Rebase to upstream release 3.1.1
Signed-off-by: Sahana Prasad <sahana@redhat.com>
This commit is contained in:
parent
2b0eda88de
commit
9409bc7044
1
.gitignore
vendored
1
.gitignore
vendored
@ -58,3 +58,4 @@ openssl-1.0.0a-usa.tar.bz2
|
|||||||
/openssl-3.0.7-hobbled.tar.gz
|
/openssl-3.0.7-hobbled.tar.gz
|
||||||
/openssl-3.0.8-hobbled.tar.gz
|
/openssl-3.0.8-hobbled.tar.gz
|
||||||
/openssl-3.0.8.tar.gz
|
/openssl-3.0.8.tar.gz
|
||||||
|
/openssl-3.1.1.tar.gz
|
||||||
|
@ -272,9 +272,9 @@ index 404a706fab..e81fa9ec3e 100644
|
|||||||
--- a/util/libcrypto.num
|
--- a/util/libcrypto.num
|
||||||
+++ b/util/libcrypto.num
|
+++ b/util/libcrypto.num
|
||||||
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION:
|
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION:
|
||||||
OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
|
EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
|
||||||
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
|
BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
|
||||||
OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP
|
OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
|
||||||
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
||||||
--
|
--
|
||||||
2.26.2
|
2.26.2
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c
|
diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c
|
||||||
--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100
|
--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100
|
||||||
+++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100
|
+++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100
|
||||||
@@ -12,11 +12,46 @@
|
@@ -12,6 +12,41 @@
|
||||||
#include "crypto/ctype.h"
|
#include "internal/provider.h"
|
||||||
#include "crypto/rand.h"
|
#include "crypto/context.h"
|
||||||
|
|
||||||
+# include <sys/types.h>
|
+# include <sys/types.h>
|
||||||
+# include <sys/stat.h>
|
+# include <sys/stat.h>
|
||||||
@ -11,11 +11,6 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1
|
|||||||
+# include <unistd.h>
|
+# include <unistd.h>
|
||||||
+# include <openssl/evp.h>
|
+# include <openssl/evp.h>
|
||||||
+
|
+
|
||||||
struct ossl_lib_ctx_onfree_list_st {
|
|
||||||
ossl_lib_ctx_onfree_fn *fn;
|
|
||||||
struct ossl_lib_ctx_onfree_list_st *next;
|
|
||||||
};
|
|
||||||
|
|
||||||
+# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
|
+# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
|
||||||
+
|
+
|
||||||
+static int kernel_fips_flag;
|
+static int kernel_fips_flag;
|
||||||
@ -46,16 +41,16 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1
|
|||||||
+
|
+
|
||||||
+
|
+
|
||||||
struct ossl_lib_ctx_st {
|
struct ossl_lib_ctx_st {
|
||||||
CRYPTO_RWLOCK *lock;
|
CRYPTO_RWLOCK *lock, *rand_crngt_lock;
|
||||||
CRYPTO_EX_DATA data;
|
OSSL_EX_DATA_GLOBAL global;
|
||||||
@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte
|
@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte
|
||||||
|
|
||||||
DEFINE_RUN_ONCE_STATIC(default_context_do_init)
|
DEFINE_RUN_ONCE_STATIC(default_context_do_init)
|
||||||
{
|
{
|
||||||
+ read_kernel_fips_flag();
|
+ read_kernel_fips_flag();
|
||||||
return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL)
|
if (!CRYPTO_THREAD_init_local(&default_context_thread_local, NULL))
|
||||||
&& context_init(&default_context_int);
|
goto err;
|
||||||
}
|
|
||||||
diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/include/internal/provider.h
|
diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/include/internal/provider.h
|
||||||
--- openssl-3.0.1/include/internal/provider.h.embed-fips 2022-01-11 13:13:08.323238760 +0100
|
--- openssl-3.0.1/include/internal/provider.h.embed-fips 2022-01-11 13:13:08.323238760 +0100
|
||||||
+++ openssl-3.0.1/include/internal/provider.h 2022-01-11 13:13:43.522558909 +0100
|
+++ openssl-3.0.1/include/internal/provider.h 2022-01-11 13:13:43.522558909 +0100
|
||||||
|
@ -1,15 +1,3 @@
|
|||||||
diff -up openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit openssl-3.0.0/test/recipes/90-test_sslapi.t
|
|
||||||
--- openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit 2021-09-22 11:56:49.452507975 +0200
|
|
||||||
+++ openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-09-22 11:57:19.371764742 +0200
|
|
||||||
@@ -40,7 +40,7 @@ unless ($no_fips) {
|
|
||||||
"recipes",
|
|
||||||
"90-test_sslapi_data",
|
|
||||||
"dhparams.pem")])),
|
|
||||||
- "running sslapitest");
|
|
||||||
+ "running sslapitest - FIPS");
|
|
||||||
}
|
|
||||||
|
|
||||||
unlink $tmpfilename;
|
|
||||||
diff --git a/test/sslapitest.c b/test/sslapitest.c
|
diff --git a/test/sslapitest.c b/test/sslapitest.c
|
||||||
index e95d2657f46c..7af0eab3fce0 100644
|
index e95d2657f46c..7af0eab3fce0 100644
|
||||||
--- a/test/sslapitest.c
|
--- a/test/sslapitest.c
|
||||||
|
@ -1,9 +1,3 @@
|
|||||||
#Note: provider_conf_activate() is introduced in downstream only. It is a rewrite
|
|
||||||
#(partial) of the function provider_conf_load() under the 'if (activate) section.
|
|
||||||
#If there is any change to this section, after deleting it in provider_conf_load()
|
|
||||||
#ensure that you also add those changes to the provider_conf_activate() function.
|
|
||||||
#additionally please add this check for cnf explicitly as shown below.
|
|
||||||
#'ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;'
|
|
||||||
diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c
|
diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c
|
||||||
--- openssl-3.0.1/crypto/provider_conf.c.fipsact 2022-05-12 12:44:31.199034948 +0200
|
--- openssl-3.0.1/crypto/provider_conf.c.fipsact 2022-05-12 12:44:31.199034948 +0200
|
||||||
+++ openssl-3.0.1/crypto/provider_conf.c 2022-05-12 12:49:17.468318373 +0200
|
+++ openssl-3.0.1/crypto/provider_conf.c 2022-05-12 12:49:17.468318373 +0200
|
||||||
@ -15,73 +9,6 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provi
|
|||||||
#include <openssl/conf.h>
|
#include <openssl/conf.h>
|
||||||
#include <openssl/safestack.h>
|
#include <openssl/safestack.h>
|
||||||
#include <openssl/provider.h>
|
#include <openssl/provider.h>
|
||||||
@@ -136,58 +136,18 @@ static int prov_already_activated(const
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
|
|
||||||
- const char *value, const CONF *cnf)
|
|
||||||
+static int provider_conf_activate(OSSL_LIB_CTX *libctx,const char *name,
|
|
||||||
+ const char *value, const char *path,
|
|
||||||
+ int soft, const CONF *cnf)
|
|
||||||
{
|
|
||||||
- int i;
|
|
||||||
- STACK_OF(CONF_VALUE) *ecmds;
|
|
||||||
- int soft = 0;
|
|
||||||
- OSSL_PROVIDER *prov = NULL, *actual = NULL;
|
|
||||||
- const char *path = NULL;
|
|
||||||
- long activate = 0;
|
|
||||||
int ok = 0;
|
|
||||||
-
|
|
||||||
- name = skip_dot(name);
|
|
||||||
- OSSL_TRACE1(CONF, "Configuring provider %s\n", name);
|
|
||||||
- /* Value is a section containing PROVIDER commands */
|
|
||||||
- ecmds = NCONF_get_section(cnf, value);
|
|
||||||
-
|
|
||||||
- if (!ecmds) {
|
|
||||||
- ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR,
|
|
||||||
- "section=%s not found", value);
|
|
||||||
- return 0;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- /* Find the needed data first */
|
|
||||||
- for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
|
|
||||||
- CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i);
|
|
||||||
- const char *confname = skip_dot(ecmd->name);
|
|
||||||
- const char *confvalue = ecmd->value;
|
|
||||||
-
|
|
||||||
- OSSL_TRACE2(CONF, "Provider command: %s = %s\n",
|
|
||||||
- confname, confvalue);
|
|
||||||
-
|
|
||||||
- /* First handle some special pseudo confs */
|
|
||||||
-
|
|
||||||
- /* Override provider name to use */
|
|
||||||
- if (strcmp(confname, "identity") == 0)
|
|
||||||
- name = confvalue;
|
|
||||||
- else if (strcmp(confname, "soft_load") == 0)
|
|
||||||
- soft = 1;
|
|
||||||
- /* Load a dynamic PROVIDER */
|
|
||||||
- else if (strcmp(confname, "module") == 0)
|
|
||||||
- path = confvalue;
|
|
||||||
- else if (strcmp(confname, "activate") == 0)
|
|
||||||
- activate = 1;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if (activate) {
|
|
||||||
- PROVIDER_CONF_GLOBAL *pcgbl
|
|
||||||
- = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
|
|
||||||
- &provider_conf_ossl_ctx_method);
|
|
||||||
+ OSSL_PROVIDER *prov = NULL, *actual = NULL;
|
|
||||||
+ PROVIDER_CONF_GLOBAL *pcgbl
|
|
||||||
+ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
|
|
||||||
+ &provider_conf_ossl_ctx_method);
|
|
||||||
|
|
||||||
if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) {
|
|
||||||
- ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
|
|
||||||
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
if (!prov_already_activated(name, pcgbl->activated_providers)) {
|
|
||||||
@@ -216,7 +176,7 @@ static int provider_conf_load(OSSL_LIB_C
|
@@ -216,7 +176,7 @@ static int provider_conf_load(OSSL_LIB_C
|
||||||
if (path != NULL)
|
if (path != NULL)
|
||||||
ossl_provider_set_module_path(prov, path);
|
ossl_provider_set_module_path(prov, path);
|
||||||
@ -91,75 +18,12 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provi
|
|||||||
|
|
||||||
if (ok) {
|
if (ok) {
|
||||||
if (!ossl_provider_activate(prov, 1, 0)) {
|
if (!ossl_provider_activate(prov, 1, 0)) {
|
||||||
@@ -244,8 +204,59 @@ static int provider_conf_load(OSSL_LIB_C
|
@@ -306,6 +317,16 @@ static int provider_conf_init(CONF_IMODU
|
||||||
}
|
|
||||||
if (!ok)
|
|
||||||
ossl_provider_free(prov);
|
|
||||||
+ } else { /* No reason to activate the provider twice, returning OK */
|
|
||||||
+ ok = 1;
|
|
||||||
}
|
|
||||||
CRYPTO_THREAD_unlock(pcgbl->lock);
|
|
||||||
+ return ok;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
|
|
||||||
+ const char *value, const CONF *cnf)
|
|
||||||
+{
|
|
||||||
+ int i;
|
|
||||||
+ STACK_OF(CONF_VALUE) *ecmds;
|
|
||||||
+ int soft = 0;
|
|
||||||
+ const char *path = NULL;
|
|
||||||
+ long activate = 0;
|
|
||||||
+ int ok = 0;
|
|
||||||
+
|
|
||||||
+ name = skip_dot(name);
|
|
||||||
+ OSSL_TRACE1(CONF, "Configuring provider %s\n", name);
|
|
||||||
+ /* Value is a section containing PROVIDER commands */
|
|
||||||
+ ecmds = NCONF_get_section(cnf, value);
|
|
||||||
+
|
|
||||||
+ if (!ecmds) {
|
|
||||||
+ ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR,
|
|
||||||
+ "section=%s not found", value);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Find the needed data first */
|
|
||||||
+ for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
|
|
||||||
+ CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i);
|
|
||||||
+ const char *confname = skip_dot(ecmd->name);
|
|
||||||
+ const char *confvalue = ecmd->value;
|
|
||||||
+
|
|
||||||
+ OSSL_TRACE2(CONF, "Provider command: %s = %s\n",
|
|
||||||
+ confname, confvalue);
|
|
||||||
+
|
|
||||||
+ /* First handle some special pseudo confs */
|
|
||||||
+
|
|
||||||
+ /* Override provider name to use */
|
|
||||||
+ if (strcmp(confname, "identity") == 0)
|
|
||||||
+ name = confvalue;
|
|
||||||
+ else if (strcmp(confname, "soft_load") == 0)
|
|
||||||
+ soft = 1;
|
|
||||||
+ /* Load a dynamic PROVIDER */
|
|
||||||
+ else if (strcmp(confname, "module") == 0)
|
|
||||||
+ path = confvalue;
|
|
||||||
+ else if (strcmp(confname, "activate") == 0)
|
|
||||||
+ activate = 1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (activate) {
|
|
||||||
+ ok = provider_conf_activate(libctx, name, value, path, soft, cnf);
|
|
||||||
} else {
|
|
||||||
OSSL_PROVIDER_INFO entry;
|
|
||||||
|
|
||||||
@@ -306,6 +317,19 @@ static int provider_conf_init(CONF_IMODU
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
+ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */
|
+ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */
|
||||||
+ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf);
|
+ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf);
|
||||||
+ PROVIDER_CONF_GLOBAL *pcgbl
|
|
||||||
+ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
|
|
||||||
+ &provider_conf_ossl_ctx_method);
|
|
||||||
+ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1)
|
+ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1)
|
||||||
+ return 0;
|
+ return 0;
|
||||||
+ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1)
|
+ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1)
|
||||||
|
@ -2,8 +2,8 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
|
|||||||
--- openssl-3.0.7/providers/fips/self_test.c.embed-hmac 2023-01-05 10:03:44.864869710 +0100
|
--- openssl-3.0.7/providers/fips/self_test.c.embed-hmac 2023-01-05 10:03:44.864869710 +0100
|
||||||
+++ openssl-3.0.7/providers/fips/self_test.c 2023-01-05 10:15:17.041606472 +0100
|
+++ openssl-3.0.7/providers/fips/self_test.c 2023-01-05 10:15:17.041606472 +0100
|
||||||
@@ -172,11 +172,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void)
|
@@ -172,11 +172,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void)
|
||||||
|
return ok;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
+#define HMAC_LEN 32
|
+#define HMAC_LEN 32
|
||||||
+/*
|
+/*
|
||||||
@ -29,7 +29,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
|
|||||||
static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
|
static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
|
||||||
unsigned char *expected, size_t expected_len,
|
unsigned char *expected, size_t expected_len,
|
||||||
OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
|
OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
|
||||||
@@ -189,9 +205,20 @@ static int verify_integrity(OSSL_CORE_BI
|
@@ -189,12 +205,23 @@ static int verify_integrity(OSSL_CORE_BI
|
||||||
EVP_MAC *mac = NULL;
|
EVP_MAC *mac = NULL;
|
||||||
EVP_MAC_CTX *ctx = NULL;
|
EVP_MAC_CTX *ctx = NULL;
|
||||||
OSSL_PARAM params[2], *p = params;
|
OSSL_PARAM params[2], *p = params;
|
||||||
@ -39,6 +39,9 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
|
|||||||
+ unsigned long paddr;
|
+ unsigned long paddr;
|
||||||
+ unsigned long off = 0;
|
+ unsigned long off = 0;
|
||||||
|
|
||||||
|
if (!integrity_self_test(ev, libctx))
|
||||||
|
goto err;
|
||||||
|
|
||||||
OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
|
OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
|
||||||
|
|
||||||
+ if (!dladdr1 ((const void *)fips_hmac_container,
|
+ if (!dladdr1 ((const void *)fips_hmac_container,
|
||||||
@ -118,8 +121,8 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
|
|||||||
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
|
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
|
||||||
goto end;
|
goto end;
|
||||||
@@ -356,7 +413,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
@@ -356,7 +413,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
||||||
ok = 1;
|
|
||||||
end:
|
end:
|
||||||
|
EVP_RAND_free(testrand);
|
||||||
OSSL_SELF_TEST_free(ev);
|
OSSL_SELF_TEST_free(ev);
|
||||||
- OPENSSL_free(module_checksum);
|
- OPENSSL_free(module_checksum);
|
||||||
OPENSSL_free(indicator_checksum);
|
OPENSSL_free(indicator_checksum);
|
||||||
@ -159,8 +162,8 @@ diff -ruN openssl-3.0.0/test/recipes/03-test_fipsinstall.t openssl-3.0.0-xxx/tes
|
|||||||
-plan skip_all => "Test only supported in a fips build" if disabled("fips");
|
-plan skip_all => "Test only supported in a fips build" if disabled("fips");
|
||||||
+plan skip_all => "Test only supported in a fips build" if 1;
|
+plan skip_all => "Test only supported in a fips build" if 1;
|
||||||
|
|
||||||
plan tests => 29;
|
# Compatible options for pedantic FIPS compliance
|
||||||
|
my @pedantic_okay =
|
||||||
diff -ruN openssl-3.0.0/test/recipes/30-test_defltfips.t openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t
|
diff -ruN openssl-3.0.0/test/recipes/30-test_defltfips.t openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t
|
||||||
--- openssl-3.0.0/test/recipes/30-test_defltfips.t 2021-09-07 13:46:32.000000000 +0200
|
--- openssl-3.0.0/test/recipes/30-test_defltfips.t 2021-09-07 13:46:32.000000000 +0200
|
||||||
+++ openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t 2021-11-18 10:22:54.179659682 +0100
|
+++ openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t 2021-11-18 10:22:54.179659682 +0100
|
||||||
@ -194,9 +197,9 @@ diff -ruN openssl-3.0.0/test/recipes/90-test_sslapi.t openssl-3.0.0-xxx/test/rec
|
|||||||
|
|
||||||
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
||||||
+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
|
+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
|
||||||
|
my $fipsmodcfg_filename = "fipsmodule.cnf";
|
||||||
|
my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename);
|
||||||
|
|
||||||
plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
|
|
||||||
if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
|
|
||||||
--- /dev/null 2021-11-16 15:27:32.915000000 +0100
|
--- /dev/null 2021-11-16 15:27:32.915000000 +0100
|
||||||
+++ openssl-3.0.0/test/fipsmodule.cnf 2021-11-18 11:15:34.538060408 +0100
|
+++ openssl-3.0.0/test/fipsmodule.cnf 2021-11-18 11:15:34.538060408 +0100
|
||||||
@@ -0,0 +1,2 @@
|
@@ -0,0 +1,2 @@
|
||||||
|
@ -164,7 +164,7 @@ diff -up openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx openssl-3.0.0/doc/man
|
|||||||
diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in
|
diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in
|
||||||
--- openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac 2022-01-11 13:26:33.279906225 +0100
|
--- openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac 2022-01-11 13:26:33.279906225 +0100
|
||||||
+++ openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in 2022-01-11 13:33:18.757994419 +0100
|
+++ openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in 2022-01-11 13:33:18.757994419 +0100
|
||||||
@@ -8,236 +8,11 @@ openssl-fipsinstall - perform FIPS confi
|
@@ -8,275 +8,9 @@ openssl-fipsinstall - perform FIPS confi
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
|
||||||
B<openssl fipsinstall>
|
B<openssl fipsinstall>
|
||||||
@ -179,14 +179,18 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.
|
|||||||
-[B<-macopt> I<nm>:I<v>]
|
-[B<-macopt> I<nm>:I<v>]
|
||||||
-[B<-noout>]
|
-[B<-noout>]
|
||||||
-[B<-quiet>]
|
-[B<-quiet>]
|
||||||
|
-[B<-pedantic>]
|
||||||
-[B<-no_conditional_errors>]
|
-[B<-no_conditional_errors>]
|
||||||
-[B<-no_security_checks>]
|
-[B<-no_security_checks>]
|
||||||
|
-[B<-ems_check>]
|
||||||
|
-[B<-no_drbg_truncated_digests>]
|
||||||
-[B<-self_test_onload>]
|
-[B<-self_test_onload>]
|
||||||
|
-[B<-self_test_oninstall>]
|
||||||
-[B<-corrupt_desc> I<selftest_description>]
|
-[B<-corrupt_desc> I<selftest_description>]
|
||||||
-[B<-corrupt_type> I<selftest_type>]
|
-[B<-corrupt_type> I<selftest_type>]
|
||||||
-[B<-config> I<parent_config>]
|
-[B<-config> I<parent_config>]
|
||||||
|
-
|
||||||
=head1 DESCRIPTION
|
-=head1 DESCRIPTION
|
||||||
-
|
-
|
||||||
-This command is used to generate a FIPS module configuration file.
|
-This command is used to generate a FIPS module configuration file.
|
||||||
-This configuration file can be used each time a FIPS module is loaded
|
-This configuration file can be used each time a FIPS module is loaded
|
||||||
@ -315,6 +319,14 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.
|
|||||||
-
|
-
|
||||||
-Disable logging of the self tests.
|
-Disable logging of the self tests.
|
||||||
-
|
-
|
||||||
|
-=item B<-pedantic>
|
||||||
|
-
|
||||||
|
-Configure the module so that it is strictly FIPS compliant rather
|
||||||
|
-than being backwards compatible. This enables conditional errors,
|
||||||
|
-security checks etc. Note that any previous configuration options will
|
||||||
|
-be overwritten and any subsequent configuration options that violate
|
||||||
|
-FIPS compliance will result in an error.
|
||||||
|
-
|
||||||
-=item B<-no_conditional_errors>
|
-=item B<-no_conditional_errors>
|
||||||
-
|
-
|
||||||
-Configure the module to not enter an error state if a conditional self test
|
-Configure the module to not enter an error state if a conditional self test
|
||||||
@ -324,6 +336,20 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.
|
|||||||
-
|
-
|
||||||
-Configure the module to not perform run-time security checks as described above.
|
-Configure the module to not perform run-time security checks as described above.
|
||||||
-
|
-
|
||||||
|
-Enabling the configuration option "no-fips-securitychecks" provides another way to
|
||||||
|
-turn off the check at compile time.
|
||||||
|
-
|
||||||
|
-=item B<-ems_check>
|
||||||
|
-
|
||||||
|
-Configure the module to enable a run-time Extended Master Secret (EMS) check
|
||||||
|
-when using the TLS1_PRF KDF algorithm. This check is disabled by default.
|
||||||
|
-See RFC 7627 for information related to EMS.
|
||||||
|
-
|
||||||
|
-=item B<-no_drbg_truncated_digests>
|
||||||
|
-
|
||||||
|
-Configure the module to not allow truncated digests to be used with Hash and
|
||||||
|
-HMAC DRBGs. See FIPS 140-3 IG D.R for details.
|
||||||
|
-
|
||||||
-=item B<-self_test_onload>
|
-=item B<-self_test_onload>
|
||||||
-
|
-
|
||||||
-Do not write the two fields related to the "test status indicator" and
|
-Do not write the two fields related to the "test status indicator" and
|
||||||
@ -334,6 +360,14 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.
|
|||||||
-could possibly then add the 2 fields into the configuration using some other
|
-could possibly then add the 2 fields into the configuration using some other
|
||||||
-mechanism.
|
-mechanism.
|
||||||
-
|
-
|
||||||
|
-This is the default.
|
||||||
|
-
|
||||||
|
-=item B<-self_test_oninstall>
|
||||||
|
-
|
||||||
|
-The converse of B<-self_test_oninstall>. The two fields related to the
|
||||||
|
-"test status indicator" and "MAC status indicator" are written to the
|
||||||
|
-output configuration file.
|
||||||
|
-
|
||||||
-=item B<-quiet>
|
-=item B<-quiet>
|
||||||
-
|
-
|
||||||
-Do not output pass/fail messages. Implies B<-noout>.
|
-Do not output pass/fail messages. Implies B<-noout>.
|
||||||
@ -369,6 +403,11 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.
|
|||||||
-For normal usage the base configuration file should use the default provider
|
-For normal usage the base configuration file should use the default provider
|
||||||
-when generating the fips configuration file.
|
-when generating the fips configuration file.
|
||||||
-
|
-
|
||||||
|
-The B<-self_test_oninstall> option was added and the
|
||||||
|
-B<-self_test_onload> option was made the default in OpenSSL 3.1.
|
||||||
|
-
|
||||||
|
-The command and all remaining options were added in OpenSSL 3.0.
|
||||||
|
-
|
||||||
-=head1 EXAMPLES
|
-=head1 EXAMPLES
|
||||||
-
|
-
|
||||||
-Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test
|
-Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test
|
||||||
|
@ -89,21 +89,6 @@ diff -up openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 open
|
|||||||
|
|
||||||
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
|
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
|
||||||
|
|
||||||
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c
|
|
||||||
--- openssl-3.0.1/crypto/ec/ec_key.c.fips3 2022-07-25 14:03:34.420222507 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/ec/ec_key.c 2022-07-25 14:09:00.728164294 +0200
|
|
||||||
@@ -336,6 +336,11 @@ static int ec_generate_key(EC_KEY *eckey
|
|
||||||
|
|
||||||
OSSL_SELF_TEST_get_callback(eckey->libctx, &cb, &cbarg);
|
|
||||||
ok = ecdsa_keygen_pairwise_test(eckey, cb, cbarg);
|
|
||||||
+
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ ok &= ossl_ec_key_public_check(eckey, ctx);
|
|
||||||
+ ok &= ossl_ec_key_pairwise_check(eckey, ctx);
|
|
||||||
+#endif /* FIPS_MODULE */
|
|
||||||
}
|
|
||||||
err:
|
|
||||||
/* Step (9): If there is an error return an invalid keypair. */
|
|
||||||
diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_gen.c
|
diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_gen.c
|
||||||
--- openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 2022-07-25 17:02:17.807271297 +0200
|
--- openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 2022-07-25 17:02:17.807271297 +0200
|
||||||
+++ openssl-3.0.1/crypto/rsa/rsa_gen.c 2022-07-25 17:18:24.931959649 +0200
|
+++ openssl-3.0.1/crypto/rsa/rsa_gen.c 2022-07-25 17:18:24.931959649 +0200
|
||||||
|
@ -15,16 +15,8 @@ diff -up openssl-3.0.1/providers/common/capabilities.c.fipsmin3 openssl-3.0.1/pr
|
|||||||
diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/providers/fips/fipsprov.c
|
diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/providers/fips/fipsprov.c
|
||||||
--- openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 2022-05-05 11:42:58.596848856 +0200
|
--- openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 2022-05-05 11:42:58.596848856 +0200
|
||||||
+++ openssl-3.0.1/providers/fips/fipsprov.c 2022-05-05 11:55:42.997562712 +0200
|
+++ openssl-3.0.1/providers/fips/fipsprov.c 2022-05-05 11:55:42.997562712 +0200
|
||||||
@@ -54,7 +54,6 @@ static void fips_deinit_casecmp(void);
|
|
||||||
|
|
||||||
#define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK }
|
|
||||||
#define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
|
|
||||||
-
|
|
||||||
extern OSSL_FUNC_core_thread_start_fn *c_thread_start;
|
|
||||||
int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx);
|
|
||||||
|
|
||||||
@@ -191,13 +190,13 @@ static int fips_get_params(void *provctx
|
@@ -191,13 +190,13 @@ static int fips_get_params(void *provctx
|
||||||
&fips_prov_ossl_ctx_method);
|
OSSL_LIB_CTX_FIPS_PROV_INDEX);
|
||||||
|
|
||||||
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
|
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
|
||||||
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
|
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
|
||||||
@ -58,8 +50,8 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider
|
|||||||
ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions,
|
ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions,
|
||||||
ossl_cipher_capable_aes_cbc_hmac_sha256),
|
ossl_cipher_capable_aes_cbc_hmac_sha256),
|
||||||
#ifndef OPENSSL_NO_DES
|
#ifndef OPENSSL_NO_DES
|
||||||
- ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
|
- UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
|
||||||
- ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions),
|
- UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions),
|
||||||
+ /* We don't certify 3DES in our FIPS provider */
|
+ /* We don't certify 3DES in our FIPS provider */
|
||||||
+ /* ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
|
+ /* ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
|
||||||
+ ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), */
|
+ ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), */
|
||||||
@ -90,7 +82,7 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider
|
|||||||
#endif
|
#endif
|
||||||
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES,
|
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES,
|
||||||
ossl_kdf_tls1_prf_keyexch_functions },
|
ossl_kdf_tls1_prf_keyexch_functions },
|
||||||
@@ -403,12 +406,14 @@ static const OSSL_ALGORITHM fips_keyexch
|
@@ -403,13 +406,14 @@ static const OSSL_ALGORITHM fips_keyexch
|
||||||
|
|
||||||
static const OSSL_ALGORITHM fips_signature[] = {
|
static const OSSL_ALGORITHM fips_signature[] = {
|
||||||
#ifndef OPENSSL_NO_DSA
|
#ifndef OPENSSL_NO_DSA
|
||||||
@ -100,8 +92,9 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider
|
|||||||
#endif
|
#endif
|
||||||
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions },
|
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions },
|
||||||
#ifndef OPENSSL_NO_EC
|
#ifndef OPENSSL_NO_EC
|
||||||
- { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions },
|
- { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES,
|
||||||
- { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions },
|
- ossl_ed25519_signature_functions },
|
||||||
|
- { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },
|
||||||
+ /* We don't certify Edwards curves in our FIPS provider */
|
+ /* We don't certify Edwards curves in our FIPS provider */
|
||||||
+ /* { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions },
|
+ /* { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions },
|
||||||
+ { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, */
|
+ { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, */
|
||||||
@ -130,9 +123,9 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider
|
|||||||
PROV_DESCS_X25519 },
|
PROV_DESCS_X25519 },
|
||||||
{ PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions,
|
{ PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions,
|
||||||
PROV_DESCS_X448 },
|
PROV_DESCS_X448 },
|
||||||
{ PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions,
|
{ PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ossl_ed25519_keymgmt_functions,
|
||||||
PROV_DESCS_ED25519 },
|
PROV_DESCS_ED25519 },
|
||||||
{ PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions,
|
{ PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_keymgmt_functions,
|
||||||
- PROV_DESCS_ED448 },
|
- PROV_DESCS_ED448 },
|
||||||
+ PROV_DESCS_ED448 }, */
|
+ PROV_DESCS_ED448 }, */
|
||||||
#endif
|
#endif
|
||||||
@ -158,22 +151,6 @@ diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/
|
|||||||
/* AES-256 GCM test data */
|
/* AES-256 GCM test data */
|
||||||
static const unsigned char aes_256_gcm_key[] = {
|
static const unsigned char aes_256_gcm_key[] = {
|
||||||
0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c,
|
0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c,
|
||||||
@@ -235,6 +236,7 @@ static const unsigned char aes_128_ecb_c
|
|
||||||
};
|
|
||||||
|
|
||||||
static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
|
|
||||||
+#if 0
|
|
||||||
#ifndef OPENSSL_NO_DES
|
|
||||||
{
|
|
||||||
{
|
|
||||||
@@ -248,6 +250,7 @@ static const ST_KAT_CIPHER st_kat_cipher
|
|
||||||
ITM(des_ede3_cbc_iv),
|
|
||||||
},
|
|
||||||
#endif
|
|
||||||
+#endif
|
|
||||||
{
|
|
||||||
{
|
|
||||||
OSSL_SELF_TEST_DESC_CIPHER_AES_GCM,
|
|
||||||
@@ -1424,8 +1427,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[
|
@@ -1424,8 +1427,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[
|
||||||
# endif /* OPENSSL_NO_EC2M */
|
# endif /* OPENSSL_NO_EC2M */
|
||||||
#endif /* OPENSSL_NO_EC */
|
#endif /* OPENSSL_NO_EC */
|
||||||
@ -193,9 +170,9 @@ diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/
|
|||||||
-
|
-
|
||||||
+#endif
|
+#endif
|
||||||
+#endif
|
+#endif
|
||||||
static const ST_KAT_SIGN st_kat_sign_tests[] = {
|
/* Hash DRBG inputs for signature KATs */
|
||||||
{
|
static const unsigned char sig_kat_entropyin[] = {
|
||||||
OSSL_SELF_TEST_DESC_SIGN_RSA,
|
0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f,
|
||||||
@@ -1583,6 +1587,7 @@ static const ST_KAT_SIGN st_kat_sign_tes
|
@@ -1583,6 +1587,7 @@ static const ST_KAT_SIGN st_kat_sign_tes
|
||||||
},
|
},
|
||||||
# endif
|
# endif
|
||||||
@ -205,7 +182,7 @@ diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/
|
|||||||
{
|
{
|
||||||
OSSL_SELF_TEST_DESC_SIGN_DSA,
|
OSSL_SELF_TEST_DESC_SIGN_DSA,
|
||||||
@@ -1595,6 +1600,7 @@ static const ST_KAT_SIGN st_kat_sign_tes
|
@@ -1595,6 +1600,7 @@ static const ST_KAT_SIGN st_kat_sign_tes
|
||||||
*/
|
ITM(dsa_expected_sig)
|
||||||
},
|
},
|
||||||
#endif /* OPENSSL_NO_DSA */
|
#endif /* OPENSSL_NO_DSA */
|
||||||
+#endif
|
+#endif
|
||||||
@ -395,14 +372,17 @@ diff -up openssl-3.0.1/test/recipes/80-test_cms.t.fipsmin3 openssl-3.0.1/test/re
|
|||||||
diff -up openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 openssl-3.0.1/test/recipes/30-test_evp.t
|
diff -up openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 openssl-3.0.1/test/recipes/30-test_evp.t
|
||||||
--- openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 2022-05-05 14:43:04.276857033 +0200
|
--- openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 2022-05-05 14:43:04.276857033 +0200
|
||||||
+++ openssl-3.0.1/test/recipes/30-test_evp.t 2022-05-05 14:43:35.975138234 +0200
|
+++ openssl-3.0.1/test/recipes/30-test_evp.t 2022-05-05 14:43:35.975138234 +0200
|
||||||
@@ -43,7 +43,6 @@ my @files = qw(
|
@@ -43,10 +43,8 @@ my @files = qw(
|
||||||
evpciph_aes_cts.txt
|
evpciph_aes_cts.txt
|
||||||
evpciph_aes_wrap.txt
|
evpciph_aes_wrap.txt
|
||||||
evpciph_aes_stitched.txt
|
evpciph_aes_stitched.txt
|
||||||
- evpciph_des3_common.txt
|
- evpciph_des3_common.txt
|
||||||
evpkdf_hkdf.txt
|
evpkdf_hkdf.txt
|
||||||
|
evpkdf_kbkdf_counter.txt
|
||||||
|
- evpkdf_kbkdf_kmac.txt
|
||||||
evpkdf_pbkdf1.txt
|
evpkdf_pbkdf1.txt
|
||||||
evpkdf_pbkdf2.txt
|
evpkdf_pbkdf2.txt
|
||||||
|
evpkdf_ss.txt
|
||||||
@@ -66,12 +65,6 @@ push @files, qw(
|
@@ -66,12 +65,6 @@ push @files, qw(
|
||||||
evppkey_dh.txt
|
evppkey_dh.txt
|
||||||
) unless $no_dh;
|
) unless $no_dh;
|
||||||
@ -416,11 +396,12 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 openssl-3.0.1/test/re
|
|||||||
evppkey_ecc.txt
|
evppkey_ecc.txt
|
||||||
evppkey_ecdh.txt
|
evppkey_ecdh.txt
|
||||||
evppkey_ecdsa.txt
|
evppkey_ecdsa.txt
|
||||||
@@ -91,6 +84,7 @@ my @defltfiles = qw(
|
@@ -91,6 +84,8 @@ my @defltfiles = qw(
|
||||||
evpciph_cast5.txt
|
evpciph_cast5.txt
|
||||||
evpciph_chacha.txt
|
evpciph_chacha.txt
|
||||||
evpciph_des.txt
|
evpciph_des.txt
|
||||||
+ evpciph_des3_common.txt
|
+ evpciph_des3_common.txt
|
||||||
|
+ evpkdf_kbkdf_kmac.txt
|
||||||
evpciph_idea.txt
|
evpciph_idea.txt
|
||||||
evpciph_rc2.txt
|
evpciph_rc2.txt
|
||||||
evpciph_rc4.txt
|
evpciph_rc4.txt
|
||||||
@ -441,8 +422,8 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3
|
|||||||
--- openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 2022-05-05 14:46:32.721700697 +0200
|
--- openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 2022-05-05 14:46:32.721700697 +0200
|
||||||
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt 2022-05-05 14:51:40.205418897 +0200
|
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt 2022-05-05 14:51:40.205418897 +0200
|
||||||
@@ -328,6 +328,7 @@ Input = 68F2E77696CE7AE8E2CA4EC588E54100
|
@@ -328,6 +328,7 @@ Input = 68F2E77696CE7AE8E2CA4EC588E54100
|
||||||
Output = 00BDA1B7E87608BCBF470F12157F4C07
|
Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007
|
||||||
|
Result = MAC_INIT_ERROR
|
||||||
|
|
||||||
+Availablein = default
|
+Availablein = default
|
||||||
Title = KMAC Tests (From NIST)
|
Title = KMAC Tests (From NIST)
|
||||||
|
@ -34,6 +34,6 @@ diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/provid
|
|||||||
- goto end;
|
- goto end;
|
||||||
- }
|
- }
|
||||||
- }
|
- }
|
||||||
ok = 1;
|
|
||||||
end:
|
/* Verify that the RNG has been restored properly */
|
||||||
OSSL_SELF_TEST_free(ev);
|
testrand = EVP_RAND_fetch(st->libctx, "TEST-RAND", NULL);
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From b4f8964ad1903e24cd2ee07f42ce97c3047f4af4 Mon Sep 17 00:00:00 2001
|
From 51d52096122cc73413d55aac06d5e0641f58ffcb Mon Sep 17 00:00:00 2001
|
||||||
From: Clemens Lang <cllang@redhat.com>
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
Date: Mon, 21 Feb 2022 17:24:44 +0100
|
Date: Mon, 21 Feb 2022 17:24:44 +0100
|
||||||
Subject: [PATCH] Allow disabling of SHA1 signatures
|
Subject: [PATCH] Allow disabling of SHA1 signatures
|
||||||
@ -40,21 +40,69 @@ This happens because in the first case, OpenSSL's signature
|
|||||||
implementation does not know that it is signing a SHA1 hash (it could be
|
implementation does not know that it is signing a SHA1 hash (it could be
|
||||||
signing arbitrary data).
