import openssl-3.0.1-43.el9_0

c9 imports/c9/openssl-3.0.1-43.el9_0
CentOS Sources 2 years ago committed by MSVSphere Packaging Team
commit 0f30ebffe9

1
.gitignore vendored

@ -0,0 +1 @@
SOURCES/openssl-3.0.1-hobbled.tar.xz

@ -0,0 +1 @@
1170b5119f0e591f6a2515d099abd06d0184f77c SOURCES/openssl-3.0.1-hobbled.tar.xz

@ -0,0 +1,33 @@
From 603a35802319c0459737e3f067369ceb990fe2e6 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 09:01:41 +0200
Subject: Aarch64 and ppc64le use lib64
(Was openssl-1.1.1-build.patch)
---
Configurations/10-main.conf | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index d7580bf3e1..a7dbfd7f40 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -723,6 +723,7 @@ my %targets = (
lib_cppflags => add("-DL_ENDIAN"),
asm_arch => 'ppc64',
perlasm_scheme => "linux64le",
+ multilib => "64",
},
"linux-armv4" => {
@@ -765,6 +766,7 @@ my %targets = (
inherit_from => [ "linux-generic64" ],
asm_arch => 'aarch64',
perlasm_scheme => "linux64",
+ multilib => "64",
},
"linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
inherit_from => [ "linux-generic32" ],
--
2.26.2

@ -0,0 +1,68 @@
From 41df9ae215cee9574e17e6f887c96a7c97d588f5 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 09:03:40 +0200
Subject: Use more general default values in openssl.cnf
Also set sha256 as default hash, although that should not be
necessary anymore.
(was openssl-1.1.1-defaults.patch)
---
apps/openssl.cnf | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 97567a67be..eb25a0ac48 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -104,7 +104,7 @@ cert_opt = ca_default # Certificate field options
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
-default_md = default # use public key default MD
+default_md = sha256 # use SHA-256 by default
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
@@ -136,6 +136,7 @@ emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
+default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
@@ -158,17 +159,18 @@ string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
-countryName_default = AU
+countryName_default = XX
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
+#stateOrProvinceName_default = Default Province
localityName = Locality Name (eg, city)
+localityName_default = Default City
0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
+0.organizationName_default = Default Company Ltd
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
@@ -177,7 +179,7 @@ localityName = Locality Name (eg, city)
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
-commonName = Common Name (e.g. server FQDN or YOUR name)
+commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
--
2.26.2

@ -0,0 +1,26 @@
From 3d5755df8d09ca841c0aca2d7344db060f6cc97f Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 09:05:55 +0200
Subject: Do not install html docs
(was openssl-1.1.1-no-html.patch)
---
Configurations/unix-Makefile.tmpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 342e46d24d..9f369edf0e 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -554,7 +554,7 @@ install_sw: install_dev install_engines install_modules install_runtime
uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev
-install_docs: install_man_docs install_html_docs
+install_docs: install_man_docs
uninstall_docs: uninstall_man_docs uninstall_html_docs
$(RM) -r $(DESTDIR)$(DOCDIR)
--
2.26.2

@ -0,0 +1,73 @@
From 6790960076742a9053c624e26fbb87fcd5789e27 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 09:17:26 +0200
Subject: Override default paths for the CA directory tree
Also add default section to load crypto-policies configuration
for TLS.
It needs to be reverted before running tests.
(was openssl-1.1.1-conf-paths.patch)
---
apps/CA.pl.in | 2 +-
apps/openssl.cnf | 20 ++++++++++++++++++--
2 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index c0afb96716..d6a5fabd16 100644
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -29,7 +29,7 @@ my $X509 = "$openssl x509";
my $PKCS12 = "$openssl pkcs12";
# Default values for various configuration settings.
-my $CATOP = "./demoCA";
+my $CATOP = "/etc/pki/CA";
my $CAKEY = "cakey.pem";
my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem";
diff -up openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls openssl-3.0.0-alpha16/apps/openssl.cnf
--- openssl-3.0.0-alpha16/apps/openssl.cnf.default-tls 2021-07-06 13:41:39.204978272 +0200
+++ openssl-3.0.0-alpha16/apps/openssl.cnf 2021-07-06 13:49:50.362857683 +0200
@@ -53,6 +53,8 @@ tsa_policy3 = 1.2.3.4.5.7
[openssl_init]
providers = provider_sect
+# Load default TLS policy configuration
+ssl_conf = ssl_module
# List of providers to load
[provider_sect]
@@ -64,6 +66,13 @@ default = default_sect
[default_sect]
# activate = 1
+[ ssl_module ]
+
+system_default = crypto_policy
+
+[ crypto_policy ]
+
+.include = /etc/crypto-policies/back-ends/opensslcnf.config
####################################################################
[ ca ]
@@ -72,7 +81,7 @@ default_ca = CA_default # The default c
####################################################################
[ CA_default ]
-dir = ./demoCA # Where everything is kept
+dir = /etc/pki/CA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
@@ -304,7 +313,7 @@ default_tsa = tsa_config1 # the default
[ tsa_config1 ]
# These are used by the TSA reply generation only.
-dir = ./demoCA # TSA root directory
+dir = /etc/pki/CA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate

@ -0,0 +1,28 @@
From 3d8fa9859501b07e02b76b5577e2915d5851e927 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 09:27:18 +0200
Subject: apps/ca: fix md option help text
upstreamable
(was openssl-1.1.1-apps-dgst.patch)
---
apps/ca.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/apps/ca.c b/apps/ca.c
index 0f21b4fa1c..3d4b2c1673 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -209,7 +209,7 @@ const OPTIONS ca_options[] = {
{"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
OPT_SECTION("Signing"),
- {"md", OPT_MD, 's', "Digest to use, such as sha256"},
+ {"md", OPT_MD, 's', "Digest to use, such as sha256; see openssl help for list"},
{"keyfile", OPT_KEYFILE, 's', "The CA private key"},
{"keyform", OPT_KEYFORM, 'f',
"Private key file format (ENGINE, other values ignored)"},
--
2.26.2

@ -0,0 +1,29 @@
From 3f9deff30ae6efbfe979043b00cdf649b39793c0 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 09:51:34 +0200
Subject: Disable signature verification with totally unsafe hash algorithms
(was openssl-1.1.1-no-weak-verify.patch)
---
crypto/asn1/a_verify.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index b7eed914b0..af62f0ef08 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -152,6 +152,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
if (ret <= 1)
goto err;
+ } else if ((mdnid == NID_md5
+ && ossl_safe_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
+ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
+ ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+ goto err;
} else {
const EVP_MD *type = NULL;
--
2.26.2

@ -0,0 +1,323 @@
From 736d709ec194b3a763e004696df22792c62a11fc Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 Sep 2020 10:16:46 +0200
Subject: Add support for PROFILE=SYSTEM system default cipherlist
(was openssl-1.1.1-system-cipherlist.patch)
---
Configurations/unix-Makefile.tmpl | 5 ++
Configure | 10 +++-
doc/man1/openssl-ciphers.pod.in | 9 ++++
include/openssl/ssl.h.in | 5 ++
ssl/ssl_ciph.c | 88 +++++++++++++++++++++++++++----
ssl/ssl_lib.c | 4 +-
test/cipherlist_test.c | 2 +
util/libcrypto.num | 1 +
8 files changed, 110 insertions(+), 14 deletions(-)
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 9f369edf0e..c52389f831 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -269,6 +269,10 @@ MANDIR=$(INSTALLTOP)/share/man
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
HTMLDIR=$(DOCDIR)/html
+{- output_off() if $config{system_ciphers_file} eq ""; "" -}
+SYSTEM_CIPHERS_FILE_DEFINE=-DSYSTEM_CIPHERS_FILE="\"{- $config{system_ciphers_file} -}\""
+{- output_on() if $config{system_ciphers_file} eq ""; "" -}
+
# MANSUFFIX is for the benefit of anyone who may want to have a suffix
# appended after the manpage file section number. "ssl" is popular,
# resulting in files such as config.5ssl rather than config.5.
@@ -292,6 +296,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
CPPFLAGS={- our $cppflags1 = join(" ",
(map { "-D".$_} @{$config{CPPDEFINES}}),
+ "\$(SYSTEM_CIPHERS_FILE_DEFINE)",
(map { "-I".$_} @{$config{CPPINCLUDES}}),
@{$config{CPPFLAGS}}) -}
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
index b4ed3e51d5..2122e6bdfd 100644
--- a/doc/man1/openssl-ciphers.pod.in
+++ b/doc/man1/openssl-ciphers.pod.in
@@ -187,6 +187,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default.
The cipher suites not enabled by B<ALL>, currently B<eNULL>.
+=item B<PROFILE=SYSTEM>
+
+The list of enabled cipher suites will be loaded from the system crypto policy
+configuration file B</etc/crypto-policies/back-ends/openssl.config>.
+See also L<update-crypto-policies(8)>.
+This is the default behavior unless an application explicitly sets a cipher
+list. If used in a cipher list configuration value this string must be at the
+beginning of the cipher list, otherwise it will not be recognized.
+
=item B<HIGH>
"High" encryption cipher suites. This currently means those with key lengths
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index f9a61609e4..c6f95fed3f 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -209,6 +209,11 @@ extern "C" {
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
*/
+# ifdef SYSTEM_CIPHERS_FILE
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
+# else
+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST OSSL_default_cipher_list()
+# endif
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
# define SSL_SENT_SHUTDOWN 1
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index b1d3f7919e..f7cc7fed48 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1411,6 +1411,53 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
return ret;
}
+#ifdef SYSTEM_CIPHERS_FILE
+static char *load_system_str(const char *suffix)
+{
+ FILE *fp;
+ char buf[1024];
+ char *new_rules;
+ const char *ciphers_path;
+ unsigned len, slen;
+
+ if ((ciphers_path = ossl_safe_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
+ ciphers_path = SYSTEM_CIPHERS_FILE;
+ fp = fopen(ciphers_path, "r");
+ if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) {
+ /* cannot open or file is empty */
+ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST);
+ }
+
+ if (fp)
+ fclose(fp);
+
+ slen = strlen(suffix);
+ len = strlen(buf);
+
+ if (buf[len - 1] == '\n') {
+ len--;
+ buf[len] = 0;
+ }
+ if (buf[len - 1] == '\r') {
+ len--;
+ buf[len] = 0;
+ }
+
+ new_rules = OPENSSL_malloc(len + slen + 1);
+ if (new_rules == 0)
+ return NULL;
+
+ memcpy(new_rules, buf, len);
+ if (slen > 0) {
+ memcpy(&new_rules[len], suffix, slen);
+ len += slen;
+ }
+ new_rules[len] = 0;
+
+ return new_rules;
+}
+#endif
+
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
STACK_OF(SSL_CIPHER) **cipher_list,
@@ -1425,15 +1472,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
const SSL_CIPHER **ca_list = NULL;
const SSL_METHOD *ssl_method = ctx->method;
+#ifdef SYSTEM_CIPHERS_FILE
+ char *new_rules = NULL;
+
+ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) {
+ char *p = rule_str + 14;
+
+ new_rules = load_system_str(p);
+ rule_str = new_rules;
+ }
+#endif
/*
* Return with error if nothing to do.
*/
if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
- return NULL;
+ goto err;
if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
- return NULL;
+ goto err;
/*
* To reduce the work to do we only want to process the compiled
@@ -1456,7 +1513,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
if (co_list == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
- return NULL; /* Failure */
+ goto err;
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
@@ -1522,8 +1579,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
* in force within each class
*/
if (!ssl_cipher_strength_sort(&head, &tail)) {
- OPENSSL_free(co_list);
- return NULL;
+ goto err;
}
/*
@@ -1568,9 +1624,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
if (ca_list == NULL) {
- OPENSSL_free(co_list);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
- return NULL; /* Failure */
+ goto err;
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc,
@@ -1596,8 +1651,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
OPENSSL_free(ca_list); /* Not needed anymore */
if (!ok) { /* Rule processing failure */
- OPENSSL_free(co_list);
- return NULL;
+ goto err;
}
/*
@@ -1605,10 +1659,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
* if we cannot get one.
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
- OPENSSL_free(co_list);
- return NULL;
+ goto err;
}
+#ifdef SYSTEM_CIPHERS_FILE
+ OPENSSL_free(new_rules); /* Not needed anymore */
+#endif
+
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
@@ -1656,6 +1714,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
*cipher_list = cipherstack;
return cipherstack;
+
+err:
+ OPENSSL_free(co_list);
+#ifdef SYSTEM_CIPHERS_FILE
+ OPENSSL_free(new_rules);
+#endif
+ return NULL;
+
}
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d14d5819ba..48d491219a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
ctx->tls13_ciphersuites,
&(ctx->cipher_list),
&(ctx->cipher_list_by_id),
- OSSL_default_cipher_list(), ctx->cert);
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert);
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return 0;
@@ -3193,7 +3193,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
if (!ssl_create_cipher_list(ret,
ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id,
- OSSL_default_cipher_list(), ret->cert)
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert)
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
index 380f0727fc..6922a87c30 100644
--- a/test/cipherlist_test.c
+++ b/test/cipherlist_test.c
@@ -244,7 +244,9 @@ end:
int setup_tests(void)
{
+#ifndef SYSTEM_CIPHERS_FILE
ADD_TEST(test_default_cipherlist_implicit);
+#endif
ADD_TEST(test_default_cipherlist_explicit);
ADD_TEST(test_default_cipherlist_clear);
return 1;
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 404a706fab..e81fa9ec3e 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION:
ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
--
2.26.2
diff -up openssl-3.0.0-beta1/Configure.sys-default openssl-3.0.0-beta1/Configure
--- openssl-3.0.0-beta1/Configure.sys-default 2021-06-29 11:47:58.978144386 +0200
+++ openssl-3.0.0-beta1/Configure 2021-06-29 11:52:01.631126260 +0200
@@ -27,7 +27,7 @@ use OpenSSL::config;
my $orig_death_handler = $SIG{__DIE__};
$SIG{__DIE__} = \&death_handler;
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
my $banner = <<"EOF";
@@ -61,6 +61,10 @@ EOF
# given with --prefix.
# This becomes the value of OPENSSLDIR in Makefile and in C.
# (Default: PREFIX/ssl)
+#
+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
+# cipher is specified (default).
+#
# --banner=".." Output specified text instead of default completion banner
#
# -w Don't wait after showing a Configure warning
@@ -385,6 +389,7 @@ $config{prefix}="";
$config{openssldir}="";
$config{processor}="";
$config{libdir}="";
+$config{system_ciphers_file}="";
my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
@@ -987,6 +992,10 @@ while (@argvcopy)
die "FIPS key too long (64 bytes max)\n"
if length $1 > 64;
}
+ elsif (/^--system-ciphers-file=(.*)$/)
+ {
+ $config{system_ciphers_file}=$1;
+ }
elsif (/^--banner=(.*)$/)
{
$banner = $1 . "\n";

@ -0,0 +1,87 @@
From 5b2ec9a54037d7b007324bf53e067e73511cdfe4 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 26 Nov 2020 14:00:16 +0100
Subject: Add FIPS_mode() compatibility macro
The macro calls EVP_default_properties_is_fips_enabled() on the
default context.
---
include/openssl/crypto.h.in | 1 +
include/openssl/fips.h | 25 +++++++++++++++++++++++++
test/property_test.c | 13 +++++++++++++
3 files changed, 39 insertions(+)
create mode 100644 include/openssl/fips.h
diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in
index 1036da9a2b..9d4896fcaf 100644
--- a/include/openssl/crypto.h.in
+++ b/include/openssl/crypto.h.in
@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack_macros);
# include <openssl/opensslconf.h>
# include <openssl/cryptoerr.h>
# include <openssl/core.h>
+# include <openssl/fips.h>
# ifdef CHARSET_EBCDIC
# include <openssl/ebcdic.h>
diff --git a/include/openssl/fips.h b/include/openssl/fips.h
new file mode 100644
index 0000000000..c64f0f8e8f
--- /dev/null
+++ b/include/openssl/fips.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_FIPS_H
+# define OPENSSL_FIPS_H
+# pragma once
+
+# include <openssl/macros.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c
--- openssl-3.0.0-beta1/test/property_test.c.fips-macro 2021-06-29 12:14:58.851557698 +0200
+++ openssl-3.0.0-beta1/test/property_test.c 2021-06-29 12:17:14.630143832 +0200
@@ -488,6 +488,18 @@ static int test_property_list_to_string(
return ret;
}
+static int test_downstream_FIPS_mode(void)
+{
+ int ret = 0;
+
+ ret = TEST_true(EVP_set_default_properties(NULL, "fips=yes"))
+ && TEST_true(FIPS_mode())
+ && TEST_true(EVP_set_default_properties(NULL, "fips=no"))
+ && TEST_false(FIPS_mode());
+
+ return ret;
+}
+
int setup_tests(void)
{
ADD_TEST(test_property_string);
@@ -500,6 +512,7 @@ int setup_tests(void)
ADD_TEST(test_property);
ADD_TEST(test_query_cache_stochastic);
ADD_TEST(test_fips_mode);
+ ADD_TEST(test_downstream_FIPS_mode);
ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
return 1;
}

@ -0,0 +1,71 @@
diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c
--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100
+++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100
@@ -12,11 +12,46 @@
#include "internal/bio.h"
#include "internal/provider.h"
+# include <sys/types.h>
+# include <sys/stat.h>
+# include <fcntl.h>
+# include <unistd.h>
+# include <openssl/evp.h>
+
struct ossl_lib_ctx_onfree_list_st {
ossl_lib_ctx_onfree_fn *fn;
struct ossl_lib_ctx_onfree_list_st *next;
};
+# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
+
+static int kernel_fips_flag;
+
+static void read_kernel_fips_flag(void)
+{
+ char buf[2] = "0";
+ int fd;
+
+ if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
+ buf[0] = '1';
+ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
+ close(fd);
+ }
+
+ if (buf[0] == '1') {
+ kernel_fips_flag = 1;
+ }
+
+ return;
+}
+
+int ossl_get_kernel_fips_flag()
+{
+ return kernel_fips_flag;
+}
+
+
struct ossl_lib_ctx_st {
CRYPTO_RWLOCK *lock;
CRYPTO_EX_DATA data;
@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte
DEFINE_RUN_ONCE_STATIC(default_context_do_init)
{
+ read_kernel_fips_flag();
return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL)
&& context_init(&default_context_int);
}
diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/include/internal/provider.h
--- openssl-3.0.1/include/internal/provider.h.embed-fips 2022-01-11 13:13:08.323238760 +0100
+++ openssl-3.0.1/include/internal/provider.h 2022-01-11 13:13:43.522558909 +0100
@@ -110,6 +110,9 @@ int ossl_provider_init_as_child(OSSL_LIB
const OSSL_DISPATCH *in);
void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx);
+/* FIPS flag access */
+int ossl_get_kernel_fips_flag(void);
+
# ifdef __cplusplus
}
# endif

File diff suppressed because it is too large Load Diff

@ -0,0 +1,122 @@
diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/crypto/ec/ec_asn1.c
--- openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec 2022-03-22 13:10:45.718077845 +0100
+++ openssl-3.0.1/crypto/ec/ec_asn1.c 2022-03-22 13:12:46.626599016 +0100
@@ -895,6 +895,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **
if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT)
group->decoded_from_explicit_params = 1;
+ if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) {
+ EC_GROUP_free(group);
+ ECPKPARAMETERS_free(params);
+ return NULL;
+ }
+
if (a) {
EC_GROUP_free(*a);
*a = group;
@@ -954,6 +959,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
goto err;
}
+ if (EC_GROUP_check_named_curve(ret->group, 0, NULL) == NID_undef) {
+ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
+ goto err;
+ }
+
ret->version = priv_key->version;
if (priv_key->privateKey) {
diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/test/endecode_test.c
--- openssl-3.0.1/test/endecode_test.c.disable_explicit_ec 2022-03-21 16:55:46.005558779 +0100
+++ openssl-3.0.1/test/endecode_test.c 2022-03-21 16:56:12.636792762 +0100
@@ -57,7 +57,7 @@ static BN_CTX *bnctx = NULL;
static OSSL_PARAM_BLD *bld_prime_nc = NULL;
static OSSL_PARAM_BLD *bld_prime = NULL;
static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
-static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
+/*static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;*/
# ifndef OPENSSL_NO_EC2M
static OSSL_PARAM_BLD *bld_tri_nc = NULL;
@@ -990,9 +990,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
-DOMAIN_KEYS(ECExplicitPrime2G);
-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")
-IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
+/*DOMAIN_KEYS(ECExplicitPrime2G);*/
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")*/
+/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
# ifndef OPENSSL_NO_EC2M
DOMAIN_KEYS(ECExplicitTriNamedCurve);
IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
@@ -1318,7 +1318,7 @@ int setup_tests(void)
|| !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
|| !create_ec_explicit_prime_params(bld_prime)
|| !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
- || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
+/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/
# ifndef OPENSSL_NO_EC2M
|| !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
|| !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
@@ -1346,7 +1346,7 @@ int setup_tests(void)
TEST_info("Generating EC keys...");
MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
- MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
+/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/
# ifndef OPENSSL_NO_EC2M
MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
@@ -1389,8 +1389,8 @@ int setup_tests(void)
ADD_TEST_SUITE_LEGACY(EC);
ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
- ADD_TEST_SUITE(ECExplicitPrime2G);
- ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
+/* ADD_TEST_SUITE(ECExplicitPrime2G);*/
+/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/
# ifndef OPENSSL_NO_EC2M
ADD_TEST_SUITE(ECExplicitTriNamedCurve);
ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
@@ -1427,7 +1427,7 @@ void cleanup_tests(void)
{
#ifndef OPENSSL_NO_EC
OSSL_PARAM_free(ec_explicit_prime_params_nc);
- OSSL_PARAM_free(ec_explicit_prime_params_explicit);
+/* OSSL_PARAM_free(ec_explicit_prime_params_explicit);*/
OSSL_PARAM_BLD_free(bld_prime_nc);
OSSL_PARAM_BLD_free(bld_prime);
# ifndef OPENSSL_NO_EC2M
@@ -1449,7 +1449,7 @@ void cleanup_tests(void)
#ifndef OPENSSL_NO_EC
FREE_DOMAIN_KEYS(EC);
FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
- FREE_DOMAIN_KEYS(ECExplicitPrime2G);
+/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/
# ifndef OPENSSL_NO_EC2M
FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
FREE_DOMAIN_KEYS(ECExplicitTri2G);
diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
--- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec 2022-03-25 11:20:50.920949208 +0100
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2022-03-25 11:21:13.177147598 +0100
@@ -121,18 +121,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEB
3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
-----END PRIVATE KEY-----
-PrivateKey = EC_EXPLICIT
------BEGIN PRIVATE KEY-----
-MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
-AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
-///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
-AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
-l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
-AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
-OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
-46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
------END PRIVATE KEY-----
-
PrivateKey = B-163
-----BEGIN PRIVATE KEY-----
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K

@ -0,0 +1,77 @@
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index 78dc69082fab..8a86c9108d0d 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -470,9 +470,6 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
&& (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
return 0;
- if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0
- && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
- return 0;
tmpl = OSSL_PARAM_BLD_new();
if (tmpl == NULL)
diff --git a/test/recipes/15-test_ecparam.t b/test/recipes/15-test_ecparam.t
index 766524e8cfa9..80bac6741290 100644
--- a/test/recipes/15-test_ecparam.t
+++ b/test/recipes/15-test_ecparam.t
@@ -13,7 +13,7 @@ use warnings;
use File::Spec;
use File::Compare qw/compare_text/;
use OpenSSL::Glob;
-use OpenSSL::Test qw/:DEFAULT data_file/;
+use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/;
use OpenSSL::Test::Utils;
setup("test_ecparam");
@@ -25,7 +25,7 @@ my @valid = glob(data_file("valid", "*.pem"));
my @noncanon = glob(data_file("noncanon", "*.pem"));
my @invalid = glob(data_file("invalid", "*.pem"));
-plan tests => 11;
+plan tests => 12;
sub checkload {
my $files = shift; # List of files
@@ -59,6 +59,8 @@ sub checkcompare {
}
}
+my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+
subtest "Check loading valid parameters by ecparam with -check" => sub {
plan tests => scalar(@valid);
checkload(\@valid, 1, "ecparam", "-check");
@@ -113,3 +115,31 @@ subtest "Check pkeyparam does not change the parameter file on output" => sub {
plan tests => 2 * scalar(@valid);
checkcompare(\@valid, "pkeyparam");
};
+
+subtest "Check loading of fips and non-fips params" => sub {
+ plan skip_all => "FIPS is disabled"
+ if $no_fips;
+ plan tests => 3;
+
+ my $fipsconf = srctop_file("test", "fips-and-base.cnf");
+ my $defaultconf = srctop_file("test", "default.cnf");
+
+ $ENV{OPENSSL_CONF} = $fipsconf;
+
+ ok(run(app(['openssl', 'ecparam',
+ '-in', data_file('valid', 'secp384r1-explicit.pem'),
+ '-check'])),
+ "Loading explicitly encoded valid curve");
+
+ ok(run(app(['openssl', 'ecparam',
+ '-in', data_file('valid', 'secp384r1-named.pem'),
+ '-check'])),
+ "Loading named valid curve");
+
+ ok(!run(app(['openssl', 'ecparam',
+ '-in', data_file('valid', 'secp112r1-named.pem'),
+ '-check'])),
+ "Fail loading named non-fips curve");
+
+ $ENV{OPENSSL_CONF} = $defaultconf;
+};

@ -0,0 +1,421 @@
diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
index 9dc143c2ac69..4d6f2a76ad20 100644
--- a/crypto/ec/ec_err.c
+++ b/crypto/ec/ec_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -35,6 +35,8 @@ static const ERR_STRING_DATA EC_str_reasons[] = {
"discriminant is zero"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
"ec group new by name failure"},
+ {ERR_PACK(ERR_LIB_EC, 0, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED),
+ "explicit params not supported"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_FAILED_MAKING_PUBLIC_KEY),
"failed making public key"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"},
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 2aeab7e3b6b5..f686e45f899d 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1387,6 +1387,7 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
}
#endif
+#ifndef FIPS_MODULE
/*
* Check if the explicit parameters group matches any built-in curves.
*
@@ -1424,7 +1425,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
* parameters with one created from a named group.
*/
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
/*
* NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for
* the same curve, we prefer the SECP nid when matching explicit
@@ -1432,7 +1433,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
*/
if (curve_name_nid == NID_wap_wsg_idm_ecid_wtls12)
curve_name_nid = NID_secp224r1;
-#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
+# endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
ret_group = EC_GROUP_new_by_curve_name_ex(libctx, propq, curve_name_nid);
if (ret_group == NULL)
@@ -1467,6 +1468,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
EC_GROUP_free(ret_group);
return NULL;
}
+#endif /* FIPS_MODULE */
static EC_GROUP *group_new_from_name(const OSSL_PARAM *p,
OSSL_LIB_CTX *libctx, const char *propq)
@@ -1536,9 +1538,13 @@ int ossl_ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[])
EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
OSSL_LIB_CTX *libctx, const char *propq)
{
- const OSSL_PARAM *ptmp, *pa, *pb;
+ const OSSL_PARAM *ptmp;
+ EC_GROUP *group = NULL;
+
+#ifndef FIPS_MODULE
+ const OSSL_PARAM *pa, *pb;
int ok = 0;
- EC_GROUP *group = NULL, *named_group = NULL;
+ EC_GROUP *named_group = NULL;
BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL, *cofactor = NULL;
EC_POINT *point = NULL;
int field_bits = 0;
@@ -1546,6 +1552,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
BN_CTX *bnctx = NULL;
const unsigned char *buf = NULL;
int encoding_flag = -1;
+#endif
/* This is the simple named group case */
ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
@@ -1559,6 +1566,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
}
return group;
}
+#ifdef FIPS_MODULE
+ ERR_raise(ERR_LIB_EC, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED);
+ return NULL;
+#else
/* If it gets here then we are trying explicit parameters */
bnctx = BN_CTX_new_ex(libctx);
if (bnctx == NULL) {
@@ -1623,10 +1634,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
/* create the EC_GROUP structure */
group = EC_GROUP_new_curve_GFp(p, a, b, bnctx);
} else {
-#ifdef OPENSSL_NO_EC2M
+# ifdef OPENSSL_NO_EC2M
ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED);
goto err;
-#else
+# else
/* create the EC_GROUP structure */
group = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
if (group != NULL) {
@@ -1636,7 +1647,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
goto err;
}
}
-#endif /* OPENSSL_NO_EC2M */
+# endif /* OPENSSL_NO_EC2M */
}
if (group == NULL) {
@@ -1733,4 +1744,5 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
BN_CTX_free(bnctx);
return group;
+#endif /* FIPS_MODULE */
}
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index c4a94f955905..41df7127403c 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -553,6 +553,7 @@ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
EC_R_DECODE_ERROR:142:decode error
EC_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero
EC_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure
+EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED:127:explicit params not supported
EC_R_FAILED_MAKING_PUBLIC_KEY:166:failed making public key
EC_R_FIELD_TOO_LARGE:143:field too large
EC_R_GF2M_NOT_SUPPORTED:147:gf2m not supported
diff --git a/include/crypto/ecerr.h b/include/crypto/ecerr.h
index 07b6c7aa62dd..4658ae8fb2cd 100644
--- a/include/crypto/ecerr.h
+++ b/include/crypto/ecerr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h
index 49088d208b2c..46405ac62d91 100644
--- a/include/openssl/ecerr.h
+++ b/include/openssl/ecerr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -35,6 +35,7 @@
# define EC_R_DECODE_ERROR 142
# define EC_R_DISCRIMINANT_IS_ZERO 118
# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119
+# define EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED 127
# define EC_R_FAILED_MAKING_PUBLIC_KEY 166
# define EC_R_FIELD_TOO_LARGE 143
# define EC_R_GF2M_NOT_SUPPORTED 147
diff --git a/test/endecode_test.c b/test/endecode_test.c
index 0c33dff0ee2b..3d78bea50ea3 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -147,6 +147,7 @@ typedef int (checker)(const char *file, const int line,
typedef void (dumper)(const char *label, const void *data, size_t data_len);
#define FLAG_DECODE_WITH_TYPE 0x0001
+#define FLAG_FAIL_IF_FIPS 0x0002
static int test_encode_decode(const char *file, const int line,
const char *type, EVP_PKEY *pkey,
@@ -170,8 +171,19 @@ static int test_encode_decode(const char *file, const int line,
* dumping purposes.
*/
if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection,
- output_type, output_structure, pass, pcipher))
- || !TEST_true(check_cb(file, line, type, encoded, encoded_len))
+ output_type, output_structure, pass, pcipher)))
+ goto end;
+
+ if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips) {
+ if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded,
+ encoded_len, output_type, output_structure,
+ (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
+ selection, pass)))
+ ok = 1;
+ goto end;
+ }
+
+ if (!TEST_true(check_cb(file, line, type, encoded, encoded_len))
|| !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len,
output_type, output_structure,
(flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
@@ -525,7 +537,7 @@ static int check_unprotected_PKCS8_DER(const char *file, const int line,
return ok;
}
-static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
+static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips)
{
return test_encode_decode(__FILE__, __LINE__, type, key,
OSSL_KEYMGMT_SELECT_KEYPAIR
@@ -533,7 +545,7 @@ static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
"DER", "PrivateKeyInfo", NULL, NULL,
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
test_mem, check_unprotected_PKCS8_DER,
- dump_der, 0);
+ dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
}
static int check_unprotected_PKCS8_PEM(const char *file, const int line,
@@ -547,7 +559,7 @@ static int check_unprotected_PKCS8_PEM(const char *file, const int line,
sizeof(expected_pem_header) - 1);
}
-static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
+static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips)
{
return test_encode_decode(__FILE__, __LINE__, type, key,
OSSL_KEYMGMT_SELECT_KEYPAIR
@@ -555,7 +567,7 @@ static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
"PEM", "PrivateKeyInfo", NULL, NULL,
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
test_text, check_unprotected_PKCS8_PEM,
- dump_pem, 0);
+ dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
}
#ifndef OPENSSL_NO_KEYPARAMS
@@ -702,7 +714,7 @@ static int check_protected_PKCS8_DER(const char *file, const int line,
return ok;
}
-static int test_protected_via_DER(const char *type, EVP_PKEY *key)
+static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips)
{
return test_encode_decode(__FILE__, __LINE__, type, key,
OSSL_KEYMGMT_SELECT_KEYPAIR
@@ -711,7 +723,7 @@ static int test_protected_via_DER(const char *type, EVP_PKEY *key)
pass, pass_cipher,
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
test_mem, check_protected_PKCS8_DER,
- dump_der, 0);
+ dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
}
static int check_protected_PKCS8_PEM(const char *file, const int line,
@@ -725,7 +737,7 @@ static int check_protected_PKCS8_PEM(const char *file, const int line,
sizeof(expected_pem_header) - 1);
}
-static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
+static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips)
{
return test_encode_decode(__FILE__, __LINE__, type, key,
OSSL_KEYMGMT_SELECT_KEYPAIR
@@ -734,7 +746,7 @@ static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
pass, pass_cipher,
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
test_text, check_protected_PKCS8_PEM,
- dump_pem, 0);
+ dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
}
static int check_protected_legacy_PEM(const char *file, const int line,
@@ -795,14 +807,15 @@ static int check_public_DER(const char *file, const int line,
return ok;
}
-static int test_public_via_DER(const char *type, EVP_PKEY *key)
+static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips)
{
return test_encode_decode(__FILE__, __LINE__, type, key,
OSSL_KEYMGMT_SELECT_PUBLIC_KEY
| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
"DER", "SubjectPublicKeyInfo", NULL, NULL,
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
- test_mem, check_public_DER, dump_der, 0);
+ test_mem, check_public_DER, dump_der,
+ fips ? 0 : FLAG_FAIL_IF_FIPS);
}
static int check_public_PEM(const char *file, const int line,
@@ -816,14 +829,15 @@ static int check_public_PEM(const char *file, const int line,
sizeof(expected_pem_header) - 1);
}
-static int test_public_via_PEM(const char *type, EVP_PKEY *key)
+static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips)
{
return test_encode_decode(__FILE__, __LINE__, type, key,
OSSL_KEYMGMT_SELECT_PUBLIC_KEY
| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
"PEM", "SubjectPublicKeyInfo", NULL, NULL,
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
- test_text, check_public_PEM, dump_pem, 0);
+ test_text, check_public_PEM, dump_pem,
+ fips ? 0 : FLAG_FAIL_IF_FIPS);
}
static int check_public_MSBLOB(const char *file, const int line,
@@ -868,30 +882,30 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
EVP_PKEY_free(template_##KEYTYPE); \
EVP_PKEY_free(key_##KEYTYPE)
-#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr) \
+#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \
static int test_unprotected_##KEYTYPE##_via_DER(void) \
{ \
- return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
+ return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
} \
static int test_unprotected_##KEYTYPE##_via_PEM(void) \
{ \
- return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
+ return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
} \
static int test_protected_##KEYTYPE##_via_DER(void) \
{ \
- return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
+ return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
} \
static int test_protected_##KEYTYPE##_via_PEM(void) \
{ \
- return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
+ return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
} \
static int test_public_##KEYTYPE##_via_DER(void) \
{ \
- return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE); \
+ return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
} \
static int test_public_##KEYTYPE##_via_PEM(void) \
{ \
- return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
+ return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
}
#define ADD_TEST_SUITE(KEYTYPE) \
@@ -965,10 +979,10 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
#ifndef OPENSSL_NO_DH
DOMAIN_KEYS(DH);
-IMPLEMENT_TEST_SUITE(DH, "DH")
+IMPLEMENT_TEST_SUITE(DH, "DH", 1)
IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH")
DOMAIN_KEYS(DHX);
-IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH")
+IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1)
IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
/*
* DH has no support for PEM_write_bio_PrivateKey_traditional(),
@@ -977,7 +991,7 @@ IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
#endif
#ifndef OPENSSL_NO_DSA
DOMAIN_KEYS(DSA);
-IMPLEMENT_TEST_SUITE(DSA, "DSA")
+IMPLEMENT_TEST_SUITE(DSA, "DSA", 1)
IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
@@ -988,41 +1002,41 @@ IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
#endif
#ifndef OPENSSL_NO_EC
DOMAIN_KEYS(EC);
-IMPLEMENT_TEST_SUITE(EC, "EC")
+IMPLEMENT_TEST_SUITE(EC, "EC", 1)
IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC")
IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
-IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
+IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
/*DOMAIN_KEYS(ECExplicitPrime2G);*/
-/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")*/
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
# ifndef OPENSSL_NO_EC2M
DOMAIN_KEYS(ECExplicitTriNamedCurve);
-IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
+IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
DOMAIN_KEYS(ECExplicitTri2G);
-IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC")
+IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0)
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
# endif
KEYS(ED25519);
-IMPLEMENT_TEST_SUITE(ED25519, "ED25519")
+IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1)
KEYS(ED448);
-IMPLEMENT_TEST_SUITE(ED448, "ED448")
+IMPLEMENT_TEST_SUITE(ED448, "ED448", 1)
KEYS(X25519);
-IMPLEMENT_TEST_SUITE(X25519, "X25519")
+IMPLEMENT_TEST_SUITE(X25519, "X25519", 1)
KEYS(X448);
-IMPLEMENT_TEST_SUITE(X448, "X448")
+IMPLEMENT_TEST_SUITE(X448, "X448", 1)
/*
* ED25519, ED448, X25519 and X448 have no support for
* PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
*/
#endif
KEYS(RSA);
-IMPLEMENT_TEST_SUITE(RSA, "RSA")
+IMPLEMENT_TEST_SUITE(RSA, "RSA", 1)
IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
KEYS(RSA_PSS);
-IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS")
+IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1)
/*
* RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
* so no legacy tests.

@ -0,0 +1,140 @@
diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c
index bea01fb38f66..48721369ae8f 100644
--- a/crypto/ec/ec_backend.c
+++ b/crypto/ec/ec_backend.c
@@ -318,6 +318,11 @@ int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
return 0;
}
+ if (!ossl_param_build_set_int(tmpl, params,
+ OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS,
+ group->decoded_from_explicit_params))
+ return 0;
+
curve_nid = EC_GROUP_get_curve_name(group);
/*
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 6b0591c6c8c7..b1696d93bd6d 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1556,13 +1556,23 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
/* This is the simple named group case */
ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
if (ptmp != NULL) {
- group = group_new_from_name(ptmp, libctx, propq);
- if (group != NULL) {
- if (!ossl_ec_group_set_params(group, params)) {
- EC_GROUP_free(group);
- group = NULL;
- }
+ int decoded = 0;
+
+ if ((group = group_new_from_name(ptmp, libctx, propq)) == NULL)
+ return NULL;
+ if (!ossl_ec_group_set_params(group, params)) {
+ EC_GROUP_free(group);
+ return NULL;
+ }
+
+ ptmp = OSSL_PARAM_locate_const(params,
+ OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS);
+ if (ptmp != NULL && !OSSL_PARAM_get_int(ptmp, &decoded)) {
+ ERR_raise(ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS);
+ EC_GROUP_free(group);
+ return NULL;
}
+ group->decoded_from_explicit_params = decoded > 0;
return group;
}
#ifdef FIPS_MODULE
@@ -1733,6 +1743,8 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
EC_GROUP_free(group);
group = named_group;
}
+ /* We've imported the group from explicit parameters, set it so. */
+ group->decoded_from_explicit_params = 1;
ok = 1;
err:
if (!ok) {
diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod
index eed83237c3b2..ee66a074f889 100644
--- a/doc/man7/EVP_PKEY-EC.pod
+++ b/doc/man7/EVP_PKEY-EC.pod
@@ -70,8 +70,8 @@ I<order> multiplied by the I<cofactor> gives the number of points on the curve.
=item "decoded-from-explicit" (B<OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS>) <integer>
-Gets a flag indicating wether the key or parameters were decoded from explicit
-curve parameters. Set to 1 if so or 0 if a named curve was used.
+Sets or gets a flag indicating whether the key or parameters were decoded from
+explicit curve parameters. Set to 1 if so or 0 if a named curve was used.
=item "use-cofactor-flag" (B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH>) <integer>
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index 9260d4bf3635..7aed057cac89 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -525,7 +525,8 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_GENERATOR, NULL, 0), \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_ORDER, NULL, 0), \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_COFACTOR, NULL, 0), \
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0)
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0), \
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, NULL)
# define EC_IMEXPORTABLE_PUBLIC_KEY \
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 700bbd849c95..ede14864d5ac 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -12,7 +12,7 @@ use warnings;
use File::Spec::Functions qw/canonpath/;
use File::Copy;
-use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips with/;
+use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir ok_nofips with/;
use OpenSSL::Test::Utils;
setup("test_verify");
@@ -29,7 +29,7 @@ sub verify {
run(app([@args]));
}
-plan tests => 160;
+plan tests => 163;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -309,6 +309,29 @@ SKIP: {
["ca-cert-ec-named"]),
"accept named curve leaf with named curve intermediate");
}
+# Same as above but with base provider used for decoding
+SKIP: {
+ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+ skip "EC is not supported or FIPS is disabled", 3
+ if disabled("ec") || $no_fips;
+
+ my $provconf = srctop_file("test", "fips-and-base.cnf");
+ my $provpath = bldtop_dir("providers");
+ my @prov = ("-provider-path", $provpath);
+ $ENV{OPENSSL_CONF} = $provconf;
+
+ ok(!verify("ee-cert-ec-explicit", "", ["root-cert"],
+ ["ca-cert-ec-named"], @prov),
+ "reject explicit curve leaf with named curve intermediate w/fips");
+ ok(!verify("ee-cert-ec-named-explicit", "", ["root-cert"],
+ ["ca-cert-ec-explicit"], @prov),
+ "reject named curve leaf with explicit curve intermediate w/fips");
+ ok(verify("ee-cert-ec-named-named", "", ["root-cert"],
+ ["ca-cert-ec-named"], @prov),
+ "accept named curve leaf with named curve intermediate w/fips");
+
+ delete $ENV{OPENSSL_CONF};
+}
# Depth tests, note the depth limit bounds the number of CA certificates
# between the trust-anchor and the leaf, so, for example, with a root->ca->leaf

@ -0,0 +1,75 @@
diff -up openssl-3.0.0/apps/openssl.cnf.legacy-prov openssl-3.0.0/apps/openssl.cnf
--- openssl-3.0.0/apps/openssl.cnf.legacy-prov 2021-09-09 12:06:40.895793297 +0200
+++ openssl-3.0.0/apps/openssl.cnf 2021-09-09 12:12:33.947482500 +0200
@@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
-# For FIPS
-# Optionally include a file that is generated by the OpenSSL fipsinstall
-# application. This file contains configuration data required by the OpenSSL
-# fips provider. It contains a named section e.g. [fips_sect] which is
-# referenced from the [provider_sect] below.
-# Refer to the OpenSSL security policy for more information.
-# .include fipsmodule.cnf
-
[openssl_init]
providers = provider_sect
# Load default TLS policy configuration
ssl_conf = ssl_module
-# List of providers to load
-[provider_sect]
-default = default_sect
-# The fips section name should match the section name inside the
-# included fipsmodule.cnf.
-# fips = fips_sect
+# Uncomment the sections that start with ## below to enable the legacy provider.
+# Loading the legacy provider enables support for the following algorithms:
+# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160
+# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED
+# Key Derivation Function (KDF): PBKDF1
+# In general it is not recommended to use the above mentioned algorithms for
+# security critical operations, as they are cryptographically weak or vulnerable
+# to side-channel attacks and as such have been deprecated.
-# If no providers are activated explicitly, the default one is activated implicitly.
-# See man 7 OSSL_PROVIDER-default for more details.
-#
-# If you add a section explicitly activating any other provider(s), you most
-# probably need to explicitly activate the default provider, otherwise it
-# becomes unavailable in openssl. As a consequence applications depending on
-# OpenSSL may not work correctly which could lead to significant system
-# problems including inability to remotely access the system.
-[default_sect]
-# activate = 1
+[provider_sect]
+default = default_sect
+##legacy = legacy_sect
+##
+[default_sect]
+activate = 1
+
+##[legacy_sect]
+##activate = 1
[ ssl_module ]
diff -up openssl-3.0.0/doc/man5/config.pod.legacy-prov openssl-3.0.0/doc/man5/config.pod
--- openssl-3.0.0/doc/man5/config.pod.legacy-prov 2021-09-09 12:09:38.079040853 +0200
+++ openssl-3.0.0/doc/man5/config.pod 2021-09-09 12:11:56.646224876 +0200
@@ -273,6 +273,14 @@ significant.
All parameters in the section as well as sub-sections are made
available to the provider.
+=head3 Loading the legacy provider
+
+Uncomment the sections that start with ## in openssl.cnf
+to enable the legacy provider.
+Note: In general it is not recommended to use the above mentioned algorithms for
+security critical operations, as they are cryptographically weak or vulnerable
+to side-channel attacks and as such have been deprecated.
+
=head3 Default provider and its activation
If no providers are activated explicitly, the default one is activated implicitly.

