diff --git a/.gitignore b/.gitignore index f62700c..599528b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/openssl-3.5.1.tar.gz +SOURCES/openssl-3.5.5.tar.gz diff --git a/.openssl.metadata b/.openssl.metadata index 9b90b65..067fc12 100644 --- a/.openssl.metadata +++ b/.openssl.metadata @@ -1 +1 @@ -c2473d27ebfd33e1e08f9fbf1ef303f848edd8dd SOURCES/openssl-3.5.1.tar.gz +72a5ebbdd30bc28a66f069e2d50c66a007c324d2 SOURCES/openssl-3.5.5.tar.gz diff --git a/SOURCES/0001-RH-Aarch64-and-ppc64le-use-lib64.patch b/SOURCES/0001-RH-Aarch64-and-ppc64le-use-lib64.patch index 1331ab0..e7da73a 100644 --- a/SOURCES/0001-RH-Aarch64-and-ppc64le-use-lib64.patch +++ b/SOURCES/0001-RH-Aarch64-and-ppc64le-use-lib64.patch @@ -1,7 +1,7 @@ -From bc8c037733c26d4c4a2a3dfd1e383be9855449b3 Mon Sep 17 00:00:00 2001 +From ad6ba90718f814f1db71e86a4156098eb2bbeef5 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:14 +0100 -Subject: [PATCH 01/53] RH: Aarch64 and ppc64le use lib64 +Subject: [PATCH 01/57] RH: Aarch64 and ppc64le use lib64 Patch-name: 0001-Aarch64-and-ppc64le-use-lib64.patch Patch-id: 1 @@ -34,5 +34,5 @@ index cba57b4127..3e327017ef 100644 "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 inherit_from => [ "linux-generic32" ], -- -2.50.0 +2.52.0 diff --git a/SOURCES/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch b/SOURCES/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch index bfcf061..bcbc939 100644 --- a/SOURCES/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch +++ b/SOURCES/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch @@ -1,7 +1,7 @@ -From 99e084a168125827163da87f3f1de3f05db99be1 Mon Sep 17 00:00:00 2001 +From a10a60403c197128ea6d8076b5111c64594a5026 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 6 Mar 2025 08:40:29 -0500 -Subject: [PATCH 02/53] Add a separate config file to use for rpm installs +Subject: [PATCH 02/57] Add a separate config file to use for rpm installs In RHEL/Fedora systems we want to use a slightly different set of defaults, but we do not want to change the standard config file @@ -452,5 +452,5 @@ index 0000000000..fe2346eb2b +cmd = rr +oldcert = $insta::certout # insta.cert.pem -- -2.50.0 +2.52.0 diff --git a/SOURCES/0003-RH-Do-not-install-html-docs.patch b/SOURCES/0003-RH-Do-not-install-html-docs.patch index 8c2edce..5f6117d 100644 --- a/SOURCES/0003-RH-Do-not-install-html-docs.patch +++ b/SOURCES/0003-RH-Do-not-install-html-docs.patch @@ -1,7 +1,7 @@ -From 371ef9d39cb5a54d7f22ef1abd6340dbadf88fcd Mon Sep 17 00:00:00 2001 +From 44f15e373a78a1fb01edf15e7530cea4c8a1b79b Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:14 +0100 -Subject: [PATCH 03/53] RH: Do not install html docs +Subject: [PATCH 03/57] RH: Do not install html docs Patch-name: 0003-Do-not-install-html-docs.patch Patch-id: 3 @@ -13,10 +13,10 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index a6f666957e..b1d8b00755 100644 +index 78be4a3199..962d1330bb 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl -@@ -658,7 +658,7 @@ install_sw: install_dev install_engines install_modules install_runtime ## Insta +@@ -669,7 +669,7 @@ install_sw: install_dev install_engines install_modules install_runtime ## Insta uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev ## Uninstall the software and libraries @@ -26,5 +26,5 @@ index a6f666957e..b1d8b00755 100644 uninstall_docs: uninstall_man_docs uninstall_html_docs ## Uninstall manpages and HTML documentation $(RM) -r "$(DESTDIR)$(DOCDIR)" -- -2.50.0 +2.52.0 diff --git a/SOURCES/0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch b/SOURCES/0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch index 2486532..951849d 100644 --- a/SOURCES/0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch +++ b/SOURCES/0004-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch @@ -1,7 +1,7 @@ -From 79787a5bb85fed3c6998bfe3aebcdff9ffa56edf Mon Sep 17 00:00:00 2001 +From 3e60b46747eae0aec3171f13da6be706bcac6b48 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:14 +0100 -Subject: [PATCH 04/53] RH: apps ca fix md option help text.patch - DROP? +Subject: [PATCH 04/57] RH: apps ca fix md option help text.patch - DROP? Patch-name: 0005-apps-ca-fix-md-option-help-text.patch Patch-id: 5 @@ -13,18 +13,18 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/ca.c b/apps/ca.c -index 6d1d1c0a6e..a7553ba609 100644 +index 02b00c7c03..7f77e069ab 100644 --- a/apps/ca.c +++ b/apps/ca.c -@@ -216,7 +216,7 @@ const OPTIONS ca_options[] = { - {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"}, +@@ -261,7 +261,7 @@ const OPTIONS ca_options[] = { + { "noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN" }, OPT_SECTION("Signing"), -- {"md", OPT_MD, 's', "Digest to use, such as sha256"}, -+ {"md", OPT_MD, 's', "Digest to use, such as sha256; see openssl help for list"}, - {"keyfile", OPT_KEYFILE, 's', "The CA private key"}, - {"keyform", OPT_KEYFORM, 'f', - "Private key file format (ENGINE, other values ignored)"}, +- { "md", OPT_MD, 's', "Digest to use, such as sha256" }, ++ { "md", OPT_MD, 's', "Digest to use, such as sha256; see openssl help for list" }, + { "keyfile", OPT_KEYFILE, 's', "The CA private key" }, + { "keyform", OPT_KEYFORM, 'f', + "Private key file format (ENGINE, other values ignored)" }, -- -2.50.0 +2.52.0 diff --git a/SOURCES/0005-RH-Disable-signature-verification-with-bad-digests-R.patch b/SOURCES/0005-RH-Disable-signature-verification-with-bad-digests-R.patch index b52e60b..d3d81a9 100644 --- a/SOURCES/0005-RH-Disable-signature-verification-with-bad-digests-R.patch +++ b/SOURCES/0005-RH-Disable-signature-verification-with-bad-digests-R.patch @@ -1,7 +1,7 @@ -From c99e322d8f8ea6835f2d8aff4ca33d36410c4233 Mon Sep 17 00:00:00 2001 +From 04f1fc282cd5f5e7a9fbf2d82a62a9810d2e4acc Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:14 +0100 -Subject: [PATCH 05/53] RH: Disable signature verification with bad digests - +Subject: [PATCH 05/57] RH: Disable signature verification with bad digests - REVIEW Patch-name: 0006-Disable-signature-verification-with-totally-unsafe-h.patch @@ -14,10 +14,10 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce 1 file changed, 5 insertions(+) diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c -index f6cac80962..fbc6ce6e30 100644 +index 55f86ee83f..95483afc00 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c -@@ -151,6 +151,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, +@@ -152,6 +152,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); if (ret <= 1) goto err; @@ -30,5 +30,5 @@ index f6cac80962..fbc6ce6e30 100644 const EVP_MD *type = NULL; -- -2.50.0 +2.52.0 diff --git a/SOURCES/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch b/SOURCES/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch index 99505a3..d53c49a 100644 --- a/SOURCES/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch +++ b/SOURCES/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch @@ -1,7 +1,7 @@ -From f54b7469e2525ea5f03113fad7169bd23fbcab50 Mon Sep 17 00:00:00 2001 +From ced223dc078708514c65b1903c783062ec568bb7 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:14 +0100 -Subject: [PATCH 06/53] RH: Add support for PROFILE SYSTEM system default +Subject: [PATCH 06/57] RH: Add support for PROFILE SYSTEM system default cipher Patch-name: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -14,16 +14,16 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce Configure | 11 +++- doc/man1/openssl-ciphers.pod.in | 9 ++++ include/openssl/ssl.h.in | 5 ++ - ssl/ssl_ciph.c | 83 +++++++++++++++++++++++++++---- + ssl/ssl_ciph.c | 85 ++++++++++++++++++++++++++----- ssl/ssl_lib.c | 4 +- test/cipherlist_test.c | 2 + - 7 files changed, 105 insertions(+), 14 deletions(-) + 7 files changed, 106 insertions(+), 15 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index b1d8b00755..91fd703afa 100644 +index 962d1330bb..1920d38655 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl -@@ -344,6 +344,10 @@ MANDIR=$(INSTALLTOP)/share/man +@@ -355,6 +355,10 @@ MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) HTMLDIR=$(DOCDIR)/html @@ -34,7 +34,7 @@ index b1d8b00755..91fd703afa 100644 # MANSUFFIX is for the benefit of anyone who may want to have a suffix # appended after the manpage file section number. "ssl" is popular, # resulting in files such as config.5ssl rather than config.5. -@@ -367,6 +371,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -} +@@ -378,6 +382,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -} CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -} CPPFLAGS={- our $cppflags1 = join(" ", (map { "-D".$_} @{$config{CPPDEFINES}}), @@ -106,10 +106,10 @@ index 69195bcdcb..a6e0ede570 100644 "High" encryption cipher suites. This currently means those with key lengths diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in -index 383c5bc411..d1b00e8454 100644 +index bdcc68529b..82410670f4 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in -@@ -209,6 +209,11 @@ extern "C" { +@@ -211,6 +211,11 @@ extern "C" { * throwing out anonymous and unencrypted ciphersuites! (The latter are not * actually enabled by ALL, but "ALL:RSA" would enable some of them.) */ @@ -120,9 +120,9 @@ index 383c5bc411..d1b00e8454 100644 +# endif /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ - # define SSL_SENT_SHUTDOWN 1 + #define SSL_SENT_SHUTDOWN 1 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index 6127cb7a4b..19420d6c6a 100644 +index 7dccec6260..15be7e8067 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -9,6 +9,7 @@ @@ -133,7 +133,7 @@ index 6127cb7a4b..19420d6c6a 100644 #include #include #include -@@ -1421,6 +1422,49 @@ int SSL_set_ciphersuites(SSL *s, const char *str) +@@ -1404,6 +1405,49 @@ int SSL_set_ciphersuites(SSL *s, const char *str) return ret; } @@ -181,9 +181,9 @@ index 6127cb7a4b..19420d6c6a 100644 +#endif + STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, - STACK_OF(SSL_CIPHER) *tls13_ciphersuites, - STACK_OF(SSL_CIPHER) **cipher_list, -@@ -1435,15 +1479,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, + STACK_OF(SSL_CIPHER) *tls13_ciphersuites, + STACK_OF(SSL_CIPHER) **cipher_list, +@@ -1418,15 +1462,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; const SSL_CIPHER **ca_list = NULL; const SSL_METHOD *ssl_method = ctx->method; @@ -211,16 +211,16 @@ index 6127cb7a4b..19420d6c6a 100644 /* * To reduce the work to do we only want to process the compiled -@@ -1465,7 +1519,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1448,7 +1502,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, if (num_of_ciphers > 0) { co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); if (co_list == NULL) -- return NULL; /* Failure */ +- return NULL; /* Failure */ + goto err; } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, -@@ -1531,8 +1585,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1514,8 +1568,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * in force within each class */ if (!ssl_cipher_strength_sort(&head, &tail)) { @@ -230,27 +230,29 @@ index 6127cb7a4b..19420d6c6a 100644 } /* -@@ -1576,8 +1629,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1559,8 +1612,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); if (ca_list == NULL) { - OPENSSL_free(co_list); -- return NULL; /* Failure */ +- return NULL; /* Failure */ + goto err; } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, - disabled_mkey, disabled_auth, disabled_enc, -@@ -1603,8 +1655,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, - OPENSSL_free(ca_list); /* Not needed anymore */ + disabled_mkey, disabled_auth, disabled_enc, +@@ -1585,9 +1637,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, - if (!ok) { /* Rule processing failure */ + OPENSSL_free(ca_list); /* Not needed anymore */ + +- if (!ok) { /* Rule processing failure */ - OPENSSL_free(co_list); - return NULL; ++ if (!ok) { /* Rule processing failure */ + goto err; } /* -@@ -1612,10 +1663,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1595,10 +1646,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, * if we cannot get one. */ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { @@ -266,7 +268,7 @@ index 6127cb7a4b..19420d6c6a 100644 /* Add TLSv1.3 ciphers first - we always prefer those if possible */ for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); -@@ -1667,6 +1721,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, +@@ -1653,6 +1707,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, *cipher_list = cipherstack; return cipherstack; @@ -281,32 +283,32 @@ index 6127cb7a4b..19420d6c6a 100644 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index 9696a4c55f..4bd3318407 100644 +index ac77faa677..677b05ba64 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c -@@ -686,7 +686,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) - ctx->tls13_ciphersuites, - &(ctx->cipher_list), - &(ctx->cipher_list_by_id), -- OSSL_default_cipher_list(), ctx->cert); -+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert); +@@ -678,7 +678,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) + ctx->tls13_ciphersuites, + &(ctx->cipher_list), + &(ctx->cipher_list_by_id), +- OSSL_default_cipher_list(), ctx->cert); ++ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert); if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return 0; -@@ -4136,7 +4136,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, +@@ -4102,7 +4102,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, if (!ssl_create_cipher_list(ret, - ret->tls13_ciphersuites, - &ret->cipher_list, &ret->cipher_list_by_id, -- OSSL_default_cipher_list(), ret->cert) -+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert) + ret->tls13_ciphersuites, + &ret->cipher_list, &ret->cipher_list_by_id, +- OSSL_default_cipher_list(), ret->cert) ++ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert) || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err; diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c -index c46e431b00..19d05e860b 100644 +index 9874e6bad6..76b6befbad 100644 --- a/test/cipherlist_test.c +++ b/test/cipherlist_test.c -@@ -261,7 +261,9 @@ end: +@@ -260,7 +260,9 @@ end: int setup_tests(void) { @@ -317,5 +319,5 @@ index c46e431b00..19d05e860b 100644 ADD_TEST(test_default_cipherlist_clear); ADD_TEST(test_stdname_cipherlist); -- -2.50.0 +2.52.0 diff --git a/SOURCES/0007-RH-Add-FIPS_mode-compatibility-macro.patch b/SOURCES/0007-RH-Add-FIPS_mode-compatibility-macro.patch index 0be56b9..e84a405 100644 --- a/SOURCES/0007-RH-Add-FIPS_mode-compatibility-macro.patch +++ b/SOURCES/0007-RH-Add-FIPS_mode-compatibility-macro.patch @@ -1,7 +1,7 @@ -From 6a1b39542597be9a28f94dad23a8e93285368653 Mon Sep 17 00:00:00 2001 +From 60f55f072544cb998c42da41ee33ced2b4428b9f Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 07/53] RH: Add FIPS_mode compatibility macro +Subject: [PATCH 07/57] RH: Add FIPS_mode compatibility macro Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch Patch-id: 8 @@ -47,10 +47,10 @@ index 0000000000..4162cbf88e +# endif +#endif diff --git a/test/property_test.c b/test/property_test.c -index 18f8cc8740..6864b1a3c1 100644 +index d470731e50..0b044ec853 100644 --- a/test/property_test.c +++ b/test/property_test.c -@@ -687,6 +687,19 @@ static int test_property_list_to_string(int i) +@@ -703,6 +703,19 @@ err: return ret; } @@ -70,14 +70,14 @@ index 18f8cc8740..6864b1a3c1 100644 int setup_tests(void) { ADD_TEST(test_property_string); -@@ -700,6 +713,7 @@ int setup_tests(void) +@@ -716,6 +729,7 @@ int setup_tests(void) ADD_TEST(test_property); ADD_TEST(test_query_cache_stochastic); ADD_TEST(test_fips_mode); + ADD_TEST(test_downstream_FIPS_mode); ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests)); + ADD_TEST(test_property_list_to_string_bounds); return 1; - } -- -2.50.0 +2.52.0 diff --git a/SOURCES/0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch b/SOURCES/0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch index 06bdbce..5a406c3 100644 --- a/SOURCES/0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch +++ b/SOURCES/0008-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch @@ -1,7 +1,7 @@ -From 15d44a4f1365532f8ebdf24a69c9da7220d5c704 Mon Sep 17 00:00:00 2001 +From 5aa108caf01f482d35aba7acae6b5a8fa1577410 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 08/53] RH: Add Kernel FIPS mode flag support - FIXSTYLE +Subject: [PATCH 08/57] RH: Add Kernel FIPS mode flag support - FIXSTYLE Patch-name: 0009-Add-Kernel-FIPS-mode-flag-support.patch Patch-id: 9 @@ -10,11 +10,11 @@ Patch-status: | From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- crypto/context.c | 35 +++++++++++++++++++++++++++++++++++ - include/internal/provider.h | 3 +++ - 2 files changed, 38 insertions(+) + include/internal/provider.h | 5 ++++- + 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/crypto/context.c b/crypto/context.c -index f15bc3d755..614c8a2c88 100644 +index 1ae88e42aa..62e60f3620 100644 --- a/crypto/context.c +++ b/crypto/context.c @@ -7,6 +7,7 @@ @@ -64,7 +64,7 @@ index f15bc3d755..614c8a2c88 100644 struct ossl_lib_ctx_st { CRYPTO_RWLOCK *lock; OSSL_EX_DATA_GLOBAL global; -@@ -393,6 +426,8 @@ static int default_context_inited = 0; +@@ -391,6 +424,8 @@ static int default_context_inited = 0; DEFINE_RUN_ONCE_STATIC(default_context_do_init) { @@ -74,19 +74,21 @@ index f15bc3d755..614c8a2c88 100644 goto err; diff --git a/include/internal/provider.h b/include/internal/provider.h -index 7d94346155..c0f1d00da9 100644 +index 1b4050a81f..eb7f409af0 100644 --- a/include/internal/provider.h +++ b/include/internal/provider.h -@@ -114,6 +114,9 @@ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx, - const OSSL_DISPATCH *in); +@@ -114,7 +114,10 @@ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx, + const OSSL_DISPATCH *in); void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx); +-#ifdef __cplusplus +/* FIPS flag access */ +int ossl_get_kernel_fips_flag(void); + - # ifdef __cplusplus ++# ifdef __cplusplus } - # endif + #endif + -- -2.50.0 +2.52.0 diff --git a/SOURCES/0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch b/SOURCES/0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch index ba1900c..9e988c8 100644 --- a/SOURCES/0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch +++ b/SOURCES/0009-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch @@ -1,7 +1,7 @@ -From 68174cf923fbaaa95469e433c29992cd63f24f99 Mon Sep 17 00:00:00 2001 +From 8f48c77eb1c8f3e59d4d80041893a1dbf3e1a257 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 09/53] RH: Drop weak curve definitions - RENAMED/SQUASHED +Subject: [PATCH 09/57] RH: Drop weak curve definitions - RENAMED/SQUASHED Patch-name: 0010-Add-changes-to-ectest-and-eccurve.patch Patch-id: 10 @@ -17,61 +17,61 @@ Patch-status: | # # remove unsupported EC curves From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- - apps/speed.c | 8 +- - crypto/ec/ec_curve.c | 844 ------------------ + apps/speed.c | 8 - + crypto/ec/ec_curve.c | 769 ------------------ crypto/evp/ec_support.c | 87 -- test/acvp_test.inc | 9 - test/ecdsatest.h | 17 - - test/ectest.c | 174 +--- + test/ectest.c | 175 +--- test/recipes/15-test_genec.t | 27 - test/recipes/30-test_evp_data/evppkey_ecc.txt | 1 + - 8 files changed, 10 insertions(+), 1157 deletions(-) + 8 files changed, 10 insertions(+), 1083 deletions(-) diff --git a/apps/speed.c b/apps/speed.c -index 6c1eb59e91..3307a9cb46 100644 +index a8d7cb14f5..13c8505ed9 100644 --- a/apps/speed.c +++ b/apps/speed.c -@@ -405,7 +405,7 @@ static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */ +@@ -458,8 +458,6 @@ static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */ #endif /* OPENSSL_NO_DH */ enum ec_curves_t { -- R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, -+ R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, - #ifndef OPENSSL_NO_EC2M - R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, - R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, -@@ -415,8 +415,6 @@ enum ec_curves_t { +- R_EC_P160, +- R_EC_P192, + R_EC_P224, + R_EC_P256, + R_EC_P384, +@@ -486,8 +484,6 @@ enum ec_curves_t { }; /* list of ecdsa curves */ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { -- {"ecdsap160", R_EC_P160}, -- {"ecdsap192", R_EC_P192}, - {"ecdsap224", R_EC_P224}, - {"ecdsap256", R_EC_P256}, - {"ecdsap384", R_EC_P384}, -@@ -449,8 +447,6 @@ enum { +- { "ecdsap160", R_EC_P160 }, +- { "ecdsap192", R_EC_P192 }, + { "ecdsap224", R_EC_P224 }, + { "ecdsap256", R_EC_P256 }, + { "ecdsap384", R_EC_P384 }, +@@ -522,8 +518,6 @@ enum { }; /* list of ecdh curves, extension of |ecdsa_choices| list above */ static const OPT_PAIR ecdh_choices[EC_NUM] = { -- {"ecdhp160", R_EC_P160}, -- {"ecdhp192", R_EC_P192}, - {"ecdhp224", R_EC_P224}, - {"ecdhp256", R_EC_P256}, - {"ecdhp384", R_EC_P384}, -@@ -1966,8 +1962,6 @@ int speed_main(int argc, char **argv) +- { "ecdhp160", R_EC_P160 }, +- { "ecdhp192", R_EC_P192 }, + { "ecdhp224", R_EC_P224 }, + { "ecdhp256", R_EC_P256 }, + { "ecdhp384", R_EC_P384 }, +@@ -2042,8 +2036,6 @@ int speed_main(int argc, char **argv) */ static const EC_CURVE ec_curves[EC_NUM] = { /* Prime Curves */ -- {"secp160r1", NID_secp160r1, 160}, -- {"nistp192", NID_X9_62_prime192v1, 192}, - {"nistp224", NID_secp224r1, 224}, - {"nistp256", NID_X9_62_prime256v1, 256}, - {"nistp384", NID_secp384r1, 384}, +- { "secp160r1", NID_secp160r1, 160 }, +- { "nistp192", NID_X9_62_prime192v1, 192 }, + { "nistp224", NID_secp224r1, 224 }, + { "nistp256", NID_X9_62_prime256v1, 256 }, + { "nistp384", NID_secp384r1, 384 }, diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c -index f46aac5d33..8c5ba5b839 100644 +index c17a7e5477..c6455ff691 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c -@@ -30,38 +30,6 @@ typedef struct { +@@ -30,34 +30,6 @@ typedef struct { } EC_CURVE_DATA; /* the nist prime curves */ @@ -79,11 +79,8 @@ index f46aac5d33..8c5ba5b839 100644 - EC_CURVE_DATA h; - unsigned char data[20 + 24 * 6]; -} _EC_NIST_PRIME_192 = { -- { -- NID_X9_62_prime_field, 20, 24, 1 -- }, -- { -- /* seed */ +- { NID_X9_62_prime_field, 20, 24, 1 }, +- { /* seed */ - 0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, 0x95, 0x28, - 0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5, - /* p */ @@ -103,28 +100,24 @@ index f46aac5d33..8c5ba5b839 100644 - 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31 -- } +- 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31 } -}; - static const struct { EC_CURVE_DATA h; unsigned char data[20 + 28 * 6]; -@@ -200,187 +168,6 @@ static const struct { - } +@@ -184,167 +156,6 @@ static const struct { + 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09 } }; --# ifndef FIPS_MODULE +-#ifndef FIPS_MODULE -/* the x9.62 prime curves (minus the nist prime curves) */ -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 24 * 6]; -} _EC_X9_62_PRIME_192V2 = { -- { -- NID_X9_62_prime_field, 20, 24, 1 -- }, -- { -- /* seed */ +- { NID_X9_62_prime_field, 20, 24, 1 }, +- { /* seed */ - 0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, 0x11, 0x3E, - 0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6, - /* p */ @@ -144,19 +137,15 @@ index f46aac5d33..8c5ba5b839 100644 - 0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9, 0x70, 0xb2, 0xde, 0x15, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, -- 0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31 -- } +- 0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31 } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 24 * 6]; -} _EC_X9_62_PRIME_192V3 = { -- { -- NID_X9_62_prime_field, 20, 24, 1 -- }, -- { -- /* seed */ +- { NID_X9_62_prime_field, 20, 24, 1 }, +- { /* seed */ - 0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, 0x5C, 0xA9, - 0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E, - /* p */ @@ -176,19 +165,15 @@ index f46aac5d33..8c5ba5b839 100644 - 0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76, 0x48, 0xa9, 0x43, 0xb0, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -- 0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13 -- } +- 0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13 } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 30 * 6]; -} _EC_X9_62_PRIME_239V1 = { -- { -- NID_X9_62_prime_field, 20, 30, 1 -- }, -- { -- /* seed */ +- { NID_X9_62_prime_field, 20, 30, 1 }, +- { /* seed */ - 0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, 0x75, 0x79, - 0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D, - /* p */ @@ -214,19 +199,15 @@ index f46aac5d33..8c5ba5b839 100644 - /* order */ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0x7F, 0xFF, 0xFF, 0x9E, 0x5E, 0x9A, 0x9F, 0x5D, 0x90, 0x71, 0xFB, 0xD1, -- 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B -- } +- 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 30 * 6]; -} _EC_X9_62_PRIME_239V2 = { -- { -- NID_X9_62_prime_field, 20, 30, 1 -- }, -- { -- /* seed */ +- { NID_X9_62_prime_field, 20, 30, 1 }, +- { /* seed */ - 0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, 0x80, 0x99, - 0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16, - /* p */ @@ -252,19 +233,15 @@ index f46aac5d33..8c5ba5b839 100644 - /* order */ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0x80, 0x00, 0x00, 0xCF, 0xA7, 0xE8, 0x59, 0x43, 0x77, 0xD4, 0x14, 0xC0, -- 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63 -- } +- 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63 } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 30 * 6]; -} _EC_X9_62_PRIME_239V3 = { -- { -- NID_X9_62_prime_field, 20, 30, 1 -- }, -- { -- /* seed */ +- { NID_X9_62_prime_field, 20, 30, 1 }, +- { /* seed */ - 0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, 0x85, 0x76, - 0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF, - /* p */ @@ -290,15 +267,14 @@ index f46aac5d33..8c5ba5b839 100644 - /* order */ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0x7F, 0xFF, 0xFF, 0x97, 0x5D, 0xEB, 0x41, 0xB3, 0xA6, 0x05, 0x7C, 0x3C, -- 0x43, 0x21, 0x46, 0x52, 0x65, 0x51 -- } +- 0x43, 0x21, 0x46, 0x52, 0x65, 0x51 } -}; -#endif /* FIPS_MODULE */ - static const struct { EC_CURVE_DATA h; unsigned char data[20 + 32 * 8]; -@@ -429,294 +216,6 @@ static const struct { +@@ -389,258 +200,6 @@ static const struct { #ifndef FIPS_MODULE /* the secg prime curves (minus the nist and x9.62 prime curves) */ @@ -306,11 +282,8 @@ index f46aac5d33..8c5ba5b839 100644 - EC_CURVE_DATA h; - unsigned char data[20 + 14 * 6]; -} _EC_SECG_PRIME_112R1 = { -- { -- NID_X9_62_prime_field, 20, 14, 1 -- }, -- { -- /* seed */ +- { NID_X9_62_prime_field, 20, 14, 1 }, +- { /* seed */ - 0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, - 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1, - /* p */ @@ -330,19 +303,15 @@ index f46aac5d33..8c5ba5b839 100644 - 0x75, 0x00, - /* order */ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, 0x28, 0xDF, 0xAC, 0x65, -- 0x61, 0xC5 -- } +- 0x61, 0xC5 } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 14 * 6]; -} _EC_SECG_PRIME_112R2 = { -- { -- NID_X9_62_prime_field, 20, 14, 4 -- }, -- { -- /* seed */ +- { NID_X9_62_prime_field, 20, 14, 4 }, +- { /* seed */ - 0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, - 0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4, - /* p */ @@ -362,19 +331,15 @@ index f46aac5d33..8c5ba5b839 100644 - 0x6e, 0x97, - /* order */ - 0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, 0x7C, 0xA1, 0x05, 0x20, -- 0xD0, 0x4B -- } +- 0xD0, 0x4B } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 16 * 6]; -} _EC_SECG_PRIME_128R1 = { -- { -- NID_X9_62_prime_field, 20, 16, 1 -- }, -- { -- /* seed */ +- { NID_X9_62_prime_field, 20, 16, 1 }, +- { /* seed */ - 0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, - 0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79, - /* p */ @@ -394,19 +359,15 @@ index f46aac5d33..8c5ba5b839 100644 - 0xdd, 0xed, 0x7a, 0x83, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x75, 0xA3, 0x0D, 0x1B, -- 0x90, 0x38, 0xA1, 0x15 -- } +- 0x90, 0x38, 0xA1, 0x15 } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 16 * 6]; -} _EC_SECG_PRIME_128R2 = { -- { -- NID_X9_62_prime_field, 20, 16, 4 -- }, -- { -- /* seed */ +- { NID_X9_62_prime_field, 20, 16, 4 }, +- { /* seed */ - 0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x12, 0xD8, - 0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4, - /* p */ @@ -426,19 +387,15 @@ index f46aac5d33..8c5ba5b839 100644 - 0x5f, 0xc3, 0x4b, 0x44, - /* order */ - 0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xBE, 0x00, 0x24, 0x72, -- 0x06, 0x13, 0xB5, 0xA3 -- } +- 0x06, 0x13, 0xB5, 0xA3 } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 21 * 6]; -} _EC_SECG_PRIME_160K1 = { -- { -- NID_X9_62_prime_field, 0, 21, 1 -- }, -- { -- /* no seed */ +- { NID_X9_62_prime_field, 0, 21, 1 }, +- { /* no seed */ - /* p */ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73, @@ -456,19 +413,15 @@ index f46aac5d33..8c5ba5b839 100644 - 0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f, 0xee, - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xB8, -- 0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6, 0xB3 -- } +- 0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6, 0xB3 } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 21 * 6]; -} _EC_SECG_PRIME_160R1 = { -- { -- NID_X9_62_prime_field, 20, 21, 1 -- }, -- { -- /* seed */ +- { NID_X9_62_prime_field, 20, 21, 1 }, +- { /* seed */ - 0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, - 0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45, - /* p */ @@ -488,19 +441,15 @@ index f46aac5d33..8c5ba5b839 100644 - 0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb, 0x32, - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xF4, -- 0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22, 0x57 -- } +- 0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22, 0x57 } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 21 * 6]; -} _EC_SECG_PRIME_160R2 = { -- { -- NID_X9_62_prime_field, 20, 21, 1 -- }, -- { -- /* seed */ +- { NID_X9_62_prime_field, 20, 21, 1 }, +- { /* seed */ - 0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, 0xA4, 0xD6, - 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51, - /* p */ @@ -520,19 +469,15 @@ index f46aac5d33..8c5ba5b839 100644 - 0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f, 0x2e, - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x35, -- 0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1, 0x6B -- } +- 0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1, 0x6B } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 24 * 6]; -} _EC_SECG_PRIME_192K1 = { -- { -- NID_X9_62_prime_field, 0, 24, 1 -- }, -- { -- /* no seed */ +- { NID_X9_62_prime_field, 0, 24, 1 }, +- { /* no seed */ - /* p */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xEE, 0x37, @@ -550,19 +495,15 @@ index f46aac5d33..8c5ba5b839 100644 - 0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88, 0xd9, 0x5e, 0x2f, 0x9d, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, -- 0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D -- } +- 0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 29 * 6]; -} _EC_SECG_PRIME_224K1 = { -- { -- NID_X9_62_prime_field, 0, 29, 1 -- }, -- { -- /* no seed */ +- { NID_X9_62_prime_field, 0, 29, 1 }, +- { /* no seed */ - /* p */ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -586,15 +527,14 @@ index f46aac5d33..8c5ba5b839 100644 - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x01, 0xDC, 0xE8, 0xD2, 0xEC, 0x61, 0x84, 0xCA, 0xF0, 0xA9, -- 0x71, 0x76, 0x9F, 0xB1, 0xF7 -- } +- 0x71, 0x76, 0x9F, 0xB1, 0xF7 } -}; - static const struct { EC_CURVE_DATA h; unsigned char data[0 + 32 * 6]; -@@ -753,102 +252,6 @@ static const struct { - } +@@ -673,90 +232,6 @@ static const struct { + 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41 } }; -/* some wap/wtls curves */ @@ -602,11 +542,8 @@ index f46aac5d33..8c5ba5b839 100644 - EC_CURVE_DATA h; - unsigned char data[0 + 15 * 6]; -} _EC_WTLS_8 = { -- { -- NID_X9_62_prime_field, 0, 15, 1 -- }, -- { -- /* no seed */ +- { NID_X9_62_prime_field, 0, 15, 1 }, +- { /* no seed */ - /* p */ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFD, 0xE7, @@ -624,19 +561,15 @@ index f46aac5d33..8c5ba5b839 100644 - 0x00, 0x00, 0x02, - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xEC, 0xEA, 0x55, 0x1A, -- 0xD8, 0x37, 0xE9 -- } +- 0xD8, 0x37, 0xE9 } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 21 * 6]; -} _EC_WTLS_9 = { -- { -- NID_X9_62_prime_field, 0, 21, 1 -- }, -- { -- /* no seed */ +- { NID_X9_62_prime_field, 0, 21, 1 }, +- { /* no seed */ - /* p */ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0x80, 0x8F, @@ -654,19 +587,15 @@ index f46aac5d33..8c5ba5b839 100644 - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xCD, -- 0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF, 0x33 -- } +- 0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF, 0x33 } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 28 * 6]; -} _EC_WTLS_12 = { -- { -- NID_X9_62_prime_field, 0, 28, 1 -- }, -- { -- /* no seed */ +- { NID_X9_62_prime_field, 0, 28, 1 }, +- { /* no seed */ - /* p */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -690,13 +619,12 @@ index f46aac5d33..8c5ba5b839 100644 - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, -- 0x5C, 0x5C, 0x2A, 0x3D -- } +- 0x5C, 0x5C, 0x2A, 0x3D } -}; #endif /* FIPS_MODULE */ #ifndef OPENSSL_NO_EC2M -@@ -2244,198 +1647,6 @@ static const struct { +@@ -2004,174 +1479,6 @@ static const struct { */ #ifndef FIPS_MODULE @@ -704,11 +632,8 @@ index f46aac5d33..8c5ba5b839 100644 - EC_CURVE_DATA h; - unsigned char data[0 + 20 * 6]; -} _EC_brainpoolP160r1 = { -- { -- NID_X9_62_prime_field, 0, 20, 1 -- }, -- { -- /* no seed */ +- { NID_X9_62_prime_field, 0, 20, 1 }, +- { /* no seed */ - /* p */ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD, - 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F, @@ -726,19 +651,15 @@ index f46aac5d33..8c5ba5b839 100644 - 0x66, 0x9C, 0x97, 0x63, 0x16, 0xDA, 0x63, 0x21, - /* order */ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91, -- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 -- } +- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 20 * 6]; -} _EC_brainpoolP160t1 = { -- { -- NID_X9_62_prime_field, 0, 20, 1 -- }, -- { -- /* no seed */ +- { NID_X9_62_prime_field, 0, 20, 1 }, +- { /* no seed */ - /* p */ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD, - 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F, @@ -756,19 +677,15 @@ index f46aac5d33..8c5ba5b839 100644 - 0x24, 0x43, 0x77, 0x21, 0x52, 0xC9, 0xE0, 0xAD, - /* order */ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91, -- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 -- } +- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 24 * 6]; -} _EC_brainpoolP192r1 = { -- { -- NID_X9_62_prime_field, 0, 24, 1 -- }, -- { -- /* no seed */ +- { NID_X9_62_prime_field, 0, 24, 1 }, +- { /* no seed */ - /* p */ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30, - 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97, @@ -786,19 +703,15 @@ index f46aac5d33..8c5ba5b839 100644 - 0xC1, 0x49, 0x00, 0x02, 0xE6, 0x77, 0x3F, 0xA2, 0xFA, 0x29, 0x9B, 0x8F, - /* order */ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F, -- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 -- } +- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 24 * 6]; -} _EC_brainpoolP192t1 = { -- { -- NID_X9_62_prime_field, 0, 24, 1 -- }, -- { -- /* no seed */ +- { NID_X9_62_prime_field, 0, 24, 1 }, +- { /* no seed */ - /* p */ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30, - 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97, @@ -816,19 +729,15 @@ index f46aac5d33..8c5ba5b839 100644 - 0x44, 0x9D, 0x00, 0x84, 0xB7, 0xE5, 0xB3, 0xDE, 0x7C, 0xCC, 0x01, 0xC9, - /* order */ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F, -- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 -- } +- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 28 * 6]; -} _EC_brainpoolP224r1 = { -- { -- NID_X9_62_prime_field, 0, 28, 1 -- }, -- { -- /* no seed */ +- { NID_X9_62_prime_field, 0, 28, 1 }, +- { /* no seed */ - /* p */ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, - 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, @@ -852,19 +761,15 @@ index f46aac5d33..8c5ba5b839 100644 - /* order */ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, - 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, -- 0xA5, 0xA7, 0x93, 0x9F -- } +- 0xA5, 0xA7, 0x93, 0x9F } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 28 * 6]; -} _EC_brainpoolP224t1 = { -- { -- NID_X9_62_prime_field, 0, 28, 1 -- }, -- { -- /* no seed */ +- { NID_X9_62_prime_field, 0, 28, 1 }, +- { /* no seed */ - /* p */ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, - 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, @@ -888,209 +793,223 @@ index f46aac5d33..8c5ba5b839 100644 - /* order */ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, - 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, -- 0xA5, 0xA7, 0x93, 0x9F -- } +- 0xA5, 0xA7, 0x93, 0x9F } -}; - static const struct { EC_CURVE_DATA h; unsigned char data[0 + 32 * 6]; -@@ -2864,8 +2075,6 @@ static const ec_list_element curve_list[] = { - "NIST/SECG curve over a 521 bit prime field"}, +@@ -2740,8 +2047,6 @@ static const ec_list_element curve_list[] = { + "NIST/SECG curve over a 521 bit prime field" }, /* X9.62 curves */ -- {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, -- "NIST/X9.62/SECG curve over a 192 bit prime field"}, - {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, - # if defined(ECP_NISTZ256_ASM) - EC_GFp_nistz256_method, -@@ -2909,25 +2118,6 @@ static const ec_list_element curve_list[] = { +- { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, +- "NIST/X9.62/SECG curve over a 192 bit prime field" }, + { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, + #if defined(ECP_NISTZ256_ASM) + EC_GFp_nistz256_method, +@@ -2784,26 +2089,6 @@ static const ec_list_element curve_list[] = { + static const ec_list_element curve_list[] = { /* prime field curves */ - /* secg curves */ -- {NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0, -- "SECG/WTLS curve over a 112 bit prime field"}, -- {NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0, -- "SECG curve over a 112 bit prime field"}, -- {NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0, -- "SECG curve over a 128 bit prime field"}, -- {NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0, -- "SECG curve over a 128 bit prime field"}, -- {NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0, -- "SECG curve over a 160 bit prime field"}, -- {NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0, -- "SECG curve over a 160 bit prime field"}, -- {NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0, -- "SECG/WTLS curve over a 160 bit prime field"}, +- /* secg curves */ +- { NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0, +- "SECG/WTLS curve over a 112 bit prime field" }, +- { NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0, +- "SECG curve over a 112 bit prime field" }, +- { NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0, +- "SECG curve over a 128 bit prime field" }, +- { NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0, +- "SECG curve over a 128 bit prime field" }, +- { NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0, +- "SECG curve over a 160 bit prime field" }, +- { NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0, +- "SECG curve over a 160 bit prime field" }, +- { NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0, +- "SECG/WTLS curve over a 160 bit prime field" }, - /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ -- {NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0, -- "SECG curve over a 192 bit prime field"}, -- {NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0, -- "SECG curve over a 224 bit prime field"}, - # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 - {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, - "NIST/SECG curve over a 224 bit prime field"}, -@@ -2957,18 +2147,6 @@ static const ec_list_element curve_list[] = { - # endif - "NIST/SECG curve over a 521 bit prime field"}, +- { NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0, +- "SECG curve over a 192 bit prime field" }, +- { NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0, +- "SECG curve over a 224 bit prime field" }, + #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + { NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, + "NIST/SECG curve over a 224 bit prime field" }, +@@ -2833,18 +2118,6 @@ static const ec_list_element curve_list[] = { + #endif + "NIST/SECG curve over a 521 bit prime field" }, /* X9.62 curves */ -- {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, -- "NIST/X9.62/SECG curve over a 192 bit prime field"}, -- {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0, -- "X9.62 curve over a 192 bit prime field"}, -- {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0, -- "X9.62 curve over a 192 bit prime field"}, -- {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0, -- "X9.62 curve over a 239 bit prime field"}, -- {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0, -- "X9.62 curve over a 239 bit prime field"}, -- {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0, -- "X9.62 curve over a 239 bit prime field"}, - {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, - # if defined(ECP_NISTZ256_ASM) - EC_GFp_nistz256_method, -@@ -3065,22 +2243,12 @@ static const ec_list_element curve_list[] = { - {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0, - "X9.62 curve over a 163 bit binary field"}, - # endif -- {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0, -- "SECG/WTLS curve over a 112 bit prime field"}, -- {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0, -- "SECG/WTLS curve over a 160 bit prime field"}, -- {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0, -- "WTLS curve over a 112 bit prime field"}, -- {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0, -- "WTLS curve over a 160 bit prime field"}, - # ifndef OPENSSL_NO_EC2M - {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field"}, - {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field"}, - # endif -- {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0, -- "WTLS curve over a 224 bit prime field"}, - # ifndef OPENSSL_NO_EC2M +- { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, +- "NIST/X9.62/SECG curve over a 192 bit prime field" }, +- { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0, +- "X9.62 curve over a 192 bit prime field" }, +- { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0, +- "X9.62 curve over a 192 bit prime field" }, +- { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0, +- "X9.62 curve over a 239 bit prime field" }, +- { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0, +- "X9.62 curve over a 239 bit prime field" }, +- { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0, +- "X9.62 curve over a 239 bit prime field" }, + { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, + #if defined(ECP_NISTZ256_ASM) + EC_GFp_nistz256_method, +@@ -2928,36 +2201,6 @@ static const ec_list_element curve_list[] = { + "X9.62 curve over a 368 bit binary field" }, + { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, 0, + "X9.62 curve over a 431 bit binary field" }, +- /* +- * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves +- * from X9.62] +- */ +- { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, 0, +- "WTLS curve over a 113 bit binary field" }, +- { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h, 0, +- "NIST/SECG/WTLS curve over a 163 bit binary field" }, +- { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h, 0, +- "SECG curve over a 113 bit binary field" }, +- { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0, +- "X9.62 curve over a 163 bit binary field" }, +-#endif +- { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0, +- "SECG/WTLS curve over a 112 bit prime field" }, +- { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0, +- "SECG/WTLS curve over a 160 bit prime field" }, +- { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0, +- "WTLS curve over a 112 bit prime field" }, +- { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0, +- "WTLS curve over a 160 bit prime field" }, +-#ifndef OPENSSL_NO_EC2M +- { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0, +- "NIST/SECG/WTLS curve over a 233 bit binary field" }, +- { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0, +- "NIST/SECG/WTLS curve over a 233 bit binary field" }, +-#endif +- { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0, +- "WTLS curve over a 224 bit prime field" }, +-#ifndef OPENSSL_NO_EC2M /* IPSec curves */ - {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, -@@ -3091,18 +2259,6 @@ static const ec_list_element curve_list[] = { - "\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, - # endif + { NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, + "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n" +@@ -2967,18 +2210,6 @@ static const ec_list_element curve_list[] = { + "\tNot suitable for ECDSA.