|
signing arbitrary data).
|
||||||
---
|
---
|
||||||
|
crypto/context.c | 14 ++++
|
||||||
crypto/evp/evp_cnf.c | 13 +++
|
crypto/evp/evp_cnf.c | 13 +++
|
||||||
crypto/evp/m_sigver.c | 85 +++++++++++++++++++
|
crypto/evp/m_sigver.c | 79 +++++++++++++++++++
|
||||||
crypto/evp/pmeth_lib.c | 15 ++++
|
crypto/evp/pmeth_lib.c | 15 ++++
|
||||||
doc/man5/config.pod | 13 +++
|
doc/man5/config.pod | 13 +++
|
||||||
|
include/crypto/context.h | 3 +
|
||||||
include/internal/cryptlib.h | 3 +-
|
include/internal/cryptlib.h | 3 +-
|
||||||
include/internal/sslconf.h | 4 +
|
include/internal/sslconf.h | 4 +
|
||||||
providers/common/securitycheck.c | 20 +++++
|
providers/common/securitycheck.c | 20 +++++
|
||||||
providers/common/securitycheck_default.c | 9 +-
|
providers/common/securitycheck_default.c | 9 ++-
|
||||||
providers/implementations/signature/dsa_sig.c | 11 ++-
|
providers/implementations/signature/dsa_sig.c | 11 ++-
|
||||||
.../implementations/signature/ecdsa_sig.c | 4 +
|
.../implementations/signature/ecdsa_sig.c | 4 +
|
||||||
providers/implementations/signature/rsa_sig.c | 20 ++++-
|
providers/implementations/signature/rsa_sig.c | 20 ++++-
|
||||||
ssl/t1_lib.c | 8 ++
|
ssl/t1_lib.c | 8 ++
|
||||||
util/libcrypto.num | 2 +
|
util/libcrypto.num | 2 +
|
||||||
13 files changed, 198 insertions(+), 9 deletions(-)
|
15 files changed, 209 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/context.c b/crypto/context.c
|
||||||
|
index e294ea1512..ab6abf44ab 100644
|
||||||
|
--- a/crypto/context.c
|
||||||
|
+++ b/crypto/context.c
|
||||||
|
@@ -43,6 +43,8 @@ struct ossl_lib_ctx_st {
|
||||||
|
void *fips_prov;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ void *legacy_digest_signatures;
|
||||||
|
+
|
||||||
|
unsigned int ischild:1;
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -171,6 +173,10 @@ static int context_init(OSSL_LIB_CTX *ctx)
|
||||||
|
goto err;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ ctx->legacy_digest_signatures = ossl_ctx_legacy_digest_signatures_new(ctx);
|
||||||
|
+ if (ctx->legacy_digest_signatures == NULL)
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
/* Low priority. */
|
||||||
|
#ifndef FIPS_MODULE
|
||||||
|
ctx->child_provider = ossl_child_prov_ctx_new(ctx);
|
||||||
|
@@ -299,6 +305,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx)
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ if (ctx->legacy_digest_signatures != NULL) {
|
||||||
|
+ ossl_ctx_legacy_digest_signatures_free(ctx->legacy_digest_signatures);
|
||||||
|
+ ctx->legacy_digest_signatures = NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* Low priority. */
|
||||||
|
#ifndef FIPS_MODULE
|
||||||
|
if (ctx->child_provider != NULL) {
|
||||||
|
@@ -589,6 +600,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
|
||||||
|
return ctx->fips_prov;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ case OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX:
|
||||||
|
+ return ctx->legacy_digest_signatures;
|
||||||
|
+
|
||||||
|
default:
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
|
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
|
||||||
index 0e7fe64cf9..b9d3b6d226 100644
|
index 0e7fe64cf9..b9d3b6d226 100644
|
||||||
--- a/crypto/evp/evp_cnf.c
|
--- a/crypto/evp/evp_cnf.c
|
||||||
@ -87,18 +135,20 @@ index 0e7fe64cf9..b9d3b6d226 100644
|
|||||||
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
|
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
|
||||||
"name=%s, value=%s", oval->name, oval->value);
|
"name=%s, value=%s", oval->name, oval->value);
|
||||||
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
|
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
|
||||||
index 76a6814b42..8da2183ce0 100644
|
index 630d339c35..6e4e9f5ae7 100644
|
||||||
--- a/crypto/evp/m_sigver.c
|
--- a/crypto/evp/m_sigver.c
|
||||||
+++ b/crypto/evp/m_sigver.c
|
+++ b/crypto/evp/m_sigver.c
|
||||||
@@ -16,6 +16,79 @@
|
@@ -15,6 +15,73 @@
|
||||||
|
#include "internal/provider.h"
|
||||||
#include "internal/numbers.h" /* includes SIZE_MAX */
|
#include "internal/numbers.h" /* includes SIZE_MAX */
|
||||||
#include "evp_local.h"
|
#include "evp_local.h"
|
||||||
|
+#include "crypto/context.h"
|
||||||
|
+
|
||||||
+typedef struct ossl_legacy_digest_signatures_st {
|
+typedef struct ossl_legacy_digest_signatures_st {
|
||||||
+ int allowed;
|
+ int allowed;
|
||||||
+} OSSL_LEGACY_DIGEST_SIGNATURES;
|
+} OSSL_LEGACY_DIGEST_SIGNATURES;
|
||||||
+
|
+
|
||||||
+static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
|
+void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
|
||||||
+{
|
+{
|
||||||
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs;
|
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs;
|
||||||
+
|
+
|
||||||
@ -107,7 +157,7 @@ index 76a6814b42..8da2183ce0 100644
|
|||||||
+ }
|
+ }
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
|
+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
|
||||||
+{
|
+{
|
||||||
+ OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
|
+ OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
|
||||||
+ /* Warning: This patch differs from the same patch in CentOS and RHEL here,
|
+ /* Warning: This patch differs from the same patch in CentOS and RHEL here,
|
||||||
@ -117,12 +167,6 @@ index 76a6814b42..8da2183ce0 100644
|
|||||||
+ return ldsigs;
|
+ return ldsigs;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+static const OSSL_LIB_CTX_METHOD ossl_ctx_legacy_digest_signatures_method = {
|
|
||||||
+ OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
|
|
||||||
+ ossl_ctx_legacy_digest_signatures_new,
|
|
||||||
+ ossl_ctx_legacy_digest_signatures_free,
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures(
|
+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures(
|
||||||
+ OSSL_LIB_CTX *libctx, int loadconfig)
|
+ OSSL_LIB_CTX *libctx, int loadconfig)
|
||||||
+{
|
+{
|
||||||
@ -131,8 +175,7 @@ index 76a6814b42..8da2183ce0 100644
|
|||||||
+ return NULL;
|
+ return NULL;
|
||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES,
|
+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX);
|
||||||
+ &ossl_ctx_legacy_digest_signatures_method);
|
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig)
|
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig)
|
||||||
@ -166,11 +209,10 @@ index 76a6814b42..8da2183ce0 100644
|
|||||||
+ ldsigs->allowed = allow;
|
+ ldsigs->allowed = allow;
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+}
|
+}
|
||||||
+
|
|
||||||
#ifndef FIPS_MODULE
|
#ifndef FIPS_MODULE
|
||||||
|
|
||||||
static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
|
@@ -251,6 +318,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
@@ -258,6 +331,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -190,7 +232,7 @@ index 76a6814b42..8da2183ce0 100644
|
|||||||
if (signature->digest_verify_init == NULL) {
|
if (signature->digest_verify_init == NULL) {
|
||||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
||||||
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
|
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
|
||||||
index 2b9c6c2351..3c5a1e6f5d 100644
|
index ce6e1a1ccb..003926247b 100644
|
||||||
--- a/crypto/evp/pmeth_lib.c
|
--- a/crypto/evp/pmeth_lib.c
|
||||||
+++ b/crypto/evp/pmeth_lib.c
|
+++ b/crypto/evp/pmeth_lib.c
|
||||||
@@ -33,6 +33,7 @@
|
@@ -33,6 +33,7 @@
|
||||||
@ -201,7 +243,7 @@ index 2b9c6c2351..3c5a1e6f5d 100644
|
|||||||
#include "evp_local.h"
|
#include "evp_local.h"
|
||||||
|
|
||||||
#ifndef FIPS_MODULE
|
#ifndef FIPS_MODULE
|
||||||
@@ -946,6 +947,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
|
@@ -958,6 +959,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
|
||||||
return -2;
|
return -2;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -223,7 +265,7 @@ index 2b9c6c2351..3c5a1e6f5d 100644
|
|||||||
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
|
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
|
||||||
|
|
||||||
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
|
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
|
||||||
index 77a8055e81..0c9110d28a 100644
|
index 8d312c661f..979683e0a5 100644
|
||||||
--- a/doc/man5/config.pod
|
--- a/doc/man5/config.pod
|
||||||
+++ b/doc/man5/config.pod
|
+++ b/doc/man5/config.pod
|
||||||
@@ -296,6 +296,19 @@ Within the algorithm properties section, the following names have meaning:
|
@@ -296,6 +296,19 @@ Within the algorithm properties section, the following names have meaning:
|
||||||
@ -246,8 +288,19 @@ index 77a8055e81..0c9110d28a 100644
|
|||||||
=item B<fips_mode> (deprecated)
|
=item B<fips_mode> (deprecated)
|
||||||
|
|
||||||
The value is a boolean that can be B<yes> or B<no>. If the value is
|
The value is a boolean that can be B<yes> or B<no>. If the value is
|
||||||
|
diff --git a/include/crypto/context.h b/include/crypto/context.h
|
||||||
|
index cc06c71be8..e9f74a414d 100644
|
||||||
|
--- a/include/crypto/context.h
|
||||||
|
+++ b/include/crypto/context.h
|
||||||
|
@@ -39,3 +39,6 @@ void ossl_rand_crng_ctx_free(void *);
|
||||||
|
void ossl_thread_event_ctx_free(void *);
|
||||||
|
void ossl_fips_prov_ossl_ctx_free(void *);
|
||||||
|
void ossl_release_default_drbg_ctx(void);
|
||||||
|
+
|
||||||
|
+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *);
|
||||||
|
+void ossl_ctx_legacy_digest_signatures_free(void *);
|
||||||
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
|
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
|
||||||
index 1291299b6e..e234341e6a 100644
|
index ac50eb3bbd..3b115cc7df 100644
|
||||||
--- a/include/internal/cryptlib.h
|
--- a/include/internal/cryptlib.h
|
||||||
+++ b/include/internal/cryptlib.h
|
+++ b/include/internal/cryptlib.h
|
||||||
@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st {
|
@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st {
|
||||||
@ -255,11 +308,11 @@ index 1291299b6e..e234341e6a 100644
|
|||||||
# define OSSL_LIB_CTX_BIO_CORE_INDEX 17
|
# define OSSL_LIB_CTX_BIO_CORE_INDEX 17
|
||||||
# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
|
# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
|
||||||
-# define OSSL_LIB_CTX_MAX_INDEXES 19
|
-# define OSSL_LIB_CTX_MAX_INDEXES 19
|
||||||
+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES 19
|
+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 19
|
||||||
+# define OSSL_LIB_CTX_MAX_INDEXES 20
|
+# define OSSL_LIB_CTX_MAX_INDEXES 20
|
||||||
|
|
||||||
# define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1
|
OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx);
|
||||||
# define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0
|
int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx);
|
||||||
diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h
|
diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h
|
||||||
index fd7f7e3331..05464b0655 100644
|
index fd7f7e3331..05464b0655 100644
|
||||||
--- a/include/internal/sslconf.h
|
--- a/include/internal/sslconf.h
|
||||||
@ -318,7 +371,7 @@ index 699ada7c52..e534ad0a5f 100644
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
|
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
|
||||||
index de7f0d3a0a..ce54a94fbc 100644
|
index 246323493e..2ca7a59f39 100644
|
||||||
--- a/providers/common/securitycheck_default.c
|
--- a/providers/common/securitycheck_default.c
|
||||||
+++ b/providers/common/securitycheck_default.c
|
+++ b/providers/common/securitycheck_default.c
|
||||||
@@ -15,6 +15,7 @@
|
@@ -15,6 +15,7 @@
|
||||||
@ -329,7 +382,7 @@ index de7f0d3a0a..ce54a94fbc 100644
|
|||||||
|
|
||||||
/* Disable the security checks in the default provider */
|
/* Disable the security checks in the default provider */
|
||||||
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
|
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
|
||||||
@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
|
@@ -29,9 +30,10 @@ int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx)
|
||||||
}
|
}
|
||||||
|
|
||||||
int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
||||||
@ -341,7 +394,7 @@ index de7f0d3a0a..ce54a94fbc 100644
|
|||||||
|
|
||||||
static const OSSL_ITEM name_to_nid[] = {
|
static const OSSL_ITEM name_to_nid[] = {
|
||||||
{ NID_md5, OSSL_DIGEST_NAME_MD5 },
|
{ NID_md5, OSSL_DIGEST_NAME_MD5 },
|
||||||
@@ -36,8 +38,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
@@ -42,8 +44,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
||||||
{ NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
|
{ NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -355,10 +408,10 @@ index de7f0d3a0a..ce54a94fbc 100644
|
|||||||
return mdnid;
|
return mdnid;
|
||||||
}
|
}
|
||||||
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
|
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
|
||||||
index 28fd7c498e..fa3822f39f 100644
|
index 70d0ea5d24..3c482e0181 100644
|
||||||
--- a/providers/implementations/signature/dsa_sig.c
|
--- a/providers/implementations/signature/dsa_sig.c
|
||||||
+++ b/providers/implementations/signature/dsa_sig.c
|
+++ b/providers/implementations/signature/dsa_sig.c
|
||||||
@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
|
@@ -123,12 +123,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
|
||||||
mdprops = ctx->propq;
|
mdprops = ctx->propq;
|
||||||
|
|
||||||
if (mdname != NULL) {
|
if (mdname != NULL) {
|
||||||
@ -396,10 +449,10 @@ index 865d49d100..99b228e82c 100644
|
|||||||
sha1_allowed);
|
sha1_allowed);
|
||||||
if (md_nid < 0) {
|
if (md_nid < 0) {
|
||||||
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
||||||
index 325e855333..bea397f0c1 100644
|
index cd5de6bd51..25a51df878 100644
|
||||||
--- a/providers/implementations/signature/rsa_sig.c
|
--- a/providers/implementations/signature/rsa_sig.c
|
||||||
+++ b/providers/implementations/signature/rsa_sig.c
|
+++ b/providers/implementations/signature/rsa_sig.c
|
||||||
@@ -26,6 +26,7 @@
|
@@ -25,6 +25,7 @@
|
||||||
#include "internal/cryptlib.h"
|
#include "internal/cryptlib.h"
|
||||||
#include "internal/nelem.h"
|
#include "internal/nelem.h"
|
||||||
#include "internal/sizes.h"
|
#include "internal/sizes.h"
|
||||||
@ -407,7 +460,7 @@ index 325e855333..bea397f0c1 100644
|
|||||||
#include "crypto/rsa.h"
|
#include "crypto/rsa.h"
|
||||||
#include "prov/providercommon.h"
|
#include "prov/providercommon.h"
|
||||||
#include "prov/implementations.h"
|
#include "prov/implementations.h"
|
||||||
@@ -34,6 +35,7 @@
|
@@ -33,6 +34,7 @@
|
||||||
#include "prov/securitycheck.h"
|
#include "prov/securitycheck.h"
|
||||||
|
|
||||||
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
|
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
|
||||||
@ -415,7 +468,7 @@ index 325e855333..bea397f0c1 100644
|
|||||||
|
|
||||||
static OSSL_FUNC_signature_newctx_fn rsa_newctx;
|
static OSSL_FUNC_signature_newctx_fn rsa_newctx;
|
||||||
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
|
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
|
||||||
@@ -289,10 +291,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
|
@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
|
||||||
|
|
||||||
if (mdname != NULL) {
|
if (mdname != NULL) {
|
||||||
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
|
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
|
||||||
@ -433,7 +486,7 @@ index 325e855333..bea397f0c1 100644
|
|||||||
|
|
||||||
if (md == NULL
|
if (md == NULL
|
||||||
|| md_nid <= 0
|
|| md_nid <= 0
|
||||||
@@ -1348,8 +1355,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
@@ -1370,8 +1377,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
||||||
prsactx->pad_mode = pad_mode;
|
prsactx->pad_mode = pad_mode;
|
||||||
|
|
||||||
if (prsactx->md == NULL && pmdname == NULL
|
if (prsactx->md == NULL && pmdname == NULL
|
||||||
@ -451,7 +504,7 @@ index 325e855333..bea397f0c1 100644
|
|||||||
if (pmgf1mdname != NULL
|
if (pmgf1mdname != NULL
|
||||||
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
|
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
|
||||||
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
||||||
index 41fddf22a7..dcd487ec2e 100644
|
index e6f4bcc045..8bc550ea5b 100644
|
||||||
--- a/ssl/t1_lib.c
|
--- a/ssl/t1_lib.c
|
||||||
+++ b/ssl/t1_lib.c
|
+++ b/ssl/t1_lib.c
|
||||||
@@ -20,6 +20,7 @@
|
@@ -20,6 +20,7 @@
|
||||||
@ -462,7 +515,7 @@ index 41fddf22a7..dcd487ec2e 100644
|
|||||||
#include "internal/nelem.h"
|
#include "internal/nelem.h"
|
||||||
#include "internal/sizes.h"
|
#include "internal/sizes.h"
|
||||||
#include "internal/tlsgroups.h"
|
#include "internal/tlsgroups.h"
|
||||||
@@ -1145,11 +1146,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
|
@@ -1151,11 +1152,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
|
||||||
= OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl));
|
= OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl));
|
||||||
EVP_PKEY *tmpkey = EVP_PKEY_new();
|
EVP_PKEY *tmpkey = EVP_PKEY_new();
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
@ -476,7 +529,7 @@ index 41fddf22a7..dcd487ec2e 100644
|
|||||||
for (i = 0, lu = sigalg_lookup_tbl;
|
for (i = 0, lu = sigalg_lookup_tbl;
|
||||||
i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
|
i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
|
||||||
EVP_PKEY_CTX *pctx;
|
EVP_PKEY_CTX *pctx;
|
||||||
@@ -1169,6 +1172,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
|
@@ -1175,6 +1178,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
|
||||||
cache[i].enabled = 0;
|
cache[i].enabled = 0;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@ -489,15 +542,15 @@ index 41fddf22a7..dcd487ec2e 100644
|
|||||||
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
|
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
|
||||||
cache[i].enabled = 0;
|
cache[i].enabled = 0;
|
||||||
diff --git a/util/libcrypto.num b/util/libcrypto.num
|
diff --git a/util/libcrypto.num b/util/libcrypto.num
|
||||||
index 10b4e57d79..2d3c363bb0 100644
|
index 9cb8a4dda2..feb660d030 100644
|
||||||
--- a/util/libcrypto.num
|
--- a/util/libcrypto.num
|
||||||
+++ b/util/libcrypto.num
|
+++ b/util/libcrypto.num
|
||||||
@@ -5426,3 +5426,5 @@ ASN1_item_d2i_ex 5552 3_0_0 EXIST::FUNCTION:
|
@@ -5436,3 +5436,5 @@ EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
|
||||||
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
|
BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
|
||||||
OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP
|
OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
|
||||||
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
||||||
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
||||||
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
||||||
--
|
--
|
||||||
2.35.1
|
2.40.1
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From e738d17c45869eda31cb94f2832e65ec7cf8afa9 Mon Sep 17 00:00:00 2001
|
From ead41bc1b69b697187a97460c7f210ad5a7a1395 Mon Sep 17 00:00:00 2001
|
||||||
From: Clemens Lang <cllang@redhat.com>
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
Date: Wed, 17 Aug 2022 12:56:29 -0400
|
Date: Wed, 17 Aug 2022 12:56:29 -0400
|
||||||
Subject: [PATCH] Selectively disallow SHA1 signatures
|
Subject: [PATCH] Selectively disallow SHA1 signatures
|
||||||
@ -38,23 +38,71 @@ Resolves: rhbz#2031742
|
|||||||
|
|
||||||
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
---
|
---
|
||||||
|
crypto/context.c | 14 ++++
|
||||||
crypto/evp/evp_cnf.c | 13 ++++
|
crypto/evp/evp_cnf.c | 13 ++++
|
||||||
crypto/evp/m_sigver.c | 77 +++++++++++++++++++
|
crypto/evp/m_sigver.c | 71 +++++++++++++++++++
|
||||||
crypto/evp/pmeth_lib.c | 15 ++++
|
crypto/evp/pmeth_lib.c | 15 ++++
|
||||||
doc/man5/config.pod | 11 +++
|
doc/man5/config.pod | 11 +++
|
||||||
|
include/crypto/context.h | 3 +
|
||||||
include/internal/cryptlib.h | 3 +-
|
include/internal/cryptlib.h | 3 +-
|
||||||
include/internal/sslconf.h | 4 +
|
include/internal/sslconf.h | 4 ++
|
||||||
providers/common/securitycheck.c | 20 +++++
|
providers/common/securitycheck.c | 20 ++++++
|
||||||
providers/common/securitycheck_default.c | 9 ++-
|
providers/common/securitycheck_default.c | 9 ++-
|
||||||
providers/implementations/signature/dsa_sig.c | 11 ++-
|
providers/implementations/signature/dsa_sig.c | 11 ++-
|
||||||
.../implementations/signature/ecdsa_sig.c | 4 +
|
.../implementations/signature/ecdsa_sig.c | 4 ++
|
||||||
providers/implementations/signature/rsa_sig.c | 20 ++++-
|
providers/implementations/signature/rsa_sig.c | 20 +++++-
|
||||||
ssl/t1_lib.c | 8 ++
|
ssl/t1_lib.c | 8 +++
|
||||||
util/libcrypto.num | 2 +
|
util/libcrypto.num | 2 +
|
||||||
13 files changed, 188 insertions(+), 9 deletions(-)
|
15 files changed, 199 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/context.c b/crypto/context.c
|
||||||
|
index e294ea1512..ab6abf44ab 100644
|
||||||
|
--- a/crypto/context.c
|
||||||
|
+++ b/crypto/context.c
|
||||||
|
@@ -43,6 +43,8 @@ struct ossl_lib_ctx_st {
|
||||||
|
void *fips_prov;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ void *legacy_digest_signatures;
|
||||||
|
+
|
||||||
|
unsigned int ischild:1;
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -171,6 +173,10 @@ static int context_init(OSSL_LIB_CTX *ctx)
|
||||||
|
goto err;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ ctx->legacy_digest_signatures = ossl_ctx_legacy_digest_signatures_new(ctx);
|
||||||
|
+ if (ctx->legacy_digest_signatures == NULL)
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
/* Low priority. */
|
||||||
|
#ifndef FIPS_MODULE
|
||||||
|
ctx->child_provider = ossl_child_prov_ctx_new(ctx);
|
||||||
|
@@ -299,6 +305,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx)
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ if (ctx->legacy_digest_signatures != NULL) {
|
||||||
|
+ ossl_ctx_legacy_digest_signatures_free(ctx->legacy_digest_signatures);
|
||||||
|
+ ctx->legacy_digest_signatures = NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* Low priority. */
|
||||||
|
#ifndef FIPS_MODULE
|
||||||
|
if (ctx->child_provider != NULL) {
|
||||||
|
@@ -589,6 +600,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
|
||||||
|
return ctx->fips_prov;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ case OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX:
|
||||||
|
+ return ctx->legacy_digest_signatures;
|
||||||
|
+
|
||||||
|
default:
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
|
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
|
||||||
index 0e7fe64cf92e4b73b3bf873895e73fa9646df86d..b9d3b6d226ca07a65d972bb8505b7976a0d02572 100644
|
index 0e7fe64cf9..b9d3b6d226 100644
|
||||||
--- a/crypto/evp/evp_cnf.c
|
--- a/crypto/evp/evp_cnf.c
|
||||||
+++ b/crypto/evp/evp_cnf.c
|
+++ b/crypto/evp/evp_cnf.c
|
||||||
@@ -10,6 +10,7 @@
|
@@ -10,6 +10,7 @@
|
||||||
@ -85,18 +133,20 @@ index 0e7fe64cf92e4b73b3bf873895e73fa9646df86d..b9d3b6d226ca07a65d972bb8505b7976
|
|||||||
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
|
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
|
||||||
"name=%s, value=%s", oval->name, oval->value);
|
"name=%s, value=%s", oval->name, oval->value);
|
||||||
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
|
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
|
||||||
index 76a6814b424bec3479bdf61374f0178b9cd96ded..4b2f1fcfb886661d98460c240d542df2ccd5df13 100644
|
index 630d339c35..06028b082e 100644
|
||||||
--- a/crypto/evp/m_sigver.c
|
--- a/crypto/evp/m_sigver.c
|
||||||
+++ b/crypto/evp/m_sigver.c
|
+++ b/crypto/evp/m_sigver.c
|
||||||
@@ -16,6 +16,71 @@
|
@@ -15,6 +15,65 @@
|
||||||
|
#include "internal/provider.h"
|
||||||
#include "internal/numbers.h" /* includes SIZE_MAX */
|
#include "internal/numbers.h" /* includes SIZE_MAX */
|
||||||
#include "evp_local.h"
|
#include "evp_local.h"
|
||||||
|
+#include "crypto/context.h"
|
||||||
|
+
|
||||||
+typedef struct ossl_legacy_digest_signatures_st {
|
+typedef struct ossl_legacy_digest_signatures_st {
|
||||||
+ int allowed;
|
+ int allowed;
|
||||||
+} OSSL_LEGACY_DIGEST_SIGNATURES;
|
+} OSSL_LEGACY_DIGEST_SIGNATURES;
|
||||||
+
|
+
|
||||||
+static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
|
+void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
|
||||||
+{
|
+{
|
||||||
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs;
|
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs;
|
||||||
+
|
+
|
||||||
@ -105,27 +155,20 @@ index 76a6814b424bec3479bdf61374f0178b9cd96ded..4b2f1fcfb886661d98460c240d542df2
|
|||||||
+ }
|
+ }
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
|
+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
|
||||||
+{
|
+{
|
||||||
+ return OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
|
+ return OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+static const OSSL_LIB_CTX_METHOD ossl_ctx_legacy_digest_signatures_method = {
|
|
||||||
+ OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
|
|
||||||
+ ossl_ctx_legacy_digest_signatures_new,
|
|
||||||
+ ossl_ctx_legacy_digest_signatures_free,
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures(
|
+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures(
|
||||||
+ OSSL_LIB_CTX *libctx, int loadconfig)
|
+ OSSL_LIB_CTX *libctx, int loadconfig)
|
||||||
+{
|
+{
|
||||||
+#ifndef FIPS_MODULE
|
+#ifndef FIPS_MODULE
|
||||||
+ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
|
+ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
|
||||||
+ return 0;
|
+ return NULL;
|
||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES,
|
+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX);
|
||||||
+ &ossl_ctx_legacy_digest_signatures_method);
|
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig)
|
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig)
|
||||||
@ -156,11 +199,10 @@ index 76a6814b424bec3479bdf61374f0178b9cd96ded..4b2f1fcfb886661d98460c240d542df2
|
|||||||
+ ldsigs->allowed = allow;
|
+ ldsigs->allowed = allow;
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+}
|
+}
|
||||||
+
|
|
||||||
#ifndef FIPS_MODULE
|
#ifndef FIPS_MODULE
|
||||||
|
|
||||||
static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
|
@@ -251,6 +310,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
@@ -258,6 +323,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -180,7 +222,7 @@ index 76a6814b424bec3479bdf61374f0178b9cd96ded..4b2f1fcfb886661d98460c240d542df2
|
|||||||
if (signature->digest_verify_init == NULL) {
|
if (signature->digest_verify_init == NULL) {
|
||||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
||||||
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
|
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
|
||||||
index da367ed05fbe42abb328c6e23cafe99e76d26819..ee6edf1e85e71cdbe58bf7e9f443425dce100e43 100644
|
index ce6e1a1ccb..003926247b 100644
|
||||||
--- a/crypto/evp/pmeth_lib.c
|
--- a/crypto/evp/pmeth_lib.c
|
||||||
+++ b/crypto/evp/pmeth_lib.c
|
+++ b/crypto/evp/pmeth_lib.c
|
||||||
@@ -33,6 +33,7 @@
|
@@ -33,6 +33,7 @@
|
||||||
@ -191,7 +233,7 @@ index da367ed05fbe42abb328c6e23cafe99e76d26819..ee6edf1e85e71cdbe58bf7e9f443425d
|
|||||||
#include "evp_local.h"
|
#include "evp_local.h"
|
||||||
|
|
||||||
#ifndef FIPS_MODULE
|
#ifndef FIPS_MODULE
|
||||||
@@ -946,6 +947,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
|
@@ -958,6 +959,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
|
||||||
return -2;
|
return -2;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -213,10 +255,10 @@ index da367ed05fbe42abb328c6e23cafe99e76d26819..ee6edf1e85e71cdbe58bf7e9f443425d
|
|||||||
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
|
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
|
||||||
|
|
||||||
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
|
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
|
||||||
index a84113287c3d0edf6c67726aee7d8abb87401445..f1536258470563b4fe74f8d1e3db6d73ed316341 100644
|
index 8d312c661f..e5a88d11aa 100644
|
||||||
--- a/doc/man5/config.pod
|
--- a/doc/man5/config.pod
|
||||||
+++ b/doc/man5/config.pod
|
+++ b/doc/man5/config.pod
|
||||||
@@ -304,6 +304,17 @@ Within the algorithm properties section, the following names have meaning:
|
@@ -296,6 +296,17 @@ Within the algorithm properties section, the following names have meaning:
|
||||||
The value may be anything that is acceptable as a property query
|
The value may be anything that is acceptable as a property query
|
||||||
string for EVP_set_default_properties().
