auto-detection when
|
||||||
|
verifying signatures for maximum compatibility, where
|
||||||
|
RSA_PSS_SALTLEN_DIGEST would fail for other digest sizes. (2) It will
|
||||||
|
work for combinations where the maximum salt length is smaller than the
|
||||||
|
digest size, which typically happens with large digest sizes (e.g.,
|
||||||
|
SHA-512) and small RSA keys.
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
---
|
||||||
|
crypto/rsa/rsa_ameth.c | 18 ++++++++-
|
||||||
|
crypto/rsa/rsa_pss.c | 26 ++++++++++--
|
||||||
|
doc/man3/EVP_PKEY_CTX_ctrl.pod | 11 ++++-
|
||||||
|
doc/man7/EVP_SIGNATURE-RSA.pod | 5 +++
|
||||||
|
include/openssl/core_names.h | 1 +
|
||||||
|
include/openssl/rsa.h | 3 ++
|
||||||
|
providers/implementations/signature/rsa_sig.c | 40 ++++++++++++++-----
|
||||||
|
test/recipes/25-test_req.t | 2 +-
|
||||||
|
8 files changed, 87 insertions(+), 19 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
|
||||||
|
index 61ec53d424..e69a98d116 100644
|
||||||
|
--- a/crypto/rsa/rsa_ameth.c
|
||||||
|
+++ b/crypto/rsa/rsa_ameth.c
|
||||||
|
@@ -450,6 +450,7 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
|
||||||
|
const EVP_MD *sigmd, *mgf1md;
|
||||||
|
EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
|
||||||
|
int saltlen;
|
||||||
|
+ int saltlenMax = -1;
|
||||||
|
|
||||||
|
if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0)
|
||||||
|
return NULL;
|
||||||
|
@@ -457,14 +458,27 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
|
||||||
|
return NULL;
|
||||||
|
if (EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen) <= 0)
|
||||||
|
return NULL;
|
||||||
|
- if (saltlen == -1) {
|
||||||
|
+ if (saltlen == RSA_PSS_SALTLEN_DIGEST) {
|
||||||
|
saltlen = EVP_MD_get_size(sigmd);
|
||||||
|
- } else if (saltlen == -2 || saltlen == -3) {
|
||||||
|
+ } else if (saltlen == RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) {
|
||||||
|
+ /* FIPS 186-4 section 5 "The RSA Digital Signature Algorithm",
|
||||||
|
+ * subsection 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in
|
||||||
|
+ * bytes) of the salt (sLen) shall satisfy 0 <= sLen <= hLen, where
|
||||||
|
+ * hLen is the length of the hash function output block (in bytes)."
|
||||||
|
+ *
|
||||||
|
+ * Provide a way to use at most the digest length, so that the default
|
||||||
|
+ * does not violate FIPS 186-4. */
|
||||||
|
+ saltlen = RSA_PSS_SALTLEN_MAX;
|
||||||
|
+ saltlenMax = EVP_MD_get_size(sigmd);
|
||||||
|
+ }
|
||||||
|
+ if (saltlen == RSA_PSS_SALTLEN_MAX || saltlen == RSA_PSS_SALTLEN_AUTO) {
|
||||||
|
saltlen = EVP_PKEY_get_size(pk) - EVP_MD_get_size(sigmd) - 2;
|
||||||
|
if ((EVP_PKEY_get_bits(pk) & 0x7) == 1)
|
||||||
|
saltlen--;
|
||||||
|
if (saltlen < 0)
|
||||||
|
return NULL;
|
||||||
|
+ if (saltlenMax >= 0 && saltlen > saltlenMax)
|
||||||
|
+ saltlen = saltlenMax;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ossl_rsa_pss_params_create(sigmd, mgf1md, saltlen);
|
||||||
|
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
|
||||||
|
index 33874bfef8..430c36eb2a 100644
|
||||||
|
--- a/crypto/rsa/rsa_pss.c
|
||||||
|
+++ b/crypto/rsa/rsa_pss.c
|
||||||
|
@@ -61,11 +61,12 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
|
||||||
|
* -1 sLen == hLen
|
||||||
|
* -2 salt length is autorecovered from signature
|
||||||
|
* -3 salt length is maximized
|
||||||
|
+ * -4 salt length is autorecovered from signature
|
||||||
|
* -N reserved
|
||||||
|
*/
|
||||||
|
if (sLen == RSA_PSS_SALTLEN_DIGEST) {
|
||||||
|
sLen = hLen;
|
||||||
|
- } else if (sLen < RSA_PSS_SALTLEN_MAX) {
|
||||||
|
+ } else if (sLen < RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) {
|
||||||
|
ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
@@ -112,7 +113,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
|
||||||
|
ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_RECOVERY_FAILED);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
- if (sLen != RSA_PSS_SALTLEN_AUTO && (maskedDBLen - i) != sLen) {
|
||||||
|
+ if (sLen != RSA_PSS_SALTLEN_AUTO
|
||||||
|
+ && sLen != RSA_PSS_SALTLEN_AUTO_DIGEST_MAX
|
||||||
|
+ && (maskedDBLen - i) != sLen) {
|
||||||
|
ERR_raise_data(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED,
|
||||||
|
"expected: %d retrieved: %d", sLen,
|
||||||
|
maskedDBLen - i);
|
||||||
|
@@ -160,6 +163,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
|
||||||
|
int hLen, maskedDBLen, MSBits, emLen;
|
||||||
|
unsigned char *H, *salt = NULL, *p;
|
||||||
|
EVP_MD_CTX *ctx = NULL;
|
||||||
|
+ int sLenMax = -1;
|
||||||
|
|
||||||
|
if (mgf1Hash == NULL)
|
||||||
|
mgf1Hash = Hash;
|
||||||
|
@@ -172,13 +176,25 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
|
||||||
|
* -1 sLen == hLen
|
||||||
|
* -2 salt length is maximized
|
||||||
|
* -3 same as above (on signing)
|
||||||
|
+ * -4 salt length is min(hLen, maximum salt length)
|
||||||
|
* -N reserved
|
||||||
|
*/
|
||||||
|
+ /* FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection
|
||||||
|
+ * 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the
|
||||||
|
+ * salt (sLen) shall satisfy 0 <= sLen <= hLen, where hLen is the length of
|
||||||
|
+ * the hash function output block (in bytes)."
|
||||||
|
+ *
|
||||||
|
+ * Provide a way to use at most the digest length, so that the default does
|
||||||
|
+ * not violate FIPS 186-4. */
|
||||||
|
if (sLen == RSA_PSS_SALTLEN_DIGEST) {
|
||||||
|
sLen = hLen;
|
||||||
|
- } else if (sLen == RSA_PSS_SALTLEN_MAX_SIGN) {
|
||||||
|
+ } else if (sLen == RSA_PSS_SALTLEN_MAX_SIGN
|
||||||
|
+ || sLen == RSA_PSS_SALTLEN_AUTO) {
|
||||||
|
sLen = RSA_PSS_SALTLEN_MAX;
|
||||||
|
- } else if (sLen < RSA_PSS_SALTLEN_MAX) {
|
||||||
|
+ } else if (sLen == RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) {
|
||||||
|
+ sLen = RSA_PSS_SALTLEN_MAX;
|
||||||
|
+ sLenMax = hLen;
|
||||||
|
+ } else if (sLen < RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) {
|
||||||
|
ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
@@ -195,6 +211,8 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
|
||||||
|
}
|
||||||
|
if (sLen == RSA_PSS_SALTLEN_MAX) {
|
||||||
|
sLen = emLen - hLen - 2;
|
||||||
|
+ if (sLenMax >= 0 && sLen > sLenMax)
|
||||||
|
+ sLen = sLenMax;
|
||||||
|
} else if (sLen > emLen - hLen - 2) {
|
||||||
|
ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
|
||||||
|
goto err;
|
||||||
|
diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
|
||||||
|
index 3075eaafd6..9b96f42dbc 100644
|
||||||
|
--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
|
||||||
|
+++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
|
||||||
|
@@ -270,8 +270,8 @@ EVP_PKEY_CTX_get_rsa_padding() gets the RSA padding mode for I<ctx>.
|
||||||
|
|
||||||
|
EVP_PKEY_CTX_set_rsa_pss_saltlen() sets the RSA PSS salt length to I<saltlen>.
|
||||||
|
As its name implies it is only supported for PSS padding. If this function is
|
||||||
|
-not called then the maximum salt length is used when signing and auto detection
|
||||||
|
-when verifying. Three special values are supported:
|
||||||
|
+not called then the salt length is maximized up to the digest length when
|
||||||
|
+signing and auto detection when verifying. Four special values are supported:
|
||||||
|
|
||||||
|
=over 4
|
||||||
|
|
||||||
|
@@ -289,6 +289,13 @@ causes the salt length to be automatically determined based on the
|
||||||
|
B<PSS> block structure when verifying. When signing, it has the same
|
||||||
|
meaning as B<RSA_PSS_SALTLEN_MAX>.
|
||||||
|
|
||||||
|
+=item B<RSA_PSS_SALTLEN_AUTO_DIGEST_MAX>
|
||||||
|
+
|
||||||
|
+causes the salt length to be automatically determined based on the B<PSS> block
|
||||||
|
+structure when verifying, like B<RSA_PSS_SALTLEN_AUTO>. When signing, the salt
|
||||||
|
+length is maximized up to a maximum of the digest length to comply with FIPS
|
||||||
|
+186-4 section 5.5.
|
||||||
|
+
|
||||||
|
=back
|
||||||
|
|
||||||
|
EVP_PKEY_CTX_get_rsa_pss_saltlen() gets the RSA PSS salt length for I<ctx>.
|
||||||
|
diff --git a/doc/man7/EVP_SIGNATURE-RSA.pod b/doc/man7/EVP_SIGNATURE-RSA.pod
|
||||||
|
index 1ce32cc443..13d053e262 100644
|
||||||
|
--- a/doc/man7/EVP_SIGNATURE-RSA.pod
|
||||||
|
+++ b/doc/man7/EVP_SIGNATURE-RSA.pod
|
||||||
|
@@ -68,6 +68,11 @@ Use the maximum salt length.
|
||||||
|
|
||||||
|
Auto detect the salt length.
|
||||||
|
|
||||||
|
+=item "auto-digestmax" (B<OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX>)
|
||||||
|
+
|
||||||
|
+Auto detect the salt length when verifying. Maximize the salt length up to the
|
||||||
|
+digest size when signing to comply with FIPS 186-4 section 5.5.
|
||||||
|
+
|
||||||
|
=back
|
||||||
|
|
||||||
|
=back
|
||||||
|
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
||||||
|
index 69c59f0b46..5779f41427 100644
|
||||||
|
--- a/include/openssl/core_names.h
|
||||||
|
+++ b/include/openssl/core_names.h
|
||||||
|
@@ -399,6 +399,7 @@ extern "C" {
|
||||||
|
#define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
|
||||||
|
#define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX "max"
|
||||||
|
#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO "auto"
|
||||||
|
+#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
|
||||||
|
|
||||||
|
/* Key generation parameters */
|
||||||
|
#define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
|
||||||
|
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
|
||||||
|
index a55c9727c6..daf55bc6d4 100644
|
||||||
|
--- a/include/openssl/rsa.h
|
||||||
|
+++ b/include/openssl/rsa.h
|
||||||
|
@@ -137,6 +137,9 @@ int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
|
||||||
|
# define RSA_PSS_SALTLEN_AUTO -2
|
||||||
|
/* Set salt length to maximum possible */
|
||||||
|
# define RSA_PSS_SALTLEN_MAX -3
|
||||||
|
+/* Auto-detect on verify, set salt length to min(maximum possible, digest
|
||||||
|
+ * length) on sign */
|
||||||
|
+# define RSA_PSS_SALTLEN_AUTO_DIGEST_MAX -4
|
||||||
|
/* Old compatible max salt length for sign only */
|
||||||
|
# define RSA_PSS_SALTLEN_MAX_SIGN -2
|
||||||
|
|
||||||
|
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
||||||
|
index 0c45008a00..1a787d77db 100644
|
||||||
|
--- a/providers/implementations/signature/rsa_sig.c
|
||||||
|
+++ b/providers/implementations/signature/rsa_sig.c
|
||||||
|
@@ -191,8 +191,8 @@ static void *rsa_newctx(void *provctx, const char *propq)
|
||||||
|
prsactx->libctx = PROV_LIBCTX_OF(provctx);
|
||||||
|
prsactx->flag_allow_md = 1;
|
||||||
|
prsactx->propq = propq_copy;
|
||||||
|
- /* Maximum for sign, auto for verify */
|
||||||
|
- prsactx->saltlen = RSA_PSS_SALTLEN_AUTO;
|
||||||
|
+ /* Maximum up to digest length for sign, auto for verify */
|
||||||
|
+ prsactx->saltlen = RSA_PSS_SALTLEN_AUTO_DIGEST_MAX;
|
||||||
|
prsactx->min_saltlen = -1;
|
||||||
|
return prsactx;
|
||||||
|
}
|
||||||
|
@@ -200,13 +200,27 @@ static void *rsa_newctx(void *provctx, const char *propq)
|
||||||
|
static int rsa_pss_compute_saltlen(PROV_RSA_CTX *ctx)
|
||||||
|
{
|
||||||
|
int saltlen = ctx->saltlen;
|
||||||
|
-
|
||||||
|
+ int saltlenMax = -1;
|
||||||
|
+
|
||||||
|
+ /* FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection
|
||||||
|
+ * 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the
|
||||||
|
+ * salt (sLen) shall satisfy 0 <= sLen <= hLen, where hLen is the length of
|
||||||
|
+ * the hash function output block (in bytes)."
|
||||||
|
+ *
|
||||||
|
+ * Provide a way to use at most the digest length, so that the default does
|
||||||
|
+ * not violate FIPS 186-4. */
|
||||||
|
if (saltlen == RSA_PSS_SALTLEN_DIGEST) {
|
||||||
|
saltlen = EVP_MD_get_size(ctx->md);
|
||||||
|
- } else if (saltlen == RSA_PSS_SALTLEN_AUTO || saltlen == RSA_PSS_SALTLEN_MAX) {
|
||||||
|
+ } else if (saltlen == RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) {
|
||||||
|
+ saltlen = RSA_PSS_SALTLEN_MAX;
|
||||||
|
+ saltlenMax = EVP_MD_get_size(ctx->md);
|
||||||
|
+ }
|
||||||
|
+ if (saltlen == RSA_PSS_SALTLEN_MAX || saltlen == RSA_PSS_SALTLEN_AUTO) {
|
||||||
|
saltlen = RSA_size(ctx->rsa) - EVP_MD_get_size(ctx->md) - 2;
|
||||||
|
if ((RSA_bits(ctx->rsa) & 0x7) == 1)
|
||||||
|
saltlen--;
|
||||||
|
+ if (saltlenMax >= 0 && saltlen > saltlenMax)
|
||||||
|
+ saltlen = saltlenMax;
|
||||||
|
}
|
||||||
|
if (saltlen < 0) {
|
||||||
|
ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
|
||||||
|
@@ -411,8 +425,8 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa,
|
||||||
|
|
||||||
|
prsactx->operation = operation;
|
||||||
|
|
||||||
|
- /* Maximum for sign, auto for verify */
|
||||||
|
- prsactx->saltlen = RSA_PSS_SALTLEN_AUTO;
|
||||||
|
+ /* Maximize up to digest length for sign, auto for verify */
|
||||||
|
+ prsactx->saltlen = RSA_PSS_SALTLEN_AUTO_DIGEST_MAX;
|
||||||
|
prsactx->min_saltlen = -1;
|
||||||
|
|
||||||
|
switch (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK)) {
|
||||||
|
@@ -1110,6 +1124,9 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
|
||||||
|
case RSA_PSS_SALTLEN_AUTO:
|
||||||
|
value = OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO;
|
||||||
|
break;
|
||||||
|
+ case RSA_PSS_SALTLEN_AUTO_DIGEST_MAX:
|
||||||
|
+ value = OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX;
|
||||||
|
+ break;
|
||||||
|
default:
|
||||||
|
{
|
||||||
|
int len = BIO_snprintf(p->data, p->data_size, "%d",
|
||||||
|
@@ -1297,6 +1314,8 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
||||||
|
saltlen = RSA_PSS_SALTLEN_MAX;
|
||||||
|
else if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO) == 0)
|
||||||
|
saltlen = RSA_PSS_SALTLEN_AUTO;
|
||||||
|
+ else if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX) == 0)
|
||||||
|
+ saltlen = RSA_PSS_SALTLEN_AUTO_DIGEST_MAX;
|
||||||
|
else
|
||||||
|
saltlen = atoi(p->data);
|
||||||
|
break;
|
||||||
|
@@ -1305,11 +1324,11 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
- * RSA_PSS_SALTLEN_MAX seems curiously named in this check.
|
||||||
|
- * Contrary to what it's name suggests, it's the currently
|
||||||
|
- * lowest saltlen number possible.
|
||||||
|
+ * RSA_PSS_SALTLEN_AUTO_DIGEST_MAX seems curiously named in this check.
|
||||||
|
+ * Contrary to what it's name suggests, it's the currently lowest
|
||||||
|
+ * saltlen number possible.
|
||||||
|
*/
|
||||||
|
- if (saltlen < RSA_PSS_SALTLEN_MAX) {
|
||||||
|
+ if (saltlen < RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) {
|
||||||
|
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@@ -1317,6 +1336,7 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
||||||
|
if (rsa_pss_restricted(prsactx)) {
|
||||||
|
switch (saltlen) {
|
||||||
|
case RSA_PSS_SALTLEN_AUTO:
|
||||||
|
+ case RSA_PSS_SALTLEN_AUTO_DIGEST_MAX:
|
||||||
|
if (prsactx->operation == EVP_PKEY_OP_VERIFY) {
|
||||||
|
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH,
|
||||||
|
"Cannot use autodetected salt length");
|
||||||
|
diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t
|
||||||
|
index e615f1b338..35541aed12 100644
|
||||||
|
--- a/test/recipes/25-test_req.t
|
||||||
|
+++ b/test/recipes/25-test_req.t
|
||||||
|
@@ -199,7 +199,7 @@ subtest "generating certificate requests with RSA-PSS" => sub {
|
||||||
|
ok(!run(app(["openssl", "req",
|
||||||
|
"-config", srctop_file("test", "test.cnf"),
|
||||||
|
"-new", "-out", "testreq-rsapss3.pem", "-utf8",
|
||||||
|
- "-sigopt", "rsa_pss_saltlen:-4",
|
||||||
|
+ "-sigopt", "rsa_pss_saltlen:-5",
|
||||||
|
"-key", srctop_file("test", "testrsapss.pem")])),
|
||||||
|
"Generating request with expected failure");
|
||||||
|
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
32
SOURCES/0091-FIPS-RSA-encapsulate.patch
Normal file
32
SOURCES/0091-FIPS-RSA-encapsulate.patch
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
diff -up openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap openssl-3.0.1/providers/implementations/kem/rsa_kem.c
|
||||||
|
--- openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap 2022-11-22 12:27:30.994530801 +0100
|
||||||
|
+++ openssl-3.0.1/providers/implementations/kem/rsa_kem.c 2022-11-22 12:32:15.916875495 +0100
|
||||||
|
@@ -264,6 +264,14 @@ static int rsasve_generate(PROV_RSA_CTX
|
||||||
|
*secretlen = nlen;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
|
||||||
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Step (2): Generate a random byte string z of nlen bytes where
|
||||||
|
* 1 < z < n - 1
|
||||||
|
@@ -307,6 +315,13 @@ static int rsasve_recover(PROV_RSA_CTX *
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
|
||||||
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/* Step (2): check the input ciphertext 'inlen' matches the nlen */
|
||||||
|
if (inlen != nlen) {
|
||||||
|
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH);
|
705
SOURCES/0092-provider-improvements.patch
Normal file
705
SOURCES/0092-provider-improvements.patch
Normal file
@ -0,0 +1,705 @@
|
|||||||
|
From 98642df4ba886818900ab7e6b23703544e6addd4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simo Sorce <simo@redhat.com>
|
||||||
|
Date: Thu, 10 Nov 2022 10:46:32 -0500
|
||||||
|
Subject: [PATCH 1/3] Propagate selection all the way on key export
|
||||||
|
|
||||||
|
EVP_PKEY_eq() is used to check, among other things, if a certificate
|
||||||
|
public key corresponds to a private key. When the private key belongs to
|
||||||
|
a provider that does not allow to export private keys this currently
|
||||||
|
fails as the internal functions used to import/export keys ignored the
|
||||||
|
selection given (which specifies that only the public key needs to be
|
||||||
|
considered) and instead tries to export everything.
|
||||||
|
|
||||||
|
This patch allows to propagate the selection all the way down including
|
||||||
|
adding it in the cache so that a following operation actually looking
|
||||||
|
for other selection parameters does not mistakenly pick up an export
|
||||||
|
containing only partial information.
|
||||||
|
|
||||||
|
Signed-off-by: Simo Sorce <simo@redhat.com>
|
||||||
|
|
||||||
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||||
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||||
|
(Merged from https://github.com/openssl/openssl/pull/19648)
|
||||||
|
|
||||||
|
diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c
|
||||||
|
index b06730dc7a..2d0238ee27 100644
|
||||||
|
--- a/crypto/evp/keymgmt_lib.c
|
||||||
|
+++ b/crypto/evp/keymgmt_lib.c
|
||||||
|
@@ -93,7 +93,8 @@ int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection,
|
||||||
|
export_cb, export_cbarg);
|
||||||
|
}
|
||||||
|
|
||||||
|
-void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
|
||||||
|
+void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
|
||||||
|
+ int selection)
|
||||||
|
{
|
||||||
|
struct evp_keymgmt_util_try_import_data_st import_data;
|
||||||
|
OP_CACHE_ELEM *op;
|
||||||
|
@@ -127,7 +128,7 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
|
||||||
|
*/
|
||||||
|
if (pk->dirty_cnt == pk->dirty_cnt_copy) {
|
||||||
|
/* If this key is already exported to |keymgmt|, no more to do */
|
||||||
|
- op = evp_keymgmt_util_find_operation_cache(pk, keymgmt);
|
||||||
|
+ op = evp_keymgmt_util_find_operation_cache(pk, keymgmt, selection);
|
||||||
|
if (op != NULL && op->keymgmt != NULL) {
|
||||||
|
void *ret = op->keydata;
|
||||||
|
|
||||||
|
@@ -157,13 +158,13 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
|
||||||
|
/* Setup for the export callback */
|
||||||
|
import_data.keydata = NULL; /* evp_keymgmt_util_try_import will create it */
|
||||||
|
import_data.keymgmt = keymgmt;
|
||||||
|
- import_data.selection = OSSL_KEYMGMT_SELECT_ALL;
|
||||||
|
+ import_data.selection = selection;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The export function calls the callback (evp_keymgmt_util_try_import),
|
||||||
|
* which does the import for us. If successful, we're done.
