commit
afa1dad01a
@ -0,0 +1 @@
|
||||
SOURCES/openssl-1.0.2k-hobbled.tar.xz
|
@ -0,0 +1 @@
|
||||
06ae179d01fcde6a4594bf4023f863290a7f050c SOURCES/openssl-1.0.2k-hobbled.tar.xz
|
@ -0,0 +1,82 @@
|
||||
UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
|
||||
DAYS=365
|
||||
KEYLEN=2048
|
||||
TYPE=rsa:$(KEYLEN)
|
||||
EXTRA_FLAGS=
|
||||
ifdef SERIAL
|
||||
EXTRA_FLAGS+=-set_serial $(SERIAL)
|
||||
endif
|
||||
|
||||
.PHONY: usage
|
||||
.SUFFIXES: .key .csr .crt .pem
|
||||
.PRECIOUS: %.key %.csr %.crt %.pem
|
||||
|
||||
usage:
|
||||
@echo "This makefile allows you to create:"
|
||||
@echo " o public/private key pairs"
|
||||
@echo " o SSL certificate signing requests (CSRs)"
|
||||
@echo " o self-signed SSL test certificates"
|
||||
@echo
|
||||
@echo "To create a key pair, run \"make SOMETHING.key\"."
|
||||
@echo "To create a CSR, run \"make SOMETHING.csr\"."
|
||||
@echo "To create a test certificate, run \"make SOMETHING.crt\"."
|
||||
@echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"."
|
||||
@echo
|
||||
@echo "To create a key for use with Apache, run \"make genkey\"."
|
||||
@echo "To create a CSR for use with Apache, run \"make certreq\"."
|
||||
@echo "To create a test certificate for use with Apache, run \"make testcert\"."
|
||||
@echo
|
||||
@echo "To create a test certificate with serial number other than random, add SERIAL=num"
|
||||
@echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n"
|
||||
@echo "Any additional options can be passed to openssl req via EXTRA_FLAGS"
|
||||
@echo
|
||||
@echo Examples:
|
||||
@echo " make server.key"
|
||||
@echo " make server.csr"
|
||||
@echo " make server.crt"
|
||||
@echo " make stunnel.pem"
|
||||
@echo " make genkey"
|
||||
@echo " make certreq"
|
||||
@echo " make testcert"
|
||||
@echo " make server.crt SERIAL=1"
|
||||
@echo " make stunnel.pem EXTRA_FLAGS=-sha384"
|
||||
@echo " make testcert DAYS=600"
|
||||
|
||||
%.pem:
|
||||
umask 77 ; \
|
||||
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
|
||||
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
|
||||
/usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \
|
||||
cat $$PEM1 > $@ ; \
|
||||
echo "" >> $@ ; \
|
||||
cat $$PEM2 >> $@ ; \
|
||||
$(RM) $$PEM1 $$PEM2
|
||||
|
||||
%.key:
|
||||
umask 77 ; \
|
||||
/usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@
|
||||
|
||||
%.csr: %.key
|
||||
umask 77 ; \
|
||||
/usr/bin/openssl req $(UTF8) -new -key $^ -out $@
|
||||
|
||||
%.crt: %.key
|
||||
umask 77 ; \
|
||||
/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS)
|
||||
|
||||
TLSROOT=/etc/pki/tls
|
||||
KEY=$(TLSROOT)/private/localhost.key
|
||||
CSR=$(TLSROOT)/certs/localhost.csr
|
||||
CRT=$(TLSROOT)/certs/localhost.crt
|
||||
|
||||
genkey: $(KEY)
|
||||
certreq: $(CSR)
|
||||
testcert: $(CRT)
|
||||
|
||||
$(CSR): $(KEY)
|
||||
umask 77 ; \
|
||||
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)
|
||||
|
||||
$(CRT): $(KEY)
|
||||
umask 77 ; \
|
||||
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS)
|
@ -0,0 +1,75 @@
|
||||
User guide for the FIPS Red Hat Enterprise Linux - OpenSSL Module
|
||||
=================================================================
|
||||
|
||||
This package contains libraries which comprise the FIPS 140-2
|
||||
Red Hat Enterprise Linux - OPENSSL Module.
|
||||
|
||||
The module files
|
||||
================
|
||||
/usr/lib[64]/libcrypto.so.1.0.2j
|
||||
/usr/lib[64]/libssl.so.1.0.2j
|
||||
/usr/lib[64]/.libcrypto.so.1.0.2j.hmac
|
||||
/usr/lib[64]/.libssl.so.1.0.2j.hmac
|
||||
|
||||
Dependencies
|
||||
============
|
||||
|
||||
The approved mode of operation requires kernel with /dev/urandom RNG running
|
||||
with properties as defined in the security policy of the module. This is
|
||||
provided by kernel packages with validated Red Hat Enterprise Linux - IPSec
|
||||
Crytographic Module.
|
||||
|
||||
Installation
|
||||
============
|
||||
|
||||
The RPM package of the module can be installed by standard tools recommended
|
||||
for installation of RPM packages on the Red Hat Enterprise Linux system (yum,
|
||||
rpm, RHN remote management tool).
|
||||
|
||||
For proper operation of the in-module integrity verification the prelink has to
|
||||
be disabled. This can be done with setting PRELINKING=no in the
|
||||
/etc/sysconfig/prelink configuration file. If the libraries were already
|
||||
prelinked the prelink should be undone on all the system files with the
|
||||
'prelink -u -a' command.
|
||||
|
||||
Usage and API
|
||||
=============
|
||||
|
||||
The module respects kernel command line FIPS setting. If the kernel command
|
||||
line contains option fips=1 the module will initialize in the FIPS approved
|
||||
mode of operation automatically. To allow for the automatic initialization the
|
||||
application using the module has to call one of the following API calls:
|
||||
|
||||
- void OPENSSL_init_library(void) - this will do only a basic initialization
|
||||
of the library and does initialization of the FIPS approved mode without setting
|
||||
up EVP API with supported algorithms.
|
||||
|
||||
- void OPENSSL_add_all_algorithms(void) - this API function calls
|
||||
OPENSSL_init() implicitly and also adds all approved algorithms to the EVP API
|
||||
in the approved mode
|
||||
|
||||
- void SSL_library_init(void) - it calls OPENSSL_init() implicitly and also
|
||||
adds algorithms which are necessary for TLS protocol support and initializes
|
||||
the SSL library.
|
||||
|
||||
To explicitely put the library to the approved mode the application can call
|
||||
the following function:
|
||||
|
||||
- int FIPS_mode_set(int on) - if called with 1 as a parameter it will switch
|
||||
the library from the non-approved to the approved mode. If any of the selftests
|
||||
and integrity verification tests fail, the library is put into the error state
|
||||
and 0 is returned. If they succeed the return value is 1.
|
||||
|
||||
To query the module whether it is in the approved mode or not:
|
||||
|
||||
- int FIPS_mode(void) - returns 1 if the module is in the approved mode,
|
||||
0 otherwise.
|
||||
|
||||
To query whether the module is in the error state:
|
||||
|
||||
- int FIPS_selftest_failed(void) - returns 1 if the module is in the error
|
||||
state, 0 otherwise.
|
||||
|
||||
To zeroize the FIPS RNG key and internal state the application calls:
|
||||
|
||||
- void RAND_cleanup(void)
|
@ -0,0 +1,455 @@
|
||||
/* crypto/ec/ec_curve.c */
|
||||
/*
|
||||
* Written by Nils Larsch for the OpenSSL project.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
*
|
||||
* Portions of the attached software ("Contribution") are developed by
|
||||
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
|
||||
*
|
||||
* The Contribution is licensed pursuant to the OpenSSL open source
|
||||
* license provided above.
|
||||
*
|
||||
* The elliptic curve binary polynomial software is originally written by
|
||||
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
#include "ec_lcl.h"
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/obj_mac.h>
|
||||
#include <openssl/opensslconf.h>
|
||||
|
||||
#ifdef OPENSSL_FIPS
|
||||
# include <openssl/fips.h>
|
||||
#endif
|
||||
|
||||
typedef struct {
|
||||
int field_type, /* either NID_X9_62_prime_field or
|
||||
* NID_X9_62_characteristic_two_field */
|
||||
seed_len, param_len;
|
||||
unsigned int cofactor; /* promoted to BN_ULONG */
|
||||
} EC_CURVE_DATA;
|
||||
|
||||
/* the nist prime curves */
|
||||
static const struct {
|
||||
EC_CURVE_DATA h;
|
||||
unsigned char data[20 + 48 * 6];
|
||||
} _EC_NIST_PRIME_384 = {
|
||||
{
|
||||
NID_X9_62_prime_field, 20, 48, 1
|
||||
},
|
||||
{
|
||||
/* seed */
|
||||
0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A,
|
||||
0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73,
|
||||
/* p */
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
/* a */
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC,
|
||||
/* b */
|
||||
0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B,
|
||||
0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12,
|
||||
0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D,
|
||||
0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF,
|
||||
/* x */
|
||||
0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E,
|
||||
0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98,
|
||||
0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D,
|
||||
0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7,
|
||||
/* y */
|
||||
0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf,
|
||||
0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
|
||||
0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce,
|
||||
0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
|
||||
/* order */
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2,
|
||||
0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73
|
||||
}
|
||||
};
|
||||
|
||||
static const struct {
|
||||
EC_CURVE_DATA h;
|
||||
unsigned char data[20 + 66 * 6];
|
||||
} _EC_NIST_PRIME_521 = {
|
||||
{
|
||||
NID_X9_62_prime_field, 20, 66, 1
|
||||
},
|
||||
{
|
||||
/* seed */
|
||||
0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17,
|
||||
0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA,
|
||||
/* p */
|
||||
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
/* a */
|
||||
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
|
||||
/* b */
|
||||
0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A,
|
||||
0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3,
|
||||
0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19,
|
||||
0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1,
|
||||
0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45,
|
||||
0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00,
|
||||
/* x */
|
||||
0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E,
|
||||
0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F,
|
||||
0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B,
|
||||
0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF,
|
||||
0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E,
|
||||
0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66,
|
||||
/* y */
|
||||
0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a,
|
||||
0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
|
||||
0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee,
|
||||
0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
|
||||
0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
|
||||
0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
|
||||
/* order */
|
||||
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86,
|
||||
0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
|
||||
0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F,
|
||||
0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09
|
||||
}
|
||||
};
|
||||
|
||||
static const struct {
|
||||
EC_CURVE_DATA h;
|
||||
unsigned char data[20 + 32 * 6];
|
||||
} _EC_X9_62_PRIME_256V1 = {
|
||||
{
|
||||
NID_X9_62_prime_field, 20, 32, 1
|
||||
},
|
||||
{
|
||||
/* seed */
|
||||
0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1,
|
||||
0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90,
|
||||
/* p */
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
/* a */
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
|
||||
/* b */
|
||||
0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55,
|
||||
0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6,
|
||||
0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B,
|
||||
/* x */
|
||||
0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5,
|
||||
0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0,
|
||||
0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96,
|
||||
/* y */
|
||||
0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a,
|
||||
0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
|
||||
0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
|
||||
/* order */
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
|
||||
0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
|
||||
}
|
||||
};
|
||||
|
||||
typedef struct _ec_list_element_st {
|
||||
int nid;
|
||||
const EC_CURVE_DATA *data;
|
||||
const EC_METHOD *(*meth) (void);
|
||||
const char *comment;
|
||||
} ec_list_element;
|
||||
|
||||
static const ec_list_element curve_list[] = {
|
||||
/* prime field curves */
|
||||
/* secg curves */
|
||||
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
|
||||
{NID_secp384r1, &_EC_NIST_PRIME_384.h, 0,
|
||||
"NIST/SECG curve over a 384 bit prime field"},
|
||||
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
{NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method,
|
||||
"NIST/SECG curve over a 521 bit prime field"},
|
||||
#else
|
||||
{NID_secp521r1, &_EC_NIST_PRIME_521.h, 0,
|
||||
"NIST/SECG curve over a 521 bit prime field"},
|
||||
#endif
|
||||
/* X9.62 curves */
|
||||
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
|
||||
#if defined(ECP_NISTZ256_ASM)
|
||||
EC_GFp_nistz256_method,
|
||||
#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
|
||||
EC_GFp_nistp256_method,
|
||||
#else
|
||||
0,
|
||||
#endif
|
||||
"X9.62/SECG curve over a 256 bit prime field"},
|
||||
};
|
||||
|
||||
#define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element))
|
||||
|
||||
static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
|
||||
{
|
||||
EC_GROUP *group = NULL;
|
||||
EC_POINT *P = NULL;
|
||||
BN_CTX *ctx = NULL;
|
||||
BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order =
|
||||
NULL;
|
||||
int ok = 0;
|
||||
int seed_len, param_len;
|
||||
const EC_METHOD *meth;
|
||||
const EC_CURVE_DATA *data;
|
||||
const unsigned char *params;
|
||||
|
||||
if ((ctx = BN_CTX_new()) == NULL) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
data = curve.data;
|
||||
seed_len = data->seed_len;
|
||||
param_len = data->param_len;
|
||||
params = (const unsigned char *)(data + 1); /* skip header */
|
||||
params += seed_len; /* skip seed */
|
||||
|
||||
if (!(p = BN_bin2bn(params + 0 * param_len, param_len, NULL))
|
||||
|| !(a = BN_bin2bn(params + 1 * param_len, param_len, NULL))
|
||||
|| !(b = BN_bin2bn(params + 2 * param_len, param_len, NULL))) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (curve.meth != 0) {
|
||||
meth = curve.meth();
|
||||
if (((group = EC_GROUP_new(meth)) == NULL) ||
|
||||
(!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
} else if (data->field_type == NID_X9_62_prime_field) {
|
||||
if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
#ifndef OPENSSL_NO_EC2M
|
||||
else { /* field_type ==
|
||||
* NID_X9_62_characteristic_two_field */
|
||||
|
||||
if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if ((P = EC_POINT_new(group)) == NULL) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!(x = BN_bin2bn(params + 3 * param_len, param_len, NULL))
|
||||
|| !(y = BN_bin2bn(params + 4 * param_len, param_len, NULL))) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!(order = BN_bin2bn(params + 5 * param_len, param_len, NULL))
|
||||
|| !BN_set_word(x, (BN_ULONG)data->cofactor)) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!EC_GROUP_set_generator(group, P, order, x)) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (seed_len) {
|
||||
if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
ok = 1;
|
||||
err:
|
||||
if (!ok) {
|
||||
EC_GROUP_free(group);
|
||||
group = NULL;
|
||||
}
|
||||
if (P)
|
||||
EC_POINT_free(P);
|
||||
if (ctx)
|
||||
BN_CTX_free(ctx);
|
||||
if (p)
|
||||
BN_free(p);
|
||||
if (a)
|
||||
BN_free(a);
|
||||
if (b)
|
||||
BN_free(b);
|
||||
if (order)
|
||||
BN_free(order);
|
||||
if (x)
|
||||
BN_free(x);
|
||||
if (y)
|
||||
BN_free(y);
|
||||
return group;
|
||||
}
|
||||
|
||||
EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
|
||||
{
|
||||
size_t i;
|
||||
EC_GROUP *ret = NULL;
|
||||
|
||||
if (nid <= 0)
|
||||
return NULL;
|
||||
|
||||
for (i = 0; i < curve_list_length; i++)
|
||||
if (curve_list[i].nid == nid) {
|
||||
ret = ec_group_new_from_data(curve_list[i]);
|
||||
break;
|
||||
}
|
||||
|
||||
if (ret == NULL) {
|
||||
ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
EC_GROUP_set_curve_name(ret, nid);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
|
||||
{
|
||||
size_t i, min;
|
||||
|
||||
if (r == NULL || nitems == 0)
|
||||
return curve_list_length;
|
||||
|
||||
min = nitems < curve_list_length ? nitems : curve_list_length;
|
||||
|
||||
for (i = 0; i < min; i++) {
|
||||
r[i].nid = curve_list[i].nid;
|
||||
r[i].comment = curve_list[i].comment;
|
||||
}
|
||||
|
||||
return curve_list_length;
|
||||
}
|
||||
|
||||
/* Functions to translate between common NIST curve names and NIDs */
|
||||
|
||||
typedef struct {
|
||||
const char *name; /* NIST Name of curve */
|
||||
int nid; /* Curve NID */
|
||||
} EC_NIST_NAME;
|
||||
|
||||
static EC_NIST_NAME nist_curves[] = {
|
||||
{"B-163", NID_sect163r2},
|
||||
{"B-233", NID_sect233r1},
|
||||
{"B-283", NID_sect283r1},
|
||||
{"B-409", NID_sect409r1},
|
||||
{"B-571", NID_sect571r1},
|
||||
{"K-163", NID_sect163k1},
|
||||
{"K-233", NID_sect233k1},
|
||||
{"K-283", NID_sect283k1},
|
||||
{"K-409", NID_sect409k1},
|
||||
{"K-571", NID_sect571k1},
|
||||
{"P-192", NID_X9_62_prime192v1},
|
||||
{"P-224", NID_secp224r1},
|
||||
{"P-256", NID_X9_62_prime256v1},
|
||||
{"P-384", NID_secp384r1},
|
||||
{"P-521", NID_secp521r1}
|
||||
};
|
||||
|
||||
const char *EC_curve_nid2nist(int nid)
|
||||
{
|
||||
size_t i;
|
||||
for (i = 0; i < sizeof(nist_curves) / sizeof(EC_NIST_NAME); i++) {
|
||||
if (nist_curves[i].nid == nid)
|
||||
return nist_curves[i].name;
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int EC_curve_nist2nid(const char *name)
|
||||
{
|
||||
size_t i;
|
||||
for (i = 0; i < sizeof(nist_curves) / sizeof(EC_NIST_NAME); i++) {
|
||||
if (!strcmp(nist_curves[i].name, name))
|
||||
return nist_curves[i].nid;
|
||||
}
|
||||
return NID_undef;
|
||||
}
|
@ -0,0 +1,994 @@
|
||||
/* crypto/ec/ectest.c */
|
||||
/*
|
||||
* Originally written by Bodo Moeller for the OpenSSL project.
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
|
||||
*
|
||||
* Portions of the attached software ("Contribution") are developed by
|
||||
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
|
||||
*
|
||||
* The Contribution is licensed pursuant to the OpenSSL open source
|
||||
* license provided above.
|
||||
*
|
||||
* The elliptic curve binary polynomial software is originally written by
|
||||
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#ifdef FLAT_INC
|
||||
# include "e_os.h"
|
||||
#else
|
||||
# include "../e_os.h"
|
||||
#endif
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
|
||||
#ifdef OPENSSL_NO_EC
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
puts("Elliptic curves are disabled.");
|
||||
return 0;
|
||||
}
|
||||
#else
|
||||
|
||||
# include <openssl/ec.h>
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
# include <openssl/engine.h>
|
||||
# endif
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/obj_mac.h>
|
||||
# include <openssl/objects.h>
|
||||
# include <openssl/rand.h>
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/opensslconf.h>
|
||||
|
||||
# if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12)
|
||||
/* suppress "too big too optimize" warning */
|
||||
# pragma warning(disable:4959)
|
||||
# endif
|
||||
|
||||
# define ABORT do { \
|
||||
fflush(stdout); \
|
||||
fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
|
||||
ERR_print_errors_fp(stderr); \
|
||||
EXIT(1); \
|
||||
} while (0)
|
||||
|
||||
# define TIMING_BASE_PT 0
|
||||
# define TIMING_RAND_PT 1
|
||||
# define TIMING_SIMUL 2
|
||||
|
||||
# if 0
|
||||
static void timings(EC_GROUP *group, int type, BN_CTX *ctx)
|
||||
{
|
||||
clock_t clck;
|
||||
int i, j;
|
||||
BIGNUM *s;
|
||||
BIGNUM *r[10], *r0[10];
|
||||
EC_POINT *P;
|
||||
|
||||
s = BN_new();
|
||||
if (s == NULL)
|
||||
ABORT;
|
||||
|
||||
fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group));
|
||||
if (!EC_GROUP_get_order(group, s, ctx))
|
||||
ABORT;
|
||||
fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s));
|
||||
fflush(stdout);
|
||||
|
||||
P = EC_POINT_new(group);
|
||||
if (P == NULL)
|
||||
ABORT;
|
||||
EC_POINT_copy(P, EC_GROUP_get0_generator(group));
|
||||
|
||||
for (i = 0; i < 10; i++) {
|
||||
if ((r[i] = BN_new()) == NULL)
|
||||
ABORT;
|
||||
if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0))
|
||||
ABORT;
|
||||
if (type != TIMING_BASE_PT) {
|
||||
if ((r0[i] = BN_new()) == NULL)
|
||||
ABORT;
|
||||
if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0))
|
||||
ABORT;
|
||||
}
|
||||
}
|
||||
|
||||
clck = clock();
|
||||
for (i = 0; i < 10; i++) {
|
||||
for (j = 0; j < 10; j++) {
|
||||
if (!EC_POINT_mul
|
||||
(group, P, (type != TIMING_RAND_PT) ? r[i] : NULL,
|
||||
(type != TIMING_BASE_PT) ? P : NULL,
|
||||
(type != TIMING_BASE_PT) ? r0[i] : NULL, ctx))
|
||||
ABORT;
|
||||
}
|
||||
}
|
||||
clck = clock() - clck;
|
||||
|
||||
fprintf(stdout, "\n");
|
||||
|
||||
# ifdef CLOCKS_PER_SEC
|
||||
/*
|
||||
* "To determine the time in seconds, the value returned by the clock
|
||||
* function should be divided by the value of the macro CLOCKS_PER_SEC."
|
||||
* -- ISO/IEC 9899
|
||||
*/
|
||||
# define UNIT "s"
|
||||
# else
|
||||
/*
|
||||
* "`CLOCKS_PER_SEC' undeclared (first use this function)" -- cc on
|
||||
* NeXTstep/OpenStep
|
||||
*/
|
||||
# define UNIT "units"
|
||||
# define CLOCKS_PER_SEC 1
|
||||
# endif
|
||||
|
||||
if (type == TIMING_BASE_PT) {
|
||||
fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
|
||||
"base point multiplications", (double)clck / CLOCKS_PER_SEC);
|
||||
} else if (type == TIMING_RAND_PT) {
|
||||
fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
|
||||
"random point multiplications",
|
||||
(double)clck / CLOCKS_PER_SEC);
|
||||
} else if (type == TIMING_SIMUL) {
|
||||
fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
|
||||
"s*P+t*Q operations", (double)clck / CLOCKS_PER_SEC);
|
||||
}
|
||||
fprintf(stdout, "average: %.4f " UNIT "\n",
|
||||
(double)clck / (CLOCKS_PER_SEC * i * j));
|
||||
|
||||
EC_POINT_free(P);
|
||||
BN_free(s);
|
||||
for (i = 0; i < 10; i++) {
|
||||
BN_free(r[i]);
|
||||
if (type != TIMING_BASE_PT)
|
||||
BN_free(r0[i]);
|
||||
}
|
||||
}
|
||||
# endif
|
||||
|
||||
/* test multiplication with group order, long and negative scalars */
|
||||
static void group_order_tests(EC_GROUP *group)
|
||||
{
|
||||
BIGNUM *n1, *n2, *order;
|
||||
EC_POINT *P = EC_POINT_new(group);
|
||||
EC_POINT *Q = EC_POINT_new(group);
|
||||
BN_CTX *ctx = BN_CTX_new();
|
||||
int i;
|
||||
|
||||
n1 = BN_new();
|
||||
n2 = BN_new();
|
||||
order = BN_new();
|
||||
fprintf(stdout, "verify group order ...");
|
||||
fflush(stdout);
|
||||
if (!EC_GROUP_get_order(group, order, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_at_infinity(group, Q))
|
||||
ABORT;
|
||||
fprintf(stdout, ".");
|
||||
fflush(stdout);
|
||||
if (!EC_GROUP_precompute_mult(group, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_at_infinity(group, Q))
|
||||
ABORT;
|
||||
fprintf(stdout, " ok\n");
|
||||
fprintf(stdout, "long/negative scalar tests ");
|
||||
for (i = 1; i <= 2; i++) {
|
||||
const BIGNUM *scalars[6];
|
||||
const EC_POINT *points[6];
|
||||
|
||||
fprintf(stdout, i == 1 ?
|
||||
"allowing precomputation ... " :
|
||||
"without precomputation ... ");
|
||||
if (!BN_set_word(n1, i))
|
||||
ABORT;
|
||||
/*
|
||||
* If i == 1, P will be the predefined generator for which
|
||||
* EC_GROUP_precompute_mult has set up precomputation.
|
||||
*/
|
||||
if (!EC_POINT_mul(group, P, n1, NULL, NULL, ctx))
|
||||
ABORT;
|
||||
|
||||
if (!BN_one(n1))
|
||||
ABORT;
|
||||
/* n1 = 1 - order */
|
||||
if (!BN_sub(n1, n1, order))
|
||||
ABORT;
|
||||
if (!EC_POINT_mul(group, Q, NULL, P, n1, ctx))
|
||||
ABORT;
|
||||
if (0 != EC_POINT_cmp(group, Q, P, ctx))
|
||||
ABORT;
|
||||
|
||||
/* n2 = 1 + order */
|
||||
if (!BN_add(n2, order, BN_value_one()))
|
||||
ABORT;
|
||||
if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
|
||||
ABORT;
|
||||
if (0 != EC_POINT_cmp(group, Q, P, ctx))
|
||||
ABORT;
|
||||
|
||||
/* n2 = (1 - order) * (1 + order) = 1 - order^2 */
|
||||
if (!BN_mul(n2, n1, n2, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
|
||||
ABORT;
|
||||
if (0 != EC_POINT_cmp(group, Q, P, ctx))
|
||||
ABORT;
|
||||
|
||||
/* n2 = order^2 - 1 */
|
||||
BN_set_negative(n2, 0);
|
||||
if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
|
||||
ABORT;
|
||||
/* Add P to verify the result. */
|
||||
if (!EC_POINT_add(group, Q, Q, P, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_at_infinity(group, Q))
|
||||
ABORT;
|
||||
|
||||
/* Exercise EC_POINTs_mul, including corner cases. */
|
||||
if (EC_POINT_is_at_infinity(group, P))
|
||||
ABORT;
|
||||
scalars[0] = n1;
|
||||
points[0] = Q; /* => infinity */
|
||||
scalars[1] = n2;
|
||||
points[1] = P; /* => -P */
|
||||
scalars[2] = n1;
|
||||
points[2] = Q; /* => infinity */
|
||||
scalars[3] = n2;
|
||||
points[3] = Q; /* => infinity */
|
||||
scalars[4] = n1;
|
||||
points[4] = P; /* => P */
|
||||
scalars[5] = n2;
|
||||
points[5] = Q; /* => infinity */
|
||||
if (!EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_at_infinity(group, P))
|
||||
ABORT;
|
||||
}
|
||||
fprintf(stdout, "ok\n");
|
||||
|
||||
EC_POINT_free(P);
|
||||
EC_POINT_free(Q);
|
||||
BN_free(n1);
|
||||
BN_free(n2);
|
||||
BN_free(order);
|
||||
BN_CTX_free(ctx);
|
||||
}
|
||||
|
||||
static void prime_field_tests(void)
|
||||
{
|
||||
BN_CTX *ctx = NULL;
|
||||
BIGNUM *p, *a, *b;
|
||||
EC_GROUP *group;
|
||||
EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 =
|
||||
NULL, *P_384 = NULL, *P_521 = NULL;
|
||||
EC_POINT *P, *Q, *R;
|
||||
BIGNUM *x, *y, *z;
|
||||
unsigned char buf[100];
|
||||
size_t i, len;
|
||||
int k;
|
||||
|
||||
# if 1 /* optional */
|
||||
ctx = BN_CTX_new();
|
||||
if (!ctx)
|
||||
ABORT;
|
||||
# endif
|
||||
|
||||
p = BN_new();
|
||||
a = BN_new();
|
||||
b = BN_new();
|
||||
if (!p || !a || !b)
|
||||
ABORT;
|
||||
|
||||
group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use
|
||||
* EC_GROUP_new_curve_GFp so
|
||||
* that the library gets to
|
||||
* choose the EC_METHOD */
|
||||
if (!group)
|
||||
ABORT;
|
||||
|
||||
P = EC_POINT_new(group);
|
||||
Q = EC_POINT_new(group);
|
||||
R = EC_POINT_new(group);
|
||||
if (!P || !Q || !R)
|
||||
ABORT;
|
||||
|
||||
x = BN_new();
|
||||
y = BN_new();
|
||||
z = BN_new();
|
||||
if (!x || !y || !z)
|
||||
ABORT;
|
||||
|
||||
/* Curve P-256 (FIPS PUB 186-2, App. 6) */
|
||||
|
||||
if (!BN_hex2bn
|
||||
(&p,
|
||||
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"))
|
||||
ABORT;
|
||||
if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
|
||||
ABORT;
|
||||
if (!BN_hex2bn
|
||||
(&a,
|
||||
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"))
|
||||
ABORT;
|
||||
if (!BN_hex2bn
|
||||
(&b,
|
||||
"5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"))
|
||||
ABORT;
|
||||
if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
|
||||
ABORT;
|
||||
|
||||
if (!BN_hex2bn
|
||||
(&x,
|
||||
"6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"))
|
||||
ABORT;
|
||||
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
|
||||
ABORT;
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
|
||||
"84F3B9CAC2FC632551"))
|
||||
ABORT;
|
||||
if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
|
||||
ABORT;
|
||||
|
||||
if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
|
||||
ABORT;
|
||||
fprintf(stdout, "\nNIST curve P-256 -- Generator:\n x = 0x");
|
||||
BN_print_fp(stdout, x);
|
||||
fprintf(stdout, "\n y = 0x");
|
||||
BN_print_fp(stdout, y);
|
||||
fprintf(stdout, "\n");
|
||||
/* G_y value taken from the standard: */
|
||||
if (!BN_hex2bn
|
||||
(&z,
|
||||
"4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"))
|
||||
ABORT;
|
||||
if (0 != BN_cmp(y, z))
|
||||
ABORT;
|
||||
|
||||
fprintf(stdout, "verify degree ...");
|
||||
if (EC_GROUP_get_degree(group) != 256)
|
||||
ABORT;
|
||||
fprintf(stdout, " ok\n");
|
||||
|
||||
group_order_tests(group);
|
||||
|
||||
if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group))))
|
||||
ABORT;
|
||||
if (!EC_GROUP_copy(P_256, group))
|
||||
ABORT;
|
||||
|
||||
/* Curve P-384 (FIPS PUB 186-2, App. 6) */
|
||||
|
||||
if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF"))
|
||||
ABORT;
|
||||
if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC"))
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
|
||||
"120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF"))
|
||||
ABORT;
|
||||
if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
|
||||
ABORT;
|
||||
|
||||
if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
|
||||
"9859F741E082542A385502F25DBF55296C3A545E3872760AB7"))
|
||||
ABORT;
|
||||
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
|
||||
ABORT;
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"))
|
||||
ABORT;
|
||||
if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
|
||||
ABORT;
|
||||
|
||||
if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
|
||||
ABORT;
|
||||
fprintf(stdout, "\nNIST curve P-384 -- Generator:\n x = 0x");
|
||||
BN_print_fp(stdout, x);
|
||||
fprintf(stdout, "\n y = 0x");
|
||||
BN_print_fp(stdout, y);
|
||||
fprintf(stdout, "\n");
|
||||
/* G_y value taken from the standard: */
|
||||
if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
|
||||
"7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F"))
|
||||
ABORT;
|
||||
if (0 != BN_cmp(y, z))
|
||||
ABORT;
|
||||
|
||||
fprintf(stdout, "verify degree ...");
|
||||
if (EC_GROUP_get_degree(group) != 384)
|
||||
ABORT;
|
||||
fprintf(stdout, " ok\n");
|
||||
|
||||
group_order_tests(group);
|
||||
|
||||
if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group))))
|
||||
ABORT;
|
||||
if (!EC_GROUP_copy(P_384, group))
|
||||
ABORT;
|
||||
|
||||
/* Curve P-521 (FIPS PUB 186-2, App. 6) */
|
||||
|
||||
if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFF"))
|
||||
ABORT;
|
||||
if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFC"))
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
|
||||
"315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
|
||||
"DF883D2C34F1EF451FD46B503F00"))
|
||||
ABORT;
|
||||
if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
|
||||
ABORT;
|
||||
|
||||
if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
|
||||
"B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
|
||||
"3C1856A429BF97E7E31C2E5BD66"))
|
||||
ABORT;
|
||||
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
|
||||
ABORT;
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
|
||||
"C9B8899C47AEBB6FB71E91386409"))
|
||||
ABORT;
|
||||
if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
|
||||
ABORT;
|
||||
|
||||
if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
|
||||
ABORT;
|
||||
fprintf(stdout, "\nNIST curve P-521 -- Generator:\n x = 0x");
|
||||
BN_print_fp(stdout, x);
|
||||
fprintf(stdout, "\n y = 0x");
|
||||
BN_print_fp(stdout, y);
|
||||
fprintf(stdout, "\n");
|
||||
/* G_y value taken from the standard: */
|
||||
if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
|
||||
"B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
|
||||
"7086A272C24088BE94769FD16650"))
|
||||
ABORT;
|
||||
if (0 != BN_cmp(y, z))
|
||||
ABORT;
|
||||
|
||||
fprintf(stdout, "verify degree ...");
|
||||
if (EC_GROUP_get_degree(group) != 521)
|
||||
ABORT;
|
||||
fprintf(stdout, " ok\n");
|
||||
|
||||
group_order_tests(group);
|
||||
|
||||
if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group))))
|
||||
ABORT;
|
||||
if (!EC_GROUP_copy(P_521, group))
|
||||
ABORT;
|
||||
|
||||
/* more tests using the last curve */
|
||||
|
||||
if (!EC_POINT_copy(Q, P))
|
||||
ABORT;
|
||||
if (EC_POINT_is_at_infinity(group, Q))
|
||||
ABORT;
|
||||
if (!EC_POINT_dbl(group, P, P, ctx))
|
||||
ABORT;
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!EC_POINT_invert(group, Q, ctx))
|
||||
ABORT; /* P = -2Q */
|
||||
|
||||
if (!EC_POINT_add(group, R, P, Q, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_add(group, R, R, Q, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_at_infinity(group, R))
|
||||
ABORT; /* R = P + 2Q */
|
||||
|
||||
{
|
||||
const EC_POINT *points[4];
|
||||
const BIGNUM *scalars[4];
|
||||
BIGNUM scalar3;
|
||||
|
||||
if (EC_POINT_is_at_infinity(group, Q))
|
||||
ABORT;
|
||||
points[0] = Q;
|
||||
points[1] = Q;
|
||||
points[2] = Q;
|
||||
points[3] = Q;
|
||||
|
||||
if (!EC_GROUP_get_order(group, z, ctx))
|
||||
ABORT;
|
||||
if (!BN_add(y, z, BN_value_one()))
|
||||
ABORT;
|
||||
if (BN_is_odd(y))
|
||||
ABORT;
|
||||
if (!BN_rshift1(y, y))
|
||||
ABORT;
|
||||
scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
|
||||
scalars[1] = y;
|
||||
|
||||
fprintf(stdout, "combined multiplication ...");
|
||||
fflush(stdout);
|
||||
|
||||
/* z is still the group order */
|
||||
if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
|
||||
ABORT;
|
||||
if (0 != EC_POINT_cmp(group, P, R, ctx))
|
||||
ABORT;
|
||||
if (0 != EC_POINT_cmp(group, R, Q, ctx))
|
||||
ABORT;
|
||||
|
||||
fprintf(stdout, ".");
|
||||
fflush(stdout);
|
||||
|
||||
if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
|
||||
ABORT;
|
||||
if (!BN_add(z, z, y))
|
||||
ABORT;
|
||||
BN_set_negative(z, 1);
|
||||
scalars[0] = y;
|
||||
scalars[1] = z; /* z = -(order + y) */
|
||||
|
||||
if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_at_infinity(group, P))
|
||||
ABORT;
|
||||
|
||||
fprintf(stdout, ".");
|
||||
fflush(stdout);
|
||||
|
||||
if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
|
||||
ABORT;
|
||||
if (!BN_add(z, x, y))
|
||||
ABORT;
|
||||
BN_set_negative(z, 1);
|
||||
scalars[0] = x;
|
||||
scalars[1] = y;
|
||||
scalars[2] = z; /* z = -(x+y) */
|
||||
|
||||
BN_init(&scalar3);
|
||||
BN_zero(&scalar3);
|
||||
scalars[3] = &scalar3;
|
||||
|
||||
if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_at_infinity(group, P))
|
||||
ABORT;
|
||||
|
||||
fprintf(stdout, " ok\n\n");
|
||||
|
||||
BN_free(&scalar3);
|
||||
}
|
||||
|
||||
# if 0
|
||||
timings(P_256, TIMING_BASE_PT, ctx);
|
||||
timings(P_256, TIMING_RAND_PT, ctx);
|
||||
timings(P_256, TIMING_SIMUL, ctx);
|
||||
timings(P_384, TIMING_BASE_PT, ctx);
|
||||
timings(P_384, TIMING_RAND_PT, ctx);
|
||||
timings(P_384, TIMING_SIMUL, ctx);
|
||||
timings(P_521, TIMING_BASE_PT, ctx);
|
||||
timings(P_521, TIMING_RAND_PT, ctx);
|
||||
timings(P_521, TIMING_SIMUL, ctx);
|
||||
# endif
|
||||
|
||||
if (ctx)
|
||||
BN_CTX_free(ctx);
|
||||
BN_free(p);
|
||||
BN_free(a);
|
||||
BN_free(b);
|
||||
EC_GROUP_free(group);
|
||||
EC_POINT_free(P);
|
||||
EC_POINT_free(Q);
|
||||
EC_POINT_free(R);
|
||||
BN_free(x);
|
||||
BN_free(y);
|
||||
BN_free(z);
|
||||
|
||||
if (P_160)
|
||||
EC_GROUP_free(P_160);
|
||||
if (P_192)
|
||||
EC_GROUP_free(P_192);
|
||||
if (P_224)
|
||||
EC_GROUP_free(P_224);
|
||||
if (P_256)
|
||||
EC_GROUP_free(P_256);
|
||||
if (P_384)
|
||||
EC_GROUP_free(P_384);
|
||||
if (P_521)
|
||||
EC_GROUP_free(P_521);
|
||||
|
||||
}
|
||||
|
||||
|
||||
static void internal_curve_test(void)
|
||||
{
|
||||
EC_builtin_curve *curves = NULL;
|
||||
size_t crv_len = 0, n = 0;
|
||||
int ok = 1;
|
||||
|
||||
crv_len = EC_get_builtin_curves(NULL, 0);
|
||||
|
||||
curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
|
||||
|
||||
if (curves == NULL)
|
||||
return;
|
||||
|
||||
if (!EC_get_builtin_curves(curves, crv_len)) {
|
||||
OPENSSL_free(curves);
|
||||
return;
|
||||
}
|
||||
|
||||
fprintf(stdout, "testing internal curves: ");
|
||||
|
||||
for (n = 0; n < crv_len; n++) {
|
||||
EC_GROUP *group = NULL;
|
||||
int nid = curves[n].nid;
|
||||
if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) {
|
||||
ok = 0;
|
||||
fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
|
||||
" curve %s\n", OBJ_nid2sn(nid));
|
||||
/* try next curve */
|
||||
continue;
|
||||
}
|
||||
if (!EC_GROUP_check(group, NULL)) {
|
||||
ok = 0;
|
||||
fprintf(stdout, "\nEC_GROUP_check() failed with"
|
||||
" curve %s\n", OBJ_nid2sn(nid));
|
||||
EC_GROUP_free(group);
|
||||
/* try the next curve */
|
||||
continue;
|
||||
}
|
||||
fprintf(stdout, ".");
|
||||
fflush(stdout);
|
||||
EC_GROUP_free(group);
|
||||
}
|
||||
if (ok)
|
||||
fprintf(stdout, " ok\n\n");
|
||||
else {
|
||||
fprintf(stdout, " failed\n\n");
|
||||
ABORT;
|
||||
}
|
||||
OPENSSL_free(curves);
|
||||
return;
|
||||
}
|
||||
|
||||
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
/*
|
||||
* nistp_test_params contains magic numbers for testing our optimized
|
||||
* implementations of several NIST curves with characteristic > 3.
|
||||
*/
|
||||
struct nistp_test_params {
|
||||
const EC_METHOD *(*meth) ();
|
||||
int degree;
|
||||
/*
|
||||
* Qx, Qy and D are taken from
|
||||
* http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
|
||||
* Otherwise, values are standard curve parameters from FIPS 180-3
|
||||
*/
|
||||
const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
|
||||
};
|
||||
|
||||
static const struct nistp_test_params nistp_tests_params[] = {
|
||||
{
|
||||
/* P-256 */
|
||||
EC_GFp_nistp256_method,
|
||||
256,
|
||||
/* p */
|
||||
"ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
|
||||
/* a */
|
||||
"ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
|
||||
/* b */
|
||||
"5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
|
||||
/* Qx */
|
||||
"b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19",
|
||||
/* Qy */
|
||||
"3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09",
|
||||
/* Gx */
|
||||
"6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
|
||||
/* Gy */
|
||||
"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
|
||||
/* order */
|
||||
"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
|
||||
/* d */
|
||||
"c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96",
|
||||
},
|
||||
{
|
||||
/* P-521 */
|
||||
EC_GFp_nistp521_method,
|
||||
521,
|
||||
/* p */
|
||||
"1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
|
||||
/* a */
|
||||
"1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
|
||||
/* b */
|
||||
"051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
|
||||
/* Qx */
|
||||
"0098e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4",
|
||||
/* Qy */
|
||||
"0164350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e",
|
||||
/* Gx */
|
||||
"c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
|
||||
/* Gy */
|
||||
"11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
|
||||
/* order */
|
||||
"1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
|
||||
/* d */
|
||||
"0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722",
|
||||
},
|
||||
};
|
||||
|
||||
static void nistp_single_test(const struct nistp_test_params *test)
|
||||
{
|
||||
BN_CTX *ctx;
|
||||
BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
|
||||
EC_GROUP *NISTP;
|
||||
EC_POINT *G, *P, *Q, *Q_CHECK;
|
||||
|
||||
fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n",
|
||||
test->degree);
|
||||
ctx = BN_CTX_new();
|
||||
p = BN_new();
|
||||
a = BN_new();
|
||||
b = BN_new();
|
||||
x = BN_new();
|
||||
y = BN_new();
|
||||
m = BN_new();
|
||||
n = BN_new();
|
||||
order = BN_new();
|
||||
|
||||
NISTP = EC_GROUP_new(test->meth());
|
||||
if (!NISTP)
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&p, test->p))
|
||||
ABORT;
|
||||
if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&a, test->a))
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&b, test->b))
|
||||
ABORT;
|
||||
if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx))
|
||||
ABORT;
|
||||
G = EC_POINT_new(NISTP);
|
||||
P = EC_POINT_new(NISTP);
|
||||
Q = EC_POINT_new(NISTP);
|
||||
Q_CHECK = EC_POINT_new(NISTP);
|
||||
if (!BN_hex2bn(&x, test->Qx))
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&y, test->Qy))
|
||||
ABORT;
|
||||
if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx))
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&x, test->Gx))
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&y, test->Gy))
|
||||
ABORT;
|
||||
if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx))
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&order, test->order))
|
||||
ABORT;
|
||||
if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
|
||||
ABORT;
|
||||
|
||||
fprintf(stdout, "verify degree ... ");
|
||||
if (EC_GROUP_get_degree(NISTP) != test->degree)
|
||||
ABORT;
|
||||
fprintf(stdout, "ok\n");
|
||||
|
||||
fprintf(stdout, "NIST test vectors ... ");
|
||||
if (!BN_hex2bn(&n, test->d))
|
||||
ABORT;
|
||||
/* fixed point multiplication */
|
||||
EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
|
||||
if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
|
||||
ABORT;
|
||||
/* random point multiplication */
|
||||
EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
|
||||
if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
|
||||
ABORT;
|
||||
|
||||
/* set generator to P = 2*G, where G is the standard generator */
|
||||
if (!EC_POINT_dbl(NISTP, P, G, ctx))
|
||||
ABORT;
|
||||
if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one()))
|
||||
ABORT;
|
||||
/* set the scalar to m=n/2, where n is the NIST test scalar */
|
||||
if (!BN_rshift(m, n, 1))
|
||||
ABORT;
|
||||
|
||||
/* test the non-standard generator */
|
||||
/* fixed point multiplication */
|
||||
EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
|
||||
if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
|
||||
ABORT;
|
||||
/* random point multiplication */
|
||||
EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
|
||||
if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
|
||||
ABORT;
|
||||
|
||||
/*
|
||||
* We have not performed precomputation so have_precompute mult should be
|
||||
* false
|
||||
*/
|
||||
if (EC_GROUP_have_precompute_mult(NISTP))
|
||||
ABORT;
|
||||
|
||||
/* now repeat all tests with precomputation */
|
||||
if (!EC_GROUP_precompute_mult(NISTP, ctx))
|
||||
ABORT;
|
||||
if (!EC_GROUP_have_precompute_mult(NISTP))
|
||||
ABORT;
|
||||
|
||||
/* fixed point multiplication */
|
||||
EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
|
||||
if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
|
||||
ABORT;
|
||||
/* random point multiplication */
|
||||
EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
|
||||
if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
|
||||
ABORT;
|
||||
|
||||
/* reset generator */
|
||||
if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
|
||||
ABORT;
|
||||
/* fixed point multiplication */
|
||||
EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
|
||||
if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
|
||||
ABORT;
|
||||
/* random point multiplication */
|
||||
EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
|
||||
if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
|
||||
ABORT;
|
||||
|
||||
fprintf(stdout, "ok\n");
|
||||
group_order_tests(NISTP);
|
||||
# if 0
|
||||
timings(NISTP, TIMING_BASE_PT, ctx);
|
||||
timings(NISTP, TIMING_RAND_PT, ctx);
|
||||
# endif
|
||||
EC_GROUP_free(NISTP);
|
||||
EC_POINT_free(G);
|
||||
EC_POINT_free(P);
|
||||
EC_POINT_free(Q);
|
||||
EC_POINT_free(Q_CHECK);
|
||||
BN_free(n);
|
||||
BN_free(m);
|
||||
BN_free(p);
|
||||
BN_free(a);
|
||||
BN_free(b);
|
||||
BN_free(x);
|
||||
BN_free(y);
|
||||
BN_free(order);
|
||||
BN_CTX_free(ctx);
|
||||
}
|
||||
|
||||
static void nistp_tests()
|
||||
{
|
||||
unsigned i;
|
||||
|
||||
for (i = 0;
|
||||
i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params);
|
||||
i++) {
|
||||
nistp_single_test(&nistp_tests_params[i]);
|
||||
}
|
||||
}
|
||||
# endif
|
||||
|
||||
static const char rnd_seed[] =
|
||||
"string to make the random number generator think it has entropy";
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
|
||||
/* enable memory leak checking unless explicitly disabled */
|
||||
if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL)
|
||||
&& (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
|
||||
CRYPTO_malloc_debug_init();
|
||||
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
|
||||
} else {
|
||||
/* OPENSSL_DEBUG_MEMORY=off */
|
||||
CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
|
||||
}
|
||||
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
|
||||
|
||||
prime_field_tests();
|
||||
puts("");
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
char2_field_tests();
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
nistp_tests();
|
||||
# endif
|
||||
/* test the internal curves */
|
||||
internal_curve_test();
|
||||
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE_cleanup();
|
||||
# endif
|
||||
CRYPTO_cleanup_all_ex_data();
|
||||
ERR_free_strings();
|
||||
ERR_remove_thread_state(NULL);
|
||||
CRYPTO_mem_leaks_fp(stderr);
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
@ -0,0 +1,47 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Quit out if anything fails.