|
string for EVP_set_default_properties().
|
||||||
|
|
||||||
@ -234,8 +276,19 @@ index a84113287c3d0edf6c67726aee7d8abb87401445..f1536258470563b4fe74f8d1e3db6d73
|
|||||||
=item B<fips_mode> (deprecated)
|
=item B<fips_mode> (deprecated)
|
||||||
|
|
||||||
The value is a boolean that can be B<yes> or B<no>. If the value is
|
The value is a boolean that can be B<yes> or B<no>. If the value is
|
||||||
|
diff --git a/include/crypto/context.h b/include/crypto/context.h
|
||||||
|
index cc06c71be8..e9f74a414d 100644
|
||||||
|
--- a/include/crypto/context.h
|
||||||
|
+++ b/include/crypto/context.h
|
||||||
|
@@ -39,3 +39,6 @@ void ossl_rand_crng_ctx_free(void *);
|
||||||
|
void ossl_thread_event_ctx_free(void *);
|
||||||
|
void ossl_fips_prov_ossl_ctx_free(void *);
|
||||||
|
void ossl_release_default_drbg_ctx(void);
|
||||||
|
+
|
||||||
|
+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *);
|
||||||
|
+void ossl_ctx_legacy_digest_signatures_free(void *);
|
||||||
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
|
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
|
||||||
index 934d4b089c209a16b01a364da0f528afd4d12475..45346d7d0b0c91eae4a9d4466ed314c0873cf6f6 100644
|
index ac50eb3bbd..3b115cc7df 100644
|
||||||
--- a/include/internal/cryptlib.h
|
--- a/include/internal/cryptlib.h
|
||||||
+++ b/include/internal/cryptlib.h
|
+++ b/include/internal/cryptlib.h
|
||||||
@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st {
|
@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st {
|
||||||
@ -243,13 +296,13 @@ index 934d4b089c209a16b01a364da0f528afd4d12475..45346d7d0b0c91eae4a9d4466ed314c0
|
|||||||
# define OSSL_LIB_CTX_BIO_CORE_INDEX 17
|
# define OSSL_LIB_CTX_BIO_CORE_INDEX 17
|
||||||
# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
|
# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
|
||||||
-# define OSSL_LIB_CTX_MAX_INDEXES 19
|
-# define OSSL_LIB_CTX_MAX_INDEXES 19
|
||||||
+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES 19
|
+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 19
|
||||||
+# define OSSL_LIB_CTX_MAX_INDEXES 20
|
+# define OSSL_LIB_CTX_MAX_INDEXES 20
|
||||||
|
|
||||||
# define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1
|
OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx);
|
||||||
# define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0
|
int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx);
|
||||||
diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h
|
diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h
|
||||||
index fd7f7e333183dde57a283dab7372f9afb38c0eb4..05464b0655b20da2035f6781f44ac577e895fc8a 100644
|
index fd7f7e3331..05464b0655 100644
|
||||||
--- a/include/internal/sslconf.h
|
--- a/include/internal/sslconf.h
|
||||||
+++ b/include/internal/sslconf.h
|
+++ b/include/internal/sslconf.h
|
||||||
@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx);
|
@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx);
|
||||||
@ -262,7 +315,7 @@ index fd7f7e333183dde57a283dab7372f9afb38c0eb4..05464b0655b20da2035f6781f44ac577
|
|||||||
+ int loadconfig);
|
+ int loadconfig);
|
||||||
#endif
|
#endif
|
||||||
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
|
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
|
||||||
index 446ad6b4c11cf8dcad9dcb86df38816eff4bf772..9e47f5655957e661fa4f66f5e67a78c6c7d2fe5b 100644
|
index 699ada7c52..e534ad0a5f 100644
|
||||||
--- a/providers/common/securitycheck.c
|
--- a/providers/common/securitycheck.c
|
||||||
+++ b/providers/common/securitycheck.c
|
+++ b/providers/common/securitycheck.c
|
||||||
@@ -19,6 +19,7 @@
|
@@ -19,6 +19,7 @@
|
||||||
@ -306,7 +359,7 @@ index 446ad6b4c11cf8dcad9dcb86df38816eff4bf772..9e47f5655957e661fa4f66f5e67a78c6
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
|
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
|
||||||
index de7f0d3a0a5718bd06a55d3d92236c27ffb7d0d5..ce54a94fbc9b3f48052c0bd5acf5b0aa349c4e91 100644
|
index 246323493e..2ca7a59f39 100644
|
||||||
--- a/providers/common/securitycheck_default.c
|
--- a/providers/common/securitycheck_default.c
|
||||||
+++ b/providers/common/securitycheck_default.c
|
+++ b/providers/common/securitycheck_default.c
|
||||||
@@ -15,6 +15,7 @@
|
@@ -15,6 +15,7 @@
|
||||||
@ -317,7 +370,7 @@ index de7f0d3a0a5718bd06a55d3d92236c27ffb7d0d5..ce54a94fbc9b3f48052c0bd5acf5b0aa
|
|||||||
|
|
||||||
/* Disable the security checks in the default provider */
|
/* Disable the security checks in the default provider */
|
||||||
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
|
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
|
||||||
@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
|
@@ -29,9 +30,10 @@ int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx)
|
||||||
}
|
}
|
||||||
|
|
||||||
int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
||||||
@ -329,7 +382,7 @@ index de7f0d3a0a5718bd06a55d3d92236c27ffb7d0d5..ce54a94fbc9b3f48052c0bd5acf5b0aa
|
|||||||
|
|
||||||
static const OSSL_ITEM name_to_nid[] = {
|
static const OSSL_ITEM name_to_nid[] = {
|
||||||
{ NID_md5, OSSL_DIGEST_NAME_MD5 },
|
{ NID_md5, OSSL_DIGEST_NAME_MD5 },
|
||||||
@@ -36,8 +38,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
@@ -42,8 +44,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
||||||
{ NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
|
{ NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -343,10 +396,10 @@ index de7f0d3a0a5718bd06a55d3d92236c27ffb7d0d5..ce54a94fbc9b3f48052c0bd5acf5b0aa
|
|||||||
return mdnid;
|
return mdnid;
|
||||||
}
|
}
|
||||||
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
|
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
|
||||||
index 28fd7c498e9922b6fabd1fafa452afe7ca3734ec..fa3822f39fd14a16c761b316e276c68868f35c7d 100644
|
index 70d0ea5d24..3c482e0181 100644
|
||||||
--- a/providers/implementations/signature/dsa_sig.c
|
--- a/providers/implementations/signature/dsa_sig.c
|
||||||
+++ b/providers/implementations/signature/dsa_sig.c
|
+++ b/providers/implementations/signature/dsa_sig.c
|
||||||
@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
|
@@ -123,12 +123,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
|
||||||
mdprops = ctx->propq;
|
mdprops = ctx->propq;
|
||||||
|
|
||||||
if (mdname != NULL) {
|
if (mdname != NULL) {
|
||||||
@ -368,7 +421,7 @@ index 28fd7c498e9922b6fabd1fafa452afe7ca3734ec..fa3822f39fd14a16c761b316e276c688
|
|||||||
if (md == NULL || md_nid < 0) {
|
if (md == NULL || md_nid < 0) {
|
||||||
if (md == NULL)
|
if (md == NULL)
|
||||||
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
|
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
|
||||||
index 865d49d1004f0031c82c24c218828a7d9c7269c6..99b228e82c408171bb2458244d2cf763e32a19fb 100644
|
index 865d49d100..99b228e82c 100644
|
||||||
--- a/providers/implementations/signature/ecdsa_sig.c
|
--- a/providers/implementations/signature/ecdsa_sig.c
|
||||||
+++ b/providers/implementations/signature/ecdsa_sig.c
|
+++ b/providers/implementations/signature/ecdsa_sig.c
|
||||||
@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
|
@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
|
||||||
@ -384,7 +437,7 @@ index 865d49d1004f0031c82c24c218828a7d9c7269c6..99b228e82c408171bb2458244d2cf763
|
|||||||
sha1_allowed);
|
sha1_allowed);
|
||||||
if (md_nid < 0) {
|
if (md_nid < 0) {
|
||||||
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
||||||
index 7023a866131e38c214ac7326fdd83274dab81833..f66d7705c35add553694c5808b51d5696f678ee7 100644
|
index cd5de6bd51..25a51df878 100644
|
||||||
--- a/providers/implementations/signature/rsa_sig.c
|
--- a/providers/implementations/signature/rsa_sig.c
|
||||||
+++ b/providers/implementations/signature/rsa_sig.c
|
+++ b/providers/implementations/signature/rsa_sig.c
|
||||||
@@ -25,6 +25,7 @@
|
@@ -25,6 +25,7 @@
|
||||||
@ -403,7 +456,7 @@ index 7023a866131e38c214ac7326fdd83274dab81833..f66d7705c35add553694c5808b51d569
|
|||||||
|
|
||||||
static OSSL_FUNC_signature_newctx_fn rsa_newctx;
|
static OSSL_FUNC_signature_newctx_fn rsa_newctx;
|
||||||
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
|
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
|
||||||
@@ -288,10 +290,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
|
@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
|
||||||
|
|
||||||
if (mdname != NULL) {
|
if (mdname != NULL) {
|
||||||
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
|
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
|
||||||
@ -421,7 +474,7 @@ index 7023a866131e38c214ac7326fdd83274dab81833..f66d7705c35add553694c5808b51d569
|
|||||||
|
|
||||||
if (md == NULL
|
if (md == NULL
|
||||||
|| md_nid <= 0
|
|| md_nid <= 0
|
||||||
@@ -1347,8 +1354,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
@@ -1370,8 +1377,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
||||||
prsactx->pad_mode = pad_mode;
|
prsactx->pad_mode = pad_mode;
|
||||||
|
|
||||||
if (prsactx->md == NULL && pmdname == NULL
|
if (prsactx->md == NULL && pmdname == NULL
|
||||||
@ -439,7 +492,7 @@ index 7023a866131e38c214ac7326fdd83274dab81833..f66d7705c35add553694c5808b51d569
|
|||||||
if (pmgf1mdname != NULL
|
if (pmgf1mdname != NULL
|
||||||
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
|
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
|
||||||
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
||||||
index 51c2283db915d792fa3020a2d7cbdc0d91fc9dca..89c1dd31c72271b1923ab972e3d3359b6c8e1a03 100644
|
index e6f4bcc045..8bc550ea5b 100644
|
||||||
--- a/ssl/t1_lib.c
|
--- a/ssl/t1_lib.c
|
||||||
+++ b/ssl/t1_lib.c
|
+++ b/ssl/t1_lib.c
|
||||||
@@ -20,6 +20,7 @@
|
@@ -20,6 +20,7 @@
|
||||||
@ -450,7 +503,7 @@ index 51c2283db915d792fa3020a2d7cbdc0d91fc9dca..89c1dd31c72271b1923ab972e3d3359b
|
|||||||
#include "internal/nelem.h"
|
#include "internal/nelem.h"
|
||||||
#include "internal/sizes.h"
|
#include "internal/sizes.h"
|
||||||
#include "internal/tlsgroups.h"
|
#include "internal/tlsgroups.h"
|
||||||
@@ -1150,11 +1151,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
|
@@ -1151,11 +1152,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
|
||||||
= OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl));
|
= OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl));
|
||||||
EVP_PKEY *tmpkey = EVP_PKEY_new();
|
EVP_PKEY *tmpkey = EVP_PKEY_new();
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
@ -464,7 +517,7 @@ index 51c2283db915d792fa3020a2d7cbdc0d91fc9dca..89c1dd31c72271b1923ab972e3d3359b
|
|||||||
for (i = 0, lu = sigalg_lookup_tbl;
|
for (i = 0, lu = sigalg_lookup_tbl;
|
||||||
i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
|
i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
|
||||||
EVP_PKEY_CTX *pctx;
|
EVP_PKEY_CTX *pctx;
|
||||||
@@ -1174,6 +1177,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
|
@@ -1175,6 +1178,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
|
||||||
cache[i].enabled = 0;
|
cache[i].enabled = 0;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@ -477,15 +530,15 @@ index 51c2283db915d792fa3020a2d7cbdc0d91fc9dca..89c1dd31c72271b1923ab972e3d3359b
|
|||||||
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
|
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
|
||||||
cache[i].enabled = 0;
|
cache[i].enabled = 0;
|
||||||
diff --git a/util/libcrypto.num b/util/libcrypto.num
|
diff --git a/util/libcrypto.num b/util/libcrypto.num
|
||||||
index 4e729be97d7b31b4caf0c3bab06dbce908dc2628..2ad515028ac6522e43cdb48794ba2cc96de56049 100644
|
index 9cb8a4dda2..feb660d030 100644
|
||||||
--- a/util/libcrypto.num
|
--- a/util/libcrypto.num
|
||||||
+++ b/util/libcrypto.num
|
+++ b/util/libcrypto.num
|
||||||
@@ -5429,3 +5429,5 @@ OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
|
@@ -5436,3 +5436,5 @@ EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
|
||||||
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
|
BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
|
||||||
OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP
|
OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
|
||||||
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
||||||
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
||||||
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
||||||
--
|
--
|
||||||
2.39.1
|
2.40.1
|
||||||
|
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -1,4 +1,4 @@
|
|||||||
From b9e2912acb72837b2fdef5cd8f96dc4e0d2a8fea Mon Sep 17 00:00:00 2001
|
From 033a4a68f259e32ea58e5a9f478f59d7dabe70af Mon Sep 17 00:00:00 2001
|
||||||
From: Clemens Lang <cllang@redhat.com>
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
Date: Tue, 1 Mar 2022 15:44:18 +0100
|
Date: Tue, 1 Mar 2022 15:44:18 +0100
|
||||||
Subject: [PATCH 23/38] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures =
|
Subject: [PATCH 23/38] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures =
|
||||||
@ -13,7 +13,7 @@ References: rhbz#2055796
|
|||||||
4 files changed, 79 insertions(+), 18 deletions(-)
|
4 files changed, 79 insertions(+), 18 deletions(-)
|
||||||
|
|
||||||
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
|
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
|
||||||
index 9384f1da9bad9e104550ff270d9ae8dc61da073d..859d5caf4529e193336022bc8a4bdd640df26066 100644
|
index d19efeaa99..451fa10bf2 100644
|
||||||
--- a/crypto/x509/x509_vfy.c
|
--- a/crypto/x509/x509_vfy.c
|
||||||
+++ b/crypto/x509/x509_vfy.c
|
+++ b/crypto/x509/x509_vfy.c
|
||||||
@@ -25,6 +25,7 @@
|
@@ -25,6 +25,7 @@
|
||||||
@ -24,7 +24,7 @@ index 9384f1da9bad9e104550ff270d9ae8dc61da073d..859d5caf4529e193336022bc8a4bdd64
|
|||||||
#include "crypto/x509.h"
|
#include "crypto/x509.h"
|
||||||
#include "x509_local.h"
|
#include "x509_local.h"
|
||||||
|
|
||||||
@@ -3430,14 +3431,30 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
|
@@ -3438,14 +3439,30 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
|
||||||
{
|
{
|
||||||
int secbits = -1;
|
int secbits = -1;
|
||||||
int level = ctx->param->auth_level;
|
int level = ctx->param->auth_level;
|
||||||
@ -57,10 +57,10 @@ index 9384f1da9bad9e104550ff270d9ae8dc61da073d..859d5caf4529e193336022bc8a4bdd64
|
|||||||
return secbits >= minbits_table[level - 1];
|
return secbits >= minbits_table[level - 1];
|
||||||
}
|
}
|
||||||
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
|
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
|
||||||
index f7ac6a743b44c786cf18ccf2ed28105855ceb3ac..f850075d2d0da73e2ab8fc402b1884d3ef6254a8 100644
|
index e5a88d11aa..2d5649f90b 100644
|
||||||
--- a/doc/man5/config.pod
|
--- a/doc/man5/config.pod
|
||||||
+++ b/doc/man5/config.pod
|
+++ b/doc/man5/config.pod
|
||||||
@@ -313,7 +313,12 @@ When set to B<no>, any attempt to create or verify a signature with a SHA1
|
@@ -305,7 +305,12 @@ When set to B<no>, any attempt to create or verify a signature with a SHA1
|
||||||
digest will fail. For compatibility with older versions of OpenSSL, set this
|
digest will fail. For compatibility with older versions of OpenSSL, set this
|
||||||
option to B<yes>. This setting also affects TLS, where signature algorithms
|
option to B<yes>. This setting also affects TLS, where signature algorithms
|
||||||
that use SHA1 as digest will no longer be supported if this option is set to
|
that use SHA1 as digest will no longer be supported if this option is set to
|
||||||
@ -75,7 +75,7 @@ index f7ac6a743b44c786cf18ccf2ed28105855ceb3ac..f850075d2d0da73e2ab8fc402b1884d3
|
|||||||
=item B<fips_mode> (deprecated)
|
=item B<fips_mode> (deprecated)
|
||||||
|
|
||||||
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
||||||
index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd6d7a06ed 100644
|
index 8bc550ea5b..a9d21a6a96 100644
|
||||||
--- a/ssl/t1_lib.c
|
--- a/ssl/t1_lib.c
|
||||||
+++ b/ssl/t1_lib.c
|
+++ b/ssl/t1_lib.c
|
||||||
@@ -20,6 +20,7 @@
|
@@ -20,6 +20,7 @@
|
||||||
@ -86,7 +86,7 @@ index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd
|
|||||||
#include "internal/sslconf.h"
|
#include "internal/sslconf.h"
|
||||||
#include "internal/nelem.h"
|
#include "internal/nelem.h"
|
||||||
#include "internal/sizes.h"
|
#include "internal/sizes.h"
|
||||||
@@ -1566,19 +1567,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
|
@@ -1567,19 +1568,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
|
||||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
|
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -127,7 +127,7 @@ index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd
|
|||||||
}
|
}
|
||||||
/* Store the sigalg the peer uses */
|
/* Store the sigalg the peer uses */
|
||||||
s->s3.tmp.peer_sigalg = lu;
|
s->s3.tmp.peer_sigalg = lu;
|
||||||
@@ -2116,6 +2125,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
|
@@ -2117,6 +2126,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -142,7 +142,7 @@ index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd
|
|||||||
/* Finally see if security callback allows it */
|
/* Finally see if security callback allows it */
|
||||||
secbits = sigalg_security_bits(s->ctx, lu);
|
secbits = sigalg_security_bits(s->ctx, lu);
|
||||||
sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
|
sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
|
||||||
@@ -2985,6 +3002,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
|
@@ -2986,6 +3003,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
|
||||||
{
|
{
|
||||||
/* Lookup signature algorithm digest */
|
/* Lookup signature algorithm digest */
|
||||||
int secbits, nid, pknid;
|
int secbits, nid, pknid;
|
||||||
@ -151,7 +151,7 @@ index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd
|
|||||||
/* Don't check signature if self signed */
|
/* Don't check signature if self signed */
|
||||||
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
|
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
|
||||||
return 1;
|
return 1;
|
||||||
@@ -2993,6 +3012,25 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
|
@@ -2994,6 +3013,25 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
|
||||||
/* If digest NID not defined use signature NID */
|
/* If digest NID not defined use signature NID */
|
||||||
if (nid == NID_undef)
|
if (nid == NID_undef)
|
||||||
nid = pknid;
|
nid = pknid;
|
||||||
@ -178,19 +178,19 @@ index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd
|
|||||||
return ssl_security(s, op, secbits, nid, x);
|
return ssl_security(s, op, secbits, nid, x);
|
||||||
else
|
else
|
||||||
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
|
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
|
||||||
index 2a4c36e86daff04f87ad4726a9fb359d958189bf..309cda877d15ff18f5e492c05372f5c9f1393525 100644
|
index f69af793e4..a7481254e1 100644
|
||||||
--- a/test/recipes/25-test_verify.t
|
--- a/test/recipes/25-test_verify.t
|
||||||
+++ b/test/recipes/25-test_verify.t
|
+++ b/test/recipes/25-test_verify.t
|
||||||
@@ -29,7 +29,7 @@ sub verify {
|
@@ -29,7 +29,7 @@ sub verify {
|
||||||
run(app([@args]));
|
run(app([@args]));
|
||||||
}
|
}
|
||||||
|
|
||||||
-plan tests => 164;
|
-plan tests => 175;
|
||||||
+plan tests => 163;
|
+plan tests => 174;
|
||||||
|
|
||||||
# Canonical success
|
# Canonical success
|
||||||
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
|
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
|
||||||
@@ -419,8 +419,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"
|
@@ -439,8 +439,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"
|
||||||
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
|
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
|
||||||
"CA with PSS signature using SHA256");
|
"CA with PSS signature using SHA256");
|
||||||
|
|
||||||
@ -203,5 +203,5 @@ index 2a4c36e86daff04f87ad4726a9fb359d958189bf..309cda877d15ff18f5e492c05372f5c9
|
|||||||
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
|
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
|
||||||
"PSS signature using SHA256 and auth level 2");
|
"PSS signature using SHA256 and auth level 2");
|
||||||
--
|
--
|
||||||
2.39.1
|
2.40.1
|
||||||
|
|
||||||
|
@ -1,238 +0,0 @@
|
|||||||
From 428369896db1656af748a67bb36fba039e7b39ad Mon Sep 17 00:00:00 2001
|
|
||||||
From: Clemens Lang <cllang@redhat.com>
|
|
||||||
Date: Mon, 25 Apr 2022 15:21:46 +0200
|
|
||||||
Subject: [PATCH] Instrument SHA-1 signatures with USDT probes
|
|
||||||
|
|
||||||
In order to discover remaining uses of SHA-1 in signatures without
|
|
||||||
forcefully breaking the code paths, add USDT probes that can be queried
|
|
||||||
with systemtap at runtime.
|
|
||||||
|
|
||||||
This should allow identifying components that still use SHA-1 signatures
|
|
||||||
in production so that they can be transitioned to more modern hash
|
|
||||||
algorithms.
|
|
||||||
---
|
|
||||||
crypto/evp/m_sigver.c | 13 +++++++++----
|
|
||||||
crypto/evp/pmeth_lib.c | 13 +++++++++----
|
|
||||||
crypto/x509/x509_vfy.c | 6 +++++-
|
|
||||||
providers/common/securitycheck.c | 22 +++++++++++++++-------
|
|
||||||
providers/common/securitycheck_default.c | 13 +++++++++++--
|
|
||||||
ssl/t1_lib.c | 8 +++++++-
|
|
||||||
6 files changed, 56 insertions(+), 19 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
|
|
||||||
index 8da2183ce0..c17cdfa5d5 100644
|
|
||||||
--- a/crypto/evp/m_sigver.c
|
|
||||||
+++ b/crypto/evp/m_sigver.c
|
|
||||||
@@ -16,6 +16,8 @@
|
|
||||||
#include "internal/numbers.h" /* includes SIZE_MAX */
|
|
||||||
#include "evp_local.h"
|
|
||||||
|
|
||||||
+#include <sys/sdt.h>
|
|
||||||
+
|
|
||||||
typedef struct ossl_legacy_digest_signatures_st {
|
|
||||||
int allowed;
|
|
||||||
} OSSL_LEGACY_DIGEST_SIGNATURES;
|
|
||||||
@@ -336,10 +338,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
|
|
||||||
&& !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) {
|
|
||||||
int mdnid = EVP_MD_nid(ctx->reqdigest);
|
|
||||||
- if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)
|
|
||||||
- && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) {
|
|
||||||
- ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
|
|
||||||
- goto err;
|
|
||||||
+ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) {
|
|
||||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)) {
|
|
||||||
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
|
|
||||||
+ goto err;
|
|
||||||
+ } else {
|
|
||||||
+ DTRACE_PROBE1(libcrypto, fedora_do_sigver_init_1, mdnid);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
|
|
||||||
index b96f148c0d..54fcf24945 100644
|
|
||||||
--- a/crypto/evp/pmeth_lib.c
|
|
||||||
+++ b/crypto/evp/pmeth_lib.c
|
|
||||||
@@ -37,6 +37,8 @@
|
|
||||||
#include "internal/sslconf.h"
|
|
||||||
#include "evp_local.h"
|
|
||||||
|
|
||||||
+#include <sys/sdt.h>
|
|
||||||
+
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
|
|
||||||
static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx,
|
|
||||||
@@ -956,10 +958,13 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
|
|
||||||
&& !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
|
|
||||||
&& !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
|
|
||||||
int mdnid = EVP_MD_nid(md);
|
|
||||||
- if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
|
|
||||||
- && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
|
|
||||||
- ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
|
|
||||||
- return -1;
|
|
||||||
+ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) {
|
|
||||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
|
|
||||||
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
|
|
||||||
+ return -1;
|
|
||||||
+ } else {
|
|
||||||
+ DTRACE_PROBE1(libcrypto, fedora_evp_pkey_ctx_set_md_1, mdnid);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
|
|
||||||
index bf0c608839..78638ce80e 100644
|
|
||||||
--- a/crypto/x509/x509_vfy.c
|
|
||||||
+++ b/crypto/x509/x509_vfy.c
|
|
||||||
@@ -29,6 +29,8 @@
|
|
||||||
#include "crypto/x509.h"
|
|
||||||
#include "x509_local.h"
|
|
||||||
|
|
||||||
+#include <sys/sdt.h>
|
|
||||||
+
|
|
||||||
/* CRL score values */
|
|
||||||
|
|
||||||
#define CRL_SCORE_NOCRITICAL 0x100 /* No unhandled critical extensions */
|
|
||||||
@@ -3462,11 +3464,13 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
|
|
||||||
|
|
||||||
if ((nid == NID_sha1 || nid == NID_md5_sha1)
|
|
||||||
&& ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
|
|
||||||
- && ctx->param->auth_level < 2)
|
|
||||||
+ && ctx->param->auth_level < 2) {
|
|
||||||
+ DTRACE_PROBE1(libcrypto, fedora_check_sig_level_1, nid);
|
|
||||||
/* When rh-allow-sha1-signatures = yes and security level <= 1,
|
|
||||||
* explicitly allow SHA1 for backwards compatibility. Also allow
|
|
||||||
* MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
|
|
||||||
return 1;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
return secbits >= minbits_table[level - 1];
|
|
||||||
}
|
|
||||||
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
|
|
||||||
index e534ad0a5f..bf496450cf 100644
|
|
||||||
--- a/providers/common/securitycheck.c
|
|
||||||
+++ b/providers/common/securitycheck.c
|
|
||||||
@@ -21,6 +21,8 @@
|
|
||||||
#include "prov/securitycheck.h"
|
|
||||||
#include "internal/sslconf.h"
|
|
||||||
|
|
||||||
+#include <sys/sdt.h>
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* FIPS requires a minimum security strength of 112 bits (for encryption or
|
|
||||||
* signing), and for legacy purposes 80 bits (for decryption or verifying).