\n\tQuestionable extension field!" }, + #endif /* brainpool curves */ -- {NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0, -- "RFC 5639 curve over a 160 bit prime field"}, -- {NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0, -- "RFC 5639 curve over a 160 bit prime field"}, -- {NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0, -- "RFC 5639 curve over a 192 bit prime field"}, -- {NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0, -- "RFC 5639 curve over a 192 bit prime field"}, -- {NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0, -- "RFC 5639 curve over a 224 bit prime field"}, -- {NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0, -- "RFC 5639 curve over a 224 bit prime field"}, - {NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0, - "RFC 5639 curve over a 256 bit prime field"}, - {NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0, +- { NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0, +- "RFC 5639 curve over a 160 bit prime field" }, +- { NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0, +- "RFC 5639 curve over a 160 bit prime field" }, +- { NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0, +- "RFC 5639 curve over a 192 bit prime field" }, +- { NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0, +- "RFC 5639 curve over a 192 bit prime field" }, +- { NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0, +- "RFC 5639 curve over a 224 bit prime field" }, +- { NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0, +- "RFC 5639 curve over a 224 bit prime field" }, + { NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0, + "RFC 5639 curve over a 256 bit prime field" }, + { NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0, diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c -index 1ec10143d2..82b95294b4 100644 +index 20883c48f1..9715c6280d 100644 --- a/crypto/evp/ec_support.c +++ b/crypto/evp/ec_support.c @@ -20,89 +20,15 @@ typedef struct ec_name2nid_st { static const EC_NAME2NID curve_list[] = { /* prime field curves */ /* secg curves */ -- {"secp112r1", NID_secp112r1 }, -- {"secp112r2", NID_secp112r2 }, -- {"secp128r1", NID_secp128r1 }, -- {"secp128r2", NID_secp128r2 }, -- {"secp160k1", NID_secp160k1 }, -- {"secp160r1", NID_secp160r1 }, -- {"secp160r2", NID_secp160r2 }, -- {"secp192k1", NID_secp192k1 }, -- {"secp224k1", NID_secp224k1 }, - {"secp224r1", NID_secp224r1 }, - {"secp256k1", NID_secp256k1 }, - {"secp384r1", NID_secp384r1 }, - {"secp521r1", NID_secp521r1 }, +- { "secp112r1", NID_secp112r1 }, +- { "secp112r2", NID_secp112r2 }, +- { "secp128r1", NID_secp128r1 }, +- { "secp128r2", NID_secp128r2 }, +- { "secp160k1", NID_secp160k1 }, +- { "secp160r1", NID_secp160r1 }, +- { "secp160r2", NID_secp160r2 }, +- { "secp192k1", NID_secp192k1 }, +- { "secp224k1", NID_secp224k1 }, + { "secp224r1", NID_secp224r1 }, + { "secp256k1", NID_secp256k1 }, + { "secp384r1", NID_secp384r1 }, + { "secp521r1", NID_secp521r1 }, /* X9.62 curves */ -- {"prime192v1", NID_X9_62_prime192v1 }, -- {"prime192v2", NID_X9_62_prime192v2 }, -- {"prime192v3", NID_X9_62_prime192v3 }, -- {"prime239v1", NID_X9_62_prime239v1 }, -- {"prime239v2", NID_X9_62_prime239v2 }, -- {"prime239v3", NID_X9_62_prime239v3 }, - {"prime256v1", NID_X9_62_prime256v1 }, +- { "prime192v1", NID_X9_62_prime192v1 }, +- { "prime192v2", NID_X9_62_prime192v2 }, +- { "prime192v3", NID_X9_62_prime192v3 }, +- { "prime239v1", NID_X9_62_prime239v1 }, +- { "prime239v2", NID_X9_62_prime239v2 }, +- { "prime239v3", NID_X9_62_prime239v3 }, + { "prime256v1", NID_X9_62_prime256v1 }, /* characteristic two field curves */ /* NIST/SECG curves */ -- {"sect113r1", NID_sect113r1 }, -- {"sect113r2", NID_sect113r2 }, -- {"sect131r1", NID_sect131r1 }, -- {"sect131r2", NID_sect131r2 }, -- {"sect163k1", NID_sect163k1 }, -- {"sect163r1", NID_sect163r1 }, -- {"sect163r2", NID_sect163r2 }, -- {"sect193r1", NID_sect193r1 }, -- {"sect193r2", NID_sect193r2 }, -- {"sect233k1", NID_sect233k1 }, -- {"sect233r1", NID_sect233r1 }, -- {"sect239k1", NID_sect239k1 }, -- {"sect283k1", NID_sect283k1 }, -- {"sect283r1", NID_sect283r1 }, -- {"sect409k1", NID_sect409k1 }, -- {"sect409r1", NID_sect409r1 }, -- {"sect571k1", NID_sect571k1 }, -- {"sect571r1", NID_sect571r1 }, +- { "sect113r1", NID_sect113r1 }, +- { "sect113r2", NID_sect113r2 }, +- { "sect131r1", NID_sect131r1 }, +- { "sect131r2", NID_sect131r2 }, +- { "sect163k1", NID_sect163k1 }, +- { "sect163r1", NID_sect163r1 }, +- { "sect163r2", NID_sect163r2 }, +- { "sect193r1", NID_sect193r1 }, +- { "sect193r2", NID_sect193r2 }, +- { "sect233k1", NID_sect233k1 }, +- { "sect233r1", NID_sect233r1 }, +- { "sect239k1", NID_sect239k1 }, +- { "sect283k1", NID_sect283k1 }, +- { "sect283r1", NID_sect283r1 }, +- { "sect409k1", NID_sect409k1 }, +- { "sect409r1", NID_sect409r1 }, +- { "sect571k1", NID_sect571k1 }, +- { "sect571r1", NID_sect571r1 }, - /* X9.62 curves */ -- {"c2pnb163v1", NID_X9_62_c2pnb163v1 }, -- {"c2pnb163v2", NID_X9_62_c2pnb163v2 }, -- {"c2pnb163v3", NID_X9_62_c2pnb163v3 }, -- {"c2pnb176v1", NID_X9_62_c2pnb176v1 }, -- {"c2tnb191v1", NID_X9_62_c2tnb191v1 }, -- {"c2tnb191v2", NID_X9_62_c2tnb191v2 }, -- {"c2tnb191v3", NID_X9_62_c2tnb191v3 }, -- {"c2pnb208w1", NID_X9_62_c2pnb208w1 }, -- {"c2tnb239v1", NID_X9_62_c2tnb239v1 }, -- {"c2tnb239v2", NID_X9_62_c2tnb239v2 }, -- {"c2tnb239v3", NID_X9_62_c2tnb239v3 }, -- {"c2pnb272w1", NID_X9_62_c2pnb272w1 }, -- {"c2pnb304w1", NID_X9_62_c2pnb304w1 }, -- {"c2tnb359v1", NID_X9_62_c2tnb359v1 }, -- {"c2pnb368w1", NID_X9_62_c2pnb368w1 }, -- {"c2tnb431r1", NID_X9_62_c2tnb431r1 }, +- { "c2pnb163v1", NID_X9_62_c2pnb163v1 }, +- { "c2pnb163v2", NID_X9_62_c2pnb163v2 }, +- { "c2pnb163v3", NID_X9_62_c2pnb163v3 }, +- { "c2pnb176v1", NID_X9_62_c2pnb176v1 }, +- { "c2tnb191v1", NID_X9_62_c2tnb191v1 }, +- { "c2tnb191v2", NID_X9_62_c2tnb191v2 }, +- { "c2tnb191v3", NID_X9_62_c2tnb191v3 }, +- { "c2pnb208w1", NID_X9_62_c2pnb208w1 }, +- { "c2tnb239v1", NID_X9_62_c2tnb239v1 }, +- { "c2tnb239v2", NID_X9_62_c2tnb239v2 }, +- { "c2tnb239v3", NID_X9_62_c2tnb239v3 }, +- { "c2pnb272w1", NID_X9_62_c2pnb272w1 }, +- { "c2pnb304w1", NID_X9_62_c2pnb304w1 }, +- { "c2tnb359v1", NID_X9_62_c2tnb359v1 }, +- { "c2pnb368w1", NID_X9_62_c2pnb368w1 }, +- { "c2tnb431r1", NID_X9_62_c2tnb431r1 }, - /* - * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves - * from X9.62] - */ -- {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 }, -- {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 }, -- {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 }, -- {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 }, -- {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 }, -- {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 }, -- {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 }, -- {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 }, -- {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 }, -- {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 }, -- {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 }, +- { "wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 }, +- { "wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 }, +- { "wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 }, +- { "wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 }, +- { "wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 }, +- { "wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 }, +- { "wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 }, +- { "wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 }, +- { "wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 }, +- { "wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 }, +- { "wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 }, - /* IPSec curves */ -- {"Oakley-EC2N-3", NID_ipsec3 }, -- {"Oakley-EC2N-4", NID_ipsec4 }, +- { "Oakley-EC2N-3", NID_ipsec3 }, +- { "Oakley-EC2N-4", NID_ipsec4 }, /* brainpool curves */ -- {"brainpoolP160r1", NID_brainpoolP160r1 }, -- {"brainpoolP160t1", NID_brainpoolP160t1 }, -- {"brainpoolP192r1", NID_brainpoolP192r1 }, -- {"brainpoolP192t1", NID_brainpoolP192t1 }, -- {"brainpoolP224r1", NID_brainpoolP224r1 }, -- {"brainpoolP224t1", NID_brainpoolP224t1 }, - {"brainpoolP256r1", NID_brainpoolP256r1 }, - {"brainpoolP256t1", NID_brainpoolP256t1 }, - {"brainpoolP320r1", NID_brainpoolP320r1 }, +- { "brainpoolP160r1", NID_brainpoolP160r1 }, +- { "brainpoolP160t1", NID_brainpoolP160t1 }, +- { "brainpoolP192r1", NID_brainpoolP192r1 }, +- { "brainpoolP192t1", NID_brainpoolP192t1 }, +- { "brainpoolP224r1", NID_brainpoolP224r1 }, +- { "brainpoolP224t1", NID_brainpoolP224t1 }, + { "brainpoolP256r1", NID_brainpoolP256r1 }, + { "brainpoolP256t1", NID_brainpoolP256t1 }, + { "brainpoolP320r1", NID_brainpoolP320r1 }, @@ -111,8 +37,6 @@ static const EC_NAME2NID curve_list[] = { - {"brainpoolP384t1", NID_brainpoolP384t1 }, - {"brainpoolP512r1", NID_brainpoolP512r1 }, - {"brainpoolP512t1", NID_brainpoolP512t1 }, + { "brainpoolP384t1", NID_brainpoolP384t1 }, + { "brainpoolP512r1", NID_brainpoolP512r1 }, + { "brainpoolP512t1", NID_brainpoolP512t1 }, - /* SM2 curve */ -- {"SM2", NID_sm2 }, +- { "SM2", NID_sm2 }, }; const char *OSSL_EC_curve_nid2name(int nid) @@ -1098,20 +1017,20 @@ index 1ec10143d2..82b95294b4 100644 /* Functions to translate between common NIST curve names and NIDs */ static const EC_NAME2NID nist_curves[] = { -- {"B-163", NID_sect163r2}, -- {"B-233", NID_sect233r1}, -- {"B-283", NID_sect283r1}, -- {"B-409", NID_sect409r1}, -- {"B-571", NID_sect571r1}, -- {"K-163", NID_sect163k1}, -- {"K-233", NID_sect233k1}, -- {"K-283", NID_sect283k1}, -- {"K-409", NID_sect409k1}, -- {"K-571", NID_sect571k1}, -- {"P-192", NID_X9_62_prime192v1}, - {"P-224", NID_secp224r1}, - {"P-256", NID_X9_62_prime256v1}, - {"P-384", NID_secp384r1}, +- { "B-163", NID_sect163r2 }, +- { "B-233", NID_sect233r1 }, +- { "B-283", NID_sect283r1 }, +- { "B-409", NID_sect409r1 }, +- { "B-571", NID_sect571r1 }, +- { "K-163", NID_sect163k1 }, +- { "K-233", NID_sect233k1 }, +- { "K-283", NID_sect283k1 }, +- { "K-409", NID_sect409k1 }, +- { "K-571", NID_sect571k1 }, +- { "P-192", NID_X9_62_prime192v1 }, + { "P-224", NID_secp224r1 }, + { "P-256", NID_X9_62_prime256v1 }, + { "P-384", NID_secp384r1 }, diff --git a/test/acvp_test.inc b/test/acvp_test.inc index 67787f3740..97ec1ff3e5 100644 --- a/test/acvp_test.inc @@ -1133,7 +1052,7 @@ index 67787f3740..97ec1ff3e5 100644 "SHA2-512", "P-521", diff --git a/test/ecdsatest.h b/test/ecdsatest.h -index 63fe319025..06b5c0aac5 100644 +index 700d7b5253..6aa4faa461 100644 --- a/test/ecdsatest.h +++ b/test/ecdsatest.h @@ -32,23 +32,6 @@ typedef struct { @@ -1141,30 +1060,30 @@ index 63fe319025..06b5c0aac5 100644 static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = { - /* prime KATs from X9.62 */ -- {NID_X9_62_prime192v1, NID_sha1, -- "616263", /* "abc" */ -- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb", -- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e" -- "5ca5c0d69716dfcb3474373902", -- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e", -- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead", -- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"}, -- {NID_X9_62_prime239v1, NID_sha1, -- "616263", /* "abc" */ -- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d", -- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e" -- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee", -- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", -- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0", -- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"}, +- { NID_X9_62_prime192v1, NID_sha1, +- "616263", /* "abc" */ +- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb", +- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e" +- "5ca5c0d69716dfcb3474373902", +- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e", +- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead", +- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686" }, +- { NID_X9_62_prime239v1, NID_sha1, +- "616263", /* "abc" */ +- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d", +- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e" +- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee", +- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af", +- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0", +- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf" }, /* prime KATs from NIST CAVP */ - {NID_secp224r1, NID_sha224, - "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" + { NID_secp224r1, NID_sha224, + "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1" diff --git a/test/ectest.c b/test/ectest.c -index e1cb59d58d..b852381924 100644 +index 0233f870b6..f243f6fb3c 100644 --- a/test/ectest.c +++ b/test/ectest.c -@@ -175,184 +175,26 @@ static int prime_field_tests(void) +@@ -174,183 +174,26 @@ static int prime_field_tests(void) || !TEST_ptr(p = BN_new()) || !TEST_ptr(a = BN_new()) || !TEST_ptr(b = BN_new()) @@ -1222,7 +1141,7 @@ index e1cb59d58d..b852381924 100644 - TEST_note(" point at infinity"); - } else { - if (!TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, -- ctx))) +- ctx))) - goto err; - - test_output_bignum("x", x); @@ -1239,64 +1158,63 @@ index e1cb59d58d..b852381924 100644 - || !TEST_true(EC_POINT_is_at_infinity(group, P))) - goto err; - -- len = -- EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, -- sizeof(buf), ctx); +- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, +- sizeof(buf), ctx); - if (!TEST_size_t_ne(len, 0) - || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) - || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) - goto err; - test_output_memory("Generator as octet string, compressed form:", -- buf, len); +- buf, len); - - len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, -- buf, sizeof(buf), ctx); +- buf, sizeof(buf), ctx); - if (!TEST_size_t_ne(len, 0) - || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) - || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) - goto err; - test_output_memory("Generator as octet string, uncompressed form:", -- buf, len); +- buf, len); - - len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, -- buf, sizeof(buf), ctx); +- buf, sizeof(buf), ctx); - if (!TEST_size_t_ne(len, 0) - || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx)) - || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx))) - goto err; - test_output_memory("Generator as octet string, hybrid form:", -- buf, len); +- buf, len); - - if (!TEST_true(EC_POINT_invert(group, P, ctx)) - || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx)) - -- /* -- * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, -- * 2000) -- not a NIST curve, but commonly used -- */ +- /* +- * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, +- * 2000) -- not a NIST curve, but commonly used +- */ - -- || !TEST_true(BN_hex2bn(&p, "FFFFFFFF" +- || !TEST_true(BN_hex2bn(&p, "FFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) - || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) -- || !TEST_true(BN_hex2bn(&a, "FFFFFFFF" +- || !TEST_true(BN_hex2bn(&a, "FFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) -- || !TEST_true(BN_hex2bn(&b, "1C97BEFC" +- || !TEST_true(BN_hex2bn(&b, "1C97BEFC" - "54BD7A8B65ACF89F81D4D4ADC565FA45")) - || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) -- || !TEST_true(BN_hex2bn(&x, "4A96B568" +- || !TEST_true(BN_hex2bn(&x, "4A96B568" - "8EF573284664698968C38BB913CBFC82")) -- || !TEST_true(BN_hex2bn(&y, "23a62855" +- || !TEST_true(BN_hex2bn(&y, "23a62855" - "3168947d59dcc912042351377ac5fb32")) - || !TEST_true(BN_add(yplusone, y, BN_value_one())) -- /* -- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, -- * and therefore setting the coordinates should fail. -- */ +- /* +- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, +- * and therefore setting the coordinates should fail. +- */ - || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, -- ctx)) +- ctx)) - || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) - || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) -- || !TEST_true(BN_hex2bn(&z, "0100000000" +- || !TEST_true(BN_hex2bn(&z, "0100000000" - "000000000001F4C8F927AED3CA752257")) - || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) - || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) @@ -1305,27 +1223,27 @@ index e1cb59d58d..b852381924 100644 - test_output_bignum("x", x); - test_output_bignum("y", y); - /* G_y value taken from the standard: */ -- if (!TEST_true(BN_hex2bn(&z, "23a62855" +- if (!TEST_true(BN_hex2bn(&z, "23a62855" - "3168947d59dcc912042351377ac5fb32")) - || !TEST_BN_eq(y, z) - || !TEST_int_eq(EC_GROUP_get_degree(group), 160) - || !group_order_tests(group) - -- /* Curve P-192 (FIPS PUB 186-2, App. 6) */ +- /* Curve P-192 (FIPS PUB 186-2, App. 6) */ - -- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFF" +- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) - || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) -- || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFF" +- || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) -- || !TEST_true(BN_hex2bn(&b, "64210519E59C80E7" +- || !TEST_true(BN_hex2bn(&b, "64210519E59C80E7" - "0FA7E9AB72243049FEB8DEECC146B9B1")) - || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) -- || !TEST_true(BN_hex2bn(&x, "188DA80EB03090F6" +- || !TEST_true(BN_hex2bn(&x, "188DA80EB03090F6" - "7CBF20EB43A18800F4FF0AFD82FF1012")) - || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) - || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) -- || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFF" +- || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFF" - "FFFFFFFF99DEF836146BC9B1B4D22831")) - || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) - || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) @@ -1336,27 +1254,28 @@ index e1cb59d58d..b852381924 100644 - test_output_bignum("x", x); - test_output_bignum("y", y); - /* G_y value taken from the standard: */ -- if (!TEST_true(BN_hex2bn(&z, "07192B95FFC8DA78" +- if (!TEST_true(BN_hex2bn(&z, "07192B95FFC8DA78" - "631011ED6B24CDD573F977A11E794811")) - || !TEST_BN_eq(y, z) - || !TEST_true(BN_add(yplusone, y, BN_value_one())) -- /* -- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, -- * and therefore setting the coordinates should fail. -- */ +- /* +- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, +- * and therefore setting the coordinates should fail. +- */ - || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, -- ctx)) +- ctx)) - || !TEST_int_eq(EC_GROUP_get_degree(group), 192) - || !group_order_tests(group) - - /* Curve P-224 (FIPS PUB 186-2, App. 6) */ +- /* Curve P-224 (FIPS PUB 186-2, App. 6) */ ++ /* Curve P-224 (FIPS PUB 186-2, App. 6) */ -- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" -+ if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" +- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" ++ if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFF000000000000000000000001")) || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) - || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF" -@@ -3130,7 +2972,7 @@ int setup_tests(void) + || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF" +@@ -3522,7 +3365,7 @@ int setup_tests(void) ADD_TEST(parameter_test); ADD_TEST(ossl_parameter_test); @@ -1425,5 +1344,5 @@ index e6a2c9eb59..861c01e177 100644 Ctrl = key-check:0 +Result = KEYGEN_GENERATE_ERROR -- -2.50.0 +2.52.0 diff --git a/SOURCES/0010-RH-Disable-explicit-ec-curves.patch b/SOURCES/0010-RH-Disable-explicit-ec-curves.patch index a39a9df..29acf36 100644 --- a/SOURCES/0010-RH-Disable-explicit-ec-curves.patch +++ b/SOURCES/0010-RH-Disable-explicit-ec-curves.patch @@ -1,7 +1,7 @@ -From 6a2b78bca595435fcbf72d7b2c8bec004d555016 Mon Sep 17 00:00:00 2001 +From a925f827ebbd25236c7449e179cfcd716af60379 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 10/53] RH: Disable explicit ec curves +Subject: [PATCH 10/57] RH: Disable explicit ec curves Patch-name: 0012-Disable-explicit-ec.patch Patch-id: 12 @@ -10,18 +10,18 @@ Patch-status: | # # https://bugzilla.redhat.com/show_bug.cgi?id=2066412 From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- - crypto/ec/ec_asn1.c | 11 ++++++++++ - crypto/ec/ec_lib.c | 8 ++++++- - test/ectest.c | 22 ++++++++++--------- - test/endecode_test.c | 20 ++++++++--------- - .../30-test_evp_data/evppkey_ecdsa.txt | 12 ---------- - 5 files changed, 40 insertions(+), 33 deletions(-) + crypto/ec/ec_asn1.c | 11 +++++++ + crypto/ec/ec_lib.c | 8 ++++- + test/ectest.c | 22 +++++++------- + test/endecode_test.c | 30 +++++++++---------- + .../30-test_evp_data/evppkey_ecdsa.txt | 12 -------- + 5 files changed, 45 insertions(+), 38 deletions(-) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c -index 643d2d8d7b..5895606176 100644 +index bfd0242c6f..bb462121b5 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c -@@ -901,6 +901,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) +@@ -889,6 +889,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) group->decoded_from_explicit_params = 1; @@ -34,7 +34,7 @@ index 643d2d8d7b..5895606176 100644 if (a) { EC_GROUP_free(*a); *a = group; -@@ -960,6 +966,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) +@@ -948,6 +954,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) goto err; } @@ -47,10 +47,10 @@ index 643d2d8d7b..5895606176 100644 if (priv_key->privateKey) { diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c -index b55677fb1f..1df40018ac 100644 +index 13dcd29b11..de21cb2f10 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c -@@ -1554,7 +1554,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], +@@ -1551,7 +1551,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], int is_prime_field = 1; BN_CTX *bnctx = NULL; const unsigned char *buf = NULL; @@ -59,7 +59,7 @@ index b55677fb1f..1df40018ac 100644 #endif /* This is the simple named group case */ -@@ -1728,6 +1728,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], +@@ -1726,6 +1726,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], goto err; } if (named_group == group) { @@ -71,7 +71,7 @@ index b55677fb1f..1df40018ac 100644 /* * If we did not find a named group then the encoding should be explicit * if it was specified -@@ -1743,6 +1748,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], +@@ -1741,6 +1746,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], goto err; } EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); @@ -80,16 +80,17 @@ index b55677fb1f..1df40018ac 100644 EC_GROUP_free(group); group = named_group; diff --git a/test/ectest.c b/test/ectest.c -index b852381924..6eac5de4fa 100644 +index f243f6fb3c..d8246524f3 100644 --- a/test/ectest.c +++ b/test/ectest.c -@@ -2413,10 +2413,11 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx, +@@ -2791,11 +2791,12 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx, if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) - || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam, + || !TEST_int_le(EVP_PKEY_fromdata(pctx, &pkeyparam, - EVP_PKEY_KEY_PARAMETERS, params), 0)) + EVP_PKEY_KEY_PARAMETERS, params), + 0)) goto err; - +/* As creating the key should fail, the rest of the test is pointless */ @@ -97,54 +98,54 @@ index b852381924..6eac5de4fa 100644 /*- Check that all the set values are retrievable -*/ /* There should be no match to a group name since the generator changed */ -@@ -2545,6 +2546,7 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx, +@@ -2924,6 +2925,7 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx, #endif - ) + ) goto err; +#endif ret = 1; err: BN_free(order_out); -@@ -2826,21 +2828,21 @@ static int custom_params_test(int id) +@@ -3217,21 +3219,21 @@ static int custom_params_test(int id) /* Compute keyexchange in both directions */ if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL)) -- || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) -- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) -+ || !TEST_int_le(EVP_PKEY_derive_init(pctx1), 0) -+/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) - || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1) - || !TEST_int_gt(bsize, sslen) -- || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)) -+ || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)*/) +- || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1) +- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) ++ || !TEST_int_le(EVP_PKEY_derive_init(pctx1), 0) ++/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1) + || !TEST_int_gt(bsize, sslen) +- || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)) ++ || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)*/) goto err; if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL)) -- || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1) -- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1) -+ || !TEST_int_le(EVP_PKEY_derive_init(pctx2), 1) -+/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1) - || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1) - || !TEST_int_gt(bsize, t) - || !TEST_int_le(sslen, t) -- || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1)) -+ || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1) */) +- || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1) +- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1) ++ || !TEST_int_le(EVP_PKEY_derive_init(pctx2), 1) ++/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1) + || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1) + || !TEST_int_gt(bsize, t) + || !TEST_int_le(sslen, t) +- || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1)) ++ || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1) */) goto err; - +#if 0 /* Both sides should expect the same shared secret */ if (!TEST_mem_eq(buf1, sslen, buf2, t)) goto err; -@@ -2893,7 +2895,7 @@ static int custom_params_test(int id) - /* compare with previous result */ - || !TEST_mem_eq(buf1, t, buf2, sslen)) +@@ -3286,7 +3288,7 @@ static int custom_params_test(int id) + /* compare with previous result */ + || !TEST_mem_eq(buf1, t, buf2, sslen)) goto err; - +#endif ret = 1; - err: + err: diff --git a/test/endecode_test.c b/test/endecode_test.c -index 028deb4ed1..85c84f6592 100644 +index 3f8ed7f392..c3b55af3e7 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c @@ -63,7 +63,7 @@ static BN_CTX *bnctx = NULL; @@ -154,51 +155,59 @@ index 028deb4ed1..85c84f6592 100644 -static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL; +/*static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;*/ - # ifndef OPENSSL_NO_EC2M + #ifndef OPENSSL_NO_EC2M static OSSL_PARAM_BLD *bld_tri_nc = NULL; -@@ -1027,9 +1027,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") +@@ -1013,10 +1013,10 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") DOMAIN_KEYS(ECExplicitPrimeNamedCurve); IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") -DOMAIN_KEYS(ECExplicitPrime2G); -IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0) -IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC") +-#ifndef OPENSSL_NO_EC2M +/*DOMAIN_KEYS(ECExplicitPrime2G);*/ +/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/ +/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/ - # ifndef OPENSSL_NO_EC2M ++# ifndef OPENSSL_NO_EC2M DOMAIN_KEYS(ECExplicitTriNamedCurve); IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) -@@ -1445,7 +1445,7 @@ int setup_tests(void) + IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC") +@@ -1458,8 +1458,8 @@ int setup_tests(void) || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc) || !create_ec_explicit_prime_params(bld_prime) || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc)) - || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime)) -+/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/ - # ifndef OPENSSL_NO_EC2M +-#ifndef OPENSSL_NO_EC2M ++/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/ ++# ifndef OPENSSL_NO_EC2M || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new()) || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new()) -@@ -1473,7 +1473,7 @@ int setup_tests(void) + || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc) +@@ -1486,8 +1486,8 @@ int setup_tests(void) TEST_info("Generating EC keys..."); MAKE_DOMAIN_KEYS(EC, "EC", EC_params); MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc); - MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit); -+/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/ - # ifndef OPENSSL_NO_EC2M +-#ifndef OPENSSL_NO_EC2M ++/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/ ++# ifndef OPENSSL_NO_EC2M MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc); MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit); -@@ -1553,8 +1553,8 @@ int setup_tests(void) + #endif +@@ -1566,9 +1566,9 @@ int setup_tests(void) ADD_TEST_SUITE_LEGACY(EC); ADD_TEST_SUITE(ECExplicitPrimeNamedCurve); ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve); - ADD_TEST_SUITE(ECExplicitPrime2G); - ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G); -+/* ADD_TEST_SUITE(ECExplicitPrime2G);*/ -+/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/ - # ifndef OPENSSL_NO_EC2M +-#ifndef OPENSSL_NO_EC2M ++/* ADD_TEST_SUITE(ECExplicitPrime2G);*/ ++/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/ ++# ifndef OPENSSL_NO_EC2M ADD_TEST_SUITE(ECExplicitTriNamedCurve); ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve); -@@ -1631,7 +1631,7 @@ void cleanup_tests(void) + ADD_TEST_SUITE(ECExplicitTri2G); +@@ -1644,7 +1644,7 @@ void cleanup_tests(void) { #ifndef OPENSSL_NO_EC OSSL_PARAM_free(ec_explicit_prime_params_nc); @@ -206,18 +215,20 @@ index 028deb4ed1..85c84f6592 100644 +/* OSSL_PARAM_free(ec_explicit_prime_params_explicit);*/ OSSL_PARAM_BLD_free(bld_prime_nc); OSSL_PARAM_BLD_free(bld_prime); - # ifndef OPENSSL_NO_EC2M -@@ -1653,7 +1653,7 @@ void cleanup_tests(void) + #ifndef OPENSSL_NO_EC2M +@@ -1666,8 +1666,8 @@ void cleanup_tests(void) #ifndef OPENSSL_NO_EC FREE_DOMAIN_KEYS(EC); FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve); - FREE_DOMAIN_KEYS(ECExplicitPrime2G); -+/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/ - # ifndef OPENSSL_NO_EC2M +-#ifndef OPENSSL_NO_EC2M ++/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/ ++# ifndef OPENSSL_NO_EC2M FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve); FREE_DOMAIN_KEYS(ECExplicitTri2G); + #endif diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt -index 54b143bead..06ec905be0 100644 +index 07dc4b4298..4c47fa68c2 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt @@ -133,18 +133,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj @@ -240,5 +251,5 @@ index 54b143bead..06ec905be0 100644 -----BEGIN PRIVATE KEY----- MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K -- -2.50.0 +2.52.0 diff --git a/SOURCES/0011-RH-skipped-tests-EC-curves.patch b/SOURCES/0011-RH-skipped-tests-EC-curves.patch index d879679..5d2d1b5 100644 --- a/SOURCES/0011-RH-skipped-tests-EC-curves.patch +++ b/SOURCES/0011-RH-skipped-tests-EC-curves.patch @@ -1,7 +1,7 @@ -From 60e56b8d5d031a7169aa4ad07b13bca15faf345b Mon Sep 17 00:00:00 2001 +From 2afc42b7faa263387234aa747d676efd140a7c8a Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 11/53] RH: skipped tests EC curves +Subject: [PATCH 11/57] RH: skipped tests EC curves Patch-name: 0013-skipped-tests-EC-curves.patch Patch-id: 13 @@ -16,10 +16,10 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce 4 files changed, 3 insertions(+), 15 deletions(-) diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t -index c953fad9f1..906769a12e 100644 +index 9bf946e81b..d6521876e5 100644 --- a/test/recipes/15-test_ec.t +++ b/test/recipes/15-test_ec.t -@@ -94,7 +94,7 @@ SKIP: { +@@ -104,7 +104,7 @@ SKIP: { subtest 'Check loading of fips and non-fips keys' => sub { plan skip_all => "FIPS is disabled" @@ -78,5 +78,5 @@ index f722800e27..26a01786bb 100644 my @basic_cmd = ("cmp_vfy_test", data_file("server.crt"), data_file("client.crt"), -- -2.50.0 +2.52.0 diff --git a/SOURCES/0012-RH-skip-quic-pairwise.patch b/SOURCES/0012-RH-skip-quic-pairwise.patch index 3906238..19fe4a2 100644 --- a/SOURCES/0012-RH-skip-quic-pairwise.patch +++ b/SOURCES/0012-RH-skip-quic-pairwise.patch @@ -1,7 +1,7 @@ -From e15f0731f753c279a555c6d5d588dbac8dd3f1e4 Mon Sep 17 00:00:00 2001 +From 48b4a63db033730ef98eb9968e45ba66688598c9 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Thu, 7 Mar 2024 17:37:09 +0100 -Subject: [PATCH 12/53] RH: skip quic pairwise +Subject: [PATCH 12/57] RH: skip quic pairwise Patch-name: 0115-skip-quic-pairwise.patch Patch-id: 115 @@ -14,10 +14,10 @@ Patch-status: | 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/test/quicapitest.c b/test/quicapitest.c -index b98a940553..3d946ae93c 100644 +index 6b9ee8e69a..96cd735819 100644 --- a/test/quicapitest.c +++ b/test/quicapitest.c -@@ -2937,7 +2937,9 @@ int setup_tests(void) +@@ -3015,7 +3015,9 @@ int setup_tests(void) ADD_TEST(test_cipher_find); ADD_TEST(test_version); #if defined(DO_SSL_TRACE_TEST) @@ -29,10 +29,10 @@ index b98a940553..3d946ae93c 100644 ADD_TEST(test_quic_forbidden_apis_ctx); ADD_TEST(test_quic_forbidden_apis); diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t -index 222b1886ae..7e2f65cccb 100644 +index 6c8de64b0b..79a5584099 100644 --- a/test/recipes/01-test_symbol_presence.t +++ b/test/recipes/01-test_symbol_presence.t -@@ -185,6 +185,7 @@ foreach (sort keys %stlibname) { +@@ -187,6 +187,7 @@ foreach (sort keys %stlibname) { } } my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols; @@ -82,5 +82,5 @@ index eaf0dbbb42..21864ad319 100644 "-pairwise", "dsa", "-dsaparam", data_file("dsaparam.pem")])), "fips provider dsa keygen pairwise failure test"); -- -2.50.0 +2.52.0 diff --git a/SOURCES/0013-RH-version-aliasing.patch b/SOURCES/0013-RH-version-aliasing.patch index 3ee4695..6fcb250 100644 --- a/SOURCES/0013-RH-version-aliasing.patch +++ b/SOURCES/0013-RH-version-aliasing.patch @@ -1,7 +1,7 @@ -From 293b5d1bca91e400a9042cc181d17b7facbed71c Mon Sep 17 00:00:00 2001 +From 9a41889c1a026e203f936e0c3b511e6d4ddc4cf2 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:17 +0100 -Subject: [PATCH 13/53] RH: version aliasing +Subject: [PATCH 13/57] RH: version aliasing Patch-name: 0116-version-aliasing.patch Patch-id: 116 @@ -17,7 +17,7 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce 4 files changed, 15 insertions(+), 2 deletions(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c -index 6fc201bcfe..3c80b9dfe1 100644 +index 4b1c95c4ab..8a6e87c11a 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -572,7 +572,12 @@ int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *md, size_t size) @@ -35,10 +35,10 @@ index 6fc201bcfe..3c80b9dfe1 100644 EVP_MD_CTX *out = EVP_MD_CTX_new(); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c -index eee00a0780..7c51786515 100644 +index 5584e06d7e..d5ff34a4e2 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c -@@ -1762,7 +1762,12 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) +@@ -1756,7 +1756,12 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) #endif /* FIPS_MODULE */ } @@ -53,10 +53,10 @@ index eee00a0780..7c51786515 100644 EVP_CIPHER_CTX *out = EVP_CIPHER_CTX_new(); diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t -index 7e2f65cccb..cc947d4821 100644 +index 79a5584099..a70ebef431 100644 --- a/test/recipes/01-test_symbol_presence.t +++ b/test/recipes/01-test_symbol_presence.t -@@ -131,6 +131,7 @@ foreach (sort keys %stlibname) { +@@ -133,6 +133,7 @@ foreach (sort keys %stlibname) { s| .*||; # Drop OpenSSL dynamic version information if there is any s|\@\@.