From 9189f03055d4d55949fb897a1049b800327a312f Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 25 Jul 2018 18:15:19 +0200 Subject: [PATCH] update to the latest 1.1.1 beta version --- .gitignore | 1 + ec_curve.c | 23 +- ectest.c | 1272 ++++++------- openssl-1.1.0-algo-doc.patch | 48 - openssl-1.1.0-bio-fd-preserve-nl.patch | 29 - openssl-1.1.0-build.patch | 104 - openssl-1.1.0-cc-reqs.patch | 27 - openssl-1.1.0-chil-fixes.patch | 15 - openssl-1.1.0-disable-ssl3.patch | 85 - openssl-1.1.0-ec-curves.patch | 80 - openssl-1.1.0-manfix.patch | 51 - openssl-1.1.0-missing-quotes.patch | 15 - openssl-1.1.0-secure-getenv.patch | 139 -- openssl-1.1.0-silent-rnd-write.patch | 24 - openssl-1.1.0-version-add-engines.patch | 38 - openssl-1.1.1-build.patch | 40 + openssl-1.1.1-disable-ssl3.patch | 89 + openssl-1.1.1-ec-curves.patch | 94 + ...1.0-fips.patch => openssl-1.1.1-fips.patch | 1681 ++++++++--------- openssl-1.1.1-man-rename.patch | 37 + openssl-1.1.1-secure-getenv.patch | 173 ++ ...h => openssl-1.1.1-system-cipherlist.patch | 237 ++- openssl-1.1.1-version-add-engines.patch | 38 + openssl-1.1.1-version-override.patch | 14 + openssl.spec | 62 +- sources | 2 +- 26 files changed, 1997 insertions(+), 2421 deletions(-) delete mode 100644 openssl-1.1.0-algo-doc.patch delete mode 100644 openssl-1.1.0-bio-fd-preserve-nl.patch delete mode 100644 openssl-1.1.0-build.patch delete mode 100644 openssl-1.1.0-cc-reqs.patch delete mode 100644 openssl-1.1.0-chil-fixes.patch delete mode 100644 openssl-1.1.0-disable-ssl3.patch delete mode 100644 openssl-1.1.0-ec-curves.patch delete mode 100644 openssl-1.1.0-manfix.patch delete mode 100644 openssl-1.1.0-missing-quotes.patch delete mode 100644 openssl-1.1.0-secure-getenv.patch delete mode 100644 openssl-1.1.0-silent-rnd-write.patch delete mode 100644 openssl-1.1.0-version-add-engines.patch create mode 100644 openssl-1.1.1-build.patch create mode 100644 openssl-1.1.1-disable-ssl3.patch create mode 100644 openssl-1.1.1-ec-curves.patch rename openssl-1.1.0-fips.patch => openssl-1.1.1-fips.patch (89%) create mode 100644 openssl-1.1.1-man-rename.patch create mode 100644 openssl-1.1.1-secure-getenv.patch rename openssl-1.1.0-system-cipherlist.patch => openssl-1.1.1-system-cipherlist.patch (52%) create mode 100644 openssl-1.1.1-version-add-engines.patch create mode 100644 openssl-1.1.1-version-override.patch diff --git a/.gitignore b/.gitignore index c5509e6..8bacadc 100644 --- a/.gitignore +++ b/.gitignore @@ -38,3 +38,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-1.1.0f-hobbled.tar.xz /openssl-1.1.0g-hobbled.tar.xz /openssl-1.1.0h-hobbled.tar.xz +/openssl-1.1.1-pre8-hobbled.tar.xz diff --git a/ec_curve.c b/ec_curve.c index abee205..7303fe9 100644 --- a/ec_curve.c +++ b/ec_curve.c @@ -1,5 +1,6 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,26 +8,12 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * The elliptic curve binary polynomial software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. - * - */ - #include #include "ec_lcl.h" #include #include #include -#include "e_os.h" +#include "internal/nelem.h" typedef struct { int field_type, /* either NID_X9_62_prime_field or @@ -350,6 +337,8 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) } #endif + EC_GROUP_set_curve_name(group, curve.nid); + if ((P = EC_POINT_new(group)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; @@ -415,8 +404,6 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid) return NULL; } - EC_GROUP_set_curve_name(ret, nid); - return ret; } diff --git a/ectest.c b/ectest.c index de00680..c3ac7c6 100644 --- a/ectest.c +++ b/ectest.c @@ -1,5 +1,6 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,38 +8,10 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * The elliptic curve binary polynomial software is originally written by - * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. - * - */ - -#include -#include -#ifdef FLAT_INC -# include "e_os.h" -#else -# include "../e_os.h" -#endif -#include -#include - -#ifdef OPENSSL_NO_EC -int main(int argc, char *argv[]) -{ - puts("Elliptic curves are disabled."); - return 0; -} -#else +#include "internal/nelem.h" +#include "testutil.h" +#ifndef OPENSSL_NO_EC # include # ifndef OPENSSL_NO_ENGINE # include @@ -50,119 +23,80 @@ int main(int argc, char *argv[]) # include # include -# if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12) -/* suppress "too big too optimize" warning */ -# pragma warning(disable:4959) -# endif - -# define ABORT do { \ - fflush(stdout); \ - fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \ - ERR_print_errors_fp(stderr); \ - EXIT(1); \ -} while (0) - -# define TIMING_BASE_PT 0 -# define TIMING_RAND_PT 1 -# define TIMING_SIMUL 2 +static size_t crv_len = 0; +static EC_builtin_curve *curves = NULL; /* test multiplication with group order, long and negative scalars */ -static void group_order_tests(EC_GROUP *group) +static int group_order_tests(EC_GROUP *group) { - BIGNUM *n1, *n2, *order; - EC_POINT *P = EC_POINT_new(group); - EC_POINT *Q = EC_POINT_new(group); - EC_POINT *R = EC_POINT_new(group); - EC_POINT *S = EC_POINT_new(group); - BN_CTX *ctx = BN_CTX_new(); - int i; + BIGNUM *n1 = NULL, *n2 = NULL, *order = NULL; + EC_POINT *P = NULL, *Q = NULL, *R = NULL, *S = NULL; + BN_CTX *ctx = NULL; + int i = 0, r = 0; + + if (!TEST_ptr(n1 = BN_new()) + || !TEST_ptr(n2 = BN_new()) + || !TEST_ptr(order = BN_new()) + || !TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(P = EC_POINT_new(group)) + || !TEST_ptr(Q = EC_POINT_new(group)) + || !TEST_ptr(R = EC_POINT_new(group)) + || !TEST_ptr(S = EC_POINT_new(group))) + goto err; + + if (!TEST_true(EC_GROUP_get_order(group, order, ctx)) + || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, Q)) + || !TEST_true(EC_GROUP_precompute_mult(group, ctx)) + || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, Q))) + goto err; - n1 = BN_new(); - n2 = BN_new(); - order = BN_new(); - fprintf(stdout, "verify group order ..."); - fflush(stdout); - if (!EC_GROUP_get_order(group, order, ctx)) - ABORT; - if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) - ABORT; - fprintf(stdout, "."); - fflush(stdout); - if (!EC_GROUP_precompute_mult(group, ctx)) - ABORT; - if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) - ABORT; - fprintf(stdout, " ok\n"); - fprintf(stdout, "long/negative scalar tests "); for (i = 1; i <= 2; i++) { const BIGNUM *scalars[6]; const EC_POINT *points[6]; - fprintf(stdout, i == 1 ? - "allowing precomputation ... " : - "without precomputation ... "); - if (!BN_set_word(n1, i)) - ABORT; - /* - * If i == 1, P will be the predefined generator for which - * EC_GROUP_precompute_mult has set up precomputation. - */ - if (!EC_POINT_mul(group, P, n1, NULL, NULL, ctx)) - ABORT; + if (!TEST_true(BN_set_word(n1, i)) + /* + * If i == 1, P will be the predefined generator for which + * EC_GROUP_precompute_mult has set up precomputation. + */ + || !TEST_true(EC_POINT_mul(group, P, n1, NULL, NULL, ctx)) + || !TEST_true(BN_one(n1)) + /* n1 = 1 - order */ + || !TEST_true(BN_sub(n1, n1, order)) + || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n1, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) - if (!BN_one(n1)) - ABORT; - /* n1 = 1 - order */ - if (!BN_sub(n1, n1, order)) - ABORT; - if (!EC_POINT_mul(group, Q, NULL, P, n1, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, Q, P, ctx)) - ABORT; + /* n2 = 1 + order */ + || !TEST_true(BN_add(n2, order, BN_value_one())) + || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) - /* n2 = 1 + order */ - if (!BN_add(n2, order, BN_value_one())) - ABORT; - if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, Q, P, ctx)) - ABORT; - - /* n2 = (1 - order) * (1 + order) = 1 - order^2 */ - if (!BN_mul(n2, n1, n2, ctx)) - ABORT; - if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, Q, P, ctx)) - ABORT; + /* n2 = (1 - order) * (1 + order) = 1 - order^2 */ + || !TEST_true(BN_mul(n2, n1, n2, ctx)) + || !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))) + goto err; /* n2 = order^2 - 1 */ BN_set_negative(n2, 0); - if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) - ABORT; - /* Add P to verify the result. */ - if (!EC_POINT_add(group, Q, Q, P, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) - ABORT; + if (!TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + /* Add P to verify the result. */ + || !TEST_true(EC_POINT_add(group, Q, Q, P, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, Q)) - /* Exercise EC_POINTs_mul, including corner cases. */ - if (EC_POINT_is_at_infinity(group, P)) - ABORT; + /* Exercise EC_POINTs_mul, including corner cases. */ + || !TEST_false(EC_POINT_is_at_infinity(group, P))) + goto err; scalars[0] = scalars[1] = BN_value_one(); points[0] = points[1] = P; - if (!EC_POINTs_mul(group, R, NULL, 2, points, scalars, ctx)) - ABORT; - if (!EC_POINT_dbl(group, S, points[0], ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, R, S, ctx)) - ABORT; + if (!TEST_true(EC_POINTs_mul(group, R, NULL, 2, points, scalars, ctx)) + || !TEST_true(EC_POINT_dbl(group, S, points[0], ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, R, S, ctx))) + goto err; scalars[0] = n1; points[0] = Q; /* => infinity */ @@ -176,13 +110,16 @@ static void group_order_tests(EC_GROUP *group) points[4] = P; /* => P */ scalars[5] = n2; points[5] = Q; /* => infinity */ - if (!EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, P)) - ABORT; + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P))) + goto err; } - fprintf(stdout, "ok\n"); + r = 1; +err: + if (r == 0 && i != 0) + TEST_info(i == 1 ? "allowing precomputation" : + "without precomputation"); EC_POINT_free(P); EC_POINT_free(Q); EC_POINT_free(R); @@ -191,427 +128,306 @@ static void group_order_tests(EC_GROUP *group) BN_free(n2); BN_free(order); BN_CTX_free(ctx); + return r; } -static void prime_field_tests(void) +static int prime_field_tests(void) { BN_CTX *ctx = NULL; - BIGNUM *p, *a, *b; - EC_GROUP *group; - EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = - NULL, *P_384 = NULL, *P_521 = NULL; - EC_POINT *P, *Q, *R; - BIGNUM *x, *y, *z, *yplusone; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *scalar3 = NULL; + EC_GROUP *group = NULL, *tmp = NULL; + EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, + *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; + EC_POINT *P = NULL, *Q = NULL, *R = NULL; + BIGNUM *x = NULL, *y = NULL, *z = NULL, *yplusone = NULL; + const EC_POINT *points[4]; + const BIGNUM *scalars[4]; unsigned char buf[100]; - size_t i, len; + size_t len, r = 0; int k; - ctx = BN_CTX_new(); - if (!ctx) - ABORT; + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + /* + * applications should use EC_GROUP_new_curve_GFp so + * that the library gets to choose the EC_METHOD + */ + || !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method())) + || !TEST_ptr(tmp = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(tmp, group))) + goto err; + EC_GROUP_free(group); + group = tmp; + tmp = NULL; - p = BN_new(); - a = BN_new(); - b = BN_new(); - if (!p || !a || !b) - ABORT; - - group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use - * EC_GROUP_new_curve_GFp so - * that the library gets to - * choose the EC_METHOD */ - if (!group) - ABORT; - - P = EC_POINT_new(group); - Q = EC_POINT_new(group); - R = EC_POINT_new(group); - if (!P || !Q || !R) - ABORT; - - x = BN_new(); - y = BN_new(); - z = BN_new(); - yplusone = BN_new(); - if (x == NULL || y == NULL || z == NULL || yplusone == NULL) - ABORT; + buf[0] = 0; + if (!TEST_ptr(P = EC_POINT_new(group)) + || !TEST_ptr(Q = EC_POINT_new(group)) + || !TEST_ptr(R = EC_POINT_new(group)) + || !TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(z = BN_new()) + || !TEST_ptr(yplusone = BN_new())) + goto err; /* Curve P-224 (FIPS PUB 186-2, App. 6) */ - if (!BN_hex2bn - (&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) - ABORT; - if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) - ABORT; - if (!BN_hex2bn - (&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) - ABORT; - if (!BN_hex2bn - (&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) - ABORT; - if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) - ABORT; + if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFF000000000000000000000001")) + || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) + || !TEST_true(BN_hex2bn(&b, "B4050A850C04B3ABF5413256" + "5044B0B7D7BFD8BA270B39432355FFB4")) + || !TEST_true(EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + || !TEST_true(BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B9" + "4A03C1D356C21122343280D6115C1D21")) + || !TEST_true(EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, + ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF" + "FFFF16A2E0B8F03E13DD29455C5C2A3D")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))) + goto err; - if (!BN_hex2bn - (&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) - ABORT; - if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) - ABORT; - if (EC_POINT_is_on_curve(group, P, ctx) <= 0) - ABORT; - if (!BN_hex2bn - (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) - ABORT; - if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) - ABORT; - - if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) - ABORT; - fprintf(stdout, "\nNIST curve P-224 -- Generator:\n x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, "\n y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); + TEST_info("NIST curve P-224 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); /* G_y value taken from the standard: */ - if (!BN_hex2bn - (&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) - ABORT; - if (0 != BN_cmp(y, z)) - ABORT; - - if (!BN_add(yplusone, y, BN_value_one())) - ABORT; + if (!TEST_true(BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6" + "CD4375A05A07476444D5819985007E34")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) /* * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) - ABORT; - - fprintf(stdout, "verify degree ..."); - if (EC_GROUP_get_degree(group) != 224) - ABORT; - fprintf(stdout, " ok\n"); - - group_order_tests(group); - - if ((P_224 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) - ABORT; - if (!EC_GROUP_copy(P_224, group)) - ABORT; + || !TEST_false(EC_POINT_set_affine_coordinates_GFp(group, P, x, + yplusone, ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 224) + || !group_order_tests(group) + || !TEST_ptr(P_224 = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(P_224, group)) /* Curve P-256 (FIPS PUB 186-2, App. 6) */ - if (!BN_hex2bn - (&p, - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) - ABORT; - if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) - ABORT; - if (!BN_hex2bn - (&a, - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) - ABORT; - if (!BN_hex2bn - (&b, - "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) - ABORT; - if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) - ABORT; + || !TEST_true(BN_hex2bn(&p, "FFFFFFFF000000010000000000000000" + "00000000FFFFFFFFFFFFFFFFFFFFFFFF")) + || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFF000000010000000000000000" + "00000000FFFFFFFFFFFFFFFFFFFFFFFC")) + || !TEST_true(BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC" + "651D06B0CC53B0F63BCE3C3E27D2604B")) + || !TEST_true(EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) - if (!BN_hex2bn - (&x, - "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) - ABORT; - if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) - ABORT; - if (EC_POINT_is_on_curve(group, P, ctx) <= 0) - ABORT; - if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" - "84F3B9CAC2FC632551")) - ABORT; - if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) - ABORT; + || !TEST_true(BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F2" + "77037D812DEB33A0F4A13945D898C296")) + || !TEST_true(EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, + ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFF" + "BCE6FAADA7179E84F3B9CAC2FC632551")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))) + goto err; - if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) - ABORT; - fprintf(stdout, "\nNIST curve P-256 -- Generator:\n x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, "\n y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); + TEST_info("NIST curve P-256 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); /* G_y value taken from the standard: */ - if (!BN_hex2bn - (&z, - "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) - ABORT; - if (0 != BN_cmp(y, z)) - ABORT; - - if (!BN_add(yplusone, y, BN_value_one())) - ABORT; + if (!TEST_true(BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16" + "2BCE33576B315ECECBB6406837BF51F5")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) /* * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) - ABORT; - - fprintf(stdout, "verify degree ..."); - if (EC_GROUP_get_degree(group) != 256) - ABORT; - fprintf(stdout, " ok\n"); - - group_order_tests(group); - - if ((P_256 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) - ABORT; - if (!EC_GROUP_copy(P_256, group)) - ABORT; + || !TEST_false(EC_POINT_set_affine_coordinates_GFp(group, P, x, + yplusone, ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 256) + || !group_order_tests(group) + || !TEST_ptr(P_256 = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(P_256, group)) /* Curve P-384 (FIPS PUB 186-2, App. 6) */ - if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) - ABORT; - if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) - ABORT; - if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) - ABORT; - if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141" - "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) - ABORT; - if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) - ABORT; + || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" + "FFFFFFFF0000000000000000FFFFFFFF")) + || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" + "FFFFFFFF0000000000000000FFFFFFFC")) + || !TEST_true(BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19" + "181D9C6EFE8141120314088F5013875A" + "C656398D8A2ED19D2A85C8EDD3EC2AEF")) + || !TEST_true(EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) - if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B" - "9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) - ABORT; - if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) - ABORT; - if (EC_POINT_is_on_curve(group, P, ctx) <= 0) - ABORT; - if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) - ABORT; - if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) - ABORT; + || !TEST_true(BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD74" + "6E1D3B628BA79B9859F741E082542A38" + "5502F25DBF55296C3A545E3872760AB7")) + || !TEST_true(EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, + ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFC7634D81F4372DDF" + "581A0DB248B0A77AECEC196ACCC52973")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))) + goto err; - if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) - ABORT; - fprintf(stdout, "\nNIST curve P-384 -- Generator:\n x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, "\n y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); + TEST_info("NIST curve P-384 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); /* G_y value taken from the standard: */ - if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14" - "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) - ABORT; - if (0 != BN_cmp(y, z)) - ABORT; - - if (!BN_add(yplusone, y, BN_value_one())) - ABORT; + if (!TEST_true(BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29" + "F8F41DBD289A147CE9DA3113B5F0B8C0" + "0A60B1CE1D7E819D7A431D7C90EA0E5F")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) /* * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) - ABORT; - - fprintf(stdout, "verify degree ..."); - if (EC_GROUP_get_degree(group) != 384) - ABORT; - fprintf(stdout, " ok\n"); - - group_order_tests(group); - - if ((P_384 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) - ABORT; - if (!EC_GROUP_copy(P_384, group)) - ABORT; + || !TEST_false(EC_POINT_set_affine_coordinates_GFp(group, P, x, + yplusone, ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 384) + || !group_order_tests(group) + || !TEST_ptr(P_384 = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(P_384, group)) /* Curve P-521 (FIPS PUB 186-2, App. 6) */ + || !TEST_true(BN_hex2bn(&p, "1FF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")) + || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, "1FF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC")) + || !TEST_true(BN_hex2bn(&b, "051" + "953EB9618E1C9A1F929A21A0B68540EE" + "A2DA725B99B315F3B8B489918EF109E1" + "56193951EC7E937B1652C0BD3BB1BF07" + "3573DF883D2C34F1EF451FD46B503F00")) + || !TEST_true(EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + || !TEST_true(BN_hex2bn(&x, "C6" + "858E06B70404E9CD9E3ECB662395B442" + "9C648139053FB521F828AF606B4D3DBA" + "A14B5E77EFE75928FE1DC127A2FFA8DE" + "3348B3C1856A429BF97E7E31C2E5BD66")) + || !TEST_true(EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, + ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(BN_hex2bn(&z, "1FF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA" + "51868783BF2F966B7FCC0148F709A5D0" + "3BB5C9B8899C47AEBB6FB71E91386409")) + || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) + || !TEST_true(EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))) + goto err; - if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) - ABORT; - if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) - ABORT; - if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) - ABORT; - if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B" - "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573" - "DF883D2C34F1EF451FD46B503F00")) - ABORT; - if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) - ABORT; - - if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F" - "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B" - "3C1856A429BF97E7E31C2E5BD66")) - ABORT; - if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) - ABORT; - if (EC_POINT_is_on_curve(group, P, ctx) <= 0) - ABORT; - if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" - "C9B8899C47AEBB6FB71E91386409")) - ABORT; - if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) - ABORT; - - if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) - ABORT; - fprintf(stdout, "\nNIST curve P-521 -- Generator:\n x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, "\n y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); + TEST_info("NIST curve P-521 -- Generator"); + test_output_bignum("x", x); + test_output_bignum("y", y); /* G_y value taken from the standard: */ - if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579" - "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C" - "7086A272C24088BE94769FD16650")) - ABORT; - if (0 != BN_cmp(y, z)) - ABORT; - - if (!BN_add(yplusone, y, BN_value_one())) - ABORT; + if (!TEST_true(BN_hex2bn(&z, "118" + "39296A789A3BC0045C8A5FB42C7D1BD9" + "98F54449579B446817AFBD17273E662C" + "97EE72995EF42640C550B9013FAD0761" + "353C7086A272C24088BE94769FD16650")) + || !TEST_BN_eq(y, z) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) /* * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - if (EC_POINT_set_affine_coordinates_GFp(group, P, x, yplusone, ctx)) - ABORT; - - fprintf(stdout, "verify degree ..."); - if (EC_GROUP_get_degree(group) != 521) - ABORT; - fprintf(stdout, " ok\n"); - - group_order_tests(group); - - if ((P_521 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) - ABORT; - if (!EC_GROUP_copy(P_521, group)) - ABORT; + || !TEST_false(EC_POINT_set_affine_coordinates_GFp(group, P, x, + yplusone, ctx)) + || !TEST_int_eq(EC_GROUP_get_degree(group), 521) + || !group_order_tests(group) + || !TEST_ptr(P_521 = EC_GROUP_new(EC_GROUP_method_of(group))) + || !TEST_true(EC_GROUP_copy(P_521, group)) /* more tests using the last curve */ /* Restore the point that got mangled in the (x, y + 1) test. */ - if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) - ABORT; + || !TEST_true(EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) + || !TEST_true(EC_POINT_copy(Q, P)) + || !TEST_false(EC_POINT_is_at_infinity(group, Q)) + || !TEST_true(EC_POINT_dbl(group, P, P, ctx)) + || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) + || !TEST_true(EC_POINT_invert(group, Q, ctx)) /* P = -2Q */ + || !TEST_true(EC_POINT_add(group, R, P, Q, ctx)) + || !TEST_true(EC_POINT_add(group, R, R, Q, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */ + || !TEST_false(EC_POINT_is_at_infinity(group, Q))) + goto err; + points[0] = Q; + points[1] = Q; + points[2] = Q; + points[3] = Q; - if (!EC_POINT_copy(Q, P)) - ABORT; - if (EC_POINT_is_at_infinity(group, Q)) - ABORT; - if (!EC_POINT_dbl(group, P, P, ctx)) - ABORT; - if (EC_POINT_is_on_curve(group, P, ctx) <= 0) - ABORT; - if (!EC_POINT_invert(group, Q, ctx)) - ABORT; /* P = -2Q */ + if (!TEST_true(EC_GROUP_get_order(group, z, ctx)) + || !TEST_true(BN_add(y, z, BN_value_one())) + || !TEST_BN_even(y) + || !TEST_true(BN_rshift1(y, y))) + goto err; + scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ + scalars[1] = y; - if (!EC_POINT_add(group, R, P, Q, ctx)) - ABORT; - if (!EC_POINT_add(group, R, R, Q, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, R)) - ABORT; /* R = P + 2Q */ + TEST_note("combined multiplication ..."); - { - const EC_POINT *points[4]; - const BIGNUM *scalars[4]; - BIGNUM *scalar3; + /* z is still the group order */ + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + || !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx)) + || !TEST_true(BN_rand(y, BN_num_bits(y), 0, 0)) + || !TEST_true(BN_add(z, z, y))) + goto err; + BN_set_negative(z, 1); + scalars[0] = y; + scalars[1] = z; /* z = -(order + y) */ - if (EC_POINT_is_at_infinity(group, Q)) - ABORT; - points[0] = Q; - points[1] = Q; - points[2] = Q; - points[3] = Q; + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P)) + || !TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0)) + || !TEST_true(BN_add(z, x, y))) + goto err; + BN_set_negative(z, 1); + scalars[0] = x; + scalars[1] = y; + scalars[2] = z; /* z = -(x+y) */ - if (!EC_GROUP_get_order(group, z, ctx)) - ABORT; - if (!BN_add(y, z, BN_value_one())) - ABORT; - if (BN_is_odd(y)) - ABORT; - if (!BN_rshift1(y, y)) - ABORT; - scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ - scalars[1] = y; + if (!TEST_ptr(scalar3 = BN_new())) + goto err; + BN_zero(scalar3); + scalars[3] = scalar3; - fprintf(stdout, "combined multiplication ..."); - fflush(stdout); + if (!TEST_true(EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) + || !TEST_true(EC_POINT_is_at_infinity(group, P))) + goto err; - /* z is still the group order */ - if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) - ABORT; - if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, P, R, ctx)) - ABORT; - if (0 != EC_POINT_cmp(group, R, Q, ctx)) - ABORT; + TEST_note(" ok\n"); - fprintf(stdout, "."); - fflush(stdout); - - if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) - ABORT; - if (!BN_add(z, z, y)) - ABORT; - BN_set_negative(z, 1); - scalars[0] = y; - scalars[1] = z; /* z = -(order + y) */ - - if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, P)) - ABORT; - - fprintf(stdout, "."); - fflush(stdout); - - if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) - ABORT; - if (!BN_add(z, x, y)) - ABORT; - BN_set_negative(z, 1); - scalars[0] = x; - scalars[1] = y; - scalars[2] = z; /* z = -(x+y) */ - - scalar3 = BN_new(); - if (!scalar3) - ABORT; - BN_zero(scalar3); - scalars[3] = scalar3; - - if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) - ABORT; - if (!EC_POINT_is_at_infinity(group, P)) - ABORT; - - fprintf(stdout, " ok\n\n"); - - BN_free(scalar3); - } + r = 1; +err: BN_CTX_free(ctx); BN_free(p); BN_free(a); BN_free(b); EC_GROUP_free(group); + EC_GROUP_free(tmp); EC_POINT_free(P); EC_POINT_free(Q); EC_POINT_free(R); @@ -619,82 +435,46 @@ static void prime_field_tests(void) BN_free(y); BN_free(z); BN_free(yplusone); + BN_free(scalar3); EC_GROUP_free(P_224); EC_GROUP_free(P_256); EC_GROUP_free(P_384); EC_GROUP_free(P_521); - + return r; } -static void internal_curve_test(void) +static int internal_curve_test(int n) { - EC_builtin_curve *curves = NULL; - size_t crv_len = 0, n = 0; - int ok = 1; + EC_GROUP *group = NULL; + int nid = curves[n].nid; - crv_len = EC_get_builtin_curves(NULL, 0); - curves = OPENSSL_malloc(sizeof(*curves) * crv_len); - if (curves == NULL) - return; - - if (!EC_get_builtin_curves(curves, crv_len)) { - OPENSSL_free(curves); - return; + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) { + TEST_info("EC_GROUP_new_curve_name() failed with curve %s\n", + OBJ_nid2sn(nid)); + return 0; } - - fprintf(stdout, "testing internal curves: "); - - for (n = 0; n < crv_len; n++) { - EC_GROUP *group = NULL; - int nid = curves[n].nid; - if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) { - ok = 0; - fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with" - " curve %s\n", OBJ_nid2sn(nid)); - /* try next curve */ - continue; - } - if (!EC_GROUP_check(group, NULL)) { - ok = 0; - fprintf(stdout, "\nEC_GROUP_check() failed with" - " curve %s\n", OBJ_nid2sn(nid)); - EC_GROUP_free(group); - /* try the next curve */ - continue; - } - fprintf(stdout, "."); - fflush(stdout); + if (!TEST_true(EC_GROUP_check(group, NULL))) { + TEST_info("EC_GROUP_check() failed with curve %s\n", OBJ_nid2sn(nid)); EC_GROUP_free(group); + return 0; } - if (ok) - fprintf(stdout, " ok\n\n"); - else { - fprintf(stdout, " failed\n\n"); - ABORT; - } + EC_GROUP_free(group); + return 1; +} - /* Test all built-in curves and let the library choose the EC_METHOD */ - for (n = 0; n < crv_len; n++) { - EC_GROUP *group = NULL; - int nid = curves[n].nid; - /* - * Skip for X25519 because low level operations such as EC_POINT_mul() - * are not supported for this curve - */ - if (nid == NID_X25519) - continue; - fprintf(stdout, "%s:\n", OBJ_nid2sn(nid)); - fflush(stdout); - if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) { - ABORT; - } - group_order_tests(group); - EC_GROUP_free(group); - } +static int internal_curve_test_method(int n) +{ + int r, nid = curves[n].nid; + EC_GROUP *group; - OPENSSL_free(curves); - return; + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) { + TEST_info("Curve %s failed\n", OBJ_nid2sn(nid)); + return 0; + } + r = group_order_tests(group); + EC_GROUP_free(group); + return r; } # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 @@ -714,6 +494,29 @@ struct nistp_test_params { }; static const struct nistp_test_params nistp_tests_params[] = { + { + /* P-224 */ + EC_GFp_nistp224_method, + 224, + /* p */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", + /* a */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", + /* b */ + "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", + /* Qx */ + "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E", + /* Qy */ + "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555", + /* Gx */ + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", + /* Gy */ + "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", + /* order */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", + /* d */ + "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", + }, { /* P-256 */ EC_GFp_nistp256_method, @@ -742,160 +545,165 @@ static const struct nistp_test_params nistp_tests_params[] = { EC_GFp_nistp521_method, 521, /* p */ - "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "1ff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", /* a */ - "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", + "1ff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", /* b */ - "051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", + "051" + "953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e1" + "56193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", /* Qx */ - "0098e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", + "0098" + "e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e" + "59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", /* Qy */ - "0164350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", + "0164" + "350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8" + "554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", /* Gx */ - "c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", + "c6" + "858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dba" + "a14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", /* Gy */ - "11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", + "118" + "39296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c" + "97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", /* order */ - "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", + "1ff" + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa" + "51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", /* d */ - "0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", + "0100" + "085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eee" + "df09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", }, }; -static void nistp_single_test(const struct nistp_test_params *test) +static int nistp_single_test(int idx) { - BN_CTX *ctx; - BIGNUM *p, *a, *b, *x, *y, *n, *m, *order, *yplusone; - EC_GROUP *NISTP; - EC_POINT *G, *P, *Q, *Q_CHECK; + const struct nistp_test_params *test = nistp_tests_params + idx; + BN_CTX *ctx = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL; + BIGNUM *n = NULL, *m = NULL, *order = NULL, *yplusone = NULL; + EC_GROUP *NISTP = NULL; + EC_POINT *G = NULL, *P = NULL, *Q = NULL, *Q_CHECK = NULL; + int r = 0; - fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n", - test->degree); - ctx = BN_CTX_new(); - p = BN_new(); - a = BN_new(); - b = BN_new(); - x = BN_new(); - y = BN_new(); - m = BN_new(); - n = BN_new(); - order = BN_new(); - yplusone = BN_new(); + TEST_note("NIST curve P-%d (optimised implementation):", + test->degree); + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(a = BN_new()) + || !TEST_ptr(b = BN_new()) + || !TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(m = BN_new()) + || !TEST_ptr(n = BN_new()) + || !TEST_ptr(order = BN_new()) + || !TEST_ptr(yplusone = BN_new()) - NISTP = EC_GROUP_new(test->meth()); - if (!NISTP) - ABORT; - if (!BN_hex2bn(&p, test->p)) - ABORT; - if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) - ABORT; - if (!BN_hex2bn(&a, test->a)) - ABORT; - if (!BN_hex2bn(&b, test->b)) - ABORT; - if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx)) - ABORT; - G = EC_POINT_new(NISTP); - P = EC_POINT_new(NISTP); - Q = EC_POINT_new(NISTP); - Q_CHECK = EC_POINT_new(NISTP); - if (!BN_hex2bn(&x, test->Qx)) - ABORT; - if (!BN_hex2bn(&y, test->Qy)) - ABORT; - if (!BN_add(yplusone, y, BN_value_one())) - ABORT; + || !TEST_ptr(NISTP = EC_GROUP_new(test->meth())) + || !TEST_true(BN_hex2bn(&p, test->p)) + || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + || !TEST_true(BN_hex2bn(&a, test->a)) + || !TEST_true(BN_hex2bn(&b, test->b)) + || !TEST_true(EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx)) + || !TEST_ptr(G = EC_POINT_new(NISTP)) + || !TEST_ptr(P = EC_POINT_new(NISTP)) + || !TEST_ptr(Q = EC_POINT_new(NISTP)) + || !TEST_ptr(Q_CHECK = EC_POINT_new(NISTP)) + || !TEST_true(BN_hex2bn(&x, test->Qx)) + || !TEST_true(BN_hex2bn(&y, test->Qy)) + || !TEST_true(BN_add(yplusone, y, BN_value_one())) /* * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - if (EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, yplusone, ctx)) - ABORT; - if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx)) - ABORT; - if (!BN_hex2bn(&x, test->Gx)) - ABORT; - if (!BN_hex2bn(&y, test->Gy)) - ABORT; - if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx)) - ABORT; - if (!BN_hex2bn(&order, test->order)) - ABORT; - if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) - ABORT; + || !TEST_false(EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, + yplusone, ctx)) + || !TEST_true(EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, + ctx)) + || !TEST_true(BN_hex2bn(&x, test->Gx)) + || !TEST_true(BN_hex2bn(&y, test->Gy)) + || !TEST_true(EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx)) + || !TEST_true(BN_hex2bn(&order, test->order)) + || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) + || !TEST_int_eq(EC_GROUP_get_degree(NISTP), test->degree)) + goto err; - fprintf(stdout, "verify degree ... "); - if (EC_GROUP_get_degree(NISTP) != test->degree) - ABORT; - fprintf(stdout, "ok\n"); - - fprintf(stdout, "NIST test vectors ... "); - if (!BN_hex2bn(&n, test->d)) - ABORT; + TEST_note("NIST test vectors ... "); + if (!TEST_true(BN_hex2bn(&n, test->d))) + goto err; /* fixed point multiplication */ EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); - if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - ABORT; + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; /* random point multiplication */ EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); - if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - ABORT; + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - /* set generator to P = 2*G, where G is the standard generator */ - if (!EC_POINT_dbl(NISTP, P, G, ctx)) - ABORT; - if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) - ABORT; - /* set the scalar to m=n/2, where n is the NIST test scalar */ - if (!BN_rshift(m, n, 1)) - ABORT; + /* set generator to P = 2*G, where G is the standard generator */ + || !TEST_true(EC_POINT_dbl(NISTP, P, G, ctx)) + || !TEST_true(EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) + /* set the scalar to m=n/2, where n is the NIST test scalar */ + || !TEST_true(BN_rshift(m, n, 1))) + goto err; /* test the non-standard generator */ /* fixed point multiplication */ EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); - if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - ABORT; + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; /* random point multiplication */ EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); - if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - ABORT; + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) /* * We have not performed precomputation so have_precompute mult should be * false */ - if (EC_GROUP_have_precompute_mult(NISTP)) - ABORT; + || !TEST_false(EC_GROUP_have_precompute_mult(NISTP)) /* now repeat all tests with precomputation */ - if (!EC_GROUP_precompute_mult(NISTP, ctx)) - ABORT; - if (!EC_GROUP_have_precompute_mult(NISTP)) - ABORT; + || !TEST_true(EC_GROUP_precompute_mult(NISTP, ctx)) + || !TEST_true(EC_GROUP_have_precompute_mult(NISTP))) + goto err; /* fixed point multiplication */ EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); - if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - ABORT; + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; /* random point multiplication */ EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); - if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - ABORT; + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) /* reset generator */ - if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) - ABORT; + || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))) + goto err; /* fixed point multiplication */ EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); - if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - ABORT; + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; /* random point multiplication */ EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); - if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) - ABORT; + if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) + goto err; - fprintf(stdout, "ok\n"); - group_order_tests(NISTP); + /* regression test for felem_neg bug */ + if (!TEST_true(BN_set_word(m, 32)) + || !TEST_true(BN_set_word(n, 31)) + || !TEST_true(EC_POINT_copy(P, G)) + || !TEST_true(EC_POINT_invert(NISTP, P, ctx)) + || !TEST_true(EC_POINT_mul(NISTP, Q, m, P, n, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, G, ctx))) + goto err; + + r = group_order_tests(NISTP); +err: EC_GROUP_free(NISTP); EC_POINT_free(G); EC_POINT_free(P); @@ -911,77 +719,125 @@ static void nistp_single_test(const struct nistp_test_params *test) BN_free(order); BN_free(yplusone); BN_CTX_free(ctx); -} - -static void nistp_tests() -{ - unsigned i; - - for (i = 0; i < OSSL_NELEM(nistp_tests_params); i++) { - nistp_single_test(&nistp_tests_params[i]); - } + return r; } # endif -static void parameter_test(void) +static const unsigned char p521_named[] = { + 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, +}; + +static const unsigned char p521_explicit[] = { + 0x30, 0x82, 0x01, 0xc3, 0x02, 0x01, 0x01, 0x30, 0x4d, 0x06, 0x07, 0x2a, + 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x30, 0x81, 0x9f, 0x04, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xfc, 0x04, 0x42, 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, 0x9a, + 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, 0x40, 0xee, 0xa2, 0xda, 0x72, + 0x5b, 0x99, 0xb3, 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1, 0x09, + 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, 0x93, 0x7b, 0x16, 0x52, 0xc0, + 0xbd, 0x3b, 0xb1, 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, 0x34, + 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50, 0x3f, 0x00, 0x03, 0x15, 0x00, + 0xd0, 0x9e, 0x88, 0x00, 0x29, 0x1c, 0xb8, 0x53, 0x96, 0xcc, 0x67, 0x17, + 0x39, 0x32, 0x84, 0xaa, 0xa0, 0xda, 0x64, 0xba, 0x04, 0x81, 0x85, 0x04, + 0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, 0xe9, 0xcd, 0x9e, 0x3e, + 0xcb, 0x66, 0x23, 0x95, 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f, + 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d, 0x3d, 0xba, 0xa1, 0x4b, + 0x5e, 0x77, 0xef, 0xe7, 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff, + 0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, 0x42, 0x9b, 0xf9, 0x7e, + 0x7e, 0x31, 0xc2, 0xe5, 0xbd, 0x66, 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, + 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, + 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, + 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, + 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, + 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, + 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfa, + 0x51, 0x86, 0x87, 0x83, 0xbf, 0x2f, 0x96, 0x6b, 0x7f, 0xcc, 0x01, 0x48, + 0xf7, 0x09, 0xa5, 0xd0, 0x3b, 0xb5, 0xc9, 0xb8, 0x89, 0x9c, 0x47, 0xae, + 0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01, +}; + +static int parameter_test(void) { - EC_GROUP *group, *group2; - ECPARAMETERS *ecparameters; + EC_GROUP *group = NULL, *group2 = NULL; + ECPARAMETERS *ecparameters = NULL; + unsigned char *buf = NULL; + int r = 0, len; - fprintf(stderr, "\ntesting ecparameters conversion ..."); + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp384r1)) + || !TEST_ptr(ecparameters = EC_GROUP_get_ecparameters(group, NULL)) + || !TEST_ptr(group2 = EC_GROUP_new_from_ecparameters(ecparameters)) + || !TEST_int_eq(EC_GROUP_cmp(group, group2, NULL), 0)) + goto err; - group = EC_GROUP_new_by_curve_name(NID_secp384r1); - if (!group) - ABORT; + EC_GROUP_free(group); + group = NULL; - ecparameters = EC_GROUP_get_ecparameters(group, NULL); - if (!ecparameters) - ABORT; - group2 = EC_GROUP_new_from_ecparameters(ecparameters); - if (!group2) - ABORT; - if (EC_GROUP_cmp(group, group2, NULL)) - ABORT; + /* Test the named curve encoding, which should be default. */ + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp521r1)) + || !TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0) + || !TEST_mem_eq(buf, len, p521_named, sizeof(p521_named))) + goto err; - fprintf(stderr, " ok\n"); + OPENSSL_free(buf); + buf = NULL; + /* + * Test the explicit encoding. P-521 requires correctly zero-padding the + * curve coefficients. + */ + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); + if (!TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0) + || !TEST_mem_eq(buf, len, p521_explicit, sizeof(p521_explicit))) + goto err; + + r = 1; +err: EC_GROUP_free(group); EC_GROUP_free(group2); ECPARAMETERS_free(ecparameters); + OPENSSL_free(buf); + return r; } +#endif -static const char rnd_seed[] = - "string to make the random number generator think it has entropy"; - -int main(int argc, char *argv[]) +int setup_tests(void) { - char *p; +#ifndef OPENSSL_NO_EC + crv_len = EC_get_builtin_curves(NULL, 0); + if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len)) + || !TEST_true(EC_get_builtin_curves(curves, crv_len))) + return 0; - p = getenv("OPENSSL_DEBUG_MEMORY"); - if (p != NULL && strcmp(p, "on") == 0) - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */ - - prime_field_tests(); - puts(""); + ADD_TEST(parameter_test); + ADD_TEST(prime_field_tests); # ifndef OPENSSL_NO_EC2M - char2_field_tests(); + ADD_TEST(char2_field_tests); + ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests)); # endif # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 - nistp_tests(); + ADD_ALL_TESTS(nistp_single_test, OSSL_NELEM(nistp_tests_params)); # endif - /* test the internal curves */ - internal_curve_test(); - - parameter_test(); - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks_fp(stderr) <= 0) - return 1; + ADD_ALL_TESTS(internal_curve_test, crv_len); + ADD_ALL_TESTS(internal_curve_test_method, crv_len); #endif - - return 0; + return 1; } + +void cleanup_tests(void) +{ +#ifndef OPENSSL_NO_EC + OPENSSL_free(curves); #endif +} diff --git a/openssl-1.1.0-algo-doc.patch b/openssl-1.1.0-algo-doc.patch deleted file mode 100644 index 460d2c2..0000000 --- a/openssl-1.1.0-algo-doc.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -up openssl-1.1.0d/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.1.0d/doc/crypto/EVP_DigestInit.pod ---- openssl-1.1.0d/doc/crypto/EVP_DigestInit.pod.algo-doc 2017-01-26 15:49:18.784947229 +0100 -+++ openssl-1.1.0d/doc/crypto/EVP_DigestInit.pod 2017-01-26 15:52:46.458556068 +0100 -@@ -152,7 +152,7 @@ corresponding OBJECT IDENTIFIER or NID_u - EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and - EVP_MD_CTX_block_size() return the digest or block size in bytes. - --EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), -+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), - EVP_mdc2(), EVP_ripemd160(), EVP_blake2b512(), and EVP_blake2s256() return - pointers to the corresponding EVP_MD structures. - -diff -up openssl-1.1.0d/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.1.0d/doc/crypto/EVP_EncryptInit.pod ---- openssl-1.1.0d/doc/crypto/EVP_EncryptInit.pod.algo-doc 2017-01-26 14:10:24.000000000 +0100 -+++ openssl-1.1.0d/doc/crypto/EVP_EncryptInit.pod 2017-01-26 15:49:18.784947229 +0100 -@@ -108,6 +108,32 @@ EVP_chacha20, EVP_chacha20_poly1305 - EV - int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - -+ const EVP_CIPHER *EVP_des_ede3(void); -+ const EVP_CIPHER *EVP_des_ede3_ecb(void); -+ const EVP_CIPHER *EVP_des_ede3_cfb64(void); -+ const EVP_CIPHER *EVP_des_ede3_cfb1(void); -+ const EVP_CIPHER *EVP_des_ede3_cfb8(void); -+ const EVP_CIPHER *EVP_des_ede3_ofb(void); -+ const EVP_CIPHER *EVP_des_ede3_cbc(void); -+ const EVP_CIPHER *EVP_aes_128_ecb(void); -+ const EVP_CIPHER *EVP_aes_128_cbc(void); -+ const EVP_CIPHER *EVP_aes_128_cfb1(void); -+ const EVP_CIPHER *EVP_aes_128_cfb8(void); -+ const EVP_CIPHER *EVP_aes_128_cfb128(void); -+ const EVP_CIPHER *EVP_aes_128_ofb(void); -+ const EVP_CIPHER *EVP_aes_192_ecb(void); -+ const EVP_CIPHER *EVP_aes_192_cbc(void); -+ const EVP_CIPHER *EVP_aes_192_cfb1(void); -+ const EVP_CIPHER *EVP_aes_192_cfb8(void); -+ const EVP_CIPHER *EVP_aes_192_cfb128(void); -+ const EVP_CIPHER *EVP_aes_192_ofb(void); -+ const EVP_CIPHER *EVP_aes_256_ecb(void); -+ const EVP_CIPHER *EVP_aes_256_cbc(void); -+ const EVP_CIPHER *EVP_aes_256_cfb1(void); -+ const EVP_CIPHER *EVP_aes_256_cfb8(void); -+ const EVP_CIPHER *EVP_aes_256_cfb128(void); -+ const EVP_CIPHER *EVP_aes_256_ofb(void); -+ - =head1 DESCRIPTION - - The EVP cipher routines are a high level interface to certain diff --git a/openssl-1.1.0-bio-fd-preserve-nl.patch b/openssl-1.1.0-bio-fd-preserve-nl.patch deleted file mode 100644 index 0050115..0000000 --- a/openssl-1.1.0-bio-fd-preserve-nl.patch +++ /dev/null @@ -1,29 +0,0 @@ -diff -up openssl-1.1.0c/crypto/bio/bss_fd.c.preserve-nl openssl-1.1.0c/crypto/bio/bss_fd.c ---- openssl-1.1.0c/crypto/bio/bss_fd.c.preserve-nl 2016-11-10 15:03:44.000000000 +0100 -+++ openssl-1.1.0c/crypto/bio/bss_fd.c 2016-12-22 14:36:16.730740423 +0100 -@@ -202,8 +202,10 @@ static int fd_gets(BIO *bp, char *buf, i - char *ptr = buf; - char *end = buf + size - 1; - -- while ((ptr < end) && (fd_read(bp, ptr, 1) > 0) && (ptr[0] != '\n')) -- ptr++; -+ while (ptr < end && fd_read(bp, ptr, 1) > 0) { -+ if (*ptr++ == '\n') -+ break; -+ } - - ptr[0] = '\0'; - -diff -up openssl-1.1.0c/doc/crypto/BIO_read.pod.preserve-nl openssl-1.1.0c/doc/crypto/BIO_read.pod ---- openssl-1.1.0c/doc/crypto/BIO_read.pod.preserve-nl 2016-11-10 15:03:45.000000000 +0100 -+++ openssl-1.1.0c/doc/crypto/BIO_read.pod 2016-12-22 14:37:22.731245197 +0100 -@@ -23,7 +23,8 @@ in B. Usually this operation will a - from the BIO of maximum length B. There are exceptions to this, - however; for example, BIO_gets() on a digest BIO will calculate and - return the digest and other BIOs may not support BIO_gets() at all. --The returned string is always NUL-terminated. -+The returned string is always NUL-terminated and the '\n' is preserved -+if present in the input data. - - BIO_write() attempts to write B bytes from B to BIO B. - diff --git a/openssl-1.1.0-build.patch b/openssl-1.1.0-build.patch deleted file mode 100644 index 7565642..0000000 --- a/openssl-1.1.0-build.patch +++ /dev/null @@ -1,104 +0,0 @@ -diff -up openssl-1.1.0f/Configurations/unix-Makefile.tmpl.build openssl-1.1.0f/Configurations/unix-Makefile.tmpl ---- openssl-1.1.0f/Configurations/unix-Makefile.tmpl.build 2017-06-02 13:51:39.621289504 +0200 -+++ openssl-1.1.0f/Configurations/unix-Makefile.tmpl 2017-06-02 13:54:45.298654812 +0200 -@@ -553,7 +553,7 @@ uninstall_runtime: - install_man_docs: - @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @echo "*** Installing manpages" -- $(PERL) $(SRCDIR)/util/process_docs.pl \ -+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ - --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) - - uninstall_man_docs: -@@ -565,7 +565,7 @@ uninstall_man_docs: - install_html_docs: - @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @echo "*** Installing HTML manpages" -- $(PERL) $(SRCDIR)/util/process_docs.pl \ -+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ - --destdir=$(DESTDIR)$(HTMLDIR) --type=html - - uninstall_html_docs: -diff -up openssl-1.1.0f/Configurations/10-main.conf.build openssl-1.1.0f/Configurations/10-main.conf ---- openssl-1.1.0f/Configurations/10-main.conf.build 2017-05-25 14:46:17.000000000 +0200 -+++ openssl-1.1.0f/Configurations/10-main.conf 2017-06-02 13:51:39.622289528 +0200 -@@ -662,6 +662,7 @@ sub vms_info { - cflags => add("-m64 -DL_ENDIAN"), - perlasm_scheme => "linux64le", - shared_ldflag => add("-m64"), -+ multilib => "64", - }, - - "linux-armv4" => { -@@ -702,6 +703,7 @@ sub vms_info { - "linux-aarch64" => { - inherit_from => [ "linux-generic64", asm("aarch64_asm") ], - perlasm_scheme => "linux64", -+ multilib => "64", - }, - "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 - inherit_from => [ "linux-generic32", asm("aarch64_asm") ], -diff -up openssl-1.1.0h/engines/afalg/e_afalg.c.build openssl-1.1.0h/engines/afalg/e_afalg.c ---- openssl-1.1.0h/engines/afalg/e_afalg.c.build 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/engines/afalg/e_afalg.c 2018-06-19 16:56:20.150950529 +0200 -@@ -36,14 +36,25 @@ void engine_load_afalg_int(void) - } - #else - --# include - # include - # include - --# include - # include - # include - -+# define timespec linux_timespec -+# define timeval linux_timeval -+# define itimerspec linux_itimerspec -+# define sigset_t linux_sigset_type -+# include -+# include -+ -+# ifndef _LINUX_TIME_H -+# undef timespec -+# undef timeval -+# undef itimerspec -+# undef sigset_t -+# endif - # include "e_afalg.h" - - # define AFALG_LIB_NAME "AFALG" -diff -up openssl-1.1.0g/test/evptests.txt.build openssl-1.1.0g/test/evptests.txt ---- openssl-1.1.0g/test/evptests.txt.build 2017-11-02 15:29:05.000000000 +0100 -+++ openssl-1.1.0g/test/evptests.txt 2017-11-03 16:37:01.253671494 +0100 -@@ -3707,14 +3707,6 @@ MCowBQYDK2VuAyEA3p7bfXt9wbTTW2HC7OQ1Nz+D - - PrivPubKeyPair = Bob-25519:Bob-25519-PUBLIC - --Derive=Alice-25519 --PeerKey=Bob-25519-PUBLIC --SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 -- --Derive=Bob-25519 --PeerKey=Alice-25519-PUBLIC --SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 -- - # Illegal sign/verify operations with X25519 key - - Sign=Alice-25519 -@@ -3727,6 +3719,14 @@ Result = KEYOP_INIT_ERROR - Function = EVP_PKEY_verify_init - Reason = operation not supported for this keytype - -+Derive=Alice-25519 -+PeerKey=Bob-25519-PUBLIC -+SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 -+ -+Derive=Bob-25519 -+PeerKey=Alice-25519-PUBLIC -+SharedSecret=4A5D9D5BA4CE2DE1728E3BF480350F25E07E21C947D19E3376F09B3C1E161742 -+ - ## ECDH Tests: test with randomly generated keys for all the listed curves - - diff --git a/openssl-1.1.0-cc-reqs.patch b/openssl-1.1.0-cc-reqs.patch deleted file mode 100644 index 05e0edd..0000000 --- a/openssl-1.1.0-cc-reqs.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -up openssl-1.1.0h/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0h/crypto/rsa/rsa_gen.c ---- openssl-1.1.0h/crypto/rsa/rsa_gen.c.cc-reqs 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/rsa/rsa_gen.c 2018-03-29 14:37:53.405048562 +0200 -@@ -86,6 +86,12 @@ static int rsa_builtin_keygen(RSA *rsa, - if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL)) - goto err; - -+ /* prepare minimum p and q difference */ -+ if (!BN_one(r3)) -+ goto err; -+ if (bitsp > 100 && !BN_lshift(r3, r3, bitsp - 100)) -+ goto err; -+ - if (BN_copy(rsa->e, e_value) == NULL) - goto err; - -@@ -118,7 +124,9 @@ static int rsa_builtin_keygen(RSA *rsa, - do { - if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) - goto err; -- } while (BN_cmp(rsa->p, rsa->q) == 0); -+ if (!BN_sub(r2, rsa->q, rsa->p)) -+ goto err; -+ } while (BN_ucmp(r2, r3) <= 0); - if (!BN_sub(r2, rsa->q, BN_value_one())) - goto err; - ERR_set_mark(); diff --git a/openssl-1.1.0-chil-fixes.patch b/openssl-1.1.0-chil-fixes.patch deleted file mode 100644 index 363d05f..0000000 --- a/openssl-1.1.0-chil-fixes.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up openssl-1.1.0-pre6/engines/e_chil.c.chil openssl-1.1.0-pre6/engines/e_chil.c ---- openssl-1.1.0-pre6/engines/e_chil.c.chil 2016-08-04 16:00:47.000000000 +0200 -+++ openssl-1.1.0-pre6/engines/e_chil.c 2016-08-05 16:50:13.860588775 +0200 -@@ -1195,6 +1195,11 @@ static int hwcrhk_insert_card(const char - UI *ui; - void *callback_data = NULL; - UI_METHOD *ui_method = NULL; -+ /* Despite what the documentation says prompt_info can be -+ * an empty string. -+ */ -+ if (prompt_info && !