@ -0,0 +1,18 @@
diff -up openssl-3.0.0/apps/openssl.cnf.xxx openssl-3.0.0/apps/openssl.cnf
--- openssl-3.0.0/apps/openssl.cnf.xxx 2021-11-23 16:29:50.618691603 +0100
+++ openssl-3.0.0/apps/openssl.cnf 2021-11-23 16:28:16.872882099 +0100
@@ -55,11 +55,11 @@ providers = provider_sect
# to side-channel attacks and as such have been deprecated.
[provider_sect]
-default = default_sect
+##default = default_sect
##legacy = legacy_sect
##
-[default_sect]
-activate = 1
+##[default_sect]
+##activate = 1
##[legacy_sect]
##activate = 1

@ -0,0 +1,40 @@
diff -up openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit openssl-3.0.0/test/recipes/90-test_sslapi.t
--- openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit 2021-09-22 11:56:49.452507975 +0200
+++ openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-09-22 11:57:19.371764742 +0200
@@ -40,7 +40,7 @@ unless ($no_fips) {
srctop_file("test", "recipes", "90-test_sslapi_data",
"passwd.txt"), $tmpfilename, "fips",
srctop_file("test", "fips-and-base.cnf")])),
- "running sslapitest");
+ "running sslapitest - FIPS");
}
unlink $tmpfilename;
diff --git a/test/sslapitest.c b/test/sslapitest.c
index e95d2657f46c..7af0eab3fce0 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -1158,6 +1158,11 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls,
goto end;
}
+ if (is_fips && strstr(cipher, "CHACHA") != NULL) {
+ testresult = TEST_skip("CHACHA is not supported in FIPS");
+ goto end;
+ }
+
/* Create a session based on SHA-256 */
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),
@@ -1292,6 +1297,11 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher)
goto end;
}
+ if (is_fips && strstr(cipher, "CHACHA") != NULL) {
+ testresult = TEST_skip("CHACHA is not supported in FIPS");
+ goto end;
+ }
+
/* Create a session based on SHA-256 */
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(),

@ -0,0 +1,165 @@
#Note: provider_conf_activate() is introduced in downstream only. It is a rewrite
#(partial) of the function provider_conf_load() under the 'if (activate) section.
#If there is any change to this section, after deleting it in provider_conf_load()
#ensure that you also add those changes to the provider_conf_activate() function.
#additionally please add this check for cnf explicitly as shown below.
#'ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;'
diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c
--- openssl-3.0.1/crypto/provider_conf.c.fipsact 2022-05-12 12:44:31.199034948 +0200
+++ openssl-3.0.1/crypto/provider_conf.c 2022-05-12 12:49:17.468318373 +0200
@@ -136,58 +136,18 @@ static int prov_already_activated(const
return 0;
}
-static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
- const char *value, const CONF *cnf)
+static int provider_conf_activate(OSSL_LIB_CTX *libctx,const char *name,
+ const char *value, const char *path,
+ int soft, const CONF *cnf)
{
- int i;
- STACK_OF(CONF_VALUE) *ecmds;
- int soft = 0;
- OSSL_PROVIDER *prov = NULL, *actual = NULL;
- const char *path = NULL;
- long activate = 0;
int ok = 0;
-
- name = skip_dot(name);
- OSSL_TRACE1(CONF, "Configuring provider %s\n", name);
- /* Value is a section containing PROVIDER commands */
- ecmds = NCONF_get_section(cnf, value);
-
- if (!ecmds) {
- ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR,
- "section=%s not found", value);
- return 0;
- }
-
- /* Find the needed data first */
- for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
- CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i);
- const char *confname = skip_dot(ecmd->name);
- const char *confvalue = ecmd->value;
-
- OSSL_TRACE2(CONF, "Provider command: %s = %s\n",
- confname, confvalue);
-
- /* First handle some special pseudo confs */
-
- /* Override provider name to use */
- if (strcmp(confname, "identity") == 0)
- name = confvalue;
- else if (strcmp(confname, "soft_load") == 0)
- soft = 1;
- /* Load a dynamic PROVIDER */
- else if (strcmp(confname, "module") == 0)
- path = confvalue;
- else if (strcmp(confname, "activate") == 0)
- activate = 1;
- }
-
- if (activate) {
- PROVIDER_CONF_GLOBAL *pcgbl
- = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
- &provider_conf_ossl_ctx_method);
+ OSSL_PROVIDER *prov = NULL, *actual = NULL;
+ PROVIDER_CONF_GLOBAL *pcgbl
+ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
+ &provider_conf_ossl_ctx_method);
if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) {
- ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
return 0;
}
if (!prov_already_activated(name, pcgbl->activated_providers)) {
@@ -216,7 +176,7 @@ static int provider_conf_load(OSSL_LIB_C
if (path != NULL)
ossl_provider_set_module_path(prov, path);
- ok = provider_conf_params(prov, NULL, NULL, value, cnf);
+ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;
if (ok) {
if (!ossl_provider_activate(prov, 1, 0)) {
@@ -244,8 +204,59 @@ static int provider_conf_load(OSSL_LIB_C
}
if (!ok)
ossl_provider_free(prov);
+ } else { /* No reason to activate the provider twice, returning OK */
+ ok = 1;
}
CRYPTO_THREAD_unlock(pcgbl->lock);
+ return ok;
+}
+
+static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
+ const char *value, const CONF *cnf)
+{
+ int i;
+ STACK_OF(CONF_VALUE) *ecmds;
+ int soft = 0;
+ const char *path = NULL;
+ long activate = 0;
+ int ok = 0;
+
+ name = skip_dot(name);
+ OSSL_TRACE1(CONF, "Configuring provider %s\n", name);
+ /* Value is a section containing PROVIDER commands */
+ ecmds = NCONF_get_section(cnf, value);
+
+ if (!ecmds) {
+ ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR,
+ "section=%s not found", value);
+ return 0;
+ }
+
+ /* Find the needed data first */
+ for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
+ CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i);
+ const char *confname = skip_dot(ecmd->name);
+ const char *confvalue = ecmd->value;
+
+ OSSL_TRACE2(CONF, "Provider command: %s = %s\n",
+ confname, confvalue);
+
+ /* First handle some special pseudo confs */
+
+ /* Override provider name to use */
+ if (strcmp(confname, "identity") == 0)
+ name = confvalue;
+ else if (strcmp(confname, "soft_load") == 0)
+ soft = 1;
+ /* Load a dynamic PROVIDER */
+ else if (strcmp(confname, "module") == 0)
+ path = confvalue;
+ else if (strcmp(confname, "activate") == 0)
+ activate = 1;
+ }
+
+ if (activate) {
+ ok = provider_conf_activate(libctx, name, value, path, soft, cnf);
} else {
OSSL_PROVIDER_INFO entry;
@@ -306,6 +317,19 @@ static int provider_conf_init(CONF_IMODU
return 0;
}
+ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */
+ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf);
+ PROVIDER_CONF_GLOBAL *pcgbl
+ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
+ &provider_conf_ossl_ctx_method);
+ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1)
+ return 0;
+ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1)
+ return 0;
+ if (EVP_default_properties_enable_fips(libctx, 1) != 1)
+ return 0;
+ }
+
return 1;
}

@ -0,0 +1,223 @@
diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/providers/fips/self_test.c
--- openssl-3.0.0/providers/fips/self_test.c.embed-hmac 2021-11-16 13:57:05.127171056 +0100
+++ openssl-3.0.0/providers/fips/self_test.c 2021-11-16 14:07:21.963412455 +0100
@@ -171,11 +171,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void)
}
#endif
+#define HMAC_LEN 32
+/*
+ * The __attribute__ ensures we've created the .rodata1 section
+ * static ensures it's zero filled
+*/
+static const unsigned char __attribute__ ((section (".rodata1"))) fips_hmac_container[HMAC_LEN] = {0};
+
/*
* Calculate the HMAC SHA256 of data read using a BIO and read_cb, and verify
* the result matches the expected value.
* Return 1 if verified, or 0 if it fails.
*/
+#ifndef __USE_GNU
+#define __USE_GNU
+#include <dlfcn.h>
+#undef __USE_GNU
+#else
+#include <dlfcn.h>
+#endif
+#include <link.h>
+
static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
unsigned char *expected, size_t expected_len,
OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
@@ -183,14 +199,26 @@ static int verify_integrity(OSSL_CORE_BI
{
int ret = 0, status;
unsigned char out[MAX_MD_SIZE];
- unsigned char buf[INTEGRITY_BUF_SIZE];
+ unsigned char buf[INTEGRITY_BUF_SIZE+HMAC_LEN];
size_t bytes_read = 0, out_len = 0;
EVP_MAC *mac = NULL;
EVP_MAC_CTX *ctx = NULL;
OSSL_PARAM params[2], *p = params;
+ Dl_info info;
+ void *extra_info = NULL;
+ struct link_map *lm = NULL;
+ unsigned long paddr;
+ unsigned long off = 0;
+ int have_rest = 0;
OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
+ if (!dladdr1 ((const void *)fips_hmac_container,
+ &info, &extra_info, RTLD_DL_LINKMAP))
+ goto err;
+ lm = extra_info;
+ paddr = (unsigned long)fips_hmac_container - lm->l_addr;
+
mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
if (mac == NULL)
goto err;
@@ -204,12 +233,53 @@ static int verify_integrity(OSSL_CORE_BI
if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
goto err;
+ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read);
+ if (status != 1 || bytes_read != HMAC_LEN)
+ goto err;
+ off += HMAC_LEN;
+
while (1) {
- status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read);
- if (status != 1)
+ status = read_ex_cb(bio, buf+HMAC_LEN, INTEGRITY_BUF_SIZE, &bytes_read);
+ if (status != 1) {
+ have_rest = 1;
+ break;
+ }
+
+ if (bytes_read == INTEGRITY_BUF_SIZE) { /* Full block */
+ /* Logic:
+ * We have HMAC_LEN (read before) + INTEGRITY_BUF_SIZE (read now) in buffer
+ * We calculate HMAC from first INTEGRITY_BUF_SIZE bytes
+ * and move last HMAC_LEN bytes to the beginning of the buffer
+ *
+ * If we have read (a part of) buffer fips_hmac_container
+ * we should replace it with zeros.
+ * If it is inside our current buffer, we will update now.
+ * If it intersects the upper bound, we will clean up on the next step.
+ */
+ if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read)
+ memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN);
+ off += bytes_read;
+
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
+ goto err;
+ memcpy (buf, buf+INTEGRITY_BUF_SIZE, HMAC_LEN);
+ } else { /* Final block */
+ /* Logic is basically the same as in previous branch
+ * but we calculate HMAC from HMAC_LEN (rest of previous step)
+ * and bytes_read read on this step
+ * */
+ if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read)
+ memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN);
+ if (!EVP_MAC_update(ctx, buf, bytes_read+HMAC_LEN))
+ goto err;
+ off += bytes_read;
break;
- if (!EVP_MAC_update(ctx, buf, bytes_read))
+ }
+ }
+ if (have_rest) {
+ if (!EVP_MAC_update(ctx, buf, HMAC_LEN))
goto err;
+ off += HMAC_LEN;
}
if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
goto err;
@@ -284,8 +358,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
CRYPTO_THREAD_unlock(fips_state_lock);
}
- if (st == NULL
- || st->module_checksum_data == NULL) {
+ if (st == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
goto end;
}
@@ -294,8 +367,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
if (ev == NULL)
goto end;
- module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data,
- &checksum_len);
+ module_checksum = fips_hmac_container;
+ checksum_len = sizeof(fips_hmac_container);
+
if (module_checksum == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
goto end;
@@ -357,7 +431,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
ok = 1;
end:
OSSL_SELF_TEST_free(ev);
- OPENSSL_free(module_checksum);
OPENSSL_free(indicator_checksum);
if (st != NULL) {
diff -ruN openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t
--- openssl-3.0.0/test/recipes/00-prep_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200
+++ openssl-3.0.0-xxx/test/recipes/00-prep_fipsmodule_cnf.t 2021-11-18 09:39:53.386817874 +0100
@@ -20,7 +20,7 @@
use lib bldtop_dir('.');
use platform;
-my $no_check = disabled("fips");
+my $no_check = 1;
plan skip_all => "FIPS module config file only supported in a fips build"
if $no_check;
diff -ruN openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t
--- openssl-3.0.0/test/recipes/01-test_fipsmodule_cnf.t 2021-09-07 13:46:32.000000000 +0200
+++ openssl-3.0.0-xxx/test/recipes/01-test_fipsmodule_cnf.t 2021-11-18 09:59:02.315619486 +0100
@@ -23,7 +23,7 @@
use lib bldtop_dir('.');
use platform;
-my $no_check = disabled("fips");
+my $no_check = 1;
plan skip_all => "Test only supported in a fips build"
if $no_check;
plan tests => 1;
diff -ruN openssl-3.0.0/test/recipes/03-test_fipsinstall.t openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t
--- openssl-3.0.0/test/recipes/03-test_fipsinstall.t 2021-09-07 13:46:32.000000000 +0200
+++ openssl-3.0.0-xxx/test/recipes/03-test_fipsinstall.t 2021-11-18 09:59:55.365072074 +0100
@@ -22,7 +22,7 @@
use lib bldtop_dir('.');
use platform;
-plan skip_all => "Test only supported in a fips build" if disabled("fips");
+plan skip_all => "Test only supported in a fips build" if 1;
plan tests => 29;
diff -ruN openssl-3.0.0/test/recipes/30-test_defltfips.t openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t
--- openssl-3.0.0/test/recipes/30-test_defltfips.t 2021-09-07 13:46:32.000000000 +0200
+++ openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t 2021-11-18 10:22:54.179659682 +0100
@@ -21,7 +21,7 @@
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
plan tests =>
($no_fips ? 1 : 5);
diff -ruN openssl-3.0.0/test/recipes/80-test_ssl_new.t openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t
--- openssl-3.0.0/test/recipes/80-test_ssl_new.t 2021-09-07 13:46:32.000000000 +0200
+++ openssl-3.0.0-xxx/test/recipes/80-test_ssl_new.t 2021-11-18 10:18:53.391721164 +0100
@@ -23,7 +23,7 @@
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
diff -ruN openssl-3.0.0/test/recipes/90-test_sslapi.t openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t
--- openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-11-18 10:32:17.734196705 +0100
+++ openssl-3.0.0-xxx/test/recipes/90-test_sslapi.t 2021-11-18 10:18:30.695538445 +0100
@@ -18,7 +18,7 @@
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
--- /dev/null 2021-11-16 15:27:32.915000000 +0100
+++ openssl-3.0.0/test/fipsmodule.cnf 2021-11-18 11:15:34.538060408 +0100
@@ -0,0 +1,2 @@
+[fips_sect]
+activate = 1

@ -0,0 +1,406 @@
diff -up openssl-3.0.0/apps/fipsinstall.c.xxx openssl-3.0.0/apps/fipsinstall.c
--- openssl-3.0.0/apps/fipsinstall.c.xxx 2021-11-22 13:09:28.232560235 +0100
+++ openssl-3.0.0/apps/fipsinstall.c 2021-11-22 13:12:22.272058910 +0100
@@ -311,6 +311,9 @@ int fipsinstall_main(int argc, char **ar
EVP_MAC *mac = NULL;
CONF *conf = NULL;
+ BIO_printf(bio_err, "This command is not enabled in the Red Hat Enterprise Linux OpenSSL build, please consult Red Hat documentation to learn how to enable FIPS mode\n");
+ return 1;
+
if ((opts = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
diff -up openssl-3.0.0/doc/man1/openssl.pod.xxx openssl-3.0.0/doc/man1/openssl.pod
--- openssl-3.0.0/doc/man1/openssl.pod.xxx 2021-11-22 13:18:51.081406990 +0100
+++ openssl-3.0.0/doc/man1/openssl.pod 2021-11-22 13:19:02.897508738 +0100
@@ -158,10 +158,6 @@ Engine (loadable module) information and
Error Number to Error String Conversion.
-=item B<fipsinstall>
-
-FIPS configuration installation.
-
=item B<gendsa>
Generation of DSA Private Key from Parameters. Superseded by
diff -up openssl-3.0.0/doc/man5/config.pod.xxx openssl-3.0.0/doc/man5/config.pod
--- openssl-3.0.0/doc/man5/config.pod.xxx 2021-11-22 13:24:51.359509501 +0100
+++ openssl-3.0.0/doc/man5/config.pod 2021-11-22 13:26:02.360121820 +0100
@@ -573,7 +573,6 @@ configuration files using that syntax wi
=head1 SEE ALSO
L<openssl-x509(1)>, L<openssl-req(1)>, L<openssl-ca(1)>,
-L<openssl-fipsinstall(1)>,
L<ASN1_generate_nconf(3)>,
L<EVP_set_default_properties(3)>,
L<CONF_modules_load(3)>,
diff -up openssl-3.0.0/doc/man5/fips_config.pod.xxx openssl-3.0.0/doc/man5/fips_config.pod
--- openssl-3.0.0/doc/man5/fips_config.pod.xxx 2021-11-22 13:21:13.812636065 +0100
+++ openssl-3.0.0/doc/man5/fips_config.pod 2021-11-22 13:24:12.278172847 +0100
@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration
=head1 DESCRIPTION
-A separate configuration file, using the OpenSSL L<config(5)> syntax,
-is used to hold information about the FIPS module. This includes a digest
-of the shared library file, and status about the self-testing.
-This data is used automatically by the module itself for two
-purposes:
-
-=over 4
-
-=item - Run the startup FIPS self-test known answer tests (KATS).
-
-This is normally done once, at installation time, but may also be set up to
-run each time the module is used.
-
-=item - Verify the module's checksum.
-
-This is done each time the module is used.
-
-=back
-
-This file is generated by the L<openssl-fipsinstall(1)> program, and
-used internally by the FIPS module during its initialization.
-
-The following options are supported. They should all appear in a section
-whose name is identified by the B<fips> option in the B<providers>
-section, as described in L<config(5)/Provider Configuration Module>.
-
-=over 4
-
-=item B<activate>
-
-If present, the module is activated. The value assigned to this name is not
-significant.
-
-=item B<install-version>
-
-A version number for the fips install process. Should be 1.
-
-=item B<conditional-errors>
-
-The FIPS module normally enters an internal error mode if any self test fails.
-Once this error mode is active, no services or cryptographic algorithms are
-accessible from this point on.
-Continuous tests are a subset of the self tests (e.g., a key pair test during key
-generation, or the CRNG output test).
-Setting this value to C<0> allows the error mode to not be triggered if any
-continuous test fails. The default value of C<1> will trigger the error mode.
-Regardless of the value, the operation (e.g., key generation) that called the
-continuous test will return an error code if its continuous test fails. The
-operation may then be retried if the error mode has not been triggered.
-
-=item B<security-checks>
-
-This indicates if run-time checks related to enforcement of security parameters
-such as minimum security strength of keys and approved curve names are used.
-A value of '1' will perform the checks, otherwise if the value is '0' the checks
-are not performed and FIPS compliance must be done by procedures documented in
-the relevant Security Policy.
-
-=item B<module-mac>
-
-The calculated MAC of the FIPS provider file.
-
-=item B<install-status>
-
-An indicator that the self-tests were successfully run.
-This should only be written after the module has
-successfully passed its self tests during installation.
-If this field is not present, then the self tests will run when the module
-loads.
-
-=item B<install-mac>
-
-A MAC of the value of the B<install-status> option, to prevent accidental
-changes to that value.
-It is written-to at the same time as B<install-status> is updated.
-
-=back
-
-For example:
-
- [fips_sect]
- activate = 1
- install-version = 1
- conditional-errors = 1
- security-checks = 1
- module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
- install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
- install-status = INSTALL_SELF_TEST_KATS_RUN
-
-=head1 NOTES
-
-When using the FIPS provider, it is recommended that the
-B<config_diagnostics> option is enabled to prevent accidental use of
-non-FIPS validated algorithms via broken or mistaken configuration.
-See L<config(5)>.
-
-=head1 SEE ALSO
-
-L<config(5)>
-L<openssl-fipsinstall(1)>
+This command is disabled in Red Hat Enterprise Linux. The FIPS provider is
+automatically loaded when the system is booted in FIPS mode, or when the
+environment variable B<OPENSSL_FORCE_FIPS_MODE> is set. See the documentation
+for more information.
=head1 COPYRIGHT
diff -up openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod
--- openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx 2021-11-22 13:18:13.850086386 +0100
+++ openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod 2021-11-22 13:18:24.607179038 +0100
@@ -388,7 +388,6 @@ A simple self test callback is shown bel
=head1 SEE ALSO
-L<openssl-fipsinstall(1)>,
L<fips_config(5)>,
L<OSSL_SELF_TEST_set_callback(3)>,
L<OSSL_SELF_TEST_new(3)>,
diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in
--- openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac 2022-01-11 13:26:33.279906225 +0100
+++ openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in 2022-01-11 13:33:18.757994419 +0100
@@ -8,236 +8,11 @@ openssl-fipsinstall - perform FIPS confi
=head1 SYNOPSIS
B<openssl fipsinstall>
-[B<-help>]
-[B<-in> I<configfilename>]
-[B<-out> I<configfilename>]
-[B<-module> I<modulefilename>]
-[B<-provider_name> I<providername>]
-[B<-section_name> I<sectionname>]
-[B<-verify>]
-[B<-mac_name> I<macname>]
-[B<-macopt> I<nm>:I<v>]
-[B<-noout>]
-[B<-quiet>]
-[B<-no_conditional_errors>]
-[B<-no_security_checks>]
-[B<-self_test_onload>]
-[B<-corrupt_desc> I<selftest_description>]
-[B<-corrupt_type> I<selftest_type>]
-[B<-config> I<parent_config>]
=head1 DESCRIPTION
-
-This command is used to generate a FIPS module configuration file.
-This configuration file can be used each time a FIPS module is loaded
-in order to pass data to the FIPS module self tests. The FIPS module always
-verifies its MAC, but optionally only needs to run the KAT's once,
-at installation.
-
-The generated configuration file consists of:
-
-=over 4
-
-=item - A MAC of the FIPS module file.
-
-=item - A test status indicator.
-
-This indicates if the Known Answer Self Tests (KAT's) have successfully run.
-
-=item - A MAC of the status indicator.
-
-=item - A control for conditional self tests errors.
-
-By default if a continuous test (e.g a key pair test) fails then the FIPS module
-will enter an error state, and no services or cryptographic algorithms will be
-able to be accessed after this point.
-The default value of '1' will cause the fips module error state to be entered.
-If the value is '0' then the module error state will not be entered.
-Regardless of whether the error state is entered or not, the current operation
-(e.g. key generation) will return an error. The user is responsible for retrying
-the operation if the module error state is not entered.
-
-=item - A control to indicate whether run-time security checks are done.
-
-This indicates if run-time checks related to enforcement of security parameters
-such as minimum security strength of keys and approved curve names are used.
-The default value of '1' will perform the checks.
-If the value is '0' the checks are not performed and FIPS compliance must
-be done by procedures documented in the relevant Security Policy.
-
-=back
-
-This file is described in L<fips_config(5)>.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-help>
-
-Print a usage message.
-
-=item B<-module> I<filename>
-
-Filename of the FIPS module to perform an integrity check on.
-The path provided in the filename is used to load the module when it is
-activated, and this overrides the environment variable B<OPENSSL_MODULES>.
-
-=item B<-out> I<configfilename>
-
-Filename to output the configuration data to; the default is standard output.
-
-=item B<-in> I<configfilename>
-
-Input filename to load configuration data from.
-Must be used if the B<-verify> option is specified.
-
-=item B<-verify>
-
-Verify that the input configuration file contains the correct information.
-
-=item B<-provider_name> I<providername>
-
-Name of the provider inside the configuration file.
-The default value is C<fips>.
-
-=item B<-section_name> I<sectionname>
-
-Name of the section inside the configuration file.
-The default value is C<fips_sect>.
-
-=item B<-mac_name> I<name>
-
-Specifies the name of a supported MAC algorithm which will be used.
-The MAC mechanisms that are available will depend on the options
-used when building OpenSSL.
-To see the list of supported MAC's use the command
-C<openssl list -mac-algorithms>. The default is B<HMAC>.
-
-=item B<-macopt> I<nm>:I<v>
-
-Passes options to the MAC algorithm.
-A comprehensive list of controls can be found in the EVP_MAC implementation
-documentation.
-Common control strings used for this command are:
-
-=over 4
-
-=item B<key>:I<string>
-
-Specifies the MAC key as an alphanumeric string (use if the key contains
-printable characters only).
-The string length must conform to any restrictions of the MAC algorithm.
-A key must be specified for every MAC algorithm.
-If no key is provided, the default that was specified when OpenSSL was
-configured is used.
-
-=item B<hexkey>:I<string>
-
-Specifies the MAC key in hexadecimal form (two hex digits per byte).
-The key length must conform to any restrictions of the MAC algorithm.
-A key must be specified for every MAC algorithm.
-If no key is provided, the default that was specified when OpenSSL was
-configured is used.
-
-=item B<digest>:I<string>
-
-Used by HMAC as an alphanumeric string (use if the key contains printable
-characters only).
-The string length must conform to any restrictions of the MAC algorithm.
-To see the list of supported digests, use the command
-C<openssl list -digest-commands>.
-The default digest is SHA-256.
-
-=back
-
-=item B<-noout>
-
-Disable logging of the self tests.
-
-=item B<-no_conditional_errors>
-
-Configure the module to not enter an error state if a conditional self test
-fails as described above.
-
-=item B<-no_security_checks>
-
-Configure the module to not perform run-time security checks as described above.
-
-=item B<-self_test_onload>
-
-Do not write the two fields related to the "test status indicator" and
-"MAC status indicator" to the output configuration file. Without these fields
-the self tests KATS will run each time the module is loaded. This option could be
-used for cross compiling, since the self tests need to run at least once on each
-target machine. Once the self tests have run on the target machine the user
-could possibly then add the 2 fields into the configuration using some other
-mechanism.
-
-=item B<-quiet>
-
-Do not output pass/fail messages. Implies B<-noout>.
-
-=item B<-corrupt_desc> I<selftest_description>,
-B<-corrupt_type> I<selftest_type>
-
-The corrupt options can be used to test failure of one or more self tests by
-name.
-Either option or both may be used to select the tests to corrupt.
-Refer to the entries for B<st-desc> and B<st-type> in L<OSSL_PROVIDER-FIPS(7)> for
-values that can be used.
-
-=item B<-config> I<parent_config>
-
-Test that a FIPS provider can be loaded from the specified configuration file.
-A previous call to this application needs to generate the extra configuration
-data that is included by the base C<parent_config> configuration file.
-See L<config(5)> for further information on how to set up a provider section.
-All other options are ignored if '-config' is used.
-
-=back
-
-=head1 NOTES
-
-Self tests results are logged by default if the options B<-quiet> and B<-noout>
-are not specified, or if either of the options B<-corrupt_desc> or
-B<-corrupt_type> are used.
-If the base configuration file is set up to autoload the fips module, then the
-fips module will be loaded and self tested BEFORE the fipsinstall application
-has a chance to set up its own self test callback. As a result of this the self
-test output and the options B<-corrupt_desc> and B<-corrupt_type> will be ignored.
-For normal usage the base configuration file should use the default provider
-when generating the fips configuration file.
-
-=head1 EXAMPLES
-
-Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test
-for the module, and save the F<fips.cnf> configuration file:
-
- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips
-
-Verify that the configuration file F<fips.cnf> contains the correct info:
-
- openssl fipsinstall -module ./fips.so -in fips.cnf -provider_name fips -verify
-
-Corrupt any self tests which have the description C<SHA1>:
-
- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \
- -corrupt_desc 'SHA1'
-
-Validate that the fips module can be loaded from a base configuration file:
-
- export OPENSSL_CONF_INCLUDE=<path of configuration files>
- export OPENSSL_MODULES=<provider-path>
- openssl fipsinstall -config' 'default.cnf'
-
-
-=head1 SEE ALSO
-
-L<config(5)>,
-L<fips_config(5)>,
-L<OSSL_PROVIDER-FIPS(7)>,
-L<EVP_MAC(3)>
+This command is disabled.
+Please consult Red Hat Enterprise Linux documentation to learn how to correctly
+enable FIPS mode on Red Hat Enterprise
=head1 COPYRIGHT

@ -0,0 +1,26 @@
diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c
--- openssl-3.0.0/apps/speed.c.beldmit 2021-12-21 15:14:04.210431584 +0100
+++ openssl-3.0.0/apps/speed.c 2021-12-21 15:46:05.554085125 +0100
@@ -547,6 +547,9 @@ static int EVP_MAC_loop(int algindex, vo
for (count = 0; COND(c[algindex][testnum]); count++) {
size_t outl;
+ if (mctx == NULL)
+ return -1;
+
if (!EVP_MAC_init(mctx, NULL, 0, NULL)
|| !EVP_MAC_update(mctx, buf, lengths[testnum])
|| !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
@@ -1922,8 +1925,10 @@ int speed_main(int argc, char **argv)
if (loopargs[i].mctx == NULL)
goto end;
- if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
- goto end;
+ if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) {
+ EVP_MAC_CTX_free(loopargs[i].mctx);
+ loopargs[i].mctx = NULL;
+ }
}
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],

@ -0,0 +1,187 @@
diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c
--- openssl-3.0.1/crypto/dh/dh_key.c.fips3 2022-07-18 16:01:41.159543735 +0200
+++ openssl-3.0.1/crypto/dh/dh_key.c 2022-07-18 16:24:30.251388248 +0200
@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *k
BN_MONT_CTX *mont = NULL;
BIGNUM *z = NULL, *pminus1;
int ret = -1;
+#ifdef FIPS_MODULE
+ int validate = 0;
+#endif
if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *k
return 0;
}
+#ifdef FIPS_MODULE
+ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) {
+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
+ return 0;
+ }
+#endif
+
ctx = BN_CTX_new_ex(dh->libctx);
if (ctx == NULL)
goto err;
@@ -262,6 +272,9 @@ static int generate_key(DH *dh)
#endif
BN_CTX *ctx = NULL;
BIGNUM *pub_key = NULL, *priv_key = NULL;
+#ifdef FIPS_MODULE
+ int validate = 0;
+#endif
if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
@@ -354,8 +367,23 @@ static int generate_key(DH *dh)
if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key))
goto err;
+#ifdef FIPS_MODULE
+ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) {
+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
+ goto err;
+ }
+#endif
+
dh->pub_key = pub_key;
dh->priv_key = priv_key;
+#ifdef FIPS_MODULE
+ if (ossl_dh_check_pairwise(dh) <= 0) {
+ dh->pub_key = dh->priv_key = NULL;
+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
+ goto err;
+ }
+#endif
+
dh->dirty_cnt++;
ok = 1;
err:
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c
diff -up openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c
--- openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 2022-07-25 13:42:46.814952053 +0200
+++ openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c 2022-07-25 13:52:12.292065706 +0200
@@ -488,6 +488,25 @@ int ecdh_plain_derive(void *vpecdhctx, u
}
ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk);
+#ifdef FIPS_MODULE
+ {
+ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk));
+ int check = 0;
+
+ if (bn_ctx == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+
+ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx);
+ BN_CTX_free(bn_ctx);
+
+ if (check <= 0) {
+ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY);
+ goto end;
+ }
+ }
+#endif
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c
--- openssl-3.0.1/crypto/ec/ec_key.c.fips3 2022-07-25 14:03:34.420222507 +0200
+++ openssl-3.0.1/crypto/ec/ec_key.c 2022-07-25 14:09:00.728164294 +0200
@@ -336,6 +336,11 @@ static int ec_generate_key(EC_KEY *eckey
OSSL_SELF_TEST_get_callback(eckey->libctx, &cb, &cbarg);
ok = ecdsa_keygen_pairwise_test(eckey, cb, cbarg);
+
+#ifdef FIPS_MODULE
+ ok &= ossl_ec_key_public_check(eckey, ctx);
+ ok &= ossl_ec_key_pairwise_check(eckey, ctx);
+#endif /* FIPS_MODULE */
}
err:
/* Step (9): If there is an error return an invalid keypair. */
diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_gen.c
--- openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 2022-07-25 17:02:17.807271297 +0200
+++ openssl-3.0.1/crypto/rsa/rsa_gen.c 2022-07-25 17:18:24.931959649 +0200
@@ -23,6 +23,7 @@
#include <time.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
+#include <openssl/obj_mac.h>
#include <openssl/self_test.h>
#include "prov/providercommon.h"
#include "rsa_local.h"
@@ -476,52 +476,43 @@ static int rsa_keygen(OSSL_LIB_CTX *libc
static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg)
{
int ret = 0;
- unsigned int ciphertxt_len;
- unsigned char *ciphertxt = NULL;
- const unsigned char plaintxt[16] = {0};
- unsigned char *decoded = NULL;
- unsigned int decoded_len;
- unsigned int plaintxt_len = (unsigned int)sizeof(plaintxt_len);
- int padding = RSA_PKCS1_PADDING;
+ unsigned int signature_len;
+ unsigned char *signature = NULL;
OSSL_SELF_TEST *st = NULL;
+ static const unsigned char dgst[] = {
+ 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
+ 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
+ 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
+ };
st = OSSL_SELF_TEST_new(cb, cbarg);
if (st == NULL)
goto err;
OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT,
+ /* No special name for RSA signature PCT*/
OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1);
- ciphertxt_len = RSA_size(rsa);
+ signature_len = RSA_size(rsa);
- /*
- * RSA_private_encrypt() and RSA_private_decrypt() requires the 'to'
- * parameter to be a maximum of RSA_size() - allocate space for both.
- */
- ciphertxt = OPENSSL_zalloc(ciphertxt_len * 2);
- if (ciphertxt == NULL)
+ signature = OPENSSL_zalloc(signature_len);
+ if (signature == NULL)
goto err;
- decoded = ciphertxt + ciphertxt_len;
- ciphertxt_len = RSA_public_encrypt(plaintxt_len, plaintxt, ciphertxt, rsa,
- padding);
- if (ciphertxt_len <= 0)
+ if (RSA_sign(NID_sha256, dgst, sizeof(dgst), signature, &signature_len, rsa) <= 0)
goto err;
- if (ciphertxt_len == plaintxt_len
- && memcmp(ciphertxt, plaintxt, plaintxt_len) == 0)
+
+ if (signature_len <= 0)
goto err;
- OSSL_SELF_TEST_oncorrupt_byte(st, ciphertxt);
+ OSSL_SELF_TEST_oncorrupt_byte(st, signature);
- decoded_len = RSA_private_decrypt(ciphertxt_len, ciphertxt, decoded, rsa,
- padding);
- if (decoded_len != plaintxt_len
- || memcmp(decoded, plaintxt, decoded_len) != 0)
+ if (RSA_verify(NID_sha256, dgst, sizeof(dgst), signature, signature_len, rsa) <= 0)
goto err;
ret = 1;
err:
OSSL_SELF_TEST_onend(st, ret);
OSSL_SELF_TEST_free(st);
- OPENSSL_free(ciphertxt);
+ OPENSSL_free(signature);
return ret;
}