+$||; @@ -79,5 +79,5 @@ index ceb4948839..eab3987a6b 100644 BN_signed_bn2bin 5568 3_2_0 EXIST::FUNCTION: BN_signed_lebin2bn 5569 3_2_0 EXIST::FUNCTION: -- -2.50.0 +2.52.0 diff --git a/SOURCES/0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch b/SOURCES/0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch index 8937c02..32f3c18 100644 --- a/SOURCES/0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch +++ b/SOURCES/0014-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch @@ -1,7 +1,7 @@ -From f267ed139ac29efc6d464827024eafb805f06ea2 Mon Sep 17 00:00:00 2001 +From 51d485de6b9e2a714610daa886bde82b45016c0a Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 13 Feb 2025 16:09:09 -0500 -Subject: [PATCH 14/53] RH: Export two symbols for OPENSSL_str[n]casecmp +Subject: [PATCH 14/57] RH: Export two symbols for OPENSSL_str[n]casecmp We accidentally exported the symbols with the incorrect verison number in an early version of RHEL-9 so we need to keep the wrong symbols for @@ -17,7 +17,7 @@ with upstream. mode change 100644 => 100755 test/recipes/01-test_symbol_presence.t diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c -index 3c80b9dfe1..8ee9db73dd 100644 +index 8a6e87c11a..638dac8844 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -573,7 +573,7 @@ int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *md, size_t size) @@ -30,10 +30,10 @@ index 3c80b9dfe1..8ee9db73dd 100644 symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0"))) #endif diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c -index 7c51786515..619cf4f385 100644 +index d5ff34a4e2..b4edd825cd 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c -@@ -1763,7 +1763,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) +@@ -1757,7 +1757,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) } EVP_CIPHER_CTX @@ -43,10 +43,10 @@ index 7c51786515..619cf4f385 100644 symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0"))) #endif diff --git a/crypto/o_str.c b/crypto/o_str.c -index 93af73561f..86442a939e 100644 +index 35540630be..fde43421ea 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c -@@ -403,7 +403,12 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen) +@@ -406,7 +406,12 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen) #endif } @@ -60,7 +60,7 @@ index 93af73561f..86442a939e 100644 { int t; -@@ -413,7 +418,12 @@ int OPENSSL_strcasecmp(const char *s1, const char *s2) +@@ -416,7 +421,12 @@ int OPENSSL_strcasecmp(const char *s1, const char *s2) return t; } @@ -77,10 +77,10 @@ index 93af73561f..86442a939e 100644 diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t old mode 100644 new mode 100755 -index cc947d4821..de2dcd90c2 +index a70ebef431..a095239652 --- a/test/recipes/01-test_symbol_presence.t +++ b/test/recipes/01-test_symbol_presence.t -@@ -186,7 +186,7 @@ foreach (sort keys %stlibname) { +@@ -188,7 +188,7 @@ foreach (sort keys %stlibname) { } } my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols; @@ -104,5 +104,5 @@ index eab3987a6b..d377d542db 100644 RAND_set0_public 5559 3_1_0 EXIST::FUNCTION: RAND_set0_private 5560 3_1_0 EXIST::FUNCTION: -- -2.50.0 +2.52.0 diff --git a/SOURCES/0015-RH-TMP-KTLS-test-skip.patch b/SOURCES/0015-RH-TMP-KTLS-test-skip.patch index 58dfd80..ffaa92b 100644 --- a/SOURCES/0015-RH-TMP-KTLS-test-skip.patch +++ b/SOURCES/0015-RH-TMP-KTLS-test-skip.patch @@ -1,7 +1,7 @@ -From 4badd5b30b1caec6c4fd3875cd4c5313ba6095b1 Mon Sep 17 00:00:00 2001 +From a6d43e2d94ba1f8ff57dfb403d9d70d9f6f0f433 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 13 Feb 2025 18:11:19 -0500 -Subject: [PATCH 15/53] RH: TMP KTLS test skip +Subject: [PATCH 15/57] RH: TMP KTLS test skip From-dist-git-commit: 83382cc2a09dfcc55d5740fd08fd95c2333a56c9 --- @@ -9,10 +9,10 @@ From-dist-git-commit: 83382cc2a09dfcc55d5740fd08fd95c2333a56c9 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/test/sslapitest.c b/test/sslapitest.c -index b83dd6c552..250a439137 100644 +index 993d9e6018..a94061d974 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c -@@ -1023,9 +1023,10 @@ static int execute_test_large_message(const SSL_METHOD *smeth, +@@ -1029,9 +1029,10 @@ end: /* sock must be connected */ static int ktls_chk_platform(int sock) { @@ -26,5 +26,5 @@ index b83dd6c552..250a439137 100644 static int ping_pong_query(SSL *clientssl, SSL *serverssl) -- -2.50.0 +2.52.0 diff --git a/SOURCES/0016-RH-Allow-disabling-of-SHA1-signatures.patch b/SOURCES/0016-RH-Allow-disabling-of-SHA1-signatures.patch index fedd85d..08b87c3 100644 --- a/SOURCES/0016-RH-Allow-disabling-of-SHA1-signatures.patch +++ b/SOURCES/0016-RH-Allow-disabling-of-SHA1-signatures.patch @@ -1,7 +1,7 @@ -From 3e6196d5791ce3443f54a379a5fd679c1066c76a Mon Sep 17 00:00:00 2001 +From 1efe3493167934ee77a52eba9a6b2a492885a955 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Mon, 21 Aug 2023 13:07:07 +0200 -Subject: [PATCH 16/53] RH: Allow disabling of SHA1 signatures +Subject: [PATCH 16/57] RH: Allow disabling of SHA1 signatures Patch-name: 0049-Allow-disabling-of-SHA1-signatures.patch Patch-id: 49 @@ -15,7 +15,7 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd crypto/evp/pmeth_lib.c | 15 ++++ doc/man5/config.pod | 13 ++++ include/crypto/context.h | 8 +++ - include/internal/cryptlib.h | 3 +- + include/internal/cryptlib.h | 33 ++++----- include/internal/sslconf.h | 4 ++ providers/common/include/prov/securitycheck.h | 2 + providers/common/securitycheck.c | 14 ++++ @@ -25,10 +25,10 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd providers/implementations/signature/rsa_sig.c | 14 +++- ssl/t1_lib.c | 8 +++ util/libcrypto.num | 2 + - 16 files changed, 183 insertions(+), 7 deletions(-) + 16 files changed, 198 insertions(+), 22 deletions(-) diff --git a/crypto/context.c b/crypto/context.c -index 614c8a2c88..323615e300 100644 +index 62e60f3620..4db9d24b78 100644 --- a/crypto/context.c +++ b/crypto/context.c @@ -85,6 +85,8 @@ struct ossl_lib_ctx_st { @@ -74,7 +74,7 @@ index 614c8a2c88..323615e300 100644 /* Low priority. */ #ifndef FIPS_MODULE ctx->child_provider = ossl_child_prov_ctx_new(ctx); -@@ -382,6 +404,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx) +@@ -381,6 +403,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx) } #endif @@ -86,7 +86,7 @@ index 614c8a2c88..323615e300 100644 /* Low priority. */ #ifndef FIPS_MODULE if (ctx->child_provider != NULL) { -@@ -660,6 +687,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index) +@@ -658,6 +685,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index) case OSSL_LIB_CTX_COMP_METHODS: return (void *)&ctx->comp_methods; @@ -96,7 +96,7 @@ index 614c8a2c88..323615e300 100644 default: return NULL; } -@@ -714,3 +744,43 @@ void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *libctx, int value) +@@ -712,3 +742,43 @@ void OSSL_LIB_CTX_set_conf_diagnostics(OSSL_LIB_CTX *libctx, int value) return; libctx->conf_diagnostics = value; } @@ -141,7 +141,7 @@ index 614c8a2c88..323615e300 100644 + return 1; +} diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c -index 0e7fe64cf9..b9d3b6d226 100644 +index 184bab933c..2ae7ccea15 100644 --- a/crypto/evp/evp_cnf.c +++ b/crypto/evp/evp_cnf.c @@ -10,6 +10,7 @@ @@ -170,20 +170,20 @@ index 0e7fe64cf9..b9d3b6d226 100644 + } } else { ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, - "name=%s, value=%s", oval->name, oval->value); + "name=%s, value=%s", oval->name, oval->value); diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c -index d5df497da7..53044238a1 100644 +index 0a433adbe4..6c9f71569b 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -15,6 +15,7 @@ #include "internal/provider.h" - #include "internal/numbers.h" /* includes SIZE_MAX */ + #include "internal/numbers.h" /* includes SIZE_MAX */ #include "evp_local.h" +#include "internal/sslconf.h" static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) { -@@ -253,6 +254,19 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -251,6 +252,19 @@ reinitialize: } desc = signature->description != NULL ? signature->description : ""; @@ -204,7 +204,7 @@ index d5df497da7..53044238a1 100644 if (signature->digest_verify_init == NULL) { ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED, diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c -index 08c0d6a7b2..b936ad4447 100644 +index 2a0fc3ef0b..20e80a447d 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -33,6 +33,7 @@ @@ -215,7 +215,7 @@ index 08c0d6a7b2..b936ad4447 100644 #include "evp_local.h" #ifndef FIPS_MODULE -@@ -963,6 +964,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, +@@ -952,6 +953,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, return -2; } @@ -277,26 +277,57 @@ index 1c181933e0..35bdfdb52d 100644 +#endif + diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h -index da442f8a86..44a5e8a99a 100644 +index 50aec7e7f4..9678e150e0 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h -@@ -120,7 +120,8 @@ typedef struct ossl_ex_data_global_st { - # define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20 - # define OSSL_LIB_CTX_COMP_METHODS 21 - # define OSSL_LIB_CTX_INDICATOR_CB_INDEX 22 --# define OSSL_LIB_CTX_MAX_INDEXES 22 -+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 23 -+# define OSSL_LIB_CTX_MAX_INDEXES 23 +@@ -102,23 +102,24 @@ typedef struct ossl_ex_data_global_st { + #define OSSL_LIB_CTX_DRBG_NONCE_INDEX 6 + /* slot 7 unused, was CRNG test data and can be reused */ + #ifdef FIPS_MODULE +-#define OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX 8 ++#define OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX 8 + #endif +-#define OSSL_LIB_CTX_FIPS_PROV_INDEX 9 +-#define OSSL_LIB_CTX_ENCODER_STORE_INDEX 10 +-#define OSSL_LIB_CTX_DECODER_STORE_INDEX 11 +-#define OSSL_LIB_CTX_SELF_TEST_CB_INDEX 12 +-#define OSSL_LIB_CTX_BIO_PROV_INDEX 13 +-#define OSSL_LIB_CTX_GLOBAL_PROPERTIES 14 +-#define OSSL_LIB_CTX_STORE_LOADER_STORE_INDEX 15 +-#define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16 +-#define OSSL_LIB_CTX_BIO_CORE_INDEX 17 +-#define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 +-#define OSSL_LIB_CTX_THREAD_INDEX 19 +-#define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20 +-#define OSSL_LIB_CTX_COMP_METHODS 21 +-#define OSSL_LIB_CTX_INDICATOR_CB_INDEX 22 +-#define OSSL_LIB_CTX_MAX_INDEXES 22 ++#define OSSL_LIB_CTX_FIPS_PROV_INDEX 9 ++#define OSSL_LIB_CTX_ENCODER_STORE_INDEX 10 ++#define OSSL_LIB_CTX_DECODER_STORE_INDEX 11 ++#define OSSL_LIB_CTX_SELF_TEST_CB_INDEX 12 ++#define OSSL_LIB_CTX_BIO_PROV_INDEX 13 ++#define OSSL_LIB_CTX_GLOBAL_PROPERTIES 14 ++#define OSSL_LIB_CTX_STORE_LOADER_STORE_INDEX 15 ++#define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16 ++#define OSSL_LIB_CTX_BIO_CORE_INDEX 17 ++#define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 ++#define OSSL_LIB_CTX_THREAD_INDEX 19 ++#define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20 ++#define OSSL_LIB_CTX_COMP_METHODS 21 ++#define OSSL_LIB_CTX_INDICATOR_CB_INDEX 22 ++#define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 23 ++#define OSSL_LIB_CTX_MAX_INDEXES 23 OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx); int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx); diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h -index fd7f7e3331..05464b0655 100644 +index a7cec01bf6..076e139de4 100644 --- a/include/internal/sslconf.h +++ b/include/internal/sslconf.h @@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx); void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, - char **arg); + char **arg); +/* Methods to support disabling all signatures with legacy digests */ +int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig); @@ -314,7 +345,7 @@ index 29a2b7fbf8..a48cbb03d2 100644 + +int rh_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int mdnid); diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c -index 8ef8dc2a81..79a9c48ce2 100644 +index e883ff4865..6985be0400 100644 --- a/providers/common/securitycheck.c +++ b/providers/common/securitycheck.c @@ -19,6 +19,7 @@ @@ -325,7 +356,7 @@ index 8ef8dc2a81..79a9c48ce2 100644 #define OSSL_FIPS_MIN_SECURITY_STRENGTH_BITS 112 -@@ -219,3 +220,16 @@ int ossl_dh_check_key(const DH *dh) +@@ -220,3 +221,16 @@ int ossl_dh_check_key(const DH *dh) return (L == 2048 && (N == 224 || N == 256)); } #endif /* OPENSSL_NO_DH */ @@ -343,7 +374,7 @@ index 8ef8dc2a81..79a9c48ce2 100644 + return mdnid; +} diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c -index dd71fd91eb..9019fd2a80 100644 +index 42823ffe14..4b80f14b40 100644 --- a/providers/common/securitycheck_default.c +++ b/providers/common/securitycheck_default.c @@ -15,6 +15,7 @@ @@ -355,7 +386,7 @@ index dd71fd91eb..9019fd2a80 100644 /* Disable the security checks in the default provider */ int ossl_fips_config_securitycheck_enabled(OSSL_LIB_CTX *libctx) diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c -index c5adbf8002..52ed52482d 100644 +index 51dcc3f230..31a89133a3 100644 --- a/providers/implementations/signature/dsa_sig.c +++ b/providers/implementations/signature/dsa_sig.c @@ -163,6 +163,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, @@ -367,7 +398,7 @@ index c5adbf8002..52ed52482d 100644 if (md == NULL) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c -index 4018a772ff..04d4009ab5 100644 +index 0c04fc4ec6..2a4faf4a71 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c @@ -197,13 +197,15 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, @@ -381,7 +412,7 @@ index 4018a772ff..04d4009ab5 100644 + /* KECCAK-256 is explicitly allowed for ECDSA despite it doesn't have a NID*/ + if (md_nid <= 0 && !(EVP_MD_is_a(md, "KECCAK-256"))) { ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, - "digest=%s", mdname); + "digest=%s", mdname); goto err; } -#endif @@ -390,7 +421,7 @@ index 4018a772ff..04d4009ab5 100644 if (EVP_MD_xof(md)) { ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED); diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index e75b90840b..645304b951 100644 +index fcdfebbbff..bbdd037728 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c @@ -26,6 +26,7 @@ @@ -417,9 +448,9 @@ index e75b90840b..645304b951 100644 + md_nid = rh_digest_signatures_allowed(ctx->libctx, md_nid); + if (md_nid <= 0) { ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, - "digest=%s", mdname); + "digest=%s", mdname); goto err; -@@ -1765,8 +1768,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) +@@ -1760,8 +1763,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) prsactx->pad_mode = pad_mode; if (prsactx->md == NULL && pmdname == NULL @@ -436,7 +467,7 @@ index e75b90840b..645304b951 100644 if (pmgf1mdname != NULL && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops)) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index 2f71f95438..bea5cab253 100644 +index cd471a636d..35d0a6f1bb 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -21,6 +21,7 @@ @@ -447,7 +478,7 @@ index 2f71f95438..bea5cab253 100644 #include "internal/nelem.h" #include "internal/sizes.h" #include "internal/tlsgroups.h" -@@ -2178,6 +2179,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx) +@@ -2175,6 +2176,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx) EVP_PKEY *tmpkey = EVP_PKEY_new(); int istls; int ret = 0; @@ -455,15 +486,15 @@ index 2f71f95438..bea5cab253 100644 if (ctx == NULL) goto err; -@@ -2195,6 +2197,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx) +@@ -2192,6 +2194,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx) goto err; ERR_set_mark(); + ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0); /* First fill cache and tls12_sigalgs list from legacy algorithm list */ for (i = 0, lu = sigalg_lookup_tbl; - i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { -@@ -2215,6 +2218,11 @@ int ssl_setup_sigalgs(SSL_CTX *ctx) + i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { +@@ -2212,6 +2215,11 @@ int ssl_setup_sigalgs(SSL_CTX *ctx) cache[i].available = 0; continue; } @@ -486,5 +517,5 @@ index d377d542db..c2c55129ae 100644 +ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: +ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: -- -2.50.0 +2.52.0 diff --git a/SOURCES/0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch b/SOURCES/0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch index 77ab57a..7ca651f 100644 --- a/SOURCES/0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch +++ b/SOURCES/0017-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch @@ -1,7 +1,7 @@ -From 7b1b68328f640d184d6ac769a07aa436b0c3f318 Mon Sep 17 00:00:00 2001 +From 074607f7c460cda25654f1ee990ddba98af6d6db Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 7 Mar 2025 18:12:33 -0500 -Subject: [PATCH 17/53] FIPS: Red Hat's FIPS module name and version +Subject: [PATCH 17/57] FIPS: Red Hat's FIPS module name and version Signed-off-by: Simo Sorce --- @@ -9,11 +9,11 @@ Signed-off-by: Simo Sorce 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c -index 4b9a057462..1e90f363af 100644 +index 419878719e..0f006301d7 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c -@@ -200,13 +200,13 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[]) - OSSL_LIB_CTX_FIPS_PROV_INDEX); +@@ -201,13 +201,13 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[]) + OSSL_LIB_CTX_FIPS_PROV_INDEX); p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, FIPS_VENDOR)) @@ -30,5 +30,5 @@ index 4b9a057462..1e90f363af 100644 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS); if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running())) -- -2.50.0 +2.52.0 diff --git a/SOURCES/0018-FIPS-disable-fipsinstall.patch b/SOURCES/0018-FIPS-disable-fipsinstall.patch index 69d078f..15ff4ea 100644 --- a/SOURCES/0018-FIPS-disable-fipsinstall.patch +++ b/SOURCES/0018-FIPS-disable-fipsinstall.patch @@ -1,7 +1,7 @@ -From 4e6b86b5130552bfee64c7ecaf045ec00749ecbd Mon Sep 17 00:00:00 2001 +From e43a23f06a9e23f1091f88c6dfa6c1bd4e065a7a Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 18/53] FIPS: disable fipsinstall +Subject: [PATCH 18/57] FIPS: disable fipsinstall Patch-name: 0034.fipsinstall_disable.patch Patch-id: 34 @@ -10,24 +10,24 @@ Patch-status: | From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- apps/fipsinstall.c | 3 + - doc/man1/openssl-fipsinstall.pod.in | 485 +------------------------- + doc/man1/openssl-fipsinstall.pod.in | 481 +------------------------- doc/man1/openssl.pod | 4 - doc/man5/config.pod | 1 - - doc/man5/fips_config.pod | 228 +----------- + doc/man5/fips_config.pod | 222 +----------- doc/man7/OSSL_PROVIDER-FIPS.pod | 1 - test/recipes/00-prep_fipsmodule_cnf.t | 10 +- test/recipes/01-test_fipsmodule_cnf.t | 7 +- test/recipes/03-test_fipsinstall.t | 2 + - 9 files changed, 22 insertions(+), 719 deletions(-) + 9 files changed, 22 insertions(+), 709 deletions(-) mode change 100644 => 100755 test/recipes/00-prep_fipsmodule_cnf.t mode change 100644 => 100755 test/recipes/01-test_fipsmodule_cnf.t mode change 100644 => 100755 test/recipes/03-test_fipsinstall.t diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c -index 0daa55a1b8..b4e29ac301 100644 +index dcc09a5ed7..e3d5f6e86d 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c -@@ -590,6 +590,9 @@ int fipsinstall_main(int argc, char **argv) +@@ -636,6 +636,9 @@ int fipsinstall_main(int argc, char **argv) EVP_MAC *mac = NULL; CONF *conf = NULL; @@ -38,10 +38,10 @@ index 0daa55a1b8..b4e29ac301 100644 goto end; diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in -index 9dd4f5a49f..9a063022a9 100644 +index 2db5acd242..1c6b783413 100644 --- a/doc/man1/openssl-fipsinstall.pod.in +++ b/doc/man1/openssl-fipsinstall.pod.in -@@ -8,488 +8,9 @@ openssl-fipsinstall - perform FIPS configuration installation +@@ -8,484 +8,9 @@ openssl-fipsinstall - perform FIPS configuration installation =head1 SYNOPSIS B @@ -274,9 +274,7 @@ index 9dd4f5a49f..9a063022a9 100644 - -=item B<-hkdf_digest_check> - --Configure the module to enable a run-time digest check when deriving a key by --HKDF. --See NIST SP 800-56Cr2 for details. +-This option is deprecated. - -=item B<-tls13_kdf_digest_check> - @@ -298,9 +296,7 @@ index 9dd4f5a49f..9a063022a9 100644 - -=item B<-sskdf_digest_check> - --Configure the module to enable a run-time digest check when deriving a key by --SSKDF. --See NIST SP 800-56Cr2 for details. +-This option is deprecated. - -=item B<-x963kdf_digest_check> - @@ -410,7 +406,7 @@ index 9dd4f5a49f..9a063022a9 100644 - -=item B<-self_test_oninstall> - --The converse of B<-self_test_oninstall>. The two fields related to the +-The converse of B<-self_test_onload>. The two fields related to the -"test status indicator" and "MAC status indicator" are written to the -output configuration file. -This field is not relevant for an OpenSSL FIPS 140-3 provider, since this is no @@ -534,7 +530,7 @@ index 9dd4f5a49f..9a063022a9 100644 =head1 COPYRIGHT diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod -index edef2ff598..0762a00d74 100644 +index 635b52aeb1..55bc6e44c6 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -139,10 +139,6 @@ Engine (loadable module) information and manipulation. @@ -561,10 +557,10 @@ index b994081924..7a6d7fab4a 100644 L, L, diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod -index a25ced3383..15748c5756 100644 +index c3f7b8f3ab..2505938c13 100644 --- a/doc/man5/fips_config.pod +++ b/doc/man5/fips_config.pod -@@ -6,230 +6,10 @@ fips_config - OpenSSL FIPS configuration +@@ -6,224 +6,10 @@ fips_config - OpenSSL FIPS configuration =head1 DESCRIPTION @@ -624,17 +620,11 @@ index a25ced3383..15748c5756 100644 - -=item B - --An indicator that the self-tests were successfully run. --This should only be written after the module has --successfully passed its self tests during installation. --If this field is not present, then the self tests will run when the module --loads. +-This field is deprecated and is no longer used. - -=item B - --A MAC of the value of the B option, to prevent accidental --changes to that value. --It is written-to at the same time as B is updated. +-This field is deprecated and is no longer used. - -=back - @@ -674,7 +664,7 @@ index a25ced3383..15748c5756 100644 - -=item B - --See L B<-hkdf_digest_check> +-This option is deprecated. - -=item B - @@ -690,7 +680,7 @@ index a25ced3383..15748c5756 100644 - -=item B - --See L B<-sskdf_digest_check> +-This option is deprecated. - -=item B - @@ -800,10 +790,10 @@ index a25ced3383..15748c5756 100644 =head1 COPYRIGHT diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod -index 571a1e99e0..1e384a4ff3 100644 +index d14005a89a..c3797f5682 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod -@@ -588,7 +588,6 @@ process. +@@ -574,7 +574,6 @@ process. =head1 SEE ALSO @@ -853,7 +843,7 @@ index ce594817d5..4530a46dd0 diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t old mode 100644 new mode 100755 -index 1f9110ef60..7e80637bd5 +index 3dcbe67c6d..1a5a475d91 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -22,6 +22,8 @@ use lib srctop_dir('Configurations'); @@ -866,5 +856,5 @@ index 1f9110ef60..7e80637bd5 # Compatible options for pedantic FIPS compliance -- -2.50.0 +2.52.0 diff --git a/SOURCES/0019-FIPS-Force-fips-provider-on.patch b/SOURCES/0019-FIPS-Force-fips-provider-on.patch index a931116..f8b7415 100644 --- a/SOURCES/0019-FIPS-Force-fips-provider-on.patch +++ b/SOURCES/0019-FIPS-Force-fips-provider-on.patch @@ -1,7 +1,7 @@ -From a8e98667597d46e69e492779b9d5daa051f6b3b3 Mon Sep 17 00:00:00 2001 +From b8a5ce1fbad62e0f7b023aab827d2888413d5ced Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 19/53] FIPS: Force fips provider on +Subject: [PATCH 19/57] FIPS: Force fips provider on Patch-name: 0032-Force-fips.patch Patch-id: 32 @@ -13,7 +13,7 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c -index 9649517dd2..1e5053cbce 100644 +index f2e76ac402..a2a8a9942c 100644 --- a/crypto/provider_conf.c +++ b/crypto/provider_conf.c @@ -10,6 +10,8 @@ @@ -75,5 +75,5 @@ index 9649517dd2..1e5053cbce 100644 } -- -2.50.0 +2.52.0 diff --git a/SOURCES/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch b/SOURCES/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch index ecb98c7..1172c04 100644 --- a/SOURCES/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch +++ b/SOURCES/0020-FIPS-INTEG-CHECK-Embed-hmac-in-fips.so-NOTE.patch @@ -1,7 +1,7 @@ -From fff4084252d07eb17e3b944c6438c00aec471c7f Mon Sep 17 00:00:00 2001 +From 310346f65db4e3b6052cf165f890f13bfd645f5c Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 20/53] FIPS: INTEG-CHECK: Embed hmac in fips.so - NOTE +Subject: [PATCH 20/57] FIPS: INTEG-CHECK: Embed hmac in fips.so - NOTE Corrected by squashing in: 0052-Restore-the-correct-verify_integrity-function.patch @@ -20,10 +20,10 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce create mode 100644 test/fipsmodule.cnf diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c -index ef7be26ca7..8b17b8ca94 100644 +index 008a4fac84..c72e2605c4 100644 --- a/providers/fips/self_test.c +++ b/providers/fips/self_test.c -@@ -235,13 +235,137 @@ err: +@@ -237,13 +237,137 @@ err: return ok; } @@ -157,12 +157,12 @@ index ef7be26ca7..8b17b8ca94 100644 +} + static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, -- unsigned char *expected, size_t expected_len, -+ const unsigned char *expected, size_t expected_len, - OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, - const char *event_type) +- unsigned char *expected, size_t expected_len, ++ const unsigned char *expected, size_t expected_len, + OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, + const char *event_type) { -@@ -253,6 +377,9 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex +@@ -255,6 +379,9 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex EVP_MAC_CTX *ctx = NULL; OSSL_PARAM params[2], *p = params; @@ -172,7 +172,7 @@ index ef7be26ca7..8b17b8ca94 100644 if (!integrity_self_test(ev, libctx)) goto err; -@@ -316,7 +443,8 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) +@@ -318,7 +445,8 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) int ok = 0; long checksum_len; OSSL_CORE_BIO *bio_module = NULL; @@ -182,22 +182,22 @@ index ef7be26ca7..8b17b8ca94 100644 OSSL_SELF_TEST *ev = NULL; EVP_RAND *testrand = NULL; EVP_RAND_CTX *rng; -@@ -352,8 +480,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) +@@ -354,8 +482,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) return 0; } - if (st == NULL -- || st->module_checksum_data == NULL) { +- || st->module_checksum_data == NULL) { + if (st == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); goto end; } -@@ -362,8 +489,15 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) +@@ -364,8 +491,15 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) if (ev == NULL) goto end; - module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data, -- &checksum_len); +- &checksum_len); + if (st->module_checksum_data == NULL) { + module_checksum = fips_hmac_container; + checksum_len = sizeof(fips_hmac_container); @@ -210,14 +210,14 @@ index ef7be26ca7..8b17b8ca94 100644 if (module_checksum == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); goto end; -@@ -371,14 +505,28 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) +@@ -373,14 +507,28 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) bio_module = (*st->bio_new_file_cb)(st->module_filename, "rb"); /* Always check the integrity of the fips module */ - if (bio_module == NULL -- || !verify_integrity(bio_module, st->bio_read_ex_cb, -- module_checksum, checksum_len, st->libctx, -- ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) { +- || !verify_integrity(bio_module, st->bio_read_ex_cb, +- module_checksum, checksum_len, st->libctx, +- ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) { + if (bio_module == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE); goto end; @@ -243,7 +243,7 @@ index ef7be26ca7..8b17b8ca94 100644 if (!SELF_TEST_kats(ev, st->libctx)) { ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); goto end; -@@ -398,7 +546,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) +@@ -401,7 +549,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) end: EVP_RAND_free(testrand); OSSL_SELF_TEST_free(ev); @@ -261,5 +261,5 @@ index 0000000000..f05d0dedbe +[fips_sect] +activate = 1 -- -2.50.0 +2.52.0 diff --git a/SOURCES/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch b/SOURCES/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch index cce845d..c67b18c 100644 --- a/SOURCES/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch +++ b/SOURCES/0021-FIPS-INTEG-CHECK-Add-script-to-hmac-ify-fips.so.patch @@ -1,7 +1,7 @@ -From 9633d1339e383fdb008c25635baa86c58b3dcdc4 Mon Sep 17 00:00:00 2001 +From 7fb0257ff4158f41306b730e0b2851bcd6d22747 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 20 Feb 2025 15:30:32 -0500 -Subject: [PATCH 21/53] FIPS: INTEG-CHECK: Add script to hmac-ify fips.so +Subject: [PATCH 21/57] FIPS: INTEG-CHECK: Add script to hmac-ify fips.so This script rewrites the fips.so binary to embed the hmac result into it so that after a build it can be called to make the fips.so as modified @@ -28,5 +28,5 @@ index 0000000000..54ae60b07f +objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac +mv providers/fips.so.mac providers/fips.so -- -2.50.0 +2.52.0 diff --git a/SOURCES/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch b/SOURCES/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch index a66c84a..33aa3ef 100644 --- a/SOURCES/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch +++ b/SOURCES/0022-FIPS-INTEG-CHECK-Execute-KATS-before-HMAC-REVIEW.patch @@ -1,7 +1,7 @@ -From 391ce06974d5efaf8485ac2386a857d7644db30a Mon Sep 17 00:00:00 2001 +From a155bf631d4d923ed08f554344c44d07571d6e02 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 22/53] FIPS: INTEG-CHECK: Execute KATS before HMAC - REVIEW +Subject: [PATCH 22/57] FIPS: INTEG-CHECK: Execute KATS before HMAC - REVIEW Patch-name: 0047-FIPS-early-KATS.patch Patch-id: 47 @@ -13,10 +13,10 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c -index 8b17b8ca94..0f5074936f 100644 +index c72e2605c4..470cf1fc28 100644 --- a/providers/fips/self_test.c +++ b/providers/fips/self_test.c -@@ -489,6 +489,15 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) +@@ -491,6 +491,15 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) if (ev == NULL) goto end; @@ -32,7 +32,7 @@ index 8b17b8ca94..0f5074936f 100644 if (st->module_checksum_data == NULL) { module_checksum = fips_hmac_container; checksum_len = sizeof(fips_hmac_container); -@@ -527,11 +536,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) +@@ -529,11 +538,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) } } @@ -45,5 +45,5 @@ index 8b17b8ca94..0f5074936f 100644 rng = ossl_rand_get0_private_noncreating(st->libctx); if (rng != NULL) -- -2.50.0 +2.52.0 diff --git a/SOURCES/0023-FIPS-RSA-encrypt-limits-REVIEW.patch b/SOURCES/0023-FIPS-RSA-encrypt-limits-REVIEW.patch index 1ae9587..0e42771 100644 --- a/SOURCES/0023-FIPS-RSA-encrypt-limits-REVIEW.patch +++ b/SOURCES/0023-FIPS-RSA-encrypt-limits-REVIEW.patch @@ -1,7 +1,7 @@ -From 821f291d29bf73802287ed74922e1d22d840cb46 Mon Sep 17 00:00:00 2001 +From 97d32c648aa0ba85165f40a9b9fca194301420fa Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 23/53] FIPS: RSA: encrypt limits - REVIEW +Subject: [PATCH 23/57] FIPS: RSA: encrypt limits - REVIEW Patch-name: 0058-FIPS-limit-rsa-encrypt.patch Patch-id: 58 @@ -19,10 +19,10 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce mode change 100644 => 100755 test/recipes/80-test_ssl_old.t diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c -index 79a9c48ce2..0e517542bc 100644 +index 6985be0400..37000c8627 100644 --- a/providers/common/securitycheck.c +++ b/providers/common/securitycheck.c -@@ -65,6 +65,7 @@ int ossl_rsa_key_op_get_protect(const RSA *rsa, int operation, int *outprotect) +@@ -66,6 +66,7 @@ int ossl_rsa_key_op_get_protect(const RSA *rsa, int operation, int *outprotect) * Set protect = 1 for encryption or signing operations, or 0 otherwise. See * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf. */ @@ -44,12 +44,12 @@ index 78f9fc0655..6bd783eb0a 100644 OSSL_FIPS_PARAM(rsa_sign_x931_disallowed, RSA_SIGN_X931_PAD_DISABLED, 0) OSSL_FIPS_PARAM(hkdf_key_check, HKDF_KEY_CHECK, 0) diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c -index 6ee127caff..2a7c2f159e 100644 +index 4995b00102..0b14fbc58d 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c -@@ -168,6 +168,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, +@@ -174,6 +174,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, + return 0; } - #endif +# ifdef FIPS_MODULE + if (prsactx->pad_mode == RSA_NO_PADDING) { @@ -64,9 +64,9 @@ index 6ee127caff..2a7c2f159e 100644 +# endif + if (out == NULL) { - size_t len = RSA_size(prsactx->rsa); - -@@ -230,6 +242,20 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, + *outlen = len; + return 1; +@@ -234,6 +246,20 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, if (!ossl_prov_is_running()) return 0; @@ -911,10 +911,10 @@ index 18e11bdaa9..17ceb59148 100644 Ctrl = rsa_padding_mode:oaep Ctrl = rsa_mgf1_md:sha1 diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t -index 5c967c5818..d13dceaac5 100644 +index 279a498475..c278987186 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t -@@ -250,7 +250,7 @@ my @smime_pkcs7_tests = ( +@@ -267,7 +267,7 @@ my @smime_pkcs7_tests = ( if ($no_fips || $old_fips) { push(@smime_pkcs7_tests, @@ -923,7 +923,7 @@ index 5c967c5818..d13dceaac5 100644 [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-aes256", "-stream", "-out", "{output}.cms", $smrsa1, -@@ -1267,6 +1267,9 @@ sub check_availability { +@@ -1284,6 +1284,9 @@ sub check_availability { return "$tnam: skipped, DSA disabled\n" if ($no_dsa && $tnam =~ / DSA/); @@ -981,5 +981,5 @@ index f7be2e1872..568a1ddba4 } next if $protocol eq "-tls1_3"; -- -2.50.0 +2.52.0 diff --git a/SOURCES/0024-FIPS-RSA-PCTs.patch b/SOURCES/0024-FIPS-RSA-PCTs.patch index 8f0c1a2..59913f1 100644 --- a/SOURCES/0024-FIPS-RSA-PCTs.patch +++ b/SOURCES/0024-FIPS-RSA-PCTs.patch @@ -1,7 +1,7 @@ -From 84dc66a182dba38876b2b519a8a5c9d38fd967a3 Mon Sep 17 00:00:00 2001 +From 034d02d047e4a4d84d5c8ca2b54557b1679e8610 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 24 Mar 2025 10:50:37 -0400 -Subject: [PATCH 24/53] FIPS: RSA: PCTs +Subject: [PATCH 24/57] FIPS: RSA: PCTs Signed-off-by: Simo Sorce --- @@ -10,10 +10,10 @@ Signed-off-by: Simo Sorce 2 files changed, 61 insertions(+), 4 deletions(-) diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c -index 77d0950094..f0e71beb43 100644 +index 3582936d67..383c3071a9 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c -@@ -433,6 +433,7 @@ struct rsa_gen_ctx { +@@ -428,6 +428,7 @@ struct rsa_gen_ctx { #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) /* ACVP test parameters */ OSSL_PARAM *acvp_test_params; @@ -21,7 +21,7 @@ index 77d0950094..f0e71beb43 100644 #endif }; -@@ -446,6 +447,12 @@ static int rsa_gencb(int p, int n, BN_GENCB *cb) +@@ -441,6 +442,12 @@ static int rsa_gencb(int p, int n, BN_GENCB *cb) return gctx->cb(params, gctx->cbarg); } @@ -32,9 +32,9 @@ index 77d0950094..f0e71beb43 100644 +#endif + static void *gen_init(void *provctx, int selection, int rsa_type, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { -@@ -473,6 +480,10 @@ static void *gen_init(void *provctx, int selection, int rsa_type, +@@ -468,6 +475,10 @@ static void *gen_init(void *provctx, int selection, int rsa_type, if (!rsa_gen_set_params(gctx, params)) goto err; @@ -45,7 +45,7 @@ index 77d0950094..f0e71beb43 100644 return gctx; err: -@@ -629,6 +640,11 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) +@@ -624,6 +635,11 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) rsa = rsa_tmp; rsa_tmp = NULL; @@ -54,10 +54,10 @@ index 77d0950094..f0e71beb43 100644 + if (do_rsa_pct(gctx->prov_rsa_ctx, "sha256", rsa) != 1) + abort(); +#endif - err: + err: BN_GENCB_free(gencb); RSA_free(rsa_tmp); -@@ -644,6 +660,8 @@ static void rsa_gen_cleanup(void *genctx) +@@ -639,6 +655,8 @@ static void rsa_gen_cleanup(void *genctx) #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params); gctx->acvp_test_params = NULL; @@ -67,7 +67,7 @@ index 77d0950094..f0e71beb43 100644 BN_clear_free(gctx->pub_exp); OPENSSL_free(gctx); diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index 645304b951..3d5af1046a 100644 +index bbdd037728..4e0744eeba 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c @@ -37,7 +37,7 @@ @@ -97,7 +97,7 @@ index 645304b951..3d5af1046a 100644 { PROV_RSA_CTX *prsactx = NULL; char *propq_copy = NULL; -@@ -1316,7 +1316,7 @@ int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig, +@@ -1309,7 +1309,7 @@ int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig, return ok; } @@ -106,7 +106,7 @@ index 645304b951..3d5af1046a 100644 { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; -@@ -1866,6 +1866,45 @@ static const OSSL_PARAM *rsa_settable_ctx_md_params(void *vprsactx) +@@ -1861,6 +1861,45 @@ static const OSSL_PARAM *rsa_settable_ctx_md_params(void *vprsactx) return EVP_MD_settable_ctx_params(prsactx->md); } @@ -153,5 +153,5 @@ index 645304b951..3d5af1046a 100644 { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx }, { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init }, -- -2.50.0 +2.52.0 diff --git a/SOURCES/0025-FIPS-RSA-encapsulate-limits.patch b/SOURCES/0025-FIPS-RSA-encapsulate-limits.patch index 06591da..6a78869 100644 --- a/SOURCES/0025-FIPS-RSA-encapsulate-limits.patch +++ b/SOURCES/0025-FIPS-RSA-encapsulate-limits.patch @@ -1,7 +1,7 @@ -From 0e23d3fc43bf4ace817542443d772407a809dd19 Mon Sep 17 00:00:00 2001 +From ca999ba4305afdf6b8465708ecc1a472543bbad6 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:17 +0100 -Subject: [PATCH 25/53] FIPS: RSA: encapsulate limits +Subject: [PATCH 25/57] FIPS: RSA: encapsulate limits Patch-name: 0091-FIPS-RSA-encapsulate.patch Patch-id: 91 @@ -14,7 +14,7 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce 2 files changed, 15 insertions(+) diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c -index 7494dcc010..5d6123e8cb 100644 +index f7bf368a0d..a05cf7c748 100644 --- a/providers/implementations/kem/rsa_kem.c +++ b/providers/implementations/kem/rsa_kem.c @@ -284,6 +284,13 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx, @@ -31,7 +31,7 @@ index 7494dcc010..5d6123e8cb 100644 if (out == NULL) { if (nlen == 0) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); -@@ -360,6 +367,13 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx, +@@ -359,6 +366,13 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx, /* Step (1): get the byte length of n */ nlen = RSA_size(prsactx->rsa); @@ -55,5 +55,5 @@ index ecab1454e7..8e5edd35fe 100644 Op = RSASVE +Result = TEST_ENCAPSULATE_LEN_ERROR -- -2.50.0 +2.52.0 diff --git a/SOURCES/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch b/SOURCES/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch index 9a592fa..dafa253 100644 --- a/SOURCES/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch +++ b/SOURCES/0026-FIPS-RSA-Disallow-SHAKE-in-OAEP-and-PSS.patch @@ -1,7 +1,7 @@ -From bb269a8f52e1be87144247772e2425b2f4911bee Mon Sep 17 00:00:00 2001 +From 05d9c9154e199bb4a84e215f0b20bd06ac5081d8 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:17 +0100 -Subject: [PATCH 26/53] FIPS: RSA: Disallow SHAKE in OAEP and PSS +Subject: [PATCH 26/57] FIPS: RSA: Disallow SHAKE in OAEP and PSS According to FIPS 140-3 IG, section C.C, the SHAKE digest algorithms must not be used in higher-level algorithms (such as RSA-OAEP and @@ -25,7 +25,7 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce 2 files changed, 32 insertions(+) diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c -index 5a1c080fcd..11cd78618b 100644 +index 453205b56c..e45d4bc278 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -76,6 +76,14 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, @@ -59,7 +59,7 @@ index 5a1c080fcd..11cd78618b 100644 /* XOF are approved as standalone; Shake256 in Ed448; MGF */ if (EVP_MD_xof(md)) { diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c -index a2bc198a89..2833ca50f3 100644 +index 98d6e70346..7fe78b9055 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -61,6 +61,14 @@ int ossl_rsa_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, @@ -93,5 +93,5 @@ index a2bc198a89..2833ca50f3 100644 if (hLen <= 0) goto err; -- -2.50.0 +2.52.0 diff --git a/SOURCES/0027-FIPS-RSA-size-mode-restrictions.patch b/SOURCES/0027-FIPS-RSA-size-mode-restrictions.patch index ca83feb..cc2ca96 100644 --- a/SOURCES/0027-FIPS-RSA-size-mode-restrictions.patch +++ b/SOURCES/0027-FIPS-RSA-size-mode-restrictions.patch @@ -1,7 +1,7 @@ -From f177c315c190537fe6a1bb0620024ae86bb95c8a Mon Sep 17 00:00:00 2001 +From 4191527585ab1e8923249885cbf87d2f91b8804f Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 7 Mar 2025 18:20:30 -0500 -Subject: [PATCH 27/53] FIPS: RSA: size/mode restrictions +Subject: [PATCH 27/57] FIPS: RSA: size/mode restrictions Signed-off-by: Simo Sorce --- @@ -12,10 +12,10 @@ Signed-off-by: Simo Sorce 4 files changed, 86 insertions(+), 4 deletions(-) diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index 3d5af1046a..09c202f87c 100644 +index 4e0744eeba..f38431fd60 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c -@@ -939,6 +939,19 @@ static int rsa_verify_recover(void *vprsactx, +@@ -935,6 +935,19 @@ static int rsa_verify_recover(void *vprsactx, { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; int ret; @@ -35,8 +35,8 @@ index 3d5af1046a..09c202f87c 100644 if (!ossl_prov_is_running()) return 0; -@@ -1033,6 +1046,19 @@ static int rsa_verify_directly(PROV_RSA_CTX *prsactx, - const unsigned char *tbs, size_t tbslen) +@@ -1027,6 +1040,19 @@ static int rsa_verify_directly(PROV_RSA_CTX *prsactx, + const unsigned char *tbs, size_t tbslen) { size_t rslen; +# ifdef FIPS_MODULE @@ -56,7 +56,7 @@ index 3d5af1046a..09c202f87c 100644 if (!ossl_prov_is_running()) return 0; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index 19420d6c6a..5ab1ccee93 100644 +index 15be7e8067..823ad48e02 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -350,6 +350,9 @@ int ssl_load_ciphers(SSL_CTX *ctx) @@ -70,7 +70,7 @@ index 19420d6c6a..5ab1ccee93 100644 * We ignore any errors from the fetches below. They are expected to fail * if these algorithms are not available. diff --git a/test/recipes/30-test_evp_data/evppkey_rsa.txt b/test/recipes/30-test_evp_data/evppkey_rsa.txt -index f1dc5dd2a2..6ae973eaac 100644 +index 42819f7c41..65a75469f9 100644 --- a/test/recipes/30-test_evp_data/evppkey_rsa.txt +++ b/test/recipes/30-test_evp_data/evppkey_rsa.txt @@ -268,8 +268,19 @@ TwIDAQAB @@ -437,5 +437,5 @@ index 17ceb59148..972e90f32f 100644 # Signing with SHA1 is not allowed in fips mode Availablein = fips -- -2.50.0 +2.52.0 diff --git a/SOURCES/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch b/SOURCES/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch index 068dc29..d472fd7 100644 --- a/SOURCES/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch +++ b/SOURCES/0028-FIPS-RSA-Mark-x931-as-not-approved-by-default.patch @@ -1,7 +1,7 @@ -From bc8584fab56834724a8aa70aba1c1f56f1d794e2 Mon Sep 17 00:00:00 2001 +From d72621c7c9fd09b4d6a917b3a721f0fd114b950d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 24 Mar 2025 11:03:45 -0400 -Subject: [PATCH 28/53] FIPS: RSA: Mark x931 as not approved by default +Subject: [PATCH 28/57] FIPS: RSA: Mark x931 as not approved by default Signed-off-by: Simo Sorce --- @@ -22,5 +22,5 @@ index 6bd783eb0a..c1b029de86 100644 OSSL_FIPS_PARAM(kbkdf_key_check, KBKDF_KEY_CHECK, 0) OSSL_FIPS_PARAM(tls13_kdf_key_check, TLS13_KDF_KEY_CHECK, 0) -- -2.50.0 +2.52.0 diff --git a/SOURCES/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch b/SOURCES/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch index 40a7f4c..e8eded5 100644 --- a/SOURCES/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch +++ b/SOURCES/0029-FIPS-RSA-Remove-X9.31-padding-signatures-tests.patch @@ -1,7 +1,7 @@ -From 7a34ce0dbb64dd29e412dffb0628815eed4a8b96 Mon Sep 17 00:00:00 2001 +From 3618981a35438119a4027d1bf3cb3902431adaa4 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:16 +0100 -Subject: [PATCH 29/53] FIPS: RSA: Remove X9.31 padding signatures tests +Subject: [PATCH 29/57] FIPS: RSA: Remove X9.31 padding signatures tests The current draft of FIPS 186-5 [1] no longer contains specifications for X9.31 signature padding. Instead, it contains the following @@ -278,5 +278,5 @@ index 97ec1ff3e5..31fa0eafc6 100644 "pss", 4096, -- -2.50.0 +2.52.0 diff --git a/SOURCES/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch b/SOURCES/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch index eac058b..60a1401 100644 --- a/SOURCES/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch +++ b/SOURCES/0030-FIPS-RSA-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-.patch @@ -1,7 +1,7 @@ -From c031855ff636806e7811513779e494b92808a1e4 Mon Sep 17 00:00:00 2001 +From 83b5a2e3a74780873c8831fd8e3cc6bde0006820 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 12 Feb 2025 17:12:02 -0500 -Subject: [PATCH 30/53] FIPS: RSA: NEEDS-REWORK: +Subject: [PATCH 30/57] FIPS: RSA: NEEDS-REWORK: FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed Signed-off-by: Simo Sorce @@ -383,5 +383,5 @@ index 0000000000..2833a383c1 +-- + -- -2.50.0 +2.52.0 diff --git a/SOURCES/0031-FIPS-Deny-SHA-1-signature-verification.patch b/SOURCES/0031-FIPS-Deny-SHA-1-signature-verification.patch index 97b612a..df30692 100644 --- a/SOURCES/0031-FIPS-Deny-SHA-1-signature-verification.patch +++ b/SOURCES/0031-FIPS-Deny-SHA-1-signature-verification.patch @@ -1,7 +1,7 @@ -From 5fd8ab23690e661f785336b95799e74b39089790 Mon Sep 17 00:00:00 