pool/openssl-1_1
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 681494 from security:tls

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/681494
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-1_1?expand=0&rev=6
This commit is contained in:
Dominique Leuenberger 2019-05-16 19:54:39 +00:00 committed by Git OBS Bridge
commit 6fa52bddfa
48 changed files with 5380 additions and 16651 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

955
0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
View File

@ -1,955 +0,0 @@
From fd708c2242408187cff392e8b0850275ac99376f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
Date: Sun, 4 May 2014 23:36:54 -0400
Subject: [PATCH] Axe builtin printf implementation, use glibc instead
Index: openssl-1.1.0h/crypto/bio/b_print.c
===================================================================
--- openssl-1.1.0h.orig/crypto/bio/b_print.c 2018-03-27 15:50:37.000000000 +0200
+++ openssl-1.1.0h/crypto/bio/b_print.c 2018-03-27 16:31:15.425784205 +0200
@@ -21,830 +21,6 @@
* on all source code distributions.
*/
-#ifdef HAVE_LONG_DOUBLE
-# define LDOUBLE long double
-#else
-# define LDOUBLE double
-#endif
-
-static int fmtstr(char **, char **, size_t *, size_t *,
- const char *, int, int, int);
-static int fmtint(char **, char **, size_t *, size_t *,
- int64_t, int, int, int, int);
-static int fmtfp(char **, char **, size_t *, size_t *,
- LDOUBLE, int, int, int, int);
-static int doapr_outch(char **, char **, size_t *, size_t *, int);
-static int _dopr(char **sbuffer, char **buffer,
- size_t *maxlen, size_t *retlen, int *truncated,
- const char *format, va_list args);
-
-/* format read states */
-#define DP_S_DEFAULT 0
-#define DP_S_FLAGS 1
-#define DP_S_MIN 2
-#define DP_S_DOT 3
-#define DP_S_MAX 4
-#define DP_S_MOD 5
-#define DP_S_CONV 6
-#define DP_S_DONE 7
-
-/* format flags - Bits */
-/* left-aligned padding */
-#define DP_F_MINUS (1 << 0)
-/* print an explicit '+' for a value with positive sign */
-#define DP_F_PLUS (1 << 1)
-/* print an explicit ' ' for a value with positive sign */
-#define DP_F_SPACE (1 << 2)
-/* print 0/0x prefix for octal/hex and decimal point for floating point */
-#define DP_F_NUM (1 << 3)
-/* print leading zeroes */
-#define DP_F_ZERO (1 << 4)
-/* print HEX in UPPPERcase */
-#define DP_F_UP (1 << 5)
-/* treat value as unsigned */
-#define DP_F_UNSIGNED (1 << 6)
-
-/* conversion flags */
-#define DP_C_SHORT 1
-#define DP_C_LONG 2
-#define DP_C_LDOUBLE 3
-#define DP_C_LLONG 4
-
-/* Floating point formats */
-#define F_FORMAT 0
-#define E_FORMAT 1
-#define G_FORMAT 2
-
-/* some handy macros */
-#define char_to_int(p) (p - '0')
-#define OSSL_MAX(p,q) ((p >= q) ? p : q)
-
-static int
-_dopr(char **sbuffer,
- char **buffer,
- size_t *maxlen,
- size_t *retlen, int *truncated, const char *format, va_list args)
-{
- char ch;
- int64_t value;
- LDOUBLE fvalue;
- char *strvalue;
- int min;
- int max;
- int state;
- int flags;
- int cflags;
- size_t currlen;
-
- state = DP_S_DEFAULT;
- flags = currlen = cflags = min = 0;
- max = -1;
- ch = *format++;
-
- while (state != DP_S_DONE) {
- if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))
- state = DP_S_DONE;
-
- switch (state) {
- case DP_S_DEFAULT:
- if (ch == '%')
- state = DP_S_FLAGS;
- else
- if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
- return 0;
- ch = *format++;
- break;
- case DP_S_FLAGS:
- switch (ch) {
- case '-':
- flags |= DP_F_MINUS;
- ch = *format++;
- break;
- case '+':
- flags |= DP_F_PLUS;
- ch = *format++;
- break;
- case ' ':
- flags |= DP_F_SPACE;
- ch = *format++;
- break;
- case '#':
- flags |= DP_F_NUM;
- ch = *format++;
- break;
- case '0':
- flags |= DP_F_ZERO;
- ch = *format++;
- break;
- default:
- state = DP_S_MIN;
- break;
- }
- break;
- case DP_S_MIN:
- if (isdigit((unsigned char)ch)) {
- min = 10 * min + char_to_int(ch);
- ch = *format++;
- } else if (ch == '*') {
- min = va_arg(args, int);
- ch = *format++;
- state = DP_S_DOT;
- } else
- state = DP_S_DOT;
- break;
- case DP_S_DOT:
- if (ch == '.') {
- state = DP_S_MAX;
- ch = *format++;
- } else
- state = DP_S_MOD;
- break;
- case DP_S_MAX:
- if (isdigit((unsigned char)ch)) {
- if (max < 0)
- max = 0;
- max = 10 * max + char_to_int(ch);
- ch = *format++;
- } else if (ch == '*') {
- max = va_arg(args, int);
- ch = *format++;
- state = DP_S_MOD;
- } else
- state = DP_S_MOD;
- break;
- case DP_S_MOD:
- switch (ch) {
- case 'h':
- cflags = DP_C_SHORT;
- ch = *format++;
- break;
- case 'l':
- if (*format == 'l') {
- cflags = DP_C_LLONG;
- format++;
- } else
- cflags = DP_C_LONG;
- ch = *format++;
- break;
- case 'q':
- cflags = DP_C_LLONG;
- ch = *format++;
- break;
- case 'L':
- cflags = DP_C_LDOUBLE;
- ch = *format++;
- break;
- default:
- break;
- }
- state = DP_S_CONV;
- break;
- case DP_S_CONV:
- switch (ch) {
- case 'd':
- case 'i':
- switch (cflags) {
- case DP_C_SHORT:
- value = (short int)va_arg(args, int);
- break;
- case DP_C_LONG:
- value = va_arg(args, long int);
- break;
- case DP_C_LLONG:
- value = va_arg(args, int64_t);
- break;
- default:
- value = va_arg(args, int);
- break;
- }
- if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
- max, flags))
- return 0;
- break;
- case 'X':
- flags |= DP_F_UP;
- /* FALLTHROUGH */
- case 'x':
- case 'o':
- case 'u':
- flags |= DP_F_UNSIGNED;
- switch (cflags) {
- case DP_C_SHORT:
- value = (unsigned short int)va_arg(args, unsigned int);
- break;
- case DP_C_LONG:
- value = va_arg(args, unsigned long int);
- break;
- case DP_C_LLONG:
- value = va_arg(args, uint64_t);
- break;
- default:
- value = va_arg(args, unsigned int);
- break;
- }
- if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
- ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
- min, max, flags))
- return 0;
- break;
- case 'f':
- if (cflags == DP_C_LDOUBLE)
- fvalue = va_arg(args, LDOUBLE);
- else
- fvalue = va_arg(args, double);
- if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
- flags, F_FORMAT))
- return 0;
- break;
- case 'E':
- flags |= DP_F_UP;
- /* fall thru */
- case 'e':
- if (cflags == DP_C_LDOUBLE)
- fvalue = va_arg(args, LDOUBLE);
- else
- fvalue = va_arg(args, double);
- if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
- flags, E_FORMAT))
- return 0;
- break;
- case 'G':
- flags |= DP_F_UP;
- /* fall thru */
- case 'g':
- if (cflags == DP_C_LDOUBLE)
- fvalue = va_arg(args, LDOUBLE);
- else
- fvalue = va_arg(args, double);
- if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
- flags, G_FORMAT))
- return 0;
- break;
- case 'c':
- if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
- va_arg(args, int)))
- return 0;
- break;
- case 's':
- strvalue = va_arg(args, char *);
- if (max < 0) {
- if (buffer)
- max = INT_MAX;
- else
- max = *maxlen;
- }
- if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
- flags, min, max))
- return 0;
- break;
- case 'p':
- value = (size_t)va_arg(args, void *);
- if (!fmtint(sbuffer, buffer, &currlen, maxlen,
- value, 16, min, max, flags | DP_F_NUM))
- return 0;
- break;
- case 'n': /* XXX */
- if (cflags == DP_C_SHORT) {
- short int *num;
- num = va_arg(args, short int *);
- *num = currlen;
- } else if (cflags == DP_C_LONG) { /* XXX */
- long int *num;
- num = va_arg(args, long int *);
- *num = (long int)currlen;
- } else if (cflags == DP_C_LLONG) { /* XXX */
- int64_t *num;
- num = va_arg(args, int64_t *);
- *num = (int64_t)currlen;
- } else {
- int *num;
- num = va_arg(args, int *);
- *num = currlen;
- }
- break;
- case '%':
- if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
- return 0;
- break;
- case 'w':
- /* not supported yet, treat as next char */
- ch = *format++;
- break;
- default:
- /* unknown, skip */
- break;
- }
- ch = *format++;
- state = DP_S_DEFAULT;
- flags = cflags = min = 0;
- max = -1;
- break;
- case DP_S_DONE:
- break;
- default:
- break;
- }
- }
- /*
- * We have to truncate if there is no dynamic buffer and we have filled the
- * static buffer.
- */
- if (buffer == NULL) {
- *truncated = (currlen > *maxlen - 1);
- if (*truncated)
- currlen = *maxlen - 1;
- }
- if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
- return 0;
- *retlen = currlen - 1;
- return 1;
-}
-
-static int
-fmtstr(char **sbuffer,
- char **buffer,
- size_t *currlen,
- size_t *maxlen, const char *value, int flags, int min, int max)
-{
- int padlen;
- size_t strln;
- int cnt = 0;
-
- if (value == 0)
- value = "<NULL>";
-
- strln = OPENSSL_strnlen(value, max < 0 ? SIZE_MAX : (size_t)max);
-
- padlen = min - strln;
- if (min < 0 || padlen < 0)
- padlen = 0;
- if (max >= 0) {
- /*
- * Calculate the maximum output including padding.
- * Make sure max doesn't overflow into negativity
- */
- if (max < INT_MAX - padlen)
- max += padlen;
- else
- max = INT_MAX;
- }
- if (flags & DP_F_MINUS)
- padlen = -padlen;
-
- while ((padlen > 0) && (max < 0 || cnt < max)) {
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
- return 0;
- --padlen;
- ++cnt;
- }
- while (strln > 0 && (max < 0 || cnt < max)) {
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
- return 0;
- --strln;
- ++cnt;
- }
- while ((padlen < 0) && (max < 0 || cnt < max)) {
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
- return 0;
- ++padlen;
- ++cnt;
- }
- return 1;
-}
-
-static int
-fmtint(char **sbuffer,
- char **buffer,
- size_t *currlen,
- size_t *maxlen, int64_t value, int base, int min, int max, int flags)
-{
- int signvalue = 0;
- const char *prefix = "";
- uint64_t uvalue;
- char convert[DECIMAL_SIZE(value) + 3];
- int place = 0;
- int spadlen = 0;
- int zpadlen = 0;
- int caps = 0;
-
- if (max < 0)
- max = 0;
- uvalue = value;
- if (!(flags & DP_F_UNSIGNED)) {
- if (value < 0) {
- signvalue = '-';
- uvalue = 0 - (uint64_t)value;
- } else if (flags & DP_F_PLUS)
- signvalue = '+';
- else if (flags & DP_F_SPACE)
- signvalue = ' ';
- }
- if (flags & DP_F_NUM) {
- if (base == 8)
- prefix = "0";
- if (base == 16)
- prefix = "0x";
- }
- if (flags & DP_F_UP)
- caps = 1;
- do {
- convert[place++] = (caps ? "0123456789ABCDEF" : "0123456789abcdef")
- [uvalue % (unsigned)base];
- uvalue = (uvalue / (unsigned)base);
- } while (uvalue && (place < (int)sizeof(convert)));
- if (place == sizeof(convert))
- place--;
- convert[place] = 0;
-
- zpadlen = max - place;
- spadlen =
- min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
- if (zpadlen < 0)
- zpadlen = 0;
- if (spadlen < 0)
- spadlen = 0;
- if (flags & DP_F_ZERO) {
- zpadlen = OSSL_MAX(zpadlen, spadlen);
- spadlen = 0;
- }
- if (flags & DP_F_MINUS)
- spadlen = -spadlen;
-
- /* spaces */
- while (spadlen > 0) {
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
- return 0;
- --spadlen;
- }
-
- /* sign */
- if (signvalue)
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
- return 0;
-
- /* prefix */
- while (*prefix) {
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
- return 0;
- prefix++;
- }
-
- /* zeros */
- if (zpadlen > 0) {
- while (zpadlen > 0) {
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
- return 0;
- --zpadlen;
- }
- }
- /* digits */
- while (place > 0) {
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
- return 0;
- }
-
- /* left justified spaces */
- while (spadlen < 0) {
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
- return 0;
- ++spadlen;
- }
- return 1;
-}
-
-static LDOUBLE abs_val(LDOUBLE value)
-{
- LDOUBLE result = value;
- if (value < 0)
- result = -value;
- return result;
-}
-
-static LDOUBLE pow_10(int in_exp)
-{
- LDOUBLE result = 1;
- while (in_exp) {
- result *= 10;
- in_exp--;
- }
- return result;
-}
-
-static long roundv(LDOUBLE value)
-{
- long intpart;
- intpart = (long)value;
- value = value - intpart;
- if (value >= 0.5)
- intpart++;
- return intpart;
-}
-
-static int
-fmtfp(char **sbuffer,
- char **buffer,
- size_t *currlen,
- size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags, int style)
-{
- int signvalue = 0;
- LDOUBLE ufvalue;
- LDOUBLE tmpvalue;
- char iconvert[20];
- char fconvert[20];
- char econvert[20];
- int iplace = 0;
- int fplace = 0;
- int eplace = 0;
- int padlen = 0;
- int zpadlen = 0;
- long exp = 0;
- unsigned long intpart;
- unsigned long fracpart;
- unsigned long max10;
- int realstyle;
-
- if (max < 0)
- max = 6;
-
- if (fvalue < 0)
- signvalue = '-';
- else if (flags & DP_F_PLUS)
- signvalue = '+';
- else if (flags & DP_F_SPACE)
- signvalue = ' ';
-
- /*
- * G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT
- * depending on the number to be printed. Work out which one it is and use
- * that from here on.
- */
- if (style == G_FORMAT) {
- if (fvalue == 0.0) {
- realstyle = F_FORMAT;
- } else if (fvalue < 0.0001) {
- realstyle = E_FORMAT;
- } else if ((max == 0 && fvalue >= 10)
- || (max > 0 && fvalue >= pow_10(max))) {
- realstyle = E_FORMAT;
- } else {
- realstyle = F_FORMAT;
- }
- } else {
- realstyle = style;
- }
-
- if (style != F_FORMAT) {
- tmpvalue = fvalue;
- /* Calculate the exponent */
- if (fvalue != 0.0) {
- while (tmpvalue < 1) {
- tmpvalue *= 10;
- exp--;
- }
- while (tmpvalue > 10) {
- tmpvalue /= 10;
- exp++;
- }
- }
- if (style == G_FORMAT) {
- /*
- * In G_FORMAT the "precision" represents significant digits. We
- * always have at least 1 significant digit.
- */
- if (max == 0)
- max = 1;
- /* Now convert significant digits to decimal places */
- if (realstyle == F_FORMAT) {
- max -= (exp + 1);
- if (max < 0) {
- /*
- * Should not happen. If we're in F_FORMAT then exp < max?
- */
- return 0;
- }
- } else {
- /*
- * In E_FORMAT there is always one significant digit in front
- * of the decimal point, so:
- * significant digits == 1 + decimal places
- */
- max--;
- }
- }
- if (realstyle == E_FORMAT)
- fvalue = tmpvalue;
- }
- ufvalue = abs_val(fvalue);
- if (ufvalue > ULONG_MAX) {
- /* Number too big */
- return 0;
- }
- intpart = (unsigned long)ufvalue;
-
- /*
- * sorry, we only support 9 digits past the decimal because of our
- * conversion method
- */
- if (max > 9)
- max = 9;
-
- /*
- * we "cheat" by converting the fractional part to integer by multiplying
- * by a factor of 10
- */
- max10 = roundv(pow_10(max));
- fracpart = roundv(pow_10(max) * (ufvalue - intpart));
-
- if (fracpart >= max10) {
- intpart++;
- fracpart -= max10;
- }
-
- /* convert integer part */
- do {
- iconvert[iplace++] = "0123456789"[intpart % 10];
- intpart = (intpart / 10);
- } while (intpart && (iplace < (int)sizeof(iconvert)));
- if (iplace == sizeof(iconvert))
- iplace--;
- iconvert[iplace] = 0;
-
- /* convert fractional part */
- while (fplace < max) {
- if (style == G_FORMAT && fplace == 0 && (fracpart % 10) == 0) {
- /* We strip trailing zeros in G_FORMAT */
- max--;
- fracpart = fracpart / 10;
- if (fplace < max)
- continue;
- break;
- }
- fconvert[fplace++] = "0123456789"[fracpart % 10];
- fracpart = (fracpart / 10);
- }
-
- if (fplace == sizeof(fconvert))
- fplace--;
- fconvert[fplace] = 0;
-
- /* convert exponent part */
- if (realstyle == E_FORMAT) {
- int tmpexp;
- if (exp < 0)
- tmpexp = -exp;
- else
- tmpexp = exp;
-
- do {
- econvert[eplace++] = "0123456789"[tmpexp % 10];
- tmpexp = (tmpexp / 10);
- } while (tmpexp > 0 && eplace < (int)sizeof(econvert));
- /* Exponent is huge!! Too big to print */
- if (tmpexp > 0)
- return 0;
- /* Add a leading 0 for single digit exponents */
- if (eplace == 1)
- econvert[eplace++] = '0';
- }
-
- /*
- * -1 for decimal point (if we have one, i.e. max > 0),
- * another -1 if we are printing a sign
- */
- padlen = min - iplace - max - (max > 0 ? 1 : 0) - ((signvalue) ? 1 : 0);
- /* Take some off for exponent prefix "+e" and exponent */
- if (realstyle == E_FORMAT)
- padlen -= 2 + eplace;
- zpadlen = max - fplace;
- if (zpadlen < 0)
- zpadlen = 0;
- if (padlen < 0)
- padlen = 0;
- if (flags & DP_F_MINUS)
- padlen = -padlen;
-
- if ((flags & DP_F_ZERO) && (padlen > 0)) {
- if (signvalue) {
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
- return 0;
- --padlen;
- signvalue = 0;
- }
- while (padlen > 0) {
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
- return 0;
- --padlen;
- }
- }
- while (padlen > 0) {
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
- return 0;
- --padlen;
- }
- if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
- return 0;
-
- while (iplace > 0) {
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]))
- return 0;
- }
-
- /*
- * Decimal point. This should probably use locale to find the correct
- * char to print out.
- */
- if (max > 0 || (flags & DP_F_NUM)) {
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.'))
- return 0;
-
- while (fplace > 0) {
- if(!doapr_outch(sbuffer, buffer, currlen, maxlen,
- fconvert[--fplace]))
- return 0;
- }
- }
- while (zpadlen > 0) {
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
- return 0;
- --zpadlen;
- }
- if (realstyle == E_FORMAT) {
- char ech;
-
- if ((flags & DP_F_UP) == 0)
- ech = 'e';
- else
- ech = 'E';
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ech))
- return 0;
- if (exp < 0) {
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '-'))
- return 0;
- } else {
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '+'))
- return 0;
- }
- while (eplace > 0) {
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen,
- econvert[--eplace]))
- return 0;
- }
- }
-
- while (padlen < 0) {
- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
- return 0;
- ++padlen;
- }
- return 1;
-}
-
-#define BUFFER_INC 1024
-
-static int
-doapr_outch(char **sbuffer,
- char **buffer, size_t *currlen, size_t *maxlen, int c)
-{
- /* If we haven't at least one buffer, someone has doe a big booboo */
- OPENSSL_assert(*sbuffer != NULL || buffer != NULL);
-
- /* |currlen| must always be <= |*maxlen| */
- OPENSSL_assert(*currlen <= *maxlen);
-
- if (buffer && *currlen == *maxlen) {
- if (*maxlen > INT_MAX - BUFFER_INC)
- return 0;
-
- *maxlen += BUFFER_INC;
- if (*buffer == NULL) {
- *buffer = OPENSSL_malloc(*maxlen);
- if (*buffer == NULL)
- return 0;
- if (*currlen > 0) {
- OPENSSL_assert(*sbuffer != NULL);
- memcpy(*buffer, *sbuffer, *currlen);
- }
- *sbuffer = NULL;
- } else {
- char *tmpbuf;
- tmpbuf = OPENSSL_realloc(*buffer, *maxlen);
- if (tmpbuf == NULL)
- return 0;
- *buffer = tmpbuf;
- }
- }
-
- if (*currlen < *maxlen) {
- if (*sbuffer)
- (*sbuffer)[(*currlen)++] = (char)c;
- else
- (*buffer)[(*currlen)++] = (char)c;
- }
-
- return 1;
-}
-
-/***************************************************************************/
int BIO_printf(BIO *bio, const char *format, ...)
{
@@ -859,30 +35,36 @@ int BIO_printf(BIO *bio, const char *for
return (ret);
}
+static ssize_t cookie_BIO_write(void *cookie, const char *buf, size_t size)
+{
+ int ret;
+ ret = BIO_write(cookie, buf, size);
+ /* BIO_write may return negative value on error,
+ * but we must return 0 on that case
+ */
+ return (ret < 0) ? 0 : ret;
+}
+
int BIO_vprintf(BIO *bio, const char *format, va_list args)
{
+ FILE *fp;
int ret;
- size_t retlen;
- char hugebuf[1024 * 2]; /* Was previously 10k, which is unreasonable
- * in small-stack environments, like threads
- * or DOS programs. */
- char *hugebufp = hugebuf;
- size_t hugebufsize = sizeof(hugebuf);
- char *dynbuf = NULL;
- int ignored;
-
- dynbuf = NULL;
- if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
- args)) {
- OPENSSL_free(dynbuf);
- return -1;
- }
- if (dynbuf) {
- ret = BIO_write(bio, dynbuf, (int)retlen);
- OPENSSL_free(dynbuf);
- } else {
- ret = BIO_write(bio, hugebuf, (int)retlen);
- }
+
+ cookie_io_functions_t bio_funcs = {
+ .read = NULL,
+ .write = cookie_BIO_write,
+ .seek = NULL,
+ .close = NULL,
+ };
+
+ fp = fopencookie(bio, "w", bio_funcs);
+
+ if (fp == NULL)
+ return -1;
+
+ ret = vfprintf(fp, format, args);
+
+ fclose(fp);
return (ret);
}
@@ -898,29 +80,21 @@ int BIO_snprintf(char *buf, size_t n, co
int ret;
va_start(args, format);
+ ret = vsnprintf(buf, n, format, args);
+ va_end(args);
- ret = BIO_vsnprintf(buf, n, format, args);
+ if (ret >= n || ret == -1) return (-1);
- va_end(args);
return (ret);
}
int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
{
- size_t retlen;
- int truncated;
+ int ret;
+ ret = vsnprintf(buf, n, format, args);
- if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
- return -1;
+ if (ret >= n || ret == -1)
+ return (-1);
- if (truncated)
- /*
- * In case of truncation, return -1 like traditional snprintf.
- * (Current drafts for ISO/IEC 9899 say snprintf should return the
- * number of characters that would have been written, had the buffer
- * been large enough.)
- */
- return -1;
- else
- return (retlen <= INT_MAX) ? (int)retlen : -1;
+ return (ret);
}
Index: openssl-1.1.0h/test/bioprinttest.c
===================================================================
--- openssl-1.1.0h.orig/test/bioprinttest.c 2018-03-27 15:50:40.000000000 +0200
+++ openssl-1.1.0h/test/bioprinttest.c 2018-03-27 16:30:23.096947435 +0200
@@ -200,13 +200,6 @@ int main(int argc, char **argv)
dofptest(test++, 66666.0 + frac, width, prec, &fail);
}
- /* Test excessively big number. Should fail */
- if (BIO_snprintf(buf, sizeof(buf), "%f\n", 2 * (double)ULONG_MAX) != -1) {
- printf("Test %d failed. Unexpected success return from "
- "BIO_snprintf()\n", test);
- fail = 1;
- }
-
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (CRYPTO_mem_leaks_fp(stderr) <= 0)
return 1;

