commit
27a0195d18
@ -1,80 +1,122 @@
|
|||||||
diff -up openssl-3.0.1/crypto/ec/ec_lib.c.disable_explicit_ec openssl-3.0.1/crypto/ec/ec_lib.c
|
diff -up openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec openssl-3.0.1/crypto/ec/ec_asn1.c
|
||||||
--- openssl-3.0.1/crypto/ec/ec_lib.c.disable_explicit_ec 2022-02-22 09:08:48.557823665 +0100
|
--- openssl-3.0.1/crypto/ec/ec_asn1.c.disable_explicit_ec 2022-03-22 13:10:45.718077845 +0100
|
||||||
+++ openssl-3.0.1/crypto/ec/ec_lib.c 2022-02-22 09:09:26.634133847 +0100
|
+++ openssl-3.0.1/crypto/ec/ec_asn1.c 2022-03-22 13:12:46.626599016 +0100
|
||||||
@@ -1458,7 +1458,7 @@ static EC_GROUP *ec_group_explicit_to_na
|
@@ -895,6 +895,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **
|
||||||
goto err;
|
if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT)
|
||||||
}
|
group->decoded_from_explicit_params = 1;
|
||||||
} else {
|
|
||||||
- ret_group = (EC_GROUP *)group;
|
|
||||||
+ goto err;
|
|
||||||
}
|
|
||||||
EC_GROUP_free(dup);
|
|
||||||
return ret_group;
|
|
||||||
diff -up openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.disable_explicit_ec openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c
|
|
||||||
--- openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.disable_explicit_ec 2022-02-22 13:04:16.850856612 +0100
|
|
||||||
+++ openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c 2022-02-22 14:16:19.848369641 +0100
|
|
||||||
@@ -936,11 +936,8 @@ int ec_validate(const void *keydata, int
|
|
||||||
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
|
|
||||||
int flags = EC_KEY_get_flags(eck);
|
|
||||||
|
|
||||||
- if ((flags & EC_FLAG_CHECK_NAMED_GROUP) != 0)
|
+ if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) {
|
||||||
- ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck),
|
+ EC_GROUP_free(group);
|
||||||
- (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx);
|
+ ECPKPARAMETERS_free(params);
|
||||||
- else
|
+ return NULL;
|
||||||
- ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx);
|
+ }
|
||||||
+ ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck),
|
+
|
||||||
+ (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx);
|
if (a) {
|
||||||
|
EC_GROUP_free(*a);
|
||||||
|
*a = group;
|
||||||
|
@@ -954,6 +959,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
|
||||||
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
|
+ if (EC_GROUP_check_named_curve(ret->group, 0, NULL) == NID_undef) {
|
||||||
@@ -1217,6 +1214,10 @@ static int ec_gen_assign_group(EC_KEY *e
|
+ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
|
||||||
ERR_raise(ERR_LIB_PROV, PROV_R_NO_PARAMETERS_SET);
|
+ goto err;
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
+ if (EC_GROUP_get_curve_name(group) == NID_undef) {
|
|
||||||
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
+ }
|
||||||
return EC_KEY_set_group(ec, group) > 0;
|
+
|
||||||
}
|
ret->version = priv_key->version;
|
||||||
|
|
||||||
diff -up openssl-3.0.1/providers/common/securitycheck.c.disable_explicit_ec openssl-3.0.1/providers/common/securitycheck.c
|
if (priv_key->privateKey) {
|
||||||
--- openssl-3.0.1/providers/common/securitycheck.c.disable_explicit_ec 2022-02-25 11:44:19.554673396 +0100
|
diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/test/endecode_test.c
|
||||||
+++ openssl-3.0.1/providers/common/securitycheck.c 2022-02-25 12:16:38.168610089 +0100
|
--- openssl-3.0.1/test/endecode_test.c.disable_explicit_ec 2022-03-21 16:55:46.005558779 +0100
|
||||||
@@ -93,22 +93,22 @@ int ossl_rsa_check_key(OSSL_LIB_CTX *ctx
|
+++ openssl-3.0.1/test/endecode_test.c 2022-03-21 16:56:12.636792762 +0100
|
||||||
int ossl_ec_check_key(OSSL_LIB_CTX *ctx, const EC_KEY *ec, int protect)
|
@@ -57,7 +57,7 @@ static BN_CTX *bnctx = NULL;
|
||||||
{
|
static OSSL_PARAM_BLD *bld_prime_nc = NULL;
|
||||||
# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
|
static OSSL_PARAM_BLD *bld_prime = NULL;
|
||||||
- if (ossl_securitycheck_enabled(ctx)) {
|
static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
|
||||||
- int nid, strength;
|
-static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
|
||||||
- const char *curve_name;
|
+/*static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;*/
|
||||||
- const EC_GROUP *group = EC_KEY_get0_group(ec);
|
|
||||||
+ int nid, strength;
|
|
||||||
+ const char *curve_name;
|
|
||||||
+ const EC_GROUP *group = EC_KEY_get0_group(ec);
|
|
||||||
|
|
||||||
- if (group == NULL) {
|
# ifndef OPENSSL_NO_EC2M
|
||||||
- ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, "No group");
|
static OSSL_PARAM_BLD *bld_tri_nc = NULL;
|
||||||
- return 0;
|
@@ -990,9 +990,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
|
||||||
- }
|
DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
|
||||||
- nid = EC_GROUP_get_curve_name(group);
|
IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
|
||||||
- if (nid == NID_undef) {
|
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
|
||||||
- ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE,
|
-DOMAIN_KEYS(ECExplicitPrime2G);
|
||||||
- "Explicit curves are not allowed in fips mode");
|
-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")
|
||||||
- return 0;
|
-IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
|
||||||
- }
|
+/*DOMAIN_KEYS(ECExplicitPrime2G);*/
|
||||||
+ if (group == NULL) {
|
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")*/
|
||||||
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, "No group");
|
+/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
|
||||||
+ return 0;
|
# ifndef OPENSSL_NO_EC2M
|
||||||
+ }
|
DOMAIN_KEYS(ECExplicitTriNamedCurve);
|
||||||
+ nid = EC_GROUP_get_curve_name(group);
|
IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
|
||||||
+ if (nid == NID_undef) {
|
@@ -1318,7 +1318,7 @@ int setup_tests(void)
|
||||||
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE,
|
|| !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
|
||||||
+ "Explicit curves are not allowed in this build");
|
|| !create_ec_explicit_prime_params(bld_prime)
|
||||||
+ return 0;
|
|| !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
|
||||||
+ }
|
- || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
|
||||||
|
+/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/
|
||||||
|
# ifndef OPENSSL_NO_EC2M
|
||||||
|
|| !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
|
||||||
|
|| !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
|
||||||
|
@@ -1346,7 +1346,7 @@ int setup_tests(void)
|
||||||
|
TEST_info("Generating EC keys...");
|
||||||
|
MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
|
||||||
|
MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
|
||||||
|
- MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
|
||||||
|
+/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/
|
||||||
|
# ifndef OPENSSL_NO_EC2M
|
||||||
|
MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
|
||||||
|
MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
|
||||||
|
@@ -1389,8 +1389,8 @@ int setup_tests(void)
|
||||||
|
ADD_TEST_SUITE_LEGACY(EC);
|
||||||
|
ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
|
||||||
|
ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
|
||||||
|
- ADD_TEST_SUITE(ECExplicitPrime2G);
|
||||||
|
- ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
|
||||||
|
+/* ADD_TEST_SUITE(ECExplicitPrime2G);*/
|
||||||
|
+/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/
|
||||||
|
# ifndef OPENSSL_NO_EC2M
|
||||||
|
ADD_TEST_SUITE(ECExplicitTriNamedCurve);
|
||||||
|
ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
|
||||||
|
@@ -1427,7 +1427,7 @@ void cleanup_tests(void)
|
||||||
|
{
|
||||||
|
#ifndef OPENSSL_NO_EC
|
||||||
|
OSSL_PARAM_free(ec_explicit_prime_params_nc);
|
||||||
|
- OSSL_PARAM_free(ec_explicit_prime_params_explicit);
|
||||||
|
+/* OSSL_PARAM_free(ec_explicit_prime_params_explicit);*/
|
||||||
|
OSSL_PARAM_BLD_free(bld_prime_nc);
|
||||||
|
OSSL_PARAM_BLD_free(bld_prime);
|
||||||
|
# ifndef OPENSSL_NO_EC2M
|
||||||
|
@@ -1449,7 +1449,7 @@ void cleanup_tests(void)
|
||||||
|
#ifndef OPENSSL_NO_EC
|
||||||
|
FREE_DOMAIN_KEYS(EC);
|
||||||
|
FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
|
||||||
|
- FREE_DOMAIN_KEYS(ECExplicitPrime2G);
|
||||||
|
+/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/
|
||||||
|
# ifndef OPENSSL_NO_EC2M
|
||||||
|
FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
|
||||||
|
FREE_DOMAIN_KEYS(ECExplicitTri2G);
|
||||||
|
diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
||||||
|
--- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt.disable_explicit_ec 2022-03-25 11:20:50.920949208 +0100
|
||||||
|
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2022-03-25 11:21:13.177147598 +0100
|
||||||
|
@@ -121,18 +121,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEB
|
||||||
|
3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
|
|
||||||
+ if (ossl_securitycheck_enabled(ctx)) {
|
-PrivateKey = EC_EXPLICIT
|
||||||
curve_name = EC_curve_nid2nist(nid);
|
------BEGIN PRIVATE KEY-----
|
||||||
if (curve_name == NULL) {
|
-MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
|
||||||
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE,
|
-AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
|
||||||
|
-///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
|
||||||
|
-AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
|
||||||
|
-l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
|
||||||
|
-AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
|
||||||
|
-OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
|
||||||
|
-46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
|
||||||
|
------END PRIVATE KEY-----
|
||||||
|
-
|
||||||
|
PrivateKey = B-163
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
|
||||||
|
@ -0,0 +1,77 @@
|
|||||||
|
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
|
||||||
|
index 78dc69082fab..8a86c9108d0d 100644
|
||||||
|
--- a/providers/implementations/keymgmt/ec_kmgmt.c
|
||||||
|
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
|
||||||
|
@@ -470,9 +470,6 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
|
||||||
|
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
|
||||||
|
&& (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
|
||||||
|
return 0;
|
||||||
|
- if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0
|
||||||
|
- && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
|
||||||
|
- return 0;
|
||||||
|
|
||||||
|
tmpl = OSSL_PARAM_BLD_new();
|
||||||
|
if (tmpl == NULL)
|
||||||
|
diff --git a/test/recipes/15-test_ecparam.t b/test/recipes/15-test_ecparam.t
|
||||||
|
index 766524e8cfa9..80bac6741290 100644
|
||||||
|
--- a/test/recipes/15-test_ecparam.t
|
||||||
|
+++ b/test/recipes/15-test_ecparam.t
|
||||||
|
@@ -13,7 +13,7 @@ use warnings;
|
||||||
|
use File::Spec;
|
||||||
|
use File::Compare qw/compare_text/;
|
||||||
|
use OpenSSL::Glob;
|
||||||
|
-use OpenSSL::Test qw/:DEFAULT data_file/;
|
||||||
|
+use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/;
|
||||||
|
use OpenSSL::Test::Utils;
|
||||||
|
|
||||||
|
setup("test_ecparam");
|
||||||
|
@@ -25,7 +25,7 @@ my @valid = glob(data_file("valid", "*.pem"));
|
||||||
|
my @noncanon = glob(data_file("noncanon", "*.pem"));
|
||||||
|
my @invalid = glob(data_file("invalid", "*.pem"));
|
||||||
|
|
||||||
|
-plan tests => 11;
|
||||||
|
+plan tests => 12;
|
||||||
|
|
||||||
|
sub checkload {
|
||||||
|
my $files = shift; # List of files
|
||||||
|
@@ -59,6 +59,8 @@ sub checkcompare {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
||||||
|
+
|
||||||
|
subtest "Check loading valid parameters by ecparam with -check" => sub {
|
||||||
|
plan tests => scalar(@valid);
|
||||||
|
checkload(\@valid, 1, "ecparam", "-check");
|
||||||
|
@@ -113,3 +115,31 @@ subtest "Check pkeyparam does not change the parameter file on output" => sub {
|
||||||
|
plan tests => 2 * scalar(@valid);
|
||||||
|
checkcompare(\@valid, "pkeyparam");
|
||||||
|
};
|
||||||
|
+
|
||||||
|
+subtest "Check loading of fips and non-fips params" => sub {
|
||||||
|
+ plan skip_all => "FIPS is disabled"
|
||||||
|
+ if $no_fips;
|
||||||
|
+ plan tests => 3;
|
||||||
|
+
|
||||||
|
+ my $fipsconf = srctop_file("test", "fips-and-base.cnf");
|
||||||
|
+ my $defaultconf = srctop_file("test", "default.cnf");
|
||||||
|
+
|
||||||
|
+ $ENV{OPENSSL_CONF} = $fipsconf;
|
||||||
|
+
|
||||||
|
+ ok(run(app(['openssl', 'ecparam',
|
||||||
|
+ '-in', data_file('valid', 'secp384r1-explicit.pem'),
|
||||||
|
+ '-check'])),
|
||||||
|
+ "Loading explicitly encoded valid curve");
|
||||||
|
+
|
||||||
|
+ ok(run(app(['openssl', 'ecparam',
|
||||||
|
+ '-in', data_file('valid', 'secp384r1-named.pem'),
|
||||||
|
+ '-check'])),
|
||||||
|
+ "Loading named valid curve");
|
||||||
|
+
|
||||||
|
+ ok(!run(app(['openssl', 'ecparam',
|
||||||
|
+ '-in', data_file('valid', 'secp112r1-named.pem'),
|
||||||
|
+ '-check'])),
|
||||||
|
+ "Fail loading named non-fips curve");
|
||||||
|
+
|
||||||
|
+ $ENV{OPENSSL_CONF} = $defaultconf;
|
||||||
|
+};
|
@ -0,0 +1,421 @@
|
|||||||
|
diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
|
||||||
|
index 9dc143c2ac69..4d6f2a76ad20 100644
|
||||||
|
--- a/crypto/ec/ec_err.c
|
||||||
|
+++ b/crypto/ec/ec_err.c
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
/*
|
||||||
|
* Generated by util/mkerr.pl DO NOT EDIT
|
||||||
|
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
|
@@ -35,6 +35,8 @@ static const ERR_STRING_DATA EC_str_reasons[] = {
|
||||||
|
"discriminant is zero"},
|
||||||
|
{ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
|
||||||
|
"ec group new by name failure"},
|
||||||
|
+ {ERR_PACK(ERR_LIB_EC, 0, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED),
|
||||||
|
+ "explicit params not supported"},
|
||||||
|
{ERR_PACK(ERR_LIB_EC, 0, EC_R_FAILED_MAKING_PUBLIC_KEY),
|
||||||
|
"failed making public key"},
|
||||||
|
{ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"},
|
||||||
|
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
|
||||||
|
index 2aeab7e3b6b5..f686e45f899d 100644
|
||||||
|
--- a/crypto/ec/ec_lib.c
|
||||||
|
+++ b/crypto/ec/ec_lib.c
|
||||||
|
@@ -1387,6 +1387,7 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
/*
|
||||||
|
* Check if the explicit parameters group matches any built-in curves.
|
||||||
|
*
|
||||||
|
@@ -1424,7 +1425,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
|
||||||
|
* parameters with one created from a named group.
|
||||||
|
*/
|
||||||
|
|
||||||
|
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||||
|
+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||||
|
/*
|
||||||
|
* NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for
|
||||||
|
* the same curve, we prefer the SECP nid when matching explicit
|
||||||
|
@@ -1432,7 +1433,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
|
||||||
|
*/
|
||||||
|
if (curve_name_nid == NID_wap_wsg_idm_ecid_wtls12)
|
||||||
|
curve_name_nid = NID_secp224r1;
|
||||||
|
-#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
|
||||||
|
+# endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
|
||||||
|
|
||||||
|
ret_group = EC_GROUP_new_by_curve_name_ex(libctx, propq, curve_name_nid);
|
||||||
|
if (ret_group == NULL)
|
||||||
|
@@ -1467,6 +1468,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
|
||||||
|
EC_GROUP_free(ret_group);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
+#endif /* FIPS_MODULE */
|
||||||
|
|
||||||
|
static EC_GROUP *group_new_from_name(const OSSL_PARAM *p,
|
||||||
|
OSSL_LIB_CTX *libctx, const char *propq)
|
||||||
|
@@ -1536,9 +1538,13 @@ int ossl_ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[])
|
||||||
|
EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
||||||
|
OSSL_LIB_CTX *libctx, const char *propq)
|
||||||
|
{
|
||||||
|
- const OSSL_PARAM *ptmp, *pa, *pb;
|
||||||
|
+ const OSSL_PARAM *ptmp;
|
||||||
|
+ EC_GROUP *group = NULL;
|
||||||
|
+
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
+ const OSSL_PARAM *pa, *pb;
|
||||||
|
int ok = 0;
|
||||||
|
- EC_GROUP *group = NULL, *named_group = NULL;
|
||||||
|
+ EC_GROUP *named_group = NULL;
|
||||||
|
BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL, *cofactor = NULL;
|
||||||
|
EC_POINT *point = NULL;
|
||||||
|
int field_bits = 0;
|
||||||
|
@@ -1546,6 +1552,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
||||||
|
BN_CTX *bnctx = NULL;
|
||||||
|
const unsigned char *buf = NULL;
|
||||||
|
int encoding_flag = -1;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
/* This is the simple named group case */
|
||||||
|
ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
|
||||||
|
@@ -1559,6 +1566,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
||||||
|
}
|
||||||
|
return group;
|
||||||
|
}
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ ERR_raise(ERR_LIB_EC, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED);
|
||||||
|
+ return NULL;
|
||||||
|
+#else
|
||||||
|
/* If it gets here then we are trying explicit parameters */
|
||||||
|
bnctx = BN_CTX_new_ex(libctx);
|
||||||
|
if (bnctx == NULL) {
|
||||||
|
@@ -1623,10 +1634,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
||||||
|
/* create the EC_GROUP structure */
|
||||||
|
group = EC_GROUP_new_curve_GFp(p, a, b, bnctx);
|
||||||
|
} else {
|
||||||
|
-#ifdef OPENSSL_NO_EC2M
|
||||||
|
+# ifdef OPENSSL_NO_EC2M
|
||||||
|
ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED);
|
||||||
|
goto err;
|
||||||
|
-#else
|
||||||
|
+# else
|
||||||
|
/* create the EC_GROUP structure */
|
||||||
|
group = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
|
||||||
|
if (group != NULL) {
|
||||||
|
@@ -1636,7 +1647,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
-#endif /* OPENSSL_NO_EC2M */
|
||||||
|
+# endif /* OPENSSL_NO_EC2M */
|
||||||
|
}
|
||||||
|
|
||||||
|
if (group == NULL) {
|
||||||
|
@@ -1733,4 +1744,5 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
||||||
|
BN_CTX_free(bnctx);
|
||||||
|
|
||||||
|
return group;
|
||||||
|
+#endif /* FIPS_MODULE */
|
||||||
|
}
|
||||||
|
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
|
||||||
|
index c4a94f955905..41df7127403c 100644
|
||||||
|
--- a/crypto/err/openssl.txt
|
||||||
|
+++ b/crypto/err/openssl.txt
|
||||||
|
@@ -553,6 +553,7 @@ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
|
||||||
|
EC_R_DECODE_ERROR:142:decode error
|
||||||
|
EC_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero
|
||||||
|
EC_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure
|
||||||
|
+EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED:127:explicit params not supported
|
||||||
|
EC_R_FAILED_MAKING_PUBLIC_KEY:166:failed making public key
|
||||||
|
EC_R_FIELD_TOO_LARGE:143:field too large
|
||||||
|
EC_R_GF2M_NOT_SUPPORTED:147:gf2m not supported
|
||||||
|
diff --git a/include/crypto/ecerr.h b/include/crypto/ecerr.h
|
||||||
|
index 07b6c7aa62dd..4658ae8fb2cd 100644
|
||||||
|
--- a/include/crypto/ecerr.h
|
||||||
|
+++ b/include/crypto/ecerr.h
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
/*
|
||||||
|
* Generated by util/mkerr.pl DO NOT EDIT
|
||||||
|
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
+ * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
|
diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h
|
||||||
|
index 49088d208b2c..46405ac62d91 100644
|
||||||
|
--- a/include/openssl/ecerr.h
|
||||||
|
+++ b/include/openssl/ecerr.h
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
/*
|
||||||
|
* Generated by util/mkerr.pl DO NOT EDIT
|
||||||
|
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
|
@@ -35,6 +35,7 @@
|
||||||
|
# define EC_R_DECODE_ERROR 142
|
||||||
|
# define EC_R_DISCRIMINANT_IS_ZERO 118
|
||||||
|
# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119
|
||||||
|
+# define EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED 127
|
||||||
|
# define EC_R_FAILED_MAKING_PUBLIC_KEY 166
|
||||||
|
# define EC_R_FIELD_TOO_LARGE 143
|
||||||
|
# define EC_R_GF2M_NOT_SUPPORTED 147
|
||||||
|
diff --git a/test/endecode_test.c b/test/endecode_test.c
|
||||||
|
index 0c33dff0ee2b..3d78bea50ea3 100644
|
||||||
|
--- a/test/endecode_test.c
|
||||||
|
+++ b/test/endecode_test.c
|
||||||
|
@@ -147,6 +147,7 @@ typedef int (checker)(const char *file, const int line,
|
||||||
|
typedef void (dumper)(const char *label, const void *data, size_t data_len);
|
||||||
|
|
||||||
|
#define FLAG_DECODE_WITH_TYPE 0x0001
|
||||||
|
+#define FLAG_FAIL_IF_FIPS 0x0002
|
||||||
|
|
||||||
|
static int test_encode_decode(const char *file, const int line,
|
||||||
|
const char *type, EVP_PKEY *pkey,
|
||||||
|
@@ -170,8 +171,19 @@ static int test_encode_decode(const char *file, const int line,
|
||||||
|
* dumping purposes.
|
||||||
|
*/
|
||||||
|
if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection,
|
||||||
|
- output_type, output_structure, pass, pcipher))
|
||||||
|
- || !TEST_true(check_cb(file, line, type, encoded, encoded_len))
|
||||||
|
+ output_type, output_structure, pass, pcipher)))
|
||||||
|
+ goto end;
|
||||||
|
+
|
||||||
|
+ if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips) {
|
||||||
|
+ if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded,
|
||||||
|
+ encoded_len, output_type, output_structure,
|
||||||
|
+ (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
|
||||||
|
+ selection, pass)))
|
||||||
|
+ ok = 1;
|
||||||
|
+ goto end;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!TEST_true(check_cb(file, line, type, encoded, encoded_len))
|
||||||
|
|| !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len,
|
||||||
|
output_type, output_structure,
|
||||||
|
(flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
|
||||||
|
@@ -525,7 +537,7 @@ static int check_unprotected_PKCS8_DER(const char *file, const int line,
|
||||||
|
return ok;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
|
||||||
|
+static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips)
|
||||||
|
{
|
||||||
|
return test_encode_decode(__FILE__, __LINE__, type, key,
|
||||||
|
OSSL_KEYMGMT_SELECT_KEYPAIR
|
||||||
|
@@ -533,7 +545,7 @@ static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
|
||||||
|
"DER", "PrivateKeyInfo", NULL, NULL,
|
||||||
|
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
||||||
|
test_mem, check_unprotected_PKCS8_DER,
|
||||||
|
- dump_der, 0);
|
||||||
|
+ dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int check_unprotected_PKCS8_PEM(const char *file, const int line,
|
||||||
|
@@ -547,7 +559,7 @@ static int check_unprotected_PKCS8_PEM(const char *file, const int line,
|
||||||
|
sizeof(expected_pem_header) - 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
-static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
|
||||||
|
+static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips)
|
||||||
|
{
|
||||||
|
return test_encode_decode(__FILE__, __LINE__, type, key,
|
||||||
|
OSSL_KEYMGMT_SELECT_KEYPAIR
|
||||||
|
@@ -555,7 +567,7 @@ static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
|
||||||
|
"PEM", "PrivateKeyInfo", NULL, NULL,
|
||||||
|
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
||||||
|
test_text, check_unprotected_PKCS8_PEM,
|
||||||
|
- dump_pem, 0);
|
||||||
|
+ dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_KEYPARAMS
|
||||||
|
@@ -702,7 +714,7 @@ static int check_protected_PKCS8_DER(const char *file, const int line,
|
||||||
|
return ok;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static int test_protected_via_DER(const char *type, EVP_PKEY *key)
|
||||||
|
+static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips)
|
||||||
|
{
|
||||||
|
return test_encode_decode(__FILE__, __LINE__, type, key,
|
||||||
|
OSSL_KEYMGMT_SELECT_KEYPAIR
|
||||||
|
@@ -711,7 +723,7 @@ static int test_protected_via_DER(const char *type, EVP_PKEY *key)
|
||||||
|
pass, pass_cipher,
|
||||||
|
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
||||||
|
test_mem, check_protected_PKCS8_DER,
|
||||||
|
- dump_der, 0);
|
||||||
|
+ dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int check_protected_PKCS8_PEM(const char *file, const int line,
|
||||||
|
@@ -725,7 +737,7 @@ static int check_protected_PKCS8_PEM(const char *file, const int line,
|
||||||
|
sizeof(expected_pem_header) - 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
-static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
|
||||||
|
+static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips)
|
||||||
|
{
|
||||||
|
return test_encode_decode(__FILE__, __LINE__, type, key,
|
||||||
|
OSSL_KEYMGMT_SELECT_KEYPAIR
|
||||||
|
@@ -734,7 +746,7 @@ static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
|
||||||
|
pass, pass_cipher,
|
||||||
|
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
||||||
|
test_text, check_protected_PKCS8_PEM,
|
||||||
|
- dump_pem, 0);
|
||||||
|
+ dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int check_protected_legacy_PEM(const char *file, const int line,
|
||||||
|
@@ -795,14 +807,15 @@ static int check_public_DER(const char *file, const int line,
|
||||||
|
return ok;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static int test_public_via_DER(const char *type, EVP_PKEY *key)
|
||||||
|
+static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips)
|
||||||
|
{
|
||||||
|
return test_encode_decode(__FILE__, __LINE__, type, key,
|
||||||
|
OSSL_KEYMGMT_SELECT_PUBLIC_KEY
|
||||||
|
| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
|
||||||
|
"DER", "SubjectPublicKeyInfo", NULL, NULL,
|
||||||
|
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
||||||
|
- test_mem, check_public_DER, dump_der, 0);
|
||||||
|
+ test_mem, check_public_DER, dump_der,
|
||||||
|
+ fips ? 0 : FLAG_FAIL_IF_FIPS);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int check_public_PEM(const char *file, const int line,
|
||||||
|
@@ -816,14 +829,15 @@ static int check_public_PEM(const char *file, const int line,
|
||||||
|
sizeof(expected_pem_header) - 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
-static int test_public_via_PEM(const char *type, EVP_PKEY *key)
|
||||||
|
+static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips)
|
||||||
|
{
|
||||||
|
return test_encode_decode(__FILE__, __LINE__, type, key,
|
||||||
|
OSSL_KEYMGMT_SELECT_PUBLIC_KEY
|
||||||
|
| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
|
||||||
|
"PEM", "SubjectPublicKeyInfo", NULL, NULL,
|
||||||
|
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
|
||||||
|
- test_text, check_public_PEM, dump_pem, 0);
|
||||||
|
+ test_text, check_public_PEM, dump_pem,
|
||||||
|
+ fips ? 0 : FLAG_FAIL_IF_FIPS);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int check_public_MSBLOB(const char *file, const int line,
|
||||||
|
@@ -868,30 +882,30 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
|
||||||
|
EVP_PKEY_free(template_##KEYTYPE); \
|
||||||
|
EVP_PKEY_free(key_##KEYTYPE)
|
||||||
|
|
||||||
|
-#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr) \
|
||||||
|
+#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \
|
||||||
|
static int test_unprotected_##KEYTYPE##_via_DER(void) \
|
||||||
|
{ \
|
||||||
|
- return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
|
||||||
|
+ return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
|
||||||
|
} \
|
||||||
|
static int test_unprotected_##KEYTYPE##_via_PEM(void) \
|
||||||
|
{ \
|
||||||
|
- return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
|
||||||
|
+ return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
|
||||||
|
} \
|
||||||
|
static int test_protected_##KEYTYPE##_via_DER(void) \
|
||||||
|
{ \
|
||||||
|
- return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
|
||||||
|
+ return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
|
||||||
|
} \
|
||||||
|
static int test_protected_##KEYTYPE##_via_PEM(void) \
|
||||||
|
{ \
|
||||||
|
- return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
|
||||||
|
+ return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
|
||||||
|
} \
|
||||||
|
static int test_public_##KEYTYPE##_via_DER(void) \
|
||||||
|
{ \
|
||||||
|
- return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE); \
|
||||||
|
+ return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
|
||||||
|
} \
|
||||||
|
static int test_public_##KEYTYPE##_via_PEM(void) \
|
||||||
|
{ \
|
||||||
|
- return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
|
||||||
|
+ return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
|
||||||
|
}
|
||||||
|
|
||||||
|
#define ADD_TEST_SUITE(KEYTYPE) \
|
||||||
|
@@ -965,10 +979,10 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_DH
|
||||||
|
DOMAIN_KEYS(DH);
|
||||||
|
-IMPLEMENT_TEST_SUITE(DH, "DH")
|
||||||
|
+IMPLEMENT_TEST_SUITE(DH, "DH", 1)
|
||||||
|
IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH")
|
||||||
|
DOMAIN_KEYS(DHX);
|
||||||
|
-IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH")
|
||||||
|
+IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1)
|
||||||
|
IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
|
||||||
|
/*
|
||||||
|
* DH has no support for PEM_write_bio_PrivateKey_traditional(),
|
||||||
|
@@ -977,7 +991,7 @@ IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_DSA
|
||||||
|
DOMAIN_KEYS(DSA);
|
||||||
|
-IMPLEMENT_TEST_SUITE(DSA, "DSA")
|
||||||
|
+IMPLEMENT_TEST_SUITE(DSA, "DSA", 1)
|
||||||
|
IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
|
||||||
|
IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
|
||||||
|
IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
|
||||||
|
@@ -988,41 +1002,41 @@ IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
|
||||||
|
#endif
|
||||||
|
#ifndef OPENSSL_NO_EC
|
||||||
|
DOMAIN_KEYS(EC);
|
||||||
|
-IMPLEMENT_TEST_SUITE(EC, "EC")
|
||||||
|
+IMPLEMENT_TEST_SUITE(EC, "EC", 1)
|
||||||
|
IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC")
|
||||||
|
IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
|
||||||
|
DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
|
||||||
|
-IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
|
||||||
|
+IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
|
||||||
|
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
|
||||||
|
/*DOMAIN_KEYS(ECExplicitPrime2G);*/
|
||||||
|
-/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")*/
|
||||||
|
+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
|
||||||
|
/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
|
||||||
|
# ifndef OPENSSL_NO_EC2M
|
||||||
|
DOMAIN_KEYS(ECExplicitTriNamedCurve);
|
||||||
|
-IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
|
||||||
|
+IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
|
||||||
|
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
|
||||||
|
DOMAIN_KEYS(ECExplicitTri2G);
|
||||||
|
-IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC")
|
||||||
|
+IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0)
|
||||||
|
IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
|
||||||
|
# endif
|
||||||
|
KEYS(ED25519);
|
||||||
|
-IMPLEMENT_TEST_SUITE(ED25519, "ED25519")
|
||||||
|
+IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1)
|
||||||
|
KEYS(ED448);
|
||||||
|
-IMPLEMENT_TEST_SUITE(ED448, "ED448")
|
||||||
|
+IMPLEMENT_TEST_SUITE(ED448, "ED448", 1)
|
||||||
|
KEYS(X25519);
|
||||||
|
-IMPLEMENT_TEST_SUITE(X25519, "X25519")
|
||||||
|
+IMPLEMENT_TEST_SUITE(X25519, "X25519", 1)
|
||||||
|
KEYS(X448);
|
||||||
|
-IMPLEMENT_TEST_SUITE(X448, "X448")
|
||||||
|
+IMPLEMENT_TEST_SUITE(X448, "X448", 1)
|
||||||
|
/*
|
||||||
|
* ED25519, ED448, X25519 and X448 have no support for
|
||||||
|
* PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
|
||||||
|
*/
|
||||||
|
#endif
|
||||||
|
KEYS(RSA);
|
||||||
|
-IMPLEMENT_TEST_SUITE(RSA, "RSA")
|
||||||
|
+IMPLEMENT_TEST_SUITE(RSA, "RSA", 1)
|
||||||
|
IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
|
||||||
|
KEYS(RSA_PSS);
|
||||||
|
-IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS")
|
||||||
|
+IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1)
|
||||||
|
/*
|
||||||
|
* RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
|
||||||
|
* so no legacy tests.