2001 +From 7061b3b659e0386efa58d9dfb94a4f84832884d0 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:15 +0100 -Subject: [PATCH 31/53] FIPS: Deny SHA-1 signature verification +Subject: [PATCH 31/57] FIPS: Deny SHA-1 signature verification For RHEL, we already disable SHA-1 signatures by default in the default provider, so it is unexpected that the FIPS provider would have a more @@ -31,62 +31,65 @@ Signed-off-by: Clemens Lang Bug Id: https://bugzilla.redhat.com/show_bug.cgi?id=2087147 From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- - providers/implementations/signature/dsa_sig.c | 4 +- - .../implementations/signature/ecdsa_sig.c | 4 +- - providers/implementations/signature/rsa_sig.c | 8 ++- + providers/implementations/signature/dsa_sig.c | 5 +- + .../implementations/signature/ecdsa_sig.c | 5 +- + providers/implementations/signature/rsa_sig.c | 9 +-- .../30-test_evp_data/evppkey_ecdsa.txt | 11 +++- .../30-test_evp_data/evppkey_ecdsa_sigalg.txt | 64 ++++++++++++++++--- .../30-test_evp_data/evppkey_rsa_common.txt | 58 +++++++++++++++-- test/recipes/80-test_cms.t | 4 +- test/recipes/80-test_ssl_old.t | 4 ++ - 8 files changed, 130 insertions(+), 27 deletions(-) + 8 files changed, 130 insertions(+), 30 deletions(-) diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c -index 52ed52482d..0d3050dbe9 100644 +index 31a89133a3..0de750c247 100644 --- a/providers/implementations/signature/dsa_sig.c +++ b/providers/implementations/signature/dsa_sig.c -@@ -187,9 +187,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, +@@ -187,10 +187,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, } #ifdef FIPS_MODULE { - int sha1_allowed - = ((ctx->operation -- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0); +- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) +- == 0); + int sha1_allowed = 0; if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), - OSSL_FIPS_IND_SETTABLE1, + OSSL_FIPS_IND_SETTABLE1, diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c -index 04d4009ab5..4e46eaf9bc 100644 +index 2a4faf4a71..f5c101005f 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c -@@ -214,9 +214,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, +@@ -214,10 +214,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, #ifdef FIPS_MODULE { - int sha1_allowed - = ((ctx->operation -- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0); +- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) +- == 0); + int sha1_allowed = 0; if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), - OSSL_FIPS_IND_SETTABLE1, + OSSL_FIPS_IND_SETTABLE1, diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index 09c202f87c..014b17fe49 100644 +index f38431fd60..e90ce3c223 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c -@@ -407,9 +407,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, +@@ -407,10 +407,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, } #ifdef FIPS_MODULE { - int sha1_allowed - = ((ctx->operation -- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0); +- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) +- == 0); + int sha1_allowed = 0; if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), - OSSL_FIPS_IND_SETTABLE1, -@@ -1795,11 +1793,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + OSSL_FIPS_IND_SETTABLE1, +@@ -1790,11 +1787,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) if (prsactx->md == NULL && pmdname == NULL && pad_mode == RSA_PKCS1_PSS_PADDING) { @@ -103,7 +106,7 @@ index 09c202f87c..014b17fe49 100644 if (pmgf1mdname != NULL diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt -index 06ec905be0..1602f0c521 100644 +index 4c47fa68c2..484668440f 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt @@ -37,12 +37,14 @@ PrivPubKeyPair = P-256:P-256-PUBLIC @@ -176,8 +179,8 @@ index 06ec905be0..1602f0c521 100644 -Result = KEYOP_MISMATCH +Result = PKEY_CTRL_ERROR - Title = XOF disallowed - + FIPSversion = >=3.6.0 + Sign = P-256 diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt index 0ff482e4e8..d407ea1ca8 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt @@ -660,10 +663,10 @@ index 972e90f32f..61e2b4e3ac 100644 Availablein = fips FIPSversion = >=3.4.0 diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t -index d13dceaac5..ece29485f4 100644 +index c278987186..91283c5e74 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t -@@ -174,7 +174,7 @@ my @smime_pkcs7_tests = ( +@@ -183,7 +183,7 @@ my @smime_pkcs7_tests = ( [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-md", "sha1", "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ], @@ -672,7 +675,7 @@ index d13dceaac5..ece29485f4 100644 "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], -@@ -182,7 +182,7 @@ my @smime_pkcs7_tests = ( +@@ -191,7 +191,7 @@ my @smime_pkcs7_tests = ( [ "signed zero-length content S/MIME format, RSA key SHA1", [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont_zero, "-md", "sha1", "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ], @@ -704,5 +707,5 @@ index 568a1ddba4..6332aaec4b 100755 SKIP: { skip "No IPv4 available on this machine", 4 -- -2.50.0 +2.52.0 diff --git a/SOURCES/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch b/SOURCES/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch index 5430a7a..44d72df 100644 --- a/SOURCES/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch +++ b/SOURCES/0032-FIPS-RAND-FIPS-140-3-DRBG-NEEDS-REVIEW.patch @@ -1,7 +1,7 @@ -From 85acc91ca970f6509e67c93b46be12cf261bd3ad Mon Sep 17 00:00:00 2001 +From 80a4d4da42db9711d06953f4dcd6e9f29c001292 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:16 +0100 -Subject: [PATCH 32/53] FIPS: RAND: FIPS-140-3 DRBG - NEEDS REVIEW +Subject: [PATCH 32/57] FIPS: RAND: FIPS-140-3 DRBG - NEEDS REVIEW providers/implementations/rands/crngt.c is gone @@ -14,11 +14,11 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce --- crypto/rand/prov_seed.c | 9 ++- providers/implementations/rands/drbg.c | 11 ++- - .../implementations/rands/seeding/rand_unix.c | 68 ++----------------- - 3 files changed, 22 insertions(+), 66 deletions(-) + .../implementations/rands/seeding/rand_unix.c | 70 ++----------------- + 3 files changed, 23 insertions(+), 67 deletions(-) diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c -index 2985c7f2d8..3202a28226 100644 +index 8466ded8ab..24feab20e5 100644 --- a/crypto/rand/prov_seed.c +++ b/crypto/rand/prov_seed.c @@ -23,7 +23,14 @@ size_t ossl_rand_get_entropy(ossl_unused OSSL_LIB_CTX *ctx, @@ -38,10 +38,10 @@ index 2985c7f2d8..3202a28226 100644 ERR_raise(ERR_LIB_RAND, ERR_R_RAND_LIB); return 0; diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c -index 4925a3b400..1cdb67b22c 100644 +index f9d90d5d43..6b23d55cf5 100644 --- a/providers/implementations/rands/drbg.c +++ b/providers/implementations/rands/drbg.c -@@ -559,6 +559,9 @@ static int ossl_prov_drbg_reseed_unlocked(PROV_DRBG *drbg, +@@ -556,6 +556,9 @@ static int ossl_prov_drbg_reseed_unlocked(PROV_DRBG *drbg, #endif } @@ -50,13 +50,13 @@ index 4925a3b400..1cdb67b22c 100644 +#endif /* Reseed using our sources in addition */ entropylen = get_entropy(drbg, &entropy, drbg->strength, - drbg->min_entropylen, drbg->max_entropylen, -@@ -680,8 +683,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen, + drbg->min_entropylen, drbg->max_entropylen, +@@ -677,8 +680,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen, reseed_required = 1; } if (drbg->parent != NULL -- && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) -+ && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) { +- && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) ++ && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) { +#ifdef FIPS_MODULE + /* Red Hat patches provide chain reseeding when necessary so just sync counters*/ + drbg->parent_reseed_counter = get_parent_reseed_count(drbg); @@ -68,19 +68,26 @@ index 4925a3b400..1cdb67b22c 100644 if (reseed_required || prediction_resistance) { if (!ossl_prov_drbg_reseed_unlocked(drbg, prediction_resistance, NULL, diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c -index c3a5d8b3bf..b7b34a9345 100644 +index 80ae817313..1e73a1ec28 100644 --- a/providers/implementations/rands/seeding/rand_unix.c +++ b/providers/implementations/rands/seeding/rand_unix.c -@@ -53,6 +53,8 @@ - # include - # include - # include -+# include -+# include +@@ -47,12 +47,14 @@ + #endif + + #if (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \ +- || defined(__DJGPP__) ++ || defined(__DJGPP__) + #include + #include + #include + #include + #include ++#include ++#include static uint64_t get_time_stamp(void); -@@ -339,70 +341,8 @@ static ssize_t syscall_random(void *buf, size_t buflen) +@@ -338,70 +340,8 @@ static ssize_t syscall_random(void *buf, size_t buflen) * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion * between size_t and ssize_t is safe even without a range check. */ @@ -97,8 +104,8 @@ index c3a5d8b3bf..b7b34a9345 100644 - * Note: Sometimes getentropy() can be provided but not implemented - * internally. So we need to check errno for ENOSYS - */ --# if !defined(__DragonFly__) && !defined(__NetBSD__) && !defined(__FreeBSD__) --# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) +-#if !defined(__DragonFly__) && !defined(__NetBSD__) && !defined(__FreeBSD__) +-#if defined(__GNUC__) && __GNUC__ >= 2 && defined(__ELF__) && !defined(__hpux) - extern int getentropy(void *buffer, size_t length) __attribute__((weak)); - - if (getentropy != NULL) { @@ -107,13 +114,13 @@ index c3a5d8b3bf..b7b34a9345 100644 - if (errno != ENOSYS) - return -1; - } --# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM) +-#elif defined(OPENSSL_APPLE_CRYPTO_RANDOM) - - if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) -- return (ssize_t)buflen; +- return (ssize_t)buflen; - - return -1; --# else +-#else - union { - void *p; - int (*f)(void *buffer, size_t length); @@ -128,31 +135,31 @@ index c3a5d8b3bf..b7b34a9345 100644 - ERR_pop_to_mark(); - if (p_getentropy.p != NULL) - return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; --# endif --# endif /* !__DragonFly__ && !__NetBSD__ && !__FreeBSD__ */ +-#endif +-#endif /* !__DragonFly__ && !__NetBSD__ && !__FreeBSD__ */ - - /* Linux supports this since version 3.17 */ --# if defined(__linux) && defined(__NR_getrandom) +-#if defined(__linux) && defined(__NR_getrandom) - return syscall(__NR_getrandom, buf, buflen, 0); --# elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \ -- || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) \ -- || (defined(__FreeBSD__) && __FreeBSD_version >= 1200061) +-#elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \ +- || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) \ +- || (defined(__FreeBSD__) && __FreeBSD_version >= 1200061) - return getrandom(buf, buflen, 0); --# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) +-#elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) - return sysctl_random(buf, buflen); --# elif defined(__wasi__) +-#elif defined(__wasi__) - if (getentropy(buf, buflen) == 0) -- return (ssize_t)buflen; +- return (ssize_t)buflen; - return -1; --# else +-#else - errno = ENOSYS; - return -1; --# endif +-#endif + /* Red Hat uses downstream patch to always seed from getrandom() */ + return EVP_default_properties_is_fips_enabled(NULL) ? getrandom(buf, buflen, GRND_RANDOM) : getrandom(buf, buflen, 0); } - # endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ + #endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */ -- -2.50.0 +2.52.0 diff --git a/SOURCES/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch b/SOURCES/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch index 86a363b..853bd50 100644 --- a/SOURCES/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch +++ b/SOURCES/0033-FIPS-RAND-Forbid-truncated-hashes-SHA-3.patch @@ -1,7 +1,7 @@ -From d2369dfc75e2b121650bc51f5ac3e0e7c9b75a29 Mon Sep 17 00:00:00 2001 +From 2d385a2615dd7c6f33f824183ec6f65ef2c9327c Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:16 +0100 -Subject: [PATCH 33/53] FIPS: RAND: Forbid truncated hashes & SHA-3 +Subject: [PATCH 33/57] FIPS: RAND: Forbid truncated hashes & SHA-3 Section D.R "Hash Functions Acceptable for Use in the SP 800-90A DRBGs" of the Implementation Guidance for FIPS 140-3 [1] notes that there is no @@ -30,12 +30,12 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce 3 files changed, 187 insertions(+), 34 deletions(-) diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c -index 8bb831ae35..cedf5c3894 100644 +index 92eb443c6e..a63b21eade 100644 --- a/providers/implementations/rands/drbg_hash.c +++ b/providers/implementations/rands/drbg_hash.c @@ -579,6 +579,18 @@ static int drbg_hash_set_ctx_params_locked(void *vctx, const OSSL_PARAM params[] if (!ossl_drbg_verify_digest(ctx, libctx, md)) - return 0; /* Error already raised for us */ + return 0; /* Error already raised for us */ +#ifdef FIPS_MODULE + if (!EVP_MD_is_a(md, SN_sha1) @@ -53,12 +53,12 @@ index 8bb831ae35..cedf5c3894 100644 md_size = EVP_MD_get_size(md); if (md_size <= 0) diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c -index 43b3f8766e..64b7610cd1 100644 +index ff8a6cd6f0..d041897bb8 100644 --- a/providers/implementations/rands/drbg_hmac.c +++ b/providers/implementations/rands/drbg_hmac.c -@@ -505,6 +505,18 @@ static int drbg_hmac_set_ctx_params_locked(void *vctx, const OSSL_PARAM params[] +@@ -522,6 +522,18 @@ static int drbg_hmac_set_ctx_params_locked(void *vctx, const OSSL_PARAM params[] if (md != NULL && !ossl_drbg_verify_digest(ctx, libctx, md)) - return 0; /* Error already raised for us */ + return 0; /* Error already raised for us */ +#ifdef FIPS_MODULE + if (!EVP_MD_is_a(md, SN_sha1) @@ -1191,5 +1191,5 @@ index 9756859c0e..9baecf6f31 100644 +#Nonce.0 = 15e32abbae6b7433 +#Output.0 = ee9f -- -2.50.0 +2.52.0 diff --git a/SOURCES/0034-FIPS-PBKDF2-Set-minimum-password-length.patch b/SOURCES/0034-FIPS-PBKDF2-Set-minimum-password-length.patch index 936afd1..36c7b19 100644 --- a/SOURCES/0034-FIPS-PBKDF2-Set-minimum-password-length.patch +++ b/SOURCES/0034-FIPS-PBKDF2-Set-minimum-password-length.patch @@ -1,7 +1,7 @@ -From 1a83f0de8b9aaa1cf5727f0599b089346ffd89f4 Mon Sep 17 00:00:00 2001 +From 0be17f1220667a7c7758e10dead4be80d521b3fc Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:17 +0100 -Subject: [PATCH 34/53] FIPS: PBKDF2: Set minimum password length +Subject: [PATCH 34/57] FIPS: PBKDF2: Set minimum password length MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -30,13 +30,13 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c -index b383314064..68f9355b7d 100644 +index 581c8f8799..cc15db4c73 100644 --- a/providers/implementations/kdfs/pbkdf2.c +++ b/providers/implementations/kdfs/pbkdf2.c @@ -36,6 +36,21 @@ #define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF #define KDF_PBKDF2_MIN_ITERATIONS 1000 - #define KDF_PBKDF2_MIN_SALT_LEN (128 / 8) + #define KDF_PBKDF2_MIN_SALT_LEN (128 / 8) +/* The Implementation Guidance for FIPS 140-3 says in section D.N + * "Password-Based Key Derivation for Storage Applications" that "the vendor + * shall document in the module’s Security Policy the length of @@ -59,10 +59,10 @@ index b383314064..68f9355b7d 100644 } static int pbkdf2_lower_bound_check_passed(int saltlen, uint64_t iter, -- size_t keylen, int *error, -- const char **desc) -+ size_t keylen, size_t passlen, -+ int *error, const char **desc) +- size_t keylen, int *error, +- const char **desc) ++ size_t keylen, size_t passlen, ++ int *error, const char **desc) { if ((keylen * 8) < KDF_PBKDF2_MIN_KEY_LEN_BITS) { *error = PROV_R_KEY_SIZE_TOO_SMALL; @@ -84,9 +84,9 @@ index b383314064..68f9355b7d 100644 int error = 0; const char *desc = NULL; int approved = pbkdf2_lower_bound_check_passed(ctx->salt_len, ctx->iter, -- keylen, &error, &desc); -+ keylen, ctx->pass_len, -+ &error, &desc); +- keylen, &error, &desc); ++ keylen, ctx->pass_len, ++ &error, &desc); if (!approved) { if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0, libctx, @@ -111,11 +111,11 @@ index b383314064..68f9355b7d 100644 if (lower_bound_checks) { int error = 0; int passed = pbkdf2_lower_bound_check_passed(saltlen, iter, keylen, -- &error, NULL); -+ passlen, &error, NULL); +- &error, NULL); ++ passlen, &error, NULL); if (!passed) { ERR_raise(ERR_LIB_PROV, error); -- -2.50.0 +2.52.0 diff --git a/SOURCES/0035-FIPS-DH-PCT.patch b/SOURCES/0035-FIPS-DH-PCT.patch index e7ab885..f8724b4 100644 --- a/SOURCES/0035-FIPS-DH-PCT.patch +++ b/SOURCES/0035-FIPS-DH-PCT.patch @@ -1,7 +1,7 @@ -From 5276208d8cb9a1504ec5a4f9a9d554daf7918731 Mon Sep 17 00:00:00 2001 +From a1ee967fae9cb6f4a06d4ffbcd62c6efd9ac05f0 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 24 Mar 2025 10:49:00 -0400 -Subject: [PATCH 35/53] FIPS: DH: PCT +Subject: [PATCH 35/57] FIPS: DH: PCT Signed-off-by: Simo Sorce --- @@ -9,7 +9,7 @@ Signed-off-by: Simo Sorce 1 file changed, 26 insertions(+) diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c -index 7132b9b68e..189bfc3e8b 100644 +index 2d9f7a8100..ae47dc2cd9 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) @@ -46,7 +46,7 @@ index 7132b9b68e..189bfc3e8b 100644 if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); -@@ -369,8 +382,21 @@ static int generate_key(DH *dh) +@@ -370,8 +383,21 @@ static int generate_key(DH *dh) if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key)) goto err; @@ -60,14 +60,14 @@ index 7132b9b68e..189bfc3e8b 100644 dh->pub_key = pub_key; dh->priv_key = priv_key; +#ifdef FIPS_MODULE -+ if (ossl_dh_check_pairwise(dh) <= 0) { ++ if (ossl_dh_check_pairwise(dh, 0) <= 0) { + abort(); + } +#endif + dh->dirty_cnt++; ok = 1; - err: + err: -- -2.50.0 +2.52.0 diff --git a/SOURCES/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch b/SOURCES/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch index 191985f..a5d6f55 100644 --- a/SOURCES/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch +++ b/SOURCES/0036-FIPS-DH-Disable-FIPS-186-4-type-parameters.patch @@ -1,7 +1,7 @@ -From ad3ca70961e0067afd8c8b386fdcc61a576ac11b Mon Sep 17 00:00:00 2001 +From a7ddcb6ceef64c92b5c21389900477bc3a38f46d Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:17 +0100 -Subject: [PATCH 36/53] FIPS: DH: Disable FIPS 186-4 type parameters +Subject: [PATCH 36/57] FIPS: DH: Disable FIPS 186-4 type parameters For DH parameter and key pair generation/verification, the DSA procedures specified in FIPS 186-4 are used. With the release of FIPS @@ -29,17 +29,17 @@ NOTE: Dropped changes in test/recipes/80-test_cms.t crypto/dh/dh_check.c | 12 ++-- crypto/dh/dh_gen.c | 12 +++- crypto/dh/dh_key.c | 13 ++-- - crypto/dh/dh_pmeth.c | 10 +++- + crypto/dh/dh_pmeth.c | 16 +++-- providers/implementations/keymgmt/dh_kmgmt.c | 5 ++ test/endecode_test.c | 4 +- test/evp_libctx_test.c | 2 +- test/helpers/predefined_dhparams.c | 62 ++++++++++++++++++++ test/helpers/predefined_dhparams.h | 1 + test/recipes/80-test_ssl_old.t | 3 + - 11 files changed, 116 insertions(+), 18 deletions(-) + 11 files changed, 119 insertions(+), 21 deletions(-) diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c -index 1aaa88daca..aa3a491799 100644 +index f68429862c..00b229a295 100644 --- a/crypto/dh/dh_backend.c +++ b/crypto/dh/dh_backend.c @@ -47,6 +47,16 @@ int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[]) @@ -56,14 +56,14 @@ index 1aaa88daca..aa3a491799 100644 + } +#endif + - param_priv_len = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN); + param_priv_len = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN); if (param_priv_len != NULL + && (!OSSL_PARAM_get_long(param_priv_len, &priv_len) diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c -index ae23f61839..6e30a9b735 100644 +index 3002609b68..2aabdd2908 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c -@@ -57,13 +57,15 @@ int DH_check_params(const DH *dh, int *ret) +@@ -58,13 +58,15 @@ int DH_check_params(const DH *dh, int *ret) nid = DH_get_nid((DH *)dh); if (nid != NID_undef) return 1; @@ -75,7 +75,7 @@ index ae23f61839..6e30a9b735 100644 + * FIPS 186-4 explicit domain parameters are no longer supported in FIPS mode. */ - return ossl_ffc_params_FIPS186_4_validate(dh->libctx, &dh->params, -- FFC_PARAM_TYPE_DH, ret, NULL); +- FFC_PARAM_TYPE_DH, ret, NULL); + ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS, + "FIPS 186-4 type domain parameters no longer allowed in" + " FIPS mode, since the required validation routines were" @@ -85,12 +85,12 @@ index ae23f61839..6e30a9b735 100644 #else int DH_check_params(const DH *dh, int *ret) diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c -index b73bfb7f3b..275ce2c1af 100644 +index 094b6e70c7..d0c1fc5367 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -39,18 +39,26 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, - BN_GENCB *cb) + BN_GENCB *cb) { - int ret, res; + int ret = 0; @@ -100,13 +100,13 @@ index b73bfb7f3b..275ce2c1af 100644 + if (type == DH_PARAMGEN_TYPE_FIPS_186_2) ret = ossl_ffc_params_FIPS186_2_generate(dh->libctx, &dh->params, - FFC_PARAM_TYPE_DH, - pbits, qbits, &res, cb); + FFC_PARAM_TYPE_DH, + pbits, qbits, &res, cb); else -#endif ret = ossl_ffc_params_FIPS186_4_generate(dh->libctx, &dh->params, - FFC_PARAM_TYPE_DH, - pbits, qbits, &res, cb); + FFC_PARAM_TYPE_DH, + pbits, qbits, &res, cb); +#else + /* In FIPS mode, we no longer support FIPS 186-4 domain parameters */ + ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS, @@ -118,10 +118,10 @@ index b73bfb7f3b..275ce2c1af 100644 dh->dirty_cnt++; return ret; diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c -index 189bfc3e8b..023d628502 100644 +index ae47dc2cd9..4ddc1b83c7 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c -@@ -336,8 +336,12 @@ static int generate_key(DH *dh) +@@ -335,8 +335,12 @@ static int generate_key(DH *dh) goto err; } else { #ifdef FIPS_MODULE @@ -135,8 +135,8 @@ index 189bfc3e8b..023d628502 100644 + goto err; #else if (dh->params.q == NULL) { - /* secret exponent length, must satisfy 2^(l-1) <= p */ -@@ -358,9 +362,7 @@ static int generate_key(DH *dh) + /* secret exponent length, must satisfy 2^l < (p-1)/2 */ +@@ -359,9 +363,7 @@ static int generate_key(DH *dh) if (!BN_clear_bit(priv_key, 0)) goto err; } @@ -146,9 +146,9 @@ index 189bfc3e8b..023d628502 100644 + } else { /* Do a partial check for invalid p, q, g */ if (!ossl_ffc_params_simple_validate(dh->libctx, &dh->params, - FFC_PARAM_TYPE_DH, NULL)) -@@ -376,6 +378,7 @@ static int generate_key(DH *dh) - priv_key)) + FFC_PARAM_TYPE_DH, NULL)) +@@ -377,6 +379,7 @@ static int generate_key(DH *dh) + priv_key)) goto err; } +#endif @@ -156,32 +156,35 @@ index 189bfc3e8b..023d628502 100644 } diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c -index 3b75a537b3..6ea7a423d5 100644 +index dd36dce281..21ac48c1de 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c -@@ -303,13 +303,17 @@ static DH *ffc_params_generate(OSSL_LIB_CTX *libctx, DH_PKEY_CTX *dctx, - prime_len, subprime_len, &res, - pcb); +@@ -301,13 +301,17 @@ static DH *ffc_params_generate(OSSL_LIB_CTX *libctx, DH_PKEY_CTX *dctx, + prime_len, subprime_len, &res, + pcb); else --# endif -- /* For FIPS we always use the DH_PARAMGEN_TYPE_FIPS_186_4 generator */ -- if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2) - rv = ossl_ffc_params_FIPS186_4_generate(libctx, &ret->params, - FFC_PARAM_TYPE_DH, - prime_len, subprime_len, &res, - pcb); -+# else ++ rv = ossl_ffc_params_FIPS186_4_generate(libctx, &ret->params, ++ FFC_PARAM_TYPE_DH, ++ prime_len, subprime_len, &res, ++ pcb); ++#else + /* In FIPS mode, we no longer support FIPS 186-4 domain parameters */ + ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS, + "FIPS 186-4 type domain parameters no longer allowed in" + " FIPS mode, since the required generation routines were" + " removed from FIPS 186-5"); -+# endif + #endif +- /* For FIPS we always use the DH_PARAMGEN_TYPE_FIPS_186_4 generator */ +- if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2) +- rv = ossl_ffc_params_FIPS186_4_generate(libctx, &ret->params, +- FFC_PARAM_TYPE_DH, +- prime_len, subprime_len, &res, +- pcb); if (rv <= 0) { DH_free(ret); return NULL; diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c -index c2ee859355..51c21e436f 100644 +index 8a1afe7907..759ab77e1b 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -420,6 +420,11 @@ static int dh_validate(const void *keydata, int selection, int checktype) @@ -197,7 +200,7 @@ index c2ee859355..51c21e436f 100644 /* * Both of these functions check parameters. DH_check_params_ex() diff --git a/test/endecode_test.c b/test/endecode_test.c -index 85c84f6592..d2ff9e6eb6 100644 +index c3b55af3e7..b15bab217e 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c @@ -85,10 +85,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) @@ -210,11 +213,11 @@ index 85c84f6592..d2ff9e6eb6 100644 if (strcmp(type, "X9.42 DH") == 0) - return get_dhx512(keyctx); + return get_dhx_ffdhe2048(keyctx); - # endif + #endif /* diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c -index 039fca9bb0..2838f343bd 100644 +index 3786c567a7..773210fadb 100644 --- a/test/evp_libctx_test.c +++ b/test/evp_libctx_test.c @@ -222,7 +222,7 @@ static int do_dh_param_keygen(int tstid, const BIGNUM **bn) @@ -227,11 +230,11 @@ index 039fca9bb0..2838f343bd 100644 if (expected) { diff --git a/test/helpers/predefined_dhparams.c b/test/helpers/predefined_dhparams.c -index 4bdadc4143..e5186e4b4a 100644 +index 28070efdb6..4baeb673f3 100644 --- a/test/helpers/predefined_dhparams.c +++ b/test/helpers/predefined_dhparams.c -@@ -116,6 +116,68 @@ EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx) - dhx512_q, sizeof(dhx512_q)); +@@ -311,6 +311,68 @@ EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx) + dhx512_q, sizeof(dhx512_q)); } +EVP_PKEY *get_dhx_ffdhe2048(OSSL_LIB_CTX *libctx) @@ -326,5 +329,5 @@ index 6332aaec4b..4d8c900c00 100755 'test sslv2/sslv3 with 1024bit DHE via BIO pair'); } -- -2.50.0 +2.52.0 diff --git a/SOURCES/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch b/SOURCES/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch index ebeba13..15ec4f4 100644 --- a/SOURCES/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch +++ b/SOURCES/0037-FIPS-TLS-Enforce-EMS-in-TLS-1.2-NOTE.patch @@ -1,7 +1,7 @@ -From 14cddfc71e0eae69aafdf84c1dfb073bb69942f1 Mon Sep 17 00:00:00 2001 +From 0f4b67897d87b6cb1bd1f65ca2aafbce1c3c6872 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Wed, 6 Mar 2024 19:17:17 +0100 -Subject: [PATCH 37/53] FIPS: TLS: Enforce EMS in TLS 1.2 - NOTE +Subject: [PATCH 37/57] FIPS: TLS: Enforce EMS in TLS 1.2 - NOTE NOTE: Enforcement of EMS in non-FIPS mode has been dropped due to code change the option to enforce it seem to be available only in FIPS build @@ -19,16 +19,16 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce providers/fips/include/fips_indicator_params.inc | 2 +- ssl/ssl_conf.c | 1 + ssl/statem/extensions_srvr.c | 8 +++++++- - ssl/t1_enc.c | 11 +++++++++-- + ssl/t1_enc.c | 13 ++++++++++--- test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt | 10 ++++++++++ test/sslapitest.c | 2 +- - 9 files changed, 46 insertions(+), 5 deletions(-) + 9 files changed, 47 insertions(+), 6 deletions(-) diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod -index 9338ffc01d..911ea21a68 100644 +index 3e2de6e66b..ad9a2dc8bf 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod -@@ -621,6 +621,9 @@ B: use extended master secret extension, enabled by +@@ -626,6 +626,9 @@ B: use extended master secret extension, enabled by default. Inverse of B: that is, B<-ExtendedMasterSecret> is the same as setting B. @@ -39,7 +39,7 @@ index 9338ffc01d..911ea21a68 100644 default. Inverse of B: that is, B<-CANames> is the same as setting B. diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod -index 15748c5756..34cbfbb2ad 100644 +index 2505938c13..3887c54f0e 100644 --- a/doc/man5/fips_config.pod +++ b/doc/man5/fips_config.pod @@ -11,6 +11,19 @@ automatically loaded when the system is booted in FIPS mode, or when the @@ -61,19 +61,19 @@ index 15748c5756..34cbfbb2ad 100644 + =head1 COPYRIGHT - Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in -index d1b00e8454..b815f25dae 100644 +index 82410670f4..1026a9b7b0 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in -@@ -417,6 +417,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); - * interoperability with CryptoPro CSP 3.x - */ - # define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31) -+# define SSL_OP_RH_PERMIT_NOEMS_FIPS SSL_OP_BIT(48) +@@ -432,6 +432,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg); + #define SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE SSL_OP_BIT(34) + + #define SSL_OP_PREFER_NO_DHE_KEX SSL_OP_BIT(35) ++#define SSL_OP_RH_PERMIT_NOEMS_FIPS SSL_OP_BIT(48) + /* - * Disable RFC8879 certificate compression - * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates, + * Option "collections." diff --git a/providers/fips/include/fips_indicator_params.inc b/providers/fips/include/fips_indicator_params.inc index c1b029de86..47d1cf2d01 100644 --- a/providers/fips/include/fips_indicator_params.inc @@ -86,19 +86,19 @@ index c1b029de86..47d1cf2d01 100644 OSSL_FIPS_PARAM(hmac_key_check, HMAC_KEY_CHECK, 0) OSSL_FIPS_PARAM(kmac_key_check, KMAC_KEY_CHECK, 0) diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c -index 946d20be52..b52c1675fd 100644 +index 0d93593880..4361edfa49 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c -@@ -394,6 +394,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) +@@ -392,6 +392,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL("ClientRenegotiation", - SSL_OP_ALLOW_CLIENT_RENEGOTIATION), + SSL_OP_ALLOW_CLIENT_RENEGOTIATION), SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC), + SSL_FLAG_TBL("RHNoEnforceEMSinFIPS", SSL_OP_RH_PERMIT_NOEMS_FIPS), SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION), SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX), SSL_FLAG_TBL("PreferNoDHEKEX", SSL_OP_PREFER_NO_DHE_KEX), diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c -index 1a09913ad6..936be81819 100644 +index cdb914daed..1bcc0fd902 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -12,6 +12,7 @@ @@ -107,11 +107,11 @@ index 1a09913ad6..936be81819 100644 #include "internal/ssl_unwrap.h" +#include - #define COOKIE_STATE_FORMAT_VERSION 1 + #define COOKIE_STATE_FORMAT_VERSION 1 -@@ -1886,8 +1887,13 @@ EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) +@@ -1889,8 +1890,13 @@ EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt, + unsigned int context, + X509 *x, size_t chainidx) { - if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) + if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) { @@ -123,9 +123,9 @@ index 1a09913ad6..936be81819 100644 + } if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret) - || !WPACKET_put_bytes_u16(pkt, 0)) { + || !WPACKET_put_bytes_u16(pkt, 0)) { diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c -index 474ea7bf5b..e0e595e989 100644 +index 8978e0c630..85d9df0da6 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -21,6 +21,7 @@ @@ -136,12 +136,14 @@ index 474ea7bf5b..e0e595e989 100644 /* seed1 through seed5 are concatenated */ static int tls1_PRF(SSL_CONNECTION *s, -@@ -78,8 +79,14 @@ static int tls1_PRF(SSL_CONNECTION *s, +@@ -77,9 +78,15 @@ static int tls1_PRF(SSL_CONNECTION *s, + return 1; } - err: +-err: - if (fatal) - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); ++ err: + if (fatal) { + /* The calls to this function are local so it's safe to implement the check */ + if (FIPS_mode() && seed1_len >= TLS_MD_MASTER_SECRET_CONST_SIZE @@ -175,10 +177,10 @@ index 50944328cb..edb2e81273 100644 KDF = TLS1-PRF Ctrl.digest = digest:SHA256 diff --git a/test/sslapitest.c b/test/sslapitest.c -index 250a439137..acc4751095 100644 +index a94061d974..92a33f05db 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c -@@ -575,7 +575,7 @@ static int test_client_cert_verify_cb(void) +@@ -582,7 +582,7 @@ static int test_client_cert_verify_cb(void) STACK_OF(X509) *server_chain; SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; @@ -186,7 +188,7 @@ index 250a439137..acc4751095 100644 + int testresult = 0, status; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_VERSION, 0, + TLS_client_method(), TLS1_VERSION, 0, -- -2.50.0 +2.52.0 diff --git a/SOURCES/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch b/SOURCES/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch index 3b9b627..1153832 100644 --- a/SOURCES/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch +++ b/SOURCES/0038-FIPS-CMS-Set-default-padding-to-OAEP.patch @@ -1,7 +1,7 @@ -From ecc156faf9f4d65fd73a8ef7d8ec87f5b4c0ab88 Mon Sep 17 00:00:00 2001 +From c91c7412ab54f8db8cac437e7308a9042c7a4732 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 13 Feb 2025 18:08:34 -0500 -Subject: [PATCH 38/53] FIPS: CMS: Set default padding to OAEP +Subject: [PATCH 38/57] FIPS: CMS: Set default padding to OAEP From-dist-git-commit: d508cbed930481c1960d6a6bc1e1a9593252dbbe --- @@ -10,7 +10,7 @@ From-dist-git-commit: d508cbed930481c1960d6a6bc1e1a9593252dbbe 2 files changed, 11 insertions(+) diff --git a/apps/cms.c b/apps/cms.c -index 919d306ff6..b4950df759 100644 +index 214eea5bcb..c1fc70ef12 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -20,6 +20,7 @@ @@ -22,7 +22,7 @@ index 919d306ff6..b4950df759 100644 static int save_certs(char *signerfile, STACK_OF(X509) *signers); static int cms_cb(int ok, X509_STORE_CTX *ctx); diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c -index 375239c78d..e09ad03ece 100644 +index 0828d157fa..e1200a37d4 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -14,6 +14,7 @@ @@ -33,7 +33,7 @@ index 375239c78d..e09ad03ece 100644 #include "internal/sizes.h" #include "crypto/asn1.h" #include "crypto/evp.h" -@@ -375,6 +376,10 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip, +@@ -372,6 +373,10 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip, return 0; if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0) return 0; @@ -44,7 +44,7 @@ index 375239c78d..e09ad03ece 100644 } else if (!ossl_cms_env_asn1_ctrl(ri, 0)) return 0; return 1; -@@ -540,6 +545,11 @@ static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms, +@@ -535,6 +540,11 @@ static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms, if (EVP_PKEY_encrypt_init(pctx) <= 0) goto err; @@ -57,5 +57,5 @@ index 375239c78d..e09ad03ece 100644 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0) -- -2.50.0 +2.52.0 diff --git a/SOURCES/0039-FIPS-PKCS12-PBMAC1-defaults.patch b/SOURCES/0039-FIPS-PKCS12-PBMAC1-defaults.patch index b26bfaf..2609c2f 100644 --- a/SOURCES/0039-FIPS-PKCS12-PBMAC1-defaults.patch +++ b/SOURCES/0039-FIPS-PKCS12-PBMAC1-defaults.patch @@ -1,7 +1,7 @@ -From 16b5a03db729e5977ab88b3107f99586be34006b Mon Sep 17 00:00:00 2001 +From 51fc5ce32bfe0fbe018934fa88252efe9073c649 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 13 Feb 2025 18:16:29 -0500 -Subject: [PATCH 39/53] FIPS: PKCS12: PBMAC1 defaults +Subject: [PATCH 39/57] FIPS: PKCS12: PBMAC1 defaults From-dist-git-commit: 8fc2d4842385584094d57f6f66fcbc2a07865708 --- @@ -9,7 +9,7 @@ From-dist-git-commit: 8fc2d4842385584094d57f6f66fcbc2a07865708 1 file changed, 4 insertions(+) diff --git a/apps/pkcs12.c b/apps/pkcs12.c -index 9964faf21a..59439a8cc0 100644 +index 2c83e43845..20aad27c59 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -17,6 +17,7 @@ @@ -20,7 +20,7 @@ index 9964faf21a..59439a8cc0 100644 #include #include #include -@@ -709,6 +710,9 @@ int pkcs12_main(int argc, char **argv) +@@ -746,6 +747,9 @@ int pkcs12_main(int argc, char **argv) } if (maciter != -1) { @@ -29,7 +29,7 @@ index 9964faf21a..59439a8cc0 100644 + if (pbmac1_pbkdf2 == 1) { if (!PKCS12_set_pbmac1_pbkdf2(p12, mpass, -1, NULL, - macsaltlen, maciter, + macsaltlen, maciter, -- -2.50.0 +2.52.0 diff --git a/SOURCES/0040-FIPS-Fix-encoder-decoder-negative-test.patch b/SOURCES/0040-FIPS-Fix-encoder-decoder-negative-test.patch index e98b350..2eb94f5 100644 --- a/SOURCES/0040-FIPS-Fix-encoder-decoder-negative-test.patch +++ b/SOURCES/0040-FIPS-Fix-encoder-decoder-negative-test.patch @@ -1,7 +1,7 @@ -From eea9e6867012efa55d7ae48ab9a87fd0da382b6b Mon Sep 17 00:00:00 2001 +From 7b7ade7e1ee2f6b10b34bf7f9e7a0165474f5860 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 5 Mar 2025 13:22:03 -0500 -Subject: [PATCH 40/53] FIPS: Fix encoder/decoder negative test +Subject: [PATCH 40/57] FIPS: Fix encoder/decoder negative test Signed-off-by: Simo Sorce --- @@ -31,5 +31,5 @@ index 2acc980e90..660d4e1115 my $conf2 = srctop_file("test", "default-and-fips.cnf"); ok(run(test(['decoder_propq_test', '-config', $conf2, -- -2.50.0 +2.52.0 diff --git a/SOURCES/0041-FIPS-EC-DH-DSA-PCTs.patch b/SOURCES/0041-FIPS-EC-DH-DSA-PCTs.patch index f5cdb07..84dec4d 100644 --- a/SOURCES/0041-FIPS-EC-DH-DSA-PCTs.patch +++ b/SOURCES/0041-FIPS-EC-DH-DSA-PCTs.patch @@ -1,7 +1,7 @@ -From 1e029f27fe022949adaba959ac3fa3c3c1eccb0b Mon Sep 17 00:00:00 2001 +From 17caabce423bbcfe0501ebaa11c2d4a8379aca92 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 24 Mar 2025 10:50:06 -0400 -Subject: [PATCH 41/53] FIPS: EC: DH/DSA PCTs +Subject: [PATCH 41/57] FIPS: EC: DH/DSA PCTs Signed-off-by: Simo Sorce --- @@ -11,10 +11,10 @@ Signed-off-by: Simo Sorce 3 files changed, 75 insertions(+), 5 deletions(-) diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c -index 58fbc7bc09..98d4354f3e 100644 +index 43f3515878..0d35fc1590 100644 --- a/providers/implementations/exchange/ecdh_exch.c +++ b/providers/implementations/exchange/ecdh_exch.c -@@ -560,6 +560,25 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret, +@@ -546,6 +546,25 @@ static ossl_inline int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret, #endif ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk); @@ -41,10 +41,10 @@ index 58fbc7bc09..98d4354f3e 100644 retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL); diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c -index 9421aabb14..77531c4b59 100644 +index 305dc3a6b8..04e604c453 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c -@@ -993,9 +993,18 @@ struct ec_gen_ctx { +@@ -963,9 +963,18 @@ struct ec_gen_ctx { EC_GROUP *gen_group; unsigned char *dhkem_ikm; size_t dhkem_ikmlen; @@ -61,9 +61,9 @@ index 9421aabb14..77531c4b59 100644 +#endif + static void *ec_gen_init(void *provctx, int selection, - const OSSL_PARAM params[]) + const OSSL_PARAM params[]) { -@@ -1015,6 +1024,10 @@ static void *ec_gen_init(void *provctx, int selection, +@@ -985,6 +994,10 @@ static void *ec_gen_init(void *provctx, int selection, gctx = NULL; } } @@ -74,7 +74,7 @@ index 9421aabb14..77531c4b59 100644 return gctx; } -@@ -1326,6 +1339,12 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) +@@ -1295,6 +1308,12 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) if (gctx->ecdh_mode != -1) ret = ret && ossl_ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode); @@ -86,8 +86,8 @@ index 9421aabb14..77531c4b59 100644 +#endif if (gctx->group_check != NULL) - ret = ret && ossl_ec_set_check_group_type_from_name(ec, -@@ -1396,7 +1415,10 @@ static void ec_gen_cleanup(void *genctx) + ret = ret && ossl_ec_set_check_group_type_from_name(ec, gctx->group_check); +@@ -1379,7 +1398,10 @@ static void ec_gen_cleanup(void *genctx) if (gctx == NULL) return; @@ -100,7 +100,7 @@ index 9421aabb14..77531c4b59 100644 EC_GROUP_free(gctx->gen_group); BN_free(gctx->p); diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c -index 4e46eaf9bc..4d7c25728a 100644 +index f5c101005f..b1576977f7 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c @@ -33,7 +33,7 @@ @@ -130,7 +130,7 @@ index 4e46eaf9bc..4d7c25728a 100644 { PROV_ECDSA_CTX *ctx; -@@ -612,7 +612,7 @@ int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig, +@@ -610,7 +610,7 @@ int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig, return ok; } @@ -139,7 +139,7 @@ index 4e46eaf9bc..4d7c25728a 100644 { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; -@@ -861,6 +861,35 @@ static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx) +@@ -854,6 +854,35 @@ static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx) return EVP_MD_settable_ctx_params(ctx->md); } @@ -176,5 +176,5 @@ index 4e46eaf9bc..4d7c25728a 100644 { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx }, { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_sign_init }, -- -2.50.0 +2.52.0 diff --git a/SOURCES/0042-FIPS-EC-disable-weak-curves.patch b/SOURCES/0042-FIPS-EC-disable-weak-curves.patch index f625b85..763df95 100644 --- a/SOURCES/0042-FIPS-EC-disable-weak-curves.patch +++ b/SOURCES/0042-FIPS-EC-disable-weak-curves.patch @@ -1,7 +1,7 @@ -From 92b40ca85bbfa7acc9b16f2c7b370f2ea5fa3ffc Mon Sep 17 00:00:00 2001 +From 2cda3e9adf5534d6be689cff5eeb81459061f52b Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 7 Mar 2025 18:06:36 -0500 -Subject: [PATCH 42/53] FIPS: EC: disable weak curves +Subject: [PATCH 42/57] FIPS: EC: disable weak curves Signed-off-by: Simo Sorce --- @@ -9,10 +9,10 @@ Signed-off-by: Simo Sorce 1 file changed, 7 insertions(+) diff --git a/apps/ecparam.c b/apps/ecparam.c -index f0879dfb11..a6042e7d2a 100644 +index 017dc7568d..596c31a925 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c -@@ -77,6 +77,13 @@ static int list_builtin_curves(BIO *out) +@@ -90,6 +90,13 @@ static int list_builtin_curves(BIO *out) const char *comment = curves[n].comment; const char *sname = OBJ_nid2sn(curves[n].nid); @@ -27,5 +27,5 @@ index f0879dfb11..a6042e7d2a 100644 comment = "CURVE DESCRIPTION NOT AVAILABLE"; if (sname == NULL) -- -2.50.0 +2.52.0 diff --git a/SOURCES/0043-FIPS-NO-DSA-Support.patch b/SOURCES/0043-FIPS-NO-DSA-Support.patch index f58ff19..a7a1ffa 100644 --- a/SOURCES/0043-FIPS-NO-DSA-Support.patch +++ b/SOURCES/0043-FIPS-NO-DSA-Support.patch @@ -1,7 +1,7 @@ -From 2dbc4a1c31e66fd841a87f62834d8d60aff10d45 Mon Sep 17 00:00:00 2001 +From 9fca36a6c0712f3c11e6ba942e99039b17fc75b0 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 7 Mar 2025 18:10:52 -0500 -Subject: [PATCH 43/53] FIPS: NO DSA Support +Subject: [PATCH 43/57] FIPS: NO DSA Support Signed-off-by: Simo Sorce --- @@ -18,7 +18,7 @@ Signed-off-by: Simo Sorce mode change 100644 => 100755 