802
0001-Limit-scope-of-CN-name-constraints.patch
View File

@ -1,802 +0,0 @@
From c2c2c7b3f1df94f9a447cc3cf8196579543cc57e Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Fri, 18 May 2018 09:09:51 -0400
Subject: [PATCH 1/2] Limit scope of CN name constraints
Don't apply DNS name constraints to the subject CN when there's a
least one DNS-ID subjectAlternativeName.
Don't apply DNS name constraints to subject CN's that are sufficiently
unlike DNS names. Checked name must have at least two labels, with
all labels non-empty, no trailing '.' and all hyphens must be
internal in each label. In addition to the usual LDH characters,
we also allow "_", since some sites use these for hostnames despite
all the standards.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
---
crypto/asn1/a_strex.c | 50 -----------
crypto/include/internal/asn1_int.h | 2 -
crypto/x509v3/v3_ncons.c | 140 +++++++++++++++++++++++++----
test/certs/alt1-cert.pem | 39 ++++----
test/certs/alt1-key.pem | 52 +++++------
test/certs/badalt6-cert.pem | 35 ++++----
test/certs/badalt6-key.pem | 52 +++++------
test/certs/badalt7-cert.pem | 33 ++++---
test/certs/badalt7-key.pem | 52 +++++------
test/certs/badcn1-cert.pem | 20 +++++
test/certs/badcn1-key.pem | 28 ++++++
test/certs/goodcn1-cert.pem | 22 +++++
test/certs/goodcn1-key.pem | 28 ++++++
test/certs/setup.sh | 25 ++++--
test/recipes/25-test_verify.t | 8 +-
15 files changed, 376 insertions(+), 210 deletions(-)
create mode 100644 test/certs/badcn1-cert.pem
create mode 100644 test/certs/badcn1-key.pem
create mode 100644 test/certs/goodcn1-cert.pem
create mode 100644 test/certs/goodcn1-key.pem
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index 75bc4319c7..ec7ac5a30c 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -613,53 +613,3 @@ int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in)
*out = stmp.data;
return stmp.length;
}
-
-/* Return 1 if host is a valid hostname and 0 otherwise */
-int asn1_valid_host(const ASN1_STRING *host)
-{
- int hostlen = host->length;
- const unsigned char *hostptr = host->data;
- int type = host->type;
- int i;
- signed char width = -1;
- unsigned short chflags = 0, prevchflags;
-
- if (type > 0 && type < 31)
- width = tag2nbyte[type];
- if (width == -1 || hostlen == 0)
- return 0;
- /* Treat UTF8String as width 1 as any MSB set is invalid */
- if (width == 0)
- width = 1;
- for (i = 0 ; i < hostlen; i+= width) {
- prevchflags = chflags;
- /* Value must be <= 0x7F: check upper bytes are all zeroes */
- if (width == 4) {
- if (*hostptr++ != 0 || *hostptr++ != 0 || *hostptr++ != 0)
- return 0;
- } else if (width == 2) {
- if (*hostptr++ != 0)
- return 0;
- }
- if (*hostptr > 0x7f)
- return 0;
- chflags = char_type[*hostptr++];
- if (!(chflags & (CHARTYPE_HOST_ANY | CHARTYPE_HOST_WILD))) {
- /* Nothing else allowed at start or end of string */
- if (i == 0 || i == hostlen - 1)
- return 0;
- /* Otherwise invalid if not dot or hyphen */
- if (!(chflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN)))
- return 0;
- /*
- * If previous is dot or hyphen then illegal unless both
- * are hyphens: as .- -. .. are all illegal
- */
- if (prevchflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN)
- && ((prevchflags & CHARTYPE_HOST_DOT)
- || (chflags & CHARTYPE_HOST_DOT)))
- return 0;
- }
- }
- return 1;
-}
diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h
index f70e3b47ba..a0c65318d5 100644
--- a/crypto/include/internal/asn1_int.h
+++ b/crypto/include/internal/asn1_int.h
@@ -90,5 +90,3 @@ struct asn1_pctx_st {
unsigned long oid_flags;
unsigned long str_flags;
} /* ASN1_PCTX */ ;
-
-int asn1_valid_host(const ASN1_STRING *host);
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index 2eec405a36..c4b0551a03 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -297,47 +297,151 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc)
}
+static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen)
+{
+ int utf8_length; /* Return type of ASN1_STRING_to_UTF8 */
+ int i;
+ unsigned char *utf8_value;
+ int isdnsname = 0;
+
+ /* Don't leave outputs uninitialized */
+ *dnsid = NULL;
+ *idlen = 0;
+
+ /*-
+ * Per RFC 6125, DNS-IDs representing internationalized domain names appear
+ * in certificates in A-label encoded form:
+ *
+ * https://tools.ietf.org/html/rfc6125#section-6.4.2
+ *
+ * The same applies to CNs which are intended to represent DNS names.
+ * However, while in the SAN DNS-IDs are IA5Strings, as CNs they may be
+ * needlessly encoded in 16-bit Unicode. We perform a conversion to UTF-8
+ * to ensure that we get an ASCII representation of any CNs that are
+ * representable as ASCII, but just not encoded as ASCII. The UTF-8 form
+ * may contain some non-ASCII octets, and that's fine, such CNs are not
+ * valid legacy DNS names.
+ *
+ * Note, 'int' is the return type of ASN1_STRING_to_UTF8() so that's what
+ * we must use for 'utf8_length'.
+ */
+ if ((utf8_length = ASN1_STRING_to_UTF8(&utf8_value, cn)) < 0)
+ return X509_V_ERR_OUT_OF_MEM;
+
+ /*
+ * Some certificates have had names that include a *trailing* NUL byte.
+ * Remove these harmless NUL characters. They would otherwise yield false
+ * alarms with the following embedded NUL check.
+ */
+ while (utf8_length > 0 && utf8_value[utf8_length - 1] == '\0')
+ --utf8_length;
+
+ /* Reject *embedded* NULs */
+ if ((size_t)utf8_length != strlen((char *)utf8_value))
+ return X509_V_ERR_UNSPECIFIED;
+
+ /*
+ * XXX: Deviation from strict DNS name syntax, also check names with '_'
+ * Check DNS name syntax, any '-' or '.' must be internal,
+ * and on either side of each '.' we can't have a '-' or '.'.
+ *
+ * If the name has just one label, we don't consider it a DNS name. This
+ * means that "CN=sometld" cannot be precluded by DNS name constraints, but
+ * that is not a problem.
+ */
+ for (i = 0; i < utf8_length; ++i) {
+ unsigned char c = utf8_value[i];
+
+ if ((c >= 'a' && c <= 'z')
+ || (c >= 'A' && c <= 'Z')
+ || (c >= '0' && c <= '9')
+ || c == '_')
+ continue;
+
+ /* Dot and hyphen cannot be first or last. */
+ if (i > 0 && i < utf8_length - 1) {
+ if (c == '-')
+ continue;
+ /*
+ * Next to a dot the preceding and following characters must not be
+ * another dot or a hyphen. Otherwise, record that the name is
+ * plausible, since it has two or more labels.
+ */
+ if (c == '.'
+ && utf8_value[i + 1] != '.'
+ && utf8_value[i - 1] != '-'
+ && utf8_value[i + 1] != '-') {
+ isdnsname = 1;
+ continue;
+ }
+ }
+ isdnsname = 0;
+ break;
+ }
+
+ if (isdnsname) {
+ *dnsid = utf8_value;
+ *idlen = (size_t)utf8_length;
+ return X509_V_OK;
+ }
+ OPENSSL_free(utf8_value);
+ return X509_V_OK;
+}
+
int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc)
{
int r, i;
+ GENERAL_NAMES *gens = NULL;
X509_NAME *nm;
-
ASN1_STRING stmp;
GENERAL_NAME gntmp;
+
stmp.flags = 0;
stmp.type = V_ASN1_IA5STRING;
gntmp.type = GEN_DNS;
gntmp.d.dNSName = &stmp;
+ gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+ if (gens != NULL) {
+ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+ GENERAL_NAME *gen = sk_GENERAL_NAME_value(gens, i);
+
+ if (gen->type == GEN_DNS) {
+ GENERAL_NAMES_free(gens);
+ return X509_V_OK;
+ }
+ }
+ GENERAL_NAMES_free(gens);
+ }
+
nm = X509_get_subject_name(x);
/* Process any commonName attributes in subject name */
for (i = -1;;) {
X509_NAME_ENTRY *ne;
- ASN1_STRING *hn;
+ ASN1_STRING *cn;
+ unsigned char *idval;
+ size_t idlen;
+
i = X509_NAME_get_index_by_NID(nm, NID_commonName, i);
if (i == -1)
break;
ne = X509_NAME_get_entry(nm, i);
- hn = X509_NAME_ENTRY_get_data(ne);
- /* Only process attributes that look like host names */
- if (asn1_valid_host(hn)) {
- unsigned char *h;
- int hlen = ASN1_STRING_to_UTF8(&h, hn);
- if (hlen <= 0)
- return X509_V_ERR_OUT_OF_MEM;
+ cn = X509_NAME_ENTRY_get_data(ne);
- stmp.length = hlen;
- stmp.data = h;
-
- r = nc_match(&gntmp, nc);
-
- OPENSSL_free(h);
+ /* Only process attributes that look like host names */
+ if ((r = cn2dnsid(cn, &idval, &idlen)) != X509_V_OK)
+ return r;
+ if (idlen == 0)
+ continue;
- if (r != X509_V_OK)
- return r;
- }
+ stmp.length = idlen;
+ stmp.data = idval;
+ r = nc_match(&gntmp, nc);
+ OPENSSL_free(idval);
+ if (r != X509_V_OK)
+ return r;
}
return X509_V_OK;
}
diff --git a/test/certs/alt1-cert.pem b/test/certs/alt1-cert.pem
index b94d0eaf9d..d68b0e5193 100644
--- a/test/certs/alt1-cert.pem
+++ b/test/certs/alt1-cert.pem
@@ -1,22 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDlTCCAn2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMGgxIzAh
-BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAxMRUwEwYDVQQDDAx3d3cu
-Z29vZC5vcmcxEzARBgNVBAMMCkpvZSBCbG9nZ3MxFTATBgNVBAMMDGFueS5nb29k
-LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAv1X8S8uUpnjTa
-3bv7m1jJbbX7bC9w7k4TfxiU5XL/m3EhN//EUBJSoamy6vFC6oy/6jA8XmptlVrY
-Sp3ZKFdjdZh+CyYZKcrv4JReF2lfRIINn6d6EgcAobGTNwdcv67xuNtMi0meAvmK
-gLjOa/IhCHNC+l8vNDJx/a+7mxH+yNxPL6lC/kJMja6oaYndx74WJpPC22LJ/cCp
-xspKKsoPYYjk0BX9RvbKO8s4b86Wjzzntht+NpQ4LLh9XwPZog11qGE4UIrsV8XA
-YxJrMGQNZd69cnCOz8vnOVCszFOa4qVvXeAGr0iFlZAXbQJevpiiXaXHMEt8C1qH
-xpcW8DcCAwEAAaOBmDCBlTAdBgNVHQ4EFgQUw8nB25NP0gUaFCrOwAO5KzllnREw
-HwYDVR0jBBgwFoAUCNGb+ebVZHCg8Wsanu1S2t31UEMwCQYDVR0TBAIwADBIBgNV
-HREEQTA/ggx3d3cuZ29vZC5vcmeCDGFueS5nb29kLmNvbYENZ29vZEBnb29kLm9y
-Z4EMYW55QGdvb2QuY29thwTAqAABMA0GCSqGSIb3DQEBCwUAA4IBAQBUnDMrg1py
-8/iYXzs11Qbw7bBhc/HQDpu5QVgriaX2zDUpTLSEUV7qZFSHmwWm91ILw2VA1Xni
-ua2sF19o/tJT0ZHpapkfqGpfsym2H04NDMKy0l0fSZhlCB5Kv5wpiFt9hBUrxS/2
-Dd6Kg+Ka02nD5QBXSAk/xz0FmgezzGGCLjg85/Sfe9Y7tNhQXh3HuGXuJizYccdQ
-Fh1IAFYW3DZoDKS7dDTCltvDEma/2IE684+CRJiA6PH9rYfJ1CCUfAMpyA85CxKT
-P68GDKI++WoUgM8LDfxS0KOL7A9cqcpM2L27hjyEgnqIBPHFfm9fxztBotuCTl5L
-vRlTFVjv65nn
+MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
+IE5DIENBIDEwIBcNMTgwNTE2MDIzODEzWhgPMjExODA1MTcwMjM4MTNaMFQxIzAh
+BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAxMRgwFgYDVQQDDA93d3cu
+ZXhhbXBsZS5uZXQxEzARBgNVBAMMCkpvZSBCbG9nZ3MwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDTqvf6j+WxCtn4RU8/6uXXgCTcksv6NDXCZ9JAz4Vv
+cQbJfhFbDWpGZQZDOCqwtj+7CSVIraxItHzPlrt36cevsoPmpuqGbHrUaOLneme2
+x81SXUq0z/DmDvwxVENmRj1u7iCt3sL7awcid4SiotLOY2F1jBazmqprqKZBUiyQ
+XqpSp+9uSav77ydwDXCrQozBdns1YRshgU9omQrTcIqHCj1f9Lo+A2y4+TZYZkvS
+DuUZiTfPTPouR6sopM8JLyAZc+TvFFncEg24N+zz3O3jwH82BZEjzavw92J9npJB
+UXvKb8O9z7UA65WYuL2he7kSQCsPNLoRWZnVpchwr3VHAgMBAAGjgZgwgZUwHQYD
+VR0OBBYEFHvLhGWckFjVXdDI3ds9Wti6zgXAMB8GA1UdIwQYMBaAFAjRm/nm1WRw
+oPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwSAYDVR0RBEEwP4IMd3d3Lmdvb2Qub3Jn
+ggxhbnkuZ29vZC5jb22BDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEwKgA
+ATANBgkqhkiG9w0BAQsFAAOCAQEATVcTyrAxsehdQNrkL6kquXxWlyegJcxvVxUe
+hfh9+Lw4620b2S1/l2YxFM3peLAsRgJOznmJOeG18+y7/kx/3UNqYGY7e8iJQ3Gl
+JwDIJp5JCaUOlodjhMJtRc7jn9RcsL97oizXdcryyWT0vSlM9Pie9NtHG5iq5X4+
+oL3X8+OG25MOkF2h3YVCEG3vDu7quyTlHc2ebwpdLZRndcOewO2Cap1ettyWXUPP
+Mha6wyJE8LJhrGmrI8Lw+i7gGscP0xYZn3yCLk5BtOabn4dvCiDmb+TPruKQQARw
+BG45LEZzGxz+Ad3xRdZyVi1I67v9YShoYTCpMTSxJaR0erH74g==
-----END CERTIFICATE-----
diff --git a/test/certs/alt1-key.pem b/test/certs/alt1-key.pem
index b5d4d326c5..6df050a38f 100644
--- a/test/certs/alt1-key.pem
+++ b/test/certs/alt1-key.pem
@@ -1,28 +1,28 @@
-----BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCwL9V/EvLlKZ40
-2t27+5tYyW21+2wvcO5OE38YlOVy/5txITf/xFASUqGpsurxQuqMv+owPF5qbZVa
-2Eqd2ShXY3WYfgsmGSnK7+CUXhdpX0SCDZ+nehIHAKGxkzcHXL+u8bjbTItJngL5
-ioC4zmvyIQhzQvpfLzQycf2vu5sR/sjcTy+pQv5CTI2uqGmJ3ce+FiaTwttiyf3A
-qcbKSirKD2GI5NAV/Ub2yjvLOG/Olo8857YbfjaUOCy4fV8D2aINdahhOFCK7FfF
-wGMSazBkDWXevXJwjs/L5zlQrMxTmuKlb13gBq9IhZWQF20CXr6Yol2lxzBLfAta
-h8aXFvA3AgMBAAECggEAa073DcqQvhq3DSIw4wm/+DfW5nwXzF1QB6XAR0yI453j
-IuhEnzcGPeKuLBmZFxDWoptRG8fpCZFs4kPSTomxFGizewlp6O5ykfPAKR2VzMwF
-geCiWPL0f+dWlD1Byu4moXsASDE6tL/UuAAvnl+7R2HvL6SfsdGiTQc4qAvvyukM
-szks+MePHSlXmL5Eld7HfKgpvxY1SbYOQU0aPXAQAnLaOT931q+tgZMG6nBWN+pu
-w5bgKCA26BMAAaUAdIIDEa9fjzkpXjElCT4qhJYVKQn9Pb7aSc4jihSpCknqbb9c
-55nW5PWMZJyCbCOUG/SVTblXV+NmhdtwrgUbHImXIQKBgQDcb/7vp+rq06uNx3b4
-AjTZdzCVbHM8gp7b1GkGD0SncrzX6RxPSzNn7d4AUKY065bwa89A+TRwV8DSo7G8
-hxjzdU/FKCg8ce0eqoCtWjIT2r+rV2P9dFhfRT5jdOwHrym8LeSGzANjIBNV7FOf
-FIRkQ1BVD0QSPla+26ASqsw60wKBgQDMnEzChQWgAsBelALmGaj/wDdWDUXK8xRg
-s7dG1Sx41SLk39SAjCUYXPyy8IHBitJtPZNDp23tR4/m8Ui1pB2T0EnlzBsuzrZ/
-0aCbJnQ08FXE8iVajrgce4ZCdT8vkeH8EVhqDpJIlAhoKy3HaoAr4o2/uRoGDpHZ
-iAbDLTEOjQKBgFrp4dXLhkqFNArMShetKUjLLIFj8f7xzDzT1ODH6UO6QYI2xRM6
-65+gbd/pYzMOOvk7LYYZgXQX7RGyq3oaqcK3Dkg88KNFRUtRfLKCMYcYv9YVu8pr
-cosQTtPMBBCDQI44yziA6aC3OOJGDpLcbmG/lWEPY762cSZUBCfOw147AoGAd8S+
-AdcPtdwmcrY9BCfdDuea/JoEUon7UaehDqtVvt0z8bk7kIt4Y0x69ttleL8j8aHr
-g9yLsisDhvGR2BFa5t0zhHn3J20E0skINAlMWHieHAyJ5PpJtxJvQpOTCutf1sbo
-dBxXcHiGe0NbJrGmmQmiY6mcHBOHOEgxfSoE3zkCgYAc+ozIr3xmUcooUeA7uqpd
-LvGGqHThGrtXVFIErOIcajC9bHEeZw4Do/oT5L7Wr7pOZ20VUmuRvwytd7IYYTVV
-g+nIyKaMttEaCzHEsO0CQUHexOkJbL4rpc3HiK5hIhL8Yo2L/obQgCxYmvyChpo3
-sXJAoFllBNfAK3aanFOR1Q==
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDTqvf6j+WxCtn4
+RU8/6uXXgCTcksv6NDXCZ9JAz4VvcQbJfhFbDWpGZQZDOCqwtj+7CSVIraxItHzP
+lrt36cevsoPmpuqGbHrUaOLneme2x81SXUq0z/DmDvwxVENmRj1u7iCt3sL7awci
+d4SiotLOY2F1jBazmqprqKZBUiyQXqpSp+9uSav77ydwDXCrQozBdns1YRshgU9o
+mQrTcIqHCj1f9Lo+A2y4+TZYZkvSDuUZiTfPTPouR6sopM8JLyAZc+TvFFncEg24
+N+zz3O3jwH82BZEjzavw92J9npJBUXvKb8O9z7UA65WYuL2he7kSQCsPNLoRWZnV
+pchwr3VHAgMBAAECggEACPTB+1sdV+lioaulF8pDoWOtq5uWf+a3o5sq/U0Kk1WP
++PSZnWWq6oGZyzxUKhf8CFjxt+qJUKY6Zbo2AnPk3B1MkXTclYV/iP9LIoo+WzCH
+EoYaBB6MTd+ycg/jri8oqEnxHgo/681yhtXRyePj0ZHI7OVZjI3tyhJfvoHQmuci
+u6qYYUP0GWuyM+kHS11vn6Q1U8nOZWvXpEDXDDdJ7+2QRuv01AXcjFxpbFzkMn2W
+JkhKkCTIQpUU66VMRHwNexi+TR2rRESq0G+fa+6gaVFVIs0vBukq48IeC5W21j1L
+zyftHxci67FlYC9iaiUxDVt3KB+lcukx6Cz5mjtzqQKBgQD/GrAtFfjiXKj9O5ld
+K7dnnBHE8fzyWQWyOfwpVjNAC1J7tgwFvDpBpTHOwS5JnCwMWWM3rkBPRhCusmrF
+AtfE8b643G+cJbTgDuEhGh11QR0p9VWMVFQL9kZxx12PegDtFBfzcfcI3XQwKVKL
+ZbQn4ibW3BKSt9+Nh3APa0s5iwKBgQDUaTxZBajTdzoDd6Pg3warL5BhsxWr2tUQ
+qf+iVoba2Y9NTBdxBht2whSaYweU9kxmeNZvnCu95B8HeRGE69Dxb7IWwpsaxoaf
+ND0NcCF7aPZgx7hvhbHF7duzt3nuv+q5sOuuyHPzm+nF2snAuY3Zg+Bpv3nlYekf
+18aXZdwStQKBgEpF8e9ei1UUl1sLZC6dUMvIw9+sePHye1cVzNYYM9m8sio0qbFt
+ySRdvW+uDRT/dE+wItQOVsj95FOIvM9ZcYr0u4vFGnXDALOPgXqKyPLfn2cc9+hg
+kQvei0oLOrFQWz6rcAHAN6WMHIz9KvxNAzPtg1NhRcMT5/Gj8jt7CK7bAoGAIeKz
+7OO5Phr8F0eDzkDmGHMbDmr6XxMnAGSOUoCJPOqOMN+dsbsusHBfxw1bTUlJgONw
+GhgI5l85EAEhaVoRWCLgfz8GbWwUV9uGjdlAjiZ9f4z9AFWMua2rae0wN4VIVd1C
+i/yQeuF5lsXDf8paNcQTDeus74oCHcFXfhmS1S0CgYB2q8E+H0kFHbUxkIZYwhsM
+r0lTecn+kVsyPPje2UlzfTwvcC9dFIC4ppCdJGUJAwi/PJnr6xNyOH6I1pjUA8ER
+Aofm4Oj2DwX8W+81oO71/RXSfEFUjdOw0H6iRDyvWa1gqftj2/aWjV7Ifdo49thx
+EzX/9GdsRInifN6FfOfo/A==
-----END PRIVATE KEY-----
diff --git a/test/certs/badalt6-cert.pem b/test/certs/badalt6-cert.pem
index fbe040b52c..f41568f6ee 100644
--- a/test/certs/badalt6-cert.pem
+++ b/test/certs/badalt6-cert.pem
@@ -1,22 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMGkxIjAg
+MIIDeDCCAmCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
+IE5DIENBIDEwIBcNMTgwNTE2MDMyNjMyWhgPMjExODA1MTcwMzI2MzJaMGkxIjAg
BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDYxFzAVBgNVBAMMDm90aGVy
Lmdvb2Qub3JnMRMwEQYDVQQDDApKb2UgQmxvZ2dzMRUwEwYDVQQDDAxhbnkuZ29v
-ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKz8F/ndKz0vuv
-BymjTUjtrWSQsnsuisR+oW8CIliNBi8yqqeNrtoa2s+e2GBC7gxDlK9IOqGo4Ulu
-9jY5On6RysrFWLpK97I7EP9cg63alH+NRFEwczRzErHtYx54yiBjcovcCVeTtdnd
-7/P4T8hIGy6QjdW68lzwnN/I9x11NWoipIKvAOGXz0L/WaPPWZ0GJFlBqEX//O3+
-6sweSUX4ivAC9txou3rwDA8kJx5Ge9trQ9dPPG/jpL96f1DLE9H2SkVff1KLTPmb
-jUwiYj161lsKLxGkbdmPWRjt1pP4+5UUhioo1Y0WrTd5ELwB1eKTtWsOlRsdLOa8
-1L6m8ngXAgMBAAGjgZgwgZUwHQYDVR0OBBYEFBIKyD5bUUNIFxlQJl/rBvvIm0XZ
-MB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwSAYD
-VR0RBEEwP4IMd3d3Lmdvb2Qub3JnggxhbnkuZ29vZC5jb22BDWdvb2RAZ29vZC5v
-cmeBDGFueUBnb29kLmNvbYcEwKgAATANBgkqhkiG9w0BAQsFAAOCAQEAa2lydA7a
-YgRhYeIuPEtR+bKyDkIKNjvx2IRL/FL70s/IWFWDK1rpsMYLGNa7rWpW5gq4T6zb
-JIwC/770Rw1p+0j9eAC95d2wCEhyNcLdoP4ch7whr0MhxYHUJ8zQGPdQ97DWGoEB
-2seLjrhMrX004TM4UlM+lpjsb88QEcD+kOEhdDTKm0ABUygOr1KRay437mtUhAzb
-WyUbAjKbhgyv6IFRNHKy6YtCMugPihn+Pd1NY6c2ACRVOAUS/+rvVyjxBCATW5Wk
-zAtNIxYgcm3rYRroGYT2BGj8Ic7oqPOWPdGWhsieX0c+y2ZnS727Kwc5tXFfW9By
-GH32QmEN5o5jZQ==
+ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl46xhstHmmYhp
+XY/FcnQStR4XHtHcNRyvq1perl0fezeCY85KkddGppic5qIWQDL4ViP3HfvhMlDZ
+E0tAjEfr8Auac9gpa2IFVJAzMnnzOkhO6cr5kmid4392tNCG5sUWS99t2Z4f9sOP
+DQKdoN7lnmxnpZqNf9NUERsN5i4fcvErfQZ4LqV5ld810ZAQZUfarn1rg6/U/ADc
+qA0uQgk9RxVgSDt3M5mi8AaC73Be9nAefXQUybzs6J8EfsDijhD85msxs4Fha4pg
+gM+bXHv9C7whxM5F2WTeET0cIcAfE3+jzQlkjcjlS1rTEq4d0Pd+1rXkhMwZeze2
+KRL2Le8jAgMBAAGjezB5MB0GA1UdDgQWBBRJJljvheyfKr9neNplhIMIFx25QjAf
+BgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa3fVQQzAJBgNVHRMEAjAAMCwGA1Ud
+EQQlMCOBDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEwKgAATANBgkqhkiG
+9w0BAQsFAAOCAQEAPfRFkpkTsPlH54n/i3kxR8Hw17kUOV0/v39fnNzV+PXS/IIU
+9OFfP7qNeuoWVQKXCwNWGWYXb7O0LNJMJQWWtyXtzWH3rOSxdSRIrTsCVHA41Lbo
+te2nrfnGMtg6em51Do6Kk0JM304sVAWl5OY/eckBmuDgN/5WfZudOLd8Ohv8vZ6U
+ZNoSBNpu1x5gfEPywMUGAgbkNZVpzNAfulx3/D2kWk0qwEKqnphUyaXiTVqO49gr
+n1LwSVdqBcmapBmEO3puV4TBWFwM49iMMNGn0fp/JBVsLjt+q7TK96qGBo/BSEL+
+e2TXTNpdkn3l+ZK2FYdf7s8fytoe+6o92dN+fA==
-----END CERTIFICATE-----
diff --git a/test/certs/badalt6-key.pem b/test/certs/badalt6-key.pem
index 203a4c7a00..782d69334a 100644
--- a/test/certs/badalt6-key.pem
+++ b/test/certs/badalt6-key.pem
@@ -1,28 +1,28 @@
-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDKz8F/ndKz0vuv
-BymjTUjtrWSQsnsuisR+oW8CIliNBi8yqqeNrtoa2s+e2GBC7gxDlK9IOqGo4Ulu
-9jY5On6RysrFWLpK97I7EP9cg63alH+NRFEwczRzErHtYx54yiBjcovcCVeTtdnd
-7/P4T8hIGy6QjdW68lzwnN/I9x11NWoipIKvAOGXz0L/WaPPWZ0GJFlBqEX//O3+
-6sweSUX4ivAC9txou3rwDA8kJx5Ge9trQ9dPPG/jpL96f1DLE9H2SkVff1KLTPmb
-jUwiYj161lsKLxGkbdmPWRjt1pP4+5UUhioo1Y0WrTd5ELwB1eKTtWsOlRsdLOa8
-1L6m8ngXAgMBAAECggEBAJNMHK8BAvzTqTPPsfAGu4bTvgxRdKGy609FFAiqxUF3
-UmQsCZEfgwyqCszFPfSeS43xuPRukObE6L6MV4ls8GwWqvp1nKfCClJX3/9jK6tq
-2tDQ416a7Wb+FvfgW0tDEg7oLKfcqRyAoQFNuxWHbGDiTQlz2dzzFYkzhlzBDUYH
-/pu9qkNFGfYMFwsBUd8pp8zMnv552CCIgalBBFr1hy9q47HBaJPaF2/CjZJmsqkp
-rVMBH7+j0y1DW3JO5rSKcRdz+mgEd9m/yQIazvBPJKxeGza8JfLBuACYFLIoO1S+
-b8s/zmQPHeZwTxSsM64M1uYi4dmJy0viozLlWsjrE1ECgYEA/GxGG/lB1mL+Hzmc
-kXzWmA2nLPxZXGxMBOYH/n8l4OyDmKi2Bmly7kS0kLdY6gYTVBWFCRcvPxf+UJu9
-x4NcKDkjXVXSg7Muux3Bh1JoRCOKB2Hk3pqdDe55GcT5bSikkd5PYCNobcnqzSK1
-HzKveDdukraZxIPFpVs1VM9/gxMCgYEAza+BJUAEWoq925a1RKlMwdXW1ONBhFqU
-fXon15fgycHkiYIBGbGE65Oyz8BwE6jNAT+SwKlNCc6jPAkXvEUpczEi5Rcox8Ec
-hNoXBHcBxHEhtfV2VKX5I9JFAadmvnfS5St7HjRLzE2Y6xym1+fKfnAlSLpdb3W2
-eRqVBi3F020CgYEA6K/yrQTHwRX+BdC42JCIzSAA1IJG6eDW7skR43NX+pBr+sTD
-DwQTszrYbHLnXst888zmluutXO8EO1Bl0E3yHQ4W4IolhcweLtUOOm0nunA8Y/PE
-48MJNfd34N5nw01s7x5Mc2YQdOxmKvVsmzbA9AO9RTdYZgPGpVh/wA+LDssCgYBh
-F2+G/ekQNF3awhFfD+vDtAVtCLlsmLVvZbJY+sCJfJU8s7mBP2LXMSk/GD/Ph+b9
-p9zGRSSwdHJpbIFfxeYDEja+nWgKowWrUKd83BBhgmW/Vtc8rfwlBKS+Wx8M2dMb
-iqLbZyRAlICSuzumvyu+84EmC5L/gjlYgUvHVuQDIQKBgHH7q3hrKI5mQ0BR9h75
-4yP98c+Duz8IsQllIG0gzCiiOYIVTl3uzTCa/E9Sa+jG+kFsCeUDchmC6LmHdF/Z
-ZHfECcQT4B37xMMwvjwNW7E6/FyRx3XC762Fd5vlz3fBuVKburfh1JpfpcO85Wvo
-R1UfsJugW9Yetsqd9WB6q3ln
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDl46xhstHmmYhp
+XY/FcnQStR4XHtHcNRyvq1perl0fezeCY85KkddGppic5qIWQDL4ViP3HfvhMlDZ
+E0tAjEfr8Auac9gpa2IFVJAzMnnzOkhO6cr5kmid4392tNCG5sUWS99t2Z4f9sOP
+DQKdoN7lnmxnpZqNf9NUERsN5i4fcvErfQZ4LqV5ld810ZAQZUfarn1rg6/U/ADc
+qA0uQgk9RxVgSDt3M5mi8AaC73Be9nAefXQUybzs6J8EfsDijhD85msxs4Fha4pg
+gM+bXHv9C7whxM5F2WTeET0cIcAfE3+jzQlkjcjlS1rTEq4d0Pd+1rXkhMwZeze2
+KRL2Le8jAgMBAAECggEBAMcDjTTa2GmYWoZUr+UPizqyvsTnMmg/NoFBhy9WJVne
+kpR3kJvvm30XNiEGbCV1GGryL5p7w5UVuPXjhQ7xIkY3feQNC4H361iP93HK7dXJ
+i9V9AfGCdLzSuILsT2Wpm88MifUQIpqrRmqtqakKHkyMFG655409rpYlZNVogl9H
+vzrTE8rjysNMjP+bpbgkxUJfeATw8OYhEwd9ahj/E0r0r2enYhGEP3j+1zYsGdmM
+L2Uy4M+modaAWpZg5pUWpFjxl+V2cSJHdaQc8KYg8Z8RUyzYipFk3YzjP5jtprq5
+dHf9FqlcXk+MtzcYe+x8mIb3uwZhOtdpnUqe5l+GTyECgYEA9j++rS9sajQzMqp0
+p+EptacD/p7A3wldIDGEpPJsSQL+vhcigyn4iPCM1pGWR4iuR7Od9RpQSf3Tfnqc
+ZwUJQOpiYpxo1+QlqlBJkDjDRztp+kETZAgzc084ZhwQv9PfYyxa+8layQFhnClt
+Z9G0o4AV1povVeQLO5+9CQZQ4VMCgYEA7v4WuydzlLGKppsJEG8vvieR64mjOfO4
+gHBMEYnzEeTZPDvIfEfguM1upJCvt5GXp3huVHCAsFgs6kDjVbpIL1A2HzrMPtOa
+MNDSOrpuLcakAgEgx2VFv4TMnA1QKPg3//YCqEqqTJyX0C4OwaADRZJS7YfHp9lg
+mpv90baE8PECgYAv3oxulj15F9SsEL7Es9yr11/La4kK0oMr8vRaLFYoi1CCG3U2
+Ej6iQEDgpUSVe1iFz8DxGMBq4dDvUV5+GFiIKggeK1GmRk+cICdsxdwQSNh9MZFX
+bNCzpb7M+r+2yrUuTj0RnT7svDwBY3xFJlr7PbcBFNAG3mHgoVjaHEQ0yQKBgHbS
+zepvSv/65bzACFmrbklU0zAQVp9RlcIGE0wFEl0rMvbHon5oHkrDmOcpKLRUJtqU
+/gXtiY4jyPEPIfhVjd44OzB7w2DZRChRKrUYS/9ma9SzSuDYcT0vgat00w4Lm4wf
+fGK//Lvqf3B59cw/CmFkxuZiQ9ooMees9x11adOBAoGBAMdb0r8sAtgh+KTbA8Kq
+guIWiknOk6/LYUTuT3fidPIPbErrUQQR9WWHuXjrj2RyHI/RLjYLFamikvhU7PmE
+jPjPAo4p1a0WBwrYgjGDIRjTVjbUK282vuYkunGWYfgnZurAyjJCndL/eNZuX2F5
+m1rTfab8O+tOOGKGyzfouD2A
-----END PRIVATE KEY-----
diff --git a/test/certs/badalt7-cert.pem b/test/certs/badalt7-cert.pem
index b515ba43d9..4fa81b3c6f 100644
--- a/test/certs/badalt7-cert.pem
+++ b/test/certs/badalt7-cert.pem
@@ -1,23 +1,22 @@
-----BEGIN CERTIFICATE-----
-MIID1DCCArygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
-IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMIGmMTsw
+MIIDtjCCAp6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
+IE5DIENBIDEwIBcNMTgwNTE2MDMyNzA5WhgPMjExODA1MTcwMzI3MDlaMIGmMTsw
OQYDVQQKHjIAQgBhAGQAIABOAEMAIABUAGUAcwB0ACAAQwBlAHIAdABpAGYAaQBj
AGEAdABlACAANzElMCMGA1UEAx4cAG8AdABoAGUAcgAuAGcAbwBvAGQALgBvAHIA
ZzEdMBsGA1UEAx4UAEoAbwBlACAAQgBsAG8AZwBnAHMxITAfBgNVBAMeGABhAG4A
eQAuAGcAbwBvAGQALgBjAG8AbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBANStByWr70u2A49OO+LYu0ivQP+uBu2n3E6RoEYf+op/+JF3clwfMQCGqiSg
-QxOJMHkcu4gJDudRLCSXqHPnR0hOd+mQ5wQQJmLj8A99ImcD2oN5R3V5I4bSlXP9
-GCq2pFDnwXuEcJ3d2Dt1HYO4jA4Ol/RBT3NIqmwSnQzXv98mjYFpy6AuAIaYGmbh
-1DLWxsTPI2NjNafJYS85NrQDLkTpq48nCmQCJ+ly6Zzu7WuJiDKD1Rxs7ZwgNtLi
-Zhp41TeFHxCbfSFKe9u4rnUmImKxwgc9KuzOLpLAzD9avWpPGHtkCsLFsiw/EJYf
-UdeCXc7tz9WhXZzOk/ffLOcrorMCAwEAAaOBmDCBlTAdBgNVHQ4EFgQUwYsR1XfZ
-2cPcAR7i5i9obalnJcIwHwYDVR0jBBgwFoAUCNGb+ebVZHCg8Wsanu1S2t31UEMw
-CQYDVR0TBAIwADBIBgNVHREEQTA/ggx3d3cuZ29vZC5vcmeCDGFueS5nb29kLmNv
-bYENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2QuY29thwTAqAABMA0GCSqGSIb3DQEB
-CwUAA4IBAQAN/klfzMLi2acp5KdH9UZR4XCk3cZBOuMuI0vU+wrU/ETgY6rFhAwY
-gSZsO6vX0mt/G6QfOmY5+kW4FY5XavGhhNVY2x5ATZKvQCf+orIsUHOBxVTjH6az
-uEnxGDRTbjXSkBTCTSoOqdJNeOmEwiaHEVy/atumUW2B2KP5FeBGdud/94c4Q9/O
-WBJ0EICGF6hYTDra63lAjxyARTvocVakIE8zytT1SbU4yO05mYPyNdXxiXikepFE
-phPQWNSLx4EPBIorGCFj7MPDmFCH/+EjDjGz3SNUvqsak6MstzK94KVriQyIHKex
-IL5WuKFm0XSGKTX8SzyMGErMGeriveL2
+ggEBAOG4PegItzkmJDwlSA/FyVHWLWUIQrnxgS0KSds3On2CMsjDJ+X77B4s1IPI
+yKHuqNbXqV/hJGAxKnZRZe0D6VsmKlYOYpz9QtFxvpo5DwA3q6BTx6sIElFn/lip
+Pbu5ZeIMNeN4bot7x5sBobr6OgidAVaAuqQHHJnD7mQ1s22qY0UqkBqNBhhJWOmx
+YC0Q56WDi9+C7Cy2+kiiSlT4jCZ8m1K0F7tTK5mF0p4HppXmXLzcecZ/Sw8jOqQK
+JM/4UCj/nxWCGYKWkv8zLJtG+ryfZMf15/0Cd1dzHAS9mYU4mFssPdFyT+WFpw7b
+K3TOTXkS/tAPbj0xin2wqBJz8m8CAwEAAaN7MHkwHQYDVR0OBBYEFOWYNq+H1LH6
+lZUpgijb/S/sAiDsMB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkG
+A1UdEwQCMAAwLAYDVR0RBCUwI4ENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2QuY29t
+hwTAqAABMA0GCSqGSIb3DQEBCwUAA4IBAQAwUxnqq0gBgKmEHIRgZVu10KtOknjt
+p/wEcqQ9METvXb+4/a4U6ftjTgaOrPVjamNFlaoUcTgx2nk2zRsjM+e+tpnxDgRR
+/yoVB3HsISpdeN70s/WYAgvev/FdV3O+JWhUYHdKrDB4DMfPhlRIfSgOymJljo6+
+wL8qa7lVonF91Im4SCbq4dqtAnbg4ttblQ3yjFfQtuwzyJD/3ism6FQPLbg1K4eu
+1Si0EDL4Fct581Gb5D+NU8PYiwg7Nk8ubNlRHXydoVGDLmT0hLE+/IsPd1M8tMqm
+sifRl2Is+lGVeg4pPHFjB0npTNkaYafu89dz/3PNRRr5If06B+apk4AX
-----END CERTIFICATE-----
diff --git a/test/certs/badalt7-key.pem b/test/certs/badalt7-key.pem
index 50557e8968..b453f1ff30 100644
--- a/test/certs/badalt7-key.pem
+++ b/test/certs/badalt7-key.pem
@@ -1,28 +1,28 @@
-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUrQclq+9LtgOP
-Tjvi2LtIr0D/rgbtp9xOkaBGH/qKf/iRd3JcHzEAhqokoEMTiTB5HLuICQ7nUSwk
-l6hz50dITnfpkOcEECZi4/APfSJnA9qDeUd1eSOG0pVz/RgqtqRQ58F7hHCd3dg7
-dR2DuIwODpf0QU9zSKpsEp0M17/fJo2BacugLgCGmBpm4dQy1sbEzyNjYzWnyWEv
-OTa0Ay5E6auPJwpkAifpcumc7u1riYgyg9UcbO2cIDbS4mYaeNU3hR8Qm30hSnvb
-uK51JiJiscIHPSrszi6SwMw/Wr1qTxh7ZArCxbIsPxCWH1HXgl3O7c/VoV2czpP3
-3yznK6KzAgMBAAECggEADjQ0Kv7tr3fLixGljEP/Vh5mT+02hz7TxueQ9b4DBKcB
-We3JVH+8zRUxXdraP/7EnwIdQDuipC5WrWb3mC4VI64h8hZ8Z1gQyEAC83XfC1RF
-jsxVynG5vrJnyuRXbdre5Ixl7rLsto5vd6EdxINZz0KIQYbvIHr07tzbYlUyelvA
-mu0kYdtbjm2p2AGJJ99zN3EiQ9lZDyiFirOXEA9P/YdKKVlIwpDPbn/TmNY/k6Ul
-mRxgAJKwKiR6Gg3QMdTUKeaXBpKf/pa+5rzR7zxNbiQO3IXOVx7ZzQ2R0Wuivpqk
-yjMaqUa7dDuvtIHJBpJB7TIL6SlQkiS1lEQFhO7EAQKBgQDz30obdymxqQVy7IsH
-NLo5xRX1hRRN9h34Y4qC0JXkCTG1fWJ19KYHod0S5peaIo/ThDVf1UXln6amdCjM
-oIfhmo0baNIdMMpxxBdsdLfUKwyVh8qROaBscPE4FGBUrfEW/wSn1WRYcWh+oda3
-LuLVf5Qt9a9f6ZYuy1X6dDi8swKBgQDfQJTSFUNkV8yKfMX54x0DcUkiWOu3LaET
-GSu0UXqBVn1Q+u6CUAkh5jA9fpyM5sp9+t5FuwjO+ITHfiNFoD/LCeMUfYVDF7O2
-uCLTsN+7gTGpKMnfL/rg9exrsfDdsmbQe4BhrUFBsYfKgBlBraL0QGD+25qgU8CS
-CQ6toGCCAQKBgQDCYJskwRoObPXW4AsAN1qnaRtTkjrY2O6SaGSiV7bhByMD0WiF
-M/aR5sXapsj3Jc0Vfi88rzUDDPk7eyJ51wn3G8SUsDuo4Ja7jtxMqctL5PQmyxD+
-J7xiMrNRS4xscifTeHgxfbh5dgsfw8bsQwaxvPpSl5ytCfWWXqOs+K2wWQKBgBM4
-Mher8PNQg7FgcILExJipRgyI7zID4ZwNTK/nW86KrZstHx9k2IRslraUkdGnhMM3
-t671HRsEVhn+h/bUhulp3nzDGZffEH+odocW8QvpYWcYtdha/xQi18mltgC//Q3x
-s+m0yqtnJzONt57p3d99M1x9d2BaFXf9A6B68BQBAoGBAOatu9+wGaIEB//fpaQt
-mnsS2XBJco5gHTjOegCSNe3gQQsB5mhTEekOeMzJ8WLTMVXQVCXx9/8HxKoycbq8
-M/7ScH1iT/wJTkSsjyeycUgH31GPeRvmo9YU2PsW3NN6ZyNpxWJFdcPYHAzZqJeA
-cZtQWiEyaf026DdR8YBYn6tf
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDhuD3oCLc5JiQ8
+JUgPxclR1i1lCEK58YEtCknbNzp9gjLIwyfl++weLNSDyMih7qjW16lf4SRgMSp2
+UWXtA+lbJipWDmKc/ULRcb6aOQ8AN6ugU8erCBJRZ/5YqT27uWXiDDXjeG6Le8eb
+AaG6+joInQFWgLqkBxyZw+5kNbNtqmNFKpAajQYYSVjpsWAtEOelg4vfguwstvpI
+okpU+IwmfJtStBe7UyuZhdKeB6aV5ly83HnGf0sPIzqkCiTP+FAo/58VghmClpL/
+MyybRvq8n2TH9ef9AndXcxwEvZmFOJhbLD3Rck/lhacO2yt0zk15Ev7QD249MYp9
+sKgSc/JvAgMBAAECggEAZG2cJawTEXtV7ejMii//Jck8g1JMlfzM86Q7Pizxejw+
+qjKiguI2qSpbF5NzKRFNz+E+e+lpTN8zPFd1GSJ/Zk2x0n4uBBlu7E9GdcnjUb5z
+Py9njEJYHB4//WS3kdmoag3ywBWqYaceJWpxcga5YXGx0bIO2MJNSGDzpWR7Q9QQ
+tG/lWmno5goY2BxI08BTKSlqNIBkg/rr9jJo3axRcEmbx7hj4vUkAlypFKtmR4dW
+bNo0f6VAd5Y6c9YbnKybR/44lScBksuSkZjm076cbbbp5PpsiLGe/12bqUcwCH+T
+8hRVndmOLdOxC11OZOvMbX6x2uXNh3/Qr/GMyfzZcQKBgQD4we7E9vOygk1J5Vbl
+1zETR9x3dujpBBx3xaHXUSJNUTNwmnZ+0JoFTqPkRmmPMNK7XfZuPymBehtk8WYt
+NnezM2UNTdbfVOnJWnU6igRNGBaDW6F9AezlADBNwIbFVw6RqP4fTUFsmm9TQ/8M
+4kZmmlW4uLZyX0WQO+AJa7NShwKBgQDoSpnQgmWqXMcaHwY2l8fEDuDc41nDoJIm
+/CMppPbr7GkUX4OU785p6E0N0o1ONt+xCBT1lxHwWEeMAKZXrNC1XGpfvhpVZ72v
+VruATDFs1rcL3S2Sty7A+jhFKKXlGeDWNcpaKY8nDvv2uJG0+J3bLprdMqnY/gQ1
+C+FzyQ6S2QKBgDnHIaRSD6xoo3cEc7iS0O0/ha+hyNtGfy46kyqlx6fZsm73EYrG
+/N86ssp0qFP/7RJj8rcMqKFQMUiy4R6jRg4zY8dBSyU4XczM2+mq4PDfJWuBPvMA
+HXvbHV0R2LvBSrr+W3f9w7Jr9GuMoZLmg5+VPU/YZ1gNVOT5Y0IM5+vFAoGBANx9
+CzlGvLeTrw1VS3GAaobn1Hr2dlrhTDki9UFvK03PLgK/ksdJRLV0YcdwBt6p6XRB
+hpuC1O087lSuvTXVfJnZacMNUDOm7/7BpeJm8DcuK7tgKwTrSb61A7ppleY7xRWv
+Iy6n6hCaAYIzuWJ85mGJAEhb8apdmqK7bzmXK3UpAoGBALdOvJfqbF0YlHbdQCVi
+ftjtxs/dZKdF1rNARR0VMqUtZX+WP2b6OPXlwux94Cr//iNv5ih3B4Z4LIgTpgBJ
+AKGXEBGMMthAlptC4BcOAEs9cYeWGLAoYk8jpNmXvXjhGqvzhPO2YrX5xy46dVOG
+iiCseyA7Kr8Axt9QhUzoi5f7
-----END PRIVATE KEY-----
diff --git a/test/certs/badcn1-cert.pem b/test/certs/badcn1-cert.pem
new file mode 100644
index 0000000000..3b3bad658b
--- /dev/null
+++ b/test/certs/badcn1-cert.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQDCCAiigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
+IE5DIENBIDEwIBcNMTgwNTE2MDI0MTMyWhgPMjExODA1MTcwMjQxMzJaME4xIzAh
+BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAxMRUwEwYDVQQDDAx3d3cu
+Z29vZC5vcmcxEDAOBgNVBAMMB2JhZC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDN9WI6OyxnW+R98FqrWwMo3JE165bRB8iQOdDP3xE1+bvUMDYh
+8wFR9gfNrKhqXubJ3lCHKgaApTXNKM/jwrT/pqhF6iNfPIbKAMTT4VZPy4/eI45R
+03Yn+dJnZLDz7BDpnuhORp8XzQqfxSGBX0Rdr17xYOwGHcruwoitRyS/w8p8EKos
+/LIDvjzye5GaPXqXkAkcBcLBpWlgMm+j8xE+LzGw1NVw8vWMSpP2WX9kp7aPbh+A
+jSbT522yHy1r6WeElbSY7WOFvnmgbZ19pUdyz8CN6KKb87dBA0joyWSly5ZsNbjh
+/YuRhCgRExvdQ6kImwdKAfO7RLkxho6jny1HAgMBAAGjXjBcMB0GA1UdDgQWBBT5
+fenRjyFKUb1XvUnm4GV9kZmONDAfBgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa
+3fVQQzAJBgNVHRMEAjAAMA8GA1UdEQQIMAaHBMCoAAEwDQYJKoZIhvcNAQELBQAD
+ggEBACKtfZCcP/pY8Bu+lb/pGZj5txsmNbJ1l2RVACQA7CGjwfUr7VaQGMuT+FuA
+Erlh+UnEC3R/e1xQwgJeuAXBOWFkxA61isVSrmM7YM6vDB0+t8N9lMUFjPbRyEkM
+A5kaSLPrgSOg7ONsO6YGbaWm1XCoUC6Ilrdzy+ckzklgjYRth99b2d5WrjIxEWIq
+BX2DI2ruetjXYGRzsqSK+O9d4fsqrb5M0ZCNWQZ4WnrMNaAeHWpW6NqSvof/N21x
+WC5zcU7GXLrDigwWPMDLQhVtu4OihWjsqugh6Jl7DxDBhi8JKO6tJQAISHjKaL98
+yXZFsQ//q7ATwlcHyB81B+X16AI=
+-----END CERTIFICATE-----
diff --git a/test/certs/badcn1-key.pem b/test/certs/badcn1-key.pem
new file mode 100644
index 0000000000..dbcf4b5d44
--- /dev/null
+++ b/test/certs/badcn1-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDN9WI6OyxnW+R9
+8FqrWwMo3JE165bRB8iQOdDP3xE1+bvUMDYh8wFR9gfNrKhqXubJ3lCHKgaApTXN
+KM/jwrT/pqhF6iNfPIbKAMTT4VZPy4/eI45R03Yn+dJnZLDz7BDpnuhORp8XzQqf
+xSGBX0Rdr17xYOwGHcruwoitRyS/w8p8EKos/LIDvjzye5GaPXqXkAkcBcLBpWlg
+Mm+j8xE+LzGw1NVw8vWMSpP2WX9kp7aPbh+AjSbT522yHy1r6WeElbSY7WOFvnmg
+bZ19pUdyz8CN6KKb87dBA0joyWSly5ZsNbjh/YuRhCgRExvdQ6kImwdKAfO7RLkx
+ho6jny1HAgMBAAECggEBAKDxiUHx7cATShm0ElZnd6+dtQfKwv8zsuIpm+hk62Ef
+d0zYI+UhrT1sIiryKmV9JaJITOtixtQOxl088D+Obrx8cnC4B84rUTVXpnfgVf9j
+FljDtjpxIZsZmPbc836ZUZoOaICKpVYHD69Mb+NWG+mN2oaLc8VP0L4FXKLzvl7u
+69NQlTPG2CS61BktVqMtWWc/9CvdOwqwVbckyISj9QLUgSXIyB4IP3bjp0RYSpOu
+m3nhuhil1G3c05R4UfiE2d9Er7SBBoQ304ld892YRinSgtZqC1G25uZmWJ3ekAAM
+bg6P0hBd86F/G2TxNdelYrxTazjqZShYi1N48SK6kUECgYEA+51O19Q5XkskD/Dn
+VfaCjSOTFwDlb5ATmVCrJu+13/5IJfmJgWA6xdqfWoqxSOsJzXBEETKWgkahoo4K
+OU1UaBTHEJ588xOpoMzbJkKlb5hPseEQsvu055Ky0euMgmlrALPQQ9e1DUSlowui
+Cq9wCak4dqq9NNs6FMIeGhqczGECgYEA0YxcajJFxPHJsdFCVa4tdy9jgfC64t4Y
+CWDzRfUnuX24ILbW9+olvvoZkMSzoVpiQ9YU8kPJUaOyFrw6jUV5GRHUCMgfkx2Y
+nqe+7aSFmv0Nlo0RMV2PqaOZzlxnG9FzyNE+4PygZqtFhN21b5Idc69k2Ltu7K4J
+J4MG1kMUGqcCgYEA0ttUPEisPtoHgZhntUFczHx4gnmMzH5X/k5876dIqkrFGZXR
+5urGthHtIwpBYZMeZtxjHmpfeRNJ1xjjdnvYdVScMdAvc+ERcSDbsmd9jlR8zNuI
+jAWl576nPoX//TXspu0JZiE5p8HUcRuJkxzMbjwyhje1Ubs6JDU81rFgn2ECgYAG
+3WVNqVX1zMIBzEwzCGC+7dOBt0Q4GHSLIhz2JsDlZ8P3dmX2ezo/Vmwt/POxjod3
+l3TaNvRKc2VrL0FvzV3ZP2dF3mCCbk7Iq9AqcuBZon6mdvqgNmN1eEGarBZIqAT2
+CDzaHAyZMHU3lBfUjuHeH1nba9CHenAcVkOME2h+MwKBgQDiHAnTK4ovCNmT5E9i
+03x/wPSH8FZ3Wrb1GMtNlTc7lOtB5eYIvwkaloJkNKHbUDv57V66hnYT6CyH4u45
+dPtuohtafL9mdScYqmicGLtbLLglSQpJYt4J59hffNZ30E84dKXtyDN7E5P5Z00Z
+8PbOMUy3oK6j+GMP/xRNI76RtA==
+-----END PRIVATE KEY-----
diff --git a/test/certs/goodcn1-cert.pem b/test/certs/goodcn1-cert.pem
new file mode 100644
index 0000000000..d9205e03b0
--- /dev/null
+++ b/test/certs/goodcn1-cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0
+IE5DIENBIDEwIBcNMTgwNTE2MDI0MDA0WhgPMjExODA1MTcwMjQwMDRaMIGeMSMw
+IQYDVQQKDBpHb29kIE5DIFRlc3QgQ2VydGlmaWNhdGUgMTEVMBMGA1UEAwwMd3d3
+Lmdvb2Qub3JnMRUwEwYDVQQDDAxhbnkuZ29vZC5jb20xETAPBgNVBAMMCG5vdC4u
+ZG5zMRAwDgYDVQQDDAdub3RAZG5zMREwDwYDVQQDDAhub3QtLmRuczERMA8GA1UE
+AwwIbm90LmRucy4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDigxI
+nlYVjHtrFI+Iv/3b0jeZbs1jVnPF6ZREk46BTNAVNZsq24jKFG6yK4n9vKA/JuS7
+jZe+gMX+sWh/S1IlsNDY8/Io1UsG/s1tmsvE2UrURUX4s8HnqB6AZ4Y9Cp4rSADe
+mD/YdekRf3HFA0IKQvIFRkpegj8uuWwILC0n/ozMNUlNmxCBlOmtFwjFxmNr9Txa
+ZeFvWvvc6oTubAETK4HcjLdimx1tePdd4+0mxJ/akQ3wVzUAI2ysijMmMJDzTxLs
+FPkw4yUtJHK0/H2yJtpoJ4wQjsWd6a8F7wY/pHszAud1M8QZJKQDzkJOMnqLKNLT
+OKw6dm1UG2J7iuqtAgMBAAGjXjBcMB0GA1UdDgQWBBSTKvqap2ab0z/UPrdDgc0V
+m88R3TAfBgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa3fVQQzAJBgNVHRMEAjAA
+MA8GA1UdEQQIMAaHBMCoAAEwDQYJKoZIhvcNAQELBQADggEBADcdm62qaOHbIDoa
+5oUjXGHSQjV1g4BFe6DLH5/CZ0wOws3QzfQbPIxJrp3yJgDcQyZNOE/xQlq/nASS
+thU6cUTB07voFVnbotB8YQuNU1wM9TAJOHC9LT1Y0J2GIP6QeXts6Cz6aBlqaQEZ
+IrGRLuKVZePTO0Haup0mZ91XoXs3CBzkSerl0XpFL7BeugSigrhprFRPB4UC3IWb
+pdNar61Wk4bN/COb6utRkK3iYk5YUTqYFib9EG4VBdxYfXv/tiBIGqQLnqPbId6w
+q+McpSEPF1DIcCyL0vEDdIVN0SzxMfnfHMx0Qp0sh2aydIZk4xfEqXHZgZthSrse
+u7nhn7s=
+-----END CERTIFICATE-----
diff --git a/test/certs/goodcn1-key.pem b/test/certs/goodcn1-key.pem
new file mode 100644
index 0000000000..2ad660c6db
--- /dev/null
+++ b/test/certs/goodcn1-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDigxInlYVjHtr
+FI+Iv/3b0jeZbs1jVnPF6ZREk46BTNAVNZsq24jKFG6yK4n9vKA/JuS7jZe+gMX+
+sWh/S1IlsNDY8/Io1UsG/s1tmsvE2UrURUX4s8HnqB6AZ4Y9Cp4rSADemD/YdekR
+f3HFA0IKQvIFRkpegj8uuWwILC0n/ozMNUlNmxCBlOmtFwjFxmNr9TxaZeFvWvvc
+6oTubAETK4HcjLdimx1tePdd4+0mxJ/akQ3wVzUAI2ysijMmMJDzTxLsFPkw4yUt
+JHK0/H2yJtpoJ4wQjsWd6a8F7wY/pHszAud1M8QZJKQDzkJOMnqLKNLTOKw6dm1U
+G2J7iuqtAgMBAAECggEAeQ1xZVOAf36kuTnVUhdplTii6v3JcQIIUjG0dG/U/P8M
+otS45uNZ36CelvaVStwHaJEvcVzK4EjgSjiSNJvwkxzPbkA3XkgNVptPmdcG5yqO
+RLNOChVeqYdOurdcR1XXbXv57dPbUqpMS2TWjdzieW/QXKuTRsbjTo3D75tJqUO6
+1Bm4sSM3PogmsQwTP8HlZAmJXuSD+ZSB22Np5pT1dn5TvQU6xeA3NJR4ZO/HEZz4
+CHJEiOx2BuGD6M0V1ZL6DzEsyIS/KKsvj4I2F4ROAK1j3lSD5VqrYPXn3oEsQdlm
+OW8aVnHPYO6FI0LVLgcIEKxhdwGV3i6v/GRUe0Y9kQKBgQD0Zqn1trAuP5Peiy1K
+Wc91yRjQxQTwSD00hzXMtvKzkEIiLEuVZq9qrqQ2TRRa5xneDGHDuUY9eZY8JwEr
+l7f8CcfYC93PXLyRM2Gaz0jMxZxVPz5w7zssK3DZ+7JvH3nKkCUl7+Y0tH26qTO0
+wTD9w9jd9bf85SLVgk3zSbUDwwKBgQDM0b2ffZpxyA16h7w8ZBuk1Z+iumrxnn5/
+lKtffR2b4dZN37KiWw2c265vYhRfe/ANnVuagXb9aRM97yeQloRlWR10AaXJz3EB
+sromqFShkorYRhwZoRiJC0laLG3W76wKMRr2T6TM1UG9gJ0szdGFG/yUDU+9pTRo
+uq514rGgzwKBgQCGtsAgLF7YXzsGg/im7vInnn0LNk4OlAMInS7OdFk7GN0bMQdI
+hp1SVIk3VS1PHetoNbL9y3YoFIj3BxjiCnLjfhClyYSt9BQMhSHbzz31gUc2xfGJ
+FpSrOBawUMh97/+V4/ZV/vIJQyO6a+GQVJzIg9daIUMVJsgYoAaPf6VDOQKBgFyH
+eHnf/XDfpq8vOOuzcgWieG7EduHW72DlohIObNzqRq2BnKraJakyWXh6P6fvTsBn
+0WVYjY/n80hsjVw1k3RRsQuiXupv66aPvqcOLsWbdVxFOBaf/3yR+75gCfMq7Xbh
+PkP+MP5UbVGWE+uUw821mgKsjNSpGKcjhwM8uXBjAoGAFEU3O8gQXfocVB8lxUeU
+c0inLdAIgiw/36NPuW4NwKxzLOmHzlmvn7C98ihnbnGoQ0XBRfLw8siTbD3INgHY
+NA0JeK8Qrt56b6wK14w9RzLQTu9gy1pULW21p1wswdNK4tlxfnnnozISZAYxeqAx
+YMTtYZN77nb+yY4oE6XEugQ=
+-----END PRIVATE KEY-----
diff --git a/test/certs/setup.sh b/test/certs/setup.sh
index 7e1086a224..018e5fc690 100755
--- a/test/certs/setup.sh
+++ b/test/certs/setup.sh
@@ -241,15 +241,30 @@ NC="$NC excluded;DNS:bad.ok.good.com"
NC=$NC ./mkcert.sh genca "Test NC sub CA" ncca3-key ncca3-cert \
ncca1-key ncca1-cert
-# all subjectAltNames allowed by CA1.
+# all subjectAltNames allowed by CA1. Some CNs are not!
./mkcert.sh req alt1-key "O = Good NC Test Certificate 1" \
- "1.CN=www.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \
+ "1.CN=www.example.net" "2.CN=Joe Bloggs" | \
./mkcert.sh geneealt alt1-key alt1-cert ncca1-key ncca1-cert \
"DNS.1 = www.good.org" "DNS.2 = any.good.com" \
"email.1 = good@good.org" "email.2 = any@good.com" \
"IP = 127.0.0.1" "IP = 192.168.0.1"
+# all DNS-like CNs allowed by CA1, no DNS SANs.
+
+./mkcert.sh req goodcn1-key "O = Good NC Test Certificate 1" \
+ "1.CN=www.good.org" "2.CN=any.good.com" \
+ "3.CN=not..dns" "4.CN=not@dns" "5.CN=not-.dns" "6.CN=not.dns." | \
+ ./mkcert.sh geneealt goodcn1-key goodcn1-cert ncca1-key ncca1-cert \
+ "IP = 127.0.0.1" "IP = 192.168.0.1"
+
+# Some DNS-like CNs not permitted by CA1, no DNS SANs.
+
+./mkcert.sh req badcn1-key "O = Good NC Test Certificate 1" \
+ "1.CN=www.good.org" "3.CN=bad.net" | \
+ ./mkcert.sh geneealt badcn1-key badcn1-cert ncca1-key ncca1-cert \
+ "IP = 127.0.0.1" "IP = 192.168.0.1"
+
# no subjectAltNames excluded by CA2.
./mkcert.sh req alt2-key "O = Good NC Test Certificate 2" | \
@@ -293,19 +308,17 @@ NC=$NC ./mkcert.sh genca "Test NC sub CA" ncca3-key ncca3-cert \
"email.1 = good@good.org" "email.2 = any@good.com" \
"IP = 127.0.0.2"
-# all subject alt names OK but subject CN not allowed by CA1.
+# No DNS-ID SANs and subject CN not allowed by CA1.
./mkcert.sh req badalt6-key "O = Bad NC Test Certificate 6" \
"1.CN=other.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \
./mkcert.sh geneealt badalt6-key badalt6-cert ncca1-key ncca1-cert \
- "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
"email.1 = good@good.org" "email.2 = any@good.com" \
"IP = 127.0.0.1" "IP = 192.168.0.1"
-# all subject alt names OK but subject CN not allowed by CA1, BMPSTRING
+# No DNS-ID SANS and subject CN not allowed by CA1, BMPSTRING
REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \
"1.CN=other.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \
./mkcert.sh geneealt badalt7-key badalt7-cert ncca1-key ncca1-cert \
- "DNS.1 = www.good.org" "DNS.2 = any.good.com" \
"email.1 = good@good.org" "email.2 = any@good.com" \
"IP = 127.0.0.1" "IP = 192.168.0.1"
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 11bd43090f..c23e114e06 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -30,7 +30,7 @@ sub verify {
run(app([@args]));
}
-plan tests => 127;
+plan tests => 129;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -326,6 +326,12 @@ ok(verify("alt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ),
ok(verify("alt3-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ),
"Name Constraints nested test all permitted");
+ok(verify("goodcn1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+ "Name Constraints CNs permitted");
+
+ok(!verify("badcn1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
+ "Name Constraints CNs not permitted");
+
ok(!verify("badalt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ),
"Name Constraints hostname not permitted");
--
2.17.0

