Compare commits
No commits in common. "rawhide" and "master" have entirely different histories.
10
.gitignore
vendored
10
.gitignore
vendored
@ -1,5 +1,6 @@
|
|||||||
.build*.log
|
.build*.log
|
||||||
clog
|
clog
|
||||||
|
000*.patch
|
||||||
*.src.rpm
|
*.src.rpm
|
||||||
openssl-1.0.0a-usa.tar.bz2
|
openssl-1.0.0a-usa.tar.bz2
|
||||||
/openssl-1.0.0b-usa.tar.bz2
|
/openssl-1.0.0b-usa.tar.bz2
|
||||||
@ -48,12 +49,3 @@ openssl-1.0.0a-usa.tar.bz2
|
|||||||
/openssl-1.1.1f-hobbled.tar.xz
|
/openssl-1.1.1f-hobbled.tar.xz
|
||||||
/openssl-1.1.1g-hobbled.tar.xz
|
/openssl-1.1.1g-hobbled.tar.xz
|
||||||
/openssl-1.1.1h-hobbled.tar.xz
|
/openssl-1.1.1h-hobbled.tar.xz
|
||||||
/openssl-1.1.1i-hobbled.tar.xz
|
|
||||||
/openssl-1.1.1j-hobbled.tar.xz
|
|
||||||
/openssl-1.1.1k-hobbled.tar.xz
|
|
||||||
/openssl-3.0.0-hobbled.tar.xz
|
|
||||||
/openssl-3.0.2-hobbled.tar.gz
|
|
||||||
/openssl-3.0.3-hobbled.tar.gz
|
|
||||||
/openssl-3.0.5-hobbled.tar.xz
|
|
||||||
/openssl-3.0.7-hobbled.tar.gz
|
|
||||||
/openssl-3.0.8-hobbled.tar.gz
|
|
||||||
|
@ -1,33 +0,0 @@
|
|||||||
From 603a35802319c0459737e3f067369ceb990fe2e6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tomas Mraz <tmraz@fedoraproject.org>
|
|
||||||
Date: Thu, 24 Sep 2020 09:01:41 +0200
|
|
||||||
Subject: Aarch64 and ppc64le use lib64
|
|
||||||
|
|
||||||
(Was openssl-1.1.1-build.patch)
|
|
||||||
---
|
|
||||||
Configurations/10-main.conf | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
|
|
||||||
index d7580bf3e1..a7dbfd7f40 100644
|
|
||||||
--- a/Configurations/10-main.conf
|
|
||||||
+++ b/Configurations/10-main.conf
|
|
||||||
@@ -723,6 +723,7 @@ my %targets = (
|
|
||||||
lib_cppflags => add("-DL_ENDIAN"),
|
|
||||||
asm_arch => 'ppc64',
|
|
||||||
perlasm_scheme => "linux64le",
|
|
||||||
+ multilib => "64",
|
|
||||||
},
|
|
||||||
|
|
||||||
"linux-armv4" => {
|
|
||||||
@@ -765,6 +766,7 @@ my %targets = (
|
|
||||||
inherit_from => [ "linux-generic64" ],
|
|
||||||
asm_arch => 'aarch64',
|
|
||||||
perlasm_scheme => "linux64",
|
|
||||||
+ multilib => "64",
|
|
||||||
},
|
|
||||||
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
|
|
||||||
inherit_from => [ "linux-generic32" ],
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
From 3d5755df8d09ca841c0aca2d7344db060f6cc97f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tomas Mraz <tmraz@fedoraproject.org>
|
|
||||||
Date: Thu, 24 Sep 2020 09:05:55 +0200
|
|
||||||
Subject: Do not install html docs
|
|
||||||
|
|
||||||
(was openssl-1.1.1-no-html.patch)
|
|
||||||
---
|
|
||||||
Configurations/unix-Makefile.tmpl | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
|
|
||||||
index 342e46d24d..9f369edf0e 100644
|
|
||||||
--- a/Configurations/unix-Makefile.tmpl
|
|
||||||
+++ b/Configurations/unix-Makefile.tmpl
|
|
||||||
@@ -554,7 +554,7 @@ install_sw: install_dev install_engines install_modules install_runtime
|
|
||||||
|
|
||||||
uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev
|
|
||||||
|
|
||||||
-install_docs: install_man_docs install_html_docs
|
|
||||||
+install_docs: install_man_docs
|
|
||||||
|
|
||||||
uninstall_docs: uninstall_man_docs uninstall_html_docs
|
|
||||||
$(RM) -r $(DESTDIR)$(DOCDIR)
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
@ -1,73 +0,0 @@
|
|||||||
From 6790960076742a9053c624e26fbb87fcd5789e27 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tomas Mraz <tmraz@fedoraproject.org>
|
|
||||||
Date: Thu, 24 Sep 2020 09:17:26 +0200
|
|
||||||
Subject: Override default paths for the CA directory tree
|
|
||||||
|
|
||||||
Also add default section to load crypto-policies configuration
|
|
||||||
for TLS.
|
|
||||||
|
|
||||||
It needs to be reverted before running tests.
|
|
||||||
|
|
||||||
(was openssl-1.1.1-conf-paths.patch)
|
|
||||||
---
|
|
||||||
apps/CA.pl.in | 2 +-
|
|
||||||
apps/openssl.cnf | 20 ++++++++++++++++++--
|
|
||||||
2 files changed, 19 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/apps/CA.pl.in b/apps/CA.pl.in
|
|
||||||
index c0afb96716..d6a5fabd16 100644
|
|
||||||
--- a/apps/CA.pl.in
|
|
||||||
+++ b/apps/CA.pl.in
|
|
||||||
@@ -29,7 +29,7 @@ my $X509 = "$openssl x509";
|
|
||||||
my $PKCS12 = "$openssl pkcs12";
|
|
||||||
|
|
||||||
# Default values for various configuration settings.
|
|
||||||
-my $CATOP = "./demoCA";
|
|
||||||
+my $CATOP = "/etc/pki/CA";
|
|
||||||
my $CAKEY = "cakey.pem";
|
|
||||||
my $CAREQ = "careq.pem";
|
|
||||||
my $CACERT = "cacert.pem";
|
|
||||||
diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf
|
|
||||||
--- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200
|
|
||||||
+++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200
|
|
||||||
@@ -53,6 +53,8 @@ tsa_policy3 = 1.2.3.4.5.7
|
|
||||||
|
|
||||||
[openssl_init]
|
|
||||||
providers = provider_sect
|
|
||||||
+# Load default TLS policy configuration
|
|
||||||
+ssl_conf = ssl_module
|
|
||||||
|
|
||||||
# List of providers to load
|
|
||||||
[provider_sect]
|
|
||||||
@@ -64,6 +66,13 @@ default = default_sect
|
|
||||||
[default_sect]
|
|
||||||
# activate = 1
|
|
||||||
|
|
||||||
+[ ssl_module ]
|
|
||||||
+
|
|
||||||
+system_default = crypto_policy
|
|
||||||
+
|
|
||||||
+[ crypto_policy ]
|
|
||||||
+
|
|
||||||
+.include = /etc/crypto-policies/back-ends/opensslcnf.config
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ ca ]
|
|
||||||
@@ -72,7 +81,7 @@ default_ca = CA_default # The default c
|
|
||||||
####################################################################
|
|
||||||
[ CA_default ]
|
|
||||||
|
|
||||||
-dir = ./demoCA # Where everything is kept
|
|
||||||
+dir = /etc/pki/CA # Where everything is kept
|
|
||||||
certs = $dir/certs # Where the issued certs are kept
|
|
||||||
crl_dir = $dir/crl # Where the issued crl are kept
|
|
||||||
database = $dir/index.txt # database index file.
|
|
||||||
@@ -304,7 +313,7 @@ default_tsa = tsa_config1 # the default
|
|
||||||
[ tsa_config1 ]
|
|
||||||
|
|
||||||
# These are used by the TSA reply generation only.
|
|
||||||
-dir = ./demoCA # TSA root directory
|
|
||||||
+dir = /etc/pki/CA # TSA root directory
|
|
||||||
serial = $dir/tsaserial # The current serial number (mandatory)
|
|
||||||
crypto_device = builtin # OpenSSL engine to use for signing
|
|
||||||
signer_cert = $dir/tsacert.pem # The TSA signing certificate
|
|
@ -1,28 +0,0 @@
|
|||||||
From 3d8fa9859501b07e02b76b5577e2915d5851e927 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tomas Mraz <tmraz@fedoraproject.org>
|
|
||||||
Date: Thu, 24 Sep 2020 09:27:18 +0200
|
|
||||||
Subject: apps/ca: fix md option help text
|
|
||||||
|
|
||||||
upstreamable
|
|
||||||
|
|
||||||
(was openssl-1.1.1-apps-dgst.patch)
|
|
||||||
---
|
|
||||||
apps/ca.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/apps/ca.c b/apps/ca.c
|
|
||||||
index 0f21b4fa1c..3d4b2c1673 100755
|
|
||||||
--- a/apps/ca.c
|
|
||||||
+++ b/apps/ca.c
|
|
||||||
@@ -209,7 +209,7 @@ const OPTIONS ca_options[] = {
|
|
||||||
{"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
|
|
||||||
|
|
||||||
OPT_SECTION("Signing"),
|
|
||||||
- {"md", OPT_MD, 's', "Digest to use, such as sha256"},
|
|
||||||
+ {"md", OPT_MD, 's', "Digest to use, such as sha256; see openssl help for list"},
|
|
||||||
{"keyfile", OPT_KEYFILE, 's', "The CA private key"},
|
|
||||||
{"keyform", OPT_KEYFORM, 'f',
|
|
||||||
"Private key file format (ENGINE, other values ignored)"},
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
@ -1,29 +0,0 @@
|
|||||||
From 3f9deff30ae6efbfe979043b00cdf649b39793c0 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tomas Mraz <tmraz@fedoraproject.org>
|
|
||||||
Date: Thu, 24 Sep 2020 09:51:34 +0200
|
|
||||||
Subject: Disable signature verification with totally unsafe hash algorithms
|
|
||||||
|
|
||||||
(was openssl-1.1.1-no-weak-verify.patch)
|
|
||||||
---
|
|
||||||
crypto/asn1/a_verify.c | 5 +++++
|
|
||||||
1 file changed, 5 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
|
|
||||||
index b7eed914b0..af62f0ef08 100644
|
|
||||||
--- a/crypto/asn1/a_verify.c
|
|
||||||
+++ b/crypto/asn1/a_verify.c
|
|
||||||
@@ -152,6 +152,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
|
|
||||||
ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
|
|
||||||
if (ret <= 1)
|
|
||||||
goto err;
|
|
||||||
+ } else if ((mdnid == NID_md5
|
|
||||||
+ && ossl_safe_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
|
|
||||||
+ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
|
|
||||||
+ ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
|
|
||||||
+ goto err;
|
|
||||||
} else {
|
|
||||||
const EVP_MD *type = NULL;
|
|
||||||
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
@ -1,77 +0,0 @@
|
|||||||
From 5b2ec9a54037d7b007324bf53e067e73511cdfe4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tomas Mraz <tmraz@fedoraproject.org>
|
|
||||||
Date: Thu, 26 Nov 2020 14:00:16 +0100
|
|
||||||
Subject: Add FIPS_mode() compatibility macro
|
|
||||||
|
|
||||||
The macro calls EVP_default_properties_is_fips_enabled() on the
|
|
||||||
default context.
|
|
||||||
---
|
|
||||||
include/openssl/crypto.h.in | 1 +
|
|
||||||
include/openssl/fips.h | 25 +++++++++++++++++++++++++
|
|
||||||
test/property_test.c | 13 +++++++++++++
|
|
||||||
3 files changed, 39 insertions(+)
|
|
||||||
create mode 100644 include/openssl/fips.h
|
|
||||||
|
|
||||||
diff --git a/include/openssl/fips.h b/include/openssl/fips.h
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..c64f0f8e8f
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/include/openssl/fips.h
|
|
||||||
@@ -0,0 +1,26 @@
|
|
||||||
+/*
|
|
||||||
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
+ *
|
|
||||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
||||||
+ * this file except in compliance with the License. You can obtain a copy
|
|
||||||
+ * in the file LICENSE in the source distribution or at
|
|
||||||
+ * https://www.openssl.org/source/license.html
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+#ifndef OPENSSL_FIPS_H
|
|
||||||
+# define OPENSSL_FIPS_H
|
|
||||||
+# pragma once
|
|
||||||
+
|
|
||||||
+# include <openssl/evp.h>
|
|
||||||
+# include <openssl/macros.h>
|
|
||||||
+
|
|
||||||
+# ifdef __cplusplus
|
|
||||||
+extern "C" {
|
|
||||||
+# endif
|
|
||||||
+
|
|
||||||
+# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
|
|
||||||
+
|
|
||||||
+# ifdef __cplusplus
|
|
||||||
+}
|
|
||||||
+# endif
|
|
||||||
+#endif
|
|
||||||
diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c
|
|
||||||
--- openssl-3.0.0-beta1/test/property_test.c.fips-macro 2021-06-29 12:14:58.851557698 +0200
|
|
||||||
+++ openssl-3.0.0-beta1/test/property_test.c 2021-06-29 12:17:14.630143832 +0200
|
|
||||||
@@ -488,6 +488,19 @@ static int test_property_list_to_string(
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#include <openssl/fips.h>
|
|
||||||
+static int test_downstream_FIPS_mode(void)
|
|
||||||
+{
|
|
||||||
+ int ret = 0;
|
|
||||||
+
|
|
||||||
+ ret = TEST_true(EVP_set_default_properties(NULL, "fips=yes"))
|
|
||||||
+ && TEST_true(FIPS_mode())
|
|
||||||
+ && TEST_true(EVP_set_default_properties(NULL, "fips=no"))
|
|
||||||
+ && TEST_false(FIPS_mode());
|
|
||||||
+
|
|
||||||
+ return ret;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
int setup_tests(void)
|
|
||||||
{
|
|
||||||
ADD_TEST(test_property_string);
|
|
||||||
@@ -500,6 +512,7 @@ int setup_tests(void)
|
|
||||||
ADD_TEST(test_property);
|
|
||||||
ADD_TEST(test_query_cache_stochastic);
|
|
||||||
ADD_TEST(test_fips_mode);
|
|
||||||
+ ADD_TEST(test_downstream_FIPS_mode);
|
|
||||||
ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
|
|
||||||
return 1;
|
|
||||||
}
|
|
@ -1,71 +0,0 @@
|
|||||||
diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c
|
|
||||||
--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100
|
|
||||||
+++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100
|
|
||||||
@@ -12,11 +12,46 @@
|
|
||||||
#include "crypto/ctype.h"
|
|
||||||
#include "crypto/rand.h"
|
|
||||||
|
|
||||||
+# include <sys/types.h>
|
|
||||||
+# include <sys/stat.h>
|
|
||||||
+# include <fcntl.h>
|
|
||||||
+# include <unistd.h>
|
|
||||||
+# include <openssl/evp.h>
|
|
||||||
+
|
|
||||||
struct ossl_lib_ctx_onfree_list_st {
|
|
||||||
ossl_lib_ctx_onfree_fn *fn;
|
|
||||||
struct ossl_lib_ctx_onfree_list_st *next;
|
|
||||||
};
|
|
||||||
|
|
||||||
+# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
|
|
||||||
+
|
|
||||||
+static int kernel_fips_flag;
|
|
||||||
+
|
|
||||||
+static void read_kernel_fips_flag(void)
|
|
||||||
+{
|
|
||||||
+ char buf[2] = "0";
|
|
||||||
+ int fd;
|
|
||||||
+
|
|
||||||
+ if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
|
|
||||||
+ buf[0] = '1';
|
|
||||||
+ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
|
|
||||||
+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
|
|
||||||
+ close(fd);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (buf[0] == '1') {
|
|
||||||
+ kernel_fips_flag = 1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int ossl_get_kernel_fips_flag()
|
|
||||||
+{
|
|
||||||
+ return kernel_fips_flag;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
struct ossl_lib_ctx_st {
|
|
||||||
CRYPTO_RWLOCK *lock;
|
|
||||||
CRYPTO_EX_DATA data;
|
|
||||||
@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte
|
|
||||||
|
|
||||||
DEFINE_RUN_ONCE_STATIC(default_context_do_init)
|
|
||||||
{
|
|
||||||
+ read_kernel_fips_flag();
|
|
||||||
return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL)
|
|
||||||
&& context_init(&default_context_int);
|
|
||||||
}
|
|
||||||
diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/include/internal/provider.h
|
|
||||||
--- openssl-3.0.1/include/internal/provider.h.embed-fips 2022-01-11 13:13:08.323238760 +0100
|
|
||||||
+++ openssl-3.0.1/include/internal/provider.h 2022-01-11 13:13:43.522558909 +0100
|
|
||||||
@@ -110,6 +110,9 @@ int ossl_provider_init_as_child(OSSL_LIB
|
|
||||||
const OSSL_DISPATCH *in);
|
|
||||||
void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx);
|
|
||||||
|
|
||||||
+/* FIPS flag access */
|
|
||||||
+int ossl_get_kernel_fips_flag(void);
|
|
||||||
+
|
|
||||||
# ifdef __cplusplus
|
|
||||||
}
|
|
||||||
# endif
|
|
File diff suppressed because it is too large
Load Diff
@ -1,122 +0,0 @@
|
|||||||
diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/crypto/ec/ec_asn1.c
|
|
||||||
--- openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec 2022-03-22 13:10:45.718077845 +0100
|
|
||||||
+++ openssl-3.0.1/crypto/ec/ec_asn1.c 2022-03-22 13:12:46.626599016 +0100
|
|
||||||
@@ -895,6 +895,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **
|
|
||||||
if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT)
|
|
||||||
group->decoded_from_explicit_params = 1;
|
|
||||||
|
|
||||||
+ if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) {
|
|
||||||
+ EC_GROUP_free(group);
|
|
||||||
+ ECPKPARAMETERS_free(params);
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (a) {
|
|
||||||
EC_GROUP_free(*a);
|
|
||||||
*a = group;
|
|
||||||
@@ -954,6 +959,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (EC_GROUP_check_named_curve(ret->group, 0, NULL) == NID_undef) {
|
|
||||||
+ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
|
|
||||||
+ goto err;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
ret->version = priv_key->version;
|
|
||||||
|
|
||||||
if (priv_key->privateKey) {
|
|
||||||
diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/test/endecode_test.c
|
|
||||||
--- openssl-3.0.1/test/endecode_test.c.disable_explicit_ec 2022-03-21 16:55:46.005558779 +0100
|
|
||||||
+++ openssl-3.0.1/test/endecode_test.c 2022-03-21 16:56:12.636792762 +0100
|
|
||||||
@@ -57,7 +57,7 @@ static BN_CTX *bnctx = NULL;
|
|
||||||
static OSSL_PARAM_BLD *bld_prime_nc = NULL;
|
|
||||||
static OSSL_PARAM_BLD *bld_prime = NULL;
|
|
||||||
static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
|
|
||||||
-static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
|
|
||||||
+/*static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;*/
|
|
||||||
|
|
||||||
# ifndef OPENSSL_NO_EC2M
|
|
||||||
static OSSL_PARAM_BLD *bld_tri_nc = NULL;
|
|
||||||
@@ -990,9 +990,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
|
|
||||||
DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
|
|
||||||
IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
|
|
||||||
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
|
|
||||||
-DOMAIN_KEYS(ECExplicitPrime2G);
|
|
||||||
-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
|
|
||||||
-IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
|
|
||||||
+/*DOMAIN_KEYS(ECExplicitPrime2G);*/
|
|
||||||
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
|
|
||||||
+/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
|
|
||||||
# ifndef OPENSSL_NO_EC2M
|
|
||||||
DOMAIN_KEYS(ECExplicitTriNamedCurve);
|
|
||||||
IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
|
|
||||||
@@ -1318,7 +1318,7 @@ int setup_tests(void)
|
|
||||||
|| !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
|
|
||||||
|| !create_ec_explicit_prime_params(bld_prime)
|
|
||||||
|| !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
|
|
||||||
- || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
|
|
||||||
+/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/
|
|
||||||
# ifndef OPENSSL_NO_EC2M
|
|
||||||
|| !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
|
|
||||||
|| !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
|
|
||||||
@@ -1346,7 +1346,7 @@ int setup_tests(void)
|
|
||||||
TEST_info("Generating EC keys...");
|
|
||||||
MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
|
|
||||||
MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
|
|
||||||
- MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
|
|
||||||
+/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/
|
|
||||||
# ifndef OPENSSL_NO_EC2M
|
|
||||||
MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
|
|
||||||
MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
|
|
||||||
@@ -1389,8 +1389,8 @@ int setup_tests(void)
|
|
||||||
ADD_TEST_SUITE_LEGACY(EC);
|
|
||||||
ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
|
|
||||||
ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
|
|
||||||
- ADD_TEST_SUITE(ECExplicitPrime2G);
|
|
||||||
- ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
|
|
||||||
+/* ADD_TEST_SUITE(ECExplicitPrime2G);*/
|
|
||||||
+/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/
|
|
||||||
# ifndef OPENSSL_NO_EC2M
|
|
||||||
ADD_TEST_SUITE(ECExplicitTriNamedCurve);
|
|
||||||
ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
|
|
||||||
@@ -1427,7 +1427,7 @@ void cleanup_tests(void)
|
|
||||||
{
|
|
||||||
#ifndef OPENSSL_NO_EC
|
|
||||||
OSSL_PARAM_free(ec_explicit_prime_params_nc);
|
|
||||||
- OSSL_PARAM_free(ec_explicit_prime_params_explicit);
|
|
||||||
+/* OSSL_PARAM_free(ec_explicit_prime_params_explicit);*/
|
|
||||||
OSSL_PARAM_BLD_free(bld_prime_nc);
|
|
||||||
OSSL_PARAM_BLD_free(bld_prime);
|
|
||||||
# ifndef OPENSSL_NO_EC2M
|
|
||||||
@@ -1449,7 +1449,7 @@ void cleanup_tests(void)
|
|
||||||
#ifndef OPENSSL_NO_EC
|
|
||||||
FREE_DOMAIN_KEYS(EC);
|
|
||||||
FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
|
|
||||||
- FREE_DOMAIN_KEYS(ECExplicitPrime2G);
|
|
||||||
+/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/
|
|
||||||
# ifndef OPENSSL_NO_EC2M
|
|
||||||
FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
|
|
||||||
FREE_DOMAIN_KEYS(ECExplicitTri2G);
|
|
||||||
diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
|
||||||
--- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec 2022-03-25 11:20:50.920949208 +0100
|
|
||||||
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2022-03-25 11:21:13.177147598 +0100
|
|
||||||
@@ -121,18 +121,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEB
|
|
||||||
3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
|
|
||||||
-PrivateKey = EC_EXPLICIT
|
|
||||||
------BEGIN PRIVATE KEY-----
|
|
||||||
-MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
|
|
||||||
-AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
|
|
||||||
-///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
|
|
||||||
-AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
|
|
||||||
-l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
|
|
||||||
-AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
|
|
||||||
-OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
|
|
||||||
-46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
|
|
||||||
------END PRIVATE KEY-----
|
|
||||||
-
|
|
||||||
PrivateKey = B-163
|
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
|
|
@ -1,75 +0,0 @@
|
|||||||
diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf
|
|
||||||
--- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200
|
|
||||||
+++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200
|
|
||||||
@@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1
|
|
||||||
tsa_policy2 = 1.2.3.4.5.6
|
|
||||||
tsa_policy3 = 1.2.3.4.5.7
|
|
||||||
|
|
||||||
-# For FIPS
|
|
||||||
-# Optionally include a file that is generated by the OpenSSL fipsinstall
|
|
||||||
-# application. This file contains configuration data required by the OpenSSL
|
|
||||||
-# fips provider. It contains a named section e.g. [fips_sect] which is
|
|
||||||
-# referenced from the [provider_sect] below.
|
|
||||||
-# Refer to the OpenSSL security policy for more information.
|
|
||||||
-# .include fipsmodule.cnf
|
|
||||||
-
|
|
||||||
[openssl_init]
|
|
||||||
providers = provider_sect
|
|
||||||
# Load default TLS policy configuration
|
|
||||||
ssl_conf = ssl_module
|
|
||||||
|
|
||||||
-# List of providers to load
|
|
||||||
-[provider_sect]
|
|
||||||
-default = default_sect
|
|
||||||
-# The fips section name should match the section name inside the
|
|
||||||
-# included fipsmodule.cnf.
|
|
||||||
-# fips = fips_sect
|
|
||||||
+# Uncomment the sections that start with ## below to enable the legacy provider.
|
|
||||||
+# Loading the legacy provider enables support for the following algorithms:
|
|
||||||
+# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160
|
|
||||||
+# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED
|
|
||||||
+# Key Derivation Function (KDF): PBKDF1
|
|
||||||
+# In general it is not recommended to use the above mentioned algorithms for
|
|
||||||
+# security critical operations, as they are cryptographically weak or vulnerable
|
|
||||||
+# to side-channel attacks and as such have been deprecated.
|
|
||||||
|
|
||||||
-# If no providers are activated explicitly, the default one is activated implicitly.
|
|
||||||
-# See man 7 OSSL_PROVIDER-default for more details.
|
|
||||||
-#
|
|
||||||
-# If you add a section explicitly activating any other provider(s), you most
|
|
||||||
-# probably need to explicitly activate the default provider, otherwise it
|
|
||||||
-# becomes unavailable in openssl. As a consequence applications depending on
|
|
||||||
-# OpenSSL may not work correctly which could lead to significant system
|
|
||||||
-# problems including inability to remotely access the system.
|
|
||||||
-[default_sect]
|
|
||||||
-# activate = 1
|
|
||||||
+[provider_sect]
|
|
||||||
+default = default_sect
|
|
||||||
+##legacy = legacy_sect
|
|
||||||
+##
|
|
||||||
+[default_sect]
|
|
||||||
+activate = 1
|
|
||||||
+
|
|
||||||
+##[legacy_sect]
|
|
||||||
+##activate = 1
|
|
||||||
|
|
||||||
[ ssl_module ]
|
|
||||||
|
|
||||||
diff -up openssl-3.0.0/doc/man5/config.pod.legacy-prov openssl-3.0.0/doc/man5/config.pod
|
|
||||||
--- openssl-3.0.0/doc/man5/config.pod.legacy-prov 2021-09-09 12:09:38.079040853 +0200
|
|
||||||
+++ openssl-3.0.0/doc/man5/config.pod 2021-09-09 12:11:56.646224876 +0200
|
|
||||||
@@ -273,6 +273,14 @@ significant.
|
|
||||||
All parameters in the section as well as sub-sections are made
|
|
||||||
available to the provider.
|
|
||||||
|
|
||||||
+=head3 Loading the legacy provider
|
|
||||||
+
|
|
||||||
+Uncomment the sections that start with ## in openssl.cnf
|
|
||||||
+to enable the legacy provider.
|
|
||||||
+Note: In general it is not recommended to use the above mentioned algorithms for
|
|
||||||
+security critical operations, as they are cryptographically weak or vulnerable
|
|
||||||
+to side-channel attacks and as such have been deprecated.
|
|
||||||
+
|
|
||||||
=head3 Default provider and its activation
|
|
||||||
|
|
||||||
If no providers are activated explicitly, the default one is activated implicitly.
|
|
@ -1,18 +0,0 @@
|
|||||||
diff -up openssl-3.0.0/apps/openssl.cnf.xxx openssl-3.0.0/apps/openssl.cnf
|
|
||||||
--- openssl-3.0.0/apps/openssl.cnf.xxx 2021-11-23 16:29:50.618691603 +0100
|
|
||||||
+++ openssl-3.0.0/apps/openssl.cnf 2021-11-23 16:28:16.872882099 +0100
|
|
||||||
@@ -55,11 +55,11 @@ providers = provider_sect
|
|
||||||
# to side-channel attacks and as such have been deprecated.
|
|
||||||
|
|
||||||
[provider_sect]
|
|
||||||
-default = default_sect
|
|
||||||
+##default = default_sect
|
|
||||||
##legacy = legacy_sect
|
|
||||||
##
|
|
||||||
-[default_sect]
|
|
||||||
-activate = 1
|
|
||||||
+##[default_sect]
|
|
||||||
+##activate = 1
|
|
||||||
|
|
||||||
##[legacy_sect]
|
|
||||||
##activate = 1
|
|
@ -1,40 +0,0 @@
|
|||||||
diff -up openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit openssl-3.0.0/test/recipes/90-test_sslapi.t
|
|
||||||
--- openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit 2021-09-22 11:56:49.452507975 +0200
|
|
||||||
+++ openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-09-22 11:57:19.371764742 +0200
|
|
||||||
@@ -40,7 +40,7 @@ unless ($no_fips) {
|
|
||||||
"recipes",
|
|
||||||
"90-test_sslapi_data",
|
|
||||||
"dhparams.pem")])),
|
|
||||||
- "running sslapitest");
|
|
||||||
+ "running sslapitest - FIPS");
|
|
||||||
}
|
|
||||||
|
|
||||||
unlink $tmpfilename;
|
|
||||||
diff --git a/test/sslapitest.c b/test/sslapitest.c
|
|
||||||
index e95d2657f46c..7af0eab3fce0 100644
|
|
||||||
--- a/test/sslapitest.c
|
|
||||||
+++ b/test/sslapitest.c
|
|
||||||
@@ -1158,6 +1158,11 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls,
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (is_fips && strstr(cipher, "CHACHA") != NULL) {
|
|
||||||
+ testresult = TEST_skip("CHACHA is not supported in FIPS");
|
|
||||||
+ goto end;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* Create a session based on SHA-256 */
|
|
||||||
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
|
|
||||||
TLS_client_method(),
|
|
||||||
@@ -1292,6 +1297,11 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher)
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (is_fips && strstr(cipher, "CHACHA") != NULL) {
|
|
||||||
+ testresult = TEST_skip("CHACHA is not supported in FIPS");
|
|
||||||
+ goto end;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* Create a session based on SHA-256 */
|
|
||||||
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
|
|
||||||
TLS_client_method(),
|
|
@ -1,173 +0,0 @@
|
|||||||
#Note: provider_conf_activate() is introduced in downstream only. It is a rewrite
|
|
||||||
#(partial) of the function provider_conf_load() under the 'if (activate) section.
|
|
||||||
#If there is any change to this section, after deleting it in provider_conf_load()
|
|
||||||
#ensure that you also add those changes to the provider_conf_activate() function.
|
|
||||||
#additionally please add this check for cnf explicitly as shown below.
|
|
||||||
#'ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;'
|
|
||||||
diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c
|
|
||||||
--- openssl-3.0.1/crypto/provider_conf.c.fipsact 2022-05-12 12:44:31.199034948 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/provider_conf.c 2022-05-12 12:49:17.468318373 +0200
|
|
||||||
@@ -10,6 +10,7 @@
|
|
||||||
#include <string.h>
|
|
||||||
#include <openssl/trace.h>
|
|
||||||
#include <openssl/err.h>
|
|
||||||
+#include <openssl/evp.h>
|
|
||||||
#include <openssl/conf.h>
|
|
||||||
#include <openssl/safestack.h>
|
|
||||||
#include <openssl/provider.h>
|
|
||||||
@@ -136,58 +136,18 @@ static int prov_already_activated(const
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
|
|
||||||
- const char *value, const CONF *cnf)
|
|
||||||
+static int provider_conf_activate(OSSL_LIB_CTX *libctx,const char *name,
|
|
||||||
+ const char *value, const char *path,
|
|
||||||
+ int soft, const CONF *cnf)
|
|
||||||
{
|
|
||||||
- int i;
|
|
||||||
- STACK_OF(CONF_VALUE) *ecmds;
|
|
||||||
- int soft = 0;
|
|
||||||
- OSSL_PROVIDER *prov = NULL, *actual = NULL;
|
|
||||||
- const char *path = NULL;
|
|
||||||
- long activate = 0;
|
|
||||||
int ok = 0;
|
|
||||||
-
|
|
||||||
- name = skip_dot(name);
|
|
||||||
- OSSL_TRACE1(CONF, "Configuring provider %s\n", name);
|
|
||||||
- /* Value is a section containing PROVIDER commands */
|
|
||||||
- ecmds = NCONF_get_section(cnf, value);
|
|
||||||
-
|
|
||||||
- if (!ecmds) {
|
|
||||||
- ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR,
|
|
||||||
- "section=%s not found", value);
|
|
||||||
- return 0;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- /* Find the needed data first */
|
|
||||||
- for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
|
|
||||||
- CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i);
|
|
||||||
- const char *confname = skip_dot(ecmd->name);
|
|
||||||
- const char *confvalue = ecmd->value;
|
|
||||||
-
|
|
||||||
- OSSL_TRACE2(CONF, "Provider command: %s = %s\n",
|
|
||||||
- confname, confvalue);
|
|
||||||
-
|
|
||||||
- /* First handle some special pseudo confs */
|
|
||||||
-
|
|
||||||
- /* Override provider name to use */
|
|
||||||
- if (strcmp(confname, "identity") == 0)
|
|
||||||
- name = confvalue;
|
|
||||||
- else if (strcmp(confname, "soft_load") == 0)
|
|
||||||
- soft = 1;
|
|
||||||
- /* Load a dynamic PROVIDER */
|
|
||||||
- else if (strcmp(confname, "module") == 0)
|
|
||||||
- path = confvalue;
|
|
||||||
- else if (strcmp(confname, "activate") == 0)
|
|
||||||
- activate = 1;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if (activate) {
|
|
||||||
- PROVIDER_CONF_GLOBAL *pcgbl
|
|
||||||
- = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
|
|
||||||
- &provider_conf_ossl_ctx_method);
|
|
||||||
+ OSSL_PROVIDER *prov = NULL, *actual = NULL;
|
|
||||||
+ PROVIDER_CONF_GLOBAL *pcgbl
|
|
||||||
+ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
|
|
||||||
+ &provider_conf_ossl_ctx_method);
|
|
||||||
|
|
||||||
if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) {
|
|
||||||
- ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
|
|
||||||
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
if (!prov_already_activated(name, pcgbl->activated_providers)) {
|
|
||||||
@@ -216,7 +176,7 @@ static int provider_conf_load(OSSL_LIB_C
|
|
||||||
if (path != NULL)
|
|
||||||
ossl_provider_set_module_path(prov, path);
|
|
||||||
|
|
||||||
- ok = provider_conf_params(prov, NULL, NULL, value, cnf);
|
|
||||||
+ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;
|
|
||||||
|
|
||||||
if (ok) {
|
|
||||||
if (!ossl_provider_activate(prov, 1, 0)) {
|
|
||||||
@@ -244,8 +204,59 @@ static int provider_conf_load(OSSL_LIB_C
|
|
||||||
}
|
|
||||||
if (!ok)
|
|
||||||
ossl_provider_free(prov);
|
|
||||||
+ } else { /* No reason to activate the provider twice, returning OK */
|
|
||||||
+ ok = 1;
|
|
||||||
}
|
|
||||||
CRYPTO_THREAD_unlock(pcgbl->lock);
|
|
||||||
+ return ok;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
|
|
||||||
+ const char *value, const CONF *cnf)
|
|
||||||
+{
|
|
||||||
+ int i;
|
|
||||||
+ STACK_OF(CONF_VALUE) *ecmds;
|
|
||||||
+ int soft = 0;
|
|
||||||
+ const char *path = NULL;
|
|
||||||
+ long activate = 0;
|
|
||||||
+ int ok = 0;
|
|
||||||
+
|
|
||||||
+ name = skip_dot(name);
|
|
||||||
+ OSSL_TRACE1(CONF, "Configuring provider %s\n", name);
|
|
||||||
+ /* Value is a section containing PROVIDER commands */
|
|
||||||
+ ecmds = NCONF_get_section(cnf, value);
|
|
||||||
+
|
|
||||||
+ if (!ecmds) {
|
|
||||||
+ ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR,
|
|
||||||
+ "section=%s not found", value);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Find the needed data first */
|
|
||||||
+ for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
|
|
||||||
+ CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i);
|
|
||||||
+ const char *confname = skip_dot(ecmd->name);
|
|
||||||
+ const char *confvalue = ecmd->value;
|
|
||||||
+
|
|
||||||
+ OSSL_TRACE2(CONF, "Provider command: %s = %s\n",
|
|
||||||
+ confname, confvalue);
|
|
||||||
+
|
|
||||||
+ /* First handle some special pseudo confs */
|
|
||||||
+
|
|
||||||
+ /* Override provider name to use */
|
|
||||||
+ if (strcmp(confname, "identity") == 0)
|
|
||||||
+ name = confvalue;
|
|
||||||
+ else if (strcmp(confname, "soft_load") == 0)
|
|
||||||
+ soft = 1;
|
|
||||||
+ /* Load a dynamic PROVIDER */
|
|
||||||
+ else if (strcmp(confname, "module") == 0)
|
|
||||||
+ path = confvalue;
|
|
||||||
+ else if (strcmp(confname, "activate") == 0)
|
|
||||||
+ activate = 1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (activate) {
|
|
||||||
+ ok = provider_conf_activate(libctx, name, value, path, soft, cnf);
|
|
||||||
} else {
|
|
||||||
OSSL_PROVIDER_INFO entry;
|
|
||||||
|
|
||||||
@@ -306,6 +317,19 @@ static int provider_conf_init(CONF_IMODU
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */
|
|
||||||
+ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf);
|
|
||||||
+ PROVIDER_CONF_GLOBAL *pcgbl
|
|
||||||
+ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
|
|
||||||
+ &provider_conf_ossl_ctx_method);
|
|
||||||
+ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1)
|
|
||||||
+ return 0;
|
|
||||||
+ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1)
|
|
||||||
+ return 0;
|
|
||||||
+ if (EVP_default_properties_enable_fips(libctx, 1) != 1)
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
@ -1,204 +0,0 @@
|
|||||||
diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/providers/fips/self_test.c
|
|
||||||
--- openssl-3.0.7/providers/fips/self_test.c.embed-hmac 2023-01-05 10:03:44.864869710 +0100
|
|
||||||
+++ openssl-3.0.7/providers/fips/self_test.c 2023-01-05 10:15:17.041606472 +0100
|
|
||||||
@@ -172,11 +172,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void)
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+#define HMAC_LEN 32
|
|
||||||
+/*
|
|
||||||
+ * The __attribute__ ensures we've created the .rodata1 section
|
|
||||||
+ * static ensures it's zero filled
|
|
||||||
+*/
|
|
||||||
+static const unsigned char __attribute__ ((section (".rodata1"))) fips_hmac_container[HMAC_LEN] = {0};
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Calculate the HMAC SHA256 of data read using a BIO and read_cb, and verify
|
|
||||||
* the result matches the expected value.
|
|
||||||
* Return 1 if verified, or 0 if it fails.
|
|
||||||
*/
|
|
||||||
+#ifndef __USE_GNU
|
|
||||||
+#define __USE_GNU
|
|
||||||
+#include <dlfcn.h>
|
|
||||||
+#undef __USE_GNU
|
|
||||||
+#else
|
|
||||||
+#include <dlfcn.h>
|
|
||||||
+#endif
|
|
||||||
+#include <link.h>
|
|
||||||
+
|
|
||||||
static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
|
|
||||||
unsigned char *expected, size_t expected_len,
|
|
||||||
OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
|
|
||||||
@@ -189,9 +205,20 @@ static int verify_integrity(OSSL_CORE_BI
|
|
||||||
EVP_MAC *mac = NULL;
|
|
||||||
EVP_MAC_CTX *ctx = NULL;
|
|
||||||
OSSL_PARAM params[2], *p = params;
|
|
||||||
+ Dl_info info;
|
|
||||||
+ void *extra_info = NULL;
|
|
||||||
+ struct link_map *lm = NULL;
|
|
||||||
+ unsigned long paddr;
|
|
||||||
+ unsigned long off = 0;
|
|
||||||
|
|
||||||
OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
|
|
||||||
|
|
||||||
+ if (!dladdr1 ((const void *)fips_hmac_container,
|
|
||||||
+ &info, &extra_info, RTLD_DL_LINKMAP))
|
|
||||||
+ goto err;
|
|
||||||
+ lm = extra_info;
|
|
||||||
+ paddr = (unsigned long)fips_hmac_container - lm->l_addr;
|
|
||||||
+
|
|
||||||
mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
|
|
||||||
if (mac == NULL)
|
|
||||||
goto err;
|
|
||||||
@@ -205,13 +233,42 @@ static int verify_integrity(OSSL_CORE_BI
|
|
||||||
if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
- while (1) {
|
|
||||||
- status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read);
|
|
||||||
+ while ((off + INTEGRITY_BUF_SIZE) <= paddr) {
|
|
||||||
+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
|
|
||||||
if (status != 1)
|
|
||||||
break;
|
|
||||||
if (!EVP_MAC_update(ctx, buf, bytes_read))
|
|
||||||
goto err;
|
|
||||||
+ off += bytes_read;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ if (off + INTEGRITY_BUF_SIZE > paddr) {
|
|
||||||
+ int delta = paddr - off;
|
|
||||||
+ status = read_ex_cb(bio, buf, delta, &bytes_read);
|
|
||||||
+ if (status != 1)
|
|
||||||
+ goto err;
|
|
||||||
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
|
|
||||||
+ goto err;
|
|
||||||
+ off += bytes_read;
|
|
||||||
+
|
|
||||||
+ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read);
|
|
||||||
+ memset(buf, 0, HMAC_LEN);
|
|
||||||
+ if (status != 1)
|
|
||||||
+ goto err;
|
|
||||||
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
|
|
||||||
+ goto err;
|
|
||||||
+ off += bytes_read;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ while (bytes_read > 0) {
|
|
||||||
+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
|
|
||||||
+ if (status != 1)
|
|
||||||
+ break;
|
|
||||||
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
|
|
||||||
+ goto err;
|
|
||||||
+ off += bytes_read;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
@@ -285,8 +342,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
|
||||||
CRYPTO_THREAD_unlock(fips_state_lock);
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (st == NULL
|
|
||||||
- || st->module_checksum_data == NULL) {
|
|
||||||
+ if (st == NULL) {
|
|
||||||
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
@@ -305,8 +361,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
|
||||||
if (ev == NULL)
|
|
||||||
goto end;
|
|
||||||
|
|
||||||
- module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data,
|
|
||||||
- &checksum_len);
|
|
||||||
+ module_checksum = fips_hmac_container;
|
|
||||||
+ checksum_len = sizeof(fips_hmac_container);
|
|
||||||
+
|
|
||||||
if (module_checksum == NULL) {
|
|
||||||
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
|
|
||||||
goto end;
|
|
||||||
@@ -356,7 +413,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
|
||||||
ok = 1;
|
|
||||||
end:
|
|
||||||
OSSL_SELF_TEST_free(ev);
|
|
||||||
- OPENSSL_free(module_checksum);
|
|
||||||
OPENSSL_free(indicator_checksum);
|
|
||||||
|
|
||||||
if (st != NULL) {
|
|
||||||
diff -ruN openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t
|
|
||||||
--- openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200
|
|
||||||
+++ openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t 2021-11-18 09:39:53.386817874 +0100
|
|
||||||
@@ -20,7 +20,7 @@
|
|
||||||
use lib bldtop_dir('.');
|
|
||||||
use platform;
|
|
||||||
|
|
||||||
-my $no_check = disabled("fips");
|
|
||||||
+my $no_check = 1;
|
|
||||||
plan skip_all => "FIPS module config file only supported in a fips build"
|
|
||||||
if $no_check;
|
|
||||||
|
|
||||||
diff -ruN openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t
|
|
||||||
--- openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200
|
|
||||||
+++ openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t 2021-11-18 09:59:02.315619486 +0100
|
|
||||||
@@ -23,7 +23,7 @@
|
|
||||||
use lib bldtop_dir('.');
|
|
||||||
use platform;
|
|
||||||
|
|
||||||
-my $no_check = disabled("fips");
|
|
||||||
+my $no_check = 1;
|
|
||||||
plan skip_all => "Test only supported in a fips build"
|
|
||||||
if $no_check;
|
|
||||||
plan tests => 1;
|
|
||||||
diff -ruN openssl-3.0.0/test/recipes/03-test_fipsinstall.t openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t
|
|
||||||
--- openssl-3.0.0/test/recipes/03-test_fipsinstall.t 2021-09-07 13:46:32.000000000 +0200
|
|
||||||
+++ openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t 2021-11-18 09:59:55.365072074 +0100
|
|
||||||
@@ -22,7 +22,7 @@
|
|
||||||
use lib bldtop_dir('.');
|
|
||||||
use platform;
|
|
||||||
|
|
||||||
-plan skip_all => "Test only supported in a fips build" if disabled("fips");
|
|
||||||
+plan skip_all => "Test only supported in a fips build" if 1;
|
|
||||||
|
|
||||||
plan tests => 29;
|
|
||||||
|
|
||||||
diff -ruN openssl-3.0.0/test/recipes/30-test_defltfips.t openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t
|
|
||||||
--- openssl-3.0.0/test/recipes/30-test_defltfips.t 2021-09-07 13:46:32.000000000 +0200
|
|
||||||
+++ openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t 2021-11-18 10:22:54.179659682 +0100
|
|
||||||
@@ -21,7 +21,7 @@
|
|
||||||
use lib srctop_dir('Configurations');
|
|
||||||
use lib bldtop_dir('.');
|
|
||||||
|
|
||||||
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
|
||||||
+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
|
|
||||||
|
|
||||||
plan tests =>
|
|
||||||
($no_fips ? 1 : 5);
|
|
||||||
diff -ruN openssl-3.0.0/test/recipes/80-test_ssl_new.t openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t
|
|
||||||
--- openssl-3.0.0/test/recipes/80-test_ssl_new.t 2021-09-07 13:46:32.000000000 +0200
|
|
||||||
+++ openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t 2021-11-18 10:18:53.391721164 +0100
|
|
||||||
@@ -23,7 +23,7 @@
|
|
||||||
use lib srctop_dir('Configurations');
|
|
||||||
use lib bldtop_dir('.');
|
|
||||||
|
|
||||||
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
|
||||||
+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
|
|
||||||
|
|
||||||
$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
|
|
||||||
|
|
||||||
diff -ruN openssl-3.0.0/test/recipes/90-test_sslapi.t openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t
|
|
||||||
--- openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-11-18 10:32:17.734196705 +0100
|
|
||||||
+++ openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t 2021-11-18 10:18:30.695538445 +0100
|
|
||||||
@@ -18,7 +18,7 @@
|
|
||||||
use lib srctop_dir('Configurations');
|
|
||||||
use lib bldtop_dir('.');
|
|
||||||
|
|
||||||
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
|
||||||
+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
|
|
||||||
|
|
||||||
plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
|
|
||||||
if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
|
|
||||||
--- /dev/null 2021-11-16 15:27:32.915000000 +0100
|
|
||||||
+++ openssl-3.0.0/test/fipsmodule.cnf 2021-11-18 11:15:34.538060408 +0100
|
|
||||||
@@ -0,0 +1,2 @@
|
|
||||||
+[fips_sect]
|
|
||||||
+activate = 1
|
|
@ -1,406 +0,0 @@
|
|||||||
diff -up openssl-3.0.0/apps/fipsinstall.c.xxx openssl-3.0.0/apps/fipsinstall.c
|
|
||||||
--- openssl-3.0.0/apps/fipsinstall.c.xxx 2021-11-22 13:09:28.232560235 +0100
|
|
||||||
+++ openssl-3.0.0/apps/fipsinstall.c 2021-11-22 13:12:22.272058910 +0100
|
|
||||||
@@ -311,6 +311,9 @@ int fipsinstall_main(int argc, char **ar
|
|
||||||
EVP_MAC *mac = NULL;
|
|
||||||
CONF *conf = NULL;
|
|
||||||
|
|
||||||
+ BIO_printf(bio_err, "This command is not enabled in the Red Hat Enterprise Linux OpenSSL build, please consult Red Hat documentation to learn how to enable FIPS mode\n");
|
|
||||||
+ return 1;
|
|
||||||
+
|
|
||||||
if ((opts = sk_OPENSSL_STRING_new_null()) == NULL)
|
|
||||||
goto end;
|
|
||||||
|
|
||||||
diff -up openssl-3.0.0/doc/man1/openssl.pod.xxx openssl-3.0.0/doc/man1/openssl.pod
|
|
||||||
--- openssl-3.0.0/doc/man1/openssl.pod.xxx 2021-11-22 13:18:51.081406990 +0100
|
|
||||||
+++ openssl-3.0.0/doc/man1/openssl.pod 2021-11-22 13:19:02.897508738 +0100
|
|
||||||
@@ -158,10 +158,6 @@ Engine (loadable module) information and
|
|
||||||
|
|
||||||
Error Number to Error String Conversion.
|
|
||||||
|
|
||||||
-=item B<fipsinstall>
|
|
||||||
-
|
|
||||||
-FIPS configuration installation.
|
|
||||||
-
|
|
||||||
=item B<gendsa>
|
|
||||||
|
|
||||||
Generation of DSA Private Key from Parameters. Superseded by
|
|
||||||
diff -up openssl-3.0.0/doc/man5/config.pod.xxx openssl-3.0.0/doc/man5/config.pod
|
|
||||||
--- openssl-3.0.0/doc/man5/config.pod.xxx 2021-11-22 13:24:51.359509501 +0100
|
|
||||||
+++ openssl-3.0.0/doc/man5/config.pod 2021-11-22 13:26:02.360121820 +0100
|
|
||||||
@@ -573,7 +573,6 @@ configuration files using that syntax wi
|
|
||||||
=head1 SEE ALSO
|
|
||||||
|
|
||||||
L<openssl-x509(1)>, L<openssl-req(1)>, L<openssl-ca(1)>,
|
|
||||||
-L<openssl-fipsinstall(1)>,
|
|
||||||
L<ASN1_generate_nconf(3)>,
|
|
||||||
L<EVP_set_default_properties(3)>,
|
|
||||||
L<CONF_modules_load(3)>,
|
|
||||||
diff -up openssl-3.0.0/doc/man5/fips_config.pod.xxx openssl-3.0.0/doc/man5/fips_config.pod
|
|
||||||
--- openssl-3.0.0/doc/man5/fips_config.pod.xxx 2021-11-22 13:21:13.812636065 +0100
|
|
||||||
+++ openssl-3.0.0/doc/man5/fips_config.pod 2021-11-22 13:24:12.278172847 +0100
|
|
||||||
@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration
|
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
|
||||||
|
|
||||||
-A separate configuration file, using the OpenSSL L<config(5)> syntax,
|
|
||||||
-is used to hold information about the FIPS module. This includes a digest
|
|
||||||
-of the shared library file, and status about the self-testing.
|
|
||||||
-This data is used automatically by the module itself for two
|
|
||||||
-purposes:
|
|
||||||
-
|
|
||||||
-=over 4
|
|
||||||
-
|
|
||||||
-=item - Run the startup FIPS self-test known answer tests (KATS).
|
|
||||||
-
|
|
||||||
-This is normally done once, at installation time, but may also be set up to
|
|
||||||
-run each time the module is used.
|
|
||||||
-
|
|
||||||
-=item - Verify the module's checksum.
|
|
||||||
-
|
|
||||||
-This is done each time the module is used.
|
|
||||||
-
|
|
||||||
-=back
|
|
||||||
-
|
|
||||||
-This file is generated by the L<openssl-fipsinstall(1)> program, and
|
|
||||||
-used internally by the FIPS module during its initialization.
|
|
||||||
-
|
|
||||||
-The following options are supported. They should all appear in a section
|
|
||||||
-whose name is identified by the B<fips> option in the B<providers>
|
|
||||||
-section, as described in L<config(5)/Provider Configuration Module>.
|
|
||||||
-
|
|
||||||
-=over 4
|
|
||||||
-
|
|
||||||
-=item B<activate>
|
|
||||||
-
|
|
||||||
-If present, the module is activated. The value assigned to this name is not
|
|
||||||
-significant.
|
|
||||||
-
|
|
||||||
-=item B<install-version>
|
|
||||||
-
|
|
||||||
-A version number for the fips install process. Should be 1.
|
|
||||||
-
|
|
||||||
-=item B<conditional-errors>
|
|
||||||
-
|
|
||||||
-The FIPS module normally enters an internal error mode if any self test fails.
|
|
||||||
-Once this error mode is active, no services or cryptographic algorithms are
|
|
||||||
-accessible from this point on.
|
|
||||||
-Continuous tests are a subset of the self tests (e.g., a key pair test during key
|
|
||||||
-generation, or the CRNG output test).
|
|
||||||
-Setting this value to C<0> allows the error mode to not be triggered if any
|
|
||||||
-continuous test fails. The default value of C<1> will trigger the error mode.
|
|
||||||
-Regardless of the value, the operation (e.g., key generation) that called the
|
|
||||||
-continuous test will return an error code if its continuous test fails. The
|
|
||||||
-operation may then be retried if the error mode has not been triggered.
|
|
||||||
-
|
|
||||||
-=item B<security-checks>
|
|
||||||
-
|
|
||||||
-This indicates if run-time checks related to enforcement of security parameters
|
|
||||||
-such as minimum security strength of keys and approved curve names are used.
|
|
||||||
-A value of '1' will perform the checks, otherwise if the value is '0' the checks
|
|
||||||
-are not performed and FIPS compliance must be done by procedures documented in
|
|
||||||
-the relevant Security Policy.
|
|
||||||
-
|
|
||||||
-=item B<module-mac>
|
|
||||||
-
|
|
||||||
-The calculated MAC of the FIPS provider file.
|
|
||||||
-
|
|
||||||
-=item B<install-status>
|
|
||||||
-
|
|
||||||
-An indicator that the self-tests were successfully run.
|
|
||||||
-This should only be written after the module has
|
|
||||||
-successfully passed its self tests during installation.
|
|
||||||
-If this field is not present, then the self tests will run when the module
|
|
||||||
-loads.
|
|
||||||
-
|
|
||||||
-=item B<install-mac>
|
|
||||||
-
|
|
||||||
-A MAC of the value of the B<install-status> option, to prevent accidental
|
|
||||||
-changes to that value.
|
|
||||||
-It is written-to at the same time as B<install-status> is updated.
|
|
||||||
-
|
|
||||||
-=back
|
|
||||||
-
|
|
||||||
-For example:
|
|
||||||
-
|
|
||||||
- [fips_sect]
|
|
||||||
- activate = 1
|
|
||||||
- install-version = 1
|
|
||||||
- conditional-errors = 1
|
|
||||||
- security-checks = 1
|
|
||||||
- module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
|
|
||||||
- install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
|
|
||||||
- install-status = INSTALL_SELF_TEST_KATS_RUN
|
|
||||||
-
|
|
||||||
-=head1 NOTES
|
|
||||||
-
|
|
||||||
-When using the FIPS provider, it is recommended that the
|
|
||||||
-B<config_diagnostics> option is enabled to prevent accidental use of
|
|
||||||
-non-FIPS validated algorithms via broken or mistaken configuration.
|
|
||||||
-See L<config(5)>.
|
|
||||||
-
|
|
||||||
-=head1 SEE ALSO
|
|
||||||
-
|
|
||||||
-L<config(5)>
|
|
||||||
-L<openssl-fipsinstall(1)>
|
|
||||||
+This command is disabled in Red Hat Enterprise Linux. The FIPS provider is
|
|
||||||
+automatically loaded when the system is booted in FIPS mode, or when the
|
|
||||||
+environment variable B<OPENSSL_FORCE_FIPS_MODE> is set. See the documentation
|
|
||||||
+for more information.
|
|
||||||
|
|
||||||
=head1 HISTORY
|
|
||||||
|
|
||||||
diff -up openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod
|
|
||||||
--- openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx 2021-11-22 13:18:13.850086386 +0100
|
|
||||||
+++ openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod 2021-11-22 13:18:24.607179038 +0100
|
|
||||||
@@ -388,7 +388,6 @@ A simple self test callback is shown bel
|
|
||||||
|
|
||||||
=head1 SEE ALSO
|
|
||||||
|
|
||||||
-L<openssl-fipsinstall(1)>,
|
|
||||||
L<fips_config(5)>,
|
|
||||||
L<OSSL_SELF_TEST_set_callback(3)>,
|
|
||||||
L<OSSL_SELF_TEST_new(3)>,
|
|
||||||
diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in
|
|
||||||
--- openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac 2022-01-11 13:26:33.279906225 +0100
|
|
||||||
+++ openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in 2022-01-11 13:33:18.757994419 +0100
|
|
||||||
@@ -8,236 +8,11 @@ openssl-fipsinstall - perform FIPS confi
|
|
||||||
=head1 SYNOPSIS
|
|
||||||
|
|
||||||
B<openssl fipsinstall>
|
|
||||||
-[B<-help>]
|
|
||||||
-[B<-in> I<configfilename>]
|
|
||||||
-[B<-out> I<configfilename>]
|
|
||||||
-[B<-module> I<modulefilename>]
|
|
||||||
-[B<-provider_name> I<providername>]
|
|
||||||
-[B<-section_name> I<sectionname>]
|
|
||||||
-[B<-verify>]
|
|
||||||
-[B<-mac_name> I<macname>]
|
|
||||||
-[B<-macopt> I<nm>:I<v>]
|
|
||||||
-[B<-noout>]
|
|
||||||
-[B<-quiet>]
|
|
||||||
-[B<-no_conditional_errors>]
|
|
||||||
-[B<-no_security_checks>]
|
|
||||||
-[B<-self_test_onload>]
|
|
||||||
-[B<-corrupt_desc> I<selftest_description>]
|
|
||||||
-[B<-corrupt_type> I<selftest_type>]
|
|
||||||
-[B<-config> I<parent_config>]
|
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
|
||||||
-
|
|
||||||
-This command is used to generate a FIPS module configuration file.
|
|
||||||
-This configuration file can be used each time a FIPS module is loaded
|
|
||||||
-in order to pass data to the FIPS module self tests. The FIPS module always
|
|
||||||
-verifies its MAC, but optionally only needs to run the KAT's once,
|
|
||||||
-at installation.
|
|
||||||
-
|
|
||||||
-The generated configuration file consists of:
|
|
||||||
-
|
|
||||||
-=over 4
|
|
||||||
-
|
|
||||||
-=item - A MAC of the FIPS module file.
|
|
||||||
-
|
|
||||||
-=item - A test status indicator.
|
|
||||||
-
|
|
||||||
-This indicates if the Known Answer Self Tests (KAT's) have successfully run.
|
|
||||||
-
|
|
||||||
-=item - A MAC of the status indicator.
|
|
||||||
-
|
|
||||||
-=item - A control for conditional self tests errors.
|
|
||||||
-
|
|
||||||
-By default if a continuous test (e.g a key pair test) fails then the FIPS module
|
|
||||||
-will enter an error state, and no services or cryptographic algorithms will be
|
|
||||||
-able to be accessed after this point.
|
|
||||||
-The default value of '1' will cause the fips module error state to be entered.
|
|
||||||
-If the value is '0' then the module error state will not be entered.
|
|
||||||
-Regardless of whether the error state is entered or not, the current operation
|
|
||||||
-(e.g. key generation) will return an error. The user is responsible for retrying
|
|
||||||
-the operation if the module error state is not entered.
|
|
||||||
-
|
|
||||||
-=item - A control to indicate whether run-time security checks are done.
|
|
||||||
-
|
|
||||||
-This indicates if run-time checks related to enforcement of security parameters
|
|
||||||
-such as minimum security strength of keys and approved curve names are used.
|
|
||||||
-The default value of '1' will perform the checks.
|
|
||||||
-If the value is '0' the checks are not performed and FIPS compliance must
|
|
||||||
-be done by procedures documented in the relevant Security Policy.
|
|
||||||
-
|
|
||||||
-=back
|
|
||||||
-
|
|
||||||
-This file is described in L<fips_config(5)>.
|
|
||||||
-
|
|
||||||
-=head1 OPTIONS
|
|
||||||
-
|
|
||||||
-=over 4
|
|
||||||
-
|
|
||||||
-=item B<-help>
|
|
||||||
-
|
|
||||||
-Print a usage message.
|
|
||||||
-
|
|
||||||
-=item B<-module> I<filename>
|
|
||||||
-
|
|
||||||
-Filename of the FIPS module to perform an integrity check on.
|
|
||||||
-The path provided in the filename is used to load the module when it is
|
|
||||||
-activated, and this overrides the environment variable B<OPENSSL_MODULES>.
|
|
||||||
-
|
|
||||||
-=item B<-out> I<configfilename>
|
|
||||||
-
|
|
||||||
-Filename to output the configuration data to; the default is standard output.
|
|
||||||
-
|
|
||||||
-=item B<-in> I<configfilename>
|
|
||||||
-
|
|
||||||
-Input filename to load configuration data from.
|
|
||||||
-Must be used if the B<-verify> option is specified.
|
|
||||||
-
|
|
||||||
-=item B<-verify>
|
|
||||||
-
|
|
||||||
-Verify that the input configuration file contains the correct information.
|
|
||||||
-
|
|
||||||
-=item B<-provider_name> I<providername>
|
|
||||||
-
|
|
||||||
-Name of the provider inside the configuration file.
|
|
||||||
-The default value is C<fips>.
|
|
||||||
-
|
|
||||||
-=item B<-section_name> I<sectionname>
|
|
||||||
-
|
|
||||||
-Name of the section inside the configuration file.
|
|
||||||
-The default value is C<fips_sect>.
|
|
||||||
-
|
|
||||||
-=item B<-mac_name> I<name>
|
|
||||||
-
|
|
||||||
-Specifies the name of a supported MAC algorithm which will be used.
|
|
||||||
-The MAC mechanisms that are available will depend on the options
|
|
||||||
-used when building OpenSSL.
|
|
||||||
-To see the list of supported MAC's use the command
|
|
||||||
-C<openssl list -mac-algorithms>. The default is B<HMAC>.
|
|
||||||
-
|
|
||||||
-=item B<-macopt> I<nm>:I<v>
|
|
||||||
-
|
|
||||||
-Passes options to the MAC algorithm.
|
|
||||||
-A comprehensive list of controls can be found in the EVP_MAC implementation
|
|
||||||
-documentation.
|
|
||||||
-Common control strings used for this command are:
|
|
||||||
-
|
|
||||||
-=over 4
|
|
||||||
-
|
|
||||||
-=item B<key>:I<string>
|
|
||||||
-
|
|
||||||
-Specifies the MAC key as an alphanumeric string (use if the key contains
|
|
||||||
-printable characters only).
|
|
||||||
-The string length must conform to any restrictions of the MAC algorithm.
|
|
||||||
-A key must be specified for every MAC algorithm.
|
|
||||||
-If no key is provided, the default that was specified when OpenSSL was
|
|
||||||
-configured is used.
|
|
||||||
-
|
|
||||||
-=item B<hexkey>:I<string>
|
|
||||||
-
|
|
||||||
-Specifies the MAC key in hexadecimal form (two hex digits per byte).
|
|
||||||
-The key length must conform to any restrictions of the MAC algorithm.
|
|
||||||
-A key must be specified for every MAC algorithm.
|
|
||||||
-If no key is provided, the default that was specified when OpenSSL was
|
|
||||||
-configured is used.
|
|
||||||
-
|
|
||||||
-=item B<digest>:I<string>
|
|
||||||
-
|
|
||||||
-Used by HMAC as an alphanumeric string (use if the key contains printable
|
|
||||||
-characters only).
|
|
||||||
-The string length must conform to any restrictions of the MAC algorithm.
|
|
||||||
-To see the list of supported digests, use the command
|
|
||||||
-C<openssl list -digest-commands>.
|
|
||||||
-The default digest is SHA-256.
|
|
||||||
-
|
|
||||||
-=back
|
|
||||||
-
|
|
||||||
-=item B<-noout>
|
|
||||||
-
|
|
||||||
-Disable logging of the self tests.
|
|
||||||
-
|
|
||||||
-=item B<-no_conditional_errors>
|
|
||||||
-
|
|
||||||
-Configure the module to not enter an error state if a conditional self test
|
|
||||||
-fails as described above.
|
|
||||||
-
|
|
||||||
-=item B<-no_security_checks>
|
|
||||||
-
|
|
||||||
-Configure the module to not perform run-time security checks as described above.
|
|
||||||
-
|
|
||||||
-=item B<-self_test_onload>
|
|
||||||
-
|
|
||||||
-Do not write the two fields related to the "test status indicator" and
|
|
||||||
-"MAC status indicator" to the output configuration file. Without these fields
|
|
||||||
-the self tests KATS will run each time the module is loaded. This option could be
|
|
||||||
-used for cross compiling, since the self tests need to run at least once on each
|
|
||||||
-target machine. Once the self tests have run on the target machine the user
|
|
||||||
-could possibly then add the 2 fields into the configuration using some other
|
|
||||||
-mechanism.
|
|
||||||
-
|
|
||||||
-=item B<-quiet>
|
|
||||||
-
|
|
||||||
-Do not output pass/fail messages. Implies B<-noout>.
|
|
||||||
-
|
|
||||||
-=item B<-corrupt_desc> I<selftest_description>,
|
|
||||||
-B<-corrupt_type> I<selftest_type>
|
|
||||||
-
|
|
||||||
-The corrupt options can be used to test failure of one or more self tests by
|
|
||||||
-name.
|
|
||||||
-Either option or both may be used to select the tests to corrupt.
|
|
||||||
-Refer to the entries for B<st-desc> and B<st-type> in L<OSSL_PROVIDER-FIPS(7)> for
|
|
||||||
-values that can be used.
|
|
||||||
-
|
|
||||||
-=item B<-config> I<parent_config>
|
|
||||||
-
|
|
||||||
-Test that a FIPS provider can be loaded from the specified configuration file.
|
|
||||||
-A previous call to this application needs to generate the extra configuration
|
|
||||||
-data that is included by the base C<parent_config> configuration file.
|
|
||||||
-See L<config(5)> for further information on how to set up a provider section.
|
|
||||||
-All other options are ignored if '-config' is used.
|
|
||||||
-
|
|
||||||
-=back
|
|
||||||
-
|
|
||||||
-=head1 NOTES
|
|
||||||
-
|
|
||||||
-Self tests results are logged by default if the options B<-quiet> and B<-noout>
|
|
||||||
-are not specified, or if either of the options B<-corrupt_desc> or
|
|
||||||
-B<-corrupt_type> are used.
|
|
||||||
-If the base configuration file is set up to autoload the fips module, then the
|
|
||||||
-fips module will be loaded and self tested BEFORE the fipsinstall application
|
|
||||||
-has a chance to set up its own self test callback. As a result of this the self
|
|
||||||
-test output and the options B<-corrupt_desc> and B<-corrupt_type> will be ignored.
|
|
||||||
-For normal usage the base configuration file should use the default provider
|
|
||||||
-when generating the fips configuration file.
|
|
||||||
-
|
|
||||||
-=head1 EXAMPLES
|
|
||||||
-
|
|
||||||
-Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test
|
|
||||||
-for the module, and save the F<fips.cnf> configuration file:
|
|
||||||
-
|
|
||||||
- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips
|
|
||||||
-
|
|
||||||
-Verify that the configuration file F<fips.cnf> contains the correct info:
|
|
||||||
-
|
|
||||||
- openssl fipsinstall -module ./fips.so -in fips.cnf -provider_name fips -verify
|
|
||||||
-
|
|
||||||
-Corrupt any self tests which have the description C<SHA1>:
|
|
||||||
-
|
|
||||||
- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \
|
|
||||||
- -corrupt_desc 'SHA1'
|
|
||||||
-
|
|
||||||
-Validate that the fips module can be loaded from a base configuration file:
|
|
||||||
-
|
|
||||||
- export OPENSSL_CONF_INCLUDE=<path of configuration files>
|
|
||||||
- export OPENSSL_MODULES=<provider-path>
|
|
||||||
- openssl fipsinstall -config' 'default.cnf'
|
|
||||||
-
|
|
||||||
-
|
|
||||||
-=head1 SEE ALSO
|
|
||||||
-
|
|
||||||
-L<config(5)>,
|
|
||||||
-L<fips_config(5)>,
|
|
||||||
-L<OSSL_PROVIDER-FIPS(7)>,
|
|
||||||
-L<EVP_MAC(3)>
|
|
||||||
+This command is disabled.