test/recipes/30-test_evp.t diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c -index 1e90f363af..84d8e897cc 100644 +index 0f006301d7..f8f2822300 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -431,7 +431,8 @@ static const OSSL_ALGORITHM fips_keyexch[] = { @@ -31,23 +31,23 @@ index 1e90f363af..84d8e897cc 100644 { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, { PROV_NAMES_DSA_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha1_signature_functions }, { PROV_NAMES_DSA_SHA224, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha224_signature_functions }, -@@ -561,8 +562,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { - PROV_DESCS_DHX }, +@@ -559,8 +560,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { + PROV_DESCS_DHX }, #endif #ifndef OPENSSL_NO_DSA - { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, -- PROV_DESCS_DSA }, +- PROV_DESCS_DSA }, + /* We don't certify DSA in our FIPS provider */ + /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, -+ PROV_DESCS_DSA }, */ ++ PROV_DESCS_DSA }, */ #endif { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions, - PROV_DESCS_RSA }, + PROV_DESCS_RSA }, diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc -index 5cbb5352a5..10ca473764 100644 +index 6abab0a7a1..a7d7684d96 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc -@@ -1522,8 +1522,9 @@ static const unsigned char ed448_expected_sig[] = { +@@ -1547,8 +1547,9 @@ static const unsigned char ed448_expected_sig[] = { # endif /* OPENSSL_NO_ECX */ #endif /* OPENSSL_NO_EC */ @@ -58,7 +58,7 @@ index 5cbb5352a5..10ca473764 100644 static const unsigned char dsa_p[] = { 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23, 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e, -@@ -1651,6 +1652,7 @@ static const ST_KAT_PARAM dsa_key[] = { +@@ -1676,6 +1677,7 @@ static const ST_KAT_PARAM dsa_key[] = { ST_KAT_PARAM_END() }; #endif /* OPENSSL_NO_DSA */ @@ -66,7 +66,7 @@ index 5cbb5352a5..10ca473764 100644 #ifndef OPENSSL_NO_ML_DSA static const unsigned char ml_dsa_65_pub_key[] = { -@@ -3013,6 +3015,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { +@@ -3038,6 +3040,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { }, # endif /* OPENSSL_NO_ECX */ #endif /* OPENSSL_NO_EC */ @@ -74,7 +74,7 @@ index 5cbb5352a5..10ca473764 100644 #ifndef OPENSSL_NO_DSA { OSSL_SELF_TEST_DESC_SIGN_DSA, -@@ -3025,6 +3028,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { +@@ -3050,6 +3053,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { ITM(dsa_expected_sig) }, #endif /* OPENSSL_NO_DSA */ @@ -83,18 +83,18 @@ index 5cbb5352a5..10ca473764 100644 #ifndef OPENSSL_NO_ML_DSA { diff --git a/test/acvp_test.c b/test/acvp_test.c -index 2bcc886fd2..db0282d043 100644 +index 15c87c57a7..e3321874c2 100644 --- a/test/acvp_test.c +++ b/test/acvp_test.c -@@ -1735,6 +1735,7 @@ int setup_tests(void) - OSSL_NELEM(dh_safe_prime_keyver_data)); +@@ -1749,6 +1749,7 @@ int setup_tests(void) + OSSL_NELEM(dh_safe_prime_keyver_data)); #endif /* OPENSSL_NO_DH */ +#if 0 /* Red Hat FIPS provider doesn't have fips=yes property on DSA */ #ifndef OPENSSL_NO_DSA dsasign_allowed = fips_provider_version_lt(libctx, 3, 4, 0); ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data)); -@@ -1743,6 +1744,7 @@ int setup_tests(void) +@@ -1757,6 +1758,7 @@ int setup_tests(void) ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data)); ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data)); #endif /* OPENSSL_NO_DSA */ @@ -103,10 +103,10 @@ index 2bcc886fd2..db0282d043 100644 #ifndef OPENSSL_NO_EC ec_cofactors = fips_provider_version_ge(libctx, 3, 4, 0); diff --git a/test/endecode_test.c b/test/endecode_test.c -index d2ff9e6eb6..dfd5e92f7e 100644 +index b15bab217e..acfb5ef36d 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c -@@ -1536,6 +1536,7 @@ int setup_tests(void) +@@ -1549,6 +1549,7 @@ int setup_tests(void) * so no legacy tests. */ #endif @@ -114,9 +114,9 @@ index d2ff9e6eb6..dfd5e92f7e 100644 #ifndef OPENSSL_NO_DSA ADD_TEST_SUITE(DSA); ADD_TEST_SUITE_PARAMS(DSA); -@@ -1546,6 +1547,7 @@ int setup_tests(void) +@@ -1559,6 +1560,7 @@ int setup_tests(void) ADD_TEST_SUITE_PROTECTED_PVK(DSA); - # endif + #endif #endif + } #ifndef OPENSSL_NO_EC @@ -302,10 +302,10 @@ index 5e5315a5b9..660d1db149 100644 Key = DSA-2048-160 Input = "Hello" diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t -index ece29485f4..756f90c1bd 100644 +index 91283c5e74..beadb43cf4 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t -@@ -107,7 +107,7 @@ my @smime_pkcs7_tests = ( +@@ -116,7 +116,7 @@ my @smime_pkcs7_tests = ( \&final_compare ], @@ -314,7 +314,7 @@ index ece29485f4..756f90c1bd 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", -@@ -115,7 +115,7 @@ my @smime_pkcs7_tests = ( +@@ -124,7 +124,7 @@ my @smime_pkcs7_tests = ( \&final_compare ], @@ -323,7 +323,7 @@ index ece29485f4..756f90c1bd 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", -@@ -124,7 +124,7 @@ my @smime_pkcs7_tests = ( +@@ -133,7 +133,7 @@ my @smime_pkcs7_tests = ( \&final_compare ], @@ -332,7 +332,7 @@ index ece29485f4..756f90c1bd 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], [ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER", -@@ -135,7 +135,7 @@ my @smime_pkcs7_tests = ( +@@ -144,7 +144,7 @@ my @smime_pkcs7_tests = ( \&final_compare ], @@ -341,7 +341,7 @@ index ece29485f4..756f90c1bd 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-stream", "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], -@@ -144,7 +144,7 @@ my @smime_pkcs7_tests = ( +@@ -153,7 +153,7 @@ my @smime_pkcs7_tests = ( \&final_compare ], @@ -350,7 +350,7 @@ index ece29485f4..756f90c1bd 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-stream", "-signer", $smrsa1, -@@ -157,7 +157,7 @@ my @smime_pkcs7_tests = ( +@@ -166,7 +166,7 @@ my @smime_pkcs7_tests = ( \&final_compare ], @@ -359,7 +359,7 @@ index ece29485f4..756f90c1bd 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach", "-stream", "-signer", $smrsa1, -@@ -187,7 +187,7 @@ my @smime_pkcs7_tests = ( +@@ -196,7 +196,7 @@ my @smime_pkcs7_tests = ( \&zero_compare ], @@ -368,7 +368,7 @@ index ece29485f4..756f90c1bd 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach", "-signer", $smrsa1, "-signer", catfile($smdir, "smrsa2.pem"), -@@ -199,7 +199,7 @@ my @smime_pkcs7_tests = ( +@@ -208,7 +208,7 @@ my @smime_pkcs7_tests = ( \&final_compare ], @@ -377,7 +377,7 @@ index ece29485f4..756f90c1bd 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-signer", $smrsa1, "-signer", catfile($smdir, "smrsa2.pem"), -@@ -265,7 +265,7 @@ if ($no_fips || $old_fips) { +@@ -282,7 +282,7 @@ if ($no_fips || $old_fips) { my @smime_cms_tests = ( @@ -386,7 +386,7 @@ index ece29485f4..756f90c1bd 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid", "-signer", $smrsa1, -@@ -278,7 +278,7 @@ my @smime_cms_tests = ( +@@ -295,7 +295,7 @@ my @smime_cms_tests = ( \&final_compare ], @@ -396,5 +396,5 @@ index ece29485f4..756f90c1bd 100644 "-signer", $smrsa1, "-signer", catfile($smdir, "smrsa2.pem"), -- -2.50.0 +2.52.0 diff --git a/SOURCES/0044-FIPS-NO-DES-support.patch b/SOURCES/0044-FIPS-NO-DES-support.patch index 2f55859..edebf7f 100644 --- a/SOURCES/0044-FIPS-NO-DES-support.patch +++ b/SOURCES/0044-FIPS-NO-DES-support.patch @@ -1,54 +1,38 @@ -From 8774a96fde9355aa32c040c145e4f35d7c09a5bd Mon Sep 17 00:00:00 2001 +From 62748c233ae3afb8b0797a7d1ce2f391721d2971 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 7 Mar 2025 18:15:13 -0500 -Subject: [PATCH 44/53] FIPS: NO DES support +Subject: [PATCH 44/57] FIPS: NO DES support Signed-off-by: Simo Sorce --- - providers/fips/fipsprov.c | 3 ++- - providers/fips/self_test_data.inc | 5 ++++- + providers/fips/fipsprov.c | 4 ---- + providers/fips/self_test_data.inc | 2 ++ test/evp_libctx_test.c | 4 +++- .../30-test_evp_data/evpciph_des3_common.txt | 13 ++++--------- test/recipes/30-test_evp_data/evpmac_cmac_des.txt | 10 ---------- test/recipes/80-test_cms.t | 2 +- - 6 files changed, 14 insertions(+), 23 deletions(-) + 6 files changed, 10 insertions(+), 25 deletions(-) diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c -index 84d8e897cc..4b394c3e39 100644 +index f8f2822300..33e1a179cf 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c -@@ -355,7 +355,8 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { - ossl_cipher_capable_aes_cbc_hmac_sha256), +@@ -355,10 +355,6 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { + ossl_cipher_capable_aes_cbc_hmac_sha256), ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, - ossl_cipher_capable_aes_cbc_hmac_sha256), + ossl_cipher_capable_aes_cbc_hmac_sha256), -#ifndef OPENSSL_NO_DES -+/* We don't certify 3DES in our FIPS provider */ -+#if 0 /* ifndef OPENSSL_NO_DES */ - ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), - ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), - #endif /* OPENSSL_NO_DES */ +- ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), +- ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), +-#endif /* OPENSSL_NO_DES */ + { { NULL, NULL, NULL }, NULL } + }; + static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)]; diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc -index 10ca473764..6a69e1687b 100644 +index a7d7684d96..d8d23e6f90 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc -@@ -209,6 +209,7 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] = - /*- CIPHER TEST DATA */ - - /* DES3 test data */ -+#if 0 - static const unsigned char des_ede3_cbc_pt[] = { - 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, - 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, -@@ -229,7 +230,7 @@ static const unsigned char des_ede3_cbc_ct[] = { - 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, - 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 - }; -- -+#endif - /* AES-256 GCM test data */ - static const unsigned char aes_256_gcm_key[] = { - 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, -@@ -315,6 +316,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = { +@@ -305,6 +305,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = { CIPHER_MODE_DECRYPT, ITM(aes_128_ecb_key) }, @@ -56,7 +40,7 @@ index 10ca473764..6a69e1687b 100644 #ifndef OPENSSL_NO_DES { { -@@ -327,6 +329,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = { +@@ -317,6 +318,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = { ITM(tdes_key) } #endif @@ -65,10 +49,10 @@ index 10ca473764..6a69e1687b 100644 static const char hkdf_digest[] = "SHA256"; diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c -index 2838f343bd..19dd2c6c63 100644 +index 773210fadb..e0b4efe3f4 100644 --- a/test/evp_libctx_test.c +++ b/test/evp_libctx_test.c -@@ -831,7 +831,9 @@ int setup_tests(void) +@@ -984,7 +984,9 @@ int setup_tests(void) ADD_TEST(kem_invalid_keytype); #endif #ifndef OPENSSL_NO_DES @@ -157,10 +141,10 @@ index a11e5ffe54..e4a7cbe75e 100644 -Input = FA620C1BBE97319E9A0CF0492121F7A20EB08A6A709DCBD00AAF38E4F99E754E -Output = 8F49A1B7D6AA2258 diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t -index 756f90c1bd..ac833d2a2f 100644 +index beadb43cf4..71ab4a3910 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t -@@ -398,7 +398,7 @@ my @smime_cms_tests = ( +@@ -415,7 +415,7 @@ my @smime_cms_tests = ( \&final_compare ], @@ -170,5 +154,5 @@ index 756f90c1bd..ac833d2a2f 100644 "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", "-stream", "-out", "{output}.cms" ], -- -2.50.0 +2.52.0 diff --git a/SOURCES/0045-FIPS-NO-Kmac.patch b/SOURCES/0045-FIPS-NO-Kmac.patch index 89c3248..97c5cb7 100644 --- a/SOURCES/0045-FIPS-NO-Kmac.patch +++ b/SOURCES/0045-FIPS-NO-Kmac.patch @@ -1,38 +1,37 @@ -From e466bb4e4fa16481cbf44b410933e6dceb8d27d9 Mon Sep 17 00:00:00 2001 +From 7afd41a086ff9d3c39ff592e26d006c769e2a6d7 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 7 Mar 2025 18:22:07 -0500 -Subject: [PATCH 45/53] FIPS: NO Kmac +Subject: [PATCH 45/57] FIPS: NO Kmac Signed-off-by: Simo Sorce --- - providers/fips/fipsprov.c | 10 +- + providers/fips/fipsprov.c | 9 +- providers/fips/self_test_data.inc | 4 + test/recipes/30-test_evp.t | 2 +- test/recipes/30-test_evp_data/evpkdf_hkdf.txt | 2 +- .../30-test_evp_data/evpkdf_kbkdf_counter.txt | 2 +- test/recipes/30-test_evp_data/evpkdf_ss.txt | 6 +- .../30-test_evp_data/evpmac_common.txt | 100 ++++-------------- - 7 files changed, 40 insertions(+), 86 deletions(-) + 7 files changed, 39 insertions(+), 86 deletions(-) diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c -index 4b394c3e39..8f00dfa0ef 100644 +index 33e1a179cf..7930cf3241 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c -@@ -294,10 +294,11 @@ static const OSSL_ALGORITHM fips_digests[] = { +@@ -294,10 +294,10 @@ static const OSSL_ALGORITHM fips_digests[] = { * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for * KMAC128 and KMAC256. */ - { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, -+ /* We don't certify KECCAK in our FIPS provider */ + /* { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, - ossl_keccak_kmac_128_functions }, + ossl_keccak_kmac_128_functions }, { PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES, -- ossl_keccak_kmac_256_functions }, -+ ossl_keccak_kmac_256_functions }, */ +- ossl_keccak_kmac_256_functions }, ++ ossl_keccak_kmac_256_functions }, */ { NULL, NULL, NULL } }; -@@ -370,8 +371,9 @@ static const OSSL_ALGORITHM fips_macs[] = { +@@ -365,8 +365,9 @@ static const OSSL_ALGORITHM fips_macs[] = { #endif { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions }, { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions }, @@ -45,10 +44,10 @@ index 4b394c3e39..8f00dfa0ef 100644 }; diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc -index 6a69e1687b..f3059a8446 100644 +index d8d23e6f90..43f7c89fd6 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc -@@ -544,6 +544,7 @@ static const ST_KAT_PARAM kbkdf_params[] = { +@@ -533,6 +533,7 @@ static const ST_KAT_PARAM kbkdf_params[] = { ST_KAT_PARAM_END() }; @@ -56,7 +55,7 @@ index 6a69e1687b..f3059a8446 100644 static const char kbkdf_kmac_mac[] = "KMAC128"; static unsigned char kbkdf_kmac_label[] = { 0xB5, 0xB5, 0xF3, 0x71, 0x9F, 0xBE, 0x5B, 0x3D, -@@ -570,6 +571,7 @@ static const ST_KAT_PARAM kbkdf_kmac_params[] = { +@@ -559,6 +560,7 @@ static const ST_KAT_PARAM kbkdf_kmac_params[] = { ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_kmac_context), ST_KAT_PARAM_END() }; @@ -64,7 +63,7 @@ index 6a69e1687b..f3059a8446 100644 static const char tls13_kdf_digest[] = "SHA256"; static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; -@@ -660,12 +662,14 @@ static const ST_KAT_KDF st_kat_kdf_tests[] = +@@ -649,12 +651,14 @@ static const ST_KAT_KDF st_kat_kdf_tests[] = kbkdf_params, ITM(kbkdf_expected) }, @@ -422,5 +421,5 @@ index 831eecbac9..af92ceea98 100644 -Custom = "" -Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69 -- -2.50.0 +2.52.0 diff --git a/SOURCES/0046-FIPS-Fix-some-tests-due-to-our-versioning-change.patch b/SOURCES/0046-FIPS-Fix-some-tests-due-to-our-versioning-change.patch index e7e10be..5081a1e 100644 --- a/SOURCES/0046-FIPS-Fix-some-tests-due-to-our-versioning-change.patch +++ b/SOURCES/0046-FIPS-Fix-some-tests-due-to-our-versioning-change.patch @@ -1,7 +1,7 @@ -From 0d1de1053dc1b4b9a1e14b622311d0449c64e19e Mon Sep 17 00:00:00 2001 +From d6a6afdc614ce0e6273554f50c18cd70000cff01 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 10 Mar 2025 13:52:50 -0400 -Subject: [PATCH 46/53] FIPS: Fix some tests due to our versioning change +Subject: [PATCH 46/57] FIPS: Fix some tests due to our versioning change Signed-off-by: Simo Sorce --- @@ -102,5 +102,5 @@ index af47842fd8..21c75033e8 100644 my @tests_mldsa_tls_1_3 = ( -- -2.50.0 +2.52.0 diff --git a/SOURCES/0047-Current-Rebase-status.patch b/SOURCES/0047-Current-Rebase-status.patch index 317a565..8dff33d 100644 --- a/SOURCES/0047-Current-Rebase-status.patch +++ b/SOURCES/0047-Current-Rebase-status.patch @@ -1,7 +1,7 @@ -From e47db9280144065c4221537f1d44baa750a25d64 Mon Sep 17 00:00:00 2001 +From 607a195b374a6072c87a500713cea78347b7d252 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 12 Feb 2025 17:25:47 -0500 -Subject: [PATCH 47/53] Current Rebase status +Subject: [PATCH 47/57] Current Rebase status Signed-off-by: Simo Sorce --- @@ -102,5 +102,5 @@ index 2833a383c1..c8f6c992a8 100644 +./Configure --prefix=$HOME/tmp/openssl-rebase --openssldir=$HOME/tmp/openssl-rebase/etc/pki/tls enable-ec_nistp_64_gcc_128 --system-ciphers-file=$HOME/tmp/openssl-rebase/etc/crypto-policies/back-ends/opensslcnf.config zlib enable-camellia enable-seed enable-rfc3779 enable-sctp enable-cms enable-md2 enable-rc5 enable-ktls enable-fips no-mdc2 no-ec2m no-sm2 no-sm4 no-atexit enable-buildtest-c++ shared linux-x86_64 $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DOPENSSL_PEDANTIC_ZEROIZATION -DREDHAT_FIPS_VENDOR="\"Red Hat Enterprise Linux OpenSSL FIPS Provider\"" -DREDHAT_FIPS_VERSION="\"3.5.0-4c714d97fd77d1a8\""' -Wl,--allow-multiple-definition + -- -2.50.0 +2.52.0 diff --git a/SOURCES/0048-FIPS-KDF-key-lenght-errors.patch b/SOURCES/0048-FIPS-KDF-key-lenght-errors.patch index 42aec19..a0e76bb 100644 --- a/SOURCES/0048-FIPS-KDF-key-lenght-errors.patch +++ b/SOURCES/0048-FIPS-KDF-key-lenght-errors.patch @@ -1,7 +1,7 @@ -From d0063158bcf9321daec1ffcbfeb3d7b085aebce3 Mon Sep 17 00:00:00 2001 +From be07c8ed65b9657227d03b905b9a490bd14bd173 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 14 Apr 2025 15:25:40 -0400 -Subject: [PATCH 48/53] FIPS: KDF key lenght errors +Subject: [PATCH 48/57] FIPS: KDF key lenght errors Signed-off-by: Simo Sorce --- @@ -171,5 +171,5 @@ index 1fb2472001..93c07ede7c 100644 # Test that the key whose length is shorter than 112 bits is reported as -- -2.50.0 +2.52.0 diff --git a/SOURCES/0049-FIPS-fix-disallowed-digests-tests.patch b/SOURCES/0049-FIPS-fix-disallowed-digests-tests.patch index 40edd3c..0ddd1b7 100644 --- a/SOURCES/0049-FIPS-fix-disallowed-digests-tests.patch +++ b/SOURCES/0049-FIPS-fix-disallowed-digests-tests.patch @@ -1,7 +1,7 @@ -From 91000e60a38106701dd76deb37eafe165e7802a3 Mon Sep 17 00:00:00 2001 +From 53462749e29bd8f96e52f3f31cf1de2114e896c3 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 15 Apr 2025 13:41:42 -0400 -Subject: [PATCH 49/53] FIPS: fix disallowed digests tests +Subject: [PATCH 49/57] FIPS: fix disallowed digests tests Signed-off-by: Simo Sorce --- @@ -47,5 +47,5 @@ index 6688c217aa..8347f773e6 100644 # Test that the key whose length is shorter than 112 bits is reported as # unapproved -- -2.50.0 +2.52.0 diff --git a/SOURCES/0050-Make-openssl-speed-run-in-FIPS-mode.patch b/SOURCES/0050-Make-openssl-speed-run-in-FIPS-mode.patch index 3351cb1..7766996 100644 --- a/SOURCES/0050-Make-openssl-speed-run-in-FIPS-mode.patch +++ b/SOURCES/0050-Make-openssl-speed-run-in-FIPS-mode.patch @@ -1,18 +1,18 @@ -From 99d3ce80ecf3252962a1b79dd57324f08b62cc18 Mon Sep 17 00:00:00 2001 +From ed9fd546659e691f51df032d6e364cee45c3bf0b Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Fri, 9 May 2025 15:09:46 +0200 -Subject: [PATCH 50/53] Make `openssl speed` run in FIPS mode +Subject: [PATCH 50/57] Make `openssl speed` run in FIPS mode --- apps/speed.c | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/apps/speed.c b/apps/speed.c -index 3307a9cb46..ae2f166d24 100644 +index 13c8505ed9..c31e30f235 100644 --- a/apps/speed.c +++ b/apps/speed.c -@@ -3172,18 +3172,18 @@ int speed_main(int argc, char **argv) - (void *)key32, 16); +@@ -3231,18 +3231,18 @@ int speed_main(int argc, char **argv) + (void *)key32, 16); params[1] = OSSL_PARAM_construct_end(); - if (mac_setup("KMAC-128", &mac, params, loopargs, loopargs_len) < 1) @@ -41,8 +41,8 @@ index 3307a9cb46..ae2f166d24 100644 } if (doit[D_KMAC256]) { -@@ -3193,18 +3193,18 @@ int speed_main(int argc, char **argv) - (void *)key32, 32); +@@ -3252,18 +3252,18 @@ int speed_main(int argc, char **argv) + (void *)key32, 32); params[1] = OSSL_PARAM_construct_end(); - if (mac_setup("KMAC-256", &mac, params, loopargs, loopargs_len) < 1) @@ -72,5 +72,5 @@ index 3307a9cb46..ae2f166d24 100644 for (i = 0; i < loopargs_len; i++) -- -2.50.0 +2.52.0 diff --git a/SOURCES/0051-Backport-upstream-27483-for-PKCS11-needs.patch b/SOURCES/0051-Backport-upstream-27483-for-PKCS11-needs.patch index c2d8a0f..bfcd0bd 100644 --- a/SOURCES/0051-Backport-upstream-27483-for-PKCS11-needs.patch +++ b/SOURCES/0051-Backport-upstream-27483-for-PKCS11-needs.patch @@ -1,7 +1,7 @@ -From 5b20574f75a2c525bf30ea304292ecd93eb72091 Mon Sep 17 00:00:00 2001 +From b03deba991f7f0677127f6030fde0011ab30430b Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Mon, 12 May 2025 14:34:39 +0200 -Subject: [PATCH 51/53] Backport upstream #27483 for PKCS11 needs +Subject: [PATCH 51/57] Backport upstream #27483 for PKCS11 needs --- .../implementations/skeymgmt/aes_skmgmt.c | 2 + @@ -11,7 +11,7 @@ Subject: [PATCH 51/53] Backport upstream #27483 for PKCS11 needs 4 files changed, 76 insertions(+) diff --git a/providers/implementations/skeymgmt/aes_skmgmt.c b/providers/implementations/skeymgmt/aes_skmgmt.c -index 6d3b5f377f..17be480131 100644 +index 02370b7fb7..48e3b64580 100644 --- a/providers/implementations/skeymgmt/aes_skmgmt.c +++ b/providers/implementations/skeymgmt/aes_skmgmt.c @@ -48,5 +48,7 @@ const OSSL_DISPATCH ossl_aes_skeymgmt_functions[] = { @@ -23,7 +23,7 @@ index 6d3b5f377f..17be480131 100644 OSSL_DISPATCH_END }; diff --git a/providers/implementations/skeymgmt/generic.c b/providers/implementations/skeymgmt/generic.c -index b41bf8e12d..5fb3fad7e3 100644 +index 5b8c557f83..faec12374a 100644 --- a/providers/implementations/skeymgmt/generic.c +++ b/providers/implementations/skeymgmt/generic.c @@ -65,6 +65,16 @@ end: @@ -41,7 +41,7 @@ index b41bf8e12d..5fb3fad7e3 100644 +} + int generic_export(void *keydata, int selection, - OSSL_CALLBACK *param_callback, void *cbarg) + OSSL_CALLBACK *param_callback, void *cbarg) { @@ -89,5 +99,7 @@ const OSSL_DISPATCH ossl_generic_skeymgmt_functions[] = { { OSSL_FUNC_SKEYMGMT_FREE, (void (*)(void))generic_free }, @@ -52,7 +52,7 @@ index b41bf8e12d..5fb3fad7e3 100644 OSSL_DISPATCH_END }; diff --git a/providers/implementations/skeymgmt/skeymgmt_lcl.h b/providers/implementations/skeymgmt/skeymgmt_lcl.h -index c180c1d303..a7e7605050 100644 +index c75776cce4..7e35b2cc9e 100644 --- a/providers/implementations/skeymgmt/skeymgmt_lcl.h +++ b/providers/implementations/skeymgmt/skeymgmt_lcl.h @@ -15,5 +15,6 @@ @@ -63,10 +63,10 @@ index c180c1d303..a7e7605050 100644 #endif diff --git a/test/evp_skey_test.c b/test/evp_skey_test.c -index b81df9c8f8..e33bbbe003 100644 +index 7fd70ca732..dddf92f9da 100644 --- a/test/evp_skey_test.c +++ b/test/evp_skey_test.c -@@ -92,6 +92,66 @@ end: +@@ -107,6 +107,66 @@ end: return ret; } @@ -133,7 +133,7 @@ index b81df9c8f8..e33bbbe003 100644 #define IV_SIZE 16 #define DATA_SIZE 32 static int test_aes_raw_skey(void) -@@ -252,6 +312,7 @@ int setup_tests(void) +@@ -267,6 +327,7 @@ int setup_tests(void) return 0; ADD_TEST(test_skey_cipher); @@ -142,5 +142,5 @@ index b81df9c8f8..e33bbbe003 100644 ADD_TEST(test_aes_raw_skey); #ifndef OPENSSL_NO_DES -- -2.50.0 +2.52.0 diff --git a/SOURCES/0052-Red-Hat-9-FIPS-indicator-defines.patch b/SOURCES/0052-Red-Hat-9-FIPS-indicator-defines.patch index f3e4488..b0095ea 100644 --- a/SOURCES/0052-Red-Hat-9-FIPS-indicator-defines.patch +++ b/SOURCES/0052-Red-Hat-9-FIPS-indicator-defines.patch @@ -1,7 +1,7 @@ -From fcba6e3c26d76ce26ef140f3d07f9cc15e7d98fa Mon Sep 17 00:00:00 2001 +From 4a6768577382850dd3f3580f232a2a2ac7ed09c2 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Mon, 12 May 2025 16:21:23 +0200 -Subject: [PATCH 52/53] Red Hat 9 FIPS indicator defines +Subject: [PATCH 52/57] Red Hat 9 FIPS indicator defines --- include/openssl/evp.h | 15 +++++++++++++++ @@ -10,10 +10,10 @@ Subject: [PATCH 52/53] Red Hat 9 FIPS indicator defines 3 files changed, 26 insertions(+) diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index e5da1e6415..3849c1779e 100644 +index e83ad13183..afa8f7a542 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h -@@ -779,6 +779,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +@@ -767,6 +767,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); @@ -22,21 +22,21 @@ index e5da1e6415..3849c1779e 100644 +# define EVP_CIPHER_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 + __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv); + const unsigned char *key, const unsigned char *iv); __owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, -@@ -850,6 +854,10 @@ __owur int EVP_CipherPipelineFinal(EVP_CIPHER_CTX *ctx, +@@ -838,6 +842,10 @@ __owur int EVP_CipherPipelineFinal(EVP_CIPHER_CTX *ctx, __owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); + int *outl); +# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 +# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_APPROVED 1 +# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 + __owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, - EVP_PKEY *pkey); + EVP_PKEY *pkey); __owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, -@@ -1249,6 +1257,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, - void *arg); +@@ -1240,6 +1248,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, + void *arg); /* MAC stuff */ +# define EVP_MAC_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 @@ -44,35 +44,35 @@ index e5da1e6415..3849c1779e 100644 +# define EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, - const char *properties); -@@ -1826,6 +1837,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void); + const char *properties); +@@ -1816,6 +1827,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void); OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); - # endif + #endif +# define EVP_PKEY_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 +# define EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED 1 +# define EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 + EVP_KEYMGMT *EVP_KEYMGMT_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties); + const char *properties); int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h -index 0983230a48..86171635ea 100644 +index d06ca6c69d..e061f0164f 100644 --- a/include/openssl/kdf.h +++ b/include/openssl/kdf.h @@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *kdf, - # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 - # define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 + #define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 + #define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 +# define EVP_KDF_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 +# define EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED 1 +# define EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 + - #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 - #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 + #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 + #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 #define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67 diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm -index 059b489735..5a1864309d 100644 +index 262c184ca2..6009253440 100644 --- a/util/perl/OpenSSL/paramnames.pm +++ b/util/perl/OpenSSL/paramnames.pm @@ -143,6 +143,8 @@ my %params = ( @@ -125,5 +125,5 @@ index 059b489735..5a1864309d 100644 'KEM_PARAM_FIPS_KEY_CHECK' => '*PKEY_PARAM_FIPS_KEY_CHECK', 'KEM_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR', -- -2.50.0 +2.52.0 diff --git a/SOURCES/0053-Allow-hybrid-MLKEM-in-FIPS-mode.patch b/SOURCES/0053-Allow-hybrid-MLKEM-in-FIPS-mode.patch index e3e72f2..6632b9f 100644 --- a/SOURCES/0053-Allow-hybrid-MLKEM-in-FIPS-mode.patch +++ b/SOURCES/0053-Allow-hybrid-MLKEM-in-FIPS-mode.patch @@ -1,21 +1,21 @@ -From 75c77ea5f36dbf6d21940ab5bf87dff6acd5b8d6 Mon Sep 17 00:00:00 2001 +From 1b1a5447386cf8a149c4cd603c893a691eb210b5 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Fri, 30 May 2025 16:17:37 +0200 -Subject: [PATCH 53/53] Allow hybrid MLKEM in FIPS mode +Subject: [PATCH 53/57] Allow hybrid MLKEM in FIPS mode --- crypto/ml_kem/ml_kem.c | 11 ++-- - include/crypto/ml_kem.h | 2 + - providers/defltprov.c | 8 +-- + include/crypto/ml_kem.h | 1 + + providers/defltprov.c | 14 ++--- providers/implementations/kem/mlx_kem.c | 33 +++++++++- providers/implementations/keymgmt/mlx_kmgmt.c | 61 ++++++++++++++++++- - 5 files changed, 103 insertions(+), 12 deletions(-) + 5 files changed, 105 insertions(+), 15 deletions(-) diff --git a/crypto/ml_kem/ml_kem.c b/crypto/ml_kem/ml_kem.c -index 4474af0f87..6eca7dc29d 100644 +index dd8a39197a..833abf9f1d 100644 --- a/crypto/ml_kem/ml_kem.c +++ b/crypto/ml_kem/ml_kem.c -@@ -1613,6 +1613,7 @@ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties, +@@ -1924,6 +1924,7 @@ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties, { const ML_KEM_VINFO *vinfo = ossl_ml_kem_get_vinfo(evp_type); ML_KEM_KEY *key; @@ -23,7 +23,7 @@ index 4474af0f87..6eca7dc29d 100644 if (vinfo == NULL) { ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT, -@@ -1623,15 +1624,17 @@ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties, +@@ -1934,15 +1935,17 @@ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties, if ((key = OPENSSL_malloc(sizeof(*key))) == NULL) return NULL; @@ -46,45 +46,51 @@ index 4474af0f87..6eca7dc29d 100644 if (key->shake128_md != NULL && key->shake256_md != NULL diff --git a/include/crypto/ml_kem.h b/include/crypto/ml_kem.h -index 67d55697e9..ab1aaae8ac 100644 +index dbe9192364..35dcbbf32c 100644 --- a/include/crypto/ml_kem.h +++ b/include/crypto/ml_kem.h -@@ -278,4 +278,6 @@ int ossl_ml_kem_decap(uint8_t *shared_secret, size_t slen, - __owur - int ossl_ml_kem_pubkey_cmp(const ML_KEM_KEY *key1, const ML_KEM_KEY *key2); +@@ -268,4 +268,5 @@ __owur int ossl_ml_kem_decap(uint8_t *shared_secret, size_t slen, + /* Compare the public key hashes of two keys */ + __owur int ossl_ml_kem_pubkey_cmp(const ML_KEM_KEY *key1, const ML_KEM_KEY *key2); +char *get_adjusted_propq(const char *propq); -+ - #endif /* OPENSSL_HEADER_ML_KEM_H */ + #endif /* OPENSSL_HEADER_ML_KEM_H */ diff --git a/providers/defltprov.c b/providers/defltprov.c -index eee2178b41..0dba017f3f 100644 +index 90655395c1..f74b160d6f 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -517,8 +517,8 @@ static const OSSL_ALGORITHM deflt_asym_kem[] = { { "X448MLKEM1024", "provider=default", ossl_mlx_kem_asym_kem_functions }, - # endif - # if !defined(OPENSSL_NO_EC) + #endif + #if !defined(OPENSSL_NO_EC) - { "SecP256r1MLKEM768", "provider=default", ossl_mlx_kem_asym_kem_functions }, - { "SecP384r1MLKEM1024", "provider=default", ossl_mlx_kem_asym_kem_functions }, + { "SecP256r1MLKEM768", "provider=default,fips=yes", ossl_mlx_kem_asym_kem_functions }, + { "SecP384r1MLKEM1024", "provider=default,fips=yes", ossl_mlx_kem_asym_kem_functions }, - # endif + #endif #endif { NULL, NULL, NULL } -@@ -597,9 +597,9 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = { - PROV_DESCS_X448MLKEM1024 }, - # endif - # if !defined(OPENSSL_NO_EC) -- { PROV_NAMES_SecP256r1MLKEM768, "provider=default", ossl_mlx_p256_kem_kmgmt_functions, -+ { PROV_NAMES_SecP256r1MLKEM768, "provider=default,fips=yes", ossl_mlx_p256_kem_kmgmt_functions, - PROV_DESCS_SecP256r1MLKEM768 }, -- { PROV_NAMES_SecP384r1MLKEM1024, "provider=default", ossl_mlx_p384_kem_kmgmt_functions, -+ { PROV_NAMES_SecP384r1MLKEM1024, "provider=default,fips=yes", ossl_mlx_p384_kem_kmgmt_functions, - PROV_DESCS_SecP384r1MLKEM1024 }, - # endif +@@ -594,13 +594,13 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = { + { PROV_NAMES_X25519MLKEM768, "provider=default", ossl_mlx_x25519_kem_kmgmt_functions, + PROV_DESCS_X25519MLKEM768 }, + { PROV_NAMES_X448MLKEM1024, "provider=default", ossl_mlx_x448_kem_kmgmt_functions, +- PROV_DESCS_X448MLKEM1024 }, ++ PROV_DESCS_X448MLKEM1024 }, #endif + #if !defined(OPENSSL_NO_EC) +- { PROV_NAMES_SecP256r1MLKEM768, "provider=default", ossl_mlx_p256_kem_kmgmt_functions, +- PROV_DESCS_SecP256r1MLKEM768 }, +- { PROV_NAMES_SecP384r1MLKEM1024, "provider=default", ossl_mlx_p384_kem_kmgmt_functions, +- PROV_DESCS_SecP384r1MLKEM1024 }, ++ { PROV_NAMES_SecP256r1MLKEM768, "provider=default,fips=yes", ossl_mlx_p256_kem_kmgmt_functions, ++ PROV_DESCS_SecP256r1MLKEM768 }, ++ { PROV_NAMES_SecP384r1MLKEM1024, "provider=default,fips=yes", ossl_mlx_p384_kem_kmgmt_functions, ++ PROV_DESCS_SecP384r1MLKEM1024 }, + #endif + #endif + #ifndef OPENSSL_NO_SLH_DSA diff --git a/providers/implementations/kem/mlx_kem.c b/providers/implementations/kem/mlx_kem.c -index 197c345d85..08fbf99a76 100644 +index 376b3342dd..09fa003612 100644 --- a/providers/implementations/kem/mlx_kem.c +++ b/providers/implementations/kem/mlx_kem.c @@ -19,6 +19,7 @@ @@ -122,7 +128,7 @@ index 197c345d85..08fbf99a76 100644 +} + static int mlx_kem_encapsulate(void *vctx, unsigned char *ctext, size_t *clen, - unsigned char *shsec, size_t *slen) + unsigned char *shsec, size_t *slen) { @@ -115,6 +138,7 @@ static int mlx_kem_encapsulate(void *vctx, unsigned char *ctext, size_t *clen, uint8_t *sbuf; @@ -142,15 +148,15 @@ index 197c345d85..08fbf99a76 100644 if (ctx == NULL || EVP_PKEY_encapsulate_init(ctx, NULL) <= 0 || EVP_PKEY_encapsulate(ctx, cbuf, &encap_clen, sbuf, &encap_slen) <= 0) -@@ -237,6 +262,7 @@ static int mlx_kem_encapsulate(void *vctx, unsigned char *ctext, size_t *clen, - end: +@@ -238,6 +263,7 @@ static int mlx_kem_encapsulate(void *vctx, unsigned char *ctext, size_t *clen, + end: EVP_PKEY_free(xkey); EVP_PKEY_CTX_free(ctx); + OPENSSL_free(adjusted_propq); return ret; } -@@ -252,6 +278,7 @@ static int mlx_kem_decapsulate(void *vctx, uint8_t *shsec, size_t *slen, +@@ -253,6 +279,7 @@ static int mlx_kem_decapsulate(void *vctx, uint8_t *shsec, size_t *slen, size_t decap_clen = key->minfo->ctext_bytes + key->xinfo->pubkey_bytes; int ml_kem_slot = key->xinfo->ml_kem_slot; int ret = 0; @@ -158,7 +164,7 @@ index 197c345d85..08fbf99a76 100644 if (!mlx_kem_have_prvkey(key)) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); -@@ -287,7 +314,8 @@ static int mlx_kem_decapsulate(void *vctx, uint8_t *shsec, size_t *slen, +@@ -288,7 +315,8 @@ static int mlx_kem_decapsulate(void *vctx, uint8_t *shsec, size_t *slen, decap_slen = ML_KEM_SHARED_SECRET_BYTES; cbuf = ctext + ml_kem_slot * key->xinfo->pubkey_bytes; sbuf = shsec + ml_kem_slot * key->xinfo->shsec_bytes; @@ -168,8 +174,8 @@ index 197c345d85..08fbf99a76 100644 if (ctx == NULL || EVP_PKEY_decapsulate_init(ctx, NULL) <= 0 || EVP_PKEY_decapsulate(ctx, sbuf, &decap_slen, cbuf, decap_clen) <= 0) -@@ -325,6 +353,7 @@ static int mlx_kem_decapsulate(void *vctx, uint8_t *shsec, size_t *slen, - end: +@@ -326,6 +354,7 @@ static int mlx_kem_decapsulate(void *vctx, uint8_t *shsec, size_t *slen, + end: EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(xkey); + OPENSSL_free(adjusted_propq); @@ -177,11 +183,11 @@ index 197c345d85..08fbf99a76 100644 } diff --git a/providers/implementations/keymgmt/mlx_kmgmt.c b/providers/implementations/keymgmt/mlx_kmgmt.c -index bea8783276..aeef0c8f84 100644 +index 46ed63039e..6ce9aa3c9a 100644 --- a/providers/implementations/keymgmt/mlx_kmgmt.c +++ b/providers/implementations/keymgmt/mlx_kmgmt.c -@@ -156,6 +156,52 @@ typedef struct export_cb_arg_st { - size_t prvlen; +@@ -155,6 +155,52 @@ typedef struct export_cb_arg_st { + size_t prvlen; } EXPORT_CB_ARG; +#ifndef FIPS_MODULE @@ -233,7 +239,7 @@ index bea8783276..aeef0c8f84 100644 /* Copy any exported key material into its storage slot */ static int export_sub_cb(const OSSL_PARAM *params, void *varg) { -@@ -176,6 +222,10 @@ static int export_sub_cb(const OSSL_PARAM *params, void *varg) +@@ -175,6 +221,10 @@ static int export_sub_cb(const OSSL_PARAM *params, void *varg) if (OSSL_PARAM_get_octet_string(p, &pub, sub_arg->publen, &len) != 1) return 0; @@ -243,8 +249,8 @@ index bea8783276..aeef0c8f84 100644 +#endif if (len != sub_arg->publen) { ERR_raise_data(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR, - "Unexpected %s public key length %lu != %lu", -@@ -344,12 +394,14 @@ load_slot(OSSL_LIB_CTX *libctx, const char *propq, const char *pname, + "Unexpected %s public key length %lu != %lu", +@@ -343,12 +393,14 @@ load_slot(OSSL_LIB_CTX *libctx, const char *propq, const char *pname, void *val; int ml_kem_slot = key->xinfo->ml_kem_slot; int ret = 0; @@ -258,8 +264,8 @@ index bea8783276..aeef0c8f84 100644 + adjusted_propq = get_adjusted_propq(propq); } else { alg = key->xinfo->algorithm_name; - group = (char *) key->xinfo->group_name; -@@ -359,7 +411,8 @@ load_slot(OSSL_LIB_CTX *libctx, const char *propq, const char *pname, + group = (char *)key->xinfo->group_name; +@@ -358,7 +410,8 @@ load_slot(OSSL_LIB_CTX *libctx, const char *propq, const char *pname, } val = (void *)(in + off); @@ -269,34 +275,34 @@ index bea8783276..aeef0c8f84 100644 || EVP_PKEY_fromdata_init(ctx) <= 0) goto err; parr[0] = OSSL_PARAM_construct_octet_string(pname, val, len); -@@ -370,6 +423,7 @@ load_slot(OSSL_LIB_CTX *libctx, const char *propq, const char *pname, +@@ -369,6 +422,7 @@ load_slot(OSSL_LIB_CTX *libctx, const char *propq, const char *pname, ret = 1; - err: + err: + OPENSSL_free(adjusted_propq); EVP_PKEY_CTX_free(ctx); return ret; } -@@ -688,6 +742,7 @@ static void *mlx_kem_gen(void *vgctx, OSSL_CALLBACK *osslcb, void *cbarg) +@@ -685,6 +739,7 @@ static void *mlx_kem_gen(void *vgctx, OSSL_CALLBACK *osslcb, void *cbarg) PROV_ML_KEM_GEN_CTX *gctx = vgctx; MLX_KEY *key; char *propq; + char *adjusted_propq = NULL; if (gctx == NULL - || (gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == -@@ -704,8 +759,10 @@ static void *mlx_kem_gen(void *vgctx, OSSL_CALLBACK *osslcb, void *cbarg) + || (gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_PUBLIC_KEY) +@@ -700,8 +755,10 @@ static void *mlx_kem_gen(void *vgctx, OSSL_CALLBACK *osslcb, void *cbarg) return key; /* For now, using the same "propq" for all components */ - key->mkey = EVP_PKEY_Q_keygen(key->libctx, key->propq, + adjusted_propq = get_adjusted_propq(propq); + key->mkey = EVP_PKEY_Q_keygen(key->libctx, adjusted_propq ? adjusted_propq : key->propq, - key->minfo->algorithm_name); + key->minfo->algorithm_name); + OPENSSL_free(adjusted_propq); key->xkey = EVP_PKEY_Q_keygen(key->libctx, key->propq, - key->xinfo->algorithm_name, - key->xinfo->group_name); + key->xinfo->algorithm_name, + key->xinfo->group_name); -- -2.50.0 +2.52.0 diff --git a/SOURCES/0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch b/SOURCES/0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch index e01f7bf..658a8f0 100644 --- a/SOURCES/0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch +++ b/SOURCES/0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch @@ -1,7 +1,7 @@ -From 5389ed0aeb97b290969f923b205e333d4f85fdc3 Mon Sep 17 00:00:00 2001 +From 3f73722b8e546a3f8f4e8bc7d74527f4fe7c4413 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 15 Jul 2025 12:32:14 -0400 -Subject: [PATCH] Temporarily disable SLH-DSA FIPS self-tests +Subject: [PATCH 54/57] Temporarily disable SLH-DSA FIPS self-tests Signed-off-by: Simo Sorce --- @@ -9,10 +9,10 @@ Signed-off-by: Simo Sorce 1 file changed, 6 insertions(+) diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc -index f3059a8446..e924e93018 100644 +index 43f7c89fd6..7b03aad775 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc -@@ -2862,6 +2862,7 @@ static const ST_KAT_PARAM ml_dsa_sig_init[] = { +@@ -2886,6 +2886,7 @@ static const ST_KAT_PARAM ml_dsa_sig_init[] = { }; #endif /* OPENSSL_NO_ML_DSA */ @@ -20,7 +20,7 @@ index f3059a8446..e924e93018 100644 #ifndef OPENSSL_NO_SLH_DSA /* * Deterministic SLH_DSA key generation supplies the private key elements and -@@ -2952,6 +2953,7 @@ static const unsigned char slh_dsa_shake_128f_sig_digest[] = { +@@ -2976,6 +2977,7 @@ static const unsigned char slh_dsa_shake_128f_sig_digest[] = { 0x89, 0x77, 0x00, 0x72, 0x03, 0x92, 0xd1, 0xa6, }; #endif /* OPENSSL_NO_SLH_DSA */ @@ -28,7 +28,7 @@ index f3059a8446..e924e93018 100644 /* Hash DRBG inputs for signature KATs */ static const unsigned char sig_kat_entropyin[] = { -@@ -3051,6 +3053,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { +@@ -3075,6 +3077,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { ml_dsa_sig_init }, #endif /* OPENSSL_NO_ML_DSA */ @@ -36,7 +36,7 @@ index f3059a8446..e924e93018 100644 #ifndef OPENSSL_NO_SLH_DSA /* * FIPS 140-3 IG 10.3.A.16 Note 29 says: -@@ -3081,6 +3084,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { +@@ -3105,6 +3108,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { slh_dsa_sig_params, slh_dsa_sig_params }, #endif /* OPENSSL_NO_SLH_DSA */ @@ -44,7 +44,7 @@ index f3059a8446..e924e93018 100644 }; #if !defined(OPENSSL_NO_ML_DSA) -@@ -3485,6 +3489,7 @@ static const ST_KAT_ASYM_KEYGEN st_kat_asym_keygen_tests[] = { +@@ -3509,6 +3513,7 @@ static const ST_KAT_ASYM_KEYGEN st_kat_asym_keygen_tests[] = { ml_dsa_key }, # endif @@ -52,13 +52,14 @@ index f3059a8446..e924e93018 100644 # if !defined(OPENSSL_NO_SLH_DSA) { OSSL_SELF_TEST_DESC_KEYGEN_SLH_DSA, -@@ -3493,5 +3498,6 @@ static const ST_KAT_ASYM_KEYGEN st_kat_asym_keygen_tests[] = { +@@ -3517,6 +3522,7 @@ static const ST_KAT_ASYM_KEYGEN st_kat_asym_keygen_tests[] = { slh_dsa_128f_keygen_expected_params }, # endif +#endif /* Temporarily disable SLH-DSA self tests due to performance issues */ }; #endif /* !OPENSSL_NO_ML_DSA || !OPENSSL_NO_SLH_DSA */ + -- -2.50.1 +2.52.0 diff --git a/SOURCES/0055-Add-a-define-to-disable-symver-attributes.patch b/SOURCES/0055-Add-a-define-to-disable-symver-attributes.patch index 483c151..24e7d60 100644 --- a/SOURCES/0055-Add-a-define-to-disable-symver-attributes.patch +++ b/SOURCES/0055-Add-a-define-to-disable-symver-attributes.patch @@ -1,7 +1,7 @@ -From 5d70f27ffdb520001e560ef0852f29c84e0afa18 Mon Sep 17 00:00:00 2001 +From 24875d5f4486540cc7baf23c3f94234ee9800862 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 17 Jul 2025 09:40:34 -0400 -Subject: [PATCH] Add a define to disable symver attributes +Subject: [PATCH 55/57] Add a define to disable symver attributes Defininig RHEL_NO_SYMVER_ATTRIBUTES for a build now prevents adding compatibility symver attributes. @@ -14,7 +14,7 @@ Signed-off-by: Simo Sorce 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c -index 8ee9db73dd..7ed4933934 100644 +index 638dac8844..5b1b54c195 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -573,7 +573,7 @@ int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *md, size_t size) @@ -27,10 +27,10 @@ index 8ee9db73dd..7ed4933934 100644 symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0"))) #endif diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c -index 619cf4f385..9192898d39 100644 +index b4edd825cd..e7b124a79b 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c -@@ -1763,7 +1763,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) +@@ -1757,7 +1757,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) } EVP_CIPHER_CTX @@ -40,10 +40,10 @@ index 619cf4f385..9192898d39 100644 symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0"))) #endif diff --git a/crypto/o_str.c b/crypto/o_str.c -index 86442a939e..8c33e4dd63 100644 +index fde43421ea..807e070827 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c -@@ -404,7 +404,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen) +@@ -407,7 +407,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen) } int @@ -52,7 +52,7 @@ index 86442a939e..8c33e4dd63 100644 __attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"), symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1"))) #endif -@@ -419,7 +419,7 @@ OPENSSL_strcasecmp(const char *s1, const char *s2) +@@ -422,7 +422,7 @@ OPENSSL_strcasecmp(const char *s1, const char *s2) } int @@ -62,5 +62,5 @@ index 86442a939e..8c33e4dd63 100644 symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1"))) #endif -- -2.50.1 +2.52.0 diff --git a/SOURCES/0056-Add-targets-to-skip-build-of-non-installable-program.patch b/SOURCES/0056-Add-targets-to-skip-build-of-non-installable-program.patch new file mode 100644 index 0000000..af91d35 --- /dev/null +++ b/SOURCES/0056-Add-targets-to-skip-build-of-non-installable-program.patch @@ -0,0 +1,158 @@ +From 4b634bdcc4dedc8516529d39062adc1305c7bf9b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= +Date: Tue, 19 Aug 2025 14:26:07 +0200 +Subject: [PATCH 56/57] Add targets to skip build of non-installable programs + +These make it possible to split the build into two +parts, e.g., when tests should be built with different +compiler flags than installed software. + +Also use these as dependecies where appropriate. + +Reviewed-by: Paul Yang +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Neil Horman +(Merged from https://github.com/openssl/openssl/pull/28302) +--- + Configurations/descrip.mms.tmpl | 7 +++++-- + Configurations/unix-Makefile.tmpl | 9 ++++++--- + Configurations/windows-makefile.tmpl | 8 ++++++-- + util/help.pl | 2 +- + 4 files changed, 18 insertions(+), 8 deletions(-) + +diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl +index db6a1b1799..bc7fc36b46 100644 +--- a/Configurations/descrip.mms.tmpl ++++ b/Configurations/descrip.mms.tmpl +@@ -491,6 +491,8 @@ NODEBUG=@ + {- dependmagic('build_libs'); -} : build_libs_nodep + {- dependmagic('build_modules'); -} : build_modules_nodep + {- dependmagic('build_programs'); -} : build_programs_nodep ++{- dependmagic('build_inst_sw'); -} : build_libs_nodep, build_modules_nodep, build_inst_programs_nodep ++{- dependmagic('build_inst_programs'); -} : build_inst_programs_nodep + + build_generated_pods : $(GENERATED_PODS) + build_docs : build_html_docs +@@ -500,6 +502,7 @@ build_generated : $(GENERATED_MANDATORY) + build_libs_nodep : $(LIBS), $(SHLIBS) + build_modules_nodep : $(MODULES) + build_programs_nodep : $(PROGRAMS), $(SCRIPTS) ++build_inst_programs_nodep : $(INSTALL_PROGRAMS), $(SCRIPTS) + + # Kept around for backward compatibility + build_apps build_tests : build_programs +@@ -606,7 +609,7 @@ install_docs : install_html_docs + uninstall_docs : uninstall_html_docs + + {- output_off() if $disabled{fips}; "" -} +-install_fips : build_sw $(INSTALL_FIPSMODULECONF) ++install_fips : build_inst_sw $(INSTALL_FIPSMODULECONF) + @ WRITE SYS$OUTPUT "*** Installing FIPS module" + - CREATE/DIR ossl_installroot:[MODULES{- $target{pointer_size} -}.'arch'] + - CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[000000] +@@ -687,7 +690,7 @@ install_runtime_libs : check_INSTALLTOP build_libs + @install_shlibs) -} + @ {- output_on() if $disabled{shared}; "" -} ! + +-install_programs : check_INSTALLTOP install_runtime_libs build_programs ++install_programs : check_INSTALLTOP install_runtime_libs build_inst_programs + @ {- output_off() if $disabled{apps}; "" -} ! + @ ! Install the main program + - CREATE/DIR ossl_installroot:[EXE.'arch'] +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl +index 1920d38655..bfede44ce4 100644 +--- a/Configurations/unix-Makefile.tmpl ++++ b/Configurations/unix-Makefile.tmpl +@@ -547,7 +547,9 @@ LANG=C + {- dependmagic('build_sw', 'Build all the software (default target)'); -}: build_libs_nodep build_modules_nodep build_programs_nodep link-utils + {- dependmagic('build_libs', 'Build the libraries libssl and libcrypto'); -}: build_libs_nodep + {- dependmagic('build_modules', 'Build the modules (i.e. providers and engines)'); -}: build_modules_nodep +-{- dependmagic('build_programs', 'Build the openssl executables and scripts'); -}: build_programs_nodep ++{- dependmagic('build_programs', 'Build the openssl executables, scripts and all other programs as configured (e.g. tests or demos)'); -}: build_programs_nodep ++{- dependmagic('build_inst_sw', 'Build all the software to be installed'); -}: build_libs_nodep build_modules_nodep build_inst_programs_nodep link-utils ++{- dependmagic('build_inst_programs', 'Build only the installable openssl executables and scripts'); -}: build_inst_programs_nodep + + all: build_sw {- "build_docs" if !