Compare commits

..

12 Commits
master ... f21

Author SHA1 Message Date
Tom Callaway 4b20642107 Merge branch 'f22' into f21 2015-08-13 08:10:51 -04:00
Tom Callaway 1c2ab61fa1 enable secp256k1 2015-08-13 08:09:25 -04:00
Tomas Mraz d84c65b444 Merge branch 'f22' into f21 2015-07-09 15:43:29 +02:00
Tomas Mraz 929846e5d1 fix CVE-2015-1793 - certificate verification forgery 2015-07-09 15:36:41 +02:00
Tomas Mraz c0a499bb31 Merge branch 'f22' into f21 2015-06-15 17:10:14 +02:00
Tomas Mraz 546bf977b5 Fix multiple security issues.
- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time
- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent
- fix CVE-2015-1791 - race condition handling NewSessionTicket
- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function
- add missing parts of CVE-2015-0209 fix for corectness although unexploitable
2015-06-15 17:09:29 +02:00
Tomas Mraz 20c4fd7c9c Merge branch 'f22' into f21 2015-05-29 16:09:43 +02:00
Tomas Mraz a3963e794f fix CVE-2015-4000 - prevent the logjam attack on client
- restrict the DH key size to at least 768 bits (limit will be increased
  in future)
2015-05-29 16:07:30 +02:00
Tomas Mraz fc6854bd38 try to find alternative cert chains (#1166614) 2015-04-30 15:08:45 +02:00
Tomas Mraz be99ed71a5 Merge branch 'master' into f21 2015-03-19 18:28:00 +01:00
Tomas Mraz ed457feb49 Merge branch 'master' into f21 2015-03-19 17:18:22 +01:00
Tomas Mraz 4fcc430a48 Revert "disable SSLv3 by default again" on released branch.
This reverts commit 80b5477597.

Conflicts:
	openssl.spec
2015-01-09 11:34:43 +01:00
110 changed files with 45038 additions and 44037 deletions

31
.gitignore vendored
View File

@ -1,7 +1,3 @@
.build*.log
clog
000*.patch
*.src.rpm
openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.0b-usa.tar.bz2
/openssl-1.0.0c-usa.tar.bz2
@ -22,30 +18,3 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.1i-hobbled.tar.xz
/openssl-1.0.1j-hobbled.tar.xz
/openssl-1.0.1k-hobbled.tar.xz
/openssl-1.0.2a-hobbled.tar.xz
/openssl-1.0.2c-hobbled.tar.xz
/openssl-1.0.2d-hobbled.tar.xz
/openssl-1.0.2e-hobbled.tar.xz
/openssl-1.0.2f-hobbled.tar.xz
/openssl-1.0.2g-hobbled.tar.xz
/openssl-1.0.2h-hobbled.tar.xz
/openssl-1.0.2i-hobbled.tar.xz
/openssl-1.0.2j-hobbled.tar.xz
/openssl-1.1.0b-hobbled.tar.xz
/openssl-1.1.0c-hobbled.tar.xz
/openssl-1.1.0d-hobbled.tar.xz
/openssl-1.1.0e-hobbled.tar.xz
/openssl-1.1.0f-hobbled.tar.xz
/openssl-1.1.0g-hobbled.tar.xz
/openssl-1.1.0h-hobbled.tar.xz
/openssl-1.1.1-pre8-hobbled.tar.xz
/openssl-1.1.1-pre9-hobbled.tar.xz
/openssl-1.1.1-hobbled.tar.xz
/openssl-1.1.1a-hobbled.tar.xz
/openssl-1.1.1b-hobbled.tar.xz
/openssl-1.1.1c-hobbled.tar.xz
/openssl-1.1.1d-hobbled.tar.xz
/openssl-1.1.1e-hobbled.tar.xz
/openssl-1.1.1f-hobbled.tar.xz
/openssl-1.1.1g-hobbled.tar.xz
/openssl-1.1.1h-hobbled.tar.xz

View File

@ -1,11 +1,8 @@
UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
SERIAL=0
DAYS=365
KEYLEN=2048
TYPE=rsa:$(KEYLEN)
EXTRA_FLAGS=
ifdef SERIAL
EXTRA_FLAGS+=-set_serial $(SERIAL)
endif
.PHONY: usage
.SUFFIXES: .key .csr .crt .pem
@ -26,9 +23,8 @@ usage:
@echo "To create a CSR for use with Apache, run \"make certreq\"."
@echo "To create a test certificate for use with Apache, run \"make testcert\"."
@echo
@echo "To create a test certificate with serial number other than random, add SERIAL=num"
@echo "To create a test certificate with serial number other than zero, add SERIAL=num"
@echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n"
@echo "Any additional options can be passed to openssl req via EXTRA_FLAGS"
@echo
@echo Examples:
@echo " make server.key"
@ -39,14 +35,14 @@ usage:
@echo " make certreq"
@echo " make testcert"
@echo " make server.crt SERIAL=1"
@echo " make stunnel.pem EXTRA_FLAGS=-sha384"
@echo " make testcert DAYS=600"
@echo " make stunnel.pem SERIAL=2"
@echo " make testcert SERIAL=3"
%.pem:
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \
/usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 -set_serial $(SERIAL) ; \
cat $$PEM1 > $@ ; \
echo "" >> $@ ; \
cat $$PEM2 >> $@ ; \
@ -62,7 +58,7 @@ usage:
%.crt: %.key
umask 77 ; \
/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS)
/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ -set_serial $(SERIAL)
TLSROOT=/etc/pki/tls
KEY=$(TLSROOT)/private/localhost.key
@ -79,4 +75,4 @@ $(CSR): $(KEY)
$(CRT): $(KEY)
umask 77 ; \
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS)
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) -set_serial $(SERIAL)

View File

@ -6,17 +6,17 @@ Red Hat Enterprise Linux - OPENSSL Module.
The module files
================
/usr/lib[64]/libcrypto.so.1.1.0
/usr/lib[64]/libssl.so.1.1.0
/usr/lib[64]/.libcrypto.so.1.1.0.hmac
/usr/lib[64]/.libssl.so.1.1.0.hmac
/usr/lib[64]/libcrypto.so.1.0.1e
/usr/lib[64]/libssl.so.1.0.1e
/usr/lib[64]/.libcrypto.so.1.0.1e.hmac
/usr/lib[64]/.libssl.so.1.0.1e.hmac
Dependencies
============
The approved mode of operation requires kernel with /dev/urandom RNG running
with properties as defined in the security policy of the module. This is
provided by kernel packages with validated Red Hat Enterprise Linux Kernel
provided by kernel packages with validated Red Hat Enterprise Linux - IPSec
Crytographic Module.
Installation
@ -26,8 +26,11 @@ The RPM package of the module can be installed by standard tools recommended
for installation of RPM packages on the Red Hat Enterprise Linux system (yum,
rpm, RHN remote management tool).
The RPM package dracut-fips must be installed for the approved mode of
operation.
For proper operation of the in-module integrity verification the prelink has to
be disabled. This can be done with setting PRELINKING=no in the
/etc/sysconfig/prelink configuration file. If the libraries were already
prelinked the prelink should be undone on all the system files with the
'prelink -u -a' command.
Usage and API
=============

View File

@ -1,582 +1,396 @@
/* crypto/ec/ec_curve.c */
/*
* Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Written by Nils Larsch for the OpenSSL project.
*/
/* ====================================================================
* Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
* license provided above.
*
* The elliptic curve binary polynomial software is originally written by
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include "ec_local.h"
#include "ec_lcl.h"
#include <openssl/err.h>
#include <openssl/obj_mac.h>
#include <openssl/opensslconf.h>
#include "internal/nelem.h"
typedef struct {
int field_type, /* either NID_X9_62_prime_field or
* NID_X9_62_characteristic_two_field */
seed_len, param_len;
unsigned int cofactor; /* promoted to BN_ULONG */
int field_type, /* either NID_X9_62_prime_field or
* NID_X9_62_characteristic_two_field */
seed_len,
param_len;
unsigned int cofactor; /* promoted to BN_ULONG */
} EC_CURVE_DATA;
/* the nist prime curves */
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 28 * 6];
} _EC_NIST_PRIME_224 = {
{
NID_X9_62_prime_field, 20, 28, 1
},
{
/* seed */
0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F,
0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5,
/* p */
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x01,
/* a */
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFE,
/* b */
0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
0x23, 0x55, 0xFF, 0xB4,
/* x */
0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
0x11, 0x5C, 0x1D, 0x21,
/* y */
0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
0x85, 0x00, 0x7e, 0x34,
/* order */
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
0x5C, 0x5C, 0x2A, 0x3D
}
};
static const struct { EC_CURVE_DATA h; unsigned char data[20+48*6]; }
_EC_NIST_PRIME_384 = {
{ NID_X9_62_prime_field,20,48,1 },
{ 0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00, /* seed */
0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73,
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 48 * 6];
} _EC_NIST_PRIME_384 = {
{
NID_X9_62_prime_field, 20, 48, 1
},
{
/* seed */
0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A,
0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73,
/* p */
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
/* a */
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC,
/* b */
0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B,
0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12,
0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D,
0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF,
/* x */
0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E,
0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98,
0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D,
0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7,
/* y */
0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf,
0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce,
0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
/* order */
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2,
0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73
}
};
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFC,
0xB3,0x31,0x2F,0xA7,0xE2,0x3E,0xE7,0xE4,0x98,0x8E, /* b */
0x05,0x6B,0xE3,0xF8,0x2D,0x19,0x18,0x1D,0x9C,0x6E,
0xFE,0x81,0x41,0x12,0x03,0x14,0x08,0x8F,0x50,0x13,
0x87,0x5A,0xC6,0x56,0x39,0x8D,0x8A,0x2E,0xD1,0x9D,
0x2A,0x85,0xC8,0xED,0xD3,0xEC,0x2A,0xEF,
0xAA,0x87,0xCA,0x22,0xBE,0x8B,0x05,0x37,0x8E,0xB1, /* x */
0xC7,0x1E,0xF3,0x20,0xAD,0x74,0x6E,0x1D,0x3B,0x62,
0x8B,0xA7,0x9B,0x98,0x59,0xF7,0x41,0xE0,0x82,0x54,
0x2A,0x38,0x55,0x02,0xF2,0x5D,0xBF,0x55,0x29,0x6C,
0x3A,0x54,0x5E,0x38,0x72,0x76,0x0A,0xB7,
0x36,0x17,0xde,0x4a,0x96,0x26,0x2c,0x6f,0x5d,0x9e, /* y */
0x98,0xbf,0x92,0x92,0xdc,0x29,0xf8,0xf4,0x1d,0xbd,
0x28,0x9a,0x14,0x7c,0xe9,0xda,0x31,0x13,0xb5,0xf0,
0xb8,0xc0,0x0a,0x60,0xb1,0xce,0x1d,0x7e,0x81,0x9d,
0x7a,0x43,0x1d,0x7c,0x90,0xea,0x0e,0x5f,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xC7,0x63,0x4D,0x81,0xF4,0x37,
0x2D,0xDF,0x58,0x1A,0x0D,0xB2,0x48,0xB0,0xA7,0x7A,
0xEC,0xEC,0x19,0x6A,0xCC,0xC5,0x29,0x73 }
};
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 66 * 6];
} _EC_NIST_PRIME_521 = {
{
NID_X9_62_prime_field, 20, 66, 1
},
{
/* seed */
0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17,
0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA,
/* p */
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
/* a */
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
/* b */
0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A,
0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3,
0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19,
0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1,
0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45,
0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00,
/* x */
0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E,
0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F,
0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B,
0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF,
0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E,
0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66,
/* y */
0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a,
0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee,
0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
/* order */
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86,
0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F,
0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09
}
};
static const struct { EC_CURVE_DATA h; unsigned char data[20+66*6]; }
_EC_NIST_PRIME_521 = {
{ NID_X9_62_prime_field,20,66,1 },
{ 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC, /* seed */
0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA,
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 32 * 6];
} _EC_X9_62_PRIME_256V1 = {
{
NID_X9_62_prime_field, 20, 32, 1
},
{
/* seed */
0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1,
0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90,
/* p */
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
/* a */
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
/* b */
0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55,
0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6,
0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B,
/* x */
0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5,
0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0,
0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96,
/* y */
0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a,
0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
/* order */
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
}
};
0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,
0x00,0x51,0x95,0x3E,0xB9,0x61,0x8E,0x1C,0x9A,0x1F, /* b */
0x92,0x9A,0x21,0xA0,0xB6,0x85,0x40,0xEE,0xA2,0xDA,
0x72,0x5B,0x99,0xB3,0x15,0xF3,0xB8,0xB4,0x89,0x91,
0x8E,0xF1,0x09,0xE1,0x56,0x19,0x39,0x51,0xEC,0x7E,
0x93,0x7B,0x16,0x52,0xC0,0xBD,0x3B,0xB1,0xBF,0x07,
0x35,0x73,0xDF,0x88,0x3D,0x2C,0x34,0xF1,0xEF,0x45,
0x1F,0xD4,0x6B,0x50,0x3F,0x00,
0x00,0xC6,0x85,0x8E,0x06,0xB7,0x04,0x04,0xE9,0xCD, /* x */
0x9E,0x3E,0xCB,0x66,0x23,0x95,0xB4,0x42,0x9C,0x64,
0x81,0x39,0x05,0x3F,0xB5,0x21,0xF8,0x28,0xAF,0x60,
0x6B,0x4D,0x3D,0xBA,0xA1,0x4B,0x5E,0x77,0xEF,0xE7,
0x59,0x28,0xFE,0x1D,0xC1,0x27,0xA2,0xFF,0xA8,0xDE,
0x33,0x48,0xB3,0xC1,0x85,0x6A,0x42,0x9B,0xF9,0x7E,
0x7E,0x31,0xC2,0xE5,0xBD,0x66,
0x01,0x18,0x39,0x29,0x6a,0x78,0x9a,0x3b,0xc0,0x04, /* y */
0x5c,0x8a,0x5f,0xb4,0x2c,0x7d,0x1b,0xd9,0x98,0xf5,
0x44,0x49,0x57,0x9b,0x44,0x68,0x17,0xaf,0xbd,0x17,
0x27,0x3e,0x66,0x2c,0x97,0xee,0x72,0x99,0x5e,0xf4,
0x26,0x40,0xc5,0x50,0xb9,0x01,0x3f,0xad,0x07,0x61,
0x35,0x3c,0x70,0x86,0xa2,0x72,0xc2,0x40,0x88,0xbe,
0x94,0x76,0x9f,0xd1,0x66,0x50,
0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFA,0x51,0x86,0x87,0x83,0xBF,0x2F,
0x96,0x6B,0x7F,0xCC,0x01,0x48,0xF7,0x09,0xA5,0xD0,
0x3B,0xB5,0xC9,0xB8,0x89,0x9C,0x47,0xAE,0xBB,0x6F,
0xB7,0x1E,0x91,0x38,0x64,0x09 }
};
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 32 * 6];
} _EC_SECG_PRIME_256K1 = {
{
NID_X9_62_prime_field, 0, 32, 1
},
{
/* no seed */
/* p */
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
/* a */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* b */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
/* x */
0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95,
0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9,
0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98,
/* y */
0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc,
0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19,
0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8,
/* order */
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
}
};
static const struct { EC_CURVE_DATA h; unsigned char data[20+32*6]; }
_EC_X9_62_PRIME_256V1 = {
{ NID_X9_62_prime_field,20,32,1 },
{ 0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66, /* seed */
0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90,
0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00, /* p */
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00, /* a */
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFC,
0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,0xB3,0xEB, /* b */
0xBD,0x55,0x76,0x98,0x86,0xBC,0x65,0x1D,0x06,0xB0,
0xCC,0x53,0xB0,0xF6,0x3B,0xCE,0x3C,0x3E,0x27,0xD2,
0x60,0x4B,
0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,0xF8,0xBC, /* x */
0xE6,0xE5,0x63,0xA4,0x40,0xF2,0x77,0x03,0x7D,0x81,
0x2D,0xEB,0x33,0xA0,0xF4,0xA1,0x39,0x45,0xD8,0x98,
0xC2,0x96,
0x4f,0xe3,0x42,0xe2,0xfe,0x1a,0x7f,0x9b,0x8e,0xe7, /* y */
0xeb,0x4a,0x7c,0x0f,0x9e,0x16,0x2b,0xce,0x33,0x57,
0x6b,0x31,0x5e,0xce,0xcb,0xb6,0x40,0x68,0x37,0xbf,
0x51,0xf5,
0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0xFF,0xFF, /* order */
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xBC,0xE6,0xFA,0xAD,
0xA7,0x17,0x9E,0x84,0xF3,0xB9,0xCA,0xC2,0xFC,0x63,
0x25,0x51 }
};
typedef struct _ec_list_element_st {
int nid;
const EC_CURVE_DATA *data;
const EC_METHOD *(*meth) (void);
const char *comment;
} ec_list_element;
int nid;
const EC_CURVE_DATA *data;
const EC_METHOD *(*meth)(void);
const char *comment;
} ec_list_element;
static const ec_list_element curve_list[] = {
/* prime field curves */
/* secg curves */
/* prime field curves */
/* secg curves */
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
{ NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, "NIST/SECG curve over a 384 bit prime field" },
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
{NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
"NIST/SECG curve over a 224 bit prime field"},
{ NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method, "NIST/SECG curve over a 521 bit prime field" },
#else
{NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
"NIST/SECG curve over a 224 bit prime field"},
{ NID_secp521r1, &_EC_NIST_PRIME_521.h, 0, "NIST/SECG curve over a 521 bit prime field" },
#endif
{NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
"SECG curve over a 256 bit prime field"},
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
{NID_secp384r1, &_EC_NIST_PRIME_384.h, 0,
"NIST/SECG curve over a 384 bit prime field"},
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
{NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method,
"NIST/SECG curve over a 521 bit prime field"},
{ NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, EC_GFp_nistp256_method, "X9.62/SECG curve over a 256 bit prime field" },
#else
{NID_secp521r1, &_EC_NIST_PRIME_521.h, 0,
"NIST/SECG curve over a 521 bit prime field"},
{ NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, 0, "X9.62/SECG curve over a 256 bit prime field" },
#endif
/* X9.62 curves */
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
#if defined(ECP_NISTZ256_ASM)
EC_GFp_nistz256_method,
#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp256_method,
#else
0,
#endif
"X9.62/SECG curve over a 256 bit prime field"},
};
#define curve_list_length OSSL_NELEM(curve_list)
#define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element))
static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
{
EC_GROUP *group = NULL;
EC_POINT *P = NULL;
BN_CTX *ctx = NULL;
BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order =
NULL;
int ok = 0;
int seed_len, param_len;
const EC_METHOD *meth;
const EC_CURVE_DATA *data;
const unsigned char *params;
{
EC_GROUP *group=NULL;
EC_POINT *P=NULL;
BN_CTX *ctx=NULL;
BIGNUM *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL;
int ok=0;
int seed_len,param_len;
const EC_METHOD *meth;
const EC_CURVE_DATA *data;
const unsigned char *params;
/* If no curve data curve method must handle everything */
if (curve.data == NULL)
return EC_GROUP_new(curve.meth != NULL ? curve.meth() : NULL);
if ((ctx = BN_CTX_new()) == NULL)
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
goto err;
}
if ((ctx = BN_CTX_new()) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
goto err;
}
data = curve.data;
seed_len = data->seed_len;
param_len = data->param_len;
params = (const unsigned char *)(data+1); /* skip header */
params += seed_len; /* skip seed */
data = curve.data;
seed_len = data->seed_len;
param_len = data->param_len;
params = (const unsigned char *)(data + 1); /* skip header */
params += seed_len; /* skip seed */
if (!(p = BN_bin2bn(params+0*param_len, param_len, NULL))
|| !(a = BN_bin2bn(params+1*param_len, param_len, NULL))
|| !(b = BN_bin2bn(params+2*param_len, param_len, NULL)))
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
goto err;
}
if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL
|| (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL
|| (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
goto err;
}
if (curve.meth != 0) {
meth = curve.meth();
if (((group = EC_GROUP_new(meth)) == NULL) ||
(!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
} else if (data->field_type == NID_X9_62_prime_field) {
if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
}
if (curve.meth != 0)
{
meth = curve.meth();
if (((group = EC_GROUP_new(meth)) == NULL) ||
(!(group->meth->group_set_curve(group, p, a, b, ctx))))
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
}
else if (data->field_type == NID_X9_62_prime_field)
{
if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL)
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
}
#ifndef OPENSSL_NO_EC2M
else { /* field_type ==
* NID_X9_62_characteristic_two_field */
if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
}
else /* field_type == NID_X9_62_characteristic_two_field */
{
if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL)
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
}
#endif
EC_GROUP_set_curve_name(group, curve.nid);
if ((P = EC_POINT_new(group)) == NULL)
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
if ((P = EC_POINT_new(group)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL
|| (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
goto err;
}
if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL
|| !BN_set_word(x, (BN_ULONG)data->cofactor)) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
goto err;
}
if (!EC_GROUP_set_generator(group, P, order, x)) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
if (seed_len) {
if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
}
ok = 1;
err:
if (!ok) {
EC_GROUP_free(group);
group = NULL;
}
EC_POINT_free(P);
BN_CTX_free(ctx);
BN_free(p);
BN_free(a);
BN_free(b);
BN_free(order);
BN_free(x);
BN_free(y);
return group;
}
if (!(x = BN_bin2bn(params+3*param_len, param_len, NULL))
|| !(y = BN_bin2bn(params+4*param_len, param_len, NULL)))
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
goto err;
}
if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
if (!(order = BN_bin2bn(params+5*param_len, param_len, NULL))
|| !BN_set_word(x, (BN_ULONG)data->cofactor))
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
goto err;
}
if (!EC_GROUP_set_generator(group, P, order, x))
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
if (seed_len)
{
if (!EC_GROUP_set_seed(group, params-seed_len, seed_len))
{
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
goto err;
}
}
ok=1;
err:
if (!ok)
{
EC_GROUP_free(group);
group = NULL;
}
if (P)
EC_POINT_free(P);
if (ctx)
BN_CTX_free(ctx);
if (p)
BN_free(p);
if (a)
BN_free(a);
if (b)
BN_free(b);
if (order)
BN_free(order);
if (x)
BN_free(x);
if (y)
BN_free(y);
return group;
}
EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
{
size_t i;
EC_GROUP *ret = NULL;
{
size_t i;
EC_GROUP *ret = NULL;
if (nid <= 0)
return NULL;
if (nid <= 0)
return NULL;
for (i = 0; i < curve_list_length; i++)
if (curve_list[i].nid == nid) {
ret = ec_group_new_from_data(curve_list[i]);
break;
}
for (i=0; i<curve_list_length; i++)
if (curve_list[i].nid == nid)
{
ret = ec_group_new_from_data(curve_list[i]);
break;
}
if (ret == NULL) {
ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
return NULL;
}
if (ret == NULL)
{
ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
return NULL;
}
return ret;
}
EC_GROUP_set_curve_name(ret, nid);
return ret;
}
size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
{
size_t i, min;
{
size_t i, min;
if (r == NULL || nitems == 0)
return curve_list_length;
if (r == NULL || nitems == 0)
return curve_list_length;
min = nitems < curve_list_length ? nitems : curve_list_length;
min = nitems < curve_list_length ? nitems : curve_list_length;
for (i = 0; i < min; i++) {
r[i].nid = curve_list[i].nid;
r[i].comment = curve_list[i].comment;
}
for (i = 0; i < min; i++)
{
r[i].nid = curve_list[i].nid;
r[i].comment = curve_list[i].comment;
}
return curve_list_length;
}
/* Functions to translate between common NIST curve names and NIDs */
typedef struct {
const char *name; /* NIST Name of curve */
int nid; /* Curve NID */
} EC_NIST_NAME;
static EC_NIST_NAME nist_curves[] = {
{"B-163", NID_sect163r2},
{"B-233", NID_sect233r1},
{"B-283", NID_sect283r1},
{"B-409", NID_sect409r1},
{"B-571", NID_sect571r1},
{"K-163", NID_sect163k1},
{"K-233", NID_sect233k1},
{"K-283", NID_sect283k1},
{"K-409", NID_sect409k1},
{"K-571", NID_sect571k1},
{"P-192", NID_X9_62_prime192v1},
{"P-224", NID_secp224r1},
{"P-256", NID_X9_62_prime256v1},
{"P-384", NID_secp384r1},
{"P-521", NID_secp521r1}
};
const char *EC_curve_nid2nist(int nid)
{
size_t i;
for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
if (nist_curves[i].nid == nid)
return nist_curves[i].name;
}
return NULL;
}
int EC_curve_nist2nid(const char *name)
{
size_t i;
for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
if (strcmp(nist_curves[i].name, name) == 0)
return nist_curves[i].nid;
}
return NID_undef;
}
#define NUM_BN_FIELDS 6
/*
* Validates EC domain parameter data for known named curves.
* This can be used when a curve is loaded explicitly (without a curve
* name) or to validate that domain parameters have not been modified.
*
* Returns: The nid associated with the found named curve, or NID_undef
* if not found. If there was an error it returns -1.
*/
int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
{
int ret = -1, nid, len, field_type, param_len;
size_t i, seed_len;
const unsigned char *seed, *params_seed, *params;
unsigned char *param_bytes = NULL;
const EC_CURVE_DATA *data;
const EC_POINT *generator = NULL;
const EC_METHOD *meth;
const BIGNUM *cofactor = NULL;
/* An array of BIGNUMs for (p, a, b, x, y, order) */
BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL};
meth = EC_GROUP_method_of(group);
if (meth == NULL)
return -1;
/* Use the optional named curve nid as a search field */
nid = EC_GROUP_get_curve_name(group);
field_type = EC_METHOD_get_field_type(meth);
seed_len = EC_GROUP_get_seed_len(group);
seed = EC_GROUP_get0_seed(group);
cofactor = EC_GROUP_get0_cofactor(group);
BN_CTX_start(ctx);
/*
* The built-in curves contains data fields (p, a, b, x, y, order) that are
* all zero-padded to be the same size. The size of the padding is
* determined by either the number of bytes in the field modulus (p) or the
* EC group order, whichever is larger.
*/
param_len = BN_num_bytes(group->order);
len = BN_num_bytes(group->field);
if (len > param_len)
param_len = len;
/* Allocate space to store the padded data for (p, a, b, x, y, order) */
param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS);
if (param_bytes == NULL)
goto end;
/* Create the bignums */
for (i = 0; i < NUM_BN_FIELDS; ++i) {
if ((bn[i] = BN_CTX_get(ctx)) == NULL)
goto end;
}
/*
* Fill in the bn array with the same values as the internal curves
* i.e. the values are p, a, b, x, y, order.
*/
/* Get p, a & b */
if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx)
&& ((generator = EC_GROUP_get0_generator(group)) != NULL)
/* Get x & y */
&& EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx)
/* Get order */
&& EC_GROUP_get_order(group, bn[5], ctx)))
goto end;
/*
* Convert the bignum array to bytes that are joined together to form
* a single buffer that contains data for all fields.
* (p, a, b, x, y, order) are all zero padded to be the same size.
*/
for (i = 0; i < NUM_BN_FIELDS; ++i) {
if (BN_bn2binpad(bn[i], &param_bytes[i*param_len], param_len) <= 0)
goto end;
}
for (i = 0; i < curve_list_length; i++) {
const ec_list_element curve = curve_list[i];
data = curve.data;
/* Get the raw order byte data */
params_seed = (const unsigned char *)(data + 1); /* skip header */
params = params_seed + data->seed_len;
/* Look for unique fields in the fixed curve data */
if (data->field_type == field_type
&& param_len == data->param_len
&& (nid <= 0 || nid == curve.nid)
/* check the optional cofactor (ignore if its zero) */
&& (BN_is_zero(cofactor)
|| BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor))
/* Check the optional seed (ignore if its not set) */
&& (data->seed_len == 0 || seed_len == 0
|| ((size_t)data->seed_len == seed_len
&& memcmp(params_seed, seed, seed_len) == 0))
/* Check that the groups params match the built-in curve params */
&& memcmp(param_bytes, params, param_len * NUM_BN_FIELDS)
== 0) {
ret = curve.nid;
goto end;
}
}
/* Gets here if the group was not found */
ret = NID_undef;
end:
OPENSSL_free(param_bytes);
BN_CTX_end(ctx);
return ret;
}
return curve_list_length;
}

2270
ectest.c

File diff suppressed because it is too large Load Diff

View File

@ -6,35 +6,48 @@ set -e
# Clean out patent-or-otherwise-encumbered code.
# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore
# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore
# RC5: 5,724,428 01/11/2015
# EC: ????????? ??/??/2020
# SRP: ????????? ??/??/2017 - expired, we do not remove it anymore
# SRP: ????????? ??/??/20??
# Remove assembler portions of IDEA, MDC2, and RC5.
# (find crypto/rc5/asm -type f | xargs -r rm -fv)
(find crypto/rc5/asm -type f | xargs -r rm -fv)
# RC5, SRP.
for a in rc5 srp; do
for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
echo Destroying $c
> $c
done
done
for c in `find crypto/evp -name "*_rc5.c"`; do
echo Destroying $c
> $c
done
for c in `find crypto/bn -name "*gf2m.c"`; do
echo Destroying $c
> $c
done
for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c"`; do
echo Destroying $c
> $c
done
for c in `find test -name "ectest.c"`; do
for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c" -o -name "ecp_nistp?2?.c" -o -name "ectest.c"`; do
echo Destroying $c
> $c
done
for h in `find crypto ssl apps test -name "*.h"` ; do
echo Removing EC2M references from $h
echo Removing RC5, SRP and EC2M references from $h
cat $h | \
awk 'BEGIN {ech=1;} \
/^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \
/^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \
/^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
/^#[ \t]*if/ {if(ech < 1) ech--;} \
{if(ech>0) {;print $0};} \
/^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
mv $h.hobbled $h
done
# Make the makefiles happy.
touch crypto/rc5/asm/rc5-586.pl

29
openssl-0.9.6-x509.patch Normal file
View File

@ -0,0 +1,29 @@
Do not treat duplicate certs as an error.
--- openssl-0.9.6/crypto/x509/by_file.c Wed Sep 27 15:09:05 2000
+++ openssl-0.9.6/crypto/x509/by_file.c Wed Sep 27 14:21:20 2000
@@ -163,8 +163,12 @@
}
}
i=X509_STORE_add_cert(ctx->store_ctx,x);
- if (!i) goto err;
- count++;
+ /* ignore any problems with current certificate
+ and continue with the next one */
+ if (i)
+ count++;
+ else
+ ERR_clear_error();
X509_free(x);
x=NULL;
}
@@ -179,7 +183,8 @@
goto err;
}
i=X509_STORE_add_cert(ctx->store_ctx,x);
- if (!i) goto err;
+ if (!i)
+ ERR_clear_error();
ret=i;
}
else

View File

@ -0,0 +1,11 @@
--- openssl-0.9.8a/Makefile.shared.no-rpath 2005-06-23 22:47:54.000000000 +0200
+++ openssl-0.9.8a/Makefile.shared 2005-11-16 22:35:37.000000000 +0100
@@ -153,7 +153,7 @@
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
#This is rather special. It's a special target with which one can link
#applications without bothering with any features that have anything to

View File

@ -0,0 +1,24 @@
diff -up openssl-0.9.8b/ssl/ssltest.c.use-localhost openssl-0.9.8b/ssl/ssltest.c
--- openssl-0.9.8b/ssl/ssltest.c.use-localhost 2006-02-24 18:58:35.000000000 +0100
+++ openssl-0.9.8b/ssl/ssltest.c 2007-08-03 14:06:16.000000000 +0200
@@ -839,19 +839,8 @@ bad:
#ifndef OPENSSL_NO_KRB5
if (c_ssl && c_ssl->kssl_ctx)
{
- char localhost[MAXHOSTNAMELEN+2];
-
- if (gethostname(localhost, sizeof localhost-1) == 0)
- {
- localhost[sizeof localhost-1]='\0';
- if(strlen(localhost) == sizeof localhost-1)
- {
- BIO_printf(bio_err,"localhost name too long\n");
- goto end;
- }
kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
- localhost);
- }
+ "localhost");
}
#endif /* OPENSSL_NO_KRB5 */

View File

@ -0,0 +1,48 @@
diff -up openssl-0.9.8j/apps/version.c.version-add-engines openssl-0.9.8j/apps/version.c
--- openssl-0.9.8j/apps/version.c.version-add-engines 2008-10-20 14:53:33.000000000 +0200
+++ openssl-0.9.8j/apps/version.c 2009-01-13 23:22:03.000000000 +0100
@@ -131,6 +131,7 @@
#ifndef OPENSSL_NO_BF
# include <openssl/blowfish.h>
#endif
+#include <openssl/engine.h>
#undef PROG
#define PROG version_main
@@ -140,7 +141,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int i,ret=0;
- int cflags=0,version=0,date=0,options=0,platform=0,dir=0;
+ int cflags=0,version=0,date=0,options=0,platform=0,dir=0,engines=0;
apps_startup();
@@ -164,7 +165,7 @@ int MAIN(int argc, char **argv)
else if (strcmp(argv[i],"-d") == 0)
dir=1;
else if (strcmp(argv[i],"-a") == 0)
- date=version=cflags=options=platform=dir=1;
+ date=version=cflags=options=platform=dir=engines=1;
else
{
BIO_printf(bio_err,"usage:version -[avbofpd]\n");
@@ -211,6 +212,18 @@ int MAIN(int argc, char **argv)
}
if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
if (dir) printf("%s\n",SSLeay_version(SSLEAY_DIR));
+ if (engines)
+ {
+ ENGINE *e;
+ printf("engines: ");
+ e = ENGINE_get_first();
+ while (e)
+ {
+ printf("%s ", ENGINE_get_id(e));
+ e = ENGINE_get_next(e);
+ }
+ printf("\n");
+ }
end:
apps_shutdown();
OPENSSL_EXIT(ret);

View File

@ -0,0 +1,36 @@
diff -up openssl-1.0.0-beta4/apps/CA.pl.in.ca-dir openssl-1.0.0-beta4/apps/CA.pl.in
--- openssl-1.0.0-beta4/apps/CA.pl.in.ca-dir 2006-04-28 02:30:49.000000000 +0200
+++ openssl-1.0.0-beta4/apps/CA.pl.in 2009-11-12 12:33:13.000000000 +0100
@@ -53,7 +53,7 @@ $VERIFY="$openssl verify";
$X509="$openssl x509";
$PKCS12="$openssl pkcs12";
-$CATOP="./demoCA";
+$CATOP="/etc/pki/CA";
$CAKEY="cakey.pem";
$CAREQ="careq.pem";
$CACERT="cacert.pem";
diff -up openssl-1.0.0-beta4/apps/CA.sh.ca-dir openssl-1.0.0-beta4/apps/CA.sh
--- openssl-1.0.0-beta4/apps/CA.sh.ca-dir 2009-10-15 19:27:47.000000000 +0200
+++ openssl-1.0.0-beta4/apps/CA.sh 2009-11-12 12:35:14.000000000 +0100
@@ -68,7 +68,7 @@ VERIFY="$OPENSSL verify"
X509="$OPENSSL x509"
PKCS12="openssl pkcs12"
-if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
+if [ -z "$CATOP" ] ; then CATOP=/etc/pki/CA ; fi
CAKEY=./cakey.pem
CAREQ=./careq.pem
CACERT=./cacert.pem
diff -up openssl-1.0.0-beta4/apps/openssl.cnf.ca-dir openssl-1.0.0-beta4/apps/openssl.cnf
--- openssl-1.0.0-beta4/apps/openssl.cnf.ca-dir 2009-11-12 12:33:13.000000000 +0100
+++ openssl-1.0.0-beta4/apps/openssl.cnf 2009-11-12 12:33:13.000000000 +0100
@@ -39,7 +39,7 @@ default_ca = CA_default # The default c
####################################################################
[ CA_default ]
-dir = ./demoCA # Where everything is kept
+dir = /etc/pki/CA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.

