Rebase to upstream version 3.0.0

Signed-off-by: Sahana Prasad <sahana@redhat.com>
This commit is contained in:
Sahana Prasad 2021-09-09 15:20:55 +02:00
parent 5de10d4810
commit 347681c6b2
55 changed files with 6829 additions and 45510 deletions

1
.gitignore vendored
View File

@ -52,3 +52,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.1.1i-hobbled.tar.xz
/openssl-1.1.1j-hobbled.tar.xz
/openssl-1.1.1k-hobbled.tar.xz
/openssl-3.0.0-hobbled.tar.xz

View File

@ -0,0 +1,33 @@
From 603a35802319c0459737e3f067369ceb990fe2e6 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 09:01:41 +0200
Subject: Aarch64 and ppc64le use lib64
(Was openssl-1.1.1-build.patch)
---
Configurations/10-main.conf | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index d7580bf3e1..a7dbfd7f40 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -723,6 +723,7 @@ my %targets = (
lib_cppflags => add("-DL_ENDIAN"),
asm_arch => 'ppc64',
perlasm_scheme => "linux64le",
+ multilib => "64",
},
"linux-armv4" => {
@@ -765,6 +766,7 @@ my %targets = (
inherit_from => [ "linux-generic64" ],
asm_arch => 'aarch64',
perlasm_scheme => "linux64",
+ multilib => "64",
},
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
inherit_from => [ "linux-generic32" ],
--
2.26.2

View File

@ -1,7 +1,21 @@
diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cnf
--- openssl-1.1.1a/apps/openssl.cnf.defaults 2018-11-20 14:35:37.000000000 +0100
+++ openssl-1.1.1a/apps/openssl.cnf 2019-01-15 13:56:50.841719776 +0100
@@ -74,7 +74,7 @@ cert_opt = ca_default # Certificate fi
From 41df9ae215cee9574e17e6f887c96a7c97d588f5 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 09:03:40 +0200
Subject: Use more general default values in openssl.cnf
Also set sha256 as default hash, although that should not be
necessary anymore.
(was openssl-1.1.1-defaults.patch)
---
apps/openssl.cnf | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 97567a67be..eb25a0ac48 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -104,7 +104,7 @@ cert_opt = ca_default # Certificate field options
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
@ -10,7 +24,7 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
@@ -106,6 +106,7 @@ emailAddress = optional
@@ -136,6 +136,7 @@ emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
@ -18,7 +32,7 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
@@ -128,17 +129,18 @@ string_mask = utf8only
@@ -158,17 +159,18 @@ string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
@ -40,7 +54,7 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
@@ -147,7 +149,7 @@ localityName = Locality Name (eg, city
@@ -177,7 +179,7 @@ localityName = Locality Name (eg, city)
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
@ -49,3 +63,6 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn
commonName_max = 64
emailAddress = Email Address
--
2.26.2

View File

@ -0,0 +1,26 @@
From 3d5755df8d09ca841c0aca2d7344db060f6cc97f Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 09:05:55 +0200
Subject: Do not install html docs
(was openssl-1.1.1-no-html.patch)
---
Configurations/unix-Makefile.tmpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 342e46d24d..9f369edf0e 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -554,7 +554,7 @@ install_sw: install_dev install_engines install_modules install_runtime
uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev
-install_docs: install_man_docs install_html_docs
+install_docs: install_man_docs
uninstall_docs: uninstall_man_docs uninstall_html_docs
$(RM) -r $(DESTDIR)$(DOCDIR)
--
2.26.2

View File

@ -0,0 +1,73 @@
From 6790960076742a9053c624e26fbb87fcd5789e27 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 09:17:26 +0200
Subject: Override default paths for the CA directory tree
Also add default section to load crypto-policies configuration
for TLS.
It needs to be reverted before running tests.
(was openssl-1.1.1-conf-paths.patch)
---
apps/CA.pl.in | 2 +-
apps/openssl.cnf | 20 ++++++++++++++++++--
2 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index c0afb96716..d6a5fabd16 100644
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -29,7 +29,7 @@ my $X509 = "$openssl x509";
my $PKCS12 = "$openssl pkcs12";
# Default values for various configuration settings.
-my $CATOP = "./demoCA";
+my $CATOP = "/etc/pki/CA";
my $CAKEY = "cakey.pem";
my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem";
diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf
--- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200
+++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200
@@ -53,6 +53,8 @@ tsa_policy3 = 1.2.3.4.5.7
[openssl_init]
providers = provider_sect
+# Load default TLS policy configuration
+ssl_conf = ssl_module
# List of providers to load
[provider_sect]
@@ -64,6 +66,13 @@ default = default_sect
[default_sect]
# activate = 1
+[ ssl_module ]
+
+system_default = crypto_policy
+
+[ crypto_policy ]
+
+.include = /etc/crypto-policies/back-ends/opensslcnf.config
####################################################################
[ ca ]
@@ -72,7 +81,7 @@ default_ca = CA_default # The default c
####################################################################
[ CA_default ]
-dir = ./demoCA # Where everything is kept
+dir = /etc/pki/CA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
@@ -304,7 +313,7 @@ default_tsa = tsa_config1 # the default
[ tsa_config1 ]
# These are used by the TSA reply generation only.
-dir = ./demoCA # TSA root directory
+dir = /etc/pki/CA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate

View File

@ -0,0 +1,28 @@
From 3d8fa9859501b07e02b76b5577e2915d5851e927 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 09:27:18 +0200
Subject: apps/ca: fix md option help text
upstreamable
(was openssl-1.1.1-apps-dgst.patch)
---
apps/ca.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/ca.c b/apps/ca.c
index 0f21b4fa1c..3d4b2c1673 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -209,7 +209,7 @@ const OPTIONS ca_options[] = {
{"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
OPT_SECTION("Signing"),
- {"md", OPT_MD, 's', "Digest to use, such as sha256"},
+ {"md", OPT_MD, 's', "Digest to use, such as sha256; see openssl help for list"},
{"keyfile", OPT_KEYFILE, 's', "The CA private key"},
{"keyform", OPT_KEYFORM, 'f',
"Private key file format (ENGINE, other values ignored)"},
--
2.26.2

View File

@ -0,0 +1,29 @@
From 3f9deff30ae6efbfe979043b00cdf649b39793c0 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 09:51:34 +0200
Subject: Disable signature verification with totally unsafe hash algorithms
(was openssl-1.1.1-no-weak-verify.patch)
---
crypto/asn1/a_verify.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index b7eed914b0..af62f0ef08 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -152,6 +152,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
if (ret <= 1)
goto err;
+ } else if ((mdnid == NID_md5
+ && ossl_safe_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
+ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
+ ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+ goto err;
} else {
const EVP_MD *type = NULL;
--
2.26.2

View File

@ -1,7 +1,25 @@
diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.1c/Configurations/unix-Makefile.tmpl
--- openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist 2019-05-29 15:42:27.951329271 +0200
+++ openssl-1.1.1c/Configurations/unix-Makefile.tmpl 2019-05-29 15:42:27.974328867 +0200
@@ -180,6 +180,10 @@ MANDIR=$(INSTALLTOP)/share/man
From 736d709ec194b3a763e004696df22792c62a11fc Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 10:16:46 +0200
Subject: Add support for PROFILE=SYSTEM system default cipherlist
(was openssl-1.1.1-system-cipherlist.patch)
---
Configurations/unix-Makefile.tmpl | 5 ++
Configure | 10 +++-
doc/man1/openssl-ciphers.pod.in | 9 ++++
include/openssl/ssl.h.in | 5 ++
ssl/ssl_ciph.c | 88 +++++++++++++++++++++++++++----
ssl/ssl_lib.c | 4 +-
test/cipherlist_test.c | 2 +
util/libcrypto.num | 1 +
8 files changed, 110 insertions(+), 14 deletions(-)
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 9f369edf0e..c52389f831 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -269,6 +269,10 @@ MANDIR=$(INSTALLTOP)/share/man
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
HTMLDIR=$(DOCDIR)/html
@ -12,7 +30,7 @@ diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist open
# MANSUFFIX is for the benefit of anyone who may want to have a suffix
# appended after the manpage file section number. "ssl" is popular,
# resulting in files such as config.5ssl rather than config.5.
@@ -203,6 +207,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
@@ -292,6 +296,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
CPPFLAGS={- our $cppflags1 = join(" ",
(map { "-D".$_} @{$config{CPPDEFINES}}),
@ -20,60 +38,11 @@ diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist open
(map { "-I".$_} @{$config{CPPINCLUDES}}),
@{$config{CPPFLAGS}}) -}
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
diff -up openssl-1.1.1c/Configure.system-cipherlist openssl-1.1.1c/Configure
--- openssl-1.1.1c/Configure.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
+++ openssl-1.1.1c/Configure 2019-05-29 15:45:10.465469533 +0200
@@ -24,7 +24,7 @@ use OpenSSL::Glob;
my $orig_death_handler = $SIG{__DIE__};
$SIG{__DIE__} = \&death_handler;
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
# Options:
#
@@ -41,6 +41,9 @@ my $usage="Usage: Configure [no-<cipher>
# This becomes the value of OPENSSLDIR in Makefile and in C.
# (Default: PREFIX/ssl)
#
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
+# cipher is specified (default).
+#
# --cross-compile-prefix Add specified prefix to binutils components.
#
# --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for
@@ -295,6 +298,7 @@ $config{prefix}="";
$config{openssldir}="";
$config{processor}="";
$config{libdir}="";
+$config{system_ciphers_file}="";
my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
@@ -824,6 +828,10 @@ while (@argvcopy)
push @seed_sources, $x;
}
}
+ elsif (/^--system-ciphers-file=(.*)$/)
+ {
+ $config{system_ciphers_file}=$1;
+ }
elsif (/^--cross-compile-prefix=(.*)$/)
{
$user{CROSS_COMPILE}=$1;
@@ -1016,6 +1024,8 @@ if ($target eq "HASH") {
exit 0;
}
+chop $config{system_ciphers_file} if $config{system_ciphers_file} =~ /\/$/;
+
print "Configuring OpenSSL version $config{version} ($config{version_num}) ";
print "for $target\n";
diff -up openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1c/doc/man1/ciphers.pod
--- openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
+++ openssl-1.1.1c/doc/man1/ciphers.pod 2019-05-29 15:42:27.975328849 +0200
@@ -182,6 +182,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
index b4ed3e51d5..2122e6bdfd 100644
--- a/doc/man1/openssl-ciphers.pod.in
+++ b/doc/man1/openssl-ciphers.pod.in
@@ -187,6 +187,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default.
The cipher suites not enabled by B<ALL>, currently B<eNULL>.
@ -89,34 +58,27 @@ diff -up openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1c/do
=item B<HIGH>
"High" encryption cipher suites. This currently means those with key lengths
diff -up openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist openssl-1.1.1c/include/openssl/ssl.h
--- openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
+++ openssl-1.1.1c/include/openssl/ssl.h 2019-05-29 15:42:27.975328849 +0200
@@ -186,6 +186,11 @@ extern "C" {
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index f9a61609e4..c6f95fed3f 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -209,6 +209,11 @@ extern "C" {
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
*/
+# ifdef SYSTEM_CIPHERS_FILE
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
+# else
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST OSSL_default_cipher_list()
+# endif
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
# define SSL_SENT_SHUTDOWN 1
diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ciph.c
--- openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
+++ openssl-1.1.1c/ssl/ssl_ciph.c 2019-05-29 15:42:27.976328831 +0200
@@ -9,6 +9,8 @@
* https://www.openssl.org/source/license.html
*/
+/* for secure_getenv */
+#define _GNU_SOURCE
#include <stdio.h>
#include <ctype.h>
#include <openssl/objects.h>
@@ -1399,6 +1401,53 @@ int SSL_set_ciphersuites(SSL *s, const c
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index b1d3f7919e..f7cc7fed48 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1411,6 +1411,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
return ret;
}
@ -129,7 +91,7 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
+ const char *ciphers_path;
+ unsigned len, slen;
+
+ if ((ciphers_path = secure_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
+ if ((ciphers_path = ossl_safe_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
+ ciphers_path = SYSTEM_CIPHERS_FILE;
+ fp = fopen(ciphers_path, "r");
+ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) {
@ -167,19 +129,19 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
+}
+#endif
+
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
STACK_OF(SSL_CIPHER) **cipher_list,
@@ -1412,15 +1461,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
const char *rule_p;
@@ -1425,15 +1472,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
const SSL_CIPHER **ca_list = NULL;
const SSL_METHOD *ssl_method = ctx->method;
+#ifdef SYSTEM_CIPHERS_FILE
+ char *new_rules = NULL;
+
+ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) {
+ char *p = rule_str + 14;
+
+
+ new_rules = load_system_str(p);
+ rule_str = new_rules;
+ }
@ -191,23 +153,23 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
- return NULL;
+ goto err;
#ifndef OPENSSL_NO_EC
if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
- return NULL;
+ goto err;
#endif
/*
@@ -1443,7 +1502,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
* To reduce the work to do we only want to process the compiled
@@ -1456,7 +1513,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
if (co_list == NULL) {
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
- return NULL; /* Failure */
+ goto err;
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
@@ -1509,8 +1568,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
@@ -1522,8 +1579,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
* in force within each class
*/
if (!ssl_cipher_strength_sort(&head, &tail)) {
@ -217,18 +179,18 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
}
/*
@@ -1555,9 +1613,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
@@ -1568,9 +1624,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
if (ca_list == NULL) {
- OPENSSL_free(co_list);
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
- return NULL; /* Failure */
+ goto err;
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc,
@@ -1583,8 +1640,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
@@ -1596,8 +1651,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
OPENSSL_free(ca_list); /* Not needed anymore */
if (!ok) { /* Rule processing failure */
@ -238,7 +200,7 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
}
/*
@@ -1592,14 +1648,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
@@ -1605,10 +1659,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
* if we cannot get one.
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
@ -253,13 +215,16 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
+
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
if (!sk_SSL_CIPHER_push(cipherstack,
sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
+ OPENSSL_free(co_list);
const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
@@ -1622,6 +1679,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
if (!sk_SSL_CIPHER_push(cipherstack, sslc)) {
sk_SSL_CIPHER_free(cipherstack);
+ OPENSSL_free(co_list);
return NULL;
}
@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
}
@@ -1656,6 +1714,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
*cipher_list = cipherstack;
return cipherstack;
@ -274,31 +239,33 @@ diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_
}
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
diff -up openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1c/ssl/ssl_lib.c
--- openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist 2019-05-29 15:42:27.970328937 +0200
+++ openssl-1.1.1c/ssl/ssl_lib.c 2019-05-29 15:42:27.977328814 +0200
@@ -662,7 +662,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d14d5819ba..48d491219a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
ctx->tls13_ciphersuites,
&(ctx->cipher_list),
&(ctx->cipher_list_by_id),
- SSL_DEFAULT_CIPHER_LIST, ctx->cert);
- OSSL_default_cipher_list(), ctx->cert);
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert);
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return 0;
@@ -2954,7 +2954,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
if (!ssl_create_cipher_list(ret->method,
@@ -3193,7 +3193,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
if (!ssl_create_cipher_list(ret,
ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id,
- SSL_DEFAULT_CIPHER_LIST, ret->cert)
- OSSL_default_cipher_list(), ret->cert)
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert)
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
diff -up openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist openssl-1.1.1c/test/cipherlist_test.c
--- openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
+++ openssl-1.1.1c/test/cipherlist_test.c 2019-05-29 15:42:27.977328814 +0200
@@ -251,7 +251,9 @@ end:
diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
index 380f0727fc..6922a87c30 100644
--- a/test/cipherlist_test.c
+++ b/test/cipherlist_test.c
@@ -244,7 +244,9 @@ end:
int setup_tests(void)
{
@ -308,3 +275,57 @@ diff -up openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist openssl-1.1.1c/
ADD_TEST(test_default_cipherlist_explicit);
ADD_TEST(test_default_cipherlist_clear);
return 1;
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 404a706fab..e81fa9ec3e 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION:
ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
--
2.26.2
diff -up openssl-3.0.0-beta1/Configure.sys-default openssl-3.0.0-beta1/Configure
--- openssl-3.0.0-beta1/Configure.sys-default 2021-06-29 11:47:58.978144386 +0200
+++ openssl-3.0.0-beta1/Configure 2021-06-29 11:52:01.631126260 +0200
@@ -27,7 +27,7 @@ use OpenSSL::config;
my $orig_death_handler = $SIG{__DIE__};
$SIG{__DIE__} = \&death_handler;
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
my $banner = <<"EOF";
@@ -61,6 +61,10 @@ EOF
# given with --prefix.
# This becomes the value of OPENSSLDIR in Makefile and in C.
# (Default: PREFIX/ssl)
+#
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
+# cipher is specified (default).
+#
# --banner=".." Output specified text instead of default completion banner
#
# -w Don't wait after showing a Configure warning
@@ -385,6 +389,7 @@ $config{prefix}="";
$config{openssldir}="";
$config{processor}="";
$config{libdir}="";
+$config{system_ciphers_file}="";
my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
@@ -987,6 +992,10 @@ while (@argvcopy)
die "FIPS key too long (64 bytes max)\n"
if length $1 > 64;
}
+ elsif (/^--system-ciphers-file=(.*)$/)
+ {
+ $config{system_ciphers_file}=$1;
+ }
elsif (/^--banner=(.*)$/)
{
$banner = $1 . "\n";

View File

@ -0,0 +1,87 @@
From 5b2ec9a54037d7b007324bf53e067e73511cdfe4 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 26 Nov 2020 14:00:16 +0100
Subject: Add FIPS_mode() compatibility macro
The macro calls EVP_default_properties_is_fips_enabled() on the
default context.
---
include/openssl/crypto.h.in | 1 +
include/openssl/fips.h | 25 +++++++++++++++++++++++++
test/property_test.c | 13 +++++++++++++
3 files changed, 39 insertions(+)
create mode 100644 include/openssl/fips.h
diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in
index 1036da9a2b..9d4896fcaf 100644
--- a/include/openssl/crypto.h.in
+++ b/include/openssl/crypto.h.in
@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack_macros);
# include <openssl/opensslconf.h>
# include <openssl/cryptoerr.h>
# include <openssl/core.h>
+# include <openssl/fips.h>
# ifdef CHARSET_EBCDIC
# include <openssl/ebcdic.h>
diff --git a/include/openssl/fips.h b/include/openssl/fips.h
new file mode 100644
index 0000000000..c64f0f8e8f
--- /dev/null
+++ b/include/openssl/fips.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_FIPS_H
+# define OPENSSL_FIPS_H
+# pragma once
+
+# include <openssl/macros.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c
--- openssl-3.0.0-beta1/test/property_test.c.fips-macro 2021-06-29 12:14:58.851557698 +0200
+++ openssl-3.0.0-beta1/test/property_test.c 2021-06-29 12:17:14.630143832 +0200
@@ -488,6 +488,18 @@ static int test_property_list_to_string(
return ret;
}
+static int test_downstream_FIPS_mode(void)
+{
+ int ret = 0;
+
+ ret = TEST_true(EVP_set_default_properties(NULL, "fips=yes"))
+ && TEST_true(FIPS_mode())
+ && TEST_true(EVP_set_default_properties(NULL, "fips=no"))
+ && TEST_false(FIPS_mode());
+
+ return ret;
+}
+
int setup_tests(void)
{
ADD_TEST(test_property_string);
@@ -500,6 +512,7 @@ int setup_tests(void)
ADD_TEST(test_property);
ADD_TEST(test_query_cache_stochastic);
ADD_TEST(test_fips_mode);
+ ADD_TEST(test_downstream_FIPS_mode);
ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
return 1;
}

