From 5de6bbd1631a3196342a1cd36a7dfed4ba64c99d Mon Sep 17 00:00:00 2001 From: Christophe Fergeau Date: Thu, 23 Aug 2018 18:40:07 +0200 Subject: [PATCH] Sync with fedora OpenSSL 1.1.0h This is based on f28 dist-git commit 5d5075d4c92 --- .gitignore | 1 + README.FIPS | 17 +- ec_curve.c | 198 +- ectest.c | 440 +- hobble-openssl | 23 +- ...l-drop-unneeded-reference-to-dlfcn-h.patch | 10 - mingw-openssl-fix-fips-build-failure.patch | 97 - mingw-openssl.spec | 288 +- mingw32-openssl-1.0.0-beta3-libversion.patch | 50 - mingw32-openssl-1.0.2a-sfx.patch | 14 - openssl-1.0.0-beta4-ca-dir.patch | 36 - openssl-1.0.0-timezone.patch | 21 - openssl-1.0.1c-aliasing.patch | 12 - openssl-1.0.1c-perlfind.patch | 16 - openssl-1.0.1i-algo-doc.patch | 77 - openssl-1.0.2a-apps-dgst.patch | 110 - openssl-1.0.2a-cc-reqs.patch | 27 - openssl-1.0.2a-chil-fixes.patch | 24 - openssl-1.0.2a-compat-symbols.patch | 46 - openssl-1.0.2a-dtls1-abi.patch | 23 - openssl-1.0.2a-enc-fail.patch | 61 - openssl-1.0.2a-enginesdir.patch | 52 - openssl-1.0.2a-env-zlib.patch | 39 - openssl-1.0.2a-fips-ctor.patch | 174 - openssl-1.0.2a-fips-ec.patch | 1929 ---- openssl-1.0.2a-fips-md5-allow.patch | 21 - openssl-1.0.2a-ipv6-apps.patch | 525 - openssl-1.0.2a-issuer-hash.patch | 11 - openssl-1.0.2a-no-md5-verify.patch | 25 - openssl-1.0.2a-no-rpath.patch | 12 - openssl-1.0.2a-padlock64.patch | 198 - openssl-1.0.2a-pkgconfig-krb5.patch | 21 - openssl-1.0.2a-readme-warning.patch | 50 - openssl-1.0.2a-rsa-x931.patch | 35 - openssl-1.0.2a-secure-getenv.patch | 241 - openssl-1.0.2a-system-cipherlist.patch | 285 - openssl-1.0.2a-test-use-localhost.patch | 21 - openssl-1.0.2a-version-add-engines.patch | 47 - openssl-1.0.2a-version.patch | 83 - openssl-1.0.2a-x509.patch | 28 - openssl-1.0.2a-xmpp-starttls.patch | 27 - openssl-1.0.2c-default-paths.patch | 63 - openssl-1.0.2c-ecc-suiteb.patch | 195 - openssl-1.0.2d-secp256k1.patch | 82 - openssl-1.0.2e-remove-nistp224.patch | 15 - openssl-1.0.2e-rpmbuild.patch | 115 - openssl-1.0.2e-speed-doc.patch | 58 - openssl-1.0.2e-wrap-pad.patch | 541 - openssl-1.0.2f-new-fips-reqs.patch | 1366 --- openssl-1.0.2g-disable-sslv2v3.patch | 18 - openssl-1.0.2g-manfix.patch | 90 - openssl-1.0.2h-trusted-first-doc.patch | 286 - openssl-1.1.0-algo-doc.patch | 48 + openssl-1.1.0-apps-dgst.patch | 12 + openssl-1.1.0-bio-fd-preserve-nl.patch | 29 + openssl-1.1.0-build.patch | 73 + openssl-1.1.0-ca-dir.patch | 24 + openssl-1.1.0-cc-reqs.patch | 27 + openssl-1.1.0-chil-fixes.patch | 15 + ...ults.patch => openssl-1.1.0-defaults.patch | 15 +- openssl-1.1.0-disable-ssl3.patch | 85 + openssl-1.1.0-ec-curves.patch | 80 + ....2h-fips.patch => openssl-1.1.0-fips.patch | 9712 +++++++---------- openssl-1.1.0-issuer-hash.patch | 11 + openssl-1.1.0-manfix.patch | 51 + openssl-1.1.0-missing-quotes.patch | 15 + openssl-1.1.0-no-html.patch | 12 + openssl-1.1.0-no-weak-verify.patch | 26 + openssl-1.1.0-secure-getenv.patch | 139 + openssl-1.1.0-silent-rnd-write.patch | 24 + openssl-1.1.0-system-cipherlist.patch | 317 + openssl-1.1.0-version-add-engines.patch | 38 + openssl-1.1.0-weak-ciphers.patch | 30 + openssl-dont-include-winsock-h.patch | 11 - openssl-mingw64-dont-use-secure-getenv.patch | 34 +- openssl-thread-test.c | 400 - openssl_mingw64_install_fix.patch | 11 - opensslconf-new.h | 8 + sources | 2 +- 79 files changed, 5673 insertions(+), 13820 deletions(-) delete mode 100644 mingw-openssl-drop-unneeded-reference-to-dlfcn-h.patch delete mode 100644 mingw-openssl-fix-fips-build-failure.patch delete mode 100644 mingw32-openssl-1.0.0-beta3-libversion.patch delete mode 100644 mingw32-openssl-1.0.2a-sfx.patch delete mode 100644 openssl-1.0.0-beta4-ca-dir.patch delete mode 100644 openssl-1.0.0-timezone.patch delete mode 100644 openssl-1.0.1c-aliasing.patch delete mode 100644 openssl-1.0.1c-perlfind.patch delete mode 100644 openssl-1.0.1i-algo-doc.patch delete mode 100644 openssl-1.0.2a-apps-dgst.patch delete mode 100644 openssl-1.0.2a-cc-reqs.patch delete mode 100644 openssl-1.0.2a-chil-fixes.patch delete mode 100644 openssl-1.0.2a-compat-symbols.patch delete mode 100644 openssl-1.0.2a-dtls1-abi.patch delete mode 100644 openssl-1.0.2a-enc-fail.patch delete mode 100644 openssl-1.0.2a-enginesdir.patch delete mode 100644 openssl-1.0.2a-env-zlib.patch delete mode 100644 openssl-1.0.2a-fips-ctor.patch delete mode 100644 openssl-1.0.2a-fips-ec.patch delete mode 100644 openssl-1.0.2a-fips-md5-allow.patch delete mode 100644 openssl-1.0.2a-ipv6-apps.patch delete mode 100644 openssl-1.0.2a-issuer-hash.patch delete mode 100644 openssl-1.0.2a-no-md5-verify.patch delete mode 100644 openssl-1.0.2a-no-rpath.patch delete mode 100644 openssl-1.0.2a-padlock64.patch delete mode 100644 openssl-1.0.2a-pkgconfig-krb5.patch delete mode 100644 openssl-1.0.2a-readme-warning.patch delete mode 100644 openssl-1.0.2a-rsa-x931.patch delete mode 100644 openssl-1.0.2a-secure-getenv.patch delete mode 100644 openssl-1.0.2a-system-cipherlist.patch delete mode 100644 openssl-1.0.2a-test-use-localhost.patch delete mode 100644 openssl-1.0.2a-version-add-engines.patch delete mode 100644 openssl-1.0.2a-version.patch delete mode 100644 openssl-1.0.2a-x509.patch delete mode 100644 openssl-1.0.2a-xmpp-starttls.patch delete mode 100644 openssl-1.0.2c-default-paths.patch delete mode 100644 openssl-1.0.2c-ecc-suiteb.patch delete mode 100644 openssl-1.0.2d-secp256k1.patch delete mode 100644 openssl-1.0.2e-remove-nistp224.patch delete mode 100644 openssl-1.0.2e-rpmbuild.patch delete mode 100644 openssl-1.0.2e-speed-doc.patch delete mode 100644 openssl-1.0.2e-wrap-pad.patch delete mode 100644 openssl-1.0.2f-new-fips-reqs.patch delete mode 100644 openssl-1.0.2g-disable-sslv2v3.patch delete mode 100644 openssl-1.0.2g-manfix.patch delete mode 100644 openssl-1.0.2h-trusted-first-doc.patch create mode 100644 openssl-1.1.0-algo-doc.patch create mode 100644 openssl-1.1.0-apps-dgst.patch create mode 100644 openssl-1.1.0-bio-fd-preserve-nl.patch create mode 100644 openssl-1.1.0-build.patch create mode 100644 openssl-1.1.0-ca-dir.patch create mode 100644 openssl-1.1.0-cc-reqs.patch create mode 100644 openssl-1.1.0-chil-fixes.patch rename openssl-1.0.2a-defaults.patch => openssl-1.1.0-defaults.patch (68%) create mode 100644 openssl-1.1.0-disable-ssl3.patch create mode 100644 openssl-1.1.0-ec-curves.patch rename openssl-1.0.2h-fips.patch => openssl-1.1.0-fips.patch (65%) create mode 100644 openssl-1.1.0-issuer-hash.patch create mode 100644 openssl-1.1.0-manfix.patch create mode 100644 openssl-1.1.0-missing-quotes.patch create mode 100644 openssl-1.1.0-no-html.patch create mode 100644 openssl-1.1.0-no-weak-verify.patch create mode 100644 openssl-1.1.0-secure-getenv.patch create mode 100644 openssl-1.1.0-silent-rnd-write.patch create mode 100644 openssl-1.1.0-system-cipherlist.patch create mode 100644 openssl-1.1.0-version-add-engines.patch create mode 100644 openssl-1.1.0-weak-ciphers.patch delete mode 100644 openssl-dont-include-winsock-h.patch delete mode 100644 openssl-thread-test.c delete mode 100644 openssl_mingw64_install_fix.patch diff --git a/.gitignore b/.gitignore index a7281a1..ea69bd9 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-1.0.2a-hobbled.tar.xz /openssl-1.0.2f-hobbled.tar.xz /openssl-1.0.2h-hobbled.tar.xz +/openssl-1.1.0h-hobbled.tar.xz diff --git a/README.FIPS b/README.FIPS index 74a80b9..a36c547 100644 --- a/README.FIPS +++ b/README.FIPS @@ -6,17 +6,17 @@ Red Hat Enterprise Linux - OPENSSL Module. The module files ================ -/usr/lib[64]/libcrypto.so.1.0.1e -/usr/lib[64]/libssl.so.1.0.1e -/usr/lib[64]/.libcrypto.so.1.0.1e.hmac -/usr/lib[64]/.libssl.so.1.0.1e.hmac +/usr/lib[64]/libcrypto.so.1.1.0 +/usr/lib[64]/libssl.so.1.1.0 +/usr/lib[64]/.libcrypto.so.1.1.0.hmac +/usr/lib[64]/.libssl.so.1.1.0.hmac Dependencies ============ The approved mode of operation requires kernel with /dev/urandom RNG running with properties as defined in the security policy of the module. This is -provided by kernel packages with validated Red Hat Enterprise Linux - IPSec +provided by kernel packages with validated Red Hat Enterprise Linux Kernel Crytographic Module. Installation @@ -26,11 +26,8 @@ The RPM package of the module can be installed by standard tools recommended for installation of RPM packages on the Red Hat Enterprise Linux system (yum, rpm, RHN remote management tool). -For proper operation of the in-module integrity verification the prelink has to -be disabled. This can be done with setting PRELINKING=no in the -/etc/sysconfig/prelink configuration file. If the libraries were already -prelinked the prelink should be undone on all the system files with the -'prelink -u -a' command. +The RPM package dracut-fips must be installed for the approved mode of +operation. Usage and API ============= diff --git a/ec_curve.c b/ec_curve.c index ea3a479..abee205 100644 --- a/ec_curve.c +++ b/ec_curve.c @@ -1,60 +1,12 @@ -/* crypto/ec/ec_curve.c */ /* - * Written by Nils Larsch for the OpenSSL project. - */ -/* ==================================================================== - * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * + * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ + /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -74,10 +26,7 @@ #include #include #include - -#ifdef OPENSSL_FIPS -# include -#endif +#include "e_os.h" typedef struct { int field_type, /* either NID_X9_62_prime_field or @@ -87,6 +36,44 @@ typedef struct { } EC_CURVE_DATA; /* the nist prime curves */ +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 28 * 6]; +} _EC_NIST_PRIME_224 = { + { + NID_X9_62_prime_field, 20, 28, 1 + }, + { + /* seed */ + 0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F, + 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5, + /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, + /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFE, + /* b */ + 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56, + 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, + 0x23, 0x55, 0xFF, 0xB4, + /* x */ + 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9, + 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, + 0x11, 0x5C, 0x1D, 0x21, + /* y */ + 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6, + 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99, + 0x85, 0x00, 0x7e, 0x34, + /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, + 0x5C, 0x5C, 0x2A, 0x3D + } +}; + static const struct { EC_CURVE_DATA h; unsigned char data[20 + 48 * 6]; @@ -225,6 +212,42 @@ static const struct { } }; +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +} _EC_SECG_PRIME_256K1 = { + { + NID_X9_62_prime_field, 0, 32, 1 + }, + { + /* no seed */ + /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F, + /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, + /* x */ + 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, + 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, + 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, + /* y */ + 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc, + 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, + 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, + /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, + 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41 + } +}; + typedef struct _ec_list_element_st { int nid; const EC_CURVE_DATA *data; @@ -235,6 +258,15 @@ typedef struct _ec_list_element_st { static const ec_list_element curve_list[] = { /* prime field curves */ /* secg curves */ +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, + "NIST/SECG curve over a 224 bit prime field"}, +#else + {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, + "NIST/SECG curve over a 224 bit prime field"}, +#endif + {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, + "SECG curve over a 256 bit prime field"}, /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, "NIST/SECG curve over a 384 bit prime field"}, @@ -257,7 +289,7 @@ static const ec_list_element curve_list[] = { "X9.62/SECG curve over a 256 bit prime field"}, }; -#define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element)) +#define curve_list_length OSSL_NELEM(curve_list) static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) { @@ -272,6 +304,10 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) const EC_CURVE_DATA *data; const unsigned char *params; + /* If no curve data curve method must handle everything */ + if (curve.data == NULL) + return EC_GROUP_new(curve.meth != NULL ? curve.meth() : NULL); + if ((ctx = BN_CTX_new()) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); goto err; @@ -283,9 +319,9 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) params = (const unsigned char *)(data + 1); /* skip header */ params += seed_len; /* skip seed */ - if (!(p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) - || !(a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) - || !(b = BN_bin2bn(params + 2 * param_len, param_len, NULL))) { + if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL + || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL + || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); goto err; } @@ -319,8 +355,8 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) goto err; } - if (!(x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) - || !(y = BN_bin2bn(params + 4 * param_len, param_len, NULL))) { + if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL + || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); goto err; } @@ -328,7 +364,7 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; } - if (!(order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) + if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL || !BN_set_word(x, (BN_ULONG)data->cofactor)) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); goto err; @@ -349,22 +385,14 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) EC_GROUP_free(group); group = NULL; } - if (P) - EC_POINT_free(P); - if (ctx) - BN_CTX_free(ctx); - if (p) - BN_free(p); - if (a) - BN_free(a); - if (b) - BN_free(b); - if (order) - BN_free(order); - if (x) - BN_free(x); - if (y) - BN_free(y); + EC_POINT_free(P); + BN_CTX_free(ctx); + BN_free(p); + BN_free(a); + BN_free(b); + BN_free(order); + BN_free(x); + BN_free(y); return group; } @@ -437,7 +465,7 @@ static EC_NIST_NAME nist_curves[] = { const char *EC_curve_nid2nist(int nid) { size_t i; - for (i = 0; i < sizeof(nist_curves) / sizeof(EC_NIST_NAME); i++) { + for (i = 0; i < OSSL_NELEM(nist_curves); i++) { if (nist_curves[i].nid == nid) return nist_curves[i].name; } @@ -447,8 +475,8 @@ const char *EC_curve_nid2nist(int nid) int EC_curve_nist2nid(const char *name) { size_t i; - for (i = 0; i < sizeof(nist_curves) / sizeof(EC_NIST_NAME); i++) { - if (!strcmp(nist_curves[i].name, name)) + for (i = 0; i < OSSL_NELEM(nist_curves); i++) { + if (strcmp(nist_curves[i].name, name) == 0) return nist_curves[i].nid; } return NID_undef; diff --git a/ectest.c b/ectest.c index 71fef23..de00680 100644 --- a/ectest.c +++ b/ectest.c @@ -1,60 +1,12 @@ -/* crypto/ec/ectest.c */ /* - * Originally written by Bodo Moeller for the OpenSSL project. - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * + * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ + /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -114,103 +66,14 @@ int main(int argc, char *argv[]) # define TIMING_RAND_PT 1 # define TIMING_SIMUL 2 -# if 0 -static void timings(EC_GROUP *group, int type, BN_CTX *ctx) -{ - clock_t clck; - int i, j; - BIGNUM *s; - BIGNUM *r[10], *r0[10]; - EC_POINT *P; - - s = BN_new(); - if (s == NULL) - ABORT; - - fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group)); - if (!EC_GROUP_get_order(group, s, ctx)) - ABORT; - fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s)); - fflush(stdout); - - P = EC_POINT_new(group); - if (P == NULL) - ABORT; - EC_POINT_copy(P, EC_GROUP_get0_generator(group)); - - for (i = 0; i < 10; i++) { - if ((r[i] = BN_new()) == NULL) - ABORT; - if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0)) - ABORT; - if (type != TIMING_BASE_PT) { - if ((r0[i] = BN_new()) == NULL) - ABORT; - if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0)) - ABORT; - } - } - - clck = clock(); - for (i = 0; i < 10; i++) { - for (j = 0; j < 10; j++) { - if (!EC_POINT_mul - (group, P, (type != TIMING_RAND_PT) ? r[i] : NULL, - (type != TIMING_BASE_PT) ? P : NULL, - (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx)) - ABORT; - } - } - clck = clock() - clck; - - fprintf(stdout, "\n"); - -# ifdef CLOCKS_PER_SEC - /* - * "To determine the time in seconds, the value returned by the clock - * function should be divided by the value of the macro CLOCKS_PER_SEC." - * -- ISO/IEC 9899 - */ -# define UNIT "s" -# else - /* - * "`CLOCKS_PER_SEC' undeclared (first use this function)" -- cc on - * NeXTstep/OpenStep - */ -# define UNIT "units" -# define CLOCKS_PER_SEC 1 -# endif - - if (type == TIMING_BASE_PT) { - fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j, - "base point multiplications", (double)clck / CLOCKS_PER_SEC); - } else if (type == TIMING_RAND_PT) { - fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j, - "random point multiplications", - (double)clck / CLOCKS_PER_SEC); - } else if (type == TIMING_SIMUL) { - fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j, - "s*P+t*Q operations", (double)clck / CLOCKS_PER_SEC); - } - fprintf(stdout, "average: %.4f " UNIT "\n", - (double)clck / (CLOCKS_PER_SEC * i * j)); - - EC_POINT_free(P); - BN_free(s); - for (i = 0; i < 10; i++) { - BN_free(r[i]); - if (type != TIMING_BASE_PT) - BN_free(r0[i]); - } -} -# endif - /* test multiplication with group order, long and negative scalars */ static void group_order_tests(EC_GROUP *group) { BIGNUM *n1, *n2, *order; EC_POINT *P = EC_POINT_new(group); EC_POINT *Q = EC_POINT_new(group); + EC_POINT *R = EC_POINT_new(group); + EC_POINT *S = EC_POINT_new(group); BN_CTX *ctx = BN_CTX_new(); int i; @@ -290,6 +153,17 @@ static void group_order_tests(EC_GROUP *group) /* Exercise EC_POINTs_mul, including corner cases. */ if (EC_POINT_is_at_infinity(group, P)) ABORT; + + scalars[0] = scalars[1] = BN_value_one(); + points[0] = points[1] = P; + + if (!EC_POINTs_mul(group, R, NULL, 2, points, scalars, ctx)) + ABORT; + if (!EC_POINT_dbl(group, S, points[0], ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, R, S, ctx)) + ABORT; + scalars[0] = n1; points[0] = Q; /* => infinity */ scalars[1] = n2; @@ -311,6 +185,8 @@ static void group_order_tests(EC_GROUP *group) EC_POINT_free(P); EC_POINT_free(Q); + EC_POINT_free(R); + EC_POINT_free(S); BN_free(n1); BN_free(n2); BN_free(order); @@ -325,16 +201,14 @@ static void prime_field_tests(void) EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; EC_POINT *P, *Q, *R; - BIGNUM *x, *y, *z; + BIGNUM *x, *y, *z, *yplusone; unsigned char buf[100]; size_t i, len; int k; -# if 1 /* optional */ ctx = BN_CTX_new(); if (!ctx) ABORT; -# endif p = BN_new(); a = BN_new(); @@ -358,7 +232,72 @@ static void prime_field_tests(void) x = BN_new(); y = BN_new(); z = BN_new(); - if (!x || !y || !z) + yplusone = BN_new(); + if (x == NULL || y == NULL || z == NULL || yplusone == NULL) + ABORT; + + /* Curve P-224 (FIPS PUB 186-2, App. 6) */ + + if (!BN_hex2bn + (&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) + ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + ABORT; + if (!BN_hex2bn + (&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) + ABORT; + if (!BN_hex2bn + (&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) + ABORT; + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + ABORT; + + if (!BN_hex2bn + (&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) + ABORT; + if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) + ABORT; + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) + ABORT; + if (!BN_hex2bn + (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) + ABORT; + if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) + ABORT; + + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + fprintf(stdout, "\nNIST curve P-224 -- Generator:\n x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, "\n y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + /* G_y value taken from the standard: */ + if (!BN_hex2bn + (&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) + ABORT; + if (0 != BN_cmp(y, z)) + ABORT; + + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 224) + ABORT; + fprintf(stdout, " ok\n"); + + group_order_tests(group); + + if ((P_224 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) + ABORT; + if (!EC_GROUP_copy(P_224, group)) ABORT; /* Curve P-256 (FIPS PUB 186-2, App. 6) */ @@ -386,7 +325,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" "84F3B9CAC2FC632551")) @@ -409,6 +348,15 @@ static void prime_field_tests(void) if (0 != BN_cmp(y, z)) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + fprintf(stdout, "verify degree ..."); if (EC_GROUP_get_degree(group) != 256) ABORT; @@ -416,7 +364,7 @@ static void prime_field_tests(void) group_order_tests(group); - if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) + if ((P_256 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) ABORT; if (!EC_GROUP_copy(P_256, group)) ABORT; @@ -442,7 +390,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) @@ -464,6 +412,15 @@ static void prime_field_tests(void) if (0 != BN_cmp(y, z)) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + fprintf(stdout, "verify degree ..."); if (EC_GROUP_get_degree(group) != 384) ABORT; @@ -471,7 +428,7 @@ static void prime_field_tests(void) group_order_tests(group); - if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) + if ((P_384 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) ABORT; if (!EC_GROUP_copy(P_384, group)) ABORT; @@ -501,7 +458,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" @@ -525,6 +482,15 @@ static void prime_field_tests(void) if (0 != BN_cmp(y, z)) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) + ABORT; + fprintf(stdout, "verify degree ..."); if (EC_GROUP_get_degree(group) != 521) ABORT; @@ -532,20 +498,24 @@ static void prime_field_tests(void) group_order_tests(group); - if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) + if ((P_521 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) ABORT; if (!EC_GROUP_copy(P_521, group)) ABORT; /* more tests using the last curve */ + /* Restore the point that got mangled in the (x, y + 1) test. */ + if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + if (!EC_POINT_copy(Q, P)) ABORT; if (EC_POINT_is_at_infinity(group, Q)) ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ @@ -560,7 +530,7 @@ static void prime_field_tests(void) { const EC_POINT *points[4]; const BIGNUM *scalars[4]; - BIGNUM scalar3; + BIGNUM *scalar3; if (EC_POINT_is_at_infinity(group, Q)) ABORT; @@ -621,9 +591,11 @@ static void prime_field_tests(void) scalars[1] = y; scalars[2] = z; /* z = -(x+y) */ - BN_init(&scalar3); - BN_zero(&scalar3); - scalars[3] = &scalar3; + scalar3 = BN_new(); + if (!scalar3) + ABORT; + BN_zero(scalar3); + scalars[3] = scalar3; if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) ABORT; @@ -632,23 +604,10 @@ static void prime_field_tests(void) fprintf(stdout, " ok\n\n"); - BN_free(&scalar3); + BN_free(scalar3); } -# if 0 - timings(P_256, TIMING_BASE_PT, ctx); - timings(P_256, TIMING_RAND_PT, ctx); - timings(P_256, TIMING_SIMUL, ctx); - timings(P_384, TIMING_BASE_PT, ctx); - timings(P_384, TIMING_RAND_PT, ctx); - timings(P_384, TIMING_SIMUL, ctx); - timings(P_521, TIMING_BASE_PT, ctx); - timings(P_521, TIMING_RAND_PT, ctx); - timings(P_521, TIMING_SIMUL, ctx); -# endif - - if (ctx) - BN_CTX_free(ctx); + BN_CTX_free(ctx); BN_free(p); BN_free(a); BN_free(b); @@ -659,23 +618,15 @@ static void prime_field_tests(void) BN_free(x); BN_free(y); BN_free(z); + BN_free(yplusone); - if (P_160) - EC_GROUP_free(P_160); - if (P_192) - EC_GROUP_free(P_192); - if (P_224) - EC_GROUP_free(P_224); - if (P_256) - EC_GROUP_free(P_256); - if (P_384) - EC_GROUP_free(P_384); - if (P_521) - EC_GROUP_free(P_521); + EC_GROUP_free(P_224); + EC_GROUP_free(P_256); + EC_GROUP_free(P_384); + EC_GROUP_free(P_521); } - static void internal_curve_test(void) { EC_builtin_curve *curves = NULL; @@ -683,9 +634,7 @@ static void internal_curve_test(void) int ok = 1; crv_len = EC_get_builtin_curves(NULL, 0); - - curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len); - + curves = OPENSSL_malloc(sizeof(*curves) * crv_len); if (curves == NULL) return; @@ -724,6 +673,26 @@ static void internal_curve_test(void) fprintf(stdout, " failed\n\n"); ABORT; } + + /* Test all built-in curves and let the library choose the EC_METHOD */ + for (n = 0; n < crv_len; n++) { + EC_GROUP *group = NULL; + int nid = curves[n].nid; + /* + * Skip for X25519 because low level operations such as EC_POINT_mul() + * are not supported for this curve + */ + if (nid == NID_X25519) + continue; + fprintf(stdout, "%s:\n", OBJ_nid2sn(nid)); + fflush(stdout); + if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) { + ABORT; + } + group_order_tests(group); + EC_GROUP_free(group); + } + OPENSSL_free(curves); return; } @@ -738,7 +707,7 @@ struct nistp_test_params { int degree; /* * Qx, Qy and D are taken from - * http://csrcdocut.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf + * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf * Otherwise, values are standard curve parameters from FIPS 180-3 */ const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d; @@ -796,7 +765,7 @@ static const struct nistp_test_params nistp_tests_params[] = { static void nistp_single_test(const struct nistp_test_params *test) { BN_CTX *ctx; - BIGNUM *p, *a, *b, *x, *y, *n, *m, *order; + BIGNUM *p, *a, *b, *x, *y, *n, *m, *order, *yplusone; EC_GROUP *NISTP; EC_POINT *G, *P, *Q, *Q_CHECK; @@ -811,6 +780,7 @@ static void nistp_single_test(const struct nistp_test_params *test) m = BN_new(); n = BN_new(); order = BN_new(); + yplusone = BN_new(); NISTP = EC_GROUP_new(test->meth()); if (!NISTP) @@ -833,6 +803,14 @@ static void nistp_single_test(const struct nistp_test_params *test) ABORT; if (!BN_hex2bn(&y, test->Qy)) ABORT; + if (!BN_add(yplusone, y, BN_value_one())) + ABORT; + /* + * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, + * and therefore setting the coordinates should fail. + */ + if (EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, yplusone, ctx)) + ABORT; if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx)) ABORT; if (!BN_hex2bn(&x, test->Gx)) @@ -882,9 +860,18 @@ static void nistp_single_test(const struct nistp_test_params *test) if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT; + /* + * We have not performed precomputation so have_precompute mult should be + * false + */ + if (EC_GROUP_have_precompute_mult(NISTP)) + ABORT; + /* now repeat all tests with precomputation */ if (!EC_GROUP_precompute_mult(NISTP, ctx)) ABORT; + if (!EC_GROUP_have_precompute_mult(NISTP)) + ABORT; /* fixed point multiplication */ EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); @@ -909,10 +896,6 @@ static void nistp_single_test(const struct nistp_test_params *test) fprintf(stdout, "ok\n"); group_order_tests(NISTP); -# if 0 - timings(NISTP, TIMING_BASE_PT, ctx); - timings(NISTP, TIMING_RAND_PT, ctx); -# endif EC_GROUP_free(NISTP); EC_POINT_free(G); EC_POINT_free(P); @@ -926,6 +909,7 @@ static void nistp_single_test(const struct nistp_test_params *test) BN_free(x); BN_free(y); BN_free(order); + BN_free(yplusone); BN_CTX_free(ctx); } @@ -933,33 +917,52 @@ static void nistp_tests() { unsigned i; - for (i = 0; - i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params); - i++) { + for (i = 0; i < OSSL_NELEM(nistp_tests_params); i++) { nistp_single_test(&nistp_tests_params[i]); } } # endif +static void parameter_test(void) +{ + EC_GROUP *group, *group2; + ECPARAMETERS *ecparameters; + + fprintf(stderr, "\ntesting ecparameters conversion ..."); + + group = EC_GROUP_new_by_curve_name(NID_secp384r1); + if (!group) + ABORT; + + ecparameters = EC_GROUP_get_ecparameters(group, NULL); + if (!ecparameters) + ABORT; + group2 = EC_GROUP_new_from_ecparameters(ecparameters); + if (!group2) + ABORT; + if (EC_GROUP_cmp(group, group2, NULL)) + ABORT; + + fprintf(stderr, " ok\n"); + + EC_GROUP_free(group); + EC_GROUP_free(group2); + ECPARAMETERS_free(ecparameters); +} + static const char rnd_seed[] = "string to make the random number generator think it has entropy"; int main(int argc, char *argv[]) { + char *p; - /* enable memory leak checking unless explicitly disabled */ - if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) - && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) { - CRYPTO_malloc_debug_init(); - CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); - } else { - /* OPENSSL_DEBUG_MEMORY=off */ - CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); - } + p = getenv("OPENSSL_DEBUG_MEMORY"); + if (p != NULL && strcmp(p, "on") == 0) + CRYPTO_set_mem_debug(1); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - ERR_load_crypto_strings(); - RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ + RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */ prime_field_tests(); puts(""); @@ -972,13 +975,12 @@ int main(int argc, char *argv[]) /* test the internal curves */ internal_curve_test(); -# ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); -# endif - CRYPTO_cleanup_all_ex_data(); - ERR_free_strings(); - ERR_remove_thread_state(NULL); - CRYPTO_mem_leaks_fp(stderr); + parameter_test(); + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks_fp(stderr) <= 0) + return 1; +#endif return 0; } diff --git a/hobble-openssl b/hobble-openssl index 8750ad6..9a23ca6 100755 --- a/hobble-openssl +++ b/hobble-openssl @@ -8,40 +8,33 @@ set -e # IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore # RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore # EC: ????????? ??/??/2020 -# SRP: ????????? ??/??/20?? +# SRP: ????????? ??/??/2017 - expired, we do not remove it anymore # Remove assembler portions of IDEA, MDC2, and RC5. # (find crypto/rc5/asm -type f | xargs -r rm -fv) -# SRP. -for a in srp; do - for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do - echo Destroying $c - > $c - done -done - for c in `find crypto/bn -name "*gf2m.c"`; do echo Destroying $c > $c done -for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c" -o -name "ecp_nistp22?.c" -o -name "ectest.c"`; do +for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c"`; do + echo Destroying $c + > $c +done + +for c in `find test -name "ectest.c"`; do echo Destroying $c > $c done for h in `find crypto ssl apps test -name "*.h"` ; do - echo Removing SRP and EC2M references from $h + echo Removing EC2M references from $h cat $h | \ awk 'BEGIN {ech=1;} \ - /^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \ /^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \ /^#[ \t]*if/ {if(ech < 1) ech--;} \ {if(ech>0) {;print $0};} \ /^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \ mv $h.hobbled $h done - -# Make the makefiles happy. -# touch crypto/rc5/asm/rc5-586.pl diff --git a/mingw-openssl-drop-unneeded-reference-to-dlfcn-h.patch b/mingw-openssl-drop-unneeded-reference-to-dlfcn-h.patch deleted file mode 100644 index 255374a..0000000 --- a/mingw-openssl-drop-unneeded-reference-to-dlfcn-h.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- crypto/fips/fips.c.orig 2010-10-07 23:33:08.293664062 +0200 -+++ crypto/fips/fips.c 2010-10-07 23:33:20.723360688 +0200 -@@ -57,7 +57,6 @@ - #include - #include - #include --#include - #include - #include - #include "fips_locl.h" diff --git a/mingw-openssl-fix-fips-build-failure.patch b/mingw-openssl-fix-fips-build-failure.patch deleted file mode 100644 index fccae0f..0000000 --- a/mingw-openssl-fix-fips-build-failure.patch +++ /dev/null @@ -1,97 +0,0 @@ ---- openssl-1.0.1c/crypto/fips/fips_rand_selftest.c.orig 2012-11-03 18:59:03.620066556 +0100 -+++ openssl-1.0.1c/crypto/fips/fips_rand_selftest.c 2012-11-03 19:57:33.156686682 +0100 -@@ -47,6 +47,8 @@ - * - */ - -+#ifdef OPENSSL_FIPS -+ - #include - #include - #include -@@ -54,8 +56,6 @@ - #include - #include "fips_locl.h" - --#ifdef OPENSSL_FIPS -- - typedef struct { - unsigned char DT[16]; - unsigned char V[16]; ---- openssl-1.0.1c/crypto/fips/fips_dsa_selftest.c.orig 2012-11-03 20:03:20.546180631 +0100 -+++ openssl-1.0.1c/crypto/fips/fips_dsa_selftest.c 2012-11-03 20:03:46.069328396 +0100 -@@ -47,6 +47,8 @@ - * - */ - -+#ifdef OPENSSL_FIPS -+ - #include - #include - #include -@@ -56,8 +58,6 @@ - #include - #include "fips_locl.h" - --#ifdef OPENSSL_FIPS -- - static const unsigned char dsa_test_2048_p[] = { - 0xa8, 0x53, 0x78, 0xd8, 0xfd, 0x3f, 0x8d, 0x72, 0xec, 0x74, 0x18, 0x08, - 0x0d, 0xa2, 0x13, 0x17, 0xe4, 0x3e, 0xc4, 0xb6, 0x2b, 0xa8, 0xc8, 0x62, ---- openssl-1.0.1c/crypto/fips/fips_rand.c.orig 2012-11-03 20:07:49.956891942 +0100 -+++ openssl-1.0.1c/crypto/fips/fips_rand.c 2012-11-03 20:08:14.260048118 +0100 -@@ -47,6 +47,8 @@ - * - */ - -+#ifdef OPENSSL_FIPS -+ - /* - * This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4. - */ -@@ -82,8 +84,6 @@ - #include - #include "fips_locl.h" - --#ifdef OPENSSL_FIPS -- - void *OPENSSL_stderr(void); - - # define AES_BLOCK_LENGTH 16 ---- openssl-1.0.1c/crypto/rand/md_rand.c.orig 2012-11-03 20:19:31.461754618 +0100 -+++ openssl-1.0.1c/crypto/rand/md_rand.c 2012-11-03 20:20:58.294282662 +0100 -@@ -394,7 +394,11 @@ - /* always poll for external entropy in FIPS mode, drbg provides the - * expansion - */ -+#ifdef OPENSSL_FIPS - if (!initialized || FIPS_module_mode()) { -+#else -+ if (!initialized) { -+#endif - RAND_poll(); - initialized = 1; - } ---- openssl-1.0.1c/crypto/opensslconf.h.in 2012-11-09 20:34:03.434391630 +0100 -+++ openssl-1.0.1c/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100 -@@ -1,20 +1,5 @@ - /* crypto/opensslconf.h.in */ - --#ifdef OPENSSL_DOING_MAKEDEPEND -- --/* Include any symbols here that have to be explicitly set to enable a feature -- * that should be visible to makedepend. -- * -- * [Our "make depend" doesn't actually look at this, we use actual build settings -- * instead; we want to make it easy to remove subdirectories with disabled algorithms.] -- */ -- --#ifndef OPENSSL_FIPS --#define OPENSSL_FIPS --#endif -- --#endif -- - /* Generate 80386 code? */ - #undef I386_ONLY - diff --git a/mingw-openssl.spec b/mingw-openssl.spec index 9f33201..06aafb9 100644 --- a/mingw-openssl.spec +++ b/mingw-openssl.spec @@ -11,7 +11,9 @@ # 0.9.8g soversion = 7 # 0.9.8jk + EAP-FAST soversion = 8 # 1.0.0 soversion = 10 -%global soversion 10 +# 1.1.0 soversion = 1_1 (same as upstream although presence of some symbols +# depends on build configuration options) +%global soversion 1_1 # Enable the tests. # These only work some of the time, but fail randomly at other times @@ -19,12 +21,9 @@ # there is any actual problem with the binaries). %global run_tests 0 -# Number of threads to spawn when testing some threading fixes. -%global thread_test_threads %{?threads:%{threads}}%{!?threads:1} - Name: mingw-openssl -Version: 1.0.2h -Release: 7%{?dist} +Version: 1.1.0h +Release: 1%{?dist} Summary: MinGW port of the OpenSSL toolkit License: OpenSSL @@ -40,7 +39,6 @@ Source1: hobble-openssl Source2: Makefile.certificate Source6: make-dummy-cert Source7: renew-dummy-cert -Source8: openssl-thread-test.c Source9: opensslconf-new.h Source10: opensslconf-new-warning.h Source11: README.FIPS @@ -48,71 +46,35 @@ Source12: ec_curve.c Source13: ectest.c # Build changes -Patch1: openssl-1.0.2e-rpmbuild.patch -Patch2: openssl-1.0.2a-defaults.patch -Patch4: openssl-1.0.2a-enginesdir.patch -Patch5: openssl-1.0.2a-no-rpath.patch -Patch6: openssl-1.0.2a-test-use-localhost.patch -Patch7: openssl-1.0.0-timezone.patch -Patch8: openssl-1.0.1c-perlfind.patch -Patch9: openssl-1.0.1c-aliasing.patch +Patch1: openssl-1.1.0-build.patch +Patch2: openssl-1.1.0-defaults.patch +Patch3: openssl-1.1.0-no-html.patch # Bug fixes -Patch23: openssl-1.0.2c-default-paths.patch -Patch24: openssl-1.0.2a-issuer-hash.patch +Patch21: openssl-1.1.0-issuer-hash.patch +Patch22: openssl-1.1.0-algo-doc.patch +Patch23: openssl-1.1.0-manfix.patch # Functionality changes -Patch33: openssl-1.0.0-beta4-ca-dir.patch -Patch34: openssl-1.0.2a-x509.patch -Patch35: openssl-1.0.2a-version-add-engines.patch -Patch39: openssl-1.0.2a-ipv6-apps.patch -Patch40: openssl-1.0.2h-fips.patch -Patch45: openssl-1.0.2a-env-zlib.patch -Patch47: openssl-1.0.2a-readme-warning.patch -Patch49: openssl-1.0.1i-algo-doc.patch -Patch50: openssl-1.0.2a-dtls1-abi.patch -Patch51: openssl-1.0.2a-version.patch -Patch56: openssl-1.0.2a-rsa-x931.patch -Patch58: openssl-1.0.2a-fips-md5-allow.patch -Patch60: openssl-1.0.2a-apps-dgst.patch -Patch63: openssl-1.0.2a-xmpp-starttls.patch -Patch65: openssl-1.0.2a-chil-fixes.patch -Patch66: openssl-1.0.2a-pkgconfig-krb5.patch -Patch68: openssl-1.0.2a-secure-getenv.patch -Patch70: openssl-1.0.2a-fips-ec.patch -Patch71: openssl-1.0.2g-manfix.patch -Patch72: openssl-1.0.2a-fips-ctor.patch -Patch73: openssl-1.0.2c-ecc-suiteb.patch -Patch74: openssl-1.0.2a-no-md5-verify.patch -Patch75: openssl-1.0.2a-compat-symbols.patch -Patch76: openssl-1.0.2f-new-fips-reqs.patch -Patch78: openssl-1.0.2a-cc-reqs.patch -Patch90: openssl-1.0.2a-enc-fail.patch -Patch92: openssl-1.0.2a-system-cipherlist.patch -Patch93: openssl-1.0.2g-disable-sslv2v3.patch -Patch94: openssl-1.0.2d-secp256k1.patch -Patch95: openssl-1.0.2e-remove-nistp224.patch -Patch96: openssl-1.0.2e-speed-doc.patch +Patch31: openssl-1.1.0-ca-dir.patch +Patch32: openssl-1.1.0-version-add-engines.patch +Patch33: openssl-1.1.0-apps-dgst.patch +Patch35: openssl-1.1.0-chil-fixes.patch +Patch36: openssl-1.1.0-secure-getenv.patch +Patch37: openssl-1.1.0-ec-curves.patch +Patch38: openssl-1.1.0-no-weak-verify.patch +Patch39: openssl-1.1.0-cc-reqs.patch +Patch40: openssl-1.1.0-disable-ssl3.patch +Patch41: openssl-1.1.0-system-cipherlist.patch +Patch42: openssl-1.1.0-fips.patch +Patch44: openssl-1.1.0-bio-fd-preserve-nl.patch +Patch45: openssl-1.1.0-weak-ciphers.patch +Patch46: openssl-1.1.0-silent-rnd-write.patch # Backported fixes including security fixes -Patch80: openssl-1.0.2e-wrap-pad.patch -Patch81: openssl-1.0.2a-padlock64.patch -Patch82: openssl-1.0.2h-trusted-first-doc.patch +Patch70: openssl-1.1.0-missing-quotes.patch # MinGW-specific patches. -# Rename *eay32.dll to lib*.dll -Patch101: mingw32-openssl-1.0.0-beta3-libversion.patch -# Fix engines/ install target after lib rename -Patch102: mingw32-openssl-1.0.2a-sfx.patch -# Some .c file contains in #include while it -# doesn't really use anything from that header -Patch103: mingw-openssl-drop-unneeded-reference-to-dlfcn-h.patch -# Mingw-w64 compatibility patch -Patch104: openssl_mingw64_install_fix.patch -# Prevent a build failure which occurs because we don't have FIPS enabled -Patch105: mingw-openssl-fix-fips-build-failure.patch # The function secure_getenv is a GNU extension which isn't available on Windows -Patch106: openssl-mingw64-dont-use-secure-getenv.patch -# Don't include the old winsock.h as it will cause warnings/errors in packages -# using the openssl headers like: Please include winsock2.h before windows.h -Patch107: openssl-dont-include-winsock-h.patch +# This reverts part of openssl-1.1.0-no-weak-verify.patch +Patch101: openssl-mingw64-dont-use-secure-getenv.patch BuildArch: noarch @@ -133,10 +95,6 @@ BuildRequires: lksctp-tools-devel BuildRequires: /usr/bin/rename BuildRequires: /usr/bin/pod2man -# XXX Not really sure about this one. The build script uses -# /usr/bin/makedepend which comes from imake. -BuildRequires: imake - %if %{run_tests} # Required both to build, and to run the tests. # XXX This needs to be fixed - cross-compilation should not @@ -210,73 +168,36 @@ Static version of the MinGW port of the OpenSSL toolkit. # The tarball has already the sources removed. %{SOURCE1} > /dev/null -cp %{SOURCE12} %{SOURCE13} crypto/ec/ +cp %{SOURCE12} crypto/ec/ +cp %{SOURCE13} test/ -%patch1 -p1 -b .rpmbuild +%patch1 -p1 -b .build %{?_rawbuild} %patch2 -p1 -b .defaults -%patch4 -p1 -b .enginesdir %{?_rawbuild} -%patch5 -p1 -b .no-rpath -%patch6 -p1 -b .use-localhost -%patch7 -p1 -b .timezone -%patch8 -p1 -b .perlfind %{?_rawbuild} -%patch9 -p1 -b .aliasing +%patch3 -p1 -b .no-html %{?_rawbuild} -%patch23 -p1 -b .default-paths -%patch24 -p1 -b .issuer-hash +%patch21 -p1 -b .issuer-hash +%patch22 -p1 -b .algo-doc +%patch23 -p1 -b .manfix -%patch33 -p1 -b .ca-dir -%patch34 -p1 -b .x509 -%patch35 -p1 -b .version-add-engines -#patch39 -p1 -b .ipv6-apps -%patch40 -p1 -b .fips -%patch45 -p1 -b .env-zlib -%patch47 -p1 -b .warning -%patch49 -p1 -b .algo-doc -%patch50 -p1 -b .dtls1-abi -#patch51 -p1 -b .version -#patch56 -p1 -b .x931 -%patch58 -p1 -b .md5-allow -%patch60 -p1 -b .dgst -#patch63 -p1 -b .starttls -%patch65 -p1 -b .chil -%patch66 -p1 -b .krb5 -#patch68 -p1 -b .secure-getenv -#patch70 -p1 -b .fips-ec -%patch71 -p1 -b .manfix -#patch72 -p1 -b .fips-ctor -%patch73 -p1 -b .suiteb -#patch74 -p1 -b .no-md5-verify -%patch75 -p1 -b .compat -#patch76 -p1 -b .fips-reqs -%patch78 -p1 -b .cc-reqs -%patch90 -p1 -b .enc-fail -%patch92 -p1 -b .system -%patch93 -p1 -b .v2v3 -%patch94 -p1 -b .secp256k1 -%patch95 -p1 -b .nistp224 -%patch96 -p1 -b .speed-doc +%patch31 -p1 -b .ca-dir +%patch32 -p1 -b .version-add-engines +%patch33 -p1 -b .dgst +%patch35 -p1 -b .chil +#patch36 -p1 -b .secure-getenv +%patch37 -p1 -b .curves +%patch38 -p1 -b .no-weak-verify +%patch39 -p1 -b .cc-reqs +%patch40 -p1 -b .disable-ssl3 +%patch41 -p1 -b .system-cipherlist +#patch42 -p1 -b .fips +%patch44 -p1 -b .preserve-nl +%patch45 -p1 -b .weak-ciphers +%patch46 -p1 -b .silent-rnd-write -%patch80 -p1 -b .wrap -%patch81 -p1 -b .padlock64 -%patch82 -p1 -b .trusted-first +%patch70 -p1 -b .missing-quotes # MinGW specific patches -%patch101 -p1 -b .mingw-libversion -%patch102 -p1 -b .mingw-sfx -%patch103 -p0 -b .dlfcn -%patch104 -p0 -b .mingw64 -%patch105 -p1 -b .fips_mingw -%patch106 -p1 -b .secure_getenv_mingw -%patch107 -p0 -b .winsock - -sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h - -# Modify the various perl scripts to reference perl in the right location. -perl util/perlpath.pl `dirname %{__perl}` - -# Generate a table with the compile settings for my perusal. -touch Makefile -make TABLE PERL=%{__perl} +%patch101 -p1 -b .secure_getenv_mingw # Create two copies of the source folder as OpenSSL doesn't support out of source builds mkdir ../build_win32 @@ -286,6 +207,7 @@ mkdir build_win64 cp -Rp build_win32/* build_win64 # Use mingw cflags instead of hardcoded ones +# FIXME sed -i -e '/^"mingw"/ s/-fomit-frame-pointer -O3 -march=i486 -Wall/%{mingw32_cflags}/' build_win32/Configure sed -i -e '/^"mingw"/ s/-fomit-frame-pointer -O3 -march=i486 -Wall/%{mingw64_cflags}/' build_win64/Configure @@ -300,22 +222,20 @@ PERL=%{__perl} \ ./Configure \ --prefix=%{mingw32_prefix} \ --openssldir=%{mingw32_sysconfdir}/pki/tls \ - zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \ - enable-cms enable-md2 enable-rc5 \ - no-mdc2 no-ec2m no-gost no-srp \ - no-fips no-hw \ + zlib enable-camellia enable-seed enable-rfc3779 \ + enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \ + enable-weak-ssl-ciphers \ + no-mdc2 no-ec2m \ --cross-compile-prefix=%{mingw32_target}- \ - --enginesdir=%{mingw32_libdir}/openssl/engines \ - shared mingw + %{mingw32_cflags} shared mingw -# Regenerate def files as we disabled some algorithms above -perl util/mkdef.pl crypto ssl update +# Do not run this in a production package the FIPS symbols must be patched-in +#util/mkdef.pl crypto update -make depend -make all build-shared +make all -# Generate hashes for the included certs. -make rehash build-shared +# Overwrite FIPS README +cp -f %{SOURCE11} . popd @@ -328,22 +248,20 @@ PERL=%{__perl} \ ./Configure \ --prefix=%{mingw64_prefix} \ --openssldir=%{mingw64_sysconfdir}/pki/tls \ - zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \ - enable-cms enable-md2 \ - no-mdc2 no-rc5 no-ec2m no-gost no-srp \ - no-fips no-hw \ + zlib enable-camellia enable-seed enable-rfc3779 \ + enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \ + enable-weak-ssl-ciphers enable-ec_nistp_64_gcc_128 \ + no-mdc2 no-ec2m no-hw \ --cross-compile-prefix=%{mingw64_target}- \ - --enginesdir=%{mingw64_libdir}/openssl/engines \ - shared mingw64 + %{mingw64_cflags} shared mingw64 -# Regenerate def files as we disabled some algorithms above -perl util/mkdef.pl crypto ssl update +# Do not run this in a production package the FIPS symbols must be patched-in +#util/mkdef.pl crypto update -make depend -make all build-shared +make all -# Generate hashes for the included certs. -make rehash build-shared +# Overwrite FIPS README +cp -f %{SOURCE11} . popd @@ -358,8 +276,8 @@ done #---------------------------------------------------------------------- # Run some tests. -# We must revert patch33 before tests otherwise they will fail -patch -p1 -R < %{PATCH33} +# We must revert patch31 before tests otherwise they will fail +patch -p1 -R < %{PATCH31} # This is a bit of a hack, but the test scripts look for 'openssl' # by name. @@ -388,21 +306,7 @@ sleep 3 DISPLAY=$display export DISPLAY -make LDCMD=%{mingw32_cc} -C build_win32/test apps tests - -# Disable this thread test, because we don't have pthread on Windows. -%{mingw32_cc} -o openssl-thread-test \ - -I./build_win32/include \ - %-{_mingw32_cflags} \ - %-{SOURCE8} \ - -L./build_win32 \ - -lssl -lcrypto \ - -lpthread -lz -ldl - -## `krb5-config --cflags` -## `krb5-config --libs` -# -./openssl-thread-test --threads %{thread_test_threads} +make test #---------------------------------------------------------------------- %endif @@ -428,16 +332,15 @@ mkdir -p $RPM_BUILD_ROOT%{mingw64_bindir} mkdir -p $RPM_BUILD_ROOT%{mingw64_includedir} mkdir -p $RPM_BUILD_ROOT%{mingw64_mandir} -%mingw_make_install INSTALL_PREFIX=$RPM_BUILD_ROOT build-shared +%mingw_make_install DESTDIR=$RPM_BUILD_ROOT install # Install the file applink.c (#499934) install -m644 build_win32/ms/applink.c $RPM_BUILD_ROOT%{mingw32_includedir}/openssl/applink.c install -m644 build_win64/ms/applink.c $RPM_BUILD_ROOT%{mingw64_includedir}/openssl/applink.c -# I have no idea why it installs the manpages in /etc, but -# we remove them anyway. -rm -r $RPM_BUILD_ROOT%{mingw32_sysconfdir}/pki/tls/man -rm -r $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/tls/man +# Remove the man pages +rm -rf $RPM_BUILD_ROOT%{mingw32_mandir} +rm -rf $RPM_BUILD_ROOT%{mingw64_mandir} # Set permissions on lib*.dll.a so that strip works. chmod 0755 $RPM_BUILD_ROOT%{mingw32_libdir}/libcrypto.dll.a @@ -449,22 +352,13 @@ chmod 0755 $RPM_BUILD_ROOT%{mingw64_libdir}/libssl.dll.a # for generating them on the fly. mkdir -p $RPM_BUILD_ROOT%{mingw32_sysconfdir}/pki/tls/certs install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{mingw32_sysconfdir}/pki/tls/certs/Makefile -install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{mingw32_sysconfdir}/pki/tls/certs/make-dummy-cert -install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{mingw32_sysconfdir}/pki/tls/certs/renew-dummy-cert +install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{mingw32_bindir}/make-dummy-cert +install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{mingw32_bindir}/renew-dummy-cert mkdir -p $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/tls/certs install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/tls/certs/Makefile -install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/tls/certs/make-dummy-cert -install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/tls/certs/renew-dummy-cert - -# Pick a CA script. -pushd $RPM_BUILD_ROOT%{mingw32_sysconfdir}/pki/tls/misc -mv CA.sh CA -popd - -pushd $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/tls/misc -mv CA.sh CA -popd +install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{mingw64_bindir}/make-dummy-cert +install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{mingw64_bindir}/renew-dummy-cert mkdir -m700 $RPM_BUILD_ROOT%{mingw32_sysconfdir}/pki/CA mkdir -m700 $RPM_BUILD_ROOT%{mingw32_sysconfdir}/pki/CA/private @@ -477,6 +371,7 @@ find %{buildroot}%{mingw32_prefix} | grep -E '.(exe|dll|pyd)$' | sed 's|^%{build find %{buildroot}%{mingw64_prefix} | grep -E '.(exe|dll|pyd)$' | sed 's|^%{buildroot}\(.*\)$|%%exclude \1.debug|' > mingw64-openssl.debugfiles + # Win32 %files -n mingw32-openssl -f mingw32-openssl.debugfiles %doc build_win32/LICENSE @@ -484,9 +379,11 @@ find %{buildroot}%{mingw64_prefix} | grep -E '.(exe|dll|pyd)$' | sed 's|^%{build %{mingw32_bindir}/c_rehash %{mingw32_bindir}/libcrypto-%{soversion}.dll %{mingw32_bindir}/libssl-%{soversion}.dll +%{mingw32_bindir}/make-dummy-cert +%{mingw32_bindir}/renew-dummy-cert %{mingw32_libdir}/libcrypto.dll.a %{mingw32_libdir}/libssl.dll.a -%{mingw32_libdir}/engines +%{mingw32_libdir}/engines-%{soversion} %{mingw32_libdir}/pkgconfig/*.pc %{mingw32_includedir}/openssl %config(noreplace) %{mingw32_sysconfdir}/pki @@ -500,11 +397,13 @@ find %{buildroot}%{mingw64_prefix} | grep -E '.(exe|dll|pyd)$' | sed 's|^%{build %doc build_win64/LICENSE %{mingw64_bindir}/openssl.exe %{mingw64_bindir}/c_rehash -%{mingw64_bindir}/libcrypto-%{soversion}.dll -%{mingw64_bindir}/libssl-%{soversion}.dll +%{mingw64_bindir}/libcrypto-%{soversion}-x64.dll +%{mingw64_bindir}/libssl-%{soversion}-x64.dll +%{mingw64_bindir}/make-dummy-cert +%{mingw64_bindir}/renew-dummy-cert %{mingw64_libdir}/libcrypto.dll.a %{mingw64_libdir}/libssl.dll.a -%{mingw64_libdir}/engines +%{mingw64_libdir}/engines-%{soversion} %{mingw64_libdir}/pkgconfig/*.pc %{mingw64_includedir}/openssl %config(noreplace) %{mingw64_sysconfdir}/pki @@ -515,6 +414,9 @@ find %{buildroot}%{mingw64_prefix} | grep -E '.(exe|dll|pyd)$' | sed 's|^%{build %changelog +* Fri Aug 24 2018 Christophe Fergeau - 1.1.0h-1 +- Sync with f28 openssl 1.1.0h + * Fri Jul 13 2018 Fedora Release Engineering - 1.0.2h-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild diff --git a/mingw32-openssl-1.0.0-beta3-libversion.patch b/mingw32-openssl-1.0.0-beta3-libversion.patch deleted file mode 100644 index d4d9996..0000000 --- a/mingw32-openssl-1.0.0-beta3-libversion.patch +++ /dev/null @@ -1,50 +0,0 @@ -diff -up openssl-1.0.0-beta3/Makefile.org.mingw-libversion openssl-1.0.0-beta3/Makefile.org ---- openssl-1.0.0-beta3/Makefile.org.mingw-libversion 2009-08-29 22:44:10.000000000 +0300 -+++ openssl-1.0.0-beta3/Makefile.org 2009-08-29 22:45:42.000000000 +0300 -@@ -542,8 +542,8 @@ install_sw: - fi ); \ - if expr $(PLATFORM) : 'mingw' > /dev/null; then \ - ( case $$i in \ -- *crypto*) i=libeay32.dll;; \ -- *ssl*) i=ssleay32.dll;; \ -+ *crypto*) i=libcrypto-$(SHLIB_SONAMEVER).dll;; \ -+ *ssl*) i=libssl-$(SHLIB_SONAMEVER).dll;; \ - esac; \ - echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ -diff -up openssl-1.0.0-beta3/Makefile.shared.mingw-libversion openssl-1.0.0-beta3/Makefile.shared ---- openssl-1.0.0-beta3/Makefile.shared.mingw-libversion 2009-08-29 22:33:22.000000000 +0300 -+++ openssl-1.0.0-beta3/Makefile.shared 2009-08-29 22:33:22.000000000 +0300 -@@ -47,7 +47,7 @@ LIBEXTRAS= - # LIBVERSION contains the current version of the library. - # For example, to build libfoo.so.1.2, you need to do the following: - #LIBVERSION=1.2 --LIBVERSION= -+LIBVERSION=10 - - # LIBCOMPATVERSIONS contains the compatibility versions (a list) of - # the library. They MUST be in decreasing order. -@@ -250,7 +250,7 @@ link_o.cygwin: - base=-Wl,--enable-auto-image-base; \ - deffile=; \ - if expr $(PLATFORM) : 'mingw' > /dev/null; then \ -- SHLIB=$(LIBNAME)eay32; base=; \ -+ SHLIB=lib$(LIBNAME); base=; \ - if test -f $(LIBNAME)eay32.def; then \ - deffile=$(LIBNAME)eay32.def; \ - fi; \ -@@ -282,13 +282,7 @@ - dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; extras=; \ - base=-Wl,--enable-auto-image-base; \ - if expr $(PLATFORM) : 'mingw' > /dev/null; then \ -- case $(LIBNAME) in \ -- crypto) SHLIB=libeay;; \ -- ssl) SHLIB=ssleay;; \ -- esac; \ -- SHLIB_SOVER=32; \ -- extras="$(LIBNAME).def"; \ -- $(PERL) util/mkdef.pl 32 $$SHLIB > $$extras; \ -+ SHLIB=lib$(LIBNAME); \ - base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \ - fi; \ - dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \ diff --git a/mingw32-openssl-1.0.2a-sfx.patch b/mingw32-openssl-1.0.2a-sfx.patch deleted file mode 100644 index 8020d57..0000000 --- a/mingw32-openssl-1.0.2a-sfx.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- openssl-1.0.2a/engines/Makefile.enginesdir 2015-03-19 14:31:14.000000000 +0100 -+++ openssl-1.0.2a/engines/Makefile 2015-04-24 18:27:12.875788913 +0200 -@@ -111,7 +111,10 @@ - for l in $(LIBNAMES); do \ - ( echo installing $$l; \ - pfx=lib; \ -- if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ -+ if [ "$(PLATFORM)" = "mingw" ]; then \ -+ sfx=.dll; \ -+ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \ -+ elif expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ - sfx=".so"; \ - cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ - else \ diff --git a/openssl-1.0.0-beta4-ca-dir.patch b/openssl-1.0.0-beta4-ca-dir.patch deleted file mode 100644 index 751cabd..0000000 --- a/openssl-1.0.0-beta4-ca-dir.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -up openssl-1.0.0-beta4/apps/CA.pl.in.ca-dir openssl-1.0.0-beta4/apps/CA.pl.in ---- openssl-1.0.0-beta4/apps/CA.pl.in.ca-dir 2006-04-28 02:30:49.000000000 +0200 -+++ openssl-1.0.0-beta4/apps/CA.pl.in 2009-11-12 12:33:13.000000000 +0100 -@@ -53,7 +53,7 @@ $VERIFY="$openssl verify"; - $X509="$openssl x509"; - $PKCS12="$openssl pkcs12"; - --$CATOP="./demoCA"; -+$CATOP="/etc/pki/CA"; - $CAKEY="cakey.pem"; - $CAREQ="careq.pem"; - $CACERT="cacert.pem"; -diff -up openssl-1.0.0-beta4/apps/CA.sh.ca-dir openssl-1.0.0-beta4/apps/CA.sh ---- openssl-1.0.0-beta4/apps/CA.sh.ca-dir 2009-10-15 19:27:47.000000000 +0200 -+++ openssl-1.0.0-beta4/apps/CA.sh 2009-11-12 12:35:14.000000000 +0100 -@@ -68,7 +68,7 @@ VERIFY="$OPENSSL verify" - X509="$OPENSSL x509" - PKCS12="openssl pkcs12" - --if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi -+if [ -z "$CATOP" ] ; then CATOP=/etc/pki/CA ; fi - CAKEY=./cakey.pem - CAREQ=./careq.pem - CACERT=./cacert.pem -diff -up openssl-1.0.0-beta4/apps/openssl.cnf.ca-dir openssl-1.0.0-beta4/apps/openssl.cnf ---- openssl-1.0.0-beta4/apps/openssl.cnf.ca-dir 2009-11-12 12:33:13.000000000 +0100 -+++ openssl-1.0.0-beta4/apps/openssl.cnf 2009-11-12 12:33:13.000000000 +0100 -@@ -39,7 +39,7 @@ default_ca = CA_default # The default c - #################################################################### - [ CA_default ] - --dir = ./demoCA # Where everything is kept -+dir = /etc/pki/CA # Where everything is kept - certs = $dir/certs # Where the issued certs are kept - crl_dir = $dir/crl # Where the issued crl are kept - database = $dir/index.txt # database index file. diff --git a/openssl-1.0.0-timezone.patch b/openssl-1.0.0-timezone.patch deleted file mode 100644 index b1d6682..0000000 --- a/openssl-1.0.0-timezone.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up openssl-1.0.0/Makefile.org.timezone openssl-1.0.0/Makefile.org ---- openssl-1.0.0/Makefile.org.timezone 2010-03-30 11:08:40.000000000 +0200 -+++ openssl-1.0.0/Makefile.org 2010-04-06 12:49:21.000000000 +0200 -@@ -609,7 +609,7 @@ install_docs: - sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ -- sh -c "$$pod2man \ -+ sh -c "TZ=UTC $$pod2man \ - --section=$$sec --center=OpenSSL \ - --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ -@@ -626,7 +626,7 @@ install_docs: - sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ -- sh -c "$$pod2man \ -+ sh -c "TZ=UTC $$pod2man \ - --section=$$sec --center=OpenSSL \ - --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ diff --git a/openssl-1.0.1c-aliasing.patch b/openssl-1.0.1c-aliasing.patch deleted file mode 100644 index 582418c..0000000 --- a/openssl-1.0.1c-aliasing.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssl-1.0.1c/crypto/modes/Makefile.aliasing openssl-1.0.1c/crypto/modes/Makefile ---- openssl-1.0.1c/crypto/modes/Makefile.aliasing 2011-08-12 00:36:17.000000000 +0200 -+++ openssl-1.0.1c/crypto/modes/Makefile 2012-07-13 11:32:10.767829077 +0200 -@@ -12,7 +12,7 @@ AR= ar r - - MODES_ASM_OBJ= - --CFLAGS= $(INCLUDES) $(CFLAG) -+CFLAGS= $(INCLUDES) $(CFLAG) -fno-strict-aliasing - ASFLAGS= $(INCLUDES) $(ASFLAG) - AFLAGS= $(ASFLAGS) - diff --git a/openssl-1.0.1c-perlfind.patch b/openssl-1.0.1c-perlfind.patch deleted file mode 100644 index 956afd6..0000000 --- a/openssl-1.0.1c-perlfind.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up openssl-1.0.1c/util/perlpath.pl.perlfind openssl-1.0.1c/util/perlpath.pl ---- openssl-1.0.1c/util/perlpath.pl.perlfind 2012-07-11 22:57:33.000000000 +0200 -+++ openssl-1.0.1c/util/perlpath.pl 2012-07-12 00:31:12.102156275 +0200 -@@ -4,10 +4,10 @@ - # line in all scripts that rely on perl. - # - --require "find.pl"; -+use File::Find; - - $#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n"; --&find("."); -+find(\&wanted, "."); - - sub wanted - { diff --git a/openssl-1.0.1i-algo-doc.patch b/openssl-1.0.1i-algo-doc.patch deleted file mode 100644 index a19877d..0000000 --- a/openssl-1.0.1i-algo-doc.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff -up openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod ---- openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod.algo-doc 2014-08-06 23:10:56.000000000 +0200 -+++ openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod 2014-08-07 11:18:01.290773970 +0200 -@@ -75,7 +75,7 @@ EVP_MD_CTX_create() allocates, initializ - - EVP_DigestInit_ex() sets up digest context B to use a digest - B from ENGINE B. B must be initialized before calling this --function. B will typically be supplied by a functionsuch as EVP_sha1(). -+function. B will typically be supplied by a function such as EVP_sha1(). - If B is NULL then the default implementation of digest B is used. - - EVP_DigestUpdate() hashes B bytes of data at B into the -@@ -164,7 +164,8 @@ corresponding OBJECT IDENTIFIER or NID_u - EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and - EVP_MD_CTX_block_size() return the digest or block size in bytes. - --EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(), -+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), -+EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_dss(), - EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the - corresponding EVP_MD structures. - -diff -up openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod ---- openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod.algo-doc 2014-08-06 23:10:56.000000000 +0200 -+++ openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod 2014-08-07 10:55:25.100638252 +0200 -@@ -91,6 +91,32 @@ EVP_CIPHER_CTX_set_padding - EVP cipher - int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - -+ const EVP_CIPHER *EVP_des_ede3(void); -+ const EVP_CIPHER *EVP_des_ede3_ecb(void); -+ const EVP_CIPHER *EVP_des_ede3_cfb64(void); -+ const EVP_CIPHER *EVP_des_ede3_cfb1(void); -+ const EVP_CIPHER *EVP_des_ede3_cfb8(void); -+ const EVP_CIPHER *EVP_des_ede3_ofb(void); -+ const EVP_CIPHER *EVP_des_ede3_cbc(void); -+ const EVP_CIPHER *EVP_aes_128_ecb(void); -+ const EVP_CIPHER *EVP_aes_128_cbc(void); -+ const EVP_CIPHER *EVP_aes_128_cfb1(void); -+ const EVP_CIPHER *EVP_aes_128_cfb8(void); -+ const EVP_CIPHER *EVP_aes_128_cfb128(void); -+ const EVP_CIPHER *EVP_aes_128_ofb(void); -+ const EVP_CIPHER *EVP_aes_192_ecb(void); -+ const EVP_CIPHER *EVP_aes_192_cbc(void); -+ const EVP_CIPHER *EVP_aes_192_cfb1(void); -+ const EVP_CIPHER *EVP_aes_192_cfb8(void); -+ const EVP_CIPHER *EVP_aes_192_cfb128(void); -+ const EVP_CIPHER *EVP_aes_192_ofb(void); -+ const EVP_CIPHER *EVP_aes_256_ecb(void); -+ const EVP_CIPHER *EVP_aes_256_cbc(void); -+ const EVP_CIPHER *EVP_aes_256_cfb1(void); -+ const EVP_CIPHER *EVP_aes_256_cfb8(void); -+ const EVP_CIPHER *EVP_aes_256_cfb128(void); -+ const EVP_CIPHER *EVP_aes_256_ofb(void); -+ - =head1 DESCRIPTION - - The EVP cipher routines are a high level interface to certain -@@ -297,6 +323,18 @@ Three key triple DES in CBC, ECB, CFB an - - DESX algorithm in CBC mode. - -+=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(), EVP_aes_128_ofb(void), EVP_aes_128_cfb1(void), EVP_aes_128_cfb8(void), EVP_aes_128_cfb128(void) -+ -+AES with 128 bit key length in CBC, ECB, OFB and CFB modes respectively. -+ -+=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(), EVP_aes_192_ofb(void), EVP_aes_192_cfb1(void), EVP_aes_192_cfb8(void), EVP_aes_192_cfb128(void) -+ -+AES with 192 bit key length in CBC, ECB, OFB and CFB modes respectively. -+ -+=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(), EVP_aes_256_ofb(void), EVP_aes_256_cfb1(void), EVP_aes_256_cfb8(void), EVP_aes_256_cfb128(void) -+ -+AES with 256 bit key length in CBC, ECB, OFB and CFB modes respectively. -+ - =item EVP_rc4(void) - - RC4 stream cipher. This is a variable key length cipher with default key length 128 bits. diff --git a/openssl-1.0.2a-apps-dgst.patch b/openssl-1.0.2a-apps-dgst.patch deleted file mode 100644 index 2bb8327..0000000 --- a/openssl-1.0.2a-apps-dgst.patch +++ /dev/null @@ -1,110 +0,0 @@ -diff -up openssl-1.0.2a/apps/ca.c.dgst openssl-1.0.2a/apps/ca.c ---- openssl-1.0.2a/apps/ca.c.dgst 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/apps/ca.c 2015-04-21 17:01:38.841551616 +0200 -@@ -157,7 +157,7 @@ static const char *ca_usage[] = { - " -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n", - " -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n", - " -days arg - number of days to certify the certificate for\n", -- " -md arg - md to use, one of md2, md5, sha or sha1\n", -+ " -md arg - md to use, see openssl dgst -h for list\n", - " -policy arg - The CA 'policy' to support\n", - " -keyfile arg - private key file\n", - " -keyform arg - private key file format (PEM or ENGINE)\n", -diff -up openssl-1.0.2a/apps/enc.c.dgst openssl-1.0.2a/apps/enc.c ---- openssl-1.0.2a/apps/enc.c.dgst 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/apps/enc.c 2015-04-21 17:01:38.841551616 +0200 -@@ -294,7 +294,7 @@ int MAIN(int argc, char **argv) - "%-14s the next argument is the md to use to create a key\n", - "-md"); - BIO_printf(bio_err, -- "%-14s from a passphrase. One of md2, md5, sha or sha1\n", -+ "%-14s from a passphrase. See openssl dgst -h for list.\n", - ""); - BIO_printf(bio_err, "%-14s salt in hex is the next argument\n", - "-S"); -diff -up openssl-1.0.2a/apps/req.c.dgst openssl-1.0.2a/apps/req.c ---- openssl-1.0.2a/apps/req.c.dgst 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/apps/req.c 2015-04-21 17:01:38.842551640 +0200 -@@ -414,7 +414,7 @@ int MAIN(int argc, char **argv) - " -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n"); - #endif - BIO_printf(bio_err, -- " -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n"); -+ " -[digest] Digest to sign with (see openssl dgst -h for list)\n"); - BIO_printf(bio_err, " -config file request template file.\n"); - BIO_printf(bio_err, - " -subj arg set or modify request subject\n"); -diff -up openssl-1.0.2a/apps/ts.c.dgst openssl-1.0.2a/apps/ts.c ---- openssl-1.0.2a/apps/ts.c.dgst 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/apps/ts.c 2015-04-21 17:01:38.842551640 +0200 -@@ -337,7 +337,7 @@ int MAIN(int argc, char **argv) - BIO_printf(bio_err, "usage:\n" - "ts -query [-rand file%cfile%c...] [-config configfile] " - "[-data file_to_hash] [-digest digest_bytes]" -- "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] " -+ "[-] " - "[-policy object_id] [-no_nonce] [-cert] " - "[-in request.tsq] [-out request.tsq] [-text]\n", - LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); -diff -up openssl-1.0.2a/apps/x509.c.dgst openssl-1.0.2a/apps/x509.c ---- openssl-1.0.2a/apps/x509.c.dgst 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/apps/x509.c 2015-04-21 17:01:38.842551640 +0200 -@@ -141,7 +141,7 @@ static const char *x509_usage[] = { - " -set_serial - serial number to use\n", - " -text - print the certificate in text form\n", - " -C - print out C code forms\n", -- " -md2/-md5/-sha1/-mdc2 - digest to use\n", -+ " - - digest to use, see openssl dgst -h output for list\n", - " -extfile - configuration file with X509V3 extensions to add\n", - " -extensions - section from config file with X509V3 extensions to add\n", - " -clrext - delete extensions before signing and input certificate\n", -diff -up openssl-1.0.2a/doc/apps/ca.pod.dgst openssl-1.0.2a/doc/apps/ca.pod ---- openssl-1.0.2a/doc/apps/ca.pod.dgst 2015-01-20 13:33:36.000000000 +0100 -+++ openssl-1.0.2a/doc/apps/ca.pod 2015-04-21 17:01:38.842551640 +0200 -@@ -168,7 +168,8 @@ the number of days to certify the certif - =item B<-md alg> - - the message digest to use. Possible values include md5, sha1 and mdc2. --This option also applies to CRLs. -+For full list of digests see openssl dgst -h output. This option also -+applies to CRLs. - - =item B<-policy arg> - -diff -up openssl-1.0.2a/doc/apps/ocsp.pod.dgst openssl-1.0.2a/doc/apps/ocsp.pod ---- openssl-1.0.2a/doc/apps/ocsp.pod.dgst 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/doc/apps/ocsp.pod 2015-04-21 17:01:38.842551640 +0200 -@@ -219,7 +219,8 @@ check is not performed. - =item B<-md5|-sha1|-sha256|-ripemod160|...> - - this option sets digest algorithm to use for certificate identification --in the OCSP request. By default SHA-1 is used. -+in the OCSP request. By default SHA-1 is used. See openssl dgst -h output for -+the list of available algorithms. - - =back - -diff -up openssl-1.0.2a/doc/apps/req.pod.dgst openssl-1.0.2a/doc/apps/req.pod ---- openssl-1.0.2a/doc/apps/req.pod.dgst 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/doc/apps/req.pod 2015-04-21 17:01:38.843551664 +0200 -@@ -201,7 +201,8 @@ will not be encrypted. - - this specifies the message digest to sign the request with (such as - B<-md5>, B<-sha1>). This overrides the digest algorithm specified in --the configuration file. -+the configuration file. For full list of possible digests see openssl -+dgst -h output. - - Some public key algorithms may override this choice. For instance, DSA - signatures always use SHA1, GOST R 34.10 signatures always use -diff -up openssl-1.0.2a/doc/apps/x509.pod.dgst openssl-1.0.2a/doc/apps/x509.pod ---- openssl-1.0.2a/doc/apps/x509.pod.dgst 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/doc/apps/x509.pod 2015-04-21 17:01:38.843551664 +0200 -@@ -107,6 +107,7 @@ the digest to use. This affects any sign - digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not - specified then SHA1 is used. If the key being used to sign with is a DSA key - then this option has no effect: SHA1 is always used with DSA keys. -+For full list of digests see openssl dgst -h output. - - =item B<-engine id> - diff --git a/openssl-1.0.2a-cc-reqs.patch b/openssl-1.0.2a-cc-reqs.patch deleted file mode 100644 index f268d62..0000000 --- a/openssl-1.0.2a-cc-reqs.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -up openssl-1.0.2a/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.0.2a/crypto/rsa/rsa_gen.c ---- openssl-1.0.2a/crypto/rsa/rsa_gen.c.cc-reqs 2015-04-09 18:22:58.638448432 +0200 -+++ openssl-1.0.2a/crypto/rsa/rsa_gen.c 2015-04-09 18:22:57.264416692 +0200 -@@ -474,6 +474,12 @@ static int rsa_builtin_keygen(RSA *rsa, - if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL)) - goto err; - -+ /* prepare minimum p and q difference */ -+ if (!BN_one(r3)) -+ goto err; -+ if (bitsp > 100 && !BN_lshift(r3, r3, bitsp - 100)) -+ goto err; -+ - BN_copy(rsa->e, e_value); - - /* generate p and q */ -@@ -501,7 +507,9 @@ static int rsa_builtin_keygen(RSA *rsa, - do { - if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) - goto err; -- } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3)); -+ if (!BN_sub(r2, rsa->q, rsa->p)) -+ goto err; -+ } while ((BN_ucmp(r2, r3) <= 0) && (++degenerate < 3)); - if (degenerate == 3) { - ok = 0; /* we set our own err */ - RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL); diff --git a/openssl-1.0.2a-chil-fixes.patch b/openssl-1.0.2a-chil-fixes.patch deleted file mode 100644 index ebd2429..0000000 --- a/openssl-1.0.2a-chil-fixes.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up openssl-1.0.2a/engines/e_chil.c.chil openssl-1.0.2a/engines/e_chil.c ---- openssl-1.0.2a/engines/e_chil.c.chil 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/engines/e_chil.c 2015-04-21 17:06:25.480293443 +0200 -@@ -1247,6 +1247,11 @@ static int hwcrhk_insert_card(const char - UI *ui; - void *callback_data = NULL; - UI_METHOD *ui_method = NULL; -+ /* Despite what the documentation says prompt_info can be -+ * an empty string. -+ */ -+ if (prompt_info && !*prompt_info) -+ prompt_info = NULL; - - if (cactx) { - if (cactx->ui_method) -@@ -1268,7 +1273,7 @@ static int hwcrhk_insert_card(const char - ui = UI_new_method(ui_method); - - if (ui) { -- char answer; -+ char answer = '\0'; - char buf[BUFSIZ]; - /* - * Despite what the documentation says wrong_info can be an empty diff --git a/openssl-1.0.2a-compat-symbols.patch b/openssl-1.0.2a-compat-symbols.patch deleted file mode 100644 index 1e0993e..0000000 --- a/openssl-1.0.2a-compat-symbols.patch +++ /dev/null @@ -1,46 +0,0 @@ -diff -up openssl-1.0.2a/crypto/dsa/dsa_key.c.compat openssl-1.0.2a/crypto/dsa/dsa_key.c ---- openssl-1.0.2a/crypto/dsa/dsa_key.c.compat 2015-04-09 18:21:11.687977858 +0200 -+++ openssl-1.0.2a/crypto/dsa/dsa_key.c 2015-04-09 18:21:07.869889659 +0200 -@@ -68,6 +68,11 @@ - # include - # include - -+/* just a compatibility symbol - no-op */ -+void FIPS_corrupt_dsa_keygen(void) -+{ -+} -+ - static int fips_check_dsa(DSA *dsa) - { - EVP_PKEY *pk; -diff -up openssl-1.0.2a/crypto/engine/eng_all.c.compat openssl-1.0.2a/crypto/engine/eng_all.c ---- openssl-1.0.2a/crypto/engine/eng_all.c.compat 2015-04-09 18:21:11.688977881 +0200 -+++ openssl-1.0.2a/crypto/engine/eng_all.c 2015-04-09 18:21:09.159919459 +0200 -@@ -63,6 +63,11 @@ - # include - #endif - -+/* just backwards compatibility symbol - no-op */ -+void ENGINE_load_aesni(void) -+{ -+} -+ - void ENGINE_load_builtin_engines(void) - { - /* Some ENGINEs need this */ -diff -up openssl-1.0.2a/crypto/fips/fips.c.compat openssl-1.0.2a/crypto/fips/fips.c ---- openssl-1.0.2a/crypto/fips/fips.c.compat 2015-04-09 18:21:11.689977904 +0200 -+++ openssl-1.0.2a/crypto/fips/fips.c 2015-04-09 18:21:09.925937154 +0200 -@@ -113,6 +113,12 @@ int FIPS_module_mode(void) - return ret; - } - -+/* just a compat symbol - return NULL */ -+const void *FIPS_rand_check(void) -+{ -+ return NULL; -+} -+ - int FIPS_selftest_failed(void) - { - int ret = 0; diff --git a/openssl-1.0.2a-dtls1-abi.patch b/openssl-1.0.2a-dtls1-abi.patch deleted file mode 100644 index a6a79d7..0000000 --- a/openssl-1.0.2a-dtls1-abi.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff -up openssl-1.0.2a/ssl/dtls1.h.dtls1-abi openssl-1.0.2a/ssl/dtls1.h ---- openssl-1.0.2a/ssl/dtls1.h.dtls1-abi 2015-04-21 10:49:57.984781143 +0200 -+++ openssl-1.0.2a/ssl/dtls1.h 2015-04-21 16:41:37.835164264 +0200 -@@ -214,9 +214,6 @@ typedef struct dtls1_state_st { - * loss. - */ - record_pqueue buffered_app_data; -- /* Is set when listening for new connections with dtls1_listen() */ -- unsigned int listen; -- unsigned int link_mtu; /* max on-the-wire DTLS packet size */ - unsigned int mtu; /* max DTLS packet size */ - struct hm_header_st w_msg_hdr; - struct hm_header_st r_msg_hdr; -@@ -241,6 +238,9 @@ typedef struct dtls1_state_st { - * Cleared after the message has been processed. - */ - unsigned int change_cipher_spec_ok; -+ /* Is set when listening for new connections with dtls1_listen() */ -+ unsigned int listen; -+ unsigned int link_mtu; /* max on-the-wire DTLS packet size */ - # ifndef OPENSSL_NO_SCTP - /* used when SSL_ST_XX_FLUSH is entered */ - int next_state; diff --git a/openssl-1.0.2a-enc-fail.patch b/openssl-1.0.2a-enc-fail.patch deleted file mode 100644 index 1dac66d..0000000 --- a/openssl-1.0.2a-enc-fail.patch +++ /dev/null @@ -1,61 +0,0 @@ -diff -up openssl-1.0.2a/crypto/evp/bio_enc.c.enc-fail openssl-1.0.2a/crypto/evp/bio_enc.c ---- openssl-1.0.2a/crypto/evp/bio_enc.c.enc-fail 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/bio_enc.c 2015-04-22 18:10:06.491819948 +0200 -@@ -201,10 +201,14 @@ static int enc_read(BIO *b, char *out, i - break; - } - } else { -- EVP_CipherUpdate(&(ctx->cipher), -- (unsigned char *)ctx->buf, &ctx->buf_len, -- (unsigned char *)&(ctx->buf[BUF_OFFSET]), i); -- ctx->cont = 1; -+ if (!EVP_CipherUpdate(&(ctx->cipher), -+ (unsigned char *)ctx->buf, &ctx->buf_len, -+ (unsigned char *)&(ctx->buf[BUF_OFFSET]), -+ i)) { -+ ctx->ok = 0; -+ ctx->cont = 0; -+ } else -+ ctx->cont = 1; - /* - * Note: it is possible for EVP_CipherUpdate to decrypt zero - * bytes because this is or looks like the final block: if this -@@ -260,9 +264,13 @@ static int enc_write(BIO *b, const char - ctx->buf_off = 0; - while (inl > 0) { - n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; -- EVP_CipherUpdate(&(ctx->cipher), -- (unsigned char *)ctx->buf, &ctx->buf_len, -- (unsigned char *)in, n); -+ if (!EVP_CipherUpdate(&(ctx->cipher), -+ (unsigned char *)ctx->buf, &ctx->buf_len, -+ (unsigned char *)in, n)) { -+ BIO_copy_next_retry(b); -+ ctx->ok = 0; -+ return ret - inl; -+ } - inl -= n; - in += n; - -@@ -298,8 +306,9 @@ static long enc_ctrl(BIO *b, int cmd, lo - case BIO_CTRL_RESET: - ctx->ok = 1; - ctx->finished = 0; -- EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL, -- ctx->cipher.encrypt); -+ if (!EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL, -+ ctx->cipher.encrypt)) -+ ctx->ok = 0; - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_EOF: /* More to read */ -@@ -421,7 +430,8 @@ void BIO_set_cipher(BIO *b, const EVP_CI - - b->init = 1; - ctx = (BIO_ENC_CTX *)b->ptr; -- EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e); -+ if (!EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e)) -+ ctx->ok = 0; - - if (b->callback != NULL) - b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L); diff --git a/openssl-1.0.2a-enginesdir.patch b/openssl-1.0.2a-enginesdir.patch deleted file mode 100644 index 10baf5a..0000000 --- a/openssl-1.0.2a-enginesdir.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff -up openssl-1.0.2a/Configure.enginesdir openssl-1.0.2a/Configure ---- openssl-1.0.2a/Configure.enginesdir 2015-04-20 14:37:58.137392222 +0200 -+++ openssl-1.0.2a/Configure 2015-04-20 14:37:58.140392292 +0200 -@@ -702,6 +702,7 @@ my $idx_multilib = $idx++; - my $prefix=""; - my $libdir=""; - my $openssldir=""; -+my $enginesdir=""; - my $exe_ext=""; - my $install_prefix= "$ENV{'INSTALL_PREFIX'}"; - my $cross_compile_prefix=""; -@@ -929,6 +930,10 @@ PROCESS_ARGS: - { - $openssldir=$1; - } -+ elsif (/^--enginesdir=(.*)$/) -+ { -+ $enginesdir=$1; -+ } - elsif (/^--install.prefix=(.*)$/) - { - $install_prefix=$1; -@@ -1185,7 +1190,7 @@ chop $prefix if $prefix =~ /.\/$/; - - $openssldir=$prefix . "/ssl" if $openssldir eq ""; - $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; -- -+$enginesdir="$prefix/lib/engines" if $enginesdir eq ""; - - print "IsMK1MF=$IsMK1MF\n"; - -@@ -1871,7 +1876,7 @@ while () - } - elsif (/^#define\s+ENGINESDIR/) - { -- my $foo = "$prefix/$libdir/engines"; -+ my $foo = "$enginesdir"; - $foo =~ s/\\/\\\\/g; - print OUT "#define ENGINESDIR \"$foo\"\n"; - } -diff -up openssl-1.0.2a/engines/Makefile.enginesdir openssl-1.0.2a/engines/Makefile ---- openssl-1.0.2a/engines/Makefile.enginesdir 2015-04-20 14:37:58.140392292 +0200 -+++ openssl-1.0.2a/engines/Makefile 2015-04-20 14:40:15.570598383 +0200 -@@ -124,7 +124,7 @@ install: - esac; \ - cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ - fi; \ -- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ - done; \ - fi diff --git a/openssl-1.0.2a-env-zlib.patch b/openssl-1.0.2a-env-zlib.patch deleted file mode 100644 index 328079b..0000000 --- a/openssl-1.0.2a-env-zlib.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff -up openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod.env-zlib openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod ---- openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod.env-zlib 2015-04-09 18:17:20.509637597 +0200 -+++ openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod 2015-04-09 18:17:14.767504953 +0200 -@@ -47,6 +47,13 @@ Once the identities of the compression m - been standardized, the compression API will most likely be changed. Using - it in the current state is not recommended. - -+It is also not recommended to use compression if data transfered contain -+untrusted parts that can be manipulated by an attacker as he could then -+get information about the encrypted data. See the CRIME attack. For -+that reason the default loading of the zlib compression method is -+disabled and enabled only if the environment variable B -+is present during the library initialization. -+ - =head1 RETURN VALUES - - SSL_COMP_add_compression_method() may return the following values: -diff -up openssl-1.0.2a/ssl/ssl_ciph.c.env-zlib openssl-1.0.2a/ssl/ssl_ciph.c ---- openssl-1.0.2a/ssl/ssl_ciph.c.env-zlib 2015-04-09 18:17:20.510637620 +0200 -+++ openssl-1.0.2a/ssl/ssl_ciph.c 2015-04-09 18:17:20.264631937 +0200 -@@ -140,6 +140,8 @@ - * OTHERWISE. - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include - #include - #ifndef OPENSSL_NO_COMP -@@ -450,7 +452,8 @@ static void load_builtin_compressions(vo - - MemCheck_off(); - ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); -- if (ssl_comp_methods != NULL) { -+ if (ssl_comp_methods != NULL -+ && secure_getenv("OPENSSL_DEFAULT_ZLIB") != NULL) { - comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); - if (comp != NULL) { - comp->method = COMP_zlib(); diff --git a/openssl-1.0.2a-fips-ctor.patch b/openssl-1.0.2a-fips-ctor.patch deleted file mode 100644 index 65f652c..0000000 --- a/openssl-1.0.2a-fips-ctor.patch +++ /dev/null @@ -1,174 +0,0 @@ -diff -up openssl-1.0.2a/crypto/fips/fips.c.fips-ctor openssl-1.0.2a/crypto/fips/fips.c ---- openssl-1.0.2a/crypto/fips/fips.c.fips-ctor 2015-04-21 17:42:18.702765856 +0200 -+++ openssl-1.0.2a/crypto/fips/fips.c 2015-04-21 17:42:18.742766794 +0200 -@@ -60,6 +60,8 @@ - #include - #include - #include -+#include -+#include - #include "fips_locl.h" - - #ifdef OPENSSL_FIPS -@@ -201,7 +203,9 @@ static char *bin2hex(void *buf, size_t l - } - - # define HMAC_PREFIX "." --# define HMAC_SUFFIX ".hmac" -+# ifndef HMAC_SUFFIX -+# define HMAC_SUFFIX ".hmac" -+# endif - # define READ_BUFFER_LENGTH 16384 - - static char *make_hmac_path(const char *origpath) -@@ -279,20 +283,14 @@ static int compute_file_hmac(const char - return rv; - } - --static int FIPSCHECK_verify(const char *libname, const char *symbolname) -+static int FIPSCHECK_verify(const char *path) - { -- char path[PATH_MAX + 1]; -- int rv; -+ int rv = 0; - FILE *hf; - char *hmacpath, *p; - char *hmac = NULL; - size_t n; - -- rv = get_library_path(libname, symbolname, path, sizeof(path)); -- -- if (rv < 0) -- return 0; -- - hmacpath = make_hmac_path(path); - if (hmacpath == NULL) - return 0; -@@ -343,6 +341,51 @@ static int FIPSCHECK_verify(const char * - return 1; - } - -+static int verify_checksums(void) -+{ -+ int rv; -+ char path[PATH_MAX + 1]; -+ char *p; -+ -+ /* we need to avoid dlopening libssl, assume both libcrypto and libssl -+ are in the same directory */ -+ -+ rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER, -+ "FIPS_mode_set", path, sizeof(path)); -+ if (rv < 0) -+ return 0; -+ -+ rv = FIPSCHECK_verify(path); -+ if (!rv) -+ return 0; -+ -+ /* replace libcrypto with libssl */ -+ while ((p = strstr(path, "libcrypto.so")) != NULL) { -+ p = stpcpy(p, "libssl"); -+ memmove(p, p + 3, strlen(p + 2)); -+ } -+ -+ rv = FIPSCHECK_verify(path); -+ if (!rv) -+ return 0; -+ return 1; -+} -+ -+# ifndef FIPS_MODULE_PATH -+# define FIPS_MODULE_PATH "/etc/system-fips" -+# endif -+ -+int FIPS_module_installed(void) -+{ -+ int rv; -+ rv = access(FIPS_MODULE_PATH, F_OK); -+ if (rv < 0 && errno != ENOENT) -+ rv = 0; -+ -+ /* Installed == true */ -+ return !rv; -+} -+ - int FIPS_module_mode_set(int onoff, const char *auth) - { - int ret = 0; -@@ -380,17 +423,7 @@ int FIPS_module_mode_set(int onoff, cons - } - # endif - -- if (!FIPSCHECK_verify -- ("libcrypto.so." SHLIB_VERSION_NUMBER, "FIPS_mode_set")) { -- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET, -- FIPS_R_FINGERPRINT_DOES_NOT_MATCH); -- fips_selftest_fail = 1; -- ret = 0; -- goto end; -- } -- -- if (!FIPSCHECK_verify -- ("libssl.so." SHLIB_VERSION_NUMBER, "SSL_CTX_new")) { -+ if (!verify_checksums()) { - FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET, - FIPS_R_FINGERPRINT_DOES_NOT_MATCH); - fips_selftest_fail = 1; -diff -up openssl-1.0.2a/crypto/fips/fips.h.fips-ctor openssl-1.0.2a/crypto/fips/fips.h ---- openssl-1.0.2a/crypto/fips/fips.h.fips-ctor 2015-04-21 17:42:18.739766724 +0200 -+++ openssl-1.0.2a/crypto/fips/fips.h 2015-04-21 17:42:18.743766818 +0200 -@@ -74,6 +74,7 @@ extern "C" { - - int FIPS_module_mode_set(int onoff, const char *auth); - int FIPS_module_mode(void); -+ int FIPS_module_installed(void); - const void *FIPS_rand_check(void); - int FIPS_selftest(void); - int FIPS_selftest_failed(void); -diff -up openssl-1.0.2a/crypto/o_init.c.fips-ctor openssl-1.0.2a/crypto/o_init.c ---- openssl-1.0.2a/crypto/o_init.c.fips-ctor 2015-04-21 17:42:18.732766559 +0200 -+++ openssl-1.0.2a/crypto/o_init.c 2015-04-21 17:45:02.662613173 +0200 -@@ -74,6 +74,9 @@ static void init_fips_mode(void) - char buf[2] = "0"; - int fd; - -+ /* Ensure the selftests always run */ -+ FIPS_mode_set(1); -+ - if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { - buf[0] = '1'; - } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { -@@ -85,8 +88,12 @@ static void init_fips_mode(void) - * otherwise.. - */ - -- if (buf[0] == '1') { -- FIPS_mode_set(1); -+ if (buf[0] != '1') { -+ /* drop down to non-FIPS mode if it is not requested */ -+ FIPS_mode_set(0); -+ } else { -+ /* abort if selftest failed */ -+ FIPS_selftest_check(); - } - } - #endif -@@ -96,13 +103,16 @@ static void init_fips_mode(void) - * sets FIPS callbacks - */ - --void OPENSSL_init_library(void) -+void __attribute__ ((constructor)) OPENSSL_init_library(void) - { - static int done = 0; - if (done) - return; - done = 1; - #ifdef OPENSSL_FIPS -+ if (!FIPS_module_installed()) { -+ return; -+ } - RAND_init_fips(); - init_fips_mode(); - if (!FIPS_mode()) { diff --git a/openssl-1.0.2a-fips-ec.patch b/openssl-1.0.2a-fips-ec.patch deleted file mode 100644 index e42f4a1..0000000 --- a/openssl-1.0.2a-fips-ec.patch +++ /dev/null @@ -1,1929 +0,0 @@ -diff -up openssl-1.0.2a/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.2a/crypto/ecdh/ecdhtest.c ---- openssl-1.0.2a/crypto/ecdh/ecdhtest.c.fips-ec 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/ecdh/ecdhtest.c 2015-04-22 19:00:19.721884512 +0200 -@@ -501,11 +501,13 @@ int main(int argc, char *argv[]) - goto err; - - /* NIST PRIME CURVES TESTS */ -+# if 0 - if (!test_ecdh_curve - (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) - goto err; - if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) - goto err; -+# endif - if (!test_ecdh_curve - (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) - goto err; -@@ -536,13 +538,14 @@ int main(int argc, char *argv[]) - if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) - goto err; - # endif -+# if 0 - if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256)) - goto err; - if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384)) - goto err; - if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512)) - goto err; -- -+# endif - ret = 0; - - err: -diff -up openssl-1.0.2a/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.2a/crypto/ecdh/ech_lib.c ---- openssl-1.0.2a/crypto/ecdh/ech_lib.c.fips-ec 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/ecdh/ech_lib.c 2015-04-22 19:00:19.721884512 +0200 -@@ -93,14 +93,7 @@ void ECDH_set_default_method(const ECDH_ - const ECDH_METHOD *ECDH_get_default_method(void) - { - if (!default_ECDH_method) { --#ifdef OPENSSL_FIPS -- if (FIPS_mode()) -- return FIPS_ecdh_openssl(); -- else -- return ECDH_OpenSSL(); --#else - default_ECDH_method = ECDH_OpenSSL(); --#endif - } - return default_ECDH_method; - } -diff -up openssl-1.0.2a/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.2a/crypto/ecdh/ech_ossl.c ---- openssl-1.0.2a/crypto/ecdh/ech_ossl.c.fips-ec 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/ecdh/ech_ossl.c 2015-04-22 19:00:19.722884536 +0200 -@@ -78,6 +78,10 @@ - #include - #include - -+#ifdef OPENSSL_FIPS -+# include -+#endif -+ - static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, - EC_KEY *ecdh, - void *(*KDF) (const void *in, size_t inlen, -@@ -90,7 +94,7 @@ static ECDH_METHOD openssl_ecdh_meth = { - NULL, /* init */ - NULL, /* finish */ - #endif -- 0, /* flags */ -+ ECDH_FLAG_FIPS_METHOD, /* flags */ - NULL /* app_data */ - }; - -@@ -119,6 +123,13 @@ static int ecdh_compute_key(void *out, s - size_t buflen, len; - unsigned char *buf = NULL; - -+#ifdef OPENSSL_FIPS -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_ECDH_COMPUTE_KEY, FIPS_R_FIPS_SELFTEST_FAILED); -+ return -1; -+ } -+#endif -+ - if (outlen > INT_MAX) { - ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); /* sort of, - * anyway */ -diff -up openssl-1.0.2a/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.2a/crypto/ecdsa/ecdsatest.c ---- openssl-1.0.2a/crypto/ecdsa/ecdsatest.c.fips-ec 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/ecdsa/ecdsatest.c 2015-04-22 19:00:19.722884536 +0200 -@@ -138,11 +138,14 @@ int restore_rand(void) - } - - static int fbytes_counter = 0; --static const char *numbers[8] = { -+static const char *numbers[10] = { -+ "651056770906015076056810763456358567190100156695615665659", - "651056770906015076056810763456358567190100156695615665659", - "6140507067065001063065065565667405560006161556565665656654", - "8763001015071075675010661307616710783570106710677817767166" - "71676178726717", -+ "8763001015071075675010661307616710783570106710677817767166" -+ "71676178726717", - "7000000175690566466555057817571571075705015757757057795755" - "55657156756655", - "1275552191113212300012030439187146164646146646466749494799", -@@ -158,7 +161,7 @@ int fbytes(unsigned char *buf, int num) - int ret; - BIGNUM *tmp = NULL; - -- if (fbytes_counter >= 8) -+ if (fbytes_counter >= 10) - return 0; - tmp = BN_new(); - if (!tmp) -@@ -532,8 +535,10 @@ int main(void) - RAND_seed(rnd_seed, sizeof(rnd_seed)); - - /* the tests */ -+# if 0 - if (!x9_62_tests(out)) - goto err; -+# endif - if (!test_builtin(out)) - goto err; - -diff -up openssl-1.0.2a/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.2a/crypto/ecdsa/ecs_lib.c ---- openssl-1.0.2a/crypto/ecdsa/ecs_lib.c.fips-ec 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/ecdsa/ecs_lib.c 2015-04-22 19:00:19.722884536 +0200 -@@ -80,14 +80,7 @@ void ECDSA_set_default_method(const ECDS - const ECDSA_METHOD *ECDSA_get_default_method(void) - { - if (!default_ECDSA_method) { --#ifdef OPENSSL_FIPS -- if (FIPS_mode()) -- return FIPS_ecdsa_openssl(); -- else -- return ECDSA_OpenSSL(); --#else - default_ECDSA_method = ECDSA_OpenSSL(); --#endif - } - return default_ECDSA_method; - } -diff -up openssl-1.0.2a/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.2a/crypto/ecdsa/ecs_ossl.c ---- openssl-1.0.2a/crypto/ecdsa/ecs_ossl.c.fips-ec 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/ecdsa/ecs_ossl.c 2015-04-22 19:00:19.722884536 +0200 -@@ -60,6 +60,9 @@ - #include - #include - #include -+#ifdef OPENSSL_FIPS -+# include -+#endif - - static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, - const BIGNUM *, const BIGNUM *, -@@ -78,7 +81,7 @@ static ECDSA_METHOD openssl_ecdsa_meth = - NULL, /* init */ - NULL, /* finish */ - #endif -- 0, /* flags */ -+ ECDSA_FLAG_FIPS_METHOD, /* flags */ - NULL /* app_data */ - }; - -@@ -245,6 +248,13 @@ static ECDSA_SIG *ecdsa_do_sign(const un - ECDSA_DATA *ecdsa; - const BIGNUM *priv_key; - -+#ifdef OPENSSL_FIPS -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_ECDSA_DO_SIGN, FIPS_R_FIPS_SELFTEST_FAILED); -+ return NULL; -+ } -+#endif -+ - ecdsa = ecdsa_check(eckey); - group = EC_KEY_get0_group(eckey); - priv_key = EC_KEY_get0_private_key(eckey); -@@ -358,6 +368,13 @@ static int ecdsa_do_verify(const unsigne - const EC_GROUP *group; - const EC_POINT *pub_key; - -+#ifdef OPENSSL_FIPS -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_ECDSA_DO_VERIFY, FIPS_R_FIPS_SELFTEST_FAILED); -+ return -1; -+ } -+#endif -+ - /* check input values */ - if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || - (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -diff -up openssl-1.0.2a/crypto/ec/ec_cvt.c.fips-ec openssl-1.0.2a/crypto/ec/ec_cvt.c ---- openssl-1.0.2a/crypto/ec/ec_cvt.c.fips-ec 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/ec/ec_cvt.c 2015-04-22 19:01:08.703040756 +0200 -@@ -82,10 +82,6 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const B - const EC_METHOD *meth; - EC_GROUP *ret; - --#ifdef OPENSSL_FIPS -- if (FIPS_mode()) -- return FIPS_ec_group_new_curve_gfp(p, a, b, ctx); --#endif - #if defined(OPENSSL_BN_ASM_MONT) - /* - * This might appear controversial, but the fact is that generic -@@ -160,10 +156,6 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const - const EC_METHOD *meth; - EC_GROUP *ret; - --# ifdef OPENSSL_FIPS -- if (FIPS_mode()) -- return FIPS_ec_group_new_curve_gf2m(p, a, b, ctx); --# endif - meth = EC_GF2m_simple_method(); - - ret = EC_GROUP_new(meth); -diff -up openssl-1.0.2a/crypto/ec/ec_key.c.fips-ec openssl-1.0.2a/crypto/ec/ec_key.c ---- openssl-1.0.2a/crypto/ec/ec_key.c.fips-ec 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/ec/ec_key.c 2015-04-22 19:00:19.722884536 +0200 -@@ -64,9 +64,6 @@ - #include - #include "ec_lcl.h" - #include --#ifdef OPENSSL_FIPS --# include --#endif - - EC_KEY *EC_KEY_new(void) - { -@@ -227,6 +224,38 @@ int EC_KEY_up_ref(EC_KEY *r) - return ((i > 1) ? 