View File

@ -0,0 +1,52 @@
diff -up openssl-1.0.0-beta5/Configure.enginesdir openssl-1.0.0-beta5/Configure
--- openssl-1.0.0-beta5/Configure.enginesdir 2010-01-20 18:07:05.000000000 +0100
+++ openssl-1.0.0-beta5/Configure 2010-01-20 18:10:48.000000000 +0100
@@ -622,6 +622,7 @@ my $idx_multilib = $idx++;
my $prefix="";
my $libdir="";
my $openssldir="";
+my $enginesdir="";
my $exe_ext="";
my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
my $cross_compile_prefix="";
@@ -833,6 +834,10 @@ PROCESS_ARGS:
{
$openssldir=$1;
}
+ elsif (/^--enginesdir=(.*)$/)
+ {
+ $enginesdir=$1;
+ }
elsif (/^--install.prefix=(.*)$/)
{
$install_prefix=$1;
@@ -1053,7 +1058,7 @@ chop $prefix if $prefix =~ /.\/$/;
$openssldir=$prefix . "/ssl" if $openssldir eq "";
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
-
+$enginesdir="$prefix/lib/engines" if $enginesdir eq "";
print "IsMK1MF=$IsMK1MF\n";
@@ -1673,7 +1678,7 @@ while (<IN>)
}
elsif (/^#define\s+ENGINESDIR/)
{
- my $foo = "$prefix/$libdir/engines";
+ my $foo = "$enginesdir";
$foo =~ s/\\/\\\\/g;
print OUT "#define ENGINESDIR \"$foo\"\n";
}
diff -up openssl-1.0.0-beta5/engines/Makefile.enginesdir openssl-1.0.0-beta5/engines/Makefile
--- openssl-1.0.0-beta5/engines/Makefile.enginesdir 2010-01-16 21:06:09.000000000 +0100
+++ openssl-1.0.0-beta5/engines/Makefile 2010-01-20 18:07:05.000000000 +0100
@@ -124,7 +124,7 @@ install:
sfx=".so"; \
cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
done; \
fi

View File

@ -0,0 +1,39 @@
diff -up openssl-1.0.0-beta5/README.warning openssl-1.0.0-beta5/README
--- openssl-1.0.0-beta5/README.warning 2010-01-20 16:00:47.000000000 +0100
+++ openssl-1.0.0-beta5/README 2010-01-21 09:06:11.000000000 +0100
@@ -5,6 +5,35 @@
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
+ WARNING
+ -------
+
+ This version of OpenSSL is built in a way that supports operation in
+ the so called FIPS mode. Note though that the library as we build it
+ is not FIPS validated and the FIPS mode is present for testing purposes
+ only.
+
+ This version also contains a few differences from the upstream code
+ some of which are:
+ * There are added changes forward ported from the upstream OpenSSL
+ 0.9.8 FIPS branch however the FIPS integrity verification check
+ is implemented differently from the upstream FIPS validated OpenSSL
+ module. It verifies HMAC-SHA256 checksum of the whole shared
+ libraries. For this reason the changes are ported to files in the
+ crypto directory and not in a separate fips subdirectory. Also
+ note that the FIPS integrity verification check requires unmodified
+ libcrypto and libssl shared library files which means that it will
+ fail if these files are modified for example by prelink.
+ * The module respects the kernel FIPS flag /proc/sys/crypto/fips and
+ tries to initialize the FIPS mode if it is set to 1 aborting if the
+ FIPS mode could not be initialized. It is also possible to force the
+ OpenSSL library to FIPS mode especially for debugging purposes by
+ setting the environment variable OPENSSL_FORCE_FIPS_MODE.
+ * If the environment variable OPENSSL_NO_DEFAULT_ZLIB is set the module
+ will not automatically load the built in compression method ZLIB
+ when initialized. Applications can still explicitely ask for ZLIB
+ compression method.
+
DESCRIPTION
-----------

View File

@ -0,0 +1,21 @@
diff -up openssl-1.0.0/Makefile.org.timezone openssl-1.0.0/Makefile.org
--- openssl-1.0.0/Makefile.org.timezone 2010-03-30 11:08:40.000000000 +0200
+++ openssl-1.0.0/Makefile.org 2010-04-06 12:49:21.000000000 +0200
@@ -609,7 +609,7 @@ install_docs:
sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$$pod2man \
+ sh -c "TZ=UTC $$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
@@ -626,7 +626,7 @@ install_docs:
sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$$pod2man \
+ sh -c "TZ=UTC $$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \

View File

@ -0,0 +1,36 @@
diff -up openssl-1.0.0c/apps/genrsa.c.x931 openssl-1.0.0c/apps/genrsa.c
--- openssl-1.0.0c/apps/genrsa.c.x931 2010-03-01 15:22:02.000000000 +0100
+++ openssl-1.0.0c/apps/genrsa.c 2011-02-01 18:32:05.000000000 +0100
@@ -95,6 +95,7 @@ int MAIN(int argc, char **argv)
int ret=1;
int i,num=DEFBITS;
long l;
+ int use_x931 = 0;
const EVP_CIPHER *enc=NULL;
unsigned long f4=RSA_F4;
char *outfile=NULL;
@@ -138,6 +139,8 @@ int MAIN(int argc, char **argv)
f4=3;
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
f4=RSA_F4;
+ else if (strcmp(*argv,"-x931") == 0)
+ use_x931 = 1;
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
@@ -273,7 +276,14 @@ bad:
if (!rsa)
goto err;
- if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
+ if (use_x931)
+ {
+ if (!BN_set_word(bn, f4))
+ goto err;
+ if (!RSA_X931_generate_key_ex(rsa, num, bn, &cb))
+ goto err;
+ }
+ else if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
goto err;
app_RAND_write_file(NULL, bio_err);

View File

@ -0,0 +1,110 @@
diff -up openssl-1.0.0d/apps/ca.c.dgst openssl-1.0.0d/apps/ca.c
--- openssl-1.0.0d/apps/ca.c.dgst 2009-12-02 15:41:24.000000000 +0100
+++ openssl-1.0.0d/apps/ca.c 2011-04-05 21:09:42.000000000 +0200
@@ -157,7 +157,7 @@ static const char *ca_usage[]={
" -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
" -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n",
" -days arg - number of days to certify the certificate for\n",
-" -md arg - md to use, one of md2, md5, sha or sha1\n",
+" -md arg - md to use, see openssl dgst -h for list\n",
" -policy arg - The CA 'policy' to support\n",
" -keyfile arg - private key file\n",
" -keyform arg - private key file format (PEM or ENGINE)\n",
diff -up openssl-1.0.0d/apps/enc.c.dgst openssl-1.0.0d/apps/enc.c
--- openssl-1.0.0d/apps/enc.c.dgst 2010-06-15 19:25:02.000000000 +0200
+++ openssl-1.0.0d/apps/enc.c 2011-04-05 21:11:54.000000000 +0200
@@ -302,7 +302,7 @@ bad:
BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
- BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n","");
+ BIO_printf(bio_err,"%-14s from a passphrase. See openssl dgst -h for list.\n","");
BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S");
BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
diff -up openssl-1.0.0d/apps/req.c.dgst openssl-1.0.0d/apps/req.c
--- openssl-1.0.0d/apps/req.c.dgst 2010-03-10 14:48:21.000000000 +0100
+++ openssl-1.0.0d/apps/req.c 2011-04-05 21:12:33.000000000 +0200
@@ -421,7 +421,7 @@ bad:
#ifndef OPENSSL_NO_ECDSA
BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
#endif
- BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
+ BIO_printf(bio_err," -[digest] Digest to sign with (see openssl dgst -h for list)\n");
BIO_printf(bio_err," -config file request template file.\n");
BIO_printf(bio_err," -subj arg set or modify request subject\n");
BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n");
diff -up openssl-1.0.0d/apps/ts.c.dgst openssl-1.0.0d/apps/ts.c
--- openssl-1.0.0d/apps/ts.c.dgst 2009-10-18 16:42:26.000000000 +0200
+++ openssl-1.0.0d/apps/ts.c 2011-04-05 21:16:07.000000000 +0200
@@ -368,7 +368,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "usage:\n"
"ts -query [-rand file%cfile%c...] [-config configfile] "
"[-data file_to_hash] [-digest digest_bytes]"
- "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] "
+ "[-<hashalg>] "
"[-policy object_id] [-no_nonce] [-cert] "
"[-in request.tsq] [-out request.tsq] [-text]\n",
LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
diff -up openssl-1.0.0d/apps/x509.c.dgst openssl-1.0.0d/apps/x509.c
--- openssl-1.0.0d/apps/x509.c.dgst 2011-04-05 21:13:42.000000000 +0200
+++ openssl-1.0.0d/apps/x509.c 2011-04-05 21:13:17.000000000 +0200
@@ -141,7 +141,7 @@ static const char *x509_usage[]={
" -set_serial - serial number to use\n",
" -text - print the certificate in text form\n",
" -C - print out C code forms\n",
-" -md2/-md5/-sha1/-mdc2 - digest to use\n",
+" -<dgst> - digest to use, see openssl dgst -h output for list\n",
" -extfile - configuration file with X509V3 extensions to add\n",
" -extensions - section from config file with X509V3 extensions to add\n",
" -clrext - delete extensions before signing and input certificate\n",
diff -up openssl-1.0.0d/doc/apps/ca.pod.dgst openssl-1.0.0d/doc/apps/ca.pod
--- openssl-1.0.0d/doc/apps/ca.pod.dgst 2009-04-10 13:25:53.000000000 +0200
+++ openssl-1.0.0d/doc/apps/ca.pod 2011-04-05 21:16:39.000000000 +0200
@@ -160,7 +160,8 @@ the number of days to certify the certif
=item B<-md alg>
the message digest to use. Possible values include md5, sha1 and mdc2.
-This option also applies to CRLs.
+For full list of digests see openssl dgst -h output. This option also
+applies to CRLs.
=item B<-policy arg>
diff -up openssl-1.0.0d/doc/apps/ocsp.pod.dgst openssl-1.0.0d/doc/apps/ocsp.pod
--- openssl-1.0.0d/doc/apps/ocsp.pod.dgst 2008-02-25 19:11:47.000000000 +0100
+++ openssl-1.0.0d/doc/apps/ocsp.pod 2011-04-05 21:18:17.000000000 +0200
@@ -210,7 +210,8 @@ check is not performed.
=item B<-md5|-sha1|-sha256|-ripemod160|...>
this option sets digest algorithm to use for certificate identification
-in the OCSP request. By default SHA-1 is used.
+in the OCSP request. By default SHA-1 is used. See openssl dgst -h output for
+the list of available algorithms.
=back
diff -up openssl-1.0.0d/doc/apps/req.pod.dgst openssl-1.0.0d/doc/apps/req.pod
--- openssl-1.0.0d/doc/apps/req.pod.dgst 2009-04-10 18:42:28.000000000 +0200
+++ openssl-1.0.0d/doc/apps/req.pod 2011-04-05 21:20:47.000000000 +0200
@@ -201,7 +201,8 @@ will not be encrypted.
this specifies the message digest to sign the request with (such as
B<-md5>, B<-sha1>). This overrides the digest algorithm specified in
-the configuration file.
+the configuration file. For full list of possible digests see openssl
+dgst -h output.
Some public key algorithms may override this choice. For instance, DSA
signatures always use SHA1, GOST R 34.10 signatures always use
diff -up openssl-1.0.0d/doc/apps/x509.pod.dgst openssl-1.0.0d/doc/apps/x509.pod
--- openssl-1.0.0d/doc/apps/x509.pod.dgst 2010-01-12 18:27:11.000000000 +0100
+++ openssl-1.0.0d/doc/apps/x509.pod 2011-04-05 21:19:56.000000000 +0200
@@ -101,6 +101,7 @@ the digest to use. This affects any sign
digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
specified then SHA1 is used. If the key being used to sign with is a DSA key
then this option has no effect: SHA1 is always used with DSA keys.
+For full list of digests see openssl dgst -h output.
=item B<-engine id>

View File

@ -0,0 +1,12 @@
diff -ru openssl-1.0.0d.old/apps/s_client.c openssl-1.0.0d/apps/s_client.c
--- openssl-1.0.0d.old/apps/s_client.c 2011-07-17 21:05:19.934181169 +0200
+++ openssl-1.0.0d/apps/s_client.c 2011-07-17 21:11:42.747824990 +0200
@@ -1186,7 +1186,7 @@
"xmlns='jabber:client' to='%s' version='1.0'>", host);
seen = BIO_read(sbio,mbuf,BUFSIZZ);
mbuf[seen] = 0;
- while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
+ while (!strcasestr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") && !strcasestr(mbuf, "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\""))
{
if (strstr(mbuf, "/stream:features>"))
goto shut;

View File

@ -0,0 +1,24 @@
diff -up openssl-1.0.0e/engines/e_chil.c.chil openssl-1.0.0e/engines/e_chil.c
--- openssl-1.0.0e/engines/e_chil.c.chil 2010-06-15 19:25:12.000000000 +0200
+++ openssl-1.0.0e/engines/e_chil.c 2011-09-21 17:32:03.000000000 +0200
@@ -1261,6 +1261,11 @@ static int hwcrhk_insert_card(const char
UI *ui;
void *callback_data = NULL;
UI_METHOD *ui_method = NULL;
+ /* Despite what the documentation says prompt_info can be
+ * an empty string.
+ */
+ if (prompt_info && !*prompt_info)
+ prompt_info = NULL;
if (cactx)
{
@@ -1287,7 +1292,7 @@ static int hwcrhk_insert_card(const char
if (ui)
{
- char answer;
+ char answer = '\0';
char buf[BUFSIZ];
/* Despite what the documentation says wrong_info can be
* an empty string.

View File

@ -0,0 +1,21 @@
diff -up openssl-1.0.1-beta2/crypto/md5/md5_dgst.c.md5-allow openssl-1.0.1-beta2/crypto/md5/md5_dgst.c
--- openssl-1.0.1-beta2/crypto/md5/md5_dgst.c.md5-allow 2012-02-06 20:09:56.000000000 +0100
+++ openssl-1.0.1-beta2/crypto/md5/md5_dgst.c 2012-02-06 20:14:02.332117603 +0100
@@ -71,7 +71,16 @@ const char MD5_version[]="MD5" OPENSSL_V
#define INIT_DATA_C (unsigned long)0x98badcfeL
#define INIT_DATA_D (unsigned long)0x10325476L
-nonfips_md_init(MD5)
+int MD5_Init(MD5_CTX *c)
+#ifdef OPENSSL_FIPS
+ {
+ if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
+ OpenSSLDie(__FILE__, __LINE__, \
+ "Digest MD5 forbidden in FIPS mode!");
+ return private_MD5_Init(c);
+ }
+int private_MD5_Init(MD5_CTX *c)
+#endif
{
memset (c,0,sizeof(*c));
c->A=INIT_DATA_A;

View File

@ -0,0 +1,30 @@
diff -up openssl-1.0.1/Makefile.org.krb5 openssl-1.0.1/Makefile.org
--- openssl-1.0.1/Makefile.org.krb5 2012-03-14 21:15:04.000000000 +0100
+++ openssl-1.0.1/Makefile.org 2012-04-11 16:28:31.254725422 +0200
@@ -370,7 +370,7 @@ libcrypto.pc: Makefile
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
+ echo 'Cflags: -I$${includedir}' ) > libcrypto.pc
libssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
@@ -383,7 +383,7 @@ libssl.pc: Makefile
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
- echo 'Libs.private: $(EX_LIBS)'; \
+ echo 'Libs.private: $(EX_LIBS) $(LIBKRB5)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
openssl.pc: Makefile
@@ -397,7 +397,7 @@ openssl.pc: Makefile
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
- echo 'Libs.private: $(EX_LIBS)'; \
+ echo 'Libs.private: $(EX_LIBS) $(LIBKRB5)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
Makefile: Makefile.org Configure config

View File

@ -0,0 +1,12 @@
diff -up openssl-1.0.1c/crypto/modes/Makefile.aliasing openssl-1.0.1c/crypto/modes/Makefile
--- openssl-1.0.1c/crypto/modes/Makefile.aliasing 2011-08-12 00:36:17.000000000 +0200
+++ openssl-1.0.1c/crypto/modes/Makefile 2012-07-13 11:32:10.767829077 +0200
@@ -12,7 +12,7 @@ AR= ar r
MODES_ASM_OBJ=
-CFLAGS= $(INCLUDES) $(CFLAG)
+CFLAGS= $(INCLUDES) $(CFLAG) -fno-strict-aliasing
ASFLAGS= $(INCLUDES) $(ASFLAG)
AFLAGS= $(ASFLAGS)

View File

@ -0,0 +1,100 @@
diff -up openssl-1.0.1c/apps/s_client.c.default-paths openssl-1.0.1c/apps/s_client.c
--- openssl-1.0.1c/apps/s_client.c.default-paths 2012-03-18 19:16:05.000000000 +0100
+++ openssl-1.0.1c/apps/s_client.c 2012-12-06 18:24:06.425933203 +0100
@@ -1166,12 +1166,19 @@ bad:
if (!set_cert_key_stuff(ctx,cert,key))
goto end;
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx)))
+ if (CAfile == NULL && CApath == NULL)
{
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
- ERR_print_errors(bio_err);
- /* goto end; */
+ if (!SSL_CTX_set_default_verify_paths(ctx))
+ {
+ ERR_print_errors(bio_err);
+ }
+ }
+ else
+ {
+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
}
#ifndef OPENSSL_NO_TLSEXT
diff -up openssl-1.0.1c/apps/s_server.c.default-paths openssl-1.0.1c/apps/s_server.c
--- openssl-1.0.1c/apps/s_server.c.default-paths 2012-03-18 19:16:05.000000000 +0100
+++ openssl-1.0.1c/apps/s_server.c 2012-12-06 18:25:11.199329611 +0100
@@ -1565,13 +1565,21 @@ bad:
}
#endif
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx)))
+ if (CAfile == NULL && CApath == NULL)
{
- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
- ERR_print_errors(bio_err);
- /* goto end; */
+ if (!SSL_CTX_set_default_verify_paths(ctx))
+ {
+ ERR_print_errors(bio_err);
+ }
+ }
+ else
+ {
+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
}
+
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
@@ -1622,8 +1630,11 @@ bad:
else
SSL_CTX_sess_set_cache_size(ctx2,128);
- if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx2)))
+ if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(ctx2))
{
ERR_print_errors(bio_err);
}
diff -up openssl-1.0.1c/apps/s_time.c.default-paths openssl-1.0.1c/apps/s_time.c
--- openssl-1.0.1c/apps/s_time.c.default-paths 2006-04-17 14:22:13.000000000 +0200
+++ openssl-1.0.1c/apps/s_time.c 2012-12-06 18:27:41.694574044 +0100
@@ -373,12 +373,19 @@ int MAIN(int argc, char **argv)
SSL_load_error_strings();
- if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(tm_ctx)))
+ if (CAfile == NULL && CApath == NULL)
{
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
- ERR_print_errors(bio_err);
- /* goto end; */
+ if (!SSL_CTX_set_default_verify_paths(tm_ctx))
+ {
+ ERR_print_errors(bio_err);
+ }
+ }
+ else
+ {
+ if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath))
+ {
+ ERR_print_errors(bio_err);
+ }
}
if (tm_cipher == NULL)

View File

@ -0,0 +1,61 @@
diff -up openssl-1.0.1c/apps/s_server.c.dh1024 openssl-1.0.1c/apps/s_server.c
--- openssl-1.0.1c/apps/s_server.c.dh1024 2012-11-14 20:27:50.000000000 +0100
+++ openssl-1.0.1c/apps/s_server.c 2012-11-15 20:56:15.247774465 +0100
@@ -222,27 +222,31 @@ static void s_server_init(void);
#endif
#ifndef OPENSSL_NO_DH
-static unsigned char dh512_p[]={
- 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
- 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
- 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
- 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
- 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
- 0x47,0x74,0xE8,0x33,
- };
-static unsigned char dh512_g[]={
- 0x02,
- };
-
-static DH *get_dh512(void)
+static DH *get_dh1024()
{
- DH *dh=NULL;
+ static unsigned char dh1024_p[]={
+ 0x99,0x58,0xFA,0x90,0x53,0x2F,0xE0,0x61,0x83,0x9D,0x54,0x63,
+ 0xBD,0x35,0x5A,0x31,0xF3,0xC6,0x79,0xE5,0xA0,0x0F,0x66,0x79,
+ 0x3C,0xA0,0x7F,0xE8,0xA2,0x5F,0xDF,0x11,0x08,0xA3,0xF0,0x3C,
+ 0xC3,0x3C,0x5D,0x50,0x2C,0xD5,0xD6,0x58,0x12,0xDB,0xC1,0xEF,
+ 0xB4,0x47,0x4A,0x5A,0x39,0x8A,0x4E,0xEB,0x44,0xE2,0x07,0xFB,
+ 0x3D,0xA3,0xC7,0x6E,0x52,0xF3,0x2B,0x7B,0x10,0xA5,0x98,0xE3,
+ 0x38,0x2A,0xE2,0x7F,0xA4,0x8F,0x26,0x87,0x9B,0x66,0x7A,0xED,
+ 0x2D,0x4C,0xE7,0x33,0x77,0x47,0x94,0x43,0xB6,0xAA,0x97,0x23,
+ 0x8A,0xFC,0xA5,0xA6,0x64,0x09,0xC0,0x27,0xC0,0xEF,0xCB,0x05,
+ 0x90,0x9D,0xD5,0x75,0xBA,0x00,0xE0,0xFB,0xA8,0x81,0x52,0xA4,
+ 0xB2,0x83,0x22,0x5B,0xCB,0xD7,0x16,0x93,
+ };
+ static unsigned char dh1024_g[]={
+ 0x02,
+ };
+ DH *dh;
if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+ dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+ dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
if ((dh->p == NULL) || (dh->g == NULL))
- return(NULL);
+ { DH_free(dh); return(NULL); }
return(dh);
}
#endif
@@ -1657,7 +1661,7 @@ bad:
else
{
BIO_printf(bio_s_out,"Using default temp DH parameters\n");
- dh=get_dh512();
+ dh=get_dh1024();
}
(void)BIO_flush(bio_s_out);

View File

@ -0,0 +1,16 @@
diff -up openssl-1.0.1c/util/perlpath.pl.perlfind openssl-1.0.1c/util/perlpath.pl
--- openssl-1.0.1c/util/perlpath.pl.perlfind 2012-07-11 22:57:33.000000000 +0200
+++ openssl-1.0.1c/util/perlpath.pl 2012-07-12 00:31:12.102156275 +0200
@@ -4,10 +4,10 @@
# line in all scripts that rely on perl.
#
-require "find.pl";
+use File::Find;
$#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
-&find(".");
+find(\&wanted, ".");
sub wanted
{

View File

@ -0,0 +1,93 @@
diff --git a/crypto/armcap.c b/crypto/armcap.c
index 5258d2f..efb4009 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -9,11 +9,6 @@
unsigned int OPENSSL_armcap_P;
-static sigset_t all_masked;
-
-static sigjmp_buf ill_jmp;
-static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
-
/*
* Following subroutines could have been inlined, but it's not all
* ARM compilers support inline assembler...
@@ -29,24 +24,26 @@ unsigned int OPENSSL_rdtsc(void)
return 0;
}
-#if defined(__GNUC__) && __GNUC__>=2
-void OPENSSL_cpuid_setup(void) __attribute__((constructor));
-#endif
-void OPENSSL_cpuid_setup(void)
+#if defined(__GLIBC__) && __GLIBC__>=2 && __GLIBC_MINOR__>=16
+#include <sys/auxv.h>
+
+void OPENSSL_cpuid_find(void)
+ {
+ unsigned long hwcap = getauxval(AT_HWCAP);
+ char *plat = (char *)getauxval(AT_PLATFORM);
+
+ OPENSSL_armcap_P |= hwcap & HWCAP_ARM_NEON ? ARMV7_NEON : 0;
+ OPENSSL_armcap_P |= plat ? (plat[1] == '7' ? ARMV7_TICK : 0) : 0;
+ }
+#else
+static sigset_t all_masked;
+static sigjmp_buf ill_jmp;
+static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
+
+void OPENSSL_cpuid_find(void)
{
- char *e;
struct sigaction ill_oact,ill_act;
sigset_t oset;
- static int trigger=0;
-
- if (trigger) return;
- trigger=1;
-
- if ((e=getenv("OPENSSL_armcap")))
- {
- OPENSSL_armcap_P=strtoul(e,NULL,0);
- return;
- }
sigfillset(&all_masked);
sigdelset(&all_masked,SIGILL);
@@ -55,8 +52,6 @@ void OPENSSL_cpuid_setup(void)
sigdelset(&all_masked,SIGBUS);
sigdelset(&all_masked,SIGSEGV);
- OPENSSL_armcap_P = 0;
-
memset(&ill_act,0,sizeof(ill_act));
ill_act.sa_handler = ill_handler;
ill_act.sa_mask = all_masked;
@@ -78,3 +73,25 @@ void OPENSSL_cpuid_setup(void)
sigaction (SIGILL,&ill_oact,NULL);
sigprocmask(SIG_SETMASK,&oset,NULL);
}
+#endif
+
+#if defined(__GNUC__) && __GNUC__>=2
+void OPENSSL_cpuid_setup(void) __attribute__((constructor));
+#endif
+void OPENSSL_cpuid_setup(void)
+ {
+ char *e;
+ static int trigger=0;
+
+ if (trigger) return;
+ trigger=1;
+
+ if ((e=getenv("OPENSSL_armcap")))
+ {
+ OPENSSL_armcap_P=strtoul(e,NULL,0);
+ return;
+ }
+
+ OPENSSL_armcap_P = 0;
+ OPENSSL_cpuid_find();
+ }

View File

@ -0,0 +1,25 @@
diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.0.1e/crypto/rsa/rsa_gen.c
--- openssl-1.0.1e/crypto/rsa/rsa_gen.c.cc-reqs 2015-01-13 12:45:51.000000000 +0100
+++ openssl-1.0.1e/crypto/rsa/rsa_gen.c 2015-01-15 17:35:04.649697922 +0100
@@ -438,6 +438,10 @@ static int rsa_builtin_keygen(RSA *rsa,
if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
+ /* prepare minimum p and q difference */
+ if (!BN_one(r3)) goto err;
+ if (bitsp > 100 && !BN_lshift(r3, r3, bitsp - 100)) goto err;
+
BN_copy(rsa->e, e_value);
/* generate p and q */
@@ -463,7 +467,9 @@ static int rsa_builtin_keygen(RSA *rsa,
{
if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
goto err;
- } while((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
+ if (!BN_sub(r2, rsa->q, rsa->p))
+ goto err;
+ } while((BN_ucmp(r2, r3) <= 0) && (++degenerate < 3));
if(degenerate == 3)
{
ok = 0; /* we set our own err */

View File

@ -0,0 +1,46 @@
diff -up openssl-1.0.1e/crypto/dsa/dsa_key.c.compat openssl-1.0.1e/crypto/dsa/dsa_key.c
--- openssl-1.0.1e/crypto/dsa/dsa_key.c.compat 2013-11-26 14:36:35.000000000 +0100
+++ openssl-1.0.1e/crypto/dsa/dsa_key.c 2013-12-11 16:34:58.638549687 +0100
@@ -68,6 +68,11 @@
#include <openssl/fips.h>
#include <openssl/evp.h>
+/* just a compatibility symbol - no-op */
+void FIPS_corrupt_dsa_keygen(void)
+ {
+ }
+
static int fips_check_dsa(DSA *dsa)
{
EVP_PKEY *pk;
diff -up openssl-1.0.1e/crypto/engine/eng_all.c.compat openssl-1.0.1e/crypto/engine/eng_all.c
--- openssl-1.0.1e/crypto/engine/eng_all.c.compat 2013-11-26 14:36:35.000000000 +0100
+++ openssl-1.0.1e/crypto/engine/eng_all.c 2013-12-11 16:32:13.512820424 +0100
@@ -62,6 +62,11 @@
#include <openssl/fips.h>
#endif
+/* just backwards compatibility symbol - no-op */
+void ENGINE_load_aesni (void)
+{
+}
+
void ENGINE_load_builtin_engines(void)
{
/* Some ENGINEs need this */
diff -up openssl-1.0.1e/crypto/fips/fips.c.compat openssl-1.0.1e/crypto/fips/fips.c
--- openssl-1.0.1e/crypto/fips/fips.c.compat 2013-11-26 14:36:35.000000000 +0100
+++ openssl-1.0.1e/crypto/fips/fips.c 2013-12-11 16:38:52.524831858 +0100
@@ -111,6 +111,12 @@ int FIPS_module_mode(void)
return ret;
}
+/* just a compat symbol - return NULL */
+const void *FIPS_rand_check(void)
+ {
+ return NULL;
+ }
+
int FIPS_selftest_failed(void)
{
int ret = 0;

View File

@ -0,0 +1,13 @@
diff -up openssl-1.0.1e/crypto/asn1/a_type.c.bool-cmp openssl-1.0.1e/crypto/asn1/a_type.c
--- openssl-1.0.1e/crypto/asn1/a_type.c.bool-cmp 2015-03-18 13:02:36.000000000 +0100
+++ openssl-1.0.1e/crypto/asn1/a_type.c 2015-03-18 14:38:07.111401390 +0100
@@ -124,6 +124,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co
case V_ASN1_OBJECT:
result = OBJ_cmp(a->value.object, b->value.object);
break;
+ case V_ASN1_BOOLEAN:
+ result = a->value.boolean - b->value.boolean;
+ break;
case V_ASN1_NULL:
result = 0; /* They do not have content. */
break;

View File

@ -0,0 +1,46 @@
diff -up openssl-1.0.1e/crypto/asn1/tasn_dec.c.item-reuse openssl-1.0.1e/crypto/asn1/tasn_dec.c
--- openssl-1.0.1e/crypto/asn1/tasn_dec.c.item-reuse 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/asn1/tasn_dec.c 2015-03-19 15:46:51.097022616 +0100
@@ -310,9 +310,19 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
case ASN1_ITYPE_CHOICE:
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
goto auxerr;
-
- /* Allocate structure */
- if (!*pval && !ASN1_item_ex_new(pval, it))
+ if (*pval)
+ {
+ /* Free up and zero CHOICE value if initialised */
+ i = asn1_get_choice_selector(pval, it);
+ if ((i >= 0) && (i < it->tcount))
+ {
+ tt = it->templates + i;
+ pchptr = asn1_get_field_ptr(pval, tt);
+ ASN1_template_free(pchptr, tt);
+ asn1_set_choice_selector(pval, -1, it);
+ }
+ }
+ else if (!ASN1_item_ex_new(pval, it))
{
ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
ERR_R_NESTED_ASN1_ERROR);
@@ -407,6 +417,19 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
goto auxerr;
+ /* Free up and zero any ADB found */
+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
+ {
+ if (tt->flags & ASN1_TFLG_ADB_MASK)
+ {
+ const ASN1_TEMPLATE *seqtt;
+ ASN1_VALUE **pseqval;
+ seqtt = asn1_do_adb(pval, tt, 1);
+ pseqval = asn1_get_field_ptr(pval, seqtt);
+ ASN1_template_free(pseqval, seqtt);
+ }
+ }
+
/* Get each field entry */
for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
{

View File

@ -0,0 +1,12 @@
diff -up openssl-1.0.1e/crypto/x509/x509_req.c.req-null-deref openssl-1.0.1e/crypto/x509/x509_req.c
--- openssl-1.0.1e/crypto/x509/x509_req.c.req-null-deref 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/x509/x509_req.c 2015-03-18 18:34:35.732448017 +0100
@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_
goto err;
pktmp = X509_get_pubkey(x);
+ if (pktmp == NULL)
+ goto err;
i=X509_REQ_set_pubkey(ret,pktmp);
EVP_PKEY_free(pktmp);
if (!i) goto err;

View File

@ -0,0 +1,102 @@
diff -up openssl-1.0.1e/ssl/s2_lib.c.ssl2-assert openssl-1.0.1e/ssl/s2_lib.c
--- openssl-1.0.1e/ssl/s2_lib.c.ssl2-assert 2015-03-18 13:02:36.000000000 +0100
+++ openssl-1.0.1e/ssl/s2_lib.c 2015-03-18 18:22:20.195322489 +0100
@@ -488,7 +488,7 @@ int ssl2_generate_key_material(SSL *s)
OPENSSL_assert(s->session->master_key_length >= 0
&& s->session->master_key_length
- < (int)sizeof(s->session->master_key));
+ <= (int)sizeof(s->session->master_key));
EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
EVP_DigestUpdate(&ctx,&c,1);
c++;
diff -up openssl-1.0.1e/ssl/s2_srvr.c.ssl2-assert openssl-1.0.1e/ssl/s2_srvr.c
--- openssl-1.0.1e/ssl/s2_srvr.c.ssl2-assert 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/ssl/s2_srvr.c 2015-03-18 18:30:11.403974038 +0100
@@ -446,9 +446,6 @@ static int get_client_master_key(SSL *s)
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
return(-1);
}
- i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
- &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
- (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
is_export=SSL_C_IS_EXPORT(s->session->cipher);
@@ -467,21 +464,61 @@ static int get_client_master_key(SSL *s)
else
ek=5;
+ /*
+ * The format of the CLIENT-MASTER-KEY message is
+ * 1 byte message type
+ * 3 bytes cipher
+ * 2-byte clear key length (stored in s->s2->tmp.clear)
+ * 2-byte encrypted key length (stored in s->s2->tmp.enc)
+ * 2-byte key args length (IV etc)
+ * clear key
+ * encrypted key
+ * key args
+ *
+ * If the cipher is an export cipher, then the encrypted key bytes
+ * are a fixed portion of the total key (5 or 8 bytes). The size of
+ * this portion is in |ek|. If the cipher is not an export cipher,
+ * then the entire key material is encrypted (i.e., clear key length
+ * must be zero).
+ */
+ if ((!is_export && s->s2->tmp.clear != 0) ||
+ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c)))
+ {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
+ return -1;
+ }
+ /*
+ * The encrypted blob must decrypt to the encrypted portion of the key.
+ * Decryption can't be expanding, so if we don't have enough encrypted
+ * bytes to fit the key in the buffer, stop now.
+ */
+ if ((is_export && s->s2->tmp.enc < ek) ||
+ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c)))
+ {
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
+ return -1;
+ }
+
+ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
+ &(p[s->s2->tmp.clear]),
+ &(p[s->s2->tmp.clear]),
+ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : RSA_PKCS1_PADDING);
+
/* bad decrypt */
#if 1
/* If a bad decrypt, continue with protocol but with a
* random master secret (Bleichenbacher attack) */
- if ((i < 0) ||
- ((!is_export && (i != EVP_CIPHER_key_length(c)))
- || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
- (unsigned int)EVP_CIPHER_key_length(c))))))
+ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
+ || (is_export && i != ek)))
{
ERR_clear_error();
if (is_export)
i=ek;
else
i=EVP_CIPHER_key_length(c);
- if (RAND_pseudo_bytes(p,i) <= 0)
+ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear],i) <= 0)
return 0;
}
#else
@@ -505,7 +542,8 @@ static int get_client_master_key(SSL *s)
}
#endif
- if (is_export) i+=s->s2->tmp.clear;
+ if (is_export)
+ i = EVP_CIPHER_key_length(c);
if (i > SSL_MAX_MASTER_KEY_LENGTH)
{

View File

@ -0,0 +1,103 @@
diff -up openssl-1.0.1e/crypto/x509/x509_vfy.c.oob-read openssl-1.0.1e/crypto/x509/x509_vfy.c
--- openssl-1.0.1e/crypto/x509/x509_vfy.c.oob-read 2015-05-25 12:03:41.000000000 +0200
+++ openssl-1.0.1e/crypto/x509/x509_vfy.c 2015-06-09 15:01:51.688640453 +0200
@@ -1702,49 +1702,92 @@ int X509_cmp_time(const ASN1_TIME *ctm,
ASN1_TIME atm;
long offset;
char buff1[24],buff2[24],*p;
- int i,j;
+ int i, j, remaining;
p=buff1;
- i=ctm->length;
+ remaining=ctm->length;
str=(char *)ctm->data;
+ /*
+ * Note that the following (historical) code allows much more slack in the
+ * time format than RFC5280. In RFC5280, the representation is fixed:
+ * UTCTime: YYMMDDHHMMSSZ
+ * GeneralizedTime: YYYYMMDDHHMMSSZ
+ */
if (ctm->type == V_ASN1_UTCTIME)
{
- if ((i < 11) || (i > 17)) return 0;
+ /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
+ int min_length = sizeof("YYMMDDHHMMZ") - 1;
+ int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
+ if (remaining < min_length || remaining > max_length)
+ return 0;
memcpy(p,str,10);
p+=10;
str+=10;
+ remaining -= 10;
}
else
{
- if (i < 13) return 0;
+ /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
+ int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
+ int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
+ if (remaining < min_length || remaining > max_length)
+ return 0;
memcpy(p,str,12);
p+=12;
str+=12;
+ remaining -= 12;
}
if ((*str == 'Z') || (*str == '-') || (*str == '+'))
{ *(p++)='0'; *(p++)='0'; }
else
{
+ /* SS (seconds) */
+ if (remaining < 2)
+ return 0;
*(p++)= *(str++);
*(p++)= *(str++);
- /* Skip any fractional seconds... */
- if (*str == '.')
+ remaining -= 2;
+ /*
+ * Skip any (up to three) fractional seconds...
+ * TODO(emilia): in RFC5280, fractional seconds are forbidden.
+ * Can we just kill them altogether?
+ */
+ if (remaining && *str == '.')
{
str++;
- while ((*str >= '0') && (*str <= '9')) str++;
+ remaining--;
+ for (i = 0; i < 3 && remaining; i++, str++, remaining--)
+ {
+ if (*str < '0' || *str > '9')
+ break;
+ }
}
}
*(p++)='Z';
*(p++)='\0';
+ /* We now need either a terminating 'Z' or an offset. */
+ if (!remaining)
+ return 0;
if (*str == 'Z')
+ {
+ if (remaining != 1)
+ return 0;
offset=0;
+ }
else
{
+ /* (+-)HHMM */
if ((*str != '+') && (*str != '-'))
return 0;
+ /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
+ if (remaining != 5)
+ return 0;
+ if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
+ str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
+ return 0;
offset=((str[1]-'0')*10+(str[2]-'0'))*60;
offset+=(str[3]-'0')*10+(str[4]-'0');
if (*str == '-')

View File

@ -0,0 +1,55 @@
diff -up openssl-1.0.1e/crypto/pkcs7/pk7_doit.c.missing-content openssl-1.0.1e/crypto/pkcs7/pk7_doit.c
--- openssl-1.0.1e/crypto/pkcs7/pk7_doit.c.missing-content 2015-05-25 12:03:41.000000000 +0200
+++ openssl-1.0.1e/crypto/pkcs7/pk7_doit.c 2015-06-09 15:21:21.377951520 +0200
@@ -472,6 +472,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
switch (i)
{
case NID_pkcs7_signed:
+ /*
+ * p7->d.sign->contents is a PKCS7 structure consisting of a contentType
+ * field and optional content.
+ * data_body is NULL if that structure has no (=detached) content
+ * or if the contentType is wrong (i.e., not "data").
+ */
data_body=PKCS7_get_octet_string(p7->d.sign->contents);
if (!PKCS7_is_detached(p7) && data_body == NULL)
{
@@ -484,6 +490,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
case NID_pkcs7_signedAndEnveloped:
rsk=p7->d.signed_and_enveloped->recipientinfo;
md_sk=p7->d.signed_and_enveloped->md_algs;
+ /* data_body is NULL if the optional EncryptedContent is missing. */
data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
@@ -496,6 +503,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
case NID_pkcs7_enveloped:
rsk=p7->d.enveloped->recipientinfo;
enc_alg=p7->d.enveloped->enc_data->algorithm;
+ /* data_body is NULL if the optional EncryptedContent is missing. */
data_body=p7->d.enveloped->enc_data->enc_data;
evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
if (evp_cipher == NULL)
@@ -509,6 +517,13 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
goto err;
}
+ /* Detached content must be supplied via in_bio instead. */
+ if (data_body == NULL && in_bio == NULL)
+ {
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+ goto err;
+ }
+
/* We will be checking the signature */
if (md_sk != NULL)
{
@@ -665,7 +680,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
}
#if 1
- if (PKCS7_is_detached(p7) || (in_bio != NULL))
+ if (in_bio != NULL)
{
bio=in_bio;
}

View File

@ -0,0 +1,12 @@
diff -up openssl-1.0.1e/crypto/cms/cms_smime.c.unknown-hash openssl-1.0.1e/crypto/cms/cms_smime.c
--- openssl-1.0.1e/crypto/cms/cms_smime.c.unknown-hash 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/cms/cms_smime.c 2015-06-09 16:07:16.001516190 +0200
@@ -141,7 +141,7 @@ static void do_free_upto(BIO *f, BIO *up
BIO_free(f);
f = tbio;
}
- while (f != upto);
+ while (f && f != upto);
}
else
BIO_free_all(f);

View File

@ -1,7 +1,7 @@
diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cnf
--- openssl-1.1.1a/apps/openssl.cnf.defaults 2018-11-20 14:35:37.000000000 +0100
+++ openssl-1.1.1a/apps/openssl.cnf 2019-01-15 13:56:50.841719776 +0100
@@ -74,7 +74,7 @@ cert_opt = ca_default # Certificate fi
diff -up openssl-1.0.1e/apps/openssl.cnf.defaults openssl-1.0.1e/apps/openssl.cnf
--- openssl-1.0.1e/apps/openssl.cnf.defaults 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/apps/openssl.cnf 2014-02-06 18:00:00.170929334 +0100
@@ -72,7 +72,7 @@ cert_opt = ca_default # Certificate fi
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
@ -10,15 +10,17 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
@@ -106,6 +106,7 @@ emailAddress = optional
@@ -103,7 +103,8 @@ emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
-default_bits = 1024
+default_bits = 2048
+default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
@@ -128,17 +129,18 @@ string_mask = utf8only
@@ -126,17 +127,18 @@ string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
@ -40,7 +42,7 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
@@ -147,7 +149,7 @@ localityName = Locality Name (eg, city
@@ -145,7 +147,7 @@ localityName = Locality Name (eg, city
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
@ -49,3 +51,12 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn
commonName_max = 64
emailAddress = Email Address
@@ -339,7 +341,7 @@ signer_key = $dir/private/tsakey.pem # T
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
-digests = md5, sha1 # Acceptable message digests (mandatory)
+digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?