@ -0,0 +1,751 @@
diff -up openssl-3.0.1/providers/common/capabilities.c.fipsmin3 openssl-3.0.1/providers/common/capabilities.c
--- openssl-3.0.1/providers/common/capabilities.c.fipsmin3 2022-05-05 17:11:36.146638536 +0200
+++ openssl-3.0.1/providers/common/capabilities.c 2022-05-05 17:12:00.138848787 +0200
@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list
TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25),
TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26),
TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27),
-# endif
TLS_GROUP_ENTRY("x25519", "X25519", "X25519", 28),
TLS_GROUP_ENTRY("x448", "X448", "X448", 29),
+# endif
# endif /* OPENSSL_NO_EC */
# ifndef OPENSSL_NO_DH
/* Security bit values for FFDHE groups are as per RFC 7919 */
diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/providers/fips/fipsprov.c
--- openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 2022-05-05 11:42:58.596848856 +0200
+++ openssl-3.0.1/providers/fips/fipsprov.c 2022-05-05 11:55:42.997562712 +0200
@@ -54,7 +54,6 @@ static void fips_deinit_casecmp(void);
#define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK }
#define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
-
extern OSSL_FUNC_core_thread_start_fn *c_thread_start;
int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx);
@@ -191,13 +190,13 @@ static int fips_get_params(void *provctx
&fips_prov_ossl_ctx_method);
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "Red Hat Enterprise Linux 9 - OpenSSL FIPS Provider"))
return 0;
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION))
return 0;
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION))
return 0;
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS);
if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running()))
@@ -281,10 +280,11 @@ static const OSSL_ALGORITHM fips_digests
* KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
* KMAC128 and KMAC256.
*/
- { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES,
+ /* We don't certify KECCAK in our FIPS provider */
+ /* { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES,
ossl_keccak_kmac_128_functions },
{ PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES,
- ossl_keccak_kmac_256_functions },
+ ossl_keccak_kmac_256_functions }, */
{ NULL, NULL, NULL }
};
@@ -343,8 +343,9 @@ static const OSSL_ALGORITHM_CAPABLE fips
ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions,
ossl_cipher_capable_aes_cbc_hmac_sha256),
#ifndef OPENSSL_NO_DES
- ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
- ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions),
+ /* We don't certify 3DES in our FIPS provider */
+ /* ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
+ ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), */
#endif /* OPENSSL_NO_DES */
{ { NULL, NULL, NULL }, NULL }
};
@@ -356,8 +357,9 @@ static const OSSL_ALGORITHM fips_macs[]
#endif
{ PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions },
{ PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions },
- { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions },
- { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions },
+ /* We don't certify KMAC in our FIPS provider */
+ /*{ PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions },
+ { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, */
{ NULL, NULL, NULL }
};
@@ -392,8 +394,9 @@ static const OSSL_ALGORITHM fips_keyexch
#endif
#ifndef OPENSSL_NO_EC
{ PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions },
- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions },
- { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },
+ /* We don't certify Edwards curves in our FIPS provider */
+ /*{ PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions },
+ { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },*/
#endif
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES,
ossl_kdf_tls1_prf_keyexch_functions },
@@ -403,12 +406,14 @@ static const OSSL_ALGORITHM fips_keyexch
static const OSSL_ALGORITHM fips_signature[] = {
#ifndef OPENSSL_NO_DSA
- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },
+ /* We don't certify DSA in our FIPS provider */
+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, */
#endif
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions },
#ifndef OPENSSL_NO_EC
- { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions },
- { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions },
+ /* We don't certify Edwards curves in our FIPS provider */
+ /* { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions },
+ { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, */
{ PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions },
#endif
{ PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES,
@@ -438,8 +443,9 @@ static const OSSL_ALGORITHM fips_keymgmt
PROV_DESCS_DHX },
#endif
#ifndef OPENSSL_NO_DSA
- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions,
- PROV_DESCS_DSA },
+ /* We don't certify DSA in our FIPS provider */
+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions,
+ PROV_DESCS_DSA }, */
#endif
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions,
PROV_DESCS_RSA },
@@ -448,14 +454,15 @@ static const OSSL_ALGORITHM fips_keymgmt
#ifndef OPENSSL_NO_EC
{ PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions,
PROV_DESCS_EC },
- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions,
+ /* We don't certify Edwards curves in our FIPS provider */
+ /* { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions,
PROV_DESCS_X25519 },
{ PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions,
PROV_DESCS_X448 },
{ PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions,
PROV_DESCS_ED25519 },
{ PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions,
- PROV_DESCS_ED448 },
+ PROV_DESCS_ED448 }, */
#endif
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions,
PROV_DESCS_TLS1_PRF_SIGN },
diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/providers/fips/self_test_data.inc
--- openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 2022-05-05 12:36:32.335069046 +0200
+++ openssl-3.0.1/providers/fips/self_test_data.inc 2022-05-05 12:40:02.427966128 +0200
@@ -171,6 +171,7 @@ static const ST_KAT_DIGEST st_kat_digest
/*- CIPHER TEST DATA */
/* DES3 test data */
+#if 0
static const unsigned char des_ede3_cbc_pt[] = {
0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
@@ -191,7 +192,7 @@ static const unsigned char des_ede3_cbc_
0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7
};
-
+#endif
/* AES-256 GCM test data */
static const unsigned char aes_256_gcm_key[] = {
0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c,
@@ -235,6 +236,7 @@ static const unsigned char aes_128_ecb_c
};
static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
+#if 0
#ifndef OPENSSL_NO_DES
{
{
@@ -248,6 +250,7 @@ static const ST_KAT_CIPHER st_kat_cipher
ITM(des_ede3_cbc_iv),
},
#endif
+#endif
{
{
OSSL_SELF_TEST_DESC_CIPHER_AES_GCM,
@@ -1424,8 +1427,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[
# endif /* OPENSSL_NO_EC2M */
#endif /* OPENSSL_NO_EC */
-#ifndef OPENSSL_NO_DSA
/* dsa 2048 */
+#if 0
+#ifndef OPENSSL_NO_DSA
static const unsigned char dsa_p[] = {
0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23,
0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e,
@@ -1549,8 +1553,8 @@ static const ST_KAT_PARAM dsa_key[] = {
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dsa_priv),
ST_KAT_PARAM_END()
};
-#endif /* OPENSSL_NO_DSA */
-
+#endif
+#endif
static const ST_KAT_SIGN st_kat_sign_tests[] = {
{
OSSL_SELF_TEST_DESC_SIGN_RSA,
@@ -1583,6 +1587,7 @@ static const ST_KAT_SIGN st_kat_sign_tes
},
# endif
#endif /* OPENSSL_NO_EC */
+#if 0
#ifndef OPENSSL_NO_DSA
{
OSSL_SELF_TEST_DESC_SIGN_DSA,
@@ -1595,6 +1600,7 @@ static const ST_KAT_SIGN st_kat_sign_tes
*/
},
#endif /* OPENSSL_NO_DSA */
+#endif
};
static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = {
diff -up openssl-3.0.1/test/acvp_test.c.fipsmin2 openssl-3.0.1/test/acvp_test.c
--- openssl-3.0.1/test/acvp_test.c.fipsmin2 2022-05-05 11:42:58.597848865 +0200
+++ openssl-3.0.1/test/acvp_test.c 2022-05-05 11:43:30.141126336 +0200
@@ -1476,6 +1476,7 @@ int setup_tests(void)
OSSL_NELEM(dh_safe_prime_keyver_data));
#endif /* OPENSSL_NO_DH */
+#if 0 /* Red Hat FIPS provider doesn't have fips=yes property on DSA */
#ifndef OPENSSL_NO_DSA
ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
@@ -1483,6 +1484,7 @@ int setup_tests(void)
ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
#endif /* OPENSSL_NO_DSA */
+#endif
#ifndef OPENSSL_NO_EC
ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
diff -up openssl-3.0.1/test/evp_libctx_test.c.fipsmin3 openssl-3.0.1/test/evp_libctx_test.c
--- openssl-3.0.1/test/evp_libctx_test.c.fipsmin3 2022-05-05 14:18:46.370911817 +0200
+++ openssl-3.0.1/test/evp_libctx_test.c 2022-05-05 14:30:02.117911993 +0200
@@ -21,6 +21,7 @@
*/
#include "internal/deprecated.h"
#include <assert.h>
+#include <string.h>
#include <openssl/evp.h>
#include <openssl/provider.h>
#include <openssl/dsa.h>
@@ -725,8 +726,10 @@ int setup_tests(void)
if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
return 0;
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
- ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
+ if (strcmp(prov_name, "fips") != 0) {
+ ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
+ }
#endif
#ifndef OPENSSL_NO_DH
ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
@@ -746,7 +750,9 @@ int setup_tests(void)
ADD_TEST(kem_invalid_keytype);
#endif
#ifndef OPENSSL_NO_DES
- ADD_TEST(test_cipher_tdes_randkey);
+ if (strcmp(prov_name, "fips") != 0) {
+ ADD_TEST(test_cipher_tdes_randkey);
+ }
#endif
return 1;
}
diff -up openssl-3.0.1/test/recipes/15-test_gendsa.t.fipsmin3 openssl-3.0.1/test/recipes/15-test_gendsa.t
--- openssl-3.0.1/test/recipes/15-test_gendsa.t.fipsmin3 2022-05-05 13:46:00.631590335 +0200
+++ openssl-3.0.1/test/recipes/15-test_gendsa.t 2022-05-05 13:46:06.999644496 +0200
@@ -24,7 +24,7 @@ use lib bldtop_dir('.');
plan skip_all => "This test is unsupported in a no-dsa build"
if disabled("dsa");
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+my $no_fips = 1;
plan tests =>
($no_fips ? 0 : 2) # FIPS related tests
diff -up openssl-3.0.1/test/recipes/20-test_cli_fips.t.fipsmin3 openssl-3.0.1/test/recipes/20-test_cli_fips.t
--- openssl-3.0.1/test/recipes/20-test_cli_fips.t.fipsmin3 2022-05-05 13:47:55.217564900 +0200
+++ openssl-3.0.1/test/recipes/20-test_cli_fips.t 2022-05-05 13:48:02.824629600 +0200
@@ -207,8 +207,7 @@ SKIP: {
}
SKIP : {
- skip "FIPS DSA tests because of no dsa in this build", 1
- if disabled("dsa");
+ skip "FIPS DSA tests because of no dsa in this build", 1;
subtest DSA => sub {
my $testtext_prefix = 'DSA';
diff -up openssl-3.0.1/test/recipes/80-test_cms.t.fipsmin3 openssl-3.0.1/test/recipes/80-test_cms.t
--- openssl-3.0.1/test/recipes/80-test_cms.t.fipsmin3 2022-05-05 13:55:05.257292637 +0200
+++ openssl-3.0.1/test/recipes/80-test_cms.t 2022-05-05 13:58:35.307150750 +0200
@@ -95,7 +95,7 @@ my @smime_pkcs7_tests = (
\&final_compare
],
- [ "signed content DER format, DSA key",
+ [ "signed content DER format, DSA key, no Red Hat FIPS",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
@@ -103,7 +103,7 @@ my @smime_pkcs7_tests = (
\&final_compare
],
- [ "signed detached content DER format, DSA key",
+ [ "signed detached content DER format, DSA key, no Red Hat FIPS",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
[ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
@@ -112,7 +112,7 @@ my @smime_pkcs7_tests = (
\&final_compare
],
- [ "signed detached content DER format, add RSA signer (with DSA existing)",
+ [ "signed detached content DER format, add RSA signer (with DSA existing), no Red Hat FIPS",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
[ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER",
@@ -123,7 +123,7 @@ my @smime_pkcs7_tests = (
\&final_compare
],
- [ "signed content test streaming BER format, DSA key",
+ [ "signed content test streaming BER format, DSA key, no Red Hat FIPS",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
"-nodetach", "-stream",
"-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
@@ -132,7 +132,7 @@ my @smime_pkcs7_tests = (
\&final_compare
],
- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
"-nodetach", "-stream",
"-signer", $smrsa1,
@@ -145,7 +145,7 @@ my @smime_pkcs7_tests = (
\&final_compare
],
- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes, no Red Hat FIPS",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
"-noattr", "-nodetach", "-stream",
"-signer", $smrsa1,
@@ -175,7 +175,7 @@ my @smime_pkcs7_tests = (
\&zero_compare
],
- [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
+ [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach",
"-signer", $smrsa1,
"-signer", catfile($smdir, "smrsa2.pem"),
@@ -187,7 +187,7 @@ my @smime_pkcs7_tests = (
\&final_compare
],
- [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
+ [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
[ "{cmd1}", @prov, "-sign", "-in", $smcont,
"-signer", $smrsa1,
"-signer", catfile($smdir, "smrsa2.pem"),
@@ -247,7 +247,7 @@ my @smime_pkcs7_tests = (
my @smime_cms_tests = (
- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid, no Red Hat FIPS",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
"-nodetach", "-keyid",
"-signer", $smrsa1,
@@ -260,7 +260,7 @@ my @smime_cms_tests = (
\&final_compare
],
- [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
+ [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
[ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
"-signer", $smrsa1,
"-signer", catfile($smdir, "smrsa2.pem"),
@@ -370,7 +370,7 @@ my @smime_cms_tests = (
\&final_compare
],
- [ "encrypted content test streaming PEM format, triple DES key",
+ [ "encrypted content test streaming PEM format, triple DES key, no Red Hat FIPS",
[ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
"-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
"-stream", "-out", "{output}.cms" ],
diff -up openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 openssl-3.0.1/test/recipes/30-test_evp.t
--- openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 2022-05-05 14:43:04.276857033 +0200
+++ openssl-3.0.1/test/recipes/30-test_evp.t 2022-05-05 14:43:35.975138234 +0200
@@ -43,7 +43,6 @@ my @files = qw(
evpciph_aes_cts.txt
evpciph_aes_wrap.txt
evpciph_aes_stitched.txt
- evpciph_des3_common.txt
evpkdf_hkdf.txt
evpkdf_pbkdf1.txt
evpkdf_pbkdf2.txt
@@ -66,12 +65,6 @@ push @files, qw(
evppkey_dh.txt
) unless $no_dh;
push @files, qw(
- evpkdf_x942_des.txt
- evpmac_cmac_des.txt
- ) unless $no_des;
-push @files, qw(evppkey_dsa.txt) unless $no_dsa;
-push @files, qw(evppkey_ecx.txt) unless $no_ec;
-push @files, qw(
evppkey_ecc.txt
evppkey_ecdh.txt
evppkey_ecdsa.txt
@@ -91,6 +84,7 @@ my @defltfiles = qw(
evpciph_cast5.txt
evpciph_chacha.txt
evpciph_des.txt
+ evpciph_des3_common.txt
evpciph_idea.txt
evpciph_rc2.txt
evpciph_rc4.txt
@@ -117,6 +111,12 @@ my @defltfiles = qw(
evppkey_kdf_tls1_prf.txt
evppkey_rsa.txt
);
+push @defltfiles, qw(evppkey_dsa.txt) unless $no_dsa;
+push @defltfiles, qw(evppkey_ecx.txt) unless $no_ec;
+push @defltfiles, qw(
+ evpkdf_x942_des.txt
+ evpmac_cmac_des.txt
+ ) unless $no_des;
push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
plan tests =>
diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt
--- openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 2022-05-05 14:46:32.721700697 +0200
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt 2022-05-05 14:51:40.205418897 +0200
@@ -328,6 +328,7 @@ Input = 68F2E77696CE7AE8E2CA4EC588E54100
Output = 00BDA1B7E87608BCBF470F12157F4C07
+Availablein = default
Title = KMAC Tests (From NIST)
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
@@ -338,12 +339,14 @@ Ctrl = xof:0
OutputSize = 32
BlockSize = 168
+Availablein = default
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
Custom = "My Tagged Application"
Output = 3B1FBA963CD8B0B59E8C1A6D71888B7143651AF8BA0A7070C0979E2811324AA5
+Availablein = default
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -351,6 +354,7 @@ Custom = "My Tagged Application"
Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230
Ctrl = size:32
+Availablein = default
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
@@ -359,12 +363,14 @@ Output = 20C570C31346F703C9AC36C61C03CB6
OutputSize = 64
BlockSize = 136
+Availablein = default
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
Custom = ""
Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69
+Availablein = default
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -374,12 +380,14 @@ Ctrl = size:64
Title = KMAC XOF Tests (From NIST)
+Availablein = default
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35
XOF = 1
+Availablein = default
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
@@ -387,6 +395,7 @@ Custom = "My Tagged Application"
Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
XOF = 1
+Availablein = default
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -395,6 +404,7 @@ Output = 47026C7CD793084AA0283C253EF6584
XOF = 1
Ctrl = size:32
+Availablein = default
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
@@ -402,6 +412,7 @@ Custom = "My Tagged Application"
Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
XOF = 1
+Availablein = default
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -409,6 +420,7 @@ Custom = ""
Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
XOF = 1
+Availablein = default
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -419,6 +431,7 @@ XOF = 1
Title = KMAC long customisation string (from NIST ACVP)
+Availablein = default
MAC = KMAC256
Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
@@ -429,12 +442,14 @@ XOF = 1
Title = KMAC XOF Tests via ctrl (From NIST)
+Availablein = default
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35
Ctrl = xof:1
+Availablein = default
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
@@ -442,6 +457,7 @@ Custom = "My Tagged Application"
Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
Ctrl = xof:1
+Availablein = default
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -450,6 +466,7 @@ Output = 47026C7CD793084AA0283C253EF6584
Ctrl = xof:1
Ctrl = size:32
+Availablein = default
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
@@ -457,6 +474,7 @@ Custom = "My Tagged Application"
Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
Ctrl = xof:1
+Availablein = default
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -464,6 +482,7 @@ Custom = ""
Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
Ctrl = xof:1
+Availablein = default
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -474,6 +493,7 @@ Ctrl = xof:1
Title = KMAC long customisation string via ctrl (from NIST ACVP)
+Availablein = default
MAC = KMAC256
Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
@@ -484,6 +504,7 @@ Ctrl = xof:1
Title = KMAC long customisation string negative test
+Availablein = default
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -492,6 +513,7 @@ Result = MAC_INIT_ERROR
Title = KMAC output is too large
+Availablein = default
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
diff -up openssl-3.0.1/test/recipes/80-test_ssl_old.t.fipsmin3 openssl-3.0.1/test/recipes/80-test_ssl_old.t
--- openssl-3.0.1/test/recipes/80-test_ssl_old.t.fipsmin3 2022-05-05 16:02:59.745500635 +0200
+++ openssl-3.0.1/test/recipes/80-test_ssl_old.t 2022-05-05 16:10:24.071348890 +0200
@@ -426,7 +426,7 @@ sub testssl {
my @exkeys = ();
my $ciphers = '-PSK:-SRP:@SECLEVEL=0';
- if (!$no_dsa) {
+ if (!$no_dsa && $provider ne "fips") {
push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey;
}
diff -up openssl-3.0.1/test/endecode_test.c.fipsmin3 openssl-3.0.1/test/endecode_test.c
--- openssl-3.0.1/test/endecode_test.c.fipsmin3 2022-05-06 16:25:57.296926271 +0200
+++ openssl-3.0.1/test/endecode_test.c 2022-05-06 16:27:42.712850840 +0200
@@ -1387,6 +1387,7 @@ int setup_tests(void)
* so no legacy tests.
*/
#endif
+ if (is_fips == 0) {
#ifndef OPENSSL_NO_DSA
ADD_TEST_SUITE(DSA);
ADD_TEST_SUITE_PARAMS(DSA);
@@ -1397,6 +1398,7 @@ int setup_tests(void)
ADD_TEST_SUITE_PROTECTED_PVK(DSA);
# endif
#endif
+ }
#ifndef OPENSSL_NO_EC
ADD_TEST_SUITE(EC);
ADD_TEST_SUITE_PARAMS(EC);
@@ -1411,10 +1413,12 @@ int setup_tests(void)
ADD_TEST_SUITE(ECExplicitTri2G);
ADD_TEST_SUITE_LEGACY(ECExplicitTri2G);
# endif
+ if (is_fips == 0) {
ADD_TEST_SUITE(ED25519);
ADD_TEST_SUITE(ED448);
ADD_TEST_SUITE(X25519);
ADD_TEST_SUITE(X448);
+ }
/*
* ED25519, ED448, X25519 and X448 have no support for
* PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
diff -up openssl-3.0.1/apps/req.c.dfc openssl-3.0.1/apps/req.c
--- openssl-3.0.1/apps/req.c.dfc 2022-05-12 13:31:21.957638329 +0200
+++ openssl-3.0.1/apps/req.c 2022-05-12 13:31:49.587984867 +0200
@@ -266,7 +266,7 @@ int req_main(int argc, char **argv)
unsigned long chtype = MBSTRING_ASC, reqflag = 0;
#ifndef OPENSSL_NO_DES
- cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
+ cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
#endif
prog = opt_init(argc, argv, req_options);
diff -up openssl-3.0.1/apps/ecparam.c.fips_list_curves openssl-3.0.1/apps/ecparam.c
--- openssl-3.0.1/apps/ecparam.c.fips_list_curves 2022-05-19 11:46:22.682519422 +0200
+++ openssl-3.0.1/apps/ecparam.c 2022-05-19 11:50:44.559828701 +0200
@@ -79,6 +79,9 @@ static int list_builtin_curves(BIO *out)
const char *comment = curves[n].comment;
const char *sname = OBJ_nid2sn(curves[n].nid);
+ if ((curves[n].nid == NID_secp256k1) && EVP_default_properties_is_fips_enabled(NULL))
+ continue;
+
if (comment == NULL)
comment = "CURVE DESCRIPTION NOT AVAILABLE";
if (sname == NULL)
diff -up openssl-3.0.1/ssl/ssl_ciph.c.nokrsa openssl-3.0.1/ssl/ssl_ciph.c
--- openssl-3.0.1/ssl/ssl_ciph.c.nokrsa 2022-05-19 13:32:32.536708638 +0200
+++ openssl-3.0.1/ssl/ssl_ciph.c 2022-05-19 13:42:29.734002959 +0200
@@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx)
ctx->disabled_mkey_mask = 0;
ctx->disabled_auth_mask = 0;
+ if (EVP_default_properties_is_fips_enabled(ctx->libctx))
+ ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK;
+
/*
* We ignore any errors from the fetches below. They are expected to fail
* if theose algorithms are not available.
diff -up openssl-3.0.1/providers/implementations/signature/rsa_sig.c.fipskeylen openssl-3.0.1/providers/implementations/signature/rsa_sig.c
--- openssl-3.0.1/providers/implementations/signature/rsa_sig.c.fipskeylen 2022-05-23 14:58:07.764281242 +0200
+++ openssl-3.0.1/providers/implementations/signature/rsa_sig.c 2022-05-23 15:10:29.327993616 +0200
@@ -770,6 +770,19 @@ static int rsa_verify(void *vprsactx, co
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
size_t rslen;
+# ifdef FIPS_MODULE
+ size_t rsabits = RSA_bits(prsactx->rsa);
+
+ if (rsabits < 2048) {
+ if (rsabits != 1024
+ && rsabits != 1280
+ && rsabits != 1536
+ && rsabits != 1792) {
+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
+ }
+# endif
if (!ossl_prov_is_running())
return 0;
diff -up openssl-3.0.1/ssl/t1_lib.c.groupnames openssl-3.0.1/ssl/t1_lib.c
--- openssl-3.0.1/ssl/t1_lib.c.groupnames 2022-06-17 09:42:50.866748854 +0200
+++ openssl-3.0.1/ssl/t1_lib.c 2022-06-17 09:49:07.715973172 +0200
@@ -345,6 +345,7 @@ static int add_provider_groups(const OSS
* it.
*/
ret = 1;
+ (void)ERR_set_mark();
keymgmt = EVP_KEYMGMT_fetch(ctx->libctx, ginf->algorithm, ctx->propq);
if (keymgmt != NULL) {
/*
@@ -366,6 +367,7 @@ static int add_provider_groups(const OSS
}
EVP_KEYMGMT_free(keymgmt);
}
+ (void)ERR_pop_to_mark();
err:
if (ginf != NULL) {
OPENSSL_free(ginf->tlsname);
@@ -725,8 +727,11 @@ static int gid_cb(const char *elem, int
etmp[len] = 0;
gid = tls1_group_name2id(garg->ctx, etmp);
- if (gid == 0)
+ if (gid == 0) {
+ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT,
+ "group '%s' cannot be set", etmp);
return 0;
+ }
for (i = 0; i < garg->gidcnt; i++)
if (garg->gid_arr[i] == gid)
return 0;

@ -0,0 +1,22 @@
diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
index 5c70b2d67840..c5726c638bdd 100644
--- a/crypto/ec/ecp_s390x_nistp.c
+++ b/crypto/ec/ecp_s390x_nistp.c
@@ -116,7 +116,7 @@ static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r,
/* Otherwise use default. */
if (rc == -1)
rc = ossl_ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
- OPENSSL_cleanse(param + S390X_OFF_SCALAR(len), len);
+ OPENSSL_cleanse(param, sizeof(param));
BN_CTX_end(ctx);
BN_CTX_free(new_ctx);
return rc;
@@ -212,7 +212,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst,
ok = 1;
ret:
- OPENSSL_cleanse(param + S390X_OFF_K(len), 2 * len);
+ OPENSSL_cleanse(param, sizeof(param));
if (ok != 1) {
ECDSA_SIG_free(sig);
sig = NULL;

@ -0,0 +1,39 @@
diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/providers/fips/self_test.c
--- openssl-3.0.1/providers/fips/self_test.c.earlykats 2022-01-19 13:10:00.635830783 +0100
+++ openssl-3.0.1/providers/fips/self_test.c 2022-01-19 13:11:43.309342656 +0100
@@ -362,6 +362,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
if (ev == NULL)
goto end;
+ /*
+ * Run the KAT's before HMAC verification according to FIPS-140-3 requirements
+ */
+ if (kats_already_passed == 0) {
+ if (!SELF_TEST_kats(ev, st->libctx)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
+ goto end;
+ }
+ }
+
module_checksum = fips_hmac_container;
checksum_len = sizeof(fips_hmac_container);
@@ -411,18 +421,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
kats_already_passed = 1;
}
}
-
- /*
- * Only runs the KAT's during installation OR on_demand().
- * NOTE: If the installation option 'self_test_onload' is chosen then this
- * path will always be run, since kats_already_passed will always be 0.
- */
- if (on_demand_test || kats_already_passed == 0) {
- if (!SELF_TEST_kats(ev, st->libctx)) {
- ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
- goto end;
- }
- }
ok = 1;
end:
OSSL_SELF_TEST_free(ev);

@ -0,0 +1,52 @@
diff -up openssl-3.0.1/apps/s_server.c.handle-records openssl-3.0.1/apps/s_server.c
--- openssl-3.0.1/apps/s_server.c.handle-records 2022-02-03 15:26:16.803434943 +0100
+++ openssl-3.0.1/apps/s_server.c 2022-02-03 15:34:33.358298697 +0100
@@ -2982,7 +2982,9 @@ static int www_body(int s, int stype, in
/* Set width for a select call if needed */
width = s + 1;
- buf = app_malloc(bufsize, "server www buffer");
+ /* as we use BIO_gets(), and it always null terminates data, we need
+ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */
+ buf = app_malloc(bufsize + 1, "server www buffer");
io = BIO_new(BIO_f_buffer());
ssl_bio = BIO_new(BIO_f_ssl());
if ((io == NULL) || (ssl_bio == NULL))
@@ -3047,7 +3049,7 @@ static int www_body(int s, int stype, in
}
for (;;) {
- i = BIO_gets(io, buf, bufsize - 1);
+ i = BIO_gets(io, buf, bufsize + 1);
if (i < 0) { /* error */
if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) {
if (!s_quiet)
@@ -3112,7 +3114,7 @@ static int www_body(int s, int stype, in
* we're expecting to come from the client. If they haven't
* sent one there's not much we can do.
*/
- BIO_gets(io, buf, bufsize - 1);
+ BIO_gets(io, buf, bufsize + 1);
}
BIO_puts(io,
@@ -3401,7 +3403,9 @@ static int rev_body(int s, int stype, in
SSL *con;
BIO *io, *ssl_bio, *sbio;
- buf = app_malloc(bufsize, "server rev buffer");
+ /* as we use BIO_gets(), and it always null terminates data, we need
+ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */
+ buf = app_malloc(bufsize + 1, "server rev buffer");
io = BIO_new(BIO_f_buffer());
ssl_bio = BIO_new(BIO_f_ssl());
if ((io == NULL) || (ssl_bio == NULL))
@@ -3476,7 +3480,7 @@ static int rev_body(int s, int stype, in
print_ssl_summary(con);
for (;;) {
- i = BIO_gets(io, buf, bufsize - 1);
+ i = BIO_gets(io, buf, bufsize + 1);
if (i < 0) { /* error */
if (!BIO_should_retry(io)) {
if (!s_quiet)

@ -0,0 +1,489 @@
From 243201772cc6d583fae9eba81cb2c2c7425bc564 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Mon, 21 Feb 2022 17:24:44 +0100
Subject: Selectively disallow SHA1 signatures
For RHEL 9.0, we want to phase out SHA1. One of the steps to do that is
disabling SHA1 signatures. Introduce a new configuration option in the
alg_section named 'rh-allow-sha1-signatures'. This option defaults to
false. If set to false (or unset), any signature creation or
verification operations that involve SHA1 as digest will fail.
This also affects TLS, where the signature_algorithms extension of any
ClientHello message sent by OpenSSL will no longer include signatures
with the SHA1 digest if rh-allow-sha1-signatures is false. For servers
that request a client certificate, the same also applies for
CertificateRequest messages sent by them.
For signatures created using the EVP_PKEY API, this is a best-effort
check that will deny signatures in cases where the digest algorithm is
known. This means, for example, that that following steps will still
work:
$> openssl dgst -sha1 -binary -out sha1 infile
$> openssl pkeyutl -inkey key.pem -sign -in sha1 -out sha1sig
$> openssl pkeyutl -inkey key.pem -verify -sigfile sha1sig -in sha1
whereas these will not:
$> openssl dgst -sha1 -binary -out sha1 infile
$> openssl pkeyutl -inkey kem.pem -sign -in sha1 -out sha1sig -pkeyopt digest:sha1
$> openssl pkeyutl -inkey kem.pem -verify -sigfile sha1sig -in sha1 -pkeyopt digest:sha1
This happens because in the first case, OpenSSL's signature
implementation does not know that it is signing a SHA1 hash (it could be
signing arbitrary data).
Resolves: rhbz#2031742
---
crypto/evp/evp_cnf.c | 13 ++++
crypto/evp/m_sigver.c | 77 +++++++++++++++++++
crypto/evp/pmeth_lib.c | 15 ++++
doc/man5/config.pod | 11 +++
include/internal/cryptlib.h | 3 +-
include/internal/sslconf.h | 4 +
providers/common/securitycheck.c | 20 +++++
providers/common/securitycheck_default.c | 9 ++-
providers/implementations/signature/dsa_sig.c | 11 ++-
.../implementations/signature/ecdsa_sig.c | 4 +
providers/implementations/signature/rsa_sig.c | 20 ++++-
ssl/t1_lib.c | 8 ++
util/libcrypto.num | 2 +
13 files changed, 188 insertions(+), 9 deletions(-)
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
index 0e7fe64cf9..b9d3b6d226 100644
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -10,6 +10,7 @@
#include <stdio.h>
#include <openssl/crypto.h>
#include "internal/cryptlib.h"
+#include "internal/sslconf.h"
#include <openssl/conf.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
return 0;
}
+ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) {
+ int m;
+
+ /* Detailed error already reported. */
+ if (!X509V3_get_value_bool(oval, &m))
+ return 0;
+
+ if (!ossl_ctx_legacy_digest_signatures_allowed_set(
+ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
+ return 0;
+ }
} else {
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
"name=%s, value=%s", oval->name, oval->value);
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 9188edbc21..db1a1d7bc3 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -16,6 +16,71 @@
#include "internal/numbers.h" /* includes SIZE_MAX */
#include "evp_local.h"
+typedef struct ossl_legacy_digest_signatures_st {
+ int allowed;
+} OSSL_LEGACY_DIGEST_SIGNATURES;
+
+static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
+{
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs;
+
+ if (ldsigs != NULL) {
+ OPENSSL_free(ldsigs);
+ }
+}
+
+static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
+{
+ return OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
+}
+
+static const OSSL_LIB_CTX_METHOD ossl_ctx_legacy_digest_signatures_method = {
+ OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
+ ossl_ctx_legacy_digest_signatures_new,
+ ossl_ctx_legacy_digest_signatures_free,
+};
+
+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures(
+ OSSL_LIB_CTX *libctx, int loadconfig)
+{
+#ifndef FIPS_MODULE
+ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
+ return 0;
+#endif
+
+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES,
+ &ossl_ctx_legacy_digest_signatures_method);
+}
+
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig)
+{
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
+
+#ifndef FIPS_MODULE
+ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL)
+ /* used in tests */
+ return 1;
+#endif
+
+ return ldsigs != NULL ? ldsigs->allowed : 0;
+}
+
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
+ int loadconfig)
+{
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
+
+ if (ldsigs == NULL) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ ldsigs->allowed = allow;
+ return 1;
+}
+
#ifndef FIPS_MODULE
static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
@@ -258,6 +323,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
}
}
+ if (ctx->reqdigest != NULL
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) {
+ int mdnid = EVP_MD_nid(ctx->reqdigest);
+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)
+ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
+ goto err;
+ }
+ }
+
if (ver) {
if (signature->digest_verify_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 2b9c6c2351..3c5a1e6f5d 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -33,6 +33,7 @@
#include "internal/ffc.h"
#include "internal/numbers.h"
#include "internal/provider.h"
+#include "internal/sslconf.h"
#include "evp_local.h"
#ifndef FIPS_MODULE
@@ -946,6 +947,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
return -2;
}
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && md != NULL
+ && ctx->pkey != NULL
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac)
+ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
+ int mdnid = EVP_MD_nid(md);
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
+ return -1;
+ }
+ }
+
if (fallback)
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 77a8055e81..aa1be5ca7f 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -304,6 +304,17 @@ Within the algorithm properties section, the following names have meaning:
The value may be anything that is acceptable as a property query
string for EVP_set_default_properties().
+=item B<rh-allow-sha1-signatures>
+
+The value is a boolean that can be B<yes> or B<no>. If the value is not set,
+it behaves as if it was set to B<no>.
+
+When set to B<no>, any attempt to create or verify a signature with a SHA1
+digest will fail. For compatibility with older versions of OpenSSL, set this
+option to B<yes>. This setting also affects TLS, where signature algorithms
+that use SHA1 as digest will no longer be supported if this option is set to
+B<no>.
+
=item B<fips_mode> (deprecated)
The value is a boolean that can be B<yes> or B<no>. If the value is
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
index 1291299b6e..e234341e6a 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st {
# define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16
# define OSSL_LIB_CTX_BIO_CORE_INDEX 17
# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
-# define OSSL_LIB_CTX_MAX_INDEXES 19
+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES 19
+# define OSSL_LIB_CTX_MAX_INDEXES 20
# define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1
# define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0
diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h
index fd7f7e3331..05464b0655 100644
--- a/include/internal/sslconf.h
+++ b/include/internal/sslconf.h
@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx);
void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
char **arg);
+/* Methods to support disabling all signatures with legacy digests */
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig);
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
+ int loadconfig);
#endif
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
index 699ada7c52..e534ad0a5f 100644
--- a/providers/common/securitycheck.c
+++ b/providers/common/securitycheck.c
@@ -19,6 +19,7 @@
#include <openssl/core_names.h>
#include <openssl/obj_mac.h>
#include "prov/securitycheck.h"
+#include "internal/sslconf.h"
/*
* FIPS requires a minimum security strength of 112 bits (for encryption or
@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
mdnid = -1; /* disallowed by security checks */
}
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
+
+#ifndef FIPS_MODULE
+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
+ /* SHA1 is globally disabled, check whether we want to locally allow
+ * it. */
+ if (mdnid == NID_sha1 && !sha1_allowed)
+ mdnid = -1;
+#endif
+
return mdnid;
}
@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
if (ossl_securitycheck_enabled(ctx))
return ossl_digest_get_approved_nid(md) != NID_undef;
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
+
+#ifndef FIPS_MODULE
+ {
+ int mdnid = EVP_MD_nid(md);
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
+ return 0;
+ }
+#endif
+
return 1;
}
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
index de7f0d3a0a..ce54a94fbc 100644
--- a/providers/common/securitycheck_default.c
+++ b/providers/common/securitycheck_default.c
@@ -15,6 +15,7 @@
#include <openssl/obj_mac.h>
#include "prov/securitycheck.h"
#include "internal/nelem.h"
+#include "internal/sslconf.h"
/* Disable the security checks in the default provider */
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
}
int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
- ossl_unused int sha1_allowed)
+ int sha1_allowed)
{
int mdnid;
+ int ldsigs_allowed;
static const OSSL_ITEM name_to_nid[] = {
{ NID_md5, OSSL_DIGEST_NAME_MD5 },
@@ -36,8 +38,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
{ NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
};
- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1);
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0);
+ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed);
if (mdnid == NID_undef)
mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
+ if (mdnid == NID_md5_sha1 && !ldsigs_allowed)
+ mdnid = -1;
return mdnid;
}
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
index 28fd7c498e..fa3822f39f 100644
--- a/providers/implementations/signature/dsa_sig.c
+++ b/providers/implementations/signature/dsa_sig.c
@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
mdprops = ctx->propq;
if (mdname != NULL) {
- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
WPACKET pkt;
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
- sha1_allowed);
+ int md_nid;
size_t mdname_len = strlen(mdname);
+#ifdef FIPS_MODULE
+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
+#else
+ int sha1_allowed = 0;
+#endif
+ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
+ sha1_allowed);
if (md == NULL || md_nid < 0) {
if (md == NULL)
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
index 865d49d100..99b228e82c 100644
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
"%s could not be fetched", mdname);
return 0;
}
+#ifdef FIPS_MODULE
sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
+#else
+ sha1_allowed = 0;
+#endif
md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
sha1_allowed);
if (md_nid < 0) {
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index 325e855333..bea397f0c1 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -26,6 +26,7 @@
#include "internal/cryptlib.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
+#include "internal/sslconf.h"
#include "crypto/rsa.h"
#include "prov/providercommon.h"
#include "prov/implementations.h"
@@ -34,6 +35,7 @@
#include "prov/securitycheck.h"
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
+#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256
static OSSL_FUNC_signature_newctx_fn rsa_newctx;
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
@@ -289,10 +291,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
if (mdname != NULL) {
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
+ int md_nid;
+ size_t mdname_len = strlen(mdname);
+#ifdef FIPS_MODULE
int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
+#else
+ int sha1_allowed = 0;
+#endif
+ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
sha1_allowed);
- size_t mdname_len = strlen(mdname);
if (md == NULL
|| md_nid <= 0
@@ -1348,8 +1355,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
prsactx->pad_mode = pad_mode;
if (prsactx->md == NULL && pmdname == NULL
- && pad_mode == RSA_PKCS1_PSS_PADDING)
+ && pad_mode == RSA_PKCS1_PSS_PADDING) {
pmdname = RSA_DEFAULT_DIGEST_NAME;
+#ifndef FIPS_MODULE
+ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) {
+ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY;
+ }
+#endif
+ }
+
if (pmgf1mdname != NULL
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index fc32bb3556..4b74ee1a34 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -20,6 +20,7 @@
#include <openssl/bn.h>
#include <openssl/provider.h>
#include <openssl/param_build.h>
+#include "internal/sslconf.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
#include "internal/tlsgroups.h"
@@ -1145,11 +1146,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
= OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl));
EVP_PKEY *tmpkey = EVP_PKEY_new();
int ret = 0;
+ int ldsigs_allowed;
if (cache == NULL || tmpkey == NULL)
goto err;
ERR_set_mark();
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0);
for (i = 0, lu = sigalg_lookup_tbl;
i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
EVP_PKEY_CTX *pctx;
@@ -1169,6 +1172,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
cache[i].enabled = 0;
continue;
}
+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
+ && !ldsigs_allowed) {
+ cache[i].enabled = 0;
+ continue;
+ }
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
cache[i].enabled = 0;
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 10b4e57d79..2d3c363bb0 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5426,3 +5426,5 @@ ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
--
2.35.1

@ -0,0 +1,95 @@
diff -up openssl-3.0.1/crypto/pkcs12/p12_key.c.pkc12_fips openssl-3.0.1/crypto/pkcs12/p12_key.c
--- openssl-3.0.1/crypto/pkcs12/p12_key.c.pkc12_fips 2022-02-21 12:35:24.829893907 +0100
+++ openssl-3.0.1/crypto/pkcs12/p12_key.c 2022-02-21 13:01:22.711622967 +0100
@@ -85,17 +85,41 @@ int PKCS12_key_gen_uni_ex(unsigned char
EVP_KDF *kdf;
EVP_KDF_CTX *ctx;
OSSL_PARAM params[6], *p = params;
+ char *adjusted_propq = NULL;
if (n <= 0)
return 0;
- kdf = EVP_KDF_fetch(libctx, "PKCS12KDF", propq);
- if (kdf == NULL)
+ if (ossl_get_kernel_fips_flag()) {
+ const char *nofips = "-fips";
+ size_t len = propq ? strlen(propq) + 1 + strlen(nofips) + 1 :
+ strlen(nofips) + 1;
+ char *ptr = NULL;
+
+ adjusted_propq = OPENSSL_zalloc(len);
+ if (adjusted_propq != NULL) {
+ ptr = adjusted_propq;
+ if (propq) {
+ memcpy(ptr, propq, strlen(propq));
+ ptr += strlen(propq);
+ *ptr = ',';
+ ptr++;
+ }
+ memcpy(ptr, nofips, strlen(nofips));
+ }
+ }
+
+ kdf = adjusted_propq ? EVP_KDF_fetch(libctx, "PKCS12KDF", adjusted_propq) : EVP_KDF_fetch(libctx, "PKCS12KDF", propq);
+ if (kdf == NULL) {
+ OPENSSL_free(adjusted_propq);
return 0;
+ }
ctx = EVP_KDF_CTX_new(kdf);
EVP_KDF_free(kdf);
- if (ctx == NULL)
+ if (ctx == NULL) {
+ OPENSSL_free(adjusted_propq);
return 0;
+ }
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
(char *)EVP_MD_get0_name(md_type),
@@ -127,6 +149,7 @@ int PKCS12_key_gen_uni_ex(unsigned char
} OSSL_TRACE_END(PKCS12_KEYGEN);
}
EVP_KDF_CTX_free(ctx);
+ OPENSSL_free(adjusted_propq);
return res;
}
diff -up openssl-3.0.1/apps/pkcs12.c.pkc12_fips_apps openssl-3.0.1/apps/pkcs12.c
--- openssl-3.0.1/apps/pkcs12.c.pkc12_fips_apps 2022-02-21 16:37:07.908923682 +0100
+++ openssl-3.0.1/apps/pkcs12.c 2022-02-21 17:38:44.555345633 +0100
@@ -765,15 +765,34 @@ int pkcs12_main(int argc, char **argv)
}
if (macver) {
EVP_KDF *pkcs12kdf;
+ char *adjusted_propq = NULL;
+ const char *nofips = "-fips";
+ size_t len = app_get0_propq() ? strlen(app_get0_propq()) + 1 + strlen(nofips) + 1 :
+ strlen(nofips) + 1;
+ char *ptr = NULL;
+
+ adjusted_propq = OPENSSL_zalloc(len);
+ if (adjusted_propq != NULL) {
+ ptr = adjusted_propq;
+ if (app_get0_propq()) {
+ memcpy(ptr, app_get0_propq(), strlen(app_get0_propq()));
+ ptr += strlen(app_get0_propq());
+ *ptr = ',';
+ ptr++;
+ }
+ memcpy(ptr, nofips, strlen(nofips));
+ }
pkcs12kdf = EVP_KDF_fetch(app_get0_libctx(), "PKCS12KDF",
- app_get0_propq());
+ adjusted_propq ? adjusted_propq : app_get0_propq());
if (pkcs12kdf == NULL) {
BIO_printf(bio_err, "Error verifying PKCS12 MAC; no PKCS12KDF support.\n");
BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n");
+ OPENSSL_free(adjusted_propq);
goto end;
}
EVP_KDF_free(pkcs12kdf);
+ OPENSSL_free(adjusted_propq);
/* If we enter empty password try no password first */
if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
/* If mac and crypto pass the same set it to NULL too */

@ -0,0 +1,206 @@
From c63599ee9708d543205a9173207ee7167315c624 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Tue, 1 Mar 2022 15:44:18 +0100
Subject: [PATCH] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
References: rhbz#2055796
---
crypto/x509/x509_vfy.c | 19 ++++++++++-
doc/man5/config.pod | 7 +++-
ssl/t1_lib.c | 64 ++++++++++++++++++++++++++++-------
test/recipes/25-test_verify.t | 7 ++--
4 files changed, 79 insertions(+), 18 deletions(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index ff3ca83de6..a549c1c111 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -25,6 +25,7 @@
#include <openssl/objects.h>
#include <openssl/core_names.h>
#include "internal/dane.h"
+#include "internal/sslconf.h"
#include "crypto/x509.h"
#include "x509_local.h"
@@ -3440,14 +3441,30 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
{
int secbits = -1;
int level = ctx->param->auth_level;
+ int nid;
+ OSSL_LIB_CTX *libctx = NULL;
if (level <= 0)
return 1;
if (level > NUM_AUTH_LEVELS)
level = NUM_AUTH_LEVELS;
- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
+ if (ctx->libctx)
+ libctx = ctx->libctx;
+ else if (cert->libctx)
+ libctx = cert->libctx;
+ else
+ libctx = OSSL_LIB_CTX_get0_global_default();
+
+ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL))
return 0;
+ if (nid == NID_sha1
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
+ && ctx->param->auth_level < 3)
+ /* When rh-allow-sha1-signatures = yes and security level <= 2,
+ * explicitly allow SHA1 for backwards compatibility. */
+ return 1;
+
return secbits >= minbits_table[level - 1];
}
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index aa1be5ca7f..aa69e2b844 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -305,7 +305,12 @@ When set to B<no>, any attempt to create or verify a signature with a SHA1
digest will fail. For compatibility with older versions of OpenSSL, set this
option to B<yes>. This setting also affects TLS, where signature algorithms
that use SHA1 as digest will no longer be supported if this option is set to
-B<no>.
+B<no>. Note that enabling B<rh-allow-sha1-signatures> will allow TLS signature
+algorithms that use SHA1 in security level 2, despite the definition of
+security level 2 of 112 bits of security, which SHA1 does not meet. Because
+TLS 1.1 or lower use MD5-SHA1 as pseudorandom function (PRF) to derive key
+material, disabling B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or
+newer.
=item B<fips_mode> (deprecated)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 4b74ee1a34..5f089de107 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -20,6 +20,7 @@
#include <openssl/bn.h>
#include <openssl/provider.h>
#include <openssl/param_build.h>
+#include "crypto/x509.h"
#include "internal/sslconf.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
@@ -1561,19 +1562,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
return 0;
}
- /*
- * Make sure security callback allows algorithm. For historical
- * reasons we have to pass the sigalg as a two byte char array.
- */
- sigalgstr[0] = (sig >> 8) & 0xff;
- sigalgstr[1] = sig & 0xff;
- secbits = sigalg_security_bits(s->ctx, lu);
- if (secbits == 0 ||
- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
- md != NULL ? EVP_MD_get_type(md) : NID_undef,
- (void *)sigalgstr)) {
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
- return 0;
+
+ if (lu->hash == NID_sha1
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
+ && SSL_get_security_level(s) < 3) {
+ /* when rh-allow-sha1-signatures = yes and security level <= 2,
+ * explicitly allow SHA1 for backwards compatibility */
+ } else {
+ /*
+ * Make sure security callback allows algorithm. For historical
+ * reasons we have to pass the sigalg as a two byte char array.
+ */
+ sigalgstr[0] = (sig >> 8) & 0xff;
+ sigalgstr[1] = sig & 0xff;
+ secbits = sigalg_security_bits(s->ctx, lu);
+ if (secbits == 0 ||
+ !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
+ md != NULL ? EVP_MD_get_type(md) : NID_undef,
+ (void *)sigalgstr)) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
+ return 0;
+ }
}
/* Store the sigalg the peer uses */
s->s3.tmp.peer_sigalg = lu;
@@ -2106,6 +2115,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
}
}
+ if (lu->hash == NID_sha1
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
+ && SSL_get_security_level(s) < 3) {
+ /* when rh-allow-sha1-signatures = yes and security level <= 2,
+ * explicitly allow SHA1 for backwards compatibility */
+ return 1;
+ }
+
/* Finally see if security callback allows it */
secbits = sigalg_security_bits(s->ctx, lu);
sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
@@ -2977,6 +2994,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
{
/* Lookup signature algorithm digest */
int secbits, nid, pknid;
+ OSSL_LIB_CTX *libctx = NULL;
+
/* Don't check signature if self signed */
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
return 1;
@@ -2985,6 +3004,25 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
/* If digest NID not defined use signature NID */
if (nid == NID_undef)
nid = pknid;
+
+ if (x && x->libctx)
+ libctx = x->libctx;
+ else if (ctx && ctx->libctx)
+ libctx = ctx->libctx;
+ else if (s && s->ctx && s->ctx->libctx)
+ libctx = s->ctx->libctx;
+ else
+ libctx = OSSL_LIB_CTX_get0_global_default();
+
+ if (nid == NID_sha1
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
+ && ((s != NULL && SSL_get_security_level(s) < 3)
+ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 3)
+ ))
+ /* When rh-allow-sha1-signatures = yes and security level <= 2,
+ * explicitly allow SHA1 for backwards compatibility. */
+ return 1;
+
if (s)
return ssl_security(s, op, secbits, nid, x);
else
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 700bbd849c..2de1d76b5e 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -29,7 +29,7 @@ sub verify {
run(app([@args]));
}
-plan tests => 163;
+plan tests => 162;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -387,8 +387,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
"CA with PSS signature using SHA256");
-ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
- "Reject PSS signature using SHA1 and auth level 1");
+## rh-allow-sha1-signatures=yes allows this to pass despite -auth_level 1
+#ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
+# "Reject PSS signature using SHA1 and auth level 1");
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
"PSS signature using SHA256 and auth level 2");
--
2.35.1