|
@ -0,0 +1,140 @@
|
|||||||
|
diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c
|
||||||
|
index bea01fb38f66..48721369ae8f 100644
|
||||||
|
--- a/crypto/ec/ec_backend.c
|
||||||
|
+++ b/crypto/ec/ec_backend.c
|
||||||
|
@@ -318,6 +318,11 @@ int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (!ossl_param_build_set_int(tmpl, params,
|
||||||
|
+ OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS,
|
||||||
|
+ group->decoded_from_explicit_params))
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
curve_nid = EC_GROUP_get_curve_name(group);
|
||||||
|
|
||||||
|
/*
|
||||||
|
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
|
||||||
|
index 6b0591c6c8c7..b1696d93bd6d 100644
|
||||||
|
--- a/crypto/ec/ec_lib.c
|
||||||
|
+++ b/crypto/ec/ec_lib.c
|
||||||
|
@@ -1556,13 +1556,23 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
||||||
|
/* This is the simple named group case */
|
||||||
|
ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
|
||||||
|
if (ptmp != NULL) {
|
||||||
|
- group = group_new_from_name(ptmp, libctx, propq);
|
||||||
|
- if (group != NULL) {
|
||||||
|
- if (!ossl_ec_group_set_params(group, params)) {
|
||||||
|
- EC_GROUP_free(group);
|
||||||
|
- group = NULL;
|
||||||
|
- }
|
||||||
|
+ int decoded = 0;
|
||||||
|
+
|
||||||
|
+ if ((group = group_new_from_name(ptmp, libctx, propq)) == NULL)
|
||||||
|
+ return NULL;
|
||||||
|
+ if (!ossl_ec_group_set_params(group, params)) {
|
||||||
|
+ EC_GROUP_free(group);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ ptmp = OSSL_PARAM_locate_const(params,
|
||||||
|
+ OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS);
|
||||||
|
+ if (ptmp != NULL && !OSSL_PARAM_get_int(ptmp, &decoded)) {
|
||||||
|
+ ERR_raise(ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS);
|
||||||
|
+ EC_GROUP_free(group);
|
||||||
|
+ return NULL;
|
||||||
|
}
|
||||||
|
+ group->decoded_from_explicit_params = decoded > 0;
|
||||||
|
return group;
|
||||||
|
}
|
||||||
|
#ifdef FIPS_MODULE
|
||||||
|
@@ -1733,6 +1743,8 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
||||||
|
EC_GROUP_free(group);
|
||||||
|
group = named_group;
|
||||||
|
}
|
||||||
|
+ /* We've imported the group from explicit parameters, set it so. */
|
||||||
|
+ group->decoded_from_explicit_params = 1;
|
||||||
|
ok = 1;
|
||||||
|
err:
|
||||||
|
if (!ok) {
|
||||||
|
diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod
|
||||||
|
index eed83237c3b2..ee66a074f889 100644
|
||||||
|
--- a/doc/man7/EVP_PKEY-EC.pod
|
||||||
|
+++ b/doc/man7/EVP_PKEY-EC.pod
|
||||||
|
@@ -70,8 +70,8 @@ I<order> multiplied by the I<cofactor> gives the number of points on the curve.
|
||||||
|
|
||||||
|
=item "decoded-from-explicit" (B<OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS>) <integer>
|
||||||
|
|
||||||
|
-Gets a flag indicating wether the key or parameters were decoded from explicit
|
||||||
|
-curve parameters. Set to 1 if so or 0 if a named curve was used.
|
||||||
|
+Sets or gets a flag indicating whether the key or parameters were decoded from
|
||||||
|
+explicit curve parameters. Set to 1 if so or 0 if a named curve was used.
|
||||||
|
|
||||||
|
=item "use-cofactor-flag" (B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH>) <integer>
|
||||||
|
|
||||||
|
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
|
||||||
|
index 9260d4bf3635..7aed057cac89 100644
|
||||||
|
--- a/providers/implementations/keymgmt/ec_kmgmt.c
|
||||||
|
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
|
||||||
|
@@ -525,7 +525,8 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
|
||||||
|
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_GENERATOR, NULL, 0), \
|
||||||
|
OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_ORDER, NULL, 0), \
|
||||||
|
OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_COFACTOR, NULL, 0), \
|
||||||
|
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0)
|
||||||
|
+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0), \
|
||||||
|
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, NULL)
|
||||||
|
|
||||||
|
# define EC_IMEXPORTABLE_PUBLIC_KEY \
|
||||||
|
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
|
||||||
|
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
|
||||||
|
index 700bbd849c95..ede14864d5ac 100644
|
||||||
|
--- a/test/recipes/25-test_verify.t
|
||||||
|
+++ b/test/recipes/25-test_verify.t
|
||||||
|
@@ -12,7 +12,7 @@ use warnings;
|
||||||
|
|
||||||
|
use File::Spec::Functions qw/canonpath/;
|
||||||
|
use File::Copy;
|
||||||
|
-use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips with/;
|
||||||
|
+use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir ok_nofips with/;
|
||||||
|
use OpenSSL::Test::Utils;
|
||||||
|
|
||||||
|
setup("test_verify");
|
||||||
|
@@ -29,7 +29,7 @@ sub verify {
|
||||||
|
run(app([@args]));
|
||||||
|
}
|
||||||
|
|
||||||
|
-plan tests => 160;
|
||||||
|
+plan tests => 163;
|
||||||
|
|
||||||
|
# Canonical success
|
||||||
|
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
|
||||||
|
@@ -309,6 +309,29 @@ SKIP: {
|
||||||
|
["ca-cert-ec-named"]),
|
||||||
|
"accept named curve leaf with named curve intermediate");
|
||||||
|
}
|
||||||
|
+# Same as above but with base provider used for decoding
|
||||||
|
+SKIP: {
|
||||||
|
+ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
|
||||||
|
+ skip "EC is not supported or FIPS is disabled", 3
|
||||||
|
+ if disabled("ec") || $no_fips;
|
||||||
|
+
|
||||||
|
+ my $provconf = srctop_file("test", "fips-and-base.cnf");
|
||||||
|
+ my $provpath = bldtop_dir("providers");
|
||||||
|
+ my @prov = ("-provider-path", $provpath);
|
||||||
|
+ $ENV{OPENSSL_CONF} = $provconf;
|
||||||
|
+
|
||||||
|
+ ok(!verify("ee-cert-ec-explicit", "", ["root-cert"],
|
||||||
|
+ ["ca-cert-ec-named"], @prov),
|
||||||
|
+ "reject explicit curve leaf with named curve intermediate w/fips");
|
||||||
|
+ ok(!verify("ee-cert-ec-named-explicit", "", ["root-cert"],
|
||||||
|
+ ["ca-cert-ec-explicit"], @prov),
|
||||||
|
+ "reject named curve leaf with explicit curve intermediate w/fips");
|
||||||
|
+ ok(verify("ee-cert-ec-named-named", "", ["root-cert"],
|
||||||
|
+ ["ca-cert-ec-named"], @prov),
|
||||||
|
+ "accept named curve leaf with named curve intermediate w/fips");
|
||||||
|
+
|
||||||
|
+ delete $ENV{OPENSSL_CONF};
|
||||||
|
+}
|
||||||
|
|
||||||
|
# Depth tests, note the depth limit bounds the number of CA certificates
|
||||||
|
# between the trust-anchor and the leaf, so, for example, with a root->ca->leaf
|
@ -0,0 +1,187 @@
|
|||||||
|
diff -up openssl-3.0.1/crypto/dh/dh_key.c.fips3 openssl-3.0.1/crypto/dh/dh_key.c
|
||||||
|
--- openssl-3.0.1/crypto/dh/dh_key.c.fips3 2022-07-18 16:01:41.159543735 +0200
|
||||||
|
+++ openssl-3.0.1/crypto/dh/dh_key.c 2022-07-18 16:24:30.251388248 +0200
|
||||||
|
@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *k
|
||||||
|
BN_MONT_CTX *mont = NULL;
|
||||||
|
BIGNUM *z = NULL, *pminus1;
|
||||||
|
int ret = -1;
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ int validate = 0;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
||||||
|
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
|
||||||
|
@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *k
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) {
|
||||||
|
+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
ctx = BN_CTX_new_ex(dh->libctx);
|
||||||
|
if (ctx == NULL)
|
||||||
|
goto err;
|
||||||
|
@@ -262,6 +272,9 @@ static int generate_key(DH *dh)
|
||||||
|
#endif
|
||||||
|
BN_CTX *ctx = NULL;
|
||||||
|
BIGNUM *pub_key = NULL, *priv_key = NULL;
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ int validate = 0;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
||||||
|
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
|
||||||
|
@@ -354,8 +367,23 @@ static int generate_key(DH *dh)
|
||||||
|
if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) {
|
||||||
|
+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
dh->pub_key = pub_key;
|
||||||
|
dh->priv_key = priv_key;
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if (ossl_dh_check_pairwise(dh) <= 0) {
|
||||||
|
+ dh->pub_key = dh->priv_key = NULL;
|
||||||
|
+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
dh->dirty_cnt++;
|
||||||
|
ok = 1;
|
||||||
|
err:
|
||||||
|
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c
|
||||||
|
diff -up openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c
|
||||||
|
--- openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 2022-07-25 13:42:46.814952053 +0200
|
||||||
|
+++ openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c 2022-07-25 13:52:12.292065706 +0200
|
||||||
|
@@ -488,6 +488,25 @@ int ecdh_plain_derive(void *vpecdhctx, u
|
||||||
|
}
|
||||||
|
|
||||||
|
ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk);
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ {
|
||||||
|
+ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk));
|
||||||
|
+ int check = 0;
|
||||||
|
+
|
||||||
|
+ if (bn_ctx == NULL) {
|
||||||
|
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
|
||||||
|
+ goto end;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx);
|
||||||
|
+ BN_CTX_free(bn_ctx);
|
||||||
|
+
|
||||||
|
+ if (check <= 0) {
|
||||||
|
+ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY);
|
||||||
|
+ goto end;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
|
||||||
|
|
||||||
|
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c
|
||||||
|
--- openssl-3.0.1/crypto/ec/ec_key.c.fips3 2022-07-25 14:03:34.420222507 +0200
|
||||||
|
+++ openssl-3.0.1/crypto/ec/ec_key.c 2022-07-25 14:09:00.728164294 +0200
|
||||||
|
@@ -336,6 +336,11 @@ static int ec_generate_key(EC_KEY *eckey
|
||||||
|
|
||||||
|
OSSL_SELF_TEST_get_callback(eckey->libctx, &cb, &cbarg);
|
||||||
|
ok = ecdsa_keygen_pairwise_test(eckey, cb, cbarg);
|
||||||
|
+
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ ok &= ossl_ec_key_public_check(eckey, ctx);
|
||||||
|
+ ok &= ossl_ec_key_pairwise_check(eckey, ctx);
|
||||||
|
+#endif /* FIPS_MODULE */
|
||||||
|
}
|
||||||
|
err:
|
||||||
|
/* Step (9): If there is an error return an invalid keypair. */
|
||||||
|
diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_gen.c
|
||||||
|
--- openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 2022-07-25 17:02:17.807271297 +0200
|
||||||
|
+++ openssl-3.0.1/crypto/rsa/rsa_gen.c 2022-07-25 17:18:24.931959649 +0200
|
||||||
|
@@ -23,6 +23,7 @@
|
||||||
|
#include <time.h>
|
||||||
|
#include "internal/cryptlib.h"
|
||||||
|
#include <openssl/bn.h>
|
||||||
|
+#include <openssl/obj_mac.h>
|
||||||
|
#include <openssl/self_test.h>
|
||||||
|
#include "prov/providercommon.h"
|
||||||
|
#include "rsa_local.h"
|
||||||
|
@@ -476,52 +476,43 @@ static int rsa_keygen(OSSL_LIB_CTX *libc
|
||||||
|
static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg)
|
||||||
|
{
|
||||||
|
int ret = 0;
|
||||||
|
- unsigned int ciphertxt_len;
|
||||||
|
- unsigned char *ciphertxt = NULL;
|
||||||
|
- const unsigned char plaintxt[16] = {0};
|
||||||
|
- unsigned char *decoded = NULL;
|
||||||
|
- unsigned int decoded_len;
|
||||||
|
- unsigned int plaintxt_len = (unsigned int)sizeof(plaintxt_len);
|
||||||
|
- int padding = RSA_PKCS1_PADDING;
|
||||||
|
+ unsigned int signature_len;
|
||||||
|
+ unsigned char *signature = NULL;
|
||||||
|
OSSL_SELF_TEST *st = NULL;
|
||||||
|
+ static const unsigned char dgst[] = {
|
||||||
|
+ 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
|
||||||
|
+ 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
|
||||||
|
+ 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
|
||||||
|
+ };
|
||||||
|
|
||||||
|
st = OSSL_SELF_TEST_new(cb, cbarg);
|
||||||
|
if (st == NULL)
|
||||||
|
goto err;
|
||||||
|
OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT,
|
||||||
|
+ /* No special name for RSA signature PCT*/
|
||||||
|
OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1);
|
||||||
|
|
||||||
|
- ciphertxt_len = RSA_size(rsa);
|
||||||
|
+ signature_len = RSA_size(rsa);
|
||||||
|
- /*
|
||||||
|
- * RSA_private_encrypt() and RSA_private_decrypt() requires the 'to'
|
||||||
|
- * parameter to be a maximum of RSA_size() - allocate space for both.
|
||||||
|
- */
|
||||||
|
- ciphertxt = OPENSSL_zalloc(ciphertxt_len * 2);
|
||||||
|
- if (ciphertxt == NULL)
|
||||||
|
+ signature = OPENSSL_zalloc(signature_len);
|
||||||
|
+ if (signature == NULL)
|
||||||
|
goto err;
|
||||||
|
- decoded = ciphertxt + ciphertxt_len;
|
||||||
|
|
||||||
|
- ciphertxt_len = RSA_public_encrypt(plaintxt_len, plaintxt, ciphertxt, rsa,
|
||||||
|
- padding);
|
||||||
|
- if (ciphertxt_len <= 0)
|
||||||
|
+ if (RSA_sign(NID_sha256, dgst, sizeof(dgst), signature, &signature_len, rsa) <= 0)
|
||||||
|
goto err;
|
||||||
|
- if (ciphertxt_len == plaintxt_len
|
||||||
|
- && memcmp(ciphertxt, plaintxt, plaintxt_len) == 0)
|
||||||
|
+
|
||||||
|
+ if (signature_len <= 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
- OSSL_SELF_TEST_oncorrupt_byte(st, ciphertxt);
|
||||||
|
+ OSSL_SELF_TEST_oncorrupt_byte(st, signature);
|
||||||
|
|
||||||
|
- decoded_len = RSA_private_decrypt(ciphertxt_len, ciphertxt, decoded, rsa,
|
||||||
|
- padding);
|
||||||
|
- if (decoded_len != plaintxt_len
|
||||||
|
- || memcmp(decoded, plaintxt, decoded_len) != 0)
|
||||||
|
+ if (RSA_verify(NID_sha256, dgst, sizeof(dgst), signature, signature_len, rsa) <= 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
ret = 1;
|
||||||
|
err:
|
||||||
|
OSSL_SELF_TEST_onend(st, ret);
|
||||||
|
OSSL_SELF_TEST_free(st);
|
||||||
|
- OPENSSL_free(ciphertxt);
|
||||||
|
+ OPENSSL_free(signature);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
@ -0,0 +1,53 @@
|
|||||||
|
From 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Mraz <tomas@openssl.org>
|
||||||
|
Date: Wed, 2 Feb 2022 17:47:26 +0100
|
||||||
|
Subject: [PATCH] Replace size check with more meaningful pubkey check
|
||||||
|
|
||||||
|
It does not make sense to check the size because this
|
||||||
|
function can be used in other contexts than in TLS-1.3 and
|
||||||
|
the value might not be padded to the size of p.
|
||||||
|
|
||||||
|
However it makes sense to do the partial pubkey check because
|
||||||
|
there is no valid reason having the pubkey value outside the
|
||||||
|
1 < pubkey < p-1 bounds.
|
||||||
|
|
||||||
|
Fixes #15465
|
||||||
|
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
(Merged from https://github.com/openssl/openssl/pull/17630)
|
||||||
|
---
|
||||||
|
crypto/dh/dh_key.c | 11 ++++-------
|
||||||
|
1 file changed, 4 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
|
||||||
|
index 6b8cd550f2..c78ed618bf 100644
|
||||||
|
--- a/crypto/dh/dh_key.c
|
||||||
|
+++ b/crypto/dh/dh_key.c
|
||||||
|
@@ -375,20 +375,17 @@ int ossl_dh_buf2key(DH *dh, const unsigned char *buf, size_t len)
|
||||||
|
int err_reason = DH_R_BN_ERROR;
|
||||||
|
BIGNUM *pubkey = NULL;
|
||||||
|
const BIGNUM *p;
|
||||||
|
- size_t p_size;
|
||||||
|
+ int ret;
|
||||||
|
|
||||||
|
if ((pubkey = BN_bin2bn(buf, len, NULL)) == NULL)
|
||||||
|
goto err;
|
||||||
|
DH_get0_pqg(dh, &p, NULL, NULL);
|
||||||
|
- if (p == NULL || (p_size = BN_num_bytes(p)) == 0) {
|
||||||
|
+ if (p == NULL || BN_num_bytes(p) == 0) {
|
||||||
|
err_reason = DH_R_NO_PARAMETERS_SET;
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
- /*
|
||||||
|
- * As per Section 4.2.8.1 of RFC 8446 fail if DHE's
|
||||||
|
- * public key is of size not equal to size of p
|
||||||
|
- */
|
||||||
|
- if (BN_is_zero(pubkey) || p_size != len) {
|
||||||
|
+ /* Prevent small subgroup attacks per RFC 8446 Section 4.2.8.1 */
|
||||||
|
+ if (!ossl_dh_check_pub_key_partial(dh, pubkey, &ret)) {
|
||||||
|
err_reason = DH_R_INVALID_PUBKEY;
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.35.1
|
||||||
|
|
@ -0,0 +1,23 @@
|
|||||||
|
diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
|
||||||
|
index e1da724bd2f4..2bee5ef19447 100644
|
||||||
|
--- a/crypto/core_namemap.c
|
||||||
|
+++ b/crypto/core_namemap.c
|
||||||
|
@@ -409,14 +409,16 @@ static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg)
|
||||||
|
{
|
||||||
|
const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type);
|
||||||
|
|
||||||
|
- get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
|
||||||
|
+ if (cipher != NULL)
|
||||||
|
+ get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
|
||||||
|
{
|
||||||
|
const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type);
|
||||||
|
|
||||||
|
- get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
|
||||||
|
+ if (md != NULL)
|
||||||
|
+ get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,104 @@
|
|||||||
|
From 68f23e3725d9639f5b27d868fee291cabb516677 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||||
|
Date: Fri, 22 Apr 2022 18:16:56 +0200
|
||||||
|
Subject: [PATCH 1/2] Ensure we initialized the locale before
|
||||||
|
evp_pkey_name2type
|
||||||
|
|
||||||
|
Fixes #18158
|
||||||
|
---
|
||||||
|
crypto/evp/pmeth_lib.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
|
||||||
|
index 2b9c6c2351da..92d25de44532 100644
|
||||||
|
--- a/crypto/evp/pmeth_lib.c
|
||||||
|
+++ b/crypto/evp/pmeth_lib.c
|
||||||
|
@@ -27,6 +27,7 @@
|
||||||
|
#ifndef FIPS_MODULE
|
||||||
|
# include "crypto/asn1.h"
|
||||||
|
#endif
|
||||||
|
+#include "crypto/ctype.h"
|
||||||
|
#include "crypto/evp.h"
|
||||||
|
#include "crypto/dh.h"
|
||||||
|
#include "crypto/ec.h"
|
||||||
|
@@ -199,6 +200,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,
|
||||||
|
}
|
||||||
|
#ifndef FIPS_MODULE
|
||||||
|
if (keytype != NULL) {
|
||||||
|
+ ossl_init_casecmp();
|
||||||
|
id = evp_pkey_name2type(keytype);
|
||||||
|
if (id == NID_undef)
|
||||||
|
id = -1;
|
||||||
|
|
||||||
|
From 51c7b2d9c30b72aeb7e8eb69799dc039d5b23e58 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||||
|
Date: Fri, 22 Apr 2022 19:26:08 +0200
|
||||||
|
Subject: [PATCH 2/2] Testing the EVP_PKEY_CTX_new_from_name without
|
||||||
|
preliminary init
|
||||||
|
|
||||||
|
---
|
||||||
|
test/build.info | 6 +++++-
|
||||||
|
test/evp_pkey_ctx_new_from_name.c | 14 ++++++++++++++
|
||||||
|
test/recipes/02-test_localetest.t | 4 +++-
|
||||||
|
3 files changed, 22 insertions(+), 2 deletions(-)
|
||||||
|
create mode 100644 test/evp_pkey_ctx_new_from_name.c
|
||||||
|
|
||||||
|
diff --git a/test/build.info b/test/build.info
|
||||||
|
index 14a84f00a258..ee059973d31a 100644
|
||||||
|
--- a/test/build.info
|
||||||
|
+++ b/test/build.info
|
||||||
|
@@ -37,7 +37,7 @@ IF[{- !$disabled{tests} -}]
|
||||||
|
sanitytest rsa_complex exdatatest bntest \
|
||||||
|
ecstresstest gmdifftest pbelutest \
|
||||||
|
destest mdc2test sha_test \
|
||||||
|
- exptest pbetest localetest \
|
||||||
|
+ exptest pbetest localetest evp_pkey_ctx_new_from_name\
|
||||||
|
evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
|
||||||
|
evp_fetch_prov_test evp_libctx_test ossl_store_test \
|
||||||
|
v3nametest v3ext \
|
||||||
|
@@ -139,6 +139,10 @@ IF[{- !$disabled{tests} -}]
|
||||||
|
INCLUDE[localetest]=../include ../apps/include
|
||||||
|
DEPEND[localetest]=../libcrypto libtestutil.a
|
||||||
|
|
||||||
|
+ SOURCE[evp_pkey_ctx_new_from_name]=evp_pkey_ctx_new_from_name.c
|
||||||
|
+ INCLUDE[evp_pkey_ctx_new_from_name]=../include ../apps/include
|
||||||
|
+ DEPEND[evp_pkey_ctx_new_from_name]=../libcrypto
|
||||||
|
+
|
||||||
|
SOURCE[pbetest]=pbetest.c
|
||||||
|
INCLUDE[pbetest]=../include ../apps/include
|
||||||
|
DEPEND[pbetest]=../libcrypto libtestutil.a
|
||||||
|
diff --git a/test/evp_pkey_ctx_new_from_name.c b/test/evp_pkey_ctx_new_from_name.c
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000000..24063ea05ea5
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/test/evp_pkey_ctx_new_from_name.c
|
||||||
|
@@ -0,0 +1,14 @@
|
||||||
|
+#include <stdio.h>
|
||||||
|
+#include <openssl/ec.h>
|
||||||
|
+#include <openssl/evp.h>
|
||||||
|
+#include <openssl/err.h>
|
||||||
|
+
|
||||||
|
+int main(int argc, char *argv[])
|
||||||
|
+{
|
||||||
|
+ EVP_PKEY_CTX *pctx = NULL;
|
||||||
|
+
|
||||||
|
+ pctx = EVP_PKEY_CTX_new_from_name(NULL, "NO_SUCH_ALGORITHM", NULL);
|
||||||
|
+ EVP_PKEY_CTX_free(pctx);
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
diff --git a/test/recipes/02-test_localetest.t b/test/recipes/02-test_localetest.t
|
||||||
|
index 1bccd57d4c63..77fba7d819ab 100644
|
||||||
|
--- a/test/recipes/02-test_localetest.t
|
||||||
|
+++ b/test/recipes/02-test_localetest.t
|
||||||
|
@@ -15,7 +15,9 @@ setup("locale tests");
|
||||||
|
plan skip_all => "Locale tests not available on Windows or VMS"
|
||||||
|
if $^O =~ /^(VMS|MSWin32)$/;
|
||||||
|
|
||||||
|
-plan tests => 2;
|
||||||
|
+plan tests => 3;
|
||||||
|
+
|
||||||
|
+ok(run(test(["evp_pkey_ctx_new_from_name"])), "running evp_pkey_ctx_new_from_name without explicit context init");
|
||||||
|
|
||||||
|
$ENV{LANG} = "C";
|
||||||
|
ok(run(test(["localetest"])), "running localetest");
|
@ -0,0 +1,540 @@
|
|||||||
|
diff -up openssl-3.0.1/providers/common/securitycheck.c.rsaenc openssl-3.0.1/providers/common/securitycheck.c
|
||||||
|
--- openssl-3.0.1/providers/common/securitycheck.c.rsaenc 2022-06-24 17:14:33.634692729 +0200
|
||||||
|
+++ openssl-3.0.1/providers/common/securitycheck.c 2022-06-24 17:16:08.966540605 +0200
|
||||||
|
@@ -27,6 +27,7 @@
|
||||||
|
* Set protect = 1 for encryption or signing operations, or 0 otherwise. See
|
||||||
|
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
|
||||||
|
*/
|
||||||
|
+/* Red Hat build implements some extra limitations in providers/implementations/asymciphers/rsa_enc.c */
|
||||||
|
int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation)
|
||||||
|
{
|
||||||
|
int protect = 0;
|
||||||
|
diff -up openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c
|
||||||
|
--- openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c.no_bad_pad 2022-05-02 16:04:47.000091901 +0200
|
||||||
|
+++ openssl-3.0.1/providers/implementations/asymciphers/rsa_enc.c 2022-05-02 16:14:50.922443581 +0200
|
||||||
|
@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsac
|
||||||
|
return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT);
|
||||||
|
}
|
||||||
|
|
||||||
|
+# ifdef FIPS_MODULE
|
||||||
|
+static int fips_padding_allowed(const PROV_RSA_CTX *prsactx)
|
||||||
|
+{
|
||||||
|
+ if (prsactx->pad_mode == RSA_PKCS1_PADDING
|
||||||
|
+ || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ return 1;
|
||||||
|
+}
|
||||||
|
+# endif
|
||||||
|
+
|
||||||
|
static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
|
||||||
|
size_t outsize, const unsigned char *in, size_t inlen)
|
||||||
|
{
|
||||||
|
@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, u
|
||||||
|
if (!ossl_prov_is_running())
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
+# ifdef FIPS_MODULE
|
||||||
|
+ if (fips_padding_allowed(prsactx) == 0) {
|
||||||
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) {
|
||||||
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+# endif
|
||||||
|
+
|
||||||
|
if (out == NULL) {
|
||||||
|
size_t len = RSA_size(prsactx->rsa);
|
||||||
|
|
||||||
|
@@ -202,6 +220,18 @@ static int rsa_decrypt(void *vprsactx, u
|
||||||
|
if (!ossl_prov_is_running())
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
+# ifdef FIPS_MODULE
|
||||||
|
+ if (fips_padding_allowed(prsactx) == 0) {
|
||||||
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) {
|
||||||
|
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+# endif
|
||||||
|
+
|
||||||
|
if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) {
|
||||||
|
if (out == NULL) {
|
||||||
|
*outlen = SSL_MAX_MASTER_KEY_LENGTH;
|
||||||
|
diff -up openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_cms.t
|
||||||
|
--- openssl-3.0.1/test/recipes/80-test_cms.t.no_bad_pad 2022-05-02 17:04:07.610782138 +0200
|
||||||
|
+++ openssl-3.0.1/test/recipes/80-test_cms.t 2022-05-02 17:06:03.595814620 +0200
|
||||||
|
@@ -232,7 +232,7 @@ my @smime_pkcs7_tests = (
|
||||||
|
\&final_compare
|
||||||
|
],
|
||||||
|
|
||||||
|
- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
|
||||||
|
+ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS",
|
||||||
|
[ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
|
||||||
|
"-aes256", "-stream", "-out", "{output}.cms",
|
||||||
|
$smrsa1,
|
||||||
|
@@ -865,5 +865,8 @@ sub check_availability {
|
||||||
|
return "$tnam: skipped, DSA disabled\n"
|
||||||
|
if ($no_dsa && $tnam =~ / DSA/);
|
||||||
|
|
||||||
|
+ return "$tnam: skipped, Red Hat FIPS\n"
|
||||||
|
+ if ($tnam =~ /no Red Hat FIPS/);
|
||||||
|
+
|
||||||
|
return "";
|
||||||
|
}
|
||||||
|
diff -up openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad openssl-3.0.1/test/recipes/80-test_ssl_old.t
|
||||||
|
--- openssl-3.0.1/test/recipes/80-test_ssl_old.t.no_bad_pad 2022-05-02 17:26:37.962838053 +0200
|
||||||
|
+++ openssl-3.0.1/test/recipes/80-test_ssl_old.t 2022-05-02 17:34:20.297950449 +0200
|
||||||
|
@@ -483,6 +483,18 @@ sub testssl {
|
||||||
|
# the default choice if TLSv1.3 enabled
|
||||||
|
my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
|
||||||
|
my $ciphersuites = "";
|
||||||
|
+ my %redhat_skip_cipher = map {$_ => 1} qw(
|
||||||
|
+AES256-GCM-SHA384:@SECLEVEL=0
|
||||||
|
+AES256-CCM8:@SECLEVEL=0
|
||||||
|
+AES256-CCM:@SECLEVEL=0
|
||||||
|
+AES128-GCM-SHA256:@SECLEVEL=0
|
||||||
|
+AES128-CCM8:@SECLEVEL=0
|
||||||
|
+AES128-CCM:@SECLEVEL=0
|
||||||
|
+AES256-SHA256:@SECLEVEL=0
|
||||||
|
+AES128-SHA256:@SECLEVEL=0
|
||||||
|
+AES256-SHA:@SECLEVEL=0
|
||||||
|
+AES128-SHA:@SECLEVEL=0
|
||||||
|
+ );
|
||||||
|
foreach my $cipher (@{$ciphersuites{$protocol}}) {
|
||||||
|
if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
|
||||||
|
note "*****SKIPPING $protocol $cipher";
|
||||||
|
@@ -494,11 +506,16 @@ sub testssl {
|
||||||
|
} else {
|
||||||
|
$cipher = $cipher.':@SECLEVEL=0';
|
||||||
|
}
|
||||||
|
- ok(run(test([@ssltest, @exkeys, "-cipher",
|
||||||
|
- $cipher,
|
||||||
|
- "-ciphersuites", $ciphersuites,
|
||||||
|
- $flag || ()])),
|
||||||
|
- "Testing $cipher");
|
||||||
|
+ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) {
|
||||||
|
+ note "*****SKIPPING $cipher in Red Hat FIPS mode";
|
||||||
|
+ ok(1);
|
||||||
|
+ } else {
|
||||||
|
+ ok(run(test([@ssltest, @exkeys, "-cipher",
|
||||||
|
+ $cipher,
|
||||||
|
+ "-ciphersuites", $ciphersuites,
|
||||||
|
+ $flag || ()])),
|
||||||
|
+ "Testing $cipher");
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
next if $protocol eq "-tls1_3";
|
||||||
|
diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
|
||||||
|
--- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt.fipskeylen 2022-06-16 14:26:19.383530498 +0200
|
||||||
|
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2022-06-16 14:39:53.637777701 +0200
|
||||||
|
@@ -263,12 +263,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974
|
||||||
|
Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
|
||||||
|
|
||||||
|
# RSA decrypt
|
||||||
|
-
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt = RSA-2048