View File

@ -0,0 +1,39 @@
diff -up openssl-1.0.1e/crypto/evp/bio_enc.c.enc-fail openssl-1.0.1e/crypto/evp/bio_enc.c
--- openssl-1.0.1e/crypto/evp/bio_enc.c.enc-fail 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/evp/bio_enc.c 2014-03-04 15:21:12.185821738 +0100
@@ -198,10 +198,15 @@ static int enc_read(BIO *b, char *out, i
}
else
{
- EVP_CipherUpdate(&(ctx->cipher),
+ if (!EVP_CipherUpdate(&(ctx->cipher),
(unsigned char *)ctx->buf,&ctx->buf_len,
- (unsigned char *)&(ctx->buf[BUF_OFFSET]),i);
- ctx->cont=1;
+ (unsigned char *)&(ctx->buf[BUF_OFFSET]),i))
+ {
+ ctx->ok = 0;
+ ctx->cont = 0;
+ }
+ else
+ ctx->cont=1;
/* Note: it is possible for EVP_CipherUpdate to
* decrypt zero bytes because this is or looks like
* the final block: if this happens we should retry
@@ -257,9 +262,14 @@ static int enc_write(BIO *b, const char
while (inl > 0)
{
n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
- EVP_CipherUpdate(&(ctx->cipher),
+ if (!EVP_CipherUpdate(&(ctx->cipher),
(unsigned char *)ctx->buf,&ctx->buf_len,
- (unsigned char *)in,n);
+ (unsigned char *)in,n))
+ {
+ BIO_copy_next_retry(b);
+ ctx->ok = 0;
+ return ret - inl;
+ }
inl-=n;
in+=n;

View File

@ -0,0 +1,38 @@
diff -up openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.env-zlib openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
--- openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.env-zlib 2013-02-11 16:02:48.000000000 +0100
+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod 2013-02-19 16:32:51.000000000 +0100
@@ -47,6 +47,13 @@ Once the identities of the compression m
been standardized, the compression API will most likely be changed. Using
it in the current state is not recommended.
+It is also not recommended to use compression if data transfered contain
+untrusted parts that can be manipulated by an attacker as he could then
+get information about the encrypted data. See the CRIME attack. For
+that reason the default loading of the zlib compression method is
+disabled and enabled only if the environment variable B<OPENSSL_DEFAULT_ZLIB>
+is present during the library initialization.
+
=head1 RETURN VALUES
SSL_COMP_add_compression_method() may return the following values:
diff -up openssl-1.0.1e/ssl/ssl_ciph.c.env-zlib openssl-1.0.1e/ssl/ssl_ciph.c
--- openssl-1.0.1e/ssl/ssl_ciph.c.env-zlib 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/ssl/ssl_ciph.c 2013-02-19 16:37:36.163545085 +0100
@@ -140,6 +140,8 @@
* OTHERWISE.
*/
+/* for secure_getenv */
+#define _GNU_SOURCE
#include <stdio.h>
#include <openssl/objects.h>
#ifndef OPENSSL_NO_COMP
@@ -455,7 +457,7 @@ static void load_builtin_compressions(vo
MemCheck_off();
ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
- if (ssl_comp_methods != NULL)
+ if (ssl_comp_methods != NULL && secure_getenv("OPENSSL_DEFAULT_ZLIB") != NULL)
{
comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
if (comp != NULL)

View File

@ -0,0 +1,179 @@
diff -up openssl-1.0.1e/crypto/fips/fips.c.fips-ctor openssl-1.0.1e/crypto/fips/fips.c
--- openssl-1.0.1e/crypto/fips/fips.c.fips-ctor 2013-09-26 13:52:30.767885457 +0200
+++ openssl-1.0.1e/crypto/fips/fips.c 2013-09-26 14:01:29.406010187 +0200
@@ -60,6 +60,8 @@
#include <dlfcn.h>
#include <stdio.h>
#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS
@@ -198,8 +200,10 @@ bin2hex(void *buf, size_t len)
return hex;
}
-#define HMAC_PREFIX "."
-#define HMAC_SUFFIX ".hmac"
+#define HMAC_PREFIX "."
+#ifndef HMAC_SUFFIX
+#define HMAC_SUFFIX ".hmac"
+#endif
#define READ_BUFFER_LENGTH 16384
static char *
@@ -279,19 +283,13 @@ end:
}
static int
-FIPSCHECK_verify(const char *libname, const char *symbolname)
+FIPSCHECK_verify(const char *path)
{
- char path[PATH_MAX+1];
- int rv;
+ int rv = 0;
FILE *hf;
char *hmacpath, *p;
char *hmac = NULL;
size_t n;
-
- rv = get_library_path(libname, symbolname, path, sizeof(path));
-
- if (rv < 0)
- return 0;
hmacpath = make_hmac_path(path);
if (hmacpath == NULL)
@@ -341,6 +339,53 @@ end:
return 1;
}
+static int
+verify_checksums(void)
+ {
+ int rv;
+ char path[PATH_MAX+1];
+ char *p;
+
+ /* we need to avoid dlopening libssl, assume both libcrypto and libssl
+ are in the same directory */
+
+ rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER, "FIPS_mode_set", path, sizeof(path));
+ if (rv < 0)
+ return 0;
+
+ rv = FIPSCHECK_verify(path);
+ if (!rv)
+ return 0;
+
+ /* replace libcrypto with libssl */
+ while ((p = strstr(path, "libcrypto.so")) != NULL)
+ {
+ p = stpcpy(p, "libssl");
+ memmove(p, p+3, strlen(p+2));
+ }
+
+ rv = FIPSCHECK_verify(path);
+ if (!rv)
+ return 0;
+ return 1;
+ }
+
+#ifndef FIPS_MODULE_PATH
+#define FIPS_MODULE_PATH "/etc/system-fips"
+#endif
+
+int
+FIPS_module_installed(void)
+ {
+ int rv;
+ rv = access(FIPS_MODULE_PATH, F_OK);
+ if (rv < 0 && errno != ENOENT)
+ rv = 0;
+
+ /* Installed == true */
+ return !rv;
+ }
+
int FIPS_module_mode_set(int onoff, const char *auth)
{
int ret = 0;
@@ -379,15 +424,7 @@ int FIPS_module_mode_set(int onoff, cons
}
#endif
- if(!FIPSCHECK_verify("libcrypto.so." SHLIB_VERSION_NUMBER,"FIPS_mode_set"))
- {
- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
- fips_selftest_fail = 1;
- ret = 0;
- goto end;
- }
-
- if(!FIPSCHECK_verify("libssl.so." SHLIB_VERSION_NUMBER,"SSL_CTX_new"))
+ if(!verify_checksums())
{
FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
fips_selftest_fail = 1;
diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ctor openssl-1.0.1e/crypto/fips/fips.h
--- openssl-1.0.1e/crypto/fips/fips.h.fips-ctor 2013-09-26 13:52:30.814886515 +0200
+++ openssl-1.0.1e/crypto/fips/fips.h 2013-09-26 13:52:30.816886560 +0200
@@ -74,6 +74,7 @@ struct hmac_ctx_st;
int FIPS_module_mode_set(int onoff, const char *auth);
int FIPS_module_mode(void);
+int FIPS_module_installed(void);
const void *FIPS_rand_check(void);
int FIPS_selftest(void);
int FIPS_selftest_failed(void);
diff -up openssl-1.0.1e/crypto/o_init.c.fips-ctor openssl-1.0.1e/crypto/o_init.c
--- openssl-1.0.1e/crypto/o_init.c.fips-ctor 2013-09-26 13:52:30.807886357 +0200
+++ openssl-1.0.1e/crypto/o_init.c 2013-09-26 14:00:21.000000000 +0200
@@ -71,6 +71,9 @@ static void init_fips_mode(void)
char buf[2] = "0";
int fd;
+ /* Ensure the selftests always run */
+ FIPS_mode_set(1);
+
if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
{
buf[0] = '1';
@@ -85,9 +88,15 @@ static void init_fips_mode(void)
* otherwise.
*/
- if (buf[0] == '1')
+ if (buf[0] != '1')
+ {
+ /* drop down to non-FIPS mode if it is not requested */
+ FIPS_mode_set(0);
+ }
+ else
{
- FIPS_mode_set(1);
+ /* abort if selftest failed */
+ FIPS_selftest_check();
}
}
#endif
@@ -96,13 +105,17 @@ static void init_fips_mode(void)
* Currently only sets FIPS callbacks
*/
-void OPENSSL_init_library(void)
+void __attribute__ ((constructor)) OPENSSL_init_library(void)
{
static int done = 0;
if (done)
return;
done = 1;
#ifdef OPENSSL_FIPS
+ if (!FIPS_module_installed())
+ {
+ return;
+ }
RAND_init_fips();
init_fips_mode();
if (!FIPS_mode())

View File

@ -0,0 +1,11 @@
diff -up openssl-1.0.1e/crypto/x509/x509_cmp.c.issuer-hash openssl-1.0.1e/crypto/x509/x509_cmp.c
--- openssl-1.0.1e/crypto/x509/x509_cmp.c.issuer-hash 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/x509/x509_cmp.c 2013-02-19 12:46:11.315788592 +0100
@@ -85,6 +85,7 @@ unsigned long X509_issuer_and_serial_has
char *f;
EVP_MD_CTX_init(&ctx);
+ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
goto err;

View File

@ -0,0 +1,25 @@
diff -up openssl-1.0.1e/crypto/asn1/a_verify.c.no-md5-verify openssl-1.0.1e/crypto/asn1/a_verify.c
--- openssl-1.0.1e/crypto/asn1/a_verify.c.no-md5-verify 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/asn1/a_verify.c 2013-11-13 16:30:04.628791616 +0100
@@ -56,6 +56,9 @@
* [including the GNU Public Licence.]
*/
+/* for secure_getenv */
+#define _GNU_SOURCE
+
#include <stdio.h>
#include <time.h>
@@ -171,6 +174,11 @@ int ASN1_item_verify(const ASN1_ITEM *it
goto err;
ret = -1;
}
+ else if (mdnid == NID_md5 && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+ goto err;
+ }
else
{
const EVP_MD *type;

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,112 @@
diff -up openssl-1.0.1e/Configure.rpmbuild openssl-1.0.1e/Configure
--- openssl-1.0.1e/Configure.rpmbuild 2014-08-13 19:19:53.211005598 +0200
+++ openssl-1.0.1e/Configure 2014-08-13 19:29:21.704099285 +0200
@@ -345,24 +345,24 @@ my %table=(
####
# *-generic* is endian-neutral target, but ./config is free to
# throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# It's believed that majority of ARM toolchains predefine appropriate -march.
# If you compiler does not, do complement config command line with one!
-"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-armv4", "gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
#### IA-32 targets...
"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
####
-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ppc64le","gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
+"linux-ppc64le","gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
+"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
#### So called "highgprs" target for z/Architecture CPUs
# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
# /proc/cpuinfo. The idea is to preserve most significant bits of
@@ -376,16 +376,17 @@ my %table=(
# ldconfig and run-time linker to autodiscover. Unfortunately it
# doesn't work just yet, because of couple of bugs in glibc
# sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
-"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
+"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::/highgprs",
#### SPARC Linux setups
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
# assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# it's a real mess with -mcpu=ultrasparc option under Linux, but
# -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
# GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
+"linux-aarch64","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
#### Alpha Linux with GNU C and Compaq C setups
# Special notes:
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -399,8 +400,8 @@ my %table=(
#
# <appro@fy.chalmers.se>
#
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
@@ -1675,7 +1676,7 @@ while (<IN>)
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
{
my $sotmp = $1;
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
}
elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
{
diff -up openssl-1.0.1e/Makefile.org.rpmbuild openssl-1.0.1e/Makefile.org
--- openssl-1.0.1e/Makefile.org.rpmbuild 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/Makefile.org 2014-08-13 19:19:53.218005759 +0200
@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=
SHLIB_MINOR=
SHLIB_EXT=
+SHLIB_SONAMEVER=10
PLATFORM=dist
OPTIONS=
CONFIGURE_ARGS=
@@ -333,10 +334,9 @@ clean-shared:
link-shared:
@ set -e; for i in $(SHLIBDIRS); do \
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
symlink.$(SHLIB_TARGET); \
- libs="$$libs -l$$i"; \
done
build-shared: do_$(SHLIB_TARGET) link-shared
@@ -347,7 +347,7 @@ do_$(SHLIB_TARGET):
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
LIBDEPS="$$libs $(EX_LIBS)" \
link_a.$(SHLIB_TARGET); \

View File

@ -0,0 +1,244 @@
diff -up openssl-1.0.1e/crypto/conf/conf_api.c.secure-getenv openssl-1.0.1e/crypto/conf/conf_api.c
--- openssl-1.0.1e/crypto/conf/conf_api.c.secure-getenv 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/conf/conf_api.c 2013-02-19 13:02:02.531188124 +0100
@@ -63,6 +63,8 @@
# define NDEBUG
#endif
+/* for secure_getenv */
+#define _GNU_SOURCE
#include <assert.h>
#include <stdlib.h>
#include <string.h>
@@ -142,7 +144,7 @@ char *_CONF_get_string(const CONF *conf,
if (v != NULL) return(v->value);
if (strcmp(section,"ENV") == 0)
{
- p=getenv(name);
+ p=secure_getenv(name);
if (p != NULL) return(p);
}
}
@@ -155,7 +157,7 @@ char *_CONF_get_string(const CONF *conf,
return(NULL);
}
else
- return(getenv(name));
+ return (secure_getenv(name));
}
#if 0 /* There's no way to provide error checking with this function, so
diff -up openssl-1.0.1e/crypto/conf/conf_mod.c.secure-getenv openssl-1.0.1e/crypto/conf/conf_mod.c
--- openssl-1.0.1e/crypto/conf/conf_mod.c.secure-getenv 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/conf/conf_mod.c 2013-02-19 13:02:02.531188124 +0100
@@ -56,6 +56,8 @@
*
*/
+/* for secure_getenv */
+#define _GNU_SOURCE
#include <stdio.h>
#include <ctype.h>
#include <openssl/crypto.h>
@@ -548,8 +550,8 @@ char *CONF_get1_default_config_file(void
char *file;
int len;
- file = getenv("OPENSSL_CONF");
- if (file)
+ file = secure_getenv("OPENSSL_CONF");
+ if (file)
return BUF_strdup(file);
len = strlen(X509_get_default_cert_area());
diff -up openssl-1.0.1e/crypto/engine/eng_list.c.secure-getenv openssl-1.0.1e/crypto/engine/eng_list.c
--- openssl-1.0.1e/crypto/engine/eng_list.c.secure-getenv 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/engine/eng_list.c 2013-02-19 13:02:02.536188233 +0100
@@ -61,6 +61,8 @@
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
+/* for secure_getenv */
+#define _GNU_SOURCE
#include "eng_int.h"
/* The linked-list of pointers to engine types. engine_list_head
@@ -399,9 +401,9 @@ ENGINE *ENGINE_by_id(const char *id)
if (strcmp(id, "dynamic"))
{
#ifdef OPENSSL_SYS_VMS
- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
+ if(OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
#else
- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
+ if((load_dir = secure_getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
#endif
iterator = ENGINE_by_id("dynamic");
if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
diff -up openssl-1.0.1e/crypto/md5/md5_dgst.c.secure-getenv openssl-1.0.1e/crypto/md5/md5_dgst.c
--- openssl-1.0.1e/crypto/md5/md5_dgst.c.secure-getenv 2013-02-19 13:02:02.492187275 +0100
+++ openssl-1.0.1e/crypto/md5/md5_dgst.c 2013-02-19 13:02:02.537188254 +0100
@@ -56,6 +56,8 @@
* [including the GNU Public Licence.]
*/
+/* for secure_getenv */
+#define _GNU_SOURCE
#include <stdio.h>
#include "md5_locl.h"
#include <openssl/opensslv.h>
@@ -74,7 +76,7 @@ const char MD5_version[]="MD5" OPENSSL_V
int MD5_Init(MD5_CTX *c)
#ifdef OPENSSL_FIPS
{
- if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
+ if (FIPS_mode() && secure_getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
OpenSSLDie(__FILE__, __LINE__, \
"Digest MD5 forbidden in FIPS mode!");
return private_MD5_Init(c);
diff -up openssl-1.0.1e/crypto/o_init.c.secure-getenv openssl-1.0.1e/crypto/o_init.c
--- openssl-1.0.1e/crypto/o_init.c.secure-getenv 2013-02-19 13:02:02.428185882 +0100
+++ openssl-1.0.1e/crypto/o_init.c 2013-02-19 13:02:02.538188276 +0100
@@ -52,6 +52,8 @@
*
*/
+/* for secure_getenv */
+#define _GNU_SOURCE
#include <e_os.h>
#include <openssl/err.h>
#ifdef OPENSSL_FIPS
@@ -71,7 +73,7 @@ static void init_fips_mode(void)
char buf[2] = "0";
int fd;
- if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
+ if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
{
buf[0] = '1';
}
diff -up openssl-1.0.1e/crypto/rand/randfile.c.secure-getenv openssl-1.0.1e/crypto/rand/randfile.c
--- openssl-1.0.1e/crypto/rand/randfile.c.secure-getenv 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/rand/randfile.c 2013-02-19 13:03:06.971591052 +0100
@@ -60,6 +60,8 @@
#if !defined(OPENSSL_SYS_VXWORKS)
#define _XOPEN_SOURCE 500
#endif
+/* for secure_getenv */
+#define _GNU_SOURCE
#include <errno.h>
#include <stdio.h>
@@ -277,8 +279,7 @@ const char *RAND_file_name(char *buf, si
struct stat sb;
#endif
- if (OPENSSL_issetugid() == 0)
- s=getenv("RANDFILE");
+ s=secure_getenv("RANDFILE");
if (s != NULL && *s && strlen(s) + 1 < size)
{
if (BUF_strlcpy(buf,s,size) >= size)
@@ -286,8 +287,7 @@ const char *RAND_file_name(char *buf, si
}
else
{
- if (OPENSSL_issetugid() == 0)
- s=getenv("HOME");
+ s=secure_getenv("HOME");
#ifdef DEFAULT_HOME
if (s == NULL)
{
diff -up openssl-1.0.1e/crypto/x509/by_dir.c.secure-getenv openssl-1.0.1e/crypto/x509/by_dir.c
--- openssl-1.0.1e/crypto/x509/by_dir.c.secure-getenv 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/x509/by_dir.c 2013-02-19 13:02:02.539188298 +0100
@@ -56,6 +56,8 @@
* [including the GNU Public Licence.]
*/
+/* for secure_getenv */
+#define _GNU_SOURCE
#include <stdio.h>
#include <time.h>
#include <errno.h>
@@ -135,7 +137,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
case X509_L_ADD_DIR:
if (argl == X509_FILETYPE_DEFAULT)
{
- dir=(char *)getenv(X509_get_default_cert_dir_env());
+ dir=(char *)secure_getenv(X509_get_default_cert_dir_env());
if (dir)
ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
else
diff -up openssl-1.0.1e/crypto/x509/by_file.c.secure-getenv openssl-1.0.1e/crypto/x509/by_file.c
--- openssl-1.0.1e/crypto/x509/by_file.c.secure-getenv 2013-02-19 13:02:02.236181701 +0100
+++ openssl-1.0.1e/crypto/x509/by_file.c 2013-02-19 13:02:02.554188624 +0100
@@ -56,6 +56,8 @@
* [including the GNU Public Licence.]
*/
+/* for secure_getenv */
+#define _GNU_SOURCE
#include <stdio.h>
#include <time.h>
#include <errno.h>
@@ -100,7 +102,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT)
{
- file = (char *)getenv(X509_get_default_cert_file_env());
+ file = (char *)secure_getenv(X509_get_default_cert_file_env());
if (file)
ok = (X509_load_cert_crl_file(ctx,file,
X509_FILETYPE_PEM) != 0);
diff -up openssl-1.0.1e/crypto/x509/x509_vfy.c.secure-getenv openssl-1.0.1e/crypto/x509/x509_vfy.c
--- openssl-1.0.1e/crypto/x509/x509_vfy.c.secure-getenv 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/x509/x509_vfy.c 2013-02-19 13:02:02.556188668 +0100
@@ -56,6 +56,8 @@
* [including the GNU Public Licence.]
*/
+/* for secure_getenv */
+#define _GNU_SOURCE
#include <stdio.h>
#include <time.h>
#include <errno.h>
@@ -481,7 +483,7 @@ static int check_chain_extensions(X509_S
!!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
/* A hack to keep people who don't want to modify their
software happy */
- if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+ if (secure_getenv("OPENSSL_ALLOW_PROXY_CERTS"))
allow_proxy_certs = 1;
purpose = ctx->param->purpose;
}
diff -up openssl-1.0.1e/engines/ccgost/gost_ctl.c.secure-getenv openssl-1.0.1e/engines/ccgost/gost_ctl.c
--- openssl-1.0.1e/engines/ccgost/gost_ctl.c.secure-getenv 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/engines/ccgost/gost_ctl.c 2013-02-19 13:02:02.557188690 +0100
@@ -6,6 +6,8 @@
* Implementation of control commands for GOST engine *
* OpenSSL 0.9.9 libraries required *
**********************************************************************/
+/* for secure_getenv */
+#define _GNU_SOURCE
#include <stdlib.h>
#include <string.h>
#include <openssl/crypto.h>
@@ -65,7 +67,7 @@ const char *get_gost_engine_param(int pa
{
return gost_params[param];
}
- tmp = getenv(gost_envnames[param]);
+ tmp = secure_getenv(gost_envnames[param]);
if (tmp)
{
if (gost_params[param]) OPENSSL_free(gost_params[param]);
@@ -79,7 +81,7 @@ int gost_set_default_param(int param, co
{
const char *tmp;
if (param <0 || param >GOST_PARAM_MAX) return 0;
- tmp = getenv(gost_envnames[param]);
+ tmp = secure_getenv(gost_envnames[param]);
/* if there is value in the environment, use it, else -passed string * */
if (!tmp) tmp=value;
if (gost_params[param]) OPENSSL_free(gost_params[param]);

View File

@ -0,0 +1,63 @@
diff -up openssl-1.0.1e/crypto/cversion.c.version openssl-1.0.1e/crypto/cversion.c
--- openssl-1.0.1e/crypto/cversion.c.version 2013-02-11 16:02:47.000000000 +0100
+++ openssl-1.0.1e/crypto/cversion.c 2013-07-26 12:28:12.739161925 +0200
@@ -62,7 +62,7 @@
#include "buildinf.h"
#endif
-const char *SSLeay_version(int t)
+const char *_current_SSLeay_version(int t)
{
if (t == SSLEAY_VERSION)
return OPENSSL_VERSION_TEXT;
@@ -110,8 +110,25 @@ const char *SSLeay_version(int t)
return("not available");
}
-unsigned long SSLeay(void)
+const char *_original_SSLeay_version(int t)
+ {
+ if (t == SSLEAY_VERSION)
+ return "OpenSSL 1.0.0-fips 29 Mar 2010";
+ else
+ return _current_SSLeay_version(t);
+ }
+
+unsigned long _original_SSLeay(void)
+ {
+ return(0x10000003);
+ }
+
+unsigned long _current_SSLeay(void)
{
return(SSLEAY_VERSION_NUMBER);
}
+__asm__(".symver _original_SSLeay,SSLeay@");
+__asm__(".symver _original_SSLeay_version,SSLeay_version@");
+__asm__(".symver _current_SSLeay,SSLeay@@OPENSSL_1.0.1");
+__asm__(".symver _current_SSLeay_version,SSLeay_version@@OPENSSL_1.0.1");
diff -up openssl-1.0.1e/Makefile.shared.version openssl-1.0.1e/Makefile.shared
--- openssl-1.0.1e/Makefile.shared.version 2013-07-26 12:23:43.615545603 +0200
+++ openssl-1.0.1e/Makefile.shared 2013-07-26 12:23:43.701547398 +0200
@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--default-symver,--version-script=version.map -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
DO_GNU_APP=LDFLAGS="$(CFLAGS)"
diff -up openssl-1.0.1e/version.map.version openssl-1.0.1e/version.map
--- openssl-1.0.1e/version.map.version 2013-07-26 12:23:43.701547398 +0200
+++ openssl-1.0.1e/version.map 2013-07-26 12:29:10.698371472 +0200
@@ -0,0 +1,8 @@
+OPENSSL_1.0.1 {
+ global:
+ SSLeay;
+ SSLeay_version;
+ local:
+ _original*;
+ _current*;
+};

View File

@ -0,0 +1,12 @@
diff -up openssl-1.0.1e/ssl/ssl.h.weak-ciphers openssl-1.0.1e/ssl/ssl.h
--- openssl-1.0.1e/ssl/ssl.h.weak-ciphers 2013-12-18 15:50:40.881620314 +0100
+++ openssl-1.0.1e/ssl/ssl.h 2013-12-18 14:25:25.596566704 +0100
@@ -331,7 +331,7 @@ extern "C" {
/* The following cipher list is used by default.
* It also is substituted when an application-defined cipher list string
* starts with 'DEFAULT'. */
-#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
+#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES"
/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
* starts with a reasonable order, and all we have to do for DEFAULT is
* throwing out anonymous and unencrypted ciphersuites!

View File

@ -0,0 +1,13 @@
diff -up openssl-1.0.1h/ssl/ssl_lib.c.v2v3 openssl-1.0.1h/ssl/ssl_lib.c
--- openssl-1.0.1h/ssl/ssl_lib.c.v2v3 2014-06-11 16:02:52.000000000 +0200
+++ openssl-1.0.1h/ssl/ssl_lib.c 2014-06-30 14:18:04.290248080 +0200
@@ -1875,6 +1875,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
*/
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+ /* Disable SSLv2 by default (affects the SSLv23_method() only) */
+ ret->options |= SSL_OP_NO_SSLv2;
+
return(ret);
err:
SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);

View File

@ -0,0 +1,529 @@
diff -up openssl-1.0.1h/apps/s_apps.h.ipv6-apps openssl-1.0.1h/apps/s_apps.h
--- openssl-1.0.1h/apps/s_apps.h.ipv6-apps 2014-06-05 14:33:38.515668750 +0200
+++ openssl-1.0.1h/apps/s_apps.h 2014-06-05 14:33:38.540669335 +0200
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
#define PORT_STR "4433"
#define PROTOCOL "tcp"
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
+int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
@@ -156,10 +156,9 @@ int MS_CALLBACK verify_callback(int ok,
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
#endif
-int init_client(int *sock, char *server, int port, int type);
+int init_client(int *sock, char *server, char *port, int type);
int should_retry(int i);
-int extract_port(char *str, short *port_ptr);
-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
+int extract_host_port(char *str,char **host_ptr,char **port_ptr);
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
diff -up openssl-1.0.1h/apps/s_client.c.ipv6-apps openssl-1.0.1h/apps/s_client.c
--- openssl-1.0.1h/apps/s_client.c.ipv6-apps 2014-06-05 14:33:38.533669171 +0200
+++ openssl-1.0.1h/apps/s_client.c 2014-06-05 14:33:38.540669335 +0200
@@ -567,7 +567,7 @@ int MAIN(int argc, char **argv)
int cbuf_len,cbuf_off;
int sbuf_len,sbuf_off;
fd_set readfds,writefds;
- short port=PORT;
+ char *port_str = PORT_STR;
int full_log=1;
char *host=SSL_HOST_NAME;
char *cert_file=NULL,*key_file=NULL;
@@ -668,13 +668,12 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-port") == 0)
{
if (--argc < 1) goto bad;
- port=atoi(*(++argv));
- if (port == 0) goto bad;
+ port_str= *(++argv);
}
else if (strcmp(*argv,"-connect") == 0)
{
if (--argc < 1) goto bad;
- if (!extract_host_port(*(++argv),&host,NULL,&port))
+ if (!extract_host_port(*(++argv),&host,&port_str))
goto bad;
}
else if (strcmp(*argv,"-verify") == 0)
@@ -1267,7 +1266,7 @@ bad:
re_start:
- if (init_client(&s,host,port,socket_type) == 0)
+ if (init_client(&s,host,port_str,socket_type) == 0)
{
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
SHUTDOWN(s);
diff -up openssl-1.0.1h/apps/s_server.c.ipv6-apps openssl-1.0.1h/apps/s_server.c
--- openssl-1.0.1h/apps/s_server.c.ipv6-apps 2014-06-05 14:33:38.533669171 +0200
+++ openssl-1.0.1h/apps/s_server.c 2014-06-05 14:33:38.541669358 +0200
@@ -933,7 +933,7 @@ int MAIN(int argc, char *argv[])
{
X509_VERIFY_PARAM *vpm = NULL;
int badarg = 0;
- short port=PORT;
+ char *port_str = PORT_STR;
char *CApath=NULL,*CAfile=NULL;
unsigned char *context = NULL;
char *dhfile = NULL;
@@ -1004,8 +1004,7 @@ int MAIN(int argc, char *argv[])
(strcmp(*argv,"-accept") == 0))
{
if (--argc < 1) goto bad;
- if (!extract_port(*(++argv),&port))
- goto bad;
+ port_str= *(++argv);
}
else if (strcmp(*argv,"-verify") == 0)
{
@@ -1892,9 +1891,9 @@ bad:
BIO_printf(bio_s_out,"ACCEPT\n");
(void)BIO_flush(bio_s_out);
if (www)
- do_server(port,socket_type,&accept_socket,www_body, context);
+ do_server(port_str,socket_type,&accept_socket,www_body, context);
else
- do_server(port,socket_type,&accept_socket,sv_body, context);
+ do_server(port_str,socket_type,&accept_socket,sv_body, context);
print_stats(bio_s_out,ctx);
ret=0;
end:
diff -up openssl-1.0.1h/apps/s_socket.c.ipv6-apps openssl-1.0.1h/apps/s_socket.c
--- openssl-1.0.1h/apps/s_socket.c.ipv6-apps 2014-06-05 11:44:33.000000000 +0200
+++ openssl-1.0.1h/apps/s_socket.c 2014-06-05 14:39:53.226442195 +0200
@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
static void ssl_sock_cleanup(void);
#endif
static int ssl_sock_init(void);
-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
-static int init_server(int *sock, int port, int type);
-static int init_server_long(int *sock, int port,char *ip, int type);
+static int init_server(int *sock, char *port, int type);
static int do_accept(int acc_sock, int *sock, char **host);
static int host_ip(char *str, unsigned char ip[4]);
@@ -234,57 +232,71 @@ static int ssl_sock_init(void)
return(1);
}
-int init_client(int *sock, char *host, int port, int type)
+int init_client(int *sock, char *host, char *port, int type)
{
- unsigned char ip[4];
-
- memset(ip, '\0', sizeof ip);
- if (!host_ip(host,&(ip[0])))
- return 0;
- return init_client_ip(sock,ip,port,type);
- }
-
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
- {
- unsigned long addr;
- struct sockaddr_in them;
- int s,i;
+ struct addrinfo *res, *res0, hints;
+ char * failed_call = NULL;
+ int s;
+ int e;
if (!ssl_sock_init()) return(0);
- memset((char *)&them,0,sizeof(them));
- them.sin_family=AF_INET;
- them.sin_port=htons((unsigned short)port);
- addr=(unsigned long)
- ((unsigned long)ip[0]<<24L)|
- ((unsigned long)ip[1]<<16L)|
- ((unsigned long)ip[2]<< 8L)|
- ((unsigned long)ip[3]);
- them.sin_addr.s_addr=htonl(addr);
-
- if (type == SOCK_STREAM)
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
- else /* ( type == SOCK_DGRAM) */
- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
-
- if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+ memset(&hints, '\0', sizeof(hints));
+ hints.ai_socktype = type;
+ hints.ai_flags = AI_ADDRCONFIG;
+
+ e = getaddrinfo(host, port, &hints, &res);
+ if (e)
+ {
+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
+ if (e == EAI_SYSTEM)
+ perror("getaddrinfo");
+ return (0);
+ }
+ res0 = res;
+ while (res)
+ {
+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ if (s == INVALID_SOCKET)
+ {
+ failed_call = "socket";
+ goto nextres;
+ }
#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
if (type == SOCK_STREAM)
{
- i=0;
- i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
- if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
+ int i=0;
+ i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
+ (char *)&i,sizeof(i));
+ if (i < 0) {
+ failed_call = "keepalive";
+ goto nextres;
+ }
}
#endif
-
- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
- { closesocket(s); perror("connect"); return(0); }
+ if (connect(s,(struct sockaddr *)res->ai_addr,
+ res->ai_addrlen) == 0)
+ {
+ freeaddrinfo(res0);
*sock=s;
return(1);
}
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
+ failed_call = "socket";
+nextres:
+ if (s != INVALID_SOCKET)
+ close(s);
+ res = res->ai_next;
+ }
+ freeaddrinfo(res0);
+ closesocket(s);
+
+ perror(failed_call);
+ return(0);
+ }
+
+int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
{
int sock;
char *name = NULL;
@@ -322,33 +334,50 @@ int do_server(int port, int type, int *r
}
}
-static int init_server_long(int *sock, int port, char *ip, int type)
+static int init_server(int *sock, char *port, int type)
{
- int ret=0;
- struct sockaddr_in server;
- int s= -1;
+ struct addrinfo *res, *res0 = NULL, hints;
+ char * failed_call = NULL;
+ int s = INVALID_SOCKET;
+ int e;
if (!ssl_sock_init()) return(0);
- memset((char *)&server,0,sizeof(server));
- server.sin_family=AF_INET;
- server.sin_port=htons((unsigned short)port);
- if (ip == NULL)
- server.sin_addr.s_addr=INADDR_ANY;
- else
-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-#ifndef BIT_FIELD_LIMITS
- memcpy(&server.sin_addr.s_addr,ip,4);
-#else
- memcpy(&server.sin_addr,ip,4);
-#endif
+ memset(&hints, '\0', sizeof(hints));
+ hints.ai_family = AF_INET6;
+tryipv4:
+ hints.ai_socktype = type;
+ hints.ai_flags = AI_PASSIVE;
- if (type == SOCK_STREAM)
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
- else /* type == SOCK_DGRAM */
- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
+ e = getaddrinfo(NULL, port, &hints, &res);
+ if (e)
+ {
+ if (hints.ai_family == AF_INET)
+ {
+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
+ if (e == EAI_SYSTEM)
+ perror("getaddrinfo");
+ return (0);
+ }
+ else
+ res = NULL;
+ }
- if (s == INVALID_SOCKET) goto err;
+ res0 = res;
+ while (res)
+ {
+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ if (s == INVALID_SOCKET)
+ {
+ failed_call = "socket";
+ goto nextres;
+ }
+ if (hints.ai_family == AF_INET6)
+ {
+ int j = 0;
+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
+ (void *) &j, sizeof j);
+ }
#if defined SOL_SOCKET && defined SO_REUSEADDR
{
int j = 1;
@@ -356,35 +385,49 @@ static int init_server_long(int *sock, i
(void *) &j, sizeof j);
}
#endif
- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+
+ if (bind(s,(struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1)
{
-#ifndef OPENSSL_SYS_WINDOWS
- perror("bind");
-#endif
- goto err;
+ failed_call = "bind";
+ goto nextres;
}
- /* Make it 128 for linux */
- if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
- *sock=s;
- ret=1;
-err:
- if ((ret == 0) && (s != -1))
+ if (type==SOCK_STREAM && listen(s,128) == -1)
{
- SHUTDOWN(s);
+ failed_call = "listen";
+ goto nextres;
}
- return(ret);
+
+ *sock=s;
+ return(1);
+
+nextres:
+ if (s != INVALID_SOCKET)
+ close(s);
+ res = res->ai_next;
}
+ if (res0)
+ freeaddrinfo(res0);
-static int init_server(int *sock, int port, int type)
+ if (s == INVALID_SOCKET)
{
- return(init_server_long(sock, port, NULL, type));
+ if (hints.ai_family == AF_INET6)
+ {
+ hints.ai_family = AF_INET;
+ goto tryipv4;
+ }
+ perror("socket");
+ return(0);
+ }
+
+ perror(failed_call);
+ return(0);
}
static int do_accept(int acc_sock, int *sock, char **host)
{
+ static struct sockaddr_storage from;
+ char buffer[NI_MAXHOST];
int ret;
- struct hostent *h1,*h2;
- static struct sockaddr_in from;
int len;
/* struct linger ling; */
@@ -424,145 +467,66 @@ redoit:
ling.l_onoff=1;
ling.l_linger=0;
i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
- if (i < 0) { perror("linger"); return(0); }
+ if (i < 0) { closesocket(ret); perror("linger"); return(0); }
i=0;
i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
- if (i < 0) { perror("keepalive"); return(0); }
+ if (i < 0) { closesocket(ret); perror("keepalive"); return(0); }
*/
if (host == NULL) goto end;
-#ifndef BIT_FIELD_LIMITS
- /* I should use WSAAsyncGetHostByName() under windows */
- h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
- sizeof(from.sin_addr.s_addr),AF_INET);
-#else
- h1=gethostbyaddr((char *)&from.sin_addr,
- sizeof(struct in_addr),AF_INET);
-#endif
- if (h1 == NULL)
+
+ if (getnameinfo((struct sockaddr *)&from, sizeof(from),
+ buffer, sizeof(buffer),
+ NULL, 0, 0))
{
- BIO_printf(bio_err,"bad gethostbyaddr\n");
+ BIO_printf(bio_err,"getnameinfo failed\n");
*host=NULL;
/* return(0); */
}
else
{
- if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
+ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
{
perror("OPENSSL_malloc");
closesocket(ret);
return(0);
}
- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
-
- h2=GetHostByName(*host);
- if (h2 == NULL)
- {
- BIO_printf(bio_err,"gethostbyname failure\n");
- closesocket(ret);
- return(0);
- }
- if (h2->h_addrtype != AF_INET)
- {
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
- closesocket(ret);
- return(0);
- }
+ strcpy(*host, buffer);
}
end:
*sock=ret;
return(1);
}
-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
- short *port_ptr)
+int extract_host_port(char *str, char **host_ptr,
+ char **port_ptr)
{
- char *h,*p;
+ char *h,*p,*x;
- h=str;
- p=strchr(str,':');
+ x=h=str;
+ if (*h == '[')
+ {
+ h++;
+ p=strchr(h,']');
if (p == NULL)
{
- BIO_printf(bio_err,"no port defined\n");
+ BIO_printf(bio_err,"no ending bracket for IPv6 address\n");
return(0);
}
*(p++)='\0';
-
- if ((ip != NULL) && !host_ip(str,ip))
- goto err;
- if (host_ptr != NULL) *host_ptr=h;
-
- if (!extract_port(p,port_ptr))
- goto err;
- return(1);
-err:
- return(0);
+ x = p;
}
-
-static int host_ip(char *str, unsigned char ip[4])
- {
- unsigned int in[4];
- int i;
-
- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
- {
- for (i=0; i<4; i++)
- if (in[i] > 255)
- {
- BIO_printf(bio_err,"invalid IP address\n");
- goto err;
- }
- ip[0]=in[0];
- ip[1]=in[1];
- ip[2]=in[2];
- ip[3]=in[3];
- }
- else
- { /* do a gethostbyname */
- struct hostent *he;
-
- if (!ssl_sock_init()) return(0);
-
- he=GetHostByName(str);
- if (he == NULL)
- {
- BIO_printf(bio_err,"gethostbyname failure\n");
- goto err;
- }
- /* cast to short because of win16 winsock definition */
- if ((short)he->h_addrtype != AF_INET)
+ p=strchr(x,':');
+ if (p == NULL)
{
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
- return(0);
- }
- ip[0]=he->h_addr_list[0][0];
- ip[1]=he->h_addr_list[0][1];
- ip[2]=he->h_addr_list[0][2];
- ip[3]=he->h_addr_list[0][3];
- }
- return(1);
-err:
+ BIO_printf(bio_err,"no port defined\n");
return(0);
}
+ *(p++)='\0';
-int extract_port(char *str, short *port_ptr)
- {
- int i;
- struct servent *s;
+ if (host_ptr != NULL) *host_ptr=h;
+ if (port_ptr != NULL) *port_ptr=p;
- i=atoi(str);
- if (i != 0)
- *port_ptr=(unsigned short)i;
- else
- {
- s=getservbyname(str,"tcp");
- if (s == NULL)
- {
- BIO_printf(bio_err,"getservbyname failure for %s\n",str);
- return(0);
- }
- *port_ptr=ntohs((unsigned short)s->s_port);
- }
return(1);
}

View File

@ -0,0 +1,289 @@
diff -up openssl-1.0.1h/Configure.system openssl-1.0.1h/Configure
--- openssl-1.0.1h/Configure.system 2014-06-05 14:47:37.509312875 +0200
+++ openssl-1.0.1h/Configure 2014-06-11 14:05:28.560359069 +0200
@@ -10,7 +10,7 @@ use strict;
# see INSTALL for instructions.
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
# Options:
#
@@ -35,6 +35,9 @@ my $usage="Usage: Configure [no-<cipher>
# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently
# supported values are "MIT" and "Heimdal". A value is required.
#
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
+# cipher is specified (default).
+#
# --test-sanity Make a number of sanity checks on the data in this file.
# This is a debugging tool for OpenSSL developers.
#
@@ -663,6 +666,7 @@ my $prefix="";
my $libdir="";
my $openssldir="";
my $enginesdir="";
+my $system_ciphers_file="";
my $exe_ext="";
my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
my $cross_compile_prefix="";
@@ -895,6 +899,10 @@ PROCESS_ARGS:
{
$enginesdir=$1;
}
+ elsif (/^--system-ciphers-file=(.*)$/)
+ {
+ $system_ciphers_file=$1;
+ }
elsif (/^--install.prefix=(.*)$/)
{
$install_prefix=$1;
@@ -1053,6 +1061,7 @@ print "Configuring for $target\n";
&usage if (!defined($table{$target}));
+chop $system_ciphers_file if $system_ciphers_file =~ /\/$/;
foreach (sort (keys %disabled))
{
@@ -1607,6 +1616,7 @@ while (<IN>)
s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
s/^MULTILIB=.*$/MULTILIB=$multilib/;
s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
+ s/^SYSTEM_CIPHERS_FILE=.*$/SYSTEM_CIPHERS_FILE=$system_ciphers_file/;
s/^LIBDIR=.*$/LIBDIR=$libdir/;
s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
s/^PLATFORM=.*$/PLATFORM=$target/;
@@ -1812,6 +1822,14 @@ while (<IN>)
$foo =~ s/\\/\\\\/g;
print OUT "#define ENGINESDIR \"$foo\"\n";
}
+ elsif (/^#((define)|(undef))\s+SYSTEM_CIPHERS_FILE/)
+ {
+ my $foo = "$system_ciphers_file";
+ if ($foo ne '') {
+ $foo =~ s/\\/\\\\/g;
+ print OUT "#define SYSTEM_CIPHERS_FILE \"$foo\"\n";
+ }
+ }
elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
{ printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
if $export_var_as_fn;
diff -up openssl-1.0.1h/crypto/opensslconf.h.in.system openssl-1.0.1h/crypto/opensslconf.h.in
--- openssl-1.0.1h/crypto/opensslconf.h.in.system 2014-06-05 14:47:37.437311188 +0200
+++ openssl-1.0.1h/crypto/opensslconf.h.in 2014-06-11 13:31:44.497722345 +0200
@@ -25,6 +25,8 @@
#endif
#endif
+#undef SYSTEM_CIPHERS_FILE
+
#undef OPENSSL_UNISTD
#define OPENSSL_UNISTD <unistd.h>
diff -up openssl-1.0.1h/ssl/ssl_ciph.c.system openssl-1.0.1h/ssl/ssl_ciph.c
--- openssl-1.0.1h/ssl/ssl_ciph.c.system 2014-06-05 14:47:37.441311282 +0200
+++ openssl-1.0.1h/ssl/ssl_ciph.c 2014-06-11 13:55:28.194381937 +0200
@@ -1352,6 +1352,54 @@ static int ssl_cipher_process_rulestr(co
return(retval);
}
+#ifdef SYSTEM_CIPHERS_FILE
+static char* load_system_str(const char* suffix)
+ {
+ FILE* fp;
+ char buf[1024];
+ char *new_rules;
+ unsigned len, slen;
+
+ fp = fopen(SYSTEM_CIPHERS_FILE, "r");
+ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL)
+ {
+ /* cannot open or file is empty */
+ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST);
+ }
+
+ if (fp)
+ fclose(fp);
+
+ slen = strlen(suffix);
+ len = strlen(buf);
+
+ if (buf[len-1] == '\n')
+ {
+ len--;
+ buf[len] = 0;
+ }
+ if (buf[len-1] == '\r')
+ {
+ len--;
+ buf[len] = 0;
+ }
+
+ new_rules = OPENSSL_malloc(len + slen + 1);
+ if (new_rules == 0)
+ return NULL;
+
+ memcpy(new_rules, buf, len);
+ if (slen > 0)
+ {
+ memcpy(&new_rules[len], suffix, slen);
+ len += slen;
+ }
+ new_rules[len] = 0;
+
+ return new_rules;
+ }
+#endif
+
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) **cipher_list,
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
@@ -1359,16 +1407,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
{
int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
- STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
+ STACK_OF(SSL_CIPHER) *cipherstack = NULL, *tmp_cipher_list;
const char *rule_p;
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
const SSL_CIPHER **ca_list = NULL;
+#ifdef SYSTEM_CIPHERS_FILE
+ char *new_rules = NULL;
+
+ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0)
+ {
+ char *p = rule_str + 14;
+
+ new_rules = load_system_str(p);
+ rule_str = new_rules;
+ }
+#endif
/*
* Return with error if nothing to do.
*/
if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
- return NULL;
+ {
+ goto end;
+ }
/*
* To reduce the work to do we only want to process the compiled
@@ -1389,7 +1450,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
if (co_list == NULL)
{
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
- return(NULL); /* Failure */
+ goto end;
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
@@ -1431,8 +1492,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
* in force within each class */
if (!ssl_cipher_strength_sort(&head, &tail))
{
- OPENSSL_free(co_list);
- return NULL;
+ goto end;
}
/* Now disable everything (maintaining the ordering!) */
@@ -1452,9 +1512,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
if (ca_list == NULL)
{
- OPENSSL_free(co_list);
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
- return(NULL); /* Failure */
+ goto end;
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc,
@@ -1482,8 +1541,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
if (!ok)
{ /* Rule processing failure */
- OPENSSL_free(co_list);
- return(NULL);
+ goto end;
}
/*
@@ -1492,8 +1550,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
{
- OPENSSL_free(co_list);
- return(NULL);
+ goto end;
}
/*
@@ -1514,13 +1571,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
#endif
}
}
- OPENSSL_free(co_list); /* Not needed any longer */
tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
if (tmp_cipher_list == NULL)
{
sk_SSL_CIPHER_free(cipherstack);
- return NULL;
+ cipherstack = NULL;
+ goto end;
}
if (*cipher_list != NULL)
sk_SSL_CIPHER_free(*cipher_list);
@@ -1531,6 +1588,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
sk_SSL_CIPHER_sort(*cipher_list_by_id);
+
+end:
+ OPENSSL_free(co_list);
+#ifdef SYSTEM_CIPHERS_FILE
+ OPENSSL_free(new_rules);
+#endif
return(cipherstack);
}
diff -up openssl-1.0.1h/ssl/ssl.h.system openssl-1.0.1h/ssl/ssl.h
--- openssl-1.0.1h/ssl/ssl.h.system 2014-06-05 14:47:37.000000000 +0200
+++ openssl-1.0.1h/ssl/ssl.h 2014-06-11 14:08:35.243461447 +0200
@@ -338,6 +338,11 @@ extern "C" {
* (The latter are not actually enabled by ALL, but "ALL:RSA" would enable
* some of them.)
*/
+#ifdef SYSTEM_CIPHERS_FILE
+#define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
+#else
+#define SSL_SYSTEM_DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST
+#endif
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
#define SSL_SENT_SHUTDOWN 1
diff -up openssl-1.0.1h/ssl/ssl_lib.c.system openssl-1.0.1h/ssl/ssl_lib.c
--- openssl-1.0.1h/ssl/ssl_lib.c.system 2014-06-05 11:44:33.000000000 +0200
+++ openssl-1.0.1h/ssl/ssl_lib.c 2014-06-11 13:59:40.696578139 +0200
@@ -263,7 +263,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
&(ctx->cipher_list_by_id),
- meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
+ meth->version == SSL2_VERSION ? "SSLv2" : SSL_SYSTEM_DEFAULT_CIPHER_LIST);
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
{
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
@@ -1767,7 +1767,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
ssl_create_cipher_list(ret->method,
&ret->cipher_list,&ret->cipher_list_by_id,
- meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
+ meth->version == SSL2_VERSION ? "SSLv2" : SSL_SYSTEM_DEFAULT_CIPHER_LIST);
if (ret->cipher_list == NULL
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
{

View File

@ -0,0 +1,77 @@
diff -up openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod
--- openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod.algo-doc 2014-08-06 23:10:56.000000000 +0200
+++ openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod 2014-08-07 11:18:01.290773970 +0200
@@ -75,7 +75,7 @@ EVP_MD_CTX_create() allocates, initializ
EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
-function. B<type> will typically be supplied by a functionsuch as EVP_sha1().
+function. B<type> will typically be supplied by a function such as EVP_sha1().
If B<impl> is NULL then the default implementation of digest B<type> is used.
EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
@@ -164,7 +164,8 @@ corresponding OBJECT IDENTIFIER or NID_u
EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
EVP_MD_CTX_block_size() return the digest or block size in bytes.
-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
+EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_dss(),
EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
corresponding EVP_MD structures.
diff -up openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod
--- openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod.algo-doc 2014-08-06 23:10:56.000000000 +0200
+++ openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod 2014-08-07 10:55:25.100638252 +0200
@@ -91,6 +91,32 @@ EVP_CIPHER_CTX_set_padding - EVP cipher
int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+ const EVP_CIPHER *EVP_des_ede3(void);
+ const EVP_CIPHER *EVP_des_ede3_ecb(void);
+ const EVP_CIPHER *EVP_des_ede3_cfb64(void);
+ const EVP_CIPHER *EVP_des_ede3_cfb1(void);
+ const EVP_CIPHER *EVP_des_ede3_cfb8(void);
+ const EVP_CIPHER *EVP_des_ede3_ofb(void);
+ const EVP_CIPHER *EVP_des_ede3_cbc(void);
+ const EVP_CIPHER *EVP_aes_128_ecb(void);
+ const EVP_CIPHER *EVP_aes_128_cbc(void);
+ const EVP_CIPHER *EVP_aes_128_cfb1(void);
+ const EVP_CIPHER *EVP_aes_128_cfb8(void);
+ const EVP_CIPHER *EVP_aes_128_cfb128(void);
+ const EVP_CIPHER *EVP_aes_128_ofb(void);
+ const EVP_CIPHER *EVP_aes_192_ecb(void);
+ const EVP_CIPHER *EVP_aes_192_cbc(void);
+ const EVP_CIPHER *EVP_aes_192_cfb1(void);
+ const EVP_CIPHER *EVP_aes_192_cfb8(void);
+ const EVP_CIPHER *EVP_aes_192_cfb128(void);
+ const EVP_CIPHER *EVP_aes_192_ofb(void);
+ const EVP_CIPHER *EVP_aes_256_ecb(void);
+ const EVP_CIPHER *EVP_aes_256_cbc(void);
+ const EVP_CIPHER *EVP_aes_256_cfb1(void);
+ const EVP_CIPHER *EVP_aes_256_cfb8(void);
+ const EVP_CIPHER *EVP_aes_256_cfb128(void);
+ const EVP_CIPHER *EVP_aes_256_ofb(void);
+
=head1 DESCRIPTION
The EVP cipher routines are a high level interface to certain
@@ -297,6 +323,18 @@ Three key triple DES in CBC, ECB, CFB an
DESX algorithm in CBC mode.
+=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(), EVP_aes_128_ofb(void), EVP_aes_128_cfb1(void), EVP_aes_128_cfb8(void), EVP_aes_128_cfb128(void)
+
+AES with 128 bit key length in CBC, ECB, OFB and CFB modes respectively.
+
+=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(), EVP_aes_192_ofb(void), EVP_aes_192_cfb1(void), EVP_aes_192_cfb8(void), EVP_aes_192_cfb128(void)
+
+AES with 192 bit key length in CBC, ECB, OFB and CFB modes respectively.
+
+=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(), EVP_aes_256_ofb(void), EVP_aes_256_cfb1(void), EVP_aes_256_cfb8(void), EVP_aes_256_cfb128(void)
+
+AES with 256 bit key length in CBC, ECB, OFB and CFB modes respectively.
+
=item EVP_rc4(void)
RC4 stream cipher. This is a variable key length cipher with default key length 128 bits.