1 : 0); - } - -+#ifdef OPENSSL_FIPS -+ -+# include -+# include -+# include -+ -+static int fips_check_ec(EC_KEY *key) -+{ -+ EVP_PKEY *pk; -+ unsigned char tbs[] = "ECDSA Pairwise Check Data"; -+ int ret = 0; -+ -+ if ((pk = EVP_PKEY_new()) == NULL) -+ goto err; -+ -+ EVP_PKEY_set1_EC_KEY(pk, key); -+ -+ if (fips_pkey_signature_test(pk, tbs, -1, NULL, 0, NULL, 0, NULL)) -+ ret = 1; -+ -+ err: -+ if (ret == 0) { -+ FIPSerr(FIPS_F_FIPS_CHECK_EC, FIPS_R_PAIRWISE_TEST_FAILED); -+ fips_set_selftest_fail(); -+ } -+ if (pk) -+ EVP_PKEY_free(pk); -+ return ret; -+} -+ -+#endif -+ - int EC_KEY_generate_key(EC_KEY *eckey) - { - int ok = 0; -@@ -235,8 +264,10 @@ int EC_KEY_generate_key(EC_KEY *eckey) - EC_POINT *pub_key = NULL; - - #ifdef OPENSSL_FIPS -- if (FIPS_mode()) -- return FIPS_ec_key_generate_key(eckey); -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_EC_KEY_GENERATE_KEY, FIPS_R_FIPS_SELFTEST_FAILED); -+ return 0; -+ } - #endif - - if (!eckey || !eckey->group) { -@@ -277,6 +308,14 @@ int EC_KEY_generate_key(EC_KEY *eckey) - eckey->priv_key = priv_key; - eckey->pub_key = pub_key; - -+#ifdef OPENSSL_FIPS -+ if (!fips_check_ec(eckey)) { -+ eckey->priv_key = NULL; -+ eckey->pub_key = NULL; -+ goto err; -+ } -+#endif -+ - ok = 1; - - err: -@@ -408,10 +447,12 @@ int EC_KEY_set_public_key_affine_coordin - goto err; - } - /* -- * Check if retrieved coordinates match originals: if not values are out -- * of range. -+ * Check if retrieved coordinates match originals and are less -+ * than field order: if not values are out of range. - */ -- if (BN_cmp(x, tx) || BN_cmp(y, ty)) { -+ if (BN_cmp(x, tx) || BN_cmp(y, ty) -+ || (BN_cmp(x, &key->group->field) >= 0) -+ || (BN_cmp(y, &key->group->field) >= 0)) { - ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, - EC_R_COORDINATES_OUT_OF_RANGE); - goto err; -diff -up openssl-1.0.2a/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.2a/crypto/ec/ecp_mont.c ---- openssl-1.0.2a/crypto/ec/ecp_mont.c.fips-ec 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/ec/ecp_mont.c 2015-04-22 19:00:19.722884536 +0200 -@@ -63,10 +63,6 @@ - - #include - --#ifdef OPENSSL_FIPS --# include --#endif -- - #include "ec_lcl.h" - - const EC_METHOD *EC_GFp_mont_method(void) -@@ -111,11 +107,6 @@ const EC_METHOD *EC_GFp_mont_method(void - ec_GFp_mont_field_set_to_one - }; - --#ifdef OPENSSL_FIPS -- if (FIPS_mode()) -- return fips_ec_gfp_mont_method(); --#endif -- - return &ret; - } - -diff -up openssl-1.0.2a/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.2a/crypto/ec/ecp_nist.c ---- openssl-1.0.2a/crypto/ec/ecp_nist.c.fips-ec 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/ec/ecp_nist.c 2015-04-22 19:00:19.723884560 +0200 -@@ -67,10 +67,6 @@ - #include - #include "ec_lcl.h" - --#ifdef OPENSSL_FIPS --# include --#endif -- - const EC_METHOD *EC_GFp_nist_method(void) - { - static const EC_METHOD ret = { -@@ -113,11 +109,6 @@ const EC_METHOD *EC_GFp_nist_method(void - 0 /* field_set_to_one */ - }; - --#ifdef OPENSSL_FIPS -- if (FIPS_mode()) -- return fips_ec_gfp_nist_method(); --#endif -- - return &ret; - } - -diff -up openssl-1.0.2a/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.2a/crypto/ec/ecp_smpl.c ---- openssl-1.0.2a/crypto/ec/ecp_smpl.c.fips-ec 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/ec/ecp_smpl.c 2015-04-22 19:00:19.723884560 +0200 -@@ -66,10 +66,6 @@ - #include - #include - --#ifdef OPENSSL_FIPS --# include --#endif -- - #include "ec_lcl.h" - - const EC_METHOD *EC_GFp_simple_method(void) -@@ -114,11 +110,6 @@ const EC_METHOD *EC_GFp_simple_method(vo - 0 /* field_set_to_one */ - }; - --#ifdef OPENSSL_FIPS -- if (FIPS_mode()) -- return fips_ec_gfp_simple_method(); --#endif -- - return &ret; - } - -@@ -187,6 +178,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO - return 0; - } - -+ if (BN_num_bits(p) < 256) { -+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); -+ return 0; -+ } -+ - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) -diff -up openssl-1.0.2a/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.2a/crypto/evp/m_ecdsa.c ---- openssl-1.0.2a/crypto/evp/m_ecdsa.c.fips-ec 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/evp/m_ecdsa.c 2015-04-22 19:00:19.723884560 +0200 -@@ -136,7 +136,7 @@ static const EVP_MD ecdsa_md = { - NID_ecdsa_with_SHA1, - NID_ecdsa_with_SHA1, - SHA_DIGEST_LENGTH, -- EVP_MD_FLAG_PKEY_DIGEST, -+ EVP_MD_FLAG_PKEY_DIGEST | EVP_MD_FLAG_FIPS, - init, - update, - final, -diff -up openssl-1.0.2a/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.2a/crypto/fips/cavs/fips_ecdhvs.c ---- openssl-1.0.2a/crypto/fips/cavs/fips_ecdhvs.c.fips-ec 2015-04-22 19:00:19.723884560 +0200 -+++ openssl-1.0.2a/crypto/fips/cavs/fips_ecdhvs.c 2015-04-22 19:00:19.723884560 +0200 -@@ -0,0 +1,456 @@ -+/* fips/ecdh/fips_ecdhvs.c */ -+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ */ -+ -+#define OPENSSL_FIPSAPI -+#include -+ -+#ifndef OPENSSL_FIPS -+# include -+ -+int main(int argc, char **argv) -+{ -+ printf("No FIPS ECDH support\n"); -+ return (0); -+} -+#else -+ -+# include -+# include -+# include -+# include -+# include -+# include -+# include -+# include -+ -+# include "fips_utl.h" -+ -+static const EVP_MD *eparse_md(char *line) -+{ -+ char *p; -+ if (line[0] != '[' || line[1] != 'E') -+ return NULL; -+ p = strchr(line, '-'); -+ if (!p) -+ return NULL; -+ line = p + 1; -+ p = strchr(line, ']'); -+ if (!p) -+ return NULL; -+ *p = 0; -+ p = line; -+ while (isspace(*p)) -+ p++; -+ if (!strcmp(p, "SHA1")) -+ return EVP_sha1(); -+ else if (!strcmp(p, "SHA224")) -+ return EVP_sha224(); -+ else if (!strcmp(p, "SHA256")) -+ return EVP_sha256(); -+ else if (!strcmp(p, "SHA384")) -+ return EVP_sha384(); -+ else if (!strcmp(p, "SHA512")) -+ return EVP_sha512(); -+ else -+ return NULL; -+} -+ -+static int lookup_curve2(char *cname) -+{ -+ char *p; -+ p = strchr(cname, ']'); -+ if (!p) { -+ fprintf(stderr, "Parse error: missing ]\n"); -+ return NID_undef; -+ } -+ *p = 0; -+ -+ if (!strcmp(cname, "B-163")) -+ return NID_sect163r2; -+ if (!strcmp(cname, "B-233")) -+ return NID_sect233r1; -+ if (!strcmp(cname, "B-283")) -+ return NID_sect283r1; -+ if (!strcmp(cname, "B-409")) -+ return NID_sect409r1; -+ if (!strcmp(cname, "B-571")) -+ return NID_sect571r1; -+ if (!strcmp(cname, "K-163")) -+ return NID_sect163k1; -+ if (!strcmp(cname, "K-233")) -+ return NID_sect233k1; -+ if (!strcmp(cname, "K-283")) -+ return NID_sect283k1; -+ if (!strcmp(cname, "K-409")) -+ return NID_sect409k1; -+ if (!strcmp(cname, "K-571")) -+ return NID_sect571k1; -+ if (!strcmp(cname, "P-192")) -+ return NID_X9_62_prime192v1; -+ if (!strcmp(cname, "P-224")) -+ return NID_secp224r1; -+ if (!strcmp(cname, "P-256")) -+ return NID_X9_62_prime256v1; -+ if (!strcmp(cname, "P-384")) -+ return NID_secp384r1; -+ if (!strcmp(cname, "P-521")) -+ return NID_secp521r1; -+ -+ fprintf(stderr, "Unknown Curve name %s\n", cname); -+ return NID_undef; -+} -+ -+static int lookup_curve(char *cname) -+{ -+ char *p; -+ p = strchr(cname, ':'); -+ if (!p) { -+ fprintf(stderr, "Parse error: missing :\n"); -+ return NID_undef; -+ } -+ cname = p + 1; -+ while (isspace(*cname)) -+ cname++; -+ return lookup_curve2(cname); -+} -+ -+static EC_POINT *make_peer(EC_GROUP *group, BIGNUM *x, BIGNUM *y) -+{ -+ EC_POINT *peer; -+ int rv; -+ BN_CTX *c; -+ peer = EC_POINT_new(group); -+ if (!peer) -+ return NULL; -+ c = BN_CTX_new(); -+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) -+ == NID_X9_62_prime_field) -+ rv = EC_POINT_set_affine_coordinates_GFp(group, peer, x, y, c); -+ else -+# ifdef OPENSSL_NO_EC2M -+ { -+ fprintf(stderr, "ERROR: GF2m not supported\n"); -+ exit(1); -+ } -+# else -+ rv = EC_POINT_set_affine_coordinates_GF2m(group, peer, x, y, c); -+# endif -+ -+ BN_CTX_free(c); -+ if (rv) -+ return peer; -+ EC_POINT_free(peer); -+ return NULL; -+} -+ -+static int ec_print_key(FILE *out, EC_KEY *key, int add_e, int exout) -+{ -+ const EC_POINT *pt; -+ const EC_GROUP *grp; -+ const EC_METHOD *meth; -+ int rv; -+ BIGNUM *tx, *ty; -+ const BIGNUM *d = NULL; -+ BN_CTX *ctx; -+ ctx = BN_CTX_new(); -+ if (!ctx) -+ return 0; -+ tx = BN_CTX_get(ctx); -+ ty = BN_CTX_get(ctx); -+ if (!tx || !ty) -+ return 0; -+ grp = EC_KEY_get0_group(key); -+ pt = EC_KEY_get0_public_key(key); -+ if (exout) -+ d = EC_KEY_get0_private_key(key); -+ meth = EC_GROUP_method_of(grp); -+ if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field) -+ rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, tx, ty, ctx); -+ else -+# ifdef OPENSSL_NO_EC2M -+ { -+ fprintf(stderr, "ERROR: GF2m not supported\n"); -+ exit(1); -+ } -+# else -+ rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, tx, ty, ctx); -+# endif -+ -+ if (add_e) { -+ do_bn_print_name(out, "QeIUTx", tx); -+ do_bn_print_name(out, "QeIUTy", ty); -+ if (d) -+ do_bn_print_name(out, "QeIUTd", d); -+ } else { -+ do_bn_print_name(out, "QIUTx", tx); -+ do_bn_print_name(out, "QIUTy", ty); -+ if (d) -+ do_bn_print_name(out, "QIUTd", d); -+ } -+ -+ BN_CTX_free(ctx); -+ -+ return rv; -+ -+} -+ -+static void ec_output_Zhash(FILE *out, int exout, EC_GROUP *group, -+ BIGNUM *ix, BIGNUM *iy, BIGNUM *id, BIGNUM *cx, -+ BIGNUM *cy, const EVP_MD *md, -+ unsigned char *rhash, size_t rhashlen) -+{ -+ EC_KEY *ec = NULL; -+ EC_POINT *peerkey = NULL; -+ unsigned char *Z; -+ unsigned char chash[EVP_MAX_MD_SIZE]; -+ int Zlen; -+ ec = EC_KEY_new(); -+ EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH); -+ EC_KEY_set_group(ec, group); -+ peerkey = make_peer(group, cx, cy); -+ if (rhash == NULL) { -+ if (md) -+ rhashlen = M_EVP_MD_size(md); -+ EC_KEY_generate_key(ec); -+ ec_print_key(out, ec, md ? 1 : 0, exout); -+ } else { -+ EC_KEY_set_public_key_affine_coordinates(ec, ix, iy); -+ EC_KEY_set_private_key(ec, id); -+ } -+ Zlen = (EC_GROUP_get_degree(group) + 7) / 8; -+ Z = OPENSSL_malloc(Zlen); -+ if (!Z) -+ exit(1); -+ ECDH_compute_key(Z, Zlen, peerkey, ec, 0); -+ if (md) { -+ if (exout) -+ OutputValue("Z", Z, Zlen, out, 0); -+ FIPS_digest(Z, Zlen, chash, NULL, md); -+ OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0); -+ if (rhash) { -+ fprintf(out, "Result = %s\n", -+ memcmp(chash, rhash, rhashlen) ? "F" : "P"); -+ } -+ } else -+ OutputValue("ZIUT", Z, Zlen, out, 0); -+ OPENSSL_cleanse(Z, Zlen); -+ OPENSSL_free(Z); -+ EC_KEY_free(ec); -+ EC_POINT_free(peerkey); -+} -+ -+# ifdef FIPS_ALGVS -+int fips_ecdhvs_main(int argc, char **argv) -+# else -+int main(int argc, char **argv) -+# endif -+{ -+ char **args = argv + 1; -+ int argn = argc - 1; -+ FILE *in, *out; -+ char buf[2048], lbuf[2048]; -+ unsigned char *rhash = NULL; -+ long rhashlen; -+ BIGNUM *cx = NULL, *cy = NULL; -+ BIGNUM *id = NULL, *ix = NULL, *iy = NULL; -+ const EVP_MD *md = NULL; -+ EC_GROUP *group = NULL; -+ char *keyword = NULL, *value = NULL; -+ int do_verify = -1, exout = 0; -+ int rv = 1; -+ -+ int curve_nids[5] = { 0, 0, 0, 0, 0 }; -+ int param_set = -1; -+ -+ fips_algtest_init(); -+ -+ if (argn && !strcmp(*args, "ecdhver")) { -+ do_verify = 1; -+ args++; -+ argn--; -+ } else if (argn && !strcmp(*args, "ecdhgen")) { -+ do_verify = 0; -+ args++; -+ argn--; -+ } -+ -+ if (argn && !strcmp(*args, "-exout")) { -+ exout = 1; -+ args++; -+ argn--; -+ } -+ -+ if (do_verify == -1) { -+ fprintf(stderr, "%s [ecdhver|ecdhgen|] [-exout] (infile outfile)\n", -+ argv[0]); -+ exit(1); -+ } -+ -+ if (argn == 2) { -+ in = fopen(*args, "r"); -+ if (!in) { -+ fprintf(stderr, "Error opening input file\n"); -+ exit(1); -+ } -+ out = fopen(args[1], "w"); -+ if (!out) { -+ fprintf(stderr, "Error opening output file\n"); -+ exit(1); -+ } -+ } else if (argn == 0) { -+ in = stdin; -+ out = stdout; -+ } else { -+ fprintf(stderr, "%s [dhver|dhgen|] [-exout] (infile outfile)\n", -+ argv[0]); -+ exit(1); -+ } -+ -+ while (fgets(buf, sizeof(buf), in) != NULL) { -+ fputs(buf, out); -+ if (buf[0] == '[' && buf[1] == 'E') { -+ int c = buf[2]; -+ if (c < 'A' || c > 'E') -+ goto parse_error; -+ param_set = c - 'A'; -+ /* If just [E?] then initial paramset */ -+ if (buf[3] == ']') -+ continue; -+ if (group) -+ EC_GROUP_free(group); -+ group = EC_GROUP_new_by_curve_name(curve_nids[c - 'A']); -+ } -+ if (strlen(buf) > 10 && !strncmp(buf, "[Curve", 6)) { -+ int nid; -+ if (param_set == -1) -+ goto parse_error; -+ nid = lookup_curve(buf); -+ if (nid == NID_undef) -+ goto parse_error; -+ curve_nids[param_set] = nid; -+ } -+ -+ if (strlen(buf) > 4 && buf[0] == '[' && buf[2] == '-') { -+ int nid = lookup_curve2(buf + 1); -+ if (nid == NID_undef) -+ goto parse_error; -+ if (group) -+ EC_GROUP_free(group); -+ group = EC_GROUP_new_by_curve_name(nid); -+ if (!group) { -+ fprintf(stderr, "ERROR: unsupported curve %s\n", buf + 1); -+ return 1; -+ } -+ } -+ -+ if (strlen(buf) > 6 && !strncmp(buf, "[E", 2)) { -+ md = eparse_md(buf); -+ if (md == NULL) -+ goto parse_error; -+ continue; -+ } -+ if (!parse_line(&keyword, &value, lbuf, buf)) -+ continue; -+ if (!strcmp(keyword, "QeCAVSx") || !strcmp(keyword, "QCAVSx")) { -+ if (!do_hex2bn(&cx, value)) -+ goto parse_error; -+ } else if (!strcmp(keyword, "QeCAVSy") || !strcmp(keyword, "QCAVSy")) { -+ if (!do_hex2bn(&cy, value)) -+ goto parse_error; -+ if (do_verify == 0) -+ ec_output_Zhash(out, exout, group, -+ NULL, NULL, NULL, -+ cx, cy, md, rhash, rhashlen); -+ } else if (!strcmp(keyword, "deIUT")) { -+ if (!do_hex2bn(&id, value)) -+ goto parse_error; -+ } else if (!strcmp(keyword, "QeIUTx")) { -+ if (!do_hex2bn(&ix, value)) -+ goto parse_error; -+ } else if (!strcmp(keyword, "QeIUTy")) { -+ if (!do_hex2bn(&iy, value)) -+ goto parse_error; -+ } else if (!strcmp(keyword, "CAVSHashZZ")) { -+ if (!md) -+ goto parse_error; -+ rhash = hex2bin_m(value, &rhashlen); -+ if (!rhash || rhashlen != M_EVP_MD_size(md)) -+ goto parse_error; -+ ec_output_Zhash(out, exout, group, ix, iy, id, cx, cy, -+ md, rhash, rhashlen); -+ } -+ } -+ rv = 0; -+ parse_error: -+ if (id) -+ BN_free(id); -+ if (ix) -+ BN_free(ix); -+ if (iy) -+ BN_free(iy); -+ if (cx) -+ BN_free(cx); -+ if (cy) -+ BN_free(cy); -+ if (group) -+ EC_GROUP_free(group); -+ if (in && in != stdin) -+ fclose(in); -+ if (out && out != stdout) -+ fclose(out); -+ if (rv) -+ fprintf(stderr, "Error Parsing request file\n"); -+ return rv; -+} -+ -+#endif -diff -up openssl-1.0.2a/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.2a/crypto/fips/cavs/fips_ecdsavs.c ---- openssl-1.0.2a/crypto/fips/cavs/fips_ecdsavs.c.fips-ec 2015-04-22 19:00:19.723884560 +0200 -+++ openssl-1.0.2a/crypto/fips/cavs/fips_ecdsavs.c 2015-04-22 19:00:19.723884560 +0200 -@@ -0,0 +1,486 @@ -+/* fips/ecdsa/fips_ecdsavs.c */ -+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ */ -+ -+#define OPENSSL_FIPSAPI -+#include -+#include -+ -+#ifndef OPENSSL_FIPS -+ -+int main(int argc, char **argv) -+{ -+ printf("No FIPS ECDSA support\n"); -+ return (0); -+} -+#else -+ -+# include -+# include -+# include -+# include -+# include -+# include -+# include "fips_utl.h" -+ -+# include -+ -+static int elookup_curve(char *in, char *curve_name, const EVP_MD **pmd) -+{ -+ char *cname, *p; -+ /* Copy buffer as we will change it */ -+ strcpy(curve_name, in); -+ cname = curve_name + 1; -+ p = strchr(cname, ']'); -+ if (!p) { -+ fprintf(stderr, "Parse error: missing ]\n"); -+ return NID_undef; -+ } -+ *p = 0; -+ p = strchr(cname, ','); -+ if (p) { -+ if (!pmd) { -+ fprintf(stderr, "Parse error: unexpected digest\n"); -+ return NID_undef; -+ } -+ *p = 0; -+ p++; -+ -+ if (!strcmp(p, "SHA-1")) -+ *pmd = EVP_sha1(); -+ else if (!strcmp(p, "SHA-224")) -+ *pmd = EVP_sha224(); -+ else if (!strcmp(p, "SHA-256")) -+ *pmd = EVP_sha256(); -+ else if (!strcmp(p, "SHA-384")) -+ *pmd = EVP_sha384(); -+ else if (!strcmp(p, "SHA-512")) -+ *pmd = EVP_sha512(); -+ else { -+ fprintf(stderr, "Unknown digest %s\n", p); -+ return NID_undef; -+ } -+ } else if (pmd) -+ *pmd = EVP_sha1(); -+ -+ if (!strcmp(cname, "B-163")) -+ return NID_sect163r2; -+ if (!strcmp(cname, "B-233")) -+ return NID_sect233r1; -+ if (!strcmp(cname, "B-283")) -+ return NID_sect283r1; -+ if (!strcmp(cname, "B-409")) -+ return NID_sect409r1; -+ if (!strcmp(cname, "B-571")) -+ return NID_sect571r1; -+ if (!strcmp(cname, "K-163")) -+ return NID_sect163k1; -+ if (!strcmp(cname, "K-233")) -+ return NID_sect233k1; -+ if (!strcmp(cname, "K-283")) -+ return NID_sect283k1; -+ if (!strcmp(cname, "K-409")) -+ return NID_sect409k1; -+ if (!strcmp(cname, "K-571")) -+ return NID_sect571k1; -+ if (!strcmp(cname, "P-192")) -+ return NID_X9_62_prime192v1; -+ if (!strcmp(cname, "P-224")) -+ return NID_secp224r1; -+ if (!strcmp(cname, "P-256")) -+ return NID_X9_62_prime256v1; -+ if (!strcmp(cname, "P-384")) -+ return NID_secp384r1; -+ if (!strcmp(cname, "P-521")) -+ return NID_secp521r1; -+ -+ fprintf(stderr, "Unknown Curve name %s\n", cname); -+ return NID_undef; -+} -+ -+static int ec_get_pubkey(EC_KEY *key, BIGNUM *x, BIGNUM *y) -+{ -+ const EC_POINT *pt; -+ const EC_GROUP *grp; -+ const EC_METHOD *meth; -+ int rv; -+ BN_CTX *ctx; -+ ctx = BN_CTX_new(); -+ if (!ctx) -+ return 0; -+ grp = EC_KEY_get0_group(key); -+ pt = EC_KEY_get0_public_key(key); -+ meth = EC_GROUP_method_of(grp); -+ if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field) -+ rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, x, y, ctx); -+ else -+# ifdef OPENSSL_NO_EC2M -+ { -+ fprintf(stderr, "ERROR: GF2m not supported\n"); -+ exit(1); -+ } -+# else -+ rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, x, y, ctx); -+# endif -+ -+ BN_CTX_free(ctx); -+ -+ return rv; -+ -+} -+ -+static int KeyPair(FILE *in, FILE *out) -+{ -+ char buf[2048], lbuf[2048]; -+ char *keyword, *value; -+ int curve_nid = NID_undef; -+ int i, count; -+ BIGNUM *Qx = NULL, *Qy = NULL; -+ const BIGNUM *d = NULL; -+ EC_KEY *key = NULL; -+ Qx = BN_new(); -+ Qy = BN_new(); -+ while (fgets(buf, sizeof buf, in) != NULL) { -+ if (*buf == '[' && buf[2] == '-') { -+ if (buf[2] == '-') -+ curve_nid = elookup_curve(buf, lbuf, NULL); -+ fputs(buf, out); -+ continue; -+ } -+ if (!parse_line(&keyword, &value, lbuf, buf)) { -+ fputs(buf, out); -+ continue; -+ } -+ if (!strcmp(keyword, "N")) { -+ count = atoi(value); -+ -+ for (i = 0; i < count; i++) { -+ -+ key = EC_KEY_new_by_curve_name(curve_nid); -+ if (!EC_KEY_generate_key(key)) { -+ fprintf(stderr, "Error generating key\n"); -+ return 0; -+ } -+ -+ if (!ec_get_pubkey(key, Qx, Qy)) { -+ fprintf(stderr, "Error getting public key\n"); -+ return 0; -+ } -+ -+ d = EC_KEY_get0_private_key(key); -+ -+ do_bn_print_name(out, "d", d); -+ do_bn_print_name(out, "Qx", Qx); -+ do_bn_print_name(out, "Qy", Qy); -+ fputs(RESP_EOL, out); -+ EC_KEY_free(key); -+ -+ } -+ -+ } -+ -+ } -+ BN_free(Qx); -+ BN_free(Qy); -+ return 1; -+} -+ -+static int PKV(FILE *in, FILE *out) -+{ -+ -+ char buf[2048], lbuf[2048]; -+ char *keyword, *value; -+ int curve_nid = NID_undef; -+ BIGNUM *Qx = NULL, *Qy = NULL; -+ EC_KEY *key = NULL; -+ while (fgets(buf, sizeof buf, in) != NULL) { -+ fputs(buf, out); -+ if (*buf == '[' && buf[2] == '-') { -+ curve_nid = elookup_curve(buf, lbuf, NULL); -+ if (curve_nid == NID_undef) -+ return 0; -+ -+ } -+ if (!parse_line(&keyword, &value, lbuf, buf)) -+ continue; -+ if (!strcmp(keyword, "Qx")) { -+ if (!do_hex2bn(&Qx, value)) { -+ fprintf(stderr, "Invalid Qx value\n"); -+ return 0; -+ } -+ } -+ if (!strcmp(keyword, "Qy")) { -+ int rv; -+ if (!do_hex2bn(&Qy, value)) { -+ fprintf(stderr, "Invalid Qy value\n"); -+ return 0; -+ } -+ key = EC_KEY_new_by_curve_name(curve_nid); -+ no_err = 1; -+ rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy); -+ no_err = 0; -+ EC_KEY_free(key); -+ fprintf(out, "Result = %s" RESP_EOL, rv ? "P" : "F"); -+ } -+ -+ } -+ BN_free(Qx); -+ BN_free(Qy); -+ return 1; -+} -+ -+static int SigGen(FILE *in, FILE *out) -+{ -+ char buf[2048], lbuf[2048]; -+ char *keyword, *value; -+ unsigned char *msg; -+ int curve_nid = NID_undef; -+ long mlen; -+ BIGNUM *Qx = NULL, *Qy = NULL; -+ EC_KEY *key = NULL; -+ ECDSA_SIG *sig = NULL; -+ const EVP_MD *digest = NULL; -+ Qx = BN_new(); -+ Qy = BN_new(); -+ while (fgets(buf, sizeof buf, in) != NULL) { -+ fputs(buf, out); -+ if (*buf == '[') { -+ curve_nid = elookup_curve(buf, lbuf, &digest); -+ if (curve_nid == NID_undef) -+ return 0; -+ } -+ if (!parse_line(&keyword, &value, lbuf, buf)) -+ continue; -+ if (!strcmp(keyword, "Msg")) { -+ msg = hex2bin_m(value, &mlen); -+ if (!msg) { -+ fprintf(stderr, "Invalid Message\n"); -+ return 0; -+ } -+ -+ key = EC_KEY_new_by_curve_name(curve_nid); -+ if (!EC_KEY_generate_key(key)) { -+ fprintf(stderr, "Error generating key\n"); -+ return 0; -+ } -+ -+ if (!ec_get_pubkey(key, Qx, Qy)) { -+ fprintf(stderr, "Error getting public key\n"); -+ return 0; -+ } -+ -+ sig = FIPS_ecdsa_sign(key, msg, mlen, digest); -+ -+ if (!sig) { -+ fprintf(stderr, "Error signing message\n"); -+ return 0; -+ } -+ -+ do_bn_print_name(out, "Qx", Qx); -+ do_bn_print_name(out, "Qy", Qy); -+ do_bn_print_name(out, "R", sig->r); -+ do_bn_print_name(out, "S", sig->s); -+ -+ EC_KEY_free(key); -+ OPENSSL_free(msg); -+ FIPS_ecdsa_sig_free(sig); -+ -+ } -+ -+ } -+ BN_free(Qx); -+ BN_free(Qy); -+ return 1; -+} -+ -+static int SigVer(FILE *in, FILE *out) -+{ -+ char buf[2048], lbuf[2048]; -+ char *keyword, *value; -+ unsigned char *msg = NULL; -+ int curve_nid = NID_undef; -+ long mlen; -+ BIGNUM *Qx = NULL, *Qy = NULL; -+ EC_KEY *key = NULL; -+ ECDSA_SIG sg, *sig = &sg; -+ const EVP_MD *digest = NULL; -+ sig->r = NULL; -+ sig->s = NULL; -+ while (fgets(buf, sizeof buf, in) != NULL) { -+ fputs(buf, out); -+ if (*buf == '[') { -+ curve_nid = elookup_curve(buf, lbuf, &digest); -+ if (curve_nid == NID_undef) -+ return 0; -+ } -+ if (!parse_line(&keyword, &value, lbuf, buf)) -+ continue; -+ if (!strcmp(keyword, "Msg")) { -+ msg = hex2bin_m(value, &mlen); -+ if (!msg) { -+ fprintf(stderr, "Invalid Message\n"); -+ return 0; -+ } -+ } -+ -+ if (!strcmp(keyword, "Qx")) { -+ if (!do_hex2bn(&Qx, value)) { -+ fprintf(stderr, "Invalid Qx value\n"); -+ return 0; -+ } -+ } -+ if (!strcmp(keyword, "Qy")) { -+ if (!do_hex2bn(&Qy, value)) { -+ fprintf(stderr, "Invalid Qy value\n"); -+ return 0; -+ } -+ } -+ if (!strcmp(keyword, "R")) { -+ if (!do_hex2bn(&sig->r, value)) { -+ fprintf(stderr, "Invalid R value\n"); -+ return 0; -+ } -+ } -+ if (!strcmp(keyword, "S")) { -+ int rv; -+ if (!do_hex2bn(&sig->s, value)) { -+ fprintf(stderr, "Invalid S value\n"); -+ return 0; -+ } -+ key = EC_KEY_new_by_curve_name(curve_nid); -+ rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy); -+ -+ if (rv != 1) { -+ fprintf(stderr, "Error setting public key\n"); -+ return 0; -+ } -+ -+ no_err = 1; -+ rv = FIPS_ecdsa_verify(key, msg, mlen, digest, sig); -+ EC_KEY_free(key); -+ if (msg) -+ OPENSSL_free(msg); -+ no_err = 0; -+ -+ fprintf(out, "Result = %s" RESP_EOL, rv ? "P" : "F"); -+ } -+ -+ } -+ if (sig->r) -+ BN_free(sig->r); -+ if (sig->s) -+ BN_free(sig->s); -+ if (Qx) -+ BN_free(Qx); -+ if (Qy) -+ BN_free(Qy); -+ return 1; -+} -+ -+# ifdef FIPS_ALGVS -+int fips_ecdsavs_main(int argc, char **argv) -+# else -+int main(int argc, char **argv) -+# endif -+{ -+ FILE *in = NULL, *out = NULL; -+ const char *cmd = argv[1]; -+ int rv = 0; -+ fips_algtest_init(); -+ -+ if (argc == 4) { -+ in = fopen(argv[2], "r"); -+ if (!in) { -+ fprintf(stderr, "Error opening input file\n"); -+ exit(1); -+ } -+ out = fopen(argv[3], "w"); -+ if (!out) { -+ fprintf(stderr, "Error opening output file\n"); -+ exit(1); -+ } -+ } else if (argc == 2) { -+ in = stdin; -+ out = stdout; -+ } -+ -+ if (!cmd) { -+ fprintf(stderr, "fips_ecdsavs [KeyPair|PKV|SigGen|SigVer]\n"); -+ return 1; -+ } -+ if (!strcmp(cmd, "KeyPair")) -+ rv = KeyPair(in, out); -+ else if (!strcmp(cmd, "PKV")) -+ rv = PKV(in, out); -+ else if (!strcmp(cmd, "SigVer")) -+ rv = SigVer(in, out); -+ else if (!strcmp(cmd, "SigGen")) -+ rv = SigGen(in, out); -+ else { -+ fprintf(stderr, "Unknown command %s\n", cmd); -+ return 1; -+ } -+ -+ if (argc == 4) { -+ fclose(in); -+ fclose(out); -+ } -+ -+ if (rv <= 0) { -+ fprintf(stderr, "Error running %s\n", cmd); -+ return 1; -+ } -+ -+ return 0; -+} -+ -+#endif -diff -up openssl-1.0.2a/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.2a/crypto/fips/fips_ecdh_selftest.c ---- openssl-1.0.2a/crypto/fips/fips_ecdh_selftest.c.fips-ec 2015-04-22 19:00:19.724884583 +0200 -+++ openssl-1.0.2a/crypto/fips/fips_ecdh_selftest.c 2015-04-22 19:00:19.724884583 +0200 -@@ -0,0 +1,242 @@ -+/* fips/ecdh/fips_ecdh_selftest.c */ -+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project 2011. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ */ -+ -+#define OPENSSL_FIPSAPI -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#ifdef OPENSSL_FIPS -+ -+# include "fips_locl.h" -+ -+static const unsigned char p256_qcavsx[] = { -+ 0x52, 0xc6, 0xa5, 0x75, 0xf3, 0x04, 0x98, 0xb3, 0x29, 0x66, 0x0c, 0x62, -+ 0x18, 0x60, 0x55, 0x41, 0x59, 0xd4, 0x60, 0x85, 0x99, 0xc1, 0x51, 0x13, -+ 0x6f, 0x97, 0x85, 0x93, 0x33, 0x34, 0x07, 0x50 -+}; -+ -+static const unsigned char p256_qcavsy[] = { -+ 0x6f, 0x69, 0x24, 0xeb, 0xe9, 0x3b, 0xa7, 0xcc, 0x47, 0x17, 0xaa, 0x3f, -+ 0x70, 0xfc, 0x10, 0x73, 0x0a, 0xcd, 0x21, 0xee, 0x29, 0x19, 0x1f, 0xaf, -+ 0xb4, 0x1c, 0x1e, 0xc2, 0x8e, 0x97, 0x81, 0x6e -+}; -+ -+static const unsigned char p256_qiutx[] = { -+ 0x71, 0x46, 0x88, 0x08, 0x92, 0x21, 0x1b, 0x10, 0x21, 0x74, 0xff, 0x0c, -+ 0x94, 0xde, 0x34, 0x7c, 0x86, 0x74, 0xbe, 0x67, 0x41, 0x68, 0xd4, 0xc1, -+ 0xe5, 0x75, 0x63, 0x9c, 0xa7, 0x46, 0x93, 0x6f -+}; -+ -+static const unsigned char p256_qiuty[] = { -+ 0x33, 0x40, 0xa9, 0x6a, 0xf5, 0x20, 0xb5, 0x9e, 0xfc, 0x60, 0x1a, 0xae, -+ 0x3d, 0xf8, 0x21, 0xd2, 0xa7, 0xca, 0x52, 0x34, 0xb9, 0x5f, 0x27, 0x75, -+ 0x6c, 0x81, 0xbe, 0x32, 0x4d, 0xba, 0xbb, 0xf8 -+}; -+ -+static const unsigned char p256_qiutd[] = { -+ 0x1a, 0x48, 0x55, 0x6b, 0x11, 0xbe, 0x92, 0xd4, 0x1c, 0xd7, 0x45, 0xc3, -+ 0x82, 0x81, 0x51, 0xf1, 0x23, 0x40, 0xb7, 0x83, 0xfd, 0x01, 0x6d, 0xbc, -+ 0xa1, 0x66, 0xaf, 0x0a, 0x03, 0x23, 0xcd, 0xc8 -+}; -+ -+static const unsigned char p256_ziut[] = { -+ 0x77, 0x2a, 0x1e, 0x37, 0xee, 0xe6, 0x51, 0x02, 0x71, 0x40, 0xf8, 0x6a, -+ 0x36, 0xf8, 0x65, 0x61, 0x2b, 0x18, 0x71, 0x82, 0x23, 0xe6, 0xf2, 0x77, -+ 0xce, 0xec, 0xb8, 0x49, 0xc7, 0xbf, 0x36, 0x4f -+}; -+ -+typedef struct { -+ int curve; -+ const unsigned char *x1; -+ size_t x1len; -+ const unsigned char *y1; -+ size_t y1len; -+ const unsigned char *d1; -+ size_t d1len; -+ const unsigned char *x2; -+ size_t x2len; -+ const unsigned char *y2; -+ size_t y2len; -+ const unsigned char *z; -+ size_t zlen; -+} ECDH_SELFTEST_DATA; -+ -+# define make_ecdh_test(nid, pr) { nid, \ -+ pr##_qiutx, sizeof(pr##_qiutx), \ -+ pr##_qiuty, sizeof(pr##_qiuty), \ -+ pr##_qiutd, sizeof(pr##_qiutd), \ -+ pr##_qcavsx, sizeof(pr##_qcavsx), \ -+ pr##_qcavsy, sizeof(pr##_qcavsy), \ -+ pr##_ziut, sizeof(pr##_ziut) } -+ -+static ECDH_SELFTEST_DATA test_ecdh_data[] = { -+ make_ecdh_test(NID_X9_62_prime256v1, p256), -+}; -+ -+int FIPS_selftest_ecdh(void) -+{ -+ EC_KEY *ec1 = NULL, *ec2 = NULL; -+ const EC_POINT *ecp = NULL; -+ BIGNUM *x = NULL, *y = NULL, *d = NULL; -+ unsigned char *ztmp = NULL; -+ int rv = 1; -+ size_t i; -+ -+ for (i = 0; i < sizeof(test_ecdh_data) / sizeof(ECDH_SELFTEST_DATA); i++) { -+ ECDH_SELFTEST_DATA *ecd = test_ecdh_data + i; -+ if (!fips_post_started(FIPS_TEST_ECDH, ecd->curve, 0)) -+ continue; -+ ztmp = OPENSSL_malloc(ecd->zlen); -+ -+ x = BN_bin2bn(ecd->x1, ecd->x1len, x); -+ y = BN_bin2bn(ecd->y1, ecd->y1len, y); -+ d = BN_bin2bn(ecd->d1, ecd->d1len, d); -+ -+ if (!x || !y || !d || !ztmp) { -+ rv = -1; -+ goto err; -+ } -+ -+ ec1 = EC_KEY_new_by_curve_name(ecd->curve); -+ if (!ec1) { -+ rv = -1; -+ goto err; -+ } -+ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH); -+ -+ if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y)) { -+ rv = -1; -+ goto err; -+ } -+ -+ if (!EC_KEY_set_private_key(ec1, d)) { -+ rv = -1; -+ goto err; -+ } -+ -+ x = BN_bin2bn(ecd->x2, ecd->x2len, x); -+ y = BN_bin2bn(ecd->y2, ecd->y2len, y); -+ -+ if (!x || !y) { -+ rv = -1; -+ goto err; -+ } -+ -+ ec2 = EC_KEY_new_by_curve_name(ecd->curve); -+ if (!ec2) { -+ rv = -1; -+ goto err; -+ } -+ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH); -+ -+ if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y)) { -+ rv = -1; -+ goto err; -+ } -+ -+ ecp = EC_KEY_get0_public_key(ec2); -+ if (!ecp) { -+ rv = -1; -+ goto err; -+ } -+ -+ if (!ECDH_compute_key(ztmp, ecd->zlen, ecp, ec1, 0)) { -+ rv = -1; -+ goto err; -+ } -+ -+ if (!fips_post_corrupt(FIPS_TEST_ECDH, ecd->curve, NULL)) -+ ztmp[0] ^= 0x1; -+ -+ if (memcmp(ztmp, ecd->z, ecd->zlen)) { -+ fips_post_failed(FIPS_TEST_ECDH, ecd->curve, 0); -+ rv = 0; -+ } else if (!fips_post_success(FIPS_TEST_ECDH, ecd->curve, 0)) -+ goto err; -+ -+ EC_KEY_free(ec1); -+ ec1 = NULL; -+ EC_KEY_free(ec2); -+ ec2 = NULL; -+ OPENSSL_free(ztmp); -+ ztmp = NULL; -+ } -+ -+ err: -+ -+ if (x) -+ BN_clear_free(x); -+ if (y) -+ BN_clear_free(y); -+ if (d) -+ BN_clear_free(d); -+ if (ec1) -+ EC_KEY_free(ec1); -+ if (ec2) -+ EC_KEY_free(ec2); -+ if (ztmp) -+ OPENSSL_free(ztmp); -+ -+ return rv; -+ -+} -+ -+#endif -diff -up openssl-1.0.2a/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.2a/crypto/fips/fips_ecdsa_selftest.c ---- openssl-1.0.2a/crypto/fips/fips_ecdsa_selftest.c.fips-ec 2015-04-22 19:00:19.724884583 +0200 -+++ openssl-1.0.2a/crypto/fips/fips_ecdsa_selftest.c 2015-04-22 19:00:19.724884583 +0200 -@@ -0,0 +1,165 @@ -+/* fips/ecdsa/fips_ecdsa_selftest.c */ -+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -+ * project 2011. -+ */ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * licensing@OpenSSL.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * ==================================================================== -+ * -+ */ -+ -+#define OPENSSL_FIPSAPI -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#ifdef OPENSSL_FIPS -+ -+static const char P_256_name[] = "ECDSA P-256"; -+ -+static const unsigned char P_256_d[] = { -+ 0x51, 0xbd, 0x06, 0xa1, 0x1c, 0xda, 0xe2, 0x12, 0x99, 0xc9, 0x52, 0x3f, -+ 0xea, 0xa4, 0xd2, 0xd1, 0xf4, 0x7f, 0xd4, 0x3e, 0xbd, 0xf8, 0xfc, 0x87, -+ 0xdc, 0x82, 0x53, 0x21, 0xee, 0xa0, 0xdc, 0x64 -+}; -+ -+static const unsigned char P_256_qx[] = { -+ 0x23, 0x89, 0xe0, 0xf4, 0x69, 0xe0, 0x49, 0xe5, 0xc7, 0xe5, 0x40, 0x6e, -+ 0x8f, 0x25, 0xdd, 0xad, 0x11, 0x16, 0x14, 0x9b, 0xab, 0x44, 0x06, 0x31, -+ 0xbf, 0x5e, 0xa6, 0x44, 0xac, 0x86, 0x00, 0x07 -+}; -+ -+static const unsigned char P_256_qy[] = { -+ 0xb3, 0x05, 0x0d, 0xd0, 0xdc, 0xf7, 0x40, 0xe6, 0xf9, 0xd8, 0x6d, 0x7b, -+ 0x63, 0xca, 0x97, 0xe6, 0x12, 0xf9, 0xd4, 0x18, 0x59, 0xbe, 0xb2, 0x5e, -+ 0x4a, 0x6a, 0x77, 0x23, 0xf4, 0x11, 0x9d, 0xeb -+}; -+ -+typedef struct { -+ int curve; -+ const char *name; -+ const unsigned char *x; -+ size_t xlen; -+ const unsigned char *y; -+ size_t ylen; -+ const unsigned char *d; -+ size_t dlen; -+} EC_SELFTEST_DATA; -+ -+# define make_ecdsa_test(nid, pr) { nid, pr##_name, \ -+ pr##_qx, sizeof(pr##_qx), \ -+ pr##_qy, sizeof(pr##_qy), \ -+ pr##_d, sizeof(pr##_d)} -+ -+static EC_SELFTEST_DATA test_ec_data[] = { -+ make_ecdsa_test(NID_X9_62_prime256v1, P_256), -+}; -+ -+int FIPS_selftest_ecdsa() -+{ -+ EC_KEY *ec = NULL; -+ BIGNUM *x = NULL, *y = NULL, *d = NULL; -+ EVP_PKEY *pk = NULL; -+ int rv = 0; -+ size_t i; -+ -+ for (i = 0; i < sizeof(test_ec_data) / sizeof(EC_SELFTEST_DATA); i++) { -+ EC_SELFTEST_DATA *ecd = test_ec_data + i; -+ -+ x = BN_bin2bn(ecd->x, ecd->xlen, x); -+ y = BN_bin2bn(ecd->y, ecd->ylen, y); -+ d = BN_bin2bn(ecd->d, ecd->dlen, d); -+ -+ if (!x || !y || !d) -+ goto err; -+ -+ ec = EC_KEY_new_by_curve_name(ecd->curve); -+ if (!ec) -+ goto err; -+ -+ if (!EC_KEY_set_public_key_affine_coordinates(ec, x, y)) -+ goto err; -+ -+ if (!EC_KEY_set_private_key(ec, d)) -+ goto err; -+ -+ if ((pk = EVP_PKEY_new()) == NULL) -+ goto err; -+ -+ EVP_PKEY_assign_EC_KEY(pk, ec); -+ -+ if (!fips_pkey_signature_test(pk, NULL, 0, -+ NULL, 0, EVP_sha256(), 0, ecd->name)) -+ goto err; -+ } -+ -+ rv = 1; -+ -+ err: -+ -+ if (x) -+ BN_clear_free(x); -+ if (y) -+ BN_clear_free(y); -+ if (d) -+ BN_clear_free(d); -+ if (pk) -+ EVP_PKEY_free(pk); -+ else if (ec) -+ EC_KEY_free(ec); -+ -+ return rv; -+ -+} -+ -+#endif -diff -up openssl-1.0.2a/crypto/fips/fips.h.fips-ec openssl-1.0.2a/crypto/fips/fips.h ---- openssl-1.0.2a/crypto/fips/fips.h.fips-ec 2015-04-22 19:00:19.688883733 +0200 -+++ openssl-1.0.2a/crypto/fips/fips.h 2015-04-22 19:00:19.724884583 +0200 -@@ -93,6 +93,8 @@ extern "C" { - void FIPS_corrupt_dsa(void); - void FIPS_corrupt_dsa_keygen(void); - int FIPS_selftest_dsa(void); -+ int FIPS_selftest_ecdsa(void); -+ int FIPS_selftest_ecdh(void); - void FIPS_corrupt_rng(void); - void FIPS_rng_stick(void); - void FIPS_x931_stick(int onoff); -diff -up openssl-1.0.2a/crypto/fips/fips_post.c.fips-ec openssl-1.0.2a/crypto/fips/fips_post.c ---- openssl-1.0.2a/crypto/fips/fips_post.c.fips-ec 2015-04-22 19:00:19.688883733 +0200 -+++ openssl-1.0.2a/crypto/fips/fips_post.c 2015-04-22 19:00:19.724884583 +0200 -@@ -95,8 +95,12 @@ int FIPS_selftest(void) - rv = 0; - if (!FIPS_selftest_rsa()) - rv = 0; -+ if (!FIPS_selftest_ecdsa()) -+ rv = 0; - if (!FIPS_selftest_dsa()) - rv = 0; -+ if (!FIPS_selftest_ecdh()) -+ rv = 0; - return rv; - } - -diff -up openssl-1.0.2a/crypto/fips/Makefile.fips-ec openssl-1.0.2a/crypto/fips/Makefile ---- openssl-1.0.2a/crypto/fips/Makefile.fips-ec 2015-04-22 19:00:19.691883805 +0200 -+++ openssl-1.0.2a/crypto/fips/Makefile 2015-04-22 19:00:19.724884583 +0200 -@@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self - fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \ - fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ - fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \ -- fips_cmac_selftest.c fips_enc.c fips_md.c -+ fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c - - LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \ - fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \ - fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \ - fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \ -- fips_cmac_selftest.o fips_enc.o fips_md.o -+ fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o - - LIBCRYPTO=-L.. -lcrypto - -@@ -119,6 +119,21 @@ fips_aes_selftest.o: ../../include/opens - fips_aes_selftest.o: ../../include/openssl/safestack.h - fips_aes_selftest.o: ../../include/openssl/stack.h - fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c -+fips_cmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_cmac_selftest.o: ../../include/openssl/cmac.h -+fips_cmac_selftest.o: ../../include/openssl/crypto.h -+fips_cmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_cmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_cmac_selftest.o: ../../include/openssl/lhash.h -+fips_cmac_selftest.o: ../../include/openssl/obj_mac.h -+fips_cmac_selftest.o: ../../include/openssl/objects.h -+fips_cmac_selftest.o: ../../include/openssl/opensslconf.h -+fips_cmac_selftest.o: ../../include/openssl/opensslv.h -+fips_cmac_selftest.o: ../../include/openssl/ossl_typ.h -+fips_cmac_selftest.o: ../../include/openssl/safestack.h -+fips_cmac_selftest.o: ../../include/openssl/stack.h -+fips_cmac_selftest.o: ../../include/openssl/symhacks.h fips_cmac_selftest.c -+fips_cmac_selftest.o: fips_locl.h - fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h - fips_des_selftest.o: ../../include/openssl/crypto.h - fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -@@ -232,6 +247,46 @@ fips_dsa_selftest.o: ../../include/opens - fips_dsa_selftest.o: ../../include/openssl/stack.h - fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c - fips_dsa_selftest.o: fips_locl.h -+fips_ecdh_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_ecdh_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -+fips_ecdh_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -+fips_ecdh_selftest.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h -+fips_ecdh_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_ecdh_selftest.o: ../../include/openssl/lhash.h -+fips_ecdh_selftest.o: ../../include/openssl/obj_mac.h -+fips_ecdh_selftest.o: ../../include/openssl/objects.h -+fips_ecdh_selftest.o: ../../include/openssl/opensslconf.h -+fips_ecdh_selftest.o: ../../include/openssl/opensslv.h -+fips_ecdh_selftest.o: ../../include/openssl/ossl_typ.h -+fips_ecdh_selftest.o: ../../include/openssl/safestack.h -+fips_ecdh_selftest.o: ../../include/openssl/stack.h -+fips_ecdh_selftest.o: ../../include/openssl/symhacks.h fips_ecdh_selftest.c -+fips_ecdh_selftest.o: fips_locl.h -+fips_ecdsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_ecdsa_selftest.o: ../../include/openssl/bn.h -+fips_ecdsa_selftest.o: ../../include/openssl/crypto.h -+fips_ecdsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -+fips_ecdsa_selftest.o: ../../include/openssl/ecdsa.h -+fips_ecdsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h -+fips_ecdsa_selftest.o: ../../include/openssl/fips.h -+fips_ecdsa_selftest.o: ../../include/openssl/lhash.h -+fips_ecdsa_selftest.o: ../../include/openssl/obj_mac.h -+fips_ecdsa_selftest.o: ../../include/openssl/objects.h -+fips_ecdsa_selftest.o: ../../include/openssl/opensslconf.h -+fips_ecdsa_selftest.o: ../../include/openssl/opensslv.h -+fips_ecdsa_selftest.o: ../../include/openssl/ossl_typ.h -+fips_ecdsa_selftest.o: ../../include/openssl/safestack.h -+fips_ecdsa_selftest.o: ../../include/openssl/stack.h -+fips_ecdsa_selftest.o: ../../include/openssl/symhacks.h fips_ecdsa_selftest.c -+fips_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -+fips_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -+fips_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -+fips_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -+fips_enc.o: ../../include/openssl/opensslconf.h -+fips_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -+fips_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -+fips_enc.o: ../../include/openssl/symhacks.h fips_enc.c - fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h - fips_hmac_selftest.o: ../../include/openssl/crypto.h - fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -@@ -246,6 +301,15 @@ fips_hmac_selftest.o: ../../include/open - fips_hmac_selftest.o: ../../include/openssl/safestack.h - fips_hmac_selftest.o: ../../include/openssl/stack.h - fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c -+fips_md.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_md.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -+fips_md.o: ../../include/openssl/err.h ../../include/openssl/evp.h -+fips_md.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -+fips_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -+fips_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -+fips_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -+fips_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -+fips_md.o: fips_md.c - fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h - fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h - fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -diff -up openssl-1.0.2a/version.map.fips-ec openssl-1.0.2a/version.map ---- openssl-1.0.2a/version.map.fips-ec 2015-04-22 19:00:19.704884111 +0200 -+++ openssl-1.0.2a/version.map 2015-04-22 19:00:19.724884583 +0200 -@@ -6,6 +6,10 @@ OPENSSL_1.0.1 { - _original*; - _current*; - }; -+OPENSSL_1.0.1_EC { -+ global: -+ EC*; -+}; - OPENSSL_1.0.2 { - global: - SSLeay; diff --git a/openssl-1.0.2a-fips-md5-allow.patch b/openssl-1.0.2a-fips-md5-allow.patch deleted file mode 100644 index 825417f..0000000 --- a/openssl-1.0.2a-fips-md5-allow.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up openssl-1.0.2a/crypto/md5/md5_dgst.c.md5-allow openssl-1.0.2a/crypto/md5/md5_dgst.c ---- openssl-1.0.2a/crypto/md5/md5_dgst.c.md5-allow 2015-04-09 18:18:36.505393113 +0200 -+++ openssl-1.0.2a/crypto/md5/md5_dgst.c 2015-04-09 18:18:32.408298469 +0200 -@@ -72,7 +72,16 @@ const char MD5_version[] = "MD5" OPENSSL - #define INIT_DATA_C (unsigned long)0x98badcfeL - #define INIT_DATA_D (unsigned long)0x10325476L - --nonfips_md_init(MD5) -+int MD5_Init(MD5_CTX *c) -+#ifdef OPENSSL_FIPS -+{ -+ if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL) -+ OpenSSLDie(__FILE__, __LINE__, "Digest MD5 forbidden in FIPS mode!"); -+ return private_MD5_Init(c); -+} -+ -+int private_MD5_Init(MD5_CTX *c) -+#endif - { - memset(c, 0, sizeof(*c)); - c->A = INIT_DATA_A; diff --git a/openssl-1.0.2a-ipv6-apps.patch b/openssl-1.0.2a-ipv6-apps.patch deleted file mode 100644 index dd8b42c..0000000 --- a/openssl-1.0.2a-ipv6-apps.patch +++ /dev/null @@ -1,525 +0,0 @@ -diff -up openssl-1.0.2a/apps/s_apps.h.ipv6-apps openssl-1.0.2a/apps/s_apps.h ---- openssl-1.0.2a/apps/s_apps.h.ipv6-apps 2015-04-20 15:01:24.029120104 +0200 -+++ openssl-1.0.2a/apps/s_apps.h 2015-04-20 15:05:00.353137701 +0200 -@@ -151,7 +151,7 @@ typedef fd_mask fd_set; - #define PORT_STR "4433" - #define PROTOCOL "tcp" - --int do_server(int port, int type, int *ret, -+int do_server(char *port, int type, int *ret, - int (*cb) (char *hostname, int s, int stype, - unsigned char *context), unsigned char *context, - int naccept); -@@ -167,11 +167,10 @@ int ssl_print_point_formats(BIO *out, SS - int ssl_print_curves(BIO *out, SSL *s, int noshared); - #endif - int ssl_print_tmp_key(BIO *out, SSL *s); --int init_client(int *sock, char *server, int port, int type); -+int init_client(int *sock, char *server, char *port, int type); - int should_retry(int i); - int extract_port(char *str, short *port_ptr); --int extract_host_port(char *str, char **host_ptr, unsigned char *ip, -- short *p); -+int extract_host_port(char *str, char **host_ptr, char **port_ptr); - - long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, - int argi, long argl, long ret); -diff -up openssl-1.0.2a/apps/s_client.c.ipv6-apps openssl-1.0.2a/apps/s_client.c ---- openssl-1.0.2a/apps/s_client.c.ipv6-apps 2015-04-20 15:01:24.022119942 +0200 -+++ openssl-1.0.2a/apps/s_client.c 2015-04-20 15:06:42.338503234 +0200 -@@ -662,7 +662,7 @@ int MAIN(int argc, char **argv) - int cbuf_len, cbuf_off; - int sbuf_len, sbuf_off; - fd_set readfds, writefds; -- short port = PORT; -+ char *port_str = PORT_STR; - int full_log = 1; - char *host = SSL_HOST_NAME; - char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; -@@ -785,13 +785,11 @@ int MAIN(int argc, char **argv) - } else if (strcmp(*argv, "-port") == 0) { - if (--argc < 1) - goto bad; -- port = atoi(*(++argv)); -- if (port == 0) -- goto bad; -+ port_str = *(++argv); - } else if (strcmp(*argv, "-connect") == 0) { - if (--argc < 1) - goto bad; -- if (!extract_host_port(*(++argv), &host, NULL, &port)) -+ if (!extract_host_port(*(++argv), &host, &port_str)) - goto bad; - } else if (strcmp(*argv, "-verify") == 0) { - verify = SSL_VERIFY_PEER; -@@ -1417,7 +1415,7 @@ int MAIN(int argc, char **argv) - - re_start: - -- if (init_client(&s, host, port, socket_type) == 0) { -+ if (init_client(&s, host, port_str, socket_type) == 0) { - BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); - SHUTDOWN(s); - goto end; -diff -up openssl-1.0.2a/apps/s_server.c.ipv6-apps openssl-1.0.2a/apps/s_server.c ---- openssl-1.0.2a/apps/s_server.c.ipv6-apps 2015-04-20 15:01:24.030120127 +0200 -+++ openssl-1.0.2a/apps/s_server.c 2015-04-20 15:10:47.245187746 +0200 -@@ -1061,7 +1061,7 @@ int MAIN(int argc, char *argv[]) - { - X509_VERIFY_PARAM *vpm = NULL; - int badarg = 0; -- short port = PORT; -+ char *port_str = PORT_STR; - char *CApath = NULL, *CAfile = NULL; - char *chCApath = NULL, *chCAfile = NULL; - char *vfyCApath = NULL, *vfyCAfile = NULL; -@@ -1148,7 +1148,8 @@ int MAIN(int argc, char *argv[]) - if ((strcmp(*argv, "-port") == 0) || (strcmp(*argv, "-accept") == 0)) { - if (--argc < 1) - goto bad; -- if (!extract_port(*(++argv), &port)) -+ port_str = *(++argv); -+ if (port_str == NULL || *port_str == '\0') - goto bad; - } else if (strcmp(*argv, "-naccept") == 0) { - if (--argc < 1) -@@ -2020,13 +2021,13 @@ int MAIN(int argc, char *argv[]) - BIO_printf(bio_s_out, "ACCEPT\n"); - (void)BIO_flush(bio_s_out); - if (rev) -- do_server(port, socket_type, &accept_socket, rev_body, context, -+ do_server(port_str, socket_type, &accept_socket, rev_body, context, - naccept); - else if (www) -- do_server(port, socket_type, &accept_socket, www_body, context, -+ do_server(port_str, socket_type, &accept_socket, www_body, context, - naccept); - else -- do_server(port, socket_type, &accept_socket, sv_body, context, -+ do_server(port_str, socket_type, &accept_socket, sv_body, context, - naccept); - print_stats(bio_s_out, ctx); - ret = 0; -diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c ---- openssl-1.0.2a/apps/s_socket.c.ipv6-apps 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/apps/s_socket.c 2015-04-20 15:32:53.960079507 +0200 -@@ -106,9 +106,7 @@ static struct hostent *GetHostByName(cha - static void ssl_sock_cleanup(void); - # endif - static int ssl_sock_init(void); --static int init_client_ip(int *sock, unsigned char ip[4], int port, int type); --static int init_server(int *sock, int port, int type); --static int init_server_long(int *sock, int port, char *ip, int type); -+static int init_server(int *sock, char *port, int type); - static int do_accept(int acc_sock, int *sock, char **host); - static int host_ip(char *str, unsigned char ip[4]); - -@@ -231,65 +229,66 @@ static int ssl_sock_init(void) - return (1); - } - --int init_client(int *sock, char *host, int port, int type) -+int init_client(int *sock, char *host, char *port, int type) - { -- unsigned char ip[4]; -- -- memset(ip, '\0', sizeof ip); -- if (!host_ip(host, &(ip[0]))) -- return 0; -- return init_client_ip(sock, ip, port, type); --} -- --static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) --{ -- unsigned long addr; -- struct sockaddr_in them; -- int s, i; -+ struct addrinfo *res, *res0, hints; -+ char *failed_call = NULL; -+ int s; -+ int e; - - if (!ssl_sock_init()) - return (0); - -- memset((char *)&them, 0, sizeof(them)); -- them.sin_family = AF_INET; -- them.sin_port = htons((unsigned short)port); -- addr = (unsigned long) -- ((unsigned long)ip[0] << 24L) | -- ((unsigned long)ip[1] << 16L) | -- ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]); -- them.sin_addr.s_addr = htonl(addr); -- -- if (type == SOCK_STREAM) -- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); -- else /* ( type == SOCK_DGRAM) */ -- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); -- -- if (s == INVALID_SOCKET) { -- perror("socket"); -+ memset(&hints, '\0', sizeof(hints)); -+ hints.ai_socktype = type; -+ hints.ai_flags = AI_ADDRCONFIG; -+ -+ e = getaddrinfo(host, port, &hints, &res); -+ if (e) { -+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e)); -+ if (e == EAI_SYSTEM) -+ perror("getaddrinfo"); - return (0); - } -+ -+ res0 = res; -+ while (res) { -+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); -+ if (s == INVALID_SOCKET) { -+ failed_call = "socket"; -+ goto nextres; -+ } - # if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE) -- if (type == SOCK_STREAM) { -- i = 0; -- i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *)&i, sizeof(i)); -- if (i < 0) { -- closesocket(s); -- perror("keepalive"); -- return (0); -+ if (type == SOCK_STREAM) { -+ int i = 0; -+ i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, -+ (char *)&i, sizeof(i)); -+ if (i < 0) { -+ failed_call = "keepalive"; -+ goto nextres; -+ } - } -- } - # endif -- -- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) { -- closesocket(s); -- perror("connect"); -- return (0); -+ if (connect(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == 0) { -+ freeaddrinfo(res0); -+ *sock = s; -+ return (1); -+ } -+ -+ failed_call = "socket"; -+ nextres: -+ if (s != INVALID_SOCKET) -+ close(s); -+ res = res->ai_next; - } -- *sock = s; -- return (1); -+ freeaddrinfo(res0); -+ closesocket(s); -+ -+ perror(failed_call); -+ return (0); - } - --int do_server(int port, int type, int *ret, -+int do_server(char *port, int type, int *ret, - int (*cb) (char *hostname, int s, int stype, - unsigned char *context), unsigned char *context, - int naccept) -@@ -328,69 +327,89 @@ int do_server(int port, int type, int *r - } - } - --static int init_server_long(int *sock, int port, char *ip, int type) -+static int init_server(int *sock, char *port, int type) - { -- int ret = 0; -- struct sockaddr_in server; -- int s = -1; -+ struct addrinfo *res, *res0 = NULL, hints; -+ char *failed_call = NULL; -+ int s = INVALID_SOCKET; -+ int e; - - if (!ssl_sock_init()) - return (0); - -- memset((char *)&server, 0, sizeof(server)); -- server.sin_family = AF_INET; -- server.sin_port = htons((unsigned short)port); -- if (ip == NULL) -- server.sin_addr.s_addr = INADDR_ANY; -- else --/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ --# ifndef BIT_FIELD_LIMITS -- memcpy(&server.sin_addr.s_addr, ip, 4); --# else -- memcpy(&server.sin_addr, ip, 4); --# endif -- -- if (type == SOCK_STREAM) -- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); -- else /* type == SOCK_DGRAM */ -- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); -+ memset(&hints, '\0', sizeof(hints)); -+ hints.ai_family = AF_INET6; -+ tryipv4: -+ hints.ai_socktype = type; -+ hints.ai_flags = AI_PASSIVE; -+ -+ e = getaddrinfo(NULL, port, &hints, &res); -+ if (e) { -+ if (hints.ai_family == AF_INET) { -+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e)); -+ if (e == EAI_SYSTEM) -+ perror("getaddrinfo"); -+ return (0); -+ } else -+ res = NULL; -+ } - -- if (s == INVALID_SOCKET) -- goto err; -+ res0 = res; -+ while (res) { -+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); -+ if (s == INVALID_SOCKET) { -+ failed_call = "socket"; -+ goto nextres; -+ } -+ if (hints.ai_family == AF_INET6) { -+ int j = 0; -+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&j, sizeof j); -+ } - # if defined SOL_SOCKET && defined SO_REUSEADDR -- { -- int j = 1; -- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); -- } --# endif -- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { --# ifndef OPENSSL_SYS_WINDOWS -- perror("bind"); -+ { -+ int j = 1; -+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); -+ } - # endif -- goto err; -+ -+ if (bind(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1) { -+ failed_call = "bind"; -+ goto nextres; -+ } -+ if (type == SOCK_STREAM && listen(s, 128) == -1) { -+ failed_call = "listen"; -+ goto nextres; -+ } -+ -+ *sock = s; -+ return (1); -+ -+ nextres: -+ if (s != INVALID_SOCKET) -+ close(s); -+ res = res->ai_next; - } -- /* Make it 128 for linux */ -- if (type == SOCK_STREAM && listen(s, 128) == -1) -- goto err; -- *sock = s; -- ret = 1; -- err: -- if ((ret == 0) && (s != -1)) { -- SHUTDOWN(s); -+ if (res0) -+ freeaddrinfo(res0); -+ -+ if (s == INVALID_SOCKET) { -+ if (hints.ai_family == AF_INET6) { -+ hints.ai_family = AF_INET; -+ goto tryipv4; -+ } -+ perror("socket"); -+ return (0); - } -- return (ret); --} - --static int init_server(int *sock, int port, int type) --{ -- return (init_server_long(sock, port, NULL, type)); -+ perror(failed_call); -+ return (0); - } - - static int do_accept(int acc_sock, int *sock, char **host) - { -+ static struct sockaddr_storage from; -+ char buffer[NI_MAXHOST]; - int ret; -- struct hostent *h1, *h2; -- static struct sockaddr_in from; - int len; - /* struct linger ling; */ - -@@ -432,134 +451,60 @@ static int do_accept(int acc_sock, int * - ling.l_onoff=1; - ling.l_linger=0; - i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling)); -- if (i < 0) { perror("linger"); return(0); } -+ if (i < 0) { closesocket(ret); perror("linger"); return(0); } - i=0; - i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); -- if (i < 0) { perror("keepalive"); return(0); } -+ if (i < 0) { closesocket(ret); perror("keepalive"); return(0); } - */ - - if (host == NULL) - goto end; --# ifndef BIT_FIELD_LIMITS -- /* I should use WSAAsyncGetHostByName() under windows */ -- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr, -- sizeof(from.sin_addr.s_addr), AF_INET); --# else -- h1 = gethostbyaddr((char *)&from.sin_addr, -- sizeof(struct in_addr), AF_INET); --# endif -- if (h1 == NULL) { -- BIO_printf(bio_err, "bad gethostbyaddr\n"); -+ -+ if (getnameinfo((struct sockaddr *)&from, sizeof(from), -+ buffer, sizeof(buffer), NULL, 0, 0)) { -+ BIO_printf(bio_err, "getnameinfo failed\n"); - *host = NULL; - /* return(0); */ - } else { -- if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) { -+ if ((*host = (char *)OPENSSL_malloc(strlen(buffer) + 1)) == NULL) { - perror("OPENSSL_malloc"); - closesocket(ret); - return (0); - } -- BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1); -- -- h2 = GetHostByName(*host); -- if (h2 == NULL) { -- BIO_printf(bio_err, "gethostbyname failure\n"); -- closesocket(ret); -- return (0); -- } -- if (h2->h_addrtype != AF_INET) { -- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); -- closesocket(ret); -- return (0); -- } -+ strcpy(*host, buffer); - } - end: - *sock = ret; - return (1); - } - --int extract_host_port(char *str, char **host_ptr, unsigned char *ip, -- short *port_ptr) -+int extract_host_port(char *str, char **host_ptr, char **port_ptr) - { -- char *h, *p; -+ char *h, *p, *x; - -- h = str; -- p = strchr(str, ':'); -+ x = h = str; -+ if (*h == '[') { -+ h++; -+ p = strchr(h, ']'); -+ if (p == NULL) { -+ BIO_printf(bio_err, "no ending bracket for IPv6 address\n"); -+ return (0); -+ } -+ *(p++) = '\0'; -+ x = p; -+ } -+ p = strchr(x, ':'); - if (p == NULL) { - BIO_printf(bio_err, "no port defined\n"); - return (0); - } - *(p++) = '\0'; - -- if ((ip != NULL) && !host_ip(str, ip)) -- goto err; - if (host_ptr != NULL) - *host_ptr = h; -+ if (port_ptr != NULL) -+ *port_ptr = p; - -- if (!extract_port(p, port_ptr)) -- goto err; -- return (1); -- err: -- return (0); --} -- --static int host_ip(char *str, unsigned char ip[4]) --{ -- unsigned int in[4]; -- int i; -- -- if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == -- 4) { -- for (i = 0; i < 4; i++) -- if (in[i] > 255) { -- BIO_printf(bio_err, "invalid IP address\n"); -- goto err; -- } -- ip[0] = in[0]; -- ip[1] = in[1]; -- ip[2] = in[2]; -- ip[3] = in[3]; -- } else { /* do a gethostbyname */ -- struct hostent *he; -- -- if (!ssl_sock_init()) -- return (0); -- -- he = GetHostByName(str); -- if (he == NULL) { -- BIO_printf(bio_err, "gethostbyname failure\n"); -- goto err; -- } -- /* cast to short because of win16 winsock definition */ -- if ((short)he->h_addrtype != AF_INET) { -- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); -- return (0); -- } -- ip[0] = he->h_addr_list[0][0]; -- ip[1] = he->h_addr_list[0][1]; -- ip[2] = he->h_addr_list[0][2]; -- ip[3] = he->h_addr_list[0][3]; -- } -- return (1); -- err: -- return (0); --} -- --int extract_port(char *str, short *port_ptr) --{ -- int i; -- struct servent *s; -- -- i = atoi(str); -- if (i != 0) -- *port_ptr = (unsigned short)i; -- else { -- s = getservbyname(str, "tcp"); -- if (s == NULL) { -- BIO_printf(bio_err, "getservbyname failure for %s\n", str); -- return (0); -- } -- *port_ptr = ntohs((unsigned short)s->s_port); -- } - return (1); - } - diff --git a/openssl-1.0.2a-issuer-hash.patch b/openssl-1.0.2a-issuer-hash.patch deleted file mode 100644 index a439d14..0000000 --- a/openssl-1.0.2a-issuer-hash.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up openssl-1.0.1k/crypto/x509/x509_cmp.c.issuer-hash openssl-1.0.1k/crypto/x509/x509_cmp.c ---- openssl-1.0.1k/crypto/x509/x509_cmp.c.issuer-hash 2015-04-09 18:16:03.349855193 +0200 -+++ openssl-1.0.1k/crypto/x509/x509_cmp.c 2015-04-09 18:16:00.616792058 +0200 -@@ -86,6 +86,7 @@ unsigned long X509_issuer_and_serial_has - char *f; - - EVP_MD_CTX_init(&ctx); -+ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0); - if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) - goto err; diff --git a/openssl-1.0.2a-no-md5-verify.patch b/openssl-1.0.2a-no-md5-verify.patch deleted file mode 100644 index b7e6663..0000000 --- a/openssl-1.0.2a-no-md5-verify.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff -up openssl-1.0.2a/crypto/asn1/a_verify.c.no-md5-verify openssl-1.0.2a/crypto/asn1/a_verify.c ---- openssl-1.0.2a/crypto/asn1/a_verify.c.no-md5-verify 2015-04-09 18:20:58.829680829 +0200 -+++ openssl-1.0.2a/crypto/asn1/a_verify.c 2015-04-09 18:20:54.495580710 +0200 -@@ -56,6 +56,9 @@ - * [including the GNU Public Licence.] - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE -+ - #include - #include - -@@ -171,6 +174,11 @@ int ASN1_item_verify(const ASN1_ITEM *it - if (ret != 2) - goto err; - ret = -1; -+ } else if (mdnid == NID_md5 -+ && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) { -+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, -+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); -+ goto err; - } else { - const EVP_MD *type; - type = EVP_get_digestbynid(mdnid); diff --git a/openssl-1.0.2a-no-rpath.patch b/openssl-1.0.2a-no-rpath.patch deleted file mode 100644 index 4aafefd..0000000 --- a/openssl-1.0.2a-no-rpath.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssl-1.0.2a/Makefile.shared.no-rpath openssl-1.0.2a/Makefile.shared ---- openssl-1.0.2a/Makefile.shared.no-rpath 2015-04-09 18:14:39.647921663 +0200 -+++ openssl-1.0.2a/Makefile.shared 2015-04-09 18:14:34.423800985 +0200 -@@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - --DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" -+DO_GNU_APP=LDFLAGS="$(CFLAGS)" - - #This is rather special. It's a special target with which one can link - #applications without bothering with any features that have anything to diff --git a/openssl-1.0.2a-padlock64.patch b/openssl-1.0.2a-padlock64.patch deleted file mode 100644 index 19d3958..0000000 --- a/openssl-1.0.2a-padlock64.patch +++ /dev/null @@ -1,198 +0,0 @@ -diff -up openssl-1.0.2a/engines/e_padlock.c.padlock64 openssl-1.0.2a/engines/e_padlock.c ---- openssl-1.0.2a/engines/e_padlock.c.padlock64 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/engines/e_padlock.c 2015-04-22 16:23:44.105617468 +0200 -@@ -101,7 +101,10 @@ - */ - # undef COMPILE_HW_PADLOCK - # if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM) --# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \ -+# if (defined(__GNUC__) && __GNUC__>=2 && \ -+ (defined(__i386__) || defined(__i386) || \ -+ defined(__x86_64__) || defined(__x86_64)) \ -+ ) || \ - (defined(_MSC_VER) && defined(_M_IX86)) - # define COMPILE_HW_PADLOCK - # endif -@@ -140,7 +143,7 @@ void ENGINE_load_padlock(void) - # endif - # elif defined(__GNUC__) - # ifndef alloca --# define alloca(s) __builtin_alloca(s) -+# define alloca(s) __builtin_alloca((s)) - # endif - # endif - -@@ -303,6 +306,7 @@ static volatile struct padlock_cipher_da - * ======================================================= - */ - # if defined(__GNUC__) && __GNUC__>=2 -+# if defined(__i386__) || defined(__i386) - /* - * As for excessive "push %ebx"/"pop %ebx" found all over. - * When generating position-independent code GCC won't let -@@ -379,22 +383,6 @@ static int padlock_available(void) - return padlock_use_ace + padlock_use_rng; - } - --# ifndef OPENSSL_NO_AES --# ifndef AES_ASM --/* Our own htonl()/ntohl() */ --static inline void padlock_bswapl(AES_KEY *ks) --{ -- size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]); -- unsigned int *key = ks->rd_key; -- -- while (i--) { -- asm volatile ("bswapl %0":"+r" (*key)); -- key++; -- } --} --# endif --# endif -- - /* - * Force key reload from memory to the CPU microcode. Loading EFLAGS from the - * stack clears EFLAGS[30] which does the trick. -@@ -404,7 +392,7 @@ static inline void padlock_reload_key(vo - asm volatile ("pushfl; popfl"); - } - --# ifndef OPENSSL_NO_AES -+# ifndef OPENSSL_NO_AES - /* - * This is heuristic key context tracing. At first one - * believes that one should use atomic swap instructions, -@@ -448,6 +436,101 @@ static inline void *name(size_t cnt, - : "edx", "cc", "memory"); \ - return iv; \ - } -+# endif -+ -+# elif defined(__x86_64__) || defined(__x86_64) -+ -+/* Load supported features of the CPU to see if -+ the PadLock is available. */ -+static int padlock_available(void) -+{ -+ char vendor_string[16]; -+ unsigned int eax, edx; -+ -+ /* Are we running on the Centaur (VIA) CPU? */ -+ eax = 0x00000000; -+ vendor_string[12] = 0; -+ asm volatile ("cpuid\n" -+ "movl %%ebx,(%1)\n" -+ "movl %%edx,4(%1)\n" -+ "movl %%ecx,8(%1)\n":"+a" (eax):"r"(vendor_string):"rbx", -+ "rcx", "rdx"); -+ if (strcmp(vendor_string, "CentaurHauls") != 0) -+ return 0; -+ -+ /* Check for Centaur Extended Feature Flags presence */ -+ eax = 0xC0000000; -+ asm volatile ("cpuid":"+a" (eax)::"rbx", "rcx", "rdx"); -+ if (eax < 0xC0000001) -+ return 0; -+ -+ /* Read the Centaur Extended Feature Flags */ -+ eax = 0xC0000001; -+ asm volatile ("cpuid":"+a" (eax), "=d"(edx)::"rbx", "rcx"); -+ -+ /* Fill up some flags */ -+ padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6)); -+ padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2)); -+ -+ return padlock_use_ace + padlock_use_rng; -+} -+ -+/* Force key reload from memory to the CPU microcode. -+ Loading EFLAGS from the stack clears EFLAGS[30] -+ which does the trick. */ -+static inline void padlock_reload_key(void) -+{ -+ asm volatile ("pushfq; popfq"); -+} -+ -+# ifndef OPENSSL_NO_AES -+/* -+ * This is heuristic key context tracing. At first one -+ * believes that one should use atomic swap instructions, -+ * but it's not actually necessary. Point is that if -+ * padlock_saved_context was changed by another thread -+ * after we've read it and before we compare it with cdata, -+ * our key *shall* be reloaded upon thread context switch -+ * and we are therefore set in either case... -+ */ -+static inline void padlock_verify_context(struct padlock_cipher_data *cdata) -+{ -+ asm volatile ("pushfq\n" -+ " btl $30,(%%rsp)\n" -+ " jnc 1f\n" -+ " cmpq %2,%1\n" -+ " je 1f\n" -+ " popfq\n" -+ " subq $8,%%rsp\n" -+ "1: addq $8,%%rsp\n" -+ " movq %2,%0":"+m" (padlock_saved_context) -+ :"r"(padlock_saved_context), "r"(cdata):"cc"); -+} -+ -+/* Template for padlock_xcrypt_* modes */ -+/* BIG FAT WARNING: -+ * The offsets used with 'leal' instructions -+ * describe items of the 'padlock_cipher_data' -+ * structure. -+ */ -+# define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \ -+static inline void *name(size_t cnt, \ -+ struct padlock_cipher_data *cdata, \ -+ void *out, const void *inp) \ -+{ void *iv; \ -+ asm volatile ( "leaq 16(%0),%%rdx\n" \ -+ " leaq 32(%0),%%rbx\n" \ -+ rep_xcrypt "\n" \ -+ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \ -+ : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \ -+ : "rbx", "rdx", "cc", "memory"); \ -+ return iv; \ -+} -+# endif -+ -+# endif /* cpu */ -+ -+# ifndef OPENSSL_NO_AES - - /* Generate all functions with appropriate opcodes */ - /* rep xcryptecb */ -@@ -458,6 +541,20 @@ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, " - PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") - /* rep xcryptofb */ - PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") -+ -+# ifndef AES_ASM -+/* Our own htonl()/ntohl() */ -+static inline void padlock_bswapl(AES_KEY *ks) -+{ -+ size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]); -+ unsigned int *key = ks->rd_key; -+ -+ while (i--) { -+ asm volatile ("bswapl %0":"+r" (*key)); -+ key++; -+ } -+} -+# endif - # endif - /* The RNG call itself */ - static inline unsigned int padlock_xstore(void *addr, unsigned int edx_in) -@@ -485,8 +582,8 @@ static inline unsigned int padlock_xstor - static inline unsigned char *padlock_memcpy(void *dst, const void *src, - size_t n) - { -- long *d = dst; -- const long *s = src; -+ size_t *d = dst; -+ const size_t *s = src; - - n /= sizeof(*d); - do { diff --git a/openssl-1.0.2a-pkgconfig-krb5.patch b/openssl-1.0.2a-pkgconfig-krb5.patch deleted file mode 100644 index 8ee2c4d..0000000 --- a/openssl-1.0.2a-pkgconfig-krb5.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up openssl-1.0.2a/Makefile.org.krb5 openssl-1.0.2a/Makefile.org ---- openssl-1.0.2a/Makefile.org.krb5 2015-04-21 17:08:41.157464459 +0200 -+++ openssl-1.0.2a/Makefile.org 2015-04-21 17:11:56.887039005 +0200 -@@ -372,7 +372,7 @@ libcrypto.pc: Makefile - echo 'Requires: '; \ - echo 'Libs: -L$${libdir} -lcrypto'; \ - echo 'Libs.private: $(EX_LIBS)'; \ -- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc -+ echo 'Cflags: -I$${includedir}' ) > libcrypto.pc - - libssl.pc: Makefile - @ ( echo 'prefix=$(INSTALLTOP)'; \ -@@ -385,7 +385,7 @@ libssl.pc: Makefile - echo 'Version: '$(VERSION); \ - echo 'Requires.private: libcrypto'; \ - echo 'Libs: -L$${libdir} -lssl'; \ -- echo 'Libs.private: $(EX_LIBS)'; \ -+ echo 'Libs.private: $(EX_LIBS) $(LIBKRB5)'; \ - echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc - - openssl.pc: Makefile diff --git a/openssl-1.0.2a-readme-warning.patch b/openssl-1.0.2a-readme-warning.patch deleted file mode 100644 index 7069989..0000000 --- a/openssl-1.0.2a-readme-warning.patch +++ /dev/null @@ -1,50 +0,0 @@ -diff -up openssl-1.0.2a/README.warning openssl-1.0.2a/README ---- openssl-1.0.2a/README.warning 2015-03-20 16:00:47.000000000 +0100 -+++ openssl-1.0.2a/README 2015-03-21 09:06:11.000000000 +0100 -@@ -5,6 +5,46 @@ - Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson - All rights reserved. - -+ WARNING -+ ------- -+ -+ This version of OpenSSL is built in a way that supports operation in -+ the so called FIPS mode. Note though that the library as we build it -+ is not FIPS 140-2 validated and the FIPS mode is present for testing -+ purposes only. -+ -+ This version also contains a few differences from the upstream code -+ some of which are: -+ * The FIPS validation support is significantly different from the -+ upstream FIPS support. For example the FIPS integrity verification -+ check is implemented differently as the FIPS module is built inside -+ the shared library. The HMAC-SHA256 checksums of the whole shared -+ libraries are verified. Also note that the FIPS integrity -+ verification check requires that the libcrypto and libssl shared -+ library files are unmodified which means that it will fail if these -+ files are changed for example by prelink. -+ * If the file /etc/system-fips is present the integrity verification -+ and selftests of the crypto algorithms are run inside the library -+ constructor code. -+ * With the /etc/system-fips present the module respects the kernel -+ FIPS flag /proc/sys/crypto/fips and tries to initialize the FIPS mode -+ if it is set to 1 aborting if the FIPS mode could not be initialized. -+ With the /etc/system-fips present it is also possible to force the -+ OpenSSL library to FIPS mode especially for debugging purposes by -+ setting the environment variable OPENSSL_FORCE_FIPS_MODE. -+ * If the environment variable OPENSSL_NO_DEFAULT_ZLIB is set the module -+ will not automatically load the built in compression method ZLIB -+ when initialized. Applications can still explicitely ask for ZLIB -+ compression method. -+ * The library was patched so the certificates, CRLs and other objects -+ signed with use of MD5 fail verification as the MD5 is too insecure -+ to be used for signatures. If the environment variable -+ OPENSSL_ENABLE_MD5_VERIFY is set, the verification can proceed -+ normally. -+ * If the OPENSSL_ENFORCE_MODULUS_BITS environment variable is set, -+ the library will not allow generation of DSA and RSA keys with -+ other lengths than specified in the FIPS 186-4 standard. -+ - DESCRIPTION - ----------- - diff --git a/openssl-1.0.2a-rsa-x931.patch b/openssl-1.0.2a-rsa-x931.patch deleted file mode 100644 index 4de716a..0000000 --- a/openssl-1.0.2a-rsa-x931.patch +++ /dev/null @@ -1,35 +0,0 @@ -diff -up openssl-1.0.2a/apps/genrsa.c.x931 openssl-1.0.2a/apps/genrsa.c ---- openssl-1.0.2a/apps/genrsa.c.x931 2015-04-09 18:18:24.132107287 +0200 -+++ openssl-1.0.2a/apps/genrsa.c 2015-04-09 18:18:18.852985339 +0200 -@@ -97,6 +97,7 @@ int MAIN(int argc, char **argv) - int ret = 1; - int i, num = DEFBITS; - long l; -+ int use_x931 = 0; - const EVP_CIPHER *enc = NULL; - unsigned long f4 = RSA_F4; - char *outfile = NULL; -@@ -139,6 +140,8 @@ int MAIN(int argc, char **argv) - f4 = 3; - else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0) - f4 = RSA_F4; -+ else if (strcmp(*argv, "-x931") == 0) -+ use_x931 = 1; - # ifndef OPENSSL_NO_ENGINE - else if (strcmp(*argv, "-engine") == 0) { - if (--argc < 1) -@@ -278,7 +281,13 @@ int MAIN(int argc, char **argv) - if (!rsa) - goto err; - -- if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) -+ if (use_x931) { -+ if (!BN_set_word(bn, f4)) -+ goto err; -+ if (!RSA_X931_generate_key_ex(rsa, num, bn, &cb)) -+ goto err; -+ } else if (!BN_set_word(bn, f4) -+ || !RSA_generate_key_ex(rsa, num, bn, &cb)) - goto err; - - app_RAND_write_file(NULL, bio_err); diff --git a/openssl-1.0.2a-secure-getenv.patch b/openssl-1.0.2a-secure-getenv.patch deleted file mode 100644 index f494839..0000000 --- a/openssl-1.0.2a-secure-getenv.patch +++ /dev/null @@ -1,241 +0,0 @@ -diff -up openssl-1.0.2a/crypto/conf/conf_api.c.secure-getenv openssl-1.0.2a/crypto/conf/conf_api.c ---- openssl-1.0.2a/crypto/conf/conf_api.c.secure-getenv 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/conf/conf_api.c 2015-04-21 17:14:12.757214532 +0200 -@@ -63,6 +63,8 @@ - # define NDEBUG - #endif - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include - #include - #include -@@ -141,7 +143,7 @@ char *_CONF_get_string(const CONF *conf, - if (v != NULL) - return (v->value); - if (strcmp(section, "ENV") == 0) { -- p = getenv(name); -+ p = secure_getenv(name); - if (p != NULL) - return (p); - } -@@ -154,7 +156,7 @@ char *_CONF_get_string(const CONF *conf, - else - return (NULL); - } else -- return (getenv(name)); -+ return (secure_getenv(name)); - } - - #if 0 /* There's no way to provide error checking -diff -up openssl-1.0.2a/crypto/conf/conf_mod.c.secure-getenv openssl-1.0.2a/crypto/conf/conf_mod.c ---- openssl-1.0.2a/crypto/conf/conf_mod.c.secure-getenv 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/conf/conf_mod.c 2015-04-21 17:13:24.165078848 +0200 -@@ -57,6 +57,8 @@ - * - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include - #include - #include -@@ -526,7 +528,7 @@ char *CONF_get1_default_config_file(void - char *file; - int len; - -- file = getenv("OPENSSL_CONF"); -+ file = secure_getenv("OPENSSL_CONF"); - if (file) - return BUF_strdup(file); - -diff -up openssl-1.0.2a/crypto/engine/eng_list.c.secure-getenv openssl-1.0.2a/crypto/engine/eng_list.c ---- openssl-1.0.2a/crypto/engine/eng_list.c.secure-getenv 2015-04-21 17:13:24.165078848 +0200 -+++ openssl-1.0.2a/crypto/engine/eng_list.c 2015-04-21 17:15:53.180561603 +0200 -@@ -62,6 +62,8 @@ - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include "eng_int.h" - - /* -@@ -368,10 +370,10 @@ ENGINE *ENGINE_by_id(const char *id) - */ - if (strcmp(id, "dynamic")) { - # ifdef OPENSSL_SYS_VMS -- if ((load_dir = getenv("OPENSSL_ENGINES")) == 0) -+ if (OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0) - load_dir = "SSLROOT:[ENGINES]"; - # else -- if ((load_dir = getenv("OPENSSL_ENGINES")) == 0) -+ if ((load_dir = secure_getenv("OPENSSL_ENGINES")) == 0) - load_dir = ENGINESDIR; - # endif - iterator = ENGINE_by_id("dynamic"); -diff -up openssl-1.0.2a/crypto/md5/md5_dgst.c.secure-getenv openssl-1.0.2a/crypto/md5/md5_dgst.c ---- openssl-1.0.2a/crypto/md5/md5_dgst.c.secure-getenv 2015-04-21 17:13:24.156078637 +0200 -+++ openssl-1.0.2a/crypto/md5/md5_dgst.c 2015-04-21 17:13:24.165078848 +0200 -@@ -56,6 +56,8 @@ - * [including the GNU Public Licence.] - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include - #include "md5_locl.h" - #include -@@ -75,7 +77,8 @@ const char MD5_version[] = "MD5" OPENSSL - int MD5_Init(MD5_CTX *c) - #ifdef OPENSSL_FIPS - { -- if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL) -+ if (FIPS_mode() -+ && secure_getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL) - OpenSSLDie(__FILE__, __LINE__, "Digest MD5 forbidden in FIPS mode!"); - return private_MD5_Init(c); - } -diff -up openssl-1.0.2a/crypto/o_init.c.secure-getenv openssl-1.0.2a/crypto/o_init.c ---- openssl-1.0.2a/crypto/o_init.c.secure-getenv 2015-04-21 17:13:24.142078310 +0200 -+++ openssl-1.0.2a/crypto/o_init.c 2015-04-21 17:13:24.165078848 +0200 -@@ -53,6 +53,8 @@ - * - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include - #include - #ifdef OPENSSL_FIPS -@@ -72,7 +74,7 @@ static void init_fips_mode(void) - char buf[2] = "0"; - int fd; - -- if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { -+ if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { - buf[0] = '1'; - } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { - while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; -diff -up openssl-1.0.2a/crypto/rand/randfile.c.secure-getenv openssl-1.0.2a/crypto/rand/randfile.c ---- openssl-1.0.2a/crypto/rand/randfile.c.secure-getenv 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/rand/randfile.c 2015-04-21 17:13:24.165078848 +0200 -@@ -60,6 +60,8 @@ - #if !defined(OPENSSL_SYS_VXWORKS) - # define _XOPEN_SOURCE 500 - #endif -+/* for secure_getenv */ -+#define _GNU_SOURCE - - #include - #include -@@ -292,14 +294,12 @@ const char *RAND_file_name(char *buf, si - struct stat sb; - #endif - -- if (OPENSSL_issetugid() == 0) -- s = getenv("RANDFILE"); -+ s = secure_getenv("RANDFILE"); - if (s != NULL && *s && strlen(s) + 1 < size) { - if (BUF_strlcpy(buf, s, size) >= size) - return NULL; - } else { -- if (OPENSSL_issetugid() == 0) -- s = getenv("HOME"); -+ s = secure_getenv("HOME"); - #ifdef DEFAULT_HOME - if (s == NULL) { - s = DEFAULT_HOME; -diff -up openssl-1.0.2a/crypto/x509/by_dir.c.secure-getenv openssl-1.0.2a/crypto/x509/by_dir.c ---- openssl-1.0.2a/crypto/x509/by_dir.c.secure-getenv 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/crypto/x509/by_dir.c 2015-04-21 17:13:24.165078848 +0200 -@@ -56,6 +56,8 @@ - * [including the GNU Public Licence.] - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include - #include - #include -@@ -128,7 +130,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in - switch (cmd) { - case X509_L_ADD_DIR: - if (argl == X509_FILETYPE_DEFAULT) { -- dir = (char *)getenv(X509_get_default_cert_dir_env()); -+ dir = (char *)secure_getenv(X509_get_default_cert_dir_env()); - if (dir) - ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); - else -diff -up openssl-1.0.2a/crypto/x509/by_file.c.secure-getenv openssl-1.0.2a/crypto/x509/by_file.c ---- openssl-1.0.2a/crypto/x509/by_file.c.secure-getenv 2015-04-21 17:13:24.118077749 +0200 -+++ openssl-1.0.2a/crypto/x509/by_file.c 2015-04-21 17:13:24.166078871 +0200 -@@ -56,6 +56,8 @@ - * [including the GNU Public Licence.] - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include - #include - #include -@@ -97,7 +99,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx - switch (cmd) { - case X509_L_FILE_LOAD: - if (argl == X509_FILETYPE_DEFAULT) { -- file = (char *)getenv(X509_get_default_cert_file_env()); -+ file = (char *)secure_getenv(X509_get_default_cert_file_env()); - if (file) - ok = (X509_load_cert_crl_file(ctx, file, - X509_FILETYPE_PEM) != 0); -diff -up openssl-1.0.2a/crypto/x509/x509_vfy.c.secure-getenv openssl-1.0.2a/crypto/x509/x509_vfy.c ---- openssl-1.0.2a/crypto/x509/x509_vfy.c.secure-getenv 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/x509/x509_vfy.c 2015-04-21 17:19:14.948277272 +0200 -@@ -56,6 +56,8 @@ - * [including the GNU Public Licence.] - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include - #include - #include -@@ -550,7 +552,7 @@ static int check_chain_extensions(X509_S - * A hack to keep people who don't want to modify their software - * happy - */ -- if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) -+ if (secure_getenv("OPENSSL_ALLOW_PROXY_CERTS")) - allow_proxy_certs = 1; - purpose = ctx->param->purpose; - } -diff -up openssl-1.0.2a/engines/ccgost/gost_ctl.c.secure-getenv openssl-1.0.2a/engines/ccgost/gost_ctl.c ---- openssl-1.0.2a/engines/ccgost/gost_ctl.c.secure-getenv 2015-03-19 14:19:00.000000000 +0100 -+++ openssl-1.0.2a/engines/ccgost/gost_ctl.c 2015-04-21 17:19:53.897187577 +0200 -@@ -6,6 +6,8 @@ - * Implementation of control commands for GOST engine * - * OpenSSL 0.9.9 libraries required * - **********************************************************************/ -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include - #include - #include -@@ -64,7 +66,7 @@ const char *get_gost_engine_param(int pa - if (gost_params[param] != NULL) { - return gost_params[param]; - } -- tmp = getenv(gost_envnames[param]); -+ tmp = secure_getenv(gost_envnames[param]); - if (tmp) { - if (gost_params[param]) - OPENSSL_free(gost_params[param]); -@@ -79,7 +81,7 @@ int gost_set_default_param(int param, co - const char *tmp; - if (param < 0 || param > GOST_PARAM_MAX) - return 0; -- tmp = getenv(gost_envnames[param]); -+ tmp = secure_getenv(gost_envnames[param]); - /* - * if there is value in the environment, use it, else -passed string * - */ diff --git a/openssl-1.0.2a-system-cipherlist.patch b/openssl-1.0.2a-system-cipherlist.patch deleted file mode 100644 index 482fecc..0000000 --- a/openssl-1.0.2a-system-cipherlist.patch +++ /dev/null @@ -1,285 +0,0 @@ -diff -up openssl-1.0.2a/Configure.system openssl-1.0.2a/Configure ---- openssl-1.0.2a/Configure.system 2015-04-22 15:23:47.970633650 +0200 -+++ openssl-1.0.2a/Configure 2015-04-22 15:23:48.042635407 +0200 -@@ -10,7 +10,7 @@ use strict; - - # see INSTALL for instructions. - --my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; -+my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; - - # Options: - # -@@ -35,6 +35,9 @@ my $usage="Usage: Configure [no- - # --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently - # supported values are "MIT" and "Heimdal". A value is required. - # -+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM -+# cipher is specified (default). -+# - # --test-sanity Make a number of sanity checks on the data in this file. - # This is a debugging tool for OpenSSL developers. - # -@@ -703,6 +706,7 @@ my $prefix=""; - my $libdir=""; - my $openssldir=""; - my $enginesdir=""; -+my $system_ciphers_file=""; - my $exe_ext=""; - my $install_prefix= "$ENV{'INSTALL_PREFIX'}"; - my $cross_compile_prefix=""; -@@ -934,6 +938,10 @@ PROCESS_ARGS: - { - $enginesdir=$1; - } -+ elsif (/^--system-ciphers-file=(.*)$/) -+ { -+ $system_ciphers_file=$1; -+ } - elsif (/^--install.prefix=(.*)$/) - { - $install_prefix=$1; -@@ -1096,6 +1104,7 @@ print "Configuring for $target\n"; - - &usage if (!defined($table{$target})); - -+chop $system_ciphers_file if $system_ciphers_file =~ /\/$/; - - foreach (sort (keys %disabled)) - { -@@ -1667,6 +1676,7 @@ while () - s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/; - s/^MULTILIB=.*$/MULTILIB=$multilib/; - s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/; -+ s/^SYSTEM_CIPHERS_FILE=.*$/SYSTEM_CIPHERS_FILE=$system_ciphers_file/; - s/^LIBDIR=.*$/LIBDIR=$libdir/; - s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/; - s/^PLATFORM=.*$/PLATFORM=$target/; -@@ -1877,6 +1887,14 @@ while () - $foo =~ s/\\/\\\\/g; - print OUT "#define ENGINESDIR \"$foo\"\n"; - } -+ elsif (/^#((define)|(undef))\s+SYSTEM_CIPHERS_FILE/) -+ { -+ my $foo = "$system_ciphers_file"; -+ if ($foo ne '') { -+ $foo =~ s/\\/\\\\/g; -+ print OUT "#define SYSTEM_CIPHERS_FILE \"$foo\"\n"; -+ } -+ } - elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/) - { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n" - if $export_var_as_fn; -diff -up openssl-1.0.2a/crypto/opensslconf.h.in.system openssl-1.0.2a/crypto/opensslconf.h.in ---- openssl-1.0.2a/crypto/opensslconf.h.in.system 2015-04-22 15:23:47.988634089 +0200 -+++ openssl-1.0.2a/crypto/opensslconf.h.in 2015-04-22 15:23:48.042635407 +0200 -@@ -25,6 +25,8 @@ - #endif - #endif - -+#undef SYSTEM_CIPHERS_FILE -+ - #undef OPENSSL_UNISTD - #define OPENSSL_UNISTD - -diff -up openssl-1.0.2a/ssl/ssl_ciph.c.system openssl-1.0.2a/ssl/ssl_ciph.c ---- openssl-1.0.2a/ssl/ssl_ciph.c.system 2015-04-22 15:23:47.993634211 +0200 -+++ openssl-1.0.2a/ssl/ssl_ciph.c 2015-04-22 15:29:30.185982356 +0200 -@@ -1463,6 +1463,50 @@ static int check_suiteb_cipher_list(cons - } - #endif - -+#ifdef SYSTEM_CIPHERS_FILE -+static char *load_system_str(const char *suffix) -+{ -+ FILE *fp; -+ char buf[1024]; -+ char *new_rules; -+ unsigned len, slen; -+ -+ fp = fopen(SYSTEM_CIPHERS_FILE, "r"); -+ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) { -+ /* cannot open or file is empty */ -+ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST); -+ } -+ -+ if (fp) -+ fclose(fp); -+ -+ slen = strlen(suffix); -+ len = strlen(buf); -+ -+ if (buf[len - 1] == '\n') { -+ len--; -+ buf[len] = 0; -+ } -+ if (buf[len - 1] == '\r') { -+ len--; -+ buf[len] = 0; -+ } -+ -+ new_rules = OPENSSL_malloc(len + slen + 1); -+ if (new_rules == 0) -+ return NULL; -+ -+ memcpy(new_rules, buf, len); -+ if (slen > 0) { -+ memcpy(&new_rules[len], suffix, slen); -+ len += slen; -+ } -+ new_rules[len] = 0; -+ -+ return new_rules; -+} -+#endif -+ - STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) - **cipher_list, STACK_OF(SSL_CIPHER) - **cipher_list_by_id, -@@ -1471,19 +1515,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ - int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; - unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, - disabled_ssl; -- STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; -+ STACK_OF(SSL_CIPHER) *cipherstack = NULL, *tmp_cipher_list; - const char *rule_p; - CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; - const SSL_CIPHER **ca_list = NULL; -+#ifdef SYSTEM_CIPHERS_FILE -+ char *new_rules = NULL; -+ -+ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) { -+ char *p = rule_str + 14; -+ -+ new_rules = load_system_str(p); -+ rule_str = new_rules; -+ } -+#endif - - /* - * Return with error if nothing to do. - */ - if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) -- return NULL; -+ goto end; - #ifndef OPENSSL_NO_EC - if (!check_suiteb_cipher_list(ssl_method, c, &rule_str)) -- return NULL; -+ goto end; - #endif - - /* -@@ -1507,7 +1561,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ - (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); - if (co_list == NULL) { - SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); -- return (NULL); /* Failure */ -+ goto end; - } - - ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, -@@ -1568,8 +1622,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ - * in force within each class - */ - if (!ssl_cipher_strength_sort(&head, &tail)) { -- OPENSSL_free(co_list); -- return NULL; -+ goto end; - } - - /* Now disable everything (maintaining the ordering!) */ -@@ -1587,9 +1640,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ - num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; - ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); - if (ca_list == NULL) { -- OPENSSL_free(co_list); - SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); -- return (NULL); /* Failure */ -+ goto end; - } - ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, - disabled_mkey, disabled_auth, disabled_enc, -@@ -1615,8 +1667,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ - OPENSSL_free((void *)ca_list); /* Not needed anymore */ - - if (!ok) { /* Rule processing failure */ -- OPENSSL_free(co_list); -- return (NULL); -+ goto end; - } - - /* -@@ -1624,8 +1675,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ - * if we cannot get one. - */ - if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { -- OPENSSL_free(co_list); -- return (NULL); -+ goto end; - } - - /* -@@ -1646,12 +1696,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ - #endif - } - } -- OPENSSL_free(co_list); /* Not needed any longer */ - - tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); - if (tmp_cipher_list == NULL) { - sk_SSL_CIPHER_free(cipherstack); -- return NULL; -+ cipherstack = NULL; -+ goto end; - } - if (*cipher_list != NULL) - sk_SSL_CIPHER_free(*cipher_list); -@@ -1663,6 +1713,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ - ssl_cipher_ptr_id_cmp); - - sk_SSL_CIPHER_sort(*cipher_list_by_id); -+ -+ end: -+ OPENSSL_free(co_list); -+#ifdef SYSTEM_CIPHERS_FILE -+ OPENSSL_free(new_rules); -+#endif - return (cipherstack); - } - -diff -up openssl-1.0.2a/ssl/ssl.h.system openssl-1.0.2a/ssl/ssl.h ---- openssl-1.0.2a/ssl/ssl.h.system 2015-04-22 15:23:48.043635431 +0200 -+++ openssl-1.0.2a/ssl/ssl.h 2015-04-22 15:35:43.666093799 +0200 -@@ -345,6 +345,11 @@ extern "C" { - * throwing out anonymous and unencrypted ciphersuites! (The latter are not - * actually enabled by ALL, but "ALL:RSA" would enable some of them.) - */ -+# ifdef SYSTEM_CIPHERS_FILE -+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM" -+# else -+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST -+# endif - - /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ - # define SSL_SENT_SHUTDOWN 1 -diff -up openssl-1.0.2a/ssl/ssl_lib.c.system openssl-1.0.2a/ssl/ssl_lib.c ---- openssl-1.0.2a/ssl/ssl_lib.c.system 2015-04-22 15:23:48.044635455 +0200 -+++ openssl-1.0.2a/ssl/ssl_lib.c 2015-04-22 15:31:55.794534631 +0200 -@@ -273,7 +273,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx - &(ctx->cipher_list_by_id), - meth->version == - SSL2_VERSION ? "SSLv2" : -- SSL_DEFAULT_CIPHER_LIST, ctx->cert); -+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert); - if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { - SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, - SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); -@@ -1945,7 +1945,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m - ssl_create_cipher_list(ret->method, - &ret->cipher_list, &ret->cipher_list_by_id, - meth->version == -- SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST, -+ SSL2_VERSION ? "SSLv2" : SSL_SYSTEM_DEFAULT_CIPHER_LIST, - ret->cert); - if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { - SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); diff --git a/openssl-1.0.2a-test-use-localhost.patch b/openssl-1.0.2a-test-use-localhost.patch deleted file mode 100644 index 4510e6e..0000000 --- a/openssl-1.0.2a-test-use-localhost.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up openssl-1.0.2a/ssl/ssltest.c.use-localhost openssl-1.0.2a/ssl/ssltest.c ---- openssl-1.0.2a/ssl/ssltest.c.use-localhost 2015-04-20 14:43:07.172601663 +0200 -+++ openssl-1.0.2a/ssl/ssltest.c 2015-04-20 14:45:02.831299849 +0200 -@@ -1516,16 +1516,7 @@ int main(int argc, char *argv[]) - - #ifndef OPENSSL_NO_KRB5 - if (c_ssl && c_ssl->kssl_ctx) { -- char localhost[MAXHOSTNAMELEN + 2]; -- -- if (gethostname(localhost, sizeof localhost - 1) == 0) { -- localhost[sizeof localhost - 1] = '\0'; -- if (strlen(localhost) == sizeof localhost - 1) { -- BIO_printf(bio_err, "localhost name too long\n"); -- goto end; -- } -- kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost); -- } -+ kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, "localhost"); - } - #endif /* OPENSSL_NO_KRB5 */ - diff --git a/openssl-1.0.2a-version-add-engines.patch b/openssl-1.0.2a-version-add-engines.patch deleted file mode 100644 index b7936b3..0000000 --- a/openssl-1.0.2a-version-add-engines.patch +++ /dev/null @@ -1,47 +0,0 @@ -diff -up openssl-1.0.2a/apps/version.c.version-add-engines openssl-1.0.2a/apps/version.c ---- openssl-1.0.2a/apps/version.c.version-add-engines 2015-04-09 18:16:42.345756005 +0200 -+++ openssl-1.0.2a/apps/version.c 2015-04-09 18:16:36.573622667 +0200 -@@ -131,6 +131,7 @@ - #ifndef OPENSSL_NO_BF - # include - #endif -+#include - - #undef PROG - #define PROG version_main -@@ -140,7 +141,8 @@ int MAIN(int, char **); - int MAIN(int argc, char **argv) - { - int i, ret = 0; -- int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0; -+ int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = -+ 0, engines = 0; - - apps_startup(); - -@@ -164,7 +166,7 @@ int MAIN(int argc, char **argv) - else if (strcmp(argv[i], "-d") == 0) - dir = 1; - else if (strcmp(argv[i], "-a") == 0) -- date = version = cflags = options = platform = dir = 1; -+ date = version = cflags = options = platform = dir = engines = 1; - else { - BIO_printf(bio_err, "usage:version -[avbofpd]\n"); - ret = 1; -@@ -208,6 +210,16 @@ int MAIN(int argc, char **argv) - printf("%s\n", SSLeay_version(SSLEAY_CFLAGS)); - if (dir) - printf("%s\n", SSLeay_version(SSLEAY_DIR)); -+ if (engines) { -+ ENGINE *e; -+ printf("engines: "); -+ e = ENGINE_get_first(); -+ while (e) { -+ printf("%s ", ENGINE_get_id(e)); -+ e = ENGINE_get_next(e); -+ } -+ printf("\n"); -+ } - end: - apps_shutdown(); - OPENSSL_EXIT(ret); diff --git a/openssl-1.0.2a-version.patch b/openssl-1.0.2a-version.patch deleted file mode 100644 index 25dfff5..0000000 --- a/openssl-1.0.2a-version.patch +++ /dev/null @@ -1,83 +0,0 @@ -diff -up openssl-1.0.2a/crypto/cversion.c.version openssl-1.0.2a/crypto/cversion.c ---- openssl-1.0.2a/crypto/cversion.c.version 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/crypto/cversion.c 2015-04-21 16:48:56.285535316 +0200 -@@ -62,7 +62,7 @@ - # include "buildinf.h" - #endif - --const char *SSLeay_version(int t) -+const char *_current_SSLeay_version(int t) - { - if (t == SSLEAY_VERSION) - return OPENSSL_VERSION_TEXT; -@@ -101,7 +101,40 @@ const char *SSLeay_version(int t) - return ("not available"); - } - --unsigned long SSLeay(void) -+const char *_original_SSLeay_version(int t) -+{ -+ if (t == SSLEAY_VERSION) -+ return "OpenSSL 1.0.0-fips 29 Mar 2010"; -+ else -+ return _current_SSLeay_version(t); -+} -+ -+const char *_original101_SSLeay_version(int t) -+{ -+ if (t == SSLEAY_VERSION) -+ return "OpenSSL 1.0.1e-fips 11 Feb 2013"; -+ else -+ return _current_SSLeay_version(t); -+} -+ -+unsigned long _original_SSLeay(void) -+{ -+ return (0x10000003L); -+} -+ -+unsigned long _original101_SSLeay(void) -+{ -+ return (0x1000105fL); -+} -+ -+unsigned long _current_SSLeay(void) - { - return (SSLEAY_VERSION_NUMBER); - } -+ -+__asm__(".symver _original_SSLeay,SSLeay@"); -+__asm__(".symver _original_SSLeay_version,SSLeay_version@"); -+__asm__(".symver _original101_SSLeay,SSLeay@OPENSSL_1.0.1"); -+__asm__(".symver _original101_SSLeay_version,SSLeay_version@OPENSSL_1.0.1"); -+__asm__(".symver _current_SSLeay,SSLeay@@OPENSSL_1.0.2"); -+__asm__(".symver _current_SSLeay_version,SSLeay_version@@OPENSSL_1.0.2"); -diff -up openssl-1.0.2a/Makefile.shared.version openssl-1.0.2a/Makefile.shared ---- openssl-1.0.2a/Makefile.shared.version 2015-04-21 16:43:02.624170648 +0200 -+++ openssl-1.0.2a/Makefile.shared 2015-04-21 16:43:02.676171879 +0200 -@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ - SHLIB_SUFFIX=; \ - ALLSYMSFLAGS='-Wl,--whole-archive'; \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ -- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" -+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--default-symver,--version-script=version.map -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - - DO_GNU_APP=LDFLAGS="$(CFLAGS)" - -diff -up openssl-1.0.2a/version.map.version openssl-1.0.2a/version.map ---- openssl-1.0.2a/version.map.version 2015-04-21 16:43:02.676171879 +0200 -+++ openssl-1.0.2a/version.map 2015-04-21 16:51:49.621630589 +0200 -@@ -0,0 +1,13 @@ -+OPENSSL_1.0.1 { -+ global: -+ SSLeay; -+ SSLeay_version; -+ local: -+ _original*; -+ _current*; -+}; -+OPENSSL_1.0.2 { -+ global: -+ SSLeay; -+ SSLeay_version; -+} OPENSSL_1.0.1; diff --git a/openssl-1.0.2a-x509.patch b/openssl-1.0.2a-x509.patch deleted file mode 100644 index 7c96a57..0000000 --- a/openssl-1.0.2a-x509.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff -up openssl-1.0.2a/crypto/x509/by_file.c.x509 openssl-1.0.2a/crypto/x509/by_file.c ---- openssl-1.0.2a/crypto/x509/by_file.c.x509 2015-04-09 18:16:29.365456157 +0200 -+++ openssl-1.0.2a/crypto/x509/by_file.c 2015-04-09 18:16:26.398387618 +0200 -@@ -152,9 +152,12 @@ int X509_load_cert_file(X509_LOOKUP *ctx - } - } - i = X509_STORE_add_cert(ctx->store_ctx, x); -- if (!i) -- goto err; -- count++; -+ /* ignore any problems with current certificate -+ and continue with the next one */ -+ if (i) -+ count++; -+ else -+ ERR_clear_error(); - X509_free(x); - x = NULL; - } -@@ -167,7 +170,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx - } - i = X509_STORE_add_cert(ctx->store_ctx, x); - if (!i) -- goto err; -+ ERR_clear_error(); - ret = i; - } else { - X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE); diff --git a/openssl-1.0.2a-xmpp-starttls.patch b/openssl-1.0.2a-xmpp-starttls.patch deleted file mode 100644 index d2c3bcd..0000000 --- a/openssl-1.0.2a-xmpp-starttls.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -up openssl-1.0.2a/apps/s_client.c.starttls openssl-1.0.2a/apps/s_client.c ---- openssl-1.0.2a/apps/s_client.c.starttls 2015-04-22 18:23:12.964387157 +0200 -+++ openssl-1.0.2a/apps/s_client.c 2015-04-22 18:23:56.496414820 +0200 -@@ -134,7 +134,8 @@ - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ -- -+/* for strcasestr */ -+#define _GNU_SOURCE - #include - #include - #include -@@ -1626,8 +1627,11 @@ int MAIN(int argc, char **argv) - "xmlns='jabber:client' to='%s' version='1.0'>", host); - seen = BIO_read(sbio, mbuf, BUFSIZZ); - mbuf[seen] = 0; -- while (!strstr -- (mbuf, "")) - goto shut; - seen = BIO_read(sbio, mbuf, BUFSIZZ); diff --git a/openssl-1.0.2c-default-paths.patch b/openssl-1.0.2c-default-paths.patch deleted file mode 100644 index aa607be..0000000 --- a/openssl-1.0.2c-default-paths.