@ -0,0 +1,188 @@
From 23f1773ddf92979006d0f438523f3c73320c384f Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 28 Feb 2022 18:26:30 +0100
Subject: [PATCH] Add documentation of BN_mod_sqrt()
---
doc/man3/BN_add.pod | 15 +++++++++++++--
util/missingcrypto.txt | 1 -
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod
index 62d3ee7205..cf6c49c0e3 100644
--- a/doc/man3/BN_add.pod
+++ b/doc/man3/BN_add.pod
@@ -3,7 +3,7 @@
=head1 NAME
BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
-BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd -
+BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd -
arithmetic operations on BIGNUMs
=head1 SYNOPSIS
@@ -36,6 +36,8 @@ arithmetic operations on BIGNUMs
int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+ BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+
int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
@@ -87,6 +89,12 @@ L<BN_mod_mul_reciprocal(3)>.
BN_mod_sqr() takes the square of I<a> modulo B<m> and places the
result in I<r>.
+BN_mod_sqrt() returns the modular square root of I<a> such that
+C<in^2 = a (mod p)>. The modulus I<p> must be a
+prime, otherwise an error or an incorrect "result" will be returned.
+The result is stored into I<in> which can be NULL. The result will be
+newly allocated in that case.
+
BN_exp() raises I<a> to the I<p>-th power and places the result in I<r>
(C<r=a^p>). This function is faster than repeated applications of
BN_mul().
@@ -108,7 +116,10 @@ the arguments.
=head1 RETURN VALUES
-For all functions, 1 is returned for success, 0 on error. The return
+The BN_mod_sqrt() returns the result (possibly incorrect if I<p> is
+not a prime), or NULL.
+
+For all remaining functions, 1 is returned for success, 0 on error. The return
value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>).
The error codes can be obtained by L<ERR_get_error(3)>.
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index b61bdeb880..4d2fd7f6b7 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -264,7 +264,6 @@ BN_mod_lshift(3)
BN_mod_lshift1(3)
BN_mod_lshift1_quick(3)
BN_mod_lshift_quick(3)
-BN_mod_sqrt(3)
BN_mod_sub_quick(3)
BN_nist_mod_192(3)
BN_nist_mod_224(3)
From 46673310c9a755b2a56f53d115854983d6ada11a Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 28 Feb 2022 18:26:35 +0100
Subject: [PATCH] Add a negative testcase for BN_mod_sqrt
---
test/bntest.c | 11 ++++++++++-
test/recipes/10-test_bn_data/bnmod.txt | 12 ++++++++++++
2 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/test/bntest.c b/test/bntest.c
index efdb3ef963..d49f87373a 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -1732,8 +1732,17 @@ static int file_modsqrt(STANZA *s)
|| !TEST_ptr(ret2 = BN_new()))
goto err;
+ if (BN_is_negative(mod_sqrt)) {
+ /* A negative testcase */
+ if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx)))
+ goto err;
+
+ st = 1;
+ goto err;
+ }
+
/* There are two possible answers. */
- if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx))
+ if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx))
|| !TEST_true(BN_sub(ret2, p, ret)))
goto err;
diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt
index e22d656091..bc8a434ea5 100644
--- a/test/recipes/10-test_bn_data/bnmod.txt
+++ b/test/recipes/10-test_bn_data/bnmod.txt
@@ -2799,3 +2799,15 @@ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
ModSqrt = a1d52989f12f204d3d2167d9b1e6c8a6174c0c786a979a5952383b7b8bd186
A = 2eee37cf06228a387788188e650bc6d8a2ff402931443f69156a29155eca07dcb45f3aac238d92943c0c25c896098716baa433f25bd696a142f5a69d5d937e81
P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
+
+# Negative testcases for BN_mod_sqrt()
+
+# This one triggers an infinite loop with unfixed implementation
+# It should just fail.
+ModSqrt = -1
+A = 20a7ee
+P = 460201
+
+ModSqrt = -1
+A = 65bebdb00a96fc814ec44b81f98b59fba3c30203928fa5214c51e0a97091645280c947b005847f239758482b9bfc45b066fde340d1fe32fc9c1bf02e1b2d0ed
+P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
From cafcc62d7719dea73f334c9ef763d1e215fcd94d Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 28 Feb 2022 18:26:21 +0100
Subject: [PATCH] Fix possible infinite loop in BN_mod_sqrt()
The calculation in some cases does not finish for non-prime p.
This fixes CVE-2022-0778.
Based on patch by David Benjamin <davidben@google.com>.
---
crypto/bn/bn_sqrt.c | 30 ++++++++++++++++++------------
1 file changed, 18 insertions(+), 12 deletions(-)
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
index b663ae5ec5..c5ea7ab194 100644
--- a/crypto/bn/bn_sqrt.c
+++ b/crypto/bn/bn_sqrt.c
@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
/*
* Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks
* algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number
- * Theory", algorithm 1.5.1). 'p' must be prime!
+ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or
+ * an incorrect "result" will be returned.
*/
{
BIGNUM *ret = in;
@@ -303,18 +304,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
goto vrfy;
}
- /* find smallest i such that b^(2^i) = 1 */
- i = 1;
- if (!BN_mod_sqr(t, b, p, ctx))
- goto end;
- while (!BN_is_one(t)) {
- i++;
- if (i == e) {
- ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE);
- goto end;
+ /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */
+ for (i = 1; i < e; i++) {
+ if (i == 1) {
+ if (!BN_mod_sqr(t, b, p, ctx))
+ goto end;
+
+ } else {
+ if (!BN_mod_mul(t, t, t, p, ctx))
+ goto end;
}
- if (!BN_mod_mul(t, t, t, p, ctx))
- goto end;
+ if (BN_is_one(t))
+ break;
+ }
+ /* If not found, a is not a square or p is not prime. */
+ if (i >= e) {
+ ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE);
+ goto end;
}
/* t := y^2^(e - i - 1) */

@ -0,0 +1,53 @@
From 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 2 Feb 2022 17:47:26 +0100
Subject: [PATCH] Replace size check with more meaningful pubkey check
It does not make sense to check the size because this
function can be used in other contexts than in TLS-1.3 and
the value might not be padded to the size of p.
However it makes sense to do the partial pubkey check because
there is no valid reason having the pubkey value outside the
1 < pubkey < p-1 bounds.
Fixes #15465
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17630)
---
crypto/dh/dh_key.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 6b8cd550f2..c78ed618bf 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -375,20 +375,17 @@ int ossl_dh_buf2key(DH *dh, const unsigned char *buf, size_t len)
int err_reason = DH_R_BN_ERROR;
BIGNUM *pubkey = NULL;
const BIGNUM *p;
- size_t p_size;
+ int ret;
if ((pubkey = BN_bin2bn(buf, len, NULL)) == NULL)
goto err;
DH_get0_pqg(dh, &p, NULL, NULL);
- if (p == NULL || (p_size = BN_num_bytes(p)) == 0) {
+ if (p == NULL || BN_num_bytes(p) == 0) {
err_reason = DH_R_NO_PARAMETERS_SET;
goto err;
}
- /*
- * As per Section 4.2.8.1 of RFC 8446 fail if DHE's
- * public key is of size not equal to size of p
- */
- if (BN_is_zero(pubkey) || p_size != len) {
+ /* Prevent small subgroup attacks per RFC 8446 Section 4.2.8.1 */
+ if (!ossl_dh_check_pub_key_partial(dh, pubkey, &ret)) {
err_reason = DH_R_INVALID_PUBKEY;
goto err;
}
--
2.35.1

@ -0,0 +1,23 @@
diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
index e1da724bd2f4..2bee5ef19447 100644
--- a/crypto/core_namemap.c
+++ b/crypto/core_namemap.c
@@ -409,14 +409,16 @@ static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg)
{
const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type);
- get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
+ if (cipher != NULL)
+ get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
}
static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
{
const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type);
- get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
+ if (md != NULL)
+ get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
}
static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,

File diff suppressed because it is too large Load Diff

@ -0,0 +1,104 @@
From 68f23e3725d9639f5b27d868fee291cabb516677 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Fri, 22 Apr 2022 18:16:56 +0200
Subject: [PATCH 1/2] Ensure we initialized the locale before
evp_pkey_name2type
Fixes #18158
---
crypto/evp/pmeth_lib.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 2b9c6c2351da..92d25de44532 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -27,6 +27,7 @@
#ifndef FIPS_MODULE
# include "crypto/asn1.h"
#endif
+#include "crypto/ctype.h"
#include "crypto/evp.h"
#include "crypto/dh.h"
#include "crypto/ec.h"
@@ -199,6 +200,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,
}
#ifndef FIPS_MODULE
if (keytype != NULL) {
+ ossl_init_casecmp();
id = evp_pkey_name2type(keytype);
if (id == NID_undef)
id = -1;
From 51c7b2d9c30b72aeb7e8eb69799dc039d5b23e58 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Fri, 22 Apr 2022 19:26:08 +0200
Subject: [PATCH 2/2] Testing the EVP_PKEY_CTX_new_from_name without
preliminary init
---
test/build.info | 6 +++++-
test/evp_pkey_ctx_new_from_name.c | 14 ++++++++++++++
test/recipes/02-test_localetest.t | 4 +++-
3 files changed, 22 insertions(+), 2 deletions(-)
create mode 100644 test/evp_pkey_ctx_new_from_name.c
diff --git a/test/build.info b/test/build.info
index 14a84f00a258..ee059973d31a 100644
--- a/test/build.info
+++ b/test/build.info
@@ -37,7 +37,7 @@ IF[{- !$disabled{tests} -}]
sanitytest rsa_complex exdatatest bntest \
ecstresstest gmdifftest pbelutest \
destest mdc2test sha_test \
- exptest pbetest localetest \
+ exptest pbetest localetest evp_pkey_ctx_new_from_name\
evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
evp_fetch_prov_test evp_libctx_test ossl_store_test \
v3nametest v3ext \
@@ -139,6 +139,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[localetest]=../include ../apps/include
DEPEND[localetest]=../libcrypto libtestutil.a
+ SOURCE[evp_pkey_ctx_new_from_name]=evp_pkey_ctx_new_from_name.c
+ INCLUDE[evp_pkey_ctx_new_from_name]=../include ../apps/include
+ DEPEND[evp_pkey_ctx_new_from_name]=../libcrypto
+
SOURCE[pbetest]=pbetest.c
INCLUDE[pbetest]=../include ../apps/include
DEPEND[pbetest]=../libcrypto libtestutil.a
diff --git a/test/evp_pkey_ctx_new_from_name.c b/test/evp_pkey_ctx_new_from_name.c
new file mode 100644
index 000000000000..24063ea05ea5
--- /dev/null
+++ b/test/evp_pkey_ctx_new_from_name.c
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <openssl/ec.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+
+int main(int argc, char *argv[])
+{
+ EVP_PKEY_CTX *pctx = NULL;
+
+ pctx = EVP_PKEY_CTX_new_from_name(NULL, "NO_SUCH_ALGORITHM", NULL);
+ EVP_PKEY_CTX_free(pctx);
+
+ return 0;
+}
diff --git a/test/recipes/02-test_localetest.t b/test/recipes/02-test_localetest.t
index 1bccd57d4c63..77fba7d819ab 100644
--- a/test/recipes/02-test_localetest.t
+++ b/test/recipes/02-test_localetest.t
@@ -15,7 +15,9 @@ setup("locale tests");
plan skip_all => "Locale tests not available on Windows or VMS"
if $^O =~ /^(VMS|MSWin32)$/;
-plan tests => 2;
+plan tests => 3;
+
+ok(run(test(["evp_pkey_ctx_new_from_name"])), "running evp_pkey_ctx_new_from_name without explicit context init");
$ENV{LANG} = "C";
ok(run(test(["localetest"])), "running localetest");

@ -0,0 +1,540 @@
diff -up openssl-3.0.1/providers/common/securitycheck.c.rsaenc openssl-3.0.1/providers/common/securitycheck.c
--- openssl-3.0.1/providers/common/securitycheck.c.rsaenc 2022-06-24 17:14:33.634692729 +0200
+++ openssl-3.0.1/providers/common/securitycheck.c 2022-06-24 17:16:08.966540605 +0200
@@ -27,6 +27,7 @@
* Set protect = 1 for encryption or signing operations, or 0 otherwise. See
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
*/
+/* Red Hat build implements some extra limitations in providers/implementations/asymciphers/rsa_enc.c */
int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation)
{
int protect = 0;
diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c
--- openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad 2022-05-02 16:04:47.000091901 +0200
+++ openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c 2022-05-02 16:14:50.922443581 +0200
@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsac
return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT);
}
+# ifdef FIPS_MODULE
+static int fips_padding_allowed(const PROV_RSA_CTX *prsactx)
+{
+ if (prsactx->pad_mode == RSA_PKCS1_PADDING
+ || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING)
+ return 0;
+
+ return 1;
+}
+# endif
+
static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
size_t outsize, const unsigned char *in, size_t inlen)
{
@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, u
if (!ossl_prov_is_running())
return 0;
+# ifdef FIPS_MODULE
+ if (fips_padding_allowed(prsactx) == 0) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
+ return 0;
+ }
+
+ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
+# endif
+
if (out == NULL) {
size_t len = RSA_size(prsactx->rsa);
@@ -202,6 +220,18 @@ static int rsa_decrypt(void *vprsactx, u
if (!ossl_prov_is_running())
return 0;
+# ifdef FIPS_MODULE
+ if (fips_padding_allowed(prsactx) == 0) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
+ return 0;
+ }
+
+ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
+# endif
+
if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) {
if (out == NULL) {
*outlen = SSL_MAX_MASTER_KEY_LENGTH;
diff -up openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_cms.t
--- openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad 2022-05-02 17:04:07.610782138 +0200
+++ openssl-3.0.1/test/recipes/80-test_cms.t 2022-05-02 17:06:03.595814620 +0200
@@ -232,7 +232,7 @@ my @smime_pkcs7_tests = (
\&final_compare
],
- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
+ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS",
[ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
"-aes256", "-stream", "-out", "{output}.cms",
$smrsa1,
@@ -865,5 +865,8 @@ sub check_availability {
return "$tnam: skipped, DSA disabled\n"
if ($no_dsa && $tnam =~ / DSA/);
+ return "$tnam: skipped, Red Hat FIPS\n"
+ if ($tnam =~ /no Red Hat FIPS/);
+
return "";
}
diff -up openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_ssl_old.t
--- openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad 2022-05-02 17:26:37.962838053 +0200
+++ openssl-3.0.1/test/recipes/80-test_ssl_old.t 2022-05-02 17:34:20.297950449 +0200
@@ -483,6 +483,18 @@ sub testssl {
# the default choice if TLSv1.3 enabled
my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
my $ciphersuites = "";
+ my %redhat_skip_cipher = map {$_ => 1} qw(
+AES256-GCM-SHA384:@SECLEVEL=0
+AES256-CCM8:@SECLEVEL=0
+AES256-CCM:@SECLEVEL=0
+AES128-GCM-SHA256:@SECLEVEL=0
+AES128-CCM8:@SECLEVEL=0
+AES128-CCM:@SECLEVEL=0
+AES256-SHA256:@SECLEVEL=0
+AES128-SHA256:@SECLEVEL=0
+AES256-SHA:@SECLEVEL=0
+AES128-SHA:@SECLEVEL=0
+ );
foreach my $cipher (@{$ciphersuites{$protocol}}) {
if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
note "*****SKIPPING $protocol $cipher";
@@ -494,11 +506,16 @@ sub testssl {
} else {
$cipher = $cipher.':@SECLEVEL=0';
}
- ok(run(test([@ssltest, @exkeys, "-cipher",
- $cipher,
- "-ciphersuites", $ciphersuites,
- $flag || ()])),
- "Testing $cipher");
+ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) {
+ note "*****SKIPPING $cipher in Red Hat FIPS mode";
+ ok(1);
+ } else {
+ ok(run(test([@ssltest, @exkeys, "-cipher",
+ $cipher,
+ "-ciphersuites", $ciphersuites,
+ $flag || ()])),
+ "Testing $cipher");
+ }
}
}
next if $protocol eq "-tls1_3";
diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
--- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen 2022-06-16 14:26:19.383530498 +0200
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2022-06-16 14:39:53.637777701 +0200
@@ -263,12 +263,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974
Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
# RSA decrypt
-
+Availablein = default
Decrypt = RSA-2048
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
Output = "Hello World"
# Corrupted ciphertext
+Availablein = default
Decrypt = RSA-2048
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79
Output = "Hello World"
@@ -665,36 +666,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mN
h90qjKHS9PvY4Q==
-----END PRIVATE KEY-----
+Availablein = default
Decrypt=RSA-OAEP-1
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a
Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34
+Availablein = default
Decrypt=RSA-OAEP-1
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44
Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5
+Availablein = default
Decrypt=RSA-OAEP-1
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb
Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051
+Availablein = default
Decrypt=RSA-OAEP-1
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755
Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85
+Availablein = default
Decrypt=RSA-OAEP-1
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439
Output=8da89fd9e5f974a29feffb462b49180f6cf9e802
+Availablein = default
Decrypt=RSA-OAEP-1
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -719,36 +726,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64
eG2e4XlBcKjI6A==
-----END PRIVATE KEY-----
+Availablein = default
Decrypt=RSA-OAEP-2
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e
Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7
+Availablein = default
Decrypt=RSA-OAEP-2
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245
Output=2d
+Availablein = default
Decrypt=RSA-OAEP-2
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053
Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e
+Availablein = default
Decrypt=RSA-OAEP-2
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641
Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a
+Availablein = default
Decrypt=RSA-OAEP-2
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec
Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c
+Availablein = default
Decrypt=RSA-OAEP-2
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -773,36 +786,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+W
Ya4qnqZe1onjY5o=
-----END PRIVATE KEY-----
+Availablein = default
Decrypt=RSA-OAEP-3
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80
Output=087820b569e8fa8d
+Availablein = default
Decrypt=RSA-OAEP-3
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5
Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04
+Availablein = default
Decrypt=RSA-OAEP-3
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a
Output=d94cd0e08fa404ed89
+Availablein = default
Decrypt=RSA-OAEP-3
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0
Output=6cc641b6b61e6f963974dad23a9013284ef1
+Availablein = default
Decrypt=RSA-OAEP-3
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60
Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223
+Availablein = default
Decrypt=RSA-OAEP-3
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -827,36 +846,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/
aD0x7TDrmEvkEro=
-----END PRIVATE KEY-----
+Availablein = default
Decrypt=RSA-OAEP-4
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8
Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2
+Availablein = default
Decrypt=RSA-OAEP-4
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e
Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8
+Availablein = default
Decrypt=RSA-OAEP-4
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065
Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99
+Availablein = default
Decrypt=RSA-OAEP-4
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4
Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e
+Availablein = default
Decrypt=RSA-OAEP-4
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2
Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284
+Availablein = default
Decrypt=RSA-OAEP-4
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -881,36 +906,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/
MSwGUGLx60i3nRyDyw==
-----END PRIVATE KEY-----
+Availablein = default
Decrypt=RSA-OAEP-5
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5
Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8
+Availablein = default
Decrypt=RSA-OAEP-5
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad
Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399
+Availablein = default
Decrypt=RSA-OAEP-5
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967
Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7
+Availablein = default
Decrypt=RSA-OAEP-5
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf
Output=15c5b9ee1185
+Availablein = default
Decrypt=RSA-OAEP-5
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723
Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a
+Availablein = default
Decrypt=RSA-OAEP-5
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -935,36 +966,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hq
Yejn5Ly8mU2q+jBcRQ==
-----END PRIVATE KEY-----
+Availablein = default
Decrypt=RSA-OAEP-6
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3
Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4
+Availablein = default
Decrypt=RSA-OAEP-6
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f
Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7
+Availablein = default
Decrypt=RSA-OAEP-6
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65
Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c
+Availablein = default
Decrypt=RSA-OAEP-6
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8
Output=684e3038c5c041f7
+Availablein = default
Decrypt=RSA-OAEP-6
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab
Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693
+Availablein = default
Decrypt=RSA-OAEP-6
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -989,36 +1026,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4
FMlxv0gq65dqc3DC
-----END PRIVATE KEY-----
+Availablein = default
Decrypt=RSA-OAEP-7
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1
Output=47aae909
+Availablein = default
Decrypt=RSA-OAEP-7
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6
Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7
+Availablein = default
Decrypt=RSA-OAEP-7
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b
Output=d976fc
+Availablein = default
Decrypt=RSA-OAEP-7
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac
Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb
+Availablein = default
Decrypt=RSA-OAEP-7
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478
Output=bb47231ca5ea1d3ad46c99345d9a8a61
+Availablein = default
Decrypt=RSA-OAEP-7
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -1043,36 +1086,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15E
2MiPa249Z+lh3Luj0A==
-----END PRIVATE KEY-----
+Availablein = default
Decrypt=RSA-OAEP-8
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61
Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967
+Availablein = default
Decrypt=RSA-OAEP-8
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d
Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc
+Availablein = default
Decrypt=RSA-OAEP-8
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f
Output=8604ac56328c1ab5ad917861
+Availablein = default
Decrypt=RSA-OAEP-8
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0
Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc
+Availablein = default
Decrypt=RSA-OAEP-8
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2
Output=4a5f4914bee25de3c69341de07
+Availablein = default
Decrypt=RSA-OAEP-8
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -1103,36 +1152,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSc
tKo5Eb69iFQvBb4=
-----END PRIVATE KEY-----
+Availablein = default
Decrypt=RSA-OAEP-9
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72
Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6
+Availablein = default
Decrypt=RSA-OAEP-9
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8
Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659
+Availablein = default
Decrypt=RSA-OAEP-9
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3
Output=fd326429df9b890e09b54b18b8f34f1e24
+Availablein = default
Decrypt=RSA-OAEP-9
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858
Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e
+Availablein = default
Decrypt=RSA-OAEP-9
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e
Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d
+Availablein = default
Decrypt=RSA-OAEP-9
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1

@ -0,0 +1,420 @@
diff -up openssl-3.0.1/crypto/ec/ec_backend.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_backend.c
--- openssl-3.0.1/crypto/ec/ec_backend.c.fips_kat_signature 2022-04-04 15:49:24.786455707 +0200
+++ openssl-3.0.1/crypto/ec/ec_backend.c 2022-04-04 16:06:13.250271963 +0200
@@ -393,6 +393,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con
const OSSL_PARAM *param_priv_key = NULL, *param_pub_key = NULL;
BN_CTX *ctx = NULL;
BIGNUM *priv_key = NULL;
+#ifdef FIPS_MODULE
+ const OSSL_PARAM *param_sign_kat_k = NULL;
+ BIGNUM *sign_kat_k = NULL;
+#endif
unsigned char *pub_key = NULL;
size_t pub_key_len;
const EC_GROUP *ecg = NULL;
@@ -408,7 +412,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con
if (include_private)
param_priv_key =
OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
-
+#ifdef FIPS_MODULE
+ param_sign_kat_k =
+ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K);
+#endif
ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(ec));
if (ctx == NULL)
goto err;
@@ -481,6 +489,17 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con
&& !EC_KEY_set_public_key(ec, pub_point))
goto err;
+#ifdef FIPS_MODULE
+ if (param_sign_kat_k) {
+ if ((sign_kat_k = BN_secure_new()) == NULL)
+ goto err;
+ BN_set_flags(sign_kat_k, BN_FLG_CONSTTIME);
+
+ if (!OSSL_PARAM_get_BN(param_sign_kat_k, &sign_kat_k))
+ goto err;
+ ec->sign_kat_k = sign_kat_k;
+ }
+#endif
ok = 1;
err:
diff -up openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature openssl-3.0.1/crypto/ec/ecdsa_ossl.c
--- openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature 2022-04-04 17:01:35.725323127 +0200
+++ openssl-3.0.1/crypto/ec/ecdsa_ossl.c 2022-04-04 17:03:42.000427050 +0200
@@ -20,6 +20,10 @@
#include "crypto/bn.h"
#include "ec_local.h"
+#ifdef FIPS_MODULE
+extern int REDHAT_FIPS_signature_st;
+#endif
+
int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
BIGNUM **rp)
{
@@ -126,6 +130,11 @@ static int ecdsa_sign_setup(EC_KEY *ecke
goto err;
do {
+#ifdef FIPS_MODULE
+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) {
+ BN_copy(k, eckey->sign_kat_k);
+ } else {
+#endif
/* get random k */
do {
if (dgst != NULL) {
@@ -141,7 +150,9 @@ static int ecdsa_sign_setup(EC_KEY *ecke
}
}
} while (BN_is_zero(k));
-
+#ifdef FIPS_MODULE
+ }
+#endif
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_key.c
--- openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature 2022-04-04 13:48:52.231172299 +0200
+++ openssl-3.0.1/crypto/ec/ec_key.c 2022-04-04 14:00:35.077368605 +0200
@@ -97,6 +97,9 @@ void EC_KEY_free(EC_KEY *r)
EC_GROUP_free(r->group);
EC_POINT_free(r->pub_key);
BN_clear_free(r->priv_key);
+#ifdef FIPS_MODULE
+ BN_clear_free(r->sign_kat_k);
+#endif
OPENSSL_free(r->propq);
OPENSSL_clear_free((void *)r, sizeof(EC_KEY));
diff -up openssl-3.0.1/crypto/ec/ec_local.h.fips_kat_signature openssl-3.0.1/crypto/ec/ec_local.h
--- openssl-3.0.1/crypto/ec/ec_local.h.fips_kat_signature 2022-04-04 13:46:57.576161867 +0200
+++ openssl-3.0.1/crypto/ec/ec_local.h 2022-04-04 13:48:07.827780835 +0200
@@ -298,6 +298,9 @@ struct ec_key_st {
#ifndef FIPS_MODULE
CRYPTO_EX_DATA ex_data;
#endif
+#ifdef FIPS_MODULE
+ BIGNUM *sign_kat_k;
+#endif
CRYPTO_RWLOCK *lock;
OSSL_LIB_CTX *libctx;
char *propq;
diff -up openssl-3.0.1/include/openssl/core_names.h.fips_kat_signature openssl-3.0.1/include/openssl/core_names.h
--- openssl-3.0.1/include/openssl/core_names.h.fips_kat_signature 2022-04-04 14:06:15.717370014 +0200
+++ openssl-3.0.1/include/openssl/core_names.h 2022-04-04 14:07:35.376071229 +0200
@@ -293,6 +293,7 @@ extern "C" {
#define OSSL_PKEY_PARAM_DIST_ID "distid"
#define OSSL_PKEY_PARAM_PUB_KEY "pub"
#define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+#define OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K "rh_sign_kat_k"
/* Diffie-Hellman/DSA Parameters */
#define OSSL_PKEY_PARAM_FFC_P "p"
diff -up openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.fips_kat_signature openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c
--- openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.fips_kat_signature 2022-04-04 14:21:03.043180906 +0200
+++ openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c 2022-04-04 14:38:33.949406645 +0200
@@ -530,7 +530,8 @@ end:
# define EC_IMEXPORTABLE_PUBLIC_KEY \
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
# define EC_IMEXPORTABLE_PRIVATE_KEY \
- OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), \
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, NULL, 0)
# define EC_IMEXPORTABLE_OTHER_PARAMETERS \
OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), \
OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL)
diff -up openssl-3.0.1/providers/fips/self_test_kats.c.kat openssl-3.0.1/providers/fips/self_test_kats.c
--- openssl-3.0.1/providers/fips/self_test_kats.c.kat 2022-05-10 15:10:32.502185265 +0200
+++ openssl-3.0.1/providers/fips/self_test_kats.c 2022-05-10 15:13:21.465653720 +0200
@@ -17,6 +17,8 @@
#include "self_test.h"
#include "self_test_data.inc"
+int REDHAT_FIPS_signature_st = 0;
+
static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st,
OSSL_LIB_CTX *libctx)
{
@@ -446,6 +448,7 @@ static int self_test_sign(const ST_KAT_S
EVP_PKEY *pkey = NULL;
unsigned char sig[256];
BN_CTX *bnctx = NULL;
+ BIGNUM *K = NULL;
size_t siglen = sizeof(sig);
static const unsigned char dgst[] = {
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
@@ -462,6 +465,9 @@ static int self_test_sign(const ST_KAT_S
bnctx = BN_CTX_new_ex(libctx);
if (bnctx == NULL)
goto err;
+ K = BN_CTX_get(bnctx);
+ if (K == NULL || BN_bin2bn(dgst, sizeof(dgst), K) == NULL)
+ goto err;
bld = OSSL_PARAM_BLD_new();
if (bld == NULL)
@@ -469,6 +475,9 @@ static int self_test_sign(const ST_KAT_S
if (!add_params(bld, t->key, bnctx))
goto err;
+ /* set K for ECDSA KAT tests */
+ if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, K))
+ goto err;
params = OSSL_PARAM_BLD_to_param(bld);
/* Create a EVP_PKEY_CTX to load the DSA key into */
@@ -689,11 +698,13 @@ static int self_test_kas(OSSL_SELF_TEST
static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
{
int i, ret = 1;
+ REDHAT_FIPS_signature_st = 1;
for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) {
if (!self_test_sign(&st_kat_sign_tests[i], st, libctx))
ret = 0;
}
+ REDHAT_FIPS_signature_st = 0;
return ret;
}
diff -up openssl-3.0.1/providers/fips/self_test_data.inc.kat openssl-3.0.1/providers/fips/self_test_data.inc
--- openssl-3.0.1/providers/fips/self_test_data.inc.kat 2022-05-16 17:37:34.962807400 +0200
+++ openssl-3.0.1/providers/fips/self_test_data.inc 2022-05-16 17:48:10.709376779 +0200
@@ -1399,7 +1399,151 @@ static const ST_KAT_PARAM ecdsa_prime_ke
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv),
ST_KAT_PARAM_END()
};
+static const unsigned char ec224r1_kat_sig[] = {
+0x30, 0x3c, 0x02, 0x1c, 0x2f, 0x24, 0x30, 0x96, 0x3b, 0x39, 0xe0, 0xab, 0xe2, 0x5a, 0x6f, 0xe0,
+0x40, 0x7e, 0x19, 0x30, 0x6e, 0x6a, 0xfd, 0x7a, 0x2b, 0x5d, 0xaa, 0xc2, 0x34, 0x6c, 0xc8, 0xce,
+0x02, 0x1c, 0x47, 0xe1, 0xac, 0xfd, 0xb4, 0xb8, 0x2b, 0x8c, 0x49, 0xb6, 0x36, 0xcd, 0xdd, 0x22,
+0x2a, 0x2d, 0x29, 0x64, 0x70, 0x61, 0xc3, 0x3e, 0x18, 0x51, 0xec, 0xf2, 0xad, 0x3c
+};
+static const char ecd_prime_curve_name384[] = "secp384r1";
+/*
+priv:
+ 58:12:2b:94:be:29:23:13:83:f5:c4:20:e8:22:34:
+ 54:73:49:91:10:05:e9:10:e9:d7:2d:72:9c:5e:6a:
+ ba:8f:6d:d6:e4:a7:eb:e0:ae:e3:d4:c9:aa:33:87:
+ 4c:91:87
+pub:
+ 04:d1:86:8b:f5:c4:a2:f7:a5:92:e6:85:2a:d2:92:
+ 81:97:0a:8d:fa:09:3f:84:6c:17:43:03:43:49:23:
+ 77:c4:31:f4:0a:a4:de:87:ac:5c:c0:d1:bc:e4:43:
+ 7f:8d:44:e1:3b:5f:bc:27:c8:79:0f:d0:31:9f:a7:
+ 6d:de:fb:f7:da:19:40:fd:aa:83:dc:69:ce:a6:f3:
+ 4d:65:20:1c:66:82:80:03:f7:7b:2e:f3:b3:7c:1f:
+ 11:f2:a3:bf:e8:0e:88
+*/
+static const unsigned char ecd_prime_priv384[] = {
+ 0x58, 0x12, 0x2b, 0x94, 0xbe, 0x29, 0x23, 0x13, 0x83, 0xf5, 0xc4, 0x20, 0xe8, 0x22, 0x34,
+ 0x54, 0x73, 0x49, 0x91, 0x10, 0x05, 0xe9, 0x10, 0xe9, 0xd7, 0x2d, 0x72, 0x9c, 0x5e, 0x6a,
+ 0xba, 0x8f, 0x6d, 0xd6, 0xe4, 0xa7, 0xeb, 0xe0, 0xae, 0xe3, 0xd4, 0xc9, 0xaa, 0x33, 0x87,
+ 0x4c, 0x91, 0x87
+};
+static const unsigned char ecd_prime_pub384[] = {
+ 0x04, 0xd1, 0x86, 0x8b, 0xf5, 0xc4, 0xa2, 0xf7, 0xa5, 0x92, 0xe6, 0x85, 0x2a, 0xd2, 0x92,
+ 0x81, 0x97, 0x0a, 0x8d, 0xfa, 0x09, 0x3f, 0x84, 0x6c, 0x17, 0x43, 0x03, 0x43, 0x49, 0x23,
+ 0x77, 0xc4, 0x31, 0xf4, 0x0a, 0xa4, 0xde, 0x87, 0xac, 0x5c, 0xc0, 0xd1, 0xbc, 0xe4, 0x43,
+ 0x7f, 0x8d, 0x44, 0xe1, 0x3b, 0x5f, 0xbc, 0x27, 0xc8, 0x79, 0x0f, 0xd0, 0x31, 0x9f, 0xa7,
+ 0x6d, 0xde, 0xfb, 0xf7, 0xda, 0x19, 0x40, 0xfd, 0xaa, 0x83, 0xdc, 0x69, 0xce, 0xa6, 0xf3,
+ 0x4d, 0x65, 0x20, 0x1c, 0x66, 0x82, 0x80, 0x03, 0xf7, 0x7b, 0x2e, 0xf3, 0xb3, 0x7c, 0x1f,
+ 0x11, 0xf2, 0xa3, 0xbf, 0xe8, 0x0e, 0x88
+};
+static const ST_KAT_PARAM ecdsa_prime_key384[] = {
+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name384),
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub384),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv384),
+ ST_KAT_PARAM_END()
+};
+static const unsigned char ec384r1_kat_sig[] = {
+0x30, 0x65, 0x02, 0x30, 0x1a, 0xd5, 0x57, 0x1b, 0x28, 0x0f, 0xf1, 0x68, 0x66, 0x68, 0x8a, 0x98,
+0xe3, 0x9c, 0xce, 0x7f, 0xa7, 0x68, 0xdc, 0x84, 0x5a, 0x65, 0xdc, 0x2b, 0x5d, 0x7e, 0xf3, 0x9b,
+0xa0, 0x40, 0xe8, 0x7a, 0x02, 0xc7, 0x82, 0xe0, 0x0c, 0x81, 0xa5, 0xda, 0x55, 0x27, 0xbf, 0x79,
+0xee, 0x72, 0xc2, 0x14, 0x02, 0x31, 0x00, 0xd1, 0x9d, 0x67, 0xda, 0x5a, 0xd2, 0x58, 0x68, 0xe7,
+0x71, 0x08, 0xb2, 0xa4, 0xe4, 0xe8, 0x74, 0xb4, 0x0a, 0x3d, 0x76, 0x49, 0x31, 0x17, 0x6e, 0x33,
+0x16, 0xf0, 0x00, 0x1f, 0x3c, 0x1f, 0xf9, 0x7c, 0xdb, 0x93, 0x49, 0x9c, 0x7d, 0xb3, 0xd3, 0x30,
+0x98, 0x81, 0x6f, 0xb0, 0xc9, 0x30, 0x2f
+};
+static const char ecd_prime_curve_name521[] = "secp521r1";
+/*
+priv:
+ 00:44:0f:96:31:a9:87:f2:5f:be:a0:bc:ef:0c:ae:
+ 58:cc:5f:f8:44:9e:89:86:7e:bf:db:ce:cb:0e:20:
+ 10:4a:11:ec:0b:51:1d:e4:91:ca:c6:40:fb:c6:69:
+ ad:68:33:9e:c8:f5:c4:c6:a5:93:a8:4d:a9:a9:a2:
+ af:fe:6d:cb:c2:3b
+pub:
+ 04:01:5f:58:a9:40:0c:ee:9b:ed:4a:f4:7a:3c:a3:
+ 89:c2:f3:7e:2c:f4:b5:53:80:ae:33:7d:36:d1:b5:
+ 18:bd:ef:a9:48:00:ea:88:ee:00:5c:ca:07:08:b5:
+ 67:4a:c3:2b:10:c6:07:b0:c2:45:37:b7:1d:e3:6c:
+ e1:bf:2c:44:18:4a:aa:01:af:75:40:6a:e3:f5:b2:
+ 7f:d1:9d:1b:8b:29:1f:91:4d:db:93:bf:bd:8c:b7:
+ 6a:8d:4b:2c:36:2a:6b:ab:54:9d:7b:31:99:a4:de:
+ c9:10:c4:f4:a3:f4:6d:94:97:62:16:a5:34:65:1f:
+ 42:cd:8b:9e:e6:db:14:5d:a9:8d:19:95:8d
+*/
+static const unsigned char ecd_prime_priv521[] = {
+ 0x00, 0x44, 0x0f, 0x96, 0x31, 0xa9, 0x87, 0xf2, 0x5f, 0xbe, 0xa0, 0xbc, 0xef, 0x0c, 0xae,
+ 0x58, 0xcc, 0x5f, 0xf8, 0x44, 0x9e, 0x89, 0x86, 0x7e, 0xbf, 0xdb, 0xce, 0xcb, 0x0e, 0x20,
+ 0x10, 0x4a, 0x11, 0xec, 0x0b, 0x51, 0x1d, 0xe4, 0x91, 0xca, 0xc6, 0x40, 0xfb, 0xc6, 0x69,
+ 0xad, 0x68, 0x33, 0x9e, 0xc8, 0xf5, 0xc4, 0xc6, 0xa5, 0x93, 0xa8, 0x4d, 0xa9, 0xa9, 0xa2,
+ 0xaf, 0xfe, 0x6d, 0xcb, 0xc2, 0x3b
+};
+static const unsigned char ecd_prime_pub521[] = {
+ 0x04, 0x01, 0x5f, 0x58, 0xa9, 0x40, 0x0c, 0xee, 0x9b, 0xed, 0x4a, 0xf4, 0x7a, 0x3c, 0xa3,
+ 0x89, 0xc2, 0xf3, 0x7e, 0x2c, 0xf4, 0xb5, 0x53, 0x80, 0xae, 0x33, 0x7d, 0x36, 0xd1, 0xb5,
+ 0x18, 0xbd, 0xef, 0xa9, 0x48, 0x00, 0xea, 0x88, 0xee, 0x00, 0x5c, 0xca, 0x07, 0x08, 0xb5,
+ 0x67, 0x4a, 0xc3, 0x2b, 0x10, 0xc6, 0x07, 0xb0, 0xc2, 0x45, 0x37, 0xb7, 0x1d, 0xe3, 0x6c,
+ 0xe1, 0xbf, 0x2c, 0x44, 0x18, 0x4a, 0xaa, 0x01, 0xaf, 0x75, 0x40, 0x6a, 0xe3, 0xf5, 0xb2,
+ 0x7f, 0xd1, 0x9d, 0x1b, 0x8b, 0x29, 0x1f, 0x91, 0x4d, 0xdb, 0x93, 0xbf, 0xbd, 0x8c, 0xb7,
+ 0x6a, 0x8d, 0x4b, 0x2c, 0x36, 0x2a, 0x6b, 0xab, 0x54, 0x9d, 0x7b, 0x31, 0x99, 0xa4, 0xde,
+ 0xc9, 0x10, 0xc4, 0xf4, 0xa3, 0xf4, 0x6d, 0x94, 0x97, 0x62, 0x16, 0xa5, 0x34, 0x65, 0x1f,
+ 0x42, 0xcd, 0x8b, 0x9e, 0xe6, 0xdb, 0x14, 0x5d, 0xa9, 0x8d, 0x19, 0x95, 0x8d
+};
+static const ST_KAT_PARAM ecdsa_prime_key521[] = {
+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name521),
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub521),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv521),
+ ST_KAT_PARAM_END()
+};
+static const unsigned char ec521r1_kat_sig[] = {
+0x30, 0x81, 0x88, 0x02, 0x42, 0x00, 0xdf, 0x64, 0x9c, 0xc8, 0x5b, 0xdd, 0x0b, 0x7f, 0x69, 0x7e,
+0xdb, 0x83, 0x58, 0x67, 0x63, 0x43, 0xb7, 0xfa, 0x40, 0x29, 0xde, 0xb9, 0xde, 0xe9, 0x96, 0x65,
+0xe6, 0x8e, 0xf4, 0xeb, 0xd0, 0xe9, 0x6a, 0xd3, 0x27, 0x6c, 0x4d, 0x60, 0x47, 0x9c, 0x62, 0xb8,
+0x6c, 0xc1, 0x36, 0x19, 0x65, 0xff, 0xab, 0xcf, 0x24, 0xa3, 0xde, 0xd1, 0x4b, 0x1b, 0xdd, 0x89,
+0xcf, 0xf8, 0x72, 0x7b, 0x92, 0xbc, 0x02, 0x02, 0x42, 0x01, 0xf8, 0x07, 0x77, 0xb8, 0xcb, 0xa2,
+0xe2, 0x1f, 0x53, 0x9a, 0x7c, 0x16, 0xb5, 0x8e, 0xad, 0xe3, 0xc3, 0xac, 0xb7, 0xb2, 0x51, 0x8f,
+0xf9, 0x09, 0x65, 0x43, 0xf8, 0xd8, 0x3c, 0xe3, 0x5c, 0x4a, 0x5e, 0x3d, 0x6f, 0xb7, 0xbb, 0x5a,
+0x92, 0x69, 0xec, 0x71, 0xa2, 0x35, 0xe5, 0x29, 0x17, 0xaf, 0xc9, 0x69, 0xa7, 0xaa, 0x94, 0xf9,
+0xf9, 0x50, 0x87, 0x7b, 0x5d, 0x87, 0xe3, 0xd6, 0x3f, 0xb6, 0x6e
+};
+static const char ecd_prime_curve_name256[] = "prime256v1";
+/*
+priv:
+ 84:88:11:3f:a9:c9:9e:23:72:8b:40:cb:a2:b1:88:
+ 01:1e:92:48:af:13:2d:9b:33:8e:6d:43:40:30:c7:
+ 30:fa
+pub:
+ 04:22:58:b6:f9:01:3b:8c:a6:9b:9f:ae:75:fc:73:
+ cf:1b:f0:81:dc:55:a3:cc:5d:81:46:85:06:32:34:
+ 99:0d:c5:7e:a1:95:bb:21:73:33:40:4b:35:17:f6:
+ 8e:26:61:46:94:2c:4c:ac:9b:20:f8:08:72:25:74:
+ 98:66:c4:63:a6
+*/
+static const unsigned char ecd_prime_priv256[] = {
+ 0x84, 0x88, 0x11, 0x3f, 0xa9, 0xc9, 0x9e, 0x23, 0x72, 0x8b, 0x40, 0xcb, 0xa2, 0xb1, 0x88,
+ 0x01, 0x1e, 0x92, 0x48, 0xaf, 0x13, 0x2d, 0x9b, 0x33, 0x8e, 0x6d, 0x43, 0x40, 0x30, 0xc7,
+ 0x30, 0xfa
+};
+static const unsigned char ecd_prime_pub256[] = {
+ 0x04, 0x22, 0x58, 0xb6, 0xf9, 0x01, 0x3b, 0x8c, 0xa6, 0x9b, 0x9f, 0xae, 0x75, 0xfc, 0x73,
+ 0xcf, 0x1b, 0xf0, 0x81, 0xdc, 0x55, 0xa3, 0xcc, 0x5d, 0x81, 0x46, 0x85, 0x06, 0x32, 0x34,
+ 0x99, 0x0d, 0xc5, 0x7e, 0xa1, 0x95, 0xbb, 0x21, 0x73, 0x33, 0x40, 0x4b, 0x35, 0x17, 0xf6,
+ 0x8e, 0x26, 0x61, 0x46, 0x94, 0x2c, 0x4c, 0xac, 0x9b, 0x20, 0xf8, 0x08, 0x72, 0x25, 0x74,
+ 0x98, 0x66, 0xc4, 0x63, 0xa6
+};
+static const ST_KAT_PARAM ecdsa_prime_key256[] = {
+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name256),
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub256),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv256),
+ ST_KAT_PARAM_END()
+};
+static const unsigned char ec256v1_kat_sig[] = {
+0x30, 0x46, 0x02, 0x21, 0x00, 0xc9, 0x11, 0x27, 0x06, 0x51, 0x2b, 0x50, 0x8c, 0x6b, 0xc0, 0xa6,
+0x85, 0xaa, 0xf4, 0x66, 0x0d, 0xe4, 0x54, 0x0a, 0x10, 0xb6, 0x9f, 0x87, 0xfc, 0xa2, 0xbc, 0x8f,
+0x3c, 0x58, 0xb4, 0xe9, 0x41, 0x02, 0x21, 0x00, 0xc9, 0x72, 0x94, 0xa9, 0xdd, 0x52, 0xca, 0x21,
+0x82, 0x66, 0x7a, 0x68, 0xcb, 0x1e, 0x3b, 0x12, 0x71, 0x4d, 0x56, 0xb5, 0xb7, 0xdd, 0xca, 0x2b,
+0x18, 0xa3, 0xa7, 0x08, 0x0d, 0xfa, 0x9c, 0x66
+};
# ifndef OPENSSL_NO_EC2M
static const char ecd_bin_curve_name[] = "sect233r1";
static const unsigned char ecd_bin_priv[] = {
@@ -1571,8 +1715,42 @@ static const ST_KAT_SIGN st_kat_sign_tes
ecdsa_prime_key,
/*
* The ECDSA signature changes each time due to it using a random k.
- * So there is no expected KAT for this case.
+ * We provide this value in our build
+ */
+ ITM(ec224r1_kat_sig)
+ },
+ {
+ OSSL_SELF_TEST_DESC_SIGN_ECDSA,
+ "EC",
+ "SHA-256",
+ ecdsa_prime_key384,
+ /*
+ * The ECDSA signature changes each time due to it using a random k.
+ * We provide this value in our build
+ */
+ ITM(ec384r1_kat_sig)
+ },
+ {
+ OSSL_SELF_TEST_DESC_SIGN_ECDSA,
+ "EC",
+ "SHA-256",
+ ecdsa_prime_key521,
+ /*
+ * The ECDSA signature changes each time due to it using a random k.
+ * We provide this value in our build
+ */
+ ITM(ec521r1_kat_sig)
+ },
+ {
+ OSSL_SELF_TEST_DESC_SIGN_ECDSA,
+ "EC",
+ "SHA-256",
+ ecdsa_prime_key256,
+ /*
+ * The ECDSA signature changes each time due to it using a random k.
+ * We provide this value in our build
*/
+ ITM(ec256v1_kat_sig)
},
# ifndef OPENSSL_NO_EC2M
{
diff -up openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c
--- openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat 2022-05-30 14:48:53.180999124 +0200
+++ openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c 2022-05-30 14:58:52.841286228 +0200
@@ -44,6 +44,10 @@
#define S390X_OFF_RN(n) (4 * n)
#define S390X_OFF_Y(n) (4 * n)
+#ifdef FIPS_MODULE
+extern int REDHAT_FIPS_signature_st;
+#endif
+
static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r,
const BIGNUM *scalar,
size_t num, const EC_POINT *points[],
@@ -183,11 +187,21 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign
* because kdsa instruction constructs an in-range, invertible nonce
* internally implementing counter-measures for RNG weakness.
*/
+#ifdef FIPS_MODULE
+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) {
+ BN_bn2binpad(eckey->sign_kat_k, param + S390X_OFF_RN(len), len);
+ /* Turns KDSA internal nonce-generation off. */
+ fc |= S390X_KDSA_D;
+ } else {
+#endif
if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len),
(size_t)len, 0) != 1) {
ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED);
goto ret;
}
+#ifdef FIPS_MODULE
+ }
+#endif
} else {
/* Reconstruct k = (k^-1)^-1. */
if (ossl_ec_group_do_inverse_ord(group, k, kinv, NULL) == 0