*prompt_info) -+ prompt_info = NULL; - - if (cactx) { - if (cactx->ui_method) diff --git a/openssl-1.1.0-disable-ssl3.patch b/openssl-1.1.0-disable-ssl3.patch deleted file mode 100644 index 8dd6aa2..0000000 --- a/openssl-1.1.0-disable-ssl3.patch +++ /dev/null @@ -1,85 +0,0 @@ -diff -up openssl-1.1.0h/apps/s_client.c.disable-ssl3 openssl-1.1.0h/apps/s_client.c ---- openssl-1.1.0h/apps/s_client.c.disable-ssl3 2018-03-29 14:38:39.612133765 +0200 -+++ openssl-1.1.0h/apps/s_client.c 2018-03-29 14:41:51.309635904 +0200 -@@ -1489,6 +1489,9 @@ int s_client_main(int argc, char **argv) - if (!config_ctx(cctx, ssl_args, ctx)) - goto end; - -+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION) -+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); -+ - if (ssl_config) { - if (SSL_CTX_config(ctx, ssl_config) == 0) { - BIO_printf(bio_err, "Error using configuration \"%s\"\n", -diff -up openssl-1.1.0h/apps/s_server.c.disable-ssl3 openssl-1.1.0h/apps/s_server.c ---- openssl-1.1.0h/apps/s_server.c.disable-ssl3 2018-03-29 14:38:39.613133788 +0200 -+++ openssl-1.1.0h/apps/s_server.c 2018-03-29 14:42:27.313481477 +0200 -@@ -1619,6 +1619,9 @@ int s_server_main(int argc, char *argv[] - if (!config_ctx(cctx, ssl_args, ctx)) - goto end; - -+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION) -+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); -+ - if (ssl_config) { - if (SSL_CTX_config(ctx, ssl_config) == 0) { - BIO_printf(bio_err, "Error using configuration \"%s\"\n", -diff -up openssl-1.1.0h/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.0h/ssl/ssl_lib.c ---- openssl-1.1.0h/ssl/ssl_lib.c.disable-ssl3 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/ssl/ssl_lib.c 2018-03-29 14:38:39.614133811 +0200 -@@ -2653,6 +2653,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m - * or by using the SSL_CONF library. - */ - ret->options |= SSL_OP_NO_COMPRESSION; -+ /* -+ * Disable SSLv3 by default. Applications can -+ * re-enable it by configuring -+ * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); -+ * or by using the SSL_CONF library. -+ */ -+ ret->options |= SSL_OP_NO_SSLv3; - - ret->tlsext_status_type = -1; - -diff -up openssl-1.1.0h/test/ssl_test.c.disable-ssl3 openssl-1.1.0h/test/ssl_test.c ---- openssl-1.1.0h/test/ssl_test.c.disable-ssl3 2018-03-29 14:38:39.615133835 +0200 -+++ openssl-1.1.0h/test/ssl_test.c 2018-03-29 14:43:37.893139086 +0200 -@@ -277,6 +277,7 @@ static int execute_test(SSL_TEST_FIXTURE - SSL_TEST_SERVERNAME_CB_NONE) { - server2_ctx = SSL_CTX_new(TLS_server_method()); - TEST_check(server2_ctx != NULL); -+ SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3); - } - client_ctx = SSL_CTX_new(TLS_client_method()); - TEST_check(SSL_CTX_set_max_proto_version(client_ctx, TLS_MAX_VERSION)); -@@ -290,11 +291,15 @@ static int execute_test(SSL_TEST_FIXTURE - TLS_MAX_VERSION)); - TEST_check(resume_server_ctx != NULL); - TEST_check(resume_client_ctx != NULL); -+ SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3); -+ SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3); - } - } - - TEST_check(server_ctx != NULL); - TEST_check(client_ctx != NULL); -+ SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3); -+ SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3); - - TEST_check(CONF_modules_load(conf, fixture.test_app, 0) > 0); - -diff -up openssl-1.1.0h/test/ssltest_old.c.disable-ssl3 openssl-1.1.0h/test/ssltest_old.c ---- openssl-1.1.0h/test/ssltest_old.c.disable-ssl3 2018-03-27 15:50:41.000000000 +0200 -+++ openssl-1.1.0h/test/ssltest_old.c 2018-03-29 14:38:39.615133835 +0200 -@@ -1460,6 +1460,11 @@ int main(int argc, char *argv[]) - ERR_print_errors(bio_err); - goto end; - } -+ -+ SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3); -+ SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3); -+ SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3); -+ - /* - * Since we will use low security ciphersuites and keys for testing set - * security level to zero by default. Tests can override this by adding diff --git a/openssl-1.1.0-ec-curves.patch b/openssl-1.1.0-ec-curves.patch deleted file mode 100644 index d6bd022..0000000 --- a/openssl-1.1.0-ec-curves.patch +++ /dev/null @@ -1,80 +0,0 @@ -diff -up openssl-1.1.0e/apps/speed.c.curves openssl-1.1.0e/apps/speed.c ---- openssl-1.1.0e/apps/speed.c.curves 2017-02-16 12:58:20.000000000 +0100 -+++ openssl-1.1.0e/apps/speed.c 2017-02-16 15:46:22.271504354 +0100 -@@ -536,42 +536,18 @@ static OPT_PAIR rsa_choices[] = { - #define R_EC_X25519 16 - #ifndef OPENSSL_NO_EC - static OPT_PAIR ecdsa_choices[] = { -- {"ecdsap160", R_EC_P160}, -- {"ecdsap192", R_EC_P192}, - {"ecdsap224", R_EC_P224}, - {"ecdsap256", R_EC_P256}, - {"ecdsap384", R_EC_P384}, - {"ecdsap521", R_EC_P521}, -- {"ecdsak163", R_EC_K163}, -- {"ecdsak233", R_EC_K233}, -- {"ecdsak283", R_EC_K283}, -- {"ecdsak409", R_EC_K409}, -- {"ecdsak571", R_EC_K571}, -- {"ecdsab163", R_EC_B163}, -- {"ecdsab233", R_EC_B233}, -- {"ecdsab283", R_EC_B283}, -- {"ecdsab409", R_EC_B409}, -- {"ecdsab571", R_EC_B571}, - {NULL} - }; - - static OPT_PAIR ecdh_choices[] = { -- {"ecdhp160", R_EC_P160}, -- {"ecdhp192", R_EC_P192}, - {"ecdhp224", R_EC_P224}, - {"ecdhp256", R_EC_P256}, - {"ecdhp384", R_EC_P384}, - {"ecdhp521", R_EC_P521}, -- {"ecdhk163", R_EC_K163}, -- {"ecdhk233", R_EC_K233}, -- {"ecdhk283", R_EC_K283}, -- {"ecdhk409", R_EC_K409}, -- {"ecdhk571", R_EC_K571}, -- {"ecdhb163", R_EC_B163}, -- {"ecdhb233", R_EC_B233}, -- {"ecdhb283", R_EC_B283}, -- {"ecdhb409", R_EC_B409}, -- {"ecdhb571", R_EC_B571}, - {"ecdhx25519", R_EC_X25519}, - {NULL} - }; -diff -up openssl-1.1.0e/crypto/ec/ecp_smpl.c.curves openssl-1.1.0e/crypto/ec/ecp_smpl.c ---- openssl-1.1.0e/crypto/ec/ecp_smpl.c.curves 2017-02-16 12:58:21.000000000 +0100 -+++ openssl-1.1.0e/crypto/ec/ecp_smpl.c 2017-02-16 15:46:22.264504188 +0100 -@@ -144,6 +144,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO - return 0; - } - -+ if (BN_num_bits(p) < 224) { -+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); -+ return 0; -+ } -+ - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) -diff -up openssl-1.1.0e/test/ecdsatest.c.curves openssl-1.1.0e/test/ecdsatest.c ---- openssl-1.1.0e/test/ecdsatest.c.curves 2017-02-16 12:58:24.000000000 +0100 -+++ openssl-1.1.0e/test/ecdsatest.c 2017-02-16 15:46:22.250503857 +0100 -@@ -216,6 +216,7 @@ int x9_62_tests(BIO *out) - if (!change_rand()) - goto x962_err; - -+#if 0 - if (!x9_62_test_internal(out, NID_X9_62_prime192v1, - "3342403536405981729393488334694600415596881826869351677613", - "5735822328888155254683894997897571951568553642892029982342")) -@@ -226,6 +227,7 @@ int x9_62_tests(BIO *out) - "3238135532097973577080787768312505059318910517550078427819" - "78505179448783")) - goto x962_err; -+#endif - # ifndef OPENSSL_NO_EC2M - if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1, - "87194383164871543355722284926904419997237591535066528048", diff --git a/openssl-1.1.0-manfix.patch b/openssl-1.1.0-manfix.patch deleted file mode 100644 index 53fc603..0000000 --- a/openssl-1.1.0-manfix.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff -up openssl-1.1.0g/doc/apps/ec.pod.manfix openssl-1.1.0g/doc/apps/ec.pod ---- openssl-1.1.0g/doc/apps/ec.pod.manfix 2017-11-02 15:29:04.000000000 +0100 -+++ openssl-1.1.0g/doc/apps/ec.pod 2017-11-03 16:09:31.714027145 +0100 -@@ -101,10 +101,6 @@ prints out the public, private key compo - - this option prevents output of the encoded version of the key. - --=item B<-modulus> -- --this option prints out the value of the public key component of the key. -- - =item B<-pubin> - - by default a private key is read from the input file: with this option a -diff -up openssl-1.1.0g/doc/apps/openssl.pod.manfix openssl-1.1.0g/doc/apps/openssl.pod ---- openssl-1.1.0g/doc/apps/openssl.pod.manfix 2017-11-02 15:29:04.000000000 +0100 -+++ openssl-1.1.0g/doc/apps/openssl.pod 2017-11-03 16:11:48.478245311 +0100 -@@ -170,7 +170,7 @@ Create or examine a Netscape certificate - - Online Certificate Status Protocol utility. - --=item L|passwd(1)> -+=item L|sslpasswd(1)> - - Generation of hashed passwords. - -@@ -198,7 +198,7 @@ Public key algorithm parameter managemen - - Public key algorithm cryptographic operation utility. - --=item L|rand(1)> -+=item L|sslrand(1)> - - Generate pseudo-random bytes. - -@@ -432,13 +432,13 @@ L, L, L - L, L, - L, L, L, L, L, - L, L, L, --L, - L, L, L, - L, L, L, --L, L, L, L, -+L, L, L, - L, L, - L, L, L, - L, L, L, -+L, L, - L, - L, L, L, - L, L, L diff --git a/openssl-1.1.0-missing-quotes.patch b/openssl-1.1.0-missing-quotes.patch deleted file mode 100644 index 3fb8784..0000000 --- a/openssl-1.1.0-missing-quotes.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up openssl-1.1.0h/util/dofile.pl.missing-quotes openssl-1.1.0h/util/dofile.pl ---- openssl-1.1.0h/util/dofile.pl.missing-quotes 2018-03-27 15:50:41.000000000 +0200 -+++ openssl-1.1.0h/util/dofile.pl 2018-04-03 11:59:36.742091742 +0200 -@@ -99,9 +99,9 @@ package main; - # This adds quotes (") around the given string, and escapes any $, @, \, - # " and ' by prepending a \ to them. - sub quotify1 { -- my $s = my $orig = shift @_; -+ my $s = shift @_; - $s =~ s/([\$\@\\"'])/\\$1/g; -- $s ne $orig || $s =~ /\s/ ? '"'.$s.'"' : $s; -+ '"'.$s.'"'; - } - - # quotify_l LIST diff --git a/openssl-1.1.0-secure-getenv.patch b/openssl-1.1.0-secure-getenv.patch deleted file mode 100644 index 2fb8ae6..0000000 --- a/openssl-1.1.0-secure-getenv.patch +++ /dev/null @@ -1,139 +0,0 @@ -diff -up openssl-1.1.0g/crypto/conf/conf_api.c.secure-getenv openssl-1.1.0g/crypto/conf/conf_api.c ---- openssl-1.1.0g/crypto/conf/conf_api.c.secure-getenv 2017-11-02 15:29:02.000000000 +0100 -+++ openssl-1.1.0g/crypto/conf/conf_api.c 2017-11-03 16:12:31.826265323 +0100 -@@ -9,6 +9,8 @@ - - /* Part of the code in here was originally in conf.c, which is now removed */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include - #include - #include -@@ -82,7 +84,7 @@ char *_CONF_get_string(const CONF *conf, - if (v != NULL) - return (v->value); - if (strcmp(section, "ENV") == 0) { -- p = getenv(name); -+ p = secure_getenv(name); - if (p != NULL) - return (p); - } -@@ -95,7 +97,7 @@ char *_CONF_get_string(const CONF *conf, - else - return (NULL); - } else -- return (getenv(name)); -+ return (secure_getenv(name)); - } - - static unsigned long conf_value_hash(const CONF_VALUE *v) -diff -up openssl-1.1.0g/crypto/conf/conf_mod.c.secure-getenv openssl-1.1.0g/crypto/conf/conf_mod.c ---- openssl-1.1.0g/crypto/conf/conf_mod.c.secure-getenv 2017-11-02 15:29:02.000000000 +0100 -+++ openssl-1.1.0g/crypto/conf/conf_mod.c 2017-11-03 16:12:31.827265347 +0100 -@@ -7,6 +7,8 @@ - * https://www.openssl.org/source/license.html - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include - #include - #include -@@ -478,7 +480,7 @@ char *CONF_get1_default_config_file(void - char *file; - int len; - -- file = getenv("OPENSSL_CONF"); -+ file = secure_getenv("OPENSSL_CONF"); - if (file) - return OPENSSL_strdup(file); - -diff -up openssl-1.1.0g/crypto/engine/eng_list.c.secure-getenv openssl-1.1.0g/crypto/engine/eng_list.c ---- openssl-1.1.0g/crypto/engine/eng_list.c.secure-getenv 2017-11-02 15:29:03.000000000 +0100 -+++ openssl-1.1.0g/crypto/engine/eng_list.c 2017-11-03 16:12:31.827265347 +0100 -@@ -13,6 +13,8 @@ - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include "eng_int.h" - - /* -@@ -322,7 +324,7 @@ ENGINE *ENGINE_by_id(const char *id) - * Prevent infinite recursion if we're looking for the dynamic engine. - */ - if (strcmp(id, "dynamic")) { -- if ((load_dir = getenv("OPENSSL_ENGINES")) == 0) -+ if ((load_dir = secure_getenv("OPENSSL_ENGINES")) == 0) - load_dir = ENGINESDIR; - iterator = ENGINE_by_id("dynamic"); - if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || -diff -up openssl-1.1.0g/crypto/rand/randfile.c.secure-getenv openssl-1.1.0g/crypto/rand/randfile.c ---- openssl-1.1.0g/crypto/rand/randfile.c.secure-getenv 2017-11-02 15:29:03.000000000 +0100 -+++ openssl-1.1.0g/crypto/rand/randfile.c 2017-11-03 16:12:31.827265347 +0100 -@@ -7,6 +7,8 @@ - * https://www.openssl.org/source/license.html - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include "internal/cryptlib.h" - - #include -@@ -317,10 +319,10 @@ const char *RAND_file_name(char *buf, si - if (OPENSSL_issetugid() != 0) { - use_randfile = 0; - } else { -- s = getenv("RANDFILE"); -+ s = secure_getenv("RANDFILE"); - if (s == NULL || *s == '\0') { - use_randfile = 0; -- s = getenv("HOME"); -+ s = secure_getenv("HOME"); - } - } - #endif -diff -up openssl-1.1.0g/crypto/x509/by_dir.c.secure-getenv openssl-1.1.0g/crypto/x509/by_dir.c ---- openssl-1.1.0g/crypto/x509/by_dir.c.secure-getenv 2017-11-02 15:29:04.000000000 +0100 -+++ openssl-1.1.0g/crypto/x509/by_dir.c 2017-11-03 16:12:31.827265347 +0100 -@@ -7,6 +7,8 @@ - * https://www.openssl.org/source/license.html - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include - #include - #include -@@ -78,7 +80,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in - switch (cmd) { - case X509_L_ADD_DIR: - if (argl == X509_FILETYPE_DEFAULT) { -- dir = (char *)getenv(X509_get_default_cert_dir_env()); -+ dir = (char *)secure_getenv(X509_get_default_cert_dir_env()); - if (dir) - ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); - else -diff -up openssl-1.1.0g/crypto/x509/by_file.c.secure-getenv openssl-1.1.0g/crypto/x509/by_file.c ---- openssl-1.1.0g/crypto/x509/by_file.c.secure-getenv 2017-11-02 15:29:04.000000000 +0100 -+++ openssl-1.1.0g/crypto/x509/by_file.c 2017-11-03 16:14:13.230649686 +0100 -@@ -7,6 +7,8 @@ - * https://www.openssl.org/source/license.html - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include - #include - #include -@@ -47,7 +49,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx - switch (cmd) { - case X509_L_FILE_LOAD: - if (argl == X509_FILETYPE_DEFAULT) { -- file = getenv(X509_get_default_cert_file_env()); -+ file = secure_getenv(X509_get_default_cert_file_env()); - if (file) - ok = (X509_load_cert_crl_file(ctx, file, - X509_FILETYPE_PEM) != 0); diff --git a/openssl-1.1.0-silent-rnd-write.patch b/openssl-1.1.0-silent-rnd-write.patch deleted file mode 100644 index da4137c..0000000 --- a/openssl-1.1.0-silent-rnd-write.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up openssl-1.1.0h/apps/app_rand.c.silent-rnd-write openssl-1.1.0h/apps/app_rand.c ---- openssl-1.1.0h/apps/app_rand.c.silent-rnd-write 2018-03-27 15:50:37.000000000 +0200 -+++ openssl-1.1.0h/apps/app_rand.c 2018-03-29 15:27:24.597891091 +0200 -@@ -91,6 +91,7 @@ long app_RAND_load_files(char *name) - int app_RAND_write_file(const char *file) - { - char buffer[200]; -+ const char *origfile = file; - - if (egdsocket || !seeded) - /* -@@ -103,8 +104,10 @@ int app_RAND_write_file(const char *file - if (file == NULL) - file = RAND_file_name(buffer, sizeof(buffer)); - if (file == NULL || !RAND_write_file(file)) { -- BIO_printf(bio_err, "unable to write 'random state'\n"); -- return 0; -+ if (origfile != NULL) { -+ BIO_printf(bio_err, "unable to write 'random state'\n"); -+ return 0; -+ } - } - return 1; - } diff --git a/openssl-1.1.0-version-add-engines.patch b/openssl-1.1.0-version-add-engines.patch deleted file mode 100644 index f4b7cf9..0000000 --- a/openssl-1.1.0-version-add-engines.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -up openssl-1.1.0h/apps/version.c.version-add-engines openssl-1.1.0h/apps/version.c ---- openssl-1.1.0h/apps/version.c.version-add-engines 2018-03-27 15:50:37.000000000 +0200 -+++ openssl-1.1.0h/apps/version.c 2018-03-29 14:33:30.732879537 +0200 -@@ -52,7 +52,7 @@ int version_main(int argc, char **argv) - { - int ret = 1, dirty = 0; - int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0; -- int engdir = 0; -+ int engdir = 0, engines = 0; - char *prog; - OPTION_CHOICE o; - -@@ -90,7 +90,7 @@ opthelp: - dirty = version = 1; - break; - case OPT_A: -- options = cflags = version = date = platform = dir = engdir = 1; -+ options = cflags = version = date = platform = dir = engdir = engines = 1; - break; - } - } -@@ -139,6 +139,16 @@ opthelp: - printf("%s\n", OpenSSL_version(OPENSSL_DIR)); - if (engdir) - printf("%s\n", OpenSSL_version(OPENSSL_ENGINES_DIR)); -+ if (engines) { -+ ENGINE *e; -+ printf("engines: "); -+ e = ENGINE_get_first(); -+ while (e) { -+ printf("%s ", ENGINE_get_id(e)); -+ e = ENGINE_get_next(e); -+ } -+ printf("\n"); -+ } - ret = 0; - end: - return (ret); diff --git a/openssl-1.1.1-build.patch b/openssl-1.1.1-build.patch new file mode 100644 index 0000000..cfe20f6 --- /dev/null +++ b/openssl-1.1.1-build.patch @@ -0,0 +1,40 @@ +diff -up openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl +--- openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.build 2018-06-20 16:48:09.000000000 +0200 ++++ openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl 2018-07-16 17:15:38.108831031 +0200 +@@ -680,7 +680,7 @@ uninstall_runtime: + install_man_docs: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @$(ECHO) "*** Installing manpages" +- $(PERL) $(SRCDIR)/util/process_docs.pl \ ++ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ + --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) + + uninstall_man_docs: +@@ -692,7 +692,7 @@ uninstall_man_docs: + install_html_docs: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @$(ECHO) "*** Installing HTML manpages" +- $(PERL) $(SRCDIR)/util/process_docs.pl \ ++ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \ + --destdir=$(DESTDIR)$(HTMLDIR) --type=html + + uninstall_html_docs: +diff -up openssl-1.1.1-pre8/Configurations/10-main.conf.build openssl-1.1.1-pre8/Configurations/10-main.conf +--- openssl-1.1.1-pre8/Configurations/10-main.conf.build 2018-06-20 16:48:09.000000000 +0200 ++++ openssl-1.1.1-pre8/Configurations/10-main.conf 2018-07-16 17:17:10.312045203 +0200 +@@ -693,6 +693,7 @@ my %targets = ( + cxxflags => add("-m64"), + lib_cppflags => add("-DL_ENDIAN"), + perlasm_scheme => "linux64le", ++ multilib => "64", + }, + + "linux-armv4" => { +@@ -733,6 +734,7 @@ my %targets = ( + "linux-aarch64" => { + inherit_from => [ "linux-generic64", asm("aarch64_asm") ], + perlasm_scheme => "linux64", ++ multilib => "64", + }, + "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 + inherit_from => [ "linux-generic32", asm("aarch64_asm") ], diff --git a/openssl-1.1.1-disable-ssl3.patch b/openssl-1.1.1-disable-ssl3.patch new file mode 100644 index 0000000..19acdd1 --- /dev/null +++ b/openssl-1.1.1-disable-ssl3.patch @@ -0,0 +1,89 @@ +diff -up openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_client.c +--- openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200 ++++ openssl-1.1.1-pre8/apps/s_client.c 2018-07-16 18:16:40.070186323 +0200 +@@ -1681,6 +1681,9 @@ int s_client_main(int argc, char **argv) + if (sdebug) + ssl_ctx_security_debug(ctx, sdebug); + ++ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION) ++ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); ++ + if (!config_ctx(cctx, ssl_args, ctx)) + goto end; + +diff -up openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_server.c +--- openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200 ++++ openssl-1.1.1-pre8/apps/s_server.c 2018-07-16 18:17:17.300055551 +0200 +@@ -1760,6 +1760,9 @@ int s_server_main(int argc, char *argv[] + if (sdebug) + ssl_ctx_security_debug(ctx, sdebug); + ++ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION) ++ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); ++ + if (!config_ctx(cctx, ssl_args, ctx)) + goto end; + +diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.1-pre8/ssl/ssl_lib.c +--- openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/ssl/ssl_lib.c 2018-07-16 18:08:20.001487652 +0200 +@@ -3016,6 +3016,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m + */ + ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT; + ++ /* ++ * Disable SSLv3 by default. Applications can ++ * re-enable it by configuring ++ * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3); ++ * or by using the SSL_CONF API. ++ */ ++ ret->options |= SSL_OP_NO_SSLv3; ++ + ret->ext.status_type = TLSEXT_STATUSTYPE_nothing; + + /* +diff -up openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 openssl-1.1.1-pre8/test/ssl_test.c +--- openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200 ++++ openssl-1.1.1-pre8/test/ssl_test.c 2018-07-16 18:18:34.806865121 +0200 +@@ -443,6 +443,7 @@ static int test_handshake(int idx) + SSL_TEST_SERVERNAME_CB_NONE) { + if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method()))) + goto err; ++ SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3); + if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, + TLS_MAX_VERSION))) + goto err; +@@ -464,6 +465,8 @@ static int test_handshake(int idx) + if (!TEST_ptr(resume_server_ctx) + || !TEST_ptr(resume_client_ctx)) + goto err; ++ SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3); ++ SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3); + } + } + +@@ -477,6 +480,9 @@ static int test_handshake(int idx) + || !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0)) + goto err; + ++ SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3); ++ SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3); ++ + if (!SSL_CTX_config(server_ctx, "server") + || !SSL_CTX_config(client_ctx, "client")) { + goto err; +diff -up openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 openssl-1.1.1-pre8/test/ssltest_old.c +--- openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200 ++++ openssl-1.1.1-pre8/test/ssltest_old.c 2018-07-16 18:08:20.002487676 +0200 +@@ -1358,6 +1358,11 @@ int main(int argc, char *argv[]) + ERR_print_errors(bio_err); + goto end; + } ++ ++ SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3); ++ SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3); ++ SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3); ++ + /* + * Since we will use low security ciphersuites and keys for testing set + * security level to zero by default. Tests can override this by adding diff --git a/openssl-1.1.1-ec-curves.patch b/openssl-1.1.1-ec-curves.patch new file mode 100644 index 0000000..b26263f --- /dev/null +++ b/openssl-1.1.1-ec-curves.patch @@ -0,0 +1,94 @@ +diff -up openssl-1.1.1-pre8/apps/speed.c.curves openssl-1.1.1-pre8/apps/speed.c +--- openssl-1.1.1-pre8/apps/speed.c.curves 2018-07-17 08:48:56.106625020 +0200 ++++ openssl-1.1.1-pre8/apps/speed.c 2018-07-17 08:50:07.526521809 +0200 +@@ -511,56 +511,20 @@ static double rsa_results[RSA_NUM][2]; + #define R_EC_X448 23 + #ifndef OPENSSL_NO_EC + static OPT_PAIR ecdsa_choices[] = { +- {"ecdsap160", R_EC_P160}, +- {"ecdsap192", R_EC_P192}, + {"ecdsap224", R_EC_P224}, + {"ecdsap256", R_EC_P256}, + {"ecdsap384", R_EC_P384}, + {"ecdsap521", R_EC_P521}, +- {"ecdsak163", R_EC_K163}, +- {"ecdsak233", R_EC_K233}, +- {"ecdsak283", R_EC_K283}, +- {"ecdsak409", R_EC_K409}, +- {"ecdsak571", R_EC_K571}, +- {"ecdsab163", R_EC_B163}, +- {"ecdsab233", R_EC_B233}, +- {"ecdsab283", R_EC_B283}, +- {"ecdsab409", R_EC_B409}, +- {"ecdsab571", R_EC_B571}, +- {"ecdsabrp256r1", R_EC_BRP256R1}, +- {"ecdsabrp256t1", R_EC_BRP256T1}, +- {"ecdsabrp384r1", R_EC_BRP384R1}, +- {"ecdsabrp384t1", R_EC_BRP384T1}, +- {"ecdsabrp512r1", R_EC_BRP512R1}, +- {"ecdsabrp512t1", R_EC_BRP512T1} + }; + # define ECDSA_NUM OSSL_NELEM(ecdsa_choices) + + static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */ + + static const OPT_PAIR ecdh_choices[] = { +- {"ecdhp160", R_EC_P160}, +- {"ecdhp192", R_EC_P192}, + {"ecdhp224", R_EC_P224}, + {"ecdhp256", R_EC_P256}, + {"ecdhp384", R_EC_P384}, + {"ecdhp521", R_EC_P521}, +- {"ecdhk163", R_EC_K163}, +- {"ecdhk233", R_EC_K233}, +- {"ecdhk283", R_EC_K283}, +- {"ecdhk409", R_EC_K409}, +- {"ecdhk571", R_EC_K571}, +- {"ecdhb163", R_EC_B163}, +- {"ecdhb233", R_EC_B233}, +- {"ecdhb283", R_EC_B283}, +- {"ecdhb409", R_EC_B409}, +- {"ecdhb571", R_EC_B571}, +- {"ecdhbrp256r1", R_EC_BRP256R1}, +- {"ecdhbrp256t1", R_EC_BRP256T1}, +- {"ecdhbrp384r1", R_EC_BRP384R1}, +- {"ecdhbrp384t1", R_EC_BRP384T1}, +- {"ecdhbrp512r1", R_EC_BRP512R1}, +- {"ecdhbrp512t1", R_EC_BRP512T1}, + {"ecdhx25519", R_EC_X25519}, + {"ecdhx448", R_EC_X448} + }; +diff -up openssl-1.1.1-pre8/crypto/ec/ecp_smpl.c.curves openssl-1.1.1-pre8/crypto/ec/ecp_smpl.c +--- openssl-1.1.1-pre8/crypto/ec/ecp_smpl.c.curves 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/ec/ecp_smpl.c 2018-07-17 08:48:56.107625044 +0200 +@@ -141,6 +141,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO + return 0; + } + ++ if (BN_num_bits(p) < 224) { ++ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); ++ return 0; ++ } ++ + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) +diff -up openssl-1.1.1-pre8/test/ecdsatest.c.curves openssl-1.1.1-pre8/test/ecdsatest.c +--- openssl-1.1.1-pre8/test/ecdsatest.c.curves 2018-06-20 16:48:14.000000000 +0200 ++++ openssl-1.1.1-pre8/test/ecdsatest.c 2018-07-17 08:48:56.107625044 +0200 +@@ -173,6 +173,7 @@ static int x9_62_tests(void) + if (!change_rand()) + goto x962_err; + ++#if 0 + if (!TEST_true(x9_62_test_internal(NID_X9_62_prime192v1, + "3342403536405981729393488334694600415596881826869351677613", + "5735822328888155254683894997897571951568553642892029982342"))) +@@ -183,6 +184,7 @@ static int x9_62_tests(void) + "3238135532097973577080787768312505059318910517550078427819" + "78505179448783"))) + goto x962_err; ++#endif + + # ifndef OPENSSL_NO_EC2M + if (!TEST_true(x9_62_test_internal(NID_X9_62_c2tnb191v1, diff --git a/openssl-1.1.0-fips.patch b/openssl-1.1.1-fips.patch similarity index 89% rename from openssl-1.1.0-fips.patch rename to openssl-1.1.1-fips.patch index 48509de..9f32b03 100644 --- a/openssl-1.1.0-fips.patch +++ b/openssl-1.1.1-fips.patch @@ -1,18 +1,17 @@ -diff -up openssl-1.1.0h/apps/speed.c.fips openssl-1.1.0h/apps/speed.c ---- openssl-1.1.0h/apps/speed.c.fips 2018-03-29 14:44:24.617236431 +0200 -+++ openssl-1.1.0h/apps/speed.c 2018-03-29 15:02:42.171996191 +0200 -@@ -1447,7 +1447,9 @@ int speed_main(int argc, char **argv) - if (strcmp(*argv, "openssl") == 0) +diff -up openssl-1.1.1-pre8/apps/speed.c.fips openssl-1.1.1-pre8/apps/speed.c +--- openssl-1.1.1-pre8/apps/speed.c.fips 2018-07-25 17:26:58.393624416 +0200 ++++ openssl-1.1.1-pre8/apps/speed.c 2018-07-25 17:26:58.402624632 +0200 +@@ -1550,7 +1550,8 @@ int speed_main(int argc, char **argv) continue; if (strcmp(*argv, "rsa") == 0) { -- rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] = -+ if (!FIPS_mode()) -+ rsa_doit[R_RSA_512] = 1; -+ rsa_doit[R_RSA_1024] = - rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] = - rsa_doit[R_RSA_4096] = rsa_doit[R_RSA_7680] = - rsa_doit[R_RSA_15360] = 1; -@@ -1460,7 +1462,9 @@ int speed_main(int argc, char **argv) + for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++) +- rsa_doit[loop] = 1; ++ if (!FIPS_mode() || loop != R_RSA_512) ++ rsa_doit[loop] = 1; + continue; + } + if (found(*argv, rsa_choices, &i)) { +@@ -1560,7 +1561,9 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_DSA if (strcmp(*argv, "dsa") == 0) { @@ -23,7 +22,7 @@ diff -up openssl-1.1.0h/apps/speed.c.fips openssl-1.1.0h/apps/speed.c dsa_doit[R_DSA_2048] = 1; continue; } -@@ -1549,15 +1553,21 @@ int speed_main(int argc, char **argv) +@@ -1683,15 +1686,21 @@ int speed_main(int argc, char **argv) /* No parameters; turn on everything. */ if ((argc == 0) && !doit[D_EVP]) { for (i = 0; i < ALGOR_NUM; i++) @@ -47,8 +46,8 @@ diff -up openssl-1.1.0h/apps/speed.c.fips openssl-1.1.0h/apps/speed.c + dsa_doit[i] = 1; #endif #ifndef OPENSSL_NO_EC - for (loop = 0; loop < OSSL_NELEM(ecdsa_choices); loop++) -@@ -1606,30 +1616,46 @@ int speed_main(int argc, char **argv) + for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++) +@@ -1745,30 +1754,46 @@ int speed_main(int argc, char **argv) AES_set_encrypt_key(key24, 192, &aes_ks2); AES_set_encrypt_key(key32, 256, &aes_ks3); #ifndef OPENSSL_NO_CAMELLIA @@ -105,7 +104,7 @@ diff -up openssl-1.1.0h/apps/speed.c.fips openssl-1.1.0h/apps/speed.c #endif #ifndef SIGALRM # ifndef OPENSSL_NO_DES -@@ -1890,6 +1916,7 @@ int speed_main(int argc, char **argv) +@@ -2059,6 +2084,7 @@ int speed_main(int argc, char **argv) for (i = 0; i < loopargs_len; i++) { loopargs[i].hctx = HMAC_CTX_new(); @@ -113,64 +112,49 @@ diff -up openssl-1.1.0h/apps/speed.c.fips openssl-1.1.0h/apps/speed.c if (loopargs[i].hctx == NULL) { BIO_printf(bio_err, "HMAC malloc failure, exiting..."); exit(1); -diff -up openssl-1.1.0h/Configure.fips openssl-1.1.0h/Configure ---- openssl-1.1.0h/Configure.fips 2018-03-29 14:44:24.624236595 +0200 -+++ openssl-1.1.0h/Configure 2018-03-29 14:44:24.628236689 +0200 -@@ -314,7 +314,7 @@ $config{sdirs} = [ - "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", - "des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes", - "bn", "ec", "rsa", "dsa", "dh", "dso", "engine", +diff -up openssl-1.1.1-pre8/Configure.fips openssl-1.1.1-pre8/Configure +--- openssl-1.1.1-pre8/Configure.fips 2018-07-25 17:26:58.399624560 +0200 ++++ openssl-1.1.1-pre8/Configure 2018-07-25 17:26:58.402624632 +0200 +@@ -306,7 +306,7 @@ $config{sdirs} = [ + "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3", + "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes", + "bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine", - "buffer", "bio", "stack", "lhash", "rand", "err", + "buffer", "bio", "stack", "lhash", "rand", "err", "fips", "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", - "cms", "ts", "srp", "cmac", "ct", "async", "kdf" + "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store" ]; -diff -up openssl-1.1.0h/crypto/bn/bn_rand.c.fips openssl-1.1.0h/crypto/bn/bn_rand.c ---- openssl-1.1.0h/crypto/bn/bn_rand.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/bn/bn_rand.c 2018-03-29 14:44:24.628236689 +0200 -@@ -39,9 +39,11 @@ static int bnrand(int pseudorand, BIGNUM - goto err; - } - -- /* make a random number and set the top and bottom bits */ -- time(&tim); -- RAND_add(&tim, sizeof(tim), 0.0); -+ if (!FIPS_mode()) { /* in FIPS mode the RNG is always properly seeded or the module fails */ -+ /* make a random number and set the top and bottom bits */ -+ time(&tim); -+ RAND_add(&tim, sizeof(tim), 0.0); -+ } - - if (RAND_bytes(buf, bytes) <= 0) - goto err; -diff -up openssl-1.1.0h/crypto/dh/dh_err.c.fips openssl-1.1.0h/crypto/dh/dh_err.c ---- openssl-1.1.0h/crypto/dh/dh_err.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/dh/dh_err.c 2018-03-29 14:44:24.628236689 +0200 -@@ -25,6 +25,9 @@ static ERR_STRING_DATA DH_str_functs[] = - {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"}, - {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"}, - {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "dh_cms_set_shared_info"}, -+ {ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, -+ {ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, -+ {ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS_EX), "DH_generate_parameters_ex"}, - {ERR_FUNC(DH_F_DH_METH_DUP), "DH_meth_dup"}, - {ERR_FUNC(DH_F_DH_METH_NEW), "DH_meth_new"}, - {ERR_FUNC(DH_F_DH_METH_SET1_NAME), "DH_meth_set1_name"}, -@@ -49,9 +52,11 @@ static ERR_STRING_DATA DH_str_reasons[] - {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"}, - {ERR_REASON(DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, - {ERR_REASON(DH_R_KEYS_NOT_SET), "keys not set"}, -+ {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL), "key size too small"}, - {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"}, - {ERR_REASON(DH_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"}, -+ {ERR_REASON(DH_R_NON_FIPS_METHOD), "non FIPS method"}, - {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, - {ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"}, - {ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"}, -diff -up openssl-1.1.0h/crypto/dh/dh_gen.c.fips openssl-1.1.0h/crypto/dh/dh_gen.c ---- openssl-1.1.0h/crypto/dh/dh_gen.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/dh/dh_gen.c 2018-03-29 14:44:24.628236689 +0200 +diff -up openssl-1.1.1-pre8/crypto/dh/dh_err.c.fips openssl-1.1.1-pre8/crypto/dh/dh_err.c +--- openssl-1.1.1-pre8/crypto/dh/dh_err.