49
0001-Resume-reading-from-randfile-when-interrupted-by-a-s.patch
View File

@ -1,49 +0,0 @@
From c5ac41de1511f898301c298b2b28d05372cba817 Mon Sep 17 00:00:00 2001
From: Vitezslav Cizek <vcizek@suse.com>
Date: Thu, 8 Dec 2016 13:10:33 +0100
Subject: [PATCH] Resume reading from randfile when interrupted by a signal.
It was regularly observed with openssh:
sshd: fatal: cannot read from /dev/urandom, Interrupted system call
---
crypto/rand/randfile.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index c96383a..6e39e86 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -104,6 +104,12 @@ static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) =
#define RFILE ".rnd"
+#ifdef EINTR
+# define INTERRUPTED(in) (ferror(in) && errno == EINTR)
+#else
+# define INTERRUPTED (0)
+#endif
+
/*
* Note that these functions are intended for seed files only. Entropy
* devices and EGD sockets are handled in rand_unix.c
@@ -162,9 +168,16 @@ int RAND_load_file(const char *file, long bytes)
n = (bytes < BUFSIZE) ? (int)bytes : BUFSIZE;
else
n = BUFSIZE;
+
i = fread(buf, 1, n, in);
- if (i <= 0)
+ if (i <= 0) {
+ if (INTERRUPTED(in)) {
+ /* Interrupted by a signal, resume reading */
+ clearerr(in);
+ continue;
+ }
break;
+ }
RAND_add(buf, i, (double)i);
ret += i;
--
2.10.2

40
0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
View File

@ -1,40 +0,0 @@
From 7ee2a43069913fb7c444c656048996ea92cc465e Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Wed, 28 Mar 2018 14:46:27 +0200
Subject: [PATCH] Revert "util/dofile.pl: only quote stuff that actually needs
quoting"
This wasn't a good solution, too many things depend on the quotes being
there consistently.
This reverts commit 49cd47eaababc8c57871b929080fc1357e2ad7b8.
Fixes #5772
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5773)
(cherry picked from commit 00701e5ea84861b74d9d624f21a6b3fcb12e8acd)
---
util/dofile.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/util/dofile.pl b/util/dofile.pl
index fc72989b0f..a932941cd5 100644
--- a/util/dofile.pl
+++ b/util/dofile.pl
@@ -99,9 +99,9 @@ package main;
# This adds quotes (") around the given string, and escapes any $, @, \,
# " and ' by prepending a \ to them.
sub quotify1 {
- my $s = my $orig = shift @_;
+ my $s = shift @_;
$s =~ s/([\$\@\\"'])/\\$1/g;
- $s ne $orig || $s =~ /\s/ ? '"'.$s.'"' : $s;
+ '"'.$s.'"';
}
# quotify_l LIST
--
2.16.3