|
||||||
|
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
|
||||||
|
Output = "Hello World"
|
||||||
|
|
||||||
|
# Corrupted ciphertext
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt = RSA-2048
|
||||||
|
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79
|
||||||
|
Output = "Hello World"
|
||||||
|
@@ -665,36 +666,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mN
|
||||||
|
h90qjKHS9PvY4Q==
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-1
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a
|
||||||
|
Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-1
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44
|
||||||
|
Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-1
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb
|
||||||
|
Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-1
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755
|
||||||
|
Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-1
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439
|
||||||
|
Output=8da89fd9e5f974a29feffb462b49180f6cf9e802
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-1
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
@@ -719,36 +726,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64
|
||||||
|
eG2e4XlBcKjI6A==
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-2
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e
|
||||||
|
Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-2
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245
|
||||||
|
Output=2d
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-2
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053
|
||||||
|
Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-2
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641
|
||||||
|
Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-2
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec
|
||||||
|
Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-2
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
@@ -773,36 +786,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+W
|
||||||
|
Ya4qnqZe1onjY5o=
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-3
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80
|
||||||
|
Output=087820b569e8fa8d
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-3
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5
|
||||||
|
Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-3
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a
|
||||||
|
Output=d94cd0e08fa404ed89
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-3
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0
|
||||||
|
Output=6cc641b6b61e6f963974dad23a9013284ef1
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-3
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60
|
||||||
|
Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-3
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
@@ -827,36 +846,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/
|
||||||
|
aD0x7TDrmEvkEro=
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-4
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8
|
||||||
|
Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-4
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e
|
||||||
|
Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-4
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065
|
||||||
|
Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-4
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4
|
||||||
|
Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-4
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2
|
||||||
|
Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-4
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
@@ -881,36 +906,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/
|
||||||
|
MSwGUGLx60i3nRyDyw==
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-5
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5
|
||||||
|
Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-5
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad
|
||||||
|
Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-5
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967
|
||||||
|
Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-5
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf
|
||||||
|
Output=15c5b9ee1185
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-5
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723
|
||||||
|
Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-5
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
@@ -935,36 +966,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hq
|
||||||
|
Yejn5Ly8mU2q+jBcRQ==
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-6
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3
|
||||||
|
Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-6
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f
|
||||||
|
Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-6
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65
|
||||||
|
Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-6
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8
|
||||||
|
Output=684e3038c5c041f7
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-6
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab
|
||||||
|
Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-6
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
@@ -989,36 +1026,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4
|
||||||
|
FMlxv0gq65dqc3DC
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-7
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1
|
||||||
|
Output=47aae909
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-7
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6
|
||||||
|
Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-7
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b
|
||||||
|
Output=d976fc
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-7
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac
|
||||||
|
Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-7
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478
|
||||||
|
Output=bb47231ca5ea1d3ad46c99345d9a8a61
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-7
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
@@ -1043,36 +1086,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15E
|
||||||
|
2MiPa249Z+lh3Luj0A==
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-8
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61
|
||||||
|
Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-8
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d
|
||||||
|
Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-8
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f
|
||||||
|
Output=8604ac56328c1ab5ad917861
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-8
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0
|
||||||
|
Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-8
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2
|
||||||
|
Output=4a5f4914bee25de3c69341de07
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-8
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
@@ -1103,36 +1152,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSc
|
||||||
|
tKo5Eb69iFQvBb4=
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-9
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72
|
||||||
|
Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-9
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8
|
||||||
|
Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-9
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3
|
||||||
|
Output=fd326429df9b890e09b54b18b8f34f1e24
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-9
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858
|
||||||
|
Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-9
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
||||||
|
Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e
|
||||||
|
Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d
|
||||||
|
|
||||||
|
+Availablein = default
|
||||||
|
Decrypt=RSA-OAEP-9
|
||||||
|
Ctrl = rsa_padding_mode:oaep
|
||||||
|
Ctrl = rsa_mgf1_md:sha1
|
@ -0,0 +1,420 @@
|
|||||||
|
diff -up openssl-3.0.1/crypto/ec/ec_backend.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_backend.c
|
||||||
|
--- openssl-3.0.1/crypto/ec/ec_backend.c.fips_kat_signature 2022-04-04 15:49:24.786455707 +0200
|
||||||
|
+++ openssl-3.0.1/crypto/ec/ec_backend.c 2022-04-04 16:06:13.250271963 +0200
|
||||||
|
@@ -393,6 +393,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con
|
||||||
|
const OSSL_PARAM *param_priv_key = NULL, *param_pub_key = NULL;
|
||||||
|
BN_CTX *ctx = NULL;
|
||||||
|
BIGNUM *priv_key = NULL;
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ const OSSL_PARAM *param_sign_kat_k = NULL;
|
||||||
|
+ BIGNUM *sign_kat_k = NULL;
|
||||||
|
+#endif
|
||||||
|
unsigned char *pub_key = NULL;
|
||||||
|
size_t pub_key_len;
|
||||||
|
const EC_GROUP *ecg = NULL;
|
||||||
|
@@ -408,7 +412,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con
|
||||||
|
if (include_private)
|
||||||
|
param_priv_key =
|
||||||
|
OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
|
||||||
|
-
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ param_sign_kat_k =
|
||||||
|
+ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K);
|
||||||
|
+#endif
|
||||||
|
ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(ec));
|
||||||
|
if (ctx == NULL)
|
||||||
|
goto err;
|
||||||
|
@@ -481,6 +489,17 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con
|
||||||
|
&& !EC_KEY_set_public_key(ec, pub_point))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if (param_sign_kat_k) {
|
||||||
|
+ if ((sign_kat_k = BN_secure_new()) == NULL)
|
||||||
|
+ goto err;
|
||||||
|
+ BN_set_flags(sign_kat_k, BN_FLG_CONSTTIME);
|
||||||
|
+
|
||||||
|
+ if (!OSSL_PARAM_get_BN(param_sign_kat_k, &sign_kat_k))
|
||||||
|
+ goto err;
|
||||||
|
+ ec->sign_kat_k = sign_kat_k;
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
ok = 1;
|
||||||
|
|
||||||
|
err:
|
||||||
|
diff -up openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature openssl-3.0.1/crypto/ec/ecdsa_ossl.c
|
||||||
|
--- openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature 2022-04-04 17:01:35.725323127 +0200
|
||||||
|
+++ openssl-3.0.1/crypto/ec/ecdsa_ossl.c 2022-04-04 17:03:42.000427050 +0200
|
||||||
|
@@ -20,6 +20,10 @@
|
||||||
|
#include "crypto/bn.h"
|
||||||
|
#include "ec_local.h"
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+extern int REDHAT_FIPS_signature_st;
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||||
|
BIGNUM **rp)
|
||||||
|
{
|
||||||
|
@@ -126,6 +130,11 @@ static int ecdsa_sign_setup(EC_KEY *ecke
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
do {
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) {
|
||||||
|
+ BN_copy(k, eckey->sign_kat_k);
|
||||||
|
+ } else {
|
||||||
|
+#endif
|
||||||
|
/* get random k */
|
||||||
|
do {
|
||||||
|
if (dgst != NULL) {
|
||||||
|
@@ -141,7 +150,9 @@ static int ecdsa_sign_setup(EC_KEY *ecke
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} while (BN_is_zero(k));
|
||||||
|
-
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
/* compute r the x-coordinate of generator * k */
|
||||||
|
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
|
||||||
|
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
|
||||||
|
diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_key.c
|
||||||
|
--- openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature 2022-04-04 13:48:52.231172299 +0200
|
||||||
|
+++ openssl-3.0.1/crypto/ec/ec_key.c 2022-04-04 14:00:35.077368605 +0200
|
||||||
|
@@ -97,6 +97,9 @@ void EC_KEY_free(EC_KEY *r)
|
||||||
|
EC_GROUP_free(r->group);
|
||||||
|
EC_POINT_free(r->pub_key);
|
||||||
|
BN_clear_free(r->priv_key);
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ BN_clear_free(r->sign_kat_k);
|
||||||
|
+#endif
|
||||||
|
OPENSSL_free(r->propq);
|
||||||
|
|
||||||
|
OPENSSL_clear_free((void *)r, sizeof(EC_KEY));
|
||||||
|
diff -up openssl-3.0.1/crypto/ec/ec_local.h.fips_kat_signature openssl-3.0.1/crypto/ec/ec_local.h
|
||||||
|
--- openssl-3.0.1/crypto/ec/ec_local.h.fips_kat_signature 2022-04-04 13:46:57.576161867 +0200
|
||||||
|
+++ openssl-3.0.1/crypto/ec/ec_local.h 2022-04-04 13:48:07.827780835 +0200
|
||||||
|
@@ -298,6 +298,9 @@ struct ec_key_st {
|
||||||
|
#ifndef FIPS_MODULE
|
||||||
|
CRYPTO_EX_DATA ex_data;
|
||||||
|
#endif
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ BIGNUM *sign_kat_k;
|
||||||
|
+#endif
|
||||||
|
CRYPTO_RWLOCK *lock;
|
||||||
|
OSSL_LIB_CTX *libctx;
|
||||||
|
char *propq;
|
||||||
|
diff -up openssl-3.0.1/include/openssl/core_names.h.fips_kat_signature openssl-3.0.1/include/openssl/core_names.h
|
||||||
|
--- openssl-3.0.1/include/openssl/core_names.h.fips_kat_signature 2022-04-04 14:06:15.717370014 +0200
|
||||||
|
+++ openssl-3.0.1/include/openssl/core_names.h 2022-04-04 14:07:35.376071229 +0200
|
||||||
|
@@ -293,6 +293,7 @@ extern "C" {
|
||||||
|
#define OSSL_PKEY_PARAM_DIST_ID "distid"
|
||||||
|
#define OSSL_PKEY_PARAM_PUB_KEY "pub"
|
||||||
|
#define OSSL_PKEY_PARAM_PRIV_KEY "priv"
|
||||||
|
+#define OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K "rh_sign_kat_k"
|
||||||
|
|
||||||
|
/* Diffie-Hellman/DSA Parameters */
|
||||||
|
#define OSSL_PKEY_PARAM_FFC_P "p"
|
||||||
|
diff -up openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.fips_kat_signature openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c
|
||||||
|
--- openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.fips_kat_signature 2022-04-04 14:21:03.043180906 +0200
|
||||||
|
+++ openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c 2022-04-04 14:38:33.949406645 +0200
|
||||||
|
@@ -530,7 +530,8 @@ end:
|
||||||
|
# define EC_IMEXPORTABLE_PUBLIC_KEY \
|
||||||
|
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
|
||||||
|
# define EC_IMEXPORTABLE_PRIVATE_KEY \
|
||||||
|
- OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
|
||||||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), \
|
||||||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, NULL, 0)
|
||||||
|
# define EC_IMEXPORTABLE_OTHER_PARAMETERS \
|
||||||
|
OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), \
|
||||||
|
OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL)
|
||||||
|
diff -up openssl-3.0.1/providers/fips/self_test_kats.c.kat openssl-3.0.1/providers/fips/self_test_kats.c
|
||||||
|
--- openssl-3.0.1/providers/fips/self_test_kats.c.kat 2022-05-10 15:10:32.502185265 +0200
|
||||||
|
+++ openssl-3.0.1/providers/fips/self_test_kats.c 2022-05-10 15:13:21.465653720 +0200
|
||||||
|
@@ -17,6 +17,8 @@
|
||||||
|
#include "self_test.h"
|
||||||
|
#include "self_test_data.inc"
|
||||||
|
|
||||||
|
+int REDHAT_FIPS_signature_st = 0;
|
||||||
|
+
|
||||||
|
static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st,
|
||||||
|
OSSL_LIB_CTX *libctx)
|
||||||
|
{
|
||||||
|
@@ -446,6 +448,7 @@ static int self_test_sign(const ST_KAT_S
|
||||||
|
EVP_PKEY *pkey = NULL;
|
||||||
|
unsigned char sig[256];
|
||||||
|
BN_CTX *bnctx = NULL;
|
||||||
|
+ BIGNUM *K = NULL;
|
||||||
|
size_t siglen = sizeof(sig);
|
||||||
|
static const unsigned char dgst[] = {
|
||||||
|
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
|
||||||
|
@@ -462,6 +465,9 @@ static int self_test_sign(const ST_KAT_S
|
||||||
|
bnctx = BN_CTX_new_ex(libctx);
|
||||||
|
if (bnctx == NULL)
|
||||||
|
goto err;
|
||||||
|
+ K = BN_CTX_get(bnctx);
|
||||||
|
+ if (K == NULL || BN_bin2bn(dgst, sizeof(dgst), K) == NULL)
|
||||||
|
+ goto err;
|
||||||
|
|
||||||
|
bld = OSSL_PARAM_BLD_new();
|
||||||
|
if (bld == NULL)
|
||||||
|
@@ -469,6 +475,9 @@ static int self_test_sign(const ST_KAT_S
|
||||||
|
|
||||||
|
if (!add_params(bld, t->key, bnctx))
|
||||||
|
goto err;
|
||||||
|
+ /* set K for ECDSA KAT tests */
|
||||||
|
+ if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, K))
|
||||||
|
+ goto err;
|
||||||
|
params = OSSL_PARAM_BLD_to_param(bld);
|
||||||
|
|
||||||
|
/* Create a EVP_PKEY_CTX to load the DSA key into */
|
||||||
|
@@ -689,11 +698,13 @@ static int self_test_kas(OSSL_SELF_TEST
|
||||||
|
static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
|
||||||
|
{
|
||||||
|
int i, ret = 1;
|
||||||
|
+ REDHAT_FIPS_signature_st = 1;
|
||||||
|
|
||||||
|
for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) {
|
||||||
|
if (!self_test_sign(&st_kat_sign_tests[i], st, libctx))
|
||||||
|
ret = 0;
|
||||||
|
}
|
||||||
|
+ REDHAT_FIPS_signature_st = 0;
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff -up openssl-3.0.1/providers/fips/self_test_data.inc.kat openssl-3.0.1/providers/fips/self_test_data.inc
|
||||||
|
--- openssl-3.0.1/providers/fips/self_test_data.inc.kat 2022-05-16 17:37:34.962807400 +0200
|
||||||
|
+++ openssl-3.0.1/providers/fips/self_test_data.inc 2022-05-16 17:48:10.709376779 +0200
|
||||||
|
@@ -1399,7 +1399,151 @@ static const ST_KAT_PARAM ecdsa_prime_ke
|
||||||
|
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv),
|
||||||
|
ST_KAT_PARAM_END()
|
||||||
|
};
|
||||||
|
+static const unsigned char ec224r1_kat_sig[] = {
|
||||||
|
+0x30, 0x3c, 0x02, 0x1c, 0x2f, 0x24, 0x30, 0x96, 0x3b, 0x39, 0xe0, 0xab, 0xe2, 0x5a, 0x6f, 0xe0,
|
||||||
|
+0x40, 0x7e, 0x19, 0x30, 0x6e, 0x6a, 0xfd, 0x7a, 0x2b, 0x5d, 0xaa, 0xc2, 0x34, 0x6c, 0xc8, 0xce,
|
||||||
|
+0x02, 0x1c, 0x47, 0xe1, 0xac, 0xfd, 0xb4, 0xb8, 0x2b, 0x8c, 0x49, 0xb6, 0x36, 0xcd, 0xdd, 0x22,
|
||||||
|
+0x2a, 0x2d, 0x29, 0x64, 0x70, 0x61, 0xc3, 0x3e, 0x18, 0x51, 0xec, 0xf2, 0xad, 0x3c
|
||||||
|
+};
|
||||||
|
|
||||||
|
+static const char ecd_prime_curve_name384[] = "secp384r1";
|
||||||
|
+/*
|
||||||
|
+priv:
|
||||||
|
+ 58:12:2b:94:be:29:23:13:83:f5:c4:20:e8:22:34:
|
||||||
|
+ 54:73:49:91:10:05:e9:10:e9:d7:2d:72:9c:5e:6a:
|
||||||
|
+ ba:8f:6d:d6:e4:a7:eb:e0:ae:e3:d4:c9:aa:33:87:
|
||||||
|
+ 4c:91:87
|
||||||
|
+pub:
|
||||||
|
+ 04:d1:86:8b:f5:c4:a2:f7:a5:92:e6:85:2a:d2:92:
|
||||||
|
+ 81:97:0a:8d:fa:09:3f:84:6c:17:43:03:43:49:23:
|
||||||
|
+ 77:c4:31:f4:0a:a4:de:87:ac:5c:c0:d1:bc:e4:43:
|
||||||
|
+ 7f:8d:44:e1:3b:5f:bc:27:c8:79:0f:d0:31:9f:a7:
|
||||||
|
+ 6d:de:fb:f7:da:19:40:fd:aa:83:dc:69:ce:a6:f3:
|
||||||
|
+ 4d:65:20:1c:66:82:80:03:f7:7b:2e:f3:b3:7c:1f:
|
||||||
|
+ 11:f2:a3:bf:e8:0e:88
|
||||||
|
+*/
|
||||||
|
+static const unsigned char ecd_prime_priv384[] = {
|
||||||
|
+ 0x58, 0x12, 0x2b, 0x94, 0xbe, 0x29, 0x23, 0x13, 0x83, 0xf5, 0xc4, 0x20, 0xe8, 0x22, 0x34,
|
||||||
|
+ 0x54, 0x73, 0x49, 0x91, 0x10, 0x05, 0xe9, 0x10, 0xe9, 0xd7, 0x2d, 0x72, 0x9c, 0x5e, 0x6a,
|
||||||
|
+ 0xba, 0x8f, 0x6d, 0xd6, 0xe4, 0xa7, 0xeb, 0xe0, 0xae, 0xe3, 0xd4, 0xc9, 0xaa, 0x33, 0x87,
|
||||||
|
+ 0x4c, 0x91, 0x87
|
||||||
|
+};
|
||||||
|
+static const unsigned char ecd_prime_pub384[] = {
|
||||||
|
+ 0x04, 0xd1, 0x86, 0x8b, 0xf5, 0xc4, 0xa2, 0xf7, 0xa5, 0x92, 0xe6, 0x85, 0x2a, 0xd2, 0x92,
|
||||||
|
+ 0x81, 0x97, 0x0a, 0x8d, 0xfa, 0x09, 0x3f, 0x84, 0x6c, 0x17, 0x43, 0x03, 0x43, 0x49, 0x23,
|
||||||
|
+ 0x77, 0xc4, 0x31, 0xf4, 0x0a, 0xa4, 0xde, 0x87, 0xac, 0x5c, 0xc0, 0xd1, 0xbc, 0xe4, 0x43,
|
||||||
|
+ 0x7f, 0x8d, 0x44, 0xe1, 0x3b, 0x5f, 0xbc, 0x27, 0xc8, 0x79, 0x0f, 0xd0, 0x31, 0x9f, 0xa7,
|
||||||
|
+ 0x6d, 0xde, 0xfb, 0xf7, 0xda, 0x19, 0x40, 0xfd, 0xaa, 0x83, 0xdc, 0x69, 0xce, 0xa6, 0xf3,
|
||||||
|
+ 0x4d, 0x65, 0x20, 0x1c, 0x66, 0x82, 0x80, 0x03, 0xf7, 0x7b, 0x2e, 0xf3, 0xb3, 0x7c, 0x1f,
|
||||||
|
+ 0x11, 0xf2, 0xa3, 0xbf, 0xe8, 0x0e, 0x88
|
||||||
|
+};
|
||||||
|
+static const ST_KAT_PARAM ecdsa_prime_key384[] = {
|
||||||
|
+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name384),
|
||||||
|
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub384),
|
||||||
|
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv384),
|
||||||
|
+ ST_KAT_PARAM_END()
|
||||||
|
+};
|
||||||
|
+static const unsigned char ec384r1_kat_sig[] = {
|
||||||
|
+0x30, 0x65, 0x02, 0x30, 0x1a, 0xd5, 0x57, 0x1b, 0x28, 0x0f, 0xf1, 0x68, 0x66, 0x68, 0x8a, 0x98,
|
||||||
|
+0xe3, 0x9c, 0xce, 0x7f, 0xa7, 0x68, 0xdc, 0x84, 0x5a, 0x65, 0xdc, 0x2b, 0x5d, 0x7e, 0xf3, 0x9b,
|
||||||
|
+0xa0, 0x40, 0xe8, 0x7a, 0x02, 0xc7, 0x82, 0xe0, 0x0c, 0x81, 0xa5, 0xda, 0x55, 0x27, 0xbf, 0x79,
|
||||||
|
+0xee, 0x72, 0xc2, 0x14, 0x02, 0x31, 0x00, 0xd1, 0x9d, 0x67, 0xda, 0x5a, 0xd2, 0x58, 0x68, 0xe7,
|
||||||
|
+0x71, 0x08, 0xb2, 0xa4, 0xe4, 0xe8, 0x74, 0xb4, 0x0a, 0x3d, 0x76, 0x49, 0x31, 0x17, 0x6e, 0x33,
|
||||||
|
+0x16, 0xf0, 0x00, 0x1f, 0x3c, 0x1f, 0xf9, 0x7c, 0xdb, 0x93, 0x49, 0x9c, 0x7d, 0xb3, 0xd3, 0x30,
|
||||||
|
+0x98, 0x81, 0x6f, 0xb0, 0xc9, 0x30, 0x2f
|
||||||
|
+};
|
||||||
|
+static const char ecd_prime_curve_name521[] = "secp521r1";
|
||||||
|
+/*
|
||||||
|
+priv:
|
||||||
|
+ 00:44:0f:96:31:a9:87:f2:5f:be:a0:bc:ef:0c:ae:
|
||||||
|
+ 58:cc:5f:f8:44:9e:89:86:7e:bf:db:ce:cb:0e:20:
|
||||||
|
+ 10:4a:11:ec:0b:51:1d:e4:91:ca:c6:40:fb:c6:69:
|
||||||
|
+ ad:68:33:9e:c8:f5:c4:c6:a5:93:a8:4d:a9:a9:a2:
|
||||||
|
+ af:fe:6d:cb:c2:3b
|
||||||
|
+pub:
|
||||||
|
+ 04:01:5f:58:a9:40:0c:ee:9b:ed:4a:f4:7a:3c:a3:
|
||||||
|
+ 89:c2:f3:7e:2c:f4:b5:53:80:ae:33:7d:36:d1:b5:
|
||||||
|
+ 18:bd:ef:a9:48:00:ea:88:ee:00:5c:ca:07:08:b5:
|
||||||
|
+ 67:4a:c3:2b:10:c6:07:b0:c2:45:37:b7:1d:e3:6c:
|
||||||
|
+ e1:bf:2c:44:18:4a:aa:01:af:75:40:6a:e3:f5:b2:
|
||||||
|
+ 7f:d1:9d:1b:8b:29:1f:91:4d:db:93:bf:bd:8c:b7:
|
||||||
|
+ 6a:8d:4b:2c:36:2a:6b:ab:54:9d:7b:31:99:a4:de:
|
||||||
|
+ c9:10:c4:f4:a3:f4:6d:94:97:62:16:a5:34:65:1f:
|
||||||
|
+ 42:cd:8b:9e:e6:db:14:5d:a9:8d:19:95:8d
|
||||||
|
+*/
|
||||||
|
+static const unsigned char ecd_prime_priv521[] = {
|
||||||
|
+ 0x00, 0x44, 0x0f, 0x96, 0x31, 0xa9, 0x87, 0xf2, 0x5f, 0xbe, 0xa0, 0xbc, 0xef, 0x0c, 0xae,
|
||||||
|
+ 0x58, 0xcc, 0x5f, 0xf8, 0x44, 0x9e, 0x89, 0x86, 0x7e, 0xbf, 0xdb, 0xce, 0xcb, 0x0e, 0x20,
|
||||||
|
+ 0x10, 0x4a, 0x11, 0xec, 0x0b, 0x51, 0x1d, 0xe4, 0x91, 0xca, 0xc6, 0x40, 0xfb, 0xc6, 0x69,
|
||||||
|
+ 0xad, 0x68, 0x33, 0x9e, 0xc8, 0xf5, 0xc4, 0xc6, 0xa5, 0x93, 0xa8, 0x4d, 0xa9, 0xa9, 0xa2,
|
||||||
|
+ 0xaf, 0xfe, 0x6d, 0xcb, 0xc2, 0x3b
|
||||||
|
+};
|
||||||
|
+static const unsigned char ecd_prime_pub521[] = {
|
||||||
|
+ 0x04, 0x01, 0x5f, 0x58, 0xa9, 0x40, 0x0c, 0xee, 0x9b, 0xed, 0x4a, 0xf4, 0x7a, 0x3c, 0xa3,
|
||||||
|
+ 0x89, 0xc2, 0xf3, 0x7e, 0x2c, 0xf4, 0xb5, 0x53, 0x80, 0xae, 0x33, 0x7d, 0x36, 0xd1, 0xb5,
|
||||||
|
+ 0x18, 0xbd, 0xef, 0xa9, 0x48, 0x00, 0xea, 0x88, 0xee, 0x00, 0x5c, 0xca, 0x07, 0x08, 0xb5,
|
||||||
|
+ 0x67, 0x4a, 0xc3, 0x2b, 0x10, 0xc6, 0x07, 0xb0, 0xc2, 0x45, 0x37, 0xb7, 0x1d, 0xe3, 0x6c,
|
||||||
|
+ 0xe1, 0xbf, 0x2c, 0x44, 0x18, 0x4a, 0xaa, 0x01, 0xaf, 0x75, 0x40, 0x6a, 0xe3, 0xf5, 0xb2,
|
||||||
|
+ 0x7f, 0xd1, 0x9d, 0x1b, 0x8b, 0x29, 0x1f, 0x91, 0x4d, 0xdb, 0x93, 0xbf, 0xbd, 0x8c, 0xb7,
|
||||||
|
+ 0x6a, 0x8d, 0x4b, 0x2c, 0x36, 0x2a, 0x6b, 0xab, 0x54, 0x9d, 0x7b, 0x31, 0x99, 0xa4, 0xde,
|
||||||
|
+ 0xc9, 0x10, 0xc4, 0xf4, 0xa3, 0xf4, 0x6d, 0x94, 0x97, 0x62, 0x16, 0xa5, 0x34, 0x65, 0x1f,
|
||||||
|
+ 0x42, 0xcd, 0x8b, 0x9e, 0xe6, 0xdb, 0x14, 0x5d, 0xa9, 0x8d, 0x19, 0x95, 0x8d
|
||||||
|
+};
|
||||||
|
+static const ST_KAT_PARAM ecdsa_prime_key521[] = {
|
||||||
|
+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name521),
|
||||||
|
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub521),
|
||||||
|
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv521),
|
||||||
|
+ ST_KAT_PARAM_END()
|
||||||
|
+};
|
||||||
|
+static const unsigned char ec521r1_kat_sig[] = {
|
||||||
|
+0x30, 0x81, 0x88, 0x02, 0x42, 0x00, 0xdf, 0x64, 0x9c, 0xc8, 0x5b, 0xdd, 0x0b, 0x7f, 0x69, 0x7e,
|
||||||
|
+0xdb, 0x83, 0x58, 0x67, 0x63, 0x43, 0xb7, 0xfa, 0x40, 0x29, 0xde, 0xb9, 0xde, 0xe9, 0x96, 0x65,
|
||||||
|
+0xe6, 0x8e, 0xf4, 0xeb, 0xd0, 0xe9, 0x6a, 0xd3, 0x27, 0x6c, 0x4d, 0x60, 0x47, 0x9c, 0x62, 0xb8,
|
||||||
|
+0x6c, 0xc1, 0x36, 0x19, 0x65, 0xff, 0xab, 0xcf, 0x24, 0xa3, 0xde, 0xd1, 0x4b, 0x1b, 0xdd, 0x89,
|
||||||
|
+0xcf, 0xf8, 0x72, 0x7b, 0x92, 0xbc, 0x02, 0x02, 0x42, 0x01, 0xf8, 0x07, 0x77, 0xb8, 0xcb, 0xa2,
|
||||||
|
+0xe2, 0x1f, 0x53, 0x9a, 0x7c, 0x16, 0xb5, 0x8e, 0xad, 0xe3, 0xc3, 0xac, 0xb7, 0xb2, 0x51, 0x8f,
|
||||||
|
+0xf9, 0x09, 0x65, 0x43, 0xf8, 0xd8, 0x3c, 0xe3, 0x5c, 0x4a, 0x5e, 0x3d, 0x6f, 0xb7, 0xbb, 0x5a,
|
||||||
|
+0x92, 0x69, 0xec, 0x71, 0xa2, 0x35, 0xe5, 0x29, 0x17, 0xaf, 0xc9, 0x69, 0xa7, 0xaa, 0x94, 0xf9,
|
||||||
|
+0xf9, 0x50, 0x87, 0x7b, 0x5d, 0x87, 0xe3, 0xd6, 0x3f, 0xb6, 0x6e
|
||||||
|
+};
|
||||||
|
+static const char ecd_prime_curve_name256[] = "prime256v1";
|
||||||
|
+/*
|
||||||
|
+priv:
|
||||||
|
+ 84:88:11:3f:a9:c9:9e:23:72:8b:40:cb:a2:b1:88:
|
||||||
|
+ 01:1e:92:48:af:13:2d:9b:33:8e:6d:43:40:30:c7:
|
||||||
|
+ 30:fa
|
||||||
|
+pub:
|
||||||
|
+ 04:22:58:b6:f9:01:3b:8c:a6:9b:9f:ae:75:fc:73:
|
||||||
|
+ cf:1b:f0:81:dc:55:a3:cc:5d:81:46:85:06:32:34:
|
||||||
|
+ 99:0d:c5:7e:a1:95:bb:21:73:33:40:4b:35:17:f6:
|
||||||
|
+ 8e:26:61:46:94:2c:4c:ac:9b:20:f8:08:72:25:74:
|
||||||
|
+ 98:66:c4:63:a6
|
||||||
|
+*/
|
||||||
|
+static const unsigned char ecd_prime_priv256[] = {
|
||||||
|
+ 0x84, 0x88, 0x11, 0x3f, 0xa9, 0xc9, 0x9e, 0x23, 0x72, 0x8b, 0x40, 0xcb, 0xa2, 0xb1, 0x88,
|
||||||
|
+ 0x01, 0x1e, 0x92, 0x48, 0xaf, 0x13, 0x2d, 0x9b, 0x33, 0x8e, 0x6d, 0x43, 0x40, 0x30, 0xc7,
|
||||||
|
+ 0x30, 0xfa
|
||||||
|
+};
|
||||||
|
+static const unsigned char ecd_prime_pub256[] = {
|
||||||
|
+ 0x04, 0x22, 0x58, 0xb6, 0xf9, 0x01, 0x3b, 0x8c, 0xa6, 0x9b, 0x9f, 0xae, 0x75, 0xfc, 0x73,
|
||||||
|
+ 0xcf, 0x1b, 0xf0, 0x81, 0xdc, 0x55, 0xa3, 0xcc, 0x5d, 0x81, 0x46, 0x85, 0x06, 0x32, 0x34,
|
||||||
|
+ 0x99, 0x0d, 0xc5, 0x7e, 0xa1, 0x95, 0xbb, 0x21, 0x73, 0x33, 0x40, 0x4b, 0x35, 0x17, 0xf6,
|
||||||
|
+ 0x8e, 0x26, 0x61, 0x46, 0x94, 0x2c, 0x4c, 0xac, 0x9b, 0x20, 0xf8, 0x08, 0x72, 0x25, 0x74,
|
||||||
|
+ 0x98, 0x66, 0xc4, 0x63, 0xa6
|
||||||
|
+};
|
||||||
|
+static const ST_KAT_PARAM ecdsa_prime_key256[] = {
|
||||||
|
+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name256),
|
||||||
|
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub256),
|
||||||
|
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv256),
|
||||||
|
+ ST_KAT_PARAM_END()
|
||||||
|
+};
|
||||||
|
+static const unsigned char ec256v1_kat_sig[] = {
|
||||||
|
+0x30, 0x46, 0x02, 0x21, 0x00, 0xc9, 0x11, 0x27, 0x06, 0x51, 0x2b, 0x50, 0x8c, 0x6b, 0xc0, 0xa6,
|
||||||
|
+0x85, 0xaa, 0xf4, 0x66, 0x0d, 0xe4, 0x54, 0x0a, 0x10, 0xb6, 0x9f, 0x87, 0xfc, 0xa2, 0xbc, 0x8f,
|
||||||
|
+0x3c, 0x58, 0xb4, 0xe9, 0x41, 0x02, 0x21, 0x00, 0xc9, 0x72, 0x94, 0xa9, 0xdd, 0x52, 0xca, 0x21,
|
||||||
|
+0x82, 0x66, 0x7a, 0x68, 0xcb, 0x1e, 0x3b, 0x12, 0x71, 0x4d, 0x56, 0xb5, 0xb7, 0xdd, 0xca, 0x2b,
|
||||||
|
+0x18, 0xa3, 0xa7, 0x08, 0x0d, 0xfa, 0x9c, 0x66
|
||||||
|
+};
|
||||||
|
# ifndef OPENSSL_NO_EC2M
|
||||||
|
static const char ecd_bin_curve_name[] = "sect233r1";
|
||||||
|
static const unsigned char ecd_bin_priv[] = {
|
||||||
|
@@ -1571,8 +1715,42 @@ static const ST_KAT_SIGN st_kat_sign_tes
|
||||||
|
ecdsa_prime_key,
|
||||||
|
/*
|
||||||
|
* The ECDSA signature changes each time due to it using a random k.