$disabled{docs}; -} ## Build software and documentation + debuginfo: $(SHLIBS) +@@ -566,6 +568,7 @@ build_generated: $(GENERATED_MANDATORY) + build_libs_nodep: $(LIBS) {- join(" ",map { platform->sharedlib_simple($_) // platform->sharedlib_import($_) // platform->sharedlib($_) // () } @{$unified_info{libraries}}) -} + build_modules_nodep: $(MODULES) + build_programs_nodep: $(PROGRAMS) $(SCRIPTS) ++build_inst_programs_nodep: $(INSTALL_PROGRAMS) $(SCRIPTS) + + # Kept around for backward compatibility + build_apps build_tests: build_programs +@@ -680,7 +683,7 @@ uninstall_docs: uninstall_man_docs uninstall_html_docs ## Uninstall manpages and + $(RM) -r "$(DESTDIR)$(DOCDIR)" + + {- output_off() if $disabled{fips}; "" -} +-install_fips: build_sw $(INSTALL_FIPSMODULECONF) ++install_fips: build_inst_sw $(INSTALL_FIPSMODULECONF) + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MODULESDIR)" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)" +@@ -966,7 +969,7 @@ install_runtime_libs: build_libs + : {- output_on() if windowsdll(); "" -}; \ + done + +-install_programs: install_runtime_libs build_programs ++install_programs: install_runtime_libs build_inst_programs + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(bindir)" + @$(ECHO) "*** Installing runtime programs" +diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl +index 894834cfb7..b5872124de 100644 +--- a/Configurations/windows-makefile.tmpl ++++ b/Configurations/windows-makefile.tmpl +@@ -418,6 +418,8 @@ PROCESSOR= {- $config{processor} -} + {- dependmagic('build_libs'); -}: build_libs_nodep + {- dependmagic('build_modules'); -}: build_modules_nodep + {- dependmagic('build_programs'); -}: build_programs_nodep ++{- dependmagic('build_inst_sw'); -}: build_libs_nodep build_modules_nodep build_inst_programs_nodep copy-utils ++{- dependmagic('build_inst_programs'); -}: build_inst_programs_nodep + + build_docs: build_html_docs + build_html_docs: $(HTMLDOCS1) $(HTMLDOCS3) $(HTMLDOCS5) $(HTMLDOCS7) +@@ -430,6 +432,8 @@ build_modules_nodep: $(MODULES) + @ + build_programs_nodep: $(PROGRAMS) $(SCRIPTS) + @ ++build_inst_programs_nodep: $(INSTALL_PROGRAMS) $(SCRIPTS) ++ @ + + # Kept around for backward compatibility + build_apps build_tests: build_programs +@@ -507,7 +511,7 @@ install_docs: install_html_docs + uninstall_docs: uninstall_html_docs + + {- output_off() if $disabled{fips}; "" -} +-install_fips: build_sw $(INSTALL_FIPSMODULECONF) ++install_fips: build_inst_sw $(INSTALL_FIPSMODULECONF) + # @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(MODULESDIR)" + @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)" +@@ -607,7 +611,7 @@ install_runtime_libs: build_libs + "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \ + "$(INSTALLTOP)\bin" + +-install_programs: install_runtime_libs build_programs ++install_programs: install_runtime_libs build_inst_programs + @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) + @$(ECHO) "*** Installing runtime programs" + @if not "$(INSTALL_PROGRAMS)"=="" \ +diff --git a/util/help.pl b/util/help.pl +index a1614fe8a9..e88ff4bae1 100755 +--- a/util/help.pl ++++ b/util/help.pl +@@ -14,7 +14,7 @@ while (<>) { + chomp; # strip record separator + @Fld = split($FS, $_, -1); + if (/^[a-zA-Z0-9_\-]+:.*?##/) { +- printf " \033[36m%-15s\033[0m %s\n", $Fld[0], $Fld[1] ++ printf " \033[36m%-19s\033[0m %s\n", $Fld[0], $Fld[1] + } + if (/^##@/) { + printf "\n\033[1m%s\033[0m\n", substr($Fld[$_], (5)-1); +-- +2.52.0 + diff --git a/SOURCES/0056-Fix-incorrect-check-of-unwrapped-key-size.patch b/SOURCES/0056-Fix-incorrect-check-of-unwrapped-key-size.patch deleted file mode 100644 index 59314fc..0000000 --- a/SOURCES/0056-Fix-incorrect-check-of-unwrapped-key-size.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 9c462be2cea54ebfc62953224220b56f8ba22a0c Mon Sep 17 00:00:00 2001 -From: Viktor Dukhovni -Date: Thu, 11 Sep 2025 18:10:12 +0200 -Subject: [PATCH] kek_unwrap_key(): Fix incorrect check of unwrapped key size - -Fixes CVE-2025-9230 - -The check is off by 8 bytes so it is possible to overread by -up to 8 bytes and overwrite up to 4 bytes. - -Reviewed-by: Neil Horman -Reviewed-by: Matt Caswell -Reviewed-by: Tomas Mraz ---- - crypto/cms/cms_pwri.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c -index 106bd98dc7..ba8646f93c 100644 ---- a/crypto/cms/cms_pwri.c -+++ b/crypto/cms/cms_pwri.c -@@ -243,7 +243,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, - /* Check byte failure */ - goto err; - } -- if (inlen < (size_t)(tmp[0] - 4)) { -+ if (inlen < 4 + (size_t)tmp[0]) { - /* Invalid length value */ - goto err; - } --- -2.51.0 - diff --git a/SOURCES/0057-Disable-RSA-PKCS1.5-FIPS-POST-not-relevant-for-RHEL.patch b/SOURCES/0057-Disable-RSA-PKCS1.5-FIPS-POST-not-relevant-for-RHEL.patch new file mode 100644 index 0000000..c02fb9f --- /dev/null +++ b/SOURCES/0057-Disable-RSA-PKCS1.5-FIPS-POST-not-relevant-for-RHEL.patch @@ -0,0 +1,27 @@ +From 3ffdc68f16d6b326ff0854053fc9206be3dabcc2 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Wed, 21 Jan 2026 18:13:43 +0100 +Subject: [PATCH 57/57] Disable RSA-PKCS1.5 FIPS POST, not relevant for RHEL + +--- + providers/fips/self_test_kats.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c +index f453b2f2fb..5b37387d83 100644 +--- a/providers/fips/self_test_kats.c ++++ b/providers/fips/self_test_kats.c +@@ -1190,8 +1190,8 @@ int SELF_TEST_kats(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) + ret = 0; + if (!self_test_kems(st, libctx)) + ret = 0; +- if (!self_test_asym_ciphers(st, libctx)) +- ret = 0; ++/* if (!self_test_asym_ciphers(st, libctx)) ++ ret = 0; */ + + RAND_set0_private(libctx, saved_rand); + return ret; +-- +2.52.0 + diff --git a/SOURCES/0057-Do-not-make-key-share-choice-in-tls1_set_groups.patch b/SOURCES/0057-Do-not-make-key-share-choice-in-tls1_set_groups.patch deleted file mode 100644 index 3cde076..0000000 --- a/SOURCES/0057-Do-not-make-key-share-choice-in-tls1_set_groups.patch +++ /dev/null @@ -1,129 +0,0 @@ -From 65c2f454e83f78d5ffdfc0a515d35c00fb1060ad Mon Sep 17 00:00:00 2001 -From: Clemens Lang -Date: Fri, 21 Nov 2025 16:00:08 +0100 -Subject: [PATCH] Do not make key share choice in tls1_set_groups() - -tls1_set_groups(), which is used by SSL_CTX_set1_groups() does not check -whether the NIDs passed as argument actually have an implementation -available in any of the currently loaded providers. It is not simple to -add this check, either, because it would require access to the SSL_CTX, -which this function does not receive. There are legacy callers that do -not have an SSL_CTX pointer and are public API. - -This becomes a problem, when an application sets the first group to one -that is not supported by the current configuration, and can trigger -sending of an empty key share. - -Set the first entry of the key share list to 0 (and the key share list -length to 1) to signal to tls1_construct_ctos_key_share that it should -pick the first supported group and generate a key share for that. See -also tls1_get_requested_keyshare_groups, which documents this special -case. - -See: https://issues.redhat.com/browse/RHEL-128018 -Signed-off-by: Clemens Lang - -Reviewed-by: Norbert Pocs -Reviewed-by: Simo Sorce -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/29192) - -(cherry picked from commit 5375e940e22de80ad8c6e865a08db13762242eee) ---- - ssl/t1_lib.c | 8 ++++++- - test/sslapitest.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 60 insertions(+), 1 deletion(-) - -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index 2f71f95438..3a4ebdeeea 100644 ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -1119,7 +1119,13 @@ int tls1_set_groups(uint16_t **grpext, size_t *grpextlen, - OPENSSL_free(*tplext); - *grpext = glist; - *grpextlen = ngroups; -- kslist[0] = glist[0]; -+ /* -+ * No * prefix was used, let tls_construct_ctos_key_share choose a key -+ * share. This has the advantage that it will filter unsupported groups -+ * before choosing one, which this function does not do. See also the -+ * comment for tls1_get_requested_keyshare_groups. -+ */ -+ kslist[0] = 0; - *ksext = kslist; - *ksextlen = 1; - tpllist[0] = ngroups; -diff --git a/test/sslapitest.c b/test/sslapitest.c -index b83dd6c552..ab1d08cf8b 100644 ---- a/test/sslapitest.c -+++ b/test/sslapitest.c -@@ -13269,6 +13269,58 @@ static int test_no_renegotiation(int idx) - return testresult; - } - -+/* -+ * Test that SSL_CTX_set1_groups() when called with a list where the first -+ * entry is unsupported, will send a key_share that uses the next usable entry. -+ */ -+static int test_ssl_set_groups_unsupported_keyshare(void) -+{ -+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) -+ int testresult = 0; -+ SSL_CTX *sctx = NULL, *cctx = NULL; -+ SSL *serverssl = NULL, *clientssl = NULL; -+ int client_groups[] = { -+ NID_brainpoolP256r1tls13, -+ NID_sect163k1, -+ NID_secp384r1, -+ NID_ffdhe2048, -+ }; -+ -+ if (!TEST_true(create_ssl_ctx_pair(libctx, -+ TLS_server_method(), -+ TLS_client_method(), -+ 0, 0, -+ &sctx, -+ &cctx, -+ cert, -+ privkey))) -+ goto end; -+ -+ if (!TEST_true(SSL_CTX_set1_groups(cctx, -+ client_groups, -+ OSSL_NELEM(client_groups)))) -+ goto end; -+ -+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, -+ NULL))) -+ goto end; -+ -+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) -+ goto end; -+ -+ testresult = 1; -+ end: -+ SSL_free(serverssl); -+ SSL_free(clientssl); -+ SSL_CTX_free(sctx); -+ SSL_CTX_free(cctx); -+ -+ return testresult; -+#else /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ -+ return TEST_skip("No EC and DH support."); -+#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ -+} -+ - OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n") - - int setup_tests(void) -@@ -13598,6 +13650,7 @@ int setup_tests(void) - ADD_TEST(test_quic_tls_early_data); - #endif - ADD_ALL_TESTS(test_no_renegotiation, 2); -+ ADD_TEST(test_ssl_set_groups_unsupported_keyshare); - return 1; - - err: --- -2.51.0 - diff --git a/SOURCES/0058-CVE-2026-31790.patch b/SOURCES/0058-CVE-2026-31790.patch new file mode 100644 index 0000000..1b556a7 --- /dev/null +++ b/SOURCES/0058-CVE-2026-31790.patch @@ -0,0 +1,185 @@ +From 001e01db3e996e13ffc72386fe79d03a6683b5ac Mon Sep 17 00:00:00 2001 +From: Nikola Pajkovsky +Date: Thu, 19 Mar 2026 12:16:08 +0100 +Subject: [PATCH 1/2] rsa_kem: validate RSA_public_encrypt() result in RSASVE +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RSA_public_encrypt() returns the number of bytes written on success and +-1 on failure. With the existing `if (ret)` check, a provider-side RSA KEM +encapsulation can incorrectly succeed when the underlying RSA public +encrypt operation fails. In that case the code reports success, returns +lengths as if encapsulation completed normally, and leaves the freshly +generated secret available instead of discarding it. + +Tighten the success condition so RSASVE only succeeds when +RSA_public_encrypt() returns a positive value equal to the modulus-sized +output expected for RSA_NO_PADDING. Any other return value is treated as +failure, and the generated secret is cleansed before returning. + +Fixes CVE-2026-31790 +Signed-off-by: Nikola Pajkovsky + +Reviewed-by: Saša Nedvědický +Reviewed-by: Tomas Mraz +MergeDate: Mon Apr 6 19:51:30 2026 +--- + providers/implementations/kem/rsa_kem.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c +index f7bf368a0d..74dfafddd9 100644 +--- a/providers/implementations/kem/rsa_kem.c ++++ b/providers/implementations/kem/rsa_kem.c +@@ -316,17 +316,19 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx, + return 0; + + /* Step(3): out = RSAEP((n,e), z) */ +- ret = RSA_public_encrypt(nlen, secret, out, prsactx->rsa, RSA_NO_PADDING); +- if (ret) { +- ret = 1; +- if (outlen != NULL) +- *outlen = nlen; +- if (secretlen != NULL) +- *secretlen = nlen; +- } else { ++ ret = RSA_public_encrypt((int)nlen, secret, out, prsactx->rsa, ++ RSA_NO_PADDING); ++ if (ret <= 0 || ret != (int)nlen) { + OPENSSL_cleanse(secret, nlen); ++ return 0; + } +- return ret; ++ ++ if (outlen != NULL) ++ *outlen = nlen; ++ if (secretlen != NULL) ++ *secretlen = nlen; ++ ++ return 1; + } + + /** +-- +2.53.0 + + +From c61bbd3f873d28e098f503f0187459ed488977c9 Mon Sep 17 00:00:00 2001 +From: Nikola Pajkovsky +Date: Mon, 23 Mar 2026 08:41:20 +0100 +Subject: [PATCH 2/2] rsa_kem: test RSA_public_encrypt() result in RSASVE +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RSA_public_encrypt() returns the number of bytes written on success and +-1 on failure. + +Add regression coverage in evp_extra_test using invalid RSA pubkey +which triggers -1 in RSA_public_encrypt() using encapsulation. + +Signed-off-by: Nikola Pajkovsky + +Reviewed-by: Saša Nedvědický +Reviewed-by: Tomas Mraz +MergeDate: Mon Apr 6 19:51:31 2026 +--- + test/evp_extra_test.c | 67 +++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 67 insertions(+) + +diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c +index 5ea95c0dfa..573732bfec 100644 +--- a/test/evp_extra_test.c ++++ b/test/evp_extra_test.c +@@ -929,6 +929,32 @@ static EVP_PKEY *load_example_ec_key(void) + #endif + + #ifndef OPENSSL_NO_DEPRECATED_3_0 ++ ++static EVP_PKEY *make_bad_rsa_pubkey(void) ++{ ++ RSA *rsa = NULL; ++ BIGNUM *n = NULL, *e = NULL; ++ EVP_PKEY *pkey = NULL; ++ ++ /* Deliberately invalid public key: n = 17, e = 17 */ ++ if (!TEST_ptr(pkey = EVP_PKEY_new()) ++ || !TEST_ptr(rsa = RSA_new()) ++ || !TEST_ptr(n = BN_new()) ++ || !TEST_ptr(e = BN_new()) ++ || !TEST_true(BN_set_word(n, 17)) ++ || !TEST_true(BN_set_word(e, 17)) ++ || !TEST_true(RSA_set0_key(rsa, n, e, NULL)) ++ || !EVP_PKEY_assign_RSA(pkey, rsa)) ++ goto err; ++ ++ return pkey; ++err: ++ BN_free(n); ++ BN_free(e); ++ RSA_free(rsa); ++ return NULL; ++} ++ + #ifndef OPENSSL_NO_DH + static EVP_PKEY *load_example_dh_key(void) + { +@@ -5898,6 +5924,46 @@ err: + return testresult; + } + ++static int test_rsasve_kem_with_invalid_pub_key(void) ++{ ++ RSA *rsa = NULL; ++ EVP_PKEY *pkey = NULL; ++ EVP_PKEY_CTX *ctx = NULL; ++ unsigned char *ct = NULL; ++ unsigned char *secret = NULL; ++ size_t ctlen = 0, secretlen = 0; ++ int testresult = 0; ++ ++ if (nullprov != NULL) { ++ testresult = TEST_skip("Test does not support a non-default library context"); ++ goto err; ++ } ++ ++ if (!TEST_ptr(pkey = make_bad_rsa_pubkey())) ++ goto err; ++ ++ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL)) ++ || !TEST_int_eq(EVP_PKEY_encapsulate_init(ctx, NULL), 1) ++ || !TEST_int_eq(EVP_PKEY_CTX_set_kem_op(ctx, "RSASVE"), 1) ++ || !TEST_int_eq(EVP_PKEY_encapsulate(ctx, NULL, &ctlen, NULL, &secretlen), 1) ++ || !TEST_ptr(ct = OPENSSL_malloc(ctlen)) ++ || !TEST_ptr(secret = OPENSSL_malloc(secretlen))) ++ goto err; ++ ++ if (!TEST_int_eq(EVP_PKEY_encapsulate(ctx, ct, &ctlen, secret, &secretlen), 0)) ++ goto err; ++ ++ testresult = 1; ++ ++err: ++ OPENSSL_free(secret); ++ OPENSSL_free(ct); ++ EVP_PKEY_CTX_free(ctx); ++ RSA_free(rsa); ++ EVP_PKEY_free(pkey); ++ return testresult; ++} ++ + #ifndef OPENSSL_NO_DYNAMIC_ENGINE + /* Test we can create a signature keys with an associated ENGINE */ + static int test_signatures_with_engine(int tst) +@@ -6893,6 +6959,7 @@ int setup_tests(void) + ADD_TEST(test_evp_md_cipher_meth); + ADD_TEST(test_custom_md_meth); + ADD_TEST(test_custom_ciph_meth); ++ ADD_TEST(test_rsasve_kem_with_invalid_pub_key); + + #ifndef OPENSSL_NO_DYNAMIC_ENGINE + /* Tests only support the default libctx */ +-- +2.53.0 + diff --git a/SOURCES/0058-Fix-PPC-register-processing.patch b/SOURCES/0058-Fix-PPC-register-processing.patch deleted file mode 100644 index 10681c5..0000000 --- a/SOURCES/0058-Fix-PPC-register-processing.patch +++ /dev/null @@ -1,2258 +0,0 @@ -diff --git a/crypto/modes/asm/aes-gcm-ppc.pl b/crypto/modes/asm/aes-gcm-ppc.pl -index e8a215027e..68918a9305 100644 ---- a/crypto/modes/asm/aes-gcm-ppc.pl -+++ b/crypto/modes/asm/aes-gcm-ppc.pl -@@ -1,6 +1,6 @@ - #! /usr/bin/env perl - # Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved. --# Copyright 2021- IBM Inc. All rights reserved -+# Copyright 2025- IBM Corp. All rights reserved - # - # Licensed under the Apache License 2.0 (the "License"). You may not use - # this file except in compliance with the License. You can obtain a copy -@@ -8,7 +8,9 @@ - # https://www.openssl.org/source/license.html - # - #=================================================================================== --# Written by Danny Tsen for OpenSSL Project, -+# Accelerated AES-GCM stitched implementation for ppc64le. -+# -+# Written by Danny Tsen - # - # GHASH is based on the Karatsuba multiplication method. - # -@@ -32,420 +34,521 @@ - # v31 - counter 1 - # - # AES used, --# vs0 - vs14 for round keys -+# vs0 - round key 0 - # v15, v16, v17, v18, v19, v20, v21, v22 for 8 blocks (encrypted) - # - # This implementation uses stitched AES-GCM approach to improve overall performance. - # AES is implemented with 8x blocks and GHASH is using 2 4x blocks. - # --# Current large block (16384 bytes) performance per second with 128 bit key -- --# --# Encrypt Decrypt --# Power10[le] (3.5GHz) 5.32G 5.26G --# - # =================================================================================== - # -+use strict; -+use warnings; -+ - # $output is the last argument if it looks like a file (it has an extension) - # $flavour is the first argument if it doesn't look like a file --$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; --$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; -- --if ($flavour =~ /64/) { -- $SIZE_T=8; -- $LRSAVE=2*$SIZE_T; -- $STU="stdu"; -- $POP="ld"; -- $PUSH="std"; -- $UCMP="cmpld"; -- $SHRI="srdi"; --} elsif ($flavour =~ /32/) { -- $SIZE_T=4; -- $LRSAVE=$SIZE_T; -- $STU="stwu"; -- $POP="lwz"; -- $PUSH="stw"; -- $UCMP="cmplw"; -- $SHRI="srwi"; --} else { die "nonsense $flavour"; } -- --$sp="r1"; --$FRAME=6*$SIZE_T+13*16; # 13*16 is for v20-v31 offload -- --$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; --( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or --( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or --die "can't locate ppc-xlate.pl"; -- --open STDOUT,"| $^X $xlate $flavour \"$output\"" -- or die "can't call $xlate: $!"; -- --$code=<<___; --.machine "any" --.text -- --# 4x loops --# v15 - v18 - input states --# vs1 - vs9 - round keys --# --.macro Loop_aes_middle4x -- xxlor 19+32, 1, 1 -- xxlor 20+32, 2, 2 -- xxlor 21+32, 3, 3 -- xxlor 22+32, 4, 4 -- -- vcipher 15, 15, 19 -- vcipher 16, 16, 19 -- vcipher 17, 17, 19 -- vcipher 18, 18, 19 -+my $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -+my $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -- vcipher 15, 15, 20 -- vcipher 16, 16, 20 -- vcipher 17, 17, 20 -- vcipher 18, 18, 20 -- -- vcipher 15, 15, 21 -- vcipher 16, 16, 21 -- vcipher 17, 17, 21 -- vcipher 18, 18, 21 -+$output and open STDOUT,">$output"; - -- vcipher 15, 15, 22 -- vcipher 16, 16, 22 -- vcipher 17, 17, 22 -- vcipher 18, 18, 22 -- -- xxlor 19+32, 5, 5 -- xxlor 20+32, 6, 6 -- xxlor 21+32, 7, 7 -- xxlor 22+32, 8, 8 -+my $code.=<<___; -+.machine "any" -+.text - -- vcipher 15, 15, 19 -- vcipher 16, 16, 19 -- vcipher 17, 17, 19 -- vcipher 18, 18, 19 -+.macro SAVE_REGS -+ mflr 0 -+ std 0, 16(1) -+ stdu 1,-512(1) - -- vcipher 15, 15, 20 -- vcipher 16, 16, 20 -- vcipher 17, 17, 20 -- vcipher 18, 18, 20 -+ std 14, 112(1) -+ std 15, 120(1) -+ std 16, 128(1) -+ std 17, 136(1) -+ std 18, 144(1) -+ std 19, 152(1) -+ std 20, 160(1) -+ std 21, 168(1) -+ std 22, 176(1) -+ std 23, 184(1) -+ std 24, 192(1) -+ -+ stxv 32+20, 256(1) -+ stxv 32+21, 256+16(1) -+ stxv 32+22, 256+32(1) -+ stxv 32+23, 256+48(1) -+ stxv 32+24, 256+64(1) -+ stxv 32+25, 256+80(1) -+ stxv 32+26, 256+96(1) -+ stxv 32+27, 256+112(1) -+ stxv 32+28, 256+128(1) -+ stxv 32+29, 256+144(1) -+ stxv 32+30, 256+160(1) -+ stxv 32+31, 256+176(1) -+.endm # SAVE_REGS -+ -+.macro RESTORE_REGS -+ lxv 32+20, 256(1) -+ lxv 32+21, 256+16(1) -+ lxv 32+22, 256+32(1) -+ lxv 32+23, 256+48(1) -+ lxv 32+24, 256+64(1) -+ lxv 32+25, 256+80(1) -+ lxv 32+26, 256+96(1) -+ lxv 32+27, 256+112(1) -+ lxv 32+28, 256+128(1) -+ lxv 32+29, 256+144(1) -+ lxv 32+30, 256+160(1) -+ lxv 32+31, 256+176(1) -+ -+ ld 14, 112(1) -+ ld 15, 120(1) -+ ld 16, 128(1) -+ ld 17, 136(1) -+ ld 18, 144(1) -+ ld 19, 152(1) -+ ld 20, 160(1) -+ ld 21, 168(1) -+ ld 22, 176(1) -+ ld 23, 184(1) -+ ld 24, 192(1) -+ -+ addi 1, 1, 512 -+ ld 0, 16(1) -+ mtlr 0 -+.endm # RESTORE_REGS - -- vcipher 15, 15, 21 -- vcipher 16, 16, 21 -- vcipher 17, 17, 21 -- vcipher 18, 18, 21 -- -- vcipher 15, 15, 22 -- vcipher 16, 16, 22 -- vcipher 17, 17, 22 -- vcipher 18, 18, 22 -- -- xxlor 23+32, 9, 9 -- vcipher 15, 15, 23 -- vcipher 16, 16, 23 -- vcipher 17, 17, 23 -- vcipher 18, 18, 23 -+# 4x loops -+.macro AES_CIPHER_4x r -+ vcipher 15, 15, \\r -+ vcipher 16, 16, \\r -+ vcipher 17, 17, \\r -+ vcipher 18, 18, \\r - .endm - - # 8x loops --# v15 - v22 - input states --# vs1 - vs9 - round keys --# --.macro Loop_aes_middle8x -- xxlor 23+32, 1, 1 -- xxlor 24+32, 2, 2 -- xxlor 25+32, 3, 3 -- xxlor 26+32, 4, 4 -- -- vcipher 15, 15, 23 -- vcipher 16, 16, 23 -- vcipher 17, 17, 23 -- vcipher 18, 18, 23 -- vcipher 19, 19, 23 -- vcipher 20, 20, 23 -- vcipher 21, 21, 23 -- vcipher 22, 22, 23 -- -- vcipher 15, 15, 24 -- vcipher 16, 16, 24 -- vcipher 17, 17, 24 -- vcipher 18, 18, 24 -- vcipher 19, 19, 24 -- vcipher 20, 20, 24 -- vcipher 21, 21, 24 -- vcipher 22, 22, 24 -- -- vcipher 15, 15, 25 -- vcipher 16, 16, 25 -- vcipher 17, 17, 25 -- vcipher 18, 18, 25 -- vcipher 19, 19, 25 -- vcipher 20, 20, 25 -- vcipher 21, 21, 25 -- vcipher 22, 22, 25 -- -- vcipher 15, 15, 26 -- vcipher 16, 16, 26 -- vcipher 17, 17, 26 -- vcipher 18, 18, 26 -- vcipher 19, 19, 26 -- vcipher 20, 20, 26 -- vcipher 21, 21, 26 -- vcipher 22, 22, 26 -- -- xxlor 23+32, 5, 5 -- xxlor 24+32, 6, 6 -- xxlor 25+32, 7, 7 -- xxlor 26+32, 8, 8 -- -- vcipher 15, 15, 23 -- vcipher 16, 16, 23 -- vcipher 17, 17, 23 -- vcipher 18, 18, 23 -- vcipher 19, 19, 23 -- vcipher 20, 20, 23 -- vcipher 21, 21, 23 -- vcipher 22, 22, 23 -- -- vcipher 15, 15, 24 -- vcipher 16, 16, 24 -- vcipher 17, 17, 24 -- vcipher 18, 18, 24 -- vcipher 19, 19, 24 -- vcipher 20, 20, 24 -- vcipher 21, 21, 24 -- vcipher 22, 22, 24 -- -- vcipher 15, 15, 25 -- vcipher 16, 16, 25 -- vcipher 17, 17, 25 -- vcipher 18, 18, 25 -- vcipher 19, 19, 25 -- vcipher 20, 20, 25 -- vcipher 21, 21, 25 -- vcipher 22, 22, 25 -- -- vcipher 15, 15, 26 -- vcipher 16, 16, 26 -- vcipher 17, 17, 26 -- vcipher 18, 18, 26 -- vcipher 19, 19, 26 -- vcipher 20, 20, 26 -- vcipher 21, 21, 26 -- vcipher 22, 22, 26 -- -- xxlor 23+32, 9, 9 -- vcipher 15, 15, 23 -- vcipher 16, 16, 23 -- vcipher 17, 17, 23 -- vcipher 18, 18, 23 -- vcipher 19, 19, 23 -- vcipher 20, 20, 23 -- vcipher 21, 21, 23 -- vcipher 22, 22, 23 -+.macro AES_CIPHER_8x r -+ vcipher 15, 15, \\r -+ vcipher 16, 16, \\r -+ vcipher 17, 17, \\r -+ vcipher 18, 18, \\r -+ vcipher 19, 19, \\r -+ vcipher 20, 20, \\r -+ vcipher 21, 21, \\r -+ vcipher 22, 22, \\r -+.endm -+ -+.macro LOOP_8AES_STATE -+ AES_CIPHER_8x 23 -+ AES_CIPHER_8x 24 -+ AES_CIPHER_8x 25 -+ AES_CIPHER_8x 26 -+ AES_CIPHER_8x 27 -+ AES_CIPHER_8x 28 -+ AES_CIPHER_8x 29 -+ AES_CIPHER_8x 1 - .endm - - # --# Compute 4x hash values based on Karatsuba method. -+# PPC_GFMUL128_8x: Compute hash values of 8 blocks based on Karatsuba method. - # --ppc_aes_gcm_ghash: -- vxor 15, 15, 0 -- -- xxlxor 29, 29, 29 -+# S1 should xor with the previous digest -+# -+# Xi = v0 -+# H Poly = v2 -+# Hash keys = v3 - v14 -+# vs10: vpermxor vector -+# Scratch: v23 - v29 -+# -+.macro PPC_GFMUL128_8x - -- vpmsumd 23, 12, 15 # H4.L * X.L -- vpmsumd 24, 9, 16 -- vpmsumd 25, 6, 17 -- vpmsumd 26, 3, 18 -+ vpmsumd 23, 12, 15 # H4.L * X.L -+ vpmsumd 24, 9, 16 -+ vpmsumd 25, 6, 17 -+ vpmsumd 26, 3, 18 - -- vxor 23, 23, 24 -- vxor 23, 23, 25 -- vxor 23, 23, 26 # L -+ vxor 23, 23, 24 -+ vxor 23, 23, 25 -+ vxor 23, 23, 26 # L - -- vpmsumd 24, 13, 15 # H4.L * X.H + H4.H * X.L -- vpmsumd 25, 10, 16 # H3.L * X1.H + H3.H * X1.L -- vpmsumd 26, 7, 17 -- vpmsumd 27, 4, 18 -+ vpmsumd 27, 13, 15 # H4.L * X.H + H4.H * X.L -+ vpmsumd 28, 10, 16 # H3.L * X1.H + H3.H * X1.L -+ vpmsumd 25, 7, 17 -+ vpmsumd 26, 4, 18 - -- vxor 24, 24, 25 -- vxor 24, 24, 26 -- vxor 24, 24, 27 # M -+ vxor 24, 27, 28 -+ vxor 24, 24, 25 -+ vxor 24, 24, 26 # M - -- # sum hash and reduction with H Poly -- vpmsumd 28, 23, 2 # reduction -+ vpmsumd 26, 14, 15 # H4.H * X.H -+ vpmsumd 27, 11, 16 -+ vpmsumd 28, 8, 17 -+ vpmsumd 29, 5, 18 - -- xxlor 29+32, 29, 29 -- vsldoi 26, 24, 29, 8 # mL -- vsldoi 29, 29, 24, 8 # mH -- vxor 23, 23, 26 # mL + L -+ vxor 26, 26, 27 -+ vxor 26, 26, 28 -+ vxor 26, 26, 29 - -- vsldoi 23, 23, 23, 8 # swap -- vxor 23, 23, 28 -+ # sum hash and reduction with H Poly -+ vpmsumd 28, 23, 2 # reduction - -- vpmsumd 24, 14, 15 # H4.H * X.H -- vpmsumd 25, 11, 16 -- vpmsumd 26, 8, 17 -- vpmsumd 27, 5, 18 -+ vxor 1, 1, 1 -+ vsldoi 25, 24, 1, 8 # mL -+ vsldoi 1, 1, 24, 8 # mH -+ vxor 23, 23, 25 # mL + L - -- vxor 24, 24, 25 -- vxor 24, 24, 26 -- vxor 24, 24, 27 -+ # This performs swap and xor like, -+ # vsldoi 23, 23, 23, 8 # swap -+ # vxor 23, 23, 28 -+ xxlor 32+29, 10, 10 -+ vpermxor 23, 23, 28, 29 - -- vxor 24, 24, 29 -+ vxor 24, 26, 1 # H - - # sum hash and reduction with H Poly -- vsldoi 27, 23, 23, 8 # swap -- vpmsumd 23, 23, 2 -- vxor 27, 27, 24 -- vxor 23, 23, 27 -- -- xxlor 32, 23+32, 23+32 # update hash -+ # -+ # vsldoi 25, 23, 23, 8 # swap -+ # vpmsumd 23, 23, 2 -+ # vxor 27, 25, 24 -+ # -+ vpermxor 27, 23, 24, 29 -+ vpmsumd 23, 23, 2 -+ vxor 0, 23, 27 # Digest of 4 blocks - -- blr -+ vxor 19, 19, 0 - --# --# Combine two 4x ghash --# v15 - v22 - input blocks --# --.macro ppc_aes_gcm_ghash2_4x -- # first 4x hash -- vxor 15, 15, 0 # Xi + X -+ # Compute digest for the next 4 blocks -+ vpmsumd 24, 9, 20 -+ vpmsumd 25, 6, 21 -+ vpmsumd 26, 3, 22 -+ vpmsumd 23, 12, 19 # H4.L * X.L - -- xxlxor 29, 29, 29 -+ vxor 23, 23, 24 -+ vxor 23, 23, 25 -+ vxor 23, 23, 26 # L - -- vpmsumd 23, 12, 15 # H4.L * X.L -- vpmsumd 24, 9, 16 -- vpmsumd 25, 6, 17 -- vpmsumd 26, 3, 18 -+ vpmsumd 27, 13, 19 # H4.L * X.H + H4.H * X.L -+ vpmsumd 28, 10, 20 # H3.L * X1.H + H3.H * X1.L -+ vpmsumd 25, 7, 21 -+ vpmsumd 26, 4, 22 - -- vxor 23, 23, 24 -- vxor 23, 23, 25 -- vxor 23, 23, 26 # L -+ vxor 24, 27, 28 -+ vxor 24, 24, 25 -+ vxor 24, 24, 26 # M - -- vpmsumd 24, 13, 15 # H4.L * X.H + H4.H * X.L -- vpmsumd 25, 10, 16 # H3.L * X1.H + H3.H * X1.L -- vpmsumd 26, 7, 17 -- vpmsumd 27, 4, 18 -+ vpmsumd 26, 14, 19 # H4.H * X.H -+ vpmsumd 27, 11, 20 -+ vpmsumd 28, 8, 21 -+ vpmsumd 29, 5, 22 - -- vxor 24, 24, 25 -- vxor 24, 24, 26 -+ vxor 26, 26, 27 -+ vxor 26, 26, 28 -+ vxor 26, 26, 29 - - # sum hash and reduction with H Poly -- vpmsumd 28, 23, 2 # reduction -+ vpmsumd 28, 23, 2 # reduction - -- xxlor 29+32, 29, 29 -+ vxor 1, 1, 1 -+ vsldoi 25, 24, 1, 8 # mL -+ vsldoi 1, 1, 24, 8 # mH -+ vxor 23, 23, 25 # mL + L - -- vxor 24, 24, 27 # M -- vsldoi 26, 24, 29, 8 # mL -- vsldoi 29, 29, 24, 8 # mH -- vxor 23, 23, 26 # mL + L -+ # This performs swap and xor like, -+ # vsldoi 23, 23, 23, 8 # swap -+ # vxor 23, 23, 28 -+ xxlor 32+29, 10, 10 -+ vpermxor 23, 23, 28, 29 - -- vsldoi 23, 23, 23, 8 # swap -- vxor 23, 23, 28 -+ vxor 24, 26, 1 # H - -- vpmsumd 24, 14, 15 # H4.H * X.H -- vpmsumd 25, 11, 16 -- vpmsumd 26, 8, 17 -- vpmsumd 27, 5, 18 -+ # sum hash and reduction with H Poly -+ # -+ # vsldoi 25, 23, 23, 8 # swap -+ # vpmsumd 23, 23, 2 -+ # vxor 27, 25, 24 -+ # -+ vpermxor 27, 23, 24, 29 -+ vpmsumd 23, 23, 2 -+ vxor 0, 23, 27 # Digest of 8 blocks -+.endm - -- vxor 24, 24, 25 -- vxor 24, 24, 26 -- vxor 24, 24, 27 # H -+# -+# Compute update single ghash -+# vs10: vpermxor vector -+# scratch: v1, v22..v27 -+# -+.macro PPC_GHASH1x H S1 - -- vxor 24, 24, 29 # H + mH -+ vxor 1, 1, 1 - -- # sum hash and reduction with H Poly -- vsldoi 27, 23, 23, 8 # swap -- vpmsumd 23, 23, 2 -- vxor 27, 27, 24 -- vxor 27, 23, 27 # 1st Xi -- -- # 2nd 4x hash -- vpmsumd 24, 9, 20 -- vpmsumd 25, 6, 21 -- vpmsumd 26, 3, 22 -- vxor 19, 19, 27 # Xi + X -- vpmsumd 23, 12, 19 # H4.L * X.L -- -- vxor 23, 23, 24 -- vxor 23, 23, 25 -- vxor 23, 23, 26 # L -- -- vpmsumd 24, 13, 19 # H4.L * X.H + H4.H * X.L -- vpmsumd 25, 10, 20 # H3.L * X1.H + H3.H * X1.L -- vpmsumd 26, 7, 21 -- vpmsumd 27, 4, 22 -- -- vxor 24, 24, 25 -- vxor 24, 24, 26 -+ vpmsumd 22, 3, \\S1 # L -+ vpmsumd 23, 4, \\S1 # M -+ vpmsumd 24, 5, \\S1 # H - -- # sum hash and reduction with H Poly -- vpmsumd 28, 23, 2 # reduction -+ vpmsumd 27, 22, 2 # reduction - -- xxlor 29+32, 29, 29 -+ vsldoi 25, 23, 1, 8 # mL -+ vsldoi 26, 1, 23, 8 # mH -+ vxor 22, 22, 25 # LL + LL -+ vxor 24, 24, 26 # HH + HH - -- vxor 24, 24, 27 # M -- vsldoi 26, 24, 29, 8 # mL -- vsldoi 29, 29, 24, 8 # mH -- vxor 23, 23, 26 # mL + L -+ xxlor 32+25, 10, 10 -+ vpermxor 22, 22, 27, 25 - -- vsldoi 23, 23, 23, 8 # swap -- vxor 23, 23, 28 -+ # vsldoi 23, 22, 22, 8 # swap -+ # vpmsumd 22, 22, 2 # reduction -+ # vxor 23, 23, 24 -+ vpermxor 23, 22, 24, 25 -+ vpmsumd 22, 22, 2 # reduction - -- vpmsumd 24, 14, 19 # H4.H * X.H -- vpmsumd 25, 11, 20 -- vpmsumd 26, 8, 21 -- vpmsumd 27, 5, 22 -+ vxor \\H, 22, 23 -+.endm - -- vxor 24, 24, 25 -- vxor 24, 24, 26 -- vxor 24, 24, 27 # H -+# -+# LOAD_HASH_TABLE -+# Xi = v0 -+# H Poly = v2 -+# Hash keys = v3 - v14 -+# -+.macro LOAD_HASH_TABLE -+ # Load Xi -+ lxvb16x 32, 0, 8 # load Xi - -- vxor 24, 24, 29 # H + mH -+ vxor 1, 1, 1 - -- # sum hash and reduction with H Poly -- vsldoi 27, 23, 23, 8 # swap -- vpmsumd 23, 23, 2 -- vxor 27, 27, 24 -- vxor 23, 23, 27 -+ li 10, 32 -+ lxvd2x 2+32, 10, 8 # H Poli -+ -+ # load Hash - h^4, h^3, h^2, h -+ li 10, 64 -+ lxvd2x 4+32, 10, 8 # H -+ vsldoi 3, 1, 4, 8 # l -+ vsldoi 5, 4, 1, 8 # h -+ li 10, 112 -+ lxvd2x 7+32, 10, 8 # H^2 -+ vsldoi 6, 1, 7, 8 # l -+ vsldoi 8, 7, 1, 8 # h -+ li 10, 160 -+ lxvd2x 10+32, 10, 8 # H^3 -+ vsldoi 9, 1, 10, 8 # l -+ vsldoi 11, 10, 1, 8 # h -+ li 10, 208 -+ lxvd2x 13+32, 10, 8 # H^4 -+ vsldoi 12, 1, 13, 8 # l -+ vsldoi 14, 13, 1, 8 # h -+.endm - -- xxlor 32, 23+32, 23+32 # update hash -+.macro PROCESS_8X_AES_STATES -+ vcipherlast 15, 15, 1 -+ vcipherlast 16, 16, 1 -+ vcipherlast 17, 17, 1 -+ vcipherlast 18, 18, 1 -+ vcipherlast 19, 19, 1 -+ vcipherlast 20, 20, 1 -+ vcipherlast 21, 21, 1 -+ vcipherlast 22, 22, 1 -+ -+ lxvb16x 32+23, 0, 14 # load block -+ lxvb16x 32+24, 15, 14 # load block -+ lxvb16x 32+25, 16, 14 # load block -+ lxvb16x 32+26, 17, 14 # load block -+ lxvb16x 32+27, 18, 14 # load block -+ lxvb16x 32+28, 19, 14 # load block -+ lxvb16x 32+29, 20, 14 # load block -+ lxvb16x 32+30, 21, 14 # load block -+ addi 14, 14, 128 -+ -+ vxor 15, 15, 23 -+ vxor 16, 16, 24 -+ vxor 17, 17, 25 -+ vxor 18, 18, 26 -+ vxor 19, 19, 27 -+ vxor 20, 20, 28 -+ vxor 21, 21, 29 -+ vxor 22, 22, 30 -+ -+ stxvb16x 47, 0, 9 # store output -+ stxvb16x 48, 15, 9 # store output -+ stxvb16x 49, 16, 9 # store output -+ stxvb16x 50, 17, 9 # store output -+ stxvb16x 51, 18, 9 # store output -+ stxvb16x 52, 19, 9 # store output -+ stxvb16x 53, 20, 9 # store output -+ stxvb16x 54, 21, 9 # store output -+ addi 9, 9, 128 -+.endm - -+.macro COMPUTE_STATES -+ xxlor 32+15, 9, 9 # last state -+ vadduwm 15, 15, 31 # state + counter -+ vadduwm 16, 15, 31 -+ vadduwm 17, 16, 31 -+ vadduwm 18, 17, 31 -+ vadduwm 19, 18, 31 -+ vadduwm 20, 19, 31 -+ vadduwm 21, 20, 31 -+ vadduwm 22, 21, 31 -+ xxlor 9, 32+22, 32+22 # save last state -+ -+ xxlxor 32+15, 32+15, 0 # IV + round key - add round key 0 -+ xxlxor 32+16, 32+16, 0 -+ xxlxor 32+17, 32+17, 0 -+ xxlxor 32+18, 32+18, 0 -+ xxlxor 32+19, 32+19, 0 -+ xxlxor 32+20, 32+20, 0 -+ xxlxor 32+21, 32+21, 0 -+ xxlxor 32+22, 32+22, 0 - .endm - -+################################################################################ -+# Compute AES and ghash one block at a time. -+# r23: AES rounds -+# v30: current IV -+# vs0: roundkey 0 - # --# Compute update single hash --# --.macro ppc_update_hash_1x -- vxor 28, 28, 0 -+################################################################################ -+.align 4 -+aes_gcm_crypt_1x: -+.localentry aes_gcm_crypt_1x,0 - -- vxor 19, 19, 19 -+ cmpdi 5, 16 -+ bge __More_1x -+ blr -+__More_1x: -+ li 10, 16 -+ divdu 12, 5, 10 - -- vpmsumd 22, 3, 28 # L -- vpmsumd 23, 4, 28 # M -- vpmsumd 24, 5, 28 # H -+ xxlxor 32+15, 32+30, 0 - -- vpmsumd 27, 22, 2 # reduction -+ # Pre-load 8 AES rounds to scratch vectors. -+ lxv 32+16, 16(6) # round key 1 -+ lxv 32+17, 32(6) # round key 2 -+ lxv 32+18, 48(6) # round key 3 -+ lxv 32+19, 64(6) # round key 4 -+ lxv 32+20, 80(6) # round key 5 -+ lxv 32+21, 96(6) # round key 6 -+ lxv 32+28, 112(6) # round key 7 -+ lxv 32+29, 128(6) # round key 8 - -- vsldoi 25, 23, 19, 8 # mL -- vsldoi 26, 19, 23, 8 # mH -- vxor 22, 22, 25 # LL + LL -- vxor 24, 24, 26 # HH + HH -+ lwz 23, 240(6) # n rounds -+ addi 22, 23, -9 # remaining AES rounds - -- vsldoi 22, 22, 22, 8 # swap -- vxor 22, 22, 27 -+ cmpdi 12, 0 -+ bgt __Loop_1x -+ blr -+ -+__Loop_1x: -+ mtctr 22 -+ addi 10, 6, 144 -+ vcipher 15, 15, 16 -+ vcipher 15, 15, 17 -+ vcipher 15, 15, 18 -+ vcipher 15, 15, 19 -+ vcipher 15, 15, 20 -+ vcipher 15, 15, 21 -+ vcipher 15, 15, 28 -+ vcipher 15, 15, 29 - -- vsldoi 20, 22, 22, 8 # swap -- vpmsumd 22, 22, 2 # reduction -- vxor 20, 20, 24 -- vxor 22, 22, 20 -+__Loop_aes_1state: -+ lxv 32+1, 0(10) -+ vcipher 15, 15, 1 -+ addi 10, 10, 16 -+ bdnz __Loop_aes_1state -+ lxv 32+1, 0(10) # last round key -+ lxvb16x 11, 0, 14 # load input block -+ vcipherlast 15, 15, 1 - -- vmr 0, 22 # update hash -+ xxlxor 32+15, 32+15, 11 -+ stxvb16x 32+15, 0, 9 # store output -+ addi 14, 14, 16 -+ addi 9, 9, 16 - --.endm -+ cmpdi 24, 0 # decrypt? -+ bne __Encrypt_1x -+ xxlor 15+32, 11, 11 -+__Encrypt_1x: -+ vxor 15, 15, 0 -+ PPC_GHASH1x 0, 15 -+ -+ addi 5, 5, -16 -+ addi 11, 11, 16 - -+ vadduwm 30, 30, 31 # IV + counter -+ xxlxor 32+15, 32+30, 0 -+ addi 12, 12, -1 -+ cmpdi 12, 0 -+ bgt __Loop_1x -+ -+ stxvb16x 32+0, 0, 8 # update Xi -+ blr -+.size aes_gcm_crypt_1x,.-aes_gcm_crypt_1x -+ -+################################################################################ -+# Process a normal partial block when we come here. -+# Compute partial mask, Load and store partial block to stack. -+# Compute AES state. -+# Compute ghash. - # -+################################################################################ -+.align 4 -+__Process_partial: -+.localentry __Process_partial,0 -+ -+ # create partial mask -+ vspltisb 16, -1 -+ li 12, 16 -+ sub 12, 12, 5 -+ sldi 12, 12, 3 -+ mtvsrdd 32+17, 0, 12 -+ vslo 16, 16, 17 # partial block mask -+ -+ lxvb16x 11, 0, 14 # load partial block -+ xxland 11, 11, 32+16 -+ -+ # AES crypt partial -+ xxlxor 32+15, 32+30, 0 -+ lwz 23, 240(6) # n rounds -+ addi 22, 23, -1 # loop - 1 -+ mtctr 22 -+ addi 10, 6, 16 -+ -+__Loop_aes_pstate: -+ lxv 32+1, 0(10) -+ vcipher 15, 15, 1 -+ addi 10, 10, 16 -+ bdnz __Loop_aes_pstate -+ lxv 32+1, 0(10) # last round key -+ vcipherlast 15, 15, 1 -+ -+ xxlxor 32+15, 32+15, 11 -+ vand 15, 15, 16 -+ -+ # AES crypt output v15 -+ # Write partial -+ li 10, 224 -+ stxvb16x 15+32, 10, 1 # write v15 to stack -+ addi 10, 1, 223 -+ addi 12, 9, -1 -+ mtctr 5 # partial block len -+__Write_partial: -+ lbzu 22, 1(10) -+ stbu 22, 1(12) -+ bdnz __Write_partial -+ -+ cmpdi 24, 0 # decrypt? -+ bne __Encrypt_partial -+ xxlor 32+15, 11, 11 # decrypt using the input block -+__Encrypt_partial: -+ vxor 15, 15, 0 # ^ previous hash -+ PPC_GHASH1x 0, 15 -+ li 5, 0 # done last byte -+ stxvb16x 32+0, 0, 8 # Update X1 -+ blr -+.size __Process_partial,.