@ -0,0 +1,466 @@
From e3d6fca1af033d00c47bcd8f9ba28fcf1aa476aa Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Tue, 7 Jun 2022 12:02:49 +0200
Subject: [PATCH] fips: Expose a FIPS indicator
FIPS 140-3 requires us to indicate whether an operation was using
approved services or not. The FIPS 140-3 implementation guidelines
provide two basic approaches to doing this: implicit indicators, and
explicit indicators.
Implicit indicators are basically the concept of "if the operation
passes, it was approved". We were originally aiming for implicit
indicators in our copy of OpenSSL. However, this proved to be a problem,
because we wanted to certify a signature service, and FIPS 140-3
requires that a signature service computes the digest to be signed
within the boundaries of the FIPS module. Since we were planning to
certify fips.so only, this means that EVP_PKEY_sign/EVP_PKEY_verify
would have to be blocked. Unfortunately, EVP_SignFinal uses
EVP_PKEY_sign internally, but outside of fips.so and thus outside of the
FIPS module boundary. This means that using implicit indicators in
combination with certifying only fips.so would require us to block both
EVP_PKEY_sign and EVP_SignFinal, which are the two APIs currently used
by most users of OpenSSL for signatures.
EVP_DigestSign would be acceptable, but has only been added in 3.0 and
is thus not yet widely used.
As a consequence, we've decided to introduce explicit indicators so that
EVP_PKEY_sign and EVP_SignFinal can continue to work for now, but
FIPS-aware applications can query the explicit indicator to check
whether the operation was approved.
To avoid affecting the ABI and public API too much, this is implemented
as an exported symbol in fips.so and a private header, so applications
that wish to use this will have to dlopen(3) fips.so, locate the
function using dlsym(3), and then call it. These applications will have
to build against the private header in order to use the returned
pointer.
Modify util/mkdef.pl to support exposing a symbol only for a specific
provider identified by its name and path.
Signed-off-by: Clemens Lang <cllang@redhat.com>
---
doc/build.info | 6 ++
doc/man7/fips_module_indicators.pod | 154 ++++++++++++++++++++++++++++
providers/fips/fipsprov.c | 71 +++++++++++++
providers/fips/indicator.h | 66 ++++++++++++
util/mkdef.pl | 25 ++++-
util/providers.num | 1 +
6 files changed, 322 insertions(+), 1 deletion(-)
create mode 100644 doc/man7/fips_module_indicators.pod
create mode 100644 providers/fips/indicator.h
diff --git a/doc/build.info b/doc/build.info
index b0aa4297a4..af235113bb 100644
--- a/doc/build.info
+++ b/doc/build.info
@@ -4389,6 +4389,10 @@ DEPEND[html/man7/fips_module.html]=man7/fips_module.pod
GENERATE[html/man7/fips_module.html]=man7/fips_module.pod
DEPEND[man/man7/fips_module.7]=man7/fips_module.pod
GENERATE[man/man7/fips_module.7]=man7/fips_module.pod
+DEPEND[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod
+GENERATE[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod
+DEPEND[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod
+GENERATE[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod
DEPEND[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod
GENERATE[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod
DEPEND[man/man7/life_cycle-cipher.7]=man7/life_cycle-cipher.pod
@@ -4631,6 +4635,7 @@ html/man7/ct.html \
html/man7/des_modes.html \
html/man7/evp.html \
html/man7/fips_module.html \
+html/man7/fips_module_indicators.html \
html/man7/life_cycle-cipher.html \
html/man7/life_cycle-digest.html \
html/man7/life_cycle-kdf.html \
@@ -4754,6 +4759,7 @@ man/man7/ct.7 \
man/man7/des_modes.7 \
man/man7/evp.7 \
man/man7/fips_module.7 \
+man/man7/fips_module_indicators.7 \
man/man7/life_cycle-cipher.7 \
man/man7/life_cycle-digest.7 \
man/man7/life_cycle-kdf.7 \
diff --git a/doc/man7/fips_module_indicators.pod b/doc/man7/fips_module_indicators.pod
new file mode 100644
index 0000000000..23db2b395c
--- /dev/null
+++ b/doc/man7/fips_module_indicators.pod
@@ -0,0 +1,154 @@
+=pod
+
+=head1 NAME
+
+fips_module_indicators - Red Hat OpenSSL FIPS module indicators guide
+
+=head1 DESCRIPTION
+
+This guide documents how the Red Hat Enterprise Linux 9 OpenSSL FIPS provider
+implements Approved Security Service Indicators according to the FIPS 140-3
+Implementation Guidelines, section 2.4.C. See
+L<https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf>
+for the FIPS 140-3 Implementation Guidelines.
+
+For all approved services except signatures, the Red Hat OpenSSL FIPS provider
+uses the return code as the indicator as understood by FIPS 140-3. That means
+that every operation that succeeds denotes use of an approved security service.
+Operations that do not succeed may not have been approved security services, or
+may have been used incorrectly.
+
+For signatures, an explicit indicator API is available to determine whether
+a selected operation is an approved security service, in combination with the
+return code of the operation. For a signature operation to be approved, the
+explicit indicator must claim it as approved, and it must succeed.
+
+=head2 Querying the explicit indicator
+
+The Red Hat OpenSSL FIPS provider exports a symbol named
+I<redhat_ossl_query_fipsindicator> that provides information on which signature
+operations are approved security functions. To use this function, either link
+against I<fips.so> directly, or load it at runtime using dlopen(3) and
+dlsym(3).
+
+ #include <openssl/core_dispatch.h>
+ #include "providers/fips/indicator.h"
+
+ void *provider = dlopen("/usr/lib64/ossl-modules/fips.so", RTLD_LAZY);
+ if (provider == NULL) {
+ fprintf(stderr, "%s\n", dlerror());
+ // handle error
+ }
+
+ const OSSL_RH_FIPSINDICATOR_ALORITHM *(*redhat_ossl_query_fipsindicator)(int) \
+ = dlsym(provider, "redhat_ossl_query_fipsindicator");
+ if (redhat_ossl_query_fipsindicator == NULL) {
+ fprintf(stderr, "%s\n", dlerror());
+ fprintf(stderr, "Does your copy of fips.so have the required Red Hat"
+ " patches?\n");
+ // handle error
+ }
+
+Note that this uses the I<providers/fips/indicator.h> header, which is not
+public. Install the I<openssl-debugsource> package from the I<BaseOS-debuginfo>
+repository using I<dnf debuginfo-install openssl> and include
+I</usr/src/debug/openssl-3.*/> in the compiler's include path.
+
+I<redhat_ossl_query_fipsindicator> expects an operation ID as its only
+argument. Currently, the only supported operation ID is I<OSSL_OP_SIGNATURE> to
+obtain the indicators for signature operations. On success, the return value is
+a pointer to an array of I<OSSL_RH_FIPSINDICATOR_STRUCT>s. On failure, NULL is
+returned. The last entry in the array is indicated by I<algorithm_names> being
+NULL.
+
+ typedef struct ossl_rh_fipsindicator_algorithm_st {
+ const char *algorithm_names; /* key */
+ const char *property_definition; /* key */
+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators;
+ } OSSL_RH_FIPSINDICATOR_ALGORITHM;
+
+ typedef struct ossl_rh_fipsindicator_dispatch_st {
+ int function_id;
+ int approved;
+ } OSSL_RH_FIPSINDICATOR_DISPATCH;
+
+The I<algorithm_names> field is a colon-separated list of algorithm names from
+one of the I<PROV_NAMES_...> constants, e.g., I<PROV_NAMES_RSA>. strtok(3) can
+be used to locate the appropriate entry. See the example below, where
+I<algorithm> contains the algorithm name to search for:
+
+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicator_dispatch = NULL;
+ const OSSL_RH_FIPSINDICATOR_ALGORITHM *indicator =
+ redhat_ossl_query_fipsindicator(operation_id);
+ if (indicator == NULL) {
+ fprintf(stderr, "No indicator for operation, probably using implicit"
+ " indicators.\n");
+ // handle error
+ }
+
+ for (; indicator->algorithm_names != NULL; ++indicator) {
+ char *algorithm_names = strdup(indicator->algorithm_names);
+ if (algorithm_names == NULL) {
+ perror("strdup(3)");
+ // handle error
+ }
+
+ const char *algorithm_name = strtok(algorithm_names, ":");
+ for (; algorithm_name != NULL; algorithm_name = strtok(NULL, ":")) {
+ if (strcasecmp(algorithm_name, algorithm) == 0) {
+ indicator_dispatch = indicator->indicators;
+ free(algorithm_names);
+ algorithm_names = NULL;
+ break;
+ }
+ }
+ free(algorithm_names);
+ }
+ if (indicator_dispatch == NULL) {
+ fprintf(stderr, "No indicator for algorithm %s.\n", algorithm);
+ // handle error
+ }
+
+If an appropriate I<OSSL_RH_FIPSINDICATOR_DISPATCH> array is available for the
+given algorithm name, it maps function IDs to their approval status. The last
+entry is indicated by a zero I<function_id>. I<approved> is
+I<OSSL_RH_FIPSINDICATOR_APPROVED> if the operation is an approved security
+service, or part of an approved security service, or
+I<OSSL_RH_FIPSINDICATOR_UNAPPROVED> otherwise. Any other value is invalid.
+Function IDs are I<OSSL_FUNC_*> constants from I<openssl/core_dispatch.h>,
+e.g., I<OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE> or I<OSSL_FUNC_SIGNATURE_SIGN>.
+
+Assuming I<function_id> is the function in question, the following code can be
+used to query the approval status:
+
+ for (; indicator_dispatch->function_id != 0; ++indicator_dispatch) {
+ if (indicator_dispatch->function_id == function_id) {
+ switch (indicator_dispatch->approved) {
+ case OSSL_RH_FIPSINDICATOR_APPROVED:
+ // approved security service
+ break;
+ case OSSL_RH_FIPSINDICATOR_UNAPPROVED:
+ // unapproved security service
+ break;
+ default:
+ // invalid result
+ break;
+ }
+ break;
+ }
+ }
+
+=head1 SEE ALSO
+
+L<fips_module(7)>, L<provider(7)>
+
+=head1 COPYRIGHT
+
+Copyright 2022 Red Hat, Inc. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index de391ce067..1cfd71c5cf 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -23,6 +23,7 @@
#include "prov/seeding.h"
#include "self_test.h"
#include "internal/core.h"
+#include "indicator.h"
static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes";
static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no";
@@ -425,6 +426,68 @@ static const OSSL_ALGORITHM fips_signature[] = {
{ NULL, NULL, NULL }
};
+static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_rsa_signature_indicators[] = {
+ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
+ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
+ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
+ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
+ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
+ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED }
+};
+
+static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_ecdsa_signature_indicators[] = {
+ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
+ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
+ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
+ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
+ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED }
+};
+
+static const OSSL_RH_FIPSINDICATOR_ALGORITHM redhat_indicator_fips_signature[] = {
+ { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES,
+ redhat_rsa_signature_indicators },
+#ifndef OPENSSL_NO_EC
+ { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES,
+ redhat_ecdsa_signature_indicators },
+#endif
+ { NULL, NULL, NULL }
+};
+
static const OSSL_ALGORITHM fips_asym_cipher[] = {
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions },
{ NULL, NULL, NULL }
@@ -527,6 +590,14 @@ static void fips_deinit_casecmp(void) {
freelocale(loc);
}
+const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id) {
+ switch (operation_id) {
+ case OSSL_OP_SIGNATURE:
+ return redhat_indicator_fips_signature;
+ }
+ return NULL;
+}
+
static void fips_teardown(void *provctx)
{
OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx));
diff --git a/providers/fips/indicator.h b/providers/fips/indicator.h
new file mode 100644
index 0000000000..b323efe44c
--- /dev/null
+++ b/providers/fips/indicator.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_FIPS_INDICATOR_H
+# define OPENSSL_FIPS_INDICATOR_H
+# pragma once
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# define OSSL_RH_FIPSINDICATOR_UNAPPROVED (0)
+# define OSSL_RH_FIPSINDICATOR_APPROVED (1)
+
+/*
+ * FIPS indicator dispatch table element. function_id numbers and the
+ * functions are defined in core_dispatch.h, see macros with
+ * 'OSSL_CORE_MAKE_FUNC' in their names.
+ *
+ * An array of these is always terminated by function_id == 0
+ */
+typedef struct ossl_rh_fipsindicator_dispatch_st {
+ int function_id;
+ int approved;
+} OSSL_RH_FIPSINDICATOR_DISPATCH;
+
+/*
+ * Type to tie together algorithm names, property definition string and the
+ * algorithm implementation's FIPS indicator status in the form of a FIPS
+ * indicator dispatch table.
+ *
+ * An array of these is always terminated by algorithm_names == NULL
+ */
+typedef struct ossl_rh_fipsindicator_algorithm_st {
+ const char *algorithm_names; /* key */
+ const char *property_definition; /* key */
+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators;
+} OSSL_RH_FIPSINDICATOR_ALGORITHM;
+
+/**
+ * Query FIPS indicator status for the given operation. Possible values for
+ * 'operation_id' are currently only OSSL_OP_SIGNATURE, as all other algorithms
+ * use implicit indicators. The return value is an array of
+ * OSSL_RH_FIPSINDICATOR_ALGORITHMs, terminated by an entry with
+ * algorithm_names == NULL. 'algorithm_names' is a colon-separated list of
+ * algorithm names, 'property_definition' a comma-separated list of properties,
+ * and 'indicators' is a list of OSSL_RH_FIPSINDICATOR_DISPATCH structs. This
+ * list is terminated by function_id == 0. 'function_id' is one of the
+ * OSSL_FUNC_* constants, e.g., OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL.
+ *
+ * If there is no entry in the returned struct for the given operation_id,
+ * algorithm name, or function_id, the algorithm is unapproved.
+ */
+const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id);
+
+# ifdef __cplusplus
+}
+# endif
+
+#endif
diff --git a/util/mkdef.pl b/util/mkdef.pl
index a1c76f7c97..eda39b71ee 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -149,7 +149,8 @@ $ordinal_opts{filter} =
return
$item->exists()
&& platform_filter($item)
- && feature_filter($item);
+ && feature_filter($item)
+ && fips_filter($item, $name);
};
my $ordinals = OpenSSL::Ordinals->new(from => $ordinals_file);
@@ -205,6 +206,28 @@ sub feature_filter {
return $verdict;
}
+sub fips_filter {
+ my $item = shift;
+ my $name = uc(shift);
+ my @features = ( $item->features() );
+
+ # True if no features are defined
+ return 1 if scalar @features == 0;
+
+ my @matches = grep(/^ONLY_.*$/, @features);
+ if (@matches) {
+ # There is at least one only_* flag on this symbol, check if any of
+ # them match the name
+ for (@matches) {
+ if ($_ eq "ONLY_${name}") {
+ return 1;
+ }
+ }
+ return 0;
+ }
+ return 1;
+}
+
sub sorter_unix {
my $by_name = OpenSSL::Ordinals::by_name();
my %weight = (
diff --git a/util/providers.num b/util/providers.num
index 4e2fa81b98..77879d0e5f 100644
--- a/util/providers.num
+++ b/util/providers.num
@@ -1 +1,2 @@
OSSL_provider_init 1 * EXIST::FUNCTION:
+redhat_ossl_query_fipsindicator 1 * EXIST::FUNCTION:ONLY_PROVIDERS/FIPS
--
2.35.3

@ -0,0 +1,13 @@
diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
index 2a574fbfe6aa..16f482db68a9 100644
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c
@@ -100,6 +100,8 @@ void OPENSSL_LH_flush(OPENSSL_LHASH *lh)
}
lh->b[i] = NULL;
}
+
+ lh->num_items = 0;
}
void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data)

@ -0,0 +1,263 @@
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 7a4a45d537..3c5f48ec0a 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -59,9 +59,10 @@ static int ocsp_verify_signer(X509 *signer, int response,
ret = X509_verify_cert(ctx);
if (ret <= 0) {
- ret = X509_STORE_CTX_get_error(ctx);
+ int err = X509_STORE_CTX_get_error(ctx);
+
ERR_raise_data(ERR_LIB_OCSP, OCSP_R_CERTIFICATE_VERIFY_ERROR,
- "Verify error: %s", X509_verify_cert_error_string(ret));
+ "Verify error: %s", X509_verify_cert_error_string(err));
goto end;
}
if (chain != NULL)
diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t
index d42030cb89..34fdfcbccc 100644
--- a/test/recipes/80-test_ocsp.t
+++ b/test/recipes/80-test_ocsp.t
@@ -35,6 +35,7 @@ sub test_ocsp {
$untrusted = $CAfile;
}
my $expected_exit = shift;
+ my $nochecks = shift;
my $outputfile = basename($inputfile, '.ors') . '.dat';
run(app(["openssl", "base64", "-d",
@@ -45,7 +46,8 @@ sub test_ocsp {
"-partial_chain", @check_time,
"-CAfile", catfile($ocspdir, $CAfile),
"-verify_other", catfile($ocspdir, $untrusted),
- "-no-CApath", "-no-CAstore"])),
+ "-no-CApath", "-no-CAstore",
+ $nochecks ? "-no_cert_checks" : ()])),
$title); });
}
@@ -55,143 +57,149 @@ subtest "=== VALID OCSP RESPONSES ===" => sub {
plan tests => 7;
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
- "ND1.ors", "ND1_Issuer_ICA.pem", "", 0);
+ "ND1.ors", "ND1_Issuer_ICA.pem", "", 0, 0);
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
- "ND2.ors", "ND2_Issuer_Root.pem", "", 0);
+ "ND2.ors", "ND2_Issuer_Root.pem", "", 0, 0);
test_ocsp("NON-DELEGATED; Root CA -> EE",
- "ND3.ors", "ND3_Issuer_Root.pem", "", 0);
+ "ND3.ors", "ND3_Issuer_Root.pem", "", 0, 0);
test_ocsp("NON-DELEGATED; 3-level CA hierarchy",
- "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0);
+ "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0, 0);
test_ocsp("DELEGATED; Intermediate CA -> EE",
- "D1.ors", "D1_Issuer_ICA.pem", "", 0);
+ "D1.ors", "D1_Issuer_ICA.pem", "", 0, 0);
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
- "D2.ors", "D2_Issuer_Root.pem", "", 0);
+ "D2.ors", "D2_Issuer_Root.pem", "", 0, 0);
test_ocsp("DELEGATED; Root CA -> EE",
- "D3.ors", "D3_Issuer_Root.pem", "", 0);
+ "D3.ors", "D3_Issuer_Root.pem", "", 0, 0);
};
subtest "=== INVALID SIGNATURE on the OCSP RESPONSE ===" => sub {
plan tests => 6;
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
- "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
+ "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
- "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
+ "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
test_ocsp("NON-DELEGATED; Root CA -> EE",
- "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
+ "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
test_ocsp("DELEGATED; Intermediate CA -> EE",
- "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1);
+ "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
- "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1);
+ "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
test_ocsp("DELEGATED; Root CA -> EE",
- "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1);
+ "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
};
subtest "=== WRONG RESPONDERID in the OCSP RESPONSE ===" => sub {
plan tests => 6;
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
- "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
+ "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
- "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
+ "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
test_ocsp("NON-DELEGATED; Root CA -> EE",
- "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
+ "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
test_ocsp("DELEGATED; Intermediate CA -> EE",
- "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1);
+ "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
- "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1);
+ "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
test_ocsp("DELEGATED; Root CA -> EE",
- "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1);
+ "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
};
subtest "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" => sub {
plan tests => 6;
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
- "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
+ "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
- "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
+ "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
test_ocsp("NON-DELEGATED; Root CA -> EE",
- "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
+ "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
test_ocsp("DELEGATED; Intermediate CA -> EE",
- "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1);
+ "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
- "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1);
+ "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
test_ocsp("DELEGATED; Root CA -> EE",
- "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1);
+ "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
};
subtest "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" => sub {
plan tests => 6;
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
- "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
+ "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
- "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
+ "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
test_ocsp("NON-DELEGATED; Root CA -> EE",
- "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
+ "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
test_ocsp("DELEGATED; Intermediate CA -> EE",
- "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1);
+ "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
- "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1);
+ "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
test_ocsp("DELEGATED; Root CA -> EE",
- "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1);
+ "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
};
subtest "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub {
plan tests => 3;
test_ocsp("DELEGATED; Intermediate CA -> EE",
- "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1);
+ "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
- "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1);
+ "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
test_ocsp("DELEGATED; Root CA -> EE",
- "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1);
+ "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
};
subtest "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub {
- plan tests => 3;
+ plan tests => 6;
test_ocsp("DELEGATED; Intermediate CA -> EE",
- "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1);
+ "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
+ test_ocsp("DELEGATED; Root CA -> Intermediate CA",
+ "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
+ test_ocsp("DELEGATED; Root CA -> EE",
+ "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
+ test_ocsp("DELEGATED; Intermediate CA -> EE",
+ "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 1);
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
- "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1);
+ "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 1);
test_ocsp("DELEGATED; Root CA -> EE",
- "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1);
+ "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 1);
};
subtest "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" => sub {
plan tests => 6;
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
- "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1);
+ "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1, 0);
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
- "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1);
+ "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1, 0);
test_ocsp("NON-DELEGATED; Root CA -> EE",
- "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1);
+ "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1, 0);
test_ocsp("DELEGATED; Intermediate CA -> EE",
- "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1);
+ "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1, 0);
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
- "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1);
+ "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1, 0);
test_ocsp("DELEGATED; Root CA -> EE",
- "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1);
+ "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1, 0);
};
subtest "=== WRONG KEY in the ISSUER CERTIFICATE ===" => sub {
plan tests => 6;
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
- "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1);
+ "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1, 0);
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
- "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1);
+ "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1, 0);
test_ocsp("NON-DELEGATED; Root CA -> EE",
- "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1);
+ "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1, 0);
test_ocsp("DELEGATED; Intermediate CA -> EE",
- "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1);
+ "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1, 0);
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
- "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1);
+ "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1, 0);
test_ocsp("DELEGATED; Root CA -> EE",
- "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1);
+ "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1, 0);
};
subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub {
@@ -199,17 +207,17 @@ subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub {
# Expect success, because we're explicitly trusting the issuer certificate.
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
- "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0);
+ "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0, 0);
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
- "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0);
+ "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0, 0);
test_ocsp("NON-DELEGATED; Root CA -> EE",
- "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0);
+ "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0, 0);
test_ocsp("DELEGATED; Intermediate CA -> EE",
- "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0);
+ "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0, 0);
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
- "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0);
+ "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0, 0);
test_ocsp("DELEGATED; Root CA -> EE",
- "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0);
+ "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0, 0);
};
subtest "=== OCSP API TESTS===" => sub {

@ -0,0 +1,58 @@
diff --git a/tools/c_rehash.in b/tools/c_rehash.in
index d51d8856d7..a630773a02 100644
--- a/tools/c_rehash.in
+++ b/tools/c_rehash.in
@@ -152,6 +152,23 @@ sub check_file {
return ($is_cert, $is_crl);
}
+sub compute_hash {
+ my $fh;
+ if ( $^O eq "VMS" ) {
+ # VMS uses the open through shell
+ # The file names are safe there and list form is unsupported
+ if (!open($fh, "-|", join(' ', @_))) {
+ print STDERR "Cannot compute hash on '$fname'\n";
+ return;
+ }
+ } else {
+ if (!open($fh, "-|", @_)) {
+ print STDERR "Cannot compute hash on '$fname'\n";
+ return;
+ }
+ }
+ return (<$fh>, <$fh>);
+}
# Link a certificate to its subject name hash value, each hash is of
# the form <hash>.<n> where n is an integer. If the hash value already exists
@@ -161,10 +178,12 @@ sub check_file {
sub link_hash_cert {
my $fname = $_[0];
- $fname =~ s/\"/\\\"/g;
- my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
+ my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
+ "-fingerprint", "-noout",
+ "-in", $fname);
chomp $hash;
chomp $fprint;
+ return if !$hash;
$fprint =~ s/^.*=//;
$fprint =~ tr/://d;
my $suffix = 0;
@@ -202,10 +221,12 @@ sub link_hash_cert {
sub link_hash_crl {
my $fname = $_[0];
- $fname =~ s/'/'\\''/g;
- my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
+ my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
+ "-fingerprint", "-noout",
+ "-in", $fname);
chomp $hash;
chomp $fprint;
+ return if !$hash;
$fprint =~ s/^.*=//;
$fprint =~ tr/://d;
my $suffix = 0;

@ -0,0 +1,212 @@
diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem
index 1fa449d5a098..6aa9455f09ed 100644
--- a/test/certs/embeddedSCTs1_issuer.pem
+++ b/test/certs/embeddedSCTs1_issuer.pem
@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
+MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
-MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu
-c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7
-jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP
-KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL
-svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk
-tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG
-A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO
-MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB
-/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt
-OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy
-f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP
-OwqULg==
+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
+ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
+YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
+0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
+SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
+acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
+wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
+CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
+MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
+2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
+Doud4XrO
-----END CERTIFICATE-----
diff --git a/test/certs/sm2-ca-cert.pem b/test/certs/sm2-ca-cert.pem
index 5677ac6c9f6a..70ce71e43091 100644
--- a/test/certs/sm2-ca-cert.pem
+++ b/test/certs/sm2-ca-cert.pem
@@ -1,14 +1,14 @@
-----BEGIN CERTIFICATE-----
-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG
-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU
-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW
-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU
-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI
-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X
-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3
+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg
+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x
+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP
+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH
+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+
+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O
+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp
+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1
+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC
+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu
-----END CERTIFICATE-----
diff --git a/test/certs/sm2-root.crt b/test/certs/sm2-root.crt
index 5677ac6c9f6a..70ce71e43091 100644
--- a/test/certs/sm2-root.crt
+++ b/test/certs/sm2-root.crt
@@ -1,14 +1,14 @@
-----BEGIN CERTIFICATE-----
-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG
-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU
-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW
-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU
-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI
-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X
-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3
+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg
+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x
+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP
+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH
+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+
+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O
+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp
+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1
+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC
+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu
-----END CERTIFICATE-----
diff --git a/test/certs/sm2.pem b/test/certs/sm2.pem
index 189abb137625..daf12926aff9 100644
--- a/test/certs/sm2.pem
+++ b/test/certs/sm2.pem
@@ -1,13 +1,14 @@
-----BEGIN CERTIFICATE-----
-MIIB6DCCAY6gAwIBAgIJAKH2BR6ITHZeMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
-AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMG8xCzAJBgNVBAYTAkNOMQsw
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
-MRAwDgYDVQQLDAdUZXN0IE9VMRswGQYDVQQDDBJUZXN0IFNNMiBTaWduIENlcnQw
-WTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQwqeNkWp7fiu1KZnuDkAucpM8piEzE
-TL1ymrcrOBvv8mhNNkeb20asbWgFQI2zOrSM99/sXGn9rM2/usM/MlcaoxowGDAJ
-BgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiEA9edBnAqT
-TNuGIUIvXsj6/nP+AzXA9HGtAIY4nrqW8LkCIHyZzhRTlxYtgfqkDl0OK5QQRCZH
-OZOfmtx613VyzXwc
+MIICNDCCAdugAwIBAgIUOMbsiFLCy2BCPtfHQSdG4R1+3BowCgYIKoEcz1UBg3Uw
+aDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzER
+MA8GA1UECgwIVGVzdCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rl
+c3QgU00yIENBMCAXDTIyMDYwMjE1NTU0OFoYDzIxMjIwNTA5MTU1NTQ4WjBvMQsw
+CQYDVQQGEwJDTjELMAkGA1UECAwCTE4xETAPBgNVBAcMCFNoZW55YW5nMREwDwYD
+VQQKDAhUZXN0IE9yZzEQMA4GA1UECwwHVGVzdCBPVTEbMBkGA1UEAwwSVGVzdCBT
+TTIgU2lnbiBDZXJ0MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEMKnjZFqe34rt
+SmZ7g5ALnKTPKYhMxEy9cpq3Kzgb7/JoTTZHm9tGrG1oBUCNszq0jPff7Fxp/azN
+v7rDPzJXGqNaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFNPl
+u8JjXkhQPiJ5bYrrq+voqBUlMB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIpSVTlXHj/
+Rbl0MAoGCCqBHM9VAYN1A0cAMEQCIG3gG1D7T7ltn6Gz1UksBZahgBE6jmkQ9Sp9
+/3aY5trlAiB5adxiK0avV0LEKfbzTdff9skoZpd7vje1QTW0l0HaGg==
-----END CERTIFICATE-----
diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh
index 12e8a7305402..109b9c4abc28 100644
--- a/test/smime-certs/mksmime-certs.sh
+++ b/test/smime-certs/mksmime-certs.sh
@@ -15,23 +15,23 @@ export OPENSSL_CONF
# Root CA: create certificate directly
CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -noenc \
- -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650
+ -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 36501
# EE RSA certificates: create request first
CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -noenc \
-keyout smrsa1.pem -out req.pem -newkey rsa:2048
# Sign request: end entity extensions
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem
CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -noenc \
-keyout smrsa2.pem -out req.pem -newkey rsa:2048
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem
CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -noenc \
-keyout smrsa3.pem -out req.pem -newkey rsa:2048
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem
# Create DSA parameters
@@ -40,15 +40,15 @@ $OPENSSL dsaparam -out dsap.pem 2048
CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -noenc \
-keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem
CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -noenc \
-keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem
CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -noenc \
-keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem
# Create EC parameters
@@ -58,16 +58,17 @@ $OPENSSL ecparam -out ecp2.pem -name K-283
CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -noenc \
-keyout smec1.pem -out req.pem -newkey ec:ecp.pem
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem
CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -noenc \
-keyout smec2.pem -out req.pem -newkey ec:ecp2.pem
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem
-CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \
- -keyout smec3.pem -out req.pem -newkey ec:ecp.pem
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
- -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem
+# Do not renew this cert as it is used for legacy data decrypt test
+#CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \
+# -keyout smec3.pem -out req.pem -newkey ec:ecp.pem
+#$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
+# -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem
# Create X9.42 DH parameters.
$OPENSSL genpkey -genparam -algorithm DHX -out dhp.pem
# Generate X9.42 DH key.
@@ -77,7 +78,7 @@ $OPENSSL pkey -pubout -in smdh.pem -out dhpub.pem
CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -noenc \
-keyout smtmp.pem -out req.pem -newkey rsa:2048
# Sign request but force public key to DH
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
-force_pubkey dhpub.pem \
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdh.pem
# Remove temp files.

@ -0,0 +1,662 @@
diff --git a/crypto/bn/asm/ppc64-mont-fixed.pl b/crypto/bn/asm/ppc64-mont-fixed.pl
index 56df89dc27da..e69de29bb2d1 100755
--- a/crypto/bn/asm/ppc64-mont-fixed.pl
+++ b/crypto/bn/asm/ppc64-mont-fixed.pl
@@ -1,581 +0,0 @@
-#! /usr/bin/env perl
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License"). You may not use
-# this file except in compliance with the License. You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-# ====================================================================
-# Written by Amitay Isaacs <amitay@ozlabs.org>, Martin Schwenke
-# <martin@meltin.net> & Alastair D'Silva <alastair@d-silva.org> for
-# the OpenSSL project.
-# ====================================================================
-
-#
-# Fixed length (n=6), unrolled PPC Montgomery Multiplication
-#
-
-# 2021
-#
-# Although this is a generic implementation for unrolling Montgomery
-# Multiplication for arbitrary values of n, this is currently only
-# used for n = 6 to improve the performance of ECC p384.
-#
-# Unrolling allows intermediate results to be stored in registers,
-# rather than on the stack, improving performance by ~7% compared to
-# the existing PPC assembly code.
-#
-# The ISA 3.0 implementation uses combination multiply/add
-# instructions (maddld, maddhdu) to improve performance by an
-# additional ~10% on Power 9.
-#
-# Finally, saving non-volatile registers into volatile vector
-# registers instead of onto the stack saves a little more.
-#
-# On a Power 9 machine we see an overall improvement of ~18%.
-#
-
-use strict;
-use warnings;
-
-my ($flavour, $output, $dir, $xlate);
-
-# $output is the last argument if it looks like a file (it has an extension)
-# $flavour is the first argument if it doesn't look like a file
-$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
-$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
-die "can't locate ppc-xlate.pl";
-
-open STDOUT,"| $^X $xlate $flavour \"$output\""
- or die "can't call $xlate: $!";
-
-if ($flavour !~ /64/) {
- die "bad flavour ($flavour) - only ppc64 permitted";
-}
-
-my $SIZE_T= 8;
-
-# Registers are global so the code is remotely readable
-
-# Parameters for Montgomery multiplication
-my $sp = "r1";
-my $toc = "r2";
-my $rp = "r3";
-my $ap = "r4";
-my $bp = "r5";
-my $np = "r6";
-my $n0 = "r7";
-my $num = "r8";
-
-my $i = "r9";
-my $c0 = "r10";
-my $bp0 = "r11";
-my $bpi = "r11";
-my $bpj = "r11";
-my $tj = "r12";
-my $apj = "r12";
-my $npj = "r12";
-my $lo = "r14";
-my $c1 = "r14";
-
-# Non-volatile registers used for tp[i]
-#
-# 12 registers are available but the limit on unrolling is 10,
-# since registers from $tp[0] to $tp[$n+1] are used.
-my @tp = ("r20" .. "r31");
-
-# volatile VSRs for saving non-volatile GPRs - faster than stack
-my @vsrs = ("v32" .. "v46");
-
-package Mont;
-
-sub new($$)
-{
- my ($class, $n) = @_;
-
- if ($n > 10) {
- die "Can't unroll for BN length ${n} (maximum 10)"
- }
-
- my $self = {
- code => "",
- n => $n,
- };
- bless $self, $class;
-
- return $self;
-}
-
-sub add_code($$)
-{
- my ($self, $c) = @_;
-
- $self->{code} .= $c;
-}
-
-sub get_code($)
-{
- my ($self) = @_;
-
- return $self->{code};
-}
-
-sub get_function_name($)
-{
- my ($self) = @_;
-
- return "bn_mul_mont_fixed_n" . $self->{n};
-}
-
-sub get_label($$)
-{
- my ($self, $l) = @_;
-
- return "L" . $l . "_" . $self->{n};
-}
-
-sub get_labels($@)
-{
- my ($self, @labels) = @_;
-
- my %out = ();
-
- foreach my $l (@labels) {
- $out{"$l"} = $self->get_label("$l");
- }
-
- return \%out;
-}
-
-sub nl($)
-{
- my ($self) = @_;
-
- $self->add_code("\n");
-}
-
-sub copy_result($)
-{
- my ($self) = @_;
-
- my ($n) = $self->{n};
-
- for (my $j = 0; $j < $n; $j++) {
- $self->add_code(<<___);
- std $tp[$j],`$j*$SIZE_T`($rp)
-___
- }
-
-}
-
-sub mul_mont_fixed($)
-{
- my ($self) = @_;
-
- my ($n) = $self->{n};
- my $fname = $self->get_function_name();
- my $label = $self->get_labels("outer", "enter", "sub", "copy", "end");
-
- $self->add_code(<<___);
-
-.globl .${fname}
-.align 5
-.${fname}:
-
-___
-
- $self->save_registers();
-
- $self->add_code(<<___);
- ld $n0,0($n0)
-
- ld $bp0,0($bp)
-
- ld $apj,0($ap)
-___
-
- $self->mul_c_0($tp[0], $apj, $bp0, $c0);
-
- for (my $j = 1; $j < $n - 1; $j++) {
- $self->add_code(<<___);
- ld $apj,`$j*$SIZE_T`($ap)
-___
- $self->mul($tp[$j], $apj, $bp0, $c0);
- }
-
- $self->add_code(<<___);
- ld $apj,`($n-1)*$SIZE_T`($ap)
-___
-
- $self->mul_last($tp[$n-1], $tp[$n], $apj, $bp0, $c0);
-
- $self->add_code(<<___);
- li $tp[$n+1],0
-
-___
-
- $self->add_code(<<___);
- li $i,0
- mtctr $num
- b $label->{"enter"}
-
-.align 4
-$label->{"outer"}:
- ldx $bpi,$bp,$i
-
- ld $apj,0($ap)
-___
-
- $self->mul_add_c_0($tp[0], $tp[0], $apj, $bpi, $c0);
-
- for (my $j = 1; $j < $n; $j++) {
- $self->add_code(<<___);
- ld $apj,`$j*$SIZE_T`($ap)
-___
- $self->mul_add($tp[$j], $tp[$j], $apj, $bpi, $c0);
- }
-
- $self->add_code(<<___);
- addc $tp[$n],$tp[$n],$c0
- addze $tp[$n+1],$tp[$n+1]
-___
-
- $self->add_code(<<___);
-.align 4
-$label->{"enter"}:
- mulld $bpi,$tp[0],$n0
-
- ld $npj,0($np)
-___
-
- $self->mul_add_c_0($lo, $tp[0], $bpi, $npj, $c0);
-
- for (my $j = 1; $j < $n; $j++) {
- $self->add_code(<<___);
- ld $npj,`$j*$SIZE_T`($np)
-___
- $self->mul_add($tp[$j-1], $tp[$j], $npj, $bpi, $c0);
- }
-
- $self->add_code(<<___);
- addc $tp[$n-1],$tp[$n],$c0
- addze $tp[$n],$tp[$n+1]
-
- addi $i,$i,$SIZE_T
- bdnz $label->{"outer"}
-
- and. $tp[$n],$tp[$n],$tp[$n]
- bne $label->{"sub"}
-
- cmpld $tp[$n-1],$npj
- blt $label->{"copy"}
-
-$label->{"sub"}:
-___
-
- #
- # Reduction
- #
-
- $self->add_code(<<___);
- ld $bpj,`0*$SIZE_T`($np)
- subfc $c1,$bpj,$tp[0]
- std $c1,`0*$SIZE_T`($rp)
-
-___
- for (my $j = 1; $j < $n - 1; $j++) {
- $self->add_code(<<___);
- ld $bpj,`$j*$SIZE_T`($np)
- subfe $c1,$bpj,$tp[$j]
- std $c1,`$j*$SIZE_T`($rp)
-
-___
- }
-
- $self->add_code(<<___);
- subfe $c1,$npj,$tp[$n-1]
- std $c1,`($n-1)*$SIZE_T`($rp)
-
-___
-
- $self->add_code(<<___);
- addme. $tp[$n],$tp[$n]
- beq $label->{"end"}
-
-$label->{"copy"}:
-___
-
- $self->copy_result();
-
- $self->add_code(<<___);
-
-$label->{"end"}:
-___
-
- $self->restore_registers();
-
- $self->add_code(<<___);
- li r3,1
- blr
-.size .${fname},.-.${fname}
-___
-
-}
-
-package Mont::GPR;
-
-our @ISA = ('Mont');
-
-sub new($$)
-{
- my ($class, $n) = @_;
-
- return $class->SUPER::new($n);
-}
-
-sub save_registers($)
-{
- my ($self) = @_;
-
- my $n = $self->{n};
-
- $self->add_code(<<___);
- std $lo,-8($sp)
-___
-
- for (my $j = 0; $j <= $n+1; $j++) {
- $self->{code}.=<<___;
- std $tp[$j],-`($j+2)*8`($sp)
-___
- }
-
- $self->add_code(<<___);
-
-___
-}
-
-sub restore_registers($)
-{
- my ($self) = @_;
-
- my $n = $self->{n};
-
- $self->add_code(<<___);
- ld $lo,-8($sp)
-___
-
- for (my $j = 0; $j <= $n+1; $j++) {
- $self->{code}.=<<___;
- ld $tp[$j],-`($j+2)*8`($sp)
-___
- }
-
- $self->{code} .=<<___;
-
-___
-}
-
-# Direct translation of C mul()
-sub mul($$$$$)
-{
- my ($self, $r, $a, $w, $c) = @_;
-
- $self->add_code(<<___);
- mulld $lo,$a,$w
- addc $r,$lo,$c
- mulhdu $c,$a,$w
- addze $c,$c
-
-___
-}
-
-# Like mul() but $c is ignored as an input - an optimisation to save a
-# preliminary instruction that would set input $c to 0
-sub mul_c_0($$$$$)
-{
- my ($self, $r, $a, $w, $c) = @_;
-
- $self->add_code(<<___);
- mulld $r,$a,$w
- mulhdu $c,$a,$w
-
-___
-}
-
-# Like mul() but does not to the final addition of CA into $c - an
-# optimisation to save an instruction
-sub mul_last($$$$$$)
-{
- my ($self, $r1, $r2, $a, $w, $c) = @_;
-
- $self->add_code(<<___);
- mulld $lo,$a,$w
- addc $r1,$lo,$c
- mulhdu $c,$a,$w
-
- addze $r2,$c
-___
-}
-
-# Like C mul_add() but allow $r_out and $r_in to be different
-sub mul_add($$$$$$)
-{
- my ($self, $r_out, $r_in, $a, $w, $c) = @_;
-
- $self->add_code(<<___);
- mulld $lo,$a,$w
- addc $lo,$lo,$c
- mulhdu $c,$a,$w
- addze $c,$c
- addc $r_out,$r_in,$lo
- addze $c,$c
-
-___
-}
-
-# Like mul_add() but $c is ignored as an input - an optimisation to save a
-# preliminary instruction that would set input $c to 0
-sub mul_add_c_0($$$$$$)
-{
- my ($self, $r_out, $r_in, $a, $w, $c) = @_;
-
- $self->add_code(<<___);
- mulld $lo,$a,$w
- addc $r_out,$r_in,$lo
- mulhdu $c,$a,$w
- addze $c,$c
-
-___
-}
-
-package Mont::GPR_300;
-
-our @ISA = ('Mont::GPR');
-
-sub new($$)
-{
- my ($class, $n) = @_;
-
- my $mont = $class->SUPER::new($n);
-
- return $mont;
-}
-
-sub get_function_name($)
-{
- my ($self) = @_;
-
- return "bn_mul_mont_300_fixed_n" . $self->{n};
-}
-
-sub get_label($$)
-{
- my ($self, $l) = @_;
-
- return "L" . $l . "_300_" . $self->{n};
-}
-
-# Direct translation of C mul()
-sub mul($$$$$)
-{
- my ($self, $r, $a, $w, $c, $last) = @_;
-
- $self->add_code(<<___);
- maddld $r,$a,$w,$c
- maddhdu $c,$a,$w,$c
-
-___
-}
-
-# Save the last carry as the final entry
-sub mul_last($$$$$)
-{
- my ($self, $r1, $r2, $a, $w, $c) = @_;
-
- $self->add_code(<<___);
- maddld $r1,$a,$w,$c
- maddhdu $r2,$a,$w,$c
-
-___
-}
-
-# Like mul() but $c is ignored as an input - an optimisation to save a
-# preliminary instruction that would set input $c to 0
-sub mul_c_0($$$$$)
-{
- my ($self, $r, $a, $w, $c) = @_;
-
- $self->add_code(<<___);
- mulld $r,$a,$w
- mulhdu $c,$a,$w
-
-___
-}
-
-# Like C mul_add() but allow $r_out and $r_in to be different
-sub mul_add($$$$$$)
-{
- my ($self, $r_out, $r_in, $a, $w, $c) = @_;
-
- $self->add_code(<<___);
- maddld $lo,$a,$w,$c
- maddhdu $c,$a,$w,$c
- addc $r_out,$r_in,$lo
- addze $c,$c
-
-___
-}
-
-# Like mul_add() but $c is ignored as an input - an optimisation to save a
-# preliminary instruction that would set input $c to 0
-sub mul_add_c_0($$$$$$)
-{
- my ($self, $r_out, $r_in, $a, $w, $c) = @_;
-
- $self->add_code(<<___);
- maddld $lo,$a,$w,$r_in
- maddhdu $c,$a,$w,$r_in
-___
-
- if ($r_out ne $lo) {
- $self->add_code(<<___);
- mr $r_out,$lo
-___
- }
-
- $self->nl();
-}
-
-
-package main;
-
-my $code;
-
-$code.=<<___;
-.machine "any"
-.text
-___
-
-my $mont;
-
-$mont = new Mont::GPR(6);
-$mont->mul_mont_fixed();
-$code .= $mont->get_code();
-
-$mont = new Mont::GPR_300(6);
-$mont->mul_mont_fixed();
-$code .= $mont->get_code();
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-
-$code.=<<___;
-.asciz "Montgomery Multiplication for PPC by <amitay\@ozlabs.org>, <alastair\@d-silva.org>"
-___
-
-print $code;
-close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c
index 1e9421bee213..3ee76ea96574 100644
--- a/crypto/bn/bn_ppc.c
+++ b/crypto/bn/bn_ppc.c
@@ -19,12 +19,6 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
- int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
- const BN_ULONG *bp, const BN_ULONG *np,
- const BN_ULONG *n0, int num);
- int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
- const BN_ULONG *bp, const BN_ULONG *np,
- const BN_ULONG *n0, int num);
if (num < 4)
return 0;
@@ -40,14 +34,5 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
* no opportunity to figure it out...
*/
-#if defined(_ARCH_PPC64)
- if (num == 6) {
- if (OPENSSL_ppccap_P & PPC_MADD300)
- return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
- else
- return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
- }
-#endif
-
return bn_mul_mont_int(rp, ap, bp, np, n0, num);
}
diff --git a/crypto/bn/build.info b/crypto/bn/build.info
index 987a70ae263b..4f8d0689b5ea 100644
--- a/crypto/bn/build.info
+++ b/crypto/bn/build.info
@@ -79,7 +79,7 @@ IF[{- !$disabled{asm} -}]
$BNASM_ppc32=bn_ppc.c bn-ppc.s ppc-mont.s
$BNDEF_ppc32=OPENSSL_BN_ASM_MONT
- $BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s
+ $BNASM_ppc64=$BNASM_ppc32
$BNDEF_ppc64=$BNDEF_ppc32
$BNASM_c64xplus=asm/bn-c64xplus.asm
@@ -173,7 +173,6 @@ GENERATE[parisc-mont.s]=asm/parisc-mont.pl
GENERATE[bn-ppc.s]=asm/ppc.pl
GENERATE[ppc-mont.s]=asm/ppc-mont.pl
GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl
-GENERATE[ppc64-mont-fixed.s]=asm/ppc64-mont-fixed.pl
GENERATE[alpha-mont.S]=asm/alpha-mont.pl
diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
index f36982845db4..1543ed9f7534 100644
--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
@@ -97,6 +97,18 @@ Key = P-256-PUBLIC
Input = "Hello World"
Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
+PublicKey=P-384-PUBLIC
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAES/TlL5WEJ+u1kV+4yVlVUbTTo/2rZ7rd
+nWwwk/QlukNjDfcfQvDrfOqpTZ9kSKhd0wMxWIJJ/S/cCzCex+2EgbwW8ngAwT19
+twD8guGxyFRaoMDTtW47/nifwYqRaIfC
+-----END PUBLIC KEY-----
+
+DigestVerify = SHA384
+Key = P-384-PUBLIC
+Input = "123400"
+Output = 304d0218389cb27e0bc8d21fa7e5f24cb74f58851313e696333ad68b023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52970
+
# Oneshot tests
OneShotDigestVerify = SHA256
Key = P-256-PUBLIC