|
|
||||||
+Please consult Red Hat Enterprise Linux documentation to learn how to correctly
|
|
||||||
+enable FIPS mode on Red Hat Enterprise
|
|
||||||
|
|
||||||
=head1 COPYRIGHT
|
|
||||||
|
|
@ -1,13 +0,0 @@
|
|||||||
diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c
|
|
||||||
--- openssl-3.0.0/apps/speed.c.beldmit 2021-12-21 15:14:04.210431584 +0100
|
|
||||||
+++ openssl-3.0.0/apps/speed.c 2021-12-21 15:46:05.554085125 +0100
|
|
||||||
@@ -547,6 +547,9 @@ static int EVP_MAC_loop(int algindex, vo
|
|
||||||
for (count = 0; COND(c[algindex][testnum]); count++) {
|
|
||||||
size_t outl;
|
|
||||||
|
|
||||||
+ if (mctx == NULL)
|
|
||||||
+ return -1;
|
|
||||||
+
|
|
||||||
if (!EVP_MAC_init(mctx, NULL, 0, NULL)
|
|
||||||
|| !EVP_MAC_update(mctx, buf, lengths[testnum])
|
|
||||||
|| !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
|
|
@ -1,187 +0,0 @@
|
|||||||
diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c
|
|
||||||
--- openssl-3.0.1/crypto/dh/dh_key.c.fips3 2022-07-18 16:01:41.159543735 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/dh/dh_key.c 2022-07-18 16:24:30.251388248 +0200
|
|
||||||
@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *k
|
|
||||||
BN_MONT_CTX *mont = NULL;
|
|
||||||
BIGNUM *z = NULL, *pminus1;
|
|
||||||
int ret = -1;
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ int validate = 0;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
|
||||||
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
|
|
||||||
@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *k
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) {
|
|
||||||
+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
ctx = BN_CTX_new_ex(dh->libctx);
|
|
||||||
if (ctx == NULL)
|
|
||||||
goto err;
|
|
||||||
@@ -262,6 +272,9 @@ static int generate_key(DH *dh)
|
|
||||||
#endif
|
|
||||||
BN_CTX *ctx = NULL;
|
|
||||||
BIGNUM *pub_key = NULL, *priv_key = NULL;
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ int validate = 0;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
|
||||||
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
|
|
||||||
@@ -354,8 +367,23 @@ static int generate_key(DH *dh)
|
|
||||||
if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key))
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) {
|
|
||||||
+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
|
|
||||||
+ goto err;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
dh->pub_key = pub_key;
|
|
||||||
dh->priv_key = priv_key;
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ if (ossl_dh_check_pairwise(dh) <= 0) {
|
|
||||||
+ dh->pub_key = dh->priv_key = NULL;
|
|
||||||
+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
|
|
||||||
+ goto err;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
dh->dirty_cnt++;
|
|
||||||
ok = 1;
|
|
||||||
err:
|
|
||||||
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c
|
|
||||||
diff -up openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c
|
|
||||||
--- openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 2022-07-25 13:42:46.814952053 +0200
|
|
||||||
+++ openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c 2022-07-25 13:52:12.292065706 +0200
|
|
||||||
@@ -488,6 +488,25 @@ int ecdh_plain_derive(void *vpecdhctx, u
|
|
||||||
}
|
|
||||||
|
|
||||||
ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk);
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ {
|
|
||||||
+ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk));
|
|
||||||
+ int check = 0;
|
|
||||||
+
|
|
||||||
+ if (bn_ctx == NULL) {
|
|
||||||
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
|
|
||||||
+ goto end;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx);
|
|
||||||
+ BN_CTX_free(bn_ctx);
|
|
||||||
+
|
|
||||||
+ if (check <= 0) {
|
|
||||||
+ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY);
|
|
||||||
+ goto end;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
|
|
||||||
|
|
||||||
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c
|
|
||||||
--- openssl-3.0.1/crypto/ec/ec_key.c.fips3 2022-07-25 14:03:34.420222507 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/ec/ec_key.c 2022-07-25 14:09:00.728164294 +0200
|
|
||||||
@@ -336,6 +336,11 @@ static int ec_generate_key(EC_KEY *eckey
|
|
||||||
|
|
||||||
OSSL_SELF_TEST_get_callback(eckey->libctx, &cb, &cbarg);
|
|
||||||
ok = ecdsa_keygen_pairwise_test(eckey, cb, cbarg);
|
|
||||||
+
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ ok &= ossl_ec_key_public_check(eckey, ctx);
|
|
||||||
+ ok &= ossl_ec_key_pairwise_check(eckey, ctx);
|
|
||||||
+#endif /* FIPS_MODULE */
|
|
||||||
}
|
|
||||||
err:
|
|
||||||
/* Step (9): If there is an error return an invalid keypair. */
|
|
||||||
diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_gen.c
|
|
||||||
--- openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 2022-07-25 17:02:17.807271297 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/rsa/rsa_gen.c 2022-07-25 17:18:24.931959649 +0200
|
|
||||||
@@ -23,6 +23,7 @@
|
|
||||||
#include <time.h>
|
|
||||||
#include "internal/cryptlib.h"
|
|
||||||
#include <openssl/bn.h>
|
|
||||||
+#include <openssl/obj_mac.h>
|
|
||||||
#include <openssl/self_test.h>
|
|
||||||
#include "prov/providercommon.h"
|
|
||||||
#include "rsa_local.h"
|
|
||||||
@@ -476,52 +476,43 @@ static int rsa_keygen(OSSL_LIB_CTX *libc
|
|
||||||
static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg)
|
|
||||||
{
|
|
||||||
int ret = 0;
|
|
||||||
- unsigned int ciphertxt_len;
|
|
||||||
- unsigned char *ciphertxt = NULL;
|
|
||||||
- const unsigned char plaintxt[16] = {0};
|
|
||||||
- unsigned char *decoded = NULL;
|
|
||||||
- unsigned int decoded_len;
|
|
||||||
- unsigned int plaintxt_len = (unsigned int)sizeof(plaintxt_len);
|
|
||||||
- int padding = RSA_PKCS1_PADDING;
|
|
||||||
+ unsigned int signature_len;
|
|
||||||
+ unsigned char *signature = NULL;
|
|
||||||
OSSL_SELF_TEST *st = NULL;
|
|
||||||
+ static const unsigned char dgst[] = {
|
|
||||||
+ 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
|
|
||||||
+ 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
|
|
||||||
+ 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
|
|
||||||
+ };
|
|
||||||
|
|
||||||
st = OSSL_SELF_TEST_new(cb, cbarg);
|
|
||||||
if (st == NULL)
|
|
||||||
goto err;
|
|
||||||
OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT,
|
|
||||||
+ /* No special name for RSA signature PCT*/
|
|
||||||
OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1);
|
|
||||||
|
|
||||||
- ciphertxt_len = RSA_size(rsa);
|
|
||||||
+ signature_len = RSA_size(rsa);
|
|
||||||
- /*
|
|
||||||
- * RSA_private_encrypt() and RSA_private_decrypt() requires the 'to'
|
|
||||||
- * parameter to be a maximum of RSA_size() - allocate space for both.
|
|
||||||
- */
|
|
||||||
- ciphertxt = OPENSSL_zalloc(ciphertxt_len * 2);
|
|
||||||
- if (ciphertxt == NULL)
|
|
||||||
+ signature = OPENSSL_zalloc(signature_len);
|
|
||||||
+ if (signature == NULL)
|
|
||||||
goto err;
|
|
||||||
- decoded = ciphertxt + ciphertxt_len;
|
|
||||||
|
|
||||||
- ciphertxt_len = RSA_public_encrypt(plaintxt_len, plaintxt, ciphertxt, rsa,
|
|
||||||
- padding);
|
|
||||||
- if (ciphertxt_len <= 0)
|
|
||||||
+ if (RSA_sign(NID_sha256, dgst, sizeof(dgst), signature, &signature_len, rsa) <= 0)
|
|
||||||
goto err;
|
|
||||||
- if (ciphertxt_len == plaintxt_len
|
|
||||||
- && memcmp(ciphertxt, plaintxt, plaintxt_len) == 0)
|
|
||||||
+
|
|
||||||
+ if (signature_len <= 0)
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
- OSSL_SELF_TEST_oncorrupt_byte(st, ciphertxt);
|
|
||||||
+ OSSL_SELF_TEST_oncorrupt_byte(st, signature);
|
|
||||||
|
|
||||||
- decoded_len = RSA_private_decrypt(ciphertxt_len, ciphertxt, decoded, rsa,
|
|
||||||
- padding);
|
|
||||||
- if (decoded_len != plaintxt_len
|
|
||||||
- || memcmp(decoded, plaintxt, decoded_len) != 0)
|
|
||||||
+ if (RSA_verify(NID_sha256, dgst, sizeof(dgst), signature, signature_len, rsa) <= 0)
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
ret = 1;
|
|
||||||
err:
|
|
||||||
OSSL_SELF_TEST_onend(st, ret);
|
|
||||||
OSSL_SELF_TEST_free(st);
|
|
||||||
- OPENSSL_free(ciphertxt);
|
|
||||||
+ OPENSSL_free(signature);
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
@ -1,719 +0,0 @@
|
|||||||
diff -up openssl-3.0.1/providers/common/capabilities.c.fipsmin3 openssl-3.0.1/providers/common/capabilities.c
|
|
||||||
--- openssl-3.0.1/providers/common/capabilities.c.fipsmin3 2022-05-05 17:11:36.146638536 +0200
|
|
||||||
+++ openssl-3.0.1/providers/common/capabilities.c 2022-05-05 17:12:00.138848787 +0200
|
|
||||||
@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list
|
|
||||||
TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25),
|
|
||||||
TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26),
|
|
||||||
TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27),
|
|
||||||
-# endif
|
|
||||||
TLS_GROUP_ENTRY("x25519", "X25519", "X25519", 28),
|
|
||||||
TLS_GROUP_ENTRY("x448", "X448", "X448", 29),
|
|
||||||
+# endif
|
|
||||||
# endif /* OPENSSL_NO_EC */
|
|
||||||
# ifndef OPENSSL_NO_DH
|
|
||||||
/* Security bit values for FFDHE groups are as per RFC 7919 */
|
|
||||||
diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/providers/fips/fipsprov.c
|
|
||||||
--- openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 2022-05-05 11:42:58.596848856 +0200
|
|
||||||
+++ openssl-3.0.1/providers/fips/fipsprov.c 2022-05-05 11:55:42.997562712 +0200
|
|
||||||
@@ -54,7 +54,6 @@ static void fips_deinit_casecmp(void);
|
|
||||||
|
|
||||||
#define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK }
|
|
||||||
#define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
|
|
||||||
-
|
|
||||||
extern OSSL_FUNC_core_thread_start_fn *c_thread_start;
|
|
||||||
int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx);
|
|
||||||
|
|
||||||
@@ -191,13 +190,13 @@ static int fips_get_params(void *provctx
|
|
||||||
&fips_prov_ossl_ctx_method);
|
|
||||||
|
|
||||||
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
|
|
||||||
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
|
|
||||||
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "Red Hat Enterprise Linux 9 - OpenSSL FIPS Provider"))
|
|
||||||
return 0;
|
|
||||||
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
|
|
||||||
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
|
|
||||||
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION))
|
|
||||||
return 0;
|
|
||||||
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
|
|
||||||
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
|
|
||||||
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION))
|
|
||||||
return 0;
|
|
||||||
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS);
|
|
||||||
if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running()))
|
|
||||||
@@ -281,10 +280,11 @@ static const OSSL_ALGORITHM fips_digests
|
|
||||||
* KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
|
|
||||||
* KMAC128 and KMAC256.
|
|
||||||
*/
|
|
||||||
- { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES,
|
|
||||||
+ /* We don't certify KECCAK in our FIPS provider */
|
|
||||||
+ /* { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES,
|
|
||||||
ossl_keccak_kmac_128_functions },
|
|
||||||
{ PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES,
|
|
||||||
- ossl_keccak_kmac_256_functions },
|
|
||||||
+ ossl_keccak_kmac_256_functions }, */
|
|
||||||
{ NULL, NULL, NULL }
|
|
||||||
};
|
|
||||||
|
|
||||||
@@ -343,8 +343,9 @@ static const OSSL_ALGORITHM_CAPABLE fips
|
|
||||||
ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions,
|
|
||||||
ossl_cipher_capable_aes_cbc_hmac_sha256),
|
|
||||||
#ifndef OPENSSL_NO_DES
|
|
||||||
- ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
|
|
||||||
- ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions),
|
|
||||||
+ /* We don't certify 3DES in our FIPS provider */
|
|
||||||
+ /* ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
|
|
||||||
+ ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), */
|
|
||||||
#endif /* OPENSSL_NO_DES */
|
|
||||||
{ { NULL, NULL, NULL }, NULL }
|
|
||||||
};
|
|
||||||
@@ -356,8 +357,9 @@ static const OSSL_ALGORITHM fips_macs[]
|
|
||||||
#endif
|
|
||||||
{ PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions },
|
|
||||||
{ PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions },
|
|
||||||
- { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions },
|
|
||||||
- { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions },
|
|
||||||
+ /* We don't certify KMAC in our FIPS provider */
|
|
||||||
+ /*{ PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions },
|
|
||||||
+ { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, */
|
|
||||||
{ NULL, NULL, NULL }
|
|
||||||
};
|
|
||||||
|
|
||||||
@@ -392,8 +394,9 @@ static const OSSL_ALGORITHM fips_keyexch
|
|
||||||
#endif
|
|
||||||
#ifndef OPENSSL_NO_EC
|
|
||||||
{ PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions },
|
|
||||||
- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions },
|
|
||||||
- { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },
|
|
||||||
+ /* We don't certify Edwards curves in our FIPS provider */
|
|
||||||
+ /*{ PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions },
|
|
||||||
+ { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },*/
|
|
||||||
#endif
|
|
||||||
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES,
|
|
||||||
ossl_kdf_tls1_prf_keyexch_functions },
|
|
||||||
@@ -403,12 +406,14 @@ static const OSSL_ALGORITHM fips_keyexch
|
|
||||||
|
|
||||||
static const OSSL_ALGORITHM fips_signature[] = {
|
|
||||||
#ifndef OPENSSL_NO_DSA
|
|
||||||
- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },
|
|
||||||
+ /* We don't certify DSA in our FIPS provider */
|
|
||||||
+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, */
|
|
||||||
#endif
|
|
||||||
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions },
|
|
||||||
#ifndef OPENSSL_NO_EC
|
|
||||||
- { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions },
|
|
||||||
- { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions },
|
|
||||||
+ /* We don't certify Edwards curves in our FIPS provider */
|
|
||||||
+ /* { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions },
|
|
||||||
+ { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, */
|
|
||||||
{ PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions },
|
|
||||||
#endif
|
|
||||||
{ PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES,
|
|
||||||
@@ -438,8 +443,9 @@ static const OSSL_ALGORITHM fips_keymgmt
|
|
||||||
PROV_DESCS_DHX },
|
|
||||||
#endif
|
|
||||||
#ifndef OPENSSL_NO_DSA
|
|
||||||
- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions,
|
|
||||||
- PROV_DESCS_DSA },
|
|
||||||
+ /* We don't certify DSA in our FIPS provider */
|
|
||||||
+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions,
|
|
||||||
+ PROV_DESCS_DSA }, */
|
|
||||||
#endif
|
|
||||||
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions,
|
|
||||||
PROV_DESCS_RSA },
|
|
||||||
@@ -448,14 +454,15 @@ static const OSSL_ALGORITHM fips_keymgmt
|
|
||||||
#ifndef OPENSSL_NO_EC
|
|
||||||
{ PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions,
|
|
||||||
PROV_DESCS_EC },
|
|
||||||
- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions,
|
|
||||||
+ /* We don't certify Edwards curves in our FIPS provider */
|
|
||||||
+ /* { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions,
|
|
||||||
PROV_DESCS_X25519 },
|
|
||||||
{ PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions,
|
|
||||||
PROV_DESCS_X448 },
|
|
||||||
{ PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions,
|
|
||||||
PROV_DESCS_ED25519 },
|
|
||||||
{ PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions,
|
|
||||||
- PROV_DESCS_ED448 },
|
|
||||||
+ PROV_DESCS_ED448 }, */
|
|
||||||
#endif
|
|
||||||
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions,
|
|
||||||
PROV_DESCS_TLS1_PRF_SIGN },
|
|
||||||
diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/providers/fips/self_test_data.inc
|
|
||||||
--- openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 2022-05-05 12:36:32.335069046 +0200
|
|
||||||
+++ openssl-3.0.1/providers/fips/self_test_data.inc 2022-05-05 12:40:02.427966128 +0200
|
|
||||||
@@ -171,6 +171,7 @@ static const ST_KAT_DIGEST st_kat_digest
|
|
||||||
/*- CIPHER TEST DATA */
|
|
||||||
|
|
||||||
/* DES3 test data */
|
|
||||||
+#if 0
|
|
||||||
static const unsigned char des_ede3_cbc_pt[] = {
|
|
||||||
0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
|
|
||||||
0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
|
|
||||||
@@ -191,7 +192,7 @@ static const unsigned char des_ede3_cbc_
|
|
||||||
0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
|
|
||||||
0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7
|
|
||||||
};
|
|
||||||
-
|
|
||||||
+#endif
|
|
||||||
/* AES-256 GCM test data */
|
|
||||||
static const unsigned char aes_256_gcm_key[] = {
|
|
||||||
0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c,
|
|
||||||
@@ -235,6 +236,7 @@ static const unsigned char aes_128_ecb_c
|
|
||||||
};
|
|
||||||
|
|
||||||
static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
|
|
||||||
+#if 0
|
|
||||||
#ifndef OPENSSL_NO_DES
|
|
||||||
{
|
|
||||||
{
|
|
||||||
@@ -248,6 +250,7 @@ static const ST_KAT_CIPHER st_kat_cipher
|
|
||||||
ITM(des_ede3_cbc_iv),
|
|
||||||
},
|
|
||||||
#endif
|
|
||||||
+#endif
|
|
||||||
{
|
|
||||||
{
|
|
||||||
OSSL_SELF_TEST_DESC_CIPHER_AES_GCM,
|
|
||||||
@@ -1424,8 +1427,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[
|
|
||||||
# endif /* OPENSSL_NO_EC2M */
|
|
||||||
#endif /* OPENSSL_NO_EC */
|
|
||||||
|
|
||||||
-#ifndef OPENSSL_NO_DSA
|
|
||||||
/* dsa 2048 */
|
|
||||||
+#if 0
|
|
||||||
+#ifndef OPENSSL_NO_DSA
|
|
||||||
static const unsigned char dsa_p[] = {
|
|
||||||
0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23,
|
|
||||||
0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e,
|
|
||||||
@@ -1549,8 +1553,8 @@ static const ST_KAT_PARAM dsa_key[] = {
|
|
||||||
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dsa_priv),
|
|
||||||
ST_KAT_PARAM_END()
|
|
||||||
};
|
|
||||||
-#endif /* OPENSSL_NO_DSA */
|
|
||||||
-
|
|
||||||
+#endif
|
|
||||||
+#endif
|
|
||||||
static const ST_KAT_SIGN st_kat_sign_tests[] = {
|
|
||||||
{
|
|
||||||
OSSL_SELF_TEST_DESC_SIGN_RSA,
|
|
||||||
@@ -1583,6 +1587,7 @@ static const ST_KAT_SIGN st_kat_sign_tes
|
|
||||||
},
|
|
||||||
# endif
|
|
||||||
#endif /* OPENSSL_NO_EC */
|
|
||||||
+#if 0
|
|
||||||
#ifndef OPENSSL_NO_DSA
|
|
||||||
{
|
|
||||||
OSSL_SELF_TEST_DESC_SIGN_DSA,
|
|
||||||
@@ -1595,6 +1600,7 @@ static const ST_KAT_SIGN st_kat_sign_tes
|
|
||||||
*/
|
|
||||||
},
|
|
||||||
#endif /* OPENSSL_NO_DSA */
|
|
||||||
+#endif
|
|
||||||
};
|
|
||||||
|
|
||||||
static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = {
|
|
||||||
diff -up openssl-3.0.1/test/acvp_test.c.fipsmin2 openssl-3.0.1/test/acvp_test.c
|
|
||||||
--- openssl-3.0.1/test/acvp_test.c.fipsmin2 2022-05-05 11:42:58.597848865 +0200
|
|
||||||
+++ openssl-3.0.1/test/acvp_test.c 2022-05-05 11:43:30.141126336 +0200
|
|
||||||
@@ -1476,6 +1476,7 @@ int setup_tests(void)
|
|
||||||
OSSL_NELEM(dh_safe_prime_keyver_data));
|
|
||||||
#endif /* OPENSSL_NO_DH */
|
|
||||||
|
|
||||||
+#if 0 /* Red Hat FIPS provider doesn't have fips=yes property on DSA */
|
|
||||||
#ifndef OPENSSL_NO_DSA
|
|
||||||
ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
|
|
||||||
ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
|
|
||||||
@@ -1483,6 +1484,7 @@ int setup_tests(void)
|
|
||||||
ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
|
|
||||||
ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
|
|
||||||
#endif /* OPENSSL_NO_DSA */
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_EC
|
|
||||||
ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
|
|
||||||
diff -up openssl-3.0.1/test/evp_libctx_test.c.fipsmin3 openssl-3.0.1/test/evp_libctx_test.c
|
|
||||||
--- openssl-3.0.1/test/evp_libctx_test.c.fipsmin3 2022-05-05 14:18:46.370911817 +0200
|
|
||||||
+++ openssl-3.0.1/test/evp_libctx_test.c 2022-05-05 14:30:02.117911993 +0200
|
|
||||||
@@ -21,6 +21,7 @@
|
|
||||||
*/
|
|
||||||
#include "internal/deprecated.h"
|
|
||||||
#include <assert.h>
|
|
||||||
+#include <string.h>
|
|
||||||
#include <openssl/evp.h>
|
|
||||||
#include <openssl/provider.h>
|
|
||||||
#include <openssl/dsa.h>
|
|
||||||
@@ -725,8 +726,10 @@ int setup_tests(void)
|
|
||||||
if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
|
|
||||||
- ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
|
|
||||||
+ if (strcmp(prov_name, "fips") != 0) {
|
|
||||||
+ ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
|
|
||||||
+ }
|
|
||||||
#endif
|
|
||||||
#ifndef OPENSSL_NO_DH
|
|
||||||
ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
|
|
||||||
@@ -746,7 +750,9 @@ int setup_tests(void)
|
|
||||||
ADD_TEST(kem_invalid_keytype);
|
|
||||||
#endif
|
|
||||||
#ifndef OPENSSL_NO_DES
|
|
||||||
- ADD_TEST(test_cipher_tdes_randkey);
|
|
||||||
+ if (strcmp(prov_name, "fips") != 0) {
|
|
||||||
+ ADD_TEST(test_cipher_tdes_randkey);
|
|
||||||
+ }
|
|
||||||
#endif
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
diff -up openssl-3.0.1/test/recipes/15-test_gendsa.t.fipsmin3 openssl-3.0.1/test/recipes/15-test_gendsa.t
|
|
||||||
--- openssl-3.0.1/test/recipes/15-test_gendsa.t.fipsmin3 2022-05-05 13:46:00.631590335 +0200
|
|
||||||
+++ openssl-3.0.1/test/recipes/15-test_gendsa.t 2022-05-05 13:46:06.999644496 +0200
|
|
||||||
@@ -24,7 +24,7 @@ use lib bldtop_dir('.');
|
|
||||||
plan skip_all => "This test is unsupported in a no-dsa build"
|
|
||||||
if disabled("dsa");
|
|
||||||
|
|
||||||
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
|
||||||
+my $no_fips = 1;
|
|
||||||
|
|
||||||
plan tests =>
|
|
||||||
($no_fips ? 0 : 2) # FIPS related tests
|
|
||||||
diff -up openssl-3.0.1/test/recipes/20-test_cli_fips.t.fipsmin3 openssl-3.0.1/test/recipes/20-test_cli_fips.t
|
|
||||||
--- openssl-3.0.1/test/recipes/20-test_cli_fips.t.fipsmin3 2022-05-05 13:47:55.217564900 +0200
|
|
||||||
+++ openssl-3.0.1/test/recipes/20-test_cli_fips.t 2022-05-05 13:48:02.824629600 +0200
|
|
||||||
@@ -207,8 +207,7 @@ SKIP: {
|
|
||||||
}
|
|
||||||
|
|
||||||
SKIP : {
|
|
||||||
- skip "FIPS DSA tests because of no dsa in this build", 1
|
|
||||||
- if disabled("dsa");
|
|
||||||
+ skip "FIPS DSA tests because of no dsa in this build", 1;
|
|
||||||
|
|
||||||
subtest DSA => sub {
|
|
||||||
my $testtext_prefix = 'DSA';
|
|
||||||
diff -up openssl-3.0.1/test/recipes/80-test_cms.t.fipsmin3 openssl-3.0.1/test/recipes/80-test_cms.t
|
|
||||||
--- openssl-3.0.1/test/recipes/80-test_cms.t.fipsmin3 2022-05-05 13:55:05.257292637 +0200
|
|
||||||
+++ openssl-3.0.1/test/recipes/80-test_cms.t 2022-05-05 13:58:35.307150750 +0200
|
|
||||||
@@ -95,7 +95,7 @@ my @smime_pkcs7_tests = (
|
|
||||||
\&final_compare
|
|
||||||
],
|
|
||||||
|
|
||||||
- [ "signed content DER format, DSA key",
|
|
||||||
+ [ "signed content DER format, DSA key, no Red Hat FIPS",
|
|
||||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
|
|
||||||
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
|
|
||||||
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
|
|
||||||
@@ -103,7 +103,7 @@ my @smime_pkcs7_tests = (
|
|
||||||
\&final_compare
|
|
||||||
],
|
|
||||||
|
|
||||||
- [ "signed detached content DER format, DSA key",
|
|
||||||
+ [ "signed detached content DER format, DSA key, no Red Hat FIPS",
|
|
||||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
|
|
||||||
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
|
|
||||||
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
|
|
||||||
@@ -112,7 +112,7 @@ my @smime_pkcs7_tests = (
|
|
||||||
\&final_compare
|
|
||||||
],
|
|
||||||
|
|
||||||
- [ "signed detached content DER format, add RSA signer (with DSA existing)",
|
|
||||||
+ [ "signed detached content DER format, add RSA signer (with DSA existing), no Red Hat FIPS",
|
|
||||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
|
|
||||||
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
|
|
||||||
[ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER",
|
|
||||||
@@ -123,7 +123,7 @@ my @smime_pkcs7_tests = (
|
|
||||||
\&final_compare
|
|
||||||
],
|
|
||||||
|
|
||||||
- [ "signed content test streaming BER format, DSA key",
|
|
||||||
+ [ "signed content test streaming BER format, DSA key, no Red Hat FIPS",
|
|
||||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
|
|
||||||
"-nodetach", "-stream",
|
|
||||||
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
|
|
||||||
@@ -132,7 +132,7 @@ my @smime_pkcs7_tests = (
|
|
||||||
\&final_compare
|
|
||||||
],
|
|
||||||
|
|
||||||
- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
|
|
||||||
+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
|
|
||||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
|
|
||||||
"-nodetach", "-stream",
|
|
||||||
"-signer", $smrsa1,
|
|
||||||
@@ -145,7 +145,7 @@ my @smime_pkcs7_tests = (
|
|
||||||
\&final_compare
|
|
||||||
],
|
|
||||||
|
|
||||||
- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
|
|
||||||
+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes, no Red Hat FIPS",
|
|
||||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
|
|
||||||
"-noattr", "-nodetach", "-stream",
|
|
||||||
"-signer", $smrsa1,
|
|
||||||
@@ -175,7 +175,7 @@ my @smime_pkcs7_tests = (
|
|
||||||
\&zero_compare
|
|
||||||
],
|
|
||||||
|
|
||||||
- [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
|
|
||||||
+ [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
|
|
||||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach",
|
|
||||||
"-signer", $smrsa1,
|
|
||||||
"-signer", catfile($smdir, "smrsa2.pem"),
|
|
||||||
@@ -187,7 +187,7 @@ my @smime_pkcs7_tests = (
|
|
||||||
\&final_compare
|
|
||||||
],
|
|
||||||
|
|
||||||
- [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
|
|
||||||
+ [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
|
|
||||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont,
|
|
||||||
"-signer", $smrsa1,
|
|
||||||
"-signer", catfile($smdir, "smrsa2.pem"),
|
|
||||||
@@ -247,7 +247,7 @@ my @smime_pkcs7_tests = (
|
|
||||||
|
|
||||||
my @smime_cms_tests = (
|
|
||||||
|
|
||||||
- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
|
|
||||||
+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid, no Red Hat FIPS",
|
|
||||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
|
|
||||||
"-nodetach", "-keyid",
|
|
||||||
"-signer", $smrsa1,
|
|
||||||
@@ -260,7 +260,7 @@ my @smime_cms_tests = (
|
|
||||||
\&final_compare
|
|
||||||
],
|
|
||||||
|
|
||||||
- [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
|
|
||||||
+ [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
|
|
||||||
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
|
|
||||||
"-signer", $smrsa1,
|
|
||||||
"-signer", catfile($smdir, "smrsa2.pem"),
|
|
||||||
@@ -370,7 +370,7 @@ my @smime_cms_tests = (
|
|
||||||
\&final_compare
|
|
||||||
],
|
|
||||||
|
|
||||||
- [ "encrypted content test streaming PEM format, triple DES key",
|
|
||||||
+ [ "encrypted content test streaming PEM format, triple DES key, no Red Hat FIPS",
|
|
||||||
[ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
|
|
||||||
"-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
|
|
||||||
"-stream", "-out", "{output}.cms" ],
|
|
||||||
diff -up openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 openssl-3.0.1/test/recipes/30-test_evp.t
|
|
||||||
--- openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 2022-05-05 14:43:04.276857033 +0200
|
|
||||||
+++ openssl-3.0.1/test/recipes/30-test_evp.t 2022-05-05 14:43:35.975138234 +0200
|
|
||||||
@@ -43,7 +43,6 @@ my @files = qw(
|
|
||||||
evpciph_aes_cts.txt
|
|
||||||
evpciph_aes_wrap.txt
|
|
||||||
evpciph_aes_stitched.txt
|
|
||||||
- evpciph_des3_common.txt
|
|
||||||
evpkdf_hkdf.txt
|
|
||||||
evpkdf_pbkdf1.txt
|
|
||||||
evpkdf_pbkdf2.txt
|
|
||||||
@@ -66,12 +65,6 @@ push @files, qw(
|
|
||||||
evppkey_dh.txt
|
|
||||||
) unless $no_dh;
|
|
||||||
push @files, qw(
|
|
||||||
- evpkdf_x942_des.txt
|
|
||||||
- evpmac_cmac_des.txt
|
|
||||||
- ) unless $no_des;
|
|
||||||
-push @files, qw(evppkey_dsa.txt) unless $no_dsa;
|
|
||||||
-push @files, qw(evppkey_ecx.txt) unless $no_ec;
|
|
||||||
-push @files, qw(
|
|
||||||
evppkey_ecc.txt
|
|
||||||
evppkey_ecdh.txt
|
|
||||||
evppkey_ecdsa.txt
|
|
||||||
@@ -91,6 +84,7 @@ my @defltfiles = qw(
|
|
||||||
evpciph_cast5.txt
|
|
||||||
evpciph_chacha.txt
|
|
||||||
evpciph_des.txt
|
|
||||||
+ evpciph_des3_common.txt
|
|
||||||
evpciph_idea.txt
|
|
||||||
evpciph_rc2.txt
|
|
||||||
evpciph_rc4.txt
|
|
||||||
@@ -117,6 +111,12 @@ my @defltfiles = qw(
|
|
||||||
evppkey_kdf_tls1_prf.txt
|
|
||||||
evppkey_rsa.txt
|
|
||||||
);
|
|
||||||
+push @defltfiles, qw(evppkey_dsa.txt) unless $no_dsa;
|
|
||||||
+push @defltfiles, qw(evppkey_ecx.txt) unless $no_ec;
|
|
||||||
+push @defltfiles, qw(
|
|
||||||
+ evpkdf_x942_des.txt
|
|
||||||
+ evpmac_cmac_des.txt
|
|
||||||
+ ) unless $no_des;
|
|
||||||
push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
|
|
||||||
|
|
||||||
plan tests =>
|
|
||||||
diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt
|
|
||||||
--- openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 2022-05-05 14:46:32.721700697 +0200
|
|
||||||
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt 2022-05-05 14:51:40.205418897 +0200
|
|
||||||
@@ -328,6 +328,7 @@ Input = 68F2E77696CE7AE8E2CA4EC588E54100
|
|
||||||
Output = 00BDA1B7E87608BCBF470F12157F4C07
|
|
||||||
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Title = KMAC Tests (From NIST)
|
|
||||||
MAC = KMAC128
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
@@ -338,12 +339,14 @@ Ctrl = xof:0
|
|
||||||
OutputSize = 32
|
|
||||||
BlockSize = 168
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC128
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 00010203
|
|
||||||
Custom = "My Tagged Application"
|
|
||||||
Output = 3B1FBA963CD8B0B59E8C1A6D71888B7143651AF8BA0A7070C0979E2811324AA5
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC128
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
|
||||||
@@ -351,6 +354,7 @@ Custom = "My Tagged Application"
|
|
||||||
Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230
|
|
||||||
Ctrl = size:32
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC256
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 00010203
|
|
||||||
@@ -359,12 +363,14 @@ Output = 20C570C31346F703C9AC36C61C03CB6
|
|
||||||
OutputSize = 64
|
|
||||||
BlockSize = 136
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC256
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
|
||||||
Custom = ""
|
|
||||||
Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC256
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
|
||||||
@@ -374,12 +380,14 @@ Ctrl = size:64
|
|
||||||
|
|
||||||
Title = KMAC XOF Tests (From NIST)
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC128
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 00010203
|
|
||||||
Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35
|
|
||||||
XOF = 1
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC128
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 00010203
|
|
||||||
@@ -387,6 +395,7 @@ Custom = "My Tagged Application"
|
|
||||||
Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
|
|
||||||
XOF = 1
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC128
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
|
||||||
@@ -395,6 +404,7 @@ Output = 47026C7CD793084AA0283C253EF6584
|
|
||||||
XOF = 1
|
|
||||||
Ctrl = size:32
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC256
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 00010203
|
|
||||||
@@ -402,6 +412,7 @@ Custom = "My Tagged Application"
|
|
||||||
Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
|
|
||||||
XOF = 1
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC256
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
|
||||||
@@ -409,6 +420,7 @@ Custom = ""
|
|
||||||
Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
|
|
||||||
XOF = 1
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC256
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
|
||||||
@@ -419,6 +431,7 @@ XOF = 1
|
|
||||||
|
|
||||||
Title = KMAC long customisation string (from NIST ACVP)
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC256
|
|
||||||
Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
|
|
||||||
Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
|
|
||||||
@@ -429,12 +442,14 @@ XOF = 1
|
|
||||||
|
|
||||||
Title = KMAC XOF Tests via ctrl (From NIST)
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC128
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 00010203
|
|
||||||
Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35
|
|
||||||
Ctrl = xof:1
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC128
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 00010203
|
|
||||||
@@ -442,6 +457,7 @@ Custom = "My Tagged Application"
|
|
||||||
Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
|
|
||||||
Ctrl = xof:1
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC128
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
|
||||||
@@ -450,6 +466,7 @@ Output = 47026C7CD793084AA0283C253EF6584
|
|
||||||
Ctrl = xof:1
|
|
||||||
Ctrl = size:32
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC256
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 00010203
|
|
||||||
@@ -457,6 +474,7 @@ Custom = "My Tagged Application"
|
|
||||||
Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
|
|
||||||
Ctrl = xof:1
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC256
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
|
||||||
@@ -464,6 +482,7 @@ Custom = ""
|
|
||||||
Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
|
|
||||||
Ctrl = xof:1
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC256
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
|
||||||
@@ -474,6 +493,7 @@ Ctrl = xof:1
|
|
||||||
|
|
||||||
Title = KMAC long customisation string via ctrl (from NIST ACVP)
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC256
|
|
||||||
Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
|
|
||||||
Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
|
|
||||||
@@ -484,6 +504,7 @@ Ctrl = xof:1
|
|
||||||
|
|
||||||
Title = KMAC long customisation string negative test
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC128
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
|
||||||
@@ -492,6 +513,7 @@ Result = MAC_INIT_ERROR
|
|
||||||
|
|
||||||
Title = KMAC output is too large
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
MAC = KMAC256
|
|
||||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|
||||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
|
||||||
diff -up openssl-3.0.1/test/recipes/80-test_ssl_old.t.fipsmin3 openssl-3.0.1/test/recipes/80-test_ssl_old.t
|
|
||||||
--- openssl-3.0.1/test/recipes/80-test_ssl_old.t.fipsmin3 2022-05-05 16:02:59.745500635 +0200
|
|
||||||
+++ openssl-3.0.1/test/recipes/80-test_ssl_old.t 2022-05-05 16:10:24.071348890 +0200
|
|
||||||
@@ -426,7 +426,7 @@ sub testssl {
|
|
||||||
my @exkeys = ();
|
|
||||||
my $ciphers = '-PSK:-SRP:@SECLEVEL=0';
|
|
||||||
|
|
||||||
- if (!$no_dsa) {
|
|
||||||
+ if (!$no_dsa && $provider ne "fips") {
|
|
||||||
push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff -up openssl-3.0.1/test/endecode_test.c.fipsmin3 openssl-3.0.1/test/endecode_test.c
|
|
||||||
--- openssl-3.0.1/test/endecode_test.c.fipsmin3 2022-05-06 16:25:57.296926271 +0200
|
|
||||||
+++ openssl-3.0.1/test/endecode_test.c 2022-05-06 16:27:42.712850840 +0200
|
|
||||||
@@ -1387,6 +1387,7 @@ int setup_tests(void)
|
|
||||||
* so no legacy tests.
|
|
||||||
*/
|
|
||||||
#endif
|
|
||||||
+ if (is_fips == 0) {
|
|
||||||
#ifndef OPENSSL_NO_DSA
|
|
||||||
ADD_TEST_SUITE(DSA);
|
|
||||||
ADD_TEST_SUITE_PARAMS(DSA);
|
|
||||||
@@ -1397,6 +1398,7 @@ int setup_tests(void)
|
|
||||||
ADD_TEST_SUITE_PROTECTED_PVK(DSA);
|
|
||||||
# endif
|
|
||||||
#endif
|
|
||||||
+ }
|
|
||||||
#ifndef OPENSSL_NO_EC
|
|
||||||
ADD_TEST_SUITE(EC);
|
|
||||||
ADD_TEST_SUITE_PARAMS(EC);
|
|
||||||
@@ -1411,10 +1413,12 @@ int setup_tests(void)
|
|
||||||
ADD_TEST_SUITE(ECExplicitTri2G);
|
|
||||||
ADD_TEST_SUITE_LEGACY(ECExplicitTri2G);
|
|
||||||
# endif
|
|
||||||
+ if (is_fips == 0) {
|
|
||||||
ADD_TEST_SUITE(ED25519);
|
|
||||||
ADD_TEST_SUITE(ED448);
|
|
||||||
ADD_TEST_SUITE(X25519);
|
|
||||||
ADD_TEST_SUITE(X448);
|
|
||||||
+ }
|
|
||||||
/*
|
|
||||||
* ED25519, ED448, X25519 and X448 have no support for
|
|
||||||
* PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
|
|
||||||
diff -up openssl-3.0.1/apps/req.c.dfc openssl-3.0.1/apps/req.c
|
|
||||||
--- openssl-3.0.1/apps/req.c.dfc 2022-05-12 13:31:21.957638329 +0200
|
|
||||||
+++ openssl-3.0.1/apps/req.c 2022-05-12 13:31:49.587984867 +0200
|
|
||||||
@@ -266,7 +266,7 @@ int req_main(int argc, char **argv)
|
|
||||||
unsigned long chtype = MBSTRING_ASC, reqflag = 0;
|
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_DES
|
|
||||||
- cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
|
|
||||||
+ cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
|
|
||||||
#endif
|
|
||||||
|
|
||||||
prog = opt_init(argc, argv, req_options);
|
|
||||||
diff -up openssl-3.0.1/apps/ecparam.c.fips_list_curves openssl-3.0.1/apps/ecparam.c
|
|
||||||
--- openssl-3.0.1/apps/ecparam.c.fips_list_curves 2022-05-19 11:46:22.682519422 +0200
|
|
||||||
+++ openssl-3.0.1/apps/ecparam.c 2022-05-19 11:50:44.559828701 +0200
|
|
||||||
@@ -79,6 +79,9 @@ static int list_builtin_curves(BIO *out)
|
|
||||||
const char *comment = curves[n].comment;
|
|
||||||
const char *sname = OBJ_nid2sn(curves[n].nid);
|
|
||||||
|
|
||||||
+ if ((curves[n].nid == NID_secp256k1) && EVP_default_properties_is_fips_enabled(NULL))
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
if (comment == NULL)
|
|
||||||
comment = "CURVE DESCRIPTION NOT AVAILABLE";
|
|
||||||
if (sname == NULL)
|
|
||||||
diff -up openssl-3.0.1/ssl/ssl_ciph.c.nokrsa openssl-3.0.1/ssl/ssl_ciph.c
|
|
||||||
--- openssl-3.0.1/ssl/ssl_ciph.c.nokrsa 2022-05-19 13:32:32.536708638 +0200
|
|
||||||
+++ openssl-3.0.1/ssl/ssl_ciph.c 2022-05-19 13:42:29.734002959 +0200
|
|
||||||
@@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx)
|
|
||||||
ctx->disabled_mkey_mask = 0;
|
|
||||||
ctx->disabled_auth_mask = 0;
|
|
||||||
|
|
||||||
+ if (EVP_default_properties_is_fips_enabled(ctx->libctx))
|
|
||||||
+ ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK;
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* We ignore any errors from the fetches below. They are expected to fail
|
|
||||||
* if theose algorithms are not available.
|
|
||||||
diff -up openssl-3.0.1/providers/implementations/signature/rsa_sig.c.fipskeylen openssl-3.0.1/providers/implementations/signature/rsa_sig.c
|
|
||||||
--- openssl-3.0.1/providers/implementations/signature/rsa_sig.c.fipskeylen 2022-05-23 14:58:07.764281242 +0200
|
|
||||||
+++ openssl-3.0.1/providers/implementations/signature/rsa_sig.c 2022-05-23 15:10:29.327993616 +0200
|
|
||||||
@@ -770,6 +770,19 @@ static int rsa_verify(void *vprsactx, co
|
|
||||||
{
|
|
||||||
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
|
|
||||||
size_t rslen;
|
|
||||||
+# ifdef FIPS_MODULE
|
|
||||||
+ size_t rsabits = RSA_bits(prsactx->rsa);
|
|
||||||
+
|
|
||||||
+ if (rsabits < 2048) {
|
|
||||||
+ if (rsabits != 1024
|
|
||||||
+ && rsabits != 1280
|
|
||||||
+ && rsabits != 1536
|
|
||||||
+ && rsabits != 1792) {
|
|
||||||
+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+# endif
|
|
||||||
|
|
||||||
if (!ossl_prov_is_running())
|
|
||||||
return 0;
|
|
@ -1,39 +0,0 @@
|
|||||||
diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/providers/fips/self_test.c
|
|
||||||
--- openssl-3.0.1/providers/fips/self_test.c.earlykats 2022-01-19 13:10:00.635830783 +0100
|
|
||||||
+++ openssl-3.0.1/providers/fips/self_test.c 2022-01-19 13:11:43.309342656 +0100
|
|
||||||
@@ -362,6 +362,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
|
||||||
if (ev == NULL)
|
|
||||||
goto end;
|
|
||||||
|
|
||||||
+ /*
|
|
||||||
+ * Run the KAT's before HMAC verification according to FIPS-140-3 requirements
|
|
||||||
+ */
|
|
||||||
+ if (kats_already_passed == 0) {
|
|
||||||
+ if (!SELF_TEST_kats(ev, st->libctx)) {
|
|
||||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
|
|
||||||
+ goto end;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
module_checksum = fips_hmac_container;
|
|
||||||
checksum_len = sizeof(fips_hmac_container);
|
|
||||||
|
|
||||||
@@ -411,18 +421,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
|
|
||||||
kats_already_passed = 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
- * Only runs the KAT's during installation OR on_demand().
|
|
||||||
- * NOTE: If the installation option 'self_test_onload' is chosen then this
|
|
||||||
- * path will always be run, since kats_already_passed will always be 0.
|
|
||||||
- */
|
|
||||||
- if (on_demand_test || kats_already_passed == 0) {
|
|
||||||
- if (!SELF_TEST_kats(ev, st->libctx)) {
|
|
||||||
- ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
|
|
||||||
- goto end;
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
ok = 1;
|
|
||||||
end:
|
|
||||||
OSSL_SELF_TEST_free(ev);
|
|
@ -1,503 +0,0 @@
|
|||||||
From b4f8964ad1903e24cd2ee07f42ce97c3047f4af4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Clemens Lang <cllang@redhat.com>
|
|
||||||
Date: Mon, 21 Feb 2022 17:24:44 +0100
|
|
||||||
Subject: [PATCH] Allow disabling of SHA1 signatures
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
NOTE: This patch is ported from CentOS 9 / RHEL 9, where it defaults to
|
|
||||||
denying SHA1 signatures. On Fedora, the default is – for now – to allow
|
|
||||||
SHA1 signatures.
|
|
||||||
|
|
||||||
In order to phase out SHA1 signatures, introduce a new configuration
|
|
||||||
option in the alg_section named 'rh-allow-sha1-signatures'. This option
|
|
||||||
defaults to true. If set to false, any signature creation or
|
|
||||||
verification operations that involve SHA1 as digest will fail.
|
|
||||||
|
|
||||||
This also affects TLS, where the signature_algorithms extension of any
|
|
||||||
ClientHello message sent by OpenSSL will no longer include signatures
|
|
||||||
with the SHA1 digest if rh-allow-sha1-signatures is false. For servers
|
|
||||||
that request a client certificate, the same also applies for
|
|
||||||
CertificateRequest messages sent by them.
|
|
||||||
|
|
||||||
For signatures created using the EVP_PKEY API, this is a best-effort
|
|
||||||
check that will deny signatures in cases where the digest algorithm is
|
|
||||||
known. This means, for example, that that following steps will still
|
|
||||||
work:
|
|
||||||
|
|
||||||
$> openssl dgst -sha1 -binary -out sha1 infile
|
|
||||||
$> openssl pkeyutl -inkey key.pem -sign -in sha1 -out sha1sig
|
|
||||||
$> openssl pkeyutl -inkey key.pem -verify -sigfile sha1sig -in sha1
|
|
||||||
|
|
||||||
whereas these will not:
|
|
||||||
|
|
||||||
$> openssl dgst -sha1 -binary -out sha1 infile
|
|
||||||
$> openssl pkeyutl -inkey kem.pem -sign -in sha1 -out sha1sig -pkeyopt digest:sha1
|
|
||||||
$> openssl pkeyutl -inkey kem.pem -verify -sigfile sha1sig -in sha1 -pkeyopt digest:sha1
|
|
||||||
|
|
||||||
This happens because in the first case, OpenSSL's signature
|
|
||||||
implementation does not know that it is signing a SHA1 hash (it could be
|
|
||||||
signing arbitrary data).
|
|
||||||
---
|
|
||||||
crypto/evp/evp_cnf.c | 13 +++
|
|
||||||
crypto/evp/m_sigver.c | 85 +++++++++++++++++++
|
|
||||||
crypto/evp/pmeth_lib.c | 15 ++++
|
|
||||||
doc/man5/config.pod | 13 +++
|
|
||||||
include/internal/cryptlib.h | 3 +-
|
|
||||||
include/internal/sslconf.h | 4 +
|
|
||||||
providers/common/securitycheck.c | 20 +++++
|
|
||||||
providers/common/securitycheck_default.c | 9 +-
|
|
||||||
providers/implementations/signature/dsa_sig.c | 11 ++-
|
|
||||||
.../implementations/signature/ecdsa_sig.c | 4 +
|
|
||||||
providers/implementations/signature/rsa_sig.c | 20 ++++-
|
|
||||||
ssl/t1_lib.c | 8 ++
|
|
||||||
util/libcrypto.num | 2 +
|
|
||||||
13 files changed, 198 insertions(+), 9 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
|
|
||||||
index 0e7fe64cf9..b9d3b6d226 100644
|
|
||||||
--- a/crypto/evp/evp_cnf.c
|
|
||||||
+++ b/crypto/evp/evp_cnf.c
|
|
||||||
@@ -10,6 +10,7 @@
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <openssl/crypto.h>
|
|
||||||
#include "internal/cryptlib.h"
|
|
||||||
+#include "internal/sslconf.h"
|
|
||||||
#include <openssl/conf.h>
|
|
||||||
#include <openssl/x509.h>
|
|
||||||
#include <openssl/x509v3.h>
|
|
||||||
@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
|
|
||||||
ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
+ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) {
|
|
||||||
+ int m;
|
|
||||||
+
|
|
||||||
+ /* Detailed error already reported. */
|
|
||||||
+ if (!X509V3_get_value_bool(oval, &m))
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed_set(
|
|
||||||
+ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) {
|
|
||||||
+ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
} else {
|
|
||||||
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
|
|
||||||
"name=%s, value=%s", oval->name, oval->value);
|
|
||||||
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
|
|
||||||
index 76a6814b42..8da2183ce0 100644
|
|
||||||
--- a/crypto/evp/m_sigver.c
|
|
||||||
+++ b/crypto/evp/m_sigver.c
|
|
||||||
@@ -16,6 +16,79 @@
|
|
||||||
#include "internal/numbers.h" /* includes SIZE_MAX */
|
|
||||||
#include "evp_local.h"
|
|
||||||
|
|
||||||
+typedef struct ossl_legacy_digest_signatures_st {
|
|
||||||
+ int allowed;
|
|
||||||
+} OSSL_LEGACY_DIGEST_SIGNATURES;
|
|
||||||
+
|
|
||||||
+static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
|
|
||||||
+{
|
|
||||||
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs;
|
|
||||||
+
|
|
||||||
+ if (ldsigs != NULL) {
|
|
||||||
+ OPENSSL_free(ldsigs);
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
|
|
||||||
+{
|
|
||||||
+ OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
|
|
||||||
+ /* Warning: This patch differs from the same patch in CentOS and RHEL here,
|
|
||||||
+ * because the default on Fedora is to allow SHA-1 and support disabling
|
|
||||||
+ * it, while CentOS/RHEL disable it by default and allow enabling it. */
|
|
||||||
+ ldsigs->allowed = 1;
|
|
||||||
+ return ldsigs;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static const OSSL_LIB_CTX_METHOD ossl_ctx_legacy_digest_signatures_method = {
|
|
||||||
+ OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
|
|
||||||
+ ossl_ctx_legacy_digest_signatures_new,
|
|
||||||
+ ossl_ctx_legacy_digest_signatures_free,
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures(
|
|
||||||
+ OSSL_LIB_CTX *libctx, int loadconfig)
|
|
||||||
+{
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
+ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
|
|
||||||
+ return NULL;
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES,
|
|
||||||
+ &ossl_ctx_legacy_digest_signatures_method);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig)
|
|
||||||
+{
|
|
||||||
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
|
|
||||||
+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
|
|
||||||
+
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
+ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL)
|
|
||||||
+ /* used in tests */
|
|
||||||
+ return 1;
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+ /* Warning: This patch differs from the same patch in CentOS and RHEL here,
|
|
||||||
+ * because the default on Fedora is to allow SHA-1 and support disabling
|
|
||||||
+ * it, while CentOS/RHEL disable it by default and allow enabling it. */
|
|
||||||
+ return ldsigs != NULL ? ldsigs->allowed : 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
|
|
||||||
+ int loadconfig)
|
|
||||||
+{
|
|
||||||
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
|
|
||||||
+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
|
|
||||||
+
|
|
||||||
+ if (ldsigs == NULL) {
|
|
||||||
+ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ ldsigs->allowed = allow;
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
|
|
||||||
static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
|
|
||||||
@@ -258,6 +331,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (ctx->reqdigest != NULL
|
|
||||||
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
|
|
||||||
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
|
|
||||||
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) {
|
|
||||||
+ int mdnid = EVP_MD_nid(ctx->reqdigest);
|
|
||||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)
|
|
||||||
+ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) {
|
|
||||||
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
|
|
||||||
+ goto err;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (ver) {
|
|
||||||
if (signature->digest_verify_init == NULL) {
|
|
||||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
||||||
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
|
|
||||||
index 2b9c6c2351..3c5a1e6f5d 100644
|
|
||||||
--- a/crypto/evp/pmeth_lib.c
|
|
||||||
+++ b/crypto/evp/pmeth_lib.c
|
|
||||||
@@ -33,6 +33,7 @@
|
|
||||||
#include "internal/ffc.h"
|
|
||||||
#include "internal/numbers.h"
|
|
||||||
#include "internal/provider.h"
|
|
||||||
+#include "internal/sslconf.h"
|
|
||||||
#include "evp_local.h"
|
|
||||||
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
@@ -946,6 +947,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
|
|
||||||
return -2;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
|
|
||||||
+ && md != NULL
|
|
||||||
+ && ctx->pkey != NULL
|
|
||||||
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac)
|
|
||||||
+ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
|
|
||||||
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
|
|
||||||
+ int mdnid = EVP_MD_nid(md);
|
|
||||||
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
|
|
||||||
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
|
|
||||||
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (fallback)
|
|
||||||
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
|
|
||||||
|
|
||||||
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
|
|
||||||
index 77a8055e81..0c9110d28a 100644
|
|
||||||
--- a/doc/man5/config.pod
|
|
||||||
+++ b/doc/man5/config.pod
|
|
||||||
@@ -296,6 +296,19 @@ Within the algorithm properties section, the following names have meaning:
|
|
||||||
The value may be anything that is acceptable as a property query
|
|
||||||
string for EVP_set_default_properties().
|
|
||||||
|
|
||||||
+=item B<rh-allow-sha1-signatures>
|
|
||||||
+
|
|
||||||
+The value is a boolean that can be B<yes> or B<no>. If the value is not set,
|
|
||||||
+it behaves as if it was set to B<yes>.
|
|
||||||
+
|
|
||||||
+When set to B<no>, any attempt to create or verify a signature with a SHA1
|
|
||||||
+digest will fail. To test whether your software will work with future versions
|
|
||||||
+of OpenSSL, set this option to B<no>. This setting also affects TLS, where
|
|
||||||
+signature algorithms that use SHA1 as digest will no longer be supported if
|
|
||||||
+this option is set to B<no>. Because TLS 1.1 or lower use MD5-SHA1 as
|
|
||||||
+pseudorandom function (PRF) to derive key material, disabling
|
|
||||||
+B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or newer.
|
|
||||||
+
|
|
||||||
=item B<fips_mode> (deprecated)
|
|
||||||
|
|
||||||
The value is a boolean that can be B<yes> or B<no>. If the value is
|
|
||||||
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
|
|
||||||
index 1291299b6e..e234341e6a 100644
|
|
||||||
--- a/include/internal/cryptlib.h
|
|
||||||
+++ b/include/internal/cryptlib.h
|
|
||||||
@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st {
|
|
||||||
# define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16
|
|
||||||
# define OSSL_LIB_CTX_BIO_CORE_INDEX 17
|
|
||||||
# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
|
|
||||||
-# define OSSL_LIB_CTX_MAX_INDEXES 19
|
|
||||||
+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES 19
|
|
||||||
+# define OSSL_LIB_CTX_MAX_INDEXES 20
|
|
||||||
|
|
||||||
# define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1
|
|
||||||
# define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0
|
|
||||||
diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h
|
|
||||||
index fd7f7e3331..05464b0655 100644
|
|
||||||
--- a/include/internal/sslconf.h
|
|
||||||
+++ b/include/internal/sslconf.h
|
|
||||||
@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx);
|
|
||||||
void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
|
|
||||||
char **arg);
|
|
||||||
|
|
||||||
+/* Methods to support disabling all signatures with legacy digests */
|
|
||||||
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig);
|
|
||||||
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
|
|
||||||
+ int loadconfig);
|
|
||||||
#endif
|
|
||||||
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
|
|
||||||
index 699ada7c52..e534ad0a5f 100644
|
|
||||||
--- a/providers/common/securitycheck.c
|
|
||||||
+++ b/providers/common/securitycheck.c
|
|
||||||
@@ -19,6 +19,7 @@
|
|
||||||
#include <openssl/core_names.h>
|
|
||||||
#include <openssl/obj_mac.h>
|
|
||||||
#include "prov/securitycheck.h"
|
|
||||||
+#include "internal/sslconf.h"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* FIPS requires a minimum security strength of 112 bits (for encryption or
|
|
||||||
@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
||||||
mdnid = -1; /* disallowed by security checks */
|
|
||||||
}
|
|
||||||
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
|
||||||
+
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
|
||||||
+ /* SHA1 is globally disabled, check whether we want to locally allow
|
|
||||||
+ * it. */
|
|
||||||
+ if (mdnid == NID_sha1 && !sha1_allowed)
|
|
||||||
+ mdnid = -1;
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
return mdnid;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
|
|
||||||
if (ossl_securitycheck_enabled(ctx))
|
|
||||||
return ossl_digest_get_approved_nid(md) != NID_undef;
|
|
||||||
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
|
||||||
+
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
+ {
|
|
||||||
+ int mdnid = EVP_MD_nid(md);
|
|
||||||
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
|
|
||||||
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
|
|
||||||
index de7f0d3a0a..ce54a94fbc 100644
|
|
||||||
--- a/providers/common/securitycheck_default.c
|
|
||||||
+++ b/providers/common/securitycheck_default.c
|
|
||||||
@@ -15,6 +15,7 @@
|
|
||||||
#include <openssl/obj_mac.h>
|
|
||||||
#include "prov/securitycheck.h"
|
|
||||||
#include "internal/nelem.h"
|
|
||||||
+#include "internal/sslconf.h"
|
|
||||||
|
|
||||||
/* Disable the security checks in the default provider */
|
|
||||||
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
|
|
||||||
@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
|
|
||||||
}
|
|
||||||
|
|
||||||
int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
||||||
- ossl_unused int sha1_allowed)
|
|
||||||
+ int sha1_allowed)
|
|
||||||
{
|
|
||||||
int mdnid;
|
|
||||||
+ int ldsigs_allowed;
|
|
||||||
|
|
||||||
static const OSSL_ITEM name_to_nid[] = {
|
|
||||||
{ NID_md5, OSSL_DIGEST_NAME_MD5 },
|
|
||||||
@@ -36,8 +38,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
||||||
{ NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
|
|
||||||
};
|
|
||||||
|
|
||||||
- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1);
|
|
||||||
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0);
|
|
||||||
+ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed);
|
|
||||||
if (mdnid == NID_undef)
|
|
||||||
mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
|
|
||||||
+ if (mdnid == NID_md5_sha1 && !ldsigs_allowed)
|
|
||||||
+ mdnid = -1;
|
|
||||||
return mdnid;
|
|
||||||
}
|
|
||||||
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
|
|
||||||
index 28fd7c498e..fa3822f39f 100644
|
|
||||||
--- a/providers/implementations/signature/dsa_sig.c
|
|
||||||
+++ b/providers/implementations/signature/dsa_sig.c
|
|
||||||
@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
|
|
||||||
mdprops = ctx->propq;
|
|
||||||
|
|
||||||
if (mdname != NULL) {
|
|
||||||
- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
|
||||||
WPACKET pkt;
|
|
||||||
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
|
|
||||||
- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
|
|
||||||
- sha1_allowed);
|
|
||||||
+ int md_nid;
|
|
||||||
size_t mdname_len = strlen(mdname);
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
|
||||||
+#else
|
|
||||||
+ int sha1_allowed = 0;
|
|
||||||
+#endif
|
|
||||||
+ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
|
|
||||||
+ sha1_allowed);
|
|
||||||
|
|
||||||
if (md == NULL || md_nid < 0) {
|
|
||||||
if (md == NULL)
|
|
||||||
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
|
|
||||||
index 865d49d100..99b228e82c 100644
|
|
||||||
--- a/providers/implementations/signature/ecdsa_sig.c
|
|
||||||
+++ b/providers/implementations/signature/ecdsa_sig.c
|
|
||||||
@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
|
|
||||||
"%s could not be fetched", mdname);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
|
||||||
+#else
|
|
||||||
+ sha1_allowed = 0;
|
|
||||||
+#endif
|
|
||||||
md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
|
|
||||||
sha1_allowed);
|
|
||||||
if (md_nid < 0) {
|
|
||||||
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
|
||||||
index 325e855333..bea397f0c1 100644
|
|
||||||
--- a/providers/implementations/signature/rsa_sig.c
|
|
||||||
+++ b/providers/implementations/signature/rsa_sig.c
|
|
||||||
@@ -26,6 +26,7 @@
|
|
||||||
#include "internal/cryptlib.h"
|
|
||||||
#include "internal/nelem.h"
|
|
||||||
#include "internal/sizes.h"
|
|
||||||
+#include "internal/sslconf.h"
|
|
||||||
#include "crypto/rsa.h"
|
|
||||||
#include "prov/providercommon.h"
|
|
||||||
#include "prov/implementations.h"
|
|
||||||
@@ -34,6 +35,7 @@
|
|
||||||
#include "prov/securitycheck.h"
|
|
||||||
|
|
||||||
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
|
|
||||||
+#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256
|
|
||||||
|
|
||||||
static OSSL_FUNC_signature_newctx_fn rsa_newctx;
|
|
||||||
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
|
|
||||||
@@ -289,10 +291,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
|
|
||||||
|
|
||||||
if (mdname != NULL) {
|
|
||||||
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
|
|
||||||
+ int md_nid;
|
|
||||||
+ size_t mdname_len = strlen(mdname);
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
|
||||||
- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
|
|
||||||
+#else
|
|
||||||
+ int sha1_allowed = 0;
|
|
||||||
+#endif
|
|
||||||
+ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
|
|
||||||
sha1_allowed);
|
|
||||||
- size_t mdname_len = strlen(mdname);
|
|
||||||
|
|
||||||
if (md == NULL
|
|
||||||
|| md_nid <= 0
|
|
||||||
@@ -1348,8 +1355,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
|
||||||
prsactx->pad_mode = pad_mode;
|
|
||||||
|
|
||||||
if (prsactx->md == NULL && pmdname == NULL
|
|
||||||
- && pad_mode == RSA_PKCS1_PSS_PADDING)
|
|
||||||
+ && pad_mode == RSA_PKCS1_PSS_PADDING) {
|
|
||||||
pmdname = RSA_DEFAULT_DIGEST_NAME;
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) {
|
|
||||||
+ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
|
|
||||||
if (pmgf1mdname != NULL
|
|
||||||
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
|
|
||||||
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
|
||||||
index 41fddf22a7..dcd487ec2e 100644
|
|
||||||
--- a/ssl/t1_lib.c
|
|
||||||
+++ b/ssl/t1_lib.c
|
|
||||||
@@ -20,6 +20,7 @@
|
|
||||||
#include <openssl/bn.h>
|
|
||||||
#include <openssl/provider.h>
|
|
||||||
#include <openssl/param_build.h>
|
|
||||||
+#include "internal/sslconf.h"
|
|
||||||
#include "internal/nelem.h"
|
|
||||||
#include "internal/sizes.h"
|
|
||||||
#include "internal/tlsgroups.h"
|
|
||||||
@@ -1145,11 +1146,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
|
|
||||||
= OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl));
|
|
||||||
EVP_PKEY *tmpkey = EVP_PKEY_new();
|
|
||||||
int ret = 0;
|
|
||||||
+ int ldsigs_allowed;
|
|
||||||
|
|
||||||
if (cache == NULL || tmpkey == NULL)
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
ERR_set_mark();
|
|
||||||
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0);
|
|
||||||
for (i = 0, lu = sigalg_lookup_tbl;
|
|
||||||
i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
|
|
||||||
EVP_PKEY_CTX *pctx;
|
|
||||||
@@ -1169,6 +1172,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
|
|
||||||
cache[i].enabled = 0;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
|
|
||||||
+ && !ldsigs_allowed) {
|
|
||||||
+ cache[i].enabled = 0;
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
|
|
||||||
cache[i].enabled = 0;
|
|
||||||
diff --git a/util/libcrypto.num b/util/libcrypto.num
|
|
||||||
index 10b4e57d79..2d3c363bb0 100644
|
|
||||||
--- a/util/libcrypto.num
|
|
||||||
+++ b/util/libcrypto.num
|
|
||||||
@@ -5426,3 +5426,5 @@ ASN1_item_d2i_ex 5552 3_0_0 EXIST::FUNCTION:
|
|
||||||
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
|
|
||||||
OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP
|
|
||||||
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
|
||||||
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
|
||||||
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
|
||||||
--
|
|
||||||
2.35.1
|
|
||||||
|
|
@ -1,491 +0,0 @@
|
|||||||
From e738d17c45869eda31cb94f2832e65ec7cf8afa9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Clemens Lang <cllang@redhat.com>
|
|
||||||
Date: Wed, 17 Aug 2022 12:56:29 -0400
|
|
||||||
Subject: [PATCH] Selectively disallow SHA1 signatures
|
|
||||||
|
|
||||||
For RHEL 9.0, we want to phase out SHA1. One of the steps to do that is
|
|
||||||
disabling SHA1 signatures. Introduce a new configuration option in the
|
|
||||||
alg_section named 'rh-allow-sha1-signatures'. This option defaults to
|
|
||||||
false. If set to false (or unset), any signature creation or
|
|
||||||
verification operations that involve SHA1 as digest will fail.
|
|
||||||
|
|
||||||
This also affects TLS, where the signature_algorithms extension of any
|
|
||||||
ClientHello message sent by OpenSSL will no longer include signatures
|
|
||||||
with the SHA1 digest if rh-allow-sha1-signatures is false. For servers
|
|
||||||
that request a client certificate, the same also applies for
|
|
||||||
CertificateRequest messages sent by them.
|
|
||||||
|
|
||||||
For signatures created using the EVP_PKEY API, this is a best-effort
|
|
||||||
check that will deny signatures in cases where the digest algorithm is
|
|
||||||
known. This means, for example, that that following steps will still
|
|
||||||
work:
|
|
||||||
|
|
||||||
$> openssl dgst -sha1 -binary -out sha1 infile
|
|
||||||
$> openssl pkeyutl -inkey key.pem -sign -in sha1 -out sha1sig
|
|
||||||
$> openssl pkeyutl -inkey key.pem -verify -sigfile sha1sig -in sha1
|
|
||||||
|
|
||||||
whereas these will not:
|
|
||||||
|
|
||||||
$> openssl dgst -sha1 -binary -out sha1 infile
|
|
||||||
$> openssl pkeyutl -inkey kem.pem -sign -in sha1 -out sha1sig -pkeyopt digest:sha1
|
|
||||||
$> openssl pkeyutl -inkey kem.pem -verify -sigfile sha1sig -in sha1 -pkeyopt digest:sha1
|
|
||||||
|
|
||||||
This happens because in the first case, OpenSSL's signature
|
|
||||||
implementation does not know that it is signing a SHA1 hash (it could be
|
|
||||||
signing arbitrary data).
|
|
||||||
|
|
||||||
Resolves: rhbz#2031742
|
|
||||||
|
|
||||||
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
||||||
---
|
|
||||||
crypto/evp/evp_cnf.c | 13 ++++
|
|
||||||
crypto/evp/m_sigver.c | 77 +++++++++++++++++++
|
|
||||||
crypto/evp/pmeth_lib.c | 15 ++++
|
|
||||||
doc/man5/config.pod | 11 +++
|
|
||||||
include/internal/cryptlib.h | 3 +-
|
|
||||||
include/internal/sslconf.h | 4 +
|
|
||||||
providers/common/securitycheck.c | 20 +++++
|
|
||||||
providers/common/securitycheck_default.c | 9 ++-
|
|
||||||
providers/implementations/signature/dsa_sig.c | 11 ++-
|
|
||||||
.../implementations/signature/ecdsa_sig.c | 4 +
|
|
||||||
providers/implementations/signature/rsa_sig.c | 20 ++++-
|
|
||||||
ssl/t1_lib.c | 8 ++
|
|
||||||
util/libcrypto.num | 2 +
|
|
||||||
13 files changed, 188 insertions(+), 9 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
|
|
||||||
index 0e7fe64cf92e4b73b3bf873895e73fa9646df86d..b9d3b6d226ca07a65d972bb8505b7976a0d02572 100644
|
|
||||||
--- a/crypto/evp/evp_cnf.c
|
|
||||||
+++ b/crypto/evp/evp_cnf.c
|
|
||||||
@@ -10,6 +10,7 @@
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <openssl/crypto.h>
|
|
||||||
#include "internal/cryptlib.h"
|
|
||||||
+#include "internal/sslconf.h"
|
|
||||||
#include <openssl/conf.h>
|
|
||||||
#include <openssl/x509.h>
|
|
||||||
#include <openssl/x509v3.h>
|
|
||||||
@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
|
|
||||||
ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
+ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) {
|
|
||||||
+ int m;
|
|
||||||
+
|
|
||||||
+ /* Detailed error already reported. */
|
|
||||||
+ if (!X509V3_get_value_bool(oval, &m))
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed_set(
|
|
||||||
+ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) {
|
|
||||||
+ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
} else {
|
|
||||||
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
|
|
||||||
"name=%s, value=%s", oval->name, oval->value);
|
|
||||||
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
|
|
||||||
index 76a6814b424bec3479bdf61374f0178b9cd96ded..4b2f1fcfb886661d98460c240d542df2ccd5df13 100644
|
|
||||||
--- a/crypto/evp/m_sigver.c
|
|
||||||
+++ b/crypto/evp/m_sigver.c
|
|
||||||
@@ -16,6 +16,71 @@
|
|
||||||
#include "internal/numbers.h" /* includes SIZE_MAX */
|
|
||||||
#include "evp_local.h"
|
|
||||||
|
|
||||||
+typedef struct ossl_legacy_digest_signatures_st {
|
|
||||||
+ int allowed;
|
|
||||||
+} OSSL_LEGACY_DIGEST_SIGNATURES;
|
|
||||||
+
|
|
||||||
+static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
|
|
||||||
+{
|
|
||||||
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs;
|
|
||||||
+
|
|
||||||
+ if (ldsigs != NULL) {
|
|
||||||
+ OPENSSL_free(ldsigs);
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
|
|
||||||
+{
|
|
||||||
+ return OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static const OSSL_LIB_CTX_METHOD ossl_ctx_legacy_digest_signatures_method = {
|
|
||||||
+ OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
|
|
||||||
+ ossl_ctx_legacy_digest_signatures_new,
|
|
||||||
+ ossl_ctx_legacy_digest_signatures_free,
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures(
|
|
||||||
+ OSSL_LIB_CTX *libctx, int loadconfig)
|
|
||||||
+{
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
+ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
|
|
||||||
+ return 0;
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES,
|
|
||||||
+ &ossl_ctx_legacy_digest_signatures_method);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig)
|
|
||||||
+{
|
|
||||||
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
|
|
||||||
+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
|
|
||||||
+
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
+ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL)
|
|
||||||
+ /* used in tests */
|
|
||||||
+ return 1;
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+ return ldsigs != NULL ? ldsigs->allowed : 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
|
|
||||||
+ int loadconfig)
|
|
||||||
+{
|
|
||||||
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
|
|
||||||
+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
|
|
||||||
+
|
|
||||||
+ if (ldsigs == NULL) {
|
|
||||||
+ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ ldsigs->allowed = allow;
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
|
|
||||||
static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
|
|
||||||
@@ -258,6 +323,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (ctx->reqdigest != NULL
|
|
||||||
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
|
|
||||||
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
|
|
||||||
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) {
|
|
||||||
+ int mdnid = EVP_MD_nid(ctx->reqdigest);
|
|
||||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)
|
|
||||||
+ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) {
|
|
||||||
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
|
|
||||||
+ goto err;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (ver) {
|
|
||||||
if (signature->digest_verify_init == NULL) {
|
|
||||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
||||||
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
|
|
||||||
index da367ed05fbe42abb328c6e23cafe99e76d26819..ee6edf1e85e71cdbe58bf7e9f443425dce100e43 100644
|
|
||||||
--- a/crypto/evp/pmeth_lib.c
|
|
||||||
+++ b/crypto/evp/pmeth_lib.c
|
|
||||||
@@ -33,6 +33,7 @@
|
|
||||||
#include "internal/ffc.h"
|
|
||||||
#include "internal/numbers.h"
|
|
||||||
#include "internal/provider.h"
|
|
||||||
+#include "internal/sslconf.h"
|
|
||||||
#include "evp_local.h"
|
|
||||||
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
@@ -946,6 +947,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
|
|
||||||
return -2;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
|
|
||||||
+ && md != NULL
|
|
||||||
+ && ctx->pkey != NULL
|
|
||||||
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac)
|
|
||||||
+ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
|
|
||||||
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
|
|
||||||
+ int mdnid = EVP_MD_nid(md);
|
|
||||||
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
|
|
||||||
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
|
|
||||||
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (fallback)
|
|
||||||
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
|
|
||||||
|
|
||||||
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
|
|
||||||
index a84113287c3d0edf6c67726aee7d8abb87401445..f1536258470563b4fe74f8d1e3db6d73ed316341 100644
|
|
||||||
--- a/doc/man5/config.pod
|
|
||||||
+++ b/doc/man5/config.pod
|
|
||||||
@@ -304,6 +304,17 @@ Within the algorithm properties section, the following names have meaning:
|
|
||||||
The value may be anything that is acceptable as a property query
|
|
||||||
string for EVP_set_default_properties().