View File

@ -0,0 +1,86 @@
diff -up openssl-1.0.1i/doc/apps/ec.pod.manfix openssl-1.0.1i/doc/apps/ec.pod
--- openssl-1.0.1i/doc/apps/ec.pod.manfix 2014-07-22 21:41:23.000000000 +0200
+++ openssl-1.0.1i/doc/apps/ec.pod 2014-08-07 11:21:57.258887741 +0200
@@ -93,10 +93,6 @@ prints out the public, private key compo
this option prevents output of the encoded version of the key.
-=item B<-modulus>
-
-this option prints out the value of the public key component of the key.
-
=item B<-pubin>
by default a private key is read from the input file: with this option a
diff -up openssl-1.0.1i/doc/apps/openssl.pod.manfix openssl-1.0.1i/doc/apps/openssl.pod
--- openssl-1.0.1i/doc/apps/openssl.pod.manfix 2014-07-22 21:43:11.000000000 +0200
+++ openssl-1.0.1i/doc/apps/openssl.pod 2014-08-07 11:21:57.259887746 +0200
@@ -163,7 +163,7 @@ Create or examine a netscape certificate
Online Certificate Status Protocol utility.
-=item L<B<passwd>|passwd(1)>
+=item L<B<passwd>|sslpasswd(1)>
Generation of hashed passwords.
@@ -187,7 +187,7 @@ Public key algorithm parameter managemen
Public key algorithm cryptographic operation utility.
-=item L<B<rand>|rand(1)>
+=item L<B<rand>|sslrand(1)>
Generate pseudo-random bytes.
@@ -401,9 +401,9 @@ L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkc
L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>,
L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
-L<passwd(1)|passwd(1)>,
+L<sslpasswd(1)|sslpasswd(1)>,
L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
-L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
+L<sslrand(1)|sslrand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
diff -up openssl-1.0.1i/doc/apps/s_client.pod.manfix openssl-1.0.1i/doc/apps/s_client.pod
--- openssl-1.0.1i/doc/apps/s_client.pod.manfix 2014-08-06 23:10:56.000000000 +0200
+++ openssl-1.0.1i/doc/apps/s_client.pod 2014-08-07 11:24:28.736604443 +0200
@@ -34,9 +34,14 @@ B<openssl> B<s_client>
[B<-ssl2>]
[B<-ssl3>]
[B<-tls1>]
+[B<-tls1_1>]
+[B<-tls1_2>]
+[B<-dtls1>]
[B<-no_ssl2>]
[B<-no_ssl3>]
[B<-no_tls1>]
+[B<-no_tls1_1>]
+[B<-no_tls1_2>]
[B<-bugs>]
[B<-cipher cipherlist>]
[B<-serverpref>]
@@ -196,7 +201,7 @@ Use the PSK key B<key> when using a PSK
given as a hexadecimal number without leading 0x, for example -psk
1a2b3c4d.
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
these options disable the use of certain SSL or TLS protocols. By default
the initial handshake uses a method which should be compatible with all
diff -up openssl-1.0.1i/doc/apps/s_server.pod.manfix openssl-1.0.1i/doc/apps/s_server.pod
--- openssl-1.0.1i/doc/apps/s_server.pod.manfix 2014-08-06 23:10:56.000000000 +0200
+++ openssl-1.0.1i/doc/apps/s_server.pod 2014-08-07 11:21:57.259887746 +0200
@@ -216,7 +216,7 @@ Use the PSK key B<key> when using a PSK
given as a hexadecimal number without leading 0x, for example -psk
1a2b3c4d.
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
these options disable the use of certain SSL or TLS protocols. By default
the initial handshake uses a method which should be compatible with all

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

2031
openssl-1.0.1j-fips-ec.patch Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,407 @@
diff -up openssl-1.0.1k/apps/apps.c.alt-chains openssl-1.0.1k/apps/apps.c
--- openssl-1.0.1k/apps/apps.c.alt-chains 2015-07-09 14:58:55.949753674 +0200
+++ openssl-1.0.1k/apps/apps.c 2015-07-09 14:58:55.970754174 +0200
@@ -2365,6 +2365,8 @@ int args_verify(char ***pargs, int *parg
flags |= X509_V_FLAG_NOTIFY_POLICY;
else if (!strcmp(arg, "-check_ss_sig"))
flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
+ else if (!strcmp(arg, "-no_alt_chains"))
+ flags |= X509_V_FLAG_NO_ALT_CHAINS;
else if (!strcmp(arg, "-trusted_first"))
flags |= X509_V_FLAG_TRUSTED_FIRST;
else
diff -up openssl-1.0.1k/apps/cms.c.alt-chains openssl-1.0.1k/apps/cms.c
--- openssl-1.0.1k/apps/cms.c.alt-chains 2015-07-09 14:58:55.949753674 +0200
+++ openssl-1.0.1k/apps/cms.c 2015-07-09 14:58:55.970754174 +0200
@@ -642,6 +642,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-no_alt_chains only ever use the first certificate chain found\n");
BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
diff -up openssl-1.0.1k/apps/ocsp.c.alt-chains openssl-1.0.1k/apps/ocsp.c
--- openssl-1.0.1k/apps/ocsp.c.alt-chains 2015-07-09 14:58:55.949753674 +0200
+++ openssl-1.0.1k/apps/ocsp.c 2015-07-09 14:58:55.971754198 +0200
@@ -605,6 +605,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-path path to use in OCSP request\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-no_alt_chains only ever use the first certificate chain found\n");
BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
BIO_printf (bio_err, "-VAfile file validator certificates file\n");
BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
diff -up openssl-1.0.1k/apps/s_client.c.alt-chains openssl-1.0.1k/apps/s_client.c
--- openssl-1.0.1k/apps/s_client.c.alt-chains 2015-07-09 14:58:55.956753841 +0200
+++ openssl-1.0.1k/apps/s_client.c 2015-07-09 14:58:55.971754198 +0200
@@ -299,6 +299,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err," -no_alt_chains - only ever use the first certificate chain found\n");
BIO_printf(bio_err," -trusted_first - Use trusted CA's first when building the trust chain\n");
BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
diff -up openssl-1.0.1k/apps/smime.c.alt-chains openssl-1.0.1k/apps/smime.c
--- openssl-1.0.1k/apps/smime.c.alt-chains 2015-07-09 14:58:55.950753698 +0200
+++ openssl-1.0.1k/apps/smime.c 2015-07-09 14:58:55.971754198 +0200
@@ -479,6 +479,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-no_alt_chains only ever use the first certificate chain found\n");
BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
diff -up openssl-1.0.1k/apps/s_server.c.alt-chains openssl-1.0.1k/apps/s_server.c
--- openssl-1.0.1k/apps/s_server.c.alt-chains 2015-07-09 14:58:55.950753698 +0200
+++ openssl-1.0.1k/apps/s_server.c 2015-07-09 14:58:55.971754198 +0200
@@ -502,6 +502,7 @@ static void sv_usage(void)
BIO_printf(bio_err," -state - Print the SSL states\n");
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err," -no_alt_chains - only ever use the first certificate chain found\n");
BIO_printf(bio_err," -trusted_first - Use trusted CA's first when building the trust chain\n");
BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
diff -up openssl-1.0.1k/apps/verify.c.alt-chains openssl-1.0.1k/apps/verify.c
--- openssl-1.0.1k/apps/verify.c.alt-chains 2015-07-09 14:58:55.951753722 +0200
+++ openssl-1.0.1k/apps/verify.c 2015-07-09 14:58:55.972754221 +0200
@@ -238,7 +238,7 @@ int MAIN(int argc, char **argv)
end:
if (ret == 1) {
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-trusted_first] [-purpose purpose] [-crl_check]");
- BIO_printf(bio_err," [-attime timestamp]");
+ BIO_printf(bio_err," [-no_alt_chains] [-attime timestamp]");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," [-engine e]");
#endif
diff -up openssl-1.0.1k/crypto/x509/x509_vfy.c.alt-chains openssl-1.0.1k/crypto/x509/x509_vfy.c
--- openssl-1.0.1k/crypto/x509/x509_vfy.c.alt-chains 2015-07-09 14:58:55.951753722 +0200
+++ openssl-1.0.1k/crypto/x509/x509_vfy.c 2015-07-09 15:28:03.630442145 +0200
@@ -154,11 +154,11 @@ static int x509_subject_cmp(X509 **a, X5
int X509_verify_cert(X509_STORE_CTX *ctx)
{
- X509 *x,*xtmp,*chain_ss=NULL;
+ X509 *x,*xtmp,*xtmp2,*chain_ss=NULL;
int bad_chain = 0;
X509_VERIFY_PARAM *param = ctx->param;
int depth,i,ok=0;
- int num;
+ int num, j, retry;
int (*cb)(int xok,X509_STORE_CTX *xctx);
STACK_OF(X509) *sktmp=NULL;
if (ctx->cert == NULL)
@@ -167,21 +167,27 @@ int X509_verify_cert(X509_STORE_CTX *ctx
return -1;
}
+ if (ctx->chain != NULL) {
+ /*
+ * This X509_STORE_CTX has already been used to verify a cert. We
+ * cannot do another one.
+ */
+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+
cb=ctx->verify_cb;
/* first we make sure the chain we are going to build is
* present and that the first entry is in place */
- if (ctx->chain == NULL)
+ if ( ((ctx->chain=sk_X509_new_null()) == NULL) ||
+ (!sk_X509_push(ctx->chain,ctx->cert)))
{
- if ( ((ctx->chain=sk_X509_new_null()) == NULL) ||
- (!sk_X509_push(ctx->chain,ctx->cert)))
- {
- X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
- goto end;
- }
- CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
- ctx->last_untrusted=1;
+ X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
+ goto end;
}
+ CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
+ ctx->last_untrusted=1;
/* We use a temporary STACK so we can chop and hack at it */
if (ctx->untrusted != NULL
@@ -247,10 +253,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx
break;
}
+ /* Remember how many untrusted certs we have */
+ j = num;
+
/* at this point, chain should contain a list of untrusted
* certificates. We now need to add at least one trusted one,
* if possible, otherwise we complain. */
+ do {
/* Examine last certificate in chain and see if it
* is self signed.
*/
@@ -294,6 +304,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx
chain_ss=sk_X509_pop(ctx->chain);
ctx->last_untrusted--;
num--;
+ j--;
x=sk_X509_value(ctx->chain,num-1);
}
}
@@ -322,7 +333,42 @@ int X509_verify_cert(X509_STORE_CTX *ctx
num++;
}
- /* we now have our chain, lets check it... */
+ /*
+ * If we haven't got a least one certificate from our store then check
+ * if there is an alternative chain that could be used. We only do this
+ * if the user hasn't switched off alternate chain checking
+ */
+ retry = 0;
+ if (num == ctx->last_untrusted &&
+ !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
+ while (j-- > 1) {
+ xtmp2 = sk_X509_value(ctx->chain, j - 1);
+ ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
+ if (ok < 0)
+ goto end;
+ /* Check if we found an alternate chain */
+ if (ok > 0) {
+ /*
+ * Free up the found cert we'll add it again later
+ */
+ X509_free(xtmp);
+
+ /*
+ * Dump all the certs above this point - we've found an
+ * alternate chain
+ */
+ while (num > j) {
+ xtmp = sk_X509_pop(ctx->chain);
+ X509_free(xtmp);
+ num--;
+ }
+ ctx->last_untrusted = j;
+ retry = 1;
+ break;
+ }
+ }
+ }
+ } while (retry);
/* Is last certificate looked up self signed? */
if (!ctx->check_issued(ctx,x,x))
diff -up openssl-1.0.1k/crypto/x509/x509_vfy.h.alt-chains openssl-1.0.1k/crypto/x509/x509_vfy.h
--- openssl-1.0.1k/crypto/x509/x509_vfy.h.alt-chains 2015-07-09 14:58:55.951753722 +0200
+++ openssl-1.0.1k/crypto/x509/x509_vfy.h 2015-07-09 14:58:55.972754221 +0200
@@ -391,7 +391,12 @@ void X509_STORE_CTX_set_depth(X509_STORE
#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
/* Use trusted store first */
#define X509_V_FLAG_TRUSTED_FIRST 0x8000
-
+/*
+ * If the initial chain is not trusted, do not attempt to build an alternative
+ * chain. Alternate chain checking was introduced in 1.0.1n/1.0.2b. Setting
+ * this flag will force the behaviour to match that of previous versions.
+ */
+#define X509_V_FLAG_NO_ALT_CHAINS 0x100000
#define X509_VP_FLAG_DEFAULT 0x1
#define X509_VP_FLAG_OVERWRITE 0x2
diff -up openssl-1.0.1k/doc/apps/cms.pod.alt-chains openssl-1.0.1k/doc/apps/cms.pod
--- openssl-1.0.1k/doc/apps/cms.pod.alt-chains 2015-07-09 14:58:55.951753722 +0200
+++ openssl-1.0.1k/doc/apps/cms.pod 2015-07-09 14:58:55.972754221 +0200
@@ -35,6 +35,7 @@ B<openssl> B<cms>
[B<-print>]
[B<-CAfile file>]
[B<-CApath dir>]
+[B<-no_alt_chains>]
[B<-trusted_first>]
[B<-md digest>]
[B<-[cipher]>]
@@ -413,7 +414,7 @@ portion of a message so they may be incl
then many S/MIME mail clients check the signers certificate's email
address matches that specified in the From: address.
-=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
+=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
Set various certificate chain valiadition option. See the
L<B<verify>|verify(1)> manual page for details.
diff -up openssl-1.0.1k/doc/apps/ocsp.pod.alt-chains openssl-1.0.1k/doc/apps/ocsp.pod
--- openssl-1.0.1k/doc/apps/ocsp.pod.alt-chains 2015-07-09 14:58:55.951753722 +0200
+++ openssl-1.0.1k/doc/apps/ocsp.pod 2015-07-09 14:58:55.973754245 +0200
@@ -29,6 +29,7 @@ B<openssl> B<ocsp>
[B<-path>]
[B<-CApath dir>]
[B<-CAfile file>]
+[B<-no_alt_chains>]]
[B<-trusted_first>]
[B<-VAfile file>]
[B<-validity_period n>]
@@ -143,6 +144,10 @@ connection timeout to the OCSP responder
file or pathname containing trusted CA certificates. These are used to verify
the signature on the OCSP response.
+=item B<-no_alt_chains>
+
+See L<B<verify>|verify(1)> manual page for details.
+
=item B<-trusted_first>
Use certificates in CA file or CA directory over certificates provided
diff -up openssl-1.0.1k/doc/apps/s_client.pod.alt-chains openssl-1.0.1k/doc/apps/s_client.pod
--- openssl-1.0.1k/doc/apps/s_client.pod.alt-chains 2015-07-09 14:58:55.952753746 +0200
+++ openssl-1.0.1k/doc/apps/s_client.pod 2015-07-09 14:58:55.973754245 +0200
@@ -19,6 +19,7 @@ B<openssl> B<s_client>
[B<-pass arg>]
[B<-CApath directory>]
[B<-CAfile filename>]
+[B<-no_alt_chains>]
[B<-trusted_first>]
[B<-reconnect>]
[B<-pause>]
@@ -122,7 +123,7 @@ also used when building the client certi
A file containing trusted certificates to use during server authentication
and to use when attempting to build the client certificate chain.
-=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first>
+=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
Set various certificate chain valiadition option. See the
L<B<verify>|verify(1)> manual page for details.
diff -up openssl-1.0.1k/doc/apps/smime.pod.alt-chains openssl-1.0.1k/doc/apps/smime.pod
--- openssl-1.0.1k/doc/apps/smime.pod.alt-chains 2015-07-09 14:58:55.952753746 +0200
+++ openssl-1.0.1k/doc/apps/smime.pod 2015-07-09 14:58:55.973754245 +0200
@@ -17,6 +17,7 @@ B<openssl> B<smime>
[B<-in file>]
[B<-CAfile file>]
[B<-CApath dir>]
+[B<-no_alt_chains>]
[B<-trusted_first>]
[B<-certfile file>]
[B<-signer file>]
@@ -268,7 +269,7 @@ portion of a message so they may be incl
then many S/MIME mail clients check the signers certificate's email
address matches that specified in the From: address.
-=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
+=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
Set various options of certificate chain verification. See
L<B<verify>|verify(1)> manual page for details.
diff -up openssl-1.0.1k/doc/apps/s_server.pod.alt-chains openssl-1.0.1k/doc/apps/s_server.pod
--- openssl-1.0.1k/doc/apps/s_server.pod.alt-chains 2015-07-09 14:58:55.952753746 +0200
+++ openssl-1.0.1k/doc/apps/s_server.pod 2015-07-09 14:58:55.973754245 +0200
@@ -33,6 +33,7 @@ B<openssl> B<s_server>
[B<-state>]
[B<-CApath directory>]
[B<-CAfile filename>]
+[B<-no_alt_chains>]
[B<-trusted_first>]
[B<-nocert>]
[B<-cipher cipherlist>]
@@ -179,6 +180,10 @@ and to use when attempting to build the
is also used in the list of acceptable client CAs passed to the client when
a certificate is requested.
+=item B<-no_alt_chains>
+
+See the L<B<verify>|verify(1)> manual page for details.
+
=item B<-trusted_first>
Use certificates in CA file or CA directory before other certificates
diff -up openssl-1.0.1k/doc/apps/verify.pod.alt-chains openssl-1.0.1k/doc/apps/verify.pod
--- openssl-1.0.1k/doc/apps/verify.pod.alt-chains 2015-07-09 14:58:55.952753746 +0200
+++ openssl-1.0.1k/doc/apps/verify.pod 2015-07-09 14:58:55.973754245 +0200
@@ -23,6 +23,7 @@ B<openssl> B<verify>
[B<-extended_crl>]
[B<-use_deltas>]
[B<-policy_print>]
+[B<-no_alt_chains>]
[B<-untrusted file>]
[B<-help>]
[B<-issuer_checks>]
@@ -115,6 +116,14 @@ Set policy variable inhibit-any-policy (
Set policy variable inhibit-policy-mapping (see RFC5280).
+=item B<-no_alt_chains>
+
+When building a certificate chain, if the first certificate chain found is not
+trusted, then OpenSSL will continue to check to see if an alternative chain can
+be found that is trusted. With this option that behaviour is suppressed so that
+only the first chain found is ever used. Using this option will force the
+behaviour to match that of previous OpenSSL versions.
+
=item B<-policy_print>
Print out diagnostics related to policy processing.
diff -up openssl-1.0.1k/doc/crypto/X509_STORE_CTX_new.pod.alt-chains openssl-1.0.1k/doc/crypto/X509_STORE_CTX_new.pod
--- openssl-1.0.1k/doc/crypto/X509_STORE_CTX_new.pod.alt-chains 2014-10-15 15:49:15.000000000 +0200
+++ openssl-1.0.1k/doc/crypto/X509_STORE_CTX_new.pod 2015-07-09 15:29:16.461174414 +0200
@@ -39,10 +39,15 @@ X509_STORE_CTX_free() completely frees u
is no longer valid.
X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
-The trusted certificate store is set to B<store>, the end entity certificate
-to be verified is set to B<x509> and a set of additional certificates (which
-will be untrusted but may be used to build the chain) in B<chain>. Any or
-all of the B<store>, B<x509> and B<chain> parameters can be B<NULL>.
+It must be called before each call to X509_verify_cert(), i.e. a B<ctx> is only
+good for one call to X509_verify_cert(); if you want to verify a second
+certificate with the same B<ctx> then you must call X509_XTORE_CTX_cleanup()
+and then X509_STORE_CTX_init() again before the second call to
+X509_verify_cert(). The trusted certificate store is set to B<store>, the end
+entity certificate to be verified is set to B<x509> and a set of additional
+certificates (which will be untrusted but may be used to build the chain) in
+B<chain>. Any or all of the B<store>, B<x509> and B<chain> parameters can be
+B<NULL>.
X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B<ctx>
to B<sk>. This is an alternative way of specifying trusted certificates
diff -up openssl-1.0.1k/doc/crypto/X509_verify_cert.pod.alt-chains openssl-1.0.1k/doc/crypto/X509_verify_cert.pod
--- openssl-1.0.1k/doc/crypto/X509_verify_cert.pod.alt-chains 2014-10-15 15:49:15.000000000 +0200
+++ openssl-1.0.1k/doc/crypto/X509_verify_cert.pod 2015-07-09 15:29:16.461174414 +0200
@@ -32,7 +32,8 @@ OpenSSL internally for certificate valid
SSL/TLS code.
The negative return value from X509_verify_cert() can only occur if no
-certificate is set in B<ctx> (due to a programming error) or if a retry
+certificate is set in B<ctx> (due to a programming error); if X509_verify_cert()
+twice without reinitialising B<ctx> in between; or if a retry
operation is requested during internal lookups (which never happens with
standard lookup methods). It is however recommended that application check
for <= 0 return value on error.
diff -up openssl-1.0.1k/doc/crypto/X509_VERIFY_PARAM_set_flags.pod.alt-chains openssl-1.0.1k/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
--- openssl-1.0.1k/doc/crypto/X509_VERIFY_PARAM_set_flags.pod.alt-chains 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1k/doc/crypto/X509_VERIFY_PARAM_set_flags.pod 2015-07-09 14:58:55.973754245 +0200
@@ -133,6 +133,12 @@ verification. If this flag is set then a
to the verification callback and it B<must> be prepared to handle such cases
without assuming they are hard errors.
+The B<X509_V_FLAG_NO_ALT_CHAINS> flag suppresses checking for alternative
+chains. By default, when building a certificate chain, if the first certificate
+chain found is not trusted, then OpenSSL will continue to check to see if an
+alternative chain can be found that is trusted. With this flag set the behaviour
+will match that of OpenSSL versions prior to 1.0.1n and 1.0.2b.
+
=head1 NOTES
The above functions should be used to manipulate verification parameters
@@ -166,6 +172,6 @@ L<X509_verify_cert(3)|X509_verify_cert(3
=head1 HISTORY
-TBA
+The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in upstream OpenSSL 1.0.1n and 1.0.2b
=cut

View File

@ -0,0 +1,82 @@
diff -up openssl-1.0.1e/crypto/asn1/x_x509.c.use-after-free openssl-1.0.1e/crypto/asn1/x_x509.c
--- openssl-1.0.1e/crypto/asn1/x_x509.c.use-after-free 2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/crypto/asn1/x_x509.c 2015-06-11 11:14:52.581856349 +0200
@@ -170,8 +170,14 @@ X509 *d2i_X509_AUX(X509 **a, const unsig
{
const unsigned char *q;
X509 *ret;
+ int freeret = 0;
+
/* Save start position */
q = *pp;
+
+ if(!a || *a == NULL) {
+ freeret = 1;
+ }
ret = d2i_X509(a, pp, length);
/* If certificate unreadable then forget it */
if(!ret) return NULL;
@@ -181,7 +187,11 @@ X509 *d2i_X509_AUX(X509 **a, const unsig
if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
return ret;
err:
- X509_free(ret);
+ if(freeret) {
+ X509_free(ret);
+ if (a)
+ *a = NULL;
+ }
return NULL;
}
diff -up openssl-1.0.1k/crypto/ec/ec_asn1.c.use-after-free openssl-1.0.1k/crypto/ec/ec_asn1.c
--- openssl-1.0.1k/crypto/ec/ec_asn1.c.use-after-free 2014-10-15 15:49:54.000000000 +0200
+++ openssl-1.0.1k/crypto/ec/ec_asn1.c 2015-03-19 17:28:03.349627040 +0100
@@ -1142,8 +1142,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
ERR_R_MALLOC_FAILURE);
goto err;
}
- if (a)
- *a = ret;
}
else
ret = *a;
@@ -1225,11 +1223,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
ret->enc_flag |= EC_PKEY_NO_PUBKEY;
}
+ if (a)
+ *a = ret;
ok = 1;
err:
if (!ok)
{
- if (ret)
+ if (ret && (a == NULL || *a != ret))
EC_KEY_free(ret);
ret = NULL;
}
@@ -1377,8 +1377,6 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, con
ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
return NULL;
}
- if (a)
- *a = ret;
}
else
ret = *a;
@@ -1386,9 +1384,14 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, con
if (!d2i_ECPKParameters(&ret->group, in, len))
{
ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
+ if (a == NULL || *a != ret)
+ EC_KEY_free(ret);
return NULL;
}
+ if (a)
+ *a = ret;
+
return ret;
}

View File

@ -0,0 +1,163 @@
diff -up openssl-1.0.1k/crypto/pkcs7/pk7_doit.c.pkcs7-null-deref openssl-1.0.1k/crypto/pkcs7/pk7_doit.c
--- openssl-1.0.1k/crypto/pkcs7/pk7_doit.c.pkcs7-null-deref 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1k/crypto/pkcs7/pk7_doit.c 2015-03-19 17:30:36.797650980 +0100
@@ -272,6 +272,27 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
PKCS7_RECIP_INFO *ri=NULL;
ASN1_OCTET_STRING *os=NULL;
+ if (p7 == NULL)
+ {
+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
+ return NULL;
+ }
+ /*
+ * The content field in the PKCS7 ContentInfo is optional, but that really
+ * only applies to inner content (precisely, detached signatures).
+ *
+ * When reading content, missing outer content is therefore treated as an
+ * error.
+ *
+ * When creating content, PKCS7_content_new() must be called before
+ * calling this method, so a NULL p7->d is always an error.
+ */
+ if (p7->d.ptr == NULL)
+ {
+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
+ return NULL;
+ }
+
i=OBJ_obj2nid(p7->type);
p7->state=PKCS7_S_HEADER;
@@ -433,6 +454,18 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
unsigned char *ek = NULL, *tkey = NULL;
int eklen = 0, tkeylen = 0;
+ if (p7 == NULL)
+ {
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
+ return NULL;
+ }
+
+ if (p7->d.ptr == NULL)
+ {
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+ return NULL;
+ }
+
i=OBJ_obj2nid(p7->type);
p7->state=PKCS7_S_HEADER;
@@ -752,6 +785,18 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
ASN1_OCTET_STRING *os=NULL;
+ if (p7 == NULL)
+ {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
+ return 0;
+ }
+
+ if (p7->d.ptr == NULL)
+ {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
+ return 0;
+ }
+
EVP_MD_CTX_init(&ctx_tmp);
i=OBJ_obj2nid(p7->type);
p7->state=PKCS7_S_HEADER;
@@ -796,6 +841,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
/* If detached data then the content is excluded */
if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
M_ASN1_OCTET_STRING_free(os);
+ os = NULL;
p7->d.sign->contents->d.data = NULL;
}
break;
@@ -806,6 +852,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
{
M_ASN1_OCTET_STRING_free(os);
+ os = NULL;
p7->d.digest->contents->d.data = NULL;
}
break;
@@ -878,23 +925,32 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
}
- if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF))
+ if (!PKCS7_is_detached(p7))
{
- char *cont;
- long contlen;
- btmp=BIO_find_type(bio,BIO_TYPE_MEM);
- if (btmp == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+ /*
+ * NOTE(emilia): I think we only reach os == NULL here because detached
+ * digested data support is broken.
+ */
+ if (os == NULL)
goto err;
+ if (!(os->flags & ASN1_STRING_FLAG_NDEF))
+ {
+ char *cont;
+ long contlen;
+ btmp=BIO_find_type(bio,BIO_TYPE_MEM);
+ if (btmp == NULL)
+ {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+ goto err;
+ }
+ contlen = BIO_get_mem_data(btmp, &cont);
+ /* Mark the BIO read only then we can use its copy of the data
+ * instead of making an extra copy.
+ */
+ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+ BIO_set_mem_eof_return(btmp, 0);
+ ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
}
- contlen = BIO_get_mem_data(btmp, &cont);
- /* Mark the BIO read only then we can use its copy of the data
- * instead of making an extra copy.
- */
- BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
- BIO_set_mem_eof_return(btmp, 0);
- ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
}
ret=1;
err:
@@ -971,6 +1027,18 @@ int PKCS7_dataVerify(X509_STORE *cert_st
STACK_OF(X509) *cert;
X509 *x509;
+ if (p7 == NULL)
+ {
+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
+ return 0;
+ }
+
+ if (p7->d.ptr == NULL)
+ {
+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
+ return 0;
+ }
+
if (PKCS7_type_is_signed(p7))
{
cert=p7->d.sign->cert;
diff -up openssl-1.0.1k/crypto/pkcs7/pk7_lib.c.pkcs7-null-deref openssl-1.0.1k/crypto/pkcs7/pk7_lib.c
--- openssl-1.0.1k/crypto/pkcs7/pk7_lib.c.pkcs7-null-deref 2014-10-15 15:49:15.000000000 +0200
+++ openssl-1.0.1k/crypto/pkcs7/pk7_lib.c 2015-03-19 17:30:36.797650980 +0100
@@ -459,6 +459,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EV
STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
{
+ if (p7 == NULL || p7->d.ptr == NULL)
+ return NULL;
if (PKCS7_type_is_signed(p7))
{
return(p7->d.sign->signer_info);

View File

@ -0,0 +1,231 @@
diff -up openssl-1.0.1k/ssl/ssl_err.c.ticket-race openssl-1.0.1k/ssl/ssl_err.c
--- openssl-1.0.1k/ssl/ssl_err.c.ticket-race 2015-06-15 17:06:22.699702477 +0200
+++ openssl-1.0.1k/ssl/ssl_err.c 2015-06-15 17:06:22.704702592 +0200
@@ -245,6 +245,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
+{ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"},
{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
{ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"},
diff -up openssl-1.0.1k/ssl/ssl.h.ticket-race openssl-1.0.1k/ssl/ssl.h
--- openssl-1.0.1k/ssl/ssl.h.ticket-race 2015-06-15 17:06:22.700702500 +0200
+++ openssl-1.0.1k/ssl/ssl.h 2015-06-15 17:06:22.704702592 +0200
@@ -2203,6 +2203,7 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL_READ 223
#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
+#define SSL_F_SSL_SESSION_DUP 348
#define SSL_F_SSL_SESSION_NEW 189
#define SSL_F_SSL_SESSION_PRINT_FP 190
#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312
diff -up openssl-1.0.1k/ssl/ssl_locl.h.ticket-race openssl-1.0.1k/ssl/ssl_locl.h
--- openssl-1.0.1k/ssl/ssl_locl.h.ticket-race 2015-06-15 17:06:22.543698865 +0200
+++ openssl-1.0.1k/ssl/ssl_locl.h 2015-06-15 17:06:22.705702616 +0200
@@ -831,6 +831,7 @@ void ssl_sess_cert_free(SESS_CERT *sc);
int ssl_set_peer_cert_type(SESS_CERT *c, int type);
int ssl_get_new_session(SSL *s, int session);
int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
+SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
ssl_cipher_id);
diff -up openssl-1.0.1k/ssl/ssl_sess.c.ticket-race openssl-1.0.1k/ssl/ssl_sess.c
--- openssl-1.0.1k/ssl/ssl_sess.c.ticket-race 2015-01-08 15:00:56.000000000 +0100
+++ openssl-1.0.1k/ssl/ssl_sess.c 2015-06-15 17:06:22.705702616 +0200
@@ -224,6 +224,146 @@ SSL_SESSION *SSL_SESSION_new(void)
return(ss);
}
+/*
+ * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
+ * ticket == 0 then no ticket information is duplicated, otherwise it is.
+ */
+SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
+{
+ SSL_SESSION *dest;
+
+ dest = OPENSSL_malloc(sizeof(*src));
+ if (dest == NULL)
+ {
+ goto err;
+ }
+ memcpy(dest, src, sizeof(*dest));
+
+ /*
+ * Set the various pointers to NULL so that we can call SSL_SESSION_free in
+ * the case of an error whilst halfway through constructing dest
+ */
+#ifndef OPENSSL_NO_PSK
+ dest->psk_identity_hint = NULL;
+ dest->psk_identity = NULL;
+#endif
+ dest->ciphers = NULL;
+#ifndef OPENSSL_NO_TLSEXT
+ dest->tlsext_hostname = NULL;
+# ifndef OPENSSL_NO_EC
+ dest->tlsext_ecpointformatlist = NULL;
+ dest->tlsext_ellipticcurvelist = NULL;
+# endif
+#endif
+ dest->tlsext_tick = NULL;
+#ifndef OPENSSL_NO_SRP
+ dest->srp_username = NULL;
+#endif
+ memset(&dest->ex_data, 0, sizeof(dest->ex_data));
+
+ /* We deliberately don't copy the prev and next pointers */
+ dest->prev = NULL;
+ dest->next = NULL;
+
+ dest->references = 1;
+
+ if (src->sess_cert != NULL)
+ CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT);
+
+ if (src->peer != NULL)
+ CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);
+
+#ifndef OPENSSL_NO_PSK
+ if (src->psk_identity_hint)
+ {
+ dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint);
+ if (dest->psk_identity_hint == NULL)
+ {
+ goto err;
+ }
+ }
+ if (src->psk_identity)
+ {
+ dest->psk_identity = BUF_strdup(src->psk_identity);
+ if (dest->psk_identity == NULL)
+ {
+ goto err;
+ }
+ }
+#endif
+
+ if(src->ciphers != NULL)
+ {
+ dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
+ if (dest->ciphers == NULL)
+ goto err;
+ }
+
+ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
+ &dest->ex_data, &src->ex_data))
+ {
+ goto err;
+ }
+
+#ifndef OPENSSL_NO_TLSEXT
+ if (src->tlsext_hostname)
+ {
+ dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname);
+ if (dest->tlsext_hostname == NULL)
+ {
+ goto err;
+ }
+ }
+# ifndef OPENSSL_NO_EC
+ if (src->tlsext_ecpointformatlist)
+ {
+ dest->tlsext_ecpointformatlist =
+ BUF_memdup(src->tlsext_ecpointformatlist,
+ src->tlsext_ecpointformatlist_length);
+ if (dest->tlsext_ecpointformatlist == NULL)
+ goto err;
+ }
+ if (src->tlsext_ellipticcurvelist)
+ {
+ dest->tlsext_ellipticcurvelist =
+ BUF_memdup(src->tlsext_ellipticcurvelist,
+ src->tlsext_ellipticcurvelist_length);
+ if (dest->tlsext_ellipticcurvelist == NULL)
+ goto err;
+ }
+# endif
+#endif
+
+ if (ticket != 0)
+ {
+ dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen);
+ if(dest->tlsext_tick == NULL)
+ goto err;
+ }
+ else
+ {
+ dest->tlsext_tick_lifetime_hint = 0;
+ dest->tlsext_ticklen = 0;
+ }
+
+#ifndef OPENSSL_NO_SRP
+ if (src->srp_username)
+ {
+ dest->srp_username = BUF_strdup(src->srp_username);
+ if (dest->srp_username == NULL)
+ {
+ goto err;
+ }
+ }
+#endif
+
+ return dest;
+err:
+ SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
+ SSL_SESSION_free(dest);
+ return NULL;
+}
+
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
{
if(len)
diff -up openssl-1.0.1k/ssl/s3_clnt.c.ticket-race openssl-1.0.1k/ssl/s3_clnt.c
--- openssl-1.0.1k/ssl/s3_clnt.c.ticket-race 2015-06-15 17:06:22.700702500 +0200
+++ openssl-1.0.1k/ssl/s3_clnt.c 2015-06-15 17:06:37.434043557 +0200
@@ -2191,6 +2191,44 @@ int ssl3_get_new_session_ticket(SSL *s)
}
p=d=(unsigned char *)s->init_msg;
+
+ if (s->session->session_id_length > 0)
+ {
+ int i = s->session_ctx->session_cache_mode;
+ SSL_SESSION *new_sess;
+ /*
+ * We reused an existing session, so we need to replace it with a new
+ * one
+ */
+ if (i & SSL_SESS_CACHE_CLIENT)
+ {
+ /*
+ * Remove the old session from the cache
+ */
+ if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
+ {
+ if (s->session_ctx->remove_session_cb != NULL)
+ s->session_ctx->remove_session_cb(s->session_ctx,
+ s->session);
+ }
+ else
+ {
+ /* We carry on if this fails */
+ SSL_CTX_remove_session(s->session_ctx, s->session);
+ }
+ }
+
+ if ((new_sess = ssl_session_dup(s->session, 0)) == 0)
+ {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
+
+ SSL_SESSION_free(s->session);
+ s->session = new_sess;
+ }
+
n2l(p, s->session->tlsext_tick_lifetime_hint);
n2s(p, ticklen);
/* ticket_lifetime_hint + ticket_length + ticket */