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -up openssl-1.0.2c/apps/s_server.c.default-paths openssl-1.0.2c/apps/s_server.c ---- openssl-1.0.2c/apps/s_server.c.default-paths 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/apps/s_server.c 2015-06-15 17:24:17.747446515 +0200 -@@ -1788,12 +1788,16 @@ int MAIN(int argc, char *argv[]) - } - #endif - -- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || -- (!SSL_CTX_set_default_verify_paths(ctx))) { -- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ -- ERR_print_errors(bio_err); -- /* goto end; */ -+ if (CAfile == NULL && CApath == NULL) { -+ if (!SSL_CTX_set_default_verify_paths(ctx)) { -+ ERR_print_errors(bio_err); -+ } -+ } else { -+ if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) { -+ ERR_print_errors(bio_err); -+ } - } -+ - if (vpm) - SSL_CTX_set1_param(ctx, vpm); - -@@ -1850,8 +1854,10 @@ int MAIN(int argc, char *argv[]) - else - SSL_CTX_sess_set_cache_size(ctx2, 128); - -- if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) || -- (!SSL_CTX_set_default_verify_paths(ctx2))) { -+ if (!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) { -+ ERR_print_errors(bio_err); -+ } -+ if (!SSL_CTX_set_default_verify_paths(ctx2)) { - ERR_print_errors(bio_err); - } - if (vpm) -diff -up openssl-1.0.2c/apps/s_time.c.default-paths openssl-1.0.2c/apps/s_time.c ---- openssl-1.0.2c/apps/s_time.c.default-paths 2015-06-12 16:51:21.000000000 +0200 -+++ openssl-1.0.2c/apps/s_time.c 2015-06-15 17:24:17.747446515 +0200 -@@ -381,13 +381,14 @@ int MAIN(int argc, char **argv) - - SSL_load_error_strings(); - -- if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) || -- (!SSL_CTX_set_default_verify_paths(tm_ctx))) { -- /* -- * BIO_printf(bio_err,"error setting default verify locations\n"); -- */ -- ERR_print_errors(bio_err); -- /* goto end; */ -+ if (CAfile == NULL && CApath == NULL) { -+ if (!SSL_CTX_set_default_verify_paths(tm_ctx)) { -+ ERR_print_errors(bio_err); -+ } -+ } else { -+ if (!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) { -+ ERR_print_errors(bio_err); -+ } - } - - if (tm_cipher == NULL) diff --git a/openssl-1.0.2c-ecc-suiteb.patch b/openssl-1.0.2c-ecc-suiteb.patch deleted file mode 100644 index dfcae76..0000000 --- a/openssl-1.0.2c-ecc-suiteb.patch +++ /dev/null @@ -1,195 +0,0 @@ -diff -up openssl-1.0.2c/apps/speed.c.suiteb openssl-1.0.2c/apps/speed.c ---- openssl-1.0.2c/apps/speed.c.suiteb 2015-06-15 17:37:06.285083685 +0200 -+++ openssl-1.0.2c/apps/speed.c 2015-06-15 17:37:06.335084836 +0200 -@@ -996,78 +996,26 @@ int MAIN(int argc, char **argv) - } else - # endif - # ifndef OPENSSL_NO_ECDSA -- if (strcmp(*argv, "ecdsap160") == 0) -- ecdsa_doit[R_EC_P160] = 2; -- else if (strcmp(*argv, "ecdsap192") == 0) -- ecdsa_doit[R_EC_P192] = 2; -- else if (strcmp(*argv, "ecdsap224") == 0) -- ecdsa_doit[R_EC_P224] = 2; -- else if (strcmp(*argv, "ecdsap256") == 0) -+ if (strcmp(*argv, "ecdsap256") == 0) - ecdsa_doit[R_EC_P256] = 2; - else if (strcmp(*argv, "ecdsap384") == 0) - ecdsa_doit[R_EC_P384] = 2; - else if (strcmp(*argv, "ecdsap521") == 0) - ecdsa_doit[R_EC_P521] = 2; -- else if (strcmp(*argv, "ecdsak163") == 0) -- ecdsa_doit[R_EC_K163] = 2; -- else if (strcmp(*argv, "ecdsak233") == 0) -- ecdsa_doit[R_EC_K233] = 2; -- else if (strcmp(*argv, "ecdsak283") == 0) -- ecdsa_doit[R_EC_K283] = 2; -- else if (strcmp(*argv, "ecdsak409") == 0) -- ecdsa_doit[R_EC_K409] = 2; -- else if (strcmp(*argv, "ecdsak571") == 0) -- ecdsa_doit[R_EC_K571] = 2; -- else if (strcmp(*argv, "ecdsab163") == 0) -- ecdsa_doit[R_EC_B163] = 2; -- else if (strcmp(*argv, "ecdsab233") == 0) -- ecdsa_doit[R_EC_B233] = 2; -- else if (strcmp(*argv, "ecdsab283") == 0) -- ecdsa_doit[R_EC_B283] = 2; -- else if (strcmp(*argv, "ecdsab409") == 0) -- ecdsa_doit[R_EC_B409] = 2; -- else if (strcmp(*argv, "ecdsab571") == 0) -- ecdsa_doit[R_EC_B571] = 2; - else if (strcmp(*argv, "ecdsa") == 0) { -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P256; i <= R_EC_P521; i++) - ecdsa_doit[i] = 1; - } else - # endif - # ifndef OPENSSL_NO_ECDH -- if (strcmp(*argv, "ecdhp160") == 0) -- ecdh_doit[R_EC_P160] = 2; -- else if (strcmp(*argv, "ecdhp192") == 0) -- ecdh_doit[R_EC_P192] = 2; -- else if (strcmp(*argv, "ecdhp224") == 0) -- ecdh_doit[R_EC_P224] = 2; -- else if (strcmp(*argv, "ecdhp256") == 0) -+ if (strcmp(*argv, "ecdhp256") == 0) - ecdh_doit[R_EC_P256] = 2; - else if (strcmp(*argv, "ecdhp384") == 0) - ecdh_doit[R_EC_P384] = 2; - else if (strcmp(*argv, "ecdhp521") == 0) - ecdh_doit[R_EC_P521] = 2; -- else if (strcmp(*argv, "ecdhk163") == 0) -- ecdh_doit[R_EC_K163] = 2; -- else if (strcmp(*argv, "ecdhk233") == 0) -- ecdh_doit[R_EC_K233] = 2; -- else if (strcmp(*argv, "ecdhk283") == 0) -- ecdh_doit[R_EC_K283] = 2; -- else if (strcmp(*argv, "ecdhk409") == 0) -- ecdh_doit[R_EC_K409] = 2; -- else if (strcmp(*argv, "ecdhk571") == 0) -- ecdh_doit[R_EC_K571] = 2; -- else if (strcmp(*argv, "ecdhb163") == 0) -- ecdh_doit[R_EC_B163] = 2; -- else if (strcmp(*argv, "ecdhb233") == 0) -- ecdh_doit[R_EC_B233] = 2; -- else if (strcmp(*argv, "ecdhb283") == 0) -- ecdh_doit[R_EC_B283] = 2; -- else if (strcmp(*argv, "ecdhb409") == 0) -- ecdh_doit[R_EC_B409] = 2; -- else if (strcmp(*argv, "ecdhb571") == 0) -- ecdh_doit[R_EC_B571] = 2; - else if (strcmp(*argv, "ecdh") == 0) { -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P256; i <= R_EC_P521; i++) - ecdh_doit[i] = 1; - } else - # endif -@@ -1156,21 +1104,11 @@ int MAIN(int argc, char **argv) - BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n"); - # endif - # ifndef OPENSSL_NO_ECDSA -- BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 " -- "ecdsap256 ecdsap384 ecdsap521\n"); -- BIO_printf(bio_err, -- "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n"); -- BIO_printf(bio_err, -- "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n"); -+ BIO_printf(bio_err, "ecdsap256 ecdsap384 ecdsap521\n"); - BIO_printf(bio_err, "ecdsa\n"); - # endif - # ifndef OPENSSL_NO_ECDH -- BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 " -- "ecdhp256 ecdhp384 ecdhp521\n"); -- BIO_printf(bio_err, -- "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n"); -- BIO_printf(bio_err, -- "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n"); -+ BIO_printf(bio_err, "ecdhp256 ecdhp384 ecdhp521\n"); - BIO_printf(bio_err, "ecdh\n"); - # endif - -@@ -1255,11 +1193,11 @@ int MAIN(int argc, char **argv) - if (!FIPS_mode() || i != R_DSA_512) - dsa_doit[i] = 1; - # ifndef OPENSSL_NO_ECDSA -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P256; i <= R_EC_P521; i++) - ecdsa_doit[i] = 1; - # endif - # ifndef OPENSSL_NO_ECDH -- for (i = 0; i < EC_NUM; i++) -+ for (i = R_EC_P256; i <= R_EC_P521; i++) - ecdh_doit[i] = 1; - # endif - } -diff -up openssl-1.0.2c/ssl/t1_lib.c.suiteb openssl-1.0.2c/ssl/t1_lib.c ---- openssl-1.0.2c/ssl/t1_lib.c.suiteb 2015-06-12 16:51:27.000000000 +0200 -+++ openssl-1.0.2c/ssl/t1_lib.c 2015-06-15 17:44:03.578681271 +0200 -@@ -268,11 +268,7 @@ static const unsigned char eccurves_auto - 0, 23, /* secp256r1 (23) */ - /* Other >= 256-bit prime curves. */ - 0, 25, /* secp521r1 (25) */ -- 0, 28, /* brainpool512r1 (28) */ -- 0, 27, /* brainpoolP384r1 (27) */ - 0, 24, /* secp384r1 (24) */ -- 0, 26, /* brainpoolP256r1 (26) */ -- 0, 22, /* secp256k1 (22) */ - # ifndef OPENSSL_NO_EC2M - /* >= 256-bit binary curves. */ - 0, 14, /* sect571r1 (14) */ -@@ -289,11 +285,7 @@ static const unsigned char eccurves_all[ - 0, 23, /* secp256r1 (23) */ - /* Other >= 256-bit prime curves. */ - 0, 25, /* secp521r1 (25) */ -- 0, 28, /* brainpool512r1 (28) */ -- 0, 27, /* brainpoolP384r1 (27) */ - 0, 24, /* secp384r1 (24) */ -- 0, 26, /* brainpoolP256r1 (26) */ -- 0, 22, /* secp256k1 (22) */ - # ifndef OPENSSL_NO_EC2M - /* >= 256-bit binary curves. */ - 0, 14, /* sect571r1 (14) */ -@@ -307,13 +299,6 @@ static const unsigned char eccurves_all[ - * Remaining curves disabled by default but still permitted if set - * via an explicit callback or parameters. - */ -- 0, 20, /* secp224k1 (20) */ -- 0, 21, /* secp224r1 (21) */ -- 0, 18, /* secp192k1 (18) */ -- 0, 19, /* secp192r1 (19) */ -- 0, 15, /* secp160k1 (15) */ -- 0, 16, /* secp160r1 (16) */ -- 0, 17, /* secp160r2 (17) */ - # ifndef OPENSSL_NO_EC2M - 0, 8, /* sect239k1 (8) */ - 0, 6, /* sect233k1 (6) */ -@@ -348,29 +333,21 @@ static const unsigned char fips_curves_d - 0, 9, /* sect283k1 (9) */ - 0, 10, /* sect283r1 (10) */ - # endif -- 0, 22, /* secp256k1 (22) */ - 0, 23, /* secp256r1 (23) */ - # ifndef OPENSSL_NO_EC2M - 0, 8, /* sect239k1 (8) */ - 0, 6, /* sect233k1 (6) */ - 0, 7, /* sect233r1 (7) */ - # endif -- 0, 20, /* secp224k1 (20) */ -- 0, 21, /* secp224r1 (21) */ - # ifndef OPENSSL_NO_EC2M - 0, 4, /* sect193r1 (4) */ - 0, 5, /* sect193r2 (5) */ - # endif -- 0, 18, /* secp192k1 (18) */ -- 0, 19, /* secp192r1 (19) */ - # ifndef OPENSSL_NO_EC2M - 0, 1, /* sect163k1 (1) */ - 0, 2, /* sect163r1 (2) */ - 0, 3, /* sect163r2 (3) */ - # endif -- 0, 15, /* secp160k1 (15) */ -- 0, 16, /* secp160r1 (16) */ -- 0, 17, /* secp160r2 (17) */ - }; - # endif - diff --git a/openssl-1.0.2d-secp256k1.patch b/openssl-1.0.2d-secp256k1.patch deleted file mode 100644 index 4c94133..0000000 --- a/openssl-1.0.2d-secp256k1.patch +++ /dev/null @@ -1,82 +0,0 @@ -diff -up openssl-1.0.2d/crypto/ec/ec_curve.c.secp256k1 openssl-1.0.2d/crypto/ec/ec_curve.c ---- openssl-1.0.2d/crypto/ec/ec_curve.c.secp256k1 2015-08-12 14:55:15.203415420 -0400 -+++ openssl-1.0.2d/crypto/ec/ec_curve.c 2015-08-12 15:07:12.659113262 -0400 -@@ -86,6 +86,42 @@ typedef struct { - unsigned int cofactor; /* promoted to BN_ULONG */ - } EC_CURVE_DATA; - -+static const struct { -+ EC_CURVE_DATA h; -+ unsigned char data[0 + 32 * 6]; -+} _EC_SECG_PRIME_256K1 = { -+ { -+ NID_X9_62_prime_field, 0, 32, 1 -+ }, -+ { -+ /* no seed */ -+ /* p */ -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F, -+ /* a */ -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ /* b */ -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, -+ /* x */ -+ 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, -+ 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, -+ 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, -+ /* y */ -+ 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc, -+ 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, -+ 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, -+ /* order */ -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, -+ 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41 -+ } -+}; -+ - /* the nist prime curves */ - static const struct { - EC_CURVE_DATA h; -@@ -235,6 +271,8 @@ typedef struct _ec_list_element_st { - static const ec_list_element curve_list[] = { - /* prime field curves */ - /* secg curves */ -+ {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, -+ "SECG curve over a 256 bit prime field"}, - /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ - {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, - "NIST/SECG curve over a 384 bit prime field"}, -diff -up openssl-1.0.2d/ssl/t1_lib.c.secp256k1 openssl-1.0.2d/ssl/t1_lib.c ---- openssl-1.0.2d/ssl/t1_lib.c.secp256k1 2015-08-12 15:04:42.876925441 -0400 -+++ openssl-1.0.2d/ssl/t1_lib.c 2015-08-12 15:04:47.837699822 -0400 -@@ -269,6 +269,7 @@ static const unsigned char eccurves_auto - /* Other >= 256-bit prime curves. */ - 0, 25, /* secp521r1 (25) */ - 0, 24, /* secp384r1 (24) */ -+ 0, 22, /* secp256k1 (22) */ - # ifndef OPENSSL_NO_EC2M - /* >= 256-bit binary curves. */ - 0, 14, /* sect571r1 (14) */ -@@ -286,6 +287,7 @@ static const unsigned char eccurves_all[ - /* Other >= 256-bit prime curves. */ - 0, 25, /* secp521r1 (25) */ - 0, 24, /* secp384r1 (24) */ -+ 0, 22, /* secp256k1 (22) */ - # ifndef OPENSSL_NO_EC2M - /* >= 256-bit binary curves. */ - 0, 14, /* sect571r1 (14) */ -@@ -333,6 +335,7 @@ static const unsigned char fips_curves_d - 0, 9, /* sect283k1 (9) */ - 0, 10, /* sect283r1 (10) */ - # endif -+ 0, 22, /* secp256k1 (22) */ - 0, 23, /* secp256r1 (23) */ - # ifndef OPENSSL_NO_EC2M - 0, 8, /* sect239k1 (8) */ diff --git a/openssl-1.0.2e-remove-nistp224.patch b/openssl-1.0.2e-remove-nistp224.patch deleted file mode 100644 index 22b99c1..0000000 --- a/openssl-1.0.2e-remove-nistp224.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up openssl-1.0.2e/crypto/ec/ec.h.nistp224 openssl-1.0.2e/crypto/ec/ec.h ---- openssl-1.0.2e/crypto/ec/ec.h.nistp224 2015-12-04 14:00:57.000000000 +0100 -+++ openssl-1.0.2e/crypto/ec/ec.h 2015-12-08 15:51:37.046747916 +0100 -@@ -149,11 +149,6 @@ const EC_METHOD *EC_GFp_mont_method(void - const EC_METHOD *EC_GFp_nist_method(void); - - # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 --/** Returns 64-bit optimized methods for nistp224 -- * \return EC_METHOD object -- */ --const EC_METHOD *EC_GFp_nistp224_method(void); -- - /** Returns 64-bit optimized methods for nistp256 - * \return EC_METHOD object - */ diff --git a/openssl-1.0.2e-rpmbuild.patch b/openssl-1.0.2e-rpmbuild.patch deleted file mode 100644 index db1460c..0000000 --- a/openssl-1.0.2e-rpmbuild.patch +++ /dev/null @@ -1,115 +0,0 @@ -diff -up openssl-1.0.2e/Configure.rpmbuild openssl-1.0.2e/Configure ---- openssl-1.0.2e/Configure.rpmbuild 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/Configure 2015-12-04 13:20:22.996835604 +0100 -@@ -365,8 +365,8 @@ my %table=( - #### - # *-generic* is endian-neutral target, but ./config is free to - # throw in -D[BL]_ENDIAN, whichever appropriate... --"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-generic32","gcc:-Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", -+"linux-ppc", "gcc:-DB_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", - - ####################################################################### - # Note that -march is not among compiler options in below linux-armv4 -@@ -395,31 +395,31 @@ my %table=( - # - # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 - # --"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-armv4", "gcc:-Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", -+"linux-aarch64","gcc:-DL_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", - # Configure script adds minimally required -march for assembly support, - # if no -march was specified at command line. mips32 and mips64 below - # refer to contemporary MIPS Architecture specifications, MIPS32 and - # MIPS64, rather than to kernel bitness. --"linux-mips32", "gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", --"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux-mips32", "gcc:-mabi=32 -Wall \$(RPM_OPT_FLAGS) -DBN_DIV3W::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", -+"linux-mips64", "gcc:-mabi=n32 -Wall \$(RPM_OPT_FLAGS) -DBN_DIV3W::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::32", -+"linux64-mips64", "gcc:-mabi=64 -Wall \$(RPM_OPT_FLAGS) -DBN_DIV3W::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", - #### IA-32 targets... - "linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-elf", "gcc:-DL_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", - "linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", - #### --"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", --"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", --"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-generic64","gcc:-Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", -+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", -+"linux-ppc64le","gcc:-m64 -DL_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", -+"linux-ia64", "gcc:-DL_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", - "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", - "linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - "debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - "linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - "linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", --"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux64-s390x", "gcc:-m64 -DB_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", - #### So called "highgprs" target for z/Architecture CPUs - # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see - # /proc/cpuinfo. The idea is to preserve most significant bits of -@@ -437,12 +437,12 @@ my %table=( - #### SPARC Linux setups - # Ray Miller has patiently - # assisted with debugging of following two configs. --"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", - # it's a real mess with -mcpu=ultrasparc option under Linux, but - # -Wa,-Av8plus should do the trick no matter what. --"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -Wall \$(RPM_OPT_FLAGS) -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)", - # GCC 3.1 is a requirement --"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64", - #### Alpha Linux with GNU C and Compaq C setups - # Special notes: - # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you -@@ -1767,7 +1767,7 @@ while () - elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) - { - my $sotmp = $1; -- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; -+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/; - } - elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) - { -diff -up openssl-1.0.2e/Makefile.org.rpmbuild openssl-1.0.2e/Makefile.org ---- openssl-1.0.2e/Makefile.org.rpmbuild 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/Makefile.org 2015-12-04 13:18:44.913538616 +0100 -@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY= - SHLIB_MAJOR= - SHLIB_MINOR= - SHLIB_EXT= -+SHLIB_SONAMEVER=10 - PLATFORM=dist - OPTIONS= - CONFIGURE_ARGS= -@@ -341,10 +342,9 @@ clean-shared: - link-shared: - @ set -e; for i in $(SHLIBDIRS); do \ - $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ -- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ -+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ - LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ - symlink.$(SHLIB_TARGET); \ -- libs="$$libs -l$$i"; \ - done - - build-shared: do_$(SHLIB_TARGET) link-shared -@@ -355,7 +355,7 @@ do_$(SHLIB_TARGET): - libs="$(LIBKRB5) $$libs"; \ - fi; \ - $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ -- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ -+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ - LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ - LIBDEPS="$$libs $(EX_LIBS)" \ - link_a.$(SHLIB_TARGET); \ diff --git a/openssl-1.0.2e-speed-doc.patch b/openssl-1.0.2e-speed-doc.patch deleted file mode 100644 index 8e3d95b..0000000 --- a/openssl-1.0.2e-speed-doc.patch +++ /dev/null @@ -1,58 +0,0 @@ -diff -up openssl-1.0.2e/apps/speed.c.speed-doc openssl-1.0.2e/apps/speed.c ---- openssl-1.0.2e/apps/speed.c.speed-doc 2015-12-04 14:00:58.000000000 +0100 -+++ openssl-1.0.2e/apps/speed.c 2016-01-15 14:15:56.482343557 +0100 -@@ -648,10 +648,6 @@ int MAIN(int argc, char **argv) - # endif - int multiblock = 0; - --# ifndef TIMES -- usertime = -1; --# endif -- - apps_startup(); - memset(results, 0, sizeof(results)); - # ifndef OPENSSL_NO_DSA -@@ -1145,10 +1141,8 @@ int MAIN(int argc, char **argv) - - BIO_printf(bio_err, "\n"); - BIO_printf(bio_err, "Available options:\n"); --# if defined(TIMES) || defined(USE_TOD) - BIO_printf(bio_err, "-elapsed " - "measure time in real time instead of CPU user time.\n"); --# endif - # ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err, - "-engine e " -diff -up openssl-1.0.2e/doc/apps/speed.pod.speed-doc openssl-1.0.2e/doc/apps/speed.pod ---- openssl-1.0.2e/doc/apps/speed.pod.speed-doc 2015-12-03 14:42:07.000000000 +0100 -+++ openssl-1.0.2e/doc/apps/speed.pod 2016-01-15 14:05:23.044222376 +0100 -@@ -8,6 +8,9 @@ speed - test library performance - - B - [B<-engine id>] -+[B<-elapsed>] -+[B<-evp algo>] -+[B<-decrypt>] - [B] - [B] - [B] -@@ -49,6 +52,19 @@ to attempt to obtain a functional refere - thus initialising it if needed. The engine will then be set as the default - for all available algorithms. - -+=item B<-elapsed> -+ -+Measure time in real time instead of CPU time. It can be useful when testing -+speed of hardware engines. -+ -+=item B<-evp algo> -+ -+Use the specified cipher or message digest algorithm via the EVP interface. -+ -+=item B<-decrypt> -+ -+Time the decryption instead of encryption. Affects only the EVP testing. -+ - =item B<[zero or more test algorithms]> - - If any options are given, B tests those algorithms, otherwise all of diff --git a/openssl-1.0.2e-wrap-pad.patch b/openssl-1.0.2e-wrap-pad.patch deleted file mode 100644 index fad043c..0000000 --- a/openssl-1.0.2e-wrap-pad.patch +++ /dev/null @@ -1,541 +0,0 @@ -diff -up openssl-1.0.2e/crypto/evp/c_allc.c.wrap openssl-1.0.2e/crypto/evp/c_allc.c ---- openssl-1.0.2e/crypto/evp/c_allc.c.wrap 2015-12-04 13:33:42.118550036 +0100 -+++ openssl-1.0.2e/crypto/evp/c_allc.c 2015-12-04 13:33:42.190551722 +0100 -@@ -179,6 +179,7 @@ void OpenSSL_add_all_ciphers(void) - EVP_add_cipher(EVP_aes_128_xts()); - EVP_add_cipher(EVP_aes_128_ccm()); - EVP_add_cipher(EVP_aes_128_wrap()); -+ EVP_add_cipher(EVP_aes_128_wrap_pad()); - EVP_add_cipher_alias(SN_aes_128_cbc, "AES128"); - EVP_add_cipher_alias(SN_aes_128_cbc, "aes128"); - EVP_add_cipher(EVP_aes_192_ecb()); -@@ -191,6 +192,7 @@ void OpenSSL_add_all_ciphers(void) - EVP_add_cipher(EVP_aes_192_gcm()); - EVP_add_cipher(EVP_aes_192_ccm()); - EVP_add_cipher(EVP_aes_192_wrap()); -+ EVP_add_cipher(EVP_aes_192_wrap_pad()); - EVP_add_cipher_alias(SN_aes_192_cbc, "AES192"); - EVP_add_cipher_alias(SN_aes_192_cbc, "aes192"); - EVP_add_cipher(EVP_aes_256_ecb()); -@@ -204,6 +206,7 @@ void OpenSSL_add_all_ciphers(void) - EVP_add_cipher(EVP_aes_256_xts()); - EVP_add_cipher(EVP_aes_256_ccm()); - EVP_add_cipher(EVP_aes_256_wrap()); -+ EVP_add_cipher(EVP_aes_256_wrap_pad()); - EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); - EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); - # if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -@@ -258,6 +261,7 @@ void OpenSSL_add_all_ciphers(void) - - EVP_add_cipher(EVP_des_ede()); - EVP_add_cipher(EVP_des_ede3()); -+ EVP_add_cipher(EVP_des_ede3_wrap()); - # endif - - # ifndef OPENSSL_NO_AES -@@ -272,6 +276,7 @@ void OpenSSL_add_all_ciphers(void) - EVP_add_cipher(EVP_aes_128_xts()); - EVP_add_cipher(EVP_aes_128_ccm()); - EVP_add_cipher(EVP_aes_128_wrap()); -+ EVP_add_cipher(EVP_aes_128_wrap_pad()); - EVP_add_cipher_alias(SN_aes_128_cbc, "AES128"); - EVP_add_cipher_alias(SN_aes_128_cbc, "aes128"); - EVP_add_cipher(EVP_aes_192_ecb()); -@@ -284,6 +289,7 @@ void OpenSSL_add_all_ciphers(void) - EVP_add_cipher(EVP_aes_192_gcm()); - EVP_add_cipher(EVP_aes_192_ccm()); - EVP_add_cipher(EVP_aes_192_wrap()); -+ EVP_add_cipher(EVP_aes_192_wrap_pad()); - EVP_add_cipher_alias(SN_aes_192_cbc, "AES192"); - EVP_add_cipher_alias(SN_aes_192_cbc, "aes192"); - EVP_add_cipher(EVP_aes_256_ecb()); -@@ -297,6 +303,7 @@ void OpenSSL_add_all_ciphers(void) - EVP_add_cipher(EVP_aes_256_xts()); - EVP_add_cipher(EVP_aes_256_ccm()); - EVP_add_cipher(EVP_aes_256_wrap()); -+ EVP_add_cipher(EVP_aes_256_wrap_pad()); - EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); - EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); - # endif -diff -up openssl-1.0.2e/crypto/evp/e_aes.c.wrap openssl-1.0.2e/crypto/evp/e_aes.c ---- openssl-1.0.2e/crypto/evp/e_aes.c.wrap 2015-12-04 13:33:42.119550059 +0100 -+++ openssl-1.0.2e/crypto/evp/e_aes.c 2015-12-04 13:33:42.190551722 +0100 -@@ -1,5 +1,5 @@ - /* ==================================================================== -- * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. -+ * Copyright (c) 2001-2014 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions -@@ -1953,7 +1953,7 @@ static int aes_wrap_init_key(EVP_CIPHER_ - wctx->iv = NULL; - } - if (iv) { -- memcpy(ctx->iv, iv, 8); -+ memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); - wctx->iv = ctx->iv; - } - return 1; -@@ -1964,30 +1964,57 @@ static int aes_wrap_cipher(EVP_CIPHER_CT - { - EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; - size_t rv; -+ /* AES wrap with padding has IV length of 4, without padding 8 */ -+ int pad = EVP_CIPHER_CTX_iv_length(ctx) == 4; -+ /* No final operation so always return zero length */ - if (!in) - return 0; -- if (inlen % 8) -+ /* Input length must always be non-zero */ -+ if (!inlen) - return -1; -- if (ctx->encrypt && inlen < 8) -+ /* If decrypting need at least 16 bytes and multiple of 8 */ -+ if (!ctx->encrypt && (inlen < 16 || inlen & 0x7)) - return -1; -- if (!ctx->encrypt && inlen < 16) -+ /* If not padding input must be multiple of 8 */ -+ if (!pad && inlen & 0x7) - return -1; - if (!out) { -- if (ctx->encrypt) -+ if (ctx->encrypt) { -+ /* If padding round up to multiple of 8 */ -+ if (pad) -+ inlen = (inlen + 7) / 8 * 8; -+ /* 8 byte prefix */ - return inlen + 8; -- else -+ } else { -+ /* If not padding output will be exactly 8 bytes -+ * smaller than input. If padding it will be at -+ * least 8 bytes smaller but we don't know how -+ * much. -+ */ - return inlen - 8; - } -+ } -+ if (pad) { - if (ctx->encrypt) -- rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, out, in, inlen, -+ rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv, -+ out, in, inlen, - (block128_f) AES_encrypt); - else -- rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, out, in, inlen, -+ rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv, -+ out, in, inlen, - (block128_f) AES_decrypt); -+ } else { -+ if (ctx->encrypt) -+ rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, -+ out, in, inlen, (block128_f) AES_encrypt); -+ else -+ rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, -+ out, in, inlen, (block128_f) AES_decrypt); -+ } - return rv ? (int)rv : -1; - } - --#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE \ -+# define WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_FLAG_FIPS \ - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) - -@@ -2032,3 +2059,45 @@ const EVP_CIPHER *EVP_aes_256_wrap(void) - { - return &aes_256_wrap; - } -+ -+static const EVP_CIPHER aes_128_wrap_pad = { -+ NID_id_aes128_wrap_pad, -+ 8, 16, 4, WRAP_FLAGS, -+ aes_wrap_init_key, aes_wrap_cipher, -+ NULL, -+ sizeof(EVP_AES_WRAP_CTX), -+ NULL, NULL, NULL, NULL -+}; -+ -+const EVP_CIPHER *EVP_aes_128_wrap_pad(void) -+{ -+ return &aes_128_wrap_pad; -+} -+ -+static const EVP_CIPHER aes_192_wrap_pad = { -+ NID_id_aes192_wrap_pad, -+ 8, 24, 4, WRAP_FLAGS, -+ aes_wrap_init_key, aes_wrap_cipher, -+ NULL, -+ sizeof(EVP_AES_WRAP_CTX), -+ NULL, NULL, NULL, NULL -+}; -+ -+const EVP_CIPHER *EVP_aes_192_wrap_pad(void) -+{ -+ return &aes_192_wrap_pad; -+} -+ -+static const EVP_CIPHER aes_256_wrap_pad = { -+ NID_id_aes256_wrap_pad, -+ 8, 32, 4, WRAP_FLAGS, -+ aes_wrap_init_key, aes_wrap_cipher, -+ NULL, -+ sizeof(EVP_AES_WRAP_CTX), -+ NULL, NULL, NULL, NULL -+}; -+ -+const EVP_CIPHER *EVP_aes_256_wrap_pad(void) -+{ -+ return &aes_256_wrap_pad; -+} -diff -up openssl-1.0.2e/crypto/evp/e_des3.c.wrap openssl-1.0.2e/crypto/evp/e_des3.c ---- openssl-1.0.2e/crypto/evp/e_des3.c.wrap 2015-12-04 13:33:42.119550059 +0100 -+++ openssl-1.0.2e/crypto/evp/e_des3.c 2015-12-04 13:33:42.191551745 +0100 -@@ -474,7 +474,7 @@ static const EVP_CIPHER des3_wrap = { - NID_id_smime_alg_CMS3DESwrap, - 8, 24, 0, - EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER -- | EVP_CIPH_FLAG_DEFAULT_ASN1, -+ | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_FIPS, - des_ede3_init_key, des_ede3_wrap_cipher, - NULL, - sizeof(DES_EDE_KEY), -diff -up openssl-1.0.2e/crypto/evp/evp.h.wrap openssl-1.0.2e/crypto/evp/evp.h ---- openssl-1.0.2e/crypto/evp/evp.h.wrap 2015-12-04 13:33:42.120550083 +0100 -+++ openssl-1.0.2e/crypto/evp/evp.h 2015-12-04 13:33:42.191551745 +0100 -@@ -834,6 +834,7 @@ const EVP_CIPHER *EVP_aes_128_ccm(void); - const EVP_CIPHER *EVP_aes_128_gcm(void); - const EVP_CIPHER *EVP_aes_128_xts(void); - const EVP_CIPHER *EVP_aes_128_wrap(void); -+const EVP_CIPHER *EVP_aes_128_wrap_pad(void); - const EVP_CIPHER *EVP_aes_192_ecb(void); - const EVP_CIPHER *EVP_aes_192_cbc(void); - const EVP_CIPHER *EVP_aes_192_cfb1(void); -@@ -845,6 +846,7 @@ const EVP_CIPHER *EVP_aes_192_ctr(void); - const EVP_CIPHER *EVP_aes_192_ccm(void); - const EVP_CIPHER *EVP_aes_192_gcm(void); - const EVP_CIPHER *EVP_aes_192_wrap(void); -+const EVP_CIPHER *EVP_aes_192_wrap_pad(void); - const EVP_CIPHER *EVP_aes_256_ecb(void); - const EVP_CIPHER *EVP_aes_256_cbc(void); - const EVP_CIPHER *EVP_aes_256_cfb1(void); -@@ -857,6 +859,7 @@ const EVP_CIPHER *EVP_aes_256_ccm(void); - const EVP_CIPHER *EVP_aes_256_gcm(void); - const EVP_CIPHER *EVP_aes_256_xts(void); - const EVP_CIPHER *EVP_aes_256_wrap(void); -+const EVP_CIPHER *EVP_aes_256_wrap_pad(void); - # if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) - const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); - const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); -diff -up openssl-1.0.2e/crypto/evp/evptests.txt.wrap openssl-1.0.2e/crypto/evp/evptests.txt ---- openssl-1.0.2e/crypto/evp/evptests.txt.wrap 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/evp/evptests.txt 2015-12-04 13:33:42.191551745 +0100 -@@ -399,3 +399,7 @@ id-aes256-wrap:000102030405060708090A0B0 - id-aes192-wrap:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF0001020304050607:031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2 - id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF0001020304050607:A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1 - id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F:28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21 -+# AES wrap tests from RFC5649 -+id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::c37b7e6492584340bed12207808941155068f738:138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a -+id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::466f7250617369:afbeb0f07dfbf5419200f2ccb50bb24f -+ -diff -up openssl-1.0.2e/crypto/modes/modes.h.wrap openssl-1.0.2e/crypto/modes/modes.h ---- openssl-1.0.2e/crypto/modes/modes.h.wrap 2015-12-04 13:33:41.770541886 +0100 -+++ openssl-1.0.2e/crypto/modes/modes.h 2015-12-04 13:33:42.191551745 +0100 -@@ -157,6 +157,12 @@ size_t CRYPTO_128_unwrap(void *key, cons - unsigned char *out, - const unsigned char *in, size_t inlen, - block128_f block); -+size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, -+ unsigned char *out, const unsigned char *in, -+ size_t inlen, block128_f block); -+size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, -+ unsigned char *out, const unsigned char *in, -+ size_t inlen, block128_f block); - - #ifdef __cplusplus - } -diff -up openssl-1.0.2e/crypto/modes/wrap128.c.wrap openssl-1.0.2e/crypto/modes/wrap128.c ---- openssl-1.0.2e/crypto/modes/wrap128.c.wrap 2015-12-03 15:04:23.000000000 +0100 -+++ openssl-1.0.2e/crypto/modes/wrap128.c 2015-12-04 13:37:51.486366984 +0100 -@@ -2,6 +2,7 @@ - /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. -+ * Mode with padding contributed by Petr Spacek (pspacek@redhat.com). - */ - /* ==================================================================== - * Copyright (c) 2013 The OpenSSL Project. All rights reserved. -@@ -52,19 +53,44 @@ - * ==================================================================== - */ - -+/** Beware! -+ * -+ * Following wrapping modes were designed for AES but this implementation -+ * allows you to use them for any 128 bit block cipher. -+ */ -+ - #include "cryptlib.h" - #include - -+/** RFC 3394 section 2.2.3.1 Default Initial Value */ - static const unsigned char default_iv[] = { - 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, - }; - --/* -- * Input size limit: lower than maximum of standards but far larger than -+/** RFC 5649 section 3 Alternative Initial Value 32-bit constant */ -+static const unsigned char default_aiv[] = { -+ 0xA6, 0x59, 0x59, 0xA6 -+}; -+ -+/** Input size limit: lower than maximum of standards but far larger than - * anything that will be used in practice. - */ - #define CRYPTO128_WRAP_MAX (1UL << 31) - -+/** Wrapping according to RFC 3394 section 2.2.1. -+ * -+ * @param[in] key Key value. -+ * @param[in] iv IV value. Length = 8 bytes. NULL = use default_iv. -+ * @param[in] in Plain text as n 64-bit blocks, n >= 2. -+ * @param[in] inlen Length of in. -+ * @param[out] out Cipher text. Minimal buffer length = (inlen + 8) bytes. -+ * Input and output buffers can overlap if block function -+ * supports that. -+ * @param[in] block Block processing function. -+ * @return 0 if inlen does not consist of n 64-bit blocks, n >= 2. -+ * or if inlen > CRYPTO128_WRAP_MAX. -+ * Output length if wrapping succeeded. -+ */ - size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, size_t inlen, -@@ -72,7 +98,7 @@ size_t CRYPTO_128_wrap(void *key, const - { - unsigned char *A, B[16], *R; - size_t i, j, t; -- if ((inlen & 0x7) || (inlen < 8) || (inlen > CRYPTO128_WRAP_MAX)) -+ if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX)) - return 0; - A = B; - t = 1; -@@ -100,7 +126,23 @@ size_t CRYPTO_128_wrap(void *key, const - return inlen + 8; - } - --size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, -+/** Unwrapping according to RFC 3394 section 2.2.2 steps 1-2. -+ * IV check (step 3) is responsibility of the caller. -+ * -+ * @param[in] key Key value. -+ * @param[out] iv Unchecked IV value. Minimal buffer length = 8 bytes. -+ * @param[out] out Plain text without IV. -+ * Minimal buffer length = (inlen - 8) bytes. -+ * Input and output buffers can overlap if block function -+ * supports that. -+ * @param[in] in Ciphertext text as n 64-bit blocks -+ * @param[in] inlen Length of in. -+ * @param[in] block Block processing function. -+ * @return 0 if inlen is out of range [24, CRYPTO128_WRAP_MAX] -+ * or if inlen is not multiply of 8. -+ * Output length otherwise. -+ */ -+static size_t crypto_128_unwrap_raw(void *key, unsigned char *iv, - unsigned char *out, - const unsigned char *in, size_t inlen, - block128_f block) -@@ -128,11 +170,190 @@ size_t CRYPTO_128_unwrap(void *key, cons - memcpy(R, B + 8, 8); - } - } -+ memcpy(iv, A, 8); -+ return inlen; -+} -+ -+/** Unwrapping according to RFC 3394 section 2.2.2 including IV check. -+ * First block of plain text have to match supplied IV otherwise an error is -+ * returned. -+ * -+ * @param[in] key Key value. -+ * @param[out] iv Unchecked IV value. Minimal buffer length = 8 bytes. -+ * @param[out] out Plain text without IV. -+ * Minimal buffer length = (inlen - 8) bytes. -+ * Input and output buffers can overlap if block function -+ * supports that. -+ * @param[in] in Ciphertext text as n 64-bit blocks -+ * @param[in] inlen Length of in. -+ * @param[in] block Block processing function. -+ * @return 0 if inlen is out of range [24, CRYPTO128_WRAP_MAX] -+ * or if inlen is not multiply of 8 -+ * or if IV doesn't match expected value. -+ * Output length otherwise. -+ */ -+size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, -+ unsigned char *out, const unsigned char *in, -+ size_t inlen, block128_f block) -+{ -+ size_t ret; -+ unsigned char got_iv[8]; -+ -+ ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block); -+ if (ret == 0) -+ return 0; -+ - if (!iv) - iv = default_iv; -- if (memcmp(A, iv, 8)) { -+ if (CRYPTO_memcmp(got_iv, iv, 8)) { -+ OPENSSL_cleanse(out, ret); -+ return 0; -+ } -+ return ret; -+} -+ -+/** Wrapping according to RFC 5649 section 4.1. -+ * -+ * @param[in] key Key value. -+ * @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv. -+ * @param[out] out Cipher text. Minimal buffer length = (inlen + 15) bytes. -+ * Input and output buffers can overlap if block function -+ * supports that. -+ * @param[in] in Plain text as n 64-bit blocks, n >= 2. -+ * @param[in] inlen Length of in. -+ * @param[in] block Block processing function. -+ * @return 0 if inlen is out of range [1, CRYPTO128_WRAP_MAX]. -+ * Output length if wrapping succeeded. -+ */ -+size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, -+ unsigned char *out, -+ const unsigned char *in, size_t inlen, -+ block128_f block) -+{ -+ /* n: number of 64-bit blocks in the padded key data */ -+ const size_t blocks_padded = (inlen + 7) / 8; -+ const size_t padded_len = blocks_padded * 8; -+ const size_t padding_len = padded_len - inlen; -+ /* RFC 5649 section 3: Alternative Initial Value */ -+ unsigned char aiv[8]; -+ int ret; -+ -+ /* Section 1: use 32-bit fixed field for plaintext octet length */ -+ if (inlen == 0 || inlen >= CRYPTO128_WRAP_MAX) -+ return 0; -+ -+ /* Section 3: Alternative Initial Value */ -+ if (!icv) -+ memcpy(aiv, default_aiv, 4); -+ else -+ memcpy(aiv, icv, 4); /* Standard doesn't mention this. */ -+ -+ aiv[4] = (inlen >> 24) & 0xFF; -+ aiv[5] = (inlen >> 16) & 0xFF; -+ aiv[6] = (inlen >> 8) & 0xFF; -+ aiv[7] = inlen & 0xFF; -+ -+ if (padded_len == 8) { -+ /* Section 4.1 - special case in step 2: -+ * If the padded plaintext contains exactly eight octets, then -+ * prepend the AIV and encrypt the resulting 128-bit block -+ * using AES in ECB mode. */ -+ memmove(out + 8, in, inlen); -+ memcpy(out, aiv, 8); -+ memset(out + 8 + inlen, 0, padding_len); -+ block(out, out, key); -+ ret = 16; /* AIV + padded input */ -+ } else { -+ memmove(out, in, inlen); -+ memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */ -+ ret = CRYPTO_128_wrap(key, aiv, out, out, padded_len, block); -+ } -+ -+ return ret; -+} -+ -+/** Unwrapping according to RFC 5649 section 4.2. -+ * -+ * @param[in] key Key value. -+ * @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv. -+ * @param[out] out Plain text. Minimal buffer length = inlen bytes. -+ * Input and output buffers can overlap if block function -+ * supports that. -+ * @param[in] in Ciphertext text as n 64-bit blocks -+ * @param[in] inlen Length of in. -+ * @param[in] block Block processing function. -+ * @return 0 if inlen is out of range [16, CRYPTO128_WRAP_MAX], -+ * or if inlen is not multiply of 8 -+ * or if IV and message length indicator doesn't match. -+ * Output length if unwrapping succeeded and IV matches. -+ */ -+size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, -+ unsigned char *out, -+ const unsigned char *in, size_t inlen, -+ block128_f block) -+{ -+ /* n: number of 64-bit blocks in the padded key data */ -+ size_t n = inlen / 8 - 1; -+ size_t padded_len; -+ size_t padding_len; -+ size_t ptext_len; -+ /* RFC 5649 section 3: Alternative Initial Value */ -+ unsigned char aiv[8]; -+ static unsigned char zeros[8] = { 0x0 }; -+ size_t ret; -+ -+ /* Section 4.2: Cipher text length has to be (n+1) 64-bit blocks. */ -+ if ((inlen & 0x7) != 0 || inlen < 16 || inlen >= CRYPTO128_WRAP_MAX) -+ return 0; -+ -+ memmove(out, in, inlen); -+ if (inlen == 16) { -+ /* Section 4.2 - special case in step 1: -+ * When n=1, the ciphertext contains exactly two 64-bit -+ * blocks and they are decrypted as a single AES -+ * block using AES in ECB mode: -+ * AIV | P[1] = DEC(K, C[0] | C[1]) -+ */ -+ block(out, out, key); -+ memcpy(aiv, out, 8); -+ /* Remove AIV */ -+ memmove(out, out + 8, 8); -+ padded_len = 8; -+ } else { -+ padded_len = inlen - 8; -+ ret = crypto_128_unwrap_raw(key, aiv, out, out, inlen, block); -+ if (padded_len != ret) { - OPENSSL_cleanse(out, inlen); - return 0; - } -- return inlen; -+ } -+ -+ /* Section 3: AIV checks: Check that MSB(32,A) = A65959A6. -+ * Optionally a user-supplied value can be used -+ * (even if standard doesn't mention this). */ -+ if ((!icv && CRYPTO_memcmp(aiv, default_aiv, 4)) -+ || (icv && CRYPTO_memcmp(aiv, icv, 4))) { -+ OPENSSL_cleanse(out, inlen); -+ return 0; -+ } -+ -+ /* Check that 8*(n-1) < LSB(32,AIV) <= 8*n. -+ * If so, let ptext_len = LSB(32,AIV). */ -+ -+ ptext_len = (aiv[4] << 24) | (aiv[5] << 16) | (aiv[6] << 8) | aiv[7]; -+ if (8 * (n - 1) >= ptext_len || ptext_len > 8 * n) { -+ OPENSSL_cleanse(out, inlen); -+ return 0; -+ } -+ -+ /* Check that the rightmost padding_len octets of the output data -+ * are zero. */ -+ padding_len = padded_len - ptext_len; -+ if (CRYPTO_memcmp(out + ptext_len, zeros, padding_len) != 0) { -+ OPENSSL_cleanse(out, inlen); -+ return 0; -+ } -+ -+ /* Section 4.2 step 3: Remove padding */ -+ return ptext_len; - } diff --git a/openssl-1.0.2f-new-fips-reqs.patch b/openssl-1.0.2f-new-fips-reqs.patch deleted file mode 100644 index bbad42b..0000000 --- a/openssl-1.0.2f-new-fips-reqs.patch +++ /dev/null @@ -1,1366 +0,0 @@ -diff -up openssl-1.0.2f/crypto/bn/bn_rand.c.fips-reqs openssl-1.0.2f/crypto/bn/bn_rand.c ---- openssl-1.0.2f/crypto/bn/bn_rand.c.fips-reqs 2016-01-28 14:38:30.000000000 +0100 -+++ openssl-1.0.2f/crypto/bn/bn_rand.c 2016-01-28 16:36:22.811387420 +0100 -@@ -141,9 +141,11 @@ static int bnrand(int pseudorand, BIGNUM - goto err; - } - -- /* make a random number and set the top and bottom bits */ -- time(&tim); -- RAND_add(&tim, sizeof(tim), 0.0); -+ if (!FIPS_mode()) { /* in FIPS mode the RNG is always properly seeded or the module fails */ -+ /* make a random number and set the top and bottom bits */ -+ time(&tim); -+ RAND_add(&tim, sizeof(tim), 0.0); -+ } - - if (pseudorand) { - if (RAND_pseudo_bytes(buf, bytes) == -1) -diff -up openssl-1.0.2f/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.2f/crypto/dh/dh_gen.c ---- openssl-1.0.2f/crypto/dh/dh_gen.c.fips-reqs 2016-01-28 16:36:22.767386408 +0100 -+++ openssl-1.0.2f/crypto/dh/dh_gen.c 2016-01-28 16:36:22.811387420 +0100 -@@ -128,7 +128,7 @@ static int dh_builtin_genparams(DH *ret, - return 0; - } - -- if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) { -+ if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN)) { - DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); - goto err; - } -diff -up openssl-1.0.2f/crypto/dh/dh.h.fips-reqs openssl-1.0.2f/crypto/dh/dh.h ---- openssl-1.0.2f/crypto/dh/dh.h.fips-reqs 2016-01-28 16:36:22.767386408 +0100 -+++ openssl-1.0.2f/crypto/dh/dh.h 2016-01-28 16:36:22.812387443 +0100 -@@ -78,6 +78,7 @@ - # endif - - # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 -+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048 - - # define DH_FLAG_CACHE_MONT_P 0x01 - -diff -up openssl-1.0.2f/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.2f/crypto/dsa/dsa_gen.c ---- openssl-1.0.2f/crypto/dsa/dsa_gen.c.fips-reqs 2016-01-28 16:36:22.768386431 +0100 -+++ openssl-1.0.2f/crypto/dsa/dsa_gen.c 2016-01-28 16:36:22.812387443 +0100 -@@ -157,9 +157,11 @@ int dsa_builtin_paramgen(DSA *ret, size_ - } - - if (FIPS_module_mode() && -- (bits != 1024 || qbits != 160) && -- (bits != 2048 || qbits != 224) && -- (bits != 2048 || qbits != 256) && (bits != 3072 || qbits != 256)) { -+ (getenv("OPENSSL_ENFORCE_MODULUS_BITS") || bits != 1024 -+ || qbits != 160) && (bits != 2048 || qbits != 224) && (bits != 2048 -+ || qbits != -+ 256) -+ && (bits != 3072 || qbits != 256)) { - DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_INVALID); - goto err; - } -diff -up openssl-1.0.2f/crypto/dsa/dsa.h.fips-reqs openssl-1.0.2f/crypto/dsa/dsa.h ---- openssl-1.0.2f/crypto/dsa/dsa.h.fips-reqs 2016-01-28 16:36:22.768386431 +0100 -+++ openssl-1.0.2f/crypto/dsa/dsa.h 2016-01-28 16:36:22.812387443 +0100 -@@ -89,6 +89,7 @@ - # endif - - # define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 -+# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN (getenv("OPENSSL_ENFORCE_MODULUS_BITS")?2048:1024) - - # define DSA_FLAG_CACHE_MONT_P 0x01 - /* -@@ -251,9 +252,9 @@ int DSAparams_print_fp(FILE *fp, const D - int DSA_print_fp(FILE *bp, const DSA *x, int off); - # endif - --# define DSS_prime_checks 50 -+# define DSS_prime_checks 64 - /* -- * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of -+ * Primality test according to FIPS PUB 186-4, Appendix 2.1: 64 rounds of - * Rabin-Miller - */ - # define DSA_is_prime(n, callback, cb_arg) \ -diff -up openssl-1.0.2f/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.2f/crypto/dsa/dsa_key.c ---- openssl-1.0.2f/crypto/dsa/dsa_key.c.fips-reqs 2016-01-28 16:36:22.810387397 +0100 -+++ openssl-1.0.2f/crypto/dsa/dsa_key.c 2016-01-28 16:36:22.812387443 +0100 -@@ -125,7 +125,7 @@ static int dsa_builtin_keygen(DSA *dsa) - - # ifdef OPENSSL_FIPS - if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) -- && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) { -+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN)) { - DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL); - goto err; - } -diff -up openssl-1.0.2f/crypto/fips/fips.c.fips-reqs openssl-1.0.2f/crypto/fips/fips.c ---- openssl-1.0.2f/crypto/fips/fips.c.fips-reqs 2016-01-28 16:36:22.810387397 +0100 -+++ openssl-1.0.2f/crypto/fips/fips.c 2016-01-28 16:36:22.813387467 +0100 -@@ -424,26 +424,24 @@ int FIPS_module_mode_set(int onoff, cons - ret = 0; - goto end; - } -- OPENSSL_ia32cap_P[0] |= (1 << 28); /* set "shared cache" */ -- OPENSSL_ia32cap_P[1] &= ~(1 << (60 - 32)); /* clear AVX */ - } - # endif - -- if (!verify_checksums()) { -- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET, -- FIPS_R_FINGERPRINT_DOES_NOT_MATCH); -+ if (!FIPS_selftest()) { - fips_selftest_fail = 1; - ret = 0; - goto end; - } - -- if (FIPS_selftest()) -- fips_set_mode(onoff); -- else { -+ if (!verify_checksums()) { -+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET, -+ FIPS_R_FINGERPRINT_DOES_NOT_MATCH); - fips_selftest_fail = 1; - ret = 0; - goto end; - } -+ -+ fips_set_mode(onoff); - ret = 1; - goto end; - } -diff -up openssl-1.0.2f/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.2f/crypto/fips/fips_dh_selftest.c ---- openssl-1.0.2f/crypto/fips/fips_dh_selftest.c.fips-reqs 2016-01-28 16:36:22.813387467 +0100 -+++ openssl-1.0.2f/crypto/fips/fips_dh_selftest.c 2016-01-28 16:36:22.813387467 +0100 -@@ -0,0 +1,162 @@ -+/* ==================================================================== -+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. -+ * Copyright (c) 2013 Red Hat, Inc. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "fips_locl.h" -+ -+#ifdef OPENSSL_FIPS -+ -+static const unsigned char dh_test_2048_p[] = { -+ 0xAE, 0xEC, 0xEE, 0x22, 0xFA, 0x3A, 0xA5, 0x22, 0xC0, 0xDE, 0x0F, 0x09, -+ 0x7E, 0x17, 0xC0, 0x05, 0xF9, 0xF1, 0xE7, 0xC6, 0x87, 0x14, 0x6D, 0x11, -+ 0xE7, 0xAE, 0xED, 0x2F, 0x72, 0x59, 0xC5, 0xA9, 0x9B, 0xB8, 0x02, 0xA5, -+ 0xF3, 0x69, 0x70, 0xD6, 0xDD, 0x90, 0xF9, 0x19, 0x79, 0xBE, 0x60, 0x8F, -+ 0x25, 0x92, 0x30, 0x1C, 0x51, 0x51, 0x38, 0x26, 0x82, 0x25, 0xE6, 0xFC, -+ 0xED, 0x65, 0x96, 0x8F, 0x57, 0xE5, 0x53, 0x8B, 0x38, 0x63, 0xC7, 0xCE, -+ 0xBC, 0x1B, 0x4D, 0x18, 0x2A, 0x5B, 0x04, 0x3F, 0x6A, 0x3C, 0x94, 0x39, -+ 0xAE, 0x36, 0xD6, 0x5E, 0x0F, 0xA2, 0xCC, 0xD0, 0xD4, 0xD5, 0xC6, 0x1E, -+ 0xF6, 0xA0, 0xF5, 0x89, 0x4E, 0xB4, 0x0B, 0xA4, 0xB3, 0x2B, 0x3D, 0xE2, -+ 0x4E, 0xE1, 0x49, 0x25, 0x99, 0x5F, 0x32, 0x16, 0x33, 0x32, 0x1B, 0x7A, -+ 0xA5, 0x5C, 0x6B, 0x34, 0x0D, 0x39, 0x99, 0xDC, 0xF0, 0x76, 0xE5, 0x5A, -+ 0xD4, 0x71, 0x00, 0xED, 0x5A, 0x73, 0xFB, 0xC8, 0x01, 0xAD, 0x99, 0xCF, -+ 0x99, 0x52, 0x7C, 0x9C, 0x64, 0xC6, 0x76, 0x40, 0x57, 0xAF, 0x59, 0xD7, -+ 0x38, 0x0B, 0x40, 0xDE, 0x33, 0x0D, 0xB8, 0x76, 0xEC, 0xA9, 0xD8, 0x73, -+ 0xF8, 0xEF, 0x26, 0x66, 0x06, 0x27, 0xDD, 0x7C, 0xA4, 0x10, 0x9C, 0xA6, -+ 0xAA, 0xF9, 0x53, 0x62, 0x73, 0x1D, 0xBA, 0x1C, 0xF1, 0x67, 0xF4, 0x35, -+ 0xED, 0x6F, 0x37, 0x92, 0xE8, 0x4F, 0x6C, 0xBA, 0x52, 0x6E, 0xA1, 0xED, -+ 0xDA, 0x9F, 0x85, 0x11, 0x82, 0x52, 0x62, 0x08, 0x44, 0xF1, 0x30, 0x03, -+ 0xC3, 0x38, 0x2C, 0x79, 0xBD, 0xD4, 0x43, 0x45, 0xEE, 0x8E, 0x50, 0xFC, -+ 0x29, 0x46, 0x9A, 0xFE, 0x54, 0x1A, 0x19, 0x8F, 0x4B, 0x84, 0x08, 0xDE, -+ 0x20, 0x62, 0x73, 0xCC, 0xDD, 0x7E, 0xF0, 0xEF, 0xA2, 0xFD, 0x86, 0x58, -+ 0x4B, 0xD8, 0x37, 0xEB -+}; -+ -+static const unsigned char dh_test_2048_g[] = { -+ 0x02 -+}; -+ -+static const unsigned char dh_test_2048_pub_key[] = { -+ 0xA0, 0x39, 0x11, 0x77, 0x9A, 0xC1, 0x30, 0x1F, 0xBE, 0x48, 0xA7, 0xAA, -+ 0xA0, 0x84, 0x54, 0x64, 0xAD, 0x1B, 0x70, 0xFA, 0x13, 0x55, 0x63, 0xD2, -+ 0x1F, 0x62, 0x32, 0x93, 0x8E, 0xC9, 0x3E, 0x09, 0xA7, 0x64, 0xE4, 0x12, -+ 0x6E, 0x1B, 0xF2, 0x92, 0x3B, 0xB9, 0xCB, 0x56, 0xEA, 0x07, 0x88, 0xB5, -+ 0xA6, 0xBC, 0x16, 0x1F, 0x27, 0xFE, 0xD8, 0xAA, 0x40, 0xB2, 0xB0, 0x2D, -+ 0x37, 0x76, 0xA6, 0xA4, 0x82, 0x2C, 0x0E, 0x22, 0x64, 0x9D, 0xCB, 0xD1, -+ 0x00, 0xB7, 0x89, 0x14, 0x72, 0x4E, 0xBE, 0x48, 0x41, 0xF8, 0xB2, 0x51, -+ 0x11, 0x09, 0x4B, 0x22, 0x01, 0x23, 0x39, 0x96, 0xE0, 0x15, 0xD7, 0x9F, -+ 0x60, 0xD1, 0xB7, 0xAE, 0xFE, 0x5F, 0xDB, 0xE7, 0x03, 0x17, 0x97, 0xA6, -+ 0x16, 0x74, 0xBD, 0x53, 0x81, 0x19, 0xC5, 0x47, 0x5E, 0xCE, 0x8D, 0xED, -+ 0x45, 0x5D, 0x3C, 0x00, 0xA0, 0x0A, 0x68, 0x6A, 0xE0, 0x8E, 0x06, 0x46, -+ 0x6F, 0xD7, 0xF9, 0xDF, 0x31, 0x7E, 0x77, 0x44, 0x0D, 0x98, 0xE0, 0xCA, -+ 0x98, 0x09, 0x52, 0x04, 0x90, 0xEA, 0x6D, 0xF4, 0x30, 0x69, 0x8F, 0xB1, -+ 0x9B, 0xC1, 0x43, 0xDB, 0xD5, 0x8D, 0xC8, 0x8E, 0xB6, 0x0B, 0x05, 0xBE, -+ 0x0E, 0xC5, 0x99, 0xC8, 0x6E, 0x4E, 0xF3, 0xCB, 0xC3, 0x5E, 0x9B, 0x53, -+ 0xF7, 0x06, 0x1C, 0x4F, 0xC7, 0xB8, 0x6E, 0x30, 0x18, 0xCA, 0x9B, 0xB9, -+ 0xBC, 0x5F, 0x17, 0x72, 0x29, 0x5A, 0xE5, 0xD9, 0x96, 0xB7, 0x0B, 0xF3, -+ 0x2D, 0x8C, 0xF1, 0xE1, 0x0E, 0x0D, 0x74, 0xD5, 0x9D, 0xF0, 0x06, 0xA9, -+ 0xB4, 0x95, 0x63, 0x76, 0x46, 0x55, 0x48, 0x82, 0x39, 0x90, 0xEF, 0x56, -+ 0x75, 0x34, 0xB8, 0x34, 0xC3, 0x18, 0x6E, 0x1E, 0xAD, 0xE3, 0x48, 0x7E, -+ 0x93, 0x2C, 0x23, 0xE7, 0xF8, 0x90, 0x73, 0xB1, 0x77, 0x80, 0x67, 0xA9, -+ 0x36, 0x9E, 0xDA, 0xD2 -+}; -+ -+static const unsigned char dh_test_2048_priv_key[] = { -+ 0x0C, 0x4B, 0x30, 0x89, 0xD1, 0xB8, 0x62, 0xCB, 0x3C, 0x43, 0x64, 0x91, -+ 0xF0, 0x91, 0x54, 0x70, 0xC5, 0x27, 0x96, 0xE3, 0xAC, 0xBE, 0xE8, 0x00, -+ 0xEC, 0x55, 0xF6, 0xCC -+}; -+ -+int FIPS_selftest_dh() -+{ -+ DH *dh = NULL; -+ int ret = 0; -+ void *pub_key = NULL; -+ int len; -+ -+ dh = DH_new(); -+ -+ if (dh == NULL) -+ goto err; -+ -+ fips_load_key_component(dh, p, dh_test_2048); -+ fips_load_key_component(dh, g, dh_test_2048); -+ /* note that the private key is much shorter than normally used -+ * but still g ** priv_key > p -+ */ -+ fips_load_key_component(dh, priv_key, dh_test_2048); -+ -+ if (DH_generate_key(dh) <= 0) -+ goto err; -+ -+ len = BN_num_bytes(dh->pub_key); -+ if ((pub_key = OPENSSL_malloc(len)) == NULL) -+ goto err; -+ BN_bn2bin(dh->pub_key, pub_key); -+ -+ if (len != sizeof(dh_test_2048_pub_key) || -+ memcmp(pub_key, dh_test_2048_pub_key, len) != 0) -+ goto err; -+ -+ ret = 1; -+ -+ err: -+ if (dh) -+ DH_free(dh); -+ -+ OPENSSL_free(pub_key); -+ return ret; -+} -+#endif -diff -up openssl-1.0.2f/crypto/fips/fips.h.fips-reqs openssl-1.0.2f/crypto/fips/fips.h ---- openssl-1.0.2f/crypto/fips/fips.h.fips-reqs 2016-01-28 16:36:22.806387305 +0100 -+++ openssl-1.0.2f/crypto/fips/fips.h 2016-01-28 16:36:22.813387467 +0100 -@@ -96,6 +96,7 @@ extern "C" { - int FIPS_selftest_dsa(void); - int FIPS_selftest_ecdsa(void); - int FIPS_selftest_ecdh(void); -+ int FIPS_selftest_dh(void); - void FIPS_corrupt_rng(void); - void FIPS_rng_stick(void); - void FIPS_x931_stick(int onoff); -diff -up openssl-1.0.2f/crypto/fips/fips_post.c.fips-reqs openssl-1.0.2f/crypto/fips/fips_post.c ---- openssl-1.0.2f/crypto/fips/fips_post.c.fips-reqs 2016-01-28 16:36:22.803387236 +0100 -+++ openssl-1.0.2f/crypto/fips/fips_post.c 2016-01-28 16:36:22.813387467 +0100 -@@ -99,6 +99,8 @@ int FIPS_selftest(void) - rv = 0; - if (!FIPS_selftest_dsa()) - rv = 0; -+ if (!FIPS_selftest_dh()) -+ rv = 0; - if (!FIPS_selftest_ecdh()) - rv = 0; - return rv; -diff -up openssl-1.0.2f/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.2f/crypto/fips/fips_rsa_selftest.c ---- openssl-1.0.2f/crypto/fips/fips_rsa_selftest.c.fips-reqs 2016-01-28 16:36:22.778386661 +0100 -+++ openssl-1.0.2f/crypto/fips/fips_rsa_selftest.c 2016-01-28 16:36:22.814387489 +0100 -@@ -60,68 +60,107 @@ - #ifdef OPENSSL_FIPS - - static const unsigned char n[] = -- "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" -- "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" -- "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" -- "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" -- "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" -- "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" -- "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" -- "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" "\xCB"; -+ "\x00\xc9\xd5\x6d\x9d\x90\xdb\x43\xd6\x02\xed\x96\x88\x13\x8a" -+ "\xb2\xbf\x6e\xa1\x06\x10\xb2\x78\x37\xa7\x14\xa8\xff\xdd\x00" -+ "\xdd\xb4\x93\xa0\x45\xcc\x96\x90\xed\xad\xa9\xdd\xc4\xd6\xca" -+ "\x0c\xf0\xed\x4f\x72\x5e\x21\x49\x9a\x18\x12\x15\x8f\x90\x5a" -+ "\xdb\xb6\x33\x99\xa3\xe6\xb4\xf0\xc4\x97\x21\x26\xbb\xe3\xba" -+ "\xf2\xff\xa0\x72\xda\x89\x63\x8e\x8b\x3e\x08\x9d\x92\x2a\xbe" -+ "\x16\xe1\x43\x15\xfc\x57\xc7\x1f\x09\x11\x67\x1c\xa9\x96\xd1" -+ "\x8b\x3e\x80\x93\xc1\x59\xd0\x6d\x39\xf2\xac\x95\xcc\x10\x75" -+ "\xe9\x31\x24\xd1\x43\xaf\x68\x52\x4b\xe7\x16\xd7\x49\x65\x6f" -+ "\x26\xc0\x86\xad\xc0\x07\x0a\xc1\xe1\x2f\x87\x85\x86\x3b\xdc" -+ "\x5a\x99\xbe\xe9\xf9\xb9\xe9\x82\x27\x51\x04\x15\xab\x06\x0e" -+ "\x76\x5a\x28\x8d\x92\xbd\xc5\xb5\x7b\xa8\xdf\x4e\x47\xa2\xc1" -+ "\xe7\x52\xbf\x47\xf7\x62\xe0\x3a\x6f\x4d\x6a\x4d\x4e\xd4\xb9" -+ "\x59\x69\xfa\xb2\x14\xc1\xee\xe6\x2f\x95\xcd\x94\x72\xae\xe4" -+ "\xdb\x18\x9a\xc4\xcd\x70\xbd\xee\x31\x16\xb7\x49\x65\xac\x40" -+ "\x19\x0e\xb5\x6d\x83\xf1\x36\xbb\x08\x2f\x2e\x4e\x92\x62\xa4" -+ "\xff\x50\xdb\x20\x45\xa2\xeb\x16\x7a\xf2\xd5\x28\xc1\xfd\x4e" "\x03\x71"; - - static int corrupt_rsa; - - static int setrsakey(RSA *key) - { -- static const unsigned char e[] = "\x11"; -+ static const unsigned char e[] = "\x01\x00\x01"; - - static const unsigned char d[] = -- "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" -- "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" -- "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" -- "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" -- "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" -- "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" -- "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" -- "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" -- "\xC1"; -+ "\x36\x27\x3d\xb1\xf9\x1b\xdb\xa7\xa0\x41\x7f\x12\x23\xac\x23" -+ "\x29\x99\xd5\x3a\x7b\x60\x67\x41\x07\x63\x53\xb4\xd2\xe7\x58" -+ "\x95\x0a\xc7\x05\xf3\x4e\xb2\xb4\x12\xd4\x70\xdc\x4f\x85\x06" -+ "\xd3\xdd\xd8\x63\x27\x3e\x67\x31\x21\x24\x39\x04\xbc\x06\xa4" -+ "\xcc\xce\x2b\x7a\xfe\x7b\xad\xde\x11\x6e\xa3\xa5\xe6\x04\x53" -+ "\x0e\xa3\x4e\x2d\xb4\x8f\x31\xbf\xca\x75\x25\x52\x02\x85\xde" -+ "\x3d\xb2\x72\x43\xb2\x89\x8a\x9a\x34\x41\x26\x3f\x9a\x67\xbe" -+ "\xa4\x96\x7b\x0e\x75\xba\xa6\x93\xd5\xb8\xd8\xb8\x57\xf2\x4b" -+ "\x0f\x14\x81\xd1\x57\x4e\xf6\x45\x4c\xa6\x3b\xd0\x70\xca\xd3" -+ "\x9d\x55\xde\x22\x05\xe7\x8e\x28\x4d\xee\x11\xcf\xb6\x67\x76" -+ "\x09\xd3\xe3\x3c\x13\xf9\x99\x34\x10\x7b\xec\x81\x38\xf0\xb6" -+ "\x34\x9c\x9b\x50\x6f\x0b\x91\x81\x4d\x89\x94\x04\x7b\xf0\x3c" -+ "\xf4\xb1\xb2\x00\x48\x8d\x5a\x8f\x88\x9e\xc5\xab\x3a\x9e\x44" -+ "\x3f\x54\xe7\xd9\x6e\x47\xaa\xa1\xbd\x40\x46\x31\xf9\xf0\x34" -+ "\xb6\x04\xe1\x2b\x5b\x73\x86\xdd\x3a\x92\x1b\x71\xc7\x3f\x32" -+ "\xe5\xc3\xc2\xab\xa1\x7e\xbf\xa4\x52\xa0\xb0\x68\x90\xd1\x20" -+ "\x12\x79\xe9\xd7\xc9\x40\xba\xf2\x19\xc7\xa5\x00\x92\x86\x0d" "\x01"; - - static const unsigned char p[] = -- "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" -- "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" -- "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" -- "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" -- "\x99"; -+ "\x00\xfc\x5c\x6e\x16\xce\x1f\x03\x7b\xcd\xf7\xb3\x72\xb2\x8f" -+ "\x16\x72\xb8\x56\xae\xf7\xcd\x67\xd8\x4e\x7d\x07\xaf\xd5\x43" -+ "\x26\xc3\x35\xbe\x43\x8f\x4e\x2f\x1c\x43\x4e\x6b\xd2\xb2\xec" -+ "\x52\x6d\x97\x52\x2b\xcc\x5c\x3a\x6b\xf4\x14\xc6\x74\xda\x66" -+ "\x38\x1c\x7a\x3f\x84\x2f\xe3\xf9\x5a\xb8\x65\x69\x46\x06\xa3" -+ "\x37\x79\xb2\xa1\x5b\x58\xed\x5e\xa7\x5f\x8c\x65\x66\xbb\xd1" -+ "\x24\x36\xe6\x37\xa7\x3d\x49\x77\x8a\x8c\x34\xd8\x69\x29\xf3" -+ "\x4d\x58\x22\xb0\x51\x24\xb6\x40\xa8\x86\x59\x0a\xb7\xba\x5c" -+ "\x97\xda\x57\xe8\x36\xda\x7a\x9c\xad"; - - static const unsigned char q[] = -- "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" -- "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" -- "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" -- "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" -- "\x03"; -+ "\x00\xcc\xbe\x7b\x09\x69\x06\xee\x45\xbf\x88\x47\x38\xa8\xf8" -+ "\x17\xe5\xb6\xba\x67\x55\xe3\xe8\x05\x8b\xb8\xe2\x53\xd6\x8e" -+ "\xef\x2c\xe7\x4f\x4a\xf7\x4e\x26\x8d\x85\x0b\x3f\xec\xc3\x1c" -+ "\xd4\xeb\xec\x6a\xc8\x72\x2a\x25\x7d\xfd\xa6\x77\x96\xf0\x1e" -+ "\xcd\x28\x57\xf8\x37\x30\x75\x6b\xbd\xd4\x7b\x0c\x87\xc5\x6c" -+ "\x87\x40\xa5\xbb\x27\x2c\x78\xc9\x74\x5a\x54\x5b\x0b\x30\x6f" -+ "\x44\x4a\xfa\x71\xe4\x21\x61\x66\xf9\xee\x65\xde\x7c\x04\xd7" -+ "\xfd\xa9\x15\x5b\x7f\xe2\x7a\xba\x69\x86\x72\xa6\x06\x8d\x9b" -+ "\x90\x55\x60\x9e\x4c\x5d\xa9\xb6\x55"; - - static const unsigned char dmp1[] = -- "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" -- "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" -- "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" -- "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; -+ "\x7a\xd6\x12\xd0\x0e\xec\x91\xa9\x85\x8b\xf8\x50\xf0\x11\x2e" -+ "\x00\x11\x32\x40\x60\x66\x1f\x11\xee\xc2\x75\x27\x65\x4b\x16" -+ "\x67\x16\x95\xd2\x14\xc3\x1d\xb3\x48\x1f\xb7\xe4\x0b\x2b\x74" -+ "\xc3\xdb\x50\x27\xf9\x85\x3a\xfa\xa9\x08\x23\xc1\x65\x3d\x34" -+ "\x3a\xc8\x56\x7a\x65\x45\x36\x6e\xae\x2a\xce\x9f\x43\x43\xd7" -+ "\x10\xe9\x9e\x18\xf4\xa4\x35\xda\x8a\x6b\xb0\x3f\xdd\x53\xe3" -+ "\xa8\xc5\x4e\x79\x9d\x1f\x51\x8c\xa2\xca\x66\x3c\x6a\x2a\xff" -+ "\x8e\xd2\xf3\xb7\xcb\x82\xda\xde\x2c\xe6\xd2\x8c\xb3\xad\xb6" -+ "\x4c\x95\x55\x76\xbd\xc9\xc8\xd1"; - - static const unsigned char dmq1[] = -- "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" -- "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" -- "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" -- "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; -+ "\x00\x83\x23\x1d\xbb\x11\x42\x17\x2b\x25\x5a\x2c\x03\xe6\x75" -+ "\xc1\x18\xa8\xc9\x0b\x96\xbf\xba\xc4\x92\x91\x80\xa5\x22\x2f" -+ "\xba\x91\x90\x36\x01\x56\x15\x00\x2c\x74\xa2\x97\xf7\x15\xa1" -+ "\x49\xdf\x32\x35\xd2\xdd\x0c\x91\xa6\xf8\xe7\xbe\x81\x36\x9b" -+ "\x03\xdc\x6b\x3b\xd8\x5d\x79\x57\xe0\xe6\x4f\x49\xdf\x4c\x5c" -+ "\x0e\xe5\x21\x41\x95\xfd\xad\xff\x9a\x3e\xa0\xf9\x0f\x59\x9e" -+ "\x6a\xa7\x7b\x71\xa7\x24\x9a\x36\x52\xae\x97\x20\xc1\x5e\x78" -+ "\xd9\x47\x8b\x1e\x67\xf2\xaf\x98\xe6\x2d\xef\x10\xd7\xf1\xab" -+ "\x49\xee\xe5\x4b\x7e\xae\x1f\x1d\x61"; - - static const unsigned char iqmp[] = -- "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" -- "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" -- "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" -- "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" -- "\xF7"; -+ "\x23\x96\xc1\x91\x17\x5e\x0a\x83\xd2\xdc\x7b\x69\xb2\x59\x1d" -+ "\x33\x58\x52\x3f\x18\xc7\x09\x50\x1c\xb9\xa1\xbb\x4c\xa2\x38" -+ "\x40\x4c\x9a\x8e\xfe\x9c\x90\x92\xd0\x71\x9f\x89\x99\x50\x91" -+ "\x1f\x34\x8b\x74\x53\x11\x11\x4a\x70\xe2\xf7\x30\xd8\x8c\x80" -+ "\xe1\xcc\x9f\xf1\x63\x17\x1a\x7d\x67\x29\x4c\xcb\x4e\x74\x7b" -+ "\xe0\x3e\x9e\x2f\xf4\x67\x8f\xec\xb9\x5c\x00\x1e\x7e\xa2\x7b" -+ "\x92\xc9\x6f\x4c\xe4\x0e\xf9\x48\x63\xcd\x50\x22\x5d\xbf\xb6" -+ "\x9d\x01\x33\x6a\xf4\x50\xbe\x86\x98\x4f\xca\x3f\x3a\xfa\xcf" -+ "\x07\x40\xc4\xaa\xad\xae\xbe\xbf"; - - key->n = BN_bin2bn(n, sizeof(n) - 1, key->n); - if (corrupt_rsa) -- BN_set_bit(key->n, 1024); -+ BN_set_bit(key->n, 2048); - key->e = BN_bin2bn(e, sizeof(e) - 1, key->e); - key->d = BN_bin2bn(d, sizeof(d) - 1, key->d); - key->p = BN_bin2bn(p, sizeof(p) - 1, key->p); -@@ -145,200 +184,292 @@ static const unsigned char kat_tbs[] = - "OpenSSL FIPS 140-2 Public Key RSA KAT"; - - static const unsigned char kat_RSA_PSS_SHA1[] = { -- 0x2D, 0xAF, 0x6E, 0xC2, 0x98, 0xFB, 0x8A, 0xA1, 0xB9, 0x46, 0xDA, 0x0F, -- 0x01, 0x1E, 0x37, 0x93, 0xC2, 0x55, 0x27, 0xE4, 0x1D, 0xD2, 0x90, 0xBB, -- 0xF4, 0xBF, 0x4A, 0x74, 0x39, 0x51, 0xBB, 0xE8, 0x0C, 0xB7, 0xF8, 0xD3, -- 0xD1, 0xDF, 0xE7, 0xBE, 0x80, 0x05, 0xC3, 0xB5, 0xC7, 0x83, 0xD5, 0x4C, -- 0x7F, 0x49, 0xFB, 0x3F, 0x29, 0x9B, 0xE1, 0x12, 0x51, 0x60, 0xD0, 0xA7, -- 0x0D, 0xA9, 0x28, 0x56, 0x73, 0xD9, 0x07, 0xE3, 0x5E, 0x3F, 0x9B, 0xF5, -- 0xB6, 0xF3, 0xF2, 0x5E, 0x74, 0xC9, 0x83, 0x81, 0x47, 0xF0, 0xC5, 0x45, -- 0x0A, 0xE9, 0x8E, 0x38, 0xD7, 0x18, 0xC6, 0x2A, 0x0F, 0xF8, 0xB7, 0x31, -- 0xD6, 0x55, 0xE4, 0x66, 0x78, 0x81, 0xD4, 0xE6, 0xDB, 0x9F, 0xBA, 0xE8, -- 0x23, 0xB5, 0x7F, 0xDC, 0x08, 0xEA, 0xD5, 0x26, 0x1E, 0x20, 0x25, 0x84, -- 0x26, 0xC6, 0x79, 0xC9, 0x9B, 0x3D, 0x7E, 0xA9 -+ 0xC2, 0x80, 0x82, 0x56, 0xD8, 0xA7, 0xB2, 0x9C, 0xF5, 0xD6, 0x3C, 0xE3, -+ 0xBF, 0xE9, 0x3A, 0x53, 0x40, 0xAE, 0xF2, 0xA9, 0x6A, 0x39, 0x49, 0x5B, -+ 0x05, 0x7F, 0x67, 0x38, 0x2E, 0x1D, 0xE1, 0x93, 0x22, 0x65, 0x79, 0x84, -+ 0x68, 0xFA, 0xD8, 0xAF, 0xA1, 0x98, 0x61, 0x6F, 0x44, 0x27, 0xA6, 0x8B, -+ 0xCF, 0x0E, 0x13, 0xA9, 0xCE, 0xD7, 0x6C, 0xD2, 0x38, 0xB5, 0x16, 0xB9, -+ 0x66, 0x94, 0x48, 0xDE, 0x9E, 0x19, 0x3D, 0x6F, 0xB3, 0xA1, 0x9A, 0x19, -+ 0xDF, 0xFB, 0xAB, 0xA5, 0x9F, 0x38, 0xDA, 0xC9, 0x21, 0x8F, 0xCE, 0x98, -+ 0x01, 0x3A, 0xC8, 0xE0, 0xDF, 0xDA, 0xFC, 0xF0, 0xA6, 0x86, 0x29, 0xB5, -+ 0x7F, 0x61, 0xFB, 0xBA, 0xC5, 0x49, 0xB2, 0x7C, 0x6A, 0x26, 0x82, 0xC4, -+ 0x8F, 0xAA, 0x5B, 0x10, 0xD5, 0xEE, 0xA0, 0x55, 0x42, 0xEF, 0x32, 0x5A, -+ 0x3F, 0x55, 0xB3, 0x2C, 0x22, 0xE9, 0x65, 0xDA, 0x8D, 0x0A, 0xB9, 0x70, -+ 0x43, 0xCC, 0x3F, 0x64, 0x9C, 0xB5, 0x65, 0x49, 0xBD, 0x7F, 0x35, 0xC1, -+ 0x20, 0x85, 0x24, 0xFE, 0xAA, 0x6B, 0x37, 0x04, 0xA1, 0x0E, 0x9D, 0x5C, -+ 0xBA, 0x7F, 0x14, 0x69, 0xC5, 0x93, 0xB2, 0x33, 0xC2, 0xC0, 0xC7, 0xDF, -+ 0x7E, 0x9E, 0xA4, 0xB0, 0xA0, 0x64, 0xD2, 0xAC, 0xFC, 0xFD, 0xFD, 0x99, -+ 0x8F, 0x6A, 0x40, 0x26, 0xC1, 0x2E, 0x4E, 0x8B, 0x33, 0xBE, 0xF1, 0x45, -+ 0x59, 0x8F, 0x33, 0x40, 0x1D, 0x2A, 0xD2, 0xF7, 0x50, 0x83, 0x89, 0xCF, -+ 0x94, 0xC6, 0xF8, 0x36, 0xF0, 0x84, 0x0B, 0x85, 0xA5, 0x02, 0xA9, 0x0F, -+ 0x41, 0x7A, 0x77, 0xA3, 0x2F, 0x47, 0x1E, 0x1D, 0xEC, 0xE6, 0xD3, 0x01, -+ 0x1E, 0x6F, 0x7A, 0x96, 0x50, 0x37, 0x37, 0x4B, 0x27, 0x52, 0x0B, 0xDC, -+ 0xDB, 0xC7, 0xA9, 0x31, 0xB2, 0x40, 0xEE, 0x60, 0x41, 0x26, 0x6A, 0x05, -+ 0xCE, 0x08, 0x1D, 0x89 - }; - - static const unsigned char kat_RSA_PSS_SHA224[] = { -- 0x39, 0x4A, 0x6A, 0x20, 0xBC, 0xE9, 0x33, 0xED, 0xEF, 0xC5, 0x58, 0xA7, -- 0xFE, 0x81, 0xC4, 0x36, 0x50, 0x9A, 0x2C, 0x82, 0x98, 0x08, 0x95, 0xFA, -- 0xB1, 0x9E, 0xD2, 0x55, 0x61, 0x87, 0x21, 0x59, 0x87, 0x7B, 0x1F, 0x57, -- 0x30, 0x9D, 0x0D, 0x4A, 0x06, 0xEB, 0x52, 0x37, 0x55, 0x54, 0x1C, 0x89, -- 0x83, 0x75, 0x59, 0x65, 0x64, 0x90, 0x2E, 0x16, 0xCC, 0x86, 0x05, 0xEE, -- 0xB1, 0xE6, 0x7B, 0xBA, 0x16, 0x75, 0x0D, 0x0C, 0x64, 0x0B, 0xAB, 0x22, -- 0x15, 0x78, 0x6B, 0x6F, 0xA4, 0xFB, 0x77, 0x40, 0x64, 0x62, 0xD1, 0xB5, -- 0x37, 0x1E, 0xE0, 0x3D, 0xA8, 0xF9, 0xD2, 0xBD, 0xAA, 0x38, 0x24, 0x49, -- 0x58, 0xD2, 0x74, 0x85, 0xF4, 0xB5, 0x93, 0x8E, 0xF5, 0x03, 0xEA, 0x2D, -- 0xC8, 0x52, 0xFA, 0xCF, 0x7E, 0x35, 0xB0, 0x6A, 0xAF, 0x95, 0xC0, 0x00, -- 0x54, 0x76, 0x3D, 0x0C, 0x9C, 0xB2, 0xEE, 0xC0 -+ 0xB4, 0x01, 0x93, 0x16, 0x05, 0xF6, 0xEB, 0xE2, 0xA4, 0xEB, 0x48, 0xAA, -+ 0x00, 0xF4, 0xA1, 0x99, 0x0A, 0xB4, 0xB6, 0x63, 0xE9, 0x68, 0xCA, 0xB3, -+ 0x13, 0xD7, 0x66, 0x6A, 0xCD, 0xCB, 0x33, 0x9F, 0xE5, 0x84, 0xE2, 0xC3, -+ 0x0B, 0x53, 0xE5, 0x8B, 0x96, 0x4B, 0xDB, 0x2D, 0x80, 0xA4, 0x1D, 0xE3, -+ 0x81, 0xDC, 0x52, 0x99, 0xBA, 0x9B, 0x6A, 0x9D, 0x48, 0x1F, 0x73, 0xF7, -+ 0xAC, 0x09, 0x13, 0xA1, 0x16, 0x2C, 0x60, 0xFB, 0xBC, 0x25, 0xF7, 0x53, -+ 0xD1, 0x04, 0x5A, 0x3F, 0x95, 0x09, 0x5E, 0xE5, 0xA2, 0x7D, 0xFC, 0x2A, -+ 0x51, 0x1D, 0x21, 0xCE, 0x2B, 0x4E, 0x1B, 0xB8, 0xCB, 0xDD, 0x24, 0xEE, -+ 0x99, 0x1D, 0x37, 0xDC, 0xED, 0x5F, 0x2F, 0x48, 0x5E, 0x33, 0x94, 0x06, -+ 0x19, 0xCD, 0x5A, 0x26, 0x85, 0x77, 0x9D, 0xAF, 0x86, 0x97, 0xC9, 0x08, -+ 0xD5, 0x81, 0x0E, 0xB8, 0x9F, 0xB6, 0xAF, 0x20, 0x72, 0xDC, 0x13, 0x4D, -+ 0x7A, 0xE4, 0x5C, 0x81, 0xDE, 0xC0, 0x3D, 0x19, 0x9C, 0x33, 0x11, 0x07, -+ 0xD5, 0xA9, 0x51, 0x67, 0xCD, 0xFD, 0x37, 0x61, 0x14, 0x9F, 0xE7, 0x70, -+ 0x18, 0x32, 0xC3, 0x34, 0x54, 0x0D, 0x4F, 0xB4, 0xAE, 0x9F, 0xEC, 0x64, -+ 0xD8, 0xB2, 0x16, 0xA4, 0xB2, 0x99, 0x92, 0xCB, 0x7F, 0x1F, 0x06, 0x17, -+ 0x5F, 0xA1, 0x07, 0x68, 0xAE, 0xA7, 0x2D, 0x03, 0x91, 0x2A, 0x9D, 0x69, -+ 0xC2, 0x9D, 0x90, 0xF7, 0xF9, 0x66, 0x5D, 0x13, 0xB7, 0x7F, 0xD3, 0x97, -+ 0x45, 0x97, 0x43, 0xD8, 0xCE, 0x3C, 0xF2, 0x98, 0x98, 0xDD, 0xE2, 0x2D, -+ 0xCF, 0xA1, 0xC4, 0x25, 0x46, 0x2E, 0xD2, 0xE5, 0x5F, 0xC6, 0x01, 0xC5, -+ 0x4F, 0x42, 0x2B, 0xDE, 0x0F, 0xEA, 0x4A, 0x4F, 0xC3, 0x5B, 0xDF, 0x9B, -+ 0x5D, 0x30, 0x18, 0x93, 0xD0, 0xDE, 0xC5, 0x09, 0xAA, 0x57, 0x57, 0xBD, -+ 0x2D, 0x84, 0x03, 0xB7 - }; - - static const unsigned char kat_RSA_PSS_SHA256[] = { -- 0x6D, 0x3D, 0xBE, 0x8F, 0x60, 0x6D, 0x25, 0x14, 0xF0, 0x31, 0xE3, 0x89, -- 0x00, 0x97, 0xFA, 0x99, 0x71, 0x28, 0xE5, 0x10, 0x25, 0x9A, 0xF3, 0x8F, -- 0x7B, 0xC5, 0xA8, 0x4A, 0x74, 0x51, 0x36, 0xE2, 0x8D, 0x7D, 0x73, 0x28, -- 0xC1, 0x77, 0xC6, 0x27, 0x97, 0x00, 0x8B, 0x00, 0xA3, 0x96, 0x73, 0x4E, -- 0x7D, 0x2E, 0x2C, 0x34, 0x68, 0x8C, 0x8E, 0xDF, 0x9D, 0x49, 0x47, 0x05, -- 0xAB, 0xF5, 0x01, 0xD6, 0x81, 0x47, 0x70, 0xF5, 0x1D, 0x6D, 0x26, 0xBA, -- 0x2F, 0x7A, 0x54, 0x53, 0x4E, 0xED, 0x71, 0xD9, 0x5A, 0xF3, 0xDA, 0xB6, -- 0x0B, 0x47, 0x34, 0xAF, 0x90, 0xDC, 0xC8, 0xD9, 0x6F, 0x56, 0xCD, 0x9F, -- 0x21, 0xB7, 0x7E, 0xAD, 0x7C, 0x2F, 0x75, 0x50, 0x47, 0x12, 0xE4, 0x6D, -- 0x5F, 0xB7, 0x01, 0xDF, 0xC3, 0x11, 0x6C, 0xA9, 0x9E, 0x49, 0xB9, 0xF6, -- 0x72, 0xF4, 0xF6, 0xEF, 0x88, 0x1E, 0x2D, 0x1C -+ 0x38, 0xDA, 0x99, 0x51, 0x26, 0x38, 0xC6, 0x7F, 0xC4, 0x81, 0x57, 0x19, -+ 0x35, 0xC6, 0xF6, 0x1E, 0x90, 0x47, 0x20, 0x55, 0x47, 0x56, 0x26, 0xE9, -+ 0xF2, 0xA8, 0x39, 0x6C, 0xD5, 0xCD, 0xCB, 0x55, 0xFC, 0x0C, 0xC5, 0xCB, -+ 0xF7, 0x40, 0x17, 0x3B, 0xCF, 0xE4, 0x05, 0x03, 0x3B, 0xA0, 0xB2, 0xC9, -+ 0x0D, 0x5E, 0x48, 0x3A, 0xE9, 0xAD, 0x28, 0x71, 0x7D, 0x8F, 0x89, 0x16, -+ 0x59, 0x93, 0x35, 0xDC, 0x4D, 0x7B, 0xDF, 0x84, 0xE4, 0x68, 0xAA, 0x33, -+ 0xAA, 0xDC, 0x66, 0x50, 0xC8, 0xA9, 0x32, 0x12, 0xDC, 0xC6, 0x90, 0x49, -+ 0x0B, 0x75, 0xFF, 0x9B, 0x95, 0x00, 0x9A, 0x90, 0xE0, 0xD4, 0x0E, 0x67, -+ 0xAB, 0x3C, 0x47, 0x36, 0xC5, 0x2E, 0x1C, 0x46, 0xF0, 0x2D, 0xD3, 0x8B, -+ 0x42, 0x08, 0xDE, 0x0D, 0xB6, 0x2C, 0x86, 0xB0, 0x35, 0x71, 0x18, 0x6B, -+ 0x89, 0x67, 0xC0, 0x05, 0xAD, 0xF4, 0x1D, 0x62, 0x4E, 0x75, 0xEC, 0xD6, -+ 0xC2, 0xDB, 0x07, 0xB0, 0xB6, 0x8D, 0x15, 0xAD, 0xCD, 0xBF, 0xF5, 0x60, -+ 0x76, 0xAE, 0x48, 0xB8, 0x77, 0x7F, 0xC5, 0x01, 0xD9, 0x29, 0xBB, 0xD6, -+ 0x17, 0xA2, 0x20, 0x5A, 0xC0, 0x4A, 0x3B, 0x34, 0xC8, 0xB9, 0x39, 0xCF, -+ 0x06, 0x89, 0x95, 0x6F, 0xC7, 0xCA, 0xC4, 0xE4, 0x43, 0xDF, 0x5A, 0x23, -+ 0xE2, 0x89, 0xA3, 0x38, 0x78, 0x31, 0x38, 0xC6, 0xA4, 0x6F, 0x5F, 0x73, -+ 0x5A, 0xE5, 0x9E, 0x09, 0xE7, 0x6F, 0xD4, 0xF8, 0x3E, 0xB7, 0xB0, 0x56, -+ 0x9A, 0xF3, 0x65, 0xF0, 0xC2, 0xA6, 0x8A, 0x08, 0xBA, 0x44, 0xAC, 0x97, -+ 0xDE, 0xB4, 0x16, 0x83, 0xDF, 0xE3, 0xEE, 0x71, 0xFA, 0xF9, 0x51, 0x50, -+ 0x14, 0xDC, 0xFD, 0x6A, 0x82, 0x20, 0x68, 0x64, 0x7D, 0x4E, 0x82, 0x68, -+ 0xD7, 0x45, 0xFA, 0x6A, 0xE4, 0xE5, 0x29, 0x3A, 0x70, 0xFB, 0xE4, 0x62, -+ 0x2B, 0x31, 0xB9, 0x7D - }; - - static const unsigned char kat_RSA_PSS_SHA384[] = { -- 0x40, 0xFB, 0xA1, 0x21, 0xF4, 0xB2, 0x40, 0x9A, 0xB4, 0x31, 0xA8, 0xF2, -- 0xEC, 0x1C, 0xC4, 0xC8, 0x7C, 0x22, 0x65, 0x9C, 0x57, 0x45, 0xCD, 0x5E, -- 0x86, 0x00, 0xF7, 0x25, 0x78, 0xDE, 0xDC, 0x7A, 0x71, 0x44, 0x9A, 0xCD, -- 0xAA, 0x25, 0xF4, 0xB2, 0xFC, 0xF0, 0x75, 0xD9, 0x2F, 0x78, 0x23, 0x7F, -- 0x6F, 0x02, 0xEF, 0xC1, 0xAF, 0xA6, 0x28, 0x16, 0x31, 0xDC, 0x42, 0x6C, -- 0xB2, 0x44, 0xE5, 0x4D, 0x66, 0xA2, 0xE6, 0x71, 0xF3, 0xAC, 0x4F, 0xFB, -- 0x91, 0xCA, 0xF5, 0x70, 0xEF, 0x6B, 0x9D, 0xA4, 0xEF, 0xD9, 0x3D, 0x2F, -- 0x3A, 0xBE, 0x89, 0x38, 0x59, 0x01, 0xBA, 0xDA, 0x32, 0xAD, 0x42, 0x89, -- 0x98, 0x8B, 0x39, 0x44, 0xF0, 0xFC, 0x38, 0xAC, 0x87, 0x1F, 0xCA, 0x6F, -- 0x48, 0xF6, 0xAE, 0xD7, 0x45, 0xEE, 0xAE, 0x88, 0x0E, 0x60, 0xF4, 0x55, -- 0x48, 0x44, 0xEE, 0x1F, 0x90, 0x18, 0x4B, 0xF1 -+ 0x99, 0x02, 0xC9, 0x1E, 0x31, 0x82, 0xB4, 0xE6, 0x1B, 0x32, 0xCE, 0x5D, -+ 0x41, 0x1D, 0x00, 0x2F, 0x04, 0x8B, 0xBD, 0x37, 0x79, 0xCF, 0x77, 0x03, -+ 0x05, 0x6A, 0x21, 0xC7, 0x8D, 0x24, 0x60, 0x49, 0x39, 0x58, 0xC5, 0x27, -+ 0x8F, 0xC5, 0x97, 0x4A, 0xB2, 0xE1, 0xD4, 0x36, 0x57, 0xBD, 0x43, 0xCC, -+ 0x7B, 0xCE, 0xF2, 0xA5, 0x30, 0xF8, 0x72, 0x14, 0xBB, 0xD0, 0x9F, 0xC1, -+ 0x49, 0xC8, 0x1C, 0xAF, 0xCD, 0x95, 0x78, 0x72, 0x25, 0xF9, 0x45, 0xC6, -+ 0x5B, 0x62, 0x5E, 0x01, 0xD7, 0x40, 0x5E, 0xC8, 0xCA, 0x0A, 0xF3, 0xBA, -+ 0x08, 0x07, 0x88, 0xCA, 0x49, 0x36, 0x84, 0x7D, 0xF6, 0xFC, 0x5A, 0xDB, -+ 0xFC, 0x50, 0xD3, 0xEB, 0x3D, 0x83, 0xB0, 0xF5, 0x94, 0x5E, 0x88, 0xC3, -+ 0x82, 0xCD, 0x53, 0x40, 0x96, 0x18, 0x6B, 0x4A, 0x6C, 0x9C, 0xFE, 0xE5, -+ 0x3B, 0x75, 0xF9, 0xEB, 0xA5, 0x77, 0x11, 0xEF, 0x88, 0x1C, 0x25, 0x70, -+ 0x7D, 0x88, 0x5D, 0xC3, 0xCA, 0xE1, 0x49, 0x14, 0x90, 0xAD, 0xF2, 0x5E, -+ 0x49, 0xD7, 0x99, 0xA5, 0x7B, 0x77, 0x3B, 0x8E, 0xB8, 0xDB, 0xF1, 0x4C, -+ 0xD6, 0x9A, 0xDC, 0xE5, 0x7A, 0x1C, 0xE1, 0xCE, 0x9D, 0xF1, 0xF3, 0xA0, -+ 0x0A, 0x35, 0x52, 0x9D, 0xB9, 0x46, 0x94, 0x82, 0x0F, 0xF7, 0xB2, 0x62, -+ 0x51, 0x70, 0x75, 0xD2, 0x37, 0x96, 0x67, 0x2F, 0xD0, 0x22, 0xD8, 0x07, -+ 0x8D, 0x69, 0x9E, 0x6D, 0x0B, 0x40, 0x4F, 0x70, 0xEC, 0x0B, 0xCA, 0x88, -+ 0x80, 0x8D, 0x9A, 0xF4, 0xF9, 0x18, 0x50, 0x27, 0x08, 0xFA, 0xCC, 0xC7, -+ 0x3F, 0xE4, 0x84, 0x83, 0xA1, 0xB6, 0x1D, 0x23, 0x34, 0xFE, 0x48, 0xE5, -+ 0xE3, 0xAE, 0x4D, 0x98, 0xBC, 0xA6, 0x8A, 0x9F, 0xFD, 0x4D, 0xDB, 0x9D, -+ 0xF7, 0xEB, 0x4E, 0xB6, 0x6F, 0x25, 0xEA, 0x7A, 0xE9, 0x85, 0xB2, 0xEF, -+ 0x90, 0xD2, 0xA6, 0x2B - }; - - static const unsigned char kat_RSA_PSS_SHA512[] = { -- 0x07, 0x1E, 0xD8, 0xD5, 0x05, 0xE8, 0xE6, 0xE6, 0x57, 0xAE, 0x63, 0x8C, -- 0xC6, 0x83, 0xB7, 0xA0, 0x59, 0xBB, 0xF2, 0xC6, 0x8F, 0x12, 0x53, 0x9A, -- 0x9B, 0x54, 0x9E, 0xB3, 0xC1, 0x1D, 0x23, 0x4D, 0x51, 0xED, 0x9E, 0xDD, -- 0x4B, 0xF3, 0x46, 0x9B, 0x6B, 0xF6, 0x7C, 0x24, 0x60, 0x79, 0x23, 0x39, -- 0x01, 0x1C, 0x51, 0xCB, 0xD8, 0xE9, 0x9A, 0x01, 0x67, 0x5F, 0xFE, 0xD7, -- 0x7C, 0xE3, 0x7F, 0xED, 0xDB, 0x87, 0xBB, 0xF0, 0x3D, 0x78, 0x55, 0x61, -- 0x57, 0xE3, 0x0F, 0xE3, 0xD2, 0x9D, 0x0C, 0x2A, 0x20, 0xB0, 0x85, 0x13, -- 0xC5, 0x47, 0x34, 0x0D, 0x32, 0x15, 0xC8, 0xAE, 0x9A, 0x6A, 0x39, 0x63, -- 0x2D, 0x60, 0xF5, 0x4C, 0xDF, 0x8A, 0x48, 0x4B, 0xBF, 0xF4, 0xA8, 0xFE, -- 0x76, 0xF2, 0x32, 0x1B, 0x9C, 0x7C, 0xCA, 0xFE, 0x7F, 0x80, 0xC2, 0x88, -- 0x5C, 0x97, 0x70, 0xB4, 0x26, 0xC9, 0x14, 0x8B -+ 0x3F, 0x83, 0x43, 0x78, 0x25, 0xBE, 0x81, 0xB2, 0x6E, 0x78, 0x11, 0x32, -+ 0xD0, 0x88, 0x05, 0x53, 0x95, 0xED, 0x81, 0x12, 0xCE, 0x50, 0xD9, 0x06, -+ 0x42, 0x89, 0xA0, 0x55, 0x7A, 0x05, 0x13, 0x94, 0x35, 0x9B, 0xCA, 0x5D, -+ 0xCB, 0xB2, 0x32, 0xE1, 0x04, 0x99, 0xEC, 0xE7, 0xA6, 0x69, 0x4D, 0x2B, -+ 0xC1, 0x57, 0x13, 0x48, 0x0D, 0x6B, 0x4D, 0x83, 0x28, 0x06, 0x79, 0x9D, -+ 0xB4, 0x70, 0xCE, 0xC0, 0xFC, 0x3B, 0x69, 0xB3, 0x91, 0x54, 0xA9, 0x44, -+ 0x2E, 0xDA, 0x4A, 0xC5, 0xC2, 0x99, 0xF0, 0xDE, 0xCA, 0x77, 0x99, 0x6B, -+ 0x0C, 0x79, 0xE5, 0x29, 0x74, 0x83, 0x69, 0xEA, 0xB8, 0x72, 0x30, 0x3D, -+ 0x7A, 0x30, 0xE1, 0x03, 0x7B, 0x09, 0xE6, 0x11, 0xC0, 0xDC, 0xFF, 0xFD, -+ 0xBD, 0xEC, 0x9C, 0xCC, 0x46, 0x7B, 0x4C, 0x4C, 0x59, 0xBE, 0x82, 0x7C, -+ 0xF5, 0x60, 0x5A, 0xC3, 0xE8, 0xA8, 0x8A, 0x38, 0x9E, 0x01, 0x57, 0xF1, -+ 0x79, 0x3A, 0x7C, 0xA3, 0x9F, 0x12, 0x1A, 0x4F, 0x2E, 0xA2, 0xE5, 0x0A, -+ 0xAB, 0xC0, 0xF4, 0xA5, 0xE3, 0x5F, 0x89, 0x1C, 0x8F, 0xA4, 0x5E, 0xCE, -+ 0x0D, 0x91, 0x05, 0x1B, 0x17, 0x62, 0x48, 0xFE, 0xA5, 0x4C, 0xEF, 0x2D, -+ 0x28, 0xF1, 0x5E, 0xE6, 0xD1, 0x30, 0x89, 0x0A, 0xAD, 0x18, 0xAF, 0x6F, -+ 0x04, 0x09, 0x36, 0x9A, 0xFF, 0xCA, 0xA1, 0xA7, 0x05, 0x7F, 0xD4, 0xBF, -+ 0x3A, 0xB5, 0x42, 0x6D, 0xE9, 0x07, 0x29, 0x65, 0x8B, 0xAD, 0x4D, 0x0F, -+ 0x22, 0xE1, 0x59, 0x43, 0x68, 0x87, 0xA8, 0x8B, 0xBC, 0x69, 0xA1, 0x94, -+ 0x22, 0x3E, 0x8A, 0x49, 0xE8, 0xA3, 0x6F, 0xC2, 0x93, 0x58, 0xE7, 0xAE, -+ 0xC9, 0x1F, 0xCF, 0x61, 0x93, 0xFC, 0xC1, 0xF6, 0xF3, 0x27, 0x7F, 0x0A, -+ 0x90, 0xE0, 0x65, 0x32, 0x57, 0x47, 0xE2, 0xED, 0x08, 0x59, 0xA6, 0xF0, -+ 0x17, 0x2C, 0x13, 0xE0 - }; - - static const unsigned char kat_RSA_SHA1[] = { -- 0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C, -- 0x4A, 0xFD, 0x1A, 0x05, 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B, -- 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, 0x55, 0x77, 0x90, 0xCF, -- 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8, -- 0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1, -- 0x20, 0x22, 0xBE, 0x59, 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA, -- 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, 0x4E, 0xCA, 0x2E, 0x4E, -- 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F, -- 0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F, -- 0x72, 0x05, 0xDE, 0xE6, 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95, -- 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4 -+ 0x3B, 0x60, 0x4B, 0xFC, 0x54, 0x28, 0x23, 0xE6, 0x2F, 0x05, 0x04, 0xBA, -+ 0x9D, 0xE4, 0x3C, 0xB8, 0x5B, 0x60, 0x5C, 0xCD, 0x9D, 0xEA, 0xC3, 0x4C, -+ 0xC2, 0x33, 0xE6, 0xC6, 0x21, 0x48, 0x76, 0xEC, 0xB2, 0xF5, 0x11, 0xDE, -+ 0x44, 0xB4, 0xAF, 0x16, 0x11, 0xC3, 0x18, 0x16, 0xB3, 0x69, 0xBB, 0x94, -+ 0xED, 0xE8, 0xB3, 0x9E, 0xB1, 0x43, 0x8E, 0xCE, 0xB4, 0x34, 0x9B, 0x08, -+ 0x22, 0xAF, 0x31, 0x73, 0xB5, 0xFA, 0x11, 0x7E, 0x8F, 0x13, 0x52, 0xEC, -+ 0xC9, 0x03, 0xEE, 0x0D, 0x2B, 0x91, 0x32, 0xF2, 0x8E, 0xDF, 0x02, 0xE0, -+ 0x0A, 0x47, 0xD2, 0x0A, 0x51, 0x00, 0x1A, 0x30, 0x6F, 0x0C, 0xB3, 0x54, -+ 0x64, 0x20, 0x90, 0x0C, 0x01, 0xBE, 0xC0, 0x42, 0x8C, 0x5D, 0x18, 0x6F, -+ 0x32, 0x75, 0x45, 0x7B, 0x1C, 0x04, 0xA2, 0x9F, 0x84, 0xD7, 0xF5, 0x3A, -+ 0x95, 0xD4, 0xE8, 0x8D, 0xEC, 0x99, 0xEF, 0x18, 0x5E, 0x64, 0xD3, 0xAF, -+ 0xF8, 0xD4, 0xFF, 0x3C, 0x87, 0xA0, 0x3F, 0xC7, 0x22, 0x05, 0xFD, 0xFD, -+ 0x29, 0x8A, 0x28, 0xDA, 0xA9, 0x8A, 0x8B, 0x23, 0x62, 0x9D, 0x42, 0xB8, -+ 0x4A, 0x76, 0x0D, 0x9F, 0x9A, 0xE0, 0xE6, 0xDD, 0xAD, 0x5E, 0x5F, 0xD5, -+ 0x32, 0xE9, 0x4B, 0x97, 0x7D, 0x62, 0x0A, 0xB3, 0xBE, 0xF2, 0x8C, 0x1F, -+ 0x2B, 0x22, 0x06, 0x15, 0x33, 0x71, 0xED, 0x9B, 0xA0, 0x82, 0xCE, 0xBF, -+ 0x3B, 0x08, 0x5F, 0xA7, 0x20, 0x94, 0x09, 0xEB, 0x82, 0xA5, 0x41, 0x60, -+ 0xF1, 0x08, 0xEB, 0x8D, 0xCC, 0x8D, 0xC9, 0x52, 0x0A, 0xAF, 0xF4, 0xF9, -+ 0x9F, 0x82, 0xD8, 0x0B, 0x75, 0x5E, 0xE4, 0xAF, 0x65, 0x96, 0xAF, 0xFC, -+ 0x33, 0xBF, 0x9F, 0x3E, 0xA4, 0x7B, 0x86, 0xC7, 0xF7, 0x47, 0xAB, 0x37, -+ 0x05, 0xD6, 0x0D, 0x31, 0x72, 0x8C, 0x80, 0x1E, 0xA9, 0x54, 0xFC, 0xDF, -+ 0x27, 0x90, 0xE2, 0x01 - }; - - static const unsigned char kat_RSA_SHA224[] = { -- 0x62, 0xAA, 0x79, 0xA9, 0x18, 0x0E, 0x5F, 0x8C, 0xBB, 0xB7, 0x15, 0xF9, -- 0x25, 0xBB, 0xFA, 0xD4, 0x3A, 0x34, 0xED, 0x9E, 0xA0, 0xA9, 0x18, 0x8D, -- 0x5B, 0x55, 0x9A, 0x7E, 0x1E, 0x08, 0x08, 0x60, 0xC5, 0x1A, 0xC5, 0x89, -- 0x08, 0xE2, 0x1B, 0xBD, 0x62, 0x50, 0x17, 0x76, 0x30, 0x2C, 0x9E, 0xCD, -- 0xA4, 0x02, 0xAD, 0xB1, 0x6D, 0x44, 0x6D, 0xD5, 0xC6, 0x45, 0x41, 0xE5, -- 0xEE, 0x1F, 0x8D, 0x7E, 0x08, 0x16, 0xA6, 0xE1, 0x5E, 0x0B, 0xA9, 0xCC, -- 0xDB, 0x59, 0x55, 0x87, 0x09, 0x25, 0x70, 0x86, 0x84, 0x02, 0xC6, 0x3B, -- 0x0B, 0x44, 0x4C, 0x46, 0x95, 0xF4, 0xF8, 0x5A, 0x91, 0x28, 0x3E, 0xB2, -- 0x58, 0x2E, 0x06, 0x45, 0x49, 0xE0, 0x92, 0xE2, 0xC0, 0x66, 0xE6, 0x35, -- 0xD9, 0x79, 0x7F, 0x17, 0x5E, 0x02, 0x73, 0x04, 0x77, 0x82, 0xE6, 0xDC, -- 0x40, 0x21, 0x89, 0x8B, 0x37, 0x3E, 0x1E, 0x8D -+ 0xA2, 0xD8, 0x42, 0x53, 0xDD, 0xBF, 0x1F, 0x6B, 0x07, 0xE0, 0x60, 0x86, -+ 0x5A, 0x60, 0x06, 0x8F, 0x44, 0xD9, 0xB0, 0x4A, 0xAA, 0x90, 0x71, 0xB8, -+ 0xB2, 0xBC, 0x30, 0x41, 0x50, 0xBB, 0xFD, 0x46, 0x98, 0x4D, 0xC0, 0x89, -+ 0x57, 0x85, 0x8A, 0x97, 0x49, 0x25, 0xA8, 0x0C, 0x69, 0x70, 0x19, 0x39, -+ 0x66, 0x24, 0xB4, 0x69, 0x47, 0xD2, 0x7C, 0xDE, 0x2D, 0x37, 0x59, 0xB3, -+ 0xE3, 0xC7, 0x6B, 0xDD, 0xBE, 0xE1, 0xE6, 0x28, 0x9A, 0x8D, 0x42, 0x3E, -+ 0x28, 0x01, 0xD7, 0x03, 0xC9, 0x73, 0xC3, 0x6B, 0x03, 0xEC, 0x1E, 0xF8, -+ 0x53, 0x8B, 0x52, 0x42, 0x89, 0x55, 0xB7, 0x87, 0xA9, 0x94, 0xC2, 0xB4, -+ 0x4B, 0x76, 0xF5, 0x61, 0x47, 0xE1, 0x44, 0x7B, 0xEC, 0xB4, 0x25, 0x66, -+ 0xC0, 0xFF, 0xEB, 0x86, 0x24, 0xAA, 0xA8, 0x72, 0xC7, 0xFB, 0xFB, 0xF6, -+ 0x84, 0xA7, 0x5B, 0xD4, 0x87, 0xE5, 0x84, 0x56, 0x1E, 0x4C, 0xE5, 0xBC, -+ 0x87, 0x94, 0xAC, 0x9C, 0x1B, 0x3D, 0xF7, 0xD4, 0x36, 0x85, 0x9F, 0xC9, -+ 0xF6, 0x43, 0x3F, 0xB6, 0x25, 0x33, 0x48, 0x0F, 0xE5, 0x7C, 0xCD, 0x53, -+ 0x48, 0xEB, 0x02, 0x11, 0xB9, 0x9E, 0xC3, 0xB4, 0xE1, 0x54, 0xD6, 0xAA, -+ 0x1A, 0x9E, 0x10, 0xE1, 0x27, 0x25, 0xF2, 0xE1, 0xAB, 0xAB, 0x6C, 0x45, -+ 0x61, 0xD5, 0xA3, 0x6C, 0xB6, 0x33, 0x52, 0xAE, 0x3D, 0xFD, 0x22, 0xFC, -+ 0x3A, 0xAB, 0x63, 0x94, 0xB5, 0x3A, 0x69, 0x11, 0xAC, 0x99, 0x4F, 0x33, -+ 0x67, 0x0A, 0x1A, 0x70, 0x1E, 0xB9, 0xE2, 0x26, 0x27, 0x68, 0xEA, 0xF5, -+ 0x97, 0x55, 0xAC, 0x83, 0x6A, 0x40, 0x3B, 0x56, 0xAE, 0x13, 0x88, 0xE8, -+ 0x98, 0x72, 0x52, 0x91, 0x7F, 0x78, 0x0A, 0x18, 0xD4, 0x44, 0x78, 0x83, -+ 0x0D, 0x44, 0x77, 0xA6, 0xF3, 0x04, 0xF1, 0x8C, 0xBC, 0x2F, 0xF9, 0x5B, -+ 0xDB, 0x70, 0x00, 0xF6 - }; - - static const unsigned char kat_RSA_SHA256[] = { -- 0x0D, 0x55, 0xE2, 0xAA, 0x81, 0xDB, 0x8E, 0x82, 0x05, 0x17, 0xA5, 0x23, -- 0xE7, 0x3B, 0x1D, 0xAF, 0xFB, 0x8C, 0xD0, 0x81, 0x20, 0x7B, 0xAA, 0x23, -- 0x92, 0x87, 0x8C, 0xD1, 0x53, 0x85, 0x16, 0xDC, 0xBE, 0xAD, 0x6F, 0x35, -- 0x98, 0x2D, 0x69, 0x84, 0xBF, 0xD9, 0x8A, 0x01, 0x17, 0x58, 0xB2, 0x6E, -- 0x2C, 0x44, 0x9B, 0x90, 0xF1, 0xFB, 0x51, 0xE8, 0x6A, 0x90, 0x2D, 0x18, -- 0x0E, 0xC0, 0x90, 0x10, 0x24, 0xA9, 0x1D, 0xB3, 0x58, 0x7A, 0x91, 0x30, -- 0xBE, 0x22, 0xC7, 0xD3, 0xEC, 0xC3, 0x09, 0x5D, 0xBF, 0xE2, 0x80, 0x3A, -- 0x7C, 0x85, 0xB4, 0xBC, 0xD1, 0xE9, 0xF0, 0x5C, 0xDE, 0x81, 0xA6, 0x38, -- 0xB8, 0x42, 0xBB, 0x86, 0xC5, 0x9D, 0xCE, 0x7C, 0x2C, 0xEE, 0xD1, 0xDA, -- 0x27, 0x48, 0x2B, 0xF5, 0xAB, 0xB9, 0xF7, 0x80, 0xD1, 0x90, 0x27, 0x90, -- 0xBD, 0x44, 0x97, 0x60, 0xCD, 0x57, 0xC0, 0x7A -+ 0xC2, 0xB1, 0x97, 0x00, 0x9A, 0xE5, 0x80, 0x6A, 0xE2, 0x51, 0x68, 0xB9, -+ 0x7A, 0x0C, 0xF2, 0xB4, 0x77, 0xED, 0x15, 0x0C, 0x4E, 0xE1, 0xDC, 0xFF, -+ 0x8E, 0xBC, 0xDE, 0xC7, 0x9A, 0x96, 0xF1, 0x47, 0x45, 0x24, 0x9D, 0x6F, -+ 0xA6, 0xF3, 0x1D, 0x0D, 0x35, 0x4C, 0x1A, 0xF3, 0x58, 0x2C, 0x6C, 0x06, -+ 0xD6, 0x22, 0x37, 0x77, 0x8C, 0x33, 0xE5, 0x07, 0x53, 0x93, 0x28, 0xCF, -+ 0x67, 0xFA, 0xC4, 0x1F, 0x1B, 0x24, 0xDB, 0x4C, 0xC5, 0x2A, 0x51, 0xA2, -+ 0x60, 0x15, 0x8C, 0x54, 0xB4, 0x30, 0xE2, 0x24, 0x47, 0x86, 0xF2, 0xF8, -+ 0x6C, 0xD6, 0x12, 0x59, 0x2C, 0x74, 0x9A, 0x37, 0xF3, 0xC4, 0xA2, 0xD5, -+ 0x4E, 0x1F, 0x77, 0xF0, 0x27, 0xCE, 0x77, 0xF8, 0x4A, 0x79, 0x03, 0xBE, -+ 0xC8, 0x06, 0x2D, 0xA7, 0xA6, 0x46, 0xF5, 0x55, 0x79, 0xD7, 0x5C, 0xC6, -+ 0x5B, 0xB1, 0x00, 0x4E, 0x7C, 0xD9, 0x11, 0x85, 0xE0, 0xB1, 0x4D, 0x2D, -+ 0x13, 0xD7, 0xAC, 0xEA, 0x64, 0xD1, 0xAC, 0x8F, 0x8D, 0x8F, 0xEA, 0x42, -+ 0x7F, 0xF9, 0xB7, 0x7D, 0x2C, 0x68, 0x49, 0x07, 0x7A, 0x74, 0xEF, 0xB4, -+ 0xC9, 0x97, 0x16, 0x5C, 0x6C, 0x6E, 0x5C, 0x09, 0x2E, 0x8E, 0x13, 0x2E, -+ 0x1A, 0x8D, 0xA6, 0x0C, 0x6E, 0x0C, 0x1C, 0x0F, 0xCC, 0xB2, 0x78, 0x8A, -+ 0x07, 0xFC, 0x5C, 0xC2, 0xF5, 0x65, 0xEC, 0xAB, 0x8B, 0x3C, 0xCA, 0x91, -+ 0x6F, 0x84, 0x7C, 0x21, 0x0E, 0xB8, 0xDA, 0x7B, 0x6C, 0xF7, 0xDF, 0xAB, -+ 0x7E, 0x15, 0xFD, 0x85, 0x0B, 0x33, 0x9B, 0x6A, 0x3A, 0xC3, 0xEF, 0x65, -+ 0x04, 0x6E, 0xB2, 0xAC, 0x98, 0xFD, 0xEB, 0x02, 0xF5, 0xC0, 0x0B, 0x5E, -+ 0xCB, 0xD4, 0x83, 0x82, 0x18, 0x1B, 0xDA, 0xB4, 0xCD, 0xE8, 0x71, 0x6B, -+ 0x1D, 0xB5, 0x4F, 0xE9, 0xD6, 0x43, 0xA0, 0x0A, 0x14, 0xA0, 0xE7, 0x5D, -+ 0x47, 0x9D, 0x18, 0xD7 - }; - - static const unsigned char kat_RSA_SHA384[] = { -- 0x1D, 0xE3, 0x6A, 0xDD, 0x27, 0x4C, 0xC0, 0xA5, 0x27, 0xEF, 0xE6, 0x1F, -- 0xD2, 0x91, 0x68, 0x59, 0x04, 0xAE, 0xBD, 0x99, 0x63, 0x56, 0x47, 0xC7, -- 0x6F, 0x22, 0x16, 0x48, 0xD0, 0xF9, 0x18, 0xA9, 0xCA, 0xFA, 0x5D, 0x5C, -- 0xA7, 0x65, 0x52, 0x8A, 0xC8, 0x44, 0x7E, 0x86, 0x5D, 0xA9, 0xA6, 0x55, -- 0x65, 0x3E, 0xD9, 0x2D, 0x02, 0x38, 0xA8, 0x79, 0x28, 0x7F, 0xB6, 0xCF, -- 0x82, 0xDD, 0x7E, 0x55, 0xE1, 0xB1, 0xBC, 0xE2, 0x19, 0x2B, 0x30, 0xC2, -- 0x1B, 0x2B, 0xB0, 0x82, 0x46, 0xAC, 0x4B, 0xD1, 0xE2, 0x7D, 0xEB, 0x8C, -- 0xFF, 0x95, 0xE9, 0x6A, 0x1C, 0x3D, 0x4D, 0xBF, 0x8F, 0x8B, 0x9C, 0xCD, -- 0xEA, 0x85, 0xEE, 0x00, 0xDC, 0x1C, 0xA7, 0xEB, 0xD0, 0x8F, 0x99, 0xF1, -- 0x16, 0x28, 0x24, 0x64, 0x04, 0x39, 0x2D, 0x58, 0x1E, 0x37, 0xDC, 0x04, -- 0xBD, 0x31, 0xA2, 0x2F, 0xB3, 0x35, 0x56, 0xBF -+ 0x11, 0x5E, 0x63, 0xFE, 0x47, 0xAA, 0x6A, 0x84, 0xEB, 0x44, 0x9A, 0x00, -+ 0x96, 0x4A, 0xED, 0xD2, 0xA7, 0x67, 0x3A, 0x64, 0x82, 0x30, 0x61, 0x2D, -+ 0xE3, 0xF5, 0x49, 0x68, 0x5E, 0x60, 0xD2, 0x4D, 0xEF, 0xF2, 0xA4, 0xB2, -+ 0x9A, 0x81, 0x1D, 0x41, 0xA5, 0x73, 0x59, 0xEB, 0xBB, 0xC4, 0x9E, 0x2B, -+ 0xEB, 0xC3, 0xDE, 0x3A, 0xEA, 0xF5, 0xAD, 0xDA, 0x87, 0x08, 0x68, 0xCF, -+ 0x12, 0x9B, 0xC1, 0xE4, 0xA7, 0x71, 0xF8, 0xBD, 0x6B, 0x6F, 0x50, 0xF1, -+ 0xD1, 0xFF, 0xCE, 0x6C, 0xD9, 0xBE, 0xDA, 0x76, 0xF3, 0xEB, 0xAB, 0x9C, -+ 0x41, 0x6E, 0x4F, 0x35, 0x7A, 0x61, 0x27, 0xBC, 0x03, 0x3E, 0xAE, 0x3E, -+ 0x1B, 0xDD, 0xAC, 0xD9, 0x1A, 0xFF, 0xD3, 0xF5, 0x66, 0x43, 0x07, 0x76, -+ 0x8A, 0x69, 0x2D, 0x14, 0xB1, 0xBE, 0x55, 0x49, 0x90, 0x89, 0x4B, 0xC4, -+ 0x11, 0x67, 0xD5, 0x9D, 0xB0, 0xB2, 0xEE, 0x8D, 0x0A, 0x47, 0x4A, 0xD9, -+ 0x0E, 0xD1, 0x24, 0xF0, 0x30, 0x2B, 0xF2, 0x79, 0x47, 0xDB, 0x70, 0xB4, -+ 0x46, 0xF2, 0xF8, 0xB7, 0xB4, 0xF6, 0x34, 0x79, 0xA8, 0x2D, 0x3D, 0x56, -+ 0xD5, 0x9A, 0x60, 0x7A, 0x04, 0xC7, 0x66, 0x1D, 0xCD, 0x3C, 0xD5, 0x39, -+ 0x37, 0x12, 0x51, 0x5E, 0x9F, 0xF8, 0x1A, 0xAF, 0x13, 0xC1, 0x13, 0x00, -+ 0x35, 0xD5, 0x8D, 0x17, 0xE3, 0x02, 0x28, 0xD9, 0xEC, 0xDE, 0xD1, 0x2F, -+ 0x93, 0x49, 0x03, 0x11, 0x3E, 0x56, 0x9D, 0xC2, 0x31, 0xF8, 0xAF, 0x2D, -+ 0xD9, 0x99, 0xB7, 0x8A, 0xAC, 0x5A, 0x86, 0x20, 0x3A, 0x83, 0x29, 0x26, -+ 0x9D, 0x03, 0x52, 0x2B, 0x34, 0x56, 0x40, 0x16, 0x53, 0x50, 0x82, 0xC9, -+ 0xC7, 0xD5, 0x51, 0x4C, 0xED, 0xB3, 0xE2, 0xE1, 0xCF, 0xA8, 0xCE, 0xBD, -+ 0xB1, 0x48, 0xA6, 0x8A, 0x79, 0x17, 0x55, 0x11, 0xEF, 0xE8, 0x14, 0xF4, -+ 0x7E, 0x37, 0x1D, 0x96 - }; - - static const unsigned char kat_RSA_SHA512[] = { -- 0x69, 0x52, 0x1B, 0x51, 0x5E, 0x06, 0xCA, 0x9B, 0x16, 0x51, 0x5D, 0xCF, -- 0x49, 0x25, 0x4A, 0xA1, 0x6A, 0x77, 0x4C, 0x36, 0x40, 0xF8, 0xB2, 0x9A, -- 0x15, 0xEA, 0x5C, 0xE5, 0xE6, 0x82, 0xE0, 0x86, 0x82, 0x6B, 0x32, 0xF1, -- 0x04, 0xC1, 0x5A, 0x1A, 0xED, 0x1E, 0x9A, 0xB6, 0x4C, 0x54, 0x9F, 0xD8, -- 0x8D, 0xCC, 0xAC, 0x8A, 0xBB, 0x9C, 0x82, 0x3F, 0xA6, 0x53, 0x62, 0xB5, -- 0x80, 0xE2, 0xBC, 0xDD, 0x67, 0x2B, 0xD9, 0x3F, 0xE4, 0x75, 0x92, 0x6B, -- 0xAF, 0x62, 0x7C, 0x52, 0xF0, 0xEE, 0x33, 0xDF, 0x1B, 0x1D, 0x47, 0xE6, -- 0x59, 0x56, 0xA5, 0xB9, 0x5C, 0xE6, 0x77, 0x78, 0x16, 0x63, 0x84, 0x05, -- 0x6F, 0x0E, 0x2B, 0x31, 0x9D, 0xF7, 0x7F, 0xB2, 0x64, 0x71, 0xE0, 0x2D, -- 0x3E, 0x62, 0xCE, 0xB5, 0x3F, 0x88, 0xDF, 0x2D, 0xAB, 0x98, 0x65, 0x91, -- 0xDF, 0x70, 0x14, 0xA5, 0x3F, 0x36, 0xAB, 0x84 -+ 0x35, 0x6D, 0xF1, 0x9E, 0xCF, 0xB1, 0xF6, 0x0C, 0x04, 0x21, 0x17, 0xB3, -+ 0xC4, 0x9D, 0xFE, 0x62, 0x1C, 0x1A, 0x45, 0x00, 0x2E, 0x6B, 0xB6, 0x9F, -+ 0x5C, 0xB1, 0xCB, 0xCF, 0xF9, 0x67, 0xEA, 0x62, 0x8A, 0xEB, 0x77, 0x02, -+ 0x42, 0x30, 0x88, 0xB1, 0x48, 0xDF, 0x12, 0x60, 0x6E, 0x92, 0xBB, 0x4B, -+ 0x09, 0x68, 0xD1, 0x70, 0x2B, 0x59, 0xEE, 0x57, 0x96, 0xF9, 0xEA, 0xA3, -+ 0x4C, 0xE9, 0xC9, 0xBD, 0x25, 0x34, 0x66, 0x15, 0x6C, 0xC9, 0x81, 0xD1, -+ 0x48, 0x0F, 0x33, 0x5F, 0x05, 0x4F, 0xC2, 0xC4, 0xDD, 0x09, 0x54, 0x79, -+ 0xA1, 0x57, 0x07, 0x70, 0xA0, 0x33, 0x02, 0x4D, 0x5D, 0xE9, 0x24, 0xD1, -+ 0xEF, 0xF0, 0x61, 0xD0, 0x1D, 0x41, 0xE2, 0x9B, 0x2B, 0x7C, 0xD0, 0x4E, -+ 0x55, 0xD9, 0x6D, 0xA1, 0x16, 0x9F, 0xDA, 0xC3, 0x3B, 0xF1, 0x74, 0xD1, -+ 0x99, 0xF1, 0x63, 0x57, 0xAD, 0xC7, 0x55, 0xF4, 0x97, 0x43, 0x1C, 0xED, -+ 0x1B, 0x7A, 0x32, 0xCB, 0x24, 0xA6, 0x3D, 0x93, 0x37, 0x90, 0x74, 0xEE, -+ 0xD2, 0x8D, 0x4B, 0xBC, 0x72, 0xDA, 0x25, 0x2B, 0x64, 0xE9, 0xCA, 0x69, -+ 0x36, 0xB6, 0xEC, 0x6E, 0x8F, 0x33, 0x0E, 0x74, 0x40, 0x48, 0x51, 0xE2, -+ 0x54, 0x6F, 0xAF, 0x6E, 0x36, 0x54, 0x3A, 0xEC, 0x78, 0x37, 0xE6, 0x1F, -+ 0x76, 0xA5, 0x4D, 0xA6, 0xD9, 0xB3, 0x6B, 0x17, 0x6D, 0x61, 0xFC, 0xA3, -+ 0x85, 0x4A, 0xCC, 0xDA, 0x52, 0xAC, 0x5B, 0xDA, 0x51, 0xE5, 0x7F, 0x5B, -+ 0x52, 0x8B, 0x74, 0x75, 0x99, 0x5C, 0x01, 0xFD, 0x25, 0x3E, 0xCD, 0x86, -+ 0x6F, 0x7A, 0xC0, 0xD8, 0x17, 0x6F, 0xD1, 0xD2, 0x6B, 0xAB, 0x14, 0x1F, -+ 0x3B, 0xB8, 0x15, 0x05, 0x86, 0x40, 0x36, 0xCF, 0xDA, 0x59, 0x2B, 0x9A, -+ 0xE9, 0x1E, 0x6E, 0xD3, 0x6B, 0xA1, 0x19, 0xC5, 0xE6, 0x3F, 0xE9, 0x2E, -+ 0x43, 0xA8, 0x34, 0x0A - }; - --static const unsigned char kat_RSA_X931_SHA1[] = { -- 0x86, 0xB4, 0x18, 0xBA, 0xD1, 0x80, 0xB6, 0x7C, 0x42, 0x45, 0x4D, 0xDF, -- 0xE9, 0x2D, 0xE1, 0x83, 0x5F, 0xB5, 0x2F, 0xC9, 0xCD, 0xC4, 0xB2, 0x75, -- 0x80, 0xA4, 0xF1, 0x4A, 0xE7, 0x83, 0x12, 0x1E, 0x1E, 0x14, 0xB8, 0xAC, -- 0x35, 0xE2, 0xAA, 0x0B, 0x5C, 0xF8, 0x38, 0x4D, 0x04, 0xEE, 0xA9, 0x97, -- 0x70, 0xFB, 0x5E, 0xE7, 0xB7, 0xE3, 0x62, 0x23, 0x4B, 0x38, 0xBE, 0xD6, -- 0x53, 0x15, 0xF7, 0xDF, 0x87, 0xB4, 0x0E, 0xCC, 0xB1, 0x1A, 0x11, 0x19, -- 0xEE, 0x51, 0xCC, 0x92, 0xDD, 0xBC, 0x63, 0x29, 0x63, 0x0C, 0x59, 0xD7, -- 0x6F, 0x4C, 0x3C, 0x37, 0x5B, 0x37, 0x03, 0x61, 0x7D, 0x24, 0x1C, 0x99, -- 0x48, 0xAF, 0x82, 0xFE, 0x32, 0x41, 0x9B, 0xB2, 0xDB, 0xEA, 0xED, 0x76, -- 0x8E, 0x6E, 0xCA, 0x7E, 0x4E, 0x14, 0xBA, 0x30, 0x84, 0x1C, 0xB3, 0x67, -- 0xA3, 0x29, 0x80, 0x70, 0x54, 0x68, 0x7D, 0x49 --}; -+static int fips_rsa_encrypt_test(RSA *rsa, const unsigned char *plaintext, -+ int ptlen) -+{ -+ unsigned char *ctbuf = NULL, *ptbuf = NULL; -+ int ret = 0; -+ int len; - --static const unsigned char kat_RSA_X931_SHA256[] = { -- 0x7E, 0xA2, 0x77, 0xFE, 0xB8, 0x54, 0x8A, 0xC7, 0x7F, 0x64, 0x54, 0x89, -- 0xE5, 0x52, 0x15, 0x8E, 0x52, 0x96, 0x4E, 0xA6, 0x58, 0x92, 0x1C, 0xDD, -- 0xEA, 0xA2, 0x2D, 0x5C, 0xD1, 0x62, 0x00, 0x49, 0x05, 0x95, 0x73, 0xCF, -- 0x16, 0x76, 0x68, 0xF6, 0xC6, 0x5E, 0x80, 0xB8, 0xB8, 0x7B, 0xC8, 0x9B, -- 0xC6, 0x53, 0x88, 0x26, 0x20, 0x88, 0x73, 0xB6, 0x13, 0xB8, 0xF0, 0x4B, -- 0x00, 0x85, 0xF3, 0xDD, 0x07, 0x50, 0xEB, 0x20, 0xC4, 0x38, 0x0E, 0x98, -- 0xAD, 0x4E, 0x49, 0x2C, 0xD7, 0x65, 0xA5, 0x19, 0x0E, 0x59, 0x01, 0xEC, -- 0x7E, 0x75, 0x89, 0x69, 0x2E, 0x63, 0x76, 0x85, 0x46, 0x8D, 0xA0, 0x8C, -- 0x33, 0x1D, 0x82, 0x8C, 0x03, 0xEA, 0x69, 0x88, 0x35, 0xA1, 0x42, 0xBD, -- 0x21, 0xED, 0x8D, 0xBC, 0xBC, 0xDB, 0x30, 0xFF, 0x86, 0xF0, 0x5B, 0xDC, -- 0xE3, 0xE2, 0xE8, 0x0A, 0x0A, 0x29, 0x94, 0x80 --}; -+ ctbuf = OPENSSL_malloc(RSA_size(rsa)); -+ if (!ctbuf) -+ goto err; - --static const unsigned char kat_RSA_X931_SHA384[] = { -- 0x5C, 0x7D, 0x96, 0x35, 0xEC, 0x7E, 0x11, 0x38, 0xBB, 0x7B, 0xEC, 0x7B, -- 0xF2, 0x82, 0x8E, 0x99, 0xBD, 0xEF, 0xD8, 0xAE, 0xD7, 0x39, 0x37, 0xCB, -- 0xE6, 0x4F, 0x5E, 0x0A, 0x13, 0xE4, 0x2E, 0x40, 0xB9, 0xBE, 0x2E, 0xE3, -- 0xEF, 0x78, 0x83, 0x18, 0x44, 0x35, 0x9C, 0x8E, 0xD7, 0x4A, 0x63, 0xF6, -- 0x57, 0xC2, 0xB0, 0x08, 0x51, 0x73, 0xCF, 0xCA, 0x99, 0x66, 0xEE, 0x31, -- 0xD8, 0x69, 0xE9, 0xAB, 0x13, 0x27, 0x7B, 0x41, 0x1E, 0x6D, 0x8D, 0xF1, -- 0x3E, 0x9C, 0x35, 0x95, 0x58, 0xDD, 0x2B, 0xD5, 0xA0, 0x60, 0x41, 0x79, -- 0x24, 0x22, 0xE4, 0xB7, 0xBF, 0x47, 0x53, 0xF6, 0x34, 0xD5, 0x7C, 0xFF, -- 0x0E, 0x09, 0xEE, 0x2E, 0xE2, 0x37, 0xB9, 0xDE, 0xC5, 0x12, 0x44, 0x35, -- 0xEF, 0x01, 0xE6, 0x5E, 0x39, 0x31, 0x2D, 0x71, 0xA5, 0xDC, 0xC6, 0x6D, -- 0xE2, 0xCD, 0x85, 0xDB, 0x73, 0x82, 0x65, 0x28 --}; -+ len = RSA_public_encrypt(ptlen, plaintext, ctbuf, rsa, RSA_PKCS1_PADDING); -+ if (len <= 0) -+ goto err; -+ /* Check ciphertext doesn't match plaintext */ -+ if (len >= ptlen && !memcmp(plaintext, ctbuf, ptlen)) -+ goto err; - --static const unsigned char kat_RSA_X931_SHA512[] = { -- 0xA6, 0x65, 0xA2, 0x77, 0x4F, 0xB3, 0x86, 0xCB, 0x64, 0x3A, 0xC1, 0x63, -- 0xFC, 0xA1, 0xAA, 0xCB, 0x9B, 0x79, 0xDD, 0x4B, 0xE1, 0xD9, 0xDA, 0xAC, -- 0xE7, 0x47, 0x09, 0xB2, 0x11, 0x4B, 0x8A, 0xAA, 0x05, 0x9E, 0x77, 0xD7, -- 0x3A, 0xBD, 0x5E, 0x53, 0x09, 0x4A, 0xE6, 0x0F, 0x5E, 0xF9, 0x14, 0x28, -- 0xA0, 0x99, 0x74, 0x64, 0x70, 0x4E, 0xF2, 0xE3, 0xFA, 0xC7, 0xF8, 0xC5, -- 0x6E, 0x2B, 0x79, 0x96, 0x0D, 0x0C, 0xC8, 0x10, 0x34, 0x53, 0xD2, 0xAF, -- 0x17, 0x0E, 0xE0, 0xBF, 0x79, 0xF6, 0x04, 0x72, 0x10, 0xE0, 0xF6, 0xD0, -- 0xCE, 0x8A, 0x6F, 0xA1, 0x95, 0x89, 0xBF, 0x58, 0x8F, 0x46, 0x5F, 0x09, -- 0x9F, 0x09, 0xCA, 0x84, 0x15, 0x85, 0xE0, 0xED, 0x04, 0x2D, 0xFB, 0x7C, -- 0x36, 0x35, 0x21, 0x31, 0xC3, 0xFD, 0x92, 0x42, 0x11, 0x30, 0x71, 0x1B, -- 0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3 --}; -+ ptbuf = OPENSSL_malloc(RSA_size(rsa)); -+ if (!ptbuf) -+ goto err; -+ -+ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING); -+ if (len != ptlen) -+ goto err; -+ if (memcmp(ptbuf, plaintext, len)) -+ goto err; -+ -+ ret = 1; -+ -+ err: -+ if (ctbuf) -+ OPENSSL_free(ctbuf); -+ if (ptbuf) -+ OPENSSL_free(ptbuf); -+ return ret; -+} - - int FIPS_selftest_rsa() - { -@@ -352,7 +483,7 @@ int FIPS_selftest_rsa() - if ((pk = EVP_PKEY_new()) == NULL) - goto err; - -- EVP_PKEY_assign_RSA(pk, key); -+ EVP_PKEY_set1_RSA(pk, key); - - if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, - kat_RSA_SHA1, sizeof(kat_RSA_SHA1), -@@ -406,29 +537,7 @@ int FIPS_selftest_rsa() - EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA512 PSS")) - goto err; - -- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, -- kat_RSA_X931_SHA1, -- sizeof(kat_RSA_X931_SHA1), EVP_sha1(), -- EVP_MD_CTX_FLAG_PAD_X931, "RSA SHA1 X931")) -- goto err; -- /* NB: SHA224 not supported in X9.31 */ -- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, -- kat_RSA_X931_SHA256, -- sizeof(kat_RSA_X931_SHA256), EVP_sha256(), -- EVP_MD_CTX_FLAG_PAD_X931, -- "RSA SHA256 X931")) -- goto err; -- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, -- kat_RSA_X931_SHA384, -- sizeof(kat_RSA_X931_SHA384), EVP_sha384(), -- EVP_MD_CTX_FLAG_PAD_X931, -- "RSA SHA384 X931")) -- goto err; -- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, -- kat_RSA_X931_SHA512, -- sizeof(kat_RSA_X931_SHA512), EVP_sha512(), -- EVP_MD_CTX_FLAG_PAD_X931, -- "RSA SHA512 X931")) -+ if (!fips_rsa_encrypt_test(key, kat_tbs, sizeof(kat_tbs) - 1)) - goto err; - - ret = 1; -@@ -436,7 +545,7 @@ int FIPS_selftest_rsa() - err: - if (pk) - EVP_PKEY_free(pk); -- else if (key) -+ if (key) - RSA_free(key); - return ret; - } -diff -up openssl-1.0.2f/crypto/fips/Makefile.fips-reqs openssl-1.0.2f/crypto/fips/Makefile ---- openssl-1.0.2f/crypto/fips/Makefile.fips-reqs 2016-01-28 16:36:22.803387236 +0100 -+++ openssl-1.0.2f/crypto/fips/Makefile 2016-01-28 16:36:22.814387489 +0100 -@@ -24,13 +24,15 @@ LIBSRC=fips_aes_selftest.c fips_des_self - fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \ - fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ - fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \ -- fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c -+ fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c \ -+ fips_dh_selftest.c - - LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \ - fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \ - fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \ - fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \ -- fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o -+ fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o \ -+ fips_dh_selftest.o - - LIBCRYPTO=-L.. -lcrypto - -diff -up openssl-1.0.2f/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.2f/crypto/rand/rand_lcl.h ---- openssl-1.0.2f/crypto/rand/rand_lcl.h.fips-reqs 2016-01-28 16:36:22.516380636 +0100 -+++ openssl-1.0.2f/crypto/rand/rand_lcl.h 2016-01-28 16:36:22.814387489 +0100 -@@ -112,7 +112,7 @@ - #ifndef HEADER_RAND_LCL_H - # define HEADER_RAND_LCL_H - --# define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */ -+# define ENTROPY_NEEDED 48 /* require 384 bits = 48 bytes of randomness */ - - # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) - # if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -diff -up openssl-1.0.2f/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.2f/crypto/rand/rand_lib.c ---- openssl-1.0.2f/crypto/rand/rand_lib.c.fips-reqs 2016-01-28 14:38:31.000000000 +0100 -+++ openssl-1.0.2f/crypto/rand/rand_lib.c 2016-01-28 16:36:22.814387489 +0100 -@@ -236,12 +236,22 @@ static int drbg_rand_add(DRBG_CTX *ctx, - double entropy) - { - RAND_SSLeay()->add(in, inlen, entropy); -+ if (FIPS_rand_status()) { -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); -+ FIPS_drbg_reseed(ctx, NULL, 0); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); -+ } - return 1; - } - - static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen) - { - RAND_SSLeay()->seed(in, inlen); -+ if (FIPS_rand_status()) { -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); -+ FIPS_drbg_reseed(ctx, NULL, 0); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); -+ } - return 1; - } - -diff -up openssl-1.0.2f/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.2f/crypto/rsa/rsa_gen.c ---- openssl-1.0.2f/crypto/rsa/rsa_gen.c.fips-reqs 2016-01-28 16:36:22.781386731 +0100 -+++ openssl-1.0.2f/crypto/rsa/rsa_gen.c 2016-01-28 16:36:22.814387489 +0100 -@@ -1,5 +1,6 @@ - /* crypto/rsa/rsa_gen.c */ - /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * Copyright (C) 2013 Red Hat, Inc. - * All rights reserved. - * - * This package is an SSL implementation written -@@ -169,6 +170,259 @@ int RSA_generate_key_ex(RSA *rsa, int bi - return rsa_builtin_keygen(rsa, bits, e_value, cb); - } - -+#ifdef OPENSSL_FIPS -+static int FIPS_rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, -+ BN_GENCB *cb) -+{ -+ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; -+ BIGNUM local_r0, local_d, local_p; -+ BIGNUM *pr0, *d, *p; -+ BN_CTX *ctx = NULL; -+ int ok = -1; -+ int i; -+ int n = 0; -+ int test = 0; -+ int pbits = bits / 2; -+ -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED); -+ return 0; -+ } -+ -+ if ((pbits & 0xFF) -+ || (getenv("OPENSSL_ENFORCE_MODULUS_BITS") && bits != 2048 -+ && bits != 3072)) { -+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_INVALID_KEY_LENGTH); -+ return 0; -+ } -+ -+ ctx = BN_CTX_new(); -+ if (ctx == NULL) -+ goto err; -+ BN_CTX_start(ctx); -+ r0 = BN_CTX_get(ctx); -+ r1 = BN_CTX_get(ctx); -+ r2 = BN_CTX_get(ctx); -+ r3 = BN_CTX_get(ctx); -+ -+ if (r3 == NULL) -+ goto err; -+ -+ /* We need the RSA components non-NULL */ -+ if (!rsa->n && ((rsa->n = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->d && ((rsa->d = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->e && ((rsa->e = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->p && ((rsa->p = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->q && ((rsa->q = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL)) -+ goto err; -+ if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL)) -+ goto err; -+ -+ if (!BN_set_word(r0, RSA_F4)) -+ goto err; -+ if (BN_cmp(e_value, r0) < 0 || BN_num_bits(e_value) > 256) { -+ ok = 0; /* we set our own err */ -+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_BAD_E_VALUE); -+ goto err; -+ } -+ -+ /* prepare approximate minimum p and q */ -+ if (!BN_set_word(r0, 0xB504F334)) -+ goto err; -+ if (!BN_lshift(r0, r0, pbits - 32)) -+ goto err; -+ -+ /* prepare minimum p and q difference */ -+ if (!BN_one(r3)) -+ goto err; -+ if (!BN_lshift(r3, r3, pbits - 100)) -+ goto err; -+ -+ BN_copy(rsa->e, e_value); -+ -+ if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q)) -+ test = 1; -+ -+ retry: -+ /* generate p and q */ -+ for (i = 0; i < 5 * pbits; i++) { -+ ploop: -+ if (!test) -+ if (!BN_rand(rsa->p, pbits, 0, 1)) -+ goto err; -+ if (BN_cmp(rsa->p, r0) < 0) { -+ if (test) -+ goto err; -+ goto ploop; -+ } -+ -+ if (!BN_sub(r2, rsa->p, BN_value_one())) -+ goto err; -+ if (!BN_gcd(r1, r2, rsa->e, ctx)) -+ goto err; -+ if (BN_is_one(r1)) { -+ int r; -+ r = BN_is_prime_fasttest_ex(rsa->p, pbits > 1024 ? 