@ -0,0 +1,174 @@
diff -up openssl-3.0.1/tools/c_rehash.in.cve20222068 openssl-3.0.1/tools/c_rehash.in
--- openssl-3.0.1/tools/c_rehash.in.cve20222068 2022-06-22 13:15:57.347421765 +0200
+++ openssl-3.0.1/tools/c_rehash.in 2022-06-22 13:16:14.797576250 +0200
@@ -104,18 +104,41 @@ foreach (@dirlist) {
}
exit($errorcount);
+sub copy_file {
+ my ($src_fname, $dst_fname) = @_;
+
+ if (open(my $in, "<", $src_fname)) {
+ if (open(my $out, ">", $dst_fname)) {
+ print $out $_ while (<$in>);
+ close $out;
+ } else {
+ warn "Cannot open $dst_fname for write, $!";
+ }
+ close $in;
+ } else {
+ warn "Cannot open $src_fname for read, $!";
+ }
+}
+
sub hash_dir {
+ my $dir = shift;
my %hashlist;
- print "Doing $_[0]\n";
- chdir $_[0];
- opendir(DIR, ".");
+
+ print "Doing $dir\n";
+
+ if (!chdir $dir) {
+ print STDERR "WARNING: Cannot chdir to '$dir', $!\n";
+ return;
+ }
+
+ opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n";
my @flist = sort readdir(DIR);
closedir DIR;
if ( $removelinks ) {
# Delete any existing symbolic links
foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
if (-l $_) {
- print "unlink $_" if $verbose;
+ print "unlink $_\n" if $verbose;
unlink $_ || warn "Can't unlink $_, $!\n";
}
}
@@ -130,13 +153,16 @@ sub hash_dir {
link_hash_cert($fname) if ($cert);
link_hash_crl($fname) if ($crl);
}
+
+ chdir $pwd;
}
sub check_file {
my ($is_cert, $is_crl) = (0,0);
my $fname = $_[0];
- open IN, $fname;
- while(<IN>) {
+
+ open(my $in, "<", $fname);
+ while(<$in>) {
if (/^-----BEGIN (.*)-----/) {
my $hdr = $1;
if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
@@ -148,7 +174,7 @@ sub check_file {
}
}
}
- close IN;
+ close $in;
return ($is_cert, $is_crl);
}
@@ -177,76 +203,49 @@ sub compute_hash {
# certificate fingerprints
sub link_hash_cert {
- my $fname = $_[0];
- my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
- "-fingerprint", "-noout",
- "-in", $fname);
- chomp $hash;
- chomp $fprint;
- return if !$hash;
- $fprint =~ s/^.*=//;
- $fprint =~ tr/://d;
- my $suffix = 0;
- # Search for an unused hash filename
- while(exists $hashlist{"$hash.$suffix"}) {
- # Hash matches: if fingerprint matches its a duplicate cert
- if ($hashlist{"$hash.$suffix"} eq $fprint) {
- print STDERR "WARNING: Skipping duplicate certificate $fname\n";
- return;
- }
- $suffix++;
- }
- $hash .= ".$suffix";
- if ($symlink_exists) {
- print "link $fname -> $hash\n" if $verbose;
- symlink $fname, $hash || warn "Can't symlink, $!";
- } else {
- print "copy $fname -> $hash\n" if $verbose;
- if (open($in, "<", $fname)) {
- if (open($out,">", $hash)) {
- print $out $_ while (<$in>);
- close $out;
- } else {
- warn "can't open $hash for write, $!";
- }
- close $in;
- } else {
- warn "can't open $fname for read, $!";
- }
- }
- $hashlist{$hash} = $fprint;
+ link_hash($_[0], 'cert');
}
# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
sub link_hash_crl {
- my $fname = $_[0];
- my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
+ link_hash($_[0], 'crl');
+}
+
+sub link_hash {
+ my ($fname, $type) = @_;
+ my $is_cert = $type eq 'cert';
+
+ my ($hash, $fprint) = compute_hash($openssl,
+ $is_cert ? "x509" : "crl",
+ $is_cert ? $x509hash : $crlhash,
"-fingerprint", "-noout",
"-in", $fname);
chomp $hash;
+ $hash =~ s/^.*=// if !$is_cert;
chomp $fprint;
return if !$hash;
$fprint =~ s/^.*=//;
$fprint =~ tr/://d;
my $suffix = 0;
# Search for an unused hash filename
- while(exists $hashlist{"$hash.r$suffix"}) {
+ my $crlmark = $is_cert ? "" : "r";
+ while(exists $hashlist{"$hash.$crlmark$suffix"}) {
# Hash matches: if fingerprint matches its a duplicate cert
- if ($hashlist{"$hash.r$suffix"} eq $fprint) {
- print STDERR "WARNING: Skipping duplicate CRL $fname\n";
+ if ($hashlist{"$hash.$crlmark$suffix"} eq $fprint) {
+ my $what = $is_cert ? 'certificate' : 'CRL';
+ print STDERR "WARNING: Skipping duplicate $what $fname\n";
return;
}
$suffix++;
}
- $hash .= ".r$suffix";
+ $hash .= ".$crlmark$suffix";
if ($symlink_exists) {
print "link $fname -> $hash\n" if $verbose;
symlink $fname, $hash || warn "Can't symlink, $!";
} else {
- print "cp $fname -> $hash\n" if $verbose;
- system ("cp", $fname, $hash);
- warn "Can't copy, $!" if ($? >> 8) != 0;
+ print "copy $fname -> $hash\n" if $verbose;
+ copy_file($fname, $hash);
}
$hashlist{$hash} = $fprint;
}

@ -0,0 +1,151 @@
From a98f339ddd7e8f487d6e0088d4a9a42324885a93 Mon Sep 17 00:00:00 2001
From: Alex Chernyakhovsky <achernya@google.com>
Date: Thu, 16 Jun 2022 12:00:22 +1000
Subject: [PATCH] Fix AES OCB encrypt/decrypt for x86 AES-NI
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
that performs operations on 6 16-byte blocks concurrently (the
"grandloop") and then proceeds to handle the "short" tail (which can
be anywhere from 0 to 5 blocks) that remain.
As part of initialization, the assembly initializes $len to the true
length, less 96 bytes and converts it to a pointer so that the $inp
can be compared to it. Each iteration of "grandloop" checks to see if
there's a full 96-byte chunk to process, and if so, continues. Once
this has been exhausted, it falls through to "short", which handles
the remaining zero to five blocks.
Unfortunately, the jump at the end of "grandloop" had a fencepost
error, doing a `jb` ("jump below") rather than `jbe` (jump below or
equal). This should be `jbe`, as $inp is pointing to the *end* of the
chunk currently being handled. If $inp == $len, that means that
there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
then there's 5 or fewer 16-byte blocks left to be handled, and the
fall-through is intended.
The net effect of `jb` instead of `jbe` is that the last 16-byte block
of the last 96-byte chunk was completely omitted. The contents of
`out` in this position were never written to. Additionally, since
those bytes were never processed, the authentication tag generated is
also incorrect.
The same fencepost error, and identical logic, exists in both
aesni_ocb_encrypt and aesni_ocb_decrypt.
This addresses CVE-2022-2097.
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
Co-authored-by: David Benjamin <davidben@google.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit 6ebf6d51596f51d23ccbc17930778d104a57d99c)
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93]
---
crypto/aes/asm/aesni-x86.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl
index 4245fe34e17e..7cf838db170b 100644
--- a/crypto/aes/asm/aesni-x86.pl
+++ b/crypto/aes/asm/aesni-x86.pl
@@ -2025,7 +2025,7 @@ sub aesni_generate6
&movdqu (&QWP(-16*2,$out,$inp),$inout4);
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
&cmp ($inp,$len); # done yet?
- &jb (&label("grandloop"));
+ &jbe (&label("grandloop"));
&set_label("short");
&add ($len,16*6);
@@ -2451,7 +2451,7 @@ sub aesni_generate6
&pxor ($rndkey1,$inout5);
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
&cmp ($inp,$len); # done yet?
- &jb (&label("grandloop"));
+ &jbe (&label("grandloop"));
&set_label("short");
&add ($len,16*6);
From 52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8 Mon Sep 17 00:00:00 2001
From: Alex Chernyakhovsky <achernya@google.com>
Date: Thu, 16 Jun 2022 12:02:37 +1000
Subject: [PATCH] AES OCB test vectors
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
Co-authored-by: David Benjamin <davidben@google.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit 2f19ab18a29cf9c82cdd68bc8c7e5be5061b19be)
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8]
---
.../30-test_evp_data/evpciph_aes_ocb.txt | 50 +++++++++++++++++++
1 file changed, 50 insertions(+)
diff --git a/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt b/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt
index e58ee34b6b3f..de098905230b 100644
--- a/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt
+++ b/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt
@@ -207,3 +207,53 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021
Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486
Operation = DECRYPT
Result = CIPHERFINAL_ERROR
+
+#Test vectors generated to validate aesni_ocb_encrypt on x86
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000000000001020304050607
+Tag = C14DFF7D62A13C4A3422456207453190
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B819333
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000000000001020304050607
+Tag = D47D84F6FF912C79B6A4223AB9BE2DB8
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC204
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000000000001020304050607
+Tag = 41970D13737B7BD1B5FBF49ED4412CA5
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000000000001020304050607
+Tag = BE0228651ED4E48A11BDED68D953F3A0
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000000000001020304050607
+Tag = 17BC6E10B16E5FDC52836E7D589518C7
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000000000001020304050607
+Tag = E84AAC18666116990A3A37B3A5FC55BD
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000000000001020304050607
+Tag = 3E5EA7EE064FE83B313E28D411E91EAD
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED48D9E09F452F8E6FBEB76A3DED47611C

@ -0,0 +1,56 @@
From edceec7fe0c9a5534ae155c8398c63dd7dd95483 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 5 May 2022 08:11:24 +0200
Subject: [PATCH] EVP_PKEY_Q_keygen: Call OPENSSL_init_crypto to init
strcasecmp
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18247)
(cherry picked from commit b807c2fbab2128cf3746bb2ebd51cbe3bb6914a9)
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483]
---
crypto/evp/evp_lib.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 3fe4743761..d9b8c0af41 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -24,6 +24,7 @@
#include <openssl/dh.h>
#include <openssl/ec.h>
#include "crypto/evp.h"
+#include "crypto/cryptlib.h"
#include "internal/provider.h"
#include "evp_local.h"
@@ -1094,6 +1095,8 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
return (ctx->flags & flags);
}
+#if !defined(FIPS_MODULE)
+
int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name)
{
OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
@@ -1169,6 +1172,8 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
va_start(args, type);
+ OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL);
+
if (OPENSSL_strcasecmp(type, "RSA") == 0) {
bits = va_arg(args, size_t);
params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);
@@ -1189,3 +1194,5 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
va_end(args);
return ret;
}
+
+#endif /* !defined(FIPS_MODULE) */
--
2.35.3

File diff suppressed because it is too large Load Diff

@ -0,0 +1,367 @@
From 4a2239bd7d444c30c55b20ea8b4aeadafdfe1afd Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Fri, 22 Jul 2022 13:59:37 +0200
Subject: [PATCH] FIPS: Use OAEP in KATs, support fixed OAEP seed
Review by our lab for FIPS 140-3 certification expects the RSA
encryption and decryption tests to use a supported padding mode, not raw
RSA signatures. Switch to RSA-OAEP for the self tests to fulfill that.
The FIPS 140-3 Implementation Guidance specifies in section 10.3.A
"Cryptographic Algorithm Self-Test Requirements" that a self-test may be
a known-answer test, a comparison test, or a fault-detection test.
Comparison tests are not an option, because they would require
a separate implementation of RSA-OAEP, which we do not have. Fault
detection tests require implementing fault detection mechanisms into the
cryptographic algorithm implementation, we we also do not have.
As a consequence, a known-answer test must be used to test RSA
encryption and decryption, but RSA encryption with OAEP padding is not
deterministic, and thus encryption will always yield different results
that could not be compared to known answers. For this reason, this
change explicitly sets the seed in OAEP (see RFC 8017 section 7.1.1),
which is the source of randomness for RSA-OAEP, to a fixed value. This
setting is only available during self-test execution, and the parameter
set using EVP_PKEY_CTX_set_params() will be ignored otherwise.
Signed-off-by: Clemens Lang <cllang@redhat.com>
---
crypto/rsa/rsa_local.h | 8 ++
crypto/rsa/rsa_oaep.c | 34 ++++++--
include/openssl/core_names.h | 3 +
providers/fips/self_test_data.inc | 83 +++++++++++--------
providers/fips/self_test_kats.c | 7 ++
.../implementations/asymciphers/rsa_enc.c | 41 ++++++++-
6 files changed, 133 insertions(+), 43 deletions(-)
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
index ea70da05ad..dde57a1a0e 100644
--- a/crypto/rsa/rsa_local.h
+++ b/crypto/rsa/rsa_local.h
@@ -193,4 +193,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to
int tlen, const unsigned char *from,
int flen);
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
+ unsigned char *to, int tlen,
+ const unsigned char *from, int flen,
+ const unsigned char *param,
+ int plen, const EVP_MD *md,
+ const EVP_MD *mgf1md,
+ const char *redhat_st_seed);
+
#endif /* OSSL_CRYPTO_RSA_LOCAL_H */
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index d9be1a4f98..b2f7f7dc4b 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
param, plen, NULL, NULL);
}
+#ifdef FIPS_MODULE
+extern int REDHAT_FIPS_asym_cipher_st;
+#endif /* FIPS_MODULE */
+
/*
* Perform the padding as per NIST 800-56B 7.2.2.3
* from (K) is the key material.
@@ -51,12 +55,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
* Step numbers are included here but not in the constant time inverse below
* to avoid complicating an already difficult enough function.
*/
-int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
- unsigned char *to, int tlen,
- const unsigned char *from, int flen,
- const unsigned char *param,
- int plen, const EVP_MD *md,
- const EVP_MD *mgf1md)
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
+ unsigned char *to, int tlen,
+ const unsigned char *from, int flen,
+ const unsigned char *param,
+ int plen, const EVP_MD *md,
+ const EVP_MD *mgf1md,
+ const char *redhat_st_seed)
{
int rv = 0;
int i, emlen = tlen - 1;
@@ -107,6 +112,11 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
db[emlen - flen - mdlen - 1] = 0x01;
memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
/* step 3d: generate random byte string */
+#ifdef FIPS_MODULE
+ if (redhat_st_seed != NULL && REDHAT_FIPS_asym_cipher_st) {
+ memcpy(seed, redhat_st_seed, mdlen);
+ } else
+#endif
if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0)
goto err;
@@ -138,6 +148,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
return rv;
}
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
+ unsigned char *to, int tlen,
+ const unsigned char *from, int flen,
+ const unsigned char *param,
+ int plen, const EVP_MD *md,
+ const EVP_MD *mgf1md)
+{
+ return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(libctx, to, tlen, from,
+ flen, param, plen, md,
+ mgf1md, NULL);
+}
+
int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
const unsigned char *from, int flen,
const unsigned char *param, int plen,
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 59a6e79566..11216fb8f8 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -469,6 +469,9 @@ extern "C" {
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+#ifdef FIPS_MODULE
+#define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed"
+#endif
/*
* Encoder / decoder parameters
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
index 4e30ec56dd..0103c87528 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
@@ -1294,9 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
ST_KAT_PARAM_END()
};
+/*-
+ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the
+ * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
+ * HP/UX PA-RISC compilers.
+ */
+static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP;
+static const char oaep_fixed_seed[] = {
+ 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25,
+ 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab,
+ 0x2e, 0x4b, 0x2c, 0xe6
+};
+
static const ST_KAT_PARAM rsa_enc_params[] = {
- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE,
- OSSL_PKEY_RSA_PAD_MODE_NONE),
+ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep),
+ ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED,
+ oaep_fixed_seed),
ST_KAT_PARAM_END()
};
@@ -1335,43 +1348,43 @@ static const unsigned char rsa_expected_sig[256] = {
0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6
};
-static const unsigned char rsa_asym_plaintext_encrypt[256] = {
+static const unsigned char rsa_asym_plaintext_encrypt[208] = {
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
};
static const unsigned char rsa_asym_expected_encrypt[256] = {
- 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b,
- 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61,
- 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c,
- 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc,
- 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0,
- 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa,
- 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a,
- 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc,
- 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35,
- 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a,
- 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd,
- 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda,
- 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18,
- 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7,
- 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39,
- 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87,
- 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21,
- 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0,
- 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8,
- 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c,
- 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa,
- 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69,
- 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52,
- 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c,
- 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6,
- 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93,
- 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d,
- 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5,
- 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9,
- 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04,
- 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa,
- 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab,
+ 0x6c, 0x21, 0xc1, 0x9e, 0x94, 0xee, 0xdf, 0x74,
+ 0x3a, 0x3c, 0x7c, 0x04, 0x1a, 0x53, 0x9e, 0x7c,
+ 0x42, 0xac, 0x7e, 0x28, 0x9a, 0xb7, 0xe2, 0x4e,
+ 0x87, 0xd4, 0x00, 0x69, 0x71, 0xf0, 0x3e, 0x0b,
+ 0xc1, 0xda, 0xd6, 0xbd, 0x21, 0x39, 0x4f, 0x25,
+ 0x22, 0x1f, 0x76, 0x0d, 0x62, 0x1f, 0xa2, 0x89,
+ 0xdb, 0x38, 0x32, 0x88, 0x21, 0x1d, 0x89, 0xf1,
+ 0xe0, 0x14, 0xd4, 0xb7, 0x90, 0xfc, 0xbc, 0x50,
+ 0xb0, 0x8d, 0x5c, 0x2f, 0x49, 0x9e, 0x90, 0x17,
+ 0x9e, 0x60, 0x9f, 0xe1, 0x77, 0x4f, 0x11, 0xa2,
+ 0xcf, 0x16, 0x65, 0x2d, 0x4a, 0x2c, 0x12, 0xcb,
+ 0x1e, 0x3c, 0x29, 0x8b, 0xdc, 0x27, 0x06, 0x9d,
+ 0xf4, 0x0d, 0xe1, 0xc9, 0xeb, 0x14, 0x6a, 0x7e,
+ 0xfd, 0xa7, 0xa8, 0xa7, 0x51, 0x82, 0x62, 0x0f,
+ 0x29, 0x8d, 0x8c, 0x5e, 0xf2, 0xb8, 0xcd, 0xd3,
+ 0x51, 0x92, 0xa7, 0x25, 0x39, 0x9d, 0xdd, 0x06,
+ 0xff, 0xb1, 0xb0, 0xd5, 0x61, 0x03, 0x8f, 0x25,
+ 0x5c, 0x49, 0x12, 0xc1, 0x50, 0x67, 0x61, 0x78,
+ 0xb3, 0xe3, 0xc4, 0xf6, 0x36, 0x16, 0xa9, 0x04,
+ 0x91, 0x0a, 0x4b, 0x27, 0x28, 0x97, 0x50, 0x7c,
+ 0x65, 0x2d, 0xd0, 0x08, 0x71, 0x84, 0xe7, 0x47,
+ 0x79, 0x83, 0x91, 0x46, 0xd9, 0x8f, 0x79, 0xce,
+ 0x49, 0xcb, 0xcd, 0x8b, 0x34, 0xac, 0x61, 0xe0,
+ 0xe6, 0x55, 0xbf, 0x10, 0xe4, 0xac, 0x9a, 0xd6,
+ 0xed, 0xc1, 0xc2, 0xb6, 0xb6, 0xf7, 0x41, 0x99,
+ 0xde, 0xfa, 0xde, 0x11, 0x16, 0xa2, 0x18, 0x30,
+ 0x30, 0xdc, 0x95, 0x76, 0x2f, 0x46, 0x43, 0x20,
+ 0xc4, 0xe7, 0x50, 0xb9, 0x1e, 0xcd, 0x69, 0xbb,
+ 0x29, 0x94, 0x27, 0x9c, 0xc9, 0xab, 0xb4, 0x27,
+ 0x8b, 0x4d, 0xe1, 0xcb, 0xc1, 0x04, 0x2c, 0x66,
+ 0x41, 0x3a, 0x4d, 0xeb, 0x61, 0x4c, 0x77, 0x5a,
+ 0xee, 0xb0, 0xca, 0x99, 0x0e, 0x7f, 0xbe, 0x06
};
#ifndef OPENSSL_NO_EC
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index 064794d9bf..b6d5e8e134 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -647,14 +647,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
return ret;
}
+int REDHAT_FIPS_asym_cipher_st = 0;
+
static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
{
int i, ret = 1;
+ REDHAT_FIPS_asym_cipher_st = 1;
+
for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) {
if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx))
ret = 0;
}
+
+ REDHAT_FIPS_asym_cipher_st = 0;
+
return ret;
}
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index 00cf65fcd6..83be3d8ede 100644
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -30,6 +30,9 @@
#include "prov/implementations.h"
#include "prov/providercommon.h"
#include "prov/securitycheck.h"
+#ifdef FIPS_MODULE
+# include "crypto/rsa/rsa_local.h"
+#endif
#include <stdlib.h>
@@ -75,6 +78,9 @@ typedef struct {
/* TLS padding */
unsigned int client_version;
unsigned int alt_version;
+#ifdef FIPS_MODULE
+ char *redhat_st_oaep_seed;
+#endif /* FIPS_MODULE */
} PROV_RSA_CTX;
static void *rsa_newctx(void *provctx)
@@ -190,12 +196,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
return 0;
}
ret =
- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf,
+#ifdef FIPS_MODULE
+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(
+#else
+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(
+#endif
+ prsactx->libctx, tbuf,
rsasize, in, inlen,
prsactx->oaep_label,
prsactx->oaep_labellen,
prsactx->oaep_md,
- prsactx->mgf1_md);
+ prsactx->mgf1_md
+#ifdef FIPS_MODULE
+ , prsactx->redhat_st_oaep_seed
+#endif
+ );
if (!ret) {
OPENSSL_free(tbuf);
@@ -326,6 +341,9 @@ static void rsa_freectx(void *vprsactx)
EVP_MD_free(prsactx->oaep_md);
EVP_MD_free(prsactx->mgf1_md);
OPENSSL_free(prsactx->oaep_label);
+#ifdef FIPS_MODULE
+ OPENSSL_free(prsactx->redhat_st_oaep_seed);
+#endif /* FIPS_MODULE */
OPENSSL_free(prsactx);
}
@@ -445,6 +463,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
NULL, 0),
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
+#ifdef FIPS_MODULE
+ OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0),
+#endif /* FIPS_MODULE */
OSSL_PARAM_END
};
@@ -454,6 +475,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
return known_gettable_ctx_params;
}
+#ifdef FIPS_MODULE
+extern int REDHAT_FIPS_asym_cipher_st;
+#endif /* FIPS_MODULE */
+
static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
@@ -563,6 +588,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
prsactx->oaep_labellen = tmp_labellen;
}
+#ifdef FIPS_MODULE
+ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED);
+ if (p != NULL && REDHAT_FIPS_asym_cipher_st) {
+ void *tmp_oaep_seed = NULL;
+
+ if (!OSSL_PARAM_get_octet_string(p, &tmp_oaep_seed, 0, NULL))
+ return 0;
+ OPENSSL_free(prsactx->redhat_st_oaep_seed);
+ prsactx->redhat_st_oaep_seed = (char *)tmp_oaep_seed;
+ }
+#endif /* FIPS_MODULE */
+
p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION);
if (p != NULL) {
unsigned int client_version;
--
2.37.1

@ -0,0 +1,313 @@
From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Fri, 15 Jul 2022 17:45:40 +0200
Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test
In review for FIPS 140-3, the lack of a self-test for the digest_sign
and digest_verify provider functions was highlighted as a problem. NIST
no longer provides ACVP tests for the RSA SigVer primitive (see
https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3
recommends the use of functions that compute the digest and signature
within the module, we have been advised in our module review that the
self tests should also use the combined digest and signature APIs, i.e.
the digest_sign and digest_verify provider functions.
Modify the signature self-test to use these instead by switching to
EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to
crypto/evp/m_sigver.c to make these functions usable in the FIPS module.
Signed-off-by: Clemens Lang <cllang@redhat.com>
---
crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------
providers/fips/self_test_kats.c | 37 +++++++++++++++-------------
2 files changed, 56 insertions(+), 24 deletions(-)
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index db1a1d7bc3..c94c3c53bd 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED);
return 0;
}
+#endif /* !defined(FIPS_MODULE) */
/*
* If we get the "NULL" md then the name comes back as "UNDEF". We want to use
@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
reinit = 0;
if (e == NULL)
ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
+#ifndef FIPS_MODULE
else
ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
+#endif /* !defined(FIPS_MODULE) */
}
if (ctx->pctx == NULL)
return 0;
@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
locpctx = ctx->pctx;
ERR_set_mark();
+#ifndef FIPS_MODULE
if (evp_pkey_ctx_is_legacy(locpctx))
goto legacy;
+#endif /* !defined(FIPS_MODULE) */
/* do not reinitialize if pkey is set or operation is different */
if (reinit
@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
signature =
evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
supported_sig, locpctx->propquery);
+#ifndef FIPS_MODULE
if (signature == NULL)
goto legacy;
+#endif /* !defined(FIPS_MODULE) */
break;
}
if (signature == NULL)
@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
if (ctx->fetched_digest != NULL) {
ctx->digest = ctx->reqdigest = ctx->fetched_digest;
+#ifndef FIPS_MODULE
} else {
/* legacy engine support : remove the mark when this is deleted */
ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
goto err;
}
+#endif /* !defined(FIPS_MODULE) */
}
(void)ERR_pop_to_mark();
}
}
+#ifndef FIPS_MODULE
if (ctx->reqdigest != NULL
&& !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
goto err;
}
}
+#endif /* !defined(FIPS_MODULE) */
if (ver) {
if (signature->digest_verify_init == NULL) {
@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
EVP_KEYMGMT_free(tmp_keymgmt);
return 0;
+#ifndef FIPS_MODULE
legacy:
/*
* If we don't have the full support we need with provided methods,
@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
ctx->pctx->flag_call_digest_custom = 1;
ret = 1;
+#endif /* !defined(FIPS_MODULE) */
end:
#ifndef FIPS_MODULE
@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1,
NULL);
}
-#endif /* FIPS_MDOE */
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
{
@@ -541,23 +553,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
return EVP_DigestUpdate(ctx, data, dsize);
}
-#ifndef FIPS_MODULE
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
size_t *siglen)
{
- int sctx = 0, r = 0;
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
+ int r = 0;
+#ifndef FIPS_MODULE
+ int sctx = 0;
+ EVP_PKEY_CTX *dctx;
+#endif /* !defined(FIPS_MODULE) */
+ EVP_PKEY_CTX *pctx = ctx->pctx;
+#ifndef FIPS_MODULE
if (pctx == NULL
|| pctx->operation != EVP_PKEY_OP_SIGNCTX
|| pctx->op.sig.algctx == NULL
|| pctx->op.sig.signature == NULL)
goto legacy;
+#endif /* !defined(FIPS_MODULE) */
if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
sigret, siglen,
(siglen == NULL) ? 0 : *siglen);
+#ifndef FIPS_MODULE
dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx == NULL)
return 0;
@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
sigret, siglen,
(siglen == NULL) ? 0 : *siglen);
EVP_PKEY_CTX_free(dctx);
+#endif /* defined(FIPS_MODULE) */
return r;
+#ifndef FIPS_MODULE
legacy:
if (pctx == NULL || pctx->pmeth == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
}
}
return 1;
+#endif /* !defined(FIPS_MODULE) */
}
int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
@@ -669,21 +690,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen)
{
- unsigned char md[EVP_MAX_MD_SIZE];
int r = 0;
+#ifndef FIPS_MODULE
+ unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen = 0;
int vctx = 0;
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
+ EVP_PKEY_CTX *dctx;
+#endif /* !defined(FIPS_MODULE) */
+ EVP_PKEY_CTX *pctx = ctx->pctx;
+#ifndef FIPS_MODULE
if (pctx == NULL
|| pctx->operation != EVP_PKEY_OP_VERIFYCTX
|| pctx->op.sig.algctx == NULL
|| pctx->op.sig.signature == NULL)
goto legacy;
+#endif /* !defined(FIPS_MODULE) */
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
sig, siglen);
+#ifndef FIPS_MODULE
dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx == NULL)
return 0;
@@ -691,8 +718,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx,
sig, siglen);
EVP_PKEY_CTX_free(dctx);
+#endif /* !defined(FIPS_MODULE) */
return r;
+#ifndef FIPS_MODULE
legacy:
if (pctx == NULL || pctx->pmeth == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
if (vctx || !r)
return r;
return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
+#endif /* !defined(FIPS_MODULE) */
}
int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
return -1;
return EVP_DigestVerifyFinal(ctx, sigret, siglen);
}
-#endif /* FIPS_MODULE */
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index b6d5e8e134..77eec075e6 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t,
int ret = 0;
OSSL_PARAM *params = NULL, *params_sig = NULL;
OSSL_PARAM_BLD *bld = NULL;
+ EVP_MD *md = NULL;
+ EVP_MD_CTX *ctx = NULL;
EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
EVP_PKEY *pkey = NULL;
- unsigned char sig[256];
BN_CTX *bnctx = NULL;
BIGNUM *K = NULL;
+ const char *msg = "Hello World!";
+ unsigned char sig[256];
size_t siglen = sizeof(sig);
static const unsigned char dgst[] = {
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
goto err;
- /* Create a EVP_PKEY_CTX to use for the signing operation */
- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
- if (sctx == NULL
- || EVP_PKEY_sign_init(sctx) <= 0)
- goto err;
-
- /* set signature parameters */
- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
- t->mdalgorithm,
- strlen(t->mdalgorithm) + 1))
- goto err;
+ /* Create a EVP_MD_CTX to use for the signature operation, assign signature
+ * parameters and sign */
params_sig = OSSL_PARAM_BLD_to_param(bld);
- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
+ md = EVP_MD_fetch(libctx, "SHA256", NULL);
+ ctx = EVP_MD_CTX_new();
+ if (md == NULL || ctx == NULL)
+ goto err;
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
+ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0
+ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0
+ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0
+ || EVP_MD_CTX_reset(ctx) <= 0)
goto err;
- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
- || EVP_PKEY_verify_init(sctx) <= 0
+ /* sctx is not freed automatically inside the FIPS module */
+ EVP_PKEY_CTX_free(sctx);
+ sctx = NULL;
+
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0
|| EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
goto err;
@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t,
goto err;
OSSL_SELF_TEST_oncorrupt_byte(st, sig);
- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
+ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0)
goto err;
ret = 1;
err:
BN_CTX_free(bnctx);
EVP_PKEY_free(pkey);
- EVP_PKEY_CTX_free(kctx);
+ EVP_MD_free(md);
+ EVP_MD_CTX_free(ctx);
+ /* sctx is not freed automatically inside the FIPS module */
EVP_PKEY_CTX_free(sctx);
+ EVP_PKEY_CTX_free(kctx);
OSSL_PARAM_free(params);
OSSL_PARAM_free(params_sig);
OSSL_PARAM_BLD_free(bld);
--
2.37.1