|
|
||||||
|
|
||||||
+=item B<rh-allow-sha1-signatures>
|
|
||||||
+
|
|
||||||
+The value is a boolean that can be B<yes> or B<no>. If the value is not set,
|
|
||||||
+it behaves as if it was set to B<no>.
|
|
||||||
+
|
|
||||||
+When set to B<no>, any attempt to create or verify a signature with a SHA1
|
|
||||||
+digest will fail. For compatibility with older versions of OpenSSL, set this
|
|
||||||
+option to B<yes>. This setting also affects TLS, where signature algorithms
|
|
||||||
+that use SHA1 as digest will no longer be supported if this option is set to
|
|
||||||
+B<no>.
|
|
||||||
+
|
|
||||||
=item B<fips_mode> (deprecated)
|
|
||||||
|
|
||||||
The value is a boolean that can be B<yes> or B<no>. If the value is
|
|
||||||
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
|
|
||||||
index 934d4b089c209a16b01a364da0f528afd4d12475..45346d7d0b0c91eae4a9d4466ed314c0873cf6f6 100644
|
|
||||||
--- a/include/internal/cryptlib.h
|
|
||||||
+++ b/include/internal/cryptlib.h
|
|
||||||
@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st {
|
|
||||||
# define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16
|
|
||||||
# define OSSL_LIB_CTX_BIO_CORE_INDEX 17
|
|
||||||
# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
|
|
||||||
-# define OSSL_LIB_CTX_MAX_INDEXES 19
|
|
||||||
+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES 19
|
|
||||||
+# define OSSL_LIB_CTX_MAX_INDEXES 20
|
|
||||||
|
|
||||||
# define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1
|
|
||||||
# define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0
|
|
||||||
diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h
|
|
||||||
index fd7f7e333183dde57a283dab7372f9afb38c0eb4..05464b0655b20da2035f6781f44ac577e895fc8a 100644
|
|
||||||
--- a/include/internal/sslconf.h
|
|
||||||
+++ b/include/internal/sslconf.h
|
|
||||||
@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx);
|
|
||||||
void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
|
|
||||||
char **arg);
|
|
||||||
|
|
||||||
+/* Methods to support disabling all signatures with legacy digests */
|
|
||||||
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig);
|
|
||||||
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
|
|
||||||
+ int loadconfig);
|
|
||||||
#endif
|
|
||||||
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
|
|
||||||
index 446ad6b4c11cf8dcad9dcb86df38816eff4bf772..9e47f5655957e661fa4f66f5e67a78c6c7d2fe5b 100644
|
|
||||||
--- a/providers/common/securitycheck.c
|
|
||||||
+++ b/providers/common/securitycheck.c
|
|
||||||
@@ -19,6 +19,7 @@
|
|
||||||
#include <openssl/core_names.h>
|
|
||||||
#include <openssl/obj_mac.h>
|
|
||||||
#include "prov/securitycheck.h"
|
|
||||||
+#include "internal/sslconf.h"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* FIPS requires a minimum security strength of 112 bits (for encryption or
|
|
||||||
@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
||||||
mdnid = -1; /* disallowed by security checks */
|
|
||||||
}
|
|
||||||
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
|
||||||
+
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
|
||||||
+ /* SHA1 is globally disabled, check whether we want to locally allow
|
|
||||||
+ * it. */
|
|
||||||
+ if (mdnid == NID_sha1 && !sha1_allowed)
|
|
||||||
+ mdnid = -1;
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
return mdnid;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
|
|
||||||
if (ossl_securitycheck_enabled(ctx))
|
|
||||||
return ossl_digest_get_approved_nid(md) != NID_undef;
|
|
||||||
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
|
||||||
+
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
+ {
|
|
||||||
+ int mdnid = EVP_MD_nid(md);
|
|
||||||
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
|
|
||||||
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
|
|
||||||
index de7f0d3a0a5718bd06a55d3d92236c27ffb7d0d5..ce54a94fbc9b3f48052c0bd5acf5b0aa349c4e91 100644
|
|
||||||
--- a/providers/common/securitycheck_default.c
|
|
||||||
+++ b/providers/common/securitycheck_default.c
|
|
||||||
@@ -15,6 +15,7 @@
|
|
||||||
#include <openssl/obj_mac.h>
|
|
||||||
#include "prov/securitycheck.h"
|
|
||||||
#include "internal/nelem.h"
|
|
||||||
+#include "internal/sslconf.h"
|
|
||||||
|
|
||||||
/* Disable the security checks in the default provider */
|
|
||||||
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
|
|
||||||
@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
|
|
||||||
}
|
|
||||||
|
|
||||||
int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
||||||
- ossl_unused int sha1_allowed)
|
|
||||||
+ int sha1_allowed)
|
|
||||||
{
|
|
||||||
int mdnid;
|
|
||||||
+ int ldsigs_allowed;
|
|
||||||
|
|
||||||
static const OSSL_ITEM name_to_nid[] = {
|
|
||||||
{ NID_md5, OSSL_DIGEST_NAME_MD5 },
|
|
||||||
@@ -36,8 +38,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
||||||
{ NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
|
|
||||||
};
|
|
||||||
|
|
||||||
- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1);
|
|
||||||
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0);
|
|
||||||
+ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed);
|
|
||||||
if (mdnid == NID_undef)
|
|
||||||
mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
|
|
||||||
+ if (mdnid == NID_md5_sha1 && !ldsigs_allowed)
|
|
||||||
+ mdnid = -1;
|
|
||||||
return mdnid;
|
|
||||||
}
|
|
||||||
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
|
|
||||||
index 28fd7c498e9922b6fabd1fafa452afe7ca3734ec..fa3822f39fd14a16c761b316e276c68868f35c7d 100644
|
|
||||||
--- a/providers/implementations/signature/dsa_sig.c
|
|
||||||
+++ b/providers/implementations/signature/dsa_sig.c
|
|
||||||
@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
|
|
||||||
mdprops = ctx->propq;
|
|
||||||
|
|
||||||
if (mdname != NULL) {
|
|
||||||
- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
|
||||||
WPACKET pkt;
|
|
||||||
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
|
|
||||||
- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
|
|
||||||
- sha1_allowed);
|
|
||||||
+ int md_nid;
|
|
||||||
size_t mdname_len = strlen(mdname);
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
|
||||||
+#else
|
|
||||||
+ int sha1_allowed = 0;
|
|
||||||
+#endif
|
|
||||||
+ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
|
|
||||||
+ sha1_allowed);
|
|
||||||
|
|
||||||
if (md == NULL || md_nid < 0) {
|
|
||||||
if (md == NULL)
|
|
||||||
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
|
|
||||||
index 865d49d1004f0031c82c24c218828a7d9c7269c6..99b228e82c408171bb2458244d2cf763e32a19fb 100644
|
|
||||||
--- a/providers/implementations/signature/ecdsa_sig.c
|
|
||||||
+++ b/providers/implementations/signature/ecdsa_sig.c
|
|
||||||
@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
|
|
||||||
"%s could not be fetched", mdname);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
|
||||||
+#else
|
|
||||||
+ sha1_allowed = 0;
|
|
||||||
+#endif
|
|
||||||
md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
|
|
||||||
sha1_allowed);
|
|
||||||
if (md_nid < 0) {
|
|
||||||
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
|
||||||
index 7023a866131e38c214ac7326fdd83274dab81833..f66d7705c35add553694c5808b51d5696f678ee7 100644
|
|
||||||
--- a/providers/implementations/signature/rsa_sig.c
|
|
||||||
+++ b/providers/implementations/signature/rsa_sig.c
|
|
||||||
@@ -25,6 +25,7 @@
|
|
||||||
#include "internal/cryptlib.h"
|
|
||||||
#include "internal/nelem.h"
|
|
||||||
#include "internal/sizes.h"
|
|
||||||
+#include "internal/sslconf.h"
|
|
||||||
#include "crypto/rsa.h"
|
|
||||||
#include "prov/providercommon.h"
|
|
||||||
#include "prov/implementations.h"
|
|
||||||
@@ -33,6 +34,7 @@
|
|
||||||
#include "prov/securitycheck.h"
|
|
||||||
|
|
||||||
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
|
|
||||||
+#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256
|
|
||||||
|
|
||||||
static OSSL_FUNC_signature_newctx_fn rsa_newctx;
|
|
||||||
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
|
|
||||||
@@ -288,10 +290,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
|
|
||||||
|
|
||||||
if (mdname != NULL) {
|
|
||||||
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
|
|
||||||
+ int md_nid;
|
|
||||||
+ size_t mdname_len = strlen(mdname);
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
|
||||||
- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
|
|
||||||
+#else
|
|
||||||
+ int sha1_allowed = 0;
|
|
||||||
+#endif
|
|
||||||
+ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
|
|
||||||
sha1_allowed);
|
|
||||||
- size_t mdname_len = strlen(mdname);
|
|
||||||
|
|
||||||
if (md == NULL
|
|
||||||
|| md_nid <= 0
|
|
||||||
@@ -1347,8 +1354,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
|
||||||
prsactx->pad_mode = pad_mode;
|
|
||||||
|
|
||||||
if (prsactx->md == NULL && pmdname == NULL
|
|
||||||
- && pad_mode == RSA_PKCS1_PSS_PADDING)
|
|
||||||
+ && pad_mode == RSA_PKCS1_PSS_PADDING) {
|
|
||||||
pmdname = RSA_DEFAULT_DIGEST_NAME;
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) {
|
|
||||||
+ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
|
|
||||||
if (pmgf1mdname != NULL
|
|
||||||
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
|
|
||||||
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
|
||||||
index 51c2283db915d792fa3020a2d7cbdc0d91fc9dca..89c1dd31c72271b1923ab972e3d3359b6c8e1a03 100644
|
|
||||||
--- a/ssl/t1_lib.c
|
|
||||||
+++ b/ssl/t1_lib.c
|
|
||||||
@@ -20,6 +20,7 @@
|
|
||||||
#include <openssl/bn.h>
|
|
||||||
#include <openssl/provider.h>
|
|
||||||
#include <openssl/param_build.h>
|
|
||||||
+#include "internal/sslconf.h"
|
|
||||||
#include "internal/nelem.h"
|
|
||||||
#include "internal/sizes.h"
|
|
||||||
#include "internal/tlsgroups.h"
|
|
||||||
@@ -1150,11 +1151,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
|
|
||||||
= OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl));
|
|
||||||
EVP_PKEY *tmpkey = EVP_PKEY_new();
|
|
||||||
int ret = 0;
|
|
||||||
+ int ldsigs_allowed;
|
|
||||||
|
|
||||||
if (cache == NULL || tmpkey == NULL)
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
ERR_set_mark();
|
|
||||||
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0);
|
|
||||||
for (i = 0, lu = sigalg_lookup_tbl;
|
|
||||||
i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
|
|
||||||
EVP_PKEY_CTX *pctx;
|
|
||||||
@@ -1174,6 +1177,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
|
|
||||||
cache[i].enabled = 0;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
|
|
||||||
+ && !ldsigs_allowed) {
|
|
||||||
+ cache[i].enabled = 0;
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
|
|
||||||
cache[i].enabled = 0;
|
|
||||||
diff --git a/util/libcrypto.num b/util/libcrypto.num
|
|
||||||
index 4e729be97d7b31b4caf0c3bab06dbce908dc2628..2ad515028ac6522e43cdb48794ba2cc96de56049 100644
|
|
||||||
--- a/util/libcrypto.num
|
|
||||||
+++ b/util/libcrypto.num
|
|
||||||
@@ -5429,3 +5429,5 @@ OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
|
|
||||||
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
|
|
||||||
OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP
|
|
||||||
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
|
||||||
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
|
||||||
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
|
||||||
--
|
|
||||||
2.39.1
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
@ -1,221 +0,0 @@
|
|||||||
From f470b130139919f32926b3f5a75ba4d161cbcf88 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Clemens Lang <cllang@redhat.com>
|
|
||||||
Date: Tue, 1 Mar 2022 15:44:18 +0100
|
|
||||||
Subject: [PATCH 2/2] Allow SHA1 in seclevel 1 if rh-allow-sha1-signatures =
|
|
||||||
yes
|
|
||||||
|
|
||||||
NOTE: This patch is ported from CentOS 9 / RHEL 9, where it allows SHA1
|
|
||||||
in seclevel 2 if rh-allow-sha1-signatures = yes. This was chosen because
|
|
||||||
on CentOS 9 and RHEL 9, the LEGACY crypto policy sets the security level
|
|
||||||
to 2.
|
|
||||||
|
|
||||||
On Fedora 35 (with OpenSSL 1.1) the legacy crypto policy uses security
|
|
||||||
level 1. Because Fedora 36 supports both OpenSSL 1.1 and OpenSSL 3, and
|
|
||||||
we want the legacy crypto policy to allow SHA-1 in TLS, the only option
|
|
||||||
to make this happen consistently in both OpenSSL 1.1 and OpenSSL 3 is
|
|
||||||
SECLEVEL=1 (which will allow SHA-1 in OpenSSL 1.1) and this change to
|
|
||||||
allow SHA-1 in SECLEVEL=1 with rh-allow-sha1-signatures = yes (which
|
|
||||||
will allow SHA-1 in OpenSSL 3).
|
|
||||||
|
|
||||||
The change from CentOS 9 / RHEL 9 cannot be applied unmodified, because
|
|
||||||
rh-allow-sha1-signatures will default to yes in Fedora (according to our
|
|
||||||
current plans including until F38), and the security level in the
|
|
||||||
DEFAULT crypto policy is 2, i.e., the unmodified change would weaken the
|
|
||||||
default configuration.
|
|
||||||
|
|
||||||
Related: rhbz#2055796
|
|
||||||
Related: rhbz#2070977
|
|
||||||
---
|
|
||||||
crypto/x509/x509_vfy.c | 20 ++++++++++-
|
|
||||||
doc/man5/config.pod | 7 ++++
|
|
||||||
ssl/t1_lib.c | 67 ++++++++++++++++++++++++++++-------
|
|
||||||
test/recipes/25-test_verify.t | 4 +--
|
|
||||||
4 files changed, 82 insertions(+), 16 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
|
|
||||||
index 2f175ca517..bf0c608839 100644
|
|
||||||
--- a/crypto/x509/x509_vfy.c
|
|
||||||
+++ b/crypto/x509/x509_vfy.c
|
|
||||||
@@ -25,6 +25,7 @@
|
|
||||||
#include <openssl/objects.h>
|
|
||||||
#include <openssl/core_names.h>
|
|
||||||
#include "internal/dane.h"
|
|
||||||
+#include "internal/sslconf.h"
|
|
||||||
#include "crypto/x509.h"
|
|
||||||
#include "x509_local.h"
|
|
||||||
|
|
||||||
@@ -3441,14 +3442,31 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
|
|
||||||
{
|
|
||||||
int secbits = -1;
|
|
||||||
int level = ctx->param->auth_level;
|
|
||||||
+ int nid;
|
|
||||||
+ OSSL_LIB_CTX *libctx = NULL;
|
|
||||||
|
|
||||||
if (level <= 0)
|
|
||||||
return 1;
|
|
||||||
if (level > NUM_AUTH_LEVELS)
|
|
||||||
level = NUM_AUTH_LEVELS;
|
|
||||||
|
|
||||||
- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
|
|
||||||
+ if (ctx->libctx)
|
|
||||||
+ libctx = ctx->libctx;
|
|
||||||
+ else if (cert->libctx)
|
|
||||||
+ libctx = cert->libctx;
|
|
||||||
+ else
|
|
||||||
+ libctx = OSSL_LIB_CTX_get0_global_default();
|
|
||||||
+
|
|
||||||
+ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
+ if ((nid == NID_sha1 || nid == NID_md5_sha1)
|
|
||||||
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
|
|
||||||
+ && ctx->param->auth_level < 2)
|
|
||||||
+ /* When rh-allow-sha1-signatures = yes and security level <= 1,
|
|
||||||
+ * explicitly allow SHA1 for backwards compatibility. Also allow
|
|
||||||
+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
|
|
||||||
+ return 1;
|
|
||||||
+
|
|
||||||
return secbits >= minbits_table[level - 1];
|
|
||||||
}
|
|
||||||
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
|
|
||||||
index 0c9110d28a..e0516d20b8 100644
|
|
||||||
--- a/doc/man5/config.pod
|
|
||||||
+++ b/doc/man5/config.pod
|
|
||||||
@@ -309,6 +309,13 @@ this option is set to B<no>. Because TLS 1.1 or lower use MD5-SHA1 as
|
|
||||||
pseudorandom function (PRF) to derive key material, disabling
|
|
||||||
B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or newer.
|
|
||||||
|
|
||||||
+Note that enabling B<rh-allow-sha1-signatures> will allow TLS signature
|
|
||||||
+algorithms that use SHA1 in security level 1, despite the definition of
|
|
||||||
+security level 1 of 80 bits of security, which SHA1 and MD5-SHA1 do not meet.
|
|
||||||
+This allows using SHA1 and MD5-SHA1 in TLS in the LEGACY crypto-policy on
|
|
||||||
+Fedora without requiring to set the security level to 0, which would include
|
|
||||||
+further insecure algorithms, and thus restores support for TLS 1.0 and 1.1.
|
|
||||||
+
|
|
||||||
=item B<fips_mode> (deprecated)
|
|
||||||
|
|
||||||
The value is a boolean that can be B<yes> or B<no>. If the value is
|
|
||||||
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
|
||||||
index dcd487ec2e..0b50266b69 100644
|
|
||||||
--- a/ssl/t1_lib.c
|
|
||||||
+++ b/ssl/t1_lib.c
|
|
||||||
@@ -20,6 +20,7 @@
|
|
||||||
#include <openssl/bn.h>
|
|
||||||
#include <openssl/provider.h>
|
|
||||||
#include <openssl/param_build.h>
|
|
||||||
+#include "crypto/x509.h"
|
|
||||||
#include "internal/sslconf.h"
|
|
||||||
#include "internal/nelem.h"
|
|
||||||
#include "internal/sizes.h"
|
|
||||||
@@ -1561,19 +1562,28 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
|
|
||||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
- /*
|
|
||||||
- * Make sure security callback allows algorithm. For historical
|
|
||||||
- * reasons we have to pass the sigalg as a two byte char array.
|
|
||||||
- */
|
|
||||||
- sigalgstr[0] = (sig >> 8) & 0xff;
|
|
||||||
- sigalgstr[1] = sig & 0xff;
|
|
||||||
- secbits = sigalg_security_bits(s->ctx, lu);
|
|
||||||
- if (secbits == 0 ||
|
|
||||||
- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
|
|
||||||
- md != NULL ? EVP_MD_get_type(md) : NID_undef,
|
|
||||||
- (void *)sigalgstr)) {
|
|
||||||
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
|
|
||||||
- return 0;
|
|
||||||
+
|
|
||||||
+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
|
|
||||||
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
|
|
||||||
+ && SSL_get_security_level(s) < 2) {
|
|
||||||
+ /* When rh-allow-sha1-signatures = yes and security level <= 1,
|
|
||||||
+ * explicitly allow SHA1 for backwards compatibility. Also allow
|
|
||||||
+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
|
|
||||||
+ } else {
|
|
||||||
+ /*
|
|
||||||
+ * Make sure security callback allows algorithm. For historical
|
|
||||||
+ * reasons we have to pass the sigalg as a two byte char array.
|
|
||||||
+ */
|
|
||||||
+ sigalgstr[0] = (sig >> 8) & 0xff;
|
|
||||||
+ sigalgstr[1] = sig & 0xff;
|
|
||||||
+ secbits = sigalg_security_bits(s->ctx, lu);
|
|
||||||
+ if (secbits == 0 ||
|
|
||||||
+ !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
|
|
||||||
+ md != NULL ? EVP_MD_get_type(md) : NID_undef,
|
|
||||||
+ (void *)sigalgstr)) {
|
|
||||||
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
/* Store the sigalg the peer uses */
|
|
||||||
s->s3.tmp.peer_sigalg = lu;
|
|
||||||
@@ -2106,6 +2116,15 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
|
|
||||||
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
|
|
||||||
+ && SSL_get_security_level(s) < 2) {
|
|
||||||
+ /* When rh-allow-sha1-signatures = yes and security level <= 1,
|
|
||||||
+ * explicitly allow SHA1 for backwards compatibility. Also allow
|
|
||||||
+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
|
|
||||||
+ return 1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* Finally see if security callback allows it */
|
|
||||||
secbits = sigalg_security_bits(s->ctx, lu);
|
|
||||||
sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
|
|
||||||
@@ -2977,6 +2996,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
|
|
||||||
{
|
|
||||||
/* Lookup signature algorithm digest */
|
|
||||||
int secbits, nid, pknid;
|
|
||||||
+ OSSL_LIB_CTX *libctx = NULL;
|
|
||||||
+
|
|
||||||
/* Don't check signature if self signed */
|
|
||||||
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
|
|
||||||
return 1;
|
|
||||||
@@ -2985,6 +3006,26 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
|
|
||||||
/* If digest NID not defined use signature NID */
|
|
||||||
if (nid == NID_undef)
|
|
||||||
nid = pknid;
|
|
||||||
+
|
|
||||||
+ if (x && x->libctx)
|
|
||||||
+ libctx = x->libctx;
|
|
||||||
+ else if (ctx && ctx->libctx)
|
|
||||||
+ libctx = ctx->libctx;
|
|
||||||
+ else if (s && s->ctx && s->ctx->libctx)
|
|
||||||
+ libctx = s->ctx->libctx;
|
|
||||||
+ else
|
|
||||||
+ libctx = OSSL_LIB_CTX_get0_global_default();
|
|
||||||
+
|
|
||||||
+ if ((nid == NID_sha1 || nid == NID_md5_sha1)
|
|
||||||
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
|
|
||||||
+ && ((s != NULL && SSL_get_security_level(s) < 2)
|
|
||||||
+ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2)
|
|
||||||
+ ))
|
|
||||||
+ /* When rh-allow-sha1-signatures = yes and security level <= 1,
|
|
||||||
+ * explicitly allow SHA1 for backwards compatibility. Also allow
|
|
||||||
+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
|
|
||||||
+ return 1;
|
|
||||||
+
|
|
||||||
if (s)
|
|
||||||
return ssl_security(s, op, secbits, nid, x);
|
|
||||||
else
|
|
||||||
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
|
|
||||||
index 700bbd849c..280477bc9d 100644
|
|
||||||
--- a/test/recipes/25-test_verify.t
|
|
||||||
+++ b/test/recipes/25-test_verify.t
|
|
||||||
@@ -387,8 +387,8 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"
|
|
||||||
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
|
|
||||||
"CA with PSS signature using SHA256");
|
|
||||||
|
|
||||||
-ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
|
|
||||||
- "Reject PSS signature using SHA1 and auth level 1");
|
|
||||||
+ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
|
|
||||||
+ "Reject PSS signature using SHA1 and auth level 2");
|
|
||||||
|
|
||||||
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
|
|
||||||
"PSS signature using SHA256 and auth level 2");
|
|
||||||
--
|
|
||||||
2.35.1
|
|
||||||
|
|
@ -1,206 +0,0 @@
|
|||||||
From dbd1021466572be733dfc6f7ae484f1adf467f40 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Clemens Lang <cllang@redhat.com>
|
|
||||||
Date: Tue, 1 Mar 2022 15:44:18 +0100
|
|
||||||
Subject: [PATCH] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
|
|
||||||
|
|
||||||
References: rhbz#2055796
|
|
||||||
---
|
|
||||||
crypto/x509/x509_vfy.c | 19 ++++++++++-
|
|
||||||
doc/man5/config.pod | 7 +++-
|
|
||||||
ssl/t1_lib.c | 64 ++++++++++++++++++++++++++++-------
|
|
||||||
test/recipes/25-test_verify.t | 7 ++--
|
|
||||||
4 files changed, 79 insertions(+), 18 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
|
|
||||||
index 2f175ca517f5dd8f8e7d79e5d562981b74c8f987..d1c7d0ce204ca31021a4497ddaa8e7dee45ff6f6 100644
|
|
||||||
--- a/crypto/x509/x509_vfy.c
|
|
||||||
+++ b/crypto/x509/x509_vfy.c
|
|
||||||
@@ -25,6 +25,7 @@
|
|
||||||
#include <openssl/objects.h>
|
|
||||||
#include <openssl/core_names.h>
|
|
||||||
#include "internal/dane.h"
|
|
||||||
+#include "internal/sslconf.h"
|
|
||||||
#include "crypto/x509.h"
|
|
||||||
#include "x509_local.h"
|
|
||||||
|
|
||||||
@@ -3441,14 +3442,30 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
|
|
||||||
{
|
|
||||||
int secbits = -1;
|
|
||||||
int level = ctx->param->auth_level;
|
|
||||||
+ int nid;
|
|
||||||
+ OSSL_LIB_CTX *libctx = NULL;
|
|
||||||
|
|
||||||
if (level <= 0)
|
|
||||||
return 1;
|
|
||||||
if (level > NUM_AUTH_LEVELS)
|
|
||||||
level = NUM_AUTH_LEVELS;
|
|
||||||
|
|
||||||
- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
|
|
||||||
+ if (ctx->libctx)
|
|
||||||
+ libctx = ctx->libctx;
|
|
||||||
+ else if (cert->libctx)
|
|
||||||
+ libctx = cert->libctx;
|
|
||||||
+ else
|
|
||||||
+ libctx = OSSL_LIB_CTX_get0_global_default();
|
|
||||||
+
|
|
||||||
+ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
+ if (nid == NID_sha1
|
|
||||||
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
|
|
||||||
+ && ctx->param->auth_level < 3)
|
|
||||||
+ /* When rh-allow-sha1-signatures = yes and security level <= 2,
|
|
||||||
+ * explicitly allow SHA1 for backwards compatibility. */
|
|
||||||
+ return 1;
|
|
||||||
+
|
|
||||||
return secbits >= minbits_table[level - 1];
|
|
||||||
}
|
|
||||||
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
|
|
||||||
index f1536258470563b4fe74f8d1e3db6d73ed316341..29ca805ea7152aa9d39bb14e74cc7fd704ec7acf 100644
|
|
||||||
--- a/doc/man5/config.pod
|
|
||||||
+++ b/doc/man5/config.pod
|
|
||||||
@@ -313,7 +313,12 @@ When set to B<no>, any attempt to create or verify a signature with a SHA1
|
|
||||||
digest will fail. For compatibility with older versions of OpenSSL, set this
|
|
||||||
option to B<yes>. This setting also affects TLS, where signature algorithms
|
|
||||||
that use SHA1 as digest will no longer be supported if this option is set to
|
|
||||||
-B<no>.
|
|
||||||
+B<no>. Note that enabling B<rh-allow-sha1-signatures> will allow TLS signature
|
|
||||||
+algorithms that use SHA1 in security level 2, despite the definition of
|
|
||||||
+security level 2 of 112 bits of security, which SHA1 does not meet. Because
|
|
||||||
+TLS 1.1 or lower use MD5-SHA1 as pseudorandom function (PRF) to derive key
|
|
||||||
+material, disabling B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or
|
|
||||||
+newer.
|
|
||||||
|
|
||||||
=item B<fips_mode> (deprecated)
|
|
||||||
|
|
||||||
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
|
||||||
index 909e38c2fe88324884a939b583fd7f43d01f3920..860c7a81d1eaa834e72f81e433e7a0a6a8b1b641 100644
|
|
||||||
--- a/ssl/t1_lib.c
|
|
||||||
+++ b/ssl/t1_lib.c
|
|
||||||
@@ -20,6 +20,7 @@
|
|
||||||
#include <openssl/bn.h>
|
|
||||||
#include <openssl/provider.h>
|
|
||||||
#include <openssl/param_build.h>
|
|
||||||
+#include "crypto/x509.h"
|
|
||||||
#include "internal/sslconf.h"
|
|
||||||
#include "internal/nelem.h"
|
|
||||||
#include "internal/sizes.h"
|
|
||||||
@@ -1566,19 +1567,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
|
|
||||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
- /*
|
|
||||||
- * Make sure security callback allows algorithm. For historical
|
|
||||||
- * reasons we have to pass the sigalg as a two byte char array.
|
|
||||||
- */
|
|
||||||
- sigalgstr[0] = (sig >> 8) & 0xff;
|
|
||||||
- sigalgstr[1] = sig & 0xff;
|
|
||||||
- secbits = sigalg_security_bits(s->ctx, lu);
|
|
||||||
- if (secbits == 0 ||
|
|
||||||
- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
|
|
||||||
- md != NULL ? EVP_MD_get_type(md) : NID_undef,
|
|
||||||
- (void *)sigalgstr)) {
|
|
||||||
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
|
|
||||||
- return 0;
|
|
||||||
+
|
|
||||||
+ if (lu->hash == NID_sha1
|
|
||||||
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
|
|
||||||
+ && SSL_get_security_level(s) < 3) {
|
|
||||||
+ /* when rh-allow-sha1-signatures = yes and security level <= 2,
|
|
||||||
+ * explicitly allow SHA1 for backwards compatibility */
|
|
||||||
+ } else {
|
|
||||||
+ /*
|
|
||||||
+ * Make sure security callback allows algorithm. For historical
|
|
||||||
+ * reasons we have to pass the sigalg as a two byte char array.
|
|
||||||
+ */
|
|
||||||
+ sigalgstr[0] = (sig >> 8) & 0xff;
|
|
||||||
+ sigalgstr[1] = sig & 0xff;
|
|
||||||
+ secbits = sigalg_security_bits(s->ctx, lu);
|
|
||||||
+ if (secbits == 0 ||
|
|
||||||
+ !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
|
|
||||||
+ md != NULL ? EVP_MD_get_type(md) : NID_undef,
|
|
||||||
+ (void *)sigalgstr)) {
|
|
||||||
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
/* Store the sigalg the peer uses */
|
|
||||||
s->s3.tmp.peer_sigalg = lu;
|
|
||||||
@@ -2111,6 +2120,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (lu->hash == NID_sha1
|
|
||||||
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
|
|
||||||
+ && SSL_get_security_level(s) < 3) {
|
|
||||||
+ /* when rh-allow-sha1-signatures = yes and security level <= 2,
|
|
||||||
+ * explicitly allow SHA1 for backwards compatibility */
|
|
||||||
+ return 1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* Finally see if security callback allows it */
|
|
||||||
secbits = sigalg_security_bits(s->ctx, lu);
|
|
||||||
sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
|
|
||||||
@@ -2980,6 +2997,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
|
|
||||||
{
|
|
||||||
/* Lookup signature algorithm digest */
|
|
||||||
int secbits, nid, pknid;
|
|
||||||
+ OSSL_LIB_CTX *libctx = NULL;
|
|
||||||
+
|
|
||||||
/* Don't check signature if self signed */
|
|
||||||
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
|
|
||||||
return 1;
|
|
||||||
@@ -2988,6 +3007,25 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
|
|
||||||
/* If digest NID not defined use signature NID */
|
|
||||||
if (nid == NID_undef)
|
|
||||||
nid = pknid;
|
|
||||||
+
|
|
||||||
+ if (x && x->libctx)
|
|
||||||
+ libctx = x->libctx;
|
|
||||||
+ else if (ctx && ctx->libctx)
|
|
||||||
+ libctx = ctx->libctx;
|
|
||||||
+ else if (s && s->ctx && s->ctx->libctx)
|
|
||||||
+ libctx = s->ctx->libctx;
|
|
||||||
+ else
|
|
||||||
+ libctx = OSSL_LIB_CTX_get0_global_default();
|
|
||||||
+
|
|
||||||
+ if (nid == NID_sha1
|
|
||||||
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
|
|
||||||
+ && ((s != NULL && SSL_get_security_level(s) < 3)
|
|
||||||
+ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 3)
|
|
||||||
+ ))
|
|
||||||
+ /* When rh-allow-sha1-signatures = yes and security level <= 2,
|
|
||||||
+ * explicitly allow SHA1 for backwards compatibility. */
|
|
||||||
+ return 1;
|
|
||||||
+
|
|
||||||
if (s)
|
|
||||||
return ssl_security(s, op, secbits, nid, x);
|
|
||||||
else
|
|
||||||
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
|
|
||||||
index bf85ba57c1cf51fe4e8e54654890121bac6738fe..d5665434aaef1ca2b5f2f37b2499f40b1405fd9d 100644
|
|
||||||
--- a/test/recipes/25-test_verify.t
|
|
||||||
+++ b/test/recipes/25-test_verify.t
|
|
||||||
@@ -29,7 +29,7 @@ sub verify {
|
|
||||||
run(app([@args]));
|
|
||||||
}
|
|
||||||
|
|
||||||
-plan tests => 163;
|
|
||||||
+plan tests => 162;
|
|
||||||
|
|
||||||
# Canonical success
|
|
||||||
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
|
|
||||||
@@ -410,8 +410,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"
|
|
||||||
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
|
|
||||||
"CA with PSS signature using SHA256");
|
|
||||||
|
|
||||||
-ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
|
|
||||||
- "Reject PSS signature using SHA1 and auth level 1");
|
|
||||||
+## rh-allow-sha1-signatures=yes allows this to pass despite -auth_level 1
|
|
||||||
+#ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
|
|
||||||
+# "Reject PSS signature using SHA1 and auth level 1");
|
|
||||||
|
|
||||||
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
|
|
||||||
"PSS signature using SHA256 and auth level 2");
|
|
||||||
--
|
|
||||||
2.37.2
|
|
||||||
|
|
@ -1,238 +0,0 @@
|
|||||||
From 428369896db1656af748a67bb36fba039e7b39ad Mon Sep 17 00:00:00 2001
|
|
||||||
From: Clemens Lang <cllang@redhat.com>
|
|
||||||
Date: Mon, 25 Apr 2022 15:21:46 +0200
|
|
||||||
Subject: [PATCH] Instrument SHA-1 signatures with USDT probes
|
|
||||||
|
|
||||||
In order to discover remaining uses of SHA-1 in signatures without
|
|
||||||
forcefully breaking the code paths, add USDT probes that can be queried
|
|
||||||
with systemtap at runtime.
|
|
||||||
|
|
||||||
This should allow identifying components that still use SHA-1 signatures
|
|
||||||
in production so that they can be transitioned to more modern hash
|
|
||||||
algorithms.
|
|
||||||
---
|
|
||||||
crypto/evp/m_sigver.c | 13 +++++++++----
|
|
||||||
crypto/evp/pmeth_lib.c | 13 +++++++++----
|
|
||||||
crypto/x509/x509_vfy.c | 6 +++++-
|
|
||||||
providers/common/securitycheck.c | 22 +++++++++++++++-------
|
|
||||||
providers/common/securitycheck_default.c | 13 +++++++++++--
|
|
||||||
ssl/t1_lib.c | 8 +++++++-
|
|
||||||
6 files changed, 56 insertions(+), 19 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
|
|
||||||
index 8da2183ce0..c17cdfa5d5 100644
|
|
||||||
--- a/crypto/evp/m_sigver.c
|
|
||||||
+++ b/crypto/evp/m_sigver.c
|
|
||||||
@@ -16,6 +16,8 @@
|
|
||||||
#include "internal/numbers.h" /* includes SIZE_MAX */
|
|
||||||
#include "evp_local.h"
|
|
||||||
|
|
||||||
+#include <sys/sdt.h>
|
|
||||||
+
|
|
||||||
typedef struct ossl_legacy_digest_signatures_st {
|
|
||||||
int allowed;
|
|
||||||
} OSSL_LEGACY_DIGEST_SIGNATURES;
|
|
||||||
@@ -336,10 +338,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
|
|
||||||
&& !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) {
|
|
||||||
int mdnid = EVP_MD_nid(ctx->reqdigest);
|
|
||||||
- if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)
|
|
||||||
- && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) {
|
|
||||||
- ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
|
|
||||||
- goto err;
|
|
||||||
+ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) {
|
|
||||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)) {
|
|
||||||
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
|
|
||||||
+ goto err;
|
|
||||||
+ } else {
|
|
||||||
+ DTRACE_PROBE1(libcrypto, fedora_do_sigver_init_1, mdnid);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
|
|
||||||
index b96f148c0d..54fcf24945 100644
|
|
||||||
--- a/crypto/evp/pmeth_lib.c
|
|
||||||
+++ b/crypto/evp/pmeth_lib.c
|
|
||||||
@@ -37,6 +37,8 @@
|
|
||||||
#include "internal/sslconf.h"
|
|
||||||
#include "evp_local.h"
|
|
||||||
|
|
||||||
+#include <sys/sdt.h>
|
|
||||||
+
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
|
|
||||||
static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx,
|
|
||||||
@@ -956,10 +958,13 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
|
|
||||||
&& !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
|
|
||||||
&& !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
|
|
||||||
int mdnid = EVP_MD_nid(md);
|
|
||||||
- if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
|
|
||||||
- && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
|
|
||||||
- ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
|
|
||||||
- return -1;
|
|
||||||
+ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) {
|
|
||||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
|
|
||||||
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
|
|
||||||
+ return -1;
|
|
||||||
+ } else {
|
|
||||||
+ DTRACE_PROBE1(libcrypto, fedora_evp_pkey_ctx_set_md_1, mdnid);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
|
|
||||||
index bf0c608839..78638ce80e 100644
|
|
||||||
--- a/crypto/x509/x509_vfy.c
|
|
||||||
+++ b/crypto/x509/x509_vfy.c
|
|
||||||
@@ -29,6 +29,8 @@
|
|
||||||
#include "crypto/x509.h"
|
|
||||||
#include "x509_local.h"
|
|
||||||
|
|
||||||
+#include <sys/sdt.h>
|
|
||||||
+
|
|
||||||
/* CRL score values */
|
|
||||||
|
|
||||||
#define CRL_SCORE_NOCRITICAL 0x100 /* No unhandled critical extensions */
|
|
||||||
@@ -3462,11 +3464,13 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
|
|
||||||
|
|
||||||
if ((nid == NID_sha1 || nid == NID_md5_sha1)
|
|
||||||
&& ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
|
|
||||||
- && ctx->param->auth_level < 2)
|
|
||||||
+ && ctx->param->auth_level < 2) {
|
|
||||||
+ DTRACE_PROBE1(libcrypto, fedora_check_sig_level_1, nid);
|
|
||||||
/* When rh-allow-sha1-signatures = yes and security level <= 1,
|
|
||||||
* explicitly allow SHA1 for backwards compatibility. Also allow
|
|
||||||
* MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
|
|
||||||
return 1;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
return secbits >= minbits_table[level - 1];
|
|
||||||
}
|
|
||||||
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
|
|
||||||
index e534ad0a5f..bf496450cf 100644
|
|
||||||
--- a/providers/common/securitycheck.c
|
|
||||||
+++ b/providers/common/securitycheck.c
|
|
||||||
@@ -21,6 +21,8 @@
|
|
||||||
#include "prov/securitycheck.h"
|
|
||||||
#include "internal/sslconf.h"
|
|
||||||
|
|
||||||
+#include <sys/sdt.h>
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* FIPS requires a minimum security strength of 112 bits (for encryption or
|
|
||||||
* signing), and for legacy purposes 80 bits (for decryption or verifying).
|
|
||||||
@@ -238,11 +240,14 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
||||||
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
|
||||||
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
- if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
|
||||||
- /* SHA1 is globally disabled, check whether we want to locally allow
|
|
||||||
- * it. */
|
|
||||||
- if (mdnid == NID_sha1 && !sha1_allowed)
|
|
||||||
+ if (mdnid == NID_sha1 && !sha1_allowed) {
|
|
||||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
|
||||||
+ /* SHA1 is globally disabled, check whether we want to locally allow
|
|
||||||
+ * it. */
|
|
||||||
mdnid = -1;
|
|
||||||
+ else
|
|
||||||
+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_get_approved_nid_with_sha1_1, mdnid);
|
|
||||||
+ }
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return mdnid;
|
|
||||||
@@ -258,9 +263,12 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
{
|
|
||||||
int mdnid = EVP_MD_nid(md);
|
|
||||||
- if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
|
|
||||||
- && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
|
||||||
- return 0;
|
|
||||||
+ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) {
|
|
||||||
+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
|
||||||
+ return 0;
|
|
||||||
+ else
|
|
||||||
+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_is_allowed_1, mdnid);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
|
|
||||||
index ce54a94fbc..2d21e4a7df 100644
|
|
||||||
--- a/providers/common/securitycheck_default.c
|
|
||||||
+++ b/providers/common/securitycheck_default.c
|
|
||||||
@@ -17,6 +17,8 @@
|
|
||||||
#include "internal/nelem.h"
|
|
||||||
#include "internal/sslconf.h"
|
|
||||||
|
|
||||||
+#include <sys/sdt.h>
|
|
||||||
+
|
|
||||||
/* Disable the security checks in the default provider */
|
|
||||||
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
|
|
||||||
{
|
|
||||||
@@ -40,9 +42,16 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
||||||
|
|
||||||
ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0);
|
|
||||||
mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed);
|
|
||||||
+ if (mdnid == NID_sha1)
|
|
||||||
+ /* This will only happen if SHA1 is allowed, otherwise mdnid is -1. */
|
|
||||||
+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_rsa_sign_get_md_nid_1, mdnid);
|
|
||||||
if (mdnid == NID_undef)
|
|
||||||
mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
|
|
||||||
- if (mdnid == NID_md5_sha1 && !ldsigs_allowed)
|
|
||||||
- mdnid = -1;
|
|
||||||
+ if (mdnid == NID_md5_sha1) {
|
|
||||||
+ if (ldsigs_allowed)
|
|
||||||
+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_rsa_sign_get_md_nid_2, mdnid);
|
|
||||||
+ else
|
|
||||||
+ mdnid = -1;
|
|
||||||
+ }
|
|
||||||
return mdnid;
|
|
||||||
}
|
|
||||||
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
|
||||||
index 0b50266b69..d05e696a28 100644
|
|
||||||
--- a/ssl/t1_lib.c
|
|
||||||
+++ b/ssl/t1_lib.c
|
|
||||||
@@ -28,6 +28,8 @@
|
|
||||||
#include "ssl_local.h"
|
|
||||||
#include <openssl/ct.h>
|
|
||||||
|
|
||||||
+#include <sys/sdt.h>
|
|
||||||
+
|
|
||||||
static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey);
|
|
||||||
static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
|
|
||||||
|
|
||||||
@@ -1569,6 +1571,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
|
|
||||||
/* When rh-allow-sha1-signatures = yes and security level <= 1,
|
|
||||||
* explicitly allow SHA1 for backwards compatibility. Also allow
|
|
||||||
* MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
|
|
||||||
+ DTRACE_PROBE1(libssl, fedora_tls12_check_peer_sigalg_1, lu->hash);
|
|
||||||
} else {
|
|
||||||
/*
|
|
||||||
* Make sure security callback allows algorithm. For historical
|
|
||||||
@@ -2122,6 +2125,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
|
|
||||||
/* When rh-allow-sha1-signatures = yes and security level <= 1,
|
|
||||||
* explicitly allow SHA1 for backwards compatibility. Also allow
|
|
||||||
* MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
|
|
||||||
+ DTRACE_PROBE1(libssl, fedora_tls12_sigalg_allowed_1, lu->hash);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -3020,11 +3024,13 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
|
|
||||||
&& ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
|
|
||||||
&& ((s != NULL && SSL_get_security_level(s) < 2)
|
|
||||||
|| (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2)
|
|
||||||
- ))
|
|
||||||
+ )) {
|
|
||||||
/* When rh-allow-sha1-signatures = yes and security level <= 1,
|
|
||||||
* explicitly allow SHA1 for backwards compatibility. Also allow
|
|
||||||
* MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
|
|
||||||
+ DTRACE_PROBE1(libssl, fedora_ssl_security_cert_sig_1, nid);
|
|
||||||
return 1;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (s)
|
|
||||||
return ssl_security(s, op, secbits, nid, x);
|
|
||||||
--
|
|
||||||
2.35.1
|
|
||||||
|
|
@ -1,54 +0,0 @@
|
|||||||
diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num
|
|
||||||
--- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200
|
|
||||||
+++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200
|
|
||||||
@@ -5425,6 +5425,8 @@ ASN1_item_d2i_ex
|
|
||||||
OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
|
|
||||||
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
|
|
||||||
OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP
|
|
||||||
+OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION:
|
|
||||||
+OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION:
|
|
||||||
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
|
||||||
ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
|
||||||
ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
|
||||||
diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c
|
|
||||||
--- openssl-3.0.7/crypto/o_str.c.cmp 2022-11-25 12:50:22.449760653 +0100
|
|
||||||
+++ openssl-3.0.7/crypto/o_str.c 2022-11-25 12:51:19.416350584 +0100
|
|
||||||
@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
-int OPENSSL_strcasecmp(const char *s1, const char *s2)
|
|
||||||
+int
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
+__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"),
|
|
||||||
+ symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1")))
|
|
||||||
+#endif
|
|
||||||
+OPENSSL_strcasecmp(const char *s1, const char *s2)
|
|
||||||
{
|
|
||||||
int t;
|
|
||||||
|
|
||||||
@@ -352,7 +354,12 @@ int OPENSSL_strcasecmp(const char *s1, c
|
|
||||||
return t;
|
|
||||||
}
|
|
||||||
|
|
||||||
-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
|
|
||||||
+int
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
+__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"),
|
|
||||||
+ symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1")))
|
|
||||||
+#endif
|
|
||||||
+OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
|
|
||||||
{
|
|
||||||
int t;
|
|
||||||
size_t i;
|
|
||||||
diff -up openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp openssl-3.0.7/test/recipes/01-test_symbol_presence.t
|
|
||||||
--- openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp 2022-11-25 18:19:05.669769076 +0100
|
|
||||||
+++ openssl-3.0.7/test/recipes/01-test_symbol_presence.t 2022-11-25 18:31:20.993392678 +0100
|
|
||||||
@@ -77,6 +80,7 @@ foreach my $libname (@libnames) {
|
|
||||||
s| .*||;
|
|
||||||
# Drop OpenSSL dynamic version information if there is any
|
|
||||||
s|\@\@.+$||;
|
|
||||||
+ s|\@.+$||;
|
|
||||||
# Return the result
|
|
||||||
$_
|
|
||||||
}
|
|
@ -1,541 +0,0 @@
|
|||||||
diff -up openssl-3.0.1/providers/common/securitycheck.c.rsaenc openssl-3.0.1/providers/common/securitycheck.c
|
|
||||||
--- openssl-3.0.1/providers/common/securitycheck.c.rsaenc 2022-06-24 17:14:33.634692729 +0200
|
|
||||||
+++ openssl-3.0.1/providers/common/securitycheck.c 2022-06-24 17:16:08.966540605 +0200
|
|
||||||
@@ -27,6 +27,7 @@
|
|
||||||
* Set protect = 1 for encryption or signing operations, or 0 otherwise. See
|
|
||||||
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
|
|
||||||
*/
|
|
||||||
+/* Red Hat build implements some extra limitations in providers/implementations/asymciphers/rsa_enc.c */
|
|
||||||
int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation)
|
|
||||||
{
|
|
||||||
int protect = 0;
|
|
||||||
diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c
|
|
||||||
--- openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad 2022-05-02 16:04:47.000091901 +0200
|
|
||||||
+++ openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c 2022-05-02 16:14:50.922443581 +0200
|
|
||||||
@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsac
|
|
||||||
return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT);
|
|
||||||
}
|
|
||||||
|
|
||||||
+# ifdef FIPS_MODULE
|
|
||||||
+static int fips_padding_allowed(const PROV_RSA_CTX *prsactx)
|
|
||||||
+{
|
|
||||||
+ if (prsactx->pad_mode == RSA_PKCS1_PADDING
|
|
||||||
+ || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING)
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+# endif
|
|
||||||
+
|
|
||||||
static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
|
|
||||||
size_t outsize, const unsigned char *in, size_t inlen)
|
|
||||||
{
|
|
||||||
@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, u
|
|
||||||
if (!ossl_prov_is_running())
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
+# ifdef FIPS_MODULE
|
|
||||||
+ if (fips_padding_allowed(prsactx) == 0) {
|
|
||||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) {
|
|
||||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+# endif
|
|
||||||
+
|
|
||||||
if (out == NULL) {
|
|
||||||
size_t len = RSA_size(prsactx->rsa);
|
|
||||||
|
|
||||||
@@ -202,6 +220,18 @@ static int rsa_decrypt(void *vprsactx, u
|
|
||||||
if (!ossl_prov_is_running())
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
+# ifdef FIPS_MODULE
|
|
||||||
+ if (fips_padding_allowed(prsactx) == 0) {
|
|
||||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) {
|
|
||||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+# endif
|
|
||||||
+
|
|
||||||
if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) {
|
|
||||||
if (out == NULL) {
|
|
||||||
*outlen = SSL_MAX_MASTER_KEY_LENGTH;
|
|
||||||
diff -up openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_cms.t
|
|
||||||
--- openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad 2022-05-02 17:04:07.610782138 +0200
|
|
||||||
+++ openssl-3.0.1/test/recipes/80-test_cms.t 2022-05-02 17:06:03.595814620 +0200
|
|
||||||
@@ -232,7 +232,7 @@ my @smime_pkcs7_tests = (
|
|
||||||
\&final_compare
|
|
||||||
],
|
|
||||||
|
|
||||||
- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
|
|
||||||
+ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS",
|
|
||||||
[ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
|
|
||||||
"-aes256", "-stream", "-out", "{output}.cms",
|
|
||||||
$smrsa1,
|
|
||||||
@@ -865,5 +865,8 @@ sub check_availability {
|
|
||||||
return "$tnam: skipped, DSA disabled\n"
|
|
||||||
if ($no_dsa && $tnam =~ / DSA/);
|
|
||||||
|
|
||||||
+ return "$tnam: skipped, Red Hat FIPS\n"
|
|
||||||
+ if ($tnam =~ /no Red Hat FIPS/);
|
|
||||||
+
|
|
||||||
return "";
|
|
||||||
}
|
|
||||||
diff -up openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_ssl_old.t
|
|
||||||
--- openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad 2022-05-02 17:26:37.962838053 +0200
|
|
||||||
+++ openssl-3.0.1/test/recipes/80-test_ssl_old.t 2022-05-02 17:34:20.297950449 +0200
|
|
||||||
@@ -483,6 +483,18 @@ sub testssl {
|
|
||||||
# the default choice if TLSv1.3 enabled
|
|
||||||
my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
|
|
||||||
my $ciphersuites = "";
|
|
||||||
+ my %redhat_skip_cipher = map {$_ => 1} qw(
|
|
||||||
+AES256-GCM-SHA384:@SECLEVEL=0
|
|
||||||
+AES256-CCM8:@SECLEVEL=0
|
|
||||||
+AES256-CCM:@SECLEVEL=0
|
|
||||||
+AES128-GCM-SHA256:@SECLEVEL=0
|
|
||||||
+AES128-CCM8:@SECLEVEL=0
|
|
||||||
+AES128-CCM:@SECLEVEL=0
|
|
||||||
+AES256-SHA256:@SECLEVEL=0
|
|
||||||
+AES128-SHA256:@SECLEVEL=0
|
|
||||||
+AES256-SHA:@SECLEVEL=0
|
|
||||||
+AES128-SHA:@SECLEVEL=0
|
|
||||||
+ );
|
|
||||||
foreach my $cipher (@{$ciphersuites{$protocol}}) {
|
|
||||||
if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
|
|
||||||
note "*****SKIPPING $protocol $cipher";
|
|
||||||
@@ -494,11 +506,16 @@ sub testssl {
|
|
||||||
} else {
|
|
||||||
$cipher = $cipher.':@SECLEVEL=0';
|
|
||||||
}
|
|
||||||
- ok(run(test([@ssltest, @exkeys, "-cipher",
|
|
||||||
- $cipher,
|
|
||||||
- "-ciphersuites", $ciphersuites,
|
|
||||||
- $flag || ()])),
|
|
||||||
- "Testing $cipher");
|
|
||||||
+ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) {
|
|
||||||
+ note "*****SKIPPING $cipher in Red Hat FIPS mode";
|
|
||||||
+ ok(1);
|
|
||||||
+ } else {
|
|
||||||
+ ok(run(test([@ssltest, @exkeys, "-cipher",
|
|
||||||
+ $cipher,
|
|
||||||
+ "-ciphersuites", $ciphersuites,
|
|
||||||
+ $flag || ()])),
|
|
||||||
+ "Testing $cipher");
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
next if $protocol eq "-tls1_3";
|
|
||||||
diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
|
||||||
--- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen 2022-06-16 14:26:19.383530498 +0200
|
|
||||||
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2022-06-16 14:39:53.637777701 +0200
|
|
||||||
@@ -263,13 +263,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974
|
|
||||||
Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
|
|
||||||
|
|
||||||
# RSA decrypt
|
|
||||||
-
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt = RSA-2048
|
|
||||||
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
|
|
||||||
Output = "Hello World"
|
|
||||||
|
|
||||||
# Corrupted ciphertext
|
|
||||||
-FIPSversion = <3.2.0
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt = RSA-2048
|
|
||||||
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79
|
|
||||||
Output = "Hello World"
|
|
||||||
@@ -665,36 +666,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mN
|
|
||||||
h90qjKHS9PvY4Q==
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-1
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a
|
|
||||||
Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-1
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44
|
|
||||||
Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-1
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb
|
|
||||||
Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-1
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755
|
|
||||||
Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-1
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439
|
|
||||||
Output=8da89fd9e5f974a29feffb462b49180f6cf9e802
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-1
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
@@ -719,36 +726,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64
|
|
||||||
eG2e4XlBcKjI6A==
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-2
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e
|
|
||||||
Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-2
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245
|
|
||||||
Output=2d
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-2
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053
|
|
||||||
Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-2
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641
|
|
||||||
Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-2
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec
|
|
||||||
Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-2
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
@@ -773,36 +786,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+W
|
|
||||||
Ya4qnqZe1onjY5o=
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-3
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80
|
|
||||||
Output=087820b569e8fa8d
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-3
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5
|
|
||||||
Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-3
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a
|
|
||||||
Output=d94cd0e08fa404ed89
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-3
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0
|
|
||||||
Output=6cc641b6b61e6f963974dad23a9013284ef1
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-3
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60
|
|
||||||
Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-3
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
@@ -827,36 +846,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/
|
|
||||||
aD0x7TDrmEvkEro=
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-4
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8
|
|
||||||
Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-4
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e
|
|
||||||
Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-4
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065
|
|
||||||
Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-4
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4
|
|
||||||
Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-4
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2
|
|
||||||
Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-4
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
@@ -881,36 +906,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/
|
|
||||||
MSwGUGLx60i3nRyDyw==
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-5
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5
|
|
||||||
Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-5
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad
|
|
||||||
Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-5
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967
|
|
||||||
Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-5
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf
|
|
||||||
Output=15c5b9ee1185
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-5
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723
|
|
||||||
Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-5
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
@@ -935,36 +966,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hq
|
|
||||||
Yejn5Ly8mU2q+jBcRQ==
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-6
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3
|
|
||||||
Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-6
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f
|
|
||||||
Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-6
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65
|
|
||||||
Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-6
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8
|
|
||||||
Output=684e3038c5c041f7
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-6
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab
|
|
||||||
Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-6
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
@@ -989,36 +1026,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4
|
|
||||||
FMlxv0gq65dqc3DC
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-7
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1
|
|
||||||
Output=47aae909
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-7
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6
|
|
||||||
Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-7
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b
|
|
||||||
Output=d976fc
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-7
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac
|
|
||||||
Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-7
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478
|
|
||||||
Output=bb47231ca5ea1d3ad46c99345d9a8a61
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-7
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
@@ -1043,36 +1086,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15E
|
|
||||||
2MiPa249Z+lh3Luj0A==
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-8
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61
|
|
||||||
Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-8
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d
|
|
||||||
Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-8
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f
|
|
||||||
Output=8604ac56328c1ab5ad917861
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-8
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0
|
|
||||||
Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-8
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2
|
|
||||||
Output=4a5f4914bee25de3c69341de07
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-8
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
@@ -1103,36 +1152,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSc
|
|
||||||
tKo5Eb69iFQvBb4=
|
|
||||||
-----END PRIVATE KEY-----
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-9
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72
|
|
||||||
Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-9
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8
|
|
||||||
Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-9
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3
|
|
||||||
Output=fd326429df9b890e09b54b18b8f34f1e24
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-9
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858
|
|
||||||
Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-9
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
||||||
Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e
|
|
||||||
Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d
|
|
||||||
|
|
||||||
+Availablein = default
|
|
||||||
Decrypt=RSA-OAEP-9
|
|
||||||
Ctrl = rsa_padding_mode:oaep
|
|
||||||
Ctrl = rsa_mgf1_md:sha1
|
|
@ -1,420 +0,0 @@
|
|||||||
diff -up openssl-3.0.1/crypto/ec/ec_backend.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_backend.c
|
|
||||||
--- openssl-3.0.1/crypto/ec/ec_backend.c.fips_kat_signature 2022-04-04 15:49:24.786455707 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/ec/ec_backend.c 2022-04-04 16:06:13.250271963 +0200
|
|
||||||
@@ -393,6 +393,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con
|
|
||||||
const OSSL_PARAM *param_priv_key = NULL, *param_pub_key = NULL;
|
|
||||||
BN_CTX *ctx = NULL;
|
|
||||||
BIGNUM *priv_key = NULL;
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ const OSSL_PARAM *param_sign_kat_k = NULL;
|
|
||||||
+ BIGNUM *sign_kat_k = NULL;
|
|
||||||
+#endif
|
|
||||||
unsigned char *pub_key = NULL;
|
|
||||||
size_t pub_key_len;
|
|
||||||
const EC_GROUP *ecg = NULL;
|
|
||||||
@@ -408,7 +412,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con
|
|
||||||
if (include_private)
|
|
||||||
param_priv_key =
|
|
||||||
OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
|
|
||||||
-
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ param_sign_kat_k =
|
|
||||||
+ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K);
|
|
||||||
+#endif
|
|
||||||
ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(ec));
|
|
||||||
if (ctx == NULL)
|
|
||||||
goto err;
|
|
||||||
@@ -481,6 +489,17 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con
|
|
||||||
&& !EC_KEY_set_public_key(ec, pub_point))
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ if (param_sign_kat_k) {
|
|
||||||
+ if ((sign_kat_k = BN_secure_new()) == NULL)
|
|
||||||
+ goto err;
|
|
||||||
+ BN_set_flags(sign_kat_k, BN_FLG_CONSTTIME);
|
|
||||||
+
|
|
||||||
+ if (!OSSL_PARAM_get_BN(param_sign_kat_k, &sign_kat_k))
|
|
||||||
+ goto err;
|
|
||||||
+ ec->sign_kat_k = sign_kat_k;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
ok = 1;
|
|
||||||
|
|
||||||
err:
|
|
||||||
diff -up openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature openssl-3.0.1/crypto/ec/ecdsa_ossl.c
|
|
||||||
--- openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature 2022-04-04 17:01:35.725323127 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/ec/ecdsa_ossl.c 2022-04-04 17:03:42.000427050 +0200
|
|
||||||
@@ -20,6 +20,10 @@
|
|
||||||
#include "crypto/bn.h"
|
|
||||||
#include "ec_local.h"
|
|
||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+extern int REDHAT_FIPS_signature_st;
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|
||||||
BIGNUM **rp)
|
|
||||||
{
|
|
||||||
@@ -126,6 +130,11 @@ static int ecdsa_sign_setup(EC_KEY *ecke
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
do {
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) {
|
|
||||||
+ BN_copy(k, eckey->sign_kat_k);
|
|
||||||
+ } else {
|
|
||||||
+#endif
|
|
||||||
/* get random k */
|
|
||||||
do {
|
|
||||||
if (dgst != NULL) {
|
|
||||||
@@ -141,7 +150,9 @@ static int ecdsa_sign_setup(EC_KEY *ecke
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} while (BN_is_zero(k));
|
|
||||||
-
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
/* compute r the x-coordinate of generator * k */
|
|
||||||
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
|
|
||||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
|
|
||||||
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_key.c
|
|
||||||
--- openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature 2022-04-04 13:48:52.231172299 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/ec/ec_key.c 2022-04-04 14:00:35.077368605 +0200
|
|
||||||
@@ -97,6 +97,9 @@ void EC_KEY_free(EC_KEY *r)
|
|
||||||
EC_GROUP_free(r->group);
|
|
||||||
EC_POINT_free(r->pub_key);
|
|
||||||
BN_clear_free(r->priv_key);
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ BN_clear_free(r->sign_kat_k);
|
|
||||||
+#endif
|
|
||||||
OPENSSL_free(r->propq);
|
|
||||||
|
|
||||||
OPENSSL_clear_free((void *)r, sizeof(EC_KEY));
|
|
||||||
diff -up openssl-3.0.1/crypto/ec/ec_local.h.fips_kat_signature openssl-3.0.1/crypto/ec/ec_local.h
|
|
||||||
--- openssl-3.0.1/crypto/ec/ec_local.h.fips_kat_signature 2022-04-04 13:46:57.576161867 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/ec/ec_local.h 2022-04-04 13:48:07.827780835 +0200
|
|
||||||
@@ -298,6 +298,9 @@ struct ec_key_st {
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
CRYPTO_EX_DATA ex_data;
|
|
||||||
#endif
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ BIGNUM *sign_kat_k;
|
|
||||||
+#endif
|
|
||||||
CRYPTO_RWLOCK *lock;
|
|
||||||
OSSL_LIB_CTX *libctx;
|
|
||||||
char *propq;
|
|
||||||
diff -up openssl-3.0.1/include/openssl/core_names.h.fips_kat_signature openssl-3.0.1/include/openssl/core_names.h
|
|
||||||
--- openssl-3.0.1/include/openssl/core_names.h.fips_kat_signature 2022-04-04 14:06:15.717370014 +0200
|
|
||||||
+++ openssl-3.0.1/include/openssl/core_names.h 2022-04-04 14:07:35.376071229 +0200
|
|
||||||
@@ -293,6 +293,7 @@ extern "C" {
|
|
||||||
#define OSSL_PKEY_PARAM_DIST_ID "distid"
|
|
||||||
#define OSSL_PKEY_PARAM_PUB_KEY "pub"
|
|
||||||
#define OSSL_PKEY_PARAM_PRIV_KEY "priv"
|
|
||||||
+#define OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K "rh_sign_kat_k"
|
|
||||||
|
|
||||||
/* Diffie-Hellman/DSA Parameters */
|
|
||||||
#define OSSL_PKEY_PARAM_FFC_P "p"
|
|
||||||
diff -up openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.fips_kat_signature openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c
|
|
||||||
--- openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.fips_kat_signature 2022-04-04 14:21:03.043180906 +0200
|
|
||||||
+++ openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c 2022-04-04 14:38:33.949406645 +0200
|
|
||||||
@@ -530,7 +530,8 @@ end:
|
|
||||||
# define EC_IMEXPORTABLE_PUBLIC_KEY \
|
|
||||||
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
|
|
||||||
# define EC_IMEXPORTABLE_PRIVATE_KEY \
|
|
||||||
- OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
|
|
||||||
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), \
|
|
||||||
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, NULL, 0)
|
|
||||||
# define EC_IMEXPORTABLE_OTHER_PARAMETERS \
|
|
||||||
OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), \
|
|
||||||
OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL)
|
|
||||||
diff -up openssl-3.0.1/providers/fips/self_test_kats.c.kat openssl-3.0.1/providers/fips/self_test_kats.c
|
|
||||||
--- openssl-3.0.1/providers/fips/self_test_kats.c.kat 2022-05-10 15:10:32.502185265 +0200
|
|
||||||
+++ openssl-3.0.1/providers/fips/self_test_kats.c 2022-05-10 15:13:21.465653720 +0200
|
|
||||||
@@ -17,6 +17,8 @@
|
|
||||||
#include "self_test.h"
|
|
||||||
#include "self_test_data.inc"
|
|
||||||
|
|
||||||
+int REDHAT_FIPS_signature_st = 0;
|
|
||||||
+
|
|
||||||
static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st,
|
|
||||||
OSSL_LIB_CTX *libctx)
|
|
||||||
{
|
|
||||||
@@ -446,6 +448,7 @@ static int self_test_sign(const ST_KAT_S
|
|
||||||
EVP_PKEY *pkey = NULL;
|
|
||||||
unsigned char sig[256];
|
|
||||||
BN_CTX *bnctx = NULL;
|
|
||||||
+ BIGNUM *K = NULL;
|
|
||||||
size_t siglen = sizeof(sig);
|
|
||||||
static const unsigned char dgst[] = {
|
|
||||||
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
|
|
||||||
@@ -462,6 +465,9 @@ static int self_test_sign(const ST_KAT_S
|
|
||||||
bnctx = BN_CTX_new_ex(libctx);
|
|
||||||
if (bnctx == NULL)
|
|
||||||
goto err;
|
|
||||||
+ K = BN_CTX_get(bnctx);
|
|
||||||
+ if (K == NULL || BN_bin2bn(dgst, sizeof(dgst), K) == NULL)
|
|
||||||
+ goto err;
|
|
||||||
|
|
||||||
bld = OSSL_PARAM_BLD_new();
|
|
||||||
if (bld == NULL)
|
|
||||||
@@ -469,6 +475,9 @@ static int self_test_sign(const ST_KAT_S
|
|
||||||
|
|
||||||
if (!add_params(bld, t->key, bnctx))
|
|
||||||
goto err;
|
|
||||||
+ /* set K for ECDSA KAT tests */
|
|
||||||
+ if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, K))
|
|
||||||
+ goto err;
|
|
||||||
params = OSSL_PARAM_BLD_to_param(bld);
|
|
||||||
|
|
||||||
/* Create a EVP_PKEY_CTX to load the DSA key into */
|
|
||||||
@@ -689,11 +698,13 @@ static int self_test_kas(OSSL_SELF_TEST
|
|
||||||
static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
|
|
||||||
{
|
|
||||||
int i, ret = 1;
|
|
||||||
+ REDHAT_FIPS_signature_st = 1;
|
|
||||||
|
|
||||||
for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) {
|
|
||||||
if (!self_test_sign(&st_kat_sign_tests[i], st, libctx))
|
|
||||||
ret = 0;
|
|
||||||
}
|
|
||||||
+ REDHAT_FIPS_signature_st = 0;
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff -up openssl-3.0.1/providers/fips/self_test_data.inc.kat openssl-3.0.1/providers/fips/self_test_data.inc
|
|
||||||
--- openssl-3.0.1/providers/fips/self_test_data.inc.kat 2022-05-16 17:37:34.962807400 +0200
|
|
||||||
+++ openssl-3.0.1/providers/fips/self_test_data.inc 2022-05-16 17:48:10.709376779 +0200
|
|
||||||
@@ -1399,7 +1399,151 @@ static const ST_KAT_PARAM ecdsa_prime_ke
|
|
||||||
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv),
|
|
||||||
ST_KAT_PARAM_END()
|
|
||||||
};
|
|
||||||
+static const unsigned char ec224r1_kat_sig[] = {
|
|
||||||
+0x30, 0x3c, 0x02, 0x1c, 0x2f, 0x24, 0x30, 0x96, 0x3b, 0x39, 0xe0, 0xab, 0xe2, 0x5a, 0x6f, 0xe0,
|
|
||||||
+0x40, 0x7e, 0x19, 0x30, 0x6e, 0x6a, 0xfd, 0x7a, 0x2b, 0x5d, 0xaa, 0xc2, 0x34, 0x6c, 0xc8, 0xce,
|
|
||||||
+0x02, 0x1c, 0x47, 0xe1, 0xac, 0xfd, 0xb4, 0xb8, 0x2b, 0x8c, 0x49, 0xb6, 0x36, 0xcd, 0xdd, 0x22,
|
|
||||||
+0x2a, 0x2d, 0x29, 0x64, 0x70, 0x61, 0xc3, 0x3e, 0x18, 0x51, 0xec, 0xf2, 0xad, 0x3c
|
|
||||||
+};
|
|
||||||
|
|
||||||
+static const char ecd_prime_curve_name384[] = "secp384r1";
|
|
||||||
+/*
|
|
||||||
+priv:
|
|
||||||
+ 58:12:2b:94:be:29:23:13:83:f5:c4:20:e8:22:34:
|
|
||||||
+ 54:73:49:91:10:05:e9:10:e9:d7:2d:72:9c:5e:6a:
|
|
||||||
+ ba:8f:6d:d6:e4:a7:eb:e0:ae:e3:d4:c9:aa:33:87:
|
|
||||||
+ 4c:91:87
|
|
||||||
+pub:
|
|
||||||
+ 04:d1:86:8b:f5:c4:a2:f7:a5:92:e6:85:2a:d2:92:
|
|
||||||
+ 81:97:0a:8d:fa:09:3f:84:6c:17:43:03:43:49:23:
|
|
||||||
+ 77:c4:31:f4:0a:a4:de:87:ac:5c:c0:d1:bc:e4:43:
|
|
||||||
+ 7f:8d:44:e1:3b:5f:bc:27:c8:79:0f:d0:31:9f:a7:
|
|
||||||
+ 6d:de:fb:f7:da:19:40:fd:aa:83:dc:69:ce:a6:f3:
|
|
||||||
+ 4d:65:20:1c:66:82:80:03:f7:7b:2e:f3:b3:7c:1f:
|
|
||||||
+ 11:f2:a3:bf:e8:0e:88
|
|
||||||
+*/
|
|
||||||
+static const unsigned char ecd_prime_priv384[] = {
|
|
||||||
+ 0x58, 0x12, 0x2b, 0x94, 0xbe, 0x29, 0x23, 0x13, 0x83, 0xf5, 0xc4, 0x20, 0xe8, 0x22, 0x34,
|
|
||||||
+ 0x54, 0x73, 0x49, 0x91, 0x10, 0x05, 0xe9, 0x10, 0xe9, 0xd7, 0x2d, 0x72, 0x9c, 0x5e, 0x6a,
|
|
||||||
+ 0xba, 0x8f, 0x6d, 0xd6, 0xe4, 0xa7, 0xeb, 0xe0, 0xae, 0xe3, 0xd4, 0xc9, 0xaa, 0x33, 0x87,
|
|
||||||
+ 0x4c, 0x91, 0x87
|
|
||||||
+};
|
|
||||||
+static const unsigned char ecd_prime_pub384[] = {
|
|
||||||
+ 0x04, 0xd1, 0x86, 0x8b, 0xf5, 0xc4, 0xa2, 0xf7, 0xa5, 0x92, 0xe6, 0x85, 0x2a, 0xd2, 0x92,
|
|
||||||
+ 0x81, 0x97, 0x0a, 0x8d, 0xfa, 0x09, 0x3f, 0x84, 0x6c, 0x17, 0x43, 0x03, 0x43, 0x49, 0x23,
|
|
||||||
+ 0x77, 0xc4, 0x31, 0xf4, 0x0a, 0xa4, 0xde, 0x87, 0xac, 0x5c, 0xc0, 0xd1, 0xbc, 0xe4, 0x43,
|
|
||||||
+ 0x7f, 0x8d, 0x44, 0xe1, 0x3b, 0x5f, 0xbc, 0x27, 0xc8, 0x79, 0x0f, 0xd0, 0x31, 0x9f, 0xa7,
|
|
||||||
+ 0x6d, 0xde, 0xfb, 0xf7, 0xda, 0x19, 0x40, 0xfd, 0xaa, 0x83, 0xdc, 0x69, 0xce, 0xa6, 0xf3,
|
|
||||||
+ 0x4d, 0x65, 0x20, 0x1c, 0x66, 0x82, 0x80, 0x03, 0xf7, 0x7b, 0x2e, 0xf3, 0xb3, 0x7c, 0x1f,
|
|
||||||
+ 0x11, 0xf2, 0xa3, 0xbf, 0xe8, 0x0e, 0x88
|
|
||||||
+};
|
|
||||||
+static const ST_KAT_PARAM ecdsa_prime_key384[] = {
|
|
||||||
+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name384),
|
|
||||||
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub384),
|
|
||||||
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv384),
|
|
||||||
+ ST_KAT_PARAM_END()
|
|
||||||
+};
|
|
||||||
+static const unsigned char ec384r1_kat_sig[] = {
|
|
||||||
+0x30, 0x65, 0x02, 0x30, 0x1a, 0xd5, 0x57, 0x1b, 0x28, 0x0f, 0xf1, 0x68, 0x66, 0x68, 0x8a, 0x98,
|
|
||||||
+0xe3, 0x9c, 0xce, 0x7f, 0xa7, 0x68, 0xdc, 0x84, 0x5a, 0x65, 0xdc, 0x2b, 0x5d, 0x7e, 0xf3, 0x9b,
|
|
||||||
+0xa0, 0x40, 0xe8, 0x7a, 0x02, 0xc7, 0x82, 0xe0, 0x0c, 0x81, 0xa5, 0xda, 0x55, 0x27, 0xbf, 0x79,
|
|
||||||
+0xee, 0x72, 0xc2, 0x14, 0x02, 0x31, 0x00, 0xd1, 0x9d, 0x67, 0xda, 0x5a, 0xd2, 0x58, 0x68, 0xe7,
|
|
||||||
+0x71, 0x08, 0xb2, 0xa4, 0xe4, 0xe8, 0x74, 0xb4, 0x0a, 0x3d, 0x76, 0x49, 0x31, 0x17, 0x6e, 0x33,
|
|
||||||
+0x16, 0xf0, 0x00, 0x1f, 0x3c, 0x1f, 0xf9, 0x7c, 0xdb, 0x93, 0x49, 0x9c, 0x7d, 0xb3, 0xd3, 0x30,
|
|
||||||
+0x98, 0x81, 0x6f, 0xb0, 0xc9, 0x30, 0x2f
|
|
||||||
+};
|
|
||||||
+static const char ecd_prime_curve_name521[] = "secp521r1";
|
|
||||||
+/*
|
|
||||||
+priv:
|
|
||||||
+ 00:44:0f:96:31:a9:87:f2:5f:be:a0:bc:ef:0c:ae:
|
|
||||||
+ 58:cc:5f:f8:44:9e:89:86:7e:bf:db:ce:cb:0e:20:
|
|
||||||
+ 10:4a:11:ec:0b:51:1d:e4:91:ca:c6:40:fb:c6:69:
|
|
||||||
+ ad:68:33:9e:c8:f5:c4:c6:a5:93:a8:4d:a9:a9:a2:
|
|
||||||
+ af:fe:6d:cb:c2:3b
|
|
||||||
+pub:
|
|
||||||
+ 04:01:5f:58:a9:40:0c:ee:9b:ed:4a:f4:7a:3c:a3:
|
|
||||||
+ 89:c2:f3:7e:2c:f4:b5:53:80:ae:33:7d:36:d1:b5:
|
|
||||||
+ 18:bd:ef:a9:48:00:ea:88:ee:00:5c:ca:07:08:b5:
|
|
||||||
+ 67:4a:c3:2b:10:c6:07:b0:c2:45:37:b7:1d:e3:6c:
|
|
||||||
+ e1:bf:2c:44:18:4a:aa:01:af:75:40:6a:e3:f5:b2:
|
|
||||||
+ 7f:d1:9d:1b:8b:29:1f:91:4d:db:93:bf:bd:8c:b7:
|
|
||||||
+ 6a:8d:4b:2c:36:2a:6b:ab:54:9d:7b:31:99:a4:de:
|
|
||||||
+ c9:10:c4:f4:a3:f4:6d:94:97:62:16:a5:34:65:1f:
|
|
||||||
+ 42:cd:8b:9e:e6:db:14:5d:a9:8d:19:95:8d
|
|
||||||
+*/
|
|
||||||
+static const unsigned char ecd_prime_priv521[] = {
|
|
||||||
+ 0x00, 0x44, 0x0f, 0x96, 0x31, 0xa9, 0x87, 0xf2, 0x5f, 0xbe, 0xa0, 0xbc, 0xef, 0x0c, 0xae,
|
|
||||||
+ 0x58, 0xcc, 0x5f, 0xf8, 0x44, 0x9e, 0x89, 0x86, 0x7e, 0xbf, 0xdb, 0xce, 0xcb, 0x0e, 0x20,
|
|
||||||
+ 0x10, 0x4a, 0x11, 0xec, 0x0b, 0x51, 0x1d, 0xe4, 0x91, 0xca, 0xc6, 0x40, 0xfb, 0xc6, 0x69,
|
|
||||||
+ 0xad, 0x68, 0x33, 0x9e, 0xc8, 0xf5, 0xc4, 0xc6, 0xa5, 0x93, 0xa8, 0x4d, 0xa9, 0xa9, 0xa2,
|
|
||||||
+ 0xaf, 0xfe, 0x6d, 0xcb, 0xc2, 0x3b
|
|
||||||
+};
|
|
||||||
+static const unsigned char ecd_prime_pub521[] = {
|
|
||||||
+ 0x04, 0x01, 0x5f, 0x58, 0xa9, 0x40, 0x0c, 0xee, 0x9b, 0xed, 0x4a, 0xf4, 0x7a, 0x3c, 0xa3,
|
|
||||||
+ 0x89, 0xc2, 0xf3, 0x7e, 0x2c, 0xf4, 0xb5, 0x53, 0x80, 0xae, 0x33, 0x7d, 0x36, 0xd1, 0xb5,
|
|
||||||
+ 0x18, 0xbd, 0xef, 0xa9, 0x48, 0x00, 0xea, 0x88, 0xee, 0x00, 0x5c, 0xca, 0x07, 0x08, 0xb5,
|
|
||||||
+ 0x67, 0x4a, 0xc3, 0x2b, 0x10, 0xc6, 0x07, 0xb0, 0xc2, 0x45, 0x37, 0xb7, 0x1d, 0xe3, 0x6c,
|
|
||||||
+ 0xe1, 0xbf, 0x2c, 0x44, 0x18, 0x4a, 0xaa, 0x01, 0xaf, 0x75, 0x40, 0x6a, 0xe3, 0xf5, 0xb2,
|
|
||||||
+ 0x7f, 0xd1, 0x9d, 0x1b, 0x8b, 0x29, 0x1f, 0x91, 0x4d, 0xdb, 0x93, 0xbf, 0xbd, 0x8c, 0xb7,
|
|
||||||
+ 0x6a, 0x8d, 0x4b, 0x2c, 0x36, 0x2a, 0x6b, 0xab, 0x54, 0x9d, 0x7b, 0x31, 0x99, 0xa4, 0xde,
|
|
||||||
+ 0xc9, 0x10, 0xc4, 0xf4, 0xa3, 0xf4, 0x6d, 0x94, 0x97, 0x62, 0x16, 0xa5, 0x34, 0x65, 0x1f,
|
|
||||||
+ 0x42, 0xcd, 0x8b, 0x9e, 0xe6, 0xdb, 0x14, 0x5d, 0xa9, 0x8d, 0x19, 0x95, 0x8d
|
|
||||||
+};
|
|
||||||
+static const ST_KAT_PARAM ecdsa_prime_key521[] = {
|
|
||||||
+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name521),
|
|
||||||
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub521),
|
|
||||||
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv521),
|
|
||||||
+ ST_KAT_PARAM_END()
|
|
||||||
+};
|
|
||||||
+static const unsigned char ec521r1_kat_sig[] = {
|
|
||||||
+0x30, 0x81, 0x88, 0x02, 0x42, 0x00, 0xdf, 0x64, 0x9c, 0xc8, 0x5b, 0xdd, 0x0b, 0x7f, 0x69, 0x7e,
|
|
||||||
+0xdb, 0x83, 0x58, 0x67, 0x63, 0x43, 0xb7, 0xfa, 0x40, 0x29, 0xde, 0xb9, 0xde, 0xe9, 0x96, 0x65,
|
|
||||||
+0xe6, 0x8e, 0xf4, 0xeb, 0xd0, 0xe9, 0x6a, 0xd3, 0x27, 0x6c, 0x4d, 0x60, 0x47, 0x9c, 0x62, 0xb8,
|
|
||||||
+0x6c, 0xc1, 0x36, 0x19, 0x65, 0xff, 0xab, 0xcf, 0x24, 0xa3, 0xde, 0xd1, 0x4b, 0x1b, 0xdd, 0x89,
|
|
||||||
+0xcf, 0xf8, 0x72, 0x7b, 0x92, 0xbc, 0x02, 0x02, 0x42, 0x01, 0xf8, 0x07, 0x77, 0xb8, 0xcb, 0xa2,
|
|
||||||
+0xe2, 0x1f, 0x53, 0x9a, 0x7c, 0x16, 0xb5, 0x8e, 0xad, 0xe3, 0xc3, 0xac, 0xb7, 0xb2, 0x51, 0x8f,
|
|
||||||
+0xf9, 0x09, 0x65, 0x43, 0xf8, 0xd8, 0x3c, 0xe3, 0x5c, 0x4a, 0x5e, 0x3d, 0x6f, 0xb7, 0xbb, 0x5a,
|
|
||||||
+0x92, 0x69, 0xec, 0x71, 0xa2, 0x35, 0xe5, 0x29, 0x17, 0xaf, 0xc9, 0x69, 0xa7, 0xaa, 0x94, 0xf9,
|
|
||||||
+0xf9, 0x50, 0x87, 0x7b, 0x5d, 0x87, 0xe3, 0xd6, 0x3f, 0xb6, 0x6e
|
|
||||||
+};
|
|
||||||
+static const char ecd_prime_curve_name256[] = "prime256v1";
|
|
||||||
+/*
|
|
||||||
+priv:
|
|
||||||
+ 84:88:11:3f:a9:c9:9e:23:72:8b:40:cb:a2:b1:88:
|
|
||||||
+ 01:1e:92:48:af:13:2d:9b:33:8e:6d:43:40:30:c7:
|
|
||||||
+ 30:fa
|
|
||||||
+pub:
|
|
||||||
+ 04:22:58:b6:f9:01:3b:8c:a6:9b:9f:ae:75:fc:73:
|
|
||||||
+ cf:1b:f0:81:dc:55:a3:cc:5d:81:46:85:06:32:34:
|
|
||||||
+ 99:0d:c5:7e:a1:95:bb:21:73:33:40:4b:35:17:f6:
|
|
||||||
+ 8e:26:61:46:94:2c:4c:ac:9b:20:f8:08:72:25:74:
|
|
||||||
+ 98:66:c4:63:a6
|
|
||||||
+*/
|
|
||||||
+static const unsigned char ecd_prime_priv256[] = {
|
|
||||||
+ 0x84, 0x88, 0x11, 0x3f, 0xa9, 0xc9, 0x9e, 0x23, 0x72, 0x8b, 0x40, 0xcb, 0xa2, 0xb1, 0x88,
|
|
||||||
+ 0x01, 0x1e, 0x92, 0x48, 0xaf, 0x13, 0x2d, 0x9b, 0x33, 0x8e, 0x6d, 0x43, 0x40, 0x30, 0xc7,
|
|
||||||
+ 0x30, 0xfa
|
|
||||||
+};
|
|
||||||
+static const unsigned char ecd_prime_pub256[] = {
|
|
||||||
+ 0x04, 0x22, 0x58, 0xb6, 0xf9, 0x01, 0x3b, 0x8c, 0xa6, 0x9b, 0x9f, 0xae, 0x75, 0xfc, 0x73,
|
|
||||||
+ 0xcf, 0x1b, 0xf0, 0x81, 0xdc, 0x55, 0xa3, 0xcc, 0x5d, 0x81, 0x46, 0x85, 0x06, 0x32, 0x34,
|
|
||||||
+ 0x99, 0x0d, 0xc5, 0x7e, 0xa1, 0x95, 0xbb, 0x21, 0x73, 0x33, 0x40, 0x4b, 0x35, 0x17, 0xf6,
|
|
||||||
+ 0x8e, 0x26, 0x61, 0x46, 0x94, 0x2c, 0x4c, 0xac, 0x9b, 0x20, 0xf8, 0x08, 0x72, 0x25, 0x74,
|
|
||||||
+ 0x98, 0x66, 0xc4, 0x63, 0xa6
|
|
||||||
+};
|
|
||||||
+static const ST_KAT_PARAM ecdsa_prime_key256[] = {
|
|
||||||
+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name256),
|
|
||||||
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub256),
|
|
||||||
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv256),
|
|
||||||
+ ST_KAT_PARAM_END()
|
|
||||||
+};
|
|
||||||
+static const unsigned char ec256v1_kat_sig[] = {
|
|
||||||
+0x30, 0x46, 0x02, 0x21, 0x00, 0xc9, 0x11, 0x27, 0x06, 0x51, 0x2b, 0x50, 0x8c, 0x6b, 0xc0, 0xa6,
|
|
||||||
+0x85, 0xaa, 0xf4, 0x66, 0x0d, 0xe4, 0x54, 0x0a, 0x10, 0xb6, 0x9f, 0x87, 0xfc, 0xa2, 0xbc, 0x8f,
|
|
||||||
+0x3c, 0x58, 0xb4, 0xe9, 0x41, 0x02, 0x21, 0x00, 0xc9, 0x72, 0x94, 0xa9, 0xdd, 0x52, 0xca, 0x21,
|
|
||||||
+0x82, 0x66, 0x7a, 0x68, 0xcb, 0x1e, 0x3b, 0x12, 0x71, 0x4d, 0x56, 0xb5, 0xb7, 0xdd, 0xca, 0x2b,
|
|
||||||
+0x18, 0xa3, 0xa7, 0x08, 0x0d, 0xfa, 0x9c, 0x66
|
|
||||||
+};
|
|
||||||
# ifndef OPENSSL_NO_EC2M
|
|
||||||
static const char ecd_bin_curve_name[] = "sect233r1";
|
|
||||||
static const unsigned char ecd_bin_priv[] = {
|
|
||||||
@@ -1571,8 +1715,42 @@ static const ST_KAT_SIGN st_kat_sign_tes
|
|
||||||
ecdsa_prime_key,
|
|
||||||
/*
|
|
||||||
* The ECDSA signature changes each time due to it using a random k.