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/dh/dh_err.c 2018-07-25 17:26:58.402624632 +0200 +@@ -25,6 +25,9 @@ static const ERR_STRING_DATA DH_str_func + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0), + "dh_cms_set_shared_info"}, ++ {ERR_PACK(ERR_LIB_DH, DH_F_DH_COMPUTE_KEY, 0), "DH_compute_key"}, ++ {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_KEY, 0), "DH_generate_key"}, ++ {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_PARAMETERS_EX, 0), "DH_generate_parameters_ex"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_DUP, 0), "DH_meth_dup"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_NEW, 0), "DH_meth_new"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_SET1_NAME, 0), "DH_meth_set1_name"}, +@@ -72,12 +75,14 @@ static const ERR_STRING_DATA DH_str_reas + {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PUBKEY), "invalid public key"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEYS_NOT_SET), "keys not set"}, ++ {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEY_SIZE_TOO_SMALL), "key size too small"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR), + "not suitable generator"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"}, ++ {ERR_PACK(ERR_LIB_DH, 0, DH_R_NON_FIPS_METHOD), "non FIPS method"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), + "parameter encoding error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, +diff -up openssl-1.1.1-pre8/crypto/dh/dh_gen.c.fips openssl-1.1.1-pre8/crypto/dh/dh_gen.c +--- openssl-1.1.1-pre8/crypto/dh/dh_gen.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/dh/dh_gen.c 2018-07-25 17:26:58.402624632 +0200 @@ -16,6 +16,9 @@ #include "internal/cryptlib.h" #include @@ -214,9 +198,9 @@ diff -up openssl-1.1.0h/crypto/dh/dh_gen.c.fips openssl-1.1.0h/crypto/dh/dh_gen. ctx = BN_CTX_new(); if (ctx == NULL) goto err; -diff -up openssl-1.1.0h/crypto/dh/dh_key.c.fips openssl-1.1.0h/crypto/dh/dh_key.c ---- openssl-1.1.0h/crypto/dh/dh_key.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/dh/dh_key.c 2018-03-29 14:44:24.628236689 +0200 +diff -up openssl-1.1.1-pre8/crypto/dh/dh_key.c.fips openssl-1.1.1-pre8/crypto/dh/dh_key.c +--- openssl-1.1.1-pre8/crypto/dh/dh_key.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/dh/dh_key.c 2018-07-25 17:26:58.402624632 +0200 @@ -11,6 +11,9 @@ #include "internal/cryptlib.h" #include "dh_locl.h" @@ -273,10 +257,10 @@ diff -up openssl-1.1.0h/crypto/dh/dh_key.c.fips openssl-1.1.0h/crypto/dh/dh_key. + } +#endif + - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; -@@ -165,6 +190,13 @@ static int compute_key(unsigned char *ke + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { + DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); + return 0; +@@ -170,6 +195,13 @@ static int compute_key(unsigned char *ke DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); goto err; } @@ -290,7 +274,7 @@ diff -up openssl-1.1.0h/crypto/dh/dh_key.c.fips openssl-1.1.0h/crypto/dh/dh_key. ctx = BN_CTX_new(); if (ctx == NULL) -@@ -216,6 +248,9 @@ static int dh_bn_mod_exp(const DH *dh, B +@@ -221,6 +253,9 @@ static int dh_bn_mod_exp(const DH *dh, B static int dh_init(DH *dh) { @@ -298,41 +282,43 @@ diff -up openssl-1.1.0h/crypto/dh/dh_key.c.fips openssl-1.1.0h/crypto/dh/dh_key. + FIPS_selftest_check(); +#endif dh->flags |= DH_FLAG_CACHE_MONT_P; - return (1); + return 1; } -diff -up openssl-1.1.0h/crypto/dsa/dsa_err.c.fips openssl-1.1.0h/crypto/dsa/dsa_err.c ---- openssl-1.1.0h/crypto/dsa/dsa_err.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/dsa/dsa_err.c 2018-03-29 14:44:24.628236689 +0200 -@@ -21,10 +21,13 @@ - static ERR_STRING_DATA DSA_str_functs[] = { - {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, - {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, -+ {ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "dsa_builtin_keygen"}, - {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "dsa_builtin_paramgen"}, - {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN2), "dsa_builtin_paramgen2"}, - {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, - {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, -+ {ERR_FUNC(DSA_F_DSA_GENERATE_KEY), "DSA_generate_key"}, -+ {ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS_EX), "DSA_generate_parameters_ex"}, - {ERR_FUNC(DSA_F_DSA_METH_DUP), "DSA_meth_dup"}, - {ERR_FUNC(DSA_F_DSA_METH_NEW), "DSA_meth_new"}, - {ERR_FUNC(DSA_F_DSA_METH_SET1_NAME), "DSA_meth_set1_name"}, -@@ -51,9 +54,12 @@ static ERR_STRING_DATA DSA_str_reasons[] - {ERR_REASON(DSA_R_DECODE_ERROR), "decode error"}, - {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE), "invalid digest type"}, - {ERR_REASON(DSA_R_INVALID_PARAMETERS), "invalid parameters"}, -+ {ERR_REASON(DSA_R_KEY_SIZE_INVALID), "key size invalid"}, -+ {ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, - {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"}, - {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, - {ERR_REASON(DSA_R_NO_PARAMETERS_SET), "no parameters set"}, -+ {ERR_REASON(DSA_R_NON_FIPS_DSA_METHOD), "non FIPS DSA method"}, - {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, - {ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"}, - {ERR_REASON(DSA_R_SEED_LEN_SMALL), -diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_gen.c ---- openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/dsa/dsa_gen.c 2018-03-29 14:44:24.628236689 +0200 +diff -up openssl-1.1.1-pre8/crypto/dsa/dsa_err.c.fips openssl-1.1.1-pre8/crypto/dsa/dsa_err.c +--- openssl-1.1.1-pre8/crypto/dsa/dsa_err.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/dsa/dsa_err.c 2018-07-25 17:26:58.402624632 +0200 +@@ -16,12 +16,15 @@ + static const ERR_STRING_DATA DSA_str_functs[] = { + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT_FP, 0), "DSAparams_print_fp"}, ++ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_KEYGEN, 0), "dsa_builtin_keygen"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN, 0), + "dsa_builtin_paramgen"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN2, 0), + "dsa_builtin_paramgen2"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, 0), "DSA_do_sign"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_VERIFY, 0), "DSA_do_verify"}, ++ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_KEY, 0), "DSA_generate_key"}, ++ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_PARAMETERS_EX, 0), "DSA_generate_parameters_ex"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"}, + {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"}, +@@ -51,9 +54,12 @@ static const ERR_STRING_DATA DSA_str_rea + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE), + "invalid digest type"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"}, ++ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_KEY_SIZE_INVALID), "key size invalid"}, ++ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"}, ++ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NON_FIPS_DSA_METHOD), "non FIPS DSA method"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), + "parameter encoding error"}, + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"}, +diff -up openssl-1.1.1-pre8/crypto/dsa/dsa_gen.c.fips openssl-1.1.1-pre8/crypto/dsa/dsa_gen.c +--- openssl-1.1.1-pre8/crypto/dsa/dsa_gen.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/dsa/dsa_gen.c 2018-07-25 17:26:58.403624656 +0200 @@ -22,12 +22,22 @@ #include #include @@ -372,7 +358,7 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_ } } -@@ -303,7 +319,7 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -310,7 +326,7 @@ int dsa_builtin_paramgen2(DSA *ret, size int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) { @@ -381,7 +367,7 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_ unsigned char *seed = NULL, *seed_tmp = NULL; unsigned char md[EVP_MAX_MD_SIZE]; int mdsize; -@@ -320,6 +336,20 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -327,6 +343,20 @@ int dsa_builtin_paramgen2(DSA *ret, size if (mctx == NULL) goto err; @@ -402,7 +388,7 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_ if (evpmd == NULL) { if (N == 160) evpmd = EVP_sha1(); -@@ -420,9 +450,10 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -427,9 +457,10 @@ int dsa_builtin_paramgen2(DSA *ret, size goto err; /* Provided seed didn't produce a prime: error */ if (seed_in) { @@ -416,7 +402,7 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_ } /* do a callback call */ -@@ -508,11 +539,14 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -515,11 +546,14 @@ int dsa_builtin_paramgen2(DSA *ret, size if (counter >= (int)(4 * L)) break; } @@ -431,7 +417,7 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_ } end: if (!BN_GENCB_call(cb, 2, 1)) -@@ -583,7 +617,7 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -590,7 +624,7 @@ int dsa_builtin_paramgen2(DSA *ret, size BN_free(ret->g); ret->g = BN_dup(g); if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { @@ -440,7 +426,7 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_ goto err; } if (counter_ret != NULL) -@@ -601,3 +635,53 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -608,3 +642,53 @@ int dsa_builtin_paramgen2(DSA *ret, size EVP_MD_CTX_free(mctx); return ok; } @@ -494,9 +480,9 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_gen.c.fips openssl-1.1.0h/crypto/dsa/dsa_ +} + +#endif -diff -up openssl-1.1.0h/crypto/dsa/dsa_key.c.fips openssl-1.1.0h/crypto/dsa/dsa_key.c ---- openssl-1.1.0h/crypto/dsa/dsa_key.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/dsa/dsa_key.c 2018-03-29 14:44:24.628236689 +0200 +diff -up openssl-1.1.1-pre8/crypto/dsa/dsa_key.c.fips openssl-1.1.1-pre8/crypto/dsa/dsa_key.c +--- openssl-1.1.1-pre8/crypto/dsa/dsa_key.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/dsa/dsa_key.c 2018-07-25 17:26:58.403624656 +0200 @@ -13,10 +13,49 @@ #include #include "dsa_locl.h" @@ -576,10 +562,10 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_key.c.fips openssl-1.1.0h/crypto/dsa/dsa_ ok = 1; err: -diff -up openssl-1.1.0h/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0h/crypto/dsa/dsa_ossl.c ---- openssl-1.1.0h/crypto/dsa/dsa_ossl.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/dsa/dsa_ossl.c 2018-03-29 14:44:24.629236712 +0200 -@@ -15,6 +15,9 @@ +diff -up openssl-1.1.1-pre8/crypto/dsa/dsa_ossl.c.fips openssl-1.1.1-pre8/crypto/dsa/dsa_ossl.c +--- openssl-1.1.1-pre8/crypto/dsa/dsa_ossl.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/dsa/dsa_ossl.c 2018-07-25 17:26:58.403624656 +0200 +@@ -13,6 +13,9 @@ #include #include "dsa_locl.h" #include @@ -589,7 +575,7 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0h/crypto/dsa/dsa static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, -@@ -68,6 +71,19 @@ static DSA_SIG *dsa_do_sign(const unsign +@@ -66,6 +69,19 @@ static DSA_SIG *dsa_do_sign(const unsign DSA_SIG *ret = NULL; int rv = 0; @@ -609,7 +595,7 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0h/crypto/dsa/dsa m = BN_new(); xr = BN_new(); if (m == NULL || xr == NULL) -@@ -266,6 +282,18 @@ static int dsa_do_verify(const unsigned +@@ -264,6 +280,18 @@ static int dsa_do_verify(const unsigned DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE); return -1; } @@ -628,7 +614,7 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0h/crypto/dsa/dsa if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE); -@@ -354,6 +382,9 @@ static int dsa_do_verify(const unsigned +@@ -352,6 +380,9 @@ static int dsa_do_verify(const unsigned static int dsa_init(DSA *dsa) { @@ -636,12 +622,12 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_ossl.c.fips openssl-1.1.0h/crypto/dsa/dsa + FIPS_selftest_check(); +#endif dsa->flags |= DSA_FLAG_CACHE_MONT_P; - return (1); + return 1; } -diff -up openssl-1.1.0h/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0h/crypto/dsa/dsa_pmeth.c ---- openssl-1.1.0h/crypto/dsa/dsa_pmeth.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/dsa/dsa_pmeth.c 2018-03-29 14:44:24.629236712 +0200 -@@ -212,8 +212,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT +diff -up openssl-1.1.1-pre8/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.1-pre8/crypto/dsa/dsa_pmeth.c +--- openssl-1.1.1-pre8/crypto/dsa/dsa_pmeth.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/dsa/dsa_pmeth.c 2018-07-25 17:26:58.403624656 +0200 +@@ -221,8 +221,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT BN_GENCB_free(pcb); return 0; } @@ -652,10 +638,10 @@ diff -up openssl-1.1.0h/crypto/dsa/dsa_pmeth.c.fips openssl-1.1.0h/crypto/dsa/ds BN_GENCB_free(pcb); if (ret) EVP_PKEY_assign_DSA(pkey, dsa); -diff -up openssl-1.1.0h/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0h/crypto/ec/ecdh_ossl.c ---- openssl-1.1.0h/crypto/ec/ecdh_ossl.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/ec/ecdh_ossl.c 2018-03-29 14:44:24.629236712 +0200 -@@ -33,9 +33,20 @@ +diff -up openssl-1.1.1-pre8/crypto/ec/ecdh_ossl.c.fips openssl-1.1.1-pre8/crypto/ec/ecdh_ossl.c +--- openssl-1.1.1-pre8/crypto/ec/ecdh_ossl.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/ec/ecdh_ossl.c 2018-07-25 17:26:58.403624656 +0200 +@@ -19,9 +19,20 @@ #include #include "ec_lcl.h" @@ -676,9 +662,9 @@ diff -up openssl-1.1.0h/crypto/ec/ecdh_ossl.c.fips openssl-1.1.0h/crypto/ec/ecdh if (ecdh->group->meth->ecdh_compute_key == NULL) { ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); return 0; -diff -up openssl-1.1.0h/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0h/crypto/ec/ecdsa_ossl.c ---- openssl-1.1.0h/crypto/ec/ecdsa_ossl.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/ec/ecdsa_ossl.c 2018-03-29 14:44:24.629236712 +0200 +diff -up openssl-1.1.1-pre8/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.1-pre8/crypto/ec/ecdsa_ossl.c +--- openssl-1.1.1-pre8/crypto/ec/ecdsa_ossl.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/ec/ecdsa_ossl.c 2018-07-25 17:26:58.403624656 +0200 @@ -15,6 +15,10 @@ #include #include "ec_lcl.h" @@ -690,7 +676,7 @@ diff -up openssl-1.1.0h/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0h/crypto/ec/ecd int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) -@@ -217,6 +221,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns +@@ -204,6 +208,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns ECDSA_SIG *ret; const BIGNUM *priv_key; @@ -704,7 +690,7 @@ diff -up openssl-1.1.0h/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0h/crypto/ec/ecd group = EC_KEY_get0_group(eckey); priv_key = EC_KEY_get0_private_key(eckey); -@@ -366,6 +377,13 @@ int ossl_ecdsa_verify_sig(const unsigned +@@ -408,6 +419,13 @@ int ossl_ecdsa_verify_sig(const unsigned const EC_GROUP *group; const EC_POINT *pub_key; @@ -718,11 +704,11 @@ diff -up openssl-1.1.0h/crypto/ec/ecdsa_ossl.c.fips openssl-1.1.0h/crypto/ec/ecd /* check input values */ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { -diff -up openssl-1.1.0h/crypto/ec/ec_key.c.fips openssl-1.1.0h/crypto/ec/ec_key.c ---- openssl-1.1.0h/crypto/ec/ec_key.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/ec/ec_key.c 2018-03-29 14:44:24.630236736 +0200 -@@ -177,14 +177,61 @@ int EC_KEY_up_ref(EC_KEY *r) - return ((i > 1) ? 1 : 0); +diff -up openssl-1.1.1-pre8/crypto/ec/ec_key.c.fips openssl-1.1.1-pre8/crypto/ec/ec_key.c +--- openssl-1.1.1-pre8/crypto/ec/ec_key.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/ec/ec_key.c 2018-07-25 17:26:58.403624656 +0200 +@@ -178,14 +178,62 @@ ENGINE *EC_KEY_get0_engine(const EC_KEY + return eckey->engine; } +#ifdef OPENSSL_FIPS @@ -763,7 +749,7 @@ diff -up openssl-1.1.0h/crypto/ec/ec_key.c.fips openssl-1.1.0h/crypto/ec/ec_key. { +#ifdef OPENSSL_FIPS + if (FIPS_selftest_failed()) { -+ FIPSerr(EC_F_EC_KEY_GENERATE_KEY, FIPS_R_FIPS_SELFTEST_FAILED); ++ ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_NOT_INITIALIZED); + return 0; + } +#endif @@ -775,6 +761,7 @@ diff -up openssl-1.1.0h/crypto/ec/ec_key.c.fips openssl-1.1.0h/crypto/ec/ec_key. - return eckey->meth->keygen(eckey); + if (eckey->meth->keygen != NULL) { + int rv = eckey->meth->keygen(eckey); ++ +#ifdef OPENSSL_FIPS + if (rv > 0 && FIPS_mode()) { + rv = fips_check_ec(eckey); @@ -785,22 +772,9 @@ diff -up openssl-1.1.0h/crypto/ec/ec_key.c.fips openssl-1.1.0h/crypto/ec/ec_key. ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); return 0; } -diff -up openssl-1.1.0h/crypto/err/err_all.c.fips openssl-1.1.0h/crypto/err/err_all.c ---- openssl-1.1.0h/crypto/err/err_all.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/err/err_all.c 2018-03-29 14:44:24.630236736 +0200 -@@ -43,9 +43,6 @@ - int err_load_crypto_strings_int(void) - { - if ( --#ifdef OPENSSL_FIPS -- FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata) == 0 || --#endif - #ifndef OPENSSL_NO_ERR - ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */ - ERR_load_BN_strings() == 0 || -diff -up openssl-1.1.0h/crypto/evp/c_allc.c.fips openssl-1.1.0h/crypto/evp/c_allc.c ---- openssl-1.1.0h/crypto/evp/c_allc.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/c_allc.c 2018-03-29 14:44:24.630236736 +0200 +diff -up openssl-1.1.1-pre8/crypto/evp/c_allc.c.fips openssl-1.1.1-pre8/crypto/evp/c_allc.c +--- openssl-1.1.1-pre8/crypto/evp/c_allc.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/evp/c_allc.c 2018-07-25 17:26:58.404624680 +0200 @@ -17,6 +17,9 @@ void openssl_add_all_ciphers_int(void) { @@ -811,7 +785,7 @@ diff -up openssl-1.1.0h/crypto/evp/c_allc.c.fips openssl-1.1.0h/crypto/evp/c_all #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cfb()); EVP_add_cipher(EVP_des_cfb1()); -@@ -217,4 +220,70 @@ void openssl_add_all_ciphers_int(void) +@@ -263,4 +266,70 @@ void openssl_add_all_ciphers_int(void) EVP_add_cipher(EVP_chacha20_poly1305()); # endif #endif @@ -882,9 +856,9 @@ diff -up openssl-1.1.0h/crypto/evp/c_allc.c.fips openssl-1.1.0h/crypto/evp/c_all + } +#endif } -diff -up openssl-1.1.0h/crypto/evp/c_alld.c.fips openssl-1.1.0h/crypto/evp/c_alld.c ---- openssl-1.1.0h/crypto/evp/c_alld.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/c_alld.c 2018-03-29 14:44:24.630236736 +0200 +diff -up openssl-1.1.1-pre8/crypto/evp/c_alld.c.fips openssl-1.1.1-pre8/crypto/evp/c_alld.c +--- openssl-1.1.1-pre8/crypto/evp/c_alld.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/evp/c_alld.c 2018-07-25 17:26:58.404624680 +0200 @@ -16,6 +16,9 @@ void openssl_add_all_digests_int(void) @@ -895,12 +869,13 @@ diff -up openssl-1.1.0h/crypto/evp/c_alld.c.fips openssl-1.1.0h/crypto/evp/c_all #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif -@@ -46,4 +49,15 @@ void openssl_add_all_digests_int(void) - EVP_add_digest(EVP_blake2b512()); - EVP_add_digest(EVP_blake2s256()); - #endif +@@ -57,4 +60,24 @@ void openssl_add_all_digests_int(void) + EVP_add_digest(EVP_sha3_512()); + EVP_add_digest(EVP_shake128()); + EVP_add_digest(EVP_shake256()); +#ifdef OPENSSL_FIPS + } else { ++ EVP_add_digest(EVP_md5_sha1()); + EVP_add_digest(EVP_sha1()); + EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); + EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); @@ -908,12 +883,20 @@ diff -up openssl-1.1.0h/crypto/evp/c_alld.c.fips openssl-1.1.0h/crypto/evp/c_all + EVP_add_digest(EVP_sha256()); + EVP_add_digest(EVP_sha384()); + EVP_add_digest(EVP_sha512()); ++ EVP_add_digest(EVP_sha512_224()); ++ EVP_add_digest(EVP_sha512_256()); ++ EVP_add_digest(EVP_sha3_224()); ++ EVP_add_digest(EVP_sha3_256()); ++ EVP_add_digest(EVP_sha3_384()); ++ EVP_add_digest(EVP_sha3_512()); ++ EVP_add_digest(EVP_shake128()); ++ EVP_add_digest(EVP_shake256()); + } +#endif } -diff -up openssl-1.1.0h/crypto/evp/digest.c.fips openssl-1.1.0h/crypto/evp/digest.c ---- openssl-1.1.0h/crypto/evp/digest.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/digest.c 2018-03-29 14:44:24.630236736 +0200 +diff -up openssl-1.1.1-pre8/crypto/evp/digest.c.fips openssl-1.1.1-pre8/crypto/evp/digest.c +--- openssl-1.1.1-pre8/crypto/evp/digest.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/evp/digest.c 2018-07-25 17:26:58.404624680 +0200 @@ -14,6 +14,9 @@ #include #include "internal/evp_int.h" @@ -973,10 +956,10 @@ diff -up openssl-1.1.0h/crypto/evp/digest.c.fips openssl-1.1.0h/crypto/evp/diges OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); if (size != NULL) -diff -up openssl-1.1.0h/crypto/evp/e_aes.c.fips openssl-1.1.0h/crypto/evp/e_aes.c ---- openssl-1.1.0h/crypto/evp/e_aes.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/e_aes.c 2018-03-29 14:44:24.631236760 +0200 -@@ -1263,9 +1263,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX +diff -up openssl-1.1.1-pre8/crypto/evp/e_aes.c.fips openssl-1.1.1-pre8/crypto/evp/e_aes.c +--- openssl-1.1.1-pre8/crypto/evp/e_aes.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/evp/e_aes.c 2018-07-25 17:26:58.404624680 +0200 +@@ -2776,9 +2776,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX return 1; } @@ -989,7 +972,7 @@ diff -up openssl-1.1.0h/crypto/evp/e_aes.c.fips openssl-1.1.0h/crypto/evp/e_aes. static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) { -@@ -1311,6 +1311,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * +@@ -2824,6 +2824,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX * case EVP_CTRL_AEAD_SET_IVLEN: if (arg <= 0) return 0; @@ -1000,8 +983,8 @@ diff -up openssl-1.1.0h/crypto/evp/e_aes.c.fips openssl-1.1.0h/crypto/evp/e_aes. +# endif /* Allocate memory for IV if needed */ if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { - if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c)) -@@ -1771,11 +1776,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX + if (gctx->iv != c->iv) +@@ -3273,11 +3278,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX | EVP_CIPH_CUSTOM_COPY) BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, @@ -1019,7 +1002,7 @@ diff -up openssl-1.1.0h/crypto/evp/e_aes.c.fips openssl-1.1.0h/crypto/evp/e_aes. static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { -@@ -1910,6 +1918,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX +@@ -3412,6 +3420,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX return 0; if (!out || !in || len < AES_BLOCK_SIZE) return 0; @@ -1034,7 +1017,7 @@ diff -up openssl-1.1.0h/crypto/evp/e_aes.c.fips openssl-1.1.0h/crypto/evp/e_aes. if (xctx->stream) (*xctx->stream) (in, out, len, xctx->xts.key1, xctx->xts.key2, -@@ -1927,8 +1943,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX +@@ -3429,8 +3445,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ | EVP_CIPH_CUSTOM_COPY) @@ -1047,7 +1030,7 @@ diff -up openssl-1.1.0h/crypto/evp/e_aes.c.fips openssl-1.1.0h/crypto/evp/e_aes. static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { -@@ -2192,11 +2210,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX +@@ -3695,11 +3713,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX #define aes_ccm_cleanup NULL BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, @@ -1062,7 +1045,7 @@ diff -up openssl-1.1.0h/crypto/evp/e_aes.c.fips openssl-1.1.0h/crypto/evp/e_aes. typedef struct { union { -@@ -2289,7 +2307,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT +@@ -3792,7 +3810,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT return rv ? (int)rv : -1; } @@ -1071,9 +1054,9 @@ diff -up openssl-1.1.0h/crypto/evp/e_aes.c.fips openssl-1.1.0h/crypto/evp/e_aes. | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) -diff -up openssl-1.1.0h/crypto/evp/e_des3.c.fips openssl-1.1.0h/crypto/evp/e_des3.c ---- openssl-1.1.0h/crypto/evp/e_des3.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/e_des3.c 2018-03-29 14:44:24.631236760 +0200 +diff -up openssl-1.1.1-pre8/crypto/evp/e_des3.c.fips openssl-1.1.1-pre8/crypto/evp/e_des3.c +--- openssl-1.1.1-pre8/crypto/evp/e_des3.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/evp/e_des3.c 2018-07-25 17:26:58.405624704 +0200 @@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, # define des_ede3_cbc_cipher des_ede_cbc_cipher # define des_ede3_ecb_cipher des_ede_ecb_cipher @@ -1100,9 +1083,9 @@ diff -up openssl-1.1.0h/crypto/evp/e_des3.c.fips openssl-1.1.0h/crypto/evp/e_des static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) -diff -up openssl-1.1.0h/crypto/evp/e_null.c.fips openssl-1.1.0h/crypto/evp/e_null.c ---- openssl-1.1.0h/crypto/evp/e_null.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/e_null.c 2018-03-29 14:44:24.631236760 +0200 +diff -up openssl-1.1.1-pre8/crypto/evp/e_null.c.fips openssl-1.1.1-pre8/crypto/evp/e_null.c +--- openssl-1.1.1-pre8/crypto/evp/e_null.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/evp/e_null.c 2018-07-25 17:26:58.405624704 +0200 @@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { @@ -1113,10 +1096,10 @@ diff -up openssl-1.1.0h/crypto/evp/e_null.c.fips openssl-1.1.0h/crypto/evp/e_nul null_init_key, null_cipher, NULL, -diff -up openssl-1.1.0h/crypto/evp/evp_enc.c.fips openssl-1.1.0h/crypto/evp/evp_enc.c ---- openssl-1.1.0h/crypto/evp/evp_enc.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/evp_enc.c 2018-03-29 14:44:24.631236760 +0200 -@@ -16,10 +16,19 @@ +diff -up openssl-1.1.1-pre8/crypto/evp/evp_enc.c.fips openssl-1.1.1-pre8/crypto/evp/evp_enc.c +--- openssl-1.1.1-pre8/crypto/evp/evp_enc.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/evp/evp_enc.c 2018-07-25 17:26:58.405624704 +0200 +@@ -17,10 +17,19 @@ #include #include "internal/evp_int.h" #include "evp_locl.h" @@ -1137,7 +1120,7 @@ diff -up openssl-1.1.0h/crypto/evp/evp_enc.c.fips openssl-1.1.0h/crypto/evp/evp_ return 1; if (c->cipher != NULL) { if (c->cipher->cleanup && !c->cipher->cleanup(c)) -@@ -38,6 +47,12 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX +@@ -39,6 +48,12 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { @@ -1150,7 +1133,7 @@ diff -up openssl-1.1.0h/crypto/evp/evp_enc.c.fips openssl-1.1.0h/crypto/evp/evp_ return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX)); } -@@ -66,6 +81,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -67,6 +82,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct enc = 1; ctx->encrypt = enc; } @@ -1163,7 +1146,7 @@ diff -up openssl-1.1.0h/crypto/evp/evp_enc.c.fips openssl-1.1.0h/crypto/evp/evp_ #ifndef OPENSSL_NO_ENGINE /* * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so -@@ -135,7 +156,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -136,7 +157,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct } ctx->key_len = cipher->key_len; /* Preserve wrap enable flag, zero everything else */ @@ -1172,7 +1155,7 @@ diff -up openssl-1.1.0h/crypto/evp/evp_enc.c.fips openssl-1.1.0h/crypto/evp/evp_ if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { ctx->cipher = NULL; -@@ -194,6 +215,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct +@@ -195,6 +216,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct return 0; } } @@ -1191,37 +1174,37 @@ diff -up openssl-1.1.0h/crypto/evp/evp_enc.c.fips openssl-1.1.0h/crypto/evp/evp_ if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if (!ctx->cipher->init(ctx, key, iv, enc)) -diff -up openssl-1.1.0h/crypto/evp/evp_err.c.fips openssl-1.1.0h/crypto/evp/evp_err.c ---- openssl-1.1.0h/crypto/evp/evp_err.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/evp_err.c 2018-03-29 14:44:24.631236760 +0200 -@@ -24,6 +24,7 @@ static ERR_STRING_DATA EVP_str_functs[] - {ERR_FUNC(EVP_F_AES_OCB_CIPHER), "aes_ocb_cipher"}, - {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"}, - {ERR_FUNC(EVP_F_AES_WRAP_CIPHER), "aes_wrap_cipher"}, -+ {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "aes_xts_cipher"}, - {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"}, - {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"}, - {ERR_FUNC(EVP_F_CHACHA20_POLY1305_CTRL), "chacha20_poly1305_ctrl"}, -@@ -111,6 +112,7 @@ static ERR_STRING_DATA EVP_str_reasons[] - {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"}, - {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"}, - {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"}, -+ {ERR_REASON(EVP_R_DISABLED_FOR_FIPS), "disabled for FIPS"}, - {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"}, - {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"}, - {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"}, -@@ -150,6 +152,7 @@ static ERR_STRING_DATA EVP_str_reasons[] - {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, - {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, - {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, -+ {ERR_REASON(EVP_R_TOO_LARGE), "too large"}, - {ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, - {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"}, - {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"}, -diff -up openssl-1.1.0h/crypto/evp/evp_lib.c.fips openssl-1.1.0h/crypto/evp/evp_lib.c ---- openssl-1.1.0h/crypto/evp/evp_lib.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/evp_lib.c 2018-03-29 14:44:24.631236760 +0200 -@@ -180,6 +180,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C +diff -up openssl-1.1.1-pre8/crypto/evp/evp_err.c.fips openssl-1.1.1-pre8/crypto/evp/evp_err.c +--- openssl-1.1.1-pre8/crypto/evp/evp_err.