|
||||||
|
- * So there is no expected KAT for this case.
|
||||||
|
+ * We provide this value in our build
|
||||||
|
+ */
|
||||||
|
+ ITM(ec224r1_kat_sig)
|
||||||
|
+ },
|
||||||
|
+ {
|
||||||
|
+ OSSL_SELF_TEST_DESC_SIGN_ECDSA,
|
||||||
|
+ "EC",
|
||||||
|
+ "SHA-256",
|
||||||
|
+ ecdsa_prime_key384,
|
||||||
|
+ /*
|
||||||
|
+ * The ECDSA signature changes each time due to it using a random k.
|
||||||
|
+ * We provide this value in our build
|
||||||
|
+ */
|
||||||
|
+ ITM(ec384r1_kat_sig)
|
||||||
|
+ },
|
||||||
|
+ {
|
||||||
|
+ OSSL_SELF_TEST_DESC_SIGN_ECDSA,
|
||||||
|
+ "EC",
|
||||||
|
+ "SHA-256",
|
||||||
|
+ ecdsa_prime_key521,
|
||||||
|
+ /*
|
||||||
|
+ * The ECDSA signature changes each time due to it using a random k.
|
||||||
|
+ * We provide this value in our build
|
||||||
|
+ */
|
||||||
|
+ ITM(ec521r1_kat_sig)
|
||||||
|
+ },
|
||||||
|
+ {
|
||||||
|
+ OSSL_SELF_TEST_DESC_SIGN_ECDSA,
|
||||||
|
+ "EC",
|
||||||
|
+ "SHA-256",
|
||||||
|
+ ecdsa_prime_key256,
|
||||||
|
+ /*
|
||||||
|
+ * The ECDSA signature changes each time due to it using a random k.
|
||||||
|
+ * We provide this value in our build
|
||||||
|
*/
|
||||||
|
+ ITM(ec256v1_kat_sig)
|
||||||
|
},
|
||||||
|
# ifndef OPENSSL_NO_EC2M
|
||||||
|
{
|
||||||
|
diff -up openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c
|
||||||
|
--- openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat 2022-05-30 14:48:53.180999124 +0200
|
||||||
|
+++ openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c 2022-05-30 14:58:52.841286228 +0200
|
||||||
|
@@ -44,6 +44,10 @@
|
||||||
|
#define S390X_OFF_RN(n) (4 * n)
|
||||||
|
#define S390X_OFF_Y(n) (4 * n)
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+extern int REDHAT_FIPS_signature_st;
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r,
|
||||||
|
const BIGNUM *scalar,
|
||||||
|
size_t num, const EC_POINT *points[],
|
||||||
|
@@ -183,11 +187,21 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign
|
||||||
|
* because kdsa instruction constructs an in-range, invertible nonce
|
||||||
|
* internally implementing counter-measures for RNG weakness.
|
||||||
|
*/
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) {
|
||||||
|
+ BN_bn2binpad(eckey->sign_kat_k, param + S390X_OFF_RN(len), len);
|
||||||
|
+ /* Turns KDSA internal nonce-generation off. */
|
||||||
|
+ fc |= S390X_KDSA_D;
|
||||||
|
+ } else {
|
||||||
|
+#endif
|
||||||
|
if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len),
|
||||||
|
(size_t)len, 0) != 1) {
|
||||||
|
ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED);
|
||||||
|
goto ret;
|
||||||
|
}
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
} else {
|
||||||
|
/* Reconstruct k = (k^-1)^-1. */
|
||||||
|
if (ossl_ec_group_do_inverse_ord(group, k, kinv, NULL) == 0
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,466 @@
|
|||||||
|
From e3d6fca1af033d00c47bcd8f9ba28fcf1aa476aa Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Tue, 7 Jun 2022 12:02:49 +0200
|
||||||
|
Subject: [PATCH] fips: Expose a FIPS indicator
|
||||||
|
|
||||||
|
FIPS 140-3 requires us to indicate whether an operation was using
|
||||||
|
approved services or not. The FIPS 140-3 implementation guidelines
|
||||||
|
provide two basic approaches to doing this: implicit indicators, and
|
||||||
|
explicit indicators.
|
||||||
|
|
||||||
|
Implicit indicators are basically the concept of "if the operation
|
||||||
|
passes, it was approved". We were originally aiming for implicit
|
||||||
|
indicators in our copy of OpenSSL. However, this proved to be a problem,
|
||||||
|
because we wanted to certify a signature service, and FIPS 140-3
|
||||||
|
requires that a signature service computes the digest to be signed
|
||||||
|
within the boundaries of the FIPS module. Since we were planning to
|
||||||
|
certify fips.so only, this means that EVP_PKEY_sign/EVP_PKEY_verify
|
||||||
|
would have to be blocked. Unfortunately, EVP_SignFinal uses
|
||||||
|
EVP_PKEY_sign internally, but outside of fips.so and thus outside of the
|
||||||
|
FIPS module boundary. This means that using implicit indicators in
|
||||||
|
combination with certifying only fips.so would require us to block both
|
||||||
|
EVP_PKEY_sign and EVP_SignFinal, which are the two APIs currently used
|
||||||
|
by most users of OpenSSL for signatures.
|
||||||
|
|
||||||
|
EVP_DigestSign would be acceptable, but has only been added in 3.0 and
|
||||||
|
is thus not yet widely used.
|
||||||
|
|
||||||
|
As a consequence, we've decided to introduce explicit indicators so that
|
||||||
|
EVP_PKEY_sign and EVP_SignFinal can continue to work for now, but
|
||||||
|
FIPS-aware applications can query the explicit indicator to check
|
||||||
|
whether the operation was approved.
|
||||||
|
|
||||||
|
To avoid affecting the ABI and public API too much, this is implemented
|
||||||
|
as an exported symbol in fips.so and a private header, so applications
|
||||||
|
that wish to use this will have to dlopen(3) fips.so, locate the
|
||||||
|
function using dlsym(3), and then call it. These applications will have
|
||||||
|
to build against the private header in order to use the returned
|
||||||
|
pointer.
|
||||||
|
|
||||||
|
Modify util/mkdef.pl to support exposing a symbol only for a specific
|
||||||
|
provider identified by its name and path.
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
---
|
||||||
|
doc/build.info | 6 ++
|
||||||
|
doc/man7/fips_module_indicators.pod | 154 ++++++++++++++++++++++++++++
|
||||||
|
providers/fips/fipsprov.c | 71 +++++++++++++
|
||||||
|
providers/fips/indicator.h | 66 ++++++++++++
|
||||||
|
util/mkdef.pl | 25 ++++-
|
||||||
|
util/providers.num | 1 +
|
||||||
|
6 files changed, 322 insertions(+), 1 deletion(-)
|
||||||
|
create mode 100644 doc/man7/fips_module_indicators.pod
|
||||||
|
create mode 100644 providers/fips/indicator.h
|
||||||
|
|
||||||
|
diff --git a/doc/build.info b/doc/build.info
|
||||||
|
index b0aa4297a4..af235113bb 100644
|
||||||
|
--- a/doc/build.info
|
||||||
|
+++ b/doc/build.info
|
||||||
|
@@ -4389,6 +4389,10 @@ DEPEND[html/man7/fips_module.html]=man7/fips_module.pod
|
||||||
|
GENERATE[html/man7/fips_module.html]=man7/fips_module.pod
|
||||||
|
DEPEND[man/man7/fips_module.7]=man7/fips_module.pod
|
||||||
|
GENERATE[man/man7/fips_module.7]=man7/fips_module.pod
|
||||||
|
+DEPEND[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod
|
||||||
|
+GENERATE[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod
|
||||||
|
+DEPEND[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod
|
||||||
|
+GENERATE[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod
|
||||||
|
DEPEND[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod
|
||||||
|
GENERATE[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod
|
||||||
|
DEPEND[man/man7/life_cycle-cipher.7]=man7/life_cycle-cipher.pod
|
||||||
|
@@ -4631,6 +4635,7 @@ html/man7/ct.html \
|
||||||
|
html/man7/des_modes.html \
|
||||||
|
html/man7/evp.html \
|
||||||
|
html/man7/fips_module.html \
|
||||||
|
+html/man7/fips_module_indicators.html \
|
||||||
|
html/man7/life_cycle-cipher.html \
|
||||||
|
html/man7/life_cycle-digest.html \
|
||||||
|
html/man7/life_cycle-kdf.html \
|
||||||
|
@@ -4754,6 +4759,7 @@ man/man7/ct.7 \
|
||||||
|
man/man7/des_modes.7 \
|
||||||
|
man/man7/evp.7 \
|
||||||
|
man/man7/fips_module.7 \
|
||||||
|
+man/man7/fips_module_indicators.7 \
|
||||||
|
man/man7/life_cycle-cipher.7 \
|
||||||
|
man/man7/life_cycle-digest.7 \
|
||||||
|
man/man7/life_cycle-kdf.7 \
|
||||||
|
diff --git a/doc/man7/fips_module_indicators.pod b/doc/man7/fips_module_indicators.pod
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..23db2b395c
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/doc/man7/fips_module_indicators.pod
|
||||||
|
@@ -0,0 +1,154 @@
|
||||||
|
+=pod
|
||||||
|
+
|
||||||
|
+=head1 NAME
|
||||||
|
+
|
||||||
|
+fips_module_indicators - Red Hat OpenSSL FIPS module indicators guide
|
||||||
|
+
|
||||||
|
+=head1 DESCRIPTION
|
||||||
|
+
|
||||||
|
+This guide documents how the Red Hat Enterprise Linux 9 OpenSSL FIPS provider
|
||||||
|
+implements Approved Security Service Indicators according to the FIPS 140-3
|
||||||
|
+Implementation Guidelines, section 2.4.C. See
|
||||||
|
+L<https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf>
|
||||||
|
+for the FIPS 140-3 Implementation Guidelines.
|
||||||
|
+
|
||||||
|
+For all approved services except signatures, the Red Hat OpenSSL FIPS provider
|
||||||
|
+uses the return code as the indicator as understood by FIPS 140-3. That means
|
||||||
|
+that every operation that succeeds denotes use of an approved security service.
|
||||||
|
+Operations that do not succeed may not have been approved security services, or
|
||||||
|
+may have been used incorrectly.
|
||||||
|
+
|
||||||
|
+For signatures, an explicit indicator API is available to determine whether
|
||||||
|
+a selected operation is an approved security service, in combination with the
|
||||||
|
+return code of the operation. For a signature operation to be approved, the
|
||||||
|
+explicit indicator must claim it as approved, and it must succeed.
|
||||||
|
+
|
||||||
|
+=head2 Querying the explicit indicator
|
||||||
|
+
|
||||||
|
+The Red Hat OpenSSL FIPS provider exports a symbol named
|
||||||
|
+I<redhat_ossl_query_fipsindicator> that provides information on which signature
|
||||||
|
+operations are approved security functions. To use this function, either link
|
||||||
|
+against I<fips.so> directly, or load it at runtime using dlopen(3) and
|
||||||
|
+dlsym(3).
|
||||||
|
+
|
||||||
|
+ #include <openssl/core_dispatch.h>
|
||||||
|
+ #include "providers/fips/indicator.h"
|
||||||
|
+
|
||||||
|
+ void *provider = dlopen("/usr/lib64/ossl-modules/fips.so", RTLD_LAZY);
|
||||||
|
+ if (provider == NULL) {
|
||||||
|
+ fprintf(stderr, "%s\n", dlerror());
|
||||||
|
+ // handle error
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ const OSSL_RH_FIPSINDICATOR_ALORITHM *(*redhat_ossl_query_fipsindicator)(int) \
|
||||||
|
+ = dlsym(provider, "redhat_ossl_query_fipsindicator");
|
||||||
|
+ if (redhat_ossl_query_fipsindicator == NULL) {
|
||||||
|
+ fprintf(stderr, "%s\n", dlerror());
|
||||||
|
+ fprintf(stderr, "Does your copy of fips.so have the required Red Hat"
|
||||||
|
+ " patches?\n");
|
||||||
|
+ // handle error
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+Note that this uses the I<providers/fips/indicator.h> header, which is not
|
||||||
|
+public. Install the I<openssl-debugsource> package from the I<BaseOS-debuginfo>
|
||||||
|
+repository using I<dnf debuginfo-install openssl> and include
|
||||||
|
+I</usr/src/debug/openssl-3.*/> in the compiler's include path.
|
||||||
|
+
|
||||||
|
+I<redhat_ossl_query_fipsindicator> expects an operation ID as its only
|
||||||
|
+argument. Currently, the only supported operation ID is I<OSSL_OP_SIGNATURE> to
|
||||||
|
+obtain the indicators for signature operations. On success, the return value is
|
||||||
|
+a pointer to an array of I<OSSL_RH_FIPSINDICATOR_STRUCT>s. On failure, NULL is
|
||||||
|
+returned. The last entry in the array is indicated by I<algorithm_names> being
|
||||||
|
+NULL.
|
||||||
|
+
|
||||||
|
+ typedef struct ossl_rh_fipsindicator_algorithm_st {
|
||||||
|
+ const char *algorithm_names; /* key */
|
||||||
|
+ const char *property_definition; /* key */
|
||||||
|
+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators;
|
||||||
|
+ } OSSL_RH_FIPSINDICATOR_ALGORITHM;
|
||||||
|
+
|
||||||
|
+ typedef struct ossl_rh_fipsindicator_dispatch_st {
|
||||||
|
+ int function_id;
|
||||||
|
+ int approved;
|
||||||
|
+ } OSSL_RH_FIPSINDICATOR_DISPATCH;
|
||||||
|
+
|
||||||
|
+The I<algorithm_names> field is a colon-separated list of algorithm names from
|
||||||
|
+one of the I<PROV_NAMES_...> constants, e.g., I<PROV_NAMES_RSA>. strtok(3) can
|
||||||
|
+be used to locate the appropriate entry. See the example below, where
|
||||||
|
+I<algorithm> contains the algorithm name to search for:
|
||||||
|
+
|
||||||
|
+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicator_dispatch = NULL;
|
||||||
|
+ const OSSL_RH_FIPSINDICATOR_ALGORITHM *indicator =
|
||||||
|
+ redhat_ossl_query_fipsindicator(operation_id);
|
||||||
|
+ if (indicator == NULL) {
|
||||||
|
+ fprintf(stderr, "No indicator for operation, probably using implicit"
|
||||||
|
+ " indicators.\n");
|
||||||
|
+ // handle error
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ for (; indicator->algorithm_names != NULL; ++indicator) {
|
||||||
|
+ char *algorithm_names = strdup(indicator->algorithm_names);
|
||||||
|
+ if (algorithm_names == NULL) {
|
||||||
|
+ perror("strdup(3)");
|
||||||
|
+ // handle error
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ const char *algorithm_name = strtok(algorithm_names, ":");
|
||||||
|
+ for (; algorithm_name != NULL; algorithm_name = strtok(NULL, ":")) {
|
||||||
|
+ if (strcasecmp(algorithm_name, algorithm) == 0) {
|
||||||
|
+ indicator_dispatch = indicator->indicators;
|
||||||
|
+ free(algorithm_names);
|
||||||
|
+ algorithm_names = NULL;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ free(algorithm_names);
|
||||||
|
+ }
|
||||||
|
+ if (indicator_dispatch == NULL) {
|
||||||
|
+ fprintf(stderr, "No indicator for algorithm %s.\n", algorithm);
|
||||||
|
+ // handle error
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+If an appropriate I<OSSL_RH_FIPSINDICATOR_DISPATCH> array is available for the
|
||||||
|
+given algorithm name, it maps function IDs to their approval status. The last
|
||||||
|
+entry is indicated by a zero I<function_id>. I<approved> is
|
||||||
|
+I<OSSL_RH_FIPSINDICATOR_APPROVED> if the operation is an approved security
|
||||||
|
+service, or part of an approved security service, or
|
||||||
|
+I<OSSL_RH_FIPSINDICATOR_UNAPPROVED> otherwise. Any other value is invalid.
|
||||||
|
+Function IDs are I<OSSL_FUNC_*> constants from I<openssl/core_dispatch.h>,
|
||||||
|
+e.g., I<OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE> or I<OSSL_FUNC_SIGNATURE_SIGN>.
|
||||||
|
+
|
||||||
|
+Assuming I<function_id> is the function in question, the following code can be
|
||||||
|
+used to query the approval status:
|
||||||
|
+
|
||||||
|
+ for (; indicator_dispatch->function_id != 0; ++indicator_dispatch) {
|
||||||
|
+ if (indicator_dispatch->function_id == function_id) {
|
||||||
|
+ switch (indicator_dispatch->approved) {
|
||||||
|
+ case OSSL_RH_FIPSINDICATOR_APPROVED:
|
||||||
|
+ // approved security service
|
||||||
|
+ break;
|
||||||
|
+ case OSSL_RH_FIPSINDICATOR_UNAPPROVED:
|
||||||
|
+ // unapproved security service
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ // invalid result
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+=head1 SEE ALSO
|
||||||
|
+
|
||||||
|
+L<fips_module(7)>, L<provider(7)>
|
||||||
|
+
|
||||||
|
+=head1 COPYRIGHT
|
||||||
|
+
|
||||||
|
+Copyright 2022 Red Hat, Inc. All Rights Reserved.
|
||||||
|
+
|
||||||
|
+Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
|
+this file except in compliance with the License. You can obtain a copy
|
||||||
|
+in the file LICENSE in the source distribution or at
|
||||||
|
+L<https://www.openssl.org/source/license.html>.
|
||||||
|
+
|
||||||
|
+=cut
|
||||||
|
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
|
||||||
|
index de391ce067..1cfd71c5cf 100644
|
||||||
|
--- a/providers/fips/fipsprov.c
|
||||||
|
+++ b/providers/fips/fipsprov.c
|
||||||
|
@@ -23,6 +23,7 @@
|
||||||
|
#include "prov/seeding.h"
|
||||||
|
#include "self_test.h"
|
||||||
|
#include "internal/core.h"
|
||||||
|
+#include "indicator.h"
|
||||||
|
|
||||||
|
static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes";
|
||||||
|
static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no";
|
||||||
|
@@ -425,6 +426,68 @@ static const OSSL_ALGORITHM fips_signature[] = {
|
||||||
|
{ NULL, NULL, NULL }
|
||||||
|
};
|
||||||
|
|
||||||
|
+static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_rsa_signature_indicators[] = {
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED }
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_ecdsa_signature_indicators[] = {
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
|
||||||
|
+ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED }
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static const OSSL_RH_FIPSINDICATOR_ALGORITHM redhat_indicator_fips_signature[] = {
|
||||||
|
+ { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES,
|
||||||
|
+ redhat_rsa_signature_indicators },
|
||||||
|
+#ifndef OPENSSL_NO_EC
|
||||||
|
+ { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES,
|
||||||
|
+ redhat_ecdsa_signature_indicators },
|
||||||
|
+#endif
|
||||||
|
+ { NULL, NULL, NULL }
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
static const OSSL_ALGORITHM fips_asym_cipher[] = {
|
||||||
|
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions },
|
||||||
|
{ NULL, NULL, NULL }
|
||||||
|
@@ -527,6 +590,14 @@ static void fips_deinit_casecmp(void) {
|
||||||
|
freelocale(loc);
|
||||||
|
}
|
||||||
|
|
||||||
|
+const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id) {
|
||||||
|
+ switch (operation_id) {
|
||||||
|
+ case OSSL_OP_SIGNATURE:
|
||||||
|
+ return redhat_indicator_fips_signature;
|
||||||
|
+ }
|
||||||
|
+ return NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void fips_teardown(void *provctx)
|
||||||
|
{
|
||||||
|
OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx));
|
||||||
|
diff --git a/providers/fips/indicator.h b/providers/fips/indicator.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..b323efe44c
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/providers/fips/indicator.h
|
||||||
|
@@ -0,0 +1,66 @@
|
||||||
|
+/*
|
||||||
|
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
+ *
|
||||||
|
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
|
+ * this file except in compliance with the License. You can obtain a copy
|
||||||
|
+ * in the file LICENSE in the source distribution or at
|
||||||
|
+ * https://www.openssl.org/source/license.html
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#ifndef OPENSSL_FIPS_INDICATOR_H
|
||||||
|
+# define OPENSSL_FIPS_INDICATOR_H
|
||||||
|
+# pragma once
|
||||||
|
+
|
||||||
|
+# ifdef __cplusplus
|
||||||
|
+extern "C" {
|
||||||
|
+# endif
|
||||||
|
+
|
||||||
|
+# define OSSL_RH_FIPSINDICATOR_UNAPPROVED (0)
|
||||||
|
+# define OSSL_RH_FIPSINDICATOR_APPROVED (1)
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * FIPS indicator dispatch table element. function_id numbers and the
|
||||||
|
+ * functions are defined in core_dispatch.h, see macros with
|
||||||
|
+ * 'OSSL_CORE_MAKE_FUNC' in their names.
|
||||||
|
+ *
|
||||||
|
+ * An array of these is always terminated by function_id == 0
|
||||||
|
+ */
|
||||||
|
+typedef struct ossl_rh_fipsindicator_dispatch_st {
|
||||||
|
+ int function_id;
|
||||||
|
+ int approved;
|
||||||
|
+} OSSL_RH_FIPSINDICATOR_DISPATCH;
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * Type to tie together algorithm names, property definition string and the
|
||||||
|
+ * algorithm implementation's FIPS indicator status in the form of a FIPS
|
||||||
|
+ * indicator dispatch table.
|
||||||
|
+ *
|
||||||
|
+ * An array of these is always terminated by algorithm_names == NULL
|
||||||
|
+ */
|
||||||
|
+typedef struct ossl_rh_fipsindicator_algorithm_st {
|
||||||
|
+ const char *algorithm_names; /* key */
|
||||||
|
+ const char *property_definition; /* key */
|
||||||
|
+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators;
|
||||||
|
+} OSSL_RH_FIPSINDICATOR_ALGORITHM;
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ * Query FIPS indicator status for the given operation. Possible values for
|
||||||
|
+ * 'operation_id' are currently only OSSL_OP_SIGNATURE, as all other algorithms
|
||||||
|
+ * use implicit indicators. The return value is an array of
|
||||||
|
+ * OSSL_RH_FIPSINDICATOR_ALGORITHMs, terminated by an entry with
|
||||||
|
+ * algorithm_names == NULL. 'algorithm_names' is a colon-separated list of
|
||||||
|
+ * algorithm names, 'property_definition' a comma-separated list of properties,
|
||||||
|
+ * and 'indicators' is a list of OSSL_RH_FIPSINDICATOR_DISPATCH structs. This
|
||||||
|
+ * list is terminated by function_id == 0. 'function_id' is one of the
|
||||||
|
+ * OSSL_FUNC_* constants, e.g., OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL.
|
||||||
|
+ *
|
||||||
|
+ * If there is no entry in the returned struct for the given operation_id,
|
||||||
|
+ * algorithm name, or function_id, the algorithm is unapproved.
|
||||||
|
+ */
|
||||||
|
+const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id);
|
||||||
|
+
|
||||||
|
+# ifdef __cplusplus
|
||||||
|
+}
|
||||||
|
+# endif
|
||||||
|
+
|
||||||
|
+#endif
|
||||||
|
diff --git a/util/mkdef.pl b/util/mkdef.pl
|
||||||
|
index a1c76f7c97..eda39b71ee 100755
|
||||||
|
--- a/util/mkdef.pl
|
||||||
|
+++ b/util/mkdef.pl
|
||||||
|
@@ -149,7 +149,8 @@ $ordinal_opts{filter} =
|
||||||
|
return
|
||||||
|
$item->exists()
|
||||||
|
&& platform_filter($item)
|
||||||
|
- && feature_filter($item);
|
||||||
|
+ && feature_filter($item)
|
||||||
|
+ && fips_filter($item, $name);
|
||||||
|
};
|
||||||
|
my $ordinals = OpenSSL::Ordinals->new(from => $ordinals_file);
|
||||||
|
|
||||||
|
@@ -205,6 +206,28 @@ sub feature_filter {
|
||||||
|
return $verdict;
|
||||||
|
}
|
||||||
|
|
||||||
|
+sub fips_filter {
|
||||||
|
+ my $item = shift;
|
||||||
|
+ my $name = uc(shift);
|
||||||
|
+ my @features = ( $item->features() );
|
||||||
|
+
|
||||||
|
+ # True if no features are defined
|
||||||
|
+ return 1 if scalar @features == 0;
|
||||||
|
+
|
||||||
|
+ my @matches = grep(/^ONLY_.*$/, @features);
|
||||||
|
+ if (@matches) {
|
||||||
|
+ # There is at least one only_* flag on this symbol, check if any of
|
||||||
|
+ # them match the name
|
||||||
|
+ for (@matches) {
|
||||||
|
+ if ($_ eq "ONLY_${name}") {
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+ return 1;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
sub sorter_unix {
|
||||||
|
my $by_name = OpenSSL::Ordinals::by_name();
|
||||||
|
my %weight = (
|
||||||
|
diff --git a/util/providers.num b/util/providers.num
|
||||||
|
index 4e2fa81b98..77879d0e5f 100644
|
||||||
|
--- a/util/providers.num
|
||||||
|
+++ b/util/providers.num
|
||||||
|
@@ -1 +1,2 @@
|
||||||
|
OSSL_provider_init 1 * EXIST::FUNCTION:
|
||||||
|
+redhat_ossl_query_fipsindicator 1 * EXIST::FUNCTION:ONLY_PROVIDERS/FIPS
|
||||||
|
--
|
||||||
|
2.35.3
|
||||||
|
|
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
|
||||||
|
index 2a574fbfe6aa..16f482db68a9 100644
|
||||||
|
--- a/crypto/lhash/lhash.c
|
||||||
|
+++ b/crypto/lhash/lhash.c
|
||||||
|
@@ -100,6 +100,8 @@ void OPENSSL_LH_flush(OPENSSL_LHASH *lh)
|
||||||
|
}
|
||||||
|
lh->b[i] = NULL;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ lh->num_items = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data)
|
@ -0,0 +1,263 @@
|
|||||||
|
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
|
||||||
|
index 7a4a45d537..3c5f48ec0a 100644
|
||||||
|
--- a/crypto/ocsp/ocsp_vfy.c
|
||||||
|
+++ b/crypto/ocsp/ocsp_vfy.c
|
||||||
|
@@ -59,9 +59,10 @@ static int ocsp_verify_signer(X509 *signer, int response,
|
||||||
|
|
||||||
|
ret = X509_verify_cert(ctx);
|
||||||
|
if (ret <= 0) {
|
||||||
|
- ret = X509_STORE_CTX_get_error(ctx);
|
||||||
|
+ int err = X509_STORE_CTX_get_error(ctx);
|
||||||
|
+
|
||||||
|
ERR_raise_data(ERR_LIB_OCSP, OCSP_R_CERTIFICATE_VERIFY_ERROR,
|
||||||
|
- "Verify error: %s", X509_verify_cert_error_string(ret));
|
||||||
|
+ "Verify error: %s", X509_verify_cert_error_string(err));
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
if (chain != NULL)
|
||||||
|
diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t
|
||||||
|
index d42030cb89..34fdfcbccc 100644
|
||||||
|
--- a/test/recipes/80-test_ocsp.t
|
||||||
|
+++ b/test/recipes/80-test_ocsp.t
|
||||||
|
@@ -35,6 +35,7 @@ sub test_ocsp {
|
||||||
|
$untrusted = $CAfile;
|
||||||
|
}
|
||||||
|
my $expected_exit = shift;
|
||||||
|
+ my $nochecks = shift;
|
||||||
|
my $outputfile = basename($inputfile, '.ors') . '.dat';
|
||||||
|
|
||||||
|
run(app(["openssl", "base64", "-d",
|
||||||
|
@@ -45,7 +46,8 @@ sub test_ocsp {
|
||||||
|
"-partial_chain", @check_time,
|
||||||
|
"-CAfile", catfile($ocspdir, $CAfile),
|
||||||
|
"-verify_other", catfile($ocspdir, $untrusted),
|
||||||
|
- "-no-CApath", "-no-CAstore"])),
|
||||||
|
+ "-no-CApath", "-no-CAstore",
|
||||||
|
+ $nochecks ? "-no_cert_checks" : ()])),
|
||||||
|
$title); });
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -55,143 +57,149 @@ subtest "=== VALID OCSP RESPONSES ===" => sub {
|
||||||
|
plan tests => 7;
|
||||||
|
|
||||||
|
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "ND1.ors", "ND1_Issuer_ICA.pem", "", 0);
|
||||||
|
+ "ND1.ors", "ND1_Issuer_ICA.pem", "", 0, 0);
|
||||||
|
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "ND2.ors", "ND2_Issuer_Root.pem", "", 0);
|
||||||
|
+ "ND2.ors", "ND2_Issuer_Root.pem", "", 0, 0);
|
||||||
|
test_ocsp("NON-DELEGATED; Root CA -> EE",
|
||||||
|
- "ND3.ors", "ND3_Issuer_Root.pem", "", 0);
|
||||||
|
+ "ND3.ors", "ND3_Issuer_Root.pem", "", 0, 0);
|
||||||
|
test_ocsp("NON-DELEGATED; 3-level CA hierarchy",
|
||||||
|
- "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0);
|
||||||
|
+ "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0, 0);
|
||||||
|
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "D1.ors", "D1_Issuer_ICA.pem", "", 0);
|
||||||
|
+ "D1.ors", "D1_Issuer_ICA.pem", "", 0, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "D2.ors", "D2_Issuer_Root.pem", "", 0);
|
||||||
|
+ "D2.ors", "D2_Issuer_Root.pem", "", 0, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> EE",
|
||||||
|
- "D3.ors", "D3_Issuer_Root.pem", "", 0);
|
||||||
|
+ "D3.ors", "D3_Issuer_Root.pem", "", 0, 0);
|
||||||
|
};
|
||||||
|
|
||||||
|
subtest "=== INVALID SIGNATURE on the OCSP RESPONSE ===" => sub {
|
||||||
|
plan tests => 6;
|
||||||
|
|
||||||
|
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
|
||||||
|
+ "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
|
||||||
|
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
|
||||||
|
+ "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("NON-DELEGATED; Root CA -> EE",
|
||||||
|
- "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
|
||||||
|
+ "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1);
|
||||||
|
+ "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1);
|
||||||
|
+ "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> EE",
|
||||||
|
- "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1);
|
||||||
|
+ "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
|
||||||
|
};
|
||||||
|
|
||||||
|
subtest "=== WRONG RESPONDERID in the OCSP RESPONSE ===" => sub {
|
||||||
|
plan tests => 6;
|
||||||
|
|
||||||
|
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
|
||||||
|
+ "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
|
||||||
|
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
|
||||||
|
+ "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("NON-DELEGATED; Root CA -> EE",
|
||||||
|
- "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
|
||||||
|
+ "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1);
|
||||||
|
+ "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1);
|
||||||
|
+ "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> EE",
|
||||||
|
- "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1);
|
||||||
|
+ "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
|
||||||
|
};
|
||||||
|
|
||||||
|
subtest "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" => sub {
|
||||||
|
plan tests => 6;
|
||||||
|
|
||||||
|
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
|
||||||
|
+ "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
|
||||||
|
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
|
||||||
|
+ "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("NON-DELEGATED; Root CA -> EE",
|
||||||
|
- "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
|
||||||
|
+ "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1);
|
||||||
|
+ "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1);
|
||||||
|
+ "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> EE",
|
||||||
|
- "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1);
|
||||||
|
+ "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
|
||||||
|
};
|
||||||
|
|
||||||
|
subtest "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" => sub {
|
||||||
|
plan tests => 6;
|
||||||
|
|
||||||
|
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
|
||||||
|
+ "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
|
||||||
|
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
|
||||||
|
+ "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("NON-DELEGATED; Root CA -> EE",
|
||||||
|
- "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
|
||||||
|
+ "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1);
|
||||||
|
+ "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1);
|
||||||
|
+ "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> EE",
|
||||||
|
- "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1);
|
||||||
|
+ "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
|
||||||
|
};
|
||||||
|
|
||||||
|
subtest "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub {
|
||||||
|
plan tests => 3;
|
||||||
|
|
||||||
|
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1);
|
||||||
|
+ "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1);
|
||||||
|
+ "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> EE",
|
||||||
|
- "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1);
|
||||||
|
+ "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
|
||||||
|
};
|
||||||
|
|
||||||
|
subtest "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub {
|
||||||
|
- plan tests => 3;
|
||||||
|
+ plan tests => 6;
|
||||||
|
|
||||||
|
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1);
|
||||||
|
+ "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
|
||||||
|
+ test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
+ "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
|
||||||
|
+ test_ocsp("DELEGATED; Root CA -> EE",
|
||||||
|
+ "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
|
||||||
|
+ test_ocsp("DELEGATED; Intermediate CA -> EE",
|
||||||
|
+ "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 1);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1);
|
||||||
|
+ "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 1);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> EE",
|
||||||
|
- "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1);
|
||||||
|
+ "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 1);
|
||||||
|
};
|
||||||
|
|
||||||
|
subtest "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" => sub {
|
||||||
|
plan tests => 6;
|
||||||
|
|
||||||
|
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1);
|
||||||
|
+ "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1, 0);
|
||||||
|
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1);
|
||||||
|
+ "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("NON-DELEGATED; Root CA -> EE",
|
||||||
|
- "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1);
|
||||||
|
+ "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1);
|
||||||
|
+ "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1);
|
||||||
|
+ "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> EE",
|
||||||
|
- "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1);
|
||||||
|
+ "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1, 0);
|
||||||
|
};
|
||||||
|
|
||||||
|
subtest "=== WRONG KEY in the ISSUER CERTIFICATE ===" => sub {
|
||||||
|
plan tests => 6;
|
||||||
|
|
||||||
|
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1);
|
||||||
|
+ "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1, 0);
|
||||||
|
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1);
|
||||||
|
+ "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("NON-DELEGATED; Root CA -> EE",
|
||||||
|
- "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1);
|
||||||
|
+ "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1);
|
||||||
|
+ "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1);
|
||||||
|
+ "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> EE",
|
||||||
|
- "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1);
|
||||||
|
+ "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1, 0);
|
||||||
|
};
|
||||||
|
|
||||||
|
subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub {
|
||||||
|
@@ -199,17 +207,17 @@ subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub {
|
||||||
|
|
||||||
|
# Expect success, because we're explicitly trusting the issuer certificate.
|
||||||
|
test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0);
|
||||||
|
+ "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0, 0);
|
||||||
|
test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0);
|
||||||
|
+ "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0, 0);
|
||||||
|
test_ocsp("NON-DELEGATED; Root CA -> EE",
|
||||||
|
- "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0);
|
||||||
|
+ "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0, 0);
|
||||||
|
test_ocsp("DELEGATED; Intermediate CA -> EE",
|
||||||
|
- "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0);
|
||||||
|
+ "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> Intermediate CA",
|
||||||
|
- "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0);
|
||||||
|
+ "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0, 0);
|
||||||
|
test_ocsp("DELEGATED; Root CA -> EE",
|
||||||
|
- "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0);
|
||||||
|
+ "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0, 0);
|
||||||
|
};
|
||||||
|
|
||||||
|
subtest "=== OCSP API TESTS===" => sub {
|
@ -0,0 +1,58 @@
|
|||||||
|
diff --git a/tools/c_rehash.in b/tools/c_rehash.in
|
||||||
|
index d51d8856d7..a630773a02 100644
|
||||||
|
--- a/tools/c_rehash.in
|
||||||
|
+++ b/tools/c_rehash.in
|
||||||
|
@@ -152,6 +152,23 @@ sub check_file {
|
||||||
|
return ($is_cert, $is_crl);
|
||||||
|
}
|
||||||
|
|
||||||
|
+sub compute_hash {
|
||||||
|
+ my $fh;
|
||||||
|
+ if ( $^O eq "VMS" ) {
|
||||||
|
+ # VMS uses the open through shell
|
||||||
|
+ # The file names are safe there and list form is unsupported
|
||||||
|
+ if (!open($fh, "-|", join(' ', @_))) {
|
||||||
|
+ print STDERR "Cannot compute hash on '$fname'\n";
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+ } else {
|
||||||
|
+ if (!open($fh, "-|", @_)) {
|
||||||
|
+ print STDERR "Cannot compute hash on '$fname'\n";
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ return (<$fh>, <$fh>);
|
||||||
|
+}
|
||||||
|
|
||||||
|
# Link a certificate to its subject name hash value, each hash is of
|
||||||
|
# the form <hash>.<n> where n is an integer. If the hash value already exists
|
||||||
|
@@ -161,10 +178,12 @@ sub check_file {
|
||||||
|
|
||||||
|
sub link_hash_cert {
|
||||||
|
my $fname = $_[0];
|
||||||
|
- $fname =~ s/\"/\\\"/g;
|
||||||
|
- my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
|
||||||
|
+ my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
|
||||||
|
+ "-fingerprint", "-noout",
|
||||||
|
+ "-in", $fname);
|
||||||
|
chomp $hash;
|
||||||
|
chomp $fprint;
|
||||||
|
+ return if !$hash;
|
||||||
|
$fprint =~ s/^.*=//;
|
||||||
|
$fprint =~ tr/://d;
|
||||||
|
my $suffix = 0;
|
||||||
|
@@ -202,10 +221,12 @@ sub link_hash_cert {
|
||||||
|
|
||||||
|
sub link_hash_crl {
|
||||||
|
my $fname = $_[0];
|
||||||
|
- $fname =~ s/'/'\\''/g;
|
||||||
|
- my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
|
||||||
|
+ my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
|
||||||
|
+ "-fingerprint", "-noout",
|
||||||
|
+ "-in", $fname);
|
||||||
|
chomp $hash;
|
||||||
|
chomp $fprint;
|
||||||
|
+ return if !$hash;
|
||||||
|
$fprint =~ s/^.*=//;
|
||||||
|
$fprint =~ tr/://d;
|
||||||
|
my $suffix = 0;
|
@ -0,0 +1,212 @@
|
|||||||
|
diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem
|
||||||
|
index 1fa449d5a098..6aa9455f09ed 100644
|
||||||
|
--- a/test/certs/embeddedSCTs1_issuer.pem
|
||||||
|
+++ b/test/certs/embeddedSCTs1_issuer.pem
|
||||||
|
@@ -1,18 +1,18 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
-MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
|
||||||
|
+MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
|
||||||
|
MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
|
||||||
|
-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
|
||||||
|
-MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu
|
||||||
|
-c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf
|
||||||
|
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7
|
||||||
|
-jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP
|
||||||
|
-KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL
|
||||||
|
-svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk
|
||||||
|
-tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG
|
||||||
|
-A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO
|
||||||
|
-MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB
|
||||||
|
-/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt
|
||||||
|
-OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy
|
||||||
|
-f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP
|
||||||
|
-OwqULg==
|
||||||
|
+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
|
||||||
|
+ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
|
||||||
|
+YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
|
||||||
|
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
|
||||||
|
+0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
|
||||||
|
+SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
|
||||||
|
+acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
|
||||||
|
+wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
|
||||||
|
+CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
|
||||||
|
+MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
|
||||||
|
+AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
|
||||||
|
++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
|
||||||
|
+2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
|
||||||
|
+Doud4XrO
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
diff --git a/test/certs/sm2-ca-cert.pem b/test/certs/sm2-ca-cert.pem
|
||||||
|
index 5677ac6c9f6a..70ce71e43091 100644
|
||||||
|
--- a/test/certs/sm2-ca-cert.pem
|
||||||
|
+++ b/test/certs/sm2-ca-cert.pem
|
||||||
|
@@ -1,14 +1,14 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
||||||
|
+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
||||||
|
AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
|
||||||
|
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
|
||||||
|
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw
|
||||||
|
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
|
||||||
|
-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG
|
||||||
|
-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU
|
||||||
|
-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW
|
||||||
|
-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU
|
||||||
|
-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI
|
||||||
|
-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X
|
||||||
|
-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3
|
||||||
|
+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg
|
||||||
|
+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x
|
||||||
|
+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP
|
||||||
|
+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH
|
||||||
|
+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+
|
||||||
|
+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O
|
||||||
|
+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp
|
||||||
|
+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1
|
||||||
|
+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC
|
||||||
|
+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
diff --git a/test/certs/sm2-root.crt b/test/certs/sm2-root.crt
|
||||||
|
index 5677ac6c9f6a..70ce71e43091 100644
|
||||||
|
--- a/test/certs/sm2-root.crt
|
||||||
|
+++ b/test/certs/sm2-root.crt
|
||||||
|
@@ -1,14 +1,14 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
||||||
|
+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
||||||
|
AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
|
||||||
|
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
|
||||||
|
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw
|
||||||
|
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
|
||||||
|
-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG
|
||||||
|
-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU
|
||||||
|
-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW
|
||||||
|
-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU
|
||||||
|
-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI
|
||||||
|
-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X
|
||||||
|
-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3
|
||||||
|
+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg
|
||||||
|
+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x
|
||||||
|
+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP
|
||||||
|
+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH
|
||||||
|
+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+
|
||||||
|
+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O
|
||||||
|
+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp
|
||||||
|
+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1
|
||||||
|
+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC
|
||||||
|
+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
diff --git a/test/certs/sm2.pem b/test/certs/sm2.pem
|
||||||
|
index 189abb137625..daf12926aff9 100644
|
||||||
|
--- a/test/certs/sm2.pem
|
||||||
|
+++ b/test/certs/sm2.pem
|
||||||
|
@@ -1,13 +1,14 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
-MIIB6DCCAY6gAwIBAgIJAKH2BR6ITHZeMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
|
||||||
|
-AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
|
||||||
|
-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
|
||||||
|
-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMG8xCzAJBgNVBAYTAkNOMQsw
|
||||||
|
-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
|
||||||
|
-MRAwDgYDVQQLDAdUZXN0IE9VMRswGQYDVQQDDBJUZXN0IFNNMiBTaWduIENlcnQw
|
||||||
|
-WTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQwqeNkWp7fiu1KZnuDkAucpM8piEzE
|
||||||
|
-TL1ymrcrOBvv8mhNNkeb20asbWgFQI2zOrSM99/sXGn9rM2/usM/MlcaoxowGDAJ
|
||||||
|
-BgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiEA9edBnAqT
|
||||||
|
-TNuGIUIvXsj6/nP+AzXA9HGtAIY4nrqW8LkCIHyZzhRTlxYtgfqkDl0OK5QQRCZH
|
||||||
|
-OZOfmtx613VyzXwc
|
||||||
|
+MIICNDCCAdugAwIBAgIUOMbsiFLCy2BCPtfHQSdG4R1+3BowCgYIKoEcz1UBg3Uw
|
||||||
|
+aDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzER
|
||||||
|
+MA8GA1UECgwIVGVzdCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rl
|
||||||
|
+c3QgU00yIENBMCAXDTIyMDYwMjE1NTU0OFoYDzIxMjIwNTA5MTU1NTQ4WjBvMQsw
|
||||||
|
+CQYDVQQGEwJDTjELMAkGA1UECAwCTE4xETAPBgNVBAcMCFNoZW55YW5nMREwDwYD
|
||||||
|
+VQQKDAhUZXN0IE9yZzEQMA4GA1UECwwHVGVzdCBPVTEbMBkGA1UEAwwSVGVzdCBT
|
||||||
|
+TTIgU2lnbiBDZXJ0MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEMKnjZFqe34rt
|
||||||
|
+SmZ7g5ALnKTPKYhMxEy9cpq3Kzgb7/JoTTZHm9tGrG1oBUCNszq0jPff7Fxp/azN
|
||||||
|
+v7rDPzJXGqNaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFNPl
|
||||||
|
+u8JjXkhQPiJ5bYrrq+voqBUlMB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIpSVTlXHj/
|
||||||
|
+Rbl0MAoGCCqBHM9VAYN1A0cAMEQCIG3gG1D7T7ltn6Gz1UksBZahgBE6jmkQ9Sp9
|
||||||
|
+/3aY5trlAiB5adxiK0avV0LEKfbzTdff9skoZpd7vje1QTW0l0HaGg==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh
|
||||||
|
index 12e8a7305402..109b9c4abc28 100644
|
||||||
|
--- a/test/smime-certs/mksmime-certs.sh
|
||||||
|
+++ b/test/smime-certs/mksmime-certs.sh
|
||||||
|
@@ -15,23 +15,23 @@ export OPENSSL_CONF
|
||||||
|
|
||||||
|
# Root CA: create certificate directly
|
||||||
|
CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -noenc \
|
||||||
|
- -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650
|
||||||
|
+ -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 36501
|
||||||
|
|
||||||
|
# EE RSA certificates: create request first
|
||||||
|
CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smrsa1.pem -out req.pem -newkey rsa:2048
|
||||||
|
# Sign request: end entity extensions
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem
|
||||||
|
|
||||||
|
CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smrsa2.pem -out req.pem -newkey rsa:2048
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem
|
||||||
|
|
||||||
|
CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smrsa3.pem -out req.pem -newkey rsa:2048
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem
|
||||||
|
|
||||||
|
# Create DSA parameters
|
||||||
|
@@ -40,15 +40,15 @@ $OPENSSL dsaparam -out dsap.pem 2048
|
||||||
|
|
||||||
|
CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem
|
||||||
|
CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem
|
||||||
|
CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem
|
||||||
|
|
||||||
|
# Create EC parameters
|
||||||
|
@@ -58,16 +58,17 @@ $OPENSSL ecparam -out ecp2.pem -name K-283
|
||||||
|
|
||||||
|
CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smec1.pem -out req.pem -newkey ec:ecp.pem
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem
|
||||||
|
CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smec2.pem -out req.pem -newkey ec:ecp2.pem
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem
|
||||||
|
-CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
- -keyout smec3.pem -out req.pem -newkey ec:ecp.pem
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
- -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem
|
||||||
|
+# Do not renew this cert as it is used for legacy data decrypt test
|
||||||
|
+#CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
+# -keyout smec3.pem -out req.pem -newkey ec:ecp.pem
|
||||||
|
+#$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
+# -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem
|
||||||
|
# Create X9.42 DH parameters.
|
||||||
|
$OPENSSL genpkey -genparam -algorithm DHX -out dhp.pem
|
||||||
|
# Generate X9.42 DH key.
|
||||||
|
@@ -77,7 +78,7 @@ $OPENSSL pkey -pubout -in smdh.pem -out dhpub.pem
|
||||||
|
CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -noenc \
|
||||||
|
-keyout smtmp.pem -out req.pem -newkey rsa:2048
|
||||||
|
# Sign request but force public key to DH
|
||||||
|
-$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \
|
||||||
|
+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \
|
||||||
|
-force_pubkey dhpub.pem \
|
||||||
|
-extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdh.pem
|
||||||
|
# Remove temp files.
|
@ -0,0 +1,662 @@
|
|||||||
|
diff --git a/crypto/bn/asm/ppc64-mont-fixed.pl b/crypto/bn/asm/ppc64-mont-fixed.pl
|
||||||
|
index 56df89dc27da..e69de29bb2d1 100755
|
||||||
|
--- a/crypto/bn/asm/ppc64-mont-fixed.pl
|
||||||
|
+++ b/crypto/bn/asm/ppc64-mont-fixed.pl
|
||||||
|
@@ -1,581 +0,0 @@
|
||||||
|
-#! /usr/bin/env perl
|
||||||
|
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
-#
|
||||||
|
-# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
|
-# this file except in compliance with the License. You can obtain a copy
|
||||||
|
-# in the file LICENSE in the source distribution or at
|
||||||
|
-# https://www.openssl.org/source/license.html
|
||||||
|
-
|
||||||
|
-# ====================================================================
|
||||||
|
-# Written by Amitay Isaacs <amitay@ozlabs.org>, Martin Schwenke
|
||||||
|
-# <martin@meltin.net> & Alastair D'Silva <alastair@d-silva.org> for
|
||||||
|
-# the OpenSSL project.
|
||||||
|
-# ====================================================================
|
||||||
|
-
|
||||||
|
-#
|
||||||
|
-# Fixed length (n=6), unrolled PPC Montgomery Multiplication
|
||||||
|
-#
|
||||||
|
-
|
||||||
|
-# 2021
|
||||||
|
-#
|
||||||
|
-# Although this is a generic implementation for unrolling Montgomery
|
||||||
|
-# Multiplication for arbitrary values of n, this is currently only
|
||||||
|
-# used for n = 6 to improve the performance of ECC p384.
|
||||||
|
-#
|
||||||
|
-# Unrolling allows intermediate results to be stored in registers,
|
||||||
|
-# rather than on the stack, improving performance by ~7% compared to
|
||||||
|
-# the existing PPC assembly code.
|
||||||
|
-#
|
||||||
|
-# The ISA 3.0 implementation uses combination multiply/add
|
||||||
|
-# instructions (maddld, maddhdu) to improve performance by an
|
||||||
|
-# additional ~10% on Power 9.
|
||||||
|
-#
|
||||||
|
-# Finally, saving non-volatile registers into volatile vector
|
||||||
|
-# registers instead of onto the stack saves a little more.
|
||||||
|
-#
|
||||||
|
-# On a Power 9 machine we see an overall improvement of ~18%.
|
||||||
|
-#
|
||||||
|
-
|
||||||
|
-use strict;
|
||||||
|
-use warnings;
|
||||||
|
-
|
||||||
|
-my ($flavour, $output, $dir, $xlate);
|
||||||
|
-
|
||||||
|
-# $output is the last argument if it looks like a file (it has an extension)
|
||||||
|
-# $flavour is the first argument if it doesn't look like a file
|
||||||
|
-$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
|
||||||
|
-$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
|
||||||
|
-
|
||||||
|
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
|
||||||
|
-( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
|
||||||
|
-( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
|
||||||
|
-die "can't locate ppc-xlate.pl";
|
||||||
|
-
|
||||||
|
-open STDOUT,"| $^X $xlate $flavour \"$output\""
|
||||||
|
- or die "can't call $xlate: $!";
|
||||||
|
-
|
||||||
|
-if ($flavour !~ /64/) {
|
||||||
|
- die "bad flavour ($flavour) - only ppc64 permitted";
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-my $SIZE_T= 8;
|
||||||
|
-
|
||||||
|
-# Registers are global so the code is remotely readable
|
||||||
|
-
|
||||||
|
-# Parameters for Montgomery multiplication
|
||||||
|
-my $sp = "r1";
|
||||||
|
-my $toc = "r2";
|
||||||
|
-my $rp = "r3";
|
||||||
|
-my $ap = "r4";
|
||||||
|
-my $bp = "r5";
|
||||||
|
-my $np = "r6";
|
||||||
|
-my $n0 = "r7";
|
||||||
|
-my $num = "r8";
|
||||||
|
-
|
||||||
|
-my $i = "r9";
|
||||||
|
-my $c0 = "r10";
|
||||||
|
-my $bp0 = "r11";
|
||||||
|
-my $bpi = "r11";
|
||||||
|
-my $bpj = "r11";
|
||||||
|
-my $tj = "r12";
|
||||||
|
-my $apj = "r12";
|
||||||
|
-my $npj = "r12";
|
||||||
|
-my $lo = "r14";
|
||||||
|
-my $c1 = "r14";
|
||||||
|
-
|
||||||
|
-# Non-volatile registers used for tp[i]
|
||||||
|
-#
|
||||||
|
-# 12 registers are available but the limit on unrolling is 10,
|
||||||
|
-# since registers from $tp[0] to $tp[$n+1] are used.
|
||||||
|
-my @tp = ("r20" .. "r31");
|
||||||
|
-
|
||||||
|
-# volatile VSRs for saving non-volatile GPRs - faster than stack
|
||||||
|
-my @vsrs = ("v32" .. "v46");
|
||||||
|
-
|
||||||
|
-package Mont;
|
||||||
|
-
|
||||||
|
-sub new($$)
|
||||||
|
-{
|
||||||
|
- my ($class, $n) = @_;
|
||||||
|
-
|
||||||
|
- if ($n > 10) {
|
||||||
|
- die "Can't unroll for BN length ${n} (maximum 10)"
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- my $self = {
|
||||||
|
- code => "",
|
||||||
|
- n => $n,
|
||||||
|
- };
|
||||||
|
- bless $self, $class;
|
||||||
|
-
|
||||||
|
- return $self;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-sub add_code($$)
|
||||||
|
-{
|
||||||
|
- my ($self, $c) = @_;
|
||||||
|
-
|
||||||
|
- $self->{code} .= $c;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-sub get_code($)
|
||||||
|
-{
|
||||||
|
- my ($self) = @_;
|
||||||
|
-
|
||||||
|
- return $self->{code};
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-sub get_function_name($)
|
||||||
|
-{
|
||||||
|
- my ($self) = @_;
|
||||||
|
-
|
||||||
|
- return "bn_mul_mont_fixed_n" . $self->{n};
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-sub get_label($$)
|
||||||
|
-{
|
||||||
|
- my ($self, $l) = @_;
|
||||||
|
-
|
||||||
|
- return "L" . $l . "_" . $self->{n};
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-sub get_labels($@)
|
||||||
|
-{
|
||||||
|
- my ($self, @labels) = @_;
|
||||||
|
-
|
||||||
|
- my %out = ();
|
||||||
|
-
|
||||||
|
- foreach my $l (@labels) {
|
||||||
|
- $out{"$l"} = $self->get_label("$l");
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- return \%out;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-sub nl($)
|
||||||
|
-{
|
||||||
|
- my ($self) = @_;
|
||||||
|
-
|
||||||
|
- $self->add_code("\n");
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-sub copy_result($)
|
||||||
|
-{
|
||||||
|
- my ($self) = @_;
|
||||||
|
-
|
||||||
|
- my ($n) = $self->{n};
|
||||||
|
-
|
||||||
|
- for (my $j = 0; $j < $n; $j++) {
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- std $tp[$j],`$j*$SIZE_T`($rp)
|
||||||
|
-___
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-sub mul_mont_fixed($)
|
||||||
|
-{
|
||||||
|
- my ($self) = @_;
|
||||||
|
-
|
||||||
|
- my ($n) = $self->{n};
|
||||||
|
- my $fname = $self->get_function_name();
|
||||||
|
- my $label = $self->get_labels("outer", "enter", "sub", "copy", "end");
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
-
|
||||||
|
-.globl .${fname}
|
||||||
|
-.align 5
|
||||||
|
-.${fname}:
|
||||||
|
-
|
||||||
|
-___
|
||||||
|
-
|
||||||
|
- $self->save_registers();
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- ld $n0,0($n0)
|
||||||
|
-
|
||||||
|
- ld $bp0,0($bp)
|
||||||
|
-
|
||||||
|
- ld $apj,0($ap)
|
||||||
|
-___
|
||||||
|
-
|
||||||
|
- $self->mul_c_0($tp[0], $apj, $bp0, $c0);
|
||||||
|
-
|
||||||
|
- for (my $j = 1; $j < $n - 1; $j++) {
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- ld $apj,`$j*$SIZE_T`($ap)
|
||||||
|
-___
|
||||||
|
- $self->mul($tp[$j], $apj, $bp0, $c0);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- ld $apj,`($n-1)*$SIZE_T`($ap)
|
||||||
|
-___
|
||||||
|
-
|
||||||
|
- $self->mul_last($tp[$n-1], $tp[$n], $apj, $bp0, $c0);
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- li $tp[$n+1],0
|
||||||
|
-
|
||||||
|
-___
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- li $i,0
|
||||||
|
- mtctr $num
|
||||||
|
- b $label->{"enter"}
|
||||||
|
-
|
||||||
|
-.align 4
|
||||||
|
-$label->{"outer"}:
|
||||||
|
- ldx $bpi,$bp,$i
|
||||||
|
-
|
||||||
|
- ld $apj,0($ap)
|
||||||
|
-___
|
||||||
|
-
|
||||||
|
- $self->mul_add_c_0($tp[0], $tp[0], $apj, $bpi, $c0);
|
||||||
|
-
|
||||||
|
- for (my $j = 1; $j < $n; $j++) {
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- ld $apj,`$j*$SIZE_T`($ap)
|
||||||
|
-___
|
||||||
|
- $self->mul_add($tp[$j], $tp[$j], $apj, $bpi, $c0);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- addc $tp[$n],$tp[$n],$c0
|
||||||
|
- addze $tp[$n+1],$tp[$n+1]
|
||||||
|
-___
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
-.align 4
|
||||||
|
-$label->{"enter"}:
|
||||||
|
- mulld $bpi,$tp[0],$n0
|
||||||
|
-
|
||||||
|
- ld $npj,0($np)
|
||||||
|
-___
|
||||||
|
-
|
||||||
|
- $self->mul_add_c_0($lo, $tp[0], $bpi, $npj, $c0);
|
||||||
|
-
|
||||||
|
- for (my $j = 1; $j < $n; $j++) {
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- ld $npj,`$j*$SIZE_T`($np)
|
||||||
|
-___
|
||||||
|
- $self->mul_add($tp[$j-1], $tp[$j], $npj, $bpi, $c0);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- addc $tp[$n-1],$tp[$n],$c0
|
||||||
|
- addze $tp[$n],$tp[$n+1]
|
||||||
|
-
|
||||||
|
- addi $i,$i,$SIZE_T
|
||||||
|
- bdnz $label->{"outer"}
|
||||||
|
-
|
||||||
|
- and. $tp[$n],$tp[$n],$tp[$n]
|
||||||
|
- bne $label->{"sub"}
|
||||||
|
-
|
||||||
|
- cmpld $tp[$n-1],$npj
|
||||||
|
- blt $label->{"copy"}
|
||||||
|
-
|
||||||
|
-$label->{"sub"}:
|
||||||
|
-___
|
||||||
|
-
|
||||||
|
- #
|
||||||
|
- # Reduction
|
||||||
|
- #
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- ld $bpj,`0*$SIZE_T`($np)
|
||||||
|
- subfc $c1,$bpj,$tp[0]
|
||||||
|
- std $c1,`0*$SIZE_T`($rp)
|
||||||
|
-
|
||||||
|
-___
|
||||||
|
- for (my $j = 1; $j < $n - 1; $j++) {
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- ld $bpj,`$j*$SIZE_T`($np)
|
||||||
|
- subfe $c1,$bpj,$tp[$j]
|
||||||
|
- std $c1,`$j*$SIZE_T`($rp)
|
||||||
|
-
|
||||||
|
-___
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- subfe $c1,$npj,$tp[$n-1]
|
||||||
|
- std $c1,`($n-1)*$SIZE_T`($rp)
|
||||||
|
-
|
||||||
|
-___
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- addme. $tp[$n],$tp[$n]
|
||||||
|
- beq $label->{"end"}
|
||||||
|
-
|
||||||
|
-$label->{"copy"}:
|
||||||
|
-___
|
||||||
|
-
|
||||||
|
- $self->copy_result();
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
-
|
||||||
|
-$label->{"end"}:
|
||||||
|
-___
|
||||||
|
-
|
||||||
|
- $self->restore_registers();
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- li r3,1
|
||||||
|
- blr
|
||||||
|
-.size .${fname},.-.${fname}
|
||||||
|
-___
|
||||||
|
-
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-package Mont::GPR;
|
||||||
|
-
|
||||||
|
-our @ISA = ('Mont');
|
||||||
|
-
|
||||||
|
-sub new($$)
|
||||||
|
-{
|
||||||
|
- my ($class, $n) = @_;
|
||||||
|
-
|
||||||
|
- return $class->SUPER::new($n);
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-sub save_registers($)
|
||||||
|
-{
|
||||||
|
- my ($self) = @_;
|
||||||
|
-
|
||||||
|
- my $n = $self->{n};
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- std $lo,-8($sp)
|
||||||
|
-___
|
||||||
|
-
|
||||||
|
- for (my $j = 0; $j <= $n+1; $j++) {
|
||||||
|
- $self->{code}.=<<___;
|
||||||
|
- std $tp[$j],-`($j+2)*8`($sp)
|
||||||
|
-___
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
-
|
||||||
|
-___
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-sub restore_registers($)
|
||||||
|
-{
|
||||||
|
- my ($self) = @_;
|
||||||
|
-
|
||||||
|
- my $n = $self->{n};
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- ld $lo,-8($sp)
|
||||||
|
-___
|
||||||
|
-
|
||||||
|
- for (my $j = 0; $j <= $n+1; $j++) {
|
||||||
|
- $self->{code}.=<<___;
|
||||||
|
- ld $tp[$j],-`($j+2)*8`($sp)
|
||||||
|
-___
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- $self->{code} .=<<___;
|
||||||
|
-
|
||||||
|
-___
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-# Direct translation of C mul()
|
||||||
|
-sub mul($$$$$)
|
||||||
|
-{
|
||||||
|
- my ($self, $r, $a, $w, $c) = @_;
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- mulld $lo,$a,$w
|
||||||
|
- addc $r,$lo,$c
|
||||||
|
- mulhdu $c,$a,$w
|
||||||
|
- addze $c,$c
|
||||||
|
-
|
||||||
|
-___
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-# Like mul() but $c is ignored as an input - an optimisation to save a
|
||||||
|
-# preliminary instruction that would set input $c to 0
|
||||||
|
-sub mul_c_0($$$$$)
|
||||||
|
-{
|
||||||
|
- my ($self, $r, $a, $w, $c) = @_;
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- mulld $r,$a,$w
|
||||||
|
- mulhdu $c,$a,$w
|
||||||
|
-
|
||||||
|
-___
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-# Like mul() but does not to the final addition of CA into $c - an
|
||||||
|
-# optimisation to save an instruction
|
||||||
|
-sub mul_last($$$$$$)
|
||||||
|
-{
|
||||||
|
- my ($self, $r1, $r2, $a, $w, $c) = @_;
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- mulld $lo,$a,$w
|
||||||
|
- addc $r1,$lo,$c
|
||||||
|
- mulhdu $c,$a,$w
|
||||||
|
-
|
||||||
|
- addze $r2,$c
|
||||||
|
-___
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-# Like C mul_add() but allow $r_out and $r_in to be different
|
||||||
|
-sub mul_add($$$$$$)
|
||||||
|
-{
|
||||||
|
- my ($self, $r_out, $r_in, $a, $w, $c) = @_;
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- mulld $lo,$a,$w
|
||||||
|
- addc $lo,$lo,$c
|
||||||
|
- mulhdu $c,$a,$w
|
||||||
|
- addze $c,$c
|
||||||
|
- addc $r_out,$r_in,$lo
|
||||||
|
- addze $c,$c
|
||||||
|
-
|
||||||
|
-___
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-# Like mul_add() but $c is ignored as an input - an optimisation to save a
|
||||||
|
-# preliminary instruction that would set input $c to 0
|
||||||
|
-sub mul_add_c_0($$$$$$)
|
||||||
|
-{
|
||||||
|
- my ($self, $r_out, $r_in, $a, $w, $c) = @_;
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- mulld $lo,$a,$w
|
||||||
|
- addc $r_out,$r_in,$lo
|
||||||
|
- mulhdu $c,$a,$w
|
||||||
|
- addze $c,$c
|
||||||
|
-
|
||||||
|
-___
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-package Mont::GPR_300;
|
||||||
|
-
|
||||||
|
-our @ISA = ('Mont::GPR');
|
||||||
|
-
|
||||||
|
-sub new($$)
|
||||||
|
-{
|
||||||
|
- my ($class, $n) = @_;
|
||||||
|
-
|
||||||
|
- my $mont = $class->SUPER::new($n);
|
||||||
|
-
|
||||||
|
- return $mont;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-sub get_function_name($)
|
||||||
|
-{
|
||||||
|
- my ($self) = @_;
|
||||||
|
-
|
||||||
|
- return "bn_mul_mont_300_fixed_n" . $self->{n};
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-sub get_label($$)
|
||||||
|
-{
|
||||||
|
- my ($self, $l) = @_;
|
||||||
|
-
|
||||||
|
- return "L" . $l . "_300_" . $self->{n};
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-# Direct translation of C mul()
|
||||||
|
-sub mul($$$$$)
|
||||||
|
-{
|
||||||
|
- my ($self, $r, $a, $w, $c, $last) = @_;
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- maddld $r,$a,$w,$c
|
||||||
|
- maddhdu $c,$a,$w,$c
|
||||||
|
-
|
||||||
|
-___
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-# Save the last carry as the final entry
|
||||||
|
-sub mul_last($$$$$)
|
||||||
|
-{
|
||||||
|
- my ($self, $r1, $r2, $a, $w, $c) = @_;
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- maddld $r1,$a,$w,$c
|
||||||
|
- maddhdu $r2,$a,$w,$c
|
||||||
|
-
|
||||||
|
-___
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-# Like mul() but $c is ignored as an input - an optimisation to save a
|
||||||
|
-# preliminary instruction that would set input $c to 0
|
||||||
|
-sub mul_c_0($$$$$)
|
||||||
|
-{
|
||||||
|
- my ($self, $r, $a, $w, $c) = @_;
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- mulld $r,$a,$w
|
||||||
|
- mulhdu $c,$a,$w
|
||||||
|
-
|
||||||
|
-___
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-# Like C mul_add() but allow $r_out and $r_in to be different
|
||||||
|
-sub mul_add($$$$$$)
|
||||||
|
-{
|
||||||
|
- my ($self, $r_out, $r_in, $a, $w, $c) = @_;
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- maddld $lo,$a,$w,$c
|
||||||
|
- maddhdu $c,$a,$w,$c
|
||||||
|
- addc $r_out,$r_in,$lo
|
||||||
|
- addze $c,$c
|
||||||
|
-
|
||||||
|
-___
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-# Like mul_add() but $c is ignored as an input - an optimisation to save a
|
||||||
|
-# preliminary instruction that would set input $c to 0
|
||||||
|
-sub mul_add_c_0($$$$$$)
|
||||||
|
-{
|
||||||
|
- my ($self, $r_out, $r_in, $a, $w, $c) = @_;
|
||||||
|
-
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- maddld $lo,$a,$w,$r_in
|
||||||
|
- maddhdu $c,$a,$w,$r_in
|
||||||
|
-___
|
||||||
|
-
|
||||||
|
- if ($r_out ne $lo) {
|
||||||
|
- $self->add_code(<<___);
|
||||||
|
- mr $r_out,$lo
|
||||||
|
-___
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- $self->nl();
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-
|
||||||
|
-package main;
|
||||||
|
-
|
||||||
|
-my $code;
|
||||||
|
-
|
||||||
|
-$code.=<<___;
|
||||||
|
-.machine "any"
|
||||||
|
-.text
|
||||||
|
-___
|
||||||
|
-
|
||||||
|
-my $mont;
|
||||||
|
-
|
||||||
|
-$mont = new Mont::GPR(6);
|
||||||
|
-$mont->mul_mont_fixed();
|
||||||
|
-$code .= $mont->get_code();
|
||||||
|
-
|
||||||
|
-$mont = new Mont::GPR_300(6);
|
||||||
|
-$mont->mul_mont_fixed();
|
||||||
|
-$code .= $mont->get_code();
|
||||||
|
-
|
||||||
|
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
|
||||||
|
-
|
||||||
|
-$code.=<<___;
|
||||||
|
-.asciz "Montgomery Multiplication for PPC by <amitay\@ozlabs.org>, <alastair\@d-silva.org>"
|
||||||
|
-___
|
||||||
|
-
|
||||||
|
-print $code;
|
||||||
|
-close STDOUT or die "error closing STDOUT: $!";
|
||||||
|
diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c
|
||||||
|
index 1e9421bee213..3ee76ea96574 100644
|
||||||
|
--- a/crypto/bn/bn_ppc.c
|
||||||
|
+++ b/crypto/bn/bn_ppc.c
|
||||||
|
@@ -19,12 +19,6 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||||
|
const BN_ULONG *np, const BN_ULONG *n0, int num);
|
||||||
|
int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||||
|
const BN_ULONG *np, const BN_ULONG *n0, int num);
|
||||||
|
- int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
|
||||||
|
- const BN_ULONG *bp, const BN_ULONG *np,
|
||||||
|
- const BN_ULONG *n0, int num);
|
||||||
|
- int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
|
||||||
|
- const BN_ULONG *bp, const BN_ULONG *np,
|
||||||
|
- const BN_ULONG *n0, int num);
|
||||||
|
|
||||||
|
if (num < 4)
|
||||||
|
return 0;
|
||||||
|
@@ -40,14 +34,5 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||||
|
* no opportunity to figure it out...