|
|
||||||
@@ -238,11 +240,14 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
||||||
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
|
||||||
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
- if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
|
||||||
- /* SHA1 is globally disabled, check whether we want to locally allow
|
|
||||||
- * it. */
|
|
||||||
- if (mdnid == NID_sha1 && !sha1_allowed)
|
|
||||||
+ if (mdnid == NID_sha1 && !sha1_allowed) {
|
|
||||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
|
||||||
+ /* SHA1 is globally disabled, check whether we want to locally allow
|
|
||||||
+ * it. */
|
|
||||||
mdnid = -1;
|
|
||||||
+ else
|
|
||||||
+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_get_approved_nid_with_sha1_1, mdnid);
|
|
||||||
+ }
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return mdnid;
|
|
||||||
@@ -258,9 +263,12 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
{
|
|
||||||
int mdnid = EVP_MD_nid(md);
|
|
||||||
- if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
|
|
||||||
- && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
|
||||||
- return 0;
|
|
||||||
+ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) {
|
|
||||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
|
||||||
+ return 0;
|
|
||||||
+ else
|
|
||||||
+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_is_allowed_1, mdnid);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
|
|
||||||
index ce54a94fbc..2d21e4a7df 100644
|
|
||||||
--- a/providers/common/securitycheck_default.c
|
|
||||||
+++ b/providers/common/securitycheck_default.c
|
|
||||||
@@ -17,6 +17,8 @@
|
|
||||||
#include "internal/nelem.h"
|
|
||||||
#include "internal/sslconf.h"
|
|
||||||
|
|
||||||
+#include <sys/sdt.h>
|
|
||||||
+
|
|
||||||
/* Disable the security checks in the default provider */
|
|
||||||
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
|
|
||||||
{
|
|
||||||
@@ -40,9 +42,16 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
||||||
|
|
||||||
ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0);
|
|
||||||
mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed);
|
|
||||||
+ if (mdnid == NID_sha1)
|
|
||||||
+ /* This will only happen if SHA1 is allowed, otherwise mdnid is -1. */
|
|
||||||
+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_rsa_sign_get_md_nid_1, mdnid);
|
|
||||||
if (mdnid == NID_undef)
|
|
||||||
mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
|
|
||||||
- if (mdnid == NID_md5_sha1 && !ldsigs_allowed)
|
|
||||||
- mdnid = -1;
|
|
||||||
+ if (mdnid == NID_md5_sha1) {
|
|
||||||
+ if (ldsigs_allowed)
|
|
||||||
+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_rsa_sign_get_md_nid_2, mdnid);
|
|
||||||
+ else
|
|
||||||
+ mdnid = -1;
|
|
||||||
+ }
|
|
||||||
return mdnid;
|
|
||||||
}
|
|
||||||
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
|
||||||
index 0b50266b69..d05e696a28 100644
|
|
||||||
--- a/ssl/t1_lib.c
|
|
||||||
+++ b/ssl/t1_lib.c
|
|
||||||
@@ -28,6 +28,8 @@
|
|
||||||
#include "ssl_local.h"
|
|
||||||
#include <openssl/ct.h>
|
|
||||||
|
|
||||||
+#include <sys/sdt.h>
|
|
||||||
+
|
|
||||||
static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey);
|
|
||||||
static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
|
|
||||||
|
|
||||||
@@ -1569,6 +1571,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
|
|
||||||
/* When rh-allow-sha1-signatures = yes and security level <= 1,
|
|
||||||
* explicitly allow SHA1 for backwards compatibility. Also allow
|
|
||||||
* MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
|
|
||||||
+ DTRACE_PROBE1(libssl, fedora_tls12_check_peer_sigalg_1, lu->hash);
|
|
||||||
} else {
|
|
||||||
/*
|
|
||||||
* Make sure security callback allows algorithm. For historical
|
|
||||||
@@ -2122,6 +2125,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
|
|
||||||
/* When rh-allow-sha1-signatures = yes and security level <= 1,
|
|
||||||
* explicitly allow SHA1 for backwards compatibility. Also allow
|
|
||||||
* MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
|
|
||||||
+ DTRACE_PROBE1(libssl, fedora_tls12_sigalg_allowed_1, lu->hash);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -3020,11 +3024,13 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
|
|
||||||
&& ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
|
|
||||||
&& ((s != NULL && SSL_get_security_level(s) < 2)
|
|
||||||
|| (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2)
|
|
||||||
- ))
|
|
||||||
+ )) {
|
|
||||||
/* When rh-allow-sha1-signatures = yes and security level <= 1,
|
|
||||||
* explicitly allow SHA1 for backwards compatibility. Also allow
|
|
||||||
* MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
|
|
||||||
+ DTRACE_PROBE1(libssl, fedora_ssl_security_cert_sig_1, nid);
|
|
||||||
return 1;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (s)
|
|
||||||
return ssl_security(s, op, secbits, nid, x);
|
|
||||||
--
|
|
||||||
2.35.1
|
|
||||||
|
|
@ -1,15 +1,13 @@
|
|||||||
diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num
|
diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num
|
||||||
--- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200
|
--- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200
|
||||||
+++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200
|
+++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200
|
||||||
@@ -5425,6 +5425,8 @@ ASN1_item_d2i_ex
|
@@ -5425,4 +5425,6 @@ ASN1_item_d2i_ex
|
||||||
OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
|
EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
|
||||||
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
|
BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
|
||||||
OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP
|
OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
|
||||||
+OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION:
|
+OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION:
|
||||||
+OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION:
|
+OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION:
|
||||||
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
||||||
ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
|
||||||
ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
|
||||||
diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c
|
diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c
|
||||||
--- openssl-3.0.7/crypto/o_str.c.cmp 2022-11-25 12:50:22.449760653 +0100
|
--- openssl-3.0.7/crypto/o_str.c.cmp 2022-11-25 12:50:22.449760653 +0100
|
||||||
+++ openssl-3.0.7/crypto/o_str.c 2022-11-25 12:51:19.416350584 +0100
|
+++ openssl-3.0.7/crypto/o_str.c 2022-11-25 12:51:19.416350584 +0100
|
||||||
|
@ -1,420 +0,0 @@
|
|||||||
diff -up openssl-3.0.1/crypto/ec/ec_backend.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_backend.c
|
|
||||||
--- openssl-3.0.1/crypto/ec/ec_backend.c.fips_kat_signature 2022-04-04 15:49:24.786455707 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/ec/ec_backend.c 2022-04-04 16:06:13.250271963 +0200
|
|
||||||
@@ -393,6 +393,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con
|
|
||||||
const OSSL_PARAM *param_priv_key = NULL, *param_pub_key = NULL;
|
|
||||||
BN_CTX *ctx = NULL;
|
|
||||||
BIGNUM *priv_key = NULL;
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ const OSSL_PARAM *param_sign_kat_k = NULL;
|
|
||||||
+ BIGNUM *sign_kat_k = NULL;
|
|
||||||
+#endif
|
|
||||||
unsigned char *pub_key = NULL;
|
|
||||||
size_t pub_key_len;
|
|
||||||
const EC_GROUP *ecg = NULL;
|
|
||||||
@@ -408,7 +412,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con
|
|
||||||
if (include_private)
|
|
||||||
param_priv_key =
|
|
||||||
OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
|
|
||||||
-
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ param_sign_kat_k =
|
|
||||||
+ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K);
|
|
||||||
+#endif
|
|
||||||
ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(ec));
|
|
||||||
if (ctx == NULL)
|
|
||||||
goto err;
|
|
||||||
@@ -481,6 +489,17 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con
|
|
||||||
&& !EC_KEY_set_public_key(ec, pub_point))
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ if (param_sign_kat_k) {
|
|
||||||
+ if ((sign_kat_k = BN_secure_new()) == NULL)
|
|
||||||
+ goto err;
|
|
||||||
+ BN_set_flags(sign_kat_k, BN_FLG_CONSTTIME);
|
|
||||||
+
|
|
||||||
+ if (!OSSL_PARAM_get_BN(param_sign_kat_k, &sign_kat_k))
|
|
||||||
+ goto err;
|
|
||||||
+ ec->sign_kat_k = sign_kat_k;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
ok = 1;
|
|
||||||
|
|
||||||
err:
|
|
||||||
diff -up openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature openssl-3.0.1/crypto/ec/ecdsa_ossl.c
|
|
||||||
--- openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature 2022-04-04 17:01:35.725323127 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/ec/ecdsa_ossl.c 2022-04-04 17:03:42.000427050 +0200
|
|
||||||
@@ -20,6 +20,10 @@
|
|
||||||
#include "crypto/bn.h"
|
|
||||||
#include "ec_local.h"
|
|
||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+extern int REDHAT_FIPS_signature_st;
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|
||||||
BIGNUM **rp)
|
|
||||||
{
|
|
||||||
@@ -126,6 +130,11 @@ static int ecdsa_sign_setup(EC_KEY *ecke
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
do {
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) {
|
|
||||||
+ BN_copy(k, eckey->sign_kat_k);
|
|
||||||
+ } else {
|
|
||||||
+#endif
|
|
||||||
/* get random k */
|
|
||||||
do {
|
|
||||||
if (dgst != NULL) {
|
|
||||||
@@ -141,7 +150,9 @@ static int ecdsa_sign_setup(EC_KEY *ecke
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} while (BN_is_zero(k));
|
|
||||||
-
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
/* compute r the x-coordinate of generator * k */
|
|
||||||
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
|
|
||||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
|
|
||||||
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_key.c
|
|
||||||
--- openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature 2022-04-04 13:48:52.231172299 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/ec/ec_key.c 2022-04-04 14:00:35.077368605 +0200
|
|
||||||
@@ -97,6 +97,9 @@ void EC_KEY_free(EC_KEY *r)
|
|
||||||
EC_GROUP_free(r->group);
|
|
||||||
EC_POINT_free(r->pub_key);
|
|
||||||
BN_clear_free(r->priv_key);
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ BN_clear_free(r->sign_kat_k);
|
|
||||||
+#endif
|
|
||||||
OPENSSL_free(r->propq);
|
|
||||||
|
|
||||||
OPENSSL_clear_free((void *)r, sizeof(EC_KEY));
|
|
||||||
diff -up openssl-3.0.1/crypto/ec/ec_local.h.fips_kat_signature openssl-3.0.1/crypto/ec/ec_local.h
|
|
||||||
--- openssl-3.0.1/crypto/ec/ec_local.h.fips_kat_signature 2022-04-04 13:46:57.576161867 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/ec/ec_local.h 2022-04-04 13:48:07.827780835 +0200
|
|
||||||
@@ -298,6 +298,9 @@ struct ec_key_st {
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
CRYPTO_EX_DATA ex_data;
|
|
||||||
#endif
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ BIGNUM *sign_kat_k;
|
|
||||||
+#endif
|
|
||||||
CRYPTO_RWLOCK *lock;
|
|
||||||
OSSL_LIB_CTX *libctx;
|
|
||||||
char *propq;
|
|
||||||
diff -up openssl-3.0.1/include/openssl/core_names.h.fips_kat_signature openssl-3.0.1/include/openssl/core_names.h
|
|
||||||
--- openssl-3.0.1/include/openssl/core_names.h.fips_kat_signature 2022-04-04 14:06:15.717370014 +0200
|
|
||||||
+++ openssl-3.0.1/include/openssl/core_names.h 2022-04-04 14:07:35.376071229 +0200
|
|
||||||
@@ -293,6 +293,7 @@ extern "C" {
|
|
||||||
#define OSSL_PKEY_PARAM_DIST_ID "distid"
|
|
||||||
#define OSSL_PKEY_PARAM_PUB_KEY "pub"
|
|
||||||
#define OSSL_PKEY_PARAM_PRIV_KEY "priv"
|
|
||||||
+#define OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K "rh_sign_kat_k"
|
|
||||||
|
|
||||||
/* Diffie-Hellman/DSA Parameters */
|
|
||||||
#define OSSL_PKEY_PARAM_FFC_P "p"
|
|
||||||
diff -up openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.fips_kat_signature openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c
|
|
||||||
--- openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.fips_kat_signature 2022-04-04 14:21:03.043180906 +0200
|
|
||||||
+++ openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c 2022-04-04 14:38:33.949406645 +0200
|
|
||||||
@@ -530,7 +530,8 @@ end:
|
|
||||||
# define EC_IMEXPORTABLE_PUBLIC_KEY \
|
|
||||||
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
|
|
||||||
# define EC_IMEXPORTABLE_PRIVATE_KEY \
|
|
||||||
- OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
|
|
||||||
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), \
|
|
||||||
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, NULL, 0)
|
|
||||||
# define EC_IMEXPORTABLE_OTHER_PARAMETERS \
|
|
||||||
OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), \
|
|
||||||
OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL)
|
|
||||||
diff -up openssl-3.0.1/providers/fips/self_test_kats.c.kat openssl-3.0.1/providers/fips/self_test_kats.c
|
|
||||||
--- openssl-3.0.1/providers/fips/self_test_kats.c.kat 2022-05-10 15:10:32.502185265 +0200
|
|
||||||
+++ openssl-3.0.1/providers/fips/self_test_kats.c 2022-05-10 15:13:21.465653720 +0200
|
|
||||||
@@ -17,6 +17,8 @@
|
|
||||||
#include "self_test.h"
|
|
||||||
#include "self_test_data.inc"
|
|
||||||
|
|
||||||
+int REDHAT_FIPS_signature_st = 0;
|
|
||||||
+
|
|
||||||
static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st,
|
|
||||||
OSSL_LIB_CTX *libctx)
|
|
||||||
{
|
|
||||||
@@ -446,6 +448,7 @@ static int self_test_sign(const ST_KAT_S
|
|
||||||
EVP_PKEY *pkey = NULL;
|
|
||||||
unsigned char sig[256];
|
|
||||||
BN_CTX *bnctx = NULL;
|
|
||||||
+ BIGNUM *K = NULL;
|
|
||||||
size_t siglen = sizeof(sig);
|
|
||||||
static const unsigned char dgst[] = {
|
|
||||||
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
|
|
||||||
@@ -462,6 +465,9 @@ static int self_test_sign(const ST_KAT_S
|
|
||||||
bnctx = BN_CTX_new_ex(libctx);
|
|
||||||
if (bnctx == NULL)
|
|
||||||
goto err;
|
|
||||||
+ K = BN_CTX_get(bnctx);
|
|
||||||
+ if (K == NULL || BN_bin2bn(dgst, sizeof(dgst), K) == NULL)
|
|
||||||
+ goto err;
|
|
||||||
|
|
||||||
bld = OSSL_PARAM_BLD_new();
|
|
||||||
if (bld == NULL)
|
|
||||||
@@ -469,6 +475,9 @@ static int self_test_sign(const ST_KAT_S
|
|
||||||
|
|
||||||
if (!add_params(bld, t->key, bnctx))
|
|
||||||
goto err;
|
|
||||||
+ /* set K for ECDSA KAT tests */
|
|
||||||
+ if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, K))
|
|
||||||
+ goto err;
|
|
||||||
params = OSSL_PARAM_BLD_to_param(bld);
|
|
||||||
|
|
||||||
/* Create a EVP_PKEY_CTX to load the DSA key into */
|
|
||||||
@@ -689,11 +698,13 @@ static int self_test_kas(OSSL_SELF_TEST
|
|
||||||
static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
|
|
||||||
{
|
|
||||||
int i, ret = 1;
|
|
||||||
+ REDHAT_FIPS_signature_st = 1;
|
|
||||||
|
|
||||||
for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) {
|
|
||||||
if (!self_test_sign(&st_kat_sign_tests[i], st, libctx))
|
|
||||||
ret = 0;
|
|
||||||
}
|
|
||||||
+ REDHAT_FIPS_signature_st = 0;
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff -up openssl-3.0.1/providers/fips/self_test_data.inc.kat openssl-3.0.1/providers/fips/self_test_data.inc
|
|
||||||
--- openssl-3.0.1/providers/fips/self_test_data.inc.kat 2022-05-16 17:37:34.962807400 +0200
|
|
||||||
+++ openssl-3.0.1/providers/fips/self_test_data.inc 2022-05-16 17:48:10.709376779 +0200
|
|
||||||
@@ -1399,7 +1399,151 @@ static const ST_KAT_PARAM ecdsa_prime_ke
|
|
||||||
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv),
|
|
||||||
ST_KAT_PARAM_END()
|
|
||||||
};
|
|
||||||
+static const unsigned char ec224r1_kat_sig[] = {
|
|
||||||
+0x30, 0x3c, 0x02, 0x1c, 0x2f, 0x24, 0x30, 0x96, 0x3b, 0x39, 0xe0, 0xab, 0xe2, 0x5a, 0x6f, 0xe0,
|
|
||||||
+0x40, 0x7e, 0x19, 0x30, 0x6e, 0x6a, 0xfd, 0x7a, 0x2b, 0x5d, 0xaa, 0xc2, 0x34, 0x6c, 0xc8, 0xce,
|
|
||||||
+0x02, 0x1c, 0x47, 0xe1, 0xac, 0xfd, 0xb4, 0xb8, 0x2b, 0x8c, 0x49, 0xb6, 0x36, 0xcd, 0xdd, 0x22,
|
|
||||||
+0x2a, 0x2d, 0x29, 0x64, 0x70, 0x61, 0xc3, 0x3e, 0x18, 0x51, 0xec, 0xf2, 0xad, 0x3c
|
|
||||||
+};
|
|
||||||
|
|
||||||
+static const char ecd_prime_curve_name384[] = "secp384r1";
|
|
||||||
+/*
|
|
||||||
+priv:
|
|
||||||
+ 58:12:2b:94:be:29:23:13:83:f5:c4:20:e8:22:34:
|
|
||||||
+ 54:73:49:91:10:05:e9:10:e9:d7:2d:72:9c:5e:6a:
|
|
||||||
+ ba:8f:6d:d6:e4:a7:eb:e0:ae:e3:d4:c9:aa:33:87:
|
|
||||||
+ 4c:91:87
|
|
||||||
+pub:
|
|
||||||
+ 04:d1:86:8b:f5:c4:a2:f7:a5:92:e6:85:2a:d2:92:
|
|
||||||
+ 81:97:0a:8d:fa:09:3f:84:6c:17:43:03:43:49:23:
|
|
||||||
+ 77:c4:31:f4:0a:a4:de:87:ac:5c:c0:d1:bc:e4:43:
|
|
||||||
+ 7f:8d:44:e1:3b:5f:bc:27:c8:79:0f:d0:31:9f:a7:
|
|
||||||
+ 6d:de:fb:f7:da:19:40:fd:aa:83:dc:69:ce:a6:f3:
|
|
||||||
+ 4d:65:20:1c:66:82:80:03:f7:7b:2e:f3:b3:7c:1f:
|
|
||||||
+ 11:f2:a3:bf:e8:0e:88
|
|
||||||
+*/
|
|
||||||
+static const unsigned char ecd_prime_priv384[] = {
|
|
||||||
+ 0x58, 0x12, 0x2b, 0x94, 0xbe, 0x29, 0x23, 0x13, 0x83, 0xf5, 0xc4, 0x20, 0xe8, 0x22, 0x34,
|
|
||||||
+ 0x54, 0x73, 0x49, 0x91, 0x10, 0x05, 0xe9, 0x10, 0xe9, 0xd7, 0x2d, 0x72, 0x9c, 0x5e, 0x6a,
|
|
||||||
+ 0xba, 0x8f, 0x6d, 0xd6, 0xe4, 0xa7, 0xeb, 0xe0, 0xae, 0xe3, 0xd4, 0xc9, 0xaa, 0x33, 0x87,
|
|
||||||
+ 0x4c, 0x91, 0x87
|
|
||||||
+};
|
|
||||||
+static const unsigned char ecd_prime_pub384[] = {
|
|
||||||
+ 0x04, 0xd1, 0x86, 0x8b, 0xf5, 0xc4, 0xa2, 0xf7, 0xa5, 0x92, 0xe6, 0x85, 0x2a, 0xd2, 0x92,
|
|
||||||
+ 0x81, 0x97, 0x0a, 0x8d, 0xfa, 0x09, 0x3f, 0x84, 0x6c, 0x17, 0x43, 0x03, 0x43, 0x49, 0x23,
|
|
||||||
+ 0x77, 0xc4, 0x31, 0xf4, 0x0a, 0xa4, 0xde, 0x87, 0xac, 0x5c, 0xc0, 0xd1, 0xbc, 0xe4, 0x43,
|
|
||||||
+ 0x7f, 0x8d, 0x44, 0xe1, 0x3b, 0x5f, 0xbc, 0x27, 0xc8, 0x79, 0x0f, 0xd0, 0x31, 0x9f, 0xa7,
|
|
||||||
+ 0x6d, 0xde, 0xfb, 0xf7, 0xda, 0x19, 0x40, 0xfd, 0xaa, 0x83, 0xdc, 0x69, 0xce, 0xa6, 0xf3,
|
|
||||||
+ 0x4d, 0x65, 0x20, 0x1c, 0x66, 0x82, 0x80, 0x03, 0xf7, 0x7b, 0x2e, 0xf3, 0xb3, 0x7c, 0x1f,
|
|
||||||
+ 0x11, 0xf2, 0xa3, 0xbf, 0xe8, 0x0e, 0x88
|
|
||||||
+};
|
|
||||||
+static const ST_KAT_PARAM ecdsa_prime_key384[] = {
|
|
||||||
+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name384),
|
|
||||||
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub384),
|
|
||||||
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv384),
|
|
||||||
+ ST_KAT_PARAM_END()
|
|
||||||
+};
|
|
||||||
+static const unsigned char ec384r1_kat_sig[] = {
|
|
||||||
+0x30, 0x65, 0x02, 0x30, 0x1a, 0xd5, 0x57, 0x1b, 0x28, 0x0f, 0xf1, 0x68, 0x66, 0x68, 0x8a, 0x98,
|
|
||||||
+0xe3, 0x9c, 0xce, 0x7f, 0xa7, 0x68, 0xdc, 0x84, 0x5a, 0x65, 0xdc, 0x2b, 0x5d, 0x7e, 0xf3, 0x9b,
|
|
||||||
+0xa0, 0x40, 0xe8, 0x7a, 0x02, 0xc7, 0x82, 0xe0, 0x0c, 0x81, 0xa5, 0xda, 0x55, 0x27, 0xbf, 0x79,
|
|
||||||
+0xee, 0x72, 0xc2, 0x14, 0x02, 0x31, 0x00, 0xd1, 0x9d, 0x67, 0xda, 0x5a, 0xd2, 0x58, 0x68, 0xe7,
|
|
||||||
+0x71, 0x08, 0xb2, 0xa4, 0xe4, 0xe8, 0x74, 0xb4, 0x0a, 0x3d, 0x76, 0x49, 0x31, 0x17, 0x6e, 0x33,
|
|
||||||
+0x16, 0xf0, 0x00, 0x1f, 0x3c, 0x1f, 0xf9, 0x7c, 0xdb, 0x93, 0x49, 0x9c, 0x7d, 0xb3, 0xd3, 0x30,
|
|
||||||
+0x98, 0x81, 0x6f, 0xb0, 0xc9, 0x30, 0x2f
|
|
||||||
+};
|
|
||||||
+static const char ecd_prime_curve_name521[] = "secp521r1";
|
|
||||||
+/*
|
|
||||||
+priv:
|
|
||||||
+ 00:44:0f:96:31:a9:87:f2:5f:be:a0:bc:ef:0c:ae:
|
|
||||||
+ 58:cc:5f:f8:44:9e:89:86:7e:bf:db:ce:cb:0e:20:
|
|
||||||
+ 10:4a:11:ec:0b:51:1d:e4:91:ca:c6:40:fb:c6:69:
|
|
||||||
+ ad:68:33:9e:c8:f5:c4:c6:a5:93:a8:4d:a9:a9:a2:
|
|
||||||
+ af:fe:6d:cb:c2:3b
|
|
||||||
+pub:
|
|
||||||
+ 04:01:5f:58:a9:40:0c:ee:9b:ed:4a:f4:7a:3c:a3:
|
|
||||||
+ 89:c2:f3:7e:2c:f4:b5:53:80:ae:33:7d:36:d1:b5:
|
|
||||||
+ 18:bd:ef:a9:48:00:ea:88:ee:00:5c:ca:07:08:b5:
|
|
||||||
+ 67:4a:c3:2b:10:c6:07:b0:c2:45:37:b7:1d:e3:6c:
|
|
||||||
+ e1:bf:2c:44:18:4a:aa:01:af:75:40:6a:e3:f5:b2:
|
|
||||||
+ 7f:d1:9d:1b:8b:29:1f:91:4d:db:93:bf:bd:8c:b7:
|
|
||||||
+ 6a:8d:4b:2c:36:2a:6b:ab:54:9d:7b:31:99:a4:de:
|
|
||||||
+ c9:10:c4:f4:a3:f4:6d:94:97:62:16:a5:34:65:1f:
|
|
||||||
+ 42:cd:8b:9e:e6:db:14:5d:a9:8d:19:95:8d
|
|
||||||
+*/
|
|
||||||
+static const unsigned char ecd_prime_priv521[] = {
|
|
||||||
+ 0x00, 0x44, 0x0f, 0x96, 0x31, 0xa9, 0x87, 0xf2, 0x5f, 0xbe, 0xa0, 0xbc, 0xef, 0x0c, 0xae,
|
|
||||||
+ 0x58, 0xcc, 0x5f, 0xf8, 0x44, 0x9e, 0x89, 0x86, 0x7e, 0xbf, 0xdb, 0xce, 0xcb, 0x0e, 0x20,
|
|
||||||
+ 0x10, 0x4a, 0x11, 0xec, 0x0b, 0x51, 0x1d, 0xe4, 0x91, 0xca, 0xc6, 0x40, 0xfb, 0xc6, 0x69,
|
|
||||||
+ 0xad, 0x68, 0x33, 0x9e, 0xc8, 0xf5, 0xc4, 0xc6, 0xa5, 0x93, 0xa8, 0x4d, 0xa9, 0xa9, 0xa2,
|
|
||||||
+ 0xaf, 0xfe, 0x6d, 0xcb, 0xc2, 0x3b
|
|
||||||
+};
|
|
||||||
+static const unsigned char ecd_prime_pub521[] = {
|
|
||||||
+ 0x04, 0x01, 0x5f, 0x58, 0xa9, 0x40, 0x0c, 0xee, 0x9b, 0xed, 0x4a, 0xf4, 0x7a, 0x3c, 0xa3,
|
|
||||||
+ 0x89, 0xc2, 0xf3, 0x7e, 0x2c, 0xf4, 0xb5, 0x53, 0x80, 0xae, 0x33, 0x7d, 0x36, 0xd1, 0xb5,
|
|
||||||
+ 0x18, 0xbd, 0xef, 0xa9, 0x48, 0x00, 0xea, 0x88, 0xee, 0x00, 0x5c, 0xca, 0x07, 0x08, 0xb5,
|
|
||||||
+ 0x67, 0x4a, 0xc3, 0x2b, 0x10, 0xc6, 0x07, 0xb0, 0xc2, 0x45, 0x37, 0xb7, 0x1d, 0xe3, 0x6c,
|
|
||||||
+ 0xe1, 0xbf, 0x2c, 0x44, 0x18, 0x4a, 0xaa, 0x01, 0xaf, 0x75, 0x40, 0x6a, 0xe3, 0xf5, 0xb2,
|
|
||||||
+ 0x7f, 0xd1, 0x9d, 0x1b, 0x8b, 0x29, 0x1f, 0x91, 0x4d, 0xdb, 0x93, 0xbf, 0xbd, 0x8c, 0xb7,
|
|
||||||
+ 0x6a, 0x8d, 0x4b, 0x2c, 0x36, 0x2a, 0x6b, 0xab, 0x54, 0x9d, 0x7b, 0x31, 0x99, 0xa4, 0xde,
|
|
||||||
+ 0xc9, 0x10, 0xc4, 0xf4, 0xa3, 0xf4, 0x6d, 0x94, 0x97, 0x62, 0x16, 0xa5, 0x34, 0x65, 0x1f,
|
|
||||||
+ 0x42, 0xcd, 0x8b, 0x9e, 0xe6, 0xdb, 0x14, 0x5d, 0xa9, 0x8d, 0x19, 0x95, 0x8d
|
|
||||||
+};
|
|
||||||
+static const ST_KAT_PARAM ecdsa_prime_key521[] = {
|
|
||||||
+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name521),
|
|
||||||
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub521),
|
|
||||||
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv521),
|
|
||||||
+ ST_KAT_PARAM_END()
|
|
||||||
+};
|
|
||||||
+static const unsigned char ec521r1_kat_sig[] = {
|
|
||||||
+0x30, 0x81, 0x88, 0x02, 0x42, 0x00, 0xdf, 0x64, 0x9c, 0xc8, 0x5b, 0xdd, 0x0b, 0x7f, 0x69, 0x7e,
|
|
||||||
+0xdb, 0x83, 0x58, 0x67, 0x63, 0x43, 0xb7, 0xfa, 0x40, 0x29, 0xde, 0xb9, 0xde, 0xe9, 0x96, 0x65,
|
|
||||||
+0xe6, 0x8e, 0xf4, 0xeb, 0xd0, 0xe9, 0x6a, 0xd3, 0x27, 0x6c, 0x4d, 0x60, 0x47, 0x9c, 0x62, 0xb8,
|
|
||||||
+0x6c, 0xc1, 0x36, 0x19, 0x65, 0xff, 0xab, 0xcf, 0x24, 0xa3, 0xde, 0xd1, 0x4b, 0x1b, 0xdd, 0x89,
|
|
||||||
+0xcf, 0xf8, 0x72, 0x7b, 0x92, 0xbc, 0x02, 0x02, 0x42, 0x01, 0xf8, 0x07, 0x77, 0xb8, 0xcb, 0xa2,
|
|
||||||
+0xe2, 0x1f, 0x53, 0x9a, 0x7c, 0x16, 0xb5, 0x8e, 0xad, 0xe3, 0xc3, 0xac, 0xb7, 0xb2, 0x51, 0x8f,
|
|
||||||
+0xf9, 0x09, 0x65, 0x43, 0xf8, 0xd8, 0x3c, 0xe3, 0x5c, 0x4a, 0x5e, 0x3d, 0x6f, 0xb7, 0xbb, 0x5a,
|
|
||||||
+0x92, 0x69, 0xec, 0x71, 0xa2, 0x35, 0xe5, 0x29, 0x17, 0xaf, 0xc9, 0x69, 0xa7, 0xaa, 0x94, 0xf9,
|
|
||||||
+0xf9, 0x50, 0x87, 0x7b, 0x5d, 0x87, 0xe3, 0xd6, 0x3f, 0xb6, 0x6e
|
|
||||||
+};
|
|
||||||
+static const char ecd_prime_curve_name256[] = "prime256v1";
|
|
||||||
+/*
|
|
||||||
+priv:
|
|
||||||
+ 84:88:11:3f:a9:c9:9e:23:72:8b:40:cb:a2:b1:88:
|
|
||||||
+ 01:1e:92:48:af:13:2d:9b:33:8e:6d:43:40:30:c7:
|
|
||||||
+ 30:fa
|
|
||||||
+pub:
|
|
||||||
+ 04:22:58:b6:f9:01:3b:8c:a6:9b:9f:ae:75:fc:73:
|
|
||||||
+ cf:1b:f0:81:dc:55:a3:cc:5d:81:46:85:06:32:34:
|
|
||||||
+ 99:0d:c5:7e:a1:95:bb:21:73:33:40:4b:35:17:f6:
|
|
||||||
+ 8e:26:61:46:94:2c:4c:ac:9b:20:f8:08:72:25:74:
|
|
||||||
+ 98:66:c4:63:a6
|
|
||||||
+*/
|
|
||||||
+static const unsigned char ecd_prime_priv256[] = {
|
|
||||||
+ 0x84, 0x88, 0x11, 0x3f, 0xa9, 0xc9, 0x9e, 0x23, 0x72, 0x8b, 0x40, 0xcb, 0xa2, 0xb1, 0x88,
|
|
||||||
+ 0x01, 0x1e, 0x92, 0x48, 0xaf, 0x13, 0x2d, 0x9b, 0x33, 0x8e, 0x6d, 0x43, 0x40, 0x30, 0xc7,
|
|
||||||
+ 0x30, 0xfa
|
|
||||||
+};
|
|
||||||
+static const unsigned char ecd_prime_pub256[] = {
|
|
||||||
+ 0x04, 0x22, 0x58, 0xb6, 0xf9, 0x01, 0x3b, 0x8c, 0xa6, 0x9b, 0x9f, 0xae, 0x75, 0xfc, 0x73,
|
|
||||||
+ 0xcf, 0x1b, 0xf0, 0x81, 0xdc, 0x55, 0xa3, 0xcc, 0x5d, 0x81, 0x46, 0x85, 0x06, 0x32, 0x34,
|
|
||||||
+ 0x99, 0x0d, 0xc5, 0x7e, 0xa1, 0x95, 0xbb, 0x21, 0x73, 0x33, 0x40, 0x4b, 0x35, 0x17, 0xf6,
|
|
||||||
+ 0x8e, 0x26, 0x61, 0x46, 0x94, 0x2c, 0x4c, 0xac, 0x9b, 0x20, 0xf8, 0x08, 0x72, 0x25, 0x74,
|
|
||||||
+ 0x98, 0x66, 0xc4, 0x63, 0xa6
|
|
||||||
+};
|
|
||||||
+static const ST_KAT_PARAM ecdsa_prime_key256[] = {
|
|
||||||
+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name256),
|
|
||||||
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub256),
|
|
||||||
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv256),
|
|
||||||
+ ST_KAT_PARAM_END()
|
|
||||||
+};
|
|
||||||
+static const unsigned char ec256v1_kat_sig[] = {
|
|
||||||
+0x30, 0x46, 0x02, 0x21, 0x00, 0xc9, 0x11, 0x27, 0x06, 0x51, 0x2b, 0x50, 0x8c, 0x6b, 0xc0, 0xa6,
|
|
||||||
+0x85, 0xaa, 0xf4, 0x66, 0x0d, 0xe4, 0x54, 0x0a, 0x10, 0xb6, 0x9f, 0x87, 0xfc, 0xa2, 0xbc, 0x8f,
|
|
||||||
+0x3c, 0x58, 0xb4, 0xe9, 0x41, 0x02, 0x21, 0x00, 0xc9, 0x72, 0x94, 0xa9, 0xdd, 0x52, 0xca, 0x21,
|
|
||||||
+0x82, 0x66, 0x7a, 0x68, 0xcb, 0x1e, 0x3b, 0x12, 0x71, 0x4d, 0x56, 0xb5, 0xb7, 0xdd, 0xca, 0x2b,
|
|
||||||
+0x18, 0xa3, 0xa7, 0x08, 0x0d, 0xfa, 0x9c, 0x66
|
|
||||||
+};
|
|
||||||
# ifndef OPENSSL_NO_EC2M
|
|
||||||
static const char ecd_bin_curve_name[] = "sect233r1";
|
|
||||||
static const unsigned char ecd_bin_priv[] = {
|
|
||||||
@@ -1571,8 +1715,42 @@ static const ST_KAT_SIGN st_kat_sign_tes
|
|
||||||
ecdsa_prime_key,
|
|
||||||
/*
|
|
||||||
* The ECDSA signature changes each time due to it using a random k.