View File

@ -0,0 +1,79 @@
diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c
--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100
+++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100
@@ -12,11 +12,54 @@
#include "internal/bio.h"
#include "internal/provider.h"
+#ifndef FIPS_MODULE
+# include <sys/types.h>
+# include <sys/stat.h>
+# include <fcntl.h>
+# include <unistd.h>
+# include <openssl/evp.h>
+#endif
+
struct ossl_lib_ctx_onfree_list_st {
ossl_lib_ctx_onfree_fn *fn;
struct ossl_lib_ctx_onfree_list_st *next;
};
+# ifndef FIPS_MODULE
+# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
+
+static int kernel_fips_flag;
+
+static void read_kernel_fips_flag(void)
+{
+ char buf[2] = "0";
+ int fd;
+
+ if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
+ buf[0] = '1';
+ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
+ close(fd);
+ }
+
+ if (buf[0] == '1') {
+ kernel_fips_flag = 1;
+ }
+
+ return;
+}
+
+static int apply_kernel_fips_flag(OSSL_LIB_CTX *ctx)
+{
+ if (kernel_fips_flag) {
+ return EVP_default_properties_enable_fips(ctx, 1);
+ }
+
+ return 1;
+}
+# endif
+
+
struct ossl_lib_ctx_st {
CRYPTO_RWLOCK *lock;
CRYPTO_EX_DATA data;
@@ -74,6 +117,12 @@ static int context_init(OSSL_LIB_CTX *ct
if (!ossl_property_parse_init(ctx))
goto err;
+# ifndef FIPS_MODULE
+ /* Preset the fips=yes default property with kernel FIPS mode */
+ if (!apply_kernel_fips_flag(ctx))
+ goto err;
+# endif
+
return 1;
err:
if (exdata_done)
@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte
DEFINE_RUN_ONCE_STATIC(default_context_do_init)
{
+ read_kernel_fips_flag();
return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL)
&& context_init(&default_context_int);
}

5013
0011-Remove-EC-curves.patch Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,75 @@
diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf
--- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200
+++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200
@@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
-# For FIPS
-# Optionally include a file that is generated by the OpenSSL fipsinstall
-# application. This file contains configuration data required by the OpenSSL
-# fips provider. It contains a named section e.g. [fips_sect] which is
-# referenced from the [provider_sect] below.
-# Refer to the OpenSSL security policy for more information.
-# .include fipsmodule.cnf
-
[openssl_init]
providers = provider_sect
# Load default TLS policy configuration
ssl_conf = ssl_module
-# List of providers to load
-[provider_sect]
-default = default_sect
-# The fips section name should match the section name inside the
-# included fipsmodule.cnf.
-# fips = fips_sect
+# Uncomment the sections that start with ## below to enable the legacy provider.
+# Loading the legacy provider enables support for the following algorithms:
+# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160
+# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED
+# Key Derivation Function (KDF): PBKDF1
+# In general it is not recommended to use the above mentioned algorithms for
+# security critical operations, as they are cryptographically weak or vulnerable
+# to side-channel attacks and as such have been deprecated.
-# If no providers are activated explicitly, the default one is activated implicitly.
-# See man 7 OSSL_PROVIDER-default for more details.
-#
-# If you add a section explicitly activating any other provider(s), you most
-# probably need to explicitly activate the default provider, otherwise it
-# becomes unavailable in openssl. As a consequence applications depending on
-# OpenSSL may not work correctly which could lead to significant system
-# problems including inability to remotely access the system.
-[default_sect]
-# activate = 1
+[provider_sect]
+##default = default_sect
+##legacy = legacy_sect
+##
+##[default_sect]
+##activate = 1
+##
+##[legacy_sect]
+##activate = 1
[ ssl_module ]
diff -up openssl-3.0.0/doc/man5/config.pod.legacy-prov openssl-3.0.0/doc/man5/config.pod
--- openssl-3.0.0/doc/man5/config.pod.legacy-prov 2021-09-09 12:09:38.079040853 +0200
+++ openssl-3.0.0/doc/man5/config.pod 2021-09-09 12:11:56.646224876 +0200
@@ -273,6 +273,14 @@ significant.
All parameters in the section as well as sub-sections are made
available to the provider.
+=head3 Loading the legacy provider
+
+Uncomment the sections that start with ## in openssl.cnf
+to enable the legacy provider.
+Note: In general it is not recommended to use the above mentioned algorithms for
+security critical operations, as they are cryptographically weak or vulnerable
+to side-channel attacks and as such have been deprecated.
+
=head3 Default provider and its activation
If no providers are activated explicitly, the default one is activated implicitly.

7
configuration-prefix.h Normal file
View File

@ -0,0 +1,7 @@
/* Prepended at openssl package build-time. Don't include this file directly,
* use <openssl/opensslconf.h> instead. */
#ifndef openssl_conf_multilib_redirection_h
#error "Don't include this file directly, use <openssl/opensslconf.h> instead!"
#endif

47
configuration-switch.h Normal file
View File

@ -0,0 +1,47 @@
/* This file is here to prevent a file conflict on multiarch systems. A
* conflict will frequently occur because arch-specific build-time
* configuration options are stored (and used, so they can't just be stripped
* out) in configuration.h. The original configuration.h has been renamed.
* DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
#ifdef openssl_conf_multilib_redirection_h
#error "Do not define openssl_conf_multilib_redirection_h!"
#endif
#define openssl_conf_multilib_redirection_h
#if defined(__i386__)
#include "configuration-i386.h"
#elif defined(__ia64__)
#include "configuration-ia64.h"
#elif defined(__mips64) && defined(__MIPSEL__)
#include "configuration-mips64el.h"
#elif defined(__mips64)
#include "configuration-mips64.h"
#elif defined(__mips) && defined(__MIPSEL__)
#include "configuration-mipsel.h"
#elif defined(__mips)
#include "configuration-mips.h"
#elif defined(__powerpc64__)
#include <endian.h>
#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
#include "configuration-ppc64.h"
#else
#include "configuration-ppc64le.h"
#endif
#elif defined(__powerpc__)
#include "configuration-ppc.h"
#elif defined(__s390x__)
#include "configuration-s390x.h"
#elif defined(__s390__)
#include "configuration-s390.h"
#elif defined(__sparc__) && defined(__arch64__)
#include "configuration-sparc64.h"
#elif defined(__sparc__)
#include "configuration-sparc.h"
#elif defined(__x86_64__)
#include "configuration-x86_64.h"
#else
#error "The openssl-devel package does not work your architecture?"
#endif
#undef openssl_conf_multilib_redirection_h

View File

@ -1,17 +1,24 @@
/*
* Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* ECDSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <string.h>
#include "ec_local.h"
#include <openssl/err.h>
#include <openssl/obj_mac.h>
#include <openssl/objects.h>
#include <openssl/opensslconf.h>
#include "internal/nelem.h"
@ -242,43 +249,115 @@ typedef struct _ec_list_element_st {
const char *comment;
} ec_list_element;
#ifdef FIPS_MODULE
static const ec_list_element curve_list[] = {
/* prime field curves */
/* secg curves */
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
{NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
{NID_secp224r1, &_EC_NIST_PRIME_224.h,
# if !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp224_method,
# else
0,
# endif
"NIST/SECG curve over a 224 bit prime field"},
#else
{NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
"NIST/SECG curve over a 224 bit prime field"},
#endif
{NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
"SECG curve over a 256 bit prime field"},
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
{NID_secp384r1, &_EC_NIST_PRIME_384.h, 0,
{NID_secp384r1, &_EC_NIST_PRIME_384.h,
# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp384_method,
# else
0,
# endif
"NIST/SECG curve over a 384 bit prime field"},
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
{NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method,
{NID_secp521r1, &_EC_NIST_PRIME_521.h,
# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp521_method,
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp521_method,
# else
0,
# endif
"NIST/SECG curve over a 521 bit prime field"},
#else
{NID_secp521r1, &_EC_NIST_PRIME_521.h, 0,
"NIST/SECG curve over a 521 bit prime field"},
#endif
/* X9.62 curves */
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
#if defined(ECP_NISTZ256_ASM)
# if defined(ECP_NISTZ256_ASM)
EC_GFp_nistz256_method,
#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
# elif defined(S390X_EC_ASM)
EC_GFp_s390x_nistp256_method,
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp256_method,
#else
# else
0,
#endif
# endif
"X9.62/SECG curve over a 256 bit prime field"},
};
#else
static const ec_list_element curve_list[] = {
/* prime field curves */
/* secg curves */
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
{NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
"NIST/SECG curve over a 224 bit prime field"},
# else
{NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
"NIST/SECG curve over a 224 bit prime field"},
# endif
{NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
"SECG curve over a 256 bit prime field"},
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
{NID_secp384r1, &_EC_NIST_PRIME_384.h,
# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp384_method,
# else
0,
# endif
"NIST/SECG curve over a 384 bit prime field"},
{NID_secp521r1, &_EC_NIST_PRIME_521.h,
# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp521_method,
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp521_method,
# else
0,
# endif
"NIST/SECG curve over a 521 bit prime field"},
/* X9.62 curves */
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
# if defined(ECP_NISTZ256_ASM)
EC_GFp_nistz256_method,
# elif defined(S390X_EC_ASM)
EC_GFp_s390x_nistp256_method,
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp256_method,
# else
0,
# endif
"X9.62/SECG curve over a 256 bit prime field"},
};
#endif /* FIPS_MODULE */
#define curve_list_length OSSL_NELEM(curve_list)
static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
static const ec_list_element *ec_curve_nid2curve(int nid)
{
size_t i;
if (nid <= 0)
return NULL;
for (i = 0; i < curve_list_length; i++) {
if (curve_list[i].nid == nid)
return &curve_list[i];
}
return NULL;
}
static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx,
const char *propq,
const ec_list_element curve)
{
EC_GROUP *group = NULL;
EC_POINT *P = NULL;
@ -293,10 +372,11 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
/* If no curve data curve method must handle everything */
if (curve.data == NULL)
return EC_GROUP_new(curve.meth != NULL ? curve.meth() : NULL);
return ossl_ec_group_new_ex(libctx, propq,
curve.meth != NULL ? curve.meth() : NULL);
if ((ctx = BN_CTX_new()) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
if ((ctx = BN_CTX_new_ex(libctx)) == NULL) {
ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
goto err;
}
@ -309,20 +389,20 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL
|| (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL
|| (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
goto err;
}
if (curve.meth != 0) {
meth = curve.meth();
if (((group = EC_GROUP_new(meth)) == NULL) ||
if (((group = ossl_ec_group_new_ex(libctx, propq, meth)) == NULL) ||
(!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
} else if (data->field_type == NID_X9_62_prime_field) {
if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
}
@ -331,7 +411,7 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
* NID_X9_62_characteristic_two_field */
if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
}
@ -340,31 +420,31 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
EC_GROUP_set_curve_name(group, curve.nid);
if ((P = EC_POINT_new(group)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL
|| (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
goto err;
}
if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL
|| !BN_set_word(x, (BN_ULONG)data->cofactor)) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
goto err;
}
if (!EC_GROUP_set_generator(group, P, order, x)) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
if (seed_len) {
if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
}
@ -385,28 +465,33 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
return group;
}
EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq,
int nid)
{
size_t i;
EC_GROUP *ret = NULL;
const ec_list_element *curve;
if (nid <= 0)
return NULL;
for (i = 0; i < curve_list_length; i++)
if (curve_list[i].nid == nid) {
ret = ec_group_new_from_data(curve_list[i]);
break;
}
if (ret == NULL) {
ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
if ((curve = ec_curve_nid2curve(nid)) == NULL
|| (ret = ec_group_new_from_data(libctx, propq, *curve)) == NULL) {
#ifndef FIPS_MODULE
ERR_raise_data(ERR_LIB_EC, EC_R_UNKNOWN_GROUP,
"name=%s", OBJ_nid2sn(nid));
#else
ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
#endif
return NULL;
}
return ret;
}
#ifndef FIPS_MODULE
EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
{
return EC_GROUP_new_by_curve_name_ex(NULL, NULL, nid);
}
#endif
size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
{
size_t i, min;
@ -424,49 +509,14 @@ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
return curve_list_length;
}
/* Functions to translate between common NIST curve names and NIDs */
typedef struct {
const char *name; /* NIST Name of curve */
int nid; /* Curve NID */
} EC_NIST_NAME;
static EC_NIST_NAME nist_curves[] = {
{"B-163", NID_sect163r2},
{"B-233", NID_sect233r1},
{"B-283", NID_sect283r1},
{"B-409", NID_sect409r1},
{"B-571", NID_sect571r1},
{"K-163", NID_sect163k1},
{"K-233", NID_sect233k1},
{"K-283", NID_sect283k1},
{"K-409", NID_sect409k1},
{"K-571", NID_sect571k1},
{"P-192", NID_X9_62_prime192v1},
{"P-224", NID_secp224r1},
{"P-256", NID_X9_62_prime256v1},
{"P-384", NID_secp384r1},
{"P-521", NID_secp521r1}
};
const char *EC_curve_nid2nist(int nid)
{
size_t i;
for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
if (nist_curves[i].nid == nid)
return nist_curves[i].name;
}
return NULL;
return ossl_ec_curve_nid2nist_int(nid);
}
int EC_curve_nist2nid(const char *name)
{
size_t i;
for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
if (strcmp(nist_curves[i].name, name) == 0)
return nist_curves[i].nid;
}
return NID_undef;
return ossl_ec_curve_nist2nid_int(name);
}
#define NUM_BN_FIELDS 6
@ -478,7 +528,7 @@ int EC_curve_nist2nid(const char *name)
* Returns: The nid associated with the found named curve, or NID_undef
* if not found. If there was an error it returns -1.
*/
int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
{
int ret = -1, nid, len, field_type, param_len;
size_t i, seed_len;
@ -486,17 +536,13 @@ int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
unsigned char *param_bytes = NULL;
const EC_CURVE_DATA *data;
const EC_POINT *generator = NULL;
const EC_METHOD *meth;
const BIGNUM *cofactor = NULL;
/* An array of BIGNUMs for (p, a, b, x, y, order) */
BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL};
meth = EC_GROUP_method_of(group);
if (meth == NULL)
return -1;
/* Use the optional named curve nid as a search field */
nid = EC_GROUP_get_curve_name(group);
field_type = EC_METHOD_get_field_type(meth);
field_type = EC_GROUP_get_field_type(group);
seed_len = EC_GROUP_get_seed_len(group);
seed = EC_GROUP_get0_seed(group);
cofactor = EC_GROUP_get0_cofactor(group);

1091
ectest.c

File diff suppressed because it is too large Load Diff

26
genpatches Executable file
View File

@ -0,0 +1,26 @@
#!/bin/bash
if [ $# -ne 2 ] ; then
echo "Usage:"
echo " $0 <git-dir> <base-tag>"
exit 1
fi
git_dir="$1"
base_tag="$2"
target_dir="$(pwd)"
pushd "$git_dir" >/dev/null
git format-patch -k -o "$target_dir" "$base_tag" >/dev/null
popd >/dev/null
echo "# Patches exported from source git"
i=1
for p in *.patch ; do
printf "# "
sed '/^Subject:/{s/^Subject: //;p};d' "$p"
printf "Patch%s: %s\n" $i "$p"
i=$(($i + 1))
done

View File

@ -1,27 +0,0 @@
commit 9e885a707d604e9528b5491b78fb9c00f41193fc
Author: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu Mar 26 15:59:00 2020 +0100
s_server: Properly indicate ALPN protocol mismatch
Return SSL_TLSEXT_ERR_ALERT_FATAL from alpn_select_cb so that
an alert is sent to the client on ALPN protocol mismatch.
Fixes: #2708
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11415)
diff --git a/apps/s_server.c b/apps/s_server.c
index bcc83e562c..591c6c19c5 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -707,7 +707,7 @@ static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
if (SSL_select_next_proto
((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in,
inlen) != OPENSSL_NPN_NEGOTIATED) {
- return SSL_TLSEXT_ERR_NOACK;
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
}
if (!s_quiet) {

View File

@ -1,12 +0,0 @@
diff -up openssl-1.1.1b/apps/ca.c.dgst openssl-1.1.1b/apps/ca.c
--- openssl-1.1.1b/apps/ca.c.dgst 2019-02-26 15:15:30.000000000 +0100
+++ openssl-1.1.1b/apps/ca.c 2019-03-15 15:53:46.622267688 +0100
@@ -169,7 +169,7 @@ const OPTIONS ca_options[] = {
{"enddate", OPT_ENDDATE, 's',
"YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
{"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
- {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
+ {"md", OPT_MD, 's', "md to use; see openssl help for list"},
{"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
{"keyfile", OPT_KEYFILE, 's', "Private key"},
{"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},

File diff suppressed because it is too large Load Diff

View File

@ -1,40 +0,0 @@
diff -up openssl-1.1.1f/Configurations/10-main.conf.build openssl-1.1.1f/Configurations/10-main.conf
--- openssl-1.1.1f/Configurations/10-main.conf.build 2020-03-31 14:17:45.000000000 +0200
+++ openssl-1.1.1f/Configurations/10-main.conf 2020-04-07 16:42:10.920546387 +0200
@@ -678,6 +678,7 @@ my %targets = (
cxxflags => add("-m64"),
lib_cppflags => add("-DL_ENDIAN"),
perlasm_scheme => "linux64le",
+ multilib => "64",
},
"linux-armv4" => {
@@ -718,6 +719,7 @@ my %targets = (
"linux-aarch64" => {
inherit_from => [ "linux-generic64", asm("aarch64_asm") ],
perlasm_scheme => "linux64",
+ multilib => "64",
},
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
inherit_from => [ "linux-generic32", asm("aarch64_asm") ],
diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build openssl-1.1.1f/Configurations/unix-Makefile.tmpl
--- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build 2020-04-07 16:42:10.920546387 +0200
+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-04-07 16:44:23.539142108 +0200
@@ -823,7 +823,7 @@ uninstall_runtime_libs:
install_man_docs:
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(ECHO) "*** Installing manpages"
- $(PERL) $(SRCDIR)/util/process_docs.pl \
+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
"--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX)
uninstall_man_docs:
@@ -835,7 +835,7 @@ uninstall_man_docs:
install_html_docs:
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(ECHO) "*** Installing HTML manpages"
- $(PERL) $(SRCDIR)/util/process_docs.pl \
+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
"--destdir=$(DESTDIR)$(HTMLDIR)" --type=html
uninstall_html_docs:

View File

@ -1,56 +0,0 @@
diff -up openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths openssl-1.1.1-pre8/apps/CA.pl.in
--- openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths 2018-06-20 16:48:09.000000000 +0200
+++ openssl-1.1.1-pre8/apps/CA.pl.in 2018-07-25 17:26:58.388624296 +0200
@@ -33,7 +33,7 @@ my $X509 = "$openssl x509";
my $PKCS12 = "$openssl pkcs12";
# default openssl.cnf file has setup as per the following
-my $CATOP = "./demoCA";
+my $CATOP = "/etc/pki/CA";
my $CAKEY = "cakey.pem";
my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem";
diff -up openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths openssl-1.1.1-pre8/apps/openssl.cnf
--- openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths 2018-07-25 17:26:58.378624057 +0200
+++ openssl-1.1.1-pre8/apps/openssl.cnf 2018-07-27 13:20:08.198513471 +0200
@@ -23,6 +23,22 @@ oid_section = new_oids
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
+# Load default TLS policy configuration
+
+openssl_conf = default_modules
+
+[ default_modules ]
+
+ssl_conf = ssl_module
+
+[ ssl_module ]
+
+system_default = crypto_policy
+
+[ crypto_policy ]
+
+.include = /etc/crypto-policies/back-ends/opensslcnf.config
+
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
@@ -43,7 +59,7 @@ default_ca = CA_default # The default c
####################################################################
[ CA_default ]
-dir = ./demoCA # Where everything is kept
+dir = /etc/pki/CA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
@@ -329,7 +345,7 @@ default_tsa = tsa_config1 # the default
[ tsa_config1 ]
# These are used by the TSA reply generation only.
-dir = ./demoCA # TSA root directory
+dir = /etc/pki/CA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate

View File

@ -1,91 +0,0 @@
diff -up openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_client.c
--- openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200
+++ openssl-1.1.1-pre8/apps/s_client.c 2018-07-16 18:16:40.070186323 +0200
@@ -1681,6 +1681,9 @@ int s_client_main(int argc, char **argv)
if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
+
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
diff -up openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_server.c
--- openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200
+++ openssl-1.1.1-pre8/apps/s_server.c 2018-07-16 18:17:17.300055551 +0200
@@ -1760,6 +1760,9 @@ int s_server_main(int argc, char *argv[]
if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
+
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.1-pre8/ssl/ssl_lib.c
--- openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 2018-06-20 16:48:13.000000000 +0200
+++ openssl-1.1.1-pre8/ssl/ssl_lib.c 2018-07-16 18:08:20.001487652 +0200
@@ -3016,6 +3016,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
*/
ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
+ if (meth->version != SSL3_VERSION) {
+ /*
+ * Disable SSLv3 by default. Applications can
+ * re-enable it by configuring
+ * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
+ * or by using the SSL_CONF API.
+ */
+ ret->options |= SSL_OP_NO_SSLv3;
+ }
+
ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
/*
diff -up openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 openssl-1.1.1-pre8/test/ssl_test.c
--- openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200
+++ openssl-1.1.1-pre8/test/ssl_test.c 2018-07-16 18:18:34.806865121 +0200
@@ -443,6 +443,7 @@ static int test_handshake(int idx)
SSL_TEST_SERVERNAME_CB_NONE) {
if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
goto err;
+ SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3);
if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,
TLS_MAX_VERSION)))
goto err;
@@ -464,6 +465,8 @@ static int test_handshake(int idx)
if (!TEST_ptr(resume_server_ctx)
|| !TEST_ptr(resume_client_ctx))
goto err;
+ SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3);
+ SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3);
}
}
@@ -477,6 +480,9 @@ static int test_handshake(int idx)
|| !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0))
goto err;
+ SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3);
+ SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3);
+
if (!SSL_CTX_config(server_ctx, "server")
|| !SSL_CTX_config(client_ctx, "client")) {
goto err;
diff -up openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 openssl-1.1.1-pre8/test/ssltest_old.c
--- openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200
+++ openssl-1.1.1-pre8/test/ssltest_old.c 2018-07-16 18:08:20.002487676 +0200
@@ -1358,6 +1358,11 @@ int main(int argc, char *argv[])
ERR_print_errors(bio_err);
goto end;
}
+
+ SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3);
+ SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3);
+ SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3);
+
/*
* Since we will use low security ciphersuites and keys for testing set
* security level to zero by default. Tests can override this by adding

View File

@ -1,266 +0,0 @@
diff -up openssl-1.1.1h/apps/speed.c.curves openssl-1.1.1h/apps/speed.c
--- openssl-1.1.1h/apps/speed.c.curves 2020-09-22 14:55:07.000000000 +0200
+++ openssl-1.1.1h/apps/speed.c 2020-11-06 13:27:15.659288431 +0100
@@ -490,90 +490,30 @@ static double rsa_results[RSA_NUM][2];
#endif /* OPENSSL_NO_RSA */
enum {
- R_EC_P160,
- R_EC_P192,
R_EC_P224,
R_EC_P256,
R_EC_P384,
R_EC_P521,
-#ifndef OPENSSL_NO_EC2M
- R_EC_K163,
- R_EC_K233,
- R_EC_K283,
- R_EC_K409,
- R_EC_K571,
- R_EC_B163,
- R_EC_B233,
- R_EC_B283,
- R_EC_B409,
- R_EC_B571,
-#endif
- R_EC_BRP256R1,
- R_EC_BRP256T1,
- R_EC_BRP384R1,
- R_EC_BRP384T1,
- R_EC_BRP512R1,
- R_EC_BRP512T1,
R_EC_X25519,
R_EC_X448
};
#ifndef OPENSSL_NO_EC
static OPT_PAIR ecdsa_choices[] = {
- {"ecdsap160", R_EC_P160},
- {"ecdsap192", R_EC_P192},
{"ecdsap224", R_EC_P224},
{"ecdsap256", R_EC_P256},
{"ecdsap384", R_EC_P384},
{"ecdsap521", R_EC_P521},
-# ifndef OPENSSL_NO_EC2M
- {"ecdsak163", R_EC_K163},
- {"ecdsak233", R_EC_K233},
- {"ecdsak283", R_EC_K283},
- {"ecdsak409", R_EC_K409},
- {"ecdsak571", R_EC_K571},
- {"ecdsab163", R_EC_B163},
- {"ecdsab233", R_EC_B233},
- {"ecdsab283", R_EC_B283},
- {"ecdsab409", R_EC_B409},
- {"ecdsab571", R_EC_B571},
-# endif
- {"ecdsabrp256r1", R_EC_BRP256R1},
- {"ecdsabrp256t1", R_EC_BRP256T1},
- {"ecdsabrp384r1", R_EC_BRP384R1},
- {"ecdsabrp384t1", R_EC_BRP384T1},
- {"ecdsabrp512r1", R_EC_BRP512R1},
- {"ecdsabrp512t1", R_EC_BRP512T1}
};
# define ECDSA_NUM OSSL_NELEM(ecdsa_choices)
static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
static const OPT_PAIR ecdh_choices[] = {
- {"ecdhp160", R_EC_P160},
- {"ecdhp192", R_EC_P192},
{"ecdhp224", R_EC_P224},
{"ecdhp256", R_EC_P256},
{"ecdhp384", R_EC_P384},
{"ecdhp521", R_EC_P521},
-# ifndef OPENSSL_NO_EC2M
- {"ecdhk163", R_EC_K163},
- {"ecdhk233", R_EC_K233},
- {"ecdhk283", R_EC_K283},
- {"ecdhk409", R_EC_K409},
- {"ecdhk571", R_EC_K571},
- {"ecdhb163", R_EC_B163},
- {"ecdhb233", R_EC_B233},
- {"ecdhb283", R_EC_B283},
- {"ecdhb409", R_EC_B409},
- {"ecdhb571", R_EC_B571},
-# endif
- {"ecdhbrp256r1", R_EC_BRP256R1},
- {"ecdhbrp256t1", R_EC_BRP256T1},
- {"ecdhbrp384r1", R_EC_BRP384R1},
- {"ecdhbrp384t1", R_EC_BRP384T1},
- {"ecdhbrp512r1", R_EC_BRP512R1},
- {"ecdhbrp512t1", R_EC_BRP512T1},
{"ecdhx25519", R_EC_X25519},
{"ecdhx448", R_EC_X448}
};
@@ -1502,31 +1442,10 @@ int speed_main(int argc, char **argv)
unsigned int bits;
} test_curves[] = {
/* Prime Curves */
- {"secp160r1", NID_secp160r1, 160},
- {"nistp192", NID_X9_62_prime192v1, 192},
{"nistp224", NID_secp224r1, 224},
{"nistp256", NID_X9_62_prime256v1, 256},
{"nistp384", NID_secp384r1, 384},
{"nistp521", NID_secp521r1, 521},
-# ifndef OPENSSL_NO_EC2M
- /* Binary Curves */
- {"nistk163", NID_sect163k1, 163},
- {"nistk233", NID_sect233k1, 233},
- {"nistk283", NID_sect283k1, 283},
- {"nistk409", NID_sect409k1, 409},
- {"nistk571", NID_sect571k1, 571},
- {"nistb163", NID_sect163r2, 163},
- {"nistb233", NID_sect233r1, 233},
- {"nistb283", NID_sect283r1, 283},
- {"nistb409", NID_sect409r1, 409},
- {"nistb571", NID_sect571r1, 571},
-# endif
- {"brainpoolP256r1", NID_brainpoolP256r1, 256},
- {"brainpoolP256t1", NID_brainpoolP256t1, 256},
- {"brainpoolP384r1", NID_brainpoolP384r1, 384},
- {"brainpoolP384t1", NID_brainpoolP384t1, 384},
- {"brainpoolP512r1", NID_brainpoolP512r1, 512},
- {"brainpoolP512t1", NID_brainpoolP512t1, 512},
/* Other and ECDH only ones */
{"X25519", NID_X25519, 253},
{"X448", NID_X448, 448}
@@ -2026,9 +1945,9 @@ int speed_main(int argc, char **argv)
# endif
# ifndef OPENSSL_NO_EC
- ecdsa_c[R_EC_P160][0] = count / 1000;
- ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
- for (i = R_EC_P192; i <= R_EC_P521; i++) {
+ ecdsa_c[R_EC_P224][0] = count / 1000;
+ ecdsa_c[R_EC_P224][1] = count / 1000 / 2;
+ for (i = R_EC_P256; i <= R_EC_P521; i++) {
ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
@@ -2040,7 +1959,7 @@ int speed_main(int argc, char **argv)
}
}
}
-# ifndef OPENSSL_NO_EC2M
+# if 0
ecdsa_c[R_EC_K163][0] = count / 1000;
ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
for (i = R_EC_K233; i <= R_EC_K571; i++) {
@@ -2071,8 +1990,8 @@ int speed_main(int argc, char **argv)
}
# endif
- ecdh_c[R_EC_P160][0] = count / 1000;
- for (i = R_EC_P192; i <= R_EC_P521; i++) {
+ ecdh_c[R_EC_P224][0] = count / 1000;
+ for (i = R_EC_P256; i <= R_EC_P521; i++) {
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
ecdh_doit[i] = 0;
@@ -2082,7 +2001,7 @@ int speed_main(int argc, char **argv)
}
}
}
-# ifndef OPENSSL_NO_EC2M
+# if 0
ecdh_c[R_EC_K163][0] = count / 1000;
for (i = R_EC_K233; i <= R_EC_K571; i++) {
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
diff -up openssl-1.1.1h/crypto/ec/ecp_smpl.c.curves openssl-1.1.1h/crypto/ec/ecp_smpl.c
--- openssl-1.1.1h/crypto/ec/ecp_smpl.c.curves 2020-09-22 14:55:07.000000000 +0200
+++ openssl-1.1.1h/crypto/ec/ecp_smpl.c 2020-11-06 13:27:15.659288431 +0100
@@ -145,6 +145,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
return 0;
}
+ if (BN_num_bits(p) < 224) {
+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
+ return 0;
+ }
+
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
diff -up openssl-1.1.1h/test/ecdsatest.h.curves openssl-1.1.1h/test/ecdsatest.h
--- openssl-1.1.1h/test/ecdsatest.h.curves 2020-11-06 13:27:15.627288114 +0100
+++ openssl-1.1.1h/test/ecdsatest.h 2020-11-06 13:27:15.660288441 +0100
@@ -32,23 +32,6 @@ typedef struct {
} ecdsa_cavs_kat_t;
static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
- /* prime KATs from X9.62 */
- {NID_X9_62_prime192v1, NID_sha1,
- "616263", /* "abc" */
- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
- "5ca5c0d69716dfcb3474373902",
- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
- {NID_X9_62_prime239v1, NID_sha1,
- "616263", /* "abc" */
- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
/* prime KATs from NIST CAVP */
{NID_secp224r1, NID_sha224,
"699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
--- openssl-1.1.1h/test/recipes/15-test_genec.t.ec-curves 2020-11-06 13:58:36.402895540 +0100
+++ openssl-1.1.1h/test/recipes/15-test_genec.t 2020-11-06 13:59:38.508484498 +0100
@@ -20,45 +20,11 @@ plan skip_all => "This test is unsupport
if disabled("ec");
my @prime_curves = qw(
- secp112r1
- secp112r2
- secp128r1
- secp128r2
- secp160k1
- secp160r1
- secp160r2
- secp192k1
- secp224k1
secp224r1
secp256k1
secp384r1
secp521r1
- prime192v1
- prime192v2
- prime192v3
- prime239v1
- prime239v2
- prime239v3
prime256v1
- wap-wsg-idm-ecid-wtls6
- wap-wsg-idm-ecid-wtls7
- wap-wsg-idm-ecid-wtls8
- wap-wsg-idm-ecid-wtls9
- wap-wsg-idm-ecid-wtls12
- brainpoolP160r1
- brainpoolP160t1
- brainpoolP192r1
- brainpoolP192t1
- brainpoolP224r1
- brainpoolP224t1
- brainpoolP256r1
- brainpoolP256t1
- brainpoolP320r1
- brainpoolP320t1
- brainpoolP384r1
- brainpoolP384t1
- brainpoolP512r1
- brainpoolP512t1
);
my @binary_curves = qw(
@@ -115,7 +81,6 @@ push(@other_curves, 'SM2')
if !disabled("sm2");
my @curve_aliases = qw(
- P-192
P-224
P-256
P-384

View File

@ -1,57 +0,0 @@
diff -up openssl-1.1.1g/crypto/evp/pkey_kdf.c.edk2-build openssl-1.1.1g/crypto/evp/pkey_kdf.c
--- openssl-1.1.1g/crypto/evp/pkey_kdf.c.edk2-build 2020-05-18 12:55:53.299548432 +0200
+++ openssl-1.1.1g/crypto/evp/pkey_kdf.c 2020-05-18 12:55:53.340548788 +0200
@@ -12,6 +12,7 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/kdf.h>
+#include "internal/numbers.h"
#include "crypto/evp.h"
static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
diff -up openssl-1.1.1g/crypto/kdf/hkdf.c.edk2-build openssl-1.1.1g/crypto/kdf/hkdf.c
--- openssl-1.1.1g/crypto/kdf/hkdf.c.edk2-build 2020-05-18 12:55:53.340548788 +0200
+++ openssl-1.1.1g/crypto/kdf/hkdf.c 2020-05-18 12:57:18.648288904 +0200
@@ -13,6 +13,7 @@
#include <openssl/hmac.h>
#include <openssl/kdf.h>
#include <openssl/evp.h>
+#include "internal/numbers.h"
#include "internal/cryptlib.h"
#include "crypto/evp.h"
#include "kdf_local.h"
diff -up openssl-1.1.1g/crypto/rand/rand_unix.c.edk2-build openssl-1.1.1g/crypto/rand/rand_unix.c
--- openssl-1.1.1g/crypto/rand/rand_unix.c.edk2-build 2020-05-18 12:56:05.646655554 +0200
+++ openssl-1.1.1g/crypto/rand/rand_unix.c 2020-05-18 12:58:51.088090896 +0200
@@ -20,7 +20,7 @@
#include "crypto/fips.h"
#include <stdio.h>
#include "internal/dso.h"
-#ifdef __linux
+#if defined(__linux) && !defined(OPENSSL_SYS_UEFI)
# include <sys/syscall.h>
# include <sys/random.h>
# ifdef DEVRANDOM_WAIT
diff -up openssl-1.1.1g/include/crypto/fips.h.edk2-build openssl-1.1.1g/include/crypto/fips.h
--- openssl-1.1.1g/include/crypto/fips.h.edk2-build 2020-05-18 12:55:53.296548406 +0200
+++ openssl-1.1.1g/include/crypto/fips.h 2020-05-18 12:55:53.340548788 +0200
@@ -50,10 +50,6 @@
#include <openssl/opensslconf.h>
#include <openssl/evp.h>
-#ifndef OPENSSL_FIPS
-# error FIPS is disabled.
-#endif
-
#ifdef OPENSSL_FIPS
int FIPS_module_mode_set(int onoff);
@@ -97,4 +93,8 @@ void fips_set_selftest_fail(void);
void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
+#else
+
+# define fips_in_post() 0
+
#endif