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/evp/evp_err.c 2018-07-25 17:26:58.405624704 +0200 +@@ -20,6 +20,7 @@ static const ERR_STRING_DATA EVP_str_fun + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"}, ++ {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_CIPHER, 0), "aes_xts_cipher"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_CTRL, 0), "aria_gcm_ctrl"}, +@@ -177,6 +178,7 @@ static const ERR_STRING_DATA EVP_str_rea + "different key types"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS), + "different parameters"}, ++ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DISABLED_FOR_FIPS), "disabled for FIPS"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION), + "error loading section"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE), +@@ -239,6 +241,7 @@ static const ERR_STRING_DATA EVP_str_rea + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR), + "private key encode error"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, ++ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_TOO_LARGE), "too large"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"}, +diff -up openssl-1.1.1-pre8/crypto/evp/evp_lib.c.fips openssl-1.1.1-pre8/crypto/evp/evp_lib.c +--- openssl-1.1.1-pre8/crypto/evp/evp_lib.c.fips 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/evp/evp_lib.c 2018-07-25 17:26:58.405624704 +0200 +@@ -192,6 +192,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { @@ -1231,10 +1214,10 @@ diff -up openssl-1.1.0h/crypto/evp/evp_lib.c.fips openssl-1.1.0h/crypto/evp/evp_ return ctx->cipher->do_cipher(ctx, out, in, inl); } -diff -up openssl-1.1.0h/crypto/evp/m_sha1.c.fips openssl-1.1.0h/crypto/evp/m_sha1.c ---- openssl-1.1.0h/crypto/evp/m_sha1.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/evp/m_sha1.c 2018-03-29 15:04:23.512375176 +0200 -@@ -94,7 +94,7 @@ static const EVP_MD sha1_md = { +diff -up openssl-1.1.1-pre8/crypto/evp/m_sha1.c.fips openssl-1.1.1-pre8/crypto/evp/m_sha1.c +--- openssl-1.1.1-pre8/crypto/evp/m_sha1.c.fips 2018-06-20 16:48:11.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/evp/m_sha1.c 2018-07-25 17:26:58.405624704 +0200 +@@ -95,7 +95,7 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, SHA_DIGEST_LENGTH, @@ -1243,7 +1226,7 @@ diff -up openssl-1.1.0h/crypto/evp/m_sha1.c.fips openssl-1.1.0h/crypto/evp/m_sha init, update, final, -@@ -144,7 +144,7 @@ static const EVP_MD sha224_md = { +@@ -145,7 +145,7 @@ static const EVP_MD sha224_md = { NID_sha224, NID_sha224WithRSAEncryption, SHA224_DIGEST_LENGTH, @@ -1252,7 +1235,7 @@ diff -up openssl-1.1.0h/crypto/evp/m_sha1.c.fips openssl-1.1.0h/crypto/evp/m_sha init224, update224, final224, -@@ -163,7 +163,7 @@ static const EVP_MD sha256_md = { +@@ -164,7 +164,7 @@ static const EVP_MD sha256_md = { NID_sha256, NID_sha256WithRSAEncryption, SHA256_DIGEST_LENGTH, @@ -1261,7 +1244,25 @@ diff -up openssl-1.1.0h/crypto/evp/m_sha1.c.fips openssl-1.1.0h/crypto/evp/m_sha init256, update256, final256, -@@ -213,7 +213,7 @@ static const EVP_MD sha384_md = { +@@ -224,7 +224,7 @@ static const EVP_MD sha512_224_md = { + NID_sha512_224, + NID_sha512_224WithRSAEncryption, + SHA224_DIGEST_LENGTH, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, + init512_224, + update512, + final512, +@@ -243,7 +243,7 @@ static const EVP_MD sha512_256_md = { + NID_sha512_256, + NID_sha512_256WithRSAEncryption, + SHA256_DIGEST_LENGTH, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS, + init512_256, + update512, + final512, +@@ -262,7 +262,7 @@ static const EVP_MD sha384_md = { NID_sha384, NID_sha384WithRSAEncryption, SHA384_DIGEST_LENGTH, @@ -1270,7 +1271,7 @@ diff -up openssl-1.1.0h/crypto/evp/m_sha1.c.fips openssl-1.1.0h/crypto/evp/m_sha init384, update384, final384, -@@ -232,7 +232,7 @@ static const EVP_MD sha512_md = { +@@ -281,7 +281,7 @@ static const EVP_MD sha512_md = { NID_sha512, NID_sha512WithRSAEncryption, SHA512_DIGEST_LENGTH, @@ -1279,9 +1280,9 @@ diff -up openssl-1.1.0h/crypto/evp/m_sha1.c.fips openssl-1.1.0h/crypto/evp/m_sha init512, update512, final512, -diff -up openssl-1.1.0h/crypto/fips/build.info.fips openssl-1.1.0h/crypto/fips/build.info ---- openssl-1.1.0h/crypto/fips/build.info.fips 2018-03-29 14:44:24.632236783 +0200 -+++ openssl-1.1.0h/crypto/fips/build.info 2018-03-29 14:44:24.632236783 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/build.info.fips openssl-1.1.1-pre8/crypto/fips/build.info +--- openssl-1.1.1-pre8/crypto/fips/build.info.fips 2018-07-25 17:26:58.405624704 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/build.info 2018-07-25 17:26:58.405624704 +0200 @@ -0,0 +1,15 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ @@ -1298,9 +1299,9 @@ diff -up openssl-1.1.0h/crypto/fips/build.info.fips openssl-1.1.0h/crypto/fips/b +SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c +INCLUDE[fips_standalone_hmac]=../../include +DEPEND[fips_standalone_hmac]=../../libcrypto -diff -up openssl-1.1.0h/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_aes_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_aes_selftest.c.fips 2018-03-29 14:44:24.632236783 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_aes_selftest.c 2018-03-29 14:44:24.632236783 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.1-pre8/crypto/fips/fips_aes_selftest.c +--- openssl-1.1.1-pre8/crypto/fips/fips_aes_selftest.c.fips 2018-07-25 17:26:58.406624728 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_aes_selftest.c 2018-07-25 17:26:58.405624704 +0200 @@ -0,0 +1,372 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -1674,9 +1675,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_aes_selftest.c.fips openssl-1.1.0h/cryp +} + +#endif -diff -up openssl-1.1.0h/crypto/fips/fips.c.fips openssl-1.1.0h/crypto/fips/fips.c ---- openssl-1.1.0h/crypto/fips/fips.c.fips 2018-03-29 14:44:24.632236783 +0200 -+++ openssl-1.1.0h/crypto/fips/fips.c 2018-03-29 14:44:24.632236783 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips.c.fips openssl-1.1.1-pre8/crypto/fips/fips.c +--- openssl-1.1.1-pre8/crypto/fips/fips.c.fips 2018-07-25 17:26:58.406624728 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips.c 2018-07-25 17:26:58.406624728 +0200 @@ -0,0 +1,526 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2204,9 +2205,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips.c.fips openssl-1.1.0h/crypto/fips/fips. +} + +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c.fips 2018-03-29 14:44:24.632236783 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c 2018-03-29 14:44:24.632236783 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.1-pre8/crypto/fips/fips_cmac_selftest.c +--- openssl-1.1.1-pre8/crypto/fips/fips_cmac_selftest.c.fips 2018-07-25 17:26:58.406624728 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_cmac_selftest.c 2018-07-25 17:26:58.406624728 +0200 @@ -0,0 +1,156 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2364,9 +2365,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_cmac_selftest.c.fips openssl-1.1.0h/cry + return rv; +} +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_des_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_des_selftest.c.fips 2018-03-29 14:44:24.632236783 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_des_selftest.c 2018-03-29 14:44:24.632236783 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_des_selftest.c.fips openssl-1.1.1-pre8/crypto/fips/fips_des_selftest.c +--- openssl-1.1.1-pre8/crypto/fips/fips_des_selftest.c.fips 2018-07-25 17:26:58.406624728 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_des_selftest.c 2018-07-25 17:26:58.406624728 +0200 @@ -0,0 +1,133 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -2501,9 +2502,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_des_selftest.c.fips openssl-1.1.0h/cryp + return ret; +} +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_dh_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_dh_selftest.c.fips 2018-03-29 14:44:24.633236807 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_dh_selftest.c 2018-03-29 14:44:24.633236807 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.1-pre8/crypto/fips/fips_dh_selftest.c +--- openssl-1.1.1-pre8/crypto/fips/fips_dh_selftest.c.fips 2018-07-25 17:26:58.406624728 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_dh_selftest.c 2018-07-25 17:26:58.406624728 +0200 @@ -0,0 +1,180 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -2685,9 +2686,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_dh_selftest.c.fips openssl-1.1.0h/crypt + return ret; +} +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c ---- openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c.fips 2018-03-29 14:44:24.633236807 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c 2018-03-29 14:44:24.633236807 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.1-pre8/crypto/fips/fips_drbg_ctr.c +--- openssl-1.1.1-pre8/crypto/fips/fips_drbg_ctr.c.fips 2018-07-25 17:26:58.406624728 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_drbg_ctr.c 2018-07-25 17:26:58.406624728 +0200 @@ -0,0 +1,415 @@ +/* fips/rand/fips_drbg_ctr.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3104,9 +3105,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_drbg_ctr.c.fips openssl-1.1.0h/crypto/f + + return 1; +} -diff -up openssl-1.1.0h/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_hash.c ---- openssl-1.1.0h/crypto/fips/fips_drbg_hash.c.fips 2018-03-29 14:44:24.633236807 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_drbg_hash.c 2018-03-29 14:44:24.633236807 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.1-pre8/crypto/fips/fips_drbg_hash.c +--- openssl-1.1.1-pre8/crypto/fips/fips_drbg_hash.c.fips 2018-07-25 17:26:58.406624728 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_drbg_hash.c 2018-07-25 17:26:58.406624728 +0200 @@ -0,0 +1,361 @@ +/* fips/rand/fips_drbg_hash.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3469,9 +3470,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_drbg_hash.c.fips openssl-1.1.0h/crypto/ + + return 1; +} -diff -up openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c ---- openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c.fips 2018-03-29 14:44:24.633236807 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c 2018-03-29 14:44:24.633236807 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.1-pre8/crypto/fips/fips_drbg_hmac.c +--- openssl-1.1.1-pre8/crypto/fips/fips_drbg_hmac.c.fips 2018-07-25 17:26:58.407624752 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_drbg_hmac.c 2018-07-25 17:26:58.407624752 +0200 @@ -0,0 +1,272 @@ +/* fips/rand/fips_drbg_hmac.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -3745,9 +3746,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_drbg_hmac.c.fips openssl-1.1.0h/crypto/ + + return 1; +} -diff -up openssl-1.1.0h/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_lib.c ---- openssl-1.1.0h/crypto/fips/fips_drbg_lib.c.fips 2018-03-29 14:44:24.633236807 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_drbg_lib.c 2018-03-29 14:44:24.633236807 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.1-pre8/crypto/fips/fips_drbg_lib.c +--- openssl-1.1.1-pre8/crypto/fips/fips_drbg_lib.c.fips 2018-07-25 17:26:58.407624752 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_drbg_lib.c 2018-07-25 17:26:58.407624752 +0200 @@ -0,0 +1,555 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -4304,9 +4305,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_drbg_lib.c.fips openssl-1.1.0h/crypto/f + memcpy(dctx->lb, out, dctx->blocklength); + return 1; +} -diff -up openssl-1.1.0h/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_rand.c ---- openssl-1.1.0h/crypto/fips/fips_drbg_rand.c.fips 2018-03-29 14:44:24.633236807 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_drbg_rand.c 2018-03-29 14:44:24.633236807 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.1-pre8/crypto/fips/fips_drbg_rand.c +--- openssl-1.1.1-pre8/crypto/fips/fips_drbg_rand.c.fips 2018-07-25 17:26:58.407624752 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_drbg_rand.c 2018-07-25 17:26:58.407624752 +0200 @@ -0,0 +1,183 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -4491,9 +4492,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_drbg_rand.c.fips openssl-1.1.0h/crypto/ +{ + return &rand_drbg_meth; +} -diff -up openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c.fips 2018-03-29 14:44:24.634236830 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c 2018-03-29 14:44:24.634236830 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.1-pre8/crypto/fips/fips_drbg_selftest.c +--- openssl-1.1.1-pre8/crypto/fips/fips_drbg_selftest.c.fips 2018-07-25 17:26:58.407624752 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_drbg_selftest.c 2018-07-25 17:26:58.407624752 +0200 @@ -0,0 +1,828 @@ +/* fips/rand/fips_drbg_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -5323,9 +5324,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_drbg_selftest.c.fips openssl-1.1.0h/cry + FIPS_drbg_free(dctx); + return rv; +} -diff -up openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h ---- openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h.fips 2018-03-29 14:44:24.634236830 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h 2018-03-29 14:44:24.634236830 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.1-pre8/crypto/fips/fips_drbg_selftest.h +--- openssl-1.1.1-pre8/crypto/fips/fips_drbg_selftest.h.fips 2018-07-25 17:26:58.408624776 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_drbg_selftest.h 2018-07-25 17:26:58.408624776 +0200 @@ -0,0 +1,1791 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7118,9 +7119,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_drbg_selftest.h.fips openssl-1.1.0h/cry + 0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79, + 0xc2, 0xd6, 0xfd, 0xa5 +}; -diff -up openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c.fips 2018-03-29 14:44:24.634236830 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c 2018-03-29 14:44:24.634236830 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.1-pre8/crypto/fips/fips_dsa_selftest.c +--- openssl-1.1.1-pre8/crypto/fips/fips_dsa_selftest.c.fips 2018-07-25 17:26:58.408624776 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_dsa_selftest.c 2018-07-25 17:26:58.408624776 +0200 @@ -0,0 +1,195 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -7317,9 +7318,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_dsa_selftest.c.fips openssl-1.1.0h/cryp + return ret; +} +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c.fips 2018-03-29 14:44:24.635236854 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.1-pre8/crypto/fips/fips_ecdh_selftest.c +--- openssl-1.1.1-pre8/crypto/fips/fips_ecdh_selftest.c.fips 2018-07-25 17:26:58.408624776 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_ecdh_selftest.c 2018-07-25 17:26:58.408624776 +0200 @@ -0,0 +1,242 @@ +/* fips/ecdh/fips_ecdh_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7563,9 +7564,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_ecdh_selftest.c.fips openssl-1.1.0h/cry +} + +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c.fips 2018-03-29 14:44:24.635236854 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.1-pre8/crypto/fips/fips_ecdsa_selftest.c +--- openssl-1.1.1-pre8/crypto/fips/fips_ecdsa_selftest.c.fips 2018-07-25 17:26:58.408624776 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_ecdsa_selftest.c 2018-07-25 17:26:58.408624776 +0200 @@ -0,0 +1,166 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -7733,9 +7734,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_ecdsa_selftest.c.fips openssl-1.1.0h/cr +} + +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_enc.c.fips openssl-1.1.0h/crypto/fips/fips_enc.c ---- openssl-1.1.0h/crypto/fips/fips_enc.c.fips 2018-03-29 14:44:24.635236854 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_enc.c 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_enc.c.fips openssl-1.1.1-pre8/crypto/fips/fips_enc.c +--- openssl-1.1.1-pre8/crypto/fips/fips_enc.c.fips 2018-07-25 17:26:58.408624776 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_enc.c 2018-07-25 17:26:58.408624776 +0200 @@ -0,0 +1,189 @@ +/* fipe/evp/fips_enc.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -7926,9 +7927,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_enc.c.fips openssl-1.1.0h/crypto/fips/f + + } +} -diff -up openssl-1.1.0h/crypto/fips/fips_err.h.fips openssl-1.1.0h/crypto/fips/fips_err.h ---- openssl-1.1.0h/crypto/fips/fips_err.h.fips 2018-03-29 14:44:24.635236854 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_err.h 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_err.h.fips openssl-1.1.1-pre8/crypto/fips/fips_err.h +--- openssl-1.1.1-pre8/crypto/fips/fips_err.h.fips 2018-07-25 17:26:58.408624776 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_err.h 2018-07-25 17:26:58.408624776 +0200 @@ -0,0 +1,196 @@ +/* crypto/fips_err.h */ +/* ==================================================================== @@ -8126,9 +8127,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_err.h.fips openssl-1.1.0h/crypto/fips/f +#endif + return 1; +} -diff -up openssl-1.1.0h/crypto/fips/fips_ers.c.fips openssl-1.1.0h/crypto/fips/fips_ers.c ---- openssl-1.1.0h/crypto/fips/fips_ers.c.fips 2018-03-29 14:44:24.635236854 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_ers.c 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_ers.c.fips openssl-1.1.1-pre8/crypto/fips/fips_ers.c +--- openssl-1.1.1-pre8/crypto/fips/fips_ers.c.fips 2018-07-25 17:26:58.408624776 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_ers.c 2018-07-25 17:26:58.408624776 +0200 @@ -0,0 +1,7 @@ +#include + @@ -8137,9 +8138,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_ers.c.fips openssl-1.1.0h/crypto/fips/f +#else +static void *dummy = &dummy; +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c.fips 2018-03-29 14:44:24.635236854 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.1-pre8/crypto/fips/fips_hmac_selftest.c +--- openssl-1.1.1-pre8/crypto/fips/fips_hmac_selftest.c.fips 2018-07-25 17:26:58.409624800 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_hmac_selftest.c 2018-07-25 17:26:58.409624800 +0200 @@ -0,0 +1,134 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. @@ -8275,9 +8276,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_hmac_selftest.c.fips openssl-1.1.0h/cry + return 1; +} +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_locl.h.fips openssl-1.1.0h/crypto/fips/fips_locl.h ---- openssl-1.1.0h/crypto/fips/fips_locl.h.fips 2018-03-29 14:44:24.635236854 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_locl.h 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_locl.h.fips openssl-1.1.1-pre8/crypto/fips/fips_locl.h +--- openssl-1.1.1-pre8/crypto/fips/fips_locl.h.fips 2018-07-25 17:26:58.409624800 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_locl.h 2018-07-25 17:26:58.409624800 +0200 @@ -0,0 +1,71 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8350,9 +8351,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_locl.h.fips openssl-1.1.0h/crypto/fips/ +} +# endif +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_md.c.fips openssl-1.1.0h/crypto/fips/fips_md.c ---- openssl-1.1.0h/crypto/fips/fips_md.c.fips 2018-03-29 14:44:24.635236854 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_md.c 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_md.c.fips openssl-1.1.1-pre8/crypto/fips/fips_md.c +--- openssl-1.1.1-pre8/crypto/fips/fips_md.c.fips 2018-07-25 17:26:58.409624800 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_md.c 2018-07-25 17:26:58.409624800 +0200 @@ -0,0 +1,144 @@ +/* fips/evp/fips_md.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) @@ -8498,9 +8499,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_md.c.fips openssl-1.1.0h/crypto/fips/fi + return NULL; + } +} -diff -up openssl-1.1.0h/crypto/fips/fips_post.c.fips openssl-1.1.0h/crypto/fips/fips_post.c ---- openssl-1.1.0h/crypto/fips/fips_post.c.fips 2018-03-29 14:44:24.636236877 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_post.c 2018-03-29 14:44:24.635236854 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_post.c.fips openssl-1.1.1-pre8/crypto/fips/fips_post.c +--- openssl-1.1.1-pre8/crypto/fips/fips_post.c.fips 2018-07-25 17:26:58.409624800 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_post.c 2018-07-25 17:26:58.409624800 +0200 @@ -0,0 +1,222 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -8724,9 +8725,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_post.c.fips openssl-1.1.0h/crypto/fips/ + return 1; +} +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0h/crypto/fips/fips_rand_lcl.h ---- openssl-1.1.0h/crypto/fips/fips_rand_lcl.h.fips 2018-03-29 14:44:24.636236877 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_rand_lcl.h 2018-03-29 14:44:24.636236877 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.1-pre8/crypto/fips/fips_rand_lcl.h +--- openssl-1.1.1-pre8/crypto/fips/fips_rand_lcl.h.fips 2018-07-25 17:26:58.409624800 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_rand_lcl.h 2018-07-25 17:26:58.409624800 +0200 @@ -0,0 +1,209 @@ +/* fips/rand/fips_rand_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL @@ -8937,9 +8938,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_rand_lcl.h.fips openssl-1.1.0h/crypto/f +#define FIPS_digestupdate EVP_DigestUpdate +#define FIPS_digestfinal EVP_DigestFinal +#define M_EVP_MD_size EVP_MD_size -diff -up openssl-1.1.0h/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0h/crypto/fips/fips_rand_lib.c ---- openssl-1.1.0h/crypto/fips/fips_rand_lib.c.fips 2018-03-29 14:44:24.636236877 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_rand_lib.c 2018-03-29 14:44:24.636236877 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_rand_lib.c.fips openssl-1.1.1-pre8/crypto/fips/fips_rand_lib.c +--- openssl-1.1.1-pre8/crypto/fips/fips_rand_lib.c.fips 2018-07-25 17:26:58.409624800 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_rand_lib.c 2018-07-25 17:26:58.409624800 +0200 @@ -0,0 +1,234 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. @@ -9175,9 +9176,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_rand_lib.c.fips openssl-1.1.0h/crypto/f +# endif +} + -diff -up openssl-1.1.0h/crypto/fips/fips_randtest.c.fips openssl-1.1.0h/crypto/fips/fips_randtest.c ---- openssl-1.1.0h/crypto/fips/fips_randtest.c.fips 2018-03-29 14:44:24.636236877 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_randtest.c 2018-03-29 14:44:24.636236877 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_randtest.c.fips openssl-1.1.1-pre8/crypto/fips/fips_randtest.c +--- openssl-1.1.1-pre8/crypto/fips/fips_randtest.c.fips 2018-07-25 17:26:58.409624800 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_randtest.c 2018-07-25 17:26:58.409624800 +0200 @@ -0,0 +1,247 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. @@ -9426,9 +9427,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_randtest.c.fips openssl-1.1.0h/crypto/f +} + +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c.fips 2018-03-29 14:44:24.636236877 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c 2018-03-29 14:44:24.636236877 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.1-pre8/crypto/fips/fips_rsa_selftest.c +--- openssl-1.1.1-pre8/crypto/fips/fips_rsa_selftest.c.fips 2018-07-25 17:26:58.410624824 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_rsa_selftest.c 2018-07-25 17:26:58.410624824 +0200 @@ -0,0 +1,578 @@ +/* ==================================================================== + * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved. @@ -10008,9 +10009,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_rsa_selftest.c.fips openssl-1.1.0h/cryp +} + +#endif /* def OPENSSL_FIPS */ -diff -up openssl-1.1.0h/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0h/crypto/fips/fips_sha_selftest.c ---- openssl-1.1.0h/crypto/fips/fips_sha_selftest.c.fips 2018-03-29 14:44:24.636236877 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_sha_selftest.c 2018-03-29 14:44:24.636236877 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.1-pre8/crypto/fips/fips_sha_selftest.c +--- openssl-1.1.1-pre8/crypto/fips/fips_sha_selftest.c.fips 2018-07-25 17:26:58.410624824 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_sha_selftest.c 2018-07-25 17:26:58.410624824 +0200 @@ -0,0 +1,138 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10150,9 +10151,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_sha_selftest.c.fips openssl-1.1.0h/cryp +} + +#endif -diff -up openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c ---- openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c.fips 2018-03-29 14:44:24.636236877 +0200 -+++ openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c 2018-03-29 14:44:24.636236877 +0200 +diff -up openssl-1.1.1-pre8/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.1-pre8/crypto/fips/fips_standalone_hmac.c +--- openssl-1.1.1-pre8/crypto/fips/fips_standalone_hmac.c.fips 2018-07-25 17:26:58.410624824 +0200 ++++ openssl-1.1.1-pre8/crypto/fips/fips_standalone_hmac.c 2018-07-25 17:26:58.410624824 +0200 @@ -0,0 +1,127 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10281,9 +10282,9 @@ diff -up openssl-1.1.0h/crypto/fips/fips_standalone_hmac.c.fips openssl-1.1.0h/c +#endif + return 0; +} -diff -up openssl-1.1.0h/crypto/hmac/hmac.c.fips openssl-1.1.0h/crypto/hmac/hmac.c ---- openssl-1.1.0h/crypto/hmac/hmac.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/hmac/hmac.c 2018-03-29 14:44:24.636236877 +0200 +diff -up openssl-1.1.1-pre8/crypto/hmac/hmac.c.fips openssl-1.1.1-pre8/crypto/hmac/hmac.c +--- openssl-1.1.1-pre8/crypto/hmac/hmac.c.fips 2018-06-20 16:48:11.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/hmac/hmac.c 2018-07-25 17:26:58.410624824 +0200 @@ -35,6 +35,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo } @@ -10297,10 +10298,10 @@ diff -up openssl-1.1.0h/crypto/hmac/hmac.c.fips openssl-1.1.0h/crypto/hmac/hmac. +#endif reset = 1; j = EVP_MD_block_size(md); - OPENSSL_assert(j <= (int)sizeof(ctx->key)); -diff -up openssl-1.1.0h/crypto/include/internal/fips_int.h.fips openssl-1.1.0h/crypto/include/internal/fips_int.h ---- openssl-1.1.0h/crypto/include/internal/fips_int.h.fips 2018-03-29 14:44:24.637236901 +0200 -+++ openssl-1.1.0h/crypto/include/internal/fips_int.h 2018-03-29 14:44:24.637236901 +0200 + if (!ossl_assert(j <= (int)sizeof(ctx->key))) +diff -up openssl-1.1.1-pre8/crypto/include/internal/fips_int.h.fips openssl-1.1.1-pre8/crypto/include/internal/fips_int.h +--- openssl-1.1.1-pre8/crypto/include/internal/fips_int.h.fips 2018-07-25 17:26:58.410624824 +0200 ++++ openssl-1.1.1-pre8/crypto/include/internal/fips_int.h 2018-07-25 17:26:58.410624824 +0200 @@ -0,0 +1,101 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -10403,57 +10404,54 @@ diff -up openssl-1.1.0h/crypto/include/internal/fips_int.h.fips openssl-1.1.0h/c +void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); + +#endif -diff -up openssl-1.1.0h/crypto/o_fips.c.fips openssl-1.1.0h/crypto/o_fips.c ---- openssl-1.1.0h/crypto/o_fips.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/o_fips.c 2018-03-29 14:44:24.637236901 +0200 -@@ -9,7 +9,10 @@ - - #include "internal/cryptlib.h" - #ifdef OPENSSL_FIPS -+# include - # include -+# include -+# include "internal/fips_int.h" - #endif +diff -up openssl-1.1.1-pre8/crypto/o_fips.c.fips openssl-1.1.1-pre8/crypto/o_fips.c +--- openssl-1.1.1-pre8/crypto/o_fips.c.fips 2018-06-20 16:48:11.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/o_fips.c 2018-07-25 17:26:58.410624824 +0200 +@@ -11,14 +11,25 @@ int FIPS_mode(void) -@@ -24,7 +27,15 @@ int FIPS_mode(void) + { ++#ifdef OPENSSL_FIPS ++ return FIPS_module_mode(); ++#else + /* This version of the library does not support FIPS mode. */ + return 0; ++#endif + } + int FIPS_mode_set(int r) { - #ifdef OPENSSL_FIPS -- return FIPS_module_mode_set(r); ++#ifdef OPENSSL_FIPS + if (r && FIPS_module_mode()) /* can be implicitly initialized by OPENSSL_init() */ + return 1; + if (!FIPS_module_mode_set(r)) + return 0; -+ if (r) -+ RAND_set_rand_method(FIPS_rand_get_method()); -+ else -+ RAND_set_rand_method(NULL); -+ return 1; - #else ++#else if (r == 0) return 1; -diff -up openssl-1.1.0h/crypto/o_init.c.fips openssl-1.1.0h/crypto/o_init.c ---- openssl-1.1.0h/crypto/o_init.c.fips 2018-03-27 15:50:38.000000000 +0200 -+++ openssl-1.1.0h/crypto/o_init.c 2018-03-29 14:44:24.637236901 +0200 -@@ -7,11 +7,50 @@ + CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED); + return 0; ++#endif + } +diff -up openssl-1.1.1-pre8/crypto/o_init.c.fips openssl-1.1.1-pre8/crypto/o_init.c +--- openssl-1.1.1-pre8/crypto/o_init.c.fips 2018-06-20 16:48:11.