|
||||||
|
*/
|
||||||
|
- if (!evp_keymgmt_util_export(pk, OSSL_KEYMGMT_SELECT_ALL,
|
||||||
|
+ if (!evp_keymgmt_util_export(pk, selection,
|
||||||
|
&evp_keymgmt_util_try_import, &import_data))
|
||||||
|
/* If there was an error, bail out */
|
||||||
|
return NULL;
|
||||||
|
@@ -173,7 +174,7 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
/* Check to make sure some other thread didn't get there first */
|
||||||
|
- op = evp_keymgmt_util_find_operation_cache(pk, keymgmt);
|
||||||
|
+ op = evp_keymgmt_util_find_operation_cache(pk, keymgmt, selection);
|
||||||
|
if (op != NULL && op->keydata != NULL) {
|
||||||
|
void *ret = op->keydata;
|
||||||
|
|
||||||
|
@@ -196,7 +197,8 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
|
||||||
|
evp_keymgmt_util_clear_operation_cache(pk, 0);
|
||||||
|
|
||||||
|
/* Add the new export to the operation cache */
|
||||||
|
- if (!evp_keymgmt_util_cache_keydata(pk, keymgmt, import_data.keydata)) {
|
||||||
|
+ if (!evp_keymgmt_util_cache_keydata(pk, keymgmt, import_data.keydata,
|
||||||
|
+ selection)) {
|
||||||
|
CRYPTO_THREAD_unlock(pk->lock);
|
||||||
|
evp_keymgmt_freedata(keymgmt, import_data.keydata);
|
||||||
|
return NULL;
|
||||||
|
@@ -232,7 +234,8 @@ int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking)
|
||||||
|
}
|
||||||
|
|
||||||
|
OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk,
|
||||||
|
- EVP_KEYMGMT *keymgmt)
|
||||||
|
+ EVP_KEYMGMT *keymgmt,
|
||||||
|
+ int selection)
|
||||||
|
{
|
||||||
|
int i, end = sk_OP_CACHE_ELEM_num(pk->operation_cache);
|
||||||
|
OP_CACHE_ELEM *p;
|
||||||
|
@@ -243,14 +246,14 @@ OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk,
|
||||||
|
*/
|
||||||
|
for (i = 0; i < end; i++) {
|
||||||
|
p = sk_OP_CACHE_ELEM_value(pk->operation_cache, i);
|
||||||
|
- if (keymgmt == p->keymgmt)
|
||||||
|
+ if (keymgmt == p->keymgmt && (p->selection & selection) == selection)
|
||||||
|
return p;
|
||||||
|
}
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
-int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk,
|
||||||
|
- EVP_KEYMGMT *keymgmt, void *keydata)
|
||||||
|
+int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
|
||||||
|
+ void *keydata, int selection)
|
||||||
|
{
|
||||||
|
OP_CACHE_ELEM *p = NULL;
|
||||||
|
|
||||||
|
@@ -266,6 +269,7 @@ int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk,
|
||||||
|
return 0;
|
||||||
|
p->keydata = keydata;
|
||||||
|
p->keymgmt = keymgmt;
|
||||||
|
+ p->selection = selection;
|
||||||
|
|
||||||
|
if (!EVP_KEYMGMT_up_ref(keymgmt)) {
|
||||||
|
OPENSSL_free(p);
|
||||||
|
@@ -391,7 +395,8 @@ int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection)
|
||||||
|
ok = 1;
|
||||||
|
if (keydata1 != NULL) {
|
||||||
|
tmp_keydata =
|
||||||
|
- evp_keymgmt_util_export_to_provider(pk1, keymgmt2);
|
||||||
|
+ evp_keymgmt_util_export_to_provider(pk1, keymgmt2,
|
||||||
|
+ selection);
|
||||||
|
ok = (tmp_keydata != NULL);
|
||||||
|
}
|
||||||
|
if (ok) {
|
||||||
|
@@ -411,7 +416,8 @@ int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection)
|
||||||
|
ok = 1;
|
||||||
|
if (keydata2 != NULL) {
|
||||||
|
tmp_keydata =
|
||||||
|
- evp_keymgmt_util_export_to_provider(pk2, keymgmt1);
|
||||||
|
+ evp_keymgmt_util_export_to_provider(pk2, keymgmt1,
|
||||||
|
+ selection);
|
||||||
|
ok = (tmp_keydata != NULL);
|
||||||
|
}
|
||||||
|
if (ok) {
|
||||||
|
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
|
||||||
|
index 70d17ec37e..905e9c9ce4 100644
|
||||||
|
--- a/crypto/evp/p_lib.c
|
||||||
|
+++ b/crypto/evp/p_lib.c
|
||||||
|
@@ -1822,6 +1822,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx,
|
||||||
|
{
|
||||||
|
EVP_KEYMGMT *allocated_keymgmt = NULL;
|
||||||
|
EVP_KEYMGMT *tmp_keymgmt = NULL;
|
||||||
|
+ int selection = OSSL_KEYMGMT_SELECT_ALL;
|
||||||
|
void *keydata = NULL;
|
||||||
|
int check;
|
||||||
|
|
||||||
|
@@ -1883,7 +1884,8 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx,
|
||||||
|
if (pk->ameth->dirty_cnt(pk) == pk->dirty_cnt_copy) {
|
||||||
|
if (!CRYPTO_THREAD_read_lock(pk->lock))
|
||||||
|
goto end;
|
||||||
|
- op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt);
|
||||||
|
+ op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt,
|
||||||
|
+ selection);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If |tmp_keymgmt| is present in the operation cache, it means
|
||||||
|
@@ -1938,7 +1940,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx,
|
||||||
|
EVP_KEYMGMT_free(tmp_keymgmt); /* refcnt-- */
|
||||||
|
|
||||||
|
/* Check to make sure some other thread didn't get there first */
|
||||||
|
- op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt);
|
||||||
|
+ op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt, selection);
|
||||||
|
if (op != NULL && op->keymgmt != NULL) {
|
||||||
|
void *tmp_keydata = op->keydata;
|
||||||
|
|
||||||
|
@@ -1949,7 +1951,8 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx,
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Add the new export to the operation cache */
|
||||||
|
- if (!evp_keymgmt_util_cache_keydata(pk, tmp_keymgmt, keydata)) {
|
||||||
|
+ if (!evp_keymgmt_util_cache_keydata(pk, tmp_keymgmt, keydata,
|
||||||
|
+ selection)) {
|
||||||
|
CRYPTO_THREAD_unlock(pk->lock);
|
||||||
|
evp_keymgmt_freedata(tmp_keymgmt, keydata);
|
||||||
|
keydata = NULL;
|
||||||
|
@@ -1964,7 +1967,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx,
|
||||||
|
}
|
||||||
|
#endif /* FIPS_MODULE */
|
||||||
|
|
||||||
|
- keydata = evp_keymgmt_util_export_to_provider(pk, tmp_keymgmt);
|
||||||
|
+ keydata = evp_keymgmt_util_export_to_provider(pk, tmp_keymgmt, selection);
|
||||||
|
|
||||||
|
end:
|
||||||
|
/*
|
||||||
|
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
|
||||||
|
index f601b72807..dbbdcccbda 100644
|
||||||
|
--- a/include/crypto/evp.h
|
||||||
|
+++ b/include/crypto/evp.h
|
||||||
|
@@ -589,6 +589,7 @@ int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
|
||||||
|
typedef struct {
|
||||||
|
EVP_KEYMGMT *keymgmt;
|
||||||
|
void *keydata;
|
||||||
|
+ int selection;
|
||||||
|
} OP_CACHE_ELEM;
|
||||||
|
|
||||||
|
DEFINE_STACK_OF(OP_CACHE_ELEM)
|
||||||
|
@@ -778,12 +779,14 @@ EVP_PKEY *evp_keymgmt_util_make_pkey(EVP_KEYMGMT *keymgmt, void *keydata);
|
||||||
|
|
||||||
|
int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection,
|
||||||
|
OSSL_CALLBACK *export_cb, void *export_cbarg);
|
||||||
|
-void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt);
|
||||||
|
+void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
|
||||||
|
+ int selection);
|
||||||
|
OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk,
|
||||||
|
- EVP_KEYMGMT *keymgmt);
|
||||||
|
+ EVP_KEYMGMT *keymgmt,
|
||||||
|
+ int selection);
|
||||||
|
int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking);
|
||||||
|
-int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk,
|
||||||
|
- EVP_KEYMGMT *keymgmt, void *keydata);
|
||||||
|
+int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
|
||||||
|
+ void *keydata, int selection);
|
||||||
|
void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk);
|
||||||
|
void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt,
|
||||||
|
int selection, const OSSL_PARAM params[]);
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
||||||
|
From 504427eb5f32108dd64ff7858012863fe47b369b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simo Sorce <simo@redhat.com>
|
||||||
|
Date: Thu, 10 Nov 2022 16:58:28 -0500
|
||||||
|
Subject: [PATCH 2/3] Update documentation for keymgmt export utils
|
||||||
|
|
||||||
|
Change function prototypes and explain how to use the selection
|
||||||
|
argument.
|
||||||
|
|
||||||
|
Signed-off-by: Simo Sorce <simo@redhat.com>
|
||||||
|
|
||||||
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||||
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||||
|
(Merged from https://github.com/openssl/openssl/pull/19648)
|
||||||
|
|
||||||
|
diff --git a/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod b/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod
|
||||||
|
index 1fee9f6ff9..7099e44964 100644
|
||||||
|
--- a/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod
|
||||||
|
+++ b/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod
|
||||||
|
@@ -20,12 +20,14 @@ OP_CACHE_ELEM
|
||||||
|
|
||||||
|
int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection,
|
||||||
|
OSSL_CALLBACK *export_cb, void *export_cbarg);
|
||||||
|
- void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt);
|
||||||
|
+ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
|
||||||
|
+ int selection);
|
||||||
|
OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk,
|
||||||
|
- EVP_KEYMGMT *keymgmt);
|
||||||
|
+ EVP_KEYMGMT *keymgmt,
|
||||||
|
+ int selection);
|
||||||
|
int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking);
|
||||||
|
- int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk,
|
||||||
|
- EVP_KEYMGMT *keymgmt, void *keydata);
|
||||||
|
+ int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
|
||||||
|
+ void *keydata, int selection);
|
||||||
|
void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk);
|
||||||
|
void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt,
|
||||||
|
int selection, const OSSL_PARAM params[]);
|
||||||
|
@@ -65,6 +67,11 @@ evp_keymgmt_util_fromdata() can be used to add key object data to a
|
||||||
|
given key I<target> via a B<EVP_KEYMGMT> interface. This is used as a
|
||||||
|
helper for L<EVP_PKEY_fromdata(3)>.
|
||||||
|
|
||||||
|
+In all functions that take a I<selection> argument, the selection is used to
|
||||||
|
+constraint the information requested on export. It is also used in the cache
|
||||||
|
+so that key data is guaranteed to contain all the information requested in
|
||||||
|
+the selection.
|
||||||
|
+
|
||||||
|
=head1 RETURN VALUES
|
||||||
|
|
||||||
|
evp_keymgmt_export_to_provider() and evp_keymgmt_util_fromdata()
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
||||||
|
From e5202fbd461cb6c067874987998e91c6093e5267 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simo Sorce <simo@redhat.com>
|
||||||
|
Date: Fri, 11 Nov 2022 12:18:26 -0500
|
||||||
|
Subject: [PATCH 3/3] Add test for EVP_PKEY_eq
|
||||||
|
|
||||||
|
This tests that the comparison work even if a provider can only return
|
||||||
|
a public key.
|
||||||
|
|
||||||
|
Signed-off-by: Simo Sorce <simo@redhat.com>
|
||||||
|
|
||||||
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||||
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||||
|
(Merged from https://github.com/openssl/openssl/pull/19648)
|
||||||
|
|
||||||
|
diff --git a/test/fake_rsaprov.c b/test/fake_rsaprov.c
|
||||||
|
index d556551bb6..5e92e72d4b 100644
|
||||||
|
--- a/test/fake_rsaprov.c
|
||||||
|
+++ b/test/fake_rsaprov.c
|
||||||
|
@@ -22,24 +22,34 @@ static OSSL_FUNC_keymgmt_has_fn fake_rsa_keymgmt_has;
|
||||||
|
static OSSL_FUNC_keymgmt_query_operation_name_fn fake_rsa_keymgmt_query;
|
||||||
|
static OSSL_FUNC_keymgmt_import_fn fake_rsa_keymgmt_import;
|
||||||
|
static OSSL_FUNC_keymgmt_import_types_fn fake_rsa_keymgmt_imptypes;
|
||||||
|
+static OSSL_FUNC_keymgmt_export_fn fake_rsa_keymgmt_export;
|
||||||
|
+static OSSL_FUNC_keymgmt_export_types_fn fake_rsa_keymgmt_exptypes;
|
||||||
|
static OSSL_FUNC_keymgmt_load_fn fake_rsa_keymgmt_load;
|
||||||
|
|
||||||
|
static int has_selection;
|
||||||
|
static int imptypes_selection;
|
||||||
|
+static int exptypes_selection;
|
||||||
|
static int query_id;
|
||||||
|
|
||||||
|
+struct fake_rsa_keydata {
|
||||||
|
+ int selection;
|
||||||
|
+ int status;
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
static void *fake_rsa_keymgmt_new(void *provctx)
|
||||||
|
{
|
||||||
|
- unsigned char *keydata = OPENSSL_zalloc(1);
|
||||||
|
+ struct fake_rsa_keydata *key;
|
||||||
|
|
||||||
|
- TEST_ptr(keydata);
|
||||||
|
+ if (!TEST_ptr(key = OPENSSL_zalloc(sizeof(struct fake_rsa_keydata))))
|
||||||
|
+ return NULL;
|
||||||
|
|
||||||
|
/* clear test globals */
|
||||||
|
has_selection = 0;
|
||||||
|
imptypes_selection = 0;
|
||||||
|
+ exptypes_selection = 0;
|
||||||
|
query_id = 0;
|
||||||
|
|
||||||
|
- return keydata;
|
||||||
|
+ return key;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void fake_rsa_keymgmt_free(void *keydata)
|
||||||
|
@@ -67,14 +77,104 @@ static const char *fake_rsa_keymgmt_query(int id)
|
||||||
|
static int fake_rsa_keymgmt_import(void *keydata, int selection,
|
||||||
|
const OSSL_PARAM *p)
|
||||||
|
{
|
||||||
|
- unsigned char *fake_rsa_key = keydata;
|
||||||
|
+ struct fake_rsa_keydata *fake_rsa_key = keydata;
|
||||||
|
|
||||||
|
/* key was imported */
|
||||||
|
- *fake_rsa_key = 1;
|
||||||
|
+ fake_rsa_key->status = 1;
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static unsigned char fake_rsa_n[] =
|
||||||
|
+ "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
|
||||||
|
+ "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
|
||||||
|
+ "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
|
||||||
|
+ "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
|
||||||
|
+ "\xF5";
|
||||||
|
+
|
||||||
|
+static unsigned char fake_rsa_e[] = "\x11";
|
||||||
|
+
|
||||||
|
+static unsigned char fake_rsa_d[] =
|
||||||
|
+ "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
|
||||||
|
+ "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
|
||||||
|
+ "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
|
||||||
|
+ "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
|
||||||
|
+
|
||||||
|
+static unsigned char fake_rsa_p[] =
|
||||||
|
+ "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
|
||||||
|
+ "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
|
||||||
|
+ "\x0D";
|
||||||
|
+
|
||||||
|
+static unsigned char fake_rsa_q[] =
|
||||||
|
+ "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
|
||||||
|
+ "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
|
||||||
|
+ "\x89";
|
||||||
|
+
|
||||||
|
+static unsigned char fake_rsa_dmp1[] =
|
||||||
|
+ "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
|
||||||
|
+ "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
|
||||||
|
+
|
||||||
|
+static unsigned char fake_rsa_dmq1[] =
|
||||||
|
+ "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
|
||||||
|
+ "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
|
||||||
|
+ "\x51";
|
||||||
|
+
|
||||||
|
+static unsigned char fake_rsa_iqmp[] =
|
||||||
|
+ "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
|
||||||
|
+ "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
|
||||||
|
+
|
||||||
|
+OSSL_PARAM *fake_rsa_key_params(int priv)
|
||||||
|
+{
|
||||||
|
+ if (priv) {
|
||||||
|
+ OSSL_PARAM params[] = {
|
||||||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, fake_rsa_n,
|
||||||
|
+ sizeof(fake_rsa_n) -1),
|
||||||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, fake_rsa_e,
|
||||||
|
+ sizeof(fake_rsa_e) -1),
|
||||||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, fake_rsa_d,
|
||||||
|
+ sizeof(fake_rsa_d) -1),
|
||||||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, fake_rsa_p,
|
||||||
|
+ sizeof(fake_rsa_p) -1),
|
||||||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, fake_rsa_q,
|
||||||
|
+ sizeof(fake_rsa_q) -1),
|
||||||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, fake_rsa_dmp1,
|
||||||
|
+ sizeof(fake_rsa_dmp1) -1),
|
||||||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, fake_rsa_dmq1,
|
||||||
|
+ sizeof(fake_rsa_dmq1) -1),
|
||||||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, fake_rsa_iqmp,
|
||||||
|
+ sizeof(fake_rsa_iqmp) -1),
|
||||||
|
+ OSSL_PARAM_END
|
||||||
|
+ };
|
||||||
|
+ return OSSL_PARAM_dup(params);
|
||||||
|
+ } else {
|
||||||
|
+ OSSL_PARAM params[] = {
|
||||||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, fake_rsa_n,
|
||||||
|
+ sizeof(fake_rsa_n) -1),
|
||||||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, fake_rsa_e,
|
||||||
|
+ sizeof(fake_rsa_e) -1),
|
||||||
|
+ OSSL_PARAM_END
|
||||||
|
+ };
|
||||||
|
+ return OSSL_PARAM_dup(params);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static int fake_rsa_keymgmt_export(void *keydata, int selection,
|
||||||
|
+ OSSL_CALLBACK *param_callback, void *cbarg)
|
||||||
|
+{
|
||||||
|
+ OSSL_PARAM *params = NULL;
|
||||||
|
+ int ret;
|
||||||
|
+
|
||||||
|
+ if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ if (!TEST_ptr(params = fake_rsa_key_params(0)))
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ ret = param_callback(params, cbarg);
|
||||||
|
+ OSSL_PARAM_free(params);
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static const OSSL_PARAM fake_rsa_import_key_types[] = {
|
||||||
|
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0),
|
||||||
|
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0),
|
||||||
|
@@ -95,19 +195,33 @@ static const OSSL_PARAM *fake_rsa_keymgmt_imptypes(int selection)
|
||||||
|
return fake_rsa_import_key_types;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static const OSSL_PARAM fake_rsa_export_key_types[] = {
|
||||||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0),
|
||||||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0),
|
||||||
|
+ OSSL_PARAM_END
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static const OSSL_PARAM *fake_rsa_keymgmt_exptypes(int selection)
|
||||||
|
+{
|
||||||
|
+ /* record global for checking */
|
||||||
|
+ exptypes_selection = selection;
|
||||||
|
+
|
||||||
|
+ return fake_rsa_export_key_types;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void *fake_rsa_keymgmt_load(const void *reference, size_t reference_sz)
|
||||||
|
{
|
||||||
|
- unsigned char *key = NULL;
|
||||||
|
+ struct fake_rsa_keydata *key = NULL;
|
||||||
|
|
||||||
|
- if (reference_sz != sizeof(key))
|
||||||
|
+ if (reference_sz != sizeof(*key))
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
- key = *(unsigned char **)reference;
|
||||||
|
- if (*key != 1)
|
||||||
|
+ key = *(struct fake_rsa_keydata **)reference;
|
||||||
|
+ if (key->status != 1)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
/* detach the reference */
|
||||||
|
- *(unsigned char **)reference = NULL;
|
||||||
|
+ *(struct fake_rsa_keydata **)reference = NULL;
|
||||||
|
|
||||||
|
return key;
|
||||||
|
}
|
||||||
|
@@ -129,7 +243,7 @@ static void *fake_rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
|
||||||
|
{
|
||||||
|
unsigned char *gctx = genctx;
|
||||||
|
static const unsigned char inited[] = { 1 };
|
||||||
|
- unsigned char *keydata;
|
||||||
|
+ struct fake_rsa_keydata *keydata;
|
||||||
|
|
||||||
|
if (!TEST_ptr(gctx)
|
||||||
|
|| !TEST_mem_eq(gctx, sizeof(*gctx), inited, sizeof(inited)))
|
||||||
|
@@ -138,7 +252,7 @@ static void *fake_rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
|
||||||
|
if (!TEST_ptr(keydata = fake_rsa_keymgmt_new(NULL)))
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
- *keydata = 2;
|
||||||
|
+ keydata->status = 2;
|
||||||
|
return keydata;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -156,6 +270,9 @@ static const OSSL_DISPATCH fake_rsa_keymgmt_funcs[] = {
|
||||||
|
{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))fake_rsa_keymgmt_import },
|
||||||
|
{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES,
|
||||||
|
(void (*)(void))fake_rsa_keymgmt_imptypes },
|
||||||
|
+ { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))fake_rsa_keymgmt_export },
|
||||||
|
+ { OSSL_FUNC_KEYMGMT_EXPORT_TYPES,
|
||||||
|
+ (void (*)(void))fake_rsa_keymgmt_exptypes },
|
||||||
|
{ OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))fake_rsa_keymgmt_load },
|
||||||
|
{ OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))fake_rsa_gen_init },
|
||||||
|
{ OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))fake_rsa_gen },
|
||||||
|
@@ -191,14 +308,14 @@ static int fake_rsa_sig_sign_init(void *ctx, void *provkey,
|
||||||
|
const OSSL_PARAM params[])
|
||||||
|
{
|
||||||
|
unsigned char *sigctx = ctx;
|
||||||
|
- unsigned char *keydata = provkey;
|
||||||
|
+ struct fake_rsa_keydata *keydata = provkey;
|
||||||
|
|
||||||
|
/* we must have a ctx */
|
||||||
|
if (!TEST_ptr(sigctx))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
/* we must have some initialized key */
|
||||||
|
- if (!TEST_ptr(keydata) || !TEST_int_gt(keydata[0], 0))
|
||||||
|
+ if (!TEST_ptr(keydata) || !TEST_int_gt(keydata->status, 0))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
/* record that sign init was called */
|
||||||
|
@@ -289,7 +406,7 @@ static int fake_rsa_st_load(void *loaderctx,
|
||||||
|
unsigned char *storectx = loaderctx;
|
||||||
|
OSSL_PARAM params[4];
|
||||||
|
int object_type = OSSL_OBJECT_PKEY;
|
||||||
|
- void *key = NULL;
|
||||||
|
+ struct fake_rsa_keydata *key = NULL;
|
||||||
|
int rv = 0;
|
||||||
|
|
||||||
|
switch (*storectx) {
|
||||||
|
@@ -307,7 +424,7 @@ static int fake_rsa_st_load(void *loaderctx,
|
||||||
|
/* The address of the key becomes the octet string */
|
||||||
|
params[2] =
|
||||||
|
OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
|
||||||
|
- &key, sizeof(key));
|
||||||
|
+ &key, sizeof(*key));
|
||||||
|
params[3] = OSSL_PARAM_construct_end();
|
||||||
|
rv = object_cb(params, object_cbarg);
|
||||||
|
*storectx = 1;
|
||||||
|
diff --git a/test/fake_rsaprov.h b/test/fake_rsaprov.h
|
||||||
|
index 57de1ecf8d..190c46a285 100644
|
||||||
|
--- a/test/fake_rsaprov.h
|
||||||
|
+++ b/test/fake_rsaprov.h
|
||||||
|
@@ -12,3 +12,4 @@
|
||||||
|
/* Fake RSA provider implementation */
|
||||||
|
OSSL_PROVIDER *fake_rsa_start(OSSL_LIB_CTX *libctx);
|
||||||
|
void fake_rsa_finish(OSSL_PROVIDER *p);
|
||||||
|
+OSSL_PARAM *fake_rsa_key_params(int priv);
|
||||||
|
diff --git a/test/provider_pkey_test.c b/test/provider_pkey_test.c
|
||||||
|
index 5c398398f4..3b190baa5e 100644
|
||||||
|
--- a/test/provider_pkey_test.c
|
||||||
|
+++ b/test/provider_pkey_test.c
|
||||||
|
@@ -176,6 +176,67 @@ end:
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static int test_pkey_eq(void)
|
||||||
|
+{
|
||||||
|
+ OSSL_PROVIDER *deflt = NULL;
|
||||||
|
+ OSSL_PROVIDER *fake_rsa = NULL;
|
||||||
|
+ EVP_PKEY *pkey_fake = NULL;
|
||||||
|
+ EVP_PKEY *pkey_dflt = NULL;
|
||||||
|
+ EVP_PKEY_CTX *ctx = NULL;
|
||||||
|
+ OSSL_PARAM *params = NULL;
|
||||||
|
+ int ret = 0;
|
||||||
|
+
|
||||||
|
+ if (!TEST_ptr(fake_rsa = fake_rsa_start(libctx)))
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ if (!TEST_ptr(deflt = OSSL_PROVIDER_load(libctx, "default")))
|
||||||
|
+ goto end;
|
||||||
|
+
|
||||||
|
+ /* Construct a public key for fake-rsa */
|
||||||
|
+ if (!TEST_ptr(params = fake_rsa_key_params(0))
|
||||||
|
+ || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA",
|
||||||
|
+ "provider=fake-rsa"))
|
||||||
|
+ || !TEST_true(EVP_PKEY_fromdata_init(ctx))
|
||||||
|
+ || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_fake, EVP_PKEY_PUBLIC_KEY,
|
||||||
|
+ params))
|
||||||
|
+ || !TEST_ptr(pkey_fake))
|
||||||
|
+ goto end;
|
||||||
|
+
|
||||||
|
+ EVP_PKEY_CTX_free(ctx);
|
||||||
|
+ ctx = NULL;
|
||||||
|
+ OSSL_PARAM_free(params);
|
||||||
|
+ params = NULL;
|
||||||
|
+
|
||||||
|
+ /* Construct a public key for default */
|
||||||
|
+ if (!TEST_ptr(params = fake_rsa_key_params(0))
|
||||||
|
+ || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA",
|
||||||
|
+ "provider=default"))
|
||||||
|
+ || !TEST_true(EVP_PKEY_fromdata_init(ctx))
|
||||||
|
+ || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_dflt, EVP_PKEY_PUBLIC_KEY,
|
||||||
|
+ params))
|
||||||
|
+ || !TEST_ptr(pkey_dflt))
|
||||||
|
+ goto end;
|
||||||
|
+
|
||||||
|
+ EVP_PKEY_CTX_free(ctx);
|
||||||
|
+ ctx = NULL;
|
||||||
|
+ OSSL_PARAM_free(params);
|
||||||
|
+ params = NULL;
|
||||||
|
+
|
||||||
|
+ /* now test for equality */
|
||||||
|
+ if (!TEST_int_eq(EVP_PKEY_eq(pkey_fake, pkey_dflt), 1))
|
||||||
|
+ goto end;
|
||||||
|
+
|
||||||
|
+ ret = 1;
|
||||||
|
+end:
|
||||||
|
+ fake_rsa_finish(fake_rsa);
|
||||||
|
+ OSSL_PROVIDER_unload(deflt);
|
||||||
|
+ EVP_PKEY_CTX_free(ctx);
|
||||||
|
+ EVP_PKEY_free(pkey_fake);
|
||||||
|
+ EVP_PKEY_free(pkey_dflt);
|
||||||
|
+ OSSL_PARAM_free(params);
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static int test_pkey_store(int idx)
|
||||||
|
{
|
||||||
|
OSSL_PROVIDER *deflt = NULL;
|
||||||
|
@@ -235,6 +296,7 @@ int setup_tests(void)
|
||||||
|
|
||||||
|
ADD_TEST(test_pkey_sig);
|
||||||
|
ADD_TEST(test_alternative_keygen_init);
|
||||||
|
+ ADD_TEST(test_pkey_eq);
|
||||||
|
ADD_ALL_TESTS(test_pkey_store, 2);
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
||||||
|
From 2fea56832780248af2aba2e4433ece2d18428515 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simo Sorce <simo@redhat.com>
|
||||||
|
Date: Mon, 14 Nov 2022 10:25:15 -0500
|
||||||
|
Subject: [PATCH] Drop explicit check for engines in opt_legacy_okay
|
||||||
|
|
||||||
|
The providers indication should always indicate that this is not a
|
||||||
|
legacy request.