File diff suppressed because it is too large Load Diff

View File

@ -1,408 +0,0 @@
diff -up openssl-1.1.1g/crypto/rand/build.info.crng-test openssl-1.1.1g/crypto/rand/build.info
--- openssl-1.1.1g/crypto/rand/build.info.crng-test 2020-04-23 13:30:45.863389837 +0200
+++ openssl-1.1.1g/crypto/rand/build.info 2020-04-23 13:31:55.847069892 +0200
@@ -1,6 +1,6 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
- randfile.c rand_lib.c rand_err.c rand_egd.c \
+ randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
INCLUDE[drbg_ctr.o]=../modes
diff -up openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1g/crypto/rand/drbg_lib.c
--- openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test 2020-04-23 13:30:45.818390686 +0200
+++ openssl-1.1.1g/crypto/rand/drbg_lib.c 2020-04-23 13:30:45.864389819 +0200
@@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg;
/* NIST SP 800-90A DRBG recommends the use of a personalization string. */
-static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
+static const char ossl_pers_string[] = DRBG_DEFAULT_PERS_STRING;
static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
@@ -201,8 +201,13 @@ static RAND_DRBG *rand_drbg_new(int secu
drbg->parent = parent;
if (parent == NULL) {
+#ifdef OPENSSL_FIPS
+ drbg->get_entropy = rand_crngt_get_entropy;
+ drbg->cleanup_entropy = rand_crngt_cleanup_entropy;
+#else
drbg->get_entropy = rand_drbg_get_entropy;
drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
+#endif
#ifndef RAND_DRBG_GET_RANDOM_NONCE
drbg->get_nonce = rand_drbg_get_nonce;
drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
diff -up openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1g/crypto/rand/rand_crng_test.c
--- openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test 2020-04-23 13:30:45.864389819 +0200
+++ openssl-1.1.1g/crypto/rand/rand_crng_test.c 2020-04-23 13:30:45.864389819 +0200
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Implementation of the FIPS 140-2 section 4.9.2 Conditional Tests.
+ */
+
+#include <string.h>
+#include <openssl/evp.h>
+#include "crypto/rand.h"
+#include "internal/thread_once.h"
+#include "rand_local.h"
+
+static RAND_POOL *crngt_pool;
+static unsigned char crngt_prev[EVP_MAX_MD_SIZE];
+
+int (*crngt_get_entropy)(unsigned char *, unsigned char *, unsigned int *)
+ = &rand_crngt_get_entropy_cb;
+
+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
+ unsigned int *md_size)
+{
+ int r;
+ size_t n;
+ unsigned char *p;
+
+ n = rand_pool_acquire_entropy(crngt_pool);
+ if (n >= CRNGT_BUFSIZ) {
+ p = rand_pool_detach(crngt_pool);
+ r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
+ if (r != 0)
+ memcpy(buf, p, CRNGT_BUFSIZ);
+ rand_pool_reattach(crngt_pool, p);
+ return r;
+ }
+ return 0;
+}
+
+void rand_crngt_cleanup(void)
+{
+ rand_pool_free(crngt_pool);
+ crngt_pool = NULL;
+}
+
+int rand_crngt_init(void)
+{
+ unsigned char buf[CRNGT_BUFSIZ];
+
+ if ((crngt_pool = rand_pool_new(0, 1, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL)
+ return 0;
+ if (crngt_get_entropy(buf, crngt_prev, NULL)) {
+ OPENSSL_cleanse(buf, sizeof(buf));
+ return 1;
+ }
+ rand_crngt_cleanup();
+ return 0;
+}
+
+static CRYPTO_ONCE rand_crngt_init_flag = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(do_rand_crngt_init)
+{
+ return OPENSSL_init_crypto(0, NULL)
+ && rand_crngt_init()
+ && OPENSSL_atexit(&rand_crngt_cleanup);
+}
+
+int rand_crngt_single_init(void)
+{
+ return RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init);
+}
+
+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
+ unsigned char **pout,
+ int entropy, size_t min_len, size_t max_len,
+ int prediction_resistance)
+{
+ unsigned char buf[CRNGT_BUFSIZ], md[EVP_MAX_MD_SIZE];
+ unsigned int sz;
+ RAND_POOL *pool;
+ size_t q, r = 0, s, t = 0;
+ int attempts = 3;
+
+ if (!RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init))
+ return 0;
+
+ if ((pool = rand_pool_new(entropy, 1, min_len, max_len)) == NULL)
+ return 0;
+
+ while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) {
+ s = q > sizeof(buf) ? sizeof(buf) : q;
+ if (!crngt_get_entropy(buf, md, &sz)
+ || memcmp(crngt_prev, md, sz) == 0
+ || !rand_pool_add(pool, buf, s, s * 8))
+ goto err;
+ memcpy(crngt_prev, md, sz);
+ t += s;
+ attempts++;
+ }
+ r = t;
+ *pout = rand_pool_detach(pool);
+err:
+ OPENSSL_cleanse(buf, sizeof(buf));
+ rand_pool_free(pool);
+ return r;
+}
+
+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
+ unsigned char *out, size_t outlen)
+{
+ OPENSSL_secure_clear_free(out, outlen);
+}
diff -up openssl-1.1.1g/crypto/rand/rand_local.h.crng-test openssl-1.1.1g/crypto/rand/rand_local.h
--- openssl-1.1.1g/crypto/rand/rand_local.h.crng-test 2020-04-23 13:30:45.470397250 +0200
+++ openssl-1.1.1g/crypto/rand/rand_local.h 2020-04-23 13:30:45.864389819 +0200
@@ -33,7 +33,15 @@
# define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */
# define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */
-
+/*
+ * The number of bytes that constitutes an atomic lump of entropy with respect
+ * to the FIPS 140-2 section 4.9.2 Conditional Tests. The size is somewhat
+ * arbitrary, the smaller the value, the less entropy is consumed on first
+ * read but the higher the probability of the test failing by accident.
+ *
+ * The value is in bytes.
+ */
+#define CRNGT_BUFSIZ 16
/*
* Maximum input size for the DRBG (entropy, nonce, personalization string)
@@ -44,6 +52,8 @@
*/
# define DRBG_MAX_LENGTH INT32_MAX
+/* The default nonce */
+# define DRBG_DEFAULT_PERS_STRING "OpenSSL NIST SP 800-90A DRBG"
/*
* Maximum allocation size for RANDOM_POOL buffers
@@ -296,4 +306,22 @@ int rand_drbg_enable_locking(RAND_DRBG *
/* initializes the AES-CTR DRBG implementation */
int drbg_ctr_init(RAND_DRBG *drbg);
+/*
+ * Entropy call back for the FIPS 140-2 section 4.9.2 Conditional Tests.
+ * These need to be exposed for the unit tests.
+ */
+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
+ unsigned int *md_size);
+extern int (*crngt_get_entropy)(unsigned char *buf, unsigned char *md,
+ unsigned int *md_size);
+int rand_crngt_init(void);
+void rand_crngt_cleanup(void);
+
+/*
+ * Expose the run once initialisation function for the unit tests because.
+ * they need to restart from scratch to validate the first block is skipped
+ * properly.
+ */
+int rand_crngt_single_init(void);
+
#endif
diff -up openssl-1.1.1g/include/crypto/rand.h.crng-test openssl-1.1.1g/include/crypto/rand.h
--- openssl-1.1.1g/include/crypto/rand.h.crng-test 2020-04-23 13:30:45.824390573 +0200
+++ openssl-1.1.1g/include/crypto/rand.h 2020-04-23 13:30:45.864389819 +0200
@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN
void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
+/* CRNG test entropy filter callbacks. */
+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
+ unsigned char **pout,
+ int entropy, size_t min_len, size_t max_len,
+ int prediction_resistance);
+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
+ unsigned char *out, size_t outlen);
+
/*
* RAND_POOL functions
*/
diff -up openssl-1.1.1g/test/drbgtest.c.crng-test openssl-1.1.1g/test/drbgtest.c
--- openssl-1.1.1g/test/drbgtest.c.crng-test 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/test/drbgtest.c 2020-04-23 13:30:45.865389800 +0200
@@ -150,6 +150,31 @@ static size_t kat_nonce(RAND_DRBG *drbg,
return t->noncelen;
}
+ /*
+ * Disable CRNG testing if it is enabled.
+ * If the DRBG is ready or in an error state, this means an instantiate cycle
+ * for which the default personalisation string is used.
+ */
+static int disable_crngt(RAND_DRBG *drbg)
+{
+ static const char pers[] = DRBG_DEFAULT_PERS_STRING;
+ const int instantiate = drbg->state != DRBG_UNINITIALISED;
+
+ if (drbg->get_entropy != rand_crngt_get_entropy)
+ return 1;
+
+ if ((instantiate && !RAND_DRBG_uninstantiate(drbg))
+ || !TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_drbg_get_entropy,
+ &rand_drbg_cleanup_entropy,
+ &rand_drbg_get_nonce,
+ &rand_drbg_cleanup_nonce))
+ || (instantiate
+ && !RAND_DRBG_instantiate(drbg, (const unsigned char *)pers,
+ sizeof(pers) - 1)))
+ return 0;
+ return 1;
+}
+
static int uninstantiate(RAND_DRBG *drbg)
{
int ret = drbg == NULL ? 1 : RAND_DRBG_uninstantiate(drbg);
@@ -175,7 +200,8 @@ static int single_kat(DRBG_SELFTEST_DATA
if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL)))
return 0;
if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
- kat_nonce, NULL))) {
+ kat_nonce, NULL))
+ || !TEST_true(disable_crngt(drbg))) {
failures++;
goto err;
}
@@ -293,7 +319,8 @@ static int error_check(DRBG_SELFTEST_DAT
unsigned int reseed_counter_tmp;
int ret = 0;
- if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL)))
+ if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL))
+ || !TEST_true(disable_crngt(drbg)))
goto err;
/*
@@ -740,6 +767,10 @@ static int test_rand_drbg_reseed(void)
|| !TEST_ptr_eq(private->parent, master))
return 0;
+ /* Disable CRNG testing for the master DRBG */
+ if (!TEST_true(disable_crngt(master)))
+ return 0;
+
/* uninstantiate the three global DRBGs */
RAND_DRBG_uninstantiate(private);
RAND_DRBG_uninstantiate(public);
@@ -964,7 +995,8 @@ static int test_rand_seed(void)
size_t rand_buflen;
size_t required_seed_buflen = 0;
- if (!TEST_ptr(master = RAND_DRBG_get0_master()))
+ if (!TEST_ptr(master = RAND_DRBG_get0_master())
+ || !TEST_true(disable_crngt(master)))
return 0;
#ifdef OPENSSL_RAND_SEED_NONE
@@ -1013,6 +1045,95 @@ static int test_rand_add(void)
return 1;
}
+/*
+ * A list of the FIPS DRGB types.
+ */
+static const struct s_drgb_types {
+ int nid;
+ int flags;
+} drgb_types[] = {
+ { NID_aes_128_ctr, 0 },
+ { NID_aes_192_ctr, 0 },
+ { NID_aes_256_ctr, 0 },
+};
+
+/* Six cases for each covers seed sizes up to 32 bytes */
+static const size_t crngt_num_cases = 6;
+
+static size_t crngt_case, crngt_idx;
+
+static int crngt_entropy_cb(unsigned char *buf, unsigned char *md,
+ unsigned int *md_size)
+{
+ size_t i, z;
+
+ if (!TEST_int_lt(crngt_idx, crngt_num_cases))
+ return 0;
+ /* Generate a block of unique data unless this is the duplication point */
+ z = crngt_idx++;
+ if (z > 0 && crngt_case == z)
+ z--;
+ for (i = 0; i < CRNGT_BUFSIZ; i++)
+ buf[i] = (unsigned char)(i + 'A' + z);
+ return EVP_Digest(buf, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
+}
+
+static int test_crngt(int n)
+{
+ const struct s_drgb_types *dt = drgb_types + n / crngt_num_cases;
+ RAND_DRBG *drbg = NULL;
+ unsigned char buff[100];
+ size_t ent;
+ int res = 0;
+ int expect;
+
+ if (!TEST_true(rand_crngt_single_init()))
+ return 0;
+ rand_crngt_cleanup();
+
+ if (!TEST_ptr(drbg = RAND_DRBG_new(dt->nid, dt->flags, NULL)))
+ return 0;
+ ent = (drbg->min_entropylen + CRNGT_BUFSIZ - 1) / CRNGT_BUFSIZ;
+ crngt_case = n % crngt_num_cases;
+ crngt_idx = 0;
+ crngt_get_entropy = &crngt_entropy_cb;
+ if (!TEST_true(rand_crngt_init()))
+ goto err;
+#ifndef OPENSSL_FIPS
+ if (!TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_crngt_get_entropy,
+ &rand_crngt_cleanup_entropy,
+ &rand_drbg_get_nonce,
+ &rand_drbg_cleanup_nonce)))
+ goto err;
+#endif
+ expect = crngt_case == 0 || crngt_case > ent;
+ if (!TEST_int_eq(RAND_DRBG_instantiate(drbg, NULL, 0), expect))
+ goto err;
+ if (!expect)
+ goto fin;
+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
+ goto err;
+
+ expect = crngt_case == 0 || crngt_case > 2 * ent;
+ if (!TEST_int_eq(RAND_DRBG_reseed(drbg, NULL, 0, 0), expect))
+ goto err;
+ if (!expect)
+ goto fin;
+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
+ goto err;
+
+fin:
+ res = 1;
+err:
+ if (!res)
+ TEST_note("DRBG %zd case %zd block %zd", n / crngt_num_cases,
+ crngt_case, crngt_idx);
+ uninstantiate(drbg);
+ RAND_DRBG_free(drbg);
+ crngt_get_entropy = &rand_crngt_get_entropy_cb;
+ return res;
+}
+
int setup_tests(void)
{
app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
@@ -1025,5 +1146,6 @@ int setup_tests(void)
#if defined(OPENSSL_THREADS)
ADD_TEST(test_multi_thread);
#endif
+ ADD_ALL_TESTS(test_crngt, crngt_num_cases * OSSL_NELEM(drgb_types));
return 1;
}

View File

@ -1,200 +0,0 @@
diff -up openssl-1.1.1g/crypto/ec/ec_curve.c.fips-curves openssl-1.1.1g/crypto/ec/ec_curve.c
--- openssl-1.1.1g/crypto/ec/ec_curve.c.fips-curves 2020-05-18 12:59:54.839643980 +0200
+++ openssl-1.1.1g/crypto/ec/ec_curve.c 2020-05-18 12:59:54.852644093 +0200
@@ -13,6 +13,7 @@
#include <openssl/err.h>
#include <openssl/obj_mac.h>
#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
#include "internal/nelem.h"
typedef struct {
@@ -237,6 +238,7 @@ static const struct {
typedef struct _ec_list_element_st {
int nid;
+ int fips_allowed;
const EC_CURVE_DATA *data;
const EC_METHOD *(*meth) (void);
const char *comment;
@@ -246,23 +248,23 @@ static const ec_list_element curve_list[
/* prime field curves */
/* secg curves */
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
- {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
+ {NID_secp224r1, 1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
"NIST/SECG curve over a 224 bit prime field"},
#else
- {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
+ {NID_secp224r1, 1, &_EC_NIST_PRIME_224.h, 0,
"NIST/SECG curve over a 224 bit prime field"},
#endif
- {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
+ {NID_secp256k1, 0, &_EC_SECG_PRIME_256K1.h, 0,
"SECG curve over a 256 bit prime field"},
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
- {NID_secp384r1, &_EC_NIST_PRIME_384.h,
+ {NID_secp384r1, 1, &_EC_NIST_PRIME_384.h,
# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp384_method,
# else
0,
# endif
"NIST/SECG curve over a 384 bit prime field"},
- {NID_secp521r1, &_EC_NIST_PRIME_521.h,
+ {NID_secp521r1, 1, &_EC_NIST_PRIME_521.h,
# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp521_method,
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
@@ -272,7 +274,7 @@ static const ec_list_element curve_list[
# endif
"NIST/SECG curve over a 521 bit prime field"},
/* X9.62 curves */
- {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
+ {NID_X9_62_prime256v1, 1, &_EC_X9_62_PRIME_256V1.h,
#if defined(ECP_NISTZ256_ASM)
EC_GFp_nistz256_method,
# elif defined(S390X_EC_ASM)
@@ -404,6 +406,10 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int
for (i = 0; i < curve_list_length; i++)
if (curve_list[i].nid == nid) {
+ if (!curve_list[i].fips_allowed && FIPS_mode()) {
+ ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_NOT_A_NIST_PRIME);
+ return NULL;
+ }
ret = ec_group_new_from_data(curve_list[i]);
break;
}
@@ -418,19 +424,31 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int
size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
{
- size_t i, min;
+ size_t i, j, num;
+ int fips_mode = FIPS_mode();
- if (r == NULL || nitems == 0)
- return curve_list_length;
+ num = curve_list_length;
+ if (fips_mode)
+ for (i = 0; i < curve_list_length; i++) {
+ if (!curve_list[i].fips_allowed)
+ --num;
+ }
- min = nitems < curve_list_length ? nitems : curve_list_length;
+ if (r == NULL || nitems == 0) {
+ return num;
+ }
- for (i = 0; i < min; i++) {
- r[i].nid = curve_list[i].nid;
- r[i].comment = curve_list[i].comment;
+ for (i = 0, j = 0; i < curve_list_length; i++) {
+ if (j >= nitems)
+ break;
+ if (!fips_mode || curve_list[i].fips_allowed) {
+ r[j].nid = curve_list[i].nid;
+ r[j].comment = curve_list[i].comment;
+ ++j;
+ }
}
- return curve_list_length;
+ return num;
}
/* Functions to translate between common NIST curve names and NIDs */
diff -up openssl-1.1.1g/ssl/t1_lib.c.fips-curves openssl-1.1.1g/ssl/t1_lib.c
--- openssl-1.1.1g/ssl/t1_lib.c.fips-curves 2020-05-18 12:59:54.797643616 +0200
+++ openssl-1.1.1g/ssl/t1_lib.c 2020-05-18 13:03:54.748725463 +0200
@@ -678,6 +678,36 @@ static const uint16_t tls12_sigalgs[] =
#endif
};
+static const uint16_t tls12_fips_sigalgs[] = {
+#ifndef OPENSSL_NO_EC
+ TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
+ TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
+ TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
+#endif
+
+ TLSEXT_SIGALG_rsa_pss_pss_sha256,
+ TLSEXT_SIGALG_rsa_pss_pss_sha384,
+ TLSEXT_SIGALG_rsa_pss_pss_sha512,
+ TLSEXT_SIGALG_rsa_pss_rsae_sha256,
+ TLSEXT_SIGALG_rsa_pss_rsae_sha384,
+ TLSEXT_SIGALG_rsa_pss_rsae_sha512,
+
+ TLSEXT_SIGALG_rsa_pkcs1_sha256,
+ TLSEXT_SIGALG_rsa_pkcs1_sha384,
+ TLSEXT_SIGALG_rsa_pkcs1_sha512,
+
+#ifndef OPENSSL_NO_EC
+ TLSEXT_SIGALG_ecdsa_sha224,
+#endif
+ TLSEXT_SIGALG_rsa_pkcs1_sha224,
+#ifndef OPENSSL_NO_DSA
+ TLSEXT_SIGALG_dsa_sha224,
+ TLSEXT_SIGALG_dsa_sha256,
+ TLSEXT_SIGALG_dsa_sha384,
+ TLSEXT_SIGALG_dsa_sha512,
+#endif
+};
+
#ifndef OPENSSL_NO_EC
static const uint16_t suiteb_sigalgs[] = {
TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
@@ -894,6 +924,8 @@ static const SIGALG_LOOKUP *tls1_get_leg
}
if (idx < 0 || idx >= (int)OSSL_NELEM(tls_default_sigalg))
return NULL;
+ if (FIPS_mode()) /* We do not allow legacy SHA1 signatures in FIPS mode */
+ return NULL;
if (SSL_USE_SIGALGS(s) || idx != SSL_PKEY_RSA) {
const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(tls_default_sigalg[idx]);
@@ -954,6 +986,9 @@ size_t tls12_get_psigalgs(SSL *s, int se
} else if (s->cert->conf_sigalgs) {
*psigs = s->cert->conf_sigalgs;
return s->cert->conf_sigalgslen;
+ } else if (FIPS_mode()) {
+ *psigs = tls12_fips_sigalgs;
+ return OSSL_NELEM(tls12_fips_sigalgs);
} else {
*psigs = tls12_sigalgs;
return OSSL_NELEM(tls12_sigalgs);
@@ -973,6 +1008,9 @@ int tls_check_sigalg_curve(const SSL *s,
if (s->cert->conf_sigalgs) {
sigs = s->cert->conf_sigalgs;
siglen = s->cert->conf_sigalgslen;
+ } else if (FIPS_mode()) {
+ sigs = tls12_fips_sigalgs;
+ siglen = OSSL_NELEM(tls12_fips_sigalgs);
} else {
sigs = tls12_sigalgs;
siglen = OSSL_NELEM(tls12_sigalgs);
@@ -1617,6 +1655,8 @@ static int tls12_sigalg_allowed(const SS
if (lu->sig == NID_id_GostR3410_2012_256
|| lu->sig == NID_id_GostR3410_2012_512
|| lu->sig == NID_id_GostR3410_2001) {
+ if (FIPS_mode())
+ return 0;
/* We never allow GOST sig algs on the server with TLSv1.3 */
if (s->server && SSL_IS_TLS13(s))
return 0;
@@ -2842,6 +2882,13 @@ int tls_choose_sigalg(SSL *s, int fatale
const uint16_t *sent_sigs;
size_t sent_sigslen;
+ if (fatalerrs && FIPS_mode()) {
+ /* There are no suitable legacy algorithms in FIPS mode */
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_CHOOSE_SIGALG,
+ SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+ return 0;
+ }
if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
if (!fatalerrs)
return 1;