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/o_init.c 2018-07-25 17:26:58.410624824 +0200 +@@ -7,8 +7,68 @@ * https://www.openssl.org/source/license.html */ +/* for secure_getenv */ +#define _GNU_SOURCE - #include + #include "e_os.h" #include - #ifdef OPENSSL_FIPS --# include ++#ifdef OPENSSL_FIPS +# include +# include +# include +# include +# include +# include - # include ++# include +# include +# include "internal/fips_int.h" + @@ -10465,6 +10463,7 @@ diff -up openssl-1.1.0h/crypto/o_init.c.fips openssl-1.1.0h/crypto/o_init.c + int fd; + + /* Ensure the selftests always run */ ++ /* XXX: TO SOLVE - premature initialization due to selftests */ + FIPS_mode_set(1); + + if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { @@ -10486,228 +10485,60 @@ diff -up openssl-1.1.0h/crypto/o_init.c.fips openssl-1.1.0h/crypto/o_init.c + FIPS_selftest_check(); + } +} - #endif - - /* -@@ -19,16 +58,29 @@ - * sets FIPS callbacks - */ - --void OPENSSL_init(void) ++ ++/* ++ * Perform FIPS module power on selftest and automatic FIPS mode switch. ++ */ ++ +void __attribute__ ((constructor)) OPENSSL_init_library(void) - { - static int done = 0; - if (done) - return; - done = 1; - #ifdef OPENSSL_FIPS -- FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock); -- FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata); -- FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free); ++{ ++ static int done = 0; ++ if (done) ++ return; ++ done = 1; + if (!FIPS_module_installed()) { + return; + } - RAND_init_fips(); + init_fips_mode(); -+ if (!FIPS_mode()) { -+ /* Clean up prematurely set default rand method */ -+ RAND_set_rand_method(NULL); -+ } -+#endif -+#if 0 -+ fprintf(stderr, "Called OPENSSL_init\n"); - #endif - } -+ -+void OPENSSL_init(void) -+{ -+ OPENSSL_init_library(); +} -diff -up openssl-1.1.0h/crypto/rand/md_rand.c.fips openssl-1.1.0h/crypto/rand/md_rand.c ---- openssl-1.1.0h/crypto/rand/md_rand.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/rand/md_rand.c 2018-03-29 14:44:24.637236901 +0200 -@@ -360,7 +360,7 @@ static int rand_bytes(unsigned char *buf - CRYPTO_THREAD_unlock(rand_tmp_lock); - crypto_lock_rand = 1; ++#endif -- if (!initialized) { -+ if (!initialized || FIPS_mode()) { - RAND_poll(); - initialized = 1; - } -diff -up openssl-1.1.0h/crypto/rand/rand_err.c.fips openssl-1.1.0h/crypto/rand/rand_err.c ---- openssl-1.1.0h/crypto/rand/rand_err.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/rand/rand_err.c 2018-03-29 14:44:24.637236901 +0200 -@@ -20,10 +20,13 @@ - - static ERR_STRING_DATA RAND_str_functs[] = { - {ERR_FUNC(RAND_F_RAND_BYTES), "RAND_bytes"}, -+ {ERR_FUNC(RAND_F_RAND_INIT_FIPS), "RAND_init_fips"}, - {0, NULL} - }; - - static ERR_STRING_DATA RAND_str_reasons[] = { -+ {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG), "error initialising DRBG"}, -+ {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG), "error instantiating DRBG"}, - {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, - {0, NULL} - }; -diff -up openssl-1.1.0h/crypto/rand/rand_lcl.h.fips openssl-1.1.0h/crypto/rand/rand_lcl.h ---- openssl-1.1.0h/crypto/rand/rand_lcl.h.fips 2018-03-29 14:44:24.359230371 +0200 -+++ openssl-1.1.0h/crypto/rand/rand_lcl.h 2018-03-29 14:44:24.637236901 +0200 -@@ -10,7 +10,7 @@ - #ifndef HEADER_RAND_LCL_H - # define HEADER_RAND_LCL_H - --# define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */ -+# define ENTROPY_NEEDED 48 /* require 384 bits = 48 bytes of randomness */ - - # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) - # define USE_SHA1_RAND -diff -up openssl-1.1.0h/crypto/rand/rand_lib.c.fips openssl-1.1.0h/crypto/rand/rand_lib.c ---- openssl-1.1.0h/crypto/rand/rand_lib.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/rand/rand_lib.c 2018-03-29 14:44:24.637236901 +0200 -@@ -18,6 +18,8 @@ - #ifdef OPENSSL_FIPS - # include - # include -+# include "rand_lcl.h" -+# include "internal/fips_int.h" - #endif + /* + * Perform any essential OpenSSL initialization operations. Currently does +diff -up openssl-1.1.1-pre8/crypto/rand/rand_lib.c.fips openssl-1.1.1-pre8/crypto/rand/rand_lib.c +--- openssl-1.1.1-pre8/crypto/rand/rand_lib.c.fips 2018-06-20 16:48:11.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/rand/rand_lib.c 2018-07-25 17:26:58.410624824 +0200 +@@ -16,6 +16,10 @@ + #include "internal/thread_once.h" + #include "rand_lcl.h" + #include "e_os.h" ++#ifdef OPENSSL_FIPS ++# include ++# include ++#endif #ifndef OPENSSL_NO_ENGINE -@@ -162,3 +164,127 @@ int RAND_status(void) + /* non-NULL if default_RAND_meth is ENGINE-provided */ +@@ -778,3 +782,15 @@ int RAND_status(void) return meth->status(); return 0; } + +#ifdef OPENSSL_FIPS -+ -+/* -+ * FIPS DRBG initialisation code. This sets up the DRBG for use by the rest -+ * of OpenSSL. -+ */ -+ -+/* -+ * Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather -+ * entropy internally through RAND_poll(). -+ */ -+ -+static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, -+ int entropy, size_t min_len, size_t max_len) -+{ -+ /* Round up request to multiple of block size */ -+ min_len = ((min_len + 19) / 20) * 20; -+ *pout = OPENSSL_malloc(min_len); -+ if (!*pout) -+ return 0; -+ if (RAND_OpenSSL()->bytes(*pout, min_len) <= 0) { -+ OPENSSL_free(*pout); -+ *pout = NULL; -+ return 0; -+ } -+ return min_len; -+} -+ -+static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen) -+{ -+ if (out) { -+ OPENSSL_cleanse(out, olen); -+ OPENSSL_free(out); -+ } -+} -+ -+/* -+ * Set "additional input" when generating random data. This uses the current -+ * PID, a time value and a counter. -+ */ -+ -+static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout) -+{ -+ /* Use of static variables is OK as this happens under a lock */ -+ static unsigned char buf[16]; -+ static unsigned long counter; -+ FIPS_get_timevec(buf, &counter); -+ *pout = buf; -+ return sizeof(buf); -+} -+ -+/* -+ * RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is -+ * correctly seeded by RAND_poll(). -+ */ -+ -+static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen, -+ double entropy) -+{ -+ RAND_OpenSSL()->add(in, inlen, entropy); -+ if (FIPS_rand_status()) { -+ FIPS_drbg_reseed(ctx, NULL, 0); -+ } -+ return 1; -+} -+ -+static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen) -+{ -+ RAND_OpenSSL()->seed(in, inlen); -+ if (FIPS_rand_status()) { -+ FIPS_drbg_reseed(ctx, NULL, 0); -+ } -+ return 1; -+} -+ -+# ifndef OPENSSL_DRBG_DEFAULT_TYPE -+# define OPENSSL_DRBG_DEFAULT_TYPE NID_aes_256_ctr -+# endif -+# ifndef OPENSSL_DRBG_DEFAULT_FLAGS -+# define OPENSSL_DRBG_DEFAULT_FLAGS DRBG_FLAG_CTR_USE_DF -+# endif -+ -+static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE; -+static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS; -+ +void RAND_set_fips_drbg_type(int type, int flags) -+{ -+ fips_drbg_type = type; -+ fips_drbg_flags = flags; ++{ /* just a stub for ABI compatibility */ +} + +int RAND_init_fips(void) +{ -+ DRBG_CTX *dctx; -+ size_t plen; -+ unsigned char pers[32], *p; -+ -+ dctx = FIPS_get_default_drbg(); -+ if (dctx == NULL || -+ FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) { -+ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG); -+ return 0; -+ } -+ -+ FIPS_drbg_set_callbacks(dctx, -+ drbg_get_entropy, drbg_free_entropy, 20, -+ drbg_get_entropy, drbg_free_entropy); -+ FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0, -+ drbg_rand_seed, drbg_rand_add); -+ /* Personalisation string: a string followed by date time vector */ -+ strcpy((char *)pers, "OpenSSL DRBG2.0"); -+ plen = drbg_get_adin(dctx, &p); -+ memcpy(pers + 16, p, plen); -+ -+ if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0) { -+ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG); -+ return 0; -+ } -+ FIPS_rand_set_method(FIPS_drbg_method()); ++ /* just a stub for ABI compatibility */ + return 1; +} -+ +#endif -diff -up openssl-1.1.0h/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0h/crypto/rsa/rsa_crpt.c ---- openssl-1.1.0h/crypto/rsa/rsa_crpt.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/rsa/rsa_crpt.c 2018-03-29 14:44:24.637236901 +0200 -@@ -28,24 +28,52 @@ int RSA_size(const RSA *r) +diff -up openssl-1.1.1-pre8/crypto/rsa/rsa_crpt.c.fips openssl-1.1.1-pre8/crypto/rsa/rsa_crpt.c +--- openssl-1.1.1-pre8/crypto/rsa/rsa_crpt.c.fips 2018-06-20 16:48:11.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/rsa/rsa_crpt.c 2018-07-25 17:26:58.411624848 +0200 +@@ -27,24 +27,52 @@ int RSA_size(const RSA *r) int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -10718,7 +10549,7 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0h/crypto/rsa/rsa + return -1; + } +#endif - return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); + return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding); } int RSA_private_encrypt(int flen, const unsigned char *from, @@ -10731,7 +10562,7 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0h/crypto/rsa/rsa + return -1; + } +#endif - return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); + return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding); } int RSA_private_decrypt(int flen, const unsigned char *from, @@ -10744,7 +10575,7 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0h/crypto/rsa/rsa + return -1; + } +#endif - return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); + return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding); } int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, @@ -10757,61 +10588,84 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_crpt.c.fips openssl-1.1.0h/crypto/rsa/rsa + return -1; + } +#endif - return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); + return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding); } -diff -up openssl-1.1.0h/crypto/rsa/rsa_err.c.fips openssl-1.1.0h/crypto/rsa/rsa_err.c ---- openssl-1.1.0h/crypto/rsa/rsa_err.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/rsa/rsa_err.c 2018-03-29 14:44:24.638236924 +0200 -@@ -21,6 +21,7 @@ - static ERR_STRING_DATA RSA_str_functs[] = { - {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"}, - {ERR_FUNC(RSA_F_ENCODE_PKCS1), "encode_pkcs1"}, -+ {ERR_FUNC(RSA_F_FIPS_RSA_BUILTIN_KEYGEN), "fips_rsa_builtin_keygen"}, - {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "int_rsa_verify"}, - {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "old_rsa_priv_decode"}, - {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"}, -@@ -33,6 +34,7 @@ static ERR_STRING_DATA RSA_str_functs[] - {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, - {ERR_FUNC(RSA_F_RSA_CHECK_KEY_EX), "RSA_check_key_ex"}, - {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "rsa_cms_decrypt"}, -+ {ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX), "RSA_generate_key_ex"}, - {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "rsa_item_verify"}, - {ERR_FUNC(RSA_F_RSA_METH_DUP), "RSA_meth_dup"}, - {ERR_FUNC(RSA_F_RSA_METH_NEW), "RSA_meth_new"}, -@@ -76,8 +78,14 @@ static ERR_STRING_DATA RSA_str_functs[] - {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, - {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, - {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "rsa_priv_encode"}, -+ {ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT), "RSA_private_decrypt"}, -+ {ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"}, - {ERR_FUNC(RSA_F_RSA_PSS_TO_CTX), "rsa_pss_to_ctx"}, - {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "rsa_pub_decode"}, -+ {ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"}, -+ {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, -+ {ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"}, -+ {ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"}, - {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, - {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, - {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), -@@ -135,10 +143,13 @@ static ERR_STRING_DATA RSA_str_reasons[] - {ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"}, - {ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"}, - {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, -+ {ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD), "non FIPS rsa method"}, - {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING), - "null before block missing"}, - {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q), "n does not equal p q"}, - {ERR_REASON(RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"}, -+ {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), -+ "operation not allowed in FIPS mode"}, - {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), - "operation not supported for this keytype"}, - {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"}, -diff -up openssl-1.1.0h/crypto/rsa/rsa_gen.c.fips openssl-1.1.0h/crypto/rsa/rsa_gen.c ---- openssl-1.1.0h/crypto/rsa/rsa_gen.c.fips 2018-06-08 14:56:32.413411585 +0200 -+++ openssl-1.1.0h/crypto/rsa/rsa_gen.c 2018-06-18 14:51:57.773846354 +0200 -@@ -18,6 +18,75 @@ +diff -up openssl-1.1.1-pre8/crypto/rsa/rsa_err.c.fips openssl-1.1.1-pre8/crypto/rsa/rsa_err.c +--- openssl-1.1.1-pre8/crypto/rsa/rsa_err.c.fips 2018-06-20 16:48:11.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/rsa/rsa_err.c 2018-07-25 17:26:58.411624848 +0200 +@@ -16,6 +16,8 @@ + static const ERR_STRING_DATA RSA_str_functs[] = { + {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_ENCODE_PKCS1, 0), "encode_pkcs1"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_FIPS_RSA_BUILTIN_KEYGEN, 0), ++ "fips_rsa_builtin_keygen"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_INT_RSA_VERIFY, 0), "int_rsa_verify"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, 0), + "old_rsa_priv_decode"}, +@@ -32,6 +34,9 @@ static const ERR_STRING_DATA RSA_str_fun + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY_EX, 0), "RSA_check_key_ex"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_DECRYPT, 0), "rsa_cms_decrypt"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_VERIFY, 0), "rsa_cms_verify"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_KEY_EX, 0), "RSA_generate_key_ex"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_MULTI_PRIME_KEY, 0), ++ "RSA_generate_multi_prime_key"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ITEM_VERIFY, 0), "rsa_item_verify"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_DUP, 0), "RSA_meth_dup"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_NEW, 0), "RSA_meth_new"}, +@@ -90,9 +95,13 @@ static const ERR_STRING_DATA RSA_str_fun + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT_FP, 0), "RSA_print_fp"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_DECODE, 0), "rsa_priv_decode"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_ENCODE, 0), "rsa_priv_encode"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_DECRYPT, 0), "RSA_private_decrypt"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_ENCRYPT, 0), "RSA_private_encrypt"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_GET_PARAM, 0), "rsa_pss_get_param"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_TO_CTX, 0), "rsa_pss_to_ctx"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_DECRYPT, 0), "RSA_public_decrypt"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_ENCRYPT, 0), "RSA_public_encrypt"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SETUP_BLINDING, 0), "RSA_setup_blinding"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN, 0), "RSA_sign"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN_ASN1_OCTET_STRING, 0), +@@ -102,6 +111,8 @@ static const ERR_STRING_DATA RSA_str_fun + "RSA_verify_ASN1_OCTET_STRING"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 0), + "RSA_verify_PKCS1_PSS_mgf1"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_DEFAULT_METHOD, 0), "RSA_set_default_method"}, ++ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_METHOD, 0), "RSA_set_method"}, + {ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"}, + {0, NULL} + }; +@@ -181,6 +192,7 @@ static const ERR_STRING_DATA RSA_str_rea + "mp exponent not congruent to d"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, ++ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NON_FIPS_RSA_METHOD), "non FIPS rsa method"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING), + "null before block missing"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES), +@@ -189,6 +201,8 @@ static const ERR_STRING_DATA RSA_str_rea + "n does not equal p q"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR), + "oaep decoding error"}, ++ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), ++ "operation not allowed in FIPS mode"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), + "operation not supported for this keytype"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED), +@@ -224,6 +238,8 @@ static const ERR_STRING_DATA RSA_str_rea + "unsupported mask algorithm"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_PARAMETER), + "unsupported mask parameter"}, ++ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_PARAMETERS), ++ "unsupported parameters"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE), + "unsupported signature type"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"}, +diff -up openssl-1.1.1-pre8/crypto/rsa/rsa_gen.c.fips openssl-1.1.1-pre8/crypto/rsa/rsa_gen.c +--- openssl-1.1.1-pre8/crypto/rsa/rsa_gen.c.fips 2018-06-20 16:48:11.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/rsa/rsa_gen.c 2018-07-25 17:26:58.411624848 +0200 +@@ -18,6 +18,78 @@ #include "internal/cryptlib.h" #include #include "rsa_locl.h" @@ -10883,11 +10737,14 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_gen.c.fips openssl-1.1.0h/crypto/rsa/rsa_ + + return ret; +} ++ ++static int fips_rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, ++ BN_GENCB *cb); +#endif - static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, + static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, BN_GENCB *cb); -@@ -31,11 +100,281 @@ static int rsa_builtin_keygen(RSA *rsa, +@@ -31,6 +103,13 @@ static int rsa_builtin_keygen(RSA *rsa, */ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { @@ -10898,9 +10755,38 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_gen.c.fips openssl-1.1.0h/crypto/rsa/rsa_ + return 0; + } +#endif - if (rsa->meth->rsa_keygen) + if (rsa->meth->rsa_keygen != NULL) return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); - return rsa_builtin_keygen(rsa, bits, e_value, cb); + +@@ -41,6 +120,13 @@ int RSA_generate_key_ex(RSA *rsa, int bi + int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, + BIGNUM *e_value, BN_GENCB *cb) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_GENERATE_MULTI_PRIME_KEY, RSA_R_NON_FIPS_RSA_METHOD); ++ return 0; ++ } ++#endif + /* multi-prime is only supported with the builtin key generation */ + if (rsa->meth->rsa_multi_prime_keygen != NULL) { + return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes, +@@ -57,10 +143,285 @@ int RSA_generate_multi_prime_key(RSA *rs + else + return 0; + } +- ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { ++ if (primes != 2) { ++ RSAerr(RSA_F_RSA_GENERATE_MULTI_PRIME_KEY, RSA_R_UNSUPPORTED_PARAMETERS); ++ return 0; ++ } ++ return fips_rsa_builtin_keygen(rsa, bits, e_value, cb); ++ } ++#endif + return rsa_builtin_keygen(rsa, bits, primes, e_value, cb); } +#ifdef OPENSSL_FIPS @@ -10921,8 +10807,12 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_gen.c.fips openssl-1.1.0h/crypto/rsa/rsa_ + return 0; + } + -+ if ((pbits & 0xFF) ++ if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS + || (getenv("OPENSSL_ENFORCE_MODULUS_BITS") && bits < 2048)) { ++ FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_KEY_TOO_SHORT); ++ return 0; ++ } ++ if ((pbits & 0xFF) != 0) { + FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_INVALID_KEY_LENGTH); + return 0; + } @@ -11166,30 +11056,13 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_gen.c.fips openssl-1.1.0h/crypto/rsa/rsa_ +} +#endif + - static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, + static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, BN_GENCB *cb) { -@@ -44,6 +383,16 @@ static int rsa_builtin_keygen(RSA *rsa, - BN_CTX *ctx = NULL; - unsigned long error = 0; - -+#ifdef OPENSSL_FIPS -+ if (FIPS_mode()) { -+ if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) { -+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_KEY_TOO_SHORT); -+ return 0; -+ } -+ return fips_rsa_builtin_keygen(rsa, bits, e_value, cb); -+ } -+#endif -+ - /* - * When generating ridiculously small keys, we can get stuck - * continually regenerating the same prime values. -diff -up openssl-1.1.0h/crypto/rsa/rsa_lib.c.fips openssl-1.1.0h/crypto/rsa/rsa_lib.c ---- openssl-1.1.0h/crypto/rsa/rsa_lib.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/rsa/rsa_lib.c 2018-03-29 14:44:24.638236924 +0200 -@@ -32,6 +32,12 @@ int RSA_set_method(RSA *rsa, const RSA_M +diff -up openssl-1.1.1-pre8/crypto/rsa/rsa_lib.c.fips openssl-1.1.1-pre8/crypto/rsa/rsa_lib.c +--- openssl-1.1.1-pre8/crypto/rsa/rsa_lib.c.fips 2018-06-20 16:48:11.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/rsa/rsa_lib.c 2018-07-25 17:26:58.411624848 +0200 +@@ -34,6 +34,12 @@ int RSA_set_method(RSA *rsa, const RSA_M * to deal with which ENGINE it comes from. */ const RSA_METHOD *mtmp; @@ -11202,7 +11075,7 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_lib.c.fips openssl-1.1.0h/crypto/rsa/rsa_ mtmp = rsa->meth; if (mtmp->finish) mtmp->finish(rsa); -@@ -64,7 +70,6 @@ RSA *RSA_new_method(ENGINE *engine) +@@ -66,7 +72,6 @@ RSA *RSA_new_method(ENGINE *engine) ret->meth = RSA_get_default_method(); #ifndef OPENSSL_NO_ENGINE @@ -11210,7 +11083,7 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_lib.c.fips openssl-1.1.0h/crypto/rsa/rsa_ if (engine) { if (!ENGINE_init(engine)) { RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); -@@ -81,8 +86,19 @@ RSA *RSA_new_method(ENGINE *engine) +@@ -84,8 +89,19 @@ RSA *RSA_new_method(ENGINE *engine) } } #endif @@ -11231,9 +11104,9 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_lib.c.fips openssl-1.1.0h/crypto/rsa/rsa_ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { goto err; } -diff -up openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0h/crypto/rsa/rsa_ossl.c ---- openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/rsa/rsa_ossl.c 2018-03-29 14:44:24.638236924 +0200 +diff -up openssl-1.1.1-pre8/crypto/rsa/rsa_ossl.c.fips openssl-1.1.1-pre8/crypto/rsa/rsa_ossl.c +--- openssl-1.1.1-pre8/crypto/rsa/rsa_ossl.c.fips 2018-06-20 16:48:11.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/rsa/rsa_ossl.c 2018-07-25 17:26:58.411624848 +0200 @@ -11,6 +11,10 @@ #include "internal/bn_int.h" #include "rsa_locl.h" @@ -11245,7 +11118,7 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0h/crypto/rsa/rsa static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, -@@ -45,6 +49,12 @@ static const RSA_METHOD *default_RSA_met +@@ -46,6 +50,12 @@ static const RSA_METHOD *default_RSA_met void RSA_set_default_method(const RSA_METHOD *meth) { @@ -11258,7 +11131,7 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0h/crypto/rsa/rsa default_RSA_meth = meth; } -@@ -66,6 +76,22 @@ static int rsa_ossl_public_encrypt(int f +@@ -72,6 +82,22 @@ static int rsa_ossl_public_encrypt(int f unsigned char *buf = NULL; BN_CTX *ctx = NULL; @@ -11281,7 +11154,7 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0h/crypto/rsa/rsa if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -@@ -245,6 +271,22 @@ static int rsa_ossl_private_encrypt(int +@@ -251,6 +277,22 @@ static int rsa_ossl_private_encrypt(int BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; @@ -11304,7 +11177,7 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0h/crypto/rsa/rsa if ((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); -@@ -380,6 +422,22 @@ static int rsa_ossl_private_decrypt(int +@@ -388,6 +430,22 @@ static int rsa_ossl_private_decrypt(int BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; @@ -11327,7 +11200,7 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0h/crypto/rsa/rsa if ((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); -@@ -504,6 +562,22 @@ static int rsa_ossl_public_decrypt(int f +@@ -513,6 +571,22 @@ static int rsa_ossl_public_decrypt(int f unsigned char *buf = NULL; BN_CTX *ctx = NULL; @@ -11350,9 +11223,9 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_ossl.c.fips openssl-1.1.0h/crypto/rsa/rsa if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); return -1; -diff -up openssl-1.1.0h/crypto/rsa/rsa_sign.c.fips openssl-1.1.0h/crypto/rsa/rsa_sign.c ---- openssl-1.1.0h/crypto/rsa/rsa_sign.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/rsa/rsa_sign.c 2018-03-29 14:44:24.638236924 +0200 +diff -up openssl-1.1.1-pre8/crypto/rsa/rsa_sign.c.fips openssl-1.1.1-pre8/crypto/rsa/rsa_sign.c +--- openssl-1.1.1-pre8/crypto/rsa/rsa_sign.c.fips 2018-06-20 16:48:11.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/rsa/rsa_sign.c 2018-07-25 17:26:58.411624848 +0200 @@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch unsigned char *tmps = NULL; const unsigned char *encoded = NULL; @@ -11379,9 +11252,9 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_sign.c.fips openssl-1.1.0h/crypto/rsa/rsa if (encrypt_len <= 0) goto err; -diff -up openssl-1.1.0h/crypto/sha/sha_locl.h.fips openssl-1.1.0h/crypto/sha/sha_locl.h ---- openssl-1.1.0h/crypto/sha/sha_locl.h.fips 2018-03-29 14:44:24.237227506 +0200 -+++ openssl-1.1.0h/crypto/sha/sha_locl.h 2018-03-29 14:44:24.638236924 +0200 +diff -up openssl-1.1.1-pre8/crypto/sha/sha_locl.h.fips openssl-1.1.1-pre8/crypto/sha/sha_locl.h +--- openssl-1.1.1-pre8/crypto/sha/sha_locl.h.fips 2018-07-25 17:26:57.885612242 +0200 ++++ openssl-1.1.1-pre8/crypto/sha/sha_locl.h 2018-07-25 17:26:58.412624872 +0200 @@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c int HASH_INIT(SHA_CTX *c) @@ -11392,9 +11265,9 @@ diff -up openssl-1.1.0h/crypto/sha/sha_locl.h.fips openssl-1.1.0h/crypto/sha/sha memset(c, 0, sizeof(*c)); c->h0 = INIT_DATA_h0; c->h1 = INIT_DATA_h1; -diff -up openssl-1.1.0h/crypto/sha/sha256.c.fips openssl-1.1.0h/crypto/sha/sha256.c ---- openssl-1.1.0h/crypto/sha/sha256.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/sha/sha256.c 2018-03-29 14:44:24.639236948 +0200 +diff -up openssl-1.1.1-pre8/crypto/sha/sha256.c.fips openssl-1.1.1-pre8/crypto/sha/sha256.c +--- openssl-1.1.1-pre8/crypto/sha/sha256.c.fips 2018-06-20 16:48:11.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/sha/sha256.c 2018-07-25 17:26:58.412624872 +0200 @@ -18,6 +18,9 @@ int SHA224_Init(SHA256_CTX *c) @@ -11415,10 +11288,10 @@ diff -up openssl-1.1.0h/crypto/sha/sha256.c.fips openssl-1.1.0h/crypto/sha/sha25 memset(c, 0, sizeof(*c)); c->h[0] = 0x6a09e667UL; c->h[1] = 0xbb67ae85UL; -diff -up openssl-1.1.0h/crypto/sha/sha512.c.fips openssl-1.1.0h/crypto/sha/sha512.c ---- openssl-1.1.0h/crypto/sha/sha512.c.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/crypto/sha/sha512.c 2018-03-29 14:44:24.639236948 +0200 -@@ -62,6 +62,9 @@ +diff -up openssl-1.1.1-pre8/crypto/sha/sha512.c.fips openssl-1.1.1-pre8/crypto/sha/sha512.c +--- openssl-1.1.1-pre8/crypto/sha/sha512.c.fips 2018-06-20 16:48:11.