|
||||
set -e
|
||||
|
||||
# Clean out patent-or-otherwise-encumbered code.
|
||||
# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
|
||||
# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore
|
||||
# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore
|
||||
# EC: ????????? ??/??/2020
|
||||
# SRP: ????????? ??/??/20??
|
||||
|
||||
# Remove assembler portions of IDEA, MDC2, and RC5.
|
||||
# (find crypto/rc5/asm -type f | xargs -r rm -fv)
|
||||
|
||||
# SRP.
|
||||
for a in srp; do
|
||||
for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
|
||||
echo Destroying $c
|
||||
> $c
|
||||
done
|
||||
done
|
||||
|
||||
for c in `find crypto/bn -name "*gf2m.c"`; do
|
||||
echo Destroying $c
|
||||
> $c
|
||||
done
|
||||
|
||||
for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c" -o -name "ecp_nistp22?.c" -o -name "ectest.c"`; do
|
||||
echo Destroying $c
|
||||
> $c
|
||||
done
|
||||
|
||||
for h in `find crypto ssl apps test -name "*.h"` ; do
|
||||
echo Removing SRP and EC2M references from $h
|
||||
cat $h | \
|
||||
awk 'BEGIN {ech=1;} \
|
||||
/^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \
|
||||
/^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
|
||||
/^#[ \t]*if/ {if(ech < 1) ech--;} \
|
||||
{if(ech>0) {;print $0};} \
|
||||
/^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
|
||||
mv $h.hobbled $h
|
||||
done
|
||||
|
||||
# Make the makefiles happy.
|
||||
# touch crypto/rc5/asm/rc5-586.pl
|
@ -0,0 +1,28 @@
|
||||
#!/bin/sh
|
||||
umask 077
|
||||
|
||||
answers() {
|
||||
echo --
|
||||
echo SomeState
|
||||
echo SomeCity
|
||||
echo SomeOrganization
|
||||
echo SomeOrganizationalUnit
|
||||
echo localhost.localdomain
|
||||
echo root@localhost.localdomain
|
||||
}
|
||||
|
||||
if [ $# -eq 0 ] ; then
|
||||
echo $"Usage: `basename $0` filename [...]"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
for target in $@ ; do
|
||||
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX`
|
||||
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX`
|
||||
trap "rm -f $PEM1 $PEM2" SIGINT
|
||||
answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null
|
||||
cat $PEM1 > ${target}
|
||||
echo "" >> ${target}
|
||||
cat $PEM2 >> ${target}
|
||||
rm -f $PEM1 $PEM2
|
||||
done
|
@ -0,0 +1,10 @@
|
||||
--- crypto/fips/fips.c.orig 2010-10-07 23:33:08.293664062 +0200
|
||||
+++ crypto/fips/fips.c 2010-10-07 23:33:20.723360688 +0200
|
||||
@@ -57,7 +57,6 @@
|
||||
#include <openssl/rsa.h>
|
||||
#include <string.h>
|
||||
#include <limits.h>
|
||||
-#include <dlfcn.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include "fips_locl.h"
|
@ -0,0 +1,97 @@
|
||||
--- openssl-1.0.1c/crypto/fips/fips_rand_selftest.c.orig 2012-11-03 18:59:03.620066556 +0100
|
||||
+++ openssl-1.0.1c/crypto/fips/fips_rand_selftest.c 2012-11-03 19:57:33.156686682 +0100
|
||||
@@ -47,6 +47,8 @@
|
||||
*
|
||||
*/
|
||||
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+
|
||||
#include <string.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/fips.h>
|
||||
@@ -54,8 +56,6 @@
|
||||
#include <openssl/fips_rand.h>
|
||||
#include "fips_locl.h"
|
||||
|
||||
-#ifdef OPENSSL_FIPS
|
||||
-
|
||||
typedef struct {
|
||||
unsigned char DT[16];
|
||||
unsigned char V[16];
|
||||
--- openssl-1.0.1c/crypto/fips/fips_dsa_selftest.c.orig 2012-11-03 20:03:20.546180631 +0100
|
||||
+++ openssl-1.0.1c/crypto/fips/fips_dsa_selftest.c 2012-11-03 20:03:46.069328396 +0100
|
||||
@@ -47,6 +47,8 @@
|
||||
*
|
||||
*/
|
||||
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+
|
||||
#include <string.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/dsa.h>
|
||||
@@ -56,8 +58,6 @@
|
||||
#include <openssl/bn.h>
|
||||
#include "fips_locl.h"
|
||||
|
||||
-#ifdef OPENSSL_FIPS
|
||||
-
|
||||
static const unsigned char dsa_test_2048_p[] = {
|
||||
0xa8, 0x53, 0x78, 0xd8, 0xfd, 0x3f, 0x8d, 0x72, 0xec, 0x74, 0x18, 0x08,
|
||||
0x0d, 0xa2, 0x13, 0x17, 0xe4, 0x3e, 0xc4, 0xb6, 0x2b, 0xa8, 0xc8, 0x62,
|
||||
--- openssl-1.0.1c/crypto/fips/fips_rand.c.orig 2012-11-03 20:07:49.956891942 +0100
|
||||
+++ openssl-1.0.1c/crypto/fips/fips_rand.c 2012-11-03 20:08:14.260048118 +0100
|
||||
@@ -47,6 +47,8 @@
|
||||
*
|
||||
*/
|
||||
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+
|
||||
/*
|
||||
* This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4.
|
||||
*/
|
||||
@@ -82,8 +84,6 @@
|
||||
#include <openssl/fips.h>
|
||||
#include "fips_locl.h"
|
||||
|
||||
-#ifdef OPENSSL_FIPS
|
||||
-
|
||||
void *OPENSSL_stderr(void);
|
||||
|
||||
# define AES_BLOCK_LENGTH 16
|
||||
--- openssl-1.0.1c/crypto/rand/md_rand.c.orig 2012-11-03 20:19:31.461754618 +0100
|
||||
+++ openssl-1.0.1c/crypto/rand/md_rand.c 2012-11-03 20:20:58.294282662 +0100
|
||||
@@ -394,7 +394,11 @@
|
||||
/* always poll for external entropy in FIPS mode, drbg provides the
|
||||
* expansion
|
||||
*/
|
||||
+#ifdef OPENSSL_FIPS
|
||||
if (!initialized || FIPS_module_mode()) {
|
||||
+#else
|
||||
+ if (!initialized) {
|
||||
+#endif
|
||||
RAND_poll();
|
||||
initialized = 1;
|
||||
}
|
||||
--- openssl-1.0.1c/crypto/opensslconf.h.in 2012-11-09 20:34:03.434391630 +0100
|
||||
+++ openssl-1.0.1c/crypto/opensslconf.h.in.fips 2005-12-16 11:37:23.000000000 +0100
|
||||
@@ -1,20 +1,5 @@
|
||||
/* crypto/opensslconf.h.in */
|
||||
|
||||
-#ifdef OPENSSL_DOING_MAKEDEPEND
|
||||
-
|
||||
-/* Include any symbols here that have to be explicitly set to enable a feature
|
||||
- * that should be visible to makedepend.
|
||||
- *
|
||||
- * [Our "make depend" doesn't actually look at this, we use actual build settings
|
||||
- * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
|
||||
- */
|
||||
-
|
||||
-#ifndef OPENSSL_FIPS
|
||||
-#define OPENSSL_FIPS
|
||||
-#endif
|
||||
-
|
||||
-#endif
|
||||
-
|
||||
/* Generate 80386 code? */
|
||||
#undef I386_ONLY
|
||||
|
@ -0,0 +1,50 @@
|
||||
diff -up openssl-1.0.0-beta3/Makefile.org.mingw-libversion openssl-1.0.0-beta3/Makefile.org
|
||||
--- openssl-1.0.0-beta3/Makefile.org.mingw-libversion 2009-08-29 22:44:10.000000000 +0300
|
||||
+++ openssl-1.0.0-beta3/Makefile.org 2009-08-29 22:45:42.000000000 +0300
|
||||
@@ -542,8 +542,8 @@ install_sw:
|
||||
fi ); \
|
||||
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
|
||||
( case $$i in \
|
||||
- *crypto*) i=libeay32.dll;; \
|
||||
- *ssl*) i=ssleay32.dll;; \
|
||||
+ *crypto*) i=libcrypto-$(SHLIB_SONAMEVER).dll;; \
|
||||
+ *ssl*) i=libssl-$(SHLIB_SONAMEVER).dll;; \
|
||||
esac; \
|
||||
echo installing $$i; \
|
||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
|
||||
diff -up openssl-1.0.0-beta3/Makefile.shared.mingw-libversion openssl-1.0.0-beta3/Makefile.shared
|
||||
--- openssl-1.0.0-beta3/Makefile.shared.mingw-libversion 2009-08-29 22:33:22.000000000 +0300
|
||||
+++ openssl-1.0.0-beta3/Makefile.shared 2009-08-29 22:33:22.000000000 +0300
|
||||
@@ -47,7 +47,7 @@ LIBEXTRAS=
|
||||
# LIBVERSION contains the current version of the library.
|
||||
# For example, to build libfoo.so.1.2, you need to do the following:
|
||||
#LIBVERSION=1.2
|
||||
-LIBVERSION=
|
||||
+LIBVERSION=10
|
||||
|
||||
# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
|
||||
# the library. They MUST be in decreasing order.
|
||||
@@ -250,7 +250,7 @@ link_o.cygwin:
|
||||
base=-Wl,--enable-auto-image-base; \
|
||||
deffile=; \
|
||||
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
|
||||
- SHLIB=$(LIBNAME)eay32; base=; \
|
||||
+ SHLIB=lib$(LIBNAME); base=; \
|
||||
if test -f $(LIBNAME)eay32.def; then \
|
||||
deffile=$(LIBNAME)eay32.def; \
|
||||
fi; \
|
||||
@@ -282,13 +282,7 @@
|
||||
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; extras=; \
|
||||
base=-Wl,--enable-auto-image-base; \
|
||||
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
|
||||
- case $(LIBNAME) in \
|
||||
- crypto) SHLIB=libeay;; \
|
||||
- ssl) SHLIB=ssleay;; \
|
||||
- esac; \
|
||||
- SHLIB_SOVER=32; \
|
||||
- extras="$(LIBNAME).def"; \
|
||||
- $(PERL) util/mkdef.pl 32 $$SHLIB > $$extras; \
|
||||
+ SHLIB=lib$(LIBNAME); \
|
||||
base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \
|
||||
fi; \
|
||||
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
|
@ -0,0 +1,14 @@
|
||||
--- openssl-1.0.2a/engines/Makefile.enginesdir 2015-03-19 14:31:14.000000000 +0100
|
||||
+++ openssl-1.0.2a/engines/Makefile 2015-04-24 18:27:12.875788913 +0200
|
||||
@@ -111,7 +111,10 @@
|
||||
for l in $(LIBNAMES); do \
|
||||
( echo installing $$l; \
|
||||
pfx=lib; \
|
||||
- if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
|
||||
+ if [ "$(PLATFORM)" = "mingw" ]; then \
|
||||
+ sfx=.dll; \
|
||||
+ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \
|
||||
+ elif expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
|
||||
sfx=".so"; \
|
||||
cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
|
||||
else \
|
@ -0,0 +1,36 @@
|
||||
diff -up openssl-1.0.0-beta4/apps/CA.pl.in.ca-dir openssl-1.0.0-beta4/apps/CA.pl.in
|
||||
--- openssl-1.0.0-beta4/apps/CA.pl.in.ca-dir 2006-04-28 02:30:49.000000000 +0200
|
||||
+++ openssl-1.0.0-beta4/apps/CA.pl.in 2009-11-12 12:33:13.000000000 +0100
|
||||
@@ -53,7 +53,7 @@ $VERIFY="$openssl verify";
|
||||
$X509="$openssl x509";
|
||||
$PKCS12="$openssl pkcs12";
|
||||
|
||||
-$CATOP="./demoCA";
|
||||
+$CATOP="/etc/pki/CA";
|
||||
$CAKEY="cakey.pem";
|
||||
$CAREQ="careq.pem";
|
||||
$CACERT="cacert.pem";
|
||||
diff -up openssl-1.0.0-beta4/apps/CA.sh.ca-dir openssl-1.0.0-beta4/apps/CA.sh
|
||||
--- openssl-1.0.0-beta4/apps/CA.sh.ca-dir 2009-10-15 19:27:47.000000000 +0200
|
||||
+++ openssl-1.0.0-beta4/apps/CA.sh 2009-11-12 12:35:14.000000000 +0100
|
||||
@@ -68,7 +68,7 @@ VERIFY="$OPENSSL verify"
|
||||
X509="$OPENSSL x509"
|
||||
PKCS12="openssl pkcs12"
|
||||
|
||||
-if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
|
||||
+if [ -z "$CATOP" ] ; then CATOP=/etc/pki/CA ; fi
|
||||
CAKEY=./cakey.pem
|
||||
CAREQ=./careq.pem
|
||||
CACERT=./cacert.pem
|
||||
diff -up openssl-1.0.0-beta4/apps/openssl.cnf.ca-dir openssl-1.0.0-beta4/apps/openssl.cnf
|
||||
--- openssl-1.0.0-beta4/apps/openssl.cnf.ca-dir 2009-11-12 12:33:13.000000000 +0100
|
||||
+++ openssl-1.0.0-beta4/apps/openssl.cnf 2009-11-12 12:33:13.000000000 +0100
|
||||
@@ -39,7 +39,7 @@ default_ca = CA_default # The default c
|
||||
####################################################################
|
||||
[ CA_default ]
|
||||
|
||||
-dir = ./demoCA # Where everything is kept
|
||||
+dir = /etc/pki/CA # Where everything is kept
|
||||
certs = $dir/certs # Where the issued certs are kept
|
||||
crl_dir = $dir/crl # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
@ -0,0 +1,21 @@
|
||||
diff -up openssl-1.0.0/Makefile.org.timezone openssl-1.0.0/Makefile.org
|
||||
--- openssl-1.0.0/Makefile.org.timezone 2010-03-30 11:08:40.000000000 +0200
|
||||
+++ openssl-1.0.0/Makefile.org 2010-04-06 12:49:21.000000000 +0200
|
||||
@@ -609,7 +609,7 @@ install_docs:
|
||||
sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
|
||||
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
- sh -c "$$pod2man \
|
||||
+ sh -c "TZ=UTC $$pod2man \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
|
||||
@@ -626,7 +626,7 @@ install_docs:
|
||||
sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
|
||||
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
- sh -c "$$pod2man \
|
||||
+ sh -c "TZ=UTC $$pod2man \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
|
@ -0,0 +1,12 @@
|
||||
diff -up openssl-1.0.1c/crypto/modes/Makefile.aliasing openssl-1.0.1c/crypto/modes/Makefile
|
||||
--- openssl-1.0.1c/crypto/modes/Makefile.aliasing 2011-08-12 00:36:17.000000000 +0200
|
||||
+++ openssl-1.0.1c/crypto/modes/Makefile 2012-07-13 11:32:10.767829077 +0200
|
||||
@@ -12,7 +12,7 @@ AR= ar r
|
||||
|
||||
MODES_ASM_OBJ=
|
||||
|
||||
-CFLAGS= $(INCLUDES) $(CFLAG)
|
||||
+CFLAGS= $(INCLUDES) $(CFLAG) -fno-strict-aliasing
|
||||
ASFLAGS= $(INCLUDES) $(ASFLAG)
|
||||
AFLAGS= $(ASFLAGS)
|
||||
|
@ -0,0 +1,16 @@
|
||||
diff -up openssl-1.0.1c/util/perlpath.pl.perlfind openssl-1.0.1c/util/perlpath.pl
|
||||
--- openssl-1.0.1c/util/perlpath.pl.perlfind 2012-07-11 22:57:33.000000000 +0200
|
||||
+++ openssl-1.0.1c/util/perlpath.pl 2012-07-12 00:31:12.102156275 +0200
|
||||
@@ -4,10 +4,10 @@
|
||||
# line in all scripts that rely on perl.
|
||||
#
|
||||
|
||||
-require "find.pl";
|
||||
+use File::Find;
|
||||
|
||||
$#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
|
||||
-&find(".");
|
||||
+find(\&wanted, ".");
|
||||
|
||||
sub wanted
|
||||
{
|
@ -0,0 +1,77 @@
|
||||
diff -up openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod
|
||||
--- openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod.algo-doc 2014-08-06 23:10:56.000000000 +0200
|
||||
+++ openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod 2014-08-07 11:18:01.290773970 +0200
|
||||
@@ -75,7 +75,7 @@ EVP_MD_CTX_create() allocates, initializ
|
||||
|
||||
EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
|
||||
B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
|
||||
-function. B<type> will typically be supplied by a functionsuch as EVP_sha1().
|
||||
+function. B<type> will typically be supplied by a function such as EVP_sha1().
|
||||
If B<impl> is NULL then the default implementation of digest B<type> is used.
|
||||
|
||||
EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
|
||||
@@ -164,7 +164,8 @@ corresponding OBJECT IDENTIFIER or NID_u
|
||||
EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
|
||||
EVP_MD_CTX_block_size() return the digest or block size in bytes.
|
||||
|
||||
-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
|
||||
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
|
||||
+EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_dss(),
|
||||
EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
|
||||
corresponding EVP_MD structures.
|
||||
|
||||
diff -up openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod
|
||||
--- openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod.algo-doc 2014-08-06 23:10:56.000000000 +0200
|
||||
+++ openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod 2014-08-07 10:55:25.100638252 +0200
|
||||
@@ -91,6 +91,32 @@ EVP_CIPHER_CTX_set_padding - EVP cipher
|
||||
int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
|
||||
int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
|
||||
|
||||
+ const EVP_CIPHER *EVP_des_ede3(void);
|
||||
+ const EVP_CIPHER *EVP_des_ede3_ecb(void);
|
||||
+ const EVP_CIPHER *EVP_des_ede3_cfb64(void);
|
||||
+ const EVP_CIPHER *EVP_des_ede3_cfb1(void);
|
||||
+ const EVP_CIPHER *EVP_des_ede3_cfb8(void);
|
||||
+ const EVP_CIPHER *EVP_des_ede3_ofb(void);
|
||||
+ const EVP_CIPHER *EVP_des_ede3_cbc(void);
|
||||
+ const EVP_CIPHER *EVP_aes_128_ecb(void);
|
||||
+ const EVP_CIPHER *EVP_aes_128_cbc(void);
|
||||
+ const EVP_CIPHER *EVP_aes_128_cfb1(void);
|
||||
+ const EVP_CIPHER *EVP_aes_128_cfb8(void);
|
||||
+ const EVP_CIPHER *EVP_aes_128_cfb128(void);
|
||||
+ const EVP_CIPHER *EVP_aes_128_ofb(void);
|
||||
+ const EVP_CIPHER *EVP_aes_192_ecb(void);
|
||||
+ const EVP_CIPHER *EVP_aes_192_cbc(void);
|
||||
+ const EVP_CIPHER *EVP_aes_192_cfb1(void);
|
||||
+ const EVP_CIPHER *EVP_aes_192_cfb8(void);
|
||||
+ const EVP_CIPHER *EVP_aes_192_cfb128(void);
|
||||
+ const EVP_CIPHER *EVP_aes_192_ofb(void);
|
||||
+ const EVP_CIPHER *EVP_aes_256_ecb(void);
|
||||
+ const EVP_CIPHER *EVP_aes_256_cbc(void);
|
||||
+ const EVP_CIPHER *EVP_aes_256_cfb1(void);
|
||||
+ const EVP_CIPHER *EVP_aes_256_cfb8(void);
|
||||
+ const EVP_CIPHER *EVP_aes_256_cfb128(void);
|
||||
+ const EVP_CIPHER *EVP_aes_256_ofb(void);
|
||||
+
|
||||
=head1 DESCRIPTION
|
||||
|
||||
The EVP cipher routines are a high level interface to certain
|
||||
@@ -297,6 +323,18 @@ Three key triple DES in CBC, ECB, CFB an
|
||||
|
||||
DESX algorithm in CBC mode.
|
||||
|
||||
+=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(), EVP_aes_128_ofb(void), EVP_aes_128_cfb1(void), EVP_aes_128_cfb8(void), EVP_aes_128_cfb128(void)
|
||||
+
|
||||
+AES with 128 bit key length in CBC, ECB, OFB and CFB modes respectively.
|
||||
+
|
||||
+=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(), EVP_aes_192_ofb(void), EVP_aes_192_cfb1(void), EVP_aes_192_cfb8(void), EVP_aes_192_cfb128(void)
|
||||
+
|
||||
+AES with 192 bit key length in CBC, ECB, OFB and CFB modes respectively.
|
||||
+
|
||||
+=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(), EVP_aes_256_ofb(void), EVP_aes_256_cfb1(void), EVP_aes_256_cfb8(void), EVP_aes_256_cfb128(void)
|
||||
+
|
||||
+AES with 256 bit key length in CBC, ECB, OFB and CFB modes respectively.
|
||||
+
|
||||
=item EVP_rc4(void)
|
||||
|
||||
RC4 stream cipher. This is a variable key length cipher with default key length 128 bits.
|
@ -0,0 +1,110 @@
|
||||
diff -up openssl-1.0.2a/apps/ca.c.dgst openssl-1.0.2a/apps/ca.c
|
||||
--- openssl-1.0.2a/apps/ca.c.dgst 2015-03-19 14:30:36.000000000 +0100
|
||||
+++ openssl-1.0.2a/apps/ca.c 2015-04-21 17:01:38.841551616 +0200
|
||||
@@ -157,7 +157,7 @@ static const char *ca_usage[] = {
|
||||
" -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
|
||||
" -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n",
|
||||
" -days arg - number of days to certify the certificate for\n",
|
||||
- " -md arg - md to use, one of md2, md5, sha or sha1\n",
|
||||
+ " -md arg - md to use, see openssl dgst -h for list\n",
|
||||
" -policy arg - The CA 'policy' to support\n",
|
||||
" -keyfile arg - private key file\n",
|
||||
" -keyform arg - private key file format (PEM or ENGINE)\n",
|
||||
diff -up openssl-1.0.2a/apps/enc.c.dgst openssl-1.0.2a/apps/enc.c
|
||||
--- openssl-1.0.2a/apps/enc.c.dgst 2015-03-19 14:19:00.000000000 +0100
|
||||
+++ openssl-1.0.2a/apps/enc.c 2015-04-21 17:01:38.841551616 +0200
|
||||
@@ -294,7 +294,7 @@ int MAIN(int argc, char **argv)
|
||||
"%-14s the next argument is the md to use to create a key\n",
|
||||
"-md");
|
||||
BIO_printf(bio_err,
|
||||
- "%-14s from a passphrase. One of md2, md5, sha or sha1\n",
|
||||
+ "%-14s from a passphrase. See openssl dgst -h for list.\n",
|
||||
"");
|
||||
BIO_printf(bio_err, "%-14s salt in hex is the next argument\n",
|
||||
"-S");
|
||||
diff -up openssl-1.0.2a/apps/req.c.dgst openssl-1.0.2a/apps/req.c
|
||||
--- openssl-1.0.2a/apps/req.c.dgst 2015-03-19 14:19:00.000000000 +0100
|
||||
+++ openssl-1.0.2a/apps/req.c 2015-04-21 17:01:38.842551640 +0200
|
||||
@@ -414,7 +414,7 @@ int MAIN(int argc, char **argv)
|
||||
" -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
|
||||
#endif
|
||||
BIO_printf(bio_err,
|
||||
- " -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
|
||||
+ " -[digest] Digest to sign with (see openssl dgst -h for list)\n");
|
||||
BIO_printf(bio_err, " -config file request template file.\n");
|
||||
BIO_printf(bio_err,
|
||||
" -subj arg set or modify request subject\n");
|
||||
diff -up openssl-1.0.2a/apps/ts.c.dgst openssl-1.0.2a/apps/ts.c
|
||||
--- openssl-1.0.2a/apps/ts.c.dgst 2015-03-19 14:19:00.000000000 +0100
|
||||
+++ openssl-1.0.2a/apps/ts.c 2015-04-21 17:01:38.842551640 +0200
|
||||
@@ -337,7 +337,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "usage:\n"
|
||||
"ts -query [-rand file%cfile%c...] [-config configfile] "
|
||||
"[-data file_to_hash] [-digest digest_bytes]"
|
||||
- "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] "
|
||||
+ "[-<hashalg>] "
|
||||
"[-policy object_id] [-no_nonce] [-cert] "
|
||||
"[-in request.tsq] [-out request.tsq] [-text]\n",
|
||||
LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
||||
diff -up openssl-1.0.2a/apps/x509.c.dgst openssl-1.0.2a/apps/x509.c
|
||||
--- openssl-1.0.2a/apps/x509.c.dgst 2015-03-19 14:30:36.000000000 +0100
|
||||
+++ openssl-1.0.2a/apps/x509.c 2015-04-21 17:01:38.842551640 +0200
|
||||
@@ -141,7 +141,7 @@ static const char *x509_usage[] = {
|
||||
" -set_serial - serial number to use\n",
|
||||
" -text - print the certificate in text form\n",
|
||||
" -C - print out C code forms\n",
|
||||
- " -md2/-md5/-sha1/-mdc2 - digest to use\n",
|
||||
+ " -<dgst> - digest to use, see openssl dgst -h output for list\n",
|
||||
" -extfile - configuration file with X509V3 extensions to add\n",
|
||||
" -extensions - section from config file with X509V3 extensions to add\n",
|
||||
" -clrext - delete extensions before signing and input certificate\n",
|
||||
diff -up openssl-1.0.2a/doc/apps/ca.pod.dgst openssl-1.0.2a/doc/apps/ca.pod
|
||||
--- openssl-1.0.2a/doc/apps/ca.pod.dgst 2015-01-20 13:33:36.000000000 +0100
|
||||
+++ openssl-1.0.2a/doc/apps/ca.pod 2015-04-21 17:01:38.842551640 +0200
|
||||
@@ -168,7 +168,8 @@ the number of days to certify the certif
|
||||
=item B<-md alg>
|
||||
|
||||
the message digest to use. Possible values include md5, sha1 and mdc2.
|
||||
-This option also applies to CRLs.
|
||||
+For full list of digests see openssl dgst -h output. This option also
|
||||
+applies to CRLs.
|
||||
|
||||
=item B<-policy arg>
|
||||
|
||||
diff -up openssl-1.0.2a/doc/apps/ocsp.pod.dgst openssl-1.0.2a/doc/apps/ocsp.pod
|
||||
--- openssl-1.0.2a/doc/apps/ocsp.pod.dgst 2015-03-19 14:19:00.000000000 +0100
|
||||
+++ openssl-1.0.2a/doc/apps/ocsp.pod 2015-04-21 17:01:38.842551640 +0200
|
||||
@@ -219,7 +219,8 @@ check is not performed.
|
||||
=item B<-md5|-sha1|-sha256|-ripemod160|...>
|
||||
|
||||
this option sets digest algorithm to use for certificate identification
|
||||
-in the OCSP request. By default SHA-1 is used.
|
||||
+in the OCSP request. By default SHA-1 is used. See openssl dgst -h output for
|
||||
+the list of available algorithms.
|
||||
|
||||
=back
|
||||
|
||||
diff -up openssl-1.0.2a/doc/apps/req.pod.dgst openssl-1.0.2a/doc/apps/req.pod
|
||||
--- openssl-1.0.2a/doc/apps/req.pod.dgst 2015-03-19 14:30:36.000000000 +0100
|
||||
+++ openssl-1.0.2a/doc/apps/req.pod 2015-04-21 17:01:38.843551664 +0200
|
||||
@@ -201,7 +201,8 @@ will not be encrypted.
|
||||
|
||||
this specifies the message digest to sign the request with (such as
|
||||
B<-md5>, B<-sha1>). This overrides the digest algorithm specified in
|
||||
-the configuration file.
|
||||
+the configuration file. For full list of possible digests see openssl
|
||||
+dgst -h output.
|
||||
|
||||
Some public key algorithms may override this choice. For instance, DSA
|
||||
signatures always use SHA1, GOST R 34.10 signatures always use
|
||||
diff -up openssl-1.0.2a/doc/apps/x509.pod.dgst openssl-1.0.2a/doc/apps/x509.pod
|
||||
--- openssl-1.0.2a/doc/apps/x509.pod.dgst 2015-03-19 14:30:36.000000000 +0100
|
||||
+++ openssl-1.0.2a/doc/apps/x509.pod 2015-04-21 17:01:38.843551664 +0200
|
||||
@@ -107,6 +107,7 @@ the digest to use. This affects any sign
|
||||
digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
|
||||
specified then SHA1 is used. If the key being used to sign with is a DSA key
|
||||
then this option has no effect: SHA1 is always used with DSA keys.
|
||||
+For full list of digests see openssl dgst -h output.
|
||||
|
||||
=item B<-engine id>
|
||||
|
@ -0,0 +1,46 @@
|
||||
diff -up openssl-1.0.2a/crypto/dsa/dsa_key.c.compat openssl-1.0.2a/crypto/dsa/dsa_key.c
|
||||
--- openssl-1.0.2a/crypto/dsa/dsa_key.c.compat 2015-04-09 18:21:11.687977858 +0200
|
||||
+++ openssl-1.0.2a/crypto/dsa/dsa_key.c 2015-04-09 18:21:07.869889659 +0200
|
||||
@@ -68,6 +68,11 @@
|
||||
# include <openssl/fips.h>
|
||||
# include <openssl/evp.h>
|
||||
|
||||
+/* just a compatibility symbol - no-op */
|
||||
+void FIPS_corrupt_dsa_keygen(void)
|
||||
+{
|
||||
+}
|
||||
+
|
||||
static int fips_check_dsa(DSA *dsa)
|
||||
{
|
||||
EVP_PKEY *pk;
|
||||
diff -up openssl-1.0.2a/crypto/engine/eng_all.c.compat openssl-1.0.2a/crypto/engine/eng_all.c
|
||||
--- openssl-1.0.2a/crypto/engine/eng_all.c.compat 2015-04-09 18:21:11.688977881 +0200
|
||||
+++ openssl-1.0.2a/crypto/engine/eng_all.c 2015-04-09 18:21:09.159919459 +0200
|
||||
@@ -63,6 +63,11 @@
|
||||
# include <openssl/fips.h>
|
||||
#endif
|
||||
|
||||
+/* just backwards compatibility symbol - no-op */
|
||||
+void ENGINE_load_aesni(void)
|
||||
+{
|
||||
+}
|
||||
+
|
||||
void ENGINE_load_builtin_engines(void)
|
||||
{
|
||||
/* Some ENGINEs need this */
|
||||
diff -up openssl-1.0.2a/crypto/fips/fips.c.compat openssl-1.0.2a/crypto/fips/fips.c
|
||||
--- openssl-1.0.2a/crypto/fips/fips.c.compat 2015-04-09 18:21:11.689977904 +0200
|
||||
+++ openssl-1.0.2a/crypto/fips/fips.c 2015-04-09 18:21:09.925937154 +0200
|
||||
@@ -113,6 +113,12 @@ int FIPS_module_mode(void)
|
||||
return ret;
|
||||
}
|
||||
|
||||
+/* just a compat symbol - return NULL */
|
||||
+const void *FIPS_rand_check(void)
|
||||
+{
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
int FIPS_selftest_failed(void)
|
||||
{
|
||||
int ret = 0;
|
@ -0,0 +1,60 @@
|
||||
diff -up openssl-1.0.2a/apps/openssl.cnf.defaults openssl-1.0.2a/apps/openssl.cnf
|
||||
--- openssl-1.0.2a/apps/openssl.cnf.defaults 2015-03-19 14:30:36.000000000 +0100
|
||||
+++ openssl-1.0.2a/apps/openssl.cnf 2015-04-20 14:37:10.112271850 +0200
|
||||
@@ -72,7 +72,7 @@ cert_opt = ca_default # Certificate fi
|
||||
|
||||
default_days = 365 # how long to certify for
|
||||
default_crl_days= 30 # how long before next CRL
|
||||
-default_md = default # use public key default MD
|
||||
+default_md = sha256 # use SHA-256 by default
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
# A few difference way of specifying how similar the request should look
|
||||
@@ -104,6 +104,7 @@ emailAddress = optional
|
||||
####################################################################
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
+default_md = sha256
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
@@ -126,17 +127,18 @@ string_mask = utf8only
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
-countryName_default = AU
|
||||
+countryName_default = XX
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
-stateOrProvinceName_default = Some-State
|
||||
+#stateOrProvinceName_default = Default Province
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
+localityName_default = Default City
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
-0.organizationName_default = Internet Widgits Pty Ltd
|
||||
+0.organizationName_default = Default Company Ltd
|
||||
|
||||
# we can do this but it is not needed normally :-)
|
||||
#1.organizationName = Second Organization Name (eg, company)
|
||||
@@ -145,7 +147,7 @@ localityName = Locality Name (eg, city
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
#organizationalUnitName_default =
|
||||
|
||||
-commonName = Common Name (e.g. server FQDN or YOUR name)
|
||||
+commonName = Common Name (eg, your name or your server\'s hostname)
|
||||
commonName_max = 64
|
||||
|
||||
emailAddress = Email Address
|
||||
@@ -339,7 +341,7 @@ signer_key = $dir/private/tsakey.pem # T
|
||||
default_policy = tsa_policy1 # Policy if request did not specify it
|
||||
# (optional)
|
||||
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
|
||||
-digests = md5, sha1 # Acceptable message digests (mandatory)
|
||||
+digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
|
||||
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
|
||||
clock_precision_digits = 0 # number of digits after dot. (optional)
|
||||
ordering = yes # Is ordering defined for timestamps?
|
@ -0,0 +1,23 @@
|
||||
diff -up openssl-1.0.2a/ssl/dtls1.h.dtls1-abi openssl-1.0.2a/ssl/dtls1.h
|
||||
--- openssl-1.0.2a/ssl/dtls1.h.dtls1-abi 2015-04-21 10:49:57.984781143 +0200
|
||||
+++ openssl-1.0.2a/ssl/dtls1.h 2015-04-21 16:41:37.835164264 +0200
|
||||
@@ -214,9 +214,6 @@ typedef struct dtls1_state_st {
|
||||
* loss.
|
||||
*/
|
||||
record_pqueue buffered_app_data;
|
||||
- /* Is set when listening for new connections with dtls1_listen() */
|
||||
- unsigned int listen;
|
||||
- unsigned int link_mtu; /* max on-the-wire DTLS packet size */
|
||||
unsigned int mtu; /* max DTLS packet size */
|
||||
struct hm_header_st w_msg_hdr;
|
||||
struct hm_header_st r_msg_hdr;
|
||||
@@ -241,6 +238,9 @@ typedef struct dtls1_state_st {
|
||||
* Cleared after the message has been processed.
|
||||
*/
|
||||
unsigned int change_cipher_spec_ok;
|
||||
+ /* Is set when listening for new connections with dtls1_listen() */
|
||||
+ unsigned int listen;
|
||||
+ unsigned int link_mtu; /* max on-the-wire DTLS packet size */
|
||||
# ifndef OPENSSL_NO_SCTP
|
||||
/* used when SSL_ST_XX_FLUSH is entered */
|
||||
int next_state;
|
@ -0,0 +1,39 @@
|
||||
diff -up openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod.env-zlib openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod
|
||||
--- openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod.env-zlib 2015-04-09 18:17:20.509637597 +0200
|
||||
+++ openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod 2015-04-09 18:17:14.767504953 +0200
|
||||
@@ -47,6 +47,13 @@ Once the identities of the compression m
|
||||
been standardized, the compression API will most likely be changed. Using
|
||||
it in the current state is not recommended.
|
||||
|
||||
+It is also not recommended to use compression if data transfered contain
|
||||
+untrusted parts that can be manipulated by an attacker as he could then
|
||||
+get information about the encrypted data. See the CRIME attack. For
|
||||
+that reason the default loading of the zlib compression method is
|
||||
+disabled and enabled only if the environment variable B<OPENSSL_DEFAULT_ZLIB>
|
||||
+is present during the library initialization.
|
||||
+
|
||||
=head1 RETURN VALUES
|
||||
|
||||
SSL_COMP_add_compression_method() may return the following values:
|
||||
diff -up openssl-1.0.2a/ssl/ssl_ciph.c.env-zlib openssl-1.0.2a/ssl/ssl_ciph.c
|
||||
--- openssl-1.0.2a/ssl/ssl_ciph.c.env-zlib 2015-04-09 18:17:20.510637620 +0200
|
||||
+++ openssl-1.0.2a/ssl/ssl_ciph.c 2015-04-09 18:17:20.264631937 +0200
|
||||
@@ -140,6 +140,8 @@
|
||||
* OTHERWISE.
|
||||
*/
|
||||
|
||||
+/* for secure_getenv */
|
||||
+#define _GNU_SOURCE
|
||||
#include <stdio.h>
|
||||
#include <openssl/objects.h>
|
||||
#ifndef OPENSSL_NO_COMP
|
||||
@@ -450,7 +452,8 @@ static void load_builtin_compressions(vo
|
||||
|
||||
MemCheck_off();
|
||||
ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
|
||||
- if (ssl_comp_methods != NULL) {
|
||||
+ if (ssl_comp_methods != NULL
|
||||
+ && secure_getenv("OPENSSL_DEFAULT_ZLIB") != NULL) {
|
||||
comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
|
||||
if (comp != NULL) {
|
||||
comp->method = COMP_zlib();
|
@ -0,0 +1,21 @@
|
||||
diff -up openssl-1.0.2a/crypto/md5/md5_dgst.c.md5-allow openssl-1.0.2a/crypto/md5/md5_dgst.c
|
||||
--- openssl-1.0.2a/crypto/md5/md5_dgst.c.md5-allow 2015-04-09 18:18:36.505393113 +0200
|
||||
+++ openssl-1.0.2a/crypto/md5/md5_dgst.c 2015-04-09 18:18:32.408298469 +0200
|
||||
@@ -72,7 +72,16 @@ const char MD5_version[] = "MD5" OPENSSL
|
||||
#define INIT_DATA_C (unsigned long)0x98badcfeL
|
||||
#define INIT_DATA_D (unsigned long)0x10325476L
|
||||
|
||||
-nonfips_md_init(MD5)
|
||||
+int MD5_Init(MD5_CTX *c)
|
||||
+#ifdef OPENSSL_FIPS
|
||||
+{
|
||||
+ if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
|
||||
+ OpenSSLDie(__FILE__, __LINE__, "Digest MD5 forbidden in FIPS mode!");
|
||||
+ return private_MD5_Init(c);
|
||||
+}
|
||||
+
|
||||
+int private_MD5_Init(MD5_CTX *c)
|
||||
+#endif
|
||||
{
|
||||
memset(c, 0, sizeof(*c));
|
||||
c->A = INIT_DATA_A;
|
@ -0,0 +1,11 @@
|
||||
diff -up openssl-1.0.1k/crypto/x509/x509_cmp.c.issuer-hash openssl-1.0.1k/crypto/x509/x509_cmp.c
|
||||
--- openssl-1.0.1k/crypto/x509/x509_cmp.c.issuer-hash 2015-04-09 18:16:03.349855193 +0200
|
||||
+++ openssl-1.0.1k/crypto/x509/x509_cmp.c 2015-04-09 18:16:00.616792058 +0200
|
||||
@@ -86,6 +86,7 @@ unsigned long X509_issuer_and_serial_has
|
||||
char *f;
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
+ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
||||
f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0);
|
||||
if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
|
||||
goto err;
|
@ -0,0 +1,12 @@
|
||||
diff -up openssl-1.0.2a/Makefile.shared.no-rpath openssl-1.0.2a/Makefile.shared
|
||||
--- openssl-1.0.2a/Makefile.shared.no-rpath 2015-04-09 18:14:39.647921663 +0200
|
||||
+++ openssl-1.0.2a/Makefile.shared 2015-04-09 18:14:34.423800985 +0200
|
||||
@@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
|
||||
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
|
||||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
|
||||
|
||||
-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
|
||||
+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
|
||||
|
||||
#This is rather special. It's a special target with which one can link
|
||||
#applications without bothering with any features that have anything to
|
@ -0,0 +1,198 @@
|
||||
diff -up openssl-1.0.2a/engines/e_padlock.c.padlock64 openssl-1.0.2a/engines/e_padlock.c
|
||||
--- openssl-1.0.2a/engines/e_padlock.c.padlock64 2015-03-19 14:19:00.000000000 +0100
|
||||
+++ openssl-1.0.2a/engines/e_padlock.c 2015-04-22 16:23:44.105617468 +0200
|
||||
@@ -101,7 +101,10 @@
|
||||
*/
|
||||
# undef COMPILE_HW_PADLOCK
|
||||
# if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)
|
||||
-# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
|
||||
+# if (defined(__GNUC__) && __GNUC__>=2 && \
|
||||
+ (defined(__i386__) || defined(__i386) || \
|
||||
+ defined(__x86_64__) || defined(__x86_64)) \
|
||||
+ ) || \
|
||||
(defined(_MSC_VER) && defined(_M_IX86))
|
||||
# define COMPILE_HW_PADLOCK
|
||||
# endif
|
||||
@@ -140,7 +143,7 @@ void ENGINE_load_padlock(void)
|
||||
# endif
|
||||
# elif defined(__GNUC__)
|
||||
# ifndef alloca
|
||||
-# define alloca(s) __builtin_alloca(s)
|
||||
+# define alloca(s) __builtin_alloca((s))
|
||||
# endif
|
||||
# endif
|
||||
|
||||
@@ -303,6 +306,7 @@ static volatile struct padlock_cipher_da
|
||||
* =======================================================
|
||||
*/
|
||||
# if defined(__GNUC__) && __GNUC__>=2
|
||||
+# if defined(__i386__) || defined(__i386)
|
||||
/*
|
||||
* As for excessive "push %ebx"/"pop %ebx" found all over.
|
||||
* When generating position-independent code GCC won't let
|
||||
@@ -379,22 +383,6 @@ static int padlock_available(void)
|
||||
return padlock_use_ace + padlock_use_rng;
|
||||
}
|
||||
|
||||
-# ifndef OPENSSL_NO_AES
|
||||
-# ifndef AES_ASM
|
||||
-/* Our own htonl()/ntohl() */
|
||||
-static inline void padlock_bswapl(AES_KEY *ks)
|
||||
-{
|
||||
- size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]);
|
||||
- unsigned int *key = ks->rd_key;
|
||||
-
|
||||
- while (i--) {
|
||||
- asm volatile ("bswapl %0":"+r" (*key));
|
||||
- key++;
|
||||
- }
|
||||
-}
|
||||
-# endif
|
||||
-# endif
|
||||
-
|
||||
/*
|
||||
* Force key reload from memory to the CPU microcode. Loading EFLAGS from the
|
||||
* stack clears EFLAGS[30] which does the trick.
|
||||
@@ -404,7 +392,7 @@ static inline void padlock_reload_key(vo
|
||||
asm volatile ("pushfl; popfl");
|
||||
}
|
||||
|
||||
-# ifndef OPENSSL_NO_AES
|
||||
+# ifndef OPENSSL_NO_AES
|
||||
/*
|
||||
* This is heuristic key context tracing. At first one
|
||||
* believes that one should use atomic swap instructions,
|
||||
@@ -448,6 +436,101 @@ static inline void *name(size_t cnt,
|
||||
: "edx", "cc", "memory"); \
|
||||
return iv; \
|
||||
}
|
||||
+# endif
|
||||
+
|
||||
+# elif defined(__x86_64__) || defined(__x86_64)
|
||||
+
|
||||
+/* Load supported features of the CPU to see if
|
||||
+ the PadLock is available. */
|
||||
+static int padlock_available(void)
|
||||
+{
|
||||
+ char vendor_string[16];
|
||||
+ unsigned int eax, edx;
|
||||
+
|
||||
+ /* Are we running on the Centaur (VIA) CPU? */
|
||||
+ eax = 0x00000000;
|
||||
+ vendor_string[12] = 0;
|
||||
+ asm volatile ("cpuid\n"
|
||||
+ "movl %%ebx,(%1)\n"
|
||||
+ "movl %%edx,4(%1)\n"
|
||||
+ "movl %%ecx,8(%1)\n":"+a" (eax):"r"(vendor_string):"rbx",
|
||||
+ "rcx", "rdx");
|
||||
+ if (strcmp(vendor_string, "CentaurHauls") != 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ /* Check for Centaur Extended Feature Flags presence */
|
||||
+ eax = 0xC0000000;
|
||||
+ asm volatile ("cpuid":"+a" (eax)::"rbx", "rcx", "rdx");
|
||||
+ if (eax < 0xC0000001)
|
||||
+ return 0;
|
||||
+
|
||||
+ /* Read the Centaur Extended Feature Flags */
|
||||
+ eax = 0xC0000001;
|
||||
+ asm volatile ("cpuid":"+a" (eax), "=d"(edx)::"rbx", "rcx");
|
||||
+
|
||||
+ /* Fill up some flags */
|
||||
+ padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6));
|
||||
+ padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2));
|
||||
+
|
||||
+ return padlock_use_ace + padlock_use_rng;
|
||||
+}
|
||||
+
|
||||
+/* Force key reload from memory to the CPU microcode.