File diff suppressed because it is too large Load Diff

View File

@ -1,587 +0,0 @@
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest openssl-1.1.1g/crypto/fips/fips_post.c
--- openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest 2020-04-23 13:33:12.500624151 +0200
+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-04-23 13:33:12.618621925 +0200
@@ -67,12 +67,18 @@
# include <openssl/fips.h>
# include "crypto/fips.h"
+# include "crypto/rand.h"
# include "fips_locl.h"
/* Run all selftests */
int FIPS_selftest(void)
{
int rv = 1;
+ if (!rand_drbg_selftest()) {
+ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_TEST_FAILURE);
+ ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
+ rv = 0;
+ }
if (!FIPS_selftest_drbg())
rv = 0;
if (!FIPS_selftest_sha1())
diff -up openssl-1.1.1g/crypto/rand/build.info.drbg-selftest openssl-1.1.1g/crypto/rand/build.info
--- openssl-1.1.1g/crypto/rand/build.info.drbg-selftest 2020-04-23 13:33:12.619621907 +0200
+++ openssl-1.1.1g/crypto/rand/build.info 2020-04-23 13:34:10.857523497 +0200
@@ -1,6 +1,6 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
- rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
+ rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c drbg_selftest.c
INCLUDE[drbg_ctr.o]=../modes
diff -up openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest openssl-1.1.1g/crypto/rand/drbg_selftest.c
--- openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest 2020-04-23 13:33:12.619621907 +0200
+++ openssl-1.1.1g/crypto/rand/drbg_selftest.c 2020-04-23 13:33:12.619621907 +0200
@@ -0,0 +1,537 @@
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <stddef.h>
+#include "internal/nelem.h"
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand_drbg.h>
+#include <openssl/obj_mac.h>
+#include "internal/thread_once.h"
+#include "crypto/rand.h"
+
+typedef struct test_ctx_st {
+ const unsigned char *entropy;
+ size_t entropylen;
+ int entropycnt;
+ const unsigned char *nonce;
+ size_t noncelen;
+ int noncecnt;
+} TEST_CTX;
+
+static int app_data_index = -1;
+static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(drbg_app_data_index_init)
+{
+ app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
+
+ return 1;
+}
+
+enum drbg_kat_type {
+ NO_RESEED,
+ PR_FALSE,
+ PR_TRUE
+};
+
+enum drbg_df {
+ USE_DF,
+ NO_DF,
+ NA
+};
+
+struct drbg_kat_no_reseed {
+ size_t count;
+ const unsigned char *entropyin;
+ const unsigned char *nonce;
+ const unsigned char *persstr;
+ const unsigned char *addin1;
+ const unsigned char *addin2;
+ const unsigned char *retbytes;
+};
+
+struct drbg_kat_pr_false {
+ size_t count;
+ const unsigned char *entropyin;
+ const unsigned char *nonce;
+ const unsigned char *persstr;
+ const unsigned char *entropyinreseed;
+ const unsigned char *addinreseed;
+ const unsigned char *addin1;
+ const unsigned char *addin2;
+ const unsigned char *retbytes;
+};
+
+struct drbg_kat_pr_true {
+ size_t count;
+ const unsigned char *entropyin;
+ const unsigned char *nonce;
+ const unsigned char *persstr;
+ const unsigned char *entropyinpr1;
+ const unsigned char *addin1;
+ const unsigned char *entropyinpr2;
+ const unsigned char *addin2;
+ const unsigned char *retbytes;
+};
+
+struct drbg_kat {
+ enum drbg_kat_type type;
+ enum drbg_df df;
+ int nid;
+
+ size_t entropyinlen;
+ size_t noncelen;
+ size_t persstrlen;
+ size_t addinlen;
+ size_t retbyteslen;
+
+ const void *t;
+};
+
+/*
+ * Excerpt from test/drbg_cavs_data.c
+ * DRBG test vectors from:
+ * https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/
+ */
+
+static const unsigned char kat1308_entropyin[] = {
+ 0x7c, 0x5d, 0x90, 0x70, 0x3b, 0x8a, 0xc7, 0x0f, 0x23, 0x73, 0x24, 0x9c,
+ 0xa7, 0x15, 0x41, 0x71, 0x7a, 0x31, 0xea, 0x32, 0xfc, 0x28, 0x0d, 0xd7,
+ 0x5b, 0x09, 0x01, 0x98, 0x1b, 0xe2, 0xa5, 0x53, 0xd9, 0x05, 0x32, 0x97,
+ 0xec, 0xbe, 0x86, 0xfd, 0x1c, 0x1c, 0x71, 0x4c, 0x52, 0x29, 0x9e, 0x52,
+};
+static const unsigned char kat1308_nonce[] = {0};
+static const unsigned char kat1308_persstr[] = {
+ 0xdc, 0x07, 0x2f, 0x68, 0xfa, 0x77, 0x03, 0x23, 0x42, 0xb0, 0xf5, 0xa2,
+ 0xd9, 0xad, 0xa1, 0xd0, 0xad, 0xa2, 0x14, 0xb4, 0xd0, 0x8e, 0xfb, 0x39,
+ 0xdd, 0xc2, 0xac, 0xfb, 0x98, 0xdf, 0x7f, 0xce, 0x4c, 0x75, 0x56, 0x45,
+ 0xcd, 0x86, 0x93, 0x74, 0x90, 0x6e, 0xf6, 0x9e, 0x85, 0x7e, 0xfb, 0xc3,
+};
+static const unsigned char kat1308_addin0[] = {
+ 0x52, 0x25, 0xc4, 0x2f, 0x03, 0xce, 0x29, 0x71, 0xc5, 0x0b, 0xc3, 0x4e,
+ 0xad, 0x8d, 0x6f, 0x17, 0x82, 0xe1, 0xf3, 0xfd, 0xfd, 0x9b, 0x94, 0x9a,
+ 0x1d, 0xac, 0xd0, 0xd4, 0x3f, 0x2b, 0xe3, 0xab, 0x7c, 0x3d, 0x3e, 0x5a,
+ 0x68, 0xbb, 0xa4, 0x74, 0x68, 0x1a, 0xc6, 0x27, 0xff, 0xe0, 0xc0, 0x6c,
+};
+static const unsigned char kat1308_addin1[] = {
+ 0xdc, 0x91, 0xd7, 0xb7, 0xb9, 0x94, 0x79, 0x0f, 0x06, 0xc4, 0x70, 0x19,
+ 0x33, 0x25, 0x7c, 0x96, 0x01, 0xa0, 0x62, 0xb0, 0x50, 0xe6, 0xc0, 0x3a,
+ 0x56, 0x8f, 0xc5, 0x50, 0x48, 0xc6, 0xf4, 0x49, 0xe5, 0x70, 0x16, 0x2e,
+ 0xae, 0xf2, 0x99, 0xb4, 0x2d, 0x70, 0x18, 0x16, 0xcd, 0xe0, 0x24, 0xe4,
+};
+static const unsigned char kat1308_retbits[] = {
+ 0xde, 0xf8, 0x91, 0x1b, 0xf1, 0xe1, 0xa9, 0x97, 0xd8, 0x61, 0x84, 0xe2,
+ 0xdb, 0x83, 0x3e, 0x60, 0x45, 0xcd, 0xc8, 0x66, 0x93, 0x28, 0xc8, 0x92,
+ 0xbc, 0x25, 0xae, 0xe8, 0xb0, 0xed, 0xed, 0x16, 0x3d, 0xa5, 0xf9, 0x0f,
+ 0xb3, 0x72, 0x08, 0x84, 0xac, 0x3c, 0x3b, 0xaa, 0x5f, 0xf9, 0x7d, 0x63,
+ 0x3e, 0xde, 0x59, 0x37, 0x0e, 0x40, 0x12, 0x2b, 0xbc, 0x6c, 0x96, 0x53,
+ 0x26, 0x32, 0xd0, 0xb8,
+};
+static const struct drbg_kat_no_reseed kat1308_t = {
+ 2, kat1308_entropyin, kat1308_nonce, kat1308_persstr,
+ kat1308_addin0, kat1308_addin1, kat1308_retbits
+};
+static const struct drbg_kat kat1308 = {
+ NO_RESEED, NO_DF, NID_aes_256_ctr, 48, 0, 48, 48, 64, &kat1308_t
+};
+
+static const unsigned char kat1465_entropyin[] = {
+ 0xc9, 0x96, 0x3a, 0x15, 0x51, 0x76, 0x4f, 0xe0, 0x45, 0x82, 0x8a, 0x64,
+ 0x87, 0xbe, 0xaa, 0xc0,
+};
+static const unsigned char kat1465_nonce[] = {
+ 0x08, 0xcd, 0x69, 0x39, 0xf8, 0x58, 0x9a, 0x85,
+};
+static const unsigned char kat1465_persstr[] = {0};
+static const unsigned char kat1465_entropyinreseed[] = {
+ 0x16, 0xcc, 0x35, 0x15, 0xb1, 0x17, 0xf5, 0x33, 0x80, 0x9a, 0x80, 0xc5,
+ 0x1f, 0x4b, 0x7b, 0x51,
+};
+static const unsigned char kat1465_addinreseed[] = {
+ 0xf5, 0x3d, 0xf1, 0x2e, 0xdb, 0x28, 0x1c, 0x00, 0x7b, 0xcb, 0xb6, 0x12,
+ 0x61, 0x9f, 0x26, 0x5f,
+};
+static const unsigned char kat1465_addin0[] = {
+ 0xe2, 0x67, 0x06, 0x62, 0x09, 0xa7, 0xcf, 0xd6, 0x84, 0x8c, 0x20, 0xf6,
+ 0x10, 0x5a, 0x73, 0x9c,
+};
+static const unsigned char kat1465_addin1[] = {
+ 0x26, 0xfa, 0x50, 0xe1, 0xb3, 0xcb, 0x65, 0xed, 0xbc, 0x6d, 0xda, 0x18,
+ 0x47, 0x99, 0x1f, 0xeb,
+};
+static const unsigned char kat1465_retbits[] = {
+ 0xf9, 0x47, 0xc6, 0xb0, 0x58, 0xa8, 0x66, 0x8a, 0xf5, 0x2b, 0x2a, 0x6d,
+ 0x4e, 0x24, 0x6f, 0x65, 0xbf, 0x51, 0x22, 0xbf, 0xe8, 0x8d, 0x6c, 0xeb,
+ 0xf9, 0x68, 0x7f, 0xed, 0x3b, 0xdd, 0x6b, 0xd5, 0x28, 0x47, 0x56, 0x52,
+ 0xda, 0x50, 0xf0, 0x90, 0x73, 0x95, 0x06, 0x58, 0xaf, 0x08, 0x98, 0x6e,
+ 0x24, 0x18, 0xfd, 0x2f, 0x48, 0x72, 0x57, 0xd6, 0x59, 0xab, 0xe9, 0x41,
+ 0x58, 0xdb, 0x27, 0xba,
+};
+static const struct drbg_kat_pr_false kat1465_t = {
+ 9, kat1465_entropyin, kat1465_nonce, kat1465_persstr,
+ kat1465_entropyinreseed, kat1465_addinreseed, kat1465_addin0,
+ kat1465_addin1, kat1465_retbits
+};
+static const struct drbg_kat kat1465 = {
+ PR_FALSE, USE_DF, NID_aes_128_ctr, 16, 8, 0, 16, 64, &kat1465_t
+};
+
+static const unsigned char kat3146_entropyin[] = {
+ 0xd7, 0x08, 0x42, 0x82, 0xc2, 0xd2, 0xd1, 0xde, 0x01, 0xb4, 0x36, 0xb3,
+ 0x7f, 0xbd, 0xd3, 0xdd, 0xb3, 0xc4, 0x31, 0x4f, 0x8f, 0xa7, 0x10, 0xf4,
+};
+static const unsigned char kat3146_nonce[] = {
+ 0x7b, 0x9e, 0xcd, 0x49, 0x4f, 0x46, 0xa0, 0x08, 0x32, 0xff, 0x2e, 0xc3,
+ 0x50, 0x86, 0xca, 0xca,
+};
+static const unsigned char kat3146_persstr[] = {0};
+static const unsigned char kat3146_entropyinpr1[] = {
+ 0x68, 0xd0, 0x7b, 0xa4, 0xe7, 0x22, 0x19, 0xe6, 0xb6, 0x46, 0x6a, 0xda,
+ 0x8e, 0x67, 0xea, 0x63, 0x3f, 0xaf, 0x2f, 0x6c, 0x9d, 0x5e, 0x48, 0x15,
+};
+static const unsigned char kat3146_addinpr1[] = {
+ 0x70, 0x0f, 0x54, 0xf4, 0x53, 0xde, 0xca, 0x61, 0x5c, 0x49, 0x51, 0xd1,
+ 0x41, 0xc4, 0xf1, 0x2f, 0x65, 0xfb, 0x7e, 0xbc, 0x9b, 0x14, 0xba, 0x90,
+ 0x05, 0x33, 0x7e, 0x64, 0xb7, 0x2b, 0xaf, 0x99,
+};
+static const unsigned char kat3146_entropyinpr2[] = {
+ 0xeb, 0x77, 0xb0, 0xe9, 0x2d, 0x31, 0xc8, 0x66, 0xc5, 0xc4, 0xa7, 0xf7,
+ 0x6c, 0xb2, 0x74, 0x36, 0x4b, 0x25, 0x78, 0x04, 0xd8, 0xd7, 0xd2, 0x34,
+};
+static const unsigned char kat3146_addinpr2[] = {
+ 0x05, 0xcd, 0x2a, 0x97, 0x5a, 0x5d, 0xfb, 0x98, 0xc1, 0xf1, 0x00, 0x0c,
+ 0xed, 0xe6, 0x2a, 0xba, 0xf0, 0x89, 0x1f, 0x5a, 0x4f, 0xd7, 0x48, 0xb3,
+ 0x24, 0xc0, 0x8a, 0x3d, 0x60, 0x59, 0x5d, 0xb6,
+};
+static const unsigned char kat3146_retbits[] = {
+ 0x29, 0x94, 0xa4, 0xa8, 0x17, 0x3e, 0x62, 0x2f, 0x94, 0xdd, 0x40, 0x1f,
+ 0xe3, 0x7e, 0x77, 0xd4, 0x38, 0xbc, 0x0e, 0x49, 0x46, 0xf6, 0x0e, 0x28,
+ 0x91, 0xc6, 0x9c, 0xc4, 0xa6, 0xa1, 0xf8, 0x9a, 0x64, 0x5e, 0x99, 0x76,
+ 0xd0, 0x2d, 0xee, 0xde, 0xe1, 0x2c, 0x93, 0x29, 0x4b, 0x12, 0xcf, 0x87,
+ 0x03, 0x98, 0xb9, 0x74, 0x41, 0xdb, 0x3a, 0x49, 0x9f, 0x92, 0xd0, 0x45,
+ 0xd4, 0x30, 0x73, 0xbb,
+};
+static const struct drbg_kat_pr_true kat3146_t = {
+ 10, kat3146_entropyin, kat3146_nonce, kat3146_persstr,
+ kat3146_entropyinpr1, kat3146_addinpr1, kat3146_entropyinpr2,
+ kat3146_addinpr2, kat3146_retbits
+};
+static const struct drbg_kat kat3146 = {
+ PR_TRUE, USE_DF, NID_aes_192_ctr, 24, 16, 0, 32, 64, &kat3146_t
+};
+
+static const struct drbg_kat *drbg_test[] = { &kat1308, &kat1465, &kat3146 };
+
+static const size_t drbg_test_nelem = OSSL_NELEM(drbg_test);
+
+static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout,
+ int entropy, size_t min_len, size_t max_len,
+ int prediction_resistance)
+{
+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
+
+ t->entropycnt++;
+ *pout = (unsigned char *)t->entropy;
+ return t->entropylen;
+}
+
+static size_t kat_nonce(RAND_DRBG *drbg, unsigned char **pout,
+ int entropy, size_t min_len, size_t max_len)
+{
+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
+
+ t->noncecnt++;
+ *pout = (unsigned char *)t->nonce;
+ return t->noncelen;
+}
+
+/*
+ * Do a single NO_RESEED KAT:
+ *
+ * Instantiate
+ * Generate Random Bits (pr=false)
+ * Generate Random Bits (pr=false)
+ * Uninstantiate
+ *
+ * Return 0 on failure.
+ */
+static int single_kat_no_reseed(const struct drbg_kat *td)
+{
+ struct drbg_kat_no_reseed *data = (struct drbg_kat_no_reseed *)td->t;
+ RAND_DRBG *drbg = NULL;
+ unsigned char *buff = NULL;
+ unsigned int flags = 0;
+ int failures = 0;
+ TEST_CTX t;
+
+ if (td->df != USE_DF)
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
+
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
+ return 0;
+
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
+ kat_nonce, NULL)) {
+ failures++;
+ goto err;
+ }
+ memset(&t, 0, sizeof(t));
+ t.entropy = data->entropyin;
+ t.entropylen = td->entropyinlen;
+ t.nonce = data->nonce;
+ t.noncelen = td->noncelen;
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
+
+ buff = OPENSSL_malloc(td->retbyteslen);
+ if (buff == NULL) {
+ failures++;
+ goto err;
+ }
+
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
+ data->addin1, td->addinlen)
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
+ data->addin2, td->addinlen)
+ || memcmp(data->retbytes, buff,
+ td->retbyteslen) != 0)
+ failures++;
+
+err:
+ OPENSSL_free(buff);
+ RAND_DRBG_uninstantiate(drbg);
+ RAND_DRBG_free(drbg);
+ return failures == 0;
+}
+
+/*-
+ * Do a single PR_FALSE KAT:
+ *
+ * Instantiate
+ * Reseed
+ * Generate Random Bits (pr=false)
+ * Generate Random Bits (pr=false)
+ * Uninstantiate
+ *
+ * Return 0 on failure.
+ */
+static int single_kat_pr_false(const struct drbg_kat *td)
+{
+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
+ RAND_DRBG *drbg = NULL;
+ unsigned char *buff = NULL;
+ unsigned int flags = 0;
+ int failures = 0;
+ TEST_CTX t;
+
+ if (td->df != USE_DF)
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
+
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
+ return 0;
+
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
+ kat_nonce, NULL)) {
+ failures++;
+ goto err;
+ }
+ memset(&t, 0, sizeof(t));
+ t.entropy = data->entropyin;
+ t.entropylen = td->entropyinlen;
+ t.nonce = data->nonce;
+ t.noncelen = td->noncelen;
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
+
+ buff = OPENSSL_malloc(td->retbyteslen);
+ if (buff == NULL) {
+ failures++;
+ goto err;
+ }
+
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
+ failures++;
+
+ t.entropy = data->entropyinreseed;
+ t.entropylen = td->entropyinlen;
+
+ if (!RAND_DRBG_reseed(drbg, data->addinreseed, td->addinlen, 0)
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
+ data->addin1, td->addinlen)
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
+ data->addin2, td->addinlen)
+ || memcmp(data->retbytes, buff,
+ td->retbyteslen) != 0)
+ failures++;
+
+err:
+ OPENSSL_free(buff);
+ RAND_DRBG_uninstantiate(drbg);
+ RAND_DRBG_free(drbg);
+ return failures == 0;
+}
+
+/*-
+ * Do a single PR_TRUE KAT:
+ *
+ * Instantiate
+ * Generate Random Bits (pr=true)
+ * Generate Random Bits (pr=true)
+ * Uninstantiate
+ *
+ * Return 0 on failure.
+ */
+static int single_kat_pr_true(const struct drbg_kat *td)
+{
+ struct drbg_kat_pr_true *data = (struct drbg_kat_pr_true *)td->t;
+ RAND_DRBG *drbg = NULL;
+ unsigned char *buff = NULL;
+ unsigned int flags = 0;
+ int failures = 0;
+ TEST_CTX t;
+
+ if (td->df != USE_DF)
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
+
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
+ return 0;
+
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
+ kat_nonce, NULL)) {
+ failures++;
+ goto err;
+ }
+ memset(&t, 0, sizeof(t));
+ t.nonce = data->nonce;
+ t.noncelen = td->noncelen;
+ t.entropy = data->entropyin;
+ t.entropylen = td->entropyinlen;
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
+
+ buff = OPENSSL_malloc(td->retbyteslen);
+ if (buff == NULL) {
+ failures++;
+ goto err;
+ }
+
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
+ failures++;
+
+ t.entropy = data->entropyinpr1;
+ t.entropylen = td->entropyinlen;
+
+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
+ data->addin1, td->addinlen))
+ failures++;
+
+ t.entropy = data->entropyinpr2;
+ t.entropylen = td->entropyinlen;
+
+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
+ data->addin2, td->addinlen)
+ || memcmp(data->retbytes, buff,
+ td->retbyteslen) != 0)
+ failures++;
+
+err:
+ OPENSSL_free(buff);
+ RAND_DRBG_uninstantiate(drbg);
+ RAND_DRBG_free(drbg);
+ return failures == 0;
+}
+
+static int test_kats(int i)
+{
+ const struct drbg_kat *td = drbg_test[i];
+ int rv = 0;
+
+ switch (td->type) {
+ case NO_RESEED:
+ if (!single_kat_no_reseed(td))
+ goto err;
+ break;
+ case PR_FALSE:
+ if (!single_kat_pr_false(td))
+ goto err;
+ break;
+ case PR_TRUE:
+ if (!single_kat_pr_true(td))
+ goto err;
+ break;
+ default: /* cant happen */
+ goto err;
+ }
+ rv = 1;
+err:
+ return rv;
+}
+
+/*-
+ * Do one expected-error test:
+ *
+ * Instantiate with no entropy supplied
+ *
+ * Return 0 on failure.
+ */
+static int test_drbg_sanity(const struct drbg_kat *td)
+{
+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
+ RAND_DRBG *drbg = NULL;
+ unsigned int flags = 0;
+ int failures = 0;
+ TEST_CTX t;
+
+ if (td->df != USE_DF)
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
+
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
+ return 0;
+
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
+ kat_nonce, NULL)) {
+ failures++;
+ goto err;
+ }
+ memset(&t, 0, sizeof(t));
+ t.entropy = data->entropyin;
+ t.entropylen = 0; /* No entropy */
+ t.nonce = data->nonce;
+ t.noncelen = td->noncelen;
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
+
+ ERR_set_mark();
+ /* This must fail. */
+ if (RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
+ failures++;
+ RAND_DRBG_uninstantiate(drbg);
+ ERR_pop_to_mark();
+
+err:
+ RAND_DRBG_free(drbg);
+ return failures == 0;
+}
+
+
+int rand_drbg_selftest(void)
+{
+ int i;
+
+ if (!RUN_ONCE(&get_index_once, drbg_app_data_index_init))
+ return 0;
+
+ for (i = 0; i < drbg_test_nelem; i++) {
+ if (test_kats(i) <= 0)
+ return 0;
+ }
+
+ if (test_drbg_sanity(&kat1465) <= 0)
+ return 0;
+
+ return 1;
+}
diff -up openssl-1.1.1g/include/crypto/rand.h.drbg-selftest openssl-1.1.1g/include/crypto/rand.h
--- openssl-1.1.1g/include/crypto/rand.h.drbg-selftest 2020-04-23 13:33:12.587622510 +0200
+++ openssl-1.1.1g/include/crypto/rand.h 2020-04-23 13:33:12.619621907 +0200
@@ -140,4 +140,9 @@ void rand_pool_cleanup(void);
*/
void rand_pool_keep_random_devices_open(int keep);
+/*
+ * Perform the DRBG KAT selftests
+ */
+int rand_drbg_selftest(void);
+
#endif