View File

@ -0,0 +1,208 @@
diff -up openssl-1.0.1k/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod.logjam openssl-1.0.1k/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
--- openssl-1.0.1k/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod.logjam 2015-05-29 16:02:33.335187143 +0200
+++ openssl-1.0.1k/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod 2015-05-29 16:05:16.611940775 +0200
@@ -61,12 +61,12 @@ negotiation is being saved.
If "strong" primes were used to generate the DH parameters, it is not strictly
necessary to generate a new key for each handshake but it does improve forward
-secrecy. If it is not assured, that "strong" primes were used (see especially
-the section about DSA parameters below), SSL_OP_SINGLE_DH_USE must be used
-in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE
-has an impact on the computer time needed during negotiation, but it is not
-very large, so application authors/users should consider to always enable
-this option.
+secrecy. If it is not assured that "strong" primes were used,
+SSL_OP_SINGLE_DH_USE must be used in order to prevent small subgroup
+attacks. Always using SSL_OP_SINGLE_DH_USE has an impact on the
+computer time needed during negotiation, but it is not very large, so
+application authors/users should consider always enabling this option.
+The option is required to implement perfect forward secrecy (PFS).
As generating DH parameters is extremely time consuming, an application
should not generate the parameters on the fly but supply the parameters.
@@ -74,82 +74,62 @@ DH parameters can be reused, as the actu
the negotiation. The risk in reusing DH parameters is that an attacker
may specialize on a very often used DH group. Applications should therefore
generate their own DH parameters during the installation process using the
-openssl L<dhparam(1)|dhparam(1)> application. In order to reduce the computer
-time needed for this generation, it is possible to use DSA parameters
-instead (see L<dhparam(1)|dhparam(1)>), but in this case SSL_OP_SINGLE_DH_USE
-is mandatory.
+openssl L<dhparam(1)|dhparam(1)> application. This application
+guarantees that "strong" primes are used.
-Application authors may compile in DH parameters. Files dh512.pem,
-dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current
+Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current
version of the OpenSSL distribution contain the 'SKIP' DH parameters,
which use safe primes and were generated verifiably pseudo-randomly.
These files can be converted into C code using the B<-C> option of the
-L<dhparam(1)|dhparam(1)> application.
-Authors may also generate their own set of parameters using
-L<dhparam(1)|dhparam(1)>, but a user may not be sure how the parameters were
-generated. The generation of DH parameters during installation is therefore
-recommended.
+L<dhparam(1)|dhparam(1)> application. Generation of custom DH
+parameters during installation should still be preferred to stop an
+attacker from specializing on a commonly used group. Files dh1024.pem
+and dh512.pem contain old parameters that must not be used by
+applications.
An application may either directly specify the DH parameters or
-can supply the DH parameters via a callback function. The callback approach
-has the advantage, that the callback may supply DH parameters for different
-key lengths.
-
-The B<tmp_dh_callback> is called with the B<keylength> needed and
-the B<is_export> information. The B<is_export> flag is set, when the
-ephemeral DH key exchange is performed with an export cipher.
+can supply the DH parameters via a callback function.
+
+Previous versions of the callback used B<is_export> and B<keylength>
+parameters to control parameter generation for export and non-export
+cipher suites. Modern servers that do not support export ciphersuites
+are advised to either use SSL_CTX_set_tmp_dh() in combination with
+SSL_OP_SINGLE_DH_USE, or alternatively, use the callback but ignore
+B<keylength> and B<is_export> and simply supply at least 2048-bit
+parameters in the callback.
=head1 EXAMPLES
-Handle DH parameters for key lengths of 512 and 1024 bits. (Error handling
+Setup DH parameters with a key length of 2048 bits. (Error handling
partly left out.)
- ...
- /* Set up ephemeral DH stuff */
- DH *dh_512 = NULL;
- DH *dh_1024 = NULL;
- FILE *paramfile;
+ Command-line parameter generation:
+ $ openssl dhparam -out dh_param_2048.pem 2048
+
+ Code for setting up parameters during server initialization:
...
- /* "openssl dhparam -out dh_param_512.pem -2 512" */
- paramfile = fopen("dh_param_512.pem", "r");
+ SSL_CTX ctx = SSL_CTX_new();
+ ...
+
+ /* Set up ephemeral DH parameters. */
+ DH *dh_2048 = NULL;
+ FILE *paramfile;
+ paramfile = fopen("dh_param_2048.pem", "r");
if (paramfile) {
- dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+ dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
fclose(paramfile);
+ } else {
+ /* Error. */
}
- /* "openssl dhparam -out dh_param_1024.pem -2 1024" */
- paramfile = fopen("dh_param_1024.pem", "r");
- if (paramfile) {
- dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
- fclose(paramfile);
+ if (dh_2048 == NULL) {
+ /* Error. */
}
- ...
-
- /* "openssl dhparam -C -2 512" etc... */
- DH *get_dh512() { ... }
- DH *get_dh1024() { ... }
-
- DH *tmp_dh_callback(SSL *s, int is_export, int keylength)
- {
- DH *dh_tmp=NULL;
-
- switch (keylength) {
- case 512:
- if (!dh_512)
- dh_512 = get_dh512();
- dh_tmp = dh_512;
- break;
- case 1024:
- if (!dh_1024)
- dh_1024 = get_dh1024();
- dh_tmp = dh_1024;
- break;
- default:
- /* Generating a key on the fly is very costly, so use what is there */
- setup_dh_parameters_like_above();
+ if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
+ /* Error. */
}
- return(dh_tmp);
- }
+ SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
+ ...
=head1 RETURN VALUES
diff -up openssl-1.0.1k/ssl/ssl_err.c.logjam openssl-1.0.1k/ssl/ssl_err.c
--- openssl-1.0.1k/ssl/ssl_err.c.logjam 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1k/ssl/ssl_err.c 2015-05-29 16:02:33.336187166 +0200
@@ -362,6 +362,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"},
{ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"},
{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
+{ERR_REASON(SSL_R_DH_KEY_TOO_SMALL) ,"dh key too small"},
{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"},
{ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"},
diff -up openssl-1.0.1k/ssl/ssl.h.logjam openssl-1.0.1k/ssl/ssl.h
--- openssl-1.0.1k/ssl/ssl.h.logjam 2015-05-29 16:02:19.210862433 +0200
+++ openssl-1.0.1k/ssl/ssl.h 2015-05-29 16:02:33.337187189 +0200
@@ -2317,6 +2317,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_DATA_LENGTH_TOO_LONG 146
#define SSL_R_DECRYPTION_FAILED 147
#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
+#define SSL_R_DH_KEY_TOO_SMALL 372
#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
#define SSL_R_DIGEST_CHECK_FAILED 149
#define SSL_R_DTLS_MESSAGE_TOO_BIG 334
diff -up openssl-1.0.1k/ssl/s3_clnt.c.logjam openssl-1.0.1k/ssl/s3_clnt.c
--- openssl-1.0.1k/ssl/s3_clnt.c.logjam 2015-01-08 15:00:56.000000000 +0100
+++ openssl-1.0.1k/ssl/s3_clnt.c 2015-05-29 16:02:33.338187212 +0200
@@ -3393,24 +3393,34 @@ int ssl3_check_cert_and_algorithm(SSL *s
}
#endif
#ifndef OPENSSL_NO_DH
- if ((alg_k & SSL_kEDH) &&
- !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
+ if ((alg_k & SSL_kEDH) && dh == NULL)
{
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
goto f_err;
}
- else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
+ if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
goto f_err;
}
#ifndef OPENSSL_NO_DSA
- else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
+ if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
goto f_err;
}
#endif
+ /* Check DHE only: static DH not implemented. */
+ if (alg_k & SSL_kEDH)
+ {
+ int dh_size = BN_num_bits(dh->p);
+ if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 768)
+ || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512))
+ {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL);
+ goto f_err;
+ }
+ }
#endif
if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))

View File

@ -0,0 +1,26 @@
diff -up openssl-1.0.1k/ssl/dtls1.h.dtls1-abi openssl-1.0.1k/ssl/dtls1.h
--- openssl-1.0.1k/ssl/dtls1.h.dtls1-abi 2015-01-09 09:58:59.332596897 +0100
+++ openssl-1.0.1k/ssl/dtls1.h 2015-01-09 10:02:34.908472320 +0100
@@ -231,10 +231,6 @@ typedef struct dtls1_state_st
*/
record_pqueue buffered_app_data;
- /* Is set when listening for new connections with dtls1_listen() */
- unsigned int listen;
-
- unsigned int link_mtu; /* max on-the-wire DTLS packet size */
unsigned int mtu; /* max DTLS packet size */
struct hm_header_st w_msg_hdr;
@@ -262,6 +258,11 @@ typedef struct dtls1_state_st
*/
unsigned int change_cipher_spec_ok;
+ /* Is set when listening for new connections with dtls1_listen() */
+ unsigned int listen;
+
+ unsigned int link_mtu; /* max on-the-wire DTLS packet size */
+
#ifndef OPENSSL_NO_SCTP
/* used when SSL_ST_XX_FLUSH is entered */
int next_state;

View File

@ -0,0 +1,130 @@
diff -up openssl-1.0.1k/apps/speed.c.suiteb openssl-1.0.1k/apps/speed.c
--- openssl-1.0.1k/apps/speed.c.suiteb 2015-01-09 10:03:38.406908388 +0100
+++ openssl-1.0.1k/apps/speed.c 2015-01-09 10:03:38.602912821 +0100
@@ -966,49 +966,23 @@ int MAIN(int argc, char **argv)
else
#endif
#ifndef OPENSSL_NO_ECDSA
- if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;
- else if (strcmp(*argv,"ecdsap192") == 0) ecdsa_doit[R_EC_P192]=2;
- else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;
- else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
+ if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
- else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;
- else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;
- else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;
- else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2;
- else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2;
- else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2;
- else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2;
- else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2;
- else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2;
- else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2;
else if (strcmp(*argv,"ecdsa") == 0)
{
- for (i=0; i < EC_NUM; i++)
+ for (i=R_EC_P256; i <= R_EC_P521; i++)
ecdsa_doit[i]=1;
}
else
#endif
#ifndef OPENSSL_NO_ECDH
- if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;
- else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2;
- else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;
- else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
+ if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
- else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;
- else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;
- else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;
- else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2;
- else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2;
- else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2;
- else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2;
- else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2;
- else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2;
- else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2;
else if (strcmp(*argv,"ecdh") == 0)
{
- for (i=0; i < EC_NUM; i++)
+ for (i=R_EC_P256; i <= R_EC_P521; i++)
ecdh_doit[i]=1;
}
else
@@ -1097,15 +1071,11 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n");
#endif
#ifndef OPENSSL_NO_ECDSA
- BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
- BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
- BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
+ BIO_printf(bio_err,"ecdsap256 ecdsap384 ecdsap521\n");
BIO_printf(bio_err,"ecdsa\n");
#endif
#ifndef OPENSSL_NO_ECDH
- BIO_printf(bio_err,"ecdhp160 ecdhp192 ecdhp224 ecdhp256 ecdhp384 ecdhp521\n");
- BIO_printf(bio_err,"ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
- BIO_printf(bio_err,"ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
+ BIO_printf(bio_err,"ecdhp256 ecdhp384 ecdhp521\n");
BIO_printf(bio_err,"ecdh\n");
#endif
@@ -1184,11 +1154,11 @@ int MAIN(int argc, char **argv)
if (!FIPS_mode() || i != R_DSA_512)
dsa_doit[i]=1;
#ifndef OPENSSL_NO_ECDSA
- for (i=0; i<EC_NUM; i++)
+ for (i=R_EC_P256; i <= R_EC_P521; i++)
ecdsa_doit[i]=1;
#endif
#ifndef OPENSSL_NO_ECDH
- for (i=0; i<EC_NUM; i++)
+ for (i=R_EC_P256; i <= R_EC_P521; i++)
ecdh_doit[i]=1;
#endif
}
diff -up openssl-1.0.1k/ssl/t1_lib.c.suiteb openssl-1.0.1k/ssl/t1_lib.c
--- openssl-1.0.1k/ssl/t1_lib.c.suiteb 2015-01-09 10:03:38.603912844 +0100
+++ openssl-1.0.1k/ssl/t1_lib.c 2015-01-09 10:06:35.470912834 +0100
@@ -218,29 +218,21 @@ static int pref_list[] =
NID_sect283k1, /* sect283k1 (9) */
NID_sect283r1, /* sect283r1 (10) */
#endif
- NID_secp256k1, /* secp256k1 (22) */
NID_X9_62_prime256v1, /* secp256r1 (23) */
#ifndef OPENSSL_NO_EC2M
NID_sect239k1, /* sect239k1 (8) */
NID_sect233k1, /* sect233k1 (6) */
NID_sect233r1, /* sect233r1 (7) */
#endif
- NID_secp224k1, /* secp224k1 (20) */
- NID_secp224r1, /* secp224r1 (21) */
#ifndef OPENSSL_NO_EC2M
NID_sect193r1, /* sect193r1 (4) */
NID_sect193r2, /* sect193r2 (5) */
#endif
- NID_secp192k1, /* secp192k1 (18) */
- NID_X9_62_prime192v1, /* secp192r1 (19) */
#ifndef OPENSSL_NO_EC2M
NID_sect163k1, /* sect163k1 (1) */
NID_sect163r1, /* sect163r1 (2) */
NID_sect163r2, /* sect163r2 (3) */
#endif
- NID_secp160k1, /* secp160k1 (15) */
- NID_secp160r1, /* secp160r1 (16) */
- NID_secp160r2, /* secp160r2 (17) */
};
int tls1_ec_curve_id2nid(int curve_id)
@@ -1820,7 +1812,6 @@ int ssl_prepare_clienthello_tlsext(SSL *
s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
- /* we support all named elliptic curves in RFC 4492 */
if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)

View File

@ -0,0 +1,135 @@
diff -up openssl-1.0.1k/apps/s_apps.h.ephemeral openssl-1.0.1k/apps/s_apps.h
--- openssl-1.0.1k/apps/s_apps.h.ephemeral 2015-01-09 10:22:03.289896211 +0100
+++ openssl-1.0.1k/apps/s_apps.h 2015-01-09 10:22:03.373898111 +0100
@@ -156,6 +156,7 @@ int MS_CALLBACK verify_callback(int ok,
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
#endif
+int ssl_print_tmp_key(BIO *out, SSL *s);
int init_client(int *sock, char *server, char *port, int type);
int should_retry(int i);
int extract_host_port(char *str,char **host_ptr,char **port_ptr);
diff -up openssl-1.0.1k/apps/s_cb.c.ephemeral openssl-1.0.1k/apps/s_cb.c
--- openssl-1.0.1k/apps/s_cb.c.ephemeral 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1k/apps/s_cb.c 2015-01-09 10:22:03.373898111 +0100
@@ -338,6 +338,38 @@ void MS_CALLBACK apps_ssl_info_callback(
}
}
+int ssl_print_tmp_key(BIO *out, SSL *s)
+ {
+ EVP_PKEY *key;
+ if (!SSL_get_server_tmp_key(s, &key))
+ return 1;
+ BIO_puts(out, "Server Temp Key: ");
+ switch (EVP_PKEY_id(key))
+ {
+ case EVP_PKEY_RSA:
+ BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
+ break;
+
+ case EVP_PKEY_DH:
+ BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
+ break;
+
+ case EVP_PKEY_EC:
+ {
+ EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
+ int nid;
+ const char *cname;
+ nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+ EC_KEY_free(ec);
+ cname = OBJ_nid2sn(nid);
+ BIO_printf(out, "ECDH, %s, %d bits\n",
+ cname, EVP_PKEY_bits(key));
+ }
+ }
+ EVP_PKEY_free(key);
+ return 1;
+ }
+
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
{
diff -up openssl-1.0.1k/apps/s_client.c.ephemeral openssl-1.0.1k/apps/s_client.c
--- openssl-1.0.1k/apps/s_client.c.ephemeral 2015-01-09 10:22:03.367897975 +0100
+++ openssl-1.0.1k/apps/s_client.c 2015-01-09 10:22:03.373898111 +0100
@@ -2058,6 +2058,8 @@ static void print_stuff(BIO *bio, SSL *s
BIO_write(bio,"\n",1);
}
+ ssl_print_tmp_key(bio, s);
+
BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
BIO_number_read(SSL_get_rbio(s)),
BIO_number_written(SSL_get_wbio(s)));
diff -up openssl-1.0.1k/ssl/ssl.h.ephemeral openssl-1.0.1k/ssl/ssl.h
--- openssl-1.0.1k/ssl/ssl.h.ephemeral 2015-01-09 10:22:03.358897772 +0100
+++ openssl-1.0.1k/ssl/ssl.h 2015-01-09 10:25:08.644088146 +0100
@@ -1593,6 +1593,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
+#define SSL_CTRL_GET_SERVER_TMP_KEY 109
#define SSL_CTRL_CHECK_PROTO_VERSION 119
#define DTLS_CTRL_SET_LINK_MTU 120
#define DTLS_CTRL_GET_LINK_MIN_MTU 121
@@ -1638,6 +1639,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTX_clear_extra_chain_certs(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
+#define SSL_get_server_tmp_key(s, pk) \
+ SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
+
#ifndef OPENSSL_NO_BIO
BIO_METHOD *BIO_f_ssl(void);
BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
diff -up openssl-1.0.1k/ssl/s3_lib.c.ephemeral openssl-1.0.1k/ssl/s3_lib.c
--- openssl-1.0.1k/ssl/s3_lib.c.ephemeral 2015-01-08 15:00:56.000000000 +0100
+++ openssl-1.0.1k/ssl/s3_lib.c 2015-01-09 10:22:03.374898133 +0100
@@ -3356,6 +3356,45 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
#endif /* !OPENSSL_NO_TLSEXT */
+ case SSL_CTRL_GET_SERVER_TMP_KEY:
+ if (s->server || !s->session || !s->session->sess_cert)
+ return 0;
+ else
+ {
+ SESS_CERT *sc;
+ EVP_PKEY *ptmp;
+ int rv = 0;
+ sc = s->session->sess_cert;
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
+ if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp
+ && !sc->peer_ecdh_tmp)
+ return 0;
+#endif
+ ptmp = EVP_PKEY_new();
+ if (!ptmp)
+ return 0;
+ if (0);
+#ifndef OPENSSL_NO_RSA
+ else if (sc->peer_rsa_tmp)
+ rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
+#endif
+#ifndef OPENSSL_NO_DH
+ else if (sc->peer_dh_tmp)
+ rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
+#endif
+#ifndef OPENSSL_NO_ECDH
+ else if (sc->peer_ecdh_tmp)
+ rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
+#endif
+ if (rv)
+ {
+ *(EVP_PKEY **)parg = ptmp;
+ return 1;
+ }
+ EVP_PKEY_free(ptmp);
+ return 0;
+ }
+
case SSL_CTRL_CHECK_PROTO_VERSION:
/* For library-internal use; checks that the current protocol
* is the highest enabled version (according to s->ctx->method,

20400
openssl-1.0.1k-fips.patch Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,197 @@
diff -up openssl-1.0.1k/engines/e_padlock.c.padlock64 openssl-1.0.1k/engines/e_padlock.c
--- openssl-1.0.1k/engines/e_padlock.c.padlock64 2015-01-08 15:00:56.000000000 +0100
+++ openssl-1.0.1k/engines/e_padlock.c 2015-01-09 10:18:55.579650992 +0100
@@ -101,7 +101,10 @@
compiler choice is limited to GCC and Microsoft C. */
#undef COMPILE_HW_PADLOCK
#if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)
-# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
+# if (defined(__GNUC__) && __GNUC__>=2 && \
+ (defined(__i386__) || defined(__i386) || \
+ defined(__x86_64__) || defined(__x86_64)) \
+ ) || \
(defined(_MSC_VER) && defined(_M_IX86))
# define COMPILE_HW_PADLOCK
# endif
@@ -137,7 +140,7 @@ void ENGINE_load_padlock (void)
# endif
#elif defined(__GNUC__)
# ifndef alloca
-# define alloca(s) __builtin_alloca(s)
+# define alloca(s) __builtin_alloca((s))
# endif
#endif
@@ -304,6 +307,7 @@ static volatile struct padlock_cipher_da
* =======================================================
*/
#if defined(__GNUC__) && __GNUC__>=2
+#if defined(__i386__) || defined(__i386)
/*
* As for excessive "push %ebx"/"pop %ebx" found all over.
* When generating position-independent code GCC won't let
@@ -383,23 +387,6 @@ padlock_available(void)
return padlock_use_ace + padlock_use_rng;
}
-#ifndef OPENSSL_NO_AES
-#ifndef AES_ASM
-/* Our own htonl()/ntohl() */
-static inline void
-padlock_bswapl(AES_KEY *ks)
-{
- size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);
- unsigned int *key = ks->rd_key;
-
- while (i--) {
- asm volatile ("bswapl %0" : "+r"(*key));
- key++;
- }
-}
-#endif
-#endif
-
/* Force key reload from memory to the CPU microcode.
Loading EFLAGS from the stack clears EFLAGS[30]
which does the trick. */
@@ -457,12 +444,129 @@ static inline void *name(size_t cnt, \
: "edx", "cc", "memory"); \
return iv; \
}
+#endif
+
+#elif defined(__x86_64__) || defined(__x86_64)
+
+/* Load supported features of the CPU to see if
+ the PadLock is available. */
+static int
+padlock_available(void)
+{
+ char vendor_string[16];
+ unsigned int eax, edx;
+ /* Are we running on the Centaur (VIA) CPU? */
+ eax = 0x00000000;
+ vendor_string[12] = 0;
+ asm volatile (
+ "cpuid\n"
+ "movl %%ebx,(%1)\n"
+ "movl %%edx,4(%1)\n"
+ "movl %%ecx,8(%1)\n"
+ : "+a"(eax) : "r"(vendor_string) : "rbx", "rcx", "rdx");
+ if (strcmp(vendor_string, "CentaurHauls") != 0)
+ return 0;
+
+ /* Check for Centaur Extended Feature Flags presence */
+ eax = 0xC0000000;
+ asm volatile ("cpuid"
+ : "+a"(eax) : : "rbx", "rcx", "rdx");
+ if (eax < 0xC0000001)
+ return 0;
+
+ /* Read the Centaur Extended Feature Flags */
+ eax = 0xC0000001;
+ asm volatile ("cpuid"
+ : "+a"(eax), "=d"(edx) : : "rbx", "rcx");
+
+ /* Fill up some flags */
+ padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6));
+ padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2));
+
+ return padlock_use_ace + padlock_use_rng;
+}
+
+/* Force key reload from memory to the CPU microcode.
+ Loading EFLAGS from the stack clears EFLAGS[30]
+ which does the trick. */
+static inline void
+padlock_reload_key(void)
+{
+ asm volatile ("pushfq; popfq");
+}
+
+#ifndef OPENSSL_NO_AES
+/*
+ * This is heuristic key context tracing. At first one
+ * believes that one should use atomic swap instructions,
+ * but it's not actually necessary. Point is that if
+ * padlock_saved_context was changed by another thread
+ * after we've read it and before we compare it with cdata,
+ * our key *shall* be reloaded upon thread context switch
+ * and we are therefore set in either case...
+ */
+static inline void
+padlock_verify_context(struct padlock_cipher_data *cdata)
+{
+ asm volatile (
+ "pushfq\n"
+" btl $30,(%%rsp)\n"
+" jnc 1f\n"
+" cmpq %2,%1\n"
+" je 1f\n"
+" popfq\n"
+" subq $8,%%rsp\n"
+"1: addq $8,%%rsp\n"
+" movq %2,%0"
+ :"+m"(padlock_saved_context)
+ : "r"(padlock_saved_context), "r"(cdata) : "cc");
+}
+
+/* Template for padlock_xcrypt_* modes */
+/* BIG FAT WARNING:
+ * The offsets used with 'leal' instructions
+ * describe items of the 'padlock_cipher_data'
+ * structure.
+ */
+#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \
+static inline void *name(size_t cnt, \
+ struct padlock_cipher_data *cdata, \
+ void *out, const void *inp) \
+{ void *iv; \
+ asm volatile ( "leaq 16(%0),%%rdx\n" \
+ " leaq 32(%0),%%rbx\n" \
+ rep_xcrypt "\n" \
+ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \
+ : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \
+ : "rbx", "rdx", "cc", "memory"); \
+ return iv; \
+}
+#endif
+
+#endif /* cpu */
+
+#ifndef OPENSSL_NO_AES
/* Generate all functions with appropriate opcodes */
PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") /* rep xcryptecb */
PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0") /* rep xcryptcbc */
PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */
PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */
+
+#ifndef AES_ASM
+/* Our own htonl()/ntohl() */
+static inline void
+padlock_bswapl(AES_KEY *ks)
+{
+ size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);
+ unsigned int *key = ks->rd_key;
+
+ while (i--) {
+ asm volatile ("bswapl %0" : "+r"(*key));
+ key++;
+ }
+}
+#endif
#endif
/* The RNG call itself */
@@ -493,8 +597,8 @@ padlock_xstore(void *addr, unsigned int
static inline unsigned char *
padlock_memcpy(void *dst,const void *src,size_t n)
{
- long *d=dst;
- const long *s=src;
+ size_t *d=dst;
+ const size_t *s=src;
n /= sizeof(*d);
do { *d++ = *s++; } while (--n);

View File

@ -0,0 +1,59 @@
diff -up openssl-1.0.1k/crypto/ec/ec_curve.c.secp256k1 openssl-1.0.1k/crypto/ec/ec_curve.c
--- openssl-1.0.1k/crypto/ec/ec_curve.c.secp256k1 2015-08-13 07:47:37.890966462 -0400
+++ openssl-1.0.1k/crypto/ec/ec_curve.c 2015-08-13 08:01:31.697866786 -0400
@@ -82,6 +82,36 @@ typedef struct {
unsigned int cofactor; /* promoted to BN_ULONG */
} EC_CURVE_DATA;
+static const struct { EC_CURVE_DATA h; unsigned char data[0+32*6]; }
+ _EC_SECG_PRIME_256K1 = {
+ { NID_X9_62_prime_field,0,32,1 },
+ { /* no seed */
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,
+ 0xFC,0x2F,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* a */
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* b */
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x07,
+ 0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0, /* x */
+ 0x62,0x95,0xCE,0x87,0x0B,0x07,0x02,0x9B,0xFC,0xDB,
+ 0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8,
+ 0x17,0x98,
+ 0x48,0x3a,0xda,0x77,0x26,0xa3,0xc4,0x65,0x5d,0xa4, /* y */
+ 0xfb,0xfc,0x0e,0x11,0x08,0xa8,0xfd,0x17,0xb4,0x48,
+ 0xa6,0x85,0x54,0x19,0x9c,0x47,0xd0,0x8f,0xfb,0x10,
+ 0xd4,0xb8,
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,
+ 0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E,0x8C,0xD0,0x36,
+ 0x41,0x41 }
+ };
+
static const struct { EC_CURVE_DATA h; unsigned char data[20+48*6]; }
_EC_NIST_PRIME_384 = {
{ NID_X9_62_prime_field,20,48,1 },
@@ -212,6 +242,7 @@ typedef struct _ec_list_element_st {
static const ec_list_element curve_list[] = {
/* prime field curves */
/* secg curves */
+ { NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, "SECG curve over a 256 bit prime field" },
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
{ NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, "NIST/SECG curve over a 384 bit prime field" },
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
diff -up openssl-1.0.1k/ssl/t1_lib.c.secp256k1 openssl-1.0.1k/ssl/t1_lib.c
--- openssl-1.0.1k/ssl/t1_lib.c.secp256k1 2015-08-13 08:03:17.401589785 -0400
+++ openssl-1.0.1k/ssl/t1_lib.c 2015-08-13 08:05:44.283292971 -0400
@@ -218,6 +218,7 @@ static int pref_list[] =
NID_sect283k1, /* sect283k1 (9) */
NID_sect283r1, /* sect283r1 (10) */
#endif
+ NID_secp256k1, /* secp256k1 (22) */
NID_X9_62_prime256v1, /* secp256r1 (23) */
#ifndef OPENSSL_NO_EC2M
NID_sect239k1, /* sect239k1 (8) */

View File

@ -0,0 +1,330 @@
diff -up openssl-1.0.1k/apps/apps.c.trusted-first openssl-1.0.1k/apps/apps.c
--- openssl-1.0.1k/apps/apps.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1k/apps/apps.c 2015-01-09 10:19:45.476779456 +0100
@@ -2365,6 +2365,8 @@ int args_verify(char ***pargs, int *parg
flags |= X509_V_FLAG_NOTIFY_POLICY;
else if (!strcmp(arg, "-check_ss_sig"))
flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
+ else if (!strcmp(arg, "-trusted_first"))
+ flags |= X509_V_FLAG_TRUSTED_FIRST;
else
return 0;
diff -up openssl-1.0.1k/apps/cms.c.trusted-first openssl-1.0.1k/apps/cms.c
--- openssl-1.0.1k/apps/cms.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1k/apps/cms.c 2015-01-09 10:19:45.476779456 +0100
@@ -642,6 +642,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
#ifndef OPENSSL_NO_ENGINE
diff -up openssl-1.0.1k/apps/ocsp.c.trusted-first openssl-1.0.1k/apps/ocsp.c
--- openssl-1.0.1k/apps/ocsp.c.trusted-first 2015-01-09 10:19:45.477779478 +0100
+++ openssl-1.0.1k/apps/ocsp.c 2015-01-09 10:20:57.726413440 +0100
@@ -605,6 +605,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-path path to use in OCSP request\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
BIO_printf (bio_err, "-VAfile file validator certificates file\n");
BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
diff -up openssl-1.0.1k/apps/s_client.c.trusted-first openssl-1.0.1k/apps/s_client.c
--- openssl-1.0.1k/apps/s_client.c.trusted-first 2015-01-09 10:19:45.438778596 +0100
+++ openssl-1.0.1k/apps/s_client.c 2015-01-09 10:19:45.477779478 +0100
@@ -299,6 +299,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err," -trusted_first - Use trusted CA's first when building the trust chain\n");
BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
BIO_printf(bio_err," -prexit - print session information even on connection failure\n");
diff -up openssl-1.0.1k/apps/smime.c.trusted-first openssl-1.0.1k/apps/smime.c
--- openssl-1.0.1k/apps/smime.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1k/apps/smime.c 2015-01-09 10:19:45.477779478 +0100
@@ -479,6 +479,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
#ifndef OPENSSL_NO_ENGINE
diff -up openssl-1.0.1k/apps/s_server.c.trusted-first openssl-1.0.1k/apps/s_server.c
--- openssl-1.0.1k/apps/s_server.c.trusted-first 2015-01-09 10:19:45.445778755 +0100
+++ openssl-1.0.1k/apps/s_server.c 2015-01-09 10:19:45.478779501 +0100
@@ -502,6 +502,7 @@ static void sv_usage(void)
BIO_printf(bio_err," -state - Print the SSL states\n");
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err," -trusted_first - Use trusted CA's first when building the trust chain\n");
BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
diff -up openssl-1.0.1k/apps/s_time.c.trusted-first openssl-1.0.1k/apps/s_time.c
--- openssl-1.0.1k/apps/s_time.c.trusted-first 2015-01-09 10:19:45.391777534 +0100
+++ openssl-1.0.1k/apps/s_time.c 2015-01-09 10:19:45.478779501 +0100
@@ -179,6 +179,7 @@ static void s_time_usage(void)
file if not specified by this option\n\
-CApath arg - PEM format directory of CA's\n\
-CAfile arg - PEM format file of CA's\n\
+-trusted_first - Use trusted CA's first when building the trust chain\n\
-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
printf( "usage: s_time <args>\n\n" );
diff -up openssl-1.0.1k/apps/ts.c.trusted-first openssl-1.0.1k/apps/ts.c
--- openssl-1.0.1k/apps/ts.c.trusted-first 2015-01-09 10:19:45.435778529 +0100
+++ openssl-1.0.1k/apps/ts.c 2015-01-09 10:19:45.478779501 +0100
@@ -383,7 +383,7 @@ int MAIN(int argc, char **argv)
"ts -verify [-data file_to_hash] [-digest digest_bytes] "
"[-queryfile request.tsq] "
"-in response.tsr [-token_in] "
- "-CApath ca_path -CAfile ca_file.pem "
+ "-CApath ca_path -CAfile ca_file.pem -trusted_first"
"-untrusted cert_file.pem\n");
cleanup:
/* Clean up. */
diff -up openssl-1.0.1k/apps/verify.c.trusted-first openssl-1.0.1k/apps/verify.c
--- openssl-1.0.1k/apps/verify.c.trusted-first 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1k/apps/verify.c 2015-01-09 10:19:45.478779501 +0100
@@ -237,7 +237,7 @@ int MAIN(int argc, char **argv)
end:
if (ret == 1) {
- BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
+ BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-trusted_first] [-purpose purpose] [-crl_check]");
BIO_printf(bio_err," [-attime timestamp]");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," [-engine e]");
diff -up openssl-1.0.1k/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1k/crypto/x509/x509_vfy.c
--- openssl-1.0.1k/crypto/x509/x509_vfy.c.trusted-first 2015-01-09 10:19:45.443778710 +0100
+++ openssl-1.0.1k/crypto/x509/x509_vfy.c 2015-01-09 10:19:45.479779524 +0100
@@ -207,6 +207,21 @@ int X509_verify_cert(X509_STORE_CTX *ctx
/* If we are self signed, we break */
if (ctx->check_issued(ctx, x,x)) break;
+ /* If asked see if we can find issuer in trusted store first */
+ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
+ {
+ ok = ctx->get_issuer(&xtmp, ctx, x);
+ if (ok < 0)
+ return ok;
+ /* If successful for now free up cert so it
+ * will be picked up again later.
+ */
+ if (ok > 0)
+ {
+ X509_free(xtmp);
+ break;
+ }
+ }
/* If we were passed a cert chain, use it first */
if (ctx->untrusted != NULL)
diff -up openssl-1.0.1k/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1k/crypto/x509/x509_vfy.h
--- openssl-1.0.1k/crypto/x509/x509_vfy.h.trusted-first 2015-01-09 10:19:45.266774706 +0100
+++ openssl-1.0.1k/crypto/x509/x509_vfy.h 2015-01-09 10:19:45.479779524 +0100
@@ -389,6 +389,8 @@ void X509_STORE_CTX_set_depth(X509_STORE
#define X509_V_FLAG_USE_DELTAS 0x2000
/* Check selfsigned CA signature */
#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
+/* Use trusted store first */
+#define X509_V_FLAG_TRUSTED_FIRST 0x8000
#define X509_VP_FLAG_DEFAULT 0x1
diff -up openssl-1.0.1k/doc/apps/cms.pod.trusted-first openssl-1.0.1k/doc/apps/cms.pod
--- openssl-1.0.1k/doc/apps/cms.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1k/doc/apps/cms.pod 2015-01-09 10:19:45.479779524 +0100
@@ -35,6 +35,7 @@ B<openssl> B<cms>
[B<-print>]
[B<-CAfile file>]
[B<-CApath dir>]
+[B<-trusted_first>]
[B<-md digest>]
[B<-[cipher]>]
[B<-nointern>]
@@ -243,6 +244,12 @@ B<-verify>. This directory must be a sta
is a hash of each subject name (using B<x509 -hash>) should be linked
to each certificate.
+=item B<-trusted_first>
+
+Use certificates in CA file or CA directory before untrusted certificates
+from the message when building the trust chain to verify certificates.
+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
+
=item B<-md digest>
digest algorithm to use when signing or resigning. If not present then the
diff -up openssl-1.0.1k/doc/apps/ocsp.pod.trusted-first openssl-1.0.1k/doc/apps/ocsp.pod
--- openssl-1.0.1k/doc/apps/ocsp.pod.trusted-first 2015-01-09 10:19:45.436778551 +0100
+++ openssl-1.0.1k/doc/apps/ocsp.pod 2015-01-09 10:19:45.479779524 +0100
@@ -29,6 +29,7 @@ B<openssl> B<ocsp>
[B<-path>]
[B<-CApath dir>]
[B<-CAfile file>]
+[B<-trusted_first>]
[B<-VAfile file>]
[B<-validity_period n>]
[B<-status_age n>]
@@ -142,6 +143,13 @@ connection timeout to the OCSP responder
file or pathname containing trusted CA certificates. These are used to verify
the signature on the OCSP response.
+=item B<-trusted_first>
+
+Use certificates in CA file or CA directory over certificates provided
+in the response or residing in other certificates file when building the trust
+chain to verify responder certificate.
+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
+
=item B<-verify_other file>
file containing additional certificates to search when attempting to locate
diff -up openssl-1.0.1k/doc/apps/s_client.pod.trusted-first openssl-1.0.1k/doc/apps/s_client.pod
--- openssl-1.0.1k/doc/apps/s_client.pod.trusted-first 2015-01-09 10:19:45.451778890 +0100
+++ openssl-1.0.1k/doc/apps/s_client.pod 2015-01-09 10:19:45.479779524 +0100
@@ -19,6 +19,7 @@ B<openssl> B<s_client>
[B<-pass arg>]
[B<-CApath directory>]
[B<-CAfile filename>]
+[B<-trusted_first>]
[B<-reconnect>]
[B<-pause>]
[B<-showcerts>]
@@ -121,7 +122,7 @@ also used when building the client certi
A file containing trusted certificates to use during server authentication
and to use when attempting to build the client certificate chain.
-=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
+=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first>
Set various certificate chain valiadition option. See the
L<B<verify>|verify(1)> manual page for details.
diff -up openssl-1.0.1k/doc/apps/smime.pod.trusted-first openssl-1.0.1k/doc/apps/smime.pod
--- openssl-1.0.1k/doc/apps/smime.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1k/doc/apps/smime.pod 2015-01-09 10:19:45.479779524 +0100
@@ -15,6 +15,9 @@ B<openssl> B<smime>
[B<-pk7out>]
[B<-[cipher]>]
[B<-in file>]
+[B<-CAfile file>]
+[B<-CApath dir>]
+[B<-trusted_first>]
[B<-certfile file>]
[B<-signer file>]
[B<-recip file>]
@@ -146,6 +149,12 @@ B<-verify>. This directory must be a sta
is a hash of each subject name (using B<x509 -hash>) should be linked
to each certificate.
+=item B<-trusted_first>
+
+Use certificates in CA file or CA directory over certificates provided
+in the message when building the trust chain to verify a certificate.
+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
+
=item B<-md digest>
digest algorithm to use when signing or resigning. If not present then the
diff -up openssl-1.0.1k/doc/apps/s_server.pod.trusted-first openssl-1.0.1k/doc/apps/s_server.pod
--- openssl-1.0.1k/doc/apps/s_server.pod.trusted-first 2015-01-09 10:19:45.451778890 +0100
+++ openssl-1.0.1k/doc/apps/s_server.pod 2015-01-09 10:19:45.479779524 +0100
@@ -33,6 +33,7 @@ B<openssl> B<s_server>
[B<-state>]
[B<-CApath directory>]
[B<-CAfile filename>]
+[B<-trusted_first>]
[B<-nocert>]
[B<-cipher cipherlist>]
[B<-serverpref>]
@@ -178,6 +179,12 @@ and to use when attempting to build the
is also used in the list of acceptable client CAs passed to the client when
a certificate is requested.
+=item B<-trusted_first>
+
+Use certificates in CA file or CA directory before other certificates
+when building the trust chain to verify client certificates.
+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
+
=item B<-state>
prints out the SSL session states.
diff -up openssl-1.0.1k/doc/apps/s_time.pod.trusted-first openssl-1.0.1k/doc/apps/s_time.pod
--- openssl-1.0.1k/doc/apps/s_time.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1k/doc/apps/s_time.pod 2015-01-09 10:19:45.480779546 +0100
@@ -14,6 +14,7 @@ B<openssl> B<s_time>
[B<-key filename>]
[B<-CApath directory>]
[B<-CAfile filename>]
+[B<-trusted_first>]
[B<-reuse>]
[B<-new>]
[B<-verify depth>]
@@ -76,6 +77,12 @@ also used when building the client certi
A file containing trusted certificates to use during server authentication
and to use when attempting to build the client certificate chain.
+=item B<-trusted_first>
+
+Use certificates in CA file or CA directory over the certificates provided
+by the server when building the trust chain to verify server certificate.
+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
+
=item B<-new>
performs the timing test using a new session ID for each connection.
diff -up openssl-1.0.1k/doc/apps/ts.pod.trusted-first openssl-1.0.1k/doc/apps/ts.pod
--- openssl-1.0.1k/doc/apps/ts.pod.trusted-first 2014-10-15 15:49:15.000000000 +0200
+++ openssl-1.0.1k/doc/apps/ts.pod 2015-01-09 10:19:45.480779546 +0100
@@ -46,6 +46,7 @@ B<-verify>
[B<-token_in>]
[B<-CApath> trusted_cert_path]
[B<-CAfile> trusted_certs.pem]
+[B<-trusted_first>]
[B<-untrusted> cert_file.pem]
=head1 DESCRIPTION
@@ -324,6 +325,12 @@ L<verify(1)|verify(1)> for additional de
or B<-CApath> must be specified.
(Optional)
+=item B<-trusted_first>
+
+Use certificates in CA file or CA directory before other certificates
+when building the trust chain to verify certificates.
+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
+
=item B<-untrusted> cert_file.pem
Set of additional untrusted certificates in PEM format which may be
diff -up openssl-1.0.1k/doc/apps/verify.pod.trusted-first openssl-1.0.1k/doc/apps/verify.pod
--- openssl-1.0.1k/doc/apps/verify.pod.trusted-first 2015-01-08 15:00:36.000000000 +0100
+++ openssl-1.0.1k/doc/apps/verify.pod 2015-01-09 10:19:45.480779546 +0100
@@ -9,6 +9,7 @@ verify - Utility to verify certificates.
B<openssl> B<verify>
[B<-CApath directory>]
[B<-CAfile file>]
+[B<-trusted_first>]
[B<-purpose purpose>]
[B<-policy arg>]
[B<-ignore_critical>]
@@ -56,6 +57,12 @@ in PEM format concatenated together.
A file of untrusted certificates. The file should contain multiple certificates
in PEM format concatenated together.
+=item B<-trusted_first>
+
+Use certificates in CA file or CA directory before the certificates in the untrusted
+file when building the trust chain to verify certificates.
+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
+
=item B<-purpose purpose>
The intended use for the certificate. If this option is not specified,