|
||||||
|
*/
|
||||||
|
|
||||||
|
-#if defined(_ARCH_PPC64)
|
||||||
|
- if (num == 6) {
|
||||||
|
- if (OPENSSL_ppccap_P & PPC_MADD300)
|
||||||
|
- return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
|
||||||
|
- else
|
||||||
|
- return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
|
||||||
|
- }
|
||||||
|
-#endif
|
||||||
|
-
|
||||||
|
return bn_mul_mont_int(rp, ap, bp, np, n0, num);
|
||||||
|
}
|
||||||
|
diff --git a/crypto/bn/build.info b/crypto/bn/build.info
|
||||||
|
index 987a70ae263b..4f8d0689b5ea 100644
|
||||||
|
--- a/crypto/bn/build.info
|
||||||
|
+++ b/crypto/bn/build.info
|
||||||
|
@@ -79,7 +79,7 @@ IF[{- !$disabled{asm} -}]
|
||||||
|
|
||||||
|
$BNASM_ppc32=bn_ppc.c bn-ppc.s ppc-mont.s
|
||||||
|
$BNDEF_ppc32=OPENSSL_BN_ASM_MONT
|
||||||
|
- $BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s
|
||||||
|
+ $BNASM_ppc64=$BNASM_ppc32
|
||||||
|
$BNDEF_ppc64=$BNDEF_ppc32
|
||||||
|
|
||||||
|
$BNASM_c64xplus=asm/bn-c64xplus.asm
|
||||||
|
@@ -173,7 +173,6 @@ GENERATE[parisc-mont.s]=asm/parisc-mont.pl
|
||||||
|
GENERATE[bn-ppc.s]=asm/ppc.pl
|
||||||
|
GENERATE[ppc-mont.s]=asm/ppc-mont.pl
|
||||||
|
GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl
|
||||||
|
-GENERATE[ppc64-mont-fixed.s]=asm/ppc64-mont-fixed.pl
|
||||||
|
|
||||||
|
GENERATE[alpha-mont.S]=asm/alpha-mont.pl
|
||||||
|
|
||||||
|
diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
||||||
|
index f36982845db4..1543ed9f7534 100644
|
||||||
|
--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
||||||
|
+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
|
||||||
|
@@ -97,6 +97,18 @@ Key = P-256-PUBLIC
|
||||||
|
Input = "Hello World"
|
||||||
|
Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
|
||||||
|
|
||||||
|
+PublicKey=P-384-PUBLIC
|
||||||
|
+-----BEGIN PUBLIC KEY-----
|
||||||
|
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAES/TlL5WEJ+u1kV+4yVlVUbTTo/2rZ7rd
|
||||||
|
+nWwwk/QlukNjDfcfQvDrfOqpTZ9kSKhd0wMxWIJJ/S/cCzCex+2EgbwW8ngAwT19
|
||||||
|
+twD8guGxyFRaoMDTtW47/nifwYqRaIfC
|
||||||
|
+-----END PUBLIC KEY-----
|
||||||
|
+
|
||||||
|
+DigestVerify = SHA384
|
||||||
|
+Key = P-384-PUBLIC
|
||||||
|
+Input = "123400"
|
||||||
|
+Output = 304d0218389cb27e0bc8d21fa7e5f24cb74f58851313e696333ad68b023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52970
|
||||||
|
+
|
||||||
|
# Oneshot tests
|
||||||
|
OneShotDigestVerify = SHA256
|
||||||
|
Key = P-256-PUBLIC
|
@ -0,0 +1,174 @@
|
|||||||
|
diff -up openssl-3.0.1/tools/c_rehash.in.cve20222068 openssl-3.0.1/tools/c_rehash.in
|
||||||
|
--- openssl-3.0.1/tools/c_rehash.in.cve20222068 2022-06-22 13:15:57.347421765 +0200
|
||||||
|
+++ openssl-3.0.1/tools/c_rehash.in 2022-06-22 13:16:14.797576250 +0200
|
||||||
|
@@ -104,18 +104,41 @@ foreach (@dirlist) {
|
||||||
|
}
|
||||||
|
exit($errorcount);
|
||||||
|
|
||||||
|
+sub copy_file {
|
||||||
|
+ my ($src_fname, $dst_fname) = @_;
|
||||||
|
+
|
||||||
|
+ if (open(my $in, "<", $src_fname)) {
|
||||||
|
+ if (open(my $out, ">", $dst_fname)) {
|
||||||
|
+ print $out $_ while (<$in>);
|
||||||
|
+ close $out;
|
||||||
|
+ } else {
|
||||||
|
+ warn "Cannot open $dst_fname for write, $!";
|
||||||
|
+ }
|
||||||
|
+ close $in;
|
||||||
|
+ } else {
|
||||||
|
+ warn "Cannot open $src_fname for read, $!";
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
sub hash_dir {
|
||||||
|
+ my $dir = shift;
|
||||||
|
my %hashlist;
|
||||||
|
- print "Doing $_[0]\n";
|
||||||
|
- chdir $_[0];
|
||||||
|
- opendir(DIR, ".");
|
||||||
|
+
|
||||||
|
+ print "Doing $dir\n";
|
||||||
|
+
|
||||||
|
+ if (!chdir $dir) {
|
||||||
|
+ print STDERR "WARNING: Cannot chdir to '$dir', $!\n";
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n";
|
||||||
|
my @flist = sort readdir(DIR);
|
||||||
|
closedir DIR;
|
||||||
|
if ( $removelinks ) {
|
||||||
|
# Delete any existing symbolic links
|
||||||
|
foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
|
||||||
|
if (-l $_) {
|
||||||
|
- print "unlink $_" if $verbose;
|
||||||
|
+ print "unlink $_\n" if $verbose;
|
||||||
|
unlink $_ || warn "Can't unlink $_, $!\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -130,13 +153,16 @@ sub hash_dir {
|
||||||
|
link_hash_cert($fname) if ($cert);
|
||||||
|
link_hash_crl($fname) if ($crl);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ chdir $pwd;
|
||||||
|
}
|
||||||
|
|
||||||
|
sub check_file {
|
||||||
|
my ($is_cert, $is_crl) = (0,0);
|
||||||
|
my $fname = $_[0];
|
||||||
|
- open IN, $fname;
|
||||||
|
- while(<IN>) {
|
||||||
|
+
|
||||||
|
+ open(my $in, "<", $fname);
|
||||||
|
+ while(<$in>) {
|
||||||
|
if (/^-----BEGIN (.*)-----/) {
|
||||||
|
my $hdr = $1;
|
||||||
|
if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
|
||||||
|
@@ -148,7 +174,7 @@ sub check_file {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- close IN;
|
||||||
|
+ close $in;
|
||||||
|
return ($is_cert, $is_crl);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -177,76 +203,49 @@ sub compute_hash {
|
||||||
|
# certificate fingerprints
|
||||||
|
|
||||||
|
sub link_hash_cert {
|
||||||
|
- my $fname = $_[0];
|
||||||
|
- my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
|
||||||
|
- "-fingerprint", "-noout",
|
||||||
|
- "-in", $fname);
|
||||||
|
- chomp $hash;
|
||||||
|
- chomp $fprint;
|
||||||
|
- return if !$hash;
|
||||||
|
- $fprint =~ s/^.*=//;
|
||||||
|
- $fprint =~ tr/://d;
|
||||||
|
- my $suffix = 0;
|
||||||
|
- # Search for an unused hash filename
|
||||||
|
- while(exists $hashlist{"$hash.$suffix"}) {
|
||||||
|
- # Hash matches: if fingerprint matches its a duplicate cert
|
||||||
|
- if ($hashlist{"$hash.$suffix"} eq $fprint) {
|
||||||
|
- print STDERR "WARNING: Skipping duplicate certificate $fname\n";
|
||||||
|
- return;
|
||||||
|
- }
|
||||||
|
- $suffix++;
|
||||||
|
- }
|
||||||
|
- $hash .= ".$suffix";
|
||||||
|
- if ($symlink_exists) {
|
||||||
|
- print "link $fname -> $hash\n" if $verbose;
|
||||||
|
- symlink $fname, $hash || warn "Can't symlink, $!";
|
||||||
|
- } else {
|
||||||
|
- print "copy $fname -> $hash\n" if $verbose;
|
||||||
|
- if (open($in, "<", $fname)) {
|
||||||
|
- if (open($out,">", $hash)) {
|
||||||
|
- print $out $_ while (<$in>);
|
||||||
|
- close $out;
|
||||||
|
- } else {
|
||||||
|
- warn "can't open $hash for write, $!";
|
||||||
|
- }
|
||||||
|
- close $in;
|
||||||
|
- } else {
|
||||||
|
- warn "can't open $fname for read, $!";
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- $hashlist{$hash} = $fprint;
|
||||||
|
+ link_hash($_[0], 'cert');
|
||||||
|
}
|
||||||
|
|
||||||
|
# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
|
||||||
|
|
||||||
|
sub link_hash_crl {
|
||||||
|
- my $fname = $_[0];
|
||||||
|
- my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
|
||||||
|
+ link_hash($_[0], 'crl');
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+sub link_hash {
|
||||||
|
+ my ($fname, $type) = @_;
|
||||||
|
+ my $is_cert = $type eq 'cert';
|
||||||
|
+
|
||||||
|
+ my ($hash, $fprint) = compute_hash($openssl,
|
||||||
|
+ $is_cert ? "x509" : "crl",
|
||||||
|
+ $is_cert ? $x509hash : $crlhash,
|
||||||
|
"-fingerprint", "-noout",
|
||||||
|
"-in", $fname);
|
||||||
|
chomp $hash;
|
||||||
|
+ $hash =~ s/^.*=// if !$is_cert;
|
||||||
|
chomp $fprint;
|
||||||
|
return if !$hash;
|
||||||
|
$fprint =~ s/^.*=//;
|
||||||
|
$fprint =~ tr/://d;
|
||||||
|
my $suffix = 0;
|
||||||
|
# Search for an unused hash filename
|
||||||
|
- while(exists $hashlist{"$hash.r$suffix"}) {
|
||||||
|
+ my $crlmark = $is_cert ? "" : "r";
|
||||||
|
+ while(exists $hashlist{"$hash.$crlmark$suffix"}) {
|
||||||
|
# Hash matches: if fingerprint matches its a duplicate cert
|
||||||
|
- if ($hashlist{"$hash.r$suffix"} eq $fprint) {
|
||||||
|
- print STDERR "WARNING: Skipping duplicate CRL $fname\n";
|
||||||
|
+ if ($hashlist{"$hash.$crlmark$suffix"} eq $fprint) {
|
||||||
|
+ my $what = $is_cert ? 'certificate' : 'CRL';
|
||||||
|
+ print STDERR "WARNING: Skipping duplicate $what $fname\n";
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
$suffix++;
|
||||||
|
}
|
||||||
|
- $hash .= ".r$suffix";
|
||||||
|
+ $hash .= ".$crlmark$suffix";
|
||||||
|
if ($symlink_exists) {
|
||||||
|
print "link $fname -> $hash\n" if $verbose;
|
||||||
|
symlink $fname, $hash || warn "Can't symlink, $!";
|
||||||
|
} else {
|
||||||
|
- print "cp $fname -> $hash\n" if $verbose;
|
||||||
|
- system ("cp", $fname, $hash);
|
||||||
|
- warn "Can't copy, $!" if ($? >> 8) != 0;
|
||||||
|
+ print "copy $fname -> $hash\n" if $verbose;
|
||||||
|
+ copy_file($fname, $hash);
|
||||||
|
}
|
||||||
|
$hashlist{$hash} = $fprint;
|
||||||
|
}
|
@ -0,0 +1,151 @@
|
|||||||
|
From a98f339ddd7e8f487d6e0088d4a9a42324885a93 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alex Chernyakhovsky <achernya@google.com>
|
||||||
|
Date: Thu, 16 Jun 2022 12:00:22 +1000
|
||||||
|
Subject: [PATCH] Fix AES OCB encrypt/decrypt for x86 AES-NI
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
|
||||||
|
that performs operations on 6 16-byte blocks concurrently (the
|
||||||
|
"grandloop") and then proceeds to handle the "short" tail (which can
|
||||||
|
be anywhere from 0 to 5 blocks) that remain.
|
||||||
|
|
||||||
|
As part of initialization, the assembly initializes $len to the true
|
||||||
|
length, less 96 bytes and converts it to a pointer so that the $inp
|
||||||
|
can be compared to it. Each iteration of "grandloop" checks to see if
|
||||||
|
there's a full 96-byte chunk to process, and if so, continues. Once
|
||||||
|
this has been exhausted, it falls through to "short", which handles
|
||||||
|
the remaining zero to five blocks.
|
||||||
|
|
||||||
|
Unfortunately, the jump at the end of "grandloop" had a fencepost
|
||||||
|
error, doing a `jb` ("jump below") rather than `jbe` (jump below or
|
||||||
|
equal). This should be `jbe`, as $inp is pointing to the *end* of the
|
||||||
|
chunk currently being handled. If $inp == $len, that means that
|
||||||
|
there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
|
||||||
|
then there's 5 or fewer 16-byte blocks left to be handled, and the
|
||||||
|
fall-through is intended.
|
||||||
|
|
||||||
|
The net effect of `jb` instead of `jbe` is that the last 16-byte block
|
||||||
|
of the last 96-byte chunk was completely omitted. The contents of
|
||||||
|
`out` in this position were never written to. Additionally, since
|
||||||
|
those bytes were never processed, the authentication tag generated is
|
||||||
|
also incorrect.
|
||||||
|
|
||||||
|
The same fencepost error, and identical logic, exists in both
|
||||||
|
aesni_ocb_encrypt and aesni_ocb_decrypt.
|
||||||
|
|
||||||
|
This addresses CVE-2022-2097.
|
||||||
|
|
||||||
|
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
|
||||||
|
Co-authored-by: David Benjamin <davidben@google.com>
|
||||||
|
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||||
|
(cherry picked from commit 6ebf6d51596f51d23ccbc17930778d104a57d99c)
|
||||||
|
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93]
|
||||||
|
---
|
||||||
|
crypto/aes/asm/aesni-x86.pl | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl
|
||||||
|
index 4245fe34e17e..7cf838db170b 100644
|
||||||
|
--- a/crypto/aes/asm/aesni-x86.pl
|
||||||
|
+++ b/crypto/aes/asm/aesni-x86.pl
|
||||||
|
@@ -2025,7 +2025,7 @@ sub aesni_generate6
|
||||||
|
&movdqu (&QWP(-16*2,$out,$inp),$inout4);
|
||||||
|
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
|
||||||
|
&cmp ($inp,$len); # done yet?
|
||||||
|
- &jb (&label("grandloop"));
|
||||||
|
+ &jbe (&label("grandloop"));
|
||||||
|
|
||||||
|
&set_label("short");
|
||||||
|
&add ($len,16*6);
|
||||||
|
@@ -2451,7 +2451,7 @@ sub aesni_generate6
|
||||||
|
&pxor ($rndkey1,$inout5);
|
||||||
|
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
|
||||||
|
&cmp ($inp,$len); # done yet?
|
||||||
|
- &jb (&label("grandloop"));
|
||||||
|
+ &jbe (&label("grandloop"));
|
||||||
|
|
||||||
|
&set_label("short");
|
||||||
|
&add ($len,16*6);
|
||||||
|
From 52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Alex Chernyakhovsky <achernya@google.com>
|
||||||
|
Date: Thu, 16 Jun 2022 12:02:37 +1000
|
||||||
|
Subject: [PATCH] AES OCB test vectors
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.
|
||||||
|
|
||||||
|
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
|
||||||
|
Co-authored-by: David Benjamin <davidben@google.com>
|
||||||
|
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||||
|
(cherry picked from commit 2f19ab18a29cf9c82cdd68bc8c7e5be5061b19be)
|
||||||
|
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8]
|
||||||
|
---
|
||||||
|
.../30-test_evp_data/evpciph_aes_ocb.txt | 50 +++++++++++++++++++
|
||||||
|
1 file changed, 50 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt b/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt
|
||||||
|
index e58ee34b6b3f..de098905230b 100644
|
||||||
|
--- a/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt
|
||||||
|
+++ b/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt
|
||||||
|
@@ -207,3 +207,53 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021
|
||||||
|
Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486
|
||||||
|
Operation = DECRYPT
|
||||||
|
Result = CIPHERFINAL_ERROR
|
||||||
|
+
|
||||||
|
+#Test vectors generated to validate aesni_ocb_encrypt on x86
|
||||||
|
+Cipher = aes-128-ocb
|
||||||
|
+Key = 000102030405060708090A0B0C0D0E0F
|
||||||
|
+IV = 000000000001020304050607
|
||||||
|
+Tag = C14DFF7D62A13C4A3422456207453190
|
||||||
|
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||||
|
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B819333
|
||||||
|
+
|
||||||
|
+Cipher = aes-128-ocb
|
||||||
|
+Key = 000102030405060708090A0B0C0D0E0F
|
||||||
|
+IV = 000000000001020304050607
|
||||||
|
+Tag = D47D84F6FF912C79B6A4223AB9BE2DB8
|
||||||
|
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F
|
||||||
|
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC204
|
||||||
|
+
|
||||||
|
+Cipher = aes-128-ocb
|
||||||
|
+Key = 000102030405060708090A0B0C0D0E0F
|
||||||
|
+IV = 000000000001020304050607
|
||||||
|
+Tag = 41970D13737B7BD1B5FBF49ED4412CA5
|
||||||
|
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D
|
||||||
|
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91
|
||||||
|
+
|
||||||
|
+Cipher = aes-128-ocb
|
||||||
|
+Key = 000102030405060708090A0B0C0D0E0F
|
||||||
|
+IV = 000000000001020304050607
|
||||||
|
+Tag = BE0228651ED4E48A11BDED68D953F3A0
|
||||||
|
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D
|
||||||
|
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F
|
||||||
|
+
|
||||||
|
+Cipher = aes-128-ocb
|
||||||
|
+Key = 000102030405060708090A0B0C0D0E0F
|
||||||
|
+IV = 000000000001020304050607
|
||||||
|
+Tag = 17BC6E10B16E5FDC52836E7D589518C7
|
||||||
|
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D
|
||||||
|
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B
|
||||||
|
+
|
||||||
|
+Cipher = aes-128-ocb
|
||||||
|
+Key = 000102030405060708090A0B0C0D0E0F
|
||||||
|
+IV = 000000000001020304050607
|
||||||
|
+Tag = E84AAC18666116990A3A37B3A5FC55BD
|
||||||
|
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D
|
||||||
|
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED
|
||||||
|
+
|
||||||
|
+Cipher = aes-128-ocb
|
||||||
|
+Key = 000102030405060708090A0B0C0D0E0F
|
||||||
|
+IV = 000000000001020304050607
|
||||||
|
+Tag = 3E5EA7EE064FE83B313E28D411E91EAD
|
||||||
|
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D
|
||||||
|
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED48D9E09F452F8E6FBEB76A3DED47611C
|
@ -0,0 +1,56 @@
|
|||||||
|
From edceec7fe0c9a5534ae155c8398c63dd7dd95483 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Mraz <tomas@openssl.org>
|
||||||
|
Date: Thu, 5 May 2022 08:11:24 +0200
|
||||||
|
Subject: [PATCH] EVP_PKEY_Q_keygen: Call OPENSSL_init_crypto to init
|
||||||
|
strcasecmp
|
||||||
|
|
||||||
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||||
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||||
|
(Merged from https://github.com/openssl/openssl/pull/18247)
|
||||||
|
|
||||||
|
(cherry picked from commit b807c2fbab2128cf3746bb2ebd51cbe3bb6914a9)
|
||||||
|
|
||||||
|
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483]
|
||||||
|
---
|
||||||
|
crypto/evp/evp_lib.c | 7 +++++++
|
||||||
|
1 file changed, 7 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
|
||||||
|
index 3fe4743761..d9b8c0af41 100644
|
||||||
|
--- a/crypto/evp/evp_lib.c
|
||||||
|
+++ b/crypto/evp/evp_lib.c
|
||||||
|
@@ -24,6 +24,7 @@
|
||||||
|
#include <openssl/dh.h>
|
||||||
|
#include <openssl/ec.h>
|
||||||
|
#include "crypto/evp.h"
|
||||||
|
+#include "crypto/cryptlib.h"
|
||||||
|
#include "internal/provider.h"
|
||||||
|
#include "evp_local.h"
|
||||||
|
|
||||||
|
@@ -1094,6 +1095,8 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
|
||||||
|
return (ctx->flags & flags);
|
||||||
|
}
|
||||||
|
|
||||||
|
+#if !defined(FIPS_MODULE)
|
||||||
|
+
|
||||||
|
int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name)
|
||||||
|
{
|
||||||
|
OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
||||||
|
@@ -1169,6 +1172,8 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
|
||||||
|
|
||||||
|
va_start(args, type);
|
||||||
|
|
||||||
|
+ OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL);
|
||||||
|
+
|
||||||
|
if (OPENSSL_strcasecmp(type, "RSA") == 0) {
|
||||||
|
bits = va_arg(args, size_t);
|
||||||
|
params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);
|
||||||
|
@@ -1189,3 +1194,5 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
|
||||||
|
va_end(args);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
--
|
||||||
|
2.35.3
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,367 @@
|
|||||||
|
From 4a2239bd7d444c30c55b20ea8b4aeadafdfe1afd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Fri, 22 Jul 2022 13:59:37 +0200
|
||||||
|
Subject: [PATCH] FIPS: Use OAEP in KATs, support fixed OAEP seed
|
||||||
|
|
||||||
|
Review by our lab for FIPS 140-3 certification expects the RSA
|
||||||
|
encryption and decryption tests to use a supported padding mode, not raw
|
||||||
|
RSA signatures. Switch to RSA-OAEP for the self tests to fulfill that.
|
||||||
|
|
||||||
|
The FIPS 140-3 Implementation Guidance specifies in section 10.3.A
|
||||||
|
"Cryptographic Algorithm Self-Test Requirements" that a self-test may be
|
||||||
|
a known-answer test, a comparison test, or a fault-detection test.
|
||||||
|
|
||||||
|
Comparison tests are not an option, because they would require
|
||||||
|
a separate implementation of RSA-OAEP, which we do not have. Fault
|
||||||
|
detection tests require implementing fault detection mechanisms into the
|
||||||
|
cryptographic algorithm implementation, we we also do not have.
|
||||||
|
|
||||||
|
As a consequence, a known-answer test must be used to test RSA
|
||||||
|
encryption and decryption, but RSA encryption with OAEP padding is not
|
||||||
|
deterministic, and thus encryption will always yield different results
|
||||||
|
that could not be compared to known answers. For this reason, this
|
||||||
|
change explicitly sets the seed in OAEP (see RFC 8017 section 7.1.1),
|
||||||
|
which is the source of randomness for RSA-OAEP, to a fixed value. This
|
||||||
|
setting is only available during self-test execution, and the parameter
|
||||||
|
set using EVP_PKEY_CTX_set_params() will be ignored otherwise.