|
|
||||||
- * So there is no expected KAT for this case.
|
|
||||||
+ * We provide this value in our build
|
|
||||||
+ */
|
|
||||||
+ ITM(ec224r1_kat_sig)
|
|
||||||
+ },
|
|
||||||
+ {
|
|
||||||
+ OSSL_SELF_TEST_DESC_SIGN_ECDSA,
|
|
||||||
+ "EC",
|
|
||||||
+ "SHA-256",
|
|
||||||
+ ecdsa_prime_key384,
|
|
||||||
+ /*
|
|
||||||
+ * The ECDSA signature changes each time due to it using a random k.
|
|
||||||
+ * We provide this value in our build
|
|
||||||
+ */
|
|
||||||
+ ITM(ec384r1_kat_sig)
|
|
||||||
+ },
|
|
||||||
+ {
|
|
||||||
+ OSSL_SELF_TEST_DESC_SIGN_ECDSA,
|
|
||||||
+ "EC",
|
|
||||||
+ "SHA-256",
|
|
||||||
+ ecdsa_prime_key521,
|
|
||||||
+ /*
|
|
||||||
+ * The ECDSA signature changes each time due to it using a random k.
|
|
||||||
+ * We provide this value in our build
|
|
||||||
+ */
|
|
||||||
+ ITM(ec521r1_kat_sig)
|
|
||||||
+ },
|
|
||||||
+ {
|
|
||||||
+ OSSL_SELF_TEST_DESC_SIGN_ECDSA,
|
|
||||||
+ "EC",
|
|
||||||
+ "SHA-256",
|
|
||||||
+ ecdsa_prime_key256,
|
|
||||||
+ /*
|
|
||||||
+ * The ECDSA signature changes each time due to it using a random k.
|
|
||||||
+ * We provide this value in our build
|
|
||||||
*/
|
|
||||||
+ ITM(ec256v1_kat_sig)
|
|
||||||
},
|
|
||||||
# ifndef OPENSSL_NO_EC2M
|
|
||||||
{
|
|
||||||
diff -up openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c
|
|
||||||
--- openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat 2022-05-30 14:48:53.180999124 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c 2022-05-30 14:58:52.841286228 +0200
|
|
||||||
@@ -44,6 +44,10 @@
|
|
||||||
#define S390X_OFF_RN(n) (4 * n)
|
|
||||||
#define S390X_OFF_Y(n) (4 * n)
|
|
||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+extern int REDHAT_FIPS_signature_st;
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r,
|
|
||||||
const BIGNUM *scalar,
|
|
||||||
size_t num, const EC_POINT *points[],
|
|
||||||
@@ -183,11 +187,21 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign
|
|
||||||
* because kdsa instruction constructs an in-range, invertible nonce
|
|
||||||
* internally implementing counter-measures for RNG weakness.
|
|
||||||
*/
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) {
|
|
||||||
+ BN_bn2binpad(eckey->sign_kat_k, param + S390X_OFF_RN(len), len);
|
|
||||||
+ /* Turns KDSA internal nonce-generation off. */
|
|
||||||
+ fc |= S390X_KDSA_D;
|
|
||||||
+ } else {
|
|
||||||
+#endif
|
|
||||||
if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len),
|
|
||||||
(size_t)len, 0) != 1) {
|
|
||||||
ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED);
|
|
||||||
goto ret;
|
|
||||||
}
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
} else {
|
|
||||||
/* Reconstruct k = (k^-1)^-1. */
|
|
||||||
if (ossl_ec_group_do_inverse_ord(group, k, kinv, NULL) == 0
|
|
File diff suppressed because it is too large
Load Diff
@ -1,466 +0,0 @@
|
|||||||
From e3d6fca1af033d00c47bcd8f9ba28fcf1aa476aa Mon Sep 17 00:00:00 2001
|
|
||||||
From: Clemens Lang <cllang@redhat.com>
|
|
||||||
Date: Tue, 7 Jun 2022 12:02:49 +0200
|
|
||||||
Subject: [PATCH] fips: Expose a FIPS indicator
|
|
||||||
|
|
||||||
FIPS 140-3 requires us to indicate whether an operation was using
|
|
||||||
approved services or not. The FIPS 140-3 implementation guidelines
|
|
||||||
provide two basic approaches to doing this: implicit indicators, and
|
|
||||||
explicit indicators.
|
|
||||||
|
|
||||||
Implicit indicators are basically the concept of "if the operation
|
|
||||||
passes, it was approved". We were originally aiming for implicit
|
|
||||||
indicators in our copy of OpenSSL. However, this proved to be a problem,
|
|
||||||
because we wanted to certify a signature service, and FIPS 140-3
|
|
||||||
requires that a signature service computes the digest to be signed
|
|
||||||
within the boundaries of the FIPS module. Since we were planning to
|
|
||||||
certify fips.so only, this means that EVP_PKEY_sign/EVP_PKEY_verify
|
|
||||||
would have to be blocked. Unfortunately, EVP_SignFinal uses
|
|
||||||
EVP_PKEY_sign internally, but outside of fips.so and thus outside of the
|
|
||||||
FIPS module boundary. This means that using implicit indicators in
|
|
||||||
combination with certifying only fips.so would require us to block both
|
|
||||||
EVP_PKEY_sign and EVP_SignFinal, which are the two APIs currently used
|
|
||||||
by most users of OpenSSL for signatures.
|
|
||||||
|
|
||||||
EVP_DigestSign would be acceptable, but has only been added in 3.0 and
|
|
||||||
is thus not yet widely used.
|
|
||||||
|
|
||||||
As a consequence, we've decided to introduce explicit indicators so that
|
|
||||||
EVP_PKEY_sign and EVP_SignFinal can continue to work for now, but
|
|
||||||
FIPS-aware applications can query the explicit indicator to check
|
|
||||||
whether the operation was approved.
|
|
||||||
|
|
||||||
To avoid affecting the ABI and public API too much, this is implemented
|
|
||||||
as an exported symbol in fips.so and a private header, so applications
|
|
||||||
that wish to use this will have to dlopen(3) fips.so, locate the
|
|
||||||
function using dlsym(3), and then call it. These applications will have
|
|
||||||
to build against the private header in order to use the returned
|
|
||||||
pointer.
|
|
||||||
|
|
||||||
Modify util/mkdef.pl to support exposing a symbol only for a specific
|
|
||||||
provider identified by its name and path.
|
|
||||||
|
|
||||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
||||||
---
|
|
||||||
doc/build.info | 6 ++
|
|
||||||
doc/man7/fips_module_indicators.pod | 154 ++++++++++++++++++++++++++++
|
|
||||||
providers/fips/fipsprov.c | 71 +++++++++++++
|
|
||||||
providers/fips/indicator.h | 66 ++++++++++++
|
|
||||||
util/mkdef.pl | 25 ++++-
|
|
||||||
util/providers.num | 1 +
|
|
||||||
6 files changed, 322 insertions(+), 1 deletion(-)
|
|
||||||
create mode 100644 doc/man7/fips_module_indicators.pod
|
|
||||||
create mode 100644 providers/fips/indicator.h
|
|
||||||
|
|
||||||
diff --git a/doc/build.info b/doc/build.info
|
|
||||||
index b0aa4297a4..af235113bb 100644
|
|
||||||
--- a/doc/build.info
|
|
||||||
+++ b/doc/build.info
|
|
||||||
@@ -4389,6 +4389,10 @@ DEPEND[html/man7/fips_module.html]=man7/fips_module.pod
|
|
||||||
GENERATE[html/man7/fips_module.html]=man7/fips_module.pod
|
|
||||||
DEPEND[man/man7/fips_module.7]=man7/fips_module.pod
|
|
||||||
GENERATE[man/man7/fips_module.7]=man7/fips_module.pod
|
|
||||||
+DEPEND[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod
|
|
||||||
+GENERATE[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod
|
|
||||||
+DEPEND[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod
|
|
||||||
+GENERATE[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod
|
|
||||||
DEPEND[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod
|
|
||||||
GENERATE[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod
|
|
||||||
DEPEND[man/man7/life_cycle-cipher.7]=man7/life_cycle-cipher.pod
|
|
||||||
@@ -4631,6 +4635,7 @@ html/man7/ct.html \
|
|
||||||
html/man7/des_modes.html \
|
|
||||||
html/man7/evp.html \
|
|
||||||
html/man7/fips_module.html \
|
|
||||||
+html/man7/fips_module_indicators.html \
|
|
||||||
html/man7/life_cycle-cipher.html \
|
|
||||||
html/man7/life_cycle-digest.html \
|
|
||||||
html/man7/life_cycle-kdf.html \
|
|
||||||
@@ -4754,6 +4759,7 @@ man/man7/ct.7 \
|
|
||||||
man/man7/des_modes.7 \
|
|
||||||
man/man7/evp.7 \
|
|
||||||
man/man7/fips_module.7 \
|
|
||||||
+man/man7/fips_module_indicators.7 \
|
|
||||||
man/man7/life_cycle-cipher.7 \
|
|
||||||
man/man7/life_cycle-digest.7 \
|
|
||||||
man/man7/life_cycle-kdf.7 \
|
|
||||||
diff --git a/doc/man7/fips_module_indicators.pod b/doc/man7/fips_module_indicators.pod
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..23db2b395c
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/doc/man7/fips_module_indicators.pod
|
|
||||||
@@ -0,0 +1,154 @@
|
|
||||||
+=pod
|
|
||||||
+
|
|
||||||
+=head1 NAME
|
|
||||||
+
|
|
||||||
+fips_module_indicators - Red Hat OpenSSL FIPS module indicators guide
|
|
||||||
+
|
|
||||||
+=head1 DESCRIPTION
|
|
||||||
+
|
|
||||||
+This guide documents how the Red Hat Enterprise Linux 9 OpenSSL FIPS provider
|
|
||||||
+implements Approved Security Service Indicators according to the FIPS 140-3
|
|
||||||
+Implementation Guidelines, section 2.4.C. See
|
|
||||||
+L<https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf>
|
|
||||||
+for the FIPS 140-3 Implementation Guidelines.
|
|
||||||
+
|
|
||||||
+For all approved services except signatures, the Red Hat OpenSSL FIPS provider
|
|
||||||
+uses the return code as the indicator as understood by FIPS 140-3. That means
|
|
||||||
+that every operation that succeeds denotes use of an approved security service.
|
|
||||||
+Operations that do not succeed may not have been approved security services, or
|
|
||||||
+may have been used incorrectly.
|
|
||||||
+
|
|
||||||
+For signatures, an explicit indicator API is available to determine whether
|
|
||||||
+a selected operation is an approved security service, in combination with the
|
|
||||||
+return code of the operation. For a signature operation to be approved, the
|
|
||||||
+explicit indicator must claim it as approved, and it must succeed.
|
|
||||||
+
|
|
||||||
+=head2 Querying the explicit indicator
|
|
||||||
+
|
|
||||||
+The Red Hat OpenSSL FIPS provider exports a symbol named
|
|
||||||
+I<redhat_ossl_query_fipsindicator> that provides information on which signature
|
|
||||||
+operations are approved security functions. To use this function, either link
|
|
||||||
+against I<fips.so> directly, or load it at runtime using dlopen(3) and
|
|
||||||
+dlsym(3).
|
|
||||||
+
|
|
||||||
+ #include <openssl/core_dispatch.h>
|
|
||||||
+ #include "providers/fips/indicator.h"
|
|
||||||
+
|
|
||||||
+ void *provider = dlopen("/usr/lib64/ossl-modules/fips.so", RTLD_LAZY);
|
|
||||||
+ if (provider == NULL) {
|
|
||||||
+ fprintf(stderr, "%s\n", dlerror());
|
|
||||||
+ // handle error
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ const OSSL_RH_FIPSINDICATOR_ALORITHM *(*redhat_ossl_query_fipsindicator)(int) \
|
|
||||||
+ = dlsym(provider, "redhat_ossl_query_fipsindicator");
|
|
||||||
+ if (redhat_ossl_query_fipsindicator == NULL) {
|
|
||||||
+ fprintf(stderr, "%s\n", dlerror());
|
|
||||||
+ fprintf(stderr, "Does your copy of fips.so have the required Red Hat"
|
|
||||||
+ " patches?\n");
|
|
||||||
+ // handle error
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+Note that this uses the I<providers/fips/indicator.h> header, which is not
|
|
||||||
+public. Install the I<openssl-debugsource> package from the I<BaseOS-debuginfo>
|
|
||||||
+repository using I<dnf debuginfo-install openssl> and include
|
|
||||||
+I</usr/src/debug/openssl-3.*/> in the compiler's include path.
|
|
||||||
+
|
|
||||||
+I<redhat_ossl_query_fipsindicator> expects an operation ID as its only
|
|
||||||
+argument. Currently, the only supported operation ID is I<OSSL_OP_SIGNATURE> to
|
|
||||||
+obtain the indicators for signature operations. On success, the return value is
|
|
||||||
+a pointer to an array of I<OSSL_RH_FIPSINDICATOR_STRUCT>s. On failure, NULL is
|
|
||||||
+returned. The last entry in the array is indicated by I<algorithm_names> being
|
|
||||||
+NULL.
|
|
||||||
+
|
|
||||||
+ typedef struct ossl_rh_fipsindicator_algorithm_st {
|
|
||||||
+ const char *algorithm_names; /* key */
|
|
||||||
+ const char *property_definition; /* key */
|
|
||||||
+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators;
|
|
||||||
+ } OSSL_RH_FIPSINDICATOR_ALGORITHM;
|
|
||||||
+
|
|
||||||
+ typedef struct ossl_rh_fipsindicator_dispatch_st {
|
|
||||||
+ int function_id;
|
|
||||||
+ int approved;
|
|
||||||
+ } OSSL_RH_FIPSINDICATOR_DISPATCH;
|
|
||||||
+
|
|
||||||
+The I<algorithm_names> field is a colon-separated list of algorithm names from
|
|
||||||
+one of the I<PROV_NAMES_...> constants, e.g., I<PROV_NAMES_RSA>. strtok(3) can
|
|
||||||
+be used to locate the appropriate entry. See the example below, where
|
|
||||||
+I<algorithm> contains the algorithm name to search for:
|
|
||||||
+
|
|
||||||
+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicator_dispatch = NULL;
|
|
||||||
+ const OSSL_RH_FIPSINDICATOR_ALGORITHM *indicator =
|
|
||||||
+ redhat_ossl_query_fipsindicator(operation_id);
|
|
||||||
+ if (indicator == NULL) {
|
|
||||||
+ fprintf(stderr, "No indicator for operation, probably using implicit"
|
|
||||||
+ " indicators.\n");
|
|
||||||
+ // handle error
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ for (; indicator->algorithm_names != NULL; ++indicator) {
|
|
||||||
+ char *algorithm_names = strdup(indicator->algorithm_names);
|
|
||||||
+ if (algorithm_names == NULL) {
|
|
||||||
+ perror("strdup(3)");
|
|
||||||
+ // handle error
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ const char *algorithm_name = strtok(algorithm_names, ":");
|
|
||||||
+ for (; algorithm_name != NULL; algorithm_name = strtok(NULL, ":")) {
|
|
||||||
+ if (strcasecmp(algorithm_name, algorithm) == 0) {
|
|
||||||
+ indicator_dispatch = indicator->indicators;
|
|
||||||
+ free(algorithm_names);
|
|
||||||
+ algorithm_names = NULL;
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ free(algorithm_names);
|
|
||||||
+ }
|
|
||||||
+ if (indicator_dispatch == NULL) {
|
|
||||||
+ fprintf(stderr, "No indicator for algorithm %s.\n", algorithm);
|
|
||||||
+ // handle error
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+If an appropriate I<OSSL_RH_FIPSINDICATOR_DISPATCH> array is available for the
|
|
||||||
+given algorithm name, it maps function IDs to their approval status. The last
|
|
||||||
+entry is indicated by a zero I<function_id>. I<approved> is
|
|
||||||
+I<OSSL_RH_FIPSINDICATOR_APPROVED> if the operation is an approved security
|
|
||||||
+service, or part of an approved security service, or
|
|
||||||
+I<OSSL_RH_FIPSINDICATOR_UNAPPROVED> otherwise. Any other value is invalid.
|
|
||||||
+Function IDs are I<OSSL_FUNC_*> constants from I<openssl/core_dispatch.h>,
|
|
||||||
+e.g., I<OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE> or I<OSSL_FUNC_SIGNATURE_SIGN>.
|
|
||||||
+
|
|
||||||
+Assuming I<function_id> is the function in question, the following code can be
|
|
||||||
+used to query the approval status:
|
|
||||||
+
|
|
||||||
+ for (; indicator_dispatch->function_id != 0; ++indicator_dispatch) {
|
|
||||||
+ if (indicator_dispatch->function_id == function_id) {
|
|
||||||
+ switch (indicator_dispatch->approved) {
|
|
||||||
+ case OSSL_RH_FIPSINDICATOR_APPROVED:
|
|
||||||
+ // approved security service
|
|
||||||
+ break;
|
|
||||||
+ case OSSL_RH_FIPSINDICATOR_UNAPPROVED:
|
|
||||||
+ // unapproved security service
|
|
||||||
+ break;
|
|
||||||
+ default:
|
|
||||||
+ // invalid result
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+=head1 SEE ALSO
|
|
||||||
+
|
|
||||||
+L<fips_module(7)>, L<provider(7)>
|
|
||||||
+
|
|
||||||
+=head1 COPYRIGHT
|
|
||||||
+
|
|
||||||
+Copyright 2022 Red Hat, Inc. All Rights Reserved.
|
|
||||||
+
|
|
||||||
+Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
||||||
+this file except in compliance with the License. You can obtain a copy
|
|
||||||
+in the file LICENSE in the source distribution or at
|
|
||||||
+L<https://www.openssl.org/source/license.html>.
|
|
||||||
+
|
|
||||||
+=cut
|
|
||||||
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
|
|
||||||
index de391ce067..1cfd71c5cf 100644
|
|
||||||
--- a/providers/fips/fipsprov.c
|
|
||||||
+++ b/providers/fips/fipsprov.c
|
|
||||||
@@ -23,6 +23,7 @@
|
|
||||||
#include "prov/seeding.h"
|
|
||||||
#include "self_test.h"
|
|
||||||
#include "internal/core.h"
|
|
||||||
+#include "indicator.h"
|
|
||||||
|
|
||||||
static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes";
|
|
||||||
static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no";
|
|
||||||
@@ -425,6 +426,68 @@ static const OSSL_ALGORITHM fips_signature[] = {
|
|
||||||
{ NULL, NULL, NULL }
|
|
||||||
};
|
|
||||||
|
|
||||||
+static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_rsa_signature_indicators[] = {
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED }
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_ecdsa_signature_indicators[] = {
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
|
||||||
+ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED }
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+static const OSSL_RH_FIPSINDICATOR_ALGORITHM redhat_indicator_fips_signature[] = {
|
|
||||||
+ { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES,
|
|
||||||
+ redhat_rsa_signature_indicators },
|
|
||||||
+#ifndef OPENSSL_NO_EC
|
|
||||||
+ { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES,
|
|
||||||
+ redhat_ecdsa_signature_indicators },
|
|
||||||
+#endif
|
|
||||||
+ { NULL, NULL, NULL }
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
static const OSSL_ALGORITHM fips_asym_cipher[] = {
|
|
||||||
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions },
|
|
||||||
{ NULL, NULL, NULL }
|
|
||||||
@@ -527,6 +590,14 @@ static void fips_deinit_casecmp(void) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
+const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id) {
|
|
||||||
+ switch (operation_id) {
|
|
||||||
+ case OSSL_OP_SIGNATURE:
|
|
||||||
+ return redhat_indicator_fips_signature;
|
|
||||||
+ }
|
|
||||||
+ return NULL;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static void fips_teardown(void *provctx)
|
|
||||||
{
|
|
||||||
OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx));
|
|
||||||
diff --git a/providers/fips/indicator.h b/providers/fips/indicator.h
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000000..b323efe44c
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/providers/fips/indicator.h
|
|
||||||
@@ -0,0 +1,66 @@
|
|
||||||
+/*
|
|
||||||
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
+ *
|
|
||||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
||||||
+ * this file except in compliance with the License. You can obtain a copy
|
|
||||||
+ * in the file LICENSE in the source distribution or at
|
|
||||||
+ * https://www.openssl.org/source/license.html
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+#ifndef OPENSSL_FIPS_INDICATOR_H
|
|
||||||
+# define OPENSSL_FIPS_INDICATOR_H
|
|
||||||
+# pragma once
|
|
||||||
+
|
|
||||||
+# ifdef __cplusplus
|
|
||||||
+extern "C" {
|
|
||||||
+# endif
|
|
||||||
+
|
|
||||||
+# define OSSL_RH_FIPSINDICATOR_UNAPPROVED (0)
|
|
||||||
+# define OSSL_RH_FIPSINDICATOR_APPROVED (1)
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * FIPS indicator dispatch table element. function_id numbers and the
|
|
||||||
+ * functions are defined in core_dispatch.h, see macros with
|
|
||||||
+ * 'OSSL_CORE_MAKE_FUNC' in their names.
|
|
||||||
+ *
|
|
||||||
+ * An array of these is always terminated by function_id == 0
|
|
||||||
+ */
|
|
||||||
+typedef struct ossl_rh_fipsindicator_dispatch_st {
|
|
||||||
+ int function_id;
|
|
||||||
+ int approved;
|
|
||||||
+} OSSL_RH_FIPSINDICATOR_DISPATCH;
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * Type to tie together algorithm names, property definition string and the
|
|
||||||
+ * algorithm implementation's FIPS indicator status in the form of a FIPS
|
|
||||||
+ * indicator dispatch table.
|
|
||||||
+ *
|
|
||||||
+ * An array of these is always terminated by algorithm_names == NULL
|
|
||||||
+ */
|
|
||||||
+typedef struct ossl_rh_fipsindicator_algorithm_st {
|
|
||||||
+ const char *algorithm_names; /* key */
|
|
||||||
+ const char *property_definition; /* key */
|
|
||||||
+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators;
|
|
||||||
+} OSSL_RH_FIPSINDICATOR_ALGORITHM;
|
|
||||||
+
|
|
||||||
+/**
|
|
||||||
+ * Query FIPS indicator status for the given operation. Possible values for
|
|
||||||
+ * 'operation_id' are currently only OSSL_OP_SIGNATURE, as all other algorithms
|
|
||||||
+ * use implicit indicators. The return value is an array of
|
|
||||||
+ * OSSL_RH_FIPSINDICATOR_ALGORITHMs, terminated by an entry with
|
|
||||||
+ * algorithm_names == NULL. 'algorithm_names' is a colon-separated list of
|
|
||||||
+ * algorithm names, 'property_definition' a comma-separated list of properties,
|
|
||||||
+ * and 'indicators' is a list of OSSL_RH_FIPSINDICATOR_DISPATCH structs. This
|
|
||||||
+ * list is terminated by function_id == 0. 'function_id' is one of the
|
|
||||||
+ * OSSL_FUNC_* constants, e.g., OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL.
|
|
||||||
+ *
|
|
||||||
+ * If there is no entry in the returned struct for the given operation_id,
|
|
||||||
+ * algorithm name, or function_id, the algorithm is unapproved.
|
|
||||||
+ */
|
|
||||||
+const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id);
|
|
||||||
+
|
|
||||||
+# ifdef __cplusplus
|
|
||||||
+}
|
|
||||||
+# endif
|
|
||||||
+
|
|
||||||
+#endif
|
|
||||||
diff --git a/util/mkdef.pl b/util/mkdef.pl
|
|
||||||
index a1c76f7c97..eda39b71ee 100755
|
|
||||||
--- a/util/mkdef.pl
|
|
||||||
+++ b/util/mkdef.pl
|
|
||||||
@@ -149,7 +149,8 @@ $ordinal_opts{filter} =
|
|
||||||
return
|
|
||||||
$item->exists()
|
|
||||||
&& platform_filter($item)
|
|
||||||
- && feature_filter($item);
|
|
||||||
+ && feature_filter($item)
|
|
||||||
+ && fips_filter($item, $name);
|
|
||||||
};
|
|
||||||
my $ordinals = OpenSSL::Ordinals->new(from => $ordinals_file);
|
|
||||||
|
|
||||||
@@ -205,6 +206,28 @@ sub feature_filter {
|
|
||||||
return $verdict;
|
|
||||||
}
|
|
||||||
|
|
||||||
+sub fips_filter {
|
|
||||||
+ my $item = shift;
|
|
||||||
+ my $name = uc(shift);
|
|
||||||
+ my @features = ( $item->features() );
|
|
||||||
+
|
|
||||||
+ # True if no features are defined
|
|
||||||
+ return 1 if scalar @features == 0;
|
|
||||||
+
|
|
||||||
+ my @matches = grep(/^ONLY_.*$/, @features);
|
|
||||||
+ if (@matches) {
|
|
||||||
+ # There is at least one only_* flag on this symbol, check if any of
|
|
||||||
+ # them match the name
|
|
||||||
+ for (@matches) {
|
|
||||||
+ if ($_ eq "ONLY_${name}") {
|
|
||||||
+ return 1;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
sub sorter_unix {
|
|
||||||
my $by_name = OpenSSL::Ordinals::by_name();
|
|
||||||
my %weight = (
|
|
||||||
diff --git a/util/providers.num b/util/providers.num
|
|
||||||
index 4e2fa81b98..77879d0e5f 100644
|
|
||||||
--- a/util/providers.num
|
|
||||||
+++ b/util/providers.num
|
|
||||||
@@ -1 +1,2 @@
|
|
||||||
OSSL_provider_init 1 * EXIST::FUNCTION:
|
|
||||||
+redhat_ossl_query_fipsindicator 1 * EXIST::FUNCTION:ONLY_PROVIDERS/FIPS
|
|
||||||
--
|
|
||||||
2.35.3
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,373 +0,0 @@
|
|||||||
From 4a2239bd7d444c30c55b20ea8b4aeadafdfe1afd Mon Sep 17 00:00:00 2001
|
|
||||||
From: Clemens Lang <cllang@redhat.com>
|
|
||||||
Date: Fri, 22 Jul 2022 13:59:37 +0200
|
|
||||||
Subject: [PATCH] FIPS: Use OAEP in KATs, support fixed OAEP seed
|
|
||||||
|
|
||||||
Review by our lab for FIPS 140-3 certification expects the RSA
|
|
||||||
encryption and decryption tests to use a supported padding mode, not raw
|
|
||||||
RSA signatures. Switch to RSA-OAEP for the self tests to fulfill that.
|
|
||||||
|
|
||||||
The FIPS 140-3 Implementation Guidance specifies in section 10.3.A
|
|
||||||
"Cryptographic Algorithm Self-Test Requirements" that a self-test may be
|
|
||||||
a known-answer test, a comparison test, or a fault-detection test.
|
|
||||||
|
|
||||||
Comparison tests are not an option, because they would require
|
|
||||||
a separate implementation of RSA-OAEP, which we do not have. Fault
|
|
||||||
detection tests require implementing fault detection mechanisms into the
|
|
||||||
cryptographic algorithm implementation, we we also do not have.
|
|
||||||
|
|
||||||
As a consequence, a known-answer test must be used to test RSA
|
|
||||||
encryption and decryption, but RSA encryption with OAEP padding is not
|
|
||||||
deterministic, and thus encryption will always yield different results
|
|
||||||
that could not be compared to known answers. For this reason, this
|
|
||||||
change explicitly sets the seed in OAEP (see RFC 8017 section 7.1.1),
|
|
||||||
which is the source of randomness for RSA-OAEP, to a fixed value. This
|
|
||||||
setting is only available during self-test execution, and the parameter
|
|
||||||
set using EVP_PKEY_CTX_set_params() will be ignored otherwise.
|
|
||||||
|
|
||||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
||||||
---
|
|
||||||
crypto/rsa/rsa_local.h | 8 ++
|
|
||||||
crypto/rsa/rsa_oaep.c | 34 ++++++--
|
|
||||||
include/openssl/core_names.h | 3 +
|
|
||||||
providers/fips/self_test_data.inc | 83 +++++++++++--------
|
|
||||||
providers/fips/self_test_kats.c | 7 ++
|
|
||||||
.../implementations/asymciphers/rsa_enc.c | 41 ++++++++-
|
|
||||||
6 files changed, 133 insertions(+), 43 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
|
|
||||||
index ea70da05ad..dde57a1a0e 100644
|
|
||||||
--- a/crypto/rsa/rsa_local.h
|
|
||||||
+++ b/crypto/rsa/rsa_local.h
|
|
||||||
@@ -193,4 +193,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to
|
|
||||||
int tlen, const unsigned char *from,
|
|
||||||
int flen);
|
|
||||||
|
|
||||||
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
|
|
||||||
+ unsigned char *to, int tlen,
|
|
||||||
+ const unsigned char *from, int flen,
|
|
||||||
+ const unsigned char *param,
|
|
||||||
+ int plen, const EVP_MD *md,
|
|
||||||
+ const EVP_MD *mgf1md,
|
|
||||||
+ const char *redhat_st_seed);
|
|
||||||
+
|
|
||||||
#endif /* OSSL_CRYPTO_RSA_LOCAL_H */
|
|
||||||
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
|
|
||||||
index d9be1a4f98..b2f7f7dc4b 100644
|
|
||||||
--- a/crypto/rsa/rsa_oaep.c
|
|
||||||
+++ b/crypto/rsa/rsa_oaep.c
|
|
||||||
@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
|
|
||||||
param, plen, NULL, NULL);
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+extern int REDHAT_FIPS_asym_cipher_st;
|
|
||||||
+#endif /* FIPS_MODULE */
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Perform the padding as per NIST 800-56B 7.2.2.3
|
|
||||||
* from (K) is the key material.
|
|
||||||
@@ -51,12 +55,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
|
|
||||||
* Step numbers are included here but not in the constant time inverse below
|
|
||||||
* to avoid complicating an already difficult enough function.
|
|
||||||
*/
|
|
||||||
-int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
|
|
||||||
- unsigned char *to, int tlen,
|
|
||||||
- const unsigned char *from, int flen,
|
|
||||||
- const unsigned char *param,
|
|
||||||
- int plen, const EVP_MD *md,
|
|
||||||
- const EVP_MD *mgf1md)
|
|
||||||
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
|
|
||||||
+ unsigned char *to, int tlen,
|
|
||||||
+ const unsigned char *from, int flen,
|
|
||||||
+ const unsigned char *param,
|
|
||||||
+ int plen, const EVP_MD *md,
|
|
||||||
+ const EVP_MD *mgf1md,
|
|
||||||
+ const char *redhat_st_seed)
|
|
||||||
{
|
|
||||||
int rv = 0;
|
|
||||||
int i, emlen = tlen - 1;
|
|
||||||
@@ -107,6 +112,11 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
|
|
||||||
db[emlen - flen - mdlen - 1] = 0x01;
|
|
||||||
memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
|
|
||||||
/* step 3d: generate random byte string */
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ if (redhat_st_seed != NULL && REDHAT_FIPS_asym_cipher_st) {
|
|
||||||
+ memcpy(seed, redhat_st_seed, mdlen);
|
|
||||||
+ } else
|
|
||||||
+#endif
|
|
||||||
if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0)
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
@@ -138,6 +148,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
|
|
||||||
return rv;
|
|
||||||
}
|
|
||||||
|
|
||||||
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
|
|
||||||
+ unsigned char *to, int tlen,
|
|
||||||
+ const unsigned char *from, int flen,
|
|
||||||
+ const unsigned char *param,
|
|
||||||
+ int plen, const EVP_MD *md,
|
|
||||||
+ const EVP_MD *mgf1md)
|
|
||||||
+{
|
|
||||||
+ return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(libctx, to, tlen, from,
|
|
||||||
+ flen, param, plen, md,
|
|
||||||
+ mgf1md, NULL);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
|
||||||
const unsigned char *from, int flen,
|
|
||||||
const unsigned char *param, int plen,
|
|
||||||
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
|
||||||
index 59a6e79566..11216fb8f8 100644
|
|
||||||
--- a/include/openssl/core_names.h
|
|
||||||
+++ b/include/openssl/core_names.h
|
|
||||||
@@ -469,6 +469,9 @@ extern "C" {
|
|
||||||
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
|
|
||||||
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
|
|
||||||
#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+#define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed"
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Encoder / decoder parameters
|
|
||||||
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
|
|
||||||
index 4e30ec56dd..0103c87528 100644
|
|
||||||
--- a/providers/fips/self_test_data.inc
|
|
||||||
+++ b/providers/fips/self_test_data.inc
|
|
||||||
@@ -1294,15 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
|
|
||||||
ST_KAT_PARAM_END()
|
|
||||||
};
|
|
||||||
|
|
||||||
-/*-
|
|
||||||
- * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the
|
|
||||||
- * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
|
|
||||||
- * HP/UX PA-RISC compilers.
|
|
||||||
- */
|
|
||||||
-static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE;
|
|
||||||
-
|
|
||||||
+/*-
|
|
||||||
+ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the
|
|
||||||
+ * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
|
|
||||||
+ * HP/UX PA-RISC compilers.
|
|
||||||
+ */
|
|
||||||
+static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP;
|
|
||||||
+static const char oaep_fixed_seed[] = {
|
|
||||||
+ 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25,
|
|
||||||
+ 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab,
|
|
||||||
+ 0x2e, 0x4b, 0x2c, 0xe6
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
static const ST_KAT_PARAM rsa_enc_params[] = {
|
|
||||||
- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none),
|
|
||||||
+ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep),
|
|
||||||
+ ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED,
|
|
||||||
+ oaep_fixed_seed),
|
|
||||||
ST_KAT_PARAM_END()
|
|
||||||
};
|
|
||||||
|
|
||||||
@@ -1335,43 +1348,43 @@ static const unsigned char rsa_expected_sig[256] = {
|
|
||||||
0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6
|
|
||||||
};
|
|
||||||
|
|
||||||
-static const unsigned char rsa_asym_plaintext_encrypt[256] = {
|
|
||||||
+static const unsigned char rsa_asym_plaintext_encrypt[208] = {
|
|
||||||
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
|
|
||||||
0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
|
|
||||||
};
|
|
||||||
static const unsigned char rsa_asym_expected_encrypt[256] = {
|
|
||||||
- 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b,
|
|
||||||
- 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61,
|
|
||||||
- 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c,
|
|
||||||
- 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc,
|
|
||||||
- 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0,
|
|
||||||
- 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa,
|
|
||||||
- 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a,
|
|
||||||
- 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc,
|
|
||||||
- 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35,
|
|
||||||
- 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a,
|
|
||||||
- 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd,
|
|
||||||
- 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda,
|
|
||||||
- 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18,
|
|
||||||
- 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7,
|
|
||||||
- 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39,
|
|
||||||
- 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87,
|
|
||||||
- 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21,
|
|
||||||
- 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0,
|
|
||||||
- 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8,
|
|
||||||
- 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c,
|
|
||||||
- 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa,
|
|
||||||
- 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69,
|
|
||||||
- 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52,
|
|
||||||
- 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c,
|
|
||||||
- 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6,
|
|
||||||
- 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93,
|
|
||||||
- 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d,
|
|
||||||
- 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5,
|
|
||||||
- 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9,
|
|
||||||
- 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04,
|
|
||||||
- 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa,
|
|
||||||
- 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab,
|
|
||||||
+ 0x6c, 0x21, 0xc1, 0x9e, 0x94, 0xee, 0xdf, 0x74,
|
|
||||||
+ 0x3a, 0x3c, 0x7c, 0x04, 0x1a, 0x53, 0x9e, 0x7c,
|
|
||||||
+ 0x42, 0xac, 0x7e, 0x28, 0x9a, 0xb7, 0xe2, 0x4e,
|
|
||||||
+ 0x87, 0xd4, 0x00, 0x69, 0x71, 0xf0, 0x3e, 0x0b,
|
|
||||||
+ 0xc1, 0xda, 0xd6, 0xbd, 0x21, 0x39, 0x4f, 0x25,
|
|
||||||
+ 0x22, 0x1f, 0x76, 0x0d, 0x62, 0x1f, 0xa2, 0x89,
|
|
||||||
+ 0xdb, 0x38, 0x32, 0x88, 0x21, 0x1d, 0x89, 0xf1,
|
|
||||||
+ 0xe0, 0x14, 0xd4, 0xb7, 0x90, 0xfc, 0xbc, 0x50,
|
|
||||||
+ 0xb0, 0x8d, 0x5c, 0x2f, 0x49, 0x9e, 0x90, 0x17,
|
|
||||||
+ 0x9e, 0x60, 0x9f, 0xe1, 0x77, 0x4f, 0x11, 0xa2,
|
|
||||||
+ 0xcf, 0x16, 0x65, 0x2d, 0x4a, 0x2c, 0x12, 0xcb,
|
|
||||||
+ 0x1e, 0x3c, 0x29, 0x8b, 0xdc, 0x27, 0x06, 0x9d,
|
|
||||||
+ 0xf4, 0x0d, 0xe1, 0xc9, 0xeb, 0x14, 0x6a, 0x7e,
|
|
||||||
+ 0xfd, 0xa7, 0xa8, 0xa7, 0x51, 0x82, 0x62, 0x0f,
|
|
||||||
+ 0x29, 0x8d, 0x8c, 0x5e, 0xf2, 0xb8, 0xcd, 0xd3,
|
|
||||||
+ 0x51, 0x92, 0xa7, 0x25, 0x39, 0x9d, 0xdd, 0x06,
|
|
||||||
+ 0xff, 0xb1, 0xb0, 0xd5, 0x61, 0x03, 0x8f, 0x25,
|
|
||||||
+ 0x5c, 0x49, 0x12, 0xc1, 0x50, 0x67, 0x61, 0x78,
|
|
||||||
+ 0xb3, 0xe3, 0xc4, 0xf6, 0x36, 0x16, 0xa9, 0x04,
|
|
||||||
+ 0x91, 0x0a, 0x4b, 0x27, 0x28, 0x97, 0x50, 0x7c,
|
|
||||||
+ 0x65, 0x2d, 0xd0, 0x08, 0x71, 0x84, 0xe7, 0x47,
|
|
||||||
+ 0x79, 0x83, 0x91, 0x46, 0xd9, 0x8f, 0x79, 0xce,
|
|
||||||
+ 0x49, 0xcb, 0xcd, 0x8b, 0x34, 0xac, 0x61, 0xe0,
|
|
||||||
+ 0xe6, 0x55, 0xbf, 0x10, 0xe4, 0xac, 0x9a, 0xd6,
|
|
||||||
+ 0xed, 0xc1, 0xc2, 0xb6, 0xb6, 0xf7, 0x41, 0x99,
|
|
||||||
+ 0xde, 0xfa, 0xde, 0x11, 0x16, 0xa2, 0x18, 0x30,
|
|
||||||
+ 0x30, 0xdc, 0x95, 0x76, 0x2f, 0x46, 0x43, 0x20,
|
|
||||||
+ 0xc4, 0xe7, 0x50, 0xb9, 0x1e, 0xcd, 0x69, 0xbb,
|
|
||||||
+ 0x29, 0x94, 0x27, 0x9c, 0xc9, 0xab, 0xb4, 0x27,
|
|
||||||
+ 0x8b, 0x4d, 0xe1, 0xcb, 0xc1, 0x04, 0x2c, 0x66,
|
|
||||||
+ 0x41, 0x3a, 0x4d, 0xeb, 0x61, 0x4c, 0x77, 0x5a,
|
|
||||||
+ 0xee, 0xb0, 0xca, 0x99, 0x0e, 0x7f, 0xbe, 0x06
|
|
||||||
};
|
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_EC
|
|
||||||
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
|
|
||||||
index 064794d9bf..b6d5e8e134 100644
|
|
||||||
--- a/providers/fips/self_test_kats.c
|
|
||||||
+++ b/providers/fips/self_test_kats.c
|
|
||||||
@@ -647,14 +647,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
+int REDHAT_FIPS_asym_cipher_st = 0;
|
|
||||||
+
|
|
||||||
static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
|
|
||||||
{
|
|
||||||
int i, ret = 1;
|
|
||||||
|
|
||||||
+ REDHAT_FIPS_asym_cipher_st = 1;
|
|
||||||
+
|
|
||||||
for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) {
|
|
||||||
if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx))
|
|
||||||
ret = 0;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ REDHAT_FIPS_asym_cipher_st = 0;
|
|
||||||
+
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
|
|
||||||
index 00cf65fcd6..83be3d8ede 100644
|
|
||||||
--- a/providers/implementations/asymciphers/rsa_enc.c
|
|
||||||
+++ b/providers/implementations/asymciphers/rsa_enc.c
|
|
||||||
@@ -30,6 +30,9 @@
|
|
||||||
#include "prov/implementations.h"
|
|
||||||
#include "prov/providercommon.h"
|
|
||||||
#include "prov/securitycheck.h"
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+# include "crypto/rsa/rsa_local.h"
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
#include <stdlib.h>
|
|
||||||
|
|
||||||
@@ -75,6 +78,9 @@ typedef struct {
|
|
||||||
/* TLS padding */
|
|
||||||
unsigned int client_version;
|
|
||||||
unsigned int alt_version;
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ char *redhat_st_oaep_seed;
|
|
||||||
+#endif /* FIPS_MODULE */
|
|
||||||
} PROV_RSA_CTX;
|
|
||||||
|
|
||||||
static void *rsa_newctx(void *provctx)
|
|
||||||
@@ -190,12 +196,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
ret =
|
|
||||||
- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf,
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(
|
|
||||||
+#else
|
|
||||||
+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(
|
|
||||||
+#endif
|
|
||||||
+ prsactx->libctx, tbuf,
|
|
||||||
rsasize, in, inlen,
|
|
||||||
prsactx->oaep_label,
|
|
||||||
prsactx->oaep_labellen,
|
|
||||||
prsactx->oaep_md,
|
|
||||||
- prsactx->mgf1_md);
|
|
||||||
+ prsactx->mgf1_md
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ , prsactx->redhat_st_oaep_seed
|
|
||||||
+#endif
|
|
||||||
+ );
|
|
||||||
|
|
||||||
if (!ret) {
|
|
||||||
OPENSSL_free(tbuf);
|
|
||||||
@@ -326,6 +341,9 @@ static void rsa_freectx(void *vprsactx)
|
|
||||||
EVP_MD_free(prsactx->oaep_md);
|
|
||||||
EVP_MD_free(prsactx->mgf1_md);
|
|
||||||
OPENSSL_free(prsactx->oaep_label);
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ OPENSSL_free(prsactx->redhat_st_oaep_seed);
|
|
||||||
+#endif /* FIPS_MODULE */
|
|
||||||
|
|
||||||
OPENSSL_free(prsactx);
|
|
||||||
}
|
|
||||||
@@ -445,6 +463,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
|
||||||
NULL, 0),
|
|
||||||
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
|
|
||||||
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0),
|
|
||||||
+#endif /* FIPS_MODULE */
|
|
||||||
OSSL_PARAM_END
|
|
||||||
};
|
|
||||||
|
|
||||||
@@ -454,6 +475,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
|
|
||||||
return known_gettable_ctx_params;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+extern int REDHAT_FIPS_asym_cipher_st;
|
|
||||||
+#endif /* FIPS_MODULE */
|
|
||||||
+
|
|
||||||
static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
|
||||||
{
|
|
||||||
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
|
|
||||||
@@ -563,6 +588,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
|
||||||
prsactx->oaep_labellen = tmp_labellen;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED);
|
|
||||||
+ if (p != NULL && REDHAT_FIPS_asym_cipher_st) {
|
|
||||||
+ void *tmp_oaep_seed = NULL;
|
|
||||||
+
|
|
||||||
+ if (!OSSL_PARAM_get_octet_string(p, &tmp_oaep_seed, 0, NULL))
|
|
||||||
+ return 0;
|
|
||||||
+ OPENSSL_free(prsactx->redhat_st_oaep_seed);
|
|
||||||
+ prsactx->redhat_st_oaep_seed = (char *)tmp_oaep_seed;
|
|
||||||
+ }
|
|
||||||
+#endif /* FIPS_MODULE */
|
|
||||||
+
|
|
||||||
p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION);
|
|
||||||
if (p != NULL) {
|
|
||||||
unsigned int client_version;
|
|
||||||
--
|
|
||||||
2.37.1
|
|
||||||
|
|
@ -1,313 +0,0 @@
|
|||||||
From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001
|
|
||||||
From: Clemens Lang <cllang@redhat.com>
|
|
||||||
Date: Fri, 15 Jul 2022 17:45:40 +0200
|
|
||||||
Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test
|
|
||||||
|
|
||||||
In review for FIPS 140-3, the lack of a self-test for the digest_sign
|
|
||||||
and digest_verify provider functions was highlighted as a problem. NIST
|
|
||||||
no longer provides ACVP tests for the RSA SigVer primitive (see
|
|
||||||
https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3
|
|
||||||
recommends the use of functions that compute the digest and signature
|
|
||||||
within the module, we have been advised in our module review that the
|
|
||||||
self tests should also use the combined digest and signature APIs, i.e.
|
|
||||||
the digest_sign and digest_verify provider functions.
|
|
||||||
|
|
||||||
Modify the signature self-test to use these instead by switching to
|
|
||||||
EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to
|
|
||||||
crypto/evp/m_sigver.c to make these functions usable in the FIPS module.
|
|
||||||
|
|
||||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
||||||
---
|
|
||||||
crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------
|
|
||||||
providers/fips/self_test_kats.c | 37 +++++++++++++++-------------
|
|
||||||
2 files changed, 56 insertions(+), 24 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
|
|
||||||
index db1a1d7bc3..c94c3c53bd 100644
|
|
||||||
--- a/crypto/evp/m_sigver.c
|
|
||||||
+++ b/crypto/evp/m_sigver.c
|
|
||||||
@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
|
|
||||||
ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* If we get the "NULL" md then the name comes back as "UNDEF". We want to use
|
|
||||||
@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
reinit = 0;
|
|
||||||
if (e == NULL)
|
|
||||||
ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
else
|
|
||||||
ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
}
|
|
||||||
if (ctx->pctx == NULL)
|
|
||||||
return 0;
|
|
||||||
@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
locpctx = ctx->pctx;
|
|
||||||
ERR_set_mark();
|
|
||||||
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
if (evp_pkey_ctx_is_legacy(locpctx))
|
|
||||||
goto legacy;
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
|
|
||||||
/* do not reinitialize if pkey is set or operation is different */
|
|
||||||
if (reinit
|
|
||||||
@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
signature =
|
|
||||||
evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
|
|
||||||
supported_sig, locpctx->propquery);
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
if (signature == NULL)
|
|
||||||
goto legacy;
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (signature == NULL)
|
|
||||||
@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
|
|
||||||
if (ctx->fetched_digest != NULL) {
|
|
||||||
ctx->digest = ctx->reqdigest = ctx->fetched_digest;
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
} else {
|
|
||||||
/* legacy engine support : remove the mark when this is deleted */
|
|
||||||
ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
|
|
||||||
@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
}
|
|
||||||
(void)ERR_pop_to_mark();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
if (ctx->reqdigest != NULL
|
|
||||||
&& !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
|
|
||||||
&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
|
|
||||||
@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
|
|
||||||
if (ver) {
|
|
||||||
if (signature->digest_verify_init == NULL) {
|
|
||||||
@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
EVP_KEYMGMT_free(tmp_keymgmt);
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
legacy:
|
|
||||||
/*
|
|
||||||
* If we don't have the full support we need with provided methods,
|
|
||||||
@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
ctx->pctx->flag_call_digest_custom = 1;
|
|
||||||
|
|
||||||
ret = 1;
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
|
|
||||||
end:
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1,
|
|
||||||
NULL);
|
|
||||||
}
|
|
||||||
-#endif /* FIPS_MDOE */
|
|
||||||
|
|
||||||
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
|
|
||||||
{
|
|
||||||
@@ -541,23 +553,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
|
|
||||||
return EVP_DigestUpdate(ctx, data, dsize);
|
|
||||||
}
|
|
||||||
|
|
||||||
-#ifndef FIPS_MODULE
|
|
||||||
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
|
||||||
size_t *siglen)
|
|
||||||
{
|
|
||||||
- int sctx = 0, r = 0;
|
|
||||||
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
|
|
||||||
+ int r = 0;
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
+ int sctx = 0;
|
|
||||||
+ EVP_PKEY_CTX *dctx;
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
+ EVP_PKEY_CTX *pctx = ctx->pctx;
|
|
||||||
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
if (pctx == NULL
|
|
||||||
|| pctx->operation != EVP_PKEY_OP_SIGNCTX
|
|
||||||
|| pctx->op.sig.algctx == NULL
|
|
||||||
|| pctx->op.sig.signature == NULL)
|
|
||||||
goto legacy;
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
|
|
||||||
if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
|
|
||||||
return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
|
|
||||||
sigret, siglen,
|
|
||||||
sigret == NULL ? 0 : *siglen);
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
dctx = EVP_PKEY_CTX_dup(pctx);
|
|
||||||
if (dctx == NULL)
|
|
||||||
return 0;
|
|
||||||
@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
|
||||||
sigret, siglen,
|
|
||||||
*siglen);
|
|
||||||
EVP_PKEY_CTX_free(dctx);
|
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
|
||||||
return r;
|
|
||||||
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
legacy:
|
|
||||||
if (pctx == NULL || pctx->pmeth == NULL) {
|
|
||||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
||||||
@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return 1;
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
}
|
|
||||||
|
|
||||||
int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
|
|
||||||
@@ -669,21 +690,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
|
|
||||||
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|
|
||||||
size_t siglen)
|
|
||||||
{
|
|
||||||
- unsigned char md[EVP_MAX_MD_SIZE];
|
|
||||||
int r = 0;
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
+ unsigned char md[EVP_MAX_MD_SIZE];
|
|
||||||
unsigned int mdlen = 0;
|
|
||||||
int vctx = 0;
|
|
||||||
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
|
|
||||||
+ EVP_PKEY_CTX *dctx;
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
+ EVP_PKEY_CTX *pctx = ctx->pctx;
|
|
||||||
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
if (pctx == NULL
|
|
||||||
|| pctx->operation != EVP_PKEY_OP_VERIFYCTX
|
|
||||||
|| pctx->op.sig.algctx == NULL
|
|
||||||
|| pctx->op.sig.signature == NULL)
|
|
||||||
goto legacy;
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
|
|
||||||
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
|
|
||||||
return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
|
|
||||||
sig, siglen);
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
dctx = EVP_PKEY_CTX_dup(pctx);
|
|
||||||
if (dctx == NULL)
|
|
||||||
return 0;
|
|
||||||
@@ -691,8 +718,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|
|
||||||
r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx,
|
|
||||||
sig, siglen);
|
|
||||||
EVP_PKEY_CTX_free(dctx);
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
return r;
|
|
||||||
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
legacy:
|
|
||||||
if (pctx == NULL || pctx->pmeth == NULL) {
|
|
||||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
||||||
@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|
|
||||||
if (vctx || !r)
|
|
||||||
return r;
|
|
||||||
return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
}
|
|
||||||
|
|
||||||
int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
|
|
||||||
@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
|
|
||||||
return -1;
|
|
||||||
return EVP_DigestVerifyFinal(ctx, sigret, siglen);
|
|
||||||
}
|
|
||||||
-#endif /* FIPS_MODULE */
|
|
||||||
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
|
|
||||||
index b6d5e8e134..77eec075e6 100644
|
|
||||||
--- a/providers/fips/self_test_kats.c
|
|
||||||
+++ b/providers/fips/self_test_kats.c
|
|
||||||
@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
|
||||||
int ret = 0;
|
|
||||||
OSSL_PARAM *params = NULL, *params_sig = NULL;
|
|
||||||
OSSL_PARAM_BLD *bld = NULL;
|
|
||||||
+ EVP_MD *md = NULL;
|
|
||||||
+ EVP_MD_CTX *ctx = NULL;
|
|
||||||
EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
|
|
||||||
EVP_PKEY *pkey = NULL;
|
|
||||||
- unsigned char sig[256];
|
|
||||||
BN_CTX *bnctx = NULL;
|
|
||||||
BIGNUM *K = NULL;
|
|
||||||
+ const char *msg = "Hello World!";
|
|
||||||
+ unsigned char sig[256];
|
|
||||||
size_t siglen = sizeof(sig);
|
|
||||||
static const unsigned char dgst[] = {
|
|
||||||
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
|
|
||||||
@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
|
||||||
|| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
- /* Create a EVP_PKEY_CTX to use for the signing operation */
|
|
||||||
- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
|
|
||||||
- if (sctx == NULL
|
|
||||||
- || EVP_PKEY_sign_init(sctx) <= 0)
|
|
||||||
- goto err;
|
|
||||||
-
|
|
||||||
- /* set signature parameters */
|
|
||||||
- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
|
|
||||||
- t->mdalgorithm,
|
|
||||||
- strlen(t->mdalgorithm) + 1))
|
|
||||||
- goto err;
|
|
||||||
+ /* Create a EVP_MD_CTX to use for the signature operation, assign signature
|
|
||||||
+ * parameters and sign */
|
|
||||||
params_sig = OSSL_PARAM_BLD_to_param(bld);
|
|
||||||
- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
|
|
||||||
+ md = EVP_MD_fetch(libctx, "SHA256", NULL);
|
|
||||||
+ ctx = EVP_MD_CTX_new();
|
|
||||||
+ if (md == NULL || ctx == NULL)
|
|
||||||
+ goto err;
|
|
||||||
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
|
|
||||||
+ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0
|
|
||||||
+ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0
|
|
||||||
+ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0
|
|
||||||
+ || EVP_MD_CTX_reset(ctx) <= 0)
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
|
|
||||||
- || EVP_PKEY_verify_init(sctx) <= 0
|
|
||||||
+ /* sctx is not freed automatically inside the FIPS module */
|
|
||||||
+ EVP_PKEY_CTX_free(sctx);
|
|
||||||
+ sctx = NULL;
|
|
||||||
+
|
|
||||||
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
|
|
||||||
+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0
|
|
||||||
|| EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
OSSL_SELF_TEST_oncorrupt_byte(st, sig);
|
|
||||||
- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
|
|
||||||
+ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0)
|
|
||||||
goto err;
|
|
||||||
ret = 1;
|
|
||||||
err:
|
|
||||||
BN_CTX_free(bnctx);
|
|
||||||
EVP_PKEY_free(pkey);
|
|
||||||
- EVP_PKEY_CTX_free(kctx);
|
|
||||||
+ EVP_MD_free(md);
|
|
||||||
+ EVP_MD_CTX_free(ctx);
|
|
||||||
+ /* sctx is not freed automatically inside the FIPS module */
|
|
||||||
EVP_PKEY_CTX_free(sctx);
|
|
||||||
+ EVP_PKEY_CTX_free(kctx);
|
|
||||||
OSSL_PARAM_free(params);
|
|
||||||
OSSL_PARAM_free(params_sig);
|
|
||||||
OSSL_PARAM_BLD_free(bld);
|
|
||||||
--
|
|
||||||
2.37.1
|
|
||||||
|
|
@ -1,313 +0,0 @@
|
|||||||
From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001
|
|
||||||
From: Clemens Lang <cllang@redhat.com>
|
|
||||||
Date: Fri, 15 Jul 2022 17:45:40 +0200
|
|
||||||
Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test
|
|
||||||
|
|
||||||
In review for FIPS 140-3, the lack of a self-test for the digest_sign
|
|
||||||
and digest_verify provider functions was highlighted as a problem. NIST
|
|
||||||
no longer provides ACVP tests for the RSA SigVer primitive (see
|
|
||||||
https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3
|
|
||||||
recommends the use of functions that compute the digest and signature
|
|
||||||
within the module, we have been advised in our module review that the
|
|
||||||
self tests should also use the combined digest and signature APIs, i.e.
