diff --git a/openssl-1.0.1e-ephemeral-key-size.patch b/openssl-1.0.1e-ephemeral-key-size.patch new file mode 100644 index 0000000..14f7940 --- /dev/null +++ b/openssl-1.0.1e-ephemeral-key-size.patch @@ -0,0 +1,135 @@ +diff -up openssl-1.0.1e/apps/s_apps.h.ephemeral openssl-1.0.1e/apps/s_apps.h +--- openssl-1.0.1e/apps/s_apps.h.ephemeral 2014-02-12 14:49:14.333513753 +0100 ++++ openssl-1.0.1e/apps/s_apps.h 2014-02-12 14:49:14.417515629 +0100 +@@ -156,6 +156,7 @@ int MS_CALLBACK verify_callback(int ok, + int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); + int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); + #endif ++int ssl_print_tmp_key(BIO *out, SSL *s); + int init_client(int *sock, char *server, char *port, int type); + int should_retry(int i); + int extract_host_port(char *str,char **host_ptr,char **port_ptr); +diff -up openssl-1.0.1e/apps/s_cb.c.ephemeral openssl-1.0.1e/apps/s_cb.c +--- openssl-1.0.1e/apps/s_cb.c.ephemeral 2013-02-11 16:26:04.000000000 +0100 ++++ openssl-1.0.1e/apps/s_cb.c 2014-02-12 14:56:25.584142499 +0100 +@@ -338,6 +338,38 @@ void MS_CALLBACK apps_ssl_info_callback( + } + } + ++int ssl_print_tmp_key(BIO *out, SSL *s) ++ { ++ EVP_PKEY *key; ++ if (!SSL_get_server_tmp_key(s, &key)) ++ return 1; ++ BIO_puts(out, "Server Temp Key: "); ++ switch (EVP_PKEY_id(key)) ++ { ++ case EVP_PKEY_RSA: ++ BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key)); ++ break; ++ ++ case EVP_PKEY_DH: ++ BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key)); ++ break; ++ ++ case EVP_PKEY_EC: ++ { ++ EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key); ++ int nid; ++ const char *cname; ++ nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); ++ EC_KEY_free(ec); ++ cname = OBJ_nid2sn(nid); ++ BIO_printf(out, "ECDH, %s, %d bits\n", ++ cname, EVP_PKEY_bits(key)); ++ } ++ } ++ EVP_PKEY_free(key); ++ return 1; ++ } ++ + + void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) + { +diff -up openssl-1.0.1e/apps/s_client.c.ephemeral openssl-1.0.1e/apps/s_client.c +--- openssl-1.0.1e/apps/s_client.c.ephemeral 2014-02-12 14:49:14.407515406 +0100 ++++ openssl-1.0.1e/apps/s_client.c 2014-02-12 14:49:14.418515652 +0100 +@@ -2032,6 +2032,8 @@ static void print_stuff(BIO *bio, SSL *s + BIO_write(bio,"\n",1); + } + ++ ssl_print_tmp_key(bio, s); ++ + BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n", + BIO_number_read(SSL_get_rbio(s)), + BIO_number_written(SSL_get_wbio(s))); +diff -up openssl-1.0.1e/ssl/ssl.h.ephemeral openssl-1.0.1e/ssl/ssl.h +--- openssl-1.0.1e/ssl/ssl.h.ephemeral 2014-02-12 14:49:14.391515049 +0100 ++++ openssl-1.0.1e/ssl/ssl.h 2014-02-12 14:49:14.418515652 +0100 +@@ -1563,6 +1563,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) + #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 + #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 + ++#define SSL_CTRL_GET_SERVER_TMP_KEY 109 ++ + #define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) + #define DTLSv1_handle_timeout(ssl) \ +@@ -1604,6 +1606,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) + #define