|
||||||
|
This makes a check for engines redundant as the default return is that
|
||||||
|
legacy is ok if there are no explicit providers.
|
||||||
|
|
||||||
|
Fixes #19662
|
||||||
|
|
||||||
|
Signed-off-by: Simo Sorce <simo@redhat.com>
|
||||||
|
|
||||||
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||||
|
(Merged from https://github.com/openssl/openssl/pull/19671)
|
||||||
|
---
|
||||||
|
apps/lib/apps.c | 8 --------
|
||||||
|
test/recipes/20-test_legacy_okay.t | 23 +++++++++++++++++++++++
|
||||||
|
2 files changed, 23 insertions(+), 8 deletions(-)
|
||||||
|
create mode 100755 test/recipes/20-test_legacy_okay.t
|
||||||
|
|
||||||
|
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
|
||||||
|
index 3d52e030ab7e258f9cd983b2d9755d954cb3aee5..bbe0d009efb35fcf1a902c86cbddc61e657e57f1 100644
|
||||||
|
--- a/apps/lib/apps.c
|
||||||
|
+++ b/apps/lib/apps.c
|
||||||
|
@@ -3405,14 +3405,6 @@ int opt_legacy_okay(void)
|
||||||
|
{
|
||||||
|
int provider_options = opt_provider_option_given();
|
||||||
|
int libctx = app_get0_libctx() != NULL || app_get0_propq() != NULL;
|
||||||
|
-#ifndef OPENSSL_NO_ENGINE
|
||||||
|
- ENGINE *e = ENGINE_get_first();
|
||||||
|
-
|
||||||
|
- if (e != NULL) {
|
||||||
|
- ENGINE_free(e);
|
||||||
|
- return 1;
|
||||||
|
- }
|
||||||
|
-#endif
|
||||||
|
/*
|
||||||
|
* Having a provider option specified or a custom library context or
|
||||||
|
* property query, is a sure sign we're not using legacy.
|
||||||
|
diff --git a/test/recipes/20-test_legacy_okay.t b/test/recipes/20-test_legacy_okay.t
|
||||||
|
new file mode 100755
|
||||||
|
index 0000000000000000000000000000000000000000..183499f3fd93f97e8a4a30681a9f383d2f6e0c56
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/recipes/20-test_legacy_okay.t
|
||||||
|
@@ -0,0 +1,23 @@
|
||||||
|
+#! /usr/bin/env perl
|
||||||
|
+# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
+#
|
||||||
|
+# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
|
+# this file except in compliance with the License. You can obtain a copy
|
||||||
|
+# in the file LICENSE in the source distribution or at
|
||||||
|
+# https://www.openssl.org/source/license.html
|
||||||
|
+
|
||||||
|
+use strict;
|
||||||
|
+use warnings;
|
||||||
|
+
|
||||||
|
+use OpenSSL::Test;
|
||||||
|
+
|
||||||
|
+setup("test_legacy");
|
||||||
|
+
|
||||||
|
+plan tests => 3;
|
||||||
|
+
|
||||||
|
+ok(run(app(['openssl', 'rand', '-out', 'rand.txt', '256'])), "Generate random file");
|
||||||
|
+
|
||||||
|
+ok(run(app(['openssl', 'dgst', '-sha256', 'rand.txt'])), "Generate a digest");
|
||||||
|
+
|
||||||
|
+ok(!run(app(['openssl', 'dgst', '-sha256', '-propquery', 'foo=1',
|
||||||
|
+ 'rand.txt'])), "Fail to generate a digest");
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
281
SOURCES/0101-CVE-2022-4203-nc-match.patch
Normal file
281
SOURCES/0101-CVE-2022-4203-nc-match.patch
Normal file
@ -0,0 +1,281 @@
|
|||||||
|
From c927a3492698c254637da836762f9b1f86cffabc Mon Sep 17 00:00:00 2001
|
||||||
|
From: Viktor Dukhovni <openssl-users@dukhovni.org>
|
||||||
|
Date: Tue, 13 Dec 2022 08:49:13 +0100
|
||||||
|
Subject: [PATCH 01/18] Fix type confusion in nc_match_single()
|
||||||
|
|
||||||
|
This function assumes that if the "gen" is an OtherName, then the "base"
|
||||||
|
is a rfc822Name constraint. This assumption is not true in all cases.
|
||||||
|
If the end-entity certificate contains an OtherName SAN of any type besides
|
||||||
|
SmtpUtf8Mailbox and the CA certificate contains a name constraint of
|
||||||
|
OtherName (of any type), then "nc_email_eai" will be invoked, with the
|
||||||
|
OTHERNAME "base" being incorrectly interpreted as a ASN1_IA5STRING.
|
||||||
|
|
||||||
|
Reported by Corey Bonnell from Digicert.
|
||||||
|
|
||||||
|
CVE-2022-4203
|
||||||
|
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
||||||
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||||
|
---
|
||||||
|
crypto/x509/v3_ncons.c | 45 +++++++++++++++++++++++++++++-------------
|
||||||
|
1 file changed, 31 insertions(+), 14 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c
|
||||||
|
index 70a7e8304e..5101598512 100644
|
||||||
|
--- a/crypto/x509/v3_ncons.c
|
||||||
|
+++ b/crypto/x509/v3_ncons.c
|
||||||
|
@@ -31,7 +31,8 @@ static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
|
||||||
|
static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
|
||||||
|
|
||||||
|
static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
|
||||||
|
-static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen);
|
||||||
|
+static int nc_match_single(int effective_type, GENERAL_NAME *sub,
|
||||||
|
+ GENERAL_NAME *gen);
|
||||||
|
static int nc_dn(const X509_NAME *sub, const X509_NAME *nm);
|
||||||
|
static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns);
|
||||||
|
static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml);
|
||||||
|
@@ -472,14 +473,17 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
|
||||||
|
{
|
||||||
|
GENERAL_SUBTREE *sub;
|
||||||
|
int i, r, match = 0;
|
||||||
|
+ int effective_type = gen->type;
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* We need to compare not gen->type field but an "effective" type because
|
||||||
|
* the otherName field may contain EAI email address treated specially
|
||||||
|
* according to RFC 8398, section 6
|
||||||
|
*/
|
||||||
|
- int effective_type = ((gen->type == GEN_OTHERNAME) &&
|
||||||
|
- (OBJ_obj2nid(gen->d.otherName->type_id) ==
|
||||||
|
- NID_id_on_SmtpUTF8Mailbox)) ? GEN_EMAIL : gen->type;
|
||||||
|
+ if (effective_type == GEN_OTHERNAME &&
|
||||||
|
+ (OBJ_obj2nid(gen->d.otherName->type_id) == NID_id_on_SmtpUTF8Mailbox)) {
|
||||||
|
+ effective_type = GEN_EMAIL;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Permitted subtrees: if any subtrees exist of matching the type at
|
||||||
|
@@ -488,7 +492,10 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
|
||||||
|
|
||||||
|
for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) {
|
||||||
|
sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i);
|
||||||
|
- if (effective_type != sub->base->type)
|
||||||
|
+ if (effective_type != sub->base->type
|
||||||
|
+ || (effective_type == GEN_OTHERNAME &&
|
||||||
|
+ OBJ_cmp(gen->d.otherName->type_id,
|
||||||
|
+ sub->base->d.otherName->type_id) != 0))
|
||||||
|
continue;
|
||||||
|
if (!nc_minmax_valid(sub))
|
||||||
|
return X509_V_ERR_SUBTREE_MINMAX;
|
||||||
|
@@ -497,7 +504,7 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
|
||||||
|
continue;
|
||||||
|
if (match == 0)
|
||||||
|
match = 1;
|
||||||
|
- r = nc_match_single(gen, sub->base);
|
||||||
|
+ r = nc_match_single(effective_type, gen, sub->base);
|
||||||
|
if (r == X509_V_OK)
|
||||||
|
match = 2;
|
||||||
|
else if (r != X509_V_ERR_PERMITTED_VIOLATION)
|
||||||
|
@@ -511,12 +518,15 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
|
||||||
|
|
||||||
|
for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) {
|
||||||
|
sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i);
|
||||||
|
- if (effective_type != sub->base->type)
|
||||||
|
+ if (effective_type != sub->base->type
|
||||||
|
+ || (effective_type == GEN_OTHERNAME &&
|
||||||
|
+ OBJ_cmp(gen->d.otherName->type_id,
|
||||||
|
+ sub->base->d.otherName->type_id) != 0))
|
||||||
|
continue;
|
||||||
|
if (!nc_minmax_valid(sub))
|
||||||
|
return X509_V_ERR_SUBTREE_MINMAX;
|
||||||
|
|
||||||
|
- r = nc_match_single(gen, sub->base);
|
||||||
|
+ r = nc_match_single(effective_type, gen, sub->base);
|
||||||
|
if (r == X509_V_OK)
|
||||||
|
return X509_V_ERR_EXCLUDED_VIOLATION;
|
||||||
|
else if (r != X509_V_ERR_PERMITTED_VIOLATION)
|
||||||
|
@@ -528,15 +538,22 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
-static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
|
||||||
|
+static int nc_match_single(int effective_type, GENERAL_NAME *gen,
|
||||||
|
+ GENERAL_NAME *base)
|
||||||
|
{
|
||||||
|
switch (gen->type) {
|
||||||
|
case GEN_OTHERNAME:
|
||||||
|
- /*
|
||||||
|
- * We are here only when we have SmtpUTF8 name,
|
||||||
|
- * so we match the value of othername with base->d.rfc822Name
|
||||||
|
- */
|
||||||
|
- return nc_email_eai(gen->d.otherName->value, base->d.rfc822Name);
|
||||||
|
+ switch (effective_type) {
|
||||||
|
+ case GEN_EMAIL:
|
||||||
|
+ /*
|
||||||
|
+ * We are here only when we have SmtpUTF8 name,
|
||||||
|
+ * so we match the value of othername with base->d.rfc822Name
|
||||||
|
+ */
|
||||||
|
+ return nc_email_eai(gen->d.otherName->value, base->d.rfc822Name);
|
||||||
|
+
|
||||||
|
+ default:
|
||||||
|
+ return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
case GEN_DIRNAME:
|
||||||
|
return nc_dn(gen->d.directoryName, base->d.directoryName);
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
||||||
|
From fe6842f5a5dc2fb66da7fb24bf4343a3aeedd50a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Mraz <tomas@openssl.org>
|
||||||
|
Date: Tue, 13 Dec 2022 19:45:09 +0100
|
||||||
|
Subject: [PATCH 02/18] Add testcase for nc_match_single type confusion
|
||||||
|
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
||||||
|
---
|
||||||
|
test/certs/bad-othername-cert.pem | 20 ++++++++++++++++++++
|
||||||
|
test/certs/nccaothername-cert.pem | 20 ++++++++++++++++++++
|
||||||
|
test/certs/nccaothername-key.pem | 28 ++++++++++++++++++++++++++++
|
||||||
|
test/certs/setup.sh | 11 +++++++++++
|
||||||
|
test/recipes/25-test_verify.t | 5 ++++-
|
||||||
|
5 files changed, 83 insertions(+), 1 deletion(-)
|
||||||
|
create mode 100644 test/certs/bad-othername-cert.pem
|
||||||
|
create mode 100644 test/certs/nccaothername-cert.pem
|
||||||
|
create mode 100644 test/certs/nccaothername-key.pem
|
||||||
|
|
||||||
|
diff --git a/test/certs/bad-othername-cert.pem b/test/certs/bad-othername-cert.pem
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..cf279de5ea
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/certs/bad-othername-cert.pem
|
||||||
|
@@ -0,0 +1,20 @@
|
||||||
|
+-----BEGIN CERTIFICATE-----
|
||||||
|
+MIIDRDCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRUZXN0
|
||||||
|
+IE5DIENBIG90aGVybmFtZTAgFw0yMjEyMTMxODMzMTZaGA8yMTIyMTIxNDE4MzMx
|
||||||
|
+NlowMTEvMC0GA1UECgwmTkMgZW1haWwgaW4gb3RoZXJuYW1lIFRlc3QgQ2VydGlm
|
||||||
|
+aWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPgeoakqHk1zYt
|
||||||
|
+JZpEC0qkJPU/X0lfI+6GY2LHFY9KOSFqqmTXxrUtjQc3SdpQvBZhPuMZ8p82Jid2
|
||||||
|
+kkRHnWs0uqX9NtLO923yQalYvP6Mt3fokcYgw/C9b+I/q1PKUyN0kPB6McROguD5
|
||||||
|
+Jz2DcEufJBhbpyay1bFjEI2DAQJKDP/U7uH0EA7kH/27UMk0vfvL5uVjDvlo8i6S
|
||||||
|
+Ul8+u0cDV5ZFJW2VAJKLU3wp6IY4fZl9UqkHZuRQpMJGqAjAleWOIEpyyvfGGh0b
|
||||||
|
+75n3GJ+4YZ7CIBEgY7K0nIbKxtcDZPvmtbYg3g1tkPMTHcodFT7yEdqkBTJ5AGL7
|
||||||
|
+6U850OhjAgMBAAGjdzB1MB0GA1UdDgQWBBTBz0k+q6d4c3aM+s2IyOF/QP6zCTAf
|
||||||
|
+BgNVHSMEGDAWgBTwhghX7uNdMejZ3f4XorqOQoMqwTAJBgNVHRMEAjAAMCgGA1Ud
|
||||||
|
+EQQhMB+gHQYIKwYBBQUHCAegEQwPZm9vQGV4YW1wbGUub3JnMA0GCSqGSIb3DQEB
|
||||||
|
+CwUAA4IBAQAhxbCEVH8pq0aUMaLWaodyXdCqA0AKTFG6Mz9Rpwn89OwC8FylTEru
|
||||||
|
+t+Bqx/ZuTo8YzON8h9m7DIrQIjZKDLW/g5YbvIsxIVV9gWhAGohdsIyMKRBepSmr
|
||||||
|
+NxJQkO74RLBTamfl0WUCVM4HqroflFjBBG67CTJaQ9cH9ug3TKxaXCK1L6iQAXtq
|
||||||
|
+enILGai98Byo0LCFH4MQOhmhV1BDT2boIG/iYb5VKCTSX25vhaF+PNBhUoysjW0O
|
||||||
|
+vhQX8vrw42QRr4Qi7VfUBXzrbRTzxjOc4yqki7h2DcEdpginqe+aGyaFY+H9m/ka
|
||||||
|
+1AR5KN8h5SYKltSXknjs0pp1w4k49aHl
|
||||||
|
+-----END CERTIFICATE-----
|
||||||
|
diff --git a/test/certs/nccaothername-cert.pem b/test/certs/nccaothername-cert.pem
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..f9b9b07b80
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/certs/nccaothername-cert.pem
|
||||||
|
@@ -0,0 +1,20 @@
|
||||||
|
+-----BEGIN CERTIFICATE-----
|
||||||
|
+MIIDPjCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
|
||||||
|
+IENBMCAXDTIyMTIxMzE4MTgwM1oYDzIxMjIxMjE0MTgxODAzWjAfMR0wGwYDVQQD
|
||||||
|
+DBRUZXN0IE5DIENBIG90aGVybmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
|
||||||
|
+AQoCggEBAN0Dx+ei8CgtRKnDcYiLwX4vrA48at/o/zfX24X/WZZM1o9HUKo1FQBN
|
||||||
|
+vhESJu+gqPxuIePrk+/L25XdRqwCKk8wkWX0XIz18q5orOHUUFAWNK3g0FDj6N8H
|
||||||
|
+d8urNIbDJ44FCx+/0n8Ppiht/EYN3aVOW5enqbgZ+EEt+3AUG6ibieRdGri9g4oh
|
||||||
|
+IIx60MmVHLbuT/TcVZxaeWyTl6iWmsYosUyqlhTtu1uGtbVtkCAhBYloVvz4J5eA
|
||||||
|
+mVu/JuJbsNxbxVeO9Q8Kj6nb4jPPdGvZ3JPcabbWrz5LwaereBf5IPrXEVdQTlYB
|
||||||
|
+gI0pTz2CEDHSIrd7jzRUX/9EC2gMk6UCAwEAAaOBjzCBjDAPBgNVHRMBAf8EBTAD
|
||||||
|
+AQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU8IYIV+7jXTHo2d3+F6K6jkKDKsEw
|
||||||
|
+HwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwLAYDVR0eBCUwI6EhMB+g
|
||||||
|
+HQYIKwYBBQUHCAegEQwPZm9vQGV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4IB
|
||||||
|
+AQDPI5uZd8DhSNKMvYF5bxOshd6h6UJ7YzZS7K6fhiygltdqzkHQ/5+4yiuUkDe4
|
||||||
|
+hOZlH8MCfXQy5jVZDTk24yNchpdfie5Bswn4SmQVQh3QyzOLxizoh0rLCf2PHueu
|
||||||
|
+dNVNhfiiJNJ5kd8MIuVG7CPK68dP0QrVR+DihROuJgvGB3ClKttLrgle19t4PFRR
|
||||||
|
+2wW6hJT9aXEjzLNyN1QFZKoShuiGX4xwjZh7VyKkV64p8hjojhcLk6dQkel+Jw4y
|
||||||
|
+OP26XbVfM8/6KG8f6WAZ8P0qJwHlhmi0EvRTnEpAM8WuenOeZH6ERZ9uZbRGh6xx
|
||||||
|
+LKQu2Aw2+bOEZ2vUtz0dBhX8
|
||||||
|
+-----END CERTIFICATE-----
|
||||||
|
diff --git a/test/certs/nccaothername-key.pem b/test/certs/nccaothername-key.pem
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..d3e300ac2f
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/certs/nccaothername-key.pem
|
||||||
|
@@ -0,0 +1,28 @@
|
||||||
|
+-----BEGIN PRIVATE KEY-----
|
||||||
|
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDdA8fnovAoLUSp
|
||||||
|
+w3GIi8F+L6wOPGrf6P8319uF/1mWTNaPR1CqNRUATb4REibvoKj8biHj65Pvy9uV
|
||||||
|
+3UasAipPMJFl9FyM9fKuaKzh1FBQFjSt4NBQ4+jfB3fLqzSGwyeOBQsfv9J/D6Yo
|
||||||
|
+bfxGDd2lTluXp6m4GfhBLftwFBuom4nkXRq4vYOKISCMetDJlRy27k/03FWcWnls
|
||||||
|
+k5eolprGKLFMqpYU7btbhrW1bZAgIQWJaFb8+CeXgJlbvybiW7DcW8VXjvUPCo+p
|
||||||
|
+2+Izz3Rr2dyT3Gm21q8+S8Gnq3gX+SD61xFXUE5WAYCNKU89ghAx0iK3e480VF//
|
||||||
|
+RAtoDJOlAgMBAAECggEAMFSJlCyEFlER3Qq9asXe9eRgXEuXdmfZ2aEVIuf8M/sR
|
||||||
|
+B0tpxxKtCUA24j5FL+0CzxKZTCFBnDRIzCyTbf1aOa9t+CzXyUZmP3/p4EdgmabF
|
||||||
|
+dcl93FZ+X7kfF/VUGu0Vmv+c12BH3Fu0cs5cVohlMecg7diu6zCYok43F+L5ymRy
|
||||||
|
+2mTcKkGc0ShWizj8Z9R3WJGssZOlxbxa/Zr4rZwRC24UVhfN8AfGWYx/StyQPQIw
|
||||||
|
+gtbbtOmwbyredQmY4jwNqgrnfZS9bkWwJbRuCmD5l7lxubBgcHQpoM+DQVeOLZIq
|
||||||
|
+uksFXeNfal9G5Bo747MMzpD7dJMCGmX+gbMY5oZF+QKBgQDs2MbY4nbxi+fV+KuV
|
||||||
|
+zUvis8m8Lpzf3T6NLkgSkUPRN9tGr95iLIrB/bRPJg5Ne02q/cT7d86B9rpE42w7
|
||||||
|
+eeIF9fANezX2AF8LUqNZhIR23J3tfB/eqGlJRZeMNia+lD09a7SWGwrS7sufY1I+
|
||||||
|
+JQGcHx77ntt+eQT1MUJ1skF06QKBgQDu4z+TW4QIA5ItxIReVdcfh5e3xLkzDEVP
|
||||||
|
+3KNo9tpXxvPwqapdeBh6c9z4Lqe3MKr5UPlDvVW+o40t6OjKxDCXczB8+JAM0OyX
|
||||||
|
+8V+K3zXXUxRgieSd3oMncTylSWIvouPP3aW37B67TKdRlRHgaBrpJT2wdk3kYR4t
|
||||||
|
+62J1eDdjXQKBgQDMsY0pZI/nskJrar7geM1c4IU5Xg+2aj/lRFqFsYYrC1s3fEd2
|
||||||
|
+EYjan6l1vi4eSLKXVTspGiIfsFzLrMGdpXjyLduJyzKXqTp7TrBebWkOUR0sYloo
|
||||||
|
+1OQprzuKskJJ81P6AVvRXw27vyW8Wtp5WwJJK5xbWq/YXj8qqagGkEiCAQKBgQCc
|
||||||
|
+RK3XAFurPmLGa7JHX5Hc/z8BKMAZo6JHrsZ6qFiGaRA0U1it0hz5JYfcFfECheSi
|
||||||
|
+ORUF+fn4PlbhPGXkFljPCbwjVBovOBA9CNl+J6u50pAW4r1ZhDB5gbqxSQLgtIaf
|
||||||
|
++JcqbFxiG6+sT36lNJS+BO2I3KrxhZJPaZY7z8szxQKBgQDRy70XzwOk8jXayiF2
|
||||||
|
+ej2IN7Ow9cgSE4tLEwR/vCjxvOlWhA3jC3wxoggshGJkpbP3DqLkQtwQm0h1lM8J
|
||||||
|
+QNtFwKzjtpf//bTlfFq08/YxWimTPMqzcV2PgRacB8P3yf1r8T7M4fA5TORCDWpW
|
||||||
|
+5FtOCFEmwQHTR8lu4c63qfxkEQ==
|
||||||
|
+-----END PRIVATE KEY-----
|
||||||
|
diff --git a/test/certs/setup.sh b/test/certs/setup.sh
|
||||||
|
index b9766aab20..2240cd9df0 100755
|
||||||
|
--- a/test/certs/setup.sh
|
||||||
|
+++ b/test/certs/setup.sh
|
||||||
|
@@ -388,6 +388,17 @@ REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \
|
||||||
|
"email.1 = good@good.org" "email.2 = any@good.com" \
|
||||||
|
"IP = 127.0.0.1" "IP = 192.168.0.1"
|
||||||
|
|
||||||
|
+# Certs for CVE-2022-4203 testcase
|
||||||
|
+
|
||||||
|
+NC="excluded;otherName:SRVName;UTF8STRING:foo@example.org" ./mkcert.sh genca \
|
||||||
|