|
||||
+ Loading EFLAGS from the stack clears EFLAGS[30]
|
||||
+ which does the trick. */
|
||||
+static inline void padlock_reload_key(void)
|
||||
+{
|
||||
+ asm volatile ("pushfq; popfq");
|
||||
+}
|
||||
+
|
||||
+# ifndef OPENSSL_NO_AES
|
||||
+/*
|
||||
+ * This is heuristic key context tracing. At first one
|
||||
+ * believes that one should use atomic swap instructions,
|
||||
+ * but it's not actually necessary. Point is that if
|
||||
+ * padlock_saved_context was changed by another thread
|
||||
+ * after we've read it and before we compare it with cdata,
|
||||
+ * our key *shall* be reloaded upon thread context switch
|
||||
+ * and we are therefore set in either case...
|
||||
+ */
|
||||
+static inline void padlock_verify_context(struct padlock_cipher_data *cdata)
|
||||
+{
|
||||
+ asm volatile ("pushfq\n"
|
||||
+ " btl $30,(%%rsp)\n"
|
||||
+ " jnc 1f\n"
|
||||
+ " cmpq %2,%1\n"
|
||||
+ " je 1f\n"
|
||||
+ " popfq\n"
|
||||
+ " subq $8,%%rsp\n"
|
||||
+ "1: addq $8,%%rsp\n"
|
||||
+ " movq %2,%0":"+m" (padlock_saved_context)
|
||||
+ :"r"(padlock_saved_context), "r"(cdata):"cc");
|
||||
+}
|
||||
+
|
||||
+/* Template for padlock_xcrypt_* modes */
|
||||
+/* BIG FAT WARNING:
|
||||
+ * The offsets used with 'leal' instructions
|
||||
+ * describe items of the 'padlock_cipher_data'
|
||||
+ * structure.
|
||||
+ */
|
||||
+# define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \
|
||||
+static inline void *name(size_t cnt, \
|
||||
+ struct padlock_cipher_data *cdata, \
|
||||
+ void *out, const void *inp) \
|
||||
+{ void *iv; \
|
||||
+ asm volatile ( "leaq 16(%0),%%rdx\n" \
|
||||
+ " leaq 32(%0),%%rbx\n" \
|
||||
+ rep_xcrypt "\n" \
|
||||
+ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \
|
||||
+ : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \
|
||||
+ : "rbx", "rdx", "cc", "memory"); \
|
||||
+ return iv; \
|
||||
+}
|
||||
+# endif
|
||||
+
|
||||
+# endif /* cpu */
|
||||
+
|
||||
+# ifndef OPENSSL_NO_AES
|
||||
|
||||
/* Generate all functions with appropriate opcodes */
|
||||
/* rep xcryptecb */
|
||||
@@ -458,6 +541,20 @@ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, "
|
||||
PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0")
|
||||
/* rep xcryptofb */
|
||||
PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8")
|
||||
+
|
||||
+# ifndef AES_ASM
|
||||
+/* Our own htonl()/ntohl() */
|
||||
+static inline void padlock_bswapl(AES_KEY *ks)
|
||||
+{
|
||||
+ size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]);
|
||||
+ unsigned int *key = ks->rd_key;
|
||||
+
|
||||
+ while (i--) {
|
||||
+ asm volatile ("bswapl %0":"+r" (*key));
|
||||
+ key++;
|
||||
+ }
|
||||
+}
|
||||
+# endif
|
||||
# endif
|
||||
/* The RNG call itself */
|
||||
static inline unsigned int padlock_xstore(void *addr, unsigned int edx_in)
|
||||
@@ -485,8 +582,8 @@ static inline unsigned int padlock_xstor
|
||||
static inline unsigned char *padlock_memcpy(void *dst, const void *src,
|
||||
size_t n)
|
||||
{
|
||||
- long *d = dst;
|
||||
- const long *s = src;
|
||||
+ size_t *d = dst;
|
||||
+ const size_t *s = src;
|
||||
|
||||
n /= sizeof(*d);
|
||||
do {
|
@ -0,0 +1,50 @@
|
||||
diff -up openssl-1.0.2a/README.warning openssl-1.0.2a/README
|
||||
--- openssl-1.0.2a/README.warning 2015-03-20 16:00:47.000000000 +0100
|
||||
+++ openssl-1.0.2a/README 2015-03-21 09:06:11.000000000 +0100
|
||||
@@ -5,6 +5,46 @@
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
All rights reserved.
|
||||
|
||||
+ WARNING
|
||||
+ -------
|
||||
+
|
||||
+ This version of OpenSSL is built in a way that supports operation in
|
||||
+ the so called FIPS mode. Note though that the library as we build it
|
||||
+ is not FIPS 140-2 validated and the FIPS mode is present for testing
|
||||
+ purposes only.
|
||||
+
|
||||
+ This version also contains a few differences from the upstream code
|
||||
+ some of which are:
|
||||
+ * The FIPS validation support is significantly different from the
|
||||
+ upstream FIPS support. For example the FIPS integrity verification
|
||||
+ check is implemented differently as the FIPS module is built inside
|
||||
+ the shared library. The HMAC-SHA256 checksums of the whole shared
|
||||
+ libraries are verified. Also note that the FIPS integrity
|
||||
+ verification check requires that the libcrypto and libssl shared
|
||||
+ library files are unmodified which means that it will fail if these
|
||||
+ files are changed for example by prelink.
|
||||
+ * If the file /etc/system-fips is present the integrity verification
|
||||
+ and selftests of the crypto algorithms are run inside the library
|
||||
+ constructor code.
|
||||
+ * With the /etc/system-fips present the module respects the kernel
|
||||
+ FIPS flag /proc/sys/crypto/fips and tries to initialize the FIPS mode
|
||||
+ if it is set to 1 aborting if the FIPS mode could not be initialized.
|
||||
+ With the /etc/system-fips present it is also possible to force the
|
||||
+ OpenSSL library to FIPS mode especially for debugging purposes by
|
||||
+ setting the environment variable OPENSSL_FORCE_FIPS_MODE.
|
||||
+ * If the environment variable OPENSSL_NO_DEFAULT_ZLIB is set the module
|
||||
+ will not automatically load the built in compression method ZLIB
|
||||
+ when initialized. Applications can still explicitely ask for ZLIB
|
||||
+ compression method.
|
||||
+ * The library was patched so the certificates, CRLs and other objects
|
||||
+ signed with use of MD5 fail verification as the MD5 is too insecure
|
||||
+ to be used for signatures. If the environment variable
|
||||
+ OPENSSL_ENABLE_MD5_VERIFY is set, the verification can proceed
|
||||
+ normally.
|
||||
+ * If the OPENSSL_ENFORCE_MODULUS_BITS environment variable is set,
|
||||
+ the library will not allow generation of DSA and RSA keys with
|
||||
+ other lengths than specified in the FIPS 186-4 standard.
|
||||
+
|
||||
DESCRIPTION
|
||||
-----------
|
||||
|
@ -0,0 +1,21 @@
|
||||
diff -up openssl-1.0.2a/ssl/ssltest.c.use-localhost openssl-1.0.2a/ssl/ssltest.c
|
||||
--- openssl-1.0.2a/ssl/ssltest.c.use-localhost 2015-04-20 14:43:07.172601663 +0200
|
||||
+++ openssl-1.0.2a/ssl/ssltest.c 2015-04-20 14:45:02.831299849 +0200
|
||||
@@ -1516,16 +1516,7 @@ int main(int argc, char *argv[])
|
||||
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if (c_ssl && c_ssl->kssl_ctx) {
|
||||
- char localhost[MAXHOSTNAMELEN + 2];
|
||||
-
|
||||
- if (gethostname(localhost, sizeof localhost - 1) == 0) {
|
||||
- localhost[sizeof localhost - 1] = '\0';
|
||||
- if (strlen(localhost) == sizeof localhost - 1) {
|
||||
- BIO_printf(bio_err, "localhost name too long\n");
|
||||
- goto end;
|
||||
- }
|
||||
- kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost);
|
||||
- }
|
||||
+ kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, "localhost");
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
|
@ -0,0 +1,47 @@
|
||||
diff -up openssl-1.0.2a/apps/version.c.version-add-engines openssl-1.0.2a/apps/version.c
|
||||
--- openssl-1.0.2a/apps/version.c.version-add-engines 2015-04-09 18:16:42.345756005 +0200
|
||||
+++ openssl-1.0.2a/apps/version.c 2015-04-09 18:16:36.573622667 +0200
|
||||
@@ -131,6 +131,7 @@
|
||||
#ifndef OPENSSL_NO_BF
|
||||
# include <openssl/blowfish.h>
|
||||
#endif
|
||||
+#include <openssl/engine.h>
|
||||
|
||||
#undef PROG
|
||||
#define PROG version_main
|
||||
@@ -140,7 +141,8 @@ int MAIN(int, char **);
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
int i, ret = 0;
|
||||
- int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
|
||||
+ int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir =
|
||||
+ 0, engines = 0;
|
||||
|
||||
apps_startup();
|
||||
|
||||
@@ -164,7 +166,7 @@ int MAIN(int argc, char **argv)
|
||||
else if (strcmp(argv[i], "-d") == 0)
|
||||
dir = 1;
|
||||
else if (strcmp(argv[i], "-a") == 0)
|
||||
- date = version = cflags = options = platform = dir = 1;
|
||||
+ date = version = cflags = options = platform = dir = engines = 1;
|
||||
else {
|
||||
BIO_printf(bio_err, "usage:version -[avbofpd]\n");
|
||||
ret = 1;
|
||||
@@ -208,6 +210,16 @@ int MAIN(int argc, char **argv)
|
||||
printf("%s\n", SSLeay_version(SSLEAY_CFLAGS));
|
||||
if (dir)
|
||||
printf("%s\n", SSLeay_version(SSLEAY_DIR));
|
||||
+ if (engines) {
|
||||
+ ENGINE *e;
|
||||
+ printf("engines: ");
|
||||
+ e = ENGINE_get_first();
|
||||
+ while (e) {
|
||||
+ printf("%s ", ENGINE_get_id(e));
|
||||
+ e = ENGINE_get_next(e);
|
||||
+ }
|
||||
+ printf("\n");
|
||||
+ }
|
||||
end:
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
@ -0,0 +1,28 @@
|
||||
diff -up openssl-1.0.2a/crypto/x509/by_file.c.x509 openssl-1.0.2a/crypto/x509/by_file.c
|
||||
--- openssl-1.0.2a/crypto/x509/by_file.c.x509 2015-04-09 18:16:29.365456157 +0200
|
||||
+++ openssl-1.0.2a/crypto/x509/by_file.c 2015-04-09 18:16:26.398387618 +0200
|
||||
@@ -152,9 +152,12 @@ int X509_load_cert_file(X509_LOOKUP *ctx
|
||||
}
|
||||
}
|
||||
i = X509_STORE_add_cert(ctx->store_ctx, x);
|
||||
- if (!i)
|
||||
- goto err;
|
||||
- count++;
|
||||
+ /* ignore any problems with current certificate
|
||||
+ and continue with the next one */
|
||||
+ if (i)
|
||||
+ count++;
|
||||
+ else
|
||||
+ ERR_clear_error();
|
||||
X509_free(x);
|
||||
x = NULL;
|
||||
}
|
||||
@@ -167,7 +170,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx
|
||||
}
|
||||
i = X509_STORE_add_cert(ctx->store_ctx, x);
|
||||
if (!i)
|
||||
- goto err;
|
||||
+ ERR_clear_error();
|
||||
ret = i;
|
||||
} else {
|
||||
X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE);
|
@ -0,0 +1,63 @@
|
||||
diff -up openssl-1.0.2c/apps/s_server.c.default-paths openssl-1.0.2c/apps/s_server.c
|
||||
--- openssl-1.0.2c/apps/s_server.c.default-paths 2015-06-12 16:51:21.000000000 +0200
|
||||
+++ openssl-1.0.2c/apps/s_server.c 2015-06-15 17:24:17.747446515 +0200
|
||||
@@ -1788,12 +1788,16 @@ int MAIN(int argc, char *argv[])
|
||||
}
|
||||
#endif
|
||||
|
||||
- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
|
||||
- (!SSL_CTX_set_default_verify_paths(ctx))) {
|
||||
- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
|
||||
- ERR_print_errors(bio_err);
|
||||
- /* goto end; */
|
||||
+ if (CAfile == NULL && CApath == NULL) {
|
||||
+ if (!SSL_CTX_set_default_verify_paths(ctx)) {
|
||||
+ ERR_print_errors(bio_err);
|
||||
+ }
|
||||
+ } else {
|
||||
+ if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
|
||||
+ ERR_print_errors(bio_err);
|
||||
+ }
|
||||
}
|
||||
+
|
||||
if (vpm)
|
||||
SSL_CTX_set1_param(ctx, vpm);
|
||||
|
||||
@@ -1850,8 +1854,10 @@ int MAIN(int argc, char *argv[])
|
||||
else
|
||||
SSL_CTX_sess_set_cache_size(ctx2, 128);
|
||||
|
||||
- if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
|
||||
- (!SSL_CTX_set_default_verify_paths(ctx2))) {
|
||||
+ if (!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) {
|
||||
+ ERR_print_errors(bio_err);
|
||||
+ }
|
||||
+ if (!SSL_CTX_set_default_verify_paths(ctx2)) {
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
if (vpm)
|
||||
diff -up openssl-1.0.2c/apps/s_time.c.default-paths openssl-1.0.2c/apps/s_time.c
|
||||
--- openssl-1.0.2c/apps/s_time.c.default-paths 2015-06-12 16:51:21.000000000 +0200
|
||||
+++ openssl-1.0.2c/apps/s_time.c 2015-06-15 17:24:17.747446515 +0200
|
||||
@@ -381,13 +381,14 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
SSL_load_error_strings();
|
||||
|
||||
- if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) ||
|
||||
- (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
|
||||
- /*
|
||||
- * BIO_printf(bio_err,"error setting default verify locations\n");
|
||||
- */
|
||||
- ERR_print_errors(bio_err);
|
||||
- /* goto end; */
|
||||
+ if (CAfile == NULL && CApath == NULL) {
|
||||
+ if (!SSL_CTX_set_default_verify_paths(tm_ctx)) {
|
||||
+ ERR_print_errors(bio_err);
|
||||
+ }
|
||||
+ } else {
|
||||
+ if (!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) {
|
||||
+ ERR_print_errors(bio_err);
|
||||
+ }
|
||||
}
|
||||
|
||||
if (tm_cipher == NULL)
|
@ -0,0 +1,195 @@
|
||||
diff -up openssl-1.0.2c/apps/speed.c.suiteb openssl-1.0.2c/apps/speed.c
|
||||
--- openssl-1.0.2c/apps/speed.c.suiteb 2015-06-15 17:37:06.285083685 +0200
|
||||
+++ openssl-1.0.2c/apps/speed.c 2015-06-15 17:37:06.335084836 +0200
|
||||
@@ -996,78 +996,26 @@ int MAIN(int argc, char **argv)
|
||||
} else
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_ECDSA
|
||||
- if (strcmp(*argv, "ecdsap160") == 0)
|
||||
- ecdsa_doit[R_EC_P160] = 2;
|
||||
- else if (strcmp(*argv, "ecdsap192") == 0)
|
||||
- ecdsa_doit[R_EC_P192] = 2;
|
||||
- else if (strcmp(*argv, "ecdsap224") == 0)
|
||||
- ecdsa_doit[R_EC_P224] = 2;
|
||||
- else if (strcmp(*argv, "ecdsap256") == 0)
|
||||
+ if (strcmp(*argv, "ecdsap256") == 0)
|
||||
ecdsa_doit[R_EC_P256] = 2;
|
||||
else if (strcmp(*argv, "ecdsap384") == 0)
|
||||
ecdsa_doit[R_EC_P384] = 2;
|
||||
else if (strcmp(*argv, "ecdsap521") == 0)
|
||||
ecdsa_doit[R_EC_P521] = 2;
|
||||
- else if (strcmp(*argv, "ecdsak163") == 0)
|
||||
- ecdsa_doit[R_EC_K163] = 2;
|
||||
- else if (strcmp(*argv, "ecdsak233") == 0)
|
||||
- ecdsa_doit[R_EC_K233] = 2;
|
||||
- else if (strcmp(*argv, "ecdsak283") == 0)
|
||||
- ecdsa_doit[R_EC_K283] = 2;
|
||||
- else if (strcmp(*argv, "ecdsak409") == 0)
|
||||
- ecdsa_doit[R_EC_K409] = 2;
|
||||
- else if (strcmp(*argv, "ecdsak571") == 0)
|
||||
- ecdsa_doit[R_EC_K571] = 2;
|
||||
- else if (strcmp(*argv, "ecdsab163") == 0)
|
||||
- ecdsa_doit[R_EC_B163] = 2;
|
||||
- else if (strcmp(*argv, "ecdsab233") == 0)
|
||||
- ecdsa_doit[R_EC_B233] = 2;
|
||||
- else if (strcmp(*argv, "ecdsab283") == 0)
|
||||
- ecdsa_doit[R_EC_B283] = 2;
|
||||
- else if (strcmp(*argv, "ecdsab409") == 0)
|
||||
- ecdsa_doit[R_EC_B409] = 2;
|
||||
- else if (strcmp(*argv, "ecdsab571") == 0)
|
||||
- ecdsa_doit[R_EC_B571] = 2;
|
||||
else if (strcmp(*argv, "ecdsa") == 0) {
|
||||
- for (i = 0; i < EC_NUM; i++)
|
||||
+ for (i = R_EC_P256; i <= R_EC_P521; i++)
|
||||
ecdsa_doit[i] = 1;
|
||||
} else
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_ECDH
|
||||
- if (strcmp(*argv, "ecdhp160") == 0)
|
||||
- ecdh_doit[R_EC_P160] = 2;
|
||||
- else if (strcmp(*argv, "ecdhp192") == 0)
|
||||
- ecdh_doit[R_EC_P192] = 2;
|
||||
- else if (strcmp(*argv, "ecdhp224") == 0)
|
||||
- ecdh_doit[R_EC_P224] = 2;
|
||||
- else if (strcmp(*argv, "ecdhp256") == 0)
|
||||
+ if (strcmp(*argv, "ecdhp256") == 0)
|
||||
ecdh_doit[R_EC_P256] = 2;
|
||||
else if (strcmp(*argv, "ecdhp384") == 0)
|
||||
ecdh_doit[R_EC_P384] = 2;
|
||||
else if (strcmp(*argv, "ecdhp521") == 0)
|
||||
ecdh_doit[R_EC_P521] = 2;
|
||||
- else if (strcmp(*argv, "ecdhk163") == 0)
|
||||
- ecdh_doit[R_EC_K163] = 2;
|
||||
- else if (strcmp(*argv, "ecdhk233") == 0)
|
||||
- ecdh_doit[R_EC_K233] = 2;
|
||||
- else if (strcmp(*argv, "ecdhk283") == 0)
|
||||
- ecdh_doit[R_EC_K283] = 2;
|
||||
- else if (strcmp(*argv, "ecdhk409") == 0)
|
||||
- ecdh_doit[R_EC_K409] = 2;
|
||||
- else if (strcmp(*argv, "ecdhk571") == 0)
|
||||
- ecdh_doit[R_EC_K571] = 2;
|
||||
- else if (strcmp(*argv, "ecdhb163") == 0)
|
||||
- ecdh_doit[R_EC_B163] = 2;
|
||||
- else if (strcmp(*argv, "ecdhb233") == 0)
|
||||
- ecdh_doit[R_EC_B233] = 2;
|
||||
- else if (strcmp(*argv, "ecdhb283") == 0)
|
||||
- ecdh_doit[R_EC_B283] = 2;
|
||||
- else if (strcmp(*argv, "ecdhb409") == 0)
|
||||
- ecdh_doit[R_EC_B409] = 2;
|
||||
- else if (strcmp(*argv, "ecdhb571") == 0)
|
||||
- ecdh_doit[R_EC_B571] = 2;
|
||||
else if (strcmp(*argv, "ecdh") == 0) {
|
||||
- for (i = 0; i < EC_NUM; i++)
|
||||
+ for (i = R_EC_P256; i <= R_EC_P521; i++)
|
||||
ecdh_doit[i] = 1;
|
||||
} else
|
||||
# endif
|
||||
@@ -1156,21 +1104,11 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n");
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_ECDSA
|
||||
- BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
|
||||
- "ecdsap256 ecdsap384 ecdsap521\n");
|
||||
- BIO_printf(bio_err,
|
||||
- "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
|
||||
- BIO_printf(bio_err,
|
||||
- "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
|
||||
+ BIO_printf(bio_err, "ecdsap256 ecdsap384 ecdsap521\n");
|
||||
BIO_printf(bio_err, "ecdsa\n");
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_ECDH
|
||||
- BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 "
|
||||
- "ecdhp256 ecdhp384 ecdhp521\n");
|
||||
- BIO_printf(bio_err,
|
||||
- "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
|
||||
- BIO_printf(bio_err,
|
||||
- "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
|
||||
+ BIO_printf(bio_err, "ecdhp256 ecdhp384 ecdhp521\n");
|
||||
BIO_printf(bio_err, "ecdh\n");
|
||||
# endif
|
||||
|
||||
@@ -1255,11 +1193,11 @@ int MAIN(int argc, char **argv)
|
||||
if (!FIPS_mode() || i != R_DSA_512)
|
||||
dsa_doit[i] = 1;
|
||||
# ifndef OPENSSL_NO_ECDSA
|
||||
- for (i = 0; i < EC_NUM; i++)
|
||||
+ for (i = R_EC_P256; i <= R_EC_P521; i++)
|
||||
ecdsa_doit[i] = 1;
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_ECDH
|
||||
- for (i = 0; i < EC_NUM; i++)
|
||||
+ for (i = R_EC_P256; i <= R_EC_P521; i++)
|
||||
ecdh_doit[i] = 1;
|
||||
# endif
|
||||
}
|
||||
diff -up openssl-1.0.2c/ssl/t1_lib.c.suiteb openssl-1.0.2c/ssl/t1_lib.c
|
||||
--- openssl-1.0.2c/ssl/t1_lib.c.suiteb 2015-06-12 16:51:27.000000000 +0200
|
||||
+++ openssl-1.0.2c/ssl/t1_lib.c 2015-06-15 17:44:03.578681271 +0200
|
||||
@@ -268,11 +268,7 @@ static const unsigned char eccurves_auto
|
||||
0, 23, /* secp256r1 (23) */
|
||||
/* Other >= 256-bit prime curves. */
|
||||
0, 25, /* secp521r1 (25) */
|
||||
- 0, 28, /* brainpool512r1 (28) */
|
||||
- 0, 27, /* brainpoolP384r1 (27) */
|
||||
0, 24, /* secp384r1 (24) */
|
||||
- 0, 26, /* brainpoolP256r1 (26) */
|
||||
- 0, 22, /* secp256k1 (22) */
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
/* >= 256-bit binary curves. */
|
||||
0, 14, /* sect571r1 (14) */
|
||||
@@ -289,11 +285,7 @@ static const unsigned char eccurves_all[
|
||||
0, 23, /* secp256r1 (23) */
|
||||
/* Other >= 256-bit prime curves. */
|
||||
0, 25, /* secp521r1 (25) */
|
||||
- 0, 28, /* brainpool512r1 (28) */
|
||||
- 0, 27, /* brainpoolP384r1 (27) */
|
||||
0, 24, /* secp384r1 (24) */
|
||||
- 0, 26, /* brainpoolP256r1 (26) */
|
||||
- 0, 22, /* secp256k1 (22) */
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
/* >= 256-bit binary curves. */
|
||||
0, 14, /* sect571r1 (14) */
|
||||
@@ -307,13 +299,6 @@ static const unsigned char eccurves_all[
|
||||
* Remaining curves disabled by default but still permitted if set
|
||||
* via an explicit callback or parameters.
|
||||
*/
|
||||
- 0, 20, /* secp224k1 (20) */
|
||||
- 0, 21, /* secp224r1 (21) */
|
||||
- 0, 18, /* secp192k1 (18) */
|
||||
- 0, 19, /* secp192r1 (19) */
|
||||
- 0, 15, /* secp160k1 (15) */
|
||||
- 0, 16, /* secp160r1 (16) */
|
||||
- 0, 17, /* secp160r2 (17) */
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
0, 8, /* sect239k1 (8) */
|
||||
0, 6, /* sect233k1 (6) */
|
||||
@@ -348,29 +333,21 @@ static const unsigned char fips_curves_d
|
||||
0, 9, /* sect283k1 (9) */
|
||||
0, 10, /* sect283r1 (10) */
|
||||
# endif
|
||||
- 0, 22, /* secp256k1 (22) */
|
||||
0, 23, /* secp256r1 (23) */
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
0, 8, /* sect239k1 (8) */
|
||||
0, 6, /* sect233k1 (6) */
|
||||
0, 7, /* sect233r1 (7) */
|
||||
# endif
|
||||
- 0, 20, /* secp224k1 (20) */
|
||||
- 0, 21, /* secp224r1 (21) */
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
0, 4, /* sect193r1 (4) */
|
||||
0, 5, /* sect193r2 (5) */
|
||||
# endif
|
||||
- 0, 18, /* secp192k1 (18) */
|
||||
- 0, 19, /* secp192r1 (19) */
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
0, 1, /* sect163k1 (1) */
|
||||
0, 2, /* sect163r1 (2) */
|
||||
0, 3, /* sect163r2 (3) */
|
||||
# endif
|
||||
- 0, 15, /* secp160k1 (15) */
|
||||
- 0, 16, /* secp160r1 (16) */
|
||||
- 0, 17, /* secp160r2 (17) */
|
||||
};
|
||||
# endif
|
||||
|
@ -0,0 +1,82 @@
|
||||
diff -up openssl-1.0.2d/crypto/ec/ec_curve.c.secp256k1 openssl-1.0.2d/crypto/ec/ec_curve.c
|
||||
--- openssl-1.0.2d/crypto/ec/ec_curve.c.secp256k1 2015-08-12 14:55:15.203415420 -0400
|
||||
+++ openssl-1.0.2d/crypto/ec/ec_curve.c 2015-08-12 15:07:12.659113262 -0400
|
||||
@@ -86,6 +86,42 @@ typedef struct {
|
||||
unsigned int cofactor; /* promoted to BN_ULONG */
|
||||
} EC_CURVE_DATA;
|
||||
|
||||
+static const struct {
|
||||
+ EC_CURVE_DATA h;
|
||||
+ unsigned char data[0 + 32 * 6];
|
||||
+} _EC_SECG_PRIME_256K1 = {
|
||||
+ {
|
||||
+ NID_X9_62_prime_field, 0, 32, 1
|
||||
+ },
|
||||
+ {
|
||||
+ /* no seed */
|
||||
+ /* p */
|
||||
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
+ 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
|
||||
+ /* a */
|
||||
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
+ /* b */
|
||||
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
|
||||
+ /* x */
|
||||
+ 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95,
|
||||
+ 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9,
|
||||
+ 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98,
|
||||
+ /* y */
|
||||
+ 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc,
|
||||
+ 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19,
|
||||
+ 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8,
|
||||
+ /* order */
|
||||
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
+ 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
|
||||
+ 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
|
||||
+ }
|
||||
+};
|
||||
+
|
||||
/* the nist prime curves */
|
||||
static const struct {
|
||||
EC_CURVE_DATA h;
|
||||
@@ -235,6 +271,8 @@ typedef struct _ec_list_element_st {
|
||||
static const ec_list_element curve_list[] = {
|
||||
/* prime field curves */
|
||||
/* secg curves */
|
||||
+ {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
|
||||
+ "SECG curve over a 256 bit prime field"},
|
||||
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
|
||||
{NID_secp384r1, &_EC_NIST_PRIME_384.h, 0,
|
||||
"NIST/SECG curve over a 384 bit prime field"},
|
||||
diff -up openssl-1.0.2d/ssl/t1_lib.c.secp256k1 openssl-1.0.2d/ssl/t1_lib.c
|
||||
--- openssl-1.0.2d/ssl/t1_lib.c.secp256k1 2015-08-12 15:04:42.876925441 -0400
|
||||
+++ openssl-1.0.2d/ssl/t1_lib.c 2015-08-12 15:04:47.837699822 -0400
|
||||
@@ -269,6 +269,7 @@ static const unsigned char eccurves_auto
|
||||
/* Other >= 256-bit prime curves. */
|
||||
0, 25, /* secp521r1 (25) */
|
||||
0, 24, /* secp384r1 (24) */
|
||||
+ 0, 22, /* secp256k1 (22) */
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
/* >= 256-bit binary curves. */
|
||||
0, 14, /* sect571r1 (14) */
|
||||
@@ -286,6 +287,7 @@ static const unsigned char eccurves_all[
|
||||
/* Other >= 256-bit prime curves. */
|
||||
0, 25, /* secp521r1 (25) */
|
||||
0, 24, /* secp384r1 (24) */
|
||||
+ 0, 22, /* secp256k1 (22) */
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
/* >= 256-bit binary curves. */
|
||||
0, 14, /* sect571r1 (14) */
|
||||
@@ -333,6 +335,7 @@ static const unsigned char fips_curves_d
|
||||
0, 9, /* sect283k1 (9) */
|
||||
0, 10, /* sect283r1 (10) */
|
||||
# endif
|
||||
+ 0, 22, /* secp256k1 (22) */
|
||||
0, 23, /* secp256r1 (23) */
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
0, 8, /* sect239k1 (8) */
|
@ -0,0 +1,15 @@
|
||||
diff -up openssl-1.0.2e/crypto/ec/ec.h.nistp224 openssl-1.0.2e/crypto/ec/ec.h
|
||||
--- openssl-1.0.2e/crypto/ec/ec.h.nistp224 2015-12-04 14:00:57.000000000 +0100
|
||||
+++ openssl-1.0.2e/crypto/ec/ec.h 2015-12-08 15:51:37.046747916 +0100
|
||||
@@ -149,11 +149,6 @@ const EC_METHOD *EC_GFp_mont_method(void
|
||||
const EC_METHOD *EC_GFp_nist_method(void);
|
||||
|
||||
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
-/** Returns 64-bit optimized methods for nistp224
|
||||
- * \return EC_METHOD object
|
||||
- */
|
||||
-const EC_METHOD *EC_GFp_nistp224_method(void);
|
||||
-
|
||||
/** Returns 64-bit optimized methods for nistp256
|
||||
* \return EC_METHOD object
|
||||
*/
|
@ -0,0 +1,115 @@
|
||||
diff -up openssl-1.0.2e/Configure.rpmbuild openssl-1.0.2e/Configure
|
||||
--- openssl-1.0.2e/Configure.rpmbuild 2015-12-03 15:04:23.000000000 +0100
|
||||
+++ openssl-1.0.2e/Configure 2015-12-04 13:20:22.996835604 +0100
|
||||
@@ -365,8 +365,8 @@ my %table=(
|
||||
####
|
||||
# *-generic* is endian-neutral target, but ./config is free to
|
||||
# throw in -D[BL]_ENDIAN, whichever appropriate...
|
||||
-"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
-"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+"linux-generic32","gcc:-Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
+"linux-ppc", "gcc:-DB_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
|
||||
#######################################################################
|
||||
# Note that -march is not among compiler options in below linux-armv4
|
||||
@@ -395,31 +395,31 @@ my %table=(
|
||||
#
|
||||
# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
|
||||
#
|
||||
-"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
-"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+"linux-armv4", "gcc:-Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
+"linux-aarch64","gcc:-DL_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
|
||||
# Configure script adds minimally required -march for assembly support,
|
||||
# if no -march was specified at command line. mips32 and mips64 below
|
||||
# refer to contemporary MIPS Architecture specifications, MIPS32 and
|
||||
# MIPS64, rather than to kernel bitness.
|
||||
-"linux-mips32", "gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
-"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
|
||||
-"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
+"linux-mips32", "gcc:-mabi=32 -Wall \$(RPM_OPT_FLAGS) -DBN_DIV3W::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
+"linux-mips64", "gcc:-mabi=n32 -Wall \$(RPM_OPT_FLAGS) -DBN_DIV3W::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::32",
|
||||
+"linux64-mips64", "gcc:-mabi=64 -Wall \$(RPM_OPT_FLAGS) -DBN_DIV3W::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
|
||||
#### IA-32 targets...
|
||||
"linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
-"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+"linux-elf", "gcc:-DL_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
|
||||
####
|
||||
-"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
-"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
|
||||
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+"linux-generic64","gcc:-Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
|
||||
+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
|
||||
+"linux-ppc64le","gcc:-m64 -DL_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
|
||||
+"linux-ia64", "gcc:-DL_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
|
||||
"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
"debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
|
||||
-"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
+"linux64-s390x", "gcc:-m64 -DB_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
|
||||
#### So called "highgprs" target for z/Architecture CPUs
|
||||
# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
|
||||
# /proc/cpuinfo. The idea is to preserve most significant bits of
|
||||
@@ -437,12 +437,12 @@ my %table=(
|
||||
#### SPARC Linux setups
|
||||
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
|
||||
# assisted with debugging of following two configs.
|
||||
-"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
# it's a real mess with -mcpu=ultrasparc option under Linux, but
|
||||
# -Wa,-Av8plus should do the trick no matter what.
|
||||
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -Wall \$(RPM_OPT_FLAGS) -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
|
||||
# GCC 3.1 is a requirement
|
||||
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
|
||||
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
|
||||
#### Alpha Linux with GNU C and Compaq C setups
|
||||
# Special notes:
|
||||
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
|
||||
@@ -1767,7 +1767,7 @@ while (<IN>)
|
||||
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
|
||||
{
|
||||
my $sotmp = $1;
|
||||
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
|
||||
+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
|
||||
}
|
||||
elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
|
||||
{
|
||||
diff -up openssl-1.0.2e/Makefile.org.rpmbuild openssl-1.0.2e/Makefile.org
|
||||
--- openssl-1.0.2e/Makefile.org.rpmbuild 2015-12-03 15:04:23.000000000 +0100
|
||||
+++ openssl-1.0.2e/Makefile.org 2015-12-04 13:18:44.913538616 +0100
|
||||
@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
|
||||
SHLIB_MAJOR=
|
||||
SHLIB_MINOR=
|
||||
SHLIB_EXT=
|
||||
+SHLIB_SONAMEVER=10
|
||||
PLATFORM=dist
|
||||
OPTIONS=
|
||||
CONFIGURE_ARGS=
|
||||
@@ -341,10 +342,9 @@ clean-shared:
|
||||
link-shared:
|
||||
@ set -e; for i in $(SHLIBDIRS); do \
|
||||
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
|
||||
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
|
||||
+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
|
||||
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
|
||||
symlink.$(SHLIB_TARGET); \
|
||||
- libs="$$libs -l$$i"; \
|
||||
done
|
||||
|
||||
build-shared: do_$(SHLIB_TARGET) link-shared
|
||||
@@ -355,7 +355,7 @@ do_$(SHLIB_TARGET):
|
||||
libs="$(LIBKRB5) $$libs"; \
|
||||
fi; \
|
||||
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
|
||||
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
|
||||
+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
|
||||
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
|
||||
LIBDEPS="$$libs $(EX_LIBS)" \
|
||||
link_a.$(SHLIB_TARGET); \
|
@ -0,0 +1,58 @@
|
||||
diff -up openssl-1.0.2e/apps/speed.c.speed-doc openssl-1.0.2e/apps/speed.c
|
||||
--- openssl-1.0.2e/apps/speed.c.speed-doc 2015-12-04 14:00:58.000000000 +0100
|
||||
+++ openssl-1.0.2e/apps/speed.c 2016-01-15 14:15:56.482343557 +0100
|
||||
@@ -648,10 +648,6 @@ int MAIN(int argc, char **argv)
|
||||
# endif
|
||||
int multiblock = 0;
|
||||
|
||||
-# ifndef TIMES
|
||||
- usertime = -1;
|
||||
-# endif
|
||||
-
|
||||
apps_startup();
|
||||
memset(results, 0, sizeof(results));
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
@@ -1145,10 +1141,8 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
BIO_printf(bio_err, "\n");
|
||||
BIO_printf(bio_err, "Available options:\n");
|
||||
-# if defined(TIMES) || defined(USE_TOD)
|
||||
BIO_printf(bio_err, "-elapsed "
|
||||
"measure time in real time instead of CPU user time.\n");
|
||||
-# endif
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err,
|
||||
"-engine e "
|
||||
diff -up openssl-1.0.2e/doc/apps/speed.pod.speed-doc openssl-1.0.2e/doc/apps/speed.pod
|
||||
--- openssl-1.0.2e/doc/apps/speed.pod.speed-doc 2015-12-03 14:42:07.000000000 +0100
|
||||
+++ openssl-1.0.2e/doc/apps/speed.pod 2016-01-15 14:05:23.044222376 +0100
|
||||
@@ -8,6 +8,9 @@ speed - test library performance
|
||||
|
||||
B<openssl speed>
|
||||
[B<-engine id>]
|
||||
+[B<-elapsed>]
|
||||
+[B<-evp algo>]
|
||||
+[B<-decrypt>]
|
||||
[B<md2>]
|
||||
[B<mdc2>]
|
||||
[B<md5>]
|
||||
@@ -49,6 +52,19 @@ to attempt to obtain a functional refere
|
||||
thus initialising it if needed. The engine will then be set as the default
|
||||
for all available algorithms.
|
||||
|
||||
+=item B<-elapsed>
|
||||
+
|
||||
+Measure time in real time instead of CPU time. It can be useful when testing
|
||||
+speed of hardware engines.
|
||||
+
|
||||
+=item B<-evp algo>
|
||||
+
|
||||
+Use the specified cipher or message digest algorithm via the EVP interface.
|
||||
+
|
||||
+=item B<-decrypt>
|
||||
+
|
||||
+Time the decryption instead of encryption. Affects only the EVP testing.
|
||||
+
|
||||
=item B<[zero or more test algorithms]>
|
||||
|
||||
If any options are given, B<speed> tests those algorithms, otherwise all of
|
@ -0,0 +1,541 @@
|
||||
diff -up openssl-1.0.2e/crypto/evp/c_allc.c.wrap openssl-1.0.2e/crypto/evp/c_allc.c
|
||||
--- openssl-1.0.2e/crypto/evp/c_allc.c.wrap 2015-12-04 13:33:42.118550036 +0100
|
||||
+++ openssl-1.0.2e/crypto/evp/c_allc.c 2015-12-04 13:33:42.190551722 +0100
|
||||
@@ -179,6 +179,7 @@ void OpenSSL_add_all_ciphers(void)
|
||||
EVP_add_cipher(EVP_aes_128_xts());
|
||||
EVP_add_cipher(EVP_aes_128_ccm());
|
||||
EVP_add_cipher(EVP_aes_128_wrap());
|
||||
+ EVP_add_cipher(EVP_aes_128_wrap_pad());
|
||||
EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
|
||||
EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
|
||||
EVP_add_cipher(EVP_aes_192_ecb());
|
||||
@@ -191,6 +192,7 @@ void OpenSSL_add_all_ciphers(void)
|
||||
EVP_add_cipher(EVP_aes_192_gcm());
|
||||
EVP_add_cipher(EVP_aes_192_ccm());
|
||||
EVP_add_cipher(EVP_aes_192_wrap());
|
||||
+ EVP_add_cipher(EVP_aes_192_wrap_pad());
|
||||
EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
|
||||
EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
|
||||
EVP_add_cipher(EVP_aes_256_ecb());
|
||||
@@ -204,6 +206,7 @@ void OpenSSL_add_all_ciphers(void)
|
||||
EVP_add_cipher(EVP_aes_256_xts());
|
||||
EVP_add_cipher(EVP_aes_256_ccm());
|
||||
EVP_add_cipher(EVP_aes_256_wrap());
|
||||
+ EVP_add_cipher(EVP_aes_256_wrap_pad());
|
||||
EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
|
||||
EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
|
||||
# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
|
||||
@@ -258,6 +261,7 @@ void OpenSSL_add_all_ciphers(void)
|
||||
|
||||
EVP_add_cipher(EVP_des_ede());
|
||||
EVP_add_cipher(EVP_des_ede3());
|
||||
+ EVP_add_cipher(EVP_des_ede3_wrap());
|
||||
# endif
|
||||
|
||||
# ifndef OPENSSL_NO_AES
|
||||
@@ -272,6 +276,7 @@ void OpenSSL_add_all_ciphers(void)
|
||||
EVP_add_cipher(EVP_aes_128_xts());
|
||||
EVP_add_cipher(EVP_aes_128_ccm());
|
||||
EVP_add_cipher(EVP_aes_128_wrap());
|
||||
+ EVP_add_cipher(EVP_aes_128_wrap_pad());
|
||||
EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
|
||||
EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
|
||||
EVP_add_cipher(EVP_aes_192_ecb());
|
||||
@@ -284,6 +289,7 @@ void OpenSSL_add_all_ciphers(void)
|
||||
EVP_add_cipher(EVP_aes_192_gcm());
|
||||
EVP_add_cipher(EVP_aes_192_ccm());
|
||||
EVP_add_cipher(EVP_aes_192_wrap());
|
||||
+ EVP_add_cipher(EVP_aes_192_wrap_pad());
|
||||
EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
|
||||
EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
|
||||
EVP_add_cipher(EVP_aes_256_ecb());
|
||||
@@ -297,6 +303,7 @@ void OpenSSL_add_all_ciphers(void)
|
||||
EVP_add_cipher(EVP_aes_256_xts());
|
||||
EVP_add_cipher(EVP_aes_256_ccm());
|
||||
EVP_add_cipher(EVP_aes_256_wrap());
|
||||
+ EVP_add_cipher(EVP_aes_256_wrap_pad());
|
||||
EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
|
||||
EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
|
||||
# endif
|
||||
diff -up openssl-1.0.2e/crypto/evp/e_aes.c.wrap openssl-1.0.2e/crypto/evp/e_aes.c
|
||||
--- openssl-1.0.2e/crypto/evp/e_aes.c.wrap 2015-12-04 13:33:42.119550059 +0100
|
||||
+++ openssl-1.0.2e/crypto/evp/e_aes.c 2015-12-04 13:33:42.190551722 +0100
|
||||
@@ -1,5 +1,5 @@
|
||||
/* ====================================================================
|
||||
- * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.
|
||||
+ * Copyright (c) 2001-2014 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -1953,7 +1953,7 @@ static int aes_wrap_init_key(EVP_CIPHER_
|
||||
wctx->iv = NULL;
|
||||
}
|
||||
if (iv) {
|
||||
- memcpy(ctx->iv, iv, 8);
|
||||
+ memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
|
||||
wctx->iv = ctx->iv;
|
||||
}
|
||||
return 1;
|
||||
@@ -1964,30 +1964,57 @@ static int aes_wrap_cipher(EVP_CIPHER_CT
|
||||
{
|
||||
EVP_AES_WRAP_CTX *wctx = ctx->cipher_data;
|
||||
size_t rv;
|
||||
+ /* AES wrap with padding has IV length of 4, without padding 8 */
|
||||
+ int pad = EVP_CIPHER_CTX_iv_length(ctx) == 4;
|
||||
+ /* No final operation so always return zero length */
|
||||
if (!in)
|
||||
return 0;
|
||||
- if (inlen % 8)
|
||||
+ /* Input length must always be non-zero */
|
||||
+ if (!inlen)
|
||||
return -1;
|
||||
- if (ctx->encrypt && inlen < 8)
|
||||
+ /* If decrypting need at least 16 bytes and multiple of 8 */
|
||||
+ if (!ctx->encrypt && (inlen < 16 || inlen & 0x7))
|
||||
return -1;
|
||||
- if (!ctx->encrypt && inlen < 16)
|
||||
+ /* If not padding input must be multiple of 8 */
|
||||
+ if (!pad && inlen & 0x7)
|
||||
return -1;
|
||||
if (!out) {
|
||||
- if (ctx->encrypt)
|
||||
+ if (ctx->encrypt) {
|
||||
+ /* If padding round up to multiple of 8 */
|
||||
+ if (pad)
|
||||
+ inlen = (inlen + 7) / 8 * 8;
|
||||
+ /* 8 byte prefix */
|
||||
return inlen + 8;
|
||||
- else
|
||||
+ } else {
|
||||
+ /* If not padding output will be exactly 8 bytes
|
||||
+ * smaller than input. If padding it will be at
|
||||
+ * least 8 bytes smaller but we don't know how
|
||||
+ * much.