|
|
||||||
- * So there is no expected KAT for this case.
|
|
||||||
+ * We provide this value in our build
|
|
||||||
+ */
|
|
||||||
+ ITM(ec224r1_kat_sig)
|
|
||||||
+ },
|
|
||||||
+ {
|
|
||||||
+ OSSL_SELF_TEST_DESC_SIGN_ECDSA,
|
|
||||||
+ "EC",
|
|
||||||
+ "SHA-256",
|
|
||||||
+ ecdsa_prime_key384,
|
|
||||||
+ /*
|
|
||||||
+ * The ECDSA signature changes each time due to it using a random k.
|
|
||||||
+ * We provide this value in our build
|
|
||||||
+ */
|
|
||||||
+ ITM(ec384r1_kat_sig)
|
|
||||||
+ },
|
|
||||||
+ {
|
|
||||||
+ OSSL_SELF_TEST_DESC_SIGN_ECDSA,
|
|
||||||
+ "EC",
|
|
||||||
+ "SHA-256",
|
|
||||||
+ ecdsa_prime_key521,
|
|
||||||
+ /*
|
|
||||||
+ * The ECDSA signature changes each time due to it using a random k.
|
|
||||||
+ * We provide this value in our build
|
|
||||||
+ */
|
|
||||||
+ ITM(ec521r1_kat_sig)
|
|
||||||
+ },
|
|
||||||
+ {
|
|
||||||
+ OSSL_SELF_TEST_DESC_SIGN_ECDSA,
|
|
||||||
+ "EC",
|
|
||||||
+ "SHA-256",
|
|
||||||
+ ecdsa_prime_key256,
|
|
||||||
+ /*
|
|
||||||
+ * The ECDSA signature changes each time due to it using a random k.
|
|
||||||
+ * We provide this value in our build
|
|
||||||
*/
|
|
||||||
+ ITM(ec256v1_kat_sig)
|
|
||||||
},
|
|
||||||
# ifndef OPENSSL_NO_EC2M
|
|
||||||
{
|
|
||||||
diff -up openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c
|
|
||||||
--- openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat 2022-05-30 14:48:53.180999124 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c 2022-05-30 14:58:52.841286228 +0200
|
|
||||||
@@ -44,6 +44,10 @@
|
|
||||||
#define S390X_OFF_RN(n) (4 * n)
|
|
||||||
#define S390X_OFF_Y(n) (4 * n)
|
|
||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+extern int REDHAT_FIPS_signature_st;
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r,
|
|
||||||
const BIGNUM *scalar,
|
|
||||||
size_t num, const EC_POINT *points[],
|
|
||||||
@@ -183,11 +187,21 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign
|
|
||||||
* because kdsa instruction constructs an in-range, invertible nonce
|
|
||||||
* internally implementing counter-measures for RNG weakness.
|
|
||||||
*/
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) {
|
|
||||||
+ BN_bn2binpad(eckey->sign_kat_k, param + S390X_OFF_RN(len), len);
|
|
||||||
+ /* Turns KDSA internal nonce-generation off. */
|
|
||||||
+ fc |= S390X_KDSA_D;
|
|
||||||
+ } else {
|
|
||||||
+#endif
|
|
||||||
if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len),
|
|
||||||
(size_t)len, 0) != 1) {
|
|
||||||
ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED);
|
|
||||||
goto ret;
|
|
||||||
}
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
} else {
|
|
||||||
/* Reconstruct k = (k^-1)^-1. */
|
|
||||||
if (ossl_ec_group_do_inverse_ord(group, k, kinv, NULL) == 0
|
|
@ -568,851 +568,3 @@ index 8c52b637fc..ff75c5b6ec 100644
|
|||||||
|
|
||||||
SKIP: {
|
SKIP: {
|
||||||
skip "No IPv4 available on this machine", 4
|
skip "No IPv4 available on this machine", 4
|
||||||
diff -up openssl-3.0.5/test/smime-certs/smdh.pem.0061 openssl-3.0.5/test/smime-certs/smdh.pem
|
|
||||||
--- openssl-3.0.5/test/smime-certs/smdh.pem.0061 2022-09-02 14:17:15.331436663 +0200
|
|
||||||
+++ openssl-3.0.5/test/smime-certs/smdh.pem 2022-09-02 14:17:15.347436804 +0200
|
|
||||||
@@ -1,47 +1,47 @@
|
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
-MIICXAIBADCCAjUGByqGSM4+AgEwggIoAoIBAQCB6AUA/1eXRh+iLWHXe+lUl6e+
|
|
||||||
-+460tAIIpsQ1jw1ZaTmlH9SlrWSBNVRVHwDuBW7vA+lKgBvDpCIjmhRbgrZIGwcZ
|
|
||||||
-6ruCYy5KF/B3AW5MApC9QCDaVrG6Hb7NfpMgwuUIKvvvOMrrvn4r5Oxtsx9rORTE
|
|
||||||
-bdS33MuZCOIbodjs5u+e/2hhssOwgUTMASDwXppJTyeMwAAZ+p78ByrSULP6yYdP
|
|
||||||
-PTh8sK1begDG6YTSKE3VqYNg1yaE5tQvCQ0U2L4qZ8JqexAVHbR8LA8MNhtA1pma
|
|
||||||
-Zj4q2WNAEevpprIIRXgJEZY278nPlvVeoKfOef9RBHgQ6ZTnZ1Et5iLMCwYHAoIB
|
|
||||||
-AFVgJaHfnBVJYfaQh1NyoVZJ5xX6UvvL5xEKUwwEMgs8JSOzp2UI+KRDpy9KbNH7
|
|
||||||
-93Kwa2d8Q7ynciDiCmd1ygF4CJKb4ZOwjWjpZ4DedHr0XokGhyBCyjaBxOi3i4tP
|
|
||||||
-EFO8YHs5B/yOZHzcpTfs2VxJqIm3KF8q0Ify9PWDAsgo+d21/+eye60FHjF9o2/D
|
|
||||||
-l3NRlOhUhHNGykfqFgKEEEof3/3c6r5BS0oRXdsu6dx/y2/v8j9aJoHfyGHkswxr
|
|
||||||
-ULSBxJENOBB89C+GET6yhbxV1e4SFwzHnXgG8bWXwk7bea6ZqXbHq0pT3kUiQeKe
|
|
||||||
-assXKqRBAG9NLbQ3mmx8RFkCHQDIVBWPf6VwBa2s1CAcsIziVJ8qr/KAKx9DZ3h5
|
|
||||||
-BB4CHAF3VZBAC/TB85J4PzsLJ+VrOWr0c8kQlYUR9rw=
|
|
||||||
+MIICXQIBADCCAjUGByqGSM4+AgEwggIoAoIBAQCCyx9ZhD6HY5xgusGDrJZJ+FdT
|
|
||||||
+e9OxD/p9DQNKqoLyJ10TAUXuycozVqDAD4v1wsOAPH0TDOX9Ns87PXgTbd6DpSJt
|
|
||||||
+F1ZLW+1pklZs2m0cLl4raOe8CZGHkSgia0wC40LAg/u/JZ6NAG2YSiFEtjbkf81l
|
|
||||||
+pvL0946LiHfHklMtSOkK3H9PkGB/KrXMITRR2P1u78AzTvc2YL7iLlCu6mV2g6v4
|
|
||||||
+ieeWprywTaZ8gp3NBMjyuRJniGCQ52jPfOvT32w/sBTIfUO+95u/eEHrTP4K+vTk
|
|
||||||
+VS3wLo5ypgrveRdALKvqkHe0qfNr5VQRk2Pt6ReH35kjiUPLZCccgJr9h80hAoIB
|
|
||||||
+AE50cpgSJBYr9+5dj+fJJcXf/KX9rttlBXyveUP+vbSm/oW443/IksO3oLMy1Raq
|
|
||||||
+tHTDBhtNrH7rSK6CDStKrMkgHsjTYkZOU85vCdrVi3UZBz0GiYO/8kQ8aLeTe3LB
|
|
||||||
+7QB0kkkUgZ7etsnNxEkz9WQwohTvGBHBFNDKDqWadP9BpNrFoDCYojit7GOZPQgt
|
|
||||||
+eEiCO8D9xu0sEXT8ZdRqWcmkTfeMRojrzxt0LpT/vUKHGsBFmUN7kH4Hy9z2LJxB
|
|
||||||
+DrYYkV3LSAweuUQKBocNI7bbbOvPByUvHVMfJBrBmwIJI3vc3091njOH53zATNNv
|
|
||||||
+ta+9S7L4zNsvbg8RtJyH8i4CHQCY12PTXj6Ipxbqq4d1Q+AoUqnN/H9lAS46teXv
|
|
||||||
+BB8CHQCGE6pxpX5lWcH6+TGLDoLo3T5L2/5KTd0tRNdj
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIFmDCCBICgAwIBAgIUWlJkHZZ2eZgkGCHFtcMAjlLdDH8wDQYJKoZIhvcNAQEL
|
|
||||||
+MIIFljCCBH6gAwIBAgIUMNF4DNf+H6AXGApe99UrJWFcAnwwDQYJKoZIhvcNAQEL
|
|
||||||
BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw
|
|
||||||
-NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
|
|
||||||
-cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgREggIzEwggNCMIICNQYHKoZIzj4C
|
|
||||||
-ATCCAigCggEBAIHoBQD/V5dGH6ItYdd76VSXp777jrS0AgimxDWPDVlpOaUf1KWt
|
|
||||||
-ZIE1VFUfAO4Fbu8D6UqAG8OkIiOaFFuCtkgbBxnqu4JjLkoX8HcBbkwCkL1AINpW
|
|
||||||
-sbodvs1+kyDC5Qgq++84yuu+fivk7G2zH2s5FMRt1Lfcy5kI4huh2Ozm757/aGGy
|
|
||||||
-w7CBRMwBIPBemklPJ4zAABn6nvwHKtJQs/rJh089OHywrVt6AMbphNIoTdWpg2DX
|
|
||||||
-JoTm1C8JDRTYvipnwmp7EBUdtHwsDww2G0DWmZpmPirZY0AR6+mmsghFeAkRljbv
|
|
||||||
-yc+W9V6gp855/1EEeBDplOdnUS3mIswLBgcCggEAVWAlod+cFUlh9pCHU3KhVknn
|
|
||||||
-FfpS+8vnEQpTDAQyCzwlI7OnZQj4pEOnL0ps0fv3crBrZ3xDvKdyIOIKZ3XKAXgI
|
|
||||||
-kpvhk7CNaOlngN50evReiQaHIELKNoHE6LeLi08QU7xgezkH/I5kfNylN+zZXEmo
|
|
||||||
-ibcoXyrQh/L09YMCyCj53bX/57J7rQUeMX2jb8OXc1GU6FSEc0bKR+oWAoQQSh/f
|
|
||||||
-/dzqvkFLShFd2y7p3H/Lb+/yP1omgd/IYeSzDGtQtIHEkQ04EHz0L4YRPrKFvFXV
|
|
||||||
-7hIXDMedeAbxtZfCTtt5rpmpdserSlPeRSJB4p5qyxcqpEEAb00ttDeabHxEWQId
|
|
||||||
-AMhUFY9/pXAFrazUIBywjOJUnyqv8oArH0NneHkDggEFAAKCAQBigH0Mp4jUMSfK
|
|
||||||
-yOhKlEfyZ/hj/EImsUYW4+u8xjBN+ruOJUTJ06Mtgw3g2iLkhQoO9NROqvC9rdLj
|
|
||||||
-+j3e+1QWm9EDNKQAa4nUp8/W+XZ5KkQWudmtaojEXD1+kd44ieNLtPGuVnPtDGO4
|
|
||||||
-zPf04IUq7tDGbMDMMn6YXvW6f28lR3gF5vvVIsnjsd/Lau6orzmNSrymXegsEsFR
|
|
||||||
-Q7hT+/tPoAtro6Hx9rBrYb/0OCiRe4YuYrFKkC0aaJfUQepVyuVMSTxxKTzq8T06
|
|
||||||
-M8SBITlmkPFZJHyGzV/+a72hpJsAa0BaDnpxH3cFpEMzeYG1XQK461zexoIYN3ub
|
|
||||||
-i3xNPUzPo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4E
|
|
||||||
-FgQULayIqKcWHtUH4pFolI6dKxycIG8wHwYDVR0jBBgwFoAUFcETIWviVV+nah1X
|
|
||||||
-INbP86lzZFkwDQYJKoZIhvcNAQELBQADggEBAKjKvvJ6Vc9HiQXACqqRZnekz2gO
|
|
||||||
-ue71nsXXDr2+y4PPpgcDzgtO3vhQc7Akv6Uyca9LY7w/X+temP63yxdLpKXTV19w
|
|
||||||
-Or0p4VEvTZ8AttMjFh4Hl8caVYk/J4TIudSXLIfKROP6sFu5GOw7W3xpBkL5Zio6
|
|
||||||
-3dqe6xAYK0woNQPDfj5yOAlqj1Ohth81JywW5h2g8GfLtNe62coAqwjMJT+ExHfU
|
|
||||||
-EkF/beSqRGOvXwyhSxFpe7HVjUMgrgdfoZnNsoPmpH3eTiF4BjamGWI1+Z0o+RHa
|
|
||||||
-oPwN+cCzbDsi9uTQJO1D5S697heX00zzzU/KSW7djNzKv55vm24znuFkXTM=
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MzM0NloXDTMyMDMz
|
|
||||||
+MTE0MzM0NlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIERIICMxMIIDQjCCAjUGByqGSM4+AgEw
|
|
||||||
+ggIoAoIBAQCCyx9ZhD6HY5xgusGDrJZJ+FdTe9OxD/p9DQNKqoLyJ10TAUXuycoz
|
|
||||||
+VqDAD4v1wsOAPH0TDOX9Ns87PXgTbd6DpSJtF1ZLW+1pklZs2m0cLl4raOe8CZGH
|
|
||||||
+kSgia0wC40LAg/u/JZ6NAG2YSiFEtjbkf81lpvL0946LiHfHklMtSOkK3H9PkGB/
|
|
||||||
+KrXMITRR2P1u78AzTvc2YL7iLlCu6mV2g6v4ieeWprywTaZ8gp3NBMjyuRJniGCQ
|
|
||||||
+52jPfOvT32w/sBTIfUO+95u/eEHrTP4K+vTkVS3wLo5ypgrveRdALKvqkHe0qfNr
|
|
||||||
+5VQRk2Pt6ReH35kjiUPLZCccgJr9h80hAoIBAE50cpgSJBYr9+5dj+fJJcXf/KX9
|
|
||||||
+rttlBXyveUP+vbSm/oW443/IksO3oLMy1RaqtHTDBhtNrH7rSK6CDStKrMkgHsjT
|
|
||||||
+YkZOU85vCdrVi3UZBz0GiYO/8kQ8aLeTe3LB7QB0kkkUgZ7etsnNxEkz9WQwohTv
|
|
||||||
+GBHBFNDKDqWadP9BpNrFoDCYojit7GOZPQgteEiCO8D9xu0sEXT8ZdRqWcmkTfeM
|
|
||||||
+Rojrzxt0LpT/vUKHGsBFmUN7kH4Hy9z2LJxBDrYYkV3LSAweuUQKBocNI7bbbOvP
|
|
||||||
+ByUvHVMfJBrBmwIJI3vc3091njOH53zATNNvta+9S7L4zNsvbg8RtJyH8i4CHQCY
|
|
||||||
+12PTXj6Ipxbqq4d1Q+AoUqnN/H9lAS46teXvA4IBBQACggEAJP4Vy6vcIa7jLa93
|
|
||||||
+DWeT0pxe4zeYXxRWbvS7reLoZcBIhH253/QfXj+0UhcjtAa5A2X519anBuetUern
|
|
||||||
+ecBmHO9vAj9F7J6feK+pUxE8cl793gmWzcGijMXCuRorW7GZ3XBTuQbWaJLtxB4a
|
|
||||||
+rS54+CFMUfqR5coxGrraGPGjR9P6YCpJgWL74yxiQVzjEdwPLEz/0ehKeDkSvuj8
|
|
||||||
+Ixe06fY0eA9sfxx7+4lm2Jhw7XaIfguo8mgrfWjBzkkT2mcAHss/fdKcXNYrg+A+
|
|
||||||
+xgApPiyuy7S4YkQSsdV5Ns8UFttBCuojzEuWQ49fMZcv/rIHSHSxpbg2Sdka+d6h
|
|
||||||
+wOQHK6NgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYE
|
|
||||||
+FLG7SOccVVRWmPw87GRrYH/NCegTMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaI
|
|
||||||
+qSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQB9J2dIIbIAiB8ToXJcyO7HRPhdWC/Y
|
|
||||||
+TE8cqeL+JiWNvIMB9fl2gOx6gj2h+yEr3lCpK/XDoWOs576UScS/vvs6fOjFHfkb
|
|
||||||
+L4i9nHXD2KizXkM2hr9FzTRXd9c3XXLyB9t1z38qcpOMxoxAbnH8hWLQDPjFdArC
|
|
||||||
+KWIqK/Vqxz4ZcIveM9GcVf78FU2DbQF4pwHjO9TsG7AbXiV4PXyJK75W5okAbZmQ
|
|
||||||
+EmMmVXEJdXSOS4prP8DCW/LYJ5UddsVZba2BCHD3c1c2YTA4GsP3ZMoXvQoyj0L2
|
|
||||||
+/xazs/AS373Of6H0s00itRTFABxve1I7kE5dQdc3oZjn6A/DbfjYUmr5
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff -up openssl-3.0.5/test/smime-certs/smdsa1.pem.0061 openssl-3.0.5/test/smime-certs/smdsa1.pem
|
|
||||||
--- openssl-3.0.5/test/smime-certs/smdsa1.pem.0061 2022-09-02 14:17:15.326436618 +0200
|
|
||||||
+++ openssl-3.0.5/test/smime-certs/smdsa1.pem 2022-09-02 14:17:15.346436795 +0200
|
|
||||||
@@ -1,47 +1,47 @@
|
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
-MIICXQIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1
|
|
||||||
-i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t
|
|
||||||
-4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa
|
|
||||||
-kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg
|
|
||||||
-c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S
|
|
||||||
-8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A
|
|
||||||
-mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw
|
|
||||||
-V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7
|
|
||||||
-ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR
|
|
||||||
-CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL
|
|
||||||
-5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL
|
|
||||||
-QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX
|
|
||||||
-ygQeAhwE9yuqObvNXzUTN+PY2rg00PzdyJw3XJAUrmlY
|
|
||||||
+MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6
|
|
||||||
+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou
|
|
||||||
+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO
|
|
||||||
+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK
|
|
||||||
+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC
|
|
||||||
+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA
|
|
||||||
+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM
|
|
||||||
+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx
|
|
||||||
+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy
|
|
||||||
+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9
|
|
||||||
+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h
|
|
||||||
+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
|
|
||||||
+TQMsxQQjAiEAkolGvb/76X3vm5Ov09ezqyBYt9cdj/FLH7DyMkxO7X0=
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIFmjCCBIKgAwIBAgIUUoOmJmXAY29/2rWY0wJphQ5/pzUwDQYJKoZIhvcNAQEL
|
|
||||||
+MIIFmzCCBIOgAwIBAgIUWGMqmBZZ1ykguVDk2Whn+2uKMA0wDQYJKoZIhvcNAQEL
|
|
||||||
BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw
|
|
||||||
-NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
|
|
||||||
-cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMxMIIDQzCCAjYGByqGSM44
|
|
||||||
-BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL
|
|
||||||
-J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5
|
|
||||||
-LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd
|
|
||||||
-62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt
|
|
||||||
-MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l
|
|
||||||
-aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK
|
|
||||||
-3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b
|
|
||||||
-bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ
|
|
||||||
-9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2
|
|
||||||
-DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B
|
|
||||||
-E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV
|
|
||||||
-hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBACGS7hCpTL0g
|
|
||||||
-lx9C1Bwz5xfVd0mwCqx9UGiH8Bf4lRsSagL0Irwvnjz++WH1vecZa2bWsYsPhQ+D
|
|
||||||
-KDzaCo20CYln4IFEPgY0fSE+KTF1icFj/mD+MgxWgsgKoTI120ENPGHqHpKkv0Uv
|
|
||||||
-OlwTImU4BxxkctZ5273XEv3VPQE8COGnXgqt7NBazU/O7vibFm0iaEsVjHFHYcoo
|
|
||||||
-+sMcm3F2E/gvR9IJGaGPeCk0sMW8qloPzErWIugx/OGqM7fni2cIcZwGdju52O+l
|
|
||||||
-cLV0tZdgC7eTbVDMLspyuiYME+zvEzRwCQF/GqcCDSn68zxJv/zSNZ9XxOgZaBfs
|
|
||||||
-Na7e8YGATiujYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud
|
|
||||||
-DgQWBBSFVrWPZrHzhHUg0MMEAAKwQIfsazAfBgNVHSMEGDAWgBQVwRMha+JVX6dq
|
|
||||||
-HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAbm49FB+eyeX7OBUC/akhnkFw
|
|
||||||
-cDXqw7Fl2OibRK+g/08zp4CruwJdb72j5+pTmG+9SF7tGyQBfHFf1+epa3ZiIc+0
|
|
||||||
-UzFf2xQBMyHjesL19cTe4i176dHz8pCxx9OEow0GlZVV85+Anev101NskKVNNVA7
|
|
||||||
-YnB2xKQWgf8HORh66XVCk54xMcd99ng8xQ8vhZC6KckVbheQgdPp7gUAcDgxH2Yo
|
|
||||||
-JF8jHQlsWNcCGURDldP6FQ49TGWHj24IGjnjGapWxMUjvCz+kV6sGW/OIYu+MM9w
|
|
||||||
-FMIOyEdUUtKowWT6eXwrITup3T6pspPTicbK61ZCPuxMvP2JBFGZsqat+F5g+w==
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjA0OFoXDTMyMDMz
|
|
||||||
+MTE0MjA0OFowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMTCCA0YwggI5BgcqhkjOOAQB
|
|
||||||
+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw
|
|
||||||
+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs
|
|
||||||
+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4
|
|
||||||
+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt
|
|
||||||
+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J
|
|
||||||
+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0
|
|
||||||
+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3
|
|
||||||
+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ
|
|
||||||
+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV
|
|
||||||
+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv
|
|
||||||
+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA
|
|
||||||
+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAZdJAANu5E
|
|
||||||
+hkGOJDo2KTBmX7EQMR98gTRFZu/B/W19bHDhm9qc792PLPkV487QAgkMEItSOv0P
|
|
||||||
+faeSYgbUe7d1aBXzqSdCwzq4WIxLNj2eQkZk6UffDg0csTvymTvnFHWyDUwRmvjH
|
|
||||||
++35r95r1jgBeSUQMJxoe2kwZ4DHdkCpIp5z7NA44DvclY/X+BgcZ1jJNClC3BFOy
|
|
||||||
+HQaLmY452mgnS+k7zfFhsUJn5lkpfVFY6Ml7Y5AFG3Dvf2rWdGBrVUwsBP8sVJCx
|
|
||||||
+ITcg6nyGJZuOeK3VITqrcgjZr9odkf/Hg7OzN+a1B+Z6u3Ld5BKrduBqN/EKxxyd
|
|
||||||
+GNJst42JrNFIo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV
|
|
||||||
+HQ4EFgQU0dBhM47Fpn83rw6nGqMcq5q3DqwwHwYDVR0jBBgwFoAUyZFTCmN7FluL
|
|
||||||
+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAC3W5L4plRWiaX03PncMHnaL
|
|
||||||
+sp48+2jJen4avzNpRZF/bTQ621x/KLWelbMzBTMxU6jtU1LwCvsiOTSenUZ6W5vq
|
|
||||||
+TGy6nwkMUrBN0nHmymVz5v40VBLtc2/5xF9UBZ1GMnmYko+d7VHBD6qu4hpi6OD1
|
|
||||||
+3Z2kxCRaZ87y3IbVnl6zqdqxDxKCj4Ca+TT6AApm/MYVwpuvCVmuXrBBvJYTFFeZ
|
|
||||||
+2J90jHlQep2rAaZu41oiIlmQUEf9flV0iPYjj+Pqdzr9ovWVbqt7l1WKOBDYdzJW
|
|
||||||
+fQ8TvFSExkDQsDc0nkkLIfJBFUFuOpNmODvq+Ac8AGUBnl/Z3pAV4KVnnobIXHw=
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff -up openssl-3.0.5/test/smime-certs/smdsa2.pem.0061 openssl-3.0.5/test/smime-certs/smdsa2.pem
|
|
||||||
--- openssl-3.0.5/test/smime-certs/smdsa2.pem.0061 2022-09-02 14:17:15.332436671 +0200
|
|
||||||
+++ openssl-3.0.5/test/smime-certs/smdsa2.pem 2022-09-02 14:17:15.347436804 +0200
|
|
||||||
@@ -1,47 +1,47 @@
|
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
-MIICXQIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1
|
|
||||||
-i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t
|
|
||||||
-4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa
|
|
||||||
-kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg
|
|
||||||
-c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S
|
|
||||||
-8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A
|
|
||||||
-mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw
|
|
||||||
-V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7
|
|
||||||
-ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR
|
|
||||||
-CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL
|
|
||||||
-5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL
|
|
||||||
-QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX
|
|
||||||
-ygQeAhwmRauZi+nQ3kQ+GSKD7JCwv8XkD9NObMGlW018
|
|
||||||
+MIICZAIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6
|
|
||||||
+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou
|
|
||||||
+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO
|
|
||||||
+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK
|
|
||||||
+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC
|
|
||||||
+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA
|
|
||||||
+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM
|
|
||||||
+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx
|
|
||||||
+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy
|
|
||||||
+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9
|
|
||||||
+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h
|
|
||||||
+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
|
|
||||||
+TQMsxQQiAiAdCUJ5n2Q9hIynN8BMpnRcdfH696BKejGx+2Mr2kfnnA==
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIFmjCCBIKgAwIBAgIUHGKu2FMhT1wCiJTK3uAnklo55uowDQYJKoZIhvcNAQEL
|
|
||||||
+MIIFmzCCBIOgAwIBAgIUXgHGnvOCmrOH9biRq3yTCcDsliUwDQYJKoZIhvcNAQEL
|
|
||||||
BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw
|
|
||||||
-NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
|
|
||||||
-cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMyMIIDQzCCAjYGByqGSM44
|
|
||||||
-BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL
|
|
||||||
-J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5
|
|
||||||
-LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd
|
|
||||||
-62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt
|
|
||||||
-MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l
|
|
||||||
-aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK
|
|
||||||
-3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b
|
|
||||||
-bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ
|
|
||||||
-9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2
|
|
||||||
-DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B
|
|
||||||
-E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV
|
|
||||||
-hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBAE0+OYS0s8/o
|
|
||||||
-HwuuiPsBZTlRynqdwF6FHdE0Ei2uVTxnJouPYB2HvaMioG2inbISzPtEcnLF9Pyx
|
|
||||||
-4hsXz7D49yqyMFjE3G8ObBOs/Vdno6E9ZZshWiRDwPf8JmoYp551UuJDoVaOTnhx
|
|
||||||
-pEs30nuidtqd54PMdWUQPfp58kTu6bXvcRxdUj5CK/PyjavJCnGfppq/6j8jtrji
|
|
||||||
-mOjIIeLZIbWp7hTVS/ffmfqZ8Lx/ShOcUzDa0VS3lfO28XqXpeqbyHdojsYlG2oA
|
|
||||||
-shKJL7/scq3ab8cI5QuHEIGSbxinKfjCX4OEQ04CNsgUwMY9emPSaNdYDZOPqq/K
|
|
||||||
-3bGk2PLcRsyjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud
|
|
||||||
-DgQWBBTQAQyUCqYWGo5RuwGCtHNgXgzEQzAfBgNVHSMEGDAWgBQVwRMha+JVX6dq
|
|
||||||
-HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAc3rayE2FGgG1RhLXAHYAs1Ky
|
|
||||||
-4fcVcrzaPaz5jjWbpBCStkx+gNcUiBf+aSxNrRvUoPOSwMDLpMhbNBj2cjJqQ0W1
|
|
||||||
-oq4RUQth11qH89uPtBqiOqRTdlWAGZJbUTtVfrlc58DsDxFCwdcktSDYZwlO2lGO
|
|
||||||
-vMCOn9N7oqEEuwRa++xVnYc8ZbY8lGwJD3bGR6iC7NkYk+2LSqPS52m8e0GO8dpf
|
|
||||||
-RUrndbhmtsYa925dj2LlI218F3XwVcAUPW67dbpeEVw5OG8OCHRHqrwBEJj2PMV3
|
|
||||||
-tHeNXDEhjTzI3wiFia4kDBAKIsrC/XQ4tEiFzq0V00BiVY0ykhy+v/qNPskTsg==