-__Process_partial -+ -+################################################################################ - # ppc_aes_gcm_encrypt (const void *inp, void *out, size_t len, --# const AES_KEY *key, unsigned char iv[16], --# void *Xip); -+# const char *rk, unsigned char iv[16], void *Xip); - # - # r3 - inp - # r4 - out -@@ -454,159 +557,85 @@ ppc_aes_gcm_ghash: - # r7 - iv - # r8 - Xi, HPoli, hash keys - # -+# rounds is at offset 240 in rk -+# Xi is at 0 in gcm_table (Xip). -+# -+################################################################################ - .global ppc_aes_gcm_encrypt - .align 5 - ppc_aes_gcm_encrypt: --_ppc_aes_gcm_encrypt: -+.localentry ppc_aes_gcm_encrypt,0 - -- stdu 1,-512(1) -- mflr 0 -- -- std 14,112(1) -- std 15,120(1) -- std 16,128(1) -- std 17,136(1) -- std 18,144(1) -- std 19,152(1) -- std 20,160(1) -- std 21,168(1) -- li 9, 256 -- stvx 20, 9, 1 -- addi 9, 9, 16 -- stvx 21, 9, 1 -- addi 9, 9, 16 -- stvx 22, 9, 1 -- addi 9, 9, 16 -- stvx 23, 9, 1 -- addi 9, 9, 16 -- stvx 24, 9, 1 -- addi 9, 9, 16 -- stvx 25, 9, 1 -- addi 9, 9, 16 -- stvx 26, 9, 1 -- addi 9, 9, 16 -- stvx 27, 9, 1 -- addi 9, 9, 16 -- stvx 28, 9, 1 -- addi 9, 9, 16 -- stvx 29, 9, 1 -- addi 9, 9, 16 -- stvx 30, 9, 1 -- addi 9, 9, 16 -- stvx 31, 9, 1 -- std 0, 528(1) -- -- # Load Xi -- lxvb16x 32, 0, 8 # load Xi -- -- # load Hash - h^4, h^3, h^2, h -- li 10, 32 -- lxvd2x 2+32, 10, 8 # H Poli -- li 10, 48 -- lxvd2x 3+32, 10, 8 # Hl -- li 10, 64 -- lxvd2x 4+32, 10, 8 # H -- li 10, 80 -- lxvd2x 5+32, 10, 8 # Hh -- -- li 10, 96 -- lxvd2x 6+32, 10, 8 # H^2l -- li 10, 112 -- lxvd2x 7+32, 10, 8 # H^2 -- li 10, 128 -- lxvd2x 8+32, 10, 8 # H^2h -- -- li 10, 144 -- lxvd2x 9+32, 10, 8 # H^3l -- li 10, 160 -- lxvd2x 10+32, 10, 8 # H^3 -- li 10, 176 -- lxvd2x 11+32, 10, 8 # H^3h -- -- li 10, 192 -- lxvd2x 12+32, 10, 8 # H^4l -- li 10, 208 -- lxvd2x 13+32, 10, 8 # H^4 -- li 10, 224 -- lxvd2x 14+32, 10, 8 # H^4h -+ SAVE_REGS -+ LOAD_HASH_TABLE - - # initialize ICB: GHASH( IV ), IV - r7 - lxvb16x 30+32, 0, 7 # load IV - v30 - -- mr 12, 5 # length -- li 11, 0 # block index -+ mr 14, 3 -+ mr 9, 4 - - # counter 1 - vxor 31, 31, 31 - vspltisb 22, 1 - vsldoi 31, 31, 22,1 # counter 1 - -- # load round key to VSR -- lxv 0, 0(6) -- lxv 1, 0x10(6) -- lxv 2, 0x20(6) -- lxv 3, 0x30(6) -- lxv 4, 0x40(6) -- lxv 5, 0x50(6) -- lxv 6, 0x60(6) -- lxv 7, 0x70(6) -- lxv 8, 0x80(6) -- lxv 9, 0x90(6) -- lxv 10, 0xa0(6) -+ addis 11, 2, permx\@toc\@ha -+ addi 11, 11, permx\@toc\@l -+ lxv 10, 0(11) # vs10: vpermxor vector -+ li 11, 0 - -- # load rounds - 10 (128), 12 (192), 14 (256) -- lwz 9,240(6) -+ lxv 0, 0(6) # round key 0 - - # -- # vxor state, state, w # addroundkey -- xxlor 32+29, 0, 0 -- vxor 15, 30, 29 # IV + round key - add round key 0 -- -- cmpdi 9, 10 -- beq Loop_aes_gcm_8x -- -- # load 2 more round keys (v11, v12) -- lxv 11, 0xb0(6) -- lxv 12, 0xc0(6) -- -- cmpdi 9, 12 -- beq Loop_aes_gcm_8x -- -- # load 2 more round keys (v11, v12, v13, v14) -- lxv 13, 0xd0(6) -- lxv 14, 0xe0(6) -- cmpdi 9, 14 -- beq Loop_aes_gcm_8x -- -- b aes_gcm_out -+ # Process different blocks -+ # -+ cmpdi 5, 128 -+ blt __Process_more_enc -+ -+ # load 9 round keys -+ lxv 32+23, 16(6) # round key 1 -+ lxv 32+24, 32(6) # round key 2 -+ lxv 32+25, 48(6) # round key 3 -+ lxv 32+26, 64(6) # round key 4 -+ lxv 32+27, 80(6) # round key 5 -+ lxv 32+28, 96(6) # round key 6 -+ lxv 32+29, 112(6) # round key 7 -+ lxv 32+1, 128(6) # round key 8 - --.align 5 --Loop_aes_gcm_8x: -- mr 14, 3 -- mr 9, 4 -+ # load rounds - 10 (128), 12 (192), 14 (256) -+ lwz 23, 240(6) # n rounds - -- # n blocks -+__Process_encrypt: -+# -+# Process 8x AES/GCM blocks -+# -+__Process_8x_enc: -+ # 8x blocks - li 10, 128 -- divdu 10, 5, 10 # n 128 bytes-blocks -- cmpdi 10, 0 -- beq Loop_last_block -- -- vaddudm 30, 30, 31 # IV + counter -- vxor 16, 30, 29 -- vaddudm 30, 30, 31 -- vxor 17, 30, 29 -- vaddudm 30, 30, 31 -- vxor 18, 30, 29 -- vaddudm 30, 30, 31 -- vxor 19, 30, 29 -- vaddudm 30, 30, 31 -- vxor 20, 30, 29 -- vaddudm 30, 30, 31 -- vxor 21, 30, 29 -- vaddudm 30, 30, 31 -- vxor 22, 30, 29 -- -- mtctr 10 -+ divdu 12, 5, 10 # n 128 bytes-blocks -+ -+ addi 12, 12, -1 # loop - 1 -+ -+ vmr 15, 30 # first state: IV -+ vadduwm 16, 15, 31 # state + counter -+ vadduwm 17, 16, 31 -+ vadduwm 18, 17, 31 -+ vadduwm 19, 18, 31 -+ vadduwm 20, 19, 31 -+ vadduwm 21, 20, 31 -+ vadduwm 22, 21, 31 -+ xxlor 9, 32+22, 32+22 # save last state -+ -+ # vxor state, state, w # addroundkey -+ xxlxor 32+15, 32+15, 0 # IV + round key - add round key 0 -+ xxlxor 32+16, 32+16, 0 -+ xxlxor 32+17, 32+17, 0 -+ xxlxor 32+18, 32+18, 0 -+ xxlxor 32+19, 32+19, 0 -+ xxlxor 32+20, 32+20, 0 -+ xxlxor 32+21, 32+21, 0 -+ xxlxor 32+22, 32+22, 0 - - li 15, 16 - li 16, 32 -@@ -616,523 +645,185 @@ Loop_aes_gcm_8x: - li 20, 96 - li 21, 112 - -- lwz 10, 240(6) -- --Loop_8x_block: -- -- lxvb16x 15, 0, 14 # load block -- lxvb16x 16, 15, 14 # load block -- lxvb16x 17, 16, 14 # load block -- lxvb16x 18, 17, 14 # load block -- lxvb16x 19, 18, 14 # load block -- lxvb16x 20, 19, 14 # load block -- lxvb16x 21, 20, 14 # load block -- lxvb16x 22, 21, 14 # load block -- addi 14, 14, 128 -- -- Loop_aes_middle8x -- -- xxlor 23+32, 10, 10 -- -- cmpdi 10, 10 -- beq Do_next_ghash -- -- # 192 bits -- xxlor 24+32, 11, 11 -- -- vcipher 15, 15, 23 -- vcipher 16, 16, 23 -- vcipher 17, 17, 23 -- vcipher 18, 18, 23 -- vcipher 19, 19, 23 -- vcipher 20, 20, 23 -- vcipher 21, 21, 23 -- vcipher 22, 22, 23 -- -- vcipher 15, 15, 24 -- vcipher 16, 16, 24 -- vcipher 17, 17, 24 -- vcipher 18, 18, 24 -- vcipher 19, 19, 24 -- vcipher 20, 20, 24 -- vcipher 21, 21, 24 -- vcipher 22, 22, 24 -- -- xxlor 23+32, 12, 12 -- -- cmpdi 10, 12 -- beq Do_next_ghash -- -- # 256 bits -- xxlor 24+32, 13, 13 -- -- vcipher 15, 15, 23 -- vcipher 16, 16, 23 -- vcipher 17, 17, 23 -- vcipher 18, 18, 23 -- vcipher 19, 19, 23 -- vcipher 20, 20, 23 -- vcipher 21, 21, 23 -- vcipher 22, 22, 23 -- -- vcipher 15, 15, 24 -- vcipher 16, 16, 24 -- vcipher 17, 17, 24 -- vcipher 18, 18, 24 -- vcipher 19, 19, 24 -- vcipher 20, 20, 24 -- vcipher 21, 21, 24 -- vcipher 22, 22, 24 -- -- xxlor 23+32, 14, 14 -- -- cmpdi 10, 14 -- beq Do_next_ghash -- b aes_gcm_out -- --Do_next_ghash: -- - # -- # last round -- vcipherlast 15, 15, 23 -- vcipherlast 16, 16, 23 -- -- xxlxor 47, 47, 15 -- stxvb16x 47, 0, 9 # store output -- xxlxor 48, 48, 16 -- stxvb16x 48, 15, 9 # store output -- -- vcipherlast 17, 17, 23 -- vcipherlast 18, 18, 23 -+ # Pre-compute first 8 AES state and leave 1/3/5 more rounds -+ # for the loop. -+ # -+ addi 22, 23, -9 # process 8 keys -+ mtctr 22 # AES key loop -+ addi 10, 6, 144 - -- xxlxor 49, 49, 17 -- stxvb16x 49, 16, 9 # store output -- xxlxor 50, 50, 18 -- stxvb16x 50, 17, 9 # store output -+ LOOP_8AES_STATE # process 8 AES keys - -- vcipherlast 19, 19, 23 -- vcipherlast 20, 20, 23 -+__PreLoop_aes_state: -+ lxv 32+1, 0(10) # round key -+ AES_CIPHER_8x 1 -+ addi 10, 10, 16 -+ bdnz __PreLoop_aes_state -+ lxv 32+1, 0(10) # last round key (v1) - -- xxlxor 51, 51, 19 -- stxvb16x 51, 18, 9 # store output -- xxlxor 52, 52, 20 -- stxvb16x 52, 19, 9 # store output -+ cmpdi 12, 0 # Only one loop (8 block) -+ beq __Finish_ghash - -- vcipherlast 21, 21, 23 -- vcipherlast 22, 22, 23 -+# -+# Loop 8x blocks and compute ghash -+# -+__Loop_8x_block_enc: -+ PROCESS_8X_AES_STATES - -- xxlxor 53, 53, 21 -- stxvb16x 53, 20, 9 # store output -- xxlxor 54, 54, 22 -- stxvb16x 54, 21, 9 # store output -+ # Compute ghash here -+ vxor 15, 15, 0 -+ PPC_GFMUL128_8x - -- addi 9, 9, 128 -+ COMPUTE_STATES - -- # ghash here -- ppc_aes_gcm_ghash2_4x -- -- xxlor 27+32, 0, 0 -- vaddudm 30, 30, 31 # IV + counter -- vmr 29, 30 -- vxor 15, 30, 27 # add round key -- vaddudm 30, 30, 31 -- vxor 16, 30, 27 -- vaddudm 30, 30, 31 -- vxor 17, 30, 27 -- vaddudm 30, 30, 31 -- vxor 18, 30, 27 -- vaddudm 30, 30, 31 -- vxor 19, 30, 27 -- vaddudm 30, 30, 31 -- vxor 20, 30, 27 -- vaddudm 30, 30, 31 -- vxor 21, 30, 27 -- vaddudm 30, 30, 31 -- vxor 22, 30, 27 -- -- addi 12, 12, -128 -+ addi 5, 5, -128 - addi 11, 11, 128 - -- bdnz Loop_8x_block -- -- vmr 30, 29 -- --Loop_last_block: -- cmpdi 12, 0 -- beq aes_gcm_out -- -- # loop last few blocks -- li 10, 16 -- divdu 10, 12, 10 -- -- mtctr 10 -- -- lwz 10, 240(6) -- -- cmpdi 12, 16 -- blt Final_block -- --.macro Loop_aes_middle_1x -- xxlor 19+32, 1, 1 -- xxlor 20+32, 2, 2 -- xxlor 21+32, 3, 3 -- xxlor 22+32, 4, 4 -- -- vcipher 15, 15, 19 -- vcipher 15, 15, 20 -- vcipher 15, 15, 21 -- vcipher 15, 15, 22 -- -- xxlor 19+32, 5, 5 -- xxlor 20+32, 6, 6 -- xxlor 21+32, 7, 7 -- xxlor 22+32, 8, 8 -- -- vcipher 15, 15, 19 -- vcipher 15, 15, 20 -- vcipher 15, 15, 21 -- vcipher 15, 15, 22 -- -- xxlor 19+32, 9, 9 -- vcipher 15, 15, 19 --.endm -- --Next_rem_block: -- lxvb16x 15, 0, 14 # load block -- -- Loop_aes_middle_1x -- -- xxlor 23+32, 10, 10 -- -- cmpdi 10, 10 -- beq Do_next_1x -- -- # 192 bits -- xxlor 24+32, 11, 11 -- -- vcipher 15, 15, 23 -- vcipher 15, 15, 24 -- -- xxlor 23+32, 12, 12 -- -- cmpdi 10, 12 -- beq Do_next_1x -- -- # 256 bits -- xxlor 24+32, 13, 13 -- -- vcipher 15, 15, 23 -- vcipher 15, 15, 24 -- -- xxlor 23+32, 14, 14 -- -- cmpdi 10, 14 -- beq Do_next_1x -- --Do_next_1x: -- vcipherlast 15, 15, 23 -- -- xxlxor 47, 47, 15 -- stxvb16x 47, 0, 9 # store output -- addi 14, 14, 16 -- addi 9, 9, 16 -- -- vmr 28, 15 -- ppc_update_hash_1x -- -- addi 12, 12, -16 -- addi 11, 11, 16 -- xxlor 19+32, 0, 0 -- vaddudm 30, 30, 31 # IV + counter -- vxor 15, 30, 19 # add round key -+ lxv 32+23, 16(6) # round key 1 -+ lxv 32+24, 32(6) # round key 2 -+ lxv 32+25, 48(6) # round key 3 -+ lxv 32+26, 64(6) # round key 4 -+ lxv 32+27, 80(6) # round key 5 -+ lxv 32+28, 96(6) # round key 6 -+ lxv 32+29, 112(6) # round key 7 -+ lxv 32+1, 128(6) # round key 8 -+ -+ # Compute first 8 AES state and leave 1/3/5 more rounds -+ # for the loop. -+ LOOP_8AES_STATE # process 8 AES keys -+ mtctr 22 # AES key loop -+ addi 10, 6, 144 -+ -+__LastLoop_aes_state: -+ lxv 32+1, 0(10) # round key -+ AES_CIPHER_8x 1 -+ addi 10, 10, 16 -+ bdnz __LastLoop_aes_state - -- bdnz Next_rem_block -+ lxv 32+1, 0(10) # last round key (v1) - -+ addi 12, 12, -1 - cmpdi 12, 0 -- beq aes_gcm_out -- --Final_block: -- Loop_aes_middle_1x -- -- xxlor 23+32, 10, 10 -- -- cmpdi 10, 10 -- beq Do_final_1x -- -- # 192 bits -- xxlor 24+32, 11, 11 -- -- vcipher 15, 15, 23 -- vcipher 15, 15, 24 -+ bne __Loop_8x_block_enc - -- xxlor 23+32, 12, 12 -- -- cmpdi 10, 12 -- beq Do_final_1x -- -- # 256 bits -- xxlor 24+32, 13, 13 -- -- vcipher 15, 15, 23 -- vcipher 15, 15, 24 -- -- xxlor 23+32, 14, 14 -- -- cmpdi 10, 14 -- beq Do_final_1x -- --Do_final_1x: -- vcipherlast 15, 15, 23 -- -- lxvb16x 15, 0, 14 # load last block -- xxlxor 47, 47, 15 -- -- # create partial block mask -- li 15, 16 -- sub 15, 15, 12 # index to the mask -- -- vspltisb 16, -1 # first 16 bytes - 0xffff...ff -- vspltisb 17, 0 # second 16 bytes - 0x0000...00 -- li 10, 192 -- stvx 16, 10, 1 -- addi 10, 10, 16 -- stvx 17, 10, 1 -- -- addi 10, 1, 192 -- lxvb16x 16, 15, 10 # load partial block mask -- xxland 47, 47, 16 -- -- vmr 28, 15 -- ppc_update_hash_1x -+ # -+ # Remainng blocks -+ # -+__Finish_ghash: -+ PROCESS_8X_AES_STATES - -- # * should store only the remaining bytes. -- bl Write_partial_block -+ # Compute ghash here -+ vxor 15, 15, 0 -+ PPC_GFMUL128_8x - -- b aes_gcm_out -+ # Update IV and Xi -+ xxlor 30+32, 9, 9 # last ctr -+ vadduwm 30, 30, 31 # increase ctr -+ stxvb16x 32+0, 0, 8 # update Xi - --# --# Write partial block --# r9 - output --# r12 - remaining bytes --# v15 - partial input data --# --Write_partial_block: -- li 10, 192 -- stxvb16x 15+32, 10, 1 # last block -+ addi 5, 5, -128 -+ addi 11, 11, 128 - -- #add 10, 9, 11 # Output -- addi 10, 9, -1 -- addi 16, 1, 191 -+ # -+ # Done 8x blocks -+ # - -- mtctr 12 # remaining bytes -- li 15, 0 -+ cmpdi 5, 0 -+ beq aes_gcm_out - --Write_last_byte: -- lbzu 14, 1(16) -- stbu 14, 1(10) -- bdnz Write_last_byte -- blr -+__Process_more_enc: -+ li 24, 1 # encrypt -+ bl aes_gcm_crypt_1x -+ cmpdi 5, 0 -+ beq aes_gcm_out - --aes_gcm_out: -- # out = state -- stxvb16x 32, 0, 8 # write out Xi -- add 3, 11, 12 # return count -+ bl __Process_partial -+ b aes_gcm_out - -- li 9, 256 -- lvx 20, 9, 1 -- addi 9, 9, 16 -- lvx 21, 9, 1 -- addi 9, 9, 16 -- lvx 22, 9, 1 -- addi 9, 9, 16 -- lvx 23, 9, 1 -- addi 9, 9, 16 -- lvx 24, 9, 1 -- addi 9, 9, 16 -- lvx 25, 9, 1 -- addi 9, 9, 16 -- lvx 26, 9, 1 -- addi 9, 9, 16 -- lvx 27, 9, 1 -- addi 9, 9, 16 -- lvx 28, 9, 1 -- addi 9, 9, 16 -- lvx 29, 9, 1 -- addi 9, 9, 16 -- lvx 30, 9, 1 -- addi 9, 9, 16 -- lvx 31, 9, 1 -- -- ld 0, 528(1) -- ld 14,112(1) -- ld 15,120(1) -- ld 16,128(1) -- ld 17,136(1) -- ld 18,144(1) -- ld 19,152(1) -- ld 20,160(1) -- ld 21,168(1) -- -- mtlr 0 -- addi 1, 1, 512 -- blr -+.size ppc_aes_gcm_encrypt,.-ppc_aes_gcm_encrypt - --# -+################################################################################ -+# ppc_aes_gcm_decrypt (const void *inp, void *out, size_t len, -+# const char *rk, unsigned char iv[16], void *Xip); - # 8x Decrypt - # -+################################################################################ - .global ppc_aes_gcm_decrypt - .align 5 - ppc_aes_gcm_decrypt: --_ppc_aes_gcm_decrypt: -- -- stdu 1,-512(1) -- mflr 0 -- -- std 14,112(1) -- std 15,120(1) -- std 16,128(1) -- std 17,136(1) -- std 18,144(1) -- std 19,152(1) -- std 20,160(1) -- std 21,168(1) -- li 9, 256 -- stvx 20, 9, 1 -- addi 9, 9, 16 -- stvx 21, 9, 1 -- addi 9, 9, 16 -- stvx 22, 9, 1 -- addi 9, 9, 16 -- stvx 23, 9, 1 -- addi 9, 9, 16 -- stvx 24, 9, 1 -- addi 9, 9, 16 -- stvx 25, 9, 1 -- addi 9, 9, 16 -- stvx 26, 9, 1 -- addi 9, 9, 16 -- stvx 27, 9, 1 -- addi 9, 9, 16 -- stvx 28, 9, 1 -- addi 9, 9, 16 -- stvx 29, 9, 1 -- addi 9, 9, 16 -- stvx 30, 9, 1 -- addi 9, 9, 16 -- stvx 31, 9, 1 -- std 0, 528(1) -- -- # Load Xi -- lxvb16x 32, 0, 8 # load Xi -- -- # load Hash - h^4, h^3, h^2, h -- li 10, 32 -- lxvd2x 2+32, 10, 8 # H Poli -- li 10, 48 -- lxvd2x 3+32, 10, 8 # Hl -- li 10, 64 -- lxvd2x 4+32, 10, 8 # H -- li 10, 80 -- lxvd2x 5+32, 10, 8 # Hh -- -- li 10, 96 -- lxvd2x 6+32, 10, 8 # H^2l -- li 10, 112 -- lxvd2x 7+32, 10, 8 # H^2 -- li 10, 128 -- lxvd2x 8+32, 10, 8 # H^2h -+.localentry ppc_aes_gcm_decrypt, 0 - -- li 10, 144 -- lxvd2x 9+32, 10, 8 # H^3l -- li 10, 160 -- lxvd2x 10+32, 10, 8 # H^3 -- li 10, 176 -- lxvd2x 11+32, 10, 8 # H^3h -- -- li 10, 192 -- lxvd2x 12+32, 10, 8 # H^4l -- li 10, 208 -- lxvd2x 13+32, 10, 8 # H^4 -- li 10, 224 -- lxvd2x 14+32, 10, 8 # H^4h -+ SAVE_REGS -+ LOAD_HASH_TABLE - - # initialize ICB: GHASH( IV ), IV - r7 - lxvb16x 30+32, 0, 7 # load IV - v30 - -- mr 12, 5 # length -- li 11, 0 # block index -+ mr 14, 3 -+ mr 9, 4 - - # counter 1 - vxor 31, 31, 31 - vspltisb 22, 1 - vsldoi 31, 31, 22,1 # counter 1 - -- # load round key to VSR -- lxv 0, 0(6) -- lxv 1, 0x10(6) -- lxv 2, 0x20(6) -- lxv 3, 0x30(6) -- lxv 4, 0x40(6) -- lxv 5, 0x50(6) -- lxv 6, 0x60(6) -- lxv 7, 0x70(6) -- lxv 8, 0x80(6) -- lxv 9, 0x90(6) -- lxv 10, 0xa0(6) -+ addis 11, 2, permx\@toc\@ha -+ addi 11, 11, permx\@toc\@l -+ lxv 10, 0(11) # vs10: vpermxor vector -+ li 11, 0 - -- # load rounds - 10 (128), 12 (192), 14 (256) -- lwz 9,240(6) -+ lxv 0, 0(6) # round key 0 - - # -- # vxor state, state, w # addroundkey -- xxlor 32+29, 0, 0 -- vxor 15, 30, 29 # IV + round key - add round key 0 -- -- cmpdi 9, 10 -- beq Loop_aes_gcm_8x_dec -- -- # load 2 more round keys (v11, v12) -- lxv 11, 0xb0(6) -- lxv 12, 0xc0(6) -- -- cmpdi 9, 12 -- beq Loop_aes_gcm_8x_dec -- -- # load 2 more round keys (v11, v12, v13, v14) -- lxv 13, 0xd0(6) -- lxv 14, 0xe0(6) -- cmpdi 9, 14 -- beq Loop_aes_gcm_8x_dec -- -- b aes_gcm_out -+ # Process different blocks -+ # -+ cmpdi 5, 128 -+ blt __Process_more_dec -+ -+ # load 9 round keys -+ lxv 32+23, 16(6) # round key 1 -+ lxv 32+24, 32(6) # round key 2 -+ lxv 32+25, 48(6) # round key 3 -+ lxv 32+26, 64(6) # round key 4 -+ lxv 32+27, 80(6) # round key 5 -+ lxv 32+28, 96(6) # round key 6 -+ lxv 32+29, 112(6) # round key 7 -+ lxv 32+1, 128(6) # round key 8 - --.align 5 --Loop_aes_gcm_8x_dec: -- mr 14, 3 -- mr 9, 4 -+ # load rounds - 10 (128), 12 (192), 14 (256) -+ lwz 23, 240(6) # n rounds - -- # n blocks -+__Process_decrypt: -+# -+# Process 8x AES/GCM blocks -+# -+__Process_8x_dec: -+ # 8x blocks - li 10, 128 -- divdu 10, 5, 10 # n 128 bytes-blocks -- cmpdi 10, 0 -- beq Loop_last_block_dec -- -- vaddudm 30, 30, 31 # IV + counter -- vxor 16, 30, 29 -- vaddudm 30, 30, 31 -- vxor 17, 30, 29 -- vaddudm 30, 30, 31 -- vxor 18, 30, 29 -- vaddudm 30, 30, 31 -- vxor 19, 30, 29 -- vaddudm 30, 30, 31 -- vxor 20, 30, 29 -- vaddudm 30, 30, 31 -- vxor 21, 30, 29 -- vaddudm 30, 30, 31 -- vxor 22, 30, 29 -- -- mtctr 10 -+ divdu 12, 5, 10 # n 128 bytes-blocks -+ -+ addi 12, 12, -1 # loop - 1 -+ -+ vmr 15, 30 # first state: IV -+ vadduwm 16, 15, 31 # state + counter -+ vadduwm 17, 16, 31 -+ vadduwm 18, 17, 31 -+ vadduwm 19, 18, 31 -+ vadduwm 20, 19, 31 -+ vadduwm 21, 20, 31 -+ vadduwm 22, 21, 31 -+ xxlor 9, 32+22, 32+22 # save last state -+ -+ # vxor state, state, w # addroundkey -+ xxlxor 32+15, 32+15, 0 # IV + round key - add round key 0 -+ xxlxor 32+16, 32+16, 0 -+ xxlxor 32+17, 32+17, 0 -+ xxlxor 32+18, 32+18, 0 -+ xxlxor 32+19, 32+19, 0 -+ xxlxor 32+20, 32+20, 0 -+ xxlxor 32+21, 32+21, 0 -+ xxlxor 32+22, 32+22, 0 - - li 15, 16 - li 16, 32 -@@ -1142,297 +833,219 @@ Loop_aes_gcm_8x_dec: - li 20, 96 - li 21, 112 - -- lwz 10, 240(6) -- --Loop_8x_block_dec: -- -- lxvb16x 15, 0, 14 # load block -- lxvb16x 16, 15, 14 # load block -- lxvb16x 17, 16, 14 # load block -- lxvb16x 18, 17, 14 # load block -- lxvb16x 19, 18, 14 # load block -- lxvb16x 20, 19, 14 # load block -- lxvb16x 21, 20, 14 # load block -- lxvb16x 22, 21, 14 # load block -- addi 14, 14, 128 -- -- Loop_aes_middle8x -- -- xxlor 23+32, 10, 10 -- -- cmpdi 10, 10 -- beq Do_last_aes_dec -- -- # 192 bits -- xxlor 24+32, 11, 11 -- -- vcipher 15, 15, 23 -- vcipher 16, 16, 23 -- vcipher 17, 17, 23 -- vcipher 18, 18, 23 -- vcipher 19, 19, 23 -- vcipher 20, 20, 23 -- vcipher 21, 21, 23 -- vcipher 22, 22, 23 -- -- vcipher 15, 15, 24 -- vcipher 16, 16, 24 -- vcipher 17, 17, 24 -- vcipher 18, 18, 24 -- vcipher 19, 19, 24 -- vcipher 20, 20, 24 -- vcipher 21, 21, 24 -- vcipher 22, 22, 24 -- -- xxlor 23+32, 12, 12 -- -- cmpdi 10, 12 -- beq Do_last_aes_dec -- -- # 256 bits -- xxlor 24+32, 13, 13 -- -- vcipher 15, 15, 23 -- vcipher 16, 16, 23 -- vcipher 17, 17, 23 -- vcipher 18, 18, 23 -- vcipher 19, 19, 23 -- vcipher 20, 20, 23 -- vcipher 21, 21, 23 -- vcipher 22, 22, 23 -- -- vcipher 15, 15, 24 -- vcipher 16, 16, 24 -- vcipher 17, 17, 24 -- vcipher 18, 18, 24 -- vcipher 19, 19, 24 -- vcipher 20, 20, 24 -- vcipher 21, 21, 24 -- vcipher 22, 22, 24 -- -- xxlor 23+32, 14, 14 -- -- cmpdi 10, 14 -- beq Do_last_aes_dec -- b aes_gcm_out -- --Do_last_aes_dec: -- - # -- # last round -- vcipherlast 15, 15, 23 -- vcipherlast 16, 16, 23 -- -- xxlxor 47, 47, 15 -- stxvb16x 47, 0, 9 # store output -- xxlxor 48, 48, 16 -- stxvb16x 48, 15, 9 # store output -- -- vcipherlast 17, 17, 23 -- vcipherlast 18, 18, 23 -- -- xxlxor 49, 49, 17 -- stxvb16x 49, 16, 9 # store output -- xxlxor 50, 50, 18 -- stxvb16x 50, 17, 9 # store output -- -- vcipherlast 19, 19, 23 -- vcipherlast 20, 20, 23 -- -- xxlxor 51, 51, 19 -- stxvb16x 51, 18, 9 # store output -- xxlxor 52, 52, 20 -- stxvb16x 52, 19, 9 # store output -- -- vcipherlast 21, 21, 23 -- vcipherlast 22, 22, 23 -- -- xxlxor 53, 53, 21 -- stxvb16x 53, 20, 9 # store output -- xxlxor 54, 54, 22 -- stxvb16x 54, 21, 9 # store output -- -- addi 9, 9, 128 -- -- xxlor 15+32, 15, 15 -- xxlor 16+32, 16, 16 -- xxlor 17+32, 17, 17 -- xxlor 18+32, 18, 18 -- xxlor 19+32, 19, 19 -- xxlor 20+32, 20, 20 -- xxlor 21+32, 21, 21 -- xxlor 22+32, 22, 22 -- -- # ghash here -- ppc_aes_gcm_ghash2_4x -- -- xxlor 27+32, 0, 0 -- vaddudm 30, 30, 31 # IV + counter -- vmr 29, 30 -- vxor 15, 30, 27 # add round key -- vaddudm 30, 30, 31 -- vxor 16, 30, 27 -- vaddudm 30, 30, 31 -- vxor 17, 30, 27 -- vaddudm 30, 30, 31 -- vxor 18, 30, 27 -- vaddudm 30, 30, 31 -- vxor 19, 30, 27 -- vaddudm 30, 30, 31 -- vxor 20, 30, 27 -- vaddudm 30, 30, 31 -- vxor 21, 30, 27 -- vaddudm 30, 30, 31 -- vxor 22, 30, 27 -- addi 12, 12, -128 -- addi 11, 11, 128 -- -- bdnz Loop_8x_block_dec -- -- vmr 30, 29 -- --Loop_last_block_dec: -- cmpdi 12, 0 -- beq aes_gcm_out -- -- # loop last few blocks -- li 10, 16 -- divdu 10, 12, 10 -- -- mtctr 10 -- -- lwz 10,240(6) -- -- cmpdi 12, 16 -- blt Final_block_dec -- --Next_rem_block_dec: -- lxvb16x 15, 0, 14 # load block -- -- Loop_aes_middle_1x -- -- xxlor 23+32, 10, 10 -- -- cmpdi 10, 10 -- beq Do_next_1x_dec -- -- # 192 bits -- xxlor 24+32, 11, 11 -- -- vcipher 15, 15, 23 -- vcipher 15, 15, 24 -- -- xxlor 23+32, 12, 12 -- -- cmpdi 10, 12 -- beq Do_next_1x_dec -- -- # 256 bits -- xxlor 24+32, 13, 13 -- -- vcipher 15, 15, 23 -- vcipher 15, 15, 24 -+ # Pre-compute first 8 AES state and leave 1/3/5 more rounds -+ # for the loop. -+ # -+ addi 22, 23, -9 # process 8 keys -+ mtctr 22 # AES key loop -+ addi 10, 6, 144 - -- xxlor 23+32, 14, 14 -+ LOOP_8AES_STATE # process 8 AES keys - -- cmpdi 10, 14 -- beq Do_next_1x_dec -+__PreLoop_aes_state_dec: -+ lxv 32+1, 0(10) # round key -+ AES_CIPHER_8x 1 -+ addi 10, 10, 16 -+ bdnz __PreLoop_aes_state_dec -+ lxv 32+1, 0(10) # last round key (v1) - --Do_next_1x_dec: -- vcipherlast 15, 15, 23 -+ cmpdi 12, 0 # Only one loop (8 block) -+ beq __Finish_ghash_dec - -- xxlxor 47, 47, 15 -- stxvb16x 47, 0, 9 # store output -- addi 14, 14, 16 -- addi 9, 9, 16 -- -- xxlor 28+32, 15, 15 -- ppc_update_hash_1x -+# -+# Loop 8x blocks and compute ghash -+# -+__Loop_8x_block_dec: -+ vcipherlast 15, 15, 1 -+ vcipherlast 16, 16, 1 -+ vcipherlast 17, 17, 1 -+ vcipherlast 18, 18, 1 -+ vcipherlast 19, 19, 1 -+ vcipherlast 20, 20, 1 -+ vcipherlast 21, 21, 1 -+ vcipherlast 22, 22, 1 -+ -+ lxvb16x 32+23, 0, 14 # load block -+ lxvb16x 32+24, 15, 14 # load block -+ lxvb16x 32+25, 16, 14 # load block -+ lxvb16x 32+26, 17, 14 # load block -+ lxvb16x 32+27, 18, 14 # load block -+ lxvb16x 32+28, 19, 14 # load block -+ lxvb16x 32+29, 20, 14 # load block -+ lxvb16x 32+30, 21, 14 # load block -+ addi 14, 14, 128 -+ -+ vxor 15, 15, 23 -+ vxor 16, 16, 24 -+ vxor 17, 17, 25 -+ vxor 18, 18, 26 -+ vxor 19, 19, 27 -+ vxor 20, 20, 28 -+ vxor 21, 21, 29 -+ vxor 22, 22, 30 -+ -+ stxvb16x 47, 0, 9 # store output -+ stxvb16x 48, 15, 9 # store output -+ stxvb16x 49, 16, 9 # store output -+ stxvb16x 50, 17, 9 # store output -+ stxvb16x 51, 18, 9 # store output -+ stxvb16x 52, 19, 9 # store output -+ stxvb16x 53, 20, 9 # store output -+ stxvb16x 54, 21, 9 # store output -+ -+ addi 9, 9, 128 -+ -+ vmr 15, 23 -+ vmr 16, 24 -+ vmr 17, 25 -+ vmr 18, 26 -+ vmr 19, 27 -+ vmr 20, 28 -+ vmr 21, 29 -+ vmr 22, 30 - -- addi 12, 12, -16 -- addi 11, 11, 16 -- xxlor 19+32, 0, 0 -- vaddudm 30, 30, 31 # IV + counter -- vxor 15, 30, 19 # add round key -+ # ghash here -+ vxor 15, 15, 0 -+ PPC_GFMUL128_8x -+ -+ xxlor 32+15, 9, 9 # last state -+ vadduwm 15, 15, 31 # state + counter -+ vadduwm 16, 15, 31 -+ vadduwm 17, 16, 31 -+ vadduwm 18, 17, 31 -+ vadduwm 19, 18, 31 -+ vadduwm 20, 19, 31 -+ vadduwm 21, 20, 31 -+ vadduwm 22, 21, 31 -+ xxlor 9, 32+22, 32+22 # save last state -+ -+ xxlor 32+27, 0, 0 # restore roundkey 0 -+ vxor 15, 15, 27 # IV + round key - add round key 0 -+ vxor 16, 16, 27 -+ vxor 17, 17, 27 -+ vxor 18, 18, 27 -+ vxor 19, 19, 27 -+ vxor 20, 20, 27 -+ vxor 21, 21, 27 -+ vxor 22, 22, 27 -+ -+ addi 5, 5, -128 -+ addi 11, 11, 128 - -- bdnz Next_rem_block_dec -+ lxv 32+23, 16(6) # round key 1 -+ lxv 32+24, 32(6) # round key 2 -+ lxv 32+25, 48(6) # round key 3 -+ lxv 32+26, 64(6) # round key 4 -+ lxv 32+27, 80(6) # round key 5 -+ lxv 32+28, 96(6) # round key 6 -+ lxv 32+29, 112(6) # round key 7 -+ lxv 32+1, 128(6) # round key 8 -+ -+ LOOP_8AES_STATE # process 8 AES keys -+ mtctr 22 # AES key loop -+ addi 10, 6, 144 -+__LastLoop_aes_state_dec: -+ lxv 32+1, 0(10) # round key -+ AES_CIPHER_8x 1 -+ addi 10, 10, 16 -+ bdnz __LastLoop_aes_state_dec -+ lxv 32+1, 0(10) # last round key (v1) - -+ addi 12, 12, -1 - cmpdi 12, 0 -- beq aes_gcm_out -- --Final_block_dec: -- Loop_aes_middle_1x -- -- xxlor 23+32, 10, 10 -- -- cmpdi 10, 10 -- beq Do_final_1x_dec -- -- # 192 bits -- xxlor 24+32, 11, 11 -- -- vcipher 15, 15, 23 -- vcipher 15, 15, 24 -- -- xxlor 23+32, 12, 12 -- -- cmpdi 10, 12 -- beq Do_final_1x_dec -- -- # 256 bits -- xxlor 24+32, 13, 13 -- -- vcipher 15, 15, 23 -- vcipher 15, 15, 24 -- -- xxlor 23+32, 14, 14 -- -- cmpdi 10, 14 -- beq Do_final_1x_dec -- --Do_final_1x_dec: -- vcipherlast 15, 15, 23 -- -- lxvb16x 15, 0, 14 # load block -- xxlxor 47, 47, 15 -+ bne __Loop_8x_block_dec -+ -+__Finish_ghash_dec: -+ vcipherlast 15, 15, 1 -+ vcipherlast 16, 16, 1 -+ vcipherlast 17, 17, 1 -+ vcipherlast 18, 18, 1 -+ vcipherlast 19, 19, 1 -+ vcipherlast 20, 20, 1 -+ vcipherlast 21, 21, 1 -+ vcipherlast 22, 22, 1 -+ -+ lxvb16x 32+23, 0, 14 # load block -+ lxvb16x 32+24, 15, 14 # load block -+ lxvb16x 32+25, 16, 14 # load block -+ lxvb16x 32+26, 17, 14 # load block -+ lxvb16x 32+27, 18, 14 # load block -+ lxvb16x 32+28, 19, 14 # load block -+ lxvb16x 32+29, 20, 14 # load block -+ lxvb16x 32+30, 21, 14 # load block -+ addi 14, 14, 128 -+ -+ vxor 15, 15, 23 -+ vxor 16, 16, 24 -+ vxor 17, 17, 25 -+ vxor 18, 18, 26 -+ vxor 19, 19, 27 -+ vxor 20, 20, 28 -+ vxor 21, 21, 29 -+ vxor 22, 22, 30 -+ -+ stxvb16x 47, 0, 9 # store output -+ stxvb16x 48, 15, 9 # store output -+ stxvb16x 49, 16, 9 # store output -+ stxvb16x 50, 17, 9 # store output -+ stxvb16x 51, 18, 9 # store output -+ stxvb16x 52, 19, 9 # store output -+ stxvb16x 53, 20, 9 # store output -+ stxvb16x 54, 21, 9 # store output -+ addi 9, 9, 128 -+ -+ vxor 15, 23, 0 -+ vmr 16, 24 -+ vmr 17, 25 -+ vmr 18, 26 -+ vmr 19, 27 -+ vmr 20, 28 -+ vmr 21, 29 -+ vmr 22, 30 -+ -+ #vxor 15, 15, 0 -+ PPC_GFMUL128_8x -+ -+ xxlor 30+32, 9, 9 # last ctr -+ vadduwm 30, 30, 31 # increase ctr -+ stxvb16x 32+0, 0, 8 # update Xi -+ -+ addi 5, 5, -128 -+ addi 11, 11, 128 - -- # create partial block mask -- li 15, 16 -- sub 15, 15, 12 # index to the mask -+ # -+ # Done 8x blocks -+ # - -- vspltisb 16, -1 # first 16 bytes - 0xffff...ff -- vspltisb 17, 0 # second 16 bytes - 0x0000...00 -- li 10, 192 -- stvx 16, 10, 1 -- addi 10, 10, 16 -- stvx 17, 10, 1 -+ cmpdi 5, 0 -+ beq aes_gcm_out - -- addi 10, 1, 192 -- lxvb16x 16, 15, 10 # load block mask -- xxland 47, 47, 16 -+__Process_more_dec: -+ li 24, 0 # decrypt -+ bl aes_gcm_crypt_1x -+ cmpdi 5, 0 -+ beq aes_gcm_out - -- xxlor 28+32, 15, 15 -- ppc_update_hash_1x -+ bl __Process_partial -+ b aes_gcm_out -+.size ppc_aes_gcm_decrypt,.-ppc_aes_gcm_decrypt - -- # * should store only the remaining bytes. -- bl Write_partial_block -+aes_gcm_out: -+.localentry aes_gcm_out,0 - -- b aes_gcm_out -+ mr 3, 11 # return count - -+ RESTORE_REGS -+ blr -+.size aes_gcm_out,.-aes_gcm_out - -+.rodata -+.align 4 -+# for vector permute and xor -+permx: -+.long 0x4c5d6e7f, 0x08192a3b, 0xc4d5e6f7, 0x8091a2b3 - ___ - --foreach (split("\n",$code)) { -- s/\`([^\`]*)\`/eval $1/geo; -- -- if ($flavour =~ /le$/o) { # little-endian -- s/le\?//o or -- s/be\?/#be#/o; -- } else { -- s/le\?/#le#/o or -- s/be\?//o; -- } -- print $_,"\n"; --} -- --close STDOUT or die "error closing STDOUT: $!"; # enforce flush -+print $code; -+close STDOUT or die "error closing STDOUT: $!"; diff --git a/SOURCES/0059-CVE-2025-11187.patch b/SOURCES/0059-CVE-2025-11187.patch deleted file mode 100644 index 66bf760..0000000 --- a/SOURCES/0059-CVE-2025-11187.patch +++ /dev/null @@ -1,485 +0,0 @@ -From a26d82c5b141c706bc97455cde511e710c2510a9 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 8 Jan 2026 14:31:19 +0100 -Subject: [PATCH 1/3] pkcs12: Validate salt and keylength in PBMAC1 - -The keylength value must be present and we accept -EVP_MAX_MD_SIZE at maximum. - -The salt ASN.1 type must be OCTET STRING. - -Fixes CVE-2025-11187 - -Reported by Stanislav Fort (Aisle Research) and Petr Simecek (Aisle Research). -Reported independently also by Hamza (Metadust). ---- - crypto/pkcs12/p12_mutl.c | 18 ++++++++++++++++-- - 1 file changed, 16 insertions(+), 2 deletions(-) - -diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c -index f8d0bbd109b..8bb4e30529d 100644 ---- a/crypto/pkcs12/p12_mutl.c -+++ b/crypto/pkcs12/p12_mutl.c -@@ -123,8 +123,6 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_CTX *ctx, const char *propq, - ERR_raise(ERR_LIB_PKCS12, ERR_R_UNSUPPORTED); - goto err; - } -- keylen = ASN1_INTEGER_get(pbkdf2_param->keylength); -- pbkdf2_salt = pbkdf2_param->salt->value.octet_string; - - if (pbkdf2_param->prf == NULL) { - kdf_hmac_nid = NID_hmacWithSHA1; -@@ -139,6 +137,22 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_CTX *ctx, const char *propq, - goto err; - } - -+ /* Validate salt is an OCTET STRING choice */ -+ if (pbkdf2_param->salt == NULL -+ || pbkdf2_param->salt->type != V_ASN1_OCTET_STRING) { -+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR); -+ goto err; -+ } -+ pbkdf2_salt = pbkdf2_param->salt->value.octet_string; -+ -+ /* RFC 9579 specifies missing key length as invalid */ -+ if (pbkdf2_param->keylength != NULL) -+ keylen = ASN1_INTEGER_get(pbkdf2_param->keylength); -+ if (keylen <= 0 || keylen > EVP_MAX_MD_SIZE) { -+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR); -+ goto err; -+ } -+ - if (PKCS5_PBKDF2_HMAC(pass, passlen, pbkdf2_salt->data, pbkdf2_salt->length, - ASN1_INTEGER_get(pbkdf2_param->iter), kdf_md, keylen, key) <= 0) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR); - -From a749dcdb7c944c18af8bf1ce3bd2dbe38e5dcb68 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 8 Jan 2026 15:25:18 +0100 -Subject: [PATCH 2/3] Add testcase for PKCS12 with invalid PBMAC1 key length - ---- - test/recipes/80-test_pkcs12.t | 10 +++++++--- - .../pbmac1_256_256.bad-len.p12 | Bin 0 -> 2702 bytes - 2 files changed, 7 insertions(+), 3 deletions(-) - create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-len.p12 - -diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t -index 06fa85af0f3..ff720894c9b 100644 ---- a/test/recipes/80-test_pkcs12.t -+++ b/test/recipes/80-test_pkcs12.t -@@ -56,7 +56,7 @@ $ENV{OPENSSL_WIN32_UTF8}=1; - - my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); - --plan tests => $no_fips ? 47 : 53; -+plan tests => $no_fips ? 53 : 59; - - # Test different PKCS#12 formats - ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats"); -@@ -235,8 +235,12 @@ unless ($no_fips) { - } - } - --# Test pbmac1 pkcs12 bad files, RFC 9579 --for my $file ("pbmac1_256_256.bad-iter.p12", "pbmac1_256_256.bad-salt.p12", "pbmac1_256_256.no-len.p12") -+# Test pbmac1 pkcs12 bad files, RFC 9579 and CVE-2025-11187 -+for my $file ("pbmac1_256_256.bad-iter.p12", "pbmac1_256_256.bad-salt.p12", -+ "pbmac1_256_256.no-len.p12", "pbmac1_256_256.bad-len.p12", -+ "pbmac1_256_256.bad-salt-type.p12", "pbmac1_256_256.negative-len.p12", -+ "pbmac1_256_256.no-salt.p12", "pbmac1_256_256.very-big-len.p12", -+ "pbmac1_256_256.zero-len.p12") - { - my $path = srctop_file("test", "recipes", "80-test_pkcs12_data", $file); - with({ exit_checker => sub { return shift == 1; } }, -diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-len.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-len.p12 -new file mode 100644 -index 0000000000000000000000000000000000000000..7548d0f29edd967854aa1a7c9e3a02a09e856f6d -GIT binary patch -literal 2702 -zcmai$c{J3E8^+C;8AJBv7GZ2dCiJym#=eYw$r87k$i6e#qGSx&MQ--p#B?!e2-&G< -zp(ytbWy`*f>?7g!TTY$d@1Og}d*1Ur&wI}M-{(94fh8FXVgv{*P#7~R-Z*}r4a5X0 -zB{1(n2+UgmftdynATB>6SSbNw``xkvgBZRqXe=Ok_$P-58ZhTOj;RPgnc~Asj^9XnM>Zbjxjl1v -zTWKuNs=~osbADcuyF~B4YfJ!@QNQ7C%(T8gn*2OE7SD5(lUfA5d6HUYRDPNJ>XlkS -zE5yBqF@qG8hu7%^5ia-{oQQ)0<4*IPPArQcpNH7!q-Tn(ieU3g|}4vOGkCZZs9K+`IQ2{Nn0S%KLUD)mZQ9j!kRiu(}Gx;=~>?WJBgK -zf-0wOM=&W1cXFYP*Sf@flg_hXs>!y~szt+SIeCct0g$G>v -zDes%5hnH)71wYo&#u#f?AE=-1+-X*+ma@Q&mxLTO=?|AJwqB_JJSEH?K3Rbi6bX$x -zU}8;JU#DkH@>!T9`N^Z!5;sZ+rgaeJ1UtP`3(;!LbEncCg9G|LVC5#+G@c7_wyI-e -zuel5 -zPSk<>eMTwxrl^P|A*U5zPfXky`aLD3YeL>-mX*)F_v9BQKXR@?^CVz-i?qy^?vp?N -z2)DLkiEI7VC-}s${yd(IrsQVr(I_yrVGdi*W8XybZx-%~Mje}3w8XX(bx+rw)I?g2 -z0R(8=4_^EWK+sSK0gC%>`+pyA*s1@riIoKe{vOJIH)a0`IJW&7T9*oZo&OOyb)Kdq -zWpUq|jW00%*O$XaAOy(JfDD|bNykfU+|eSn%#lLi@8f(Ab0>)Fu6*wcke2yPfkU2? -z2fMC%=IxyjTJNf@qTL4{tXh9>p{Y4vKU+Q{^a!+^A8)Nuk -zC-PLo9j3JCZ_4KbX?*jM{DOxp(A!-F}COwBy4og}=>A-h5T_Kb{a;3Nk75EQI&>xPfb -z-nIbucoba5n$*Ksy|T{K>yRd~nNZ!uWGng=!RncS*;z=7ob0SOzvMapjJ+>=?FfxM -z3|Z~-8LgPeDW3DV6)xpX2oY&p4n7f&$Nu6cge&Q9eQ*IhfBZ{T(N7N8C=iFB+C1&_*$h|GoZY -zl_I$0t+Xp!omN>{Ta*0LU8Wg^RZ~A_+~(^b=lc5_>u!?%iMJ7=CBo1^FAixpNmT!t -zWjUoJG6DqKFxuzmNuX3DoH-v6c7gf{fBlKjex4u^;W9{yv^!Yp1la`6R)))^OE9FT -zKQg>Rd=;?BF&w*$HuS$dBII5)5pBD3w|J$!hF!y23twq-!x#mU+9HS_IfPx^QV{D^ -z3@%kv(baxnomrmfaT=-1jvmDgT$~rsI@nQV!w5L%WQZ6QFWrud-4_XfgB>+FKDq_J -zc*?tqyVz`4eijaCo5U#=*4*`K$cfe{dG)aJ^;xD*Me8MEyYfrDhaSV+rrNI^ocYWH -zZ8MDz*j`JO0_n4hVV|k}9R{Dxxm(vCV`HWJLIClq)iRdfpwTMA0;NGuZjYZJNlJj` -z@GPQmj>w-KBCC~VwT@#N#3q}BqXeAV^z$5$a)QXc0&VnL<%cP3GFdsj-!MyvW|^tE -zXK~`)6H(J&r4y$Qzv34by!;z!-&pE>jkpFljyS7s=B3uWcVEF}<#$STg|)p|SGd(M -za1Pg|<1|h;#`ap^9D{5=?z|**sm=zTGV>q}C?s3;WQXHasmcB$Z&Uo>DYc?wp!ULL -z^;L+rrWms;%zb%!kPFg)IPy3nHKG^FLwy21F3E^lo?1GUPr9C+eaKuROgknFW^A4?ARQyUtXOh{bTTfqm#pguT -ze>_#^ChZB^$Zw+w8i*@3a3GP8zZS~_ZN$*z$*wBds{QTp&of8 -zApQfe%zW~{KzMsxpRy-!*n2?7`5xr5Dv@;s(xiaffIndJ;}FUYXaF)lB`bh{zypmm -zeyx|2|96oCgRK6q%l%KYgNQ^{_}^8df>pH9gK{m(hJ91zPrZW{dBbJJEOn!kU=t9y -PrInqCy{(}E7zFwoSH0HC - -literal 0 -HcmV?d00001 - - -From ed778fcfb24d7623e7b2ce9beee4af9243767402 Mon Sep 17 00:00:00 2001 -From: Alicja Kario -Date: Thu, 8 Jan 2026 19:31:42 +0100 -Subject: [PATCH 3/3] Additional PKCS12 PBMAC1 malformed testcase files - ---- - .../pbmac1_256_256.bad-len.p12 | Bin 2702 -> 2703 bytes - .../pbmac1_256_256.bad-salt-type.p12 | Bin 0 -> 2702 bytes - .../pbmac1_256_256.negative-len.p12 | Bin 0 -> 2703 bytes - .../pbmac1_256_256.no-salt.p12 | Bin 0 -> 2692 bytes - .../pbmac1_256_256.very-big-len.p12 | Bin 0 -> 2711 bytes - .../pbmac1_256_256.zero-len.p12 | Bin 0 -> 2702 bytes - 6 files changed, 0 insertions(+), 0 deletions(-) - create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-salt-type.p12 - create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.negative-len.p12 - create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-salt.p12 - create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.very-big-len.p12 - create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.zero-len.p12 - -diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-len.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-len.p12 -index 7548d0f29edd967854aa1a7c9e3a02a09e856f6d..a1acf2fc21b1cb17b40911f7dd126b48c91d50a7 100644 -GIT binary patch -delta 69 -zcmeAZ?H6S+XyWSL$imBITx*bL;KjzN)#lOmotKf7&%o9|7s2H*P+;N6cekeEy%>?7Olx12h^-#_<{_q^wMp7)&hzt4F90!uO�U^rpfG0Hc;omzHV_l2 -zguuKDAuw+O1ZEmQfVlpQU?l{I?RU!x3}X1cjDIE|z~P60vH_-m%umS*2t(jnm3$j+ -z{xu07PKSF7d`74@L+`7Q$J(d9Bo%UEaqH+K@jKedj%%z&Ont -zw~MX1?(N7}ksYL96y%NVbLMEcuav*erN3UXW=FTT@G#<7hLhhD$vW9@wg5K_p#`pc -z`s+;W%GTwiN^;39a=-eq!KZy?&bghp>D0$Cmk2PqNbvn&4$`_E)ah4oTo{^_&*P&* -z+gWcf%=L-cWa5@Kf&QYsuSPzdGa3s>9sJ3GL<8o0$1&yMCsTZQsqyPc?@7i(Jdrb( -zw^YW0tjZnCwdUug*c(PFRt@Z%w$J1nhmfW*Mu?h&3*lwrp9?;{(~9fp&@oH&A~E>hXgGtTCtKQ?7zae1ViZy-M{xXo*}$1?ff5+o!3eMrD_|uU@GY -zwnE%%7&Azb_4MXnKytwaa7YIw#_i@i9at7&K2Pz{Nv{-nHOp}ME~oQ@m*n&vO-z^b -zrqlL#1~fzSQ#)UrkYgg2ZZm$)p?~2io(Ze)efP>Y4)5=pjgP0uay^iu6JHGcr5+{p -zc(ik)#p@*!9VwIe_IRmM?$$+up`(jUPRPz9uI@|zw?R|f;I1gevtor$h(ajI84=Fl -zrKY_ttt%i8VoLSR!^E$fO;vyD=B4kEl;+9a%7lf8?RL&XF}o;=Z+&-YAV?vh50ShV -z#ulRsF$;^84eUb6vphnBt~V93+`IPz{POBi%5a;?`B?XhY&K -zf~ux&-C|M|?chQiuXc+2C7or#RF!(9CHU!k@28&cQ1E2h0cBzw2DZ=-5AH+Vy6~mb -zPNH{o8TQKucRB1$)~4u#=bh{5Ql+Xk+VXX>Bh<=oS{G;I^G4G)k28_YszY6MB<(g^ -zy(f)Rdc2D^qf*gAIXe}_k?8ph1|X06+YE6w!HGsw4l{#5t(#ij{aO>#|FzrgH6C#7 -zBM&#r3@z9A34g4kjWO1)Jk;Rt*lt#1c}kQ$e6k!Tj0}t0 -zXJSoQTcc-A@>!T9`76qBF~mK862b`=*UKXR@@b0uN9i?ocEu9H9i -z2)DLkiEBOV6@F@1e-_V1Q*pQUY!sSWH;1j|vTvXSHwt#dqK?fhT4LLXdi-@KH4&C$ -z00A2JgBSk-5Ht)zfa1Q}0pG_5cIv-uVr2n=zlVz7P5FNUj%}Z&_N9D3mwyCKotJ5) -zs)XOo#+R6YYs)uAAOy%@zZ{&VMaN67-_fpYnX3$i56Af(g4L4#hC -z`#Wy>=4~AiTF;8DvfT$?ta@KhfvGuPA6us%XH9EZ&UA9`I(wRIf_p2AT|1Zh6~T=U -z5IA`TuWltHkn!rt*=#3y?x*wxu@IdjWL3- -z6Gf`wHd9*kq3YQn8sB_`;K8AP6DM)i!13~ppc(66M2>`{66k|%pr)ij)VJIGS=3wG -z(TO)T+>S9DUJK_$Q?;-dQ_4VFcnD{qshO9xv!u5qWGnU!!RnQO*&{N -zLgjw<(h)Z?Xg9k~EUbHcyqx@?ahKxv@fRtg@H6G(z?xozoIB&e^Sr`pZW>WZl|j>g -z#EkZTHXR-*lTS58FBX}I%rzI1U+IRI=gVx|POoRu4W)w>3V{nPoPR*& -zm(O@ta2J~m%TB`~lu4X&LCsz7hU{p~;@6KV-kfIoRJc|wzN5I*bKp6|ZL0Ie!G+H} -z$Tq`xpY4rw32=XQ@y2IrU%SC)bMDr)C)ik--cUfIYNeFrH)yn)s8C7p)5!4?RHX`_ -zH8hJTm?H{ih01HES*_ui2C&H{;j%)`lnc2ICeBT73iAib~k -zYeGktebEpXjqCQUx4(?Rrf<`rmk|0zN0+~OZ=`kTkLMm(wW#?QkIp2sO}Fwpz2{jgoJ$(`zWl4<651A76y0qQiaKQ?ddGFg(ae -z^VfO>#eWw$FbMg7UG9IH9RwLs9&lHk3RcrW4=A*#8um_=J@W}(x73SHf=xi+ -PmR5F1ds{;TFbMQFNfFkW - -literal 0 -HcmV?d00001 - -diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.negative-len.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.negative-len.p12 -new file mode 100644 -index 0000000000000000000000000000000000000000..9a4fd459227c52b3c4a5618b874afd717de2afb7 -GIT binary patch -literal 2703 -zcmai$XEfXi7skz)8AJ54N_2*(`RmK*W%Lq#C4=ali55gKL>FSCcY-WN8G`5}A%z67 -zJ0x24I-(DP&09`#-uKIXxaXeddG0y)+wVL8mMR4dA_uTkP#C3Xyk7h<4Tu6%ilsb) -zU@7+iEF}@ZLY#g^uu?3<;=5%E29bSVdOs5oVDm#jX#fL2(!t3ZbvxyIp2RE8*!3Z7vv#y8j^>OFqvWcZ9CF -z<6%o)mE$j|>+gXca-eHYmoC_0(A+8Awj@~@yXw-d!|@*~@M<}4_W@@VwjHj1_3J|H -z=DuB0HNG?qKdgA6{rNh-R=C<@9hVDeNW9`1A( -z<$1>JQ7{VYLw`{{k;h-nos0#9&imu?aNO2 -zn^xKwsVpxG(Kb(1ZE0Jz9$YKX3&hQ%bb0E|v_i}IzZ8CcuM*eOqh^@sjwAC)?#dd@ -z!t?5VqBH6sDaMZ$Qpa44Pq_su^#W4v4@x%6Y6u-nv=OY0C4k -zc}hD))Xjr+g_i-&hT*l5CO>Gq--D*&WO3u4oOMr;kT(gH=(ATCwHDX3)i+qrpHDkx -z8c_}^NbP-jiH`|iiy;4!OWI&6SqQH3djHxhF51T_Cpx}Ul;M#Osp93xUy6|&PbYhK -z+udLBBJYVLzPnhf77x3D)v@DE -zRc?Y@D^hCjeoOqi*IM(ZdVa<+PI?*dA%k5BKj^0a#%CGX>DAaDvu88yez=|bgF -z_roaUxO*6odRx8x-brFqsG2g@v;=QWkCRk|9!WQfLr@mVW@I1v_$(dj+!tLoZ_j;S -zo$RD?^oY(%e|wHJs^HK-5-O83SCwcGogh@7s@zzN&!0@&yU5~glN;-6z^QgwXf(CV -zX)v#vPYOkG5`!HR;{tJ)sE|pU*@=JLuV^7oV>wtClu5P -z+uNk9Sr%jcBp)f!t;C%YtU&{WGQm>w%1V@C+tQV^Ca~Y&N3`TDjq*z_`VJ*@Y<#EH -zyX*#WXkfdcd~Lmly=bX?R{w(`p1bu9RS4nptt9CJM}&|{tcR{ZX&+5e0O${FSPlk@p2E)y-h=R;6NCD -zG^m>r-5MFT#^tc#?T(6LBR!Orwde9IGpTy%c_g(m`-y%FnkNX$TP0?;_g((^N2r-8 -zRb0onLC$A7jbhO>L|GRzw-%1M9V6Iw9_=oIeYfzCFY?0BxIMP3LW8y8vM$_Y3cy0+ -ze(>U70D=ZXuu#l*+xPo;!mj+6P1IB%@b^&ayD9Ncz_A!oR<$nhcKk=+G`Jg7%L#bj -zZFzhsEJU6;ia|&VAMD_ND3|_;{T6S?)~5wlm9k0m3A|)qm7|_TpU;vg~G1yve@%5dz0A -zL@Sz#uw}k(63eldV0=cplwZ10nX0|mx~Fl|xU)cO@EW(J<-kBTfpNZ@)DpuEyObj6 -z98jc1eUlUOC$cPuv!8wQX{E2&(zdk=@n0|t;K>yblm>mY@KYAljy#QE%_f8$L?zx; -za=t+Ay02X4PE|pp3_3@;LIdfG3=G}P90Wa#Acq0IR^;Sq;3P7uAW>M$-W@OVqkRs> -z=}5S^S#>{o?Z!66fK8gR=@;e72|2$l87R1?^z=);SV=7PL9& -zHCZ{6Q@rFB5i0D74dU%w54_|SZ;8-*`oa`@+g&e;@|b1HwITkoBo-xG=`}^tq%N8d -z4$g?&aI(72R8B~z4ZFradM4%a!pU*u7^f7Vp=$kf6Y^S_Su<~TxtA()Zfi>`Nc?wq -zHGX~VZo@kjMGa3c){`H#9Cdns`bDUM^SR80U)`W~?)~Y2WoAx!XQjxbYXA8^VkU>b -z7>rMpOQaegSBv$zmfDK&uhl~<3q*D!G8!q=gGgY>B0#I1{tt+ygFb9pQx~gUQri8s -z!;$n{6?cS;4lHrM>d3Ag5EEoOQ$B&4I9bjt{T(A^S+Sq;h%Y3AqZ4ls|9j)>8X0iO -zdl6@v2Gz2%&Q_`ChZGBBn+86PnBBJlj*X9Ywq1mL6Yufxm2gA-J?KPSghYqf)+J?= -za6BN`j_xr#Qv$v+flVwd|->!#9>WR8I~RXiyxEIT^gV#cTKCVvl+K;9y%7x=${Fubwk+ -zVs5nQlwXBII%hF5g>?@+nscI*OWr)GdV7`PbJ2DQ|Dn{{z?s_^qk-C68%Gu+e~V1L -z6PmZer9k@PYRDJDP`CCMBgT&HCUmUGU=Scsvsp&<8#GFuo1-+~*}dsYM71oSGPcN5 -zxKzQO9VDTeX1a}`7(plNhl+AIbZX_7fUVF}4BbpAKGE_bM#q?st -zH5GnJXPE2y{0IZ2ndjV%O?W~xn2GQVd{L4Svp%)%9XIi!5ci?pyA>H# -zzM;g=9oO&GXk~{&XB-fr);yZU=XR$ayJGaUi}`D?Y@-<%(bo9(T!O3MEAFWi-y-gy=HqSI>H%nXwdhNze@ -zOE*3VNoAF*Jt`ms;?Pa8PlAi-Za3JdpfIR+&R3_)RpTl3+6sxQVGH -Mua$+4HW&o@8(GQMf&c&j - -literal 0 -HcmV?d00001 - -diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-salt.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-salt.p12 -new file mode 100644 -index 0000000000000000000000000000000000000000..c43b4be04307a8c5d2c002d4a31cfdf0ac9217cd -GIT binary patch -literal 2692 -zcmai$c{J1u8^_I<8AJBvhA_4vLO*MlvB%h#EOD!e5@U@C3CS3;E4kTs6Vt_@A!O_o -zEfjL^sBGEAjO=5--SfVu&inpz|9H-GzTfY2&hy{rd;tOn9t>gy2pmutyJEa~{5BVe -z4OBv4-+~a>*8l=L10X=I{)}KH1c>8z%MJ`;`M%75CLqA&hk$YcmVm-f$q9%-;CdvX -zRS*B_U@#cY0&v3M|M>=Hhq3_TFn0HNbC4%11f&Szty#NLYR|3g;{mPDAB?{99#3GM -z6pY)#RNnA*Wv$2#R51(m#`L=J)ZbUjU*R)eDWN+toozhLcoyN5_e6?8_M3IU15Id# -z8=m+!6}z;4A&EpO38(aFADVpLQRki6e49>t40DeFQ;J0159CPNw}CqRDh>-nvhoFd -z3>cd$ZH2i$F>7r6@)pov^mnuqTC(&kz>b` -z{F7TV`!Xq#=AU@1TbSDM0|lHhC*o5sfl7RVlsi3Yb=@eLTvrwOdC=RZsikIR7x*t- -ztP!(A+^hd+lA`G4eSA)m4=#+8bWvm7Xu8vm;Sdw@k{%hyrYLLKhADSmJ~MD$$=KDx -zaxrf*ZCjvUHzYr`SRk!vNzpXV^{%M$(zD-t}rFg3o<{~!Qc=x58qNu)gT_M*&Dha)a -zXi;pAoDl;K -zWF9l9X6kx4o2EoNAIf~WL)tIt6bHJp)H5x?&)9n>^-Q~p7uzN%6YbK!j(WIvAL`MG -zFP*$BamSElr+i?G$Jv5D!5lc_R?Czt)pXETu2meSk#_aYO~>brq^%uhN;YW@cGi;h -zTOEy_G)x!?&O40AMT_QaRutbx&1SFwd9>fAh|>v|84UGMD+tuSvH9Jv)iHhFx;$Rv -zfvdfgp(cgF#cDsXPqmDXtTjsyb&j`hG-*}I+u%lvLk=3x4wlZhoUZ#aA;BFsUXBx! -z42|1i<4mB_nVI84HWo?#s*1~rE5!uMS_pfBlku^+Xziw%V`)#o*Lyx-RK~ewsm^b+YL%eD%~o1fHQtvMOSCe(?)D;X)woq47>?@U_{Or;@oA~B`WH5{?LZry -zi)X`)*7u;tECt^f6}}+u_SFxIjuU3y)6lpq?o(=8@xo_Ib#D9Fr>1qM@LUXyYxZ6Zq7y6DFnTWcDpF*%U{fmU(8{Jcwv}jfy!NO% -z!uBITfX4mc#XkUohC&EX+;=dC3>%gX#unMYbP=gLz}rW@CcF4|D@&-R>@aB}MI&Z6;8wlN!G -zL|{j%G}8^XwCH`!Q-KVj*$9!neg8&Y;_Cbgo8Cf;Z2gmEWvL;cxk;k)W -z;TzG3w{$!X(W}_G(-NtA7_=p|zcnnFx6slGYwsrOZ4KEB3UFp+O#>&fIEN_08rE+3 -zI&7_r@{dNrmF!7ftW{s>Y~3ztva1PI9c+$Ly9iEf0(xUEEn>XA&iXud_BnS?*75-g -zvlp_|<2zD5mR&UC6&WV)LkN+iE(RY-C^bZyKYngUxPmp0X5SY2=vf>8P=$cjDEIxy -zH0CUv3=K_>`g+y*v_Ki{K6m&@>481fYtOH`_ivMRf{gUfKVE{o(iJq$9iQ#s$e37O -zJ{zL+JJvwj!lcdW2C=aA@!?|fgN7}t-=|;Xh+@yw53g7EnB?3U4Vo1c)AG=XN+JbL -z{t+|M_r-E(xJ)_K5;b3BAwJVoNO@%#R-Ui08kt_lW*EW*s}urfn|c3$IJsHCMvct~ -zCdDOf-&)+6&-BS#D12}+_Jq5LNl;9P>sZ+^d3a|wqvUs-suOWN<$=`AbWtkBGXD3v -zSC#7E;&%!jT($b8rPM~%XPazOEK8RD?zq)ALGE=AR_NE{0upZ{q>3e=f!;g{*W?s? -zg%?#clE?@UY{hI_L?D4uo*;ZG{N`!eXZ)3?;@i1mM8ws8QiRjaLOaMIaJnK)<-RP- -z{ritiFA`s0pXV8jT|}7%To@MjEF6n=+_+oxwY8dC*IplA;c&xT5hTAxkU4O -zwcwY}1eb8Zkf~fM<@gO6ttBB^67=-;=n;~n -z0q6}*BMN4SB3U8I`e}A_99uso*&<9))Qx&J*9EB}hTO_GK)us^l)|NynccmQUO+S{ -zP0T!xlj$6bn%q@LoZQ>R&&_!UG%)r#>io?3`gjg_D{tkdRu6f8#bxHT%Xi$QzNM>0 -z*7u#nQ4QTjndX>o8=Py9!>5f`q>eMwfyb=8NPTL_c3oLvxHGimfZ=y3{_vCJrh=HCoy9dm3ak8HeQja+B5|$q}4i%t11s@it$1F}P9LpnJ$;#Seua;mO7Lec9 -z_%))U%f9MJOT=~g);V85W70Pm(DMl6qJs;&-m7Wt#-q7=cFkJ;#UoS6T$3%wFTWOY -zqn&*+QF~1R3tP#fGQ><|H0pVfNXTFFWq}UTDDrqmrE^l&uYZw`Rd!73!Kbgzr;UvX -z$l(~;3FACNBaqbNnpIo*v|uvkN$jK0BAzR?E_!I(rSm0TZ}>+s{*E0{OoFqcmGMBA -zDiV7SAl5c-Fv -zV36ehHMsxja}ddh@_@VAG_aNds$Zp9)3j%z?3qu{ykMBJw5?He5^M|tx3zPUbapf~ -I0fRt)19nW)od5s; - -literal 0 -HcmV?d00001 - -diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.very-big-len.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.very-big-len.p12 -new file mode 100644 -index 0000000000000000000000000000000000000000..6920b89a6c7f1cb9294b399d50ac2d4d6202e25e -GIT binary patch -literal 2711 -zcmai$c{J2}AIHs@8AJBvhA_4v6Z+XNV>iaW6StZuG1i!DQ8I??B4yuAD4A#o*{Nuu -zkb6gE%f626BjM?Jo_p#%&p-Ej&gXp3`~Ci$^ZD;}-T;a1E*QiNkl3IwR#cp6+%5-* -z1yn*}-GPu;HvkeV9Uwt2{fb~EB#6Tg%LWW$`th0mNz{he=zFidm@Q> -zl0S9_S9R6Pg}EX-K+z5%hcPyz1 -zu7Bd|RLt_`*~Cg}NjSAn^APiSPlbDC`)xYy0n9A|Of3?6KaeAC+Xm|JtvDMcyUCHj##+P{3VC6#8*5OQsMLNl}{|u?@~4~t_8(&M}|Ru(f^lb -zr0|20j`b$|OL6oKxrDce3zhQWb|hmLH~XBR?fX1kXZ)^%CV0V}kxHi|3ZIaLkVpq;4E$iZ`kacGggI -zTOACZ)K3`j&)bj4L<#3?R}|ks&t@pE#cE%XPc`(9%#WAvX&rChYE*wDYeg6>4nAlw8Z4b}K3)4|LX0zPyqq8+ -z9um99!XCf6%E%lSurf>ZQ$npItQC{YYap!gj)uqPqBI+4j-@^UU+MXPQyk~eej&=; -ztc8n-YjJv;RU;1#YO+v&^w{eHszg1r>sBw~+GE!Wr0l^;qH?