4 : 5, ctx, 0, -+ cb); -+ if (r == -1 || (test && r <= 0)) -+ goto err; -+ if (r > 0) -+ break; -+ } -+ -+ if (!BN_GENCB_call(cb, 2, n++)) -+ goto err; -+ } -+ -+ if (!BN_GENCB_call(cb, 3, 0)) -+ goto err; -+ -+ if (i >= 5 * pbits) -+ /* prime not found */ -+ goto err; -+ -+ for (i = 0; i < 5 * pbits; i++) { -+ qloop: -+ if (!test) -+ if (!BN_rand(rsa->q, pbits, 0, 1)) -+ goto err; -+ if (BN_cmp(rsa->q, r0) < 0) { -+ if (test) -+ goto err; -+ goto qloop; -+ } -+ if (!BN_sub(r2, rsa->q, rsa->p)) -+ goto err; -+ if (BN_ucmp(r2, r3) <= 0) { -+ if (test) -+ goto err; -+ goto qloop; -+ } -+ -+ if (!BN_sub(r2, rsa->q, BN_value_one())) -+ goto err; -+ if (!BN_gcd(r1, r2, rsa->e, ctx)) -+ goto err; -+ if (BN_is_one(r1)) { -+ int r; -+ r = BN_is_prime_fasttest_ex(rsa->q, pbits > 1024 ? 4 : 5, ctx, 0, -+ cb); -+ if (r == -1 || (test && r <= 0)) -+ goto err; -+ if (r > 0) -+ break; -+ } -+ -+ if (!BN_GENCB_call(cb, 2, n++)) -+ goto err; -+ } -+ -+ if (!BN_GENCB_call(cb, 3, 1)) -+ goto err; -+ -+ if (i >= 5 * pbits) -+ /* prime not found */ -+ goto err; -+ -+ if (test) { -+ /* do not try to calculate the remaining key values */ -+ BN_clear(rsa->n); -+ ok = 1; -+ goto err; -+ } -+ -+ if (BN_cmp(rsa->p, rsa->q) < 0) { -+ tmp = rsa->p; -+ rsa->p = rsa->q; -+ rsa->q = tmp; -+ } -+ -+ /* calculate n */ -+ if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) -+ goto err; -+ -+ /* calculate d */ -+ if (!BN_sub(r1, rsa->p, BN_value_one())) -+ goto err; /* p-1 */ -+ if (!BN_sub(r2, rsa->q, BN_value_one())) -+ goto err; /* q-1 */ -+ -+ if (!BN_gcd(r0, r1, r2, ctx)) -+ goto err; -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ pr0 = &local_r0; -+ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); -+ } else -+ pr0 = r0; -+ if (!BN_div(r0, NULL, r1, pr0, ctx)) -+ goto err; -+ if (!BN_mul(r0, r0, r2, ctx)) -+ goto err; /* lcm(p-1, q-1) */ -+ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ pr0 = &local_r0; -+ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); -+ } else -+ pr0 = r0; -+ if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) -+ goto err; /* d */ -+ -+ if (BN_num_bits(rsa->d) < pbits) -+ goto retry; /* d is too small */ -+ -+ /* set up d for correct BN_FLG_CONSTTIME flag */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ d = &local_d; -+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); -+ } else -+ d = rsa->d; -+ -+ /* calculate d mod (p-1) */ -+ if (!BN_mod(rsa->dmp1, d, r1, ctx)) -+ goto err; -+ -+ /* calculate d mod (q-1) */ -+ if (!BN_mod(rsa->dmq1, d, r2, ctx)) -+ goto err; -+ -+ /* calculate inverse of q mod p */ -+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { -+ p = &local_p; -+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); -+ } else -+ p = rsa->p; -+ if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) -+ goto err; -+ -+ if (fips_rsa_pairwise_fail) -+ BN_add_word(rsa->n, 1); -+ -+ if (!fips_check_rsa(rsa)) -+ goto err; -+ -+ ok = 1; -+ err: -+ if (ok == -1) { -+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN); -+ ok = 0; -+ } -+ if (ctx != NULL) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ -+ return ok; -+} -+#endif -+ - static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, - BN_GENCB *cb) - { -@@ -180,15 +434,11 @@ static int rsa_builtin_keygen(RSA *rsa, - - #ifdef OPENSSL_FIPS - if (FIPS_module_mode()) { -- if (FIPS_selftest_failed()) { -- FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED); -- return 0; -- } -- - if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) { - FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_KEY_TOO_SHORT); - return 0; - } -+ return FIPS_rsa_builtin_keygen(rsa, bits, e_value, cb); - } - #endif - -@@ -317,16 +567,6 @@ static int rsa_builtin_keygen(RSA *rsa, - if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) - goto err; - --#ifdef OPENSSL_FIPS -- if (FIPS_module_mode()) { -- if (fips_rsa_pairwise_fail) -- BN_add_word(rsa->n, 1); -- -- if (!fips_check_rsa(rsa)) -- goto err; -- } --#endif -- - ok = 1; - err: - if (ok == -1) { -diff -up openssl-1.0.2f/ssl/t1_enc.c.fips-reqs openssl-1.0.2f/ssl/t1_enc.c ---- openssl-1.0.2f/ssl/t1_enc.c.fips-reqs 2016-01-28 14:56:08.000000000 +0100 -+++ openssl-1.0.2f/ssl/t1_enc.c 2016-01-28 16:36:22.814387489 +0100 -@@ -292,6 +292,23 @@ static int tls1_PRF(long digest_mask, - return ret; - } - -+int private_tls1_PRF(long digest_mask, -+ const void *seed1, int seed1_len, -+ const void *seed2, int seed2_len, -+ const void *seed3, int seed3_len, -+ const void *seed4, int seed4_len, -+ const void *seed5, int seed5_len, -+ const unsigned char *sec, int slen, -+ unsigned char *out1, unsigned char *out2, int olen) -+{ -+ return tls1_PRF(digest_mask, -+ seed1, seed1_len, -+ seed2, seed2_len, -+ seed3, seed3_len, -+ seed4, seed4_len, -+ seed5, seed5_len, sec, slen, out1, out2, olen); -+} -+ - static int tls1_generate_key_block(SSL *s, unsigned char *km, - unsigned char *tmp, int num) - { diff --git a/openssl-1.0.2g-disable-sslv2v3.patch b/openssl-1.0.2g-disable-sslv2v3.patch deleted file mode 100644 index 06f5132..0000000 --- a/openssl-1.0.2g-disable-sslv2v3.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up openssl-1.0.2g/ssl/ssl_lib.c.v2v3 openssl-1.0.2g/ssl/ssl_lib.c ---- openssl-1.0.2g/ssl/ssl_lib.c.v2v3 2016-03-01 16:38:26.879142021 +0100 -+++ openssl-1.0.2g/ssl/ssl_lib.c 2016-03-01 16:41:32.977353769 +0100 -@@ -2055,11 +2055,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m - ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; - - /* -- * Disable SSLv2 by default, callers that want to enable SSLv2 will have to -- * explicitly clear this option via either of SSL_CTX_clear_options() or -+ * Disable SSLv2 and SSLv3 by default, callers that want to enable these will have to -+ * explicitly clear these options via either of SSL_CTX_clear_options() or - * SSL_clear_options(). - */ -- ret->options |= SSL_OP_NO_SSLv2; -+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; - - return (ret); - err: diff --git a/openssl-1.0.2g-manfix.patch b/openssl-1.0.2g-manfix.patch deleted file mode 100644 index 12e5103..0000000 --- a/openssl-1.0.2g-manfix.patch +++ /dev/null @@ -1,90 +0,0 @@ -diff -up openssl-1.0.2g/doc/apps/ec.pod.manfix openssl-1.0.2g/doc/apps/ec.pod ---- openssl-1.0.2g/doc/apps/ec.pod.manfix 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/doc/apps/ec.pod 2016-03-01 16:47:35.331568290 +0100 -@@ -93,10 +93,6 @@ prints out the public, private key compo - - this option prevents output of the encoded version of the key. - --=item B<-modulus> -- --this option prints out the value of the public key component of the key. -- - =item B<-pubin> - - by default a private key is read from the input file: with this option a -diff -up openssl-1.0.2g/doc/apps/openssl.pod.manfix openssl-1.0.2g/doc/apps/openssl.pod ---- openssl-1.0.2g/doc/apps/openssl.pod.manfix 2016-03-01 14:35:05.000000000 +0100 -+++ openssl-1.0.2g/doc/apps/openssl.pod 2016-03-01 16:47:35.331568290 +0100 -@@ -163,7 +163,7 @@ Create or examine a netscape certificate - - Online Certificate Status Protocol utility. - --=item L|passwd(1)> -+=item L|sslpasswd(1)> - - Generation of hashed passwords. - -@@ -187,7 +187,7 @@ Public key algorithm parameter managemen - - Public key algorithm cryptographic operation utility. - --=item L|rand(1)> -+=item L|sslrand(1)> - - Generate pseudo-random bytes. - -@@ -401,9 +401,9 @@ L, L, L, L, - L, L, L, - L, L, L, --L, -+L, - L, L, L, --L, L, L, -+L, L, L, - L, L, - L, L, - L, L, -diff -up openssl-1.0.2g/doc/apps/s_client.pod.manfix openssl-1.0.2g/doc/apps/s_client.pod ---- openssl-1.0.2g/doc/apps/s_client.pod.manfix 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/doc/apps/s_client.pod 2016-03-01 16:47:35.358568902 +0100 -@@ -35,6 +35,9 @@ B B - [B<-ssl2>] - [B<-ssl3>] - [B<-tls1>] -+[B<-tls1_1>] -+[B<-tls1_2>] -+[B<-dtls1>] - [B<-no_ssl2>] - [B<-no_ssl3>] - [B<-no_tls1>] -@@ -201,7 +204,7 @@ Use the PSK key B when using a PSK - given as a hexadecimal number without leading 0x, for example -psk - 1a2b3c4d. - --=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> -+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> - - These options require or disable the use of the specified SSL or TLS protocols. - By default the initial handshake uses a I method which will -diff -up openssl-1.0.2g/doc/apps/s_server.pod.manfix openssl-1.0.2g/doc/apps/s_server.pod ---- openssl-1.0.2g/doc/apps/s_server.pod.manfix 2016-03-01 14:35:53.000000000 +0100 -+++ openssl-1.0.2g/doc/apps/s_server.pod 2016-03-01 16:47:35.359568925 +0100 -@@ -42,6 +42,8 @@ B B - [B<-ssl2>] - [B<-ssl3>] - [B<-tls1>] -+[B<-tls1_1>] -+[B<-tls1_2>] - [B<-no_ssl2>] - [B<-no_ssl3>] - [B<-no_tls1>] -@@ -217,7 +219,7 @@ Use the PSK key B when using a PSK - given as a hexadecimal number without leading 0x, for example -psk - 1a2b3c4d. - --=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> -+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> - - These options require or disable the use of the specified SSL or TLS protocols. - By default the initial handshake uses a I method which will diff --git a/openssl-1.0.2h-trusted-first-doc.patch b/openssl-1.0.2h-trusted-first-doc.patch deleted file mode 100644 index 8ea85c9..0000000 --- a/openssl-1.0.2h-trusted-first-doc.patch +++ /dev/null @@ -1,286 +0,0 @@ -diff -up openssl-1.0.2h/apps/cms.c.trusted-first openssl-1.0.2h/apps/cms.c ---- openssl-1.0.2h/apps/cms.c.trusted-first 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/apps/cms.c 2016-05-03 18:01:16.729556976 +0200 -@@ -646,6 +646,8 @@ int MAIN(int argc, char **argv) - "-CApath dir trusted certificates directory\n"); - BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); - BIO_printf(bio_err, -+ "-trusted_first use trusted certificates first when building the trust chain\n"); -+ BIO_printf(bio_err, - "-no_alt_chains only ever use the first certificate chain found\n"); - BIO_printf(bio_err, - "-crl_check check revocation status of signer's certificate using CRLs\n"); -diff -up openssl-1.0.2h/apps/ocsp.c.trusted-first openssl-1.0.2h/apps/ocsp.c ---- openssl-1.0.2h/apps/ocsp.c.trusted-first 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/apps/ocsp.c 2016-05-03 18:01:16.730556998 +0200 -@@ -537,6 +537,8 @@ int MAIN(int argc, char **argv) - BIO_printf(bio_err, - "-CAfile file trusted certificates file\n"); - BIO_printf(bio_err, -+ "-trusted_first use trusted certificates first when building the trust chain\n"); -+ BIO_printf(bio_err, - "-no_alt_chains only ever use the first certificate chain found\n"); - BIO_printf(bio_err, - "-VAfile file validator certificates file\n"); -diff -up openssl-1.0.2h/apps/s_client.c.trusted-first openssl-1.0.2h/apps/s_client.c ---- openssl-1.0.2h/apps/s_client.c.trusted-first 2016-05-03 18:01:16.696556246 +0200 -+++ openssl-1.0.2h/apps/s_client.c 2016-05-03 18:01:16.730556998 +0200 -@@ -333,6 +333,8 @@ static void sc_usage(void) - BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); - BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); - BIO_printf(bio_err, -+ " -trusted_first - Use trusted CA's first when building the trust chain\n"); -+ BIO_printf(bio_err, - " -no_alt_chains - only ever use the first certificate chain found\n"); - BIO_printf(bio_err, - " -reconnect - Drop and re-make the connection with the same Session-ID\n"); -diff -up openssl-1.0.2h/apps/smime.c.trusted-first openssl-1.0.2h/apps/smime.c ---- openssl-1.0.2h/apps/smime.c.trusted-first 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/apps/smime.c 2016-05-03 18:01:16.730556998 +0200 -@@ -442,6 +442,8 @@ int MAIN(int argc, char **argv) - "-CApath dir trusted certificates directory\n"); - BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); - BIO_printf(bio_err, -+ "-trusted_first use trusted certificates first when building the trust chain\n"); -+ BIO_printf(bio_err, - "-no_alt_chains only ever use the first certificate chain found\n"); - BIO_printf(bio_err, - "-crl_check check revocation status of signer's certificate using CRLs\n"); -diff -up openssl-1.0.2h/apps/s_server.c.trusted-first openssl-1.0.2h/apps/s_server.c ---- openssl-1.0.2h/apps/s_server.c.trusted-first 2016-05-03 18:01:16.666555583 +0200 -+++ openssl-1.0.2h/apps/s_server.c 2016-05-03 18:01:16.731557020 +0200 -@@ -578,6 +578,8 @@ static void sv_usage(void) - BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); - BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); - BIO_printf(bio_err, -+ " -trusted_first - Use trusted CA's first when building the trust chain\n"); -+ BIO_printf(bio_err, - " -no_alt_chains - only ever use the first certificate chain found\n"); - BIO_printf(bio_err, - " -nocert - Don't use any certificates (Anon-DH)\n"); -diff -up openssl-1.0.2h/apps/s_time.c.trusted-first openssl-1.0.2h/apps/s_time.c ---- openssl-1.0.2h/apps/s_time.c.trusted-first 2016-05-03 18:01:16.661555472 +0200 -+++ openssl-1.0.2h/apps/s_time.c 2016-05-03 18:01:16.731557020 +0200 -@@ -182,6 +182,7 @@ static void s_time_usage(void) - file if not specified by this option\n\ - -CApath arg - PEM format directory of CA's\n\ - -CAfile arg - PEM format file of CA's\n\ -+-trusted_first - Use trusted CA's first when building the trust chain\n\ - -cipher - preferred cipher to use, play with 'openssl ciphers'\n\n"; - - printf("usage: s_time \n\n"); -diff -up openssl-1.0.2h/apps/ts.c.trusted-first openssl-1.0.2h/apps/ts.c ---- openssl-1.0.2h/apps/ts.c.trusted-first 2016-05-03 18:01:16.694556202 +0200 -+++ openssl-1.0.2h/apps/ts.c 2016-05-03 18:01:16.731557020 +0200 -@@ -352,7 +352,7 @@ int MAIN(int argc, char **argv) - "ts -verify [-data file_to_hash] [-digest digest_bytes] " - "[-queryfile request.tsq] " - "-in response.tsr [-token_in] " -- "-CApath ca_path -CAfile ca_file.pem " -+ "-CApath ca_path -CAfile ca_file.pem -trusted_first" - "-untrusted cert_file.pem\n"); - cleanup: - /* Clean up. */ -diff -up openssl-1.0.2h/apps/verify.c.trusted-first openssl-1.0.2h/apps/verify.c ---- openssl-1.0.2h/apps/verify.c.trusted-first 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/apps/verify.c 2016-05-03 18:01:16.731557020 +0200 -@@ -231,7 +231,7 @@ int MAIN(int argc, char **argv) - end: - if (ret == 1) { - BIO_printf(bio_err, -- "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); -+ "usage: verify [-verbose] [-CApath path] [-CAfile file] [-trusted_first] [-purpose purpose] [-crl_check]"); - BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]"); - #ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err, " [-engine e]"); -diff -up openssl-1.0.2h/doc/apps/cms.pod.trusted-first openssl-1.0.2h/doc/apps/cms.pod ---- openssl-1.0.2h/doc/apps/cms.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/doc/apps/cms.pod 2016-05-03 18:01:16.731557020 +0200 -@@ -35,6 +35,7 @@ B B - [B<-print>] - [B<-CAfile file>] - [B<-CApath dir>] -+[B<-trusted_first>] - [B<-no_alt_chains>] - [B<-md digest>] - [B<-[cipher]>] -@@ -245,6 +246,12 @@ B<-verify>. This directory must be a sta - is a hash of each subject name (using B) should be linked - to each certificate. - -+=item B<-trusted_first> -+ -+Use certificates in CA file or CA directory before untrusted certificates -+from the message when building the trust chain to verify certificates. -+This is mainly useful in environments with Bridge CA or Cross-Certified CAs. -+ - =item B<-md digest> - - digest algorithm to use when signing or resigning. If not present then the -diff -up openssl-1.0.2h/doc/apps/ocsp.pod.trusted-first openssl-1.0.2h/doc/apps/ocsp.pod ---- openssl-1.0.2h/doc/apps/ocsp.pod.trusted-first 2016-05-03 18:01:16.695556224 +0200 -+++ openssl-1.0.2h/doc/apps/ocsp.pod 2016-05-03 18:02:16.021868012 +0200 -@@ -29,6 +29,7 @@ B B - [B<-path>] - [B<-CApath dir>] - [B<-CAfile file>] -+[B<-trusted_first>] - [B<-no_alt_chains>] - [B<-VAfile file>] - [B<-validity_period n>] -@@ -144,6 +145,13 @@ connection timeout to the OCSP responder - file or pathname containing trusted CA certificates. These are used to verify - the signature on the OCSP response. - -+=item B<-trusted_first> -+ -+Use certificates in CA file or CA directory over certificates provided -+in the response or residing in other certificates file when building the trust -+chain to verify responder certificate. -+This is mainly useful in environments with Bridge CA or Cross-Certified CAs. -+ - =item B<-no_alt_chains> - - See L|verify(1)> manual page for details. -diff -up openssl-1.0.2h/doc/apps/s_client.pod.trusted-first openssl-1.0.2h/doc/apps/s_client.pod ---- openssl-1.0.2h/doc/apps/s_client.pod.trusted-first 2016-05-03 18:01:16.706556467 +0200 -+++ openssl-1.0.2h/doc/apps/s_client.pod 2016-05-03 18:01:16.732557042 +0200 -@@ -19,6 +19,7 @@ B B - [B<-pass arg>] - [B<-CApath directory>] - [B<-CAfile filename>] -+[B<-trusted_first>] - [B<-no_alt_chains>] - [B<-reconnect>] - [B<-pause>] -@@ -124,7 +125,7 @@ also used when building the client certi - A file containing trusted certificates to use during server authentication - and to use when attempting to build the client certificate chain. - --=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains> -+=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first -no_alt_chains> - - Set various certificate chain valiadition option. See the - L|verify(1)> manual page for details. -diff -up openssl-1.0.2h/doc/apps/smime.pod.trusted-first openssl-1.0.2h/doc/apps/smime.pod ---- openssl-1.0.2h/doc/apps/smime.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/doc/apps/smime.pod 2016-05-03 18:01:16.732557042 +0200 -@@ -15,6 +15,9 @@ B B - [B<-pk7out>] - [B<-[cipher]>] - [B<-in file>] -+[B<-CAfile file>] -+[B<-CApath dir>] -+[B<-trusted_first>] - [B<-no_alt_chains>] - [B<-certfile file>] - [B<-signer file>] -@@ -147,6 +150,12 @@ B<-verify>. This directory must be a sta - is a hash of each subject name (using B) should be linked - to each certificate. - -+=item B<-trusted_first> -+ -+Use certificates in CA file or CA directory over certificates provided -+in the message when building the trust chain to verify a certificate. -+This is mainly useful in environments with Bridge CA or Cross-Certified CAs. -+ - =item B<-md digest> - - digest algorithm to use when signing or resigning. If not present then the -diff -up openssl-1.0.2h/doc/apps/s_server.pod.trusted-first openssl-1.0.2h/doc/apps/s_server.pod ---- openssl-1.0.2h/doc/apps/s_server.pod.trusted-first 2016-05-03 18:01:16.706556467 +0200 -+++ openssl-1.0.2h/doc/apps/s_server.pod 2016-05-03 18:01:16.732557042 +0200 -@@ -33,6 +33,7 @@ B B - [B<-state>] - [B<-CApath directory>] - [B<-CAfile filename>] -+[B<-trusted_first>] - [B<-no_alt_chains>] - [B<-nocert>] - [B<-cipher cipherlist>] -@@ -177,6 +178,12 @@ and to use when attempting to build the - is also used in the list of acceptable client CAs passed to the client when - a certificate is requested. - -+=item B<-trusted_first> -+ -+Use certificates in CA file or CA directory before other certificates -+when building the trust chain to verify client certificates. -+This is mainly useful in environments with Bridge CA or Cross-Certified CAs. -+ - =item B<-no_alt_chains> - - See the L|verify(1)> manual page for details. -diff -up openssl-1.0.2h/doc/apps/s_time.pod.trusted-first openssl-1.0.2h/doc/apps/s_time.pod ---- openssl-1.0.2h/doc/apps/s_time.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/doc/apps/s_time.pod 2016-05-03 18:01:16.732557042 +0200 -@@ -14,6 +14,7 @@ B B - [B<-key filename>] - [B<-CApath directory>] - [B<-CAfile filename>] -+[B<-trusted_first>] - [B<-reuse>] - [B<-new>] - [B<-verify depth>] -@@ -76,6 +77,12 @@ also used when building the client certi - A file containing trusted certificates to use during server authentication - and to use when attempting to build the client certificate chain. - -+=item B<-trusted_first> -+ -+Use certificates in CA file or CA directory over the certificates provided -+by the server when building the trust chain to verify server certificate. -+This is mainly useful in environments with Bridge CA or Cross-Certified CAs. -+ - =item B<-new> - - performs the timing test using a new session ID for each connection. -diff -up openssl-1.0.2h/doc/apps/ts.pod.trusted-first openssl-1.0.2h/doc/apps/ts.pod ---- openssl-1.0.2h/doc/apps/ts.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/doc/apps/ts.pod 2016-05-03 18:01:16.732557042 +0200 -@@ -46,6 +46,7 @@ B<-verify> - [B<-token_in>] - [B<-CApath> trusted_cert_path] - [B<-CAfile> trusted_certs.pem] -+[B<-trusted_first>] - [B<-untrusted> cert_file.pem] - - =head1 DESCRIPTION -@@ -324,6 +325,12 @@ L for additional de - or B<-CApath> must be specified. - (Optional) - -+=item B<-trusted_first> -+ -+Use certificates in CA file or CA directory before other certificates -+when building the trust chain to verify certificates. -+This is mainly useful in environments with Bridge CA or Cross-Certified CAs. -+ - =item B<-untrusted> cert_file.pem - - Set of additional untrusted certificates in PEM format which may be -diff -up openssl-1.0.2h/doc/apps/verify.pod.trusted-first openssl-1.0.2h/doc/apps/verify.pod ---- openssl-1.0.2h/doc/apps/verify.pod.trusted-first 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/doc/apps/verify.pod 2016-05-03 18:01:16.732557042 +0200 -@@ -9,6 +9,7 @@ verify - Utility to verify certificates. - B B - [B<-CApath directory>] - [B<-CAfile file>] -+[B<-trusted_first>] - [B<-purpose purpose>] - [B<-policy arg>] - [B<-ignore_critical>] -@@ -85,6 +86,12 @@ If a valid CRL cannot be found an error - A file of untrusted certificates. The file should contain multiple certificates - in PEM format concatenated together. - -+=item B<-trusted_first> -+ -+Use certificates in CA file or CA directory before the certificates in the untrusted -+file when building the trust chain to verify certificates. -+This is mainly useful in environments with Bridge CA or Cross-Certified CAs. -+ - =item B<-purpose purpose> - - The intended use for the certificate. If this option is not specified, diff --git a/openssl-1.1.0-algo-doc.patch b/openssl-1.1.0-algo-doc.patch new file mode 100644 index 0000000..460d2c2 --- /dev/null +++ b/openssl-1.1.0-algo-doc.patch @@ -0,0 +1,48 @@ +diff -up openssl-1.1.0d/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.1.0d/doc/crypto/EVP_DigestInit.pod +--- openssl-1.1.0d/doc/crypto/EVP_DigestInit.pod.algo-doc 2017-01-26 15:49:18.784947229 +0100 ++++ openssl-1.1.0d/doc/crypto/EVP_DigestInit.pod 2017-01-26 15:52:46.458556068 +0100 +@@ -152,7 +152,7 @@ corresponding OBJECT IDENTIFIER or NID_u + EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and + EVP_MD_CTX_block_size() return the digest or block size in bytes. + +-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), ++EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), + EVP_mdc2(), EVP_ripemd160(), EVP_blake2b512(), and EVP_blake2s256() return + pointers to the corresponding EVP_MD structures. + +diff -up openssl-1.1.0d/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.1.0d/doc/crypto/EVP_EncryptInit.pod +--- openssl-1.1.0d/doc/crypto/EVP_EncryptInit.pod.algo-doc 2017-01-26 14:10:24.000000000 +0100 ++++ openssl-1.1.0d/doc/crypto/EVP_EncryptInit.pod 2017-01-26 15:49:18.784947229 +0100 +@@ -108,6 +108,32 @@ EVP_chacha20, EVP_chacha20_poly1305 - EV + int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + ++ const EVP_CIPHER *EVP_des_ede3(void); ++ const EVP_CIPHER *EVP_des_ede3_ecb(void); ++ const EVP_CIPHER *EVP_des_ede3_cfb64(void); ++ const EVP_CIPHER *EVP_des_ede3_cfb1(void); ++ const EVP_CIPHER *EVP_des_ede3_cfb8(void); ++ const EVP_CIPHER *EVP_des_ede3_ofb(void); ++ const EVP_CIPHER *EVP_des_ede3_cbc(void); ++ const EVP_CIPHER *EVP_aes_128_ecb(void); ++ const EVP_CIPHER *EVP_aes_128_cbc(void); ++ const EVP_CIPHER *EVP_aes_128_cfb1(void); ++ const EVP_CIPHER *EVP_aes_128_cfb8(void); ++ const EVP_CIPHER *EVP_aes_128_cfb128(void); ++ const EVP_CIPHER *EVP_aes_128_ofb(void); ++ const EVP_CIPHER *EVP_aes_192_ecb(void); ++ const EVP_CIPHER *EVP_aes_192_cbc(void); ++ const EVP_CIPHER *EVP_aes_192_cfb1(void); ++ const EVP_CIPHER *EVP_aes_192_cfb8(void); ++ const EVP_CIPHER *EVP_aes_192_cfb128(void); ++ const EVP_CIPHER *EVP_aes_192_ofb(void); ++ const EVP_CIPHER *EVP_aes_256_ecb(void); ++ const EVP_CIPHER *EVP_aes_256_cbc(void); ++ const EVP_CIPHER *EVP_aes_256_cfb1(void); ++ const EVP_CIPHER *EVP_aes_256_cfb8(void); ++ const EVP_CIPHER *EVP_aes_256_cfb128(void); ++ const EVP_CIPHER *EVP_aes_256_ofb(void); ++ + =head1 DESCRIPTION + + The EVP cipher routines are a high level interface to certain diff --git a/openssl-1.1.0-apps-dgst.patch b/openssl-1.1.0-apps-dgst.patch new file mode 100644 index 0000000..af10684 --- /dev/null +++ b/openssl-1.1.0-apps-dgst.patch @@ -0,0 +1,12 @@ +diff -up openssl-1.1.0-pre5/apps/ca.c.dgst openssl-1.1.0-pre5/apps/ca.c +--- openssl-1.1.0-pre5/apps/ca.c.dgst 2016-04-19 16:57:52.000000000 +0200 ++++ openssl-1.1.0-pre5/apps/ca.c 2016-07-18 15:58:18.516742682 +0200 +@@ -216,7 +216,7 @@ OPTIONS ca_options[] = { + {"enddate", OPT_ENDDATE, 's', + "YYMMDDHHMMSSZ cert notAfter (overrides -days)"}, + {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"}, +- {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"}, ++ {"md", OPT_MD, 's', "md to use; see openssl dgst -h for list"}, + {"policy", OPT_POLICY, 's', "The CA 'policy' to support"}, + {"keyfile", OPT_KEYFILE, 's', "Private key"}, + {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"}, diff --git a/openssl-1.1.0-bio-fd-preserve-nl.patch b/openssl-1.1.0-bio-fd-preserve-nl.patch new file mode 100644 index 0000000..0050115 --- /dev/null +++ b/openssl-1.1.0-bio-fd-preserve-nl.patch @@ -0,0 +1,29 @@ +diff -up openssl-1.1.0c/crypto/bio/bss_fd.c.preserve-nl openssl-1.1.0c/crypto/bio/bss_fd.c +--- openssl-1.1.0c/crypto/bio/bss_fd.c.preserve-nl 2016-11-10 15:03:44.000000000 +0100 ++++ openssl-1.1.0c/crypto/bio/bss_fd.c 2016-12-22 14:36:16.730740423 +0100 +@@ -202,8 +202,10 @@ static int fd_gets(BIO *bp, char *buf, i + char *ptr = buf; + char *end = buf + size - 1; + +- while ((ptr < end) && (fd_read(bp, ptr, 1) > 0) && (ptr[0] != '\n')) +- ptr++; ++ while (ptr < end && fd_read(bp, ptr, 1) > 0) { ++ if (*ptr++ == '\n') ++ break; ++ } + + ptr[0] = '\0'; + +diff -up openssl-1.1.0c/doc/crypto/BIO_read.pod.preserve-nl openssl-1.1.0c/doc/crypto/BIO_read.pod +--- openssl-1.1.0c/doc/crypto/BIO_read.pod.preserve-nl 2016-11-10 15:03:45.000000000 +0100 ++++ openssl-1.1.0c/doc/crypto/BIO_read.pod 2016-12-22 14:37:22.731245197 +0100 +@@ -23,7 +23,8 @@ in B. Usually this operation will a + from the BIO of maximum length B. There are exceptions to this, + however; for example, BIO_gets() on a digest BIO will calculate and + return the digest and other BIOs may not support BIO_gets() at all. +-The returned string is always NUL-terminated. ++The returned string is always NUL-terminated and the '\n' is preserved ++if present in the input data. + + BIO_write() attempts to write B bytes from B to BIO B. + diff --git a/openssl-1.1.0-build.patch b/openssl-1.1.0-build.patch new file mode 100644 index 0000000..bedd957 --- /dev/null +++ b/openssl-1.1.0-build.patch @@ -0,0 +1,73 @@ +diff -up openssl-1.1.0f/Configurations/unix-Makefile.tmpl.build openssl-1.1.0f/Configurations/unix-Makefile.tmpl +--- openssl-1.1.0f/Configurations/unix-Makefile.tmpl.build 2017-06-02 13:51:39.621289504 +0200 ++++ openssl-1.1.0f/Configurations/unix-Makefile.tmpl 2017-06-02 13:54:45.298654812 +0200 +@@ -553,7 +553,7 @@ uninstall_runtime: + install_man_docs: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @echo "*** Installing manpages" +- $(PERL) $(SRCDIR)/util/process_docs.pl \ ++ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ + --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) + + uninstall_man_docs: +@@ -565,7 +565,7 @@ uninstall_man_docs: + install_html_docs: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @echo "*** Installing HTML manpages" +- $(PERL) $(SRCDIR)/util/process_docs.pl \ ++ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ + --destdir=$(DESTDIR)$(HTMLDIR) --type=html + + uninstall_html_docs: +diff -up openssl-1.1.0f/Configurations/10-main.conf.build openssl-1.1.0f/Configurations/10-main.conf +--- openssl-1.1.0f/Configurations/10-main.conf.build 2017-05-25 14:46:17.000000000 +0200 ++++ openssl-1.1.0f/Configurations/10-main.conf 2017-06-02 13:51:39.622289528 +0200 +@@ -662,6 +662,7 @@ sub vms_info { + cflags => add("-m64 -DL_ENDIAN"), + perlasm_scheme => "linux64le", + shared_ldflag => add("-m64"), ++ multilib => "64", + }, + + "linux-armv4" => { +@@ -702,6 +703,7 @@ sub vms_info { + "linux-aarch64" => { + inherit_from => [ "linux-generic64", asm("aarch64_asm") ], + perlasm_scheme => "linux64", ++ multilib => "64", + }, + "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 + inherit_from => [ "linux-generic32", asm("aarch64_asm") ], +diff -up openssl-1.1.0g/test/evptests.txt.build openssl-1.1.0g/test/evptests.txt +--- openssl-1.1.0g/test/evptests.txt.build 2017-11-02 15:29:05.000000000 +0100 ++++ openssl-1.1.0g/test/evptests.txt 2017-11-03 16:37:01.253671494 +0100 +@@ -3707,14 +3707,6 @@ MCowBQYDK2VuAyEA3p7bfXt9wbTTW2HC7OQ1Nz+D + + PrivPubKeyPair = Bob-25519:Bob-25519-PUBLIC + +-Derive=Alice-25519 +-PeerKey=Bob-25519-PUBLIC +-SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 +- +-Derive=Bob-25519 +-PeerKey=Alice-25519-PUBLIC +-SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 +- + # Illegal sign/verify operations with X25519 key + + Sign=Alice-25519 +@@ -3727,6 +3719,14 @@ Result = KEYOP_INIT_ERROR + Function = EVP_PKEY_verify_init + Reason = operation not supported for this keytype + ++Derive=Alice-25519 ++PeerKey=Bob-25519-PUBLIC ++SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 ++ ++Derive=Bob-25519 ++PeerKey=Alice-25519-PUBLIC ++SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 ++ + ## ECDH Tests: test with randomly generated keys for all the listed curves + + diff --git a/openssl-1.1.0-ca-dir.patch b/openssl-1.1.0-ca-dir.patch new file mode 100644 index 0000000..421559d --- /dev/null +++ b/openssl-1.1.0-ca-dir.patch @@ -0,0 +1,24 @@ +diff -up openssl-1.1.0-pre5/apps/CA.pl.in.ca-dir openssl-1.1.0-pre5/apps/CA.pl.in +--- openssl-1.1.0-pre5/apps/CA.pl.in.ca-dir 2016-07-18 15:19:40.118110405 +0200 ++++ openssl-1.1.0-pre5/apps/CA.pl.in 2016-07-18 15:21:06.531061337 +0200 +@@ -26,7 +26,7 @@ my $X509 = "$openssl x509"; + my $PKCS12 = "$openssl pkcs12"; + + # default openssl.cnf file has setup as per the following +-my $CATOP = "./demoCA"; ++my $CATOP = "/etc/pki/CA"; + my $CAKEY = "cakey.pem"; + my $CAREQ = "careq.pem"; + my $CACERT = "cacert.pem"; +diff -up openssl-1.1.0-pre5/apps/openssl.cnf.ca-dir openssl-1.1.0-pre5/apps/openssl.cnf +--- openssl-1.1.0-pre5/apps/openssl.cnf.ca-dir 2016-07-18 15:19:40.114110315 +0200 ++++ openssl-1.1.0-pre5/apps/openssl.cnf 2016-07-18 15:19:48.492299467 +0200 +@@ -39,7 +39,7 @@ default_ca = CA_default # The default c + #################################################################### + [ CA_default ] + +-dir = ./demoCA # Where everything is kept ++dir = /etc/pki/CA # Where everything is kept + certs = $dir/certs # Where the issued certs are kept + crl_dir = $dir/crl # Where the issued crl are kept + database = $dir/index.txt # database index file. diff --git a/openssl-1.1.0-cc-reqs.patch b/openssl-1.1.0-cc-reqs.patch new file mode 100644 index 0000000..05e0edd --- /dev/null +++ b/openssl-1.1.0-cc-reqs.patch @@ -0,0 +1,27 @@ +diff -up openssl-1.1.0h/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0h/crypto/rsa/rsa_gen.c +--- openssl-1.1.0h/crypto/rsa/rsa_gen.c.cc-reqs 2018-03-27 15:50:39.000000000 +0200 ++++ openssl-1.1.0h/crypto/rsa/rsa_gen.c 2018-03-29 14:37:53.405048562 +0200 +@@ -86,6 +86,12 @@ static int rsa_builtin_keygen(RSA *rsa, + if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL)) + goto err; + ++ /* prepare minimum p and q difference */ ++ if (!BN_one(r3)) ++ goto err; ++ if (bitsp > 100 && !BN_lshift(r3, r3, bitsp - 100)) ++ goto err; ++ + if (BN_copy(rsa->e, e_value) == NULL) + goto err; + +@@ -118,7 +124,9 @@ static int rsa_builtin_keygen(RSA *rsa, + do { + if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) + goto err; +- } while (BN_cmp(rsa->p, rsa->q) == 0); ++ if (!BN_sub(r2, rsa->q, rsa->p)) ++ goto err; ++ } while (BN_ucmp(r2, r3) <= 0); + if (!BN_sub(r2, rsa->q, BN_value_one())) + goto err; + ERR_set_mark(); diff --git a/openssl-1.1.0-chil-fixes.patch b/openssl-1.1.0-chil-fixes.patch new file mode 100644 index 0000000..363d05f --- /dev/null +++ b/openssl-1.1.0-chil-fixes.patch @@ -0,0 +1,15 @@ +diff -up openssl-1.1.0-pre6/engines/e_chil.c.chil openssl-1.1.0-pre6/engines/e_chil.c +--- openssl-1.1.0-pre6/engines/e_chil.c.chil 2016-08-04 16:00:47.000000000 +0200 ++++ openssl-1.1.0-pre6/engines/e_chil.c 2016-08-05 16:50:13.860588775 +0200 +@@ -1195,6 +1195,11 @@ static int hwcrhk_insert_card(const char + UI *ui; + void *callback_data = NULL; + UI_METHOD *ui_method = NULL; ++ /* Despite what the documentation says prompt_info can be ++ * an empty string. ++ */ ++ if (prompt_info && !*prompt_info) ++ prompt_info = NULL; + + if (cactx) { + if (cactx->ui_method) diff --git a/openssl-1.0.2a-defaults.patch b/openssl-1.1.0-defaults.patch similarity index 68% rename from openssl-1.0.2a-defaults.patch rename to openssl-1.1.0-defaults.patch index 315a9b0..2a88cef 100644 --- a/openssl-1.0.2a-defaults.patch +++ b/openssl-1.1.0-defaults.patch @@ -1,6 +1,6 @@ -diff -up openssl-1.0.2a/apps/openssl.cnf.defaults openssl-1.0.2a/apps/openssl.cnf ---- openssl-1.0.2a/apps/openssl.cnf.defaults 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/apps/openssl.cnf 2015-04-20 14:37:10.112271850 +0200 +diff -up openssl-1.1.0-pre5/apps/openssl.cnf.defaults openssl-1.1.0-pre5/apps/openssl.cnf +--- openssl-1.1.0-pre5/apps/openssl.cnf.defaults 2016-04-19 16:57:52.000000000 +0200 ++++ openssl-1.1.0-pre5/apps/openssl.cnf 2016-07-18 14:22:08.252691017 +0200 @@ -72,7 +72,7 @@ cert_opt = ca_default # Certificate fi default_days = 365 # how long to certify for @@ -49,12 +49,3 @@ diff -up openssl-1.0.2a/apps/openssl.cnf.defaults openssl-1.0.2a/apps/openssl.cn commonName_max = 64 emailAddress = Email Address -@@ -339,7 +341,7 @@ signer_key = $dir/private/tsakey.pem # T - default_policy = tsa_policy1 # Policy if request did not specify it - # (optional) - other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) --digests = md5, sha1 # Acceptable message digests (mandatory) -+digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) - accuracy = secs:1, millisecs:500, microsecs:100 # (optional) - clock_precision_digits = 0 # number of digits after dot. (optional) - ordering = yes # Is ordering defined for timestamps? diff --git a/openssl-1.1.0-disable-ssl3.patch b/openssl-1.1.0-disable-ssl3.patch new file mode 100644 index 0000000..8dd6aa2 --- /dev/null +++ b/openssl-1.1.0-disable-ssl3.patch @@ -0,0 +1,85 @@ +diff -up openssl-1.1.0h/apps/s_client.c.disable-ssl3 openssl-1.1.0h/apps/s_client.c +--- openssl-1.1.0h/apps/s_client.c.disable-ssl3 2018-03-29 14:38:39.612133765 +0200 ++++ openssl-1.1.0h/apps/s_client.c 2018-03-29 14:41:51.309635904 +0200 +@@ -1489,6 +1489,9 @@ int s_client_main(int argc, char **argv) + if (!config_ctx(cctx, ssl_args, ctx)) + goto end; + ++ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION) ++ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); ++ + if (ssl_config) { + if (SSL_CTX_config(ctx, ssl_config) == 0) { + BIO_printf(bio_err, "Error using configuration \"%s\"\n", +diff -up openssl-1.1.0h/apps/s_server.c.disable-ssl3 openssl-1.1.0h/apps/s_server.c +--- openssl-1.1.0h/apps/s_server.c.disable-ssl3 2018-03-29 14:38:39.613133788 +0200 ++++ openssl-1.1.0h/apps/s_server.c 2018-03-29 14:42:27.313481477 +0200 +@@ -1619,6 +1619,9 @@ int s_server_main(int argc, char *argv[] + if (!config_ctx(cctx, ssl_args, ctx)) + goto end; + ++ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION) ++ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); ++ + if (ssl_config) { + if (SSL_CTX_config(ctx, ssl_config) == 0) { + BIO_printf(bio_err, "Error using configuration \"%s\"\n", +diff -up openssl-1.1.0h/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.0h/ssl/ssl_lib.c +--- openssl-1.1.0h/ssl/ssl_lib.c.disable-ssl3 2018-03-27 15:50:40.000000000 +0200 ++++ openssl-1.1.0h/ssl/ssl_lib.c 2018-03-29 14:38:39.614133811 +0200 +@@ -2653,6 +2653,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m + * or by using the SSL_CONF library. + */ + ret->options |= SSL_OP_NO_COMPRESSION; ++ /* ++ * Disable SSLv3 by default. Applications can ++ * re-enable it by configuring ++ * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); ++ * or by using the SSL_CONF library. ++ */ ++ ret->options |= SSL_OP_NO_SSLv3; + + ret->tlsext_status_type = -1; + +diff -up openssl-1.1.0h/test/ssl_test.c.disable-ssl3 openssl-1.1.0h/test/ssl_test.c +--- openssl-1.1.0h/test/ssl_test.c.disable-ssl3 2018-03-29 14:38:39.615133835 +0200 ++++ openssl-1.1.0h/test/ssl_test.c 2018-03-29 14:43:37.893139086 +0200 +@@ -277,6 +277,7 @@ static int execute_test(SSL_TEST_FIXTURE + SSL_TEST_SERVERNAME_CB_NONE) { + server2_ctx = SSL_CTX_new(TLS_server_method()); + TEST_check(server2_ctx != NULL); ++ SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3); + } + client_ctx = SSL_CTX_new(TLS_client_method()); + TEST_check(SSL_CTX_set_max_proto_version(client_ctx, TLS_MAX_VERSION)); +@@ -290,11 +291,15 @@ static int execute_test(SSL_TEST_FIXTURE + TLS_MAX_VERSION)); + TEST_check(resume_server_ctx != NULL); + TEST_check(resume_client_ctx != NULL); ++ SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3); ++ SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3); + } + } + + TEST_check(server_ctx != NULL); + TEST_check(client_ctx != NULL); ++ SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3); ++ SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3); + + TEST_check(CONF_modules_load(conf, fixture.test_app, 0) > 0); + +diff -up openssl-1.1.0h/test/ssltest_old.c.disable-ssl3 openssl-1.1.0h/test/ssltest_old.c +--- openssl-1.1.0h/test/ssltest_old.c.disable-ssl3 2018-03-27 15:50:41.000000000 +0200 ++++ openssl-1.1.0h/test/ssltest_old.c 2018-03-29 14:38:39.615133835 +0200 +@@ -1460,6 +1460,11 @@ int main(int argc, char *argv[]) + ERR_print_errors(bio_err); + goto end; + } ++ ++ SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3); ++ SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3); ++ SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3); ++ + /* + * Since we will use low security ciphersuites and keys for testing set + * security level to zero by default. Tests can override this by adding diff --git a/openssl-1.1.0-ec-curves.patch b/openssl-1.1.0-ec-curves.patch new file mode 100644 index 0000000..d6bd022 --- /dev/null +++ b/openssl-1.1.0-ec-curves.patch @@ -0,0 +1,80 @@ +diff -up openssl-1.1.0e/apps/speed.c.curves openssl-1.1.0e/apps/speed.c +--- openssl-1.1.0e/apps/speed.c.curves 2017-02-16 12:58:20.000000000 +0100 ++++ openssl-1.1.0e/apps/speed.c 2017-02-16 15:46:22.271504354 +0100 +@@ -536,42 +536,18 @@ static OPT_PAIR rsa_choices[] = { + #define R_EC_X25519 16 + #ifndef OPENSSL_NO_EC + static OPT_PAIR ecdsa_choices[] = { +- {"ecdsap160", R_EC_P160}, +- {"ecdsap192", R_EC_P192}, + {"ecdsap224", R_EC_P224}, + {"ecdsap256", R_EC_P256}, + {"ecdsap384", R_EC_P384}, + {"ecdsap521", R_EC_P521}, +- {"ecdsak163", R_EC_K163}, +- {"ecdsak233", R_EC_K233}, +- {"ecdsak283", R_EC_K283}, +- {"ecdsak409", R_EC_K409}, +- {"ecdsak571", R_EC_K571}, +- {"ecdsab163", R_EC_B163}, +- {"ecdsab233", R_EC_B233}, +- {"ecdsab283", R_EC_B283}, +- {"ecdsab409", R_EC_B409}, +- {"ecdsab571", R_EC_B571}, + {NULL} + }; + + static OPT_PAIR ecdh_choices[] = { +- {"ecdhp160", R_EC_P160}, +- {"ecdhp192", R_EC_P192}, + {"ecdhp224", R_EC_P224}, + {"ecdhp256", R_EC_P256}, + {"ecdhp384", R_EC_P384}, + {"ecdhp521", R_EC_P521}, +- {"ecdhk163", R_EC_K163}, +- {"ecdhk233", R_EC_K233}, +- {"ecdhk283", R_EC_K283}, +- {"ecdhk409", R_EC_K409}, +- {"ecdhk571", R_EC_K571}, +- {"ecdhb163", R_EC_B163}, +- {"ecdhb233", R_EC_B233}, +- {"ecdhb283", R_EC_B283}, +- {"ecdhb409", R_EC_B409}, +- {"ecdhb571", R_EC_B571}, + {"ecdhx25519", R_EC_X25519}, + {NULL} + }; +diff -up openssl-1.1.0e/crypto/ec/ecp_smpl.c.curves openssl-1.1.0e/crypto/ec/ecp_smpl.c +--- openssl-1.1.0e/crypto/ec/ecp_smpl.c.curves 2017-02-16 12:58:21.000000000 +0100 ++++ openssl-1.1.0e/crypto/ec/ecp_smpl.c 2017-02-16 15:46:22.264504188 +0100 +@@ -144,6 +144,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO + return 0; + } + ++ if (BN_num_bits(p) < 224) { ++ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); ++ return 0; ++ } ++ + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) +diff -up openssl-1.1.0e/test/ecdsatest.c.curves openssl-1.1.0e/test/ecdsatest.c +--- openssl-1.1.0e/test/ecdsatest.c.curves 2017-02-16 12:58:24.000000000 +0100 ++++ openssl-1.1.0e/test/ecdsatest.c 2017-02-16 15:46:22.250503857 +0100 +@@ -216,6 +216,7 @@ int x9_62_tests(BIO *out) + if (!change_rand()) + goto x962_err; + ++#if 0 + if (!x9_62_test_internal(out, NID_X9_62_prime192v1, + "3342403536405981729393488334694600415596881826869351677613", + "5735822328888155254683894997897571951568553642892029982342")) +@@ -226,6 +227,7 @@ int x9_62_tests(BIO *out) + "3238135532097973577080787768312505059318910517550078427819" + "78505179448783")) + goto x962_err; ++#endif + # ifndef OPENSSL_NO_EC2M + if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1, + "87194383164871543355722284926904419997237591535066528048", diff --git a/openssl-1.0.2h-fips.patch b/openssl-1.1.0-fips.patch similarity index 65% rename from openssl-1.0.2h-fips.patch rename to openssl-1.1.0-fips.patch index e291dd9..66f727d 100644 --- a/openssl-1.0.2h-fips.patch +++ b/openssl-1.1.0-fips.patch @@ -1,54 +1,32 @@ -diff -up openssl-1.0.2h/apps/speed.c.fips openssl-1.0.2h/apps/speed.c ---- openssl-1.0.2h/apps/speed.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/apps/speed.c 2016-05-03 16:57:58.819320945 +0200 -@@ -197,7 +197,6 @@ - # ifdef OPENSSL_DOING_MAKEDEPEND - # undef AES_set_encrypt_key - # undef AES_set_decrypt_key --# undef DES_set_key_unchecked - # endif - # define BF_set_key private_BF_set_key - # define CAST_set_key private_CAST_set_key -@@ -205,7 +204,6 @@ - # define SEED_set_key private_SEED_set_key - # define RC2_set_key private_RC2_set_key - # define RC4_set_key private_RC4_set_key --# define DES_set_key_unchecked private_DES_set_key_unchecked - # define AES_set_encrypt_key private_AES_set_encrypt_key - # define AES_set_decrypt_key private_AES_set_decrypt_key - # define Camellia_set_key private_Camellia_set_key -@@ -974,7 +972,12 @@ int MAIN(int argc, char **argv) - # endif - # ifndef OPENSSL_NO_RSA +diff -up openssl-1.1.0h/apps/speed.c.fips openssl-1.1.0h/apps/speed.c +--- openssl-1.1.0h/apps/speed.c.fips 2018-03-29 14:44:24.617236431 +0200 ++++ openssl-1.1.0h/apps/speed.c 2018-03-29 15:02:42.171996191 +0200 +@@ -1447,7 +1447,9 @@ int speed_main(int argc, char **argv) + if (strcmp(*argv, "openssl") == 0) + continue; if (strcmp(*argv, "rsa") == 0) { -- rsa_doit[R_RSA_512] = 1; -+# ifdef OPENSSL_FIPS +- rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] = + if (!FIPS_mode()) -+# endif -+ { + rsa_doit[R_RSA_512] = 1; -+ } - rsa_doit[R_RSA_1024] = 1; - rsa_doit[R_RSA_2048] = 1; - rsa_doit[R_RSA_4096] = 1; -@@ -982,7 +985,12 @@ int MAIN(int argc, char **argv) - # endif - # ifndef OPENSSL_NO_DSA ++ rsa_doit[R_RSA_1024] = + rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] = + rsa_doit[R_RSA_4096] = rsa_doit[R_RSA_7680] = + rsa_doit[R_RSA_15360] = 1; +@@ -1460,7 +1462,9 @@ int speed_main(int argc, char **argv) + #endif + #ifndef OPENSSL_NO_DSA if (strcmp(*argv, "dsa") == 0) { -- dsa_doit[R_DSA_512] = 1; -+# ifdef OPENSSL_FIPS +- dsa_doit[R_DSA_512] = dsa_doit[R_DSA_1024] = + if (!FIPS_mode()) -+# endif -+ { + dsa_doit[R_DSA_512] = 1; -+ } - dsa_doit[R_DSA_1024] = 1; - dsa_doit[R_DSA_2048] = 1; - } else -@@ -1233,13 +1241,19 @@ int MAIN(int argc, char **argv) - - if (j == 0) { - for (i = 0; i < ALGOR_NUM; i++) { ++ dsa_doit[R_DSA_1024] = + dsa_doit[R_DSA_2048] = 1; + continue; + } +@@ -1549,15 +1553,21 @@ int speed_main(int argc, char **argv) + /* No parameters; turn on everything. */ + if ((argc == 0) && !doit[D_EVP]) { + for (i = 0; i < ALGOR_NUM; i++) - if (i != D_EVP) + if (i != D_EVP && + (!FIPS_mode() || (i != D_WHIRLPOOL && @@ -56,22 +34,24 @@ diff -up openssl-1.0.2h/apps/speed.c.fips openssl-1.0.2h/apps/speed.c + i != D_MD5 && i != D_MDC2 && + i != D_RMD160))) doit[i] = 1; - } + #ifndef OPENSSL_NO_RSA for (i = 0; i < RSA_NUM; i++) - rsa_doit[i] = 1; + if (!FIPS_mode() || i != R_RSA_512) + rsa_doit[i] = 1; + #endif + #ifndef OPENSSL_NO_DSA for (i = 0; i < DSA_NUM; i++) - dsa_doit[i] = 1; + if (!FIPS_mode() || i != R_DSA_512) + dsa_doit[i] = 1; - # ifndef OPENSSL_NO_ECDSA - for (i = 0; i < EC_NUM; i++) - ecdsa_doit[i] = 1; -@@ -1299,30 +1313,46 @@ int MAIN(int argc, char **argv) + #endif + #ifndef OPENSSL_NO_EC + for (loop = 0; loop < OSSL_NELEM(ecdsa_choices); loop++) +@@ -1606,30 +1616,46 @@ int speed_main(int argc, char **argv) + AES_set_encrypt_key(key24, 192, &aes_ks2); AES_set_encrypt_key(key32, 256, &aes_ks3); - # endif - # ifndef OPENSSL_NO_CAMELLIA + #ifndef OPENSSL_NO_CAMELLIA - Camellia_set_key(key16, 128, &camellia_ks1); - Camellia_set_key(ckey24, 192, &camellia_ks2); - Camellia_set_key(ckey32, 256, &camellia_ks3); @@ -80,272 +60,142 @@ diff -up openssl-1.0.2h/apps/speed.c.fips openssl-1.0.2h/apps/speed.c + Camellia_set_key(ckey24, 192, &camellia_ks2); + Camellia_set_key(ckey32, 256, &camellia_ks3); + } - # endif - # ifndef OPENSSL_NO_IDEA -- idea_set_encrypt_key(key16, &idea_ks); + #endif + #ifndef OPENSSL_NO_IDEA +- IDEA_set_encrypt_key(key16, &idea_ks); + if (doit[D_CBC_IDEA]) { -+ idea_set_encrypt_key(key16, &idea_ks); ++ IDEA_set_encrypt_key(key16, &idea_ks); + } - # endif - # ifndef OPENSSL_NO_SEED + #endif + #ifndef OPENSSL_NO_SEED - SEED_set_key(key16, &seed_ks); + if (doit[D_CBC_SEED]) { + SEED_set_key(key16, &seed_ks); + } - # endif - # ifndef OPENSSL_NO_RC4 + #endif + #ifndef OPENSSL_NO_RC4 - RC4_set_key(&rc4_ks, 16, key16); -+ if (doit[D_RC4]) { ++ if (doit[D_RC4]) { + RC4_set_key(&rc4_ks, 16, key16); + } - # endif - # ifndef OPENSSL_NO_RC2 + #endif + #ifndef OPENSSL_NO_RC2 - RC2_set_key(&rc2_ks, 16, key16, 128); + if (doit[D_CBC_RC2]) { + RC2_set_key(&rc2_ks, 16, key16, 128); + } - # endif - # ifndef OPENSSL_NO_RC5 + #endif + #ifndef OPENSSL_NO_RC5 - RC5_32_set_key(&rc5_ks, 16, key16, 12); + if (doit[D_CBC_RC5]) { + RC5_32_set_key(&rc5_ks, 16, key16, 12); + } - # endif - # ifndef OPENSSL_NO_BF + #endif + #ifndef OPENSSL_NO_BF - BF_set_key(&bf_ks, 16, key16); + if (doit[D_CBC_BF]) { + BF_set_key(&bf_ks, 16, key16); + } - # endif - # ifndef OPENSSL_NO_CAST + #endif + #ifndef OPENSSL_NO_CAST - CAST_set_key(&cast_ks, 16, key16); + if (doit[D_CBC_CAST]) { + CAST_set_key(&cast_ks, 16, key16); + } - # endif - # ifndef OPENSSL_NO_RSA - memset(rsa_c, 0, sizeof(rsa_c)); -@@ -1605,6 +1635,7 @@ int MAIN(int argc, char **argv) - HMAC_CTX hctx; + #endif + #ifndef SIGALRM + # ifndef OPENSSL_NO_DES +@@ -1890,6 +1916,7 @@ int speed_main(int argc, char **argv) - HMAC_CTX_init(&hctx); -+ HMAC_CTX_set_flags(&hctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - HMAC_Init_ex(&hctx, (unsigned char *)"This is a key...", - 16, EVP_md5(), NULL); - -diff -up openssl-1.0.2h/Configure.fips openssl-1.0.2h/Configure ---- openssl-1.0.2h/Configure.fips 2016-05-03 16:57:58.783320095 +0200 -+++ openssl-1.0.2h/Configure 2016-05-03 16:57:58.819320945 +0200 -@@ -1067,11 +1067,6 @@ if (defined($disabled{"md5"}) || defined - $disabled{"ssl2"} = "forced"; - } - --if ($fips && $fipslibdir eq "") -- { -- $fipslibdir = $fipsdir . "/lib/"; -- } -- - # RSAX ENGINE sets default non-FIPS RSA method. - if ($fips) - { -@@ -1560,7 +1555,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b - if ($fips) - { - $openssl_other_defines.="#define OPENSSL_FIPS\n"; -- $cflags .= " -I\$(FIPSDIR)/include"; - } - - $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); -@@ -1763,9 +1757,12 @@ while () - - s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; - s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; -- s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips; - s/^BASEADDR=.*/BASEADDR=$baseaddr/; - -+ if ($fips) -+ { -+ s/^FIPS=.*/FIPS=yes/; -+ } - s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; - s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; - s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); -diff -up openssl-1.0.2h/crypto/aes/aes_misc.c.fips openssl-1.0.2h/crypto/aes/aes_misc.c ---- openssl-1.0.2h/crypto/aes/aes_misc.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/aes/aes_misc.c 2016-05-03 16:57:58.819320945 +0200 -@@ -70,17 +70,11 @@ const char *AES_options(void) - int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) - { --#ifdef OPENSSL_FIPS -- fips_cipher_abort(AES); --#endif - return private_AES_set_encrypt_key(userKey, bits, key); - } - - int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) - { --#ifdef OPENSSL_FIPS -- fips_cipher_abort(AES); --#endif - return private_AES_set_decrypt_key(userKey, bits, key); - } -diff -up openssl-1.0.2h/crypto/cmac/cmac.c.fips openssl-1.0.2h/crypto/cmac/cmac.c ---- openssl-1.0.2h/crypto/cmac/cmac.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/cmac/cmac.c 2016-05-03 16:57:58.819320945 +0200 -@@ -105,12 +105,6 @@ CMAC_CTX *CMAC_CTX_new(void) - - void CMAC_CTX_cleanup(CMAC_CTX *ctx) - { --#ifdef OPENSSL_FIPS -- if (FIPS_mode() && !ctx->cctx.engine) { -- FIPS_cmac_ctx_cleanup(ctx); -- return; -- } --#endif - EVP_CIPHER_CTX_cleanup(&ctx->cctx); - OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH); - OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH); -@@ -160,20 +154,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void - EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS); - return 0; - } -- -- /* Switch to FIPS cipher implementation if possible */ -- if (cipher != NULL) { -- const EVP_CIPHER *fcipher; -- fcipher = FIPS_get_cipherbynid(EVP_CIPHER_nid(cipher)); -- if (fcipher != NULL) -- cipher = fcipher; -- } -- /* -- * Other algorithm blocking will be done in FIPS_cmac_init, via -- * FIPS_cipherinit(). -- */ -- if (!impl && !ctx->cctx.engine) -- return FIPS_cmac_init(ctx, key, keylen, cipher, NULL); + for (i = 0; i < loopargs_len; i++) { + loopargs[i].hctx = HMAC_CTX_new(); ++ HMAC_CTX_set_flags(loopargs[i].hctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + if (loopargs[i].hctx == NULL) { + BIO_printf(bio_err, "HMAC malloc failure, exiting..."); + exit(1); +diff -up openssl-1.1.0h/Configure.fips openssl-1.1.0h/Configure +--- openssl-1.1.0h/Configure.fips 2018-03-29 14:44:24.624236595 +0200 ++++ openssl-1.1.0h/Configure 2018-03-29 14:44:24.628236689 +0200 +@@ -314,7 +314,7 @@ $config{sdirs} = [ + "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", + "des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes", + "bn", "ec", "rsa", "dsa", "dh", "dso", "engine", +- "buffer", "bio", "stack", "lhash", "rand", "err", ++ "buffer", "bio", "stack", "lhash", "rand", "err", "fips", + "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", + "cms", "ts", "srp", "cmac", "ct", "async", "kdf" + ]; +diff -up openssl-1.1.0h/crypto/bn/bn_rand.c.fips openssl-1.1.0h/crypto/bn/bn_rand.c +--- openssl-1.1.0h/crypto/bn/bn_rand.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/bn/bn_rand.c 2018-03-29 14:44:24.628236689 +0200 +@@ -39,9 +39,11 @@ static int bnrand(int pseudorand, BIGNUM + goto err; } - #endif - /* All zeros means restart */ -@@ -219,10 +199,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi + +- /* make a random number and set the top and bottom bits */ +- time(&tim); +- RAND_add(&tim, sizeof(tim), 0.0); ++ if (!FIPS_mode()) { /* in FIPS mode the RNG is always properly seeded or the module fails */ ++ /* make a random number and set the top and bottom bits */ ++ time(&tim); ++ RAND_add(&tim, sizeof(tim), 0.0); ++ } + + if (RAND_bytes(buf, bytes) <= 0) + goto err; +diff -up openssl-1.1.0h/crypto/dh/dh_err.c.fips openssl-1.1.0h/crypto/dh/dh_err.c +--- openssl-1.1.0h/crypto/dh/dh_err.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/dh/dh_err.c 2018-03-29 14:44:24.628236689 +0200 +@@ -25,6 +25,9 @@ static ERR_STRING_DATA DH_str_functs[] = + {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"}, + {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"}, + {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "dh_cms_set_shared_info"}, ++ {ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, ++ {ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, ++ {ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS_EX), "DH_generate_parameters_ex"}, + {ERR_FUNC(DH_F_DH_METH_DUP), "DH_meth_dup"}, + {ERR_FUNC(DH_F_DH_METH_NEW), "DH_meth_new"}, + {ERR_FUNC(DH_F_DH_METH_SET1_NAME), "DH_meth_set1_name"}, +@@ -49,9 +52,11 @@ static ERR_STRING_DATA DH_str_reasons[] + {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"}, + {ERR_REASON(DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, + {ERR_REASON(DH_R_KEYS_NOT_SET), "keys not set"}, ++ {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL), "key size too small"}, + {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"}, + {ERR_REASON(DH_R_NO_PARAMETERS_SET), "no parameters set"}, + {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"}, ++ {ERR_REASON(DH_R_NON_FIPS_METHOD), "non FIPS method"}, + {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, + {ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"}, + {ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"}, +diff -up openssl-1.1.0h/crypto/dh/dh_gen.c.fips openssl-1.1.0h/crypto/dh/dh_gen.c +--- openssl-1.1.0h/crypto/dh/dh_gen.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/dh/dh_gen.c 2018-03-29 14:44:24.628236689 +0200 +@@ -16,6 +16,9 @@ + #include "internal/cryptlib.h" + #include + #include "dh_locl.h" ++#ifdef OPENSSL_FIPS ++# include ++#endif + + static int dh_builtin_genparams(DH *ret, int prime_len, int generator, + BN_GENCB *cb); +@@ -23,6 +26,13 @@ static int dh_builtin_genparams(DH *ret, + int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, + BN_GENCB *cb) { - const unsigned char *data = in; - size_t bl; --#ifdef OPENSSL_FIPS -- if (FIPS_mode() && !ctx->cctx.engine) -- return FIPS_cmac_update(ctx, in, dlen); --#endif - if (ctx->nlast_block == -1) - return 0; - if (dlen == 0) -@@ -262,10 +238,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi - int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) - { - int i, bl, lb; --#ifdef OPENSSL_FIPS -- if (FIPS_mode() && !ctx->cctx.engine) -- return FIPS_cmac_final(ctx, out, poutlen); --#endif - if (ctx->nlast_block == -1) - return 0; - bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); -diff -up openssl-1.0.2h/crypto/crypto.h.fips openssl-1.0.2h/crypto/crypto.h ---- openssl-1.0.2h/crypto/crypto.h.fips 2016-05-03 16:57:58.673317497 +0200 -+++ openssl-1.0.2h/crypto/crypto.h 2016-05-03 16:57:58.820320969 +0200 -@@ -600,24 +600,29 @@ int FIPS_mode_set(int r); - void OPENSSL_init(void); - - # define fips_md_init(alg) fips_md_init_ctx(alg, alg) -+# define nonfips_md_init(alg) nonfips_md_init_ctx(alg, alg) -+# define fips_md_init_ctx(alg, cx) \ -+ int alg##_Init(cx##_CTX *c) - - # ifdef OPENSSL_FIPS --# define fips_md_init_ctx(alg, cx) \ -+# define nonfips_md_init_ctx(alg, cx) \ - int alg##_Init(cx##_CTX *c) \ - { \ - if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ -- "Low level API call to digest " #alg " forbidden in FIPS mode!"); \ -+ "Digest " #alg " forbidden in FIPS mode!"); \ - return private_##alg##_Init(c); \ - } \ - int private_##alg##_Init(cx##_CTX *c) - - # define fips_cipher_abort(alg) \ - if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \ -- "Low level API call to cipher " #alg " forbidden in FIPS mode!") -+ "Cipher " #alg " forbidden in FIPS mode!") -+ -+/* die if FIPS selftest failed */ -+void FIPS_selftest_check(void); - - # else --# define fips_md_init_ctx(alg, cx) \ -- int alg##_Init(cx##_CTX *c) -+# define nonfips_md_init_ctx(alg, cx) fips_md_init_ctx(alg, cx) - # define fips_cipher_abort(alg) while(0) - # endif - -@@ -637,6 +642,9 @@ int CRYPTO_memcmp(const volatile void *a - */ - void ERR_load_CRYPTO_strings(void); - -+# define OPENSSL_HAVE_INIT 1 -+void OPENSSL_init_library(void); -+ - /* Error codes for the CRYPTO functions. */ - - /* Function codes. */ -diff -up openssl-1.0.2h/crypto/des/des.h.fips openssl-1.0.2h/crypto/des/des.h ---- openssl-1.0.2h/crypto/des/des.h.fips 2016-05-03 16:57:58.709318347 +0200 -+++ openssl-1.0.2h/crypto/des/des.h 2016-05-03 16:57:58.820320969 +0200 -@@ -231,10 +231,6 @@ int DES_set_key(const_DES_cblock *key, D - int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); - int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); - void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); --# ifdef OPENSSL_FIPS --void private_DES_set_key_unchecked(const_DES_cblock *key, -- DES_key_schedule *schedule); --# endif - void DES_string_to_key(const char *str, DES_cblock *key); - void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); - void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, -diff -up openssl-1.0.2h/crypto/des/set_key.c.fips openssl-1.0.2h/crypto/des/set_key.c ---- openssl-1.0.2h/crypto/des/set_key.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/des/set_key.c 2016-05-03 16:57:58.820320969 +0200 -@@ -359,15 +359,6 @@ int DES_set_key_checked(const_DES_cblock - } - - void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) --#ifdef OPENSSL_FIPS --{ -- fips_cipher_abort(DES); -- private_DES_set_key_unchecked(key, schedule); --} -- --void private_DES_set_key_unchecked(const_DES_cblock *key, -- DES_key_schedule *schedule) --#endif - { - static const int shifts2[16] = - { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; -diff -up openssl-1.0.2h/crypto/dh/dh_gen.c.fips openssl-1.0.2h/crypto/dh/dh_gen.c ---- openssl-1.0.2h/crypto/dh/dh_gen.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/dh/dh_gen.c 2016-05-03 16:57:58.820320969 +0200 -@@ -85,10 +85,6 @@ int DH_generate_parameters_ex(DH *ret, i - #endif ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD) ++ && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW)) { ++ DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD); ++ return 0; ++ } ++#endif if (ret->meth->generate_params) return ret->meth->generate_params(ret, prime_len, generator, cb); --#ifdef OPENSSL_FIPS -- if (FIPS_mode()) -- return FIPS_dh_generate_parameters_ex(ret, prime_len, generator, cb); --#endif return dh_builtin_genparams(ret, prime_len, generator, cb); - } - -@@ -126,6 +122,18 @@ static int dh_builtin_genparams(DH *ret, +@@ -62,6 +72,18 @@ static int dh_builtin_genparams(DH *ret, int g, ok = -1; BN_CTX *ctx = NULL; @@ -355,7 +205,7 @@ diff -up openssl-1.0.2h/crypto/dh/dh_gen.c.fips openssl-1.0.2h/crypto/dh/dh_gen. + return 0; + } + -+ if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) { ++ if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN)) { + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); + goto err; + } @@ -364,32 +214,45 @@ diff -up openssl-1.0.2h/crypto/dh/dh_gen.c.fips openssl-1.0.2h/crypto/dh/dh_gen. ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.0.2h/crypto/dh/dh.h.fips openssl-1.0.2h/crypto/dh/dh.h ---- openssl-1.0.2h/crypto/dh/dh.h.fips 2016-05-03 16:57:58.622316293 +0200 -+++ openssl-1.0.2h/crypto/dh/dh.h 2016-05-03 16:57:58.820320969 +0200 -@@ -77,6 +77,8 @@ - # define OPENSSL_DH_MAX_MODULUS_BITS 10000 - # endif - -+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 -+ - # define DH_FLAG_CACHE_MONT_P 0x01 - - /* -diff -up openssl-1.0.2h/crypto/dh/dh_key.c.fips openssl-1.0.2h/crypto/dh/dh_key.c ---- openssl-1.0.2h/crypto/dh/dh_key.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/dh/dh_key.c 2016-05-03 16:57:58.821320992 +0200 -@@ -61,6 +61,9 @@ - #include - #include - #include +diff -up openssl-1.1.0h/crypto/dh/dh_key.c.fips openssl-1.1.0h/crypto/dh/dh_key.c +--- openssl-1.1.0h/crypto/dh/dh_key.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/dh/dh_key.c 2018-03-29 14:44:24.628236689 +0200 +@@ -11,6 +11,9 @@ + #include "internal/cryptlib.h" + #include "dh_locl.h" + #include "internal/bn_int.h" +#ifdef OPENSSL_FIPS +# include +#endif static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); -@@ -97,7 +100,7 @@ int DH_compute_key(unsigned char *key, c +@@ -22,18 +25,32 @@ static int dh_finish(DH *dh); + + int DH_generate_key(DH *dh) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) ++ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) { ++ DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD); ++ return 0; ++ } ++#endif + return dh->meth->generate_key(dh); + } + + int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) ++ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) { ++ DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD); ++ return 0; ++ } ++#endif + return dh->meth->compute_key(key, pub_key, dh); + } + int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) { int rv, pad; @@ -398,16 +261,7 @@ diff -up openssl-1.0.2h/crypto/dh/dh_key.c.fips openssl-1.0.2h/crypto/dh/dh_key. if (rv <= 0) return rv; pad = BN_num_bytes(dh->p) - rv; -@@ -115,7 +118,7 @@ static DH_METHOD dh_ossl = { - dh_bn_mod_exp, - dh_init, - dh_finish, -- 0, -+ DH_FLAG_FIPS_METHOD, - NULL, - NULL - }; -@@ -134,6 +137,14 @@ static int generate_key(DH *dh) +@@ -82,6 +99,14 @@ static int generate_key(DH *dh) BN_MONT_CTX *mont = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; @@ -422,7 +276,7 @@ diff -up openssl-1.0.2h/crypto/dh/dh_key.c.fips openssl-1.0.2h/crypto/dh/dh_key. ctx = BN_CTX_new(); if (ctx == NULL) goto err; -@@ -217,6 +228,13 @@ static int compute_key(unsigned char *ke +@@ -165,6 +190,13 @@ static int compute_key(unsigned char *ke DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); goto err; } @@ -436,7 +290,7 @@ diff -up openssl-1.0.2h/crypto/dh/dh_key.c.fips openssl-1.0.2h/crypto/dh/dh_key. ctx = BN_CTX_new(); if (ctx == NULL) -@@ -277,6 +295,9 @@ static int dh_bn_mod_exp(const DH *dh, B +@@ -216,6 +248,9 @@ static int dh_bn_mod_exp(const DH *dh, B static int dh_init(DH *dh) { @@ -446,37 +300,24 @@ diff -up openssl-1.0.2h/crypto/dh/dh_key.c.fips openssl-1.0.2h/crypto/dh/dh_key. dh->flags |= DH_FLAG_CACHE_MONT_P; return (1); } -diff -up openssl-1.0.2h/crypto/dh/dh_lib.c.fips openssl-1.0.2h/crypto/dh/dh_lib.c ---- openssl-1.0.2h/crypto/dh/dh_lib.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/dh/dh_lib.c 2016-05-03 16:57:58.821320992 +0200 -@@ -80,14 +80,7 @@ void DH_set_default_method(const DH_METH - const DH_METHOD *DH_get_default_method(void) - { - if (!default_DH_method) { --#ifdef OPENSSL_FIPS -- if (FIPS_mode()) -- return FIPS_dh_openssl(); -- else -- return DH_OpenSSL(); --#else - default_DH_method = DH_OpenSSL(); --#endif - } - return default_DH_method; - } -diff -up openssl-1.0.2h/crypto/dsa/dsa_err.c.fips openssl-1.0.2h/crypto/dsa/dsa_err.c ---- openssl-1.0.2h/crypto/dsa/dsa_err.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsa_err.c 2016-05-03 16:57:58.821320992 +0200 -@@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[] - {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"}, +diff -up openssl-1.1.0h/crypto/dsa/dsa_err.c.fips openssl-1.1.0h/crypto/dsa/dsa_err.c +--- openssl-1.1.0h/crypto/dsa/dsa_err.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/dsa/dsa_err.c 2018-03-29 14:44:24.628236689 +0200 +@@ -21,10 +21,13 @@ + static ERR_STRING_DATA DSA_str_functs[] = { {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, + {ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "dsa_builtin_keygen"}, -+ {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "dsa_builtin_paramgen"}, - {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN2), "DSA_BUILTIN_PARAMGEN2"}, + {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "dsa_builtin_paramgen"}, + {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN2), "dsa_builtin_paramgen2"}, {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, -@@ -109,6 +111,8 @@ static ERR_STRING_DATA DSA_str_reasons[] ++ {ERR_FUNC(DSA_F_DSA_GENERATE_KEY), "DSA_generate_key"}, ++ {ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS_EX), "DSA_generate_parameters_ex"}, + {ERR_FUNC(DSA_F_DSA_METH_DUP), "DSA_meth_dup"}, + {ERR_FUNC(DSA_F_DSA_METH_NEW), "DSA_meth_new"}, + {ERR_FUNC(DSA_F_DSA_METH_SET1_NAME), "DSA_meth_set1_name"}, +@@ -51,9 +54,12 @@ static ERR_STRING_DATA DSA_str_reasons[] {ERR_REASON(DSA_R_DECODE_ERROR), "decode error"}, {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE), "invalid digest type"}, {ERR_REASON(DSA_R_INVALID_PARAMETERS), "invalid parameters"}, @@ -484,538 +325,185 @@ diff -up openssl-1.0.2h/crypto/dsa/dsa_err.c.fips openssl-1.0.2h/crypto/dsa/dsa_ + {ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, - {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"}, -diff -up openssl-1.0.2h/crypto/dsa/dsa_gen.c.fips openssl-1.0.2h/crypto/dsa/dsa_gen.c ---- openssl-1.0.2h/crypto/dsa/dsa_gen.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsa_gen.c 2016-05-03 16:57:58.821320992 +0200 -@@ -91,6 +91,16 @@ - # include - # endif + {ERR_REASON(DSA_R_NO_PARAMETERS_SET), "no parameters set"}, ++ {ERR_REASON(DSA_R_NON_FIPS_DSA_METHOD), "non FIPS DSA method"}, + {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, + {ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"}, + {ERR_REASON(DSA_R_SEED_LEN_SMALL), +diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_gen.c +--- openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/dsa/dsa_gen.c 2018-03-29 14:44:24.628236689 +0200 +@@ -22,12 +22,22 @@ + #include + #include + #include "dsa_locl.h" ++#ifdef OPENSSL_FIPS ++# include ++#endif -+# ifndef OPENSSL_FIPS -+static int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits, -+ const EVP_MD *evpmd, unsigned char *seed, -+ int seed_len, BIGNUM **p_ret, BIGNUM **q_ret, -+ int *counter_ret, BN_GENCB *cb); -+static int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q, -+ BIGNUM **g_ret, unsigned long *h_ret, -+ BN_GENCB *cb); -+# endif -+ int DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, -@@ -106,97 +116,165 @@ int DSA_generate_parameters_ex(DSA *ret, + BN_GENCB *cb) + { ++# ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD) ++ && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW)) { ++ DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD); ++ return 0; ++ } ++# endif if (ret->meth->dsa_paramgen) return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, counter_ret, h_ret, cb); --# ifdef OPENSSL_FIPS -- else if (FIPS_mode()) { -- return FIPS_dsa_generate_parameters_ex(ret, bits, -- seed_in, seed_len, -- counter_ret, h_ret, cb); -- } --# endif - else { +@@ -35,9 +45,15 @@ int DSA_generate_parameters_ex(DSA *ret, const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1(); size_t qbits = EVP_MD_size(evpmd) * 8; ++# ifdef OPENSSL_FIPS ++ return dsa_builtin_paramgen2(ret, bits, qbits, evpmd, ++ seed_in, seed_len, -1, NULL, counter_ret, ++ h_ret, cb); ++# else return dsa_builtin_paramgen(ret, bits, qbits, evpmd, -- seed_in, seed_len, NULL, counter_ret, -+ seed_in, seed_len, counter_ret, + seed_in, seed_len, NULL, counter_ret, h_ret, cb); ++# endif } } -+# ifdef OPENSSL_FIPS -+int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, -+ const EVP_MD *evpmd, -+ const unsigned char *seed_in, size_t seed_len, -+ int *counter_ret, unsigned long *h_ret, -+ BN_GENCB *cb) -+{ -+ return dsa_builtin_paramgen(ret, bits, qbits, -+ evpmd, seed_in, seed_len, -+ counter_ret, h_ret, cb); -+} -+# endif -+ - int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, - const EVP_MD *evpmd, const unsigned char *seed_in, -- size_t seed_len, unsigned char *seed_out, -+ size_t seed_len, - int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) +@@ -303,7 +319,7 @@ int dsa_builtin_paramgen2(DSA *ret, size + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb) { - int ok = 0; - unsigned char seed[SHA256_DIGEST_LENGTH]; -+ BIGNUM *g = NULL, *q = NULL, *p = NULL; -+ size_t qsize = qbits >> 3; -+ BN_CTX *ctx = NULL; -+ +- int ok = -1; ++ int ok = 0; + unsigned char *seed = NULL, *seed_tmp = NULL; + unsigned char md[EVP_MAX_MD_SIZE]; + int mdsize; +@@ -320,6 +336,20 @@ int dsa_builtin_paramgen2(DSA *ret, size + if (mctx == NULL) + goto err; + +# ifdef OPENSSL_FIPS + if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN, FIPS_R_FIPS_SELFTEST_FAILED); ++ FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN2, FIPS_R_FIPS_SELFTEST_FAILED); + goto err; + } + -+ if (FIPS_module_mode() && -+ (bits != 1024 || qbits != 160) && -+ (bits != 2048 || qbits != 224) && -+ (bits != 2048 || qbits != 256) && (bits != 3072 || qbits != 256)) { -+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_INVALID); ++ if (FIPS_mode() && (L != 1024 || N != 160) && ++ (L != 2048 || N != 224) && (L != 2048 || N != 256) && ++ (L != 3072 || N != 256)) { ++ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_KEY_SIZE_INVALID); + goto err; + } +# endif -+ if (seed_len && (seed_len < (size_t)qsize)) -+ seed_in = NULL; /* seed buffer too small -- ignore */ -+ if (seed_len > sizeof(seed)) -+ seed_len = sizeof(seed); /* App. 2.2 of FIPS PUB 186 allows larger SEED, -+ * but our internal buffers are restricted to 256 bits*/ -+ if (seed_in != NULL) -+ memcpy(seed, seed_in, seed_len); -+ else -+ seed_len = 0; -+ -+ if ((ctx = BN_CTX_new()) == NULL) -+ goto err; -+ -+ BN_CTX_start(ctx); -+ -+ if (!FIPS_dsa_generate_pq(ctx, bits, qbits, evpmd, -+ seed, seed_len, &p, &q, counter_ret, cb)) -+ goto err; -+ -+ if (!FIPS_dsa_generate_g(ctx, p, q, &g, h_ret, cb)) -+ goto err; -+ -+ ok = 1; -+ err: -+ if (ok) { -+ if (ret->p) { -+ BN_free(ret->p); -+ ret->p = NULL; -+ } -+ if (ret->q) { -+ BN_free(ret->q); -+ ret->q = NULL; -+ } -+ if (ret->g) { -+ BN_free(ret->g); -+ ret->g = NULL; -+ } -+ ret->p = BN_dup(p); -+ ret->q = BN_dup(q); -+ ret->g = BN_dup(g); -+ if (ret->p == NULL || ret->q == NULL || ret->g == NULL) -+ ok = 0; -+ } -+ if (ctx) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ return ok; -+} + -+# ifndef OPENSSL_FIPS -+static -+# endif -+int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits, -+ const EVP_MD *evpmd, unsigned char *seed, -+ int seed_len, BIGNUM **p_ret, BIGNUM **q_ret, -+ int *counter_ret, BN_GENCB *cb) -+{ -+ int ok = 0; - unsigned char md[SHA256_DIGEST_LENGTH]; -- unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH]; -+ unsigned char buf[SHA256_DIGEST_LENGTH]; - BIGNUM *r0, *W, *X, *c, *test; -- BIGNUM *g = NULL, *q = NULL, *p = NULL; -- BN_MONT_CTX *mont = NULL; -- int i, k, n = 0, m = 0, qsize = qbits >> 3; -+ BIGNUM *q = NULL, *p = NULL; -+ int i, k, b, n = 0, m = 0, qsize = qbits >> 3; - int counter = 0; - int r = 0; -- BN_CTX *ctx = NULL; -- unsigned int h = 2; - - if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && - qsize != SHA256_DIGEST_LENGTH) - /* invalid q size */ - return 0; - -- if (evpmd == NULL) -- /* use SHA1 as default */ -+ if (evpmd == NULL) { -+ if (qbits <= 160) - evpmd = EVP_sha1(); -+ else if (qbits <= 224) -+ evpmd = EVP_sha224(); -+ else -+ evpmd = EVP_sha256(); -+ } - - if (bits < 512) - bits = 512; - - bits = (bits + 63) / 64 * 64; - -- /* -- * NB: seed_len == 0 is special case: copy generated seed to seed_in if -- * it is not NULL. -- */ -- if (seed_len && (seed_len < (size_t)qsize)) -- seed_in = NULL; /* seed buffer too small -- ignore */ -- if (seed_len > (size_t)qsize) -- seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger -- * SEED, but our internal buffers are -- * restricted to 160 bits */ -- if (seed_in != NULL) -- memcpy(seed, seed_in, seed_len); -- -- if ((mont = BN_MONT_CTX_new()) == NULL) -- goto err; -- -- if ((ctx = BN_CTX_new()) == NULL) -- goto err; -- -- BN_CTX_start(ctx); -- - r0 = BN_CTX_get(ctx); -- g = BN_CTX_get(ctx); - W = BN_CTX_get(ctx); -- q = BN_CTX_get(ctx); -+ *q_ret = q = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - c = BN_CTX_get(ctx); -- p = BN_CTX_get(ctx); -+ *p_ret = p = BN_CTX_get(ctx); - test = BN_CTX_get(ctx); - - if (!BN_lshift(test, BN_value_one(), bits - 1)) - goto err; - -+ /* step 3 n = \lceil bits / qbits \rceil - 1 */ -+ n = (bits + qbits - 1) / qbits - 1; -+ /* step 4 b = bits - 1 - n * qbits */ -+ b = bits - 1 - n * qbits; -+ - for (;;) { - for (;;) { /* find q */ - int seed_is_random; - -- /* step 1 */ -+ /* step 5 generate seed */ - if (!BN_GENCB_call(cb, 0, m++)) + if (evpmd == NULL) { + if (N == 160) + evpmd = EVP_sha1(); +@@ -420,9 +450,10 @@ int dsa_builtin_paramgen2(DSA *ret, size goto err; - -- if (!seed_len || !seed_in) { -+ if (!seed_len) { - if (RAND_pseudo_bytes(seed, qsize) < 0) - goto err; - seed_is_random = 1; -@@ -206,29 +284,18 @@ int dsa_builtin_paramgen(DSA *ret, size_ - * be bad */ - } - memcpy(buf, seed, qsize); -- memcpy(buf2, seed, qsize); -- /* precompute "SEED + 1" for step 7: */ -- for (i = qsize - 1; i >= 0; i--) { -- buf[i]++; -- if (buf[i] != 0) -- break; -- } - -- /* step 2 */ -+ /* step 6 U = hash(seed) */ - if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL)) - goto err; -- if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) + /* Provided seed didn't produce a prime: error */ + if (seed_in) { +- ok = 0; +- DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_Q_NOT_PRIME); - goto err; -- for (i = 0; i < qsize; i++) -- md[i] ^= buf2[i]; - -- /* step 3 */ -+ /* step 7 q = 2^(qbits-1) + U + 1 - (U mod 2) */ - md[0] |= 0x80; - md[qsize - 1] |= 0x01; - if (!BN_bin2bn(md, qsize, q)) - goto err; - -- /* step 4 */ -+ /* step 8 test for prime (64 round of Rabin-Miller) */ - r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, - seed_is_random, cb); - if (r > 0) -@@ -236,8 +303,6 @@ int dsa_builtin_paramgen(DSA *ret, size_ - if (r != 0) - goto err; - -- /* do a callback call */ -- /* step 5 */ - } - - if (!BN_GENCB_call(cb, 2, 0)) -@@ -245,19 +310,16 @@ int dsa_builtin_paramgen(DSA *ret, size_ - if (!BN_GENCB_call(cb, 3, 0)) - goto err; - -- /* step 6 */ -+ /* step 11 */ - counter = 0; -- /* "offset = 2" */ -- -- n = (bits - 1) / 160; -+ /* "offset = 1" */ - - for (;;) { - if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) - goto err; - -- /* step 7 */ -+ /* step 11.1, 11.2 obtain W */ - BN_zero(W); -- /* now 'buf' contains "SEED + offset - 1" */ - for (k = 0; k <= n; k++) { - /* - * obtain "SEED + offset + k" by incrementing: -@@ -271,36 +333,37 @@ int dsa_builtin_paramgen(DSA *ret, size_ - if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL)) - goto err; - -- /* step 8 */ - if (!BN_bin2bn(md, qsize, r0)) - goto err; -- if (!BN_lshift(r0, r0, (qsize << 3) * k)) -+ if (k == n) -+ BN_mask_bits(r0, b); -+ if (!BN_lshift(r0, r0, qbits * k)) - goto err; - if (!BN_add(W, W, r0)) - goto err; ++ /* Different seed_out will indicate that seed_in ++ * did not generate primes. ++ */ ++ seed_in = NULL; } -- /* more of step 8 */ -- if (!BN_mask_bits(W, bits - 1)) -- goto err; -+ /* step 11.3 X = W + 2^(L-1) */ - if (!BN_copy(X, W)) - goto err; - if (!BN_add(X, X, test)) - goto err; - -- /* step 9 */ -+ /* step 11.4 c = X mod 2*q */ - if (!BN_lshift1(r0, q)) - goto err; - if (!BN_mod(c, X, r0, ctx)) - goto err; -+ -+ /* step 11.5 p = X - (c - 1) */ - if (!BN_sub(r0, c, BN_value_one())) - goto err; - if (!BN_sub(p, X, r0)) - goto err; - -- /* step 10 */ -+ /* step 11.6 */ - if (BN_cmp(p, test) >= 0) { -- /* step 11 */ -+ /* step 11.7 */ - r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb); - if (r > 0) - goto end; /* found it */ -@@ -308,12 +371,12 @@ int dsa_builtin_paramgen(DSA *ret, size_ - goto err; - } - -- /* step 13 */ -+ /* step 11.9 */ - counter++; - /* "offset = offset + n + 1" */ - -- /* step 14 */ -- if (counter >= 4096) -+ /* step 12 */ -+ if (counter >= 4 * bits) + /* do a callback call */ +@@ -508,11 +539,14 @@ int dsa_builtin_paramgen2(DSA *ret, size + if (counter >= (int)(4 * L)) break; } ++#if 0 ++ /* Cannot happen */ + if (seed_in) { + ok = 0; + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); + goto err; + } ++#endif } -@@ -321,7 +384,33 @@ int dsa_builtin_paramgen(DSA *ret, size_ + end: if (!BN_GENCB_call(cb, 2, 1)) - goto err; - -- /* We now need to generate g */ -+ ok = 1; -+ err: -+ if (ok) { -+ if (counter_ret != NULL) -+ *counter_ret = counter; -+ } -+ return ok; -+} -+ -+# ifndef OPENSSL_FIPS -+static -+# endif -+int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q, -+ BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb) -+{ -+ int ok = 0; -+ BIGNUM *r0, *test, *g = NULL; -+ BN_MONT_CTX *mont; -+ unsigned int h = 2; -+ -+ if ((mont = BN_MONT_CTX_new()) == NULL) -+ goto err; -+ -+ r0 = BN_CTX_get(ctx); -+ *g_ret = g = BN_CTX_get(ctx); -+ test = BN_CTX_get(ctx); -+ - /* Set r0=(p-1)/q */ - if (!BN_sub(test, p, BN_value_one())) - goto err; -@@ -350,46 +439,14 @@ int dsa_builtin_paramgen(DSA *ret, size_ - ok = 1; - err: - if (ok) { -- if (ret->p) -- BN_free(ret->p); -- if (ret->q) -- BN_free(ret->q); -- if (ret->g) -- BN_free(ret->g); -- ret->p = BN_dup(p); -- ret->q = BN_dup(q); -- ret->g = BN_dup(g); -- if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { -- ok = 0; -- goto err; -- } -- if (counter_ret != NULL) -- *counter_ret = counter; - if (h_ret != NULL) - *h_ret = h; -- if (seed_out) -- memcpy(seed_out, seed, qsize); -- } -- if (ctx) { -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); - } - if (mont != NULL) - BN_MONT_CTX_free(mont); +@@ -583,7 +617,7 @@ int dsa_builtin_paramgen2(DSA *ret, size + BN_free(ret->g); + ret->g = BN_dup(g); + if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { +- ok = -1; ++ ok = 0; + goto err; + } + if (counter_ret != NULL) +@@ -601,3 +635,53 @@ int dsa_builtin_paramgen2(DSA *ret, size + EVP_MD_CTX_free(mctx); return ok; } - --# ifdef OPENSSL_FIPS --# undef fips_dsa_builtin_paramgen2 --extern int fips_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, -- const EVP_MD *evpmd, -- const unsigned char *seed_in, -- size_t seed_len, int idx, -- unsigned char *seed_out, -- int *counter_ret, unsigned long *h_ret, -- BN_GENCB *cb); --# endif -- - /* - * This is a parameter generation algorithm for the DSA2 algorithm as - * described in FIPS 186-3. -@@ -415,14 +472,6 @@ int dsa_builtin_paramgen2(DSA *ret, size - EVP_MD_CTX mctx; - unsigned int h = 2; - --# ifdef OPENSSL_FIPS -- -- if (FIPS_mode()) -- return fips_dsa_builtin_paramgen2(ret, L, N, evpmd, -- seed_in, seed_len, idx, -- seed_out, counter_ret, h_ret, cb); --# endif -- - EVP_MD_CTX_init(&mctx); - - if (evpmd == NULL) { -diff -up openssl-1.0.2h/crypto/dsa/dsa.h.fips openssl-1.0.2h/crypto/dsa/dsa.h ---- openssl-1.0.2h/crypto/dsa/dsa.h.fips 2016-05-03 16:57:58.513313719 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsa.h 2016-05-03 16:57:58.821320992 +0200 -@@ -88,6 +88,8 @@ - # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 - # endif - -+# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 + - # define DSA_FLAG_CACHE_MONT_P 0x01 - /* - * new with 0.9.7h; the built-in DSA implementation now uses constant time -@@ -265,6 +267,20 @@ int DSA_print_fp(FILE *bp, const DSA *x, - DH *DSA_dup_DH(const DSA *r); - # endif - -+# ifdef OPENSSL_FIPS -+int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, -+ const EVP_MD *evpmd, -+ const unsigned char *seed_in, -+ size_t seed_len, int *counter_ret, -+ unsigned long *h_ret, BN_GENCB *cb); -+int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits, -+ const EVP_MD *evpmd, unsigned char *seed, -+ int seed_len, BIGNUM **p_ret, BIGNUM **q_ret, -+ int *counter_ret, BN_GENCB *cb); -+int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q, BIGNUM **g_ret, -+ unsigned long *h_ret, BN_GENCB *cb); -+# endif ++#ifdef OPENSSL_FIPS + - # define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ - EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) -@@ -287,11 +303,14 @@ void ERR_load_DSA_strings(void); - # define DSA_F_DO_DSA_PRINT 104 - # define DSA_F_DSAPARAMS_PRINT 100 - # define DSA_F_DSAPARAMS_PRINT_FP 101 --# define DSA_F_DSA_BUILTIN_PARAMGEN2 126 -+# define DSA_F_DSA_BUILTIN_KEYGEN 124 -+# define DSA_F_DSA_BUILTIN_PARAMGEN 123 -+# define DSA_F_DSA_BUILTIN_PARAMGEN2 226 - # define DSA_F_DSA_DO_SIGN 112 - # define DSA_F_DSA_DO_VERIFY 113 --# define DSA_F_DSA_GENERATE_KEY 124 --# define DSA_F_DSA_GENERATE_PARAMETERS_EX 123 -+# define DSA_F_DSA_GENERATE_KEY 126 -+# define DSA_F_DSA_GENERATE_PARAMETERS_EX 127 -+# define DSA_F_DSA_GENERATE_PARAMETERS /* unused */ 125 - # define DSA_F_DSA_NEW_METHOD 103 - # define DSA_F_DSA_PARAM_DECODE 119 - # define DSA_F_DSA_PRINT_FP 105 -@@ -317,12 +336,16 @@ void ERR_load_DSA_strings(void); - # define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 - # define DSA_R_DECODE_ERROR 104 - # define DSA_R_INVALID_DIGEST_TYPE 106 --# define DSA_R_INVALID_PARAMETERS 112 -+# define DSA_R_INVALID_PARAMETERS 212 -+# define DSA_R_KEY_SIZE_INVALID 113 -+# define DSA_R_KEY_SIZE_TOO_SMALL 110 - # define DSA_R_MISSING_PARAMETERS 101 - # define DSA_R_MODULUS_TOO_LARGE 103 --# define DSA_R_NEED_NEW_SETUP_VALUES 110 -+# define DSA_R_NEED_NEW_SETUP_VALUES 112 - # define DSA_R_NON_FIPS_DSA_METHOD 111 -+# define DSA_R_NON_FIPS_METHOD 111 - # define DSA_R_NO_PARAMETERS_SET 107 -+# define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE /* unused */ 112 - # define DSA_R_PARAMETER_ENCODING_ERROR 105 - # define DSA_R_Q_NOT_PRIME 113 ++int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, ++ const EVP_MD *evpmd, const unsigned char *seed_in, ++ size_t seed_len, int idx, unsigned char *seed_out, ++ int *counter_ret, unsigned long *h_ret, ++ BN_GENCB *cb) ++{ ++ return dsa_builtin_paramgen2(ret, L, N, evpmd, seed_in, seed_len, ++ idx, seed_out, counter_ret, h_ret, cb); ++} ++ ++int FIPS_dsa_paramgen_check_g(DSA *dsa) ++{ ++ BN_CTX *ctx; ++ BIGNUM *tmp; ++ BN_MONT_CTX *mont = NULL; ++ int rv = -1; ++ ++ ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return -1; ++ BN_CTX_start(ctx); ++ if (BN_cmp(dsa->g, BN_value_one()) <= 0) ++ return 0; ++ if (BN_cmp(dsa->g, dsa->p) >= 0) ++ return 0; ++ tmp = BN_CTX_get(ctx); ++ if (tmp == NULL) ++ goto err; ++ if ((mont=BN_MONT_CTX_new()) == NULL) ++ goto err; ++ if (!BN_MONT_CTX_set(mont,dsa->p,ctx)) ++ goto err; ++ /* Work out g^q mod p */ ++ if (!BN_mod_exp_mont(tmp,dsa->g,dsa->q, dsa->p, ctx, mont)) ++ goto err; ++ if (!BN_cmp(tmp, BN_value_one())) ++ rv = 1; ++ else ++ rv = 0; ++ err: ++ BN_CTX_end(ctx); ++ BN_MONT_CTX_free(mont); ++ BN_CTX_free(ctx); ++ return rv; ++} ++ ++#endif +diff -up openssl-1.1.0h/crypto/dsa/dsa_key.c.fips openssl-1.1.0h/crypto/dsa/dsa_key.c +--- openssl-1.1.0h/crypto/dsa/dsa_key.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/dsa/dsa_key.c 2018-03-29 14:44:24.628236689 +0200 +@@ -13,10 +13,49 @@ + #include + #include "dsa_locl.h" -diff -up openssl-1.0.2h/crypto/dsa/dsa_key.c.fips openssl-1.0.2h/crypto/dsa/dsa_key.c ---- openssl-1.0.2h/crypto/dsa/dsa_key.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsa_key.c 2016-05-03 16:57:58.822321016 +0200 -@@ -66,6 +66,34 @@ - - # ifdef OPENSSL_FIPS - # include -+# include ++#ifdef OPENSSL_FIPS ++# include ++# include "internal/fips_int.h" + +static int fips_check_dsa(DSA *dsa) +{ @@ -1043,104 +531,67 @@ diff -up openssl-1.0.2h/crypto/dsa/dsa_key.c.fips openssl-1.0.2h/crypto/dsa/dsa_ + return ret; +} + - # endif - ++#endif ++ static int dsa_builtin_keygen(DSA *dsa); -@@ -81,10 +109,6 @@ int DSA_generate_key(DSA *dsa) - # endif + + int DSA_generate_key(DSA *dsa) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD) ++ && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { ++ DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD); ++ return 0; ++ } ++#endif if (dsa->meth->dsa_keygen) return dsa->meth->dsa_keygen(dsa); --# ifdef OPENSSL_FIPS -- if (FIPS_mode()) -- return FIPS_dsa_generate_key(dsa); --# endif return dsa_builtin_keygen(dsa); - } - -@@ -94,6 +118,14 @@ static int dsa_builtin_keygen(DSA *dsa) +@@ -28,6 +67,14 @@ static int dsa_builtin_keygen(DSA *dsa) BN_CTX *ctx = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; -+# ifdef OPENSSL_FIPS ++#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) -+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) { ++ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN)) { + DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL); + goto err; + } -+# endif ++#endif + if ((ctx = BN_CTX_new()) == NULL) goto err; -@@ -131,6 +163,13 @@ static int dsa_builtin_keygen(DSA *dsa) +@@ -65,6 +112,13 @@ static int dsa_builtin_keygen(DSA *dsa) dsa->priv_key = priv_key; dsa->pub_key = pub_key; -+# ifdef OPENSSL_FIPS ++#ifdef OPENSSL_FIPS + if (FIPS_mode() && !fips_check_dsa(dsa)) { + dsa->pub_key = NULL; + dsa->priv_key = NULL; + goto err; + } -+# endif ++#endif ok = 1; err: -diff -up openssl-1.0.2h/crypto/dsa/dsa_lib.c.fips openssl-1.0.2h/crypto/dsa/dsa_lib.c ---- openssl-1.0.2h/crypto/dsa/dsa_lib.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsa_lib.c 2016-05-03 16:57:58.822321016 +0200 -@@ -86,14 +86,7 @@ void DSA_set_default_method(const DSA_ME - const DSA_METHOD *DSA_get_default_method(void) - { - if (!default_DSA_method) { --#ifdef OPENSSL_FIPS -- if (FIPS_mode()) -- return FIPS_dsa_openssl(); -- else -- return DSA_OpenSSL(); --#else - default_DSA_method = DSA_OpenSSL(); --#endif - } - return default_DSA_method; - } -diff -up openssl-1.0.2h/crypto/dsa/dsa_locl.h.fips openssl-1.0.2h/crypto/dsa/dsa_locl.h ---- openssl-1.0.2h/crypto/dsa/dsa_locl.h.fips 2016-05-03 16:57:58.515313767 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsa_locl.h 2016-05-03 16:57:58.822321016 +0200 -@@ -56,7 +56,7 @@ - - int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, - const EVP_MD *evpmd, const unsigned char *seed_in, -- size_t seed_len, unsigned char *seed_out, -+ size_t seed_len, - int *counter_ret, unsigned long *h_ret, - BN_GENCB *cb); - -diff -up openssl-1.0.2h/crypto/dsa/dsa_ossl.c.fips openssl-1.0.2h/crypto/dsa/dsa_ossl.c ---- openssl-1.0.2h/crypto/dsa/dsa_ossl.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsa_ossl.c 2016-05-03 16:57:58.822321016 +0200 -@@ -65,6 +65,9 @@ - #include - #include +diff -up openssl-1.1.0h/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0h/crypto/dsa/dsa_ossl.c +--- openssl-1.1.0h/crypto/dsa/dsa_ossl.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/dsa/dsa_ossl.c 2018-03-29 14:44:24.629236712 +0200 +@@ -15,6 +15,9 @@ + #include + #include "dsa_locl.h" #include +#ifdef OPENSSL_FIPS +# include +#endif static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); - static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, -@@ -83,7 +86,7 @@ static DSA_METHOD openssl_dsa_meth = { - NULL, /* dsa_bn_mod_exp, */ - dsa_init, - dsa_finish, -- 0, -+ DSA_FLAG_FIPS_METHOD, - NULL, - NULL, - NULL -@@ -140,6 +143,19 @@ static DSA_SIG *dsa_do_sign(const unsign + static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, +@@ -68,6 +71,19 @@ static DSA_SIG *dsa_do_sign(const unsign DSA_SIG *ret = NULL; - int noredo = 0; + int rv = 0; +#ifdef OPENSSL_FIPS + if (FIPS_selftest_failed()) { @@ -1155,10 +606,10 @@ diff -up openssl-1.0.2h/crypto/dsa/dsa_ossl.c.fips openssl-1.0.2h/crypto/dsa/dsa + } +#endif + - BN_init(&m); - BN_init(&xr); - -@@ -330,6 +346,18 @@ static int dsa_do_verify(const unsigned + m = BN_new(); + xr = BN_new(); + if (m == NULL || xr == NULL) +@@ -266,6 +282,18 @@ static int dsa_do_verify(const unsigned DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE); return -1; } @@ -1177,7 +628,7 @@ diff -up openssl-1.0.2h/crypto/dsa/dsa_ossl.c.fips openssl-1.0.2h/crypto/dsa/dsa if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE); -@@ -410,6 +438,9 @@ static int dsa_do_verify(const unsigned +@@ -354,6 +382,9 @@ static int dsa_do_verify(const unsigned static int dsa_init(DSA *dsa) { @@ -1187,167 +638,199 @@ diff -up openssl-1.0.2h/crypto/dsa/dsa_ossl.c.fips openssl-1.0.2h/crypto/dsa/dsa dsa->flags |= DSA_FLAG_CACHE_MONT_P; return (1); } -diff -up openssl-1.0.2h/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.2h/crypto/dsa/dsa_pmeth.c ---- openssl-1.0.2h/crypto/dsa/dsa_pmeth.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsa_pmeth.c 2016-05-03 16:57:58.822321016 +0200 -@@ -253,7 +253,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT - if (!dsa) +diff -up openssl-1.1.0h/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0h/crypto/dsa/dsa_pmeth.c +--- openssl-1.1.0h/crypto/dsa/dsa_pmeth.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/dsa/dsa_pmeth.c 2018-03-29 14:44:24.629236712 +0200 +@@ -212,8 +212,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT + BN_GENCB_free(pcb); return 0; - ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, + } +- ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, - NULL, 0, NULL, NULL, NULL, pcb); -+ NULL, 0, NULL, NULL, pcb); ++ ret = dsa_builtin_paramgen2(dsa, dctx->nbits, dctx->qbits, dctx->pmd, ++ NULL, 0, -1, NULL, NULL, NULL, pcb); + BN_GENCB_free(pcb); if (ret) EVP_PKEY_assign_DSA(pkey, dsa); - else -diff -up openssl-1.0.2h/crypto/dsa/dsatest.c.fips openssl-1.0.2h/crypto/dsa/dsatest.c ---- openssl-1.0.2h/crypto/dsa/dsatest.