104
0001-Tolerate-a-Certificate-using-a-non-supported-group-o.patch
View File

@ -1,104 +0,0 @@
From e9d26dc85238c071117d911704f5f769e79b46a1 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 13 Mar 2018 17:23:10 +0000
Subject: [PATCH] Tolerate a Certificate using a non-supported group on server
side
If a server has been configured to use an ECDSA certificate, we should
allow it regardless of whether the server's own supported groups list
includes the certificate's group.
Fixes #2033
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5607)
---
ssl/t1_lib.c | 30 +++++++++++++++++++++---------
1 file changed, 21 insertions(+), 9 deletions(-)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 7a5721a1e2..dc4e6526d6 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -490,13 +490,16 @@ static int tls1_set_ec_id(unsigned char *curve_id, unsigned char *comp_id,
return 1;
}
+# define DONT_CHECK_OWN_GROUPS 0
+# define CHECK_OWN_GROUPS 1
/* Check an EC key is compatible with extensions */
-static int tls1_check_ec_key(SSL *s,
- unsigned char *curve_id, unsigned char *comp_id)
+static int tls1_check_ec_key(SSL *s, unsigned char *curve_id,
+ unsigned char *comp_id, int check_own_groups)
{
const unsigned char *pformats, *pcurves;
size_t num_formats, num_curves, i;
int j;
+
/*
* If point formats extension present check it, otherwise everything is
* supported (see RFC4492).
@@ -513,8 +516,12 @@ static int tls1_check_ec_key(SSL *s,
}
if (!curve_id)
return 1;
+
+ if (!s->server && !check_own_groups)
+ return 1;
+
/* Check curve is consistent with client and server preferences */
- for (j = 0; j <= 1; j++) {
+ for (j = check_own_groups ? 0 : 1; j <= 1; j++) {
if (!tls1_get_curvelist(s, j, &pcurves, &num_curves))
return 0;
if (j == 1 && num_curves == 0) {
@@ -579,9 +586,12 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
return 0;
/*
* Can't check curve_id for client certs as we don't have a supported
- * curves extension.
+ * curves extension. For server certs we will tolerate certificates that
+ * aren't in our own list of curves. If we've been configured to use an EC
+ * cert then we should use it - therefore we use DONT_CHECK_OWN_GROUPS here.
*/
- rv = tls1_check_ec_key(s, s->server ? curve_id : NULL, &comp_id);
+ rv = tls1_check_ec_key(s, s->server ? curve_id : NULL, &comp_id,
+ DONT_CHECK_OWN_GROUPS);
if (!rv)
return 0;
/*
@@ -644,7 +654,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
return 0;
curve_id[0] = 0;
/* Check this curve is acceptable */
- if (!tls1_check_ec_key(s, curve_id, NULL))
+ if (!tls1_check_ec_key(s, curve_id, NULL, CHECK_OWN_GROUPS))
return 0;
return 1;
}
@@ -746,8 +756,9 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs)
}
/*
- * Check signature algorithm is consistent with sent supported signature
- * algorithms and if so return relevant digest.
+ * Check signature algorithm received from the peer with a signature is
+ * consistent with the sent supported signature algorithms and if so return
+ * relevant digest.
*/
int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
const unsigned char *sig, EVP_PKEY *pkey)
@@ -769,7 +780,8 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
/* Check compression and curve matches extensions */
if (!tls1_set_ec_id(curve_id, &comp_id, EVP_PKEY_get0_EC_KEY(pkey)))
return 0;
- if (!s->server && !tls1_check_ec_key(s, curve_id, &comp_id)) {
+ if (!s->server && !tls1_check_ec_key(s, curve_id, &comp_id,
+ CHECK_OWN_GROUPS)) {
SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE);
return 0;
}
--
2.16.2

1006
0001-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch Normal file
View File

File diff suppressed because it is too large Load Diff

3089
0001-s390x-assembly-pack-perlasm-support.patch Normal file
View File

File diff suppressed because it is too large Load Diff

212
0002-Skip-CN-DNS-name-constraint-checks-when-not-needed.patch
View File

@ -1,212 +0,0 @@
From 6d3cfd13a904a03fc3522da935136dcdd12e9014 Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Tue, 22 May 2018 14:46:02 -0400
Subject: [PATCH 2/2] Skip CN DNS name constraint checks when not needed
Only check the CN against DNS name contraints if the
`X509_CHECK_FLAG_NEVER_CHECK_SUBJECT` flag is not set, and either the
certificate has no DNS subject alternative names or the
`X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT` flag is set.
Add pertinent documentation, and touch up some stale text about
name checks and DANE.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
---
crypto/x509/x509_vfy.c | 28 ++++++++++++++++++-
crypto/x509v3/v3_ncons.c | 31 +++++++---------------
doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 21 ++++++++++++---
doc/crypto/X509_check_host.pod | 7 +++--
doc/ssl/SSL_set1_host.pod | 2 +-
5 files changed, 61 insertions(+), 28 deletions(-)
Index: openssl-1.1.0h/crypto/x509/x509_vfy.c
===================================================================
--- openssl-1.1.0h.orig/crypto/x509/x509_vfy.c 2018-03-27 15:50:39.000000000 +0200
+++ openssl-1.1.0h/crypto/x509/x509_vfy.c 2018-05-29 10:52:23.753159887 +0200
@@ -557,6 +557,27 @@ static int check_chain_extensions(X509_S
return 1;
}
+static int has_san_id(X509 *x, int gtype)
+{
+ int i;
+ int ret = 0;
+ GENERAL_NAMES *gs = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+
+ if (gs == NULL)
+ return 0;
+
+ for (i = 0; i < sk_GENERAL_NAME_num(gs); i++) {
+ GENERAL_NAME *g = sk_GENERAL_NAME_value(gs, i);
+
+ if (g->type == gtype) {
+ ret = 1;
+ break;
+ }
+ }
+ GENERAL_NAMES_free(gs);
+ return ret;
+}
+
static int check_name_constraints(X509_STORE_CTX *ctx)
{
int i;
@@ -655,7 +676,12 @@ static int check_name_constraints(X509_S
int rv = NAME_CONSTRAINTS_check(x, nc);
/* If EE certificate check commonName too */
- if (rv == X509_V_OK && i == 0)
+ if (rv == X509_V_OK && i == 0
+ && (ctx->param->hostflags
+ & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT) == 0
+ && ((ctx->param->hostflags
+ & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT) != 0
+ || !has_san_id(x, GEN_DNS)))
rv = NAME_CONSTRAINTS_check_CN(x, nc);
switch (rv) {
Index: openssl-1.1.0h/crypto/x509v3/v3_ncons.c
===================================================================
--- openssl-1.1.0h.orig/crypto/x509v3/v3_ncons.c 2018-05-29 10:52:23.733159579 +0200
+++ openssl-1.1.0h/crypto/x509v3/v3_ncons.c 2018-05-29 10:52:23.753159887 +0200
@@ -299,9 +299,9 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME
static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen)
{
- int utf8_length; /* Return type of ASN1_STRING_to_UTF8 */
- int i;
+ int utf8_length;
unsigned char *utf8_value;
+ int i;
int isdnsname = 0;
/* Don't leave outputs uninitialized */
@@ -337,8 +337,10 @@ static int cn2dnsid(ASN1_STRING *cn, uns
--utf8_length;
/* Reject *embedded* NULs */
- if ((size_t)utf8_length != strlen((char *)utf8_value))
- return X509_V_ERR_UNSPECIFIED;
+ if ((size_t)utf8_length != strlen((char *)utf8_value)) {
+ OPENSSL_free(utf8_value);
+ return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+ }
/*
* XXX: Deviation from strict DNS name syntax, also check names with '_'
@@ -388,11 +390,13 @@ static int cn2dnsid(ASN1_STRING *cn, uns
return X509_V_OK;
}
+/*
+ * Check CN against DNS-ID name constraints.
+ */
int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc)
{
int r, i;
- GENERAL_NAMES *gens = NULL;
- X509_NAME *nm;
+ X509_NAME *nm = X509_get_subject_name(x);
ASN1_STRING stmp;
GENERAL_NAME gntmp;
@@ -401,21 +405,6 @@ int NAME_CONSTRAINTS_check_CN(X509 *x, N
gntmp.type = GEN_DNS;
gntmp.d.dNSName = &stmp;
- gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
- if (gens != NULL) {
- for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
- GENERAL_NAME *gen = sk_GENERAL_NAME_value(gens, i);
-
- if (gen->type == GEN_DNS) {
- GENERAL_NAMES_free(gens);
- return X509_V_OK;
- }
- }
- GENERAL_NAMES_free(gens);
- }
-
- nm = X509_get_subject_name(x);
-
/* Process any commonName attributes in subject name */
for (i = -1;;) {
Index: openssl-1.1.0h/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
===================================================================
--- openssl-1.1.0h.orig/doc/crypto/X509_VERIFY_PARAM_set_flags.pod 2018-03-27 15:50:40.000000000 +0200
+++ openssl-1.1.0h/doc/crypto/X509_VERIFY_PARAM_set_flags.pod 2018-05-29 10:52:23.753159887 +0200
@@ -130,14 +130,29 @@ B<name> clearing any previously specifie
B<name> is NULL, or empty the list of hostnames is cleared, and
name checks are not performed on the peer certificate. If B<name>
is NUL-terminated, B<namelen> may be zero, otherwise B<namelen>
-must be set to the length of B<name>. When a hostname is specified,
+must be set to the length of B<name>.
+
+When a hostname is specified,
certificate verification automatically invokes L<X509_check_host(3)>
with flags equal to the B<flags> argument given to
X509_VERIFY_PARAM_set_hostflags() (default zero). Applications
are strongly advised to use this interface in preference to explicitly
-calling L<X509_check_host(3)>, hostname checks are out of scope
+calling L<X509_check_host(3)>, hostname checks may be out of scope
with the DANE-EE(3) certificate usage, and the internal check will
-be suppressed as appropriate when DANE support is added to OpenSSL.
+be suppressed as appropriate when DANE verification is enabled.
+
+When the subject CommonName will not be ignored, whether as a result of the
+B<X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT> host flag, or because no DNS subject
+alternative names are present in the certificate, any DNS name constraints in
+issuer certificates apply to the subject CommonName as well as the subject
+alternative name extension.
+
+When the subject CommonName will be ignored, whether as a result of the
+B<X509_CHECK_FLAG_NEVER_CHECK_SUBJECT> host flag, or because some DNS subject
+alternative names are present in the certificate, DNS name constraints in
+issuer certificates will not be applied to the subject DN.
+As described in X509_check_host(3) the B<X509_CHECK_FLAG_NEVER_CHECK_SUBJECT>
+flag takes precendence over the B<X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT> flag.
X509_VERIFY_PARAM_add1_host() adds B<name> as an additional reference
identifier that can match the peer's certificate. Any previous names
Index: openssl-1.1.0h/doc/crypto/X509_check_host.pod
===================================================================
--- openssl-1.1.0h.orig/doc/crypto/X509_check_host.pod 2018-03-27 15:50:40.000000000 +0200
+++ openssl-1.1.0h/doc/crypto/X509_check_host.pod 2018-05-29 10:52:23.753159887 +0200
@@ -93,6 +93,9 @@ consider the subject DN even if the cert
names of the right type (DNS name or email address as appropriate); the default
is to use the subject DN when no corresponding subject alternative names are
present.
+If both B<X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT> and
+B<X509_CHECK_FLAG_NEVER_CHECK_SUBJECT> are specified, the latter takes
+precedence and the subject DN is not checked for matching names.
If set, B<X509_CHECK_FLAG_NO_WILDCARDS> disables wildcard
expansion; this only applies to B<X509_check_host>.
@@ -128,9 +131,9 @@ NULs.
Applications are encouraged to use X509_VERIFY_PARAM_set1_host()
rather than explicitly calling L<X509_check_host(3)>. Host name
-checks are out of scope with the DANE-EE(3) certificate usage,
+checks may be out of scope with the DANE-EE(3) certificate usage,
and the internal checks will be suppressed as appropriate when
-DANE support is added to OpenSSL.
+DANE support is enabled.
=head1 SEE ALSO
Index: openssl-1.1.0h/doc/ssl/SSL_set1_host.pod
===================================================================
--- openssl-1.1.0h.orig/doc/ssl/SSL_set1_host.pod 2018-03-27 15:50:40.000000000 +0200
+++ openssl-1.1.0h/doc/ssl/SSL_set1_host.pod 2018-05-29 10:52:23.753159887 +0200
@@ -56,7 +56,7 @@ is cleared or freed, or a renegotiation
must not free the return value.
SSL clients are advised to use these functions in preference to
-explicitly calling L<X509_check_host(3)>. Hostname checks are out
+explicitly calling L<X509_check_host(3)>. Hostname checks may be out
of scope with the RFC7671 DANE-EE(3) certificate usage, and the
internal check will be suppressed as appropriate when DANE is
enabled.

886
0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch Normal file
View File