+ "Test NC CA othername" nccaothername-key nccaothername-cert \
|
||||||
|
+ root-key root-cert
|
||||||
|
+
|
||||||
|
+./mkcert.sh req alt-email-key "O = NC email in othername Test Certificate" | \
|
||||||
|
+ ./mkcert.sh geneealt bad-othername-key bad-othername-cert \
|
||||||
|
+ nccaothername-key nccaothername-cert \
|
||||||
|
+ "otherName.1 = SRVName;UTF8STRING:foo@example.org"
|
||||||
|
+
|
||||||
|
# RSA-PSS signatures
|
||||||
|
# SHA1
|
||||||
|
./mkcert.sh genee PSS-SHA1 ee-key ee-pss-sha1-cert ca-key ca-cert \
|
||||||
|
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
|
||||||
|
index 4613489f57..e6a2bca731 100644
|
||||||
|
--- a/test/recipes/25-test_verify.t
|
||||||
|
+++ b/test/recipes/25-test_verify.t
|
||||||
|
@@ -29,7 +29,7 @@ sub verify {
|
||||||
|
run(app([@args]));
|
||||||
|
}
|
||||||
|
|
||||||
|
-plan tests => 162;
|
||||||
|
+plan tests => 163;
|
||||||
|
|
||||||
|
# Canonical success
|
||||||
|
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
|
||||||
|
@@ -402,6 +402,9 @@ ok(!verify("badalt9-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
|
||||||
|
ok(!verify("badalt10-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
|
||||||
|
"Name constraints nested DNS name excluded");
|
||||||
|
|
||||||
|
+ok(!verify("bad-othername-cert", "", ["root-cert"], ["nccaothername-cert"], ),
|
||||||
|
+ "CVE-2022-4203 type confusion test");
|
||||||
|
+
|
||||||
|
#Check that we get the expected failure return code
|
||||||
|
with({ exit_checker => sub { return shift == 2; } },
|
||||||
|
sub {
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
750
SOURCES/0102-CVE-2022-4304-RSA-time-oracle.patch
Normal file
750
SOURCES/0102-CVE-2022-4304-RSA-time-oracle.patch
Normal file
@ -0,0 +1,750 @@
|
|||||||
|
From 8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||||
|
Date: Fri, 20 Jan 2023 15:03:40 +0000
|
||||||
|
Subject: [PATCH 03/18] Fix Timing Oracle in RSA decryption
|
||||||
|
|
||||||
|
A timing based side channel exists in the OpenSSL RSA Decryption
|
||||||
|
implementation which could be sufficient to recover a plaintext across
|
||||||
|
a network in a Bleichenbacher style attack. To achieve a successful
|
||||||
|
decryption an attacker would have to be able to send a very large number
|
||||||
|
of trial messages for decryption. The vulnerability affects all RSA
|
||||||
|
padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
|
||||||
|
|
||||||
|
Patch written by Dmitry Belyavsky and Hubert Kario
|
||||||
|
|
||||||
|
CVE-2022-4304
|
||||||
|
|
||||||
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||||
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||||
|
---
|
||||||
|
crypto/bn/bn_blind.c | 14 -
|
||||||
|
crypto/bn/bn_local.h | 14 +
|
||||||
|
crypto/bn/build.info | 2 +-
|
||||||
|
crypto/bn/rsa_sup_mul.c | 604 ++++++++++++++++++++++++++++++++++++++++
|
||||||
|
crypto/rsa/rsa_ossl.c | 19 +-
|
||||||
|
include/crypto/bn.h | 6 +
|
||||||
|
6 files changed, 638 insertions(+), 21 deletions(-)
|
||||||
|
create mode 100644 crypto/bn/rsa_sup_mul.c
|
||||||
|
|
||||||
|
diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
|
||||||
|
index 72457b34cf..6061ebb4c0 100644
|
||||||
|
--- a/crypto/bn/bn_blind.c
|
||||||
|
+++ b/crypto/bn/bn_blind.c
|
||||||
|
@@ -13,20 +13,6 @@
|
||||||
|
|
||||||
|
#define BN_BLINDING_COUNTER 32
|
||||||
|
|
||||||
|
-struct bn_blinding_st {
|
||||||
|
- BIGNUM *A;
|
||||||
|
- BIGNUM *Ai;
|
||||||
|
- BIGNUM *e;
|
||||||
|
- BIGNUM *mod; /* just a reference */
|
||||||
|
- CRYPTO_THREAD_ID tid;
|
||||||
|
- int counter;
|
||||||
|
- unsigned long flags;
|
||||||
|
- BN_MONT_CTX *m_ctx;
|
||||||
|
- int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||||
|
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
|
||||||
|
- CRYPTO_RWLOCK *lock;
|
||||||
|
-};
|
||||||
|
-
|
||||||
|
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
|
||||||
|
{
|
||||||
|
BN_BLINDING *ret = NULL;
|
||||||
|
diff --git a/crypto/bn/bn_local.h b/crypto/bn/bn_local.h
|
||||||
|
index c9a7ecf298..8c428f919d 100644
|
||||||
|
--- a/crypto/bn/bn_local.h
|
||||||
|
+++ b/crypto/bn/bn_local.h
|
||||||
|
@@ -290,6 +290,20 @@ struct bn_gencb_st {
|
||||||
|
} cb;
|
||||||
|
};
|
||||||
|
|
||||||
|
+struct bn_blinding_st {
|
||||||
|
+ BIGNUM *A;
|
||||||
|
+ BIGNUM *Ai;
|
||||||
|
+ BIGNUM *e;
|
||||||
|
+ BIGNUM *mod; /* just a reference */
|
||||||
|
+ CRYPTO_THREAD_ID tid;
|
||||||
|
+ int counter;
|
||||||
|
+ unsigned long flags;
|
||||||
|
+ BN_MONT_CTX *m_ctx;
|
||||||
|
+ int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||||
|
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
|
||||||
|
+ CRYPTO_RWLOCK *lock;
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
/*-
|
||||||
|
* BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
|
||||||
|
*
|
||||||
|
diff --git a/crypto/bn/build.info b/crypto/bn/build.info
|
||||||
|
index c4ba51b265..f4ff619239 100644
|
||||||
|
--- a/crypto/bn/build.info
|
||||||
|
+++ b/crypto/bn/build.info
|
||||||
|
@@ -105,7 +105,7 @@ $COMMON=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \
|
||||||
|
bn_mod.c bn_conv.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
|
||||||
|
bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c \
|
||||||
|
bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
|
||||||
|
- bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c
|
||||||
|
+ bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c rsa_sup_mul.c
|
||||||
|
SOURCE[../../libcrypto]=$COMMON $BNASM bn_print.c bn_err.c bn_srp.c
|
||||||
|
DEFINE[../../libcrypto]=$BNDEF
|
||||||
|
IF[{- !$disabled{'deprecated-0.9.8'} -}]
|
||||||
|
diff --git a/crypto/bn/rsa_sup_mul.c b/crypto/bn/rsa_sup_mul.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..0e0d02e194
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/crypto/bn/rsa_sup_mul.c
|
||||||
|
@@ -0,0 +1,604 @@
|
||||||
|
+#include <openssl/e_os2.h>
|
||||||
|
+#include <stddef.h>
|
||||||
|
+#include <sys/types.h>
|
||||||
|
+#include <string.h>
|
||||||
|
+#include <openssl/bn.h>
|
||||||
|
+#include <openssl/err.h>
|
||||||
|
+#include <openssl/rsaerr.h>
|
||||||
|
+#include "internal/endian.h"
|
||||||
|
+#include "internal/numbers.h"
|
||||||
|
+#include "internal/constant_time.h"
|
||||||
|
+#include "bn_local.h"
|
||||||
|
+
|
||||||
|
+# if BN_BYTES == 8
|
||||||
|
+typedef uint64_t limb_t;
|
||||||
|
+# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16
|
||||||
|
+typedef uint128_t limb2_t;
|
||||||
|
+# define HAVE_LIMB2_T
|
||||||
|
+# endif
|
||||||
|
+# define LIMB_BIT_SIZE 64
|
||||||
|
+# define LIMB_BYTE_SIZE 8
|
||||||
|
+# elif BN_BYTES == 4
|
||||||
|
+typedef uint32_t limb_t;
|
||||||
|
+typedef uint64_t limb2_t;
|
||||||
|
+# define LIMB_BIT_SIZE 32
|
||||||
|
+# define LIMB_BYTE_SIZE 4
|
||||||
|
+# define HAVE_LIMB2_T
|
||||||
|
+# else
|
||||||
|
+# error "Not supported"
|
||||||
|
+# endif
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * For multiplication we're using schoolbook multiplication,
|
||||||
|
+ * so if we have two numbers, each with 6 "digits" (words)
|
||||||
|
+ * the multiplication is calculated as follows:
|
||||||
|
+ * A B C D E F
|
||||||
|
+ * x I J K L M N
|
||||||
|
+ * --------------
|
||||||
|
+ * N*F
|
||||||
|
+ * N*E
|
||||||
|
+ * N*D
|
||||||
|
+ * N*C
|
||||||
|
+ * N*B
|
||||||
|
+ * N*A
|
||||||
|
+ * M*F
|
||||||
|
+ * M*E
|
||||||
|
+ * M*D
|
||||||
|
+ * M*C
|
||||||
|
+ * M*B
|
||||||
|
+ * M*A
|
||||||
|
+ * L*F
|
||||||
|
+ * L*E
|
||||||
|
+ * L*D
|
||||||
|
+ * L*C
|
||||||
|
+ * L*B
|
||||||
|
+ * L*A
|
||||||
|
+ * K*F
|
||||||
|
+ * K*E
|
||||||
|
+ * K*D
|
||||||
|
+ * K*C
|
||||||
|
+ * K*B
|
||||||
|
+ * K*A
|
||||||
|
+ * J*F
|
||||||
|
+ * J*E
|
||||||
|
+ * J*D
|
||||||
|
+ * J*C
|
||||||
|
+ * J*B
|
||||||
|
+ * J*A
|
||||||
|
+ * I*F
|
||||||
|
+ * I*E
|
||||||
|
+ * I*D
|
||||||
|
+ * I*C
|
||||||
|
+ * I*B
|
||||||
|
+ * + I*A
|
||||||
|
+ * ==========================
|
||||||
|
+ * N*B N*D N*F
|
||||||
|
+ * + N*A N*C N*E
|
||||||
|
+ * + M*B M*D M*F
|
||||||
|
+ * + M*A M*C M*E
|
||||||
|
+ * + L*B L*D L*F
|
||||||
|
+ * + L*A L*C L*E
|
||||||
|
+ * + K*B K*D K*F
|
||||||
|
+ * + K*A K*C K*E
|
||||||
|
+ * + J*B J*D J*F
|
||||||
|
+ * + J*A J*C J*E
|
||||||
|
+ * + I*B I*D I*F
|
||||||
|
+ * + I*A I*C I*E
|
||||||
|
+ *
|
||||||
|
+ * 1+1 1+3 1+5
|
||||||
|
+ * 1+0 1+2 1+4
|
||||||
|
+ * 0+1 0+3 0+5
|
||||||
|
+ * 0+0 0+2 0+4
|
||||||
|
+ *
|
||||||
|
+ * 0 1 2 3 4 5 6
|
||||||
|
+ * which requires n^2 multiplications and 2n full length additions
|
||||||
|
+ * as we can keep every other result of limb multiplication in two separate
|
||||||
|
+ * limbs
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#if defined HAVE_LIMB2_T
|
||||||
|
+static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
|
||||||
|
+{
|
||||||
|
+ limb2_t t;
|
||||||
|
+ /*
|
||||||
|
+ * this is idiomatic code to tell compiler to use the native mul
|
||||||
|
+ * those three lines will actually compile to single instruction
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ t = (limb2_t)a * b;
|
||||||
|
+ *hi = t >> LIMB_BIT_SIZE;
|
||||||
|
+ *lo = (limb_t)t;
|
||||||
|
+}
|
||||||
|
+#elif (BN_BYTES == 8) && (defined _MSC_VER)
|
||||||
|
+/* https://learn.microsoft.com/en-us/cpp/intrinsics/umul128?view=msvc-170 */
|
||||||
|
+#pragma intrinsic(_umul128)
|
||||||
|
+static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
|
||||||
|
+{
|
||||||
|
+ *lo = _umul128(a, b, hi);
|
||||||
|
+}
|
||||||
|
+#else
|
||||||
|
+/*
|
||||||
|
+ * if the compiler doesn't have either a 128bit data type nor a "return
|
||||||
|
+ * high 64 bits of multiplication"
|
||||||
|
+ */
|
||||||
|
+static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
|
||||||
|
+{
|
||||||
|
+ limb_t a_low = (limb_t)(uint32_t)a;
|
||||||
|
+ limb_t a_hi = a >> 32;
|
||||||
|
+ limb_t b_low = (limb_t)(uint32_t)b;
|
||||||
|
+ limb_t b_hi = b >> 32;
|
||||||
|
+
|
||||||
|
+ limb_t p0 = a_low * b_low;
|
||||||
|
+ limb_t p1 = a_low * b_hi;
|
||||||
|
+ limb_t p2 = a_hi * b_low;
|
||||||
|
+ limb_t p3 = a_hi * b_hi;
|
||||||
|
+
|
||||||
|
+ uint32_t cy = (uint32_t)(((p0 >> 32) + (uint32_t)p1 + (uint32_t)p2) >> 32);
|
||||||
|
+
|
||||||
|
+ *lo = p0 + (p1 << 32) + (p2 << 32);
|
||||||
|
+ *hi = p3 + (p1 >> 32) + (p2 >> 32) + cy;
|
||||||
|
+}
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/* add two limbs with carry in, return carry out */
|
||||||
|
+static ossl_inline limb_t _add_limb(limb_t *ret, limb_t a, limb_t b, limb_t carry)
|
||||||
|
+{
|
||||||
|
+ limb_t carry1, carry2, t;
|
||||||
|
+ /*
|
||||||
|
+ * `c = a + b; if (c < a)` is idiomatic code that makes compilers
|
||||||
|
+ * use add with carry on assembly level
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ *ret = a + carry;
|
||||||
|
+ if (*ret < a)
|
||||||
|
+ carry1 = 1;
|
||||||
|
+ else
|
||||||
|
+ carry1 = 0;
|
||||||
|
+
|
||||||
|
+ t = *ret;
|
||||||
|
+ *ret = t + b;
|
||||||
|
+ if (*ret < t)
|
||||||
|
+ carry2 = 1;
|
||||||
|
+ else
|
||||||
|
+ carry2 = 0;
|
||||||
|
+
|
||||||
|
+ return carry1 + carry2;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * add two numbers of the same size, return overflow
|
||||||
|
+ *
|
||||||
|
+ * add a to b, place result in ret; all arrays need to be n limbs long
|
||||||
|
+ * return overflow from addition (0 or 1)
|
||||||
|
+ */
|
||||||
|
+static ossl_inline limb_t add(limb_t *ret, limb_t *a, limb_t *b, size_t n)
|
||||||
|
+{
|
||||||
|
+ limb_t c = 0;
|
||||||
|
+ ossl_ssize_t i;
|
||||||
|
+
|
||||||
|
+ for(i = n - 1; i > -1; i--)
|
||||||
|
+ c = _add_limb(&ret[i], a[i], b[i], c);
|
||||||
|
+
|
||||||
|
+ return c;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * return number of limbs necessary for temporary values
|
||||||
|
+ * when multiplying numbers n limbs large
|
||||||
|
+ */
|
||||||
|
+static ossl_inline size_t mul_limb_numb(size_t n)
|
||||||
|
+{
|
||||||
|
+ return 2 * n * 2;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * multiply two numbers of the same size
|
||||||
|
+ *
|
||||||
|
+ * multiply a by b, place result in ret; a and b need to be n limbs long
|
||||||
|
+ * ret needs to be 2*n limbs long, tmp needs to be mul_limb_numb(n) limbs
|
||||||
|
+ * long
|
||||||
|
+ */
|
||||||
|
+static void limb_mul(limb_t *ret, limb_t *a, limb_t *b, size_t n, limb_t *tmp)
|
||||||
|
+{
|
||||||
|
+ limb_t *r_odd, *r_even;
|
||||||
|
+ size_t i, j, k;
|
||||||
|
+
|
||||||
|
+ r_odd = tmp;
|
||||||
|
+ r_even = &tmp[2 * n];
|
||||||
|
+
|
||||||
|
+ memset(ret, 0, 2 * n * sizeof(limb_t));
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < n; i++) {
|
||||||
|
+ for (k = 0; k < i + n + 1; k++) {
|
||||||
|
+ r_even[k] = 0;
|
||||||
|
+ r_odd[k] = 0;
|
||||||
|
+ }
|
||||||
|
+ for (j = 0; j < n; j++) {
|
||||||
|
+ /*
|
||||||
|
+ * place results from even and odd limbs in separate arrays so that
|
||||||
|
+ * we don't have to calculate overflow every time we get individual
|
||||||
|
+ * limb multiplication result
|
||||||
|
+ */
|
||||||
|
+ if (j % 2 == 0)
|
||||||
|
+ _mul_limb(&r_even[i + j], &r_even[i + j + 1], a[i], b[j]);
|
||||||
|
+ else
|
||||||
|
+ _mul_limb(&r_odd[i + j], &r_odd[i + j + 1], a[i], b[j]);
|
||||||
|
+ }
|
||||||
|
+ /*
|
||||||
|
+ * skip the least significant limbs when adding multiples of
|
||||||
|
+ * more significant limbs (they're zero anyway)
|
||||||
|
+ */
|
||||||
|
+ add(ret, ret, r_even, n + i + 1);
|
||||||
|
+ add(ret, ret, r_odd, n + i + 1);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* modifies the value in place by performing a right shift by one bit */
|
||||||
|
+static ossl_inline void rshift1(limb_t *val, size_t n)
|
||||||
|
+{
|
||||||
|
+ limb_t shift_in = 0, shift_out = 0;
|
||||||
|
+ size_t i;
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < n; i++) {
|
||||||
|
+ shift_out = val[i] & 1;
|
||||||
|
+ val[i] = shift_in << (LIMB_BIT_SIZE - 1) | (val[i] >> 1);
|
||||||
|
+ shift_in = shift_out;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* extend the LSB of flag to all bits of limb */
|
||||||
|
+static ossl_inline limb_t mk_mask(limb_t flag)
|
||||||
|
+{
|
||||||
|
+ flag |= flag << 1;
|
||||||
|
+ flag |= flag << 2;
|
||||||
|
+ flag |= flag << 4;
|
||||||
|
+ flag |= flag << 8;
|
||||||
|
+ flag |= flag << 16;
|
||||||
|
+#if (LIMB_BYTE_SIZE == 8)
|
||||||
|
+ flag |= flag << 32;
|
||||||
|
+#endif
|
||||||
|
+ return flag;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * copy from either a or b to ret based on flag
|
||||||
|
+ * when flag == 0, then copies from b
|
||||||
|
+ * when flag == 1, then copies from a
|
||||||
|
+ */
|
||||||
|
+static ossl_inline void cselect(limb_t flag, limb_t *ret, limb_t *a, limb_t *b, size_t n)
|
||||||
|
+{
|
||||||
|
+ /*
|
||||||
|
+ * would be more efficient with non volatile mask, but then gcc
|
||||||
|
+ * generates code with jumps
|
||||||
|
+ */
|
||||||
|
+ volatile limb_t mask;
|
||||||
|
+ size_t i;
|
||||||
|
+
|
||||||
|
+ mask = mk_mask(flag);
|
||||||
|
+ for (i = 0; i < n; i++) {
|
||||||
|
+#if (LIMB_BYTE_SIZE == 8)
|
||||||
|
+ ret[i] = constant_time_select_64(mask, a[i], b[i]);
|
||||||
|
+#else
|
||||||
|
+ ret[i] = constant_time_select_32(mask, a[i], b[i]);
|
||||||
|
+#endif
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static limb_t _sub_limb(limb_t *ret, limb_t a, limb_t b, limb_t borrow)
|
||||||
|
+{
|
||||||
|
+ limb_t borrow1, borrow2, t;
|
||||||
|
+ /*
|
||||||
|
+ * while it doesn't look constant-time, this is idiomatic code
|
||||||
|
+ * to tell compilers to use the carry bit from subtraction
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ *ret = a - borrow;
|
||||||
|
+ if (*ret > a)
|
||||||
|
+ borrow1 = 1;
|
||||||
|
+ else
|
||||||
|
+ borrow1 = 0;
|
||||||
|
+
|
||||||
|
+ t = *ret;
|
||||||
|
+ *ret = t - b;
|
||||||
|
+ if (*ret > t)
|
||||||
|
+ borrow2 = 1;
|
||||||
|
+ else
|
||||||
|
+ borrow2 = 0;
|
||||||
|
+
|
||||||
|
+ return borrow1 + borrow2;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * place the result of a - b into ret, return the borrow bit.