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
---
|
||||||
|
crypto/rsa/rsa_local.h | 8 ++
|
||||||
|
crypto/rsa/rsa_oaep.c | 34 ++++++--
|
||||||
|
include/openssl/core_names.h | 3 +
|
||||||
|
providers/fips/self_test_data.inc | 83 +++++++++++--------
|
||||||
|
providers/fips/self_test_kats.c | 7 ++
|
||||||
|
.../implementations/asymciphers/rsa_enc.c | 41 ++++++++-
|
||||||
|
6 files changed, 133 insertions(+), 43 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
|
||||||
|
index ea70da05ad..dde57a1a0e 100644
|
||||||
|
--- a/crypto/rsa/rsa_local.h
|
||||||
|
+++ b/crypto/rsa/rsa_local.h
|
||||||
|
@@ -193,4 +193,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to
|
||||||
|
int tlen, const unsigned char *from,
|
||||||
|
int flen);
|
||||||
|
|
||||||
|
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
|
||||||
|
+ unsigned char *to, int tlen,
|
||||||
|
+ const unsigned char *from, int flen,
|
||||||
|
+ const unsigned char *param,
|
||||||
|
+ int plen, const EVP_MD *md,
|
||||||
|
+ const EVP_MD *mgf1md,
|
||||||
|
+ const char *redhat_st_seed);
|
||||||
|
+
|
||||||
|
#endif /* OSSL_CRYPTO_RSA_LOCAL_H */
|
||||||
|
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
|
||||||
|
index d9be1a4f98..b2f7f7dc4b 100644
|
||||||
|
--- a/crypto/rsa/rsa_oaep.c
|
||||||
|
+++ b/crypto/rsa/rsa_oaep.c
|
||||||
|
@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
|
||||||
|
param, plen, NULL, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+extern int REDHAT_FIPS_asym_cipher_st;
|
||||||
|
+#endif /* FIPS_MODULE */
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Perform the padding as per NIST 800-56B 7.2.2.3
|
||||||
|
* from (K) is the key material.
|
||||||
|
@@ -51,12 +55,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
|
||||||
|
* Step numbers are included here but not in the constant time inverse below
|
||||||
|
* to avoid complicating an already difficult enough function.
|
||||||
|
*/
|
||||||
|
-int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
|
||||||
|
- unsigned char *to, int tlen,
|
||||||
|
- const unsigned char *from, int flen,
|
||||||
|
- const unsigned char *param,
|
||||||
|
- int plen, const EVP_MD *md,
|
||||||
|
- const EVP_MD *mgf1md)
|
||||||
|
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
|
||||||
|
+ unsigned char *to, int tlen,
|
||||||
|
+ const unsigned char *from, int flen,
|
||||||
|
+ const unsigned char *param,
|
||||||
|
+ int plen, const EVP_MD *md,
|
||||||
|
+ const EVP_MD *mgf1md,
|
||||||
|
+ const char *redhat_st_seed)
|
||||||
|
{
|
||||||
|
int rv = 0;
|
||||||
|
int i, emlen = tlen - 1;
|
||||||
|
@@ -107,6 +112,11 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
|
||||||
|
db[emlen - flen - mdlen - 1] = 0x01;
|
||||||
|
memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
|
||||||
|
/* step 3d: generate random byte string */
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if (redhat_st_seed != NULL && REDHAT_FIPS_asym_cipher_st) {
|
||||||
|
+ memcpy(seed, redhat_st_seed, mdlen);
|
||||||
|
+ } else
|
||||||
|
+#endif
|
||||||
|
if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
@@ -138,6 +148,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
|
||||||
|
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
|
||||||
|
+ unsigned char *to, int tlen,
|
||||||
|
+ const unsigned char *from, int flen,
|
||||||
|
+ const unsigned char *param,
|
||||||
|
+ int plen, const EVP_MD *md,
|
||||||
|
+ const EVP_MD *mgf1md)
|
||||||
|
+{
|
||||||
|
+ return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(libctx, to, tlen, from,
|
||||||
|
+ flen, param, plen, md,
|
||||||
|
+ mgf1md, NULL);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
||||||
|
const unsigned char *from, int flen,
|
||||||
|
const unsigned char *param, int plen,
|
||||||
|
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
||||||
|
index 59a6e79566..11216fb8f8 100644
|
||||||
|
--- a/include/openssl/core_names.h
|
||||||
|
+++ b/include/openssl/core_names.h
|
||||||
|
@@ -469,6 +469,9 @@ extern "C" {
|
||||||
|
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
|
||||||
|
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
|
||||||
|
#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+#define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed"
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Encoder / decoder parameters
|
||||||
|
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
|
||||||
|
index 4e30ec56dd..0103c87528 100644
|
||||||
|
--- a/providers/fips/self_test_data.inc
|
||||||
|
+++ b/providers/fips/self_test_data.inc
|
||||||
|
@@ -1294,9 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
|
||||||
|
ST_KAT_PARAM_END()
|
||||||
|
};
|
||||||
|
|
||||||
|
+/*-
|
||||||
|
+ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the
|
||||||
|
+ * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
|
||||||
|
+ * HP/UX PA-RISC compilers.
|
||||||
|
+ */
|
||||||
|
+static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP;
|
||||||
|
+static const char oaep_fixed_seed[] = {
|
||||||
|
+ 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25,
|
||||||
|
+ 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab,
|
||||||
|
+ 0x2e, 0x4b, 0x2c, 0xe6
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
static const ST_KAT_PARAM rsa_enc_params[] = {
|
||||||
|
- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE,
|
||||||
|
- OSSL_PKEY_RSA_PAD_MODE_NONE),
|
||||||
|
+ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep),
|
||||||
|
+ ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED,
|
||||||
|
+ oaep_fixed_seed),
|
||||||
|
ST_KAT_PARAM_END()
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -1335,43 +1348,43 @@ static const unsigned char rsa_expected_sig[256] = {
|
||||||
|
0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6
|
||||||
|
};
|
||||||
|
|
||||||
|
-static const unsigned char rsa_asym_plaintext_encrypt[256] = {
|
||||||
|
+static const unsigned char rsa_asym_plaintext_encrypt[208] = {
|
||||||
|
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
|
||||||
|
0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
|
||||||
|
};
|
||||||
|
static const unsigned char rsa_asym_expected_encrypt[256] = {
|
||||||
|
- 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b,
|
||||||
|
- 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61,
|
||||||
|
- 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c,
|
||||||
|
- 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc,
|
||||||
|
- 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0,
|
||||||
|
- 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa,
|
||||||
|
- 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a,
|
||||||
|
- 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc,
|
||||||
|
- 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35,
|
||||||
|
- 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a,
|
||||||
|
- 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd,
|
||||||
|
- 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda,
|
||||||
|
- 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18,
|
||||||
|
- 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7,
|
||||||
|
- 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39,
|
||||||
|
- 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87,
|
||||||
|
- 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21,
|
||||||
|
- 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0,
|
||||||
|
- 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8,
|
||||||
|
- 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c,
|
||||||
|
- 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa,
|
||||||
|
- 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69,
|
||||||
|
- 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52,
|
||||||
|
- 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c,
|
||||||
|
- 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6,
|
||||||
|
- 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93,
|
||||||
|
- 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d,
|
||||||
|
- 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5,
|
||||||
|
- 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9,
|
||||||
|
- 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04,
|
||||||
|
- 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa,
|
||||||
|
- 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab,
|
||||||
|
+ 0x6c, 0x21, 0xc1, 0x9e, 0x94, 0xee, 0xdf, 0x74,
|
||||||
|
+ 0x3a, 0x3c, 0x7c, 0x04, 0x1a, 0x53, 0x9e, 0x7c,
|
||||||
|
+ 0x42, 0xac, 0x7e, 0x28, 0x9a, 0xb7, 0xe2, 0x4e,
|
||||||
|
+ 0x87, 0xd4, 0x00, 0x69, 0x71, 0xf0, 0x3e, 0x0b,
|
||||||
|
+ 0xc1, 0xda, 0xd6, 0xbd, 0x21, 0x39, 0x4f, 0x25,
|
||||||
|
+ 0x22, 0x1f, 0x76, 0x0d, 0x62, 0x1f, 0xa2, 0x89,
|
||||||
|
+ 0xdb, 0x38, 0x32, 0x88, 0x21, 0x1d, 0x89, 0xf1,
|
||||||
|
+ 0xe0, 0x14, 0xd4, 0xb7, 0x90, 0xfc, 0xbc, 0x50,
|
||||||
|
+ 0xb0, 0x8d, 0x5c, 0x2f, 0x49, 0x9e, 0x90, 0x17,
|
||||||
|
+ 0x9e, 0x60, 0x9f, 0xe1, 0x77, 0x4f, 0x11, 0xa2,
|
||||||
|
+ 0xcf, 0x16, 0x65, 0x2d, 0x4a, 0x2c, 0x12, 0xcb,
|
||||||
|
+ 0x1e, 0x3c, 0x29, 0x8b, 0xdc, 0x27, 0x06, 0x9d,
|
||||||
|
+ 0xf4, 0x0d, 0xe1, 0xc9, 0xeb, 0x14, 0x6a, 0x7e,
|
||||||
|
+ 0xfd, 0xa7, 0xa8, 0xa7, 0x51, 0x82, 0x62, 0x0f,
|
||||||
|
+ 0x29, 0x8d, 0x8c, 0x5e, 0xf2, 0xb8, 0xcd, 0xd3,
|
||||||
|
+ 0x51, 0x92, 0xa7, 0x25, 0x39, 0x9d, 0xdd, 0x06,
|
||||||
|
+ 0xff, 0xb1, 0xb0, 0xd5, 0x61, 0x03, 0x8f, 0x25,
|
||||||
|
+ 0x5c, 0x49, 0x12, 0xc1, 0x50, 0x67, 0x61, 0x78,
|
||||||
|
+ 0xb3, 0xe3, 0xc4, 0xf6, 0x36, 0x16, 0xa9, 0x04,
|
||||||
|
+ 0x91, 0x0a, 0x4b, 0x27, 0x28, 0x97, 0x50, 0x7c,
|
||||||
|
+ 0x65, 0x2d, 0xd0, 0x08, 0x71, 0x84, 0xe7, 0x47,
|
||||||
|
+ 0x79, 0x83, 0x91, 0x46, 0xd9, 0x8f, 0x79, 0xce,
|
||||||
|
+ 0x49, 0xcb, 0xcd, 0x8b, 0x34, 0xac, 0x61, 0xe0,
|
||||||
|
+ 0xe6, 0x55, 0xbf, 0x10, 0xe4, 0xac, 0x9a, 0xd6,
|
||||||
|
+ 0xed, 0xc1, 0xc2, 0xb6, 0xb6, 0xf7, 0x41, 0x99,
|
||||||
|
+ 0xde, 0xfa, 0xde, 0x11, 0x16, 0xa2, 0x18, 0x30,
|
||||||
|
+ 0x30, 0xdc, 0x95, 0x76, 0x2f, 0x46, 0x43, 0x20,
|
||||||
|
+ 0xc4, 0xe7, 0x50, 0xb9, 0x1e, 0xcd, 0x69, 0xbb,
|
||||||
|
+ 0x29, 0x94, 0x27, 0x9c, 0xc9, 0xab, 0xb4, 0x27,
|
||||||
|
+ 0x8b, 0x4d, 0xe1, 0xcb, 0xc1, 0x04, 0x2c, 0x66,
|
||||||
|
+ 0x41, 0x3a, 0x4d, 0xeb, 0x61, 0x4c, 0x77, 0x5a,
|
||||||
|
+ 0xee, 0xb0, 0xca, 0x99, 0x0e, 0x7f, 0xbe, 0x06
|
||||||
|
};
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_EC
|
||||||
|
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
|
||||||
|
index 064794d9bf..b6d5e8e134 100644
|
||||||
|
--- a/providers/fips/self_test_kats.c
|
||||||
|
+++ b/providers/fips/self_test_kats.c
|
||||||
|
@@ -647,14 +647,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
+int REDHAT_FIPS_asym_cipher_st = 0;
|
||||||
|
+
|
||||||
|
static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
|
||||||
|
{
|
||||||
|
int i, ret = 1;
|
||||||
|
|
||||||
|
+ REDHAT_FIPS_asym_cipher_st = 1;
|
||||||
|
+
|
||||||
|
for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) {
|
||||||
|
if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx))
|
||||||
|
ret = 0;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ REDHAT_FIPS_asym_cipher_st = 0;
|
||||||
|
+
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
|
||||||
|
index 00cf65fcd6..83be3d8ede 100644
|
||||||
|
--- a/providers/implementations/asymciphers/rsa_enc.c
|
||||||
|
+++ b/providers/implementations/asymciphers/rsa_enc.c
|
||||||
|
@@ -30,6 +30,9 @@
|
||||||
|
#include "prov/implementations.h"
|
||||||
|
#include "prov/providercommon.h"
|
||||||
|
#include "prov/securitycheck.h"
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+# include "crypto/rsa/rsa_local.h"
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
#include <stdlib.h>
|
||||||
|
|
||||||
|
@@ -75,6 +78,9 @@ typedef struct {
|
||||||
|
/* TLS padding */
|
||||||
|
unsigned int client_version;
|
||||||
|
unsigned int alt_version;
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ char *redhat_st_oaep_seed;
|
||||||
|
+#endif /* FIPS_MODULE */
|
||||||
|
} PROV_RSA_CTX;
|
||||||
|
|
||||||
|
static void *rsa_newctx(void *provctx)
|
||||||
|
@@ -190,12 +196,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
ret =
|
||||||
|
- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf,
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(
|
||||||
|
+#else
|
||||||
|
+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(
|
||||||
|
+#endif
|
||||||
|
+ prsactx->libctx, tbuf,
|
||||||
|
rsasize, in, inlen,
|
||||||
|
prsactx->oaep_label,
|
||||||
|
prsactx->oaep_labellen,
|
||||||
|
prsactx->oaep_md,
|
||||||
|
- prsactx->mgf1_md);
|
||||||
|
+ prsactx->mgf1_md
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ , prsactx->redhat_st_oaep_seed
|
||||||
|
+#endif
|
||||||
|
+ );
|
||||||
|
|
||||||
|
if (!ret) {
|
||||||
|
OPENSSL_free(tbuf);
|
||||||
|
@@ -326,6 +341,9 @@ static void rsa_freectx(void *vprsactx)
|
||||||
|
EVP_MD_free(prsactx->oaep_md);
|
||||||
|
EVP_MD_free(prsactx->mgf1_md);
|
||||||
|
OPENSSL_free(prsactx->oaep_label);
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ OPENSSL_free(prsactx->redhat_st_oaep_seed);
|
||||||
|
+#endif /* FIPS_MODULE */
|
||||||
|
|
||||||
|
OPENSSL_free(prsactx);
|
||||||
|
}
|
||||||
|
@@ -445,6 +463,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||||
|
NULL, 0),
|
||||||
|
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
|
||||||
|
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0),
|
||||||
|
+#endif /* FIPS_MODULE */
|
||||||
|
OSSL_PARAM_END
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -454,6 +475,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
|
||||||
|
return known_gettable_ctx_params;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+extern int REDHAT_FIPS_asym_cipher_st;
|
||||||
|
+#endif /* FIPS_MODULE */
|
||||||
|
+
|
||||||
|
static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
||||||
|
{
|
||||||
|
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
|
||||||
|
@@ -563,6 +588,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
||||||
|
prsactx->oaep_labellen = tmp_labellen;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED);
|
||||||
|
+ if (p != NULL && REDHAT_FIPS_asym_cipher_st) {
|
||||||
|
+ void *tmp_oaep_seed = NULL;
|
||||||
|
+
|
||||||
|
+ if (!OSSL_PARAM_get_octet_string(p, &tmp_oaep_seed, 0, NULL))
|
||||||
|
+ return 0;
|
||||||
|
+ OPENSSL_free(prsactx->redhat_st_oaep_seed);
|
||||||
|
+ prsactx->redhat_st_oaep_seed = (char *)tmp_oaep_seed;
|
||||||
|
+ }
|
||||||
|
+#endif /* FIPS_MODULE */
|
||||||
|
+
|
||||||
|
p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION);
|
||||||
|
if (p != NULL) {
|
||||||
|
unsigned int client_version;
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
@ -0,0 +1,313 @@
|
|||||||
|
From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Fri, 15 Jul 2022 17:45:40 +0200
|
||||||
|
Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test
|
||||||
|
|
||||||
|
In review for FIPS 140-3, the lack of a self-test for the digest_sign
|
||||||
|
and digest_verify provider functions was highlighted as a problem. NIST
|
||||||
|
no longer provides ACVP tests for the RSA SigVer primitive (see
|
||||||
|
https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3
|
||||||
|
recommends the use of functions that compute the digest and signature
|
||||||
|
within the module, we have been advised in our module review that the
|
||||||
|
self tests should also use the combined digest and signature APIs, i.e.
|
||||||
|
the digest_sign and digest_verify provider functions.
|
||||||
|
|
||||||
|
Modify the signature self-test to use these instead by switching to
|
||||||
|
EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to
|
||||||
|
crypto/evp/m_sigver.c to make these functions usable in the FIPS module.
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
---
|
||||||
|
crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------
|
||||||
|
providers/fips/self_test_kats.c | 37 +++++++++++++++-------------
|
||||||
|
2 files changed, 56 insertions(+), 24 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
|
||||||
|
index db1a1d7bc3..c94c3c53bd 100644
|
||||||
|
--- a/crypto/evp/m_sigver.c
|
||||||
|
+++ b/crypto/evp/m_sigver.c
|
||||||
|
@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
|
||||||
|
ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If we get the "NULL" md then the name comes back as "UNDEF". We want to use
|
||||||
|
@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
reinit = 0;
|
||||||
|
if (e == NULL)
|
||||||
|
ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
else
|
||||||
|
ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
}
|
||||||
|
if (ctx->pctx == NULL)
|
||||||
|
return 0;
|
||||||
|
@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
locpctx = ctx->pctx;
|
||||||
|
ERR_set_mark();
|
||||||
|
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
if (evp_pkey_ctx_is_legacy(locpctx))
|
||||||
|
goto legacy;
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
|
||||||
|
/* do not reinitialize if pkey is set or operation is different */
|
||||||
|
if (reinit
|
||||||
|
@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
signature =
|
||||||
|
evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
|
||||||
|
supported_sig, locpctx->propquery);
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
if (signature == NULL)
|
||||||
|
goto legacy;
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (signature == NULL)
|
||||||
|
@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
|
||||||
|
if (ctx->fetched_digest != NULL) {
|
||||||
|
ctx->digest = ctx->reqdigest = ctx->fetched_digest;
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
} else {
|
||||||
|
/* legacy engine support : remove the mark when this is deleted */
|
||||||
|
ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
|
||||||
|
@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
}
|
||||||
|
(void)ERR_pop_to_mark();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
if (ctx->reqdigest != NULL
|
||||||
|
&& !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
|
||||||
|
&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
|
||||||
|
@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
|
||||||
|
if (ver) {
|
||||||
|
if (signature->digest_verify_init == NULL) {
|
||||||
|
@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
EVP_KEYMGMT_free(tmp_keymgmt);
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
legacy:
|
||||||
|
/*
|
||||||
|
* If we don't have the full support we need with provided methods,
|
||||||
|
@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
ctx->pctx->flag_call_digest_custom = 1;
|
||||||
|
|
||||||
|
ret = 1;
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
|
||||||
|
end:
|
||||||
|
#ifndef FIPS_MODULE
|
||||||
|
@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1,
|
||||||
|
NULL);
|
||||||
|
}
|
||||||
|
-#endif /* FIPS_MDOE */
|
||||||
|
|
||||||
|
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
|
||||||
|
{
|
||||||
|
@@ -541,23 +553,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
|
||||||
|
return EVP_DigestUpdate(ctx, data, dsize);
|
||||||
|
}
|
||||||
|
|
||||||
|
-#ifndef FIPS_MODULE
|
||||||
|
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
||||||
|
size_t *siglen)
|
||||||
|
{
|
||||||
|
- int sctx = 0, r = 0;
|
||||||
|
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
|
||||||
|
+ int r = 0;
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
+ int sctx = 0;
|
||||||
|
+ EVP_PKEY_CTX *dctx;
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
+ EVP_PKEY_CTX *pctx = ctx->pctx;
|
||||||
|
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
if (pctx == NULL
|
||||||
|
|| pctx->operation != EVP_PKEY_OP_SIGNCTX
|
||||||
|
|| pctx->op.sig.algctx == NULL
|
||||||
|
|| pctx->op.sig.signature == NULL)
|
||||||
|
goto legacy;
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
|
||||||
|
if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
|
||||||
|
return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
|
||||||
|
sigret, siglen,
|
||||||
|
(siglen == NULL) ? 0 : *siglen);
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
dctx = EVP_PKEY_CTX_dup(pctx);
|
||||||
|
if (dctx == NULL)
|
||||||
|
return 0;
|
||||||
|
@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
||||||
|
sigret, siglen,
|
||||||
|
(siglen == NULL) ? 0 : *siglen);
|
||||||
|
EVP_PKEY_CTX_free(dctx);
|
||||||
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
|
return r;
|
||||||
|
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
legacy:
|
||||||
|
if (pctx == NULL || pctx->pmeth == NULL) {
|
||||||
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
||||||
|
@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
}
|
||||||
|
|
||||||
|
int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
|
||||||
|
@@ -669,21 +690,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
|
||||||
|
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|
||||||
|
size_t siglen)
|
||||||
|
{
|
||||||
|
- unsigned char md[EVP_MAX_MD_SIZE];
|
||||||
|
int r = 0;
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
+ unsigned char md[EVP_MAX_MD_SIZE];
|
||||||
|
unsigned int mdlen = 0;
|
||||||
|
int vctx = 0;
|
||||||
|
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
|
||||||
|
+ EVP_PKEY_CTX *dctx;
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
+ EVP_PKEY_CTX *pctx = ctx->pctx;
|
||||||
|
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
if (pctx == NULL
|
||||||
|
|| pctx->operation != EVP_PKEY_OP_VERIFYCTX
|
||||||
|
|| pctx->op.sig.algctx == NULL
|
||||||
|
|| pctx->op.sig.signature == NULL)
|
||||||
|
goto legacy;
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
|
||||||
|
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
|
||||||
|
return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
|
||||||
|
sig, siglen);
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
dctx = EVP_PKEY_CTX_dup(pctx);
|
||||||
|
if (dctx == NULL)
|
||||||
|
return 0;
|
||||||
|
@@ -691,8 +718,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|
||||||
|
r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx,
|
||||||
|
sig, siglen);
|
||||||
|
EVP_PKEY_CTX_free(dctx);
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
return r;
|
||||||
|
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
legacy:
|
||||||
|
if (pctx == NULL || pctx->pmeth == NULL) {
|
||||||
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
||||||
|
@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|
||||||
|
if (vctx || !r)
|
||||||
|
return r;
|
||||||
|
return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
}
|
||||||
|
|
||||||
|
int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
|
||||||
|
@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
|
||||||
|
return -1;
|
||||||
|
return EVP_DigestVerifyFinal(ctx, sigret, siglen);
|
||||||
|
}
|
||||||
|
-#endif /* FIPS_MODULE */
|
||||||
|
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
|
||||||
|
index b6d5e8e134..77eec075e6 100644
|
||||||
|
--- a/providers/fips/self_test_kats.c
|
||||||
|
+++ b/providers/fips/self_test_kats.c
|
||||||
|
@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
||||||
|
int ret = 0;
|
||||||
|
OSSL_PARAM *params = NULL, *params_sig = NULL;
|
||||||
|
OSSL_PARAM_BLD *bld = NULL;
|
||||||
|
+ EVP_MD *md = NULL;
|
||||||
|
+ EVP_MD_CTX *ctx = NULL;
|
||||||
|
EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
|
||||||
|
EVP_PKEY *pkey = NULL;
|
||||||
|
- unsigned char sig[256];
|
||||||
|
BN_CTX *bnctx = NULL;
|
||||||
|
BIGNUM *K = NULL;
|
||||||
|
+ const char *msg = "Hello World!";
|
||||||
|
+ unsigned char sig[256];
|
||||||
|
size_t siglen = sizeof(sig);
|
||||||
|
static const unsigned char dgst[] = {
|
||||||
|
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
|
||||||
|
@@ -488,23 +491,26 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
||||||
|
|| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
- /* Create a EVP_PKEY_CTX to use for the signing operation */
|
||||||
|
- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
|
||||||
|
- if (sctx == NULL
|
||||||
|
- || EVP_PKEY_sign_init(sctx) <= 0)
|
||||||
|
- goto err;
|
||||||
|
-
|
||||||
|
- /* set signature parameters */
|
||||||
|
- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
|
||||||
|
- t->mdalgorithm,
|
||||||
|
- strlen(t->mdalgorithm) + 1))
|
||||||
|
- goto err;
|
||||||
|
+ /* Create a EVP_MD_CTX to use for the signature operation, assign signature
|
||||||
|
+ * parameters and sign */
|
||||||
|
params_sig = OSSL_PARAM_BLD_to_param(bld);
|
||||||
|
- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
|
||||||
|
+ md = EVP_MD_fetch(libctx, "SHA256", NULL);
|
||||||
|
+ ctx = EVP_MD_CTX_new();
|
||||||
|
+ if (md == NULL || ctx == NULL)
|
||||||
|
+ goto err;
|
||||||
|
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
|
||||||
|
+ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0
|
||||||
|
+ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0
|
||||||
|
+ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0
|
||||||
|
+ || EVP_MD_CTX_reset(ctx) <= 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
|
||||||
|
- || EVP_PKEY_verify_init(sctx) <= 0
|
||||||
|
+ /* sctx is not freed automatically inside the FIPS module */
|
||||||
|
+ EVP_PKEY_CTX_free(sctx);
|
||||||
|
+ sctx = NULL;
|
||||||
|
+
|
||||||
|
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
|
||||||
|
+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0
|
||||||
|
|| EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
@@ -509,14 +510,17 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
OSSL_SELF_TEST_oncorrupt_byte(st, sig);
|
||||||
|
- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
|
||||||
|
+ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0)
|
||||||
|
goto err;
|
||||||
|
ret = 1;
|
||||||
|
err:
|
||||||
|
BN_CTX_free(bnctx);
|
||||||
|
EVP_PKEY_free(pkey);
|
||||||
|
- EVP_PKEY_CTX_free(kctx);
|
||||||
|
+ EVP_MD_free(md);
|
||||||
|
+ EVP_MD_CTX_free(ctx);
|
||||||
|
+ /* sctx is not freed automatically inside the FIPS module */
|
||||||
|
EVP_PKEY_CTX_free(sctx);
|
||||||
|
+ EVP_PKEY_CTX_free(kctx);
|
||||||
|
OSSL_PARAM_free(params);
|
||||||
|
OSSL_PARAM_free(params_sig);
|
||||||
|
OSSL_PARAM_BLD_free(bld);
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
@ -0,0 +1,378 @@
|
|||||||
|
From e385647549c467fe263b68b72dd21bdfb875ee88 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Fri, 22 Jul 2022 17:51:16 +0200
|
||||||
|
Subject: [PATCH 2/2] FIPS: Use FFDHE2048 in self test
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
---
|
||||||
|
providers/fips/self_test_data.inc | 342 +++++++++++++++---------------
|
||||||
|
1 file changed, 172 insertions(+), 170 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
|
||||||
|
index a29cc650b5..1b5623833f 100644
|
||||||
|
--- a/providers/fips/self_test_data.inc
|
||||||
|
+++ b/providers/fips/self_test_data.inc
|
||||||
|
@@ -821,188 +821,190 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] =
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_DH
|
||||||
|
/* DH KAT */
|
||||||
|
+/* RFC7919 FFDHE2048 p */
|
||||||
|
static const unsigned char dh_p[] = {
|
||||||
|
- 0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25,
|
||||||
|
- 0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0,
|
||||||
|
- 0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66,
|
||||||
|
- 0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b,
|
||||||
|
- 0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe,
|
||||||
|
- 0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce,
|
||||||
|
- 0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d,
|
||||||
|
- 0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d,
|
||||||
|
- 0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde,
|
||||||
|
- 0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb,
|
||||||
|
- 0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17,
|
||||||
|
- 0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0,
|
||||||
|
- 0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97,
|
||||||
|
- 0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9,
|
||||||
|
- 0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7,
|
||||||
|
- 0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1,
|
||||||
|
- 0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d,
|
||||||
|
- 0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82,
|
||||||
|
- 0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4,
|
||||||
|
- 0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c,
|
||||||
|
- 0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b,
|
||||||
|
- 0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50,
|
||||||
|
- 0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31,
|
||||||
|
- 0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44,
|
||||||
|
- 0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5,
|
||||||
|
- 0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80,
|
||||||
|
- 0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12,
|
||||||
|
- 0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94,
|
||||||
|
- 0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7,
|
||||||
|
- 0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1,
|
||||||
|
- 0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d,
|
||||||
|
- 0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69
|
||||||
|
-};
|
||||||
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||||
|
+ 0xad, 0xf8, 0x54, 0x58, 0xa2, 0xbb, 0x4a, 0x9a,
|
||||||
|
+ 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1,
|
||||||
|
+ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95,
|
||||||
|
+ 0xa9, 0xe1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xfb,
|
||||||
|
+ 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9,
|
||||||
|
+ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8,
|
||||||
|
+ 0xf6, 0x81, 0xb2, 0x02, 0xae, 0xc4, 0x61, 0x7a,
|
||||||
|
+ 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61,
|
||||||
|
+ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0,
|
||||||
|
+ 0x85, 0x63, 0x65, 0x55, 0x3d, 0xed, 0x1a, 0xf3,
|
||||||
|
+ 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35,
|
||||||
|
+ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77,
|
||||||
|
+ 0xe2, 0xa6, 0x89, 0xda, 0xf3, 0xef, 0xe8, 0x72,
|
||||||
|
+ 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35,
|
||||||
|
+ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a,
|
||||||
|
+ 0xbc, 0x0a, 0xb1, 0x82, 0xb3, 0x24, 0xfb, 0x61,
|
||||||
|
+ 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb,
|
||||||
|
+ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68,
|
||||||
|
+ 0x1d, 0x4f, 0x42, 0xa3, 0xde, 0x39, 0x4d, 0xf4,
|
||||||
|
+ 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19,
|
||||||
|
+ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70,
|
||||||
|
+ 0x9e, 0x02, 0xfc, 0xe1, 0xcd, 0xf7, 0xe2, 0xec,
|
||||||
|
+ 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61,
|
||||||
|
+ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff,
|
||||||
|
+ 0x8e, 0x4f, 0x12, 0x32, 0xee, 0xf2, 0x81, 0x83,
|
||||||
|
+ 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73,
|
||||||
|
+ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05,
|
||||||
|
+ 0xc5, 0x8e, 0xf1, 0x83, 0x7d, 0x16, 0x83, 0xb2,
|
||||||
|
+ 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa,
|
||||||
|
+ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97,
|
||||||
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
||||||
|
+};
|
||||||
|
+/* RFC7919 FFDHE2048 q */
|
||||||
|
static const unsigned char dh_q[] = {
|
||||||
|
- 0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e,
|
||||||
|
- 0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83,
|
||||||
|
- 0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea,
|
||||||
|
- 0x11, 0xac, 0xb5, 0x7d
|
||||||
|
-};
|
||||||
|
+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||||
|
+ 0xd6, 0xfc, 0x2a, 0x2c, 0x51, 0x5d, 0xa5, 0x4d,
|
||||||
|
+ 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
|
||||||
|
+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a,
|
||||||
|
+ 0xd4, 0xf0, 0x9b, 0x20, 0x8a, 0x32, 0x19, 0xfd,
|
||||||
|
+ 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
|
||||||
|
+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec,
|
||||||
|
+ 0x7b, 0x40, 0xd9, 0x01, 0x57, 0x62, 0x30, 0xbd,
|
||||||
|
+ 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
|
||||||
|
+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68,
|
||||||
|
+ 0x42, 0xb1, 0xb2, 0xaa, 0x9e, 0xf6, 0x8d, 0x79,
|
||||||
|
+ 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
|
||||||
|