View File

@ -1,11 +0,0 @@
diff -up openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash openssl-1.1.0-pre5/crypto/x509/x509_cmp.c
--- openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash 2016-07-18 15:16:32.788881100 +0200
+++ openssl-1.1.0-pre5/crypto/x509/x509_cmp.c 2016-07-18 15:17:16.671871840 +0200
@@ -87,6 +87,7 @@ unsigned long X509_issuer_and_serial_has
if (ctx == NULL)
goto err;
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
goto err;

View File

@ -1,27 +0,0 @@
commit 9e885a707d604e9528b5491b78fb9c00f41193fc
Author: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu Mar 26 15:59:00 2020 +0100
s_server: Properly indicate ALPN protocol mismatch
Return SSL_TLSEXT_ERR_ALERT_FATAL from alpn_select_cb so that
an alert is sent to the client on ALPN protocol mismatch.
Fixes: #2708
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11415)
diff --git a/apps/s_server.c b/apps/s_server.c
index bcc83e562c..591c6c19c5 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -707,7 +707,7 @@ static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
if (SSL_select_next_proto
((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in,
inlen) != OPENSSL_NPN_NEGOTIATED) {
- return SSL_TLSEXT_ERR_NOACK;
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
}
if (!s_quiet) {

View File

@ -1,12 +0,0 @@
diff -up openssl-1.1.1b/apps/ca.c.dgst openssl-1.1.1b/apps/ca.c
--- openssl-1.1.1b/apps/ca.c.dgst 2019-02-26 15:15:30.000000000 +0100
+++ openssl-1.1.1b/apps/ca.c 2019-03-15 15:53:46.622267688 +0100
@@ -169,7 +169,7 @@ const OPTIONS ca_options[] = {
{"enddate", OPT_ENDDATE, 's',
"YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
{"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
- {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
+ {"md", OPT_MD, 's', "md to use; see openssl help for list"},
{"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
{"keyfile", OPT_KEYFILE, 's', "Private key"},
{"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},

File diff suppressed because it is too large Load Diff

View File

@ -1,40 +0,0 @@
diff -up openssl-1.1.1f/Configurations/10-main.conf.build openssl-1.1.1f/Configurations/10-main.conf
--- openssl-1.1.1f/Configurations/10-main.conf.build 2020-03-31 14:17:45.000000000 +0200
+++ openssl-1.1.1f/Configurations/10-main.conf 2020-04-07 16:42:10.920546387 +0200
@@ -678,6 +678,7 @@ my %targets = (
cxxflags => add("-m64"),
lib_cppflags => add("-DL_ENDIAN"),
perlasm_scheme => "linux64le",
+ multilib => "64",
},
"linux-armv4" => {
@@ -718,6 +719,7 @@ my %targets = (
"linux-aarch64" => {
inherit_from => [ "linux-generic64", asm("aarch64_asm") ],
perlasm_scheme => "linux64",
+ multilib => "64",
},
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
inherit_from => [ "linux-generic32", asm("aarch64_asm") ],
diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build openssl-1.1.1f/Configurations/unix-Makefile.tmpl
--- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build 2020-04-07 16:42:10.920546387 +0200
+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-04-07 16:44:23.539142108 +0200
@@ -823,7 +823,7 @@ uninstall_runtime_libs:
install_man_docs:
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(ECHO) "*** Installing manpages"
- $(PERL) $(SRCDIR)/util/process_docs.pl \
+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
"--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX)
uninstall_man_docs:
@@ -835,7 +835,7 @@ uninstall_man_docs:
install_html_docs:
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(ECHO) "*** Installing HTML manpages"
- $(PERL) $(SRCDIR)/util/process_docs.pl \
+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
"--destdir=$(DESTDIR)$(HTMLDIR)" --type=html
uninstall_html_docs:

View File

@ -1,56 +0,0 @@
diff -up openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths openssl-1.1.1-pre8/apps/CA.pl.in
--- openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths 2018-06-20 16:48:09.000000000 +0200
+++ openssl-1.1.1-pre8/apps/CA.pl.in 2018-07-25 17:26:58.388624296 +0200
@@ -33,7 +33,7 @@ my $X509 = "$openssl x509";
my $PKCS12 = "$openssl pkcs12";
# default openssl.cnf file has setup as per the following
-my $CATOP = "./demoCA";
+my $CATOP = "/etc/pki/CA";
my $CAKEY = "cakey.pem";
my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem";
diff -up openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths openssl-1.1.1-pre8/apps/openssl.cnf
--- openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths 2018-07-25 17:26:58.378624057 +0200
+++ openssl-1.1.1-pre8/apps/openssl.cnf 2018-07-27 13:20:08.198513471 +0200
@@ -23,6 +23,22 @@ oid_section = new_oids
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
+# Load default TLS policy configuration
+
+openssl_conf = default_modules
+
+[ default_modules ]
+
+ssl_conf = ssl_module
+
+[ ssl_module ]
+
+system_default = crypto_policy
+
+[ crypto_policy ]
+
+.include = /etc/crypto-policies/back-ends/opensslcnf.config
+
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
@@ -43,7 +59,7 @@ default_ca = CA_default # The default c
####################################################################
[ CA_default ]
-dir = ./demoCA # Where everything is kept
+dir = /etc/pki/CA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
@@ -329,7 +345,7 @@ default_tsa = tsa_config1 # the default
[ tsa_config1 ]
# These are used by the TSA reply generation only.
-dir = ./demoCA # TSA root directory
+dir = /etc/pki/CA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate

View File

@ -1,91 +0,0 @@
diff -up openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_client.c
--- openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200
+++ openssl-1.1.1-pre8/apps/s_client.c 2018-07-16 18:16:40.070186323 +0200
@@ -1681,6 +1681,9 @@ int s_client_main(int argc, char **argv)
if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
+
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
diff -up openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_server.c
--- openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200
+++ openssl-1.1.1-pre8/apps/s_server.c 2018-07-16 18:17:17.300055551 +0200
@@ -1760,6 +1760,9 @@ int s_server_main(int argc, char *argv[]
if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
+
if (!config_ctx(cctx, ssl_args, ctx))
goto end;
diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.1-pre8/ssl/ssl_lib.c
--- openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 2018-06-20 16:48:13.000000000 +0200
+++ openssl-1.1.1-pre8/ssl/ssl_lib.c 2018-07-16 18:08:20.001487652 +0200
@@ -3016,6 +3016,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
*/
ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
+ if (meth->version != SSL3_VERSION) {
+ /*
+ * Disable SSLv3 by default. Applications can
+ * re-enable it by configuring
+ * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
+ * or by using the SSL_CONF API.
+ */
+ ret->options |= SSL_OP_NO_SSLv3;
+ }
+
ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
/*
diff -up openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 openssl-1.1.1-pre8/test/ssl_test.c
--- openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200
+++ openssl-1.1.1-pre8/test/ssl_test.c 2018-07-16 18:18:34.806865121 +0200
@@ -443,6 +443,7 @@ static int test_handshake(int idx)
SSL_TEST_SERVERNAME_CB_NONE) {
if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
goto err;
+ SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3);
if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,
TLS_MAX_VERSION)))
goto err;
@@ -464,6 +465,8 @@ static int test_handshake(int idx)
if (!TEST_ptr(resume_server_ctx)
|| !TEST_ptr(resume_client_ctx))
goto err;
+ SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3);
+ SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3);
}
}
@@ -477,6 +480,9 @@ static int test_handshake(int idx)
|| !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0))
goto err;
+ SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3);
+ SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3);
+
if (!SSL_CTX_config(server_ctx, "server")
|| !SSL_CTX_config(client_ctx, "client")) {
goto err;
diff -up openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 openssl-1.1.1-pre8/test/ssltest_old.c
--- openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200
+++ openssl-1.1.1-pre8/test/ssltest_old.c 2018-07-16 18:08:20.002487676 +0200
@@ -1358,6 +1358,11 @@ int main(int argc, char *argv[])
ERR_print_errors(bio_err);
goto end;
}
+
+ SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3);
+ SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3);
+ SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3);
+
/*
* Since we will use low security ciphersuites and keys for testing set
* security level to zero by default. Tests can override this by adding

View File

@ -1,266 +0,0 @@
diff -up openssl-1.1.1h/apps/speed.c.curves openssl-1.1.1h/apps/speed.c
--- openssl-1.1.1h/apps/speed.c.curves 2020-09-22 14:55:07.000000000 +0200
+++ openssl-1.1.1h/apps/speed.c 2020-11-06 13:27:15.659288431 +0100
@@ -490,90 +490,30 @@ static double rsa_results[RSA_NUM][2];
#endif /* OPENSSL_NO_RSA */
enum {
- R_EC_P160,
- R_EC_P192,
R_EC_P224,
R_EC_P256,
R_EC_P384,
R_EC_P521,
-#ifndef OPENSSL_NO_EC2M
- R_EC_K163,
- R_EC_K233,
- R_EC_K283,
- R_EC_K409,
- R_EC_K571,
- R_EC_B163,
- R_EC_B233,
- R_EC_B283,
- R_EC_B409,
- R_EC_B571,
-#endif
- R_EC_BRP256R1,
- R_EC_BRP256T1,
- R_EC_BRP384R1,
- R_EC_BRP384T1,
- R_EC_BRP512R1,
- R_EC_BRP512T1,
R_EC_X25519,
R_EC_X448
};
#ifndef OPENSSL_NO_EC
static OPT_PAIR ecdsa_choices[] = {
- {"ecdsap160", R_EC_P160},
- {"ecdsap192", R_EC_P192},
{"ecdsap224", R_EC_P224},
{"ecdsap256", R_EC_P256},
{"ecdsap384", R_EC_P384},
{"ecdsap521", R_EC_P521},
-# ifndef OPENSSL_NO_EC2M
- {"ecdsak163", R_EC_K163},
- {"ecdsak233", R_EC_K233},
- {"ecdsak283", R_EC_K283},
- {"ecdsak409", R_EC_K409},
- {"ecdsak571", R_EC_K571},
- {"ecdsab163", R_EC_B163},
- {"ecdsab233", R_EC_B233},
- {"ecdsab283", R_EC_B283},
- {"ecdsab409", R_EC_B409},
- {"ecdsab571", R_EC_B571},
-# endif
- {"ecdsabrp256r1", R_EC_BRP256R1},
- {"ecdsabrp256t1", R_EC_BRP256T1},
- {"ecdsabrp384r1", R_EC_BRP384R1},
- {"ecdsabrp384t1", R_EC_BRP384T1},
- {"ecdsabrp512r1", R_EC_BRP512R1},
- {"ecdsabrp512t1", R_EC_BRP512T1}
};
# define ECDSA_NUM OSSL_NELEM(ecdsa_choices)
static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
static const OPT_PAIR ecdh_choices[] = {
- {"ecdhp160", R_EC_P160},
- {"ecdhp192", R_EC_P192},
{"ecdhp224", R_EC_P224},
{"ecdhp256", R_EC_P256},
{"ecdhp384", R_EC_P384},
{"ecdhp521", R_EC_P521},
-# ifndef OPENSSL_NO_EC2M
- {"ecdhk163", R_EC_K163},
- {"ecdhk233", R_EC_K233},
- {"ecdhk283", R_EC_K283},
- {"ecdhk409", R_EC_K409},
- {"ecdhk571", R_EC_K571},
- {"ecdhb163", R_EC_B163},
- {"ecdhb233", R_EC_B233},
- {"ecdhb283", R_EC_B283},
- {"ecdhb409", R_EC_B409},
- {"ecdhb571", R_EC_B571},
-# endif
- {"ecdhbrp256r1", R_EC_BRP256R1},
- {"ecdhbrp256t1", R_EC_BRP256T1},
- {"ecdhbrp384r1", R_EC_BRP384R1},
- {"ecdhbrp384t1", R_EC_BRP384T1},
- {"ecdhbrp512r1", R_EC_BRP512R1},
- {"ecdhbrp512t1", R_EC_BRP512T1},
{"ecdhx25519", R_EC_X25519},
{"ecdhx448", R_EC_X448}
};
@@ -1502,31 +1442,10 @@ int speed_main(int argc, char **argv)
unsigned int bits;
} test_curves[] = {
/* Prime Curves */
- {"secp160r1", NID_secp160r1, 160},
- {"nistp192", NID_X9_62_prime192v1, 192},
{"nistp224", NID_secp224r1, 224},
{"nistp256", NID_X9_62_prime256v1, 256},
{"nistp384", NID_secp384r1, 384},
{"nistp521", NID_secp521r1, 521},
-# ifndef OPENSSL_NO_EC2M
- /* Binary Curves */
- {"nistk163", NID_sect163k1, 163},
- {"nistk233", NID_sect233k1, 233},
- {"nistk283", NID_sect283k1, 283},
- {"nistk409", NID_sect409k1, 409},
- {"nistk571", NID_sect571k1, 571},
- {"nistb163", NID_sect163r2, 163},
- {"nistb233", NID_sect233r1, 233},
- {"nistb283", NID_sect283r1, 283},
- {"nistb409", NID_sect409r1, 409},
- {"nistb571", NID_sect571r1, 571},
-# endif
- {"brainpoolP256r1", NID_brainpoolP256r1, 256},
- {"brainpoolP256t1", NID_brainpoolP256t1, 256},
- {"brainpoolP384r1", NID_brainpoolP384r1, 384},
- {"brainpoolP384t1", NID_brainpoolP384t1, 384},
- {"brainpoolP512r1", NID_brainpoolP512r1, 512},
- {"brainpoolP512t1", NID_brainpoolP512t1, 512},
/* Other and ECDH only ones */
{"X25519", NID_X25519, 253},
{"X448", NID_X448, 448}
@@ -2026,9 +1945,9 @@ int speed_main(int argc, char **argv)
# endif
# ifndef OPENSSL_NO_EC
- ecdsa_c[R_EC_P160][0] = count / 1000;
- ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
- for (i = R_EC_P192; i <= R_EC_P521; i++) {
+ ecdsa_c[R_EC_P224][0] = count / 1000;
+ ecdsa_c[R_EC_P224][1] = count / 1000 / 2;
+ for (i = R_EC_P256; i <= R_EC_P521; i++) {
ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
@@ -2040,7 +1959,7 @@ int speed_main(int argc, char **argv)
}
}
}
-# ifndef OPENSSL_NO_EC2M
+# if 0
ecdsa_c[R_EC_K163][0] = count / 1000;
ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
for (i = R_EC_K233; i <= R_EC_K571; i++) {
@@ -2071,8 +1990,8 @@ int speed_main(int argc, char **argv)
}
# endif
- ecdh_c[R_EC_P160][0] = count / 1000;
- for (i = R_EC_P192; i <= R_EC_P521; i++) {
+ ecdh_c[R_EC_P224][0] = count / 1000;
+ for (i = R_EC_P256; i <= R_EC_P521; i++) {
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
ecdh_doit[i] = 0;
@@ -2082,7 +2001,7 @@ int speed_main(int argc, char **argv)
}
}
}
-# ifndef OPENSSL_NO_EC2M
+# if 0
ecdh_c[R_EC_K163][0] = count / 1000;
for (i = R_EC_K233; i <= R_EC_K571; i++) {
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
diff -up openssl-1.1.1h/crypto/ec/ecp_smpl.c.curves openssl-1.1.1h/crypto/ec/ecp_smpl.c
--- openssl-1.1.1h/crypto/ec/ecp_smpl.c.curves 2020-09-22 14:55:07.000000000 +0200
+++ openssl-1.1.1h/crypto/ec/ecp_smpl.c 2020-11-06 13:27:15.659288431 +0100
@@ -145,6 +145,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
return 0;
}
+ if (BN_num_bits(p) < 224) {
+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
+ return 0;
+ }
+
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
diff -up openssl-1.1.1h/test/ecdsatest.h.curves openssl-1.1.1h/test/ecdsatest.h
--- openssl-1.1.1h/test/ecdsatest.h.curves 2020-11-06 13:27:15.627288114 +0100
+++ openssl-1.1.1h/test/ecdsatest.h 2020-11-06 13:27:15.660288441 +0100
@@ -32,23 +32,6 @@ typedef struct {
} ecdsa_cavs_kat_t;
static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
- /* prime KATs from X9.62 */
- {NID_X9_62_prime192v1, NID_sha1,
- "616263", /* "abc" */
- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
- "5ca5c0d69716dfcb3474373902",
- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
- {NID_X9_62_prime239v1, NID_sha1,
- "616263", /* "abc" */
- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
/* prime KATs from NIST CAVP */
{NID_secp224r1, NID_sha224,
"699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
--- openssl-1.1.1h/test/recipes/15-test_genec.t.ec-curves 2020-11-06 13:58:36.402895540 +0100
+++ openssl-1.1.1h/test/recipes/15-test_genec.t 2020-11-06 13:59:38.508484498 +0100
@@ -20,45 +20,11 @@ plan skip_all => "This test is unsupport
if disabled("ec");
my @prime_curves = qw(
- secp112r1
- secp112r2
- secp128r1
- secp128r2
- secp160k1
- secp160r1
- secp160r2
- secp192k1
- secp224k1
secp224r1
secp256k1
secp384r1
secp521r1
- prime192v1
- prime192v2
- prime192v3
- prime239v1
- prime239v2
- prime239v3
prime256v1
- wap-wsg-idm-ecid-wtls6
- wap-wsg-idm-ecid-wtls7
- wap-wsg-idm-ecid-wtls8
- wap-wsg-idm-ecid-wtls9
- wap-wsg-idm-ecid-wtls12
- brainpoolP160r1
- brainpoolP160t1
- brainpoolP192r1
- brainpoolP192t1
- brainpoolP224r1
- brainpoolP224t1
- brainpoolP256r1
- brainpoolP256t1
- brainpoolP320r1
- brainpoolP320t1
- brainpoolP384r1
- brainpoolP384t1
- brainpoolP512r1
- brainpoolP512t1
);
my @binary_curves = qw(
@@ -115,7 +81,6 @@ push(@other_curves, 'SM2')
if !disabled("sm2");
my @curve_aliases = qw(
- P-192
P-224
P-256
P-384

View File

@ -1,57 +0,0 @@
diff -up openssl-1.1.1g/crypto/evp/pkey_kdf.c.edk2-build openssl-1.1.1g/crypto/evp/pkey_kdf.c
--- openssl-1.1.1g/crypto/evp/pkey_kdf.c.edk2-build 2020-05-18 12:55:53.299548432 +0200
+++ openssl-1.1.1g/crypto/evp/pkey_kdf.c 2020-05-18 12:55:53.340548788 +0200
@@ -12,6 +12,7 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/kdf.h>
+#include "internal/numbers.h"
#include "crypto/evp.h"
static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
diff -up openssl-1.1.1g/crypto/kdf/hkdf.c.edk2-build openssl-1.1.1g/crypto/kdf/hkdf.c
--- openssl-1.1.1g/crypto/kdf/hkdf.c.edk2-build 2020-05-18 12:55:53.340548788 +0200
+++ openssl-1.1.1g/crypto/kdf/hkdf.c 2020-05-18 12:57:18.648288904 +0200
@@ -13,6 +13,7 @@
#include <openssl/hmac.h>
#include <openssl/kdf.h>
#include <openssl/evp.h>
+#include "internal/numbers.h"
#include "internal/cryptlib.h"
#include "crypto/evp.h"
#include "kdf_local.h"
diff -up openssl-1.1.1g/crypto/rand/rand_unix.c.edk2-build openssl-1.1.1g/crypto/rand/rand_unix.c
--- openssl-1.1.1g/crypto/rand/rand_unix.c.edk2-build 2020-05-18 12:56:05.646655554 +0200
+++ openssl-1.1.1g/crypto/rand/rand_unix.c 2020-05-18 12:58:51.088090896 +0200
@@ -20,7 +20,7 @@
#include "crypto/fips.h"
#include <stdio.h>
#include "internal/dso.h"
-#ifdef __linux
+#if defined(__linux) && !defined(OPENSSL_SYS_UEFI)
# include <sys/syscall.h>
# include <sys/random.h>
# ifdef DEVRANDOM_WAIT
diff -up openssl-1.1.1g/include/crypto/fips.h.edk2-build openssl-1.1.1g/include/crypto/fips.h
--- openssl-1.1.1g/include/crypto/fips.h.edk2-build 2020-05-18 12:55:53.296548406 +0200
+++ openssl-1.1.1g/include/crypto/fips.h 2020-05-18 12:55:53.340548788 +0200
@@ -50,10 +50,6 @@
#include <openssl/opensslconf.h>
#include <openssl/evp.h>
-#ifndef OPENSSL_FIPS
-# error FIPS is disabled.
-#endif
-
#ifdef OPENSSL_FIPS
int FIPS_module_mode_set(int onoff);
@@ -97,4 +93,8 @@ void fips_set_selftest_fail(void);
void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
+#else
+
+# define fips_in_post() 0
+
#endif

File diff suppressed because it is too large Load Diff

View File

@ -1,408 +0,0 @@
diff -up openssl-1.1.1g/crypto/rand/build.info.crng-test openssl-1.1.1g/crypto/rand/build.info
--- openssl-1.1.1g/crypto/rand/build.info.crng-test 2020-04-23 13:30:45.863389837 +0200
+++ openssl-1.1.1g/crypto/rand/build.info 2020-04-23 13:31:55.847069892 +0200
@@ -1,6 +1,6 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
- randfile.c rand_lib.c rand_err.c rand_egd.c \
+ randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
INCLUDE[drbg_ctr.o]=../modes
diff -up openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1g/crypto/rand/drbg_lib.c
--- openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test 2020-04-23 13:30:45.818390686 +0200
+++ openssl-1.1.1g/crypto/rand/drbg_lib.c 2020-04-23 13:30:45.864389819 +0200
@@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg;
/* NIST SP 800-90A DRBG recommends the use of a personalization string. */
-static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
+static const char ossl_pers_string[] = DRBG_DEFAULT_PERS_STRING;
static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
@@ -201,8 +201,13 @@ static RAND_DRBG *rand_drbg_new(int secu
drbg->parent = parent;
if (parent == NULL) {
+#ifdef OPENSSL_FIPS
+ drbg->get_entropy = rand_crngt_get_entropy;
+ drbg->cleanup_entropy = rand_crngt_cleanup_entropy;
+#else
drbg->get_entropy = rand_drbg_get_entropy;
drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
+#endif
#ifndef RAND_DRBG_GET_RANDOM_NONCE
drbg->get_nonce = rand_drbg_get_nonce;
drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
diff -up openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1g/crypto/rand/rand_crng_test.c
--- openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test 2020-04-23 13:30:45.864389819 +0200
+++ openssl-1.1.1g/crypto/rand/rand_crng_test.c 2020-04-23 13:30:45.864389819 +0200
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Implementation of the FIPS 140-2 section 4.9.2 Conditional Tests.
+ */
+
+#include <string.h>
+#include <openssl/evp.h>
+#include "crypto/rand.h"
+#include "internal/thread_once.h"
+#include "rand_local.h"
+
+static RAND_POOL *crngt_pool;
+static unsigned char crngt_prev[EVP_MAX_MD_SIZE];
+
+int (*crngt_get_entropy)(unsigned char *, unsigned char *, unsigned int *)
+ = &rand_crngt_get_entropy_cb;
+
+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
+ unsigned int *md_size)
+{
+ int r;
+ size_t n;
+ unsigned char *p;
+
+ n = rand_pool_acquire_entropy(crngt_pool);
+ if (n >= CRNGT_BUFSIZ) {
+ p = rand_pool_detach(crngt_pool);
+ r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
+ if (r != 0)
+ memcpy(buf, p, CRNGT_BUFSIZ);
+ rand_pool_reattach(crngt_pool, p);
+ return r;
+ }
+ return 0;
+}
+
+void rand_crngt_cleanup(void)
+{
+ rand_pool_free(crngt_pool);
+ crngt_pool = NULL;
+}
+
+int rand_crngt_init(void)
+{
+ unsigned char buf[CRNGT_BUFSIZ];
+
+ if ((crngt_pool = rand_pool_new(0, 1, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL)
+ return 0;
+ if (crngt_get_entropy(buf, crngt_prev, NULL)) {
+ OPENSSL_cleanse(buf, sizeof(buf));
+ return 1;
+ }
+ rand_crngt_cleanup();
+ return 0;
+}
+
+static CRYPTO_ONCE rand_crngt_init_flag = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(do_rand_crngt_init)
+{
+ return OPENSSL_init_crypto(0, NULL)
+ && rand_crngt_init()
+ && OPENSSL_atexit(&rand_crngt_cleanup);
+}
+
+int rand_crngt_single_init(void)
+{
+ return RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init);
+}
+
+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
+ unsigned char **pout,
+ int entropy, size_t min_len, size_t max_len,
+ int prediction_resistance)
+{
+ unsigned char buf[CRNGT_BUFSIZ], md[EVP_MAX_MD_SIZE];
+ unsigned int sz;
+ RAND_POOL *pool;
+ size_t q, r = 0, s, t = 0;
+ int attempts = 3;
+
+ if (!RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init))
+ return 0;
+
+ if ((pool = rand_pool_new(entropy, 1, min_len, max_len)) == NULL)
+ return 0;
+
+ while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) {
+ s = q > sizeof(buf) ? sizeof(buf) : q;
+ if (!crngt_get_entropy(buf, md, &sz)
+ || memcmp(crngt_prev, md, sz) == 0
+ || !rand_pool_add(pool, buf, s, s * 8))
+ goto err;
+ memcpy(crngt_prev, md, sz);
+ t += s;
+ attempts++;
+ }
+ r = t;
+ *pout = rand_pool_detach(pool);
+err:
+ OPENSSL_cleanse(buf, sizeof(buf));
+ rand_pool_free(pool);
+ return r;
+}
+
+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
+ unsigned char *out, size_t outlen)
+{
+ OPENSSL_secure_clear_free(out, outlen);
+}
diff -up openssl-1.1.1g/crypto/rand/rand_local.h.crng-test openssl-1.1.1g/crypto/rand/rand_local.h
--- openssl-1.1.1g/crypto/rand/rand_local.h.crng-test 2020-04-23 13:30:45.470397250 +0200
+++ openssl-1.1.1g/crypto/rand/rand_local.h 2020-04-23 13:30:45.864389819 +0200
@@ -33,7 +33,15 @@
# define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */
# define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */
-
+/*
+ * The number of bytes that constitutes an atomic lump of entropy with respect
+ * to the FIPS 140-2 section 4.9.2 Conditional Tests. The size is somewhat
+ * arbitrary, the smaller the value, the less entropy is consumed on first
+ * read but the higher the probability of the test failing by accident.
+ *
+ * The value is in bytes.
+ */
+#define CRNGT_BUFSIZ 16
/*
* Maximum input size for the DRBG (entropy, nonce, personalization string)
@@ -44,6 +52,8 @@
*/
# define DRBG_MAX_LENGTH INT32_MAX
+/* The default nonce */
+# define DRBG_DEFAULT_PERS_STRING "OpenSSL NIST SP 800-90A DRBG"
/*
* Maximum allocation size for RANDOM_POOL buffers
@@ -296,4 +306,22 @@ int rand_drbg_enable_locking(RAND_DRBG *
/* initializes the AES-CTR DRBG implementation */
int drbg_ctr_init(RAND_DRBG *drbg);
+/*
+ * Entropy call back for the FIPS 140-2 section 4.9.2 Conditional Tests.
+ * These need to be exposed for the unit tests.
+ */
+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
+ unsigned int *md_size);
+extern int (*crngt_get_entropy)(unsigned char *buf, unsigned char *md,
+ unsigned int *md_size);
+int rand_crngt_init(void);
+void rand_crngt_cleanup(void);
+
+/*
+ * Expose the run once initialisation function for the unit tests because.
+ * they need to restart from scratch to validate the first block is skipped
+ * properly.
+ */
+int rand_crngt_single_init(void);
+
#endif
diff -up openssl-1.1.1g/include/crypto/rand.h.crng-test openssl-1.1.1g/include/crypto/rand.h
--- openssl-1.1.1g/include/crypto/rand.h.crng-test 2020-04-23 13:30:45.824390573 +0200
+++ openssl-1.1.1g/include/crypto/rand.h 2020-04-23 13:30:45.864389819 +0200
@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN
void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
+/* CRNG test entropy filter callbacks. */
+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
+ unsigned char **pout,
+ int entropy, size_t min_len, size_t max_len,
+ int prediction_resistance);
+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
+ unsigned char *out, size_t outlen);
+
/*
* RAND_POOL functions
*/
diff -up openssl-1.1.1g/test/drbgtest.c.crng-test openssl-1.1.1g/test/drbgtest.c
--- openssl-1.1.1g/test/drbgtest.c.crng-test 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/test/drbgtest.c 2020-04-23 13:30:45.865389800 +0200
@@ -150,6 +150,31 @@ static size_t kat_nonce(RAND_DRBG *drbg,
return t->noncelen;
}
+ /*
+ * Disable CRNG testing if it is enabled.
+ * If the DRBG is ready or in an error state, this means an instantiate cycle
+ * for which the default personalisation string is used.
+ */
+static int disable_crngt(RAND_DRBG *drbg)
+{
+ static const char pers[] = DRBG_DEFAULT_PERS_STRING;
+ const int instantiate = drbg->state != DRBG_UNINITIALISED;
+
+ if (drbg->get_entropy != rand_crngt_get_entropy)
+ return 1;
+
+ if ((instantiate && !RAND_DRBG_uninstantiate(drbg))
+ || !TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_drbg_get_entropy,
+ &rand_drbg_cleanup_entropy,
+ &rand_drbg_get_nonce,
+ &rand_drbg_cleanup_nonce))
+ || (instantiate
+ && !RAND_DRBG_instantiate(drbg, (const unsigned char *)pers,
+ sizeof(pers) - 1)))
+ return 0;
+ return 1;
+}
+
static int uninstantiate(RAND_DRBG *drbg)
{
int ret = drbg == NULL ? 1 : RAND_DRBG_uninstantiate(drbg);
@@ -175,7 +200,8 @@ static int single_kat(DRBG_SELFTEST_DATA
if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL)))
return 0;
if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
- kat_nonce, NULL))) {
+ kat_nonce, NULL))
+ || !TEST_true(disable_crngt(drbg))) {
failures++;
goto err;
}
@@ -293,7 +319,8 @@ static int error_check(DRBG_SELFTEST_DAT
unsigned int reseed_counter_tmp;
int ret = 0;
- if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL)))
+ if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL))
+ || !TEST_true(disable_crngt(drbg)))
goto err;
/*
@@ -740,6 +767,10 @@ static int test_rand_drbg_reseed(void)
|| !TEST_ptr_eq(private->parent, master))
return 0;
+ /* Disable CRNG testing for the master DRBG */
+ if (!TEST_true(disable_crngt(master)))
+ return 0;
+
/* uninstantiate the three global DRBGs */
RAND_DRBG_uninstantiate(private);
RAND_DRBG_uninstantiate(public);
@@ -964,7 +995,8 @@ static int test_rand_seed(void)
size_t rand_buflen;
size_t required_seed_buflen = 0;
- if (!TEST_ptr(master = RAND_DRBG_get0_master()))
+ if (!TEST_ptr(master = RAND_DRBG_get0_master())
+ || !TEST_true(disable_crngt(master)))
return 0;
#ifdef OPENSSL_RAND_SEED_NONE
@@ -1013,6 +1045,95 @@ static int test_rand_add(void)
return 1;
}
+/*
+ * A list of the FIPS DRGB types.
+ */
+static const struct s_drgb_types {
+ int nid;
+ int flags;
+} drgb_types[] = {
+ { NID_aes_128_ctr, 0 },
+ { NID_aes_192_ctr, 0 },
+ { NID_aes_256_ctr, 0 },
+};
+
+/* Six cases for each covers seed sizes up to 32 bytes */
+static const size_t crngt_num_cases = 6;
+
+static size_t crngt_case, crngt_idx;
+
+static int crngt_entropy_cb(unsigned char *buf, unsigned char *md,
+ unsigned int *md_size)
+{
+ size_t i, z;
+
+ if (!TEST_int_lt(crngt_idx, crngt_num_cases))
+ return 0;
+ /* Generate a block of unique data unless this is the duplication point */
+ z = crngt_idx++;
+ if (z > 0 && crngt_case == z)
+ z--;
+ for (i = 0; i < CRNGT_BUFSIZ; i++)
+ buf[i] = (unsigned char)(i + 'A' + z);
+ return EVP_Digest(buf, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
+}
+
+static int test_crngt(int n)
+{
+ const struct s_drgb_types *dt = drgb_types + n / crngt_num_cases;
+ RAND_DRBG *drbg = NULL;
+ unsigned char buff[100];
+ size_t ent;
+ int res = 0;
+ int expect;
+
+ if (!TEST_true(rand_crngt_single_init()))
+ return 0;
+ rand_crngt_cleanup();
+
+ if (!TEST_ptr(drbg = RAND_DRBG_new(dt->nid, dt->flags, NULL)))
+ return 0;
+ ent = (drbg->min_entropylen + CRNGT_BUFSIZ - 1) / CRNGT_BUFSIZ;
+ crngt_case = n % crngt_num_cases;
+ crngt_idx = 0;
+ crngt_get_entropy = &crngt_entropy_cb;
+ if (!TEST_true(rand_crngt_init()))
+ goto err;
+#ifndef OPENSSL_FIPS
+ if (!TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_crngt_get_entropy,
+ &rand_crngt_cleanup_entropy,
+ &rand_drbg_get_nonce,
+ &rand_drbg_cleanup_nonce)))
+ goto err;
+#endif
+ expect = crngt_case == 0 || crngt_case > ent;
+ if (!TEST_int_eq(RAND_DRBG_instantiate(drbg, NULL, 0), expect))
+ goto err;
+ if (!expect)
+ goto fin;
+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
+ goto err;
+
+ expect = crngt_case == 0 || crngt_case > 2 * ent;
+ if (!TEST_int_eq(RAND_DRBG_reseed(drbg, NULL, 0, 0), expect))
+ goto err;
+ if (!expect)
+ goto fin;
+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
+ goto err;
+
+fin:
+ res = 1;
+err:
+ if (!res)
+ TEST_note("DRBG %zd case %zd block %zd", n / crngt_num_cases,
+ crngt_case, crngt_idx);
+ uninstantiate(drbg);
+ RAND_DRBG_free(drbg);
+ crngt_get_entropy = &rand_crngt_get_entropy_cb;
+ return res;
+}
+
int setup_tests(void)
{
app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
@@ -1025,5 +1146,6 @@ int setup_tests(void)
#if defined(OPENSSL_THREADS)
ADD_TEST(test_multi_thread);
#endif
+ ADD_ALL_TESTS(test_crngt, crngt_num_cases * OSSL_NELEM(drgb_types));
return 1;
}

View File

@ -1,200 +0,0 @@
diff -up openssl-1.1.1g/crypto/ec/ec_curve.c.fips-curves openssl-1.1.1g/crypto/ec/ec_curve.c
--- openssl-1.1.1g/crypto/ec/ec_curve.c.fips-curves 2020-05-18 12:59:54.839643980 +0200
+++ openssl-1.1.1g/crypto/ec/ec_curve.c 2020-05-18 12:59:54.852644093 +0200
@@ -13,6 +13,7 @@
#include <openssl/err.h>
#include <openssl/obj_mac.h>
#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
#include "internal/nelem.h"
typedef struct {
@@ -237,6 +238,7 @@ static const struct {
typedef struct _ec_list_element_st {
int nid;
+ int fips_allowed;
const EC_CURVE_DATA *data;
const EC_METHOD *(*meth) (void);
const char *comment;
@@ -246,23 +248,23 @@ static const ec_list_element curve_list[
/* prime field curves */
/* secg curves */
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
- {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
+ {NID_secp224r1, 1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
"NIST/SECG curve over a 224 bit prime field"},
#else
- {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
+ {NID_secp224r1, 1, &_EC_NIST_PRIME_224.h, 0,
"NIST/SECG curve over a 224 bit prime field"},
#endif
- {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
+ {NID_secp256k1, 0, &_EC_SECG_PRIME_256K1.h, 0,
"SECG curve over a 256 bit prime field"},
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
- {NID_secp384r1, &_EC_NIST_PRIME_384.h,
+ {NID_secp384r1, 1, &_EC_NIST_PRIME_384.h,
# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp384_method,
# else
0,
# endif
"NIST/SECG curve over a 384 bit prime field"},
- {NID_secp521r1, &_EC_NIST_PRIME_521.h,
+ {NID_secp521r1, 1, &_EC_NIST_PRIME_521.h,
# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp521_method,
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
@@ -272,7 +274,7 @@ static const ec_list_element curve_list[
# endif
"NIST/SECG curve over a 521 bit prime field"},
/* X9.62 curves */
- {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
+ {NID_X9_62_prime256v1, 1, &_EC_X9_62_PRIME_256V1.h,
#if defined(ECP_NISTZ256_ASM)
EC_GFp_nistz256_method,
# elif defined(S390X_EC_ASM)
@@ -404,6 +406,10 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int
for (i = 0; i < curve_list_length; i++)
if (curve_list[i].nid == nid) {
+ if (!curve_list[i].fips_allowed && FIPS_mode()) {
+ ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_NOT_A_NIST_PRIME);
+ return NULL;
+ }
ret = ec_group_new_from_data(curve_list[i]);
break;
}
@@ -418,19 +424,31 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int
size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
{
- size_t i, min;
+ size_t i, j, num;
+ int fips_mode = FIPS_mode();
- if (r == NULL || nitems == 0)
- return curve_list_length;
+ num = curve_list_length;
+ if (fips_mode)
+ for (i = 0; i < curve_list_length; i++) {
+ if (!curve_list[i].fips_allowed)
+ --num;
+ }
- min = nitems < curve_list_length ? nitems : curve_list_length;
+ if (r == NULL || nitems == 0) {
+ return num;
+ }
- for (i = 0; i < min; i++) {
- r[i].nid = curve_list[i].nid;
- r[i].comment = curve_list[i].comment;
+ for (i = 0, j = 0; i < curve_list_length; i++) {
+ if (j >= nitems)
+ break;
+ if (!fips_mode || curve_list[i].fips_allowed) {
+ r[j].nid = curve_list[i].nid;
+ r[j].comment = curve_list[i].comment;
+ ++j;
+ }
}
- return curve_list_length;
+ return num;
}
/* Functions to translate between common NIST curve names and NIDs */
diff -up openssl-1.1.1g/ssl/t1_lib.c.fips-curves openssl-1.1.1g/ssl/t1_lib.c
--- openssl-1.1.1g/ssl/t1_lib.c.fips-curves 2020-05-18 12:59:54.797643616 +0200
+++ openssl-1.1.1g/ssl/t1_lib.c 2020-05-18 13:03:54.748725463 +0200
@@ -678,6 +678,36 @@ static const uint16_t tls12_sigalgs[] =
#endif
};
+static const uint16_t tls12_fips_sigalgs[] = {
+#ifndef OPENSSL_NO_EC
+ TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
+ TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
+ TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
+#endif
+
+ TLSEXT_SIGALG_rsa_pss_pss_sha256,
+ TLSEXT_SIGALG_rsa_pss_pss_sha384,
+ TLSEXT_SIGALG_rsa_pss_pss_sha512,
+ TLSEXT_SIGALG_rsa_pss_rsae_sha256,
+ TLSEXT_SIGALG_rsa_pss_rsae_sha384,
+ TLSEXT_SIGALG_rsa_pss_rsae_sha512,
+
+ TLSEXT_SIGALG_rsa_pkcs1_sha256,
+ TLSEXT_SIGALG_rsa_pkcs1_sha384,
+ TLSEXT_SIGALG_rsa_pkcs1_sha512,
+
+#ifndef OPENSSL_NO_EC
+ TLSEXT_SIGALG_ecdsa_sha224,
+#endif
+ TLSEXT_SIGALG_rsa_pkcs1_sha224,
+#ifndef OPENSSL_NO_DSA
+ TLSEXT_SIGALG_dsa_sha224,
+ TLSEXT_SIGALG_dsa_sha256,
+ TLSEXT_SIGALG_dsa_sha384,
+ TLSEXT_SIGALG_dsa_sha512,
+#endif
+};
+
#ifndef OPENSSL_NO_EC
static const uint16_t suiteb_sigalgs[] = {
TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
@@ -894,6 +924,8 @@ static const SIGALG_LOOKUP *tls1_get_leg
}
if (idx < 0 || idx >= (int)OSSL_NELEM(tls_default_sigalg))
return NULL;
+ if (FIPS_mode()) /* We do not allow legacy SHA1 signatures in FIPS mode */
+ return NULL;
if (SSL_USE_SIGALGS(s) || idx != SSL_PKEY_RSA) {
const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(tls_default_sigalg[idx]);
@@ -954,6 +986,9 @@ size_t tls12_get_psigalgs(SSL *s, int se
} else if (s->cert->conf_sigalgs) {
*psigs = s->cert->conf_sigalgs;
return s->cert->conf_sigalgslen;
+ } else if (FIPS_mode()) {
+ *psigs = tls12_fips_sigalgs;
+ return OSSL_NELEM(tls12_fips_sigalgs);
} else {
*psigs = tls12_sigalgs;
return OSSL_NELEM(tls12_sigalgs);
@@ -973,6 +1008,9 @@ int tls_check_sigalg_curve(const SSL *s,
if (s->cert->conf_sigalgs) {
sigs = s->cert->conf_sigalgs;
siglen = s->cert->conf_sigalgslen;
+ } else if (FIPS_mode()) {
+ sigs = tls12_fips_sigalgs;
+ siglen = OSSL_NELEM(tls12_fips_sigalgs);
} else {
sigs = tls12_sigalgs;
siglen = OSSL_NELEM(tls12_sigalgs);
@@ -1617,6 +1655,8 @@ static int tls12_sigalg_allowed(const SS
if (lu->sig == NID_id_GostR3410_2012_256
|| lu->sig == NID_id_GostR3410_2012_512
|| lu->sig == NID_id_GostR3410_2001) {
+ if (FIPS_mode())
+ return 0;
/* We never allow GOST sig algs on the server with TLSv1.3 */
if (s->server && SSL_IS_TLS13(s))
return 0;
@@ -2842,6 +2882,13 @@ int tls_choose_sigalg(SSL *s, int fatale
const uint16_t *sent_sigs;
size_t sent_sigslen;
+ if (fatalerrs && FIPS_mode()) {
+ /* There are no suitable legacy algorithms in FIPS mode */
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_CHOOSE_SIGALG,
+ SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+ return 0;
+ }
if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
if (!fatalerrs)
return 1;