|
|
||||||
the digest_sign and digest_verify provider functions.
|
|
||||||
|
|
||||||
Modify the signature self-test to use these instead by switching to
|
|
||||||
EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to
|
|
||||||
crypto/evp/m_sigver.c to make these functions usable in the FIPS module.
|
|
||||||
|
|
||||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
||||||
---
|
|
||||||
crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------
|
|
||||||
providers/fips/self_test_kats.c | 37 +++++++++++++++-------------
|
|
||||||
2 files changed, 56 insertions(+), 24 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
|
|
||||||
index db1a1d7bc3..c94c3c53bd 100644
|
|
||||||
--- a/crypto/evp/m_sigver.c
|
|
||||||
+++ b/crypto/evp/m_sigver.c
|
|
||||||
@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
|
|
||||||
ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* If we get the "NULL" md then the name comes back as "UNDEF". We want to use
|
|
||||||
@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
reinit = 0;
|
|
||||||
if (e == NULL)
|
|
||||||
ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
else
|
|
||||||
ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
}
|
|
||||||
if (ctx->pctx == NULL)
|
|
||||||
return 0;
|
|
||||||
@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
locpctx = ctx->pctx;
|
|
||||||
ERR_set_mark();
|
|
||||||
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
if (evp_pkey_ctx_is_legacy(locpctx))
|
|
||||||
goto legacy;
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
|
|
||||||
/* do not reinitialize if pkey is set or operation is different */
|
|
||||||
if (reinit
|
|
||||||
@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
signature =
|
|
||||||
evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
|
|
||||||
supported_sig, locpctx->propquery);
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
if (signature == NULL)
|
|
||||||
goto legacy;
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (signature == NULL)
|
|
||||||
@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
|
|
||||||
if (ctx->fetched_digest != NULL) {
|
|
||||||
ctx->digest = ctx->reqdigest = ctx->fetched_digest;
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
} else {
|
|
||||||
/* legacy engine support : remove the mark when this is deleted */
|
|
||||||
ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
|
|
||||||
@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
}
|
|
||||||
(void)ERR_pop_to_mark();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
if (ctx->reqdigest != NULL
|
|
||||||
&& !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
|
|
||||||
&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
|
|
||||||
@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
|
|
||||||
if (ver) {
|
|
||||||
if (signature->digest_verify_init == NULL) {
|
|
||||||
@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
EVP_KEYMGMT_free(tmp_keymgmt);
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
legacy:
|
|
||||||
/*
|
|
||||||
* If we don't have the full support we need with provided methods,
|
|
||||||
@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
ctx->pctx->flag_call_digest_custom = 1;
|
|
||||||
|
|
||||||
ret = 1;
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
|
|
||||||
end:
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
||||||
return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1,
|
|
||||||
NULL);
|
|
||||||
}
|
|
||||||
-#endif /* FIPS_MDOE */
|
|
||||||
|
|
||||||
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
|
|
||||||
{
|
|
||||||
@@ -541,23 +553,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
|
|
||||||
return EVP_DigestUpdate(ctx, data, dsize);
|
|
||||||
}
|
|
||||||
|
|
||||||
-#ifndef FIPS_MODULE
|
|
||||||
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
|
||||||
size_t *siglen)
|
|
||||||
{
|
|
||||||
- int sctx = 0, r = 0;
|
|
||||||
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
|
|
||||||
+ int r = 0;
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
+ int sctx = 0;
|
|
||||||
+ EVP_PKEY_CTX *dctx;
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
+ EVP_PKEY_CTX *pctx = ctx->pctx;
|
|
||||||
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
if (pctx == NULL
|
|
||||||
|| pctx->operation != EVP_PKEY_OP_SIGNCTX
|
|
||||||
|| pctx->op.sig.algctx == NULL
|
|
||||||
|| pctx->op.sig.signature == NULL)
|
|
||||||
goto legacy;
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
|
|
||||||
if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
|
|
||||||
return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
|
|
||||||
sigret, siglen,
|
|
||||||
sigret == NULL ? 0 : *siglen);
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
dctx = EVP_PKEY_CTX_dup(pctx);
|
|
||||||
if (dctx == NULL)
|
|
||||||
return 0;
|
|
||||||
@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
|
||||||
sigret, siglen,
|
|
||||||
*siglen);
|
|
||||||
EVP_PKEY_CTX_free(dctx);
|
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
|
||||||
return r;
|
|
||||||
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
legacy:
|
|
||||||
if (pctx == NULL || pctx->pmeth == NULL) {
|
|
||||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
||||||
@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return 1;
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
}
|
|
||||||
|
|
||||||
int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
|
|
||||||
@@ -669,21 +690,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
|
|
||||||
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|
|
||||||
size_t siglen)
|
|
||||||
{
|
|
||||||
- unsigned char md[EVP_MAX_MD_SIZE];
|
|
||||||
int r = 0;
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
+ unsigned char md[EVP_MAX_MD_SIZE];
|
|
||||||
unsigned int mdlen = 0;
|
|
||||||
int vctx = 0;
|
|
||||||
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
|
|
||||||
+ EVP_PKEY_CTX *dctx;
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
+ EVP_PKEY_CTX *pctx = ctx->pctx;
|
|
||||||
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
if (pctx == NULL
|
|
||||||
|| pctx->operation != EVP_PKEY_OP_VERIFYCTX
|
|
||||||
|| pctx->op.sig.algctx == NULL
|
|
||||||
|| pctx->op.sig.signature == NULL)
|
|
||||||
goto legacy;
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
|
|
||||||
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
|
|
||||||
return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
|
|
||||||
sig, siglen);
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
dctx = EVP_PKEY_CTX_dup(pctx);
|
|
||||||
if (dctx == NULL)
|
|
||||||
return 0;
|
|
||||||
@@ -691,8 +718,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|
|
||||||
r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx,
|
|
||||||
sig, siglen);
|
|
||||||
EVP_PKEY_CTX_free(dctx);
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
return r;
|
|
||||||
|
|
||||||
+#ifndef FIPS_MODULE
|
|
||||||
legacy:
|
|
||||||
if (pctx == NULL || pctx->pmeth == NULL) {
|
|
||||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
||||||
@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|
|
||||||
if (vctx || !r)
|
|
||||||
return r;
|
|
||||||
return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
|
|
||||||
+#endif /* !defined(FIPS_MODULE) */
|
|
||||||
}
|
|
||||||
|
|
||||||
int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
|
|
||||||
@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
|
|
||||||
return -1;
|
|
||||||
return EVP_DigestVerifyFinal(ctx, sigret, siglen);
|
|
||||||
}
|
|
||||||
-#endif /* FIPS_MODULE */
|
|
||||||
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
|
|
||||||
index b6d5e8e134..77eec075e6 100644
|
|
||||||
--- a/providers/fips/self_test_kats.c
|
|
||||||
+++ b/providers/fips/self_test_kats.c
|
|
||||||
@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
|
||||||
int ret = 0;
|
|
||||||
OSSL_PARAM *params = NULL, *params_sig = NULL;
|
|
||||||
OSSL_PARAM_BLD *bld = NULL;
|
|
||||||
+ EVP_MD *md = NULL;
|
|
||||||
+ EVP_MD_CTX *ctx = NULL;
|
|
||||||
EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
|
|
||||||
EVP_PKEY *pkey = NULL;
|
|
||||||
- unsigned char sig[256];
|
|
||||||
BN_CTX *bnctx = NULL;
|
|
||||||
BIGNUM *K = NULL;
|
|
||||||
+ const char *msg = "Hello World!";
|
|
||||||
+ unsigned char sig[256];
|
|
||||||
size_t siglen = sizeof(sig);
|
|
||||||
static const unsigned char dgst[] = {
|
|
||||||
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
|
|
||||||
@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
|
||||||
|| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
- /* Create a EVP_PKEY_CTX to use for the signing operation */
|
|
||||||
- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
|
|
||||||
- if (sctx == NULL
|
|
||||||
- || EVP_PKEY_sign_init(sctx) <= 0)
|
|
||||||
- goto err;
|
|
||||||
-
|
|
||||||
- /* set signature parameters */
|
|
||||||
- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
|
|
||||||
- t->mdalgorithm,
|
|
||||||
- strlen(t->mdalgorithm) + 1))
|
|
||||||
- goto err;
|
|
||||||
+ /* Create a EVP_MD_CTX to use for the signature operation, assign signature
|
|
||||||
+ * parameters and sign */
|
|
||||||
params_sig = OSSL_PARAM_BLD_to_param(bld);
|
|
||||||
- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
|
|
||||||
+ md = EVP_MD_fetch(libctx, "SHA256", NULL);
|
|
||||||
+ ctx = EVP_MD_CTX_new();
|
|
||||||
+ if (md == NULL || ctx == NULL)
|
|
||||||
+ goto err;
|
|
||||||
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
|
|
||||||
+ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0
|
|
||||||
+ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0
|
|
||||||
+ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0
|
|
||||||
+ || EVP_MD_CTX_reset(ctx) <= 0)
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
|
|
||||||
- || EVP_PKEY_verify_init(sctx) <= 0
|
|
||||||
+ /* sctx is not freed automatically inside the FIPS module */
|
|
||||||
+ EVP_PKEY_CTX_free(sctx);
|
|
||||||
+ sctx = NULL;
|
|
||||||
+
|
|
||||||
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
|
|
||||||
+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0
|
|
||||||
|| EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
OSSL_SELF_TEST_oncorrupt_byte(st, sig);
|
|
||||||
- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
|
|
||||||
+ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0)
|
|
||||||
goto err;
|
|
||||||
ret = 1;
|
|
||||||
err:
|
|
||||||
BN_CTX_free(bnctx);
|
|
||||||
EVP_PKEY_free(pkey);
|
|
||||||
- EVP_PKEY_CTX_free(kctx);
|
|
||||||
+ EVP_MD_free(md);
|
|
||||||
+ EVP_MD_CTX_free(ctx);
|
|
||||||
+ /* sctx is not freed automatically inside the FIPS module */
|
|
||||||
EVP_PKEY_CTX_free(sctx);
|
|
||||||
+ EVP_PKEY_CTX_free(kctx);
|
|
||||||
OSSL_PARAM_free(params);
|
|
||||||
OSSL_PARAM_free(params_sig);
|
|
||||||
OSSL_PARAM_BLD_free(bld);
|
|
||||||
--
|
|
||||||
2.37.1
|
|
||||||
|
|
@ -1,378 +0,0 @@
|
|||||||
From e385647549c467fe263b68b72dd21bdfb875ee88 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Clemens Lang <cllang@redhat.com>
|
|
||||||
Date: Fri, 22 Jul 2022 17:51:16 +0200
|
|
||||||
Subject: [PATCH 2/2] FIPS: Use FFDHE2048 in self test
|
|
||||||
|
|
||||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
||||||
---
|
|
||||||
providers/fips/self_test_data.inc | 342 +++++++++++++++---------------
|
|
||||||
1 file changed, 172 insertions(+), 170 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
|
|
||||||
index a29cc650b5..1b5623833f 100644
|
|
||||||
--- a/providers/fips/self_test_data.inc
|
|
||||||
+++ b/providers/fips/self_test_data.inc
|
|
||||||
@@ -821,188 +821,190 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] =
|
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_DH
|
|
||||||
/* DH KAT */
|
|
||||||
+/* RFC7919 FFDHE2048 p */
|
|
||||||
static const unsigned char dh_p[] = {
|
|
||||||
- 0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25,
|
|
||||||
- 0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0,
|
|
||||||
- 0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66,
|
|
||||||
- 0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b,
|
|
||||||
- 0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe,
|
|
||||||
- 0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce,
|
|
||||||
- 0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d,
|
|
||||||
- 0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d,
|
|
||||||
- 0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde,
|
|
||||||
- 0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb,
|
|
||||||
- 0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17,
|
|
||||||
- 0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0,
|
|
||||||
- 0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97,
|
|
||||||
- 0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9,
|
|
||||||
- 0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7,
|
|
||||||
- 0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1,
|
|
||||||
- 0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d,
|
|
||||||
- 0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82,
|
|
||||||
- 0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4,
|
|
||||||
- 0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c,
|
|
||||||
- 0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b,
|
|
||||||
- 0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50,
|
|
||||||
- 0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31,
|
|
||||||
- 0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44,
|
|
||||||
- 0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5,
|
|
||||||
- 0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80,
|
|
||||||
- 0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12,
|
|
||||||
- 0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94,
|
|
||||||
- 0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7,
|
|
||||||
- 0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1,
|
|
||||||
- 0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d,
|
|
||||||
- 0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69
|
|
||||||
-};
|
|
||||||
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
||||||
+ 0xad, 0xf8, 0x54, 0x58, 0xa2, 0xbb, 0x4a, 0x9a,
|
|
||||||
+ 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1,
|
|
||||||
+ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95,
|
|
||||||
+ 0xa9, 0xe1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xfb,
|
|
||||||
+ 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9,
|
|
||||||
+ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8,
|
|
||||||
+ 0xf6, 0x81, 0xb2, 0x02, 0xae, 0xc4, 0x61, 0x7a,
|
|
||||||
+ 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61,
|
|
||||||
+ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0,
|
|
||||||
+ 0x85, 0x63, 0x65, 0x55, 0x3d, 0xed, 0x1a, 0xf3,
|
|
||||||
+ 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35,
|
|
||||||
+ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77,
|
|
||||||
+ 0xe2, 0xa6, 0x89, 0xda, 0xf3, 0xef, 0xe8, 0x72,
|
|
||||||
+ 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35,
|
|
||||||
+ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a,
|
|
||||||
+ 0xbc, 0x0a, 0xb1, 0x82, 0xb3, 0x24, 0xfb, 0x61,
|
|
||||||
+ 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb,
|
|
||||||
+ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68,
|
|
||||||
+ 0x1d, 0x4f, 0x42, 0xa3, 0xde, 0x39, 0x4d, 0xf4,
|
|
||||||
+ 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19,
|
|
||||||
+ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70,
|
|
||||||
+ 0x9e, 0x02, 0xfc, 0xe1, 0xcd, 0xf7, 0xe2, 0xec,
|
|
||||||
+ 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61,
|
|
||||||
+ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff,
|
|
||||||
+ 0x8e, 0x4f, 0x12, 0x32, 0xee, 0xf2, 0x81, 0x83,
|
|
||||||
+ 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73,
|
|
||||||
+ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05,
|
|
||||||
+ 0xc5, 0x8e, 0xf1, 0x83, 0x7d, 0x16, 0x83, 0xb2,
|
|
||||||
+ 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa,
|
|
||||||
+ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97,
|
|
||||||
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
|
||||||
+};
|
|
||||||
+/* RFC7919 FFDHE2048 q */
|
|
||||||
static const unsigned char dh_q[] = {
|
|
||||||
- 0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e,
|
|
||||||
- 0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83,
|
|
||||||
- 0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea,
|
|
||||||
- 0x11, 0xac, 0xb5, 0x7d
|
|
||||||
-};
|
|
||||||
+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
|
||||||
+ 0xd6, 0xfc, 0x2a, 0x2c, 0x51, 0x5d, 0xa5, 0x4d,
|
|
||||||
+ 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
|
|
||||||
+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a,
|
|
||||||
+ 0xd4, 0xf0, 0x9b, 0x20, 0x8a, 0x32, 0x19, 0xfd,
|
|
||||||
+ 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
|
|
||||||
+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec,
|
|
||||||
+ 0x7b, 0x40, 0xd9, 0x01, 0x57, 0x62, 0x30, 0xbd,
|
|
||||||
+ 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
|
|
||||||
+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68,
|
|
||||||
+ 0x42, 0xb1, 0xb2, 0xaa, 0x9e, 0xf6, 0x8d, 0x79,
|
|
||||||
+ 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
|
|
||||||
+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb,
|
|
||||||
+ 0xf1, 0x53, 0x44, 0xed, 0x79, 0xf7, 0xf4, 0x39,
|
|
||||||
+ 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
|
|
||||||
+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd,
|
|
||||||
+ 0x5e, 0x05, 0x58, 0xc1, 0x59, 0x92, 0x7d, 0xb0,
|
|
||||||
+ 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
|
|
||||||
+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34,
|
|
||||||
+ 0x0e, 0xa7, 0xa1, 0x51, 0xef, 0x1c, 0xa6, 0xfa,
|
|
||||||
+ 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
|
|
||||||
+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8,
|
|
||||||
+ 0x4f, 0x01, 0x7e, 0x70, 0xe6, 0xfb, 0xf1, 0x76,
|
|
||||||
+ 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
|
|
||||||
+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff,
|
|
||||||
+ 0xc7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xc1,
|
|
||||||
+ 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
|
|
||||||
+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02,
|
|
||||||
+ 0xe2, 0xc7, 0x78, 0xc1, 0xbe, 0x8b, 0x41, 0xd9,
|
|
||||||
+ 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
|
|
||||||
+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b,
|
|
||||||
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
|
||||||
+};
|
|
||||||
+/* RFC7919 FFDHE2048 g */
|
|
||||||
static const unsigned char dh_g[] = {
|
|
||||||
- 0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39,
|
|
||||||
- 0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f,
|
|
||||||
- 0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0,
|
|
||||||
- 0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f,
|
|
||||||
- 0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f,
|
|
||||||
- 0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a,
|
|
||||||
- 0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4,
|
|
||||||
- 0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c,
|
|
||||||
- 0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20,
|
|
||||||
- 0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25,
|
|
||||||
- 0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53,
|
|
||||||
- 0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9,
|
|
||||||
- 0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc,
|
|
||||||
- 0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9,
|
|
||||||
- 0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43,
|
|
||||||
- 0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86,
|
|
||||||
- 0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16,
|
|
||||||
- 0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40,
|
|
||||||
- 0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23,
|
|
||||||
- 0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa,
|
|
||||||
- 0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6,
|
|
||||||
- 0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2,
|
|
||||||
- 0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61,
|
|
||||||
- 0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a,
|
|
||||||
- 0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef,
|
|
||||||
- 0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f,
|
|
||||||
- 0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3,
|
|
||||||
- 0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a,
|
|
||||||
- 0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4,
|
|
||||||
- 0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74,
|
|
||||||
- 0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4,
|
|
||||||
- 0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32
|
|
||||||
+ 0x02
|
|
||||||
};
|
|
||||||
static const unsigned char dh_priv[] = {
|
|
||||||
- 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a,
|
|
||||||
- 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70,
|
|
||||||
- 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15,
|
|
||||||
- 0x40, 0xb8, 0xfc, 0xe6
|
|
||||||
+ 0x01, 0xdc, 0x2a, 0xb9, 0x87, 0x71, 0x57, 0x0f,
|
|
||||||
+ 0xcd, 0x93, 0x65, 0x4c, 0xa1, 0xd6, 0x56, 0x6d,
|
|
||||||
+ 0xc5, 0x35, 0xd5, 0xcb, 0x4c, 0xb8, 0xad, 0x8d,
|
|
||||||
+ 0x6c, 0xdc, 0x5d, 0x6e, 0x94
|
|
||||||
};
|
|
||||||
static const unsigned char dh_pub[] = {
|
|
||||||
- 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04,
|
|
||||||
- 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69,
|
|
||||||
- 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59,
|
|
||||||
- 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b,
|
|
||||||
- 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c,
|
|
||||||
- 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21,
|
|
||||||
- 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06,
|
|
||||||
- 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb,
|
|
||||||
- 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2,
|
|
||||||
- 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0,
|
|
||||||
- 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83,
|
|
||||||
- 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90,
|
|
||||||
- 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2,
|
|
||||||
- 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7,
|
|
||||||
- 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0,
|
|
||||||
- 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88,
|
|
||||||
- 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb,
|
|
||||||
- 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a,
|
|
||||||
- 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97,
|
|
||||||
- 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d,
|
|
||||||
- 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf,
|
|
||||||
- 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e,
|
|
||||||
- 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f,
|
|
||||||
- 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d,
|
|
||||||
- 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1,
|
|
||||||
- 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c,
|
|
||||||
- 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47,
|
|
||||||
- 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e,
|
|
||||||
- 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f,
|
|
||||||
- 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9,
|
|
||||||
- 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c,
|
|
||||||
- 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3
|
|
||||||
+ 0x00, 0xc4, 0x82, 0x14, 0x69, 0x16, 0x4c, 0x05,
|
|
||||||
+ 0x55, 0x2a, 0x7e, 0x55, 0x6d, 0x02, 0xbb, 0x7f,
|
|
||||||
+ 0xcc, 0x63, 0x74, 0xee, 0xcb, 0xb4, 0x98, 0x43,
|
|
||||||
+ 0x0e, 0x29, 0x43, 0x0d, 0x44, 0xc7, 0xf1, 0x23,
|
|
||||||
+ 0x81, 0xca, 0x1c, 0x5c, 0xc3, 0xff, 0x01, 0x4a,
|
|
||||||
+ 0x1a, 0x03, 0x9e, 0x5f, 0xd1, 0x4e, 0xa0, 0x0b,
|
|
||||||
+ 0xb9, 0x5c, 0x0d, 0xef, 0x14, 0x01, 0x62, 0x3c,
|
|
||||||
+ 0x8a, 0x8e, 0x60, 0xbb, 0x39, 0xd6, 0x38, 0x63,
|
|
||||||
+ 0xb7, 0x65, 0xd0, 0x0b, 0x1a, 0xaf, 0x53, 0x38,
|
|
||||||
+ 0x10, 0x0f, 0x3e, 0xeb, 0x9d, 0x0c, 0x24, 0xf6,
|
|
||||||
+ 0xe3, 0x70, 0x08, 0x8a, 0x4d, 0x01, 0xf8, 0x7a,
|
|
||||||
+ 0x87, 0x49, 0x64, 0x72, 0xb1, 0x75, 0x3b, 0x94,
|
|
||||||
+ 0xc8, 0x09, 0x2d, 0x6a, 0x63, 0xd8, 0x9a, 0x92,
|
|
||||||
+ 0xb9, 0x5b, 0x1a, 0xc3, 0x47, 0x0b, 0x63, 0x44,
|
|
||||||
+ 0x3b, 0xe3, 0xc0, 0x09, 0xc9, 0xf9, 0x02, 0x53,
|
|
||||||
+ 0xd8, 0xfb, 0x06, 0x44, 0xdb, 0xdf, 0xe8, 0x13,
|
|
||||||
+ 0x2b, 0x40, 0x6a, 0xd4, 0x13, 0x4e, 0x52, 0x30,
|
|
||||||
+ 0xd6, 0xc1, 0xd8, 0x59, 0x9d, 0x59, 0xba, 0x1b,
|
|
||||||
+ 0xbf, 0xaa, 0x6f, 0xe9, 0x3d, 0xfd, 0xff, 0x01,
|
|
||||||
+ 0x0b, 0x54, 0xe0, 0x6a, 0x4e, 0x27, 0x2b, 0x3d,
|
|
||||||
+ 0xe8, 0xef, 0xb0, 0xbe, 0x52, 0xc3, 0x52, 0x18,
|
|
||||||
+ 0x6f, 0xa3, 0x27, 0xab, 0x6c, 0x12, 0xc3, 0x81,
|
|
||||||
+ 0xcb, 0xae, 0x23, 0x11, 0xa0, 0x5d, 0xc3, 0x6f,
|
|
||||||
+ 0x23, 0x17, 0x40, 0xb3, 0x05, 0x4f, 0x5d, 0xb7,
|
|
||||||
+ 0x34, 0xbe, 0x87, 0x2c, 0xa9, 0x9e, 0x98, 0x39,
|
|
||||||
+ 0xbf, 0x2e, 0x9d, 0xad, 0x4f, 0x70, 0xad, 0xed,
|
|
||||||
+ 0x1b, 0x5e, 0x47, 0x90, 0x49, 0x2e, 0x61, 0x71,
|
|
||||||
+ 0x5f, 0x07, 0x0b, 0x35, 0x04, 0xfc, 0x53, 0xce,
|
|
||||||
+ 0x58, 0x60, 0x6c, 0x5b, 0x8b, 0xfe, 0x70, 0x04,
|
|
||||||
+ 0x2a, 0x6a, 0x98, 0x0a, 0xd0, 0x80, 0xae, 0x69,
|
|
||||||
+ 0x95, 0xf9, 0x99, 0x18, 0xfc, 0xe4, 0x8e, 0xed,
|
|
||||||
+ 0x61, 0xd9, 0x02, 0x9d, 0x4e, 0x05, 0xe9, 0xf2,
|
|
||||||
+ 0x32
|
|
||||||
};
|
|
||||||
static const unsigned char dh_peer_pub[] = {
|
|
||||||
- 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a,
|
|
||||||
- 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d,
|
|
||||||
- 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58,
|
|
||||||
- 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32,
|
|
||||||
- 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb,
|
|
||||||
- 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0,
|
|
||||||
- 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0,
|
|
||||||
- 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc,
|
|
||||||
- 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1,
|
|
||||||
- 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e,
|
|
||||||
- 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97,
|
|
||||||
- 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05,
|
|
||||||
- 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3,
|
|
||||||
- 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f,
|
|
||||||
- 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7,
|
|
||||||
- 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1,
|
|
||||||
- 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96,
|
|
||||||
- 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf,
|
|
||||||
- 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22,
|
|
||||||
- 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98,
|
|
||||||
- 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42,
|
|
||||||
- 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c,
|
|
||||||
- 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde,
|
|
||||||
- 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20,
|
|
||||||
- 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22,
|
|
||||||
- 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3,
|
|
||||||
- 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3,
|
|
||||||
- 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2,
|
|
||||||
- 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00,
|
|
||||||
- 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51,
|
|
||||||
- 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f,
|
|
||||||
- 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b
|
|
||||||
+ 0x00, 0xef, 0x15, 0x02, 0xf5, 0x56, 0xa3, 0x79,
|
|
||||||
+ 0x40, 0x58, 0xbc, 0xeb, 0x56, 0xad, 0xcb, 0xda,
|
|
||||||
+ 0x8c, 0xda, 0xb8, 0xd1, 0xda, 0x6f, 0x25, 0x29,
|
|
||||||
+ 0x9e, 0x43, 0x76, 0x2d, 0xb2, 0xd8, 0xbc, 0x84,
|
|
||||||
+ 0xbc, 0x85, 0xd0, 0x94, 0x8d, 0x44, 0x27, 0x57,
|
|
||||||
+ 0xe4, 0xdf, 0xc1, 0x78, 0x42, 0x8f, 0x08, 0xf5,
|
|
||||||
+ 0x74, 0xfe, 0x02, 0x56, 0xd2, 0x09, 0xc8, 0x68,
|
|
||||||
+ 0xef, 0xed, 0x18, 0xc9, 0xfd, 0x2e, 0x95, 0x6c,
|
|
||||||
+ 0xba, 0x6c, 0x00, 0x0e, 0xf5, 0xd1, 0x1b, 0xf6,
|
|
||||||
+ 0x15, 0x14, 0x5b, 0x67, 0x22, 0x7c, 0x6a, 0x20,
|
|
||||||
+ 0x76, 0x43, 0x51, 0xef, 0x5e, 0x1e, 0xf9, 0x2d,
|
|
||||||
+ 0xd6, 0xb4, 0xc5, 0xc6, 0x18, 0x33, 0xd1, 0xa3,
|
|
||||||
+ 0x3b, 0xe6, 0xdd, 0x57, 0x9d, 0xad, 0x13, 0x7a,
|
|
||||||
+ 0x53, 0xde, 0xb3, 0x97, 0xc0, 0x7e, 0xd7, 0x77,
|
|
||||||
+ 0x6b, 0xf8, 0xbd, 0x13, 0x70, 0x8c, 0xba, 0x73,
|
|
||||||
+ 0x80, 0xb3, 0x80, 0x6f, 0xfb, 0x1c, 0xda, 0x53,
|
|
||||||
+ 0x4d, 0x3c, 0x8a, 0x2e, 0xa1, 0x37, 0xce, 0xb1,
|
|
||||||
+ 0xde, 0x45, 0x97, 0x58, 0x65, 0x4d, 0xcf, 0x05,
|
|
||||||
+ 0xbb, 0xc3, 0xd7, 0x38, 0x6d, 0x0a, 0x59, 0x7a,
|
|
||||||
+ 0x99, 0x15, 0xb7, 0x9a, 0x3d, 0xfd, 0x61, 0xe5,
|
|
||||||
+ 0x1a, 0xa2, 0xcc, 0xf6, 0xfe, 0xb1, 0xee, 0xe9,
|
|
||||||
+ 0xa9, 0xe2, 0xeb, 0x06, 0xbc, 0x14, 0x6e, 0x91,
|
|
||||||
+ 0x0d, 0xf1, 0xe3, 0xbb, 0xe0, 0x7e, 0x1d, 0x31,
|
|
||||||
+ 0x79, 0xf1, 0x6d, 0x5f, 0xcb, 0xaf, 0xb2, 0x4f,
|
|
||||||
+ 0x22, 0x12, 0xbf, 0x72, 0xbd, 0xd0, 0x30, 0xe4,
|
|
||||||
+ 0x1c, 0x35, 0x96, 0x61, 0x98, 0x39, 0xfb, 0x7e,
|
|
||||||
+ 0x6d, 0x66, 0xc4, 0x69, 0x41, 0x0d, 0x0d, 0x59,
|
|
||||||
+ 0xbb, 0xa7, 0xbf, 0x34, 0xe0, 0x39, 0x36, 0x84,
|
|
||||||
+ 0x5e, 0x0e, 0x03, 0x2d, 0xcf, 0xaa, 0x02, 0x8a,
|
|
||||||
+ 0xba, 0x59, 0x88, 0x47, 0xc4, 0x4d, 0xd7, 0xbd,
|
|
||||||
+ 0x78, 0x76, 0x24, 0xf1, 0x45, 0x56, 0x44, 0xc2,
|
|
||||||
+ 0x4a, 0xc2, 0xd5, 0x3a, 0x59, 0x40, 0xab, 0x87,
|
|
||||||
+ 0x64
|
|
||||||
};
|
|
||||||
|
|
||||||
static const unsigned char dh_secret_expected[] = {
|
|
||||||
- 0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a,
|
|
||||||
- 0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a,
|
|
||||||
- 0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c,
|
|
||||||
- 0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe,
|
|
||||||
- 0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2,
|
|
||||||
- 0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21,
|
|
||||||
- 0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53,
|
|
||||||
- 0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd,
|
|
||||||
- 0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87,
|
|
||||||
- 0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4,
|
|
||||||
- 0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d,
|
|
||||||
- 0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd,
|
|
||||||
- 0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33,
|
|
||||||
- 0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe,
|
|
||||||
- 0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a,
|
|
||||||
- 0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73,
|
|
||||||
- 0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad,
|
|
||||||
- 0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0,
|
|
||||||
- 0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79,
|
|
||||||
- 0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9,
|
|
||||||
- 0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2,
|
|
||||||
- 0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6,
|
|
||||||
- 0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae,
|
|
||||||
- 0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57,
|
|
||||||
- 0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a,
|
|
||||||
- 0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63,
|
|
||||||
- 0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9,
|
|
||||||
- 0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86,
|
|
||||||
- 0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5,
|
|
||||||
- 0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00,
|
|
||||||
- 0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52,
|
|
||||||
- 0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6
|
|
||||||
+ 0x56, 0x13, 0xe3, 0x12, 0x6b, 0x5f, 0x67, 0xe5,
|
|
||||||
+ 0x08, 0xe5, 0x35, 0x0e, 0x11, 0x90, 0x9d, 0xf5,
|
|
||||||
+ 0x1a, 0x24, 0xfa, 0x42, 0xd1, 0x4a, 0x50, 0x93,
|
|
||||||
+ 0x5b, 0xf4, 0x11, 0x6f, 0xd0, 0xc3, 0xc5, 0xa5,
|
|
||||||
+ 0x80, 0xae, 0x01, 0x3d, 0x66, 0x92, 0xc0, 0x3e,
|
|
||||||
+ 0x5f, 0xe9, 0x75, 0xb6, 0x5b, 0x37, 0x82, 0x39,
|
|
||||||
+ 0x72, 0x66, 0x0b, 0xa2, 0x73, 0x94, 0xe5, 0x04,
|
|
||||||
+ 0x7c, 0x0c, 0x19, 0x9a, 0x03, 0x53, 0xc4, 0x9d,
|
|
||||||
+ 0xc1, 0x0f, 0xc3, 0xec, 0x0e, 0x2e, 0xa3, 0x7c,
|
|
||||||
+ 0x07, 0x0e, 0xaf, 0x18, 0x1d, 0xc7, 0x8b, 0x47,
|
|
||||||
+ 0x4b, 0x94, 0x05, 0x6d, 0xec, 0xdd, 0xa1, 0xae,
|
|
||||||
+ 0x7b, 0x21, 0x86, 0x53, 0xd3, 0x62, 0x38, 0x08,
|
|
||||||
+ 0xea, 0xda, 0xdc, 0xb2, 0x5a, 0x7c, 0xef, 0x19,
|
|
||||||
+ 0xf8, 0x29, 0xef, 0xf8, 0xd0, 0xfb, 0xde, 0xe8,
|
|
||||||
+ 0xb8, 0x2f, 0xb3, 0xa1, 0x16, 0xa2, 0xd0, 0x8f,
|
|
||||||
+ 0x48, 0xdc, 0x7d, 0xcb, 0xee, 0x5c, 0x06, 0x1e,
|
|
||||||
+ 0x2a, 0x66, 0xe8, 0x1f, 0xdb, 0x18, 0xe9, 0xd2,
|
|
||||||
+ 0xfd, 0xa2, 0x4e, 0x39, 0xa3, 0x2e, 0x88, 0x3d,
|
|
||||||
+ 0x7d, 0xac, 0x15, 0x18, 0x25, 0xe6, 0xba, 0xd4,
|
|
||||||
+ 0x0e, 0x89, 0x26, 0x60, 0x8f, 0xdc, 0x4a, 0xb4,
|
|
||||||
+ 0x49, 0x8f, 0x98, 0xe8, 0x62, 0x8c, 0xc6, 0x66,
|
|
||||||
+ 0x20, 0x4c, 0xe1, 0xed, 0xfc, 0x01, 0x88, 0x46,
|
|
||||||
+ 0xa7, 0x67, 0x48, 0x39, 0xc5, 0x22, 0x95, 0xa0,
|
|
||||||
+ 0x23, 0xb9, 0xd1, 0xed, 0x87, 0xcf, 0xa7, 0x70,
|
|
||||||
+ 0x1c, 0xac, 0xd3, 0xaf, 0x5c, 0x26, 0x50, 0x3c,
|
|
||||||
+ 0xe4, 0x23, 0xb6, 0xcc, 0xd7, 0xc5, 0xda, 0x2f,
|
|
||||||
+ 0xf4, 0x45, 0xf1, 0xe4, 0x40, 0xb5, 0x0a, 0x25,
|
|
||||||
+ 0x86, 0xe6, 0xde, 0x11, 0x3c, 0x46, 0x16, 0xbc,
|
|
||||||
+ 0x41, 0xc2, 0x28, 0x19, 0x81, 0x5a, 0x46, 0x02,
|
|
||||||
+ 0x87, 0xd0, 0x15, 0x0c, 0xd2, 0xfe, 0x75, 0x04,
|
|
||||||
+ 0x82, 0xd2, 0x0a, 0xb7, 0xbc, 0xc5, 0x6c, 0xb1,
|
|
||||||
+ 0x41, 0xa8, 0x2b, 0x28, 0xbb, 0x86, 0x0c, 0x89
|
|
||||||
};
|
|
||||||
|
|
||||||
static const ST_KAT_PARAM dh_group[] = {
|
|
||||||
--
|
|
||||||
2.35.3
|
|
||||||
|
|
@ -1,129 +0,0 @@
|
|||||||
diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c
|
|
||||||
--- openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand 2022-08-03 11:09:01.301637515 +0200
|
|
||||||
+++ openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c 2022-08-03 11:13:00.058688605 +0200
|
|
||||||
@@ -48,6 +48,8 @@
|
|
||||||
# include <fcntl.h>
|
|
||||||
# include <unistd.h>
|
|
||||||
# include <sys/time.h>
|
|
||||||
+# include <sys/random.h>
|
|
||||||
+# include <openssl/evp.h>
|
|
||||||
|
|
||||||
static uint64_t get_time_stamp(void);
|
|
||||||
static uint64_t get_timer_bits(void);
|
|
||||||
@@ -342,66 +342,8 @@ static ssize_t syscall_random(void *buf,
|
|
||||||
* which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
|
|
||||||
* between size_t and ssize_t is safe even without a range check.
|
|
||||||
*/
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
- * Do runtime detection to find getentropy().
|
|
||||||
- *
|
|
||||||
- * Known OSs that should support this:
|
|
||||||
- * - Darwin since 16 (OSX 10.12, IOS 10.0).
|
|
||||||
- * - Solaris since 11.3
|
|
||||||
- * - OpenBSD since 5.6
|
|
||||||
- * - Linux since 3.17 with glibc 2.25
|
|
||||||
- * - FreeBSD since 12.0 (1200061)
|
|
||||||
- *
|
|
||||||
- * Note: Sometimes getentropy() can be provided but not implemented
|
|
||||||
- * internally. So we need to check errno for ENOSYS
|
|
||||||
- */
|
|
||||||
-# if !defined(__DragonFly__) && !defined(__NetBSD__)
|
|
||||||
-# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
|
|
||||||
- extern int getentropy(void *buffer, size_t length) __attribute__((weak));
|
|
||||||
-
|
|
||||||
- if (getentropy != NULL) {
|
|
||||||
- if (getentropy(buf, buflen) == 0)
|
|
||||||
- return (ssize_t)buflen;
|
|
||||||
- if (errno != ENOSYS)
|
|
||||||
- return -1;
|
|
||||||
- }
|
|
||||||
-# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM)
|
|
||||||
-
|
|
||||||
- if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
|
|
||||||
- return (ssize_t)buflen;
|
|
||||||
-
|
|
||||||
- return -1;
|
|
||||||
-# else
|
|
||||||
- union {
|
|
||||||
- void *p;
|
|
||||||
- int (*f)(void *buffer, size_t length);
|
|
||||||
- } p_getentropy;
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
- * We could cache the result of the lookup, but we normally don't
|
|
||||||
- * call this function often.
|
|
||||||
- */
|
|
||||||
- ERR_set_mark();
|
|
||||||
- p_getentropy.p = DSO_global_lookup("getentropy");
|
|
||||||
- ERR_pop_to_mark();
|
|
||||||
- if (p_getentropy.p != NULL)
|
|
||||||
- return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
|
||||||
-# endif
|
|
||||||
-# endif /* !__DragonFly__ */
|
|
||||||
-
|
|
||||||
- /* Linux supports this since version 3.17 */
|
|
||||||
-# if defined(__linux) && defined(__NR_getrandom)
|
|
||||||
- return syscall(__NR_getrandom, buf, buflen, 0);
|
|
||||||
-# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
|
||||||
- return sysctl_random(buf, buflen);
|
|
||||||
-# elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \
|
|
||||||
- || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000)
|
|
||||||
- return getrandom(buf, buflen, 0);
|
|
||||||
-# else
|
|
||||||
- errno = ENOSYS;
|
|
||||||
- return -1;
|
|
||||||
-# endif
|
|
||||||
+ /* Red Hat uses downstream patch to always seed from getrandom() */
|
|
||||||
+ return EVP_default_properties_is_fips_enabled(NULL) ? getrandom(buf, buflen, GRND_RANDOM) : getrandom(buf, buflen, 0);
|
|
||||||
}
|
|
||||||
# endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
|
|
||||||
|
|
||||||
diff -up openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand openssl-3.0.1/providers/implementations/rands/drbg.c
|
|
||||||
--- openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand 2022-08-03 12:14:39.409370134 +0200
|
|
||||||
+++ openssl-3.0.1/providers/implementations/rands/drbg.c 2022-08-03 12:19:06.320700346 +0200
|
|
||||||
@@ -575,6 +575,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drb
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ prediction_resistance = 1;
|
|
||||||
+#endif
|
|
||||||
/* Reseed using our sources in addition */
|
|
||||||
entropylen = get_entropy(drbg, &entropy, drbg->strength,
|
|
||||||
drbg->min_entropylen, drbg->max_entropylen,
|
|
||||||
diff -up openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand openssl-3.0.1/crypto/rand/prov_seed.c
|
|
||||||
--- openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand 2022-08-04 12:17:52.148556301 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/rand/prov_seed.c 2022-08-04 12:19:41.783533552 +0200
|
|
||||||
@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused
|
|
||||||
size_t entropy_available;
|
|
||||||
RAND_POOL *pool;
|
|
||||||
|
|
||||||
- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
|
|
||||||
+ /*
|
|
||||||
+ * OpenSSL still implements an internal entropy pool of
|
|
||||||
+ * some size that is hashed to get seed data.
|
|
||||||
+ * Note that this is a conditioning step for which SP800-90C requires
|
|
||||||
+ * 64 additional bits from the entropy source to claim the requested
|
|
||||||
+ * amount of entropy.
|
|
||||||
+ */
|
|
||||||
+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len);
|
|
||||||
if (pool == NULL) {
|
|
||||||
ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
|
|
||||||
return 0;
|
|
||||||
diff -up openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand openssl-3.0.1/providers/implementations/rands/crngt.c
|
|
||||||
--- openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand 2022-08-04 11:56:10.100950299 +0200
|
|
||||||
+++ openssl-3.0.1/providers/implementations/rands/crngt.c 2022-08-04 11:59:11.241564925 +0200
|
|
||||||
@@ -139,7 +139,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG
|
|
||||||
* to the nearest byte. If the entropy is of less than full quality,
|
|
||||||
* the amount required should be scaled up appropriately here.
|
|
||||||
*/
|
|
||||||
- bytes_needed = (entropy + 7) / 8;
|
|
||||||
+ /*
|
|
||||||
+ * FIPS 140-3: the yet draft SP800-90C requires requested entropy
|
|
||||||
+ * + 128 bits during initial seeding
|
|
||||||
+ */
|
|
||||||
+ bytes_needed = (entropy + 128 + 7) / 8;
|
|
||||||
if (bytes_needed < min_len)
|
|
||||||
bytes_needed = min_len;
|
|
||||||
if (bytes_needed > max_len)
|
|
@ -1,76 +0,0 @@
|
|||||||
diff -up openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero openssl-3.0.1/crypto/ffc/ffc_params.c
|
|
||||||
--- openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero 2022-08-05 13:11:27.211413931 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/ffc/ffc_params.c 2022-08-05 13:11:34.151475891 +0200
|
|
||||||
@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *pa
|
|
||||||
|
|
||||||
void ossl_ffc_params_cleanup(FFC_PARAMS *params)
|
|
||||||
{
|
|
||||||
- BN_free(params->p);
|
|
||||||
- BN_free(params->q);
|
|
||||||
- BN_free(params->g);
|
|
||||||
- BN_free(params->j);
|
|
||||||
+ BN_clear_free(params->p);
|
|
||||||
+ BN_clear_free(params->q);
|
|
||||||
+ BN_clear_free(params->g);
|
|
||||||
+ BN_clear_free(params->j);
|
|
||||||
OPENSSL_free(params->seed);
|
|
||||||
ossl_ffc_params_init(params);
|
|
||||||
}
|
|
||||||
diff -up openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero openssl-3.0.1/crypto/rsa/rsa_lib.c
|
|
||||||
--- openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero 2022-08-05 13:08:31.875848536 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/rsa/rsa_lib.c 2022-08-05 13:09:35.438416025 +0200
|
|
||||||
@@ -155,8 +155,8 @@ void RSA_free(RSA *r)
|
|
||||||
|
|
||||||
CRYPTO_THREAD_lock_free(r->lock);
|
|
||||||
|
|
||||||
- BN_free(r->n);
|
|
||||||
- BN_free(r->e);
|
|
||||||
+ BN_clear_free(r->n);
|
|
||||||
+ BN_clear_free(r->e);
|
|
||||||
BN_clear_free(r->d);
|
|
||||||
BN_clear_free(r->p);
|
|
||||||
BN_clear_free(r->q);
|
|
||||||
diff -up openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero openssl-3.0.1/providers/implementations/kdfs/hkdf.c
|
|
||||||
--- openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero 2022-08-05 13:14:58.827303241 +0200
|
|
||||||
+++ openssl-3.0.1/providers/implementations/kdfs/hkdf.c 2022-08-05 13:16:24.530068399 +0200
|
|
||||||
@@ -116,7 +116,7 @@ static void kdf_hkdf_reset(void *vctx)
|
|
||||||
void *provctx = ctx->provctx;
|
|
||||||
|
|
||||||
ossl_prov_digest_reset(&ctx->digest);
|
|
||||||
- OPENSSL_free(ctx->salt);
|
|
||||||
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
|
|
||||||
OPENSSL_free(ctx->prefix);
|
|
||||||
OPENSSL_free(ctx->label);
|
|
||||||
OPENSSL_clear_free(ctx->data, ctx->data_len);
|
|
||||||
diff -up openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c
|
|
||||||
--- openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero 2022-08-05 13:12:40.552068717 +0200
|
|
||||||
+++ openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c 2022-08-05 13:13:34.324548799 +0200
|
|
||||||
@@ -83,7 +83,7 @@ static void *kdf_pbkdf2_new(void *provct
|
|
||||||
static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx)
|
|
||||||
{
|
|
||||||
ossl_prov_digest_reset(&ctx->digest);
|
|
||||||
- OPENSSL_free(ctx->salt);
|
|
||||||
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
|
|
||||||
OPENSSL_clear_free(ctx->pass, ctx->pass_len);
|
|
||||||
memset(ctx, 0, sizeof(*ctx));
|
|
||||||
}
|
|
||||||
diff -up openssl-3.0.1/crypto/ec/ec_lib.c.fipszero openssl-3.0.1/crypto/ec/ec_lib.c
|
|
||||||
--- openssl-3.0.1/crypto/ec/ec_lib.c.fipszero 2022-08-05 13:48:32.221345774 +0200
|
|
||||||
+++ openssl-3.0.1/crypto/ec/ec_lib.c 2022-08-05 13:49:16.138741452 +0200
|
|
||||||
@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *g
|
|
||||||
|
|
||||||
void EC_POINT_free(EC_POINT *point)
|
|
||||||
{
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ EC_POINT_clear_free(point);
|
|
||||||
+#else
|
|
||||||
if (point == NULL)
|
|
||||||
return;
|
|
||||||
|
|
||||||
if (point->meth->point_finish != 0)
|
|
||||||
point->meth->point_finish(point);
|
|
||||||
OPENSSL_free(point);
|
|
||||||
+#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
void EC_POINT_clear_free(EC_POINT *point)
|
|
@ -1,119 +0,0 @@
|
|||||||
From c4b086fc4de06128695e1fe428f56d776d25e748 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Clemens Lang <cllang@redhat.com>
|
|
||||||
Date: Thu, 11 Aug 2022 09:27:12 +0200
|
|
||||||
Subject: [PATCH] Add FIPS indicator parameter to HKDF
|
|
||||||
|
|
||||||
NIST considers HKDF only acceptable when used as in TLS 1.3, and
|
|
||||||
otherwise unapproved. Add an explicit indicator attached to the
|
|
||||||
EVP_KDF_CTX that can be queried using EVP_KDF_CTX_get_params() to
|
|
||||||
determine whether the KDF operation was approved after performing it.
|
|
||||||
|
|
||||||
Related: rhbz#2114772
|
|
||||||
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
||||||
---
|
|
||||||
include/openssl/core_names.h | 1 +
|
|
||||||
include/openssl/kdf.h | 4 ++
|
|
||||||
providers/implementations/kdfs/hkdf.c | 53 +++++++++++++++++++++++++++
|
|
||||||
3 files changed, 58 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
|
||||||
index 21c94d0488..87786680d7 100644
|
|
||||||
--- a/include/openssl/core_names.h
|
|
||||||
+++ b/include/openssl/core_names.h
|
|
||||||
@@ -223,6 +223,7 @@ extern "C" {
|
|
||||||
#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
|
|
||||||
#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
|
|
||||||
#define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
|
|
||||||
+#define OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR "hkdf-fips-indicator"
|
|
||||||
|
|
||||||
/* Known KDF names */
|
|
||||||
#define OSSL_KDF_NAME_HKDF "HKDF"
|
|
||||||
diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
|
|
||||||
index 0983230a48..869f23d8fb 100644
|
|
||||||
--- a/include/openssl/kdf.h
|
|
||||||
+++ b/include/openssl/kdf.h
|
|
||||||
@@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *kdf,
|
|
||||||
# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1
|
|
||||||
# define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2
|
|
||||||
|
|
||||||
+# define EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED 0
|
|
||||||
+# define EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED 1
|
|
||||||
+# define EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED 2
|
|
||||||
+
|
|
||||||
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65
|
|
||||||
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66
|
|
||||||
#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
|
|
||||||
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
|
|
||||||
index afdb7138e1..9d28d292d8 100644
|
|
||||||
--- a/providers/implementations/kdfs/hkdf.c
|
|
||||||
+++ b/providers/implementations/kdfs/hkdf.c
|
|
||||||
@@ -298,6 +298,56 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
|
||||||
return 0;
|
|
||||||
return OSSL_PARAM_set_size_t(p, sz);
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ if ((p = OSSL_PARAM_locate(params,
|
|
||||||
+ OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR)) != NULL) {
|
|
||||||
+ int fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED;
|
|
||||||
+ switch (ctx->mode) {
|
|
||||||
+ case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
|
|
||||||
+ /* TLS 1.3 never uses extract-and-expand */
|
|
||||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
|
|
||||||
+ break;
|
|
||||||
+ case EVP_KDF_HKDF_MODE_EXTRACT_ONLY:
|
|
||||||
+ {
|
|
||||||
+ /* When TLS 1.3 uses extract, the following holds:
|
|
||||||
+ * 1. The salt length matches the hash length, and either
|
|
||||||
+ * 2.1. the key is all zeroes and matches the hash length, or
|
|
||||||
+ * 2.2. the key originates from a PSK (resumption_master_secret
|
|
||||||
+ * or some externally esablished key), or an ECDH or DH key
|
|
||||||
+ * derivation. See
|
|
||||||
+ * https://www.rfc-editor.org/rfc/rfc8446#section-7.1.
|
|
||||||
+ * Unfortunately at this point, we cannot verify where the key
|
|
||||||
+ * comes from, so all we can do is check the salt length.
|
|
||||||
+ */
|
|
||||||
+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
|
|
||||||
+ if (md != NULL && ctx->salt_len == EVP_MD_get_size(md))
|
|
||||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED;
|
|
||||||
+ else
|
|
||||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
|
|
||||||
+ }
|
|
||||||
+ break;
|
|
||||||
+ case EVP_KDF_HKDF_MODE_EXPAND_ONLY:
|
|
||||||
+ /* When TLS 1.3 uses expand, it always provides a label that
|
|
||||||
+ * contains an uint16 for the length, followed by between 7 and 255
|
|
||||||
+ * bytes for a label string that starts with "tls13 " or "dtls13".
|
|
||||||
+ * For compatibility with future versions, we only check for "tls"
|
|
||||||
+ * or "dtls". See
|
|
||||||
+ * https://www.rfc-editor.org/rfc/rfc8446#section-7.1 and
|
|
||||||
+ * https://www.rfc-editor.org/rfc/rfc9147#section-5.9. */
|
|
||||||
+ if (ctx->label != NULL
|
|
||||||
+ && ctx->label_len >= 2 /* length */ + 4 /* "dtls" */
|
|
||||||
+ && (strncmp("tls", (const char *)ctx->label + 2, 3) == 0 ||
|
|
||||||
+ strncmp("dtls", (const char *)ctx->label + 2, 4) == 0))
|
|
||||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED;
|
|
||||||
+ else
|
|
||||||
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ return OSSL_PARAM_set_int(p, fips_indicator);
|
|
||||||
+ }
|
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
|
||||||
+
|
|
||||||
return -2;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -306,6 +356,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
|
|
||||||
{
|
|
||||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
|
||||||
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
|
||||||
+#ifdef FIPS_MODULE
|
|
||||||
+ OSSL_PARAM_int(OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR, NULL),
|
|
||||||
+#endif /* defined(FIPS_MODULE) */
|
|
||||||
OSSL_PARAM_END
|
|
||||||
};
|
|
||||||
return known_gettable_ctx_params;
|
|
||||||
--
|
|
||||||
2.37.1
|
|
||||||
|
|
@ -1,146 +0,0 @@
|
|||||||
From 5dee3e41a5b3f8934277de17a2ae192f43601948 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tomas Mraz <tomas@openssl.org>
|
|
||||||
Date: Fri, 9 Sep 2022 14:46:24 +0200
|
|
||||||
Subject: [PATCH] Fix AES-GCM on Power 8 CPUs
|
|
||||||
|
|
||||||
Properly fallback to the default implementation on CPUs
|
|
||||||
missing necessary instructions.
|
|
||||||
|
|
||||||
Fixes #19163
|
|
||||||
|
|
||||||
(cherry picked from commit 24344d387178d45b37a1fbc51519c390e9a4effe)
|
|
||||||
---
|
|
||||||
include/crypto/aes_platform.h | 12 +---
|
|
||||||
.../ciphers/cipher_aes_gcm_hw_ppc.inc | 72 ++++++++++++++-----
|
|
||||||
2 files changed, 56 insertions(+), 28 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h
|
|
||||||
index 0c281a366a..6830bad0e9 100644
|
|
||||||
--- a/include/crypto/aes_platform.h
|
|
||||||
+++ b/include/crypto/aes_platform.h
|
|
||||||
@@ -83,16 +83,8 @@ size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out,
|
|
||||||
size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out,
|
|
||||||
size_t len, const void *key, unsigned char ivec[16],
|
|
||||||
u64 *Xi);
|
|
||||||
-size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out,
|
|
||||||
- size_t len, const void *key,
|
|
||||||
- unsigned char ivec[16], u64 *Xi);
|
|
||||||
-size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out,
|
|
||||||
- size_t len, const void *key,
|
|
||||||
- unsigned char ivec[16], u64 *Xi);
|
|
||||||
-# define AES_gcm_encrypt ppc_aes_gcm_encrypt_wrap
|
|
||||||
-# define AES_gcm_decrypt ppc_aes_gcm_decrypt_wrap
|
|
||||||
-# define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \
|
|
||||||
- (gctx)->gcm.ghash==gcm_ghash_p8)
|
|
||||||
+# define AES_GCM_ASM_PPC(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \
|
|
||||||
+ (gctx)->gcm.ghash==gcm_ghash_p8)
|
|
||||||
void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len);
|
|
||||||
# endif /* PPC */
|
|
||||||
|
|
||||||
diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
|
|
||||||
index 4eed0f4ab0..03e3eddc41 100644
|
|
||||||
--- a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
|
|
||||||
+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
|
|
||||||
@@ -23,12 +23,6 @@ static int aes_ppc_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
-
|
|
||||||
-extern size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len,
|
|
||||||
- const void *key, unsigned char ivec[16], u64 *Xi);
|
|
||||||
-extern size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len,
|
|
||||||
- const void *key, unsigned char ivec[16], u64 *Xi);
|
|
||||||
-
|
|
||||||
static inline u32 UTO32(unsigned char *buf)
|
|
||||||
{
|
|
||||||
return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) | ((u32) buf[2] << 8) | ((u32) buf[3]);
|
|
||||||
@@ -47,7 +41,7 @@ static inline u32 add32TOU(unsigned char buf[4], u32 n)
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len,
|
|
||||||
+static size_t ppc_aes_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len,
|
|
||||||
const void *key, unsigned char ivec[16], u64 *Xi, int encrypt)
|
|
||||||
{
|
|
||||||
int s = 0;
|
|
||||||
@@ -90,24 +84,66 @@ static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, siz
|
|
||||||
return ndone;
|
|
||||||
}
|
|
||||||
|
|
||||||
-size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, size_t len,
|
|
||||||
- const void *key, unsigned char ivec[16], u64 *Xi)
|
|
||||||
-{
|
|
||||||
- return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 1);
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, size_t len,
|
|
||||||
- const void *key, unsigned char ivec[16], u64 *Xi)
|
|
||||||
+static int ppc_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
|
|
||||||
+ size_t len, unsigned char *out)
|
|
||||||
{
|
|
||||||
- return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 0);
|
|
||||||
+ if (ctx->enc) {
|
|
||||||
+ if (ctx->ctr != NULL) {
|
|
||||||
+ size_t bulk = 0;
|
|
||||||
+
|
|
||||||
+ if (len >= AES_GCM_ENC_BYTES && AES_GCM_ASM_PPC(ctx)) {
|
|
||||||
+ size_t res = (16 - ctx->gcm.mres) % 16;
|
|
||||||
+
|
|
||||||
+ if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, res))
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+ bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res,
|
|
||||||
+ ctx->gcm.key,
|
|
||||||
+ ctx->gcm.Yi.c, ctx->gcm.Xi.u, 1);
|
|
||||||
+
|
|
||||||
+ ctx->gcm.len.u[1] += bulk;
|
|
||||||
+ bulk += res;
|
|
||||||
+ }
|
|
||||||
+ if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
|
|
||||||
+ len - bulk, ctx->ctr))
|
|
||||||
+ return 0;
|
|
||||||
+ } else {
|
|
||||||
+ if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len))
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ } else {
|
|
||||||
+ if (ctx->ctr != NULL) {
|
|
||||||
+ size_t bulk = 0;
|
|
||||||
+
|
|
||||||
+ if (len >= AES_GCM_DEC_BYTES && AES_GCM_ASM_PPC(ctx)) {
|
|
||||||
+ size_t res = (16 - ctx->gcm.mres) % 16;
|
|
||||||
+
|
|
||||||
+ if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res))
|
|
||||||
+ return -1;
|
|
||||||
+
|
|
||||||
+ bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res,
|
|
||||||
+ ctx->gcm.key,
|
|
||||||
+ ctx->gcm.Yi.c, ctx->gcm.Xi.u, 0);
|
|
||||||
+
|
|
||||||
+ ctx->gcm.len.u[1] += bulk;
|
|
||||||
+ bulk += res;
|
|
||||||
+ }
|
|
||||||
+ if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
|
|
||||||
+ len - bulk, ctx->ctr))
|
|
||||||
+ return 0;
|
|
||||||
+ } else {
|
|
||||||
+ if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len))
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
-
|
|
||||||
static const PROV_GCM_HW aes_ppc_gcm = {
|
|
||||||
aes_ppc_gcm_initkey,
|
|
||||||
ossl_gcm_setiv,
|
|
||||||
ossl_gcm_aad_update,
|
|
||||||
- generic_aes_gcm_cipher_update,
|
|
||||||
+ ppc_aes_gcm_cipher_update,
|
|
||||||
ossl_gcm_cipher_final,
|
|
||||||
ossl_gcm_one_shot
|
|
||||||
};
|
|
||||||
--
|
|
||||||
2.37.3
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
@ -1,7 +0,0 @@
|
|||||||
/* Prepended at openssl package build-time. Don't include this file directly,
|
|
||||||
* use <openssl/opensslconf.h> instead. */
|
|
||||||
|
|
||||||
#ifndef openssl_conf_multilib_redirection_h
|
|
||||||
#error "Don't include this file directly, use <openssl/opensslconf.h> instead!"
|
|
||||||
#endif
|
|
||||||
|
|
@ -1,47 +0,0 @@
|
|||||||
/* This file is here to prevent a file conflict on multiarch systems. A
|
|
||||||
* conflict will frequently occur because arch-specific build-time
|
|
||||||
* configuration options are stored (and used, so they can't just be stripped
|
|
||||||
* out) in configuration.h. The original configuration.h has been renamed.
|
|
||||||
* DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
|
|
||||||
|
|
||||||
#ifdef openssl_conf_multilib_redirection_h
|
|
||||||
#error "Do not define openssl_conf_multilib_redirection_h!"
|
|
||||||
#endif
|
|
||||||
#define openssl_conf_multilib_redirection_h
|
|
||||||
|
|
||||||
#if defined(__i386__)
|
|
||||||
#include "configuration-i386.h"
|
|
||||||
#elif defined(__ia64__)
|
|
||||||
#include "configuration-ia64.h"
|
|
||||||
#elif defined(__mips64) && defined(__MIPSEL__)
|
|
||||||
#include "configuration-mips64el.h"
|
|
||||||
#elif defined(__mips64)
|
|
||||||
#include "configuration-mips64.h"
|
|
||||||
#elif defined(__mips) && defined(__MIPSEL__)
|
|
||||||
#include "configuration-mipsel.h"
|
|
||||||
#elif defined(__mips)
|
|
||||||
#include "configuration-mips.h"
|
|
||||||
#elif defined(__powerpc64__)
|
|
||||||
#include <endian.h>
|
|
||||||
#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
|
|
||||||
#include "configuration-ppc64.h"
|
|
||||||
#else
|
|
||||||
#include "configuration-ppc64le.h"
|
|
||||||
#endif
|
|
||||||
#elif defined(__powerpc__)
|
|
||||||
#include "configuration-ppc.h"
|
|
||||||
#elif defined(__s390x__)
|
|
||||||
#include "configuration-s390x.h"
|
|
||||||
#elif defined(__s390__)
|
|
||||||
#include "configuration-s390.h"
|
|
||||||
#elif defined(__sparc__) && defined(__arch64__)
|
|
||||||
#include "configuration-sparc64.h"
|
|
||||||
#elif defined(__sparc__)
|
|
||||||
#include "configuration-sparc.h"
|
|
||||||
#elif defined(__x86_64__)
|
|
||||||
#include "configuration-x86_64.h"
|
|
||||||
#else
|
|
||||||
#error "The openssl-devel package does not work your architecture?"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#undef openssl_conf_multilib_redirection_h
|
|
206
ec_curve.c
206
ec_curve.c
@ -1,24 +1,17 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
* in the file LICENSE in the source distribution or at
|
* in the file LICENSE in the source distribution or at
|
||||||
* https://www.openssl.org/source/license.html
|
* https://www.openssl.org/source/license.html
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
|
||||||
* ECDSA low level APIs are deprecated for public use, but still ok for
|
|
||||||
* internal use.