|
||||
+ */
|
||||
return inlen - 8;
|
||||
}
|
||||
+ }
|
||||
+ if (pad) {
|
||||
if (ctx->encrypt)
|
||||
- rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, out, in, inlen,
|
||||
+ rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv,
|
||||
+ out, in, inlen,
|
||||
(block128_f) AES_encrypt);
|
||||
else
|
||||
- rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, out, in, inlen,
|
||||
+ rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv,
|
||||
+ out, in, inlen,
|
||||
(block128_f) AES_decrypt);
|
||||
+ } else {
|
||||
+ if (ctx->encrypt)
|
||||
+ rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv,
|
||||
+ out, in, inlen, (block128_f) AES_encrypt);
|
||||
+ else
|
||||
+ rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv,
|
||||
+ out, in, inlen, (block128_f) AES_decrypt);
|
||||
+ }
|
||||
return rv ? (int)rv : -1;
|
||||
}
|
||||
|
||||
-#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE \
|
||||
+# define WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_FLAG_FIPS \
|
||||
| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
|
||||
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
|
||||
|
||||
@@ -2032,3 +2059,45 @@ const EVP_CIPHER *EVP_aes_256_wrap(void)
|
||||
{
|
||||
return &aes_256_wrap;
|
||||
}
|
||||
+
|
||||
+static const EVP_CIPHER aes_128_wrap_pad = {
|
||||
+ NID_id_aes128_wrap_pad,
|
||||
+ 8, 16, 4, WRAP_FLAGS,
|
||||
+ aes_wrap_init_key, aes_wrap_cipher,
|
||||
+ NULL,
|
||||
+ sizeof(EVP_AES_WRAP_CTX),
|
||||
+ NULL, NULL, NULL, NULL
|
||||
+};
|
||||
+
|
||||
+const EVP_CIPHER *EVP_aes_128_wrap_pad(void)
|
||||
+{
|
||||
+ return &aes_128_wrap_pad;
|
||||
+}
|
||||
+
|
||||
+static const EVP_CIPHER aes_192_wrap_pad = {
|
||||
+ NID_id_aes192_wrap_pad,
|
||||
+ 8, 24, 4, WRAP_FLAGS,
|
||||
+ aes_wrap_init_key, aes_wrap_cipher,
|
||||
+ NULL,
|
||||
+ sizeof(EVP_AES_WRAP_CTX),
|
||||
+ NULL, NULL, NULL, NULL
|
||||
+};
|
||||
+
|
||||
+const EVP_CIPHER *EVP_aes_192_wrap_pad(void)
|
||||
+{
|
||||
+ return &aes_192_wrap_pad;
|
||||
+}
|
||||
+
|
||||
+static const EVP_CIPHER aes_256_wrap_pad = {
|
||||
+ NID_id_aes256_wrap_pad,
|
||||
+ 8, 32, 4, WRAP_FLAGS,
|
||||
+ aes_wrap_init_key, aes_wrap_cipher,
|
||||
+ NULL,
|
||||
+ sizeof(EVP_AES_WRAP_CTX),
|
||||
+ NULL, NULL, NULL, NULL
|
||||
+};
|
||||
+
|
||||
+const EVP_CIPHER *EVP_aes_256_wrap_pad(void)
|
||||
+{
|
||||
+ return &aes_256_wrap_pad;
|
||||
+}
|
||||
diff -up openssl-1.0.2e/crypto/evp/e_des3.c.wrap openssl-1.0.2e/crypto/evp/e_des3.c
|
||||
--- openssl-1.0.2e/crypto/evp/e_des3.c.wrap 2015-12-04 13:33:42.119550059 +0100
|
||||
+++ openssl-1.0.2e/crypto/evp/e_des3.c 2015-12-04 13:33:42.191551745 +0100
|
||||
@@ -474,7 +474,7 @@ static const EVP_CIPHER des3_wrap = {
|
||||
NID_id_smime_alg_CMS3DESwrap,
|
||||
8, 24, 0,
|
||||
EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
|
||||
- | EVP_CIPH_FLAG_DEFAULT_ASN1,
|
||||
+ | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_FIPS,
|
||||
des_ede3_init_key, des_ede3_wrap_cipher,
|
||||
NULL,
|
||||
sizeof(DES_EDE_KEY),
|
||||
diff -up openssl-1.0.2e/crypto/evp/evp.h.wrap openssl-1.0.2e/crypto/evp/evp.h
|
||||
--- openssl-1.0.2e/crypto/evp/evp.h.wrap 2015-12-04 13:33:42.120550083 +0100
|
||||
+++ openssl-1.0.2e/crypto/evp/evp.h 2015-12-04 13:33:42.191551745 +0100
|
||||
@@ -834,6 +834,7 @@ const EVP_CIPHER *EVP_aes_128_ccm(void);
|
||||
const EVP_CIPHER *EVP_aes_128_gcm(void);
|
||||
const EVP_CIPHER *EVP_aes_128_xts(void);
|
||||
const EVP_CIPHER *EVP_aes_128_wrap(void);
|
||||
+const EVP_CIPHER *EVP_aes_128_wrap_pad(void);
|
||||
const EVP_CIPHER *EVP_aes_192_ecb(void);
|
||||
const EVP_CIPHER *EVP_aes_192_cbc(void);
|
||||
const EVP_CIPHER *EVP_aes_192_cfb1(void);
|
||||
@@ -845,6 +846,7 @@ const EVP_CIPHER *EVP_aes_192_ctr(void);
|
||||
const EVP_CIPHER *EVP_aes_192_ccm(void);
|
||||
const EVP_CIPHER *EVP_aes_192_gcm(void);
|
||||
const EVP_CIPHER *EVP_aes_192_wrap(void);
|
||||
+const EVP_CIPHER *EVP_aes_192_wrap_pad(void);
|
||||
const EVP_CIPHER *EVP_aes_256_ecb(void);
|
||||
const EVP_CIPHER *EVP_aes_256_cbc(void);
|
||||
const EVP_CIPHER *EVP_aes_256_cfb1(void);
|
||||
@@ -857,6 +859,7 @@ const EVP_CIPHER *EVP_aes_256_ccm(void);
|
||||
const EVP_CIPHER *EVP_aes_256_gcm(void);
|
||||
const EVP_CIPHER *EVP_aes_256_xts(void);
|
||||
const EVP_CIPHER *EVP_aes_256_wrap(void);
|
||||
+const EVP_CIPHER *EVP_aes_256_wrap_pad(void);
|
||||
# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
|
||||
const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
|
||||
const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
|
||||
diff -up openssl-1.0.2e/crypto/evp/evptests.txt.wrap openssl-1.0.2e/crypto/evp/evptests.txt
|
||||
--- openssl-1.0.2e/crypto/evp/evptests.txt.wrap 2015-12-03 15:04:23.000000000 +0100
|
||||
+++ openssl-1.0.2e/crypto/evp/evptests.txt 2015-12-04 13:33:42.191551745 +0100
|
||||
@@ -399,3 +399,7 @@ id-aes256-wrap:000102030405060708090A0B0
|
||||
id-aes192-wrap:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF0001020304050607:031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2
|
||||
id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF0001020304050607:A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1
|
||||
id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F:28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21
|
||||
+# AES wrap tests from RFC5649
|
||||
+id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::c37b7e6492584340bed12207808941155068f738:138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a
|
||||
+id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::466f7250617369:afbeb0f07dfbf5419200f2ccb50bb24f
|
||||
+
|
||||
diff -up openssl-1.0.2e/crypto/modes/modes.h.wrap openssl-1.0.2e/crypto/modes/modes.h
|
||||
--- openssl-1.0.2e/crypto/modes/modes.h.wrap 2015-12-04 13:33:41.770541886 +0100
|
||||
+++ openssl-1.0.2e/crypto/modes/modes.h 2015-12-04 13:33:42.191551745 +0100
|
||||
@@ -157,6 +157,12 @@ size_t CRYPTO_128_unwrap(void *key, cons
|
||||
unsigned char *out,
|
||||
const unsigned char *in, size_t inlen,
|
||||
block128_f block);
|
||||
+size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv,
|
||||
+ unsigned char *out, const unsigned char *in,
|
||||
+ size_t inlen, block128_f block);
|
||||
+size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
|
||||
+ unsigned char *out, const unsigned char *in,
|
||||
+ size_t inlen, block128_f block);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
diff -up openssl-1.0.2e/crypto/modes/wrap128.c.wrap openssl-1.0.2e/crypto/modes/wrap128.c
|
||||
--- openssl-1.0.2e/crypto/modes/wrap128.c.wrap 2015-12-03 15:04:23.000000000 +0100
|
||||
+++ openssl-1.0.2e/crypto/modes/wrap128.c 2015-12-04 13:37:51.486366984 +0100
|
||||
@@ -2,6 +2,7 @@
|
||||
/*
|
||||
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project.
|
||||
+ * Mode with padding contributed by Petr Spacek (pspacek@redhat.com).
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2013 The OpenSSL Project. All rights reserved.
|
||||
@@ -52,19 +53,44 @@
|
||||
* ====================================================================
|
||||
*/
|
||||
|
||||
+/** Beware!
|
||||
+ *
|
||||
+ * Following wrapping modes were designed for AES but this implementation
|
||||
+ * allows you to use them for any 128 bit block cipher.
|
||||
+ */
|
||||
+
|
||||
#include "cryptlib.h"
|
||||
#include <openssl/modes.h>
|
||||
|
||||
+/** RFC 3394 section 2.2.3.1 Default Initial Value */
|
||||
static const unsigned char default_iv[] = {
|
||||
0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
|
||||
};
|
||||
|
||||
-/*
|
||||
- * Input size limit: lower than maximum of standards but far larger than
|
||||
+/** RFC 5649 section 3 Alternative Initial Value 32-bit constant */
|
||||
+static const unsigned char default_aiv[] = {
|
||||
+ 0xA6, 0x59, 0x59, 0xA6
|
||||
+};
|
||||
+
|
||||
+/** Input size limit: lower than maximum of standards but far larger than
|
||||
* anything that will be used in practice.
|
||||
*/
|
||||
#define CRYPTO128_WRAP_MAX (1UL << 31)
|
||||
|
||||
+/** Wrapping according to RFC 3394 section 2.2.1.
|
||||
+ *
|
||||
+ * @param[in] key Key value.
|
||||
+ * @param[in] iv IV value. Length = 8 bytes. NULL = use default_iv.
|
||||
+ * @param[in] in Plain text as n 64-bit blocks, n >= 2.
|
||||
+ * @param[in] inlen Length of in.
|
||||
+ * @param[out] out Cipher text. Minimal buffer length = (inlen + 8) bytes.
|
||||
+ * Input and output buffers can overlap if block function
|
||||
+ * supports that.
|
||||
+ * @param[in] block Block processing function.
|
||||
+ * @return 0 if inlen does not consist of n 64-bit blocks, n >= 2.
|
||||
+ * or if inlen > CRYPTO128_WRAP_MAX.
|
||||
+ * Output length if wrapping succeeded.
|
||||
+ */
|
||||
size_t CRYPTO_128_wrap(void *key, const unsigned char *iv,
|
||||
unsigned char *out,
|
||||
const unsigned char *in, size_t inlen,
|
||||
@@ -72,7 +98,7 @@ size_t CRYPTO_128_wrap(void *key, const
|
||||
{
|
||||
unsigned char *A, B[16], *R;
|
||||
size_t i, j, t;
|
||||
- if ((inlen & 0x7) || (inlen < 8) || (inlen > CRYPTO128_WRAP_MAX))
|
||||
+ if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX))
|
||||
return 0;
|
||||
A = B;
|
||||
t = 1;
|
||||
@@ -100,7 +126,23 @@ size_t CRYPTO_128_wrap(void *key, const
|
||||
return inlen + 8;
|
||||
}
|
||||
|
||||
-size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
|
||||
+/** Unwrapping according to RFC 3394 section 2.2.2 steps 1-2.
|
||||
+ * IV check (step 3) is responsibility of the caller.
|
||||
+ *
|
||||
+ * @param[in] key Key value.
|
||||
+ * @param[out] iv Unchecked IV value. Minimal buffer length = 8 bytes.
|
||||
+ * @param[out] out Plain text without IV.
|
||||
+ * Minimal buffer length = (inlen - 8) bytes.
|
||||
+ * Input and output buffers can overlap if block function
|
||||
+ * supports that.
|
||||
+ * @param[in] in Ciphertext text as n 64-bit blocks
|
||||
+ * @param[in] inlen Length of in.
|
||||
+ * @param[in] block Block processing function.
|
||||
+ * @return 0 if inlen is out of range [24, CRYPTO128_WRAP_MAX]
|
||||
+ * or if inlen is not multiply of 8.
|
||||
+ * Output length otherwise.
|
||||
+ */
|
||||
+static size_t crypto_128_unwrap_raw(void *key, unsigned char *iv,
|
||||
unsigned char *out,
|
||||
const unsigned char *in, size_t inlen,
|
||||
block128_f block)
|
||||
@@ -128,11 +170,190 @@ size_t CRYPTO_128_unwrap(void *key, cons
|
||||
memcpy(R, B + 8, 8);
|
||||
}
|
||||
}
|
||||
+ memcpy(iv, A, 8);
|
||||
+ return inlen;
|
||||
+}
|
||||
+
|
||||
+/** Unwrapping according to RFC 3394 section 2.2.2 including IV check.
|
||||
+ * First block of plain text have to match supplied IV otherwise an error is
|
||||
+ * returned.
|
||||
+ *
|
||||
+ * @param[in] key Key value.
|
||||
+ * @param[out] iv Unchecked IV value. Minimal buffer length = 8 bytes.
|
||||
+ * @param[out] out Plain text without IV.
|
||||
+ * Minimal buffer length = (inlen - 8) bytes.
|
||||
+ * Input and output buffers can overlap if block function
|
||||
+ * supports that.
|
||||
+ * @param[in] in Ciphertext text as n 64-bit blocks
|
||||
+ * @param[in] inlen Length of in.
|
||||
+ * @param[in] block Block processing function.
|
||||
+ * @return 0 if inlen is out of range [24, CRYPTO128_WRAP_MAX]
|
||||
+ * or if inlen is not multiply of 8
|
||||
+ * or if IV doesn't match expected value.
|
||||
+ * Output length otherwise.
|
||||
+ */
|
||||
+size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
|
||||
+ unsigned char *out, const unsigned char *in,
|
||||
+ size_t inlen, block128_f block)
|
||||
+{
|
||||
+ size_t ret;
|
||||
+ unsigned char got_iv[8];
|
||||
+
|
||||
+ ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block);
|
||||
+ if (ret == 0)
|
||||
+ return 0;
|
||||
+
|
||||
if (!iv)
|
||||
iv = default_iv;
|
||||
- if (memcmp(A, iv, 8)) {
|
||||
+ if (CRYPTO_memcmp(got_iv, iv, 8)) {
|
||||
+ OPENSSL_cleanse(out, ret);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+/** Wrapping according to RFC 5649 section 4.1.
|
||||
+ *
|
||||
+ * @param[in] key Key value.
|
||||
+ * @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv.
|
||||
+ * @param[out] out Cipher text. Minimal buffer length = (inlen + 15) bytes.
|
||||
+ * Input and output buffers can overlap if block function
|
||||
+ * supports that.
|
||||
+ * @param[in] in Plain text as n 64-bit blocks, n >= 2.
|
||||
+ * @param[in] inlen Length of in.
|
||||
+ * @param[in] block Block processing function.
|
||||
+ * @return 0 if inlen is out of range [1, CRYPTO128_WRAP_MAX].
|
||||
+ * Output length if wrapping succeeded.
|
||||
+ */
|
||||
+size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv,
|
||||
+ unsigned char *out,
|
||||
+ const unsigned char *in, size_t inlen,
|
||||
+ block128_f block)
|
||||
+{
|
||||
+ /* n: number of 64-bit blocks in the padded key data */
|
||||
+ const size_t blocks_padded = (inlen + 7) / 8;
|
||||
+ const size_t padded_len = blocks_padded * 8;
|
||||
+ const size_t padding_len = padded_len - inlen;
|
||||
+ /* RFC 5649 section 3: Alternative Initial Value */
|
||||
+ unsigned char aiv[8];
|
||||
+ int ret;
|
||||
+
|
||||
+ /* Section 1: use 32-bit fixed field for plaintext octet length */
|
||||
+ if (inlen == 0 || inlen >= CRYPTO128_WRAP_MAX)
|
||||
+ return 0;
|
||||
+
|
||||
+ /* Section 3: Alternative Initial Value */
|
||||
+ if (!icv)
|
||||
+ memcpy(aiv, default_aiv, 4);
|
||||
+ else
|
||||
+ memcpy(aiv, icv, 4); /* Standard doesn't mention this. */
|
||||
+
|
||||
+ aiv[4] = (inlen >> 24) & 0xFF;
|
||||
+ aiv[5] = (inlen >> 16) & 0xFF;
|
||||
+ aiv[6] = (inlen >> 8) & 0xFF;
|
||||
+ aiv[7] = inlen & 0xFF;
|
||||
+
|
||||
+ if (padded_len == 8) {
|
||||
+ /* Section 4.1 - special case in step 2:
|
||||
+ * If the padded plaintext contains exactly eight octets, then
|
||||
+ * prepend the AIV and encrypt the resulting 128-bit block
|
||||
+ * using AES in ECB mode. */
|
||||
+ memmove(out + 8, in, inlen);
|
||||
+ memcpy(out, aiv, 8);
|
||||
+ memset(out + 8 + inlen, 0, padding_len);
|
||||
+ block(out, out, key);
|
||||
+ ret = 16; /* AIV + padded input */
|
||||
+ } else {
|
||||
+ memmove(out, in, inlen);
|
||||
+ memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */
|
||||
+ ret = CRYPTO_128_wrap(key, aiv, out, out, padded_len, block);
|
||||
+ }
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+/** Unwrapping according to RFC 5649 section 4.2.
|
||||
+ *
|
||||
+ * @param[in] key Key value.
|
||||
+ * @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv.
|
||||
+ * @param[out] out Plain text. Minimal buffer length = inlen bytes.
|
||||
+ * Input and output buffers can overlap if block function
|
||||
+ * supports that.
|
||||
+ * @param[in] in Ciphertext text as n 64-bit blocks
|
||||
+ * @param[in] inlen Length of in.
|
||||
+ * @param[in] block Block processing function.
|
||||
+ * @return 0 if inlen is out of range [16, CRYPTO128_WRAP_MAX],
|
||||
+ * or if inlen is not multiply of 8
|
||||
+ * or if IV and message length indicator doesn't match.
|
||||
+ * Output length if unwrapping succeeded and IV matches.
|
||||
+ */
|
||||
+size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
|
||||
+ unsigned char *out,
|
||||
+ const unsigned char *in, size_t inlen,
|
||||
+ block128_f block)
|
||||
+{
|
||||
+ /* n: number of 64-bit blocks in the padded key data */
|
||||
+ size_t n = inlen / 8 - 1;
|
||||
+ size_t padded_len;
|
||||
+ size_t padding_len;
|
||||
+ size_t ptext_len;
|
||||
+ /* RFC 5649 section 3: Alternative Initial Value */
|
||||
+ unsigned char aiv[8];
|
||||
+ static unsigned char zeros[8] = { 0x0 };
|
||||
+ size_t ret;
|
||||
+
|
||||
+ /* Section 4.2: Cipher text length has to be (n+1) 64-bit blocks. */
|
||||
+ if ((inlen & 0x7) != 0 || inlen < 16 || inlen >= CRYPTO128_WRAP_MAX)
|
||||
+ return 0;
|
||||
+
|
||||
+ memmove(out, in, inlen);
|
||||
+ if (inlen == 16) {
|
||||
+ /* Section 4.2 - special case in step 1:
|
||||
+ * When n=1, the ciphertext contains exactly two 64-bit
|
||||
+ * blocks and they are decrypted as a single AES
|
||||
+ * block using AES in ECB mode:
|
||||
+ * AIV | P[1] = DEC(K, C[0] | C[1])
|
||||
+ */
|
||||
+ block(out, out, key);
|
||||
+ memcpy(aiv, out, 8);
|
||||
+ /* Remove AIV */
|
||||
+ memmove(out, out + 8, 8);
|
||||
+ padded_len = 8;
|
||||
+ } else {
|
||||
+ padded_len = inlen - 8;
|
||||
+ ret = crypto_128_unwrap_raw(key, aiv, out, out, inlen, block);
|
||||
+ if (padded_len != ret) {
|
||||
OPENSSL_cleanse(out, inlen);
|
||||
return 0;
|
||||
}
|
||||
- return inlen;
|
||||
+ }
|
||||
+
|
||||
+ /* Section 3: AIV checks: Check that MSB(32,A) = A65959A6.
|
||||
+ * Optionally a user-supplied value can be used
|
||||
+ * (even if standard doesn't mention this). */
|
||||
+ if ((!icv && CRYPTO_memcmp(aiv, default_aiv, 4))
|
||||
+ || (icv && CRYPTO_memcmp(aiv, icv, 4))) {
|
||||
+ OPENSSL_cleanse(out, inlen);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ /* Check that 8*(n-1) < LSB(32,AIV) <= 8*n.
|
||||
+ * If so, let ptext_len = LSB(32,AIV). */
|
||||
+
|
||||
+ ptext_len = (aiv[4] << 24) | (aiv[5] << 16) | (aiv[6] << 8) | aiv[7];
|
||||
+ if (8 * (n - 1) >= ptext_len || ptext_len > 8 * n) {
|
||||
+ OPENSSL_cleanse(out, inlen);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ /* Check that the rightmost padding_len octets of the output data
|
||||
+ * are zero. */
|
||||
+ padding_len = padded_len - ptext_len;
|
||||
+ if (CRYPTO_memcmp(out + ptext_len, zeros, padding_len) != 0) {
|
||||
+ OPENSSL_cleanse(out, inlen);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ /* Section 4.2 step 3: Remove padding */
|
||||
+ return ptext_len;
|
||||
}
|
@ -0,0 +1,90 @@
|
||||
diff -up openssl-1.0.2g/doc/apps/ec.pod.manfix openssl-1.0.2g/doc/apps/ec.pod
|
||||
--- openssl-1.0.2g/doc/apps/ec.pod.manfix 2016-03-01 14:35:05.000000000 +0100
|
||||
+++ openssl-1.0.2g/doc/apps/ec.pod 2016-03-01 16:47:35.331568290 +0100
|
||||
@@ -93,10 +93,6 @@ prints out the public, private key compo
|
||||
|
||||
this option prevents output of the encoded version of the key.
|
||||
|
||||
-=item B<-modulus>
|
||||
-
|
||||
-this option prints out the value of the public key component of the key.
|
||||
-
|
||||
=item B<-pubin>
|
||||
|
||||
by default a private key is read from the input file: with this option a
|
||||
diff -up openssl-1.0.2g/doc/apps/openssl.pod.manfix openssl-1.0.2g/doc/apps/openssl.pod
|
||||
--- openssl-1.0.2g/doc/apps/openssl.pod.manfix 2016-03-01 14:35:05.000000000 +0100
|
||||
+++ openssl-1.0.2g/doc/apps/openssl.pod 2016-03-01 16:47:35.331568290 +0100
|
||||
@@ -163,7 +163,7 @@ Create or examine a netscape certificate
|
||||
|
||||
Online Certificate Status Protocol utility.
|
||||
|
||||
-=item L<B<passwd>|passwd(1)>
|
||||
+=item L<B<passwd>|sslpasswd(1)>
|
||||
|
||||
Generation of hashed passwords.
|
||||
|
||||
@@ -187,7 +187,7 @@ Public key algorithm parameter managemen
|
||||
|
||||
Public key algorithm cryptographic operation utility.
|
||||
|
||||
-=item L<B<rand>|rand(1)>
|
||||
+=item L<B<rand>|sslrand(1)>
|
||||
|
||||
Generate pseudo-random bytes.
|
||||
|
||||
@@ -401,9 +401,9 @@ L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkc
|
||||
L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
|
||||
L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>,
|
||||
L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
|
||||
-L<passwd(1)|passwd(1)>,
|
||||
+L<sslpasswd(1)|sslpasswd(1)>,
|
||||
L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
|
||||
-L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
|
||||
+L<sslrand(1)|sslrand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
|
||||
L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
|
||||
L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
|
||||
L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
|
||||
diff -up openssl-1.0.2g/doc/apps/s_client.pod.manfix openssl-1.0.2g/doc/apps/s_client.pod
|
||||
--- openssl-1.0.2g/doc/apps/s_client.pod.manfix 2016-03-01 14:35:53.000000000 +0100
|
||||
+++ openssl-1.0.2g/doc/apps/s_client.pod 2016-03-01 16:47:35.358568902 +0100
|
||||
@@ -35,6 +35,9 @@ B<openssl> B<s_client>
|
||||
[B<-ssl2>]
|
||||
[B<-ssl3>]
|
||||
[B<-tls1>]
|
||||
+[B<-tls1_1>]
|
||||
+[B<-tls1_2>]
|
||||
+[B<-dtls1>]
|
||||
[B<-no_ssl2>]
|
||||
[B<-no_ssl3>]
|
||||
[B<-no_tls1>]
|
||||
@@ -201,7 +204,7 @@ Use the PSK key B<key> when using a PSK
|
||||
given as a hexadecimal number without leading 0x, for example -psk
|
||||
1a2b3c4d.
|
||||
|
||||
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
||||
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
||||
|
||||
These options require or disable the use of the specified SSL or TLS protocols.
|
||||
By default the initial handshake uses a I<version-flexible> method which will
|
||||
diff -up openssl-1.0.2g/doc/apps/s_server.pod.manfix openssl-1.0.2g/doc/apps/s_server.pod
|
||||
--- openssl-1.0.2g/doc/apps/s_server.pod.manfix 2016-03-01 14:35:53.000000000 +0100
|
||||
+++ openssl-1.0.2g/doc/apps/s_server.pod 2016-03-01 16:47:35.359568925 +0100
|
||||
@@ -42,6 +42,8 @@ B<openssl> B<s_server>
|
||||
[B<-ssl2>]
|
||||
[B<-ssl3>]
|
||||
[B<-tls1>]
|
||||
+[B<-tls1_1>]
|
||||
+[B<-tls1_2>]
|
||||
[B<-no_ssl2>]
|
||||
[B<-no_ssl3>]
|
||||
[B<-no_tls1>]
|
||||
@@ -217,7 +219,7 @@ Use the PSK key B<key> when using a PSK
|
||||
given as a hexadecimal number without leading 0x, for example -psk
|
||||
1a2b3c4d.
|
||||
|
||||
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
||||
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
||||
|
||||
These options require or disable the use of the specified SSL or TLS protocols.
|
||||
By default the initial handshake uses a I<version-flexible> method which will
|
@ -0,0 +1,24 @@
|
||||
diff -up openssl-1.0.2h/Makefile.org.pkgconfig openssl-1.0.2h/Makefile.org
|
||||
--- openssl-1.0.2h/Makefile.org.pkgconfig 2016-05-03 18:06:45.869834730 +0200
|
||||
+++ openssl-1.0.2h/Makefile.org 2016-06-27 12:04:15.444245018 +0200
|
||||
@@ -377,7 +377,7 @@ libcrypto.pc: Makefile
|
||||
echo 'Requires: '; \
|
||||
echo 'Libs: -L$${libdir} -lcrypto'; \
|
||||
echo 'Libs.private: $(EX_LIBS)'; \
|
||||
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
|
||||
+ echo 'Cflags: -I$${includedir}' ) > libcrypto.pc
|
||||
|
||||
libssl.pc: Makefile
|
||||
@ ( echo 'prefix=$(INSTALLTOP)'; \
|
||||
@@ -388,9 +388,9 @@ libssl.pc: Makefile
|
||||
echo 'Name: OpenSSL-libssl'; \
|
||||
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
|
||||
echo 'Version: '$(VERSION); \
|
||||
- echo 'Requires.private: libcrypto'; \
|
||||
+ echo 'Requires: libcrypto'; \
|
||||
echo 'Libs: -L$${libdir} -lssl'; \
|
||||
- echo 'Libs.private: $(EX_LIBS)'; \
|
||||
+ echo 'Libs.private: $(EX_LIBS) $(LIBKRB5)'; \
|
||||
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
|
||||
|
||||
openssl.pc: Makefile
|
@ -0,0 +1,15 @@
|
||||
diff -up openssl-1.0.2i/engines/e_chil.c.chil openssl-1.0.2i/engines/e_chil.c
|
||||
--- openssl-1.0.2i/engines/e_chil.c.chil 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/engines/e_chil.c 2016-09-22 13:49:32.532017102 +0200
|
||||
@@ -1274,6 +1274,11 @@ static int hwcrhk_insert_card(const char
|
||||
UI *ui;
|
||||
void *callback_data = NULL;
|
||||
UI_METHOD *ui_method = NULL;
|
||||
+ /* Despite what the documentation says prompt_info can be
|
||||
+ * an empty string.
|
||||
+ */
|
||||
+ if (prompt_info && !*prompt_info)
|
||||
+ prompt_info = NULL;
|
||||
|
||||
if (cactx) {
|
||||
if (cactx->ui_method)
|
@ -0,0 +1,25 @@
|
||||
diff -up openssl-1.0.2i/crypto/evp/bio_enc.c.enc-fail openssl-1.0.2i/crypto/evp/bio_enc.c
|
||||
--- openssl-1.0.2i/crypto/evp/bio_enc.c.enc-fail 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/crypto/evp/bio_enc.c 2016-09-22 13:58:24.592381002 +0200
|
||||
@@ -307,8 +307,9 @@ static long enc_ctrl(BIO *b, int cmd, lo
|
||||
case BIO_CTRL_RESET:
|
||||
ctx->ok = 1;
|
||||
ctx->finished = 0;
|
||||
- EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
|
||||
- ctx->cipher.encrypt);
|
||||
+ if (!EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
|
||||
+ ctx->cipher.encrypt))
|
||||
+ ctx->ok = 0;
|
||||
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
|
||||
break;
|
||||
case BIO_CTRL_EOF: /* More to read */
|
||||
@@ -430,7 +431,8 @@ void BIO_set_cipher(BIO *b, const EVP_CI
|
||||
|
||||
b->init = 1;
|
||||
ctx = (BIO_ENC_CTX *)b->ptr;
|
||||
- EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e);
|
||||
+ if (!EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e))
|
||||
+ ctx->ok = 0;
|
||||
|
||||
if (b->callback != NULL)
|
||||
b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);
|
@ -0,0 +1,83 @@
|
||||
diff --git a/Configure b/Configure
|
||||
index c39f71a..7f3d905 100755
|
||||
--- a/Configure
|
||||
+++ b/Configure
|
||||
@@ -727,6 +727,7 @@ my $idx_multilib = $idx++;
|
||||
my $prefix="";
|
||||
my $libdir="";
|
||||
my $openssldir="";
|
||||
+my $enginesdir="";
|
||||
my $exe_ext="";
|
||||
my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
|
||||
my $cross_compile_prefix="";
|
||||
@@ -956,6 +957,10 @@ PROCESS_ARGS:
|
||||
{
|
||||
$openssldir=$1;
|
||||
}
|
||||
+ elsif (/^--enginesdir=(.*)$/)
|
||||
+ {
|
||||
+ $enginesdir=$1;
|
||||
+ }
|
||||
elsif (/^--install.prefix=(.*)$/)
|
||||
{
|
||||
$install_prefix=$1;
|
||||
@@ -1207,7 +1212,7 @@ chop $prefix if $prefix =~ /.\/$/;
|
||||
|
||||
$openssldir=$prefix . "/ssl" if $openssldir eq "";
|
||||
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
|
||||
-
|
||||
+$enginesdir="$prefix/lib/engines" if $enginesdir eq "";
|
||||
|
||||
print "IsMK1MF=$IsMK1MF\n";
|
||||
|
||||
@@ -1709,6 +1714,7 @@ while (<IN>)
|
||||
s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
|
||||
s/^MULTILIB=.*$/MULTILIB=$multilib/;
|
||||
s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
|
||||
+ s/^ENGINESDIR=.*$/ENGINESDIR=$enginesdir/;
|
||||
s/^LIBDIR=.*$/LIBDIR=$libdir/;
|
||||
s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
|
||||
s/^PLATFORM=.*$/PLATFORM=$target/;
|
||||
@@ -1915,7 +1921,7 @@ while (<IN>)
|
||||
}
|
||||
elsif (/^#define\s+ENGINESDIR/)
|
||||
{
|
||||
- my $foo = "$prefix/$libdir/engines";
|
||||
+ my $foo = "$enginesdir";
|
||||
$foo =~ s/\\/\\\\/g;
|
||||
print OUT "#define ENGINESDIR \"$foo\"\n";
|
||||
}
|
||||
diff --git a/Makefile.org b/Makefile.org
|
||||
index 2377f50..fe8d54c 100644
|
||||
--- a/Makefile.org
|
||||
+++ b/Makefile.org
|
||||
@@ -28,6 +28,7 @@ INSTALLTOP=/usr/local/ssl
|
||||
|
||||
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
|
||||
OPENSSLDIR=/usr/local/ssl
|
||||
+ENGINESDIR=$${libdir}/engines
|
||||
|
||||
# NO_IDEA - Define to build without the IDEA algorithm
|
||||
# NO_RC4 - Define to build without the RC4 algorithm
|
||||
@@ -368,7 +369,7 @@ libcrypto.pc: Makefile
|
||||
echo 'exec_prefix=$${prefix}'; \
|
||||
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
|
||||
echo 'includedir=$${prefix}/include'; \
|
||||
- echo 'enginesdir=$${libdir}/engines'; \
|
||||
+ echo 'enginesdir=$(ENGINESDIR)'; \
|
||||
echo ''; \
|
||||
echo 'Name: OpenSSL-libcrypto'; \
|
||||
echo 'Description: OpenSSL cryptography library'; \
|
||||
diff --git a/engines/Makefile b/engines/Makefile
|
||||
index 2058ff4..a2c407b 100644
|
||||
--- a/engines/Makefile
|
||||
+++ b/engines/Makefile
|
||||
@@ -124,7 +124,7 @@ install:
|
||||
esac; \
|
||||
cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
|
||||
fi; \
|
||||
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
|
||||
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
|
||||
done; \
|
||||
fi
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,286 @@
|
||||
diff -up openssl-1.0.2i/apps/cms.c.trusted-first openssl-1.0.2i/apps/cms.c
|
||||
--- openssl-1.0.2i/apps/cms.c.trusted-first 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/apps/cms.c 2016-09-22 14:01:27.436630359 +0200
|
||||
@@ -646,6 +646,8 @@ int MAIN(int argc, char **argv)
|
||||
"-CApath dir trusted certificates directory\n");
|
||||
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
|
||||
BIO_printf(bio_err,
|
||||
+ "-trusted_first use trusted certificates first when building the trust chain\n");
|
||||
+ BIO_printf(bio_err,
|
||||
"-no_alt_chains only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
"-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||
diff -up openssl-1.0.2i/apps/ocsp.c.trusted-first openssl-1.0.2i/apps/ocsp.c
|
||||
--- openssl-1.0.2i/apps/ocsp.c.trusted-first 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/apps/ocsp.c 2016-09-22 14:01:27.436630359 +0200
|
||||
@@ -537,6 +537,8 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,
|
||||
"-CAfile file trusted certificates file\n");
|
||||
BIO_printf(bio_err,
|
||||
+ "-trusted_first use trusted certificates first when building the trust chain\n");
|
||||
+ BIO_printf(bio_err,
|
||||
"-no_alt_chains only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
"-VAfile file validator certificates file\n");
|
||||
diff -up openssl-1.0.2i/apps/s_client.c.trusted-first openssl-1.0.2i/apps/s_client.c
|
||||
--- openssl-1.0.2i/apps/s_client.c.trusted-first 2016-09-22 14:01:27.402629569 +0200
|
||||
+++ openssl-1.0.2i/apps/s_client.c 2016-09-22 14:01:27.436630359 +0200
|
||||
@@ -330,6 +330,8 @@ static void sc_usage(void)
|
||||
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
|
||||
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
|
||||
BIO_printf(bio_err,
|
||||
+ " -trusted_first - Use trusted CA's first when building the trust chain\n");
|
||||
+ BIO_printf(bio_err,
|
||||
" -no_alt_chains - only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
" -reconnect - Drop and re-make the connection with the same Session-ID\n");
|
||||
diff -up openssl-1.0.2i/apps/smime.c.trusted-first openssl-1.0.2i/apps/smime.c
|
||||
--- openssl-1.0.2i/apps/smime.c.trusted-first 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/apps/smime.c 2016-09-22 14:01:27.436630359 +0200
|
||||
@@ -442,6 +442,8 @@ int MAIN(int argc, char **argv)
|
||||
"-CApath dir trusted certificates directory\n");
|
||||
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
|
||||
BIO_printf(bio_err,
|
||||
+ "-trusted_first use trusted certificates first when building the trust chain\n");
|
||||
+ BIO_printf(bio_err,
|
||||
"-no_alt_chains only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
"-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||
diff -up openssl-1.0.2i/apps/s_server.c.trusted-first openssl-1.0.2i/apps/s_server.c
|
||||
--- openssl-1.0.2i/apps/s_server.c.trusted-first 2016-09-22 14:01:27.374628918 +0200
|
||||
+++ openssl-1.0.2i/apps/s_server.c 2016-09-22 14:01:27.437630382 +0200
|
||||
@@ -571,6 +571,8 @@ static void sv_usage(void)
|
||||
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
|
||||
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
|
||||
BIO_printf(bio_err,
|
||||
+ " -trusted_first - Use trusted CA's first when building the trust chain\n");
|
||||
+ BIO_printf(bio_err,
|
||||
" -no_alt_chains - only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
" -nocert - Don't use any certificates (Anon-DH)\n");
|
||||
diff -up openssl-1.0.2i/apps/s_time.c.trusted-first openssl-1.0.2i/apps/s_time.c
|
||||
--- openssl-1.0.2i/apps/s_time.c.trusted-first 2016-09-22 14:01:27.368628779 +0200
|
||||
+++ openssl-1.0.2i/apps/s_time.c 2016-09-22 14:01:27.437630382 +0200
|
||||
@@ -182,6 +182,7 @@ static void s_time_usage(void)
|
||||
file if not specified by this option\n\
|
||||
-CApath arg - PEM format directory of CA's\n\
|
||||
-CAfile arg - PEM format file of CA's\n\
|
||||
+-trusted_first - Use trusted CA's first when building the trust chain\n\
|
||||
-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
|
||||
|
||||
printf("usage: s_time <args>\n\n");
|
||||
diff -up openssl-1.0.2i/apps/ts.c.trusted-first openssl-1.0.2i/apps/ts.c
|
||||
--- openssl-1.0.2i/apps/ts.c.trusted-first 2016-09-22 14:01:27.400629522 +0200
|
||||
+++ openssl-1.0.2i/apps/ts.c 2016-09-22 14:01:27.437630382 +0200
|
||||
@@ -352,7 +352,7 @@ int MAIN(int argc, char **argv)
|
||||
"ts -verify [-data file_to_hash] [-digest digest_bytes] "
|
||||
"[-queryfile request.tsq] "
|
||||
"-in response.tsr [-token_in] "
|
||||
- "-CApath ca_path -CAfile ca_file.pem "
|
||||
+ "-CApath ca_path -CAfile ca_file.pem -trusted_first"
|
||||
"-untrusted cert_file.pem\n");
|
||||
cleanup:
|
||||
/* Clean up. */
|
||||
diff -up openssl-1.0.2i/apps/verify.c.trusted-first openssl-1.0.2i/apps/verify.c
|
||||
--- openssl-1.0.2i/apps/verify.c.trusted-first 2016-09-22 14:01:27.438630405 +0200
|
||||
+++ openssl-1.0.2i/apps/verify.c 2016-09-22 14:02:37.951269140 +0200
|
||||
@@ -231,7 +231,7 @@ int MAIN(int argc, char **argv)
|
||||
usage:
|
||||
if (ret == 1) {
|
||||
BIO_printf(bio_err,
|
||||
- "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
|
||||
+ "usage: verify [-verbose] [-CApath path] [-CAfile file] [-trusted_first] [-purpose purpose] [-crl_check]");
|
||||
BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err, " [-engine e]");
|
||||
diff -up openssl-1.0.2i/doc/apps/cms.pod.trusted-first openssl-1.0.2i/doc/apps/cms.pod
|
||||
--- openssl-1.0.2i/doc/apps/cms.pod.trusted-first 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/doc/apps/cms.pod 2016-09-22 14:01:27.438630405 +0200
|
||||
@@ -35,6 +35,7 @@ B<openssl> B<cms>
|
||||
[B<-print>]
|
||||
[B<-CAfile file>]
|
||||
[B<-CApath dir>]
|
||||
+[B<-trusted_first>]
|
||||
[B<-no_alt_chains>]
|
||||
[B<-md digest>]
|
||||
[B<-[cipher]>]
|
||||
@@ -248,6 +249,12 @@ B<-verify>. This directory must be a sta
|
||||
is a hash of each subject name (using B<x509 -hash>) should be linked
|
||||
to each certificate.
|
||||
|
||||
+=item B<-trusted_first>
|
||||
+
|
||||
+Use certificates in CA file or CA directory before untrusted certificates
|
||||
+from the message when building the trust chain to verify certificates.
|
||||
+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
|
||||
+
|
||||
=item B<-md digest>
|
||||
|
||||
digest algorithm to use when signing or resigning. If not present then the
|
||||
diff -up openssl-1.0.2i/doc/apps/ocsp.pod.trusted-first openssl-1.0.2i/doc/apps/ocsp.pod
|
||||
--- openssl-1.0.2i/doc/apps/ocsp.pod.trusted-first 2016-09-22 14:01:27.401629545 +0200
|
||||
+++ openssl-1.0.2i/doc/apps/ocsp.pod 2016-09-22 14:01:27.438630405 +0200
|
||||
@@ -29,6 +29,7 @@ B<openssl> B<ocsp>
|
||||
[B<-path>]
|
||||
[B<-CApath dir>]
|
||||
[B<-CAfile file>]
|
||||
+[B<-trusted_first>]
|
||||
[B<-no_alt_chains>]
|
||||
[B<-VAfile file>]
|
||||
[B<-validity_period n>]
|
||||
@@ -144,6 +145,13 @@ connection timeout to the OCSP responder
|
||||
file or pathname containing trusted CA certificates. These are used to verify
|
||||
the signature on the OCSP response.
|
||||
|
||||
+=item B<-trusted_first>
|
||||
+
|
||||
+Use certificates in CA file or CA directory over certificates provided
|
||||
+in the response or residing in other certificates file when building the trust
|
||||
+chain to verify responder certificate.
|
||||
+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
|
||||
+
|
||||
=item B<-no_alt_chains>
|
||||
|
||||
See L<B<verify>|verify(1)> manual page for details.
|
||||
diff -up openssl-1.0.2i/doc/apps/s_client.pod.trusted-first openssl-1.0.2i/doc/apps/s_client.pod
|
||||
--- openssl-1.0.2i/doc/apps/s_client.pod.trusted-first 2016-09-22 14:01:27.412629801 +0200
|
||||
+++ openssl-1.0.2i/doc/apps/s_client.pod 2016-09-22 14:01:27.438630405 +0200
|
||||
@@ -19,6 +19,7 @@ B<openssl> B<s_client>
|
||||
[B<-pass arg>]
|
||||
[B<-CApath directory>]
|
||||
[B<-CAfile filename>]
|
||||
+[B<-trusted_first>]
|
||||
[B<-no_alt_chains>]
|
||||
[B<-reconnect>]
|
||||
[B<-pause>]
|
||||
@@ -125,7 +126,7 @@ also used when building the client certi
|
||||
A file containing trusted certificates to use during server authentication
|
||||
and to use when attempting to build the client certificate chain.
|
||||
|
||||
-=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
|
||||
+=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first -no_alt_chains>
|
||||
|
||||
Set various certificate chain valiadition option. See the
|
||||
L<B<verify>|verify(1)> manual page for details.
|
||||
diff -up openssl-1.0.2i/doc/apps/smime.pod.trusted-first openssl-1.0.2i/doc/apps/smime.pod
|
||||
--- openssl-1.0.2i/doc/apps/smime.pod.trusted-first 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/doc/apps/smime.pod 2016-09-22 14:01:27.438630405 +0200
|
||||
@@ -15,6 +15,9 @@ B<openssl> B<smime>
|
||||
[B<-pk7out>]
|
||||
[B<-[cipher]>]
|
||||
[B<-in file>]
|
||||
+[B<-CAfile file>]
|
||||
+[B<-CApath dir>]
|
||||
+[B<-trusted_first>]
|
||||
[B<-no_alt_chains>]
|
||||
[B<-certfile file>]
|
||||
[B<-signer file>]
|
||||
@@ -150,6 +153,12 @@ B<-verify>. This directory must be a sta
|
||||
is a hash of each subject name (using B<x509 -hash>) should be linked
|
||||
to each certificate.
|
||||
|
||||
+=item B<-trusted_first>
|
||||
+
|
||||
+Use certificates in CA file or CA directory over certificates provided
|
||||
+in the message when building the trust chain to verify a certificate.
|
||||
+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
|
||||
+
|
||||
=item B<-md digest>
|
||||
|
||||
digest algorithm to use when signing or resigning. If not present then the
|
||||
diff -up openssl-1.0.2i/doc/apps/s_server.pod.trusted-first openssl-1.0.2i/doc/apps/s_server.pod
|
||||
--- openssl-1.0.2i/doc/apps/s_server.pod.trusted-first 2016-09-22 14:01:27.412629801 +0200
|
||||
+++ openssl-1.0.2i/doc/apps/s_server.pod 2016-09-22 14:01:27.438630405 +0200
|
||||
@@ -33,6 +33,7 @@ B<openssl> B<s_server>
|
||||
[B<-state>]
|
||||
[B<-CApath directory>]
|
||||
[B<-CAfile filename>]
|
||||
+[B<-trusted_first>]
|
||||
[B<-no_alt_chains>]
|
||||
[B<-nocert>]
|
||||
[B<-cipher cipherlist>]
|
||||
@@ -178,6 +179,12 @@ and to use when attempting to build the
|
||||
is also used in the list of acceptable client CAs passed to the client when
|
||||
a certificate is requested.
|
||||
|
||||
+=item B<-trusted_first>
|
||||
+
|
||||
+Use certificates in CA file or CA directory before other certificates
|
||||
+when building the trust chain to verify client certificates.
|
||||
+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
|
||||
+
|
||||
=item B<-no_alt_chains>
|
||||
|
||||
See the L<B<verify>|verify(1)> manual page for details.
|
||||
diff -up openssl-1.0.2i/doc/apps/s_time.pod.trusted-first openssl-1.0.2i/doc/apps/s_time.pod
|
||||
--- openssl-1.0.2i/doc/apps/s_time.pod.trusted-first 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/doc/apps/s_time.pod 2016-09-22 14:01:27.439630429 +0200
|
||||
@@ -14,6 +14,7 @@ B<openssl> B<s_time>
|
||||
[B<-key filename>]
|
||||
[B<-CApath directory>]
|
||||
[B<-CAfile filename>]
|
||||
+[B<-trusted_first>]
|
||||
[B<-reuse>]
|
||||
[B<-new>]
|
||||
[B<-verify depth>]
|
||||
@@ -76,6 +77,12 @@ also used when building the client certi
|
||||
A file containing trusted certificates to use during server authentication
|
||||
and to use when attempting to build the client certificate chain.
|
||||
|
||||
+=item B<-trusted_first>
|
||||
+
|
||||
+Use certificates in CA file or CA directory over the certificates provided
|
||||
+by the server when building the trust chain to verify server certificate.
|
||||
+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
|
||||
+
|
||||
=item B<-new>
|
||||
|
||||
performs the timing test using a new session ID for each connection.