+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb,
|
||||||
|
+ 0xf1, 0x53, 0x44, 0xed, 0x79, 0xf7, 0xf4, 0x39,
|
||||||
|
+ 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
|
||||||
|
+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd,
|
||||||
|
+ 0x5e, 0x05, 0x58, 0xc1, 0x59, 0x92, 0x7d, 0xb0,
|
||||||
|
+ 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
|
||||||
|
+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34,
|
||||||
|
+ 0x0e, 0xa7, 0xa1, 0x51, 0xef, 0x1c, 0xa6, 0xfa,
|
||||||
|
+ 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
|
||||||
|
+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8,
|
||||||
|
+ 0x4f, 0x01, 0x7e, 0x70, 0xe6, 0xfb, 0xf1, 0x76,
|
||||||
|
+ 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
|
||||||
|
+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff,
|
||||||
|
+ 0xc7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xc1,
|
||||||
|
+ 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
|
||||||
|
+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02,
|
||||||
|
+ 0xe2, 0xc7, 0x78, 0xc1, 0xbe, 0x8b, 0x41, 0xd9,
|
||||||
|
+ 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
|
||||||
|
+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b,
|
||||||
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
||||||
|
+};
|
||||||
|
+/* RFC7919 FFDHE2048 g */
|
||||||
|
static const unsigned char dh_g[] = {
|
||||||
|
- 0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39,
|
||||||
|
- 0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f,
|
||||||
|
- 0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0,
|
||||||
|
- 0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f,
|
||||||
|
- 0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f,
|
||||||
|
- 0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a,
|
||||||
|
- 0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4,
|
||||||
|
- 0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c,
|
||||||
|
- 0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20,
|
||||||
|
- 0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25,
|
||||||
|
- 0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53,
|
||||||
|
- 0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9,
|
||||||
|
- 0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc,
|
||||||
|
- 0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9,
|
||||||
|
- 0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43,
|
||||||
|
- 0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86,
|
||||||
|
- 0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16,
|
||||||
|
- 0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40,
|
||||||
|
- 0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23,
|
||||||
|
- 0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa,
|
||||||
|
- 0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6,
|
||||||
|
- 0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2,
|
||||||
|
- 0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61,
|
||||||
|
- 0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a,
|
||||||
|
- 0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef,
|
||||||
|
- 0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f,
|
||||||
|
- 0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3,
|
||||||
|
- 0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a,
|
||||||
|
- 0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4,
|
||||||
|
- 0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74,
|
||||||
|
- 0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4,
|
||||||
|
- 0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32
|
||||||
|
+ 0x02
|
||||||
|
};
|
||||||
|
static const unsigned char dh_priv[] = {
|
||||||
|
- 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a,
|
||||||
|
- 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70,
|
||||||
|
- 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15,
|
||||||
|
- 0x40, 0xb8, 0xfc, 0xe6
|
||||||
|
+ 0x01, 0xdc, 0x2a, 0xb9, 0x87, 0x71, 0x57, 0x0f,
|
||||||
|
+ 0xcd, 0x93, 0x65, 0x4c, 0xa1, 0xd6, 0x56, 0x6d,
|
||||||
|
+ 0xc5, 0x35, 0xd5, 0xcb, 0x4c, 0xb8, 0xad, 0x8d,
|
||||||
|
+ 0x6c, 0xdc, 0x5d, 0x6e, 0x94
|
||||||
|
};
|
||||||
|
static const unsigned char dh_pub[] = {
|
||||||
|
- 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04,
|
||||||
|
- 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69,
|
||||||
|
- 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59,
|
||||||
|
- 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b,
|
||||||
|
- 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c,
|
||||||
|
- 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21,
|
||||||
|
- 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06,
|
||||||
|
- 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb,
|
||||||
|
- 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2,
|
||||||
|
- 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0,
|
||||||
|
- 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83,
|
||||||
|
- 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90,
|
||||||
|
- 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2,
|
||||||
|
- 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7,
|
||||||
|
- 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0,
|
||||||
|
- 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88,
|
||||||
|
- 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb,
|
||||||
|
- 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a,
|
||||||
|
- 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97,
|
||||||
|
- 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d,
|
||||||
|
- 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf,
|
||||||
|
- 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e,
|
||||||
|
- 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f,
|
||||||
|
- 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d,
|
||||||
|
- 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1,
|
||||||
|
- 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c,
|
||||||
|
- 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47,
|
||||||
|
- 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e,
|
||||||
|
- 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f,
|
||||||
|
- 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9,
|
||||||
|
- 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c,
|
||||||
|
- 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3
|
||||||
|
+ 0x00, 0xc4, 0x82, 0x14, 0x69, 0x16, 0x4c, 0x05,
|
||||||
|
+ 0x55, 0x2a, 0x7e, 0x55, 0x6d, 0x02, 0xbb, 0x7f,
|
||||||
|
+ 0xcc, 0x63, 0x74, 0xee, 0xcb, 0xb4, 0x98, 0x43,
|
||||||
|
+ 0x0e, 0x29, 0x43, 0x0d, 0x44, 0xc7, 0xf1, 0x23,
|
||||||
|
+ 0x81, 0xca, 0x1c, 0x5c, 0xc3, 0xff, 0x01, 0x4a,
|
||||||
|
+ 0x1a, 0x03, 0x9e, 0x5f, 0xd1, 0x4e, 0xa0, 0x0b,
|
||||||
|
+ 0xb9, 0x5c, 0x0d, 0xef, 0x14, 0x01, 0x62, 0x3c,
|
||||||
|
+ 0x8a, 0x8e, 0x60, 0xbb, 0x39, 0xd6, 0x38, 0x63,
|
||||||
|
+ 0xb7, 0x65, 0xd0, 0x0b, 0x1a, 0xaf, 0x53, 0x38,
|
||||||
|
+ 0x10, 0x0f, 0x3e, 0xeb, 0x9d, 0x0c, 0x24, 0xf6,
|
||||||
|
+ 0xe3, 0x70, 0x08, 0x8a, 0x4d, 0x01, 0xf8, 0x7a,
|
||||||
|
+ 0x87, 0x49, 0x64, 0x72, 0xb1, 0x75, 0x3b, 0x94,
|
||||||
|
+ 0xc8, 0x09, 0x2d, 0x6a, 0x63, 0xd8, 0x9a, 0x92,
|
||||||
|
+ 0xb9, 0x5b, 0x1a, 0xc3, 0x47, 0x0b, 0x63, 0x44,
|
||||||
|
+ 0x3b, 0xe3, 0xc0, 0x09, 0xc9, 0xf9, 0x02, 0x53,
|
||||||
|
+ 0xd8, 0xfb, 0x06, 0x44, 0xdb, 0xdf, 0xe8, 0x13,
|
||||||
|
+ 0x2b, 0x40, 0x6a, 0xd4, 0x13, 0x4e, 0x52, 0x30,
|
||||||
|
+ 0xd6, 0xc1, 0xd8, 0x59, 0x9d, 0x59, 0xba, 0x1b,
|
||||||
|
+ 0xbf, 0xaa, 0x6f, 0xe9, 0x3d, 0xfd, 0xff, 0x01,
|
||||||
|
+ 0x0b, 0x54, 0xe0, 0x6a, 0x4e, 0x27, 0x2b, 0x3d,
|
||||||
|
+ 0xe8, 0xef, 0xb0, 0xbe, 0x52, 0xc3, 0x52, 0x18,
|
||||||
|
+ 0x6f, 0xa3, 0x27, 0xab, 0x6c, 0x12, 0xc3, 0x81,
|
||||||
|
+ 0xcb, 0xae, 0x23, 0x11, 0xa0, 0x5d, 0xc3, 0x6f,
|
||||||
|
+ 0x23, 0x17, 0x40, 0xb3, 0x05, 0x4f, 0x5d, 0xb7,
|
||||||
|
+ 0x34, 0xbe, 0x87, 0x2c, 0xa9, 0x9e, 0x98, 0x39,
|
||||||
|
+ 0xbf, 0x2e, 0x9d, 0xad, 0x4f, 0x70, 0xad, 0xed,
|
||||||
|
+ 0x1b, 0x5e, 0x47, 0x90, 0x49, 0x2e, 0x61, 0x71,
|
||||||
|
+ 0x5f, 0x07, 0x0b, 0x35, 0x04, 0xfc, 0x53, 0xce,
|
||||||
|
+ 0x58, 0x60, 0x6c, 0x5b, 0x8b, 0xfe, 0x70, 0x04,
|
||||||
|
+ 0x2a, 0x6a, 0x98, 0x0a, 0xd0, 0x80, 0xae, 0x69,
|
||||||
|
+ 0x95, 0xf9, 0x99, 0x18, 0xfc, 0xe4, 0x8e, 0xed,
|
||||||
|
+ 0x61, 0xd9, 0x02, 0x9d, 0x4e, 0x05, 0xe9, 0xf2,
|
||||||
|
+ 0x32
|
||||||
|
};
|
||||||
|
static const unsigned char dh_peer_pub[] = {
|
||||||
|
- 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a,
|
||||||
|
- 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d,
|
||||||
|
- 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58,
|
||||||
|
- 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32,
|
||||||
|
- 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb,
|
||||||
|
- 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0,
|
||||||
|
- 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0,
|
||||||
|
- 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc,
|
||||||
|
- 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1,
|
||||||
|
- 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e,
|
||||||
|
- 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97,
|
||||||
|
- 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05,
|
||||||
|
- 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3,
|
||||||
|
- 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f,
|
||||||
|
- 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7,
|
||||||
|
- 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1,
|
||||||
|
- 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96,
|
||||||
|
- 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf,
|
||||||
|
- 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22,
|
||||||
|
- 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98,
|
||||||
|
- 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42,
|
||||||
|
- 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c,
|
||||||
|
- 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde,
|
||||||
|
- 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20,
|
||||||
|
- 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22,
|
||||||
|
- 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3,
|
||||||
|
- 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3,
|
||||||
|
- 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2,
|
||||||
|
- 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00,
|
||||||
|
- 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51,
|
||||||
|
- 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f,
|
||||||
|
- 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b
|
||||||
|
+ 0x00, 0xef, 0x15, 0x02, 0xf5, 0x56, 0xa3, 0x79,
|
||||||
|
+ 0x40, 0x58, 0xbc, 0xeb, 0x56, 0xad, 0xcb, 0xda,
|
||||||
|
+ 0x8c, 0xda, 0xb8, 0xd1, 0xda, 0x6f, 0x25, 0x29,
|
||||||
|
+ 0x9e, 0x43, 0x76, 0x2d, 0xb2, 0xd8, 0xbc, 0x84,
|
||||||
|
+ 0xbc, 0x85, 0xd0, 0x94, 0x8d, 0x44, 0x27, 0x57,
|
||||||
|
+ 0xe4, 0xdf, 0xc1, 0x78, 0x42, 0x8f, 0x08, 0xf5,
|
||||||
|
+ 0x74, 0xfe, 0x02, 0x56, 0xd2, 0x09, 0xc8, 0x68,
|
||||||
|
+ 0xef, 0xed, 0x18, 0xc9, 0xfd, 0x2e, 0x95, 0x6c,
|
||||||
|
+ 0xba, 0x6c, 0x00, 0x0e, 0xf5, 0xd1, 0x1b, 0xf6,
|
||||||
|
+ 0x15, 0x14, 0x5b, 0x67, 0x22, 0x7c, 0x6a, 0x20,
|
||||||
|
+ 0x76, 0x43, 0x51, 0xef, 0x5e, 0x1e, 0xf9, 0x2d,
|
||||||
|
+ 0xd6, 0xb4, 0xc5, 0xc6, 0x18, 0x33, 0xd1, 0xa3,
|
||||||
|
+ 0x3b, 0xe6, 0xdd, 0x57, 0x9d, 0xad, 0x13, 0x7a,
|
||||||
|
+ 0x53, 0xde, 0xb3, 0x97, 0xc0, 0x7e, 0xd7, 0x77,
|
||||||
|
+ 0x6b, 0xf8, 0xbd, 0x13, 0x70, 0x8c, 0xba, 0x73,
|
||||||
|
+ 0x80, 0xb3, 0x80, 0x6f, 0xfb, 0x1c, 0xda, 0x53,
|
||||||
|
+ 0x4d, 0x3c, 0x8a, 0x2e, 0xa1, 0x37, 0xce, 0xb1,
|
||||||
|
+ 0xde, 0x45, 0x97, 0x58, 0x65, 0x4d, 0xcf, 0x05,
|
||||||
|
+ 0xbb, 0xc3, 0xd7, 0x38, 0x6d, 0x0a, 0x59, 0x7a,
|
||||||
|
+ 0x99, 0x15, 0xb7, 0x9a, 0x3d, 0xfd, 0x61, 0xe5,
|
||||||
|
+ 0x1a, 0xa2, 0xcc, 0xf6, 0xfe, 0xb1, 0xee, 0xe9,
|
||||||
|
+ 0xa9, 0xe2, 0xeb, 0x06, 0xbc, 0x14, 0x6e, 0x91,
|
||||||
|
+ 0x0d, 0xf1, 0xe3, 0xbb, 0xe0, 0x7e, 0x1d, 0x31,
|
||||||
|
+ 0x79, 0xf1, 0x6d, 0x5f, 0xcb, 0xaf, 0xb2, 0x4f,
|
||||||
|
+ 0x22, 0x12, 0xbf, 0x72, 0xbd, 0xd0, 0x30, 0xe4,
|
||||||
|
+ 0x1c, 0x35, 0x96, 0x61, 0x98, 0x39, 0xfb, 0x7e,
|
||||||
|
+ 0x6d, 0x66, 0xc4, 0x69, 0x41, 0x0d, 0x0d, 0x59,
|
||||||
|
+ 0xbb, 0xa7, 0xbf, 0x34, 0xe0, 0x39, 0x36, 0x84,
|
||||||
|
+ 0x5e, 0x0e, 0x03, 0x2d, 0xcf, 0xaa, 0x02, 0x8a,
|
||||||
|
+ 0xba, 0x59, 0x88, 0x47, 0xc4, 0x4d, 0xd7, 0xbd,
|
||||||
|
+ 0x78, 0x76, 0x24, 0xf1, 0x45, 0x56, 0x44, 0xc2,
|
||||||
|
+ 0x4a, 0xc2, 0xd5, 0x3a, 0x59, 0x40, 0xab, 0x87,
|
||||||
|
+ 0x64
|
||||||
|
};
|
||||||
|
|
||||||
|
static const unsigned char dh_secret_expected[] = {
|
||||||
|
- 0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a,
|
||||||
|
- 0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a,
|
||||||
|
- 0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c,
|
||||||
|
- 0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe,
|
||||||
|
- 0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2,
|
||||||
|
- 0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21,
|
||||||
|
- 0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53,
|
||||||
|
- 0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd,
|
||||||
|
- 0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87,
|
||||||
|
- 0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4,
|
||||||
|
- 0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d,
|
||||||
|
- 0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd,
|
||||||
|
- 0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33,
|
||||||
|
- 0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe,
|
||||||
|
- 0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a,
|
||||||
|
- 0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73,
|
||||||
|
- 0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad,
|
||||||
|
- 0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0,
|
||||||
|
- 0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79,
|
||||||
|
- 0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9,
|
||||||
|
- 0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2,
|
||||||
|
- 0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6,
|
||||||
|
- 0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae,
|
||||||
|
- 0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57,
|
||||||
|
- 0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a,
|
||||||
|
- 0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63,
|
||||||
|
- 0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9,
|
||||||
|
- 0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86,
|
||||||
|
- 0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5,
|
||||||
|
- 0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00,
|
||||||
|
- 0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52,
|
||||||
|
- 0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6
|
||||||
|
+ 0x56, 0x13, 0xe3, 0x12, 0x6b, 0x5f, 0x67, 0xe5,
|
||||||
|
+ 0x08, 0xe5, 0x35, 0x0e, 0x11, 0x90, 0x9d, 0xf5,
|
||||||
|
+ 0x1a, 0x24, 0xfa, 0x42, 0xd1, 0x4a, 0x50, 0x93,
|
||||||
|
+ 0x5b, 0xf4, 0x11, 0x6f, 0xd0, 0xc3, 0xc5, 0xa5,
|
||||||
|
+ 0x80, 0xae, 0x01, 0x3d, 0x66, 0x92, 0xc0, 0x3e,
|
||||||
|
+ 0x5f, 0xe9, 0x75, 0xb6, 0x5b, 0x37, 0x82, 0x39,
|
||||||
|
+ 0x72, 0x66, 0x0b, 0xa2, 0x73, 0x94, 0xe5, 0x04,
|
||||||
|
+ 0x7c, 0x0c, 0x19, 0x9a, 0x03, 0x53, 0xc4, 0x9d,
|
||||||
|
+ 0xc1, 0x0f, 0xc3, 0xec, 0x0e, 0x2e, 0xa3, 0x7c,
|
||||||
|
+ 0x07, 0x0e, 0xaf, 0x18, 0x1d, 0xc7, 0x8b, 0x47,
|
||||||
|
+ 0x4b, 0x94, 0x05, 0x6d, 0xec, 0xdd, 0xa1, 0xae,
|
||||||
|
+ 0x7b, 0x21, 0x86, 0x53, 0xd3, 0x62, 0x38, 0x08,
|
||||||
|
+ 0xea, 0xda, 0xdc, 0xb2, 0x5a, 0x7c, 0xef, 0x19,
|
||||||
|
+ 0xf8, 0x29, 0xef, 0xf8, 0xd0, 0xfb, 0xde, 0xe8,
|
||||||
|
+ 0xb8, 0x2f, 0xb3, 0xa1, 0x16, 0xa2, 0xd0, 0x8f,
|
||||||
|
+ 0x48, 0xdc, 0x7d, 0xcb, 0xee, 0x5c, 0x06, 0x1e,
|
||||||
|
+ 0x2a, 0x66, 0xe8, 0x1f, 0xdb, 0x18, 0xe9, 0xd2,
|
||||||
|
+ 0xfd, 0xa2, 0x4e, 0x39, 0xa3, 0x2e, 0x88, 0x3d,
|
||||||
|
+ 0x7d, 0xac, 0x15, 0x18, 0x25, 0xe6, 0xba, 0xd4,
|
||||||
|
+ 0x0e, 0x89, 0x26, 0x60, 0x8f, 0xdc, 0x4a, 0xb4,
|
||||||
|
+ 0x49, 0x8f, 0x98, 0xe8, 0x62, 0x8c, 0xc6, 0x66,
|
||||||
|
+ 0x20, 0x4c, 0xe1, 0xed, 0xfc, 0x01, 0x88, 0x46,
|
||||||
|
+ 0xa7, 0x67, 0x48, 0x39, 0xc5, 0x22, 0x95, 0xa0,
|
||||||
|
+ 0x23, 0xb9, 0xd1, 0xed, 0x87, 0xcf, 0xa7, 0x70,
|
||||||
|
+ 0x1c, 0xac, 0xd3, 0xaf, 0x5c, 0x26, 0x50, 0x3c,
|
||||||
|
+ 0xe4, 0x23, 0xb6, 0xcc, 0xd7, 0xc5, 0xda, 0x2f,
|
||||||
|
+ 0xf4, 0x45, 0xf1, 0xe4, 0x40, 0xb5, 0x0a, 0x25,
|
||||||
|
+ 0x86, 0xe6, 0xde, 0x11, 0x3c, 0x46, 0x16, 0xbc,
|
||||||
|
+ 0x41, 0xc2, 0x28, 0x19, 0x81, 0x5a, 0x46, 0x02,
|
||||||
|
+ 0x87, 0xd0, 0x15, 0x0c, 0xd2, 0xfe, 0x75, 0x04,
|
||||||
|
+ 0x82, 0xd2, 0x0a, 0xb7, 0xbc, 0xc5, 0x6c, 0xb1,
|
||||||
|
+ 0x41, 0xa8, 0x2b, 0x28, 0xbb, 0x86, 0x0c, 0x89
|
||||||
|
};
|
||||||
|
|
||||||
|
static const ST_KAT_PARAM dh_group[] = {
|
||||||
|
--
|
||||||
|
2.35.3
|
||||||
|
|
@ -0,0 +1,129 @@
|
|||||||
|
diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c
|
||||||
|
--- openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsrand 2022-08-03 11:09:01.301637515 +0200
|
||||||
|
+++ openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c 2022-08-03 11:13:00.058688605 +0200
|
||||||
|
@@ -48,6 +48,8 @@
|
||||||
|
# include <fcntl.h>
|
||||||
|
# include <unistd.h>
|
||||||
|
# include <sys/time.h>
|
||||||
|
+# include <sys/random.h>
|
||||||
|
+# include <openssl/evp.h>
|
||||||
|
|
||||||
|
static uint64_t get_time_stamp(void);
|
||||||
|
static uint64_t get_timer_bits(void);
|
||||||
|
@@ -342,66 +342,8 @@ static ssize_t syscall_random(void *buf,
|
||||||
|
* which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
|
||||||
|
* between size_t and ssize_t is safe even without a range check.
|
||||||
|
*/
|
||||||
|
-
|
||||||
|
- /*
|
||||||
|
- * Do runtime detection to find getentropy().
|
||||||
|
- *
|
||||||
|
- * Known OSs that should support this:
|
||||||
|
- * - Darwin since 16 (OSX 10.12, IOS 10.0).
|
||||||
|
- * - Solaris since 11.3
|
||||||
|
- * - OpenBSD since 5.6
|
||||||
|
- * - Linux since 3.17 with glibc 2.25
|
||||||
|
- * - FreeBSD since 12.0 (1200061)
|
||||||
|
- *
|
||||||
|
- * Note: Sometimes getentropy() can be provided but not implemented
|
||||||
|
- * internally. So we need to check errno for ENOSYS
|
||||||
|
- */
|
||||||
|
-# if !defined(__DragonFly__) && !defined(__NetBSD__)
|
||||||
|
-# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
|
||||||
|
- extern int getentropy(void *buffer, size_t length) __attribute__((weak));
|
||||||
|
-
|
||||||
|
- if (getentropy != NULL) {
|
||||||
|
- if (getentropy(buf, buflen) == 0)
|
||||||
|
- return (ssize_t)buflen;
|
||||||
|
- if (errno != ENOSYS)
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
-# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM)
|
||||||
|
-
|
||||||
|
- if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
|
||||||
|
- return (ssize_t)buflen;
|
||||||
|
-
|
||||||
|
- return -1;
|
||||||
|
-# else
|
||||||
|
- union {
|
||||||
|
- void *p;
|
||||||
|
- int (*f)(void *buffer, size_t length);
|
||||||
|
- } p_getentropy;
|
||||||
|
-
|
||||||
|
- /*
|
||||||
|
- * We could cache the result of the lookup, but we normally don't
|
||||||
|
- * call this function often.
|
||||||
|
- */
|
||||||
|
- ERR_set_mark();
|
||||||
|
- p_getentropy.p = DSO_global_lookup("getentropy");
|
||||||
|
- ERR_pop_to_mark();
|
||||||
|
- if (p_getentropy.p != NULL)
|
||||||
|
- return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
||||||
|
-# endif
|
||||||
|
-# endif /* !__DragonFly__ */
|
||||||
|
-
|
||||||
|
- /* Linux supports this since version 3.17 */
|
||||||
|
-# if defined(__linux) && defined(__NR_getrandom)
|
||||||
|
- return syscall(__NR_getrandom, buf, buflen, 0);
|
||||||
|
-# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
||||||
|
- return sysctl_random(buf, buflen);
|
||||||
|
-# elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \
|
||||||
|
- || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000)
|
||||||
|
- return getrandom(buf, buflen, 0);
|
||||||
|
-# else
|
||||||
|
- errno = ENOSYS;
|
||||||
|
- return -1;
|
||||||
|
-# endif
|
||||||
|
+ /* Red Hat uses downstream patch to always seed from getrandom() */
|
||||||
|
+ return EVP_default_properties_is_fips_enabled(NULL) ? getrandom(buf, buflen, GRND_RANDOM) : getrandom(buf, buflen, 0);
|
||||||
|
}
|
||||||
|
# endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
|
||||||
|
|
||||||
|
diff -up openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand openssl-3.0.1/providers/implementations/rands/drbg.c
|
||||||
|
--- openssl-3.0.1/providers/implementations/rands/drbg.c.fipsrand 2022-08-03 12:14:39.409370134 +0200
|
||||||
|
+++ openssl-3.0.1/providers/implementations/rands/drbg.c 2022-08-03 12:19:06.320700346 +0200
|
||||||
|
@@ -575,6 +575,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drb
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ prediction_resistance = 1;
|
||||||
|
+#endif
|
||||||
|
/* Reseed using our sources in addition */
|
||||||
|
entropylen = get_entropy(drbg, &entropy, drbg->strength,
|
||||||
|
drbg->min_entropylen, drbg->max_entropylen,
|
||||||
|
diff -up openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand openssl-3.0.1/crypto/rand/prov_seed.c
|
||||||
|
--- openssl-3.0.1/crypto/rand/prov_seed.c.fipsrand 2022-08-04 12:17:52.148556301 +0200
|
||||||
|
+++ openssl-3.0.1/crypto/rand/prov_seed.c 2022-08-04 12:19:41.783533552 +0200
|
||||||
|
@@ -20,7 +20,14 @@ size_t ossl_rand_get_entropy(ossl_unused
|
||||||
|
size_t entropy_available;
|
||||||
|
RAND_POOL *pool;
|
||||||
|
|
||||||
|
- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
|
||||||
|
+ /*
|
||||||
|
+ * OpenSSL still implements an internal entropy pool of
|
||||||
|
+ * some size that is hashed to get seed data.
|
||||||
|
+ * Note that this is a conditioning step for which SP800-90C requires
|
||||||
|
+ * 64 additional bits from the entropy source to claim the requested
|
||||||
|
+ * amount of entropy.
|
||||||
|
+ */
|
||||||
|
+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len);
|
||||||
|
if (pool == NULL) {
|
||||||
|
ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
|
||||||
|
return 0;
|
||||||
|
diff -up openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand openssl-3.0.1/providers/implementations/rands/crngt.c
|
||||||
|
--- openssl-3.0.1/providers/implementations/rands/crngt.c.fipsrand 2022-08-04 11:56:10.100950299 +0200
|
||||||
|
+++ openssl-3.0.1/providers/implementations/rands/crngt.c 2022-08-04 11:59:11.241564925 +0200
|
||||||
|
@@ -139,7 +139,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG
|
||||||
|
* to the nearest byte. If the entropy is of less than full quality,
|
||||||
|
* the amount required should be scaled up appropriately here.
|
||||||
|
*/
|
||||||
|
- bytes_needed = (entropy + 7) / 8;
|
||||||
|
+ /*
|
||||||
|
+ * FIPS 140-3: the yet draft SP800-90C requires requested entropy
|
||||||
|
+ * + 128 bits during initial seeding
|
||||||
|
+ */
|
||||||
|
+ bytes_needed = (entropy + 128 + 7) / 8;
|
||||||
|
if (bytes_needed < min_len)
|
||||||
|
bytes_needed = min_len;
|
||||||
|
if (bytes_needed > max_len)
|
@ -0,0 +1,76 @@
|
|||||||
|
diff -up openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero openssl-3.0.1/crypto/ffc/ffc_params.c
|
||||||
|
--- openssl-3.0.1/crypto/ffc/ffc_params.c.fipszero 2022-08-05 13:11:27.211413931 +0200
|
||||||
|
+++ openssl-3.0.1/crypto/ffc/ffc_params.c 2022-08-05 13:11:34.151475891 +0200
|
||||||
|
@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *pa
|
||||||
|
|
||||||
|
void ossl_ffc_params_cleanup(FFC_PARAMS *params)
|
||||||
|
{
|
||||||
|
- BN_free(params->p);
|
||||||
|
- BN_free(params->q);
|
||||||
|
- BN_free(params->g);
|
||||||
|
- BN_free(params->j);
|
||||||
|
+ BN_clear_free(params->p);
|
||||||
|
+ BN_clear_free(params->q);
|
||||||
|
+ BN_clear_free(params->g);
|
||||||
|
+ BN_clear_free(params->j);
|
||||||
|
OPENSSL_free(params->seed);
|
||||||
|
ossl_ffc_params_init(params);
|
||||||
|
}
|
||||||
|
diff -up openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero openssl-3.0.1/crypto/rsa/rsa_lib.c
|
||||||
|
--- openssl-3.0.1/crypto/rsa/rsa_lib.c.fipszero 2022-08-05 13:08:31.875848536 +0200
|
||||||
|
+++ openssl-3.0.1/crypto/rsa/rsa_lib.c 2022-08-05 13:09:35.438416025 +0200
|
||||||
|
@@ -155,8 +155,8 @@ void RSA_free(RSA *r)
|
||||||
|
|
||||||
|
CRYPTO_THREAD_lock_free(r->lock);
|
||||||
|
|
||||||
|
- BN_free(r->n);
|
||||||
|
- BN_free(r->e);
|
||||||
|
+ BN_clear_free(r->n);
|
||||||
|
+ BN_clear_free(r->e);
|
||||||
|
BN_clear_free(r->d);
|
||||||
|
BN_clear_free(r->p);
|
||||||
|
BN_clear_free(r->q);
|
||||||
|
diff -up openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero openssl-3.0.1/providers/implementations/kdfs/hkdf.c
|
||||||
|
--- openssl-3.0.1/providers/implementations/kdfs/hkdf.c.fipszero 2022-08-05 13:14:58.827303241 +0200
|
||||||
|
+++ openssl-3.0.1/providers/implementations/kdfs/hkdf.c 2022-08-05 13:16:24.530068399 +0200
|
||||||
|
@@ -116,7 +116,7 @@ static void kdf_hkdf_reset(void *vctx)
|
||||||
|
void *provctx = ctx->provctx;
|
||||||
|
|
||||||
|
ossl_prov_digest_reset(&ctx->digest);
|
||||||
|
- OPENSSL_free(ctx->salt);
|
||||||
|
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
|
||||||
|
OPENSSL_free(ctx->prefix);
|
||||||
|
OPENSSL_free(ctx->label);
|
||||||
|
OPENSSL_clear_free(ctx->data, ctx->data_len);
|
||||||
|
diff -up openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c
|
||||||
|
--- openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c.fipszero 2022-08-05 13:12:40.552068717 +0200
|
||||||
|
+++ openssl-3.0.1/providers/implementations/kdfs/pbkdf2.c 2022-08-05 13:13:34.324548799 +0200
|
||||||
|
@@ -83,7 +83,7 @@ static void *kdf_pbkdf2_new(void *provct
|
||||||
|
static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx)
|
||||||
|
{
|
||||||
|
ossl_prov_digest_reset(&ctx->digest);
|
||||||
|
- OPENSSL_free(ctx->salt);
|
||||||
|
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
|
||||||
|
OPENSSL_clear_free(ctx->pass, ctx->pass_len);
|
||||||
|
memset(ctx, 0, sizeof(*ctx));
|
||||||
|
}
|
||||||
|
diff -up openssl-3.0.1/crypto/ec/ec_lib.c.fipszero openssl-3.0.1/crypto/ec/ec_lib.c
|
||||||
|
--- openssl-3.0.1/crypto/ec/ec_lib.c.fipszero 2022-08-05 13:48:32.221345774 +0200
|
||||||
|
+++ openssl-3.0.1/crypto/ec/ec_lib.c 2022-08-05 13:49:16.138741452 +0200
|
||||||
|
@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *g
|
||||||
|
|
||||||
|
void EC_POINT_free(EC_POINT *point)
|
||||||
|
{
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ EC_POINT_clear_free(point);
|
||||||
|
+#else
|
||||||
|
if (point == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
|
if (point->meth->point_finish != 0)
|
||||||
|
point->meth->point_finish(point);
|
||||||
|
OPENSSL_free(point);
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
void EC_POINT_clear_free(EC_POINT *point)
|
@ -0,0 +1,119 @@
|
|||||||
|
From c4b086fc4de06128695e1fe428f56d776d25e748 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Thu, 11 Aug 2022 09:27:12 +0200
|
||||||
|
Subject: [PATCH] Add FIPS indicator parameter to HKDF
|
||||||
|
|
||||||
|
NIST considers HKDF only acceptable when used as in TLS 1.3, and
|
||||||
|
otherwise unapproved. Add an explicit indicator attached to the
|
||||||
|
EVP_KDF_CTX that can be queried using EVP_KDF_CTX_get_params() to
|
||||||
|
determine whether the KDF operation was approved after performing it.
|
||||||
|
|
||||||
|
Related: rhbz#2114772
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
---
|
||||||
|
include/openssl/core_names.h | 1 +
|
||||||
|
include/openssl/kdf.h | 4 ++
|
||||||
|
providers/implementations/kdfs/hkdf.c | 53 +++++++++++++++++++++++++++
|
||||||
|
3 files changed, 58 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
||||||
|
index 21c94d0488..87786680d7 100644
|
||||||
|
--- a/include/openssl/core_names.h
|
||||||
|
+++ b/include/openssl/core_names.h
|
||||||
|
@@ -223,6 +223,7 @@ extern "C" {
|
||||||
|
#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
|
||||||
|
#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
|
||||||
|
#define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
|
||||||
|
+#define OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR "hkdf-fips-indicator"
|
||||||
|
|
||||||
|
/* Known KDF names */
|
||||||
|
#define OSSL_KDF_NAME_HKDF "HKDF"
|
||||||
|
diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
|
||||||
|
index 0983230a48..869f23d8fb 100644
|
||||||
|
--- a/include/openssl/kdf.h
|
||||||
|
+++ b/include/openssl/kdf.h
|
||||||
|
@@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *kdf,
|
||||||
|
# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1
|
||||||
|
# define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2
|
||||||
|
|
||||||
|
+# define EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED 0
|
||||||
|
+# define EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED 1
|
||||||
|
+# define EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED 2
|
||||||
|
+
|
||||||
|
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65
|
||||||
|
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66
|
||||||
|
#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
|
||||||
|
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
|
||||||
|
index afdb7138e1..9d28d292d8 100644
|
||||||
|
--- a/providers/implementations/kdfs/hkdf.c
|
||||||
|
+++ b/providers/implementations/kdfs/hkdf.c
|
||||||
|
@@ -298,6 +298,56 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
||||||
|
return 0;
|
||||||
|
return OSSL_PARAM_set_size_t(p, sz);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if ((p = OSSL_PARAM_locate(params,
|
||||||
|
+ OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR)) != NULL) {
|
||||||
|
+ int fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED;
|
||||||
|
+ switch (ctx->mode) {
|
||||||
|
+ case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
|
||||||
|
+ /* TLS 1.3 never uses extract-and-expand */
|
||||||
|
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
|
+ break;
|
||||||
|
+ case EVP_KDF_HKDF_MODE_EXTRACT_ONLY:
|
||||||
|
+ {
|
||||||
|
+ /* When TLS 1.3 uses extract, the following holds:
|
||||||
|
+ * 1. The salt length matches the hash length, and either
|
||||||
|
+ * 2.1. the key is all zeroes and matches the hash length, or
|
||||||
|
+ * 2.2. the key originates from a PSK (resumption_master_secret
|
||||||
|
+ * or some externally esablished key), or an ECDH or DH key
|
||||||
|
+ * derivation. See
|
||||||
|
+ * https://www.rfc-editor.org/rfc/rfc8446#section-7.1.
|
||||||
|
+ * Unfortunately at this point, we cannot verify where the key
|
||||||
|
+ * comes from, so all we can do is check the salt length.
|
||||||
|
+ */
|
||||||
|
+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
|
||||||
|
+ if (md != NULL && ctx->salt_len == EVP_MD_get_size(md))
|
||||||
|
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED;
|
||||||
|
+ else
|
||||||
|
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ case EVP_KDF_HKDF_MODE_EXPAND_ONLY:
|
||||||
|
+ /* When TLS 1.3 uses expand, it always provides a label that
|
||||||
|
+ * contains an uint16 for the length, followed by between 7 and 255
|
||||||
|
+ * bytes for a label string that starts with "tls13 " or "dtls13".
|
||||||
|
+ * For compatibility with future versions, we only check for "tls"
|
||||||
|
+ * or "dtls". See
|
||||||
|
+ * https://www.rfc-editor.org/rfc/rfc8446#section-7.1 and
|
||||||
|
+ * https://www.rfc-editor.org/rfc/rfc9147#section-5.9. */
|
||||||
|
+ if (ctx->label != NULL
|
||||||
|
+ && ctx->label_len >= 2 /* length */ + 4 /* "dtls" */
|
||||||
|
+ && (strncmp("tls", (const char *)ctx->label + 2, 3) == 0 ||
|
||||||
|
+ strncmp("dtls", (const char *)ctx->label + 2, 4) == 0))
|
||||||
|
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED;
|
||||||
|
+ else
|
||||||
|
+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ return OSSL_PARAM_set_int(p, fips_indicator);
|
||||||
|
+ }
|
||||||
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
|
+
|
||||||
|
return -2;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -306,6 +356,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
|
||||||
|
{
|
||||||
|
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||||
|
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ OSSL_PARAM_int(OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR, NULL),
|
||||||
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
|
OSSL_PARAM_END
|
||||||
|
};
|
||||||
|
return known_gettable_ctx_params;
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
Loading…
Reference in new issue