@ -0,0 +1,886 @@
From f760137b2144740916afd9ff381451fa16c710de Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Sat, 4 Aug 2018 00:10:06 +0200
Subject: [PATCH] crypto/chacha/asm/chacha-s390x.pl: add vx code path.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6919)
---
crypto/chacha/asm/chacha-s390x.pl | 816 ++++++++++++++++++++----------
crypto/chacha/build.info | 1 +
2 files changed, 558 insertions(+), 259 deletions(-)
Index: openssl-1.1.1a/crypto/chacha/asm/chacha-s390x.pl
===================================================================
--- openssl-1.1.1a.orig/crypto/chacha/asm/chacha-s390x.pl 2018-11-20 14:35:37.000000000 +0100
+++ openssl-1.1.1a/crypto/chacha/asm/chacha-s390x.pl 2019-01-10 16:19:39.942838273 +0100
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -20,41 +20,46 @@
#
# 3 times faster than compiler-generated code.
-$flavour = shift;
+#
+# August 2018
+#
+# Add vx code path.
+#
+# Copyright IBM Corp. 2018
+# Author: Patrick Steuer <patrick.steuer@de.ibm.com>
+
+use strict;
+use FindBin qw($Bin);
+use lib "$Bin/../..";
+use perlasm::s390x qw(:DEFAULT :VX AUTOLOAD LABEL INCLUDE);
+
+my $flavour = shift;
+my ($z,$SIZE_T);
if ($flavour =~ /3[12]/) {
+ $z=0; # S/390 ABI
$SIZE_T=4;
- $g="";
} else {
+ $z=1; # zSeries ABI
$SIZE_T=8;
- $g="g";
}
+my $output;
while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-sub AUTOLOAD() # thunk [simplified] x86-style perlasm
-{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
- $code .= "\t$opcode\t".join(',',@_)."\n";
-}
my $sp="%r15";
-
my $stdframe=16*$SIZE_T+4*8;
-my $frame=$stdframe+4*20;
-
-my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6));
my @x=map("%r$_",(0..7,"x","x","x","x",(10..13)));
my @t=map("%r$_",(8,9));
+my @v=map("%v$_",(16..31));
sub ROUND {
my ($a0,$b0,$c0,$d0)=@_;
my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
-my ($xc,$xc_)=map("\"$_\"",@t);
-my @x=map("\"$_\"",@x);
+my ($xc,$xc_)=map("$_",@t);
# Consider order in which variables are addressed by their
# index:
@@ -78,249 +83,542 @@ my @x=map("\"$_\"",@x);
# 'c' stores and loads in the middle, but none in the beginning
# or end.
- (
- "&alr (@x[$a0],@x[$b0])", # Q1
- "&alr (@x[$a1],@x[$b1])", # Q2
- "&xr (@x[$d0],@x[$a0])",
- "&xr (@x[$d1],@x[$a1])",
- "&rll (@x[$d0],@x[$d0],16)",
- "&rll (@x[$d1],@x[$d1],16)",
-
- "&alr ($xc,@x[$d0])",
- "&alr ($xc_,@x[$d1])",
- "&xr (@x[$b0],$xc)",
- "&xr (@x[$b1],$xc_)",
- "&rll (@x[$b0],@x[$b0],12)",
- "&rll (@x[$b1],@x[$b1],12)",
-
- "&alr (@x[$a0],@x[$b0])",
- "&alr (@x[$a1],@x[$b1])",
- "&xr (@x[$d0],@x[$a0])",
- "&xr (@x[$d1],@x[$a1])",
- "&rll (@x[$d0],@x[$d0],8)",
- "&rll (@x[$d1],@x[$d1],8)",
-
- "&alr ($xc,@x[$d0])",
- "&alr ($xc_,@x[$d1])",
- "&xr (@x[$b0],$xc)",
- "&xr (@x[$b1],$xc_)",
- "&rll (@x[$b0],@x[$b0],7)",
- "&rll (@x[$b1],@x[$b1],7)",
-
- "&stm ($xc,$xc_,'$stdframe+4*8+4*$c0($sp)')", # reload pair of 'c's
- "&lm ($xc,$xc_,'$stdframe+4*8+4*$c2($sp)')",
-
- "&alr (@x[$a2],@x[$b2])", # Q3
- "&alr (@x[$a3],@x[$b3])", # Q4
- "&xr (@x[$d2],@x[$a2])",
- "&xr (@x[$d3],@x[$a3])",
- "&rll (@x[$d2],@x[$d2],16)",
- "&rll (@x[$d3],@x[$d3],16)",
-
- "&alr ($xc,@x[$d2])",
- "&alr ($xc_,@x[$d3])",
- "&xr (@x[$b2],$xc)",
- "&xr (@x[$b3],$xc_)",
- "&rll (@x[$b2],@x[$b2],12)",
- "&rll (@x[$b3],@x[$b3],12)",
-
- "&alr (@x[$a2],@x[$b2])",
- "&alr (@x[$a3],@x[$b3])",
- "&xr (@x[$d2],@x[$a2])",
- "&xr (@x[$d3],@x[$a3])",
- "&rll (@x[$d2],@x[$d2],8)",
- "&rll (@x[$d3],@x[$d3],8)",
-
- "&alr ($xc,@x[$d2])",
- "&alr ($xc_,@x[$d3])",
- "&xr (@x[$b2],$xc)",
- "&xr (@x[$b3],$xc_)",
- "&rll (@x[$b2],@x[$b2],7)",
- "&rll (@x[$b3],@x[$b3],7)"
- );
-}
-
-$code.=<<___;
-.text
-
-.globl ChaCha20_ctr32
-.type ChaCha20_ctr32,\@function
-.align 32
-ChaCha20_ctr32:
- lt${g}r $len,$len # $len==0?
- bzr %r14
- a${g}hi $len,-64
- l${g}hi %r1,-$frame
- stm${g} %r6,%r15,`6*$SIZE_T`($sp)
- sl${g}r $out,$inp # difference
- la $len,0($inp,$len) # end of input minus 64
- larl %r7,.Lsigma
- lgr %r0,$sp
- la $sp,0(%r1,$sp)
- st${g} %r0,0($sp)
-
- lmg %r8,%r11,0($key) # load key
- lmg %r12,%r13,0($counter) # load counter
- lmg %r6,%r7,0(%r7) # load sigma constant
-
- la %r14,0($inp)
- st${g} $out,$frame+3*$SIZE_T($sp)
- st${g} $len,$frame+4*$SIZE_T($sp)
- stmg %r6,%r13,$stdframe($sp) # copy key schedule to stack
- srlg @x[12],%r12,32 # 32-bit counter value
- j .Loop_outer
-
-.align 16
-.Loop_outer:
- lm @x[0],@x[7],$stdframe+4*0($sp) # load x[0]-x[7]
- lm @t[0],@t[1],$stdframe+4*10($sp) # load x[10]-x[11]
- lm @x[13],@x[15],$stdframe+4*13($sp) # load x[13]-x[15]
- stm @t[0],@t[1],$stdframe+4*8+4*10($sp) # offload x[10]-x[11]
- lm @t[0],@t[1],$stdframe+4*8($sp) # load x[8]-x[9]
- st @x[12],$stdframe+4*12($sp) # save counter
- st${g} %r14,$frame+2*$SIZE_T($sp) # save input pointer
- lhi %r14,10
- j .Loop
-
-.align 4
-.Loop:
-___
- foreach (&ROUND(0, 4, 8,12)) { eval; }
- foreach (&ROUND(0, 5,10,15)) { eval; }
-$code.=<<___;
- brct %r14,.Loop
-
- l${g} %r14,$frame+2*$SIZE_T($sp) # pull input pointer
- stm @t[0],@t[1],$stdframe+4*8+4*8($sp) # offload x[8]-x[9]
- lm${g} @t[0],@t[1],$frame+3*$SIZE_T($sp)
-
- al @x[0],$stdframe+4*0($sp) # accumulate key schedule
- al @x[1],$stdframe+4*1($sp)
- al @x[2],$stdframe+4*2($sp)
- al @x[3],$stdframe+4*3($sp)
- al @x[4],$stdframe+4*4($sp)
- al @x[5],$stdframe+4*5($sp)
- al @x[6],$stdframe+4*6($sp)
- al @x[7],$stdframe+4*7($sp)
- lrvr @x[0],@x[0]
- lrvr @x[1],@x[1]
- lrvr @x[2],@x[2]
- lrvr @x[3],@x[3]
- lrvr @x[4],@x[4]
- lrvr @x[5],@x[5]
- lrvr @x[6],@x[6]
- lrvr @x[7],@x[7]
- al @x[12],$stdframe+4*12($sp)
- al @x[13],$stdframe+4*13($sp)
- al @x[14],$stdframe+4*14($sp)
- al @x[15],$stdframe+4*15($sp)
- lrvr @x[12],@x[12]
- lrvr @x[13],@x[13]
- lrvr @x[14],@x[14]
- lrvr @x[15],@x[15]
-
- la @t[0],0(@t[0],%r14) # reconstruct output pointer
- cl${g}r %r14,@t[1]
- jh .Ltail
-
- x @x[0],4*0(%r14) # xor with input
- x @x[1],4*1(%r14)
- st @x[0],4*0(@t[0]) # store output
- x @x[2],4*2(%r14)
- st @x[1],4*1(@t[0])
- x @x[3],4*3(%r14)
- st @x[2],4*2(@t[0])
- x @x[4],4*4(%r14)
- st @x[3],4*3(@t[0])
- lm @x[0],@x[3],$stdframe+4*8+4*8($sp) # load x[8]-x[11]
- x @x[5],4*5(%r14)
- st @x[4],4*4(@t[0])
- x @x[6],4*6(%r14)
- al @x[0],$stdframe+4*8($sp)
- st @x[5],4*5(@t[0])
- x @x[7],4*7(%r14)
- al @x[1],$stdframe+4*9($sp)
- st @x[6],4*6(@t[0])
- x @x[12],4*12(%r14)
- al @x[2],$stdframe+4*10($sp)
- st @x[7],4*7(@t[0])
- x @x[13],4*13(%r14)
- al @x[3],$stdframe+4*11($sp)
- st @x[12],4*12(@t[0])
- x @x[14],4*14(%r14)
- st @x[13],4*13(@t[0])
- x @x[15],4*15(%r14)
- st @x[14],4*14(@t[0])
- lrvr @x[0],@x[0]
- st @x[15],4*15(@t[0])
- lrvr @x[1],@x[1]
- lrvr @x[2],@x[2]
- lrvr @x[3],@x[3]
- lhi @x[12],1
- x @x[0],4*8(%r14)
- al @x[12],$stdframe+4*12($sp) # increment counter
- x @x[1],4*9(%r14)
- st @x[0],4*8(@t[0])
- x @x[2],4*10(%r14)
- st @x[1],4*9(@t[0])
- x @x[3],4*11(%r14)
- st @x[2],4*10(@t[0])
- st @x[3],4*11(@t[0])
-
- cl${g}r %r14,@t[1] # done yet?
- la %r14,64(%r14)
- jl .Loop_outer
-
-.Ldone:
- xgr %r0,%r0
- xgr %r1,%r1
- xgr %r2,%r2
- xgr %r3,%r3
- stmg %r0,%r3,$stdframe+4*4($sp) # wipe key copy
- stmg %r0,%r3,$stdframe+4*12($sp)
-
- lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp)
- br %r14
-
-.align 16
-.Ltail:
- la @t[1],64($t[1])
- stm @x[0],@x[7],$stdframe+4*0($sp)
- sl${g}r @t[1],%r14
- lm @x[0],@x[3],$stdframe+4*8+4*8($sp)
- l${g}hi @x[6],0
- stm @x[12],@x[15],$stdframe+4*12($sp)
- al @x[0],$stdframe+4*8($sp)
- al @x[1],$stdframe+4*9($sp)
- al @x[2],$stdframe+4*10($sp)
- al @x[3],$stdframe+4*11($sp)
- lrvr @x[0],@x[0]
- lrvr @x[1],@x[1]
- lrvr @x[2],@x[2]
- lrvr @x[3],@x[3]
- stm @x[0],@x[3],$stdframe+4*8($sp)
-
-.Loop_tail:
- llgc @x[4],0(@x[6],%r14)
- llgc @x[5],$stdframe(@x[6],$sp)
- xr @x[5],@x[4]
- stc @x[5],0(@x[6],@t[0])
- la @x[6],1(@x[6])
- brct @t[1],.Loop_tail
-
- j .Ldone
-.size ChaCha20_ctr32,.-ChaCha20_ctr32
-
-.align 32
-.Lsigma:
-.long 0x61707865,0x3320646e,0x79622d32,0x6b206574 # endian-neutral
-.asciz "ChaCha20 for s390x, CRYPTOGAMS by <appro\@openssl.org>"
-.align 4
-___
+ alr (@x[$a0],@x[$b0]); # Q1
+ alr (@x[$a1],@x[$b1]); # Q2
+ xr (@x[$d0],@x[$a0]);
+ xr (@x[$d1],@x[$a1]);
+ rll (@x[$d0],@x[$d0],16);
+ rll (@x[$d1],@x[$d1],16);
+
+ alr ($xc,@x[$d0]);
+ alr ($xc_,@x[$d1]);
+ xr (@x[$b0],$xc);
+ xr (@x[$b1],$xc_);
+ rll (@x[$b0],@x[$b0],12);
+ rll (@x[$b1],@x[$b1],12);
+
+ alr (@x[$a0],@x[$b0]);
+ alr (@x[$a1],@x[$b1]);
+ xr (@x[$d0],@x[$a0]);
+ xr (@x[$d1],@x[$a1]);
+ rll (@x[$d0],@x[$d0],8);
+ rll (@x[$d1],@x[$d1],8);
+
+ alr ($xc,@x[$d0]);
+ alr ($xc_,@x[$d1]);
+ xr (@x[$b0],$xc);
+ xr (@x[$b1],$xc_);
+ rll (@x[$b0],@x[$b0],7);
+ rll (@x[$b1],@x[$b1],7);
+
+ stm ($xc,$xc_,"$stdframe+4*8+4*$c0($sp)"); # reload pair of 'c's
+ lm ($xc,$xc_,"$stdframe+4*8+4*$c2($sp)");
+
+ alr (@x[$a2],@x[$b2]); # Q3
+ alr (@x[$a3],@x[$b3]); # Q4
+ xr (@x[$d2],@x[$a2]);
+ xr (@x[$d3],@x[$a3]);
+ rll (@x[$d2],@x[$d2],16);
+ rll (@x[$d3],@x[$d3],16);
+
+ alr ($xc,@x[$d2]);
+ alr ($xc_,@x[$d3]);
+ xr (@x[$b2],$xc);
+ xr (@x[$b3],$xc_);
+ rll (@x[$b2],@x[$b2],12);
+ rll (@x[$b3],@x[$b3],12);
+
+ alr (@x[$a2],@x[$b2]);
+ alr (@x[$a3],@x[$b3]);
+ xr (@x[$d2],@x[$a2]);
+ xr (@x[$d3],@x[$a3]);
+ rll (@x[$d2],@x[$d2],8);
+ rll (@x[$d3],@x[$d3],8);
+
+ alr ($xc,@x[$d2]);
+ alr ($xc_,@x[$d3]);
+ xr (@x[$b2],$xc);
+ xr (@x[$b3],$xc_);
+ rll (@x[$b2],@x[$b2],7);
+ rll (@x[$b3],@x[$b3],7);
+}
+
+sub VX_ROUND {
+my ($a0,$b0,$c0,$d0)=@_;
+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
+
+ vaf (@v[$a0],@v[$a0],@v[$b0]);
+ vaf (@v[$a1],@v[$a1],@v[$b1]);
+ vaf (@v[$a2],@v[$a2],@v[$b2]);
+ vaf (@v[$a3],@v[$a3],@v[$b3]);
+ vx (@v[$d0],@v[$d0],@v[$a0]);
+ vx (@v[$d1],@v[$d1],@v[$a1]);
+ vx (@v[$d2],@v[$d2],@v[$a2]);
+ vx (@v[$d3],@v[$d3],@v[$a3]);
+ verllf (@v[$d0],@v[$d0],16);
+ verllf (@v[$d1],@v[$d1],16);
+ verllf (@v[$d2],@v[$d2],16);
+ verllf (@v[$d3],@v[$d3],16);
+
+ vaf (@v[$c0],@v[$c0],@v[$d0]);
+ vaf (@v[$c1],@v[$c1],@v[$d1]);
+ vaf (@v[$c2],@v[$c2],@v[$d2]);
+ vaf (@v[$c3],@v[$c3],@v[$d3]);
+ vx (@v[$b0],@v[$b0],@v[$c0]);
+ vx (@v[$b1],@v[$b1],@v[$c1]);
+ vx (@v[$b2],@v[$b2],@v[$c2]);
+ vx (@v[$b3],@v[$b3],@v[$c3]);
+ verllf (@v[$b0],@v[$b0],12);
+ verllf (@v[$b1],@v[$b1],12);
+ verllf (@v[$b2],@v[$b2],12);
+ verllf (@v[$b3],@v[$b3],12);
+
+ vaf (@v[$a0],@v[$a0],@v[$b0]);
+ vaf (@v[$a1],@v[$a1],@v[$b1]);
+ vaf (@v[$a2],@v[$a2],@v[$b2]);
+ vaf (@v[$a3],@v[$a3],@v[$b3]);
+ vx (@v[$d0],@v[$d0],@v[$a0]);
+ vx (@v[$d1],@v[$d1],@v[$a1]);
+ vx (@v[$d2],@v[$d2],@v[$a2]);
+ vx (@v[$d3],@v[$d3],@v[$a3]);
+ verllf (@v[$d0],@v[$d0],8);
+ verllf (@v[$d1],@v[$d1],8);
+ verllf (@v[$d2],@v[$d2],8);
+ verllf (@v[$d3],@v[$d3],8);
+
+ vaf (@v[$c0],@v[$c0],@v[$d0]);
+ vaf (@v[$c1],@v[$c1],@v[$d1]);
+ vaf (@v[$c2],@v[$c2],@v[$d2]);
+ vaf (@v[$c3],@v[$c3],@v[$d3]);
+ vx (@v[$b0],@v[$b0],@v[$c0]);
+ vx (@v[$b1],@v[$b1],@v[$c1]);
+ vx (@v[$b2],@v[$b2],@v[$c2]);
+ vx (@v[$b3],@v[$b3],@v[$c3]);
+ verllf (@v[$b0],@v[$b0],7);
+ verllf (@v[$b1],@v[$b1],7);
+ verllf (@v[$b2],@v[$b2],7);
+ verllf (@v[$b3],@v[$b3],7);
+}
+
+PERLASM_BEGIN($output);
-foreach (split("\n",$code)) {
- s/\`([^\`]*)\`/eval $1/ge;
+INCLUDE ("s390x_arch.h");
+TEXT ();
- print $_,"\n";
+################
+# void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, size_t len,
+# const unsigned int key[8], const unsigned int counter[4])
+{
+my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6));
+
+# VX CODE PATH
+{
+my $off=$z*8*16+8; # offset(initial state)
+my $frame=$stdframe+4*16+$off;
+
+GLOBL ("ChaCha20_ctr32");
+TYPE ("ChaCha20_ctr32","\@function");
+ALIGN (32);
+LABEL ("ChaCha20_ctr32");
+ larl ("%r1","OPENSSL_s390xcap_P");
+
+ lghi ("%r0",64);
+&{$z? \&cgr:\&cr} ($len,"%r0");
+ jle ("_s390x_chacha_novx");
+
+ lg ("%r0","S390X_STFLE+16(%r1)");
+ tmhh ("%r0",0x4000); # check for vector facility
+ jz ("_s390x_chacha_novx");
+
+if (!$z) {
+ llgfr ($len,$len);
+ std ("%f4","16*$SIZE_T+2*8($sp)");
+ std ("%f6","16*$SIZE_T+3*8($sp)");
+}
+&{$z? \&stmg:\&stm} ("%r6","%r7","6*$SIZE_T($sp)");
+
+ lghi ("%r1",-$frame);
+ lgr ("%r0",$sp);
+ la ($sp,"0(%r1,$sp)"); # allocate stack frame
+
+ larl ("%r7",".Lsigma");
+&{$z? \&stg:\&st} ("%r0","0($sp)"); # backchain
+
+ vstm ("%v8","%v15","8($sp)") if ($z);
+
+ vlm ("%v1","%v2","0($key)"); # load key
+ vl ("%v0","0(%r7)"); # load sigma constant
+ vl ("%v3","0($counter)"); # load iv (counter||nonce)
+ l ("%r0","0($counter)"); # load counter
+ vstm ("%v0","%v3","$off($sp)"); # copy initial state to stack
+
+ srlg ("%r1",$len,8);
+ ltgr ("%r1","%r1");
+ jz (".Lvx_4x_done");
+
+ALIGN (16); # process 4 64-byte blocks
+LABEL (".Lvx_4x");
+ vlrepf ("%v$_",($_*4)."+$off($sp)") for (0..15); # load initial
+ # state
+ vl ("%v31","16(%r7)");
+ vaf ("%v12","%v12","%v31"); # increment counter
+
+ vlr (@v[$_],"%v$_") for (0..15); # copy initial state
+
+ lhi ("%r6",10);
+ j (".Loop_vx_4x");
+
+ALIGN (16);
+LABEL (".Loop_vx_4x");
+ VX_ROUND( 0, 4, 8,12); # column round
+ VX_ROUND( 0, 5,10,15); # diagonal round
+ brct ("%r6",".Loop_vx_4x");
+
+ vaf (@v[$_],@v[$_],"%v$_") for (0..15); # state += initial
+ # state (mod 32)
+ vlm ("%v6","%v7","32(%r7)"); # load vperm operands
+
+for (0..3) { # blocks 1,2
+ vmrhf ("%v0",@v[$_*4+0],@v[$_*4+1]); # ks = serialize(state)
+ vmrhf ("%v1",@v[$_*4+2],@v[$_*4+3]);
+ vperm ("%v".($_+ 8),"%v0","%v1","%v6");
+ vperm ("%v".($_+12),"%v0","%v1","%v7");
+}
+ vlm ("%v0","%v7","0($inp)"); # load in
+ vx ("%v$_","%v$_","%v".($_+8)) for (0..7); # out = in ^ ks
+ vstm ("%v0","%v7","0($out)"); # store out
+
+ vlm ("%v6","%v7","32(%r7)"); # restore vperm operands
+
+for (0..3) { # blocks 2,3
+ vmrlf ("%v0",@v[$_*4+0],@v[$_*4+1]); # ks = serialize(state)
+ vmrlf ("%v1",@v[$_*4+2],@v[$_*4+3]);
+ vperm ("%v".($_+ 8),"%v0","%v1","%v6");
+ vperm ("%v".($_+12),"%v0","%v1","%v7");
+}
+ vlm ("%v0","%v7","128($inp)"); # load in
+ vx ("%v$_","%v$_","%v".($_+8)) for (0..7); # out = in ^ ks
+ vstm ("%v0","%v7","128($out)"); # store out
+
+ ahi ("%r0",4);
+ st ("%r0","48+$off($sp)"); # update initial state
+
+ la ($inp,"256($inp)");
+ la ($out,"256($out)");
+ brctg ("%r1",".Lvx_4x");
+
+ALIGN (16);
+LABEL (".Lvx_4x_done");
+ lghi ("%r1",0xff);
+ ngr ($len,"%r1");
+ jnz (".Lvx_rem");
+
+ALIGN (16);
+LABEL (".Lvx_done");
+ vzero ("%v$_") for (16..31); # wipe ks and key copy
+ vstm ("%v16","%v17","16+$off($sp)");
+ vlm ("%v8","%v15","8($sp)") if ($z);
+
+ la ($sp,"$frame($sp)");
+&{$z? \&lmg:\&lm} ("%r6","%r7","6*$SIZE_T($sp)");
+
+if (!$z) {
+ ld ("%f4","16*$SIZE_T+2*8($sp)");
+ ld ("%f6","16*$SIZE_T+3*8($sp)");
+ vzero ("%v$_") for (8..15);
+}
+ br ("%r14");
+ALIGN (16);
+LABEL (".Lvx_rem");
+ lhi ("%r0",64);
+
+ sr ($len,"%r0");
+ brc (2,".Lvx_rem_g64"); # cc==2?
+
+ lghi ("%r1",-$stdframe);
+
+ la ($counter,"48+$off($sp)"); # load updated iv
+ ar ($len,"%r0"); # restore len
+
+ lgr ("%r7",$counter);
+&{$z? \&stg:\&st} ("%r14","14*$SIZE_T+$frame($sp)");
+ la ($sp,"0(%r1,$sp)");
+
+ bras ("%r14","_s390x_chacha_novx");
+
+ la ($sp,"$stdframe($sp)");
+&{$z? \&lg:\&l} ("%r14","14*$SIZE_T+$frame($sp)");
+ lgr ($counter,"%r7");
+ j (".Lvx_done");
+
+ALIGN (16);
+LABEL (".Lvx_rem_g64");
+ vlrepf ("%v$_",($_*4)."+$off($sp)") for (0..15); # load initial
+ # state
+ vl ("%v31","16(%r7)");
+ vaf ("%v12","%v12","%v31"); # increment counter
+
+ vlr (@v[$_],"%v$_") for (0..15); # state = initial state
+
+ lhi ("%r6",10);
+ j (".Loop_vx_rem");
+
+ALIGN (16);
+LABEL (".Loop_vx_rem");
+ VX_ROUND( 0, 4, 8,12); # column round
+ VX_ROUND( 0, 5,10,15); # diagonal round
+ brct ("%r6",".Loop_vx_rem");
+
+ vaf (@v[$_],@v[$_],"%v$_") for (0..15); # state += initial
+ # state (mod 32)
+ vlm ("%v6","%v7","32(%r7)"); # load vperm operands
+
+for (0..3) { # blocks 1,2
+ vmrhf ("%v0",@v[$_*4+0],@v[$_*4+1]); # ks = serialize(state)
+ vmrhf ("%v1",@v[$_*4+2],@v[$_*4+3]);
+ vperm ("%v".($_+8),"%v0","%v1","%v6");
+ vperm ("%v".($_+12),"%v0","%v1","%v7");
+}
+ vlm ("%v0","%v3","0($inp)"); # load in
+ vx ("%v$_","%v$_","%v".($_+8)) for (0..3); # out = in ^ ks
+ vstm ("%v0","%v3","0($out)"); # store out
+
+ la ($inp,"64($inp)");
+ la ($out,"64($out)");
+
+ sr ($len,"%r0");
+ brc (4,".Lvx_tail"); # cc==4?
+
+ vlm ("%v0","%v3","0($inp)"); # load in
+ vx ("%v$_","%v$_","%v".($_+12)) for (0..3); # out = in ^ ks
+ vstm ("%v0","%v3","0($out)"); # store out
+ jz (".Lvx_done");
+
+for (0..3) { # blocks 3,4
+ vmrlf ("%v0",@v[$_*4+0],@v[$_*4+1]); # ks = serialize(state)
+ vmrlf ("%v1",@v[$_*4+2],@v[$_*4+3]);
+ vperm ("%v".($_+12),"%v0","%v1","%v6");
+ vperm ("%v".($_+8),"%v0","%v1","%v7");
+}
+ la ($inp,"64($inp)");
+ la ($out,"64($out)");
+
+ sr ($len,"%r0");
+ brc (4,".Lvx_tail"); # cc==4?
+
+ vlm ("%v0","%v3","0($inp)"); # load in
+ vx ("%v$_","%v$_","%v".($_+12)) for (0..3); # out = in ^ ks
+ vstm ("%v0","%v3","0($out)"); # store out
+ jz (".Lvx_done");
+
+ la ($inp,"64($inp)");
+ la ($out,"64($out)");
+
+ sr ($len,"%r0");
+ vlr ("%v".($_+4),"%v$_") for (8..11);
+ j (".Lvx_tail");
+
+ALIGN (16);
+LABEL (".Lvx_tail");
+ ar ($len,"%r0"); # restore $len
+ ahi ($len,-1);
+
+ lhi ("%r0",16);
+for (0..2) {
+ vll ("%v0",$len,($_*16)."($inp)");
+ vx ("%v0","%v0","%v".($_+12));
+ vstl ("%v0",$len,($_*16)."($out)");
+ sr ($len,"%r0");
+ brc (4,".Lvx_done"); # cc==4?
+}
+ vll ("%v0",$len,"3*16($inp)");
+ vx ("%v0","%v0","%v15");
+ vstl ("%v0",$len,"3*16($out)");
+ j (".Lvx_done");
+SIZE ("ChaCha20_ctr32",".-ChaCha20_ctr32");
+}
+
+# NOVX CODE PATH
+{
+my $frame=$stdframe+4*20;
+
+TYPE ("_s390x_chacha_novx","\@function");
+ALIGN (32);
+LABEL ("_s390x_chacha_novx");
+&{$z? \&ltgr:\&ltr} ($len,$len); # $len==0?
+ bzr ("%r14");
+&{$z? \&aghi:\&ahi} ($len,-64);
+&{$z? \&lghi:\&lhi} ("%r1",-$frame);
+&{$z? \&stmg:\&stm} ("%r6","%r15","6*$SIZE_T($sp)");
+&{$z? \&slgr:\&slr} ($out,$inp); # difference
+ la ($len,"0($inp,$len)"); # end of input minus 64
+ larl ("%r7",".Lsigma");
+ lgr ("%r0",$sp);
+ la ($sp,"0(%r1,$sp)");
+&{$z? \&stg:\&st} ("%r0","0($sp)");
+
+ lmg ("%r8","%r11","0($key)"); # load key
+ lmg ("%r12","%r13","0($counter)"); # load counter
+ lmg ("%r6","%r7","0(%r7)"); # load sigma constant
+
+ la ("%r14","0($inp)");
+&{$z? \&stg:\&st} ($out,"$frame+3*$SIZE_T($sp)");
+&{$z? \&stg:\&st} ($len,"$frame+4*$SIZE_T($sp)");
+ stmg ("%r6","%r13","$stdframe($sp)");# copy key schedule to stack
+ srlg (@x[12],"%r12",32); # 32-bit counter value
+ j (".Loop_outer");
+
+ALIGN (16);
+LABEL (".Loop_outer");
+ lm (@x[0],@x[7],"$stdframe+4*0($sp)"); # load x[0]-x[7]
+ lm (@t[0],@t[1],"$stdframe+4*10($sp)"); # load x[10]-x[11]
+ lm (@x[13],@x[15],"$stdframe+4*13($sp)"); # load x[13]-x[15]
+ stm (@t[0],@t[1],"$stdframe+4*8+4*10($sp)");# offload x[10]-x[11]
+ lm (@t[0],@t[1],"$stdframe+4*8($sp)"); # load x[8]-x[9]
+ st (@x[12],"$stdframe+4*12($sp)"); # save counter
+&{$z? \&stg:\&st} ("%r14","$frame+2*$SIZE_T($sp)");# save input pointer
+ lhi ("%r14",10);
+ j (".Loop");
+
+ALIGN (4);
+LABEL (".Loop");
+ ROUND (0, 4, 8,12);
+ ROUND (0, 5,10,15);
+ brct ("%r14",".Loop");
+
+&{$z? \&lg:\&l} ("%r14","$frame+2*$SIZE_T($sp)");# pull input pointer
+ stm (@t[0],@t[1],"$stdframe+4*8+4*8($sp)"); # offload x[8]-x[9]
+&{$z? \&lmg:\&lm} (@t[0],@t[1],"$frame+3*$SIZE_T($sp)");
+
+ al (@x[0],"$stdframe+4*0($sp)"); # accumulate key schedule
+ al (@x[1],"$stdframe+4*1($sp)");
+ al (@x[2],"$stdframe+4*2($sp)");
+ al (@x[3],"$stdframe+4*3($sp)");
+ al (@x[4],"$stdframe+4*4($sp)");
+ al (@x[5],"$stdframe+4*5($sp)");
+ al (@x[6],"$stdframe+4*6($sp)");
+ al (@x[7],"$stdframe+4*7($sp)");
+ lrvr (@x[0],@x[0]);
+ lrvr (@x[1],@x[1]);
+ lrvr (@x[2],@x[2]);
+ lrvr (@x[3],@x[3]);
+ lrvr (@x[4],@x[4]);
+ lrvr (@x[5],@x[5]);
+ lrvr (@x[6],@x[6]);
+ lrvr (@x[7],@x[7]);
+ al (@x[12],"$stdframe+4*12($sp)");
+ al (@x[13],"$stdframe+4*13($sp)");
+ al (@x[14],"$stdframe+4*14($sp)");
+ al (@x[15],"$stdframe+4*15($sp)");
+ lrvr (@x[12],@x[12]);
+ lrvr (@x[13],@x[13]);
+ lrvr (@x[14],@x[14]);
+ lrvr (@x[15],@x[15]);
+
+ la (@t[0],"0(@t[0],%r14)"); # reconstruct output pointer
+&{$z? \&clgr:\&clr} ("%r14",@t[1]);
+ jh (".Ltail");
+
+ x (@x[0],"4*0(%r14)"); # xor with input
+ x (@x[1],"4*1(%r14)");
+ st (@x[0],"4*0(@t[0])"); # store output
+ x (@x[2],"4*2(%r14)");
+ st (@x[1],"4*1(@t[0])");
+ x (@x[3],"4*3(%r14)");
+ st (@x[2],"4*2(@t[0])");
+ x (@x[4],"4*4(%r14)");
+ st (@x[3],"4*3(@t[0])");
+ lm (@x[0],@x[3],"$stdframe+4*8+4*8($sp)"); # load x[8]-x[11]
+ x (@x[5],"4*5(%r14)");
+ st (@x[4],"4*4(@t[0])");
+ x (@x[6],"4*6(%r14)");
+ al (@x[0],"$stdframe+4*8($sp)");
+ st (@x[5],"4*5(@t[0])");
+ x (@x[7],"4*7(%r14)");
+ al (@x[1],"$stdframe+4*9($sp)");
+ st (@x[6],"4*6(@t[0])");
+ x (@x[12],"4*12(%r14)");
+ al (@x[2],"$stdframe+4*10($sp)");
+ st (@x[7],"4*7(@t[0])");
+ x (@x[13],"4*13(%r14)");
+ al (@x[3],"$stdframe+4*11($sp)");
+ st (@x[12],"4*12(@t[0])");
+ x (@x[14],"4*14(%r14)");
+ st (@x[13],"4*13(@t[0])");
+ x (@x[15],"4*15(%r14)");
+ st (@x[14],"4*14(@t[0])");
+ lrvr (@x[0],@x[0]);
+ st (@x[15],"4*15(@t[0])");
+ lrvr (@x[1],@x[1]);
+ lrvr (@x[2],@x[2]);
+ lrvr (@x[3],@x[3]);
+ lhi (@x[12],1);
+ x (@x[0],"4*8(%r14)");
+ al (@x[12],"$stdframe+4*12($sp)"); # increment counter
+ x (@x[1],"4*9(%r14)");
+ st (@x[0],"4*8(@t[0])");
+ x (@x[2],"4*10(%r14)");
+ st (@x[1],"4*9(@t[0])");
+ x (@x[3],"4*11(%r14)");
+ st (@x[2],"4*10(@t[0])");
+ st (@x[3],"4*11(@t[0])");
+
+&{$z? \&clgr:\&clr} ("%r14",@t[1]); # done yet?
+ la ("%r14","64(%r14)");
+ jl (".Loop_outer");
+
+LABEL (".Ldone");
+ xgr ("%r0","%r0");
+ xgr ("%r1","%r1");
+ xgr ("%r2","%r2");
+ xgr ("%r3","%r3");
+ stmg ("%r0","%r3","$stdframe+4*4($sp)"); # wipe key copy
+ stmg ("%r0","%r3","$stdframe+4*12($sp)");
+
+&{$z? \&lmg:\&lm} ("%r6","%r15","$frame+6*$SIZE_T($sp)");
+ br ("%r14");
+
+ALIGN (16);
+LABEL (".Ltail");
+ la (@t[1],"64($t[1])");
+ stm (@x[0],@x[7],"$stdframe+4*0($sp)");
+&{$z? \&slgr:\&slr} (@t[1],"%r14");
+ lm (@x[0],@x[3],"$stdframe+4*8+4*8($sp)");
+&{$z? \&lghi:\&lhi} (@x[6],0);
+ stm (@x[12],@x[15],"$stdframe+4*12($sp)");
+ al (@x[0],"$stdframe+4*8($sp)");
+ al (@x[1],"$stdframe+4*9($sp)");
+ al (@x[2],"$stdframe+4*10($sp)");
+ al (@x[3],"$stdframe+4*11($sp)");
+ lrvr (@x[0],@x[0]);
+ lrvr (@x[1],@x[1]);
+ lrvr (@x[2],@x[2]);
+ lrvr (@x[3],@x[3]);
+ stm (@x[0],@x[3],"$stdframe+4*8($sp)");
+
+LABEL (".Loop_tail");
+ llgc (@x[4],"0(@x[6],%r14)");
+ llgc (@x[5],"$stdframe(@x[6],$sp)");
+ xr (@x[5],@x[4]);
+ stc (@x[5],"0(@x[6],@t[0])");
+ la (@x[6],"1(@x[6])");
+ brct (@t[1],".Loop_tail");
+
+ j (".Ldone");
+SIZE ("_s390x_chacha_novx",".-_s390x_chacha_novx");
+}
}
-close STDOUT;
+################
+
+ALIGN (64);
+LABEL (".Lsigma");
+LONG (0x61707865,0x3320646e,0x79622d32,0x6b206574); # endian-neutral sigma
+LONG (0x00000000,0x00000001,0x00000002,0x00000003); # vaf counter increment
+LONG (0x03020100,0x07060504,0x13121110,0x17161514); # vperm serialization
+LONG (0x0b0a0908,0x0f0e0d0c,0x1b1a1918,0x1f1e1d1c); # vperm serialization
+ASCIZ ("\"ChaCha20 for s390x, CRYPTOGAMS by <appro\@openssl.org>\"");
+ALIGN (4);
+
+PERLASM_END();
Index: openssl-1.1.1a/crypto/chacha/build.info
===================================================================
--- openssl-1.1.1a.orig/crypto/chacha/build.info 2018-11-20 14:35:37.000000000 +0100
+++ openssl-1.1.1a/crypto/chacha/build.info 2019-01-10 16:19:39.942838273 +0100
@@ -9,6 +9,7 @@ GENERATE[chacha-armv4.S]=asm/chacha-armv
INCLUDE[chacha-armv4.o]=..
GENERATE[chacha-armv8.S]=asm/chacha-armv8.pl $(PERLASM_SCHEME)
INCLUDE[chacha-armv8.o]=..
+INCLUDE[chacha-s390x.o]=..
BEGINRAW[Makefile(unix)]
##### CHACHA assembler implementations

47
0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch
View File

@ -1,47 +0,0 @@
From 7b46a0ed5938e28d974757db44cc9d299ad5cb4e Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Thu, 23 Feb 2017 14:03:39 +0100
Subject: [PATCH 02/44] crypto/modes/asm/ghash-s390x.pl: fix gcm_gmult_4bit
KIMD code path.
gcm_gmult_4bit KIMD code path assumed that that Xi is processed.
However, with iv lengths not equal to 12, the function is also used to process
Yi, resulting in wrong ghash computation.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
---
crypto/modes/asm/ghash-s390x.pl | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/crypto/modes/asm/ghash-s390x.pl b/crypto/modes/asm/ghash-s390x.pl
index f8b038c708..6dbb8232d6 100644
--- a/crypto/modes/asm/ghash-s390x.pl
+++ b/crypto/modes/asm/ghash-s390x.pl
@@ -95,14 +95,23 @@ $code.=<<___ if(!$softonly && 0); # hardware is slow for single block...
lg %r1,24(%r1) # load second word of kimd capabilities vector
tmhh %r1,0x4000 # check for function 65
jz .Lsoft_gmult
+ lghi %r1,-16
stg %r0,16($sp) # arrange 16 bytes of zero input
stg %r0,24($sp)
+ la $Htbl,0(%r1,$Htbl) # H lies right before Htable
+
lghi %r0,65 # function 65
- la %r1,0($Xi) # H lies right after Xi in gcm128_context
+ la %r1,32($sp)
+ mvc 32(16,$sp),0($Xi) # copy Xi/Yi
+ mvc 48(16,$sp),0($Htbl) # copy H
la $inp,16($sp)
lghi $len,16
.long 0xb93e0004 # kimd %r0,$inp
brc 1,.-4 # pay attention to "partial completion"
+
+ mvc 0(16,$Xi),32($sp)
+ xc 32(32,$sp),32($sp) # wipe stack
+
br %r14
.align 32
.Lsoft_gmult:
--
2.13.6

112
0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
View File

@ -1,112 +0,0 @@
From 3e1c11dd482dd4626989bb6d84fc708d9bb95219 Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Mon, 30 Jan 2017 17:37:54 +0100
Subject: [PATCH 04/44] s390x assembly pack: add OPENSSL_s390xcap environment
variable.
The OPENSSL_s390xcap environment variable is used to set bits in the s390x
capability vector to zero. This simplifies testing of different code paths.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
---
crypto/s390x_arch.h | 28 ++++++++++++++++++++++++++++
crypto/s390xcap.c | 33 +++++++++++++++++++++++++++++----
2 files changed, 57 insertions(+), 4 deletions(-)
create mode 100644 crypto/s390x_arch.h
Index: openssl-1.1.0g/crypto/s390x_arch.h
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0g/crypto/s390x_arch.h 2018-01-10 15:26:40.291112320 +0100
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef S390X_ARCH_H
+# define S390X_ARCH_H
+
+# include <stdint.h>
+
+/*
+ * The elements of OPENSSL_s390xcap_P are the doublewords returned by the STFLE
+ * instruction followed by the doubleword pairs returned by instructions' QUERY
+ * functions. If STFLE returns fewer doublewords or an instruction is not
+ * supported, the corresponding element is zero. The order is as follows:
+ *
+ * STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR
+ */
+# define S390X_STFLE_DWORDS 2
+# define S390X_QUERY_DWORDS 8
+# define S390X_CAP_DWORDS (S390X_STFLE_DWORDS + S390X_QUERY_DWORDS)
+extern unsigned long long OPENSSL_s390xcap_P[];
+
+#endif
Index: openssl-1.1.0g/crypto/s390xcap.c
===================================================================
--- openssl-1.1.0g.orig/crypto/s390xcap.c 2017-11-02 15:29:03.000000000 +0100
+++ openssl-1.1.0g/crypto/s390xcap.c 2018-01-10 15:27:42.988113439 +0100
@@ -14,6 +14,7 @@
#include <signal.h>
unsigned long long OPENSSL_s390xcap_P[10];
+#include "s390x_arch.h"
static sigjmp_buf ill_jmp;
static void ill_handler(int sig)
@@ -21,17 +22,21 @@ static void ill_handler(int sig)
siglongjmp(ill_jmp, sig);
}
-unsigned long OPENSSL_s390x_facilities(void);
+void OPENSSL_s390x_facilities(void);
void OPENSSL_cpuid_setup(void)
{
sigset_t oset;
struct sigaction ill_act, oact;
+ uint64_t vec;
+ char *env;
+ int off;
+ int i;
if (OPENSSL_s390xcap_P[0])
return;
- OPENSSL_s390xcap_P[0] = 1UL << (8 * sizeof(unsigned long) - 1);
+ OPENSSL_s390xcap_P[0] = 1ULL << (8 * sizeof(uint64_t) - 1);
memset(&ill_act, 0, sizeof(ill_act));
ill_act.sa_handler = ill_handler;
@@ -47,4 +52,26 @@ void OPENSSL_cpuid_setup(void)
sigaction(SIGILL, &oact, NULL);
sigprocmask(SIG_SETMASK, &oset, NULL);
+
+ if ((env = getenv("OPENSSL_s390xcap")) != NULL) {
+ for (i = 0; i < S390X_CAP_DWORDS; i++) {
+ off = (env[0] == '~') ? 1 : 0;
+
+ if (sscanf(env + off, "%llx", (unsigned long long *)&vec) == 1)
+ OPENSSL_s390xcap_P[i] &= off ? ~vec : vec;
+
+ if (i == S390X_STFLE_DWORDS - 1)
+ env = strchr(env, '.');
+ else
+ env = strpbrk(env, ":.");
+
+ if (env == NULL)
+ break;
+
+ if (env[0] == '.')
+ i = S390X_STFLE_DWORDS - 1;
+
+ env++;
+ }
+ }
}

114
0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
View File

@ -1,114 +0,0 @@
From 79310b18d90badd58595cf2fff40591ad76c301a Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Tue, 31 Jan 2017 12:43:35 +0100
Subject: [PATCH 05/44] s390x assembly pack: add OPENSSL_s390xcap man page.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
---
doc/man3/OPENSSL_s390xcap.pod | 94 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 94 insertions(+)
create mode 100644 doc/man3/OPENSSL_s390xcap.pod
diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod
new file mode 100644
index 0000000000..de56c7cf55
--- /dev/null
+++ b/doc/man3/OPENSSL_s390xcap.pod
@@ -0,0 +1,94 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_s390xcap - the z processor capabilities vector
+
+=head1 SYNOPSIS
+
+ env OPENSSL_s390xcap=... <application>
+
+=head1 DESCRIPTION
+
+libcrypto supports z architecture instruction set extensions. These
+extensions are denoted by individual bits in the capability vector.
+When libcrypto is initialized, the bits returned by the STFLE instruction
+and by the QUERY functions are stored in the vector.
+
+The OPENSSL_s390xcap environment variable can be set before starting an
+application to affect capability detection. It is specified by a
+colon-separated list of 64-bit values in hexadecimal notation, the 0x
+prefix being optional. The ~ prefix means bitwise NOT and a point
+indicates the end of the STFLE bits respectively the beginning of the
+QUERY bits.
+
+After initialization, the capability vector is ANDed bitwise with the
+corresponding parts of the environment variable.
+
+The following bits are significant:
+
+.
+
+=over
+
+=item #60 KIMD-SHA-512
+
+=item #61 KIMD-SHA-256
+
+=item #62 KIMD-SHA-1
+
+=back
+
+:
+
+=over
+
+=item #62 KIMD-GHASH
+
+=back
+
+:
+
+=over
+
+=item #11 KM-XTS-AES-256
+
+=item #13 KM-XTS-AES-128
+
+=item #43 KM-AES-256
+
+=item #44 KM-AES-192
+
+=item #45 KM-AES-128
+
+=back
+
+:
+:
+
+=over
+
+=item #43 KMC-AES-256
+
+=item #44 KMC-AES-192
+
+=item #45 KMC-AES-128
+
+=back
+
+=head1 EXAMPLES
+
+OPENSSL_s390xcap=.0:0 disables KIMD.
+
+OPENSSL_s390xcap=.::~0x2800 disables KM-XTS-AES.
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
--
2.13.6