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjIyNloXDTMyMDMz
|
|
||||||
+MTE0MjIyNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMjCCA0YwggI5BgcqhkjOOAQB
|
|
||||||
+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw
|
|
||||||
+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs
|
|
||||||
+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4
|
|
||||||
+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt
|
|
||||||
+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J
|
|
||||||
+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0
|
|
||||||
+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3
|
|
||||||
+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ
|
|
||||||
+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV
|
|
||||||
+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv
|
|
||||||
+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA
|
|
||||||
+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAi1CUW7S3s
|
|
||||||
+zDUcdE667AotL4SHZY01k/3owtBPKA5WWqBolj7WYkvO+X/nUssfph7NfS3z1nYO
|
|
||||||
+b/dI4kR02t1sgS21u7mvPKZfEWFzy5ohhkWFJPfyhDAk6MzzAWK0BARJ7r/0dmOR
|
|
||||||
+7EypKrH+vloQpNosGKeoDUElEjvZKjX/V2/w/30Vq88AN2PxXt8BxxF4oRAqd+fA
|
|
||||||
+DuaucP46UioUoWffAIaTxLDu1In2DqOAIj7MXCsqfbD7D6Ki386DGX3IwC0qYB3r
|
|
||||||
+z0gBmvkY8+9XbLQo6iAKJRiBJNJrBmGv6uPIVq98jl0FbMyri0rH/MCLown7qEYm
|
|
||||||
+MnyMehP0kA+Zo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV
|
|
||||||
+HQ4EFgQUZrHDTiSqm594ZkL5NMGrygydfKswHwYDVR0jBBgwFoAUyZFTCmN7FluL
|
|
||||||
+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBADhpm4d9pgdWTiX1ci4qxOat
|
|
||||||
+MK+eAc3y8dwjacwiTD94fFy+MFzItAI2msF+ILXDCYDUpFZpBjlCNRzMu/ETghJx
|
|
||||||
+53g4Hg6ioYmtLcYIAFQVIz4skdgV8npztK3ZQMSN3dcateZBf8KaEdP+cRtQs4IW
|
|
||||||
+Y+EAZ6Fve2j/kz1x/cmhSFQdWhhS+WzYUCY+FLWDXMuNLh7rDWy1t8VaRHLBU4TU
|
|
||||||
+q6W/qDaN2e6dKrzjEkqUstdGZ+JAkAZ+6CIABEnHeco1dEQUU5Atry7djeRhY68r
|
|
||||||
+us++ajRd6DLWXrD4KePyTYSPc7rAcbBBYSwe48cTxlPfKItTCrRXmWJHCCZ0UBA=
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff -up openssl-3.0.5/test/smime-certs/smdsa3.pem.0061 openssl-3.0.5/test/smime-certs/smdsa3.pem
|
|
||||||
--- openssl-3.0.5/test/smime-certs/smdsa3.pem.0061 2022-09-02 14:17:15.334436689 +0200
|
|
||||||
+++ openssl-3.0.5/test/smime-certs/smdsa3.pem 2022-09-02 14:17:15.348436813 +0200
|
|
||||||
@@ -1,47 +1,47 @@
|
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
-MIICXgIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1
|
|
||||||
-i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t
|
|
||||||
-4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa
|
|
||||||
-kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg
|
|
||||||
-c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S
|
|
||||||
-8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A
|
|
||||||
-mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw
|
|
||||||
-V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7
|
|
||||||
-ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR
|
|
||||||
-CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL
|
|
||||||
-5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL
|
|
||||||
-QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX
|
|
||||||
-ygQfAh0AkfI6533W5nBIVrDPcp2DCXC8u2SIwBob6OoK5A==
|
|
||||||
+MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6
|
|
||||||
+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou
|
|
||||||
+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO
|
|
||||||
+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK
|
|
||||||
+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC
|
|
||||||
+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA
|
|
||||||
+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM
|
|
||||||
+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx
|
|
||||||
+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy
|
|
||||||
+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9
|
|
||||||
+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h
|
|
||||||
+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
|
|
||||||
+TQMsxQQjAiEArJr6p2zTbhRppQurHGTdmdYHqrDdZH4MCsD9tQCw1xY=
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIFmjCCBIKgAwIBAgIUO2QHMd9V/S6KlrFDIPd7asRP4FAwDQYJKoZIhvcNAQEL
|
|
||||||
+MIIFmzCCBIOgAwIBAgIUMMzeluWS9FTgzFM2PCI6rSt0++QwDQYJKoZIhvcNAQEL
|
|
||||||
BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw
|
|
||||||
-NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
|
|
||||||
-cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMzMIIDQzCCAjYGByqGSM44
|
|
||||||
-BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL
|
|
||||||
-J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5
|
|
||||||
-LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd
|
|
||||||
-62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt
|
|
||||||
-MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l
|
|
||||||
-aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK
|
|
||||||
-3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b
|
|
||||||
-bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ
|
|
||||||
-9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2
|
|
||||||
-DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B
|
|
||||||
-E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV
|
|
||||||
-hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBAEj25Os9f57G
|
|
||||||
-TaxsP8NzdCRBThCLqZWqLADh6S/aFOQQFpRRk3vGkvrOK/5La8KGKIDyzCEQo7Kg
|
|
||||||
-sPwI1o4N5GKx15Cer2ekDWLtP4hA2CChs4tWJzEa8VxIDTg4EUnASFCbfDUY/Yt0
|
|
||||||
-5NM4nxtBhnr6PT7XmRehEFaTAgmsQFJ29jKx4tJkr+Gmj9J4i10CPd9DvIgIEnNt
|
|
||||||
-rYMAlfbGovaZVCgKp5INVA4IkDfCcbzDeNiOGaACeV+4QuEbgIbUhMq9vbw3Vvqe
|
|
||||||
-jwozPdrTYjd7oNxx/tY7gqxFRFxdDPXPno230afsAJsHmNF7lpj9Q4vBhy8w/EI1
|
|
||||||
-jGzuiXjei9qjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud
|
|
||||||
-DgQWBBTwbCT+wSR9cvTg70jA2yIWgQSDZjAfBgNVHSMEGDAWgBQVwRMha+JVX6dq
|
|
||||||
-HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAe5t9oi8K76y+wnV6I21vKgEh
|
|
||||||
-M6DEe3+XTq10kAgYbcbMm+a6n86beaID7FANGET+3bsShxFeAX9g4Qsdw+Z3PF3P
|
|
||||||
-wvqiBD8MaXczj28zP6j9TxsjGzpAsV3xo1n7aQ+hHzpopJUxAyx4hLBqSSwdj/xe
|
|
||||||
-azELeVKoXY/nlokXnONWC5AvtfR7m7mKFPOmUghbeGCJH7+FXnC58eiF7BEpSbQl
|
|
||||||
-SniAdQFis+Dne6/kwZnQQaSDg55ELfaZOLhaLcRtqqgU+kv24mXGGEBhs9bBKMz5
|
|
||||||
-ZNiKLafE3tCGRA5iMRwzdeSgrdnkQDHFiYXh3JHk5oKwGOdxusgt3DTHAFej1A==
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjI0MloXDTMyMDMz
|
|
||||||
+MTE0MjI0MlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMzCCA0YwggI5BgcqhkjOOAQB
|
|
||||||
+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw
|
|
||||||
+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs
|
|
||||||
+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4
|
|
||||||
+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt
|
|
||||||
+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J
|
|
||||||
+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0
|
|
||||||
+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3
|
|
||||||
+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ
|
|
||||||
+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV
|
|
||||||
+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv
|
|
||||||
+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA
|
|
||||||
+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQBxe+1+Il8h
|
|
||||||
+nTCAak3vZl4asn2axRc7GjDvDd8Ns/yvyd9WQE1t+FryvHR5jp9REVVnMg53wQcY
|
|
||||||
+rKlwfWBLp5k25x/OCwfWDmvlxFqExmaAZcEQGxauHYhoMbtVIq372CHPbsQqCMBA
|
|
||||||
+LPIdAvkUImBHanty/RXhJGqCIAZiUnX3WTZa0s6xV3yRf/+OPWXxNSATtOqm5ISl
|
|
||||||
+pLJDifMlE6llZmk3VHAWYJRFF7KQAFT83OKf/6tme9munxahdJcSrF4HiZKFFJof
|
|
||||||
+nvEWckKlHAonipLa6EBPMloofu+7reTcON+1tIFWH7fZhfC0dz4EaOzxLZoO0Jbc
|
|
||||||
+W0MDtnonwEjFo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV
|
|
||||||
+HQ4EFgQUwnFq0MQUIQUaXi6iJBDXTnQm71EwHwYDVR0jBBgwFoAUyZFTCmN7FluL
|
|
||||||
+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAJNW/oEmpz6jZ7EjUkHhxDXR
|
|
||||||
+egsZVjBO+E2hPCciEoZaM6jIDYphrCVbdOOyy1RvLBv3SRblaECmInsRpCNwf5B5
|
|
||||||
+OaGN3hdsvx23IKnLJ7EKDauIOGhkzCMWjO8tez48UL0Wgta0+TpuiOT+UBoKb9fw
|
|
||||||
+f0f4ab9wD9pED7ghMKlwI6/oppS4PrhwYS2nwYwGXpmgu6QZDln/cgoU7cQV7r3J
|
|
||||||
+deMCpKGPyS429B9mUxlggZYvvJOm35ZiI7UAcGhJWIUrdXBxqx3DQ3CSf75vGP87
|
|
||||||
+2vn6ZoXRXSLfE48GpUtQzP6/gZti68vZrHdzKWTyZxMs4+PGoHrW5hbNDsghKDs=
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff -up openssl-3.0.5/test/smime-certs/smec1.pem.0061 openssl-3.0.5/test/smime-certs/smec1.pem
|
|
||||||
--- openssl-3.0.5/test/smime-certs/smec1.pem.0061 2022-09-02 14:17:15.325436610 +0200
|
|
||||||
+++ openssl-3.0.5/test/smime-certs/smec1.pem 2022-09-02 14:17:15.345436786 +0200
|
|
||||||
@@ -1,22 +1,22 @@
|
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgdOomk0EB/oWMnTZB
|
|
||||||
-Qm5XMjlKnZNF4PMpwgov0Tj3u8OhRANCAATbG6XprSqHiD9AxWJiXRFgS+y38DGZ
|
|
||||||
-7hpSjs4bd95L+Lli+O91/lUy7Tb8aJ6VU2CoyWQjV4sQjbdVqeD+y4Ky
|
|
||||||
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgXzBRX9Z5Ib4LAVAS
|
|
||||||
+DMlYvkj0SmLmYvWULe2LfyXRmpWhRANCAAS+SIj2FY2DouPRuNDp9WVpsqef58tV
|
|
||||||
+3gIwV0EOV/xyYTzZhufZi/aBcXugWR1x758x4nHus2uEuEFi3Mr3K3+x
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIICrTCCAZWgAwIBAgIUdLT4B443vbxt0B8Mzy0sR4+6AyowDQYJKoZIhvcNAQEL
|
|
||||||
+MIICqzCCAZOgAwIBAgIUZsuXIOmILju0nz1jVSgag5GrPyMwDQYJKoZIhvcNAQEL
|
|
||||||
BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw
|
|
||||||
-NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
|
|
||||||
-cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgRUMgIzEwWTATBgcqhkjOPQIBBggq
|
|
||||||
-hkjOPQMBBwNCAATbG6XprSqHiD9AxWJiXRFgS+y38DGZ7hpSjs4bd95L+Lli+O91
|
|
||||||
-/lUy7Tb8aJ6VU2CoyWQjV4sQjbdVqeD+y4Kyo2AwXjAMBgNVHRMBAf8EAjAAMA4G
|
|
||||||
-A1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUOia9H7l0qw3ftsDgEEeSBrHwQrwwHwYD
|
|
||||||
-VR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZIhvcNAQELBQADggEB
|
|
||||||
-AC7h/QkMocYANPqMQAO2okygG+OaE4qpKnlzHPUFMYedJGCvAWrwxu4hWL9T+hZo
|
|
||||||
-qilM7Fwaxw/P4Zaaa15SOOhXkIdn9Fu2ROmBQtEiklmWGMjiZ6F+9NCZPk0cTAXK
|
|
||||||
-2WQZOy41YNuvts+20osD4X/8x3fiARlokufj/TVyE73wG8pSSDh4KxWDfKv5Pi1F
|
|
||||||
-PC5IJh8XVELnFkeY3xjtoux5AYT+1xIQHO4eBua02Y1oPiWG7l/sK3grVlxrupd9
|
|
||||||
-pXowwFlezWZP9q12VlWkcqwNb9hF9PkZge9bpiOJipSYgyobtAnms/CRHu3e6izl
|
|
||||||
-LJRua7p4Wt/8GQENDrVkHqU=
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjUyNFoXDTMyMDMz
|
|
||||||
+MTE0MjUyNFowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMxMFkwEwYHKoZIzj0CAQYIKoZI
|
|
||||||
+zj0DAQcDQgAEvkiI9hWNg6Lj0bjQ6fVlabKnn+fLVd4CMFdBDlf8cmE82Ybn2Yv2
|
|
||||||
+gXF7oFkdce+fMeJx7rNrhLhBYtzK9yt/saNgMF4wDAYDVR0TAQH/BAIwADAOBgNV
|
|
||||||
+HQ8BAf8EBAMCBeAwHQYDVR0OBBYEFH/JvELYMj4nJ2HHUUyA9sxOYvNHMB8GA1Ud
|
|
||||||
+IwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQCp
|
|
||||||
+sSEupiqT7S6oPS/5qtRF6POyxmhkH/Eh+RJitOODutxneJh+NdDqAQAOCexqcsF9
|
|
||||||
+1BH9hB/H6b3mS4CbcRG6R/EwzqMPUgy8OYXTrqWI9jzMKGyrBo59QFfGrwP1h8hj
|
|
||||||
+weVOVQU1iOloWPOfvMHehjX1Wt79/6BMMBvw+2qXXLAw2xpLFa4lU6HSoTiwoS5R
|
|
||||||
+mimrHnZ9tQZb54bsvdrW84kV3u1FIQ5G7jAduu97Wfr3eZGaJhW1MZLeoL7Z4Usy
|
|
||||||
+hRd2TJ6bZanb+wUJBcHOeW5ETj9MPtPsGIp8vETmY5XDm4UlX6tp4gAe4oeoIXFQ
|
|
||||||
+V5ASvNRiGWIJK5XF+zRY
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff -up openssl-3.0.5/test/smime-certs/smec2.pem.0061 openssl-3.0.5/test/smime-certs/smec2.pem
|
|
||||||
--- openssl-3.0.5/test/smime-certs/smec2.pem.0061 2022-09-02 14:17:15.330436654 +0200
|
|
||||||
+++ openssl-3.0.5/test/smime-certs/smec2.pem 2022-09-02 14:17:15.347436804 +0200
|
|
||||||
@@ -1,23 +1,23 @@
|
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
-MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAEkuzLBwx5bIw3Q2PMNQ
|
|
||||||
-HzaY8yL3QLjzaJ8tCHrI/JTb9Q7VoUwDSgAEAu8b2HvLzKd0qhPtIw65Lh3OgF3X
|
|
||||||
-IN5874qHwt9zPSvokijSAH3v9tcBJPdRLD3Lweh2ZPn5hMwVwVorHqSgASk5vnjp
|
|
||||||
-HqER
|
|
||||||
+MIGPAgEAMBAGByqGSM49AgEGBSuBBAAQBHgwdgIBAQQjhHaq507MOBznelrLG/pl
|
|
||||||
+brnnJi/iEJUUp+Pm3PEiteXqckmhTANKAAQF2zs6vobmoT+M+P2+9LZ7asvFBNi7
|
|
||||||
+uCzLYF/8j1Scn/spczoC9vNzVhNw+Lg7dnjNL4EDIyYZLl7E0v69luzbvy+q44/8
|
|
||||||
+6bQ=
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIICsjCCAZqgAwIBAgIUFMjrNKt+D8tzvn7jtjZ5HrLcUlswDQYJKoZIhvcNAQEL
|
|
||||||
+MIICsDCCAZigAwIBAgIUWJSICrM9ZdmN6/jF/PoKng63XR0wDQYJKoZIhvcNAQEL
|
|
||||||
BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw
|
|
||||||
-NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
|
|
||||||
-cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgRUMgIzIwXjAQBgcqhkjOPQIBBgUr
|
|
||||||
-gQQAEANKAAQC7xvYe8vMp3SqE+0jDrkuHc6AXdcg3nzviofC33M9K+iSKNIAfe/2
|
|
||||||
-1wEk91EsPcvB6HZk+fmEzBXBWisepKABKTm+eOkeoRGjYDBeMAwGA1UdEwEB/wQC
|
|
||||||
-MAAwDgYDVR0PAQH/BAQDAgXgMB0GA1UdDgQWBBSqWRYUy2syIUwfSR31e19LeNXK
|
|
||||||
-9TAfBgNVHSMEGDAWgBQVwRMha+JVX6dqHVcg1s/zqXNkWTANBgkqhkiG9w0BAQsF
|
|
||||||
-AAOCAQEASbh+sI03xUMMzPT8bRbWNF5gG3ab8IUzqm05rTa54NCPRSn+ZdMXcCFz
|
|
||||||
-5fSU0T1dgEjeD+cCRVAZxskTZF7FWmRLc2weJMf7x+nPE5KaWyRAoD7FIKGP2m6m
|
|
||||||
-IMCVOmiafuzmHASBYOz6RwjgWS0AWES48DJX6o0KpuT4bsknz+H7Xo+4+NYGCRao
|
|
||||||
-enqIMZmWesGVXJ63pl32jUlXeAg59W6PpV2L9XRWLzDW1t1q2Uji7coCWtNjkojZ
|
|
||||||
-rv0yRMc1czkT+mAJRAJ8D9MoTnRXm1dH4bOxte4BGUHNQ2P1HeV01vkd1RTL0g0R
|
|
||||||
-lPyDAlBASvMn7RZ9nX8G3UOOL6gtVA==
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjgxOVoXDTMyMDMz
|
|
||||||
+MTE0MjgxOVowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMyMF4wEAYHKoZIzj0CAQYFK4EE
|
|
||||||
+ABADSgAEBds7Or6G5qE/jPj9vvS2e2rLxQTYu7gsy2Bf/I9UnJ/7KXM6Avbzc1YT
|
|
||||||
+cPi4O3Z4zS+BAyMmGS5exNL+vZbs278vquOP/Om0o2AwXjAMBgNVHRMBAf8EAjAA
|
|
||||||
+MA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUZ/5BJCWQ3bQ+w03vH6OZAgkENxcw
|
|
||||||
+HwYDVR0jBBgwFoAUyZFTCmN7FluLvUTwdoipJObltmwwDQYJKoZIhvcNAQELBQAD
|
|
||||||
+ggEBACMGL6tuV/1lfrnx7TN/CnWdLEp55AlmzJ3MT9dXSOO1/df/fO3uAiiBNMyQ
|
|
||||||
+Rcf4vOeBZEk/Xq6GIaAbuuT5ECg50uopEGjUDR9sRWC5yiw2CRQ5ZWTcqMapv+E5
|
|
||||||
+7/1/tpaVHy+ZkJpbTV6O9gogEPy6uoft+tsel6NFoAj9ulkjuX9TortkVGPTfedd
|
|
||||||
+oevI32G3z4L4Gv1PCZvFMwEIiAuFDZBbD86gw7rH4BNihRujJRhpnxeRu8zJYB60
|
|
||||||
+cNeR2N7humdUy5uZnj6YHy3g2j0EDKOITHydIvL1KkSlihQrxEX5kMRr9RWRyFXJ
|
|
||||||
+/UfNk+5Y3g5Mm642MLvjBEUqurw=
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff -up openssl-3.0.5/test/smime-certs/smroot.pem.0061 openssl-3.0.5/test/smime-certs/smroot.pem
|
|
||||||
--- openssl-3.0.5/test/smime-certs/smroot.pem.0061 2022-09-02 14:17:15.329436645 +0200
|
|
||||||
+++ openssl-3.0.5/test/smime-certs/smroot.pem 2022-09-02 14:17:15.346436795 +0200
|
|
||||||
@@ -1,49 +1,49 @@
|
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDZLSl8LdU54OUA
|
|
||||||
-T8ctFuKLShJul2IMzaEDkFLoL4agccajgvsRxW+8vbc2Re0y1mVMvfNz7Cg5a7Ke
|
|
||||||
-iSuFJOrQtvDt+HkU5c706YDmw15mBpDSHapkXr80G/ABFbstWafOfagVW45wv65K
|
|
||||||
-H4cnpcqwrLhagmC8QG0KfWbf+Z2efOxaGu/dTNA3Cnq/BQGTdlkQ28xbrvd+Ubzg
|
|
||||||
-cY4Y/hJ7Fw1/IeEhgr/iVJhQIUAklp9B+xqDfWuxIt5mNwWWh/Lfk+UxqE99EhQR
|
|
||||||
-0YZWyIKfKzbeJLBzDqY2hQzVL6kAvY9cR1WbBItTA0G2F5qZ9B/3EHEFWZMBvobt
|
|
||||||
-+UTEkuBdAgMBAAECggEAF3Eagz7nPyIZVdlGpIVN2r8aEjng6YTglmPjrxBCNdtS
|
|
||||||
-F6AxvY9UKklIF2Gg4tXlhU0TlDWvedM4Koif2/VKK1Ez3FvvpePQXPs/YKlB7T1U
|
|
||||||
-MHnnRII9nUBOva88zv5YcJ97nyKM03q9M18H1a29nShnlc1w56EEpBc5HX/yFYMv
|
|
||||||
-kMYydvB5j0DQkJlkQNFn4yRag0wIIPeyXwwh5l98SMlr40hO10OYTOQPrrgP/ham
|
|
||||||
-AOZ//DvGo5gF8hGJYoqG4vcYbxRfTqbc2lQ4XRknOT182l9gRum52ahkBY6LKb4r
|
|
||||||
-IZXPStS6fCAR5S0lcdBb3uN/ap9SUfb9w/Dhj5DZAQKBgQDr06DcsBpoGV2dK9ib
|
|
||||||
-YL5MxC5JL7G79IBPi3ThRiOSttKXv3oDAFB0AlJvFKwYmVz8SxXqQ2JUA4BfvMGF
|
|
||||||
-TNrbhukzo0ou5boExnQW/RjLN3fWVq1JM7iLbNU9YYpPCIG5LXrt4ZDOwITeGe8f
|
|
||||||
-bmZK9zxWxc6BBJtc3mTFS5tm4QKBgQDrwRyEn6oZ9TPbR69fPgWvDqQwKs+6TtYn
|
|
||||||
-0otMG9UejbSMcyU4sI+bZouoca2CzoNi2qZVIvI9aOygUHQAP7Dyq1KhsvYtzJub
|
|
||||||
-KEua379WnzBMMjJ56Q/e4aKTq229QvOk+ZEYl6aklZX7xnYetYNZQrp4QzUyOQTG
|
|
||||||
-gfxgxKi0/QKBgQCy1esAUJ/F366JOS3rLqNBjehX4c5T7ae8KtJ433qskO4E29TI
|
|
||||||
-H93jC7u9txyHDw5f2QUGgRE5Cuq4L2lGEDFMFvQUD7l69QVrB6ATqt25hhffuB1z
|
|
||||||
-DMDfIqpXAPgk1Rui9SVq7gqlb4OS9nHLESqLoQ/l8d2XI4o6FACxSZPQoQKBgQCR
|
|
||||||
-8AvwSUoqIXDFaB22jpVEJYMb0hSfFxhYtGvIZF5MOJowa0L6UcnD//mp/xzSoXYR
|
|
||||||
-pppaj3R28VGxd7wnP0YRIl7XfAoKleMpbAtJRwKR458pO9WlQ9GwPeq/ENqw0xYx
|
|
||||||
-5M+d8pqUvYiHv/X00pYJllYKBkiS21sKawLJAFQTHQKBgQCJCwVHxvxkdQ8G0sU2
|
|
||||||
-Vtv2W38hWOSg5+cxa+g1W6My2LhX34RkgKzuaUpYMlWGHzILpxIxhPrVLk1ZIjil
|
|
||||||
-GIP969XJ1BjB/kFtLWdxXG8tH1If3JgzfSHUofPHF3CENoJYEZ1ugEfIPzWPZJDI
|
|
||||||
-DL5zP8gmBL9ZAOO/J9YacxWYMQ==
|
|
||||||
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyyQXED5HyVWwq
|
|
||||||
+nXyzmY317yMUJrIfsKvREG2C691dJNHgNg+oq5sjt/fzkyS84AvdOiicAsao4cYL
|
|
||||||
+DulthaLpbC7msEBhvwAil0FNb5g3ERupe1KuTdUV1UuD/i6S2VoaNXUBBn1rD9Wc
|
|
||||||
+BBc0lnx/4Wt92eQTI6925pt7ZHPQw2Olp7TQDElyi5qPxCem4uT0g3zbZsWqmmsI
|
|
||||||
+MXbu+K3dEprzqA1ucKXbxUmZNkMwVs2XCmlLxrRUj8C3/zENtH17HWCznhR/IVcV
|
|
||||||
+kgIuklkeiDsEhbWvUQumVXR7oPh/CPZAbjGqq5mVueHSHrp7brBVZKHZvoUka28Q
|
|
||||||
+LWitq1W5AgMBAAECggEASkRnOMKfBeOmQy2Yl6K57eeg0sYgSDnDpd0FINWJ5x9c
|
|
||||||
+b58FcjOXBodtYKlHIY6QXx3BsM0WaSEge4d+QBi7S+u8r+eXVwNYswXSArDQsk9R
|
|
||||||
+Bl5MQkvisGciL3pvLmFLpIeASyS/BLJXMbAhU58PqK+jT2wr6idwxBuXivJ3ichu
|
|
||||||
+ISdT1s2aMmnD86ulCD2DruZ4g0mmk5ffV+Cdj+WWkyvEaJW2GRYov2qdaqwSOxV4
|
|
||||||
+Yve9qStvEIWAf2cISQjbnw2Ww6Z5ebrqlOz9etkmwIly6DTbrIneBnoqJlFFWGlF
|
|
||||||
+ghuzc5RE2w1GbcKSOt0qXH44MTf/j0r86dlu7UIxgQKBgQDq0pEaiZuXHi9OQAOp
|
|
||||||
+PsDEIznCU1bcTDJewANHag5DPEnMKLltTNyLaBRulMypI+CrDbou0nDr29VOzfXx
|
|
||||||
+mNvi/c7RttOBOx7kXKvu0JUFKe2oIWRsg0KsyMX7UFMVaHFgrW+8DhQc7HK7URiw
|
|
||||||
+nitOnA7YwIHRF9BMmcWcLFEYBQKBgQDC6LPbXV8COKO0YCfGXPnE7EZGD/p0Q92Z
|
|
||||||
+8CoSefphEScSdO1IpxFXG7fOZ4x2GQb9q7D3IvaeKAqNjUjkuyxdB30lIWDBwSWw
|
|
||||||
+fFgsa2SZwD5P60G/ar50YJr6LiF333aUMDVmC9swFfZERAEmGUz2NTrPWQdIx/lu
|
|
||||||
+PyDtUR75JQKBgHaoCCJ8vl5SJl1IA5GV4Bo8IoeLTSzsY9d09zMy6BoZcMD1Ix2T
|
|
||||||
+5S2cXhayoegl9PT6bsYSGHVWFCdJ86ktMI826TcXRzDaCvYhzc9THroJQcnfdbtP
|
|
||||||
+aHWezkv7fsAmkoPjn75K7ubeo+r7Q5qbkg6a1PW58N8TRXIvkackzaVxAoGBALAq
|
|
||||||
+qh3U+AHG9dgbrPeyo6KkuCOtX39ks8/mbfCDRZYkbb9V5f5r2tVz3R93IlK/7jyr
|
|
||||||
+yWimtmde46Lrl33922w+T5OW5qBZllo9GWkUrDn3s5qClcuQjJIdmxYTSfbSCJiK
|
|
||||||
+NkmE39lHkG5FVRB9f71tgTlWS6ox7TYDYxx83NTtAoGAUJPAkGt4yGAN4Pdebv53
|
|
||||||
+bSEpAAULBHntiqDEOu3lVColHuZIucml/gbTpQDruE4ww4wE7dOhY8Q4wEBVYbRI
|
|
||||||
+vHkSiWpJUvZCuKG8Foh5pm9hU0qb+rbQV7NhLJ02qn1AMGO3F/WKrHPPY8/b9YhQ
|
|
||||||
+KfvPCYimQwBjVrEnSntLPR0=
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIDezCCAmOgAwIBAgIUBxh2L3ItsVPuBogDI0WfUX1lFnMwDQYJKoZIhvcNAQEL
|
|
||||||
+MIIDeTCCAmGgAwIBAgIUF/2lFo3fH3uYuFalQVSIFqcYtd4wDQYJKoZIhvcNAQEL
|
|
||||||
BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw
|
|
||||||
-NTEwMTUzMzEzWjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
|
|
||||||
-cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgUlNBIFJvb3QwggEiMA0GCSqGSIb3DQEB
|
|
||||||
-AQUAA4IBDwAwggEKAoIBAQDZLSl8LdU54OUAT8ctFuKLShJul2IMzaEDkFLoL4ag
|
|
||||||
-ccajgvsRxW+8vbc2Re0y1mVMvfNz7Cg5a7KeiSuFJOrQtvDt+HkU5c706YDmw15m
|
|
||||||
-BpDSHapkXr80G/ABFbstWafOfagVW45wv65KH4cnpcqwrLhagmC8QG0KfWbf+Z2e
|
|
||||||
-fOxaGu/dTNA3Cnq/BQGTdlkQ28xbrvd+UbzgcY4Y/hJ7Fw1/IeEhgr/iVJhQIUAk
|
|
||||||
-lp9B+xqDfWuxIt5mNwWWh/Lfk+UxqE99EhQR0YZWyIKfKzbeJLBzDqY2hQzVL6kA
|
|
||||||
-vY9cR1WbBItTA0G2F5qZ9B/3EHEFWZMBvobt+UTEkuBdAgMBAAGjYzBhMB0GA1Ud
|
|
||||||
-DgQWBBQVwRMha+JVX6dqHVcg1s/zqXNkWTAfBgNVHSMEGDAWgBQVwRMha+JVX6dq
|
|
||||||
-HVcg1s/zqXNkWTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkq
|
|
||||||
-hkiG9w0BAQsFAAOCAQEAvdAmpDPi1Wt7Hk30dXKF7Ug6MUKETi+uoO1Suo9JhNko
|
|
||||||
-/cpvoi8fbo/dnWVDfHVoItEn644Svver5UJdKJY62DvhilpCtAywYfCpgxkpKoKE
|
|
||||||
-dnpjnRBSMcbVDImsqvf1YjzFKiOiD7kcVvz4V0NZY91ZWwu3vgaSvcTJQkpWN0a+
|
|
||||||
-LWanpVKqigl8nskttnBeiHDHGebxj3hawlIdtVlkbQwLLwlVkX99x1F73uS33IzB
|
|
||||||
-Y6+ZJ2is7mD839B8fOVd9pvPvBBgahIrw5tzJ/Q+gITuVQd9E6RVXh10/Aw+i/8S
|
|
||||||
-7tHpEUgP3hBk1P+wRQBWDxbHB28lE+41jvh3JObQWQ==
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDE1MloXDTMyMDUy
|
|
||||||
+MDE0MDE1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MIIBIjANBgkqhkiG9w0BAQEF
|
|
||||||
+AAOCAQ8AMIIBCgKCAQEAsskFxA+R8lVsKp18s5mN9e8jFCayH7Cr0RBtguvdXSTR
|
|
||||||
+4DYPqKubI7f385MkvOAL3ToonALGqOHGCw7pbYWi6Wwu5rBAYb8AIpdBTW+YNxEb
|
|
||||||
+qXtSrk3VFdVLg/4uktlaGjV1AQZ9aw/VnAQXNJZ8f+FrfdnkEyOvduabe2Rz0MNj
|
|
||||||
+pae00AxJcouaj8QnpuLk9IN822bFqpprCDF27vit3RKa86gNbnCl28VJmTZDMFbN
|
|
||||||