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/dsa/dsatest.c 2016-05-03 16:57:58.822321016 +0200 -@@ -100,36 +100,41 @@ static int MS_CALLBACK dsa_cb(int p, int - * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 - */ - static unsigned char seed[20] = { -- 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, 0xb6, 0x21, 0x1b, 0x40, -- 0x62, 0xba, 0x32, 0x24, 0xe0, 0x42, 0x7d, 0xd3, -+ 0x02, 0x47, 0x11, 0x92, 0x11, 0x88, 0xC8, 0xFB, 0xAF, 0x48, 0x4C, 0x62, -+ 0xDF, 0xA5, 0xBE, 0xA0, 0xA4, 0x3C, 0x56, 0xE3, - }; +diff -up openssl-1.1.0h/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0h/crypto/ec/ecdh_ossl.c +--- openssl-1.1.0h/crypto/ec/ecdh_ossl.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/ec/ecdh_ossl.c 2018-03-29 14:44:24.629236712 +0200 +@@ -33,9 +33,20 @@ + #include + #include "ec_lcl.h" - static unsigned char out_p[] = { -- 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa, -- 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb, -- 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7, -- 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5, -- 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf, -- 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac, -- 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2, -- 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91, -+ 0xAC, 0xCB, 0x1E, 0x63, 0x60, 0x69, 0x0C, 0xFB, 0x06, 0x19, 0x68, 0x3E, -+ 0xA5, 0x01, 0x5A, 0xA2, 0x15, 0x5C, 0xE2, 0x99, 0x2D, 0xD5, 0x30, 0x99, -+ 0x7E, 0x5F, 0x8D, 0xE2, 0xF7, 0xC6, 0x2E, 0x8D, 0xA3, 0x9F, 0x58, 0xAD, -+ 0xD6, 0xA9, 0x7D, 0x0E, 0x0D, 0x95, 0x53, 0xA6, 0x71, 0x3A, 0xDE, 0xAB, -+ 0xAC, 0xE9, 0xF4, 0x36, 0x55, 0x9E, 0xB9, 0xD6, 0x93, 0xBF, 0xF3, 0x18, -+ 0x1C, 0x14, 0x7B, 0xA5, 0x42, 0x2E, 0xCD, 0x00, 0xEB, 0x35, 0x3B, 0x1B, -+ 0xA8, 0x51, 0xBB, 0xE1, 0x58, 0x42, 0x85, 0x84, 0x22, 0xA7, 0x97, 0x5E, -+ 0x99, 0x6F, 0x38, 0x20, 0xBD, 0x9D, 0xB6, 0xD9, 0x33, 0x37, 0x2A, 0xFD, -+ 0xBB, 0xD4, 0xBC, 0x0C, 0x2A, 0x67, 0xCB, 0x9F, 0xBB, 0xDF, 0xF9, 0x93, -+ 0xAA, 0xD6, 0xF0, 0xD6, 0x95, 0x0B, 0x5D, 0x65, 0x14, 0xD0, 0x18, 0x9D, -+ 0xC6, 0xAF, 0xF0, 0xC6, 0x37, 0x7C, 0xF3, 0x5F, - }; - - static unsigned char out_q[] = { -- 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee, -- 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e, -- 0xda, 0xce, 0x91, 0x5f, -+ 0xE3, 0x8E, 0x5E, 0x6D, 0xBF, 0x2B, 0x79, 0xF8, 0xC5, 0x4B, 0x89, 0x8B, -+ 0xBA, 0x2D, 0x91, 0xC3, 0x6C, 0x80, 0xAC, 0x87, - }; - - static unsigned char out_g[] = { -- 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13, -- 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00, -- 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb, -- 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e, -- 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf, -- 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c, -- 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c, -- 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02, -+ 0x42, 0x4A, 0x04, 0x4E, 0x79, 0xB4, 0x99, 0x7F, 0xFD, 0x58, 0x36, 0x2C, -+ 0x1B, 0x5F, 0x18, 0x7E, 0x0D, 0xCC, 0xAB, 0x81, 0xC9, 0x5D, 0x10, 0xCE, -+ 0x4E, 0x80, 0x7E, 0x58, 0xB4, 0x34, 0x3F, 0xA7, 0x45, 0xC7, 0xAA, 0x36, -+ 0x24, 0x42, 0xA9, 0x3B, 0xE8, 0x0E, 0x04, 0x02, 0x2D, 0xFB, 0xA6, 0x13, -+ 0xB9, 0xB5, 0x15, 0xA5, 0x56, 0x07, 0x35, 0xE4, 0x03, 0xB6, 0x79, 0x7C, -+ 0x62, 0xDD, 0xDF, 0x3F, 0x71, 0x3A, 0x9D, 0x8B, 0xC4, 0xF6, 0xE7, 0x1D, -+ 0x52, 0xA8, 0xA9, 0x43, 0x1D, 0x33, 0x51, 0x88, 0x39, 0xBD, 0x73, 0xE9, -+ 0x5F, 0xBE, 0x82, 0x49, 0x27, 0xE6, 0xB5, 0x53, 0xC1, 0x38, 0xAC, 0x2F, -+ 0x6D, 0x97, 0x6C, 0xEB, 0x67, 0xC1, 0x5F, 0x67, 0xF8, 0x35, 0x05, 0x5E, -+ 0xD5, 0x68, 0x80, 0xAA, 0x96, 0xCA, 0x0B, 0x8A, 0xE6, 0xF1, 0xB1, 0x41, -+ 0xC6, 0x75, 0x94, 0x0A, 0x0A, 0x2A, 0xFA, 0x29, - }; - - static const unsigned char str1[] = "12345678901234567890"; -@@ -162,7 +167,7 @@ int main(int argc, char **argv) - BIO_printf(bio_err, "test generation of DSA parameters\n"); - - BN_GENCB_set(&cb, dsa_cb, bio_err); -- if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, -+ if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 1024, - seed, 20, - &counter, - &h, &cb)) -@@ -176,8 +181,8 @@ int main(int argc, char **argv) - BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h); - - DSA_print(bio_err, dsa, 0); -- if (counter != 105) { -- BIO_printf(bio_err, "counter should be 105\n"); -+ if (counter != 239) { -+ BIO_printf(bio_err, "counter should be 239\n"); - goto end; - } - if (h != 2) { -diff -up openssl-1.0.2h/crypto/engine/eng_all.c.fips openssl-1.0.2h/crypto/engine/eng_all.c ---- openssl-1.0.2h/crypto/engine/eng_all.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/engine/eng_all.c 2016-05-03 16:57:58.822321016 +0200 -@@ -59,11 +59,25 @@ - - #include "cryptlib.h" - #include "eng_int.h" +#ifdef OPENSSL_FIPS +# include +#endif - - void ENGINE_load_builtin_engines(void) ++ + int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen, + const EC_POINT *pub_key, const EC_KEY *ecdh) { - /* Some ENGINEs need this */ - OPENSSL_cpuid_setup(); +#ifdef OPENSSL_FIPS -+ OPENSSL_init_library(); -+ if (FIPS_mode()) { -+ /* We allow loading dynamic engine as a third party -+ engine might be FIPS validated. -+ User is disallowed to load non-validated engines -+ by security policy. */ -+ ENGINE_load_dynamic(); -+ return; ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_ECDH_COMPUTE_KEY, FIPS_R_FIPS_SELFTEST_FAILED); ++ return -1; + } +#endif - #if 0 - /* - * There's no longer any need for an "openssl" ENGINE unless, one day, it -diff -up openssl-1.0.2h/crypto/evp/c_allc.c.fips openssl-1.0.2h/crypto/evp/c_allc.c ---- openssl-1.0.2h/crypto/evp/c_allc.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/c_allc.c 2016-05-03 16:57:58.823321039 +0200 -@@ -65,6 +65,10 @@ - void OpenSSL_add_all_ciphers(void) ++ + if (ecdh->group->meth->ecdh_compute_key == NULL) { + ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); + return 0; +diff -up openssl-1.1.0h/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0h/crypto/ec/ecdsa_ossl.c +--- openssl-1.1.0h/crypto/ec/ecdsa_ossl.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/ec/ecdsa_ossl.c 2018-03-29 14:44:24.629236712 +0200 +@@ -15,6 +15,10 @@ + #include + #include "ec_lcl.h" + ++#ifdef OPENSSL_FIPS ++# include ++#endif ++ + int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) +@@ -217,6 +221,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns + ECDSA_SIG *ret; + const BIGNUM *priv_key; + ++#ifdef OPENSSL_FIPS ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_OSSL_ECDSA_SIGN_SIG, FIPS_R_FIPS_SELFTEST_FAILED); ++ return NULL; ++ } ++#endif ++ + group = EC_KEY_get0_group(eckey); + priv_key = EC_KEY_get0_private_key(eckey); + +@@ -366,6 +377,13 @@ int ossl_ecdsa_verify_sig(const unsigned + const EC_GROUP *group; + const EC_POINT *pub_key; + ++#ifdef OPENSSL_FIPS ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_OSSL_ECDSA_VERIFY_SIG, FIPS_R_FIPS_SELFTEST_FAILED); ++ return NULL; ++ } ++#endif ++ + /* check input values */ + if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || + (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { +diff -up openssl-1.1.0h/crypto/ec/ec_key.c.fips openssl-1.1.0h/crypto/ec/ec_key.c +--- openssl-1.1.0h/crypto/ec/ec_key.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/ec/ec_key.c 2018-03-29 14:44:24.630236736 +0200 +@@ -177,14 +177,61 @@ int EC_KEY_up_ref(EC_KEY *r) + return ((i > 1) ? 1 : 0); + } + ++#ifdef OPENSSL_FIPS ++ ++# include ++# include "internal/fips_int.h" ++ ++static int fips_check_ec(EC_KEY *key) ++{ ++ EVP_PKEY *pk; ++ unsigned char tbs[] = "ECDSA Pairwise Check Data"; ++ int ret = 0; ++ ++ if (!EC_KEY_can_sign(key)) /* no test for non-signing keys */ ++ return 1; ++ ++ if ((pk = EVP_PKEY_new()) == NULL) ++ goto err; ++ ++ EVP_PKEY_set1_EC_KEY(pk, key); ++ ++ if (fips_pkey_signature_test(pk, tbs, -1, NULL, 0, NULL, 0, NULL)) ++ ret = 1; ++ ++ err: ++ if (ret == 0) { ++ FIPSerr(FIPS_F_FIPS_CHECK_EC, FIPS_R_PAIRWISE_TEST_FAILED); ++ fips_set_selftest_fail(); ++ } ++ if (pk) ++ EVP_PKEY_free(pk); ++ return ret; ++} ++ ++#endif ++ + int EC_KEY_generate_key(EC_KEY *eckey) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_selftest_failed()) { ++ FIPSerr(EC_F_EC_KEY_GENERATE_KEY, FIPS_R_FIPS_SELFTEST_FAILED); ++ return 0; ++ } ++#endif + if (eckey == NULL || eckey->group == NULL) { + ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } +- if (eckey->meth->keygen != NULL) +- return eckey->meth->keygen(eckey); ++ if (eckey->meth->keygen != NULL) { ++ int rv = eckey->meth->keygen(eckey); ++#ifdef OPENSSL_FIPS ++ if (rv > 0 && FIPS_mode()) { ++ rv = fips_check_ec(eckey); ++ } ++#endif ++ return rv; ++ } + ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); + return 0; + } +diff -up openssl-1.1.0h/crypto/err/err_all.c.fips openssl-1.1.0h/crypto/err/err_all.c +--- openssl-1.1.0h/crypto/err/err_all.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/err/err_all.c 2018-03-29 14:44:24.630236736 +0200 +@@ -43,9 +43,6 @@ + int err_load_crypto_strings_int(void) + { + if ( +-#ifdef OPENSSL_FIPS +- FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata) == 0 || +-#endif + #ifndef OPENSSL_NO_ERR + ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */ + ERR_load_BN_strings() == 0 || +diff -up openssl-1.1.0h/crypto/evp/c_allc.c.fips openssl-1.1.0h/crypto/evp/c_allc.c +--- openssl-1.1.0h/crypto/evp/c_allc.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/evp/c_allc.c 2018-03-29 14:44:24.630236736 +0200 +@@ -17,6 +17,9 @@ + void openssl_add_all_ciphers_int(void) { +#ifdef OPENSSL_FIPS -+ OPENSSL_init_library(); + if (!FIPS_mode()) { +#endif #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cfb()); EVP_add_cipher(EVP_des_cfb1()); -@@ -238,4 +242,64 @@ void OpenSSL_add_all_ciphers(void) - EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256"); - EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256"); +@@ -217,4 +220,70 @@ void openssl_add_all_ciphers_int(void) + EVP_add_cipher(EVP_chacha20_poly1305()); + # endif #endif +#ifdef OPENSSL_FIPS + } else { +# ifndef OPENSSL_NO_DES -+ EVP_add_cipher(EVP_des_ede_cfb()); + EVP_add_cipher(EVP_des_ede3_cfb()); + -+ EVP_add_cipher(EVP_des_ede_ofb()); + EVP_add_cipher(EVP_des_ede3_ofb()); + -+ EVP_add_cipher(EVP_des_ede_cbc()); + EVP_add_cipher(EVP_des_ede3_cbc()); + EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3"); + EVP_add_cipher_alias(SN_des_ede3_cbc, "des3"); + -+ EVP_add_cipher(EVP_des_ede()); + EVP_add_cipher(EVP_des_ede3()); ++ EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB"); ++ EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb"); ++ EVP_add_cipher(EVP_des_ede3_wrap()); ++ EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap"); +# endif + +# ifndef OPENSSL_NO_AES @@ -1362,6 +845,8 @@ diff -up openssl-1.0.2h/crypto/evp/c_allc.c.fips openssl-1.0.2h/crypto/evp/c_all + EVP_add_cipher(EVP_aes_128_xts()); + EVP_add_cipher(EVP_aes_128_ccm()); + EVP_add_cipher(EVP_aes_128_wrap()); ++ EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap"); ++ EVP_add_cipher(EVP_aes_128_wrap_pad()); + EVP_add_cipher_alias(SN_aes_128_cbc, "AES128"); + EVP_add_cipher_alias(SN_aes_128_cbc, "aes128"); + EVP_add_cipher(EVP_aes_192_ecb()); @@ -1374,6 +859,8 @@ diff -up openssl-1.0.2h/crypto/evp/c_allc.c.fips openssl-1.0.2h/crypto/evp/c_all + EVP_add_cipher(EVP_aes_192_gcm()); + EVP_add_cipher(EVP_aes_192_ccm()); + EVP_add_cipher(EVP_aes_192_wrap()); ++ EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap"); ++ EVP_add_cipher(EVP_aes_192_wrap_pad()); + EVP_add_cipher_alias(SN_aes_192_cbc, "AES192"); + EVP_add_cipher_alias(SN_aes_192_cbc, "aes192"); + EVP_add_cipher(EVP_aes_256_ecb()); @@ -1387,188 +874,70 @@ diff -up openssl-1.0.2h/crypto/evp/c_allc.c.fips openssl-1.0.2h/crypto/evp/c_all + EVP_add_cipher(EVP_aes_256_xts()); + EVP_add_cipher(EVP_aes_256_ccm()); + EVP_add_cipher(EVP_aes_256_wrap()); ++ EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap"); ++ EVP_add_cipher(EVP_aes_256_wrap_pad()); + EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); + EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); +# endif + } +#endif } -diff -up openssl-1.0.2h/crypto/evp/c_alld.c.fips openssl-1.0.2h/crypto/evp/c_alld.c ---- openssl-1.0.2h/crypto/evp/c_alld.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/c_alld.c 2016-05-03 16:57:58.823321039 +0200 -@@ -64,51 +64,81 @@ +diff -up openssl-1.1.0h/crypto/evp/c_alld.c.fips openssl-1.1.0h/crypto/evp/c_alld.c +--- openssl-1.1.0h/crypto/evp/c_alld.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/evp/c_alld.c 2018-03-29 14:44:24.630236736 +0200 +@@ -16,6 +16,9 @@ - void OpenSSL_add_all_digests(void) + void openssl_add_all_digests_int(void) { +#ifdef OPENSSL_FIPS -+ OPENSSL_init_library(); + if (!FIPS_mode()) { +#endif #ifndef OPENSSL_NO_MD4 -- EVP_add_digest(EVP_md4()); -+ EVP_add_digest(EVP_md4()); + EVP_add_digest(EVP_md4()); #endif - #ifndef OPENSSL_NO_MD5 -- EVP_add_digest(EVP_md5()); -- EVP_add_digest_alias(SN_md5, "ssl2-md5"); -- EVP_add_digest_alias(SN_md5, "ssl3-md5"); -+ EVP_add_digest(EVP_md5()); -+ EVP_add_digest_alias(SN_md5, "ssl2-md5"); -+ EVP_add_digest_alias(SN_md5, "ssl3-md5"); +@@ -46,4 +49,15 @@ void openssl_add_all_digests_int(void) + EVP_add_digest(EVP_blake2b512()); + EVP_add_digest(EVP_blake2s256()); #endif - #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) -- EVP_add_digest(EVP_sha()); -+ EVP_add_digest(EVP_sha()); - # ifndef OPENSSL_NO_DSA -- EVP_add_digest(EVP_dss()); -+ EVP_add_digest(EVP_dss()); - # endif - #endif - #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -- EVP_add_digest(EVP_sha1()); -- EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); -- EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -+ EVP_add_digest(EVP_sha1()); -+ EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); -+ EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); - # ifndef OPENSSL_NO_DSA -- EVP_add_digest(EVP_dss1()); -- EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); -- EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); -- EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); -+ EVP_add_digest(EVP_dss1()); -+ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); -+ EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); -+ EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); - # endif - # ifndef OPENSSL_NO_ECDSA -- EVP_add_digest(EVP_ecdsa()); -+ EVP_add_digest(EVP_ecdsa()); - # endif - #endif - #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) -- EVP_add_digest(EVP_mdc2()); -+ EVP_add_digest(EVP_mdc2()); - #endif - #ifndef OPENSSL_NO_RIPEMD -- EVP_add_digest(EVP_ripemd160()); -- EVP_add_digest_alias(SN_ripemd160, "ripemd"); -- EVP_add_digest_alias(SN_ripemd160, "rmd160"); -+ EVP_add_digest(EVP_ripemd160()); -+ EVP_add_digest_alias(SN_ripemd160, "ripemd"); -+ EVP_add_digest_alias(SN_ripemd160, "rmd160"); - #endif - #ifndef OPENSSL_NO_SHA256 -- EVP_add_digest(EVP_sha224()); -- EVP_add_digest(EVP_sha256()); -+ EVP_add_digest(EVP_sha224()); -+ EVP_add_digest(EVP_sha256()); - #endif - #ifndef OPENSSL_NO_SHA512 -- EVP_add_digest(EVP_sha384()); -- EVP_add_digest(EVP_sha512()); -+ EVP_add_digest(EVP_sha384()); -+ EVP_add_digest(EVP_sha512()); - #endif - #ifndef OPENSSL_NO_WHIRLPOOL -- EVP_add_digest(EVP_whirlpool()); -+ EVP_add_digest(EVP_whirlpool()); -+#endif +#ifdef OPENSSL_FIPS + } else { -+# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) + EVP_add_digest(EVP_sha1()); + EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); + EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -+# ifndef OPENSSL_NO_DSA -+ EVP_add_digest(EVP_dss1()); -+ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); -+ EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); -+ EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); -+# endif -+# ifndef OPENSSL_NO_ECDSA -+ EVP_add_digest(EVP_ecdsa()); -+# endif -+# endif -+# ifndef OPENSSL_NO_SHA256 + EVP_add_digest(EVP_sha224()); + EVP_add_digest(EVP_sha256()); -+# endif -+# ifndef OPENSSL_NO_SHA512 + EVP_add_digest(EVP_sha384()); + EVP_add_digest(EVP_sha512()); -+# endif + } - #endif - } -diff -up openssl-1.0.2h/crypto/evp/digest.c.fips openssl-1.0.2h/crypto/evp/digest.c ---- openssl-1.0.2h/crypto/evp/digest.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/digest.c 2016-05-03 16:59:54.090042781 +0200 -@@ -143,18 +143,55 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons - return EVP_DigestInit_ex(ctx, type, NULL); - } - -+#ifdef OPENSSL_FIPS -+ -+/* The purpose of these is to trap programs that attempt to use non FIPS -+ * algorithms in FIPS mode and ignore the errors. -+ */ -+ -+static int bad_init(EVP_MD_CTX *ctx) -+{ -+ FIPS_ERROR_IGNORED("Digest init"); -+ return 0; -+} -+ -+static int bad_update(EVP_MD_CTX *ctx, const void *data, size_t count) -+{ -+ FIPS_ERROR_IGNORED("Digest update"); -+ return 0; -+} -+ -+static int bad_final(EVP_MD_CTX *ctx, unsigned char *md) -+{ -+ FIPS_ERROR_IGNORED("Digest Final"); -+ return 0; -+} -+ -+static const EVP_MD bad_md = { -+ 0, -+ 0, -+ 0, -+ 0, -+ bad_init, -+ bad_update, -+ bad_final, -+ NULL, -+ NULL, -+ NULL, -+ 0, -+ {0, 0, 0, 0}, -+}; -+ +#endif -+ + } +diff -up openssl-1.1.0h/crypto/evp/digest.c.fips openssl-1.1.0h/crypto/evp/digest.c +--- openssl-1.1.0h/crypto/evp/digest.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/evp/digest.c 2018-03-29 14:44:24.630236736 +0200 +@@ -14,6 +14,9 @@ + #include + #include "internal/evp_int.h" + #include "evp_locl.h" ++#ifdef OPENSSL_FIPS ++# include ++#endif + + /* This call frees resources associated with the context */ + int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) +@@ -61,6 +64,12 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); - #ifdef OPENSSL_FIPS -- /* If FIPS mode switch to approved implementation if possible */ -- if (FIPS_mode()) { -- const EVP_MD *fipsmd; -- if (type) { -- fipsmd = evp_get_fips_md(type); -- if (fipsmd) -- type = fipsmd; -- } ++#ifdef OPENSSL_FIPS + if (FIPS_selftest_failed()) { + FIPSerr(FIPS_F_EVP_DIGESTINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED); -+ ctx->digest = &bad_md; + return 0; - } - #endif ++ } ++#endif #ifndef OPENSSL_NO_ENGINE -@@ -212,6 +249,16 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c + /* + * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so +@@ -114,6 +123,15 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c } #endif if (ctx->digest != type) { @@ -1577,49 +946,25 @@ diff -up openssl-1.0.2h/crypto/evp/digest.c.fips openssl-1.0.2h/crypto/evp/diges + if (!(type->flags & EVP_MD_FLAG_FIPS) + && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) { + EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); -+ ctx->digest = &bad_md; + return 0; + } + } +#endif if (ctx->digest && ctx->digest->ctx_size) { - OPENSSL_free(ctx->md_data); + OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); ctx->md_data = NULL; -@@ -238,25 +285,15 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c - } - if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) - return 1; --#ifdef OPENSSL_FIPS -- if (FIPS_mode()) { -- if (FIPS_digestinit(ctx, type)) -- return 1; -- OPENSSL_free(ctx->md_data); -- ctx->md_data = NULL; -- return 0; -- } --#endif - return ctx->digest->init(ctx); - } +@@ -145,6 +163,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { - #ifdef OPENSSL_FIPS -- return FIPS_digestupdate(ctx, data, count); --#else -- return ctx->update(ctx, data, count); ++#ifdef OPENSSL_FIPS + FIPS_selftest_check(); - #endif -+ return ctx->update(ctx, data, count); ++#endif + return ctx->update(ctx, data, count); } - /* The caller can assume that this removes any secret data from the context */ -@@ -271,11 +308,11 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns - /* The caller can assume that this removes any secret data from the context */ - int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) +@@ -162,6 +183,9 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, { --#ifdef OPENSSL_FIPS -- return FIPS_digestfinal(ctx, md, size); --#else int ret; +#ifdef OPENSSL_FIPS @@ -1628,72 +973,59 @@ diff -up openssl-1.0.2h/crypto/evp/digest.c.fips openssl-1.0.2h/crypto/evp/diges OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (size != NULL) -@@ -286,7 +323,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, - } - memset(ctx->md_data, 0, ctx->digest->ctx_size); - return ret; --#endif +diff -up openssl-1.1.0h/crypto/evp/e_aes.c.fips openssl-1.1.0h/crypto/evp/e_aes.c +--- openssl-1.1.0h/crypto/evp/e_aes.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/evp/e_aes.c 2018-03-29 14:44:24.631236760 +0200 +@@ -1263,9 +1263,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX + return 1; } - int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) -@@ -375,7 +411,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) - /* This call frees resources associated with the context */ - int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) +-BLOCK_CIPHER_generic_pack(NID_aes, 128, 0) +- BLOCK_CIPHER_generic_pack(NID_aes, 192, 0) +- BLOCK_CIPHER_generic_pack(NID_aes, 256, 0) ++BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS) ++ BLOCK_CIPHER_generic_pack(NID_aes, 192, EVP_CIPH_FLAG_FIPS) ++ BLOCK_CIPHER_generic_pack(NID_aes, 256, EVP_CIPH_FLAG_FIPS) + + static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) { --#ifndef OPENSSL_FIPS - /* - * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because - * sometimes only copies of the context are ever finalised. -@@ -388,7 +423,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) - OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); - OPENSSL_free(ctx->md_data); - } --#endif - if (ctx->pctx) - EVP_PKEY_CTX_free(ctx->pctx); - #ifndef OPENSSL_NO_ENGINE -@@ -399,9 +433,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) - */ - ENGINE_finish(ctx->engine); - #endif --#ifdef OPENSSL_FIPS -- FIPS_md_ctx_cleanup(ctx); --#endif - memset(ctx, '\0', sizeof *ctx); - - return 1; -diff -up openssl-1.0.2h/crypto/evp/e_aes.c.fips openssl-1.0.2h/crypto/evp/e_aes.c ---- openssl-1.0.2h/crypto/evp/e_aes.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/e_aes.c 2016-05-03 16:57:58.823321039 +0200 -@@ -60,9 +60,6 @@ - # include "modes_lcl.h" - # include - --# undef EVP_CIPH_FLAG_FIPS --# define EVP_CIPH_FLAG_FIPS 0 -- - typedef struct { - union { - double align; -@@ -1159,6 +1156,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * - case EVP_CTRL_GCM_SET_IVLEN: +@@ -1311,6 +1311,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * + case EVP_CTRL_AEAD_SET_IVLEN: if (arg <= 0) return 0; +# ifdef OPENSSL_FIPS -+ if (FIPS_module_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) ++ if (FIPS_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) + && arg < 12) + return 0; +# endif /* Allocate memory for IV if needed */ if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { - if (gctx->iv != c->iv) -@@ -1727,6 +1729,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX + if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c)) +@@ -1771,11 +1776,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX + | EVP_CIPH_CUSTOM_COPY) + + BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | ++ CUSTOM_FLAGS) + BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | ++ CUSTOM_FLAGS) + BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | ++ CUSTOM_FLAGS) + + static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + { +@@ -1910,6 +1918,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX return 0; if (!out || !in || len < AES_BLOCK_SIZE) return 0; +# ifdef OPENSSL_FIPS + /* Requirement of SP800-38E */ -+ if (FIPS_module_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && ++ if (FIPS_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && + (len > (1UL << 20) * 16)) { + EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE); + return 0; @@ -1701,159 +1033,147 @@ diff -up openssl-1.0.2h/crypto/evp/e_aes.c.fips openssl-1.0.2h/crypto/evp/e_aes. +# endif if (xctx->stream) (*xctx->stream) (in, out, len, - xctx->xts.key1, xctx->xts.key2, ctx->iv); -diff -up openssl-1.0.2h/crypto/evp/e_des3.c.fips openssl-1.0.2h/crypto/evp/e_des3.c ---- openssl-1.0.2h/crypto/evp/e_des3.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/e_des3.c 2016-05-03 16:57:58.823321039 +0200 -@@ -65,10 +65,6 @@ - # include - # include + xctx->xts.key1, xctx->xts.key2, +@@ -1927,8 +1943,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ + | EVP_CIPH_CUSTOM_COPY) + +-BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS) +- BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS) ++BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, ++ EVP_CIPH_FLAG_FIPS | XTS_FLAGS) ++ BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, ++ EVP_CIPH_FLAG_FIPS | XTS_FLAGS) + + static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + { +@@ -2192,11 +2210,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX + #define aes_ccm_cleanup NULL + + BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) + BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) + BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) --/* Block use of implementations in FIPS mode */ --# undef EVP_CIPH_FLAG_FIPS --# define EVP_CIPH_FLAG_FIPS 0 -- typedef struct { union { - double align; -diff -up openssl-1.0.2h/crypto/evp/e_null.c.fips openssl-1.0.2h/crypto/evp/e_null.c ---- openssl-1.0.2h/crypto/evp/e_null.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/e_null.c 2016-05-03 16:57:58.824321063 +0200 -@@ -68,7 +68,7 @@ static int null_cipher(EVP_CIPHER_CTX *c +@@ -2289,7 +2307,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT + return rv ? (int)rv : -1; + } + +-#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE \ ++#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_FLAG_FIPS \ + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) + +diff -up openssl-1.1.0h/crypto/evp/e_des3.c.fips openssl-1.1.0h/crypto/evp/e_des3.c +--- openssl-1.1.0h/crypto/evp/e_des3.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/evp/e_des3.c 2018-03-29 14:44:24.631236760 +0200 +@@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, + # define des_ede3_cbc_cipher des_ede_cbc_cipher + # define des_ede3_ecb_cipher des_ede_ecb_cipher + BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, +- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, +- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) ++ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | ++ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, ++ des3_ctrl) + + BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, +- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, +- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) ++ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | ++ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, ++ NULL, des3_ctrl) + + BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, +- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, +- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) ++ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | ++ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, ++ NULL, des3_ctrl) + + static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +diff -up openssl-1.1.0h/crypto/evp/e_null.c.fips openssl-1.1.0h/crypto/evp/e_null.c +--- openssl-1.1.0h/crypto/evp/e_null.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/evp/e_null.c 2018-03-29 14:44:24.631236760 +0200 +@@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c + const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { NID_undef, - 1, 0, 0, -- 0, +- 1, 0, 0, 0, ++ 1, 0, 0, + EVP_CIPH_FLAG_FIPS, null_init_key, null_cipher, NULL, -diff -up openssl-1.0.2h/crypto/evp/evp_enc.c.fips openssl-1.0.2h/crypto/evp/evp_enc.c ---- openssl-1.0.2h/crypto/evp/evp_enc.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/evp_enc.c 2016-05-03 16:57:58.824321063 +0200 -@@ -69,16 +69,73 @@ - #endif +diff -up openssl-1.1.0h/crypto/evp/evp_enc.c.fips openssl-1.1.0h/crypto/evp/evp_enc.c +--- openssl-1.1.0h/crypto/evp/evp_enc.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/evp/evp_enc.c 2018-03-29 14:44:24.631236760 +0200 +@@ -16,10 +16,19 @@ + #include + #include "internal/evp_int.h" #include "evp_locl.h" - --#ifdef OPENSSL_FIPS --# define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl) --#else --# define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl) --#endif -+#define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl) - - const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT; - +#ifdef OPENSSL_FIPS -+ -+/* The purpose of these is to trap programs that attempt to use non FIPS -+ * algorithms in FIPS mode and ignore the errors. -+ */ -+ -+static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, -+ const unsigned char *iv, int enc) -+{ -+ FIPS_ERROR_IGNORED("Cipher init"); -+ return 0; -+} -+ -+static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, -+ const unsigned char *in, unsigned int inl) -+{ -+ FIPS_ERROR_IGNORED("Cipher update"); -+ return 0; -+} -+ -+/* NB: no cleanup because it is allowed after failed init */ -+ -+static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) -+{ -+ FIPS_ERROR_IGNORED("Cipher set_asn1"); -+ return 0; -+} -+ -+static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) -+{ -+ FIPS_ERROR_IGNORED("Cipher get_asn1"); -+ return 0; -+} -+ -+static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -+{ -+ FIPS_ERROR_IGNORED("Cipher ctrl"); -+ return 0; -+} -+ -+static const EVP_CIPHER bad_cipher = { -+ 0, -+ 0, -+ 0, -+ 0, -+ 0, -+ bad_init, -+ bad_do_cipher, -+ NULL, -+ 0, -+ bad_set_asn1, -+ bad_get_asn1, -+ bad_ctrl, -+ NULL -+}; -+ ++# include +#endif -+ - void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) + + int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c) + { +- if (c == NULL) ++#ifdef OPENSSL_FIPS ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_EVP_CIPHER_CTX_RESET, FIPS_R_FIPS_SELFTEST_FAILED); ++ return 0; ++ } ++#endif ++ if (c == NULL) + return 1; + if (c->cipher != NULL) { + if (c->cipher->cleanup && !c->cipher->cleanup(c)) +@@ -38,6 +47,12 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX + + EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { +#ifdef OPENSSL_FIPS -+ FIPS_selftest_check(); ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_EVP_CIPHER_CTX_NEW, FIPS_R_FIPS_SELFTEST_FAILED); ++ return NULL; ++ } +#endif - memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); - /* ctx->cipher=NULL; */ + return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX)); } -@@ -110,6 +167,13 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct + +@@ -66,6 +81,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct enc = 1; ctx->encrypt = enc; } +#ifdef OPENSSL_FIPS + if (FIPS_selftest_failed()) { + FIPSerr(FIPS_F_EVP_CIPHERINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED); -+ ctx->cipher = &bad_cipher; + return 0; + } +#endif #ifndef OPENSSL_NO_ENGINE /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so -@@ -168,16 +232,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct - ctx->engine = NULL; - #endif - --#ifdef OPENSSL_FIPS -- if (FIPS_mode()) { -- const EVP_CIPHER *fcipher; -- if (cipher) -- fcipher = evp_get_fips_cipher(cipher); -- if (fcipher) -- cipher = fcipher; -- return FIPS_cipherinit(ctx, cipher, key, iv, enc); -- } --#endif - ctx->cipher = cipher; - if (ctx->cipher->ctx_size) { - ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size); -@@ -204,10 +258,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct - #ifndef OPENSSL_NO_ENGINE - skip_to_init: - #endif --#ifdef OPENSSL_FIPS -- if (FIPS_mode()) -- return FIPS_cipherinit(ctx, cipher, key, iv, enc); --#endif - /* we assume block size is a power of 2 in *cryptUpdate */ - OPENSSL_assert(ctx->cipher->block_size == 1 - || ctx->cipher->block_size == 8 -@@ -253,6 +303,19 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct - break; +@@ -135,7 +156,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct + } + ctx->key_len = cipher->key_len; + /* Preserve wrap enable flag, zero everything else */ +- ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; ++ ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW | EVP_CIPH_FLAG_NON_FIPS_ALLOW; + if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { + ctx->cipher = NULL; +@@ -194,6 +215,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct + return 0; } } +#ifdef OPENSSL_FIPS @@ -1864,7 +1184,6 @@ diff -up openssl-1.0.2h/crypto/evp/evp_enc.c.fips openssl-1.0.2h/crypto/evp/evp_ + if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS) + & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS); -+ ctx->cipher = &bad_cipher; + return 0; + } + } @@ -1872,103 +1191,37 @@ diff -up openssl-1.0.2h/crypto/evp/evp_enc.c.fips openssl-1.0.2h/crypto/evp/evp_ if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if (!ctx->cipher->init(ctx, key, iv, enc)) -@@ -554,7 +617,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX - - int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) - { --#ifndef OPENSSL_FIPS - if (c->cipher != NULL) { - if (c->cipher->cleanup && !c->cipher->cleanup(c)) - return 0; -@@ -564,7 +626,6 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT - } - if (c->cipher_data) - OPENSSL_free(c->cipher_data); --#endif - #ifndef OPENSSL_NO_ENGINE - if (c->engine) - /* -@@ -573,9 +634,6 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT - */ - ENGINE_finish(c->engine); - #endif --#ifdef OPENSSL_FIPS -- FIPS_cipher_ctx_cleanup(c); --#endif - memset(c, 0, sizeof(EVP_CIPHER_CTX)); - return 1; - } -diff -up openssl-1.0.2h/crypto/evp/evp.h.fips openssl-1.0.2h/crypto/evp/evp.h ---- openssl-1.0.2h/crypto/evp/evp.h.fips 2016-05-03 16:57:58.690317899 +0200 -+++ openssl-1.0.2h/crypto/evp/evp.h 2016-05-03 16:57:58.824321063 +0200 -@@ -122,6 +122,10 @@ - extern "C" { - #endif - -+# ifdef OPENSSL_FIPS -+# include -+# endif -+ - /* - * Type needs to be a bit field Sub-type needs to be for variations on the - * method, as in, can it do arbitrary encryption.... -@@ -285,11 +289,6 @@ struct env_md_ctx_st { - * cleaned */ - # define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data - * in EVP_MD_CTX_cleanup */ --/* -- * FIPS and pad options are ignored in 1.0.0, definitions are here so we -- * don't accidentally reuse the values for other purposes. -- */ -- - # define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS - * digest in FIPS mode */ - -@@ -302,6 +301,10 @@ struct env_md_ctx_st { - # define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ - # define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ - # define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ -+# define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \ -+ ((ctx->flags>>16) &0xFFFF) /* seed length */ -+# define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF/* salt len same as digest */ -+# define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE/* salt max or auto recovered */ - - # define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ - -@@ -363,15 +366,15 @@ struct evp_cipher_st { - /* cipher handles random key generation */ - # define EVP_CIPH_RAND_KEY 0x200 - /* cipher has its own additional copying logic */ --# define EVP_CIPH_CUSTOM_COPY 0x400 -+# define EVP_CIPH_CUSTOM_COPY 0x4000 - /* Allow use default ASN1 get/set iv */ - # define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 - /* Buffer length in bits not bytes: CFB1 mode only */ - # define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 - /* Note if suitable for use in FIPS mode */ --# define EVP_CIPH_FLAG_FIPS 0x4000 -+# define EVP_CIPH_FLAG_FIPS 0x400 - /* Allow non FIPS cipher in FIPS mode */ --# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 -+# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 - /* - * Cipher handles any and all padding logic as well as finalisation. - */ -diff -up openssl-1.0.2h/crypto/evp/evp_lib.c.fips openssl-1.0.2h/crypto/evp/evp_lib.c ---- openssl-1.0.2h/crypto/evp/evp_lib.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/evp_lib.c 2016-05-03 16:57:58.824321063 +0200 -@@ -60,10 +60,6 @@ - #include "cryptlib.h" - #include - #include --#ifdef OPENSSL_FIPS --# include --# include "evp_locl.h" --#endif - - int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) - { -@@ -224,6 +220,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_ +diff -up openssl-1.1.0h/crypto/evp/evp_err.c.fips openssl-1.1.0h/crypto/evp/evp_err.c +--- openssl-1.1.0h/crypto/evp/evp_err.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/evp/evp_err.c 2018-03-29 14:44:24.631236760 +0200 +@@ -24,6 +24,7 @@ static ERR_STRING_DATA EVP_str_functs[] + {ERR_FUNC(EVP_F_AES_OCB_CIPHER), "aes_ocb_cipher"}, + {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"}, + {ERR_FUNC(EVP_F_AES_WRAP_CIPHER), "aes_wrap_cipher"}, ++ {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "aes_xts_cipher"}, + {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"}, + {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"}, + {ERR_FUNC(EVP_F_CHACHA20_POLY1305_CTRL), "chacha20_poly1305_ctrl"}, +@@ -111,6 +112,7 @@ static ERR_STRING_DATA EVP_str_reasons[] + {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"}, + {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"}, + {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"}, ++ {ERR_REASON(EVP_R_DISABLED_FOR_FIPS), "disabled for FIPS"}, + {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"}, + {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"}, + {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"}, +@@ -150,6 +152,7 @@ static ERR_STRING_DATA EVP_str_reasons[] + {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, + {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, + {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, ++ {ERR_REASON(EVP_R_TOO_LARGE), "too large"}, + {ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, + {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"}, + {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"}, +diff -up openssl-1.1.0h/crypto/evp/evp_lib.c.fips openssl-1.1.0h/crypto/evp/evp_lib.c +--- openssl-1.1.0h/crypto/evp/evp_lib.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/evp/evp_lib.c 2018-03-29 14:44:24.631236760 +0200 +@@ -180,6 +180,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { @@ -1978,266 +1231,77 @@ diff -up openssl-1.0.2h/crypto/evp/evp_lib.c.fips openssl-1.0.2h/crypto/evp/evp_ return ctx->cipher->do_cipher(ctx, out, in, inl); } -@@ -234,22 +233,12 @@ const EVP_CIPHER *EVP_CIPHER_CTX_cipher( - - unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) - { --#ifdef OPENSSL_FIPS -- const EVP_CIPHER *fcipher; -- fcipher = evp_get_fips_cipher(cipher); -- if (fcipher && fcipher->flags & EVP_CIPH_FLAG_FIPS) -- return cipher->flags | EVP_CIPH_FLAG_FIPS; --#endif - return cipher->flags; - } - - unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) - { --#ifdef OPENSSL_FIPS -- return EVP_CIPHER_flags(ctx->cipher); --#else - return ctx->cipher->flags; --#endif - } - - void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) -@@ -316,40 +305,8 @@ int EVP_MD_size(const EVP_MD *md) - return md->md_size; - } - --#ifdef OPENSSL_FIPS -- --const EVP_MD *evp_get_fips_md(const EVP_MD *md) --{ -- int nid = EVP_MD_type(md); -- if (nid == NID_dsa) -- return FIPS_evp_dss1(); -- else if (nid == NID_dsaWithSHA) -- return FIPS_evp_dss(); -- else if (nid == NID_ecdsa_with_SHA1) -- return FIPS_evp_ecdsa(); -- else -- return FIPS_get_digestbynid(nid); --} -- --const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher) --{ -- int nid = cipher->nid; -- if (nid == NID_undef) -- return FIPS_evp_enc_null(); -- else -- return FIPS_get_cipherbynid(nid); --} -- --#endif -- - unsigned long EVP_MD_flags(const EVP_MD *md) - { --#ifdef OPENSSL_FIPS -- const EVP_MD *fmd; -- fmd = evp_get_fips_md(md); -- if (fmd && fmd->flags & EVP_MD_FLAG_FIPS) -- return md->flags | EVP_MD_FLAG_FIPS; --#endif - return md->flags; - } - -diff -up openssl-1.0.2h/crypto/evp/evp_locl.h.fips openssl-1.0.2h/crypto/evp/evp_locl.h ---- openssl-1.0.2h/crypto/evp/evp_locl.h.fips 2016-05-03 16:57:58.684317757 +0200 -+++ openssl-1.0.2h/crypto/evp/evp_locl.h 2016-05-03 16:57:58.824321063 +0200 -@@ -258,10 +258,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void - BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ - BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ - NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ -- 0, cipher##_init_key, NULL, \ -- EVP_CIPHER_set_asn1_iv, \ -- EVP_CIPHER_get_asn1_iv, \ -- NULL) -+ EVP_CIPH_FLAG_DEFAULT_ASN1, \ -+ cipher##_init_key, NULL, NULL, NULL, NULL) - - struct evp_pkey_ctx_st { - /* Method associated with this operation */ -@@ -355,11 +353,6 @@ const EVP_CIPHER *evp_get_fips_cipher(co - # define MD2_Init private_MD2_Init - # define MDC2_Init private_MDC2_Init - # define SHA_Init private_SHA_Init --# define SHA1_Init private_SHA1_Init --# define SHA224_Init private_SHA224_Init --# define SHA256_Init private_SHA256_Init --# define SHA384_Init private_SHA384_Init --# define SHA512_Init private_SHA512_Init - - # define BF_set_key private_BF_set_key - # define CAST_set_key private_CAST_set_key -@@ -367,7 +360,6 @@ const EVP_CIPHER *evp_get_fips_cipher(co - # define SEED_set_key private_SEED_set_key - # define RC2_set_key private_RC2_set_key - # define RC4_set_key private_RC4_set_key --# define DES_set_key_unchecked private_DES_set_key_unchecked - # define Camellia_set_key private_Camellia_set_key - - #endif -diff -up openssl-1.0.2h/crypto/evp/m_dss.c.fips openssl-1.0.2h/crypto/evp/m_dss.c ---- openssl-1.0.2h/crypto/evp/m_dss.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/m_dss.c 2016-05-03 16:57:58.825321086 +0200 -@@ -86,7 +86,7 @@ static const EVP_MD dsa_md = { - NID_dsaWithSHA, - NID_dsaWithSHA, - SHA_DIGEST_LENGTH, -- EVP_MD_FLAG_PKEY_DIGEST, -+ EVP_MD_FLAG_PKEY_DIGEST | EVP_MD_FLAG_FIPS, - init, - update, - final, -diff -up openssl-1.0.2h/crypto/evp/m_dss1.c.fips openssl-1.0.2h/crypto/evp/m_dss1.c ---- openssl-1.0.2h/crypto/evp/m_dss1.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/m_dss1.c 2016-05-03 16:57:58.825321086 +0200 -@@ -87,7 +87,7 @@ static const EVP_MD dss1_md = { - NID_dsa, - NID_dsaWithSHA1, - SHA_DIGEST_LENGTH, -- EVP_MD_FLAG_PKEY_DIGEST, -+ EVP_MD_FLAG_PKEY_DIGEST | EVP_MD_FLAG_FIPS, - init, - update, - final, -diff -up openssl-1.0.2h/crypto/evp/m_md2.c.fips openssl-1.0.2h/crypto/evp/m_md2.c ---- openssl-1.0.2h/crypto/evp/m_md2.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/m_md2.c 2016-05-03 16:57:58.825321086 +0200 -@@ -68,6 +68,7 @@ - # ifndef OPENSSL_NO_RSA - # include - # endif -+# include "evp_locl.h" - - static int init(EVP_MD_CTX *ctx) - { -diff -up openssl-1.0.2h/crypto/evp/m_sha1.c.fips openssl-1.0.2h/crypto/evp/m_sha1.c ---- openssl-1.0.2h/crypto/evp/m_sha1.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/m_sha1.c 2016-05-03 16:57:58.825321086 +0200 -@@ -87,7 +87,8 @@ static const EVP_MD sha1_md = { +diff -up openssl-1.1.0h/crypto/evp/m_sha1.c.fips openssl-1.1.0h/crypto/evp/m_sha1.c +--- openssl-1.1.0h/crypto/evp/m_sha1.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/evp/m_sha1.c 2018-03-29 15:04:23.512375176 +0200 +@@ -94,7 +94,7 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, SHA_DIGEST_LENGTH, -- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT | -+ EVP_MD_FLAG_FIPS, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, init, update, final, -@@ -134,7 +135,8 @@ static const EVP_MD sha224_md = { +@@ -144,7 +144,7 @@ static const EVP_MD sha224_md = { NID_sha224, NID_sha224WithRSAEncryption, SHA224_DIGEST_LENGTH, -- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT | -+ EVP_MD_FLAG_FIPS, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, init224, - update256, - final256, -@@ -154,7 +156,8 @@ static const EVP_MD sha256_md = { + update224, + final224, +@@ -163,7 +163,7 @@ static const EVP_MD sha256_md = { NID_sha256, NID_sha256WithRSAEncryption, SHA256_DIGEST_LENGTH, -- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT | -+ EVP_MD_FLAG_FIPS, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, init256, update256, final256, -@@ -197,7 +200,8 @@ static const EVP_MD sha384_md = { +@@ -213,7 +213,7 @@ static const EVP_MD sha384_md = { NID_sha384, NID_sha384WithRSAEncryption, SHA384_DIGEST_LENGTH, -- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT | -+ EVP_MD_FLAG_FIPS, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, init384, - update512, - final512, -@@ -217,7 +221,8 @@ static const EVP_MD sha512_md = { + update384, + final384, +@@ -232,7 +232,7 @@ static const EVP_MD sha512_md = { NID_sha512, NID_sha512WithRSAEncryption, SHA512_DIGEST_LENGTH, -- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, -+ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT | -+ EVP_MD_FLAG_FIPS, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, init512, update512, final512, -diff -up openssl-1.0.2h/crypto/evp/p_sign.c.fips openssl-1.0.2h/crypto/evp/p_sign.c ---- openssl-1.0.2h/crypto/evp/p_sign.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/p_sign.c 2016-05-03 16:57:58.825321086 +0200 -@@ -61,6 +61,7 @@ - #include - #include - #include -+#include - - #ifdef undef - void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) -@@ -101,6 +102,22 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsig - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; -+ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931) -+ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0) -+ goto err; -+ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS) { -+ int saltlen; -+ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= -+ 0) -+ goto err; -+ saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx); -+ if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN) -+ saltlen = -1; -+ else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC) -+ saltlen = -2; -+ if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0) -+ goto err; -+ } - if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) - goto err; - *siglen = sltmp; -diff -up openssl-1.0.2h/crypto/evp/p_verify.c.fips openssl-1.0.2h/crypto/evp/p_verify.c ---- openssl-1.0.2h/crypto/evp/p_verify.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/evp/p_verify.c 2016-05-03 16:57:58.825321086 +0200 -@@ -61,6 +61,7 @@ - #include - #include - #include -+#include - - int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, - unsigned int siglen, EVP_PKEY *pkey) -@@ -87,6 +88,22 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, con - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; -+ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931) -+ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0) -+ goto err; -+ if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS) { -+ int saltlen; -+ if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= -+ 0) -+ goto err; -+ saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx); -+ if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN) -+ saltlen = -1; -+ else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC) -+ saltlen = -2; -+ if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0) -+ goto err; -+ } - i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); - err: - EVP_PKEY_CTX_free(pkctx); -diff -up openssl-1.0.2h/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2h/crypto/fips/fips_aes_selftest.c ---- openssl-1.0.2h/crypto/fips/fips_aes_selftest.c.fips 2016-05-03 16:57:58.825321086 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_aes_selftest.c 2016-05-03 16:57:58.825321086 +0200 -@@ -0,0 +1,365 @@ +diff -up openssl-1.1.0h/crypto/fips/build.info.fips openssl-1.1.0h/crypto/fips/build.info +--- openssl-1.1.0h/crypto/fips/build.info.fips 2018-03-29 14:44:24.632236783 +0200 ++++ openssl-1.1.0h/crypto/fips/build.info 2018-03-29 14:44:24.632236783 +0200 +@@ -0,0 +1,15 @@ ++LIBS=../../libcrypto ++SOURCE[../../libcrypto]=\ ++ fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c \ ++ fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c \ ++ fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ ++ fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \ ++ fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \ ++ fips_enc.c fips_md.c fips_dh_selftest.c fips_ers.c ++ ++PROGRAMS_NO_INST=\ ++ fips_standalone_hmac ++ ++SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c ++INCLUDE[fips_standalone_hmac]=../../include ++DEPEND[fips_standalone_hmac]=../../libcrypto +diff -up openssl-1.1.0h/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_aes_selftest.c +--- openssl-1.1.0h/crypto/fips/fips_aes_selftest.c.fips 2018-03-29 14:44:24.632236783 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_aes_selftest.c 2018-03-29 14:44:24.632236783 +0200 +@@ -0,0 +1,372 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * @@ -2291,8 +1355,8 @@ diff -up openssl-1.0.2h/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2h/cryp +#include +#ifdef OPENSSL_FIPS +# include ++# include "internal/fips_int.h" +#endif -+#include + +#ifdef OPENSSL_FIPS +static const struct { @@ -2309,27 +1373,21 @@ diff -up openssl-1.0.2h/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2h/cryp +0x69, 0xC4, 0xE0, 0xD8, 0x6A, 0x7B, 0x04, 0x30, + 0xD8, 0xCD, 0xB7, 0x80, 0x70, 0xB4, 0xC5, 0x5A},},}; + -+static int corrupt_aes; -+ -+void FIPS_corrupt_aes() -+{ -+ corrupt_aes = 1; -+} -+ +int FIPS_selftest_aes() +{ + int n; + int ret = 0; -+ EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX_init(&ctx); ++ EVP_CIPHER_CTX *ctx; ++ ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) ++ goto err; + + for (n = 0; n < 1; ++n) { + unsigned char key[16]; + + memcpy(key, tests[n].key, sizeof(key)); -+ if (corrupt_aes) -+ key[0]++; -+ if (fips_cipher_test(&ctx, EVP_aes_128_ecb(), ++ if (fips_cipher_test(ctx, EVP_aes_128_ecb(), + key, NULL, + tests[n].plaintext, + tests[n].ciphertext, 16) <= 0) @@ -2337,7 +1395,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2h/cryp + } + ret = 1; + err: -+ EVP_CIPHER_CTX_cleanup(&ctx); ++ EVP_CIPHER_CTX_free(ctx); + if (ret == 0) + FIPSerr(FIPS_F_FIPS_SELFTEST_AES, FIPS_R_SELFTEST_FAILED); + return ret; @@ -2379,27 +1437,31 @@ diff -up openssl-1.0.2h/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2h/cryp +{ + int ret = 0; + unsigned char out[128], tag[16]; -+ EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX_init(&ctx); -+ memset(out, 0, sizeof(out)); -+ if (!EVP_CipherInit_ex(&ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 1)) -+ goto err; -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, -+ sizeof(ccm_nonce), NULL)) -+ goto err; -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, -+ sizeof(ccm_tag), NULL)) -+ goto err; -+ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, ccm_key, ccm_nonce, 1)) -+ goto err; -+ if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt)) -+ goto err; -+ if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0) -+ goto err; -+ if (EVP_Cipher(&ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct)) ++ EVP_CIPHER_CTX *ctx; ++ ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) + goto err; + -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, 16, tag)) ++ memset(out, 0, sizeof(out)); ++ if (!EVP_CipherInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 1)) ++ goto err; ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, ++ sizeof(ccm_nonce), NULL)) ++ goto err; ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, ++ sizeof(ccm_tag), NULL)) ++ goto err; ++ if (!EVP_CipherInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce, 1)) ++ goto err; ++ if (EVP_Cipher(ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt)) ++ goto err; ++ if (EVP_Cipher(ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0) ++ goto err; ++ if (EVP_Cipher(ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct)) ++ goto err; ++ ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, 16, tag)) + goto err; + if (memcmp(tag, ccm_tag, sizeof(ccm_tag)) + || memcmp(out, ccm_ct, sizeof(ccm_ct))) @@ -2407,20 +1469,20 @@ diff -up openssl-1.0.2h/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2h/cryp + + memset(out, 0, sizeof(out)); + -+ if (!EVP_CipherInit_ex(&ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 0)) ++ if (!EVP_CipherInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 0)) + goto err; -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, + sizeof(ccm_nonce), NULL)) + goto err; -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag)) ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, 16, tag)) + goto err; -+ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, ccm_key, ccm_nonce, 0)) ++ if (!EVP_CipherInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce, 0)) + goto err; -+ if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct)) ++ if (EVP_Cipher(ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct)) + goto err; -+ if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0) ++ if (EVP_Cipher(ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0) + goto err; -+ if (EVP_Cipher(&ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt)) ++ if (EVP_Cipher(ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt)) + goto err; + + if (memcmp(out, ccm_pt, sizeof(ccm_pt))) @@ -2429,7 +1491,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2h/cryp + ret = 1; + + err: -+ EVP_CIPHER_CTX_cleanup(&ctx); ++ EVP_CIPHER_CTX_free(ctx); + + if (ret == 0) { + FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM, FIPS_R_SELFTEST_FAILED); @@ -2475,25 +1537,29 @@ diff -up openssl-1.0.2h/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2h/cryp +{ + int ret = 0; + unsigned char out[128], tag[16]; -+ EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX_init(&ctx); -+ memset(out, 0, sizeof(out)); -+ memset(tag, 0, sizeof(tag)); -+ if (!EVP_CipherInit_ex(&ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 1)) -+ goto err; -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, -+ sizeof(gcm_iv), NULL)) -+ goto err; -+ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, gcm_key, gcm_iv, 1)) -+ goto err; -+ if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0) -+ goto err; -+ if (EVP_Cipher(&ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct)) -+ goto err; -+ if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0) ++ EVP_CIPHER_CTX *ctx; ++ ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) + goto err; + -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) ++ memset(out, 0, sizeof(out)); ++ memset(tag, 0, sizeof(tag)); ++ if (!EVP_CipherInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 1)) ++ goto err; ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ++ sizeof(gcm_iv), NULL)) ++ goto err; ++ if (!EVP_CipherInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv, 1)) ++ goto err; ++ if (EVP_Cipher(ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0) ++ goto err; ++ if (EVP_Cipher(ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct)) ++ goto err; ++ if (EVP_Cipher(ctx, NULL, NULL, 0) < 0) ++ goto err; ++ ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) + goto err; + + if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16)) @@ -2501,20 +1567,20 @@ diff -up openssl-1.0.2h/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2h/cryp + + memset(out, 0, sizeof(out)); + -+ if (!EVP_CipherInit_ex(&ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 0)) ++ if (!EVP_CipherInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 0)) + goto err; -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, + sizeof(gcm_iv), NULL)) + goto err; -+ if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag)) ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag)) + goto err; -+ if (!EVP_CipherInit_ex(&ctx, NULL, NULL, gcm_key, gcm_iv, 0)) ++ if (!EVP_CipherInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv, 0)) + goto err; -+ if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0) ++ if (EVP_Cipher(ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0) + goto err; -+ if (EVP_Cipher(&ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt)) ++ if (EVP_Cipher(ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt)) + goto err; -+ if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0) ++ if (EVP_Cipher(ctx, NULL, NULL, 0) < 0) + goto err; + + if (memcmp(out, gcm_pt, 16)) @@ -2523,7 +1589,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2h/cryp + ret = 1; + + err: -+ EVP_CIPHER_CTX_cleanup(&ctx); ++ EVP_CIPHER_CTX_free(ctx); + + if (ret == 0) { + FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM, FIPS_R_SELFTEST_FAILED); @@ -2583,30 +1649,35 @@ diff -up openssl-1.0.2h/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.2h/cryp +int FIPS_selftest_aes_xts() +{ + int ret = 1; -+ EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX_init(&ctx); ++ EVP_CIPHER_CTX *ctx; + -+ if (fips_cipher_test(&ctx, EVP_aes_128_xts(), ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) ++ goto err; ++ ++ if (fips_cipher_test(ctx, EVP_aes_128_xts(), + XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct, + sizeof(XTS_128_pt)) <= 0) + ret = 0; + -+ if (fips_cipher_test(&ctx, EVP_aes_256_xts(), ++ if (fips_cipher_test(ctx, EVP_aes_256_xts(), + XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct, + sizeof(XTS_256_pt)) <= 0) + ret = 0; + -+ EVP_CIPHER_CTX_cleanup(&ctx); ++ EVP_CIPHER_CTX_free(ctx); ++ ++ err: + if (ret == 0) + FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS, FIPS_R_SELFTEST_FAILED); + return ret; +} + +#endif -diff -up openssl-1.0.2h/crypto/fips/fips.c.fips openssl-1.0.2h/crypto/fips/fips.c ---- openssl-1.0.2h/crypto/fips/fips.c.fips 2016-05-03 16:57:58.826321110 +0200 -+++ openssl-1.0.2h/crypto/fips/fips.c 2016-05-03 16:57:58.826321110 +0200 -@@ -0,0 +1,483 @@ +diff -up openssl-1.1.0h/crypto/fips/fips.c.fips openssl-1.1.0h/crypto/fips/fips.c +--- openssl-1.1.0h/crypto/fips/fips.c.fips 2018-03-29 14:44:24.632236783 +0200 ++++ openssl-1.1.0h/crypto/fips/fips.c 2018-03-29 14:44:24.632236783 +0200 +@@ -0,0 +1,526 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * @@ -2669,11 +1740,14 @@ diff -up openssl-1.0.2h/crypto/fips/fips.c.fips openssl-1.0.2h/crypto/fips/fips. +#include +#include +#include ++#include ++#include +#include "fips_locl.h" + +#ifdef OPENSSL_FIPS + +# include ++# include "internal/thread_once.h" + +# ifndef PATH_MAX +# define PATH_MAX 1024 @@ -2687,10 +1761,21 @@ diff -up openssl-1.0.2h/crypto/fips/fips.c.fips openssl-1.0.2h/crypto/fips/fips. +static int fips_set_owning_thread(void); +static int fips_clear_owning_thread(void); + -+# define fips_w_lock() CRYPTO_w_lock(CRYPTO_LOCK_FIPS) -+# define fips_w_unlock() CRYPTO_w_unlock(CRYPTO_LOCK_FIPS) -+# define fips_r_lock() CRYPTO_r_lock(CRYPTO_LOCK_FIPS) -+# define fips_r_unlock() CRYPTO_r_unlock(CRYPTO_LOCK_FIPS) ++static CRYPTO_RWLOCK *fips_lock = NULL; ++static CRYPTO_RWLOCK *fips_owning_lock = NULL; ++static CRYPTO_ONCE fips_lock_init = CRYPTO_ONCE_STATIC_INIT; ++ ++DEFINE_RUN_ONCE_STATIC(do_fips_lock_init) ++{ ++ fips_lock = CRYPTO_THREAD_lock_new(); ++ fips_owning_lock = CRYPTO_THREAD_lock_new(); ++ return fips_lock != NULL && fips_owning_lock != NULL; ++} ++ ++# define fips_w_lock() CRYPTO_THREAD_write_lock(fips_lock) ++# define fips_w_unlock() CRYPTO_THREAD_unlock(fips_lock) ++# define fips_r_lock() CRYPTO_THREAD_read_lock(fips_lock) ++# define fips_r_unlock() CRYPTO_THREAD_unlock(fips_lock) + +static void fips_set_mode(int onoff) +{ @@ -2720,6 +1805,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips.c.fips openssl-1.0.2h/crypto/fips/fips. + return ret; +} + ++/* just a compat symbol - return NULL */ +int FIPS_selftest_failed(void) +{ + int ret = 0; @@ -2810,7 +1896,9 @@ diff -up openssl-1.0.2h/crypto/fips/fips.c.fips openssl-1.0.2h/crypto/fips/fips. +} + +# define HMAC_PREFIX "." -+# define HMAC_SUFFIX ".hmac" ++# ifndef HMAC_SUFFIX ++# define HMAC_SUFFIX ".hmac" ++# endif +# define READ_BUFFER_LENGTH 16384 + +static char *make_hmac_path(const char *origpath) @@ -2849,9 +1937,11 @@ diff -up openssl-1.0.2h/crypto/fips/fips.c.fips openssl-1.0.2h/crypto/fips/fips. + unsigned char rbuf[READ_BUFFER_LENGTH]; + size_t len; + unsigned int hlen; -+ HMAC_CTX c; ++ HMAC_CTX *c; + -+ HMAC_CTX_init(&c); ++ c = HMAC_CTX_new(); ++ if (c == NULL) ++ return rv; + + f = fopen(path, "r"); + @@ -2859,15 +1949,21 @@ diff -up openssl-1.0.2h/crypto/fips/fips.c.fips openssl-1.0.2h/crypto/fips/fips. + goto end; + } + -+ HMAC_Init(&c, hmackey, sizeof(hmackey) - 1, EVP_sha256()); ++ if (HMAC_Init_ex(c, hmackey, sizeof(hmackey) - 1, EVP_sha256(), NULL) <= 0) { ++ goto end; ++ } + + while ((len = fread(rbuf, 1, sizeof(rbuf), f)) != 0) { -+ HMAC_Update(&c, rbuf, len); ++ if (HMAC_Update(c, rbuf, len) <= 0) { ++ goto end; ++ } + } + + len = sizeof(rbuf); + /* reuse rbuf for hmac */ -+ HMAC_Final(&c, rbuf, &hlen); ++ if (HMAC_Final(c, rbuf, &hlen) <= 0) { ++ goto end; ++ } + + *buf = malloc(hlen); + if (*buf == NULL) { @@ -2880,7 +1976,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips.c.fips openssl-1.0.2h/crypto/fips/fips. + + rv = 0; + end: -+ HMAC_CTX_cleanup(&c); ++ HMAC_CTX_free(c); + + if (f) + fclose(f); @@ -2888,20 +1984,14 @@ diff -up openssl-1.0.2h/crypto/fips/fips.c.fips openssl-1.0.2h/crypto/fips/fips. + return rv; +} + -+static int FIPSCHECK_verify(const char *libname, const char *symbolname) ++static int FIPSCHECK_verify(const char *path) +{ -+ char path[PATH_MAX + 1]; -+ int rv; ++ int rv = 0; + FILE *hf; + char *hmacpath, *p; + char *hmac = NULL; + size_t n; + -+ rv = get_library_path(libname, symbolname, path, sizeof(path)); -+ -+ if (rv < 0) -+ return 0; -+ + hmacpath = make_hmac_path(path); + if (hmacpath == NULL) + return 0; @@ -2952,10 +2042,58 @@ diff -up openssl-1.0.2h/crypto/fips/fips.c.fips openssl-1.0.2h/crypto/fips/fips. + return 1; +} + -+int FIPS_module_mode_set(int onoff, const char *auth) ++static int verify_checksums(void) ++{ ++ int rv; ++ char path[PATH_MAX + 1]; ++ char *p; ++ ++ /* we need to avoid dlopening libssl, assume both libcrypto and libssl ++ are in the same directory */ ++ ++ rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER, ++ "FIPS_mode_set", path, sizeof(path)); ++ if (rv < 0) ++ return 0; ++ ++ rv = FIPSCHECK_verify(path); ++ if (!rv) ++ return 0; ++ ++ /* replace libcrypto with libssl */ ++ while ((p = strstr(path, "libcrypto.so")) != NULL) { ++ p = stpcpy(p, "libssl"); ++ memmove(p, p + 3, strlen(p + 2)); ++ } ++ ++ rv = FIPSCHECK_verify(path); ++ if (!rv) ++ return 0; ++ return 1; ++} ++ ++# ifndef FIPS_MODULE_PATH ++# define FIPS_MODULE_PATH "/etc/system-fips" ++# endif ++ ++int FIPS_module_installed(void) ++{ ++ int rv; ++ rv = access(FIPS_MODULE_PATH, F_OK); ++ if (rv < 0 && errno != ENOENT) ++ rv = 0; ++ ++ /* Installed == true */ ++ return !rv; ++} ++ ++int FIPS_module_mode_set(int onoff) +{ + int ret = 0; + ++ if (!RUN_ONCE(&fips_lock_init, do_fips_lock_init)) ++ return NULL; ++ + fips_w_lock(); + fips_started = 1; + fips_set_owning_thread(); @@ -2984,13 +2122,16 @@ diff -up openssl-1.0.2h/crypto/fips/fips.c.fips openssl-1.0.2h/crypto/fips/fips. + ret = 0; + goto end; + } -+ OPENSSL_ia32cap_P[0] |= (1 << 28); /* set "shared cache" */ -+ OPENSSL_ia32cap_P[1] &= ~(1 << (60 - 32)); /* clear AVX */ + } +# endif + -+ if (!FIPSCHECK_verify -+ ("libcrypto.so." SHLIB_VERSION_NUMBER, "FIPS_mode_set")) { ++ if (!FIPS_selftest()) { ++ fips_selftest_fail = 1; ++ ret = 0; ++ goto end; ++ } ++ ++ if (!verify_checksums()) { + FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET, + FIPS_R_FINGERPRINT_DOES_NOT_MATCH); + fips_selftest_fail = 1; @@ -2998,22 +2139,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips.c.fips openssl-1.0.2h/crypto/fips/fips. + goto end; + } + -+ if (!FIPSCHECK_verify -+ ("libssl.so." SHLIB_VERSION_NUMBER, "SSL_CTX_new")) { -+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET, -+ FIPS_R_FINGERPRINT_DOES_NOT_MATCH); -+ fips_selftest_fail = 1; -+ ret = 0; -+ goto end; -+ } -+ -+ if (FIPS_selftest()) -+ fips_set_mode(onoff); -+ else { -+ fips_selftest_fail = 1; -+ ret = 0; -+ goto end; -+ } ++ fips_set_mode(onoff); + ret = 1; + goto end; + } @@ -3026,7 +2152,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips.c.fips openssl-1.0.2h/crypto/fips/fips. + return ret; +} + -+static CRYPTO_THREADID fips_thread; ++static CRYPTO_THREAD_ID fips_threadid; +static int fips_thread_set = 0; + +static int fips_is_owning_thread(void) @@ -3034,14 +2160,13 @@ diff -up openssl-1.0.2h/crypto/fips/fips.c.fips openssl-1.0.2h/crypto/fips/fips. + int ret = 0; + + if (fips_started) { -+ CRYPTO_r_lock(CRYPTO_LOCK_FIPS2); ++ CRYPTO_THREAD_read_lock(fips_owning_lock); + if (fips_thread_set) { -+ CRYPTO_THREADID cur; -+ CRYPTO_THREADID_current(&cur); -+ if (!CRYPTO_THREADID_cmp(&cur, &fips_thread)) ++ CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id(); ++ if (CRYPTO_THREAD_compare_id(fips_threadid, cur)) + ret = 1; + } -+ CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2); ++ CRYPTO_THREAD_unlock(fips_owning_lock); + } + return ret; +} @@ -3051,13 +2176,13 @@ diff -up openssl-1.0.2h/crypto/fips/fips.c.fips openssl-1.0.2h/crypto/fips/fips. + int ret = 0; + + if (fips_started) { -+ CRYPTO_w_lock(CRYPTO_LOCK_FIPS2); ++ CRYPTO_THREAD_write_lock(fips_owning_lock); + if (!fips_thread_set) { -+ CRYPTO_THREADID_current(&fips_thread); ++ fips_threadid = CRYPTO_THREAD_get_current_id(); + ret = 1; + fips_thread_set = 1; + } -+ CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2); ++ CRYPTO_THREAD_unlock(fips_owning_lock); + } + return ret; +} @@ -3067,32 +2192,21 @@ diff -up openssl-1.0.2h/crypto/fips/fips.c.fips openssl-1.0.2h/crypto/fips/fips. + int ret = 0; + + if (fips_started) { -+ CRYPTO_w_lock(CRYPTO_LOCK_FIPS2); ++ CRYPTO_THREAD_write_lock(fips_owning_lock); + if (fips_thread_set) { -+ CRYPTO_THREADID cur; -+ CRYPTO_THREADID_current(&cur); -+ if (!CRYPTO_THREADID_cmp(&cur, &fips_thread)) ++ CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id(); ++ if (CRYPTO_THREAD_compare_id(fips_threadid, cur)) + fips_thread_set = 0; + } -+ CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2); ++ CRYPTO_THREAD_unlock(fips_owning_lock); + } + return ret; +} + -+# if 0 -+/* The purpose of this is to ensure the error code exists and the function -+ * name is to keep the error checking script quiet -+ */ -+void hash_final(void) -+{ -+ FIPSerr(FIPS_F_HASH_FINAL, FIPS_R_NON_FIPS_METHOD); -+} -+# endif -+ +#endif -diff -up openssl-1.0.2h/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.2h/crypto/fips/fips_cmac_selftest.c ---- openssl-1.0.2h/crypto/fips/fips_cmac_selftest.c.fips 2016-05-03 16:57:58.826321110 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_cmac_selftest.c 2016-05-03 16:57:58.826321110 +0200 +diff -up openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c +--- openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c.fips 2018-03-29 14:44:24.632236783 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c 2018-03-29 14:44:24.632236783 +0200 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -3146,6 +2260,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.2h/cry +#include +#include +#include ++#include "internal/fips_int.h" +#include +#include "fips_locl.h" + @@ -3231,7 +2346,6 @@ diff -up openssl-1.0.2h/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.2h/cry + rv = -1; + goto err; + } -+ CMAC_CTX_cleanup(ctx); + + if (outlen < t->macsize / 8 || memcmp(out, t->mac, t->macsize / 8)) { + rv = 0; @@ -3250,10 +2364,10 @@ diff -up openssl-1.0.2h/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.2h/cry + return rv; +} +#endif -diff -up openssl-1.0.2h/crypto/fips/fips_des_selftest.c.fips openssl-1.0.2h/crypto/fips/fips_des_selftest.c ---- openssl-1.0.2h/crypto/fips/fips_des_selftest.c.fips 2016-05-03 16:57:58.826321110 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_des_selftest.c 2016-05-03 16:57:58.826321110 +0200 -@@ -0,0 +1,138 @@ +diff -up openssl-1.1.0h/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_des_selftest.c +--- openssl-1.1.0h/crypto/fips/fips_des_selftest.c.fips 2018-03-29 14:44:24.632236783 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_des_selftest.c 2018-03-29 14:44:24.632236783 +0200 +@@ -0,0 +1,133 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * @@ -3307,8 +2421,8 @@ diff -up openssl-1.0.2h/crypto/fips/fips_des_selftest.c.fips openssl-1.0.2h/cryp +#include +#ifdef OPENSSL_FIPS +# include ++# include "internal/fips_int.h" +#endif -+#include +#include + +#ifdef OPENSSL_FIPS @@ -3351,26 +2465,21 @@ diff -up openssl-1.0.2h/crypto/fips/fips_des_selftest.c.fips openssl-1.0.2h/cryp + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, { +0x11, 0x25, 0xb0, 0x35, 0xbe, 0xa0, 0x82, 0x86},},}; + -+static int corrupt_des; -+ -+void FIPS_corrupt_des() -+{ -+ corrupt_des = 1; -+} -+ +int FIPS_selftest_des() +{ + int n, ret = 0; -+ EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX_init(&ctx); ++ EVP_CIPHER_CTX *ctx; ++ ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) ++ goto err; ++ + /* Encrypt/decrypt with 2-key 3DES and compare to known answers */ + for (n = 0; n < 2; ++n) { + unsigned char plaintext[8]; + + memcpy(plaintext, tests2[n].plaintext, sizeof(plaintext)); -+ if (corrupt_des) -+ plaintext[0]++; -+ if (!fips_cipher_test(&ctx, EVP_des_ede_ecb(), ++ if (!fips_cipher_test(ctx, EVP_des_ede_ecb(), + tests2[n].key, NULL, + plaintext, tests2[n].ciphertext, 8)) + goto err; @@ -3378,23 +2487,207 @@ diff -up openssl-1.0.2h/crypto/fips/fips_des_selftest.c.fips openssl-1.0.2h/cryp + + /* Encrypt/decrypt with 3DES and compare to known answers */ + for (n = 0; n < 2; ++n) { -+ if (!fips_cipher_test(&ctx, EVP_des_ede3_ecb(), ++ if (!fips_cipher_test(ctx, EVP_des_ede3_ecb(), + tests3[n].key, NULL, + tests3[n].plaintext, tests3[n].ciphertext, 8)) + goto err; + } + ret = 1; + err: -+ EVP_CIPHER_CTX_cleanup(&ctx); ++ EVP_CIPHER_CTX_free(ctx); + if (ret == 0) + FIPSerr(FIPS_F_FIPS_SELFTEST_DES, FIPS_R_SELFTEST_FAILED); + + return ret; +} +#endif -diff -up openssl-1.0.2h/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.2h/crypto/fips/fips_drbg_ctr.c ---- openssl-1.0.2h/crypto/fips/fips_drbg_ctr.c.fips 2016-05-03 16:57:58.826321110 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_drbg_ctr.c 2016-05-03 16:57:58.826321110 +0200 +diff -up openssl-1.1.0h/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_dh_selftest.c +--- openssl-1.1.0h/crypto/fips/fips_dh_selftest.c.fips 2018-03-29 14:44:24.633236807 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_dh_selftest.c 2018-03-29 14:44:24.633236807 +0200 +@@ -0,0 +1,180 @@ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 2013 Red Hat, Inc. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "fips_locl.h" ++ ++#ifdef OPENSSL_FIPS ++ ++static const unsigned char dh_test_2048_p[] = { ++ 0xAE, 0xEC, 0xEE, 0x22, 0xFA, 0x3A, 0xA5, 0x22, 0xC0, 0xDE, 0x0F, 0x09, ++ 0x7E, 0x17, 0xC0, 0x05, 0xF9, 0xF1, 0xE7, 0xC6, 0x87, 0x14, 0x6D, 0x11, ++ 0xE7, 0xAE, 0xED, 0x2F, 0x72, 0x59, 0xC5, 0xA9, 0x9B, 0xB8, 0x02, 0xA5, ++ 0xF3, 0x69, 0x70, 0xD6, 0xDD, 0x90, 0xF9, 0x19, 0x79, 0xBE, 0x60, 0x8F, ++ 0x25, 0x92, 0x30, 0x1C, 0x51, 0x51, 0x38, 0x26, 0x82, 0x25, 0xE6, 0xFC, ++ 0xED, 0x65, 0x96, 0x8F, 0x57, 0xE5, 0x53, 0x8B, 0x38, 0x63, 0xC7, 0xCE, ++ 0xBC, 0x1B, 0x4D, 0x18, 0x2A, 0x5B, 0x04, 0x3F, 0x6A, 0x3C, 0x94, 0x39, ++ 0xAE, 0x36, 0xD6, 0x5E, 0x0F, 0xA2, 0xCC, 0xD0, 0xD4, 0xD5, 0xC6, 0x1E, ++ 0xF6, 0xA0, 0xF5, 0x89, 0x4E, 0xB4, 0x0B, 0xA4, 0xB3, 0x2B, 0x3D, 0xE2, ++ 0x4E, 0xE1, 0x49, 0x25, 0x99, 0x5F, 0x32, 0x16, 0x33, 0x32, 0x1B, 0x7A, ++ 0xA5, 0x5C, 0x6B, 0x34, 0x0D, 0x39, 0x99, 0xDC, 0xF0, 0x76, 0xE5, 0x5A, ++ 0xD4, 0x71, 0x00, 0xED, 0x5A, 0x73, 0xFB, 0xC8, 0x01, 0xAD, 0x99, 0xCF, ++ 0x99, 0x52, 0x7C, 0x9C, 0x64, 0xC6, 0x76, 0x40, 0x57, 0xAF, 0x59, 0xD7, ++ 0x38, 0x0B, 0x40, 0xDE, 0x33, 0x0D, 0xB8, 0x76, 0xEC, 0xA9, 0xD8, 0x73, ++ 0xF8, 0xEF, 0x26, 0x66, 0x06, 0x27, 0xDD, 0x7C, 0xA4, 0x10, 0x9C, 0xA6, ++ 0xAA, 0xF9, 0x53, 0x62, 0x73, 0x1D, 0xBA, 0x1C, 0xF1, 0x67, 0xF4, 0x35, ++ 0xED, 0x6F, 0x37, 0x92, 0xE8, 0x4F, 0x6C, 0xBA, 0x52, 0x6E, 0xA1, 0xED, ++ 0xDA, 0x9F, 0x85, 0x11, 0x82, 0x52, 0x62, 0x08, 0x44, 0xF1, 0x30, 0x03, ++ 0xC3, 0x38, 0x2C, 0x79, 0xBD, 0xD4, 0x43, 0x45, 0xEE, 0x8E, 0x50, 0xFC, ++ 0x29, 0x46, 0x9A, 0xFE, 0x54, 0x1A, 0x19, 0x8F, 0x4B, 0x84, 0x08, 0xDE, ++ 0x20, 0x62, 0x73, 0xCC, 0xDD, 0x7E, 0xF0, 0xEF, 0xA2, 0xFD, 0x86, 0x58, ++ 0x4B, 0xD8, 0x37, 0xEB ++}; ++ ++static const unsigned char dh_test_2048_g[] = { ++ 0x02 ++}; ++ ++static const unsigned char dh_test_2048_pub_key[] = { ++ 0xA0, 0x39, 0x11, 0x77, 0x9A, 0xC1, 0x30, 0x1F, 0xBE, 0x48, 0xA7, 0xAA, ++ 0xA0, 0x84, 0x54, 0x64, 0xAD, 0x1B, 0x70, 0xFA, 0x13, 0x55, 0x63, 0xD2, ++ 0x1F, 0x62, 0x32, 0x93, 0x8E, 0xC9, 0x3E, 0x09, 0xA7, 0x64, 0xE4, 0x12, ++ 0x6E, 0x1B, 0xF2, 0x92, 0x3B, 0xB9, 0xCB, 0x56, 0xEA, 0x07, 0x88, 0xB5, ++ 0xA6, 0xBC, 0x16, 0x1F, 0x27, 0xFE, 0xD8, 0xAA, 0x40, 0xB2, 0xB0, 0x2D, ++ 0x37, 0x76, 0xA6, 0xA4, 0x82, 0x2C, 0x0E, 0x22, 0x64, 0x9D, 0xCB, 0xD1, ++ 0x00, 0xB7, 0x89, 0x14, 0x72, 0x4E, 0xBE, 0x48, 0x41, 0xF8, 0xB2, 0x51, ++ 0x11, 0x09, 0x4B, 0x22, 0x01, 0x23, 0x39, 0x96, 0xE0, 0x15, 0xD7, 0x9F, ++ 0x60, 0xD1, 0xB7, 0xAE, 0xFE, 0x5F, 0xDB, 0xE7, 0x03, 0x17, 0x97, 0xA6, ++ 0x16, 0x74, 0xBD, 0x53, 0x81, 0x19, 0xC5, 0x47, 0x5E, 0xCE, 0x8D, 0xED, ++ 0x45, 0x5D, 0x3C, 0x00, 0xA0, 0x0A, 0x68, 0x6A, 0xE0, 0x8E, 0x06, 0x46, ++ 0x6F, 0xD7, 0xF9, 0xDF, 0x31, 0x7E, 0x77, 0x44, 0x0D, 0x98, 0xE0, 0xCA, ++ 0x98, 0x09, 0x52, 0x04, 0x90, 0xEA, 0x6D, 0xF4, 0x30, 0x69, 0x8F, 0xB1, ++ 0x9B, 0xC1, 0x43, 0xDB, 0xD5, 0x8D, 0xC8, 0x8E, 0xB6, 0x0B, 0x05, 0xBE, ++ 0x0E, 0xC5, 0x99, 0xC8, 0x6E, 0x4E, 0xF3, 0xCB, 0xC3, 0x5E, 0x9B, 0x53, ++ 0xF7, 0x06, 0x1C, 0x4F, 0xC7, 0xB8, 0x6E, 0x30, 0x18, 0xCA, 0x9B, 0xB9, ++ 0xBC, 0x5F, 0x17, 0x72, 0x29, 0x5A, 0xE5, 0xD9, 0x96, 0xB7, 0x0B, 0xF3, ++ 0x2D, 0x8C, 0xF1, 0xE1, 0x0E, 0x0D, 0x74, 0xD5, 0x9D, 0xF0, 0x06, 0xA9, ++ 0xB4, 0x95, 0x63, 0x76, 0x46, 0x55, 0x48, 0x82, 0x39, 0x90, 0xEF, 0x56, ++ 0x75, 0x34, 0xB8, 0x34, 0xC3, 0x18, 0x6E, 0x1E, 0xAD, 0xE3, 0x48, 0x7E, ++ 0x93, 0x2C, 0x23, 0xE7, 0xF8, 0x90, 0x73, 0xB1, 0x77, 0x80, 0x67, 0xA9, ++ 0x36, 0x9E, 0xDA, 0xD2 ++}; ++ ++static const unsigned char dh_test_2048_priv_key[] = { ++ 0x0C, 0x4B, 0x30, 0x89, 0xD1, 0xB8, 0x62, 0xCB, 0x3C, 0x43, 0x64, 0x91, ++ 0xF0, 0x91, 0x54, 0x70, 0xC5, 0x27, 0x96, 0xE3, 0xAC, 0xBE, 0xE8, 0x00, ++ 0xEC, 0x55, 0xF6, 0xCC ++}; ++ ++int FIPS_selftest_dh() ++{ ++ DH *dh = NULL; ++ int ret = 0; ++ void *pub_key_bin = NULL; ++ int len; ++ BIGNUM *p = NULL, *g = NULL, *priv_key = NULL, *tmp_pub_key = NULL; ++ const BIGNUM *pub_key; ++ ++ fips_load_key_component(p, dh_test_2048); ++ fips_load_key_component(g, dh_test_2048); ++ /* note that the private key is much shorter than normally used ++ * but still g ** priv_key > p ++ */ ++ fips_load_key_component(priv_key, dh_test_2048); ++ if ((tmp_pub_key = BN_new()) == NULL) ++ goto err; ++ ++ dh = DH_new(); ++ ++ if (dh == NULL) ++ goto err; ++ ++ DH_set0_pqg(dh, p, NULL, g); ++ DH_set0_key(dh, tmp_pub_key, priv_key); ++ ++ if (DH_generate_key(dh) <= 0) ++ goto err; ++ ++ DH_get0_key(dh, &pub_key, NULL); ++ ++ if (pub_key == NULL) ++ goto err; ++ ++ len = BN_num_bytes(pub_key); ++ if ((pub_key_bin = OPENSSL_malloc(len)) == NULL) ++ goto err; ++ BN_bn2bin(pub_key, pub_key_bin); ++ ++ if (len != sizeof(dh_test_2048_pub_key) || ++ memcmp(pub_key_bin, dh_test_2048_pub_key, len) != 0) ++ goto err; ++ ++ ret = 1; ++ ++ err: ++ if (dh) ++ DH_free(dh); ++ else { ++ BN_free(p); ++ BN_free(g); ++ BN_free(priv_key); ++ BN_free(tmp_pub_key); ++ } ++ ++ OPENSSL_free(pub_key_bin); ++ return ret; ++} ++#endif +diff -up openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c +--- openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c.fips 2018-03-29 14:44:24.633236807 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c 2018-03-29 14:44:24.633236807 +0200 @@ -0,0 +1,415 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3811,10 +3104,10 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.2h/crypto/f + + return 1; +} -diff -up openssl-1.0.2h/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.2h/crypto/fips/fips_drbg_hash.c ---- openssl-1.0.2h/crypto/fips/fips_drbg_hash.c.fips 2016-05-03 16:57:58.826321110 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_drbg_hash.c 2016-05-03 16:57:58.826321110 +0200 -@@ -0,0 +1,358 @@ +diff -up openssl-1.1.0h/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_hash.c +--- openssl-1.1.0h/crypto/fips/fips_drbg_hash.c.fips 2018-03-29 14:44:24.633236807 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_drbg_hash.c 2018-03-29 14:44:24.633236807 +0200 +@@ -0,0 +1,361 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -3874,6 +3167,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.2h/crypto/ +#include +#include +#include ++#include "internal/fips_int.h" +#include +#include "fips_rand_lcl.h" + @@ -3885,7 +3179,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.2h/crypto/ + const unsigned char *in3, size_t in3len, + const unsigned char *in4, size_t in4len) +{ -+ EVP_MD_CTX *mctx = &dctx->d.hash.mctx; ++ EVP_MD_CTX *mctx = dctx->d.hash.mctx; + unsigned char *vtmp = dctx->d.hash.vtmp; + unsigned char tmp[6]; + /* Standard only ever needs seedlen bytes which is always less than @@ -3986,7 +3280,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.2h/crypto/ + +static int ctx_add_md(DRBG_CTX *dctx) +{ -+ if (!FIPS_digestfinal(&dctx->d.hash.mctx, dctx->d.hash.vtmp, NULL)) ++ if (!FIPS_digestfinal(dctx->d.hash.mctx, dctx->d.hash.vtmp, NULL)) + return 0; + ctx_add_buf(dctx, dctx->d.hash.V, dctx->d.hash.vtmp, dctx->blocklength); + return 1; @@ -3999,19 +3293,19 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.2h/crypto/ + return 1; + memcpy(hctx->vtmp, hctx->V, dctx->seedlen); + for (;;) { -+ FIPS_digestinit(&hctx->mctx, hctx->md); -+ FIPS_digestupdate(&hctx->mctx, hctx->vtmp, dctx->seedlen); ++ FIPS_digestinit(hctx->mctx, hctx->md); ++ FIPS_digestupdate(hctx->mctx, hctx->vtmp, dctx->seedlen); + if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid) { -+ FIPS_digestfinal(&hctx->mctx, dctx->lb, NULL); ++ FIPS_digestfinal(hctx->mctx, dctx->lb, NULL); + dctx->lb_valid = 1; + } else if (outlen < dctx->blocklength) { -+ FIPS_digestfinal(&hctx->mctx, hctx->vtmp, NULL); ++ FIPS_digestfinal(hctx->mctx, hctx->vtmp, NULL); + if (!fips_drbg_cprng_test(dctx, hctx->vtmp)) + return 0; + memcpy(out, hctx->vtmp, outlen); + return 1; + } else { -+ FIPS_digestfinal(&hctx->mctx, out, NULL); ++ FIPS_digestfinal(hctx->mctx, out, NULL); + if (!fips_drbg_cprng_test(dctx, out)) + return 0; + outlen -= dctx->blocklength; @@ -4071,7 +3365,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.2h/crypto/ + const unsigned char *adin, size_t adin_len) +{ + DRBG_HASH_CTX *hctx = &dctx->d.hash; -+ EVP_MD_CTX *mctx = &hctx->mctx; ++ EVP_MD_CTX *mctx = hctx->mctx; + unsigned char tmp[4]; + if (adin && adin_len) { + tmp[0] = 2; @@ -4117,7 +3411,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.2h/crypto/ + +static int drbg_hash_uninstantiate(DRBG_CTX *dctx) +{ -+ EVP_MD_CTX_cleanup(&dctx->d.hash.mctx); ++ EVP_MD_CTX_free(dctx->d.hash.mctx); + OPENSSL_cleanse(&dctx->d.hash, sizeof(DRBG_HASH_CTX)); + return 1; +} @@ -4149,11 +3443,13 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.2h/crypto/ + dctx->uninstantiate = drbg_hash_uninstantiate; + + dctx->d.hash.md = md; -+ EVP_MD_CTX_init(&hctx->mctx); ++ hctx->mctx = EVP_MD_CTX_new(); ++ if (hctx->mctx == NULL) ++ return -1; + + /* These are taken from SP 800-90 10.1 table 2 */ + -+ dctx->blocklength = M_EVP_MD_size(md); ++ dctx->blocklength = EVP_MD_size(md); + if (dctx->blocklength > 32) + dctx->seedlen = 111; + else @@ -4173,10 +3469,10 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.2h/crypto/ + + return 1; +} -diff -up openssl-1.0.2h/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.2h/crypto/fips/fips_drbg_hmac.c ---- openssl-1.0.2h/crypto/fips/fips_drbg_hmac.c.fips 2016-05-03 16:57:58.827321134 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_drbg_hmac.c 2016-05-03 16:57:58.827321134 +0200 -@@ -0,0 +1,270 @@ +diff -up openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c +--- openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c.fips 2018-03-29 14:44:24.633236807 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c 2018-03-29 14:44:24.633236807 +0200 +@@ -0,0 +1,272 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -4247,7 +3543,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.2h/crypto/ +{ + static unsigned char c0 = 0, c1 = 1; + DRBG_HMAC_CTX *hmac = &dctx->d.hmac; -+ HMAC_CTX *hctx = &hmac->hctx; ++ HMAC_CTX *hctx = hmac->hctx; + + if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL)) + return 0; @@ -4347,7 +3643,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.2h/crypto/ + const unsigned char *adin, size_t adin_len) +{ + DRBG_HMAC_CTX *hmac = &dctx->d.hmac; -+ HMAC_CTX *hctx = &hmac->hctx; ++ HMAC_CTX *hctx = hmac->hctx; + const unsigned char *Vtmp = hmac->V; + if (adin_len && !drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0)) + return 0; @@ -4387,7 +3683,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.2h/crypto/ + +static int drbg_hmac_uninstantiate(DRBG_CTX *dctx) +{ -+ HMAC_CTX_cleanup(&dctx->d.hmac.hctx); ++ HMAC_CTX_free(dctx->d.hmac.hctx); + OPENSSL_cleanse(&dctx->d.hmac, sizeof(DRBG_HMAC_CTX)); + return 1; +} @@ -4428,7 +3724,9 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.2h/crypto/ + dctx->reseed = drbg_hmac_reseed; + dctx->generate = drbg_hmac_generate; + dctx->uninstantiate = drbg_hmac_uninstantiate; -+ HMAC_CTX_init(&hctx->hctx); ++ hctx->hctx = HMAC_CTX_new(); ++ if (hctx->hctx == NULL) ++ return -1; + hctx->md = md; + dctx->blocklength = M_EVP_MD_size(md); + dctx->seedlen = M_EVP_MD_size(md); @@ -4447,10 +3745,10 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.2h/crypto/ + + return 1; +} -diff -up openssl-1.0.2h/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.2h/crypto/fips/fips_drbg_lib.c ---- openssl-1.0.2h/crypto/fips/fips_drbg_lib.c.fips 2016-05-03 16:57:58.827321134 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_drbg_lib.c 2016-05-03 16:57:58.827321134 +0200 -@@ -0,0 +1,553 @@ +diff -up openssl-1.1.0h/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_lib.c +--- openssl-1.1.0h/crypto/fips/fips_drbg_lib.c.fips 2018-03-29 14:44:24.633236807 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_drbg_lib.c 2018-03-29 14:44:24.633236807 +0200 +@@ -0,0 +1,555 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ @@ -4506,6 +3804,8 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.2h/crypto/f +#include +#include +#include ++#include ++#include "internal/fips_int.h" +#include +#include "fips_locl.h" +#include "fips_rand_lcl.h" @@ -5004,10 +4304,10 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.2h/crypto/f + memcpy(dctx->lb, out, dctx->blocklength); + return 1; +} -diff -up openssl-1.0.2h/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2h/crypto/fips/fips_drbg_rand.c ---- openssl-1.0.2h/crypto/fips/fips_drbg_rand.c.fips 2016-05-03 16:57:58.827321134 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_drbg_rand.c 2016-05-03 16:57:58.827321134 +0200 -@@ -0,0 +1,166 @@ +diff -up openssl-1.1.0h/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_rand.c +--- openssl-1.1.0h/crypto/fips/fips_drbg_rand.c.fips 2018-03-29 14:44:24.633236807 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_drbg_rand.c 2018-03-29 14:44:24.633236807 +0200 +@@ -0,0 +1,183 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -5063,8 +4363,10 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2h/crypto/ + +#include +#include ++#include "internal/thread_once.h" +#include +#include ++#include +#include +#include "fips_rand_lcl.h" + @@ -5076,8 +4378,19 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2h/crypto/ + +static DRBG_CTX ossl_dctx; + ++static CRYPTO_RWLOCK *fips_rand_lock = NULL; ++static CRYPTO_ONCE fips_rand_lock_init = CRYPTO_ONCE_STATIC_INIT; ++ ++DEFINE_RUN_ONCE_STATIC(do_fips_rand_lock_init) ++{ ++ fips_rand_lock = CRYPTO_THREAD_lock_new(); ++ return fips_rand_lock != NULL; ++} ++ +DRBG_CTX *FIPS_get_default_drbg(void) +{ ++ if (!RUN_ONCE(&fips_rand_lock_init, do_fips_rand_lock_init)) ++ return NULL; + return &ossl_dctx; +} + @@ -5087,7 +4400,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2h/crypto/ + int rv = 0; + unsigned char *adin = NULL; + size_t adinlen = 0; -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); ++ CRYPTO_THREAD_write_lock(fips_rand_lock); + do { + size_t rcnt; + if (count > (int)dctx->max_request) @@ -5116,7 +4429,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2h/crypto/ + while (count); + rv = 1; + err: -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ CRYPTO_THREAD_unlock(fips_rand_lock); + return rv; +} + @@ -5131,33 +4444,37 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2h/crypto/ +{ + DRBG_CTX *dctx = &ossl_dctx; + int rv; -+ CRYPTO_r_lock(CRYPTO_LOCK_RAND); ++ CRYPTO_THREAD_read_lock(fips_rand_lock); + rv = dctx->status == DRBG_STATUS_READY ? 1 : 0; -+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND); ++ CRYPTO_THREAD_unlock(fips_rand_lock); + return rv; +} + +static void fips_drbg_cleanup(void) +{ + DRBG_CTX *dctx = &ossl_dctx; -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); ++ CRYPTO_THREAD_write_lock(fips_rand_lock); + FIPS_drbg_uninstantiate(dctx); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ CRYPTO_THREAD_unlock(fips_rand_lock); +} + +static int fips_drbg_seed(const void *seed, int seedlen) +{ + DRBG_CTX *dctx = &ossl_dctx; ++ CRYPTO_THREAD_write_lock(fips_rand_lock); + if (dctx->rand_seed_cb) + return dctx->rand_seed_cb(dctx, seed, seedlen); ++ CRYPTO_THREAD_unlock(fips_rand_lock); + return 1; +} + +static int fips_drbg_add(const void *seed, int seedlen, double add_entropy) +{ + DRBG_CTX *dctx = &ossl_dctx; ++ CRYPTO_THREAD_write_lock(fips_rand_lock); + if (dctx->rand_add_cb) + return dctx->rand_add_cb(dctx, seed, seedlen, add_entropy); ++ CRYPTO_THREAD_unlock(fips_rand_lock); + return 1; +} + @@ -5174,10 +4491,10 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2h/crypto/ +{ + return &rand_drbg_meth; +} -diff -up openssl-1.0.2h/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.2h/crypto/fips/fips_drbg_selftest.c ---- openssl-1.0.2h/crypto/fips/fips_drbg_selftest.c.fips 2016-05-03 16:57:58.827321134 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_drbg_selftest.c 2016-05-03 16:57:58.827321134 +0200 -@@ -0,0 +1,827 @@ +diff -up openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c +--- openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c.fips 2018-03-29 14:44:24.634236830 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c 2018-03-29 14:44:24.634236830 +0200 +@@ -0,0 +1,828 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -5234,6 +4551,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.2h/cry +#include +#include +#include ++#include +#include +#include "fips_rand_lcl.h" +#include "fips_locl.h" @@ -6005,9 +5323,9 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.2h/cry + FIPS_drbg_free(dctx); + return rv; +} -diff -up openssl-1.0.2h/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.2h/crypto/fips/fips_drbg_selftest.h ---- openssl-1.0.2h/crypto/fips/fips_drbg_selftest.h.fips 2016-05-03 16:57:58.828321157 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_drbg_selftest.h 2016-05-03 16:57:58.828321157 +0200 +diff -up openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h +--- openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h.fips 2018-03-29 14:44:24.634236830 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h 2018-03-29 14:44:24.634236830 +0200 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7800,10 +7118,10 @@ diff -up openssl-1.0.2h/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.2h/cry + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -diff -up openssl-1.0.2h/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.2h/crypto/fips/fips_dsa_selftest.c ---- openssl-1.0.2h/crypto/fips/fips_dsa_selftest.c.fips 2016-05-03 16:57:58.828321157 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_dsa_selftest.c 2016-05-03 16:57:58.828321157 +0200 -@@ -0,0 +1,192 @@ +diff -up openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c +--- openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c.fips 2018-03-29 14:44:24.634236830 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c 2018-03-29 14:44:24.634236830 +0200 +@@ -0,0 +1,195 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * @@ -7857,6 +7175,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.2h/cryp +#include +#include +#include ++#include "internal/fips_int.h" +#include +#include +#include @@ -7951,32 +7270,27 @@ diff -up openssl-1.0.2h/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.2h/cryp + 0xec, 0x55, 0xf6, 0xcc +}; + -+static int corrupt_dsa; -+ -+void FIPS_corrupt_dsa() -+{ -+ corrupt_dsa = 1; -+} -+ +int FIPS_selftest_dsa() +{ + DSA *dsa = NULL; + EVP_PKEY *pk = NULL; -+ int ret = 0; ++ int ret = -1; ++ BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL; ++ ++ fips_load_key_component(p, dsa_test_2048); ++ fips_load_key_component(q, dsa_test_2048); ++ fips_load_key_component(g, dsa_test_2048); ++ fips_load_key_component(pub_key, dsa_test_2048); ++ fips_load_key_component(priv_key, dsa_test_2048); + + dsa = DSA_new(); + + if (dsa == NULL) + goto err; + -+ fips_load_key_component(dsa, p, dsa_test_2048); -+ fips_load_key_component(dsa, q, dsa_test_2048); -+ fips_load_key_component(dsa, g, dsa_test_2048); -+ fips_load_key_component(dsa, pub_key, dsa_test_2048); -+ fips_load_key_component(dsa, priv_key, dsa_test_2048); ++ DSA_set0_pqg(dsa, p, q, g); + -+ if (corrupt_dsa) -+ BN_set_bit(dsa->pub_key, 2047); ++ DSA_set0_key(dsa, pub_key, priv_key); + + if ((pk = EVP_PKEY_new()) == NULL) + goto err; @@ -7993,12 +7307,435 @@ diff -up openssl-1.0.2h/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.2h/cryp + EVP_PKEY_free(pk); + else if (dsa) + DSA_free(dsa); ++ else { ++ BN_free(p); ++ BN_free(q); ++ BN_free(g); ++ BN_free(pub_key); ++ BN_free(priv_key); ++ } + return ret; +} +#endif -diff -up openssl-1.0.2h/crypto/fips/fips_enc.c.fips openssl-1.0.2h/crypto/fips/fips_enc.c ---- openssl-1.0.2h/crypto/fips/fips_enc.c.fips 2016-05-03 16:57:58.829321181 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_enc.c 2016-05-03 16:57:58.829321181 +0200 +diff -up openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c +--- openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c.fips 2018-03-29 14:44:24.635236854 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c 2018-03-29 14:44:24.635236854 +0200 +@@ -0,0 +1,242 @@ ++/* fips/ecdh/fips_ecdh_selftest.c */ ++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project 2011. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ */ ++ ++#define OPENSSL_FIPSAPI ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#ifdef OPENSSL_FIPS ++ ++# include "fips_locl.h" ++ ++static const unsigned char p256_qcavsx[] = { ++ 0x52, 0xc6, 0xa5, 0x75, 0xf3, 0x04, 0x98, 0xb3, 0x29, 0x66, 0x0c, 0x62, ++ 0x18, 0x60, 0x55, 0x41, 0x59, 0xd4, 0x60, 0x85, 0x99, 0xc1, 0x51, 0x13, ++ 0x6f, 0x97, 0x85, 0x93, 0x33, 0x34, 0x07, 0x50 ++}; ++ ++static const unsigned char p256_qcavsy[] = { ++ 0x6f, 0x69, 0x24, 0xeb, 0xe9, 0x3b, 0xa7, 0xcc, 0x47, 0x17, 0xaa, 0x3f, ++ 0x70, 0xfc, 0x10, 0x73, 0x0a, 0xcd, 0x21, 0xee, 0x29, 0x19, 0x1f, 0xaf, ++ 0xb4, 0x1c, 0x1e, 0xc2, 0x8e, 0x97, 0x81, 0x6e ++}; ++ ++static const unsigned char p256_qiutx[] = { ++ 0x71, 0x46, 0x88, 0x08, 0x92, 0x21, 0x1b, 0x10, 0x21, 0x74, 0xff, 0x0c, ++ 0x94, 0xde, 0x34, 0x7c, 0x86, 0x74, 0xbe, 0x67, 0x41, 0x68, 0xd4, 0xc1, ++ 0xe5, 0x75, 0x63, 0x9c, 0xa7, 0x46, 0x93, 0x6f ++}; ++ ++static const unsigned char p256_qiuty[] = { ++ 0x33, 0x40, 0xa9, 0x6a, 0xf5, 0x20, 0xb5, 0x9e, 0xfc, 0x60, 0x1a, 0xae, ++ 0x3d, 0xf8, 0x21, 0xd2, 0xa7, 0xca, 0x52, 0x34, 0xb9, 0x5f, 0x27, 0x75, ++ 0x6c, 0x81, 0xbe, 0x32, 0x4d, 0xba, 0xbb, 0xf8 ++}; ++ ++static const unsigned char p256_qiutd[] = { ++ 0x1a, 0x48, 0x55, 0x6b, 0x11, 0xbe, 0x92, 0xd4, 0x1c, 0xd7, 0x45, 0xc3, ++ 0x82, 0x81, 0x51, 0xf1, 0x23, 0x40, 0xb7, 0x83, 0xfd, 0x01, 0x6d, 0xbc, ++ 0xa1, 0x66, 0xaf, 0x0a, 0x03, 0x23, 0xcd, 0xc8 ++}; ++ ++static const unsigned char p256_ziut[] = { ++ 0x77, 0x2a, 0x1e, 0x37, 0xee, 0xe6, 0x51, 0x02, 0x71, 0x40, 0xf8, 0x6a, ++ 0x36, 0xf8, 0x65, 0x61, 0x2b, 0x18, 0x71, 0x82, 0x23, 0xe6, 0xf2, 0x77, ++ 0xce, 0xec, 0xb8, 0x49, 0xc7, 0xbf, 0x36, 0x4f ++}; ++ ++typedef struct { ++ int curve; ++ const unsigned char *x1; ++ size_t x1len; ++ const unsigned char *y1; ++ size_t y1len; ++ const unsigned char *d1; ++ size_t d1len; ++ const unsigned char *x2; ++ size_t x2len; ++ const unsigned char *y2; ++ size_t y2len; ++ const unsigned char *z; ++ size_t zlen; ++} ECDH_SELFTEST_DATA; ++ ++# define make_ecdh_test(nid, pr) { nid, \ ++ pr##_qiutx, sizeof(pr##_qiutx), \ ++ pr##_qiuty, sizeof(pr##_qiuty), \ ++ pr##_qiutd, sizeof(pr##_qiutd), \ ++ pr##_qcavsx, sizeof(pr##_qcavsx), \ ++ pr##_qcavsy, sizeof(pr##_qcavsy), \ ++ pr##_ziut, sizeof(pr##_ziut) } ++ ++static ECDH_SELFTEST_DATA test_ecdh_data[] = { ++ make_ecdh_test(NID_X9_62_prime256v1, p256), ++}; ++ ++int FIPS_selftest_ecdh(void) ++{ ++ EC_KEY *ec1 = NULL, *ec2 = NULL; ++ const EC_POINT *ecp = NULL; ++ BIGNUM *x = NULL, *y = NULL, *d = NULL; ++ unsigned char *ztmp = NULL; ++ int rv = 1; ++ size_t i; ++ ++ for (i = 0; i < sizeof(test_ecdh_data) / sizeof(ECDH_SELFTEST_DATA); i++) { ++ ECDH_SELFTEST_DATA *ecd = test_ecdh_data + i; ++ if (!fips_post_started(FIPS_TEST_ECDH, ecd->curve, 0)) ++ continue; ++ ztmp = OPENSSL_malloc(ecd->zlen); ++ ++ x = BN_bin2bn(ecd->x1, ecd->x1len, x); ++ y = BN_bin2bn(ecd->y1, ecd->y1len, y); ++ d = BN_bin2bn(ecd->d1, ecd->d1len, d); ++ ++ if (!x || !y || !d || !ztmp) { ++ rv = -1; ++ goto err; ++ } ++ ++ ec1 = EC_KEY_new_by_curve_name(ecd->curve); ++ if (!ec1) { ++ rv = -1; ++ goto err; ++ } ++ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH); ++ ++ if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y)) { ++ rv = -1; ++ goto err; ++ } ++ ++ if (!EC_KEY_set_private_key(ec1, d)) { ++ rv = -1; ++ goto err; ++ } ++ ++ x = BN_bin2bn(ecd->x2, ecd->x2len, x); ++ y = BN_bin2bn(ecd->y2, ecd->y2len, y); ++ ++ if (!x || !y) { ++ rv = -1; ++ goto err; ++ } ++ ++ ec2 = EC_KEY_new_by_curve_name(ecd->curve); ++ if (!ec2) { ++ rv = -1; ++ goto err; ++ } ++ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH); ++ ++ if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y)) { ++ rv = -1; ++ goto err; ++ } ++ ++ ecp = EC_KEY_get0_public_key(ec2); ++ if (!ecp) { ++ rv = -1; ++ goto err; ++ } ++ ++ if (!ECDH_compute_key(ztmp, ecd->zlen, ecp, ec1, 0)) { ++ rv = -1; ++ goto err; ++ } ++ ++ if (!fips_post_corrupt(FIPS_TEST_ECDH, ecd->curve, NULL)) ++ ztmp[0] ^= 0x1; ++ ++ if (memcmp(ztmp, ecd->z, ecd->zlen)) { ++ fips_post_failed(FIPS_TEST_ECDH, ecd->curve, 0); ++ rv = 0; ++ } else if (!fips_post_success(FIPS_TEST_ECDH, ecd->curve, 0)) ++ goto err; ++ ++ EC_KEY_free(ec1); ++ ec1 = NULL; ++ EC_KEY_free(ec2); ++ ec2 = NULL; ++ OPENSSL_free(ztmp); ++ ztmp = NULL; ++ } ++ ++ err: ++ ++ if (x) ++ BN_clear_free(x); ++ if (y) ++ BN_clear_free(y); ++ if (d) ++ BN_clear_free(d); ++ if (ec1) ++ EC_KEY_free(ec1); ++ if (ec2) ++ EC_KEY_free(ec2); ++ if (ztmp) ++ OPENSSL_free(ztmp); ++ ++ return rv; ++ ++} ++ ++#endif +diff -up openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c +--- openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c.fips 2018-03-29 14:44:24.635236854 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c 2018-03-29 14:44:24.635236854 +0200 +@@ -0,0 +1,166 @@ ++/* fips/ecdsa/fips_ecdsa_selftest.c */ ++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project 2011. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ */ ++ ++#define OPENSSL_FIPSAPI ++ ++#include ++#include ++#include ++#include ++#include ++#include "internal/fips_int.h" ++#include ++#include ++#include ++ ++#ifdef OPENSSL_FIPS ++ ++static const char P_256_name[] = "ECDSA P-256"; ++ ++static const unsigned char P_256_d[] = { ++ 0x51, 0xbd, 0x06, 0xa1, 0x1c, 0xda, 0xe2, 0x12, 0x99, 0xc9, 0x52, 0x3f, ++ 0xea, 0xa4, 0xd2, 0xd1, 0xf4, 0x7f, 0xd4, 0x3e, 0xbd, 0xf8, 0xfc, 0x87, ++ 0xdc, 0x82, 0x53, 0x21, 0xee, 0xa0, 0xdc, 0x64 ++}; ++ ++static const unsigned char P_256_qx[] = { ++ 0x23, 0x89, 0xe0, 0xf4, 0x69, 0xe0, 0x49, 0xe5, 0xc7, 0xe5, 0x40, 0x6e, ++ 0x8f, 0x25, 0xdd, 0xad, 0x11, 0x16, 0x14, 0x9b, 0xab, 0x44, 0x06, 0x31, ++ 0xbf, 0x5e, 0xa6, 0x44, 0xac, 0x86, 0x00, 0x07 ++}; ++ ++static const unsigned char P_256_qy[] = { ++ 0xb3, 0x05, 0x0d, 0xd0, 0xdc, 0xf7, 0x40, 0xe6, 0xf9, 0xd8, 0x6d, 0x7b, ++ 0x63, 0xca, 0x97, 0xe6, 0x12, 0xf9, 0xd4, 0x18, 0x59, 0xbe, 0xb2, 0x5e, ++ 0x4a, 0x6a, 0x77, 0x23, 0xf4, 0x11, 0x9d, 0xeb ++}; ++ ++typedef struct { ++ int curve; ++ const char *name; ++ const unsigned char *x; ++ size_t xlen; ++ const unsigned char *y; ++ size_t ylen; ++ const unsigned char *d; ++ size_t dlen; ++} EC_SELFTEST_DATA; ++ ++# define make_ecdsa_test(nid, pr) { nid, pr##_name, \ ++ pr##_qx, sizeof(pr##_qx), \ ++ pr##_qy, sizeof(pr##_qy), \ ++ pr##_d, sizeof(pr##_d)} ++ ++static EC_SELFTEST_DATA test_ec_data[] = { ++ make_ecdsa_test(NID_X9_62_prime256v1, P_256), ++}; ++ ++int FIPS_selftest_ecdsa() ++{ ++ EC_KEY *ec = NULL; ++ BIGNUM *x = NULL, *y = NULL, *d = NULL; ++ EVP_PKEY *pk = NULL; ++ int rv = 0; ++ size_t i; ++ ++ for (i = 0; i < sizeof(test_ec_data) / sizeof(EC_SELFTEST_DATA); i++) { ++ EC_SELFTEST_DATA *ecd = test_ec_data + i; ++ ++ x = BN_bin2bn(ecd->x, ecd->xlen, x); ++ y = BN_bin2bn(ecd->y, ecd->ylen, y); ++ d = BN_bin2bn(ecd->d, ecd->dlen, d); ++ ++ if (!x || !y || !d) ++ goto err; ++ ++ ec = EC_KEY_new_by_curve_name(ecd->curve); ++ if (!ec) ++ goto err; ++ ++ if (!EC_KEY_set_public_key_affine_coordinates(ec, x, y)) ++ goto err; ++ ++ if (!EC_KEY_set_private_key(ec, d)) ++ goto err; ++ ++ if ((pk = EVP_PKEY_new()) == NULL) ++ goto err; ++ ++ EVP_PKEY_assign_EC_KEY(pk, ec); ++ ++ if (!fips_pkey_signature_test(pk, NULL, 0, ++ NULL, 0, EVP_sha256(), 0, ecd->name)) ++ goto err; ++ } ++ ++ rv = 1; ++ ++ err: ++ ++ if (x) ++ BN_clear_free(x); ++ if (y) ++ BN_clear_free(y); ++ if (d) ++ BN_clear_free(d); ++ if (pk) ++ EVP_PKEY_free(pk); ++ else if (ec) ++ EC_KEY_free(ec); ++ ++ return rv; ++ ++} ++ ++#endif +diff -up openssl-1.1.0h/crypto/fips/fips_enc.c.fips openssl-1.1.0h/crypto/fips/fips_enc.c +--- openssl-1.1.0h/crypto/fips/fips_enc.c.fips 2018-03-29 14:44:24.635236854 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_enc.c 2018-03-29 14:44:24.635236854 +0200 @@ -0,0 +1,189 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8189,19 +7926,20 @@ diff -up openssl-1.0.2h/crypto/fips/fips_enc.c.fips openssl-1.0.2h/crypto/fips/f + + } +} -diff -up openssl-1.0.2h/crypto/fips/fips.h.fips openssl-1.0.2h/crypto/fips/fips.h ---- openssl-1.0.2h/crypto/fips/fips.h.fips 2016-05-03 16:57:58.829321181 +0200 -+++ openssl-1.0.2h/crypto/fips/fips.h 2016-05-03 16:57:58.829321181 +0200 -@@ -0,0 +1,278 @@ +diff -up openssl-1.1.0h/crypto/fips/fips_err.h.fips openssl-1.1.0h/crypto/fips/fips_err.h +--- openssl-1.1.0h/crypto/fips/fips_err.h.fips 2018-03-29 14:44:24.635236854 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_err.h 2018-03-29 14:44:24.635236854 +0200 +@@ -0,0 +1,196 @@ ++/* crypto/fips_err.h */ +/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in @@ -8211,12 +7949,12 @@ diff -up openssl-1.0.2h/crypto/fips/fips.h.fips openssl-1.0.2h/crypto/fips/fips. + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. ++ * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written @@ -8225,7 +7963,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips.h.fips openssl-1.0.2h/crypto/fips/fips. + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -8239,241 +7977,169 @@ diff -up openssl-1.0.2h/crypto/fips/fips.h.fips openssl-1.0.2h/crypto/fips/fips. + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * + */ + -+#include -+#include -+#include ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. ++ */ + -+#ifndef OPENSSL_FIPS -+# error FIPS is disabled. -+#endif -+ -+#ifdef OPENSSL_FIPS -+ -+# ifdef __cplusplus -+extern "C" { -+# endif -+ -+ struct dsa_st; -+ struct rsa_st; -+ struct evp_pkey_st; -+ struct env_md_st; -+ struct env_md_ctx_st; -+ struct evp_cipher_st; -+ struct evp_cipher_ctx_st; -+ struct dh_method; -+ struct CMAC_CTX_st; -+ struct hmac_ctx_st; -+ -+ int FIPS_module_mode_set(int onoff, const char *auth); -+ int FIPS_module_mode(void); -+ const void *FIPS_rand_check(void); -+ int FIPS_selftest(void); -+ int FIPS_selftest_failed(void); -+ void FIPS_corrupt_sha1(void); -+ int FIPS_selftest_sha1(void); -+ int FIPS_selftest_sha2(void); -+ void FIPS_corrupt_aes(void); -+ int FIPS_selftest_aes_ccm(void); -+ int FIPS_selftest_aes_gcm(void); -+ int FIPS_selftest_aes_xts(void); -+ int FIPS_selftest_aes(void); -+ void FIPS_corrupt_des(void); -+ int FIPS_selftest_des(void); -+ void FIPS_corrupt_rsa(void); -+ void FIPS_corrupt_rsa_keygen(void); -+ int FIPS_selftest_rsa(void); -+ void FIPS_corrupt_dsa(void); -+ void FIPS_corrupt_dsa_keygen(void); -+ int FIPS_selftest_dsa(void); -+ void FIPS_corrupt_rng(void); -+ void FIPS_rng_stick(void); -+ void FIPS_x931_stick(int onoff); -+ void FIPS_drbg_stick(int onoff); -+ int FIPS_selftest_rng(void); -+ int FIPS_selftest_x931(void); -+ int FIPS_selftest_hmac(void); -+ int FIPS_selftest_drbg(void); -+ int FIPS_selftest_drbg_all(void); -+ int FIPS_selftest_cmac(void); -+ -+ void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); -+ -+# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ -+ alg " previous FIPS forbidden algorithm error ignored"); -+ -+ int fips_pkey_signature_test(struct evp_pkey_st *pkey, -+ const unsigned char *tbs, int tbslen, -+ const unsigned char *kat, -+ unsigned int katlen, -+ const struct env_md_st *digest, -+ unsigned int md_flags, const char *fail_str); -+ -+ int fips_cipher_test(struct evp_cipher_ctx_st *ctx, -+ const struct evp_cipher_st *cipher, -+ const unsigned char *key, -+ const unsigned char *iv, -+ const unsigned char *plaintext, -+ const unsigned char *ciphertext, int len); -+ -+ void fips_set_selftest_fail(void); -+ -+ const struct env_md_st *FIPS_get_digestbynid(int nid); -+ -+ const struct evp_cipher_st *FIPS_get_cipherbynid(int nid); ++#include ++#include ++#include + +/* BEGIN ERROR CODES */ -+/* The following lines are auto generated by the script mkerr.pl. Any changes -+ * made after this point may be overwritten when the script is next run. -+ */ -+ void ERR_load_FIPS_strings(void); ++#ifndef OPENSSL_NO_ERR + -+/* Error codes for the FIPS functions. */ ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_FIPS,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_FIPS,0,reason) + -+/* Function codes. */ -+# define FIPS_F_DH_BUILTIN_GENPARAMS 100 -+# define FIPS_F_DH_INIT 148 -+# define FIPS_F_DRBG_RESEED 162 -+# define FIPS_F_DSA_BUILTIN_PARAMGEN 101 -+# define FIPS_F_DSA_BUILTIN_PARAMGEN2 107 -+# define FIPS_F_DSA_DO_SIGN 102 -+# define FIPS_F_DSA_DO_VERIFY 103 -+# define FIPS_F_ECDH_COMPUTE_KEY 163 -+# define FIPS_F_ECDSA_DO_SIGN 164 -+# define FIPS_F_ECDSA_DO_VERIFY 165 -+# define FIPS_F_EC_KEY_GENERATE_KEY 166 -+# define FIPS_F_EVP_CIPHERINIT_EX 124 -+# define FIPS_F_EVP_DIGESTINIT_EX 125 -+# define FIPS_F_FIPS_CHECK_DSA 104 -+# define FIPS_F_FIPS_CHECK_DSA_PRNG 151 -+# define FIPS_F_FIPS_CHECK_EC 142 -+# define FIPS_F_FIPS_CHECK_EC_PRNG 152 -+# define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105 -+# define FIPS_F_FIPS_CHECK_RSA 106 -+# define FIPS_F_FIPS_CHECK_RSA_PRNG 150 -+# define FIPS_F_FIPS_CIPHER 160 -+# define FIPS_F_FIPS_CIPHERINIT 143 -+# define FIPS_F_FIPS_CIPHER_CTX_CTRL 161 -+# define FIPS_F_FIPS_DIGESTFINAL 158 -+# define FIPS_F_FIPS_DIGESTINIT 128 -+# define FIPS_F_FIPS_DIGESTUPDATE 159 -+# define FIPS_F_FIPS_DRBG_BYTES 131 -+# define FIPS_F_FIPS_DRBG_CHECK 146 -+# define FIPS_F_FIPS_DRBG_CPRNG_TEST 132 -+# define FIPS_F_FIPS_DRBG_ERROR_CHECK 136 -+# define FIPS_F_FIPS_DRBG_GENERATE 134 -+# define FIPS_F_FIPS_DRBG_INIT 135 -+# define FIPS_F_FIPS_DRBG_INSTANTIATE 138 -+# define FIPS_F_FIPS_DRBG_NEW 139 -+# define FIPS_F_FIPS_DRBG_RESEED 140 -+# define FIPS_F_FIPS_DRBG_SINGLE_KAT 141 -+# define FIPS_F_FIPS_DSA_CHECK /* unused */ 107 -+# define FIPS_F_FIPS_DSA_SIGN_DIGEST 154 -+# define FIPS_F_FIPS_DSA_VERIFY_DIGEST 155 -+# define FIPS_F_FIPS_GET_ENTROPY 147 -+# define FIPS_F_FIPS_MODE_SET /* unused */ 108 -+# define FIPS_F_FIPS_MODULE_MODE_SET 108 -+# define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109 -+# define FIPS_F_FIPS_RAND_ADD 137 -+# define FIPS_F_FIPS_RAND_BYTES 122 -+# define FIPS_F_FIPS_RAND_PSEUDO_BYTES 167 -+# define FIPS_F_FIPS_RAND_SEED 168 -+# define FIPS_F_FIPS_RAND_SET_METHOD 126 -+# define FIPS_F_FIPS_RAND_STATUS 127 -+# define FIPS_F_FIPS_RSA_SIGN_DIGEST 156 -+# define FIPS_F_FIPS_RSA_VERIFY_DIGEST 157 -+# define FIPS_F_FIPS_SELFTEST_AES 110 -+# define FIPS_F_FIPS_SELFTEST_AES_CCM 145 -+# define FIPS_F_FIPS_SELFTEST_AES_GCM 129 -+# define FIPS_F_FIPS_SELFTEST_AES_XTS 144 -+# define FIPS_F_FIPS_SELFTEST_CMAC 130 -+# define FIPS_F_FIPS_SELFTEST_DES 111 -+# define FIPS_F_FIPS_SELFTEST_DSA 112 -+# define FIPS_F_FIPS_SELFTEST_ECDSA 133 -+# define FIPS_F_FIPS_SELFTEST_HMAC 113 -+# define FIPS_F_FIPS_SELFTEST_RNG /* unused */ 114 -+# define FIPS_F_FIPS_SELFTEST_SHA1 115 -+# define FIPS_F_FIPS_SELFTEST_X931 114 -+# define FIPS_F_FIPS_SET_PRNG_KEY 153 -+# define FIPS_F_HASH_FINAL 123 -+# define FIPS_F_RSA_BUILTIN_KEYGEN 116 -+# define FIPS_F_RSA_EAY_INIT 149 -+# define FIPS_F_RSA_EAY_PRIVATE_DECRYPT 117 -+# define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT 118 -+# define FIPS_F_RSA_EAY_PUBLIC_DECRYPT 119 -+# define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 120 -+# define FIPS_F_RSA_X931_GENERATE_KEY_EX 121 -+# define FIPS_F_SSLEAY_RAND_BYTES /* unused */ 122 ++static ERR_STRING_DATA FIPS_str_functs[] = { ++ {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "dh_builtin_genparams"}, ++ {ERR_FUNC(FIPS_F_DRBG_RESEED), "drbg_reseed"}, ++ {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2), "dsa_builtin_paramgen2"}, ++ {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"}, ++ {ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"}, ++ {ERR_FUNC(FIPS_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"}, ++ {ERR_FUNC(FIPS_F_EVP_CIPHER_CTX_NEW), "EVP_CIPHER_CTX_new"}, ++ {ERR_FUNC(FIPS_F_EVP_CIPHER_CTX_RESET), "EVP_CIPHER_CTX_reset"}, ++ {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "fips_check_dsa"}, ++ {ERR_FUNC(FIPS_F_FIPS_CHECK_EC), "fips_check_ec"}, ++ {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "fips_check_rsa"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_BYTES), "fips_drbg_bytes"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_CHECK), "fips_drbg_check"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_CPRNG_TEST), "fips_drbg_cprng_test"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_ERROR_CHECK), "fips_drbg_error_check"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE), "FIPS_drbg_generate"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_INIT), "FIPS_drbg_init"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE), "FIPS_drbg_instantiate"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW), "FIPS_drbg_new"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_RESEED), "FIPS_drbg_reseed"}, ++ {ERR_FUNC(FIPS_F_FIPS_DRBG_SINGLE_KAT), "FIPS_DRBG_SINGLE_KAT"}, ++ {ERR_FUNC(FIPS_F_FIPS_GET_ENTROPY), "fips_get_entropy"}, ++ {ERR_FUNC(FIPS_F_FIPS_MODULE_MODE_SET), "FIPS_module_mode_set"}, ++ {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST), "fips_pkey_signature_test"}, ++ {ERR_FUNC(FIPS_F_FIPS_RAND_BYTES), "FIPS_rand_bytes"}, ++ {ERR_FUNC(FIPS_F_FIPS_RAND_SEED), "FIPS_rand_seed"}, ++ {ERR_FUNC(FIPS_F_FIPS_RAND_SET_METHOD), "FIPS_rand_set_method"}, ++ {ERR_FUNC(FIPS_F_FIPS_RAND_STATUS), "FIPS_rand_status"}, ++ {ERR_FUNC(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN), "fips_rsa_builtin_keygen"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES), "FIPS_selftest_aes"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_CCM), "FIPS_selftest_aes_ccm"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_GCM), "FIPS_selftest_aes_gcm"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_XTS), "FIPS_selftest_aes_xts"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_CMAC), "FIPS_selftest_cmac"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES), "FIPS_selftest_des"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_ECDSA), "FIPS_selftest_ecdsa"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"}, ++ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA2), "FIPS_selftest_sha2"}, ++ {ERR_FUNC(FIPS_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"}, ++ {ERR_FUNC(FIPS_F_OSSL_ECDSA_VERIFY_SIG), "ossl_ecdsa_verify_sig"}, ++ {ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN), "rsa_builtin_keygen"}, ++ {ERR_FUNC(FIPS_F_RSA_OSSL_INIT), "rsa_ossl_init"}, ++ {ERR_FUNC(FIPS_F_RSA_OSSL_PRIVATE_DECRYPT), "rsa_ossl_private_decrypt"}, ++ {ERR_FUNC(FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT), "rsa_ossl_private_encrypt"}, ++ {ERR_FUNC(FIPS_F_RSA_OSSL_PUBLIC_DECRYPT), "rsa_ossl_public_decrypt"}, ++ {ERR_FUNC(FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT), "rsa_ossl_public_encrypt"}, ++ {0, NULL} ++}; + -+/* Reason codes. */ -+# define FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED 150 -+# define FIPS_R_ADDITIONAL_INPUT_TOO_LONG 125 -+# define FIPS_R_ALREADY_INSTANTIATED 134 -+# define FIPS_R_AUTHENTICATION_FAILURE 151 -+# define FIPS_R_CANNOT_READ_EXE /* unused */ 103 -+# define FIPS_R_CANNOT_READ_EXE_DIGEST /* unused */ 104 -+# define FIPS_R_CONTRADICTING_EVIDENCE 114 -+# define FIPS_R_DRBG_NOT_INITIALISED 152 -+# define FIPS_R_DRBG_STUCK 103 -+# define FIPS_R_ENTROPY_ERROR_UNDETECTED 104 -+# define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105 -+# define FIPS_R_ENTROPY_SOURCE_STUCK 142 -+# define FIPS_R_ERROR_INITIALISING_DRBG 115 -+# define FIPS_R_ERROR_INSTANTIATING_DRBG 127 -+# define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 124 -+# define FIPS_R_ERROR_RETRIEVING_ENTROPY 122 -+# define FIPS_R_ERROR_RETRIEVING_NONCE 140 -+# define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH /* unused */ 105 -+# define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 110 -+# define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111 -+# define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112 -+# define FIPS_R_FIPS_MODE_ALREADY_SET 102 -+# define FIPS_R_FIPS_SELFTEST_FAILED 106 -+# define FIPS_R_FUNCTION_ERROR 116 -+# define FIPS_R_GENERATE_ERROR 137 -+# define FIPS_R_GENERATE_ERROR_UNDETECTED 118 -+# define FIPS_R_INSTANTIATE_ERROR 119 -+# define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH 120 -+# define FIPS_R_INTERNAL_ERROR 121 -+# define FIPS_R_INVALID_KEY_LENGTH 109 -+# define FIPS_R_INVALID_PARAMETERS 144 -+# define FIPS_R_IN_ERROR_STATE 123 -+# define FIPS_R_KEY_TOO_SHORT 108 -+# define FIPS_R_NONCE_ERROR_UNDETECTED 149 -+# define FIPS_R_NON_FIPS_METHOD 100 -+# define FIPS_R_NOPR_TEST1_FAILURE 145 -+# define FIPS_R_NOPR_TEST2_FAILURE 146 -+# define FIPS_R_NOT_INSTANTIATED 126 -+# define FIPS_R_PAIRWISE_TEST_FAILED 107 -+# define FIPS_R_PERSONALISATION_ERROR_UNDETECTED 128 -+# define FIPS_R_PERSONALISATION_STRING_TOO_LONG 129 -+# define FIPS_R_PRNG_STRENGTH_TOO_LOW 143 -+# define FIPS_R_PR_TEST1_FAILURE 147 -+# define FIPS_R_PR_TEST2_FAILURE 148 -+# define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED 130 -+# define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG 131 -+# define FIPS_R_RESEED_COUNTER_ERROR 132 -+# define FIPS_R_RESEED_ERROR 133 -+# define FIPS_R_RSA_DECRYPT_ERROR /* unused */ 115 -+# define FIPS_R_RSA_ENCRYPT_ERROR /* unused */ 116 -+# define FIPS_R_SELFTEST_FAILED 101 -+# define FIPS_R_SELFTEST_FAILURE 135 -+# define FIPS_R_STRENGTH_ERROR_UNDETECTED 136 -+# define FIPS_R_TEST_FAILURE 117 -+# define FIPS_R_UNINSTANTIATE_ERROR 141 -+# define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138 -+# define FIPS_R_UNSUPPORTED_DRBG_TYPE 139 -+# define FIPS_R_UNSUPPORTED_PLATFORM 113 ++static ERR_STRING_DATA FIPS_str_reasons[] = { ++ {ERR_REASON(FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED), ++ "additional input error undetected"}, ++ {ERR_REASON(FIPS_R_ADDITIONAL_INPUT_TOO_LONG), ++ "additional input too long"}, ++ {ERR_REASON(FIPS_R_ALREADY_INSTANTIATED), "already instantiated"}, ++ {ERR_REASON(FIPS_R_DRBG_NOT_INITIALISED), "drbg not initialised"}, ++ {ERR_REASON(FIPS_R_DRBG_STUCK), "drbg stuck"}, ++ {ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED), "entropy error undetected"}, ++ {ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED), ++ "entropy not requested for reseed"}, ++ {ERR_REASON(FIPS_R_ENTROPY_SOURCE_STUCK), "entropy source stuck"}, ++ {ERR_REASON(FIPS_R_ERROR_INITIALISING_DRBG), "error initialising drbg"}, ++ {ERR_REASON(FIPS_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"}, ++ {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT), ++ "error retrieving additional input"}, ++ {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ENTROPY), "error retrieving entropy"}, ++ {ERR_REASON(FIPS_R_ERROR_RETRIEVING_NONCE), "error retrieving nonce"}, ++ {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH), ++ "fingerprint does not match"}, ++ {ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET), "fips mode already set"}, ++ {ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED), "fips selftest failed"}, ++ {ERR_REASON(FIPS_R_FUNCTION_ERROR), "function error"}, ++ {ERR_REASON(FIPS_R_GENERATE_ERROR), "generate error"}, ++ {ERR_REASON(FIPS_R_GENERATE_ERROR_UNDETECTED), ++ "generate error undetected"}, ++ {ERR_REASON(FIPS_R_INSTANTIATE_ERROR), "instantiate error"}, ++ {ERR_REASON(FIPS_R_INTERNAL_ERROR), "internal error"}, ++ {ERR_REASON(FIPS_R_INVALID_KEY_LENGTH), "invalid key length"}, ++ {ERR_REASON(FIPS_R_IN_ERROR_STATE), "in error state"}, ++ {ERR_REASON(FIPS_R_KEY_TOO_SHORT), "key too short"}, ++ {ERR_REASON(FIPS_R_NONCE_ERROR_UNDETECTED), "nonce error undetected"}, ++ {ERR_REASON(FIPS_R_NON_FIPS_METHOD), "non fips method"}, ++ {ERR_REASON(FIPS_R_NOPR_TEST1_FAILURE), "nopr test1 failure"}, ++ {ERR_REASON(FIPS_R_NOPR_TEST2_FAILURE), "nopr test2 failure"}, ++ {ERR_REASON(FIPS_R_NOT_INSTANTIATED), "not instantiated"}, ++ {ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED), "pairwise test failed"}, ++ {ERR_REASON(FIPS_R_PERSONALISATION_ERROR_UNDETECTED), ++ "personalisation error undetected"}, ++ {ERR_REASON(FIPS_R_PERSONALISATION_STRING_TOO_LONG), ++ "personalisation string too long"}, ++ {ERR_REASON(FIPS_R_PR_TEST1_FAILURE), "pr test1 failure"}, ++ {ERR_REASON(FIPS_R_PR_TEST2_FAILURE), "pr test2 failure"}, ++ {ERR_REASON(FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED), ++ "request length error undetected"}, ++ {ERR_REASON(FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG), ++ "request too large for drbg"}, ++ {ERR_REASON(FIPS_R_RESEED_COUNTER_ERROR), "reseed counter error"}, ++ {ERR_REASON(FIPS_R_RESEED_ERROR), "reseed error"}, ++ {ERR_REASON(FIPS_R_SELFTEST_FAILED), "selftest failed"}, ++ {ERR_REASON(FIPS_R_SELFTEST_FAILURE), "selftest failure"}, ++ {ERR_REASON(FIPS_R_TEST_FAILURE), "test failure"}, ++ {ERR_REASON(FIPS_R_UNINSTANTIATE_ERROR), "uninstantiate error"}, ++ {ERR_REASON(FIPS_R_UNINSTANTIATE_ZEROISE_ERROR), ++ "uninstantiate zeroise error"}, ++ {ERR_REASON(FIPS_R_UNSUPPORTED_DRBG_TYPE), "unsupported drbg type"}, ++ {ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM), "unsupported platform"}, ++ {0, NULL} ++}; + -+# ifdef __cplusplus -+} -+# endif +#endif -diff -up openssl-1.0.2h/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.2h/crypto/fips/fips_hmac_selftest.c ---- openssl-1.0.2h/crypto/fips/fips_hmac_selftest.c.fips 2016-05-03 16:57:58.829321181 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_hmac_selftest.c 2016-05-03 16:57:58.829321181 +0200 ++ ++int ERR_load_FIPS_strings(void) ++{ ++#ifndef OPENSSL_NO_ERR ++ ++ if (ERR_func_error_string(FIPS_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, FIPS_str_functs); ++ ERR_load_strings(0, FIPS_str_reasons); ++ } ++#endif ++ return 1; ++} +diff -up openssl-1.1.0h/crypto/fips/fips_ers.c.fips openssl-1.1.0h/crypto/fips/fips_ers.c +--- openssl-1.1.0h/crypto/fips/fips_ers.c.fips 2018-03-29 14:44:24.635236854 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_ers.c 2018-03-29 14:44:24.635236854 +0200 +@@ -0,0 +1,7 @@ ++#include ++ ++#ifdef OPENSSL_FIPS ++# include "fips_err.h" ++#else ++static void *dummy = &dummy; ++#endif +diff -up openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c +--- openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c.fips 2018-03-29 14:44:24.635236854 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c 2018-03-29 14:44:24.635236854 +0200 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8609,9 +8275,9 @@ diff -up openssl-1.0.2h/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.2h/cry + return 1; +} +#endif -diff -up openssl-1.0.2h/crypto/fips/fips_locl.h.fips openssl-1.0.2h/crypto/fips/fips_locl.h ---- openssl-1.0.2h/crypto/fips/fips_locl.h.fips 2016-05-03 16:57:58.829321181 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_locl.h 2016-05-03 16:57:58.829321181 +0200 +diff -up openssl-1.1.0h/crypto/fips/fips_locl.h.fips openssl-1.1.0h/crypto/fips/fips_locl.h +--- openssl-1.1.0h/crypto/fips/fips_locl.h.fips 2018-03-29 14:44:24.635236854 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_locl.h 2018-03-29 14:44:24.635236854 +0200 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8669,9 +8335,9 @@ diff -up openssl-1.0.2h/crypto/fips/fips_locl.h.fips openssl-1.0.2h/crypto/fips/ +# endif + +# define FIPS_MAX_CIPHER_TEST_SIZE 32 -+# define fips_load_key_component(key, comp, pre) \ -+ key->comp = BN_bin2bn(pre##_##comp, sizeof(pre##_##comp), key->comp); \ -+ if (!key->comp) \ ++# define fips_load_key_component(comp, pre) \ ++ comp = BN_bin2bn(pre##_##comp, sizeof(pre##_##comp), NULL); \ ++ if (!comp) \ + goto err + +# define fips_post_started(id, subid, ex) 1 @@ -8684,9 +8350,9 @@ diff -up openssl-1.0.2h/crypto/fips/fips_locl.h.fips openssl-1.0.2h/crypto/fips/ +} +# endif +#endif -diff -up openssl-1.0.2h/crypto/fips/fips_md.c.fips openssl-1.0.2h/crypto/fips/fips_md.c ---- openssl-1.0.2h/crypto/fips/fips_md.c.fips 2016-05-03 16:57:58.829321181 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_md.c 2016-05-03 16:57:58.829321181 +0200 +diff -up openssl-1.1.0h/crypto/fips/fips_md.c.fips openssl-1.1.0h/crypto/fips/fips_md.c +--- openssl-1.1.0h/crypto/fips/fips_md.c.fips 2018-03-29 14:44:24.635236854 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_md.c 2018-03-29 14:44:24.635236854 +0200 @@ -0,0 +1,144 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8832,10 +8498,10 @@ diff -up openssl-1.0.2h/crypto/fips/fips_md.c.fips openssl-1.0.2h/crypto/fips/fi + return NULL; + } +} -diff -up openssl-1.0.2h/crypto/fips/fips_post.c.fips openssl-1.0.2h/crypto/fips/fips_post.c ---- openssl-1.0.2h/crypto/fips/fips_post.c.fips 2016-05-03 16:57:58.829321181 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_post.c 2016-05-03 16:57:58.829321181 +0200 -@@ -0,0 +1,201 @@ +diff -up openssl-1.1.0h/crypto/fips/fips_post.c.fips openssl-1.1.0h/crypto/fips/fips_post.c +--- openssl-1.1.0h/crypto/fips/fips_post.c.fips 2018-03-29 14:44:24.636236877 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_post.c 2018-03-29 14:44:24.635236854 +0200 +@@ -0,0 +1,222 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * @@ -8895,6 +8561,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_post.c.fips openssl-1.0.2h/crypto/fips/ +#include +#include +#include ++#include +#include +#include + @@ -8903,6 +8570,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_post.c.fips openssl-1.0.2h/crypto/fips/ +/* Power on self test (POST) support functions */ + +# include ++# include "internal/fips_int.h" +# include "fips_locl.h" + +/* Run all selftests */ @@ -8911,8 +8579,6 @@ diff -up openssl-1.0.2h/crypto/fips/fips_post.c.fips openssl-1.0.2h/crypto/fips/ + int rv = 1; + if (!FIPS_selftest_drbg()) + rv = 0; -+ if (!FIPS_selftest_x931()) -+ rv = 0; + if (!FIPS_selftest_sha1()) + rv = 0; + if (!FIPS_selftest_sha2()) @@ -8933,8 +8599,14 @@ diff -up openssl-1.0.2h/crypto/fips/fips_post.c.fips openssl-1.0.2h/crypto/fips/ + rv = 0; + if (!FIPS_selftest_rsa()) + rv = 0; ++ if (!FIPS_selftest_ecdsa()) ++ rv = 0; + if (!FIPS_selftest_dsa()) + rv = 0; ++ if (!FIPS_selftest_dh()) ++ rv = 0; ++ if (!FIPS_selftest_ecdh()) ++ rv = 0; + return rv; +} + @@ -8949,54 +8621,69 @@ diff -up openssl-1.0.2h/crypto/fips/fips_post.c.fips openssl-1.0.2h/crypto/fips/ +int fips_pkey_signature_test(EVP_PKEY *pkey, + const unsigned char *tbs, int tbslen, + const unsigned char *kat, unsigned int katlen, -+ const EVP_MD *digest, unsigned int md_flags, ++ const EVP_MD *digest, unsigned int flags, + const char *fail_str) +{ + int ret = 0; + unsigned char sigtmp[256], *sig = sigtmp; -+ unsigned int siglen; -+ EVP_MD_CTX mctx; -+ EVP_MD_CTX_init(&mctx); ++ size_t siglen = sizeof(sigtmp); ++ EVP_MD_CTX *mctx; ++ EVP_PKEY_CTX *pctx; + + if (digest == NULL) + digest = EVP_sha256(); + -+ if ((pkey->type == EVP_PKEY_RSA) -+ && (RSA_size(pkey->pkey.rsa) > sizeof(sigtmp))) { -+ sig = OPENSSL_malloc(RSA_size(pkey->pkey.rsa)); -+ if (!sig) { -+ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST, ERR_R_MALLOC_FAILURE); -+ return 0; -+ } ++ mctx = EVP_MD_CTX_new(); ++ ++ if ((EVP_PKEY_id(pkey) == EVP_PKEY_RSA) ++ && (RSA_size(EVP_PKEY_get0_RSA(pkey)) > sizeof(sigtmp))) { ++ sig = OPENSSL_malloc(RSA_size(EVP_PKEY_get0_RSA(pkey))); ++ siglen = RSA_size(EVP_PKEY_get0_RSA(pkey)); ++ } ++ if (!sig || ! mctx) { ++ EVP_MD_CTX_free(mctx); ++ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST, ERR_R_MALLOC_FAILURE); ++ return 0; + } + + if (tbslen == -1) + tbslen = strlen((char *)tbs); + -+ if (md_flags) -+ EVP_MD_CTX_set_flags(&mctx, md_flags); ++ if (EVP_DigestSignInit(mctx, &pctx, digest, NULL, pkey) <= 0) ++ goto error; + -+ if (!EVP_SignInit_ex(&mctx, digest, NULL)) ++ if (flags == EVP_MD_CTX_FLAG_PAD_PSS) { ++ EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING); ++ EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, 0); ++ } ++ ++ if (EVP_DigestSignUpdate(mctx, tbs, tbslen) <= 0) + goto error; -+ if (!EVP_SignUpdate(&mctx, tbs, tbslen)) -+ goto error; -+ if (!EVP_SignFinal(&mctx, sig, &siglen, pkey)) ++ ++ if (EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) + goto error; + + if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen))) + goto error; + -+ if (!EVP_VerifyInit_ex(&mctx, digest, NULL)) ++ if (EVP_DigestVerifyInit(mctx, &pctx, digest, NULL, pkey) <= 0) + goto error; -+ if (!EVP_VerifyUpdate(&mctx, tbs, tbslen)) ++ ++ if (flags == EVP_MD_CTX_FLAG_PAD_PSS) { ++ EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING); ++ EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, 0); ++ } ++ ++ if (EVP_DigestVerifyUpdate(mctx, tbs, tbslen) <= 0) + goto error; -+ ret = EVP_VerifyFinal(&mctx, sig, siglen, pkey); ++ ++ ret = EVP_DigestVerifyFinal(mctx, sig, siglen); + + error: + if (sig != sigtmp) + OPENSSL_free(sig); -+ EVP_MD_CTX_cleanup(&mctx); -+ if (ret != 1) { ++ EVP_MD_CTX_free(mctx); ++ if (ret <= 0) { + FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST, FIPS_R_TEST_FAILURE); + if (fail_str) + ERR_add_error_data(2, "Type=", fail_str); @@ -9037,609 +8724,10 @@ diff -up openssl-1.0.2h/crypto/fips/fips_post.c.fips openssl-1.0.2h/crypto/fips/ + return 1; +} +#endif -diff -up openssl-1.0.2h/crypto/fips/fips_rand.c.fips openssl-1.0.2h/crypto/fips/fips_rand.c ---- openssl-1.0.2h/crypto/fips/fips_rand.c.fips 2016-05-03 16:57:58.830321204 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_rand.c 2016-05-03 16:57:58.830321204 +0200 -@@ -0,0 +1,428 @@ -+/* ==================================================================== -+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+/* -+ * This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4. -+ */ -+#include -+#include "e_os.h" -+ -+/* If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't -+ be defined and gettimeofday() won't be declared with strict compilers -+ like DEC C in ANSI C mode. */ -+#ifndef _XOPEN_SOURCE_EXTENDED -+# define _XOPEN_SOURCE_EXTENDED 1 -+#endif -+ -+#include -+#include -+#include -+#include -+#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS)) -+# include -+#endif -+#if defined(OPENSSL_SYS_VXWORKS) -+# include -+#endif -+#include -+#ifndef OPENSSL_SYS_WIN32 -+# ifdef OPENSSL_UNISTD -+# include OPENSSL_UNISTD -+# else -+# include -+# endif -+#endif -+#include -+#include -+#include "fips_locl.h" -+ -+#ifdef OPENSSL_FIPS -+ -+void *OPENSSL_stderr(void); -+ -+# define AES_BLOCK_LENGTH 16 -+ -+/* AES FIPS PRNG implementation */ -+ -+typedef struct { -+ int seeded; -+ int keyed; -+ int test_mode; -+ int second; -+ int error; -+ unsigned long counter; -+ AES_KEY ks; -+ int vpos; -+ /* Temporary storage for key if it equals seed length */ -+ unsigned char tmp_key[AES_BLOCK_LENGTH]; -+ unsigned char V[AES_BLOCK_LENGTH]; -+ unsigned char DT[AES_BLOCK_LENGTH]; -+ unsigned char last[AES_BLOCK_LENGTH]; -+} FIPS_PRNG_CTX; -+ -+static FIPS_PRNG_CTX sctx; -+ -+static int fips_prng_fail = 0; -+ -+void FIPS_x931_stick(int onoff) -+{ -+ fips_prng_fail = onoff; -+} -+ -+void FIPS_rng_stick(void) -+{ -+ FIPS_x931_stick(1); -+} -+ -+static void fips_rand_prng_reset(FIPS_PRNG_CTX * ctx) -+{ -+ ctx->seeded = 0; -+ ctx->keyed = 0; -+ ctx->test_mode = 0; -+ ctx->counter = 0; -+ ctx->second = 0; -+ ctx->error = 0; -+ ctx->vpos = 0; -+ OPENSSL_cleanse(ctx->V, AES_BLOCK_LENGTH); -+ OPENSSL_cleanse(&ctx->ks, sizeof(AES_KEY)); -+} -+ -+static int fips_set_prng_key(FIPS_PRNG_CTX * ctx, -+ const unsigned char *key, unsigned int keylen) -+{ -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_FIPS_SET_PRNG_KEY, FIPS_R_SELFTEST_FAILED); -+ return 0; -+ } -+ if (keylen != 16 && keylen != 24 && keylen != 32) { -+ /* error: invalid key size */ -+ return 0; -+ } -+ AES_set_encrypt_key(key, keylen << 3, &ctx->ks); -+ if (keylen == 16) { -+ memcpy(ctx->tmp_key, key, 16); -+ ctx->keyed = 2; -+ } else -+ ctx->keyed = 1; -+ ctx->seeded = 0; -+ ctx->second = 0; -+ return 1; -+} -+ -+static int fips_set_prng_seed(FIPS_PRNG_CTX * ctx, -+ const unsigned char *seed, unsigned int seedlen) -+{ -+ unsigned int i; -+ if (!ctx->keyed) -+ return 0; -+ /* In test mode seed is just supplied data */ -+ if (ctx->test_mode) { -+ if (seedlen != AES_BLOCK_LENGTH) -+ return 0; -+ memcpy(ctx->V, seed, AES_BLOCK_LENGTH); -+ ctx->seeded = 1; -+ return 1; -+ } -+ /* Outside test mode XOR supplied data with existing seed */ -+ for (i = 0; i < seedlen; i++) { -+ ctx->V[ctx->vpos++] ^= seed[i]; -+ if (ctx->vpos == AES_BLOCK_LENGTH) { -+ ctx->vpos = 0; -+ /* Special case if first seed and key length equals -+ * block size check key and seed do not match. -+ */ -+ if (ctx->keyed == 2) { -+ if (!memcmp(ctx->tmp_key, ctx->V, 16)) { -+ RANDerr(RAND_F_FIPS_SET_PRNG_SEED, -+ RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY); -+ return 0; -+ } -+ OPENSSL_cleanse(ctx->tmp_key, 16); -+ ctx->keyed = 1; -+ } -+ ctx->seeded = 1; -+ } -+ } -+ return 1; -+} -+ -+static int fips_set_test_mode(FIPS_PRNG_CTX * ctx) -+{ -+ if (ctx->keyed) { -+ RANDerr(RAND_F_FIPS_SET_TEST_MODE, RAND_R_PRNG_KEYED); -+ return 0; -+ } -+ ctx->test_mode = 1; -+ return 1; -+} -+ -+int FIPS_x931_test_mode(void) -+{ -+ return fips_set_test_mode(&sctx); -+} -+ -+int FIPS_rand_test_mode(void) -+{ -+ return fips_set_test_mode(&sctx); -+} -+ -+int FIPS_x931_set_dt(unsigned char *dt) -+{ -+ if (!sctx.test_mode) { -+ RANDerr(RAND_F_FIPS_X931_SET_DT, RAND_R_NOT_IN_TEST_MODE); -+ return 0; -+ } -+ memcpy(sctx.DT, dt, AES_BLOCK_LENGTH); -+ return 1; -+} -+ -+int FIPS_rand_set_dt(unsigned char *dt) -+{ -+ if (!sctx.test_mode) { -+ RANDerr(RAND_F_FIPS_RAND_SET_DT, RAND_R_NOT_IN_TEST_MODE); -+ return 0; -+ } -+ memcpy(sctx.DT, dt, AES_BLOCK_LENGTH); -+ return 1; -+} -+ -+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr) -+{ -+# ifdef OPENSSL_SYS_WIN32 -+ FILETIME ft; -+# elif defined(OPENSSL_SYS_VXWORKS) -+ struct timespec ts; -+# else -+ struct timeval tv; -+# endif -+ -+# ifndef GETPID_IS_MEANINGLESS -+ unsigned long pid; -+# endif -+ -+# ifdef OPENSSL_SYS_WIN32 -+ GetSystemTimeAsFileTime(&ft); -+ buf[0] = (unsigned char)(ft.dwHighDateTime & 0xff); -+ buf[1] = (unsigned char)((ft.dwHighDateTime >> 8) & 0xff); -+ buf[2] = (unsigned char)((ft.dwHighDateTime >> 16) & 0xff); -+ buf[3] = (unsigned char)((ft.dwHighDateTime >> 24) & 0xff); -+ buf[4] = (unsigned char)(ft.dwLowDateTime & 0xff); -+ buf[5] = (unsigned char)((ft.dwLowDateTime >> 8) & 0xff); -+ buf[6] = (unsigned char)((ft.dwLowDateTime >> 16) & 0xff); -+ buf[7] = (unsigned char)((ft.dwLowDateTime >> 24) & 0xff); -+# elif defined(OPENSSL_SYS_VXWORKS) -+ clock_gettime(CLOCK_REALTIME, &ts); -+ buf[0] = (unsigned char)(ts.tv_sec & 0xff); -+ buf[1] = (unsigned char)((ts.tv_sec >> 8) & 0xff); -+ buf[2] = (unsigned char)((ts.tv_sec >> 16) & 0xff); -+ buf[3] = (unsigned char)((ts.tv_sec >> 24) & 0xff); -+ buf[4] = (unsigned char)(ts.tv_nsec & 0xff); -+ buf[5] = (unsigned char)((ts.tv_nsec >> 8) & 0xff); -+ buf[6] = (unsigned char)((ts.tv_nsec >> 16) & 0xff); -+ buf[7] = (unsigned char)((ts.tv_nsec >> 24) & 0xff); -+# else -+ gettimeofday(&tv, NULL); -+ buf[0] = (unsigned char)(tv.tv_sec & 0xff); -+ buf[1] = (unsigned char)((tv.tv_sec >> 8) & 0xff); -+ buf[2] = (unsigned char)((tv.tv_sec >> 16) & 0xff); -+ buf[3] = (unsigned char)((tv.tv_sec >> 24) & 0xff); -+ buf[4] = (unsigned char)(tv.tv_usec & 0xff); -+ buf[5] = (unsigned char)((tv.tv_usec >> 8) & 0xff); -+ buf[6] = (unsigned char)((tv.tv_usec >> 16) & 0xff); -+ buf[7] = (unsigned char)((tv.tv_usec >> 24) & 0xff); -+# endif -+ buf[8] = (unsigned char)(*pctr & 0xff); -+ buf[9] = (unsigned char)((*pctr >> 8) & 0xff); -+ buf[10] = (unsigned char)((*pctr >> 16) & 0xff); -+ buf[11] = (unsigned char)((*pctr >> 24) & 0xff); -+ -+ (*pctr)++; -+ -+# ifndef GETPID_IS_MEANINGLESS -+ pid = (unsigned long)getpid(); -+ buf[12] = (unsigned char)(pid & 0xff); -+ buf[13] = (unsigned char)((pid >> 8) & 0xff); -+ buf[14] = (unsigned char)((pid >> 16) & 0xff); -+ buf[15] = (unsigned char)((pid >> 24) & 0xff); -+# endif -+} -+ -+static int fips_rand(FIPS_PRNG_CTX * ctx, -+ unsigned char *out, unsigned int outlen) -+{ -+ unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH]; -+ unsigned char tmp[AES_BLOCK_LENGTH]; -+ int i; -+ if (ctx->error) { -+ RANDerr(RAND_F_FIPS_RAND, RAND_R_PRNG_ERROR); -+ return 0; -+ } -+ if (!ctx->keyed) { -+ RANDerr(RAND_F_FIPS_RAND, RAND_R_NO_KEY_SET); -+ return 0; -+ } -+ if (!ctx->seeded) { -+ RANDerr(RAND_F_FIPS_RAND, RAND_R_PRNG_NOT_SEEDED); -+ return 0; -+ } -+ for (;;) { -+ if (!ctx->test_mode) -+ FIPS_get_timevec(ctx->DT, &ctx->counter); -+ AES_encrypt(ctx->DT, I, &ctx->ks); -+ for (i = 0; i < AES_BLOCK_LENGTH; i++) -+ tmp[i] = I[i] ^ ctx->V[i]; -+ AES_encrypt(tmp, R, &ctx->ks); -+ for (i = 0; i < AES_BLOCK_LENGTH; i++) -+ tmp[i] = R[i] ^ I[i]; -+ AES_encrypt(tmp, ctx->V, &ctx->ks); -+ /* Continuous PRNG test */ -+ if (ctx->second) { -+ if (fips_prng_fail) -+ memcpy(ctx->last, R, AES_BLOCK_LENGTH); -+ if (!memcmp(R, ctx->last, AES_BLOCK_LENGTH)) { -+ RANDerr(RAND_F_FIPS_RAND, RAND_R_PRNG_STUCK); -+ ctx->error = 1; -+ fips_set_selftest_fail(); -+ return 0; -+ } -+ } -+ memcpy(ctx->last, R, AES_BLOCK_LENGTH); -+ if (!ctx->second) { -+ ctx->second = 1; -+ if (!ctx->test_mode) -+ continue; -+ } -+ -+ if (outlen <= AES_BLOCK_LENGTH) { -+ memcpy(out, R, outlen); -+ break; -+ } -+ -+ memcpy(out, R, AES_BLOCK_LENGTH); -+ out += AES_BLOCK_LENGTH; -+ outlen -= AES_BLOCK_LENGTH; -+ } -+ return 1; -+} -+ -+int FIPS_x931_set_key(const unsigned char *key, int keylen) -+{ -+ int ret; -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); -+ ret = fips_set_prng_key(&sctx, key, keylen); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); -+ return ret; -+} -+ -+int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen) -+{ -+ return FIPS_x931_set_key(key, keylen); -+} -+ -+int FIPS_x931_seed(const void *seed, int seedlen) -+{ -+ int ret; -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); -+ ret = fips_set_prng_seed(&sctx, seed, seedlen); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); -+ return ret; -+} -+ -+int FIPS_x931_bytes(unsigned char *out, int count) -+{ -+ int ret; -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); -+ ret = fips_rand(&sctx, out, count); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); -+ return ret; -+} -+ -+int FIPS_x931_status(void) -+{ -+ int ret; -+ CRYPTO_r_lock(CRYPTO_LOCK_RAND); -+ ret = sctx.seeded; -+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND); -+ return ret; -+} -+ -+void FIPS_x931_reset(void) -+{ -+ CRYPTO_w_lock(CRYPTO_LOCK_RAND); -+ fips_rand_prng_reset(&sctx); -+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); -+} -+ -+static int fips_do_rand_seed(const void *seed, int seedlen) -+{ -+ FIPS_x931_seed(seed, seedlen); -+ return 1; -+} -+ -+static int fips_do_rand_add(const void *seed, int seedlen, double add_entropy) -+{ -+ FIPS_x931_seed(seed, seedlen); -+ return 1; -+} -+ -+static const RAND_METHOD rand_x931_meth = { -+ fips_do_rand_seed, -+ FIPS_x931_bytes, -+ FIPS_x931_reset, -+ fips_do_rand_add, -+ FIPS_x931_bytes, -+ FIPS_x931_status -+}; -+ -+const RAND_METHOD *FIPS_x931_method(void) -+{ -+ return &rand_x931_meth; -+} -+ -+#endif -diff -up openssl-1.0.2h/crypto/fips/fips_rand.h.fips openssl-1.0.2h/crypto/fips/fips_rand.h ---- openssl-1.0.2h/crypto/fips/fips_rand.h.fips 2016-05-03 16:57:58.830321204 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_rand.h 2016-05-03 16:57:58.830321204 +0200 -@@ -0,0 +1,163 @@ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ -+ -+#ifndef HEADER_FIPS_RAND_H -+# define HEADER_FIPS_RAND_H -+ -+# include -+# include -+# include -+# include -+ -+# ifdef OPENSSL_FIPS -+ -+# ifdef __cplusplus -+extern "C" { -+# endif -+ -+ int FIPS_x931_set_key(const unsigned char *key, int keylen); -+ int FIPS_x931_seed(const void *buf, int num); -+ int FIPS_x931_bytes(unsigned char *out, int outlen); -+ -+ int FIPS_x931_test_mode(void); -+ void FIPS_x931_reset(void); -+ int FIPS_x931_set_dt(unsigned char *dt); -+ -+ int FIPS_x931_status(void); -+ -+ const RAND_METHOD *FIPS_x931_method(void); -+ -+ typedef struct drbg_ctx_st DRBG_CTX; -+/* DRBG external flags */ -+/* Flag for CTR mode only: use derivation function ctr_df */ -+# define DRBG_FLAG_CTR_USE_DF 0x1 -+/* PRNG is in test state */ -+# define DRBG_FLAG_TEST 0x2 -+ -+ DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags); -+ int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags); -+ int FIPS_drbg_instantiate(DRBG_CTX *dctx, -+ const unsigned char *pers, size_t perslen); -+ int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin, -+ size_t adinlen); -+ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen, -+ int prediction_resistance, -+ const unsigned char *adin, size_t adinlen); -+ -+ int FIPS_drbg_uninstantiate(DRBG_CTX *dctx); -+ void FIPS_drbg_free(DRBG_CTX *dctx); -+ -+ int FIPS_drbg_set_callbacks(DRBG_CTX *dctx, -+ size_t (*get_entropy) (DRBG_CTX *ctx, -+ unsigned char **pout, -+ int entropy, -+ size_t min_len, -+ size_t max_len), -+ void (*cleanup_entropy) (DRBG_CTX *ctx, -+ unsigned char *out, -+ size_t olen), -+ size_t entropy_blocklen, -+ size_t (*get_nonce) (DRBG_CTX *ctx, -+ unsigned char **pout, -+ int entropy, -+ size_t min_len, -+ size_t max_len), -+ void (*cleanup_nonce) (DRBG_CTX *ctx, -+ unsigned char *out, -+ size_t olen)); -+ -+ int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx, -+ size_t (*get_adin) (DRBG_CTX *ctx, -+ unsigned char -+ **pout), -+ void (*cleanup_adin) (DRBG_CTX *ctx, -+ unsigned char *out, -+ size_t olen), -+ int (*rand_seed_cb) (DRBG_CTX *ctx, -+ const void *buf, -+ int num), -+ int (*rand_add_cb) (DRBG_CTX *ctx, -+ const void *buf, -+ int num, -+ double entropy)); -+ -+ void *FIPS_drbg_get_app_data(DRBG_CTX *ctx); -+ void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data); -+ size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx); -+ int FIPS_drbg_get_strength(DRBG_CTX *dctx); -+ void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval); -+ void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval); -+ -+ int FIPS_drbg_health_check(DRBG_CTX *dctx); -+ -+ DRBG_CTX *FIPS_get_default_drbg(void); -+ const RAND_METHOD *FIPS_drbg_method(void); -+ -+ int FIPS_rand_set_method(const RAND_METHOD *meth); -+ const RAND_METHOD *FIPS_rand_get_method(void); -+ -+ void FIPS_rand_set_bits(int nbits); -+ -+ int FIPS_rand_strength(void); -+ -+/* 1.0.0 compat functions */ -+ int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen); -+ int FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num); -+ int FIPS_rand_bytes(unsigned char *out, FIPS_RAND_SIZE_T outlen); -+ int FIPS_rand_test_mode(void); -+ void FIPS_rand_reset(void); -+ int FIPS_rand_set_dt(unsigned char *dt); -+ int FIPS_rand_status(void); -+ const RAND_METHOD *FIPS_rand_method(void); -+ -+# ifdef __cplusplus -+} -+# endif -+# endif -+#endif -diff -up openssl-1.0.2h/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.2h/crypto/fips/fips_rand_lcl.h ---- openssl-1.0.2h/crypto/fips/fips_rand_lcl.h.fips 2016-05-03 16:57:58.830321204 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_rand_lcl.h 2016-05-03 16:57:58.830321204 +0200 -@@ -0,0 +1,213 @@ +diff -up openssl-1.1.0h/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0h/crypto/fips/fips_rand_lcl.h +--- openssl-1.1.0h/crypto/fips/fips_rand_lcl.h.fips 2018-03-29 14:44:24.636236877 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_rand_lcl.h 2018-03-29 14:44:24.636236877 +0200 +@@ -0,0 +1,209 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -9702,7 +8790,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.2h/crypto/f + +struct drbg_hash_ctx_st { + const EVP_MD *md; -+ EVP_MD_CTX mctx; ++ EVP_MD_CTX *mctx; + unsigned char V[HASH_PRNG_MAX_SEEDLEN]; + unsigned char C[HASH_PRNG_MAX_SEEDLEN]; + /* Temporary value storage: should always exceed max digest length */ @@ -9711,7 +8799,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.2h/crypto/f + +struct drbg_hmac_ctx_st { + const EVP_MD *md; -+ HMAC_CTX hctx; ++ HMAC_CTX *hctx; + unsigned char K[EVP_MAX_MD_SIZE]; + unsigned char V[EVP_MAX_MD_SIZE]; +}; @@ -9845,18 +8933,14 @@ diff -up openssl-1.0.2h/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.2h/crypto/f +int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags); +int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out); + -+const struct env_md_st *FIPS_get_digestbynid(int nid); -+ -+const struct evp_cipher_st *FIPS_get_cipherbynid(int nid); -+ +#define FIPS_digestinit EVP_DigestInit +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.0.2h/crypto/fips/fips_rand_lib.c.fips openssl-1.0.2h/crypto/fips/fips_rand_lib.c ---- openssl-1.0.2h/crypto/fips/fips_rand_lib.c.fips 2016-05-03 16:57:58.830321204 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_rand_lib.c 2016-05-03 16:57:58.830321204 +0200 -@@ -0,0 +1,181 @@ +diff -up openssl-1.1.0h/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0h/crypto/fips/fips_rand_lib.c +--- openssl-1.1.0h/crypto/fips/fips_rand_lib.c.fips 2018-03-29 14:44:24.636236877 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_rand_lib.c 2018-03-29 14:44:24.636236877 +0200 +@@ -0,0 +1,234 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * @@ -9906,13 +8990,35 @@ diff -up openssl-1.0.2h/crypto/fips/fips_rand_lib.c.fips openssl-1.0.2h/crypto/f + * + */ + ++/* If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't ++ be defined and gettimeofday() won't be declared with strict compilers ++ like DEC C in ANSI C mode. */ ++#ifndef _XOPEN_SOURCE_EXTENDED ++# define _XOPEN_SOURCE_EXTENDED 1 ++#endif ++ +#include +#include +#include +#include ++#include "internal/fips_int.h" +#include +#include "e_os.h" + ++#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS)) ++# include ++#endif ++#if defined(OPENSSL_SYS_VXWORKS) ++# include ++#endif ++#ifndef OPENSSL_SYS_WIN32 ++# ifdef OPENSSL_UNISTD ++# include OPENSSL_UNISTD ++# else ++# include ++# endif ++#endif ++ +/* FIPS API for PRNG use. Similar to RAND functionality but without + * ENGINE and additional checking for non-FIPS rand methods. + */ @@ -9932,8 +9038,6 @@ diff -up openssl-1.0.2h/crypto/fips/fips_rand_lib.c.fips openssl-1.0.2h/crypto/f + if (!fips_rand_bits) { + if (meth == FIPS_drbg_method()) + fips_approved_rand_meth = 1; -+ else if (meth == FIPS_x931_method()) -+ fips_approved_rand_meth = 2; + else { + fips_approved_rand_meth = 0; + if (FIPS_module_mode()) { @@ -9951,18 +9055,13 @@ diff -up openssl-1.0.2h/crypto/fips/fips_rand_lib.c.fips openssl-1.0.2h/crypto/f + return fips_rand_meth; +} + -+const RAND_METHOD *FIPS_rand_method(void) -+{ -+ return FIPS_rand_get_method(); -+} -+ +void FIPS_rand_reset(void) +{ + if (fips_rand_meth && fips_rand_meth->cleanup) + fips_rand_meth->cleanup(); +} + -+int FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num) ++int FIPS_rand_seed(const void *buf, int num) +{ + if (!fips_approved_rand_meth && FIPS_module_mode()) { + FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD); @@ -9973,17 +9072,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_rand_lib.c.fips openssl-1.0.2h/crypto/f + return 1; +} + -+void FIPS_rand_add(const void *buf, int num, double entropy) -+{ -+ if (!fips_approved_rand_meth && FIPS_module_mode()) { -+ FIPSerr(FIPS_F_FIPS_RAND_ADD, FIPS_R_NON_FIPS_METHOD); -+ return; -+ } -+ if (fips_rand_meth && fips_rand_meth->add) -+ fips_rand_meth->add(buf, num, entropy); -+} -+ -+int FIPS_rand_bytes(unsigned char *buf, FIPS_RAND_SIZE_T num) ++int FIPS_rand_bytes(unsigned char *buf, int num) +{ + if (!fips_approved_rand_meth && FIPS_module_mode()) { + FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD); @@ -9994,17 +9083,6 @@ diff -up openssl-1.0.2h/crypto/fips/fips_rand_lib.c.fips openssl-1.0.2h/crypto/f + return 0; +} + -+int FIPS_rand_pseudo_bytes(unsigned char *buf, int num) -+{ -+ if (!fips_approved_rand_meth && FIPS_module_mode()) { -+ FIPSerr(FIPS_F_FIPS_RAND_PSEUDO_BYTES, FIPS_R_NON_FIPS_METHOD); -+ return 0; -+ } -+ if (fips_rand_meth && fips_rand_meth->pseudorand) -+ return fips_rand_meth->pseudorand(buf, num); -+ return -1; -+} -+ +int FIPS_rand_status(void) +{ + if (!fips_approved_rand_meth && FIPS_module_mode()) { @@ -10017,9 +9095,8 @@ diff -up openssl-1.0.2h/crypto/fips/fips_rand_lib.c.fips openssl-1.0.2h/crypto/f +} + +/* Return instantiated strength of PRNG. For DRBG this is an internal -+ * parameter. For X9.31 PRNG it is 80 bits (from SP800-131). Any other -+ * type of PRNG is not approved and returns 0 in FIPS mode and maximum -+ * 256 outside FIPS mode. ++ * parameter. Any other type of PRNG is not approved and returns 0 in ++ * FIPS mode and maximum 256 outside FIPS mode. + */ + +int FIPS_rand_strength(void) @@ -10028,8 +9105,6 @@ diff -up openssl-1.0.2h/crypto/fips/fips_rand_lib.c.fips openssl-1.0.2h/crypto/f + return fips_rand_bits; + if (fips_approved_rand_meth == 1) + return FIPS_drbg_get_strength(FIPS_get_default_drbg()); -+ else if (fips_approved_rand_meth == 2) -+ return 80; + else if (fips_approved_rand_meth == 0) { + if (FIPS_module_mode()) + return 0; @@ -10038,189 +9113,71 @@ diff -up openssl-1.0.2h/crypto/fips/fips_rand_lib.c.fips openssl-1.0.2h/crypto/f + } + return 0; +} -diff -up openssl-1.0.2h/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.2h/crypto/fips/fips_rand_selftest.c ---- openssl-1.0.2h/crypto/fips/fips_rand_selftest.c.fips 2016-05-03 16:57:58.830321204 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_rand_selftest.c 2016-05-03 16:57:58.830321204 +0200 -@@ -0,0 +1,176 @@ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. All advertising materials mentioning features or use of this -+ * software must display the following acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -+ * -+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. For written permission, please contact -+ * openssl-core@openssl.org. -+ * -+ * 5. Products derived from this software may not be called "OpenSSL" -+ * nor may "OpenSSL" appear in their names without prior written -+ * permission of the OpenSSL Project. -+ * -+ * 6. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by the OpenSSL Project -+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ * -+ */ + -+#include -+#include -+#include -+#include -+#include -+#include "fips_locl.h" -+ -+#ifdef OPENSSL_FIPS -+ -+typedef struct { -+ unsigned char DT[16]; -+ unsigned char V[16]; -+ unsigned char R[16]; -+} AES_PRNG_TV; -+ -+/* The following test vectors are taken directly from the RGNVS spec */ -+ -+static unsigned char aes_128_key[16] = -+ { 0xf3, 0xb1, 0x66, 0x6d, 0x13, 0x60, 0x72, 0x42, -+ 0xed, 0x06, 0x1c, 0xab, 0xb8, 0xd4, 0x62, 0x02 -+}; -+ -+static AES_PRNG_TV aes_128_tv = { -+ /* DT */ -+ {0xe6, 0xb3, 0xbe, 0x78, 0x2a, 0x23, 0xfa, 0x62, -+ 0xd7, 0x1d, 0x4a, 0xfb, 0xb0, 0xe9, 0x22, 0xf9}, -+ /* V */ -+ {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, -+ /* R */ -+ {0x59, 0x53, 0x1e, 0xd1, 0x3b, 0xb0, 0xc0, 0x55, -+ 0x84, 0x79, 0x66, 0x85, 0xc1, 0x2f, 0x76, 0x41} -+}; -+ -+static unsigned char aes_192_key[24] = -+ { 0x15, 0xd8, 0x78, 0x0d, 0x62, 0xd3, 0x25, 0x6e, -+ 0x44, 0x64, 0x10, 0x13, 0x60, 0x2b, 0xa9, 0xbc, -+ 0x4a, 0xfb, 0xca, 0xeb, 0x4c, 0x8b, 0x99, 0x3b -+}; -+ -+static AES_PRNG_TV aes_192_tv = { -+ /* DT */ -+ {0x3f, 0xd8, 0xff, 0xe8, 0x80, 0x69, 0x8b, 0xc1, -+ 0xbf, 0x99, 0x7d, 0xa4, 0x24, 0x78, 0xf3, 0x4b}, -+ /* V */ -+ {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, -+ /* R */ -+ {0x17, 0x07, 0xd5, 0x28, 0x19, 0x79, 0x1e, 0xef, -+ 0xa5, 0x0c, 0xbf, 0x25, 0xe5, 0x56, 0xb4, 0x93} -+}; -+ -+static unsigned char aes_256_key[32] = -+ { 0x6d, 0x14, 0x06, 0x6c, 0xb6, 0xd8, 0x21, 0x2d, -+ 0x82, 0x8d, 0xfa, 0xf2, 0x7a, 0x03, 0xb7, 0x9f, -+ 0x0c, 0xc7, 0x3e, 0xcd, 0x76, 0xeb, 0xee, 0xb5, -+ 0x21, 0x05, 0x8c, 0x4f, 0x31, 0x7a, 0x80, 0xbb -+}; -+ -+static AES_PRNG_TV aes_256_tv = { -+ /* DT */ -+ {0xda, 0x3a, 0x41, 0xec, 0x1d, 0xa3, 0xb0, 0xd5, -+ 0xf2, 0xa9, 0x4e, 0x34, 0x74, 0x8e, 0x9e, 0x88}, -+ /* V */ -+ {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, -+ /* R */ -+ {0x35, 0xc7, 0xef, 0xa7, 0x78, 0x4d, 0x29, 0xbc, -+ 0x82, 0x79, 0x99, 0xfb, 0xd0, 0xb3, 0x3b, 0x72} -+}; -+ -+void FIPS_corrupt_rng() ++void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr) +{ -+ aes_192_tv.V[0]++; ++# ifdef OPENSSL_SYS_WIN32 ++ FILETIME ft; ++# elif defined(OPENSSL_SYS_VXWORKS) ++ struct timespec ts; ++# else ++ struct timeval tv; ++# endif ++ ++# ifndef GETPID_IS_MEANINGLESS ++ unsigned long pid; ++# endif ++ ++# ifdef OPENSSL_SYS_WIN32 ++ GetSystemTimeAsFileTime(&ft); ++ buf[0] = (unsigned char)(ft.dwHighDateTime & 0xff); ++ buf[1] = (unsigned char)((ft.dwHighDateTime >> 8) & 0xff); ++ buf[2] = (unsigned char)((ft.dwHighDateTime >> 16) & 0xff); ++ buf[3] = (unsigned char)((ft.dwHighDateTime >> 24) & 0xff); ++ buf[4] = (unsigned char)(ft.dwLowDateTime & 0xff); ++ buf[5] = (unsigned char)((ft.dwLowDateTime >> 8) & 0xff); ++ buf[6] = (unsigned char)((ft.dwLowDateTime >> 16) & 0xff); ++ buf[7] = (unsigned char)((ft.dwLowDateTime >> 24) & 0xff); ++# elif defined(OPENSSL_SYS_VXWORKS) ++ clock_gettime(CLOCK_REALTIME, &ts); ++ buf[0] = (unsigned char)(ts.tv_sec & 0xff); ++ buf[1] = (unsigned char)((ts.tv_sec >> 8) & 0xff); ++ buf[2] = (unsigned char)((ts.tv_sec >> 16) & 0xff); ++ buf[3] = (unsigned char)((ts.tv_sec >> 24) & 0xff); ++ buf[4] = (unsigned char)(ts.tv_nsec & 0xff); ++ buf[5] = (unsigned char)((ts.tv_nsec >> 8) & 0xff); ++ buf[6] = (unsigned char)((ts.tv_nsec >> 16) & 0xff); ++ buf[7] = (unsigned char)((ts.tv_nsec >> 24) & 0xff); ++# else ++ gettimeofday(&tv, NULL); ++ buf[0] = (unsigned char)(tv.tv_sec & 0xff); ++ buf[1] = (unsigned char)((tv.tv_sec >> 8) & 0xff); ++ buf[2] = (unsigned char)((tv.tv_sec >> 16) & 0xff); ++ buf[3] = (unsigned char)((tv.tv_sec >> 24) & 0xff); ++ buf[4] = (unsigned char)(tv.tv_usec & 0xff); ++ buf[5] = (unsigned char)((tv.tv_usec >> 8) & 0xff); ++ buf[6] = (unsigned char)((tv.tv_usec >> 16) & 0xff); ++ buf[7] = (unsigned char)((tv.tv_usec >> 24) & 0xff); ++# endif ++ buf[8] = (unsigned char)(*pctr & 0xff); ++ buf[9] = (unsigned char)((*pctr >> 8) & 0xff); ++ buf[10] = (unsigned char)((*pctr >> 16) & 0xff); ++ buf[11] = (unsigned char)((*pctr >> 24) & 0xff); ++ ++ (*pctr)++; ++ ++# ifndef GETPID_IS_MEANINGLESS ++ pid = (unsigned long)getpid(); ++ buf[12] = (unsigned char)(pid & 0xff); ++ buf[13] = (unsigned char)((pid >> 8) & 0xff); ++ buf[14] = (unsigned char)((pid >> 16) & 0xff); ++ buf[15] = (unsigned char)((pid >> 24) & 0xff); ++# endif +} + -+# define fips_x931_test(key, tv) \ -+ do_x931_test(key, sizeof key, &tv) -+ -+static int do_x931_test(unsigned char *key, int keylen, AES_PRNG_TV * tv) -+{ -+ unsigned char R[16], V[16]; -+ int rv = 1; -+ memcpy(V, tv->V, sizeof(V)); -+ if (!FIPS_x931_set_key(key, keylen)) -+ return 0; -+ if (!fips_post_started(FIPS_TEST_X931, keylen, NULL)) -+ return 1; -+ if (!fips_post_corrupt(FIPS_TEST_X931, keylen, NULL)) -+ V[0]++; -+ FIPS_x931_seed(V, 16); -+ FIPS_x931_set_dt(tv->DT); -+ FIPS_x931_bytes(R, 16); -+ if (memcmp(R, tv->R, 16)) { -+ fips_post_failed(FIPS_TEST_X931, keylen, NULL); -+ rv = 0; -+ } else if (!fips_post_success(FIPS_TEST_X931, keylen, NULL)) -+ return 0; -+ return rv; -+} -+ -+int FIPS_selftest_x931() -+{ -+ int rv = 1; -+ FIPS_x931_reset(); -+ if (!FIPS_x931_test_mode()) { -+ FIPSerr(FIPS_F_FIPS_SELFTEST_X931, FIPS_R_SELFTEST_FAILED); -+ return 0; -+ } -+ if (!fips_x931_test(aes_128_key, aes_128_tv)) -+ rv = 0; -+ if (!fips_x931_test(aes_192_key, aes_192_tv)) -+ rv = 0; -+ if (!fips_x931_test(aes_256_key, aes_256_tv)) -+ rv = 0; -+ FIPS_x931_reset(); -+ if (!rv) -+ FIPSerr(FIPS_F_FIPS_SELFTEST_X931, FIPS_R_SELFTEST_FAILED); -+ return rv; -+} -+ -+int FIPS_selftest_rng(void) -+{ -+ return FIPS_selftest_x931(); -+} -+ -+#endif -diff -up openssl-1.0.2h/crypto/fips/fips_randtest.c.fips openssl-1.0.2h/crypto/fips/fips_randtest.c ---- openssl-1.0.2h/crypto/fips/fips_randtest.c.fips 2016-05-03 16:57:58.831321228 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_randtest.c 2016-05-03 16:57:58.831321228 +0200 +diff -up openssl-1.1.0h/crypto/fips/fips_randtest.c.fips openssl-1.1.0h/crypto/fips/fips_randtest.c +--- openssl-1.1.0h/crypto/fips/fips_randtest.c.fips 2018-03-29 14:44:24.636236877 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_randtest.c 2018-03-29 14:44:24.636236877 +0200 @@ -0,0 +1,247 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -10469,10 +9426,10 @@ diff -up openssl-1.0.2h/crypto/fips/fips_randtest.c.fips openssl-1.0.2h/crypto/f +} + +#endif -diff -up openssl-1.0.2h/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.2h/crypto/fips/fips_rsa_selftest.c ---- openssl-1.0.2h/crypto/fips/fips_rsa_selftest.c.fips 2016-05-03 16:57:58.831321228 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_rsa_selftest.c 2016-05-03 16:57:58.831321228 +0200 -@@ -0,0 +1,444 @@ +diff -up openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c +--- openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c.fips 2018-03-29 14:44:24.636236877 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c 2018-03-29 14:44:24.636236877 +0200 +@@ -0,0 +1,578 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. + * @@ -10526,90 +9483,151 @@ diff -up openssl-1.0.2h/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.2h/cryp +#include +#ifdef OPENSSL_FIPS +# include ++# include "internal/fips_int.h" +#endif +#include +#include +#include +#include ++#include "fips_locl.h" + +#ifdef OPENSSL_FIPS + -+static const unsigned char n[] = -+ "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" -+ "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" -+ "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" -+ "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" -+ "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" -+ "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" -+ "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" -+ "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" "\xCB"; -+ -+static int corrupt_rsa; -+ +static int setrsakey(RSA *key) +{ -+ static const unsigned char e[] = "\x11"; ++ static const unsigned char keydata_n[] = { ++ 0x00, 0xc9, 0xd5, 0x6d, 0x9d, 0x90, 0xdb, 0x43, 0xd6, 0x02, 0xed, 0x96, 0x88, 0x13, 0x8a, ++ 0xb2, 0xbf, 0x6e, 0xa1, 0x06, 0x10, 0xb2, 0x78, 0x37, 0xa7, 0x14, 0xa8, 0xff, 0xdd, 0x00, ++ 0xdd, 0xb4, 0x93, 0xa0, 0x45, 0xcc, 0x96, 0x90, 0xed, 0xad, 0xa9, 0xdd, 0xc4, 0xd6, 0xca, ++ 0x0c, 0xf0, 0xed, 0x4f, 0x72, 0x5e, 0x21, 0x49, 0x9a, 0x18, 0x12, 0x15, 0x8f, 0x90, 0x5a, ++ 0xdb, 0xb6, 0x33, 0x99, 0xa3, 0xe6, 0xb4, 0xf0, 0xc4, 0x97, 0x21, 0x26, 0xbb, 0xe3, 0xba, ++ 0xf2, 0xff, 0xa0, 0x72, 0xda, 0x89, 0x63, 0x8e, 0x8b, 0x3e, 0x08, 0x9d, 0x92, 0x2a, 0xbe, ++ 0x16, 0xe1, 0x43, 0x15, 0xfc, 0x57, 0xc7, 0x1f, 0x09, 0x11, 0x67, 0x1c, 0xa9, 0x96, 0xd1, ++ 0x8b, 0x3e, 0x80, 0x93, 0xc1, 0x59, 0xd0, 0x6d, 0x39, 0xf2, 0xac, 0x95, 0xcc, 0x10, 0x75, ++ 0xe9, 0x31, 0x24, 0xd1, 0x43, 0xaf, 0x68, 0x52, 0x4b, 0xe7, 0x16, 0xd7, 0x49, 0x65, 0x6f, ++ 0x26, 0xc0, 0x86, 0xad, 0xc0, 0x07, 0x0a, 0xc1, 0xe1, 0x2f, 0x87, 0x85, 0x86, 0x3b, 0xdc, ++ 0x5a, 0x99, 0xbe, 0xe9, 0xf9, 0xb9, 0xe9, 0x82, 0x27, 0x51, 0x04, 0x15, 0xab, 0x06, 0x0e, ++ 0x76, 0x5a, 0x28, 0x8d, 0x92, 0xbd, 0xc5, 0xb5, 0x7b, 0xa8, 0xdf, 0x4e, 0x47, 0xa2, 0xc1, ++ 0xe7, 0x52, 0xbf, 0x47, 0xf7, 0x62, 0xe0, 0x3a, 0x6f, 0x4d, 0x6a, 0x4d, 0x4e, 0xd4, 0xb9, ++ 0x59, 0x69, 0xfa, 0xb2, 0x14, 0xc1, 0xee, 0xe6, 0x2f, 0x95, 0xcd, 0x94, 0x72, 0xae, 0xe4, ++ 0xdb, 0x18, 0x9a, 0xc4, 0xcd, 0x70, 0xbd, 0xee, 0x31, 0x16, 0xb7, 0x49, 0x65, 0xac, 0x40, ++ 0x19, 0x0e, 0xb5, 0x6d, 0x83, 0xf1, 0x36, 0xbb, 0x08, 0x2f, 0x2e, 0x4e, 0x92, 0x62, 0xa4, ++ 0xff, 0x50, 0xdb, 0x20, 0x45, 0xa2, 0xeb, 0x16, 0x7a, 0xf2, 0xd5, 0x28, 0xc1, 0xfd, 0x4e, ++ 0x03, 0x71 ++ }; + -+ static const unsigned char d[] = -+ "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" -+ "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" -+ "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" -+ "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" -+ "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" -+ "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" -+ "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" -+ "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" -+ "\xC1"; ++ static const unsigned char keydata_e[] = { 0x01, 0x00, 0x01 }; + -+ static const unsigned char p[] = -+ "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" -+ "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" -+ "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" -+ "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" -+ "\x99"; ++ static const unsigned char keydata_d[] = { ++ 0x36, 0x27, 0x3d, 0xb1, 0xf9, 0x1b, 0xdb, 0xa7, 0xa0, 0x41, 0x7f, 0x12, 0x23, 0xac, 0x23, ++ 0x29, 0x99, 0xd5, 0x3a, 0x7b, 0x60, 0x67, 0x41, 0x07, 0x63, 0x53, 0xb4, 0xd2, 0xe7, 0x58, ++ 0x95, 0x0a, 0xc7, 0x05, 0xf3, 0x4e, 0xb2, 0xb4, 0x12, 0xd4, 0x70, 0xdc, 0x4f, 0x85, 0x06, ++ 0xd3, 0xdd, 0xd8, 0x63, 0x27, 0x3e, 0x67, 0x31, 0x21, 0x24, 0x39, 0x04, 0xbc, 0x06, 0xa4, ++ 0xcc, 0xce, 0x2b, 0x7a, 0xfe, 0x7b, 0xad, 0xde, 0x11, 0x6e, 0xa3, 0xa5, 0xe6, 0x04, 0x53, ++ 0x0e, 0xa3, 0x4e, 0x2d, 0xb4, 0x8f, 0x31, 0xbf, 0xca, 0x75, 0x25, 0x52, 0x02, 0x85, 0xde, ++ 0x3d, 0xb2, 0x72, 0x43, 0xb2, 0x89, 0x8a, 0x9a, 0x34, 0x41, 0x26, 0x3f, 0x9a, 0x67, 0xbe, ++ 0xa4, 0x96, 0x7b, 0x0e, 0x75, 0xba, 0xa6, 0x93, 0xd5, 0xb8, 0xd8, 0xb8, 0x57, 0xf2, 0x4b, ++ 0x0f, 0x14, 0x81, 0xd1, 0x57, 0x4e, 0xf6, 0x45, 0x4c, 0xa6, 0x3b, 0xd0, 0x70, 0xca, 0xd3, ++ 0x9d, 0x55, 0xde, 0x22, 0x05, 0xe7, 0x8e, 0x28, 0x4d, 0xee, 0x11, 0xcf, 0xb6, 0x67, 0x76, ++ 0x09, 0xd3, 0xe3, 0x3c, 0x13, 0xf9, 0x99, 0x34, 0x10, 0x7b, 0xec, 0x81, 0x38, 0xf0, 0xb6, ++ 0x34, 0x9c, 0x9b, 0x50, 0x6f, 0x0b, 0x91, 0x81, 0x4d, 0x89, 0x94, 0x04, 0x7b, 0xf0, 0x3c, ++ 0xf4, 0xb1, 0xb2, 0x00, 0x48, 0x8d, 0x5a, 0x8f, 0x88, 0x9e, 0xc5, 0xab, 0x3a, 0x9e, 0x44, ++ 0x3f, 0x54, 0xe7, 0xd9, 0x6e, 0x47, 0xaa, 0xa1, 0xbd, 0x40, 0x46, 0x31, 0xf9, 0xf0, 0x34, ++ 0xb6, 0x04, 0xe1, 0x2b, 0x5b, 0x73, 0x86, 0xdd, 0x3a, 0x92, 0x1b, 0x71, 0xc7, 0x3f, 0x32, ++ 0xe5, 0xc3, 0xc2, 0xab, 0xa1, 0x7e, 0xbf, 0xa4, 0x52, 0xa0, 0xb0, 0x68, 0x90, 0xd1, 0x20, ++ 0x12, 0x79, 0xe9, 0xd7, 0xc9, 0x40, 0xba, 0xf2, 0x19, 0xc7, 0xa5, 0x00, 0x92, 0x86, 0x0d, ++ 0x01 ++ }; + -+ static const unsigned char q[] = -+ "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" -+ "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" -+ "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" -+ "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" -+ "\x03"; ++ static const unsigned char keydata_p[] = { ++ 0x00, 0xfc, 0x5c, 0x6e, 0x16, 0xce, 0x1f, 0x03, 0x7b, 0xcd, 0xf7, 0xb3, 0x72, 0xb2, 0x8f, ++ 0x16, 0x72, 0xb8, 0x56, 0xae, 0xf7, 0xcd, 0x67, 0xd8, 0x4e, 0x7d, 0x07, 0xaf, 0xd5, 0x43, ++ 0x26, 0xc3, 0x35, 0xbe, 0x43, 0x8f, 0x4e, 0x2f, 0x1c, 0x43, 0x4e, 0x6b, 0xd2, 0xb2, 0xec, ++ 0x52, 0x6d, 0x97, 0x52, 0x2b, 0xcc, 0x5c, 0x3a, 0x6b, 0xf4, 0x14, 0xc6, 0x74, 0xda, 0x66, ++ 0x38, 0x1c, 0x7a, 0x3f, 0x84, 0x2f, 0xe3, 0xf9, 0x5a, 0xb8, 0x65, 0x69, 0x46, 0x06, 0xa3, ++ 0x37, 0x79, 0xb2, 0xa1, 0x5b, 0x58, 0xed, 0x5e, 0xa7, 0x5f, 0x8c, 0x65, 0x66, 0xbb, 0xd1, ++ 0x24, 0x36, 0xe6, 0x37, 0xa7, 0x3d, 0x49, 0x77, 0x8a, 0x8c, 0x34, 0xd8, 0x69, 0x29, 0xf3, ++ 0x4d, 0x58, 0x22, 0xb0, 0x51, 0x24, 0xb6, 0x40, 0xa8, 0x86, 0x59, 0x0a, 0xb7, 0xba, 0x5c, ++ 0x97, 0xda, 0x57, 0xe8, 0x36, 0xda, 0x7a, 0x9c, 0xad ++ }; + -+ static const unsigned char dmp1[] = -+ "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" -+ "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" -+ "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" -+ "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; ++ static const unsigned char keydata_q[] = { ++ 0x00, 0xcc, 0xbe, 0x7b, 0x09, 0x69, 0x06, 0xee, 0x45, 0xbf, 0x88, 0x47, 0x38, 0xa8, 0xf8, ++ 0x17, 0xe5, 0xb6, 0xba, 0x67, 0x55, 0xe3, 0xe8, 0x05, 0x8b, 0xb8, 0xe2, 0x53, 0xd6, 0x8e, ++ 0xef, 0x2c, 0xe7, 0x4f, 0x4a, 0xf7, 0x4e, 0x26, 0x8d, 0x85, 0x0b, 0x3f, 0xec, 0xc3, 0x1c, ++ 0xd4, 0xeb, 0xec, 0x6a, 0xc8, 0x72, 0x2a, 0x25, 0x7d, 0xfd, 0xa6, 0x77, 0x96, 0xf0, 0x1e, ++ 0xcd, 0x28, 0x57, 0xf8, 0x37, 0x30, 0x75, 0x6b, 0xbd, 0xd4, 0x7b, 0x0c, 0x87, 0xc5, 0x6c, ++ 0x87, 0x40, 0xa5, 0xbb, 0x27, 0x2c, 0x78, 0xc9, 0x74, 0x5a, 0x54, 0x5b, 0x0b, 0x30, 0x6f, ++ 0x44, 0x4a, 0xfa, 0x71, 0xe4, 0x21, 0x61, 0x66, 0xf9, 0xee, 0x65, 0xde, 0x7c, 0x04, 0xd7, ++ 0xfd, 0xa9, 0x15, 0x5b, 0x7f, 0xe2, 0x7a, 0xba, 0x69, 0x86, 0x72, 0xa6, 0x06, 0x8d, 0x9b, ++ 0x90, 0x55, 0x60, 0x9e, 0x4c, 0x5d, 0xa9, 0xb6, 0x55 ++ }; + -+ static const unsigned char dmq1[] = -+ "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" -+ "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" -+ "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" -+ "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; ++ static const unsigned char keydata_dmp1[] = { ++ 0x7a, 0xd6, 0x12, 0xd0, 0x0e, 0xec, 0x91, 0xa9, 0x85, 0x8b, 0xf8, 0x50, 0xf0, 0x11, 0x2e, ++ 0x00, 0x11, 0x32, 0x40, 0x60, 0x66, 0x1f, 0x11, 0xee, 0xc2, 0x75, 0x27, 0x65, 0x4b, 0x16, ++ 0x67, 0x16, 0x95, 0xd2, 0x14, 0xc3, 0x1d, 0xb3, 0x48, 0x1f, 0xb7, 0xe4, 0x0b, 0x2b, 0x74, ++ 0xc3, 0xdb, 0x50, 0x27, 0xf9, 0x85, 0x3a, 0xfa, 0xa9, 0x08, 0x23, 0xc1, 0x65, 0x3d, 0x34, ++ 0x3a, 0xc8, 0x56, 0x7a, 0x65, 0x45, 0x36, 0x6e, 0xae, 0x2a, 0xce, 0x9f, 0x43, 0x43, 0xd7, ++ 0x10, 0xe9, 0x9e, 0x18, 0xf4, 0xa4, 0x35, 0xda, 0x8a, 0x6b, 0xb0, 0x3f, 0xdd, 0x53, 0xe3, ++ 0xa8, 0xc5, 0x4e, 0x79, 0x9d, 0x1f, 0x51, 0x8c, 0xa2, 0xca, 0x66, 0x3c, 0x6a, 0x2a, 0xff, ++ 0x8e, 0xd2, 0xf3, 0xb7, 0xcb, 0x82, 0xda, 0xde, 0x2c, 0xe6, 0xd2, 0x8c, 0xb3, 0xad, 0xb6, ++ 0x4c, 0x95, 0x55, 0x76, 0xbd, 0xc9, 0xc8, 0xd1 ++ }; + -+ static const unsigned char iqmp[] = -+ "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" -+ "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" -+ "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" -+ "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" -+ "\xF7"; ++ static const unsigned char keydata_dmq1[] = { ++ 0x00, 0x83, 0x23, 0x1d, 0xbb, 0x11, 0x42, 0x17, 0x2b, 0x25, 0x5a, 0x2c, 0x03, 0xe6, 0x75, ++ 0xc1, 0x18, 0xa8, 0xc9, 0x0b, 0x96, 0xbf, 0xba, 0xc4, 0x92, 0x91, 0x80, 0xa5, 0x22, 0x2f, ++ 0xba, 0x91, 0x90, 0x36, 0x01, 0x56, 0x15, 0x00, 0x2c, 0x74, 0xa2, 0x97, 0xf7, 0x15, 0xa1, ++ 0x49, 0xdf, 0x32, 0x35, 0xd2, 0xdd, 0x0c, 0x91, 0xa6, 0xf8, 0xe7, 0xbe, 0x81, 0x36, 0x9b, ++ 0x03, 0xdc, 0x6b, 0x3b, 0xd8, 0x5d, 0x79, 0x57, 0xe0, 0xe6, 0x4f, 0x49, 0xdf, 0x4c, 0x5c, ++ 0x0e, 0xe5, 0x21, 0x41, 0x95, 0xfd, 0xad, 0xff, 0x9a, 0x3e, 0xa0, 0xf9, 0x0f, 0x59, 0x9e, ++ 0x6a, 0xa7, 0x7b, 0x71, 0xa7, 0x24, 0x9a, 0x36, 0x52, 0xae, 0x97, 0x20, 0xc1, 0x5e, 0x78, ++ 0xd9, 0x47, 0x8b, 0x1e, 0x67, 0xf2, 0xaf, 0x98, 0xe6, 0x2d, 0xef, 0x10, 0xd7, 0xf1, 0xab, ++ 0x49, 0xee, 0xe5, 0x4b, 0x7e, 0xae, 0x1f, 0x1d, 0x61 ++ }; + -+ key->n = BN_bin2bn(n, sizeof(n) - 1, key->n); -+ if (corrupt_rsa) -+ BN_set_bit(key->n, 1024); -+ key->e = BN_bin2bn(e, sizeof(e) - 1, key->e); -+ key->d = BN_bin2bn(d, sizeof(d) - 1, key->d); -+ key->p = BN_bin2bn(p, sizeof(p) - 1, key->p); -+ key->q = BN_bin2bn(q, sizeof(q) - 1, key->q); -+ key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1) - 1, key->dmp1); -+ key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1) - 1, key->dmq1); -+ key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp) - 1, key->iqmp); -+ return 1; -+} ++ static const unsigned char keydata_iqmp[] = { ++ 0x23, 0x96, 0xc1, 0x91, 0x17, 0x5e, 0x0a, 0x83, 0xd2, 0xdc, 0x7b, 0x69, 0xb2, 0x59, 0x1d, ++ 0x33, 0x58, 0x52, 0x3f, 0x18, 0xc7, 0x09, 0x50, 0x1c, 0xb9, 0xa1, 0xbb, 0x4c, 0xa2, 0x38, ++ 0x40, 0x4c, 0x9a, 0x8e, 0xfe, 0x9c, 0x90, 0x92, 0xd0, 0x71, 0x9f, 0x89, 0x99, 0x50, 0x91, ++ 0x1f, 0x34, 0x8b, 0x74, 0x53, 0x11, 0x11, 0x4a, 0x70, 0xe2, 0xf7, 0x30, 0xd8, 0x8c, 0x80, ++ 0xe1, 0xcc, 0x9f, 0xf1, 0x63, 0x17, 0x1a, 0x7d, 0x67, 0x29, 0x4c, 0xcb, 0x4e, 0x74, 0x7b, ++ 0xe0, 0x3e, 0x9e, 0x2f, 0xf4, 0x67, 0x8f, 0xec, 0xb9, 0x5c, 0x00, 0x1e, 0x7e, 0xa2, 0x7b, ++ 0x92, 0xc9, 0x6f, 0x4c, 0xe4, 0x0e, 0xf9, 0x48, 0x63, 0xcd, 0x50, 0x22, 0x5d, 0xbf, 0xb6, ++ 0x9d, 0x01, 0x33, 0x6a, 0xf4, 0x50, 0xbe, 0x86, 0x98, 0x4f, 0xca, 0x3f, 0x3a, 0xfa, 0xcf, ++ 0x07, 0x40, 0xc4, 0xaa, 0xad, 0xae, 0xbe, 0xbf ++ }; + -+void FIPS_corrupt_rsa() -+{ -+ corrupt_rsa = 1; ++ int rv = 0; ++ BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; ++ ++ fips_load_key_component(n, keydata); ++ fips_load_key_component(e, keydata); ++ fips_load_key_component(d, keydata); ++ fips_load_key_component(p, keydata); ++ fips_load_key_component(q, keydata); ++ fips_load_key_component(dmp1, keydata); ++ fips_load_key_component(dmq1, keydata); ++ fips_load_key_component(iqmp, keydata); ++ ++ RSA_set0_key(key, n, e, d); ++ RSA_set0_factors(key, p, q); ++ RSA_set0_crt_params(key, dmp1, dmq1, iqmp); ++ ++ rv = 1; ++err: ++ if (!rv) { ++ BN_free(n); ++ BN_free(e); ++ BN_free(d); ++ BN_free(p); ++ BN_free(q); ++ BN_free(dmp1); ++ BN_free(dmq1); ++ BN_free(iqmp); ++ } ++ return rv; +} + +/* Known Answer Test (KAT) data for the above RSA private key signing @@ -10620,200 +9638,292 @@ diff -up openssl-1.0.2h/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.2h/cryp + "OpenSSL FIPS 140-2 Public Key RSA KAT"; + +static const unsigned char kat_RSA_PSS_SHA1[] = { -+ 0x2D, 0xAF, 0x6E, 0xC2, 0x98, 0xFB, 0x8A, 0xA1, 0xB9, 0x46, 0xDA, 0x0F, -+ 0x01, 0x1E, 0x37, 0x93, 0xC2, 0x55, 0x27, 0xE4, 0x1D, 0xD2, 0x90, 0xBB, -+ 0xF4, 0xBF, 0x4A, 0x74, 0x39, 0x51, 0xBB, 0xE8, 0x0C, 0xB7, 0xF8, 0xD3, -+ 0xD1, 0xDF, 0xE7, 0xBE, 0x80, 0x05, 0xC3, 0xB5, 0xC7, 0x83, 0xD5, 0x4C, -+ 0x7F, 0x49, 0xFB, 0x3F, 0x29, 0x9B, 0xE1, 0x12, 0x51, 0x60, 0xD0, 0xA7, -+ 0x0D, 0xA9, 0x28, 0x56, 0x73, 0xD9, 0x07, 0xE3, 0x5E, 0x3F, 0x9B, 0xF5, -+ 0xB6, 0xF3, 0xF2, 0x5E, 0x74, 0xC9, 0x83, 0x81, 0x47, 0xF0, 0xC5, 0x45, -+ 0x0A, 0xE9, 0x8E, 0x38, 0xD7, 0x18, 0xC6, 0x2A, 0x0F, 0xF8, 0xB7, 0x31, -+ 0xD6, 0x55, 0xE4, 0x66, 0x78, 0x81, 0xD4, 0xE6, 0xDB, 0x9F, 0xBA, 0xE8, -+ 0x23, 0xB5, 0x7F, 0xDC, 0x08, 0xEA, 0xD5, 0x26, 0x1E, 0x20, 0x25, 0x84, -+ 0x26, 0xC6, 0x79, 0xC9, 0x9B, 0x3D, 0x7E, 0xA9 ++ 0xC2, 0x80, 0x82, 0x56, 0xD8, 0xA7, 0xB2, 0x9C, 0xF5, 0xD6, 0x3C, 0xE3, ++ 0xBF, 0xE9, 0x3A, 0x53, 0x40, 0xAE, 0xF2, 0xA9, 0x6A, 0x39, 0x49, 0x5B, ++ 0x05, 0x7F, 0x67, 0x38, 0x2E, 0x1D, 0xE1, 0x93, 0x22, 0x65, 0x79, 0x84, ++ 0x68, 0xFA, 0xD8, 0xAF, 0xA1, 0x98, 0x61, 0x6F, 0x44, 0x27, 0xA6, 0x8B, ++ 0xCF, 0x0E, 0x13, 0xA9, 0xCE, 0xD7, 0x6C, 0xD2, 0x38, 0xB5, 0x16, 0xB9, ++ 0x66, 0x94, 0x48, 0xDE, 0x9E, 0x19, 0x3D, 0x6F, 0xB3, 0xA1, 0x9A, 0x19, ++ 0xDF, 0xFB, 0xAB, 0xA5, 0x9F, 0x38, 0xDA, 0xC9, 0x21, 0x8F, 0xCE, 0x98, ++ 0x01, 0x3A, 0xC8, 0xE0, 0xDF, 0xDA, 0xFC, 0xF0, 0xA6, 0x86, 0x29, 0xB5, ++ 0x7F, 0x61, 0xFB, 0xBA, 0xC5, 0x49, 0xB2, 0x7C, 0x6A, 0x26, 0x82, 0xC4, ++ 0x8F, 0xAA, 0x5B, 0x10, 0xD5, 0xEE, 0xA0, 0x55, 0x42, 0xEF, 0x32, 0x5A, ++ 0x3F, 0x55, 0xB3, 0x2C, 0x22, 0xE9, 0x65, 0xDA, 0x8D, 0x0A, 0xB9, 0x70, ++ 0x43, 0xCC, 0x3F, 0x64, 0x9C, 0xB5, 0x65, 0x49, 0xBD, 0x7F, 0x35, 0xC1, ++ 0x20, 0x85, 0x24, 0xFE, 0xAA, 0x6B, 0x37, 0x04, 0xA1, 0x0E, 0x9D, 0x5C, ++ 0xBA, 0x7F, 0x14, 0x69, 0xC5, 0x93, 0xB2, 0x33, 0xC2, 0xC0, 0xC7, 0xDF, ++ 0x7E, 0x9E, 0xA4, 0xB0, 0xA0, 0x64, 0xD2, 0xAC, 0xFC, 0xFD, 0xFD, 0x99, ++ 0x8F, 0x6A, 0x40, 0x26, 0xC1, 0x2E, 0x4E, 0x8B, 0x33, 0xBE, 0xF1, 0x45, ++ 0x59, 0x8F, 0x33, 0x40, 0x1D, 0x2A, 0xD2, 0xF7, 0x50, 0x83, 0x89, 0xCF, ++ 0x94, 0xC6, 0xF8, 0x36, 0xF0, 0x84, 0x0B, 0x85, 0xA5, 0x02, 0xA9, 0x0F, ++ 0x41, 0x7A, 0x77, 0xA3, 0x2F, 0x47, 0x1E, 0x1D, 0xEC, 0xE6, 0xD3, 0x01, ++ 0x1E, 0x6F, 0x7A, 0x96, 0x50, 0x37, 0x37, 0x4B, 0x27, 0x52, 0x0B, 0xDC, ++ 0xDB, 0xC7, 0xA9, 0x31, 0xB2, 0x40, 0xEE, 0x60, 0x41, 0x26, 0x6A, 0x05, ++ 0xCE, 0x08, 0x1D, 0x89 +}; + +static const unsigned char kat_RSA_PSS_SHA224[] = { -+ 0x39, 0x4A, 0x6A, 0x20, 0xBC, 0xE9, 0x33, 0xED, 0xEF, 0xC5, 0x58, 0xA7, -+ 0xFE, 0x81, 0xC4, 0x36, 0x50, 0x9A, 0x2C, 0x82, 0x98, 0x08, 0x95, 0xFA, -+ 0xB1, 0x9E, 0xD2, 0x55, 0x61, 0x87, 0x21, 0x59, 0x87, 0x7B, 0x1F, 0x57, -+ 0x30, 0x9D, 0x0D, 0x4A, 0x06, 0xEB, 0x52, 0x37, 0x55, 0x54, 0x1C, 0x89, -+ 0x83, 0x75, 0x59, 0x65, 0x64, 0x90, 0x2E, 0x16, 0xCC, 0x86, 0x05, 0xEE, -+ 0xB1, 0xE6, 0x7B, 0xBA, 0x16, 0x75, 0x0D, 0x0C, 0x64, 0x0B, 0xAB, 0x22, -+ 0x15, 0x78, 0x6B, 0x6F, 0xA4, 0xFB, 0x77, 0x40, 0x64, 0x62, 0xD1, 0xB5, -+ 0x37, 0x1E, 0xE0, 0x3D, 0xA8, 0xF9, 0xD2, 0xBD, 0xAA, 0x38, 0x24, 0x49, -+ 0x58, 0xD2, 0x74, 0x85, 0xF4, 0xB5, 0x93, 0x8E, 0xF5, 0x03, 0xEA, 0x2D, -+ 0xC8, 0x52, 0xFA, 0xCF, 0x7E, 0x35, 0xB0, 0x6A, 0xAF, 0x95, 0xC0, 0x00, -+ 0x54, 0x76, 0x3D, 0x0C, 0x9C, 0xB2, 0xEE, 0xC0 ++ 0xB4, 0x01, 0x93, 0x16, 0x05, 0xF6, 0xEB, 0xE2, 0xA4, 0xEB, 0x48, 0xAA, ++ 0x00, 0xF4, 0xA1, 0x99, 0x0A, 0xB4, 0xB6, 0x63, 0xE9, 0x68, 0xCA, 0xB3, ++ 0x13, 0xD7, 0x66, 0x6A, 0xCD, 0xCB, 0x33, 0x9F, 0xE5, 0x84, 0xE2, 0xC3, ++ 0x0B, 0x53, 0xE5, 0x8B, 0x96, 0x4B, 0xDB, 0x2D, 0x80, 0xA4, 0x1D, 0xE3, ++ 0x81, 0xDC, 0x52, 0x99, 0xBA, 0x9B, 0x6A, 0x9D, 0x48, 0x1F, 0x73, 0xF7, ++ 0xAC, 0x09, 0x13, 0xA1, 0x16, 0x2C, 0x60, 0xFB, 0xBC, 0x25, 0xF7, 0x53, ++ 0xD1, 0x04, 0x5A, 0x3F, 0x95, 0x09, 0x5E, 0xE5, 0xA2, 0x7D, 0xFC, 0x2A, ++ 0x51, 0x1D, 0x21, 0xCE, 0x2B, 0x4E, 0x1B, 0xB8, 0xCB, 0xDD, 0x24, 0xEE, ++ 0x99, 0x1D, 0x37, 0xDC, 0xED, 0x5F, 0x2F, 0x48, 0x5E, 0x33, 0x94, 0x06, ++ 0x19, 0xCD, 0x5A, 0x26, 0x85, 0x77, 0x9D, 0xAF, 0x86, 0x97, 0xC9, 0x08, ++ 0xD5, 0x81, 0x0E, 0xB8, 0x9F, 0xB6, 0xAF, 0x20, 0x72, 0xDC, 0x13, 0x4D, ++ 0x7A, 0xE4, 0x5C, 0x81, 0xDE, 0xC0, 0x3D, 0x19, 0x9C, 0x33, 0x11, 0x07, ++ 0xD5, 0xA9, 0x51, 0x67, 0xCD, 0xFD, 0x37, 0x61, 0x14, 0x9F, 0xE7, 0x70, ++ 0x18, 0x32, 0xC3, 0x34, 0x54, 0x0D, 0x4F, 0xB4, 0xAE, 0x9F, 0xEC, 0x64, ++ 0xD8, 0xB2, 0x16, 0xA4, 0xB2, 0x99, 0x92, 0xCB, 0x7F, 0x1F, 0x06, 0x17, ++ 0x5F, 0xA1, 0x07, 0x68, 0xAE, 0xA7, 0x2D, 0x03, 0x91, 0x2A, 0x9D, 0x69, ++ 0xC2, 0x9D, 0x90, 0xF7, 0xF9, 0x66, 0x5D, 0x13, 0xB7, 0x7F, 0xD3, 0x97, ++ 0x45, 0x97, 0x43, 0xD8, 0xCE, 0x3C, 0xF2, 0x98, 0x98, 0xDD, 0xE2, 0x2D, ++ 0xCF, 0xA1, 0xC4, 0x25, 0x46, 0x2E, 0xD2, 0xE5, 0x5F, 0xC6, 0x01, 0xC5, ++ 0x4F, 0x42, 0x2B, 0xDE, 0x0F, 0xEA, 0x4A, 0x4F, 0xC3, 0x5B, 0xDF, 0x9B, ++ 0x5D, 0x30, 0x18, 0x93, 0xD0, 0xDE, 0xC5, 0x09, 0xAA, 0x57, 0x57, 0xBD, ++ 0x2D, 0x84, 0x03, 0xB7 +}; + +static const unsigned char kat_RSA_PSS_SHA256[] = { -+ 0x6D, 0x3D, 0xBE, 0x8F, 0x60, 0x6D, 0x25, 0x14, 0xF0, 0x31, 0xE3, 0x89, -+ 0x00, 0x97, 0xFA, 0x99, 0x71, 0x28, 0xE5, 0x10, 0x25, 0x9A, 0xF3, 0x8F, -+ 0x7B, 0xC5, 0xA8, 0x4A, 0x74, 0x51, 0x36, 0xE2, 0x8D, 0x7D, 0x73, 0x28, -+ 0xC1, 0x77, 0xC6, 0x27, 0x97, 0x00, 0x8B, 0x00, 0xA3, 0x96, 0x73, 0x4E, -+ 0x7D, 0x2E, 0x2C, 0x34, 0x68, 0x8C, 0x8E, 0xDF, 0x9D, 0x49, 0x47, 0x05, -+ 0xAB, 0xF5, 0x01, 0xD6, 0x81, 0x47, 0x70, 0xF5, 0x1D, 0x6D, 0x26, 0xBA, -+ 0x2F, 0x7A, 0x54, 0x53, 0x4E, 0xED, 0x71, 0xD9, 0x5A, 0xF3, 0xDA, 0xB6, -+ 0x0B, 0x47, 0x34, 0xAF, 0x90, 0xDC, 0xC8, 0xD9, 0x6F, 0x56, 0xCD, 0x9F, -+ 0x21, 0xB7, 0x7E, 0xAD, 0x7C, 0x2F, 0x75, 0x50, 0x47, 0x12, 0xE4, 0x6D, -+ 0x5F, 0xB7, 0x01, 0xDF, 0xC3, 0x11, 0x6C, 0xA9, 0x9E, 0x49, 0xB9, 0xF6, -+ 0x72, 0xF4, 0xF6, 0xEF, 0x88, 0x1E, 0x2D, 0x1C ++ 0x38, 0xDA, 0x99, 0x51, 0x26, 0x38, 0xC6, 0x7F, 0xC4, 0x81, 0x57, 0x19, ++ 0x35, 0xC6, 0xF6, 0x1E, 0x90, 0x47, 0x20, 0x55, 0x47, 0x56, 0x26, 0xE9, ++ 0xF2, 0xA8, 0x39, 0x6C, 0xD5, 0xCD, 0xCB, 0x55, 0xFC, 0x0C, 0xC5, 0xCB, ++ 0xF7, 0x40, 0x17, 0x3B, 0xCF, 0xE4, 0x05, 0x03, 0x3B, 0xA0, 0xB2, 0xC9, ++ 0x0D, 0x5E, 0x48, 0x3A, 0xE9, 0xAD, 0x28, 0x71, 0x7D, 0x8F, 0x89, 0x16, ++ 0x59, 0x93, 0x35, 0xDC, 0x4D, 0x7B, 0xDF, 0x84, 0xE4, 0x68, 0xAA, 0x33, ++ 0xAA, 0xDC, 0x66, 0x50, 0xC8, 0xA9, 0x32, 0x12, 0xDC, 0xC6, 0x90, 0x49, ++ 0x0B, 0x75, 0xFF, 0x9B, 0x95, 0x00, 0x9A, 0x90, 0xE0, 0xD4, 0x0E, 0x67, ++ 0xAB, 0x3C, 0x47, 0x36, 0xC5, 0x2E, 0x1C, 0x46, 0xF0, 0x2D, 0xD3, 0x8B, ++ 0x42, 0x08, 0xDE, 0x0D, 0xB6, 0x2C, 0x86, 0xB0, 0x35, 0x71, 0x18, 0x6B, ++ 0x89, 0x67, 0xC0, 0x05, 0xAD, 0xF4, 0x1D, 0x62, 0x4E, 0x75, 0xEC, 0xD6, ++ 0xC2, 0xDB, 0x07, 0xB0, 0xB6, 0x8D, 0x15, 0xAD, 0xCD, 0xBF, 0xF5, 0x60, ++ 0x76, 0xAE, 0x48, 0xB8, 0x77, 0x7F, 0xC5, 0x01, 0xD9, 0x29, 0xBB, 0xD6, ++ 0x17, 0xA2, 0x20, 0x5A, 0xC0, 0x4A, 0x3B, 0x34, 0xC8, 0xB9, 0x39, 0xCF, ++ 0x06, 0x89, 0x95, 0x6F, 0xC7, 0xCA, 0xC4, 0xE4, 0x43, 0xDF, 0x5A, 0x23, ++ 0xE2, 0x89, 0xA3, 0x38, 0x78, 0x31, 0x38, 0xC6, 0xA4, 0x6F, 0x5F, 0x73, ++ 0x5A, 0xE5, 0x9E, 0x09, 0xE7, 0x6F, 0xD4, 0xF8, 0x3E, 0xB7, 0xB0, 0x56, ++ 0x9A, 0xF3, 0x65, 0xF0, 0xC2, 0xA6, 0x8A, 0x08, 0xBA, 0x44, 0xAC, 0x97, ++ 0xDE, 0xB4, 0x16, 0x83, 0xDF, 0xE3, 0xEE, 0x71, 0xFA, 0xF9, 0x51, 0x50, ++ 0x14, 0xDC, 0xFD, 0x6A, 0x82, 0x20, 0x68, 0x64, 0x7D, 0x4E, 0x82, 0x68, ++ 0xD7, 0x45, 0xFA, 0x6A, 0xE4, 0xE5, 0x29, 0x3A, 0x70, 0xFB, 0xE4, 0x62, ++ 0x2B, 0x31, 0xB9, 0x7D +}; + +static const unsigned char kat_RSA_PSS_SHA384[] = { -+ 0x40, 0xFB, 0xA1, 0x21, 0xF4, 0xB2, 0x40, 0x9A, 0xB4, 0x31, 0xA8, 0xF2, -+ 0xEC, 0x1C, 0xC4, 0xC8, 0x7C, 0x22, 0x65, 0x9C, 0x57, 0x45, 0xCD, 0x5E, -+ 0x86, 0x00, 0xF7, 0x25, 0x78, 0xDE, 0xDC, 0x7A, 0x71, 0x44, 0x9A, 0xCD, -+ 0xAA, 0x25, 0xF4, 0xB2, 0xFC, 0xF0, 0x75, 0xD9, 0x2F, 0x78, 0x23, 0x7F, -+ 0x6F, 0x02, 0xEF, 0xC1, 0xAF, 0xA6, 0x28, 0x16, 0x31, 0xDC, 0x42, 0x6C, -+ 0xB2, 0x44, 0xE5, 0x4D, 0x66, 0xA2, 0xE6, 0x71, 0xF3, 0xAC, 0x4F, 0xFB, -+ 0x91, 0xCA, 0xF5, 0x70, 0xEF, 0x6B, 0x9D, 0xA4, 0xEF, 0xD9, 0x3D, 0x2F, -+ 0x3A, 0xBE, 0x89, 0x38, 0x59, 0x01, 0xBA, 0xDA, 0x32, 0xAD, 0x42, 0x89, -+ 0x98, 0x8B, 0x39, 0x44, 0xF0, 0xFC, 0x38, 0xAC, 0x87, 0x1F, 0xCA, 0x6F, -+ 0x48, 0xF6, 0xAE, 0xD7, 0x45, 0xEE, 0xAE, 0x88, 0x0E, 0x60, 0xF4, 0x55, -+ 0x48, 0x44, 0xEE, 0x1F, 0x90, 0x18, 0x4B, 0xF1 ++ 0x99, 0x02, 0xC9, 0x1E, 0x31, 0x82, 0xB4, 0xE6, 0x1B, 0x32, 0xCE, 0x5D, ++ 0x41, 0x1D, 0x00, 0x2F, 0x04, 0x8B, 0xBD, 0x37, 0x79, 0xCF, 0x77, 0x03, ++ 0x05, 0x6A, 0x21, 0xC7, 0x8D, 0x24, 0x60, 0x49, 0x39, 0x58, 0xC5, 0x27, ++ 0x8F, 0xC5, 0x97, 0x4A, 0xB2, 0xE1, 0xD4, 0x36, 0x57, 0xBD, 0x43, 0xCC, ++ 0x7B, 0xCE, 0xF2, 0xA5, 0x30, 0xF8, 0x72, 0x14, 0xBB, 0xD0, 0x9F, 0xC1, ++ 0x49, 0xC8, 0x1C, 0xAF, 0xCD, 0x95, 0x78, 0x72, 0x25, 0xF9, 0x45, 0xC6, ++ 0x5B, 0x62, 0x5E, 0x01, 0xD7, 0x40, 0x5E, 0xC8, 0xCA, 0x0A, 0xF3, 0xBA, ++ 0x08, 0x07, 0x88, 0xCA, 0x49, 0x36, 0x84, 0x7D, 0xF6, 0xFC, 0x5A, 0xDB, ++ 0xFC, 0x50, 0xD3, 0xEB, 0x3D, 0x83, 0xB0, 0xF5, 0x94, 0x5E, 0x88, 0xC3, ++ 0x82, 0xCD, 0x53, 0x40, 0x96, 0x18, 0x6B, 0x4A, 0x6C, 0x9C, 0xFE, 0xE5, ++ 0x3B, 0x75, 0xF9, 0xEB, 0xA5, 0x77, 0x11, 0xEF, 0x88, 0x1C, 0x25, 0x70, ++ 0x7D, 0x88, 0x5D, 0xC3, 0xCA, 0xE1, 0x49, 0x14, 0x90, 0xAD, 0xF2, 0x5E, ++ 0x49, 0xD7, 0x99, 0xA5, 0x7B, 0x77, 0x3B, 0x8E, 0xB8, 0xDB, 0xF1, 0x4C, ++ 0xD6, 0x9A, 0xDC, 0xE5, 0x7A, 0x1C, 0xE1, 0xCE, 0x9D, 0xF1, 0xF3, 0xA0, ++ 0x0A, 0x35, 0x52, 0x9D, 0xB9, 0x46, 0x94, 0x82, 0x0F, 0xF7, 0xB2, 0x62, ++ 0x51, 0x70, 0x75, 0xD2, 0x37, 0x96, 0x67, 0x2F, 0xD0, 0x22, 0xD8, 0x07, ++ 0x8D, 0x69, 0x9E, 0x6D, 0x0B, 0x40, 0x4F, 0x70, 0xEC, 0x0B, 0xCA, 0x88, ++ 0x80, 0x8D, 0x9A, 0xF4, 0xF9, 0x18, 0x50, 0x27, 0x08, 0xFA, 0xCC, 0xC7, ++ 0x3F, 0xE4, 0x84, 0x83, 0xA1, 0xB6, 0x1D, 0x23, 0x34, 0xFE, 0x48, 0xE5, ++ 0xE3, 0xAE, 0x4D, 0x98, 0xBC, 0xA6, 0x8A, 0x9F, 0xFD, 0x4D, 0xDB, 0x9D, ++ 0xF7, 0xEB, 0x4E, 0xB6, 0x6F, 0x25, 0xEA, 0x7A, 0xE9, 0x85, 0xB2, 0xEF, ++ 0x90, 0xD2, 0xA6, 0x2B +}; + +static const unsigned char kat_RSA_PSS_SHA512[] = { -+ 0x07, 0x1E, 0xD8, 0xD5, 0x05, 0xE8, 0xE6, 0xE6, 0x57, 0xAE, 0x63, 0x8C, -+ 0xC6, 0x83, 0xB7, 0xA0, 0x59, 0xBB, 0xF2, 0xC6, 0x8F, 0x12, 0x53, 0x9A, -+ 0x9B, 0x54, 0x9E, 0xB3, 0xC1, 0x1D, 0x23, 0x4D, 0x51, 0xED, 0x9E, 0xDD, -+ 0x4B, 0xF3, 0x46, 0x9B, 0x6B, 0xF6, 0x7C, 0x24, 0x60, 0x79, 0x23, 0x39, -+ 0x01, 0x1C, 0x51, 0xCB, 0xD8, 0xE9, 0x9A, 0x01, 0x67, 0x5F, 0xFE, 0xD7, -+ 0x7C, 0xE3, 0x7F, 0xED, 0xDB, 0x87, 0xBB, 0xF0, 0x3D, 0x78, 0x55, 0x61, -+ 0x57, 0xE3, 0x0F, 0xE3, 0xD2, 0x9D, 0x0C, 0x2A, 0x20, 0xB0, 0x85, 0x13, -+ 0xC5, 0x47, 0x34, 0x0D, 0x32, 0x15, 0xC8, 0xAE, 0x9A, 0x6A, 0x39, 0x63, -+ 0x2D, 0x60, 0xF5, 0x4C, 0xDF, 0x8A, 0x48, 0x4B, 0xBF, 0xF4, 0xA8, 0xFE, -+ 0x76, 0xF2, 0x32, 0x1B, 0x9C, 0x7C, 0xCA, 0xFE, 0x7F, 0x80, 0xC2, 0x88, -+ 0x5C, 0x97, 0x70, 0xB4, 0x26, 0xC9, 0x14, 0x8B ++ 0x3F, 0x83, 0x43, 0x78, 0x25, 0xBE, 0x81, 0xB2, 0x6E, 0x78, 0x11, 0x32, ++ 0xD0, 0x88, 0x05, 0x53, 0x95, 0xED, 0x81, 0x12, 0xCE, 0x50, 0xD9, 0x06, ++ 0x42, 0x89, 0xA0, 0x55, 0x7A, 0x05, 0x13, 0x94, 0x35, 0x9B, 0xCA, 0x5D, ++ 0xCB, 0xB2, 0x32, 0xE1, 0x04, 0x99, 0xEC, 0xE7, 0xA6, 0x69, 0x4D, 0x2B, ++ 0xC1, 0x57, 0x13, 0x48, 0x0D, 0x6B, 0x4D, 0x83, 0x28, 0x06, 0x79, 0x9D, ++ 0xB4, 0x70, 0xCE, 0xC0, 0xFC, 0x3B, 0x69, 0xB3, 0x91, 0x54, 0xA9, 0x44, ++ 0x2E, 0xDA, 0x4A, 0xC5, 0xC2, 0x99, 0xF0, 0xDE, 0xCA, 0x77, 0x99, 0x6B, ++ 0x0C, 0x79, 0xE5, 0x29, 0x74, 0x83, 0x69, 0xEA, 0xB8, 0x72, 0x30, 0x3D, ++ 0x7A, 0x30, 0xE1, 0x03, 0x7B, 0x09, 0xE6, 0x11, 0xC0, 0xDC, 0xFF, 0xFD, ++ 0xBD, 0xEC, 0x9C, 0xCC, 0x46, 0x7B, 0x4C, 0x4C, 0x59, 0xBE, 0x82, 0x7C, ++ 0xF5, 0x60, 0x5A, 0xC3, 0xE8, 0xA8, 0x8A, 0x38, 0x9E, 0x01, 0x57, 0xF1, ++ 0x79, 0x3A, 0x7C, 0xA3, 0x9F, 0x12, 0x1A, 0x4F, 0x2E, 0xA2, 0xE5, 0x0A, ++ 0xAB, 0xC0, 0xF4, 0xA5, 0xE3, 0x5F, 0x89, 0x1C, 0x8F, 0xA4, 0x5E, 0xCE, ++ 0x0D, 0x91, 0x05, 0x1B, 0x17, 0x62, 0x48, 0xFE, 0xA5, 0x4C, 0xEF, 0x2D, ++ 0x28, 0xF1, 0x5E, 0xE6, 0xD1, 0x30, 0x89, 0x0A, 0xAD, 0x18, 0xAF, 0x6F, ++ 0x04, 0x09, 0x36, 0x9A, 0xFF, 0xCA, 0xA1, 0xA7, 0x05, 0x7F, 0xD4, 0xBF, ++ 0x3A, 0xB5, 0x42, 0x6D, 0xE9, 0x07, 0x29, 0x65, 0x8B, 0xAD, 0x4D, 0x0F, ++ 0x22, 0xE1, 0x59, 0x43, 0x68, 0x87, 0xA8, 0x8B, 0xBC, 0x69, 0xA1, 0x94, ++ 0x22, 0x3E, 0x8A, 0x49, 0xE8, 0xA3, 0x6F, 0xC2, 0x93, 0x58, 0xE7, 0xAE, ++ 0xC9, 0x1F, 0xCF, 0x61, 0x93, 0xFC, 0xC1, 0xF6, 0xF3, 0x27, 0x7F, 0x0A, ++ 0x90, 0xE0, 0x65, 0x32, 0x57, 0x47, 0xE2, 0xED, 0x08, 0x59, 0xA6, 0xF0, ++ 0x17, 0x2C, 0x13, 0xE0 +}; + +static const unsigned char kat_RSA_SHA1[] = { -+ 0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C, -+ 0x4A, 0xFD, 0x1A, 0x05, 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B, -+ 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, 0x55, 0x77, 0x90, 0xCF, -+ 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8, -+ 0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1, -+ 0x20, 0x22, 0xBE, 0x59, 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA, -+ 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, 0x4E, 0xCA, 0x2E, 0x4E, -+ 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F, -+ 0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F, -+ 0x72, 0x05, 0xDE, 0xE6, 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95, -+ 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4 ++ 0x3B, 0x60, 0x4B, 0xFC, 0x54, 0x28, 0x23, 0xE6, 0x2F, 0x05, 0x04, 0xBA, ++ 0x9D, 0xE4, 0x3C, 0xB8, 0x5B, 0x60, 0x5C, 0xCD, 0x9D, 0xEA, 0xC3, 0x4C, ++ 0xC2, 0x33, 0xE6, 0xC6, 0x21, 0x48, 0x76, 0xEC, 0xB2, 0xF5, 0x11, 0xDE, ++ 0x44, 0xB4, 0xAF, 0x16, 0x11, 0xC3, 0x18, 0x16, 0xB3, 0x69, 0xBB, 0x94, ++ 0xED, 0xE8, 0xB3, 0x9E, 0xB1, 0x43, 0x8E, 0xCE, 0xB4, 0x34, 0x9B, 0x08, ++ 0x22, 0xAF, 0x31, 0x73, 0xB5, 0xFA, 0x11, 0x7E, 0x8F, 0x13, 0x52, 0xEC, ++ 0xC9, 0x03, 0xEE, 0x0D, 0x2B, 0x91, 0x32, 0xF2, 0x8E, 0xDF, 0x02, 0xE0, ++ 0x0A, 0x47, 0xD2, 0x0A, 0x51, 0x00, 0x1A, 0x30, 0x6F, 0x0C, 0xB3, 0x54, ++ 0x64, 0x20, 0x90, 0x0C, 0x01, 0xBE, 0xC0, 0x42, 0x8C, 0x5D, 0x18, 0x6F, ++ 0x32, 0x75, 0x45, 0x7B, 0x1C, 0x04, 0xA2, 0x9F, 0x84, 0xD7, 0xF5, 0x3A, ++ 0x95, 0xD4, 0xE8, 0x8D, 0xEC, 0x99, 0xEF, 0x18, 0x5E, 0x64, 0xD3, 0xAF, ++ 0xF8, 0xD4, 0xFF, 0x3C, 0x87, 0xA0, 0x3F, 0xC7, 0x22, 0x05, 0xFD, 0xFD, ++ 0x29, 0x8A, 0x28, 0xDA, 0xA9, 0x8A, 0x8B, 0x23, 0x62, 0x9D, 0x42, 0xB8, ++ 0x4A, 0x76, 0x0D, 0x9F, 0x9A, 0xE0, 0xE6, 0xDD, 0xAD, 0x5E, 0x5F, 0xD5, ++ 0x32, 0xE9, 0x4B, 0x97, 0x7D, 0x62, 0x0A, 0xB3, 0xBE, 0xF2, 0x8C, 0x1F, ++ 0x2B, 0x22, 0x06, 0x15, 0x33, 0x71, 0xED, 0x9B, 0xA0, 0x82, 0xCE, 0xBF, ++ 0x3B, 0x08, 0x5F, 0xA7, 0x20, 0x94, 0x09, 0xEB, 0x82, 0xA5, 0x41, 0x60, ++ 0xF1, 0x08, 0xEB, 0x8D, 0xCC, 0x8D, 0xC9, 0x52, 0x0A, 0xAF, 0xF4, 0xF9, ++ 0x9F, 0x82, 0xD8, 0x0B, 0x75, 0x5E, 0xE4, 0xAF, 0x65, 0x96, 0xAF, 0xFC, ++ 0x33, 0xBF, 0x9F, 0x3E, 0xA4, 0x7B, 0x86, 0xC7, 0xF7, 0x47, 0xAB, 0x37, ++ 0x05, 0xD6, 0x0D, 0x31, 0x72, 0x8C, 0x80, 0x1E, 0xA9, 0x54, 0xFC, 0xDF, ++ 0x27, 0x90, 0xE2, 0x01 +}; + +static const unsigned char kat_RSA_SHA224[] = { -+ 0x62, 0xAA, 0x79, 0xA9, 0x18, 0x0E, 0x5F, 0x8C, 0xBB, 0xB7, 0x15, 0xF9, -+ 0x25, 0xBB, 0xFA, 0xD4, 0x3A, 0x34, 0xED, 0x9E, 0xA0, 0xA9, 0x18, 0x8D, -+ 0x5B, 0x55, 0x9A, 0x7E, 0x1E, 0x08, 0x08, 0x60, 0xC5, 0x1A, 0xC5, 0x89, -+ 0x08, 0xE2, 0x1B, 0xBD, 0x62, 0x50, 0x17, 0x76, 0x30, 0x2C, 0x9E, 0xCD, -+ 0xA4, 0x02, 0xAD, 0xB1, 0x6D, 0x44, 0x6D, 0xD5, 0xC6, 0x45, 0x41, 0xE5, -+ 0xEE, 0x1F, 0x8D, 0x7E, 0x08, 0x16, 0xA6, 0xE1, 0x5E, 0x0B, 0xA9, 0xCC, -+ 0xDB, 0x59, 0x55, 0x87, 0x09, 0x25, 0x70, 0x86, 0x84, 0x02, 0xC6, 0x3B, -+ 0x0B, 0x44, 0x4C, 0x46, 0x95, 0xF4, 0xF8, 0x5A, 0x91, 0x28, 0x3E, 0xB2, -+ 0x58, 0x2E, 0x06, 0x45, 0x49, 0xE0, 0x92, 0xE2, 0xC0, 0x66, 0xE6, 0x35, -+ 0xD9, 0x79, 0x7F, 0x17, 0x5E, 0x02, 0x73, 0x04, 0x77, 0x82, 0xE6, 0xDC, -+ 0x40, 0x21, 0x89, 0x8B, 0x37, 0x3E, 0x1E, 0x8D ++ 0xA2, 0xD8, 0x42, 0x53, 0xDD, 0xBF, 0x1F, 0x6B, 0x07, 0xE0, 0x60, 0x86, ++ 0x5A, 0x60, 0x06, 0x8F, 0x44, 0xD9, 0xB0, 0x4A, 0xAA, 0x90, 0x71, 0xB8, ++ 0xB2, 0xBC, 0x30, 0x41, 0x50, 0xBB, 0xFD, 0x46, 0x98, 0x4D, 0xC0, 0x89, ++ 0x57, 0x85, 0x8A, 0x97, 0x49, 0x25, 0xA8, 0x0C, 0x69, 0x70, 0x19, 0x39, ++ 0x66, 0x24, 0xB4, 0x69, 0x47, 0xD2, 0x7C, 0xDE, 0x2D, 0x37, 0x59, 0xB3, ++ 0xE3, 0xC7, 0x6B, 0xDD, 0xBE, 0xE1, 0xE6, 0x28, 0x9A, 0x8D, 0x42, 0x3E, ++ 0x28, 0x01, 0xD7, 0x03, 0xC9, 0x73, 0xC3, 0x6B, 0x03, 0xEC, 0x1E, 0xF8, ++ 0x53, 0x8B, 0x52, 0x42, 0x89, 0x55, 0xB7, 0x87, 0xA9, 0x94, 0xC2, 0xB4, ++ 0x4B, 0x76, 0xF5, 0x61, 0x47, 0xE1, 0x44, 0x7B, 0xEC, 0xB4, 0x25, 0x66, ++ 0xC0, 0xFF, 0xEB, 0x86, 0x24, 0xAA, 0xA8, 0x72, 0xC7, 0xFB, 0xFB, 0xF6, ++ 0x84, 0xA7, 0x5B, 0xD4, 0x87, 0xE5, 0x84, 0x56, 0x1E, 0x4C, 0xE5, 0xBC, ++ 0x87, 0x94, 0xAC, 0x9C, 0x1B, 0x3D, 0xF7, 0xD4, 0x36, 0x85, 0x9F, 0xC9, ++ 0xF6, 0x43, 0x3F, 0xB6, 0x25, 0x33, 0x48, 0x0F, 0xE5, 0x7C, 0xCD, 0x53, ++ 0x48, 0xEB, 0x02, 0x11, 0xB9, 0x9E, 0xC3, 0xB4, 0xE1, 0x54, 0xD6, 0xAA, ++ 0x1A, 0x9E, 0x10, 0xE1, 0x27, 0x25, 0xF2, 0xE1, 0xAB, 0xAB, 0x6C, 0x45, ++ 0x61, 0xD5, 0xA3, 0x6C, 0xB6, 0x33, 0x52, 0xAE, 0x3D, 0xFD, 0x22, 0xFC, ++ 0x3A, 0xAB, 0x63, 0x94, 0xB5, 0x3A, 0x69, 0x11, 0xAC, 0x99, 0x4F, 0x33, ++ 0x67, 0x0A, 0x1A, 0x70, 0x1E, 0xB9, 0xE2, 0x26, 0x27, 0x68, 0xEA, 0xF5, ++ 0x97, 0x55, 0xAC, 0x83, 0x6A, 0x40, 0x3B, 0x56, 0xAE, 0x13, 0x88, 0xE8, ++ 0x98, 0x72, 0x52, 0x91, 0x7F, 0x78, 0x0A, 0x18, 0xD4, 0x44, 0x78, 0x83, ++ 0x0D, 0x44, 0x77, 0xA6, 0xF3, 0x04, 0xF1, 0x8C, 0xBC, 0x2F, 0xF9, 0x5B, ++ 0xDB, 0x70, 0x00, 0xF6 +}; + +static const unsigned char kat_RSA_SHA256[] = { -+ 0x0D, 0x55, 0xE2, 0xAA, 0x81, 0xDB, 0x8E, 0x82, 0x05, 0x17, 0xA5, 0x23, -+ 0xE7, 0x3B, 0x1D, 0xAF, 0xFB, 0x8C, 0xD0, 0x81, 0x20, 0x7B, 0xAA, 0x23, -+ 0x92, 0x87, 0x8C, 0xD1, 0x53, 0x85, 0x16, 0xDC, 0xBE, 0xAD, 0x6F, 0x35, -+ 0x98, 0x2D, 0x69, 0x84, 0xBF, 0xD9, 0x8A, 0x01, 0x17, 0x58, 0xB2, 0x6E, -+ 0x2C, 0x44, 0x9B, 0x90, 0xF1, 0xFB, 0x51, 0xE8, 0x6A, 0x90, 0x2D, 0x18, -+ 0x0E, 0xC0, 0x90, 0x10, 0x24, 0xA9, 0x1D, 0xB3, 0x58, 0x7A, 0x91, 0x30, -+ 0xBE, 0x22, 0xC7, 0xD3, 0xEC, 0xC3, 0x09, 0x5D, 0xBF, 0xE2, 0x80, 0x3A, -+ 0x7C, 0x85, 0xB4, 0xBC, 0xD1, 0xE9, 0xF0, 0x5C, 0xDE, 0x81, 0xA6, 0x38, -+ 0xB8, 0x42, 0xBB, 0x86, 0xC5, 0x9D, 0xCE, 0x7C, 0x2C, 0xEE, 0xD1, 0xDA, -+ 0x27, 0x48, 0x2B, 0xF5, 0xAB, 0xB9, 0xF7, 0x80, 0xD1, 0x90, 0x27, 0x90, -+ 0xBD, 0x44, 0x97, 0x60, 0xCD, 0x57, 0xC0, 0x7A ++ 0xC2, 0xB1, 0x97, 0x00, 0x9A, 0xE5, 0x80, 0x6A, 0xE2, 0x51, 0x68, 0xB9, ++ 0x7A, 0x0C, 0xF2, 0xB4, 0x77, 0xED, 0x15, 0x0C, 0x4E, 0xE1, 0xDC, 0xFF, ++ 0x8E, 0xBC, 0xDE, 0xC7, 0x9A, 0x96, 0xF1, 0x47, 0x45, 0x24, 0x9D, 0x6F, ++ 0xA6, 0xF3, 0x1D, 0x0D, 0x35, 0x4C, 0x1A, 0xF3, 0x58, 0x2C, 0x6C, 0x06, ++ 0xD6, 0x22, 0x37, 0x77, 0x8C, 0x33, 0xE5, 0x07, 0x53, 0x93, 0x28, 0xCF, ++ 0x67, 0xFA, 0xC4, 0x1F, 0x1B, 0x24, 0xDB, 0x4C, 0xC5, 0x2A, 0x51, 0xA2, ++ 0x60, 0x15, 0x8C, 0x54, 0xB4, 0x30, 0xE2, 0x24, 0x47, 0x86, 0xF2, 0xF8, ++ 0x6C, 0xD6, 0x12, 0x59, 0x2C, 0x74, 0x9A, 0x37, 0xF3, 0xC4, 0xA2, 0xD5, ++ 0x4E, 0x1F, 0x77, 0xF0, 0x27, 0xCE, 0x77, 0xF8, 0x4A, 0x79, 0x03, 0xBE, ++ 0xC8, 0x06, 0x2D, 0xA7, 0xA6, 0x46, 0xF5, 0x55, 0x79, 0xD7, 0x5C, 0xC6, ++ 0x5B, 0xB1, 0x00, 0x4E, 0x7C, 0xD9, 0x11, 0x85, 0xE0, 0xB1, 0x4D, 0x2D, ++ 0x13, 0xD7, 0xAC, 0xEA, 0x64, 0xD1, 0xAC, 0x8F, 0x8D, 0x8F, 0xEA, 0x42, ++ 0x7F, 0xF9, 0xB7, 0x7D, 0x2C, 0x68, 0x49, 0x07, 0x7A, 0x74, 0xEF, 0xB4, ++ 0xC9, 0x97, 0x16, 0x5C, 0x6C, 0x6E, 0x5C, 0x09, 0x2E, 0x8E, 0x13, 0x2E, ++ 0x1A, 0x8D, 0xA6, 0x0C, 0x6E, 0x0C, 0x1C, 0x0F, 0xCC, 0xB2, 0x78, 0x8A, ++ 0x07, 0xFC, 0x5C, 0xC2, 0xF5, 0x65, 0xEC, 0xAB, 0x8B, 0x3C, 0xCA, 0x91, ++ 0x6F, 0x84, 0x7C, 0x21, 0x0E, 0xB8, 0xDA, 0x7B, 0x6C, 0xF7, 0xDF, 0xAB, ++ 0x7E, 0x15, 0xFD, 0x85, 0x0B, 0x33, 0x9B, 0x6A, 0x3A, 0xC3, 0xEF, 0x65, ++ 0x04, 0x6E, 0xB2, 0xAC, 0x98, 0xFD, 0xEB, 0x02, 0xF5, 0xC0, 0x0B, 0x5E, ++ 0xCB, 0xD4, 0x83, 0x82, 0x18, 0x1B, 0xDA, 0xB4, 0xCD, 0xE8, 0x71, 0x6B, ++ 0x1D, 0xB5, 0x4F, 0xE9, 0xD6, 0x43, 0xA0, 0x0A, 0x14, 0xA0, 0xE7, 0x5D, ++ 0x47, 0x9D, 0x18, 0xD7 +}; + +static const unsigned char kat_RSA_SHA384[] = { -+ 0x1D, 0xE3, 0x6A, 0xDD, 0x27, 0x4C, 0xC0, 0xA5, 0x27, 0xEF, 0xE6, 0x1F, -+ 0xD2, 0x91, 0x68, 0x59, 0x04, 0xAE, 0xBD, 0x99, 0x63, 0x56, 0x47, 0xC7, -+ 0x6F, 0x22, 0x16, 0x48, 0xD0, 0xF9, 0x18, 0xA9, 0xCA, 0xFA, 0x5D, 0x5C, -+ 0xA7, 0x65, 0x52, 0x8A, 0xC8, 0x44, 0x7E, 0x86, 0x5D, 0xA9, 0xA6, 0x55, -+ 0x65, 0x3E, 0xD9, 0x2D, 0x02, 0x38, 0xA8, 0x79, 0x28, 0x7F, 0xB6, 0xCF, -+ 0x82, 0xDD, 0x7E, 0x55, 0xE1, 0xB1, 0xBC, 0xE2, 0x19, 0x2B, 0x30, 0xC2, -+ 0x1B, 0x2B, 0xB0, 0x82, 0x46, 0xAC, 0x4B, 0xD1, 0xE2, 0x7D, 0xEB, 0x8C, -+ 0xFF, 0x95, 0xE9, 0x6A, 0x1C, 0x3D, 0x4D, 0xBF, 0x8F, 0x8B, 0x9C, 0xCD, -+ 0xEA, 0x85, 0xEE, 0x00, 0xDC, 0x1C, 0xA7, 0xEB, 0xD0, 0x8F, 0x99, 0xF1, -+ 0x16, 0x28, 0x24, 0x64, 0x04, 0x39, 0x2D, 0x58, 0x1E, 0x37, 0xDC, 0x04, -+ 0xBD, 0x31, 0xA2, 0x2F, 0xB3, 0x35, 0x56, 0xBF ++ 0x11, 0x5E, 0x63, 0xFE, 0x47, 0xAA, 0x6A, 0x84, 0xEB, 0x44, 0x9A, 0x00, ++ 0x96, 0x4A, 0xED, 0xD2, 0xA7, 0x67, 0x3A, 0x64, 0x82, 0x30, 0x61, 0x2D, ++ 0xE3, 0xF5, 0x49, 0x68, 0x5E, 0x60, 0xD2, 0x4D, 0xEF, 0xF2, 0xA4, 0xB2, ++ 0x9A, 0x81, 0x1D, 0x41, 0xA5, 0x73, 0x59, 0xEB, 0xBB, 0xC4, 0x9E, 0x2B, ++ 0xEB, 0xC3, 0xDE, 0x3A, 0xEA, 0xF5, 0xAD, 0xDA, 0x87, 0x08, 0x68, 0xCF, ++ 0x12, 0x9B, 0xC1, 0xE4, 0xA7, 0x71, 0xF8, 0xBD, 0x6B, 0x6F, 0x50, 0xF1, ++ 0xD1, 0xFF, 0xCE, 0x6C, 0xD9, 0xBE, 0xDA, 0x76, 0xF3, 0xEB, 0xAB, 0x9C, ++ 0x41, 0x6E, 0x4F, 0x35, 0x7A, 0x61, 0x27, 0xBC, 0x03, 0x3E, 0xAE, 0x3E, ++ 0x1B, 0xDD, 0xAC, 0xD9, 0x1A, 0xFF, 0xD3, 0xF5, 0x66, 0x43, 0x07, 0x76, ++ 0x8A, 0x69, 0x2D, 0x14, 0xB1, 0xBE, 0x55, 0x49, 0x90, 0x89, 0x4B, 0xC4, ++ 0x11, 0x67, 0xD5, 0x9D, 0xB0, 0xB2, 0xEE, 0x8D, 0x0A, 0x47, 0x4A, 0xD9, ++ 0x0E, 0xD1, 0x24, 0xF0, 0x30, 0x2B, 0xF2, 0x79, 0x47, 0xDB, 0x70, 0xB4, ++ 0x46, 0xF2, 0xF8, 0xB7, 0xB4, 0xF6, 0x34, 0x79, 0xA8, 0x2D, 0x3D, 0x56, ++ 0xD5, 0x9A, 0x60, 0x7A, 0x04, 0xC7, 0x66, 0x1D, 0xCD, 0x3C, 0xD5, 0x39, ++ 0x37, 0x12, 0x51, 0x5E, 0x9F, 0xF8, 0x1A, 0xAF, 0x13, 0xC1, 0x13, 0x00, ++ 0x35, 0xD5, 0x8D, 0x17, 0xE3, 0x02, 0x28, 0xD9, 0xEC, 0xDE, 0xD1, 0x2F, ++ 0x93, 0x49, 0x03, 0x11, 0x3E, 0x56, 0x9D, 0xC2, 0x31, 0xF8, 0xAF, 0x2D, ++ 0xD9, 0x99, 0xB7, 0x8A, 0xAC, 0x5A, 0x86, 0x20, 0x3A, 0x83, 0x29, 0x26, ++ 0x9D, 0x03, 0x52, 0x2B, 0x34, 0x56, 0x40, 0x16, 0x53, 0x50, 0x82, 0xC9, ++ 0xC7, 0xD5, 0x51, 0x4C, 0xED, 0xB3, 0xE2, 0xE1, 0xCF, 0xA8, 0xCE, 0xBD, ++ 0xB1, 0x48, 0xA6, 0x8A, 0x79, 0x17, 0x55, 0x11, 0xEF, 0xE8, 0x14, 0xF4, ++ 0x7E, 0x37, 0x1D, 0x96 +}; + +static const unsigned char kat_RSA_SHA512[] = { -+ 0x69, 0x52, 0x1B, 0x51, 0x5E, 0x06, 0xCA, 0x9B, 0x16, 0x51, 0x5D, 0xCF, -+ 0x49, 0x25, 0x4A, 0xA1, 0x6A, 0x77, 0x4C, 0x36, 0x40, 0xF8, 0xB2, 0x9A, -+ 0x15, 0xEA, 0x5C, 0xE5, 0xE6, 0x82, 0xE0, 0x86, 0x82, 0x6B, 0x32, 0xF1, -+ 0x04, 0xC1, 0x5A, 0x1A, 0xED, 0x1E, 0x9A, 0xB6, 0x4C, 0x54, 0x9F, 0xD8, -+ 0x8D, 0xCC, 0xAC, 0x8A, 0xBB, 0x9C, 0x82, 0x3F, 0xA6, 0x53, 0x62, 0xB5, -+ 0x80, 0xE2, 0xBC, 0xDD, 0x67, 0x2B, 0xD9, 0x3F, 0xE4, 0x75, 0x92, 0x6B, -+ 0xAF, 0x62, 0x7C, 0x52, 0xF0, 0xEE, 0x33, 0xDF, 0x1B, 0x1D, 0x47, 0xE6, -+ 0x59, 0x56, 0xA5, 0xB9, 0x5C, 0xE6, 0x77, 0x78, 0x16, 0x63, 0x84, 0x05, -+ 0x6F, 0x0E, 0x2B, 0x31, 0x9D, 0xF7, 0x7F, 0xB2, 0x64, 0x71, 0xE0, 0x2D, -+ 0x3E, 0x62, 0xCE, 0xB5, 0x3F, 0x88, 0xDF, 0x2D, 0xAB, 0x98, 0x65, 0x91, -+ 0xDF, 0x70, 0x14, 0xA5, 0x3F, 0x36, 0xAB, 0x84 ++ 0x35, 0x6D, 0xF1, 0x9E, 0xCF, 0xB1, 0xF6, 0x0C, 0x04, 0x21, 0x17, 0xB3, ++ 0xC4, 0x9D, 0xFE, 0x62, 0x1C, 0x1A, 0x45, 0x00, 0x2E, 0x6B, 0xB6, 0x9F, ++ 0x5C, 0xB1, 0xCB, 0xCF, 0xF9, 0x67, 0xEA, 0x62, 0x8A, 0xEB, 0x77, 0x02, ++ 0x42, 0x30, 0x88, 0xB1, 0x48, 0xDF, 0x12, 0x60, 0x6E, 0x92, 0xBB, 0x4B, ++ 0x09, 0x68, 0xD1, 0x70, 0x2B, 0x59, 0xEE, 0x57, 0x96, 0xF9, 0xEA, 0xA3, ++ 0x4C, 0xE9, 0xC9, 0xBD, 0x25, 0x34, 0x66, 0x15, 0x6C, 0xC9, 0x81, 0xD1, ++ 0x48, 0x0F, 0x33, 0x5F, 0x05, 0x4F, 0xC2, 0xC4, 0xDD, 0x09, 0x54, 0x79, ++ 0xA1, 0x57, 0x07, 0x70, 0xA0, 0x33, 0x02, 0x4D, 0x5D, 0xE9, 0x24, 0xD1, ++ 0xEF, 0xF0, 0x61, 0xD0, 0x1D, 0x41, 0xE2, 0x9B, 0x2B, 0x7C, 0xD0, 0x4E, ++ 0x55, 0xD9, 0x6D, 0xA1, 0x16, 0x9F, 0xDA, 0xC3, 0x3B, 0xF1, 0x74, 0xD1, ++ 0x99, 0xF1, 0x63, 0x57, 0xAD, 0xC7, 0x55, 0xF4, 0x97, 0x43, 0x1C, 0xED, ++ 0x1B, 0x7A, 0x32, 0xCB, 0x24, 0xA6, 0x3D, 0x93, 0x37, 0x90, 0x74, 0xEE, ++ 0xD2, 0x8D, 0x4B, 0xBC, 0x72, 0xDA, 0x25, 0x2B, 0x64, 0xE9, 0xCA, 0x69, ++ 0x36, 0xB6, 0xEC, 0x6E, 0x8F, 0x33, 0x0E, 0x74, 0x40, 0x48, 0x51, 0xE2, ++ 0x54, 0x6F, 0xAF, 0x6E, 0x36, 0x54, 0x3A, 0xEC, 0x78, 0x37, 0xE6, 0x1F, ++ 0x76, 0xA5, 0x4D, 0xA6, 0xD9, 0xB3, 0x6B, 0x17, 0x6D, 0x61, 0xFC, 0xA3, ++ 0x85, 0x4A, 0xCC, 0xDA, 0x52, 0xAC, 0x5B, 0xDA, 0x51, 0xE5, 0x7F, 0x5B, ++ 0x52, 0x8B, 0x74, 0x75, 0x99, 0x5C, 0x01, 0xFD, 0x25, 0x3E, 0xCD, 0x86, ++ 0x6F, 0x7A, 0xC0, 0xD8, 0x17, 0x6F, 0xD1, 0xD2, 0x6B, 0xAB, 0x14, 0x1F, ++ 0x3B, 0xB8, 0x15, 0x05, 0x86, 0x40, 0x36, 0xCF, 0xDA, 0x59, 0x2B, 0x9A, ++ 0xE9, 0x1E, 0x6E, 0xD3, 0x6B, 0xA1, 0x19, 0xC5, 0xE6, 0x3F, 0xE9, 0x2E, ++ 0x43, 0xA8, 0x34, 0x0A +}; + -+static const unsigned char kat_RSA_X931_SHA1[] = { -+ 0x86, 0xB4, 0x18, 0xBA, 0xD1, 0x80, 0xB6, 0x7C, 0x42, 0x45, 0x4D, 0xDF, -+ 0xE9, 0x2D, 0xE1, 0x83, 0x5F, 0xB5, 0x2F, 0xC9, 0xCD, 0xC4, 0xB2, 0x75, -+ 0x80, 0xA4, 0xF1, 0x4A, 0xE7, 0x83, 0x12, 0x1E, 0x1E, 0x14, 0xB8, 0xAC, -+ 0x35, 0xE2, 0xAA, 0x0B, 0x5C, 0xF8, 0x38, 0x4D, 0x04, 0xEE, 0xA9, 0x97, -+ 0x70, 0xFB, 0x5E, 0xE7, 0xB7, 0xE3, 0x62, 0x23, 0x4B, 0x38, 0xBE, 0xD6, -+ 0x53, 0x15, 0xF7, 0xDF, 0x87, 0xB4, 0x0E, 0xCC, 0xB1, 0x1A, 0x11, 0x19, -+ 0xEE, 0x51, 0xCC, 0x92, 0xDD, 0xBC, 0x63, 0x29, 0x63, 0x0C, 0x59, 0xD7, -+ 0x6F, 0x4C, 0x3C, 0x37, 0x5B, 0x37, 0x03, 0x61, 0x7D, 0x24, 0x1C, 0x99, -+ 0x48, 0xAF, 0x82, 0xFE, 0x32, 0x41, 0x9B, 0xB2, 0xDB, 0xEA, 0xED, 0x76, -+ 0x8E, 0x6E, 0xCA, 0x7E, 0x4E, 0x14, 0xBA, 0x30, 0x84, 0x1C, 0xB3, 0x67, -+ 0xA3, 0x29, 0x80, 0x70, 0x54, 0x68, 0x7D, 0x49 -+}; ++static int fips_rsa_encrypt_test(RSA *rsa, const unsigned char *plaintext, ++ int ptlen) ++{ ++ unsigned char *ctbuf = NULL, *ptbuf = NULL; ++ int ret = 0; ++ int len; + -+static const unsigned char kat_RSA_X931_SHA256[] = { -+ 0x7E, 0xA2, 0x77, 0xFE, 0xB8, 0x54, 0x8A, 0xC7, 0x7F, 0x64, 0x54, 0x89, -+ 0xE5, 0x52, 0x15, 0x8E, 0x52, 0x96, 0x4E, 0xA6, 0x58, 0x92, 0x1C, 0xDD, -+ 0xEA, 0xA2, 0x2D, 0x5C, 0xD1, 0x62, 0x00, 0x49, 0x05, 0x95, 0x73, 0xCF, -+ 0x16, 0x76, 0x68, 0xF6, 0xC6, 0x5E, 0x80, 0xB8, 0xB8, 0x7B, 0xC8, 0x9B, -+ 0xC6, 0x53, 0x88, 0x26, 0x20, 0x88, 0x73, 0xB6, 0x13, 0xB8, 0xF0, 0x4B, -+ 0x00, 0x85, 0xF3, 0xDD, 0x07, 0x50, 0xEB, 0x20, 0xC4, 0x38, 0x0E, 0x98, -+ 0xAD, 0x4E, 0x49, 0x2C, 0xD7, 0x65, 0xA5, 0x19, 0x0E, 0x59, 0x01, 0xEC, -+ 0x7E, 0x75, 0x89, 0x69, 0x2E, 0x63, 0x76, 0x85, 0x46, 0x8D, 0xA0, 0x8C, -+ 0x33, 0x1D, 0x82, 0x8C, 0x03, 0xEA, 0x69, 0x88, 0x35, 0xA1, 0x42, 0xBD, -+ 0x21, 0xED, 0x8D, 0xBC, 0xBC, 0xDB, 0x30, 0xFF, 0x86, 0xF0, 0x5B, 0xDC, -+ 0xE3, 0xE2, 0xE8, 0x0A, 0x0A, 0x29, 0x94, 0x80 -+}; ++ ctbuf = OPENSSL_malloc(RSA_size(rsa)); ++ if (!ctbuf) ++ goto err; + -+static const unsigned char kat_RSA_X931_SHA384[] = { -+ 0x5C, 0x7D, 0x96, 0x35, 0xEC, 0x7E, 0x11, 0x38, 0xBB, 0x7B, 0xEC, 0x7B, -+ 0xF2, 0x82, 0x8E, 0x99, 0xBD, 0xEF, 0xD8, 0xAE, 0xD7, 0x39, 0x37, 0xCB, -+ 0xE6, 0x4F, 0x5E, 0x0A, 0x13, 0xE4, 0x2E, 0x40, 0xB9, 0xBE, 0x2E, 0xE3, -+ 0xEF, 0x78, 0x83, 0x18, 0x44, 0x35, 0x9C, 0x8E, 0xD7, 0x4A, 0x63, 0xF6, -+ 0x57, 0xC2, 0xB0, 0x08, 0x51, 0x73, 0xCF, 0xCA, 0x99, 0x66, 0xEE, 0x31, -+ 0xD8, 0x69, 0xE9, 0xAB, 0x13, 0x27, 0x7B, 0x41, 0x1E, 0x6D, 0x8D, 0xF1, -+ 0x3E, 0x9C, 0x35, 0x95, 0x58, 0xDD, 0x2B, 0xD5, 0xA0, 0x60, 0x41, 0x79, -+ 0x24, 0x22, 0xE4, 0xB7, 0xBF, 0x47, 0x53, 0xF6, 0x34, 0xD5, 0x7C, 0xFF, -+ 0x0E, 0x09, 0xEE, 0x2E, 0xE2, 0x37, 0xB9, 0xDE, 0xC5, 0x12, 0x44, 0x35, -+ 0xEF, 0x01, 0xE6, 0x5E, 0x39, 0x31, 0x2D, 0x71, 0xA5, 0xDC, 0xC6, 0x6D, -+ 0xE2, 0xCD, 0x85, 0xDB, 0x73, 0x82, 0x65, 0x28 -+}; ++ len = RSA_public_encrypt(ptlen, plaintext, ctbuf, rsa, RSA_PKCS1_PADDING); ++ if (len <= 0) ++ goto err; ++ /* Check ciphertext doesn't match plaintext */ ++ if (len >= ptlen && !memcmp(plaintext, ctbuf, ptlen)) ++ goto err; + -+static const unsigned char kat_RSA_X931_SHA512[] = { -+ 0xA6, 0x65, 0xA2, 0x77, 0x4F, 0xB3, 0x86, 0xCB, 0x64, 0x3A, 0xC1, 0x63, -+ 0xFC, 0xA1, 0xAA, 0xCB, 0x9B, 0x79, 0xDD, 0x4B, 0xE1, 0xD9, 0xDA, 0xAC, -+ 0xE7, 0x47, 0x09, 0xB2, 0x11, 0x4B, 0x8A, 0xAA, 0x05, 0x9E, 0x77, 0xD7, -+ 0x3A, 0xBD, 0x5E, 0x53, 0x09, 0x4A, 0xE6, 0x0F, 0x5E, 0xF9, 0x14, 0x28, -+ 0xA0, 0x99, 0x74, 0x64, 0x70, 0x4E, 0xF2, 0xE3, 0xFA, 0xC7, 0xF8, 0xC5, -+ 0x6E, 0x2B, 0x79, 0x96, 0x0D, 0x0C, 0xC8, 0x10, 0x34, 0x53, 0xD2, 0xAF, -+ 0x17, 0x0E, 0xE0, 0xBF, 0x79, 0xF6, 0x04, 0x72, 0x10, 0xE0, 0xF6, 0xD0, -+ 0xCE, 0x8A, 0x6F, 0xA1, 0x95, 0x89, 0xBF, 0x58, 0x8F, 0x46, 0x5F, 0x09, -+ 0x9F, 0x09, 0xCA, 0x84, 0x15, 0x85, 0xE0, 0xED, 0x04, 0x2D, 0xFB, 0x7C, -+ 0x36, 0x35, 0x21, 0x31, 0xC3, 0xFD, 0x92, 0x42, 0x11, 0x30, 0x71, 0x1B, -+ 0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3 -+}; ++ ptbuf = OPENSSL_malloc(RSA_size(rsa)); ++ if (!ptbuf) ++ goto err; ++ ++ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING); ++ if (len != ptlen) ++ goto err; ++ if (memcmp(ptbuf, plaintext, len)) ++ goto err; ++ ++ ret = 1; ++ ++ err: ++ if (ctbuf) ++ OPENSSL_free(ctbuf); ++ if (ptbuf) ++ OPENSSL_free(ptbuf); ++ return ret; ++} + +int FIPS_selftest_rsa() +{ @@ -10823,11 +9933,14 @@ diff -up openssl-1.0.2h/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.2h/cryp + + if ((key = RSA_new()) == NULL) + goto err; -+ setrsakey(key); ++ ++ if (!setrsakey(key)) ++ goto err; ++ + if ((pk = EVP_PKEY_new()) == NULL) + goto err; + -+ EVP_PKEY_assign_RSA(pk, key); ++ EVP_PKEY_set1_RSA(pk, key); + + if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, + kat_RSA_SHA1, sizeof(kat_RSA_SHA1), @@ -10881,29 +9994,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.2h/cryp + EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA512 PSS")) + goto err; + -+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, -+ kat_RSA_X931_SHA1, -+ sizeof(kat_RSA_X931_SHA1), EVP_sha1(), -+ EVP_MD_CTX_FLAG_PAD_X931, "RSA SHA1 X931")) -+ goto err; -+ /* NB: SHA224 not supported in X9.31 */ -+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, -+ kat_RSA_X931_SHA256, -+ sizeof(kat_RSA_X931_SHA256), EVP_sha256(), -+ EVP_MD_CTX_FLAG_PAD_X931, -+ "RSA SHA256 X931")) -+ goto err; -+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, -+ kat_RSA_X931_SHA384, -+ sizeof(kat_RSA_X931_SHA384), EVP_sha384(), -+ EVP_MD_CTX_FLAG_PAD_X931, -+ "RSA SHA384 X931")) -+ goto err; -+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1, -+ kat_RSA_X931_SHA512, -+ sizeof(kat_RSA_X931_SHA512), EVP_sha512(), -+ EVP_MD_CTX_FLAG_PAD_X931, -+ "RSA SHA512 X931")) ++ if (!fips_rsa_encrypt_test(key, kat_tbs, sizeof(kat_tbs) - 1)) + goto err; + + ret = 1; @@ -10911,293 +10002,16 @@ diff -up openssl-1.0.2h/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.2h/cryp + err: + if (pk) + EVP_PKEY_free(pk); -+ else if (key) ++ if (key) + RSA_free(key); + return ret; +} + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.0.2h/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.2h/crypto/fips/fips_rsa_x931g.c ---- openssl-1.0.2h/crypto/fips/fips_rsa_x931g.c.fips 2016-05-03 16:57:58.831321228 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_rsa_x931g.c 2016-05-03 16:57:58.831321228 +0200 -@@ -0,0 +1,273 @@ -+/* crypto/rsa/rsa_gen.c */ -+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -+ * All rights reserved. -+ * -+ * This package is an SSL implementation written -+ * by Eric Young (eay@cryptsoft.com). -+ * The implementation was written so as to conform with Netscapes SSL. -+ * -+ * This library is free for commercial and non-commercial use as long as -+ * the following conditions are aheared to. The following conditions -+ * apply to all code found in this distribution, be it the RC4, RSA, -+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation -+ * included with this distribution is covered by the same copyright terms -+ * except that the holder is Tim Hudson (tjh@cryptsoft.com). -+ * -+ * Copyright remains Eric Young's, and as such any Copyright notices in -+ * the code are not to be removed. -+ * If this package is used in a product, Eric Young should be given attribution -+ * as the author of the parts of the library used. -+ * This can be in the form of a textual message at program startup or -+ * in documentation (online or textual) provided with the package. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#ifdef OPENSSL_FIPS -+# include -+ -+extern int fips_check_rsa(RSA *rsa); -+#endif -+ -+/* X9.31 RSA key derivation and generation */ -+ -+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, -+ BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, -+ const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, -+ const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb) -+{ -+ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL; -+ BN_CTX *ctx = NULL, *ctx2 = NULL; -+ -+ if (!rsa) -+ goto err; -+ -+ ctx = BN_CTX_new(); -+ if (!ctx) -+ goto err; -+ BN_CTX_start(ctx); -+ -+ r0 = BN_CTX_get(ctx); -+ r1 = BN_CTX_get(ctx); -+ r2 = BN_CTX_get(ctx); -+ r3 = BN_CTX_get(ctx); -+ -+ if (r3 == NULL) -+ goto err; -+ if (!rsa->e) { -+ rsa->e = BN_dup(e); -+ if (!rsa->e) -+ goto err; -+ } else -+ e = rsa->e; -+ -+ /* If not all parameters present only calculate what we can. -+ * This allows test programs to output selective parameters. -+ */ -+ -+ if (Xp && !rsa->p) { -+ rsa->p = BN_new(); -+ if (!rsa->p) -+ goto err; -+ -+ if (!BN_X931_derive_prime_ex(rsa->p, p1, p2, -+ Xp, Xp1, Xp2, e, ctx, cb)) -+ goto err; -+ } -+ -+ if (Xq && !rsa->q) { -+ rsa->q = BN_new(); -+ if (!rsa->q) -+ goto err; -+ if (!BN_X931_derive_prime_ex(rsa->q, q1, q2, -+ Xq, Xq1, Xq2, e, ctx, cb)) -+ goto err; -+ } -+ -+ if (!rsa->p || !rsa->q) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ return 2; -+ } -+ -+ /* Since both primes are set we can now calculate all remaining -+ * components. -+ */ -+ -+ /* calculate n */ -+ rsa->n = BN_new(); -+ if (rsa->n == NULL) -+ goto err; -+ if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) -+ goto err; -+ -+ /* calculate d */ -+ if (!BN_sub(r1, rsa->p, BN_value_one())) -+ goto err; /* p-1 */ -+ if (!BN_sub(r2, rsa->q, BN_value_one())) -+ goto err; /* q-1 */ -+ if (!BN_mul(r0, r1, r2, ctx)) -+ goto err; /* (p-1)(q-1) */ -+ -+ if (!BN_gcd(r3, r1, r2, ctx)) -+ goto err; -+ -+ if (!BN_div(r0, NULL, r0, r3, ctx)) -+ goto err; /* LCM((p-1)(q-1)) */ -+ -+ ctx2 = BN_CTX_new(); -+ if (!ctx2) -+ goto err; -+ -+ rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */ -+ if (rsa->d == NULL) -+ goto err; -+ -+ /* calculate d mod (p-1) */ -+ rsa->dmp1 = BN_new(); -+ if (rsa->dmp1 == NULL) -+ goto err; -+ if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx)) -+ goto err; -+ -+ /* calculate d mod (q-1) */ -+ rsa->dmq1 = BN_new(); -+ if (rsa->dmq1 == NULL) -+ goto err; -+ if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx)) -+ goto err; -+ -+ /* calculate inverse of q mod p */ -+ rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2); -+ -+ err: -+ if (ctx) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ if (ctx2) -+ BN_CTX_free(ctx2); -+ /* If this is set all calls successful */ -+ if (rsa && rsa->iqmp != NULL) -+ return 1; -+ -+ return 0; -+ -+} -+ -+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, -+ BN_GENCB *cb) -+{ -+ int ok = 0; -+ BIGNUM *Xp = NULL, *Xq = NULL; -+ BN_CTX *ctx = NULL; -+ -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && -+ (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { -+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX, FIPS_R_KEY_TOO_SHORT); -+ return 0; -+ } -+ -+ if (bits & 0xff) { -+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX, FIPS_R_INVALID_KEY_LENGTH); -+ return 0; -+ } -+ -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX, FIPS_R_FIPS_SELFTEST_FAILED); -+ return 0; -+ } -+#endif -+ -+ ctx = BN_CTX_new(); -+ if (!ctx) -+ goto error; -+ -+ BN_CTX_start(ctx); -+ Xp = BN_CTX_get(ctx); -+ Xq = BN_CTX_get(ctx); -+ if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx)) -+ goto error; -+ -+ rsa->p = BN_new(); -+ rsa->q = BN_new(); -+ if (!rsa->p || !rsa->q) -+ goto error; -+ -+ /* Generate two primes from Xp, Xq */ -+ -+ if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp, -+ e, ctx, cb)) -+ goto error; -+ -+ if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq, -+ e, ctx, cb)) -+ goto error; -+ -+ /* Since rsa->p and rsa->q are valid this call will just derive -+ * remaining RSA components. -+ */ -+ -+ if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL, -+ NULL, NULL, NULL, NULL, NULL, NULL, e, cb)) -+ goto error; -+ -+#ifdef OPENSSL_FIPS -+ if (!fips_check_rsa(rsa)) -+ goto error; -+#endif -+ -+ ok = 1; -+ -+ error: -+ if (ctx) { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } -+ -+ if (ok) -+ return 1; -+ -+ return 0; -+ -+} -diff -up openssl-1.0.2h/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.2h/crypto/fips/fips_sha_selftest.c ---- openssl-1.0.2h/crypto/fips/fips_sha_selftest.c.fips 2016-05-03 16:57:58.831321228 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_sha_selftest.c 2016-05-03 16:57:58.831321228 +0200 -@@ -0,0 +1,145 @@ +diff -up openssl-1.1.0h/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_sha_selftest.c +--- openssl-1.1.0h/crypto/fips/fips_sha_selftest.c.fips 2018-03-29 14:44:24.636236877 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_sha_selftest.c 2018-03-29 14:44:24.636236877 +0200 +@@ -0,0 +1,138 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * @@ -11271,13 +10085,6 @@ diff -up openssl-1.0.2h/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.2h/cryp + 0x4a, 0xa1, 0xf9, 0x51, 0x29, 0xe5, 0xe5, 0x46, 0x70, 0xf1}, +}; + -+static int corrupt_sha; -+ -+void FIPS_corrupt_sha1() -+{ -+ corrupt_sha = 1; -+} -+ +int FIPS_selftest_sha1() +{ + int n; @@ -11285,7 +10092,7 @@ diff -up openssl-1.0.2h/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.2h/cryp + for (n = 0; n < sizeof(test) / sizeof(test[0]); ++n) { + unsigned char md[SHA_DIGEST_LENGTH]; + -+ EVP_Digest(test[n], strlen(test[n]) + corrupt_sha, md, NULL, ++ EVP_Digest(test[n], strlen(test[n]), md, NULL, + EVP_sha1(), NULL); + if (memcmp(md, ret[n], sizeof md)) { + FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1, FIPS_R_SELFTEST_FAILED); @@ -11329,13 +10136,13 @@ diff -up openssl-1.0.2h/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.2h/cryp + + EVP_Digest(msg_sha256, sizeof(msg_sha256), md, NULL, EVP_sha256(), NULL); + if (memcmp(dig_sha256, md, sizeof(dig_sha256))) { -+ FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED); ++ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA2, FIPS_R_SELFTEST_FAILED); + return 0; + } + + EVP_Digest(msg_sha512, sizeof(msg_sha512), md, NULL, EVP_sha512(), NULL); + if (memcmp(dig_sha512, md, sizeof(dig_sha512))) { -+ FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED); ++ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA2, FIPS_R_SELFTEST_FAILED); + return 0; + } + @@ -11343,10 +10150,10 @@ diff -up openssl-1.0.2h/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.2h/cryp +} + +#endif -diff -up openssl-1.0.2h/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.2h/crypto/fips/fips_standalone_hmac.c ---- openssl-1.0.2h/crypto/fips/fips_standalone_hmac.c.fips 2016-05-03 16:57:58.831321228 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_standalone_hmac.c 2016-05-03 16:57:58.831321228 +0200 -@@ -0,0 +1,268 @@ +diff -up openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c +--- openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c.fips 2018-03-29 14:44:24.636236877 +0200 ++++ openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c 2018-03-29 14:44:24.636236877 +0200 +@@ -0,0 +1,127 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * @@ -11400,163 +10207,8 @@ diff -up openssl-1.0.2h/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.2h/c +#include +#include +#include -+#include +#include -+ -+#ifndef FIPSCANISTER_O -+int FIPS_selftest_failed() -+{ -+ return 0; -+} -+ -+void FIPS_selftest_check() -+{ -+} -+#endif -+ -+#ifdef OPENSSL_FIPS -+int bn_mul_mont_fpu64(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, -+ const BN_ULONG *np, const BN_ULONG *n0, int num) -+{ -+ return 0; -+}; -+ -+int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, -+ const BN_ULONG *np, const BN_ULONG *n0, int num) -+{ -+ return 0; -+}; -+ -+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ -+ defined(__INTEL__) || \ -+ defined(__x86_64) || defined(__x86_64__) || \ -+ defined(_M_AMD64) || defined(_M_X64) -+ -+unsigned int OPENSSL_ia32cap_P[4]; -+unsigned long *OPENSSL_ia32cap_loc(void) -+{ -+ if (sizeof(long) == 4) -+ /* -+ * If 32-bit application pulls address of OPENSSL_ia32cap_P[0] -+ * clear second element to maintain the illusion that vector -+ * is 32-bit. -+ */ -+ OPENSSL_ia32cap_P[1] = 0; -+ -+ OPENSSL_ia32cap_P[2] = 0; -+ -+ return (unsigned long *)OPENSSL_ia32cap_P; -+} -+ -+# if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) -+# define OPENSSL_CPUID_SETUP -+# if defined(_WIN32) -+typedef unsigned __int64 IA32CAP; -+# else -+typedef unsigned long long IA32CAP; -+# endif -+void OPENSSL_cpuid_setup(void) -+{ -+ static int trigger = 0; -+ IA32CAP OPENSSL_ia32_cpuid(unsigned int *); -+ IA32CAP vec; -+ char *env; -+ -+ if (trigger) -+ return; -+ -+ trigger = 1; -+ if ((env = getenv("OPENSSL_ia32cap"))) { -+ int off = (env[0] == '~') ? 1 : 0; -+# if defined(_WIN32) -+ if (!sscanf(env + off, "%I64i", &vec)) -+ vec = strtoul(env + off, NULL, 0); -+# else -+ if (!sscanf(env + off, "%lli", (long long *)&vec)) -+ vec = strtoul(env + off, NULL, 0); -+# endif -+ if (off) -+ vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~vec; -+ else if (env[0] == ':') -+ vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P); -+ -+ OPENSSL_ia32cap_P[2] = 0; -+ if ((env = strchr(env, ':'))) { -+ unsigned int vecx; -+ env++; -+ off = (env[0] == '~') ? 1 : 0; -+ vecx = strtoul(env + off, NULL, 0); -+ if (off) -+ OPENSSL_ia32cap_P[2] &= ~vecx; -+ else -+ OPENSSL_ia32cap_P[2] = vecx; -+ } -+ } else -+ vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P); -+ -+ /* -+ * |(1<<10) sets a reserved bit to signal that variable -+ * was initialized already... This is to avoid interference -+ * with cpuid snippets in ELF .init segment. -+ */ -+ OPENSSL_ia32cap_P[0] = (unsigned int)vec | (1 << 10); -+ OPENSSL_ia32cap_P[1] = (unsigned int)(vec >> 32); -+} -+# else -+unsigned int OPENSSL_ia32cap_P[4]; -+# endif -+ -+# else -+unsigned long *OPENSSL_ia32cap_loc(void) -+{ -+ return NULL; -+} -+# endif -+int OPENSSL_NONPIC_relocated = 0; -+# if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ) -+void OPENSSL_cpuid_setup(void) -+{ -+} -+# endif -+ -+static void hmac_init(SHA256_CTX *md_ctx, SHA256_CTX *o_ctx, const char *key) -+{ -+ size_t len = strlen(key); -+ int i; -+ unsigned char keymd[HMAC_MAX_MD_CBLOCK]; -+ unsigned char pad[HMAC_MAX_MD_CBLOCK]; -+ -+ if (len > SHA_CBLOCK) { -+ SHA256_Init(md_ctx); -+ SHA256_Update(md_ctx, key, len); -+ SHA256_Final(keymd, md_ctx); -+ len = SHA256_DIGEST_LENGTH; -+ } else -+ memcpy(keymd, key, len); -+ memset(&keymd[len], '\0', HMAC_MAX_MD_CBLOCK - len); -+ -+ for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) -+ pad[i] = 0x36 ^ keymd[i]; -+ SHA256_Init(md_ctx); -+ SHA256_Update(md_ctx, pad, SHA256_CBLOCK); -+ -+ for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) -+ pad[i] = 0x5c ^ keymd[i]; -+ SHA256_Init(o_ctx); -+ SHA256_Update(o_ctx, pad, SHA256_CBLOCK); -+} -+ -+static void hmac_final(unsigned char *md, SHA256_CTX *md_ctx, -+ SHA256_CTX *o_ctx) -+{ -+ unsigned char buf[SHA256_DIGEST_LENGTH]; -+ -+ SHA256_Final(buf, md_ctx); -+ SHA256_Update(o_ctx, buf, sizeof buf); -+ SHA256_Final(md, o_ctx); -+} -+ -+#endif ++#include + +int main(int argc, char **argv) +{ @@ -11577,16 +10229,24 @@ diff -up openssl-1.0.2h/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.2h/c + + for (; n < argc; ++n) { + FILE *f = fopen(argv[n], "rb"); -+ SHA256_CTX md_ctx, o_ctx; -+ unsigned char md[SHA256_DIGEST_LENGTH]; -+ int i; ++ HMAC_CTX *hmac_ctx; ++ unsigned char mac[EVP_MAX_MD_SIZE]; ++ unsigned int len; ++ unsigned int i; + + if (!f) { + perror(argv[n]); + exit(2); + } ++ hmac_ctx = HMAC_CTX_new(); ++ if (!hmac_ctx) ++ exit(3); ++ ++ if (HMAC_Init_ex(hmac_ctx, key, strlen(key), EVP_sha256(), NULL) <= 0) { ++ fprintf(stderr, "HMAC SHA256 initialization failed.\n"); ++ exit(4); ++ } + -+ hmac_init(&md_ctx, &o_ctx, key); + for (;;) { + char buf[1024]; + size_t l = fread(buf, 1, sizeof buf, f); @@ -11598,1163 +10258,204 @@ diff -up openssl-1.0.2h/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.2h/c + } else + break; + } -+ SHA256_Update(&md_ctx, buf, l); ++ if (HMAC_Update(hmac_ctx, buf, l) <= 0) { ++ fprintf(stderr, "HMAC_Update() failed.\n"); ++ exit(4); ++ } ++ } ++ if (HMAC_Final(hmac_ctx, mac, &len) <= 0) { ++ fprintf(stderr, "HMAC_Final() failed.\n"); ++ exit(4); + } -+ hmac_final(md, &md_ctx, &o_ctx); + + if (binary) { -+ fwrite(md, SHA256_DIGEST_LENGTH, 1, stdout); ++ fwrite(mac, len, 1, stdout); + break; /* ... for single(!) file */ + } + +/* printf("HMAC-SHA1(%s)= ",argv[n]); */ -+ for (i = 0; i < SHA256_DIGEST_LENGTH; ++i) -+ printf("%02x", md[i]); ++ for (i = 0; i < len; ++i) ++ printf("%02x", mac[i]); + printf("\n"); + } +#endif + return 0; +} -diff -up openssl-1.0.2h/crypto/fips/fips_test_suite.c.fips openssl-1.0.2h/crypto/fips/fips_test_suite.c ---- openssl-1.0.2h/crypto/fips/fips_test_suite.c.fips 2016-05-03 16:57:58.832321252 +0200 -+++ openssl-1.0.2h/crypto/fips/fips_test_suite.c 2016-05-03 16:57:58.832321252 +0200 -@@ -0,0 +1,639 @@ -+/* ==================================================================== -+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. -+ * -+ * -+ * This command is intended as a test driver for the FIPS-140 testing -+ * lab performing FIPS-140 validation. It demonstrates the use of the -+ * OpenSSL library ito perform a variety of common cryptographic -+ * functions. A power-up self test is demonstrated by deliberately -+ * pointing to an invalid executable hash -+ * -+ * Contributed by Steve Marquess. -+ * -+ */ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+#include -+#include -+ -+#ifndef OPENSSL_FIPS -+int main(int argc, char *argv[]) -+{ -+ printf("No FIPS support\n"); -+ return (0); -+} -+#else -+ -+# include -+# include "fips_utl.h" -+ -+/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext -+*/ -+static int FIPS_aes_test(void) -+{ -+ int ret = 0; -+ unsigned char pltmp[16]; -+ unsigned char citmp[16]; -+ unsigned char key[16] = -+ { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 }; -+ unsigned char plaintext[16] = "etaonrishdlcu"; -+ EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX_init(&ctx); -+ if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(), NULL, key, NULL, 1) <= 0) -+ goto err; -+ EVP_Cipher(&ctx, citmp, plaintext, 16); -+ if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(), NULL, key, NULL, 0) <= 0) -+ goto err; -+ EVP_Cipher(&ctx, pltmp, citmp, 16); -+ if (memcmp(pltmp, plaintext, 16)) -+ goto err; -+ ret = 1; -+ err: -+ EVP_CIPHER_CTX_cleanup(&ctx); -+ return ret; -+} -+ -+static int FIPS_des3_test(void) -+{ -+ int ret = 0; -+ unsigned char pltmp[8]; -+ unsigned char citmp[8]; -+ unsigned char key[] = -+ { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, -+ 19, 20, 21, 22, 23, 24 -+ }; -+ unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' }; -+ EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX_init(&ctx); -+ if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(), NULL, key, NULL, 1) <= 0) -+ goto err; -+ EVP_Cipher(&ctx, citmp, plaintext, 8); -+ if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(), NULL, key, NULL, 0) <= 0) -+ goto err; -+ EVP_Cipher(&ctx, pltmp, citmp, 8); -+ if (memcmp(pltmp, plaintext, 8)) -+ goto err; -+ ret = 1; -+ err: -+ EVP_CIPHER_CTX_cleanup(&ctx); -+ return ret; -+} -+ -+/* -+ * DSA: generate keys and sign, verify input plaintext. -+ */ -+static int FIPS_dsa_test(int bad) -+{ -+ DSA *dsa = NULL; -+ EVP_PKEY pk; -+ unsigned char dgst[] = "etaonrishdlc"; -+ unsigned char buf[60]; -+ unsigned int slen; -+ int r = 0; -+ EVP_MD_CTX mctx; -+ -+ ERR_clear_error(); -+ EVP_MD_CTX_init(&mctx); -+ dsa = DSA_new(); -+ if (!dsa) -+ goto end; -+ if (!DSA_generate_parameters_ex(dsa, 1024, NULL, 0, NULL, NULL, NULL)) -+ goto end; -+ if (!DSA_generate_key(dsa)) -+ goto end; -+ if (bad) -+ BN_add_word(dsa->pub_key, 1); -+ -+ pk.type = EVP_PKEY_DSA; -+ pk.pkey.dsa = dsa; -+ -+ if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL)) -+ goto end; -+ if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1)) -+ goto end; -+ if (!EVP_SignFinal(&mctx, buf, &slen, &pk)) -+ goto end; -+ -+ if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL)) -+ goto end; -+ if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1)) -+ goto end; -+ r = EVP_VerifyFinal(&mctx, buf, slen, &pk); -+ end: -+ EVP_MD_CTX_cleanup(&mctx); -+ if (dsa) -+ DSA_free(dsa); -+ if (r != 1) -+ return 0; -+ return 1; -+} -+ -+/* -+ * RSA: generate keys and sign, verify input plaintext. -+ */ -+static int FIPS_rsa_test(int bad) -+{ -+ RSA *key; -+ unsigned char input_ptext[] = "etaonrishdlc"; -+ unsigned char buf[256]; -+ unsigned int slen; -+ BIGNUM *bn; -+ EVP_MD_CTX mctx; -+ EVP_PKEY pk; -+ int r = 0; -+ -+ ERR_clear_error(); -+ EVP_MD_CTX_init(&mctx); -+ key = RSA_new(); -+ bn = BN_new(); -+ if (!key || !bn) -+ return 0; -+ BN_set_word(bn, 65537); -+ if (!RSA_generate_key_ex(key, 1024, bn, NULL)) -+ return 0; -+ BN_free(bn); -+ if (bad) -+ BN_add_word(key->n, 1); -+ -+ pk.type = EVP_PKEY_RSA; -+ pk.pkey.rsa = key; -+ -+ if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL)) -+ goto end; -+ if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) -+ goto end; -+ if (!EVP_SignFinal(&mctx, buf, &slen, &pk)) -+ goto end; -+ -+ if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL)) -+ goto end; -+ if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) -+ goto end; -+ r = EVP_VerifyFinal(&mctx, buf, slen, &pk); -+ end: -+ EVP_MD_CTX_cleanup(&mctx); -+ if (key) -+ RSA_free(key); -+ if (r != 1) -+ return 0; -+ return 1; -+} -+ -+/* SHA1: generate hash of known digest value and compare to known -+ precomputed correct hash -+*/ -+static int FIPS_sha1_test() -+{ -+ unsigned char digest[SHA_DIGEST_LENGTH] = -+ { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, -+0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 }; -+ unsigned char str[] = "etaonrishd"; -+ -+ unsigned char md[SHA_DIGEST_LENGTH]; -+ -+ ERR_clear_error(); -+ if (!EVP_Digest(str, sizeof(str) - 1, md, NULL, EVP_sha1(), NULL)) -+ return 0; -+ if (memcmp(md, digest, sizeof(md))) -+ return 0; -+ return 1; -+} -+ -+/* SHA256: generate hash of known digest value and compare to known -+ precomputed correct hash -+*/ -+static int FIPS_sha256_test() -+{ -+ unsigned char digest[SHA256_DIGEST_LENGTH] = -+ { 0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, -+0x68, 0xc0, 0xea, 0x40, 0x91, -+ 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, -+ 0x50, 0x4f, 0x47, 0x57 -+ }; -+ unsigned char str[] = "etaonrishd"; -+ -+ unsigned char md[SHA256_DIGEST_LENGTH]; -+ -+ ERR_clear_error(); -+ if (!EVP_Digest(str, sizeof(str) - 1, md, NULL, EVP_sha256(), NULL)) -+ return 0; -+ if (memcmp(md, digest, sizeof(md))) -+ return 0; -+ return 1; -+} -+ -+/* SHA512: generate hash of known digest value and compare to known -+ precomputed correct hash -+*/ -+static int FIPS_sha512_test() -+{ -+ unsigned char digest[SHA512_DIGEST_LENGTH] = -+ { 0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, -+0x94, 0x71, 0x64, 0x28, 0xca, -+ 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, -+ 0xd0, 0xe7, 0x0b, 0x94, 0x4a, -+ 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, -+ 0x24, 0xb1, 0xd9, 0x40, 0x22, -+ 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, -+ 0xeb, 0x2d, 0x42, 0x1d, 0xa3 -+ }; -+ unsigned char str[] = "etaonrishd"; -+ -+ unsigned char md[SHA512_DIGEST_LENGTH]; -+ -+ ERR_clear_error(); -+ if (!EVP_Digest(str, sizeof(str) - 1, md, NULL, EVP_sha512(), NULL)) -+ return 0; -+ if (memcmp(md, digest, sizeof(md))) -+ return 0; -+ return 1; -+} -+ -+/* HMAC-SHA1: generate hash of known digest value and compare to known -+ precomputed correct hash -+*/ -+static int FIPS_hmac_sha1_test() -+{ -+ unsigned char key[] = "etaonrishd"; -+ unsigned char iv[] = "Sample text"; -+ unsigned char kaval[EVP_MAX_MD_SIZE] = -+ { 0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, -+0x56, 0x1b, 0x61, 0x2e, 0x70, -+ 0xb2, 0xfb, 0xec, 0xc6 -+ }; -+ -+ unsigned char out[EVP_MAX_MD_SIZE]; -+ unsigned int outlen; -+ -+ ERR_clear_error(); -+ if (!HMAC -+ (EVP_sha1(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out, &outlen)) -+ return 0; -+ if (memcmp(out, kaval, outlen)) -+ return 0; -+ return 1; -+} -+ -+/* HMAC-SHA224: generate hash of known digest value and compare to known -+ precomputed correct hash -+*/ -+static int FIPS_hmac_sha224_test() -+{ -+ unsigned char key[] = "etaonrishd"; -+ unsigned char iv[] = "Sample text"; -+ unsigned char kaval[EVP_MAX_MD_SIZE] = -+ { 0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, -+0x1c, 0xb2, 0xf0, 0x20, 0x35, -+ 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19 -+ }; -+ -+ unsigned char out[EVP_MAX_MD_SIZE]; -+ unsigned int outlen; -+ -+ ERR_clear_error(); -+ if (!HMAC -+ (EVP_sha224(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out, -+ &outlen)) -+ return 0; -+ if (memcmp(out, kaval, outlen)) -+ return 0; -+ return 1; -+} -+ -+/* HMAC-SHA256: generate hash of known digest value and compare to known -+ precomputed correct hash -+*/ -+static int FIPS_hmac_sha256_test() -+{ -+ unsigned char key[] = "etaonrishd"; -+ unsigned char iv[] = "Sample text"; -+ unsigned char kaval[EVP_MAX_MD_SIZE] = -+ { 0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, -+0x02, 0xf5, 0x72, 0x33, 0x87, -+ 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, -+ 0x51, 0xff, 0xda, 0x24, 0xf4 -+ }; -+ -+ unsigned char out[EVP_MAX_MD_SIZE]; -+ unsigned int outlen; -+ -+ ERR_clear_error(); -+ if (!HMAC -+ (EVP_sha256(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out, -+ &outlen)) -+ return 0; -+ if (memcmp(out, kaval, outlen)) -+ return 0; -+ return 1; -+} -+ -+/* HMAC-SHA384: generate hash of known digest value and compare to known -+ precomputed correct hash -+*/ -+static int FIPS_hmac_sha384_test() -+{ -+ unsigned char key[] = "etaonrishd"; -+ unsigned char iv[] = "Sample text"; -+ unsigned char kaval[EVP_MAX_MD_SIZE] = -+ { 0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, -+0x26, 0x99, 0xef, 0x3b, 0x10, -+ 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, -+ 0xac, 0xb0, 0x07, 0x39, 0x08, -+ 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, -+ 0xf3, 0xb8, 0x9b, 0x88, 0x1c -+ }; -+ -+ unsigned char out[EVP_MAX_MD_SIZE]; -+ unsigned int outlen; -+ -+ ERR_clear_error(); -+ if (!HMAC -+ (EVP_sha384(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out, -+ &outlen)) -+ return 0; -+ if (memcmp(out, kaval, outlen)) -+ return 0; -+ return 1; -+} -+ -+/* HMAC-SHA512: generate hash of known digest value and compare to known -+ precomputed correct hash -+*/ -+static int FIPS_hmac_sha512_test() -+{ -+ unsigned char key[] = "etaonrishd"; -+ unsigned char iv[] = "Sample text"; -+ unsigned char kaval[EVP_MAX_MD_SIZE] = -+ { 0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, -+0x77, 0x59, 0x85, 0xa9, 0xe6, -+ 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, -+ 0xad, 0x7e, 0x24, 0xca, 0xb1, -+ 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, -+ 0x6b, 0x61, 0x7f, 0xeb, 0x9c, -+ 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, -+ 0x3d, 0xa6, 0xd9, 0x2a, 0x53 -+ }; -+ -+ unsigned char out[EVP_MAX_MD_SIZE]; -+ unsigned int outlen; -+ -+ ERR_clear_error(); -+ if (!HMAC -+ (EVP_sha512(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out, -+ &outlen)) -+ return 0; -+ if (memcmp(out, kaval, outlen)) -+ return 0; -+ return 1; -+} -+ -+/* DH: generate shared parameters -+*/ -+static int dh_test() -+{ -+ DH *dh; -+ ERR_clear_error(); -+ dh = FIPS_dh_new(); -+ if (!dh) -+ return 0; -+ if (!DH_generate_parameters_ex(dh, 1024, 2, NULL)) -+ return 0; -+ FIPS_dh_free(dh); -+ return 1; -+} -+ -+/* Zeroize -+*/ -+static int Zeroize() -+{ -+ RSA *key; -+ BIGNUM *bn; -+ unsigned char userkey[16] = -+ { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, -+0x83, 0x02, 0xb1, 0x09, 0x68 }; -+ int i, n; -+ -+ key = FIPS_rsa_new(); -+ bn = BN_new(); -+ if (!key || !bn) -+ return 0; -+ BN_set_word(bn, 65537); -+ if (!RSA_generate_key_ex(key, 1024, bn, NULL)) -+ return 0; -+ BN_free(bn); -+ -+ n = BN_num_bytes(key->d); -+ printf(" Generated %d byte RSA private key\n", n); -+ printf("\tBN key before overwriting:\n"); -+ do_bn_print(stdout, key->d); -+ BN_rand(key->d, n * 8, -1, 0); -+ printf("\tBN key after overwriting:\n"); -+ do_bn_print(stdout, key->d); -+ -+ printf("\tchar buffer key before overwriting: \n\t\t"); -+ for (i = 0; i < sizeof(userkey); i++) -+ printf("%02x", userkey[i]); -+ printf("\n"); -+ RAND_bytes(userkey, sizeof userkey); -+ printf("\tchar buffer key after overwriting: \n\t\t"); -+ for (i = 0; i < sizeof(userkey); i++) -+ printf("%02x", userkey[i]); -+ printf("\n"); -+ -+ return 1; -+} -+ -+static int Error; -+const char *Fail(const char *msg) -+{ -+ do_print_errors(); -+ Error++; -+ return msg; -+} -+ -+int main(int argc, char **argv) -+{ -+ -+ int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0; -+ int bad_rsa = 0, bad_dsa = 0; -+ int do_rng_stick = 0; -+ int no_exit = 0; -+ -+ printf("\tFIPS-mode test application\n\n"); -+ -+ /* Load entropy from external file, if any */ -+ RAND_load_file(".rnd", 1024); -+ -+ if (argv[1]) { -+ /* Corrupted KAT tests */ -+ if (!strcmp(argv[1], "aes")) { -+ FIPS_corrupt_aes(); -+ printf("AES encryption/decryption with corrupted KAT...\n"); -+ } else if (!strcmp(argv[1], "des")) { -+ FIPS_corrupt_des(); -+ printf("DES3-ECB encryption/decryption with corrupted KAT...\n"); -+ } else if (!strcmp(argv[1], "dsa")) { -+ FIPS_corrupt_dsa(); -+ printf -+ ("DSA key generation and signature validation with corrupted KAT...\n"); -+ } else if (!strcmp(argv[1], "rsa")) { -+ FIPS_corrupt_rsa(); -+ printf -+ ("RSA key generation and signature validation with corrupted KAT...\n"); -+ } else if (!strcmp(argv[1], "rsakey")) { -+ printf -+ ("RSA key generation and signature validation with corrupted key...\n"); -+ bad_rsa = 1; -+ no_exit = 1; -+ } else if (!strcmp(argv[1], "rsakeygen")) { -+ do_corrupt_rsa_keygen = 1; -+ no_exit = 1; -+ printf -+ ("RSA key generation and signature validation with corrupted keygen...\n"); -+ } else if (!strcmp(argv[1], "dsakey")) { -+ printf -+ ("DSA key generation and signature validation with corrupted key...\n"); -+ bad_dsa = 1; -+ no_exit = 1; -+ } else if (!strcmp(argv[1], "dsakeygen")) { -+ do_corrupt_dsa_keygen = 1; -+ no_exit = 1; -+ printf -+ ("DSA key generation and signature validation with corrupted keygen...\n"); -+ } else if (!strcmp(argv[1], "sha1")) { -+ FIPS_corrupt_sha1(); -+ printf("SHA-1 hash with corrupted KAT...\n"); -+ } else if (!strcmp(argv[1], "rng")) { -+ FIPS_corrupt_rng(); -+ } else if (!strcmp(argv[1], "rngstick")) { -+ do_rng_stick = 1; -+ no_exit = 1; -+ printf("RNG test with stuck continuous test...\n"); -+ } else { -+ printf("Bad argument \"%s\"\n", argv[1]); -+ exit(1); -+ } -+ if (!no_exit) { -+ if (!FIPS_mode_set(1)) { -+ do_print_errors(); -+ printf("Power-up self test failed\n"); -+ exit(1); -+ } -+ printf("Power-up self test successful\n"); -+ exit(0); -+ } -+ } -+ -+ /* Non-Approved cryptographic operation -+ */ -+ printf("1. Non-Approved cryptographic operation test...\n"); -+ printf("\ta. Included algorithm (D-H)..."); -+ printf(dh_test()? "successful\n" : Fail("FAILED!\n")); -+ -+ /* Power-up self test -+ */ -+ ERR_clear_error(); -+ printf("2. Automatic power-up self test..."); -+ if (!FIPS_mode_set(1)) { -+ do_print_errors(); -+ printf(Fail("FAILED!\n")); -+ exit(1); -+ } -+ printf("successful\n"); -+ if (do_corrupt_dsa_keygen) -+ FIPS_corrupt_dsa_keygen(); -+ if (do_corrupt_rsa_keygen) -+ FIPS_corrupt_rsa_keygen(); -+ if (do_rng_stick) -+ FIPS_rng_stick(); -+ -+ /* AES encryption/decryption -+ */ -+ printf("3. AES encryption/decryption..."); -+ printf(FIPS_aes_test()? "successful\n" : Fail("FAILED!\n")); -+ -+ /* RSA key generation and encryption/decryption -+ */ -+ printf("4. RSA key generation and encryption/decryption..."); -+ printf(FIPS_rsa_test(bad_rsa) ? "successful\n" : Fail("FAILED!\n")); -+ -+ /* DES-CBC encryption/decryption -+ */ -+ printf("5. DES-ECB encryption/decryption..."); -+ printf(FIPS_des3_test()? "successful\n" : Fail("FAILED!\n")); -+ -+ /* DSA key generation and signature validation -+ */ -+ printf("6. DSA key generation and signature validation..."); -+ printf(FIPS_dsa_test(bad_dsa) ? "successful\n" : Fail("FAILED!\n")); -+ -+ /* SHA-1 hash -+ */ -+ printf("7a. SHA-1 hash..."); -+ printf(FIPS_sha1_test()? "successful\n" : Fail("FAILED!\n")); -+ -+ /* SHA-256 hash -+ */ -+ printf("7b. SHA-256 hash..."); -+ printf(FIPS_sha256_test()? "successful\n" : Fail("FAILED!\n")); -+ -+ /* SHA-512 hash -+ */ -+ printf("7c. SHA-512 hash..."); -+ printf(FIPS_sha512_test()? "successful\n" : Fail("FAILED!\n")); -+ -+ /* HMAC-SHA-1 hash -+ */ -+ printf("7d. HMAC-SHA-1 hash..."); -+ printf(FIPS_hmac_sha1_test()? "successful\n" : Fail("FAILED!\n")); -+ -+ /* HMAC-SHA-224 hash -+ */ -+ printf("7e. HMAC-SHA-224 hash..."); -+ printf(FIPS_hmac_sha224_test()? "successful\n" : Fail("FAILED!\n")); -+ -+ /* HMAC-SHA-256 hash -+ */ -+ printf("7f. HMAC-SHA-256 hash..."); -+ printf(FIPS_hmac_sha256_test()? "successful\n" : Fail("FAILED!\n")); -+ -+ /* HMAC-SHA-384 hash -+ */ -+ printf("7g. HMAC-SHA-384 hash..."); -+ printf(FIPS_hmac_sha384_test()? "successful\n" : Fail("FAILED!\n")); -+ -+ /* HMAC-SHA-512 hash -+ */ -+ printf("7h. HMAC-SHA-512 hash..."); -+ printf(FIPS_hmac_sha512_test()? "successful\n" : Fail("FAILED!\n")); -+ -+ /* Non-Approved cryptographic operation -+ */ -+ printf("8. Non-Approved cryptographic operation test...\n"); -+ printf("\ta. Included algorithm (D-H)..."); -+ printf(dh_test()? "successful as expected\n" -+ : Fail("failed INCORRECTLY!\n")); -+ -+ /* Zeroization -+ */ -+ printf("9. Zero-ization...\n"); -+ printf(Zeroize()? "\tsuccessful as expected\n" -+ : Fail("\tfailed INCORRECTLY!\n")); -+ -+ printf("\nAll tests completed with %d errors\n", Error); -+ return Error ? 1 : 0; -+} -+ -+#endif -diff -up openssl-1.0.2h/crypto/fips/Makefile.fips openssl-1.0.2h/crypto/fips/Makefile ---- openssl-1.0.2h/crypto/fips/Makefile.fips 2016-05-03 16:57:58.832321252 +0200 -+++ openssl-1.0.2h/crypto/fips/Makefile 2016-05-03 16:57:58.832321252 +0200 -@@ -0,0 +1,341 @@ -+# -+# OpenSSL/crypto/fips/Makefile -+# -+ -+DIR= fips -+TOP= ../.. -+CC= cc -+INCLUDES= -+CFLAG=-g -+MAKEFILE= Makefile -+AR= ar r -+ -+CFLAGS= $(INCLUDES) $(CFLAG) -+ -+GENERAL=Makefile -+TEST=fips_test_suite.c fips_randtest.c -+APPS= -+ -+PROGRAM= fips_standalone_hmac -+EXE= $(PROGRAM)$(EXE_EXT) -+ -+LIB=$(TOP)/libcrypto.a -+LIBSRC=fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c fips_rand_selftest.c \ -+ fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \ -+ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \ -+ fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \ -+ fips_cmac_selftest.c fips_enc.c fips_md.c -+ -+LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \ -+ fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \ -+ fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \ -+ fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \ -+ fips_cmac_selftest.o fips_enc.o fips_md.o -+ -+LIBCRYPTO=-L.. -lcrypto -+ -+SRC= $(LIBSRC) fips_standalone_hmac.c -+ -+EXHEADER= fips.h fips_rand.h -+HEADER= $(EXHEADER) -+ -+ALL= $(GENERAL) $(SRC) $(HEADER) -+ -+top: -+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) -+ -+all: lib exe -+ -+lib: $(LIBOBJ) -+ $(AR) $(LIB) $(LIBOBJ) -+ $(RANLIB) $(LIB) || echo Never mind. -+ @touch lib -+ -+exe: $(EXE) -+ -+files: -+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO -+ -+links: -+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) -+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) -+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) -+ -+install: -+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... -+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ -+ do \ -+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ -+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ -+ done; -+ -+tags: -+ ctags $(SRC) -+ -+tests: -+ -+lint: -+ lint -DLINT $(INCLUDES) $(SRC)>fluff -+ -+depend: -+ @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... -+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) -+ -+dclean: -+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new -+ mv -f Makefile.new $(MAKEFILE) -+ -+clean: -+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff -+ -+$(EXE): $(PROGRAM).o -+ FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../sha/$$i" ; done; \ -+ for i in $(CPUID_OBJ); do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../$$i" ; done; \ -+ $(CC) -o $@ $(CFLAGS) $(PROGRAM).o $$FIPS_SHA_ASM -+ -+# DO NOT DELETE THIS LINE -- make depend depends on it. -+ -+fips.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -+fips.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h -+fips.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -+fips.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -+fips.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -+fips.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -+fips.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -+fips.o: ../../include/openssl/symhacks.h fips.c fips_locl.h -+fips_aes_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_aes_selftest.o: ../../include/openssl/crypto.h -+fips_aes_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_aes_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_aes_selftest.o: ../../include/openssl/lhash.h -+fips_aes_selftest.o: ../../include/openssl/obj_mac.h -+fips_aes_selftest.o: ../../include/openssl/objects.h -+fips_aes_selftest.o: ../../include/openssl/opensslconf.h -+fips_aes_selftest.o: ../../include/openssl/opensslv.h -+fips_aes_selftest.o: ../../include/openssl/ossl_typ.h -+fips_aes_selftest.o: ../../include/openssl/safestack.h -+fips_aes_selftest.o: ../../include/openssl/stack.h -+fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c -+fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_des_selftest.o: ../../include/openssl/crypto.h -+fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_des_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_des_selftest.o: ../../include/openssl/lhash.h -+fips_des_selftest.o: ../../include/openssl/obj_mac.h -+fips_des_selftest.o: ../../include/openssl/objects.h -+fips_des_selftest.o: ../../include/openssl/opensslconf.h -+fips_des_selftest.o: ../../include/openssl/opensslv.h -+fips_des_selftest.o: ../../include/openssl/ossl_typ.h -+fips_des_selftest.o: ../../include/openssl/safestack.h -+fips_des_selftest.o: ../../include/openssl/stack.h -+fips_des_selftest.o: ../../include/openssl/symhacks.h fips_des_selftest.c -+fips_drbg_ctr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips_drbg_ctr.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -+fips_drbg_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h -+fips_drbg_ctr.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h -+fips_drbg_ctr.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h -+fips_drbg_ctr.o: ../../include/openssl/objects.h -+fips_drbg_ctr.o: ../../include/openssl/opensslconf.h -+fips_drbg_ctr.o: ../../include/openssl/opensslv.h -+fips_drbg_ctr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -+fips_drbg_ctr.o: ../../include/openssl/safestack.h -+fips_drbg_ctr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -+fips_drbg_ctr.o: fips_drbg_ctr.c fips_rand_lcl.h -+fips_drbg_hash.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips_drbg_hash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -+fips_drbg_hash.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h -+fips_drbg_hash.o: ../../include/openssl/fips.h -+fips_drbg_hash.o: ../../include/openssl/fips_rand.h -+fips_drbg_hash.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h -+fips_drbg_hash.o: ../../include/openssl/objects.h -+fips_drbg_hash.o: ../../include/openssl/opensslconf.h -+fips_drbg_hash.o: ../../include/openssl/opensslv.h -+fips_drbg_hash.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -+fips_drbg_hash.o: ../../include/openssl/safestack.h -+fips_drbg_hash.o: ../../include/openssl/stack.h -+fips_drbg_hash.o: ../../include/openssl/symhacks.h fips_drbg_hash.c -+fips_drbg_hash.o: fips_rand_lcl.h -+fips_drbg_hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips_drbg_hmac.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -+fips_drbg_hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h -+fips_drbg_hmac.o: ../../include/openssl/fips.h -+fips_drbg_hmac.o: ../../include/openssl/fips_rand.h -+fips_drbg_hmac.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h -+fips_drbg_hmac.o: ../../include/openssl/objects.h -+fips_drbg_hmac.o: ../../include/openssl/opensslconf.h -+fips_drbg_hmac.o: ../../include/openssl/opensslv.h -+fips_drbg_hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -+fips_drbg_hmac.o: ../../include/openssl/safestack.h -+fips_drbg_hmac.o: ../../include/openssl/stack.h -+fips_drbg_hmac.o: ../../include/openssl/symhacks.h fips_drbg_hmac.c -+fips_drbg_hmac.o: fips_rand_lcl.h -+fips_drbg_lib.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips_drbg_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -+fips_drbg_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_drbg_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_drbg_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h -+fips_drbg_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -+fips_drbg_lib.o: ../../include/openssl/objects.h -+fips_drbg_lib.o: ../../include/openssl/opensslconf.h -+fips_drbg_lib.o: ../../include/openssl/opensslv.h -+fips_drbg_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -+fips_drbg_lib.o: ../../include/openssl/safestack.h -+fips_drbg_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -+fips_drbg_lib.o: fips_drbg_lib.c fips_locl.h fips_rand_lcl.h -+fips_drbg_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips_drbg_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -+fips_drbg_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_drbg_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_drbg_rand.o: ../../include/openssl/fips_rand.h -+fips_drbg_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -+fips_drbg_rand.o: ../../include/openssl/obj_mac.h -+fips_drbg_rand.o: ../../include/openssl/objects.h -+fips_drbg_rand.o: ../../include/openssl/opensslconf.h -+fips_drbg_rand.o: ../../include/openssl/opensslv.h -+fips_drbg_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -+fips_drbg_rand.o: ../../include/openssl/safestack.h -+fips_drbg_rand.o: ../../include/openssl/stack.h -+fips_drbg_rand.o: ../../include/openssl/symhacks.h fips_drbg_rand.c -+fips_drbg_rand.o: fips_rand_lcl.h -+fips_drbg_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips_drbg_selftest.o: ../../include/openssl/bio.h -+fips_drbg_selftest.o: ../../include/openssl/crypto.h -+fips_drbg_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_drbg_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_drbg_selftest.o: ../../include/openssl/fips_rand.h -+fips_drbg_selftest.o: ../../include/openssl/hmac.h -+fips_drbg_selftest.o: ../../include/openssl/lhash.h -+fips_drbg_selftest.o: ../../include/openssl/obj_mac.h -+fips_drbg_selftest.o: ../../include/openssl/objects.h -+fips_drbg_selftest.o: ../../include/openssl/opensslconf.h -+fips_drbg_selftest.o: ../../include/openssl/opensslv.h -+fips_drbg_selftest.o: ../../include/openssl/ossl_typ.h -+fips_drbg_selftest.o: ../../include/openssl/rand.h -+fips_drbg_selftest.o: ../../include/openssl/safestack.h -+fips_drbg_selftest.o: ../../include/openssl/stack.h -+fips_drbg_selftest.o: ../../include/openssl/symhacks.h fips_drbg_selftest.c -+fips_drbg_selftest.o: fips_drbg_selftest.h fips_locl.h fips_rand_lcl.h -+fips_dsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_dsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -+fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -+fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h -+fips_dsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -+fips_dsa_selftest.o: ../../include/openssl/obj_mac.h -+fips_dsa_selftest.o: ../../include/openssl/objects.h -+fips_dsa_selftest.o: ../../include/openssl/opensslconf.h -+fips_dsa_selftest.o: ../../include/openssl/opensslv.h -+fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h -+fips_dsa_selftest.o: ../../include/openssl/safestack.h -+fips_dsa_selftest.o: ../../include/openssl/stack.h -+fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c -+fips_dsa_selftest.o: fips_locl.h -+fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_hmac_selftest.o: ../../include/openssl/crypto.h -+fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_hmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_hmac_selftest.o: ../../include/openssl/hmac.h -+fips_hmac_selftest.o: ../../include/openssl/lhash.h -+fips_hmac_selftest.o: ../../include/openssl/obj_mac.h -+fips_hmac_selftest.o: ../../include/openssl/objects.h -+fips_hmac_selftest.o: ../../include/openssl/opensslconf.h -+fips_hmac_selftest.o: ../../include/openssl/opensslv.h -+fips_hmac_selftest.o: ../../include/openssl/ossl_typ.h -+fips_hmac_selftest.o: ../../include/openssl/safestack.h -+fips_hmac_selftest.o: ../../include/openssl/stack.h -+fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c -+fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -+fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -+fips_post.o: ../../include/openssl/err.h ../../include/openssl/evp.h -+fips_post.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h -+fips_post.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -+fips_post.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -+fips_post.o: ../../include/openssl/opensslconf.h -+fips_post.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -+fips_post.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -+fips_post.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -+fips_post.o: ../../include/openssl/symhacks.h fips_locl.h fips_post.c -+fips_rand.o: ../../e_os.h ../../include/openssl/aes.h -+fips_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -+fips_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h -+fips_rand.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h -+fips_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -+fips_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -+fips_rand.o: ../../include/openssl/opensslconf.h -+fips_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -+fips_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -+fips_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -+fips_rand.o: fips_locl.h fips_rand.c -+fips_rand_lib.o: ../../e_os.h ../../include/openssl/aes.h -+fips_rand_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -+fips_rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -+fips_rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h -+fips_rand_lib.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -+fips_rand_lib.o: ../../include/openssl/obj_mac.h -+fips_rand_lib.o: ../../include/openssl/objects.h -+fips_rand_lib.o: ../../include/openssl/opensslconf.h -+fips_rand_lib.o: ../../include/openssl/opensslv.h -+fips_rand_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -+fips_rand_lib.o: ../../include/openssl/safestack.h -+fips_rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -+fips_rand_lib.o: fips_rand_lib.c -+fips_rand_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -+fips_rand_selftest.o: ../../include/openssl/bio.h -+fips_rand_selftest.o: ../../include/openssl/crypto.h -+fips_rand_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_rand_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_rand_selftest.o: ../../include/openssl/fips_rand.h -+fips_rand_selftest.o: ../../include/openssl/hmac.h -+fips_rand_selftest.o: ../../include/openssl/lhash.h -+fips_rand_selftest.o: ../../include/openssl/obj_mac.h -+fips_rand_selftest.o: ../../include/openssl/objects.h -+fips_rand_selftest.o: ../../include/openssl/opensslconf.h -+fips_rand_selftest.o: ../../include/openssl/opensslv.h -+fips_rand_selftest.o: ../../include/openssl/ossl_typ.h -+fips_rand_selftest.o: ../../include/openssl/rand.h -+fips_rand_selftest.o: ../../include/openssl/safestack.h -+fips_rand_selftest.o: ../../include/openssl/stack.h -+fips_rand_selftest.o: ../../include/openssl/symhacks.h fips_locl.h -+fips_rand_selftest.o: fips_rand_selftest.c -+fips_rsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_rsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -+fips_rsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_rsa_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_rsa_selftest.o: ../../include/openssl/lhash.h -+fips_rsa_selftest.o: ../../include/openssl/obj_mac.h -+fips_rsa_selftest.o: ../../include/openssl/objects.h -+fips_rsa_selftest.o: ../../include/openssl/opensslconf.h -+fips_rsa_selftest.o: ../../include/openssl/opensslv.h -+fips_rsa_selftest.o: ../../include/openssl/ossl_typ.h -+fips_rsa_selftest.o: ../../include/openssl/rsa.h -+fips_rsa_selftest.o: ../../include/openssl/safestack.h -+fips_rsa_selftest.o: ../../include/openssl/stack.h -+fips_rsa_selftest.o: ../../include/openssl/symhacks.h fips_rsa_selftest.c -+fips_rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -+fips_rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_rsa_x931g.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -+fips_rsa_x931g.o: ../../include/openssl/opensslconf.h -+fips_rsa_x931g.o: ../../include/openssl/opensslv.h -+fips_rsa_x931g.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -+fips_rsa_x931g.o: ../../include/openssl/safestack.h -+fips_rsa_x931g.o: ../../include/openssl/stack.h -+fips_rsa_x931g.o: ../../include/openssl/symhacks.h fips_rsa_x931g.c -+fips_sha_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -+fips_sha_selftest.o: ../../include/openssl/crypto.h -+fips_sha_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -+fips_sha_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -+fips_sha_selftest.o: ../../include/openssl/lhash.h -+fips_sha_selftest.o: ../../include/openssl/obj_mac.h -+fips_sha_selftest.o: ../../include/openssl/objects.h -+fips_sha_selftest.o: ../../include/openssl/opensslconf.h -+fips_sha_selftest.o: ../../include/openssl/opensslv.h -+fips_sha_selftest.o: ../../include/openssl/ossl_typ.h -+fips_sha_selftest.o: ../../include/openssl/safestack.h -+fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -+fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c -diff -up openssl-1.0.2h/crypto/hmac/hmac.c.fips openssl-1.0.2h/crypto/hmac/hmac.c ---- openssl-1.0.2h/crypto/hmac/hmac.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/hmac/hmac.c 2016-05-03 16:57:58.832321252 +0200 -@@ -89,12 +89,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo - EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); - return 0; - } -- /* -- * Other algorithm blocking will be done in FIPS_cmac_init, via -- * FIPS_hmac_init_ex(). -- */ -- if (!impl && !ctx->i_ctx.engine) -- return FIPS_hmac_init_ex(ctx, key, len, md, NULL); - } - #endif - /* If we are changing MD then we must have a key */ -@@ -111,6 +105,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo +diff -up openssl-1.1.0h/crypto/hmac/hmac.c.fips openssl-1.1.0h/crypto/hmac/hmac.c +--- openssl-1.1.0h/crypto/hmac/hmac.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/hmac/hmac.c 2018-03-29 14:44:24.636236877 +0200 +@@ -35,6 +35,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo } if (key != NULL) { +#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS) -+ && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) -+ || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) -+ || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))) ++ if (FIPS_mode() && !(EVP_MD_flags(md) & EVP_MD_FLAG_FIPS) ++ && (!EVP_MD_CTX_test_flags(ctx->md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) ++ || !EVP_MD_CTX_test_flags(ctx->i_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) ++ || !EVP_MD_CTX_test_flags(ctx->o_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))) + goto err; +#endif reset = 1; j = EVP_MD_block_size(md); OPENSSL_assert(j <= (int)sizeof(ctx->key)); -@@ -164,10 +165,6 @@ int HMAC_Init(HMAC_CTX *ctx, const void - - int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) - { --#ifdef OPENSSL_FIPS -- if (FIPS_mode() && !ctx->i_ctx.engine) -- return FIPS_hmac_update(ctx, data, len); --#endif - if (!ctx->md) - return 0; - -@@ -178,10 +175,6 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned c - { - unsigned int i; - unsigned char buf[EVP_MAX_MD_SIZE]; --#ifdef OPENSSL_FIPS -- if (FIPS_mode() && !ctx->i_ctx.engine) -- return FIPS_hmac_final(ctx, md, len); --#endif - - if (!ctx->md) - goto err; -@@ -225,12 +218,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_C - - void HMAC_CTX_cleanup(HMAC_CTX *ctx) - { --#ifdef OPENSSL_FIPS -- if (FIPS_mode() && !ctx->i_ctx.engine) { -- FIPS_hmac_ctx_cleanup(ctx); -- return; -- } --#endif - EVP_MD_CTX_cleanup(&ctx->i_ctx); - EVP_MD_CTX_cleanup(&ctx->o_ctx); - EVP_MD_CTX_cleanup(&ctx->md_ctx); -diff -up openssl-1.0.2h/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.2h/crypto/mdc2/mdc2dgst.c ---- openssl-1.0.2h/crypto/mdc2/mdc2dgst.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/mdc2/mdc2dgst.c 2016-05-03 16:57:58.832321252 +0200 -@@ -76,7 +76,7 @@ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - - static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len); --fips_md_init(MDC2) -+nonfips_md_init(MDC2) - { - c->num = 0; - c->pad_type = 1; -diff -up openssl-1.0.2h/crypto/md2/md2_dgst.c.fips openssl-1.0.2h/crypto/md2/md2_dgst.c ---- openssl-1.0.2h/crypto/md2/md2_dgst.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/md2/md2_dgst.c 2016-05-03 16:57:58.832321252 +0200 -@@ -62,6 +62,11 @@ - #include - #include - #include -+#ifdef OPENSSL_FIPS -+# include +diff -up openssl-1.1.0h/crypto/include/internal/fips_int.h.fips openssl-1.1.0h/crypto/include/internal/fips_int.h +--- openssl-1.1.0h/crypto/include/internal/fips_int.h.fips 2018-03-29 14:44:24.637236901 +0200 ++++ openssl-1.1.0h/crypto/include/internal/fips_int.h 2018-03-29 14:44:24.637236901 +0200 +@@ -0,0 +1,101 @@ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++ ++#ifndef OPENSSL_FIPS ++# error FIPS is disabled. +#endif + -+#include ++#ifdef OPENSSL_FIPS ++ ++int FIPS_module_mode_set(int onoff); ++int FIPS_module_mode(void); ++int FIPS_module_installed(void); ++int FIPS_selftest_sha1(void); ++int FIPS_selftest_sha2(void); ++int FIPS_selftest_aes_ccm(void); ++int FIPS_selftest_aes_gcm(void); ++int FIPS_selftest_aes_xts(void); ++int FIPS_selftest_aes(void); ++int FIPS_selftest_des(void); ++int FIPS_selftest_rsa(void); ++int FIPS_selftest_dsa(void); ++int FIPS_selftest_ecdsa(void); ++int FIPS_selftest_ecdh(void); ++int FIPS_selftest_dh(void); ++void FIPS_drbg_stick(int onoff); ++int FIPS_selftest_hmac(void); ++int FIPS_selftest_drbg(void); ++int FIPS_selftest_cmac(void); ++ ++int fips_pkey_signature_test(EVP_PKEY *pkey, ++ const unsigned char *tbs, int tbslen, ++ const unsigned char *kat, ++ unsigned int katlen, ++ const EVP_MD *digest, ++ unsigned int md_flags, const char *fail_str); ++ ++int fips_cipher_test(EVP_CIPHER_CTX *ctx, ++ const EVP_CIPHER *cipher, ++ const unsigned char *key, ++ const unsigned char *iv, ++ const unsigned char *plaintext, ++ const unsigned char *ciphertext, int len); ++ ++void fips_set_selftest_fail(void); ++ ++const EVP_MD *FIPS_get_digestbynid(int nid); ++ ++const EVP_CIPHER *FIPS_get_cipherbynid(int nid); ++ ++void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); ++ ++#endif +diff -up openssl-1.1.0h/crypto/o_fips.c.fips openssl-1.1.0h/crypto/o_fips.c +--- openssl-1.1.0h/crypto/o_fips.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/o_fips.c 2018-03-29 14:44:24.637236901 +0200 +@@ -9,7 +9,10 @@ - const char MD2_version[] = "MD2" OPENSSL_VERSION_PTEXT; + #include "internal/cryptlib.h" + #ifdef OPENSSL_FIPS ++# include + # include ++# include ++# include "internal/fips_int.h" + #endif -@@ -119,7 +124,7 @@ const char *MD2_options(void) - return ("md2(int)"); - } - --fips_md_init(MD2) -+nonfips_md_init(MD2) + int FIPS_mode(void) +@@ -24,7 +27,15 @@ int FIPS_mode(void) + int FIPS_mode_set(int r) { - c->num = 0; - memset(c->state, 0, sizeof c->state); -diff -up openssl-1.0.2h/crypto/md4/md4_dgst.c.fips openssl-1.0.2h/crypto/md4/md4_dgst.c ---- openssl-1.0.2h/crypto/md4/md4_dgst.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/md4/md4_dgst.c 2016-05-03 16:57:58.832321252 +0200 -@@ -72,7 +72,7 @@ const char MD4_version[] = "MD4" OPENSSL - #define INIT_DATA_C (unsigned long)0x98badcfeL - #define INIT_DATA_D (unsigned long)0x10325476L - --fips_md_init(MD4) -+nonfips_md_init(MD4) - { - memset(c, 0, sizeof(*c)); - c->A = INIT_DATA_A; -diff -up openssl-1.0.2h/crypto/md5/md5_dgst.c.fips openssl-1.0.2h/crypto/md5/md5_dgst.c ---- openssl-1.0.2h/crypto/md5/md5_dgst.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/md5/md5_dgst.c 2016-05-03 16:57:58.833321275 +0200 -@@ -72,7 +72,7 @@ const char MD5_version[] = "MD5" OPENSSL - #define INIT_DATA_C (unsigned long)0x98badcfeL - #define INIT_DATA_D (unsigned long)0x10325476L - --fips_md_init(MD5) -+nonfips_md_init(MD5) - { - memset(c, 0, sizeof(*c)); - c->A = INIT_DATA_A; -diff -up openssl-1.0.2h/crypto/o_fips.c.fips openssl-1.0.2h/crypto/o_fips.c ---- openssl-1.0.2h/crypto/o_fips.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/o_fips.c 2016-05-03 16:57:58.833321275 +0200 -@@ -80,6 +80,8 @@ int FIPS_mode_set(int r) - # ifndef FIPS_AUTH_USER_PASS - # define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" - # endif + #ifdef OPENSSL_FIPS +- return FIPS_module_mode_set(r); + if (r && FIPS_module_mode()) /* can be implicitly initialized by OPENSSL_init() */ + return 1; - if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) - return 0; - if (r) -diff -up openssl-1.0.2h/crypto/o_init.c.fips openssl-1.0.2h/crypto/o_init.c ---- openssl-1.0.2h/crypto/o_init.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/o_init.c 2016-05-03 16:57:58.833321275 +0200 -@@ -56,8 +56,37 @@ ++ if (!FIPS_module_mode_set(r)) ++ return 0; ++ if (r) ++ RAND_set_rand_method(FIPS_rand_get_method()); ++ else ++ RAND_set_rand_method(NULL); ++ return 1; + #else + if (r == 0) + return 1; +diff -up openssl-1.1.0h/crypto/o_init.c.fips openssl-1.1.0h/crypto/o_init.c +--- openssl-1.1.0h/crypto/o_init.c.fips 2018-03-27 15:50:38.000000000 +0200 ++++ openssl-1.1.0h/crypto/o_init.c 2018-03-29 14:44:24.637236901 +0200 +@@ -7,11 +7,50 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE #include #include #ifdef OPENSSL_FIPS +-# include +# include +# include +# include +# include +# include +# include - # include # include ++# include ++# include "internal/fips_int.h" + +# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled" + @@ -12763,7 +10464,10 @@ diff -up openssl-1.0.2h/crypto/o_init.c.fips openssl-1.0.2h/crypto/o_init.c + char buf[2] = "0"; + int fd; + -+ if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { ++ /* Ensure the selftests always run */ ++ FIPS_mode_set(1); ++ ++ if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { + buf[0] = '1'; + } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { + while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; @@ -12774,19 +10478,23 @@ diff -up openssl-1.0.2h/crypto/o_init.c.fips openssl-1.0.2h/crypto/o_init.c + * otherwise.. + */ + -+ if (buf[0] == '1') { -+ FIPS_mode_set(1); ++ if (buf[0] != '1') { ++ /* drop down to non-FIPS mode if it is not requested */ ++ FIPS_mode_set(0); ++ } else { ++ /* abort if selftest failed */ ++ FIPS_selftest_check(); + } +} #endif /* -@@ -65,19 +94,26 @@ +@@ -19,16 +58,29 @@ * sets FIPS callbacks */ -void OPENSSL_init(void) -+void OPENSSL_init_library(void) ++void __attribute__ ((constructor)) OPENSSL_init_library(void) { static int done = 0; if (done) @@ -12796,15 +10504,18 @@ diff -up openssl-1.0.2h/crypto/o_init.c.fips openssl-1.0.2h/crypto/o_init.c - FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock); - FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata); - FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free); ++ if (!FIPS_module_installed()) { ++ return; ++ } RAND_init_fips(); + init_fips_mode(); + if (!FIPS_mode()) { + /* Clean up prematurely set default rand method */ + RAND_set_rand_method(NULL); + } - #endif - #if 0 - fprintf(stderr, "Called OPENSSL_init\n"); ++#endif ++#if 0 ++ fprintf(stderr, "Called OPENSSL_init\n"); #endif } + @@ -12812,284 +10523,301 @@ diff -up openssl-1.0.2h/crypto/o_init.c.fips openssl-1.0.2h/crypto/o_init.c +{ + OPENSSL_init_library(); +} -diff -up openssl-1.0.2h/crypto/opensslconf.h.in.fips openssl-1.0.2h/crypto/opensslconf.h.in ---- openssl-1.0.2h/crypto/opensslconf.h.in.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/opensslconf.h.in 2016-05-03 16:57:58.833321275 +0200 -@@ -1,5 +1,20 @@ - /* crypto/opensslconf.h.in */ - -+#ifdef OPENSSL_DOING_MAKEDEPEND -+ -+/* Include any symbols here that have to be explicitly set to enable a feature -+ * that should be visible to makedepend. -+ * -+ * [Our "make depend" doesn't actually look at this, we use actual build settings -+ * instead; we want to make it easy to remove subdirectories with disabled algorithms.] -+ */ -+ -+#ifndef OPENSSL_FIPS -+#define OPENSSL_FIPS -+#endif -+ -+#endif -+ - /* Generate 80386 code? */ - #undef I386_ONLY - -diff -up openssl-1.0.2h/crypto/rand/md_rand.c.fips openssl-1.0.2h/crypto/rand/md_rand.c ---- openssl-1.0.2h/crypto/rand/md_rand.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/rand/md_rand.c 2016-05-03 16:57:58.833321275 +0200 -@@ -391,7 +391,10 @@ int ssleay_rand_bytes(unsigned char *buf - CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); +diff -up openssl-1.1.0h/crypto/rand/md_rand.c.fips openssl-1.1.0h/crypto/rand/md_rand.c +--- openssl-1.1.0h/crypto/rand/md_rand.c.fips 2018-03-27 15:50:39.000000000 +0200 ++++ openssl-1.1.0h/crypto/rand/md_rand.c 2018-03-29 14:44:24.637236901 +0200 +@@ -360,7 +360,7 @@ static int rand_bytes(unsigned char *buf + CRYPTO_THREAD_unlock(rand_tmp_lock); crypto_lock_rand = 1; - if (!initialized) { -+ /* always poll for external entropy in FIPS mode, drbg provides the -+ * expansion -+ */ -+ if (!initialized || FIPS_module_mode()) { ++ if (!initialized || FIPS_mode()) { RAND_poll(); initialized = 1; } -diff -up openssl-1.0.2h/crypto/rand/rand.h.fips openssl-1.0.2h/crypto/rand/rand.h ---- openssl-1.0.2h/crypto/rand/rand.h.fips 2016-05-03 16:57:58.501313436 +0200 -+++ openssl-1.0.2h/crypto/rand/rand.h 2016-05-03 16:57:58.833321275 +0200 -@@ -133,16 +133,34 @@ void ERR_load_RAND_strings(void); - /* Error codes for the RAND functions. */ +diff -up openssl-1.1.0h/crypto/rand/rand_err.c.fips openssl-1.1.0h/crypto/rand/rand_err.c +--- openssl-1.1.0h/crypto/rand/rand_err.c.fips 2018-03-27 15:50:39.000000000 +0200 ++++ openssl-1.1.0h/crypto/rand/rand_err.c 2018-03-29 14:44:24.637236901 +0200 +@@ -20,10 +20,13 @@ - /* Function codes. */ -+# define RAND_F_ENG_RAND_GET_RAND_METHOD 108 -+# define RAND_F_FIPS_RAND 103 -+# define RAND_F_FIPS_RAND_BYTES 102 -+# define RAND_F_FIPS_RAND_SET_DT 106 -+# define RAND_F_FIPS_X931_SET_DT 106 -+# define RAND_F_FIPS_SET_DT 104 -+# define RAND_F_FIPS_SET_PRNG_SEED 107 -+# define RAND_F_FIPS_SET_TEST_MODE 105 - # define RAND_F_RAND_GET_RAND_METHOD 101 --# define RAND_F_RAND_INIT_FIPS 102 -+# define RAND_F_RAND_INIT_FIPS 109 - # define RAND_F_SSLEAY_RAND_BYTES 100 + static ERR_STRING_DATA RAND_str_functs[] = { + {ERR_FUNC(RAND_F_RAND_BYTES), "RAND_bytes"}, ++ {ERR_FUNC(RAND_F_RAND_INIT_FIPS), "RAND_init_fips"}, + {0, NULL} + }; - /* Reason codes. */ --# define RAND_R_DUAL_EC_DRBG_DISABLED 104 --# define RAND_R_ERROR_INITIALISING_DRBG 102 --# define RAND_R_ERROR_INSTANTIATING_DRBG 103 --# define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 -+# define RAND_R_DUAL_EC_DRBG_DISABLED 114 -+# define RAND_R_ERROR_INITIALISING_DRBG 112 -+# define RAND_R_ERROR_INSTANTIATING_DRBG 113 -+# define RAND_R_NON_FIPS_METHOD 105 -+# define RAND_R_NOT_IN_TEST_MODE 106 -+# define RAND_R_NO_FIPS_RANDOM_METHOD_SET 111 -+# define RAND_R_NO_KEY_SET 107 -+# define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101 -+# define RAND_R_PRNG_ERROR 108 -+# define RAND_R_PRNG_KEYED 109 -+# define RAND_R_PRNG_NOT_REKEYED 102 -+# define RAND_R_PRNG_NOT_RESEEDED 103 - # define RAND_R_PRNG_NOT_SEEDED 100 -+# define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110 -+# define RAND_R_PRNG_STUCK 104 + static ERR_STRING_DATA RAND_str_reasons[] = { ++ {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG), "error initialising DRBG"}, ++ {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG), "error instantiating DRBG"}, + {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, + {0, NULL} + }; +diff -up openssl-1.1.0h/crypto/rand/rand_lcl.h.fips openssl-1.1.0h/crypto/rand/rand_lcl.h +--- openssl-1.1.0h/crypto/rand/rand_lcl.h.fips 2018-03-29 14:44:24.359230371 +0200 ++++ openssl-1.1.0h/crypto/rand/rand_lcl.h 2018-03-29 14:44:24.637236901 +0200 +@@ -10,7 +10,7 @@ + #ifndef HEADER_RAND_LCL_H + # define HEADER_RAND_LCL_H - #ifdef __cplusplus - } -diff -up openssl-1.0.2h/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.2h/crypto/ripemd/rmd_dgst.c ---- openssl-1.0.2h/crypto/ripemd/rmd_dgst.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/ripemd/rmd_dgst.c 2016-05-03 16:57:58.833321275 +0200 -@@ -70,7 +70,7 @@ void ripemd160_block_x86(RIPEMD160_CTX * - void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num); +-# define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */ ++# define ENTROPY_NEEDED 48 /* require 384 bits = 48 bytes of randomness */ + + # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) + # define USE_SHA1_RAND +diff -up openssl-1.1.0h/crypto/rand/rand_lib.c.fips openssl-1.1.0h/crypto/rand/rand_lib.c +--- openssl-1.1.0h/crypto/rand/rand_lib.c.fips 2018-03-27 15:50:39.000000000 +0200 ++++ openssl-1.1.0h/crypto/rand/rand_lib.c 2018-03-29 14:44:24.637236901 +0200 +@@ -18,6 +18,8 @@ + #ifdef OPENSSL_FIPS + # include + # include ++# include "rand_lcl.h" ++# include "internal/fips_int.h" #endif --fips_md_init(RIPEMD160) -+nonfips_md_init(RIPEMD160) + #ifndef OPENSSL_NO_ENGINE +@@ -162,3 +164,127 @@ int RAND_status(void) + return meth->status(); + return 0; + } ++ ++#ifdef OPENSSL_FIPS ++ ++/* ++ * FIPS DRBG initialisation code. This sets up the DRBG for use by the rest ++ * of OpenSSL. ++ */ ++ ++/* ++ * Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather ++ * entropy internally through RAND_poll(). ++ */ ++ ++static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, ++ int entropy, size_t min_len, size_t max_len) ++{ ++ /* Round up request to multiple of block size */ ++ min_len = ((min_len + 19) / 20) * 20; ++ *pout = OPENSSL_malloc(min_len); ++ if (!*pout) ++ return 0; ++ if (RAND_OpenSSL()->bytes(*pout, min_len) <= 0) { ++ OPENSSL_free(*pout); ++ *pout = NULL; ++ return 0; ++ } ++ return min_len; ++} ++ ++static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen) ++{ ++ if (out) { ++ OPENSSL_cleanse(out, olen); ++ OPENSSL_free(out); ++ } ++} ++ ++/* ++ * Set "additional input" when generating random data. This uses the current ++ * PID, a time value and a counter. ++ */ ++ ++static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout) ++{ ++ /* Use of static variables is OK as this happens under a lock */ ++ static unsigned char buf[16]; ++ static unsigned long counter; ++ FIPS_get_timevec(buf, &counter); ++ *pout = buf; ++ return sizeof(buf); ++} ++ ++/* ++ * RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is ++ * correctly seeded by RAND_poll(). ++ */ ++ ++static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen, ++ double entropy) ++{ ++ RAND_OpenSSL()->add(in, inlen, entropy); ++ if (FIPS_rand_status()) { ++ FIPS_drbg_reseed(ctx, NULL, 0); ++ } ++ return 1; ++} ++ ++static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen) ++{ ++ RAND_OpenSSL()->seed(in, inlen); ++ if (FIPS_rand_status()) { ++ FIPS_drbg_reseed(ctx, NULL, 0); ++ } ++ return 1; ++} ++ ++# ifndef OPENSSL_DRBG_DEFAULT_TYPE ++# define OPENSSL_DRBG_DEFAULT_TYPE NID_aes_256_ctr ++# endif ++# ifndef OPENSSL_DRBG_DEFAULT_FLAGS ++# define OPENSSL_DRBG_DEFAULT_FLAGS DRBG_FLAG_CTR_USE_DF ++# endif ++ ++static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE; ++static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS; ++ ++void RAND_set_fips_drbg_type(int type, int flags) ++{ ++ fips_drbg_type = type; ++ fips_drbg_flags = flags; ++} ++ ++int RAND_init_fips(void) ++{ ++ DRBG_CTX *dctx; ++ size_t plen; ++ unsigned char pers[32], *p; ++ ++ dctx = FIPS_get_default_drbg(); ++ if (dctx == NULL || ++ FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) { ++ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG); ++ return 0; ++ } ++ ++ FIPS_drbg_set_callbacks(dctx, ++ drbg_get_entropy, drbg_free_entropy, 20, ++ drbg_get_entropy, drbg_free_entropy); ++ FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0, ++ drbg_rand_seed, drbg_rand_add); ++ /* Personalisation string: a string followed by date time vector */ ++ strcpy((char *)pers, "OpenSSL DRBG2.0"); ++ plen = drbg_get_adin(dctx, &p); ++ memcpy(pers + 16, p, plen); ++ ++ if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0) { ++ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG); ++ return 0; ++ } ++ FIPS_rand_set_method(FIPS_drbg_method()); ++ return 1; ++} ++ ++#endif +diff -up openssl-1.1.0h/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0h/crypto/rsa/rsa_crpt.c +--- openssl-1.1.0h/crypto/rsa/rsa_crpt.c.fips 2018-03-27 15:50:39.000000000 +0200 ++++ openssl-1.1.0h/crypto/rsa/rsa_crpt.c 2018-03-29 14:44:24.637236901 +0200 +@@ -28,24 +28,52 @@ int RSA_size(const RSA *r) + int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding) { - memset(c, 0, sizeof(*c)); - c->A = RIPEMD160_A; -diff -up openssl-1.0.2h/crypto/rsa/rsa_crpt.c.fips openssl-1.0.2h/crypto/rsa/rsa_crpt.c ---- openssl-1.0.2h/crypto/rsa/rsa_crpt.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/rsa/rsa_crpt.c 2016-05-03 16:57:58.834321299 +0200 -@@ -89,9 +89,9 @@ int RSA_private_encrypt(int flen, const ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD); ++ return -1; ++ } ++#endif + return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); + } + + int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - #ifdef OPENSSL_FIPS -- if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) -- && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -- RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD); ++#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { + RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, + RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); - return -1; - } - #endif -@@ -115,9 +115,9 @@ int RSA_public_decrypt(int flen, const u ++ return -1; ++ } ++#endif + return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); + } + + int RSA_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD); ++ return -1; ++ } ++#endif + return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); + } + + int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - #ifdef OPENSSL_FIPS -- if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) -- && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { -- RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD); ++#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { + RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, + RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); - return -1; - } - #endif -diff -up openssl-1.0.2h/crypto/rsa/rsa_eay.c.fips openssl-1.0.2h/crypto/rsa/rsa_eay.c ---- openssl-1.0.2h/crypto/rsa/rsa_eay.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/rsa/rsa_eay.c 2016-05-03 16:57:58.834321299 +0200 -@@ -114,6 +114,10 @@ - #include - #include - #include -+#include -+#ifdef OPENSSL_FIPS -+# include ++ return -1; ++ } +#endif - - #ifndef RSA_NULL - -@@ -140,7 +144,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth = { - * if e == 3 */ - RSA_eay_init, - RSA_eay_finish, -- 0, /* flags */ -+ RSA_FLAG_FIPS_METHOD, /* flags */ - NULL, - 0, /* rsa_sign */ - 0, /* rsa_verify */ -@@ -160,6 +164,22 @@ static int RSA_eay_public_encrypt(int fl - unsigned char *buf = NULL; - BN_CTX *ctx = NULL; - -+# ifdef OPENSSL_FIPS -+ if (FIPS_mode()) { -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT, -+ FIPS_R_FIPS_SELFTEST_FAILED); -+ goto err; -+ } -+ -+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) -+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); -+ return -1; -+ } -+ } -+# endif -+ - if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { - RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); - return -1; -@@ -361,6 +381,22 @@ static int RSA_eay_private_encrypt(int f - BIGNUM *unblind = NULL; - BN_BLINDING *blinding = NULL; - -+# ifdef OPENSSL_FIPS -+ if (FIPS_mode()) { -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT, -+ FIPS_R_FIPS_SELFTEST_FAILED); -+ return -1; -+ } -+ -+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) -+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); -+ return -1; -+ } -+ } -+# endif -+ - if ((ctx = BN_CTX_new()) == NULL) - goto err; - BN_CTX_start(ctx); -@@ -497,6 +533,22 @@ static int RSA_eay_private_decrypt(int f - BIGNUM *unblind = NULL; - BN_BLINDING *blinding = NULL; - -+# ifdef OPENSSL_FIPS -+ if (FIPS_mode()) { -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_RSA_EAY_PRIVATE_DECRYPT, -+ FIPS_R_FIPS_SELFTEST_FAILED); -+ return -1; -+ } -+ -+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) -+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { -+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); -+ return -1; -+ } -+ } -+# endif -+ - if ((ctx = BN_CTX_new()) == NULL) - goto err; - BN_CTX_start(ctx); -@@ -623,6 +675,22 @@ static int RSA_eay_public_decrypt(int fl - unsigned char *buf = NULL; - BN_CTX *ctx = NULL; - -+# ifdef OPENSSL_FIPS -+ if (FIPS_mode()) { -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_RSA_EAY_PUBLIC_DECRYPT, -+ FIPS_R_FIPS_SELFTEST_FAILED); -+ goto err; -+ } -+ -+ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) -+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); -+ return -1; -+ } -+ } -+# endif -+ - if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { - RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); - return -1; -@@ -886,6 +954,9 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c - - static int RSA_eay_init(RSA *rsa) - { -+# ifdef OPENSSL_FIPS -+ FIPS_selftest_check(); -+# endif - rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; - return (1); + return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -diff -up openssl-1.0.2h/crypto/rsa/rsa_err.c.fips openssl-1.0.2h/crypto/rsa/rsa_err.c ---- openssl-1.0.2h/crypto/rsa/rsa_err.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/rsa/rsa_err.c 2016-05-03 16:57:58.834321299 +0200 -@@ -136,6 +136,8 @@ static ERR_STRING_DATA RSA_str_functs[] - {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, - {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, - {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, -+ {ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"}, + +diff -up openssl-1.1.0h/crypto/rsa/rsa_err.c.fips openssl-1.1.0h/crypto/rsa/rsa_err.c +--- openssl-1.1.0h/crypto/rsa/rsa_err.c.fips 2018-03-27 15:50:39.000000000 +0200 ++++ openssl-1.1.0h/crypto/rsa/rsa_err.c 2018-03-29 14:44:24.638236924 +0200 +@@ -21,6 +21,7 @@ + static ERR_STRING_DATA RSA_str_functs[] = { + {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"}, + {ERR_FUNC(RSA_F_ENCODE_PKCS1), "encode_pkcs1"}, ++ {ERR_FUNC(RSA_F_FIPS_RSA_BUILTIN_KEYGEN), "fips_rsa_builtin_keygen"}, + {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "int_rsa_verify"}, + {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "old_rsa_priv_decode"}, + {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"}, +@@ -33,6 +34,7 @@ static ERR_STRING_DATA RSA_str_functs[] + {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, + {ERR_FUNC(RSA_F_RSA_CHECK_KEY_EX), "RSA_check_key_ex"}, + {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "rsa_cms_decrypt"}, ++ {ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX), "RSA_generate_key_ex"}, + {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "rsa_item_verify"}, + {ERR_FUNC(RSA_F_RSA_METH_DUP), "RSA_meth_dup"}, + {ERR_FUNC(RSA_F_RSA_METH_NEW), "RSA_meth_new"}, +@@ -76,8 +78,14 @@ static ERR_STRING_DATA RSA_str_functs[] + {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, + {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, + {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "rsa_priv_encode"}, ++ {ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT), "RSA_private_decrypt"}, ++ {ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"}, + {ERR_FUNC(RSA_F_RSA_PSS_TO_CTX), "rsa_pss_to_ctx"}, + {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "rsa_pub_decode"}, ++ {ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"}, ++ {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, + {ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"}, ++ {ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"}, + {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), - "RSA_sign_ASN1_OCTET_STRING"}, -diff -up openssl-1.0.2h/crypto/rsa/rsa_gen.c.fips openssl-1.0.2h/crypto/rsa/rsa_gen.c ---- openssl-1.0.2h/crypto/rsa/rsa_gen.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/rsa/rsa_gen.c 2016-05-03 16:57:58.834321299 +0200 -@@ -69,8 +69,80 @@ - #include - #ifdef OPENSSL_FIPS - # include --extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, -- BN_GENCB *cb); -+# include -+# include -+ -+static int fips_rsa_pairwise_fail = 0; -+ -+void FIPS_corrupt_rsa_keygen(void) -+{ -+ fips_rsa_pairwise_fail = 1; -+} +@@ -135,10 +143,13 @@ static ERR_STRING_DATA RSA_str_reasons[] + {ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"}, + {ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"}, + {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, ++ {ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD), "non FIPS rsa method"}, + {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING), + "null before block missing"}, + {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q), "n does not equal p q"}, + {ERR_REASON(RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"}, ++ {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), ++ "operation not allowed in FIPS mode"}, + {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), + "operation not supported for this keytype"}, + {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"}, +diff -up openssl-1.1.0h/crypto/rsa/rsa_gen.c.fips openssl-1.1.0h/crypto/rsa/rsa_gen.c +--- openssl-1.1.0h/crypto/rsa/rsa_gen.c.fips 2018-03-29 14:44:24.620236501 +0200 ++++ openssl-1.1.0h/crypto/rsa/rsa_gen.c 2018-03-29 15:20:36.277287100 +0200 +@@ -18,6 +18,75 @@ + #include "internal/cryptlib.h" + #include + #include "rsa_locl.h" ++#ifdef OPENSSL_FIPS ++# include ++# include "internal/fips_int.h" + +int fips_check_rsa(RSA *rsa) +{ @@ -13155,221 +10883,362 @@ diff -up openssl-1.0.2h/crypto/rsa/rsa_gen.c.fips openssl-1.0.2h/crypto/rsa/rsa_ + + return ret; +} - #endif ++#endif static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, -@@ -86,7 +158,7 @@ static int rsa_builtin_keygen(RSA *rsa, + BN_GENCB *cb); +@@ -31,11 +100,303 @@ static int rsa_builtin_keygen(RSA *rsa, + */ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { - #ifdef OPENSSL_FIPS -- if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) -+ if (FIPS_module_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) - && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { - RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD); - return 0; -@@ -94,10 +166,6 @@ int RSA_generate_key_ex(RSA *rsa, int bi - #endif ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD); ++ return 0; ++ } ++#endif if (rsa->meth->rsa_keygen) return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); --#ifdef OPENSSL_FIPS -- if (FIPS_mode()) -- return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb); --#endif return rsa_builtin_keygen(rsa, bits, e_value, cb); } -@@ -110,6 +178,20 @@ static int rsa_builtin_keygen(RSA *rsa, - int bitsp, bitsq, ok = -1, n = 0; - BN_CTX *ctx = NULL; - +#ifdef OPENSSL_FIPS -+ if (FIPS_module_mode()) { -+ if (FIPS_selftest_failed()) { -+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED); -+ return 0; ++static int fips_rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, ++ BN_GENCB *cb) ++{ ++ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; ++ BN_CTX *ctx = NULL; ++ int ok = -1; ++ int i; ++ int n = 0; ++ int test = 0; ++ int pbits = bits / 2; ++ unsigned long error = 0; ++ ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED); ++ return 0; ++ } ++ ++ if ((pbits & 0xFF) ++ || (getenv("OPENSSL_ENFORCE_MODULUS_BITS") && bits < 2048)) { ++ FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_INVALID_KEY_LENGTH); ++ return 0; ++ } ++ ++ ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ goto err; ++ BN_CTX_start(ctx); ++ r0 = BN_CTX_get(ctx); ++ r1 = BN_CTX_get(ctx); ++ r2 = BN_CTX_get(ctx); ++ r3 = BN_CTX_get(ctx); ++ ++ if (r3 == NULL) ++ goto err; ++ ++ /* We need the RSA components non-NULL */ ++ if (!rsa->n && ((rsa->n = BN_new()) == NULL)) ++ goto err; ++ if (!rsa->d && ((rsa->d = BN_secure_new()) == NULL)) ++ goto err; ++ if (!rsa->e && ((rsa->e = BN_new()) == NULL)) ++ goto err; ++ if (!rsa->p && ((rsa->p = BN_secure_new()) == NULL)) ++ goto err; ++ if (!rsa->q && ((rsa->q = BN_secure_new()) == NULL)) ++ goto err; ++ if (!rsa->dmp1 && ((rsa->dmp1 = BN_secure_new()) == NULL)) ++ goto err; ++ if (!rsa->dmq1 && ((rsa->dmq1 = BN_secure_new()) == NULL)) ++ goto err; ++ if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL)) ++ goto err; ++ ++ if (!BN_set_word(r0, RSA_F4)) ++ goto err; ++ if (BN_cmp(e_value, r0) < 0 || BN_num_bits(e_value) > 256) { ++ ok = 0; /* we set our own err */ ++ RSAerr(RSA_F_FIPS_RSA_BUILTIN_KEYGEN, RSA_R_BAD_E_VALUE); ++ goto err; ++ } ++ ++ /* prepare approximate minimum p and q */ ++ if (!BN_set_word(r0, 0xB504F334)) ++ goto err; ++ if (!BN_lshift(r0, r0, pbits - 32)) ++ goto err; ++ ++ /* prepare minimum p and q difference */ ++ if (!BN_one(r3)) ++ goto err; ++ if (!BN_lshift(r3, r3, pbits - 100)) ++ goto err; ++ ++ BN_copy(rsa->e, e_value); ++ ++ if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q)) ++ test = 1; ++ ++ BN_set_flags(r2, BN_FLG_CONSTTIME); ++ ++ retry: ++ /* generate p and q */ ++ for (i = 0; i < 5 * pbits; i++) { ++ ploop: ++ if (!test) ++ if (!BN_rand(rsa->p, pbits, 0, 1)) ++ goto err; ++ if (BN_cmp(rsa->p, r0) < 0) { ++ if (test) ++ goto err; ++ goto ploop; + } + ++ if (!BN_sub(r2, rsa->p, BN_value_one())) ++ goto err; ++ ERR_set_mark(); ++ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { ++ /* GCD == 1 since inverse exists */ ++ int r; ++ r = BN_is_prime_fasttest_ex(rsa->p, pbits > 1024 ? 4 : 5, ctx, 0, ++ cb); ++ if (r == -1 || (test && r <= 0)) ++ goto err; ++ if (r > 0) ++ break; ++ } else { ++ error = ERR_peek_last_error(); ++ if (ERR_GET_LIB(error) == ERR_LIB_BN ++ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { ++ /* GCD != 1 */ ++ ERR_pop_to_mark(); ++ } else { ++ goto err; ++ } ++ } ++ if (!BN_GENCB_call(cb, 2, n++)) ++ goto err; ++ } ++ ++ if (!BN_GENCB_call(cb, 3, 0)) ++ goto err; ++ ++ if (i >= 5 * pbits) ++ /* prime not found */ ++ goto err; ++ ++ for (i = 0; i < 5 * pbits; i++) { ++ qloop: ++ if (!test) ++ if (!BN_rand(rsa->q, pbits, 0, 1)) ++ goto err; ++ if (BN_cmp(rsa->q, r0) < 0) { ++ if (test) ++ goto err; ++ goto qloop; ++ } ++ if (!BN_sub(r2, rsa->q, rsa->p)) ++ goto err; ++ if (BN_ucmp(r2, r3) <= 0) { ++ if (test) ++ goto err; ++ goto qloop; ++ } ++ ++ if (!BN_sub(r2, rsa->q, BN_value_one())) ++ goto err; ++ ERR_set_mark(); ++ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { ++ /* GCD == 1 since inverse exists */ ++ int r; ++ r = BN_is_prime_fasttest_ex(rsa->q, pbits > 1024 ? 