220
0006-s390x-assembly-pack-extended-s390x-capability-vector.patch
View File

@ -1,220 +0,0 @@
From 9c59438dadc2b8026c058deb0759da78de1bb7ba Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Fri, 10 Feb 2017 19:43:08 +0100
Subject: [PATCH 06/44] s390x assembly pack: extended s390x capability vector
(STFLE).
Extended the s390x capability vector to store the longer facility list
available from z13 onwards. The bits indicating the vector extensions
are set to zero, if the kernel does not enable the vector facility.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
---
crypto/aes/asm/aes-s390x.pl | 10 +++++-----
crypto/modes/asm/ghash-s390x.pl | 4 ++--
crypto/s390x_arch.h | 9 +++++++--
crypto/s390xcap.c | 31 +++++++++++++++++++++++++++++++
crypto/s390xcpuid.S | 14 +++++++++-----
crypto/sha/asm/sha1-s390x.pl | 4 ++--
crypto/sha/asm/sha512-s390x.pl | 4 ++--
7 files changed, 58 insertions(+), 18 deletions(-)
Index: openssl-1.1.0g/crypto/aes/asm/aes-s390x.pl
===================================================================
--- openssl-1.1.0g.orig/crypto/aes/asm/aes-s390x.pl 2018-01-10 17:13:05.962202226 +0100
+++ openssl-1.1.0g/crypto/aes/asm/aes-s390x.pl 2018-01-10 17:22:31.466891754 +0100
@@ -823,8 +823,8 @@ $code.=<<___ if (!$softonly);
larl %r1,OPENSSL_s390xcap_P
llihh %r0,0x8000
srlg %r0,%r0,0(%r5)
- ng %r0,32(%r1) # check availability of both km...
- ng %r0,48(%r1) # ...and kmc support for given key length
+ ng %r0,40(%r1) # check availability of both km...
+ ng %r0,56(%r1) # ...and kmc support for given key length
jz .Lekey_internal
lmg %r0,%r1,0($inp) # just copy 128 bits...
@@ -1442,7 +1442,7 @@ $code.=<<___ if (!$softonly && 0);# kmct
larl %r1,OPENSSL_s390xcap_P
llihh %r0,0x8000 # check if kmctr supports the function code
srlg %r0,%r0,0($s0)
- ng %r0,64(%r1) # check kmctr capability vector
+ ng %r0,72(%r1) # check kmctr capability vector
lgr %r0,$s0
lgr %r1,$s1
jz .Lctr32_km_loop
@@ -1592,7 +1592,7 @@ $code.=<<___ if(1);
larl %r1,OPENSSL_s390xcap_P
llihh %r0,0x8000
srlg %r0,%r0,32($s1) # check for 32+function code
- ng %r0,32(%r1) # check km capability vector
+ ng %r0,40(%r1) # check km capability vector
lgr %r0,$s0 # restore the function code
la %r1,0($key1) # restore $key1
jz .Lxts_km_vanilla
Index: openssl-1.1.0g/crypto/modes/asm/ghash-s390x.pl
===================================================================
--- openssl-1.1.0g.orig/crypto/modes/asm/ghash-s390x.pl 2018-01-10 17:13:05.962202226 +0100
+++ openssl-1.1.0g/crypto/modes/asm/ghash-s390x.pl 2018-01-10 17:13:07.430224756 +0100
@@ -89,7 +89,7 @@ ___
$code.=<<___ if(!$softonly && 0); # hardware is slow for single block...
larl %r1,OPENSSL_s390xcap_P
lghi %r0,0
- lg %r1,24(%r1) # load second word of kimd capabilities vector
+ lg %r1,32(%r1) # load second word of kimd capabilities vector
tmhh %r1,0x4000 # check for function 65
jz .Lsoft_gmult
lghi %r1,-16
@@ -132,7 +132,7 @@ gcm_ghash_4bit:
___
$code.=<<___ if(!$softonly);
larl %r1,OPENSSL_s390xcap_P
- lg %r0,24(%r1) # load second word of kimd capabilities vector
+ lg %r0,32(%r1) # load second word of kimd capabilities vector
tmhh %r0,0x4000 # check for function 65
jz .Lsoft_ghash
lghi %r0,65 # function 65
Index: openssl-1.1.0g/crypto/s390x_arch.h
===================================================================
--- openssl-1.1.0g.orig/crypto/s390x_arch.h 2018-01-10 17:13:05.962202226 +0100
+++ openssl-1.1.0g/crypto/s390x_arch.h 2018-01-10 17:13:07.430224756 +0100
@@ -18,11 +18,16 @@
* functions. If STFLE returns fewer doublewords or an instruction is not
* supported, the corresponding element is zero. The order is as follows:
*
- * STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR
+ * STFLE:STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR
*/
-# define S390X_STFLE_DWORDS 2
+# define S390X_STFLE_DWORDS 3
# define S390X_QUERY_DWORDS 8
# define S390X_CAP_DWORDS (S390X_STFLE_DWORDS + S390X_QUERY_DWORDS)
extern unsigned long long OPENSSL_s390xcap_P[];
+/* OPENSSL_s390xcap_P[2] flags */
+# define S390X_STFLE_VXE (1ULL << 56)
+# define S390X_STFLE_VXD (1ULL << 57)
+# define S390X_STFLE_VX (1ULL << 62)
+
#endif
Index: openssl-1.1.0g/crypto/s390xcap.c
===================================================================
--- openssl-1.1.0g.orig/crypto/s390xcap.c 2018-01-10 17:13:05.962202226 +0100
+++ openssl-1.1.0g/crypto/s390xcap.c 2018-01-10 17:13:07.430224756 +0100
@@ -22,6 +22,31 @@ static void ill_handler(int sig)
siglongjmp(ill_jmp, sig);
}
+/*-
+ * os-specific function to check if "vector enablement control"-bit and
+ * "AFP register control"-bit in control register 0 are set.
+ */
+static int vx_enabled(void)
+{
+#if defined(OPENSSL_SYS_LINUX)
+ FILE *fd;
+ char buf[4096];
+
+ if ((fd = fopen("/proc/cpuinfo", "r")) == NULL)
+ return 0;
+
+ buf[0] = '\0';
+
+ while ((fgets(buf, sizeof(buf), fd) != NULL)
+ && (strstr(buf, "features") != buf));
+
+ fclose(fd);
+ return (strstr(buf, " vx ") != NULL) ? 1 : 0;
+#else
+ return 0;
+#endif
+}
+
void OPENSSL_s390x_facilities(void);
void OPENSSL_cpuid_setup(void)
@@ -53,6 +78,12 @@ void OPENSSL_cpuid_setup(void)
sigaction(SIGILL, &oact, NULL);
sigprocmask(SIG_SETMASK, &oset, NULL);
+ /* protection against disabled vector facility */
+ if (!vx_enabled()) {
+ OPENSSL_s390xcap_P[2] &= ~(S390X_STFLE_VXE | S390X_STFLE_VXD |
+ S390X_STFLE_VX);
+ }
+
if ((env = getenv("OPENSSL_s390xcap")) != NULL) {
for (i = 0; i < S390X_CAP_DWORDS; i++) {
off = (env[0] == '~') ? 1 : 0;
Index: openssl-1.1.0g/crypto/s390xcpuid.S
===================================================================
--- openssl-1.1.0g.orig/crypto/s390xcpuid.S 2018-01-10 17:13:05.962202226 +0100
+++ openssl-1.1.0g/crypto/s390xcpuid.S 2018-01-10 17:13:07.430224756 +0100
@@ -21,33 +21,37 @@ OPENSSL_s390x_facilities:
stg %r0,56(%r4)
stg %r0,64(%r4)
stg %r0,72(%r4)
+ stg %r0,80(%r4)
.long 0xb2b04000 # stfle 0(%r4)
brc 8,.Ldone
lghi %r0,1
.long 0xb2b04000 # stfle 0(%r4)
+ brc 8,.Ldone
+ lghi %r0,2
+ .long 0xb2b04000 # stfle 0(%r4)
.Ldone:
lmg %r2,%r3,0(%r4)
tmhl %r2,0x4000 # check for message-security-assist
jz .Lret
lghi %r0,0 # query kimd capabilities
- la %r1,16(%r4)
+ la %r1,24(%r4)
.long 0xb93e0002 # kimd %r0,%r2
lghi %r0,0 # query km capability vector
- la %r1,32(%r4)
+ la %r1,40(%r4)
.long 0xb92e0042 # km %r4,%r2
lghi %r0,0 # query kmc capability vector
- la %r1,48(%r4)
+ la %r1,56(%r4)
.long 0xb92f0042 # kmc %r4,%r2
tmhh %r3,0x0004 # check for message-security-assist-4
jz .Lret
lghi %r0,0 # query kmctr capability vector
- la %r1,64(%r4)
+ la %r1,72(%r4)
.long 0xb92d2042 # kmctr %r4,%r2,%r2
.Lret:
Index: openssl-1.1.0g/crypto/sha/asm/sha1-s390x.pl
===================================================================
--- openssl-1.1.0g.orig/crypto/sha/asm/sha1-s390x.pl 2018-01-10 17:13:05.962202226 +0100
+++ openssl-1.1.0g/crypto/sha/asm/sha1-s390x.pl 2018-01-10 17:13:07.430224756 +0100
@@ -172,7 +172,7 @@ sha1_block_data_order:
___
$code.=<<___ if ($kimdfunc);
larl %r1,OPENSSL_s390xcap_P
- lg %r0,16(%r1) # check kimd capabilities
+ lg %r0,24(%r1) # check kimd capabilities
tmhh %r0,`0x8000>>$kimdfunc`
jz .Lsoftware
lghi %r0,$kimdfunc
Index: openssl-1.1.0g/crypto/sha/asm/sha512-s390x.pl
===================================================================
--- openssl-1.1.0g.orig/crypto/sha/asm/sha512-s390x.pl 2018-01-10 17:13:05.962202226 +0100
+++ openssl-1.1.0g/crypto/sha/asm/sha512-s390x.pl 2018-01-10 17:13:07.430224756 +0100
@@ -244,7 +244,7 @@ $Func:
___
$code.=<<___ if ($kimdfunc);
larl %r1,OPENSSL_s390xcap_P
- lg %r0,16(%r1) # check kimd capabilities
+ lg %r0,24(%r1) # check kimd capabilities
tmhh %r0,`0x8000>>$kimdfunc`
jz .Lsoftware
lghi %r0,$kimdfunc

220
0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch
View File

@ -1,220 +0,0 @@
From 29039576b1512a3508d40929dad605cefe806186 Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Thu, 16 Feb 2017 09:05:28 +0100
Subject: [PATCH 07/44] crypto/evp/e_aes.c: add foundations for extended s390x
support.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
---
crypto/evp/e_aes.c | 175 ++++++++++++++++++++++++++++++++++++++++++++++++++++
crypto/s390x_arch.h | 10 +++
2 files changed, 185 insertions(+)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 802b1d814d..d5932e1c64 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -950,6 +950,181 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \
const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
+#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && !defined(AES_SOFTONLY)
+/*
+ * IBM S390X support
+ */
+# include "s390x_arch.h"
+
+/*-
+ * If KM and KMC support the function code, AES_KEY structure holds
+ * key/function code (instead of key schedule/number of rounds).
+ */
+# define S390X_AES_FC (((AES_KEY *)(key))->rounds)
+
+# define S390X_aes_128_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_128)&&\
+ (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_128))
+# define S390X_aes_192_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_192)&&\
+ (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_192))
+# define S390X_aes_256_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_256)&&\
+ (OPENSSL_s390xcap_P[7]&S390X_KMC_AES_256))
+
+# define s390x_aes_init_key aes_init_key
+static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+
+# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */
+# define S390X_aes_192_cbc_CAPABLE 1
+# define S390X_aes_256_cbc_CAPABLE 1
+
+# define s390x_aes_cbc_cipher aes_cbc_cipher
+static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ecb_CAPABLE 0
+# define S390X_aes_192_ecb_CAPABLE 0
+# define S390X_aes_256_ecb_CAPABLE 0
+
+# define s390x_aes_ecb_cipher aes_ecb_cipher
+static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ofb_CAPABLE 0
+# define S390X_aes_192_ofb_CAPABLE 0
+# define S390X_aes_256_ofb_CAPABLE 0
+
+# define s390x_aes_ofb_cipher aes_ofb_cipher
+static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_cfb_CAPABLE 0
+# define S390X_aes_192_cfb_CAPABLE 0
+# define S390X_aes_256_cfb_CAPABLE 0
+
+# define s390x_aes_cfb_cipher aes_cfb_cipher
+static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_cfb8_CAPABLE 0
+# define S390X_aes_192_cfb8_CAPABLE 0
+# define S390X_aes_256_cfb8_CAPABLE 0
+
+# define s390x_aes_cfb8_cipher aes_cfb8_cipher
+static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_cfb1_CAPABLE 0
+# define S390X_aes_192_cfb1_CAPABLE 0
+# define S390X_aes_256_cfb1_CAPABLE 0
+
+# define s390x_aes_cfb1_cipher aes_cfb1_cipher
+static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */
+# define S390X_aes_192_ctr_CAPABLE 1
+# define S390X_aes_256_ctr_CAPABLE 1
+
+# define s390x_aes_ctr_cipher aes_ctr_cipher
+static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_gcm_CAPABLE 0
+# define S390X_aes_192_gcm_CAPABLE 0
+# define S390X_aes_256_gcm_CAPABLE 0
+
+# define s390x_aes_gcm_init_key aes_gcm_init_key
+static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv, int enc);
+
+# define s390x_aes_gcm_cipher aes_gcm_cipher
+static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */
+# define S390X_aes_256_xts_CAPABLE 1
+
+# define s390x_aes_xts_init_key aes_xts_init_key
+static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv, int enc);
+
+# define s390x_aes_xts_cipher aes_xts_cipher
+static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ccm_CAPABLE 0
+# define S390X_aes_192_ccm_CAPABLE 0
+# define S390X_aes_256_ccm_CAPABLE 0
+
+# define s390x_aes_ccm_init_key aes_ccm_init_key
+static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv, int enc);
+
+# define s390x_aes_ccm_cipher aes_ccm_cipher
+static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+
+# ifndef OPENSSL_NO_OCB
+# define S390X_aes_128_ocb_CAPABLE 0
+# define S390X_aes_192_ocb_CAPABLE 0
+# define S390X_aes_256_ocb_CAPABLE 0
+
+# define s390x_aes_ocb_init_key aes_ocb_init_key
+static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+# define s390x_aes_ocb_cipher aes_ocb_cipher
+static int s390x_aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len);
+# endif
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
+ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+ flags|EVP_CIPH_##MODE##_MODE, \
+ s390x_aes_init_key, \
+ s390x_aes_##mode##_cipher, \
+ NULL, \
+ sizeof(EVP_AES_KEY), \
+ NULL,NULL,NULL,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+ nid##_##keylen##_##nmode,blocksize, \
+ keylen/8,ivlen, \
+ flags|EVP_CIPH_##MODE##_MODE, \
+ aes_init_key, \
+ aes_##mode##_cipher, \
+ NULL, \
+ sizeof(EVP_AES_KEY), \
+ NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return S390X_aes_##keylen##_##mode##_CAPABLE?&s390x_aes_##keylen##_##mode: \
+ &aes_##keylen##_##mode; }
+
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
+ nid##_##keylen##_##mode,blocksize, \
+ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+ flags|EVP_CIPH_##MODE##_MODE, \
+ s390x_aes_##mode##_init_key, \
+ s390x_aes_##mode##_cipher, \
+ aes_##mode##_cleanup, \
+ sizeof(EVP_AES_##MODE##_CTX), \
+ NULL,NULL,aes_##mode##_ctrl,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+ nid##_##keylen##_##mode,blocksize, \
+ (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+ flags|EVP_CIPH_##MODE##_MODE, \
+ aes_##mode##_init_key, \
+ aes_##mode##_cipher, \
+ aes_##mode##_cleanup, \
+ sizeof(EVP_AES_##MODE##_CTX), \
+ NULL,NULL,aes_##mode##_ctrl,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return S390X_aes_##keylen##_##mode##_CAPABLE?&s390x_aes_##keylen##_##mode: \
+ &aes_##keylen##_##mode; }
+
#else
# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h
index 434f8e3f4e..5bf24930ed 100644
--- a/crypto/s390x_arch.h
+++ b/crypto/s390x_arch.h
@@ -30,4 +30,14 @@ extern uint64_t OPENSSL_s390xcap_P[];
# define S390X_STFLE_VXD (1ULL << 57)
# define S390X_STFLE_VX (1ULL << 62)
+/* OPENSSL_s390xcap_P[5] flags */
+# define S390X_KM_AES_256 (1ULL << 43)
+# define S390X_KM_AES_192 (1ULL << 44)
+# define S390X_KM_AES_128 (1ULL << 45)
+
+/* OPENSSL_s390xcap_P[7] flags */
+# define S390X_KMC_AES_256 (1ULL << 43)
+# define S390X_KMC_AES_192 (1ULL << 44)
+# define S390X_KMC_AES_128 (1ULL << 45)
+
#endif
--
2.13.6

73
0008-s390x-assembly-pack-extended-s390x-capability-vector.patch
View File

@ -1,73 +0,0 @@
From 5534badade984ccad7dbe56e17bcf0b2d00820c0 Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Sun, 12 Feb 2017 12:27:00 +0100
Subject: [PATCH 08/44] s390x assembly pack: extended s390x capability vector
(KMA).
Extended the s390x capability vector to store the doubleword pair
returned by the KMA instruction's QUERY function.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
---
crypto/aes/asm/aes-s390x.pl | 2 +-
crypto/s390x_arch.h | 9 +++++++--
crypto/s390xcpuid.S | 12 +++++++++++-
crypto/sha/asm/sha1-s390x.pl | 2 +-
crypto/sha/asm/sha512-s390x.pl | 2 +-
5 files changed, 21 insertions(+), 6 deletions(-)
Index: openssl-1.1.0g/crypto/s390x_arch.h
===================================================================
--- openssl-1.1.0g.orig/crypto/s390x_arch.h 2018-01-10 15:38:21.714301915 +0100
+++ openssl-1.1.0g/crypto/s390x_arch.h 2018-01-10 15:38:28.942417111 +0100
@@ -18,10 +18,10 @@
* functions. If STFLE returns fewer doublewords or an instruction is not
* supported, the corresponding element is zero. The order is as follows:
*
- * STFLE:STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR
+ * STFLE:STFLE:STFLE.KIMD:KIMD:KM:KM:KMC:KMC:KMCTR:KMCTR:KMA:KMA
*/
# define S390X_STFLE_DWORDS 3
-# define S390X_QUERY_DWORDS 8
+# define S390X_QUERY_DWORDS 10
# define S390X_CAP_DWORDS (S390X_STFLE_DWORDS + S390X_QUERY_DWORDS)
extern unsigned long long OPENSSL_s390xcap_P[];
@@ -40,4 +40,9 @@ extern unsigned long long OPENSSL_s390xc
# define S390X_KMC_AES_192 (1ULL << 44)
# define S390X_KMC_AES_128 (1ULL << 45)
+/* OPENSSL_s390xcap_P[11] flags */
+# define S390X_KMA_GCM_AES_256 (1ULL << 43)
+# define S390X_KMA_GCM_AES_192 (1ULL << 44)
+# define S390X_KMA_GCM_AES_128 (1ULL << 45)
+
#endif
Index: openssl-1.1.0g/crypto/s390xcpuid.S
===================================================================
--- openssl-1.1.0g.orig/crypto/s390xcpuid.S 2018-01-10 15:38:21.706301789 +0100
+++ openssl-1.1.0g/crypto/s390xcpuid.S 2018-01-10 15:38:21.722302044 +0100
@@ -22,6 +22,8 @@ OPENSSL_s390x_facilities:
stg %r0,64(%r4)
stg %r0,72(%r4)
stg %r0,80(%r4)
+ stg %r0,88(%r4)
+ stg %r0,96(%r4)
.long 0xb2b04000 # stfle 0(%r4)
brc 8,.Ldone
@@ -54,6 +56,14 @@ OPENSSL_s390x_facilities:
la %r1,72(%r4)
.long 0xb92d2042 # kmctr %r4,%r2,%r2
+ lg %r2,16(%r4)
+ tmhl %r2,0x2000 # check for message-security-assist-8
+ jz .Lret
+
+ lghi %r0,0 # query kma capability vector
+ la %r1,88(%r4)
+ .long 0xb9294022 # kma %r2,%r4,%r2
+
.Lret:
br %r14
.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities

58
0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch
View File

@ -1,58 +0,0 @@
From 6d4165cf2b6c19162fdcc98e0f093b12ce765191 Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Tue, 14 Feb 2017 02:07:37 +0100
Subject: [PATCH 09/44] crypto/aes/asm/aes-s390x.pl: add KMA code path.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
---
crypto/aes/asm/aes-s390x.pl | 34 +++++++++++++++++++++++++++++++++-
1 file changed, 33 insertions(+), 1 deletion(-)
diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
index b546c16025..750f61e87a 100644
--- a/crypto/aes/asm/aes-s390x.pl
+++ b/crypto/aes/asm/aes-s390x.pl
@@ -1403,7 +1403,39 @@ $code.=<<___ if (!$softonly);
clr %r0,%r1
jl .Lctr32_software
- stm${g} %r6,$s3,6*$SIZE_T($sp)
+ stm${g} $s2,$s3,10*$SIZE_T($sp)
+ llgfr $s2,%r0
+ larl %r1,OPENSSL_s390xcap_P
+ llihh %r0,0x8000 # check if kma supports the function code
+ srlg %r0,%r0,0($s2)
+ ng %r0,88(%r1) # check kma capability vector
+ lgr %r0,$s2
+ jz .Lctr32_nokma
+
+ aghi $sp,-112
+ lhi %r1,0x0600
+ sllg $len,$len,4
+ or %r0,%r1 # set HS and LAAD flags
+ lmg $s2,$s3,0($ivp)
+ la %r1,0($sp) # prepare parameter block
+ ahi $s3,-1 # decrement counter
+ mvc 80(32,$sp),0($key) # copy key
+ stmg $s2,$s3,64($sp) # copy iv
+ st $s3,12($sp) # copy counter
+ lghi $s3,0 # no AAD
+
+ .long 0xb929a042 # kma $out,$s2,$inp
+ brc 1,.-4 # pay attention to "partial completion"
+
+ xc 80(32,$sp),80($sp) # wipe key copy
+ la $sp,112($sp)
+ lm${g} $s2,$s3,10*$SIZE_T($sp)
+ br $ra
+
+.align 16
+.Lctr32_nokma:
+
+ stm${g} %r6,$s1,6*$SIZE_T($sp)
slgr $out,$inp
la %r1,0($key) # %r1 is permanent copy of $key
--
2.13.6

41
0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch
View File

@ -1,41 +0,0 @@
From 98100dfe2659b43c1e80c54e5666e6f5d0330759 Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Mon, 13 Feb 2017 16:43:12 +0100
Subject: [PATCH 10/44] doc/man3/OPENSSL_s390xcap.pod: update (KMA).
List KMA-GCM-AES bits as significant.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
---
doc/man3/OPENSSL_s390xcap.pod | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod
index de56c7cf55..adf2c02036 100644
--- a/doc/man3/OPENSSL_s390xcap.pod
+++ b/doc/man3/OPENSSL_s390xcap.pod
@@ -76,6 +76,21 @@ The following bits are significant:
=back
+:
+:
+:
+:
+
+=over
+
+=item #43 KMA-GCM-AES-256
+
+=item #44 KMA-GCM-AES-192
+
+=item #45 KMA-GCM-AES-128
+
+=back
+
=head1 EXAMPLES
OPENSSL_s390xcap=.0:0 disables KIMD.
--
2.13.6

62
0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
View File

@ -1,62 +0,0 @@
From f34474dd00118128ed574e838895167efddf7359 Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Tue, 14 Feb 2017 11:15:51 +0100
Subject: [PATCH 11/44] crypto/aes/asm/aes-s390x.pl: add CFI annotations (KMA
code path).
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
---
crypto/aes/asm/aes-s390x.pl | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
index 750f61e87a..6cabdf5069 100644
--- a/crypto/aes/asm/aes-s390x.pl
+++ b/crypto/aes/asm/aes-s390x.pl
@@ -1392,6 +1392,7 @@ $code.=<<___;
.type AES_ctr32_encrypt,\@function
.align 16
AES_ctr32_encrypt:
+.cfi_startproc
xgr %r3,%r4 # flip %r3 and %r4, $out and $len
xgr %r4,%r3
xgr %r3,%r4
@@ -1404,6 +1405,8 @@ $code.=<<___ if (!$softonly);
jl .Lctr32_software
stm${g} $s2,$s3,10*$SIZE_T($sp)
+ .cfi_rel_offset $s2,10*$SIZE_T
+ .cfi_rel_offset $s3,11*$SIZE_T
llgfr $s2,%r0
larl %r1,OPENSSL_s390xcap_P
llihh %r0,0x8000 # check if kma supports the function code
@@ -1413,6 +1416,7 @@ $code.=<<___ if (!$softonly);
jz .Lctr32_nokma
aghi $sp,-112
+ .cfi_adjust_cfa_offset 112
lhi %r1,0x0600
sllg $len,$len,4
or %r0,%r1 # set HS and LAAD flags
@@ -1429,7 +1433,10 @@ $code.=<<___ if (!$softonly);
xc 80(32,$sp),80($sp) # wipe key copy
la $sp,112($sp)
+ .cfi_adjust_cfa_offset -112
lm${g} $s2,$s3,10*$SIZE_T($sp)
+ .cfi_restore $s2
+ .cfi_restore $s3
br $ra
.align 16
@@ -1594,6 +1601,7 @@ $code.=<<___;
lm${g} %r6,$ra,6*$SIZE_T($sp)
br $ra
+.cfi_endproc
.size AES_ctr32_encrypt,.-AES_ctr32_encrypt
___
}
--
2.13.6

335
0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch
View File

@ -1,335 +0,0 @@
From acef148f0aac18d78c3c857065b3a1274279b2df Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Sat, 25 Feb 2017 10:05:12 +0100
Subject: [PATCH 12/44] s390x assembly pack: add KMA code path for aes-gcm.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
---
crypto/aes/asm/aes-s390x.pl | 52 ++++++++++++
crypto/evp/e_aes.c | 200 ++++++++++++++++++++++++++++++++++++++++++--
crypto/modes/gcm128.c | 4 +
crypto/s390x_arch.h | 5 ++
4 files changed, 253 insertions(+), 8 deletions(-)
Index: openssl-1.1.0g/crypto/aes/asm/aes-s390x.pl
===================================================================
--- openssl-1.1.0g.orig/crypto/aes/asm/aes-s390x.pl 2018-01-09 17:35:12.231011406 +0100
+++ openssl-1.1.0g/crypto/aes/asm/aes-s390x.pl 2018-01-09 17:35:16.795082242 +0100
@@ -2257,6 +2257,58 @@ $code.=<<___;
.size AES_xts_decrypt,.-AES_xts_decrypt
___
}
+
+################
+# void s390x_aes_gcm_blocks(unsigned char *out, GCM128_CONTEXT *ctx,
+# const unsigned char *in, size_t len,
+# const unsigned char *aad, size_t alen,
+# const AES_KEY *key, int enc)
+{
+my ($out,$ctx,$in,$len,$aad,$alen,$key,$enc) = map("%r$_",(2..9));
+$code.=<<___ if (!$softonly);
+.globl s390x_aes_gcm_blocks
+.type s390x_aes_gcm_blocks,\@function
+.align 16
+s390x_aes_gcm_blocks:
+ stm$g $alen,$enc,7*$SIZE_T($sp)
+ lm$g $alen,$enc,$stdframe($sp)
+
+ aghi $sp,-112
+
+ lmg %r0,%r1,0($ctx)
+ ahi %r1,-1
+
+ mvc 16(32,$sp),64($ctx) # copy Xi/H
+ #mvc 48(16,$sp),48($ctx) # copy len
+ mvc 80(32,$sp),0($key) # copy key
+ st %r1,12($sp) # copy Yi
+ stmg %r0,%r1,64($sp)
+
+ lhi %r1,128
+ l %r0,240($key) # kma capability vector checked by caller
+ sll $enc,7
+ xr $enc,%r1
+ or %r0,$enc
+
+ la %r1,0($sp)
+
+ .long 0xb9296024 # kma $out,$aad,$in
+ brc 1,.-4 # pay attention to "partial completion"
+
+ l %r0,12($sp)
+ mvc 64(16,$ctx),16($sp) # update Xi
+ xc 0(112,$sp),0($sp) # wipe stack
+
+ la $sp,112($sp)
+ ahi %r0,1
+ st %r0,12($ctx)
+
+ lm$g $alen,$enc,7*$SIZE_T($sp)
+ br $ra
+.size s390x_aes_gcm_blocks,.-s390x_aes_gcm_blocks
+___
+}
+
$code.=<<___;
.string "AES for s390x, CRYPTOGAMS by <appro\@openssl.org>"
___
Index: openssl-1.1.0g/crypto/evp/e_aes.c
===================================================================
--- openssl-1.1.0g.orig/crypto/evp/e_aes.c 2018-01-09 17:35:12.199010909 +0100
+++ openssl-1.1.0g/crypto/evp/e_aes.c 2018-01-09 17:35:12.239011531 +0100
@@ -960,7 +960,7 @@ const EVP_CIPHER *EVP_aes_##keylen##_##m
* If KM and KMC support the function code, AES_KEY structure holds
* key/function code (instead of key schedule/number of rounds).
*/
-# define S390X_AES_FC (((AES_KEY *)(key))->rounds)
+# define S390X_AES_FC(key) (((AES_KEY *)(key))->rounds)
# define S390X_aes_128_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_128)&&\
(OPENSSL_s390xcap_P[7]&S390X_KMC_AES_128))
@@ -969,6 +969,11 @@ const EVP_CIPHER *EVP_aes_##keylen##_##m
# define S390X_aes_256_CAPABLE ((OPENSSL_s390xcap_P[5]&S390X_KM_AES_256)&&\
(OPENSSL_s390xcap_P[7]&S390X_KMC_AES_256))
+void s390x_aes_gcm_blocks(unsigned char *out, GCM128_CONTEXT *ctx,
+ const unsigned char *in, size_t len,
+ const unsigned char *aad, size_t alen,
+ const AES_KEY *key, int enc);
+
# define s390x_aes_init_key aes_init_key
static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
@@ -1029,18 +1034,197 @@ static int s390x_aes_cfb1_cipher(EVP_CIP
static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
-# define S390X_aes_128_gcm_CAPABLE 0
-# define S390X_aes_192_gcm_CAPABLE 0
-# define S390X_aes_256_gcm_CAPABLE 0
+# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE&&\
+ OPENSSL_s390xcap_P[17]\
+ &S390X_KMA_GCM_AES_128)
+# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE&&\
+ OPENSSL_s390xcap_P[17]\
+ &S390X_KMA_GCM_AES_192)
+# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE&&\
+ OPENSSL_s390xcap_P[17]\
+ &S390X_KMA_GCM_AES_256)
+
+static int s390x_aes_gcm(GCM128_CONTEXT *ctx, const unsigned char *in,
+ unsigned char *out, size_t len, int enc)
+{
+ int n;
+ size_t rem;
+ u64 mlen = ctx->len.u[1];
+ unsigned char tmp;
+
+ mlen += len;
+
+ if (mlen > ((1ULL << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+ return -1;
+
+ ctx->len.u[1] = mlen;
+
+ if (ctx->ares) {
+ (*ctx->gmult)(ctx->Xi.u, ctx->Htable);
+ ctx->ares = 0;
+ }
+ S390X_AES_FC(ctx->key) |= S390X_KMA_LAAD;
+ n = ctx->mres;
+
+ if (n) {
+ while (n && len) {
+ tmp = *in;
+ *out = tmp ^ ctx->EKi.c[n];
+ ctx->Xi.c[n] ^= enc ? *out : tmp;
+ n = (n + 1) % AES_BLOCK_SIZE;
+ --len;
+ ++in;
+ ++out;
+ }
+ if (n == 0) {
+ (*ctx->gmult)(ctx->Xi.u, ctx->Htable);
+ } else {
+ ctx->mres = n;
+ return 0;
+ }
+ }
+ rem = len % AES_BLOCK_SIZE;
+ len -= rem;
+
+ s390x_aes_gcm_blocks(out, ctx, in, len, NULL, 0, ctx->key, enc);
+
+ if (rem) {
+ in += len;
+ out += len;
+ (*ctx->block)(ctx->Yi.c, ctx->EKi.c, ctx->key);
+ ++ctx->Yi.d[3];
+ while (rem--) {
+ tmp = in[n];
+ out[n] = tmp ^ ctx->EKi.c[n];
+ ctx->Xi.c[n] ^= enc ? out[n] : tmp;
+ ++n;
+ }
+ }
+
+ ctx->mres = n;
+ return 0;
+}
-# define s390x_aes_gcm_init_key aes_gcm_init_key
static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
- const unsigned char *iv, int enc);
+ const unsigned char *iv, int enc)
+{
+ EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+ const int keybitlen = EVP_CIPHER_CTX_key_length(ctx) * 8;
+
+ if (!iv && !key)
+ return 1;
+
+ if (key) {
+ AES_set_encrypt_key(key, keybitlen, &gctx->ks.ks);
+ CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
+ S390X_AES_FC(&gctx->ks) |= S390X_KMA_HS;
+
+ if (iv == NULL && gctx->iv_set)
+ iv = gctx->iv;
+
+ if (iv) {
+ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+ gctx->iv_set = 1;
+ }
+ gctx->key_set = 1;
+ } else {
+ if (gctx->key_set)
+ CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+ else
+ memcpy(gctx->iv, iv, gctx->ivlen);
+
+ gctx->iv_set = 1;
+ gctx->iv_gen = 0;
+ }
+ return 1;
+}
+
+static int s390x_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t len)
+{
+ EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+ unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+ int enc = EVP_CIPHER_CTX_encrypting(ctx);
+ int rv = -1;
+
+ if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
+ return -1;
+
+ if (EVP_CIPHER_CTX_ctrl(ctx, enc ? EVP_CTRL_GCM_IV_GEN :
+ EVP_CTRL_GCM_SET_IV_INV,
+ EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
+ goto err;
+
+ if (CRYPTO_gcm128_aad(&gctx->gcm, buf, gctx->tls_aad_len))
+ goto err;
+
+ in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+
+ if (s390x_aes_gcm(&gctx->gcm, in, out, len, enc))
+ goto err;
+
+ if (enc) {
+ out += len;
+ CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
+ rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+ } else {
+ CRYPTO_gcm128_tag(&gctx->gcm, buf, EVP_GCM_TLS_TAG_LEN);
+
+ if (CRYPTO_memcmp(buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
+ OPENSSL_cleanse(out, len);
+ goto err;
+ }
+ rv = len;
+ }
+ err:
+ gctx->iv_set = 0;
+ gctx->tls_aad_len = -1;
+ return rv;
+}
-# define s390x_aes_gcm_cipher aes_gcm_cipher
static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, size_t len);
+ const unsigned char *in, size_t len)
+{
+ EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+ unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+ int enc = EVP_CIPHER_CTX_encrypting(ctx);
+
+ if (!gctx->key_set)
+ return -1;
+
+ if (gctx->tls_aad_len >= 0)
+ return s390x_aes_gcm_tls_cipher(ctx, out, in, len);
+
+ if (!gctx->iv_set)
+ return -1;
+
+ if (in) {
+ if (out == NULL) {
+ if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
+ return -1;
+ } else {
+ if (s390x_aes_gcm(&gctx->gcm, in, out, len, enc))
+ return -1;
+ }
+ return len;
+ } else {
+ if (enc) {
+ gctx->taglen = 16;
+ CRYPTO_gcm128_tag(&gctx->gcm, buf, gctx->taglen);
+ } else {
+ if (gctx->taglen < 0)
+ return -1;
+
+ if (CRYPTO_gcm128_finish(&gctx->gcm, buf, gctx->taglen))
+ return -1;
+ }
+ gctx->iv_set = 0;
+ return 0;
+ }
+}
# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */
# define S390X_aes_256_xts_CAPABLE 1
Index: openssl-1.1.0g/crypto/modes/gcm128.c
===================================================================
--- openssl-1.1.0g.orig/crypto/modes/gcm128.c 2017-11-02 15:29:03.000000000 +0100
+++ openssl-1.1.0g/crypto/modes/gcm128.c 2018-01-09 17:35:12.239011531 +0100
@@ -817,6 +817,10 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *
ctx->gmult = gcm_gmult_4bit;
CTX__GHASH(gcm_ghash_4bit);
}
+# elif defined(GHASH_ASM)
+ gcm_init_4bit(ctx->Htable, ctx->H.u);
+ ctx->gmult = gcm_gmult_4bit;
+ CTX__GHASH(gcm_ghash_4bit);
# else
gcm_init_4bit(ctx->Htable, ctx->H.u);
# endif
Index: openssl-1.1.0g/crypto/s390x_arch.h
===================================================================
--- openssl-1.1.0g.orig/crypto/s390x_arch.h 2018-01-09 17:35:12.207011034 +0100
+++ openssl-1.1.0g/crypto/s390x_arch.h 2018-01-09 17:35:12.239011531 +0100
@@ -45,4 +45,9 @@ extern uint64_t OPENSSL_s390xcap_P[];
# define S390X_KMA_GCM_AES_192 (1ULL << 44)
# define S390X_KMA_GCM_AES_128 (1ULL << 45)
+/* %r0 flags */
+# define S390X_KMA_LPC (1ULL << 8)
+# define S390X_KMA_LAAD (1ULL << 9)
+# define S390X_KMA_HS (1ULL << 10)
+
#endif