|
||||||
|
+ * All arrays need to be n limbs long
|
||||||
|
+ */
|
||||||
|
+static limb_t sub(limb_t *ret, limb_t *a, limb_t *b, size_t n)
|
||||||
|
+{
|
||||||
|
+ limb_t borrow = 0;
|
||||||
|
+ ossl_ssize_t i;
|
||||||
|
+
|
||||||
|
+ for (i = n - 1; i > -1; i--)
|
||||||
|
+ borrow = _sub_limb(&ret[i], a[i], b[i], borrow);
|
||||||
|
+
|
||||||
|
+ return borrow;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* return the number of limbs necessary to allocate for the mod() tmp operand */
|
||||||
|
+static ossl_inline size_t mod_limb_numb(size_t anum, size_t modnum)
|
||||||
|
+{
|
||||||
|
+ return (anum + modnum) * 3;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * calculate a % mod, place the result in ret
|
||||||
|
+ * size of a is defined by anum, size of ret and mod is modnum,
|
||||||
|
+ * size of tmp is returned by mod_limb_numb()
|
||||||
|
+ */
|
||||||
|
+static void mod(limb_t *ret, limb_t *a, size_t anum, limb_t *mod,
|
||||||
|
+ size_t modnum, limb_t *tmp)
|
||||||
|
+{
|
||||||
|
+ limb_t *atmp, *modtmp, *rettmp;
|
||||||
|
+ limb_t res;
|
||||||
|
+ size_t i;
|
||||||
|
+
|
||||||
|
+ memset(tmp, 0, mod_limb_numb(anum, modnum) * LIMB_BYTE_SIZE);
|
||||||
|
+
|
||||||
|
+ atmp = tmp;
|
||||||
|
+ modtmp = &tmp[anum + modnum];
|
||||||
|
+ rettmp = &tmp[(anum + modnum) * 2];
|
||||||
|
+
|
||||||
|
+ for (i = modnum; i <modnum + anum; i++)
|
||||||
|
+ atmp[i] = a[i-modnum];
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < modnum; i++)
|
||||||
|
+ modtmp[i] = mod[i];
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < anum * LIMB_BIT_SIZE; i++) {
|
||||||
|
+ rshift1(modtmp, anum + modnum);
|
||||||
|
+ res = sub(rettmp, atmp, modtmp, anum+modnum);
|
||||||
|
+ cselect(res, atmp, atmp, rettmp, anum+modnum);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ memcpy(ret, &atmp[anum], sizeof(limb_t) * modnum);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* necessary size of tmp for a _mul_add_limb() call with provided anum */
|
||||||
|
+static ossl_inline size_t _mul_add_limb_numb(size_t anum)
|
||||||
|
+{
|
||||||
|
+ return 2 * (anum + 1);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* multiply a by m, add to ret, return carry */
|
||||||
|
+static limb_t _mul_add_limb(limb_t *ret, limb_t *a, size_t anum,
|
||||||
|
+ limb_t m, limb_t *tmp)
|
||||||
|
+{
|
||||||
|
+ limb_t carry = 0;
|
||||||
|
+ limb_t *r_odd, *r_even;
|
||||||
|
+ size_t i;
|
||||||
|
+
|
||||||
|
+ memset(tmp, 0, sizeof(limb_t) * (anum + 1) * 2);
|
||||||
|
+
|
||||||
|
+ r_odd = tmp;
|
||||||
|
+ r_even = &tmp[anum + 1];
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < anum; i++) {
|
||||||
|
+ /*
|
||||||
|
+ * place the results from even and odd limbs in separate arrays
|
||||||
|
+ * so that we have to worry about carry just once
|
||||||
|
+ */
|
||||||
|
+ if (i % 2 == 0)
|
||||||
|
+ _mul_limb(&r_even[i], &r_even[i + 1], a[i], m);
|
||||||
|
+ else
|
||||||
|
+ _mul_limb(&r_odd[i], &r_odd[i + 1], a[i], m);
|
||||||
|
+ }
|
||||||
|
+ /* assert: add() carry here will be equal zero */
|
||||||
|
+ add(r_even, r_even, r_odd, anum + 1);
|
||||||
|
+ /*
|
||||||
|
+ * while here it will not overflow as the max value from multiplication
|
||||||
|
+ * is -2 while max overflow from addition is 1, so the max value of
|
||||||
|
+ * carry is -1 (i.e. max int)
|
||||||
|
+ */
|
||||||
|
+ carry = add(ret, ret, &r_even[1], anum) + r_even[0];
|
||||||
|
+
|
||||||
|
+ return carry;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static ossl_inline size_t mod_montgomery_limb_numb(size_t modnum)
|
||||||
|
+{
|
||||||
|
+ return modnum * 2 + _mul_add_limb_numb(modnum);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * calculate a % mod, place result in ret
|
||||||
|
+ * assumes that a is in Montgomery form with the R (Montgomery modulus) being
|
||||||
|
+ * smallest power of two big enough to fit mod and that's also a power
|
||||||
|
+ * of the count of number of bits in limb_t (B).
|
||||||
|
+ * For calculation, we also need n', such that mod * n' == -1 mod B.
|
||||||
|
+ * anum must be <= 2 * modnum
|
||||||
|
+ * ret needs to be modnum words long
|
||||||
|
+ * tmp needs to be mod_montgomery_limb_numb(modnum) limbs long
|
||||||
|
+ */
|
||||||
|
+static void mod_montgomery(limb_t *ret, limb_t *a, size_t anum, limb_t *mod,
|
||||||
|
+ size_t modnum, limb_t ni0, limb_t *tmp)
|
||||||
|
+{
|
||||||
|
+ limb_t carry, v;
|
||||||
|
+ limb_t *res, *rp, *tmp2;
|
||||||
|
+ ossl_ssize_t i;
|
||||||
|
+
|
||||||
|
+ res = tmp;
|
||||||
|
+ /*
|
||||||
|
+ * for intermediate result we need an integer twice as long as modulus
|
||||||
|
+ * but keep the input in the least significant limbs
|
||||||
|
+ */
|
||||||
|
+ memset(res, 0, sizeof(limb_t) * (modnum * 2));
|
||||||
|
+ memcpy(&res[modnum * 2 - anum], a, sizeof(limb_t) * anum);
|
||||||
|
+ rp = &res[modnum];
|
||||||
|
+ tmp2 = &res[modnum * 2];
|
||||||
|
+
|
||||||
|
+ carry = 0;
|
||||||
|
+
|
||||||
|
+ /* add multiples of the modulus to the value until R divides it cleanly */
|
||||||
|
+ for (i = modnum; i > 0; i--, rp--) {
|
||||||
|
+ v = _mul_add_limb(rp, mod, modnum, rp[modnum-1] * ni0, tmp2);
|
||||||
|
+ v = v + carry + rp[-1];
|
||||||
|
+ carry |= (v != rp[-1]);
|
||||||
|
+ carry &= (v <= rp[-1]);
|
||||||
|
+ rp[-1] = v;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* perform the final reduction by mod... */
|
||||||
|
+ carry -= sub(ret, rp, mod, modnum);
|
||||||
|
+
|
||||||
|
+ /* ...conditionally */
|
||||||
|
+ cselect(carry, ret, rp, ret, modnum);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* allocated buffer should be freed afterwards */
|
||||||
|
+static void BN_to_limb(const BIGNUM *bn, limb_t *buf, size_t limbs)
|
||||||
|
+{
|
||||||
|
+ int i;
|
||||||
|
+ int real_limbs = (BN_num_bytes(bn) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
|
||||||
|
+ limb_t *ptr = buf + (limbs - real_limbs);
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < real_limbs; i++)
|
||||||
|
+ ptr[i] = bn->d[real_limbs - i - 1];
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#if LIMB_BYTE_SIZE == 8
|
||||||
|
+static ossl_inline uint64_t be64(uint64_t host)
|
||||||
|
+{
|
||||||
|
+ uint64_t big = 0;
|
||||||
|
+ DECLARE_IS_ENDIAN;
|
||||||
|
+
|
||||||
|
+ if (!IS_LITTLE_ENDIAN)
|
||||||
|
+ return host;
|
||||||
|
+
|
||||||
|
+ big |= (host & 0xff00000000000000) >> 56;
|
||||||
|
+ big |= (host & 0x00ff000000000000) >> 40;
|
||||||
|
+ big |= (host & 0x0000ff0000000000) >> 24;
|
||||||
|
+ big |= (host & 0x000000ff00000000) >> 8;
|
||||||
|
+ big |= (host & 0x00000000ff000000) << 8;
|
||||||
|
+ big |= (host & 0x0000000000ff0000) << 24;
|
||||||
|
+ big |= (host & 0x000000000000ff00) << 40;
|
||||||
|
+ big |= (host & 0x00000000000000ff) << 56;
|
||||||
|
+ return big;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#else
|
||||||
|
+/* Not all platforms have htobe32(). */
|
||||||
|
+static ossl_inline uint32_t be32(uint32_t host)
|
||||||
|
+{
|
||||||
|
+ uint32_t big = 0;
|
||||||
|
+ DECLARE_IS_ENDIAN;
|
||||||
|
+
|
||||||
|
+ if (!IS_LITTLE_ENDIAN)
|
||||||
|
+ return host;
|
||||||
|
+
|
||||||
|
+ big |= (host & 0xff000000) >> 24;
|
||||||
|
+ big |= (host & 0x00ff0000) >> 8;
|
||||||
|
+ big |= (host & 0x0000ff00) << 8;
|
||||||
|
+ big |= (host & 0x000000ff) << 24;
|
||||||
|
+ return big;
|
||||||
|
+}
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * We assume that intermediate, possible_arg2, blinding, and ctx are used
|
||||||
|
+ * similar to BN_BLINDING_invert_ex() arguments.
|
||||||
|
+ * to_mod is RSA modulus.
|
||||||
|
+ * buf and num is the serialization buffer and its length.
|
||||||
|
+ *
|
||||||
|
+ * Here we use classic/Montgomery multiplication and modulo. After the calculation finished
|
||||||
|
+ * we serialize the new structure instead of BIGNUMs taking endianness into account.
|
||||||
|
+ */
|
||||||
|
+int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate,
|
||||||
|
+ const BN_BLINDING *blinding,
|
||||||
|
+ const BIGNUM *possible_arg2,
|
||||||
|
+ const BIGNUM *to_mod, BN_CTX *ctx,
|
||||||
|
+ unsigned char *buf, int num)
|
||||||
|
+{
|
||||||
|
+ limb_t *l_im = NULL, *l_mul = NULL, *l_mod = NULL;
|
||||||
|
+ limb_t *l_ret = NULL, *l_tmp = NULL, l_buf;
|
||||||
|
+ size_t l_im_count = 0, l_mul_count = 0, l_size = 0, l_mod_count = 0;
|
||||||
|
+ size_t l_tmp_count = 0;
|
||||||
|
+ int ret = 0;
|
||||||
|
+ size_t i;
|
||||||
|
+ unsigned char *tmp;
|
||||||
|
+ const BIGNUM *arg1 = intermediate;
|
||||||
|
+ const BIGNUM *arg2 = (possible_arg2 == NULL) ? blinding->Ai : possible_arg2;
|
||||||
|
+
|
||||||
|
+ l_im_count = (BN_num_bytes(arg1) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
|
||||||
|
+ l_mul_count = (BN_num_bytes(arg2) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
|
||||||
|
+ l_mod_count = (BN_num_bytes(to_mod) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
|
||||||
|
+
|
||||||
|
+ l_size = l_im_count > l_mul_count ? l_im_count : l_mul_count;
|
||||||
|
+ l_im = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE);
|
||||||
|
+ l_mul = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE);
|
||||||
|
+ l_mod = OPENSSL_zalloc(l_mod_count * LIMB_BYTE_SIZE);
|
||||||
|
+
|
||||||
|
+ if ((l_im == NULL) || (l_mul == NULL) || (l_mod == NULL))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ BN_to_limb(arg1, l_im, l_size);
|
||||||
|
+ BN_to_limb(arg2, l_mul, l_size);
|
||||||
|
+ BN_to_limb(to_mod, l_mod, l_mod_count);
|
||||||
|
+
|
||||||
|
+ l_ret = OPENSSL_malloc(2 * l_size * LIMB_BYTE_SIZE);
|
||||||
|
+
|
||||||
|
+ if (blinding->m_ctx != NULL) {
|
||||||
|
+ l_tmp_count = mul_limb_numb(l_size) > mod_montgomery_limb_numb(l_mod_count) ?
|
||||||
|
+ mul_limb_numb(l_size) : mod_montgomery_limb_numb(l_mod_count);
|
||||||
|
+ l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE);
|
||||||
|
+ } else {
|
||||||
|
+ l_tmp_count = mul_limb_numb(l_size) > mod_limb_numb(2 * l_size, l_mod_count) ?
|
||||||
|
+ mul_limb_numb(l_size) : mod_limb_numb(2 * l_size, l_mod_count);
|
||||||
|
+ l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if ((l_ret == NULL) || (l_tmp == NULL))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ if (blinding->m_ctx != NULL) {
|
||||||
|
+ limb_mul(l_ret, l_im, l_mul, l_size, l_tmp);
|
||||||
|
+ mod_montgomery(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count,
|
||||||
|
+ blinding->m_ctx->n0[0], l_tmp);
|
||||||
|
+ } else {
|
||||||
|
+ limb_mul(l_ret, l_im, l_mul, l_size, l_tmp);
|
||||||
|
+ mod(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count, l_tmp);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* modulus size in bytes can be equal to num but after limbs conversion it becomes bigger */
|
||||||
|
+ if (num < BN_num_bytes(to_mod)) {
|
||||||
|
+ ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ memset(buf, 0, num);
|
||||||
|
+ tmp = buf + num - BN_num_bytes(to_mod);
|
||||||
|
+ for (i = 0; i < l_mod_count; i++) {
|
||||||
|
+#if LIMB_BYTE_SIZE == 8
|
||||||
|
+ l_buf = be64(l_ret[i]);
|
||||||
|
+#else
|
||||||
|
+ l_buf = be32(l_ret[i]);
|
||||||
|
+#endif
|
||||||
|
+ if (i == 0) {
|
||||||
|
+ int delta = LIMB_BYTE_SIZE - ((l_mod_count * LIMB_BYTE_SIZE) - num);
|
||||||
|
+
|
||||||
|
+ memcpy(tmp, ((char *)&l_buf) + LIMB_BYTE_SIZE - delta, delta);
|
||||||
|
+ tmp += delta;
|
||||||
|
+ } else {
|
||||||
|
+ memcpy(tmp, &l_buf, LIMB_BYTE_SIZE);
|
||||||
|
+ tmp += LIMB_BYTE_SIZE;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ ret = num;
|
||||||
|
+
|
||||||
|
+ err:
|
||||||
|
+ OPENSSL_free(l_im);
|
||||||
|
+ OPENSSL_free(l_mul);
|
||||||
|
+ OPENSSL_free(l_mod);
|
||||||
|
+ OPENSSL_free(l_tmp);
|
||||||
|
+ OPENSSL_free(l_ret);
|
||||||
|
+
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
|
||||||
|
index 381c659352..7e8b791fba 100644
|
||||||
|
--- a/crypto/rsa/rsa_ossl.c
|
||||||
|
+++ b/crypto/rsa/rsa_ossl.c
|
||||||
|
@@ -469,13 +469,20 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
||||||
|
BN_free(d);
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (blinding)
|
||||||
|
- if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
|
||||||
|
+ if (blinding) {
|
||||||
|
+ /*
|
||||||
|
+ * ossl_bn_rsa_do_unblind() combines blinding inversion and
|
||||||
|
+ * 0-padded BN BE serialization
|
||||||
|
+ */
|
||||||
|
+ j = ossl_bn_rsa_do_unblind(ret, blinding, unblind, rsa->n, ctx,
|
||||||
|
+ buf, num);
|
||||||
|
+ if (j == 0)
|
||||||
|
goto err;
|
||||||
|
-
|
||||||
|
- j = BN_bn2binpad(ret, buf, num);
|
||||||
|
- if (j < 0)
|
||||||
|
- goto err;
|
||||||
|
+ } else {
|
||||||
|
+ j = BN_bn2binpad(ret, buf, num);
|
||||||
|
+ if (j < 0)
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
switch (padding) {
|
||||||
|
case RSA_PKCS1_PADDING:
|
||||||
|
diff --git a/include/crypto/bn.h b/include/crypto/bn.h
|
||||||
|
index cf69bea848..cd45654210 100644
|
||||||
|
--- a/include/crypto/bn.h
|
||||||
|
+++ b/include/crypto/bn.h
|
||||||
|
@@ -114,4 +114,10 @@ OSSL_LIB_CTX *ossl_bn_get_libctx(BN_CTX *ctx);
|
||||||
|
|
||||||
|
extern const BIGNUM ossl_bn_inv_sqrt_2;
|
||||||
|
|
||||||
|
+int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate,
|
||||||
|
+ const BN_BLINDING *blinding,
|
||||||
|
+ const BIGNUM *possible_arg2,
|
||||||
|
+ const BIGNUM *to_mod, BN_CTX *ctx,
|
||||||
|
+ unsigned char *buf, int num);
|
||||||
|
+
|
||||||
|
#endif
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
106
SOURCES/0103-CVE-2022-4450-pem-read-bio.patch
Normal file
106
SOURCES/0103-CVE-2022-4450-pem-read-bio.patch
Normal file
@ -0,0 +1,106 @@
|
|||||||
|
From 63bcf189be73a9cc1264059bed6f57974be74a83 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Matt Caswell <matt@openssl.org>
|
||||||
|
Date: Tue, 13 Dec 2022 14:54:55 +0000
|
||||||
|
Subject: [PATCH 04/18] Avoid dangling ptrs in header and data params for
|
||||||
|
PEM_read_bio_ex
|
||||||
|
|
||||||
|
In the event of a failure in PEM_read_bio_ex() we free the buffers we
|
||||||
|
allocated for the header and data buffers. However we were not clearing
|
||||||
|
the ptrs stored in *header and *data. Since, on success, the caller is
|
||||||
|
responsible for freeing these ptrs this can potentially lead to a double
|
||||||
|
free if the caller frees them even on failure.
|
||||||
|
|
||||||
|
Thanks to Dawei Wang for reporting this issue.
|
||||||
|
|
||||||
|
Based on a proposed patch by Kurt Roeckx.
|
||||||
|
|
||||||
|
CVE-2022-4450
|
||||||
|
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
||||||
|
---
|
||||||
|
crypto/pem/pem_lib.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
|
||||||
|
index f9ff80162a..85c47fb627 100644
|
||||||
|
--- a/crypto/pem/pem_lib.c
|
||||||
|
+++ b/crypto/pem/pem_lib.c
|
||||||
|
@@ -989,7 +989,9 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
|
||||||
|
|
||||||
|
out_free:
|
||||||
|
pem_free(*header, flags, 0);
|
||||||
|
+ *header = NULL;
|
||||||
|
pem_free(*data, flags, 0);
|
||||||
|
+ *data = NULL;
|
||||||
|
end:
|
||||||
|
EVP_ENCODE_CTX_free(ctx);
|
||||||
|
pem_free(name, flags, 0);
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
||||||
|
From cbafa34b5a057794c5c08cd4657038e1f643c1ac Mon Sep 17 00:00:00 2001
|
||||||
|
From: Matt Caswell <matt@openssl.org>
|
||||||
|
Date: Tue, 13 Dec 2022 15:02:26 +0000
|
||||||
|
Subject: [PATCH 05/18] Add a test for CVE-2022-4450
|
||||||
|
|
||||||
|
Call PEM_read_bio_ex() and expect a failure. There should be no dangling
|
||||||
|
ptrs and therefore there should be no double free if we free the ptrs on
|
||||||
|
error.
|
||||||
|
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
||||||
|
---
|
||||||
|
test/pemtest.c | 30 ++++++++++++++++++++++++++++++
|
||||||
|
1 file changed, 30 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/test/pemtest.c b/test/pemtest.c
|
||||||
|
index a8d2d49bb5..a5d28cb256 100644
|
||||||
|
--- a/test/pemtest.c
|
||||||
|
+++ b/test/pemtest.c
|
||||||
|
@@ -96,6 +96,35 @@ static int test_cert_key_cert(void)
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static int test_empty_payload(void)
|
||||||
|
+{
|
||||||
|
+ BIO *b;
|
||||||
|
+ static char *emptypay =
|
||||||
|
+ "-----BEGIN CERTIFICATE-----\n"
|
||||||
|
+ "-\n" /* Base64 EOF character */
|
||||||
|
+ "-----END CERTIFICATE-----";
|
||||||
|
+ char *name = NULL, *header = NULL;
|
||||||
|
+ unsigned char *data = NULL;
|
||||||
|
+ long len;
|
||||||
|
+ int ret = 0;
|
||||||
|
+
|
||||||
|
+ b = BIO_new_mem_buf(emptypay, strlen(emptypay));
|
||||||
|
+ if (!TEST_ptr(b))
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ /* Expected to fail because the payload is empty */
|
||||||
|
+ if (!TEST_false(PEM_read_bio_ex(b, &name, &header, &data, &len, 0)))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ ret = 1;
|
||||||
|
+ err:
|
||||||
|
+ OPENSSL_free(name);
|
||||||
|
+ OPENSSL_free(header);
|
||||||
|
+ OPENSSL_free(data);
|
||||||
|
+ BIO_free(b);
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int setup_tests(void)
|
||||||
|
{
|
||||||
|
if (!TEST_ptr(pemfile = test_get_argument(0)))
|
||||||
|
@@ -103,5 +132,6 @@ int setup_tests(void)
|
||||||
|
ADD_ALL_TESTS(test_b64, OSSL_NELEM(b64_pem_data));
|
||||||
|
ADD_TEST(test_invalid);
|
||||||
|
ADD_TEST(test_cert_key_cert);
|
||||||
|
+ ADD_TEST(test_empty_payload);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
187
SOURCES/0104-CVE-2023-0215-UAF-bio.patch
Normal file
187
SOURCES/0104-CVE-2023-0215-UAF-bio.patch
Normal file
@ -0,0 +1,187 @@
|
|||||||
|
From 8818064ce3c3c0f1b740a5aaba2a987e75bfbafd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Matt Caswell <matt@openssl.org>
|
||||||
|
Date: Wed, 14 Dec 2022 16:18:14 +0000
|
||||||
|
Subject: [PATCH 06/18] Fix a UAF resulting from a bug in BIO_new_NDEF
|
||||||
|
|
||||||
|
If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will
|
||||||
|
be part of an invalid BIO chain. This causes a "use after free" when the
|
||||||
|
BIO is eventually freed.
|
||||||
|
|
||||||
|
Based on an original patch by Viktor Dukhovni and an idea from Theo
|
||||||
|
Buehler.
|
||||||
|
|
||||||
|
Thanks to Octavio Galland for reporting this issue.
|
||||||
|
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||||
|
---
|
||||||
|
crypto/asn1/bio_ndef.c | 40 ++++++++++++++++++++++++++++++++--------
|
||||||
|
1 file changed, 32 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
|
||||||
|
index d94e3a3644..b9df3a7a47 100644
|
||||||
|
--- a/crypto/asn1/bio_ndef.c
|
||||||
|
+++ b/crypto/asn1/bio_ndef.c
|
||||||
|
@@ -49,13 +49,19 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
|
||||||
|
static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen,
|
||||||
|
void *parg);
|
||||||
|
|
||||||
|
-/* unfortunately cannot constify this due to CMS_stream() and PKCS7_stream() */
|
||||||
|
+/*
|
||||||
|
+ * On success, the returned BIO owns the input BIO as part of its BIO chain.
|
||||||
|
+ * On failure, NULL is returned and the input BIO is owned by the caller.
|
||||||
|
+ *
|
||||||
|
+ * Unfortunately cannot constify this due to CMS_stream() and PKCS7_stream()
|
||||||
|
+ */
|
||||||
|
BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
|
||||||
|
{
|
||||||
|
NDEF_SUPPORT *ndef_aux = NULL;
|
||||||
|
BIO *asn_bio = NULL;
|
||||||
|
const ASN1_AUX *aux = it->funcs;
|
||||||
|
ASN1_STREAM_ARG sarg;
|
||||||
|
+ BIO *pop_bio = NULL;
|
||||||
|
|
||||||
|
if (!aux || !aux->asn1_cb) {
|
||||||
|
ERR_raise(ERR_LIB_ASN1, ASN1_R_STREAMING_NOT_SUPPORTED);
|
||||||
|
@@ -70,21 +76,39 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
|
||||||
|
out = BIO_push(asn_bio, out);
|
||||||
|
if (out == NULL)
|
||||||
|
goto err;
|
||||||
|
+ pop_bio = asn_bio;
|
||||||
|
|
||||||
|
- BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
|
||||||
|
- BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
|
||||||
|
+ if (BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free) <= 0
|
||||||
|
+ || BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free) <= 0
|
||||||
|
+ || BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0)
|
||||||
|
+ goto err;
|
||||||
|
|
||||||
|
/*
|
||||||
|
- * Now let callback prepends any digest, cipher etc BIOs ASN1 structure
|
||||||
|
- * needs.
|
||||||
|
+ * Now let the callback prepend any digest, cipher, etc., that the BIO's
|
||||||
|
+ * ASN1 structure needs.
|
||||||
|
*/
|
||||||
|
|
||||||
|
sarg.out = out;
|
||||||
|
sarg.ndef_bio = NULL;
|
||||||
|
sarg.boundary = NULL;
|
||||||
|
|
||||||
|
- if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0)
|
||||||
|
+ /*
|
||||||
|
+ * The asn1_cb(), must not have mutated asn_bio on error, leaving it in the
|
||||||
|
+ * middle of some partially built, but not returned BIO chain.