4 : 5, ctx, 0, ++ cb); ++ if (r == -1 || (test && r <= 0)) ++ goto err; ++ if (r > 0) ++ break; ++ } else { ++ error = ERR_peek_last_error(); ++ if (ERR_GET_LIB(error) == ERR_LIB_BN ++ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { ++ /* GCD != 1 */ ++ ERR_pop_to_mark(); ++ } else { ++ goto err; ++ } ++ } ++ if (!BN_GENCB_call(cb, 2, n++)) ++ goto err; ++ } ++ ++ if (!BN_GENCB_call(cb, 3, 1)) ++ goto err; ++ ++ if (i >= 5 * pbits) ++ /* prime not found */ ++ goto err; ++ ++ if (test) { ++ /* do not try to calculate the remaining key values */ ++ BN_clear(rsa->n); ++ ok = 1; ++ goto err; ++ } ++ ++ if (BN_cmp(rsa->p, rsa->q) < 0) { ++ tmp = rsa->p; ++ rsa->p = rsa->q; ++ rsa->q = tmp; ++ } ++ ++ /* calculate n */ ++ if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) ++ goto err; ++ ++ /* calculate d */ ++ if (!BN_sub(r1, rsa->p, BN_value_one())) ++ goto err; /* p-1 */ ++ if (!BN_sub(r2, rsa->q, BN_value_one())) ++ goto err; /* q-1 */ ++ ++ if (!BN_gcd(r0, r1, r2, ctx)) ++ goto err; ++ ++ { ++ BIGNUM *pr0 = BN_new(); ++ ++ if (pr0 == NULL) ++ goto err; ++ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); ++ ++ if (!BN_div(pr0, NULL, r1, pr0, ctx)) { ++ BN_free(pr0); ++ goto err; ++ } ++ ++ if (!BN_mul(pr0, pr0, r2, ctx)) { /* lcm(p-1, q-1) */ ++ BN_free(pr0); ++ goto err; ++ } ++ ++ if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) { /* d */ ++ BN_free(pr0); ++ goto err; ++ } ++ ++ /* We MUST free pr0 before any further use of r0 */ ++ BN_free(pr0); ++ } ++ ++ if (BN_num_bits(rsa->d) < pbits) ++ goto retry; /* d is too small */ ++ ++ { ++ BIGNUM *d = BN_new(); ++ ++ if (d == NULL) ++ goto err; ++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); ++ ++ if (/* calculate d mod (p-1) */ ++ !BN_mod(rsa->dmp1, d, r1, ctx) ++ /* calculate d mod (q-1) */ ++ || !BN_mod(rsa->dmq1, d, r2, ctx)) { ++ BN_free(d); ++ goto err; ++ } ++ /* We MUST free d before any further use of rsa->d */ ++ BN_free(d); ++ } ++ ++ { ++ BIGNUM *p = BN_new(); ++ ++ if (p == NULL) ++ goto err; ++ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); ++ ++ /* calculate inverse of q mod p */ ++ if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) { ++ BN_free(p); ++ goto err; ++ } ++ /* We MUST free p before any further use of rsa->p */ ++ BN_free(p); ++ } ++ ++ if (!fips_check_rsa(rsa)) ++ goto err; ++ ++ ok = 1; ++ err: ++ if (ok == -1) { ++ RSAerr(RSA_F_FIPS_RSA_BUILTIN_KEYGEN, ERR_LIB_BN); ++ ok = 0; ++ } ++ if (ctx != NULL) { ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ } ++ ++ return ok; ++} ++#endif ++ + static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, + BN_GENCB *cb) + { +@@ -44,6 +405,16 @@ static int rsa_builtin_keygen(RSA *rsa, + BN_CTX *ctx = NULL; + unsigned long error = 0; + ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { + if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) { + FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_KEY_TOO_SHORT); + return 0; + } ++ return fips_rsa_builtin_keygen(rsa, bits, e_value, cb); + } +#endif + - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; -@@ -235,6 +317,16 @@ static int rsa_builtin_keygen(RSA *rsa, - if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) - goto err; - -+#ifdef OPENSSL_FIPS -+ if (FIPS_module_mode()) { -+ if (fips_rsa_pairwise_fail) -+ BN_add_word(rsa->n, 1); -+ -+ if (!fips_check_rsa(rsa)) -+ goto err; -+ } -+#endif -+ - ok = 1; - err: - if (ok == -1) { -diff -up openssl-1.0.2h/crypto/rsa/rsa.h.fips openssl-1.0.2h/crypto/rsa/rsa.h ---- openssl-1.0.2h/crypto/rsa/rsa.h.fips 2016-05-03 16:57:58.696318040 +0200 -+++ openssl-1.0.2h/crypto/rsa/rsa.h 2016-05-03 16:57:58.834321299 +0200 -@@ -168,6 +168,8 @@ struct rsa_st { - # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 - # endif - -+# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 -+ - # ifndef OPENSSL_RSA_SMALL_MODULUS_BITS - # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 - # endif -@@ -329,6 +331,13 @@ RSA *RSA_generate_key(int bits, unsigned - - /* New version */ - int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); -+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, -+ BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, -+ const BIGNUM *Xp, const BIGNUM *Xq1, -+ const BIGNUM *Xq2, const BIGNUM *Xq, -+ const BIGNUM *e, BN_GENCB *cb); -+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, -+ BN_GENCB *cb); - - int RSA_check_key(const RSA *); - /* next 4 return -1 on error */ -@@ -538,7 +547,7 @@ void ERR_load_RSA_strings(void); - # define RSA_F_RSA_ALGOR_TO_MD 157 - # define RSA_F_RSA_BUILTIN_KEYGEN 129 - # define RSA_F_RSA_CHECK_KEY 123 --# define RSA_F_RSA_CMS_DECRYPT 158 -+# define RSA_F_RSA_CMS_DECRYPT 258 - # define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 - # define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 - # define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 -@@ -559,7 +568,7 @@ void ERR_load_RSA_strings(void); - # define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 - # define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 160 - # define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 --# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148 -+# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 158 - # define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 - # define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 - # define RSA_F_RSA_PADDING_ADD_SSLV23 110 -@@ -573,21 +582,23 @@ void ERR_load_RSA_strings(void); - # define RSA_F_RSA_PADDING_CHECK_X931 128 - # define RSA_F_RSA_PRINT 115 - # define RSA_F_RSA_PRINT_FP 116 --# define RSA_F_RSA_PRIVATE_DECRYPT 150 --# define RSA_F_RSA_PRIVATE_ENCRYPT 151 -+# define RSA_F_RSA_PRIVATE_DECRYPT 157 -+# define RSA_F_RSA_PRIVATE_ENCRYPT 148 - # define RSA_F_RSA_PRIV_DECODE 137 - # define RSA_F_RSA_PRIV_ENCODE 138 - # define RSA_F_RSA_PSS_TO_CTX 162 --# define RSA_F_RSA_PUBLIC_DECRYPT 152 -+# define RSA_F_RSA_PUBLIC_DECRYPT 149 - # define RSA_F_RSA_PUBLIC_ENCRYPT 153 - # define RSA_F_RSA_PUB_DECODE 139 - # define RSA_F_RSA_SETUP_BLINDING 136 -+# define RSA_F_RSA_SET_DEFAULT_METHOD 150 -+# define RSA_F_RSA_SET_METHOD 151 - # define RSA_F_RSA_SIGN 117 - # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 - # define RSA_F_RSA_VERIFY 119 - # define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 - # define RSA_F_RSA_VERIFY_PKCS1_PSS 126 --# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149 -+# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 152 - - /* Reason codes. */ - # define RSA_R_ALGORITHM_MISMATCH 100 -@@ -620,21 +631,22 @@ void ERR_load_RSA_strings(void); - # define RSA_R_INVALID_OAEP_PARAMETERS 162 - # define RSA_R_INVALID_PADDING 138 - # define RSA_R_INVALID_PADDING_MODE 141 --# define RSA_R_INVALID_PSS_PARAMETERS 149 -+# define RSA_R_INVALID_PSS_PARAMETERS 157 - # define RSA_R_INVALID_PSS_SALTLEN 146 --# define RSA_R_INVALID_SALT_LENGTH 150 -+# define RSA_R_INVALID_SALT_LENGTH 158 - # define RSA_R_INVALID_TRAILER 139 - # define RSA_R_INVALID_X931_DIGEST 142 - # define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 - # define RSA_R_KEY_SIZE_TOO_SMALL 120 - # define RSA_R_LAST_OCTET_INVALID 134 - # define RSA_R_MODULUS_TOO_LARGE 105 --# define RSA_R_NON_FIPS_RSA_METHOD 157 -+# define RSA_R_NON_FIPS_RSA_METHOD 149 -+# define RSA_R_NON_FIPS_METHOD 149 - # define RSA_R_NO_PUBLIC_EXPONENT 140 - # define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 - # define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 - # define RSA_R_OAEP_DECODING_ERROR 121 --# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 -+# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 150 - # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 - # define RSA_R_PADDING_CHECK_FAILED 114 - # define RSA_R_PKCS_DECODING_ERROR 159 -diff -up openssl-1.0.2h/crypto/rsa/rsa_lib.c.fips openssl-1.0.2h/crypto/rsa/rsa_lib.c ---- openssl-1.0.2h/crypto/rsa/rsa_lib.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/rsa/rsa_lib.c 2016-05-03 16:57:58.834321299 +0200 -@@ -84,23 +84,22 @@ RSA *RSA_new(void) - - void RSA_set_default_method(const RSA_METHOD *meth) - { -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) { -+ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD); -+ return; -+ } -+#endif - default_RSA_meth = meth; - } - - const RSA_METHOD *RSA_get_default_method(void) - { - if (default_RSA_meth == NULL) { --#ifdef OPENSSL_FIPS -- if (FIPS_mode()) -- return FIPS_rsa_pkcs1_ssleay(); -- else -- return RSA_PKCS1_SSLeay(); --#else --# ifdef RSA_NULL -+#ifdef RSA_NULL - default_RSA_meth = RSA_null_method(); --# else -+#else - default_RSA_meth = RSA_PKCS1_SSLeay(); --# endif - #endif - } - -@@ -119,6 +118,12 @@ int RSA_set_method(RSA *rsa, const RSA_M + /* + * When generating ridiculously small keys, we can get stuck + * continually regenerating the same prime values. +diff -up openssl-1.1.0h/crypto/rsa/rsa_lib.c.fips openssl-1.1.0h/crypto/rsa/rsa_lib.c +--- openssl-1.1.0h/crypto/rsa/rsa_lib.c.fips 2018-03-27 15:50:39.000000000 +0200 ++++ openssl-1.1.0h/crypto/rsa/rsa_lib.c 2018-03-29 14:44:24.638236924 +0200 +@@ -32,6 +32,12 @@ int RSA_set_method(RSA *rsa, const RSA_M * to deal with which ENGINE it comes from. */ const RSA_METHOD *mtmp; +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) { -+ RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD); ++ RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_RSA_METHOD); + return 0; + } +#endif mtmp = rsa->meth; if (mtmp->finish) mtmp->finish(rsa); -@@ -165,6 +170,17 @@ RSA *RSA_new_method(ENGINE *engine) +@@ -64,7 +70,6 @@ RSA *RSA_new_method(ENGINE *engine) + + ret->meth = RSA_get_default_method(); + #ifndef OPENSSL_NO_ENGINE +- ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; + if (engine) { + if (!ENGINE_init(engine)) { + RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); +@@ -81,8 +86,19 @@ RSA *RSA_new_method(ENGINE *engine) } } #endif +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD)) { -+ RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD); ++ RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_RSA_METHOD); +# ifndef OPENSSL_NO_ENGINE + if (ret->engine) + ENGINE_finish(ret->engine); @@ -13379,180 +11248,178 @@ diff -up openssl-1.0.2h/crypto/rsa/rsa_lib.c.fips openssl-1.0.2h/crypto/rsa/rsa_ + } +#endif - ret->pad = 0; - ret->version = 0; -@@ -183,7 +199,7 @@ RSA *RSA_new_method(ENGINE *engine) - ret->blinding = NULL; - ret->mt_blinding = NULL; - ret->bignum_data = NULL; - ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; + ret->flags = ret->meth->flags; if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { - #ifndef OPENSSL_NO_ENGINE - if (ret->engine) -diff -up openssl-1.0.2h/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.2h/crypto/rsa/rsa_pmeth.c ---- openssl-1.0.2h/crypto/rsa/rsa_pmeth.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/rsa/rsa_pmeth.c 2016-05-03 16:57:58.835321323 +0200 -@@ -228,20 +228,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c - RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); - return -1; - } --#ifdef OPENSSL_FIPS -- if (ret > 0) { -- unsigned int slen; -- ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md, -- rctx->pad_mode, -- rctx->saltlen, -- rctx->mgf1md, sig, &slen); -- if (ret > 0) -- *siglen = slen; -- else -- *siglen = 0; -- return ret; -- } --#endif - - if (EVP_MD_type(rctx->md) == NID_mdc2) { - unsigned int sltmp; -@@ -359,17 +345,6 @@ static int pkey_rsa_verify(EVP_PKEY_CTX - } - #endif - if (rctx->md) { --#ifdef OPENSSL_FIPS -- if (rv > 0) { -- return FIPS_rsa_verify_digest(rsa, -- tbs, tbslen, -- rctx->md, -- rctx->pad_mode, -- rctx->saltlen, -- rctx->mgf1md, sig, siglen); -- -- } --#endif - if (rctx->pad_mode == RSA_PKCS1_PADDING) - return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, - sig, siglen, rsa); -diff -up openssl-1.0.2h/crypto/rsa/rsa_sign.c.fips openssl-1.0.2h/crypto/rsa/rsa_sign.c ---- openssl-1.0.2h/crypto/rsa/rsa_sign.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/rsa/rsa_sign.c 2016-05-03 16:57:58.835321323 +0200 -@@ -132,7 +132,10 @@ int RSA_sign(int type, const unsigned ch - i2d_X509_SIG(&sig, &p); - s = tmps; - } -- i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING); -+ /* NB: call underlying method directly to avoid FIPS blocking */ -+ i = rsa->meth->rsa_priv_enc ? rsa->meth->rsa_priv_enc(i, s, sigret, rsa, -+ RSA_PKCS1_PADDING) : -+ 0; - if (i <= 0) - ret = 0; - else -@@ -188,8 +191,10 @@ int int_rsa_verify(int dtype, const unsi - } - - if ((dtype == NID_md5_sha1) && rm) { -- i = RSA_public_decrypt((int)siglen, -- sigbuf, rm, rsa, RSA_PKCS1_PADDING); -+ i = rsa->meth->rsa_pub_dec ? rsa->meth->rsa_pub_dec((int)siglen, -+ sigbuf, rm, rsa, -+ RSA_PKCS1_PADDING) -+ : 0; - if (i <= 0) - return 0; - *prm_len = i; -@@ -205,7 +210,11 @@ int int_rsa_verify(int dtype, const unsi - RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH); goto err; } -- i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING); -+ /* NB: call underlying method directly to avoid FIPS blocking */ -+ i = rsa->meth->rsa_pub_dec ? rsa->meth->rsa_pub_dec((int)siglen, sigbuf, -+ s, rsa, -+ RSA_PKCS1_PADDING) : -+ 0; +diff -up openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0h/crypto/rsa/rsa_ossl.c +--- openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips 2018-03-27 15:50:39.000000000 +0200 ++++ openssl-1.1.0h/crypto/rsa/rsa_ossl.c 2018-03-29 14:44:24.638236924 +0200 +@@ -11,6 +11,10 @@ + #include "internal/bn_int.h" + #include "rsa_locl.h" - if (i <= 0) - goto err; -diff -up openssl-1.0.2h/crypto/sha/sha.h.fips openssl-1.0.2h/crypto/sha/sha.h ---- openssl-1.0.2h/crypto/sha/sha.h.fips 2016-05-03 16:57:58.413311358 +0200 -+++ openssl-1.0.2h/crypto/sha/sha.h 2016-05-03 16:57:58.835321323 +0200 -@@ -105,9 +105,6 @@ typedef struct SHAstate_st { - } SHA_CTX; ++#ifdef OPENSSL_FIPS ++# include ++#endif ++ + static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, +@@ -45,6 +49,12 @@ static const RSA_METHOD *default_RSA_met - # ifndef OPENSSL_NO_SHA0 --# ifdef OPENSSL_FIPS --int private_SHA_Init(SHA_CTX *c); --# endif - int SHA_Init(SHA_CTX *c); - int SHA_Update(SHA_CTX *c, const void *data, size_t len); - int SHA_Final(unsigned char *md, SHA_CTX *c); -@@ -115,9 +112,6 @@ unsigned char *SHA(const unsigned char * - void SHA_Transform(SHA_CTX *c, const unsigned char *data); - # endif - # ifndef OPENSSL_NO_SHA1 --# ifdef OPENSSL_FIPS --int private_SHA1_Init(SHA_CTX *c); --# endif - int SHA1_Init(SHA_CTX *c); - int SHA1_Update(SHA_CTX *c, const void *data, size_t len); - int SHA1_Final(unsigned char *md, SHA_CTX *c); -@@ -139,10 +133,6 @@ typedef struct SHA256state_st { - } SHA256_CTX; - - # ifndef OPENSSL_NO_SHA256 --# ifdef OPENSSL_FIPS --int private_SHA224_Init(SHA256_CTX *c); --int private_SHA256_Init(SHA256_CTX *c); --# endif - int SHA224_Init(SHA256_CTX *c); - int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); - int SHA224_Final(unsigned char *md, SHA256_CTX *c); -@@ -192,10 +182,6 @@ typedef struct SHA512state_st { - # endif - - # ifndef OPENSSL_NO_SHA512 --# ifdef OPENSSL_FIPS --int private_SHA384_Init(SHA512_CTX *c); --int private_SHA512_Init(SHA512_CTX *c); --# endif - int SHA384_Init(SHA512_CTX *c); - int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); - int SHA384_Final(unsigned char *md, SHA512_CTX *c); -diff -up openssl-1.0.2h/crypto/sha/sha_locl.h.fips openssl-1.0.2h/crypto/sha/sha_locl.h ---- openssl-1.0.2h/crypto/sha/sha_locl.h.fips 2016-05-03 16:57:58.415311405 +0200 -+++ openssl-1.0.2h/crypto/sha/sha_locl.h 2016-05-03 16:57:58.835321323 +0200 -@@ -123,11 +123,14 @@ void sha1_block_data_order(SHA_CTX *c, c - #define INIT_DATA_h4 0xc3d2e1f0UL - - #ifdef SHA_0 --fips_md_init(SHA) -+nonfips_md_init(SHA) - #else - fips_md_init_ctx(SHA1, SHA) - #endif + void RSA_set_default_method(const RSA_METHOD *meth) { -+#if defined(SHA_1) && defined(OPENSSL_FIPS) ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) { ++ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_RSA_METHOD); ++ return; ++ } ++#endif + default_RSA_meth = meth; + } + +@@ -66,6 +76,22 @@ static int rsa_ossl_public_encrypt(int f + unsigned char *buf = NULL; + BN_CTX *ctx = NULL; + ++# ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT, ++ FIPS_R_FIPS_SELFTEST_FAILED); ++ goto err; ++ } ++ ++ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) ++ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { ++ RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); ++ return -1; ++ } ++ } ++# endif ++ + if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { + RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); + return -1; +@@ -245,6 +271,22 @@ static int rsa_ossl_private_encrypt(int + BIGNUM *unblind = NULL; + BN_BLINDING *blinding = NULL; + ++# ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT, ++ FIPS_R_FIPS_SELFTEST_FAILED); ++ return -1; ++ } ++ ++ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) ++ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { ++ RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); ++ return -1; ++ } ++ } ++# endif ++ + if ((ctx = BN_CTX_new()) == NULL) + goto err; + BN_CTX_start(ctx); +@@ -380,6 +422,22 @@ static int rsa_ossl_private_decrypt(int + BIGNUM *unblind = NULL; + BN_BLINDING *blinding = NULL; + ++# ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_RSA_OSSL_PRIVATE_DECRYPT, ++ FIPS_R_FIPS_SELFTEST_FAILED); ++ return -1; ++ } ++ ++ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) ++ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { ++ RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); ++ return -1; ++ } ++ } ++# endif ++ + if ((ctx = BN_CTX_new()) == NULL) + goto err; + BN_CTX_start(ctx); +@@ -504,6 +562,22 @@ static int rsa_ossl_public_decrypt(int f + unsigned char *buf = NULL; + BN_CTX *ctx = NULL; + ++# ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_RSA_OSSL_PUBLIC_DECRYPT, ++ FIPS_R_FIPS_SELFTEST_FAILED); ++ goto err; ++ } ++ ++ if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) ++ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { ++ RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); ++ return -1; ++ } ++ } ++# endif ++ + if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { + RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); + return -1; +diff -up openssl-1.1.0h/crypto/rsa/rsa_sign.c.fips openssl-1.1.0h/crypto/rsa/rsa_sign.c +--- openssl-1.1.0h/crypto/rsa/rsa_sign.c.fips 2018-03-27 15:50:39.000000000 +0200 ++++ openssl-1.1.0h/crypto/rsa/rsa_sign.c 2018-03-29 14:44:24.638236924 +0200 +@@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch + unsigned char *tmps = NULL; + const unsigned char *encoded = NULL; + ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD); ++ return 0; ++ } ++#endif + if (rsa->meth->rsa_sign) { + return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); + } +@@ -100,8 +107,9 @@ int RSA_sign(int type, const unsigned ch + RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); + goto err; + } +- encrypt_len = RSA_private_encrypt(encoded_len, encoded, sigret, rsa, +- RSA_PKCS1_PADDING); ++ /* NB: call underlying method directly to avoid FIPS blocking */ ++ encrypt_len = rsa->meth->rsa_priv_enc ? rsa->meth->rsa_priv_enc(encoded_len, encoded, sigret, rsa, ++ RSA_PKCS1_PADDING) : 0; + if (encrypt_len <= 0) + goto err; + +diff -up openssl-1.1.0h/crypto/sha/sha_locl.h.fips openssl-1.1.0h/crypto/sha/sha_locl.h +--- openssl-1.1.0h/crypto/sha/sha_locl.h.fips 2018-03-29 14:44:24.237227506 +0200 ++++ openssl-1.1.0h/crypto/sha/sha_locl.h 2018-03-29 14:44:24.638236924 +0200 +@@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c + + int HASH_INIT(SHA_CTX *c) + { ++#if defined(OPENSSL_FIPS) + FIPS_selftest_check(); +#endif memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -diff -up openssl-1.0.2h/crypto/sha/sha256.c.fips openssl-1.0.2h/crypto/sha/sha256.c ---- openssl-1.0.2h/crypto/sha/sha256.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/sha/sha256.c 2016-05-03 16:57:58.835321323 +0200 -@@ -12,12 +12,19 @@ +diff -up openssl-1.1.0h/crypto/sha/sha256.c.fips openssl-1.1.0h/crypto/sha/sha256.c +--- openssl-1.1.0h/crypto/sha/sha256.c.fips 2018-03-27 15:50:39.000000000 +0200 ++++ openssl-1.1.0h/crypto/sha/sha256.c 2018-03-29 14:44:24.639236948 +0200 +@@ -18,6 +18,9 @@ - # include - # include -+# ifdef OPENSSL_FIPS -+# include -+# endif -+ - # include - - const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT; - - fips_md_init_ctx(SHA224, SHA256) + int SHA224_Init(SHA256_CTX *c) { +# ifdef OPENSSL_FIPS + FIPS_selftest_check(); @@ -13560,9 +11427,9 @@ diff -up openssl-1.0.2h/crypto/sha/sha256.c.fips openssl-1.0.2h/crypto/sha/sha25 memset(c, 0, sizeof(*c)); c->h[0] = 0xc1059ed8UL; c->h[1] = 0x367cd507UL; -@@ -33,6 +40,9 @@ fips_md_init_ctx(SHA224, SHA256) +@@ -33,6 +36,9 @@ int SHA224_Init(SHA256_CTX *c) - fips_md_init(SHA256) + int SHA256_Init(SHA256_CTX *c) { +# ifdef OPENSSL_FIPS + FIPS_selftest_check(); @@ -13570,23 +11437,12 @@ diff -up openssl-1.0.2h/crypto/sha/sha256.c.fips openssl-1.0.2h/crypto/sha/sha25 memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -diff -up openssl-1.0.2h/crypto/sha/sha512.c.fips openssl-1.0.2h/crypto/sha/sha512.c ---- openssl-1.0.2h/crypto/sha/sha512.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/sha/sha512.c 2016-05-03 16:57:58.835321323 +0200 -@@ -5,6 +5,10 @@ - * ==================================================================== - */ - #include -+#ifdef OPENSSL_FIPS -+# include -+#endif -+ - #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) - /*- - * IMPLEMENTATION NOTES. -@@ -62,6 +66,9 @@ const char SHA512_version[] = "SHA-512" +diff -up openssl-1.1.0h/crypto/sha/sha512.c.fips openssl-1.1.0h/crypto/sha/sha512.c +--- openssl-1.1.0h/crypto/sha/sha512.c.fips 2018-03-27 15:50:39.000000000 +0200 ++++ openssl-1.1.0h/crypto/sha/sha512.c 2018-03-29 14:44:24.639236948 +0200 +@@ -62,6 +62,9 @@ - fips_md_init_ctx(SHA384, SHA512) + int SHA384_Init(SHA512_CTX *c) { +# ifdef OPENSSL_FIPS + FIPS_selftest_check(); @@ -13594,9 +11450,9 @@ diff -up openssl-1.0.2h/crypto/sha/sha512.c.fips openssl-1.0.2h/crypto/sha/sha51 c->h[0] = U64(0xcbbb9d5dc1059ed8); c->h[1] = U64(0x629a292a367cd507); c->h[2] = U64(0x9159015a3070dd17); -@@ -80,6 +87,9 @@ fips_md_init_ctx(SHA384, SHA512) +@@ -80,6 +83,9 @@ int SHA384_Init(SHA512_CTX *c) - fips_md_init(SHA512) + int SHA512_Init(SHA512_CTX *c) { +# ifdef OPENSSL_FIPS + FIPS_selftest_check(); @@ -13604,109 +11460,815 @@ diff -up openssl-1.0.2h/crypto/sha/sha512.c.fips openssl-1.0.2h/crypto/sha/sha51 c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -diff -up openssl-1.0.2h/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.2h/crypto/whrlpool/wp_dgst.c ---- openssl-1.0.2h/crypto/whrlpool/wp_dgst.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/crypto/whrlpool/wp_dgst.c 2016-05-03 16:57:58.836321346 +0200 -@@ -55,7 +55,7 @@ - #include - #include +diff -up openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod +--- openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod.fips 2018-03-27 15:50:39.000000000 +0200 ++++ openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod 2018-03-29 14:44:24.639236948 +0200 +@@ -29,8 +29,10 @@ B is the length of the prime p to + For lengths under 2048 bits, the length of q is 160 bits; for lengths + greater than or equal to 2048 bits, the length of q is set to 256 bits. --fips_md_init(WHIRLPOOL) -+nonfips_md_init(WHIRLPOOL) - { - memset(c, 0, sizeof(*c)); - return (1); -diff -up openssl-1.0.2h/Makefile.org.fips openssl-1.0.2h/Makefile.org ---- openssl-1.0.2h/Makefile.org.fips 2016-05-03 16:57:58.791320284 +0200 -+++ openssl-1.0.2h/Makefile.org 2016-05-03 16:57:58.836321346 +0200 -@@ -137,6 +137,9 @@ FIPSCANLIB= +-If B is NULL, the primes will be generated at random. +-If B is less than the length of q, an error is returned. ++If B is NULL, or it does not generate primes, the primes will be ++generated at random. ++If B is less than the length of q, an error is returned ++if old DSA parameter generation method is used as a backend. - BASEADDR= + DSA_generate_parameters_ex() places the iteration count in + *B and a counter used for finding a generator in +diff -up openssl-1.1.0h/include/openssl/crypto.h.fips openssl-1.1.0h/include/openssl/crypto.h +--- openssl-1.1.0h/include/openssl/crypto.h.fips 2018-03-27 15:50:40.000000000 +0200 ++++ openssl-1.1.0h/include/openssl/crypto.h 2018-03-29 14:44:24.640236971 +0200 +@@ -336,6 +336,11 @@ int OPENSSL_isservice(void); + int FIPS_mode(void); + int FIPS_mode_set(int r); -+# Non-empty if FIPS enabled -+FIPS= ++# ifdef OPENSSL_FIPS ++/* die if FIPS selftest failed */ ++void FIPS_selftest_check(void); ++# endif + - DIRS= crypto ssl engines apps test tools - ENGDIRS= ccgost - SHLIBDIRS= crypto ssl -@@ -149,7 +152,7 @@ SDIRS= \ - bn ec rsa dsa ecdsa dh ecdh dso engine \ - buffer bio stack lhash rand err \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ -- cms pqueue ts jpake srp store cmac -+ cms pqueue ts jpake srp store cmac fips - # keep in mind that the above list is adjusted by ./Configure - # according to no-xxx arguments... + void OPENSSL_init(void); -@@ -239,6 +242,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM) - FIPSLIBDIR='${FIPSLIBDIR}' \ - FIPSDIR='${FIPSDIR}' \ - FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ -+ FIPS="$${FIPS:-$(FIPS)}" \ - THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= - # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, - # which in turn eliminates ambiguities in variable treatment with -e. -diff -up openssl-1.0.2h/ssl/ssl_algs.c.fips openssl-1.0.2h/ssl/ssl_algs.c ---- openssl-1.0.2h/ssl/ssl_algs.c.fips 2016-05-03 15:44:42.000000000 +0200 -+++ openssl-1.0.2h/ssl/ssl_algs.c 2016-05-03 16:57:58.836321346 +0200 -@@ -64,6 +64,11 @@ - int SSL_library_init(void) - { + struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); +diff -up openssl-1.1.0h/include/openssl/dh.h.fips openssl-1.1.0h/include/openssl/dh.h +--- openssl-1.1.0h/include/openssl/dh.h.fips 2018-03-27 15:50:40.000000000 +0200 ++++ openssl-1.1.0h/include/openssl/dh.h 2018-03-29 14:44:24.640236971 +0200 +@@ -30,6 +30,7 @@ extern "C" { + # endif + # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 ++# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048 + + # define DH_FLAG_CACHE_MONT_P 0x01 + +@@ -325,6 +326,9 @@ int ERR_load_DH_strings(void); + # define DH_F_DH_CMS_DECRYPT 114 + # define DH_F_DH_CMS_SET_PEERKEY 115 + # define DH_F_DH_CMS_SET_SHARED_INFO 116 ++# define DH_F_DH_COMPUTE_KEY 203 ++# define DH_F_DH_GENERATE_KEY 202 ++# define DH_F_DH_GENERATE_PARAMETERS_EX 201 + # define DH_F_DH_METH_DUP 117 + # define DH_F_DH_METH_NEW 118 + # define DH_F_DH_METH_SET1_NAME 119 +@@ -346,10 +350,12 @@ int ERR_load_DH_strings(void); + # define DH_R_DECODE_ERROR 104 + # define DH_R_INVALID_PUBKEY 102 + # define DH_R_KDF_PARAMETER_ERROR 112 ++# define DH_R_KEY_SIZE_TOO_SMALL 201 + # define DH_R_KEYS_NOT_SET 108 + # define DH_R_MODULUS_TOO_LARGE 103 + # define DH_R_NO_PARAMETERS_SET 107 + # define DH_R_NO_PRIVATE_VALUE 100 ++# define DH_R_NON_FIPS_METHOD 202 + # define DH_R_PARAMETER_ENCODING_ERROR 105 + # define DH_R_PEER_KEY_ERROR 111 + # define DH_R_SHARED_INFO_ERROR 113 +diff -up openssl-1.1.0h/include/openssl/dsa.h.fips openssl-1.1.0h/include/openssl/dsa.h +--- openssl-1.1.0h/include/openssl/dsa.h.fips 2018-03-27 15:50:40.000000000 +0200 ++++ openssl-1.1.0h/include/openssl/dsa.h 2018-03-29 14:44:24.641236994 +0200 +@@ -36,6 +36,7 @@ extern "C" { + # endif + + # define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 ++# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN 2048 + + # define DSA_FLAG_CACHE_MONT_P 0x01 + # if OPENSSL_API_COMPAT < 0x10100000L +@@ -146,9 +147,9 @@ int DSAparams_print_fp(FILE *fp, const D + int DSA_print_fp(FILE *bp, const DSA *x, int off); + # endif + +-# define DSS_prime_checks 50 ++# define DSS_prime_checks 64 + /* +- * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of ++ * Primality test according to FIPS PUB 186-4, Appendix 2.1: 64 rounds of + * Rabin-Miller + */ + # define DSA_is_prime(n, callback, cb_arg) \ +@@ -241,8 +242,11 @@ int ERR_load_DSA_strings(void); + /* Function codes. */ + # define DSA_F_DSAPARAMS_PRINT 100 + # define DSA_F_DSAPARAMS_PRINT_FP 101 ++# define DSA_F_DSA_BUILTIN_KEYGEN 202 + # define DSA_F_DSA_BUILTIN_PARAMGEN 125 + # define DSA_F_DSA_BUILTIN_PARAMGEN2 126 ++# define DSA_F_DSA_GENERATE_KEY 201 ++# define DSA_F_DSA_GENERATE_PARAMETERS_EX 200 + # define DSA_F_DSA_DO_SIGN 112 + # define DSA_F_DSA_DO_VERIFY 113 + # define DSA_F_DSA_METH_DUP 127 +@@ -269,9 +273,12 @@ int ERR_load_DSA_strings(void); + # define DSA_R_DECODE_ERROR 104 + # define DSA_R_INVALID_DIGEST_TYPE 106 + # define DSA_R_INVALID_PARAMETERS 112 ++# define DSA_R_KEY_SIZE_INVALID 201 ++# define DSA_R_KEY_SIZE_TOO_SMALL 202 + # define DSA_R_MISSING_PARAMETERS 101 + # define DSA_R_MODULUS_TOO_LARGE 103 + # define DSA_R_NO_PARAMETERS_SET 107 ++# define DSA_R_NON_FIPS_DSA_METHOD 200 + # define DSA_R_PARAMETER_ENCODING_ERROR 105 + # define DSA_R_Q_NOT_PRIME 113 + # define DSA_R_SEED_LEN_SMALL 110 +diff -up openssl-1.1.0h/include/openssl/evp.h.fips openssl-1.1.0h/include/openssl/evp.h +--- openssl-1.1.0h/include/openssl/evp.h.fips 2018-03-27 15:50:40.000000000 +0200 ++++ openssl-1.1.0h/include/openssl/evp.h 2018-03-29 14:44:24.641236994 +0200 +@@ -1461,6 +1461,7 @@ int ERR_load_EVP_strings(void); + # define EVP_F_AES_OCB_CIPHER 169 + # define EVP_F_AES_T4_INIT_KEY 178 + # define EVP_F_AES_WRAP_CIPHER 170 ++# define EVP_F_AES_XTS_CIPHER 200 + # define EVP_F_ALG_MODULE_INIT 177 + # define EVP_F_CAMELLIA_INIT_KEY 159 + # define EVP_F_CHACHA20_POLY1305_CTRL 182 +@@ -1539,6 +1540,7 @@ int ERR_load_EVP_strings(void); + # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 + # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 + # define EVP_R_DECODE_ERROR 114 ++# define EVP_R_DISABLED_FOR_FIPS 200 + # define EVP_R_DIFFERENT_KEY_TYPES 101 + # define EVP_R_DIFFERENT_PARAMETERS 153 + # define EVP_R_ERROR_LOADING_SECTION 165 +@@ -1575,6 +1577,7 @@ int ERR_load_EVP_strings(void); + # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 + # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 + # define EVP_R_PUBLIC_KEY_NOT_RSA 106 ++# define EVP_R_TOO_LARGE 201 + # define EVP_R_UNKNOWN_CIPHER 160 + # define EVP_R_UNKNOWN_DIGEST 161 + # define EVP_R_UNKNOWN_OPTION 169 +diff -up openssl-1.1.0h/include/openssl/fips.h.fips openssl-1.1.0h/include/openssl/fips.h +--- openssl-1.1.0h/include/openssl/fips.h.fips 2018-03-29 14:44:24.641236994 +0200 ++++ openssl-1.1.0h/include/openssl/fips.h 2018-03-29 14:44:24.641236994 +0200 +@@ -0,0 +1,186 @@ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#include ++#include ++#include ++#include ++ ++#ifndef OPENSSL_FIPS ++# error FIPS is disabled. ++#endif ++ ++#ifdef OPENSSL_FIPS ++ ++# ifdef __cplusplus ++extern "C" { ++# endif ++ ++ int FIPS_selftest(void); ++ int FIPS_selftest_failed(void); ++ int FIPS_selftest_drbg_all(void); ++ ++ int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, ++ const EVP_MD *evpmd, const unsigned char *seed_in, ++ size_t seed_len, int idx, unsigned char *seed_out, ++ int *counter_ret, unsigned long *h_ret, ++ BN_GENCB *cb); ++ int FIPS_dsa_paramgen_check_g(DSA *dsa); ++ ++/* BEGIN ERROR CODES */ ++/* The following lines are auto generated by the script mkerr.pl. Any changes ++ * made after this point may be overwritten when the script is next run. ++ */ ++ int ERR_load_FIPS_strings(void); ++ ++/* Error codes for the FIPS functions. */ ++ ++/* Function codes. */ ++# define FIPS_F_DH_BUILTIN_GENPARAMS 100 ++# define FIPS_F_DRBG_RESEED 121 ++# define FIPS_F_DSA_BUILTIN_PARAMGEN2 107 ++# define FIPS_F_DSA_DO_SIGN 102 ++# define FIPS_F_DSA_DO_VERIFY 103 ++# define FIPS_F_EVP_CIPHER_CTX_NEW 137 ++# define FIPS_F_EVP_CIPHER_CTX_RESET 122 ++# define FIPS_F_ECDH_COMPUTE_KEY 123 ++# define FIPS_F_EVP_CIPHERINIT_EX 124 ++# define FIPS_F_EVP_DIGESTINIT_EX 125 ++# define FIPS_F_FIPS_CHECK_DSA 104 ++# define FIPS_F_FIPS_CHECK_EC 142 ++# define FIPS_F_FIPS_CHECK_RSA 106 ++# define FIPS_F_FIPS_DRBG_BYTES 131 ++# define FIPS_F_FIPS_DRBG_CHECK 146 ++# define FIPS_F_FIPS_DRBG_CPRNG_TEST 132 ++# define FIPS_F_FIPS_DRBG_ERROR_CHECK 136 ++# define FIPS_F_FIPS_DRBG_GENERATE 134 ++# define FIPS_F_FIPS_DRBG_INIT 135 ++# define FIPS_F_FIPS_DRBG_INSTANTIATE 138 ++# define FIPS_F_FIPS_DRBG_NEW 139 ++# define FIPS_F_FIPS_DRBG_RESEED 140 ++# define FIPS_F_FIPS_DRBG_SINGLE_KAT 141 ++# define FIPS_F_FIPS_GET_ENTROPY 147 ++# define FIPS_F_FIPS_MODULE_MODE_SET 108 ++# define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109 ++# define FIPS_F_FIPS_RAND_BYTES 114 ++# define FIPS_F_FIPS_RAND_SEED 128 ++# define FIPS_F_FIPS_RAND_SET_METHOD 126 ++# define FIPS_F_FIPS_RAND_STATUS 127 ++# define FIPS_F_FIPS_RSA_BUILTIN_KEYGEN 101 ++# define FIPS_F_FIPS_SELFTEST_AES 110 ++# define FIPS_F_FIPS_SELFTEST_AES_CCM 145 ++# define FIPS_F_FIPS_SELFTEST_AES_GCM 129 ++# define FIPS_F_FIPS_SELFTEST_AES_XTS 144 ++# define FIPS_F_FIPS_SELFTEST_CMAC 130 ++# define FIPS_F_FIPS_SELFTEST_DES 111 ++# define FIPS_F_FIPS_SELFTEST_DSA 112 ++# define FIPS_F_FIPS_SELFTEST_ECDSA 133 ++# define FIPS_F_FIPS_SELFTEST_HMAC 113 ++# define FIPS_F_FIPS_SELFTEST_SHA1 115 ++# define FIPS_F_FIPS_SELFTEST_SHA2 105 ++# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143 ++# define FIPS_F_OSSL_ECDSA_VERIFY_SIG 148 ++# define FIPS_F_RSA_BUILTIN_KEYGEN 116 ++# define FIPS_F_RSA_OSSL_INIT 149 ++# define FIPS_F_RSA_OSSL_PRIVATE_DECRYPT 117 ++# define FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT 118 ++# define FIPS_F_RSA_OSSL_PUBLIC_DECRYPT 119 ++# define FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT 120 ++ ++/* Reason codes. */ ++# define FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED 150 ++# define FIPS_R_ADDITIONAL_INPUT_TOO_LONG 125 ++# define FIPS_R_ALREADY_INSTANTIATED 134 ++# define FIPS_R_DRBG_NOT_INITIALISED 152 ++# define FIPS_R_DRBG_STUCK 103 ++# define FIPS_R_ENTROPY_ERROR_UNDETECTED 104 ++# define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105 ++# define FIPS_R_ENTROPY_SOURCE_STUCK 142 ++# define FIPS_R_ERROR_INITIALISING_DRBG 115 ++# define FIPS_R_ERROR_INSTANTIATING_DRBG 127 ++# define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 124 ++# define FIPS_R_ERROR_RETRIEVING_ENTROPY 122 ++# define FIPS_R_ERROR_RETRIEVING_NONCE 140 ++# define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 110 ++# define FIPS_R_FIPS_MODE_ALREADY_SET 102 ++# define FIPS_R_FIPS_SELFTEST_FAILED 106 ++# define FIPS_R_FUNCTION_ERROR 116 ++# define FIPS_R_GENERATE_ERROR 137 ++# define FIPS_R_GENERATE_ERROR_UNDETECTED 118 ++# define FIPS_R_INSTANTIATE_ERROR 119 ++# define FIPS_R_INTERNAL_ERROR 121 ++# define FIPS_R_INVALID_KEY_LENGTH 109 ++# define FIPS_R_IN_ERROR_STATE 123 ++# define FIPS_R_KEY_TOO_SHORT 108 ++# define FIPS_R_NONCE_ERROR_UNDETECTED 149 ++# define FIPS_R_NON_FIPS_METHOD 100 ++# define FIPS_R_NOPR_TEST1_FAILURE 145 ++# define FIPS_R_NOPR_TEST2_FAILURE 146 ++# define FIPS_R_NOT_INSTANTIATED 126 ++# define FIPS_R_PAIRWISE_TEST_FAILED 107 ++# define FIPS_R_PERSONALISATION_ERROR_UNDETECTED 128 ++# define FIPS_R_PERSONALISATION_STRING_TOO_LONG 129 ++# define FIPS_R_PR_TEST1_FAILURE 147 ++# define FIPS_R_PR_TEST2_FAILURE 148 ++# define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED 130 ++# define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG 131 ++# define FIPS_R_RESEED_COUNTER_ERROR 132 ++# define FIPS_R_RESEED_ERROR 133 ++# define FIPS_R_SELFTEST_FAILED 101 ++# define FIPS_R_SELFTEST_FAILURE 135 ++# define FIPS_R_TEST_FAILURE 117 ++# define FIPS_R_UNINSTANTIATE_ERROR 141 ++# define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138 ++# define FIPS_R_UNSUPPORTED_DRBG_TYPE 139 ++# define FIPS_R_UNSUPPORTED_PLATFORM 113 ++ ++# ifdef __cplusplus ++} ++# endif ++#endif +diff -up openssl-1.1.0h/include/openssl/fips_rand.h.fips openssl-1.1.0h/include/openssl/fips_rand.h +--- openssl-1.1.0h/include/openssl/fips_rand.h.fips 2018-03-29 14:44:24.641236994 +0200 ++++ openssl-1.1.0h/include/openssl/fips_rand.h 2018-03-29 14:44:24.641236994 +0200 +@@ -0,0 +1,145 @@ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#ifndef HEADER_FIPS_RAND_H ++# define HEADER_FIPS_RAND_H ++ ++# include ++# include ++# include ++# include ++ ++# ifdef OPENSSL_FIPS ++ ++# ifdef __cplusplus ++extern "C" { ++# endif ++ typedef struct drbg_ctx_st DRBG_CTX; ++/* DRBG external flags */ ++/* Flag for CTR mode only: use derivation function ctr_df */ ++# define DRBG_FLAG_CTR_USE_DF 0x1 ++/* PRNG is in test state */ ++# define DRBG_FLAG_TEST 0x2 ++ ++ DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags); ++ int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags); ++ int FIPS_drbg_instantiate(DRBG_CTX *dctx, ++ const unsigned char *pers, size_t perslen); ++ int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin, ++ size_t adinlen); ++ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen, ++ int prediction_resistance, ++ const unsigned char *adin, size_t adinlen); ++ ++ int FIPS_drbg_uninstantiate(DRBG_CTX *dctx); ++ void FIPS_drbg_free(DRBG_CTX *dctx); ++ ++ int FIPS_drbg_set_callbacks(DRBG_CTX *dctx, ++ size_t (*get_entropy) (DRBG_CTX *ctx, ++ unsigned char **pout, ++ int entropy, ++ size_t min_len, ++ size_t max_len), ++ void (*cleanup_entropy) (DRBG_CTX *ctx, ++ unsigned char *out, ++ size_t olen), ++ size_t entropy_blocklen, ++ size_t (*get_nonce) (DRBG_CTX *ctx, ++ unsigned char **pout, ++ int entropy, ++ size_t min_len, ++ size_t max_len), ++ void (*cleanup_nonce) (DRBG_CTX *ctx, ++ unsigned char *out, ++ size_t olen)); ++ ++ int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx, ++ size_t (*get_adin) (DRBG_CTX *ctx, ++ unsigned char ++ **pout), ++ void (*cleanup_adin) (DRBG_CTX *ctx, ++ unsigned char *out, ++ size_t olen), ++ int (*rand_seed_cb) (DRBG_CTX *ctx, ++ const void *buf, ++ int num), ++ int (*rand_add_cb) (DRBG_CTX *ctx, ++ const void *buf, ++ int num, ++ double entropy)); ++ ++ void *FIPS_drbg_get_app_data(DRBG_CTX *ctx); ++ void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data); ++ size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx); ++ int FIPS_drbg_get_strength(DRBG_CTX *dctx); ++ void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval); ++ void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval); ++ ++ int FIPS_drbg_health_check(DRBG_CTX *dctx); ++ ++ DRBG_CTX *FIPS_get_default_drbg(void); ++ const RAND_METHOD *FIPS_drbg_method(void); ++ ++ int FIPS_rand_set_method(const RAND_METHOD *meth); ++ const RAND_METHOD *FIPS_rand_get_method(void); ++ ++ void FIPS_rand_set_bits(int nbits); ++ ++ int FIPS_rand_strength(void); ++ ++/* 1.0.0 compat functions */ ++ int FIPS_rand_seed(const void *buf, int num); ++ int FIPS_rand_bytes(unsigned char *out, int outlen); ++ void FIPS_rand_reset(void); ++ int FIPS_rand_status(void); ++# ifdef __cplusplus ++} ++# endif ++# endif ++#endif +diff -up openssl-1.1.0h/include/openssl/opensslconf.h.in.fips openssl-1.1.0h/include/openssl/opensslconf.h.in +--- openssl-1.1.0h/include/openssl/opensslconf.h.in.fips 2018-03-27 15:50:40.000000000 +0200 ++++ openssl-1.1.0h/include/openssl/opensslconf.h.in 2018-03-29 14:44:24.642237018 +0200 +@@ -136,6 +136,11 @@ extern "C" { + + #define RC4_INT {- $config{rc4_int} -} + ++/* Always build FIPS module */ ++#ifndef OPENSSL_FIPS ++# define OPENSSL_FIPS ++#endif ++ + #ifdef __cplusplus + } + #endif +diff -up openssl-1.1.0h/include/openssl/rand.h.fips openssl-1.1.0h/include/openssl/rand.h +--- openssl-1.1.0h/include/openssl/rand.h.fips 2018-03-27 15:50:40.000000000 +0200 ++++ openssl-1.1.0h/include/openssl/rand.h 2018-03-29 14:44:24.642237018 +0200 +@@ -67,6 +67,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void + DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) + #endif + ++# ifdef OPENSSL_FIPS ++void RAND_set_fips_drbg_type(int type, int flags); ++int RAND_init_fips(void); ++# endif ++ + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes +@@ -79,8 +84,11 @@ int ERR_load_RAND_strings(void); + + /* Function codes. */ + # define RAND_F_RAND_BYTES 100 ++# define RAND_F_RAND_INIT_FIPS 200 + + /* Reason codes. */ ++# define RAND_R_ERROR_INITIALISING_DRBG 200 ++# define RAND_R_ERROR_INSTANTIATING_DRBG 201 + # define RAND_R_PRNG_NOT_SEEDED 100 + + # ifdef __cplusplus +diff -up openssl-1.1.0h/include/openssl/rsa.h.fips openssl-1.1.0h/include/openssl/rsa.h +--- openssl-1.1.0h/include/openssl/rsa.h.fips 2018-03-27 15:50:40.000000000 +0200 ++++ openssl-1.1.0h/include/openssl/rsa.h 2018-03-29 14:44:24.642237018 +0200 +@@ -463,6 +463,7 @@ int ERR_load_RSA_strings(void); + /* Function codes. */ + # define RSA_F_CHECK_PADDING_MD 140 + # define RSA_F_ENCODE_PKCS1 146 ++# define RSA_F_FIPS_RSA_BUILTIN_KEYGEN 206 + # define RSA_F_INT_RSA_VERIFY 145 + # define RSA_F_OLD_RSA_PRIV_DECODE 147 + # define RSA_F_PKEY_RSA_CTRL 143 +@@ -475,6 +476,7 @@ int ERR_load_RSA_strings(void); + # define RSA_F_RSA_CHECK_KEY 123 + # define RSA_F_RSA_CHECK_KEY_EX 160 + # define RSA_F_RSA_CMS_DECRYPT 159 ++# define RSA_F_RSA_GENERATE_KEY_EX 204 + # define RSA_F_RSA_ITEM_VERIFY 148 + # define RSA_F_RSA_METH_DUP 161 + # define RSA_F_RSA_METH_NEW 162 +@@ -509,9 +511,15 @@ int ERR_load_RSA_strings(void); + # define RSA_F_RSA_PRINT 115 + # define RSA_F_RSA_PRINT_FP 116 + # define RSA_F_RSA_PRIV_ENCODE 138 ++# define RSA_F_RSA_PRIVATE_DECRYPT 200 ++# define RSA_F_RSA_PRIVATE_ENCRYPT 201 + # define RSA_F_RSA_PSS_TO_CTX 155 + # define RSA_F_RSA_PUB_DECODE 139 ++# define RSA_F_RSA_PUBLIC_DECRYPT 202 ++# define RSA_F_RSA_PUBLIC_ENCRYPT 203 + # define RSA_F_RSA_SETUP_BLINDING 136 ++# define RSA_F_RSA_SET_DEFAULT_METHOD 205 ++# define RSA_F_RSA_SET_METHOD 204 + # define RSA_F_RSA_SIGN 117 + # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 + # define RSA_F_RSA_VERIFY 119 +@@ -558,9 +566,11 @@ int ERR_load_RSA_strings(void); + # define RSA_R_LAST_OCTET_INVALID 134 + # define RSA_R_MODULUS_TOO_LARGE 105 + # define RSA_R_NO_PUBLIC_EXPONENT 140 ++# define RSA_R_NON_FIPS_RSA_METHOD 200 + # define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 + # define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 + # define RSA_R_OAEP_DECODING_ERROR 121 ++# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 201 + # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 + # define RSA_R_PADDING_CHECK_FAILED 114 + # define RSA_R_PKCS_DECODING_ERROR 159 +diff -up openssl-1.1.0h/ssl/ssl_ciph.c.fips openssl-1.1.0h/ssl/ssl_ciph.c +--- openssl-1.1.0h/ssl/ssl_ciph.c.fips 2018-03-29 14:44:24.625236619 +0200 ++++ openssl-1.1.0h/ssl/ssl_ciph.c 2018-03-29 14:44:24.643237042 +0200 +@@ -404,7 +404,8 @@ void ssl_load_ciphers(void) + } + } + /* Make sure we can access MD5 and SHA1 */ +- OPENSSL_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL); ++ if (!FIPS_mode()) ++ OPENSSL_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL); + OPENSSL_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL); + + disabled_mkey_mask = 0; +@@ -687,7 +688,7 @@ static void ssl_cipher_collect_ciphers(c + /* drop those that use any of that is not available */ + if (c == NULL || !c->valid) + continue; +- if (FIPS_mode() && (c->algo_strength & SSL_FIPS)) ++ if (FIPS_mode() && !(c->algo_strength & SSL_FIPS)) + continue; + if ((c->algorithm_mkey & disabled_mkey) || + (c->algorithm_auth & disabled_auth) || +diff -up openssl-1.1.0h/ssl/ssl_init.c.fips openssl-1.1.0h/ssl/ssl_init.c +--- openssl-1.1.0h/ssl/ssl_init.c.fips 2018-03-27 15:50:40.000000000 +0200 ++++ openssl-1.1.0h/ssl/ssl_init.c 2018-03-29 14:44:24.643237042 +0200 +@@ -28,6 +28,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas + fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " + "Adding SSL ciphers and digests\n"); + #endif +#ifdef OPENSSL_FIPS -+ OPENSSL_init_library(); + if (!FIPS_mode()) { +#endif + #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); -@@ -142,6 +147,48 @@ int SSL_library_init(void) - EVP_add_digest(EVP_sha()); - EVP_add_digest(EVP_dss()); - #endif +@@ -84,6 +88,31 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas + EVP_add_digest(EVP_sha256()); + EVP_add_digest(EVP_sha384()); + EVP_add_digest(EVP_sha512()); +#ifdef OPENSSL_FIPS + } else { +# ifndef OPENSSL_NO_DES + EVP_add_cipher(EVP_des_ede3_cbc()); +# endif -+# ifndef OPENSSL_NO_AES + EVP_add_cipher(EVP_aes_128_cbc()); + EVP_add_cipher(EVP_aes_192_cbc()); + EVP_add_cipher(EVP_aes_256_cbc()); + EVP_add_cipher(EVP_aes_128_gcm()); + EVP_add_cipher(EVP_aes_256_gcm()); -+# endif ++ EVP_add_cipher(EVP_aes_128_ccm()); ++ EVP_add_cipher(EVP_aes_256_ccm()); +# ifndef OPENSSL_NO_MD5 -+ /* needed even in the FIPS mode for TLS MAC */ -+ EVP_add_digest(EVP_md5()); -+ EVP_add_digest_alias(SN_md5, "ssl2-md5"); -+ EVP_add_digest_alias(SN_md5, "ssl3-md5"); ++ /* needed even in the FIPS mode for TLS-1.0 */ ++ EVP_add_digest(EVP_md5_sha1()); +# endif -+# ifndef OPENSSL_NO_SHA + EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ + EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); + EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -+# endif -+# ifndef OPENSSL_NO_SHA256 + EVP_add_digest(EVP_sha224()); + EVP_add_digest(EVP_sha256()); -+# endif -+# ifndef OPENSSL_NO_SHA512 + EVP_add_digest(EVP_sha384()); + EVP_add_digest(EVP_sha512()); -+# endif -+# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) -+ EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ -+ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); -+ EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); -+ EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); -+# endif -+# ifndef OPENSSL_NO_ECDSA -+ EVP_add_digest(EVP_ecdsa()); -+# endif + } +#endif #ifndef OPENSSL_NO_COMP - /* - * This will initialise the built-in compression algorithms. The value + # ifdef OPENSSL_INIT_DEBUG + fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " +diff -up openssl-1.1.0h/ssl/ssl_lib.c.fips openssl-1.1.0h/ssl/ssl_lib.c +--- openssl-1.1.0h/ssl/ssl_lib.c.fips 2018-03-29 14:44:24.625236619 +0200 ++++ openssl-1.1.0h/ssl/ssl_lib.c 2018-03-29 14:44:24.643237042 +0200 +@@ -2588,13 +2588,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m + if (ret->param == NULL) + goto err; + +- if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { +- SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); +- goto err2; +- } +- if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { +- SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); +- goto err2; ++ if (!FIPS_mode()) { ++ if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { ++ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); ++ goto err2; ++ } ++ if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { ++ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); ++ goto err2; ++ } ++ } else { ++ ret->min_proto_version = TLS1_VERSION; + } + + if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) +diff -up openssl-1.1.0h/test/dsatest.c.fips openssl-1.1.0h/test/dsatest.c +--- openssl-1.1.0h/test/dsatest.c.fips 2018-03-27 15:50:41.000000000 +0200 ++++ openssl-1.1.0h/test/dsatest.c 2018-03-29 14:44:24.644237065 +0200 +@@ -32,41 +32,42 @@ int main(int argc, char *argv[]) + + static int dsa_cb(int p, int n, BN_GENCB *arg); + +-/* +- * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS +- * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 +- */ + static unsigned char seed[20] = { +- 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, 0xb6, 0x21, 0x1b, 0x40, +- 0x62, 0xba, 0x32, 0x24, 0xe0, 0x42, 0x7d, 0xd3, ++ 0x02, 0x47, 0x11, 0x92, 0x11, 0x88, 0xC8, 0xFB, 0xAF, 0x48, 0x4C, 0x62, ++ 0xDF, 0xA5, 0xBE, 0xA0, 0xA4, 0x3C, 0x56, 0xE3, + }; + + static unsigned char out_p[] = { +- 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa, +- 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb, +- 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7, +- 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5, +- 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf, +- 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac, +- 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2, +- 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91, ++ 0xAC, 0xCB, 0x1E, 0x63, 0x60, 0x69, 0x0C, 0xFB, 0x06, 0x19, 0x68, 0x3E, ++ 0xA5, 0x01, 0x5A, 0xA2, 0x15, 0x5C, 0xE2, 0x99, 0x2D, 0xD5, 0x30, 0x99, ++ 0x7E, 0x5F, 0x8D, 0xE2, 0xF7, 0xC6, 0x2E, 0x8D, 0xA3, 0x9F, 0x58, 0xAD, ++ 0xD6, 0xA9, 0x7D, 0x0E, 0x0D, 0x95, 0x53, 0xA6, 0x71, 0x3A, 0xDE, 0xAB, ++ 0xAC, 0xE9, 0xF4, 0x36, 0x55, 0x9E, 0xB9, 0xD6, 0x93, 0xBF, 0xF3, 0x18, ++ 0x1C, 0x14, 0x7B, 0xA5, 0x42, 0x2E, 0xCD, 0x00, 0xEB, 0x35, 0x3B, 0x1B, ++ 0xA8, 0x51, 0xBB, 0xE1, 0x58, 0x42, 0x85, 0x84, 0x22, 0xA7, 0x97, 0x5E, ++ 0x99, 0x6F, 0x38, 0x20, 0xBD, 0x9D, 0xB6, 0xD9, 0x33, 0x37, 0x2A, 0xFD, ++ 0xBB, 0xD4, 0xBC, 0x0C, 0x2A, 0x67, 0xCB, 0x9F, 0xBB, 0xDF, 0xF9, 0x93, ++ 0xAA, 0xD6, 0xF0, 0xD6, 0x95, 0x0B, 0x5D, 0x65, 0x14, 0xD0, 0x18, 0x9D, ++ 0xC6, 0xAF, 0xF0, 0xC6, 0x37, 0x7C, 0xF3, 0x5F, + }; + + static unsigned char out_q[] = { +- 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee, +- 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e, +- 0xda, 0xce, 0x91, 0x5f, ++ 0xE3, 0x8E, 0x5E, 0x6D, 0xBF, 0x2B, 0x79, 0xF8, 0xC5, 0x4B, 0x89, 0x8B, ++ 0xBA, 0x2D, 0x91, 0xC3, 0x6C, 0x80, 0xAC, 0x87, + }; + + static unsigned char out_g[] = { +- 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13, +- 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00, +- 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb, +- 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e, +- 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf, +- 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c, +- 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c, +- 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02, ++ 0x42, 0x4A, 0x04, 0x4E, 0x79, 0xB4, 0x99, 0x7F, 0xFD, 0x58, 0x36, 0x2C, ++ 0x1B, 0x5F, 0x18, 0x7E, 0x0D, 0xCC, 0xAB, 0x81, 0xC9, 0x5D, 0x10, 0xCE, ++ 0x4E, 0x80, 0x7E, 0x58, 0xB4, 0x34, 0x3F, 0xA7, 0x45, 0xC7, 0xAA, 0x36, ++ 0x24, 0x42, 0xA9, 0x3B, 0xE8, 0x0E, 0x04, 0x02, 0x2D, 0xFB, 0xA6, 0x13, ++ 0xB9, 0xB5, 0x15, 0xA5, 0x56, 0x07, 0x35, 0xE4, 0x03, 0xB6, 0x79, 0x7C, ++ 0x62, 0xDD, 0xDF, 0x3F, 0x71, 0x3A, 0x9D, 0x8B, 0xC4, 0xF6, 0xE7, 0x1D, ++ 0x52, 0xA8, 0xA9, 0x43, 0x1D, 0x33, 0x51, 0x88, 0x39, 0xBD, 0x73, 0xE9, ++ 0x5F, 0xBE, 0x82, 0x49, 0x27, 0xE6, 0xB5, 0x53, 0xC1, 0x38, 0xAC, 0x2F, ++ 0x6D, 0x97, 0x6C, 0xEB, 0x67, 0xC1, 0x5F, 0x67, 0xF8, 0x35, 0x05, 0x5E, ++ 0xD5, 0x68, 0x80, 0xAA, 0x96, 0xCA, 0x0B, 0x8A, 0xE6, 0xF1, 0xB1, 0x41, ++ 0xC6, 0x75, 0x94, 0x0A, 0x0A, 0x2A, 0xFA, 0x29, + }; + + static const unsigned char str1[] = "12345678901234567890"; +@@ -102,7 +103,7 @@ int main(int argc, char **argv) + goto end; + + BN_GENCB_set(cb, dsa_cb, bio_err); +- if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, ++ if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 1024, + seed, 20, + &counter, + &h, cb)) +@@ -116,8 +117,8 @@ int main(int argc, char **argv) + BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h); + + DSA_print(bio_err, dsa, 0); +- if (counter != 105) { +- BIO_printf(bio_err, "counter should be 105\n"); ++ if (counter != 239) { ++ BIO_printf(bio_err, "counter should be 239\n"); + goto end; + } + if (h != 2) { +diff -up openssl-1.1.0h/util/libcrypto.num.fips openssl-1.1.0h/util/libcrypto.num +--- openssl-1.1.0h/util/libcrypto.num.fips 2018-03-27 15:50:41.000000000 +0200 ++++ openssl-1.1.0h/util/libcrypto.num 2018-03-29 18:06:26.962651662 +0200 +@@ -4232,5 +4232,40 @@ ZINT64_it + ZINT64_it 4215 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: + CRYPTO_secure_clear_free 4315 1_1_0g EXIST::FUNCTION: + EVP_PKEY_set1_engine 4347 1_1_0g EXIST::FUNCTION:ENGINE +-OCSP_resp_get0_signer 4374 1_1_0h EXIST::FUNCTION:OCSP ++FIPS_drbg_reseed 4348 1_1_0g EXIST::FUNCTION: ++FIPS_selftest_check 4349 1_1_0g EXIST::FUNCTION: ++FIPS_rand_set_method 4350 1_1_0g EXIST::FUNCTION: ++FIPS_get_default_drbg 4351 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_reseed_interval 4352 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_app_data 4353 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_method 4354 1_1_0g EXIST::FUNCTION: ++FIPS_rand_status 4355 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_instantiate 4356 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_callbacks 4357 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_new 4358 1_1_0g EXIST::FUNCTION: ++FIPS_dsa_paramgen_check_g 4359 1_1_0g EXIST::FUNCTION: ++FIPS_selftest 4360 1_1_0g EXIST::FUNCTION: ++FIPS_rand_set_bits 4361 1_1_0g EXIST::FUNCTION: ++FIPS_rand_bytes 4362 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_get_app_data 4363 1_1_0g EXIST::FUNCTION: ++FIPS_selftest_failed 4364 1_1_0g EXIST::FUNCTION: ++FIPS_dsa_builtin_paramgen2 4365 1_1_0g EXIST::FUNCTION: ++FIPS_rand_reset 4366 1_1_0g EXIST::FUNCTION: ++ERR_load_FIPS_strings 4367 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_generate 4368 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_uninstantiate 4369 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_check_interval 4370 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_free 4371 1_1_0g EXIST::FUNCTION: ++FIPS_selftest_drbg_all 4372 1_1_0g EXIST::FUNCTION: ++FIPS_rand_get_method 4373 1_1_0g EXIST::FUNCTION: ++RAND_set_fips_drbg_type 4374 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_health_check 4375 1_1_0g EXIST::FUNCTION: ++RAND_init_fips 4376 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_rand_callbacks 4377 1_1_0g EXIST::FUNCTION: ++FIPS_rand_seed 4378 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_get_strength 4379 1_1_0g EXIST::FUNCTION: ++FIPS_rand_strength 4380 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_get_blocklength 4381 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_init 4382 1_1_0g EXIST::FUNCTION: ++OCSP_resp_get0_signer 4384 1_1_0h EXIST::FUNCTION:OCSP + X509_get0_authority_key_id 4448 1_1_0h EXIST::FUNCTION: +diff -up openssl-1.1.0h/util/mkdef.pl.fips openssl-1.1.0h/util/mkdef.pl +--- openssl-1.1.0h/util/mkdef.pl.fips 2018-03-27 15:50:41.000000000 +0200 ++++ openssl-1.1.0h/util/mkdef.pl 2018-03-29 14:44:24.644237065 +0200 +@@ -311,6 +311,8 @@ $crypto.=" include/openssl/modes.h"; + $crypto.=" include/openssl/async.h"; + $crypto.=" include/openssl/ct.h"; + $crypto.=" include/openssl/kdf.h"; ++$crypto.=" include/openssl/fips.h"; ++$crypto.=" include/openssl/fips_rand.h"; + + my $symhacks="include/openssl/symhacks.h"; + diff --git a/openssl-1.1.0-issuer-hash.patch b/openssl-1.1.0-issuer-hash.patch new file mode 100644 index 0000000..1b824e0 --- /dev/null +++ b/openssl-1.1.0-issuer-hash.patch @@ -0,0 +1,11 @@ +diff -up openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash openssl-1.1.0-pre5/crypto/x509/x509_cmp.c +--- openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash 2016-07-18 15:16:32.788881100 +0200 ++++ openssl-1.1.0-pre5/crypto/x509/x509_cmp.c 2016-07-18 15:17:16.671871840 +0200 +@@ -87,6 +87,7 @@ unsigned long X509_issuer_and_serial_has + + if (ctx == NULL) + goto err; ++ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); + if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) + goto err; diff --git a/openssl-1.1.0-manfix.patch b/openssl-1.1.0-manfix.patch new file mode 100644 index 0000000..53fc603 --- /dev/null +++ b/openssl-1.1.0-manfix.patch @@ -0,0 +1,51 @@ +diff -up openssl-1.1.0g/doc/apps/ec.pod.manfix openssl-1.1.0g/doc/apps/ec.pod +--- openssl-1.1.0g/doc/apps/ec.pod.manfix 2017-11-02 15:29:04.000000000 +0100 ++++ openssl-1.1.0g/doc/apps/ec.pod 2017-11-03 16:09:31.714027145 +0100 +@@ -101,10 +101,6 @@ prints out the public, private key compo + + this option prevents output of the encoded version of the key. + +-=item B<-modulus> +- +-this option prints out the value of the public key component of the key. +- + =item B<-pubin> + + by default a private key is read from the input file: with this option a +diff -up openssl-1.1.0g/doc/apps/openssl.pod.manfix openssl-1.1.0g/doc/apps/openssl.pod +--- openssl-1.1.0g/doc/apps/openssl.pod.manfix 2017-11-02 15:29:04.000000000 +0100 ++++ openssl-1.1.0g/doc/apps/openssl.pod 2017-11-03 16:11:48.478245311 +0100 +@@ -170,7 +170,7 @@ Create or examine a Netscape certificate + + Online Certificate Status Protocol utility. + +-=item L|passwd(1)> ++=item L|sslpasswd(1)> + + Generation of hashed passwords. + +@@ -198,7 +198,7 @@ Public key algorithm parameter managemen + + Public key algorithm cryptographic operation utility. + +-=item L|rand(1)> ++=item L|sslrand(1)> + + Generate pseudo-random bytes. + +@@ -432,13 +432,13 @@ L, L, L + L, L, + L, L, L, L, L, + L, L, L, +-L, + L, L, L, + L, L, L, +-L, L, L, L, ++L, L, L, + L, L, + L, L, L, + L, L, L, ++L, L, + L, + L, L, L, + L, L, L diff --git a/openssl-1.1.0-missing-quotes.patch b/openssl-1.1.0-missing-quotes.patch new file mode 100644 index 0000000..3fb8784 --- /dev/null +++ b/openssl-1.1.0-missing-quotes.patch @@ -0,0 +1,15 @@ +diff -up openssl-1.1.0h/util/dofile.pl.missing-quotes openssl-1.1.0h/util/dofile.pl +--- openssl-1.1.0h/util/dofile.pl.missing-quotes 2018-03-27 15:50:41.000000000 +0200 ++++ openssl-1.1.0h/util/dofile.pl 2018-04-03 11:59:36.742091742 +0200 +@@ -99,9 +99,9 @@ package main; + # This adds quotes (") around the given string, and escapes any $, @, \, + # " and ' by prepending a \ to them. + sub quotify1 { +- my $s = my $orig = shift @_; ++ my $s = shift @_; + $s =~ s/([\$\@\\"'])/\\$1/g; +- $s ne $orig || $s =~ /\s/ ? '"'.$s.'"' : $s; ++ '"'.$s.'"'; + } + + # quotify_l LIST diff --git a/openssl-1.1.0-no-html.patch b/openssl-1.1.0-no-html.patch new file mode 100644 index 0000000..f6a941e --- /dev/null +++ b/openssl-1.1.0-no-html.patch @@ -0,0 +1,12 @@ +diff -up openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.nohtml openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl +--- openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl.no-html 2016-04-19 16:57:52.000000000 +0200 ++++ openssl-1.1.0-pre5/Configurations/unix-Makefile.tmpl 2016-07-18 13:58:55.060106243 +0200 +@@ -288,7 +288,7 @@ install_sw: all install_dev install_engi + + uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev + +-install_docs: install_man_docs install_html_docs ++install_docs: install_man_docs + + uninstall_docs: uninstall_man_docs uninstall_html_docs + $(RM) -r -v $(DESTDIR)$(DOCDIR) diff --git a/openssl-1.1.0-no-weak-verify.patch b/openssl-1.1.0-no-weak-verify.patch new file mode 100644 index 0000000..59439af --- /dev/null +++ b/openssl-1.1.0-no-weak-verify.patch @@ -0,0 +1,26 @@ +diff -up openssl-1.1.0g/crypto/asn1/a_verify.c.no-md5-verify openssl-1.1.0g/crypto/asn1/a_verify.c +--- openssl-1.1.0g/crypto/asn1/a_verify.c.no-md5-verify 2017-11-02 15:29:02.000000000 +0100 ++++ openssl-1.1.0g/crypto/asn1/a_verify.c 2017-11-03 16:15:46.125801341 +0100 +@@ -7,6 +7,9 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE ++ + #include + #include + #include +@@ -126,6 +129,12 @@ int ASN1_item_verify(const ASN1_ITEM *it + if (ret != 2) + goto err; + ret = -1; ++ } else if ((mdnid == NID_md5 ++ && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) || ++ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ++ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); ++ goto err; + } else { + const EVP_MD *type; + type = EVP_get_digestbynid(mdnid); diff --git a/openssl-1.1.0-secure-getenv.patch b/openssl-1.1.0-secure-getenv.patch new file mode 100644 index 0000000..2fb8ae6 --- /dev/null +++ b/openssl-1.1.0-secure-getenv.patch @@ -0,0 +1,139 @@ +diff -up openssl-1.1.0g/crypto/conf/conf_api.c.secure-getenv openssl-1.1.0g/crypto/conf/conf_api.c +--- openssl-1.1.0g/crypto/conf/conf_api.c.secure-getenv 2017-11-02 15:29:02.000000000 +0100 ++++ openssl-1.1.0g/crypto/conf/conf_api.c 2017-11-03 16:12:31.826265323 +0100 +@@ -9,6 +9,8 @@ + + /* Part of the code in here was originally in conf.c, which is now removed */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE + #include + #include + #include +@@ -82,7 +84,7 @@ char *_CONF_get_string(const CONF *conf, + if (v != NULL) + return (v->value); + if (strcmp(section, "ENV") == 0) { +- p = getenv(name); ++ p = secure_getenv(name); + if (p != NULL) + return (p); + } +@@ -95,7 +97,7 @@ char *_CONF_get_string(const CONF *conf, + else + return (NULL); + } else +- return (getenv(name)); ++ return (secure_getenv(name)); + } + + static unsigned long conf_value_hash(const CONF_VALUE *v) +diff -up openssl-1.1.0g/crypto/conf/conf_mod.c.secure-getenv openssl-1.1.0g/crypto/conf/conf_mod.c +--- openssl-1.1.0g/crypto/conf/conf_mod.c.secure-getenv 2017-11-02 15:29:02.000000000 +0100 ++++ openssl-1.1.0g/crypto/conf/conf_mod.c 2017-11-03 16:12:31.827265347 +0100 +@@ -7,6 +7,8 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE + #include + #include + #include +@@ -478,7 +480,7 @@ char *CONF_get1_default_config_file(void + char *file; + int len; + +- file = getenv("OPENSSL_CONF"); ++ file = secure_getenv("OPENSSL_CONF"); + if (file) + return OPENSSL_strdup(file); + +diff -up openssl-1.1.0g/crypto/engine/eng_list.c.secure-getenv openssl-1.1.0g/crypto/engine/eng_list.c +--- openssl-1.1.0g/crypto/engine/eng_list.c.secure-getenv 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/engine/eng_list.c 2017-11-03 16:12:31.827265347 +0100 +@@ -13,6 +13,8 @@ + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE + #include "eng_int.h" + + /* +@@ -322,7 +324,7 @@ ENGINE *ENGINE_by_id(const char *id) + * Prevent infinite recursion if we're looking for the dynamic engine. + */ + if (strcmp(id, "dynamic")) { +- if ((load_dir = getenv("OPENSSL_ENGINES")) == 0) ++ if ((load_dir = secure_getenv("OPENSSL_ENGINES")) == 0) + load_dir = ENGINESDIR; + iterator = ENGINE_by_id("dynamic"); + if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || +diff -up openssl-1.1.0g/crypto/rand/randfile.c.secure-getenv openssl-1.1.0g/crypto/rand/randfile.c +--- openssl-1.1.0g/crypto/rand/randfile.c.secure-getenv 2017-11-02 15:29:03.000000000 +0100 ++++ openssl-1.1.0g/crypto/rand/randfile.c 2017-11-03 16:12:31.827265347 +0100 +@@ -7,6 +7,8 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE + #include "internal/cryptlib.h" + + #include +@@ -317,10 +319,10 @@ const char *RAND_file_name(char *buf, si + if (OPENSSL_issetugid() != 0) { + use_randfile = 0; + } else { +- s = getenv("RANDFILE"); ++ s = secure_getenv("RANDFILE"); + if (s == NULL || *s == '\0') { + use_randfile = 0; +- s = getenv("HOME"); ++ s = secure_getenv("HOME"); + } + } + #endif +diff -up openssl-1.1.0g/crypto/x509/by_dir.c.secure-getenv openssl-1.1.0g/crypto/x509/by_dir.c +--- openssl-1.1.0g/crypto/x509/by_dir.c.secure-getenv 2017-11-02 15:29:04.000000000 +0100 ++++ openssl-1.1.0g/crypto/x509/by_dir.c 2017-11-03 16:12:31.827265347 +0100 +@@ -7,6 +7,8 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE + #include + #include + #include +@@ -78,7 +80,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in + switch (cmd) { + case X509_L_ADD_DIR: + if (argl == X509_FILETYPE_DEFAULT) { +- dir = (char *)getenv(X509_get_default_cert_dir_env()); ++ dir = (char *)secure_getenv(X509_get_default_cert_dir_env()); + if (dir) + ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); + else +diff -up openssl-1.1.0g/crypto/x509/by_file.c.secure-getenv openssl-1.1.0g/crypto/x509/by_file.c +--- openssl-1.1.0g/crypto/x509/by_file.c.secure-getenv 2017-11-02 15:29:04.000000000 +0100 ++++ openssl-1.1.0g/crypto/x509/by_file.c 2017-11-03 16:14:13.230649686 +0100 +@@ -7,6 +7,8 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE + #include + #include + #include +@@ -47,7 +49,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx + switch (cmd) { + case X509_L_FILE_LOAD: + if (argl == X509_FILETYPE_DEFAULT) { +- file = getenv(X509_get_default_cert_file_env()); ++ file = secure_getenv(X509_get_default_cert_file_env()); + if (file) + ok = (X509_load_cert_crl_file(ctx, file, + X509_FILETYPE_PEM) != 0); diff --git a/openssl-1.1.0-silent-rnd-write.patch b/openssl-1.1.0-silent-rnd-write.patch new file mode 100644 index 0000000..da4137c --- /dev/null +++ b/openssl-1.1.0-silent-rnd-write.patch @@ -0,0 +1,24 @@ +diff -up openssl-1.1.0h/apps/app_rand.c.silent-rnd-write openssl-1.1.0h/apps/app_rand.c +--- openssl-1.1.0h/apps/app_rand.c.silent-rnd-write 2018-03-27 15:50:37.000000000 +0200 ++++ openssl-1.1.0h/apps/app_rand.c 2018-03-29 15:27:24.597891091 +0200 +@@ -91,6 +91,7 @@ long app_RAND_load_files(char *name) + int app_RAND_write_file(const char *file) + { + char buffer[200]; ++ const char *origfile = file; + + if (egdsocket || !seeded) + /* +@@ -103,8 +104,10 @@ int app_RAND_write_file(const char *file + if (file == NULL) + file = RAND_file_name(buffer, sizeof(buffer)); + if (file == NULL || !RAND_write_file(file)) { +- BIO_printf(bio_err, "unable to write 'random state'\n"); +- return 0; ++ if (origfile != NULL) { ++ BIO_printf(bio_err, "unable to write 'random state'\n"); ++ return 0; ++ } + } + return 1; + } diff --git a/openssl-1.1.0-system-cipherlist.patch b/openssl-1.1.0-system-cipherlist.patch new file mode 100644 index 0000000..9f63162 --- /dev/null +++ b/openssl-1.1.0-system-cipherlist.patch @@ -0,0 +1,317 @@ +diff -up openssl-1.1.0e/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.0e/Configurations/unix-Makefile.tmpl +--- openssl-1.1.0e/Configurations/unix-Makefile.tmpl.system-cipherlist 2017-02-16 16:15:38.658931413 +0100 ++++ openssl-1.1.0e/Configurations/unix-Makefile.tmpl 2017-02-16 16:15:38.675931806 +0100 +@@ -161,6 +161,10 @@ MANDIR=$(INSTALLTOP)/share/man + DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) + HTMLDIR=$(DOCDIR)/html + ++{- output_off() if $config{system_ciphers_file} eq ""; "" -} ++SYSTEM_CIPHERS_FILE_DEFINE=-DSYSTEM_CIPHERS_FILE="\"{- $config{system_ciphers_file} -}\"" ++{- output_on() if $config{system_ciphers_file} eq ""; "" -} ++ + # MANSUFFIX is for the benefit of anyone who may want to have a suffix + # appended after the manpage file section number. "ssl" is popular, + # resulting in files such as config.5ssl rather than config.5. +@@ -171,7 +175,7 @@ HTMLSUFFIX=html + + CROSS_COMPILE= {- $config{cross_compile_prefix} -} + CC= $(CROSS_COMPILE){- $target{cc} -} +-CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -} ++CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"\$(SYSTEM_CIPHERS_FILE_DEFINE)","-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -} + CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -} + LDFLAGS= {- $target{lflags} -} + PLIB_LDFLAGS= {- $target{plib_lflags} -} +diff -up openssl-1.1.0e/Configure.system-cipherlist openssl-1.1.0e/Configure +--- openssl-1.1.0e/Configure.system-cipherlist 2017-02-16 12:58:20.000000000 +0100 ++++ openssl-1.1.0e/Configure 2017-02-16 16:15:38.679931899 +0100 +@@ -18,7 +18,7 @@ use if $^O ne "VMS", 'File::Glob' => qw/ + + # see INSTALL for instructions. + +-my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; ++my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; + + # Options: + # +@@ -35,6 +35,9 @@ my $usage="Usage: Configure [no- + # This becomes the value of OPENSSLDIR in Makefile and in C. + # (Default: PREFIX/ssl) + # ++# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM ++# cipher is specified (default). ++# + # --cross-compile-prefix Add specified prefix to binutils components. + # + # --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for +@@ -293,6 +296,7 @@ $config{openssldir}=""; + $config{processor}=""; + $config{libdir}=""; + $config{cross_compile_prefix}=""; ++$config{system_ciphers_file}=""; + $config{fipslibdir}="/usr/local/ssl/fips-2.0/lib/"; + my $nofipscanistercheck=0; + $config{baseaddr}="0xFB00000"; +@@ -718,6 +722,10 @@ while (@argvcopy) + { + $config{baseaddr}="$1"; + } ++ elsif (/^--system-ciphers-file=(.*)$/) ++ { ++ $config{system_ciphers_file}=$1; ++ } + elsif (/^--cross-compile-prefix=(.*)$/) + { + $config{cross_compile_prefix}=$1; +@@ -851,6 +859,8 @@ if ($target =~ m/^CygWin32(-.*)$/) { + $target = "Cygwin".$1; + } + ++chop $config{system_ciphers_file} if $config{system_ciphers_file} =~ /\/$/; ++ + foreach (sort (keys %disabled)) + { + $config{options} .= " no-$_"; +diff -up openssl-1.1.0e/doc/apps/ciphers.pod.system-cipherlist openssl-1.1.0e/doc/apps/ciphers.pod +--- openssl-1.1.0e/doc/apps/ciphers.pod.system-cipherlist 2017-02-16 12:58:22.000000000 +0100 ++++ openssl-1.1.0e/doc/apps/ciphers.pod 2017-02-16 16:37:14.043219953 +0100 +@@ -181,6 +181,15 @@ As of OpenSSL 1.0.0, the B cipher s + + The cipher suites not enabled by B, currently B. + ++=item B ++ ++The list of enabled cipher suites will be loaded from the system crypto policy ++configuration file B. ++See also L. ++This is the default behavior unless an application explicitly sets a cipher ++list. If used in a cipher list configuration value this string must be at the ++beginning of the cipher list, otherwise it will not be recognized. ++ + =item B + + "high" encryption cipher suites. This currently means those with key lengths +diff -up openssl-1.1.0e/include/openssl/ssl.h.system-cipherlist openssl-1.1.0e/include/openssl/ssl.h +--- openssl-1.1.0e/include/openssl/ssl.h.system-cipherlist 2017-02-16 12:58:23.000000000 +0100 ++++ openssl-1.1.0e/include/openssl/ssl.h 2017-02-16 16:15:38.676931830 +0100 +@@ -201,6 +201,11 @@ extern "C" { + * throwing out anonymous and unencrypted ciphersuites! (The latter are not + * actually enabled by ALL, but "ALL:RSA" would enable some of them.) + */ ++# ifdef SYSTEM_CIPHERS_FILE ++# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM" ++# else ++# define SSL_SYSTEM_DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST ++# endif + + /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ + # define SSL_SENT_SHUTDOWN 1 +diff -up openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0e/ssl/ssl_ciph.c +--- openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist 2017-02-16 12:58:23.000000000 +0100 ++++ openssl-1.1.0e/ssl/ssl_ciph.c 2017-02-16 16:15:38.691932177 +0100 +@@ -1289,6 +1289,50 @@ static int check_suiteb_cipher_list(cons + } + #endif + ++#ifdef SYSTEM_CIPHERS_FILE ++static char *load_system_str(const char *suffix) ++{ ++ FILE *fp; ++ char buf[1024]; ++ char *new_rules; ++ unsigned len, slen; ++ ++ fp = fopen(SYSTEM_CIPHERS_FILE, "r"); ++ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) { ++ /* cannot open or file is empty */ ++ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST); ++ } ++ ++ if (fp) ++ fclose(fp); ++ ++ slen = strlen(suffix); ++ len = strlen(buf); ++ ++ if (buf[len - 1] == '\n') { ++ len--; ++ buf[len] = 0; ++ } ++ if (buf[len - 1] == '\r') { ++ len--; ++ buf[len] = 0; ++ } ++ ++ new_rules = OPENSSL_malloc(len + slen + 1); ++ if (new_rules == 0) ++ return NULL; ++ ++ memcpy(new_rules, buf, len); ++ if (slen > 0) { ++ memcpy(&new_rules[len], suffix, slen); ++ len += slen; ++ } ++ new_rules[len] = 0; ++ ++ return new_rules; ++} ++#endif ++ + STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) + **cipher_list, STACK_OF(SSL_CIPHER) + **cipher_list_by_id, +@@ -1296,19 +1341,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + { + int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; + uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac; +- STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; ++ STACK_OF(SSL_CIPHER) *cipherstack = NULL, *tmp_cipher_list; + const char *rule_p; + CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; + const SSL_CIPHER **ca_list = NULL; ++#ifdef SYSTEM_CIPHERS_FILE ++ char *new_rules = NULL; ++ ++ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) { ++ char *p = rule_str + 14; ++ ++ new_rules = load_system_str(p); ++ rule_str = new_rules; ++ } ++#endif + + /* + * Return with error if nothing to do. + */ + if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) +- return NULL; ++ goto end; + #ifndef OPENSSL_NO_EC + if (!check_suiteb_cipher_list(ssl_method, c, &rule_str)) +- return NULL; ++ goto end; + #endif + + /* +@@ -1331,7 +1386,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); + if (co_list == NULL) { + SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); +- return (NULL); /* Failure */ ++ goto end; + } + + ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, +@@ -1401,8 +1456,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + * in force within each class + */ + if (!ssl_cipher_strength_sort(&head, &tail)) { +- OPENSSL_free(co_list); +- return NULL; ++ goto end; + } + + /* +@@ -1447,9 +1501,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; + ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); + if (ca_list == NULL) { +- OPENSSL_free(co_list); + SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); +- return (NULL); /* Failure */ ++ goto end; + } + ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, + disabled_mkey, disabled_auth, disabled_enc, +@@ -1475,8 +1528,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + OPENSSL_free(ca_list); /* Not needed anymore */ + + if (!ok) { /* Rule processing failure */ +- OPENSSL_free(co_list); +- return (NULL); ++ goto end; + } + + /* +@@ -1484,8 +1536,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + * if we cannot get one. + */ + if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { +- OPENSSL_free(co_list); +- return (NULL); ++ goto end; + } + + /* +@@ -1496,21 +1547,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + if (curr->active + && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) { + if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { +- OPENSSL_free(co_list); + sk_SSL_CIPHER_free(cipherstack); +- return NULL; ++ cipherstack = NULL; ++ goto end; + } + #ifdef CIPHER_DEBUG + fprintf(stderr, "<%s>\n", curr->cipher->name); + #endif + } + } +- OPENSSL_free(co_list); /* Not needed any longer */ + + tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); + if (tmp_cipher_list == NULL) { + sk_SSL_CIPHER_free(cipherstack); +- return NULL; ++ cipherstack = NULL; ++ goto end; + } + sk_SSL_CIPHER_free(*cipher_list); + *cipher_list = cipherstack; +@@ -1520,6 +1571,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp); + + sk_SSL_CIPHER_sort(*cipher_list_by_id); ++ ++ end: ++ OPENSSL_free(co_list); ++#ifdef SYSTEM_CIPHERS_FILE ++ OPENSSL_free(new_rules); ++#endif + return (cipherstack); + } + +diff -up openssl-1.1.0e/ssl/ssl_lib.c.system-cipherlist openssl-1.1.0e/ssl/ssl_lib.c +--- openssl-1.1.0e/ssl/ssl_lib.c.system-cipherlist 2017-02-16 16:15:38.673931760 +0100 ++++ openssl-1.1.0e/ssl/ssl_lib.c 2017-02-16 16:15:38.692932200 +0100 +@@ -509,7 +509,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx + + sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), + &(ctx->cipher_list_by_id), +- SSL_DEFAULT_CIPHER_LIST, ctx->cert); ++ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert); + if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { + SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); + return (0); +@@ -2403,7 +2403,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m + #endif + if (!ssl_create_cipher_list(ret->method, + &ret->cipher_list, &ret->cipher_list_by_id, +- SSL_DEFAULT_CIPHER_LIST, ret->cert) ++ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert) + || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); + goto err2; +diff -up openssl-1.1.0e/test/cipherlist_test.c.system-cipherlist openssl-1.1.0e/test/cipherlist_test.c +--- openssl-1.1.0e/test/cipherlist_test.c.system-cipherlist 2017-02-16 12:58:24.000000000 +0100 ++++ openssl-1.1.0e/test/cipherlist_test.c 2017-02-16 16:15:38.677931853 +0100 +@@ -190,7 +190,9 @@ int main(int argc, char **argv) + { + int result = 0; + ++#ifndef SYSTEM_CIPHERS_FILE + ADD_TEST(test_default_cipherlist_implicit); ++#endif + ADD_TEST(test_default_cipherlist_explicit); + + result = run_tests(argv[0]); diff --git a/openssl-1.1.0-version-add-engines.patch b/openssl-1.1.0-version-add-engines.patch new file mode 100644 index 0000000..f4b7cf9 --- /dev/null +++ b/openssl-1.1.0-version-add-engines.patch @@ -0,0 +1,38 @@ +diff -up openssl-1.1.0h/apps/version.c.version-add-engines openssl-1.1.0h/apps/version.c +--- openssl-1.1.0h/apps/version.c.version-add-engines 2018-03-27 15:50:37.000000000 +0200 ++++ openssl-1.1.0h/apps/version.c 2018-03-29 14:33:30.732879537 +0200 +@@ -52,7 +52,7 @@ int version_main(int argc, char **argv) + { + int ret = 1, dirty = 0; + int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0; +- int engdir = 0; ++ int engdir = 0, engines = 0; + char *prog; + OPTION_CHOICE o; + +@@ -90,7 +90,7 @@ opthelp: + dirty = version = 1; + break; + case OPT_A: +- options = cflags = version = date = platform = dir = engdir = 1; ++ options = cflags = version = date = platform = dir = engdir = engines = 1; + break; + } + } +@@ -139,6 +139,16 @@ opthelp: + printf("%s\n", OpenSSL_version(OPENSSL_DIR)); + if (engdir) + printf("%s\n", OpenSSL_version(OPENSSL_ENGINES_DIR)); ++ if (engines) { ++ ENGINE *e; ++ printf("engines: "); ++ e = ENGINE_get_first(); ++ while (e) { ++ printf("%s ", ENGINE_get_id(e)); ++ e = ENGINE_get_next(e); ++ } ++ printf("\n"); ++ } + ret = 0; + end: + return (ret); diff --git a/openssl-1.1.0-weak-ciphers.patch b/openssl-1.1.0-weak-ciphers.patch new file mode 100644 index 0000000..6dfd9e3 --- /dev/null +++ b/openssl-1.1.0-weak-ciphers.patch @@ -0,0 +1,30 @@ +diff -up openssl-1.1.0f/ssl/s3_lib.c.weak-ciphers openssl-1.1.0f/ssl/s3_lib.c +--- openssl-1.1.0f/ssl/s3_lib.c.weak-ciphers 2017-05-25 14:46:20.000000000 +0200 ++++ openssl-1.1.0f/ssl/s3_lib.c 2017-06-15 15:12:51.555142528 +0200 +@@ -2425,7 +2425,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_GOST89MAC, + TLS1_VERSION, TLS1_2_VERSION, + 0, 0, +- SSL_HIGH, ++ SSL_MEDIUM, + SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, + 256, + 256, +@@ -2455,7 +2455,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_GOST89MAC12, + TLS1_VERSION, TLS1_2_VERSION, + 0, 0, +- SSL_HIGH, ++ SSL_MEDIUM, + SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, + 256, + 256, +@@ -2558,7 +2558,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + }, + #endif /* OPENSSL_NO_SEED */ + +-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS ++#if 0 /* No RC4 */ + { + 1, + SSL3_TXT_RSA_RC4_128_MD5, diff --git a/openssl-dont-include-winsock-h.patch b/openssl-dont-include-winsock-h.patch deleted file mode 100644 index a5082e4..0000000 --- a/openssl-dont-include-winsock-h.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- ssl/dtls1.h.orig 2014-12-22 19:03:22.442338471 +0100 -+++ ssl/dtls1.h 2014-12-22 19:03:44.061694335 +0100 -@@ -68,7 +68,7 @@ - # endif - # ifdef OPENSSL_SYS_WIN32 - /* Needed for struct timeval */ --# include -+# include - # elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) - # include - # else diff --git a/openssl-mingw64-dont-use-secure-getenv.patch b/openssl-mingw64-dont-use-secure-getenv.patch index 69e0a84..ff0007c 100644 --- a/openssl-mingw64-dont-use-secure-getenv.patch +++ b/openssl-mingw64-dont-use-secure-getenv.patch @@ -1,11 +1,23 @@ ---- openssl-1.0.2a/ssl/ssl_ciph.c.secure_getenv_mingw 2015-04-24 18:34:32.572168275 +0200 -+++ openssl-1.0.2a/ssl/ssl_ciph.c 2015-04-24 18:35:03.060679959 +0200 -@@ -484,7 +484,7 @@ - MemCheck_off(); - ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); - if (ssl_comp_methods != NULL -- && secure_getenv("OPENSSL_DEFAULT_ZLIB") != NULL) { -+ && getenv("OPENSSL_DEFAULT_ZLIB") != NULL) { - comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); - if (comp != NULL) { - comp->method = COMP_zlib(); +diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c +index 376b359..1d42c2c 100644 +--- a/crypto/asn1/a_verify.c ++++ b/crypto/asn1/a_verify.c +@@ -7,9 +7,6 @@ + * https://www.openssl.org/source/license.html + */ + +-/* for secure_getenv */ +-#define _GNU_SOURCE +- + #include + #include + #include +@@ -130,7 +127,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, + goto err; + ret = -1; + } else if ((mdnid == NID_md5 +- && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) || ++ && getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) || + mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, + ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); diff --git a/openssl-thread-test.c b/openssl-thread-test.c deleted file mode 100644 index 3b90285..0000000 --- a/openssl-thread-test.c +++ /dev/null @@ -1,400 +0,0 @@ -/* Test program to verify that RSA signing is thread-safe in OpenSSL. */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -/* Just assume we want to do engine stuff if we're using 0.9.6b or - * higher. This assumption is only valid for versions bundled with RHL. */ -#if OPENSSL_VERSION_NUMBER >= 0x0090602fL -#include -#define USE_ENGINE -#endif - -#define MAX_THREAD_COUNT 10000 -#define ITERATION_COUNT 10 -#define MAIN_COUNT 100 - -/* OpenSSL requires us to provide thread ID and locking primitives. */ -pthread_mutex_t *mutex_locks = NULL; -static unsigned long -thread_id_cb(void) -{ - return (unsigned long) pthread_self(); -} -static void -lock_cb(int mode, int n, const char *file, int line) -{ - if (mode & CRYPTO_LOCK) { - pthread_mutex_lock(&mutex_locks[n]); - } else { - pthread_mutex_unlock(&mutex_locks[n]); - } -} - -struct thread_args { - RSA *rsa; - int digest_type; - unsigned char *digest; - unsigned int digest_len; - unsigned char *signature; - unsigned int signature_len; - pthread_t main_thread; -}; - -static int print = 0; - -pthread_mutex_t sign_lock = PTHREAD_MUTEX_INITIALIZER; -static int locked_sign = 0; -static void SIGN_LOCK() {if (locked_sign) pthread_mutex_lock(&sign_lock);} -static void SIGN_UNLOCK() {if (locked_sign) pthread_mutex_unlock(&sign_lock);} - -pthread_mutex_t verify_lock = PTHREAD_MUTEX_INITIALIZER; -static int locked_verify = 0; -static void VERIFY_LOCK() {if (locked_verify) pthread_mutex_lock(&verify_lock);} -static void VERIFY_UNLOCK() {if (locked_verify) pthread_mutex_unlock(&verify_lock);} - -pthread_mutex_t failure_count_lock = PTHREAD_MUTEX_INITIALIZER; -long failure_count = 0; -static void -failure() -{ - pthread_mutex_lock(&failure_count_lock); - failure_count++; - pthread_mutex_unlock(&failure_count_lock); -} - -static void * -thread_main(void *argp) -{ - struct thread_args *args = argp; - unsigned char *signature; - unsigned int signature_len, signature_alloc_len; - int ret, i; - - signature_alloc_len = args->signature_len; - if (RSA_size(args->rsa) > signature_alloc_len) { - signature_alloc_len = RSA_size(args->rsa); - } - signature = malloc(signature_alloc_len); - if (signature == NULL) { - fprintf(stderr, "Skipping checks in thread %lu -- %s.\n", - (unsigned long) pthread_self(), strerror(errno)); - pthread_exit(0); - return NULL; - } - for (i = 0; i < ITERATION_COUNT; i++) { - signature_len = signature_alloc_len; - SIGN_LOCK(); - ret = RSA_check_key(args->rsa); - ERR_print_errors_fp(stdout); - if (ret != 1) { - failure(); - break; - } - ret = RSA_sign(args->digest_type, - args->digest, - args->digest_len, - signature, &signature_len, - args->rsa); - SIGN_UNLOCK(); - ERR_print_errors_fp(stdout); - if (ret != 1) { - failure(); - break; - } - - VERIFY_LOCK(); - ret = RSA_verify(args->digest_type, - args->digest, - args->digest_len, - signature, signature_len, - args->rsa); - VERIFY_UNLOCK(); - if (ret != 1) { - fprintf(stderr, - "Signature from thread %lu(%d) fails " - "verification (passed in thread #%lu)!\n", - (long) pthread_self(), i, - (long) args->main_thread); - ERR_print_errors_fp(stdout); - failure(); - continue; - } - if (print) { - fprintf(stderr, ">%d\n", i); - } - } - free(signature); - - pthread_exit(0); - - return NULL; -} - -unsigned char * -xmemdup(unsigned char *s, size_t len) -{ - unsigned char *r; - r = malloc(len); - if (r == NULL) { - fprintf(stderr, "Out of memory.\n"); - ERR_print_errors_fp(stdout); - assert(r != NULL); - } - memcpy(r, s, len); - return r; -} - -int -main(int argc, char **argv) -{ - RSA *rsa; - MD5_CTX md5; - int fd, i; - pthread_t threads[MAX_THREAD_COUNT]; - int thread_count = 1000; - unsigned char *message, *digest; - unsigned int message_len, digest_len; - unsigned char *correct_signature; - unsigned int correct_siglen, ret; - struct thread_args master_args, *args; - int sync = 0, seed = 0; - int again = 1; -#ifdef USE_ENGINE - char *engine = NULL; - ENGINE *e = NULL; -#endif - - pthread_mutex_init(&failure_count_lock, NULL); - - for (i = 1; i < argc; i++) { - if (strcmp(argv[i], "--seed") == 0) { - printf("Seeding PRNG.\n"); - seed++; - } else - if (strcmp(argv[i], "--sync") == 0) { - printf("Running synchronized.\n"); - sync++; - } else - if ((strcmp(argv[i], "--threads") == 0) && (i < argc - 1)) { - i++; - thread_count = atol(argv[i]); - if (thread_count > MAX_THREAD_COUNT) { - thread_count = MAX_THREAD_COUNT; - } - printf("Starting %d threads.\n", thread_count); - sync++; - } else - if (strcmp(argv[i], "--sign") == 0) { - printf("Locking signing.\n"); - locked_sign++; - } else - if (strcmp(argv[i], "--verify") == 0) { - printf("Locking verifies.\n"); - locked_verify++; - } else - if (strcmp(argv[i], "--print") == 0) { - printf("Tracing.\n"); - print++; -#ifdef USE_ENGINE - } else - if ((strcmp(argv[i], "--engine") == 0) && (i < argc - 1)) { - printf("Using engine \"%s\".\n", argv[i + 1]); - engine = argv[i + 1]; - i++; -#endif - } else { - printf("Bad argument: %s\n", argv[i]); - return 1; - } - } - - /* Get some random data to sign. */ - fd = open("/dev/urandom", O_RDONLY); - if (fd == -1) { - fprintf(stderr, "Error opening /dev/urandom: %s\n", - strerror(errno)); - } - - if (print) { - fprintf(stderr, "Reading random data.\n"); - } - message = malloc(message_len = 9371); - read(fd, message, message_len); - close(fd); - - /* Initialize the SSL library and set up thread-safe locking. */ - ERR_load_crypto_strings(); - SSL_library_init(); - mutex_locks = malloc(sizeof(pthread_mutex_t) * CRYPTO_num_locks()); - for (i = 0; i < CRYPTO_num_locks(); i++) { - pthread_mutex_init(&mutex_locks[i], NULL); - } - CRYPTO_set_id_callback(thread_id_cb); - CRYPTO_set_locking_callback(lock_cb); - ERR_print_errors_fp(stdout); - - /* Seed the PRNG if we were asked to do so. */ - if (seed) { - if (print) { - fprintf(stderr, "Seeding PRNG.\n"); - } - RAND_add(message, message_len, message_len); - ERR_print_errors_fp(stdout); - } - - /* Turn on a hardware crypto device if asked to do so. */ -#ifdef USE_ENGINE - if (engine) { -#if OPENSSL_VERSION_NUMBER >= 0x0090700fL - ENGINE_load_builtin_engines(); -#endif - if (print) { - fprintf(stderr, "Initializing \"%s\" engine.\n", - engine); - } - e = ENGINE_by_id(engine); - ERR_print_errors_fp(stdout); - if (e) { - i = ENGINE_init(e); - ERR_print_errors_fp(stdout); - i = ENGINE_set_default_RSA(e); - ERR_print_errors_fp(stdout); - } - } -#endif - - /* Compute the digest for the signature. */ - if (print) { - fprintf(stderr, "Computing digest.\n"); - } - digest = malloc(digest_len = MD5_DIGEST_LENGTH); - MD5_Init(&md5); - MD5_Update(&md5, message, message_len); - MD5_Final(digest, &md5); - - /* Generate a signing key. */ - if (print) { - fprintf(stderr, "Generating key.\n"); - } - rsa = RSA_generate_key(4096, 3, NULL, NULL); - ERR_print_errors_fp(stdout); - if (rsa == NULL) { - _exit(1); - } - - /* Sign the data. */ - correct_siglen = RSA_size(rsa); - correct_signature = malloc(correct_siglen); - for (i = 0; i < MAIN_COUNT; i++) { - if (print) { - fprintf(stderr, "Signing data (%d).\n", i); - } - ret = RSA_check_key(rsa); - ERR_print_errors_fp(stdout); - if (ret != 1) { - failure(); - } - correct_siglen = RSA_size(rsa); - ret = RSA_sign(NID_md5, digest, digest_len, - correct_signature, &correct_siglen, - rsa); - ERR_print_errors_fp(stdout); - if (ret != 1) { - _exit(2); - } - if (print) { - fprintf(stderr, "Verifying data (%d).\n", i); - } - ret = RSA_verify(NID_md5, digest, digest_len, - correct_signature, correct_siglen, - rsa); - if (ret != 1) { - _exit(2); - } - } - - /* Collect up the inforamtion which other threads will need for - * comparing their signature results with ours. */ - master_args.rsa = rsa; - master_args.digest_type = NID_md5; - master_args.digest = digest; - master_args.digest_len = digest_len; - master_args.signature = correct_signature; - master_args.signature_len = correct_siglen; - master_args.main_thread = pthread_self(); - - fprintf(stdout, "Performing %d signatures in each of %d threads " - "(%d, %d).\n", ITERATION_COUNT, thread_count, - digest_len, correct_siglen); - fflush(NULL); - - /* Start up all of the threads. */ - for (i = 0; i < thread_count; i++) { - args = malloc(sizeof(struct thread_args)); - args->rsa = RSAPrivateKey_dup(master_args.rsa); - args->digest_type = master_args.digest_type; - args->digest_len = master_args.digest_len; - args->digest = xmemdup(master_args.digest, args->digest_len); - args->signature_len = master_args.signature_len; - args->signature = xmemdup(master_args.signature, - args->signature_len); - args->main_thread = pthread_self(); - ret = pthread_create(&threads[i], NULL, thread_main, args); - while ((ret != 0) && (errno == EAGAIN)) { - ret = pthread_create(&threads[i], NULL, - thread_main, &args); - fprintf(stderr, "Thread limit hit at %d.\n", i); - } - if (ret != 0) { - fprintf(stderr, "Unable to create thread %d: %s.\n", - i, strerror(errno)); - threads[i] = -1; - } else { - if (sync) { - ret = pthread_join(threads[i], NULL); - assert(ret == 0); - } - if (print) { - fprintf(stderr, "%d\n", i); - } - } - } - - /* Wait for all threads to complete. So long as we can find an - * unjoined thread, keep joining threads. */ - do { - again = 0; - for (i = 0; i < thread_count; i++) { - /* If we have an unterminated thread, join it. */ - if (threads[i] != -1) { - again = 1; - if (print) { - fprintf(stderr, "Joining thread %d.\n", - i); - } - pthread_join(threads[i], NULL); - threads[i] = -1; - break; - } - } - } while (again == 1); - - fprintf(stderr, "%ld failures\n", failure_count); - - return (failure_count != 0); -} diff --git a/openssl_mingw64_install_fix.patch b/openssl_mingw64_install_fix.patch deleted file mode 100644 index d226f7f..0000000 --- a/openssl_mingw64_install_fix.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- engines/Makefile.orig 2010-05-15 21:24:54.986089920 +0200 -+++ engines/Makefile 2010-05-15 21:26:51.409085467 +0200 -@@ -111,7 +111,7 @@ - for l in $(LIBNAMES); do \ - ( echo installing $$l; \ - pfx=lib; \ -- if [ "$(PLATFORM)" = "mingw" ]; then \ -+ if [ "$(PLATFORM)" = "mingw" -o "$(PLATFORM)" = "mingw64" ]; then \ - sfx=.dll; \ - cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \ - elif expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ diff --git a/opensslconf-new.h b/opensslconf-new.h index bd56c73..04363c3 100644 --- a/opensslconf-new.h +++ b/opensslconf-new.h @@ -13,6 +13,14 @@ #include "opensslconf-i386.h" #elif defined(__ia64__) #include "opensslconf-ia64.h" +#elif defined(__mips64) && defined(__MIPSEL__) +#include "opensslconf-mips64el.h" +#elif defined(__mips64) +#include "opensslconf-mips64.h" +#elif defined(__mips) && defined(__MIPSEL__) +#include "opensslconf-mipsel.h" +#elif defined(__mips) +#include "opensslconf-mips.h" #elif defined(__powerpc64__) #include #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ diff --git a/sources b/sources index f49534e..b8fb121 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -020793e7b8901a1ac62d38f3a77f9a0c openssl-1.0.2h-hobbled.tar.xz +SHA512 (openssl-1.1.0h-hobbled.tar.xz) = cba4641956d6593f5cf5164bed12fb3acfaa9c24a69d5642cc0267d0918555450a12ddeac6e02b246afa64e7019f35baa0d9302d1f06e3be5555d8340319c5e4