|
||||
diff -up openssl-1.0.2i/doc/apps/ts.pod.trusted-first openssl-1.0.2i/doc/apps/ts.pod
|
||||
--- openssl-1.0.2i/doc/apps/ts.pod.trusted-first 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/doc/apps/ts.pod 2016-09-22 14:01:27.439630429 +0200
|
||||
@@ -46,6 +46,7 @@ B<-verify>
|
||||
[B<-token_in>]
|
||||
[B<-CApath> trusted_cert_path]
|
||||
[B<-CAfile> trusted_certs.pem]
|
||||
+[B<-trusted_first>]
|
||||
[B<-untrusted> cert_file.pem]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
@@ -324,6 +325,12 @@ L<verify(1)|verify(1)> for additional de
|
||||
or B<-CApath> must be specified.
|
||||
(Optional)
|
||||
|
||||
+=item B<-trusted_first>
|
||||
+
|
||||
+Use certificates in CA file or CA directory before other certificates
|
||||
+when building the trust chain to verify certificates.
|
||||
+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
|
||||
+
|
||||
=item B<-untrusted> cert_file.pem
|
||||
|
||||
Set of additional untrusted certificates in PEM format which may be
|
||||
diff -up openssl-1.0.2i/doc/apps/verify.pod.trusted-first openssl-1.0.2i/doc/apps/verify.pod
|
||||
--- openssl-1.0.2i/doc/apps/verify.pod.trusted-first 2016-09-22 12:23:06.000000000 +0200
|
||||
+++ openssl-1.0.2i/doc/apps/verify.pod 2016-09-22 14:01:27.439630429 +0200
|
||||
@@ -9,6 +9,7 @@ verify - Utility to verify certificates.
|
||||
B<openssl> B<verify>
|
||||
[B<-CApath directory>]
|
||||
[B<-CAfile file>]
|
||||
+[B<-trusted_first>]
|
||||
[B<-purpose purpose>]
|
||||
[B<-policy arg>]
|
||||
[B<-ignore_critical>]
|
||||
@@ -86,6 +87,12 @@ If a valid CRL cannot be found an error
|
||||
A file of untrusted certificates. The file should contain multiple certificates
|
||||
in PEM format concatenated together.
|
||||
|
||||
+=item B<-trusted_first>
|
||||
+
|
||||
+Use certificates in CA file or CA directory before the certificates in the untrusted
|
||||
+file when building the trust chain to verify certificates.
|
||||
+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
|
||||
+
|
||||
=item B<-purpose purpose>
|
||||
|
||||
The intended use for the certificate. If this option is not specified,
|
@ -0,0 +1,229 @@
|
||||
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
|
||||
index 3ffd934..23271be 100644
|
||||
--- a/crypto/asn1/a_verify.c
|
||||
+++ b/crypto/asn1/a_verify.c
|
||||
@@ -56,6 +56,9 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
+/* for secure_getenv */
|
||||
+#define _GNU_SOURCE
|
||||
+
|
||||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
|
||||
@@ -133,6 +136,30 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
|
||||
|
||||
#endif
|
||||
|
||||
+static int legacy_mds[] = { NID_md5, NID_sha, NID_md4, NID_md2, 0 };
|
||||
+extern int private_ossl_allowed_legacy_mds[];
|
||||
+
|
||||
+static int is_md_legacy_disallowed(int mdnid)
|
||||
+{
|
||||
+ int i;
|
||||
+
|
||||
+ if (mdnid == NID_md5 && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") != NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ for (i = 0; legacy_mds[i] != 0; ++i) {
|
||||
+ if (mdnid == legacy_mds[i]) {
|
||||
+ int j;
|
||||
+
|
||||
+ for (j = 0; private_ossl_allowed_legacy_mds[j] != 0; ++j) {
|
||||
+ if (mdnid == private_ossl_allowed_legacy_mds[j])
|
||||
+ return 0;
|
||||
+ }
|
||||
+ return 1;
|
||||
+ }
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
|
||||
ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
|
||||
{
|
||||
@@ -174,6 +201,10 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
|
||||
if (ret != 2)
|
||||
goto err;
|
||||
ret = -1;
|
||||
+ } else if (is_md_legacy_disallowed(mdnid)) {
|
||||
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
|
||||
+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
|
||||
+ goto err;
|
||||
} else {
|
||||
const EVP_MD *type;
|
||||
type = EVP_get_digestbynid(mdnid);
|
||||
diff --git a/crypto/o_init.c b/crypto/o_init.c
|
||||
index 2f754ef..59439c2 100644
|
||||
--- a/crypto/o_init.c
|
||||
+++ b/crypto/o_init.c
|
||||
@@ -55,6 +55,12 @@
|
||||
|
||||
#include <e_os.h>
|
||||
#include <openssl/err.h>
|
||||
+# include <stdio.h>
|
||||
+# include <string.h>
|
||||
+# include <strings.h>
|
||||
+# include <ctype.h>
|
||||
+# include <openssl/dh.h>
|
||||
+# include <openssl/objects.h>
|
||||
#ifdef OPENSSL_FIPS
|
||||
# include <sys/types.h>
|
||||
# include <sys/stat.h>
|
||||
@@ -89,6 +95,121 @@ static void init_fips_mode(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
+# define LEGACY_SETTINGS_FILE "/etc/pki/tls/legacy-settings"
|
||||
+
|
||||
+# define NUM_MAX_LEGACY_MDS 8
|
||||
+
|
||||
+int private_ossl_allowed_legacy_mds[NUM_MAX_LEGACY_MDS + 1]; /* zero terminated */
|
||||
+
|
||||
+int private_ossl_minimum_dh_bits;
|
||||
+
|
||||
+#if !defined(_WIN32)
|
||||
+static void parse_legacy_mds(char *p)
|
||||
+{
|
||||
+ int idx = 0;
|
||||
+ char *e = p;
|
||||
+
|
||||
+ while (p[0] != '\0') {
|
||||
+ while (e[0] != '\0' && !isspace(e[0]) && e[0] != ',') {
|
||||
+ ++e;
|
||||
+ }
|
||||
+ if (e[0] != '\0') {
|
||||
+ e[0] = '\0';
|
||||
+ ++e;
|
||||
+ }
|
||||
+
|
||||
+ if (strcasecmp(p, "md5") == 0) {
|
||||
+ private_ossl_allowed_legacy_mds[idx++] = NID_md5;
|
||||
+ } else if (strcasecmp(p, "md4") == 0) {
|
||||
+ private_ossl_allowed_legacy_mds[idx++] = NID_md4;
|
||||
+ } else if (strcasecmp(p, "sha") == 0) {
|
||||
+ private_ossl_allowed_legacy_mds[idx++] = NID_sha;
|
||||
+ } else if (strcasecmp(p, "md2") == 0) {
|
||||
+ private_ossl_allowed_legacy_mds[idx++] = NID_md2;
|
||||
+ }
|
||||
+
|
||||
+ if (idx >=
|
||||
+ sizeof(private_ossl_allowed_legacy_mds) /
|
||||
+ sizeof(private_ossl_allowed_legacy_mds[0])) {
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ while (e[0] == ',' || isspace(e[0])) {
|
||||
+ ++e;
|
||||
+ }
|
||||
+
|
||||
+ p = e;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void parse_minimum_dh_bits(char *p)
|
||||
+{
|
||||
+ private_ossl_minimum_dh_bits = strtol(p, NULL, 10);
|
||||
+ if (private_ossl_minimum_dh_bits < 512
|
||||
+ || private_ossl_minimum_dh_bits > OPENSSL_DH_MAX_MODULUS_BITS) {
|
||||
+ /* use default */
|
||||
+ private_ossl_minimum_dh_bits = 0;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void load_legacy_settings(void)
|
||||
+{
|
||||
+ FILE *f;
|
||||
+ char *line = NULL;
|
||||
+ size_t len = 0;
|
||||
+
|
||||
+ if ((f = fopen(LEGACY_SETTINGS_FILE, "r")) == NULL) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ while (getline(&line, &len, f) > 0) {
|
||||
+ char *p = line, *e, *val;
|
||||
+
|
||||
+ /* skip initial whitespace */
|
||||
+ while (isspace(p[0])) {
|
||||
+ ++p;
|
||||
+ }
|
||||
+
|
||||
+ e = p;
|
||||
+
|
||||
+ while (e[0] != '\0' && !isspace(e[0])) {
|
||||
+ ++e;
|
||||
+ }
|
||||
+
|
||||
+ /* terminate name, skip whitespace between name and value */
|
||||
+ if (e[0] != '\0') {
|
||||
+ e[0] = '\0';
|
||||
+ ++e;
|
||||
+ while (isspace(e[0])) {
|
||||
+ ++e;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ val = e;
|
||||
+
|
||||
+ e = e + strlen(val);
|
||||
+
|
||||
+ /* trim terminating whitespace */
|
||||
+ while (e > val) {
|
||||
+ --e;
|
||||
+ if (isspace(e[0])) {
|
||||
+ e[0] = '\0';
|
||||
+ } else {
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (strcasecmp(p, "LegacySigningMDs") == 0) {
|
||||
+ parse_legacy_mds(val);
|
||||
+ } else if (strcasecmp(line, "MinimumDHBits") == 0) {
|
||||
+ parse_minimum_dh_bits(val);
|
||||
+ }
|
||||
+ /* simply skip other unrecognized lines */
|
||||
+ }
|
||||
+ (void)fclose(f);
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* Perform any essential OpenSSL initialization operations. Currently only
|
||||
* sets FIPS callbacks
|
||||
@@ -100,6 +221,10 @@ void OPENSSL_init_library(void)
|
||||
if (done)
|
||||
return;
|
||||
done = 1;
|
||||
+
|
||||
+#if !defined(_WIN32)
|
||||
+ load_legacy_settings();
|
||||
+#endif
|
||||
#ifdef OPENSSL_FIPS
|
||||
RAND_init_fips();
|
||||
init_fips_mode();
|
||||
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
|
||||
index 32f2f1a..6734e8a 100644
|
||||
--- a/ssl/s3_clnt.c
|
||||
+++ b/ssl/s3_clnt.c
|
||||
@@ -3500,6 +3500,8 @@ int ssl3_send_client_certificate(SSL *s)
|
||||
|
||||
#define has_bits(i,m) (((i)&(m)) == (m))
|
||||
|
||||
+extern int private_ossl_minimum_dh_bits;
|
||||
+
|
||||
int ssl3_check_cert_and_algorithm(SSL *s)
|
||||
{
|
||||
int i, idx;
|
||||
@@ -3630,8 +3632,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
|
||||
DH_free(dh_srvr);
|
||||
}
|
||||
|
||||
- if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 1024)
|
||||
- || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512)) {
|
||||
+ if (dh_size < (private_ossl_minimum_dh_bits ? private_ossl_minimum_dh_bits : 1024)) {
|
||||
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL);
|
||||
goto f_err;
|
||||
}
|
@ -0,0 +1,138 @@
|
||||
diff -up openssl-1.0.2j/ssl/s3_lib.c.downgrade-strength openssl-1.0.2j/ssl/s3_lib.c
|
||||
--- openssl-1.0.2j/ssl/s3_lib.c.downgrade-strength 2017-01-05 17:23:21.091203023 +0100
|
||||
+++ openssl-1.0.2j/ssl/s3_lib.c 2017-01-05 17:36:37.250194225 +0100
|
||||
@@ -227,7 +227,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
- 128,
|
||||
+ 112,
|
||||
128,
|
||||
},
|
||||
|
||||
@@ -243,7 +243,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
- 128,
|
||||
+ 112,
|
||||
128,
|
||||
},
|
||||
|
||||
@@ -278,7 +278,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
- 128,
|
||||
+ 112,
|
||||
128,
|
||||
},
|
||||
#endif
|
||||
@@ -575,7 +575,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
- 128,
|
||||
+ 112,
|
||||
128,
|
||||
},
|
||||
|
||||
@@ -730,7 +730,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
- 128,
|
||||
+ 112,
|
||||
128,
|
||||
},
|
||||
|
||||
@@ -746,7 +746,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
- 128,
|
||||
+ 112,
|
||||
128,
|
||||
},
|
||||
|
||||
@@ -796,7 +796,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
- 128,
|
||||
+ 112,
|
||||
128,
|
||||
},
|
||||
|
||||
@@ -812,7 +812,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
|
||||
SSL_SSLV3,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
- 128,
|
||||
+ 112,
|
||||
128,
|
||||
},
|
||||
|
||||
@@ -1429,7 +1429,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
- 128,
|
||||
+ 112,
|
||||
128,
|
||||
},
|
||||
#endif
|
||||
@@ -1714,7 +1714,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
- 128,
|
||||
+ 112,
|
||||
128,
|
||||
},
|
||||
|
||||
@@ -2106,7 +2106,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
- 128,
|
||||
+ 112,
|
||||
128,
|
||||
},
|
||||
|
||||
@@ -2186,7 +2186,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
- 128,
|
||||
+ 112,
|
||||
128,
|
||||
},
|
||||
|
||||
@@ -2266,7 +2266,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
- 128,
|
||||
+ 112,
|
||||
128,
|
||||
},
|
||||
|
||||
@@ -2346,7 +2346,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
- 128,
|
||||
+ 112,
|
||||
128,
|
||||
},
|
||||
|
||||
@@ -2426,7 +2426,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
|
||||
SSL_TLSV1,
|
||||
SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
|
||||
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
||||
- 128,
|
||||
+ 112,
|
||||
128,
|
||||
},
|
||||
|
@ -0,0 +1,172 @@
|
||||
diff -up openssl-1.0.2j/apps/s_client.c.krb5keytab openssl-1.0.2j/apps/s_client.c
|
||||
--- openssl-1.0.2j/apps/s_client.c.krb5keytab 2017-01-05 17:02:05.481441088 +0100
|
||||
+++ openssl-1.0.2j/apps/s_client.c 2017-01-05 17:08:28.311073180 +0100
|
||||
@@ -171,6 +171,10 @@ typedef unsigned int u_int;
|
||||
#include "s_apps.h"
|
||||
#include "timeouts.h"
|
||||
|
||||
+#ifndef OPENSSL_NO_KRB5
|
||||
+static char *krb5svc = NULL;
|
||||
+#endif
|
||||
+
|
||||
#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
|
||||
/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
|
||||
# undef FIONBIO
|
||||
@@ -400,6 +404,9 @@ static void sc_usage(void)
|
||||
BIO_printf(bio_err,
|
||||
" only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
|
||||
BIO_printf(bio_err, " are supported.\n");
|
||||
+#ifndef OPENSSL_NO_KRB5
|
||||
+ BIO_printf(bio_err, " -krb5svc arg - Kerberos service name\n");
|
||||
+#endif
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err,
|
||||
" -engine id - Initialise and use the specified engine\n");
|
||||
@@ -1069,6 +1076,13 @@ int MAIN(int argc, char **argv)
|
||||
c_nbio = 1;
|
||||
}
|
||||
#endif
|
||||
+#ifndef OPENSSL_NO_KRB5
|
||||
+ else if (strcmp(*argv, "-krb5svc") == 0) {
|
||||
+ if (--argc < 1)
|
||||
+ goto bad;
|
||||
+ krb5svc= *(++argv);
|
||||
+ }
|
||||
+#endif
|
||||
else if (strcmp(*argv, "-starttls") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
@@ -1435,6 +1449,8 @@ int MAIN(int argc, char **argv)
|
||||
if (con && (kctx = kssl_ctx_new()) != NULL) {
|
||||
SSL_set0_kssl_ctx(con, kctx);
|
||||
kssl_ctx_setstring(kctx, KSSL_SERVER, host);
|
||||
+ if (krb5svc != NULL)
|
||||
+ kssl_ctx_setstring(kctx, KSSL_SERVICE, krb5svc);
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
/* SSL_set_cipher_list(con,"RC4-MD5"); */
|
||||
diff -up openssl-1.0.2j/apps/s_server.c.krb5keytab openssl-1.0.2j/apps/s_server.c
|
||||
--- openssl-1.0.2j/apps/s_server.c.krb5keytab 2017-01-05 17:02:05.482441111 +0100
|
||||
+++ openssl-1.0.2j/apps/s_server.c 2017-01-05 17:16:36.458078609 +0100
|
||||
@@ -206,6 +206,11 @@ typedef unsigned int u_int;
|
||||
# include <fcntl.h>
|
||||
#endif
|
||||
|
||||
+#ifndef OPENSSL_NO_KRB5
|
||||
+static char *krb5svc = NULL;
|
||||
+static char *keytab = NULL;
|
||||
+#endif
|
||||
+
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
|
||||
#endif
|
||||
@@ -579,6 +584,10 @@ static void sv_usage(void)
|
||||
BIO_printf(bio_err, " -serverpref - Use server's cipher preferences\n");
|
||||
BIO_printf(bio_err, " -quiet - No server output\n");
|
||||
BIO_printf(bio_err, " -no_tmp_rsa - Do not generate a tmp RSA key\n");
|
||||
+#ifndef OPENSSL_NO_KRB5
|
||||
+ BIO_printf(bio_err, " -krb5svc arg - Kerberos service name\n");
|
||||
+ BIO_printf(bio_err, " -keytab arg - Kerberos keytab filename\n");
|
||||
+#endif
|
||||
#ifndef OPENSSL_NO_PSK
|
||||
BIO_printf(bio_err, " -psk_hint arg - PSK identity hint to use\n");
|
||||
BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n");
|
||||
@@ -1326,6 +1335,17 @@ int MAIN(int argc, char *argv[])
|
||||
goto bad;
|
||||
vfyCAfile = *(++argv);
|
||||
}
|
||||
+#ifndef OPENSSL_NO_KRB5
|
||||
+ else if (strcmp(*argv, "-krb5svc") == 0) {
|
||||
+ if (--argc < 1)
|
||||
+ goto bad;
|
||||
+ krb5svc = *(++argv);
|
||||
+ } else if (strcmp(*argv, "-keytab") == 0) {
|
||||
+ if (--argc < 1)
|
||||
+ goto bad;
|
||||
+ keytab = *(++argv);
|
||||
+ }
|
||||
+#endif
|
||||
#ifdef FIONBIO
|
||||
else if (strcmp(*argv, "-nbio") == 0) {
|
||||
s_nbio = 1;
|
||||
@@ -2226,8 +2246,10 @@ static int sv_body(char *hostname, int s
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if ((kctx = kssl_ctx_new()) != NULL) {
|
||||
SSL_set0_kssl_ctx(con, kctx);
|
||||
- kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
|
||||
- kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
|
||||
+ kssl_ctx_setstring(kctx, KSSL_SERVICE,
|
||||
+ krb5svc == NULL ? KRB5SVC : krb5svc);
|
||||
+ if (keytab != NULL)
|
||||
+ kssl_ctx_setstring(kctx, KSSL_KEYTAB, keytab);
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
if (context)
|
||||
@@ -2836,8 +2858,11 @@ static int www_body(char *hostname, int
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if ((kctx = kssl_ctx_new()) != NULL) {
|
||||
- kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
|
||||
- kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
|
||||
+ SSL_set0_kssl_ctx(con, kctx);
|
||||
+ kssl_ctx_setstring(kctx, KSSL_SERVICE,
|
||||
+ krb5svc == NULL ? KRB5SVC : krb5svc);
|
||||
+ if (keytab != NULL)
|
||||
+ kssl_ctx_setstring(kctx, KSSL_KEYTAB, keytab);
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
if (context)
|
||||
diff -up openssl-1.0.2j/doc/apps/s_client.pod.krb5keytab openssl-1.0.2j/doc/apps/s_client.pod
|
||||
--- openssl-1.0.2j/doc/apps/s_client.pod.krb5keytab 2016-09-26 11:49:07.000000000 +0200
|
||||
+++ openssl-1.0.2j/doc/apps/s_client.pod 2017-01-05 17:21:30.562709291 +0100
|
||||
@@ -43,6 +43,7 @@ B<openssl> B<s_client>
|
||||
[B<-fallback_scsv>]
|
||||
[B<-bugs>]
|
||||
[B<-cipher cipherlist>]
|
||||
+[B<-krb5svc service>]
|
||||
[B<-serverpref>]
|
||||
[B<-starttls protocol>]
|
||||
[B<-engine id>]
|
||||
@@ -228,6 +229,12 @@ command for more information.
|
||||
|
||||
use the server's cipher preferences; only used for SSLV2.
|
||||
|
||||
+=item B<-krb5svc service>
|
||||
+
|
||||
+the Kerberos service name to use (default "host"). This means s_server
|
||||
+will expect a ticket for the principal I<service>/hostname@REALM, and will
|
||||
+need keys for that principal in its keytab.
|
||||
+
|
||||
=item B<-starttls protocol>
|
||||
|
||||
send the protocol-specific message(s) to switch to TLS for communication.
|
||||
diff -up openssl-1.0.2j/doc/apps/s_server.pod.krb5keytab openssl-1.0.2j/doc/apps/s_server.pod
|
||||
--- openssl-1.0.2j/doc/apps/s_server.pod.krb5keytab 2017-01-05 17:02:05.482441111 +0100
|
||||
+++ openssl-1.0.2j/doc/apps/s_server.pod 2017-01-05 17:20:54.769902331 +0100
|
||||
@@ -37,6 +37,8 @@ B<openssl> B<s_server>
|
||||
[B<-nocert>]
|
||||
[B<-cipher cipherlist>]
|
||||
[B<-serverpref>]
|
||||
+[B<-krb5svc service>]
|
||||
+[B<-keytab filename>]
|
||||
[B<-quiet>]
|
||||
[B<-no_tmp_rsa>]
|
||||
[B<-ssl2>]
|
||||
@@ -246,6 +248,17 @@ the B<ciphers> command for more informat
|
||||
|
||||
use the server's cipher preferences, rather than the client's preferences.
|
||||
|
||||
+=item B<-krb5svc service>
|
||||
+
|
||||
+the Kerberos service name to use (default "host"). This means s_server
|
||||
+will expect a ticket for the principal I<service>/hostname@REALM, and will
|
||||
+need keys for that principal in its keytab.
|
||||
+
|
||||
+=item B<-keytab filename>
|
||||
+
|
||||
+the Kerberos "keytab" (key table) file, containing keys for the s_server
|
||||
+service principal (Kerberos identity; see -krb5svc).
|
||||
+
|
||||
=item B<-tlsextdebug>
|
||||
|
||||
print out a hex dump of any TLS extensions received from the server.
|
@ -0,0 +1,244 @@
|
||||
diff -up openssl-1.0.2k/crypto/aes/asm/aesni-sha1-x86_64.pl.backports openssl-1.0.2k/crypto/aes/asm/aesni-sha1-x86_64.pl
|
||||
--- openssl-1.0.2k/crypto/aes/asm/aesni-sha1-x86_64.pl.backports 2017-03-09 17:59:26.367233931 +0100
|
||||
+++ openssl-1.0.2k/crypto/aes/asm/aesni-sha1-x86_64.pl 2017-03-27 15:25:28.615014528 +0200
|
||||
@@ -1702,6 +1702,7 @@ $code.=<<___;
|
||||
mov 240($key),$rounds
|
||||
sub $in0,$out
|
||||
movups ($key),$rndkey0 # $key[0]
|
||||
+ movups ($ivp),$iv # load IV
|
||||
movups 16($key),$rndkey[0] # forward reference
|
||||
lea 112($key),$key # size optimization
|
||||
|
||||
diff -up openssl-1.0.2k/crypto/aes/asm/aesni-sha256-x86_64.pl.backports openssl-1.0.2k/crypto/aes/asm/aesni-sha256-x86_64.pl
|
||||
--- openssl-1.0.2k/crypto/aes/asm/aesni-sha256-x86_64.pl.backports 2017-03-09 17:59:26.369233978 +0100
|
||||
+++ openssl-1.0.2k/crypto/aes/asm/aesni-sha256-x86_64.pl 2017-03-27 15:25:28.618014599 +0200
|
||||
@@ -1299,6 +1299,7 @@ $code.=<<___;
|
||||
mov 240($key),$rounds
|
||||
sub $in0,$out
|
||||
movups ($key),$rndkey0 # $key[0]
|
||||
+ movups ($ivp),$iv # load IV
|
||||
movups 16($key),$rndkey[0] # forward reference
|
||||
lea 112($key),$key # size optimization
|
||||
|
||||
diff -up openssl-1.0.2k/crypto/x86cpuid.pl.backports openssl-1.0.2k/crypto/x86cpuid.pl
|
||||
--- openssl-1.0.2k/crypto/x86cpuid.pl.backports 2017-03-09 17:59:26.339233278 +0100
|
||||
+++ openssl-1.0.2k/crypto/x86cpuid.pl 2017-03-27 15:26:06.833916588 +0200
|
||||
@@ -20,10 +20,10 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
|
||||
&pop ("eax");
|
||||
&xor ("ecx","eax");
|
||||
&xor ("eax","eax");
|
||||
+ &mov ("esi",&wparam(0));
|
||||
+ &mov (&DWP(8,"esi"),"eax"); # clear extended feature flags
|
||||
&bt ("ecx",21);
|
||||
&jnc (&label("nocpuid"));
|
||||
- &mov ("esi",&wparam(0));
|
||||
- &mov (&DWP(8,"esi"),"eax"); # clear 3rd word
|
||||
&cpuid ();
|
||||
&mov ("edi","eax"); # max value for standard query level
|
||||
|
||||
@@ -81,26 +81,16 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
|
||||
&jmp (&label("generic"));
|
||||
|
||||
&set_label("intel");
|
||||
- &cmp ("edi",7);
|
||||
- &jb (&label("cacheinfo"));
|
||||
-
|
||||
- &mov ("esi",&wparam(0));
|
||||
- &mov ("eax",7);
|
||||
- &xor ("ecx","ecx");
|
||||
- &cpuid ();
|
||||
- &mov (&DWP(8,"esi"),"ebx");
|
||||
-
|
||||
-&set_label("cacheinfo");
|
||||
&cmp ("edi",4);
|
||||
- &mov ("edi",-1);
|
||||
+ &mov ("esi",-1);
|
||||
&jb (&label("nocacheinfo"));
|
||||
|
||||
&mov ("eax",4);
|
||||
&mov ("ecx",0); # query L1D
|
||||
&cpuid ();
|
||||
- &mov ("edi","eax");
|
||||
- &shr ("edi",14);
|
||||
- &and ("edi",0xfff); # number of cores -1 per L1D
|
||||
+ &mov ("esi","eax");
|
||||
+ &shr ("esi",14);
|
||||
+ &and ("esi",0xfff); # number of cores -1 per L1D
|
||||
|
||||
&set_label("nocacheinfo");
|
||||
&mov ("eax",1);
|
||||
@@ -118,7 +108,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
|
||||
&bt ("edx",28); # test hyper-threading bit
|
||||
&jnc (&label("generic"));
|
||||
&and ("edx",0xefffffff);
|
||||
- &cmp ("edi",0);
|
||||
+ &cmp ("esi",0);
|
||||
&je (&label("generic"));
|
||||
|
||||
&or ("edx",0x10000000);
|
||||
@@ -130,10 +120,19 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
|
||||
&set_label("generic");
|
||||
&and ("ebp",1<<11); # isolate AMD XOP flag
|
||||
&and ("ecx",0xfffff7ff); # force 11th bit to 0
|
||||
- &mov ("esi","edx");
|
||||
+ &mov ("esi","edx"); # %ebp:%esi is copy of %ecx:%edx
|
||||
&or ("ebp","ecx"); # merge AMD XOP flag
|
||||
|
||||
- &bt ("ecx",27); # check OSXSAVE bit
|
||||
+ &cmp ("edi",7);
|
||||
+ &mov ("edi",&wparam(0));
|
||||
+ &jb (&label("no_extended_info"));
|
||||
+ &mov ("eax",7);
|
||||
+ &xor ("ecx","ecx");
|
||||
+ &cpuid ();
|
||||
+ &mov (&DWP(8,"edi"),"ebx"); # save extended feature flag
|
||||
+&set_label("no_extended_info");
|
||||
+
|
||||
+ &bt ("ebp",27); # check OSXSAVE bit
|
||||
&jnc (&label("clear_avx"));
|
||||
&xor ("ecx","ecx");
|
||||
&data_byte(0x0f,0x01,0xd0); # xgetbv
|
||||
@@ -147,7 +146,6 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
|
||||
&and ("esi",0xfeffffff); # clear FXSR
|
||||
&set_label("clear_avx");
|
||||
&and ("ebp",0xefffe7ff); # clear AVX, FMA and AMD XOP bits
|
||||
- &mov ("edi",&wparam(0));
|
||||
&and (&DWP(8,"edi"),0xffffffdf); # clear AVX2
|
||||
&set_label("done");
|
||||
&mov ("eax","esi");
|
||||
diff -up openssl-1.0.2k/crypto/x86_64cpuid.pl.backports openssl-1.0.2k/crypto/x86_64cpuid.pl
|
||||
--- openssl-1.0.2k/crypto/x86_64cpuid.pl.backports 2017-03-09 17:59:26.339233278 +0100
|
||||
+++ openssl-1.0.2k/crypto/x86_64cpuid.pl 2017-03-27 15:26:06.833916588 +0200
|
||||
@@ -59,7 +59,7 @@ OPENSSL_ia32_cpuid:
|
||||
mov %rbx,%r8 # save %rbx
|
||||
|
||||
xor %eax,%eax
|
||||
- mov %eax,8(%rdi) # clear 3rd word
|
||||
+ mov %eax,8(%rdi) # clear extended feature flags
|
||||
cpuid
|
||||
mov %eax,%r11d # max value for standard query level
|
||||
|
||||
@@ -127,14 +127,6 @@ OPENSSL_ia32_cpuid:
|
||||
shr \$14,%r10d
|
||||
and \$0xfff,%r10d # number of cores -1 per L1D
|
||||
|
||||
- cmp \$7,%r11d
|
||||
- jb .Lnocacheinfo
|
||||
-
|
||||
- mov \$7,%eax
|
||||
- xor %ecx,%ecx
|
||||
- cpuid
|
||||
- mov %ebx,8(%rdi)
|
||||
-
|
||||
.Lnocacheinfo:
|
||||
mov \$1,%eax
|
||||
cpuid
|
||||
@@ -164,6 +156,15 @@ OPENSSL_ia32_cpuid:
|
||||
or %ecx,%r9d # merge AMD XOP flag
|
||||
|
||||
mov %edx,%r10d # %r9d:%r10d is copy of %ecx:%edx
|
||||
+
|
||||
+ cmp \$7,%r11d
|
||||
+ jb .Lno_extended_info
|
||||
+ mov \$7,%eax
|
||||
+ xor %ecx,%ecx
|
||||
+ cpuid
|
||||
+ mov %ebx,8(%rdi) # save extended feature flags
|
||||
+.Lno_extended_info:
|
||||
+
|
||||
bt \$27,%r9d # check OSXSAVE bit
|
||||
jnc .Lclear_avx
|
||||
xor %ecx,%ecx # XCR0
|
||||
diff -up openssl-1.0.2k/ssl/ssl_locl.h.backports openssl-1.0.2k/ssl/ssl_locl.h
|
||||
--- openssl-1.0.2k/ssl/ssl_locl.h.backports 2017-03-09 17:59:26.183229642 +0100
|
||||
+++ openssl-1.0.2k/ssl/ssl_locl.h 2017-03-09 17:59:26.311232626 +0100
|
||||
@@ -1430,7 +1430,7 @@ int ssl_parse_clienthello_renegotiate_ex
|
||||
long ssl_get_algorithm2(SSL *s);
|
||||
int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
|
||||
int tls1_process_sigalgs(SSL *s);
|
||||
-size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
|
||||
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs);
|
||||
int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
|
||||
const unsigned char *sig, EVP_PKEY *pkey);
|
||||
void ssl_set_client_disabled(SSL *s);
|
||||
diff -up openssl-1.0.2k/ssl/s3_lib.c.backports openssl-1.0.2k/ssl/s3_lib.c
|
||||
--- openssl-1.0.2k/ssl/s3_lib.c.backports 2017-03-09 17:59:26.294232230 +0100
|
||||
+++ openssl-1.0.2k/ssl/s3_lib.c 2017-03-09 17:59:26.311232626 +0100
|
||||
@@ -4237,7 +4237,7 @@ int ssl3_get_req_cert_type(SSL *s, unsig
|
||||
return (int)s->cert->ctype_num;
|
||||
}
|
||||
/* get configured sigalgs */
|
||||
- siglen = tls12_get_psigalgs(s, &sig);
|
||||
+ siglen = tls12_get_psigalgs(s, 1, &sig);
|
||||
if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
|
||||
nostrict = 0;
|
||||
for (i = 0; i < siglen; i += 2, sig += 2) {
|
||||
diff -up openssl-1.0.2k/ssl/s3_srvr.c.backports openssl-1.0.2k/ssl/s3_srvr.c
|
||||
--- openssl-1.0.2k/ssl/s3_srvr.c.backports 2017-01-26 14:22:04.000000000 +0100
|
||||
+++ openssl-1.0.2k/ssl/s3_srvr.c 2017-03-09 17:59:26.311232626 +0100
|
||||
@@ -2084,7 +2084,7 @@ int ssl3_send_certificate_request(SSL *s
|
||||
|
||||
if (SSL_USE_SIGALGS(s)) {
|
||||
const unsigned char *psigs;
|
||||
- nl = tls12_get_psigalgs(s, &psigs);
|
||||
+ nl = tls12_get_psigalgs(s, 1, &psigs);
|
||||
s2n(nl, p);
|
||||
memcpy(p, psigs, nl);
|
||||
p += nl;
|
||||
diff -up openssl-1.0.2k/ssl/t1_lib.c.backports openssl-1.0.2k/ssl/t1_lib.c
|
||||
--- openssl-1.0.2k/ssl/t1_lib.c.backports 2017-03-09 17:59:26.297232299 +0100
|
||||
+++ openssl-1.0.2k/ssl/t1_lib.c 2017-03-09 17:59:26.312232649 +0100
|
||||
@@ -1015,7 +1015,7 @@ static unsigned char suiteb_sigalgs[] =
|
||||
tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
|
||||
};
|
||||
# endif
|
||||
-size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
|
||||
+size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs)
|
||||
{
|
||||
/*
|
||||
* If Suite B mode use Suite B sigalgs only, ignore any other
|
||||
@@ -1037,7 +1037,7 @@ size_t tls12_get_psigalgs(SSL *s, const
|
||||
}
|
||||
# endif
|
||||
/* If server use client authentication sigalgs if not NULL */
|
||||
- if (s->server && s->cert->client_sigalgs) {
|
||||
+ if (s->server == sent && s->cert->client_sigalgs) {
|
||||
*psigs = s->cert->client_sigalgs;
|
||||
return s->cert->client_sigalgslen;
|
||||
} else if (s->cert->conf_sigalgs) {
|
||||
@@ -1101,7 +1101,7 @@ int tls12_check_peer_sigalg(const EVP_MD
|
||||
# endif
|
||||
|
||||
/* Check signature matches a type we sent */
|
||||
- sent_sigslen = tls12_get_psigalgs(s, &sent_sigs);
|
||||
+ sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
|
||||
for (i = 0; i < sent_sigslen; i += 2, sent_sigs += 2) {
|
||||
if (sig[0] == sent_sigs[0] && sig[1] == sent_sigs[1])
|
||||
break;
|
||||
@@ -1149,7 +1149,7 @@ void ssl_set_client_disabled(SSL *s)
|
||||
* Now go through all signature algorithms seeing if we support any for
|
||||
* RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2.
|
||||
*/
|
||||
- sigalgslen = tls12_get_psigalgs(s, &sigalgs);
|
||||
+ sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs);
|
||||
for (i = 0; i < sigalgslen; i += 2, sigalgs += 2) {
|
||||
switch (sigalgs[1]) {
|
||||
# ifndef OPENSSL_NO_RSA
|
||||
@@ -1420,7 +1420,7 @@ unsigned char *ssl_add_clienthello_tlsex
|
||||
if (SSL_CLIENT_USE_SIGALGS(s)) {
|
||||
size_t salglen;
|
||||
const unsigned char *salg;
|
||||
- salglen = tls12_get_psigalgs(s, &salg);
|
||||
+ salglen = tls12_get_psigalgs(s, 1, &salg);
|
||||
|
||||
/*-
|
||||
* check for enough space.
|
||||
@@ -3783,7 +3783,7 @@ static int tls1_set_shared_sigalgs(SSL *
|
||||
conf = c->conf_sigalgs;
|
||||
conflen = c->conf_sigalgslen;
|
||||
} else
|
||||
- conflen = tls12_get_psigalgs(s, &conf);
|
||||
+ conflen = tls12_get_psigalgs(s, 0, &conf);
|
||||
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) {
|
||||
pref = conf;
|
||||
preflen = conflen;
|
@ -0,0 +1,27 @@
|
||||
diff -up openssl-1.0.2k/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.0.2k/crypto/rsa/rsa_gen.c
|
||||
--- openssl-1.0.2k/crypto/rsa/rsa_gen.c.cc-reqs 2017-02-06 16:42:47.313963001 +0100
|
||||
+++ openssl-1.0.2k/crypto/rsa/rsa_gen.c 2017-02-06 16:46:54.453628783 +0100
|
||||
@@ -474,6 +474,12 @@ static int rsa_builtin_keygen(RSA *rsa,
|
||||
if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
|
||||
goto err;
|
||||
|
||||
+ /* prepare minimum p and q difference */
|
||||
+ if (!BN_one(r3))
|
||||
+ goto err;
|
||||
+ if (bitsp > 100 && !BN_lshift(r3, r3, bitsp - 100))
|
||||
+ goto err;
|
||||
+
|
||||
if (BN_copy(rsa->e, e_value) == NULL)
|
||||
goto err;
|
||||
|
||||
@@ -502,7 +508,9 @@ static int rsa_builtin_keygen(RSA *rsa,
|
||||
do {
|
||||
if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
|
||||
goto err;
|
||||
- } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
|
||||
+ if (!BN_sub(r2, rsa->q, rsa->p))
|
||||
+ goto err;
|
||||
+ } while ((BN_ucmp(r2, r3) <= 0) && (++degenerate < 3));
|
||||
if (degenerate == 3) {
|
||||
ok = 0; /* we set our own err */
|
||||
RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
|
@ -0,0 +1,20 @@
|
||||
diff -up openssl-1.0.2k/crypto/x509v3/v3_addr.c.overread openssl-1.0.2k/crypto/x509v3/v3_addr.c
|
||||
--- openssl-1.0.2k/crypto/x509v3/v3_addr.c.overread 2017-01-26 14:22:04.000000000 +0100
|
||||
+++ openssl-1.0.2k/crypto/x509v3/v3_addr.c 2018-06-18 13:49:30.001625137 +0200
|
||||
@@ -130,10 +130,12 @@ static int length_from_afi(const unsigne
|
||||
*/
|
||||
unsigned int v3_addr_get_afi(const IPAddressFamily *f)
|
||||
{
|
||||
- return ((f != NULL &&
|
||||
- f->addressFamily != NULL && f->addressFamily->data != NULL)
|
||||
- ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
|
||||
- : 0);
|
||||
+ if (f == NULL
|
||||
+ || f->addressFamily == NULL
|
||||
+ || f->addressFamily->data == NULL
|
||||
+ || f->addressFamily->length < 2)
|
||||
+ return 0;
|
||||
+ return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
|
||||
}
|
||||
|
||||
/*
|
@ -0,0 +1,43 @@
|
||||
From 38d600147331d36e74174ebbd4008b63188b321b Mon Sep 17 00:00:00 2001
|
||||
From: Andy Polyakov <appro@openssl.org>
|
||||
Date: Thu, 17 Aug 2017 21:08:57 +0200
|
||||
Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal.
|
||||
|
||||
Credit to OSS-Fuzz for finding this.
|
||||
|
||||
CVE-2017-3736
|
||||
|
||||
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
||||
---
|
||||
crypto/bn/asm/x86_64-mont5.pl | 12 ++++++++++--
|
||||
1 file changed, 10 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl
|
||||
index 3bb0cdf..42178e4 100755
|
||||
--- a/crypto/bn/asm/x86_64-mont5.pl
|
||||
+++ b/crypto/bn/asm/x86_64-mont5.pl
|
||||
@@ -3090,11 +3090,19 @@ $code.=<<___;
|
||||
|
||||
.align 32
|
||||
.Lsqrx8x_break:
|
||||
- sub 16+8(%rsp),%r8 # consume last carry
|
||||
+ xor $zero,$zero
|
||||
+ sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf
|
||||
+ adcx $zero,%r8
|
||||
mov 24+8(%rsp),$carry # initial $tptr, borrow $carry
|
||||
+ adcx $zero,%r9
|
||||
mov 0*8($aptr),%rdx # a[8], modulo-scheduled
|
||||
- xor %ebp,%ebp # xor $zero,$zero
|
||||
+ adc \$0,%r10
|
||||
mov %r8,0*8($tptr)
|
||||
+ adc \$0,%r11
|
||||
+ adc \$0,%r12
|
||||
+ adc \$0,%r13
|
||||
+ adc \$0,%r14
|
||||
+ adc \$0,%r15
|
||||
cmp $carry,$tptr # cf=0, of=0
|
||||
je .Lsqrx8x_outer_loop
|
||||
|
||||
--
|
||||
2.9.5
|
||||
|
@ -0,0 +1,232 @@
|
||||
diff -up openssl-1.0.2k/ssl/fatalerrtest.c.ssl-err openssl-1.0.2k/ssl/fatalerrtest.c
|
||||
--- openssl-1.0.2k/ssl/fatalerrtest.c.ssl-err 2017-12-13 14:17:46.730350538 +0100
|
||||
+++ openssl-1.0.2k/ssl/fatalerrtest.c 2017-12-13 14:18:54.879940227 +0100
|
||||
@@ -0,0 +1,109 @@
|
||||
+/*
|
||||
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ *
|
||||
+ * Licensed under the OpenSSL license (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+#include <openssl/ssl.h>
|
||||
+#include <openssl/err.h>
|
||||
+#include "ssltestlib.h"
|
||||
+
|
||||
+int main(int argc, char *argv[])
|
||||
+{
|
||||
+ SSL_CTX *sctx = NULL, *cctx = NULL;
|
||||
+ SSL *sssl = NULL, *cssl = NULL;
|
||||
+ const char *msg = "Dummy";
|
||||
+ BIO *err = NULL, *wbio = NULL;
|
||||
+ int ret = 1, len;
|
||||
+ char buf[80];
|
||||
+ unsigned char dummyrec[] = {
|
||||
+ 0x17, 0x03, 0x03, 0x00, 0x05, 'D', 'u', 'm', 'm', 'y'
|
||||
+ };
|
||||
+
|
||||
+ if (argc != 3) {
|
||||
+ printf("Incorrect number of parameters\n");
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ SSL_library_init();
|
||||
+ SSL_load_error_strings();
|
||||
+ err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
|
||||
+ CRYPTO_malloc_debug_init();
|
||||
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
|
||||
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
|
||||
+
|
||||
+ if (!create_ssl_ctx_pair(SSLv23_method(), SSLv23_method(), &sctx, &cctx,
|
||||
+ argv[1], argv[2])) {
|
||||
+ printf("Failed to create SSL_CTX pair\n");
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * Deliberately set the cipher lists for client and server to be different
|
||||
+ * to force a handshake failure.