51
0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
View File

@ -1,51 +0,0 @@
From d137c24cbf25bae932dcfc0b58fa667a9ef63bf0 Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Sun, 26 Feb 2017 22:36:39 +0100
Subject: [PATCH 13/44] crypto/aes/asm/aes-s390x.pl: add CFI annotations
(KMA-gcm code path).
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
---
crypto/aes/asm/aes-s390x.pl | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
index f23b1231c1..dfe79f84a6 100644
--- a/crypto/aes/asm/aes-s390x.pl
+++ b/crypto/aes/asm/aes-s390x.pl
@@ -2270,10 +2270,15 @@ $code.=<<___ if (!$softonly);
.type s390x_aes_gcm_blocks,\@function
.align 16
s390x_aes_gcm_blocks:
+.cfi_startproc
stm$g $alen,$enc,7*$SIZE_T($sp)
+ .cfi_rel_offset $alen,7*$SIZE_T
+ .cfi_rel_offset $key,8*$SIZE_T
+ .cfi_rel_offset $enc,9*$SIZE_T
lm$g $alen,$enc,$stdframe($sp)
aghi $sp,-112
+ .cfi_adjust_cfa_offset 112
lmg %r0,%r1,0($ctx)
ahi %r1,-1
@@ -2300,11 +2305,16 @@ s390x_aes_gcm_blocks:
xc 0(112,$sp),0($sp) # wipe stack
la $sp,112($sp)
+ .cfi_adjust_cfa_offset -112
ahi %r0,1
st %r0,12($ctx)
lm$g $alen,$enc,7*$SIZE_T($sp)
+ .cfi_restore $alen
+ .cfi_restore $key
+ .cfi_restore $enc
br $ra
+.cfi_endproc
.size s390x_aes_gcm_blocks,.-s390x_aes_gcm_blocks
___
}
--
2.13.6

3
baselibs.conf
View File

@ -5,6 +5,3 @@ libopenssl-1_1-devel
conflicts "otherproviders(libopenssl-devel-<targettype>)"
requires -"openssl-1_1-<targettype>"
requires "libopenssl1_1-<targettype> = <version>"
libopenssl1_1-hmac
requires "libopenssl1_1-<targettype> = <version>-%release"
obsoletes "libopenssl1_1_0-hmac-<targettype>"

36
openssl-1.0.1e-add-suse-default-cipher.patch
View File

@ -1,36 +0,0 @@
Index: openssl-1.1.0f/ssl/ssl_ciph.c
===================================================================
--- openssl-1.1.0f.orig/ssl/ssl_ciph.c 2017-05-25 14:46:20.000000000 +0200
+++ openssl-1.1.0f/ssl/ssl_ciph.c 2017-09-01 11:54:09.848587297 +0200
@@ -1461,7 +1461,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
*/
ok = 1;
rule_p = rule_str;
- if (strncmp(rule_str, "DEFAULT", 7) == 0) {
+ if (strncmp(rule_str,"DEFAULT_SUSE", 12) == 0) {
+ ok = ssl_cipher_process_rulestr(SSL_DEFAULT_SUSE_CIPHER_LIST,
+ &head, &tail, ca_list, c);
+ rule_p += 12;
+ if (*rule_p == ':')
+ rule_p++;
+ }
+ else if (strncmp(rule_str, "DEFAULT", 7) == 0) {
ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
&head, &tail, ca_list, c);
rule_p += 7;
Index: openssl-1.1.0f/include/openssl/ssl.h
===================================================================
--- openssl-1.1.0f.orig/include/openssl/ssl.h 2017-05-25 14:46:20.000000000 +0200
+++ openssl-1.1.0f/include/openssl/ssl.h 2017-09-01 13:16:59.850407734 +0200
@@ -195,6 +195,11 @@ extern "C" {
* an application-defined cipher list string starts with 'DEFAULT'.
*/
# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
+# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\
+ "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:"\
+ "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
+ "DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
+ "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA"
/*
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
* starts with a reasonable order, and all we have to do for DEFAULT is

27
openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
View File

@ -1,27 +0,0 @@
Index: openssl-1.1.0c/test/recipes/99-test_suse_default_ciphers.t
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0c/test/recipes/99-test_suse_default_ciphers.t 2016-12-19 13:59:16.662066548 +0100
@@ -0,0 +1,22 @@
+#! /usr/bin/env perl
+
+use strict;
+use warnings;
+
+use OpenSSL::Test qw/:DEFAULT/;
+use OpenSSL::Test::Utils;
+
+
+setup("test_default_ciphersuites");
+
+plan tests => 4;
+
+my @cipher_suites = ("DEFAULT_SUSE", "DEFAULT");
+
+foreach my $cipherlist (@cipher_suites) {
+ ok(run(app(["openssl", "ciphers", $cipherlist])),
+ "openssl ciphers works with ciphersuite $cipherlist");
+ ok(!grep(/(MD5|RC4|DES)/, run(app(["openssl", "ciphers", "DEFAULT_SUSE"]), capture => 1)),
+ "$cipherlist shouldn't contain MD5, DES or RC4\n");
+}
+

12296
openssl-1.1.0-fips.patch
View File

File diff suppressed because it is too large Load Diff

3
openssl-1.1.0h.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517
size 5422717

10
openssl-1.1.0h.tar.gz.asc
View File

@ -1,10 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEcBAABCAAGBQJaukw0AAoJENnE0m0OYESRNZoH/jP9DGnLUsEr58XUE1w+q+P/
JXF/yaBr1LUx9e599zlVNkLyNsqIN0mVfMDgdnjefIwrEGBVBh9YdeNeeZ9Lnhc4
PQCN4vzjUcNv7Jo2DSPmuVoUikntIYM4thrBQuVt031h1+1NQmDpcmU8SESFpM5H
A7N6+p/i/ow5g2G/uqc+Wqy/Jdgwtkq+UPHvxajE7pVLhtY+ue5gU3f6Jb8odTdV
VT1QNzaStN40WiUIHtrykB3F8eg5BvwkmLUqbruy9IEEtYoJvxALVLD1B7t047Tf
Ti1AQ4Ld+NNxbhZeeYMeXTAog3w3DudsSQoOmIN2TiAR6WK44XlS/lu9lK/mFpo=
=SK44
-----END PGP SIGNATURE-----

3
openssl-1.1.1b.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b
size 8213737

11
openssl-1.1.1b.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlx1SgkACgkQ2cTSbQ5g
RJHsWwf7BqLAjJhHHU5aBqHCZgvn24wwGjiOsGjo0uNkjigM/1aZafB10CVhhTDA
kHrZddEd6ZmC7b71WIn/2rVGNycHkSxzcpnLMZ0n6Y7/aqg/5ZeGj3sHPqBjIUWv
A/uzRnaAxOXQC8bw1RgNKcQr/bP0ZTqWI5uaQR87fQ7Bh1TbKwc+ClvMZ679kx9S
MHrcxjGmtlbxdkvMuKQMLqGNeaJAPgTAWNLTovawyq4HsFrM52etpAvqqb9MhHoR
J7zi+PLY+9MUMuwEDVjnK6fCawMLr459c/VPzVcN0v6B5iAZQMVfuFu1INYAqxMC
8tRz6DYabN1mpTCVTs6OV7IAzNYbjg==
=B/je
-----END PGP SIGNATURE-----

208
openssl-1_1.changes
View File

@ -1,3 +1,211 @@
-------------------------------------------------------------------
Mon Mar 4 13:01:18 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
- Drop bc and ed BuildRequires: I could not find any reference to
these tools being used during build or check.
-------------------------------------------------------------------
Fri Mar 1 13:28:03 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
- Use upstream-approved patch for the handling of strerror_r
* https://github.com/openssl/openssl/pull/8371
- add openssl-fix-handling-of-GNU-strerror_r.patch
- drop strerror.patch
-------------------------------------------------------------------
Thu Feb 28 13:37:55 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Update to 1.1.1b
* Added SCA hardening for modular field inversion in EC_GROUP
through a new dedicated field_inv() pointer in EC_METHOD.
* Change the info callback signals for the start and end of a post-handshake
message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START
and SSL_CB_HANDSHAKE_DONE. Experience has shown that many applications get
confused by this and assume that a TLSv1.2 renegotiation has started. This
can break KeyUpdate handling. Instead we no longer signal the start and end
of a post handshake message exchange (although the messages themselves are
still signalled). This could break some applications that were expecting
the old signals. However without this KeyUpdate is not usable for many
applications.
* Fix a bug in the computation of the endpoint-pair shared secret used
by DTLS over SCTP. This breaks interoperability with older versions
of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime
switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling
interoperability with such broken implementations. However, enabling
this switch breaks interoperability with correct implementations.
* Fix a use after free bug in d2i_X509_PUBKEY when overwriting a
re-used X509_PUBKEY object if the second PUBKEY is malformed.
* Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0()
-------------------------------------------------------------------
Thu Feb 28 12:10:33 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
- Add strerror.patch to avoid problems with strerror_r() not setting
the provided buf
-------------------------------------------------------------------
Mon Feb 11 14:39:12 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
- Add s390x poly1305 vectorized implementation (fate#326351)
* https://github.com/openssl/openssl/pull/7991
- add 0001-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch
-------------------------------------------------------------------
Thu Jan 10 15:20:07 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
- Add s390x chacha20 vectorized implementation (fate#326561)
* https://github.com/openssl/openssl/pull/6919
- added patches:
0001-s390x-assembly-pack-perlasm-support.patch
0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch
-------------------------------------------------------------------
Tue Nov 20 14:31:28 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
- Update to 1.1.1a
* Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
are retained for backwards compatibility.
* Fixed the issue that RAND_add()/RAND_seed() silently discards random input
if its length exceeds 4096 bytes. The limit has been raised to a buffer size
of two gigabytes and the error handling improved.
- drop upstream patches:
* 0001-Add-a-constant-time-flag-to-one-of-the-bignums-to-av.patch
* 0001-DSA-Check-for-sanity-of-input-parameters.patch
* 0001-DSA-mod-inverse-fix.patch
* openssl-CVE-2018-0734.patch
* openssl-CVE-2018-0735.patch
-------------------------------------------------------------------
Mon Nov 5 12:53:54 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
- OpenSSL Security Advisory [30 October 2018]
* Timing vulnerability in ECDSA signature generation
(bsc#1113651, CVE-2018-0735)
* Timing vulnerability in DSA signature generation
(bsc#1113652, CVE-2018-0734)
* And more timing fixes
- Add patches:
* openssl-CVE-2018-0734.patch
* openssl-CVE-2018-0735.patch
* 0001-DSA-mod-inverse-fix.patch
* 0001-Add-a-constant-time-flag-to-one-of-the-bignums-to-av.patch
-------------------------------------------------------------------
Mon Nov 5 11:00:54 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
- Fix infinite loop in DSA generation with incorrect parameters
(bsc#1112209)
* 0001-DSA-Check-for-sanity-of-input-parameters.patch
-------------------------------------------------------------------
Thu Oct 25 13:32:33 UTC 2018 - Cristian Rodríguez <crrodriguez@opensuse.org>
- Explictly select "getrandom" system call as the seed source,
it is the safer/best performing choice on linux.
- do not force -std=gnu99, pick the compiler default.
-------------------------------------------------------------------
Tue Sep 11 13:49:06 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
- Update to 1.1.1 release
* This is the first official release of the OpenSSL 1.1.1 branch
which brings TLS 1.3 support
- remove all TLS 1.3 ciphers from the DEFAULT_SUSE cipher list as they
are configured differently
* modified openssl-DEFAULT_SUSE_cipher.patch
- drop obsolete openssl-pretend_we_are_not_beta.patch
-------------------------------------------------------------------
Thu Aug 23 13:21:00 UTC 2018 - vcizek@suse.com
- Update to 1.1.1-pre9 (Beta 7)
* Support for TLSv1.3 added
* Move the display of configuration data to configdata.pm.
* Allow GNU style "make variables" to be used with Configure.
* Add a STORE module (OSSL_STORE)
* Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes
* Add multi-prime RSA (RFC 8017) support
* Add SM3 implemented according to GB/T 32905-2016
* Add SM4 implemented according to GB/T 32907-2016.
* Add 'Maximum Fragment Length' TLS extension negotiation and support
* Add ARIA support
* Add SHA3
* Rewrite of devcrypto engine
* Add support for SipHash
* Grand redesign of the OpenSSL random generator
- pretend the release is not a Beta, to avoid "OpenSSL version mismatch"
with OpenSSH
* add openssl-pretend_we_are_not_beta.patch
- drop FIPS support
* don't build with FIPS mode (not supported in 1.1.1)
* don't create the -hmac subpackages
- drop FIPS patches
* openssl-fips-clearerror.patch
* openssl-fips-dont-fall-back-to-default-digest.patch
* openssl-fips-dont_run_FIPS_module_installed.patch
* openssl-fips-fix-odd-rsakeybits.patch
* openssl-fips-rsagen-d-bits.patch
* openssl-fips-selftests_in_nonfips_mode.patch
* openssl-fips_disallow_ENGINE_loading.patch
* openssl-rsakeygen-minimum-distance.patch
* openssl-1.1.0-fips.patch
* openssl-urandom-reseeding.patch
* openssl-CVE-2018-0737-fips.patch
- add TLS 1.3 ciphers to DEFAULT_SUSE
- merge openssl-1.0.1e-add-suse-default-cipher.patch and
openssl-1.0.1e-add-test-suse-default-cipher-suite.patch to
openssl-DEFAULT_SUSE_cipher.patch
- drop patches:
* openssl-static-deps.patch (upstream)
* 0001-Resume-reading-from-randfile-when-interrupted-by-a-s.patch
* openssl-disable_rsa_keygen_tests_with_small_modulus.patch
* 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
- drop s390x patches
* 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch
* 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
* 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
* 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch
* 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch
* 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch
* 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch
* 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch
* 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
* 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch
* 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
-------------------------------------------------------------------
Tue Aug 14 14:02:22 UTC 2018 - vcizek@suse.com
- Update to 1.1.0i
OpenSSL Security Advisory [12 June 2018]
* Reject excessively large primes in DH key generation
(bsc#1097158, CVE-2018-0732)
* Make EVP_PKEY_asn1_new() a bit stricter about its input
* Revert blinding in ECDSA sign and instead make problematic addition
length-invariant. Switch even to fixed-length Montgomery multiplication.
* Change generating and checking of primes so that the error rate of not
being prime depends on the intended use based on the size of the input.
* Increase the number of Miller-Rabin rounds for DSA key generating to 64.
* Add blinding to ECDSA and DSA signatures to protect against side channel
attacks
* When unlocking a pass phrase protected PEM file or PKCS#8 container, we
now allow empty (zero character) pass phrases.
* Certificate time validation (X509_cmp_time) enforces stricter
compliance with RFC 5280. Fractional seconds and timezone offsets
are no longer allowed.
* Fixed a text canonicalisation bug in CMS
- drop patches (upstream):
* 0001-Limit-scope-of-CN-name-constraints.patch
* 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
* 0001-Tolerate-a-Certificate-using-a-non-supported-group-o.patch
* 0002-Skip-CN-DNS-name-constraint-checks-when-not-needed.patch
- refresh patches:
* openssl-1.1.0-fips.patch
* openssl-disable_rsa_keygen_tests_with_small_modulus.patch
- rename openssl-CVE-2018-0737.patch to openssl-CVE-2018-0737-fips.patch
as it now only includes changes to the fips code
-------------------------------------------------------------------
Thu Aug 2 10:41:20 UTC 2018 - vcizek@suse.com

143
openssl-1_1.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package openssl-1_1
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@ -20,72 +20,37 @@
%define maj_min 1.1
%define _rname openssl
Name: openssl-1_1
Version: 1.1.0h
# Don't forget to update the version in the "openssl" package!
Version: 1.1.1b
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL
Group: Productivity/Networking/Security
Url: https://www.openssl.org/
URL: https://www.openssl.org/
Source: https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz
# to get mtime of file:
Source1: %{name}.changes
Source2: baselibs.conf
Source42: https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz.asc
Source3: https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz.asc
# https://www.openssl.org/about/
# http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/openssl.keyring
Source43: %{_rname}.keyring
Source99: showciphers.c
# https://github.com/openssl/openssl/pull/2045
Patch0: 0001-Resume-reading-from-randfile-when-interrupted-by-a-s.patch
# PATCH-FIX-OPENSUSE: upstream won't use glibc
Patch1: 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
Source4: %{_rname}.keyring
Source5: showciphers.c
# PATCH-FIX-OPENSUSE: do not install html mans it takes ages
Patch2: openssl-1.1.0-no-html.patch
# PATCH-FIX-UPSTREAM: patch to allow deps and linking to static libs
# needed for fips and taken from upstream
Patch3: openssl-static-deps.patch
Patch4: openssl-truststore.patch
Patch5: openssl-pkgconfig.patch
Patch6: openssl-1.0.1e-add-suse-default-cipher.patch
Patch7: openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
Patch8: openssl-ppc64-config.patch
Patch9: openssl-no-date.patch
# FIPS patches:
Patch51: openssl-1.1.0-fips.patch
Patch52: openssl-fips-dont_run_FIPS_module_installed.patch
Patch53: openssl-fips_disallow_ENGINE_loading.patch
Patch54: openssl-rsakeygen-minimum-distance.patch
Patch55: openssl-urandom-reseeding.patch
Patch56: openssl-fips-rsagen-d-bits.patch
Patch57: openssl-fips-selftests_in_nonfips_mode.patch
Patch58: openssl-fips-fix-odd-rsakeybits.patch
Patch59: openssl-fips-clearerror.patch
Patch60: openssl-fips-dont-fall-back-to-default-digest.patch
Patch61: openssl-disable_rsa_keygen_tests_with_small_modulus.patch
# FATE#321518 Add support for s390x CPACF enhancements (https://fate.suse.com/321518)
Patch62: 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch
Patch63: 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
Patch64: 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
Patch65: 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch
Patch66: 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch
Patch67: 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch
Patch68: 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch
Patch69: 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch
Patch70: 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
Patch71: 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch
Patch72: 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
# PATCH-FIX-UPSTREAM (boo#1084651)
Patch73: 0001-Tolerate-a-Certificate-using-a-non-supported-group-o.patch
# PATCH-FIX-UPSTREAM (boo#1091961)
Patch74: 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
Patch75: openssl-CVE-2018-0737.patch
# PATCH-FIX-UPSTREAM (bsc#1084011)
Patch76: 0001-Limit-scope-of-CN-name-constraints.patch
Patch77: 0002-Skip-CN-DNS-name-constraint-checks-when-not-needed.patch
BuildRequires: bc
BuildRequires: ed
Patch1: openssl-1.1.0-no-html.patch
Patch2: openssl-truststore.patch
Patch3: openssl-pkgconfig.patch
Patch4: openssl-DEFAULT_SUSE_cipher.patch
Patch5: openssl-ppc64-config.patch
Patch6: openssl-no-date.patch
# PATCH-FIX-UPSTREAM https://github.com/openssl/openssl/pull/6919 fate#326561
Patch7: 0001-s390x-assembly-pack-perlasm-support.patch
Patch8: 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch
# PATCH-FIX-UPSTREAM FATE#326351 Add vectorized poly1305 implementation for s390x (https://github.com/openssl/openssl/pull/7991)
Patch9: 0001-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch
# PATCH-FIX-UPSTREAM https://github.com/openssl/openssl/pull/8371
Patch10: openssl-fix-handling-of-GNU-strerror_r.patch
BuildRequires: pkgconfig
BuildRequires: pkgconfig(zlib)
Conflicts: ssl
Provides: ssl
Provides: openssl(cli)
@ -102,7 +67,6 @@ OpenSSL contains an implementation of the SSL and TLS protocols.
%package -n libopenssl1_1
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL
Group: Productivity/Networking/Security
Recommends: ca-certificates-mozilla
# install libopenssl and libopenssl-hmac close together (bsc#1090765)
@ -118,11 +82,9 @@ OpenSSL contains an implementation of the SSL and TLS protocols.
%package -n libopenssl-1_1-devel
Summary: Development files for OpenSSL
License: OpenSSL
Group: Development/Libraries/C and C++
Recommends: %{name} = %{version}
Requires: libopenssl1_1 = %{version}
Requires: pkgconfig(zlib)
Recommends: %{name} = %{version}
# we need to have around only the exact version we are able to operate with
Conflicts: libopenssl-devel < %{version}
Conflicts: libopenssl-devel > %{version}
@ -135,21 +97,8 @@ Obsoletes: libopenssl-1_1_0-devel
This subpackage contains header files for developing applications
that want to make use of the OpenSSL C API.
%package -n libopenssl1_1-hmac
Summary: HMAC files for FIPS-140-2 integrity checking of the openssl shared libraries
License: BSD-3-Clause
Group: Productivity/Networking/Security
Requires: libopenssl1_1 = %{version}-%{release}
# Needed for clean upgrade from former openssl-1_1_0, boo#1081335
Obsoletes: libopenssl1_1_0-hmac
%description -n libopenssl1_1-hmac
The FIPS compliant operation of the openssl shared libraries is NOT
possible without the HMAC hashes contained in this package!
%package doc
Summary: Additional Package Documentation
License: OpenSSL
Group: Productivity/Networking/Security
Conflicts: openssl-doc
Provides: openssl-doc = %{version}
@ -173,20 +122,17 @@ export MACHINE=armv6l
%endif
./config \
no-rc5 no-idea \
fips \
no-ssl3 \
no-idea \
enable-rfc3779 \
%ifarch x86_64 aarch64 ppc64le
enable-ec_nistp_64_gcc_128 \
%endif
enable-camellia \
zlib \
no-ec2m \
--prefix=%{_prefix} \
--libdir=%{_lib} \
--openssldir=%{ssletcdir} \
%{optflags} -std=gnu99 \
%{optflags} \
-Wa,--noexecstack \
-Wl,-z,relro,-z,now \
-fno-common \
@ -195,7 +141,11 @@ export MACHINE=armv6l
-D_GNU_SOURCE \
-DOPENSSL_NO_BUF_FREELISTS \
$(getconf LFS_CFLAGS) \
-Wall
-Wall \
--with-rand-seed=getrandom
# Show build configuration
perl configdata.pm --dump
util/mkdef.pl crypto update
make depend %{?_smp_mflags}
@ -206,7 +156,7 @@ export MALLOC_CHECK_=3
export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
LD_LIBRARY_PATH=`pwd` make test -j1
# show cyphers
gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE99} -L%{buildroot}%{_libdir} -lssl -lcrypto
gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE5} -L%{buildroot}%{_libdir} -lssl -lcrypto
LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers
%install
@ -251,30 +201,7 @@ set -x
find demos -type f -perm /111 -exec chmod 644 {} \;
# Place showciphers.c for %doc macro
cp %{SOURCE99} .
# the hmac hashes:
#
# this is a hack that re-defines the __os_install_post macro
# for a simple reason: the macro strips the binaries and thereby
# invalidates a HMAC that may have been created earlier.
# solution: create the hashes _after_ the macro runs.
#
# this shows up earlier because otherwise the %expand of
# the macro is too late.
# remark: This is the same as running
# openssl dgst -sha256 -hmac 'ppaksykemnsecgtsttplmamstKMEs'
%{expand:%%global __os_install_post {%__os_install_post
%{buildroot}%{_bindir}/fips_standalone_hmac \
%{buildroot}%{_libdir}/libssl.so.%{maj_min} > \
%{buildroot}%{_libdir}/.libssl.so.%{maj_min}.hmac
%{buildroot}%{_bindir}/fips_standalone_hmac \
%{buildroot}%{_libdir}/libcrypto.so.%{maj_min} > \
%{buildroot}%{_libdir}/.libcrypto.so.%{maj_min}.hmac
}}
cp %{SOURCE5} .
%post -n libopenssl1_1 -p /sbin/ldconfig
%postun -n libopenssl1_1 -p /sbin/ldconfig
@ -285,10 +212,6 @@ cp %{SOURCE99} .
%{_libdir}/libcrypto.so.%{maj_min}
%{_libdir}/engines-%{maj_min}
%files -n libopenssl1_1-hmac
%{_libdir}/.libssl.so.%{maj_min}.hmac
%{_libdir}/.libcrypto.so.%{maj_min}.hmac
%files -n libopenssl-1_1-devel
%{_includedir}/%{_rname}/
%{_includedir}/ssl
@ -307,10 +230,12 @@ cp %{SOURCE99} .
%dir %{ssletcdir}
%config (noreplace) %{ssletcdir}/openssl.cnf
%attr(700,root,root) %{ssletcdir}/private
%{ssletcdir}/ct_log_list.cnf
%{ssletcdir}/ct_log_list.cnf.dist
%dir %{_datadir}/ssl
%{_datadir}/ssl/misc
%{_bindir}/c_rehash
%{_bindir}/fips_standalone_hmac
%{_bindir}/%{_rname}
%changelog