SSL_CTX_clear_extra_chain_certs(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) + ++#define SSL_get_server_tmp_key(s, pk) \ ++ SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) ++ + #ifndef OPENSSL_NO_BIO + BIO_METHOD *BIO_f_ssl(void); + BIO *BIO_new_ssl(SSL_CTX *ctx,int client); +diff -up openssl-1.0.1e/ssl/s3_lib.c.ephemeral openssl-1.0.1e/ssl/s3_lib.c +--- openssl-1.0.1e/ssl/s3_lib.c.ephemeral 2014-02-12 14:49:14.412515518 +0100 ++++ openssl-1.0.1e/ssl/s3_lib.c 2014-02-12 14:49:14.418515652 +0100 +@@ -3350,6 +3350,44 @@ long ssl3_ctrl(SSL *s, int cmd, long lar + #endif + + #endif /* !OPENSSL_NO_TLSEXT */ ++ case SSL_CTRL_GET_SERVER_TMP_KEY: ++ if (s->server || !s->session || !s->session->sess_cert) ++ return 0; ++ else ++ { ++ SESS_CERT *sc; ++ EVP_PKEY *ptmp; ++ int rv = 0; ++ sc = s->session->sess_cert; ++#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) ++ if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp ++ && !sc->peer_ecdh_tmp) ++ return 0; ++#endif ++ ptmp = EVP_PKEY_new(); ++ if (!ptmp) ++ return 0; ++ if (0); ++#ifndef OPENSSL_NO_RSA ++ else if (sc->peer_rsa_tmp) ++ rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp); ++#endif ++#ifndef OPENSSL_NO_DH ++ else if (sc->peer_dh_tmp) ++ rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp); ++#endif ++#ifndef OPENSSL_NO_ECDH ++ else if (sc->peer_ecdh_tmp) ++ rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp); ++#endif ++ if (rv) ++ { ++ *(EVP_PKEY **)parg = ptmp; ++ return 1; ++ } ++ EVP_PKEY_free(ptmp); ++ return 0; ++ } + default: + break; + } diff --git a/openssl-1.0.1e-fips.patch b/openssl-1.0.1e-fips.patch index e6942b1..f5496a0 100644 --- a/openssl-1.0.1e-fips.patch +++ b/openssl-1.0.1e-fips.patch @@ -375,8 +375,8 @@ diff -up openssl-1.0.1e/crypto/dh/dh_gen.c.fips openssl-1.0.1e/crypto/dh/dh_gen. if (ctx == NULL) goto err; BN_CTX_start(ctx); diff -up openssl-1.0.1e/crypto/dh/dh.h.fips openssl-1.0.1e/crypto/dh/dh.h ---- openssl-1.0.1e/crypto/dh/dh.h.fips 2013-10-04 11:48:04.032690794 +0200 -+++ openssl-1.0.1e/crypto/dh/dh.h 2013-10-04 11:48:04.174694001 +0200 +--- openssl-1.0.1e/crypto/dh/dh.h.fips 2014-02-06 18:04:19.000000000 +0100 ++++ openssl-1.0.1e/crypto/dh/dh.h 2014-02-11 16:01:17.039345356 +0100 @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif @@ -386,9 +386,17 @@ diff -up openssl-1.0.1e/crypto/dh/dh.h.fips openssl-1.0.1e/crypto/dh/dh.h #define DH_FLAG_CACHE_MONT_P 0x01 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH * implementation now uses constant time +@@ -210,6 +212,7 @@ int DH_check(const DH *dh,int *codes); + int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes); + int DH_generate_key(DH *dh); + int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); ++int DH_compute_key_padded(unsigned char *key,const BIGNUM *pub_key,DH *dh); + DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); + int i2d_DHparams(const DH *a,unsigned char **pp); + #ifndef OPENSSL_NO_FP_API diff -up openssl-1.0.1e/crypto/dh/dh_key.c.fips openssl-1.0.1e/crypto/dh/dh_key.c --- openssl-1.0.1e/crypto/dh/dh_key.c.fips 