View File

@ -1,189 +0,0 @@
diff -up openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand openssl-1.1.1i/crypto/fips/fips.c
--- openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand 2020-12-09 10:26:41.634106328 +0100
+++ openssl-1.1.1i/crypto/fips/fips.c 2020-12-09 10:26:41.652106475 +0100
@@ -68,6 +68,7 @@
# include <openssl/fips.h>
# include "internal/thread_once.h"
+# include "crypto/rand.h"
# ifndef PATH_MAX
# define PATH_MAX 1024
@@ -76,6 +77,7 @@
static int fips_selftest_fail = 0;
static int fips_mode = 0;
static int fips_started = 0;
+static int fips_post = 0;
static int fips_is_owning_thread(void);
static int fips_set_owning_thread(void);
@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void)
fips_selftest_fail = 1;
}
+int fips_in_post(void)
+{
+ return fips_post;
+}
+
/* we implement what libfipscheck does ourselves */
static int
@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff)
}
# endif
+ fips_post = 1;
+
if (!FIPS_selftest()) {
fips_selftest_fail = 1;
ret = 0;
@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff)
goto end;
}
+ fips_post = 0;
+
fips_set_mode(onoff);
+ /* force RNG reseed with entropy from getrandom() on next call */
+ rand_force_reseed();
+
ret = 1;
goto end;
}
diff -up openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1i/crypto/rand/drbg_lib.c
--- openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand 2020-12-08 14:20:59.000000000 +0100
+++ openssl-1.1.1i/crypto/rand/drbg_lib.c 2020-12-09 10:26:41.652106475 +0100
@@ -1005,6 +1005,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
return min_entropy > min_entropylen ? min_entropy : min_entropylen;
}
+void rand_force_reseed(void)
+{
+ RAND_DRBG *drbg;
+
+ drbg = RAND_DRBG_get0_master();
+ drbg->fork_id = 0;
+
+ drbg = RAND_DRBG_get0_private();
+ drbg->fork_id = 0;
+
+ drbg = RAND_DRBG_get0_public();
+ drbg->fork_id = 0;
+}
+
/* Implements the default OpenSSL RAND_add() method */
static int drbg_add(const void *buf, int num, double randomness)
{
diff -up openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1i/crypto/rand/rand_unix.c
--- openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand 2020-12-08 14:20:59.000000000 +0100
+++ openssl-1.1.1i/crypto/rand/rand_unix.c 2020-12-09 10:36:59.531221903 +0100
@@ -17,10 +17,12 @@
#include <openssl/crypto.h>
#include "rand_local.h"
#include "crypto/rand.h"
+#include "crypto/fips.h"
#include <stdio.h>
#include "internal/dso.h"
#ifdef __linux
# include <sys/syscall.h>
+# include <sys/random.h>
# ifdef DEVRANDOM_WAIT
# include <sys/shm.h>
# include <sys/utsname.h>
@@ -344,7 +346,7 @@ static ssize_t sysctl_random(char *buf,
* syscall_random(): Try to get random data using a system call
* returns the number of bytes returned in buf, or < 0 on error.
*/
-static ssize_t syscall_random(void *buf, size_t buflen)
+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock)
{
/*
* Note: 'buflen' equals the size of the buffer which is used by the
@@ -369,6 +371,7 @@ static ssize_t syscall_random(void *buf,
* Note: Sometimes getentropy() can be provided but not implemented
* internally. So we need to check errno for ENOSYS
*/
+# if 0
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
@@ -394,10 +397,10 @@ static ssize_t syscall_random(void *buf,
if (p_getentropy.p != NULL)
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
# endif
-
+# endif
/* Linux supports this since version 3.17 */
-# if defined(__linux) && defined(__NR_getrandom)
- return syscall(__NR_getrandom, buf, buflen, 0);
+# if defined(__linux) && defined(SYS_getrandom)
+ return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
return sysctl_random(buf, buflen);
# else
@@ -633,6 +636,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
size_t entropy_available;
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
+ int in_post;
+
+ for (in_post = fips_in_post(); in_post >= 0; --in_post) {
{
size_t bytes_needed;
unsigned char *buffer;
@@ -643,7 +649,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
while (bytes_needed != 0 && attempts-- > 0) {
buffer = rand_pool_add_begin(pool, bytes_needed);
- bytes = syscall_random(buffer, bytes_needed);
+ bytes = syscall_random(buffer, bytes_needed, in_post);
if (bytes > 0) {
rand_pool_add_end(pool, bytes, 8 * bytes);
bytes_needed -= bytes;
@@ -678,8 +684,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
int attempts = 3;
const int fd = get_random_device(i);
- if (fd == -1)
+ if (fd == -1) {
+ OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]);
continue;
+ }
while (bytes_needed != 0 && attempts-- > 0) {
buffer = rand_pool_add_begin(pool, bytes_needed);
@@ -742,7 +750,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
return entropy_available;
}
# endif
-
+# ifdef OPENSSL_RAND_SEED_GETRANDOM
+ }
+# endif
return rand_pool_entropy_available(pool);
# endif
}
diff -up openssl-1.1.1i/include/crypto/fips.h.fips-post-rand openssl-1.1.1i/include/crypto/fips.h
--- openssl-1.1.1i/include/crypto/fips.h.fips-post-rand 2020-12-09 10:26:41.639106369 +0100
+++ openssl-1.1.1i/include/crypto/fips.h 2020-12-09 10:26:41.657106516 +0100
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
int FIPS_selftest_drbg(void);
int FIPS_selftest_cmac(void);
+int fips_in_post(void);
+
int fips_pkey_signature_test(EVP_PKEY *pkey,
const unsigned char *tbs, int tbslen,
const unsigned char *kat,
diff -up openssl-1.1.1i/include/crypto/rand.h.fips-post-rand openssl-1.1.1i/include/crypto/rand.h
--- openssl-1.1.1i/include/crypto/rand.h.fips-post-rand 2020-12-08 14:20:59.000000000 +0100
+++ openssl-1.1.1i/include/crypto/rand.h 2020-12-09 10:26:41.657106516 +0100
@@ -24,6 +24,7 @@
typedef struct rand_pool_st RAND_POOL;
void rand_cleanup_int(void);
+void rand_force_reseed(void);
void rand_drbg_cleanup_int(void);
void drbg_delete_thread_state(void);

File diff suppressed because it is too large Load Diff

View File

@ -1,500 +0,0 @@
diff -up openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl
--- openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl 2020-03-19 17:07:02.626522694 +0100
@@ -275,6 +275,7 @@ $code.=<<___;
.align 16
${PREFIX}_encrypt:
.cfi_startproc
+ endbranch
movups ($inp),$inout0 # load input
mov 240($key),$rounds # key->rounds
___
@@ -293,6 +294,7 @@ $code.=<<___;
.align 16
${PREFIX}_decrypt:
.cfi_startproc
+ endbranch
movups ($inp),$inout0 # load input
mov 240($key),$rounds # key->rounds
___
@@ -613,6 +615,7 @@ $code.=<<___;
.align 16
aesni_ecb_encrypt:
.cfi_startproc
+ endbranch
___
$code.=<<___ if ($win64);
lea -0x58(%rsp),%rsp
@@ -985,6 +988,7 @@ $code.=<<___;
.align 16
aesni_ccm64_encrypt_blocks:
.cfi_startproc
+ endbranch
___
$code.=<<___ if ($win64);
lea -0x58(%rsp),%rsp
@@ -1077,6 +1081,7 @@ $code.=<<___;
.align 16
aesni_ccm64_decrypt_blocks:
.cfi_startproc
+ endbranch
___
$code.=<<___ if ($win64);
lea -0x58(%rsp),%rsp
@@ -1203,6 +1208,7 @@ $code.=<<___;
.align 16
aesni_ctr32_encrypt_blocks:
.cfi_startproc
+ endbranch
cmp \$1,$len
jne .Lctr32_bulk
@@ -1775,6 +1781,7 @@ $code.=<<___;
.align 16
aesni_xts_encrypt:
.cfi_startproc
+ endbranch
lea (%rsp),%r11 # frame pointer
.cfi_def_cfa_register %r11
push %rbp
@@ -2258,6 +2265,7 @@ $code.=<<___;
.align 16
aesni_xts_decrypt:
.cfi_startproc
+ endbranch
lea (%rsp),%r11 # frame pointer
.cfi_def_cfa_register %r11
push %rbp
@@ -2783,6 +2791,7 @@ $code.=<<___;
.align 32
aesni_ocb_encrypt:
.cfi_startproc
+ endbranch
lea (%rsp),%rax
push %rbx
.cfi_push %rbx
@@ -3249,6 +3258,7 @@ __ocb_encrypt1:
.align 32
aesni_ocb_decrypt:
.cfi_startproc
+ endbranch
lea (%rsp),%rax
push %rbx
.cfi_push %rbx
@@ -3737,6 +3747,7 @@ $code.=<<___;
.align 16
${PREFIX}_cbc_encrypt:
.cfi_startproc
+ endbranch
test $len,$len # check length
jz .Lcbc_ret
diff -up openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl
--- openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl 2020-03-19 17:00:15.974621757 +0100
@@ -696,6 +696,7 @@ _vpaes_schedule_mangle:
.align 16
${PREFIX}_set_encrypt_key:
.cfi_startproc
+ endbranch
___
$code.=<<___ if ($win64);
lea -0xb8(%rsp),%rsp
@@ -746,6 +747,7 @@ $code.=<<___;
.align 16
${PREFIX}_set_decrypt_key:
.cfi_startproc
+ endbranch
___
$code.=<<___ if ($win64);
lea -0xb8(%rsp),%rsp
@@ -801,6 +803,7 @@ $code.=<<___;
.align 16
${PREFIX}_encrypt:
.cfi_startproc
+ endbranch
___
$code.=<<___ if ($win64);
lea -0xb8(%rsp),%rsp
@@ -846,6 +849,7 @@ $code.=<<___;
.align 16
${PREFIX}_decrypt:
.cfi_startproc
+ endbranch
___
$code.=<<___ if ($win64);
lea -0xb8(%rsp),%rsp
@@ -897,6 +901,7 @@ $code.=<<___;
.align 16
${PREFIX}_cbc_encrypt:
.cfi_startproc
+ endbranch
xchg $key,$len
___
($len,$key)=($key,$len);
diff -up openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.c
--- openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/async/arch/async_posix.c 2020-03-19 17:00:15.974621757 +0100
@@ -34,7 +34,9 @@ void async_local_cleanup(void)
int async_fibre_makecontext(async_fibre *fibre)
{
+#ifndef USE_SWAPCONTEXT
fibre->env_init = 0;
+#endif
if (getcontext(&fibre->fibre) == 0) {
fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE);
if (fibre->fibre.uc_stack.ss_sp != NULL) {
diff -up openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.h
--- openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet 2020-03-19 17:00:15.435631166 +0100
+++ openssl-1.1.1e/crypto/async/arch/async_posix.h 2020-03-19 17:00:15.975621739 +0100
@@ -25,17 +25,33 @@
# define ASYNC_POSIX
# define ASYNC_ARCH
+# ifdef __CET__
+/*
+ * When Intel CET is enabled, makecontext will create a different
+ * shadow stack for each context. async_fibre_swapcontext cannot
+ * use _longjmp. It must call swapcontext to swap shadow stack as
+ * well as normal stack.
+ */
+# define USE_SWAPCONTEXT
+# endif
# include <ucontext.h>
-# include <setjmp.h>
+# ifndef USE_SWAPCONTEXT
+# include <setjmp.h>
+# endif
typedef struct async_fibre_st {
ucontext_t fibre;
+# ifndef USE_SWAPCONTEXT
jmp_buf env;
int env_init;
+# endif
} async_fibre;
static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r)
{
+# ifdef USE_SWAPCONTEXT
+ swapcontext(&o->fibre, &n->fibre);
+# else
o->env_init = 1;
if (!r || !_setjmp(o->env)) {
@@ -44,6 +60,7 @@ static ossl_inline int async_fibre_swapc
else
setcontext(&n->fibre);
}
+# endif
return 1;
}
diff -up openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl
--- openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl 2020-03-19 17:00:15.975621739 +0100
@@ -685,6 +685,7 @@ $code.=<<___;
.align 16
Camellia_cbc_encrypt:
.cfi_startproc
+ endbranch
cmp \$0,%rdx
je .Lcbc_abort
push %rbx
diff -up openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl
--- openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl 2020-03-19 17:00:15.975621739 +0100
@@ -239,6 +239,7 @@ $code=<<___;
.align 16
gcm_gmult_4bit:
.cfi_startproc
+ endbranch
push %rbx
.cfi_push %rbx
push %rbp # %rbp and others are pushed exclusively in
@@ -286,6 +287,7 @@ $code.=<<___;
.align 16
gcm_ghash_4bit:
.cfi_startproc
+ endbranch
push %rbx
.cfi_push %rbx
push %rbp
@@ -612,6 +614,7 @@ $code.=<<___;
.align 16
gcm_gmult_clmul:
.cfi_startproc
+ endbranch
.L_gmult_clmul:
movdqu ($Xip),$Xi
movdqa .Lbswap_mask(%rip),$T3
@@ -663,6 +666,7 @@ $code.=<<___;
.align 32
gcm_ghash_clmul:
.cfi_startproc
+ endbranch
.L_ghash_clmul:
___
$code.=<<___ if ($win64);
@@ -1166,6 +1170,7 @@ $code.=<<___;
.align 32
gcm_gmult_avx:
.cfi_startproc
+ endbranch
jmp .L_gmult_clmul
.cfi_endproc
.size gcm_gmult_avx,.-gcm_gmult_avx
@@ -1177,6 +1182,7 @@ $code.=<<___;
.align 32
gcm_ghash_avx:
.cfi_startproc
+ endbranch
___
if ($avx) {
my ($Xip,$Htbl,$inp,$len)=@_4args;
diff -up openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet openssl-1.1.1e/crypto/perlasm/cbc.pl
--- openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/perlasm/cbc.pl 2020-03-19 17:00:15.976621722 +0100
@@ -165,21 +165,28 @@ sub cbc
&jmp_ptr($count);
&set_label("ej7");
+ &endbranch()
&movb(&HB("edx"), &BP(6,$in,"",0));
&shl("edx",8);
&set_label("ej6");
+ &endbranch()
&movb(&HB("edx"), &BP(5,$in,"",0));
&set_label("ej5");
+ &endbranch()
&movb(&LB("edx"), &BP(4,$in,"",0));
&set_label("ej4");
+ &endbranch()
&mov("ecx", &DWP(0,$in,"",0));
&jmp(&label("ejend"));
&set_label("ej3");
+ &endbranch()
&movb(&HB("ecx"), &BP(2,$in,"",0));
&shl("ecx",8);
&set_label("ej2");
+ &endbranch()
&movb(&HB("ecx"), &BP(1,$in,"",0));
&set_label("ej1");
+ &endbranch()
&movb(&LB("ecx"), &BP(0,$in,"",0));
&set_label("ejend");
diff -up openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl
--- openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl 2020-03-19 17:00:15.984621582 +0100
@@ -101,6 +101,33 @@ elsif (!$gas)
$decor="\$L\$";
}
+my $cet_property;
+if ($flavour =~ /elf/) {
+ # Always generate .note.gnu.property section for ELF outputs to
+ # mark Intel CET support since all input files must be marked
+ # with Intel CET support in order for linker to mark output with
+ # Intel CET support.
+ my $p2align=3; $p2align=2 if ($flavour eq "elf32");
+ $cet_property = <<_____;
+ .section ".note.gnu.property", "a"
+ .p2align $p2align
+ .long 1f - 0f
+ .long 4f - 1f
+ .long 5
+0:
+ .asciz "GNU"
+1:
+ .p2align $p2align
+ .long 0xc0000002
+ .long 3f - 2f
+2:
+ .long 3
+3:
+ .p2align $p2align
+4:
+_____
+}
+
my $current_segment;
my $current_function;
my %globals;
@@ -1213,6 +1240,7 @@ while(defined(my $line=<>)) {
print $line,"\n";
}
+print "$cet_property" if ($cet_property);
print "\n$current_segment\tENDS\n" if ($current_segment && $masm);
print "END\n" if ($masm);
diff -up openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86gas.pl
--- openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/perlasm/x86gas.pl 2020-03-19 17:00:15.985621565 +0100
@@ -124,6 +124,7 @@ sub ::function_begin_B
push(@out,".align\t$align\n");
push(@out,"$func:\n");
push(@out,"$begin:\n") if ($global);
+ &::endbranch();
$::stack=4;
}
@@ -172,6 +173,26 @@ sub ::file_end
else { push (@out,"$tmp\n"); }
}
push(@out,$initseg) if ($initseg);
+ if ($::elf) {
+ push(@out,"
+ .section \".note.gnu.property\", \"a\"
+ .p2align 2
+ .long 1f - 0f
+ .long 4f - 1f
+ .long 5
+0:
+ .asciz \"GNU\"
+1:
+ .p2align 2
+ .long 0xc0000002
+ .long 3f - 2f
+2:
+ .long 3
+3:
+ .p2align 2
+4:
+");
+ }
}
sub ::data_byte { push(@out,".byte\t".join(',',@_)."\n"); }
diff -up openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl
--- openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet 2020-03-19 17:00:38.185234015 +0100
+++ openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl 2020-03-19 17:05:46.575850341 +0100
@@ -2806,6 +2806,7 @@ $code.=<<___;
.align 32
poly1305_blocks_vpmadd52:
.cfi_startproc
+ endbranch
shr \$4,$len
jz .Lno_data_vpmadd52 # too short
@@ -3739,6 +3740,7 @@ $code.=<<___;
.align 32
poly1305_emit_base2_44:
.cfi_startproc
+ endbranch
mov 0($ctx),%r8 # load hash value
mov 8($ctx),%r9
mov 16($ctx),%r10
diff -up openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl
--- openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet 2020-03-19 17:00:38.190233928 +0100
+++ openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl 2020-03-19 17:05:02.598618064 +0100
@@ -140,6 +140,7 @@ $code=<<___;
.align 16
RC4:
.cfi_startproc
+ endbranch
or $len,$len
jne .Lentry
ret
@@ -455,6 +456,7 @@ $code.=<<___;
.align 16
RC4_set_key:
.cfi_startproc
+ endbranch
lea 8($dat),$dat
lea ($inp,$len),$inp
neg $len
@@ -529,6 +531,7 @@ RC4_set_key:
.align 16
RC4_options:
.cfi_startproc
+ endbranch
lea .Lopts(%rip),%rax
mov OPENSSL_ia32cap_P(%rip),%edx
bt \$20,%edx
diff -up openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet openssl-1.1.1e/crypto/x86_64cpuid.pl
--- openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/x86_64cpuid.pl 2020-03-19 17:03:58.172742775 +0100
@@ -40,6 +40,7 @@ print<<___;
.align 16
OPENSSL_atomic_add:
.cfi_startproc
+ endbranch
movl ($arg1),%eax
.Lspin: leaq ($arg2,%rax),%r8
.byte 0xf0 # lock
@@ -56,6 +57,7 @@ OPENSSL_atomic_add:
.align 16
OPENSSL_rdtsc:
.cfi_startproc
+ endbranch
rdtsc
shl \$32,%rdx
or %rdx,%rax
@@ -68,6 +70,7 @@ OPENSSL_rdtsc:
.align 16
OPENSSL_ia32_cpuid:
.cfi_startproc
+ endbranch
mov %rbx,%r8 # save %rbx
.cfi_register %rbx,%r8
@@ -237,6 +240,7 @@ OPENSSL_ia32_cpuid:
.align 16
OPENSSL_cleanse:
.cfi_startproc
+ endbranch
xor %rax,%rax
cmp \$15,$arg2
jae .Lot
@@ -274,6 +278,7 @@ OPENSSL_cleanse:
.align 16
CRYPTO_memcmp:
.cfi_startproc
+ endbranch
xor %rax,%rax
xor %r10,%r10
cmp \$0,$arg3
@@ -312,6 +317,7 @@ print<<___ if (!$win64);
.align 16
OPENSSL_wipe_cpu:
.cfi_startproc
+ endbranch
pxor %xmm0,%xmm0
pxor %xmm1,%xmm1
pxor %xmm2,%xmm2
@@ -346,6 +352,8 @@ print<<___ if ($win64);
.type OPENSSL_wipe_cpu,\@abi-omnipotent
.align 16
OPENSSL_wipe_cpu:
+.cfi_startproc
+ endbranch
pxor %xmm0,%xmm0
pxor %xmm1,%xmm1
pxor %xmm2,%xmm2
@@ -376,6 +384,7 @@ print<<___;
.align 16
OPENSSL_instrument_bus:
.cfi_startproc
+ endbranch
mov $arg1,$out # tribute to Win64
mov $arg2,$cnt
mov $arg2,$max
@@ -410,6 +419,7 @@ OPENSSL_instrument_bus:
.align 16
OPENSSL_instrument_bus2:
.cfi_startproc
+ endbranch
mov $arg1,$out # tribute to Win64
mov $arg2,$cnt
mov $arg3,$max
@@ -465,6 +475,7 @@ print<<___;
.align 16
OPENSSL_ia32_${rdop}_bytes:
.cfi_startproc
+ endbranch
xor %rax, %rax # return value
cmp \$0,$arg2
je .Ldone_${rdop}_bytes