|
|
||||||
*/
|
|
||||||
#include "internal/deprecated.h"
|
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include "ec_local.h"
|
#include "ec_local.h"
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#include <openssl/obj_mac.h>
|
#include <openssl/obj_mac.h>
|
||||||
#include <openssl/objects.h>
|
|
||||||
#include <openssl/opensslconf.h>
|
#include <openssl/opensslconf.h>
|
||||||
#include "internal/nelem.h"
|
#include "internal/nelem.h"
|
||||||
|
|
||||||
@ -249,52 +242,6 @@ typedef struct _ec_list_element_st {
|
|||||||
const char *comment;
|
const char *comment;
|
||||||
} ec_list_element;
|
} ec_list_element;
|
||||||
|
|
||||||
#ifdef FIPS_MODULE
|
|
||||||
static const ec_list_element curve_list[] = {
|
|
||||||
/* prime field curves */
|
|
||||||
/* secg curves */
|
|
||||||
{NID_secp224r1, &_EC_NIST_PRIME_224.h,
|
|
||||||
# if !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
|
|
||||||
EC_GFp_nistp224_method,
|
|
||||||
# else
|
|
||||||
0,
|
|
||||||
# endif
|
|
||||||
"NIST/SECG curve over a 224 bit prime field"},
|
|
||||||
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
|
|
||||||
{NID_secp384r1, &_EC_NIST_PRIME_384.h,
|
|
||||||
# if defined(S390X_EC_ASM)
|
|
||||||
EC_GFp_s390x_nistp384_method,
|
|
||||||
# else
|
|
||||||
0,
|
|
||||||
# endif
|
|
||||||
"NIST/SECG curve over a 384 bit prime field"},
|
|
||||||
|
|
||||||
{NID_secp521r1, &_EC_NIST_PRIME_521.h,
|
|
||||||
# if defined(S390X_EC_ASM)
|
|
||||||
EC_GFp_s390x_nistp521_method,
|
|
||||||
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
|
|
||||||
EC_GFp_nistp521_method,
|
|
||||||
# else
|
|
||||||
0,
|
|
||||||
# endif
|
|
||||||
"NIST/SECG curve over a 521 bit prime field"},
|
|
||||||
|
|
||||||
/* X9.62 curves */
|
|
||||||
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
|
|
||||||
# if defined(ECP_NISTZ256_ASM)
|
|
||||||
EC_GFp_nistz256_method,
|
|
||||||
# elif defined(S390X_EC_ASM)
|
|
||||||
EC_GFp_s390x_nistp256_method,
|
|
||||||
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
|
|
||||||
EC_GFp_nistp256_method,
|
|
||||||
# else
|
|
||||||
0,
|
|
||||||
# endif
|
|
||||||
"X9.62/SECG curve over a 256 bit prime field"},
|
|
||||||
};
|
|
||||||
|
|
||||||
#else
|
|
||||||
|
|
||||||
static const ec_list_element curve_list[] = {
|
static const ec_list_element curve_list[] = {
|
||||||
/* prime field curves */
|
/* prime field curves */
|
||||||
/* secg curves */
|
/* secg curves */
|
||||||
@ -308,28 +255,19 @@ static const ec_list_element curve_list[] = {
|
|||||||
{NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
|
{NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
|
||||||
"SECG curve over a 256 bit prime field"},
|
"SECG curve over a 256 bit prime field"},
|
||||||
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
|
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
|
||||||
{NID_secp384r1, &_EC_NIST_PRIME_384.h,
|
{NID_secp384r1, &_EC_NIST_PRIME_384.h, 0,
|
||||||
# if defined(S390X_EC_ASM)
|
|
||||||
EC_GFp_s390x_nistp384_method,
|
|
||||||
# else
|
|
||||||
0,
|
|
||||||
# endif
|
|
||||||
"NIST/SECG curve over a 384 bit prime field"},
|
"NIST/SECG curve over a 384 bit prime field"},
|
||||||
{NID_secp521r1, &_EC_NIST_PRIME_521.h,
|
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||||
# if defined(S390X_EC_ASM)
|
{NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method,
|
||||||
EC_GFp_s390x_nistp521_method,
|
|
||||||
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
|
|
||||||
EC_GFp_nistp521_method,
|
|
||||||
# else
|
|
||||||
0,
|
|
||||||
# endif
|
|
||||||
"NIST/SECG curve over a 521 bit prime field"},
|
"NIST/SECG curve over a 521 bit prime field"},
|
||||||
|
#else
|
||||||
|
{NID_secp521r1, &_EC_NIST_PRIME_521.h, 0,
|
||||||
|
"NIST/SECG curve over a 521 bit prime field"},
|
||||||
|
#endif
|
||||||
/* X9.62 curves */
|
/* X9.62 curves */
|
||||||
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
|
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
|
||||||
#if defined(ECP_NISTZ256_ASM)
|
#if defined(ECP_NISTZ256_ASM)
|
||||||
EC_GFp_nistz256_method,
|
EC_GFp_nistz256_method,
|
||||||
# elif defined(S390X_EC_ASM)
|
|
||||||
EC_GFp_s390x_nistp256_method,
|
|
||||||
#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
|
#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
|
||||||
EC_GFp_nistp256_method,
|
EC_GFp_nistp256_method,
|
||||||
#else
|
#else
|
||||||
@ -337,27 +275,10 @@ static const ec_list_element curve_list[] = {
|
|||||||
#endif
|
#endif
|
||||||
"X9.62/SECG curve over a 256 bit prime field"},
|
"X9.62/SECG curve over a 256 bit prime field"},
|
||||||
};
|
};
|
||||||
#endif /* FIPS_MODULE */
|
|
||||||
|
|
||||||
#define curve_list_length OSSL_NELEM(curve_list)
|
#define curve_list_length OSSL_NELEM(curve_list)
|
||||||
|
|
||||||
static const ec_list_element *ec_curve_nid2curve(int nid)
|
static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
|
||||||
{
|
|
||||||
size_t i;
|
|
||||||
|
|
||||||
if (nid <= 0)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
for (i = 0; i < curve_list_length; i++) {
|
|
||||||
if (curve_list[i].nid == nid)
|
|
||||||
return &curve_list[i];
|
|
||||||
}
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx,
|
|
||||||
const char *propq,
|
|
||||||
const ec_list_element curve)
|
|
||||||
{
|
{
|
||||||
EC_GROUP *group = NULL;
|
EC_GROUP *group = NULL;
|
||||||
EC_POINT *P = NULL;
|
EC_POINT *P = NULL;
|
||||||
@ -372,11 +293,10 @@ static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx,
|
|||||||
|
|
||||||
/* If no curve data curve method must handle everything */
|
/* If no curve data curve method must handle everything */
|
||||||
if (curve.data == NULL)
|
if (curve.data == NULL)
|
||||||
return ossl_ec_group_new_ex(libctx, propq,
|
return EC_GROUP_new(curve.meth != NULL ? curve.meth() : NULL);
|
||||||
curve.meth != NULL ? curve.meth() : NULL);
|
|
||||||
|
|
||||||
if ((ctx = BN_CTX_new_ex(libctx)) == NULL) {
|
if ((ctx = BN_CTX_new()) == NULL) {
|
||||||
ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
|
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -389,20 +309,20 @@ static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx,
|
|||||||
if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL
|
if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL
|
||||||
|| (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL
|
|| (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL
|
||||||
|| (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) {
|
|| (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) {
|
||||||
ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
|
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (curve.meth != 0) {
|
if (curve.meth != 0) {
|
||||||
meth = curve.meth();
|
meth = curve.meth();
|
||||||
if (((group = ossl_ec_group_new_ex(libctx, propq, meth)) == NULL) ||
|
if (((group = EC_GROUP_new(meth)) == NULL) ||
|
||||||
(!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
|
(!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
|
||||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
|
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
} else if (data->field_type == NID_X9_62_prime_field) {
|
} else if (data->field_type == NID_X9_62_prime_field) {
|
||||||
if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
|
if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
|
||||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
|
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -411,7 +331,7 @@ static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx,
|
|||||||
* NID_X9_62_characteristic_two_field */
|
* NID_X9_62_characteristic_two_field */
|
||||||
|
|
||||||
if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
|
if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
|
||||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
|
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -420,31 +340,31 @@ static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx,
|
|||||||
EC_GROUP_set_curve_name(group, curve.nid);
|
EC_GROUP_set_curve_name(group, curve.nid);
|
||||||
|
|
||||||
if ((P = EC_POINT_new(group)) == NULL) {
|
if ((P = EC_POINT_new(group)) == NULL) {
|
||||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
|
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL
|
if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL
|
||||||
|| (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) {
|
|| (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) {
|
||||||
ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
|
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
|
if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
|
||||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
|
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL
|
if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL
|
||||||
|| !BN_set_word(x, (BN_ULONG)data->cofactor)) {
|
|| !BN_set_word(x, (BN_ULONG)data->cofactor)) {
|
||||||
ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
|
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (!EC_GROUP_set_generator(group, P, order, x)) {
|
if (!EC_GROUP_set_generator(group, P, order, x)) {
|
||||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
|
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (seed_len) {
|
if (seed_len) {
|
||||||
if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
|
if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
|
||||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
|
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -465,33 +385,28 @@ static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx,
|
|||||||
return group;
|
return group;
|
||||||
}
|
}
|
||||||
|
|
||||||
EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq,
|
EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
|
||||||
int nid)
|
|
||||||
{
|
{
|
||||||
|
size_t i;
|
||||||
EC_GROUP *ret = NULL;
|
EC_GROUP *ret = NULL;
|
||||||
const ec_list_element *curve;
|
|
||||||
|
|
||||||
if ((curve = ec_curve_nid2curve(nid)) == NULL
|
if (nid <= 0)
|
||||||
|| (ret = ec_group_new_from_data(libctx, propq, *curve)) == NULL) {
|
return NULL;
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
ERR_raise_data(ERR_LIB_EC, EC_R_UNKNOWN_GROUP,
|
for (i = 0; i < curve_list_length; i++)
|
||||||
"name=%s", OBJ_nid2sn(nid));
|
if (curve_list[i].nid == nid) {
|
||||||
#else
|
ret = ec_group_new_from_data(curve_list[i]);
|
||||||
ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
|
break;
|
||||||
#endif
|
}
|
||||||
|
|
||||||
|
if (ret == NULL) {
|
||||||
|
ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
|
|
||||||
{
|
|
||||||
return EC_GROUP_new_by_curve_name_ex(NULL, NULL, nid);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
|
size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
|
||||||
{
|
{
|
||||||
size_t i, min;
|
size_t i, min;
|
||||||
@ -509,14 +424,49 @@ size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
|
|||||||
return curve_list_length;
|
return curve_list_length;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Functions to translate between common NIST curve names and NIDs */
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
const char *name; /* NIST Name of curve */
|
||||||
|
int nid; /* Curve NID */
|
||||||
|
} EC_NIST_NAME;
|
||||||
|
|
||||||
|
static EC_NIST_NAME nist_curves[] = {
|
||||||
|
{"B-163", NID_sect163r2},
|
||||||
|
{"B-233", NID_sect233r1},
|
||||||
|
{"B-283", NID_sect283r1},
|
||||||
|
{"B-409", NID_sect409r1},
|
||||||
|
{"B-571", NID_sect571r1},
|
||||||
|
{"K-163", NID_sect163k1},
|
||||||
|
{"K-233", NID_sect233k1},
|
||||||
|
{"K-283", NID_sect283k1},
|
||||||
|
{"K-409", NID_sect409k1},
|
||||||
|
{"K-571", NID_sect571k1},
|
||||||
|
{"P-192", NID_X9_62_prime192v1},
|
||||||
|
{"P-224", NID_secp224r1},
|
||||||
|
{"P-256", NID_X9_62_prime256v1},
|
||||||
|
{"P-384", NID_secp384r1},
|
||||||
|
{"P-521", NID_secp521r1}
|
||||||
|
};
|
||||||
|
|
||||||
const char *EC_curve_nid2nist(int nid)
|
const char *EC_curve_nid2nist(int nid)
|
||||||
{
|
{
|
||||||
return ossl_ec_curve_nid2nist_int(nid);
|
size_t i;
|
||||||
|
for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
|
||||||
|
if (nist_curves[i].nid == nid)
|
||||||
|
return nist_curves[i].name;
|
||||||
|
}
|
||||||
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
int EC_curve_nist2nid(const char *name)
|
int EC_curve_nist2nid(const char *name)
|
||||||
{
|
{
|
||||||
return ossl_ec_curve_nist2nid_int(name);
|
size_t i;
|
||||||
|
for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
|
||||||
|
if (strcmp(nist_curves[i].name, name) == 0)
|
||||||
|
return nist_curves[i].nid;
|
||||||
|
}
|
||||||
|
return NID_undef;
|
||||||
}
|
}
|
||||||
|
|
||||||
#define NUM_BN_FIELDS 6
|
#define NUM_BN_FIELDS 6
|
||||||
@ -528,7 +478,7 @@ int EC_curve_nist2nid(const char *name)
|
|||||||
* Returns: The nid associated with the found named curve, or NID_undef
|
* Returns: The nid associated with the found named curve, or NID_undef
|
||||||
* if not found. If there was an error it returns -1.
|
* if not found. If there was an error it returns -1.
|
||||||
*/
|
*/
|
||||||
int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
|
int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
|
||||||
{
|
{
|
||||||
int ret = -1, nid, len, field_type, param_len;
|
int ret = -1, nid, len, field_type, param_len;
|
||||||
size_t i, seed_len;
|
size_t i, seed_len;
|
||||||
@ -536,13 +486,17 @@ int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
|
|||||||
unsigned char *param_bytes = NULL;
|
unsigned char *param_bytes = NULL;
|
||||||
const EC_CURVE_DATA *data;
|
const EC_CURVE_DATA *data;
|
||||||
const EC_POINT *generator = NULL;
|
const EC_POINT *generator = NULL;
|
||||||
|
const EC_METHOD *meth;
|
||||||
const BIGNUM *cofactor = NULL;
|
const BIGNUM *cofactor = NULL;
|
||||||
/* An array of BIGNUMs for (p, a, b, x, y, order) */
|
/* An array of BIGNUMs for (p, a, b, x, y, order) */
|
||||||
BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL};
|
BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL};
|
||||||
|
|
||||||
|
meth = EC_GROUP_method_of(group);
|
||||||
|
if (meth == NULL)
|
||||||
|
return -1;
|
||||||
/* Use the optional named curve nid as a search field */
|
/* Use the optional named curve nid as a search field */
|
||||||
nid = EC_GROUP_get_curve_name(group);
|
nid = EC_GROUP_get_curve_name(group);
|
||||||
field_type = EC_GROUP_get_field_type(group);
|
field_type = EC_METHOD_get_field_type(meth);
|
||||||
seed_len = EC_GROUP_get_seed_len(group);
|
seed_len = EC_GROUP_get_seed_len(group);
|
||||||
seed = EC_GROUP_get0_seed(group);
|
seed = EC_GROUP_get0_seed(group);
|
||||||
cofactor = EC_GROUP_get0_cofactor(group);
|
cofactor = EC_GROUP_get0_cofactor(group);
|
||||||
|
26
genpatches
26
genpatches
@ -1,26 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
if [ $# -ne 2 ] ; then
|
|
||||||
echo "Usage:"
|
|
||||||
echo " $0 <git-dir> <base-tag>"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
git_dir="$1"
|
|
||||||
base_tag="$2"
|
|
||||||
|
|
||||||
target_dir="$(pwd)"
|
|
||||||
|
|
||||||
pushd "$git_dir" >/dev/null
|
|
||||||
git format-patch -k -o "$target_dir" "$base_tag" >/dev/null
|
|
||||||
popd >/dev/null
|
|
||||||
|
|
||||||
echo "# Patches exported from source git"
|
|
||||||
|
|
||||||
i=1
|
|
||||||
for p in *.patch ; do
|
|
||||||
printf "# "
|
|
||||||
sed '/^Subject:/{s/^Subject: //;p};d' "$p"
|
|
||||||
printf "Patch%s: %s\n" $i "$p"
|
|
||||||
i=$(($i + 1))
|
|
||||||
done
|
|
11
openssl-1.1.0-issuer-hash.patch
Normal file
11
openssl-1.1.0-issuer-hash.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
diff -up openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash openssl-1.1.0-pre5/crypto/x509/x509_cmp.c
|
||||||
|
--- openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash 2016-07-18 15:16:32.788881100 +0200
|
||||||
|
+++ openssl-1.1.0-pre5/crypto/x509/x509_cmp.c 2016-07-18 15:17:16.671871840 +0200
|
||||||
|
@@ -87,6 +87,7 @@ unsigned long X509_issuer_and_serial_has
|
||||||
|
|
||||||
|
if (ctx == NULL)
|
||||||
|
goto err;
|
||||||
|
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
||||||
|
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
|
||||||
|
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
|
||||||
|
goto err;
|
27
openssl-1.1.1-alpn-cb.patch
Normal file
27
openssl-1.1.1-alpn-cb.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
commit 9e885a707d604e9528b5491b78fb9c00f41193fc
|
||||||
|
Author: Tomas Mraz <tmraz@fedoraproject.org>
|
||||||
|
Date: Thu Mar 26 15:59:00 2020 +0100
|
||||||
|
|
||||||
|
s_server: Properly indicate ALPN protocol mismatch
|
||||||
|
|
||||||
|
Return SSL_TLSEXT_ERR_ALERT_FATAL from alpn_select_cb so that
|
||||||
|
an alert is sent to the client on ALPN protocol mismatch.
|
||||||
|
|
||||||
|
Fixes: #2708
|
||||||
|
|
||||||
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||||
|
(Merged from https://github.com/openssl/openssl/pull/11415)
|
||||||
|
|
||||||
|
diff --git a/apps/s_server.c b/apps/s_server.c
|
||||||
|
index bcc83e562c..591c6c19c5 100644
|
||||||
|
--- a/apps/s_server.c
|
||||||
|
+++ b/apps/s_server.c
|
||||||
|
@@ -707,7 +707,7 @@ static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
|
||||||
|
if (SSL_select_next_proto
|
||||||
|
((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in,
|
||||||
|
inlen) != OPENSSL_NPN_NEGOTIATED) {
|
||||||
|
- return SSL_TLSEXT_ERR_NOACK;
|
||||||
|
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!s_quiet) {
|
12
openssl-1.1.1-apps-dgst.patch
Normal file
12
openssl-1.1.1-apps-dgst.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff -up openssl-1.1.1b/apps/ca.c.dgst openssl-1.1.1b/apps/ca.c
|
||||||
|
--- openssl-1.1.1b/apps/ca.c.dgst 2019-02-26 15:15:30.000000000 +0100
|
||||||
|
+++ openssl-1.1.1b/apps/ca.c 2019-03-15 15:53:46.622267688 +0100
|
||||||
|
@@ -169,7 +169,7 @@ const OPTIONS ca_options[] = {
|
||||||
|
{"enddate", OPT_ENDDATE, 's',
|
||||||
|
"YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
|
||||||
|
{"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
|
||||||
|
- {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
|
||||||
|
+ {"md", OPT_MD, 's', "md to use; see openssl help for list"},
|
||||||
|
{"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
|
||||||
|
{"keyfile", OPT_KEYFILE, 's', "Private key"},
|
||||||
|
{"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},
|
1434
openssl-1.1.1-arm-update.patch
Normal file
1434
openssl-1.1.1-arm-update.patch
Normal file
File diff suppressed because it is too large
Load Diff
40
openssl-1.1.1-build.patch
Normal file
40
openssl-1.1.1-build.patch
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
diff -up openssl-1.1.1f/Configurations/10-main.conf.build openssl-1.1.1f/Configurations/10-main.conf
|
||||||
|
--- openssl-1.1.1f/Configurations/10-main.conf.build 2020-03-31 14:17:45.000000000 +0200
|
||||||
|
+++ openssl-1.1.1f/Configurations/10-main.conf 2020-04-07 16:42:10.920546387 +0200
|
||||||
|
@@ -678,6 +678,7 @@ my %targets = (
|
||||||
|
cxxflags => add("-m64"),
|
||||||
|
lib_cppflags => add("-DL_ENDIAN"),
|
||||||
|
perlasm_scheme => "linux64le",
|
||||||
|
+ multilib => "64",
|
||||||
|
},
|
||||||
|
|
||||||
|
"linux-armv4" => {
|
||||||
|
@@ -718,6 +719,7 @@ my %targets = (
|
||||||
|
"linux-aarch64" => {
|
||||||
|
inherit_from => [ "linux-generic64", asm("aarch64_asm") ],
|
||||||
|
perlasm_scheme => "linux64",
|
||||||
|
+ multilib => "64",
|
||||||
|
},
|
||||||
|
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
|
||||||
|
inherit_from => [ "linux-generic32", asm("aarch64_asm") ],
|
||||||
|
diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build openssl-1.1.1f/Configurations/unix-Makefile.tmpl
|
||||||
|
--- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build 2020-04-07 16:42:10.920546387 +0200
|
||||||
|
+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-04-07 16:44:23.539142108 +0200
|
||||||
|
@@ -823,7 +823,7 @@ uninstall_runtime_libs:
|
||||||
|
install_man_docs:
|
||||||
|
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
|
||||||
|
@$(ECHO) "*** Installing manpages"
|
||||||
|
- $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||||
|
+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||||
|
"--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX)
|
||||||
|
|
||||||
|
uninstall_man_docs:
|
||||||
|
@@ -835,7 +835,7 @@ uninstall_man_docs:
|
||||||
|
install_html_docs:
|
||||||
|
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
|
||||||
|
@$(ECHO) "*** Installing HTML manpages"
|
||||||
|
- $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||||
|
+ TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
|
||||||
|
"--destdir=$(DESTDIR)$(HTMLDIR)" --type=html
|
||||||
|
|
||||||
|
uninstall_html_docs:
|
56
openssl-1.1.1-conf-paths.patch
Normal file
56
openssl-1.1.1-conf-paths.patch
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
diff -up openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths openssl-1.1.1-pre8/apps/CA.pl.in
|
||||||
|
--- openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths 2018-06-20 16:48:09.000000000 +0200
|
||||||
|
+++ openssl-1.1.1-pre8/apps/CA.pl.in 2018-07-25 17:26:58.388624296 +0200
|
||||||
|
@@ -33,7 +33,7 @@ my $X509 = "$openssl x509";
|
||||||
|
my $PKCS12 = "$openssl pkcs12";
|
||||||
|
|
||||||
|
# default openssl.cnf file has setup as per the following
|
||||||
|
-my $CATOP = "./demoCA";
|
||||||
|
+my $CATOP = "/etc/pki/CA";
|
||||||
|
my $CAKEY = "cakey.pem";
|
||||||
|
my $CAREQ = "careq.pem";
|
||||||
|
my $CACERT = "cacert.pem";
|
||||||
|
diff -up openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths openssl-1.1.1-pre8/apps/openssl.cnf
|
||||||
|
--- openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths 2018-07-25 17:26:58.378624057 +0200
|
||||||
|
+++ openssl-1.1.1-pre8/apps/openssl.cnf 2018-07-27 13:20:08.198513471 +0200
|
||||||
|
@@ -23,6 +23,22 @@ oid_section = new_oids
|
||||||
|
# (Alternatively, use a configuration file that has only
|
||||||
|
# X.509v3 extensions in its main [= default] section.)
|
||||||
|
|
||||||
|
+# Load default TLS policy configuration
|
||||||
|
+
|
||||||
|
+openssl_conf = default_modules
|
||||||
|
+
|
||||||
|
+[ default_modules ]
|
||||||
|
+
|
||||||
|
+ssl_conf = ssl_module
|
||||||
|
+
|
||||||
|
+[ ssl_module ]
|
||||||
|
+
|
||||||
|
+system_default = crypto_policy
|
||||||
|
+
|
||||||
|
+[ crypto_policy ]
|
||||||
|
+
|
||||||
|
+.include = /etc/crypto-policies/back-ends/opensslcnf.config
|
||||||
|
+
|
||||||
|
[ new_oids ]
|
||||||
|
|
||||||
|
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
|
||||||
|
@@ -43,7 +59,7 @@ default_ca = CA_default # The default c
|
||||||
|
####################################################################
|
||||||
|
[ CA_default ]
|
||||||
|
|
||||||
|
-dir = ./demoCA # Where everything is kept
|
||||||
|
+dir = /etc/pki/CA # Where everything is kept
|
||||||
|
certs = $dir/certs # Where the issued certs are kept
|
||||||
|
crl_dir = $dir/crl # Where the issued crl are kept
|
||||||
|
database = $dir/index.txt # database index file.
|
||||||
|
@@ -329,7 +345,7 @@ default_tsa = tsa_config1 # the default
|
||||||
|
[ tsa_config1 ]
|
||||||
|
|
||||||
|
# These are used by the TSA reply generation only.
|
||||||
|
-dir = ./demoCA # TSA root directory
|
||||||
|
+dir = /etc/pki/CA # TSA root directory
|
||||||
|
serial = $dir/tsaserial # The current serial number (mandatory)
|
||||||
|
crypto_device = builtin # OpenSSL engine to use for signing
|
||||||
|
signer_cert = $dir/tsacert.pem # The TSA signing certificate
|
@ -1,21 +1,7 @@
|
|||||||
From 41df9ae215cee9574e17e6f887c96a7c97d588f5 Mon Sep 17 00:00:00 2001
|
diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cnf
|
||||||
From: Tomas Mraz <tmraz@fedoraproject.org>
|
--- openssl-1.1.1a/apps/openssl.cnf.defaults 2018-11-20 14:35:37.000000000 +0100
|
||||||
Date: Thu, 24 Sep 2020 09:03:40 +0200
|
+++ openssl-1.1.1a/apps/openssl.cnf 2019-01-15 13:56:50.841719776 +0100
|
||||||
Subject: Use more general default values in openssl.cnf
|
@@ -74,7 +74,7 @@ cert_opt = ca_default # Certificate fi
|
||||||
|
|
||||||
Also set sha256 as default hash, although that should not be
|
|
||||||
necessary anymore.
|
|
||||||
|
|
||||||
(was openssl-1.1.1-defaults.patch)
|
|
||||||
---
|
|
||||||
apps/openssl.cnf | 12 +++++++-----
|
|
||||||
1 file changed, 7 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
|
|
||||||
index 97567a67be..eb25a0ac48 100644
|
|
||||||
--- a/apps/openssl.cnf
|
|
||||||
+++ b/apps/openssl.cnf
|
|
||||||
@@ -104,7 +104,7 @@ cert_opt = ca_default # Certificate field options
|
|
||||||
|
|
||||||
default_days = 365 # how long to certify for
|
default_days = 365 # how long to certify for
|
||||||
default_crl_days= 30 # how long before next CRL
|
default_crl_days= 30 # how long before next CRL
|
||||||
@ -24,7 +10,7 @@ index 97567a67be..eb25a0ac48 100644
|
|||||||
preserve = no # keep passed DN ordering
|
preserve = no # keep passed DN ordering
|
||||||
|
|
||||||
# A few difference way of specifying how similar the request should look
|
# A few difference way of specifying how similar the request should look
|
||||||
@@ -136,6 +136,7 @@ emailAddress = optional
|
@@ -106,6 +106,7 @@ emailAddress = optional
|
||||||
####################################################################
|
####################################################################
|
||||||
[ req ]
|
[ req ]
|
||||||
default_bits = 2048
|
default_bits = 2048
|
||||||
@ -32,7 +18,7 @@ index 97567a67be..eb25a0ac48 100644
|
|||||||
default_keyfile = privkey.pem
|
default_keyfile = privkey.pem
|
||||||
distinguished_name = req_distinguished_name
|
distinguished_name = req_distinguished_name
|
||||||
attributes = req_attributes
|
attributes = req_attributes
|
||||||
@@ -158,17 +159,18 @@ string_mask = utf8only
|
@@ -128,17 +129,18 @@ string_mask = utf8only
|
||||||
|
|
||||||
[ req_distinguished_name ]
|
[ req_distinguished_name ]
|
||||||
countryName = Country Name (2 letter code)
|
countryName = Country Name (2 letter code)
|
||||||
@ -54,7 +40,7 @@ index 97567a67be..eb25a0ac48 100644
|
|||||||
|
|
||||||
# we can do this but it is not needed normally :-)
|
# we can do this but it is not needed normally :-)
|
||||||
#1.organizationName = Second Organization Name (eg, company)
|
#1.organizationName = Second Organization Name (eg, company)
|
||||||
@@ -177,7 +179,7 @@ localityName = Locality Name (eg, city)
|
@@ -147,7 +149,7 @@ localityName = Locality Name (eg, city
|
||||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||||
#organizationalUnitName_default =
|
#organizationalUnitName_default =
|
||||||
|
|
||||||
@ -63,6 +49,3 @@ index 97567a67be..eb25a0ac48 100644
|
|||||||
commonName_max = 64
|
commonName_max = 64
|
||||||
|
|
||||||
emailAddress = Email Address
|
emailAddress = Email Address
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
91
openssl-1.1.1-disable-ssl3.patch
Normal file
91
openssl-1.1.1-disable-ssl3.patch
Normal file
@ -0,0 +1,91 @@
|
|||||||
|
diff -up openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_client.c
|
||||||
|
--- openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200
|
||||||
|
+++ openssl-1.1.1-pre8/apps/s_client.c 2018-07-16 18:16:40.070186323 +0200
|
||||||
|
@@ -1681,6 +1681,9 @@ int s_client_main(int argc, char **argv)
|
||||||
|
if (sdebug)
|
||||||
|
ssl_ctx_security_debug(ctx, sdebug);
|
||||||
|
|
||||||
|
+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
|
||||||
|
+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
|
||||||
|
+
|
||||||
|
if (!config_ctx(cctx, ssl_args, ctx))
|
||||||
|
goto end;
|
||||||
|
|
||||||
|
diff -up openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_server.c
|
||||||
|
--- openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 2018-07-16 18:08:20.000487628 +0200
|
||||||
|
+++ openssl-1.1.1-pre8/apps/s_server.c 2018-07-16 18:17:17.300055551 +0200
|
||||||
|
@@ -1760,6 +1760,9 @@ int s_server_main(int argc, char *argv[]
|
||||||
|
if (sdebug)
|
||||||
|
ssl_ctx_security_debug(ctx, sdebug);
|
||||||
|
|
||||||
|
+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
|
||||||
|
+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
|
||||||
|
+
|
||||||
|
if (!config_ctx(cctx, ssl_args, ctx))
|
||||||
|
goto end;
|
||||||
|
|
||||||
|
diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.1-pre8/ssl/ssl_lib.c
|
||||||
|
--- openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 2018-06-20 16:48:13.000000000 +0200
|
||||||
|
+++ openssl-1.1.1-pre8/ssl/ssl_lib.c 2018-07-16 18:08:20.001487652 +0200
|
||||||
|
@@ -3016,6 +3016,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
|
||||||
|
*/
|
||||||
|
ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
|
||||||
|
|
||||||
|
+ if (meth->version != SSL3_VERSION) {
|
||||||
|
+ /*
|
||||||
|
+ * Disable SSLv3 by default. Applications can
|
||||||
|
+ * re-enable it by configuring
|
||||||
|
+ * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
|
||||||
|
+ * or by using the SSL_CONF API.
|
||||||
|
+ */
|
||||||
|
+ ret->options |= SSL_OP_NO_SSLv3;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
|
||||||
|
|
||||||
|
/*
|
||||||
|
diff -up openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 openssl-1.1.1-pre8/test/ssl_test.c
|
||||||
|
--- openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200
|
||||||
|
+++ openssl-1.1.1-pre8/test/ssl_test.c 2018-07-16 18:18:34.806865121 +0200
|
||||||
|
@@ -443,6 +443,7 @@ static int test_handshake(int idx)
|
||||||
|
SSL_TEST_SERVERNAME_CB_NONE) {
|
||||||
|
if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
|
||||||
|
goto err;
|
||||||
|
+ SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3);
|
||||||
|
if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,
|
||||||
|
TLS_MAX_VERSION)))
|
||||||
|
goto err;
|
||||||
|
@@ -464,6 +465,8 @@ static int test_handshake(int idx)
|
||||||
|
if (!TEST_ptr(resume_server_ctx)
|
||||||
|
|| !TEST_ptr(resume_client_ctx))
|
||||||
|
goto err;
|
||||||
|
+ SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3);
|
||||||
|
+ SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -477,6 +480,9 @@ static int test_handshake(int idx)
|
||||||
|
|| !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
+ SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3);
|
||||||
|
+ SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3);
|
||||||
|
+
|
||||||
|
if (!SSL_CTX_config(server_ctx, "server")
|
||||||
|
|| !SSL_CTX_config(client_ctx, "client")) {
|
||||||
|
goto err;
|
||||||
|
diff -up openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 openssl-1.1.1-pre8/test/ssltest_old.c
|
||||||
|
--- openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 2018-06-20 16:48:15.000000000 +0200
|
||||||
|
+++ openssl-1.1.1-pre8/test/ssltest_old.c 2018-07-16 18:08:20.002487676 +0200
|
||||||
|
@@ -1358,6 +1358,11 @@ int main(int argc, char *argv[])
|
||||||
|
ERR_print_errors(bio_err);
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3);
|
||||||
|
+ SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3);
|
||||||
|
+ SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3);
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Since we will use low security ciphersuites and keys for testing set
|
||||||
|
* security level to zero by default. Tests can override this by adding
|
266
openssl-1.1.1-ec-curves.patch
Normal file
266
openssl-1.1.1-ec-curves.patch
Normal file
@ -0,0 +1,266 @@
|
|||||||
|
diff -up openssl-1.1.1h/apps/speed.c.curves openssl-1.1.1h/apps/speed.c
|
||||||
|
--- openssl-1.1.1h/apps/speed.c.curves 2020-09-22 14:55:07.000000000 +0200
|
||||||
|
+++ openssl-1.1.1h/apps/speed.c 2020-11-06 13:27:15.659288431 +0100
|
||||||
|
@@ -490,90 +490,30 @@ static double rsa_results[RSA_NUM][2];
|
||||||
|
#endif /* OPENSSL_NO_RSA */
|
||||||
|
|
||||||
|
enum {
|
||||||
|
- R_EC_P160,
|
||||||
|
- R_EC_P192,
|
||||||
|
R_EC_P224,
|
||||||
|
R_EC_P256,
|
||||||
|
R_EC_P384,
|
||||||
|
R_EC_P521,
|
||||||
|
-#ifndef OPENSSL_NO_EC2M
|
||||||
|
- R_EC_K163,
|
||||||
|
- R_EC_K233,
|
||||||
|
- R_EC_K283,
|
||||||
|
- R_EC_K409,
|
||||||
|
- R_EC_K571,
|
||||||
|
- R_EC_B163,
|
||||||
|
- R_EC_B233,
|
||||||
|
- R_EC_B283,
|
||||||
|
- R_EC_B409,
|
||||||
|
- R_EC_B571,
|
||||||
|
-#endif
|
||||||
|
- R_EC_BRP256R1,
|
||||||
|
- R_EC_BRP256T1,
|
||||||
|
- R_EC_BRP384R1,
|
||||||
|
- R_EC_BRP384T1,
|
||||||
|
- R_EC_BRP512R1,
|
||||||
|
- R_EC_BRP512T1,
|
||||||
|
R_EC_X25519,
|
||||||
|
R_EC_X448
|
||||||
|
};
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_EC
|
||||||
|
static OPT_PAIR ecdsa_choices[] = {
|
||||||
|
- {"ecdsap160", R_EC_P160},
|
||||||
|
- {"ecdsap192", R_EC_P192},
|
||||||
|
{"ecdsap224", R_EC_P224},
|
||||||
|
{"ecdsap256", R_EC_P256},
|
||||||
|
{"ecdsap384", R_EC_P384},
|
||||||
|
{"ecdsap521", R_EC_P521},
|
||||||
|
-# ifndef OPENSSL_NO_EC2M
|
||||||
|
- {"ecdsak163", R_EC_K163},
|
||||||
|
- {"ecdsak233", R_EC_K233},
|
||||||
|
- {"ecdsak283", R_EC_K283},
|
||||||
|
- {"ecdsak409", R_EC_K409},
|
||||||
|
- {"ecdsak571", R_EC_K571},
|
||||||
|
- {"ecdsab163", R_EC_B163},
|
||||||
|
- {"ecdsab233", R_EC_B233},
|
||||||
|
- {"ecdsab283", R_EC_B283},
|
||||||
|
- {"ecdsab409", R_EC_B409},
|
||||||
|
- {"ecdsab571", R_EC_B571},
|
||||||
|
-# endif
|
||||||
|
- {"ecdsabrp256r1", R_EC_BRP256R1},
|
||||||
|
- {"ecdsabrp256t1", R_EC_BRP256T1},
|
||||||
|
- {"ecdsabrp384r1", R_EC_BRP384R1},
|
||||||
|
- {"ecdsabrp384t1", R_EC_BRP384T1},
|
||||||
|
- {"ecdsabrp512r1", R_EC_BRP512R1},
|
||||||
|
- {"ecdsabrp512t1", R_EC_BRP512T1}
|
||||||
|
};
|
||||||
|
# define ECDSA_NUM OSSL_NELEM(ecdsa_choices)
|
||||||
|
|
||||||
|
static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
|
||||||
|
|
||||||
|
static const OPT_PAIR ecdh_choices[] = {
|
||||||
|
- {"ecdhp160", R_EC_P160},
|
||||||
|
- {"ecdhp192", R_EC_P192},
|
||||||
|
{"ecdhp224", R_EC_P224},
|
||||||
|
{"ecdhp256", R_EC_P256},
|
||||||
|
{"ecdhp384", R_EC_P384},
|
||||||
|
{"ecdhp521", R_EC_P521},
|
||||||
|
-# ifndef OPENSSL_NO_EC2M
|
||||||
|
- {"ecdhk163", R_EC_K163},
|
||||||
|
- {"ecdhk233", R_EC_K233},
|
||||||
|
- {"ecdhk283", R_EC_K283},
|
||||||
|
- {"ecdhk409", R_EC_K409},
|
||||||
|
- {"ecdhk571", R_EC_K571},
|
||||||
|
- {"ecdhb163", R_EC_B163},
|
||||||
|
- {"ecdhb233", R_EC_B233},
|
||||||
|
- {"ecdhb283", R_EC_B283},
|
||||||
|
- {"ecdhb409", R_EC_B409},
|
||||||
|
- {"ecdhb571", R_EC_B571},
|
||||||
|
-# endif
|
||||||
|
- {"ecdhbrp256r1", R_EC_BRP256R1},
|
||||||
|
- {"ecdhbrp256t1", R_EC_BRP256T1},
|
||||||
|
- {"ecdhbrp384r1", R_EC_BRP384R1},
|
||||||
|
- {"ecdhbrp384t1", R_EC_BRP384T1},
|
||||||
|
- {"ecdhbrp512r1", R_EC_BRP512R1},
|
||||||
|
- {"ecdhbrp512t1", R_EC_BRP512T1},
|
||||||
|
{"ecdhx25519", R_EC_X25519},
|
||||||
|
{"ecdhx448", R_EC_X448}
|
||||||
|
};
|
||||||
|
@@ -1502,31 +1442,10 @@ int speed_main(int argc, char **argv)
|
||||||
|
unsigned int bits;
|
||||||
|
} test_curves[] = {
|
||||||
|
/* Prime Curves */
|
||||||
|
- {"secp160r1", NID_secp160r1, 160},
|
||||||
|
- {"nistp192", NID_X9_62_prime192v1, 192},
|
||||||
|
{"nistp224", NID_secp224r1, 224},
|
||||||
|
{"nistp256", NID_X9_62_prime256v1, 256},
|
||||||
|
{"nistp384", NID_secp384r1, 384},
|
||||||
|
{"nistp521", NID_secp521r1, 521},
|
||||||
|
-# ifndef OPENSSL_NO_EC2M
|
||||||
|
- /* Binary Curves */
|
||||||
|
- {"nistk163", NID_sect163k1, 163},
|
||||||
|
- {"nistk233", NID_sect233k1, 233},
|
||||||
|
- {"nistk283", NID_sect283k1, 283},
|
||||||
|
- {"nistk409", NID_sect409k1, 409},
|
||||||
|
- {"nistk571", NID_sect571k1, 571},
|
||||||
|
- {"nistb163", NID_sect163r2, 163},
|
||||||
|
- {"nistb233", NID_sect233r1, 233},
|
||||||
|
- {"nistb283", NID_sect283r1, 283},
|
||||||
|
- {"nistb409", NID_sect409r1, 409},
|
||||||
|
- {"nistb571", NID_sect571r1, 571},
|
||||||
|
-# endif
|
||||||
|
- {"brainpoolP256r1", NID_brainpoolP256r1, 256},
|
||||||
|
- {"brainpoolP256t1", NID_brainpoolP256t1, 256},
|
||||||
|
- {"brainpoolP384r1", NID_brainpoolP384r1, 384},
|
||||||
|
- {"brainpoolP384t1", NID_brainpoolP384t1, 384},
|
||||||
|
- {"brainpoolP512r1", NID_brainpoolP512r1, 512},
|
||||||
|
- {"brainpoolP512t1", NID_brainpoolP512t1, 512},
|
||||||
|
/* Other and ECDH only ones */
|
||||||
|
{"X25519", NID_X25519, 253},
|
||||||
|
{"X448", NID_X448, 448}
|
||||||
|
@@ -2026,9 +1945,9 @@ int speed_main(int argc, char **argv)
|
||||||
|
# endif
|
||||||
|
|
||||||
|
# ifndef OPENSSL_NO_EC
|
||||||
|
- ecdsa_c[R_EC_P160][0] = count / 1000;
|
||||||
|
- ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
|
||||||
|
- for (i = R_EC_P192; i <= R_EC_P521; i++) {
|
||||||
|
+ ecdsa_c[R_EC_P224][0] = count / 1000;
|
||||||
|
+ ecdsa_c[R_EC_P224][1] = count / 1000 / 2;
|
||||||
|
+ for (i = R_EC_P256; i <= R_EC_P521; i++) {
|
||||||
|
ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
|
||||||
|
ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
|
||||||
|
if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
|
||||||
|
@@ -2040,7 +1959,7 @@ int speed_main(int argc, char **argv)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
-# ifndef OPENSSL_NO_EC2M
|
||||||
|
+# if 0
|
||||||
|
ecdsa_c[R_EC_K163][0] = count / 1000;
|
||||||
|
ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
|
||||||
|
for (i = R_EC_K233; i <= R_EC_K571; i++) {
|
||||||
|
@@ -2071,8 +1990,8 @@ int speed_main(int argc, char **argv)
|
||||||
|
}
|
||||||
|
# endif
|
||||||
|
|
||||||
|
- ecdh_c[R_EC_P160][0] = count / 1000;
|
||||||
|
- for (i = R_EC_P192; i <= R_EC_P521; i++) {
|
||||||
|
+ ecdh_c[R_EC_P224][0] = count / 1000;
|
||||||
|
+ for (i = R_EC_P256; i <= R_EC_P521; i++) {
|
||||||
|
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
|
||||||
|
if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
|
||||||
|
ecdh_doit[i] = 0;
|
||||||
|
@@ -2082,7 +2001,7 @@ int speed_main(int argc, char **argv)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
-# ifndef OPENSSL_NO_EC2M
|
||||||
|
+# if 0
|
||||||
|
ecdh_c[R_EC_K163][0] = count / 1000;
|
||||||
|
for (i = R_EC_K233; i <= R_EC_K571; i++) {
|
||||||
|
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
|
||||||
|
diff -up openssl-1.1.1h/crypto/ec/ecp_smpl.c.curves openssl-1.1.1h/crypto/ec/ecp_smpl.c
|
||||||
|
--- openssl-1.1.1h/crypto/ec/ecp_smpl.c.curves 2020-09-22 14:55:07.000000000 +0200
|
||||||
|
+++ openssl-1.1.1h/crypto/ec/ecp_smpl.c 2020-11-06 13:27:15.659288431 +0100
|
||||||
|
@@ -145,6 +145,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (BN_num_bits(p) < 224) {
|
||||||
|
+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (ctx == NULL) {
|
||||||
|
ctx = new_ctx = BN_CTX_new();
|
||||||
|
if (ctx == NULL)
|
||||||
|
diff -up openssl-1.1.1h/test/ecdsatest.h.curves openssl-1.1.1h/test/ecdsatest.h
|
||||||
|
--- openssl-1.1.1h/test/ecdsatest.h.curves 2020-11-06 13:27:15.627288114 +0100
|
||||||
|
+++ openssl-1.1.1h/test/ecdsatest.h 2020-11-06 13:27:15.660288441 +0100
|
||||||
|
@@ -32,23 +32,6 @@ typedef struct {
|
||||||
|
} ecdsa_cavs_kat_t;
|
||||||
|
|
||||||
|
static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
|
||||||
|
- /* prime KATs from X9.62 */
|
||||||
|
- {NID_X9_62_prime192v1, NID_sha1,
|
||||||
|
- "616263", /* "abc" */
|
||||||
|
- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
|
||||||
|
- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
|
||||||
|
- "5ca5c0d69716dfcb3474373902",
|
||||||
|
- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
|
||||||
|
- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
|
||||||
|
- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
|
||||||
|
- {NID_X9_62_prime239v1, NID_sha1,
|
||||||
|
- "616263", /* "abc" */
|
||||||
|
- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
|
||||||
|
- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
|
||||||
|
- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
|
||||||
|
- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
|
||||||
|
- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
|
||||||
|
- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
|
||||||
|
/* prime KATs from NIST CAVP */
|
||||||
|
{NID_secp224r1, NID_sha224,
|
||||||
|
"699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
|
||||||
|
--- openssl-1.1.1h/test/recipes/15-test_genec.t.ec-curves 2020-11-06 13:58:36.402895540 +0100
|
||||||
|
+++ openssl-1.1.1h/test/recipes/15-test_genec.t 2020-11-06 13:59:38.508484498 +0100
|
||||||
|
@@ -20,45 +20,11 @@ plan skip_all => "This test is unsupport
|
||||||
|
if disabled("ec");
|
||||||
|
|
||||||
|
my @prime_curves = qw(
|
||||||
|
- secp112r1
|
||||||
|
- secp112r2
|
||||||
|
- secp128r1
|
||||||
|
- secp128r2
|
||||||
|
- secp160k1
|
||||||
|
- secp160r1
|
||||||
|
- secp160r2
|
||||||
|
- secp192k1
|
||||||
|
- secp224k1
|
||||||
|
secp224r1
|
||||||
|
secp256k1
|
||||||
|
secp384r1
|
||||||
|
secp521r1
|
||||||
|
- prime192v1
|
||||||
|
- prime192v2
|
||||||
|
- prime192v3
|
||||||
|
- prime239v1
|
||||||
|
- prime239v2
|
||||||
|
- prime239v3
|
||||||
|
prime256v1
|
||||||
|
- wap-wsg-idm-ecid-wtls6
|
||||||
|
- wap-wsg-idm-ecid-wtls7
|
||||||
|
- wap-wsg-idm-ecid-wtls8
|
||||||
|
- wap-wsg-idm-ecid-wtls9
|
||||||
|
- wap-wsg-idm-ecid-wtls12
|
||||||
|
- brainpoolP160r1
|
||||||
|
- brainpoolP160t1
|
||||||
|
- brainpoolP192r1
|
||||||
|
- brainpoolP192t1
|
||||||
|
- brainpoolP224r1
|
||||||
|
- brainpoolP224t1
|
||||||
|
- brainpoolP256r1
|
||||||
|
- brainpoolP256t1
|
||||||
|
- brainpoolP320r1
|
||||||
|
- brainpoolP320t1
|
||||||
|
- brainpoolP384r1
|
||||||
|
- brainpoolP384t1
|
||||||
|
- brainpoolP512r1
|
||||||
|
- brainpoolP512t1
|
||||||
|
);
|
||||||
|
|
||||||
|
my @binary_curves = qw(
|
||||||
|
@@ -115,7 +81,6 @@ push(@other_curves, 'SM2')
|
||||||
|
if !disabled("sm2");
|
||||||
|
|
||||||
|
my @curve_aliases = qw(
|
||||||
|
- P-192
|
||||||
|
P-224
|
||||||
|
P-256
|
||||||
|
P-384
|
57
openssl-1.1.1-edk2-build.patch
Normal file
57
openssl-1.1.1-edk2-build.patch
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
diff -up openssl-1.1.1g/crypto/evp/pkey_kdf.c.edk2-build openssl-1.1.1g/crypto/evp/pkey_kdf.c
|
||||||
|
--- openssl-1.1.1g/crypto/evp/pkey_kdf.c.edk2-build 2020-05-18 12:55:53.299548432 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/evp/pkey_kdf.c 2020-05-18 12:55:53.340548788 +0200
|
||||||
|
@@ -12,6 +12,7 @@
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
#include <openssl/err.h>
|
||||||
|
#include <openssl/kdf.h>
|
||||||
|
+#include "internal/numbers.h"
|
||||||
|
#include "crypto/evp.h"
|
||||||
|
|
||||||
|
static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
|
||||||
|
diff -up openssl-1.1.1g/crypto/kdf/hkdf.c.edk2-build openssl-1.1.1g/crypto/kdf/hkdf.c
|
||||||
|
--- openssl-1.1.1g/crypto/kdf/hkdf.c.edk2-build 2020-05-18 12:55:53.340548788 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/kdf/hkdf.c 2020-05-18 12:57:18.648288904 +0200
|
||||||
|
@@ -13,6 +13,7 @@
|
||||||
|
#include <openssl/hmac.h>
|
||||||
|
#include <openssl/kdf.h>
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
+#include "internal/numbers.h"
|
||||||
|
#include "internal/cryptlib.h"
|
||||||
|
#include "crypto/evp.h"
|
||||||
|
#include "kdf_local.h"
|
||||||
|
diff -up openssl-1.1.1g/crypto/rand/rand_unix.c.edk2-build openssl-1.1.1g/crypto/rand/rand_unix.c
|
||||||
|
--- openssl-1.1.1g/crypto/rand/rand_unix.c.edk2-build 2020-05-18 12:56:05.646655554 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/rand/rand_unix.c 2020-05-18 12:58:51.088090896 +0200
|
||||||
|
@@ -20,7 +20,7 @@
|
||||||
|
#include "crypto/fips.h"
|
||||||
|
#include <stdio.h>
|
||||||
|
#include "internal/dso.h"
|
||||||
|
-#ifdef __linux
|
||||||
|
+#if defined(__linux) && !defined(OPENSSL_SYS_UEFI)
|
||||||
|
# include <sys/syscall.h>
|
||||||
|
# include <sys/random.h>
|
||||||
|
# ifdef DEVRANDOM_WAIT
|
||||||
|
diff -up openssl-1.1.1g/include/crypto/fips.h.edk2-build openssl-1.1.1g/include/crypto/fips.h
|
||||||
|
--- openssl-1.1.1g/include/crypto/fips.h.edk2-build 2020-05-18 12:55:53.296548406 +0200
|
||||||
|
+++ openssl-1.1.1g/include/crypto/fips.h 2020-05-18 12:55:53.340548788 +0200
|
||||||
|
@@ -50,10 +50,6 @@
|
||||||
|
#include <openssl/opensslconf.h>
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
|
||||||
|
-#ifndef OPENSSL_FIPS
|
||||||
|
-# error FIPS is disabled.
|
||||||
|
-#endif
|
||||||
|
-
|
||||||
|
#ifdef OPENSSL_FIPS
|
||||||
|
|
||||||
|
int FIPS_module_mode_set(int onoff);
|
||||||
|
@@ -97,4 +93,8 @@ void fips_set_selftest_fail(void);
|
||||||
|
|
||||||
|
void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
|
||||||
|
|
||||||
|
+#else
|
||||||
|
+
|
||||||
|
+# define fips_in_post() 0
|
||||||
|
+
|
||||||
|
#endif
|
5238
openssl-1.1.1-evp-kdf.patch
Normal file
5238
openssl-1.1.1-evp-kdf.patch
Normal file
File diff suppressed because it is too large
Load Diff
408
openssl-1.1.1-fips-crng-test.patch
Normal file
408
openssl-1.1.1-fips-crng-test.patch
Normal file
@ -0,0 +1,408 @@
|
|||||||
|
diff -up openssl-1.1.1g/crypto/rand/build.info.crng-test openssl-1.1.1g/crypto/rand/build.info
|
||||||
|
--- openssl-1.1.1g/crypto/rand/build.info.crng-test 2020-04-23 13:30:45.863389837 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/rand/build.info 2020-04-23 13:31:55.847069892 +0200
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
LIBS=../../libcrypto
|
||||||
|
SOURCE[../../libcrypto]=\
|
||||||
|
- randfile.c rand_lib.c rand_err.c rand_egd.c \
|
||||||
|
+ randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
|
||||||
|
rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
|
||||||
|
|
||||||
|
INCLUDE[drbg_ctr.o]=../modes
|
||||||
|
diff -up openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1g/crypto/rand/drbg_lib.c
|
||||||
|
--- openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test 2020-04-23 13:30:45.818390686 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/rand/drbg_lib.c 2020-04-23 13:30:45.864389819 +0200
|
||||||
|
@@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg;
|
||||||
|
|
||||||
|
|
||||||
|
/* NIST SP 800-90A DRBG recommends the use of a personalization string. */
|
||||||
|
-static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
|
||||||
|
+static const char ossl_pers_string[] = DRBG_DEFAULT_PERS_STRING;
|
||||||
|
|
||||||
|
static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
|
||||||
|
|
||||||
|
@@ -201,8 +201,13 @@ static RAND_DRBG *rand_drbg_new(int secu
|
||||||
|
drbg->parent = parent;
|
||||||
|
|
||||||
|
if (parent == NULL) {
|
||||||
|
+#ifdef OPENSSL_FIPS
|
||||||
|
+ drbg->get_entropy = rand_crngt_get_entropy;
|
||||||
|
+ drbg->cleanup_entropy = rand_crngt_cleanup_entropy;
|
||||||
|
+#else
|
||||||
|
drbg->get_entropy = rand_drbg_get_entropy;
|
||||||
|
drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
|
||||||
|
+#endif
|
||||||
|
#ifndef RAND_DRBG_GET_RANDOM_NONCE
|
||||||
|
drbg->get_nonce = rand_drbg_get_nonce;
|
||||||
|
drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
|
||||||
|
diff -up openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1g/crypto/rand/rand_crng_test.c
|
||||||
|
--- openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test 2020-04-23 13:30:45.864389819 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/rand/rand_crng_test.c 2020-04-23 13:30:45.864389819 +0200
|
||||||
|
@@ -0,0 +1,118 @@
|
||||||
|
+/*
|
||||||
|
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
+ *
|
||||||
|
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
|
+ * this file except in compliance with the License. You can obtain a copy
|
||||||
|
+ * in the file LICENSE in the source distribution or at
|
||||||
|
+ * https://www.openssl.org/source/license.html
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * Implementation of the FIPS 140-2 section 4.9.2 Conditional Tests.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#include <string.h>
|
||||||
|
+#include <openssl/evp.h>
|
||||||
|
+#include "crypto/rand.h"
|
||||||
|
+#include "internal/thread_once.h"
|
||||||
|
+#include "rand_local.h"
|
||||||
|
+
|
||||||
|
+static RAND_POOL *crngt_pool;
|
||||||
|
+static unsigned char crngt_prev[EVP_MAX_MD_SIZE];
|
||||||
|
+
|
||||||
|
+int (*crngt_get_entropy)(unsigned char *, unsigned char *, unsigned int *)
|
||||||
|
+ = &rand_crngt_get_entropy_cb;
|
||||||
|
+
|
||||||
|
+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
|
||||||
|
+ unsigned int *md_size)
|
||||||
|
+{
|
||||||
|
+ int r;
|
||||||
|
+ size_t n;
|
||||||
|
+ unsigned char *p;
|
||||||
|
+
|
||||||
|
+ n = rand_pool_acquire_entropy(crngt_pool);
|
||||||
|
+ if (n >= CRNGT_BUFSIZ) {
|
||||||
|
+ p = rand_pool_detach(crngt_pool);
|
||||||
|
+ r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
|
||||||
|
+ if (r != 0)
|
||||||
|
+ memcpy(buf, p, CRNGT_BUFSIZ);
|
||||||
|
+ rand_pool_reattach(crngt_pool, p);
|
||||||
|
+ return r;
|
||||||
|
+ }
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void rand_crngt_cleanup(void)
|
||||||
|
+{
|
||||||
|
+ rand_pool_free(crngt_pool);
|
||||||
|
+ crngt_pool = NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int rand_crngt_init(void)
|
||||||
|
+{
|
||||||
|
+ unsigned char buf[CRNGT_BUFSIZ];
|
||||||
|
+
|
||||||
|
+ if ((crngt_pool = rand_pool_new(0, 1, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL)
|
||||||
|
+ return 0;
|
||||||
|
+ if (crngt_get_entropy(buf, crngt_prev, NULL)) {
|
||||||
|
+ OPENSSL_cleanse(buf, sizeof(buf));
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+ rand_crngt_cleanup();
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static CRYPTO_ONCE rand_crngt_init_flag = CRYPTO_ONCE_STATIC_INIT;
|
||||||
|
+DEFINE_RUN_ONCE_STATIC(do_rand_crngt_init)
|
||||||
|
+{
|
||||||
|
+ return OPENSSL_init_crypto(0, NULL)
|
||||||
|
+ && rand_crngt_init()
|
||||||
|
+ && OPENSSL_atexit(&rand_crngt_cleanup);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int rand_crngt_single_init(void)
|
||||||
|
+{
|
||||||
|
+ return RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
|
||||||
|
+ unsigned char **pout,
|
||||||
|
+ int entropy, size_t min_len, size_t max_len,
|
||||||
|
+ int prediction_resistance)
|
||||||
|
+{
|
||||||
|
+ unsigned char buf[CRNGT_BUFSIZ], md[EVP_MAX_MD_SIZE];
|
||||||
|
+ unsigned int sz;
|
||||||
|
+ RAND_POOL *pool;
|
||||||
|
+ size_t q, r = 0, s, t = 0;
|
||||||
|
+ int attempts = 3;
|
||||||
|
+
|
||||||
|
+ if (!RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init))
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ if ((pool = rand_pool_new(entropy, 1, min_len, max_len)) == NULL)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) {
|
||||||
|
+ s = q > sizeof(buf) ? sizeof(buf) : q;
|
||||||
|
+ if (!crngt_get_entropy(buf, md, &sz)
|
||||||
|
+ || memcmp(crngt_prev, md, sz) == 0
|
||||||
|
+ || !rand_pool_add(pool, buf, s, s * 8))
|
||||||
|
+ goto err;
|
||||||
|
+ memcpy(crngt_prev, md, sz);
|
||||||
|
+ t += s;
|
||||||
|
+ attempts++;
|
||||||
|
+ }
|
||||||
|
+ r = t;
|
||||||
|
+ *pout = rand_pool_detach(pool);
|
||||||
|
+err:
|
||||||
|
+ OPENSSL_cleanse(buf, sizeof(buf));
|
||||||
|
+ rand_pool_free(pool);
|
||||||
|
+ return r;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
|
||||||
|
+ unsigned char *out, size_t outlen)
|
||||||
|
+{
|
||||||
|
+ OPENSSL_secure_clear_free(out, outlen);
|
||||||
|
+}
|
||||||
|
diff -up openssl-1.1.1g/crypto/rand/rand_local.h.crng-test openssl-1.1.1g/crypto/rand/rand_local.h
|
||||||
|
--- openssl-1.1.1g/crypto/rand/rand_local.h.crng-test 2020-04-23 13:30:45.470397250 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/rand/rand_local.h 2020-04-23 13:30:45.864389819 +0200
|
||||||
|
@@ -33,7 +33,15 @@
|
||||||
|
# define MASTER_RESEED_TIME_INTERVAL (60*60) /* 1 hour */
|
||||||
|
# define SLAVE_RESEED_TIME_INTERVAL (7*60) /* 7 minutes */
|
||||||
|
|
||||||
|
-
|
||||||
|
+/*
|
||||||
|
+ * The number of bytes that constitutes an atomic lump of entropy with respect
|
||||||
|
+ * to the FIPS 140-2 section 4.9.2 Conditional Tests. The size is somewhat
|
||||||
|
+ * arbitrary, the smaller the value, the less entropy is consumed on first
|
||||||
|
+ * read but the higher the probability of the test failing by accident.
|
||||||
|
+ *
|
||||||
|
+ * The value is in bytes.
|
||||||
|
+ */
|
||||||
|
+#define CRNGT_BUFSIZ 16
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Maximum input size for the DRBG (entropy, nonce, personalization string)
|
||||||
|
@@ -44,6 +52,8 @@
|
||||||
|
*/
|
||||||
|
# define DRBG_MAX_LENGTH INT32_MAX
|
||||||
|
|
||||||
|
+/* The default nonce */
|
||||||
|
+# define DRBG_DEFAULT_PERS_STRING "OpenSSL NIST SP 800-90A DRBG"
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Maximum allocation size for RANDOM_POOL buffers
|
||||||
|
@@ -296,4 +306,22 @@ int rand_drbg_enable_locking(RAND_DRBG *
|
||||||
|
/* initializes the AES-CTR DRBG implementation */
|
||||||
|
int drbg_ctr_init(RAND_DRBG *drbg);
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * Entropy call back for the FIPS 140-2 section 4.9.2 Conditional Tests.
|
||||||
|
+ * These need to be exposed for the unit tests.
|
||||||
|
+ */
|
||||||
|
+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
|
||||||
|
+ unsigned int *md_size);
|
||||||
|
+extern int (*crngt_get_entropy)(unsigned char *buf, unsigned char *md,
|
||||||
|
+ unsigned int *md_size);
|
||||||
|
+int rand_crngt_init(void);
|
||||||
|
+void rand_crngt_cleanup(void);
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * Expose the run once initialisation function for the unit tests because.
|
||||||
|
+ * they need to restart from scratch to validate the first block is skipped
|
||||||
|
+ * properly.
|
||||||
|
+ */
|
||||||
|
+int rand_crngt_single_init(void);
|
||||||
|
+
|
||||||
|
#endif
|
||||||
|
diff -up openssl-1.1.1g/include/crypto/rand.h.crng-test openssl-1.1.1g/include/crypto/rand.h
|
||||||
|
--- openssl-1.1.1g/include/crypto/rand.h.crng-test 2020-04-23 13:30:45.824390573 +0200
|
||||||
|
+++ openssl-1.1.1g/include/crypto/rand.h 2020-04-23 13:30:45.864389819 +0200
|
||||||
|
@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN
|
||||||
|
|
||||||
|
void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
|
||||||
|
|
||||||
|
+/* CRNG test entropy filter callbacks. */
|
||||||
|
+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
|
||||||
|
+ unsigned char **pout,
|
||||||
|
+ int entropy, size_t min_len, size_t max_len,
|
||||||
|
+ int prediction_resistance);
|
||||||
|
+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
|
||||||
|
+ unsigned char *out, size_t outlen);
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* RAND_POOL functions
|
||||||
|
*/
|
||||||
|
diff -up openssl-1.1.1g/test/drbgtest.c.crng-test openssl-1.1.1g/test/drbgtest.c
|
||||||
|
--- openssl-1.1.1g/test/drbgtest.c.crng-test 2020-04-21 14:22:39.000000000 +0200
|
||||||
|
+++ openssl-1.1.1g/test/drbgtest.c 2020-04-23 13:30:45.865389800 +0200
|
||||||
|
@@ -150,6 +150,31 @@ static size_t kat_nonce(RAND_DRBG *drbg,
|
||||||
|
return t->noncelen;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * Disable CRNG testing if it is enabled.
|
||||||
|
+ * If the DRBG is ready or in an error state, this means an instantiate cycle
|
||||||
|
+ * for which the default personalisation string is used.
|
||||||
|
+ */
|
||||||
|
+static int disable_crngt(RAND_DRBG *drbg)
|
||||||
|
+{
|
||||||
|
+ static const char pers[] = DRBG_DEFAULT_PERS_STRING;
|
||||||
|
+ const int instantiate = drbg->state != DRBG_UNINITIALISED;
|
||||||
|
+
|
||||||
|
+ if (drbg->get_entropy != rand_crngt_get_entropy)
|
||||||
|
+ return 1;
|
||||||
|
+
|
||||||
|
+ if ((instantiate && !RAND_DRBG_uninstantiate(drbg))
|
||||||
|
+ || !TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_drbg_get_entropy,
|
||||||
|
+ &rand_drbg_cleanup_entropy,
|
||||||
|
+ &rand_drbg_get_nonce,
|
||||||
|
+ &rand_drbg_cleanup_nonce))
|
||||||
|
+ || (instantiate
|
||||||
|
+ && !RAND_DRBG_instantiate(drbg, (const unsigned char *)pers,
|
||||||
|
+ sizeof(pers) - 1)))
|
||||||
|
+ return 0;
|
||||||
|
+ return 1;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static int uninstantiate(RAND_DRBG *drbg)
|
||||||
|
{
|
||||||
|
int ret = drbg == NULL ? 1 : RAND_DRBG_uninstantiate(drbg);
|
||||||
|
@@ -175,7 +200,8 @@ static int single_kat(DRBG_SELFTEST_DATA
|
||||||
|
if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL)))
|
||||||
|
return 0;
|
||||||
|
if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||||
|
- kat_nonce, NULL))) {
|
||||||
|
+ kat_nonce, NULL))
|
||||||
|
+ || !TEST_true(disable_crngt(drbg))) {
|
||||||
|
failures++;
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
@@ -293,7 +319,8 @@ static int error_check(DRBG_SELFTEST_DAT
|
||||||
|
unsigned int reseed_counter_tmp;
|
||||||
|
int ret = 0;
|
||||||
|
|
||||||
|
- if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL)))
|
||||||
|
+ if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL))
|
||||||
|
+ || !TEST_true(disable_crngt(drbg)))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -740,6 +767,10 @@ static int test_rand_drbg_reseed(void)
|
||||||
|
|| !TEST_ptr_eq(private->parent, master))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
+ /* Disable CRNG testing for the master DRBG */
|
||||||
|
+ if (!TEST_true(disable_crngt(master)))
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
/* uninstantiate the three global DRBGs */
|
||||||
|
RAND_DRBG_uninstantiate(private);
|
||||||
|
RAND_DRBG_uninstantiate(public);
|
||||||
|
@@ -964,7 +995,8 @@ static int test_rand_seed(void)
|
||||||
|
size_t rand_buflen;
|
||||||
|
size_t required_seed_buflen = 0;
|
||||||
|
|
||||||
|
- if (!TEST_ptr(master = RAND_DRBG_get0_master()))
|
||||||
|
+ if (!TEST_ptr(master = RAND_DRBG_get0_master())
|
||||||
|
+ || !TEST_true(disable_crngt(master)))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
#ifdef OPENSSL_RAND_SEED_NONE
|
||||||
|
@@ -1013,6 +1045,95 @@ static int test_rand_add(void)
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * A list of the FIPS DRGB types.