|
||||||
|
+ */
|
||||||
|
+ if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) {
|
||||||
|
+ /*
|
||||||
|
+ * ndef_aux is now owned by asn_bio so we must not free it in the err
|
||||||
|
+ * clean up block
|
||||||
|
+ */
|
||||||
|
+ ndef_aux = NULL;
|
||||||
|
goto err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * We must not fail now because the callback has prepended additional
|
||||||
|
+ * BIOs to the chain
|
||||||
|
+ */
|
||||||
|
|
||||||
|
ndef_aux->val = val;
|
||||||
|
ndef_aux->it = it;
|
||||||
|
@@ -92,11 +116,11 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
|
||||||
|
ndef_aux->boundary = sarg.boundary;
|
||||||
|
ndef_aux->out = out;
|
||||||
|
|
||||||
|
- BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
|
||||||
|
-
|
||||||
|
return sarg.ndef_bio;
|
||||||
|
|
||||||
|
err:
|
||||||
|
+ /* BIO_pop() is NULL safe */
|
||||||
|
+ (void)BIO_pop(pop_bio);
|
||||||
|
BIO_free(asn_bio);
|
||||||
|
OPENSSL_free(ndef_aux);
|
||||||
|
return NULL;
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
||||||
|
From f596ec8a6f9f5fcfa8e46a73b60f78a609725294 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Matt Caswell <matt@openssl.org>
|
||||||
|
Date: Wed, 14 Dec 2022 17:15:18 +0000
|
||||||
|
Subject: [PATCH 07/18] Check CMS failure during BIO setup with -stream is
|
||||||
|
handled correctly
|
||||||
|
|
||||||
|
Test for the issue fixed in the previous commit
|
||||||
|
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||||
|
---
|
||||||
|
test/recipes/80-test_cms.t | 15 +++++++++++++--
|
||||||
|
test/smime-certs/badrsa.pem | 18 ++++++++++++++++++
|
||||||
|
2 files changed, 31 insertions(+), 2 deletions(-)
|
||||||
|
create mode 100644 test/smime-certs/badrsa.pem
|
||||||
|
|
||||||
|
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
|
||||||
|
index 610f1cbc51..fd53683e6b 100644
|
||||||
|
--- a/test/recipes/80-test_cms.t
|
||||||
|
+++ b/test/recipes/80-test_cms.t
|
||||||
|
@@ -13,7 +13,7 @@ use warnings;
|
||||||
|
use POSIX;
|
||||||
|
use File::Spec::Functions qw/catfile/;
|
||||||
|
use File::Compare qw/compare_text compare/;
|
||||||
|
-use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file/;
|
||||||
|
+use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file with/;
|
||||||
|
|
||||||
|
use OpenSSL::Test::Utils;
|
||||||
|
|
||||||
|
@@ -50,7 +50,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
|
||||||
|
|
||||||
|
$no_rc2 = 1 if disabled("legacy");
|
||||||
|
|
||||||
|
-plan tests => 12;
|
||||||
|
+plan tests => 13;
|
||||||
|
|
||||||
|
ok(run(test(["pkcs7_test"])), "test pkcs7");
|
||||||
|
|
||||||
|
@@ -972,3 +972,14 @@ ok(!run(app(['openssl', 'cms', '-verify',
|
||||||
|
|
||||||
|
return "";
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+# Check that we get the expected failure return code
|
||||||
|
+with({ exit_checker => sub { return shift == 6; } },
|
||||||
|
+ sub {
|
||||||
|
+ ok(run(app(['openssl', 'cms', '-encrypt',
|
||||||
|
+ '-in', srctop_file("test", "smcont.txt"),
|
||||||
|
+ '-stream', '-recip',
|
||||||
|
+ srctop_file("test/smime-certs", "badrsa.pem"),
|
||||||
|
+ ])),
|
||||||
|
+ "Check failure during BIO setup with -stream is handled correctly");
|
||||||
|
+ });
|
||||||
|
diff --git a/test/smime-certs/badrsa.pem b/test/smime-certs/badrsa.pem
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..f824fc2267
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/smime-certs/badrsa.pem
|
||||||
|
@@ -0,0 +1,18 @@
|
||||||
|
+-----BEGIN CERTIFICATE-----
|
||||||
|
+MIIDbTCCAlWgAwIBAgIToTV4Z0iuK08vZP20oTh//hC8BDANBgkqhkiG9w0BAQ0FADAtMSswKQYD
|
||||||
|
+VfcDEyJTYW1wbGUgTEFNUFMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoY
|
||||||
|
+DzIwNTIwOTI3MDY1NDE4WjAZMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN
|
||||||
|
+AQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOw
|
||||||
|
+I2juwdRrjFBmXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A
|
||||||
|
+/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6s
|
||||||
|
+yTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0
|
||||||
|
+zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSxgCAwEAAaOBlzCB
|
||||||
|
+lDAMBgNVHRMBAf8EAjAAMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAww
|
||||||
|
+CgYIKwYBBQUHAwQwDwYDVR0PAQH/BAUDAwfAADAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm
|
||||||
|
+ZnMwHwYDVR0jBBgwFoAUeF8OWnjYa+RUcD2z3ez38fL6wEcwDQYJKoZIhvcNAQENBQADggEBABbW
|
||||||
|
+eonR6TMTckehDKNOabwaCIcekahAIL6l9tTzUX5ew6ufiAPlC6I/zQlmUaU0iSyFDG1NW14kNbFt
|
||||||
|
+5CAokyLhMtE4ASHBIHbiOp/ZSbUBTVYJZB61ot7w1/ol5QECSs08b8zrxIncf+t2DHGuVEy/Qq1d
|
||||||
|
+rBz8d4ay8zpqAE1tUyL5Da6ZiKUfWwZQXSI/JlbjQFzYQqTRDnzHWrg1xPeMTO1P2/cplFaseTiv
|
||||||
|
+yk4cYwOp/W9UAWymOZXF8WcJYCIUXkdcG/nEZxr057KlScrJmFXOoh7Y+8ON4iWYYcAfiNgpUFo/
|
||||||
|
+j8BAwrKKaFvdlZS9k1Ypb2+UQY75mKJE9Bg=
|
||||||
|
+-----END CERTIFICATE-----
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
110
SOURCES/0105-CVE-2023-0216-pkcs7-deref.patch
Normal file
110
SOURCES/0105-CVE-2023-0216-pkcs7-deref.patch
Normal file
@ -0,0 +1,110 @@
|
|||||||
|
From 934a04f0e775309cadbef0aa6b9692e1b12a76c6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Mraz <tomas@openssl.org>
|
||||||
|
Date: Mon, 16 Jan 2023 19:45:23 +0100
|
||||||
|
Subject: [PATCH 08/18] Do not dereference PKCS7 object data if not set
|
||||||
|
|
||||||
|
Fixes CVE-2023-0216
|
||||||
|
|
||||||
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
---
|
||||||
|
crypto/pkcs7/pk7_lib.c | 16 ++++++++++++----
|
||||||
|
1 file changed, 12 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
|
||||||
|
index 753f1276e6..936e50da54 100644
|
||||||
|
--- a/crypto/pkcs7/pk7_lib.c
|
||||||
|
+++ b/crypto/pkcs7/pk7_lib.c
|
||||||
|
@@ -414,6 +414,8 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
|
||||||
|
|
||||||
|
static STACK_OF(X509) *pkcs7_get_signer_certs(const PKCS7 *p7)
|
||||||
|
{
|
||||||
|
+ if (p7->d.ptr == NULL)
|
||||||
|
+ return NULL;
|
||||||
|
if (PKCS7_type_is_signed(p7))
|
||||||
|
return p7->d.sign->cert;
|
||||||
|
if (PKCS7_type_is_signedAndEnveloped(p7))
|
||||||
|
@@ -423,6 +425,8 @@ static STACK_OF(X509) *pkcs7_get_signer_certs(const PKCS7 *p7)
|
||||||
|
|
||||||
|
static STACK_OF(PKCS7_RECIP_INFO) *pkcs7_get_recipient_info(const PKCS7 *p7)
|
||||||
|
{
|
||||||
|
+ if (p7->d.ptr == NULL)
|
||||||
|
+ return NULL;
|
||||||
|
if (PKCS7_type_is_signedAndEnveloped(p7))
|
||||||
|
return p7->d.signed_and_enveloped->recipientinfo;
|
||||||
|
if (PKCS7_type_is_enveloped(p7))
|
||||||
|
@@ -440,13 +444,17 @@ void ossl_pkcs7_resolve_libctx(PKCS7 *p7)
|
||||||
|
const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7);
|
||||||
|
OSSL_LIB_CTX *libctx = ossl_pkcs7_ctx_get0_libctx(ctx);
|
||||||
|
const char *propq = ossl_pkcs7_ctx_get0_propq(ctx);
|
||||||
|
- STACK_OF(PKCS7_RECIP_INFO) *rinfos = pkcs7_get_recipient_info(p7);
|
||||||
|
- STACK_OF(PKCS7_SIGNER_INFO) *sinfos = PKCS7_get_signer_info(p7);
|
||||||
|
- STACK_OF(X509) *certs = pkcs7_get_signer_certs(p7);
|
||||||
|
+ STACK_OF(PKCS7_RECIP_INFO) *rinfos;
|
||||||
|
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
|
||||||
|
+ STACK_OF(X509) *certs;
|
||||||
|
|
||||||
|
- if (ctx == NULL)
|
||||||
|
+ if (ctx == NULL || p7->d.ptr == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
|
+ rinfos = pkcs7_get_recipient_info(p7);
|
||||||
|
+ sinfos = PKCS7_get_signer_info(p7);
|
||||||
|
+ certs = pkcs7_get_signer_certs(p7);
|
||||||
|
+
|
||||||
|
for (i = 0; i < sk_X509_num(certs); i++)
|
||||||
|
ossl_x509_set0_libctx(sk_X509_value(certs, i), libctx, propq);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
||||||
|
From 67813d8a4d110f4174bbd2fee8a2f15388e324b5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Mraz <tomas@openssl.org>
|
||||||
|
Date: Mon, 16 Jan 2023 19:56:20 +0100
|
||||||
|
Subject: [PATCH 09/18] Add test for d2i_PKCS7 NULL dereference
|
||||||
|
|
||||||
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
---
|
||||||
|
test/recipes/25-test_pkcs7.t | 7 +++++--
|
||||||
|
test/recipes/25-test_pkcs7_data/malformed.pkcs7 | 3 +++
|
||||||
|
2 files changed, 8 insertions(+), 2 deletions(-)
|
||||||
|
create mode 100644 test/recipes/25-test_pkcs7_data/malformed.pkcs7
|
||||||
|
|
||||||
|
diff --git a/test/recipes/25-test_pkcs7.t b/test/recipes/25-test_pkcs7.t
|
||||||
|
index 37cd43dc6b..d61cd6abad 100644
|
||||||
|
--- a/test/recipes/25-test_pkcs7.t
|
||||||
|
+++ b/test/recipes/25-test_pkcs7.t
|
||||||
|
@@ -11,11 +11,11 @@ use strict;
|
||||||
|
use warnings;
|
||||||
|
|
||||||
|
use File::Spec;
|
||||||
|
-use OpenSSL::Test qw/:DEFAULT srctop_file/;
|
||||||
|
+use OpenSSL::Test qw/:DEFAULT srctop_file data_file/;
|
||||||
|
|
||||||
|
setup("test_pkcs7");
|
||||||
|
|
||||||
|
-plan tests => 3;
|
||||||
|
+plan tests => 4;
|
||||||
|
|
||||||
|
require_ok(srctop_file('test','recipes','tconversion.pl'));
|
||||||
|
|
||||||
|
@@ -27,3 +27,6 @@ subtest 'pkcs7 conversions -- pkcs7d' => sub {
|
||||||
|
tconversion( -type => 'p7d', -in => srctop_file("test", "pkcs7-1.pem"),
|
||||||
|
-args => ["pkcs7"] );
|
||||||
|
};
|
||||||
|
+
|
||||||
|
+my $malformed = data_file('malformed.pkcs7');
|
||||||
|
+ok(run(app(["openssl", "pkcs7", "-in", $malformed])));
|
||||||
|
diff --git a/test/recipes/25-test_pkcs7_data/malformed.pkcs7 b/test/recipes/25-test_pkcs7_data/malformed.pkcs7
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..e30d1b582c
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/recipes/25-test_pkcs7_data/malformed.pkcs7
|
||||||
|
@@ -0,0 +1,3 @@
|
||||||
|
+-----BEGIN PKCS7-----
|
||||||
|
+MAsGCSqGSIb3DQEHAg==
|
||||||
|
+-----END PKCS7-----
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
404
SOURCES/0106-CVE-2023-0217-dsa.patch
Normal file
404
SOURCES/0106-CVE-2023-0217-dsa.patch
Normal file
@ -0,0 +1,404 @@
|
|||||||
|
From 23985bac83fd50c8e29431009302b5442f985096 Mon Sep 17 00:00:00 2001
|
||||||
|
From: slontis <shane.lontis@oracle.com>
|
||||||
|
Date: Wed, 11 Jan 2023 11:05:04 +1000
|
||||||
|
Subject: [PATCH 10/18] Fix NULL deference when validating FFC public key.
|
||||||
|
|
||||||
|
Fixes CVE-2023-0217
|
||||||
|
|
||||||
|
When attempting to do a BN_Copy of params->p there was no NULL check.
|
||||||
|
Since BN_copy does not check for NULL this is a NULL reference.
|
||||||
|
|
||||||
|
As an aside BN_cmp() does do a NULL check, so there are other checks
|
||||||
|
that fail because a NULL is passed. A more general check for NULL params
|
||||||
|
has been added for both FFC public and private key validation instead.
|
||||||
|
|
||||||
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||||
|
---
|
||||||
|
crypto/ffc/ffc_key_validate.c | 9 +++++++++
|
||||||
|
include/internal/ffc.h | 1 +
|
||||||
|
test/ffc_internal_test.c | 31 +++++++++++++++++++++++++++++++
|
||||||
|
3 files changed, 41 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/crypto/ffc/ffc_key_validate.c b/crypto/ffc/ffc_key_validate.c
|
||||||
|
index 9f6525a2c8..442303e4b3 100644
|
||||||
|
--- a/crypto/ffc/ffc_key_validate.c
|
||||||
|
+++ b/crypto/ffc/ffc_key_validate.c
|
||||||
|
@@ -24,6 +24,11 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params,
|
||||||
|
BN_CTX *ctx = NULL;
|
||||||
|
|
||||||
|
*ret = 0;
|
||||||
|
+ if (params == NULL || pub_key == NULL || params->p == NULL) {
|
||||||
|
+ *ret = FFC_ERROR_PASSED_NULL_PARAM;
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ctx = BN_CTX_new_ex(NULL);
|
||||||
|
if (ctx == NULL)
|
||||||
|
goto err;
|
||||||
|
@@ -107,6 +112,10 @@ int ossl_ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv,
|
||||||
|
|
||||||
|
*ret = 0;
|
||||||
|
|
||||||
|
+ if (priv == NULL || upper == NULL) {
|
||||||
|
+ *ret = FFC_ERROR_PASSED_NULL_PARAM;
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
if (BN_cmp(priv, BN_value_one()) < 0) {
|
||||||
|
*ret |= FFC_ERROR_PRIVKEY_TOO_SMALL;
|
||||||
|
goto err;
|
||||||
|
diff --git a/include/internal/ffc.h b/include/internal/ffc.h
|
||||||
|
index 732514a6c2..b8b7140857 100644
|
||||||
|
--- a/include/internal/ffc.h
|
||||||
|
+++ b/include/internal/ffc.h
|
||||||
|
@@ -76,6 +76,7 @@
|
||||||
|
# define FFC_ERROR_NOT_SUITABLE_GENERATOR 0x08
|
||||||
|
# define FFC_ERROR_PRIVKEY_TOO_SMALL 0x10
|
||||||
|
# define FFC_ERROR_PRIVKEY_TOO_LARGE 0x20
|
||||||
|
+# define FFC_ERROR_PASSED_NULL_PARAM 0x40
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Finite field cryptography (FFC) domain parameters are used by DH and DSA.
|
||||||
|
diff --git a/test/ffc_internal_test.c b/test/ffc_internal_test.c
|
||||||
|
index 2c97293573..9f67bd29b9 100644
|
||||||
|
--- a/test/ffc_internal_test.c
|
||||||
|
+++ b/test/ffc_internal_test.c
|
||||||
|
@@ -510,6 +510,27 @@ static int ffc_public_validate_test(void)
|
||||||
|
if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
+ /* Fail if params is NULL */
|
||||||
|
+ if (!TEST_false(ossl_ffc_validate_public_key(NULL, pub, &res)))
|
||||||
|
+ goto err;
|
||||||
|
+ if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
|
||||||
|
+ goto err;
|
||||||
|
+ res = -1;
|
||||||
|
+ /* Fail if pubkey is NULL */
|
||||||
|
+ if (!TEST_false(ossl_ffc_validate_public_key(params, NULL, &res)))
|
||||||
|
+ goto err;
|
||||||
|
+ if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
|
||||||
|
+ goto err;
|
||||||
|
+ res = -1;
|
||||||
|
+
|
||||||
|
+ BN_free(params->p);
|
||||||
|
+ params->p = NULL;
|
||||||
|
+ /* Fail if params->p is NULL */
|
||||||
|
+ if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
|
||||||
|
+ goto err;
|
||||||
|
+ if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
ret = 1;
|
||||||
|
err:
|
||||||
|
DH_free(dh);
|
||||||
|
@@ -567,6 +588,16 @@ static int ffc_private_validate_test(void)
|
||||||
|
if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
+ if (!TEST_false(ossl_ffc_validate_private_key(NULL, priv, &res)))
|
||||||
|
+ goto err;
|
||||||
|
+ if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
|
||||||
|
+ goto err;
|
||||||
|
+ res = -1;
|
||||||
|
+ if (!TEST_false(ossl_ffc_validate_private_key(params->q, NULL, &res)))
|
||||||
|
+ goto err;
|
||||||
|
+ if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
ret = 1;
|
||||||
|
err:
|
||||||
|
DH_free(dh);
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
||||||
|
From c1b4467a7cc129a74fc5205b80a5c47556b99416 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Mraz <tomas@openssl.org>
|
||||||
|
Date: Fri, 13 Jan 2023 17:57:59 +0100
|
||||||
|
Subject: [PATCH 11/18] Prevent creating DSA and DH keys without parameters
|
||||||
|
through import
|
||||||
|
|
||||||
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
---
|
||||||
|
providers/implementations/keymgmt/dh_kmgmt.c | 4 ++--
|
||||||
|
providers/implementations/keymgmt/dsa_kmgmt.c | 5 +++--
|
||||||
|
2 files changed, 5 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
|
||||||
|
index 58a5fd009f..c2d87b4a7f 100644
|
||||||
|
--- a/providers/implementations/keymgmt/dh_kmgmt.c
|
||||||
|
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
|
||||||
|
@@ -198,8 +198,8 @@ static int dh_import(void *keydata, int selection, const OSSL_PARAM params[])
|
||||||
|
if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
- if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
|
||||||
|
- ok = ok && ossl_dh_params_fromdata(dh, params);
|
||||||
|
+ /* a key without parameters is meaningless */
|
||||||
|
+ ok = ok && ossl_dh_params_fromdata(dh, params);
|
||||||
|
|
||||||
|
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
|
||||||
|
int include_private =
|
||||||
|
diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
|
||||||
|
index 100e917167..881680c085 100644
|
||||||
|
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
|
||||||
|
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
|
||||||
|
@@ -199,8 +199,9 @@ static int dsa_import(void *keydata, int selection, const OSSL_PARAM params[])
|
||||||
|
if ((selection & DSA_POSSIBLE_SELECTIONS) == 0)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
- if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
|
||||||
|
- ok = ok && ossl_dsa_ffc_params_fromdata(dsa, params);
|
||||||
|
+ /* a key without parameters is meaningless */
|
||||||
|
+ ok = ok && ossl_dsa_ffc_params_fromdata(dsa, params);
|
||||||
|
+
|
||||||
|
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
|
||||||
|
int include_private =
|
||||||
|
selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
||||||
|
From fab4973801bdc11c29c4c8ccf65cf39cbc63ce9b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Mraz <tomas@openssl.org>
|
||||||
|
Date: Fri, 13 Jan 2023 17:59:52 +0100
|
||||||
|
Subject: [PATCH 12/18] Do not create DSA keys without parameters by decoder
|
||||||
|
|
||||||
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
---
|
||||||
|
crypto/x509/x_pubkey.c | 24 +++++++++++++++++++
|
||||||
|
include/crypto/x509.h | 3 +++
|
||||||
|
.../encode_decode/decode_der2key.c | 2 +-
|
||||||
|
3 files changed, 28 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
|
||||||
|
index bc90ddd89b..77790faa1f 100644
|
||||||
|
--- a/crypto/x509/x_pubkey.c
|
||||||
|
+++ b/crypto/x509/x_pubkey.c
|
||||||
|
@@ -745,6 +745,30 @@ DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
|
||||||
|
return key;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Called from decoders; disallows provided DSA keys without parameters. */
|
||||||
|
+DSA *ossl_d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
|
||||||
|
+{
|
||||||
|
+ DSA *key = NULL;
|
||||||
|
+ const unsigned char *data;
|
||||||
|
+ const BIGNUM *p, *q, *g;
|
||||||
|
+
|
||||||
|
+ data = *pp;
|
||||||
|
+ key = d2i_DSA_PUBKEY(NULL, &data, length);
|
||||||
|
+ if (key == NULL)
|
||||||
|
+ return NULL;
|
||||||
|
+ DSA_get0_pqg(key, &p, &q, &g);
|
||||||
|
+ if (p == NULL || q == NULL || g == NULL) {
|
||||||
|
+ DSA_free(key);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ *pp = data;
|
||||||
|
+ if (a != NULL) {
|
||||||
|
+ DSA_free(*a);
|
||||||
|
+ *a = key;
|
||||||
|
+ }
|
||||||
|
+ return key;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp)
|
||||||
|
{
|
||||||
|
EVP_PKEY *pktmp;
|
||||||
|
diff --git a/include/crypto/x509.h b/include/crypto/x509.h
|
||||||
|
index 1f00178e89..0c42730ee9 100644
|
||||||
|
--- a/include/crypto/x509.h
|
||||||
|
+++ b/include/crypto/x509.h
|
||||||
|
@@ -339,6 +339,9 @@ void ossl_X509_PUBKEY_INTERNAL_free(X509_PUBKEY *xpub);
|
||||||
|
|
||||||
|
RSA *ossl_d2i_RSA_PSS_PUBKEY(RSA **a, const unsigned char **pp, long length);
|
||||||
|
int ossl_i2d_RSA_PSS_PUBKEY(const RSA *a, unsigned char **pp);
|
||||||
|
+# ifndef OPENSSL_NO_DSA
|
||||||
|
+DSA *ossl_d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
|
||||||
|
+# endif /* OPENSSL_NO_DSA */
|
||||||
|
# ifndef OPENSSL_NO_DH
|
||||||
|
DH *ossl_d2i_DH_PUBKEY(DH **a, const unsigned char **pp, long length);
|
||||||
|
int ossl_i2d_DH_PUBKEY(const DH *a, unsigned char **pp);
|
||||||
|
diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c
|
||||||
|
index ebc2d24833..d6ad738ef3 100644
|
||||||
|
--- a/providers/implementations/encode_decode/decode_der2key.c
|
||||||
|
+++ b/providers/implementations/encode_decode/decode_der2key.c
|
||||||
|
@@ -374,7 +374,7 @@ static void *dsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
|
||||||
|
(key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8);
|
||||||
|
}
|
||||||
|
|
||||||
|
-# define dsa_d2i_PUBKEY (d2i_of_void *)d2i_DSA_PUBKEY
|
||||||
|
+# define dsa_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DSA_PUBKEY
|
||||||
|
# define dsa_free (free_key_fn *)DSA_free
|
||||||
|
# define dsa_check NULL
|
||||||
|
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
||||||
|