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/sha/sha512.c 2018-07-25 17:26:58.412624872 +0200 +@@ -98,6 +98,9 @@ int sha512_256_init(SHA512_CTX *c) int SHA384_Init(SHA512_CTX *c) { @@ -11428,7 +11301,7 @@ diff -up openssl-1.1.0h/crypto/sha/sha512.c.fips openssl-1.1.0h/crypto/sha/sha51 c->h[0] = U64(0xcbbb9d5dc1059ed8); c->h[1] = U64(0x629a292a367cd507); c->h[2] = U64(0x9159015a3070dd17); -@@ -80,6 +83,9 @@ int SHA384_Init(SHA512_CTX *c) +@@ -116,6 +119,9 @@ int SHA384_Init(SHA512_CTX *c) int SHA512_Init(SHA512_CTX *c) { @@ -11438,10 +11311,10 @@ diff -up openssl-1.1.0h/crypto/sha/sha512.c.fips openssl-1.1.0h/crypto/sha/sha51 c->h[0] = U64(0x6a09e667f3bcc908); c->h[1] = U64(0xbb67ae8584caa73b); c->h[2] = U64(0x3c6ef372fe94f82b); -diff -up openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod ---- openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod.fips 2018-03-27 15:50:39.000000000 +0200 -+++ openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod 2018-03-29 14:44:24.639236948 +0200 -@@ -29,8 +29,10 @@ B is the length of the prime p to +diff -up openssl-1.1.1-pre8/doc/man3/DSA_generate_parameters.pod.fips openssl-1.1.1-pre8/doc/man3/DSA_generate_parameters.pod +--- openssl-1.1.1-pre8/doc/man3/DSA_generate_parameters.pod.fips 2018-06-20 16:48:12.000000000 +0200 ++++ openssl-1.1.1-pre8/doc/man3/DSA_generate_parameters.pod 2018-07-25 17:26:58.412624872 +0200 +@@ -30,8 +30,10 @@ B is the length of the prime p to For lengths under 2048 bits, the length of q is 160 bits; for lengths greater than or equal to 2048 bits, the length of q is set to 256 bits. @@ -11454,10 +11327,10 @@ diff -up openssl-1.1.0h/doc/crypto/DSA_generate_parameters.pod.fips openssl-1.1. DSA_generate_parameters_ex() places the iteration count in *B and a counter used for finding a generator in -diff -up openssl-1.1.0h/include/openssl/crypto.h.fips openssl-1.1.0h/include/openssl/crypto.h ---- openssl-1.1.0h/include/openssl/crypto.h.fips 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/include/openssl/crypto.h 2018-03-29 14:44:24.640236971 +0200 -@@ -336,6 +336,11 @@ int OPENSSL_isservice(void); +diff -up openssl-1.1.1-pre8/include/openssl/crypto.h.fips openssl-1.1.1-pre8/include/openssl/crypto.h +--- openssl-1.1.1-pre8/include/openssl/crypto.h.fips 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/include/openssl/crypto.h 2018-07-25 17:26:58.412624872 +0200 +@@ -338,6 +338,11 @@ int OPENSSL_isservice(void); int FIPS_mode(void); int FIPS_mode_set(int r); @@ -11467,12 +11340,40 @@ diff -up openssl-1.1.0h/include/openssl/crypto.h.fips openssl-1.1.0h/include/ope +# endif + void OPENSSL_init(void); - - struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); -diff -up openssl-1.1.0h/include/openssl/dh.h.fips openssl-1.1.0h/include/openssl/dh.h ---- openssl-1.1.0h/include/openssl/dh.h.fips 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/include/openssl/dh.h 2018-03-29 14:44:24.640236971 +0200 -@@ -30,6 +30,7 @@ extern "C" { + # ifdef OPENSSL_SYS_UNIX + void OPENSSL_fork_prepare(void); +diff -up openssl-1.1.1-pre8/include/openssl/dherr.h.fips openssl-1.1.1-pre8/include/openssl/dherr.h +--- openssl-1.1.1-pre8/include/openssl/dherr.h.fips 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/include/openssl/dherr.h 2018-07-25 17:26:58.412624872 +0200 +@@ -32,6 +32,9 @@ int ERR_load_DH_strings(void); + # define DH_F_DH_CMS_DECRYPT 114 + # define DH_F_DH_CMS_SET_PEERKEY 115 + # define DH_F_DH_CMS_SET_SHARED_INFO 116 ++# define DH_F_DH_COMPUTE_KEY 203 ++# define DH_F_DH_GENERATE_KEY 202 ++# define DH_F_DH_GENERATE_PARAMETERS_EX 201 + # define DH_F_DH_METH_DUP 117 + # define DH_F_DH_METH_NEW 118 + # define DH_F_DH_METH_SET1_NAME 119 +@@ -69,12 +72,14 @@ int ERR_load_DH_strings(void); + # define DH_R_INVALID_PARAMETER_NID 114 + # define DH_R_INVALID_PUBKEY 102 + # define DH_R_KDF_PARAMETER_ERROR 112 ++# define DH_R_KEY_SIZE_TOO_SMALL 201 + # define DH_R_KEYS_NOT_SET 108 + # define DH_R_MISSING_PUBKEY 125 + # define DH_R_MODULUS_TOO_LARGE 103 + # define DH_R_NOT_SUITABLE_GENERATOR 120 + # define DH_R_NO_PARAMETERS_SET 107 + # define DH_R_NO_PRIVATE_VALUE 100 ++# define DH_R_NON_FIPS_METHOD 202 + # define DH_R_PARAMETER_ENCODING_ERROR 105 + # define DH_R_PEER_KEY_ERROR 111 + # define DH_R_SHARED_INFO_ERROR 113 +diff -up openssl-1.1.1-pre8/include/openssl/dh.h.fips openssl-1.1.1-pre8/include/openssl/dh.h +--- openssl-1.1.1-pre8/include/openssl/dh.h.fips 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/include/openssl/dh.h 2018-07-25 17:26:58.412624872 +0200 +@@ -31,6 +31,7 @@ extern "C" { # endif # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 @@ -11480,33 +11381,38 @@ diff -up openssl-1.1.0h/include/openssl/dh.h.fips openssl-1.1.0h/include/openssl # define DH_FLAG_CACHE_MONT_P 0x01 -@@ -325,6 +326,9 @@ int ERR_load_DH_strings(void); - # define DH_F_DH_CMS_DECRYPT 114 - # define DH_F_DH_CMS_SET_PEERKEY 115 - # define DH_F_DH_CMS_SET_SHARED_INFO 116 -+# define DH_F_DH_COMPUTE_KEY 203 -+# define DH_F_DH_GENERATE_KEY 202 -+# define DH_F_DH_GENERATE_PARAMETERS_EX 201 - # define DH_F_DH_METH_DUP 117 - # define DH_F_DH_METH_NEW 118 - # define DH_F_DH_METH_SET1_NAME 119 -@@ -346,10 +350,12 @@ int ERR_load_DH_strings(void); - # define DH_R_DECODE_ERROR 104 - # define DH_R_INVALID_PUBKEY 102 - # define DH_R_KDF_PARAMETER_ERROR 112 -+# define DH_R_KEY_SIZE_TOO_SMALL 201 - # define DH_R_KEYS_NOT_SET 108 - # define DH_R_MODULUS_TOO_LARGE 103 - # define DH_R_NO_PARAMETERS_SET 107 - # define DH_R_NO_PRIVATE_VALUE 100 -+# define DH_R_NON_FIPS_METHOD 202 - # define DH_R_PARAMETER_ENCODING_ERROR 105 - # define DH_R_PEER_KEY_ERROR 111 - # define DH_R_SHARED_INFO_ERROR 113 -diff -up openssl-1.1.0h/include/openssl/dsa.h.fips openssl-1.1.0h/include/openssl/dsa.h ---- openssl-1.1.0h/include/openssl/dsa.h.fips 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/include/openssl/dsa.h 2018-03-29 14:44:24.641236994 +0200 -@@ -36,6 +36,7 @@ extern "C" { +diff -up openssl-1.1.1-pre8/include/openssl/dsaerr.h.fips openssl-1.1.1-pre8/include/openssl/dsaerr.h +--- openssl-1.1.1-pre8/include/openssl/dsaerr.h.fips 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/include/openssl/dsaerr.h 2018-07-25 17:26:58.412624872 +0200 +@@ -25,8 +25,11 @@ int ERR_load_DSA_strings(void); + */ + # define DSA_F_DSAPARAMS_PRINT 100 + # define DSA_F_DSAPARAMS_PRINT_FP 101 ++# define DSA_F_DSA_BUILTIN_KEYGEN 202 + # define DSA_F_DSA_BUILTIN_PARAMGEN 125 + # define DSA_F_DSA_BUILTIN_PARAMGEN2 126 ++# define DSA_F_DSA_GENERATE_KEY 201 ++# define DSA_F_DSA_GENERATE_PARAMETERS_EX 200 + # define DSA_F_DSA_DO_SIGN 112 + # define DSA_F_DSA_DO_VERIFY 113 + # define DSA_F_DSA_METH_DUP 127 +@@ -56,9 +59,12 @@ int ERR_load_DSA_strings(void); + # define DSA_R_DECODE_ERROR 104 + # define DSA_R_INVALID_DIGEST_TYPE 106 + # define DSA_R_INVALID_PARAMETERS 112 ++# define DSA_R_KEY_SIZE_INVALID 201 ++# define DSA_R_KEY_SIZE_TOO_SMALL 202 + # define DSA_R_MISSING_PARAMETERS 101 + # define DSA_R_MODULUS_TOO_LARGE 103 + # define DSA_R_NO_PARAMETERS_SET 107 ++# define DSA_R_NON_FIPS_DSA_METHOD 200 + # define DSA_R_PARAMETER_ENCODING_ERROR 105 + # define DSA_R_Q_NOT_PRIME 113 + # define DSA_R_SEED_LEN_SMALL 110 +diff -up openssl-1.1.1-pre8/include/openssl/dsa.h.fips openssl-1.1.1-pre8/include/openssl/dsa.h +--- openssl-1.1.1-pre8/include/openssl/dsa.h.fips 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/include/openssl/dsa.h 2018-07-25 17:26:58.413624895 +0200 +@@ -31,6 +31,7 @@ extern "C" { # endif # define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 @@ -11514,7 +11420,7 @@ diff -up openssl-1.1.0h/include/openssl/dsa.h.fips openssl-1.1.0h/include/openss # define DSA_FLAG_CACHE_MONT_P 0x01 # if OPENSSL_API_COMPAT < 0x10100000L -@@ -146,9 +147,9 @@ int DSAparams_print_fp(FILE *fp, const D +@@ -141,9 +142,9 @@ int DSAparams_print_fp(FILE *fp, const D int DSA_print_fp(FILE *bp, const DSA *x, int off); # endif @@ -11526,43 +11432,18 @@ diff -up openssl-1.1.0h/include/openssl/dsa.h.fips openssl-1.1.0h/include/openss * Rabin-Miller */ # define DSA_is_prime(n, callback, cb_arg) \ -@@ -241,8 +242,11 @@ int ERR_load_DSA_strings(void); - /* Function codes. */ - # define DSA_F_DSAPARAMS_PRINT 100 - # define DSA_F_DSAPARAMS_PRINT_FP 101 -+# define DSA_F_DSA_BUILTIN_KEYGEN 202 - # define DSA_F_DSA_BUILTIN_PARAMGEN 125 - # define DSA_F_DSA_BUILTIN_PARAMGEN2 126 -+# define DSA_F_DSA_GENERATE_KEY 201 -+# define DSA_F_DSA_GENERATE_PARAMETERS_EX 200 - # define DSA_F_DSA_DO_SIGN 112 - # define DSA_F_DSA_DO_VERIFY 113 - # define DSA_F_DSA_METH_DUP 127 -@@ -269,9 +273,12 @@ int ERR_load_DSA_strings(void); - # define DSA_R_DECODE_ERROR 104 - # define DSA_R_INVALID_DIGEST_TYPE 106 - # define DSA_R_INVALID_PARAMETERS 112 -+# define DSA_R_KEY_SIZE_INVALID 201 -+# define DSA_R_KEY_SIZE_TOO_SMALL 202 - # define DSA_R_MISSING_PARAMETERS 101 - # define DSA_R_MODULUS_TOO_LARGE 103 - # define DSA_R_NO_PARAMETERS_SET 107 -+# define DSA_R_NON_FIPS_DSA_METHOD 200 - # define DSA_R_PARAMETER_ENCODING_ERROR 105 - # define DSA_R_Q_NOT_PRIME 113 - # define DSA_R_SEED_LEN_SMALL 110 -diff -up openssl-1.1.0h/include/openssl/evp.h.fips openssl-1.1.0h/include/openssl/evp.h ---- openssl-1.1.0h/include/openssl/evp.h.fips 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/include/openssl/evp.h 2018-03-29 14:44:24.641236994 +0200 -@@ -1461,6 +1461,7 @@ int ERR_load_EVP_strings(void); +diff -up openssl-1.1.1-pre8/include/openssl/evperr.h.fips openssl-1.1.1-pre8/include/openssl/evperr.h +--- openssl-1.1.1-pre8/include/openssl/evperr.h.fips 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/include/openssl/evperr.h 2018-07-25 17:26:58.413624895 +0200 +@@ -25,6 +25,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_AES_OCB_CIPHER 169 # define EVP_F_AES_T4_INIT_KEY 178 # define EVP_F_AES_WRAP_CIPHER 170 -+# define EVP_F_AES_XTS_CIPHER 200 ++# define EVP_F_AES_XTS_CIPHER 300 # define EVP_F_ALG_MODULE_INIT 177 - # define EVP_F_CAMELLIA_INIT_KEY 159 - # define EVP_F_CHACHA20_POLY1305_CTRL 182 -@@ -1539,6 +1540,7 @@ int ERR_load_EVP_strings(void); + # define EVP_F_ARIA_CCM_INIT_KEY 175 + # define EVP_F_ARIA_GCM_CTRL 197 +@@ -132,6 +133,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 # define EVP_R_DECODE_ERROR 114 @@ -11570,7 +11451,7 @@ diff -up openssl-1.1.0h/include/openssl/evp.h.fips openssl-1.1.0h/include/openss # define EVP_R_DIFFERENT_KEY_TYPES 101 # define EVP_R_DIFFERENT_PARAMETERS 153 # define EVP_R_ERROR_LOADING_SECTION 165 -@@ -1575,6 +1577,7 @@ int ERR_load_EVP_strings(void); +@@ -174,6 +176,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 # define EVP_R_PUBLIC_KEY_NOT_RSA 106 @@ -11578,9 +11459,9 @@ diff -up openssl-1.1.0h/include/openssl/evp.h.fips openssl-1.1.0h/include/openss # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 # define EVP_R_UNKNOWN_OPTION 169 -diff -up openssl-1.1.0h/include/openssl/fips.h.fips openssl-1.1.0h/include/openssl/fips.h ---- openssl-1.1.0h/include/openssl/fips.h.fips 2018-03-29 14:44:24.641236994 +0200 -+++ openssl-1.1.0h/include/openssl/fips.h 2018-03-29 14:44:24.641236994 +0200 +diff -up openssl-1.1.1-pre8/include/openssl/fips.h.fips openssl-1.1.1-pre8/include/openssl/fips.h +--- openssl-1.1.1-pre8/include/openssl/fips.h.fips 2018-07-25 17:26:58.413624895 +0200 ++++ openssl-1.1.1-pre8/include/openssl/fips.h 2018-07-25 17:26:58.413624895 +0200 @@ -0,0 +1,186 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11768,9 +11649,9 @@ diff -up openssl-1.1.0h/include/openssl/fips.h.fips openssl-1.1.0h/include/opens +} +# endif +#endif -diff -up openssl-1.1.0h/include/openssl/fips_rand.h.fips openssl-1.1.0h/include/openssl/fips_rand.h ---- openssl-1.1.0h/include/openssl/fips_rand.h.fips 2018-03-29 14:44:24.641236994 +0200 -+++ openssl-1.1.0h/include/openssl/fips_rand.h 2018-03-29 14:44:24.641236994 +0200 +diff -up openssl-1.1.1-pre8/include/openssl/fips_rand.h.fips openssl-1.1.1-pre8/include/openssl/fips_rand.h +--- openssl-1.1.1-pre8/include/openssl/fips_rand.h.fips 2018-07-25 17:26:58.413624895 +0200 ++++ openssl-1.1.1-pre8/include/openssl/fips_rand.h 2018-07-25 17:26:58.413624895 +0200 @@ -0,0 +1,145 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. @@ -11917,10 +11798,10 @@ diff -up openssl-1.1.0h/include/openssl/fips_rand.h.fips openssl-1.1.0h/include/ +# endif +# endif +#endif -diff -up openssl-1.1.0h/include/openssl/opensslconf.h.in.fips openssl-1.1.0h/include/openssl/opensslconf.h.in ---- openssl-1.1.0h/include/openssl/opensslconf.h.in.fips 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/include/openssl/opensslconf.h.in 2018-03-29 14:44:24.642237018 +0200 -@@ -136,6 +136,11 @@ extern "C" { +diff -up openssl-1.1.1-pre8/include/openssl/opensslconf.h.in.fips openssl-1.1.1-pre8/include/openssl/opensslconf.h.in +--- openssl-1.1.1-pre8/include/openssl/opensslconf.h.in.fips 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/include/openssl/opensslconf.h.in 2018-07-25 17:26:58.413624895 +0200 +@@ -138,6 +138,11 @@ extern "C" { #define RC4_INT {- $config{rc4_int} -} @@ -11932,58 +11813,59 @@ diff -up openssl-1.1.0h/include/openssl/opensslconf.h.in.fips openssl-1.1.0h/inc #ifdef __cplusplus } #endif -diff -up openssl-1.1.0h/include/openssl/rand.h.fips openssl-1.1.0h/include/openssl/rand.h ---- openssl-1.1.0h/include/openssl/rand.h.fips 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/include/openssl/rand.h 2018-03-29 14:44:24.642237018 +0200 -@@ -67,6 +67,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void +diff -up openssl-1.1.1-pre8/include/openssl/randerr.h.fips openssl-1.1.1-pre8/include/openssl/randerr.h +--- openssl-1.1.1-pre8/include/openssl/randerr.h.fips 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/include/openssl/randerr.h 2018-07-25 17:26:58.413624895 +0200 +@@ -35,6 +35,7 @@ int ERR_load_RAND_strings(void); + # define RAND_F_RAND_DRBG_SET 104 + # define RAND_F_RAND_DRBG_SET_DEFAULTS 121 + # define RAND_F_RAND_DRBG_UNINSTANTIATE 118 ++# define RAND_F_RAND_INIT_FIPS 200 + # define RAND_F_RAND_LOAD_FILE 111 + # define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 + # define RAND_F_RAND_POOL_ADD 103 +diff -up openssl-1.1.1-pre8/include/openssl/rand.h.fips openssl-1.1.1-pre8/include/openssl/rand.h +--- openssl-1.1.1-pre8/include/openssl/rand.h.fips 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/include/openssl/rand.h 2018-07-25 17:26:58.413624895 +0200 +@@ -68,6 +68,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) - #endif + # endif +# ifdef OPENSSL_FIPS ++/* just stubs for API compatibility */ +void RAND_set_fips_drbg_type(int type, int flags); +int RAND_init_fips(void); +# endif -+ - /* BEGIN ERROR CODES */ - /* - * The following lines are auto generated by the script mkerr.pl. Any changes -@@ -79,8 +84,11 @@ int ERR_load_RAND_strings(void); - /* Function codes. */ - # define RAND_F_RAND_BYTES 100 -+# define RAND_F_RAND_INIT_FIPS 200 - - /* Reason codes. */ -+# define RAND_R_ERROR_INITIALISING_DRBG 200 -+# define RAND_R_ERROR_INSTANTIATING_DRBG 201 - # define RAND_R_PRNG_NOT_SEEDED 100 - - # ifdef __cplusplus -diff -up openssl-1.1.0h/include/openssl/rsa.h.fips openssl-1.1.0h/include/openssl/rsa.h ---- openssl-1.1.0h/include/openssl/rsa.h.fips 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/include/openssl/rsa.h 2018-03-29 14:44:24.642237018 +0200 -@@ -463,6 +463,7 @@ int ERR_load_RSA_strings(void); - /* Function codes. */ + #ifdef __cplusplus + } +diff -up openssl-1.1.1-pre8/include/openssl/rsaerr.h.fips openssl-1.1.1-pre8/include/openssl/rsaerr.h +--- openssl-1.1.1-pre8/include/openssl/rsaerr.h.fips 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/include/openssl/rsaerr.h 2018-07-25 17:26:58.413624895 +0200 +@@ -21,6 +21,7 @@ int ERR_load_RSA_strings(void); + */ # define RSA_F_CHECK_PADDING_MD 140 # define RSA_F_ENCODE_PKCS1 146 +# define RSA_F_FIPS_RSA_BUILTIN_KEYGEN 206 # define RSA_F_INT_RSA_VERIFY 145 # define RSA_F_OLD_RSA_PRIV_DECODE 147 - # define RSA_F_PKEY_RSA_CTRL 143 -@@ -475,6 +476,7 @@ int ERR_load_RSA_strings(void); - # define RSA_F_RSA_CHECK_KEY 123 + # define RSA_F_PKEY_PSS_INIT 165 +@@ -35,6 +36,8 @@ int ERR_load_RSA_strings(void); # define RSA_F_RSA_CHECK_KEY_EX 160 # define RSA_F_RSA_CMS_DECRYPT 159 + # define RSA_F_RSA_CMS_VERIFY 158 +# define RSA_F_RSA_GENERATE_KEY_EX 204 ++# define RSA_F_RSA_GENERATE_MULTI_PRIME_KEY 207 # define RSA_F_RSA_ITEM_VERIFY 148 # define RSA_F_RSA_METH_DUP 161 # define RSA_F_RSA_METH_NEW 162 -@@ -509,9 +511,15 @@ int ERR_load_RSA_strings(void); - # define RSA_F_RSA_PRINT 115 +@@ -72,10 +75,16 @@ int ERR_load_RSA_strings(void); # define RSA_F_RSA_PRINT_FP 116 + # define RSA_F_RSA_PRIV_DECODE 150 # define RSA_F_RSA_PRIV_ENCODE 138 +# define RSA_F_RSA_PRIVATE_DECRYPT 200 +# define RSA_F_RSA_PRIVATE_ENCRYPT 201 + # define RSA_F_RSA_PSS_GET_PARAM 151 # define RSA_F_RSA_PSS_TO_CTX 155 # define RSA_F_RSA_PUB_DECODE 139 +# define RSA_F_RSA_PUBLIC_DECRYPT 202 @@ -11994,44 +11876,72 @@ diff -up openssl-1.1.0h/include/openssl/rsa.h.fips openssl-1.1.0h/include/openss # define RSA_F_RSA_SIGN 117 # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 # define RSA_F_RSA_VERIFY 119 -@@ -558,9 +566,11 @@ int ERR_load_RSA_strings(void); - # define RSA_R_LAST_OCTET_INVALID 134 - # define RSA_R_MODULUS_TOO_LARGE 105 +@@ -132,10 +141,12 @@ int ERR_load_RSA_strings(void); + # define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169 + # define RSA_R_MP_R_NOT_PRIME 170 # define RSA_R_NO_PUBLIC_EXPONENT 140 +# define RSA_R_NON_FIPS_RSA_METHOD 200 # define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 + # define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172 # define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 # define RSA_R_OAEP_DECODING_ERROR 121 +# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 201 # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 # define RSA_R_PADDING_CHECK_FAILED 114 # define RSA_R_PKCS_DECODING_ERROR 159 -diff -up openssl-1.1.0h/ssl/ssl_ciph.c.fips openssl-1.1.0h/ssl/ssl_ciph.c ---- openssl-1.1.0h/ssl/ssl_ciph.c.fips 2018-03-29 14:44:24.625236619 +0200 -+++ openssl-1.1.0h/ssl/ssl_ciph.c 2018-03-29 14:44:24.643237042 +0200 -@@ -404,7 +404,8 @@ void ssl_load_ciphers(void) +@@ -155,6 +166,7 @@ int ERR_load_RSA_strings(void); + # define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 + # define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 + # define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 ++# define RSA_R_UNSUPPORTED_PARAMETERS 202 + # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 + # define RSA_R_VALUE_MISSING 147 + # define RSA_R_WRONG_SIGNATURE_LENGTH 119 +diff -up openssl-1.1.1-pre8/ssl/ssl_ciph.c.fips openssl-1.1.1-pre8/ssl/ssl_ciph.c +--- openssl-1.1.1-pre8/ssl/ssl_ciph.c.fips 2018-07-25 17:26:58.400624584 +0200 ++++ openssl-1.1.1-pre8/ssl/ssl_ciph.c 2018-07-25 17:26:58.414624919 +0200 +@@ -385,7 +385,7 @@ int ssl_load_ciphers(void) } } /* Make sure we can access MD5 and SHA1 */ -- OPENSSL_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL); -+ if (!FIPS_mode()) -+ OPENSSL_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL); - OPENSSL_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL); +- if (!ossl_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL)) ++ if (!FIPS_mode() && !ossl_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL)) + return 0; + if (!ossl_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL)) + return 0; +@@ -560,6 +560,9 @@ int ssl_cipher_get_evp(const SSL_SESSION + s->ssl_version < TLS1_VERSION) + return 1; - disabled_mkey_mask = 0; -@@ -687,7 +688,7 @@ static void ssl_cipher_collect_ciphers(c ++ if (FIPS_mode()) ++ return 1; ++ + if (c->algorithm_enc == SSL_RC4 && + c->algorithm_mac == SSL_MD5 && + (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) +@@ -668,6 +671,8 @@ static void ssl_cipher_collect_ciphers(c /* drop those that use any of that is not available */ if (c == NULL || !c->valid) continue; -- if (FIPS_mode() && (c->algo_strength & SSL_FIPS)) + if (FIPS_mode() && !(c->algo_strength & SSL_FIPS)) - continue; ++ continue; if ((c->algorithm_mkey & disabled_mkey) || (c->algorithm_auth & disabled_auth) || -diff -up openssl-1.1.0h/ssl/ssl_init.c.fips openssl-1.1.0h/ssl/ssl_init.c ---- openssl-1.1.0h/ssl/ssl_init.c.fips 2018-03-27 15:50:40.000000000 +0200 -+++ openssl-1.1.0h/ssl/ssl_init.c 2018-03-29 14:44:24.643237042 +0200 -@@ -28,6 +28,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas + (c->algorithm_enc & disabled_enc) || +@@ -1671,7 +1676,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + * to the resulting precedence to the STACK_OF(SSL_CIPHER). + */ + for (curr = head; curr != NULL; curr = curr->next) { +- if (curr->active) { ++ if (curr->active ++ && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) { + if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { + OPENSSL_free(co_list); + sk_SSL_CIPHER_free(cipherstack); +diff -up openssl-1.1.1-pre8/ssl/ssl_init.c.fips openssl-1.1.1-pre8/ssl/ssl_init.c +--- openssl-1.1.1-pre8/ssl/ssl_init.c.fips 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/ssl/ssl_init.c 2018-07-25 17:26:58.414624919 +0200 +@@ -27,6 +27,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " "Adding SSL ciphers and digests\n"); #endif @@ -12042,7 +11952,7 @@ diff -up openssl-1.1.0h/ssl/ssl_init.c.fips openssl-1.1.0h/ssl/ssl_init.c #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); -@@ -84,6 +88,31 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas +@@ -87,6 +91,31 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas EVP_add_digest(EVP_sha256()); EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); @@ -12074,10 +11984,22 @@ diff -up openssl-1.1.0h/ssl/ssl_init.c.fips openssl-1.1.0h/ssl/ssl_init.c #ifndef OPENSSL_NO_COMP # ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " -diff -up openssl-1.1.0h/ssl/ssl_lib.c.fips openssl-1.1.0h/ssl/ssl_lib.c ---- openssl-1.1.0h/ssl/ssl_lib.c.fips 2018-03-29 14:44:24.625236619 +0200 -+++ openssl-1.1.0h/ssl/ssl_lib.c 2018-03-29 14:44:24.643237042 +0200 -@@ -2588,13 +2588,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m +diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.fips openssl-1.1.1-pre8/ssl/ssl_lib.c +--- openssl-1.1.1-pre8/ssl/ssl_lib.c.fips 2018-07-25 17:26:58.400624584 +0200 ++++ openssl-1.1.1-pre8/ssl/ssl_lib.c 2018-07-25 17:26:58.414624919 +0200 +@@ -2885,6 +2885,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m + if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL)) + return NULL; + ++ if (FIPS_mode() && (meth->version < TLS1_VERSION)) { ++ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE); ++ return NULL; ++ } ++ + if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { + SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); + goto err; +@@ -2941,13 +2946,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (ret->param == NULL) goto err; @@ -12101,12 +12023,12 @@ diff -up openssl-1.1.0h/ssl/ssl_lib.c.fips openssl-1.1.0h/ssl/ssl_lib.c + ret->min_proto_version = TLS1_VERSION; } - if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) -diff -up openssl-1.1.0h/test/dsatest.c.fips openssl-1.1.0h/test/dsatest.c ---- openssl-1.1.0h/test/dsatest.c.fips 2018-03-27 15:50:41.000000000 +0200 -+++ openssl-1.1.0h/test/dsatest.c 2018-03-29 14:44:24.644237065 +0200 -@@ -32,41 +32,42 @@ int main(int argc, char *argv[]) - + if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL) +diff -up openssl-1.1.1-pre8/test/dsatest.c.fips openssl-1.1.1-pre8/test/dsatest.c +--- openssl-1.1.1-pre8/test/dsatest.c.fips 2018-06-20 16:48:14.000000000 +0200 ++++ openssl-1.1.1-pre8/test/dsatest.c 2018-07-25 17:26:58.415624943 +0200 +@@ -24,41 +24,42 @@ + #ifndef OPENSSL_NO_DSA static int dsa_cb(int p, int n, BN_GENCB *arg); -/* @@ -12173,80 +12095,59 @@ diff -up openssl-1.1.0h/test/dsatest.c.fips openssl-1.1.0h/test/dsatest.c }; static const unsigned char str1[] = "12345678901234567890"; -@@ -102,7 +103,7 @@ int main(int argc, char **argv) +@@ -79,11 +80,11 @@ static int dsa_test(void) + + BN_GENCB_set(cb, dsa_cb, NULL); + if (!TEST_ptr(dsa = DSA_new()) +- || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20, ++ || !TEST_true(DSA_generate_parameters_ex(dsa, 1024, seed, 20, + &counter, &h, cb))) goto end; - BN_GENCB_set(cb, dsa_cb, bio_err); -- if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, -+ if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 1024, - seed, 20, - &counter, - &h, cb)) -@@ -116,8 +117,8 @@ int main(int argc, char **argv) - BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h); - - DSA_print(bio_err, dsa, 0); -- if (counter != 105) { -- BIO_printf(bio_err, "counter should be 105\n"); -+ if (counter != 239) { -+ BIO_printf(bio_err, "counter should be 239\n"); +- if (!TEST_int_eq(counter, 105)) ++ if (!TEST_int_eq(counter, 239)) goto end; - } - if (h != 2) { -diff -up openssl-1.1.0h/util/libcrypto.num.fips openssl-1.1.0h/util/libcrypto.num ---- openssl-1.1.0h/util/libcrypto.num.fips 2018-03-27 15:50:41.000000000 +0200 -+++ openssl-1.1.0h/util/libcrypto.num 2018-03-29 18:06:26.962651662 +0200 -@@ -4232,5 +4232,40 @@ ZINT64_it - ZINT64_it 4215 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: - CRYPTO_secure_clear_free 4315 1_1_0g EXIST::FUNCTION: - EVP_PKEY_set1_engine 4347 1_1_0g EXIST::FUNCTION:ENGINE --OCSP_resp_get0_signer 4374 1_1_0h EXIST::FUNCTION:OCSP -+FIPS_drbg_reseed 4348 1_1_0g EXIST::FUNCTION: -+FIPS_selftest_check 4349 1_1_0g EXIST::FUNCTION: -+FIPS_rand_set_method 4350 1_1_0g EXIST::FUNCTION: -+FIPS_get_default_drbg 4351 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_set_reseed_interval 4352 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_set_app_data 4353 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_method 4354 1_1_0g EXIST::FUNCTION: -+FIPS_rand_status 4355 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_instantiate 4356 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_set_callbacks 4357 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_new 4358 1_1_0g EXIST::FUNCTION: -+FIPS_dsa_paramgen_check_g 4359 1_1_0g EXIST::FUNCTION: -+FIPS_selftest 4360 1_1_0g EXIST::FUNCTION: -+FIPS_rand_set_bits 4361 1_1_0g EXIST::FUNCTION: -+FIPS_rand_bytes 4362 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_get_app_data 4363 1_1_0g EXIST::FUNCTION: -+FIPS_selftest_failed 4364 1_1_0g EXIST::FUNCTION: -+FIPS_dsa_builtin_paramgen2 4365 1_1_0g EXIST::FUNCTION: -+FIPS_rand_reset 4366 1_1_0g EXIST::FUNCTION: -+ERR_load_FIPS_strings 4367 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_generate 4368 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_uninstantiate 4369 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_set_check_interval 4370 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_free 4371 1_1_0g EXIST::FUNCTION: -+FIPS_selftest_drbg_all 4372 1_1_0g EXIST::FUNCTION: -+FIPS_rand_get_method 4373 1_1_0g EXIST::FUNCTION: -+RAND_set_fips_drbg_type 4374 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_health_check 4375 1_1_0g EXIST::FUNCTION: -+RAND_init_fips 4376 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_set_rand_callbacks 4377 1_1_0g EXIST::FUNCTION: -+FIPS_rand_seed 4378 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_get_strength 4379 1_1_0g EXIST::FUNCTION: -+FIPS_rand_strength 4380 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_get_blocklength 4381 1_1_0g EXIST::FUNCTION: -+FIPS_drbg_init 4382 1_1_0g EXIST::FUNCTION: -+OCSP_resp_get0_signer 4384 1_1_0h EXIST::FUNCTION:OCSP - X509_get0_authority_key_id 4448 1_1_0h EXIST::FUNCTION: -diff -up openssl-1.1.0h/util/mkdef.pl.fips openssl-1.1.0h/util/mkdef.pl ---- openssl-1.1.0h/util/mkdef.pl.fips 2018-03-27 15:50:41.000000000 +0200 -+++ openssl-1.1.0h/util/mkdef.pl 2018-03-29 14:44:24.644237065 +0200 -@@ -311,6 +311,8 @@ $crypto.=" include/openssl/modes.h"; - $crypto.=" include/openssl/async.h"; - $crypto.=" include/openssl/ct.h"; - $crypto.=" include/openssl/kdf.h"; -+$crypto.=" include/openssl/fips.h"; -+$crypto.=" include/openssl/fips_rand.h"; - - my $symhacks="include/openssl/symhacks.h"; - + if (!TEST_int_eq(h, 2)) + goto end; +diff -up openssl-1.1.1-pre8/util/libcrypto.num.fips openssl-1.1.1-pre8/util/libcrypto.num +--- openssl-1.1.1-pre8/util/libcrypto.num.fips 2018-06-20 16:48:15.000000000 +0200 ++++ openssl-1.1.1-pre8/util/libcrypto.num 2018-07-25 17:49:31.909043049 +0200 +@@ -4568,3 +4568,38 @@ EVP_PKEY_get_raw_private_key + EVP_PKEY_asn1_set_get_priv_key 4520 1_1_1 EXIST::FUNCTION: + EVP_PKEY_asn1_set_get_pub_key 4521 1_1_1 EXIST::FUNCTION: + EVP_PKEY_set_alias_type 4522 1_1_1 EXIST::FUNCTION: ++FIPS_drbg_reseed 6348 1_1_0g EXIST::FUNCTION: ++FIPS_selftest_check 6349 1_1_0g EXIST::FUNCTION: ++FIPS_rand_set_method 6350 1_1_0g EXIST::FUNCTION: ++FIPS_get_default_drbg 6351 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_reseed_interval 6352 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_app_data 6353 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_method 6354 1_1_0g EXIST::FUNCTION: ++FIPS_rand_status 6355 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_instantiate 6356 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_callbacks 6357 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_new 6358 1_1_0g EXIST::FUNCTION: ++FIPS_dsa_paramgen_check_g 6359 1_1_0g EXIST::FUNCTION: ++FIPS_selftest 6360 1_1_0g EXIST::FUNCTION: ++FIPS_rand_set_bits 6361 1_1_0g EXIST::FUNCTION: ++FIPS_rand_bytes 6362 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_get_app_data 6363 1_1_0g EXIST::FUNCTION: ++FIPS_selftest_failed 6364 1_1_0g EXIST::FUNCTION: ++FIPS_dsa_builtin_paramgen2 6365 1_1_0g EXIST::FUNCTION: ++FIPS_rand_reset 6366 1_1_0g EXIST::FUNCTION: ++ERR_load_FIPS_strings 6367 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_generate 6368 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_uninstantiate 6369 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_check_interval 6370 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_free 6371 1_1_0g EXIST::FUNCTION: ++FIPS_selftest_drbg_all 6372 1_1_0g EXIST::FUNCTION: ++FIPS_rand_get_method 6373 1_1_0g EXIST::FUNCTION: ++RAND_set_fips_drbg_type 6374 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_health_check 6375 1_1_0g EXIST::FUNCTION: ++RAND_init_fips 6376 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_set_rand_callbacks 6377 1_1_0g EXIST::FUNCTION: ++FIPS_rand_seed 6378 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_get_strength 6379 1_1_0g EXIST::FUNCTION: ++FIPS_rand_strength 6380 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_get_blocklength 6381 1_1_0g EXIST::FUNCTION: ++FIPS_drbg_init 6382 1_1_0g EXIST::FUNCTION: diff --git a/openssl-1.1.1-man-rename.patch b/openssl-1.1.1-man-rename.patch new file mode 100644 index 0000000..6aef549 --- /dev/null +++ b/openssl-1.1.1-man-rename.patch @@ -0,0 +1,37 @@ +diff -up openssl-1.1.1-pre2/doc/man1/openssl.pod.man-rename openssl-1.1.1-pre2/doc/man1/openssl.pod +--- openssl-1.1.1-pre2/doc/man1/openssl.pod.man-rename 2018-02-27 14:40:43.000000000 +0100 ++++ openssl-1.1.1-pre2/doc/man1/openssl.pod 2018-03-06 15:32:44.737652939 +0100 +@@ -170,7 +170,7 @@ Create or examine a Netscape certificate + + Online Certificate Status Protocol utility. + +-=item L|passwd(1)> ++=item L|sslpasswd(1)> + + Generation of hashed passwords. + +@@ -202,7 +202,7 @@ Public key algorithm cryptographic opera + + Compute prime numbers. + +-=item L|rand(1)> ++=item L|sslrand(1)> + + Generate pseudo-random bytes. + +@@ -444,13 +444,13 @@ L, L, L + L, L, + L, L, L, L, L, + L, L, L, +-L, + L, L, L, + L, L, L, L, +-L, L, L, L, ++L, L, L, + L, L, + L, L, L, + L, L, L, L, L, ++L, L, + L, + L, L, L, + L, L, L diff --git a/openssl-1.1.1-secure-getenv.patch b/openssl-1.1.1-secure-getenv.patch new file mode 100644 index 0000000..c3d14a1 --- /dev/null +++ b/openssl-1.1.1-secure-getenv.patch @@ -0,0 +1,173 @@ +diff -up openssl-1.1.1-pre8/crypto/conf/conf_api.c.secure-getenv openssl-1.1.1-pre8/crypto/conf/conf_api.c +--- openssl-1.1.1-pre8/crypto/conf/conf_api.c.secure-getenv 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/conf/conf_api.c 2018-07-16 18:01:11.708359766 +0200 +@@ -9,6 +9,8 @@ + + /* Part of the code in here was originally in conf.c, which is now removed */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE + #include "e_os.h" + #include + #include +@@ -82,7 +84,7 @@ char *_CONF_get_string(const CONF *conf, + if (v != NULL) + return v->value; + if (strcmp(section, "ENV") == 0) { +- p = getenv(name); ++ p = secure_getenv(name); + if (p != NULL) + return p; + } +diff -up openssl-1.1.1-pre8/crypto/conf/conf_mod.c.secure-getenv openssl-1.1.1-pre8/crypto/conf/conf_mod.c +--- openssl-1.1.1-pre8/crypto/conf/conf_mod.c.secure-getenv 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/conf/conf_mod.c 2018-07-16 18:02:37.308383955 +0200 +@@ -7,6 +7,8 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE + #include "internal/cryptlib.h" + #include + #include +@@ -481,7 +483,7 @@ char *CONF_get1_default_config_file(void + int len; + + if (!OPENSSL_issetugid()) { +- file = getenv("OPENSSL_CONF"); ++ file = secure_getenv("OPENSSL_CONF"); + if (file) + return OPENSSL_strdup(file); + } +diff -up openssl-1.1.1-pre8/crypto/ct/ct_log.c.secure-getenv openssl-1.1.1-pre8/crypto/ct/ct_log.c +--- openssl-1.1.1-pre8/crypto/ct/ct_log.c.secure-getenv 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/ct/ct_log.c 2018-07-16 18:01:11.708359766 +0200 +@@ -7,6 +7,8 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE + #include + #include + +@@ -137,7 +139,7 @@ static int ctlog_new_from_conf(CTLOG **c + + int CTLOG_STORE_load_default_file(CTLOG_STORE *store) + { +- const char *fpath = getenv(CTLOG_FILE_EVP); ++ const char *fpath = secure_getenv(CTLOG_FILE_EVP); + + if (fpath == NULL) + fpath = CTLOG_FILE; +diff -up openssl-1.1.1-pre8/crypto/engine/eng_list.c.secure-getenv openssl-1.1.1-pre8/crypto/engine/eng_list.c +--- openssl-1.1.1-pre8/crypto/engine/eng_list.c.secure-getenv 2018-06-20 16:48:10.