View File

@ -1,170 +0,0 @@
diff -up openssl-1.1.1g/crypto/fips/build.info.kdf-selftest openssl-1.1.1g/crypto/fips/build.info
--- openssl-1.1.1g/crypto/fips/build.info.kdf-selftest 2020-06-03 16:08:36.274849058 +0200
+++ openssl-1.1.1g/crypto/fips/build.info 2020-06-03 16:11:05.609079372 +0200
@@ -5,7 +5,7 @@ SOURCE[../../libcrypto]=\
fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
- fips_dh_selftest.c fips_ers.c
+ fips_dh_selftest.c fips_kdf_selftest.c fips_ers.c
PROGRAMS_NO_INST=\
fips_standalone_hmac
diff -up openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c
--- openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest 2020-06-03 16:08:36.337849577 +0200
+++ openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c 2020-06-03 16:08:36.337849577 +0200
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include "crypto/fips.h"
+
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+
+#ifdef OPENSSL_FIPS
+int FIPS_selftest_pbkdf2(void)
+{
+ int ret = 0;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[32];
+
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+ goto err;
+ }
+
+ {
+ const unsigned char expected[sizeof(out)] = {
+ 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
+ 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
+ 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
+ 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
+ };
+ if (memcmp(out, expected, sizeof(expected))) {
+ goto err;
+ }
+ }
+ ret = 1;
+
+err:
+ if (!ret)
+ FIPSerr(FIPS_F_FIPS_SELFTEST_PBKDF2, FIPS_R_SELFTEST_FAILED);
+ EVP_KDF_CTX_free(kctx);
+ return ret;
+}
+
+/* Test vector from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
+ * 5) appendix A. */
+int FIPS_selftest_kbkdf(void)
+{
+ int ret = 0;
+ EVP_KDF_CTX *kctx;
+ char *label = "prf", *prf_input = "test";
+ static unsigned char input_key[] = {
+ 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
+ 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
+ };
+ static unsigned char output[] = {
+ 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
+ 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
+ 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
+ 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
+ };
+ unsigned char result[sizeof(output)] = { 0 };
+
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_KB)) == NULL) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, EVP_KDF_KB_MAC_TYPE_HMAC) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, input_key, sizeof(input_key)) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, label, strlen(label)) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_INFO, prf_input, strlen(prf_input)) <= 0) {
+ goto err;
+ }
+ ret = EVP_KDF_derive(kctx, result, sizeof(result)) > 0
+ && memcmp(result, output, sizeof(output)) == 0;
+err:
+
+ if (!ret)
+ FIPSerr(FIPS_F_FIPS_SELFTEST_KBKDF, FIPS_R_SELFTEST_FAILED);
+ EVP_KDF_CTX_free(kctx);
+ return ret;
+}
+
+int FIPS_selftest_kdf(void)
+{
+ return FIPS_selftest_pbkdf2() && FIPS_selftest_kbkdf();
+}
+
+#endif
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_post.c
--- openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest 2020-06-03 16:08:36.332849536 +0200
+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-06-03 16:08:36.338849585 +0200
@@ -111,6 +111,8 @@ int FIPS_selftest(void)
rv = 0;
if (!FIPS_selftest_ecdh())
rv = 0;
+ if (!FIPS_selftest_kdf())
+ rv = 0;
return rv;
}
diff -up openssl-1.1.1g/include/crypto/fips.h.kdf-selftest openssl-1.1.1g/include/crypto/fips.h
--- openssl-1.1.1g/include/crypto/fips.h.kdf-selftest 2020-06-03 16:08:36.330849519 +0200
+++ openssl-1.1.1g/include/crypto/fips.h 2020-06-03 16:08:36.338849585 +0200
@@ -72,6 +72,9 @@ void FIPS_drbg_stick(int onoff);
int FIPS_selftest_hmac(void);
int FIPS_selftest_drbg(void);
int FIPS_selftest_cmac(void);
+int FIPS_selftest_kbkdf(void);
+int FIPS_selftest_pbkdf2(void);
+int FIPS_selftest_kdf(void);
int fips_in_post(void);
diff -up openssl-1.1.1g/include/openssl/fips.h.kdf-selftest openssl-1.1.1g/include/openssl/fips.h
--- openssl-1.1.1g/include/openssl/fips.h.kdf-selftest 2020-06-03 16:08:36.282849124 +0200
+++ openssl-1.1.1g/include/openssl/fips.h 2020-06-03 16:08:36.338849585 +0200
@@ -123,6 +123,8 @@ extern "C" {
# define FIPS_F_FIPS_SELFTEST_DSA 112
# define FIPS_F_FIPS_SELFTEST_ECDSA 133
# define FIPS_F_FIPS_SELFTEST_HMAC 113
+# define FIPS_F_FIPS_SELFTEST_KBKDF 151
+# define FIPS_F_FIPS_SELFTEST_PBKDF2 152
# define FIPS_F_FIPS_SELFTEST_SHA1 115
# define FIPS_F_FIPS_SELFTEST_SHA2 105
# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143

File diff suppressed because it is too large Load Diff

View File

@ -1,19 +0,0 @@
diff -up openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename openssl-1.1.1-pre9/doc/man1/openssl.pod
--- openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename 2018-08-21 14:14:13.000000000 +0200
+++ openssl-1.1.1-pre9/doc/man1/openssl.pod 2018-08-22 12:13:04.092568064 +0200
@@ -482,13 +482,13 @@ L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>
L<ec(1)>, L<ecparam(1)>,
L<enc(1)>, L<engine(1)>, L<errstr(1)>, L<gendsa(1)>, L<genpkey(1)>,
L<genrsa(1)>, L<nseq(1)>, L<ocsp(1)>,
-L<passwd(1)>,
L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>,
L<pkey(1)>, L<pkeyparam(1)>, L<pkeyutl(1)>, L<prime(1)>,
-L<rand(1)>, L<rehash(1)>, L<req(1)>, L<rsa(1)>,
+L<rehash(1)>, L<req(1)>, L<rsa(1)>,
L<rsautl(1)>, L<s_client(1)>,
L<s_server(1)>, L<s_time(1)>, L<sess_id(1)>,
L<smime(1)>, L<speed(1)>, L<spkac(1)>, L<srp(1)>, L<storeutl(1)>,
+L<sslpasswd(1)>, L<sslrand(1)>,
L<ts(1)>,
L<verify(1)>, L<version(1)>, L<x509(1)>,
L<crypto(7)>, L<ssl(7)>, L<x509v3_config(5)>

View File

@ -1,112 +0,0 @@
diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in
--- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in 2019-09-13 15:11:07.358687169 +0200
@@ -147,22 +147,22 @@ our @tests = (
{
name => "ECDSA with brainpool",
server => {
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
- "Groups" => "brainpoolP256r1",
+ "Certificate" => test_pem("server-ecdsa-cert.pem"),
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
+# "Groups" => "brainpoolP256r1",
},
client => {
#We don't restrict this to TLSv1.2, although use of brainpool
#should force this anyway so that this should succeed
"CipherString" => "aECDSA",
"RequestCAFile" => test_pem("root-cert.pem"),
- "Groups" => "brainpoolP256r1",
+# "Groups" => "brainpoolP256r1",
},
test => {
- "ExpectedServerCertType" =>, "brainpoolP256r1",
- "ExpectedServerSignType" =>, "EC",
+# "ExpectedServerCertType" =>, "brainpoolP256r1",
+# "ExpectedServerSignType" =>, "EC",
# Note: certificate_authorities not sent for TLS < 1.3
- "ExpectedServerCANames" =>, "empty",
+# "ExpectedServerCANames" =>, "empty",
"ExpectedResult" => "Success"
},
},
@@ -853,18 +853,18 @@ my @tests_tls_1_3 = (
{
name => "TLS 1.3 ECDSA with brainpool",
server => {
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
- "Groups" => "brainpoolP256r1",
+ "Certificate" => test_pem("server-ecdsa-cert.pem"),
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
+# "Groups" => "brainpoolP256r1",
},
client => {
"RequestCAFile" => test_pem("root-cert.pem"),
- "Groups" => "brainpoolP256r1",
+# "Groups" => "brainpoolP256r1",
"MinProtocol" => "TLSv1.3",
"MaxProtocol" => "TLSv1.3"
},
test => {
- "ExpectedResult" => "ServerFail"
+ "ExpectedResult" => "Success"
},
},
);
diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf
--- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf 2019-09-13 15:12:27.380288469 +0200
@@ -238,23 +238,18 @@ server = 5-ECDSA with brainpool-server
client = 5-ECDSA with brainpool-client
[5-ECDSA with brainpool-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
CipherString = DEFAULT
-Groups = brainpoolP256r1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
[5-ECDSA with brainpool-client]
CipherString = aECDSA
-Groups = brainpoolP256r1
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-5]
ExpectedResult = Success
-ExpectedServerCANames = empty
-ExpectedServerCertType = brainpoolP256r1
-ExpectedServerSignType = EC
# ===========================================================
@@ -1713,14 +1708,12 @@ server = 52-TLS 1.3 ECDSA with brainpool
client = 52-TLS 1.3 ECDSA with brainpool-client
[52-TLS 1.3 ECDSA with brainpool-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
CipherString = DEFAULT
-Groups = brainpoolP256r1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
[52-TLS 1.3 ECDSA with brainpool-client]
CipherString = DEFAULT
-Groups = brainpoolP256r1
MaxProtocol = TLSv1.3
MinProtocol = TLSv1.3
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
@@ -1728,7 +1721,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
VerifyMode = Peer
[test-52]
-ExpectedResult = ServerFail
+ExpectedResult = Success
# ===========================================================

View File

@ -1,12 +0,0 @@
diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html openssl-1.1.1f/Configurations/unix-Makefile.tmpl
--- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html 2020-04-07 16:45:21.904083989 +0200
+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-04-07 16:45:56.218461895 +0200
@@ -544,7 +544,7 @@ install_sw: install_dev install_engines
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
-install_docs: install_man_docs install_html_docs
+install_docs: install_man_docs
uninstall_docs: uninstall_man_docs uninstall_html_docs
$(RM) -r "$(DESTDIR)$(DOCDIR)"

View File

@ -1,26 +0,0 @@
diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c
--- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify 2019-02-26 15:15:30.000000000 +0100
+++ openssl-1.1.1b/crypto/asn1/a_verify.c 2019-02-28 11:25:31.531862873 +0100
@@ -7,6 +7,9 @@
* https://www.openssl.org/source/license.html
*/
+/* for secure_getenv */
+#define _GNU_SOURCE
+
#include <stdio.h>
#include <time.h>
#include <sys/types.h>
@@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
if (ret != 2)
goto err;
ret = -1;
+ } else if ((mdnid == NID_md5
+ && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
+ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+ goto err;
} else {
const EVP_MD *type = EVP_get_digestbynid(mdnid);