|
||||||
|
+ */
|
||||||
|
+static const struct s_drgb_types {
|
||||||
|
+ int nid;
|
||||||
|
+ int flags;
|
||||||
|
+} drgb_types[] = {
|
||||||
|
+ { NID_aes_128_ctr, 0 },
|
||||||
|
+ { NID_aes_192_ctr, 0 },
|
||||||
|
+ { NID_aes_256_ctr, 0 },
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+/* Six cases for each covers seed sizes up to 32 bytes */
|
||||||
|
+static const size_t crngt_num_cases = 6;
|
||||||
|
+
|
||||||
|
+static size_t crngt_case, crngt_idx;
|
||||||
|
+
|
||||||
|
+static int crngt_entropy_cb(unsigned char *buf, unsigned char *md,
|
||||||
|
+ unsigned int *md_size)
|
||||||
|
+{
|
||||||
|
+ size_t i, z;
|
||||||
|
+
|
||||||
|
+ if (!TEST_int_lt(crngt_idx, crngt_num_cases))
|
||||||
|
+ return 0;
|
||||||
|
+ /* Generate a block of unique data unless this is the duplication point */
|
||||||
|
+ z = crngt_idx++;
|
||||||
|
+ if (z > 0 && crngt_case == z)
|
||||||
|
+ z--;
|
||||||
|
+ for (i = 0; i < CRNGT_BUFSIZ; i++)
|
||||||
|
+ buf[i] = (unsigned char)(i + 'A' + z);
|
||||||
|
+ return EVP_Digest(buf, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static int test_crngt(int n)
|
||||||
|
+{
|
||||||
|
+ const struct s_drgb_types *dt = drgb_types + n / crngt_num_cases;
|
||||||
|
+ RAND_DRBG *drbg = NULL;
|
||||||
|
+ unsigned char buff[100];
|
||||||
|
+ size_t ent;
|
||||||
|
+ int res = 0;
|
||||||
|
+ int expect;
|
||||||
|
+
|
||||||
|
+ if (!TEST_true(rand_crngt_single_init()))
|
||||||
|
+ return 0;
|
||||||
|
+ rand_crngt_cleanup();
|
||||||
|
+
|
||||||
|
+ if (!TEST_ptr(drbg = RAND_DRBG_new(dt->nid, dt->flags, NULL)))
|
||||||
|
+ return 0;
|
||||||
|
+ ent = (drbg->min_entropylen + CRNGT_BUFSIZ - 1) / CRNGT_BUFSIZ;
|
||||||
|
+ crngt_case = n % crngt_num_cases;
|
||||||
|
+ crngt_idx = 0;
|
||||||
|
+ crngt_get_entropy = &crngt_entropy_cb;
|
||||||
|
+ if (!TEST_true(rand_crngt_init()))
|
||||||
|
+ goto err;
|
||||||
|
+#ifndef OPENSSL_FIPS
|
||||||
|
+ if (!TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_crngt_get_entropy,
|
||||||
|
+ &rand_crngt_cleanup_entropy,
|
||||||
|
+ &rand_drbg_get_nonce,
|
||||||
|
+ &rand_drbg_cleanup_nonce)))
|
||||||
|
+ goto err;
|
||||||
|
+#endif
|
||||||
|
+ expect = crngt_case == 0 || crngt_case > ent;
|
||||||
|
+ if (!TEST_int_eq(RAND_DRBG_instantiate(drbg, NULL, 0), expect))
|
||||||
|
+ goto err;
|
||||||
|
+ if (!expect)
|
||||||
|
+ goto fin;
|
||||||
|
+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+ expect = crngt_case == 0 || crngt_case > 2 * ent;
|
||||||
|
+ if (!TEST_int_eq(RAND_DRBG_reseed(drbg, NULL, 0, 0), expect))
|
||||||
|
+ goto err;
|
||||||
|
+ if (!expect)
|
||||||
|
+ goto fin;
|
||||||
|
+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
|
||||||
|
+ goto err;
|
||||||
|
+
|
||||||
|
+fin:
|
||||||
|
+ res = 1;
|
||||||
|
+err:
|
||||||
|
+ if (!res)
|
||||||
|
+ TEST_note("DRBG %zd case %zd block %zd", n / crngt_num_cases,
|
||||||
|
+ crngt_case, crngt_idx);
|
||||||
|
+ uninstantiate(drbg);
|
||||||
|
+ RAND_DRBG_free(drbg);
|
||||||
|
+ crngt_get_entropy = &rand_crngt_get_entropy_cb;
|
||||||
|
+ return res;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int setup_tests(void)
|
||||||
|
{
|
||||||
|
app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
|
||||||
|
@@ -1025,5 +1146,6 @@ int setup_tests(void)
|
||||||
|
#if defined(OPENSSL_THREADS)
|
||||||
|
ADD_TEST(test_multi_thread);
|
||||||
|
#endif
|
||||||
|
+ ADD_ALL_TESTS(test_crngt, crngt_num_cases * OSSL_NELEM(drgb_types));
|
||||||
|
return 1;
|
||||||
|
}
|
200
openssl-1.1.1-fips-curves.patch
Normal file
200
openssl-1.1.1-fips-curves.patch
Normal file
@ -0,0 +1,200 @@
|
|||||||
|
diff -up openssl-1.1.1g/crypto/ec/ec_curve.c.fips-curves openssl-1.1.1g/crypto/ec/ec_curve.c
|
||||||
|
--- openssl-1.1.1g/crypto/ec/ec_curve.c.fips-curves 2020-05-18 12:59:54.839643980 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/ec/ec_curve.c 2020-05-18 12:59:54.852644093 +0200
|
||||||
|
@@ -13,6 +13,7 @@
|
||||||
|
#include <openssl/err.h>
|
||||||
|
#include <openssl/obj_mac.h>
|
||||||
|
#include <openssl/opensslconf.h>
|
||||||
|
+#include <openssl/crypto.h>
|
||||||
|
#include "internal/nelem.h"
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
@@ -237,6 +238,7 @@ static const struct {
|
||||||
|
|
||||||
|
typedef struct _ec_list_element_st {
|
||||||
|
int nid;
|
||||||
|
+ int fips_allowed;
|
||||||
|
const EC_CURVE_DATA *data;
|
||||||
|
const EC_METHOD *(*meth) (void);
|
||||||
|
const char *comment;
|
||||||
|
@@ -246,23 +248,23 @@ static const ec_list_element curve_list[
|
||||||
|
/* prime field curves */
|
||||||
|
/* secg curves */
|
||||||
|
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||||
|
- {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
|
||||||
|
+ {NID_secp224r1, 1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
|
||||||
|
"NIST/SECG curve over a 224 bit prime field"},
|
||||||
|
#else
|
||||||
|
- {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
|
||||||
|
+ {NID_secp224r1, 1, &_EC_NIST_PRIME_224.h, 0,
|
||||||
|
"NIST/SECG curve over a 224 bit prime field"},
|
||||||
|
#endif
|
||||||
|
- {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
|
||||||
|
+ {NID_secp256k1, 0, &_EC_SECG_PRIME_256K1.h, 0,
|
||||||
|
"SECG curve over a 256 bit prime field"},
|
||||||
|
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
|
||||||
|
- {NID_secp384r1, &_EC_NIST_PRIME_384.h,
|
||||||
|
+ {NID_secp384r1, 1, &_EC_NIST_PRIME_384.h,
|
||||||
|
# if defined(S390X_EC_ASM)
|
||||||
|
EC_GFp_s390x_nistp384_method,
|
||||||
|
# else
|
||||||
|
0,
|
||||||
|
# endif
|
||||||
|
"NIST/SECG curve over a 384 bit prime field"},
|
||||||
|
- {NID_secp521r1, &_EC_NIST_PRIME_521.h,
|
||||||
|
+ {NID_secp521r1, 1, &_EC_NIST_PRIME_521.h,
|
||||||
|
# if defined(S390X_EC_ASM)
|
||||||
|
EC_GFp_s390x_nistp521_method,
|
||||||
|
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
|
||||||
|
@@ -272,7 +274,7 @@ static const ec_list_element curve_list[
|
||||||
|
# endif
|
||||||
|
"NIST/SECG curve over a 521 bit prime field"},
|
||||||
|
/* X9.62 curves */
|
||||||
|
- {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
|
||||||
|
+ {NID_X9_62_prime256v1, 1, &_EC_X9_62_PRIME_256V1.h,
|
||||||
|
#if defined(ECP_NISTZ256_ASM)
|
||||||
|
EC_GFp_nistz256_method,
|
||||||
|
# elif defined(S390X_EC_ASM)
|
||||||
|
@@ -404,6 +406,10 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int
|
||||||
|
|
||||||
|
for (i = 0; i < curve_list_length; i++)
|
||||||
|
if (curve_list[i].nid == nid) {
|
||||||
|
+ if (!curve_list[i].fips_allowed && FIPS_mode()) {
|
||||||
|
+ ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_NOT_A_NIST_PRIME);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
ret = ec_group_new_from_data(curve_list[i]);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
@@ -418,19 +424,31 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int
|
||||||
|
|
||||||
|
size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
|
||||||
|
{
|
||||||
|
- size_t i, min;
|
||||||
|
+ size_t i, j, num;
|
||||||
|
+ int fips_mode = FIPS_mode();
|
||||||
|
|
||||||
|
- if (r == NULL || nitems == 0)
|
||||||
|
- return curve_list_length;
|
||||||
|
+ num = curve_list_length;
|
||||||
|
+ if (fips_mode)
|
||||||
|
+ for (i = 0; i < curve_list_length; i++) {
|
||||||
|
+ if (!curve_list[i].fips_allowed)
|
||||||
|
+ --num;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- min = nitems < curve_list_length ? nitems : curve_list_length;
|
||||||
|
+ if (r == NULL || nitems == 0) {
|
||||||
|
+ return num;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- for (i = 0; i < min; i++) {
|
||||||
|
- r[i].nid = curve_list[i].nid;
|
||||||
|
- r[i].comment = curve_list[i].comment;
|
||||||
|
+ for (i = 0, j = 0; i < curve_list_length; i++) {
|
||||||
|
+ if (j >= nitems)
|
||||||
|
+ break;
|
||||||
|
+ if (!fips_mode || curve_list[i].fips_allowed) {
|
||||||
|
+ r[j].nid = curve_list[i].nid;
|
||||||
|
+ r[j].comment = curve_list[i].comment;
|
||||||
|
+ ++j;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
- return curve_list_length;
|
||||||
|
+ return num;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Functions to translate between common NIST curve names and NIDs */
|
||||||
|
diff -up openssl-1.1.1g/ssl/t1_lib.c.fips-curves openssl-1.1.1g/ssl/t1_lib.c
|
||||||
|
--- openssl-1.1.1g/ssl/t1_lib.c.fips-curves 2020-05-18 12:59:54.797643616 +0200
|
||||||
|
+++ openssl-1.1.1g/ssl/t1_lib.c 2020-05-18 13:03:54.748725463 +0200
|
||||||
|
@@ -678,6 +678,36 @@ static const uint16_t tls12_sigalgs[] =
|
||||||
|
#endif
|
||||||
|
};
|
||||||
|
|
||||||
|
+static const uint16_t tls12_fips_sigalgs[] = {
|
||||||
|
+#ifndef OPENSSL_NO_EC
|
||||||
|
+ TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
|
||||||
|
+ TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
|
||||||
|
+ TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+ TLSEXT_SIGALG_rsa_pss_pss_sha256,
|
||||||
|
+ TLSEXT_SIGALG_rsa_pss_pss_sha384,
|
||||||
|
+ TLSEXT_SIGALG_rsa_pss_pss_sha512,
|
||||||
|
+ TLSEXT_SIGALG_rsa_pss_rsae_sha256,
|
||||||
|
+ TLSEXT_SIGALG_rsa_pss_rsae_sha384,
|
||||||
|
+ TLSEXT_SIGALG_rsa_pss_rsae_sha512,
|
||||||
|
+
|
||||||
|
+ TLSEXT_SIGALG_rsa_pkcs1_sha256,
|
||||||
|
+ TLSEXT_SIGALG_rsa_pkcs1_sha384,
|
||||||
|
+ TLSEXT_SIGALG_rsa_pkcs1_sha512,
|
||||||
|
+
|
||||||
|
+#ifndef OPENSSL_NO_EC
|
||||||
|
+ TLSEXT_SIGALG_ecdsa_sha224,
|
||||||
|
+#endif
|
||||||
|
+ TLSEXT_SIGALG_rsa_pkcs1_sha224,
|
||||||
|
+#ifndef OPENSSL_NO_DSA
|
||||||
|
+ TLSEXT_SIGALG_dsa_sha224,
|
||||||
|
+ TLSEXT_SIGALG_dsa_sha256,
|
||||||
|
+ TLSEXT_SIGALG_dsa_sha384,
|
||||||
|
+ TLSEXT_SIGALG_dsa_sha512,
|
||||||
|
+#endif
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
#ifndef OPENSSL_NO_EC
|
||||||
|
static const uint16_t suiteb_sigalgs[] = {
|
||||||
|
TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
|
||||||
|
@@ -894,6 +924,8 @@ static const SIGALG_LOOKUP *tls1_get_leg
|
||||||
|
}
|
||||||
|
if (idx < 0 || idx >= (int)OSSL_NELEM(tls_default_sigalg))
|
||||||
|
return NULL;
|
||||||
|
+ if (FIPS_mode()) /* We do not allow legacy SHA1 signatures in FIPS mode */
|
||||||
|
+ return NULL;
|
||||||
|
if (SSL_USE_SIGALGS(s) || idx != SSL_PKEY_RSA) {
|
||||||
|
const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(tls_default_sigalg[idx]);
|
||||||
|
|
||||||
|
@@ -954,6 +986,9 @@ size_t tls12_get_psigalgs(SSL *s, int se
|
||||||
|
} else if (s->cert->conf_sigalgs) {
|
||||||
|
*psigs = s->cert->conf_sigalgs;
|
||||||
|
return s->cert->conf_sigalgslen;
|
||||||
|
+ } else if (FIPS_mode()) {
|
||||||
|
+ *psigs = tls12_fips_sigalgs;
|
||||||
|
+ return OSSL_NELEM(tls12_fips_sigalgs);
|
||||||
|
} else {
|
||||||
|
*psigs = tls12_sigalgs;
|
||||||
|
return OSSL_NELEM(tls12_sigalgs);
|
||||||
|
@@ -973,6 +1008,9 @@ int tls_check_sigalg_curve(const SSL *s,
|
||||||
|
if (s->cert->conf_sigalgs) {
|
||||||
|
sigs = s->cert->conf_sigalgs;
|
||||||
|
siglen = s->cert->conf_sigalgslen;
|
||||||
|
+ } else if (FIPS_mode()) {
|
||||||
|
+ sigs = tls12_fips_sigalgs;
|
||||||
|
+ siglen = OSSL_NELEM(tls12_fips_sigalgs);
|
||||||
|
} else {
|
||||||
|
sigs = tls12_sigalgs;
|
||||||
|
siglen = OSSL_NELEM(tls12_sigalgs);
|
||||||
|
@@ -1617,6 +1655,8 @@ static int tls12_sigalg_allowed(const SS
|
||||||
|
if (lu->sig == NID_id_GostR3410_2012_256
|
||||||
|
|| lu->sig == NID_id_GostR3410_2012_512
|
||||||
|
|| lu->sig == NID_id_GostR3410_2001) {
|
||||||
|
+ if (FIPS_mode())
|
||||||
|
+ return 0;
|
||||||
|
/* We never allow GOST sig algs on the server with TLSv1.3 */
|
||||||
|
if (s->server && SSL_IS_TLS13(s))
|
||||||
|
return 0;
|
||||||
|
@@ -2842,6 +2882,13 @@ int tls_choose_sigalg(SSL *s, int fatale
|
||||||
|
const uint16_t *sent_sigs;
|
||||||
|
size_t sent_sigslen;
|
||||||
|
|
||||||
|
+ if (fatalerrs && FIPS_mode()) {
|
||||||
|
+ /* There are no suitable legacy algorithms in FIPS mode */
|
||||||
|
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
|
||||||
|
+ SSL_F_TLS_CHOOSE_SIGALG,
|
||||||
|
+ SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
|
||||||
|
if (!fatalerrs)
|
||||||
|
return 1;
|
2731
openssl-1.1.1-fips-dh.patch
Normal file
2731
openssl-1.1.1-fips-dh.patch
Normal file
File diff suppressed because it is too large
Load Diff
587
openssl-1.1.1-fips-drbg-selftest.patch
Normal file
587
openssl-1.1.1-fips-drbg-selftest.patch
Normal file
@ -0,0 +1,587 @@
|
|||||||
|
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest openssl-1.1.1g/crypto/fips/fips_post.c
|
||||||
|
--- openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest 2020-04-23 13:33:12.500624151 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-04-23 13:33:12.618621925 +0200
|
||||||
|
@@ -67,12 +67,18 @@
|
||||||
|
|
||||||
|
# include <openssl/fips.h>
|
||||||
|
# include "crypto/fips.h"
|
||||||
|
+# include "crypto/rand.h"
|
||||||
|
# include "fips_locl.h"
|
||||||
|
|
||||||
|
/* Run all selftests */
|
||||||
|
int FIPS_selftest(void)
|
||||||
|
{
|
||||||
|
int rv = 1;
|
||||||
|
+ if (!rand_drbg_selftest()) {
|
||||||
|
+ FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_TEST_FAILURE);
|
||||||
|
+ ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
|
||||||
|
+ rv = 0;
|
||||||
|
+ }
|
||||||
|
if (!FIPS_selftest_drbg())
|
||||||
|
rv = 0;
|
||||||
|
if (!FIPS_selftest_sha1())
|
||||||
|
diff -up openssl-1.1.1g/crypto/rand/build.info.drbg-selftest openssl-1.1.1g/crypto/rand/build.info
|
||||||
|
--- openssl-1.1.1g/crypto/rand/build.info.drbg-selftest 2020-04-23 13:33:12.619621907 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/rand/build.info 2020-04-23 13:34:10.857523497 +0200
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
LIBS=../../libcrypto
|
||||||
|
SOURCE[../../libcrypto]=\
|
||||||
|
randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
|
||||||
|
- rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
|
||||||
|
+ rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c drbg_selftest.c
|
||||||
|
|
||||||
|
INCLUDE[drbg_ctr.o]=../modes
|
||||||
|
diff -up openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest openssl-1.1.1g/crypto/rand/drbg_selftest.c
|
||||||
|
--- openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest 2020-04-23 13:33:12.619621907 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/rand/drbg_selftest.c 2020-04-23 13:33:12.619621907 +0200
|
||||||
|
@@ -0,0 +1,537 @@
|
||||||
|
+/*
|
||||||
|
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
+ *
|
||||||
|
+ * Licensed under the OpenSSL license (the "License"). You may not use
|
||||||
|
+ * this file except in compliance with the License. You can obtain a copy
|
||||||
|
+ * in the file LICENSE in the source distribution or at
|
||||||
|
+ * https://www.openssl.org/source/license.html
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#include <string.h>
|
||||||
|
+#include <stddef.h>
|
||||||
|
+#include "internal/nelem.h"
|
||||||
|
+#include <openssl/crypto.h>
|
||||||
|
+#include <openssl/err.h>
|
||||||
|
+#include <openssl/rand_drbg.h>
|
||||||
|
+#include <openssl/obj_mac.h>
|
||||||
|
+#include "internal/thread_once.h"
|
||||||
|
+#include "crypto/rand.h"
|
||||||
|
+
|
||||||
|
+typedef struct test_ctx_st {
|
||||||
|
+ const unsigned char *entropy;
|
||||||
|
+ size_t entropylen;
|
||||||
|
+ int entropycnt;
|
||||||
|
+ const unsigned char *nonce;
|
||||||
|
+ size_t noncelen;
|
||||||
|
+ int noncecnt;
|
||||||
|
+} TEST_CTX;
|
||||||
|
+
|
||||||
|
+static int app_data_index = -1;
|
||||||
|
+static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT;
|
||||||
|
+DEFINE_RUN_ONCE_STATIC(drbg_app_data_index_init)
|
||||||
|
+{
|
||||||
|
+ app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
|
||||||
|
+
|
||||||
|
+ return 1;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+enum drbg_kat_type {
|
||||||
|
+ NO_RESEED,
|
||||||
|
+ PR_FALSE,
|
||||||
|
+ PR_TRUE
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+enum drbg_df {
|
||||||
|
+ USE_DF,
|
||||||
|
+ NO_DF,
|
||||||
|
+ NA
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+struct drbg_kat_no_reseed {
|
||||||
|
+ size_t count;
|
||||||
|
+ const unsigned char *entropyin;
|
||||||
|
+ const unsigned char *nonce;
|
||||||
|
+ const unsigned char *persstr;
|
||||||
|
+ const unsigned char *addin1;
|
||||||
|
+ const unsigned char *addin2;
|
||||||
|
+ const unsigned char *retbytes;
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+struct drbg_kat_pr_false {
|
||||||
|
+ size_t count;
|
||||||
|
+ const unsigned char *entropyin;
|
||||||
|
+ const unsigned char *nonce;
|
||||||
|
+ const unsigned char *persstr;
|
||||||
|
+ const unsigned char *entropyinreseed;
|
||||||
|
+ const unsigned char *addinreseed;
|
||||||
|
+ const unsigned char *addin1;
|
||||||
|
+ const unsigned char *addin2;
|
||||||
|
+ const unsigned char *retbytes;
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+struct drbg_kat_pr_true {
|
||||||
|
+ size_t count;
|
||||||
|
+ const unsigned char *entropyin;
|
||||||
|
+ const unsigned char *nonce;
|
||||||
|
+ const unsigned char *persstr;
|
||||||
|
+ const unsigned char *entropyinpr1;
|
||||||
|
+ const unsigned char *addin1;
|
||||||
|
+ const unsigned char *entropyinpr2;
|
||||||
|
+ const unsigned char *addin2;
|
||||||
|
+ const unsigned char *retbytes;
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+struct drbg_kat {
|
||||||
|
+ enum drbg_kat_type type;
|
||||||
|
+ enum drbg_df df;
|
||||||
|
+ int nid;
|
||||||
|
+
|
||||||
|
+ size_t entropyinlen;
|
||||||
|
+ size_t noncelen;
|
||||||
|
+ size_t persstrlen;
|
||||||
|
+ size_t addinlen;
|
||||||
|
+ size_t retbyteslen;
|
||||||
|
+
|
||||||
|
+ const void *t;
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * Excerpt from test/drbg_cavs_data.c
|
||||||
|
+ * DRBG test vectors from:
|
||||||
|
+ * https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+static const unsigned char kat1308_entropyin[] = {
|
||||||
|
+ 0x7c, 0x5d, 0x90, 0x70, 0x3b, 0x8a, 0xc7, 0x0f, 0x23, 0x73, 0x24, 0x9c,
|
||||||
|
+ 0xa7, 0x15, 0x41, 0x71, 0x7a, 0x31, 0xea, 0x32, 0xfc, 0x28, 0x0d, 0xd7,
|
||||||
|
+ 0x5b, 0x09, 0x01, 0x98, 0x1b, 0xe2, 0xa5, 0x53, 0xd9, 0x05, 0x32, 0x97,
|
||||||
|
+ 0xec, 0xbe, 0x86, 0xfd, 0x1c, 0x1c, 0x71, 0x4c, 0x52, 0x29, 0x9e, 0x52,
|
||||||
|
+};
|
||||||
|
+static const unsigned char kat1308_nonce[] = {0};
|
||||||
|
+static const unsigned char kat1308_persstr[] = {
|
||||||
|
+ 0xdc, 0x07, 0x2f, 0x68, 0xfa, 0x77, 0x03, 0x23, 0x42, 0xb0, 0xf5, 0xa2,
|
||||||
|
+ 0xd9, 0xad, 0xa1, 0xd0, 0xad, 0xa2, 0x14, 0xb4, 0xd0, 0x8e, 0xfb, 0x39,
|
||||||
|
+ 0xdd, 0xc2, 0xac, 0xfb, 0x98, 0xdf, 0x7f, 0xce, 0x4c, 0x75, 0x56, 0x45,
|
||||||
|
+ 0xcd, 0x86, 0x93, 0x74, 0x90, 0x6e, 0xf6, 0x9e, 0x85, 0x7e, 0xfb, 0xc3,
|
||||||
|
+};
|
||||||
|
+static const unsigned char kat1308_addin0[] = {
|
||||||
|
+ 0x52, 0x25, 0xc4, 0x2f, 0x03, 0xce, 0x29, 0x71, 0xc5, 0x0b, 0xc3, 0x4e,
|
||||||
|
+ 0xad, 0x8d, 0x6f, 0x17, 0x82, 0xe1, 0xf3, 0xfd, 0xfd, 0x9b, 0x94, 0x9a,
|
||||||
|
+ 0x1d, 0xac, 0xd0, 0xd4, 0x3f, 0x2b, 0xe3, 0xab, 0x7c, 0x3d, 0x3e, 0x5a,
|
||||||
|
+ 0x68, 0xbb, 0xa4, 0x74, 0x68, 0x1a, 0xc6, 0x27, 0xff, 0xe0, 0xc0, 0x6c,
|
||||||
|
+};
|
||||||
|
+static const unsigned char kat1308_addin1[] = {
|
||||||
|
+ 0xdc, 0x91, 0xd7, 0xb7, 0xb9, 0x94, 0x79, 0x0f, 0x06, 0xc4, 0x70, 0x19,
|
||||||
|
+ 0x33, 0x25, 0x7c, 0x96, 0x01, 0xa0, 0x62, 0xb0, 0x50, 0xe6, 0xc0, 0x3a,
|
||||||
|
+ 0x56, 0x8f, 0xc5, 0x50, 0x48, 0xc6, 0xf4, 0x49, 0xe5, 0x70, 0x16, 0x2e,
|
||||||
|
+ 0xae, 0xf2, 0x99, 0xb4, 0x2d, 0x70, 0x18, 0x16, 0xcd, 0xe0, 0x24, 0xe4,
|
||||||
|
+};
|
||||||
|
+static const unsigned char kat1308_retbits[] = {
|
||||||
|
+ 0xde, 0xf8, 0x91, 0x1b, 0xf1, 0xe1, 0xa9, 0x97, 0xd8, 0x61, 0x84, 0xe2,
|
||||||
|
+ 0xdb, 0x83, 0x3e, 0x60, 0x45, 0xcd, 0xc8, 0x66, 0x93, 0x28, 0xc8, 0x92,
|
||||||
|
+ 0xbc, 0x25, 0xae, 0xe8, 0xb0, 0xed, 0xed, 0x16, 0x3d, 0xa5, 0xf9, 0x0f,
|
||||||
|
+ 0xb3, 0x72, 0x08, 0x84, 0xac, 0x3c, 0x3b, 0xaa, 0x5f, 0xf9, 0x7d, 0x63,
|
||||||
|
+ 0x3e, 0xde, 0x59, 0x37, 0x0e, 0x40, 0x12, 0x2b, 0xbc, 0x6c, 0x96, 0x53,
|
||||||
|
+ 0x26, 0x32, 0xd0, 0xb8,
|
||||||
|
+};
|
||||||
|
+static const struct drbg_kat_no_reseed kat1308_t = {
|
||||||
|
+ 2, kat1308_entropyin, kat1308_nonce, kat1308_persstr,
|
||||||
|
+ kat1308_addin0, kat1308_addin1, kat1308_retbits
|
||||||
|
+};
|
||||||
|
+static const struct drbg_kat kat1308 = {
|
||||||
|
+ NO_RESEED, NO_DF, NID_aes_256_ctr, 48, 0, 48, 48, 64, &kat1308_t
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static const unsigned char kat1465_entropyin[] = {
|
||||||
|
+ 0xc9, 0x96, 0x3a, 0x15, 0x51, 0x76, 0x4f, 0xe0, 0x45, 0x82, 0x8a, 0x64,
|
||||||
|
+ 0x87, 0xbe, 0xaa, 0xc0,
|
||||||
|
+};
|
||||||
|
+static const unsigned char kat1465_nonce[] = {
|
||||||
|
+ 0x08, 0xcd, 0x69, 0x39, 0xf8, 0x58, 0x9a, 0x85,
|
||||||
|
+};
|
||||||
|
+static const unsigned char kat1465_persstr[] = {0};
|
||||||
|
+static const unsigned char kat1465_entropyinreseed[] = {
|
||||||
|
+ 0x16, 0xcc, 0x35, 0x15, 0xb1, 0x17, 0xf5, 0x33, 0x80, 0x9a, 0x80, 0xc5,
|
||||||
|
+ 0x1f, 0x4b, 0x7b, 0x51,
|
||||||
|
+};
|
||||||
|
+static const unsigned char kat1465_addinreseed[] = {
|
||||||
|
+ 0xf5, 0x3d, 0xf1, 0x2e, 0xdb, 0x28, 0x1c, 0x00, 0x7b, 0xcb, 0xb6, 0x12,
|
||||||
|
+ 0x61, 0x9f, 0x26, 0x5f,
|
||||||
|
+};
|
||||||
|
+static const unsigned char kat1465_addin0[] = {
|
||||||
|
+ 0xe2, 0x67, 0x06, 0x62, 0x09, 0xa7, 0xcf, 0xd6, 0x84, 0x8c, 0x20, 0xf6,
|
||||||
|
+ 0x10, 0x5a, 0x73, 0x9c,
|
||||||
|
+};
|
||||||
|
+static const unsigned char kat1465_addin1[] = {
|
||||||
|
+ 0x26, 0xfa, 0x50, 0xe1, 0xb3, 0xcb, 0x65, 0xed, 0xbc, 0x6d, 0xda, 0x18,
|
||||||
|
+ 0x47, 0x99, 0x1f, 0xeb,
|
||||||
|
+};
|
||||||
|
+static const unsigned char kat1465_retbits[] = {
|
||||||
|
+ 0xf9, 0x47, 0xc6, 0xb0, 0x58, 0xa8, 0x66, 0x8a, 0xf5, 0x2b, 0x2a, 0x6d,
|
||||||
|
+ 0x4e, 0x24, 0x6f, 0x65, 0xbf, 0x51, 0x22, 0xbf, 0xe8, 0x8d, 0x6c, 0xeb,
|
||||||
|
+ 0xf9, 0x68, 0x7f, 0xed, 0x3b, 0xdd, 0x6b, 0xd5, 0x28, 0x47, 0x56, 0x52,
|
||||||
|
+ 0xda, 0x50, 0xf0, 0x90, 0x73, 0x95, 0x06, 0x58, 0xaf, 0x08, 0x98, 0x6e,
|
||||||
|
+ 0x24, 0x18, 0xfd, 0x2f, 0x48, 0x72, 0x57, 0xd6, 0x59, 0xab, 0xe9, 0x41,
|
||||||
|
+ 0x58, 0xdb, 0x27, 0xba,
|
||||||
|
+};
|
||||||
|
+static const struct drbg_kat_pr_false kat1465_t = {
|
||||||
|
+ 9, kat1465_entropyin, kat1465_nonce, kat1465_persstr,
|
||||||
|
+ kat1465_entropyinreseed, kat1465_addinreseed, kat1465_addin0,
|
||||||
|
+ kat1465_addin1, kat1465_retbits
|
||||||
|
+};
|
||||||
|
+static const struct drbg_kat kat1465 = {
|
||||||
|
+ PR_FALSE, USE_DF, NID_aes_128_ctr, 16, 8, 0, 16, 64, &kat1465_t
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static const unsigned char kat3146_entropyin[] = {
|
||||||
|
+ 0xd7, 0x08, 0x42, 0x82, 0xc2, 0xd2, 0xd1, 0xde, 0x01, 0xb4, 0x36, 0xb3,
|
||||||
|
+ 0x7f, 0xbd, 0xd3, 0xdd, 0xb3, 0xc4, 0x31, 0x4f, 0x8f, 0xa7, 0x10, 0xf4,
|
||||||
|
+};
|
||||||
|
+static const unsigned char kat3146_nonce[] = {
|
||||||
|
+ 0x7b, 0x9e, 0xcd, 0x49, 0x4f, 0x46, 0xa0, 0x08, 0x32, 0xff, 0x2e, 0xc3,
|
||||||
|
+ 0x50, 0x86, 0xca, 0xca,
|
||||||
|
+};
|
||||||
|
+static const unsigned char kat3146_persstr[] = {0};
|
||||||
|
+static const unsigned char kat3146_entropyinpr1[] = {
|
||||||
|
+ 0x68, 0xd0, 0x7b, 0xa4, 0xe7, 0x22, 0x19, 0xe6, 0xb6, 0x46, 0x6a, 0xda,
|
||||||
|
+ 0x8e, 0x67, 0xea, 0x63, 0x3f, 0xaf, 0x2f, 0x6c, 0x9d, 0x5e, 0x48, 0x15,
|
||||||
|
+};
|
||||||
|
+static const unsigned char kat3146_addinpr1[] = {
|
||||||
|
+ 0x70, 0x0f, 0x54, 0xf4, 0x53, 0xde, 0xca, 0x61, 0x5c, 0x49, 0x51, 0xd1,
|
||||||
|
+ 0x41, 0xc4, 0xf1, 0x2f, 0x65, 0xfb, 0x7e, 0xbc, 0x9b, 0x14, 0xba, 0x90,
|
||||||
|
+ 0x05, 0x33, 0x7e, 0x64, 0xb7, 0x2b, 0xaf, 0x99,
|
||||||
|
+};
|
||||||
|
+static const unsigned char kat3146_entropyinpr2[] = {
|
||||||
|
+ 0xeb, 0x77, 0xb0, 0xe9, 0x2d, 0x31, 0xc8, 0x66, 0xc5, 0xc4, 0xa7, 0xf7,
|
||||||
|
+ 0x6c, 0xb2, 0x74, 0x36, 0x4b, 0x25, 0x78, 0x04, 0xd8, 0xd7, 0xd2, 0x34,
|
||||||
|
+};
|
||||||
|
+static const unsigned char kat3146_addinpr2[] = {
|
||||||
|
+ 0x05, 0xcd, 0x2a, 0x97, 0x5a, 0x5d, 0xfb, 0x98, 0xc1, 0xf1, 0x00, 0x0c,
|
||||||
|
+ 0xed, 0xe6, 0x2a, 0xba, 0xf0, 0x89, 0x1f, 0x5a, 0x4f, 0xd7, 0x48, 0xb3,
|
||||||
|
+ 0x24, 0xc0, 0x8a, 0x3d, 0x60, 0x59, 0x5d, 0xb6,
|
||||||
|
+};
|
||||||
|
+static const unsigned char kat3146_retbits[] = {
|
||||||
|
+ 0x29, 0x94, 0xa4, 0xa8, 0x17, 0x3e, 0x62, 0x2f, 0x94, 0xdd, 0x40, 0x1f,
|
||||||
|
+ 0xe3, 0x7e, 0x77, 0xd4, 0x38, 0xbc, 0x0e, 0x49, 0x46, 0xf6, 0x0e, 0x28,
|
||||||
|
+ 0x91, 0xc6, 0x9c, 0xc4, 0xa6, 0xa1, 0xf8, 0x9a, 0x64, 0x5e, 0x99, 0x76,
|
||||||
|
+ 0xd0, 0x2d, 0xee, 0xde, 0xe1, 0x2c, 0x93, 0x29, 0x4b, 0x12, 0xcf, 0x87,
|
||||||
|
+ 0x03, 0x98, 0xb9, 0x74, 0x41, 0xdb, 0x3a, 0x49, 0x9f, 0x92, 0xd0, 0x45,
|
||||||
|
+ 0xd4, 0x30, 0x73, 0xbb,
|
||||||
|
+};
|
||||||
|
+static const struct drbg_kat_pr_true kat3146_t = {
|
||||||
|
+ 10, kat3146_entropyin, kat3146_nonce, kat3146_persstr,
|
||||||
|
+ kat3146_entropyinpr1, kat3146_addinpr1, kat3146_entropyinpr2,
|
||||||
|
+ kat3146_addinpr2, kat3146_retbits
|
||||||
|
+};
|
||||||
|
+static const struct drbg_kat kat3146 = {
|
||||||
|
+ PR_TRUE, USE_DF, NID_aes_192_ctr, 24, 16, 0, 32, 64, &kat3146_t
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static const struct drbg_kat *drbg_test[] = { &kat1308, &kat1465, &kat3146 };
|
||||||
|
+
|
||||||
|
+static const size_t drbg_test_nelem = OSSL_NELEM(drbg_test);
|
||||||
|
+
|
||||||
|
+static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout,
|
||||||
|
+ int entropy, size_t min_len, size_t max_len,
|
||||||
|
+ int prediction_resistance)
|
||||||
|
+{
|
||||||
|
+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
|
||||||
|
+
|
||||||
|
+ t->entropycnt++;
|
||||||
|
+ *pout = (unsigned char *)t->entropy;
|
||||||
|
+ return t->entropylen;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static size_t kat_nonce(RAND_DRBG *drbg, unsigned char **pout,
|
||||||
|
+ int entropy, size_t min_len, size_t max_len)
|
||||||
|
+{
|
||||||
|
+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
|
||||||
|
+
|
||||||
|
+ t->noncecnt++;
|
||||||
|
+ *pout = (unsigned char *)t->nonce;
|
||||||
|
+ return t->noncelen;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * Do a single NO_RESEED KAT:
|
||||||
|
+ *
|
||||||
|
+ * Instantiate
|
||||||
|
+ * Generate Random Bits (pr=false)
|
||||||
|
+ * Generate Random Bits (pr=false)
|
||||||
|
+ * Uninstantiate
|
||||||
|
+ *
|
||||||
|
+ * Return 0 on failure.
|
||||||
|
+ */
|
||||||
|
+static int single_kat_no_reseed(const struct drbg_kat *td)
|
||||||
|
+{
|
||||||
|
+ struct drbg_kat_no_reseed *data = (struct drbg_kat_no_reseed *)td->t;
|
||||||
|
+ RAND_DRBG *drbg = NULL;
|
||||||
|
+ unsigned char *buff = NULL;
|
||||||
|
+ unsigned int flags = 0;
|
||||||
|
+ int failures = 0;
|
||||||
|
+ TEST_CTX t;
|
||||||
|
+
|
||||||
|
+ if (td->df != USE_DF)
|
||||||
|
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
|
||||||
|
+
|
||||||
|
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||||
|
+ kat_nonce, NULL)) {
|
||||||
|
+ failures++;
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ memset(&t, 0, sizeof(t));
|
||||||
|
+ t.entropy = data->entropyin;
|
||||||
|
+ t.entropylen = td->entropyinlen;
|
||||||
|
+ t.nonce = data->nonce;
|
||||||
|
+ t.noncelen = td->noncelen;
|
||||||
|
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
|
||||||
|
+
|
||||||
|
+ buff = OPENSSL_malloc(td->retbyteslen);
|
||||||
|
+ if (buff == NULL) {
|
||||||
|
+ failures++;
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)
|
||||||
|
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
|
||||||
|
+ data->addin1, td->addinlen)
|
||||||
|
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
|
||||||
|
+ data->addin2, td->addinlen)
|
||||||
|
+ || memcmp(data->retbytes, buff,
|
||||||
|
+ td->retbyteslen) != 0)
|
||||||
|
+ failures++;
|
||||||
|
+
|
||||||
|
+err:
|
||||||
|
+ OPENSSL_free(buff);
|
||||||
|
+ RAND_DRBG_uninstantiate(drbg);
|
||||||
|
+ RAND_DRBG_free(drbg);
|
||||||
|
+ return failures == 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*-
|
||||||
|
+ * Do a single PR_FALSE KAT:
|
||||||
|
+ *
|
||||||
|
+ * Instantiate
|
||||||
|
+ * Reseed
|
||||||
|
+ * Generate Random Bits (pr=false)
|
||||||
|
+ * Generate Random Bits (pr=false)
|
||||||
|
+ * Uninstantiate
|
||||||
|
+ *
|
||||||
|
+ * Return 0 on failure.
|
||||||
|
+ */
|
||||||
|
+static int single_kat_pr_false(const struct drbg_kat *td)
|
||||||
|
+{
|
||||||
|
+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
|
||||||
|
+ RAND_DRBG *drbg = NULL;
|
||||||
|
+ unsigned char *buff = NULL;
|
||||||
|
+ unsigned int flags = 0;
|
||||||
|
+ int failures = 0;
|
||||||
|
+ TEST_CTX t;
|
||||||
|
+
|
||||||
|
+ if (td->df != USE_DF)
|
||||||
|
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
|
||||||
|
+
|
||||||
|
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||||
|
+ kat_nonce, NULL)) {
|
||||||
|
+ failures++;
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ memset(&t, 0, sizeof(t));
|
||||||
|
+ t.entropy = data->entropyin;
|
||||||
|
+ t.entropylen = td->entropyinlen;
|
||||||
|
+ t.nonce = data->nonce;
|
||||||
|
+ t.noncelen = td->noncelen;
|
||||||
|
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
|
||||||
|
+
|
||||||
|
+ buff = OPENSSL_malloc(td->retbyteslen);
|
||||||
|
+ if (buff == NULL) {
|
||||||
|
+ failures++;
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
|
||||||
|
+ failures++;
|
||||||
|
+
|
||||||
|
+ t.entropy = data->entropyinreseed;
|
||||||
|
+ t.entropylen = td->entropyinlen;
|
||||||
|
+
|
||||||
|
+ if (!RAND_DRBG_reseed(drbg, data->addinreseed, td->addinlen, 0)
|
||||||
|
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
|
||||||
|
+ data->addin1, td->addinlen)
|
||||||
|
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
|
||||||
|
+ data->addin2, td->addinlen)
|
||||||
|
+ || memcmp(data->retbytes, buff,
|
||||||
|
+ td->retbyteslen) != 0)
|
||||||
|
+ failures++;
|
||||||
|
+
|
||||||
|
+err:
|
||||||
|
+ OPENSSL_free(buff);
|
||||||
|
+ RAND_DRBG_uninstantiate(drbg);
|
||||||
|
+ RAND_DRBG_free(drbg);
|
||||||
|
+ return failures == 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*-
|
||||||
|
+ * Do a single PR_TRUE KAT:
|
||||||
|
+ *
|
||||||
|
+ * Instantiate
|
||||||
|
+ * Generate Random Bits (pr=true)
|
||||||
|
+ * Generate Random Bits (pr=true)
|
||||||
|
+ * Uninstantiate
|
||||||
|
+ *
|
||||||
|
+ * Return 0 on failure.
|
||||||
|
+ */
|
||||||
|
+static int single_kat_pr_true(const struct drbg_kat *td)
|
||||||
|
+{
|
||||||
|
+ struct drbg_kat_pr_true *data = (struct drbg_kat_pr_true *)td->t;
|
||||||
|
+ RAND_DRBG *drbg = NULL;
|
||||||
|
+ unsigned char *buff = NULL;
|
||||||
|
+ unsigned int flags = 0;
|
||||||
|
+ int failures = 0;
|
||||||
|
+ TEST_CTX t;
|
||||||
|
+
|
||||||
|
+ if (td->df != USE_DF)
|
||||||
|
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
|
||||||
|
+
|
||||||
|
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||||
|
+ kat_nonce, NULL)) {
|
||||||
|
+ failures++;
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ memset(&t, 0, sizeof(t));
|
||||||
|
+ t.nonce = data->nonce;
|
||||||
|
+ t.noncelen = td->noncelen;
|
||||||
|
+ t.entropy = data->entropyin;
|
||||||
|
+ t.entropylen = td->entropyinlen;
|
||||||
|
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
|
||||||
|
+
|
||||||
|
+ buff = OPENSSL_malloc(td->retbyteslen);
|
||||||
|
+ if (buff == NULL) {
|
||||||
|
+ failures++;
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
|
||||||
|
+ failures++;
|
||||||
|
+
|
||||||
|
+ t.entropy = data->entropyinpr1;
|
||||||
|
+ t.entropylen = td->entropyinlen;
|
||||||
|
+
|
||||||
|
+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
|
||||||
|
+ data->addin1, td->addinlen))
|
||||||
|
+ failures++;
|
||||||
|
+
|
||||||
|
+ t.entropy = data->entropyinpr2;
|
||||||
|
+ t.entropylen = td->entropyinlen;
|
||||||
|
+
|
||||||
|
+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
|
||||||
|
+ data->addin2, td->addinlen)
|
||||||
|
+ || memcmp(data->retbytes, buff,
|
||||||
|
+ td->retbyteslen) != 0)
|
||||||
|
+ failures++;
|
||||||
|
+
|
||||||
|
+err:
|
||||||
|
+ OPENSSL_free(buff);
|
||||||
|
+ RAND_DRBG_uninstantiate(drbg);
|
||||||
|
+ RAND_DRBG_free(drbg);
|
||||||
|
+ return failures == 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static int test_kats(int i)
|
||||||
|
+{
|
||||||
|
+ const struct drbg_kat *td = drbg_test[i];
|
||||||
|
+ int rv = 0;
|
||||||
|
+
|
||||||
|
+ switch (td->type) {
|
||||||
|
+ case NO_RESEED:
|
||||||
|
+ if (!single_kat_no_reseed(td))
|
||||||
|
+ goto err;
|
||||||
|
+ break;
|
||||||
|
+ case PR_FALSE:
|
||||||
|
+ if (!single_kat_pr_false(td))
|
||||||
|
+ goto err;
|
||||||
|
+ break;
|
||||||
|
+ case PR_TRUE:
|
||||||
|
+ if (!single_kat_pr_true(td))
|
||||||
|
+ goto err;
|
||||||
|
+ break;
|
||||||
|
+ default: /* cant happen */
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ rv = 1;
|
||||||
|
+err:
|
||||||
|
+ return rv;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*-
|
||||||
|
+ * Do one expected-error test:
|
||||||
|
+ *
|
||||||
|
+ * Instantiate with no entropy supplied
|
||||||
|
+ *
|
||||||
|
+ * Return 0 on failure.
|
||||||
|
+ */
|
||||||
|
+static int test_drbg_sanity(const struct drbg_kat *td)
|
||||||
|
+{
|
||||||
|
+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
|
||||||
|
+ RAND_DRBG *drbg = NULL;
|
||||||
|
+ unsigned int flags = 0;
|
||||||
|
+ int failures = 0;
|
||||||
|
+ TEST_CTX t;
|
||||||
|
+
|
||||||
|
+ if (td->df != USE_DF)
|
||||||
|
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
|
||||||
|
+
|
||||||
|
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
|
||||||
|
+ kat_nonce, NULL)) {
|
||||||
|
+ failures++;
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ memset(&t, 0, sizeof(t));
|
||||||
|
+ t.entropy = data->entropyin;
|
||||||
|
+ t.entropylen = 0; /* No entropy */
|
||||||
|
+ t.nonce = data->nonce;
|
||||||
|
+ t.noncelen = td->noncelen;
|
||||||
|
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
|
||||||
|
+
|
||||||
|
+ ERR_set_mark();
|
||||||
|
+ /* This must fail. */
|
||||||
|
+ if (RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
|
||||||
|
+ failures++;
|
||||||
|
+ RAND_DRBG_uninstantiate(drbg);
|
||||||
|
+ ERR_pop_to_mark();
|
||||||
|
+
|
||||||
|
+err:
|
||||||
|
+ RAND_DRBG_free(drbg);
|
||||||
|
+ return failures == 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+int rand_drbg_selftest(void)
|
||||||
|
+{
|
||||||
|
+ int i;
|
||||||
|
+
|
||||||
|
+ if (!RUN_ONCE(&get_index_once, drbg_app_data_index_init))
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < drbg_test_nelem; i++) {
|
||||||
|
+ if (test_kats(i) <= 0)
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (test_drbg_sanity(&kat1465) <= 0)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ return 1;
|
||||||
|
+}
|
||||||
|
diff -up openssl-1.1.1g/include/crypto/rand.h.drbg-selftest openssl-1.1.1g/include/crypto/rand.h
|
||||||
|
--- openssl-1.1.1g/include/crypto/rand.h.drbg-selftest 2020-04-23 13:33:12.587622510 +0200
|
||||||
|
+++ openssl-1.1.1g/include/crypto/rand.h 2020-04-23 13:33:12.619621907 +0200
|
||||||
|
@@ -140,4 +140,9 @@ void rand_pool_cleanup(void);
|
||||||
|
*/
|
||||||
|
void rand_pool_keep_random_devices_open(int keep);
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * Perform the DRBG KAT selftests
|
||||||
|
+ */
|
||||||
|
+int rand_drbg_selftest(void);
|
||||||
|
+
|
||||||
|
#endif
|
189
openssl-1.1.1-fips-post-rand.patch
Normal file
189
openssl-1.1.1-fips-post-rand.patch
Normal file
@ -0,0 +1,189 @@
|
|||||||
|
diff -up openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand openssl-1.1.1e/crypto/fips/fips.c
|
||||||
|
--- openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand 2020-03-17 18:06:16.822418854 +0100
|
||||||
|
+++ openssl-1.1.1e/crypto/fips/fips.c 2020-03-17 18:06:16.861418172 +0100
|
||||||
|
@@ -68,6 +68,7 @@
|
||||||
|
|
||||||
|
# include <openssl/fips.h>
|
||||||
|
# include "internal/thread_once.h"
|
||||||
|
+# include "crypto/rand.h"
|
||||||
|
|
||||||
|
# ifndef PATH_MAX
|
||||||
|
# define PATH_MAX 1024
|
||||||
|
@@ -76,6 +77,7 @@
|
||||||
|
static int fips_selftest_fail = 0;
|
||||||
|
static int fips_mode = 0;
|
||||||
|
static int fips_started = 0;
|
||||||
|
+static int fips_post = 0;
|
||||||
|
|
||||||
|
static int fips_is_owning_thread(void);
|
||||||
|
static int fips_set_owning_thread(void);
|
||||||
|
@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void)
|
||||||
|
fips_selftest_fail = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
+int fips_in_post(void)
|
||||||
|
+{
|
||||||
|
+ return fips_post;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* we implement what libfipscheck does ourselves */
|
||||||
|
|
||||||
|
static int
|
||||||
|
@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff)
|
||||||
|
}
|
||||||
|
# endif
|
||||||
|
|
||||||
|
+ fips_post = 1;
|
||||||
|
+
|
||||||
|
if (!FIPS_selftest()) {
|
||||||
|
fips_selftest_fail = 1;
|
||||||
|
ret = 0;
|
||||||
|
@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff)
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ fips_post = 0;
|
||||||
|
+
|
||||||
|
fips_set_mode(onoff);
|
||||||
|
+ /* force RNG reseed with entropy from getrandom() on next call */
|
||||||
|
+ rand_force_reseed();
|
||||||
|
+
|
||||||
|
ret = 1;
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1e/crypto/rand/drbg_lib.c
|
||||||
|
--- openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
|
||||||
|
+++ openssl-1.1.1e/crypto/rand/drbg_lib.c 2020-03-17 18:07:35.305045521 +0100
|
||||||
|
@@ -1009,6 +1009,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
|
||||||
|
return min_entropy > min_entropylen ? min_entropy : min_entropylen;
|
||||||
|
}
|
||||||
|
|
||||||
|
+void rand_force_reseed(void)
|
||||||
|
+{
|
||||||
|
+ RAND_DRBG *drbg;
|
||||||
|
+
|
||||||
|
+ drbg = RAND_DRBG_get0_master();
|
||||||
|
+ drbg->fork_id = 0;
|
||||||
|
+
|
||||||
|
+ drbg = RAND_DRBG_get0_private();
|
||||||
|
+ drbg->fork_id = 0;
|
||||||
|
+
|
||||||
|
+ drbg = RAND_DRBG_get0_public();
|
||||||
|
+ drbg->fork_id = 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* Implements the default OpenSSL RAND_add() method */
|
||||||
|
static int drbg_add(const void *buf, int num, double randomness)
|
||||||
|
{
|
||||||
|
diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/crypto/rand/rand_unix.c
|
||||||
|
--- openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
|
||||||
|
+++ openssl-1.1.1e/crypto/rand/rand_unix.c 2020-03-17 18:09:01.503537189 +0100
|
||||||
|
@@ -17,10 +17,12 @@
|
||||||
|
#include <openssl/crypto.h>
|
||||||
|
#include "rand_local.h"
|
||||||
|
#include "crypto/rand.h"
|
||||||
|
+#include "crypto/fips.h"
|
||||||
|
#include <stdio.h>
|
||||||
|
#include "internal/dso.h"
|
||||||
|
#ifdef __linux
|
||||||
|
# include <sys/syscall.h>
|
||||||
|
+# include <sys/random.h>
|
||||||
|
# ifdef DEVRANDOM_WAIT
|
||||||
|
# include <sys/shm.h>
|
||||||
|
# include <sys/utsname.h>
|
||||||
|
@@ -342,7 +344,7 @@ static ssize_t sysctl_random(char *buf,
|
||||||
|
* syscall_random(): Try to get random data using a system call
|
||||||
|
* returns the number of bytes returned in buf, or < 0 on error.
|
||||||
|
*/
|
||||||
|
-static ssize_t syscall_random(void *buf, size_t buflen)
|
||||||
|
+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock)
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* Note: 'buflen' equals the size of the buffer which is used by the
|
||||||
|
@@ -364,6 +366,7 @@ static ssize_t syscall_random(void *buf,
|
||||||
|
* - Linux since 3.17 with glibc 2.25
|
||||||
|
* - FreeBSD since 12.0 (1200061)
|
||||||
|
*/
|
||||||
|
+# if 0
|
||||||
|
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
|
||||||
|
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
|
||||||
|
|
||||||
|
@@ -385,10 +388,10 @@ static ssize_t syscall_random(void *buf,
|
||||||
|
if (p_getentropy.p != NULL)
|
||||||
|
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
||||||
|
# endif
|
||||||
|
-
|
||||||
|
+# endif
|
||||||
|
/* Linux supports this since version 3.17 */
|
||||||
|
-# if defined(__linux) && defined(__NR_getrandom)
|
||||||
|
- return syscall(__NR_getrandom, buf, buflen, 0);
|
||||||
|
+# if defined(__linux) && defined(SYS_getrandom)
|
||||||
|
+ return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
|
||||||
|
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
||||||
|
return sysctl_random(buf, buflen);
|
||||||
|
# else
|
||||||
|
@@ -623,6 +626,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||||
|
size_t entropy_available;
|
||||||
|
|
||||||
|
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
|
||||||
|
+ int in_post;
|
||||||
|
+
|
||||||
|
+ for (in_post = fips_in_post(); in_post >= 0; --in_post) {
|
||||||
|
{
|
||||||
|
size_t bytes_needed;
|
||||||
|
unsigned char *buffer;
|
||||||
|
@@ -633,7 +639,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||||
|
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||||
|
while (bytes_needed != 0 && attempts-- > 0) {
|
||||||
|
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||||
|
- bytes = syscall_random(buffer, bytes_needed);
|
||||||
|
+ bytes = syscall_random(buffer, bytes_needed, in_post);
|
||||||
|
if (bytes > 0) {
|
||||||
|
rand_pool_add_end(pool, bytes, 8 * bytes);
|
||||||
|
bytes_needed -= bytes;
|
||||||
|
@@ -668,8 +674,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||||
|
int attempts = 3;
|
||||||
|
const int fd = get_random_device(i);
|
||||||
|
|
||||||
|
- if (fd == -1)
|
||||||
|
+ if (fd == -1) {
|
||||||
|
+ OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]);
|
||||||
|
continue;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
while (bytes_needed != 0 && attempts-- > 0) {
|
||||||
|
buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||||
|
@@ -732,7 +740,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
||||||
|
return entropy_available;
|
||||||
|
}
|
||||||
|
# endif
|
||||||
|
-
|
||||||
|
+# ifdef OPENSSL_RAND_SEED_GETRANDOM
|
||||||
|
+ }
|
||||||
|
+# endif
|
||||||
|
return rand_pool_entropy_available(pool);
|
||||||
|
# endif
|
||||||
|
}
|
||||||
|
diff -up openssl-1.1.1e/include/crypto/fips.h.fips-post-rand openssl-1.1.1e/include/crypto/fips.h
|
||||||
|
--- openssl-1.1.1e/include/crypto/fips.h.fips-post-rand 2020-03-17 18:06:16.831418696 +0100
|
||||||
|
+++ openssl-1.1.1e/include/crypto/fips.h 2020-03-17 18:06:16.861418172 +0100
|
||||||
|
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
|
||||||
|
int FIPS_selftest_drbg(void);
|
||||||
|
int FIPS_selftest_cmac(void);
|
||||||
|
|
||||||
|
+int fips_in_post(void);
|
||||||
|
+
|
||||||
|
int fips_pkey_signature_test(EVP_PKEY *pkey,
|
||||||
|
const unsigned char *tbs, int tbslen,
|
||||||
|
const unsigned char *kat,
|
||||||
|
diff -up openssl-1.1.1e/include/crypto/rand.h.fips-post-rand openssl-1.1.1e/include/crypto/rand.h
|
||||||
|
--- openssl-1.1.1e/include/crypto/rand.h.fips-post-rand 2020-03-17 15:31:17.000000000 +0100
|
||||||
|
+++ openssl-1.1.1e/include/crypto/rand.h 2020-03-17 18:07:35.303045555 +0100
|
||||||
|
@@ -24,6 +24,7 @@
|
||||||
|
typedef struct rand_pool_st RAND_POOL;
|
||||||
|
|
||||||
|
void rand_cleanup_int(void);
|
||||||
|
+void rand_force_reseed(void);
|
||||||
|
void rand_drbg_cleanup_int(void);
|
||||||
|
void drbg_delete_thread_state(void);
|
||||||
|
|
11655
openssl-1.1.1-fips.patch
Normal file
11655
openssl-1.1.1-fips.patch
Normal file
File diff suppressed because it is too large
Load Diff
500
openssl-1.1.1-intel-cet.patch
Normal file
500
openssl-1.1.1-intel-cet.patch
Normal file
@ -0,0 +1,500 @@
|
|||||||
|
diff -up openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl
|
||||||
|
--- openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||||
|
+++ openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl 2020-03-19 17:07:02.626522694 +0100
|
||||||
|
@@ -275,6 +275,7 @@ $code.=<<___;
|
||||||
|
.align 16
|
||||||
|
${PREFIX}_encrypt:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
movups ($inp),$inout0 # load input
|
||||||
|
mov 240($key),$rounds # key->rounds
|
||||||
|
___
|
||||||
|
@@ -293,6 +294,7 @@ $code.=<<___;
|
||||||
|
.align 16
|
||||||
|
${PREFIX}_decrypt:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
movups ($inp),$inout0 # load input
|
||||||
|
mov 240($key),$rounds # key->rounds
|
||||||
|
___
|
||||||
|
@@ -613,6 +615,7 @@ $code.=<<___;
|
||||||
|
.align 16
|
||||||
|
aesni_ecb_encrypt:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
___
|
||||||
|
$code.=<<___ if ($win64);
|
||||||
|
lea -0x58(%rsp),%rsp
|
||||||
|
@@ -985,6 +988,7 @@ $code.=<<___;
|
||||||
|
.align 16
|
||||||
|
aesni_ccm64_encrypt_blocks:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
___
|
||||||
|
$code.=<<___ if ($win64);
|
||||||
|
lea -0x58(%rsp),%rsp
|
||||||
|
@@ -1077,6 +1081,7 @@ $code.=<<___;
|
||||||
|
.align 16
|
||||||
|
aesni_ccm64_decrypt_blocks:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
___
|
||||||
|
$code.=<<___ if ($win64);
|
||||||
|
lea -0x58(%rsp),%rsp
|
||||||
|
@@ -1203,6 +1208,7 @@ $code.=<<___;
|
||||||
|
.align 16
|
||||||
|
aesni_ctr32_encrypt_blocks:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
cmp \$1,$len
|
||||||
|
jne .Lctr32_bulk
|
||||||
|
|
||||||
|
@@ -1775,6 +1781,7 @@ $code.=<<___;
|
||||||
|
.align 16
|
||||||
|
aesni_xts_encrypt:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
lea (%rsp),%r11 # frame pointer
|
||||||
|
.cfi_def_cfa_register %r11
|
||||||
|
push %rbp
|
||||||
|
@@ -2258,6 +2265,7 @@ $code.=<<___;
|
||||||
|
.align 16
|
||||||
|
aesni_xts_decrypt:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
lea (%rsp),%r11 # frame pointer
|
||||||
|
.cfi_def_cfa_register %r11
|
||||||
|
push %rbp
|
||||||
|
@@ -2783,6 +2791,7 @@ $code.=<<___;
|
||||||
|
.align 32
|
||||||
|
aesni_ocb_encrypt:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
lea (%rsp),%rax
|
||||||
|
push %rbx
|
||||||
|
.cfi_push %rbx
|
||||||
|
@@ -3249,6 +3258,7 @@ __ocb_encrypt1:
|
||||||
|
.align 32
|
||||||
|
aesni_ocb_decrypt:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
lea (%rsp),%rax
|
||||||
|
push %rbx
|
||||||
|
.cfi_push %rbx
|
||||||
|
@@ -3737,6 +3747,7 @@ $code.=<<___;
|
||||||
|
.align 16
|
||||||
|
${PREFIX}_cbc_encrypt:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
test $len,$len # check length
|
||||||
|
jz .Lcbc_ret
|
||||||
|
|
||||||
|
diff -up openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl
|
||||||
|
--- openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||||
|
+++ openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl 2020-03-19 17:00:15.974621757 +0100
|
||||||
|
@@ -696,6 +696,7 @@ _vpaes_schedule_mangle:
|
||||||
|
.align 16
|
||||||
|
${PREFIX}_set_encrypt_key:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
___
|
||||||
|
$code.=<<___ if ($win64);
|
||||||
|
lea -0xb8(%rsp),%rsp
|
||||||
|
@@ -746,6 +747,7 @@ $code.=<<___;
|
||||||
|
.align 16
|
||||||
|
${PREFIX}_set_decrypt_key:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
___
|
||||||
|
$code.=<<___ if ($win64);
|
||||||
|
lea -0xb8(%rsp),%rsp
|
||||||
|
@@ -801,6 +803,7 @@ $code.=<<___;
|
||||||
|
.align 16
|
||||||
|
${PREFIX}_encrypt:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
___
|
||||||
|
$code.=<<___ if ($win64);
|
||||||
|
lea -0xb8(%rsp),%rsp
|
||||||
|
@@ -846,6 +849,7 @@ $code.=<<___;
|
||||||
|
.align 16
|
||||||
|
${PREFIX}_decrypt:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
___
|
||||||
|
$code.=<<___ if ($win64);
|
||||||
|
lea -0xb8(%rsp),%rsp
|
||||||
|
@@ -897,6 +901,7 @@ $code.=<<___;
|
||||||
|
.align 16
|
||||||
|
${PREFIX}_cbc_encrypt:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
xchg $key,$len
|
||||||
|
___
|
||||||
|
($len,$key)=($key,$len);
|
||||||
|
diff -up openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.c
|
||||||
|
--- openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||||
|
+++ openssl-1.1.1e/crypto/async/arch/async_posix.c 2020-03-19 17:00:15.974621757 +0100
|
||||||
|
@@ -34,7 +34,9 @@ void async_local_cleanup(void)
|
||||||
|
|
||||||
|
int async_fibre_makecontext(async_fibre *fibre)
|
||||||
|
{
|
||||||
|
+#ifndef USE_SWAPCONTEXT
|
||||||
|
fibre->env_init = 0;
|
||||||
|
+#endif
|
||||||
|
if (getcontext(&fibre->fibre) == 0) {
|
||||||
|
fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE);
|
||||||
|
if (fibre->fibre.uc_stack.ss_sp != NULL) {
|
||||||
|
diff -up openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.h
|
||||||
|
--- openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet 2020-03-19 17:00:15.435631166 +0100
|
||||||
|
+++ openssl-1.1.1e/crypto/async/arch/async_posix.h 2020-03-19 17:00:15.975621739 +0100
|
||||||
|
@@ -25,17 +25,33 @@
|
||||||
|
# define ASYNC_POSIX
|
||||||
|
# define ASYNC_ARCH
|
||||||
|
|
||||||
|
+# ifdef __CET__
|
||||||
|
+/*
|
||||||
|
+ * When Intel CET is enabled, makecontext will create a different
|
||||||
|
+ * shadow stack for each context. async_fibre_swapcontext cannot
|
||||||
|
+ * use _longjmp. It must call swapcontext to swap shadow stack as
|
||||||
|
+ * well as normal stack.
|
||||||
|
+ */
|
||||||
|
+# define USE_SWAPCONTEXT
|
||||||
|
+# endif
|
||||||
|
# include <ucontext.h>
|
||||||
|
-# include <setjmp.h>
|
||||||
|
+# ifndef USE_SWAPCONTEXT
|
||||||
|
+# include <setjmp.h>
|
||||||
|
+# endif
|
||||||
|
|
||||||
|
typedef struct async_fibre_st {
|
||||||
|
ucontext_t fibre;
|
||||||
|
+# ifndef USE_SWAPCONTEXT
|
||||||
|
jmp_buf env;
|
||||||
|
int env_init;
|
||||||
|
+# endif
|
||||||
|
} async_fibre;
|
||||||
|
|
||||||
|
static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r)
|
||||||
|
{
|
||||||
|
+# ifdef USE_SWAPCONTEXT
|
||||||
|
+ swapcontext(&o->fibre, &n->fibre);
|
||||||
|
+# else
|
||||||
|
o->env_init = 1;
|
||||||
|
|
||||||
|
if (!r || !_setjmp(o->env)) {
|
||||||
|
@@ -44,6 +60,7 @@ static ossl_inline int async_fibre_swapc
|
||||||
|
else
|
||||||
|
setcontext(&n->fibre);
|
||||||
|
}
|
||||||
|
+# endif
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
diff -up openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl
|
||||||
|
--- openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||||
|
+++ openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl 2020-03-19 17:00:15.975621739 +0100
|
||||||
|
@@ -685,6 +685,7 @@ $code.=<<___;
|
||||||
|
.align 16
|
||||||
|
Camellia_cbc_encrypt:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
cmp \$0,%rdx
|
||||||
|
je .Lcbc_abort
|
||||||
|
push %rbx
|
||||||
|
diff -up openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl
|
||||||
|
--- openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||||
|
+++ openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl 2020-03-19 17:00:15.975621739 +0100
|
||||||
|
@@ -239,6 +239,7 @@ $code=<<___;
|
||||||
|
.align 16
|
||||||
|
gcm_gmult_4bit:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
push %rbx
|
||||||
|
.cfi_push %rbx
|
||||||
|
push %rbp # %rbp and others are pushed exclusively in
|
||||||
|
@@ -286,6 +287,7 @@ $code.=<<___;
|
||||||
|
.align 16
|
||||||
|
gcm_ghash_4bit:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
push %rbx
|
||||||
|
.cfi_push %rbx
|
||||||
|
push %rbp
|
||||||
|
@@ -612,6 +614,7 @@ $code.=<<___;
|
||||||
|
.align 16
|
||||||
|
gcm_gmult_clmul:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
.L_gmult_clmul:
|
||||||
|
movdqu ($Xip),$Xi
|
||||||
|
movdqa .Lbswap_mask(%rip),$T3
|
||||||
|
@@ -663,6 +666,7 @@ $code.=<<___;
|
||||||
|
.align 32
|
||||||
|
gcm_ghash_clmul:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
.L_ghash_clmul:
|
||||||
|
___
|
||||||
|
$code.=<<___ if ($win64);
|
||||||
|
@@ -1166,6 +1170,7 @@ $code.=<<___;
|
||||||
|
.align 32
|
||||||
|
gcm_gmult_avx:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
jmp .L_gmult_clmul
|
||||||
|
.cfi_endproc
|
||||||
|
.size gcm_gmult_avx,.-gcm_gmult_avx
|
||||||
|
@@ -1177,6 +1182,7 @@ $code.=<<___;
|
||||||
|
.align 32
|
||||||
|
gcm_ghash_avx:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
___
|
||||||
|
if ($avx) {
|
||||||
|
my ($Xip,$Htbl,$inp,$len)=@_4args;
|
||||||
|
diff -up openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet openssl-1.1.1e/crypto/perlasm/cbc.pl
|
||||||
|
--- openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||||
|
+++ openssl-1.1.1e/crypto/perlasm/cbc.pl 2020-03-19 17:00:15.976621722 +0100
|
||||||
|
@@ -165,21 +165,28 @@ sub cbc
|
||||||
|
&jmp_ptr($count);
|
||||||
|
|
||||||
|
&set_label("ej7");
|
||||||
|
+ &endbranch()
|
||||||
|
&movb(&HB("edx"), &BP(6,$in,"",0));
|
||||||
|
&shl("edx",8);
|
||||||
|
&set_label("ej6");
|
||||||
|
+ &endbranch()
|
||||||
|
&movb(&HB("edx"), &BP(5,$in,"",0));
|
||||||
|
&set_label("ej5");
|
||||||
|
+ &endbranch()
|
||||||
|
&movb(&LB("edx"), &BP(4,$in,"",0));
|
||||||
|
&set_label("ej4");
|
||||||
|
+ &endbranch()
|
||||||
|
&mov("ecx", &DWP(0,$in,"",0));
|
||||||
|
&jmp(&label("ejend"));
|
||||||
|
&set_label("ej3");
|
||||||
|
+ &endbranch()
|
||||||
|
&movb(&HB("ecx"), &BP(2,$in,"",0));
|
||||||
|
&shl("ecx",8);
|
||||||
|
&set_label("ej2");
|
||||||
|
+ &endbranch()
|
||||||
|
&movb(&HB("ecx"), &BP(1,$in,"",0));
|
||||||
|
&set_label("ej1");
|
||||||
|
+ &endbranch()
|
||||||
|
&movb(&LB("ecx"), &BP(0,$in,"",0));
|
||||||
|
&set_label("ejend");
|
||||||
|
|
||||||
|
diff -up openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl
|
||||||
|
--- openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||||
|
+++ openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl 2020-03-19 17:00:15.984621582 +0100
|
||||||
|
@@ -101,6 +101,33 @@ elsif (!$gas)
|
||||||
|
$decor="\$L\$";
|
||||||
|
}
|
||||||
|
|
||||||
|
+my $cet_property;
|
||||||
|
+if ($flavour =~ /elf/) {
|
||||||
|
+ # Always generate .note.gnu.property section for ELF outputs to
|
||||||
|
+ # mark Intel CET support since all input files must be marked
|
||||||
|
+ # with Intel CET support in order for linker to mark output with
|
||||||
|
+ # Intel CET support.