File diff suppressed because it is too large Load Diff

View File

@ -1,587 +0,0 @@
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest openssl-1.1.1g/crypto/fips/fips_post.c
--- openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest 2020-04-23 13:33:12.500624151 +0200
+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-04-23 13:33:12.618621925 +0200
@@ -67,12 +67,18 @@
# include <openssl/fips.h>
# include "crypto/fips.h"
+# include "crypto/rand.h"
# include "fips_locl.h"
/* Run all selftests */
int FIPS_selftest(void)
{
int rv = 1;
+ if (!rand_drbg_selftest()) {
+ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_TEST_FAILURE);
+ ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
+ rv = 0;
+ }
if (!FIPS_selftest_drbg())
rv = 0;
if (!FIPS_selftest_sha1())
diff -up openssl-1.1.1g/crypto/rand/build.info.drbg-selftest openssl-1.1.1g/crypto/rand/build.info
--- openssl-1.1.1g/crypto/rand/build.info.drbg-selftest 2020-04-23 13:33:12.619621907 +0200
+++ openssl-1.1.1g/crypto/rand/build.info 2020-04-23 13:34:10.857523497 +0200
@@ -1,6 +1,6 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
- rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
+ rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c drbg_selftest.c
INCLUDE[drbg_ctr.o]=../modes
diff -up openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest openssl-1.1.1g/crypto/rand/drbg_selftest.c
--- openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest 2020-04-23 13:33:12.619621907 +0200
+++ openssl-1.1.1g/crypto/rand/drbg_selftest.c 2020-04-23 13:33:12.619621907 +0200
@@ -0,0 +1,537 @@
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <stddef.h>
+#include "internal/nelem.h"
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand_drbg.h>
+#include <openssl/obj_mac.h>
+#include "internal/thread_once.h"
+#include "crypto/rand.h"
+
+typedef struct test_ctx_st {
+ const unsigned char *entropy;
+ size_t entropylen;
+ int entropycnt;
+ const unsigned char *nonce;
+ size_t noncelen;
+ int noncecnt;
+} TEST_CTX;
+
+static int app_data_index = -1;
+static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(drbg_app_data_index_init)
+{
+ app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
+
+ return 1;
+}
+
+enum drbg_kat_type {
+ NO_RESEED,
+ PR_FALSE,
+ PR_TRUE
+};
+
+enum drbg_df {
+ USE_DF,
+ NO_DF,
+ NA
+};
+
+struct drbg_kat_no_reseed {
+ size_t count;
+ const unsigned char *entropyin;
+ const unsigned char *nonce;
+ const unsigned char *persstr;
+ const unsigned char *addin1;
+ const unsigned char *addin2;
+ const unsigned char *retbytes;
+};
+
+struct drbg_kat_pr_false {
+ size_t count;
+ const unsigned char *entropyin;
+ const unsigned char *nonce;
+ const unsigned char *persstr;
+ const unsigned char *entropyinreseed;
+ const unsigned char *addinreseed;
+ const unsigned char *addin1;
+ const unsigned char *addin2;
+ const unsigned char *retbytes;
+};
+
+struct drbg_kat_pr_true {
+ size_t count;
+ const unsigned char *entropyin;
+ const unsigned char *nonce;
+ const unsigned char *persstr;
+ const unsigned char *entropyinpr1;
+ const unsigned char *addin1;
+ const unsigned char *entropyinpr2;
+ const unsigned char *addin2;
+ const unsigned char *retbytes;
+};
+
+struct drbg_kat {
+ enum drbg_kat_type type;
+ enum drbg_df df;
+ int nid;
+
+ size_t entropyinlen;
+ size_t noncelen;
+ size_t persstrlen;
+ size_t addinlen;
+ size_t retbyteslen;
+
+ const void *t;
+};
+
+/*
+ * Excerpt from test/drbg_cavs_data.c
+ * DRBG test vectors from:
+ * https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/
+ */
+
+static const unsigned char kat1308_entropyin[] = {
+ 0x7c, 0x5d, 0x90, 0x70, 0x3b, 0x8a, 0xc7, 0x0f, 0x23, 0x73, 0x24, 0x9c,
+ 0xa7, 0x15, 0x41, 0x71, 0x7a, 0x31, 0xea, 0x32, 0xfc, 0x28, 0x0d, 0xd7,
+ 0x5b, 0x09, 0x01, 0x98, 0x1b, 0xe2, 0xa5, 0x53, 0xd9, 0x05, 0x32, 0x97,
+ 0xec, 0xbe, 0x86, 0xfd, 0x1c, 0x1c, 0x71, 0x4c, 0x52, 0x29, 0x9e, 0x52,
+};
+static const unsigned char kat1308_nonce[] = {0};
+static const unsigned char kat1308_persstr[] = {
+ 0xdc, 0x07, 0x2f, 0x68, 0xfa, 0x77, 0x03, 0x23, 0x42, 0xb0, 0xf5, 0xa2,
+ 0xd9, 0xad, 0xa1, 0xd0, 0xad, 0xa2, 0x14, 0xb4, 0xd0, 0x8e, 0xfb, 0x39,
+ 0xdd, 0xc2, 0xac, 0xfb, 0x98, 0xdf, 0x7f, 0xce, 0x4c, 0x75, 0x56, 0x45,
+ 0xcd, 0x86, 0x93, 0x74, 0x90, 0x6e, 0xf6, 0x9e, 0x85, 0x7e, 0xfb, 0xc3,
+};
+static const unsigned char kat1308_addin0[] = {
+ 0x52, 0x25, 0xc4, 0x2f, 0x03, 0xce, 0x29, 0x71, 0xc5, 0x0b, 0xc3, 0x4e,
+ 0xad, 0x8d, 0x6f, 0x17, 0x82, 0xe1, 0xf3, 0xfd, 0xfd, 0x9b, 0x94, 0x9a,
+ 0x1d, 0xac, 0xd0, 0xd4, 0x3f, 0x2b, 0xe3, 0xab, 0x7c, 0x3d, 0x3e, 0x5a,
+ 0x68, 0xbb, 0xa4, 0x74, 0x68, 0x1a, 0xc6, 0x27, 0xff, 0xe0, 0xc0, 0x6c,
+};
+static const unsigned char kat1308_addin1[] = {
+ 0xdc, 0x91, 0xd7, 0xb7, 0xb9, 0x94, 0x79, 0x0f, 0x06, 0xc4, 0x70, 0x19,
+ 0x33, 0x25, 0x7c, 0x96, 0x01, 0xa0, 0x62, 0xb0, 0x50, 0xe6, 0xc0, 0x3a,
+ 0x56, 0x8f, 0xc5, 0x50, 0x48, 0xc6, 0xf4, 0x49, 0xe5, 0x70, 0x16, 0x2e,
+ 0xae, 0xf2, 0x99, 0xb4, 0x2d, 0x70, 0x18, 0x16, 0xcd, 0xe0, 0x24, 0xe4,
+};
+static const unsigned char kat1308_retbits[] = {
+ 0xde, 0xf8, 0x91, 0x1b, 0xf1, 0xe1, 0xa9, 0x97, 0xd8, 0x61, 0x84, 0xe2,
+ 0xdb, 0x83, 0x3e, 0x60, 0x45, 0xcd, 0xc8, 0x66, 0x93, 0x28, 0xc8, 0x92,
+ 0xbc, 0x25, 0xae, 0xe8, 0xb0, 0xed, 0xed, 0x16, 0x3d, 0xa5, 0xf9, 0x0f,
+ 0xb3, 0x72, 0x08, 0x84, 0xac, 0x3c, 0x3b, 0xaa, 0x5f, 0xf9, 0x7d, 0x63,
+ 0x3e, 0xde, 0x59, 0x37, 0x0e, 0x40, 0x12, 0x2b, 0xbc, 0x6c, 0x96, 0x53,
+ 0x26, 0x32, 0xd0, 0xb8,
+};
+static const struct drbg_kat_no_reseed kat1308_t = {
+ 2, kat1308_entropyin, kat1308_nonce, kat1308_persstr,
+ kat1308_addin0, kat1308_addin1, kat1308_retbits
+};
+static const struct drbg_kat kat1308 = {
+ NO_RESEED, NO_DF, NID_aes_256_ctr, 48, 0, 48, 48, 64, &kat1308_t
+};
+
+static const unsigned char kat1465_entropyin[] = {
+ 0xc9, 0x96, 0x3a, 0x15, 0x51, 0x76, 0x4f, 0xe0, 0x45, 0x82, 0x8a, 0x64,
+ 0x87, 0xbe, 0xaa, 0xc0,
+};
+static const unsigned char kat1465_nonce[] = {
+ 0x08, 0xcd, 0x69, 0x39, 0xf8, 0x58, 0x9a, 0x85,
+};
+static const unsigned char kat1465_persstr[] = {0};
+static const unsigned char kat1465_entropyinreseed[] = {
+ 0x16, 0xcc, 0x35, 0x15, 0xb1, 0x17, 0xf5, 0x33, 0x80, 0x9a, 0x80, 0xc5,
+ 0x1f, 0x4b, 0x7b, 0x51,
+};
+static const unsigned char kat1465_addinreseed[] = {
+ 0xf5, 0x3d, 0xf1, 0x2e, 0xdb, 0x28, 0x1c, 0x00, 0x7b, 0xcb, 0xb6, 0x12,
+ 0x61, 0x9f, 0x26, 0x5f,
+};
+static const unsigned char kat1465_addin0[] = {
+ 0xe2, 0x67, 0x06, 0x62, 0x09, 0xa7, 0xcf, 0xd6, 0x84, 0x8c, 0x20, 0xf6,
+ 0x10, 0x5a, 0x73, 0x9c,
+};
+static const unsigned char kat1465_addin1[] = {
+ 0x26, 0xfa, 0x50, 0xe1, 0xb3, 0xcb, 0x65, 0xed, 0xbc, 0x6d, 0xda, 0x18,
+ 0x47, 0x99, 0x1f, 0xeb,
+};
+static const unsigned char kat1465_retbits[] = {
+ 0xf9, 0x47, 0xc6, 0xb0, 0x58, 0xa8, 0x66, 0x8a, 0xf5, 0x2b, 0x2a, 0x6d,
+ 0x4e, 0x24, 0x6f, 0x65, 0xbf, 0x51, 0x22, 0xbf, 0xe8, 0x8d, 0x6c, 0xeb,
+ 0xf9, 0x68, 0x7f, 0xed, 0x3b, 0xdd, 0x6b, 0xd5, 0x28, 0x47, 0x56, 0x52,
+ 0xda, 0x50, 0xf0, 0x90, 0x73, 0x95, 0x06, 0x58, 0xaf, 0x08, 0x98, 0x6e,
+ 0x24, 0x18, 0xfd, 0x2f, 0x48, 0x72, 0x57, 0xd6, 0x59, 0xab, 0xe9, 0x41,
+ 0x58, 0xdb, 0x27, 0xba,
+};
+static const struct drbg_kat_pr_false kat1465_t = {
+ 9, kat1465_entropyin, kat1465_nonce, kat1465_persstr,
+ kat1465_entropyinreseed, kat1465_addinreseed, kat1465_addin0,
+ kat1465_addin1, kat1465_retbits
+};
+static const struct drbg_kat kat1465 = {
+ PR_FALSE, USE_DF, NID_aes_128_ctr, 16, 8, 0, 16, 64, &kat1465_t
+};
+
+static const unsigned char kat3146_entropyin[] = {
+ 0xd7, 0x08, 0x42, 0x82, 0xc2, 0xd2, 0xd1, 0xde, 0x01, 0xb4, 0x36, 0xb3,
+ 0x7f, 0xbd, 0xd3, 0xdd, 0xb3, 0xc4, 0x31, 0x4f, 0x8f, 0xa7, 0x10, 0xf4,
+};
+static const unsigned char kat3146_nonce[] = {
+ 0x7b, 0x9e, 0xcd, 0x49, 0x4f, 0x46, 0xa0, 0x08, 0x32, 0xff, 0x2e, 0xc3,
+ 0x50, 0x86, 0xca, 0xca,
+};
+static const unsigned char kat3146_persstr[] = {0};
+static const unsigned char kat3146_entropyinpr1[] = {
+ 0x68, 0xd0, 0x7b, 0xa4, 0xe7, 0x22, 0x19, 0xe6, 0xb6, 0x46, 0x6a, 0xda,
+ 0x8e, 0x67, 0xea, 0x63, 0x3f, 0xaf, 0x2f, 0x6c, 0x9d, 0x5e, 0x48, 0x15,
+};
+static const unsigned char kat3146_addinpr1[] = {
+ 0x70, 0x0f, 0x54, 0xf4, 0x53, 0xde, 0xca, 0x61, 0x5c, 0x49, 0x51, 0xd1,
+ 0x41, 0xc4, 0xf1, 0x2f, 0x65, 0xfb, 0x7e, 0xbc, 0x9b, 0x14, 0xba, 0x90,
+ 0x05, 0x33, 0x7e, 0x64, 0xb7, 0x2b, 0xaf, 0x99,
+};
+static const unsigned char kat3146_entropyinpr2[] = {
+ 0xeb, 0x77, 0xb0, 0xe9, 0x2d, 0x31, 0xc8, 0x66, 0xc5, 0xc4, 0xa7, 0xf7,
+ 0x6c, 0xb2, 0x74, 0x36, 0x4b, 0x25, 0x78, 0x04, 0xd8, 0xd7, 0xd2, 0x34,
+};
+static const unsigned char kat3146_addinpr2[] = {
+ 0x05, 0xcd, 0x2a, 0x97, 0x5a, 0x5d, 0xfb, 0x98, 0xc1, 0xf1, 0x00, 0x0c,
+ 0xed, 0xe6, 0x2a, 0xba, 0xf0, 0x89, 0x1f, 0x5a, 0x4f, 0xd7, 0x48, 0xb3,
+ 0x24, 0xc0, 0x8a, 0x3d, 0x60, 0x59, 0x5d, 0xb6,
+};
+static const unsigned char kat3146_retbits[] = {
+ 0x29, 0x94, 0xa4, 0xa8, 0x17, 0x3e, 0x62, 0x2f, 0x94, 0xdd, 0x40, 0x1f,
+ 0xe3, 0x7e, 0x77, 0xd4, 0x38, 0xbc, 0x0e, 0x49, 0x46, 0xf6, 0x0e, 0x28,
+ 0x91, 0xc6, 0x9c, 0xc4, 0xa6, 0xa1, 0xf8, 0x9a, 0x64, 0x5e, 0x99, 0x76,
+ 0xd0, 0x2d, 0xee, 0xde, 0xe1, 0x2c, 0x93, 0x29, 0x4b, 0x12, 0xcf, 0x87,
+ 0x03, 0x98, 0xb9, 0x74, 0x41, 0xdb, 0x3a, 0x49, 0x9f, 0x92, 0xd0, 0x45,
+ 0xd4, 0x30, 0x73, 0xbb,
+};
+static const struct drbg_kat_pr_true kat3146_t = {
+ 10, kat3146_entropyin, kat3146_nonce, kat3146_persstr,
+ kat3146_entropyinpr1, kat3146_addinpr1, kat3146_entropyinpr2,
+ kat3146_addinpr2, kat3146_retbits
+};
+static const struct drbg_kat kat3146 = {
+ PR_TRUE, USE_DF, NID_aes_192_ctr, 24, 16, 0, 32, 64, &kat3146_t
+};
+
+static const struct drbg_kat *drbg_test[] = { &kat1308, &kat1465, &kat3146 };
+
+static const size_t drbg_test_nelem = OSSL_NELEM(drbg_test);
+
+static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout,
+ int entropy, size_t min_len, size_t max_len,
+ int prediction_resistance)
+{
+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
+
+ t->entropycnt++;
+ *pout = (unsigned char *)t->entropy;
+ return t->entropylen;
+}
+
+static size_t kat_nonce(RAND_DRBG *drbg, unsigned char **pout,
+ int entropy, size_t min_len, size_t max_len)
+{
+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
+
+ t->noncecnt++;
+ *pout = (unsigned char *)t->nonce;
+ return t->noncelen;
+}
+
+/*
+ * Do a single NO_RESEED KAT:
+ *
+ * Instantiate
+ * Generate Random Bits (pr=false)
+ * Generate Random Bits (pr=false)
+ * Uninstantiate
+ *
+ * Return 0 on failure.
+ */
+static int single_kat_no_reseed(const struct drbg_kat *td)
+{
+ struct drbg_kat_no_reseed *data = (struct drbg_kat_no_reseed *)td->t;
+ RAND_DRBG *drbg = NULL;
+ unsigned char *buff = NULL;
+ unsigned int flags = 0;
+ int failures = 0;
+ TEST_CTX t;
+
+ if (td->df != USE_DF)
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
+
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
+ return 0;
+
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
+ kat_nonce, NULL)) {
+ failures++;
+ goto err;
+ }
+ memset(&t, 0, sizeof(t));
+ t.entropy = data->entropyin;
+ t.entropylen = td->entropyinlen;
+ t.nonce = data->nonce;
+ t.noncelen = td->noncelen;
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
+
+ buff = OPENSSL_malloc(td->retbyteslen);
+ if (buff == NULL) {
+ failures++;
+ goto err;
+ }
+
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
+ data->addin1, td->addinlen)
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
+ data->addin2, td->addinlen)
+ || memcmp(data->retbytes, buff,
+ td->retbyteslen) != 0)
+ failures++;
+
+err:
+ OPENSSL_free(buff);
+ RAND_DRBG_uninstantiate(drbg);
+ RAND_DRBG_free(drbg);
+ return failures == 0;
+}
+
+/*-
+ * Do a single PR_FALSE KAT:
+ *
+ * Instantiate
+ * Reseed
+ * Generate Random Bits (pr=false)
+ * Generate Random Bits (pr=false)
+ * Uninstantiate
+ *
+ * Return 0 on failure.
+ */
+static int single_kat_pr_false(const struct drbg_kat *td)
+{
+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
+ RAND_DRBG *drbg = NULL;
+ unsigned char *buff = NULL;
+ unsigned int flags = 0;
+ int failures = 0;
+ TEST_CTX t;
+
+ if (td->df != USE_DF)
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
+
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
+ return 0;
+
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
+ kat_nonce, NULL)) {
+ failures++;
+ goto err;
+ }
+ memset(&t, 0, sizeof(t));
+ t.entropy = data->entropyin;
+ t.entropylen = td->entropyinlen;
+ t.nonce = data->nonce;
+ t.noncelen = td->noncelen;
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
+
+ buff = OPENSSL_malloc(td->retbyteslen);
+ if (buff == NULL) {
+ failures++;
+ goto err;
+ }
+
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
+ failures++;
+
+ t.entropy = data->entropyinreseed;
+ t.entropylen = td->entropyinlen;
+
+ if (!RAND_DRBG_reseed(drbg, data->addinreseed, td->addinlen, 0)
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
+ data->addin1, td->addinlen)
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
+ data->addin2, td->addinlen)
+ || memcmp(data->retbytes, buff,
+ td->retbyteslen) != 0)
+ failures++;
+
+err:
+ OPENSSL_free(buff);
+ RAND_DRBG_uninstantiate(drbg);
+ RAND_DRBG_free(drbg);
+ return failures == 0;
+}
+
+/*-
+ * Do a single PR_TRUE KAT:
+ *
+ * Instantiate
+ * Generate Random Bits (pr=true)
+ * Generate Random Bits (pr=true)
+ * Uninstantiate
+ *
+ * Return 0 on failure.
+ */
+static int single_kat_pr_true(const struct drbg_kat *td)
+{
+ struct drbg_kat_pr_true *data = (struct drbg_kat_pr_true *)td->t;
+ RAND_DRBG *drbg = NULL;
+ unsigned char *buff = NULL;
+ unsigned int flags = 0;
+ int failures = 0;
+ TEST_CTX t;
+
+ if (td->df != USE_DF)
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
+
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
+ return 0;
+
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
+ kat_nonce, NULL)) {
+ failures++;
+ goto err;
+ }
+ memset(&t, 0, sizeof(t));
+ t.nonce = data->nonce;
+ t.noncelen = td->noncelen;
+ t.entropy = data->entropyin;
+ t.entropylen = td->entropyinlen;
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
+
+ buff = OPENSSL_malloc(td->retbyteslen);
+ if (buff == NULL) {
+ failures++;
+ goto err;
+ }
+
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
+ failures++;
+
+ t.entropy = data->entropyinpr1;
+ t.entropylen = td->entropyinlen;
+
+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
+ data->addin1, td->addinlen))
+ failures++;
+
+ t.entropy = data->entropyinpr2;
+ t.entropylen = td->entropyinlen;
+
+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
+ data->addin2, td->addinlen)
+ || memcmp(data->retbytes, buff,
+ td->retbyteslen) != 0)
+ failures++;
+
+err:
+ OPENSSL_free(buff);
+ RAND_DRBG_uninstantiate(drbg);
+ RAND_DRBG_free(drbg);
+ return failures == 0;
+}
+
+static int test_kats(int i)
+{
+ const struct drbg_kat *td = drbg_test[i];
+ int rv = 0;
+
+ switch (td->type) {
+ case NO_RESEED:
+ if (!single_kat_no_reseed(td))
+ goto err;
+ break;
+ case PR_FALSE:
+ if (!single_kat_pr_false(td))
+ goto err;
+ break;
+ case PR_TRUE:
+ if (!single_kat_pr_true(td))
+ goto err;
+ break;
+ default: /* cant happen */
+ goto err;
+ }
+ rv = 1;
+err:
+ return rv;
+}
+
+/*-
+ * Do one expected-error test:
+ *
+ * Instantiate with no entropy supplied
+ *
+ * Return 0 on failure.
+ */
+static int test_drbg_sanity(const struct drbg_kat *td)
+{
+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
+ RAND_DRBG *drbg = NULL;
+ unsigned int flags = 0;
+ int failures = 0;
+ TEST_CTX t;
+
+ if (td->df != USE_DF)
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
+
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
+ return 0;
+
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
+ kat_nonce, NULL)) {
+ failures++;
+ goto err;
+ }
+ memset(&t, 0, sizeof(t));
+ t.entropy = data->entropyin;
+ t.entropylen = 0; /* No entropy */
+ t.nonce = data->nonce;
+ t.noncelen = td->noncelen;
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
+
+ ERR_set_mark();
+ /* This must fail. */
+ if (RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
+ failures++;
+ RAND_DRBG_uninstantiate(drbg);
+ ERR_pop_to_mark();
+
+err:
+ RAND_DRBG_free(drbg);
+ return failures == 0;
+}
+
+
+int rand_drbg_selftest(void)
+{
+ int i;
+
+ if (!RUN_ONCE(&get_index_once, drbg_app_data_index_init))
+ return 0;
+
+ for (i = 0; i < drbg_test_nelem; i++) {
+ if (test_kats(i) <= 0)
+ return 0;
+ }
+
+ if (test_drbg_sanity(&kat1465) <= 0)
+ return 0;
+
+ return 1;
+}
diff -up openssl-1.1.1g/include/crypto/rand.h.drbg-selftest openssl-1.1.1g/include/crypto/rand.h
--- openssl-1.1.1g/include/crypto/rand.h.drbg-selftest 2020-04-23 13:33:12.587622510 +0200
+++ openssl-1.1.1g/include/crypto/rand.h 2020-04-23 13:33:12.619621907 +0200
@@ -140,4 +140,9 @@ void rand_pool_cleanup(void);
*/
void rand_pool_keep_random_devices_open(int keep);
+/*
+ * Perform the DRBG KAT selftests
+ */
+int rand_drbg_selftest(void);
+
#endif

View File

@ -1,189 +0,0 @@
diff -up openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand openssl-1.1.1e/crypto/fips/fips.c
--- openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand 2020-03-17 18:06:16.822418854 +0100
+++ openssl-1.1.1e/crypto/fips/fips.c 2020-03-17 18:06:16.861418172 +0100
@@ -68,6 +68,7 @@
# include <openssl/fips.h>
# include "internal/thread_once.h"
+# include "crypto/rand.h"
# ifndef PATH_MAX
# define PATH_MAX 1024
@@ -76,6 +77,7 @@
static int fips_selftest_fail = 0;
static int fips_mode = 0;
static int fips_started = 0;
+static int fips_post = 0;
static int fips_is_owning_thread(void);
static int fips_set_owning_thread(void);
@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void)
fips_selftest_fail = 1;
}
+int fips_in_post(void)
+{
+ return fips_post;
+}
+
/* we implement what libfipscheck does ourselves */
static int
@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff)
}
# endif
+ fips_post = 1;
+
if (!FIPS_selftest()) {
fips_selftest_fail = 1;
ret = 0;
@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff)
goto end;
}
+ fips_post = 0;
+
fips_set_mode(onoff);
+ /* force RNG reseed with entropy from getrandom() on next call */
+ rand_force_reseed();
+
ret = 1;
goto end;
}
diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1e/crypto/rand/drbg_lib.c
--- openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/rand/drbg_lib.c 2020-03-17 18:07:35.305045521 +0100
@@ -1009,6 +1009,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
return min_entropy > min_entropylen ? min_entropy : min_entropylen;
}
+void rand_force_reseed(void)
+{
+ RAND_DRBG *drbg;
+
+ drbg = RAND_DRBG_get0_master();
+ drbg->fork_id = 0;
+
+ drbg = RAND_DRBG_get0_private();
+ drbg->fork_id = 0;
+
+ drbg = RAND_DRBG_get0_public();
+ drbg->fork_id = 0;
+}
+
/* Implements the default OpenSSL RAND_add() method */
static int drbg_add(const void *buf, int num, double randomness)
{
diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/crypto/rand/rand_unix.c
--- openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/rand/rand_unix.c 2020-03-17 18:09:01.503537189 +0100
@@ -17,10 +17,12 @@
#include <openssl/crypto.h>
#include "rand_local.h"
#include "crypto/rand.h"
+#include "crypto/fips.h"
#include <stdio.h>
#include "internal/dso.h"
#ifdef __linux
# include <sys/syscall.h>
+# include <sys/random.h>
# ifdef DEVRANDOM_WAIT
# include <sys/shm.h>
# include <sys/utsname.h>
@@ -342,7 +344,7 @@ static ssize_t sysctl_random(char *buf,
* syscall_random(): Try to get random data using a system call
* returns the number of bytes returned in buf, or < 0 on error.
*/
-static ssize_t syscall_random(void *buf, size_t buflen)
+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock)
{
/*
* Note: 'buflen' equals the size of the buffer which is used by the
@@ -364,6 +366,7 @@ static ssize_t syscall_random(void *buf,
* - Linux since 3.17 with glibc 2.25
* - FreeBSD since 12.0 (1200061)
*/
+# if 0
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
@@ -385,10 +388,10 @@ static ssize_t syscall_random(void *buf,
if (p_getentropy.p != NULL)
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
# endif
-
+# endif
/* Linux supports this since version 3.17 */
-# if defined(__linux) && defined(__NR_getrandom)
- return syscall(__NR_getrandom, buf, buflen, 0);
+# if defined(__linux) && defined(SYS_getrandom)
+ return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
return sysctl_random(buf, buflen);
# else
@@ -623,6 +626,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
size_t entropy_available;
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
+ int in_post;
+
+ for (in_post = fips_in_post(); in_post >= 0; --in_post) {
{
size_t bytes_needed;
unsigned char *buffer;
@@ -633,7 +639,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
while (bytes_needed != 0 && attempts-- > 0) {
buffer = rand_pool_add_begin(pool, bytes_needed);
- bytes = syscall_random(buffer, bytes_needed);
+ bytes = syscall_random(buffer, bytes_needed, in_post);
if (bytes > 0) {
rand_pool_add_end(pool, bytes, 8 * bytes);
bytes_needed -= bytes;
@@ -668,8 +674,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
int attempts = 3;
const int fd = get_random_device(i);
- if (fd == -1)
+ if (fd == -1) {
+ OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]);
continue;
+ }
while (bytes_needed != 0 && attempts-- > 0) {
buffer = rand_pool_add_begin(pool, bytes_needed);
@@ -732,7 +740,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
return entropy_available;
}
# endif
-
+# ifdef OPENSSL_RAND_SEED_GETRANDOM
+ }
+# endif
return rand_pool_entropy_available(pool);
# endif
}
diff -up openssl-1.1.1e/include/crypto/fips.h.fips-post-rand openssl-1.1.1e/include/crypto/fips.h
--- openssl-1.1.1e/include/crypto/fips.h.fips-post-rand 2020-03-17 18:06:16.831418696 +0100
+++ openssl-1.1.1e/include/crypto/fips.h 2020-03-17 18:06:16.861418172 +0100
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
int FIPS_selftest_drbg(void);
int FIPS_selftest_cmac(void);
+int fips_in_post(void);
+
int fips_pkey_signature_test(EVP_PKEY *pkey,
const unsigned char *tbs, int tbslen,
const unsigned char *kat,
diff -up openssl-1.1.1e/include/crypto/rand.h.fips-post-rand openssl-1.1.1e/include/crypto/rand.h
--- openssl-1.1.1e/include/crypto/rand.h.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/include/crypto/rand.h 2020-03-17 18:07:35.303045555 +0100
@@ -24,6 +24,7 @@
typedef struct rand_pool_st RAND_POOL;
void rand_cleanup_int(void);
+void rand_force_reseed(void);
void rand_drbg_cleanup_int(void);
void drbg_delete_thread_state(void);

File diff suppressed because it is too large Load Diff

View File

@ -1,500 +0,0 @@
diff -up openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl
--- openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl 2020-03-19 17:07:02.626522694 +0100
@@ -275,6 +275,7 @@ $code.=<<___;
.align 16
${PREFIX}_encrypt:
.cfi_startproc
+ endbranch
movups ($inp),$inout0 # load input
mov 240($key),$rounds # key->rounds
___
@@ -293,6 +294,7 @@ $code.=<<___;
.align 16
${PREFIX}_decrypt:
.cfi_startproc
+ endbranch
movups ($inp),$inout0 # load input
mov 240($key),$rounds # key->rounds
___
@@ -613,6 +615,7 @@ $code.=<<___;
.align 16
aesni_ecb_encrypt:
.cfi_startproc
+ endbranch
___
$code.=<<___ if ($win64);
lea -0x58(%rsp),%rsp
@@ -985,6 +988,7 @@ $code.=<<___;
.align 16
aesni_ccm64_encrypt_blocks:
.cfi_startproc
+ endbranch
___
$code.=<<___ if ($win64);
lea -0x58(%rsp),%rsp
@@ -1077,6 +1081,7 @@ $code.=<<___;
.align 16
aesni_ccm64_decrypt_blocks:
.cfi_startproc
+ endbranch
___
$code.=<<___ if ($win64);
lea -0x58(%rsp),%rsp
@@ -1203,6 +1208,7 @@ $code.=<<___;
.align 16
aesni_ctr32_encrypt_blocks:
.cfi_startproc
+ endbranch
cmp \$1,$len
jne .Lctr32_bulk
@@ -1775,6 +1781,7 @@ $code.=<<___;
.align 16
aesni_xts_encrypt:
.cfi_startproc
+ endbranch
lea (%rsp),%r11 # frame pointer
.cfi_def_cfa_register %r11
push %rbp
@@ -2258,6 +2265,7 @@ $code.=<<___;
.align 16
aesni_xts_decrypt:
.cfi_startproc
+ endbranch
lea (%rsp),%r11 # frame pointer
.cfi_def_cfa_register %r11
push %rbp
@@ -2783,6 +2791,7 @@ $code.=<<___;
.align 32
aesni_ocb_encrypt:
.cfi_startproc
+ endbranch
lea (%rsp),%rax
push %rbx
.cfi_push %rbx
@@ -3249,6 +3258,7 @@ __ocb_encrypt1:
.align 32
aesni_ocb_decrypt:
.cfi_startproc
+ endbranch
lea (%rsp),%rax
push %rbx
.cfi_push %rbx
@@ -3737,6 +3747,7 @@ $code.=<<___;
.align 16
${PREFIX}_cbc_encrypt:
.cfi_startproc
+ endbranch
test $len,$len # check length
jz .Lcbc_ret
diff -up openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl
--- openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl 2020-03-19 17:00:15.974621757 +0100
@@ -696,6 +696,7 @@ _vpaes_schedule_mangle:
.align 16
${PREFIX}_set_encrypt_key:
.cfi_startproc
+ endbranch
___
$code.=<<___ if ($win64);
lea -0xb8(%rsp),%rsp
@@ -746,6 +747,7 @@ $code.=<<___;
.align 16
${PREFIX}_set_decrypt_key:
.cfi_startproc
+ endbranch
___
$code.=<<___ if ($win64);
lea -0xb8(%rsp),%rsp
@@ -801,6 +803,7 @@ $code.=<<___;
.align 16
${PREFIX}_encrypt:
.cfi_startproc
+ endbranch
___
$code.=<<___ if ($win64);
lea -0xb8(%rsp),%rsp
@@ -846,6 +849,7 @@ $code.=<<___;
.align 16
${PREFIX}_decrypt:
.cfi_startproc
+ endbranch
___
$code.=<<___ if ($win64);
lea -0xb8(%rsp),%rsp
@@ -897,6 +901,7 @@ $code.=<<___;
.align 16
${PREFIX}_cbc_encrypt:
.cfi_startproc
+ endbranch
xchg $key,$len
___
($len,$key)=($key,$len);
diff -up openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.c
--- openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/async/arch/async_posix.c 2020-03-19 17:00:15.974621757 +0100
@@ -34,7 +34,9 @@ void async_local_cleanup(void)
int async_fibre_makecontext(async_fibre *fibre)
{
+#ifndef USE_SWAPCONTEXT
fibre->env_init = 0;
+#endif
if (getcontext(&fibre->fibre) == 0) {
fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE);
if (fibre->fibre.uc_stack.ss_sp != NULL) {
diff -up openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.h
--- openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet 2020-03-19 17:00:15.435631166 +0100
+++ openssl-1.1.1e/crypto/async/arch/async_posix.h 2020-03-19 17:00:15.975621739 +0100
@@ -25,17 +25,33 @@
# define ASYNC_POSIX
# define ASYNC_ARCH
+# ifdef __CET__
+/*
+ * When Intel CET is enabled, makecontext will create a different
+ * shadow stack for each context. async_fibre_swapcontext cannot
+ * use _longjmp. It must call swapcontext to swap shadow stack as
+ * well as normal stack.
+ */
+# define USE_SWAPCONTEXT
+# endif
# include <ucontext.h>
-# include <setjmp.h>
+# ifndef USE_SWAPCONTEXT
+# include <setjmp.h>
+# endif
typedef struct async_fibre_st {
ucontext_t fibre;
+# ifndef USE_SWAPCONTEXT
jmp_buf env;
int env_init;
+# endif
} async_fibre;
static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r)
{
+# ifdef USE_SWAPCONTEXT
+ swapcontext(&o->fibre, &n->fibre);
+# else
o->env_init = 1;
if (!r || !_setjmp(o->env)) {
@@ -44,6 +60,7 @@ static ossl_inline int async_fibre_swapc
else
setcontext(&n->fibre);
}
+# endif
return 1;
}
diff -up openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl
--- openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl 2020-03-19 17:00:15.975621739 +0100
@@ -685,6 +685,7 @@ $code.=<<___;
.align 16
Camellia_cbc_encrypt:
.cfi_startproc
+ endbranch
cmp \$0,%rdx
je .Lcbc_abort
push %rbx
diff -up openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl
--- openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl 2020-03-19 17:00:15.975621739 +0100
@@ -239,6 +239,7 @@ $code=<<___;
.align 16
gcm_gmult_4bit:
.cfi_startproc
+ endbranch
push %rbx
.cfi_push %rbx
push %rbp # %rbp and others are pushed exclusively in
@@ -286,6 +287,7 @@ $code.=<<___;
.align 16
gcm_ghash_4bit:
.cfi_startproc
+ endbranch
push %rbx
.cfi_push %rbx
push %rbp
@@ -612,6 +614,7 @@ $code.=<<___;
.align 16
gcm_gmult_clmul:
.cfi_startproc
+ endbranch
.L_gmult_clmul:
movdqu ($Xip),$Xi
movdqa .Lbswap_mask(%rip),$T3
@@ -663,6 +666,7 @@ $code.=<<___;
.align 32
gcm_ghash_clmul:
.cfi_startproc
+ endbranch
.L_ghash_clmul:
___
$code.=<<___ if ($win64);
@@ -1166,6 +1170,7 @@ $code.=<<___;
.align 32
gcm_gmult_avx:
.cfi_startproc
+ endbranch
jmp .L_gmult_clmul
.cfi_endproc
.size gcm_gmult_avx,.-gcm_gmult_avx
@@ -1177,6 +1182,7 @@ $code.=<<___;
.align 32
gcm_ghash_avx:
.cfi_startproc
+ endbranch
___
if ($avx) {
my ($Xip,$Htbl,$inp,$len)=@_4args;
diff -up openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet openssl-1.1.1e/crypto/perlasm/cbc.pl
--- openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/perlasm/cbc.pl 2020-03-19 17:00:15.976621722 +0100
@@ -165,21 +165,28 @@ sub cbc
&jmp_ptr($count);
&set_label("ej7");
+ &endbranch()
&movb(&HB("edx"), &BP(6,$in,"",0));
&shl("edx",8);
&set_label("ej6");
+ &endbranch()
&movb(&HB("edx"), &BP(5,$in,"",0));
&set_label("ej5");
+ &endbranch()
&movb(&LB("edx"), &BP(4,$in,"",0));
&set_label("ej4");
+ &endbranch()
&mov("ecx", &DWP(0,$in,"",0));
&jmp(&label("ejend"));
&set_label("ej3");
+ &endbranch()
&movb(&HB("ecx"), &BP(2,$in,"",0));
&shl("ecx",8);
&set_label("ej2");
+ &endbranch()
&movb(&HB("ecx"), &BP(1,$in,"",0));
&set_label("ej1");
+ &endbranch()
&movb(&LB("ecx"), &BP(0,$in,"",0));
&set_label("ejend");
diff -up openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl
--- openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl 2020-03-19 17:00:15.984621582 +0100
@@ -101,6 +101,33 @@ elsif (!$gas)
$decor="\$L\$";
}
+my $cet_property;
+if ($flavour =~ /elf/) {
+ # Always generate .note.gnu.property section for ELF outputs to
+ # mark Intel CET support since all input files must be marked
+ # with Intel CET support in order for linker to mark output with
+ # Intel CET support.
+ my $p2align=3; $p2align=2 if ($flavour eq "elf32");
+ $cet_property = <<_____;
+ .section ".note.gnu.property", "a"
+ .p2align $p2align
+ .long 1f - 0f
+ .long 4f - 1f
+ .long 5
+0:
+ .asciz "GNU"
+1:
+ .p2align $p2align
+ .long 0xc0000002
+ .long 3f - 2f
+2:
+ .long 3
+3:
+ .p2align $p2align
+4:
+_____
+}
+
my $current_segment;
my $current_function;
my %globals;
@@ -1213,6 +1240,7 @@ while(defined(my $line=<>)) {
print $line,"\n";
}
+print "$cet_property" if ($cet_property);
print "\n$current_segment\tENDS\n" if ($current_segment && $masm);
print "END\n" if ($masm);
diff -up openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86gas.pl
--- openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/perlasm/x86gas.pl 2020-03-19 17:00:15.985621565 +0100
@@ -124,6 +124,7 @@ sub ::function_begin_B
push(@out,".align\t$align\n");
push(@out,"$func:\n");
push(@out,"$begin:\n") if ($global);
+ &::endbranch();
$::stack=4;
}
@@ -172,6 +173,26 @@ sub ::file_end
else { push (@out,"$tmp\n"); }
}
push(@out,$initseg) if ($initseg);
+ if ($::elf) {
+ push(@out,"
+ .section \".note.gnu.property\", \"a\"
+ .p2align 2
+ .long 1f - 0f
+ .long 4f - 1f
+ .long 5
+0:
+ .asciz \"GNU\"
+1:
+ .p2align 2
+ .long 0xc0000002
+ .long 3f - 2f
+2:
+ .long 3
+3:
+ .p2align 2
+4:
+");
+ }
}
sub ::data_byte { push(@out,".byte\t".join(',',@_)."\n"); }
diff -up openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl
--- openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet 2020-03-19 17:00:38.185234015 +0100
+++ openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl 2020-03-19 17:05:46.575850341 +0100
@@ -2806,6 +2806,7 @@ $code.=<<___;
.align 32
poly1305_blocks_vpmadd52:
.cfi_startproc
+ endbranch
shr \$4,$len
jz .Lno_data_vpmadd52 # too short
@@ -3739,6 +3740,7 @@ $code.=<<___;
.align 32
poly1305_emit_base2_44:
.cfi_startproc
+ endbranch
mov 0($ctx),%r8 # load hash value
mov 8($ctx),%r9
mov 16($ctx),%r10
diff -up openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl
--- openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet 2020-03-19 17:00:38.190233928 +0100
+++ openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl 2020-03-19 17:05:02.598618064 +0100
@@ -140,6 +140,7 @@ $code=<<___;
.align 16
RC4:
.cfi_startproc
+ endbranch
or $len,$len
jne .Lentry
ret
@@ -455,6 +456,7 @@ $code.=<<___;
.align 16
RC4_set_key:
.cfi_startproc
+ endbranch
lea 8($dat),$dat
lea ($inp,$len),$inp
neg $len
@@ -529,6 +531,7 @@ RC4_set_key:
.align 16
RC4_options:
.cfi_startproc
+ endbranch
lea .Lopts(%rip),%rax
mov OPENSSL_ia32cap_P(%rip),%edx
bt \$20,%edx
diff -up openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet openssl-1.1.1e/crypto/x86_64cpuid.pl
--- openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
+++ openssl-1.1.1e/crypto/x86_64cpuid.pl 2020-03-19 17:03:58.172742775 +0100
@@ -40,6 +40,7 @@ print<<___;
.align 16
OPENSSL_atomic_add:
.cfi_startproc
+ endbranch
movl ($arg1),%eax
.Lspin: leaq ($arg2,%rax),%r8
.byte 0xf0 # lock
@@ -56,6 +57,7 @@ OPENSSL_atomic_add:
.align 16
OPENSSL_rdtsc:
.cfi_startproc
+ endbranch
rdtsc
shl \$32,%rdx
or %rdx,%rax
@@ -68,6 +70,7 @@ OPENSSL_rdtsc:
.align 16
OPENSSL_ia32_cpuid:
.cfi_startproc
+ endbranch
mov %rbx,%r8 # save %rbx
.cfi_register %rbx,%r8
@@ -237,6 +240,7 @@ OPENSSL_ia32_cpuid:
.align 16
OPENSSL_cleanse:
.cfi_startproc
+ endbranch
xor %rax,%rax
cmp \$15,$arg2
jae .Lot
@@ -274,6 +278,7 @@ OPENSSL_cleanse:
.align 16
CRYPTO_memcmp:
.cfi_startproc
+ endbranch
xor %rax,%rax
xor %r10,%r10
cmp \$0,$arg3
@@ -312,6 +317,7 @@ print<<___ if (!$win64);
.align 16
OPENSSL_wipe_cpu:
.cfi_startproc
+ endbranch
pxor %xmm0,%xmm0
pxor %xmm1,%xmm1
pxor %xmm2,%xmm2
@@ -346,6 +352,8 @@ print<<___ if ($win64);
.type OPENSSL_wipe_cpu,\@abi-omnipotent
.align 16
OPENSSL_wipe_cpu:
+.cfi_startproc
+ endbranch
pxor %xmm0,%xmm0
pxor %xmm1,%xmm1
pxor %xmm2,%xmm2
@@ -376,6 +384,7 @@ print<<___;
.align 16
OPENSSL_instrument_bus:
.cfi_startproc
+ endbranch
mov $arg1,$out # tribute to Win64
mov $arg2,$cnt
mov $arg2,$max
@@ -410,6 +419,7 @@ OPENSSL_instrument_bus:
.align 16
OPENSSL_instrument_bus2:
.cfi_startproc
+ endbranch
mov $arg1,$out # tribute to Win64
mov $arg2,$cnt
mov $arg3,$max
@@ -465,6 +475,7 @@ print<<___;
.align 16
OPENSSL_ia32_${rdop}_bytes:
.cfi_startproc
+ endbranch
xor %rax, %rax # return value
cmp \$0,$arg2
je .Ldone_${rdop}_bytes