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/engine/eng_list.c 2018-07-16 18:03:03.190996004 +0200 +@@ -8,6 +8,8 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE + #include "eng_int.h" + + /* +@@ -318,7 +320,7 @@ ENGINE *ENGINE_by_id(const char *id) + */ + if (strcmp(id, "dynamic")) { + if (OPENSSL_issetugid() +- || (load_dir = getenv("OPENSSL_ENGINES")) == NULL) ++ || (load_dir = secure_getenv("OPENSSL_ENGINES")) == NULL) + load_dir = ENGINESDIR; + iterator = ENGINE_by_id("dynamic"); + if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || +diff -up openssl-1.1.1-pre8/crypto/mem.c.secure-getenv openssl-1.1.1-pre8/crypto/mem.c +--- openssl-1.1.1-pre8/crypto/mem.c.secure-getenv 2018-06-20 16:48:11.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/mem.c 2018-07-16 18:01:11.709359790 +0200 +@@ -7,6 +7,8 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE + #include "e_os.h" + #include "internal/cryptlib.h" + #include "internal/cryptlib_int.h" +@@ -180,11 +182,11 @@ static int shouldfail(void) + + void ossl_malloc_setup_failures(void) + { +- const char *cp = getenv("OPENSSL_MALLOC_FAILURES"); ++ const char *cp = secure_getenv("OPENSSL_MALLOC_FAILURES"); + + if (cp != NULL && (md_failstring = strdup(cp)) != NULL) + parseit(); +- if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL) ++ if ((cp = secure_getenv("OPENSSL_MALLOC_FD")) != NULL) + md_tracefd = atoi(cp); + } + #endif +diff -up openssl-1.1.1-pre8/crypto/rand/randfile.c.secure-getenv openssl-1.1.1-pre8/crypto/rand/randfile.c +--- openssl-1.1.1-pre8/crypto/rand/randfile.c.secure-getenv 2018-06-20 16:48:11.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/rand/randfile.c 2018-07-16 18:01:11.709359790 +0200 +@@ -7,6 +7,8 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE + #include "internal/cryptlib.h" + + #include +@@ -264,7 +266,7 @@ const char *RAND_file_name(char *buf, si + #else + if (OPENSSL_issetugid() != 0) { + use_randfile = 0; +- } else if ((s = getenv("RANDFILE")) == NULL || *s == '\0') { ++ } else if ((s = secure_getenv("RANDFILE")) == NULL || *s == '\0') { + use_randfile = 0; + s = getenv("HOME"); + } +diff -up openssl-1.1.1-pre8/crypto/x509/by_dir.c.secure-getenv openssl-1.1.1-pre8/crypto/x509/by_dir.c +--- openssl-1.1.1-pre8/crypto/x509/by_dir.c.secure-getenv 2018-06-20 16:48:11.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/x509/by_dir.c 2018-07-16 18:03:43.355945786 +0200 +@@ -7,6 +7,8 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE + #include "e_os.h" + #include "internal/cryptlib.h" + #include +@@ -73,7 +75,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in + switch (cmd) { + case X509_L_ADD_DIR: + if (argl == X509_FILETYPE_DEFAULT) { +- const char *dir = getenv(X509_get_default_cert_dir_env()); ++ const char *dir = secure_getenv(X509_get_default_cert_dir_env()); + + if (dir) + ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); +diff -up openssl-1.1.1-pre8/crypto/x509/by_file.c.secure-getenv openssl-1.1.1-pre8/crypto/x509/by_file.c +--- openssl-1.1.1-pre8/crypto/x509/by_file.c.secure-getenv 2018-06-20 16:48:11.000000000 +0200 ++++ openssl-1.1.1-pre8/crypto/x509/by_file.c 2018-07-16 18:01:11.709359790 +0200 +@@ -7,6 +7,8 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE + #include + #include + #include +@@ -46,7 +48,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx + switch (cmd) { + case X509_L_FILE_LOAD: + if (argl == X509_FILETYPE_DEFAULT) { +- file = getenv(X509_get_default_cert_file_env()); ++ file = secure_getenv(X509_get_default_cert_file_env()); + if (file) + ok = (X509_load_cert_crl_file(ctx, file, + X509_FILETYPE_PEM) != 0); diff --git a/openssl-1.1.0-system-cipherlist.patch b/openssl-1.1.1-system-cipherlist.patch similarity index 52% rename from openssl-1.1.0-system-cipherlist.patch rename to openssl-1.1.1-system-cipherlist.patch index 9f63162..98c0851 100644 --- a/openssl-1.1.0-system-cipherlist.patch +++ b/openssl-1.1.1-system-cipherlist.patch @@ -1,7 +1,7 @@ -diff -up openssl-1.1.0e/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.0e/Configurations/unix-Makefile.tmpl ---- openssl-1.1.0e/Configurations/unix-Makefile.tmpl.system-cipherlist 2017-02-16 16:15:38.658931413 +0100 -+++ openssl-1.1.0e/Configurations/unix-Makefile.tmpl 2017-02-16 16:15:38.675931806 +0100 -@@ -161,6 +161,10 @@ MANDIR=$(INSTALLTOP)/share/man +diff -up openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl +--- openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl.system-cipherlist 2018-07-25 10:13:06.325232356 +0200 ++++ openssl-1.1.1-pre8/Configurations/unix-Makefile.tmpl 2018-07-25 10:18:27.067863251 +0200 +@@ -176,6 +176,10 @@ MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) HTMLDIR=$(DOCDIR)/html @@ -12,19 +12,18 @@ diff -up openssl-1.1.0e/Configurations/unix-Makefile.tmpl.system-cipherlist open # MANSUFFIX is for the benefit of anyone who may want to have a suffix # appended after the manpage file section number. "ssl" is popular, # resulting in files such as config.5ssl rather than config.5. -@@ -171,7 +175,7 @@ HTMLSUFFIX=html - - CROSS_COMPILE= {- $config{cross_compile_prefix} -} - CC= $(CROSS_COMPILE){- $target{cc} -} --CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -} -+CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"\$(SYSTEM_CIPHERS_FILE_DEFINE)","-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -} - CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -} - LDFLAGS= {- $target{lflags} -} - PLIB_LDFLAGS= {- $target{plib_lflags} -} -diff -up openssl-1.1.0e/Configure.system-cipherlist openssl-1.1.0e/Configure ---- openssl-1.1.0e/Configure.system-cipherlist 2017-02-16 12:58:20.000000000 +0100 -+++ openssl-1.1.0e/Configure 2017-02-16 16:15:38.679931899 +0100 -@@ -18,7 +18,7 @@ use if $^O ne "VMS", 'File::Glob' => qw/ +@@ -199,6 +203,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -} + CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -} + CPPFLAGS={- our $cppflags1 = join(" ", + (map { "-D".$_} @{$config{CPPDEFINES}}), ++ "\$(SYSTEM_CIPHERS_FILE_DEFINE)", + (map { "-I".$_} @{$config{CPPINCLUDES}}), + @{$config{CPPFLAGS}}) -} + CFLAGS={- join(' ', @{$config{CFLAGS}}) -} +diff -up openssl-1.1.1-pre8/Configure.system-cipherlist openssl-1.1.1-pre8/Configure +--- openssl-1.1.1-pre8/Configure.system-cipherlist 2018-06-20 16:48:09.000000000 +0200 ++++ openssl-1.1.1-pre8/Configure 2018-07-25 10:13:06.346232856 +0200 +@@ -21,7 +21,7 @@ use OpenSSL::Glob; # see INSTALL for instructions. @@ -33,7 +32,7 @@ diff -up openssl-1.1.0e/Configure.system-cipherlist openssl-1.1.0e/Configure # Options: # -@@ -35,6 +35,9 @@ my $usage="Usage: Configure [no- +@@ -38,6 +38,9 @@ my $usage="Usage: Configure [no- # This becomes the value of OPENSSLDIR in Makefile and in C. # (Default: PREFIX/ssl) # @@ -43,38 +42,38 @@ diff -up openssl-1.1.0e/Configure.system-cipherlist openssl-1.1.0e/Configure # --cross-compile-prefix Add specified prefix to binutils components. # # --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for -@@ -293,6 +296,7 @@ $config{openssldir}=""; +@@ -291,6 +294,7 @@ $config{prefix}=""; + $config{openssldir}=""; $config{processor}=""; $config{libdir}=""; - $config{cross_compile_prefix}=""; +$config{system_ciphers_file}=""; - $config{fipslibdir}="/usr/local/ssl/fips-2.0/lib/"; - my $nofipscanistercheck=0; - $config{baseaddr}="0xFB00000"; -@@ -718,6 +722,10 @@ while (@argvcopy) - { - $config{baseaddr}="$1"; - } + my $auto_threads=1; # enable threads automatically? true by default + my $default_ranlib; + +@@ -814,6 +818,10 @@ while (@argvcopy) + push @seed_sources, $x; + } + } + elsif (/^--system-ciphers-file=(.*)$/) + { + $config{system_ciphers_file}=$1; + } elsif (/^--cross-compile-prefix=(.*)$/) { - $config{cross_compile_prefix}=$1; -@@ -851,6 +859,8 @@ if ($target =~ m/^CygWin32(-.*)$/) { - $target = "Cygwin".$1; + $user{CROSS_COMPILE}=$1; +@@ -1000,6 +1008,8 @@ if ($target eq "HASH") { + exit 0; } +chop $config{system_ciphers_file} if $config{system_ciphers_file} =~ /\/$/; + - foreach (sort (keys %disabled)) - { - $config{options} .= " no-$_"; -diff -up openssl-1.1.0e/doc/apps/ciphers.pod.system-cipherlist openssl-1.1.0e/doc/apps/ciphers.pod ---- openssl-1.1.0e/doc/apps/ciphers.pod.system-cipherlist 2017-02-16 12:58:22.000000000 +0100 -+++ openssl-1.1.0e/doc/apps/ciphers.pod 2017-02-16 16:37:14.043219953 +0100 -@@ -181,6 +181,15 @@ As of OpenSSL 1.0.0, the B cipher s + print "Configuring OpenSSL version $config{version} ($config{version_num}) "; + print "for $target\n"; + +diff -up openssl-1.1.1-pre8/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1-pre8/doc/man1/ciphers.pod +--- openssl-1.1.1-pre8/doc/man1/ciphers.pod.system-cipherlist 2018-06-20 16:48:12.000000000 +0200 ++++ openssl-1.1.1-pre8/doc/man1/ciphers.pod 2018-07-25 10:13:06.346232856 +0200 +@@ -200,6 +200,15 @@ As of OpenSSL 1.0.0, the B cipher s The cipher suites not enabled by B, currently B. @@ -89,11 +88,11 @@ diff -up openssl-1.1.0e/doc/apps/ciphers.pod.system-cipherlist openssl-1.1.0e/do + =item B - "high" encryption cipher suites. This currently means those with key lengths -diff -up openssl-1.1.0e/include/openssl/ssl.h.system-cipherlist openssl-1.1.0e/include/openssl/ssl.h ---- openssl-1.1.0e/include/openssl/ssl.h.system-cipherlist 2017-02-16 12:58:23.000000000 +0100 -+++ openssl-1.1.0e/include/openssl/ssl.h 2017-02-16 16:15:38.676931830 +0100 -@@ -201,6 +201,11 @@ extern "C" { + "High" encryption cipher suites. This currently means those with key lengths +diff -up openssl-1.1.1-pre8/include/openssl/ssl.h.system-cipherlist openssl-1.1.1-pre8/include/openssl/ssl.h +--- openssl-1.1.1-pre8/include/openssl/ssl.h.system-cipherlist 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/include/openssl/ssl.h 2018-07-25 10:13:06.346232856 +0200 +@@ -186,6 +186,11 @@ extern "C" { * throwing out anonymous and unencrypted ciphersuites! (The latter are not * actually enabled by ALL, but "ALL:RSA" would enable some of them.) */ @@ -105,12 +104,21 @@ diff -up openssl-1.1.0e/include/openssl/ssl.h.system-cipherlist openssl-1.1.0e/i /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 -diff -up openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0e/ssl/ssl_ciph.c ---- openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist 2017-02-16 12:58:23.000000000 +0100 -+++ openssl-1.1.0e/ssl/ssl_ciph.c 2017-02-16 16:15:38.691932177 +0100 -@@ -1289,6 +1289,50 @@ static int check_suiteb_cipher_list(cons +diff -up openssl-1.1.1-pre8/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1-pre8/ssl/ssl_ciph.c +--- openssl-1.1.1-pre8/ssl/ssl_ciph.c.system-cipherlist 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/ssl/ssl_ciph.c 2018-07-25 10:36:36.475896866 +0200 +@@ -9,6 +9,8 @@ + * https://www.openssl.org/source/license.html + */ + ++/* for secure_getenv */ ++#define _GNU_SOURCE + #include + #include + #include +@@ -1400,6 +1402,53 @@ int SSL_set_ciphersuites(SSL *s, const c + return ret; } - #endif +#ifdef SYSTEM_CIPHERS_FILE +static char *load_system_str(const char *suffix) @@ -118,9 +126,12 @@ diff -up openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0e/ssl/ssl_ + FILE *fp; + char buf[1024]; + char *new_rules; ++ const char *ciphers_path; + unsigned len, slen; + -+ fp = fopen(SYSTEM_CIPHERS_FILE, "r"); ++ if ((ciphers_path = secure_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL) ++ ciphers_path = SYSTEM_CIPHERS_FILE; ++ fp = fopen(ciphers_path, "r"); + if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) { + /* cannot open or file is empty */ + snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST); @@ -156,15 +167,10 @@ diff -up openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0e/ssl/ssl_ +} +#endif + - STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) - **cipher_list, STACK_OF(SSL_CIPHER) - **cipher_list_by_id, -@@ -1296,19 +1341,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ - { - int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; - uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac; -- STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; -+ STACK_OF(SSL_CIPHER) *cipherstack = NULL, *tmp_cipher_list; + STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, + STACK_OF(SSL_CIPHER) *tls13_ciphersuites, + STACK_OF(SSL_CIPHER) **cipher_list, +@@ -1413,15 +1462,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ const char *rule_p; CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; const SSL_CIPHER **ca_list = NULL; @@ -184,134 +190,121 @@ diff -up openssl-1.1.0e/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.0e/ssl/ssl_ */ if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) - return NULL; -+ goto end; ++ goto err; #ifndef OPENSSL_NO_EC if (!check_suiteb_cipher_list(ssl_method, c, &rule_str)) - return NULL; -+ goto end; ++ goto err; #endif /* -@@ -1331,7 +1386,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1444,7 +1503,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); if (co_list == NULL) { SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); -- return (NULL); /* Failure */ -+ goto end; +- return NULL; /* Failure */ ++ goto err; } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, -@@ -1401,8 +1456,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1510,8 +1569,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ * in force within each class */ if (!ssl_cipher_strength_sort(&head, &tail)) { - OPENSSL_free(co_list); - return NULL; -+ goto end; ++ goto err; } /* -@@ -1447,9 +1501,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1556,9 +1614,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); if (ca_list == NULL) { - OPENSSL_free(co_list); SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); -- return (NULL); /* Failure */ -+ goto end; +- return NULL; /* Failure */ ++ goto err; } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mkey, disabled_auth, disabled_enc, -@@ -1475,8 +1528,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1584,8 +1641,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ OPENSSL_free(ca_list); /* Not needed anymore */ if (!ok) { /* Rule processing failure */ - OPENSSL_free(co_list); -- return (NULL); -+ goto end; +- return NULL; ++ goto err; } /* -@@ -1484,8 +1536,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1593,14 +1649,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ * if we cannot get one. */ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { - OPENSSL_free(co_list); -- return (NULL); -+ goto end; - } - - /* -@@ -1496,21 +1547,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ - if (curr->active - && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) { - if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { -- OPENSSL_free(co_list); - sk_SSL_CIPHER_free(cipherstack); -- return NULL; -+ cipherstack = NULL; -+ goto end; - } - #ifdef CIPHER_DEBUG - fprintf(stderr, "<%s>\n", curr->cipher->name); - #endif - } - } -- OPENSSL_free(co_list); /* Not needed any longer */ - - tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); - if (tmp_cipher_list == NULL) { - sk_SSL_CIPHER_free(cipherstack); - return NULL; -+ cipherstack = NULL; -+ goto end; ++ goto err; } - sk_SSL_CIPHER_free(*cipher_list); - *cipher_list = cipherstack; -@@ -1520,6 +1571,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ - (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp); - sk_SSL_CIPHER_sort(*cipher_list_by_id); ++#ifdef SYSTEM_CIPHERS_FILE ++ OPENSSL_free(new_rules); /* Not needed anymore */ ++#endif + -+ end: + /* Add TLSv1.3 ciphers first - we always prefer those if possible */ + for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { + if (!sk_SSL_CIPHER_push(cipherstack, + sk_SSL_CIPHER_value(tls13_ciphersuites, i))) { ++ OPENSSL_free(co_list); + sk_SSL_CIPHER_free(cipherstack); + return NULL; + } +@@ -1632,6 +1692,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ + *cipher_list = cipherstack; + + return cipherstack; ++ ++err: + OPENSSL_free(co_list); +#ifdef SYSTEM_CIPHERS_FILE + OPENSSL_free(new_rules); +#endif - return (cipherstack); ++ return NULL; ++ } -diff -up openssl-1.1.0e/ssl/ssl_lib.c.system-cipherlist openssl-1.1.0e/ssl/ssl_lib.c ---- openssl-1.1.0e/ssl/ssl_lib.c.system-cipherlist 2017-02-16 16:15:38.673931760 +0100 -+++ openssl-1.1.0e/ssl/ssl_lib.c 2017-02-16 16:15:38.692932200 +0100 -@@ -509,7 +509,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx - - sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), + char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1-pre8/ssl/ssl_lib.c +--- openssl-1.1.1-pre8/ssl/ssl_lib.c.system-cipherlist 2018-07-25 10:13:06.347232880 +0200 ++++ openssl-1.1.1-pre8/ssl/ssl_lib.c 2018-07-25 10:37:38.715394989 +0200 +@@ -658,7 +658,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx + ctx->tls13_ciphersuites, + &(ctx->cipher_list), &(ctx->cipher_list_by_id), - SSL_DEFAULT_CIPHER_LIST, ctx->cert); + SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); - return (0); -@@ -2403,7 +2403,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m - #endif + return 0; +@@ -2931,7 +2931,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m if (!ssl_create_cipher_list(ret->method, + ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, - SSL_DEFAULT_CIPHER_LIST, ret->cert) + SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert) || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; -diff -up openssl-1.1.0e/test/cipherlist_test.c.system-cipherlist openssl-1.1.0e/test/cipherlist_test.c ---- openssl-1.1.0e/test/cipherlist_test.c.system-cipherlist 2017-02-16 12:58:24.000000000 +0100 -+++ openssl-1.1.0e/test/cipherlist_test.c 2017-02-16 16:15:38.677931853 +0100 -@@ -190,7 +190,9 @@ int main(int argc, char **argv) - { - int result = 0; +diff -up openssl-1.1.1-pre8/test/cipherlist_test.c.system-cipherlist openssl-1.1.1-pre8/test/cipherlist_test.c +--- openssl-1.1.1-pre8/test/cipherlist_test.c.system-cipherlist 2018-07-25 10:13:06.348232903 +0200 ++++ openssl-1.1.1-pre8/test/cipherlist_test.c 2018-07-25 10:39:08.887552814 +0200 +@@ -217,7 +217,9 @@ static int test_default_cipherlist_expli + int setup_tests(void) + { +#ifndef SYSTEM_CIPHERS_FILE ADD_TEST(test_default_cipherlist_implicit); +#endif ADD_TEST(test_default_cipherlist_explicit); - - result = run_tests(argv[0]); + return 1; + } diff --git a/openssl-1.1.1-version-add-engines.patch b/openssl-1.1.1-version-add-engines.patch new file mode 100644 index 0000000..3c3f58e --- /dev/null +++ b/openssl-1.1.1-version-add-engines.patch @@ -0,0 +1,38 @@ +diff -up openssl-1.1.1-pre8/apps/version.c.version-add-engines openssl-1.1.1-pre8/apps/version.c +--- openssl-1.1.1-pre8/apps/version.c.version-add-engines 2018-06-20 16:48:09.000000000 +0200 ++++ openssl-1.1.1-pre8/apps/version.c 2018-07-16 18:00:40.608624346 +0200 +@@ -64,7 +64,7 @@ int version_main(int argc, char **argv) + { + int ret = 1, dirty = 0, seed = 0; + int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0; +- int engdir = 0; ++ int engdir = 0, engines = 0; + char *prog; + OPTION_CHOICE o; + +@@ -106,7 +106,7 @@ opthelp: + break; + case OPT_A: + seed = options = cflags = version = date = platform = dir = engdir +- = 1; ++ = engines = 1; + break; + } + } +@@ -188,6 +188,16 @@ opthelp: + #endif + printf("\n"); + } ++ if (engines) { ++ ENGINE *e; ++ printf("engines: "); ++ e = ENGINE_get_first(); ++ while (e) { ++ printf("%s ", ENGINE_get_id(e)); ++ e = ENGINE_get_next(e); ++ } ++ printf("\n"); ++ } + ret = 0; + end: + return ret; diff --git a/openssl-1.1.1-version-override.patch b/openssl-1.1.1-version-override.patch new file mode 100644 index 0000000..dae63f9 --- /dev/null +++ b/openssl-1.1.1-version-override.patch @@ -0,0 +1,14 @@ +diff -up openssl-1.1.1-pre8/include/openssl/opensslv.h.version-override openssl-1.1.1-pre8/include/openssl/opensslv.h +--- openssl-1.1.1-pre8/include/openssl/opensslv.h.version-override 2018-06-20 16:48:13.000000000 +0200 ++++ openssl-1.1.1-pre8/include/openssl/opensslv.h 2018-07-25 11:03:29.297543392 +0200 +@@ -39,8 +39,8 @@ extern "C" { + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-# define OPENSSL_VERSION_NUMBER 0x10101008L +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1-pre8 (beta) 20 Jun 2018" ++# define OPENSSL_VERSION_NUMBER 0x1010100fL ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1-pre8 (beta) FIPS 20 Jun 2018" + + /*- + * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/openssl.spec b/openssl.spec index 827f727..ff9e2f4 100644 --- a/openssl.spec +++ b/openssl.spec @@ -19,15 +19,17 @@ %global _performance_build 1 +%global prerelease pre8 + Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 1.1.0h -Release: 6%{?dist} +Version: 1.1.1 +Release: 0.%{prerelease}%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. # The original openssl upstream tarball cannot be shipped in the .src.rpm. -Source: openssl-%{version}-hobbled.tar.xz +Source: openssl-%{version}-%{prerelease}-hobbled.tar.xz Source1: hobble-openssl Source2: Makefile.certificate Source6: make-dummy-cert @@ -38,30 +40,25 @@ Source11: README.FIPS Source12: ec_curve.c Source13: ectest.c # Build changes -Patch1: openssl-1.1.0-build.patch +Patch1: openssl-1.1.1-build.patch Patch2: openssl-1.1.0-defaults.patch Patch3: openssl-1.1.0-no-html.patch +Patch4: openssl-1.1.1-man-rename.patch # Bug fixes Patch21: openssl-1.1.0-issuer-hash.patch -Patch22: openssl-1.1.0-algo-doc.patch -Patch23: openssl-1.1.0-manfix.patch # Functionality changes Patch31: openssl-1.1.0-ca-dir.patch -Patch32: openssl-1.1.0-version-add-engines.patch +Patch32: openssl-1.1.1-version-add-engines.patch Patch33: openssl-1.1.0-apps-dgst.patch -Patch35: openssl-1.1.0-chil-fixes.patch -Patch36: openssl-1.1.0-secure-getenv.patch -Patch37: openssl-1.1.0-ec-curves.patch +Patch36: openssl-1.1.1-secure-getenv.patch +Patch37: openssl-1.1.1-ec-curves.patch Patch38: openssl-1.1.0-no-weak-verify.patch -Patch39: openssl-1.1.0-cc-reqs.patch -Patch40: openssl-1.1.0-disable-ssl3.patch -Patch41: openssl-1.1.0-system-cipherlist.patch -Patch42: openssl-1.1.0-fips.patch -Patch44: openssl-1.1.0-bio-fd-preserve-nl.patch +Patch40: openssl-1.1.1-disable-ssl3.patch +Patch41: openssl-1.1.1-system-cipherlist.patch +Patch42: openssl-1.1.1-fips.patch +Patch44: openssl-1.1.1-version-override.patch Patch45: openssl-1.1.0-weak-ciphers.patch -Patch46: openssl-1.1.0-silent-rnd-write.patch # Backported fixes including security fixes -Patch70: openssl-1.1.0-missing-quotes.patch License: OpenSSL Group: System Environment/Libraries @@ -71,6 +68,7 @@ BuildRequires: coreutils, krb5-devel, perl-interpreter, sed, zlib-devel, /usr/bi BuildRequires: lksctp-tools-devel BuildRequires: /usr/bin/rename BuildRequires: /usr/bin/pod2man +BuildRequires: /usr/sbin/sysctl BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt) BuildRequires: perl(Module::Load::Conditional), perl(File::Temp) BuildRequires: perl(Time::HiRes) @@ -134,7 +132,7 @@ package provides Perl scripts for converting certificates and keys from other formats to the formats used by the OpenSSL toolkit. %prep -%setup -q -n %{name}-%{version} +%setup -q -n %{name}-%{version}-%{prerelease} # The hobble_openssl is called here redundantly, just to be sure. # The tarball has already the sources removed. @@ -146,27 +144,22 @@ cp %{SOURCE13} test/ %patch1 -p1 -b .build %{?_rawbuild} %patch2 -p1 -b .defaults %patch3 -p1 -b .no-html %{?_rawbuild} +%patch4 -p1 -b .man-rename %patch21 -p1 -b .issuer-hash -%patch22 -p1 -b .algo-doc -%patch23 -p1 -b .manfix %patch31 -p1 -b .ca-dir %patch32 -p1 -b .version-add-engines %patch33 -p1 -b .dgst -%patch35 -p1 -b .chil %patch36 -p1 -b .secure-getenv %patch37 -p1 -b .curves %patch38 -p1 -b .no-weak-verify -%patch39 -p1 -b .cc-reqs %patch40 -p1 -b .disable-ssl3 %patch41 -p1 -b .system-cipherlist %patch42 -p1 -b .fips -%patch44 -p1 -b .preserve-nl +%patch44 -p1 -b .version-override %patch45 -p1 -b .weak-ciphers -%patch46 -p1 -b .silent-rnd-write -%patch70 -p1 -b .missing-quotes %build # Figure out which flags we want to use. @@ -246,7 +239,7 @@ export HASHBANGPERL=/usr/bin/perl zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \ enable-weak-ssl-ciphers \ - no-mdc2 no-ec2m \ + no-mdc2 no-ec2m no-sm2 \ shared ${sslarch} $RPM_OPT_FLAGS # Do not run this in a production package the FIPS symbols must be patched-in @@ -265,6 +258,13 @@ done %check # Verify that what was compiled actually works. +# Hack - either enable SCTP AUTH chunks in kernel or disable sctp for check +(sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \ +(echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' && + sed '/"zlib-dynamic" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \ + touch -r configdata.pm configdata.pm.new && \ + mv -f configdata.pm.new configdata.pm) + # We must revert patch31 before tests otherwise they will fail patch -p1 -R < %{PATCH31} @@ -276,6 +276,8 @@ crypto/fips/fips_standalone_hmac libssl.so.%{soversion} >.libssl.so.%{soversion} ln -s .libssl.so.%{soversion}.hmac .libssl.so.hmac OPENSSL_ENABLE_MD5_VERIFY= export OPENSSL_ENABLE_MD5_VERIFY +OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file +export OPENSSL_SYSTEM_CIPHERS_OVERRIDE make test # Add generation of HMAC checksum of the final stripped library @@ -344,11 +346,13 @@ mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/certs mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/crl mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts -# Ensure the openssl.cnf timestamp is identical across builds to avoid +# Ensure the config file timestamps are identical across builds to avoid # mulitlib conflicts and unnecessary renames on upgrade touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf +touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist +rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist # Determine which arch opensslconf.h is going to try to #include. basearch=%{_arch} @@ -399,6 +403,7 @@ export LD_LIBRARY_PATH %dir %{_sysconfdir}/pki/tls/misc %dir %{_sysconfdir}/pki/tls/private %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf +%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf %attr(0755,root,root) %{_libdir}/libcrypto.so.%{version} %attr(0755,root,root) %{_libdir}/libcrypto.so.%{soversion} %attr(0755,root,root) %{_libdir}/libssl.so.%{version} @@ -435,6 +440,9 @@ export LD_LIBRARY_PATH %postun libs -p /sbin/ldconfig %changelog +* Wed Jul 25 2018 Tomáš Mráz 1.1.1-0.pre8.1 +- update to the latest 1.1.1 beta version + * Fri Jul 13 2018 Fedora Release Engineering - 1:1.1.0h-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild diff --git a/sources b/sources index b8fb121..1e0d81a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-1.1.0h-hobbled.tar.xz) = cba4641956d6593f5cf5164bed12fb3acfaa9c24a69d5642cc0267d0918555450a12ddeac6e02b246afa64e7019f35baa0d9302d1f06e3be5555d8340319c5e4 +SHA512 (openssl-1.1.1-pre8-hobbled.tar.xz) = eca0c8843c69fc3dcd1a27d56107368548f5674a64decc62ff48196d30485f287550bb671ca8bc48aeef482a8419462638bf152850c741e4554219230f4c4582