@ -0,0 +1,378 @@
From e385647549c467fe263b68b72dd21bdfb875ee88 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Fri, 22 Jul 2022 17:51:16 +0200
Subject: [PATCH 2/2] FIPS: Use FFDHE2048 in self test
Signed-off-by: Clemens Lang <cllang@redhat.com>
---
providers/fips/self_test_data.inc | 342 +++++++++++++++---------------
1 file changed, 172 insertions(+), 170 deletions(-)
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
index a29cc650b5..1b5623833f 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
@@ -821,188 +821,190 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] =
#ifndef OPENSSL_NO_DH
/* DH KAT */
+/* RFC7919 FFDHE2048 p */
static const unsigned char dh_p[] = {
- 0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25,
- 0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0,
- 0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66,
- 0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b,
- 0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe,
- 0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce,
- 0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d,
- 0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d,
- 0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde,
- 0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb,
- 0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17,
- 0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0,
- 0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97,
- 0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9,
- 0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7,
- 0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1,
- 0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d,
- 0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82,
- 0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4,
- 0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c,
- 0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b,
- 0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50,
- 0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31,
- 0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44,
- 0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5,
- 0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80,
- 0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12,
- 0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94,
- 0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7,
- 0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1,
- 0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d,
- 0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69
-};
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xad, 0xf8, 0x54, 0x58, 0xa2, 0xbb, 0x4a, 0x9a,
+ 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1,
+ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95,
+ 0xa9, 0xe1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xfb,
+ 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9,
+ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8,
+ 0xf6, 0x81, 0xb2, 0x02, 0xae, 0xc4, 0x61, 0x7a,
+ 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61,
+ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0,
+ 0x85, 0x63, 0x65, 0x55, 0x3d, 0xed, 0x1a, 0xf3,
+ 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35,
+ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77,
+ 0xe2, 0xa6, 0x89, 0xda, 0xf3, 0xef, 0xe8, 0x72,
+ 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35,
+ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a,
+ 0xbc, 0x0a, 0xb1, 0x82, 0xb3, 0x24, 0xfb, 0x61,
+ 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb,
+ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68,
+ 0x1d, 0x4f, 0x42, 0xa3, 0xde, 0x39, 0x4d, 0xf4,
+ 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19,
+ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70,
+ 0x9e, 0x02, 0xfc, 0xe1, 0xcd, 0xf7, 0xe2, 0xec,
+ 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61,
+ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff,
+ 0x8e, 0x4f, 0x12, 0x32, 0xee, 0xf2, 0x81, 0x83,
+ 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73,
+ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05,
+ 0xc5, 0x8e, 0xf1, 0x83, 0x7d, 0x16, 0x83, 0xb2,
+ 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa,
+ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
+};
+/* RFC7919 FFDHE2048 q */
static const unsigned char dh_q[] = {
- 0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e,
- 0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83,
- 0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea,
- 0x11, 0xac, 0xb5, 0x7d
-};
+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xd6, 0xfc, 0x2a, 0x2c, 0x51, 0x5d, 0xa5, 0x4d,
+ 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a,
+ 0xd4, 0xf0, 0x9b, 0x20, 0x8a, 0x32, 0x19, 0xfd,
+ 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec,
+ 0x7b, 0x40, 0xd9, 0x01, 0x57, 0x62, 0x30, 0xbd,
+ 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68,
+ 0x42, 0xb1, 0xb2, 0xaa, 0x9e, 0xf6, 0x8d, 0x79,
+ 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb,
+ 0xf1, 0x53, 0x44, 0xed, 0x79, 0xf7, 0xf4, 0x39,
+ 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd,
+ 0x5e, 0x05, 0x58, 0xc1, 0x59, 0x92, 0x7d, 0xb0,
+ 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34,
+ 0x0e, 0xa7, 0xa1, 0x51, 0xef, 0x1c, 0xa6, 0xfa,
+ 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8,
+ 0x4f, 0x01, 0x7e, 0x70, 0xe6, 0xfb, 0xf1, 0x76,
+ 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff,
+ 0xc7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xc1,
+ 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02,
+ 0xe2, 0xc7, 0x78, 0xc1, 0xbe, 0x8b, 0x41, 0xd9,
+ 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
+};
+/* RFC7919 FFDHE2048 g */
static const unsigned char dh_g[] = {
- 0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39,
- 0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f,
- 0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0,
- 0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f,
- 0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f,
- 0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a,
- 0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4,
- 0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c,
- 0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20,
- 0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25,
- 0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53,
- 0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9,
- 0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc,
- 0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9,
- 0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43,
- 0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86,
- 0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16,
- 0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40,
- 0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23,
- 0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa,
- 0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6,
- 0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2,
- 0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61,
- 0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a,
- 0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef,
- 0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f,
- 0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3,
- 0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a,
- 0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4,
- 0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74,
- 0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4,
- 0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32
+ 0x02
};
static const unsigned char dh_priv[] = {
- 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a,
- 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70,
- 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15,
- 0x40, 0xb8, 0xfc, 0xe6
+ 0x01, 0xdc, 0x2a, 0xb9, 0x87, 0x71, 0x57, 0x0f,
+ 0xcd, 0x93, 0x65, 0x4c, 0xa1, 0xd6, 0x56, 0x6d,
+ 0xc5, 0x35, 0xd5, 0xcb, 0x4c, 0xb8, 0xad, 0x8d,
+ 0x6c, 0xdc, 0x5d, 0x6e, 0x94
};
static const unsigned char dh_pub[] = {
- 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04,
- 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69,
- 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59,
- 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b,
- 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c,
- 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21,
- 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06,
- 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb,
- 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2,
- 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0,
- 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83,
- 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90,
- 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2,
- 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7,
- 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0,
- 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88,
- 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb,
- 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a,
- 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97,
- 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d,
- 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf,
- 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e,
- 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f,
- 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d,
- 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1,
- 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c,
- 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47,
- 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e,
- 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f,
- 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9,
- 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c,
- 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3
+ 0x00, 0xc4, 0x82, 0x14, 0x69, 0x16, 0x4c, 0x05,
+ 0x55, 0x2a, 0x7e, 0x55, 0x6d, 0x02, 0xbb, 0x7f,
+ 0xcc, 0x63, 0x74, 0xee, 0xcb, 0xb4, 0x98, 0x43,
+ 0x0e, 0x29, 0x43, 0x0d, 0x44, 0xc7, 0xf1, 0x23,
+ 0x81, 0xca, 0x1c, 0x5c, 0xc3, 0xff, 0x01, 0x4a,
+ 0x1a, 0x03, 0x9e, 0x5f, 0xd1, 0x4e, 0xa0, 0x0b,
+ 0xb9, 0x5c, 0x0d, 0xef, 0x14, 0x01, 0x62, 0x3c,
+ 0x8a, 0x8e, 0x60, 0xbb, 0x39, 0xd6, 0x38, 0x63,
+ 0xb7, 0x65, 0xd0, 0x0b, 0x1a, 0xaf, 0x53, 0x38,
+ 0x10, 0x0f, 0x3e, 0xeb, 0x9d, 0x0c, 0x24, 0xf6,
+ 0xe3, 0x70, 0x08, 0x8a, 0x4d, 0x01, 0xf8, 0x7a,
+ 0x87, 0x49, 0x64, 0x72, 0xb1, 0x75, 0x3b, 0x94,
+ 0xc8, 0x09, 0x2d, 0x6a, 0x63, 0xd8, 0x9a, 0x92,
+ 0xb9, 0x5b, 0x1a, 0xc3, 0x47, 0x0b, 0x63, 0x44,
+ 0x3b, 0xe3, 0xc0, 0x09, 0xc9, 0xf9, 0x02, 0x53,
+ 0xd8, 0xfb, 0x06, 0x44, 0xdb, 0xdf, 0xe8, 0x13,
+ 0x2b, 0x40, 0x6a, 0xd4, 0x13, 0x4e, 0x52, 0x30,
+ 0xd6, 0xc1, 0xd8, 0x59, 0x9d, 0x59, 0xba, 0x1b,
+ 0xbf, 0xaa, 0x6f, 0xe9, 0x3d, 0xfd, 0xff, 0x01,
+ 0x0b, 0x54, 0xe0, 0x6a, 0x4e, 0x27, 0x2b, 0x3d,
+ 0xe8, 0xef, 0xb0, 0xbe, 0x52, 0xc3, 0x52, 0x18,
+ 0x6f, 0xa3, 0x27, 0xab, 0x6c, 0x12, 0xc3, 0x81,
+ 0xcb, 0xae, 0x23, 0x11, 0xa0, 0x5d, 0xc3, 0x6f,
+ 0x23, 0x17, 0x40, 0xb3, 0x05, 0x4f, 0x5d, 0xb7,
+ 0x34, 0xbe, 0x87, 0x2c, 0xa9, 0x9e, 0x98, 0x39,
+ 0xbf, 0x2e, 0x9d, 0xad, 0x4f, 0x70, 0xad, 0xed,
+ 0x1b, 0x5e, 0x47, 0x90, 0x49, 0x2e, 0x61, 0x71,
+ 0x5f, 0x07, 0x0b, 0x35, 0x04, 0xfc, 0x53, 0xce,
+ 0x58, 0x60, 0x6c, 0x5b, 0x8b, 0xfe, 0x70, 0x04,
+ 0x2a, 0x6a, 0x98, 0x0a, 0xd0, 0x80, 0xae, 0x69,
+ 0x95, 0xf9, 0x99, 0x18, 0xfc, 0xe4, 0x8e, 0xed,
+ 0x61, 0xd9, 0x02, 0x9d, 0x4e, 0x05, 0xe9, 0xf2,
+ 0x32
};
static const unsigned char dh_peer_pub[] = {
- 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a,
- 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d,
- 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58,
- 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32,
- 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb,
- 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0,
- 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0,
- 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc,
- 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1,
- 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e,
- 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97,
- 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05,
- 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3,
- 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f,
- 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7,
- 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1,
- 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96,
- 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf,
- 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22,
- 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98,
- 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42,
- 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c,
- 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde,
- 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20,
- 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22,
- 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3,
- 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3,
- 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2,
- 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00,
- 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51,
- 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f,
- 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b
+ 0x00, 0xef, 0x15, 0x02, 0xf5, 0x56, 0xa3, 0x79,
+ 0x40, 0x58, 0xbc, 0xeb, 0x56, 0xad, 0xcb, 0xda,
+ 0x8c, 0xda, 0xb8, 0xd1, 0xda, 0x6f, 0x25, 0x29,
+ 0x9e, 0x43, 0x76, 0x2d, 0xb2, 0xd8, 0xbc, 0x84,
+ 0xbc, 0x85, 0xd0, 0x94, 0x8d, 0x44, 0x27, 0x57,
+ 0xe4, 0xdf, 0xc1, 0x78, 0x42, 0x8f, 0x08, 0xf5,
+ 0x74, 0xfe, 0x02, 0x56, 0xd2, 0x09, 0xc8, 0x68,
+ 0xef, 0xed, 0x18, 0xc9, 0xfd, 0x2e, 0x95, 0x6c,
+ 0xba, 0x6c, 0x00, 0x0e, 0xf5, 0xd1, 0x1b, 0xf6,
+ 0x15, 0x14, 0x5b, 0x67, 0x22, 0x7c, 0x6a, 0x20,
+ 0x76, 0x43, 0x51, 0xef, 0x5e, 0x1e, 0xf9, 0x2d,
+ 0xd6, 0xb4, 0xc5, 0xc6, 0x18, 0x33, 0xd1, 0xa3,
+ 0x3b, 0xe6, 0xdd, 0x57, 0x9d, 0xad, 0x13, 0x7a,
+ 0x53, 0xde, 0xb3, 0x97, 0xc0, 0x7e, 0xd7, 0x77,
+ 0x6b, 0xf8, 0xbd, 0x13, 0x70, 0x8c, 0xba, 0x73,
+ 0x80, 0xb3, 0x80, 0x6f, 0xfb, 0x1c, 0xda, 0x53,
+ 0x4d, 0x3c, 0x8a, 0x2e, 0xa1, 0x37, 0xce, 0xb1,
+ 0xde, 0x45, 0x97, 0x58, 0x65, 0x4d, 0xcf, 0x05,
+ 0xbb, 0xc3, 0xd7, 0x38, 0x6d, 0x0a, 0x59, 0x7a,
+ 0x99, 0x15, 0xb7, 0x9a, 0x3d, 0xfd, 0x61, 0xe5,
+ 0x1a, 0xa2, 0xcc, 0xf6, 0xfe, 0xb1, 0xee, 0xe9,
+ 0xa9, 0xe2, 0xeb, 0x06, 0xbc, 0x14, 0x6e, 0x91,
+ 0x0d, 0xf1, 0xe3, 0xbb, 0xe0, 0x7e, 0x1d, 0x31,
+ 0x79, 0xf1, 0x6d, 0x5f, 0xcb, 0xaf, 0xb2, 0x4f,
+ 0x22, 0x12, 0xbf, 0x72, 0xbd, 0xd0, 0x30, 0xe4,
+ 0x1c, 0x35, 0x96, 0x61, 0x98, 0x39, 0xfb, 0x7e,
+ 0x6d, 0x66, 0xc4, 0x69, 0x41, 0x0d, 0x0d, 0x59,
+ 0xbb, 0xa7, 0xbf, 0x34, 0xe0, 0x39, 0x36, 0x84,
+ 0x5e, 0x0e, 0x03, 0x2d, 0xcf, 0xaa, 0x02, 0x8a,
+ 0xba, 0x59, 0x88, 0x47, 0xc4, 0x4d, 0xd7, 0xbd,
+ 0x78, 0x76, 0x24, 0xf1, 0x45, 0x56, 0x44, 0xc2,
+ 0x4a, 0xc2, 0xd5, 0x3a, 0x59, 0x40, 0xab, 0x87,
+ 0x64
};
static const unsigned char dh_secret_expected[] = {
- 0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a,
- 0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a,
- 0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c,
- 0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe,
- 0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2,
- 0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21,
- 0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53,
- 0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd,
- 0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87,
- 0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4,
- 0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d,
- 0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd,
- 0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33,
- 0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe,
- 0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a,
- 0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73,
- 0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad,
- 0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0,
- 0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79,
- 0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9,
- 0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2,
- 0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6,
- 0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae,
- 0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57,
- 0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a,
- 0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63,
- 0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9,
- 0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86,
- 0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5,
- 0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00,
- 0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52,
- 0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6
+ 0x56, 0x13, 0xe3, 0x12, 0x6b, 0x5f, 0x67, 0xe5,
+ 0x08, 0xe5, 0x35, 0x0e, 0x11, 0x90, 0x9d, 0xf5,
+ 0x1a, 0x24, 0xfa, 0x42, 0xd1, 0x4a, 0x50, 0x93,
+ 0x5b, 0xf4, 0x11, 0x6f, 0xd0, 0xc3, 0xc5, 0xa5,
+ 0x80, 0xae, 0x01, 0x3d, 0x66, 0x92, 0xc0, 0x3e,
+ 0x5f, 0xe9, 0x75, 0xb6, 0x5b, 0x37, 0x82, 0x39,
+ 0x72, 0x66, 0x0b, 0xa2, 0x73, 0x94, 0xe5, 0x04,
+ 0x7c, 0x0c, 0x19, 0x9a, 0x03, 0x53, 0xc4, 0x9d,
+ 0xc1, 0x0f, 0xc3, 0xec, 0x0e, 0x2e, 0xa3, 0x7c,
+ 0x07, 0x0e, 0xaf, 0x18, 0x1d, 0xc7, 0x8b, 0x47,
+ 0x4b, 0x94, 0x05, 0x6d, 0xec, 0xdd, 0xa1, 0xae,
+ 0x7b, 0x21, 0x86, 0x53, 0xd3, 0x62, 0x38, 0x08,
+ 0xea, 0xda, 0xdc, 0xb2, 0x5a, 0x7c, 0xef, 0x19,
+ 0xf8, 0x29, 0xef, 0xf8, 0xd0, 0xfb, 0xde, 0xe8,
+ 0xb8, 0x2f, 0xb3, 0xa1, 0x16, 0xa2, 0xd0, 0x8f,
+ 0x48, 0xdc, 0x7d, 0xcb, 0xee, 0x5c, 0x06, 0x1e,
+ 0x2a, 0x66, 0xe8, 0x1f, 0xdb, 0x18, 0xe9, 0xd2,
+ 0xfd, 0xa2, 0x4e, 0x39, 0xa3, 0x2e, 0x88, 0x3d,
+ 0x7d, 0xac, 0x15, 0x18, 0x25, 0xe6, 0xba, 0xd4,
+ 0x0e, 0x89, 0x26, 0x60, 0x8f, 0xdc, 0x4a, 0xb4,
+ 0x49, 0x8f, 0x98, 0xe8, 0x62, 0x8c, 0xc6, 0x66,
+ 0x20, 0x4c, 0xe1, 0xed, 0xfc, 0x01, 0x88, 0x46,
+ 0xa7, 0x67, 0x48, 0x39, 0xc5, 0x22, 0x95, 0xa0,
+ 0x23, 0xb9, 0xd1, 0xed, 0x87, 0xcf, 0xa7, 0x70,
+ 0x1c, 0xac, 0xd3, 0xaf, 0x5c, 0x26, 0x50, 0x3c,
+ 0xe4, 0x23, 0xb6, 0xcc, 0xd7, 0xc5, 0xda, 0x2f,
+ 0xf4, 0x45, 0xf1, 0xe4, 0x40, 0xb5, 0x0a, 0x25,
+ 0x86, 0xe6, 0xde, 0x11, 0x3c, 0x46, 0x16, 0xbc,
+ 0x41, 0xc2, 0x28, 0x19, 0x81, 0x5a, 0x46, 0x02,
+ 0x87, 0xd0, 0x15, 0x0c, 0xd2, 0xfe, 0x75, 0x04,
+ 0x82, 0xd2, 0x0a, 0xb7, 0xbc, 0xc5, 0x6c, 0xb1,
+ 0x41, 0xa8, 0x2b, 0x28, 0xbb, 0x86, 0x0c, 0x89
};
static const ST_KAT_PARAM dh_group[] = {
--
2.35.3

@ -0,0 +1,129 @@
diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c
--- openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand 2022-08-03 11:09:01.301637515 +0200
+++ openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c 2022-08-03 11:13:00.058688605 +0200
@@ -48,6 +48,8 @@
# include <fcntl.h>
# include <unistd.h>
# include <sys/time.h>
+# include <sys/random.h>
+# include <openssl/evp.h>
static uint64_t get_time_stamp(void);
static uint64_t get_timer_bits(void);
@@ -342,66 +342,8 @@ static ssize_t syscall_random(void *buf,
* which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
* between size_t and ssize_t is safe even without a range check.
*/
-
- /*
- * Do runtime detection to find getentropy().
- *
- * Known OSs that should support this:
- * - Darwin since 16 (OSX 10.12, IOS 10.0).
- * - Solaris since 11.3
- * - OpenBSD since 5.6
- * - Linux since 3.17 with glibc 2.25
- * - FreeBSD since 12.0 (1200061)
- *
- * Note: Sometimes getentropy() can be provided but not implemented
- * internally. So we need to check errno for ENOSYS
- */
-# if !defined(__DragonFly__) && !defined(__NetBSD__)
-# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
- extern int getentropy(void *buffer, size_t length) __attribute__((weak));
-
- if (getentropy != NULL) {
- if (getentropy(buf, buflen) == 0)
- return (ssize_t)buflen;
- if (errno != ENOSYS)
- return -1;
- }
-# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM)
-
- if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
- return (ssize_t)buflen;
-
- return -1;
-# else
- union {
- void *p;
- int (*f)(void *buffer, size_t length);
- } p_getentropy;
-
- /*
- * We could cache the result of the lookup, but we normally don't
- * call this function often.
- */
- ERR_set_mark();
- p_getentropy.p = DSO_global_lookup("getentropy");
- ERR_pop_to_mark();
- if (p_getentropy.p != NULL)
- return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
-# endif
-# endif /* !__DragonFly__ */
-
- /* Linux supports this since version 3.17 */
-# if defined(__linux) && defined(__NR_getrandom)
- return syscall(__NR_getrandom, buf, buflen, 0);
-# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
- return sysctl_random(buf, buflen);
-# elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \
- || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000)
- return getrandom(buf, buflen, 0);
-# else
- errno = ENOSYS;
- return -1;
-# endif
+ /* Red Hat uses downstream patch to always seed from getrandom() */
+ return EVP_default_properties_is_fips_enabled(NULL) ? getrandom(buf, buflen, GRND_RANDOM) : getrandom(buf, buflen, 0);
}
# endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
diff -up openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand openssl-3.0.1/providers/implementations/rands/drbg.c
--- openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand 2022-08-03 12:14:39.409370134 +0200
+++ openssl-3.0.1/providers/implementations/rands/drbg.c 2022-08-03 12:19:06.320700346 +0200
@@ -575,6 +575,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drb
#endif
}
+#ifdef FIPS_MODULE
+ prediction_resistance = 1;
+#endif
/* Reseed using our sources in addition */
entropylen = get_entropy(drbg, &entropy, drbg->strength,
drbg->min_entropylen, drbg->max_entropylen,
diff -up openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand openssl-3.0.1/crypto/rand/prov_seed.c
--- openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand 2022-08-04 12:17:52.148556301 +0200
+++ openssl-3.0.1/crypto/rand/prov_seed.c 2022-08-04 12:19:41.783533552 +0200
@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused
size_t entropy_available;
RAND_POOL *pool;
- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
+ /*
+ * OpenSSL still implements an internal entropy pool of
+ * some size that is hashed to get seed data.
+ * Note that this is a conditioning step for which SP800-90C requires
+ * 64 additional bits from the entropy source to claim the requested
+ * amount of entropy.
+ */
+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len);
if (pool == NULL) {
ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
return 0;
diff -up openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand openssl-3.0.1/providers/implementations/rands/crngt.c
--- openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand 2022-08-04 11:56:10.100950299 +0200
+++ openssl-3.0.1/providers/implementations/rands/crngt.c 2022-08-04 11:59:11.241564925 +0200
@@ -139,7 +139,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG
* to the nearest byte. If the entropy is of less than full quality,
* the amount required should be scaled up appropriately here.
*/
- bytes_needed = (entropy + 7) / 8;
+ /*
+ * FIPS 140-3: the yet draft SP800-90C requires requested entropy
+ * + 128 bits during initial seeding
+ */
+ bytes_needed = (entropy + 128 + 7) / 8;
if (bytes_needed < min_len)
bytes_needed = min_len;
if (bytes_needed > max_len)

@ -0,0 +1,76 @@
diff -up openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero openssl-3.0.1/crypto/ffc/ffc_params.c
--- openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero 2022-08-05 13:11:27.211413931 +0200
+++ openssl-3.0.1/crypto/ffc/ffc_params.c 2022-08-05 13:11:34.151475891 +0200
@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *pa
void ossl_ffc_params_cleanup(FFC_PARAMS *params)
{
- BN_free(params->p);
- BN_free(params->q);
- BN_free(params->g);
- BN_free(params->j);
+ BN_clear_free(params->p);
+ BN_clear_free(params->q);
+ BN_clear_free(params->g);
+ BN_clear_free(params->j);
OPENSSL_free(params->seed);
ossl_ffc_params_init(params);
}
diff -up openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero openssl-3.0.1/crypto/rsa/rsa_lib.c
--- openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero 2022-08-05 13:08:31.875848536 +0200
+++ openssl-3.0.1/crypto/rsa/rsa_lib.c 2022-08-05 13:09:35.438416025 +0200
@@ -155,8 +155,8 @@ void RSA_free(RSA *r)
CRYPTO_THREAD_lock_free(r->lock);
- BN_free(r->n);
- BN_free(r->e);
+ BN_clear_free(r->n);
+ BN_clear_free(r->e);
BN_clear_free(r->d);
BN_clear_free(r->p);
BN_clear_free(r->q);
diff -up openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero openssl-3.0.1/providers/implementations/kdfs/hkdf.c
--- openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero 2022-08-05 13:14:58.827303241 +0200
+++ openssl-3.0.1/providers/implementations/kdfs/hkdf.c 2022-08-05 13:16:24.530068399 +0200
@@ -116,7 +116,7 @@ static void kdf_hkdf_reset(void *vctx)
void *provctx = ctx->provctx;
ossl_prov_digest_reset(&ctx->digest);
- OPENSSL_free(ctx->salt);
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
OPENSSL_free(ctx->prefix);
OPENSSL_free(ctx->label);
OPENSSL_clear_free(ctx->data, ctx->data_len);
diff -up openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c
--- openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero 2022-08-05 13:12:40.552068717 +0200
+++ openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c 2022-08-05 13:13:34.324548799 +0200
@@ -83,7 +83,7 @@ static void *kdf_pbkdf2_new(void *provct
static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx)
{
ossl_prov_digest_reset(&ctx->digest);
- OPENSSL_free(ctx->salt);
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
OPENSSL_clear_free(ctx->pass, ctx->pass_len);
memset(ctx, 0, sizeof(*ctx));
}
diff -up openssl-3.0.1/crypto/ec/ec_lib.c.fipszero openssl-3.0.1/crypto/ec/ec_lib.c
--- openssl-3.0.1/crypto/ec/ec_lib.c.fipszero 2022-08-05 13:48:32.221345774 +0200
+++ openssl-3.0.1/crypto/ec/ec_lib.c 2022-08-05 13:49:16.138741452 +0200
@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *g
void EC_POINT_free(EC_POINT *point)
{
+#ifdef FIPS_MODULE
+ EC_POINT_clear_free(point);
+#else
if (point == NULL)
return;
if (point->meth->point_finish != 0)
point->meth->point_finish(point);
OPENSSL_free(point);
+#endif
}
void EC_POINT_clear_free(EC_POINT *point)

@ -0,0 +1,119 @@
From c4b086fc4de06128695e1fe428f56d776d25e748 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Thu, 11 Aug 2022 09:27:12 +0200
Subject: [PATCH] Add FIPS indicator parameter to HKDF
NIST considers HKDF only acceptable when used as in TLS 1.3, and
otherwise unapproved. Add an explicit indicator attached to the
EVP_KDF_CTX that can be queried using EVP_KDF_CTX_get_params() to
determine whether the KDF operation was approved after performing it.
Related: rhbz#2114772
Signed-off-by: Clemens Lang <cllang@redhat.com>
---
include/openssl/core_names.h | 1 +
include/openssl/kdf.h | 4 ++
providers/implementations/kdfs/hkdf.c | 53 +++++++++++++++++++++++++++
3 files changed, 58 insertions(+)
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 21c94d0488..87786680d7 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -223,6 +223,7 @@ extern "C" {
#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
#define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+#define OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR "hkdf-fips-indicator"
/* Known KDF names */
#define OSSL_KDF_NAME_HKDF "HKDF"
diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
index 0983230a48..869f23d8fb 100644
--- a/include/openssl/kdf.h
+++ b/include/openssl/kdf.h
@@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *kdf,
# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1
# define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2
+# define EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED 0
+# define EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED 1
+# define EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED 2
+
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66
#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
index afdb7138e1..9d28d292d8 100644
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -298,6 +298,56 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
return 0;
return OSSL_PARAM_set_size_t(p, sz);
}
+
+#ifdef FIPS_MODULE
+ if ((p = OSSL_PARAM_locate(params,
+ OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR)) != NULL) {
+ int fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED;
+ switch (ctx->mode) {
+ case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
+ /* TLS 1.3 never uses extract-and-expand */
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
+ break;
+ case EVP_KDF_HKDF_MODE_EXTRACT_ONLY:
+ {
+ /* When TLS 1.3 uses extract, the following holds:
+ * 1. The salt length matches the hash length, and either
+ * 2.1. the key is all zeroes and matches the hash length, or
+ * 2.2. the key originates from a PSK (resumption_master_secret
+ * or some externally esablished key), or an ECDH or DH key
+ * derivation. See
+ * https://www.rfc-editor.org/rfc/rfc8446#section-7.1.
+ * Unfortunately at this point, we cannot verify where the key
+ * comes from, so all we can do is check the salt length.
+ */
+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
+ if (md != NULL && ctx->salt_len == EVP_MD_get_size(md))
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED;
+ else
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
+ }
+ break;
+ case EVP_KDF_HKDF_MODE_EXPAND_ONLY:
+ /* When TLS 1.3 uses expand, it always provides a label that
+ * contains an uint16 for the length, followed by between 7 and 255
+ * bytes for a label string that starts with "tls13 " or "dtls13".
+ * For compatibility with future versions, we only check for "tls"
+ * or "dtls". See
+ * https://www.rfc-editor.org/rfc/rfc8446#section-7.1 and
+ * https://www.rfc-editor.org/rfc/rfc9147#section-5.9. */
+ if (ctx->label != NULL
+ && ctx->label_len >= 2 /* length */ + 4 /* "dtls" */
+ && (strncmp("tls", (const char *)ctx->label + 2, 3) == 0 ||
+ strncmp("dtls", (const char *)ctx->label + 2, 4) == 0))
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED;
+ else
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
+ break;
+ }
+ return OSSL_PARAM_set_int(p, fips_indicator);
+ }
+#endif /* defined(FIPS_MODULE) */
+
return -2;
}
@@ -306,6 +356,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
{
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
+#ifdef FIPS_MODULE
+ OSSL_PARAM_int(OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR, NULL),
+#endif /* defined(FIPS_MODULE) */
OSSL_PARAM_END
};
return known_gettable_ctx_params;
--
2.37.1

@ -0,0 +1,399 @@
diff --git a/crypto/punycode.c b/crypto/punycode.c
index 385b4b1df4..b9b4e3d785 100644
--- a/crypto/punycode.c
+++ b/crypto/punycode.c
@@ -123,7 +123,6 @@ int ossl_punycode_decode(const char *pEncoded, const size_t enc_len,
unsigned int bias = initial_bias;
size_t processed_in = 0, written_out = 0;
unsigned int max_out = *pout_length;
-
unsigned int basic_count = 0;
unsigned int loop;
@@ -181,11 +180,11 @@ int ossl_punycode_decode(const char *pEncoded, const size_t enc_len,
n = n + i / (written_out + 1);
i %= (written_out + 1);
- if (written_out > max_out)
+ if (written_out >= max_out)
return 0;
memmove(pDecoded + i + 1, pDecoded + i,
- (written_out - i) * sizeof *pDecoded);
+ (written_out - i) * sizeof(*pDecoded));
pDecoded[i] = n;
i++;
written_out++;
@@ -255,30 +254,35 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen)
*/
char *outptr = out;
const char *inptr = in;
- size_t size = 0;
+ size_t size = 0, maxsize;
int result = 1;
-
+ unsigned int i, j;
unsigned int buf[LABEL_BUF_SIZE]; /* It's a hostname */
- if (out == NULL)
+
+ if (out == NULL) {
result = 0;
+ maxsize = 0;
+ } else {
+ maxsize = *outlen;
+ }
+
+#define PUSHC(c) \
+ do \
+ if (size++ < maxsize) \
+ *outptr++ = c; \
+ else \
+ result = 0; \
+ while (0)
while (1) {
char *tmpptr = strchr(inptr, '.');
- size_t delta = (tmpptr) ? (size_t)(tmpptr - inptr) : strlen(inptr);
+ size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr);
if (strncmp(inptr, "xn--", 4) != 0) {
- size += delta + 1;
-
- if (size >= *outlen - 1)
- result = 0;
-
- if (result > 0) {
- memcpy(outptr, inptr, delta + 1);
- outptr += delta + 1;
- }
+ for (i = 0; i < delta + 1; i++)
+ PUSHC(inptr[i]);
} else {
unsigned int bufsize = LABEL_BUF_SIZE;
- unsigned int i;
if (ossl_punycode_decode(inptr + 4, delta - 4, buf, &bufsize) <= 0)
return -1;
@@ -286,26 +290,15 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen)
for (i = 0; i < bufsize; i++) {
unsigned char seed[6];
size_t utfsize = codepoint2utf8(seed, buf[i]);
+
if (utfsize == 0)
return -1;
- size += utfsize;
- if (size >= *outlen - 1)
- result = 0;
-
- if (result > 0) {
- memcpy(outptr, seed, utfsize);
- outptr += utfsize;
- }
+ for (j = 0; j < utfsize; j++)
+ PUSHC(seed[j]);
}
- if (tmpptr != NULL) {
- *outptr = '.';
- outptr++;
- size++;
- if (size >= *outlen - 1)
- result = 0;
- }
+ PUSHC(tmpptr != NULL ? '.' : '\0');
}
if (tmpptr == NULL)
@@ -313,7 +306,9 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen)
inptr = tmpptr + 1;
}
+#undef PUSHC
+ *outlen = size;
return result;
}
@@ -327,12 +322,11 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen)
int ossl_a2ucompare(const char *a, const char *u)
{
- char a_ulabel[LABEL_BUF_SIZE];
+ char a_ulabel[LABEL_BUF_SIZE + 1];
size_t a_size = sizeof(a_ulabel);
- if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0) {
+ if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0)
return -1;
- }
- return (strcmp(a_ulabel, u) == 0) ? 0 : 1;
+ return strcmp(a_ulabel, u) != 0;
}
diff --git a/test/build.info b/test/build.info
index 9d2d41e417..638f215da6 100644
--- a/test/build.info
+++ b/test/build.info
@@ -40,7 +40,7 @@ IF[{- !$disabled{tests} -}]
exptest pbetest localetest evp_pkey_ctx_new_from_name\
evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
evp_fetch_prov_test evp_libctx_test ossl_store_test \
- v3nametest v3ext \
+ v3nametest v3ext punycode_test \
evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
evp_fetch_prov_test v3nametest v3ext \
crltest danetest bad_dtls_test lhash_test sparse_array_test \
@@ -290,6 +290,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[pkcs7_test]=../include ../apps/include
DEPEND[pkcs7_test]=../libcrypto libtestutil.a
+ SOURCE[punycode_test]=punycode_test.c
+ INCLUDE[punycode_test]=../include ../apps/include
+ DEPEND[punycode_test]=../libcrypto.a libtestutil.a
+
SOURCE[stack_test]=stack_test.c
INCLUDE[stack_test]=../include ../apps/include
DEPEND[stack_test]=../libcrypto libtestutil.a
diff --git a/test/punycode_test.c b/test/punycode_test.c
new file mode 100644
index 0000000000..285ead6966
--- /dev/null
+++ b/test/punycode_test.c
@@ -0,0 +1,219 @@
+/*
+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+
+#include "crypto/punycode.h"
+#include "internal/nelem.h"
+#include "testutil.h"
+
+
+static const struct puny_test {
+ unsigned int raw[50];
+ const char *encoded;
+} puny_cases[] = {
+ /* Test cases from RFC 3492 */
+ { /* Arabic (Egyptian) */
+ { 0x0644, 0x064A, 0x0647, 0x0645, 0x0627, 0x0628, 0x062A, 0x0643, 0x0644,
+ 0x0645, 0x0648, 0x0634, 0x0639, 0x0631, 0x0628, 0x064A, 0x061F
+ },
+ "egbpdaj6bu4bxfgehfvwxn"
+ },
+ { /* Chinese (simplified) */
+ { 0x4ED6, 0x4EEC, 0x4E3A, 0x4EC0, 0x4E48, 0x4E0D, 0x8BF4, 0x4E2D, 0x6587
+ },
+ "ihqwcrb4cv8a8dqg056pqjye"
+ },
+ { /* Chinese (traditional) */
+ { 0x4ED6, 0x5011, 0x7232, 0x4EC0, 0x9EBD, 0x4E0D, 0x8AAA, 0x4E2D, 0x6587
+ },
+ "ihqwctvzc91f659drss3x8bo0yb"
+ },
+ { /* Czech: Pro<ccaron>prost<ecaron>nemluv<iacute><ccaron>esky */
+ { 0x0050, 0x0072, 0x006F, 0x010D, 0x0070, 0x0072, 0x006F, 0x0073, 0x0074,
+ 0x011B, 0x006E, 0x0065, 0x006D, 0x006C, 0x0075, 0x0076, 0x00ED, 0x010D,
+ 0x0065, 0x0073, 0x006B, 0x0079
+ },
+ "Proprostnemluvesky-uyb24dma41a"
+ },
+ { /* Hebrew */
+ { 0x05DC, 0x05DE, 0x05D4, 0x05D4, 0x05DD, 0x05E4, 0x05E9, 0x05D5, 0x05D8,
+ 0x05DC, 0x05D0, 0x05DE, 0x05D3, 0x05D1, 0x05E8, 0x05D9, 0x05DD, 0x05E2,
+ 0x05D1, 0x05E8, 0x05D9, 0x05EA
+ },
+ "4dbcagdahymbxekheh6e0a7fei0b"
+ },
+ { /* Hindi (Devanagari) */
+ { 0x092F, 0x0939, 0x0932, 0x094B, 0x0917, 0x0939, 0x093F, 0x0928, 0x094D,
+ 0x0926, 0x0940, 0x0915, 0x094D, 0x092F, 0x094B, 0x0902, 0x0928, 0x0939,
+ 0x0940, 0x0902, 0x092C, 0x094B, 0x0932, 0x0938, 0x0915, 0x0924, 0x0947,
+ 0x0939, 0x0948, 0x0902
+ },
+ "i1baa7eci9glrd9b2ae1bj0hfcgg6iyaf8o0a1dig0cd"
+ },
+ { /* Japanese (kanji and hiragana) */
+ { 0x306A, 0x305C, 0x307F, 0x3093, 0x306A, 0x65E5, 0x672C, 0x8A9E, 0x3092,
+ 0x8A71, 0x3057, 0x3066, 0x304F, 0x308C, 0x306A, 0x3044, 0x306E, 0x304B
+ },
+ "n8jok5ay5dzabd5bym9f0cm5685rrjetr6pdxa"
+ },
+ { /* Korean (Hangul syllables) */
+ { 0xC138, 0xACC4, 0xC758, 0xBAA8, 0xB4E0, 0xC0AC, 0xB78C, 0xB4E4, 0xC774,
+ 0xD55C, 0xAD6D, 0xC5B4, 0xB97C, 0xC774, 0xD574, 0xD55C, 0xB2E4, 0xBA74,
+ 0xC5BC, 0xB9C8, 0xB098, 0xC88B, 0xC744, 0xAE4C
+ },
+ "989aomsvi5e83db1d2a355cv1e0vak1dwrv93d5xbh15a0dt30a5jpsd879ccm6fea98c"
+ },
+ { /* Russian (Cyrillic) */
+ { 0x043F, 0x043E, 0x0447, 0x0435, 0x043C, 0x0443, 0x0436, 0x0435, 0x043E,
+ 0x043D, 0x0438, 0x043D, 0x0435, 0x0433, 0x043E, 0x0432, 0x043E, 0x0440,
+ 0x044F, 0x0442, 0x043F, 0x043E, 0x0440, 0x0443, 0x0441, 0x0441, 0x043A,
+ 0x0438
+ },
+ "b1abfaaepdrnnbgefbaDotcwatmq2g4l"
+ },
+ { /* Spanish */
+ { 0x0050, 0x006F, 0x0072, 0x0071, 0x0075, 0x00E9, 0x006E, 0x006F, 0x0070,
+ 0x0075, 0x0065, 0x0064, 0x0065, 0x006E, 0x0073, 0x0069, 0x006D, 0x0070,
+ 0x006C, 0x0065, 0x006D, 0x0065, 0x006E, 0x0074, 0x0065, 0x0068, 0x0061,
+ 0x0062, 0x006C, 0x0061, 0x0072, 0x0065, 0x006E, 0x0045, 0x0073, 0x0070,
+ 0x0061, 0x00F1, 0x006F, 0x006C
+ },
+ "PorqunopuedensimplementehablarenEspaol-fmd56a"
+ },
+ { /* Vietnamese */
+ { 0x0054, 0x1EA1, 0x0069, 0x0073, 0x0061, 0x006F, 0x0068, 0x1ECD, 0x006B,
+ 0x0068, 0x00F4, 0x006E, 0x0067, 0x0074, 0x0068, 0x1EC3, 0x0063, 0x0068,
+ 0x1EC9, 0x006E, 0x00F3, 0x0069, 0x0074, 0x0069, 0x1EBF, 0x006E, 0x0067,
+ 0x0056, 0x0069, 0x1EC7, 0x0074
+ },
+ "TisaohkhngthchnitingVit-kjcr8268qyxafd2f1b9g"
+ },
+ { /* Japanese: 3<nen>B<gumi><kinpachi><sensei> */
+ { 0x0033, 0x5E74, 0x0042, 0x7D44, 0x91D1, 0x516B, 0x5148, 0x751F
+ },
+ "3B-ww4c5e180e575a65lsy2b"
+ },
+ { /* Japanese: <amuro><namie>-with-SUPER-MONKEYS */
+ { 0x5B89, 0x5BA4, 0x5948, 0x7F8E, 0x6075, 0x002D, 0x0077, 0x0069, 0x0074,
+ 0x0068, 0x002D, 0x0053, 0x0055, 0x0050, 0x0045, 0x0052, 0x002D, 0x004D,
+ 0x004F, 0x004E, 0x004B, 0x0045, 0x0059, 0x0053
+ },
+ "-with-SUPER-MONKEYS-pc58ag80a8qai00g7n9n"
+ },
+ { /* Japanese: Hello-Another-Way-<sorezore><no><basho> */
+ { 0x0048, 0x0065, 0x006C, 0x006C, 0x006F, 0x002D, 0x0041, 0x006E, 0x006F,
+ 0x0074, 0x0068, 0x0065, 0x0072, 0x002D, 0x0057, 0x0061, 0x0079, 0x002D,
+ 0x305D, 0x308C, 0x305E, 0x308C, 0x306E, 0x5834, 0x6240
+ },
+ "Hello-Another-Way--fc4qua05auwb3674vfr0b"
+ },
+ { /* Japanese: <hitotsu><yane><no><shita>2 */
+ { 0x3072, 0x3068, 0x3064, 0x5C4B, 0x6839, 0x306E, 0x4E0B, 0x0032
+ },
+ "2-u9tlzr9756bt3uc0v"
+ },
+ { /* Japanese: Maji<de>Koi<suru>5<byou><mae> */
+ { 0x004D, 0x0061, 0x006A, 0x0069, 0x3067, 0x004B, 0x006F, 0x0069, 0x3059,
+ 0x308B, 0x0035, 0x79D2, 0x524D
+ },
+ "MajiKoi5-783gue6qz075azm5e"
+ },
+ { /* Japanese: <pafii>de<runba> */
+ { 0x30D1, 0x30D5, 0x30A3, 0x30FC, 0x0064, 0x0065, 0x30EB, 0x30F3, 0x30D0
+ },
+ "de-jg4avhby1noc0d"
+ },
+ { /* Japanese: <sono><supiido><de> */
+ { 0x305D, 0x306E, 0x30B9, 0x30D4, 0x30FC, 0x30C9, 0x3067
+ },
+ "d9juau41awczczp"
+ },
+ { /* -> $1.00 <- */
+ { 0x002D, 0x003E, 0x0020, 0x0024, 0x0031, 0x002E, 0x0030, 0x0030, 0x0020,
+ 0x003C, 0x002D
+ },
+ "-> $1.00 <--"
+ }
+};
+
+static int test_punycode(int n)
+{
+ const struct puny_test *tc = puny_cases + n;
+ unsigned int buffer[50];
+ unsigned int bsize = OSSL_NELEM(buffer);
+ size_t i;
+
+ if (!TEST_true(ossl_punycode_decode(tc->encoded, strlen(tc->encoded),
+ buffer, &bsize)))
+ return 0;
+ for (i = 0; i < sizeof(tc->raw); i++)
+ if (tc->raw[i] == 0)
+ break;
+ if (!TEST_mem_eq(buffer, bsize * sizeof(*buffer),
+ tc->raw, i * sizeof(*tc->raw)))
+ return 0;
+ return 1;
+}
+
+static int test_a2ulabel(void)
+{
+ char out[50];
+ size_t outlen;
+
+ /*
+ * Test that no buffer correctly returns the true length.
+ * The punycode being passed in and parsed is malformed but we're not
+ * verifying that behaviour here.
+ */
+ if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", NULL, &outlen), 0)
+ || !TEST_size_t_eq(outlen, 7)
+ || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1))
+ return 0;
+ /* Test that a short input length returns the true length */
+ outlen = 1;
+ if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 0)
+ || !TEST_size_t_eq(outlen, 7)
+ || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1)
+ || !TEST_str_eq(out,"\xc2\x80.b.c"))
+ return 0;
+ /* Test for an off by one on the buffer size works */
+ outlen = 6;
+ if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 0)
+ || !TEST_size_t_eq(outlen, 7)
+ || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1)
+ || !TEST_str_eq(out,"\xc2\x80.b.c"))
+ return 0;
+ return 1;
+}
+
+static int test_puny_overrun(void)
+{
+ static const unsigned int out[] = {
+ 0x0033, 0x5E74, 0x0042, 0x7D44, 0x91D1, 0x516B, 0x5148, 0x751F
+ };
+ static const char *in = "3B-ww4c5e180e575a65lsy2b";
+ unsigned int buf[OSSL_NELEM(out)];
+ unsigned int bsize = OSSL_NELEM(buf) - 1;
+
+ if (!TEST_false(ossl_punycode_decode(in, strlen(in), buf, &bsize))) {
+ if (TEST_mem_eq(buf, bsize * sizeof(*buf), out, sizeof(out)))
+ TEST_error("CRITICAL: buffer overrun detected!");
+ return 0;
+ }
+ return 1;
+}
+
+int setup_tests(void)
+{
+ ADD_ALL_TESTS(test_punycode, OSSL_NELEM(puny_cases));
+ ADD_TEST(test_a2ulabel);
+ ADD_TEST(test_puny_overrun);
+ return 1;
+}
diff --git a/test/recipes/04-test_punycode.t b/test/recipes/04-test_punycode.t
new file mode 100644
index 0000000000..de213c7e15
--- /dev/null
+++ b/test/recipes/04-test_punycode.t
@@ -0,0 +1,11 @@
+#! /usr/bin/env perl
+# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_punycode", "punycode_test");

@ -0,0 +1,82 @@
UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
DAYS=365
KEYLEN=2048
TYPE=rsa:$(KEYLEN)
EXTRA_FLAGS=
ifdef SERIAL
EXTRA_FLAGS+=-set_serial $(SERIAL)
endif
.PHONY: usage
.SUFFIXES: .key .csr .crt .pem
.PRECIOUS: %.key %.csr %.crt %.pem
usage:
@echo "This makefile allows you to create:"
@echo " o public/private key pairs"
@echo " o SSL certificate signing requests (CSRs)"
@echo " o self-signed SSL test certificates"
@echo
@echo "To create a key pair, run \"make SOMETHING.key\"."
@echo "To create a CSR, run \"make SOMETHING.csr\"."
@echo "To create a test certificate, run \"make SOMETHING.crt\"."
@echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"."
@echo
@echo "To create a key for use with Apache, run \"make genkey\"."
@echo "To create a CSR for use with Apache, run \"make certreq\"."
@echo "To create a test certificate for use with Apache, run \"make testcert\"."
@echo
@echo "To create a test certificate with serial number other than random, add SERIAL=num"
@echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n"
@echo "Any additional options can be passed to openssl req via EXTRA_FLAGS"
@echo
@echo Examples:
@echo " make server.key"
@echo " make server.csr"
@echo " make server.crt"
@echo " make stunnel.pem"
@echo " make genkey"
@echo " make certreq"
@echo " make testcert"
@echo " make server.crt SERIAL=1"
@echo " make stunnel.pem EXTRA_FLAGS=-sha384"
@echo " make testcert DAYS=600"
%.pem:
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \
cat $$PEM1 > $@ ; \
echo "" >> $@ ; \
cat $$PEM2 >> $@ ; \
$(RM) $$PEM1 $$PEM2
%.key:
umask 77 ; \
/usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@
%.csr: %.key
umask 77 ; \
/usr/bin/openssl req $(UTF8) -new -key $^ -out $@
%.crt: %.key
umask 77 ; \
/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS)
TLSROOT=/etc/pki/tls
KEY=$(TLSROOT)/private/localhost.key
CSR=$(TLSROOT)/certs/localhost.csr
CRT=$(TLSROOT)/certs/localhost.crt
genkey: $(KEY)
certreq: $(CSR)
testcert: $(CRT)
$(CSR): $(KEY)
umask 77 ; \
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)
$(CRT): $(KEY)
umask 77 ; \
/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS)

@ -0,0 +1,7 @@
/* Prepended at openssl package build-time. Don't include this file directly,
* use <openssl/opensslconf.h> instead. */
#ifndef openssl_conf_multilib_redirection_h
#error "Don't include this file directly, use <openssl/opensslconf.h> instead!"
#endif