+lwppS8a0VI/At/8xDbR9ex1gs54UfyFXFZICLpJZHog7BIW1r1ELplV0e6D4fwj2
|
|
||||||
+QG4xqquZlbnh0h66e26wVWSh2b6FJGtvEC1oratVuQIDAQABo2MwYTAdBgNVHQ4E
|
|
||||||
+FgQUyZFTCmN7FluLvUTwdoipJObltmwwHwYDVR0jBBgwFoAUyZFTCmN7FluLvUTw
|
|
||||||
+doipJObltmwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
|
|
||||||
+hvcNAQELBQADggEBAFUbNCqSA5JTIk4wkLiDxs6sGVgSGS/XyFurT5WtyLwR6eiN
|
|
||||||
+r1Osq3DrF1805xzOjFfk3yYk2ctMMMXVEfXZavfNWgGSyUi6GrS+X1+y5snMpP7Z
|
|
||||||
+tFlb7iXxiSn5lUE1IS3y9bAlWUwTnOwdX2RuALVAzQ6oAvGIIOhb7FTkMqwsQBDx
|
|
||||||
+kBA9sgdCKv4d7zgFGdDMh1PGuia7+ZPWS9Nt3+WfRKzy4cf2p8+FTWkv1z7PtCSo
|
|
||||||
+bZySoXgav6WYGdA0VZY29HzVWC5d/LwSkeJr7pw09UjXBPnrDHbJRa+4JpwwsMT2
|
|
||||||
+b1E+cp36aagmQW97e8dCf3VzZWcD2bNJ9QM59d8=
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff -up openssl-3.0.5/test/smime-certs/smrsa1.pem.0061 openssl-3.0.5/test/smime-certs/smrsa1.pem
|
|
||||||
--- openssl-3.0.5/test/smime-certs/smrsa1.pem.0061 2022-09-02 14:17:15.328436636 +0200
|
|
||||||
+++ openssl-3.0.5/test/smime-certs/smrsa1.pem 2022-09-02 14:17:15.346436795 +0200
|
|
||||||
@@ -1,49 +1,49 @@
|
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDax3T7alefZcbm
|
|
||||||
-CcdN0kEoBLwV8H25vre43RYjuPo64TBjeKUy27ayC1TXydF1eYm3HPrFYfkS0fZ6
|
|
||||||
-YK0xvwyxiQnesvcfnVe2fpXFPsl5RQvu1JKM7rJAuLC+YTRLez07IHhQnHQ25ZkR
|
|
||||||
-+B4SL5mIhuOSJ9yyFJYJQ3Kdw/aX/jtnWVR8p3FyghJptWIm90ufW4xWFY0yNSW1
|
|
||||||
-KmkZuOWF7VPh5RC1C7woB/RHhyD2gOP7tF+eDJ/QbX4iki4gPRFHuNrSV8ZpvDkI
|
|
||||||
-qqyF5BW8tyJneDkoWW8IuEpmNIzfbOCHvI6y7roeAmRrwH4/o5WxaEIsnQ/3pNvj
|
|
||||||
-n6+vA+nfAgMBAAECggEAFR5MHQQYCYjDXoDoI7YdgwA+AFIoGLjKYZu5yjX4tZv3
|
|
||||||
-gJ/si7sTaMlY5cGTU1HUPirxIVeCjv4Eha31BJ3KsGJ9jj6Gm0nOuzd/O+ctKeRv
|
|
||||||
-2/HaDvpFlk4dsCrlkjmxteuS9u5l9hygniWYutcBwjY0cRnMScZcm0VO+DVVMDj0
|
|
||||||
-9yNrFzhlmqV+ckawjK/J91r0uvnCVIsGA6akhlc5K0gwvFb/CC1WuceEeGx/38k3
|
|
||||||
-4OuiHtLyJfIlgyGD8C3QfJlMOBHeQ/DCo6GMqrOAad/chtcO7JklcJ+k2qylP2gu
|
|
||||||
-e25NJCQVh+L32b9WrH3quH6fbLIg8a8MmUWl6te3FQKBgQDddu0Dp8R8fe2WnAE5
|
|
||||||
-oXdASAf2BpthRNqUdYpkkO7gOV0MXCKIEiGZ+WuWEYmNlsXZCJRABprqLw9O/5Td
|
|
||||||
-2q+rCbdG9mSW2x82t/Ia4zd3r0RSHZyKbtOLtgmWfQkwVHy+rED8Juie5bNzHbjS
|
|
||||||
-1mYtFP2KDQ5yZA95yFg8ZtXOawKBgQD85VOPnfXGOJ783JHepAn4J2x1Edi+ZDQ+
|
|
||||||
-Ml9g2LwetI46dQ0bF6V8RtcyWp0+6+ydX5U4JKhERFDivolD7Z1KFmlNLPs0cqSX
|
|
||||||
-5g5kzTD+R+zpr9FRragYKyLdHsLP0ur75Rh5FQkUl2DmeKCMvMKAkio0cduVpVXT
|
|
||||||
-SvWUBtkHXQKBgBy4VoZZ1GZcolocwx/pK6DfdoDWXIIhvsLv91GRZhkX91QqAqRo
|
|
||||||
-zYi9StF8Vr1Q5zl9HlSrRp3GGpMhG/olaRCiQu1l+KeDpSmgczo/aysPRKntgyaE
|
|
||||||
-ttRweA/XCUEGQ+MqTYcluJcarMnp+dUFztxb04F6rfvxs/wUGjVDFMkfAoGBAK+F
|
|
||||||
-wx9UtPZk6gP6Wsu58qlnQ2Flh5dtGM1qTMR86OQu0OBFyVjaaqL8z/NE7Qp02H7J
|
|
||||||
-jlmvJ5JqD/Gv6Llau+Zl86P66kcWoqJCrA7OU4jJBueSfadA7gAIQGRUK0Xuz+UQ
|
|
||||||
-tpGjRfAiuMB9TIEhqaVuzRglRhBw9kZ2KkgZEJyJAoGBANrEpEwOhCv8Vt1Yiw6o
|
|
||||||
-co96wYj+0LARJXw6rIfEuLkthBRRoHqQMKqwIGMrwjHlHXPnQmajONzIJd+u+OS4
|
|
||||||
-psCGetAIGegd3xNVpK2uZv9QBWBpQbuofOh/c2Ctmm2phL2sVwCZ0qwIeXuBwJEc
|
|
||||||
-NOlOojKDO+dELErpShJgFIaU
|
|
||||||
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDXr9uzB/20QXKC
|
|
||||||
+xhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK2bcj54XB26i1kXuOrxID
|
|
||||||
+3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt+W6lSd6Hmfrk4GmE9LTU
|
|
||||||
+/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JFYg4c7qt5RCk/w8kwrQ0D
|
|
||||||
+orQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSebvt0APeqgRxSpCxqYnHs
|
|
||||||
+CoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxMkjpJSv3/ekDG2CHYxXSH
|
|
||||||
+XxpJstxZAgMBAAECggEASY4xsJaTEPwY3zxLqPdag2/yibBBW7ivz/9p80HQTlXp
|
|
||||||
+KnbxXj8nNXLjCytAZ8A3P2t316PrrTdLP4ML5lGwkM4MNPhek00GY79syhozTa0i
|
|
||||||
+cPHVJt+5Kwee/aVI9JmCiGAczh0yHyOM3+6ttIZvvXMVaSl4BUHvJ0ikQBc5YdzL
|
|
||||||
+s6VM2gCOR6K6n+39QHDI/T7WwO9FFSNnpWFOCHwAWtyBMlleVj+xeZX8OZ/aT+35
|
|
||||||
+27yjsGNBftWKku29VDineiQC+o+fZGJs6w4JZHoBSP8TfxP8fRCFVNA281G78Xak
|
|
||||||
+cEnKXwZ54bpoSa3ThKl+56J6NHkkfRGb8Rgt/ipJYQKBgQD5DKb82mLw85iReqsT
|
|
||||||
+8bkp408nPOBGz7KYnQsZqAVNGfehM02+dcN5z+w0jOj6GMPLPg5whlEo/O+rt9ze
|
|
||||||
+j6c2+8/+B4Bt5oqCKoOCIndH68jl65+oUxFkcHYxa3zYKGC9Uvb+x2BtBmYgvDRG
|
|
||||||
+ew6I2Q3Zyd2ThZhJygUZpsjsbQKBgQDdtNiGTkgWOm+WuqBI1LT5cQfoPfgI7/da
|
|
||||||
+ZA+37NBUQRe0cM7ddEcNqx7E3uUa1JJOoOYv65VyGI33Ul+evI8h5WE5bupcCEFk
|
|
||||||
+LolzbMc4YQUlsySY9eUXM8jQtfVtaWhuQaABt97l+9oADkrhA+YNdEu2yiz3T6W+
|
|
||||||
+msI5AnvkHQKBgDEjuPMdF/aY6dqSjJzjzfgg3KZOUaZHJuML4XvPdjRPUlfhKo7Q
|
|
||||||
+55/qUZ3Qy8tFBaTderXjGrJurc+A+LiFOaYUq2ZhDosguOWUA9yydjyfnkUXZ6or
|
|
||||||
+sbvSoM+BeOGhnezdKNT+e90nLRF6cQoTD7war6vwM6L+8hxlGvqDuRNFAoGAD4K8
|
|
||||||
+d0D4yB1Uez4ZQp8m/iCLRhM3zCBFtNw1QU/fD1Xye5w8zL96zRkAsRNLAgKHLdsR
|
|
||||||
+355iuTXAkOIBcJCOjveGQsdgvAmT0Zdz5FBi663V91o+IDlryqDD1t40CnCKbtRG
|
|
||||||
+hng/ruVczg4x7OYh7SUKuwIP/UlkNh6LogNreX0CgYBQF9troLex6X94VTi1V5hu
|
|
||||||
+iCwzDT6AJj63cS3VRO2ait3ZiLdpKdSNNW2WrlZs8FZr/mVutGEcWho8BugGMWST
|
|
||||||
+1iZkYwly9Xfjnpd0I00ZIlr2/B3+ZsK8w5cOW5Lpb7frol6+BkDnBjbNZI5kQndn
|
|
||||||
+zQpuMJliRlrq/5JkIbH6SA==
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIDeTCCAmGgAwIBAgIUM6U1Peo3wzfAJIrzINejJJfmRzkwDQYJKoZIhvcNAQEL
|
|
||||||
+MIIDdzCCAl+gAwIBAgIUNrEw2I4NEV0Nbo7AVOF9z4mPBiYwDQYJKoZIhvcNAQEL
|
|
||||||
BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw
|
|
||||||
-NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
|
|
||||||
-cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMxMIIBIjANBgkqhkiG9w0B
|
|
||||||
-AQEFAAOCAQ8AMIIBCgKCAQEA2sd0+2pXn2XG5gnHTdJBKAS8FfB9ub63uN0WI7j6
|
|
||||||
-OuEwY3ilMtu2sgtU18nRdXmJtxz6xWH5EtH2emCtMb8MsYkJ3rL3H51Xtn6VxT7J
|
|
||||||
-eUUL7tSSjO6yQLiwvmE0S3s9OyB4UJx0NuWZEfgeEi+ZiIbjkifcshSWCUNyncP2
|
|
||||||
-l/47Z1lUfKdxcoISabViJvdLn1uMVhWNMjUltSppGbjlhe1T4eUQtQu8KAf0R4cg
|
|
||||||
-9oDj+7Rfngyf0G1+IpIuID0RR7ja0lfGabw5CKqsheQVvLciZ3g5KFlvCLhKZjSM
|
|
||||||
-32zgh7yOsu66HgJka8B+P6OVsWhCLJ0P96Tb45+vrwPp3wIDAQABo2AwXjAMBgNV
|
|
||||||
-HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUHw4Us7FXwgLtZ1JB
|
|
||||||
-MOAHSkNYfEkwHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI
|
|
||||||
-hvcNAQELBQADggEBAAMAXEjTNo7evn6BvfEaG2q21q9xfFear/M0zxc5xcTj+WP+
|
|
||||||
-BKrlxXg5RlVFyvmzGhwZBERsDMJYa54aw8scDJsy/0zPdWST39dNev7xH13pP8nF
|
|
||||||
-QF4MGPKIqBzX8iDCqhz70p1w2ndLjz1dvsAqn6z9/Sh3T2kj6DfZY3jA49pMEim1
|
|
||||||
-vYd4lWa5AezU3+cLtBbo2c2iyG2W7SFpnNTjLX823f9rbVPnUb93ZI/tDXDIf5hL
|
|
||||||
-0hocZs+MWdC7Ly1Ru4PXa6+DeOM0z673me/Q27e24OBbG2eq5g7eW5euxJinGkpI
|
|
||||||
-XGGKTKrBCPxSdTtwSNHU9HsggT8a0wXL2QocZ3w=
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDczN1oXDTMyMDMz
|
|
||||||
+MTE0MDczN1owRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMTCCASIwDQYJKoZIhvcNAQEB
|
|
||||||
+BQADggEPADCCAQoCggEBANev27MH/bRBcoLGGR82cm+XbGXWHN05ytCYCqj4AABw
|
|
||||||
+D8Pj0ia4kNVBForZtyPnhcHbqLWRe46vEgPf961RvzK51/Hw4BXCHwbTFUDjOGvy
|
|
||||||
+5dbzlba0Gvi/Qu35bqVJ3oeZ+uTgaYT0tNT+/OX0dQ9bpJlKE3UbSdjqh5Re8uLS
|
|
||||||
+9qwRQq/drnVPokViDhzuq3lEKT/DyTCtDQOitDAJ2Q48QiILhv6c9K0XXZJWblvH
|
|
||||||
+yttjOKjG5j891J5u+3QA96qBHFKkLGpicewKg14fNKsZdw/QI7MV5Q7Pa12uGYfT
|
|
||||||
+0ktsZmziduiM/EySOklK/f96QMbYIdjFdIdfGkmy3FkCAwEAAaNgMF4wDAYDVR0T
|
|
||||||
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFOaNz6WtNC5jH9UE4EaM
|
|
||||||
+y+59qO+EMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3
|
|
||||||
+DQEBCwUAA4IBAQBMz3Ef3U0blTGhfP9HIBq09fWCgUN3aDDLZ/B6biFfWM87wlAm
|
|
||||||
+CdIuy2jhiEt8Ld8U9y8dbO7c2gzHBGc9FhScBkfQInrbhSctXL/r/wOc0divK9rq
|
|
||||||
+oXL2cL/CFfzcYPWNN3w6JAJyOhkhWnqF+/0T8+NdiRLE3a9NfX3a83GpfBVccYKQ
|
|
||||||
+kKKeVIw2K1dYbtlSo1HwOckxqUzN00IPs3xC8U9KNXKy7o0kdetKhk70DzXQ64j0
|
|
||||||
+EcmXxqPaCkgo3fl9z9nzKlWhg/qIi/1Bd1bpMP8IXAPEURDqhi0KI0w9GPCQRjfY
|
|
||||||
+7NwXrLEayBoL8TNxcJ3FwdI20+bmhhILBZgO
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff -up openssl-3.0.5/test/smime-certs/smrsa2.pem.0061 openssl-3.0.5/test/smime-certs/smrsa2.pem
|
|
||||||
--- openssl-3.0.5/test/smime-certs/smrsa2.pem.0061 2022-09-02 14:17:15.333436680 +0200
|
|
||||||
+++ openssl-3.0.5/test/smime-certs/smrsa2.pem 2022-09-02 14:17:15.347436804 +0200
|
|
||||||
@@ -1,49 +1,49 @@
|
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDkoMi4sqj2mN8j
|
|
||||||
-SaFAibXEfeYYrzBHIdCm/uaXWit81fXOSFVw1rbeAppxz7bOcSEN50lpdP2UX3/b
|
|
||||||
-FYFD3exHXjvch9NPNgQaNkCqTNTuYa2L9wrpltXnon7tH3W/zZfF+/qpUSu1f6rk
|
|
||||||
-GyxjVXxLwjIawCX0rbLcdFCVVy+EyvQkvSxXjafrDMzshWzPDbtjUv3SH6avqrPn
|
|
||||||
-4NX0fv3BdBwTfDLAw/m8nN+9B9Mg0V7UNM1IJY/Vo5pLhv+MrEf8SnAS+1Wt43rT
|
|
||||||
-3PY9iMZMMWUswdgmPY0yCN95ggwNrSMGV60yvEDxINWuJoR8s0lybDdFa+AB5v4T
|
|
||||||
-hqKpspFNAgMBAAECggEAZmWu0K5QJ7Y7Rlo9ayLicsFyk36vUESQZ6MF0ybzEEPi
|
|
||||||
-BkR2ZAX+vDuNQckm1pprlAcRZbactl35bT3Z+fQE1cgaZoC8/x6xwq2m0796pNPB
|
|
||||||
-v0zjqdBBOLAaSgjLm56wyd88GqZ8vZsTBnw3KrxIYcP13e5OcaJ0V/GOf/yfD0lg
|
|
||||||
-Tq9i7V5Iq++Fpo2KvJA8FMgqcfhvhdo40rRykoBfzEZpBk4Ia/Yijsbx5sE15pFZ
|
|
||||||
-DfmsMbD+vViuM8IavHo61mBNyYeydwlgIMqUgP/6xbYUov/XSUojrLG+IQuvDx9D
|
|
||||||
-xzTHGM+IBJxQZMza/mDVcjUAcDEjWt/Mve8ibTQCbwKBgQDyaiGsURtlf/8xmmvT
|
|
||||||
-RQQFFFsJ8SXHNYmnceNULIjfDxpLk1yC4kBNUD+liAJscoVlOcByHmXQRtnY1PHq
|
|
||||||
-AwyrwplGd82773mtriDVFSjhD+GB7I0Hv2j+uiFZury0jR/6/AsWKCtTqd0opyuB
|
|
||||||
-8rGZjguiwZIjeyxd8mL1dncUHwKBgQDxcNxHUvIeDBvAmtK65xWUuLcqtK9BblBH
|
|
||||||
-YVA7p93RqX4E+w3J0OCvQRQ3r1GCMMzFEO0oOvNfMucU4rbQmx1pbzF8aQU+8iEW
|
|
||||||
-kYpaWUbPUQ2hmBblhjGYHsigt/BrzaW0QveVIWcGiyVVX9wiCzJH5moJlCRK2oHR
|
|
||||||
-B36hdlmNEwKBgQCSlWSpOx4y4RQiHXtn9Eq6+5UVTPGIJTKIwxAwnQFiyFIhMwl0
|
|
||||||
-x3UUixsBcF3uz80j6akaGJF+QOmH+TQTSibGUdS3TMhmBSfxwuJtlu7yMNUu6Chb
|
|
||||||
-b/4AUfLKvGVRVCjrbq8Rhda1L3jhFTz0xhlofgFBOIWy2M96O5BlV24oBwKBgQDs
|
|
||||||
-cf93ZfawkGEZVUXsPeQ3mlHe48YCCPtbfCSr13B3JErCq+5L52AyoUQgaHQlUI8o
|
|
||||||
-qrPmQx0V7O662G/6iP3bxEYtNVgq1cqrpGpeorGi1BjKWPyLWMj21abbJmev21xc
|
|
||||||
-1XxLMsQHd3tfSZp2SIq8OR09NjP4jla1k2Ziz1lRuwKBgQCUJXjhW4dPoOzC7DJK
|
|
||||||
-u4PsxcKkJDwwtfNudVDaHcbvvaHELTAkE2639vawH0TRwP6TDwmlbTQJP4EW+/0q
|
|
||||||
-13VcNXVAZSruA9dvxlh4vNUH3PzTDdFIJzGVbYbV9p5t++EQ7gRLuLZqs99BOzM9
|
|
||||||
-k6W9F60mEFz1Owh+lQv7WfSIVA==
|
|
||||||
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcYC4tS2Uvn1Z2
|
|
||||||
+iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iFAzAnwqR/UB1R67ETrsWq
|
|
||||||
+V8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFpcXepPWQacpuBq2VvcKRD
|
|
||||||
+lDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS0PZ9EZB63T1gmwaK1Rd5
|
|
||||||
+U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1NcojhptIWyI0r7dgn5J3
|
|
||||||
+NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0EFWyQf7iDxGaA93Y9ePB
|
|
||||||
+Jv5iFZVZAgMBAAECggEBAILIPX856EHb0KclbhlpfY4grFcdg9LS04grrcTISQW1
|
|
||||||
+J3p9nBpZ+snKe6I8Yx6lf5PiipPsSLlCliHiWpIzJZVQCkAQiSPiHttpEYgP2IYI
|
|
||||||
+dH8dtznkdVbLRthZs0bnnPmpHCpW+iqpcYJ9eqkz0cvUNUGOjjWmwWmoRqwp/8CW
|
|
||||||
+3S1qbkQiCh0Mk2fQeGar76R06kXQ9MKDEj14zyS3rJX+cokjEoMSlH8Sbmdh2mJz
|
|
||||||
+XlNZcvqmeGJZwQWgbVVHOMUuZaKJiFa+lqvOdppbqSx0AsCRq6vjmjEYQEoOefYK
|
|
||||||
+3IJM9IvqW5UNx0Cy4kQdjhZFFwMO/ALD3QyF21iP4gECgYEA+isQiaWdaY4UYxwK
|
|
||||||
+Dg+pnSCKD7UGZUaCUIv9ds3CbntMOONFe0FxPsgcc4jRYQYj1rpQiFB8F11+qXGa
|
|
||||||
+P/IHcnjr2+mTrNY4I9Bt1Lg+pHSS8QCgzeueFybYMLaSsXUo7tGwpvw6UUb6/YWI
|
|
||||||
+LNCzZbrCLg1KZjGODhhxtvN45ZkCgYEA4YNSe+GMZlxgsvxbLs86WOm6DzJUPvxN
|
|
||||||
+bWmni0+Oe0cbevgGEUjDVc895uMFnpvlgO49/C0AYJ+VVbStjIMgAeMnWj6OZoSX
|
|
||||||
+q49rI8KmKUxKgORZiiaMqGWQ7Rxv68+4S8WANsjFxoUrE6dNV3uYDIUsiSLbZeI8
|
|
||||||
+38KVTcLohcECgYEAiOdyWHGq0G4xl/9rPUCzCMsa4velNV09yYiiwBZgVgfhsawm
|
|
||||||
+hQpOSBZJA60XMGqkyEkT81VgY4UF4QLLcD0qeCnWoXWVHFvrQyY4RNZDacpl87/t
|
|
||||||
+QGO2E2NtolL3umesa+2TJ/8Whw46Iu2llSjtVDm9NGiPk5eA7xPPf1iEi9kCgYAb
|
|
||||||
+0EmVE91wJoaarLtGS7LDkpgrFacEWbPnAbfzW62UENIX2Y1OBm5pH/Vfi7J+vHWS
|
|
||||||
+8E9e0eIRCL2vY2hgQy/oa67H151SkZnvQ/IP6Ar8Xvd1bDSK8HQ6tMQqKm63Y9g0
|
|
||||||
+KDjHCP4znOsSMnk8h/bZ3HcAtvbeWwftBR/LBnYNQQKBgA1leIXLLHRoX0VtS/7e
|
|
||||||
+y7Xmn7gepj+gDbSuCs5wGtgw0RB/1z/S3QoS2TCbZzKPBo20+ivoRP7gcuFhduFR
|
|
||||||
+hT8V87esr/QzLVpjLedQDW8Xb7GiO3BsU/gVC9VcngenbL7JObl3NgvdreIYo6+n
|
|
||||||
+yrLyf+8hjm6H6zkjqiOkHAl+
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIDeTCCAmGgAwIBAgIUTMQXiTcI/rpzqO91NyFWpjLE3KkwDQYJKoZIhvcNAQEL
|
|
||||||
+MIIDdzCCAl+gAwIBAgIUdWyHziJTdWjooy8SanPMwLxNsPEwDQYJKoZIhvcNAQEL
|
|
||||||
BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw
|
|
||||||
-NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
|
|
||||||
-cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMyMIIBIjANBgkqhkiG9w0B
|
|
||||||
-AQEFAAOCAQ8AMIIBCgKCAQEA5KDIuLKo9pjfI0mhQIm1xH3mGK8wRyHQpv7ml1or
|
|
||||||
-fNX1zkhVcNa23gKacc+2znEhDedJaXT9lF9/2xWBQ93sR1473IfTTzYEGjZAqkzU
|
|
||||||
-7mGti/cK6ZbV56J+7R91v82Xxfv6qVErtX+q5BssY1V8S8IyGsAl9K2y3HRQlVcv
|
|
||||||
-hMr0JL0sV42n6wzM7IVszw27Y1L90h+mr6qz5+DV9H79wXQcE3wywMP5vJzfvQfT
|
|
||||||
-INFe1DTNSCWP1aOaS4b/jKxH/EpwEvtVreN609z2PYjGTDFlLMHYJj2NMgjfeYIM
|
|
||||||
-Da0jBletMrxA8SDVriaEfLNJcmw3RWvgAeb+E4aiqbKRTQIDAQABo2AwXjAMBgNV
|
|
||||||
-HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUSJ0v3SKahe6eKssR
|
|
||||||
-rBvYLBprFTgwHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI
|
|
||||||
-hvcNAQELBQADggEBAKoyszyZ3DfCOIVzeJrnScXuMvRkVqO5aGmgZxtY9r6gPk8v
|
|
||||||
-gXaEFXDKqRbGqEnuwEjpew+SVZO8nrVpdIP7fydpufy7Cu91Ev4YL1ui5Vc66+IK
|
|
||||||
-7dXV7eZYcH/dDJBPZddHx9vGhcr0w8B1W9nldM3aQE/RQjOmMRDc7/Hnk0f0RzJp
|
|
||||||
-LA0adW3ry27z2s4qeCwkV9DNSh1KoGfcLwydBiXmJ1XINMFH/scD4pk9UeJpUL+5
|
|
||||||
-zvTaDzUmzLsI1gH3j/rlzJuNJ7EMfggKlfQdit9Qn6+6Gjk6T5jkZfzcq3LszuEA
|
|
||||||
-EFtkxWyBmmEgh4EmvZGAyrUvne1hIIksKe3iJ+E=
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDkyNVoXDTMyMDMz
|
|
||||||
+MTE0MDkyNVowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMjCCASIwDQYJKoZIhvcNAQEB
|
|
||||||
+BQADggEPADCCAQoCggEBANxgLi1LZS+fVnaIOC1+QkDm0CqBs3pfjIrTZG1UfnF6
|
|
||||||
+RX37r55O3/1L6IUDMCfCpH9QHVHrsROuxapXy73EuDl8cjAiSa73/o/fVRT1yCE7
|
|
||||||
+snWVyuEe+igdoWlxd6k9ZBpym4GrZW9wpEOUN9WZ0znPp5Ld1Jk9M4ww//GTieFk
|
|
||||||
+HyZzDbuqJxw+J5LQ9n0RkHrdPWCbBorVF3lT3g+XT7OkOqFWK5eYF+IgNaOPPQHM
|
|
||||||
+ecdLPlGDhLehcXU1yiOGm0hbIjSvt2Cfknc3ELiSAp2PPKzGjqJZ3ScuDPuHSNR2
|
|
||||||
+Pv0Q6Kzh+D0bh/QQVbJB/uIPEZoD3dj148Em/mIVlVkCAwEAAaNgMF4wDAYDVR0T
|
|
||||||
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFPRqunJgwdcM9Uvsy/MT
|
|
||||||
+6XHvUvuyMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3
|
|
||||||
+DQEBCwUAA4IBAQBz02v4hd+EjW5NaMubkqPbgUTDRKdRq1RZM+C6m1MTMKy+8zTD
|
|
||||||
+QSKRCFf0UmSPMsdTArry9x15fmHIJW21F3bw4ISeVXRyzBhOnrGKXUt2Lg9c2MLa
|
|
||||||
+9C394ex0vw4ZGSNkrIARbM3084Chegs4PLMWLFam1H5J6wpvH8iXXYvhESW98luv
|
|
||||||
+i3HVQzqLXw7/9XHxf8RnrRcy/WhAA+KegAQMGHTo5KPLliXtypYdCxBHNcmOwJlR
|
|
||||||
+pSOp6fxhiRKN5DzcBPHOE/brZc4aNGgBHZgGg1g1Wb2lAylopgJrbyNkhEEwHVNM
|
|
||||||
+1uLCnXKV1nX+EiMKkhSV761ozdhMGljYb+GE
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
diff -up openssl-3.0.5/test/smime-certs/smrsa3.pem.0061 openssl-3.0.5/test/smime-certs/smrsa3.pem
|
|
||||||
--- openssl-3.0.5/test/smime-certs/smrsa3.pem.0061 2022-09-02 14:17:15.327436627 +0200
|
|
||||||
+++ openssl-3.0.5/test/smime-certs/smrsa3.pem 2022-09-02 14:17:15.346436795 +0200
|
|
||||||
@@ -1,49 +1,49 @@
|
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD5A/t3norj/167
|
|
||||||
-toKG1Ygtg3G+pZ4Nwl5a9flnm8JdSMW5TEEP1TSvDVIEuAVi7xqoAn6heypoaMkB
|
|
||||||
-GJ+AoSo9R7umdhhq2vnmWFNsdH6oDzynVXixyURo81YrN3sn9Xd55ivTiSpZXldi
|
|
||||||
-ECr2T0BYvOw0h497bPs6gY9LqgrBHNYVF3lFhdOmYWv+2qSdti+1gV3t24pv1CrK
|
|
||||||
-2AdX5Epdd5jR+eNnt+suZqoPC0hTcNjszJLcfDYFXHva9BcE0DfrgcYSmoSBU53M
|
|
||||||
-jt63TClK6ZoVcPJ7vXjFRHncvs1/d+nc9BdL9FsGI1ezspSwcJHqex2wgo76yDrq
|
|
||||||
-DE4s23rPAgMBAAECggEAEDi+VWD5VUpjD5zWOoPQiRDGBJBhtMAKkl6okxEmXvWb
|
|
||||||
-Xz3STFnjHgA1JFHW3bRU9BHI9k8vSHmnlnkfKb3V/ZX5IHNcKCHb/x9NBak+QLVQ
|
|
||||||
-0zLtfE9vxiTC0B/oac+MPaiD4hYFQ81pFwK6VS0Poi8ZCBJtOkRqfUvsyV8zZrgh
|
|
||||||
-/6cs4mwOVyZPFRgF9eWXYv7PJz8pNRizhII0iv9H/r2I3DzsZLPCg7c29mP+I/SG
|
|
||||||
-A7Pl82UXjtOc0KurGY2M5VheZjxJT/k/FLMkWY2GS5n6dfcyzsVSKb25HoeuvQsI
|
|
||||||
-vs1mKs+Onbobdc17hCcKVJzbi3DwXs5XDhrEzfHccQKBgQD88uBxVCRV31PsCN6I
|
|
||||||
-pKxQDGgz+1BqPqe7KMRiZI7HgDUK0eCM3/oG089/jsBtJcSxnScLSVNBjQ+xGiFi
|
|
||||||
-YCD4icQoJSzpqJyR6gDq5lTHASAe+9LWRW771MrtyACQWNXowYEyu8AjekrZkCUS
|
|
||||||
-wIKVpw57oWykzIoS7ixZsJ8gxwKBgQD8BPWqJEsLiQvOlS5E/g88eV1KTpxm9Xs+
|
|
||||||
-BbwsDXZ7m4Iw5lYaUu5CwBB/2jkGGRl8Q/EfAdUT7gXv3t6x5b1qMXaIczmRGYto
|
|
||||||
-NuI3AH2MPxAa7lg5TgBgie1r7PKwyPMfG3CtDx6n8W5sexgJpbIy5u7E+U6d8s1o
|
|
||||||
-c7EcsefduQKBgCkHJAx9v18GWFBip+W2ABUDzisQSlzRSNd8p03mTZpiWzgkDq4K
|
|
||||||
-7j0JQhDIkMGjbKH6gYi9Hfn17WOmf1+7g92MSvrP/NbxeGPadsejEIEu14zu/6Wt
|
|
||||||
-oXDLdRbYZ+8B2cBlEpWuCl42yck8Lic6fnPTou++oSah3otvglYR5d2lAoGACd8L
|
|
||||||
-3FE1m0sP6lSPjmZBJIZAcDOqDqJY5HIHD9arKGZL8CxlfPx4lqa9PrTGfQWoqORk
|
|
||||||
-YmmI9hHhq6aYJHGyPKGZWfjhbVyJyFg1/h+Hy2GA+P0S+ZOjkiR050BNtTz5wOMr
|
|
||||||
-Q6wO8FcVkywzIdWaqEHBYne9a5RiFVBKxKv3QAkCgYBxmCBKajFkMVb4Uc55WqJs
|
|
||||||
-Add0mctGgmZ1l5vq81eWe3wjM8wgfJgaD3Q3gwx2ABUX/R+OsVWSh4o5ZR86sYoz
|
|
||||||
-TviknBHF8GeDLjpT49+04fEaz336J2JOptF9zIpz7ZK1nrOEjzaZGtumReVjUP7X
|
|
||||||
-fNcb5iDYqZRzD8ixBbLxUw==
|
|
||||||
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCyK+BTAOJKJjji
|
|
||||||
+OhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVCFoVBz5doMf3M6QIS2jL3
|
|
||||||
+Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsFSTxytUVpfcByrubWiLKX
|
|
||||||
+63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuWm/gavozkK103gQ+dUq4H
|
|
||||||
+XamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enhav2sXDfOmZp/DYf9IqS7l
|
|
||||||
+vFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p1diWRpaSn62bbkRN49j6
|
|
||||||
+L2dVb+DfAgMBAAECggEAciwDl6zdVT6g/PbT/+SMA+7qgYHSN+1koEQaJpgjzGEP
|
|
||||||
+lUUfj8TewCtzXaIoyj9IepBuXryBg6snNXpT/w3bqgYon/7zFBvxkUpDj4A5tvKf
|
|
||||||
+BuY2fZFlpBvUu1Ju1eKrFCptBBBoA9mc+BUB/ze4ktrAdJFcxZoMlVScjqGB3GdR
|
|
||||||
+OHw2x9BdWGCJBhiu9VHhAAb/LVWi6xgDumYSWZwN2yovg+7J91t5bsENeBRHycK+
|
|
||||||
+i5dNFh1umIK9N0SH6bpHPnLHrCRchrQ6ZRRxL4ZBKA9jFRDeI7OOsJuCvhGyJ1se
|
|
||||||
+snsLjr/Ahg00aiHCcC1SPQ6pmXAVBCG7hf4AX82V4QKBgQDaFDE+Fcpv84mFo4s9
|
|
||||||
+wn4CZ8ymoNIaf5zPl/gpH7MGots4NT5+Ns+6zzJQ6TEpDjTPx+vDaabP7QGXwVZn
|
|
||||||
+8NAHYvCQK37b+u9HrOt256YYRDOmnJFSbsJdmqzMEzpTNmQ8GuI37cZCS9CmSMv+
|
|
||||||
+ab/plcwuv0cJRSC83NN2AFyu1QKBgQDRJzKIBQlpprF9rA0D5ZjLVW4OH18A0Mmm
|
|
||||||
+oanw7qVutBaM4taFN4M851WnNIROyYIlkk2fNgW57Y4M8LER4zLrjU5HY4lB0BMX
|
|
||||||
+LQWDbyz4Y7L4lVnnEKfQxWFt9avNZwiCxCxEKy/n/icmVCzc91j9uwKcupdzrN6E
|
|
||||||
+yzPd1s5y4wKBgQCkJvzmAdsOp9/Fg1RFWcgmIWHvrzBXl+U+ceLveZf1j9K5nYJ7
|
|
||||||
+2OBGer4iH1XM1I+2M4No5XcWHg3L4FEdDixY0wXHT6Y/CcThS+015Kqmq3fBmyrc
|
|
||||||
+RNjzQoF9X5/QkSmkAIx1kvpgXtcgw70htRIrToGSUpKzDKDW6NYXhbA+PQKBgDJK
|
|
||||||
+KH5IJ8E9kYPUMLT1Kc4KVpISvPcnPLVSPdhuqVx69MkfadFSTb4BKbkwiXegQCjk
|
|
||||||
+isFzbeEM25EE9q6EYKP+sAm+RyyJ6W0zKBY4TynSXyAiWSGUAaXTL+AOqCaVVZiL
|
|
||||||
+rtEdSUGQ/LzclIT0/HLV2oTw4KWxtTdc3LXEhpNdAoGBAM3LckiHENqtoeK2gVNw
|
|
||||||
+IPeEuruEqoN4n+XltbEEv6Ymhxrs6T6HSKsEsLhqsUiIvIzH43KMm45SNYTn5eZh
|
|
||||||
+yzYMXLmervN7c1jJe2Y2MYv6hE+Ypj1xGW4w7s8WNKmVzLv97beisD9AZrS7sXfF
|
|
||||||
+RvOAi5wVkYylDxV4238MAZIq
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
-MIIDeTCCAmGgAwIBAgIUIDyc//j/LoNDesZTGbPBoVarv4EwDQYJKoZIhvcNAQEL
|
|
||||||
+MIIDdzCCAl+gAwIBAgIUAKvI4FWjFLx8iBGifOW3mG/xkT0wDQYJKoZIhvcNAQEL
|
|
||||||
BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
|
|
||||||
-BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw
|
|
||||||
-NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
|
|
||||||
-cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMzMIIBIjANBgkqhkiG9w0B
|
|
||||||
-AQEFAAOCAQ8AMIIBCgKCAQEA+QP7d56K4/9eu7aChtWILYNxvqWeDcJeWvX5Z5vC
|
|
||||||
-XUjFuUxBD9U0rw1SBLgFYu8aqAJ+oXsqaGjJARifgKEqPUe7pnYYatr55lhTbHR+
|
|
||||||
-qA88p1V4sclEaPNWKzd7J/V3eeYr04kqWV5XYhAq9k9AWLzsNIePe2z7OoGPS6oK
|
|
||||||
-wRzWFRd5RYXTpmFr/tqknbYvtYFd7duKb9QqytgHV+RKXXeY0fnjZ7frLmaqDwtI
|
|
||||||
-U3DY7MyS3Hw2BVx72vQXBNA364HGEpqEgVOdzI7et0wpSumaFXDye714xUR53L7N
|
|
||||||
-f3fp3PQXS/RbBiNXs7KUsHCR6nsdsIKO+sg66gxOLNt6zwIDAQABo2AwXjAMBgNV
|
|
||||||
-HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUN9pGq/UFS3o50rTi
|
|
||||||
-V+AYgAk+3R4wHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI
|
|
||||||
-hvcNAQELBQADggEBAGcOh380/6aJqMpYBssuf2CB3DX/hGKdvEF7fF8iNSfl5HHq
|
|
||||||
-112kHl3MhbL9Th/safJq9sLDJqjXRNdVCUJJbU4YI2P2gsi04paC0qxWxMLtzQLd
|
|
||||||
-CE7ki2xH94Fuu/dThbpzZBABROO1RrdI24GDGt9t4Gf0WVkobmT/zNlwGppKTIB2
|
|
||||||
-iV/Ug30iKr/C49UzwUIa+XXXujkjPTmGSnrKwVQNxQh81rb+iTL7GEnNuqDsatHW
|
|
||||||