|
||||
+ */
|
||||
+ if (!SSL_CTX_set_cipher_list(sctx, "AES128-SHA")
|
||||
+ || !SSL_CTX_set_cipher_list(cctx, "AES256-SHA")) {
|
||||
+ printf("Failed to set cipher lists\n");
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ if (!create_ssl_objects(sctx, cctx, &sssl, &cssl, NULL, NULL)) {
|
||||
+ printf("Failed to create SSL objectx\n");
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ wbio = SSL_get_wbio(cssl);
|
||||
+ if (wbio == NULL) {
|
||||
+ printf("Unexpected NULL bio received\n");
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ if (create_ssl_connection(sssl, cssl)) {
|
||||
+ printf("Unexpected success creating a connection\n");
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ ERR_clear_error();
|
||||
+
|
||||
+ /* Inject a plaintext record from client to server */
|
||||
+ if (BIO_write(wbio, dummyrec, sizeof(dummyrec)) <= 0) {
|
||||
+ printf("Unexpected failure injecting dummy record\n");
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ /* SSL_read()/SSL_write should fail because of a previous fatal error */
|
||||
+ if ((len = SSL_read(sssl, buf, sizeof(buf) - 1)) > 0) {
|
||||
+ buf[len] = '\0';
|
||||
+ printf("Unexpected success reading data: %s\n", buf);
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (SSL_write(sssl, msg, strlen(msg)) > 0) {
|
||||
+ printf("Unexpected success writing data\n");
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ ret = 0;
|
||||
+ err:
|
||||
+ SSL_free(sssl);
|
||||
+ SSL_free(cssl);
|
||||
+ SSL_CTX_free(sctx);
|
||||
+ SSL_CTX_free(cctx);
|
||||
+ ERR_print_errors_fp(stderr);
|
||||
+
|
||||
+ if (ret) {
|
||||
+ printf("Fatal err test: FAILED\n");
|
||||
+ }
|
||||
+
|
||||
+ ERR_free_strings();
|
||||
+ ERR_remove_thread_state(NULL);
|
||||
+ EVP_cleanup();
|
||||
+ CRYPTO_cleanup_all_ex_data();
|
||||
+ CRYPTO_mem_leaks(err);
|
||||
+ BIO_free(err);
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
diff -up openssl-1.0.2k/ssl/Makefile.ssl-err openssl-1.0.2k/ssl/Makefile
|
||||
--- openssl-1.0.2k/ssl/Makefile.ssl-err 2017-03-09 17:59:42.832617740 +0100
|
||||
+++ openssl-1.0.2k/ssl/Makefile 2017-12-13 14:17:46.729350514 +0100
|
||||
@@ -15,7 +15,8 @@ KRB5_INCLUDES=
|
||||
CFLAGS= $(INCLUDES) $(CFLAG)
|
||||
|
||||
GENERAL=Makefile README ssl-lib.com install.com
|
||||
-TEST=ssltest.c heartbeat_test.c clienthellotest.c sslv2conftest.c dtlstest.c bad_dtls_test.c
|
||||
+TEST=ssltest.c heartbeat_test.c clienthellotest.c sslv2conftest.c dtlstest.c \
|
||||
+ bad_dtls_test.c fatalerrtest.c
|
||||
APPS=
|
||||
|
||||
LIB=$(TOP)/libssl.a
|
||||
diff -up openssl-1.0.2k/ssl/ssl.h.ssl-err openssl-1.0.2k/ssl/ssl.h
|
||||
--- openssl-1.0.2k/ssl/ssl.h.ssl-err 2017-03-09 17:59:26.177229502 +0100
|
||||
+++ openssl-1.0.2k/ssl/ssl.h 2017-12-13 14:17:07.341431733 +0100
|
||||
@@ -1683,7 +1683,7 @@ extern "C" {
|
||||
# define SSL_ST_BEFORE 0x4000
|
||||
# define SSL_ST_OK 0x03
|
||||
# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
|
||||
-# define SSL_ST_ERR 0x05
|
||||
+# define SSL_ST_ERR (0x05|SSL_ST_INIT)
|
||||
|
||||
# define SSL_CB_LOOP 0x01
|
||||
# define SSL_CB_EXIT 0x02
|
||||
diff -up openssl-1.0.2k/test/Makefile.ssl-err openssl-1.0.2k/test/Makefile
|
||||
--- openssl-1.0.2k/test/Makefile.ssl-err 2017-03-09 17:59:45.580681798 +0100
|
||||
+++ openssl-1.0.2k/test/Makefile 2017-12-13 14:17:46.731350561 +0100
|
||||
@@ -73,6 +73,7 @@ CLIENTHELLOTEST= clienthellotest
|
||||
BADDTLSTEST= bad_dtls_test
|
||||
SSLV2CONFTEST = sslv2conftest
|
||||
DTLSTEST = dtlstest
|
||||
+FATALERRTEST = fatalerrtest
|
||||
|
||||
TESTS= alltests
|
||||
|
||||
@@ -87,7 +88,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_
|
||||
$(ASN1TEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) \
|
||||
$(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) \
|
||||
$(CLIENTHELLOTEST)$(EXE_EXT) $(SSLV2CONFTEST)$(EXE_EXT) $(DTLSTEST)$(EXE_EXT) \
|
||||
- $(BADDTLSTEST)$(EXE_EXT)
|
||||
+ $(BADDTLSTEST)$(EXE_EXT) $(FATALERRTEST)$(EXE_EXT)
|
||||
|
||||
# $(METHTEST)$(EXE_EXT)
|
||||
|
||||
@@ -102,7 +103,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATES
|
||||
$(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o $(V3NAMETEST).o \
|
||||
$(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o \
|
||||
$(CLIENTHELLOTEST).o $(SSLV2CONFTEST).o $(DTLSTEST).o ssltestlib.o \
|
||||
- $(BADDTLSTEST).o
|
||||
+ $(BADDTLSTEST).o $(FATALERRTEST).o
|
||||
|
||||
SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
|
||||
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
|
||||
@@ -114,7 +115,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATES
|
||||
$(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \
|
||||
$(V3NAMETEST).c $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c \
|
||||
$(CLIENTHELLOTEST).c $(SSLV2CONFTEST).c $(DTLSTEST).c ssltestlib.c \
|
||||
- $(BADDTLSTEST).c
|
||||
+ $(BADDTLSTEST).c $(FATALERRTEST).c
|
||||
|
||||
EXHEADER=
|
||||
HEADER= testutil.h ssltestlib.h $(EXHEADER)
|
||||
@@ -159,7 +160,7 @@ alltests: \
|
||||
test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \
|
||||
test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
|
||||
test_constant_time test_verify_extra test_clienthello test_sslv2conftest \
|
||||
- test_dtls test_bad_dtls
|
||||
+ test_dtls test_bad_dtls test_fatalerr
|
||||
|
||||
test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
|
||||
../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
|
||||
@@ -372,6 +373,10 @@ test_bad_dtls: $(BADDTLSTEST)$(EXE_EXT)
|
||||
@echo $(START) $@
|
||||
../util/shlib_wrap.sh ./$(BADDTLSTEST)
|
||||
|
||||
+test_fatalerr: $(FATALERRTEST)$(EXE_EXT)
|
||||
+ @echo $(START) $@
|
||||
+ ../util/shlib_wrap.sh ./$(FATALERRTEST) ../apps/server.pem ../apps/server.pem
|
||||
+
|
||||
test_sslv2conftest: $(SSLV2CONFTEST)$(EXE_EXT)
|
||||
@echo $(START) $@
|
||||
../util/shlib_wrap.sh ./$(SSLV2CONFTEST)
|
||||
@@ -560,6 +565,9 @@ $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHE
|
||||
$(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o
|
||||
@target=$(BADDTLSTEST) $(BUILD_CMD)
|
||||
|
||||
+$(FATALERRTEST)$(EXE_EXT): $(FATALERRTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
|
||||
+ @target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD)
|
||||
+
|
||||
$(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
|
||||
@target=$(SSLV2CONFTEST) $(BUILD_CMD)
|
||||
|
||||
@@ -779,6 +787,25 @@ exptest.o: ../include/openssl/opensslcon
|
||||
exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
|
||||
exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
|
||||
exptest.o: ../include/openssl/symhacks.h exptest.c
|
||||
+fatalerrtest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
|
||||
+fatalerrtest.o: ../include/openssl/buffer.h ../include/openssl/comp.h
|
||||
+fatalerrtest.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
|
||||
+fatalerrtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
|
||||
+fatalerrtest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
|
||||
+fatalerrtest.o: ../include/openssl/err.h ../include/openssl/evp.h
|
||||
+fatalerrtest.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
|
||||
+fatalerrtest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
|
||||
+fatalerrtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
|
||||
+fatalerrtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
|
||||
+fatalerrtest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
|
||||
+fatalerrtest.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
|
||||
+fatalerrtest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
|
||||
+fatalerrtest.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
|
||||
+fatalerrtest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
|
||||
+fatalerrtest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
|
||||
+fatalerrtest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
|
||||
+fatalerrtest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
|
||||
+fatalerrtest.o: fatalerrtest.c ssltestlib.h
|
||||
heartbeat_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
|
||||
heartbeat_test.o: ../include/openssl/buffer.h ../include/openssl/comp.h
|
||||
heartbeat_test.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
|
@ -0,0 +1,80 @@
|
||||
From ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76 Mon Sep 17 00:00:00 2001
|
||||
From: Andy Polyakov <appro@openssl.org>
|
||||
Date: Fri, 24 Nov 2017 11:35:50 +0100
|
||||
Subject: [PATCH] bn/asm/rsaz-avx2.pl: fix digit correction bug in
|
||||
rsaz_1024_mul_avx2.
|
||||
|
||||
Credit to OSS-Fuzz for finding this.
|
||||
|
||||
CVE-2017-3738
|
||||
|
||||
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
||||
---
|
||||
crypto/bn/asm/rsaz-avx2.pl | 15 +++++++--------
|
||||
1 file changed, 7 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl
|
||||
index 712a77f..2b3f8b0 100755
|
||||
--- a/crypto/bn/asm/rsaz-avx2.pl
|
||||
+++ b/crypto/bn/asm/rsaz-avx2.pl
|
||||
@@ -239,7 +239,7 @@ $code.=<<___;
|
||||
vmovdqu 32*8-128($ap), $ACC8
|
||||
|
||||
lea 192(%rsp), $tp0 # 64+128=192
|
||||
- vpbroadcastq .Land_mask(%rip), $AND_MASK
|
||||
+ vmovdqu .Land_mask(%rip), $AND_MASK
|
||||
jmp .LOOP_GRANDE_SQR_1024
|
||||
|
||||
.align 32
|
||||
@@ -1070,10 +1070,10 @@ $code.=<<___;
|
||||
vpmuludq 32*6-128($np),$Yi,$TEMP1
|
||||
vpaddq $TEMP1,$ACC6,$ACC6
|
||||
vpmuludq 32*7-128($np),$Yi,$TEMP2
|
||||
- vpblendd \$3, $ZERO, $ACC9, $ACC9 # correct $ACC3
|
||||
+ vpblendd \$3, $ZERO, $ACC9, $TEMP1 # correct $ACC3
|
||||
vpaddq $TEMP2,$ACC7,$ACC7
|
||||
vpmuludq 32*8-128($np),$Yi,$TEMP0
|
||||
- vpaddq $ACC9, $ACC3, $ACC3 # correct $ACC3
|
||||
+ vpaddq $TEMP1, $ACC3, $ACC3 # correct $ACC3
|
||||
vpaddq $TEMP0,$ACC8,$ACC8
|
||||
|
||||
mov %rbx, %rax
|
||||
@@ -1086,7 +1086,9 @@ $code.=<<___;
|
||||
vmovdqu -8+32*2-128($ap),$TEMP2
|
||||
|
||||
mov $r1, %rax
|
||||
+ vpblendd \$0xfc, $ZERO, $ACC9, $ACC9 # correct $ACC3
|
||||
imull $n0, %eax
|
||||
+ vpaddq $ACC9,$ACC4,$ACC4 # correct $ACC3
|
||||
and \$0x1fffffff, %eax
|
||||
|
||||
imulq 16-128($ap),%rbx
|
||||
@@ -1322,15 +1324,12 @@ ___
|
||||
# But as we underutilize resources, it's possible to correct in
|
||||
# each iteration with marginal performance loss. But then, as
|
||||
# we do it in each iteration, we can correct less digits, and
|
||||
-# avoid performance penalties completely. Also note that we
|
||||
-# correct only three digits out of four. This works because
|
||||
-# most significant digit is subjected to less additions.
|
||||
+# avoid performance penalties completely.
|
||||
|
||||
$TEMP0 = $ACC9;
|
||||
$TEMP3 = $Bi;
|
||||
$TEMP4 = $Yi;
|
||||
$code.=<<___;
|
||||
- vpermq \$0, $AND_MASK, $AND_MASK
|
||||
vpaddq (%rsp), $TEMP1, $ACC0
|
||||
|
||||
vpsrlq \$29, $ACC0, $TEMP1
|
||||
@@ -1763,7 +1762,7 @@ $code.=<<___;
|
||||
|
||||
.align 64
|
||||
.Land_mask:
|
||||
- .quad 0x1fffffff,0x1fffffff,0x1fffffff,-1
|
||||
+ .quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff
|
||||
.Lscatter_permd:
|
||||
.long 0,2,4,6,7,7,7,7
|
||||
.Lgather_permd:
|
||||
--
|
||||
2.9.5
|
||||
|
@ -0,0 +1,905 @@
|
||||
diff --git a/crypto/Makefile b/crypto/Makefile
|
||||
index 8bc5850..3a2bc51 100644
|
||||
--- a/crypto/Makefile
|
||||
+++ b/crypto/Makefile
|
||||
@@ -45,7 +45,7 @@ SRC= $(LIBSRC)
|
||||
EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
|
||||
ossl_typ.h
|
||||
HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \
|
||||
- constant_time_locl.h $(EXHEADER)
|
||||
+ constant_time_locl.h bn_int.h $(EXHEADER)
|
||||
|
||||
ALL= $(GENERAL) $(SRC) $(HEADER)
|
||||
|
||||
diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h
|
||||
index b37f6ec..0e6e30f 100644
|
||||
--- a/crypto/bn/bn.h
|
||||
+++ b/crypto/bn/bn.h
|
||||
@@ -702,6 +702,16 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
|
||||
/* We only need assert() when debugging */
|
||||
# include <assert.h>
|
||||
|
||||
+/*
|
||||
+ * The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with
|
||||
+ * bn_correct_top, in other words such vectors are permitted to have zeros
|
||||
+ * in most significant limbs. Such vectors are used internally to achieve
|
||||
+ * execution time invariance for critical operations with private keys.
|
||||
+ * It's BN_DEBUG-only flag, because user application is not supposed to
|
||||
+ * observe it anyway. Moreover, optimizing compiler would actually remove
|
||||
+ * all operations manipulating the bit in question in non-BN_DEBUG build.
|
||||
+ */
|
||||
+# define BN_FLG_FIXED_TOP 0x10000
|
||||
# ifdef BN_DEBUG_RAND
|
||||
/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
|
||||
# ifndef RAND_pseudo_bytes
|
||||
@@ -734,8 +744,10 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
|
||||
do { \
|
||||
const BIGNUM *_bnum2 = (a); \
|
||||
if (_bnum2 != NULL) { \
|
||||
- assert((_bnum2->top == 0) || \
|
||||
- (_bnum2->d[_bnum2->top - 1] != 0)); \
|
||||
+ int _top = _bnum2->top; \
|
||||
+ assert((_top == 0) || \
|
||||
+ (_bnum2->flags & BN_FLG_FIXED_TOP) || \
|
||||
+ (_bnum2->d[_top - 1] != 0)); \
|
||||
bn_pollute(_bnum2); \
|
||||
} \
|
||||
} while(0)
|
||||
@@ -753,6 +765,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
|
||||
|
||||
# else /* !BN_DEBUG */
|
||||
|
||||
+# define BN_FLG_FIXED_TOP 0
|
||||
# define bn_pollute(a)
|
||||
# define bn_check_top(a)
|
||||
# define bn_fix_top(a) bn_correct_top(a)
|
||||
diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
|
||||
index bc37671..460d8b7 100644
|
||||
--- a/crypto/bn/bn_div.c
|
||||
+++ b/crypto/bn/bn_div.c
|
||||
@@ -290,6 +290,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
|
||||
wnum.neg = 0;
|
||||
wnum.d = &(snum->d[loop]);
|
||||
wnum.top = div_n;
|
||||
+ wnum.flags = BN_FLG_STATIC_DATA;
|
||||
/*
|
||||
* only needed when BN_ucmp messes up the values between top and max
|
||||
*/
|
||||
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
|
||||
index 195a786..816a198 100644
|
||||
--- a/crypto/bn/bn_exp.c
|
||||
+++ b/crypto/bn/bn_exp.c
|
||||
@@ -466,17 +466,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
ret = 1;
|
||||
goto err;
|
||||
}
|
||||
- if (!BN_to_montgomery(val[0], aa, mont, ctx))
|
||||
+ if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx))
|
||||
goto err; /* 1 */
|
||||
|
||||
window = BN_window_bits_for_exponent_size(bits);
|
||||
if (window > 1) {
|
||||
- if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx))
|
||||
+ if (!bn_mul_mont_fixed_top(d, val[0], val[0], mont, ctx))
|
||||
goto err; /* 2 */
|
||||
j = 1 << (window - 1);
|
||||
for (i = 1; i < j; i++) {
|
||||
if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
|
||||
- !BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx))
|
||||
+ !bn_mul_mont_fixed_top(val[i], val[i - 1], d, mont, ctx))
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
@@ -498,19 +498,15 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
for (i = 1; i < j; i++)
|
||||
r->d[i] = (~m->d[i]) & BN_MASK2;
|
||||
r->top = j;
|
||||
- /*
|
||||
- * Upper words will be zero if the corresponding words of 'm' were
|
||||
- * 0xfff[...], so decrement r->top accordingly.
|
||||
- */
|
||||
- bn_correct_top(r);
|
||||
+ r->flags |= BN_FLG_FIXED_TOP;
|
||||
} else
|
||||
#endif
|
||||
- if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
|
||||
+ if (!bn_to_mont_fixed_top(r, BN_value_one(), mont, ctx))
|
||||
goto err;
|
||||
for (;;) {
|
||||
if (BN_is_bit_set(p, wstart) == 0) {
|
||||
if (!start) {
|
||||
- if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
|
||||
+ if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx))
|
||||
goto err;
|
||||
}
|
||||
if (wstart == 0)
|
||||
@@ -541,12 +537,12 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
/* add the 'bytes above' */
|
||||
if (!start)
|
||||
for (i = 0; i < j; i++) {
|
||||
- if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
|
||||
+ if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx))
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* wvalue will be an odd number < 2^window */
|
||||
- if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx))
|
||||
+ if (!bn_mul_mont_fixed_top(r, r, val[wvalue >> 1], mont, ctx))
|
||||
goto err;
|
||||
|
||||
/* move the 'window' down further */
|
||||
@@ -556,6 +552,11 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
if (wstart < 0)
|
||||
break;
|
||||
}
|
||||
+ /*
|
||||
+ * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery
|
||||
+ * removes padding [if any] and makes return value suitable for public
|
||||
+ * API consumer.
|
||||
+ */
|
||||
#if defined(SPARC_T4_MONT)
|
||||
if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
|
||||
j = mont->N.top; /* borrow j */
|
||||
@@ -674,7 +675,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
|
||||
}
|
||||
|
||||
b->top = top;
|
||||
- bn_correct_top(b);
|
||||
+ b->flags |= BN_FLG_FIXED_TOP;
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -841,16 +842,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
tmp.top = top;
|
||||
} else
|
||||
#endif
|
||||
- if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx))
|
||||
+ if (!bn_to_mont_fixed_top(&tmp, BN_value_one(), mont, ctx))
|
||||
goto err;
|
||||
|
||||
/* prepare a^1 in Montgomery domain */
|
||||
if (a->neg || BN_ucmp(a, m) >= 0) {
|
||||
if (!BN_mod(&am, a, m, ctx))
|
||||
goto err;
|
||||
- if (!BN_to_montgomery(&am, &am, mont, ctx))
|
||||
+ if (!bn_to_mont_fixed_top(&am, &am, mont, ctx))
|
||||
goto err;
|
||||
- } else if (!BN_to_montgomery(&am, a, mont, ctx))
|
||||
+ } else if (!bn_to_mont_fixed_top(&am, a, mont, ctx))
|
||||
goto err;
|
||||
|
||||
#if defined(SPARC_T4_MONT)
|
||||
@@ -1117,14 +1118,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
* performance advantage of sqr over mul).
|
||||
*/
|
||||
if (window > 1) {
|
||||
- if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
|
||||
+ if (!bn_mul_mont_fixed_top(&tmp, &am, &am, mont, ctx))
|
||||
goto err;
|
||||
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
|
||||
window))
|
||||
goto err;
|
||||
for (i = 3; i < numPowers; i++) {
|
||||
/* Calculate a^i = a^(i-1) * a */
|
||||
- if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
|
||||
+ if (!bn_mul_mont_fixed_top(&tmp, &am, &tmp, mont, ctx))
|
||||
goto err;
|
||||
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
|
||||
window))
|
||||
@@ -1148,7 +1149,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
|
||||
/* Scan the window, squaring the result as we go */
|
||||
for (i = 0; i < window; i++, bits--) {
|
||||
- if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx))
|
||||
+ if (!bn_mul_mont_fixed_top(&tmp, &tmp, &tmp, mont, ctx))
|
||||
goto err;
|
||||
wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
|
||||
}
|
||||
@@ -1161,12 +1162,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
goto err;
|
||||
|
||||
/* Multiply the result into the intermediate result */
|
||||
- if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx))
|
||||
+ if (!bn_mul_mont_fixed_top(&tmp, &tmp, &am, mont, ctx))
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
- /* Convert the final result from montgomery to standard format */
|
||||
+ /*
|
||||
+ * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery
|
||||
+ * removes padding [if any] and makes return value suitable for public
|
||||
+ * API consumer.
|
||||
+ */
|
||||
#if defined(SPARC_T4_MONT)
|
||||
if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
|
||||
am.d[0] = 1; /* borrow am */
|
||||
diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h
|
||||
index 00f4f09..1aa7fe8 100644
|
||||
--- a/crypto/bn/bn_lcl.h
|
||||
+++ b/crypto/bn/bn_lcl.h
|
||||
@@ -113,6 +113,7 @@
|
||||
# define HEADER_BN_LCL_H
|
||||
|
||||
# include <openssl/bn.h>
|
||||
+# include "bn_int.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
|
||||
index 10b78f5..e42e3fb 100644
|
||||
--- a/crypto/bn/bn_lib.c
|
||||
+++ b/crypto/bn/bn_lib.c
|
||||
@@ -290,8 +290,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
|
||||
const BN_ULONG *B;
|
||||
int i;
|
||||
|
||||
- bn_check_top(b);
|
||||
-
|
||||
if (words > (INT_MAX / (4 * BN_BITS2))) {
|
||||
BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
|
||||
return NULL;
|
||||
@@ -425,8 +423,6 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
|
||||
|
||||
BIGNUM *bn_expand2(BIGNUM *b, int words)
|
||||
{
|
||||
- bn_check_top(b);
|
||||
-
|
||||
if (words > b->dmax) {
|
||||
BN_ULONG *a = bn_expand_internal(b, words);
|
||||
if (!a)
|
||||
@@ -460,7 +456,6 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
|
||||
assert(A == &(b->d[b->dmax]));
|
||||
}
|
||||
#endif
|
||||
- bn_check_top(b);
|
||||
return b;
|
||||
}
|
||||
|
||||
@@ -572,6 +567,7 @@ void BN_clear(BIGNUM *a)
|
||||
OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
|
||||
a->top = 0;
|
||||
a->neg = 0;
|
||||
+ a->flags &= ~BN_FLG_FIXED_TOP;
|
||||
}
|
||||
|
||||
BN_ULONG BN_get_word(const BIGNUM *a)
|
||||
@@ -592,6 +588,7 @@ int BN_set_word(BIGNUM *a, BN_ULONG w)
|
||||
a->neg = 0;
|
||||
a->d[0] = w;
|
||||
a->top = (w ? 1 : 0);
|
||||
+ a->flags &= ~BN_FLG_FIXED_TOP;
|
||||
bn_check_top(a);
|
||||
return (1);
|
||||
}
|
||||
@@ -738,6 +735,7 @@ int BN_set_bit(BIGNUM *a, int n)
|
||||
for (k = a->top; k < i + 1; k++)
|
||||
a->d[k] = 0;
|
||||
a->top = i + 1;
|
||||
+ a->flags &= ~BN_FLG_FIXED_TOP;
|
||||
}
|
||||
|
||||
a->d[i] |= (((BN_ULONG)1) << j);
|
||||
diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c
|
||||
index ffbce89..23ddd48 100644
|
||||
--- a/crypto/bn/bn_mod.c
|
||||
+++ b/crypto/bn/bn_mod.c
|
||||
@@ -149,16 +149,71 @@ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
|
||||
|
||||
/*
|
||||
* BN_mod_add variant that may be used if both a and b are non-negative and
|
||||
- * less than m
|
||||
+ * less than m. The original algorithm was
|
||||
+ *
|
||||
+ * if (!BN_uadd(r, a, b))
|
||||
+ * return 0;
|
||||
+ * if (BN_ucmp(r, m) >= 0)
|
||||
+ * return BN_usub(r, r, m);
|
||||
+ *
|
||||
+ * which is replaced with addition, subtracting modulus, and conditional
|
||||
+ * move depending on whether or not subtraction borrowed.
|
||||
*/
|
||||
+int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||
+ const BIGNUM *m)
|
||||
+{
|
||||
+ size_t i, ai, bi, mtop = m->top;
|
||||
+ BN_ULONG storage[1024 / BN_BITS2];
|
||||
+ BN_ULONG carry, temp, mask, *rp, *tp = storage;
|
||||
+ const BN_ULONG *ap, *bp;
|
||||
+
|
||||
+ if (bn_wexpand(r, m->top) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (mtop > sizeof(storage) / sizeof(storage[0])
|
||||
+ && (tp = OPENSSL_malloc(mtop * sizeof(BN_ULONG))) == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ ap = a->d != NULL ? a->d : tp;
|
||||
+ bp = b->d != NULL ? b->d : tp;
|
||||
+
|
||||
+ for (i = 0, ai = 0, bi = 0, carry = 0; i < mtop;) {
|
||||
+ mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1));
|
||||
+ temp = ((ap[ai] & mask) + carry) & BN_MASK2;
|
||||
+ carry = (temp < carry);
|
||||
+
|
||||
+ mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1));
|
||||
+ tp[i] = ((bp[bi] & mask) + temp) & BN_MASK2;
|
||||
+ carry += (tp[i] < temp);
|
||||
+
|
||||
+ i++;
|
||||
+ ai += (i - a->dmax) >> (8 * sizeof(i) - 1);
|
||||
+ bi += (i - b->dmax) >> (8 * sizeof(i) - 1);
|
||||
+ }
|
||||
+ rp = r->d;
|
||||
+ carry -= bn_sub_words(rp, tp, m->d, mtop);
|
||||
+ for (i = 0; i < mtop; i++) {
|
||||
+ rp[i] = (carry & tp[i]) | (~carry & rp[i]);
|
||||
+ ((volatile BN_ULONG *)tp)[i] = 0;
|
||||
+ }
|
||||
+ r->top = mtop;
|
||||
+ r->neg = 0;
|
||||
+
|
||||
+ if (tp != storage)
|
||||
+ OPENSSL_free(tp);
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||
const BIGNUM *m)
|
||||
{
|
||||
- if (!BN_uadd(r, a, b))
|
||||
- return 0;
|
||||
- if (BN_ucmp(r, m) >= 0)
|
||||
- return BN_usub(r, r, m);
|
||||
- return 1;
|
||||
+ int ret = bn_mod_add_fixed_top(r, a, b, m);
|
||||
+
|
||||
+ if (ret)
|
||||
+ bn_correct_top(r);
|
||||
+
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
|
||||
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
|
||||
index be95bd5..d41434a 100644
|
||||
--- a/crypto/bn/bn_mont.c
|
||||
+++ b/crypto/bn/bn_mont.c
|
||||
@@ -56,7 +56,7 @@
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -123,11 +123,22 @@
|
||||
#define MONT_WORD /* use the faster word-based algorithm */
|
||||
|
||||
#ifdef MONT_WORD
|
||||
-static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
|
||||
+static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
|
||||
#endif
|
||||
|
||||
int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||
BN_MONT_CTX *mont, BN_CTX *ctx)
|
||||
+{
|
||||
+ int ret = bn_mul_mont_fixed_top(r, a, b, mont, ctx);
|
||||
+
|
||||
+ bn_correct_top(r);
|
||||
+ bn_check_top(r);
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||
+ BN_MONT_CTX *mont, BN_CTX *ctx)
|
||||
{
|
||||
BIGNUM *tmp;
|
||||
int ret = 0;
|
||||
@@ -140,8 +151,8 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||
if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
|
||||
r->neg = a->neg ^ b->neg;
|
||||
r->top = num;
|
||||
- bn_correct_top(r);
|
||||
- return (1);
|
||||
+ r->flags |= BN_FLG_FIXED_TOP;
|
||||
+ return 1;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
@@ -161,13 +172,12 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||
}
|
||||
/* reduce from aRR to aR */
|
||||
#ifdef MONT_WORD
|
||||
- if (!BN_from_montgomery_word(r, tmp, mont))
|
||||
+ if (!bn_from_montgomery_word(r, tmp, mont))
|
||||
goto err;
|
||||
#else
|
||||
if (!BN_from_montgomery(r, tmp, mont, ctx))
|
||||
goto err;
|
||||
#endif
|
||||
- bn_check_top(r);
|
||||
ret = 1;
|
||||
err:
|
||||
BN_CTX_end(ctx);
|
||||
@@ -175,7 +185,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||
}
|
||||
|
||||
#ifdef MONT_WORD
|
||||
-static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
|
||||
+static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
|
||||
{
|
||||
BIGNUM *n;
|
||||
BN_ULONG *ap, *np, *rp, n0, v, carry;
|
||||
@@ -205,28 +215,16 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
|
||||
# endif
|
||||
|
||||
r->top = max;
|
||||
+ r->flags |= BN_FLG_FIXED_TOP;
|
||||
n0 = mont->n0[0];
|
||||
|
||||
-# ifdef BN_COUNT
|
||||
- fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl);
|
||||
-# endif
|
||||
+ /*
|
||||
+ * Add multiples of |n| to |r| until R = 2^(nl * BN_BITS2) divides it. On
|
||||
+ * input, we had |r| < |n| * R, so now |r| < 2 * |n| * R. Note that |r|
|
||||
+ * includes |carry| which is stored separately.
|
||||
+ */
|
||||
for (carry = 0, i = 0; i < nl; i++, rp++) {
|
||||
-# ifdef __TANDEM
|
||||
- {
|
||||
- long long t1;
|
||||
- long long t2;
|
||||
- long long t3;
|
||||
- t1 = rp[0] * (n0 & 0177777);
|
||||
- t2 = 037777600000l;
|
||||
- t2 = n0 & t2;
|
||||
- t3 = rp[0] & 0177777;
|
||||
- t2 = (t3 * t2) & BN_MASK2;
|
||||
- t1 = t1 + t2;
|
||||
- v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1);
|
||||
- }
|
||||
-# else
|
||||
v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2);
|
||||
-# endif
|
||||
v = (v + carry + rp[nl]) & BN_MASK2;
|
||||
carry |= (v != rp[nl]);
|
||||
carry &= (v <= rp[nl]);
|
||||
@@ -236,52 +234,27 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
|
||||
if (bn_wexpand(ret, nl) == NULL)
|
||||
return (0);
|
||||
ret->top = nl;
|
||||
+ ret->flags |= BN_FLG_FIXED_TOP;
|
||||
ret->neg = r->neg;
|
||||
|
||||
rp = ret->d;
|
||||
+
|
||||
+ /*
|
||||
+ * Shift |nl| words to divide by R. We have |ap| < 2 * |n|. Note that |ap|
|
||||
+ * includes |carry| which is stored separately.
|
||||
+ */
|
||||
ap = &(r->d[nl]);
|
||||
|
||||
-# define BRANCH_FREE 1
|
||||
-# if BRANCH_FREE
|
||||
- {
|
||||
- BN_ULONG *nrp;
|
||||
- size_t m;
|
||||
-
|
||||
- v = bn_sub_words(rp, ap, np, nl) - carry;
|
||||
- /*
|
||||
- * if subtraction result is real, then trick unconditional memcpy
|
||||
- * below to perform in-place "refresh" instead of actual copy.
|
||||
- */
|
||||
- m = (0 - (size_t)v);
|
||||
- nrp =
|
||||
- (BN_ULONG *)(((PTR_SIZE_INT) rp & ~m) | ((PTR_SIZE_INT) ap & m));
|
||||
-
|
||||
- for (i = 0, nl -= 4; i < nl; i += 4) {
|
||||
- BN_ULONG t1, t2, t3, t4;
|
||||
-
|
||||
- t1 = nrp[i + 0];
|
||||
- t2 = nrp[i + 1];
|
||||
- t3 = nrp[i + 2];
|
||||
- ap[i + 0] = 0;
|
||||
- t4 = nrp[i + 3];
|
||||
- ap[i + 1] = 0;
|
||||
- rp[i + 0] = t1;
|
||||
- ap[i + 2] = 0;
|
||||
- rp[i + 1] = t2;
|
||||
- ap[i + 3] = 0;
|
||||
- rp[i + 2] = t3;
|
||||
- rp[i + 3] = t4;
|
||||
- }
|
||||
- for (nl += 4; i < nl; i++)
|
||||
- rp[i] = nrp[i], ap[i] = 0;
|
||||
+ carry -= bn_sub_words(rp, ap, np, nl);
|
||||
+ /*
|
||||
+ * |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note
|
||||
+ * |carry| cannot be 1. That would imply the subtraction did not fit in
|
||||
+ * |nl| words, and we know at most one subtraction is needed.
|
||||
+ */
|
||||
+ for (i = 0; i < nl; i++) {
|
||||
+ rp[i] = (carry & ap[i]) | (~carry & rp[i]);
|
||||
+ ap[i] = 0;
|
||||
}
|
||||
-# else
|
||||
- if (bn_sub_words(rp, ap, np, nl) - carry)
|
||||
- memcpy(rp, ap, nl * sizeof(BN_ULONG));
|
||||
-# endif
|
||||
- bn_correct_top(r);
|
||||
- bn_correct_top(ret);
|
||||
- bn_check_top(ret);
|
||||
|
||||
return (1);
|
||||
}
|
||||
@@ -295,8 +268,11 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
|
||||
BIGNUM *t;
|
||||
|
||||
BN_CTX_start(ctx);
|
||||
- if ((t = BN_CTX_get(ctx)) && BN_copy(t, a))
|
||||
- retn = BN_from_montgomery_word(ret, t, mont);
|
||||
+ if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) {
|
||||
+ retn = bn_from_montgomery_word(ret, t, mont);
|
||||
+ bn_correct_top(ret);
|
||||
+ bn_check_top(ret);
|
||||
+ }
|
||||
BN_CTX_end(ctx);
|
||||
#else /* !MONT_WORD */
|
||||
BIGNUM *t1, *t2;
|
||||
@@ -334,6 +310,12 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
|
||||
return (retn);
|
||||
}
|
||||
|
||||
+int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
|
||||
+ BN_CTX *ctx)
|
||||
+{
|
||||
+ return bn_mul_mont_fixed_top(r, a, &(mont->RR), mont, ctx);
|
||||
+}
|
||||
+
|
||||
BN_MONT_CTX *BN_MONT_CTX_new(void)
|
||||
{
|
||||
BN_MONT_CTX *ret;
|
||||
@@ -370,7 +352,7 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont)
|
||||
|
||||
int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
|
||||
{
|
||||
- int ret = 0;
|
||||
+ int i, ret = 0;
|
||||
BIGNUM *Ri, *R;
|
||||
|
||||
if (BN_is_zero(mod))
|
||||
@@ -382,6 +364,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
|
||||
R = &(mont->RR); /* grab RR as a temp */
|
||||
if (!BN_copy(&(mont->N), mod))
|
||||
goto err; /* Set N */
|
||||
+ if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
|
||||
+ BN_set_flags(&(mont->N), BN_FLG_CONSTTIME);
|
||||
mont->N.neg = 0;
|
||||
|
||||
#ifdef MONT_WORD
|
||||
@@ -394,6 +378,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
|
||||
tmod.dmax = 2;
|
||||
tmod.neg = 0;
|
||||
|
||||
+ if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
|
||||
+ BN_set_flags(&tmod, BN_FLG_CONSTTIME);
|
||||
+
|
||||
mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
|
||||
|
||||
# if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
|
||||
@@ -496,6 +483,11 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
|
||||
if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
|
||||
goto err;
|
||||
|
||||
+ for (i = mont->RR.top, ret = mont->N.top; i < ret; i++)
|
||||
+ mont->RR.d[i] = 0;
|
||||
+ mont->RR.top = ret;
|
||||
+ mont->RR.flags |= BN_FLG_FIXED_TOP;
|
||||
+
|
||||
ret = 1;
|
||||
err:
|
||||
BN_CTX_end(ctx);
|
||||
diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c
|
||||
index 256d26e..5e69297 100644
|
||||
--- a/crypto/bn/bn_sqr.c
|
||||
+++ b/crypto/bn/bn_sqr.c
|
||||
@@ -135,14 +135,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
|
||||
}
|
||||
|
||||
rr->neg = 0;
|
||||
- /*
|
||||
- * If the most-significant half of the top word of 'a' is zero, then the
|
||||
- * square of 'a' will max-1 words.
|
||||
- */
|
||||
- if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
|
||||
- rr->top = max - 1;
|
||||
- else
|
||||
- rr->top = max;
|
||||
+ rr->top = max;
|
||||
+ bn_correct_top(rr);
|
||||
if (r != rr && BN_copy(r, rr) == NULL)
|
||||
goto err;
|
||||
|
||||
diff -up openssl-1.0.2k/crypto/bn_int.h.rohnp-fix openssl-1.0.2k/crypto/bn_int.h
|
||||
--- openssl-1.0.2k/crypto/bn_int.h.rohnp-fix 2018-08-14 10:57:21.597518822 +0200
|
||||
+++ openssl-1.0.2k/crypto/bn_int.h 2018-08-14 10:57:21.599518871 +0200
|
||||
@@ -0,0 +1,13 @@
|
||||
+/*
|
||||
+ * Some BIGNUM functions assume most significant limb to be non-zero, which
|
||||
+ * is customarily arranged by bn_correct_top. Output from below functions
|
||||
+ * is not processed with bn_correct_top, and for this reason it may not be
|
||||
+ * returned out of public API. It may only be passed internally into other
|
||||
+ * functions known to support non-minimal or zero-padded BIGNUMs.
|
||||
+ */
|
||||
+int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||
+ BN_MONT_CTX *mont, BN_CTX *ctx);
|
||||
+int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
|
||||
+ BN_CTX *ctx);
|
||||
+int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||
+ const BIGNUM *m);
|
||||
|
||||
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
|
||||
index b5f67bd..894dff8 100644
|
||||
--- a/crypto/dsa/dsa_ossl.c
|
||||
+++ b/crypto/dsa/dsa_ossl.c
|
||||
@@ -136,8 +136,7 @@ const DSA_METHOD *DSA_OpenSSL(void)
|
||||
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
||||
{
|
||||
BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
|
||||
- BIGNUM m;
|
||||
- BIGNUM xr;
|
||||
+ BIGNUM *m, *blind, *blindm, *tmp;
|
||||
BN_CTX *ctx = NULL;
|
||||
int reason = ERR_R_BN_LIB;
|
||||
DSA_SIG *ret = NULL;
|
||||
@@ -156,9 +155,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
||||
}
|
||||
#endif
|
||||
|
||||
- BN_init(&m);
|
||||
- BN_init(&xr);
|
||||
-
|
||||
if (!dsa->p || !dsa->q || !dsa->g) {
|
||||
reason = DSA_R_MISSING_PARAMETERS;
|
||||
goto err;
|
||||
@@ -170,6 +166,14 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
||||
ctx = BN_CTX_new();
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
+ BN_CTX_start(ctx);
|
||||
+ m = BN_CTX_get(ctx);
|
||||
+ blind = BN_CTX_get(ctx);
|
||||
+ blindm = BN_CTX_get(ctx);
|
||||
+ tmp = BN_CTX_get(ctx);
|
||||
+ if (tmp == NULL)
|
||||
+ goto err;
|
||||
+
|
||||
redo:
|
||||
if ((dsa->kinv == NULL) || (dsa->r == NULL)) {
|
||||
if (!DSA_sign_setup(dsa, ctx, &kinv, &r))
|
||||
@@ -189,20 +193,52 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
||||
* 4.2
|
||||
*/
|
||||
dlen = BN_num_bytes(dsa->q);
|
||||
- if (BN_bin2bn(dgst, dlen, &m) == NULL)
|
||||
+ if (BN_bin2bn(dgst, dlen, m) == NULL)
|
||||
goto err;
|
||||
|
||||
- /* Compute s = inv(k) (m + xr) mod q */
|
||||
- if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx))
|
||||
- goto err; /* s = xr */
|
||||
- if (!BN_add(s, &xr, &m))
|
||||
- goto err; /* s = m + xr */
|
||||
- if (BN_cmp(s, dsa->q) > 0)
|
||||
- if (!BN_sub(s, s, dsa->q))
|
||||
+ /*
|
||||
+ * The normal signature calculation is:
|
||||
+ *
|
||||
+ * s := k^-1 * (m + r * priv_key) mod q
|
||||
+ *
|
||||
+ * We will blind this to protect against side channel attacks
|
||||
+ *
|
||||
+ * s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q
|
||||
+ */
|
||||
+
|
||||
+ /* Generate a blinding value */
|
||||
+ do {
|
||||
+ if (!BN_rand(blind, BN_num_bits(dsa->q) - 1, -1, 0))
|
||||
goto err;
|
||||
+ } while (BN_is_zero(blind));
|
||||
+ BN_set_flags(blind, BN_FLG_CONSTTIME);
|
||||
+ BN_set_flags(blindm, BN_FLG_CONSTTIME);
|
||||
+ BN_set_flags(tmp, BN_FLG_CONSTTIME);
|
||||
+
|
||||
+ /* tmp := blind * priv_key * r mod q */
|
||||
+ if (!BN_mod_mul(tmp, blind, dsa->priv_key, dsa->q, ctx))
|
||||
+ goto err;
|
||||
+ if (!BN_mod_mul(tmp, tmp, r, dsa->q, ctx))
|
||||
+ goto err;
|
||||
+
|
||||
+ /* blindm := blind * m mod q */
|
||||
+ if (!BN_mod_mul(blindm, blind, m, dsa->q, ctx))
|
||||
+ goto err;
|
||||
+
|
||||
+ /* s : = (blind * priv_key * r) + (blind * m) mod q */
|
||||
+ if (!BN_mod_add_quick(s, tmp, blindm, dsa->q))
|
||||
+ goto err;
|
||||
+
|
||||
+ /* s := s * k^-1 mod q */
|
||||
if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
|
||||
goto err;
|
||||
|
||||
+ /* s:= s * blind^-1 mod q */
|
||||
+ if (BN_mod_inverse(blind, blind, dsa->q, ctx) == NULL)
|
||||
+ goto err;
|
||||
+ if (!BN_mod_mul(s, s, blind, dsa->q, ctx))
|
||||
+ goto err;
|
||||
+
|
||||
/*
|
||||
* Redo if r or s is zero as required by FIPS 186-3: this is very
|
||||
* unlikely.
|
||||
@@ -226,13 +262,12 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
||||
BN_free(r);
|
||||
BN_free(s);
|
||||
}
|
||||
- if (ctx != NULL)
|
||||
+ if (ctx != NULL) {
|
||||
+ BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
- BN_clear_free(&m);
|
||||
- BN_clear_free(&xr);
|
||||
- if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
|
||||
- BN_clear_free(kinv);
|
||||
- return (ret);
|
||||
+ }
|
||||
+ BN_clear_free(kinv);
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||
diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c
|
||||
index dd76960..2b8f169 100644
|
||||
--- a/crypto/ecdsa/ecs_ossl.c
|
||||
+++ b/crypto/ecdsa/ecs_ossl.c
|
||||
@@ -60,6 +60,7 @@
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/obj_mac.h>
|
||||
#include <openssl/bn.h>
|
||||
+#include "bn_int.h"
|
||||
|
||||
static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
|
||||
const BIGNUM *, const BIGNUM *,
|
||||
@@ -95,6 +96,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||
EC_POINT *tmp_point = NULL;
|
||||
const EC_GROUP *group;
|
||||
int ret = 0;
|
||||
+ int order_bits;
|
||||
|
||||
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
|
||||
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
|
||||
@@ -126,6 +128,13 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||
goto err;
|
||||
}
|
||||
|
||||
+ /* Preallocate space */
|
||||
+ order_bits = BN_num_bits(order);
|
||||
+ if (!BN_set_bit(k, order_bits)
|
||||
+ || !BN_set_bit(r, order_bits)
|
||||
+ || !BN_set_bit(X, order_bits))
|
||||
+ goto err;
|
||||
+
|
||||
do {
|
||||
/* get random k */
|
||||
do
|
||||
@@ -139,13 +148,19 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||
/*
|
||||
* We do not want timing information to leak the length of k, so we
|
||||
* compute G*k using an equivalent scalar of fixed bit-length.
|
||||
+ *
|
||||
+ * We unconditionally perform both of these additions to prevent a
|
||||
+ * small timing information leakage. We then choose the sum that is
|
||||
+ * one bit longer than the order. This guarantees the code
|
||||
+ * path used in the constant time implementations elsewhere.
|
||||
+ *
|
||||
+ * TODO: revisit the BN_copy aiming for a memory access agnostic
|
||||
+ * conditional copy.
|
||||
*/
|
||||
-
|
||||
- if (!BN_add(k, k, order))
|
||||
+ if (!BN_add(r, k, order)
|
||||
+ || !BN_add(X, r, order)
|
||||
+ || !BN_copy(k, BN_num_bits(r) > order_bits ? r : X))
|
||||
goto err;
|
||||
- if (BN_num_bits(k) <= BN_num_bits(order))
|
||||
- if (!BN_add(k, k, order))
|
||||
- goto err;
|
||||
|
||||
/* compute r the x-coordinate of generator * k */
|
||||
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
|
||||
@@ -237,13 +252,14 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
|
||||
EC_KEY *eckey)
|
||||
{
|
||||
int ok = 0, i;
|
||||
- BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *order = NULL;
|
||||
+ BIGNUM *kinv = NULL, *s, *m = NULL, *order = NULL;
|
||||
const BIGNUM *ckinv;
|
||||
BN_CTX *ctx = NULL;
|
||||
const EC_GROUP *group;
|
||||
ECDSA_SIG *ret;
|
||||
ECDSA_DATA *ecdsa;
|
||||
const BIGNUM *priv_key;
|
||||
+ BN_MONT_CTX *mont_data;
|
||||
|
||||
ecdsa = ecdsa_check(eckey);
|
||||
group = EC_KEY_get0_group(eckey);
|
||||
@@ -262,7 +278,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
|
||||
s = ret->s;
|
||||
|
||||
if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
|
||||
- (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
|
||||
+ (m = BN_new()) == NULL) {
|
||||
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
@@ -271,6 +287,8 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
|
||||
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
+ mont_data = EC_GROUP_get_mont_data(group);
|
||||
+
|
||||
i = BN_num_bits(order);
|
||||
/*
|
||||
* Need to truncate digest if it is too long: first truncate whole bytes.
|
||||
@@ -301,21 +319,33 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
|
||||
}
|
||||
}
|
||||
|
||||
- if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
|
||||
- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
|
||||
+ /*
|
||||
+ * With only one multiplicant being in Montgomery domain
|
||||
+ * multiplication yields real result without post-conversion.
|
||||
+ * Also note that all operations but last are performed with
|
||||
+ * zero-padded vectors. Last operation, BN_mod_mul_montgomery
|
||||
+ * below, returns user-visible value with removed zero padding.
|
||||
+ */
|
||||
+ if (!bn_to_mont_fixed_top(s, ret->r, mont_data, ctx)
|
||||
+ || !bn_mul_mont_fixed_top(s, s, priv_key, mont_data, ctx)) {
|
||||
goto err;
|
||||
}
|
||||
- if (!BN_mod_add_quick(s, tmp, m, order)) {
|
||||
+ if (!bn_mod_add_fixed_top(s, s, m, order)) {
|
||||
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
- if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
|
||||
+ /*
|
||||
+ * |s| can still be larger than modulus, because |m| can be. In
|
||||
+ * such case we count on Montgomery reduction to tie it up.