@ -0,0 +1,47 @@
/* This file is here to prevent a file conflict on multiarch systems. A
* conflict will frequently occur because arch-specific build-time
* configuration options are stored (and used, so they can't just be stripped
* out) in configuration.h. The original configuration.h has been renamed.
* DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
#ifdef openssl_conf_multilib_redirection_h
#error "Do not define openssl_conf_multilib_redirection_h!"
#endif
#define openssl_conf_multilib_redirection_h
#if defined(__i386__)
#include "configuration-i386.h"
#elif defined(__ia64__)
#include "configuration-ia64.h"
#elif defined(__mips64) && defined(__MIPSEL__)
#include "configuration-mips64el.h"
#elif defined(__mips64)
#include "configuration-mips64.h"
#elif defined(__mips) && defined(__MIPSEL__)
#include "configuration-mipsel.h"
#elif defined(__mips)
#include "configuration-mips.h"
#elif defined(__powerpc64__)
#include <endian.h>
#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
#include "configuration-ppc64.h"
#else
#include "configuration-ppc64le.h"
#endif
#elif defined(__powerpc__)
#include "configuration-ppc.h"
#elif defined(__s390x__)
#include "configuration-s390x.h"
#elif defined(__s390__)
#include "configuration-s390.h"
#elif defined(__sparc__) && defined(__arch64__)
#include "configuration-sparc64.h"
#elif defined(__sparc__)
#include "configuration-sparc.h"
#elif defined(__x86_64__)
#include "configuration-x86_64.h"
#else
#error "The openssl-devel package does not work your architecture?"
#endif
#undef openssl_conf_multilib_redirection_h

@ -0,0 +1,628 @@
/*
* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* ECDSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <string.h>
#include "ec_local.h"
#include <openssl/err.h>
#include <openssl/obj_mac.h>
#include <openssl/objects.h>
#include <openssl/opensslconf.h>
#include "internal/nelem.h"
typedef struct {
int field_type, /* either NID_X9_62_prime_field or
* NID_X9_62_characteristic_two_field */
seed_len, param_len;
unsigned int cofactor; /* promoted to BN_ULONG */
} EC_CURVE_DATA;
/* the nist prime curves */
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 28 * 6];
} _EC_NIST_PRIME_224 = {
{
NID_X9_62_prime_field, 20, 28, 1
},
{
/* seed */
0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F,
0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5,
/* p */
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x01,
/* a */
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFE,
/* b */
0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
0x23, 0x55, 0xFF, 0xB4,
/* x */
0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
0x11, 0x5C, 0x1D, 0x21,
/* y */
0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
0x85, 0x00, 0x7e, 0x34,
/* order */
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
0x5C, 0x5C, 0x2A, 0x3D
}
};
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 48 * 6];
} _EC_NIST_PRIME_384 = {
{
NID_X9_62_prime_field, 20, 48, 1
},
{
/* seed */
0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A,
0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73,
/* p */
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
/* a */
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC,
/* b */
0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B,
0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12,
0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D,
0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF,
/* x */
0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E,
0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98,
0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D,
0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7,
/* y */
0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf,
0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce,
0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
/* order */
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2,
0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73
}
};
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 66 * 6];
} _EC_NIST_PRIME_521 = {
{
NID_X9_62_prime_field, 20, 66, 1
},
{
/* seed */
0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17,
0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA,
/* p */
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
/* a */
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
/* b */
0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A,
0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3,
0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19,
0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1,
0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45,
0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00,
/* x */
0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E,
0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F,
0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B,
0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF,
0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E,
0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66,
/* y */
0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a,
0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee,
0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
/* order */
0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86,
0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F,
0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09
}
};
static const struct {
EC_CURVE_DATA h;
unsigned char data[20 + 32 * 6];
} _EC_X9_62_PRIME_256V1 = {
{
NID_X9_62_prime_field, 20, 32, 1
},
{
/* seed */
0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1,
0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90,
/* p */
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
/* a */
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
/* b */
0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55,
0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6,
0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B,
/* x */
0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5,
0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0,
0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96,
/* y */
0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a,
0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
/* order */
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
}
};
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 32 * 6];
} _EC_SECG_PRIME_256K1 = {
{
NID_X9_62_prime_field, 0, 32, 1
},
{
/* no seed */
/* p */
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
/* a */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* b */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
/* x */
0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95,
0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9,
0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98,
/* y */
0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc,
0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19,
0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8,
/* order */
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
}
};
typedef struct _ec_list_element_st {
int nid;
const EC_CURVE_DATA *data;
const EC_METHOD *(*meth) (void);
const char *comment;
} ec_list_element;
#ifdef FIPS_MODULE
static const ec_list_element curve_list[] = {
/* prime field curves */
/* secg curves */
{NID_secp224r1, &_EC_NIST_PRIME_224.h,
# if !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp224_method,
# else
0,
# endif
"NIST/SECG curve over a 224 bit prime field"},
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
{NID_secp384r1, &_EC_NIST_PRIME_384.h,
# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp384_method,
# else
0,
# endif
"NIST/SECG curve over a 384 bit prime field"},
{NID_secp521r1, &_EC_NIST_PRIME_521.h,
# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp521_method,
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp521_method,
# else
0,
# endif
"NIST/SECG curve over a 521 bit prime field"},
/* X9.62 curves */
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
# if defined(ECP_NISTZ256_ASM)
EC_GFp_nistz256_method,
# elif defined(S390X_EC_ASM)
EC_GFp_s390x_nistp256_method,
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp256_method,
# else
0,
# endif
"X9.62/SECG curve over a 256 bit prime field"},
};
#else
static const ec_list_element curve_list[] = {
/* prime field curves */
/* secg curves */
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
{NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
"NIST/SECG curve over a 224 bit prime field"},
# else
{NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
"NIST/SECG curve over a 224 bit prime field"},
# endif
{NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
"SECG curve over a 256 bit prime field"},
/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
{NID_secp384r1, &_EC_NIST_PRIME_384.h,
# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp384_method,
# else
0,
# endif
"NIST/SECG curve over a 384 bit prime field"},
{NID_secp521r1, &_EC_NIST_PRIME_521.h,
# if defined(S390X_EC_ASM)
EC_GFp_s390x_nistp521_method,
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp521_method,
# else
0,
# endif
"NIST/SECG curve over a 521 bit prime field"},
/* X9.62 curves */
{NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
# if defined(ECP_NISTZ256_ASM)
EC_GFp_nistz256_method,
# elif defined(S390X_EC_ASM)
EC_GFp_s390x_nistp256_method,
# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
EC_GFp_nistp256_method,
# else
0,
# endif
"X9.62/SECG curve over a 256 bit prime field"},
};
#endif /* FIPS_MODULE */
#define curve_list_length OSSL_NELEM(curve_list)
static const ec_list_element *ec_curve_nid2curve(int nid)
{
size_t i;
if (nid <= 0)
return NULL;
for (i = 0; i < curve_list_length; i++) {
if (curve_list[i].nid == nid)
return &curve_list[i];
}
return NULL;
}
static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx,
const char *propq,
const ec_list_element curve)
{
EC_GROUP *group = NULL;
EC_POINT *P = NULL;
BN_CTX *ctx = NULL;
BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order =
NULL;
int ok = 0;
int seed_len, param_len;
const EC_METHOD *meth;
const EC_CURVE_DATA *data;
const unsigned char *params;
/* If no curve data curve method must handle everything */
if (curve.data == NULL)
return ossl_ec_group_new_ex(libctx, propq,
curve.meth != NULL ? curve.meth() : NULL);
if ((ctx = BN_CTX_new_ex(libctx)) == NULL) {
ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
goto err;
}
data = curve.data;
seed_len = data->seed_len;
param_len = data->param_len;
params = (const unsigned char *)(data + 1); /* skip header */
params += seed_len; /* skip seed */
if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL
|| (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL
|| (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) {
ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
goto err;
}
if (curve.meth != 0) {
meth = curve.meth();
if (((group = ossl_ec_group_new_ex(libctx, propq, meth)) == NULL) ||
(!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
} else if (data->field_type == NID_X9_62_prime_field) {
if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
}
#ifndef OPENSSL_NO_EC2M
else { /* field_type ==
* NID_X9_62_characteristic_two_field */
if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
}
#endif
EC_GROUP_set_curve_name(group, curve.nid);
if ((P = EC_POINT_new(group)) == NULL) {
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL
|| (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) {
ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
goto err;
}
if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL
|| !BN_set_word(x, (BN_ULONG)data->cofactor)) {
ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
goto err;
}
if (!EC_GROUP_set_generator(group, P, order, x)) {
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
if (seed_len) {
if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
goto err;
}
}
ok = 1;
err:
if (!ok) {
EC_GROUP_free(group);
group = NULL;
}
EC_POINT_free(P);
BN_CTX_free(ctx);
BN_free(p);
BN_free(a);
BN_free(b);
BN_free(order);
BN_free(x);
BN_free(y);
return group;
}
EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq,
int nid)
{
EC_GROUP *ret = NULL;
const ec_list_element *curve;
if ((curve = ec_curve_nid2curve(nid)) == NULL
|| (ret = ec_group_new_from_data(libctx, propq, *curve)) == NULL) {
#ifndef FIPS_MODULE
ERR_raise_data(ERR_LIB_EC, EC_R_UNKNOWN_GROUP,
"name=%s", OBJ_nid2sn(nid));
#else
ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
#endif
return NULL;
}
return ret;
}
#ifndef FIPS_MODULE
EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
{
return EC_GROUP_new_by_curve_name_ex(NULL, NULL, nid);
}
#endif
size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
{
size_t i, min;
if (r == NULL || nitems == 0)
return curve_list_length;
min = nitems < curve_list_length ? nitems : curve_list_length;
for (i = 0; i < min; i++) {
r[i].nid = curve_list[i].nid;
r[i].comment = curve_list[i].comment;
}
return curve_list_length;
}
const char *EC_curve_nid2nist(int nid)
{
return ossl_ec_curve_nid2nist_int(nid);
}
int EC_curve_nist2nid(const char *name)
{
return ossl_ec_curve_nist2nid_int(name);
}
#define NUM_BN_FIELDS 6
/*
* Validates EC domain parameter data for known named curves.
* This can be used when a curve is loaded explicitly (without a curve
* name) or to validate that domain parameters have not been modified.
*
* Returns: The nid associated with the found named curve, or NID_undef
* if not found. If there was an error it returns -1.
*/
int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
{
int ret = -1, nid, len, field_type, param_len;
size_t i, seed_len;
const unsigned char *seed, *params_seed, *params;
unsigned char *param_bytes = NULL;
const EC_CURVE_DATA *data;
const EC_POINT *generator = NULL;
const BIGNUM *cofactor = NULL;
/* An array of BIGNUMs for (p, a, b, x, y, order) */
BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL};
/* Use the optional named curve nid as a search field */
nid = EC_GROUP_get_curve_name(group);
field_type = EC_GROUP_get_field_type(group);
seed_len = EC_GROUP_get_seed_len(group);
seed = EC_GROUP_get0_seed(group);
cofactor = EC_GROUP_get0_cofactor(group);
BN_CTX_start(ctx);
/*
* The built-in curves contains data fields (p, a, b, x, y, order) that are
* all zero-padded to be the same size. The size of the padding is
* determined by either the number of bytes in the field modulus (p) or the
* EC group order, whichever is larger.
*/
param_len = BN_num_bytes(group->order);
len = BN_num_bytes(group->field);
if (len > param_len)
param_len = len;
/* Allocate space to store the padded data for (p, a, b, x, y, order) */
param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS);
if (param_bytes == NULL)
goto end;
/* Create the bignums */
for (i = 0; i < NUM_BN_FIELDS; ++i) {
if ((bn[i] = BN_CTX_get(ctx)) == NULL)
goto end;
}
/*
* Fill in the bn array with the same values as the internal curves
* i.e. the values are p, a, b, x, y, order.
*/
/* Get p, a & b */
if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx)
&& ((generator = EC_GROUP_get0_generator(group)) != NULL)
/* Get x & y */
&& EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx)
/* Get order */
&& EC_GROUP_get_order(group, bn[5], ctx)))
goto end;
/*
* Convert the bignum array to bytes that are joined together to form
* a single buffer that contains data for all fields.
* (p, a, b, x, y, order) are all zero padded to be the same size.
*/
for (i = 0; i < NUM_BN_FIELDS; ++i) {
if (BN_bn2binpad(bn[i], &param_bytes[i*param_len], param_len) <= 0)
goto end;
}
for (i = 0; i < curve_list_length; i++) {
const ec_list_element curve = curve_list[i];
data = curve.data;
/* Get the raw order byte data */
params_seed = (const unsigned char *)(data + 1); /* skip header */
params = params_seed + data->seed_len;
/* Look for unique fields in the fixed curve data */
if (data->field_type == field_type
&& param_len == data->param_len
&& (nid <= 0 || nid == curve.nid)
/* check the optional cofactor (ignore if its zero) */
&& (BN_is_zero(cofactor)
|| BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor))
/* Check the optional seed (ignore if its not set) */
&& (data->seed_len == 0 || seed_len == 0
|| ((size_t)data->seed_len == seed_len
&& memcmp(params_seed, seed, seed_len) == 0))
/* Check that the groups params match the built-in curve params */
&& memcmp(param_bytes, params, param_len * NUM_BN_FIELDS)
== 0) {
ret = curve.nid;
goto end;
}
}
/* Gets here if the group was not found */
ret = NID_undef;
end:
OPENSSL_free(param_bytes);
BN_CTX_end(ctx);
return ret;
}

File diff suppressed because it is too large Load Diff

@ -0,0 +1,26 @@
#!/bin/bash
if [ $# -ne 2 ] ; then
echo "Usage:"
echo " $0 <git-dir> <base-tag>"
exit 1
fi
git_dir="$1"
base_tag="$2"
target_dir="$(pwd)"
pushd "$git_dir" >/dev/null
git format-patch -k -o "$target_dir" "$base_tag" >/dev/null
popd >/dev/null
echo "# Patches exported from source git"
i=1
for p in *.patch ; do
printf "# "
sed '/^Subject:/{s/^Subject: //;p};d' "$p"
printf "Patch%s: %s\n" $i "$p"
i=$(($i + 1))
done

@ -0,0 +1,40 @@
#!/bin/sh
# Quit out if anything fails.
set -e
# Clean out patent-or-otherwise-encumbered code.
# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore
# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore
# EC: ????????? ??/??/2020
# SRP: ????????? ??/??/2017 - expired, we do not remove it anymore
# Remove assembler portions of IDEA, MDC2, and RC5.
# (find crypto/rc5/asm -type f | xargs -r rm -fv)
for c in `find crypto/bn -name "*gf2m.c"`; do
echo Destroying $c
> $c
done
for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c"`; do
echo Destroying $c
> $c
done
for c in `find test -name "ectest.c"`; do
echo Destroying $c
> $c
done
for h in `find crypto ssl apps test -name "*.h"` ; do
echo Removing EC2M references from $h
cat $h | \
awk 'BEGIN {ech=1;} \
/^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
/^#[ \t]*if/ {if(ech < 1) ech--;} \
{if(ech>0) {;print $0};} \
/^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
mv $h.hobbled $h
done

@ -0,0 +1,28 @@
#!/bin/sh
umask 077
answers() {
echo --
echo SomeState
echo SomeCity
echo SomeOrganization
echo SomeOrganizationalUnit
echo localhost.localdomain
echo root@localhost.localdomain
}
if [ $# -eq 0 ] ; then
echo $"Usage: `basename $0` filename [...]"
exit 0
fi
for target in $@ ; do
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX`
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX`
trap "rm -f $PEM1 $PEM2" SIGINT
answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null
cat $PEM1 > ${target}
echo "" >> ${target}
cat $PEM2 >> ${target}
rm -f $PEM1 $PEM2
done

@ -0,0 +1,39 @@
#!/bin/bash
if [ $# -eq 0 ]; then
echo $"Usage: `basename $0` filename" 1>&2
exit 1
fi
PEM=$1
REQ=`/bin/mktemp /tmp/openssl.XXXXXX`
KEY=`/bin/mktemp /tmp/openssl.XXXXXX`
CRT=`/bin/mktemp /tmp/openssl.XXXXXX`
NEW=${PEM}_
trap "rm -f $REQ $KEY $CRT $NEW" SIGINT
if [ ! -f $PEM ]; then
echo "$PEM: file not found" 1>&2
exit 1
fi
umask 077
OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'`
openssl rsa -inform pem -in $PEM -out $KEY
openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ
openssl x509 -req -in $REQ -signkey $KEY -days 365 \
-extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT
(cat $KEY ; echo "" ; cat $CRT) > $NEW
chown $OWNER $NEW
mv -f $NEW $PEM
rm -f $REQ $KEY $CRT
exit 0

@ -0,0 +1,852 @@
# For the curious:
# 0.9.8jk + EAP-FAST soversion = 8
# 1.0.0 soversion = 10
# 1.1.0 soversion = 1.1 (same as upstream although presence of some symbols
# depends on build configuration options)
# 3.0.0 soversion = 3 (same as upstream)
%define soversion 3
# Arches on which we need to prevent arch conflicts on opensslconf.h, must
# also be handled in opensslconf-new.h.
%define multilib_arches %{ix86} ia64 %{mips} ppc ppc64 s390 s390x sparcv9 sparc64 x86_64
%define srpmhash() %{lua:
local files = rpm.expand("%_specdir/openssl.spec")
for i, p in ipairs(patches) do
files = files.." "..p
end
for i, p in ipairs(sources) do
files = files.." "..p
end
local sha256sum = assert(io.popen("cat "..files.." 2>/dev/null | sha256sum"))
local hash = sha256sum:read("*a")
sha256sum:close()
print(string.sub(hash, 0, 16))
}
%global _performance_build 1
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 3.0.1
Release: 43%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
# The original openssl upstream tarball cannot be shipped in the .src.rpm.
Source: openssl-%{version}-hobbled.tar.xz
Source1: hobble-openssl
Source2: Makefile.certificate
Source3: genpatches
Source6: make-dummy-cert
Source7: renew-dummy-cert
Source9: configuration-switch.h
Source10: configuration-prefix.h
Source12: ec_curve.c
Source13: ectest.c
Source14: 0025-for-tests.patch
# Patches exported from source git
# Aarch64 and ppc64le use lib64
Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch
# Use more general default values in openssl.cnf
Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch
# Do not install html docs
Patch3: 0003-Do-not-install-html-docs.patch
# Override default paths for the CA directory tree
Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch
# apps/ca: fix md option help text
Patch5: 0005-apps-ca-fix-md-option-help-text.patch
# Disable signature verification with totally unsafe hash algorithms
Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch
# Add support for PROFILE=SYSTEM system default cipherlist
Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
# Add FIPS_mode() compatibility macro
Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
# Add check to see if fips flag is enabled in kernel
Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
# remove unsupported EC curves
Patch11: 0011-Remove-EC-curves.patch
# Disable explicit EC curves
# https://bugzilla.redhat.com/show_bug.cgi?id=2066412
Patch12: 0012-Disable-explicit-ec.patch
# https://github.com/openssl/openssl/pull/17981
Patch13: 0013-FIPS-provider-explicit-ec.patch
# https://github.com/openssl/openssl/pull/17998
Patch14: 0014-FIPS-disable-explicit-ec.patch
# https://github.com/openssl/openssl/pull/18609
Patch15: 0015-FIPS-decoded-from-explicit.patch
# Instructions to load legacy provider in openssl.cnf
Patch24: 0024-load-legacy-prov.patch
# Tmp: test name change
Patch31: 0031-tmp-Fix-test-names.patch
# We load FIPS provider and set FIPS properties implicitly
Patch32: 0032-Force-fips.patch
# Embed HMAC into the fips.so
Patch33: 0033-FIPS-embed-hmac.patch
# Comment out fipsinstall command-line utility
Patch34: 0034.fipsinstall_disable.patch
# Skip unavailable algorithms running `openssl speed`
Patch35: 0035-speed-skip-unavailable-dgst.patch
# Extra public/private key checks required by FIPS-140-3
Patch44: 0044-FIPS-140-3-keychecks.patch
# Minimize fips services
Patch45: 0045-FIPS-services-minimize.patch
# Backport of s390x hardening, https://github.com/openssl/openssl/pull/17486
Patch46: 0046-FIPS-s390x-hardening.patch
# Execute KATS before HMAC verification
Patch47: 0047-FIPS-early-KATS.patch
# Backport of correctly handle 2^14 byte long records #17538
Patch48: 0048-correctly-handle-records.patch
# Selectively disallow SHA1 signatures
Patch49: 0049-Selectively-disallow-SHA1-signatures.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2049265
Patch50: 0050-FIPS-enable-pkcs12-mac.patch
# Backport of patch for RHEL for Edge rhbz #2027261
Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
# CVE 2022-0778
Patch53: 0053-CVE-2022-0778.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2004915, backport of 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62
Patch54: 0054-Replace-size-check-with-more-meaningful-pubkey-check.patch
# https://github.com/openssl/openssl/pull/17324
Patch55: 0055-nonlegacy-fetch-null-deref.patch
# https://github.com/openssl/openssl/pull/18103
Patch56: 0056-strcasecmp.patch
# https://github.com/openssl/openssl/pull/18175
Patch57: 0057-strcasecmp-fix.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2053289
Patch58: 0058-FIPS-limit-rsa-encrypt.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2069235
Patch60: 0060-FIPS-KAT-signature-tests.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2087147
Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
# https://github.com/openssl/openssl/pull/18141
Patch63: 0063-CVE-2022-1473.patch
# upstream commits 55c80c222293a972587004c185dc5653ae207a0e 2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
Patch64: 0064-CVE-2022-1343.diff
# upstream commit 1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
Patch65: 0065-CVE-2022-1292.patch
# https://github.com/openssl/openssl/pull/18444
# https://github.com/openssl/openssl/pull/18467
Patch66: 0066-replace-expired-certs.patch
# https://github.com/openssl/openssl/pull/18512
Patch67: 0067-fix-ppc64-montgomery.patch
#https://github.com/openssl/openssl/commit/2c9c35870601b4a44d86ddbf512b38df38285cfa
#https://github.com/openssl/openssl/commit/8a3579a7b7067a983e69a4eda839ac408c120739
Patch68: 0068-CVE-2022-2068.patch
# https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93
# https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8
Patch69: 0069-CVE-2022-2097.patch
# https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483
Patch70: 0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch
# https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c
# https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd
Patch71: 0071-AES-GCM-performance-optimization.patch
# https://github.com/openssl/openssl/commit/f596bbe4da779b56eea34d96168b557d78e1149
# https://github.com/openssl/openssl/commit/7e1f3ffcc5bc15fb9a12b9e3bb202f544c6ed5aa
# hunks in crypto/ppccap.c from https://github.com/openssl/openssl/commit/f5485b97b6c9977c0d39c7669b9f97a879312447
Patch72: 0072-ChaCha20-performance-optimizations-for-ppc64le.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch
# Downstream only. Reseed DRBG using getrandom(GRND_RANDOM)
# https://bugzilla.redhat.com/show_bug.cgi?id=2102541
Patch76: 0076-FIPS-140-3-DRBG.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2102542
Patch77: 0077-FIPS-140-3-zeroization.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2114772
Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
#https://bugzilla.redhat.com/show_bug.cgi?id=2137723
Patch79: 0079-CVE-2022-3602.patch
License: ASL 2.0
URL: http://www.openssl.org/
BuildRequires: gcc g++
BuildRequires: coreutils, perl-interpreter, sed, zlib-devel, /usr/bin/cmp
BuildRequires: lksctp-tools-devel
BuildRequires: /usr/bin/rename
BuildRequires: /usr/bin/pod2man
BuildRequires: /usr/sbin/sysctl
BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt)
BuildRequires: perl(Module::Load::Conditional), perl(File::Temp)
BuildRequires: perl(Time::HiRes), perl(IPC::Cmd), perl(Pod::Html), perl(Digest::SHA)
BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy), perl(bigint)
BuildRequires: git-core
Requires: coreutils
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.
%package libs
Summary: A general purpose cryptography library with TLS implementation
Requires: ca-certificates >= 2008-5
Requires: crypto-policies >= 20180730
Recommends: openssl-pkcs11%{?_isa}
%description libs
OpenSSL is a toolkit for supporting cryptography. The openssl-libs
package contains the libraries that are used by various applications which
support cryptographic algorithms and protocols.
%package devel
Summary: Files for development of applications which will use OpenSSL
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: pkgconfig
%description devel
OpenSSL is a toolkit for supporting cryptography. The openssl-devel
package contains include files needed to develop applications which
support various cryptographic algorithms and protocols.
%package perl
Summary: Perl scripts provided with OpenSSL
Requires: perl-interpreter
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
%description perl
OpenSSL is a toolkit for supporting cryptography. The openssl-perl
package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit.
%prep
%autosetup -S git -n %{name}-%{version}
# The hobble_openssl is called here redundantly, just to be sure.
# The tarball has already the sources removed.
%{SOURCE1} > /dev/null
cp %{SOURCE12} crypto/ec/
cp %{SOURCE13} test/
%build
# Figure out which flags we want to use.
# default
sslarch=%{_os}-%{_target_cpu}
%ifarch %ix86
sslarch=linux-elf
if ! echo %{_target} | grep -q i686 ; then
sslflags="no-asm 386"
fi
%endif
%ifarch x86_64
sslflags=enable-ec_nistp_64_gcc_128
%endif
%ifarch sparcv9
sslarch=linux-sparcv9
sslflags=no-asm
%endif
%ifarch sparc64
sslarch=linux64-sparcv9
sslflags=no-asm
%endif
%ifarch alpha alphaev56 alphaev6 alphaev67
sslarch=linux-alpha-gcc
%endif
%ifarch s390 sh3eb sh4eb
sslarch="linux-generic32 -DB_ENDIAN"
%endif
%ifarch s390x
sslarch="linux64-s390x"
%endif
%ifarch %{arm}
sslarch=linux-armv4
%endif
%ifarch aarch64
sslarch=linux-aarch64
sslflags=enable-ec_nistp_64_gcc_128
%endif
%ifarch sh3 sh4
sslarch=linux-generic32
%endif
%ifarch ppc64 ppc64p7
sslarch=linux-ppc64
%endif
%ifarch ppc64le
sslarch="linux-ppc64le"
sslflags=enable-ec_nistp_64_gcc_128
%endif
%ifarch mips mipsel
sslarch="linux-mips32 -mips32r2"
%endif
%ifarch mips64 mips64el
sslarch="linux64-mips64 -mips64r2"
%endif
%ifarch mips64el
sslflags=enable-ec_nistp_64_gcc_128
%endif
%ifarch riscv64
sslarch=linux-generic64
%endif
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
# Also add -DPURIFY to make using valgrind with openssl easier as we do not
# want to depend on the uninitialized memory as a source of entropy anyway.
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS"
export HASHBANGPERL=/usr/bin/perl
%define fips %{version}-%{srpmhash}
# ia64, x86_64, ppc are OK by default
# Configure the build tree. Override OpenSSL defaults with known-good defaults
# usable on all platforms. The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\
no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\
shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'
# Do not run this in a production package the FIPS symbols must be patched-in
#util/mkdef.pl crypto update
make %{?_smp_mflags} all
# Clean up the .pc files
for i in libcrypto.pc libssl.pc openssl.pc ; do
sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i
done
%check
# Verify that what was compiled actually works.
# Hack - either enable SCTP AUTH chunks in kernel or disable sctp for check
(sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \
(echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' &&
sed '/"msan" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \
touch -r configdata.pm configdata.pm.new && \
mv -f configdata.pm.new configdata.pm)
# We must revert patch4 before tests otherwise they will fail
patch -p1 -R < %{PATCH4}
#We must disable default provider before tests otherwise they will fail
patch -p1 < %{SOURCE14}
OPENSSL_ENABLE_MD5_VERIFY=
export OPENSSL_ENABLE_MD5_VERIFY
OPENSSL_ENABLE_SHA1_SIGNATURES=
export OPENSSL_ENABLE_SHA1_SIGNATURES
OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
#embed HMAC into fips provider for test run
LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac
objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac
mv providers/fips.so.mac providers/fips.so
#run tests itself
make test HARNESS_JOBS=8
# Add generation of HMAC checksum of the final stripped library
# We manually copy standard definition of __spec_install_post
# and add hmac calculation/embedding to fips.so
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so > $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
objcopy --update-section .rodata1=$RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac \
mv $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so \
rm $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
%{nil}
%define __provides_exclude_from %{_libdir}/openssl
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
# Install OpenSSL.
install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl,%{_pkgdocdir}}
%make_install
rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
chmod 755 ${lib}
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
done
# Remove static libraries
for lib in $RPM_BUILD_ROOT%{_libdir}/*.a ; do
rm -f ${lib}
done
# Install a makefile for generating keys and self-signed certs, and a script
# for generating them on the fly.
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate
install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_bindir}/make-dummy-cert
install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/renew-dummy-cert
# Move runable perl scripts to bindir
mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/*.pl $RPM_BUILD_ROOT%{_bindir}
mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir}
# Rename man pages so that they don't conflict with other system man pages.
pushd $RPM_BUILD_ROOT%{_mandir}
mv man5/config.5ossl man5/openssl.cnf.5
popd
mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA
mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private
mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/certs
mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/crl
mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts
# Ensure the config file timestamps are identical across builds to avoid
# mulitlib conflicts and unnecessary renames on upgrade
touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf
touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
#we don't use native fipsmodule.cnf because FIPS module is loaded automatically
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/fipsmodule.cnf
# Determine which arch opensslconf.h is going to try to #include.
basearch=%{_arch}
%ifarch %{ix86}
basearch=i386
%endif
%ifarch sparcv9
basearch=sparc
%endif
%ifarch sparc64
basearch=sparc64
%endif
# Next step of gradual disablement of SSL3.
# Make SSL3 disappear to newly built dependencies.
sed -i '/^\#ifndef OPENSSL_NO_SSL_TRACE/i\
#ifndef OPENSSL_NO_SSL3\
# define OPENSSL_NO_SSL3\
#endif' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h
%ifarch %{multilib_arches}
# Do an configuration.h switcheroo to avoid file conflicts on systems where you
# can have both a 32- and 64-bit version of the library, and they each need
# their own correct-but-different versions of opensslconf.h to be usable.
install -m644 %{SOURCE10} \
$RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration-${basearch}.h
cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h >> \
$RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration-${basearch}.h
install -m644 %{SOURCE9} \
$RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h
%endif
%files
%{!?_licensedir:%global license %%doc}
%license LICENSE.txt
%doc NEWS.md README.md
%{_bindir}/make-dummy-cert
%{_bindir}/renew-dummy-cert
%{_bindir}/openssl
%{_mandir}/man1/*
%{_mandir}/man5/*
%{_mandir}/man7/*
%{_pkgdocdir}/Makefile.certificate
%exclude %{_mandir}/man1/*.pl*
%exclude %{_mandir}/man1/tsget*
%files libs
%{!?_licensedir:%global license %%doc}
%license LICENSE.txt
%dir %{_sysconfdir}/pki/tls
%dir %{_sysconfdir}/pki/tls/certs
%dir %{_sysconfdir}/pki/tls/misc
%dir %{_sysconfdir}/pki/tls/private
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
%attr(0755,root,root) %{_libdir}/libcrypto.so.%{version}
%{_libdir}/libcrypto.so.%{soversion}
%attr(0755,root,root) %{_libdir}/libssl.so.%{version}
%{_libdir}/libssl.so.%{soversion}
%attr(0755,root,root) %{_libdir}/engines-%{soversion}
%attr(0755,root,root) %{_libdir}/ossl-modules
%files devel
%doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el
%{_prefix}/include/openssl
%{_libdir}/*.so
%{_mandir}/man3/*
%{_libdir}/pkgconfig/*.pc
%files perl
%{_bindir}/c_rehash
%{_bindir}/*.pl
%{_bindir}/tsget
%{_mandir}/man1/*.pl*
%{_mandir}/man1/tsget*
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
%dir %{_sysconfdir}/pki/CA/certs
%dir %{_sysconfdir}/pki/CA/crl
%dir %{_sysconfdir}/pki/CA/newcerts
%ldconfig_scriptlets libs
%changelog
* Wed Oct 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
- CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests
Resolves: CVE-2022-3602
* Wed Oct 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-42
- CVE-2022-3602: X.509 Email Address Buffer Overflow
Resolves: CVE-2022-3602
* Thu Aug 11 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-41
- Zeroize public keys as required by FIPS 140-3
Resolves: rhbz#2115861
- Add FIPS indicator for HKDF
Resolves: rhbz#2118388
* Fri Aug 05 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-40
- Deal with DH keys in FIPS mode according FIPS-140-3 requirements
Related: rhbz#2115856
- Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements
Related: rhbz#2115857
- Use signature for RSA pairwise test according FIPS-140-3 requirements
Related: rhbz#2115858
- Reseed all the parent DRBGs in chain on reseeding a DRBG
Related: rhbz#2115859
- Zeroization according to FIPS-140-3 requirements
Related: rhbz#2115861
* Mon Aug 01 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-39
- Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test
- Use Use digest_sign & digest_verify in FIPS signature self test
- Use FFDHE2048 in Diffie-Hellman FIPS self-test
Resolves: rhbz#2112978
* Thu Jul 14 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-38
- Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously
initialized.
Resolves: rhbz#2107530
- Improve AES-GCM performance on Power9 and Power10 ppc64le
Resolves: rhbz#2103044
- Improve ChaCha20 performance on Power10 ppc64le
Resolves: rhbz#2103044
* Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-37
- CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
Resolves: CVE-2022-2097
* Thu Jun 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-36
- Ciphersuites with RSAPSK KX should be filterd in FIPS mode
- Related: rhbz#2091994
- FIPS provider should block RSA encryption for key transport.
- Other RSA encryption options should still be available if key length is enough
- Related: rhbz#2091977
- Improve diagnostics when passing unsupported groups in TLS
- Related: rhbz#2086554
- Fix PPC64 Montgomery multiplication bug
- Related: rhbz#2101346
- Strict certificates validation shouldn't allow explicit EC parameters
- Related: rhbz#2085521
- CVE-2022-2068: the c_rehash script allows command injection
- Related: rhbz#2098276
* Wed Jun 08 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-35
- Add explicit indicators for signatures in FIPS mode and mark signature
primitives as unapproved.
Resolves: rhbz#2087234
* Fri Jun 03 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-34
- Some OpenSSL test certificates are expired, updating
- Resolves: rhbz#2095696
* Thu May 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-33
- CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
- Resolves: rhbz#2089443
- CVE-2022-1343 openssl: Signer certificate verification returned
inaccurate response when using OCSP_NOCHECKS
- Resolves: rhbz#2089439
- CVE-2022-1292 openssl: c_rehash script allows command injection
- Resolves: rhbz#2090361
- Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode"
Related: rhbz#2087234
- Use KAT for ECDSA signature tests, s390 arch
- Resolves: rhbz#2086866
* Thu May 19 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-32
- `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
- Resolves: rhbz#2091929
- Ciphersuites with RSA KX should be filterd in FIPS mode
- Related: rhbz#2091994
- In FIPS mode, signature verification works with keys of arbitrary size
above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys
below 2048 bits
- Resolves: rhbz#2091938
* Wed May 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-31
- Disable SHA-1 signature verification in FIPS mode
- Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode
Resolves: rhbz#2087234
* Mon May 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-30
- Use KAT for ECDSA signature tests
- Resolves: rhbz#2086866
* Thu May 12 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-29
- `-config` argument of openssl app should work properly in FIPS mode
- Resolves: rhbz#2085500
- openssl req defaults on PKCS#8 encryption changed to AES-256-CBC
- Resolves: rhbz#2085499
* Fri May 06 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-28
- OpenSSL should not accept custom elliptic curve parameters
- Resolves rhbz#2085508
- OpenSSL should not accept explicit curve parameters in FIPS mode
- Resolves rhbz#2085521
* Fri May 06 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-27
- Change FIPS module version to include hash of specfile, patches and sources
Resolves: rhbz#2082585
* Thu May 05 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-26
- OpenSSL FIPS module should not build in non-approved algorithms
Resolves: rhbz#2082584
* Mon May 02 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-25
- FIPS provider should block RSA encryption for key transport.
- Other RSA encryption options should still be available
- Resolves: rhbz#2053289
* Mon May 02 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-24
- Fix occasional internal error in TLS when DHE is used
Resolves: rhbz#2080323
* Tue Apr 26 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-23
- Update missing initialization patch with feedback from upstream
Resolves: rhbz#2076654
* Fri Apr 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-22
- Invocation of the missing initialization
- Resolves: rhbz#2076654
* Wed Apr 20 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-21
- Fix openssl curl error with LANG=tr_TR.utf8
- Resolves: rhbz#2076654
* Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-20
- Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when
no OpenSSL library context is set
- Resolves: rhbz#2063306
* Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-19
- Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes
- Resolves: rhbz#2063306
* Wed Mar 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-18
- CVE-2022-0778 fix
- Resolves: rhbz#2062314
* Thu Mar 10 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-15.1
- Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before
setting an allowed digest with EVP_PKEY_CTX_set_signature_md()
- Resolves: rhbz#2061607
* Tue Mar 01 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-14.1
- Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes
- Resolves: rhbz#2031742
* Fri Feb 25 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-14
- Prevent use of SHA1 with ECDSA
- Resolves: rhbz#2031742
* Fri Feb 25 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-13
- OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
- Resolves: rhbz#1977867
* Thu Feb 24 2022 Peter Robinson <pbrobinson@fedoraproject.org> - 1:3.0.1-12
- Support KBKDF (NIST SP800-108) with an R value of 8bits
- Resolves: rhbz#2027261
* Wed Feb 23 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-11
- Allow SHA1 usage in MGF1 for RSASSA-PSS signatures
- Resolves: rhbz#2031742
* Wed Feb 23 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-10
- rebuilt
* Tue Feb 22 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-9
- Allow SHA1 usage in HMAC in TLS
- Resolves: rhbz#2031742
* Tue Feb 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-8
- OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
- Resolves: rhbz#1977867
- pkcs12 export broken in FIPS mode
- Resolves: rhbz#2049265
* Tue Feb 22 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-8
- Disable SHA1 signature creation and verification by default
- Set rh-allow-sha1-signatures = yes to re-enable
- Resolves: rhbz#2031742
* Thu Feb 03 2022 Sahana Prasad <sahana@redhat.com> - 1:3.0.1-7
- s_server: correctly handle 2^14 byte long records
- Resolves: rhbz#2042011
* Tue Feb 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-6
- Adjust FIPS provider version
- Related: rhbz#2026445
* Wed Jan 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-5
- On the s390x, zeroize all the copies of TLS premaster secret
- Related: rhbz#2040448
* Fri Jan 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-4
- rebuilt
* Fri Jan 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-3
- KATS tests should be executed before HMAC verification
- Restoring fips=yes for SHA1
- Related: rhbz#2026445, rhbz#2041994
* Thu Jan 20 2022 Sahana Prasad <sahana@redhat.com> - 1:3.0.1-2
- Add enable-buildtest-c++ to the configure options.
- Related: rhbz#1990814
* Tue Jan 18 2022 Sahana Prasad <sahana@redhat.com> - 1:3.0.1-1
- Rebase to upstream version 3.0.1
- Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl
- Resolves: rhbz#2038910, rhbz#2035148
* Mon Jan 17 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-7
- Remove algorithms we don't plan to certify from fips module
- Remove native fipsmodule.cnf
- Related: rhbz#2026445
* Tue Dec 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-6
- openssl speed should run in FIPS mode
- Related: rhbz#1977318
* Wed Nov 24 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-5
- rebuilt for spec cleanup
- Related: rhbz#1985362
* Thu Nov 18 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-4
- Embed FIPS HMAC in fips.so
- Enforce loading FIPS provider when FIPS kernel flag is on
- Related: rhbz#1985362
* Thu Oct 07 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-3
- Fix memory leak in s_client
- Related: rhbz#1996092
* Mon Sep 20 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-2
- Avoid double-free on error seeding the RNG.
- KTLS and FIPS may interfere, so tests need to be tuned
- Resolves: rhbz#1952844, rhbz#1961643
* Thu Sep 09 2021 Sahana Prasad <sahana@redhat.com> - 1:3.0.0-1
- Rebase to upstream version 3.0.0
- Related: rhbz#1990814
* Wed Aug 25 2021 Sahana Prasad <sahana@redhat.com> - 1:3.0.0-0.beta2.7
- Removes the dual-abi build as it not required anymore. The mass rebuild
was completed and all packages are rebuilt against Beta version.
- Resolves: rhbz#1984097
* Mon Aug 23 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.0-0.beta2.6
- Correctly process CMS reading from /dev/stdin
- Resolves: rhbz#1986315
* Mon Aug 16 2021 Sahana Prasad <sahana@redhat.com> - 3.0.0-0.beta2.5
- Add instruction for loading legacy provider in openssl.cnf
- Resolves: rhbz#1975836
* Mon Aug 16 2021 Sahana Prasad <sahana@redhat.com> - 3.0.0-0.beta2.4
- Adds support for IDEA encryption.
- Resolves: rhbz#1990602
* Tue Aug 10 2021 Sahana Prasad <sahana@redhat.com> - 3.0.0-0.beta2.3
- Fixes core dump in openssl req -modulus
- Fixes 'openssl req' to not ask for password when non-encrypted private key
is used
- cms: Do not try to check binary format on stdin and -rctform fix
- Resolves: rhbz#1988137, rhbz#1988468, rhbz#1988137
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:3.0.0-0.beta2.2.1
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Aug 04 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 3.0.0-0.beta2.2
- When signature_algorithm extension is omitted, use more relevant alerts
- Resolves: rhbz#1965017
* Tue Aug 03 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta2.1
- Rebase to upstream version beta2
- Related: rhbz#1903209
* Thu Jul 22 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.5
- Prevents creation of duplicate cert entries in PKCS #12 files
- Resolves: rhbz#1978670
* Wed Jul 21 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.4
- NVR bump to update to OpenSSL 3.0 Beta1
* Mon Jul 19 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.3
- Update patch dual-abi.patch to add the #define macros in implementation
files instead of public header files
* Wed Jul 14 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.2
- Removes unused patch dual-abi.patch
* Wed Jul 14 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.beta1.1
- Update to Beta1 version
- Includes a patch to support dual-ABI, as Beta1 brekas ABI with alpha16
* Tue Jul 06 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.7
- Fixes override of openssl_conf in openssl.cnf
- Use AI_ADDRCONFIG only when explicit host name is given
- Temporarily remove fipsmodule.cnf for arch i686
- Fixes segmentation fault in BN_lebin2bn
- Resolves: rhbz#1975847, rhbz#1976845, rhbz#1973477, rhbz#1975855
* Fri Jul 02 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.6
- Adds FIPS mode compatibility patch (sahana@redhat.com)
- Related: rhbz#1977318
* Fri Jul 02 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.5
- Fixes system hang issue when booted in FIPS mode (sahana@redhat.com)
- Temporarily disable downstream FIPS patches
- Related: rhbz#1977318
* Fri Jun 11 2021 Mohan Boddu <mboddu@redhat.com> 3.0.0-0.alpha16.4
- Speeding up building openssl (dbelyavs@redhat.com)
Resolves: rhbz#1903209
* Fri Jun 04 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.3
- Fix reading SPKAC data from stdin
- Fix incorrect OSSL_PKEY_PARAM_MAX_SIZE for ed25519 and ed448
- Return 0 after cleanup in OPENSSL_init_crypto()
- Cleanup the peer point formats on regotiation
- Fix default digest to SHA256
* Thu May 27 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.2
- Enable FIPS via config options
* Mon May 17 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha16.1
- Update to alpha 16 version
Resolves: rhbz#1952901 openssl sends alert after orderly connection close
* Mon Apr 26 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha15.1
- Update to alpha 15 version
Resolves: rhbz#1903209, rhbz#1952598,
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:3.0.0-0.alpha13.1.1
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Apr 09 2021 Sahana Prasad <sahana@redhat.com> 3.0.0-0.alpha13.1
- Update to new major release OpenSSL 3.0.0 alpha 13
Resolves: rhbz#1903209
Loading…
Cancel
Save