From 7e37185582995b35f885fec9dcc3670af9ffcbef Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Mraz <tomas@openssl.org>
|
||||||
|
Date: Fri, 13 Jan 2023 18:46:15 +0100
|
||||||
|
Subject: [PATCH 13/18] Add test for DSA pubkey without param import and check
|
||||||
|
|
||||||
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
---
|
||||||
|
test/recipes/91-test_pkey_check.t | 48 ++++++++++++++----
|
||||||
|
.../91-test_pkey_check_data/dsapub.pem | 12 +++++
|
||||||
|
.../dsapub_noparam.der | Bin 0 -> 108 bytes
|
||||||
|
3 files changed, 49 insertions(+), 11 deletions(-)
|
||||||
|
create mode 100644 test/recipes/91-test_pkey_check_data/dsapub.pem
|
||||||
|
create mode 100644 test/recipes/91-test_pkey_check_data/dsapub_noparam.der
|
||||||
|
|
||||||
|
diff --git a/test/recipes/91-test_pkey_check.t b/test/recipes/91-test_pkey_check.t
|
||||||
|
index 612a3e3d6c..015d7805db 100644
|
||||||
|
--- a/test/recipes/91-test_pkey_check.t
|
||||||
|
+++ b/test/recipes/91-test_pkey_check.t
|
||||||
|
@@ -11,19 +11,24 @@ use strict;
|
||||||
|
use warnings;
|
||||||
|
|
||||||
|
use File::Spec;
|
||||||
|
-use OpenSSL::Test qw/:DEFAULT data_file/;
|
||||||
|
+use OpenSSL::Test qw/:DEFAULT data_file with/;
|
||||||
|
use OpenSSL::Test::Utils;
|
||||||
|
|
||||||
|
sub pkey_check {
|
||||||
|
my $f = shift;
|
||||||
|
+ my $pubcheck = shift;
|
||||||
|
+ my @checkopt = ('-check');
|
||||||
|
|
||||||
|
- return run(app(['openssl', 'pkey', '-check', '-text',
|
||||||
|
+ @checkopt = ('-pubcheck', '-pubin') if $pubcheck;
|
||||||
|
+
|
||||||
|
+ return run(app(['openssl', 'pkey', @checkopt, '-text',
|
||||||
|
'-in', $f]));
|
||||||
|
}
|
||||||
|
|
||||||
|
sub check_key {
|
||||||
|
my $f = shift;
|
||||||
|
my $should_fail = shift;
|
||||||
|
+ my $pubcheck = shift;
|
||||||
|
my $str;
|
||||||
|
|
||||||
|
|
||||||
|
@@ -33,11 +38,10 @@ sub check_key {
|
||||||
|
$f = data_file($f);
|
||||||
|
|
||||||
|
if ( -s $f ) {
|
||||||
|
- if ($should_fail) {
|
||||||
|
- ok(!pkey_check($f), $str);
|
||||||
|
- } else {
|
||||||
|
- ok(pkey_check($f), $str);
|
||||||
|
- }
|
||||||
|
+ with({ exit_checker => sub { return shift == $should_fail; } },
|
||||||
|
+ sub {
|
||||||
|
+ ok(pkey_check($f, $pubcheck), $str);
|
||||||
|
+ });
|
||||||
|
} else {
|
||||||
|
fail("Missing file $f");
|
||||||
|
}
|
||||||
|
@@ -66,15 +70,37 @@ push(@positive_tests, (
|
||||||
|
"dhpkey.pem"
|
||||||
|
)) unless disabled("dh");
|
||||||
|
|
||||||
|
+my @negative_pubtests = ();
|
||||||
|
+
|
||||||
|
+push(@negative_pubtests, (
|
||||||
|
+ "dsapub_noparam.der"
|
||||||
|
+ )) unless disabled("dsa");
|
||||||
|
+
|
||||||
|
+my @positive_pubtests = ();
|
||||||
|
+
|
||||||
|
+push(@positive_pubtests, (
|
||||||
|
+ "dsapub.pem"
|
||||||
|
+ )) unless disabled("dsa");
|
||||||
|
+
|
||||||
|
plan skip_all => "No tests within the current enabled feature set"
|
||||||
|
- unless @negative_tests && @positive_tests;
|
||||||
|
+ unless @negative_tests && @positive_tests
|
||||||
|
+ && @negative_pubtests && @positive_pubtests;
|
||||||
|
|
||||||
|
-plan tests => scalar(@negative_tests) + scalar(@positive_tests);
|
||||||
|
+plan tests => scalar(@negative_tests) + scalar(@positive_tests)
|
||||||
|
+ + scalar(@negative_pubtests) + scalar(@positive_pubtests);
|
||||||
|
|
||||||
|
foreach my $t (@negative_tests) {
|
||||||
|
- check_key($t, 1);
|
||||||
|
+ check_key($t, 1, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach my $t (@positive_tests) {
|
||||||
|
- check_key($t, 0);
|
||||||
|
+ check_key($t, 0, 0);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+foreach my $t (@negative_pubtests) {
|
||||||
|
+ check_key($t, 1, 1);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+foreach my $t (@positive_pubtests) {
|
||||||
|
+ check_key($t, 0, 1);
|
||||||
|
}
|
||||||
|
diff --git a/test/recipes/91-test_pkey_check_data/dsapub.pem b/test/recipes/91-test_pkey_check_data/dsapub.pem
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..0ff4bd83ed
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/recipes/91-test_pkey_check_data/dsapub.pem
|
||||||
|
@@ -0,0 +1,12 @@
|
||||||
|
+-----BEGIN PUBLIC KEY-----
|
||||||
|
+MIIBvzCCATQGByqGSM44BAEwggEnAoGBAIjbXpOVVciVNuagg26annKkghIIZFI4
|
||||||
|
+4WdMomnV+I/oXyxHbZTBBBpW9xy/E1+yMjbp4GmX+VxyDj3WxUWxXllzL+miEkzD
|
||||||
|
+9Xz638VzIBhjFbMvk1/N4kS4bKVUd9yk7HfvYzAdnRphk0WI+RoDiDrBNPPxSoQD
|
||||||
|
+CEWgvwgsLIDhAh0A6dbz1IQpQwGF4+Ca28x6OO+UfJJv3ggeZ++fNwKBgQCA9XKV
|
||||||
|
+lRrTY8ALBxS0KbZjpaIXuUj5nr3i1lIDyP3ISksDF0ekyLtn6eK9VijX6Pm65Np+
|
||||||
|
+4ic9Nr5WKLKhPaUSpLNRx1gDqo3sd92hYgiEUifzEuhLYfK/CsgFED+l2hDXtJUq
|
||||||
|
+bISNSHVwI5lsyNXLu7HI1Fk8F5UO3LqsboFAngOBhAACgYATxFY89nEYcUhgHGgr
|
||||||
|
+YDHhXBQfMKnTKYdvon4DN7WQ9ip+t4VUsLpTD1ZE9zrM2R/B04+8C6KGoViwyeER
|
||||||
|
+kS4dxWOkX71x4X2DlNpYevcR53tNcTDqmMD7YKfDDmrb0lftMyfW8aESaiymVMys
|
||||||
|
+DRjhKHBjdo0rZeSM8DAk3ctrXA==
|
||||||
|
+-----END PUBLIC KEY-----
|
||||||
|
diff --git a/test/recipes/91-test_pkey_check_data/dsapub_noparam.der b/test/recipes/91-test_pkey_check_data/dsapub_noparam.der
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000000000000000000000000000000000..b8135f1ca94da914b6829421e0c13f6daa731862
|
||||||
|
GIT binary patch
|
||||||
|
literal 108
|
||||||
|
zcmXpIGT>xm*J|@PXTieE%*wz71<Xv0AT}3_&&0^YB*etj0OvEYF$n`XLd*y;pgagL
|
||||||
|
U3o&W4F|x9<gY>|F5F-Nv0Bz9(=Kufz
|
||||||
|
|
||||||
|
literal 0
|
||||||
|
HcmV?d00001
|
||||||
|
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
||||||
|
From 2ad9928170768653d19d81881deabc5f9c1665c0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Mraz <tomas@openssl.org>
|
||||||
|
Date: Fri, 3 Feb 2023 14:57:04 +0100
|
||||||
|
Subject: [PATCH 18/18] Internaly declare the DSA type for no-deprecated builds
|
||||||
|
|
||||||
|
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
||||||
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||||
|
(cherry picked from commit 7a21a1b5fa2dac438892cf3292d1f9c445d870d9)
|
||||||
|
---
|
||||||
|
include/crypto/types.h | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/include/crypto/types.h b/include/crypto/types.h
|
||||||
|
index 0d81404091..0a75f03a3f 100644
|
||||||
|
--- a/include/crypto/types.h
|
||||||
|
+++ b/include/crypto/types.h
|
||||||
|
@@ -20,6 +20,9 @@ typedef struct rsa_meth_st RSA_METHOD;
|
||||||
|
typedef struct ec_key_st EC_KEY;
|
||||||
|
typedef struct ec_key_method_st EC_KEY_METHOD;
|
||||||
|
# endif
|
||||||
|
+# ifndef OPENSSL_NO_DSA
|
||||||
|
+typedef struct dsa_st DSA;
|
||||||
|
+# endif
|
||||||
|
# endif
|
||||||
|
|
||||||
|
# ifndef OPENSSL_NO_EC
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
63
SOURCES/0107-CVE-2023-0286-X400.patch
Normal file
63
SOURCES/0107-CVE-2023-0286-X400.patch
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
From 2f7530077e0ef79d98718138716bc51ca0cad658 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hugo Landau <hlandau@openssl.org>
|
||||||
|
Date: Tue, 17 Jan 2023 17:45:42 +0000
|
||||||
|
Subject: [PATCH 14/18] CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address
|
||||||
|
(3.0)
|
||||||
|
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||||
|
---
|
||||||
|
CHANGES.md | 19 +++++++++++++++++++
|
||||||
|
crypto/x509/v3_genn.c | 2 +-
|
||||||
|
include/openssl/x509v3.h.in | 2 +-
|
||||||
|
test/v3nametest.c | 8 ++++++++
|
||||||
|
4 files changed, 29 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/x509/v3_genn.c b/crypto/x509/v3_genn.c
|
||||||
|
index c0a7166cd0..1741c2d2f6 100644
|
||||||
|
--- a/crypto/x509/v3_genn.c
|
||||||
|
+++ b/crypto/x509/v3_genn.c
|
||||||
|
@@ -98,7 +98,7 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
|
||||||
|
return -1;
|
||||||
|
switch (a->type) {
|
||||||
|
case GEN_X400:
|
||||||
|
- result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
|
||||||
|
+ result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case GEN_EDIPARTY:
|
||||||
|
diff --git a/include/openssl/x509v3.h.in b/include/openssl/x509v3.h.in
|
||||||
|
index d00a66a343..c087e3cf92 100644
|
||||||
|
--- a/include/openssl/x509v3.h.in
|
||||||
|
+++ b/include/openssl/x509v3.h.in
|
||||||
|
@@ -154,7 +154,7 @@ typedef struct GENERAL_NAME_st {
|
||||||
|
OTHERNAME *otherName; /* otherName */
|
||||||
|
ASN1_IA5STRING *rfc822Name;
|
||||||
|
ASN1_IA5STRING *dNSName;
|
||||||
|
- ASN1_TYPE *x400Address;
|
||||||
|
+ ASN1_STRING *x400Address;
|
||||||
|
X509_NAME *directoryName;
|
||||||
|
EDIPARTYNAME *ediPartyName;
|
||||||
|
ASN1_IA5STRING *uniformResourceIdentifier;
|
||||||
|
diff --git a/test/v3nametest.c b/test/v3nametest.c
|
||||||
|
index 6d2e2f8e27..0341995dde 100644
|
||||||
|
--- a/test/v3nametest.c
|
||||||
|
+++ b/test/v3nametest.c
|
||||||
|
@@ -644,6 +644,14 @@ static struct gennamedata {
|
||||||
|
0xb7, 0x09, 0x02, 0x02
|
||||||
|
},
|
||||||
|
15
|
||||||
|
+ }, {
|
||||||
|
+ /*
|
||||||
|
+ * Regression test for CVE-2023-0286.
|
||||||
|
+ */
|
||||||
|
+ {
|
||||||
|
+ 0xa3, 0x00
|
||||||
|
+ },
|
||||||
|
+ 2
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
150
SOURCES/0108-CVE-2023-0401-pkcs7-md.patch
Normal file
150
SOURCES/0108-CVE-2023-0401-pkcs7-md.patch
Normal file
@ -0,0 +1,150 @@
|
|||||||
|
From d3b6dfd70db844c4499bec6ad6601623a565e674 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Mraz <tomas@openssl.org>
|
||||||
|
Date: Wed, 18 Jan 2023 09:27:53 +0100
|
||||||
|
Subject: [PATCH 15/18] pk7_doit.c: Check return of BIO_set_md() calls
|
||||||
|
|
||||||
|
These calls invoke EVP_DigestInit() which can fail for digests
|
||||||
|
with implicit fetches. Subsequent EVP_DigestUpdate() from BIO_write()
|
||||||
|
or EVP_DigestFinal() from BIO_read() will segfault on NULL
|
||||||
|
dereference. This can be triggered by an attacker providing
|
||||||
|
PKCS7 data digested with MD4 for example if the legacy provider
|
||||||
|
is not loaded.
|
||||||
|
|
||||||
|
If BIO_set_md() fails the md BIO cannot be used.
|
||||||
|
|
||||||
|
CVE-2023-0401
|
||||||
|
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||||
|
---
|
||||||
|
crypto/pkcs7/pk7_doit.c | 12 ++++++++++--
|
||||||
|
1 file changed, 10 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
|
||||||
|
index bde9ac4787..5e562fbea5 100644
|
||||||
|
--- a/crypto/pkcs7/pk7_doit.c
|
||||||
|
+++ b/crypto/pkcs7/pk7_doit.c
|
||||||
|
@@ -84,7 +84,11 @@ static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg,
|
||||||
|
}
|
||||||
|
(void)ERR_pop_to_mark();
|
||||||
|
|
||||||
|
- BIO_set_md(btmp, md);
|
||||||
|
+ if (BIO_set_md(btmp, md) <= 0) {
|
||||||
|
+ ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB);
|
||||||
|
+ EVP_MD_free(fetched);
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
EVP_MD_free(fetched);
|
||||||
|
if (*pbio == NULL)
|
||||||
|
*pbio = btmp;
|
||||||
|
@@ -522,7 +526,11 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||||
|
}
|
||||||
|
(void)ERR_pop_to_mark();
|
||||||
|
|
||||||
|
- BIO_set_md(btmp, md);
|
||||||
|
+ if (BIO_set_md(btmp, md) <= 0) {
|
||||||
|
+ EVP_MD_free(evp_md);
|
||||||
|
+ ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB);
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
EVP_MD_free(evp_md);
|
||||||
|
if (out == NULL)
|
||||||
|
out = btmp;
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
||||||
|
From a0f2359613f50b5ca6b74b78bf4b54d7dc925fd2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Mraz <tomas@openssl.org>
|
||||||
|
Date: Wed, 18 Jan 2023 17:07:24 +0100
|
||||||
|
Subject: [PATCH 16/18] Add testcase for missing return check of BIO_set_md()
|
||||||
|
calls
|
||||||
|
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||||
|
---
|
||||||
|
test/recipes/80-test_cms.t | 15 ++++++++--
|
||||||
|
test/recipes/80-test_cms_data/pkcs7-md4.pem | 32 +++++++++++++++++++++
|
||||||
|
2 files changed, 45 insertions(+), 2 deletions(-)
|
||||||
|
create mode 100644 test/recipes/80-test_cms_data/pkcs7-md4.pem
|
||||||
|
|
||||||
|
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
|
||||||
|
index fd53683e6b..d45789de70 100644
|
||||||
|
--- a/test/recipes/80-test_cms.t
|
||||||
|
+++ b/test/recipes/80-test_cms.t
|
||||||
|
@@ -13,7 +13,7 @@ use warnings;
|
||||||
|
use POSIX;
|
||||||
|
use File::Spec::Functions qw/catfile/;
|
||||||
|
use File::Compare qw/compare_text compare/;
|
||||||
|
-use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file with/;
|
||||||
|
+use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file with data_file/;
|
||||||
|
|
||||||
|
use OpenSSL::Test::Utils;
|
||||||
|
|
||||||
|
@@ -50,7 +50,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
|
||||||
|
|
||||||
|
$no_rc2 = 1 if disabled("legacy");
|
||||||
|
|
||||||
|
-plan tests => 13;
|
||||||
|
+plan tests => 14;
|
||||||
|
|
||||||
|
ok(run(test(["pkcs7_test"])), "test pkcs7");
|
||||||
|
|
||||||
|
@@ -941,6 +941,17 @@ subtest "CMS binary input tests\n" => sub {
|
||||||
|
"verify binary input with -binary missing -crlfeol");
|
||||||
|
};
|
||||||
|
|
||||||
|
+# Test case for missing MD algorithm (must not segfault)
|
||||||
|
+
|
||||||
|
+with({ exit_checker => sub { return shift == 4; } },
|
||||||
|
+ sub {
|
||||||
|
+ ok(run(app(['openssl', 'smime', '-verify', '-noverify',
|
||||||
|
+ '-inform', 'PEM',
|
||||||
|
+ '-in', data_file("pkcs7-md4.pem"),
|
||||||
|
+ ])),
|
||||||
|
+ "Check failure of EVP_DigestInit is handled correctly");
|
||||||
|
+ });
|
||||||
|
+
|
||||||
|
sub check_availability {
|
||||||
|
my $tnam = shift;
|
||||||
|
|
||||||
|
diff --git a/test/recipes/80-test_cms_data/pkcs7-md4.pem b/test/recipes/80-test_cms_data/pkcs7-md4.pem
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..ecff611deb
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/recipes/80-test_cms_data/pkcs7-md4.pem
|
||||||
|
@@ -0,0 +1,32 @@
|
||||||
|
+-----BEGIN PKCS7-----
|
||||||
|
+MIIFhAYJKoZIhvcNAQcCoIIFdTCCBXECAQExDjAMBggqhkiG9w0CBAUAMB0GCSqG
|
||||||
|
+SIb3DQEHAaAQBA5UZXN0IGNvbnRlbnQNCqCCAyQwggMgMIICCKADAgECAgECMA0G
|
||||||
|
+CSqGSIb3DQEBCwUAMA0xCzAJBgNVBAMMAkNBMCAXDTE2MDExNTA4MTk0OVoYDzIx
|
||||||
|
+MTYwMTE2MDgxOTQ5WjAZMRcwFQYDVQQDDA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJ
|
||||||
|
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e2ywP1XP74reoG3p1YCvU
|
||||||
|
+fTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx//DcZD/jE0+CjYdemju4iC
|
||||||
|
+76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aOwjagEf/AWTX9SRzdHEIz
|
||||||
|
+BniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5ZqghsVi9GZq+Seb5Sq0pbl
|
||||||
|
+V/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktHaKcpxz9K4iIntO+QY9fv
|
||||||
|
+0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h/nk0H0qJH7cCAwEAAaN9
|
||||||
|
+MHswHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4HmCKX4XOiMB8GA1UdIwQYMBaAFLQR
|
||||||
|
+M/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUH
|
||||||
|
+AwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4YW1wbGUwDQYJKoZIhvcNAQELBQADggEB
|
||||||
|
+AEG0PE9hQuXlvtUULv9TQ2BXy9MmTjOk+dQwxDhAXYBYMUB6TygsqvPXwpDwz8MS
|
||||||
|
+EPGCRqh5cQwtPoElQRU1i4URgcQMZquXScwNFcvE6AATF/PdN/+mOwtqFrlpYfs3
|
||||||
|
+IJIpYL6ViQg4n8pv+b/pCwMmhewQLwCGs9+omHNTOwKjEiVoNaprAfj5Lxt15fS2
|
||||||
|
++zZW0mT9Y4kfEypetrqSAjh8CDK+vaQhkeKdDfJyBfjS4ALfxvCkT3mQnsWFJ9CU
|
||||||
|
+TVG3uw6ylSPT3wN3RE0Ofa4rI5PESogQsd/DgBc7dcDO3yoPKGjycR3/GJDqqCxC
|
||||||
|
+e9dr6FJEnDjaDf9zNWyTFHExggITMIICDwIBATASMA0xCzAJBgNVBAMMAkNBAgEC
|
||||||
|
+MAwGCCqGSIb3DQIEBQCggdQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq
|
||||||
|
+hkiG9w0BCQUxDxcNMjMwMTE4MTU0NzExWjAfBgkqhkiG9w0BCQQxEgQQRXO4TKpp
|
||||||
|
+RgA4XHb8bD1pczB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgB
|
||||||
|
+ZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDAN
|
||||||
|
+BggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0B
|
||||||
|
+AQEFAASCAQAe+xlm/TGg/s/7b0xBc3FFnmmUDEe7ljkehIx61OnBV9ZWA+LcBX/7
|
||||||
|
+kmMSMdaHjRq4w8FmwBMLzn0ttXVqf0QuPbBF/E6X5EqK9lpOdkUQhNiN2v+ZfY6c
|
||||||
|
+lrH4ADsSD9D+UHw0sxo5KEF+PPuneUfYCJZosFUJosBbuSEXK0C9yfJoDKVE8Syp
|
||||||
|
+0vdqh73ogLeNgZLAUGSSB66OmHDxwgAj4qPAv6FHFBy1Xs4uFZER5vniYrH9OrAk
|
||||||
|
+Z6XdvzDoYZC4XcGMDtcOpOM6D4owqy5svHPDw8wIlM4GVhrTw7CQmuBz5uRNnf6a
|
||||||
|
+ZK3jZIxG1hr/INaNWheHoPIhPblYaVc6
|
||||||
|
+-----END PKCS7-----
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
@ -28,13 +28,13 @@ print(string.sub(hash, 0, 16))
|
|||||||
|
|
||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 3.0.1
|
Version: 3.0.7
|
||||||
Release: 41%{?dist}
|
Release: 5%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
# The original openssl upstream tarball cannot be shipped in the .src.rpm.
|
# The original openssl upstream tarball cannot be shipped in the .src.rpm.
|
||||||
Source: openssl-%{version}-hobbled.tar.xz
|
Source: openssl-%{version}-hobbled.tar.gz
|
||||||
Source1: hobble-openssl
|
Source1: hobble-openssl
|
||||||
Source2: Makefile.certificate
|
Source2: Makefile.certificate
|
||||||
Source3: genpatches
|
Source3: genpatches
|
||||||
@ -70,12 +70,6 @@ Patch11: 0011-Remove-EC-curves.patch
|
|||||||
# Disable explicit EC curves
|
# Disable explicit EC curves
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2066412
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2066412
|
||||||
Patch12: 0012-Disable-explicit-ec.patch
|
Patch12: 0012-Disable-explicit-ec.patch
|
||||||
# https://github.com/openssl/openssl/pull/17981
|
|
||||||
Patch13: 0013-FIPS-provider-explicit-ec.patch
|
|
||||||
# https://github.com/openssl/openssl/pull/17998
|
|
||||||
Patch14: 0014-FIPS-disable-explicit-ec.patch
|
|
||||||
# https://github.com/openssl/openssl/pull/18609
|
|
||||||
Patch15: 0015-FIPS-decoded-from-explicit.patch
|
|
||||||
# Instructions to load legacy provider in openssl.cnf
|
# Instructions to load legacy provider in openssl.cnf
|
||||||
Patch24: 0024-load-legacy-prov.patch
|
Patch24: 0024-load-legacy-prov.patch
|
||||||
# Tmp: test name change
|
# Tmp: test name change
|
||||||
@ -92,12 +86,8 @@ Patch35: 0035-speed-skip-unavailable-dgst.patch
|
|||||||
Patch44: 0044-FIPS-140-3-keychecks.patch
|
Patch44: 0044-FIPS-140-3-keychecks.patch
|
||||||
# Minimize fips services
|
# Minimize fips services
|
||||||
Patch45: 0045-FIPS-services-minimize.patch
|
Patch45: 0045-FIPS-services-minimize.patch
|
||||||
# Backport of s390x hardening, https://github.com/openssl/openssl/pull/17486
|
|
||||||
Patch46: 0046-FIPS-s390x-hardening.patch
|
|
||||||
# Execute KATS before HMAC verification
|
# Execute KATS before HMAC verification
|
||||||
Patch47: 0047-FIPS-early-KATS.patch
|
Patch47: 0047-FIPS-early-KATS.patch
|
||||||
# Backport of correctly handle 2^14 byte long records #17538
|
|
||||||
Patch48: 0048-correctly-handle-records.patch
|
|
||||||
# Selectively disallow SHA1 signatures
|
# Selectively disallow SHA1 signatures
|
||||||
Patch49: 0049-Selectively-disallow-SHA1-signatures.patch
|
Patch49: 0049-Selectively-disallow-SHA1-signatures.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2049265
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2049265
|
||||||
@ -106,16 +96,12 @@ Patch50: 0050-FIPS-enable-pkcs12-mac.patch
|
|||||||
Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
|
Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
|
||||||
# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
|
# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
|
||||||
Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
|
Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
|
||||||
# CVE 2022-0778
|
# Originally from https://github.com/openssl/openssl/pull/18103
|
||||||
Patch53: 0053-CVE-2022-0778.patch
|
# As we rebased to 3.0.7 and used the version of the function
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2004915, backport of 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62