View File

@ -1,170 +0,0 @@
diff -up openssl-1.1.1g/crypto/fips/build.info.kdf-selftest openssl-1.1.1g/crypto/fips/build.info
--- openssl-1.1.1g/crypto/fips/build.info.kdf-selftest 2020-06-03 16:08:36.274849058 +0200
+++ openssl-1.1.1g/crypto/fips/build.info 2020-06-03 16:11:05.609079372 +0200
@@ -5,7 +5,7 @@ SOURCE[../../libcrypto]=\
fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
- fips_dh_selftest.c fips_ers.c
+ fips_dh_selftest.c fips_kdf_selftest.c fips_ers.c
PROGRAMS_NO_INST=\
fips_standalone_hmac
diff -up openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c
--- openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest 2020-06-03 16:08:36.337849577 +0200
+++ openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c 2020-06-03 16:08:36.337849577 +0200
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include "crypto/fips.h"
+
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+
+#ifdef OPENSSL_FIPS
+int FIPS_selftest_pbkdf2(void)
+{
+ int ret = 0;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[32];
+
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+ goto err;
+ }
+
+ {
+ const unsigned char expected[sizeof(out)] = {
+ 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
+ 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
+ 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
+ 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
+ };
+ if (memcmp(out, expected, sizeof(expected))) {
+ goto err;
+ }
+ }
+ ret = 1;
+
+err:
+ if (!ret)
+ FIPSerr(FIPS_F_FIPS_SELFTEST_PBKDF2, FIPS_R_SELFTEST_FAILED);
+ EVP_KDF_CTX_free(kctx);
+ return ret;
+}
+
+/* Test vector from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
+ * 5) appendix A. */
+int FIPS_selftest_kbkdf(void)
+{
+ int ret = 0;
+ EVP_KDF_CTX *kctx;
+ char *label = "prf", *prf_input = "test";
+ static unsigned char input_key[] = {
+ 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
+ 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
+ };
+ static unsigned char output[] = {
+ 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
+ 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
+ 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
+ 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
+ };
+ unsigned char result[sizeof(output)] = { 0 };
+
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_KB)) == NULL) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, EVP_KDF_KB_MAC_TYPE_HMAC) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, input_key, sizeof(input_key)) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, label, strlen(label)) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_INFO, prf_input, strlen(prf_input)) <= 0) {
+ goto err;
+ }
+ ret = EVP_KDF_derive(kctx, result, sizeof(result)) > 0
+ && memcmp(result, output, sizeof(output)) == 0;
+err:
+
+ if (!ret)
+ FIPSerr(FIPS_F_FIPS_SELFTEST_KBKDF, FIPS_R_SELFTEST_FAILED);
+ EVP_KDF_CTX_free(kctx);
+ return ret;
+}
+
+int FIPS_selftest_kdf(void)
+{
+ return FIPS_selftest_pbkdf2() && FIPS_selftest_kbkdf();
+}
+
+#endif
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_post.c
--- openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest 2020-06-03 16:08:36.332849536 +0200
+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-06-03 16:08:36.338849585 +0200
@@ -111,6 +111,8 @@ int FIPS_selftest(void)
rv = 0;
if (!FIPS_selftest_ecdh())
rv = 0;
+ if (!FIPS_selftest_kdf())
+ rv = 0;
return rv;
}
diff -up openssl-1.1.1g/include/crypto/fips.h.kdf-selftest openssl-1.1.1g/include/crypto/fips.h
--- openssl-1.1.1g/include/crypto/fips.h.kdf-selftest 2020-06-03 16:08:36.330849519 +0200
+++ openssl-1.1.1g/include/crypto/fips.h 2020-06-03 16:08:36.338849585 +0200
@@ -72,6 +72,9 @@ void FIPS_drbg_stick(int onoff);
int FIPS_selftest_hmac(void);
int FIPS_selftest_drbg(void);
int FIPS_selftest_cmac(void);
+int FIPS_selftest_kbkdf(void);
+int FIPS_selftest_pbkdf2(void);
+int FIPS_selftest_kdf(void);
int fips_in_post(void);
diff -up openssl-1.1.1g/include/openssl/fips.h.kdf-selftest openssl-1.1.1g/include/openssl/fips.h
--- openssl-1.1.1g/include/openssl/fips.h.kdf-selftest 2020-06-03 16:08:36.282849124 +0200
+++ openssl-1.1.1g/include/openssl/fips.h 2020-06-03 16:08:36.338849585 +0200
@@ -123,6 +123,8 @@ extern "C" {
# define FIPS_F_FIPS_SELFTEST_DSA 112
# define FIPS_F_FIPS_SELFTEST_ECDSA 133
# define FIPS_F_FIPS_SELFTEST_HMAC 113
+# define FIPS_F_FIPS_SELFTEST_KBKDF 151
+# define FIPS_F_FIPS_SELFTEST_PBKDF2 152
# define FIPS_F_FIPS_SELFTEST_SHA1 115
# define FIPS_F_FIPS_SELFTEST_SHA2 105
# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143

File diff suppressed because it is too large Load Diff

View File

@ -1,19 +0,0 @@
diff -up openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename openssl-1.1.1-pre9/doc/man1/openssl.pod
--- openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename 2018-08-21 14:14:13.000000000 +0200
+++ openssl-1.1.1-pre9/doc/man1/openssl.pod 2018-08-22 12:13:04.092568064 +0200
@@ -482,13 +482,13 @@ L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>
L<ec(1)>, L<ecparam(1)>,
L<enc(1)>, L<engine(1)>, L<errstr(1)>, L<gendsa(1)>, L<genpkey(1)>,
L<genrsa(1)>, L<nseq(1)>, L<ocsp(1)>,
-L<passwd(1)>,
L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>,
L<pkey(1)>, L<pkeyparam(1)>, L<pkeyutl(1)>, L<prime(1)>,
-L<rand(1)>, L<rehash(1)>, L<req(1)>, L<rsa(1)>,
+L<rehash(1)>, L<req(1)>, L<rsa(1)>,
L<rsautl(1)>, L<s_client(1)>,
L<s_server(1)>, L<s_time(1)>, L<sess_id(1)>,
L<smime(1)>, L<speed(1)>, L<spkac(1)>, L<srp(1)>, L<storeutl(1)>,
+L<sslpasswd(1)>, L<sslrand(1)>,
L<ts(1)>,
L<verify(1)>, L<version(1)>, L<x509(1)>,
L<crypto(7)>, L<ssl(7)>, L<x509v3_config(5)>

View File

@ -1,112 +0,0 @@
diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in
--- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in 2019-09-13 15:11:07.358687169 +0200
@@ -147,22 +147,22 @@ our @tests = (
{
name => "ECDSA with brainpool",
server => {
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
- "Groups" => "brainpoolP256r1",
+ "Certificate" => test_pem("server-ecdsa-cert.pem"),
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
+# "Groups" => "brainpoolP256r1",
},
client => {
#We don't restrict this to TLSv1.2, although use of brainpool
#should force this anyway so that this should succeed
"CipherString" => "aECDSA",
"RequestCAFile" => test_pem("root-cert.pem"),
- "Groups" => "brainpoolP256r1",
+# "Groups" => "brainpoolP256r1",
},
test => {
- "ExpectedServerCertType" =>, "brainpoolP256r1",
- "ExpectedServerSignType" =>, "EC",
+# "ExpectedServerCertType" =>, "brainpoolP256r1",
+# "ExpectedServerSignType" =>, "EC",
# Note: certificate_authorities not sent for TLS < 1.3
- "ExpectedServerCANames" =>, "empty",
+# "ExpectedServerCANames" =>, "empty",
"ExpectedResult" => "Success"
},
},
@@ -853,18 +853,18 @@ my @tests_tls_1_3 = (
{
name => "TLS 1.3 ECDSA with brainpool",
server => {
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
- "Groups" => "brainpoolP256r1",
+ "Certificate" => test_pem("server-ecdsa-cert.pem"),
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
+# "Groups" => "brainpoolP256r1",
},
client => {
"RequestCAFile" => test_pem("root-cert.pem"),
- "Groups" => "brainpoolP256r1",
+# "Groups" => "brainpoolP256r1",
"MinProtocol" => "TLSv1.3",
"MaxProtocol" => "TLSv1.3"
},
test => {
- "ExpectedResult" => "ServerFail"
+ "ExpectedResult" => "Success"
},
},
);
diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf
--- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf 2019-09-13 15:12:27.380288469 +0200
@@ -238,23 +238,18 @@ server = 5-ECDSA with brainpool-server
client = 5-ECDSA with brainpool-client
[5-ECDSA with brainpool-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
CipherString = DEFAULT
-Groups = brainpoolP256r1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
[5-ECDSA with brainpool-client]
CipherString = aECDSA
-Groups = brainpoolP256r1
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-5]
ExpectedResult = Success
-ExpectedServerCANames = empty
-ExpectedServerCertType = brainpoolP256r1
-ExpectedServerSignType = EC
# ===========================================================
@@ -1713,14 +1708,12 @@ server = 52-TLS 1.3 ECDSA with brainpool
client = 52-TLS 1.3 ECDSA with brainpool-client
[52-TLS 1.3 ECDSA with brainpool-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
CipherString = DEFAULT
-Groups = brainpoolP256r1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
[52-TLS 1.3 ECDSA with brainpool-client]
CipherString = DEFAULT
-Groups = brainpoolP256r1
MaxProtocol = TLSv1.3
MinProtocol = TLSv1.3
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
@@ -1728,7 +1721,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
VerifyMode = Peer
[test-52]
-ExpectedResult = ServerFail
+ExpectedResult = Success
# ===========================================================

View File

@ -1,12 +0,0 @@
diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html openssl-1.1.1f/Configurations/unix-Makefile.tmpl
--- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html 2020-04-07 16:45:21.904083989 +0200
+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-04-07 16:45:56.218461895 +0200
@@ -544,7 +544,7 @@ install_sw: install_dev install_engines
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
-install_docs: install_man_docs install_html_docs
+install_docs: install_man_docs
uninstall_docs: uninstall_man_docs uninstall_html_docs
$(RM) -r "$(DESTDIR)$(DOCDIR)"

View File

@ -1,26 +0,0 @@
diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c
--- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify 2019-02-26 15:15:30.000000000 +0100
+++ openssl-1.1.1b/crypto/asn1/a_verify.c 2019-02-28 11:25:31.531862873 +0100
@@ -7,6 +7,9 @@
* https://www.openssl.org/source/license.html
*/
+/* for secure_getenv */
+#define _GNU_SOURCE
+
#include <stdio.h>
#include <time.h>
#include <sys/types.h>
@@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
if (ret != 2)
goto err;
ret = -1;
+ } else if ((mdnid == NID_md5
+ && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
+ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+ goto err;
} else {
const EVP_MD *type = EVP_get_digestbynid(mdnid);

View File

@ -1,170 +0,0 @@
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_lib.c
--- openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200
+++ openssl-1.1.1g/crypto/fips/fips_drbg_lib.c 2020-06-22 13:32:47.675852917 +0200
@@ -337,6 +337,19 @@ static int drbg_reseed(DRBG_CTX *dctx,
int FIPS_drbg_reseed(DRBG_CTX *dctx,
const unsigned char *adin, size_t adinlen)
{
+ int len = (int)adinlen;
+
+ if (len < 0 || (size_t)len != adinlen) {
+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
+ return 0;
+ }
+ RAND_seed(adin, len);
+ return 1;
+}
+
+int FIPS_drbg_reseed_internal(DRBG_CTX *dctx,
+ const unsigned char *adin, size_t adinlen)
+{
return drbg_reseed(dctx, adin, adinlen, 1);
}
@@ -358,6 +371,19 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, u
int prediction_resistance,
const unsigned char *adin, size_t adinlen)
{
+ int len = (int)outlen;
+
+ if (len < 0 || (size_t)len != outlen) {
+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG);
+ return 0;
+ }
+ return RAND_bytes(out, len);
+}
+
+int FIPS_drbg_generate_internal(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
+ int prediction_resistance,
+ const unsigned char *adin, size_t adinlen)
+{
int r = 0;
if (FIPS_selftest_failed()) {
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_rand.c
--- openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200
+++ openssl-1.1.1g/crypto/fips/fips_drbg_rand.c 2020-06-22 13:32:47.675852917 +0200
@@ -57,6 +57,8 @@
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/fips.h>
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c
--- openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg 2020-06-22 13:32:47.612852927 +0200
+++ openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c 2020-06-22 13:32:47.675852917 +0200
@@ -55,6 +55,8 @@
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/fips.h>
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
#include "fips_locl.h"
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_post.c
--- openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200
+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-06-22 13:32:47.675852917 +0200
@@ -79,8 +79,6 @@ int FIPS_selftest(void)
ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
rv = 0;
}
- if (!FIPS_selftest_drbg())
- rv = 0;
if (!FIPS_selftest_sha1())
rv = 0;
if (!FIPS_selftest_sha2())
diff -up openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_rand_lib.c
--- openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.613852927 +0200
+++ openssl-1.1.1g/crypto/fips/fips_rand_lib.c 2020-06-22 13:36:28.722817967 +0200
@@ -120,6 +120,7 @@ void FIPS_rand_reset(void)
int FIPS_rand_seed(const void *buf, int num)
{
+#if 0
if (!fips_approved_rand_meth && FIPS_module_mode()) {
FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
return 0;
@@ -127,10 +128,15 @@ int FIPS_rand_seed(const void *buf, int
if (fips_rand_meth && fips_rand_meth->seed)
fips_rand_meth->seed(buf, num);
return 1;
+#else
+ RAND_seed(buf, num);
+ return 1;
+#endif
}
int FIPS_rand_bytes(unsigned char *buf, int num)
{
+#if 0
if (!fips_approved_rand_meth && FIPS_module_mode()) {
FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
return 0;
@@ -138,10 +144,14 @@ int FIPS_rand_bytes(unsigned char *buf,
if (fips_rand_meth && fips_rand_meth->bytes)
return fips_rand_meth->bytes(buf, num);
return 0;
+#else
+ return RAND_bytes(buf, num);
+#endif
}
int FIPS_rand_status(void)
{
+#if 0
if (!fips_approved_rand_meth && FIPS_module_mode()) {
FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
return 0;
@@ -149,6 +159,9 @@ int FIPS_rand_status(void)
if (fips_rand_meth && fips_rand_meth->status)
return fips_rand_meth->status();
return 0;
+#else
+ return RAND_status();
+#endif
}
/* Return instantiated strength of PRNG. For DRBG this is an internal
diff -up openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips.h
--- openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200
+++ openssl-1.1.1g/include/openssl/fips.h 2020-06-22 13:32:47.675852917 +0200
@@ -64,6 +64,11 @@ extern "C" {
int FIPS_selftest(void);
int FIPS_selftest_failed(void);
+
+ /*
+ * This function is deprecated as it performs selftest of the old FIPS drbg
+ * implementation that is not validated.
+ */
int FIPS_selftest_drbg_all(void);
int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
diff -up openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips_rand.h
--- openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg 2020-06-22 13:32:47.617852926 +0200
+++ openssl-1.1.1g/include/openssl/fips_rand.h 2020-06-22 13:32:47.675852917 +0200
@@ -60,6 +60,20 @@
# ifdef __cplusplus
extern "C" {
# endif
+
+/*
+ * IMPORTANT NOTE:
+ * All functions in this header file are deprecated and should not be used
+ * as they use the old FIPS_drbg implementation that is not FIPS validated
+ * anymore.
+ * To provide backwards compatibility for applications that need FIPS compliant
+ * RNG number generation and use FIPS_drbg_generate, this function was
+ * re-wired to call the FIPS validated DRBG instance instead through
+ * the RAND_bytes() call.
+ *
+ * All these functions will be removed in future.
+ */
+
typedef struct drbg_ctx_st DRBG_CTX;
/* DRBG external flags */
/* Flag for CTR mode only: use derivation function ctr_df */

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -1,160 +0,0 @@
diff -up openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1g/crypto/x509/x509_vfy.c
--- openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/crypto/x509/x509_vfy.c 2020-06-05 17:16:54.835536823 +0200
@@ -3225,6 +3225,7 @@ static int build_chain(X509_STORE_CTX *c
}
static const int minbits_table[] = { 80, 112, 128, 192, 256 };
+static const int minbits_digest_table[] = { 80, 80, 128, 192, 256 };
static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table);
/*
@@ -3276,6 +3277,11 @@ static int check_sig_level(X509_STORE_CT
if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
return 0;
-
- return secbits >= minbits_table[level - 1];
+ /*
+ * Allow SHA1 in SECLEVEL 2 in non-FIPS mode or when the magic
+ * disable SHA1 flag is not set.
+ */
+ if ((ctx->param->flags & 0x40000000) || FIPS_mode())
+ return secbits >= minbits_table[level - 1];
+ return secbits >= minbits_digest_table[level - 1];
}
diff -up openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod
--- openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod 2020-06-04 15:48:01.608178833 +0200
@@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited
=item B<Level 2>
-Security level set to 112 bits of security. As a result RSA, DSA and DH keys
-shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited.
+Security level set to 112 bits of security with the exception of SHA1 allowed
+for signatures.
+As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys
+shorter than 224 bits are prohibited.
In addition to the level 1 exclusions any cipher suite using RC4 is also
prohibited. SSL version 3 is also not allowed. Compression is disabled.
diff -up openssl-1.1.1g/ssl/ssl_cert.c.seclevel openssl-1.1.1g/ssl/ssl_cert.c
--- openssl-1.1.1g/ssl/ssl_cert.c.seclevel 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/ssl/ssl_cert.c 2020-06-05 17:10:11.842198401 +0200
@@ -27,6 +27,7 @@
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
int op, int bits, int nid, void *other,
void *ex);
+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx);
static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
static volatile int ssl_x509_store_ctx_idx = -1;
@@ -396,7 +397,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_
X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s));
/* Set suite B flags if needed */
- X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
+ X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s) | sha1_disable(s, NULL));
if (!X509_STORE_CTX_set_ex_data
(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
goto end;
@@ -953,12 +954,33 @@ static int ssl_security_default_callback
return 0;
break;
default:
+ /* allow SHA1 in SECLEVEL 2 in non FIPS mode */
+ if (nid == NID_sha1 && minbits == 112 && !sha1_disable(s, ctx))
+ break;
if (bits < minbits)
return 0;
}
return 1;
}
+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx)
+{
+ unsigned long ret = 0x40000000; /* a magical internal value used by X509_VERIFY_PARAM */
+ const CERT *c;
+
+ if (FIPS_mode())
+ return ret;
+
+ if (ctx != NULL) {
+ c = ctx->cert;
+ } else {
+ c = s->cert;
+ }
+ if (tls1_cert_sigalgs_have_sha1(c))
+ return 0;
+ return ret;
+}
+
int ssl_security(const SSL *s, int op, int bits, int nid, void *other)
{
return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex);
diff -up openssl-1.1.1g/ssl/ssl_local.h.seclevel openssl-1.1.1g/ssl/ssl_local.h
--- openssl-1.1.1g/ssl/ssl_local.h.seclevel 2020-06-04 15:48:01.602178783 +0200
+++ openssl-1.1.1g/ssl/ssl_local.h 2020-06-05 17:02:22.666313410 +0200
@@ -2576,6 +2576,7 @@ __owur int tls1_save_sigalgs(SSL *s, PAC
__owur int tls1_process_sigalgs(SSL *s);
__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
+int tls1_cert_sigalgs_have_sha1(const CERT *c);
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
# ifndef OPENSSL_NO_EC
__owur int tls_check_sigalg_curve(const SSL *s, int curve);
diff -up openssl-1.1.1g/ssl/t1_lib.c.seclevel openssl-1.1.1g/ssl/t1_lib.c
--- openssl-1.1.1g/ssl/t1_lib.c.seclevel 2020-06-04 15:48:01.654179221 +0200
+++ openssl-1.1.1g/ssl/t1_lib.c 2020-06-05 17:02:40.268459157 +0200
@@ -2145,6 +2145,36 @@ int tls1_set_sigalgs(CERT *c, const int
return 0;
}
+static int tls1_sigalgs_have_sha1(const uint16_t *sigalgs, size_t sigalgslen)
+{
+ size_t i;
+
+ for (i = 0; i < sigalgslen; i++, sigalgs++) {
+ const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs);
+
+ if (lu == NULL)
+ continue;
+ if (lu->hash == NID_sha1)
+ return 1;
+ }
+ return 0;
+}
+
+
+int tls1_cert_sigalgs_have_sha1(const CERT *c)
+{
+ if (c->client_sigalgs != NULL) {
+ if (tls1_sigalgs_have_sha1(c->client_sigalgs, c->client_sigalgslen))
+ return 1;
+ }
+ if (c->conf_sigalgs != NULL) {
+ if (tls1_sigalgs_have_sha1(c->conf_sigalgs, c->conf_sigalgslen))
+ return 1;
+ return 0;
+ }
+ return 1;
+}
+
static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid)
{
int sig_nid, use_pc_sigalgs = 0;
diff -up openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel openssl-1.1.1g/test/recipes/25-test_verify.t
--- openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel 2020-04-21 14:22:39.000000000 +0200
+++ openssl-1.1.1g/test/recipes/25-test_verify.t 2020-06-04 15:48:01.608178833 +0200
@@ -346,8 +346,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver
ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
"CA with PSS signature using SHA256");
-ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
- "Reject PSS signature using SHA1 and auth level 2");
+ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"),
+ "Reject PSS signature using SHA1 and auth level 3");
ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
"PSS signature using SHA256 and auth level 2");

File diff suppressed because it is too large Load Diff

View File

@ -1,310 +0,0 @@
diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.1c/Configurations/unix-Makefile.tmpl
--- openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist 2019-05-29 15:42:27.951329271 +0200
+++ openssl-1.1.1c/Configurations/unix-Makefile.tmpl 2019-05-29 15:42:27.974328867 +0200
@@ -180,6 +180,10 @@ MANDIR=$(INSTALLTOP)/share/man
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
HTMLDIR=$(DOCDIR)/html
+{- output_off() if $config{system_ciphers_file} eq ""; "" -}
+SYSTEM_CIPHERS_FILE_DEFINE=-DSYSTEM_CIPHERS_FILE="\"{- $config{system_ciphers_file} -}\""
+{- output_on() if $config{system_ciphers_file} eq ""; "" -}
+
# MANSUFFIX is for the benefit of anyone who may want to have a suffix
# appended after the manpage file section number. "ssl" is popular,
# resulting in files such as config.5ssl rather than config.5.
@@ -203,6 +207,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
CPPFLAGS={- our $cppflags1 = join(" ",
(map { "-D".$_} @{$config{CPPDEFINES}}),
+ "\$(SYSTEM_CIPHERS_FILE_DEFINE)",
(map { "-I".$_} @{$config{CPPINCLUDES}}),
@{$config{CPPFLAGS}}) -}
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
diff -up openssl-1.1.1c/Configure.system-cipherlist openssl-1.1.1c/Configure
--- openssl-1.1.1c/Configure.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
+++ openssl-1.1.1c/Configure 2019-05-29 15:45:10.465469533 +0200
@@ -24,7 +24,7 @@ use OpenSSL::Glob;
my $orig_death_handler = $SIG{__DIE__};
$SIG{__DIE__} = \&death_handler;
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
# Options:
#
@@ -41,6 +41,9 @@ my $usage="Usage: Configure [no-<cipher>
# This becomes the value of OPENSSLDIR in Makefile and in C.
# (Default: PREFIX/ssl)
#
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
+# cipher is specified (default).
+#
# --cross-compile-prefix Add specified prefix to binutils components.
#
# --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for
@@ -295,6 +298,7 @@ $config{prefix}="";
$config{openssldir}="";
$config{processor}="";
$config{libdir}="";
+$config{system_ciphers_file}="";
my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
@@ -824,6 +828,10 @@ while (@argvcopy)
push @seed_sources, $x;
}
}
+ elsif (/^--system-ciphers-file=(.*)$/)
+ {
+ $config{system_ciphers_file}=$1;
+ }
elsif (/^--cross-compile-prefix=(.*)$/)
{
$user{CROSS_COMPILE}=$1;
@@ -1016,6 +1024,8 @@ if ($target eq "HASH") {
exit 0;
}
+chop $config{system_ciphers_file} if $config{system_ciphers_file} =~ /\/$/;
+
print "Configuring OpenSSL version $config{version} ($config{version_num}) ";
print "for $target\n";
diff -up openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1c/doc/man1/ciphers.pod
--- openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
+++ openssl-1.1.1c/doc/man1/ciphers.pod 2019-05-29 15:42:27.975328849 +0200
@@ -182,6 +182,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
The cipher suites not enabled by B<ALL>, currently B<eNULL>.
+=item B<PROFILE=SYSTEM>
+
+The list of enabled cipher suites will be loaded from the system crypto policy
+configuration file B</etc/crypto-policies/back-ends/openssl.config>.
+See also L<update-crypto-policies(8)>.
+This is the default behavior unless an application explicitly sets a cipher
+list. If used in a cipher list configuration value this string must be at the
+beginning of the cipher list, otherwise it will not be recognized.
+
=item B<HIGH>
"High" encryption cipher suites. This currently means those with key lengths
diff -up openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist openssl-1.1.1c/include/openssl/ssl.h
--- openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
+++ openssl-1.1.1c/include/openssl/ssl.h 2019-05-29 15:42:27.975328849 +0200
@@ -186,6 +186,11 @@ extern "C" {
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
*/
+# ifdef SYSTEM_CIPHERS_FILE
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
+# else
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST
+# endif
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
# define SSL_SENT_SHUTDOWN 1
diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ciph.c
--- openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
+++ openssl-1.1.1c/ssl/ssl_ciph.c 2019-05-29 15:42:27.976328831 +0200
@@ -9,6 +9,8 @@
* https://www.openssl.org/source/license.html
*/
+/* for secure_getenv */
+#define _GNU_SOURCE
#include <stdio.h>
#include <ctype.h>
#include <openssl/objects.h>
@@ -1399,6 +1401,53 @@ int SSL_set_ciphersuites(SSL *s, const c
return ret;
}
+#ifdef SYSTEM_CIPHERS_FILE
+static char *load_system_str(const char *suffix)
+{
+ FILE *fp;
+ char buf[1024];
+ char *new_rules;
+ const char *ciphers_path;
+ unsigned len, slen;
+
+ if ((ciphers_path = secure_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
+ ciphers_path = SYSTEM_CIPHERS_FILE;
+ fp = fopen(ciphers_path, "r");
+ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) {
+ /* cannot open or file is empty */
+ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST);
+ }
+
+ if (fp)
+ fclose(fp);
+
+ slen = strlen(suffix);
+ len = strlen(buf);
+
+ if (buf[len - 1] == '\n') {
+ len--;
+ buf[len] = 0;
+ }
+ if (buf[len - 1] == '\r') {
+ len--;
+ buf[len] = 0;
+ }
+
+ new_rules = OPENSSL_malloc(len + slen + 1);
+ if (new_rules == 0)
+ return NULL;
+
+ memcpy(new_rules, buf, len);
+ if (slen > 0) {
+ memcpy(&new_rules[len], suffix, slen);
+ len += slen;
+ }
+ new_rules[len] = 0;
+
+ return new_rules;
+}
+#endif
+
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
STACK_OF(SSL_CIPHER) **cipher_list,
@@ -1412,15 +1461,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
const char *rule_p;
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
const SSL_CIPHER **ca_list = NULL;
+#ifdef SYSTEM_CIPHERS_FILE
+ char *new_rules = NULL;
+
+ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) {
+ char *p = rule_str + 14;
+
+ new_rules = load_system_str(p);
+ rule_str = new_rules;
+ }
+#endif
/*
* Return with error if nothing to do.
*/
if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
- return NULL;
+ goto err;
#ifndef OPENSSL_NO_EC
if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
- return NULL;
+ goto err;
#endif
/*
@@ -1443,7 +1502,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
if (co_list == NULL) {
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
- return NULL; /* Failure */
+ goto err;
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
@@ -1509,8 +1568,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
* in force within each class
*/
if (!ssl_cipher_strength_sort(&head, &tail)) {
- OPENSSL_free(co_list);
- return NULL;
+ goto err;
}
/*
@@ -1555,9 +1613,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
if (ca_list == NULL) {
- OPENSSL_free(co_list);
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
- return NULL; /* Failure */
+ goto err;
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc,
@@ -1583,8 +1640,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
OPENSSL_free(ca_list); /* Not needed anymore */
if (!ok) { /* Rule processing failure */
- OPENSSL_free(co_list);
- return NULL;
+ goto err;
}
/*
@@ -1592,14 +1648,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
* if we cannot get one.
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
- OPENSSL_free(co_list);
- return NULL;
+ goto err;
}
+#ifdef SYSTEM_CIPHERS_FILE
+ OPENSSL_free(new_rules); /* Not needed anymore */
+#endif
+
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
if (!sk_SSL_CIPHER_push(cipherstack,
sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
+ OPENSSL_free(co_list);
sk_SSL_CIPHER_free(cipherstack);
return NULL;
}
@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
*cipher_list = cipherstack;
return cipherstack;
+
+err:
+ OPENSSL_free(co_list);
+#ifdef SYSTEM_CIPHERS_FILE
+ OPENSSL_free(new_rules);
+#endif
+ return NULL;
+
}
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
diff -up openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1c/ssl/ssl_lib.c
--- openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist 2019-05-29 15:42:27.970328937 +0200
+++ openssl-1.1.1c/ssl/ssl_lib.c 2019-05-29 15:42:27.977328814 +0200
@@ -662,7 +662,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
ctx->tls13_ciphersuites,
&(ctx->cipher_list),
&(ctx->cipher_list_by_id),
- SSL_DEFAULT_CIPHER_LIST, ctx->cert);
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert);
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return 0;
@@ -2954,7 +2954,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
if (!ssl_create_cipher_list(ret->method,
ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id,
- SSL_DEFAULT_CIPHER_LIST, ret->cert)
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert)
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
diff -up openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist openssl-1.1.1c/test/cipherlist_test.c
--- openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
+++ openssl-1.1.1c/test/cipherlist_test.c 2019-05-29 15:42:27.977328814 +0200
@@ -251,7 +251,9 @@ end:
int setup_tests(void)
{
+#ifndef SYSTEM_CIPHERS_FILE
ADD_TEST(test_default_cipherlist_implicit);
+#endif
ADD_TEST(test_default_cipherlist_explicit);
ADD_TEST(test_default_cipherlist_clear);
return 1;

View File

@ -1,70 +0,0 @@
diff -up openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default openssl-1.1.1h/apps/openssl.cnf
--- openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default 2020-11-06 11:07:28.850100899 +0100
+++ openssl-1.1.1h/apps/openssl.cnf 2020-11-06 11:11:28.042913791 +0100
@@ -364,5 +348,5 @@ tsa_name = yes # Must the TSA name be i
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
-ess_cert_id_alg = sha1 # algorithm to compute certificate
+ess_cert_id_alg = sha256 # algorithm to compute certificate
# identifier (optional, default: sha1)
diff -up openssl-1.1.1h/apps/ts.c.ts-sha256-default openssl-1.1.1h/apps/ts.c
--- openssl-1.1.1h/apps/ts.c.ts-sha256-default 2020-09-22 14:55:07.000000000 +0200
+++ openssl-1.1.1h/apps/ts.c 2020-11-06 11:07:28.883101220 +0100
@@ -423,7 +423,7 @@ static TS_REQ *create_query(BIO *data_bi
ASN1_OBJECT *policy_obj = NULL;
ASN1_INTEGER *nonce_asn1 = NULL;
- if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
+ if (md == NULL && (md = EVP_get_digestbyname("sha256")) == NULL)
goto err;
if ((ts_req = TS_REQ_new()) == NULL)
goto err;
diff -up openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default openssl-1.1.1h/crypto/ts/ts_conf.c
--- openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default 2020-11-06 12:03:51.226372867 +0100
+++ openssl-1.1.1h/crypto/ts/ts_conf.c 2020-11-06 12:04:01.713488990 +0100
@@ -476,7 +476,7 @@ int TS_CONF_set_ess_cert_id_digest(CONF
const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG);
if (md == NULL)
- md = "sha1";
+ md = "sha256";
cert_md = EVP_get_digestbyname(md);
if (cert_md == NULL) {
diff -up openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default openssl-1.1.1h/doc/man1/ts.pod
--- openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default 2020-09-22 14:55:07.000000000 +0200
+++ openssl-1.1.1h/doc/man1/ts.pod 2020-11-06 11:07:28.883101220 +0100
@@ -518,7 +518,7 @@ included. Default is no. (Optional)
=item B<ess_cert_id_alg>
This option specifies the hash function to be used to calculate the TSA's
-public key certificate identifier. Default is sha1. (Optional)
+public key certificate identifier. Default is sha256. (Optional)
=back
@@ -530,7 +530,7 @@ openssl/apps/openssl.cnf will do.
=head2 Time Stamp Request
-To create a timestamp request for design1.txt with SHA-1
+To create a timestamp request for design1.txt with SHA-256
without nonce and policy and no certificate is required in the response:
openssl ts -query -data design1.txt -no_nonce \
@@ -546,12 +546,12 @@ To print the content of the previous req
openssl ts -query -in design1.tsq -text
-To create a timestamp request which includes the MD-5 digest
+To create a timestamp request which includes the SHA-512 digest
of design2.txt, requests the signer certificate and nonce,
specifies a policy id (assuming the tsa_policy1 name is defined in the
OID section of the config file):
- openssl ts -query -data design2.txt -md5 \
+ openssl ts -query -data design2.txt -sha512 \
-tspolicy tsa_policy1 -cert -out design2.tsq
=head2 Time Stamp Response

View File

@ -1,38 +0,0 @@
diff -up openssl-1.1.1-pre8/apps/version.c.version-add-engines openssl-1.1.1-pre8/apps/version.c
--- openssl-1.1.1-pre8/apps/version.c.version-add-engines 2018-06-20 16:48:09.000000000 +0200
+++ openssl-1.1.1-pre8/apps/version.c 2018-07-16 18:00:40.608624346 +0200
@@ -64,7 +64,7 @@ int version_main(int argc, char **argv)
{
int ret = 1, dirty = 0, seed = 0;
int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
- int engdir = 0;
+ int engdir = 0, engines = 0;
char *prog;
OPTION_CHOICE o;
@@ -106,7 +106,7 @@ opthelp:
break;
case OPT_A:
seed = options = cflags = version = date = platform = dir = engdir
- = 1;
+ = engines = 1;
break;
}
}
@@ -188,6 +188,16 @@ opthelp:
#endif
printf("\n");
}
+ if (engines) {
+ ENGINE *e;
+ printf("engines: ");
+ e = ENGINE_get_first();
+ while (e) {
+ printf("%s ", ENGINE_get_id(e));
+ e = ENGINE_get_next(e);
+ }
+ printf("\n");
+ }
ret = 0;
end:
return ret;

View File

@ -1,12 +0,0 @@
diff -up openssl-1.1.1g/include/openssl/opensslv.h.version-override openssl-1.1.1g/include/openssl/opensslv.h
--- openssl-1.1.1g/include/openssl/opensslv.h.version-override 2020-04-23 13:29:37.802673513 +0200
+++ openssl-1.1.1g/include/openssl/opensslv.h 2020-04-23 13:30:13.064008458 +0200
@@ -40,7 +40,7 @@ extern "C" {
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x1010108fL
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1h 22 Sep 2020"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1h FIPS 22 Sep 2020"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)

View File

@ -1,57 +0,0 @@
diff -up openssl-1.1.1/ssl/s3_lib.c.weak-ciphers openssl-1.1.1/ssl/s3_lib.c
--- openssl-1.1.1/ssl/s3_lib.c.weak-ciphers 2018-09-11 14:48:23.000000000 +0200
+++ openssl-1.1.1/ssl/s3_lib.c 2018-09-17 12:53:33.850637181 +0200
@@ -2612,7 +2612,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_GOST89MAC,
TLS1_VERSION, TLS1_2_VERSION,
0, 0,
- SSL_HIGH,
+ SSL_MEDIUM,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
256,
256,
@@ -2644,7 +2644,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_GOST89MAC12,
TLS1_VERSION, TLS1_2_VERSION,
0, 0,
- SSL_HIGH,
+ SSL_MEDIUM,
SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
256,
256,
@@ -2753,7 +2753,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
},
#endif /* OPENSSL_NO_SEED */
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+#if 0 /* No MD5 ciphersuites */
{
1,
SSL3_TXT_RSA_RC4_128_MD5,
@@ -2770,6 +2770,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
SSL3_TXT_RSA_RC4_128_SHA,
@@ -2786,6 +2788,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
+#endif
+#if 0
{
1,
SSL3_TXT_ADH_RC4_128_MD5,
@@ -2802,6 +2806,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
128,
128,
},
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
{
1,
TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,

2
openssl-fips.conf Normal file
View File

@ -0,0 +1,2 @@
-b /usr/lib{,64}/libcrypto.so.*
-b /usr/lib{,64}/libssl.so.*

Some files were not shown because too many files have changed in this diff Show More