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/dh/dh_key.c 2013-10-04 11:48:04.174694001 +0200 ++++ openssl-1.0.1e/crypto/dh/dh_key.c 2014-02-11 15:57:55.266840301 +0100 @@ -61,6 +61,9 @@ #include #include @@ -399,7 +407,29 @@ diff -up openssl-1.0.1e/crypto/dh/dh_key.c.fips openssl-1.0.1e/crypto/dh/dh_key. static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); -@@ -104,7 +107,7 @@ compute_key, +@@ -97,6 +100,21 @@ int DH_compute_key(unsigned char *key, c + return dh->meth->compute_key(key, pub_key, dh); + } + ++int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) ++ { ++ int rv, pad; ++ rv = DH_compute_key(key, pub_key, dh); ++ if (rv <= 0) ++ return rv; ++ pad = BN_num_bytes(dh->p) - rv; ++ if (pad > 0) ++ { ++ memmove(key + pad, key, rv); ++ memset(key, 0, pad); ++ } ++ return rv + pad; ++ } ++ + static DH_METHOD dh_ossl = { + "OpenSSL DH Method", + generate_key, +@@ -104,7 +122,7 @@ compute_key, dh_bn_mod_exp, dh_init, dh_finish, @@ -408,7 +438,7 @@ diff -up openssl-1.0.1e/crypto/dh/dh_key.c.fips openssl-1.0.1e/crypto/dh/dh_key. NULL, NULL }; -@@ -123,6 +126,14 @@ static int generate_key(DH *dh) +@@ -123,6 +141,14 @@ static int generate_key(DH *dh) BN_MONT_CTX *mont=NULL; BIGNUM *pub_key=NULL,*priv_key=NULL; @@ -423,7 +453,7 @@ diff -up openssl-1.0.1e/crypto/dh/dh_key.c.fips openssl-1.0.1e/crypto/dh/dh_key. ctx = BN_CTX_new(); if (ctx == NULL) goto err; -@@ -213,6 +224,13 @@ static int compute_key(unsigned char *ke +@@ -213,6 +239,13 @@ static int compute_key(unsigned char *ke DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); goto err; } @@ -437,7 +467,7 @@ diff -up openssl-1.0.1e/crypto/dh/dh_key.c.fips openssl-1.0.1e/crypto/dh/dh_key. ctx = BN_CTX_new(); if (ctx == NULL) goto err; -@@ -280,6 +298,9 @@ static int dh_bn_mod_exp(const DH *dh, B +@@ -280,6 +313,9 @@ static int dh_bn_mod_exp(const DH *dh, B static int dh_init(DH *dh) { diff --git a/openssl.spec b/openssl.spec index fb98620..58cd56c 100644 --- a/openssl.spec +++ b/openssl.spec @@ -21,7 +21,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.1e -Release: 39%{?dist} +Release: 40%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -88,6 +88,7 @@ Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch Patch86: openssl-1.0.1e-cve-2013-6449.patch Patch87: openssl-1.0.1e-cve-2013-6450.patch Patch88: openssl-1.0.1e-cve-2013-4353.patch +Patch89: openssl-1.0.1e-ephemeral-key-size.patch License: OpenSSL Group: System Environment/Libraries @@ -211,6 +212,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/ %patch86 -p1 -b .hash-crash %patch87 -p1 -b .dtls1-mitm %patch88 -p1 -b .handshake-crash +%patch89 -p1 -b .ephemeral sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h @@ -474,6 +476,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun libs -p /sbin/ldconfig %changelog +* Thu Feb 6 2014 Tomáš Mráz 1.0.1e-40 +- print ephemeral key size negotiated in TLS handshake (#1057715) +- add DH_compute_key_padded needed for FIPS CAVS testing + * Thu Feb 6 2014 Tomáš Mráz 1.0.1e-39 - make expiration and key length changeable by DAYS and KEYLEN variables in the certificate Makefile (#1058108)