|
# not matching the upstream one, we have to use aliasing.
|
||||||
Patch54: 0054-Replace-size-check-with-more-meaningful-pubkey-check.patch
|
# When we eliminate this patch, the `-Wl,--allow-multiple-definition`
|
||||||
# https://github.com/openssl/openssl/pull/17324
|
# should also be removed
|
||||||
Patch55: 0055-nonlegacy-fetch-null-deref.patch
|
|
||||||
# https://github.com/openssl/openssl/pull/18103
|
|
||||||
Patch56: 0056-strcasecmp.patch
|
Patch56: 0056-strcasecmp.patch
|
||||||
# https://github.com/openssl/openssl/pull/18175
|
|
||||||
Patch57: 0057-strcasecmp-fix.patch
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2053289
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2053289
|
||||||
Patch58: 0058-FIPS-limit-rsa-encrypt.patch
|
Patch58: 0058-FIPS-limit-rsa-encrypt.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2069235
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2069235
|
||||||
@ -123,25 +109,9 @@ Patch60: 0060-FIPS-KAT-signature-tests.patch
|
|||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2087147
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2087147
|
||||||
Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
|
Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
|
||||||
Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
|
Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
|
||||||
# https://github.com/openssl/openssl/pull/18141
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2130708
|
||||||
Patch63: 0063-CVE-2022-1473.patch
|
# https://github.com/openssl/openssl/pull/18883
|
||||||
# upstream commits 55c80c222293a972587004c185dc5653ae207a0e 2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
|
Patch67: 0067-ppc64le-Montgomery-multiply.patch
|
||||||
Patch64: 0064-CVE-2022-1343.diff
|
|
||||||
# upstream commit 1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
|
|
||||||
Patch65: 0065-CVE-2022-1292.patch
|
|
||||||
# https://github.com/openssl/openssl/pull/18444
|
|
||||||
# https://github.com/openssl/openssl/pull/18467
|
|
||||||
Patch66: 0066-replace-expired-certs.patch
|
|
||||||
# https://github.com/openssl/openssl/pull/18512
|
|
||||||
Patch67: 0067-fix-ppc64-montgomery.patch
|
|
||||||
#https://github.com/openssl/openssl/commit/2c9c35870601b4a44d86ddbf512b38df38285cfa
|
|
||||||
#https://github.com/openssl/openssl/commit/8a3579a7b7067a983e69a4eda839ac408c120739
|
|
||||||
Patch68: 0068-CVE-2022-2068.patch
|
|
||||||
# https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93
|
|
||||||
# https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8
|
|
||||||
Patch69: 0069-CVE-2022-2097.patch
|
|
||||||
# https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483
|
|
||||||
Patch70: 0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch
|
|
||||||
# https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c
|
# https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c
|
||||||
# https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd
|
# https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd
|
||||||
Patch71: 0071-AES-GCM-performance-optimization.patch
|
Patch71: 0071-AES-GCM-performance-optimization.patch
|
||||||
@ -162,6 +132,38 @@ Patch76: 0076-FIPS-140-3-DRBG.patch
|
|||||||
Patch77: 0077-FIPS-140-3-zeroization.patch
|
Patch77: 0077-FIPS-140-3-zeroization.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2114772
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2114772
|
||||||
Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
|
Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
|
||||||
|
#https://bugzilla.redhat.com/show_bug.cgi?id=2141748
|
||||||
|
Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2142131
|
||||||
|
Patch81: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2141695
|
||||||
|
Patch82: 0082-kbkdf-Add-explicit-FIPS-indicator-for-key-length.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2136250
|
||||||
|
Patch83: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2137557
|
||||||
|
Patch84: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
|
||||||
|
#https://bugzilla.redhat.com/show_bug.cgi?id=2142121
|
||||||
|
Patch85: 0085-FIPS-RSA-disable-shake.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2142087
|
||||||
|
Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2142087
|
||||||
|
Patch89: 0089-PSS-salt-length-from-provider.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2142087
|
||||||
|
Patch90: 0090-signature-Clamp-PSS-salt-len-to-MD-len.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2144561
|
||||||
|
Patch91: 0091-FIPS-RSA-encapsulate.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2142517
|
||||||
|
Patch92: 0092-provider-improvements.patch
|
||||||
|
|
||||||
|
# OpenSSL 3.0.8 CVEs
|
||||||
|
Patch101: 0101-CVE-2022-4203-nc-match.patch
|
||||||
|
Patch102: 0102-CVE-2022-4304-RSA-time-oracle.patch
|
||||||
|
Patch103: 0103-CVE-2022-4450-pem-read-bio.patch
|
||||||
|
Patch104: 0104-CVE-2023-0215-UAF-bio.patch
|
||||||
|
Patch105: 0105-CVE-2023-0216-pkcs7-deref.patch
|
||||||
|
Patch106: 0106-CVE-2023-0217-dsa.patch
|
||||||
|
Patch107: 0107-CVE-2023-0286-X400.patch
|
||||||
|
Patch108: 0108-CVE-2023-0401-pkcs7-md.patch
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
@ -189,7 +191,6 @@ protocols.
|
|||||||
Summary: A general purpose cryptography library with TLS implementation
|
Summary: A general purpose cryptography library with TLS implementation
|
||||||
Requires: ca-certificates >= 2008-5
|
Requires: ca-certificates >= 2008-5
|
||||||
Requires: crypto-policies >= 20180730
|
Requires: crypto-policies >= 20180730
|
||||||
Recommends: openssl-pkcs11%{?_isa}
|
|
||||||
|
|
||||||
%description libs
|
%description libs
|
||||||
OpenSSL is a toolkit for supporting cryptography. The openssl-libs
|
OpenSSL is a toolkit for supporting cryptography. The openssl-libs
|
||||||
@ -305,7 +306,8 @@ export HASHBANGPERL=/usr/bin/perl
|
|||||||
zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
|
zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
|
||||||
enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\
|
enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\
|
||||||
no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\
|
no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\
|
||||||
shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'
|
shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\
|
||||||
|
-Wl,--allow-multiple-definition
|
||||||
|
|
||||||
# Do not run this in a production package the FIPS symbols must be patched-in
|
# Do not run this in a production package the FIPS symbols must be patched-in
|
||||||
#util/mkdef.pl crypto update
|
#util/mkdef.pl crypto update
|
||||||
@ -492,38 +494,116 @@ install -m644 %{SOURCE9} \
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-5
|
||||||
|
- Fixed X.509 Name Constraints Read Buffer Overflow
|
||||||
|
Resolves: CVE-2022-4203
|
||||||
|
- Fixed Timing Oracle in RSA Decryption
|
||||||
|
Resolves: CVE-2022-4304
|
||||||
|
- Fixed Double free after calling PEM_read_bio_ex
|
||||||
|
Resolves: CVE-2022-4450
|
||||||
|
- Fixed Use-after-free following BIO_new_NDEF
|
||||||
|
Resolves: CVE-2023-0215
|
||||||
|
- Fixed Invalid pointer dereference in d2i_PKCS7 functions
|
||||||
|
Resolves: CVE-2023-0216
|
||||||
|
- Fixed NULL dereference validating DSA public key
|
||||||
|
Resolves: CVE-2023-0217
|
||||||
|
- Fixed X.400 address type confusion in X.509 GeneralName
|
||||||
|
Resolves: CVE-2023-0286
|
||||||
|
- Fixed NULL dereference during PKCS7 data verification
|
||||||
|
Resolves: CVE-2023-0401
|
||||||
|
|
||||||
|
* Wed Jan 11 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-4
|
||||||
|
- Disallow SHAKE in RSA-OAEP decryption in FIPS mode
|
||||||
|
Resolves: rhbz#2142121
|
||||||
|
|
||||||
|
* Thu Jan 05 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-3
|
||||||
|
- Refactor OpenSSL fips module MAC verification
|
||||||
|
Resolves: rhbz#2157965
|
||||||
|
|
||||||
|
* Thu Nov 24 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-2
|
||||||
|
- Various provider-related imrovements necessary for PKCS#11 provider correct operations
|
||||||
|
Resolves: rhbz#2142517
|
||||||
|
- We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream
|
||||||
|
Resolves: rhbz#2133809
|
||||||
|
- Removed recommended package for openssl-libs
|
||||||
|
Resolves: rhbz#2093804
|
||||||
|
- Adjusting include for the FIPS_mode macro
|
||||||
|
Resolves: rhbz#2083879
|
||||||
|
- Backport of ppc64le Montgomery multiply enhancement
|
||||||
|
Resolves: rhbz#2130708
|
||||||
|
- Fix explicit indicator for PSS salt length in FIPS mode when used with
|
||||||
|
negative magic values
|
||||||
|
Resolves: rhbz#2142087
|
||||||
|
- Update change to default PSS salt length with patch state from upstream
|
||||||
|
Related: rhbz#2142087
|
||||||
|
|
||||||
|
* Tue Nov 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1
|
||||||
|
- Rebasing to OpenSSL 3.0.7
|
||||||
|
Resolves: rhbz#2129063
|
||||||
|
|
||||||
|
* Mon Nov 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-44
|
||||||
|
- SHAKE-128/256 are not allowed with RSA in FIPS mode
|
||||||
|
Resolves: rhbz#2144010
|
||||||
|
- Avoid memory leaks in TLS
|
||||||
|
Resolves: rhbz#2144008
|
||||||
|
- FIPS RSA CRT tests must use correct parameters
|
||||||
|
Resolves: rhbz#2144006
|
||||||
|
- FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC
|
||||||
|
Resolves: rhbz#2144017
|
||||||
|
- Remove support for X9.31 signature padding in FIPS mode
|
||||||
|
Resolves: rhbz#2144015
|
||||||
|
- Add explicit indicator for SP 800-108 KDFs with short key lengths
|
||||||
|
Resolves: rhbz#2144019
|
||||||
|
- Add explicit indicator for HMAC with short key lengths
|
||||||
|
Resolves: rhbz#2144000
|
||||||
|
- Set minimum password length for PBKDF2 in FIPS mode
|
||||||
|
Resolves: rhbz#2144003
|
||||||
|
- Add explicit indicator for PSS salt length in FIPS mode
|
||||||
|
Resolves: rhbz#2144012
|
||||||
|
- Clamp default PSS salt length to digest size for FIPS 186-4 compliance
|
||||||
|
Related: rhbz#2144012
|
||||||
|
- Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode
|
||||||
|
Resolves: rhbz#2145170
|
||||||
|
|
||||||
|
* Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
|
||||||
|
- CVE-2022-3602: X.509 Email Address Buffer Overflow
|
||||||
|
- CVE-2022-3786: X.509 Email Address Buffer Overflow
|
||||||
|
Resolves: CVE-2022-3602
|
||||||
|
|
||||||
|
* Wed Oct 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-42
|
||||||
|
- CVE-2022-3602: X.509 Email Address Buffer Overflow
|
||||||
|
Resolves: CVE-2022-3602 (rhbz#2137723)
|
||||||
|
|
||||||
* Thu Aug 11 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-41
|
* Thu Aug 11 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-41
|
||||||
- Zeroize public keys as required by FIPS 140-3
|
- Zeroize public keys as required by FIPS 140-3
|
||||||
Resolves: rhbz#2115861
|
Related: rhbz#2102542
|
||||||
- Add FIPS indicator for HKDF
|
- Add FIPS indicator for HKDF
|
||||||
Resolves: rhbz#2118388
|
Related: rhbz#2114772
|
||||||
|
|
||||||
* Fri Aug 05 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-40
|
* Fri Aug 05 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-40
|
||||||
- Deal with DH keys in FIPS mode according FIPS-140-3 requirements
|
- Deal with DH keys in FIPS mode according FIPS-140-3 requirements
|
||||||
Related: rhbz#2115856
|
Related: rhbz#2102536
|
||||||
- Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements
|
- Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements
|
||||||
Related: rhbz#2115857
|
Related: rhbz#2102537
|
||||||
- Use signature for RSA pairwise test according FIPS-140-3 requirements
|
- Use signature for RSA pairwise test according FIPS-140-3 requirements
|
||||||
Related: rhbz#2115858
|
Related: rhbz#2102540
|
||||||
- Reseed all the parent DRBGs in chain on reseeding a DRBG
|
- Reseed all the parent DRBGs in chain on reseeding a DRBG
|
||||||
Related: rhbz#2115859
|
Related: rhbz#2102541
|
||||||
- Zeroization according to FIPS-140-3 requirements
|
|
||||||
Related: rhbz#2115861
|
|
||||||
|
|
||||||
* Mon Aug 01 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-39
|
* Mon Aug 01 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-39
|
||||||
- Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test
|
- Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test
|
||||||
- Use Use digest_sign & digest_verify in FIPS signature self test
|
- Use Use digest_sign & digest_verify in FIPS signature self test
|
||||||
- Use FFDHE2048 in Diffie-Hellman FIPS self-test
|
- Use FFDHE2048 in Diffie-Hellman FIPS self-test
|
||||||
Resolves: rhbz#2112978
|
Resolves: rhbz#2102535
|
||||||
|
|
||||||
* Thu Jul 14 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-38
|
* Thu Jul 14 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-38
|
||||||
- Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously
|
- Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously
|
||||||
initialized.
|
initialized.
|
||||||
Resolves: rhbz#2107530
|
Resolves: rhbz#2103289
|
||||||
- Improve AES-GCM performance on Power9 and Power10 ppc64le
|
- Improve AES-GCM performance on Power9 and Power10 ppc64le
|
||||||
Resolves: rhbz#2103044
|
Resolves: rhbz#2051312
|
||||||
- Improve ChaCha20 performance on Power10 ppc64le
|
- Improve ChaCha20 performance on Power10 ppc64le
|
||||||
Resolves: rhbz#2103044
|
Resolves: rhbz#2051312
|
||||||
|
|
||||||
* Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-37
|
* Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-37
|
||||||
- CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
|
- CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
|
||||||
@ -531,122 +611,123 @@ install -m644 %{SOURCE9} \
|
|||||||
|
|
||||||
* Thu Jun 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-36
|
* Thu Jun 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-36
|
||||||
- Ciphersuites with RSAPSK KX should be filterd in FIPS mode
|
- Ciphersuites with RSAPSK KX should be filterd in FIPS mode
|
||||||
- Related: rhbz#2091994
|
- Related: rhbz#2085088
|
||||||
- FIPS provider should block RSA encryption for key transport.
|
- FIPS provider should block RSA encryption for key transport.
|
||||||
- Other RSA encryption options should still be available if key length is enough
|
- Other RSA encryption options should still be available if key length is enough
|
||||||
- Related: rhbz#2091977
|
- Related: rhbz#2053289
|
||||||
- Improve diagnostics when passing unsupported groups in TLS
|
- Improve diagnostics when passing unsupported groups in TLS
|
||||||
- Related: rhbz#2086554
|
- Related: rhbz#2070197
|
||||||
- Fix PPC64 Montgomery multiplication bug
|
- Fix PPC64 Montgomery multiplication bug
|
||||||
- Related: rhbz#2101346
|
- Related: rhbz#2098199
|
||||||
- Strict certificates validation shouldn't allow explicit EC parameters
|
- Strict certificates validation shouldn't allow explicit EC parameters
|
||||||
- Related: rhbz#2085521
|
- Related: rhbz#2058663
|
||||||
- CVE-2022-2068: the c_rehash script allows command injection
|
- CVE-2022-2068: the c_rehash script allows command injection
|
||||||
- Related: rhbz#2098276
|
- Related: rhbz#2098277
|
||||||
|
|
||||||
* Wed Jun 08 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-35
|
* Wed Jun 08 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-35
|
||||||
- Add explicit indicators for signatures in FIPS mode and mark signature
|
- Add explicit indicators for signatures in FIPS mode and mark signature
|
||||||
primitives as unapproved.
|
primitives as unapproved.
|
||||||
Resolves: rhbz#2087234
|
Resolves: rhbz#2087147
|
||||||
|
|
||||||
* Fri Jun 03 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-34
|
* Fri Jun 03 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-34
|
||||||
- Some OpenSSL test certificates are expired, updating
|
- Some OpenSSL test certificates are expired, updating
|
||||||
- Resolves: rhbz#2095696
|
- Resolves: rhbz#2092456
|
||||||
|
|
||||||
* Thu May 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-33
|
* Thu May 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-33
|
||||||
- CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
|
- CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
|
||||||
- Resolves: rhbz#2089443
|
- Resolves: rhbz#2089444
|
||||||
- CVE-2022-1343 openssl: Signer certificate verification returned
|
- CVE-2022-1343 openssl: Signer certificate verification returned
|
||||||
inaccurate response when using OCSP_NOCHECKS
|
inaccurate response when using OCSP_NOCHECKS
|
||||||
- Resolves: rhbz#2089439
|
- Resolves: rhbz#2087911
|
||||||
- CVE-2022-1292 openssl: c_rehash script allows command injection
|
- CVE-2022-1292 openssl: c_rehash script allows command injection
|
||||||
- Resolves: rhbz#2090361
|
- Resolves: rhbz#2090362
|
||||||
- Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode"
|
- Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode"
|
||||||
Related: rhbz#2087234
|
Related: rhbz#2087147
|
||||||
- Use KAT for ECDSA signature tests, s390 arch
|
- Use KAT for ECDSA signature tests, s390 arch
|
||||||
- Resolves: rhbz#2086866
|
- Resolves: rhbz#2069235
|
||||||
|
|
||||||
* Thu May 19 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-32
|
* Thu May 19 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-32
|
||||||
- `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
|
- `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
|
||||||
- Resolves: rhbz#2091929
|
- Resolves: rhbz#2083240
|
||||||
- Ciphersuites with RSA KX should be filterd in FIPS mode
|
- Ciphersuites with RSA KX should be filterd in FIPS mode
|
||||||
- Related: rhbz#2091994
|
- Related: rhbz#2085088
|
||||||
- In FIPS mode, signature verification works with keys of arbitrary size
|
- In FIPS mode, signature verification works with keys of arbitrary size
|
||||||
above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys
|
above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys
|
||||||
below 2048 bits
|
below 2048 bits
|
||||||
- Resolves: rhbz#2091938
|
- Resolves: rhbz#2077884
|
||||||
|
|
||||||
* Wed May 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-31
|
* Wed May 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-31
|
||||||
- Disable SHA-1 signature verification in FIPS mode
|
- Disable SHA-1 signature verification in FIPS mode
|
||||||
- Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode
|
- Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode
|
||||||
Resolves: rhbz#2087234
|
Resolves: rhbz#2087147
|
||||||
|
|
||||||
* Mon May 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-30
|
* Mon May 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-30
|
||||||
- Use KAT for ECDSA signature tests
|
- Use KAT for ECDSA signature tests
|
||||||
- Resolves: rhbz#2086866
|
- Resolves: rhbz#2069235
|
||||||
|
|
||||||
* Thu May 12 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-29
|
* Thu May 12 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-29
|
||||||
- `-config` argument of openssl app should work properly in FIPS mode
|
- `-config` argument of openssl app should work properly in FIPS mode
|
||||||
- Resolves: rhbz#2085500
|
- Resolves: rhbz#2083274
|
||||||
- openssl req defaults on PKCS#8 encryption changed to AES-256-CBC
|
- openssl req defaults on PKCS#8 encryption changed to AES-256-CBC
|
||||||
- Resolves: rhbz#2085499
|
- Resolves: rhbz#2063947
|
||||||
|
|
||||||
* Fri May 06 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-28
|
* Fri May 06 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-28
|
||||||
- OpenSSL should not accept custom elliptic curve parameters
|
- OpenSSL should not accept custom elliptic curve parameters
|
||||||
- Resolves rhbz#2085508
|
- Resolves rhbz#2066412
|
||||||
- OpenSSL should not accept explicit curve parameters in FIPS mode
|
- OpenSSL should not accept explicit curve parameters in FIPS mode
|
||||||
- Resolves rhbz#2085521
|
- Resolves rhbz#2058663
|
||||||
|
|
||||||
* Fri May 06 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-27
|
* Fri May 06 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-27
|
||||||
- Change FIPS module version to include hash of specfile, patches and sources
|
- Change FIPS module version to include hash of specfile, patches and sources
|
||||||
Resolves: rhbz#2082585
|
Resolves: rhbz#2070550
|
||||||
|
|
||||||
* Thu May 05 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-26
|
* Thu May 05 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-26
|
||||||
- OpenSSL FIPS module should not build in non-approved algorithms
|
- OpenSSL FIPS module should not build in non-approved algorithms
|
||||||
Resolves: rhbz#2082584
|
- Resolves: rhbz#2081378
|
||||||
|
|
||||||
* Mon May 02 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-25
|
* Mon May 02 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-25
|
||||||
- FIPS provider should block RSA encryption for key transport.
|
- FIPS provider should block RSA encryption for key transport.
|
||||||
- Other RSA encryption options should still be available
|
- Other RSA encryption options should still be available
|
||||||
- Resolves: rhbz#2053289
|
- Resolves: rhbz#2053289
|
||||||
|
|
||||||
* Mon May 02 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-24
|
* Thu Apr 28 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-24
|
||||||
- Fix occasional internal error in TLS when DHE is used
|
- Fix regression in evp_pkey_name2type caused by tr_TR locale fix
|
||||||
Resolves: rhbz#2080323
|
Resolves: rhbz#2071631
|
||||||
|
|
||||||
* Tue Apr 26 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-23
|
* Wed Apr 20 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-23
|
||||||
- Update missing initialization patch with feedback from upstream
|
|
||||||
Resolves: rhbz#2076654
|
|
||||||
|
|
||||||
* Fri Apr 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-22
|
|
||||||
- Invocation of the missing initialization
|
|
||||||
- Resolves: rhbz#2076654
|
|
||||||
|
|
||||||
* Wed Apr 20 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-21
|
|
||||||
- Fix openssl curl error with LANG=tr_TR.utf8
|
- Fix openssl curl error with LANG=tr_TR.utf8
|
||||||
- Resolves: rhbz#2076654
|
- Resolves: rhbz#2071631
|
||||||
|
|
||||||
|
* Mon Mar 28 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-22
|
||||||
|
- FIPS provider should block RSA encryption for key transport
|
||||||
|
- Resolves: rhbz#2053289
|
||||||
|
|
||||||
|
* Tue Mar 22 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-21
|
||||||
|
- Fix occasional internal error in TLS when DHE is used
|
||||||
|
- Resolves: rhbz#2004915
|
||||||
|
|
||||||
* Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-20
|
* Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-20
|
||||||
- Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when
|
- Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when
|
||||||
no OpenSSL library context is set
|
no OpenSSL library context is set
|
||||||
- Resolves: rhbz#2063306
|
- Resolves: rhbz#2065400
|
||||||
|
|
||||||
* Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-19
|
* Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-19
|
||||||
- Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes
|
- Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes
|
||||||
- Resolves: rhbz#2063306
|
- Resolves: rhbz#2065400
|
||||||
|
|
||||||
* Wed Mar 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-18
|
* Wed Mar 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-18
|
||||||
- CVE-2022-0778 fix
|
- CVE-2022-0778 fix
|
||||||
- Resolves: rhbz#2062314
|
- Resolves: rhbz#2062315
|
||||||
|
|
||||||
* Thu Mar 10 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-15.1
|
* Thu Mar 10 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-17
|
||||||
- Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before
|
- Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before
|
||||||
setting an allowed digest with EVP_PKEY_CTX_set_signature_md()
|
setting an allowed digest with EVP_PKEY_CTX_set_signature_md()
|
||||||
- Resolves: rhbz#2061607
|
- Skipping 3.0.1-16 due to version numbering confusion with the RHEL-9.0 branch
|
||||||
|
- Resolves: rhbz#2062640
|
||||||
|
|
||||||
* Tue Mar 01 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-14.1
|
* Tue Mar 01 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-15
|
||||||
- Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes
|
- Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes
|
||||||
- Resolves: rhbz#2031742
|
- Resolves: rhbz#2060510
|
||||||
|
|
||||||
* Fri Feb 25 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-14
|
* Fri Feb 25 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-14
|
||||||
- Prevent use of SHA1 with ECDSA
|
- Prevent use of SHA1 with ECDSA
|
||||||
|
Loading…
Reference in New Issue
Block a user