|
||||
+ */
|
||||
+ if (!bn_to_mont_fixed_top(s, s, mont_data, ctx)
|
||||
+ || !BN_mod_mul_montgomery(s, s, ckinv, mont_data, ctx)) {
|
||||
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (BN_is_zero(s)) {
|
||||
/*
|
||||
- * if kinv and r have been supplied by the caller don't to
|
||||
+ * if kinv and r have been supplied by the caller don't
|
||||
* generate new kinv and r values
|
||||
*/
|
||||
if (in_kinv != NULL && in_r != NULL) {
|
||||
@@ -339,8 +369,6 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
|
||||
BN_CTX_free(ctx);
|
||||
if (m)
|
||||
BN_clear_free(m);
|
||||
- if (tmp)
|
||||
- BN_clear_free(tmp);
|
||||
if (order)
|
||||
BN_free(order);
|
||||
if (kinv)
|
@ -0,0 +1,24 @@
|
||||
diff -up openssl-1.0.2k/crypto/dh/dh_key.c.large-dh openssl-1.0.2k/crypto/dh/dh_key.c
|
||||
--- openssl-1.0.2k/crypto/dh/dh_key.c.large-dh 2018-06-18 13:46:24.268137362 +0200
|
||||
+++ openssl-1.0.2k/crypto/dh/dh_key.c 2018-06-18 13:59:04.605497462 +0200
|
||||
@@ -133,7 +133,7 @@ static int generate_key(DH *dh)
|
||||
int ok = 0;
|
||||
int generate_new_key = 0;
|
||||
unsigned l;
|
||||
- BN_CTX *ctx;
|
||||
+ BN_CTX *ctx = NULL;
|
||||
BN_MONT_CTX *mont = NULL;
|
||||
BIGNUM *pub_key = NULL, *priv_key = NULL;
|
||||
|
||||
@@ -145,6 +145,11 @@ static int generate_key(DH *dh)
|
||||
}
|
||||
#endif
|
||||
|
||||
+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
||||
+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
ctx = BN_CTX_new();
|
||||
if (ctx == NULL)
|
||||
goto err;
|
@ -0,0 +1,96 @@
|
||||
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
|
||||
index c7f1dc3..aa8a7c0 100644
|
||||
--- a/crypto/rsa/rsa_gen.c
|
||||
+++ b/crypto/rsa/rsa_gen.c
|
||||
@@ -177,6 +177,17 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
|
||||
BIGNUM *pr0, *d, *p;
|
||||
int bitsp, bitsq, ok = -1, n = 0;
|
||||
BN_CTX *ctx = NULL;
|
||||
+ unsigned long error = 0;
|
||||
+
|
||||
+ /*
|
||||
+ * When generating ridiculously small keys, we can get stuck
|
||||
+ * continually regenerating the same prime values.
|
||||
+ */
|
||||
+ if (bits < 16) {
|
||||
+ ok = 0; /* we set our own err */
|
||||
+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
|
||||
+ goto err;
|
||||
+ }
|
||||
|
||||
#ifdef OPENSSL_FIPS
|
||||
if (FIPS_module_mode()) {
|
||||
@@ -233,45 +244,55 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
|
||||
if (BN_copy(rsa->e, e_value) == NULL)
|
||||
goto err;
|
||||
|
||||
+ BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
|
||||
+ BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
|
||||
+ BN_set_flags(r2, BN_FLG_CONSTTIME);
|
||||
/* generate p and q */
|
||||
for (;;) {
|
||||
if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
|
||||
goto err;
|
||||
if (!BN_sub(r2, rsa->p, BN_value_one()))
|
||||
goto err;
|
||||
- if (!BN_gcd(r1, r2, rsa->e, ctx))
|
||||
- goto err;
|
||||
- if (BN_is_one(r1))
|
||||
+ ERR_set_mark();
|
||||
+ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
|
||||
+ /* GCD == 1 since inverse exists */
|
||||
break;
|
||||
+ }
|
||||
+ error = ERR_peek_last_error();
|
||||
+ if (ERR_GET_LIB(error) == ERR_LIB_BN
|
||||
+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
|
||||
+ /* GCD != 1 */
|
||||
+ ERR_pop_to_mark();
|
||||
+ } else {
|
||||
+ goto err;
|
||||
+ }
|
||||
if (!BN_GENCB_call(cb, 2, n++))
|
||||
goto err;
|
||||
}
|
||||
if (!BN_GENCB_call(cb, 3, 0))
|
||||
goto err;
|
||||
for (;;) {
|
||||
- /*
|
||||
- * When generating ridiculously small keys, we can get stuck
|
||||
- * continually regenerating the same prime values. Check for this and
|
||||
- * bail if it happens 3 times.
|
||||
- */
|
||||
- unsigned int degenerate = 0;
|
||||
do {
|
||||
if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
|
||||
goto err;
|
||||
if (!BN_sub(r2, rsa->q, rsa->p))
|
||||
goto err;
|
||||
- } while ((BN_ucmp(r2, r3) <= 0) && (++degenerate < 3));
|
||||
- if (degenerate == 3) {
|
||||
- ok = 0; /* we set our own err */
|
||||
- RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
|
||||
- goto err;
|
||||
- }
|
||||
+ } while (BN_ucmp(r2, r3) <= 0);
|
||||
if (!BN_sub(r2, rsa->q, BN_value_one()))
|
||||
goto err;
|
||||
- if (!BN_gcd(r1, r2, rsa->e, ctx))
|
||||
- goto err;
|
||||
- if (BN_is_one(r1))
|
||||
+ ERR_set_mark();
|
||||
+ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
|
||||
+ /* GCD == 1 since inverse exists */
|
||||
break;
|
||||
+ }
|
||||
+ error = ERR_peek_last_error();
|
||||
+ if (ERR_GET_LIB(error) == ERR_LIB_BN
|
||||
+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
|
||||
+ /* GCD != 1 */
|
||||
+ ERR_pop_to_mark();
|
||||
+ } else {
|
||||
+ goto err;
|
||||
+ }
|
||||
if (!BN_GENCB_call(cb, 2, n++))
|
||||
goto err;
|
||||
}
|
@ -0,0 +1,217 @@
|
||||
diff -up openssl-1.0.2k/crypto/asn1/asn1_err.c.asn1-recursive openssl-1.0.2k/crypto/asn1/asn1_err.c
|
||||
--- openssl-1.0.2k/crypto/asn1/asn1_err.c.asn1-recursive 2017-01-26 14:22:03.000000000 +0100
|
||||
+++ openssl-1.0.2k/crypto/asn1/asn1_err.c 2018-06-18 15:08:18.333412753 +0200
|
||||
@@ -279,6 +279,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
|
||||
{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
|
||||
{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
|
||||
{ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
|
||||
+ {ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
|
||||
{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
|
||||
{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
|
||||
{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
|
||||
diff -up openssl-1.0.2k/crypto/asn1/asn1.h.asn1-recursive openssl-1.0.2k/crypto/asn1/asn1.h
|
||||
--- openssl-1.0.2k/crypto/asn1/asn1.h.asn1-recursive 2018-06-18 13:46:23.857127431 +0200
|
||||
+++ openssl-1.0.2k/crypto/asn1/asn1.h 2018-06-18 15:07:53.915826715 +0200
|
||||
@@ -1365,6 +1365,7 @@ void ERR_load_ASN1_strings(void);
|
||||
# define ASN1_R_MSTRING_NOT_UNIVERSAL 139
|
||||
# define ASN1_R_MSTRING_WRONG_TAG 140
|
||||
# define ASN1_R_NESTED_ASN1_STRING 197
|
||||
+# define ASN1_R_NESTED_TOO_DEEP 219
|
||||
# define ASN1_R_NON_HEX_CHARACTERS 141
|
||||
# define ASN1_R_NOT_ASCII_FORMAT 190
|
||||
# define ASN1_R_NOT_ENOUGH_DATA 142
|
||||
diff -up openssl-1.0.2k/crypto/asn1/tasn_dec.c.asn1-recursive openssl-1.0.2k/crypto/asn1/tasn_dec.c
|
||||
--- openssl-1.0.2k/crypto/asn1/tasn_dec.c.asn1-recursive 2017-01-26 14:22:03.000000000 +0100
|
||||
+++ openssl-1.0.2k/crypto/asn1/tasn_dec.c 2018-06-18 15:14:28.978308482 +0200
|
||||
@@ -4,7 +4,7 @@
|
||||
* 2000.
|
||||
*/
|
||||
/* ====================================================================
|
||||
- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
|
||||
+ * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -65,6 +65,14 @@
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
+/*
|
||||
+ * Constructed types with a recursive definition (such as can be found in PKCS7)
|
||||
+ * could eventually exceed the stack given malicious input with excessive
|
||||
+ * recursion. Therefore we limit the stack depth. This is the maximum number of
|
||||
+ * recursive invocations of asn1_item_embed_d2i().
|
||||
+ */
|
||||
+#define ASN1_MAX_CONSTRUCTED_NEST 30
|
||||
+
|
||||
static int asn1_check_eoc(const unsigned char **in, long len);
|
||||
static int asn1_find_end(const unsigned char **in, long len, char inf);
|
||||
|
||||
@@ -81,11 +89,11 @@ static int asn1_check_tlen(long *olen, i
|
||||
static int asn1_template_ex_d2i(ASN1_VALUE **pval,
|
||||
const unsigned char **in, long len,
|
||||
const ASN1_TEMPLATE *tt, char opt,
|
||||
- ASN1_TLC *ctx);
|
||||
+ ASN1_TLC *ctx, int depth);
|
||||
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
|
||||
const unsigned char **in, long len,
|
||||
const ASN1_TEMPLATE *tt, char opt,
|
||||
- ASN1_TLC *ctx);
|
||||
+ ASN1_TLC *ctx, int depth);
|
||||
static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
|
||||
const unsigned char **in, long len,
|
||||
const ASN1_ITEM *it,
|
||||
@@ -154,17 +162,16 @@ int ASN1_template_d2i(ASN1_VALUE **pval,
|
||||
{
|
||||
ASN1_TLC c;
|
||||
asn1_tlc_clear_nc(&c);
|
||||
- return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
|
||||
+ return asn1_template_ex_d2i(pval, in, len, tt, 0, &c, 0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
|
||||
* tag mismatch return -1 to handle OPTIONAL
|
||||
*/
|
||||
-
|
||||
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
|
||||
- const ASN1_ITEM *it,
|
||||
- int tag, int aclass, char opt, ASN1_TLC *ctx)
|
||||
+static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
|
||||
+ long len, const ASN1_ITEM *it, int tag, int aclass,
|
||||
+ char opt, ASN1_TLC *ctx, int depth)
|
||||
{
|
||||
const ASN1_TEMPLATE *tt, *errtt = NULL;
|
||||
const ASN1_COMPAT_FUNCS *cf;
|
||||
@@ -189,6 +196,11 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
|
||||
else
|
||||
asn1_cb = 0;
|
||||
|
||||
+ if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
|
||||
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NESTED_TOO_DEEP);
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
switch (it->itype) {
|
||||
case ASN1_ITYPE_PRIMITIVE:
|
||||
if (it->templates) {
|
||||
@@ -204,7 +216,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
|
||||
goto err;
|
||||
}
|
||||
return asn1_template_ex_d2i(pval, in, len,
|
||||
- it->templates, opt, ctx);
|
||||
+ it->templates, opt, ctx, depth);
|
||||
}
|
||||
return asn1_d2i_ex_primitive(pval, in, len, it,
|
||||
tag, aclass, opt, ctx);
|
||||
@@ -326,7 +338,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
|
||||
/*
|
||||
* We mark field as OPTIONAL so its absence can be recognised.
|
||||
*/
|
||||
- ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
|
||||
+ ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth);
|
||||
/* If field not present, try the next one */
|
||||
if (ret == -1)
|
||||
continue;
|
||||
@@ -444,7 +456,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
|
||||
* attempt to read in field, allowing each to be OPTIONAL
|
||||
*/
|
||||
|
||||
- ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
|
||||
+ ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
|
||||
+ depth);
|
||||
if (!ret) {
|
||||
errtt = seqtt;
|
||||
goto err;
|
||||
@@ -514,6 +527,13 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
|
||||
+ const ASN1_ITEM *it,
|
||||
+ int tag, int aclass, char opt, ASN1_TLC *ctx)
|
||||
+{
|
||||
+ return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* Templates are handled with two separate functions. One handles any
|
||||
* EXPLICIT tag and the other handles the rest.
|
||||
@@ -522,7 +542,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
|
||||
static int asn1_template_ex_d2i(ASN1_VALUE **val,
|
||||
const unsigned char **in, long inlen,
|
||||
const ASN1_TEMPLATE *tt, char opt,
|
||||
- ASN1_TLC *ctx)
|
||||
+ ASN1_TLC *ctx, int depth)
|
||||
{
|
||||
int flags, aclass;
|
||||
int ret;
|
||||
@@ -557,7 +577,7 @@ static int asn1_template_ex_d2i(ASN1_VAL
|
||||
return 0;
|
||||
}
|
||||
/* We've found the field so it can't be OPTIONAL now */
|
||||
- ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
|
||||
+ ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth);
|
||||
if (!ret) {
|
||||
ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
|
||||
return 0;
|
||||
@@ -581,7 +601,7 @@ static int asn1_template_ex_d2i(ASN1_VAL
|
||||
}
|
||||
}
|
||||
} else
|
||||
- return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
|
||||
+ return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
|
||||
|
||||
*in = p;
|
||||
return 1;
|
||||
@@ -594,7 +614,7 @@ static int asn1_template_ex_d2i(ASN1_VAL
|
||||
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
|
||||
const unsigned char **in, long len,
|
||||
const ASN1_TEMPLATE *tt, char opt,
|
||||
- ASN1_TLC *ctx)
|
||||
+ ASN1_TLC *ctx, int depth)
|
||||
{
|
||||
int flags, aclass;
|
||||
int ret;
|
||||
@@ -665,14 +685,15 @@ static int asn1_template_noexp_d2i(ASN1_
|
||||
break;
|
||||
}
|
||||
skfield = NULL;
|
||||
- if (!ASN1_item_ex_d2i(&skfield, &p, len,
|
||||
- ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
|
||||
+ if (!asn1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item),
|
||||
+ -1, 0, 0, ctx, depth)) {
|
||||
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
|
||||
ERR_R_NESTED_ASN1_ERROR);
|
||||
goto err;
|
||||
}
|
||||
len -= p - q;
|
||||
if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) {
|
||||
+ ASN1_item_ex_free(&skfield, ASN1_ITEM_ptr(tt->item));
|
||||
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
@@ -683,9 +704,8 @@ static int asn1_template_noexp_d2i(ASN1_
|
||||
}
|
||||
} else if (flags & ASN1_TFLG_IMPTAG) {
|
||||
/* IMPLICIT tagging */
|
||||
- ret = ASN1_item_ex_d2i(val, &p, len,
|
||||
- ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
|
||||
- ctx);
|
||||
+ ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag,
|
||||
+ aclass, opt, ctx, depth);
|
||||
if (!ret) {
|
||||
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
|
||||
goto err;
|
||||
@@ -693,8 +713,9 @@ static int asn1_template_noexp_d2i(ASN1_
|
||||
return -1;
|
||||
} else {
|
||||
/* Nothing special */
|
||||
- ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
|
||||
- -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
|
||||
+ ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
|
||||
+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx,
|
||||
+ depth);
|
||||
if (!ret) {
|
||||
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
|
||||
goto err;
|
@ -0,0 +1,36 @@
|
||||
diff -up openssl-1.0.2k/ssl/s3_srvr.c.long-hello openssl-1.0.2k/ssl/s3_srvr.c
|
||||
--- openssl-1.0.2k/ssl/s3_srvr.c.long-hello 2017-03-09 17:59:26.000000000 +0100
|
||||
+++ openssl-1.0.2k/ssl/s3_srvr.c 2017-03-30 09:11:35.639338753 +0200
|
||||
@@ -899,6 +899,23 @@ int ssl3_send_hello_request(SSL *s)
|
||||
return ssl_do_write(s);
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * Maximum size (excluding the Handshake header) of a ClientHello message,
|
||||
+ * calculated as follows:
|
||||
+ *
|
||||
+ * 2 + # client_version
|
||||
+ * 32 + # only valid length for random
|
||||
+ * 1 + # length of session_id
|
||||
+ * 32 + # maximum size for session_id
|
||||
+ * 2 + # length of cipher suites
|
||||
+ * 2^16-2 + # maximum length of cipher suites array
|
||||
+ * 1 + # length of compression_methods
|
||||
+ * 2^8-1 + # maximum length of compression methods
|
||||
+ * 2 + # length of extensions
|
||||
+ * 2^16-1 # maximum length of extensions
|
||||
+ */
|
||||
+#define CLIENT_HELLO_MAX_LENGTH 131396
|
||||
+
|
||||
int ssl3_get_client_hello(SSL *s)
|
||||
{
|
||||
int i, j, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1, cookie_valid = 0;
|
||||
@@ -930,7 +947,7 @@ int ssl3_get_client_hello(SSL *s)
|
||||
SSL3_ST_SR_CLNT_HELLO_B,
|
||||
SSL3_ST_SR_CLNT_HELLO_C,
|
||||
SSL3_MT_CLIENT_HELLO,
|
||||
- SSL3_RT_MAX_PLAIN_LENGTH, &ok);
|
||||
+ CLIENT_HELLO_MAX_LENGTH, &ok);
|
||||
|
||||
if (!ok)
|
||||
return ((int)n);
|
@ -0,0 +1,57 @@
|
||||
diff -up openssl-1.0.2k/ssl/ssl_cert.c.name-sensitive openssl-1.0.2k/ssl/ssl_cert.c
|
||||
--- openssl-1.0.2k/ssl/ssl_cert.c.name-sensitive 2017-01-26 14:22:04.000000000 +0100
|
||||
+++ openssl-1.0.2k/ssl/ssl_cert.c 2018-06-18 13:43:12.452502627 +0200
|
||||
@@ -855,9 +855,33 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx,
|
||||
return (add_client_CA(&(ctx->client_CA), x));
|
||||
}
|
||||
|
||||
-static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
|
||||
+static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
|
||||
{
|
||||
- return (X509_NAME_cmp(*a, *b));
|
||||
+ unsigned char *abuf = NULL, *bbuf = NULL;
|
||||
+ int alen, blen, ret;
|
||||
+
|
||||
+ /* X509_NAME_cmp() itself casts away constness in this way, so
|
||||
+ * assume it's safe:
|
||||
+ */
|
||||
+ alen = i2d_X509_NAME((X509_NAME *)a, &abuf);
|
||||
+ blen = i2d_X509_NAME((X509_NAME *)b, &bbuf);
|
||||
+
|
||||
+ if (alen < 0 || blen < 0)
|
||||
+ ret = -2;
|
||||
+ else if (alen != blen)
|
||||
+ ret = alen - blen;
|
||||
+ else /* alen == blen */
|
||||
+ ret = memcmp(abuf, bbuf, alen);
|
||||
+
|
||||
+ OPENSSL_free(abuf);
|
||||
+ OPENSSL_free(bbuf);
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
|
||||
+{
|
||||
+ return xname_cmp(*a, *b);
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_STDIO
|
||||
@@ -876,7 +900,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_
|
||||
X509_NAME *xn = NULL;
|
||||
STACK_OF(X509_NAME) *ret = NULL, *sk;
|
||||
|
||||
- sk = sk_X509_NAME_new(xname_cmp);
|
||||
+ sk = sk_X509_NAME_new(xname_sk_cmp);
|
||||
|
||||
in = BIO_new(BIO_s_file_internal());
|
||||
|
||||
@@ -948,7 +972,7 @@ int SSL_add_file_cert_subjects_to_stack(
|
||||
int ret = 1;
|
||||
int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b);
|
||||
|
||||
- oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp);
|
||||
+ oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp);
|
||||
|
||||
in = BIO_new(BIO_s_file_internal());
|
||||
|
@ -0,0 +1,217 @@
|
||||
diff -up openssl-1.0.2k/apps/ciphers.c.no-ssl2 openssl-1.0.2k/apps/ciphers.c
|
||||
--- openssl-1.0.2k/apps/ciphers.c.no-ssl2 2017-01-26 14:22:03.000000000 +0100
|
||||
+++ openssl-1.0.2k/apps/ciphers.c 2017-03-01 14:18:28.058046372 +0100
|
||||
@@ -73,7 +73,9 @@ static const char *ciphers_usage[] = {
|
||||
"usage: ciphers args\n",
|
||||
" -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n",
|
||||
" -V - even more verbose\n",
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
" -ssl2 - SSL2 mode\n",
|
||||
+#endif
|
||||
" -ssl3 - SSL3 mode\n",
|
||||
" -tls1 - TLS1 mode\n",
|
||||
NULL
|
||||
diff -up openssl-1.0.2k/apps/s_client.c.no-ssl2 openssl-1.0.2k/apps/s_client.c
|
||||
--- openssl-1.0.2k/apps/s_client.c.no-ssl2 2017-03-01 14:04:57.000000000 +0100
|
||||
+++ openssl-1.0.2k/apps/s_client.c 2017-03-01 14:17:42.368974209 +0100
|
||||
@@ -380,7 +380,9 @@ static void sc_usage(void)
|
||||
" -srp_strength int - minimal length in bits for N (default %d).\n",
|
||||
SRP_MINIMAL_N);
|
||||
#endif
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
BIO_printf(bio_err, " -ssl2 - just use SSLv2\n");
|
||||
+#endif
|
||||
#ifndef OPENSSL_NO_SSL3_METHOD
|
||||
BIO_printf(bio_err, " -ssl3 - just use SSLv3\n");
|
||||
#endif
|
||||
diff -up openssl-1.0.2k/apps/s_server.c.no-ssl2 openssl-1.0.2k/apps/s_server.c
|
||||
--- openssl-1.0.2k/apps/s_server.c.no-ssl2 2017-02-15 11:33:38.000000000 +0100
|
||||
+++ openssl-1.0.2k/apps/s_server.c 2017-03-01 14:13:54.154618822 +0100
|
||||
@@ -598,7 +598,9 @@ static void sv_usage(void)
|
||||
BIO_printf(bio_err,
|
||||
" -srpuserseed string - A seed string for a default user salt.\n");
|
||||
#endif
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
BIO_printf(bio_err, " -ssl2 - Just talk SSLv2\n");
|
||||
+#endif
|
||||
#ifndef OPENSSL_NO_SSL3_METHOD
|
||||
BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n");
|
||||
#endif
|
||||
@@ -610,7 +612,7 @@ static void sv_usage(void)
|
||||
BIO_printf(bio_err, " -timeout - Enable timeouts\n");
|
||||
BIO_printf(bio_err, " -mtu - Set link layer MTU\n");
|
||||
BIO_printf(bio_err, " -chain - Read a certificate chain\n");
|
||||
- BIO_printf(bio_err, " -no_ssl2 - Just disable SSLv2\n");
|
||||
+ BIO_printf(bio_err, " -no_ssl2 - No-op, SSLv2 is always disabled\n");
|
||||
BIO_printf(bio_err, " -no_ssl3 - Just disable SSLv3\n");
|
||||
BIO_printf(bio_err, " -no_tls1 - Just disable TLSv1\n");
|
||||
BIO_printf(bio_err, " -no_tls1_1 - Just disable TLSv1.1\n");
|
||||
diff -up openssl-1.0.2k/apps/s_time.c.no-ssl2 openssl-1.0.2k/apps/s_time.c
|
||||
--- openssl-1.0.2k/apps/s_time.c.no-ssl2 2017-02-15 11:33:38.000000000 +0100
|
||||
+++ openssl-1.0.2k/apps/s_time.c 2017-03-01 14:20:15.708572549 +0100
|
||||
@@ -191,7 +191,9 @@ static void s_time_usage(void)
|
||||
SSL_CONNECT_NAME);
|
||||
#ifdef FIONBIO
|
||||
printf("-nbio - Run with non-blocking IO\n");
|
||||
+#ifndef OPENSSL_NO_SSL2
|
||||
printf("-ssl2 - Just use SSLv2\n");
|
||||
+#endif
|
||||
printf("-ssl3 - Just use SSLv3\n");
|
||||
printf("-bugs - Turn on SSL bug compatibility\n");
|
||||
printf("-new - Just time new connections\n");
|
||||
diff -up openssl-1.0.2k/doc/apps/ciphers.pod.no-ssl2 openssl-1.0.2k/doc/apps/ciphers.pod
|
||||
--- openssl-1.0.2k/doc/apps/ciphers.pod.no-ssl2 2017-01-26 14:22:04.000000000 +0100
|
||||
+++ openssl-1.0.2k/doc/apps/ciphers.pod 2017-03-01 14:02:51.275041593 +0100
|
||||
@@ -9,7 +9,6 @@ ciphers - SSL cipher display and cipher
|
||||
B<openssl> B<ciphers>
|
||||
[B<-v>]
|
||||
[B<-V>]
|
||||
-[B<-ssl2>]
|
||||
[B<-ssl3>]
|
||||
[B<-tls1>]
|
||||
[B<cipherlist>]
|
||||
@@ -42,10 +41,6 @@ Like B<-v>, but include cipher suite cod
|
||||
|
||||
This lists ciphers compatible with any of SSLv3, TLSv1, TLSv1.1 or TLSv1.2.
|
||||
|
||||
-=item B<-ssl2>
|
||||
-
|
||||
-Only include SSLv2 ciphers.
|
||||
-
|
||||
=item B<-h>, B<-?>
|
||||
|
||||
Print a brief usage message.
|
||||
diff -up openssl-1.0.2k/doc/apps/s_client.pod.no-ssl2 openssl-1.0.2k/doc/apps/s_client.pod
|
||||
--- openssl-1.0.2k/doc/apps/s_client.pod.no-ssl2 2017-03-01 14:04:57.000000000 +0100
|
||||
+++ openssl-1.0.2k/doc/apps/s_client.pod 2017-03-01 14:06:28.389146669 +0100
|
||||
@@ -33,13 +33,11 @@ B<openssl> B<s_client>
|
||||
[B<-ign_eof>]
|
||||
[B<-no_ign_eof>]
|
||||
[B<-quiet>]
|
||||
-[B<-ssl2>]
|
||||
[B<-ssl3>]
|
||||
[B<-tls1>]
|
||||
[B<-tls1_1>]
|
||||
[B<-tls1_2>]
|
||||
[B<-dtls1>]
|
||||
-[B<-no_ssl2>]
|
||||
[B<-no_ssl3>]
|
||||
[B<-no_tls1>]
|
||||
[B<-no_tls1_1>]
|
||||
@@ -207,7 +205,7 @@ Use the PSK key B<key> when using a PSK
|
||||
given as a hexadecimal number without leading 0x, for example -psk
|
||||
1a2b3c4d.
|
||||
|
||||
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
||||
+=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
||||
|
||||
These options require or disable the use of the specified SSL or TLS protocols.
|
||||
By default the initial handshake uses a I<version-flexible> method which will
|
||||
@@ -326,8 +324,8 @@ would typically be used (https uses port
|
||||
then an HTTP command can be given such as "GET /" to retrieve a web page.
|
||||
|
||||
If the handshake fails then there are several possible causes, if it is
|
||||
-nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
|
||||
-B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried
|
||||
+nothing obvious like no client certificate then the B<-bugs>,
|
||||
+B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1> options can be tried
|
||||
in case it is a buggy server. In particular you should play with these
|
||||
options B<before> submitting a bug report to an OpenSSL mailing list.
|
||||
|
||||
@@ -349,10 +347,6 @@ on the command line is no guarantee that
|
||||
If there are problems verifying a server certificate then the
|
||||
B<-showcerts> option can be used to show the whole chain.
|
||||
|
||||
-Since the SSLv23 client hello cannot include compression methods or extensions
|
||||
-these will only be supported if its use is disabled, for example by using the
|
||||
-B<-no_sslv2> option.
|
||||
-
|
||||
The B<s_client> utility is a test tool and is designed to continue the
|
||||
handshake after any certificate verification errors. As a result it will
|
||||
accept any certificate chain (trusted or not) sent by the peer. None test
|
||||
diff -up openssl-1.0.2k/doc/apps/s_server.pod.no-ssl2 openssl-1.0.2k/doc/apps/s_server.pod
|
||||
--- openssl-1.0.2k/doc/apps/s_server.pod.no-ssl2 2017-03-01 14:04:57.000000000 +0100
|
||||
+++ openssl-1.0.2k/doc/apps/s_server.pod 2017-03-01 14:04:17.871077754 +0100
|
||||
@@ -42,12 +42,10 @@ B<openssl> B<s_server>
|
||||
[B<-keytab filename>]
|
||||
[B<-quiet>]
|
||||
[B<-no_tmp_rsa>]
|
||||
-[B<-ssl2>]
|
||||
[B<-ssl3>]
|
||||
[B<-tls1>]
|
||||
[B<-tls1_1>]
|
||||
[B<-tls1_2>]
|
||||
-[B<-no_ssl2>]
|
||||
[B<-no_ssl3>]
|
||||
[B<-no_tls1>]
|
||||
[B<-no_dhe>]
|
||||
@@ -229,7 +227,7 @@ Use the PSK key B<key> when using a PSK
|
||||
given as a hexadecimal number without leading 0x, for example -psk
|
||||
1a2b3c4d.
|
||||
|
||||
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
||||
+=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
||||
|
||||
These options require or disable the use of the specified SSL or TLS protocols.
|
||||
By default the initial handshake uses a I<version-flexible> method which will
|
||||
diff -up openssl-1.0.2k/doc/apps/s_time.pod.no-ssl2 openssl-1.0.2k/doc/apps/s_time.pod
|
||||
--- openssl-1.0.2k/doc/apps/s_time.pod.no-ssl2 2017-02-15 11:33:38.000000000 +0100
|
||||
+++ openssl-1.0.2k/doc/apps/s_time.pod 2017-03-01 14:03:50.440432769 +0100
|
||||
@@ -20,7 +20,6 @@ B<openssl> B<s_time>
|
||||
[B<-verify depth>]
|
||||
[B<-nbio>]
|
||||
[B<-time seconds>]
|
||||
-[B<-ssl2>]
|
||||
[B<-ssl3>]
|
||||
[B<-bugs>]
|
||||
[B<-cipher cipherlist>]
|
||||
@@ -99,9 +98,9 @@ specified, they are both on by default a
|
||||
|
||||
turns on non-blocking I/O.
|
||||
|
||||
-=item B<-ssl2>, B<-ssl3>
|
||||
+=item B<-ssl3>
|
||||
|
||||
-these options disable the use of certain SSL or TLS protocols. By default
|
||||
+this option disables the use of certain SSL or TLS protocols. By default
|
||||
the initial handshake uses a method which should be compatible with all
|
||||
servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
|
||||
The timing program is not as rich in options to turn protocols on and off as
|
||||
@@ -109,8 +108,7 @@ the L<s_client(1)|s_client(1)> program a
|
||||
|
||||
Unfortunately there are a lot of ancient and broken servers in use which
|
||||
cannot handle this technique and will fail to connect. Some servers only
|
||||
-work if TLS is turned off with the B<-ssl3> option; others
|
||||
-will only support SSL v2 and may need the B<-ssl2> option.
|
||||
+work if TLS is turned off with the B<-ssl3> option.
|
||||
|
||||
=item B<-bugs>
|
||||
|
||||
@@ -144,7 +142,7 @@ which both client and server can agree,
|
||||
for details.
|
||||
|
||||
If the handshake fails then there are several possible causes, if it is
|
||||
-nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
|
||||
+nothing obvious like no client certificate then the B<-bugs>,
|
||||
B<-ssl3> options can be tried
|
||||
in case it is a buggy server. In particular you should play with these
|
||||
options B<before> submitting a bug report to an OpenSSL mailing list.
|
||||
diff -up openssl-1.0.2k/doc/ssl/SSL_CTX_new.pod.no-ssl2 openssl-1.0.2k/doc/ssl/SSL_CTX_new.pod
|
||||
--- openssl-1.0.2k/doc/ssl/SSL_CTX_new.pod.no-ssl2 2017-01-26 14:22:04.000000000 +0100
|
||||
+++ openssl-1.0.2k/doc/ssl/SSL_CTX_new.pod 2017-03-01 14:09:12.981016773 +0100
|
||||
@@ -123,13 +123,8 @@ used.
|
||||
|
||||
=item SSLv2_method(), SSLv2_server_method(), SSLv2_client_method()
|
||||
|
||||
-A TLS/SSL connection established with these methods will only understand the
|
||||
-SSLv2 protocol. A client will send out SSLv2 client hello messages and will
|
||||
-also indicate that it only understand SSLv2. A server will only understand
|
||||
-SSLv2 client hello messages. The SSLv2 protocol offers little to no security
|
||||
-and should not be used.
|
||||
-As of OpenSSL 1.0.2g, EXPORT ciphers and 56-bit DES are no longer available
|
||||
-with SSLv2.
|
||||
+These calls are provided only as stubs for keeping ABI compatibility. There
|
||||
+is no support for SSLv2 built in the library.
|
||||
|
||||
=item DTLS_method(), DTLS_server_method(), DTLS_client_method()
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,30 @@
|
||||
diff -up openssl-1.0.2k/apps/req.c.req-x509 openssl-1.0.2k/apps/req.c
|
||||
--- openssl-1.0.2k/apps/req.c.req-x509 2017-03-09 17:59:26.269231647 +0100
|
||||
+++ openssl-1.0.2k/apps/req.c 2017-05-17 13:23:31.236556216 +0200
|
||||
@@ -331,7 +331,6 @@ int MAIN(int argc, char **argv)
|
||||
else if (strcmp(*argv, "-text") == 0)
|
||||
text = 1;
|
||||
else if (strcmp(*argv, "-x509") == 0) {
|
||||
- newreq = 1;
|
||||
x509 = 1;
|
||||
} else if (strcmp(*argv, "-asn1-kludge") == 0)
|
||||
kludge = 1;
|
||||
@@ -447,6 +446,9 @@ int MAIN(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
|
||||
+ if (x509 && infile == NULL)
|
||||
+ newreq = 1;
|
||||
+
|
||||
ERR_load_crypto_strings();
|
||||
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
|
||||
BIO_printf(bio_err, "Error getting passwords\n");
|
||||
@@ -753,7 +755,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
- if (newreq) {
|
||||
+ if (newreq || x509) {
|
||||
if (pkey == NULL) {
|
||||
BIO_printf(bio_err, "you need to specify a private key\n");
|
||||
goto end;
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,11 @@
|
||||
--- ssl/dtls1.h.orig 2014-12-22 19:03:22.442338471 +0100
|
||||
+++ ssl/dtls1.h 2014-12-22 19:03:44.061694335 +0100
|
||||
@@ -68,7 +68,7 @@
|
||||
# endif
|
||||
# ifdef OPENSSL_SYS_WIN32
|
||||
/* Needed for struct timeval */
|
||||
-# include <winsock.h>
|
||||
+# include <time.h>
|
||||
# elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
|
||||
# include <sys/timeval.h>
|
||||
# else
|
@ -0,0 +1,26 @@
|
||||
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
|
||||
index 23271be..f57ca72 100644
|
||||
--- a/crypto/asn1/a_verify.c
|
||||
+++ b/crypto/asn1/a_verify.c
|
||||
@@ -143,7 +143,7 @@ static int is_md_legacy_disallowed(int mdnid)
|
||||
{
|
||||
int i;
|
||||
|
||||
- if (mdnid == NID_md5 && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") != NULL)
|
||||
+ if (mdnid == NID_md5 && getenv("OPENSSL_ENABLE_MD5_VERIFY") != NULL)
|
||||
return 0;
|
||||
|
||||
for (i = 0; legacy_mds[i] != 0; ++i) {
|
||||
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
|
||||
index 732804f..8f845f7 100644
|
||||
--- a/ssl/ssl_ciph.c
|
||||
+++ b/ssl/ssl_ciph.c
|
||||
@@ -486,7 +486,7 @@ static void load_builtin_compressions(void)
|
||||
MemCheck_off();
|
||||
ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
|
||||
if (ssl_comp_methods != NULL
|
||||
- && secure_getenv("OPENSSL_DEFAULT_ZLIB") != NULL) {
|
||||
+ && getenv("OPENSSL_DEFAULT_ZLIB") != NULL) {
|
||||
comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
|
||||
if (comp != NULL) {
|
||||
comp->method = COMP_zlib();
|
@ -0,0 +1,400 @@
|
||||
/* Test program to verify that RSA signing is thread-safe in OpenSSL. */
|
||||
|
||||
#include <assert.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <limits.h>
|
||||
#include <pthread.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/md5.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
/* Just assume we want to do engine stuff if we're using 0.9.6b or
|
||||
* higher. This assumption is only valid for versions bundled with RHL. */
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x0090602fL
|
||||
#include <openssl/engine.h>
|
||||
#define USE_ENGINE
|
||||
#endif
|
||||
|
||||
#define MAX_THREAD_COUNT 10000
|
||||
#define ITERATION_COUNT 10
|
||||
#define MAIN_COUNT 100
|
||||
|
||||
/* OpenSSL requires us to provide thread ID and locking primitives. */
|
||||
pthread_mutex_t *mutex_locks = NULL;
|
||||
static unsigned long
|
||||
thread_id_cb(void)
|
||||
{
|
||||
return (unsigned long) pthread_self();
|
||||
}
|
||||
static void
|
||||
lock_cb(int mode, int n, const char *file, int line)
|
||||
{
|
||||
if (mode & CRYPTO_LOCK) {
|
||||
pthread_mutex_lock(&mutex_locks[n]);
|
||||
} else {
|
||||
pthread_mutex_unlock(&mutex_locks[n]);
|
||||
}
|
||||
}
|
||||
|
||||
struct thread_args {
|
||||
RSA *rsa;
|
||||
int digest_type;
|
||||
unsigned char *digest;
|
||||
unsigned int digest_len;
|
||||
unsigned char *signature;
|
||||
unsigned int signature_len;
|
||||
pthread_t main_thread;
|
||||
};
|
||||
|
||||
static int print = 0;
|
||||
|
||||
pthread_mutex_t sign_lock = PTHREAD_MUTEX_INITIALIZER;
|
||||
static int locked_sign = 0;
|
||||
static void SIGN_LOCK() {if (locked_sign) pthread_mutex_lock(&sign_lock);}
|
||||
static void SIGN_UNLOCK() {if (locked_sign) pthread_mutex_unlock(&sign_lock);}
|
||||
|
||||
pthread_mutex_t verify_lock = PTHREAD_MUTEX_INITIALIZER;
|
||||
static int locked_verify = 0;
|
||||
static void VERIFY_LOCK() {if (locked_verify) pthread_mutex_lock(&verify_lock);}
|
||||
static void VERIFY_UNLOCK() {if (locked_verify) pthread_mutex_unlock(&verify_lock);}
|
||||
|
||||
pthread_mutex_t failure_count_lock = PTHREAD_MUTEX_INITIALIZER;
|
||||
long failure_count = 0;
|
||||
static void
|
||||
failure()
|
||||
{
|
||||
pthread_mutex_lock(&failure_count_lock);
|
||||
failure_count++;
|
||||
pthread_mutex_unlock(&failure_count_lock);
|
||||
}
|
||||
|
||||
static void *
|
||||
thread_main(void *argp)
|
||||
{
|
||||
struct thread_args *args = argp;
|
||||
unsigned char *signature;
|
||||
unsigned int signature_len, signature_alloc_len;
|
||||
int ret, i;
|
||||
|
||||
signature_alloc_len = args->signature_len;
|
||||
if (RSA_size(args->rsa) > signature_alloc_len) {
|
||||
signature_alloc_len = RSA_size(args->rsa);
|
||||
}
|
||||
signature = malloc(signature_alloc_len);
|
||||
if (signature == NULL) {
|
||||
fprintf(stderr, "Skipping checks in thread %lu -- %s.\n",
|
||||
(unsigned long) pthread_self(), strerror(errno));
|
||||
pthread_exit(0);
|
||||
return NULL;
|
||||
}
|
||||
for (i = 0; i < ITERATION_COUNT; i++) {
|
||||
signature_len = signature_alloc_len;
|
||||
SIGN_LOCK();
|
||||
ret = RSA_check_key(args->rsa);
|
||||
ERR_print_errors_fp(stdout);
|
||||
if (ret != 1) {
|
||||
failure();
|
||||
break;
|
||||
}
|
||||
ret = RSA_sign(args->digest_type,
|
||||
args->digest,
|
||||
args->digest_len,
|
||||
signature, &signature_len,
|
||||
args->rsa);
|
||||
SIGN_UNLOCK();
|
||||
ERR_print_errors_fp(stdout);
|
||||
if (ret != 1) {
|
||||
failure();
|
||||
break;
|
||||
}
|
||||
|
||||
VERIFY_LOCK();
|
||||
ret = RSA_verify(args->digest_type,
|
||||
args->digest,
|
||||
args->digest_len,
|
||||
signature, signature_len,
|
||||
args->rsa);
|
||||
VERIFY_UNLOCK();
|
||||
if (ret != 1) {
|
||||
fprintf(stderr,
|
||||
"Signature from thread %lu(%d) fails "
|
||||
"verification (passed in thread #%lu)!\n",
|
||||
(long) pthread_self(), i,
|
||||
(long) args->main_thread);
|
||||
ERR_print_errors_fp(stdout);
|
||||
failure();
|
||||
continue;
|
||||
}
|
||||
if (print) {
|
||||
fprintf(stderr, ">%d\n", i);
|
||||
}
|
||||
}
|
||||
free(signature);
|
||||
|
||||
pthread_exit(0);
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
unsigned char *
|
||||
xmemdup(unsigned char *s, size_t len)
|
||||
{
|
||||
unsigned char *r;
|
||||
r = malloc(len);
|
||||
if (r == NULL) {
|
||||
fprintf(stderr, "Out of memory.\n");
|
||||
ERR_print_errors_fp(stdout);
|
||||
assert(r != NULL);
|
||||
}
|
||||
memcpy(r, s, len);
|
||||
return r;
|
||||
}
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
RSA *rsa;
|
||||
MD5_CTX md5;
|
||||
int fd, i;
|
||||
pthread_t threads[MAX_THREAD_COUNT];
|
||||
int thread_count = 1000;
|
||||
unsigned char *message, *digest;
|
||||
unsigned int message_len, digest_len;
|
||||
unsigned char *correct_signature;
|
||||
unsigned int correct_siglen, ret;
|
||||
struct thread_args master_args, *args;
|
||||
int sync = 0, seed = 0;
|
||||
int again = 1;
|
||||
#ifdef USE_ENGINE
|
||||
char *engine = NULL;
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
|
||||
pthread_mutex_init(&failure_count_lock, NULL);
|
||||
|
||||
for (i = 1; i < argc; i++) {
|
||||
if (strcmp(argv[i], "--seed") == 0) {
|
||||
printf("Seeding PRNG.\n");
|
||||
seed++;
|
||||
} else
|
||||
if (strcmp(argv[i], "--sync") == 0) {
|
||||
printf("Running synchronized.\n");
|
||||
sync++;
|
||||
} else
|
||||
if ((strcmp(argv[i], "--threads") == 0) && (i < argc - 1)) {
|
||||
i++;
|
||||
thread_count = atol(argv[i]);
|
||||
if (thread_count > MAX_THREAD_COUNT) {
|
||||
thread_count = MAX_THREAD_COUNT;
|
||||
}
|
||||
printf("Starting %d threads.\n", thread_count);
|
||||
sync++;
|
||||
} else
|
||||
if (strcmp(argv[i], "--sign") == 0) {
|
||||
printf("Locking signing.\n");
|
||||
locked_sign++;
|
||||
} else
|
||||
if (strcmp(argv[i], "--verify") == 0) {
|
||||
printf("Locking verifies.\n");
|
||||
locked_verify++;
|
||||
} else
|
||||
if (strcmp(argv[i], "--print") == 0) {
|
||||
printf("Tracing.\n");
|
||||
print++;
|
||||
#ifdef USE_ENGINE
|
||||
} else
|
||||
if ((strcmp(argv[i], "--engine") == 0) && (i < argc - 1)) {
|
||||
printf("Using engine \"%s\".\n", argv[i + 1]);
|
||||
engine = argv[i + 1];
|
||||
i++;
|
||||
#endif
|
||||
} else {
|
||||
printf("Bad argument: %s\n", argv[i]);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
/* Get some random data to sign. */
|
||||
fd = open("/dev/urandom", O_RDONLY);
|
||||
if (fd == -1) {
|
||||
fprintf(stderr, "Error opening /dev/urandom: %s\n",
|
||||
strerror(errno));
|
||||
}
|
||||
|
||||
if (print) {
|
||||
fprintf(stderr, "Reading random data.\n");
|
||||
}
|
||||
message = malloc(message_len = 9371);
|
||||
read(fd, message, message_len);
|
||||
close(fd);
|
||||
|
||||
/* Initialize the SSL library and set up thread-safe locking. */
|
||||
ERR_load_crypto_strings();
|
||||
SSL_library_init();
|
||||
mutex_locks = malloc(sizeof(pthread_mutex_t) * CRYPTO_num_locks());
|
||||
for (i = 0; i < CRYPTO_num_locks(); i++) {
|
||||
pthread_mutex_init(&mutex_locks[i], NULL);
|
||||
}
|
||||
CRYPTO_set_id_callback(thread_id_cb);
|
||||
CRYPTO_set_locking_callback(lock_cb);
|
||||
ERR_print_errors_fp(stdout);
|
||||
|
||||
/* Seed the PRNG if we were asked to do so. */
|
||||
if (seed) {
|
||||
if (print) {
|
||||
fprintf(stderr, "Seeding PRNG.\n");
|
||||
}
|
||||
RAND_add(message, message_len, message_len);
|
||||
ERR_print_errors_fp(stdout);
|
||||
}
|
||||
|
||||
/* Turn on a hardware crypto device if asked to do so. */
|
||||
#ifdef USE_ENGINE
|
||||
if (engine) {
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
|
||||
ENGINE_load_builtin_engines();
|
||||
#endif
|
||||
if (print) {
|
||||
fprintf(stderr, "Initializing \"%s\" engine.\n",
|
||||
engine);
|
||||
}
|
||||
e = ENGINE_by_id(engine);
|
||||
ERR_print_errors_fp(stdout);
|
||||
if (e) {
|
||||
i = ENGINE_init(e);
|
||||
ERR_print_errors_fp(stdout);
|
||||
i = ENGINE_set_default_RSA(e);
|
||||
ERR_print_errors_fp(stdout);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Compute the digest for the signature. */
|
||||
if (print) {
|
||||
fprintf(stderr, "Computing digest.\n");
|
||||
}
|
||||
digest = malloc(digest_len = MD5_DIGEST_LENGTH);
|
||||
MD5_Init(&md5);
|
||||
MD5_Update(&md5, message, message_len);
|
||||
MD5_Final(digest, &md5);
|
||||
|
||||
/* Generate a signing key. */
|
||||
if (print) {
|
||||
fprintf(stderr, "Generating key.\n");
|
||||
}
|
||||
rsa = RSA_generate_key(4096, 3, NULL, NULL);
|
||||
ERR_print_errors_fp(stdout);
|
||||
if (rsa == NULL) {
|
||||
_exit(1);
|
||||
}
|
||||
|
||||
/* Sign the data. */
|
||||
correct_siglen = RSA_size(rsa);
|
||||
correct_signature = malloc(correct_siglen);
|
||||
for (i = 0; i < MAIN_COUNT; i++) {
|
||||
if (print) {
|
||||
fprintf(stderr, "Signing data (%d).\n", i);
|
||||
}
|
||||
ret = RSA_check_key(rsa);
|
||||
ERR_print_errors_fp(stdout);
|
||||
if (ret != 1) {
|
||||
failure();
|
||||
}
|
||||
correct_siglen = RSA_size(rsa);
|
||||
ret = RSA_sign(NID_md5, digest, digest_len,
|
||||
correct_signature, &correct_siglen,
|
||||
rsa);
|
||||
ERR_print_errors_fp(stdout);
|
||||
if (ret != 1) {
|
||||
_exit(2);
|
||||
}
|
||||
if (print) {
|
||||
fprintf(stderr, "Verifying data (%d).\n", i);
|
||||
}
|
||||
ret = RSA_verify(NID_md5, digest, digest_len,
|
||||
correct_signature, correct_siglen,
|
||||
rsa);
|
||||
if (ret != 1) {
|
||||
_exit(2);
|
||||
}
|
||||
}
|
||||
|
||||
/* Collect up the inforamtion which other threads will need for
|
||||
* comparing their signature results with ours. */
|
||||
master_args.rsa = rsa;
|
||||
master_args.digest_type = NID_md5;
|
||||
master_args.digest = digest;
|
||||
master_args.digest_len = digest_len;
|
||||
master_args.signature = correct_signature;
|
||||
master_args.signature_len = correct_siglen;
|
||||
master_args.main_thread = pthread_self();
|
||||
|
||||
fprintf(stdout, "Performing %d signatures in each of %d threads "
|
||||
"(%d, %d).\n", ITERATION_COUNT, thread_count,
|
||||
digest_len, correct_siglen);
|
||||
fflush(NULL);
|
||||
|
||||
/* Start up all of the threads. */
|
||||
for (i = 0; i < thread_count; i++) {
|
||||
args = malloc(sizeof(struct thread_args));
|
||||
args->rsa = RSAPrivateKey_dup(master_args.rsa);
|
||||
args->digest_type = master_args.digest_type;
|
||||
args->digest_len = master_args.digest_len;
|
||||
args->digest = xmemdup(master_args.digest, args->digest_len);
|
||||
args->signature_len = master_args.signature_len;
|
||||
args->signature = xmemdup(master_args.signature,
|
||||
args->signature_len);
|
||||
args->main_thread = pthread_self();
|
||||
ret = pthread_create(&threads[i], NULL, thread_main, args);
|
||||
while ((ret != 0) && (errno == EAGAIN)) {
|
||||
ret = pthread_create(&threads[i], NULL,
|
||||
thread_main, &args);
|
||||
fprintf(stderr, "Thread limit hit at %d.\n", i);
|
||||
}
|
||||
if (ret != 0) {
|
||||
fprintf(stderr, "Unable to create thread %d: %s.\n",
|
||||
i, strerror(errno));
|
||||
threads[i] = -1;
|
||||
} else {
|
||||
if (sync) {
|
||||
ret = pthread_join(threads[i], NULL);
|
||||
assert(ret == 0);
|
||||
}
|
||||
if (print) {
|
||||
fprintf(stderr, "%d\n", i);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Wait for all threads to complete. So long as we can find an
|
||||
* unjoined thread, keep joining threads. */
|
||||
do {
|
||||
again = 0;
|
||||
for (i = 0; i < thread_count; i++) {
|
||||
/* If we have an unterminated thread, join it. */
|
||||
if (threads[i] != -1) {
|
||||
again = 1;
|
||||
if (print) {
|
||||
fprintf(stderr, "Joining thread %d.\n",
|
||||
i);
|
||||
}
|
||||
pthread_join(threads[i], NULL);
|
||||
threads[i] = -1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
} while (again == 1);
|
||||
|
||||
fprintf(stderr, "%ld failures\n", failure_count);
|
||||
|
||||
return (failure_count != 0);
|
||||
}
|
@ -0,0 +1,11 @@
|
||||
--- engines/Makefile.orig 2010-05-15 21:24:54.986089920 +0200
|
||||
+++ engines/Makefile 2010-05-15 21:26:51.409085467 +0200
|
||||
@@ -111,7 +111,7 @@
|
||||
for l in $(LIBNAMES); do \
|
||||
( echo installing $$l; \
|
||||
pfx=lib; \
|
||||
- if [ "$(PLATFORM)" = "mingw" ]; then \
|
||||
+ if [ "$(PLATFORM)" = "mingw" -o "$(PLATFORM)" = "mingw64" ]; then \
|
||||
sfx=.dll; \
|
||||
cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \
|
||||
elif expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
|
@ -0,0 +1,7 @@
|
||||
/* Prepended at openssl package build-time. Don't include this file directly,
|
||||
* use <openssl/opensslconf.h> instead. */
|
||||
|
||||
#ifndef openssl_opensslconf_multilib_redirection_h
|
||||
#error "Don't include this file directly, use <openssl/opensslconf.h> instead!"