View File

@ -1,170 +0,0 @@
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_lib.c
--- openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200
+++ openssl-1.1.1g/crypto/fips/fips_drbg_lib.c 2020-06-22 13:32:47.675852917 +0200
@@ -337,6 +337,19 @@ static int drbg_reseed(DRBG_CTX *dctx,
int FIPS_drbg_reseed(DRBG_CTX *dctx,
const unsigned char *adin, size_t adinlen)
{
+ int len = (int)adinlen;
+
+ if (len < 0 || (size_t)len != adinlen) {
+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
+ return 0;
+ }
+ RAND_seed(adin, len);
+ return 1;
+}
+
+int FIPS_drbg_reseed_internal(DRBG_CTX *dctx,
+ const unsigned char *adin, size_t adinlen)
+{
return drbg_reseed(dctx, adin, adinlen, 1);
}
@@ -358,6 +371,19 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, u
int prediction_resistance,
const unsigned char *adin, size_t adinlen)
{
+ int len = (int)outlen;
+
+ if (len < 0 || (size_t)len != outlen) {
+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG);
+ return 0;
+ }
+ return RAND_bytes(out, len);
+}
+
+int FIPS_drbg_generate_internal(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
+ int prediction_resistance,
+ const unsigned char *adin, size_t adinlen)
+{
int r = 0;
if (FIPS_selftest_failed()) {
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_rand.c
--- openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200
+++ openssl-1.1.1g/crypto/fips/fips_drbg_rand.c 2020-06-22 13:32:47.675852917 +0200
@@ -57,6 +57,8 @@
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/fips.h>
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c
--- openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg 2020-06-22 13:32:47.612852927 +0200
+++ openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c 2020-06-22 13:32:47.675852917 +0200
@@ -55,6 +55,8 @@
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/fips.h>
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
#include "fips_locl.h"
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_post.c
--- openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200
+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-06-22 13:32:47.675852917 +0200
@@ -79,8 +79,6 @@ int FIPS_selftest(void)
ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
rv = 0;
}
- if (!FIPS_selftest_drbg())
- rv = 0;
if (!FIPS_selftest_sha1())
rv = 0;
if (!FIPS_selftest_sha2())
diff -up openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_rand_lib.c
--- openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.613852927 +0200
+++ openssl-1.1.1g/crypto/fips/fips_rand_lib.c 2020-06-22 13:36:28.722817967 +0200
@@ -120,6 +120,7 @@ void FIPS_rand_reset(void)
int FIPS_rand_seed(const void *buf, int num)
{
+#if 0
if (!fips_approved_rand_meth && FIPS_module_mode()) {
FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
return 0;
@@ -127,10 +128,15 @@ int FIPS_rand_seed(const void *buf, int
if (fips_rand_meth && fips_rand_meth->seed)
fips_rand_meth->seed(buf, num);
return 1;
+#else
+ RAND_seed(buf, num);
+ return 1;
+#endif
}
int FIPS_rand_bytes(unsigned char *buf, int num)
{
+#if 0
if (!fips_approved_rand_meth && FIPS_module_mode()) {
FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
return 0;
@@ -138,10 +144,14 @@ int FIPS_rand_bytes(unsigned char *buf,
if (fips_rand_meth && fips_rand_meth->bytes)
return fips_rand_meth->bytes(buf, num);
return 0;
+#else
+ return RAND_bytes(buf, num);
+#endif
}
int FIPS_rand_status(void)
{
+#if 0
if (!fips_approved_rand_meth && FIPS_module_mode()) {
FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
return 0;
@@ -149,6 +159,9 @@ int FIPS_rand_status(void)
if (fips_rand_meth && fips_rand_meth->status)
return fips_rand_meth->status();
return 0;
+#else
+ return RAND_status();
+#endif
}
/* Return instantiated strength of PRNG. For DRBG this is an internal
diff -up openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips.h
--- openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200
+++ openssl-1.1.1g/include/openssl/fips.h 2020-06-22 13:32:47.675852917 +0200
@@ -64,6 +64,11 @@ extern "C" {
int FIPS_selftest(void);
int FIPS_selftest_failed(void);
+
+ /*
+ * This function is deprecated as it performs selftest of the old FIPS drbg
+ * implementation that is not validated.
+ */
int FIPS_selftest_drbg_all(void);
int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
diff -up openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips_rand.h
--- openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg 2020-06-22 13:32:47.617852926 +0200
+++ openssl-1.1.1g/include/openssl/fips_rand.h 2020-06-22 13:32:47.675852917 +0200
@@ -60,6 +60,20 @@
# ifdef __cplusplus
extern "C" {
# endif
+
+/*
+ * IMPORTANT NOTE:
+ * All functions in this header file are deprecated and should not be used
+ * as they use the old FIPS_drbg implementation that is not FIPS validated
+ * anymore.
+ * To provide backwards compatibility for applications that need FIPS compliant
+ * RNG number generation and use FIPS_drbg_generate, this function was
+ * re-wired to call the FIPS validated DRBG instance instead through
+ * the RAND_bytes() call.
+ *
+ * All these functions will be removed in future.
+ */
+
typedef struct drbg_ctx_st DRBG_CTX;
/* DRBG external flags */
/* Flag for CTR mode only: use derivation function ctr_df */

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -1,160 +0,0 @@
diff -up openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1g/crypto/x509/x509_vfy.c
--- openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/crypto/x509/x509_vfy.c 2020-06-05 17:16:54.835536823 +0200
@@ -3225,6 +3225,7 @@ static int build_chain(X509_STORE_CTX *c
}
static const int minbits_table[] = { 80, 112, 128, 192, 256 };
+static const int minbits_digest_table[] = { 80, 80, 128, 192, 256 };
static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table);
/*
@@ -3276,6 +3277,11 @@ static int check_sig_level(X509_STORE_CT
if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
return 0;
-
- return secbits >= minbits_table[level - 1];
+ /*
+ * Allow SHA1 in SECLEVEL 2 in non-FIPS mode or when the magic
+ * disable SHA1 flag is not set.
+ */
+ if ((ctx->param->flags & 0x40000000) || FIPS_mode())
+ return secbits >= minbits_table[level - 1];
+ return secbits >= minbits_digest_table[level - 1];
}
diff -up openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod
--- openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod 2020-06-04 15:48:01.608178833 +0200
@@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited
=item B<Level 2>
-Security level set to 112 bits of security. As a result RSA, DSA and DH keys
-shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited.
+Security level set to 112 bits of security with the exception of SHA1 allowed
+for signatures.
+As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys
+shorter than 224 bits are prohibited.
In addition to the level 1 exclusions any cipher suite using RC4 is also
prohibited. SSL version 3 is also not allowed. Compression is disabled.
diff -up openssl-1.1.1g/ssl/ssl_cert.c.seclevel openssl-1.1.1g/ssl/ssl_cert.c
--- openssl-1.1.1g/ssl/ssl_cert.c.seclevel 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/ssl/ssl_cert.c 2020-06-05 17:10:11.842198401 +0200
@@ -27,6 +27,7 @@
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
int op, int bits, int nid, void *other,
void *ex);
+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx);
static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
static volatile int ssl_x509_store_ctx_idx = -1;
@@ -396,7 +397,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_
X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s));
/* Set suite B flags if needed */
- X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
+ X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s) | sha1_disable(s, NULL));
if (!X509_STORE_CTX_set_ex_data
(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
goto end;
@@ -953,12 +954,33 @@ static int ssl_security_default_callback
return 0;
break;
default:
+ /* allow SHA1 in SECLEVEL 2 in non FIPS mode */
+ if (nid == NID_sha1 && minbits == 112 && !sha1_disable(s, ctx))
+ break;
if (bits < minbits)
return 0;
}
return 1;
}
+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx)
+{
+ unsigned long ret = 0x40000000; /* a magical internal value used by X509_VERIFY_PARAM */
+ const CERT *c;
+
+ if (FIPS_mode())
+ return ret;
+
+ if (ctx != NULL) {
+ c = ctx->cert;
+ } else {
+ c = s->cert;
+ }
+ if (tls1_cert_sigalgs_have_sha1(c))
+ return 0;
+ return ret;
+}
+
int ssl_security(const SSL *s, int op, int bits, int nid, void *other)
{
return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex);
diff -up openssl-1.1.1g/ssl/ssl_local.h.seclevel openssl-1.1.1g/ssl/ssl_local.h
--- openssl-1.1.1g/ssl/ssl_local.h.seclevel 2020-06-04 15:48:01.602178783 +0200
+++ openssl-1.1.1g/ssl/ssl_local.h 2020-06-05 17:02:22.666313410 +0200
@@ -2576,6 +2576,7 @@ __owur int tls1_save_sigalgs(SSL *s, PAC
__owur int tls1_process_sigalgs(SSL *s);
__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
+int tls1_cert_sigalgs_have_sha1(const CERT *c);
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
# ifndef OPENSSL_NO_EC
__owur int tls_check_sigalg_curve(const SSL *s, int curve);
diff -up openssl-1.1.1g/ssl/t1_lib.c.seclevel openssl-1.1.1g/ssl/t1_lib.c
--- openssl-1.1.1g/ssl/t1_lib.c.seclevel 2020-06-04 15:48:01.654179221 +0200
+++ openssl-1.1.1g/ssl/t1_lib.c 2020-06-05 17:02:40.268459157 +0200
@@ -2145,6 +2145,36 @@ int tls1_set_sigalgs(CERT *c, const int
return 0;
}
+static int tls1_sigalgs_have_sha1(const uint16_t *sigalgs, size_t sigalgslen)
+{
+ size_t i;
+
+ for (i = 0; i < sigalgslen; i++, sigalgs++) {
+ const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs);
+
+ if (lu == NULL)
+ continue;
+ if (lu->hash == NID_sha1)
+ return 1;
+ }
+ return 0;
+}
+
+
+int tls1_cert_sigalgs_have_sha1(const CERT *c)
+{
+ if (c->client_sigalgs != NULL) {
+ if (tls1_sigalgs_have_sha1(c->client_sigalgs, c->client_sigalgslen))
+ return 1;
+ }
+ if (c->conf_sigalgs != NULL) {
+ if (tls1_sigalgs_have_sha1(c->conf_sigalgs, c->conf_sigalgslen))
+ return 1;
+ return 0;
+ }
+ return 1;
+}
+
static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid)
{
int sig_nid, use_pc_sigalgs = 0;
diff -up openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel openssl-1.1.1g/test/recipes/25-test_verify.t
--- openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/test/recipes/25-test_verify.t 2020-06-04 15:48:01.608178833 +0200
@@ -346,8 +346,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver
ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
"CA with PSS signature using SHA256");
-ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
- "Reject PSS signature using SHA1 and auth level 2");
+ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"),
+ "Reject PSS signature using SHA1 and auth level 3");
ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
"PSS signature using SHA256 and auth level 2");

File diff suppressed because it is too large Load Diff

View File

@ -1,70 +0,0 @@
diff -up openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default openssl-1.1.1h/apps/openssl.cnf
--- openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default 2020-11-06 11:07:28.850100899 +0100
+++ openssl-1.1.1h/apps/openssl.cnf 2020-11-06 11:11:28.042913791 +0100
@@ -364,5 +348,5 @@ tsa_name = yes # Must the TSA name be i
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
-ess_cert_id_alg = sha1 # algorithm to compute certificate
+ess_cert_id_alg = sha256 # algorithm to compute certificate
# identifier (optional, default: sha1)
diff -up openssl-1.1.1h/apps/ts.c.ts-sha256-default openssl-1.1.1h/apps/ts.c
--- openssl-1.1.1h/apps/ts.c.ts-sha256-default 2020-09-22 14:55:07.000000000 +0200
+++ openssl-1.1.1h/apps/ts.c 2020-11-06 11:07:28.883101220 +0100
@@ -423,7 +423,7 @@ static TS_REQ *create_query(BIO *data_bi
ASN1_OBJECT *policy_obj = NULL;
ASN1_INTEGER *nonce_asn1 = NULL;
- if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
+ if (md == NULL && (md = EVP_get_digestbyname("sha256")) == NULL)
goto err;
if ((ts_req = TS_REQ_new()) == NULL)
goto err;
diff -up openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default openssl-1.1.1h/crypto/ts/ts_conf.c
--- openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default 2020-11-06 12:03:51.226372867 +0100
+++ openssl-1.1.1h/crypto/ts/ts_conf.c 2020-11-06 12:04:01.713488990 +0100
@@ -476,7 +476,7 @@ int TS_CONF_set_ess_cert_id_digest(CONF
const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG);
if (md == NULL)
- md = "sha1";
+ md = "sha256";
cert_md = EVP_get_digestbyname(md);
if (cert_md == NULL) {
diff -up openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default openssl-1.1.1h/doc/man1/ts.pod
--- openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default 2020-09-22 14:55:07.000000000 +0200
+++ openssl-1.1.1h/doc/man1/ts.pod 2020-11-06 11:07:28.883101220 +0100
@@ -518,7 +518,7 @@ included. Default is no. (Optional)
=item B<ess_cert_id_alg>
This option specifies the hash function to be used to calculate the TSA's
-public key certificate identifier. Default is sha1. (Optional)
+public key certificate identifier. Default is sha256. (Optional)
=back
@@ -530,7 +530,7 @@ openssl/apps/openssl.cnf will do.
=head2 Time Stamp Request
-To create a timestamp request for design1.txt with SHA-1
+To create a timestamp request for design1.txt with SHA-256
without nonce and policy and no certificate is required in the response:
openssl ts -query -data design1.txt -no_nonce \
@@ -546,12 +546,12 @@ To print the content of the previous req
openssl ts -query -in design1.tsq -text
-To create a timestamp request which includes the MD-5 digest
+To create a timestamp request which includes the SHA-512 digest
of design2.txt, requests the signer certificate and nonce,
specifies a policy id (assuming the tsa_policy1 name is defined in the
OID section of the config file):
- openssl ts -query -data design2.txt -md5 \
+ openssl ts -query -data design2.txt -sha512 \
-tspolicy tsa_policy1 -cert -out design2.tsq
=head2 Time Stamp Response

View File

@ -1,38 +0,0 @@
diff -up openssl-1.1.1-pre8/apps/version.c.version-add-engines openssl-1.1.1-pre8/apps/version.c
--- openssl-1.1.1-pre8/apps/version.c.version-add-engines 2018-06-20 16:48:09.000000000 +0200
+++ openssl-1.1.1-pre8/apps/version.c 2018-07-16 18:00:40.608624346 +0200
@@ -64,7 +64,7 @@ int version_main(int argc, char **argv)
{
int ret = 1, dirty = 0, seed = 0;
int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
- int engdir = 0;
+ int engdir = 0, engines = 0;
char *prog;
OPTION_CHOICE o;
@@ -106,7 +106,7 @@ opthelp:
break;
case OPT_A:
seed = options = cflags = version = date = platform = dir = engdir
- = 1;
+ = engines = 1;
break;
}
}
@@ -188,6 +188,16 @@ opthelp:
#endif
printf("\n");
}
+ if (engines) {
+ ENGINE *e;
+ printf("engines: ");
+ e = ENGINE_get_first();
+ while (e) {
+ printf("%s ", ENGINE_get_id(e));
+ e = ENGINE_get_next(e);
+ }
+ printf("\n");
+ }
ret = 0;
end:
return ret;

View File

@ -1,12 +0,0 @@
diff -up openssl-1.1.1i/include/openssl/opensslv.h.version-override openssl-1.1.1i/include/openssl/opensslv.h
--- openssl-1.1.1i/include/openssl/opensslv.h.version-override 2020-12-09 10:25:12.042374409 +0100
+++ openssl-1.1.1i/include/openssl/opensslv.h 2020-12-09 10:26:00.362769170 +0100
@@ -40,7 +40,7 @@ extern "C" {
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x101010bfL
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1k 25 Mar 2021"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1k FIPS 25 Mar 2021"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)

View File

@ -1,57 +0,0 @@
diff -up openssl-1.1.1/ssl/s3_lib.c.weak-ciphers openssl-1.1.1/ssl/s3_lib.c
--- openssl-1.1.1/ssl/s3_lib.c.weak-ciphers 2018-09-11 14:48:23.000000000 +0200
+++ openssl-1.1.1/ssl/s3_lib.c 2018-09-17 12:53:33.850637181 +0200
@@ -2612,7 +2612,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_GOST89MAC,
TLS1_VERSION, TLS1_2_VERSION,
0, 0,
- SSL_HIGH,
+ SSL_MEDIUM,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
256,
256,
@@ -2644,7 +2644,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_GOST89MAC12,
TLS1_VERSION, TLS1_2_VERSION,
0, 0,
- SSL_HIGH,
+ SSL_MEDIUM,
SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
256,
256,
@@ -2753,7 +2753,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
},
#endif /* OPENSSL_NO_SEED */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+#if 0 /* No MD5 ciphersuites */
{
1,
SSL3_TXT_RSA_RC4_128_MD5,
@@ -2770,6 +2770,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_RSA_RC4_128_SHA,
@@ -2786,6 +2788,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
+#endif
+#if 0
{
1,
SSL3_TXT_ADH_RC4_128_MD5,
@@ -2802,6 +2806,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,

File diff suppressed because it is too large Load Diff

View File

@ -1 +1 @@
SHA512 (openssl-1.1.1k-hobbled.tar.xz) = b5282e40af8f28f7a859dfddeb269f3a4b0f4fb535de330dfd3ad14a123b57fe66e3880c6c9aacf49865175b1f7f6c88cae31451a99d4ac2b2cb1c5135d4ada9
SHA512 (openssl-3.0.0-hobbled.tar.xz) = aeb6834de96bbf53b0e287c9f0ed866100d30dd02b694fd7142da855ac10074c9ad77cd7c1c688890094f31fd2ee5b5610a7ba1112775b94ae80ba51c66e0b27

View File

@ -1,63 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/openssl/Sanity/simple-rsapss-test
# Description: Test if RSA-PSS signature scheme is supported
# Author: Hubert Kario <hkario@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/openssl/Sanity/simple-rsapss-test
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
-include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Hubert Kario <hkario@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Test if RSA-PSS signature scheme is supported" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 1m" >> $(METADATA)
@echo "RunFor: openssl" >> $(METADATA)
@echo "Requires: openssl man man-db" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
rhts-lint $(METADATA)

View File

@ -1,3 +0,0 @@
PURPOSE of /CoreOS/openssl/Sanity/simple-rsapss-test
Description: Test if RSA-PSS signature scheme is supported
Author: Hubert Kario <hkario@redhat.com>

View File

@ -1,74 +0,0 @@
#!/bin/bash
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/openssl/Sanity/simple-rsapss-test
# Description: Test if RSA-PSS signature scheme is supported
# Author: Hubert Kario <hkario@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="openssl"
PUB_KEY="rsa_pubkey.pem"
PRIV_KEY="rsa_key.pem"
FILE="text.txt"
SIG="text.sig"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlRun "openssl genrsa -out $PRIV_KEY 2048" 0 "Generate RSA key"
rlRun "openssl rsa -in $PRIV_KEY -out $PUB_KEY -pubout" 0 "Split the public key from private key"
rlRun "echo 'sign me!' > $FILE" 0 "Create file for signing"
rlAssertExists $FILE
rlAssertExists $PRIV_KEY
rlAssertExists $PUB_KEY
rlPhaseEnd
rlPhaseStartTest "Test RSA-PSS padding mode"
set -o pipefail
rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -out $SIG -sign $PRIV_KEY $FILE" 0 "Sign the file"
rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -prverify $PRIV_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using the private key file"
rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -verify $PUB_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using public key file"
rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -prverify $PRIV_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using the private key file without specifying salt length"
rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -verify $PUB_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using public key file without specifying salt length"
set +o pipefail
rlRun "sed -i 's/sign/Sign/' $FILE" 0 "Modify signed file"
rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -verify $PUB_KEY -signature $SIG $FILE | grep 'Verification Failure'" 0 "Verify that the signature is no longer valid"
rlPhaseEnd
rlPhaseStartTest "Documentation check"
[ -e "$(rpm -ql openssl | grep dgst)"] && rlRun "man dgst | col -b | grep -- -sigopt" 0 "Check if -sigopt option is described in man page"
rlRun "openssl dgst -help 2>&1 | grep -- -sigopt" 0 "Check if -sigopt option is present in help message"
rlPhaseEnd
rlPhaseStartCleanup
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

View File

@ -1,15 +0,0 @@
---
# This first play always runs on the local staging system
- hosts: localhost
roles:
- role: standard-test-beakerlib
tags:
- classic
- container
tests:
- simple-rsapss-test
required_packages:
- findutils # beakerlib needs find command
- man # needed by simple-rsapss-test
- man-db # needed by simple-rsapss-test
- openssl # needed by simple-rsapss-test

View File

@ -1,18 +0,0 @@
---
- hosts: localhost
roles:
- role: standard-test-basic
tags:
- classic
repositories:
- repo: "https://src.fedoraproject.org/tests/python.git"
dest: "python"
tests:
- python_selftest:
dir: python/selftest
run: X="test_ssl test_asyncio test_hashlib test_ftplib test_httplib test_imaplib test_logging test_nntplib test_poplib test_urllib2_localnet test_urllib test_xmlrpc" ./parallel.sh
required_packages:
- gcc # for extension building in venv and selftest
- python3-tkinter # for selftest
- python3-test # for selftest
- python3-rpm-macros # for dynamic python version