|
||||||
|
+ my $p2align=3; $p2align=2 if ($flavour eq "elf32");
|
||||||
|
+ $cet_property = <<_____;
|
||||||
|
+ .section ".note.gnu.property", "a"
|
||||||
|
+ .p2align $p2align
|
||||||
|
+ .long 1f - 0f
|
||||||
|
+ .long 4f - 1f
|
||||||
|
+ .long 5
|
||||||
|
+0:
|
||||||
|
+ .asciz "GNU"
|
||||||
|
+1:
|
||||||
|
+ .p2align $p2align
|
||||||
|
+ .long 0xc0000002
|
||||||
|
+ .long 3f - 2f
|
||||||
|
+2:
|
||||||
|
+ .long 3
|
||||||
|
+3:
|
||||||
|
+ .p2align $p2align
|
||||||
|
+4:
|
||||||
|
+_____
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
my $current_segment;
|
||||||
|
my $current_function;
|
||||||
|
my %globals;
|
||||||
|
@@ -1213,6 +1240,7 @@ while(defined(my $line=<>)) {
|
||||||
|
print $line,"\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
+print "$cet_property" if ($cet_property);
|
||||||
|
print "\n$current_segment\tENDS\n" if ($current_segment && $masm);
|
||||||
|
print "END\n" if ($masm);
|
||||||
|
|
||||||
|
diff -up openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86gas.pl
|
||||||
|
--- openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||||
|
+++ openssl-1.1.1e/crypto/perlasm/x86gas.pl 2020-03-19 17:00:15.985621565 +0100
|
||||||
|
@@ -124,6 +124,7 @@ sub ::function_begin_B
|
||||||
|
push(@out,".align\t$align\n");
|
||||||
|
push(@out,"$func:\n");
|
||||||
|
push(@out,"$begin:\n") if ($global);
|
||||||
|
+ &::endbranch();
|
||||||
|
$::stack=4;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -172,6 +173,26 @@ sub ::file_end
|
||||||
|
else { push (@out,"$tmp\n"); }
|
||||||
|
}
|
||||||
|
push(@out,$initseg) if ($initseg);
|
||||||
|
+ if ($::elf) {
|
||||||
|
+ push(@out,"
|
||||||
|
+ .section \".note.gnu.property\", \"a\"
|
||||||
|
+ .p2align 2
|
||||||
|
+ .long 1f - 0f
|
||||||
|
+ .long 4f - 1f
|
||||||
|
+ .long 5
|
||||||
|
+0:
|
||||||
|
+ .asciz \"GNU\"
|
||||||
|
+1:
|
||||||
|
+ .p2align 2
|
||||||
|
+ .long 0xc0000002
|
||||||
|
+ .long 3f - 2f
|
||||||
|
+2:
|
||||||
|
+ .long 3
|
||||||
|
+3:
|
||||||
|
+ .p2align 2
|
||||||
|
+4:
|
||||||
|
+");
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
sub ::data_byte { push(@out,".byte\t".join(',',@_)."\n"); }
|
||||||
|
diff -up openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl
|
||||||
|
--- openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet 2020-03-19 17:00:38.185234015 +0100
|
||||||
|
+++ openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl 2020-03-19 17:05:46.575850341 +0100
|
||||||
|
@@ -2806,6 +2806,7 @@ $code.=<<___;
|
||||||
|
.align 32
|
||||||
|
poly1305_blocks_vpmadd52:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
shr \$4,$len
|
||||||
|
jz .Lno_data_vpmadd52 # too short
|
||||||
|
|
||||||
|
@@ -3739,6 +3740,7 @@ $code.=<<___;
|
||||||
|
.align 32
|
||||||
|
poly1305_emit_base2_44:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
mov 0($ctx),%r8 # load hash value
|
||||||
|
mov 8($ctx),%r9
|
||||||
|
mov 16($ctx),%r10
|
||||||
|
diff -up openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl
|
||||||
|
--- openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet 2020-03-19 17:00:38.190233928 +0100
|
||||||
|
+++ openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl 2020-03-19 17:05:02.598618064 +0100
|
||||||
|
@@ -140,6 +140,7 @@ $code=<<___;
|
||||||
|
.align 16
|
||||||
|
RC4:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
or $len,$len
|
||||||
|
jne .Lentry
|
||||||
|
ret
|
||||||
|
@@ -455,6 +456,7 @@ $code.=<<___;
|
||||||
|
.align 16
|
||||||
|
RC4_set_key:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
lea 8($dat),$dat
|
||||||
|
lea ($inp,$len),$inp
|
||||||
|
neg $len
|
||||||
|
@@ -529,6 +531,7 @@ RC4_set_key:
|
||||||
|
.align 16
|
||||||
|
RC4_options:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
lea .Lopts(%rip),%rax
|
||||||
|
mov OPENSSL_ia32cap_P(%rip),%edx
|
||||||
|
bt \$20,%edx
|
||||||
|
diff -up openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet openssl-1.1.1e/crypto/x86_64cpuid.pl
|
||||||
|
--- openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet 2020-03-17 15:31:17.000000000 +0100
|
||||||
|
+++ openssl-1.1.1e/crypto/x86_64cpuid.pl 2020-03-19 17:03:58.172742775 +0100
|
||||||
|
@@ -40,6 +40,7 @@ print<<___;
|
||||||
|
.align 16
|
||||||
|
OPENSSL_atomic_add:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
movl ($arg1),%eax
|
||||||
|
.Lspin: leaq ($arg2,%rax),%r8
|
||||||
|
.byte 0xf0 # lock
|
||||||
|
@@ -56,6 +57,7 @@ OPENSSL_atomic_add:
|
||||||
|
.align 16
|
||||||
|
OPENSSL_rdtsc:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
rdtsc
|
||||||
|
shl \$32,%rdx
|
||||||
|
or %rdx,%rax
|
||||||
|
@@ -68,6 +70,7 @@ OPENSSL_rdtsc:
|
||||||
|
.align 16
|
||||||
|
OPENSSL_ia32_cpuid:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
mov %rbx,%r8 # save %rbx
|
||||||
|
.cfi_register %rbx,%r8
|
||||||
|
|
||||||
|
@@ -237,6 +240,7 @@ OPENSSL_ia32_cpuid:
|
||||||
|
.align 16
|
||||||
|
OPENSSL_cleanse:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
xor %rax,%rax
|
||||||
|
cmp \$15,$arg2
|
||||||
|
jae .Lot
|
||||||
|
@@ -274,6 +278,7 @@ OPENSSL_cleanse:
|
||||||
|
.align 16
|
||||||
|
CRYPTO_memcmp:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
xor %rax,%rax
|
||||||
|
xor %r10,%r10
|
||||||
|
cmp \$0,$arg3
|
||||||
|
@@ -312,6 +317,7 @@ print<<___ if (!$win64);
|
||||||
|
.align 16
|
||||||
|
OPENSSL_wipe_cpu:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
pxor %xmm0,%xmm0
|
||||||
|
pxor %xmm1,%xmm1
|
||||||
|
pxor %xmm2,%xmm2
|
||||||
|
@@ -346,6 +352,8 @@ print<<___ if ($win64);
|
||||||
|
.type OPENSSL_wipe_cpu,\@abi-omnipotent
|
||||||
|
.align 16
|
||||||
|
OPENSSL_wipe_cpu:
|
||||||
|
+.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
pxor %xmm0,%xmm0
|
||||||
|
pxor %xmm1,%xmm1
|
||||||
|
pxor %xmm2,%xmm2
|
||||||
|
@@ -376,6 +384,7 @@ print<<___;
|
||||||
|
.align 16
|
||||||
|
OPENSSL_instrument_bus:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
mov $arg1,$out # tribute to Win64
|
||||||
|
mov $arg2,$cnt
|
||||||
|
mov $arg2,$max
|
||||||
|
@@ -410,6 +419,7 @@ OPENSSL_instrument_bus:
|
||||||
|
.align 16
|
||||||
|
OPENSSL_instrument_bus2:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
mov $arg1,$out # tribute to Win64
|
||||||
|
mov $arg2,$cnt
|
||||||
|
mov $arg3,$max
|
||||||
|
@@ -465,6 +475,7 @@ print<<___;
|
||||||
|
.align 16
|
||||||
|
OPENSSL_ia32_${rdop}_bytes:
|
||||||
|
.cfi_startproc
|
||||||
|
+ endbranch
|
||||||
|
xor %rax, %rax # return value
|
||||||
|
cmp \$0,$arg2
|
||||||
|
je .Ldone_${rdop}_bytes
|
170
openssl-1.1.1-kdf-selftest.patch
Normal file
170
openssl-1.1.1-kdf-selftest.patch
Normal file
@ -0,0 +1,170 @@
|
|||||||
|
diff -up openssl-1.1.1g/crypto/fips/build.info.kdf-selftest openssl-1.1.1g/crypto/fips/build.info
|
||||||
|
--- openssl-1.1.1g/crypto/fips/build.info.kdf-selftest 2020-06-03 16:08:36.274849058 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/fips/build.info 2020-06-03 16:11:05.609079372 +0200
|
||||||
|
@@ -5,7 +5,7 @@ SOURCE[../../libcrypto]=\
|
||||||
|
fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
|
||||||
|
fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
|
||||||
|
fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
|
||||||
|
- fips_dh_selftest.c fips_ers.c
|
||||||
|
+ fips_dh_selftest.c fips_kdf_selftest.c fips_ers.c
|
||||||
|
|
||||||
|
PROGRAMS_NO_INST=\
|
||||||
|
fips_standalone_hmac
|
||||||
|
diff -up openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c
|
||||||
|
--- openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest 2020-06-03 16:08:36.337849577 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c 2020-06-03 16:08:36.337849577 +0200
|
||||||
|
@@ -0,0 +1,117 @@
|
||||||
|
+/*
|
||||||
|
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
+ * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
+ *
|
||||||
|
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
|
+ * this file except in compliance with the License. You can obtain a copy
|
||||||
|
+ * in the file LICENSE in the source distribution or at
|
||||||
|
+ * https://www.openssl.org/source/license.html
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#include <string.h>
|
||||||
|
+#include <openssl/err.h>
|
||||||
|
+#include <openssl/fips.h>
|
||||||
|
+#include "crypto/fips.h"
|
||||||
|
+
|
||||||
|
+#include <openssl/evp.h>
|
||||||
|
+#include <openssl/kdf.h>
|
||||||
|
+
|
||||||
|
+#ifdef OPENSSL_FIPS
|
||||||
|
+int FIPS_selftest_pbkdf2(void)
|
||||||
|
+{
|
||||||
|
+ int ret = 0;
|
||||||
|
+ EVP_KDF_CTX *kctx;
|
||||||
|
+ unsigned char out[32];
|
||||||
|
+
|
||||||
|
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) {
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) {
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ const unsigned char expected[sizeof(out)] = {
|
||||||
|
+ 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
|
||||||
|
+ 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
|
||||||
|
+ 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
|
||||||
|
+ 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
|
||||||
|
+ };
|
||||||
|
+ if (memcmp(out, expected, sizeof(expected))) {
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ ret = 1;
|
||||||
|
+
|
||||||
|
+err:
|
||||||
|
+ if (!ret)
|
||||||
|
+ FIPSerr(FIPS_F_FIPS_SELFTEST_PBKDF2, FIPS_R_SELFTEST_FAILED);
|
||||||
|
+ EVP_KDF_CTX_free(kctx);
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* Test vector from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
|
||||||
|
+ * 5) appendix A. */
|
||||||
|
+int FIPS_selftest_kbkdf(void)
|
||||||
|
+{
|
||||||
|
+ int ret = 0;
|
||||||
|
+ EVP_KDF_CTX *kctx;
|
||||||
|
+ char *label = "prf", *prf_input = "test";
|
||||||
|
+ static unsigned char input_key[] = {
|
||||||
|
+ 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
|
||||||
|
+ 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
|
||||||
|
+ };
|
||||||
|
+ static unsigned char output[] = {
|
||||||
|
+ 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
|
||||||
|
+ 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
|
||||||
|
+ 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
|
||||||
|
+ 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
|
||||||
|
+ };
|
||||||
|
+ unsigned char result[sizeof(output)] = { 0 };
|
||||||
|
+
|
||||||
|
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_KB)) == NULL) {
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, EVP_KDF_KB_MAC_TYPE_HMAC) <= 0) {
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, input_key, sizeof(input_key)) <= 0) {
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, label, strlen(label)) <= 0) {
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_INFO, prf_input, strlen(prf_input)) <= 0) {
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+ ret = EVP_KDF_derive(kctx, result, sizeof(result)) > 0
|
||||||
|
+ && memcmp(result, output, sizeof(output)) == 0;
|
||||||
|
+err:
|
||||||
|
+
|
||||||
|
+ if (!ret)
|
||||||
|
+ FIPSerr(FIPS_F_FIPS_SELFTEST_KBKDF, FIPS_R_SELFTEST_FAILED);
|
||||||
|
+ EVP_KDF_CTX_free(kctx);
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int FIPS_selftest_kdf(void)
|
||||||
|
+{
|
||||||
|
+ return FIPS_selftest_pbkdf2() && FIPS_selftest_kbkdf();
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#endif
|
||||||
|
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_post.c
|
||||||
|
--- openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest 2020-06-03 16:08:36.332849536 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-06-03 16:08:36.338849585 +0200
|
||||||
|
@@ -111,6 +111,8 @@ int FIPS_selftest(void)
|
||||||
|
rv = 0;
|
||||||
|
if (!FIPS_selftest_ecdh())
|
||||||
|
rv = 0;
|
||||||
|
+ if (!FIPS_selftest_kdf())
|
||||||
|
+ rv = 0;
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff -up openssl-1.1.1g/include/crypto/fips.h.kdf-selftest openssl-1.1.1g/include/crypto/fips.h
|
||||||
|
--- openssl-1.1.1g/include/crypto/fips.h.kdf-selftest 2020-06-03 16:08:36.330849519 +0200
|
||||||
|
+++ openssl-1.1.1g/include/crypto/fips.h 2020-06-03 16:08:36.338849585 +0200
|
||||||
|
@@ -72,6 +72,9 @@ void FIPS_drbg_stick(int onoff);
|
||||||
|
int FIPS_selftest_hmac(void);
|
||||||
|
int FIPS_selftest_drbg(void);
|
||||||
|
int FIPS_selftest_cmac(void);
|
||||||
|
+int FIPS_selftest_kbkdf(void);
|
||||||
|
+int FIPS_selftest_pbkdf2(void);
|
||||||
|
+int FIPS_selftest_kdf(void);
|
||||||
|
|
||||||
|
int fips_in_post(void);
|
||||||
|
|
||||||
|
diff -up openssl-1.1.1g/include/openssl/fips.h.kdf-selftest openssl-1.1.1g/include/openssl/fips.h
|
||||||
|
--- openssl-1.1.1g/include/openssl/fips.h.kdf-selftest 2020-06-03 16:08:36.282849124 +0200
|
||||||
|
+++ openssl-1.1.1g/include/openssl/fips.h 2020-06-03 16:08:36.338849585 +0200
|
||||||
|
@@ -123,6 +123,8 @@ extern "C" {
|
||||||
|
# define FIPS_F_FIPS_SELFTEST_DSA 112
|
||||||
|
# define FIPS_F_FIPS_SELFTEST_ECDSA 133
|
||||||
|
# define FIPS_F_FIPS_SELFTEST_HMAC 113
|
||||||
|
+# define FIPS_F_FIPS_SELFTEST_KBKDF 151
|
||||||
|
+# define FIPS_F_FIPS_SELFTEST_PBKDF2 152
|
||||||
|
# define FIPS_F_FIPS_SELFTEST_SHA1 115
|
||||||
|
# define FIPS_F_FIPS_SELFTEST_SHA2 105
|
||||||
|
# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143
|
3030
openssl-1.1.1-krb5-kdf.patch
Normal file
3030
openssl-1.1.1-krb5-kdf.patch
Normal file
File diff suppressed because it is too large
Load Diff
19
openssl-1.1.1-man-rename.patch
Normal file
19
openssl-1.1.1-man-rename.patch
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
diff -up openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename openssl-1.1.1-pre9/doc/man1/openssl.pod
|
||||||
|
--- openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename 2018-08-21 14:14:13.000000000 +0200
|
||||||
|
+++ openssl-1.1.1-pre9/doc/man1/openssl.pod 2018-08-22 12:13:04.092568064 +0200
|
||||||
|
@@ -482,13 +482,13 @@ L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>
|
||||||
|
L<ec(1)>, L<ecparam(1)>,
|
||||||
|
L<enc(1)>, L<engine(1)>, L<errstr(1)>, L<gendsa(1)>, L<genpkey(1)>,
|
||||||
|
L<genrsa(1)>, L<nseq(1)>, L<ocsp(1)>,
|
||||||
|
-L<passwd(1)>,
|
||||||
|
L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>,
|
||||||
|
L<pkey(1)>, L<pkeyparam(1)>, L<pkeyutl(1)>, L<prime(1)>,
|
||||||
|
-L<rand(1)>, L<rehash(1)>, L<req(1)>, L<rsa(1)>,
|
||||||
|
+L<rehash(1)>, L<req(1)>, L<rsa(1)>,
|
||||||
|
L<rsautl(1)>, L<s_client(1)>,
|
||||||
|
L<s_server(1)>, L<s_time(1)>, L<sess_id(1)>,
|
||||||
|
L<smime(1)>, L<speed(1)>, L<spkac(1)>, L<srp(1)>, L<storeutl(1)>,
|
||||||
|
+L<sslpasswd(1)>, L<sslrand(1)>,
|
||||||
|
L<ts(1)>,
|
||||||
|
L<verify(1)>, L<version(1)>, L<x509(1)>,
|
||||||
|
L<crypto(7)>, L<ssl(7)>, L<x509v3_config(5)>
|
112
openssl-1.1.1-no-brainpool.patch
Normal file
112
openssl-1.1.1-no-brainpool.patch
Normal file
@ -0,0 +1,112 @@
|
|||||||
|
diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in
|
||||||
|
--- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool 2019-09-10 15:13:07.000000000 +0200
|
||||||
|
+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in 2019-09-13 15:11:07.358687169 +0200
|
||||||
|
@@ -147,22 +147,22 @@ our @tests = (
|
||||||
|
{
|
||||||
|
name => "ECDSA with brainpool",
|
||||||
|
server => {
|
||||||
|
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
|
||||||
|
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
|
||||||
|
- "Groups" => "brainpoolP256r1",
|
||||||
|
+ "Certificate" => test_pem("server-ecdsa-cert.pem"),
|
||||||
|
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
|
||||||
|
+# "Groups" => "brainpoolP256r1",
|
||||||
|
},
|
||||||
|
client => {
|
||||||
|
#We don't restrict this to TLSv1.2, although use of brainpool
|
||||||
|
#should force this anyway so that this should succeed
|
||||||
|
"CipherString" => "aECDSA",
|
||||||
|
"RequestCAFile" => test_pem("root-cert.pem"),
|
||||||
|
- "Groups" => "brainpoolP256r1",
|
||||||
|
+# "Groups" => "brainpoolP256r1",
|
||||||
|
},
|
||||||
|
test => {
|
||||||
|
- "ExpectedServerCertType" =>, "brainpoolP256r1",
|
||||||
|
- "ExpectedServerSignType" =>, "EC",
|
||||||
|
+# "ExpectedServerCertType" =>, "brainpoolP256r1",
|
||||||
|
+# "ExpectedServerSignType" =>, "EC",
|
||||||
|
# Note: certificate_authorities not sent for TLS < 1.3
|
||||||
|
- "ExpectedServerCANames" =>, "empty",
|
||||||
|
+# "ExpectedServerCANames" =>, "empty",
|
||||||
|
"ExpectedResult" => "Success"
|
||||||
|
},
|
||||||
|
},
|
||||||
|
@@ -853,18 +853,18 @@ my @tests_tls_1_3 = (
|
||||||
|
{
|
||||||
|
name => "TLS 1.3 ECDSA with brainpool",
|
||||||
|
server => {
|
||||||
|
- "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
|
||||||
|
- "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
|
||||||
|
- "Groups" => "brainpoolP256r1",
|
||||||
|
+ "Certificate" => test_pem("server-ecdsa-cert.pem"),
|
||||||
|
+ "PrivateKey" => test_pem("server-ecdsa-key.pem"),
|
||||||
|
+# "Groups" => "brainpoolP256r1",
|
||||||
|
},
|
||||||
|
client => {
|
||||||
|
"RequestCAFile" => test_pem("root-cert.pem"),
|
||||||
|
- "Groups" => "brainpoolP256r1",
|
||||||
|
+# "Groups" => "brainpoolP256r1",
|
||||||
|
"MinProtocol" => "TLSv1.3",
|
||||||
|
"MaxProtocol" => "TLSv1.3"
|
||||||
|
},
|
||||||
|
test => {
|
||||||
|
- "ExpectedResult" => "ServerFail"
|
||||||
|
+ "ExpectedResult" => "Success"
|
||||||
|
},
|
||||||
|
},
|
||||||
|
);
|
||||||
|
diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf
|
||||||
|
--- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool 2019-09-10 15:13:07.000000000 +0200
|
||||||
|
+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf 2019-09-13 15:12:27.380288469 +0200
|
||||||
|
@@ -238,23 +238,18 @@ server = 5-ECDSA with brainpool-server
|
||||||
|
client = 5-ECDSA with brainpool-client
|
||||||
|
|
||||||
|
[5-ECDSA with brainpool-server]
|
||||||
|
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
|
||||||
|
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
|
||||||
|
CipherString = DEFAULT
|
||||||
|
-Groups = brainpoolP256r1
|
||||||
|
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
|
||||||
|
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
|
||||||
|
|
||||||
|
[5-ECDSA with brainpool-client]
|
||||||
|
CipherString = aECDSA
|
||||||
|
-Groups = brainpoolP256r1
|
||||||
|
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
|
||||||
|
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
|
||||||
|
VerifyMode = Peer
|
||||||
|
|
||||||
|
[test-5]
|
||||||
|
ExpectedResult = Success
|
||||||
|
-ExpectedServerCANames = empty
|
||||||
|
-ExpectedServerCertType = brainpoolP256r1
|
||||||
|
-ExpectedServerSignType = EC
|
||||||
|
|
||||||
|
|
||||||
|
# ===========================================================
|
||||||
|
@@ -1713,14 +1708,12 @@ server = 52-TLS 1.3 ECDSA with brainpool
|
||||||
|
client = 52-TLS 1.3 ECDSA with brainpool-client
|
||||||
|
|
||||||
|
[52-TLS 1.3 ECDSA with brainpool-server]
|
||||||
|
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
|
||||||
|
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
|
||||||
|
CipherString = DEFAULT
|
||||||
|
-Groups = brainpoolP256r1
|
||||||
|
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
|
||||||
|
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
|
||||||
|
|
||||||
|
[52-TLS 1.3 ECDSA with brainpool-client]
|
||||||
|
CipherString = DEFAULT
|
||||||
|
-Groups = brainpoolP256r1
|
||||||
|
MaxProtocol = TLSv1.3
|
||||||
|
MinProtocol = TLSv1.3
|
||||||
|
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
|
||||||
|
@@ -1728,7 +1721,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
|
||||||
|
VerifyMode = Peer
|
||||||
|
|
||||||
|
[test-52]
|
||||||
|
-ExpectedResult = ServerFail
|
||||||
|
+ExpectedResult = Success
|
||||||
|
|
||||||
|
|
||||||
|
# ===========================================================
|
12
openssl-1.1.1-no-html.patch
Normal file
12
openssl-1.1.1-no-html.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html openssl-1.1.1f/Configurations/unix-Makefile.tmpl
|
||||||
|
--- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html 2020-04-07 16:45:21.904083989 +0200
|
||||||
|
+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl 2020-04-07 16:45:56.218461895 +0200
|
||||||
|
@@ -544,7 +544,7 @@ install_sw: install_dev install_engines
|
||||||
|
|
||||||
|
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
|
||||||
|
|
||||||
|
-install_docs: install_man_docs install_html_docs
|
||||||
|
+install_docs: install_man_docs
|
||||||
|
|
||||||
|
uninstall_docs: uninstall_man_docs uninstall_html_docs
|
||||||
|
$(RM) -r "$(DESTDIR)$(DOCDIR)"
|
26
openssl-1.1.1-no-weak-verify.patch
Normal file
26
openssl-1.1.1-no-weak-verify.patch
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c
|
||||||
|
--- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify 2019-02-26 15:15:30.000000000 +0100
|
||||||
|
+++ openssl-1.1.1b/crypto/asn1/a_verify.c 2019-02-28 11:25:31.531862873 +0100
|
||||||
|
@@ -7,6 +7,9 @@
|
||||||
|
* https://www.openssl.org/source/license.html
|
||||||
|
*/
|
||||||
|
|
||||||
|
+/* for secure_getenv */
|
||||||
|
+#define _GNU_SOURCE
|
||||||
|
+
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <time.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
@@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
|
||||||
|
if (ret != 2)
|
||||||
|
goto err;
|
||||||
|
ret = -1;
|
||||||
|
+ } else if ((mdnid == NID_md5
|
||||||
|
+ && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
|
||||||
|
+ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
|
||||||
|
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
|
||||||
|
+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
|
||||||
|
+ goto err;
|
||||||
|
} else {
|
||||||
|
const EVP_MD *type = EVP_get_digestbynid(mdnid);
|
||||||
|
|
170
openssl-1.1.1-rewire-fips-drbg.patch
Normal file
170
openssl-1.1.1-rewire-fips-drbg.patch
Normal file
@ -0,0 +1,170 @@
|
|||||||
|
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_lib.c
|
||||||
|
--- openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/fips/fips_drbg_lib.c 2020-06-22 13:32:47.675852917 +0200
|
||||||
|
@@ -337,6 +337,19 @@ static int drbg_reseed(DRBG_CTX *dctx,
|
||||||
|
int FIPS_drbg_reseed(DRBG_CTX *dctx,
|
||||||
|
const unsigned char *adin, size_t adinlen)
|
||||||
|
{
|
||||||
|
+ int len = (int)adinlen;
|
||||||
|
+
|
||||||
|
+ if (len < 0 || (size_t)len != adinlen) {
|
||||||
|
+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+ RAND_seed(adin, len);
|
||||||
|
+ return 1;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int FIPS_drbg_reseed_internal(DRBG_CTX *dctx,
|
||||||
|
+ const unsigned char *adin, size_t adinlen)
|
||||||
|
+{
|
||||||
|
return drbg_reseed(dctx, adin, adinlen, 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -358,6 +371,19 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, u
|
||||||
|
int prediction_resistance,
|
||||||
|
const unsigned char *adin, size_t adinlen)
|
||||||
|
{
|
||||||
|
+ int len = (int)outlen;
|
||||||
|
+
|
||||||
|
+ if (len < 0 || (size_t)len != outlen) {
|
||||||
|
+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+ return RAND_bytes(out, len);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int FIPS_drbg_generate_internal(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
|
||||||
|
+ int prediction_resistance,
|
||||||
|
+ const unsigned char *adin, size_t adinlen)
|
||||||
|
+{
|
||||||
|
int r = 0;
|
||||||
|
|
||||||
|
if (FIPS_selftest_failed()) {
|
||||||
|
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_rand.c
|
||||||
|
--- openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/fips/fips_drbg_rand.c 2020-06-22 13:32:47.675852917 +0200
|
||||||
|
@@ -57,6 +57,8 @@
|
||||||
|
#include <openssl/err.h>
|
||||||
|
#include <openssl/rand.h>
|
||||||
|
#include <openssl/fips.h>
|
||||||
|
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
|
||||||
|
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
|
||||||
|
#include <openssl/fips_rand.h>
|
||||||
|
#include "fips_rand_lcl.h"
|
||||||
|
|
||||||
|
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c
|
||||||
|
--- openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg 2020-06-22 13:32:47.612852927 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c 2020-06-22 13:32:47.675852917 +0200
|
||||||
|
@@ -55,6 +55,8 @@
|
||||||
|
#include <openssl/crypto.h>
|
||||||
|
#include <openssl/err.h>
|
||||||
|
#include <openssl/fips.h>
|
||||||
|
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
|
||||||
|
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
|
||||||
|
#include <openssl/fips_rand.h>
|
||||||
|
#include "fips_rand_lcl.h"
|
||||||
|
#include "fips_locl.h"
|
||||||
|
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_post.c
|
||||||
|
--- openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-06-22 13:32:47.675852917 +0200
|
||||||
|
@@ -79,8 +79,6 @@ int FIPS_selftest(void)
|
||||||
|
ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
|
||||||
|
rv = 0;
|
||||||
|
}
|
||||||
|
- if (!FIPS_selftest_drbg())
|
||||||
|
- rv = 0;
|
||||||
|
if (!FIPS_selftest_sha1())
|
||||||
|
rv = 0;
|
||||||
|
if (!FIPS_selftest_sha2())
|
||||||
|
diff -up openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_rand_lib.c
|
||||||
|
--- openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.613852927 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/fips/fips_rand_lib.c 2020-06-22 13:36:28.722817967 +0200
|
||||||
|
@@ -120,6 +120,7 @@ void FIPS_rand_reset(void)
|
||||||
|
|
||||||
|
int FIPS_rand_seed(const void *buf, int num)
|
||||||
|
{
|
||||||
|
+#if 0
|
||||||
|
if (!fips_approved_rand_meth && FIPS_module_mode()) {
|
||||||
|
FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
|
||||||
|
return 0;
|
||||||
|
@@ -127,10 +128,15 @@ int FIPS_rand_seed(const void *buf, int
|
||||||
|
if (fips_rand_meth && fips_rand_meth->seed)
|
||||||
|
fips_rand_meth->seed(buf, num);
|
||||||
|
return 1;
|
||||||
|
+#else
|
||||||
|
+ RAND_seed(buf, num);
|
||||||
|
+ return 1;
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
int FIPS_rand_bytes(unsigned char *buf, int num)
|
||||||
|
{
|
||||||
|
+#if 0
|
||||||
|
if (!fips_approved_rand_meth && FIPS_module_mode()) {
|
||||||
|
FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
|
||||||
|
return 0;
|
||||||
|
@@ -138,10 +144,14 @@ int FIPS_rand_bytes(unsigned char *buf,
|
||||||
|
if (fips_rand_meth && fips_rand_meth->bytes)
|
||||||
|
return fips_rand_meth->bytes(buf, num);
|
||||||
|
return 0;
|
||||||
|
+#else
|
||||||
|
+ return RAND_bytes(buf, num);
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
int FIPS_rand_status(void)
|
||||||
|
{
|
||||||
|
+#if 0
|
||||||
|
if (!fips_approved_rand_meth && FIPS_module_mode()) {
|
||||||
|
FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
|
||||||
|
return 0;
|
||||||
|
@@ -149,6 +159,9 @@ int FIPS_rand_status(void)
|
||||||
|
if (fips_rand_meth && fips_rand_meth->status)
|
||||||
|
return fips_rand_meth->status();
|
||||||
|
return 0;
|
||||||
|
+#else
|
||||||
|
+ return RAND_status();
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Return instantiated strength of PRNG. For DRBG this is an internal
|
||||||
|
diff -up openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips.h
|
||||||
|
--- openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200
|
||||||
|
+++ openssl-1.1.1g/include/openssl/fips.h 2020-06-22 13:32:47.675852917 +0200
|
||||||
|
@@ -64,6 +64,11 @@ extern "C" {
|
||||||
|
|
||||||
|
int FIPS_selftest(void);
|
||||||
|
int FIPS_selftest_failed(void);
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * This function is deprecated as it performs selftest of the old FIPS drbg
|
||||||
|
+ * implementation that is not validated.
|
||||||
|
+ */
|
||||||
|
int FIPS_selftest_drbg_all(void);
|
||||||
|
|
||||||
|
int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
|
||||||
|
diff -up openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips_rand.h
|
||||||
|
--- openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg 2020-06-22 13:32:47.617852926 +0200
|
||||||
|
+++ openssl-1.1.1g/include/openssl/fips_rand.h 2020-06-22 13:32:47.675852917 +0200
|
||||||
|
@@ -60,6 +60,20 @@
|
||||||
|
# ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
# endif
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * IMPORTANT NOTE:
|
||||||
|
+ * All functions in this header file are deprecated and should not be used
|
||||||
|
+ * as they use the old FIPS_drbg implementation that is not FIPS validated
|
||||||
|
+ * anymore.
|
||||||
|
+ * To provide backwards compatibility for applications that need FIPS compliant
|
||||||
|
+ * RNG number generation and use FIPS_drbg_generate, this function was
|
||||||
|
+ * re-wired to call the FIPS validated DRBG instance instead through
|
||||||
|
+ * the RAND_bytes() call.
|
||||||
|
+ *
|
||||||
|
+ * All these functions will be removed in future.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
typedef struct drbg_ctx_st DRBG_CTX;
|
||||||
|
/* DRBG external flags */
|
||||||
|
/* Flag for CTR mode only: use derivation function ctr_df */
|
2306
openssl-1.1.1-s390x-ecc.patch
Normal file
2306
openssl-1.1.1-s390x-ecc.patch
Normal file
File diff suppressed because it is too large
Load Diff
5502
openssl-1.1.1-s390x-update.patch
Normal file
5502
openssl-1.1.1-s390x-update.patch
Normal file
File diff suppressed because it is too large
Load Diff
160
openssl-1.1.1-seclevel.patch
Normal file
160
openssl-1.1.1-seclevel.patch
Normal file
@ -0,0 +1,160 @@
|
|||||||
|
diff -up openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1g/crypto/x509/x509_vfy.c
|
||||||
|
--- openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel 2020-04-21 14:22:39.000000000 +0200
|
||||||
|
+++ openssl-1.1.1g/crypto/x509/x509_vfy.c 2020-06-05 17:16:54.835536823 +0200
|
||||||
|
@@ -3225,6 +3225,7 @@ static int build_chain(X509_STORE_CTX *c
|
||||||
|
}
|
||||||
|
|
||||||
|
static const int minbits_table[] = { 80, 112, 128, 192, 256 };
|
||||||
|
+static const int minbits_digest_table[] = { 80, 80, 128, 192, 256 };
|
||||||
|
static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table);
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -3276,6 +3277,11 @@ static int check_sig_level(X509_STORE_CT
|
||||||
|
|
||||||
|
if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
|
||||||
|
return 0;
|
||||||
|
-
|
||||||
|
- return secbits >= minbits_table[level - 1];
|
||||||
|
+ /*
|
||||||
|
+ * Allow SHA1 in SECLEVEL 2 in non-FIPS mode or when the magic
|
||||||
|
+ * disable SHA1 flag is not set.
|
||||||
|
+ */
|
||||||
|
+ if ((ctx->param->flags & 0x40000000) || FIPS_mode())
|
||||||
|
+ return secbits >= minbits_table[level - 1];
|
||||||
|
+ return secbits >= minbits_digest_table[level - 1];
|
||||||
|
}
|
||||||
|
diff -up openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod
|
||||||
|
--- openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel 2020-04-21 14:22:39.000000000 +0200
|
||||||
|
+++ openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod 2020-06-04 15:48:01.608178833 +0200
|
||||||
|
@@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited
|
||||||
|
|
||||||
|
=item B<Level 2>
|
||||||
|
|
||||||
|
-Security level set to 112 bits of security. As a result RSA, DSA and DH keys
|
||||||
|
-shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited.
|
||||||
|
+Security level set to 112 bits of security with the exception of SHA1 allowed
|
||||||
|
+for signatures.
|
||||||
|
+As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys
|
||||||
|
+shorter than 224 bits are prohibited.
|
||||||
|
In addition to the level 1 exclusions any cipher suite using RC4 is also
|
||||||
|
prohibited. SSL version 3 is also not allowed. Compression is disabled.
|
||||||
|
|
||||||
|
diff -up openssl-1.1.1g/ssl/ssl_cert.c.seclevel openssl-1.1.1g/ssl/ssl_cert.c
|
||||||
|
--- openssl-1.1.1g/ssl/ssl_cert.c.seclevel 2020-04-21 14:22:39.000000000 +0200
|
||||||
|
+++ openssl-1.1.1g/ssl/ssl_cert.c 2020-06-05 17:10:11.842198401 +0200
|
||||||
|
@@ -27,6 +27,7 @@
|
||||||
|
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
|
||||||
|
int op, int bits, int nid, void *other,
|
||||||
|
void *ex);
|
||||||
|
+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx);
|
||||||
|
|
||||||
|
static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
|
||||||
|
static volatile int ssl_x509_store_ctx_idx = -1;
|
||||||
|
@@ -396,7 +397,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_
|
||||||
|
X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s));
|
||||||
|
|
||||||
|
/* Set suite B flags if needed */
|
||||||
|
- X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
|
||||||
|
+ X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s) | sha1_disable(s, NULL));
|
||||||
|
if (!X509_STORE_CTX_set_ex_data
|
||||||
|
(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
|
||||||
|
goto end;
|
||||||
|
@@ -953,12 +954,33 @@ static int ssl_security_default_callback
|
||||||
|
return 0;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
+ /* allow SHA1 in SECLEVEL 2 in non FIPS mode */
|
||||||
|
+ if (nid == NID_sha1 && minbits == 112 && !sha1_disable(s, ctx))
|
||||||
|
+ break;
|
||||||
|
if (bits < minbits)
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx)
|
||||||
|
+{
|
||||||
|
+ unsigned long ret = 0x40000000; /* a magical internal value used by X509_VERIFY_PARAM */
|
||||||
|
+ const CERT *c;
|
||||||
|
+
|
||||||
|
+ if (FIPS_mode())
|
||||||
|
+ return ret;
|
||||||
|
+
|
||||||
|
+ if (ctx != NULL) {
|
||||||
|
+ c = ctx->cert;
|
||||||
|
+ } else {
|
||||||
|
+ c = s->cert;
|
||||||
|
+ }
|
||||||
|
+ if (tls1_cert_sigalgs_have_sha1(c))
|
||||||
|
+ return 0;
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int ssl_security(const SSL *s, int op, int bits, int nid, void *other)
|
||||||
|
{
|
||||||
|
return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex);
|
||||||
|
diff -up openssl-1.1.1g/ssl/ssl_local.h.seclevel openssl-1.1.1g/ssl/ssl_local.h
|
||||||
|
--- openssl-1.1.1g/ssl/ssl_local.h.seclevel 2020-06-04 15:48:01.602178783 +0200
|
||||||
|
+++ openssl-1.1.1g/ssl/ssl_local.h 2020-06-05 17:02:22.666313410 +0200
|
||||||
|
@@ -2576,6 +2576,7 @@ __owur int tls1_save_sigalgs(SSL *s, PAC
|
||||||
|
__owur int tls1_process_sigalgs(SSL *s);
|
||||||
|
__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
|
||||||
|
__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
|
||||||
|
+int tls1_cert_sigalgs_have_sha1(const CERT *c);
|
||||||
|
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
|
||||||
|
# ifndef OPENSSL_NO_EC
|
||||||
|
__owur int tls_check_sigalg_curve(const SSL *s, int curve);
|
||||||
|
diff -up openssl-1.1.1g/ssl/t1_lib.c.seclevel openssl-1.1.1g/ssl/t1_lib.c
|
||||||
|
--- openssl-1.1.1g/ssl/t1_lib.c.seclevel 2020-06-04 15:48:01.654179221 +0200
|
||||||
|
+++ openssl-1.1.1g/ssl/t1_lib.c 2020-06-05 17:02:40.268459157 +0200
|
||||||
|
@@ -2145,6 +2145,36 @@ int tls1_set_sigalgs(CERT *c, const int
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static int tls1_sigalgs_have_sha1(const uint16_t *sigalgs, size_t sigalgslen)
|
||||||
|
+{
|
||||||
|
+ size_t i;
|
||||||
|
+
|
||||||
|
+ for (i = 0; i < sigalgslen; i++, sigalgs++) {
|
||||||
|
+ const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs);
|
||||||
|
+
|
||||||
|
+ if (lu == NULL)
|
||||||
|
+ continue;
|
||||||
|
+ if (lu->hash == NID_sha1)
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+int tls1_cert_sigalgs_have_sha1(const CERT *c)
|
||||||
|
+{
|
||||||
|
+ if (c->client_sigalgs != NULL) {
|
||||||
|
+ if (tls1_sigalgs_have_sha1(c->client_sigalgs, c->client_sigalgslen))
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+ if (c->conf_sigalgs != NULL) {
|
||||||
|
+ if (tls1_sigalgs_have_sha1(c->conf_sigalgs, c->conf_sigalgslen))
|
||||||
|
+ return 1;
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+ return 1;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid)
|
||||||
|
{
|
||||||
|
int sig_nid, use_pc_sigalgs = 0;
|
||||||
|
diff -up openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel openssl-1.1.1g/test/recipes/25-test_verify.t
|
||||||
|
--- openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel 2020-04-21 14:22:39.000000000 +0200
|
||||||
|
+++ openssl-1.1.1g/test/recipes/25-test_verify.t 2020-06-04 15:48:01.608178833 +0200
|
||||||
|
@@ -346,8 +346,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver
|
||||||
|
ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
|
||||||
|
"CA with PSS signature using SHA256");
|
||||||
|
|
||||||
|
-ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
|
||||||
|
- "Reject PSS signature using SHA1 and auth level 2");
|
||||||
|
+ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"),
|
||||||
|
+ "Reject PSS signature using SHA1 and auth level 3");
|
||||||
|
|
||||||
|
ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
|
||||||
|
"PSS signature using SHA256 and auth level 2");
|
5612
openssl-1.1.1-ssh-kdf.patch
Normal file
5612
openssl-1.1.1-ssh-kdf.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,25 +1,7 @@
|
|||||||
From 736d709ec194b3a763e004696df22792c62a11fc Mon Sep 17 00:00:00 2001
|
diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.1c/Configurations/unix-Makefile.tmpl
|
||||||
From: Tomas Mraz <tmraz@fedoraproject.org>
|
--- openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist 2019-05-29 15:42:27.951329271 +0200
|
||||||
Date: Thu, 24 Sep 2020 10:16:46 +0200
|
+++ openssl-1.1.1c/Configurations/unix-Makefile.tmpl 2019-05-29 15:42:27.974328867 +0200
|
||||||
Subject: Add support for PROFILE=SYSTEM system default cipherlist
|
@@ -180,6 +180,10 @@ MANDIR=$(INSTALLTOP)/share/man
|
||||||
|
|
||||||
(was openssl-1.1.1-system-cipherlist.patch)
|
|
||||||
---
|
|
||||||
Configurations/unix-Makefile.tmpl | 5 ++
|
|
||||||
Configure | 10 +++-
|
|
||||||
doc/man1/openssl-ciphers.pod.in | 9 ++++
|
|
||||||
include/openssl/ssl.h.in | 5 ++
|
|
||||||
ssl/ssl_ciph.c | 88 +++++++++++++++++++++++++++----
|
|
||||||
ssl/ssl_lib.c | 4 +-
|
|
||||||
test/cipherlist_test.c | 2 +
|
|
||||||
util/libcrypto.num | 1 +
|
|
||||||
8 files changed, 110 insertions(+), 14 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
|
|
||||||
index 9f369edf0e..c52389f831 100644
|
|
||||||
--- a/Configurations/unix-Makefile.tmpl
|
|
||||||
+++ b/Configurations/unix-Makefile.tmpl
|
|
||||||
@@ -269,6 +269,10 @@ MANDIR=$(INSTALLTOP)/share/man
|
|
||||||
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
|
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
|
||||||
HTMLDIR=$(DOCDIR)/html
|
HTMLDIR=$(DOCDIR)/html
|
||||||
|
|
||||||
@ -30,7 +12,7 @@ index 9f369edf0e..c52389f831 100644
|
|||||||
# MANSUFFIX is for the benefit of anyone who may want to have a suffix
|
# MANSUFFIX is for the benefit of anyone who may want to have a suffix
|
||||||
# appended after the manpage file section number. "ssl" is popular,
|
# appended after the manpage file section number. "ssl" is popular,
|
||||||
# resulting in files such as config.5ssl rather than config.5.
|
# resulting in files such as config.5ssl rather than config.5.
|
||||||
@@ -292,6 +296,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
|
@@ -203,6 +207,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
|
||||||
CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
|
CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
|
||||||
CPPFLAGS={- our $cppflags1 = join(" ",
|
CPPFLAGS={- our $cppflags1 = join(" ",
|
||||||
(map { "-D".$_} @{$config{CPPDEFINES}}),
|
(map { "-D".$_} @{$config{CPPDEFINES}}),
|
||||||
@ -38,11 +20,60 @@ index 9f369edf0e..c52389f831 100644
|
|||||||
(map { "-I".$_} @{$config{CPPINCLUDES}}),
|
(map { "-I".$_} @{$config{CPPINCLUDES}}),
|
||||||
@{$config{CPPFLAGS}}) -}
|
@{$config{CPPFLAGS}}) -}
|
||||||
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
|
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
|
||||||
diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
|
diff -up openssl-1.1.1c/Configure.system-cipherlist openssl-1.1.1c/Configure
|
||||||
index b4ed3e51d5..2122e6bdfd 100644
|
--- openssl-1.1.1c/Configure.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||||
--- a/doc/man1/openssl-ciphers.pod.in
|
+++ openssl-1.1.1c/Configure 2019-05-29 15:45:10.465469533 +0200
|
||||||
+++ b/doc/man1/openssl-ciphers.pod.in
|
@@ -24,7 +24,7 @@ use OpenSSL::Glob;
|
||||||
@@ -187,6 +187,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default.
|
my $orig_death_handler = $SIG{__DIE__};
|
||||||
|
$SIG{__DIE__} = \&death_handler;
|
||||||
|
|
||||||
|
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||||
|
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
||||||
|
|
||||||
|
# Options:
|
||||||
|
#
|
||||||
|
@@ -41,6 +41,9 @@ my $usage="Usage: Configure [no-<cipher>
|
||||||
|
# This becomes the value of OPENSSLDIR in Makefile and in C.
|
||||||
|
# (Default: PREFIX/ssl)
|
||||||
|
#
|
||||||
|
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
|
||||||
|
+# cipher is specified (default).
|
||||||
|
+#
|
||||||
|
# --cross-compile-prefix Add specified prefix to binutils components.
|
||||||
|
#
|
||||||
|
# --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for
|
||||||
|
@@ -295,6 +298,7 @@ $config{prefix}="";
|
||||||
|
$config{openssldir}="";
|
||||||
|
$config{processor}="";
|
||||||
|
$config{libdir}="";
|
||||||
|
+$config{system_ciphers_file}="";
|
||||||
|
my $auto_threads=1; # enable threads automatically? true by default
|
||||||
|
my $default_ranlib;
|
||||||
|
|
||||||
|
@@ -824,6 +828,10 @@ while (@argvcopy)
|
||||||
|
push @seed_sources, $x;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+ elsif (/^--system-ciphers-file=(.*)$/)
|
||||||
|
+ {
|
||||||
|
+ $config{system_ciphers_file}=$1;
|
||||||
|
+ }
|
||||||
|
elsif (/^--cross-compile-prefix=(.*)$/)
|
||||||
|
{
|
||||||
|
$user{CROSS_COMPILE}=$1;
|
||||||
|
@@ -1016,6 +1024,8 @@ if ($target eq "HASH") {
|
||||||
|
exit 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+chop $config{system_ciphers_file} if $config{system_ciphers_file} =~ /\/$/;
|
||||||
|
+
|
||||||
|
print "Configuring OpenSSL version $config{version} ($config{version_num}) ";
|
||||||
|
print "for $target\n";
|
||||||
|
|
||||||
|
diff -up openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1c/doc/man1/ciphers.pod
|
||||||
|
--- openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||||
|
+++ openssl-1.1.1c/doc/man1/ciphers.pod 2019-05-29 15:42:27.975328849 +0200
|
||||||
|
@@ -182,6 +182,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
|
||||||
|
|
||||||
The cipher suites not enabled by B<ALL>, currently B<eNULL>.
|
The cipher suites not enabled by B<ALL>, currently B<eNULL>.
|
||||||
|
|
||||||
@ -58,27 +89,34 @@ index b4ed3e51d5..2122e6bdfd 100644
|
|||||||
=item B<HIGH>
|
=item B<HIGH>
|
||||||
|
|
||||||
"High" encryption cipher suites. This currently means those with key lengths
|
"High" encryption cipher suites. This currently means those with key lengths
|
||||||
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
|
diff -up openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist openssl-1.1.1c/include/openssl/ssl.h
|
||||||
index f9a61609e4..c6f95fed3f 100644
|
--- openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||||
--- a/include/openssl/ssl.h.in
|
+++ openssl-1.1.1c/include/openssl/ssl.h 2019-05-29 15:42:27.975328849 +0200
|
||||||
+++ b/include/openssl/ssl.h.in
|
@@ -186,6 +186,11 @@ extern "C" {
|
||||||
@@ -209,6 +209,11 @@ extern "C" {
|
|
||||||
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
|
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
|
||||||
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
|
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
|
||||||
*/
|
*/
|
||||||
+# ifdef SYSTEM_CIPHERS_FILE
|
+# ifdef SYSTEM_CIPHERS_FILE
|
||||||
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
|
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
|
||||||
+# else
|
+# else
|
||||||
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST OSSL_default_cipher_list()
|
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST
|
||||||
+# endif
|
+# endif
|
||||||
|
|
||||||
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
|
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
|
||||||
# define SSL_SENT_SHUTDOWN 1
|
# define SSL_SENT_SHUTDOWN 1
|
||||||
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
|
diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ciph.c
|
||||||
index b1d3f7919e..f7cc7fed48 100644
|
--- openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||||
--- a/ssl/ssl_ciph.c
|
+++ openssl-1.1.1c/ssl/ssl_ciph.c 2019-05-29 15:42:27.976328831 +0200
|
||||||
+++ b/ssl/ssl_ciph.c
|
@@ -9,6 +9,8 @@
|
||||||
@@ -1411,6 +1411,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
|
* https://www.openssl.org/source/license.html
|
||||||
|
*/
|
||||||
|
|
||||||
|
+/* for secure_getenv */
|
||||||
|
+#define _GNU_SOURCE
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <ctype.h>
|
||||||
|
#include <openssl/objects.h>
|
||||||
|
@@ -1399,6 +1401,53 @@ int SSL_set_ciphersuites(SSL *s, const c
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -91,7 +129,7 @@ index b1d3f7919e..f7cc7fed48 100644
|
|||||||
+ const char *ciphers_path;
|
+ const char *ciphers_path;
|
||||||
+ unsigned len, slen;
|
+ unsigned len, slen;
|
||||||
+
|
+
|
||||||
+ if ((ciphers_path = ossl_safe_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
|
+ if ((ciphers_path = secure_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
|
||||||
+ ciphers_path = SYSTEM_CIPHERS_FILE;
|
+ ciphers_path = SYSTEM_CIPHERS_FILE;
|
||||||
+ fp = fopen(ciphers_path, "r");
|
+ fp = fopen(ciphers_path, "r");
|
||||||
+ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) {
|
+ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) {
|
||||||
@ -129,13 +167,13 @@ index b1d3f7919e..f7cc7fed48 100644
|
|||||||
+}
|
+}
|
||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
|
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||||
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
|
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
|
||||||
STACK_OF(SSL_CIPHER) **cipher_list,
|
STACK_OF(SSL_CIPHER) **cipher_list,
|
||||||
@@ -1425,15 +1472,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
|
@@ -1412,15 +1461,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||||
|
const char *rule_p;
|
||||||
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
|
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
|
||||||
const SSL_CIPHER **ca_list = NULL;
|
const SSL_CIPHER **ca_list = NULL;
|
||||||
const SSL_METHOD *ssl_method = ctx->method;
|
|
||||||
+#ifdef SYSTEM_CIPHERS_FILE
|
+#ifdef SYSTEM_CIPHERS_FILE
|
||||||
+ char *new_rules = NULL;
|
+ char *new_rules = NULL;
|
||||||
+
|
+
|
||||||
@ -153,23 +191,23 @@ index b1d3f7919e..f7cc7fed48 100644
|
|||||||
if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
|
if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
|
||||||
- return NULL;
|
- return NULL;
|
||||||
+ goto err;
|
+ goto err;
|
||||||
|
#ifndef OPENSSL_NO_EC
|
||||||
if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
|
if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
|
||||||
- return NULL;
|
- return NULL;
|
||||||
+ goto err;
|
+ goto err;
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* To reduce the work to do we only want to process the compiled
|
@@ -1443,7 +1502,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||||
@@ -1456,7 +1513,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
|
|
||||||
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
|
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
|
||||||
if (co_list == NULL) {
|
if (co_list == NULL) {
|
||||||
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
|
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
|
||||||
- return NULL; /* Failure */
|
- return NULL; /* Failure */
|
||||||
+ goto err;
|
+ goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
|
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
|
||||||
@@ -1522,8 +1579,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
|
@@ -1509,8 +1568,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||||
* in force within each class
|
* in force within each class
|
||||||
*/
|
*/
|
||||||
if (!ssl_cipher_strength_sort(&head, &tail)) {
|
if (!ssl_cipher_strength_sort(&head, &tail)) {
|
||||||
@ -179,18 +217,18 @@ index b1d3f7919e..f7cc7fed48 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -1568,9 +1624,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
|
@@ -1555,9 +1613,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||||
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
|
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
|
||||||
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
|
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
|
||||||
if (ca_list == NULL) {
|
if (ca_list == NULL) {
|
||||||
- OPENSSL_free(co_list);
|
- OPENSSL_free(co_list);
|
||||||
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
|
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
|
||||||
- return NULL; /* Failure */
|
- return NULL; /* Failure */
|
||||||
+ goto err;
|
+ goto err;
|
||||||
}
|
}
|
||||||
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
|
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
|
||||||
disabled_mkey, disabled_auth, disabled_enc,
|
disabled_mkey, disabled_auth, disabled_enc,
|
||||||
@@ -1596,8 +1651,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
|
@@ -1583,8 +1640,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||||
OPENSSL_free(ca_list); /* Not needed anymore */
|
OPENSSL_free(ca_list); /* Not needed anymore */
|
||||||
|
|
||||||
if (!ok) { /* Rule processing failure */
|
if (!ok) { /* Rule processing failure */
|
||||||
@ -200,7 +238,7 @@ index b1d3f7919e..f7cc7fed48 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -1605,10 +1659,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
|
@@ -1592,14 +1648,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||||
* if we cannot get one.
|
* if we cannot get one.
|
||||||
*/
|
*/
|
||||||
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
|
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
|
||||||
@ -215,8 +253,13 @@ index b1d3f7919e..f7cc7fed48 100644
|
|||||||
+
|
+
|
||||||
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
|
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
|
||||||
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
|
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
|
||||||
const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
|
if (!sk_SSL_CIPHER_push(cipherstack,
|
||||||
@@ -1656,6 +1714,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
|
sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
|
||||||
|
+ OPENSSL_free(co_list);
|
||||||
|
sk_SSL_CIPHER_free(cipherstack);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
||||||
*cipher_list = cipherstack;
|
*cipher_list = cipherstack;
|
||||||
|
|
||||||
return cipherstack;
|
return cipherstack;
|
||||||
@ -231,33 +274,31 @@ index b1d3f7919e..f7cc7fed48 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
||||||
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
|
diff -up openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1c/ssl/ssl_lib.c
|
||||||
index d14d5819ba..48d491219a 100644
|
--- openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist 2019-05-29 15:42:27.970328937 +0200
|
||||||
--- a/ssl/ssl_lib.c
|
+++ openssl-1.1.1c/ssl/ssl_lib.c 2019-05-29 15:42:27.977328814 +0200
|
||||||
+++ b/ssl/ssl_lib.c
|
@@ -662,7 +662,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
|
||||||
@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
|
|
||||||
ctx->tls13_ciphersuites,
|
ctx->tls13_ciphersuites,
|
||||||
&(ctx->cipher_list),
|
&(ctx->cipher_list),
|
||||||
&(ctx->cipher_list_by_id),
|
&(ctx->cipher_list_by_id),
|
||||||
- OSSL_default_cipher_list(), ctx->cert);
|
- SSL_DEFAULT_CIPHER_LIST, ctx->cert);
|
||||||
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert);
|
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert);
|
||||||
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
|
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
|
||||||
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
|
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
|
||||||
return 0;
|
return 0;
|
||||||
@@ -3193,7 +3193,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
|
@@ -2954,7 +2954,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
|
||||||
if (!ssl_create_cipher_list(ret,
|
if (!ssl_create_cipher_list(ret->method,
|
||||||
ret->tls13_ciphersuites,
|
ret->tls13_ciphersuites,
|
||||||
&ret->cipher_list, &ret->cipher_list_by_id,
|
&ret->cipher_list, &ret->cipher_list_by_id,
|
||||||
- OSSL_default_cipher_list(), ret->cert)
|
- SSL_DEFAULT_CIPHER_LIST, ret->cert)
|
||||||
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert)
|
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert)
|
||||||
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
|
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
|
||||||
ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
|
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
|
||||||
goto err2;
|
goto err2;
|
||||||
diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
|
diff -up openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist openssl-1.1.1c/test/cipherlist_test.c
|
||||||
index 380f0727fc..6922a87c30 100644
|
--- openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist 2019-05-28 15:12:21.000000000 +0200
|
||||||
--- a/test/cipherlist_test.c
|
+++ openssl-1.1.1c/test/cipherlist_test.c 2019-05-29 15:42:27.977328814 +0200
|
||||||
+++ b/test/cipherlist_test.c
|
@@ -251,7 +251,9 @@ end:
|
||||||
@@ -244,7 +244,9 @@ end:
|
|
||||||
|
|
||||||
int setup_tests(void)
|
int setup_tests(void)
|
||||||
{
|
{
|
||||||
@ -267,57 +308,3 @@ index 380f0727fc..6922a87c30 100644
|
|||||||
ADD_TEST(test_default_cipherlist_explicit);
|
ADD_TEST(test_default_cipherlist_explicit);
|
||||||
ADD_TEST(test_default_cipherlist_clear);
|
ADD_TEST(test_default_cipherlist_clear);
|
||||||
return 1;
|
return 1;
|
||||||
diff --git a/util/libcrypto.num b/util/libcrypto.num
|
|
||||||
index 404a706fab..e81fa9ec3e 100644
|
|
||||||
--- a/util/libcrypto.num
|
|
||||||
+++ b/util/libcrypto.num
|
|
||||||
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION:
|
|
||||||
OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
|
|
||||||
OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
|
|
||||||
OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP
|
|
||||||
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
||||||
diff -up openssl-3.0.0-beta1/Configure.sys-default openssl-3.0.0-beta1/Configure
|
|
||||||
--- openssl-3.0.0-beta1/Configure.sys-default 2021-06-29 11:47:58.978144386 +0200
|
|
||||||
+++ openssl-3.0.0-beta1/Configure 2021-06-29 11:52:01.631126260 +0200
|
|
||||||
@@ -27,7 +27,7 @@ use OpenSSL::config;
|
|
||||||
my $orig_death_handler = $SIG{__DIE__};
|
|
||||||
$SIG{__DIE__} = \&death_handler;
|
|
||||||
|
|
||||||
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
|
||||||
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
|
|
||||||
|
|
||||||
my $banner = <<"EOF";
|
|
||||||
|
|
||||||
@@ -61,6 +61,10 @@ EOF
|
|
||||||
# given with --prefix.
|
|
||||||
# This becomes the value of OPENSSLDIR in Makefile and in C.
|
|
||||||
# (Default: PREFIX/ssl)
|
|
||||||
+#
|
|
||||||
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
|
|
||||||
+# cipher is specified (default).
|
|
||||||
+#
|
|
||||||
# --banner=".." Output specified text instead of default completion banner
|
|
||||||
#
|
|
||||||
# -w Don't wait after showing a Configure warning
|
|
||||||
@@ -385,6 +389,7 @@ $config{prefix}="";
|
|
||||||
$config{openssldir}="";
|
|
||||||
$config{processor}="";
|
|
||||||
$config{libdir}="";
|
|
||||||
+$config{system_ciphers_file}="";
|
|
||||||
my $auto_threads=1; # enable threads automatically? true by default
|
|
||||||
my $default_ranlib;
|
|
||||||
|
|
||||||
@@ -987,6 +992,10 @@ while (@argvcopy)
|
|
||||||
die "FIPS key too long (64 bytes max)\n"
|
|
||||||
if length $1 > 64;
|
|
||||||
}
|
|
||||||
+ elsif (/^--system-ciphers-file=(.*)$/)
|
|
||||||
+ {
|
|
||||||
+ $config{system_ciphers_file}=$1;
|
|
||||||
+ }
|
|
||||||
elsif (/^--banner=(.*)$/)
|
|
||||||
{
|
|
||||||
$banner = $1 . "\n";
|
|
70
openssl-1.1.1-ts-sha256-default.patch
Normal file
70
openssl-1.1.1-ts-sha256-default.patch
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
diff -up openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default openssl-1.1.1h/apps/openssl.cnf
|
||||||
|
--- openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default 2020-11-06 11:07:28.850100899 +0100
|
||||||
|
+++ openssl-1.1.1h/apps/openssl.cnf 2020-11-06 11:11:28.042913791 +0100
|
||||||
|
@@ -364,5 +348,5 @@ tsa_name = yes # Must the TSA name be i
|
||||||
|
# (optional, default: no)
|
||||||
|
ess_cert_id_chain = no # Must the ESS cert id chain be included?
|
||||||
|
# (optional, default: no)
|
||||||
|
-ess_cert_id_alg = sha1 # algorithm to compute certificate
|
||||||
|
+ess_cert_id_alg = sha256 # algorithm to compute certificate
|
||||||
|
# identifier (optional, default: sha1)
|
||||||
|
diff -up openssl-1.1.1h/apps/ts.c.ts-sha256-default openssl-1.1.1h/apps/ts.c
|
||||||
|
--- openssl-1.1.1h/apps/ts.c.ts-sha256-default 2020-09-22 14:55:07.000000000 +0200
|
||||||
|
+++ openssl-1.1.1h/apps/ts.c 2020-11-06 11:07:28.883101220 +0100
|
||||||
|
@@ -423,7 +423,7 @@ static TS_REQ *create_query(BIO *data_bi
|
||||||
|
ASN1_OBJECT *policy_obj = NULL;
|
||||||
|
ASN1_INTEGER *nonce_asn1 = NULL;
|
||||||
|
|
||||||
|
- if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
|
||||||
|
+ if (md == NULL && (md = EVP_get_digestbyname("sha256")) == NULL)
|
||||||
|
goto err;
|
||||||
|
if ((ts_req = TS_REQ_new()) == NULL)
|
||||||
|
goto err;
|
||||||
|
diff -up openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default openssl-1.1.1h/crypto/ts/ts_conf.c
|
||||||
|
--- openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default 2020-11-06 12:03:51.226372867 +0100
|
||||||
|
+++ openssl-1.1.1h/crypto/ts/ts_conf.c 2020-11-06 12:04:01.713488990 +0100
|
||||||
|
@@ -476,7 +476,7 @@ int TS_CONF_set_ess_cert_id_digest(CONF
|
||||||
|
const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG);
|
||||||
|
|
||||||
|
if (md == NULL)
|
||||||
|
- md = "sha1";
|
||||||
|
+ md = "sha256";
|
||||||
|
|
||||||
|
cert_md = EVP_get_digestbyname(md);
|
||||||
|
if (cert_md == NULL) {
|
||||||
|
diff -up openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default openssl-1.1.1h/doc/man1/ts.pod
|
||||||
|
--- openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default 2020-09-22 14:55:07.000000000 +0200
|
||||||
|
+++ openssl-1.1.1h/doc/man1/ts.pod 2020-11-06 11:07:28.883101220 +0100
|
||||||
|
@@ -518,7 +518,7 @@ included. Default is no. (Optional)
|
||||||
|
=item B<ess_cert_id_alg>
|
||||||
|
|
||||||
|
This option specifies the hash function to be used to calculate the TSA's
|
||||||
|
-public key certificate identifier. Default is sha1. (Optional)
|
||||||
|
+public key certificate identifier. Default is sha256. (Optional)
|
||||||
|
|
||||||
|
=back
|
||||||
|
|
||||||
|
@@ -530,7 +530,7 @@ openssl/apps/openssl.cnf will do.
|
||||||
|
|
||||||
|
=head2 Time Stamp Request
|
||||||
|
|
||||||
|
-To create a timestamp request for design1.txt with SHA-1
|
||||||
|
+To create a timestamp request for design1.txt with SHA-256
|
||||||
|
without nonce and policy and no certificate is required in the response:
|
||||||
|
|
||||||
|
openssl ts -query -data design1.txt -no_nonce \
|
||||||
|
@@ -546,12 +546,12 @@ To print the content of the previous req
|
||||||
|
|
||||||
|
openssl ts -query -in design1.tsq -text
|
||||||
|
|
||||||
|
-To create a timestamp request which includes the MD-5 digest
|
||||||
|
+To create a timestamp request which includes the SHA-512 digest
|
||||||
|
of design2.txt, requests the signer certificate and nonce,
|
||||||
|
specifies a policy id (assuming the tsa_policy1 name is defined in the
|
||||||
|
OID section of the config file):
|
||||||
|
|
||||||
|
- openssl ts -query -data design2.txt -md5 \
|
||||||
|
+ openssl ts -query -data design2.txt -sha512 \
|
||||||
|
-tspolicy tsa_policy1 -cert -out design2.tsq
|
||||||
|
|
||||||
|
=head2 Time Stamp Response
|
38
openssl-1.1.1-version-add-engines.patch
Normal file
38
openssl-1.1.1-version-add-engines.patch
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
diff -up openssl-1.1.1-pre8/apps/version.c.version-add-engines openssl-1.1.1-pre8/apps/version.c
|
||||||
|
--- openssl-1.1.1-pre8/apps/version.c.version-add-engines 2018-06-20 16:48:09.000000000 +0200
|
||||||
|
+++ openssl-1.1.1-pre8/apps/version.c 2018-07-16 18:00:40.608624346 +0200
|
||||||
|
@@ -64,7 +64,7 @@ int version_main(int argc, char **argv)
|
||||||
|
{
|
||||||
|
int ret = 1, dirty = 0, seed = 0;
|
||||||
|
int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
|
||||||
|
- int engdir = 0;
|
||||||
|
+ int engdir = 0, engines = 0;
|
||||||
|
char *prog;
|
||||||
|
OPTION_CHOICE o;
|
||||||
|
|
||||||
|
@@ -106,7 +106,7 @@ opthelp:
|
||||||
|
break;
|
||||||
|
case OPT_A:
|
||||||
|
seed = options = cflags = version = date = platform = dir = engdir
|
||||||
|
- = 1;
|
||||||
|
+ = engines = 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -188,6 +188,16 @@ opthelp:
|
||||||
|
#endif
|
||||||
|
printf("\n");
|
||||||
|
}
|
||||||
|
+ if (engines) {
|
||||||
|
+ ENGINE *e;
|
||||||
|
+ printf("engines: ");
|
||||||
|
+ e = ENGINE_get_first();
|
||||||
|
+ while (e) {
|
||||||
|
+ printf("%s ", ENGINE_get_id(e));
|
||||||
|
+ e = ENGINE_get_next(e);
|
||||||
|
+ }
|
||||||
|
+ printf("\n");
|
||||||
|
+ }
|
||||||
|
ret = 0;
|
||||||
|
end:
|
||||||
|
return ret;
|
12
openssl-1.1.1-version-override.patch
Normal file
12
openssl-1.1.1-version-override.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff -up openssl-1.1.1g/include/openssl/opensslv.h.version-override openssl-1.1.1g/include/openssl/opensslv.h
|
||||||
|
--- openssl-1.1.1g/include/openssl/opensslv.h.version-override 2020-04-23 13:29:37.802673513 +0200
|
||||||
|
+++ openssl-1.1.1g/include/openssl/opensslv.h 2020-04-23 13:30:13.064008458 +0200
|
||||||
|
@@ -40,7 +40,7 @@ extern "C" {
|
||||||
|
* major minor fix final patch/beta)
|
||||||
|
*/
|
||||||
|
# define OPENSSL_VERSION_NUMBER 0x1010108fL
|
||||||
|
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1h 22 Sep 2020"
|
||||||
|
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1h FIPS 22 Sep 2020"
|
||||||
|
|
||||||
|
/*-
|
||||||
|
* The macros below are to be used for shared library (.so, .dll, ...)
|
57
openssl-1.1.1-weak-ciphers.patch
Normal file
57
openssl-1.1.1-weak-ciphers.patch
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
diff -up openssl-1.1.1/ssl/s3_lib.c.weak-ciphers openssl-1.1.1/ssl/s3_lib.c
|
||||||
|
--- openssl-1.1.1/ssl/s3_lib.c.weak-ciphers 2018-09-11 14:48:23.000000000 +0200
|
||||||
|
+++ openssl-1.1.1/ssl/s3_lib.c 2018-09-17 12:53:33.850637181 +0200
|
||||||
|
@@ -2612,7 +2612,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||||
|
SSL_GOST89MAC,
|
||||||
|
TLS1_VERSION, TLS1_2_VERSION,
|
||||||
|
0, 0,
|
||||||
|
- SSL_HIGH,
|
||||||
|
+ SSL_MEDIUM,
|
||||||
|
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
|
||||||
|
256,
|
||||||
|
256,
|
||||||
|
@@ -2644,7 +2644,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||||
|
SSL_GOST89MAC12,
|
||||||
|
TLS1_VERSION, TLS1_2_VERSION,
|
||||||
|
0, 0,
|
||||||
|
- SSL_HIGH,
|
||||||
|
+ SSL_MEDIUM,
|
||||||
|
SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
|
||||||
|
256,
|
||||||
|
256,
|
||||||
|
@@ -2753,7 +2753,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||||
|
},
|
||||||
|
#endif /* OPENSSL_NO_SEED */
|
||||||
|
|
||||||
|
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
|
+#if 0 /* No MD5 ciphersuites */
|
||||||
|
{
|
||||||
|
1,
|
||||||
|
SSL3_TXT_RSA_RC4_128_MD5,
|
||||||
|
@@ -2770,6 +2770,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||||
|
128,
|
||||||
|
128,
|
||||||
|
},
|
||||||
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
|
{
|
||||||
|
1,
|
||||||
|
SSL3_TXT_RSA_RC4_128_SHA,
|
||||||
|
@@ -2786,6 +2788,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||||
|
128,
|
||||||
|
128,
|
||||||
|
},
|
||||||
|
+#endif
|
||||||
|
+#if 0
|
||||||
|
{
|
||||||
|
1,
|
||||||
|
SSL3_TXT_ADH_RC4_128_MD5,
|
||||||
|
@@ -2802,6 +2806,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
||||||
|
128,
|
||||||
|
128,
|
||||||
|
},
|
||||||
|
+#endif
|
||||||
|
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
|
||||||
|
{
|
||||||
|
1,
|
||||||
|
TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
|
@ -1,9 +0,0 @@
|
|||||||
# capi.so is a dummy only used on Windows, it doesn't need dependency information
|
|
||||||
addFilter("E: shared-lib(rary)?-without-dependency-information /usr/lib64/engines-3/capi.so")
|
|
||||||
|
|
||||||
# The sources are hobbled and thus not a valid URL. That's expected.
|
|
||||||
addFilter("W: invalid-url Source0: openssl-[0-9\\.]+-hobbled.tar.gz")
|
|
||||||
|
|
||||||
# Technically this warning is correct, but in the case of the openssl binary we
|
|
||||||
# want to allow SSL_CTX_set_cipher_list
|
|
||||||
addFilter("W: crypto-policy-non-compliance-openssl /usr/bin/openssl SSL_CTX_set_cipher_list")
|
|
2159
openssl.spec
2159
openssl.spec
File diff suppressed because it is too large
Load Diff
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (openssl-3.0.8-hobbled.tar.gz) = 42f2a59aa8c39c21b66b528329ace126b870f6d7c3a1da2f2ee18ab875923c5bcf3d9046f884201556799a8ab1d915112a1f124cfaf1ab77b2eac834d1f88c60
|
SHA512 (openssl-1.1.1h-hobbled.tar.xz) = 75e1d3f34f93462b97db92aa6538fd4f2f091ad717438e51d147508738be720d7d0bf4a9b1fda3a1943a4c13aae2a39da3add05f7da833b3c6de40a97bc97908
|
||||||
|
63
tests/simple-rsapss-test/Makefile
Normal file
63
tests/simple-rsapss-test/Makefile
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Makefile of /CoreOS/openssl/Sanity/simple-rsapss-test
|
||||||
|
# Description: Test if RSA-PSS signature scheme is supported
|
||||||
|
# Author: Hubert Kario <hkario@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
export TEST=/CoreOS/openssl/Sanity/simple-rsapss-test
|
||||||
|
export TESTVERSION=1.0
|
||||||
|
|
||||||
|
BUILT_FILES=
|
||||||
|
|
||||||
|
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||||
|
|
||||||
|
.PHONY: all install download clean
|
||||||
|
|
||||||
|
run: $(FILES) build
|
||||||
|
./runtest.sh
|
||||||
|
|
||||||
|
build: $(BUILT_FILES)
|
||||||
|
test -x runtest.sh || chmod a+x runtest.sh
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f *~ $(BUILT_FILES)
|
||||||
|
|
||||||
|
|
||||||
|
-include /usr/share/rhts/lib/rhts-make.include
|
||||||
|
|
||||||
|
$(METADATA): Makefile
|
||||||
|
@echo "Owner: Hubert Kario <hkario@redhat.com>" > $(METADATA)
|
||||||
|
@echo "Name: $(TEST)" >> $(METADATA)
|
||||||
|
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||||
|
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||||
|
@echo "Description: Test if RSA-PSS signature scheme is supported" >> $(METADATA)
|
||||||
|
@echo "Type: Sanity" >> $(METADATA)
|
||||||
|
@echo "TestTime: 1m" >> $(METADATA)
|
||||||
|
@echo "RunFor: openssl" >> $(METADATA)
|
||||||
|
@echo "Requires: openssl man man-db" >> $(METADATA)
|
||||||
|
@echo "Priority: Normal" >> $(METADATA)
|
||||||
|
@echo "License: GPLv2" >> $(METADATA)
|
||||||
|
@echo "Confidential: no" >> $(METADATA)
|
||||||
|
@echo "Destructive: no" >> $(METADATA)
|
||||||
|
|
||||||
|
rhts-lint $(METADATA)
|
3
tests/simple-rsapss-test/PURPOSE
Normal file
3
tests/simple-rsapss-test/PURPOSE
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
PURPOSE of /CoreOS/openssl/Sanity/simple-rsapss-test
|
||||||
|
Description: Test if RSA-PSS signature scheme is supported
|
||||||
|
Author: Hubert Kario <hkario@redhat.com>
|
74
tests/simple-rsapss-test/runtest.sh
Executable file
74
tests/simple-rsapss-test/runtest.sh
Executable file
@ -0,0 +1,74 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of /CoreOS/openssl/Sanity/simple-rsapss-test
|
||||||
|
# Description: Test if RSA-PSS signature scheme is supported
|
||||||
|
# Author: Hubert Kario <hkario@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||||
|
#
|
||||||
|
# This copyrighted material is made available to anyone wishing
|
||||||
|
# to use, modify, copy, or redistribute it subject to the terms
|
||||||
|
# and conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public
|
||||||
|
# License along with this program; if not, write to the Free
|
||||||
|
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||||
|
# Boston, MA 02110-1301, USA.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
# Include Beaker environment
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||||
|
|
||||||
|
PACKAGE="openssl"
|
||||||
|
|
||||||
|
PUB_KEY="rsa_pubkey.pem"
|
||||||
|
PRIV_KEY="rsa_key.pem"
|
||||||
|
FILE="text.txt"
|
||||||
|
SIG="text.sig"
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
rlPhaseStartSetup
|
||||||
|
rlAssertRpm $PACKAGE
|
||||||
|
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
||||||
|
rlRun "pushd $TmpDir"
|
||||||
|
rlRun "openssl genrsa -out $PRIV_KEY 2048" 0 "Generate RSA key"
|
||||||
|
rlRun "openssl rsa -in $PRIV_KEY -out $PUB_KEY -pubout" 0 "Split the public key from private key"
|
||||||
|
rlRun "echo 'sign me!' > $FILE" 0 "Create file for signing"
|
||||||
|
rlAssertExists $FILE
|
||||||
|
rlAssertExists $PRIV_KEY
|
||||||
|
rlAssertExists $PUB_KEY
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest "Test RSA-PSS padding mode"
|
||||||
|
set -o pipefail
|
||||||
|
rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -out $SIG -sign $PRIV_KEY $FILE" 0 "Sign the file"
|
||||||
|
rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -prverify $PRIV_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using the private key file"
|
||||||
|
rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -verify $PUB_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using public key file"
|
||||||
|
rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -prverify $PRIV_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using the private key file without specifying salt length"
|
||||||
|
rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -verify $PUB_KEY -signature $SIG $FILE | grep 'Verified OK'" 0 "Verify the signature using public key file without specifying salt length"
|
||||||
|
set +o pipefail
|
||||||
|
rlRun "sed -i 's/sign/Sign/' $FILE" 0 "Modify signed file"
|
||||||
|
rlRun "openssl dgst -sha256 -sigopt rsa_padding_mode:pss -verify $PUB_KEY -signature $SIG $FILE | grep 'Verification Failure'" 0 "Verify that the signature is no longer valid"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest "Documentation check"
|
||||||
|
[ -e "$(rpm -ql openssl | grep dgst)"] && rlRun "man dgst | col -b | grep -- -sigopt" 0 "Check if -sigopt option is described in man page"
|
||||||
|
rlRun "openssl dgst -help 2>&1 | grep -- -sigopt" 0 "Check if -sigopt option is present in help message"
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartCleanup
|
||||||
|
rlRun "popd"
|
||||||
|
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
||||||
|
rlPhaseEnd
|
||||||
|
rlJournalPrintText
|
||||||
|
rlJournalEnd
|
15
tests/tests.yml
Normal file
15
tests/tests.yml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
# This first play always runs on the local staging system
|
||||||
|
- hosts: localhost
|
||||||
|
roles:
|
||||||
|
- role: standard-test-beakerlib
|
||||||
|
tags:
|
||||||
|
- classic
|
||||||
|
- container
|
||||||
|
tests:
|
||||||
|
- simple-rsapss-test
|
||||||
|
required_packages:
|
||||||
|
- findutils # beakerlib needs find command
|
||||||
|
- man # needed by simple-rsapss-test
|
||||||
|
- man-db # needed by simple-rsapss-test
|
||||||
|
- openssl # needed by simple-rsapss-test
|
Loading…
Reference in New Issue
Block a user