-ZyLS2SaVdG5tMqDkITPMDGjehUzJcAbVc8Bv4m8Ukuov3uDj2Doc6MxlvrVkV0AE
|
|
||||||
-BcSCb/bWQJJ/X4LQZlx9cMk4NINxV9UeFPZOefg=
|
|
||||||
+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MTEwNloXDTMyMDMz
|
|
||||||
+MTE0MTEwNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
|
|
||||||
+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMzCCASIwDQYJKoZIhvcNAQEB
|
|
||||||
+BQADggEPADCCAQoCggEBALIr4FMA4komOOI6FjrQ15mPMYZnEQF8KbrafSbCTO6x
|
|
||||||
+b9X97re7CPq45UIWhUHPl2gx/czpAhLaMvcDDpCzn69y4sDSAeuojCNhDPVRnkRM
|
|
||||||
+sosptDDpg4hV+wVJPHK1RWl9wHKu5taIspfre2F4bX8hWiQMr/3+TnYrK37BwKO5
|
|
||||||
+FvsAlAWPY4sNG5ab+Bq+jOQrXTeBD51SrgddqZky1OrUSFA59zQhR4I4QvrHPiPO
|
|
||||||
+Ucd/Mt2S9vsSeFq/axcN86Zmn8Nh/0ipLuW8WSQg09VtgUFN7Fo9mUXCakZGOSaj
|
|
||||||
+If/D4mVynOz7DqnV2JZGlpKfrZtuRE3j2PovZ1Vv4N8CAwEAAaNgMF4wDAYDVR0T
|
|
||||||
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFDoKRbmxroesGxa+4868
|
|
||||||
+yPIvkCewMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3
|
|
||||||
+DQEBCwUAA4IBAQBfCCzWyZzIvq/ci6E74ovJ8mMel5Z9MU9EcvY0k7pJSUbpCg3c
|
|
||||||
+P48CiAzt8r8Em4AymADfK1pYvvpTNVpU/USbdKR1hyxZjqWrYdsY7tlVuvZ92oFs
|
|
||||||
+s3komuKHCx2SQAe5b+LWjC1Bf8JUFx+XTjYb/BBg7nQRwi3TkYVVmW7hXLYvf4Jn
|
|
||||||
+Uyu0x02pDzUu+62jeYbNIVJnYwSU0gLHEo81QmNs06RLjnAhbneUZ6P6YuJOdDo7
|
|
||||||
+xMw/ywijZM0FxsWxRSsCBwavhabg1Kb1lO//pbgcSa9T0D7ax1XoMni3RJnHj6gu
|
|
||||||
+r0Mi3QjgZaxghR3TPh83dQLilECYDuD0uTzf
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
|
@ -248,8 +248,8 @@ index de391ce067..1cfd71c5cf 100644
|
|||||||
--- a/providers/fips/fipsprov.c
|
--- a/providers/fips/fipsprov.c
|
||||||
+++ b/providers/fips/fipsprov.c
|
+++ b/providers/fips/fipsprov.c
|
||||||
@@ -23,6 +23,7 @@
|
@@ -23,6 +23,7 @@
|
||||||
#include "prov/seeding.h"
|
|
||||||
#include "self_test.h"
|
#include "self_test.h"
|
||||||
|
#include "crypto/context.h"
|
||||||
#include "internal/core.h"
|
#include "internal/core.h"
|
||||||
+#include "indicator.h"
|
+#include "indicator.h"
|
||||||
|
|
||||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -295,7 +295,7 @@ index 00cf65fcd6..83be3d8ede 100644
|
|||||||
|
|
||||||
static void *rsa_newctx(void *provctx)
|
static void *rsa_newctx(void *provctx)
|
||||||
@@ -190,12 +196,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
|
@@ -190,12 +196,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
|
||||||
return 0;
|
}
|
||||||
}
|
}
|
||||||
ret =
|
ret =
|
||||||
- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf,
|
- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf,
|
||||||
|
@ -231,7 +231,7 @@ diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
|
|||||||
index b6d5e8e134..77eec075e6 100644
|
index b6d5e8e134..77eec075e6 100644
|
||||||
--- a/providers/fips/self_test_kats.c
|
--- a/providers/fips/self_test_kats.c
|
||||||
+++ b/providers/fips/self_test_kats.c
|
+++ b/providers/fips/self_test_kats.c
|
||||||
@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
@@ -444,10 +444,13 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
OSSL_PARAM *params = NULL, *params_sig = NULL;
|
OSSL_PARAM *params = NULL, *params_sig = NULL;
|
||||||
OSSL_PARAM_BLD *bld = NULL;
|
OSSL_PARAM_BLD *bld = NULL;
|
||||||
@ -241,7 +241,6 @@ index b6d5e8e134..77eec075e6 100644
|
|||||||
EVP_PKEY *pkey = NULL;
|
EVP_PKEY *pkey = NULL;
|
||||||
- unsigned char sig[256];
|
- unsigned char sig[256];
|
||||||
BN_CTX *bnctx = NULL;
|
BN_CTX *bnctx = NULL;
|
||||||
BIGNUM *K = NULL;
|
|
||||||
+ const char *msg = "Hello World!";
|
+ const char *msg = "Hello World!";
|
||||||
+ unsigned char sig[256];
|
+ unsigned char sig[256];
|
||||||
size_t siglen = sizeof(sig);
|
size_t siglen = sizeof(sig);
|
||||||
|
@ -90,7 +90,7 @@ index db1a1d7bc3..c94c3c53bd 100644
|
|||||||
&& !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
|
&& !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
|
||||||
&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
|
&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
|
||||||
@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
}
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
@ -231,7 +231,7 @@ diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
|
|||||||
index b6d5e8e134..77eec075e6 100644
|
index b6d5e8e134..77eec075e6 100644
|
||||||
--- a/providers/fips/self_test_kats.c
|
--- a/providers/fips/self_test_kats.c
|
||||||
+++ b/providers/fips/self_test_kats.c
|
+++ b/providers/fips/self_test_kats.c
|
||||||
@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
@@ -444,10 +444,13 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
OSSL_PARAM *params = NULL, *params_sig = NULL;
|
OSSL_PARAM *params = NULL, *params_sig = NULL;
|
||||||
OSSL_PARAM_BLD *bld = NULL;
|
OSSL_PARAM_BLD *bld = NULL;
|
||||||
@ -241,7 +241,6 @@ index b6d5e8e134..77eec075e6 100644
|
|||||||
EVP_PKEY *pkey = NULL;
|
EVP_PKEY *pkey = NULL;
|
||||||
- unsigned char sig[256];
|
- unsigned char sig[256];
|
||||||
BN_CTX *bnctx = NULL;
|
BN_CTX *bnctx = NULL;
|
||||||
BIGNUM *K = NULL;
|
|
||||||
+ const char *msg = "Hello World!";
|
+ const char *msg = "Hello World!";
|
||||||
+ unsigned char sig[256];
|
+ unsigned char sig[256];
|
||||||
size_t siglen = sizeof(sig);
|
size_t siglen = sizeof(sig);
|
||||||
|
@ -9,7 +9,7 @@ diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsr
|
|||||||
+# include <openssl/evp.h>
|
+# include <openssl/evp.h>
|
||||||
|
|
||||||
static uint64_t get_time_stamp(void);
|
static uint64_t get_time_stamp(void);
|
||||||
static uint64_t get_timer_bits(void);
|
|
||||||
@@ -342,66 +342,8 @@ static ssize_t syscall_random(void *buf,
|
@@ -342,66 +342,8 @@ static ssize_t syscall_random(void *buf,
|
||||||
* which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
|
* which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
|
||||||
* between size_t and ssize_t is safe even without a range check.
|
* between size_t and ssize_t is safe even without a range check.
|
||||||
|
@ -1,146 +0,0 @@
|
|||||||
From 5dee3e41a5b3f8934277de17a2ae192f43601948 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tomas Mraz <tomas@openssl.org>
|
|
||||||
Date: Fri, 9 Sep 2022 14:46:24 +0200
|
|
||||||
Subject: [PATCH] Fix AES-GCM on Power 8 CPUs
|
|
||||||
|
|
||||||
Properly fallback to the default implementation on CPUs
|
|
||||||
missing necessary instructions.
|
|
||||||
|
|
||||||
Fixes #19163
|
|
||||||
|
|
||||||
(cherry picked from commit 24344d387178d45b37a1fbc51519c390e9a4effe)
|
|
||||||
---
|
|
||||||
include/crypto/aes_platform.h | 12 +---
|
|
||||||
.../ciphers/cipher_aes_gcm_hw_ppc.inc | 72 ++++++++++++++-----
|
|
||||||
2 files changed, 56 insertions(+), 28 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h
|
|
||||||
index 0c281a366a..6830bad0e9 100644
|
|
||||||
--- a/include/crypto/aes_platform.h
|
|
||||||
+++ b/include/crypto/aes_platform.h
|
|
||||||
@@ -83,16 +83,8 @@ size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out,
|
|
||||||
size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out,
|
|
||||||
size_t len, const void *key, unsigned char ivec[16],
|
|
||||||
u64 *Xi);
|
|
||||||
-size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out,
|
|
||||||
- size_t len, const void *key,
|
|
||||||
- unsigned char ivec[16], u64 *Xi);
|
|
||||||
-size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out,
|
|
||||||
- size_t len, const void *key,
|
|
||||||
- unsigned char ivec[16], u64 *Xi);
|
|
||||||
-# define AES_gcm_encrypt ppc_aes_gcm_encrypt_wrap
|
|
||||||
-# define AES_gcm_decrypt ppc_aes_gcm_decrypt_wrap
|
|
||||||
-# define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \
|
|
||||||
- (gctx)->gcm.ghash==gcm_ghash_p8)
|
|
||||||
+# define AES_GCM_ASM_PPC(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \
|
|
||||||
+ (gctx)->gcm.ghash==gcm_ghash_p8)
|
|
||||||
void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len);
|
|
||||||
# endif /* PPC */
|
|
||||||
|
|
||||||
diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
|
|
||||||
index 4eed0f4ab0..03e3eddc41 100644
|
|
||||||
--- a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
|
|
||||||
+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
|
|
||||||
@@ -23,12 +23,6 @@ static int aes_ppc_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
-
|
|
||||||
-extern size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len,
|
|
||||||
- const void *key, unsigned char ivec[16], u64 *Xi);
|
|
||||||
-extern size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len,
|
|
||||||
- const void *key, unsigned char ivec[16], u64 *Xi);
|
|
||||||
-
|
|
||||||
static inline u32 UTO32(unsigned char *buf)
|
|
||||||
{
|
|
||||||
return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) | ((u32) buf[2] << 8) | ((u32) buf[3]);
|
|
||||||
@@ -47,7 +41,7 @@ static inline u32 add32TOU(unsigned char buf[4], u32 n)
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len,
|
|
||||||
+static size_t ppc_aes_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len,
|
|
||||||
const void *key, unsigned char ivec[16], u64 *Xi, int encrypt)
|
|
||||||
{
|
|
||||||
int s = 0;
|
|
||||||
@@ -90,24 +84,66 @@ static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, siz
|
|
||||||
return ndone;
|
|
||||||
}
|
|
||||||
|
|
||||||
-size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, size_t len,
|
|
||||||
- const void *key, unsigned char ivec[16], u64 *Xi)
|
|
||||||
-{
|
|
||||||
- return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 1);
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, size_t len,
|
|
||||||
- const void *key, unsigned char ivec[16], u64 *Xi)
|
|
||||||
+static int ppc_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
|
|
||||||
+ size_t len, unsigned char *out)
|
|
||||||
{
|
|
||||||
- return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 0);
|
|
||||||
+ if (ctx->enc) {
|
|
||||||
+ if (ctx->ctr != NULL) {
|
|
||||||
+ size_t bulk = 0;
|
|
||||||
+
|
|
||||||
+ if (len >= AES_GCM_ENC_BYTES && AES_GCM_ASM_PPC(ctx)) {
|
|
||||||
+ size_t res = (16 - ctx->gcm.mres) % 16;
|
|
||||||
+
|
|
||||||
+ if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, res))
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+ bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res,
|
|
||||||
+ ctx->gcm.key,
|
|
||||||
+ ctx->gcm.Yi.c, ctx->gcm.Xi.u, 1);
|
|
||||||
+
|
|
||||||
+ ctx->gcm.len.u[1] += bulk;
|
|
||||||
+ bulk += res;
|
|
||||||
+ }
|
|
||||||
+ if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
|
|
||||||
+ len - bulk, ctx->ctr))
|
|
||||||
+ return 0;
|
|
||||||
+ } else {
|
|
||||||
+ if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len))
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ } else {
|
|
||||||
+ if (ctx->ctr != NULL) {
|
|
||||||
+ size_t bulk = 0;
|
|
||||||
+
|
|
||||||
+ if (len >= AES_GCM_DEC_BYTES && AES_GCM_ASM_PPC(ctx)) {
|
|
||||||
+ size_t res = (16 - ctx->gcm.mres) % 16;
|
|
||||||
+
|
|
||||||
+ if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res))
|
|
||||||
+ return -1;
|
|
||||||
+
|
|
||||||
+ bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res,
|
|
||||||
+ ctx->gcm.key,
|
|
||||||
+ ctx->gcm.Yi.c, ctx->gcm.Xi.u, 0);
|
|
||||||
+
|
|
||||||
+ ctx->gcm.len.u[1] += bulk;
|
|
||||||
+ bulk += res;
|
|
||||||
+ }
|
|
||||||
+ if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
|
|
||||||
+ len - bulk, ctx->ctr))
|
|
||||||
+ return 0;
|
|
||||||
+ } else {
|
|
||||||
+ if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len))
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
-
|
|
||||||
static const PROV_GCM_HW aes_ppc_gcm = {
|
|
||||||
aes_ppc_gcm_initkey,
|
|
||||||
ossl_gcm_setiv,
|
|
||||||
ossl_gcm_aad_update,
|
|
||||||
- generic_aes_gcm_cipher_update,
|
|
||||||
+ ppc_aes_gcm_cipher_update,
|
|
||||||
ossl_gcm_cipher_final,
|
|
||||||
ossl_gcm_one_shot
|
|
||||||
};
|
|
||||||
--
|
|
||||||
2.37.3
|
|
||||||
|
|
@ -183,11 +183,11 @@ index 54e2a1c61ca..094a6632b66 100644
|
|||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
if (blinding) {
|
if (blinding)
|
||||||
/*
|
if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
|
||||||
* ossl_bn_rsa_do_unblind() combines blinding inversion and
|
goto err;
|
||||||
@@ -471,9 +545,12 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
@@ -471,9 +545,12 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
||||||
}
|
goto err;
|
||||||
|
|
||||||
switch (padding) {
|
switch (padding) {
|
||||||
- case RSA_PKCS1_PADDING:
|
- case RSA_PKCS1_PADDING:
|
||||||
@ -739,9 +739,9 @@ index e6c4758a33e..6e4a4f8539d 100644
|
|||||||
#define OSSL_PKEY_PARAM_PUB_KEY "pub"
|
#define OSSL_PKEY_PARAM_PUB_KEY "pub"
|
||||||
#define OSSL_PKEY_PARAM_PRIV_KEY "priv"
|
#define OSSL_PKEY_PARAM_PRIV_KEY "priv"
|
||||||
+#define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
|
+#define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
|
||||||
#define OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K "rh_sign_kat_k"
|
|
||||||
|
|
||||||
/* Diffie-Hellman/DSA Parameters */
|
/* Diffie-Hellman/DSA Parameters */
|
||||||
|
#define OSSL_PKEY_PARAM_FFC_P "p"
|
||||||
@@ -482,6 +483,7 @@ extern "C" {
|
@@ -482,6 +483,7 @@ extern "C" {
|
||||||
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
|
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
|
||||||
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
|
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
|
||||||
|
32
openssl.spec
32
openssl.spec
@ -28,8 +28,8 @@ print(string.sub(hash, 0, 16))
|
|||||||
|
|
||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 3.0.8
|
Version: 3.1.1
|
||||||
Release: 4%{?dist}
|
Release: 1%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Source: openssl-%{version}.tar.gz
|
Source: openssl-%{version}.tar.gz
|
||||||
Source2: Makefile.certificate
|
Source2: Makefile.certificate
|
||||||
@ -95,8 +95,6 @@ Patch49: 0049-Selectively-disallow-SHA1-signatures.patch
|
|||||||
# Selectively disallow SHA1 signatures rhbz#2070977
|
# Selectively disallow SHA1 signatures rhbz#2070977
|
||||||
Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch
|
Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch
|
||||||
%endif
|
%endif
|
||||||
# Backport of patch for RHEL for Edge rhbz #2027261
|
|
||||||
Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
|
|
||||||
%if 0%{?rhel}
|
%if 0%{?rhel}
|
||||||
# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
|
# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
|
||||||
Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
|
Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
|
||||||
@ -108,7 +106,7 @@ Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
|
|||||||
# no USDT probe instrumentation required
|
# no USDT probe instrumentation required
|
||||||
%else
|
%else
|
||||||
# Instrument with USDT probes related to SHA-1 deprecation
|
# Instrument with USDT probes related to SHA-1 deprecation
|
||||||
Patch53: 0053-Add-SHA1-probes.patch
|
#Patch53: 0053-Add-SHA1-probes.patch
|
||||||
%endif
|
%endif
|
||||||
# https://github.com/openssl/openssl/pull/18103
|
# https://github.com/openssl/openssl/pull/18103
|
||||||
# The patch is incorporated in 3.0.3 but we provide this function since 3.0.1
|
# The patch is incorporated in 3.0.3 but we provide this function since 3.0.1
|
||||||
@ -118,19 +116,9 @@ Patch56: 0056-strcasecmp.patch
|
|||||||
# Patch57: 0057-strcasecmp-fix.patch
|
# Patch57: 0057-strcasecmp-fix.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2053289
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2053289
|
||||||
Patch58: 0058-FIPS-limit-rsa-encrypt.patch
|
Patch58: 0058-FIPS-limit-rsa-encrypt.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2069235
|
|
||||||
Patch60: 0060-FIPS-KAT-signature-tests.patch
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2087147
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2087147
|
||||||
Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
|
Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
|
||||||
Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
|
Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
|
||||||
# https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c
|
|
||||||
# https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd
|
|
||||||
# Regression on Power8, see rhbz2124845, https://github.com/openssl/openssl/issues/19163; fix in 0079-Fix-AES-GCM-on-Power-8-CPUs.patch
|
|
||||||
Patch71: 0071-AES-GCM-performance-optimization.patch
|
|
||||||
# https://github.com/openssl/openssl/commit/f596bbe4da779b56eea34d96168b557d78e1149
|
|
||||||
# https://github.com/openssl/openssl/commit/7e1f3ffcc5bc15fb9a12b9e3bb202f544c6ed5aa
|
|
||||||
# hunks in crypto/ppccap.c from https://github.com/openssl/openssl/commit/f5485b97b6c9977c0d39c7669b9f97a879312447
|
|
||||||
Patch72: 0072-ChaCha20-performance-optimizations-for-ppc64le.patch
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
|
||||||
Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
|
Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
|
||||||
@ -148,8 +136,6 @@ Patch76: 0076-FIPS-140-3-DRBG.patch
|
|||||||
Patch77: 0077-FIPS-140-3-zeroization.patch
|
Patch77: 0077-FIPS-140-3-zeroization.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2114772
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2114772
|
||||||
Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
|
Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2124845, https://github.com/openssl/openssl/pull/19182
|
|
||||||
Patch79: 0079-Fix-AES-GCM-on-Power-8-CPUs.patch
|
|
||||||
# https://github.com/openssl/openssl/pull/13817
|
# https://github.com/openssl/openssl/pull/13817
|
||||||
Patch100: 0100-RSA-PKCS15-implicit-rejection.patch
|
Patch100: 0100-RSA-PKCS15-implicit-rejection.patch
|
||||||
|
|
||||||
@ -330,7 +316,7 @@ export OPENSSL_ENABLE_SHA1_SIGNATURES
|
|||||||
OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
|
OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
|
||||||
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
|
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
|
||||||
#embed HMAC into fips provider for test run
|
#embed HMAC into fips provider for test run
|
||||||
LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac
|
OPENSSL_CONF=/dev/null LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac
|
||||||
objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac
|
objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac
|
||||||
mv providers/fips.so.mac providers/fips.so
|
mv providers/fips.so.mac providers/fips.so
|
||||||
#run tests itself
|
#run tests itself
|
||||||
@ -343,7 +329,7 @@ make test HARNESS_JOBS=8
|
|||||||
%{?__debug_package:%{__debug_install_post}} \
|
%{?__debug_package:%{__debug_install_post}} \
|
||||||
%{__arch_install_post} \
|
%{__arch_install_post} \
|
||||||
%{__os_install_post} \
|
%{__os_install_post} \
|
||||||
LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so > $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
|
OPENSSL_CONF=/dev/null LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so > $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
|
||||||
objcopy --update-section .rodata1=$RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac \
|
objcopy --update-section .rodata1=$RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac \
|
||||||
mv $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so \
|
mv $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so \
|
||||||
rm $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
|
rm $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
|
||||||
@ -483,6 +469,14 @@ install -m644 %{SOURCE9} \
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 27 2023 Sahana Prasad <sahana@redhat.com> - 1:3.1.1-1
|
||||||
|
- Rebase to upstream version 3.1.1
|
||||||
|
Resolves: CVE-2023-0464
|
||||||
|
Resolves: CVE-2023-0465
|
||||||
|
Resolves: CVE-2023-0466
|
||||||
|
Resolves: CVE-2023-1255
|
||||||
|
Resolves: CVE-2023-2650
|
||||||
|
|
||||||
* Thu Jul 27 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.8-4
|
* Thu Jul 27 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.8-4
|
||||||
- Forbid custom EC more completely
|
- Forbid custom EC more completely
|
||||||
Resolves: rhbz#2223953
|
Resolves: rhbz#2223953
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (openssl-3.0.8.tar.gz) = 6c5651e1ed66a567238948b306aa9140c407a153da9c6afe14268c830748df252c955819fac4eb0759dae4dcbc9ec98f5cc2a4a90bb575747b1b040e104c7ffd
|
SHA512 (openssl-3.1.1.tar.gz) = 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9
|
||||||
|
Loading…
Reference in New Issue
Block a user