|)(pej8&D3eLV;7}q -z{mr)9K%X}JLGXF+YUeFuw*p@h)f0KDl#jC*rI``;8pl>W9M@2`K0YlGR`1L`D_(f-D9w$3;$DH~O2cyJ=^0I( -zM}IyHv$bK1ZT{XP^3=HY6p@3jdfC>qUU*{761JMlxsDWCFW8odJhZTCifJVq9IrX5 -zj%UDB*|g|6{yi$Npv$I~xf6BUJifD*O|09D22N&*b~M{UdN{ -z@aC0jQoh&fUt;|)E`|<6NRWX(c{p8%L6ly*sax4JQyB~&iuK*k86&T{3k>BWt@9cJ -z2Jqv1+wO*zt?dwc_p*bE;|Cv{W^Z?axurlaM~5$Wb#qA0WKz!>XDTZGaxw*Gj`=EnCXTMgL76b`9?h_#T*^GyR&G#lWmOp -zXd&2<63uvvB{k~1+Nl7#z-)xj{&&9yZt@DoSh`Z3-0&nXo?PUqs4)k|oW=;hsGC2jKVD%eU -zee8EOg?UFK;qtbXUCfV`R$028Q>EAAA9b)eNPI)E!uH$+mJ5eO`}+M1wMMz#NAUQVO7h0 -zJ~9m13nxQD(j%8HIi2P!qor|%pOhTfSGxTCl3V{SMJv!i_soN3$SZAr!`$)N4z`Sm -zl@+64`MY>MNi$5F#Z_`)&4a_mq&xLHExwD -zNSNZ1wy(`@jAy!(9W*hh7=OY|2oo3`>@rq1Oc~yr%_zA`P;w-1Cf|_=O&4yVn#bL( -zeO09bE`BHH&QYUVTH4Z}^lY1DifP&0&yBGDCeW?+&f4l_8UKVE2#I1bXn+@&++`V5 -zui&DhY9a*zf~}eC3h~8L%i{%4g@>M|eI{OfD!Q91LPlKbuZ(cqTWAN_2TWIlDW*v? -zrKLSEK1Y6iWu9v=W)W@de|A{Zqi`(BVe3}WQfoD*wyiF)!v3l$3M9Khk~(k>J-?wW -z*{u>(qM~k~ch5GXEWz_Q(tr~^Lg=%b71rI`(%`@fyJe?~n-neFh>h75zXAul=x}|y -z9Q5)T|1!a@(YWjc9MUpQP${UsSD)ZwSDqrflqIY9w94L -z0iD5VM8OPMC@WY&H`Qj9z|xOPG7CcqyS5nRIwKWDkURN$=yz)OlR4xwv%9}z7Z8o| -z6En|ar8>tVC%?%hOzwXp&dquG*VDhV)%u$7^l=?!;E9mI&_kX4Ce<~hCJfhtHmL?6Xu7~bdY*I7snJ9ba9XQV)rXXo; -V5S0iUgTSqA9L1d+j4@yk=wB`Z-!=dM - -literal 0 -HcmV?d00001 - -diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.zero-len.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.zero-len.p12 -new file mode 100644 -index 0000000000000000000000000000000000000000..0e63eb6077fd94da26ba86f1b6230daab5f5ea3d -GIT binary patch -literal 2702 -zcmai$XEfXi7skz)8AJ54LNMA8HGehB=wM(q%<3v!`^fJ7mT^*guAOz9;&oS@AGV^R0sN8>2xSmO>b -zHFw-?D64Y(Bz64UF+=tY&FRtwTTB{TrJELHOCuK@hBY|heFZ@^=gltQgvPbQ)vkP- -zk6qujO{yl8h7yJq&b2-t$uKVNzs(>%fjNYM3B?@mM{{{iyFtBPRp&*4*##^fs-*p` -z?xH-8m>nu+VLj+CDo65!E4dS~fY8aG47@17knKFCGUQ^GEm~;mPSSh4?ifqNyzQ>+ -zq@PKpwW0FTk`R6Kc-4lMW$WJ60^I=o99joaccK|m&i|$G^E>6Zo*q?$L^nKzcXC(O -za2A1A_Y;F*2U#J0w2(IDN_@&KP^l-7a&J(&aR4QdXCo=R0($#2wM?hnmigArdM*>h -zgXT%C6j4`q_GMls_+>1wwKU~k+r1tP4Hug$|HO=2iiEszh(w>=^-(Kv4I4fEwfwoX -zLzWSxz=G7?7Z-$>u+?zNFS+EeEG6?nRi5u&dB#P1JLW{kcZxDS6e3r=82L*flJm(# -z?{>S}OI}ojNaEY`)oSt38#rwn2eaIO{l`rGR^H*DS!Qrwq?8z6QBwscQgEJ|(SNn| -za98;z$fY8s_U>uox1H9SKh^Rx4)M}U1a}$Sa@bxs<0+p-WT$6if1oc&GGPdjd>BL* -zqXsbuiWT+kLrTy*MuG0M7STL-@B;ku)>+DjF4^m`9<|-urpPfxd4kb}C1TVJ&!7X9 -zOWh5nlH=)NLg{Yw@_QwT(V%O}T+$M}G~AC;ulGp0QtgAX(AFcns7EL1P^Z4=vN=1R -zdukL%m7@m?mU^4BD*IWrZB2GMb1^|A7eh4}o5w4L)T-Zr_hz6QKXm$`aV -z%d9%S8yL06c2%geH(b<(8BYQ@ -zXxtB8{0$&z5CjLsez$$Tj|c41|Jg)K0|I{!rM{aI{{|fMAte>70xySu1x|yTezlx{ -z*WH$vXrJ3_!Q&7dWOP^@PEsaE3vS(0scv7a4upS*^E%0$uGn;9`%r*1&TsV_b(=Zb -zchWHI>Vc33*3D%sK6+vlh6W1t4cUh1dc7FyI)ZZNk_Wfw(?k=TJ7_GrnG|kvY=4Bn -z3G>kkCL)(JUp0y4*hw%yC11!d-l$B~T4>!-ziHH2pgDMz$HHP@Ae+cM*G+DT;ecI8 -z5w-WI(xOh~#QaEXOJN)*r{1lM6&qSMw!wb$rv8Xr0YPcdM{{2#L9NK+aQ19s=w4Lf -zT}7vJ^tRjbHJ(&u3|hZ)q$?zVu}I&*&D37d-4L?x?_)_xnFdaxunZK1wd~ySG&|Vk -zWS)wIicY9uHhlV9=Jf>&b5FG9`TlN-6zjYaJSubqo@zrCS4lhA4%fSvX!2bWDVM) -zxuBqo$ghr;*I3Gl>GYvj`A1KroS!>7j2z+>{nb^ho~%P&DY0tg%`ElOWX^7EXae)WkJjJ@cw*z+jjlVvtcA)mwu1YZdc)X$wk#92sm=<=GR -zY!V&;f^F#>a0D`s{-LTQXOV-wAuqQ^IND2kxUn)NKb#F -zeY4`V?+U|M>>5hj$9A0CrD!_JeD8ko*RDExB~z8?DziJfq9EZNoWPlN@U0zb{sEbQ -zQW<%5)kmh8<%zEBNOgMD1a|nw5~s@1-gP=Or$bH#uTJr5L|p74uP+>Iqs;KhIpF0p -z)^+TSHtq5&a7gD2R;IA-zI$^{lv2s-$5n5xP<<}iEaBgmS{*oX9b?v4ePivwX6R?0 -zse45CMz|D6UswtLLLBPW`eMl3vDt))6&VZ!1ZvjHXnuo6$@6fQ`ag}BxIU88K_KtC#YtZ)azpP}lL0&I|GH>%Cf0 -zQRQD1`FY~{JsT};(U^=q64VNzQG8~5?7p4WqcN3tV$v?}T{1DBOgGoTZugqao~YS0 -z+u$tX2HVQ-Bynj8$Tl+|k&wSu%KgmvQTUnO8q1{YU;n~is_C6mhA%j-q)kt=2w_PI -z2{Q~ICLpQoaK6!Wztc1N%1b1e=DyjZG|g -MEzPyHz#!0n06 -Date: Mon, 12 Jan 2026 12:13:35 +0100 -Subject: [PATCH 1/3] Correct handling of AEAD-encrypted CMS with inadmissibly - long IV - -Fixes CVE-2025-15467 ---- - crypto/evp/evp_lib.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c -index 9eae1d421c2..58fa7ce43b4 100644 ---- a/crypto/evp/evp_lib.c -+++ b/crypto/evp/evp_lib.c -@@ -228,10 +228,9 @@ int evp_cipher_get_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type, - if (type == NULL || asn1_params == NULL) - return 0; - -- i = ossl_asn1_type_get_octetstring_int(type, &tl, NULL, EVP_MAX_IV_LENGTH); -- if (i <= 0) -+ i = ossl_asn1_type_get_octetstring_int(type, &tl, iv, EVP_MAX_IV_LENGTH); -+ if (i <= 0 || i > EVP_MAX_IV_LENGTH) - return -1; -- ossl_asn1_type_get_octetstring_int(type, &tl, iv, i); - - memcpy(asn1_params->iv, iv, i); - asn1_params->iv_len = i; - -From 6fb47957bfb0aef2deaa7df7aebd4eb52ffe20ce Mon Sep 17 00:00:00 2001 -From: Igor Ustinov -Date: Mon, 12 Jan 2026 12:15:42 +0100 -Subject: [PATCH 2/3] Some comments to clarify functions usage - ---- - crypto/asn1/evp_asn1.c | 20 ++++++++++++++++++++ - 1 file changed, 20 insertions(+) - -diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c -index 382576364be..e73bda64e3d 100644 ---- a/crypto/asn1/evp_asn1.c -+++ b/crypto/asn1/evp_asn1.c -@@ -60,6 +60,12 @@ static ossl_inline void asn1_type_init_oct(ASN1_OCTET_STRING *oct, - oct->flags = 0; - } - -+/* -+ * This function copies 'anum' to 'num' and the data of 'oct' to 'data'. -+ * If the length of 'data' > 'max_len', copies only the first 'max_len' -+ * bytes, but returns the full length of 'oct'; this allows distinguishing -+ * whether all the data was copied. -+ */ - static int asn1_type_get_int_oct(ASN1_OCTET_STRING *oct, int32_t anum, - long *num, unsigned char *data, int max_len) - { -@@ -106,6 +112,13 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data, - return 0; - } - -+/* -+ * This function decodes an int-octet sequence and copies the integer to 'num' -+ * and the data of octet to 'data'. -+ * If the length of 'data' > 'max_len', copies only the first 'max_len' -+ * bytes, but returns the full length of 'oct'; this allows distinguishing -+ * whether all the data was copied. -+ */ - int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, - unsigned char *data, int max_len) - { -@@ -162,6 +175,13 @@ int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num, - return 0; - } - -+/* -+ * This function decodes an octet-int sequence and copies the data of octet -+ * to 'data' and the integer to 'num'. -+ * If the length of 'data' > 'max_len', copies only the first 'max_len' -+ * bytes, but returns the full length of 'oct'; this allows distinguishing -+ * whether all the data was copied. -+ */ - int ossl_asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num, - unsigned char *data, int max_len) - { - -From 1e8f5c7cd2c46b25a2877e8f3f4bbf954fbcdf77 Mon Sep 17 00:00:00 2001 -From: Igor Ustinov -Date: Sun, 11 Jan 2026 11:35:15 +0100 -Subject: [PATCH 3/3] Test for handling of AEAD-encrypted CMS with inadmissibly - long IV - ---- - test/cmsapitest.c | 39 ++++++++++++++++++- - test/recipes/80-test_cmsapi.t | 3 +- - .../encDataWithTooLongIV.pem | 11 ++++++ - 3 files changed, 50 insertions(+), 3 deletions(-) - create mode 100644 test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem - -diff --git a/test/cmsapitest.c b/test/cmsapitest.c -index 88d519fd148..472d30c9e5d 100644 ---- a/test/cmsapitest.c -+++ b/test/cmsapitest.c -@@ -9,10 +9,10 @@ - - #include - -+#include - #include - #include - #include --#include - #include "../crypto/cms/cms_local.h" /* for d.signedData and d.envelopedData */ - - #include "testutil.h" -@@ -20,6 +20,7 @@ - static X509 *cert = NULL; - static EVP_PKEY *privkey = NULL; - static char *derin = NULL; -+static char *too_long_iv_cms_in = NULL; - - static int test_encrypt_decrypt(const EVP_CIPHER *cipher) - { -@@ -479,6 +480,38 @@ static int test_encrypted_data_aead(void) - return ret; - } - -+static int test_cms_aesgcm_iv_too_long(void) -+{ -+ int ret = 0; -+ BIO *cmsbio = NULL, *out = NULL; -+ CMS_ContentInfo *cms = NULL; -+ unsigned long err = 0; -+ -+ if (!TEST_ptr(cmsbio = BIO_new_file(too_long_iv_cms_in, "r"))) -+ goto end; -+ -+ if (!TEST_ptr(cms = PEM_read_bio_CMS(cmsbio, NULL, NULL, NULL))) -+ goto end; -+ -+ /* Must fail cleanly (no crash) */ -+ if (!TEST_false(CMS_decrypt(cms, privkey, cert, NULL, out, 0))) -+ goto end; -+ err = ERR_peek_last_error(); -+ if (!TEST_ulong_ne(err, 0)) -+ goto end; -+ if (!TEST_int_eq(ERR_GET_LIB(err), ERR_LIB_CMS)) -+ goto end; -+ if (!TEST_int_eq(ERR_GET_REASON(err), CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR)) -+ goto end; -+ -+ ret = 1; -+end: -+ CMS_ContentInfo_free(cms); -+ BIO_free(cmsbio); -+ BIO_free(out); -+ return ret; -+} -+ - OPT_TEST_DECLARE_USAGE("certfile privkeyfile derfile\n") - - int setup_tests(void) -@@ -493,7 +526,8 @@ int setup_tests(void) - - if (!TEST_ptr(certin = test_get_argument(0)) - || !TEST_ptr(privkeyin = test_get_argument(1)) -- || !TEST_ptr(derin = test_get_argument(2))) -+ || !TEST_ptr(derin = test_get_argument(2)) -+ || !TEST_ptr(too_long_iv_cms_in = test_get_argument(3))) - return 0; - - certbio = BIO_new_file(certin, "r"); -@@ -529,6 +563,7 @@ int setup_tests(void) - ADD_TEST(test_CMS_add1_cert); - ADD_TEST(test_d2i_CMS_bio_NULL); - ADD_ALL_TESTS(test_d2i_CMS_decode, 2); -+ ADD_TEST(test_cms_aesgcm_iv_too_long); - return 1; - } - -diff --git a/test/recipes/80-test_cmsapi.t b/test/recipes/80-test_cmsapi.t -index af00355a9d6..182629e71a0 100644 ---- a/test/recipes/80-test_cmsapi.t -+++ b/test/recipes/80-test_cmsapi.t -@@ -18,5 +18,6 @@ plan tests => 1; - - ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"), - srctop_file("test", "certs", "serverkey.pem"), -- srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der")])), -+ srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der"), -+ srctop_file("test", "recipes", "80-test_cmsapi_data", "encDataWithTooLongIV.pem")])), - "running cmsapitest"); -diff --git a/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem b/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem -new file mode 100644 -index 00000000000..4323cd2fb0c ---- /dev/null -+++ b/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem -@@ -0,0 +1,11 @@ -+-----BEGIN CMS----- -+MIIBmgYLKoZIhvcNAQkQARegggGJMIIBhQIBADGCATMwggEvAgEAMBcwEjEQMA4G -+A1UEAwwHUm9vdCBDQQIBAjANBgkqhkiG9w0BAQEFAASCAQC8ZqP1OqbletcUre1V -+b4XOobZzQr6wKMSsdjtGzVbZowUVv5DkOn9VOefrpg4HxMq/oi8IpzVYj8ZiKRMV -+NTJ+/d8FwwBwUUNNP/IDnfEpX+rT1+pGS5zAa7NenLoZgGBNjPy5I2OHP23fPnEd -+sm8YkFjzubkhAD1lod9pEOEqB3V2kTrTTiwzSNtMHggna1zPox6TkdZwFmMnp8d2 -+CVa6lIPGx26gFwCuIDSaavmQ2URJ615L8gAvpYUlpsDqjFsabWsbaOFbMz3bIGJu -+GkrX2ezX7CpuC1wjix26ojlTySJHv+L0IrpcaIzLlC5lB1rqtuija8dGm3rBNm/P -+AAUNMDcGCSqGSIb3DQEHATAjBglghkgBZQMEAQYwFgQRzxwoRQzOHVooVn3CpaWl -+paUCARCABUNdolo6BBA55E9hYaYO2S8C/ZnD8dRO -+-----END CMS----- diff --git a/SOURCES/0061-CVE-2025-15468.patch b/SOURCES/0061-CVE-2025-15468.patch deleted file mode 100644 index 0e0cf21..0000000 --- a/SOURCES/0061-CVE-2025-15468.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 7da6afe3dac7d65b30f87f2c5d305b6e699bc5dc Mon Sep 17 00:00:00 2001 -From: Daniel Kubec -Date: Fri, 9 Jan 2026 14:33:24 +0100 -Subject: [PATCH] ossl_quic_get_cipher_by_char(): Add a NULL guard before - dereferencing SSL_CIPHER - -Fixes CVE-2025-15468 ---- - ssl/quic/quic_impl.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c -index 87c1370a8d6..89c108a9734 100644 ---- a/ssl/quic/quic_impl.c -+++ b/ssl/quic/quic_impl.c -@@ -5222,6 +5222,8 @@ const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p) - { - const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p); - -+ if (ciph == NULL) -+ return NULL; - if ((ciph->algorithm2 & SSL_QUIC) == 0) - return NULL; - diff --git a/SOURCES/0062-CVE-2025-15469.patch b/SOURCES/0062-CVE-2025-15469.patch deleted file mode 100644 index 37f113c..0000000 --- a/SOURCES/0062-CVE-2025-15469.patch +++ /dev/null @@ -1,266 +0,0 @@ -From ef48810aafdc3b8c6c4a85e52314caeec0cb596c Mon Sep 17 00:00:00 2001 -From: Viktor Dukhovni -Date: Wed, 7 Jan 2026 01:21:58 +1100 -Subject: [PATCH] Report truncation in oneshot `openssl dgst -sign` - -Previously input was silently truncated at 16MB, now if the input is -longer than limit, an error is reported. - -The bio_to_mem() apps helper function was changed to return 0 or 1, -and return the size of the result via an output size_t pointer. - -Fixes CVE-2025-15469 ---- - apps/dgst.c | 7 +++--- - apps/include/apps.h | 2 +- - apps/lib/apps.c | 55 +++++++++++++++++++++++---------------------- - apps/pkeyutl.c | 36 ++++++++++++++--------------- - 4 files changed, 50 insertions(+), 50 deletions(-) - -diff --git a/apps/dgst.c b/apps/dgst.c -index 94415128d7f..7168b5f8b84 100644 ---- a/apps/dgst.c -+++ b/apps/dgst.c -@@ -721,12 +721,11 @@ static int do_fp_oneshot_sign(BIO *out, EVP_MD_CTX *ctx, BIO *in, int sep, int b - { - int res, ret = EXIT_FAILURE; - size_t len = 0; -- int buflen = 0; -- int maxlen = 16 * 1024 * 1024; -+ size_t buflen = 0; -+ size_t maxlen = 16 * 1024 * 1024; - uint8_t *buf = NULL, *sig = NULL; - -- buflen = bio_to_mem(&buf, maxlen, in); -- if (buflen <= 0) { -+ if (!bio_to_mem(&buf, &buflen, maxlen, in)) { - BIO_printf(bio_err, "Read error in %s\n", file); - return ret; - } -diff --git a/apps/include/apps.h b/apps/include/apps.h -index 6a23dbbb131..c9471ddc4ed 100644 ---- a/apps/include/apps.h -+++ b/apps/include/apps.h -@@ -253,7 +253,7 @@ int parse_yesno(const char *str, int def); - X509_NAME *parse_name(const char *str, int chtype, int multirdn, - const char *desc); - void policies_print(X509_STORE_CTX *ctx); --int bio_to_mem(unsigned char **out, int maxlen, BIO *in); -+int bio_to_mem(unsigned char **out, size_t *outlen, size_t maxlen, BIO *in); - int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value); - int x509_ctrl_string(X509 *x, const char *value); - int x509_req_ctrl_string(X509_REQ *x, const char *value); -diff --git a/apps/lib/apps.c b/apps/lib/apps.c -index 0e436582030..76f3c1683b2 100644 ---- a/apps/lib/apps.c -+++ b/apps/lib/apps.c -@@ -49,6 +49,7 @@ - #include "apps.h" - - #include "internal/sockets.h" /* for openssl_fdset() */ -+#include "internal/numbers.h" /* for LONG_MAX */ - #include "internal/e_os.h" - - #ifdef _WIN32 -@@ -2010,45 +2011,45 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti, - } - - /* -- * Read whole contents of a BIO into an allocated memory buffer and return -- * it. -+ * Read whole contents of a BIO into an allocated memory buffer. -+ * The return value is one on success, zero on error. -+ * If `maxlen` is non-zero, at most `maxlen` bytes are returned, or else, if -+ * the input is longer than `maxlen`, an error is returned. -+ * If `maxlen` is zero, the limit is effectively `SIZE_MAX`. - */ -- --int bio_to_mem(unsigned char **out, int maxlen, BIO *in) -+int bio_to_mem(unsigned char **out, size_t *outlen, size_t maxlen, BIO *in) - { -+ unsigned char tbuf[4096]; - BIO *mem; -- int len, ret; -- unsigned char tbuf[1024]; -+ BUF_MEM *bufm; -+ size_t sz = 0; -+ int len; - - mem = BIO_new(BIO_s_mem()); - if (mem == NULL) -- return -1; -+ return 0; - for (;;) { -- if ((maxlen != -1) && maxlen < 1024) -- len = maxlen; -- else -- len = 1024; -- len = BIO_read(in, tbuf, len); -- if (len < 0) { -- BIO_free(mem); -- return -1; -- } -- if (len == 0) -+ if ((len = BIO_read(in, tbuf, 4096)) == 0) - break; -- if (BIO_write(mem, tbuf, len) != len) { -+ if (len < 0 -+ || BIO_write(mem, tbuf, len) != len -+ || sz > SIZE_MAX - len -+ || ((sz += len) > maxlen && maxlen != 0)) { - BIO_free(mem); -- return -1; -+ return 0; - } -- if (maxlen != -1) -- maxlen -= len; -- -- if (maxlen == 0) -- break; - } -- ret = BIO_get_mem_data(mem, (char **)out); -- BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY); -+ -+ /* So BIO_free orphans BUF_MEM */ -+ (void)BIO_set_close(mem, BIO_NOCLOSE); -+ BIO_get_mem_ptr(mem, &bufm); - BIO_free(mem); -- return ret; -+ *out = (unsigned char *)bufm->data; -+ *outlen = bufm->length; -+ /* Tell BUF_MEM to orphan data */ -+ bufm->data = NULL; -+ BUF_MEM_free(bufm); -+ return 1; - } - - int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value) -diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c -index deecec6bcd7..2681114fba1 100644 ---- a/apps/pkeyutl.c -+++ b/apps/pkeyutl.c -@@ -40,7 +40,7 @@ static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, - - static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx, - EVP_PKEY *pkey, BIO *in, -- int filesize, unsigned char *sig, int siglen, -+ int filesize, unsigned char *sig, size_t siglen, - unsigned char **out, size_t *poutlen); - - static int only_nomd(EVP_PKEY *pkey) -@@ -158,7 +158,7 @@ int pkeyutl_main(int argc, char **argv) - char hexdump = 0, asn1parse = 0, rev = 0, *prog; - unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL, *secret = NULL; - OPTION_CHOICE o; -- int buf_inlen = 0, siglen = -1; -+ size_t buf_inlen = 0, siglen = 0; - int keyform = FORMAT_UNDEF, peerform = FORMAT_UNDEF; - int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY; - int engine_impl = 0; -@@ -508,31 +508,31 @@ int pkeyutl_main(int argc, char **argv) - - if (sigfile != NULL) { - BIO *sigbio = BIO_new_file(sigfile, "rb"); -+ size_t maxsiglen = 16 * 1024 * 1024; - - if (sigbio == NULL) { - BIO_printf(bio_err, "Can't open signature file %s\n", sigfile); - goto end; - } -- siglen = bio_to_mem(&sig, keysize * 10, sigbio); -- BIO_free(sigbio); -- if (siglen < 0) { -+ if (!bio_to_mem(&sig, &siglen, maxsiglen, sigbio)) { -+ BIO_free(sigbio); - BIO_printf(bio_err, "Error reading signature data\n"); - goto end; - } -+ BIO_free(sigbio); - } - - /* Raw input data is handled elsewhere */ - if (in != NULL && !rawin) { - /* Read the input data */ -- buf_inlen = bio_to_mem(&buf_in, -1, in); -- if (buf_inlen < 0) { -+ if (!bio_to_mem(&buf_in, &buf_inlen, 0, in)) { - BIO_printf(bio_err, "Error reading input Data\n"); - goto end; - } - if (rev) { - size_t i; - unsigned char ctmp; -- size_t l = (size_t)buf_inlen; -+ size_t l = buf_inlen; - - for (i = 0; i < l / 2; i++) { - ctmp = buf_in[i]; -@@ -547,7 +547,8 @@ int pkeyutl_main(int argc, char **argv) - && (pkey_op == EVP_PKEY_OP_SIGN || pkey_op == EVP_PKEY_OP_VERIFY)) { - if (buf_inlen > EVP_MAX_MD_SIZE) { - BIO_printf(bio_err, -- "Error: The non-raw input data length %d is too long - max supported hashed size is %d\n", -+ "Error: The non-raw input data length %zd is too long - " -+ "max supported hashed size is %d\n", - buf_inlen, EVP_MAX_MD_SIZE); - goto end; - } -@@ -558,8 +559,7 @@ int pkeyutl_main(int argc, char **argv) - rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, sig, siglen, - NULL, 0); - } else { -- rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen, -- buf_in, (size_t)buf_inlen); -+ rv = EVP_PKEY_verify(ctx, sig, siglen, buf_in, buf_inlen); - } - if (rv == 1) { - BIO_puts(out, "Signature Verified Successfully\n"); -@@ -578,8 +578,8 @@ int pkeyutl_main(int argc, char **argv) - buf_outlen = kdflen; - rv = 1; - } else { -- rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, -- buf_in, (size_t)buf_inlen, NULL, (size_t *)&secretlen); -+ rv = do_keyop(ctx, pkey_op, NULL, &buf_outlen, -+ buf_in, buf_inlen, NULL, &secretlen); - } - if (rv > 0 - && (secretlen > 0 || (pkey_op != EVP_PKEY_OP_ENCAPSULATE -@@ -589,8 +589,8 @@ int pkeyutl_main(int argc, char **argv) - if (secretlen > 0) - secret = app_malloc(secretlen, "secret output"); - rv = do_keyop(ctx, pkey_op, -- buf_out, (size_t *)&buf_outlen, -- buf_in, (size_t)buf_inlen, secret, (size_t *)&secretlen); -+ buf_out, &buf_outlen, -+ buf_in, buf_inlen, secret, &secretlen); - } - } - if (rv <= 0) { -@@ -857,7 +857,7 @@ static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, - - static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx, - EVP_PKEY *pkey, BIO *in, -- int filesize, unsigned char *sig, int siglen, -+ int filesize, unsigned char *sig, size_t siglen, - unsigned char **out, size_t *poutlen) - { - int rv = 0; -@@ -880,7 +880,7 @@ static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx, - BIO_printf(bio_err, "Error reading raw input data\n"); - goto end; - } -- rv = EVP_DigestVerify(mctx, sig, (size_t)siglen, mbuf, buf_len); -+ rv = EVP_DigestVerify(mctx, sig, siglen, mbuf, buf_len); - break; - case EVP_PKEY_OP_SIGN: - buf_len = BIO_read(in, mbuf, filesize); -@@ -914,7 +914,7 @@ static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx, - goto end; - } - } -- rv = EVP_DigestVerifyFinal(mctx, sig, (size_t)siglen); -+ rv = EVP_DigestVerifyFinal(mctx, sig, siglen); - break; - case EVP_PKEY_OP_SIGN: - for (;;) { diff --git a/SOURCES/0063-CVE-2025-66199.patch b/SOURCES/0063-CVE-2025-66199.patch deleted file mode 100644 index 0b9aa1f..0000000 --- a/SOURCES/0063-CVE-2025-66199.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 04a93ac145041e3ef0121a2688cf7c1b23780519 Mon Sep 17 00:00:00 2001 -From: Igor Ustinov -Date: Thu, 8 Jan 2026 14:02:54 +0100 -Subject: [PATCH] Check the received uncompressed certificate length to prevent - excessive pre-decompression allocation. - -The patch was proposed by Tomas Dulka and Stanislav Fort (Aisle Research). - -Fixes: CVE-2025-66199 ---- - ssl/statem/statem_lib.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c -index 9e0c853c0d2..f82d8dcdac1 100644 ---- a/ssl/statem/statem_lib.c -+++ b/ssl/statem/statem_lib.c -@@ -2877,6 +2877,12 @@ MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc, - goto err; - } - -+ /* Prevent excessive pre-decompression allocation */ -+ if (expected_length > sc->max_cert_list) { -+ SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_EXCESSIVE_MESSAGE_SIZE); -+ goto err; -+ } -+ - if (PACKET_remaining(pkt) != comp_length || comp_length == 0) { - SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_DECOMPRESSION); - goto err; diff --git a/SOURCES/0064-CVE-2025-68160.patch b/SOURCES/0064-CVE-2025-68160.patch deleted file mode 100644 index cd57ed1..0000000 --- a/SOURCES/0064-CVE-2025-68160.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 701aa270db8ad424cece68702b9bb2e05290af9b Mon Sep 17 00:00:00 2001 -From: Neil Horman -Date: Wed, 7 Jan 2026 11:52:09 -0500 -Subject: [PATCH] Fix heap buffer overflow in BIO_f_linebuffer - -When a FIO_f_linebuffer is part of a bio chain, and the next BIO -preforms short writes, the remainder of the unwritten buffer is copied -unconditionally to the internal buffer ctx->obuf, which may not be -sufficiently sized to handle the remaining data, resulting in a buffer -overflow. - -Fix it by only copying data when ctx->obuf has space, flushing to the -next BIO to increase available storage if needed. - -Fixes CVE-2025-68160 ---- - crypto/bio/bf_lbuf.c | 32 ++++++++++++++++++++++++++------ - 1 file changed, 26 insertions(+), 6 deletions(-) - -diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c -index 1dfcac8f2ea..e4af2a8c4ff 100644 ---- a/crypto/bio/bf_lbuf.c -+++ b/crypto/bio/bf_lbuf.c -@@ -187,14 +187,34 @@ static int linebuffer_write(BIO *b, const char *in, int inl) - while (foundnl && inl > 0); - /* - * We've written as much as we can. The rest of the input buffer, if -- * any, is text that doesn't and with a NL and therefore needs to be -- * saved for the next trip. -+ * any, is text that doesn't end with a NL and therefore we need to try -+ * free up some space in our obuf so we can make forward progress. - */ -- if (inl > 0) { -- memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl); -- ctx->obuf_len += inl; -- num += inl; -+ while (inl > 0) { -+ size_t avail = (size_t)ctx->obuf_size - (size_t)ctx->obuf_len; -+ size_t to_copy; -+ -+ if (avail == 0) { -+ /* Flush buffered data to make room */ -+ i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len); -+ if (i <= 0) { -+ BIO_copy_next_retry(b); -+ return num > 0 ? num : i; -+ } -+ if (i < ctx->obuf_len) -+ memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i); -+ ctx->obuf_len -= i; -+ continue; -+ } -+ -+ to_copy = inl > (int)avail ? avail : (size_t)inl; -+ memcpy(&(ctx->obuf[ctx->obuf_len]), in, to_copy); -+ ctx->obuf_len += (int)to_copy; -+ in += to_copy; -+ inl -= (int)to_copy; -+ num += (int)to_copy; - } -+ - return num; - } - diff --git a/SOURCES/0065-CVE-2025-69418.patch b/SOURCES/0065-CVE-2025-69418.patch deleted file mode 100644 index 733af4c..0000000 --- a/SOURCES/0065-CVE-2025-69418.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 1a556ff619473af9e179b202284a961590d5a2bd Mon Sep 17 00:00:00 2001 -From: Norbert Pocs -Date: Thu, 8 Jan 2026 15:04:54 +0100 -Subject: [PATCH] Fix OCB AES-NI/HW stream path unauthenticated/unencrypted - trailing bytes -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When ctx->stream (e.g., AES‑NI or ARMv8 CE) is available, the fast path -encrypts/decrypts full blocks but does not advance in/out pointers. The -tail-handling code then operates on the base pointers, effectively reprocessing -the beginning of the buffer while leaving the actual trailing bytes -unencrypted (encryption) or using the wrong plaintext (decryption). The -authentication checksum excludes the true tail. - -CVE-2025-69418 - -Fixes: https://github.com/openssl/srt/issues/58 - -Signed-off-by: Norbert Pocs ---- - crypto/modes/ocb128.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c -index ce72baf6da5..8a5d7c7db00 100644 ---- a/crypto/modes/ocb128.c -+++ b/crypto/modes/ocb128.c -@@ -337,7 +337,7 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, - - if (num_blocks && all_num_blocks == (size_t)all_num_blocks - && ctx->stream != NULL) { -- size_t max_idx = 0, top = (size_t)all_num_blocks; -+ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0; - - /* - * See how many L_{i} entries we need to process data at hand -@@ -351,6 +351,9 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, - ctx->stream(in, out, num_blocks, ctx->keyenc, - (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, - (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); -+ processed_bytes = num_blocks * 16; -+ in += processed_bytes; -+ out += processed_bytes; - } else { - /* Loop through all full blocks to be encrypted */ - for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) { -@@ -429,7 +432,7 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, - - if (num_blocks && all_num_blocks == (size_t)all_num_blocks - && ctx->stream != NULL) { -- size_t max_idx = 0, top = (size_t)all_num_blocks; -+ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0; - - /* - * See how many L_{i} entries we need to process data at hand -@@ -443,6 +446,9 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, - ctx->stream(in, out, num_blocks, ctx->keydec, - (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, - (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); -+ processed_bytes = num_blocks * 16; -+ in += processed_bytes; -+ out += processed_bytes; - } else { - OCB_BLOCK tmp; - diff --git a/SOURCES/0066-CVE-2025-69420.patch b/SOURCES/0066-CVE-2025-69420.patch deleted file mode 100644 index bc4e420..0000000 --- a/SOURCES/0066-CVE-2025-69420.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 6453d278557c8719233793730ec500c84aea55d9 Mon Sep 17 00:00:00 2001 -From: Bob Beck -Date: Wed, 7 Jan 2026 11:29:48 -0700 -Subject: [PATCH] Verify ASN1 object's types before attempting to access them - as a particular type - -Issue was reported in ossl_ess_get_signing_cert but is also present in -ossl_ess_get_signing_cert_v2. - -Fixes: https://github.com/openssl/srt/issues/61 -Fixes CVE-2025-69420 ---- - crypto/ts/ts_rsp_verify.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c -index 3876e30f47b..40dab687d1c 100644 ---- a/crypto/ts/ts_rsp_verify.c -+++ b/crypto/ts/ts_rsp_verify.c -@@ -209,7 +209,7 @@ static ESS_SIGNING_CERT *ossl_ess_get_signing_cert(const PKCS7_SIGNER_INFO *si) - const unsigned char *p; - - attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate); -- if (attr == NULL) -+ if (attr == NULL || attr->type != V_ASN1_SEQUENCE) - return NULL; - p = attr->value.sequence->data; - return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); -@@ -221,7 +221,7 @@ static ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO - const unsigned char *p; - - attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2); -- if (attr == NULL) -+ if (attr == NULL || attr->type != V_ASN1_SEQUENCE) - return NULL; - p = attr->value.sequence->data; - return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length); diff --git a/SOURCES/0067-CVE-2025-69421.patch b/SOURCES/0067-CVE-2025-69421.patch deleted file mode 100644 index aead141..0000000 --- a/SOURCES/0067-CVE-2025-69421.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 0a2ecb95993b588d2156dd6527459cc3983aabd5 Mon Sep 17 00:00:00 2001 -From: Andrew Dinh -Date: Thu, 8 Jan 2026 01:24:30 +0900 -Subject: [PATCH] Add NULL check to PKCS12_item_decrypt_d2i_ex - -Address CVE-2025-69421 - -Add NULL check for oct parameter ---- - crypto/pkcs12/p12_decr.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c -index 606713b9ee9..1614da44042 100644 ---- a/crypto/pkcs12/p12_decr.c -+++ b/crypto/pkcs12/p12_decr.c -@@ -146,6 +146,11 @@ void *PKCS12_item_decrypt_d2i_ex(const X509_ALGOR *algor, const ASN1_ITEM *it, - void *ret; - int outlen = 0; - -+ if (oct == NULL) { -+ ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER); -+ return NULL; -+ } -+ - if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, oct->data, oct->length, - &out, &outlen, 0, libctx, propq)) - return NULL; diff --git a/SOURCES/0068-CVE-2025-69419.patch b/SOURCES/0068-CVE-2025-69419.patch deleted file mode 100644 index 367debc..0000000 --- a/SOURCES/0068-CVE-2025-69419.patch +++ /dev/null @@ -1,136 +0,0 @@ -diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c -index b7a5284fa59fa..7be233db5e0b2 100644 ---- a/crypto/asn1/a_mbstr.c -+++ b/crypto/asn1/a_mbstr.c -@@ -123,7 +123,10 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, - return -1; - } - -- /* Now work out output format and string type */ -+ /* -+ * Now work out output format and string type. -+ * These checks should be in sync with the checks in type_str. -+ */ - outform = MBSTRING_ASC; - if (mask & B_ASN1_NUMERICSTRING) - str_type = V_ASN1_NUMERICSTRING; -@@ -191,7 +194,11 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, - - case MBSTRING_UTF8: - outlen = 0; -- traverse_string(in, len, inform, out_utf8, &outlen); -+ ret = traverse_string(in, len, inform, out_utf8, &outlen); -+ if (ret < 0) { -+ ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_UTF8STRING); -+ return -1; -+ } - cpyfunc = cpy_utf8; - break; - } -@@ -286,9 +293,29 @@ static int out_utf8(unsigned long value, void *arg) - - static int type_str(unsigned long value, void *arg) - { -- unsigned long types = *((unsigned long *)arg); -+ unsigned long usable_types = *((unsigned long *)arg); -+ unsigned long types = usable_types; - const int native = value > INT_MAX ? INT_MAX : ossl_fromascii(value); - -+ /* -+ * Clear out all the types which are not checked later. If any of those -+ * is present in the mask, then the UTF8 type will be added and checked -+ * below. -+ */ -+ types &= B_ASN1_NUMERICSTRING | B_ASN1_PRINTABLESTRING -+ | B_ASN1_IA5STRING | B_ASN1_T61STRING | B_ASN1_BMPSTRING -+ | B_ASN1_UNIVERSALSTRING | B_ASN1_UTF8STRING; -+ -+ /* -+ * If any other types were in the input mask, they're effectively treated -+ * as UTF8 -+ */ -+ if (types != usable_types) -+ types |= B_ASN1_UTF8STRING; -+ -+ /* -+ * These checks should be in sync with ASN1_mbstring_ncopy. -+ */ - if ((types & B_ASN1_NUMERICSTRING) && !(ossl_isdigit(native) - || native == ' ')) - types &= ~B_ASN1_NUMERICSTRING; -@@ -356,6 +383,8 @@ static int cpy_utf8(unsigned long value, void *arg) - p = arg; - /* We already know there is enough room so pass 0xff as the length */ - ret = UTF8_putc(*p, 0xff, value); -+ if (ret < 0) -+ return ret; - *p += ret; - return 1; - } -diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c -index 17f7372026c3b..01e2269444cba 100644 ---- a/crypto/asn1/a_strex.c -+++ b/crypto/asn1/a_strex.c -@@ -198,8 +198,10 @@ static int do_buf(unsigned char *buf, int buflen, - orflags = CHARTYPE_LAST_ESC_2253; - if (type & BUF_TYPE_CONVUTF8) { - unsigned char utfbuf[6]; -- int utflen; -- utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c); -+ int utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c); -+ -+ if (utflen < 0) -+ return -1; /* error happened with UTF8 */ - for (i = 0; i < utflen; i++) { - /* - * We don't need to worry about setting orflags correctly -diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c -index 50adce6b26fd2..8b5f2909e8d96 100644 ---- a/crypto/pkcs12/p12_utl.c -+++ b/crypto/pkcs12/p12_utl.c -@@ -213,6 +213,11 @@ char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen) - /* re-run the loop emitting UTF-8 string */ - for (asclen = 0, i = 0; i < unilen; ) { - j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i); -+ /* when UTF8_putc fails */ -+ if (j < 0) { -+ OPENSSL_free(asctmp); -+ return NULL; -+ } - if (j == 4) i += 4; - else i += 2; - asclen += j; -diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c -index e08e2a11be9b7..56af2b369b4dd 100644 ---- a/test/asn1_internal_test.c -+++ b/test/asn1_internal_test.c -@@ -554,6 +554,22 @@ static int posix_time_test(void) - return 1; - } - -+static int test_mbstring_ncopy(void) -+{ -+ ASN1_STRING *str = NULL; -+ const unsigned char in[] = { 0xFF, 0xFE, 0xFF, 0xFE }; -+ int inlen = 4; -+ int inform = MBSTRING_UNIV; -+ -+ if (!TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_GENERALSTRING, 0, 0), -1) -+ || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_VISIBLESTRING, 0, 0), -1) -+ || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_VIDEOTEXSTRING, 0, 0), -1) -+ || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_GENERALIZEDTIME, 0, 0), -1)) -+ return 0; -+ -+ return 1; -+} -+ - int setup_tests(void) - { - ADD_TEST(test_tbl_standard); -@@ -565,5 +581,6 @@ int setup_tests(void) - ADD_TEST(test_unicode_range); - ADD_TEST(test_obj_create); - ADD_TEST(test_obj_nid_undef); -+ ADD_TEST(test_mbstring_ncopy); - return 1; - } diff --git a/SOURCES/0069-CVE-2026-22795.patch b/SOURCES/0069-CVE-2026-22795.patch deleted file mode 100644 index a0703aa..0000000 --- a/SOURCES/0069-CVE-2026-22795.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff --git a/apps/s_client.c b/apps/s_client.c -index 7b2cabdc428a9..d0611433261dc 100644 ---- a/apps/s_client.c -+++ b/apps/s_client.c -@@ -2847,8 +2847,9 @@ int s_client_main(int argc, char **argv) - goto end; - } - atyp = ASN1_generate_nconf(genstr, cnf); -- if (atyp == NULL) { -+ if (atyp == NULL || atyp->type != V_ASN1_SEQUENCE) { - NCONF_free(cnf); -+ ASN1_TYPE_free(atyp); - BIO_printf(bio_err, "ASN1_generate_nconf failed\n"); - goto end; - } -diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c -index 10b581612dbb2..d0236e34fe9df 100644 ---- a/crypto/pkcs12/p12_kiss.c -+++ b/crypto/pkcs12/p12_kiss.c -@@ -196,11 +196,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, - ASN1_BMPSTRING *fname = NULL; - ASN1_OCTET_STRING *lkid = NULL; - -- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) -+ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) { -+ if (attrib->type != V_ASN1_BMPSTRING) -+ return 0; - fname = attrib->value.bmpstring; -+ } - -- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) -+ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) { -+ if (attrib->type != V_ASN1_OCTET_STRING) -+ return 0; - lkid = attrib->value.octet_string; -+ } - - switch (PKCS12_SAFEBAG_get_nid(bag)) { - case NID_keyBag: -diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c -index 02444d983c476..7798846b16ec1 100644 ---- a/crypto/pkcs7/pk7_doit.c -+++ b/crypto/pkcs7/pk7_doit.c -@@ -1229,6 +1229,8 @@ ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) - ASN1_TYPE *astype; - if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL) - return NULL; -+ if (astype->type != V_ASN1_OCTET_STRING) -+ return NULL; - return astype->value.octet_string; - } - diff --git a/SOURCES/0100-RHEL9-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch b/SOURCES/0100-RHEL9-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch index 7316bfe..dff547e 100644 --- a/SOURCES/0100-RHEL9-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch +++ b/SOURCES/0100-RHEL9-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch @@ -67,7 +67,7 @@ index 4b74ee1a34..5f089de107 100644 #include "internal/sslconf.h" #include "internal/nelem.h" #include "internal/sizes.h" -@@ -1561,19 +1562,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) +@@ -1561,16 +1562,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST); return 0; } @@ -78,10 +78,7 @@ index 4b74ee1a34..5f089de107 100644 - sigalgstr[0] = (sig >> 8) & 0xff; - sigalgstr[1] = sig & 0xff; - secbits = sigalg_security_bits(SSL_CONNECTION_GET_CTX(s), lu); -- if (secbits == 0 || -- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, -- md != NULL ? EVP_MD_get_type(md) : NID_undef, -- (void *)sigalgstr)) { +- if (secbits == 0 || !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, md != NULL ? EVP_MD_get_type(md) : NID_undef, (void *)sigalgstr)) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); - return 0; + diff --git a/SOURCES/0101-FIPS-enable-pkcs12-mac.patch b/SOURCES/0101-FIPS-enable-pkcs12-mac.patch index b017166..f4680c0 100644 --- a/SOURCES/0101-FIPS-enable-pkcs12-mac.patch +++ b/SOURCES/0101-FIPS-enable-pkcs12-mac.patch @@ -10,7 +10,7 @@ diff -up openssl-3.5.0-build/openssl-3.5.0/apps/pkcs12.c.xxx openssl-3.5.0-build - if (pbmac1_pbkdf2 == 1) { if (!PKCS12_set_pbmac1_pbkdf2(p12, mpass, -1, NULL, - macsaltlen, maciter, + macsaltlen, maciter, @@ -844,15 +841,34 @@ int pkcs12_main(int argc, char **argv) if (OBJ_obj2nid(macobj) != NID_pbmac1) { @@ -34,8 +34,8 @@ diff -up openssl-3.5.0-build/openssl-3.5.0/apps/pkcs12.c.xxx openssl-3.5.0-build + } pkcs12kdf = EVP_KDF_fetch(app_get0_libctx(), "PKCS12KDF", -- app_get0_propq()); -+ adjusted_propq ? adjusted_propq : app_get0_propq()); +- app_get0_propq()); ++ adjusted_propq ? adjusted_propq : app_get0_propq()); if (pkcs12kdf == NULL) { BIO_printf(bio_err, "Error verifying PKCS12 MAC; no PKCS12KDF support.\n"); BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n"); @@ -94,9 +94,9 @@ diff -up openssl-3.5.0-build/openssl-3.5.0/crypto/pkcs12/p12_key.c.xxx openssl-3 + } *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)EVP_MD_get0_name(md_type), + (char *)EVP_MD_get0_name(md_type), @@ -127,6 +151,7 @@ int PKCS12_key_gen_uni_ex(unsigned char - } OSSL_TRACE_END(PKCS12_KEYGEN); + OSSL_TRACE_END(PKCS12_KEYGEN); } EVP_KDF_CTX_free(ctx); + OPENSSL_free(adjusted_propq); diff --git a/SPECS/openssl.spec b/SPECS/openssl.spec index 3e59983..072846c 100644 --- a/SPECS/openssl.spec +++ b/SPECS/openssl.spec @@ -28,8 +28,8 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 3.5.1 -Release: 7%{?dist} +Version: 3.5.5 +Release: 2%{?dist} Epoch: 1 Source0: openssl-%{version}.tar.gz Source1: fips-hmacify.sh @@ -96,20 +96,9 @@ Patch0053: 0053-Allow-hybrid-MLKEM-in-FIPS-mode.patch %endif Patch0054: 0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch Patch0055: 0055-Add-a-define-to-disable-symver-attributes.patch -Patch0056: 0056-Fix-incorrect-check-of-unwrapped-key-size.patch -Patch0057: 0057-Do-not-make-key-share-choice-in-tls1_set_groups.patch -Patch0058: 0058-Fix-PPC-register-processing.patch -Patch0059: 0059-CVE-2025-11187.patch -Patch0060: 0060-CVE-2025-15467.patch -Patch0061: 0061-CVE-2025-15468.patch -Patch0062: 0062-CVE-2025-15469.patch -Patch0063: 0063-CVE-2025-66199.patch -Patch0064: 0064-CVE-2025-68160.patch -Patch0065: 0065-CVE-2025-69418.patch -Patch0066: 0066-CVE-2025-69420.patch -Patch0067: 0067-CVE-2025-69421.patch -Patch0068: 0068-CVE-2025-69419.patch -Patch0069: 0069-CVE-2026-22795.patch +Patch0056: 0056-Add-targets-to-skip-build-of-non-installable-program.patch +Patch0057: 0057-Disable-RSA-PKCS1.5-FIPS-POST-not-relevant-for-RHEL.patch +Patch0058: 0058-CVE-2026-31790.patch #The patches that are different for RHEL9 and 10 start here Patch0100: 0100-RHEL9-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch @@ -272,7 +261,7 @@ export HASHBANGPERL=/usr/bin/perl # Do not run this in a production package the FIPS symbols must be patched-in #util/mkdef.pl crypto update -make %{?_smp_mflags} all +make %{?_smp_mflags} build_inst_sw # Clean up the .pc files for i in libcrypto.pc libssl.pc openssl.pc ; do @@ -298,7 +287,11 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file export OPENSSL_SYSTEM_CIPHERS_OVERRIDE #embed HMAC into fips provider for test run %{SOURCE1} providers/fips.so -#run tests itself + +# Build tests with LTO disabled and run them +make -s %{?_smp_mflags} build_programs \ + CFLAGS="%{build_cflags} -fno-lto" \ + CXXFLAGS="%{build_cxxflags} -fno-lto" make test HARNESS_JOBS=8 # Add generation of HMAC checksum of the final stripped library @@ -464,34 +457,39 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco %ldconfig_scriptlets libs %changelog -* Fri Jan 16 2026 Dmitry Belyavskiy - 1:3.5.1-7 -- Fix CVE-2025-11187 CVE-2025-15467 CVE-2025-15468 CVE-2025-15469 - CVE-2025-66199 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 - CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 - Resolves: RHEL-142068 - Resolves: RHEL-142002 - Resolves: RHEL-142055 - Resolves: RHEL-142051 - Resolves: RHEL-142047 - Resolves: RHEL-142043 - Resolves: RHEL-142039 - Resolves: RHEL-142035 - Resolves: RHEL-142031 - Resolves: RHEL-142011 - Resolves: RHEL-142027 - Resolves: RHEL-142023 +* Thu Apr 09 2026 Pavol Žáčik - 1:3.5.5-2 +- Fix CVE-2026-31790 + Resolves: RHEL-161586 -* Wed Jan 07 2026 Dmitry Belyavskiy - 1:3.5.1-6 -- Fix AES/GCM ppc64le encrypt/decrypt - Resolves: RHEL-139131 +* Tue Jan 27 2026 Dmitry Belyavskiy - 1:3.5.5-1 +- Rebase to OpenSSL 3.5.5 + Resolves: RHEL-136895 + Resolves: RHEL-142004 + Resolves: RHEL-142012 + Resolves: RHEL-142020 + Resolves: RHEL-142024 + Resolves: RHEL-142028 + Resolves: RHEL-142032 + Resolves: RHEL-142036 + Resolves: RHEL-142040 + Resolves: RHEL-142044 + Resolves: RHEL-142048 + Resolves: RHEL-142052 + Resolves: RHEL-142056 -* Thu Dec 11 2025 Pavol Žáčik - 1:3.5.1-5 -- Do not make key share choice in tls1_set_groups() - Resolves: RHEL-131010 - -* Thu Oct 23 2025 Pavol Žáčik - 1:3.5.1-4 +* Thu Oct 23 2025 Pavol Žáčik - 1:3.5.1-6 - Fix CVE-2025-9230 - Resolves: RHEL-115929 + Resolves: RHEL-115928 + +* Fri Sep 05 2025 Pavol Žáčik - 1:3.5.1-5 +- Fix globally disabled LTO + Related: RHEL-111633 + +* Thu Aug 28 2025 Pavol Žáčik - 1:3.5.1-4 +- Make openssl speed test signatures without errors + Resolves: RHEL-95502 +- Build tests in check and without LTO + Resolves: RHEL-111633 * Thu Jul 17 2025 Simo Sorce - 1:3.5.1-3 - Add custom define to disable symbol versioning in downstream patched code