|
||||
#endif
|
||||
|
@ -0,0 +1,47 @@
|
||||
/* This file is here to prevent a file conflict on multiarch systems. A
|
||||
* conflict will frequently occur because arch-specific build-time
|
||||
* configuration options are stored (and used, so they can't just be stripped
|
||||
* out) in opensslconf.h. The original opensslconf.h has been renamed.
|
||||
* DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
|
||||
|
||||
#ifdef openssl_opensslconf_multilib_redirection_h
|
||||
#error "Do not define openssl_opensslconf_multilib_redirection_h!"
|
||||
#endif
|
||||
#define openssl_opensslconf_multilib_redirection_h
|
||||
|
||||
#if defined(__i386__)
|
||||
#include "opensslconf-i386.h"
|
||||
#elif defined(__ia64__)
|
||||
#include "opensslconf-ia64.h"
|
||||
#elif defined(__mips64) && defined(__MIPSEL__)
|
||||
#include "opensslconf-mips64el.h"
|
||||
#elif defined(__mips64)
|
||||
#include "opensslconf-mips64.h"
|
||||
#elif defined(__mips) && defined(__MIPSEL__)
|
||||
#include "opensslconf-mipsel.h"
|
||||
#elif defined(__mips)
|
||||
#include "opensslconf-mips.h"
|
||||
#elif defined(__powerpc64__)
|
||||
#include <endian.h>
|
||||
#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
|
||||
#include "opensslconf-ppc64.h"
|
||||
#else
|
||||
#include "opensslconf-ppc64le.h"
|
||||
#endif
|
||||
#elif defined(__powerpc__)
|
||||
#include "opensslconf-ppc.h"
|
||||
#elif defined(__s390x__)
|
||||
#include "opensslconf-s390x.h"
|
||||
#elif defined(__s390__)
|
||||
#include "opensslconf-s390.h"
|
||||
#elif defined(__sparc__) && defined(__arch64__)
|
||||
#include "opensslconf-sparc64.h"
|
||||
#elif defined(__sparc__)
|
||||
#include "opensslconf-sparc.h"
|
||||
#elif defined(__x86_64__)
|
||||
#include "opensslconf-x86_64.h"
|
||||
#else
|
||||
#error "This openssl-devel package does not work your architecture?"
|
||||
#endif
|
||||
|
||||
#undef openssl_opensslconf_multilib_redirection_h
|
@ -0,0 +1,42 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ $# -eq 0 ]; then
|
||||
echo $"Usage: `basename $0` filename" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
PEM=$1
|
||||
REQ=`/bin/mktemp /tmp/openssl.XXXXXX`
|
||||
KEY=`/bin/mktemp /tmp/openssl.XXXXXX`
|
||||
CRT=`/bin/mktemp /tmp/openssl.XXXXXX`
|
||||
NEW=${PEM}_
|
||||
|
||||
trap "rm -f $REQ $KEY $CRT $NEW" SIGINT
|
||||
|
||||
if [ ! -f $PEM ]; then
|
||||
echo "$PEM: file not found" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
let -a SERIAL=0x$(openssl x509 -in $PEM -noout -serial | cut -d= -f2)
|
||||
let SERIAL++
|
||||
|
||||
umask 077
|
||||
|
||||
OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'`
|
||||
|
||||
openssl rsa -inform pem -in $PEM -out $KEY
|
||||
openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ
|
||||
openssl x509 -req -in $REQ -signkey $KEY -set_serial $SERIAL -days 365 \
|
||||
-extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT
|
||||
|
||||
(cat $KEY ; echo "" ; cat $CRT) > $NEW
|
||||
|
||||
chown $OWNER $NEW
|
||||
|
||||
mv -f $NEW $PEM
|
||||
|
||||
rm -f $REQ $KEY $CRT
|
||||
|
||||
exit 0
|
||||
|
@ -0,0 +1,745 @@
|
||||
%?mingw_package_header
|
||||
|
||||
# For the curious:
|
||||
# 0.9.5a soversion = 0
|
||||
# 0.9.6 soversion = 1
|
||||
# 0.9.6a soversion = 2
|
||||
# 0.9.6c soversion = 3
|
||||
# 0.9.7a soversion = 4
|
||||
# 0.9.7ef soversion = 5
|
||||
# 0.9.8ab soversion = 6
|
||||
# 0.9.8g soversion = 7
|
||||
# 0.9.8jk + EAP-FAST soversion = 8
|
||||
# 1.0.0 soversion = 10
|
||||
%global soversion 10
|
||||
|
||||
# Enable the tests.
|
||||
# These only work some of the time, but fail randomly at other times
|
||||
# (although I have had them complete a few times, so I don't think
|
||||
# there is any actual problem with the binaries).
|
||||
%global run_tests 0
|
||||
|
||||
# Number of threads to spawn when testing some threading fixes.
|
||||
%global thread_test_threads %{?threads:%{threads}}%{!?threads:1}
|
||||
|
||||
Name: mingw-openssl
|
||||
Version: 1.0.2k
|
||||
Release: 2%{?dist}
|
||||
Summary: MinGW port of the OpenSSL toolkit
|
||||
|
||||
License: OpenSSL
|
||||
Group: Development/Libraries
|
||||
URL: http://www.openssl.org/
|
||||
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
# The original openssl upstream tarball cannot be shipped in the .src.rpm.
|
||||
Source: openssl-%{version}-hobbled.tar.xz
|
||||
|
||||
Source1: hobble-openssl
|
||||
Source2: Makefile.certificate
|
||||
Source6: make-dummy-cert
|
||||
Source7: renew-dummy-cert
|
||||
Source8: openssl-thread-test.c
|
||||
Source9: opensslconf-new.h
|
||||
Source10: opensslconf-new-warning.h
|
||||
Source11: README.FIPS
|
||||
Source12: ec_curve.c
|
||||
Source13: ectest.c
|
||||
|
||||
# Build changes
|
||||
Patch1: openssl-1.0.2e-rpmbuild.patch
|
||||
Patch2: openssl-1.0.2a-defaults.patch
|
||||
Patch4: openssl-1.0.2i-enginesdir.patch
|
||||
Patch5: openssl-1.0.2a-no-rpath.patch
|
||||
Patch6: openssl-1.0.2a-test-use-localhost.patch
|
||||
Patch7: openssl-1.0.0-timezone.patch
|
||||
Patch8: openssl-1.0.1c-perlfind.patch
|
||||
Patch9: openssl-1.0.1c-aliasing.patch
|
||||
# Bug fixes
|
||||
Patch23: openssl-1.0.2c-default-paths.patch
|
||||
Patch24: openssl-1.0.2a-issuer-hash.patch
|
||||
# Functionality changes
|
||||
Patch33: openssl-1.0.0-beta4-ca-dir.patch
|
||||
Patch34: openssl-1.0.2a-x509.patch
|
||||
Patch35: openssl-1.0.2a-version-add-engines.patch
|
||||
# Patch39: openssl-1.0.2a-ipv6-apps.patch
|
||||
Patch40: openssl-1.0.2i-fips.patch
|
||||
Patch43: openssl-1.0.2j-krb5keytab.patch
|
||||
Patch45: openssl-1.0.2a-env-zlib.patch
|
||||
Patch47: openssl-1.0.2a-readme-warning.patch
|
||||
Patch49: openssl-1.0.1i-algo-doc.patch
|
||||
Patch50: openssl-1.0.2a-dtls1-abi.patch
|
||||
# Patch51: openssl-1.0.2a-version.patch
|
||||
# Patch56: openssl-1.0.2a-rsa-x931.patch
|
||||
Patch58: openssl-1.0.2a-fips-md5-allow.patch
|
||||
Patch60: openssl-1.0.2a-apps-dgst.patch
|
||||
# Patch63: openssl-1.0.2k-starttls.patch
|
||||
Patch65: openssl-1.0.2i-chil-fixes.patch
|
||||
Patch66: openssl-1.0.2h-pkgconfig.patch
|
||||
# Patch68: openssl-1.0.2i-secure-getenv.patch
|
||||
# Patch70: openssl-1.0.2a-fips-ec.patch
|
||||
Patch71: openssl-1.0.2g-manfix.patch
|
||||
# Patch72: openssl-1.0.2a-fips-ctor.patch
|
||||
Patch73: openssl-1.0.2c-ecc-suiteb.patch
|
||||
Patch74: openssl-1.0.2j-deprecate-algos.patch
|
||||
Patch75: openssl-1.0.2a-compat-symbols.patch
|
||||
# Patch76: openssl-1.0.2j-new-fips-reqs.patch
|
||||
Patch77: openssl-1.0.2j-downgrade-strength.patch
|
||||
Patch78: openssl-1.0.2k-cc-reqs.patch
|
||||
Patch90: openssl-1.0.2i-enc-fail.patch
|
||||
Patch94: openssl-1.0.2d-secp256k1.patch
|
||||
Patch95: openssl-1.0.2e-remove-nistp224.patch
|
||||
Patch96: openssl-1.0.2e-speed-doc.patch
|
||||
Patch97: openssl-1.0.2k-no-ssl2.patch
|
||||
Patch98: openssl-1.0.2k-long-hello.patch
|
||||
# Patch99: openssl-1.0.2k-fips-randlock.patch
|
||||
# Backported fixes including security fixes
|
||||
Patch80: openssl-1.0.2e-wrap-pad.patch
|
||||
Patch81: openssl-1.0.2a-padlock64.patch
|
||||
Patch82: openssl-1.0.2i-trusted-first-doc.patch
|
||||
Patch83: openssl-1.0.2k-backports.patch
|
||||
Patch84: openssl-1.0.2k-ppc-update.patch
|
||||
Patch85: openssl-1.0.2k-req-x509.patch
|
||||
Patch86: openssl-1.0.2k-cve-2017-3736.patch
|
||||
Patch87: openssl-1.0.2k-cve-2017-3737.patch
|
||||
Patch88: openssl-1.0.2k-cve-2017-3738.patch
|
||||
Patch89: openssl-1.0.2k-s390x-update.patch
|
||||
Patch100: openssl-1.0.2k-name-sensitive.patch
|
||||
Patch101: openssl-1.0.2k-cve-2017-3735.patch
|
||||
Patch102: openssl-1.0.2k-cve-2018-0732.patch
|
||||
Patch103: openssl-1.0.2k-cve-2018-0737.patch
|
||||
Patch104: openssl-1.0.2k-cve-2018-0739.patch
|
||||
Patch105: openssl-1.0.2k-cve-2018-0495.patch
|
||||
|
||||
# MinGW-specific patches.
|
||||
# Rename *eay32.dll to lib*.dll
|
||||
Patch1001: mingw32-openssl-1.0.0-beta3-libversion.patch
|
||||
# Fix engines/ install target after lib rename
|
||||
Patch1002: mingw32-openssl-1.0.2a-sfx.patch
|
||||
# Some .c file contains in #include <dlfcn.h> while it
|
||||
# doesn't really use anything from that header
|
||||
Patch1003: mingw-openssl-drop-unneeded-reference-to-dlfcn-h.patch
|
||||
# Mingw-w64 compatibility patch
|
||||
Patch1004: openssl_mingw64_install_fix.patch
|
||||
# Prevent a build failure which occurs because we don't have FIPS enabled
|
||||
Patch1005: mingw-openssl-fix-fips-build-failure.patch
|
||||
# The function secure_getenv is a GNU extension which isn't available on Windows
|
||||
Patch1006: openssl-mingw64-dont-use-secure-getenv.patch
|
||||
# Don't include the old winsock.h as it will cause warnings/errors in packages
|
||||
# using the openssl headers like: Please include winsock2.h before windows.h
|
||||
Patch1007: openssl-dont-include-winsock-h.patch
|
||||
|
||||
BuildArch: noarch
|
||||
ExclusiveArch: %{ix86} x86_64
|
||||
|
||||
BuildRequires: mingw32-filesystem >= 95
|
||||
BuildRequires: mingw32-gcc
|
||||
BuildRequires: mingw32-binutils
|
||||
BuildRequires: mingw32-zlib
|
||||
|
||||
BuildRequires: mingw64-filesystem >= 95
|
||||
BuildRequires: mingw64-gcc
|
||||
BuildRequires: mingw64-binutils
|
||||
BuildRequires: mingw64-zlib
|
||||
|
||||
BuildRequires: perl-interpreter
|
||||
BuildRequires: sed
|
||||
BuildRequires: /usr/bin/cmp
|
||||
BuildRequires: lksctp-tools-devel
|
||||
BuildRequires: /usr/bin/rename
|
||||
BuildRequires: /usr/bin/pod2man
|
||||
|
||||
# XXX Not really sure about this one. The build script uses
|
||||
# /usr/bin/makedepend which comes from imake.
|
||||
BuildRequires: imake
|
||||
|
||||
%if %{run_tests}
|
||||
# Required both to build, and to run the tests.
|
||||
# XXX This needs to be fixed - cross-compilation should not
|
||||
# require running executables.
|
||||
BuildRequires: wine
|
||||
|
||||
# Required to run the tests.
|
||||
BuildRequires: xorg-x11-server-Xvfb
|
||||
%endif
|
||||
|
||||
|
||||
%description
|
||||
The OpenSSL toolkit provides support for secure communications between
|
||||
machines. OpenSSL includes a certificate management tool and shared
|
||||
libraries which provide various cryptographic algorithms and
|
||||
protocols.
|
||||
|
||||
This package contains Windows (MinGW) libraries and development tools.
|
||||
|
||||
|
||||
# Win32
|
||||
%package -n mingw32-openssl
|
||||
Summary: MinGW port of the OpenSSL toolkit
|
||||
#Requires: ca-certificates >= 2008-5
|
||||
Requires: pkgconfig
|
||||
|
||||
%description -n mingw32-openssl
|
||||
The OpenSSL toolkit provides support for secure communications between
|
||||
machines. OpenSSL includes a certificate management tool and shared
|
||||
libraries which provide various cryptographic algorithms and
|
||||
protocols.
|
||||
|
||||
This package contains Windows (MinGW) libraries and development tools.
|
||||
|
||||
%package -n mingw32-openssl-static
|
||||
Summary: Static version of the MinGW port of the OpenSSL toolkit
|
||||
Requires: mingw32-openssl = %{version}-%{release}
|
||||
|
||||
%description -n mingw32-openssl-static
|
||||
Static version of the MinGW port of the OpenSSL toolkit.
|
||||
|
||||
# Win64
|
||||
%package -n mingw64-openssl
|
||||
Summary: MinGW port of the OpenSSL toolkit
|
||||
#Requires: ca-certificates >= 2008-5
|
||||
Requires: pkgconfig
|
||||
|
||||
%description -n mingw64-openssl
|
||||
The OpenSSL toolkit provides support for secure communications between
|
||||
machines. OpenSSL includes a certificate management tool and shared
|
||||
libraries which provide various cryptographic algorithms and
|
||||
protocols.
|
||||
|
||||
This package contains Windows (MinGW) libraries and development tools.
|
||||
|
||||
%package -n mingw64-openssl-static
|
||||
Summary: Static version of the MinGW port of the OpenSSL toolkit
|
||||
Requires: mingw64-openssl = %{version}-%{release}
|
||||
|
||||
%description -n mingw64-openssl-static
|
||||
Static version of the MinGW port of the OpenSSL toolkit.
|
||||
|
||||
|
||||
%?mingw_debug_package
|
||||
|
||||
|
||||
%prep
|
||||
%setup -q -n openssl-%{version}
|
||||
|
||||
# The hobble_openssl is called here redundantly, just to be sure.
|
||||
# The tarball has already the sources removed.
|
||||
%{SOURCE1} > /dev/null
|
||||
|
||||
cp %{SOURCE12} %{SOURCE13} crypto/ec/
|
||||
|
||||
%patch1 -p1 -b .rpmbuild
|
||||
%patch2 -p1 -b .defaults
|
||||
%patch4 -p1 -b .enginesdir %{?_rawbuild}
|
||||
%patch5 -p1 -b .no-rpath
|
||||
%patch6 -p1 -b .use-localhost
|
||||
%patch7 -p1 -b .timezone
|
||||
%patch8 -p1 -b .perlfind %{?_rawbuild}
|
||||
%patch9 -p1 -b .aliasing
|
||||
|
||||
%patch23 -p1 -b .default-paths
|
||||
%patch24 -p1 -b .issuer-hash
|
||||
|
||||
%patch33 -p1 -b .ca-dir
|
||||
%patch34 -p1 -b .x509
|
||||
%patch35 -p1 -b .version-add-engines
|
||||
#patch39 -p1 -b .ipv6-apps
|
||||
%patch40 -p1 -b .fips
|
||||
%patch43 -p1 -b .krb5keytab
|
||||
%patch45 -p1 -b .env-zlib
|
||||
%patch47 -p1 -b .warning
|
||||
%patch49 -p1 -b .algo-doc
|
||||
%patch50 -p1 -b .dtls1-abi
|
||||
#patch51 -p1 -b .version
|
||||
#patch56 -p1 -b .x931
|
||||
%patch58 -p1 -b .md5-allow
|
||||
%patch60 -p1 -b .dgst
|
||||
#patch63 -p1 -b .starttls
|
||||
%patch65 -p1 -b .chil
|
||||
%patch66 -p1 -b .pkgconfig
|
||||
#patch68 -p1 -b .secure-getenv
|
||||
#patch70 -p1 -b .fips-ec
|
||||
%patch71 -p1 -b .manfix
|
||||
#patch72 -p1 -b .fips-ctor
|
||||
%patch73 -p1 -b .suiteb
|
||||
%patch74 -p1 -b .deprecate-algos
|
||||
%patch75 -p1 -b .compat
|
||||
#patch76 -p1 -b .fips-reqs
|
||||
%patch77 -p1 -b .strength
|
||||
%patch78 -p1 -b .cc-reqs
|
||||
%patch90 -p1 -b .enc-fail
|
||||
%patch94 -p1 -b .secp256k1
|
||||
%patch95 -p1 -b .nistp224
|
||||
%patch96 -p1 -b .speed-doc
|
||||
%patch97 -p1 -b .no-ssl2
|
||||
%patch98 -p1 -b .long-hello
|
||||
#patch99 -p1 -b .randlock
|
||||
|
||||
%patch80 -p1 -b .wrap
|
||||
%patch81 -p1 -b .padlock64
|
||||
%patch82 -p1 -b .trusted-first
|
||||
%patch83 -p1 -b .backports
|
||||
%patch84 -p1 -b .ppc-update
|
||||
%patch85 -p1 -b .req-x509
|
||||
%patch86 -p1 -b .mont5-carry
|
||||
%patch87 -p1 -b .ssl-err
|
||||
%patch88 -p1 -b .rsaz-overflow
|
||||
%patch89 -p1 -b .s390x-update
|
||||
%patch100 -p1 -b .name-sensitive
|
||||
%patch101 -p1 -b .overread
|
||||
%patch102 -p1 -b .large-dh
|
||||
%patch103 -p1 -b .gen-timing
|
||||
%patch104 -p1 -b .asn1-recursive
|
||||
%patch105 -p1 -b .rohnp-fix
|
||||
|
||||
# MinGW specific patches
|
||||
%patch1001 -p1 -b .mingw-libversion
|
||||
%patch1002 -p1 -b .mingw-sfx
|
||||
%patch1003 -p0 -b .dlfcn
|
||||
%patch1004 -p0 -b .mingw64
|
||||
%patch1005 -p1 -b .fips_mingw
|
||||
%patch1006 -p1 -b .secure_getenv_mingw
|
||||
%patch1007 -p0 -b .winsock
|
||||
|
||||
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
|
||||
|
||||
# Modify the various perl scripts to reference perl in the right location.
|
||||
perl util/perlpath.pl `dirname %{__perl}`
|
||||
|
||||
# Generate a table with the compile settings for my perusal.
|
||||
touch Makefile
|
||||
make TABLE PERL=%{__perl}
|
||||
|
||||
# Create two copies of the source folder as OpenSSL doesn't support out of source builds
|
||||
mkdir ../build_win32
|
||||
mv * ../build_win32
|
||||
mv ../build_win32 .
|
||||
mkdir build_win64
|
||||
cp -Rp build_win32/* build_win64
|
||||
|
||||
# Use mingw cflags instead of hardcoded ones
|
||||
sed -i -e '/^"mingw"/ s/-fomit-frame-pointer -O3 -march=i486 -Wall/%{mingw32_cflags}/' build_win32/Configure
|
||||
sed -i -e '/^"mingw"/ s/-O3 -Wall/%{mingw64_cflags}/' build_win64/Configure
|
||||
|
||||
|
||||
%build
|
||||
###############################################################################
|
||||
# Win32
|
||||
###############################################################################
|
||||
pushd build_win32
|
||||
|
||||
PERL=%{__perl} \
|
||||
./Configure \
|
||||
--prefix=%{mingw32_prefix} \
|
||||
--openssldir=%{mingw32_sysconfdir}/pki/tls \
|
||||
zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
|
||||
enable-cms enable-md2 enable-rc5 \
|
||||
no-mdc2 no-ec2m no-gost no-srp \
|
||||
no-fips no-hw \
|
||||
--cross-compile-prefix=%{mingw32_target}- \
|
||||
--enginesdir=%{mingw32_libdir}/openssl/engines \
|
||||
shared mingw
|
||||
|
||||
# Regenerate def files as we disabled some algorithms above
|
||||
perl util/mkdef.pl crypto ssl update
|
||||
|
||||
make depend
|
||||
make all build-shared
|
||||
|
||||
# Generate hashes for the included certs.
|
||||
make rehash build-shared
|
||||
|
||||
popd
|
||||
|
||||
###############################################################################
|
||||
# Win64
|
||||
###############################################################################
|
||||
pushd build_win64
|
||||
|
||||
PERL=%{__perl} \
|
||||
./Configure \
|
||||
--prefix=%{mingw64_prefix} \
|
||||
--openssldir=%{mingw64_sysconfdir}/pki/tls \
|
||||
zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
|
||||
enable-cms enable-md2 \
|
||||
no-mdc2 no-rc5 no-ec2m no-gost no-srp \
|
||||
no-fips no-hw \
|
||||
--cross-compile-prefix=%{mingw64_target}- \
|
||||
--enginesdir=%{mingw64_libdir}/openssl/engines \
|
||||
shared mingw64
|
||||
|
||||
# Regenerate def files as we disabled some algorithms above
|
||||
perl util/mkdef.pl crypto ssl update
|
||||
|
||||
make depend
|
||||
make all build-shared
|
||||
|
||||
# Generate hashes for the included certs.
|
||||
make rehash build-shared
|
||||
|
||||
popd
|
||||
|
||||
# Clean up the .pc files
|
||||
for i in build_win{32,64}/libcrypto.pc build_win{32,64}/libssl.pc build_win{32,64}/openssl.pc ; do
|
||||
sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i
|
||||
done
|
||||
|
||||
|
||||
%if %{run_tests}
|
||||
%check
|
||||
#----------------------------------------------------------------------
|
||||
# Run some tests.
|
||||
|
||||
# We must revert patch33 before tests otherwise they will fail
|
||||
patch -p1 -R < %{PATCH33}
|
||||
|
||||
# This is a bit of a hack, but the test scripts look for 'openssl'
|
||||
# by name.
|
||||
pushd build_win32/apps
|
||||
ln -s openssl.exe openssl
|
||||
popd
|
||||
|
||||
# This is useful for diagnosing Wine problems.
|
||||
WINEDEBUG=+loaddll
|
||||
export WINEDEBUG
|
||||
|
||||
# Make sure we can find the installed DLLs.
|
||||
WINEDLLPATH=%{mingw32_bindir}
|
||||
export WINEDLLPATH
|
||||
|
||||
# The tests run Wine and require an X server (but don't really use
|
||||
# it). Therefore we create a virtual framebuffer for the duration of
|
||||
# the tests.
|
||||
# XXX There is no good way to choose a random, unused display.
|
||||
# XXX Setting depth to 24 bits avoids bug 458219.
|
||||
unset DISPLAY
|
||||
display=:21
|
||||
Xvfb $display -screen 0 1024x768x24 -ac -noreset & xpid=$!
|
||||
trap "kill -TERM $xpid ||:" EXIT
|
||||
sleep 3
|
||||
DISPLAY=$display
|
||||
export DISPLAY
|
||||
|
||||
make LDCMD=%{mingw32_cc} -C build_win32/test apps tests
|
||||
|
||||
# Disable this thread test, because we don't have pthread on Windows.
|
||||
%{mingw32_cc} -o openssl-thread-test \
|
||||
-I./build_win32/include \
|
||||
%-{_mingw32_cflags} \
|
||||
%-{SOURCE8} \
|
||||
-L./build_win32 \
|
||||
-lssl -lcrypto \
|
||||
-lpthread -lz -ldl
|
||||
|
||||
## `krb5-config --cflags`
|
||||
## `krb5-config --libs`
|
||||
#
|
||||
./openssl-thread-test --threads %{thread_test_threads}
|
||||
|
||||
#----------------------------------------------------------------------
|
||||
%endif
|
||||
|
||||
# Add generation of HMAC checksum of the final stripped library
|
||||
##define __spec_install_post \
|
||||
# #{?__debug_package:#{__debug_install_post}} \
|
||||
# #{__arch_install_post} \
|
||||
# #{__os_install_post} \
|
||||
# fips/fips_standalone_sha1 $RPM_BUILD_ROOT/#{_lib}/libcrypto.so.#{version} >$RPM_BUILD_ROOT/#{_lib}/.libcrypto.so.#{version}.hmac \
|
||||
# ln -sf .libcrypto.so.#{version}.hmac $RPM_BUILD_ROOT/#{_lib}/.libcrypto.so.#{soversion}.hmac \
|
||||
##{nil}
|
||||
|
||||
|
||||
%install
|
||||
mkdir -p $RPM_BUILD_ROOT%{mingw32_libdir}/openssl
|
||||
mkdir -p $RPM_BUILD_ROOT%{mingw32_bindir}
|
||||
mkdir -p $RPM_BUILD_ROOT%{mingw32_includedir}
|
||||
mkdir -p $RPM_BUILD_ROOT%{mingw32_mandir}
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT%{mingw64_libdir}/openssl
|
||||
mkdir -p $RPM_BUILD_ROOT%{mingw64_bindir}
|
||||
mkdir -p $RPM_BUILD_ROOT%{mingw64_includedir}
|
||||
mkdir -p $RPM_BUILD_ROOT%{mingw64_mandir}
|
||||
|
||||
%mingw_make_install INSTALL_PREFIX=$RPM_BUILD_ROOT build-shared
|
||||
|
||||
# Install the file applink.c (#499934)
|
||||
install -m644 build_win32/ms/applink.c $RPM_BUILD_ROOT%{mingw32_includedir}/openssl/applink.c
|
||||
install -m644 build_win64/ms/applink.c $RPM_BUILD_ROOT%{mingw64_includedir}/openssl/applink.c
|
||||
|
||||
# I have no idea why it installs the manpages in /etc, but
|
||||
# we remove them anyway.
|
||||
rm -r $RPM_BUILD_ROOT%{mingw32_sysconfdir}/pki/tls/man
|
||||
rm -r $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/tls/man
|
||||
|
||||
# Set permissions on lib*.dll.a so that strip works.
|
||||
chmod 0755 $RPM_BUILD_ROOT%{mingw32_libdir}/libcrypto.dll.a
|
||||
chmod 0755 $RPM_BUILD_ROOT%{mingw32_libdir}/libssl.dll.a
|
||||
chmod 0755 $RPM_BUILD_ROOT%{mingw64_libdir}/libcrypto.dll.a
|
||||
chmod 0755 $RPM_BUILD_ROOT%{mingw64_libdir}/libssl.dll.a
|
||||
|
||||
# Install a makefile for generating keys and self-signed certs, and a script
|
||||
# for generating them on the fly.
|
||||
mkdir -p $RPM_BUILD_ROOT%{mingw32_sysconfdir}/pki/tls/certs
|
||||
install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{mingw32_sysconfdir}/pki/tls/certs/Makefile
|
||||
install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{mingw32_sysconfdir}/pki/tls/certs/make-dummy-cert
|
||||
install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{mingw32_sysconfdir}/pki/tls/certs/renew-dummy-cert
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/tls/certs
|
||||
install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/tls/certs/Makefile
|
||||
install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/tls/certs/make-dummy-cert
|
||||
install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/tls/certs/renew-dummy-cert
|
||||
|
||||
# Pick a CA script.
|
||||
pushd $RPM_BUILD_ROOT%{mingw32_sysconfdir}/pki/tls/misc
|
||||
mv CA.sh CA
|
||||
popd
|
||||
|
||||
pushd $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/tls/misc
|
||||
mv CA.sh CA
|
||||
popd
|
||||
|
||||
mkdir -m700 $RPM_BUILD_ROOT%{mingw32_sysconfdir}/pki/CA
|
||||
mkdir -m700 $RPM_BUILD_ROOT%{mingw32_sysconfdir}/pki/CA/private
|
||||
|
||||
mkdir -m700 $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/CA
|
||||
mkdir -m700 $RPM_BUILD_ROOT%{mingw64_sysconfdir}/pki/CA/private
|
||||
|
||||
# Exclude debug files from the main files (note: the debug files are only created after %%install, so we can't search for them directly)
|
||||
find %{buildroot}%{mingw32_prefix} | grep -E '.(exe|dll|pyd)$' | sed 's|^%{buildroot}\(.*\)$|%%exclude \1.debug|' > mingw32-openssl.debugfiles
|
||||
find %{buildroot}%{mingw64_prefix} | grep -E '.(exe|dll|pyd)$' | sed 's|^%{buildroot}\(.*\)$|%%exclude \1.debug|' > mingw64-openssl.debugfiles
|
||||
|
||||
|
||||
# Win32
|
||||
%files -n mingw32-openssl -f mingw32-openssl.debugfiles
|
||||
%doc build_win32/LICENSE
|
||||
%{mingw32_bindir}/openssl.exe
|
||||
%{mingw32_bindir}/c_rehash
|
||||
%{mingw32_bindir}/libcrypto-%{soversion}.dll
|
||||
%{mingw32_bindir}/libssl-%{soversion}.dll
|
||||
%{mingw32_libdir}/libcrypto.dll.a
|
||||
%{mingw32_libdir}/libssl.dll.a
|
||||
%{mingw32_libdir}/engines
|
||||
%{mingw32_libdir}/pkgconfig/*.pc
|
||||
%{mingw32_includedir}/openssl
|
||||
%config(noreplace) %{mingw32_sysconfdir}/pki
|
||||
|
||||
%files -n mingw32-openssl-static
|
||||
%{mingw32_libdir}/libcrypto.a
|
||||
%{mingw32_libdir}/libssl.a
|
||||
|
||||
# Win64
|
||||
%files -n mingw64-openssl -f mingw64-openssl.debugfiles
|
||||
%doc build_win64/LICENSE
|
||||
%{mingw64_bindir}/openssl.exe
|
||||
%{mingw64_bindir}/c_rehash
|
||||
%{mingw64_bindir}/libcrypto-%{soversion}.dll
|
||||
%{mingw64_bindir}/libssl-%{soversion}.dll
|
||||
%{mingw64_libdir}/libcrypto.dll.a
|
||||
%{mingw64_libdir}/libssl.dll.a
|
||||
%{mingw64_libdir}/engines
|
||||
%{mingw64_libdir}/pkgconfig/*.pc
|
||||
%{mingw64_includedir}/openssl
|
||||
%config(noreplace) %{mingw64_sysconfdir}/pki
|
||||
|
||||
%files -n mingw64-openssl-static
|
||||
%{mingw64_libdir}/libcrypto.a
|
||||
%{mingw64_libdir}/libssl.a
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Aug 19 2019 Victor Toso <victortoso@redhat.com> - 1.0.2k-2
|
||||
- Remove not applied patchs from the source list
|
||||
Related: rhbz#1704077
|
||||
|
||||
* Fri Aug 24 2018 Christophe Fergeau <cfergeau@redhat.com> - 1.0.2k-1
|
||||
- Sync with rhel 7.6 OpenSSL 1.0.2k+patches in order to get the latest security
|
||||
fixes
|
||||
- Related: rhbz#1615874
|
||||
|
||||
* Tue Aug 14 2018 Victor Toso <victortoso@redhat.com> - 1.0.2h-7
|
||||
- ExclusiveArch: i686, x86_64
|
||||
- Related: rhbz#1615874
|
||||
|
||||
* Thu May 31 2018 Richard W.M. Jones <rjones@redhat.com> - 1.0.2h-6
|
||||
- Remove mktemp build dependency, part of coreutils.
|
||||
|
||||
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2h-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Sat Sep 09 2017 Sandro Mani <manisandro@gmail.com> - 1.0.2h-4
|
||||
- Exclude *.debug files from non-debug packages
|
||||
|
||||
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2h-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2h-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Sat May 7 2016 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.2h-1
|
||||
- Synced with native openssl-1.0.2h-1
|
||||
- Fixes RHBZ #1332591 #1332589 #1330104 #1312861 #1312857 #1307773 #1302768
|
||||
|
||||
* Sat Feb 6 2016 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.2f-1
|
||||
- Synced with native openssl-1.0.2f-2
|
||||
- Fixes RHBZ #1239685 #1290334 #1302768
|
||||
|
||||
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2a-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.2a-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
* Fri Apr 24 2015 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.2a-1
|
||||
- Synced with native openssl-1.0.2a-1.fc23
|
||||
- Fixes various CVE's (RHBZ #1203855 #1203856)
|
||||
|
||||
* Mon Dec 22 2014 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.1j-1
|
||||
- Synced with native openssl-1.0.1j-3.fc22
|
||||
- Add support for RFC 5649
|
||||
- Prevent compiler warning "Please include winsock2.h before windows.h"
|
||||
when using the OpenSSL headers
|
||||
- Fixes various CVE's (RHBZ #1127889 #1127709 #1152851)
|
||||
|
||||
* Thu Aug 21 2014 Marc-André Lureau <marcandre.lureau@redhat.com> - 1.0.1i-1
|
||||
- Synced with native openssl-1.0.1i-3.fc21
|
||||
- Fixes various flaws (RHBZ#1096234 and RHBZ#1127705)
|
||||
CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3511
|
||||
CVE-2014-3510 CVE-2014-3508 CVE-2014-3509 CVE-2014-0221
|
||||
CVE-2014-0198 CVE-2014-0224 CVE-2014-0195 CVE-2010-5298
|
||||
CVE-2014-3470
|
||||
|
||||
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.1e-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||
|
||||
* Wed Apr 9 2014 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.1e-6
|
||||
- Synced patches with native openssl-1.0.1e-44.fc21
|
||||
- Fixes CVE-2014-0160 (RHBZ #1085066)
|
||||
|
||||
* Sat Jan 25 2014 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.1e-5
|
||||
- Synced patches with native openssl-1.0.1e-38.fc21
|
||||
- Enable ECC support (RHBZ #1037919)
|
||||
- Fixes CVE-2013-6450 (RHBZ #1047844)
|
||||
- Fixes CVE-2013-4353 (RHBZ #1049062)
|
||||
- Fixes CVE-2013-6449 (RHBZ #1045444)
|
||||
|
||||
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.1e-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||
|
||||
* Wed Jul 10 2013 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.1e-3
|
||||
- Rebuild to resolve InterlockedCompareExchange regression in mingw32 libraries
|
||||
|
||||
* Fri May 10 2013 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.1e-2
|
||||
- Fix build of manual pages with current pod2man (#959439)
|
||||
|
||||
* Sun Mar 24 2013 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.1e-1
|
||||
- Update to 1.0.1e (RHBZ #920868)
|
||||
- Synced patches with native openssl-1.0.1e-4.fc19
|
||||
|
||||
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.1c-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
||||
|
||||
* Fri Jan 11 2013 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.1c-2
|
||||
- Fix FTBFS against latest pod2man
|
||||
|
||||
* Fri Nov 9 2012 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.1c-1
|
||||
- Update to 1.0.1c
|
||||
- Synced patches with native openssl-1.0.1c-7.fc19
|
||||
|
||||
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0d-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||
|
||||
* Sat Mar 10 2012 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.0d-6
|
||||
- Added win64 support
|
||||
|
||||
* Wed Mar 07 2012 Kalev Lember <kalevlember@gmail.com> - 1.0.0d-5
|
||||
- Pass the path to perl interpreter to Configure
|
||||
|
||||
* Tue Mar 06 2012 Kalev Lember <kalevlember@gmail.com> - 1.0.0d-4
|
||||
- Renamed the source package to mingw-openssl (#800443)
|
||||
- Modernize the spec file
|
||||
- Use mingw macros without leading underscore
|
||||
|
||||
* Mon Feb 27 2012 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.0d-3
|
||||
- Rebuild against the mingw-w64 toolchain
|
||||
|
||||
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0d-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||
|
||||
* Sat Apr 23 2011 Kalev Lember <kalev@smartlink.ee> - 1.0.0d-1
|
||||
- Update to 1.0.0d
|
||||
- Synced patches with Fedora native openssl-1.0.0d-2
|
||||
|
||||
* Fri Mar 04 2011 Kai Tietz <ktietz@redhat.com>
|
||||
- Fixes for CVE-2011-0014 openssl: OCSP stapling vulnerability
|
||||
|
||||
* Thu Mar 3 2011 Kai Tietz <ktietz@redhat.com> - 1.0.0a-3
|
||||
- Bump and rebuild.
|
||||
|
||||
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0a-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||
|
||||
* Sat Jun 19 2010 Kalev Lember <kalev@smartlink.ee> - 1.0.0a-1
|
||||
- Updated to openssl 1.0.0a
|
||||
- Synced patches with Fedora native openssl-1.0.0a-1
|
||||
- Use sed to fix up cflags instead of unmaintainable patch
|
||||
- Rebased mingw32 specific patches
|
||||
- Disabled capieng to fix build
|
||||
- Properly regenerate def files with mkdef.pl and drop linker-fix.patch
|
||||
|
||||
* Thu Nov 26 2009 Kalev Lember <kalev@smartlink.ee> - 1.0.0-0.6.beta4
|
||||
- Merged patches from native Fedora openssl (up to 1.0.0-0.16.beta4)
|
||||
- Dropped the patch to fix non-fips mingw build,
|
||||
as it's now merged into fips patch from native openssl
|
||||
|
||||
* Sun Nov 22 2009 Kalev Lember <kalev@smartlink.ee> - 1.0.0-0.5.beta4
|
||||
- Updated to version 1.0.0 beta 4
|
||||
- Merged patches from native Fedora openssl (up to 1.0.0-0.15.beta4)
|
||||
- Added patch to fix build with fips disabled
|
||||
|
||||
* Fri Sep 18 2009 Kalev Lember <kalev@smartlink.ee> - 1.0.0-0.4.beta3
|
||||
- Rebuilt to fix debuginfo
|
||||
|
||||
* Sun Aug 30 2009 Kalev Lember <kalev@smartlink.ee> - 1.0.0-0.3.beta3
|
||||
- Simplified the lib renaming patch
|
||||
|
||||
* Sun Aug 30 2009 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.0-0.2.beta3
|
||||
- Fixed invalid RPM Provides
|
||||
|
||||
* Fri Aug 28 2009 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.0-0.1.beta3
|
||||
- Update to version 1.0.0 beta 3
|
||||
- Use %%global instead of %%define
|
||||
- Automatically generate debuginfo subpackage
|
||||
- Merged various changes from the native Fedora package (up to 1.0.0-0.5.beta3)
|
||||
- Don't use the %%{_mingw32_make} macro anymore as it's ugly and causes side-effects
|
||||
- Added missing BuildRequires mingw32-dlfcn (Kalev Lember)
|
||||
- Reworked patches to rename *eay32.dll to lib*.dll (Kalev Lember)
|
||||
- Patch Configure script to use %%{_mingw32_cflags} (Kalev Lember)
|
||||
|
||||
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.8j-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||
|
||||
* Sat May 9 2009 Erik van Pienbroek <epienbro@fedoraproject.org> - 0.9.8j-6
|
||||
- Add the file include/openssl/applink.c to the package (BZ #499934)
|
||||
|
||||
* Tue Apr 14 2009 Erik van Pienbroek <epienbro@fedoraproject.org> - 0.9.8j-5
|
||||
- Fixed %%defattr line
|
||||
- Added -static subpackage
|
||||
|
||||
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.8j-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
||||
|
||||
* Fri Feb 20 2009 Richard W.M. Jones <rjones@redhat.com> - 0.9.8j-3
|
||||
- Rebuild for mingw32-gcc 4.4
|
||||
|
||||
* Mon Feb 2 2009 Levente Farkas <lfarkas@lfarkas.org> - 0.9.8j-2
|
||||
- Various build fixes.
|
||||
|
||||
* Wed Jan 28 2009 Levente Farkas <lfarkas@lfarkas.org> - 0.9.8j-1
|
||||
- update to new upstream version.
|
||||
|
||||
* Mon Dec 29 2008 Levente Farkas <lfarkas@lfarkas.org> - 0.9.8g-2
|
||||
- minor cleanup.
|
||||
|
||||
* Tue Sep 30 2008 Richard W.M. Jones <rjones@redhat.com> - 0.9.8g-1
|
||||
- Initial RPM release.
|
Loading…
Reference in new issue