112
openssl-CVE-2018-0737.patch
View File

@ -1,112 +0,0 @@
The CVE-2018-0737 fix consists of commits:
9db724cfede4ba7a3668bff533973ee70145ec07
011f82e66f4bf131c733fd41a8390039859aafb2
7150a4720af7913cae16f2e4eaf768b578c0b298
(the three above are included in 1.1.0h)
6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
and additional changes to our fips_rsa_keygen()
From 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 Mon Sep 17 00:00:00 2001
From: Billy Brumley <bbrumley@gmail.com>
Date: Wed, 11 Apr 2018 10:10:58 +0300
Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont
both get called with BN_FLG_CONSTTIME flag set.
CVE-2018-0737
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
---
crypto/rsa/rsa_gen.c | 2 ++
1 file changed, 2 insertions(+)
Index: openssl-1.1.0h/crypto/rsa/rsa_gen.c
===================================================================
--- openssl-1.1.0h.orig/crypto/rsa/rsa_gen.c 2018-05-10 11:50:53.298706226 +0200
+++ openssl-1.1.0h/crypto/rsa/rsa_gen.c 2018-05-10 12:55:39.394968170 +0200
@@ -123,6 +123,7 @@ static int fips_rsa_builtin_keygen(RSA *
int n = 0;
int test = 0;
int pbits = bits / 2;
+ unsigned long error = 0;
if (FIPS_selftest_failed()) {
FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED);
@@ -191,6 +192,10 @@ retry:
if (!BN_lshift(r3, r3, pbits - 100))
goto err;
+ BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
+ BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
+ BN_set_flags(r2, BN_FLG_CONSTTIME);
+
/* generate p and q */
for (i = 0; i < 5 * pbits; i++) {
ploop:
@@ -205,9 +210,9 @@ retry:
if (!BN_sub(r2, rsa->p, BN_value_one()))
goto err;
- if (!BN_gcd(r1, r2, rsa->e, ctx))
- goto err;
- if (BN_is_one(r1)) {
+ ERR_set_mark();
+ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
+ /* GCD == 1 since inverse exists */
int r;
r = BN_is_prime_fasttest_ex(rsa->p, pbits > 1024 ? 4 : 5, ctx, 0,
cb);
@@ -217,6 +222,15 @@ retry:
break;
}
+ error = ERR_peek_last_error();
+ if (ERR_GET_LIB(error) == ERR_LIB_BN
+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+ /* GCD != 1 */
+ ERR_pop_to_mark();
+ } else {
+ goto err;
+ }
+
if (!BN_GENCB_call(cb, 2, n++))
goto err;
}
@@ -248,9 +262,9 @@ retry:
if (!BN_sub(r2, rsa->q, BN_value_one()))
goto err;
- if (!BN_gcd(r1, r2, rsa->e, ctx))
- goto err;
- if (BN_is_one(r1)) {
+ ERR_set_mark();
+ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
+ /* GCD == 1 since inverse exists */
int r;
r = BN_is_prime_fasttest_ex(rsa->q, pbits > 1024 ? 4 : 5, ctx, 0,
cb);
@@ -260,6 +274,15 @@ retry:
break;
}
+ error = ERR_peek_last_error();
+ if (ERR_GET_LIB(error) == ERR_LIB_BN
+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+ /* GCD != 1 */
+ ERR_pop_to_mark();
+ } else {
+ goto err;
+ }
+
if (!BN_GENCB_call(cb, 2, n++))
goto err;
}
@@ -457,6 +480,8 @@ static int rsa_builtin_keygen(RSA *rsa,
if (BN_copy(rsa->e, e_value) == NULL)
goto err;
+ BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
+ BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
BN_set_flags(r2, BN_FLG_CONSTTIME);
/* generate p and q */
for (;;) {

64
openssl-DEFAULT_SUSE_cipher.patch Normal file
View File

@ -0,0 +1,64 @@
Index: openssl-1.1.1/ssl/ssl_ciph.c
===================================================================
--- openssl-1.1.1.orig/ssl/ssl_ciph.c 2018-09-11 14:48:23.000000000 +0200
+++ openssl-1.1.1/ssl/ssl_ciph.c 2018-09-11 16:38:40.412543331 +0200
@@ -1567,7 +1567,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
*/
ok = 1;
rule_p = rule_str;
- if (strncmp(rule_str, "DEFAULT", 7) == 0) {
+ if (strncmp(rule_str,"DEFAULT_SUSE", 12) == 0) {
+ ok = ssl_cipher_process_rulestr(SSL_DEFAULT_SUSE_CIPHER_LIST,
+ &head, &tail, ca_list, c);
+ rule_p += 12;
+ if (*rule_p == ':')
+ rule_p++;
+ }
+ else if (strncmp(rule_str, "DEFAULT", 7) == 0) {
ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
&head, &tail, ca_list, c);
rule_p += 7;
Index: openssl-1.1.1/include/openssl/ssl.h
===================================================================
--- openssl-1.1.1.orig/include/openssl/ssl.h 2018-09-11 14:48:23.000000000 +0200
+++ openssl-1.1.1/include/openssl/ssl.h 2018-09-11 16:45:20.979303981 +0200
@@ -171,6 +171,11 @@ extern "C" {
* This applies to ciphersuites for TLSv1.2 and below.
*/
# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
+# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\
+ "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:"\
+ "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
+ "DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
+ "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA"
/* This is the default set of TLSv1.3 ciphersuites */
# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
Index: openssl-1.1.1/test/recipes/99-test_suse_default_ciphers.t
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1/test/recipes/99-test_suse_default_ciphers.t 2018-09-11 16:38:23.292423281 +0200
@@ -0,0 +1,23 @@
+#! /usr/bin/env perl
+
+use strict;
+use warnings;
+
+use OpenSSL::Test qw/:DEFAULT/;
+use OpenSSL::Test::Utils;
+
+setup("test_default_ciphersuites");
+
+plan tests => 6;
+
+my @cipher_suites = ("DEFAULT_SUSE", "DEFAULT");
+
+foreach my $cipherlist (@cipher_suites) {
+ ok(run(app(["openssl", "ciphers", "-s", $cipherlist])),
+ "openssl ciphers works with ciphersuite $cipherlist");
+ ok(!grep(/(MD5|RC4|DES)/, run(app(["openssl", "ciphers", "-s", $cipherlist]), capture => 1)),
+ "$cipherlist shouldn't contain MD5, DES or RC4\n");
+ ok(grep(/(TLSv1.3)/, run(app(["openssl", "ciphers", "-tls1_3", "-s", "-v", $cipherlist]), capture => 1)),
+ "$cipherlist should contain TLSv1.3 ciphers\n");
+}
+

12
openssl-disable_rsa_keygen_tests_with_small_modulus.patch
View File

@ -1,12 +0,0 @@
Index: openssl-1.1.0f/test/recipes/15-test_genrsa.t
===================================================================
--- openssl-1.1.0f.orig/test/recipes/15-test_genrsa.t 2017-05-25 14:46:21.000000000 +0200
+++ openssl-1.1.0f/test/recipes/15-test_genrsa.t 2017-05-29 17:56:31.900331435 +0200
@@ -16,6 +16,7 @@ use OpenSSL::Test::Utils;
setup("test_genrsa");
+plan skip_all => 'Minimal RSA modulus size is 200 bits';
plan tests => 5;
is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8");

12
openssl-fips-clearerror.patch
View File

@ -1,12 +0,0 @@
Index: openssl-1.0.2g/crypto/o_init.c
===================================================================
--- openssl-1.0.2g.orig/crypto/o_init.c 2016-04-14 10:54:05.763929573 +0200
+++ openssl-1.0.2g/crypto/o_init.c 2016-04-14 10:59:08.366168879 +0200
@@ -91,6 +91,7 @@ static void init_fips_mode(void)
NONFIPS_selftest_check();
/* drop down to non-FIPS mode if it is not requested */
FIPS_mode_set(0);
+ ERR_clear_error();
} else {
/* abort if selftest failed */
FIPS_selftest_check();

15
openssl-fips-dont-fall-back-to-default-digest.patch
View File

@ -1,15 +0,0 @@
Index: openssl-1.1.0e/apps/dgst.c
===================================================================
--- openssl-1.1.0e.orig/apps/dgst.c 2017-04-20 12:31:52.471544178 +0200
+++ openssl-1.1.0e/apps/dgst.c 2017-04-20 12:38:46.669771843 +0200
@@ -94,6 +94,10 @@ int dgst_main(int argc, char **argv)
prog = opt_progname(argv[0]);
buf = app_malloc(BUFSIZE, "I/O buffer");
md = EVP_get_digestbyname(prog);
+ if (md == NULL && strcmp(prog, "dgst") != 0) {
+ BIO_printf(bio_err, "%s is not a known digest\n", prog);
+ goto end;
+ }
prog = opt_init(argc, argv, dgst_options);
while ((o = opt_next()) != OPT_EOF) {

16
openssl-fips-dont_run_FIPS_module_installed.patch
View File

@ -1,16 +0,0 @@
Index: openssl-1.0.2h/crypto/o_init.c
===================================================================
--- openssl-1.0.2h.orig/crypto/o_init.c 2016-06-01 15:26:25.026937000 +0200
+++ openssl-1.0.2h/crypto/o_init.c 2016-06-01 16:23:24.980858697 +0200
@@ -111,9 +111,9 @@ void __attribute__ ((constructor)) OPENS
return;
done = 1;
#ifdef OPENSSL_FIPS
- if (!FIPS_module_installed()) {
+ /*if (!FIPS_module_installed()) {
return;
- }
+ }*/
RAND_init_fips();
init_fips_mode();
if (!FIPS_mode()) {

14
openssl-fips-fix-odd-rsakeybits.patch
View File

@ -1,14 +0,0 @@
Index: openssl-1.0.2g/crypto/rsa/rsa_gen.c
===================================================================
--- openssl-1.0.2g.orig/crypto/rsa/rsa_gen.c 2016-04-14 10:52:34.187646539 +0200
+++ openssl-1.0.2g/crypto/rsa/rsa_gen.c 2016-04-14 10:53:39.335559301 +0200
@@ -465,7 +465,8 @@ static int rsa_builtin_keygen(RSA *rsa,
goto err;
bitsp = (bits + 1) / 2;
- bitsq = bits - bitsp;
+ /* Use the same number of bits for p and q, our checks assume it. */
+ bitsq = bitsp;
/* prepare a maximum for p and q */
/* 0xB504F334 is (sqrt(2)/2)*2^32 */

39
openssl-fips-rsagen-d-bits.patch
View File

@ -1,39 +0,0 @@
Index: openssl-1.1.0c/crypto/rsa/rsa_gen.c
===================================================================
--- openssl-1.1.0c.orig/crypto/rsa/rsa_gen.c 2016-12-08 17:55:15.968669184 +0100
+++ openssl-1.1.0c/crypto/rsa/rsa_gen.c 2016-12-08 17:55:15.976669308 +0100
@@ -173,6 +173,12 @@ static int fips_rsa_builtin_keygen(RSA *
goto err;
}
+ BN_copy(rsa->e, e_value);
+
+ if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
+ test = 1;
+
+retry:
/* prepare approximate minimum p and q */
if (!BN_set_word(r0, 0xB504F334))
goto err;
@@ -185,12 +191,6 @@ static int fips_rsa_builtin_keygen(RSA *
if (!BN_lshift(r3, r3, pbits - 100))
goto err;
- BN_copy(rsa->e, e_value);
-
- if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
- test = 1;
-
- retry:
/* generate p and q */
for (i = 0; i < 5 * pbits; i++) {
ploop:
@@ -323,6 +323,8 @@ static int fips_rsa_builtin_keygen(RSA *
BN_free(pr0);
}
+ /* test 2^(bits/2) < d < LCM((p-1)*(q-1)) */
+ /* the LCM part is covered due to the generation by modulo above */
if (BN_num_bits(rsa->d) < pbits)
goto retry; /* d is too small */

74
openssl-fips-selftests_in_nonfips_mode.patch
View File

@ -1,74 +0,0 @@
Index: openssl-1.1.0c/crypto/fips/fips.c
===================================================================
--- openssl-1.1.0c.orig/crypto/fips/fips.c 2016-12-09 11:34:28.778291575 +0100
+++ openssl-1.1.0c/crypto/fips/fips.c 2016-12-09 11:37:18.192847119 +0100
@@ -472,6 +472,44 @@ int FIPS_module_mode_set(int onoff)
return ret;
}
+/* In non-FIPS mode, the selftests must succeed if the
+ * checksum files are present
+ */
+void NONFIPS_selftest_check(void)
+{
+ int rv;
+ char *hmacpath;
+ char path[PATH_MAX+1];
+
+ if (fips_selftest_fail)
+ {
+ /* check if the checksum files are installed */
+ rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER, "FIPS_mode_set", path, sizeof(path));
+ if (rv < 0)
+ OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
+
+ hmacpath = make_hmac_path(path);
+ if (hmacpath == NULL)
+ OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
+
+ if (access(hmacpath, F_OK))
+ {
+ /* no hmac file is present, ignore the failed selftests */
+ if (errno == ENOENT)
+ {
+ free(hmacpath);
+ return;
+ }
+ /* we fail on any other error */
+ }
+ /* if the file exists, but the selftests failed
+ (eg wrong checksum), we fail too */
+ free(hmacpath);
+ OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
+ }
+ /* otherwise ok, selftests were successful */
+}
+
static CRYPTO_THREAD_ID fips_threadid;
static int fips_thread_set = 0;
Index: openssl-1.1.0c/crypto/o_init.c
===================================================================
--- openssl-1.1.0c.orig/crypto/o_init.c 2016-12-09 11:34:28.726290785 +0100
+++ openssl-1.1.0c/crypto/o_init.c 2016-12-09 11:34:28.778291575 +0100
@@ -44,6 +44,8 @@ static void init_fips_mode(void)
*/
if (buf[0] != '1') {
+ /* abort if selftest failed and the module is complete */
+ NONFIPS_selftest_check();
/* drop down to non-FIPS mode if it is not requested */
FIPS_mode_set(0);
} else {
Index: openssl-1.1.0c/include/openssl/fips.h
===================================================================
--- openssl-1.1.0c.orig/include/openssl/fips.h 2016-12-09 11:34:28.654289692 +0100
+++ openssl-1.1.0c/include/openssl/fips.h 2016-12-09 11:38:18.553750517 +0100
@@ -65,6 +65,7 @@ extern "C" {
int FIPS_selftest(void);
int FIPS_selftest_failed(void);
int FIPS_selftest_drbg_all(void);
+ void NONFIPS_selftest_check(void);
int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
const EVP_MD *evpmd, const unsigned char *seed_in,

14
openssl-fips_disallow_ENGINE_loading.patch
View File

@ -1,14 +0,0 @@
Index: openssl-1.1.0c/crypto/init.c
===================================================================
--- openssl-1.1.0c.orig/crypto/init.c 2016-12-08 17:36:03.170689184 +0100
+++ openssl-1.1.0c/crypto/init.c 2016-12-08 17:36:14.938873308 +0100
@@ -564,6 +564,9 @@ int OPENSSL_init_crypto(uint64_t opts, c
&& !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
return 0;
# endif
+# ifdef OPENSSL_FIPS
+ if (!FIPS_mode())
+# endif
if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
&& !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
return 0;

50
openssl-fix-handling-of-GNU-strerror_r.patch Normal file
View File

@ -0,0 +1,50 @@
diff --git a/crypto/o_str.c b/crypto/o_str.c
index 02578dbf0d..3b271e745b 100644
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@@ -223,7 +223,26 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
#if defined(_MSC_VER) && _MSC_VER>=1400
return !strerror_s(buf, buflen, errnum);
#elif defined(_GNU_SOURCE)
- return strerror_r(errnum, buf, buflen) != NULL;
+ char *err;
+
+ /*
+ * GNU strerror_r may not actually set buf.
+ * It can return a pointer to some (immutable) static string in which case
+ * buf is left unused.
+ */
+ err = strerror_r(errnum, buf, buflen);
+ if (err == NULL)
+ return 0;
+ /*
+ * If err is statically allocated, err != buf and we need to copy the data.
+ * If err points somewhere inside buf, OPENSSL_strlcpy can handle this,
+ * since src and dest are not annotated with __restrict and the function
+ * reads src byte for byte and writes to dest.
+ * If err == buf we do not have to copy anything.
+ */
+ if (err != buf)
+ OPENSSL_strlcpy(buf, err, buflen);
+ return 1;
#elif (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) || \
(defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600)
/*
@@ -234,6 +253,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
return !strerror_r(errnum, buf, buflen);
#else
char *err;
+
/* Fall back to non-thread safe strerror()...its all we can do */
if (buflen < 2)
return 0;
@@ -241,8 +261,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
/* Can this ever happen? */
if (err == NULL)
return 0;
- strncpy(buf, err, buflen - 1);
- buf[buflen - 1] = '\0';
+ OPENSSL_strlcpy(buf, err, buflen);
return 1;
#endif
}

16
openssl-no-date.patch
View File

@ -1,11 +1,13 @@
Index: openssl-1.1.0f/util/mkbuildinf.pl
Index: openssl-1.1.1-pre1/util/mkbuildinf.pl
===================================================================
--- openssl-1.1.0f.orig/util/mkbuildinf.pl
+++ openssl-1.1.0f/util/mkbuildinf.pl
@@ -37,5 +37,5 @@ print <<"END_OUTPUT";
'\\0'
};
--- openssl-1.1.1-pre1.orig/util/mkbuildinf.pl 2018-02-13 16:31:28.011389734 +0100
+++ openssl-1.1.1-pre1/util/mkbuildinf.pl 2018-02-13 16:31:51.539764582 +0100
@@ -28,7 +28,7 @@ print <<"END_OUTPUT";
*/
#define PLATFORM "platform: $platform"
-#define DATE "built on: $date"
+#define DATE ""
END_OUTPUT
/*
* Generate compiler_flags as an array of individual characters. This is a

12
openssl-pkgconfig.patch
View File

@ -1,17 +1,17 @@
Index: openssl-1.1.0h/Configurations/unix-Makefile.tmpl
Index: openssl-1.1.1-pre3/Configurations/unix-Makefile.tmpl
===================================================================
--- openssl-1.1.0h.orig/Configurations/unix-Makefile.tmpl 2018-03-27 16:32:18.922799218 +0200
+++ openssl-1.1.0h/Configurations/unix-Makefile.tmpl 2018-03-27 16:33:19.307764137 +0200
@@ -710,7 +710,7 @@ libcrypto.pc:
--- openssl-1.1.1-pre3.orig/Configurations/unix-Makefile.tmpl 2018-03-20 15:20:03.037124698 +0100
+++ openssl-1.1.1-pre3/Configurations/unix-Makefile.tmpl 2018-03-20 15:21:04.206084731 +0100
@@ -843,7 +843,7 @@ libcrypto.pc:
echo 'Version: '$(VERSION); \
echo 'Libs: -L$${libdir} -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Libs.private: $(LIB_EX_LIBS)'; \
- echo 'Cflags: -I$${includedir}' ) > libcrypto.pc
+ echo 'Cflags: -DOPENSSL_LOAD_CONF -I$${includedir}' ) > libcrypto.pc
libssl.pc:
@ ( echo 'prefix=$(INSTALLTOP)'; \
@@ -723,7 +723,7 @@ libssl.pc:
@@ -860,7 +860,7 @@ libssl.pc:
echo 'Version: '$(VERSION); \
echo 'Requires.private: libcrypto'; \
echo 'Libs: -L$${libdir} -lssl'; \

15
openssl-ppc64-config.patch
View File

@ -1,12 +1,17 @@
Index: openssl-1.1.0e/config
Index: openssl-1.1.1-pre3/config
===================================================================
--- openssl-1.1.0e.orig/config
+++ openssl-1.1.0e/config
@@ -550,7 +550,7 @@ case "$GUESSOS" in
--- openssl-1.1.1-pre3.orig/config 2018-03-20 15:24:38.037441210 +0100
+++ openssl-1.1.1-pre3/config 2018-03-20 15:26:20.163043492 +0100
@@ -552,12 +552,7 @@ case "$GUESSOS" in
OUT="linux-ppc64"
else
OUT="linux-ppc"
- (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32"
- if (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null); then
- :;
- else
- __CNF_CFLAGS="$__CNF_CFLAGS -m32"
- __CNF_CXXFLAGS="$__CNF_CXXFLAGS -m32"
- fi
+ (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || OUT="linux-ppc64"
fi
;;

47
openssl-rsakeygen-minimum-distance.patch
View File

@ -1,47 +0,0 @@
Index: openssl-1.1.0h/crypto/rsa/rsa_gen.c
===================================================================
--- openssl-1.1.0h.orig/crypto/rsa/rsa_gen.c 2018-03-27 16:34:44.709128590 +0200
+++ openssl-1.1.0h/crypto/rsa/rsa_gen.c 2018-03-27 16:34:44.753129312 +0200
@@ -420,6 +420,19 @@ static int rsa_builtin_keygen(RSA *rsa,
bitsp = (bits + 1) / 2;
bitsq = bits - bitsp;
+ /* prepare a maximum for p and q */
+ /* 0xB504F334 is (sqrt(2)/2)*2^32 */
+ if (!BN_set_word(r0, 0xB504F334))
+ goto err;
+ if (!BN_lshift(r0, r0, bitsp - 32))
+ goto err;
+
+ /* prepare minimum p and q difference */
+ if (!BN_one(r3))
+ goto err;
+ if (!BN_lshift(r3, r3, bitsp - 100))
+ goto err;
+
/* We need the RSA components non-NULL */
if (!rsa->n && ((rsa->n = BN_new()) == NULL))
goto err;
@@ -446,6 +459,8 @@ static int rsa_builtin_keygen(RSA *rsa,
for (;;) {
if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
goto err;
+ if (BN_cmp(rsa->p, r0) < 0)
+ continue;
if (!BN_sub(r2, rsa->p, BN_value_one()))
goto err;
ERR_set_mark();
@@ -471,6 +486,13 @@ static int rsa_builtin_keygen(RSA *rsa,
if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
goto err;
} while (BN_cmp(rsa->p, rsa->q) == 0);
+ if (BN_cmp(rsa->q, r0) < 0)
+ continue;
+ /* check for minimum distance between p and q, 2^(bitsp-100) */
+ if (!BN_sub(r2, rsa->q, rsa->p))
+ goto err;
+ if (BN_ucmp(r2, r3) <= 0)
+ continue;
if (!BN_sub(r2, rsa->q, BN_value_one()))
goto err;
ERR_set_mark();

195
openssl-static-deps.patch
View File

@ -1,195 +0,0 @@
From 186a31e510d1326063cfeca17e58fadec236ad2a Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Wed, 9 Nov 2016 20:01:51 +0100
Subject: [PATCH] Building: make it possible to force linking with static
OpenSSL libs
Very simply, support having the .a extension to denote depending on
static libraries. Note that this is not supported on native Windows
when building shared libraries, as there is not static library then,
just an import library with the same name.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1889)
---
Configurations/common.tmpl | 14 +++++++++++---
Configurations/descrip.mms.tmpl | 23 ++++++++++++++---------
Configurations/unix-Makefile.tmpl | 19 ++++++++++++-------
Configurations/windows-makefile.tmpl | 4 +++-
Configure | 7 +++++++
5 files changed, 47 insertions(+), 20 deletions(-)
Index: openssl-1.1.0h/Configurations/common.tmpl
===================================================================
--- openssl-1.1.0h.orig/Configurations/common.tmpl 2018-03-27 15:50:37.000000000 +0200
+++ openssl-1.1.0h/Configurations/common.tmpl 2018-03-27 16:31:37.126131133 +0200
@@ -9,15 +9,22 @@
# there are no duplicate dependencies and that they are in the
# right order. This is especially used to sort the list of
# libraries that a build depends on.
+ sub extensionlesslib {
+ my @result = map { $_ =~ /(\.a)?$/; $` } @_;
+ return @result if wantarray;
+ return $result[0];
+ }
sub resolvedepends {
my $thing = shift;
+ my $extensionlessthing = extensionlesslib($thing);
my @listsofar = @_; # to check if we're looping
- my @list = @{$unified_info{depends}->{$thing}};
+ my @list = @{$unified_info{depends}->{$extensionlessthing}};
my @newlist = ();
if (scalar @list) {
foreach my $item (@list) {
+ my $extensionlessitem = extensionlesslib($item);
# It's time to break off when the dependency list starts looping
- next if grep { $_ eq $item } @listsofar;
+ next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
push @newlist, $item, resolvedepends($item, @listsofar, $item);
}
}
@@ -28,8 +35,9 @@
my @newlist = ();
while (@list) {
my $item = shift @list;
+ my $extensionlessitem = extensionlesslib($item);
push @newlist, $item
- unless grep { $item eq $_ } @list;
+ unless grep { $extensionlessitem eq extensionlesslib($_) } @list;
}
@newlist;
}
Index: openssl-1.1.0h/Configurations/descrip.mms.tmpl
===================================================================
--- openssl-1.1.0h.orig/Configurations/descrip.mms.tmpl 2018-03-27 15:50:37.000000000 +0200
+++ openssl-1.1.0h/Configurations/descrip.mms.tmpl 2018-03-27 16:31:37.126131133 +0200
@@ -537,6 +537,17 @@ configdata.pm : $(SRCDIR)Configure $(SRC
use File::Basename;
use File::Spec::Functions qw/abs2rel rel2abs catfile catdir/;
+ # Helper function to figure out dependencies on libraries
+ # It takes a list of library names and outputs a list of dependencies
+ sub compute_lib_depends {
+ if ($disabled{shared}) {
+ return map { $_ =~ /\.a$/ ? $`.".OLB" : $_.".OLB" } @_;
+ }
+ return map { $_ =~ /\.a$/
+ ? $`.".OLB"
+ : $unified_info{sharednames}->{$_}.".EXE" } @_;
+ }
+
sub generatesrc {
my %args = @_;
my $generator = join(" ", @{$args{generator}});
@@ -632,9 +643,7 @@ EOF
my $libd = dirname($lib);
my $libn = basename($lib);
(my $mkdef_key = $libn) =~ s/^${osslprefix_q}lib([^0-9]*)\d*/$1/i;
- my @deps = map {
- $disabled{shared} ? $_.".OLB"
- : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
+ my @deps = compute_lib_depends(@{$args{deps}});
my $deps = join(", -\n\t\t", @deps);
my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : "";
@@ -680,9 +689,7 @@ EOF
my $libn = basename($lib);
(my $libn_nolib = $libn) =~ s/^lib//;
my @objs = map { "$_.OBJ" } @{$args{objs}};
- my @deps = map {
- $disabled{shared} ? $_.".OLB"
- : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
+ my @deps = compute_lib_depends(@{$args{deps}});
my $deps = join(", -\n\t\t", @objs, @deps);
my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
my $engine_opt = abs2rel(rel2abs(catfile($config{sourcedir},
@@ -732,9 +739,7 @@ EOF
my $bind = dirname($bin);
my $binn = basename($bin);
my @objs = map { "$_.OBJ" } @{$args{objs}};
- my @deps = map {
- $disabled{shared} ? $_.".OLB"
- : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
+ my @deps = compute_lib_depends(@{$args{deps}});
my $deps = join(", -\n\t\t", @objs, @deps);
# The "[]" hack is because in .OPT files, each line inherits the
# previous line's file spec as default, so if no directory spec
Index: openssl-1.1.0h/Configurations/unix-Makefile.tmpl
===================================================================
--- openssl-1.1.0h.orig/Configurations/unix-Makefile.tmpl 2018-03-27 16:31:37.110130877 +0200
+++ openssl-1.1.0h/Configurations/unix-Makefile.tmpl 2018-03-27 16:31:37.126131133 +0200
@@ -755,13 +755,13 @@ configdata.pm: $(SRCDIR)/Configure $(SRC
# It takes a list of library names and outputs a list of dependencies
sub compute_lib_depends {
if ($disabled{shared}) {
- return map { $_.$libext } @_;
+ return map { $_ =~ /\.a$/ ? $`.$libext : $_.$libext } @_;
}
# Depending on shared libraries:
# On Windows POSIX layers, we depend on {libname}.dll.a
# On Unix platforms, we depend on {shlibname}.so
- return map { shlib_simple($_) } @_;
+ return map { $_ =~ /\.a$/ ? $`.$libext : shlib_simple($_) } @_;
}
sub generatesrc {
@@ -976,11 +976,16 @@ EOF
my $binn = basename($bin);
my $objs = join(" ", map { $_.$objext } @{$args{objs}});
my $deps = join(" ",compute_lib_depends(@{$args{deps}}));
- my $linklibs = join("", map { my $d = dirname($_);
- my $f = basename($_);
- $d = "." if $d eq $f;
- (my $l = $f) =~ s/^lib//;
- " -L$d -l$l" } @{$args{deps}});
+ my $linklibs = join("", map { if ($_ =~ /\.a$/) {
+ " $_";
+ } else {
+ my $d = dirname($_);
+ my $f = basename($_);
+ $d = "." if $d eq $f;
+ (my $l = $f) =~ s/^lib//;
+ " -L$d -l$l"
+ }
+ } @{$args{deps}});
my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
return <<"EOF";
$bin$exeext: $objs $deps
Index: openssl-1.1.0h/Configurations/windows-makefile.tmpl
===================================================================
--- openssl-1.1.0h.orig/Configurations/windows-makefile.tmpl 2018-03-27 15:50:37.000000000 +0200
+++ openssl-1.1.0h/Configurations/windows-makefile.tmpl 2018-03-27 16:31:37.126131133 +0200
@@ -361,8 +361,10 @@ configdata.pm: "$(SRCDIR)\Configure" {-
# It takes a list of library names and outputs a list of dependencies
sub compute_lib_depends {
if ($disabled{shared}) {
- return map { $_.$libext } @_;
+ return map { $_ =~ /\.a$/ ? $`.$libext : $_.$libext } @_;
}
+ die "Linking with static OpenSSL libraries is not supported in this configuration\n"
+ if grep /\.a$/, @_;
return map { shlib_import($_) } @_;
}
Index: openssl-1.1.0h/Configure
===================================================================
--- openssl-1.1.0h.orig/Configure 2018-03-27 15:50:37.000000000 +0200
+++ openssl-1.1.0h/Configure 2018-03-27 16:31:37.126131133 +0200
@@ -1844,9 +1844,16 @@ EOF
$d = cleanfile($buildd, $_, $blddir);
}
# Take note if the file to depend on is being renamed
+ # Take extra care with files ending with .a, they should
+ # be treated without that extension, and the extension
+ # should be added back after treatment.
+ $d =~ /(\.a)?$/;
+ my $e = $1 // "";
+ $d = $`;
if ($unified_info{rename}->{$d}) {
$d = $unified_info{rename}->{$d};
}
+ $d .= $e;
$unified_info{depends}->{$ddest}->{$d} = 1;
}
}

8
openssl-truststore.patch
View File

@ -1,10 +1,10 @@
Don't use the legacy /etc/ssl/certs directory anymore but rather the
p11-kit generated /var/lib/ca-certificates/openssl one (fate#314991)
Index: openssl-1.1.0e/crypto/include/internal/cryptlib.h
Index: openssl-1.1.1-pre1/include/internal/cryptlib.h
===================================================================
--- openssl-1.1.0e.orig/crypto/include/internal/cryptlib.h
+++ openssl-1.1.0e/crypto/include/internal/cryptlib.h
@@ -41,8 +41,8 @@ DEFINE_LHASH_OF(MEM);
--- openssl-1.1.1-pre1.orig/include/internal/cryptlib.h 2018-02-13 14:48:12.000000000 +0100
+++ openssl-1.1.1-pre1/include/internal/cryptlib.h 2018-02-13 16:30:11.738161984 +0100
@@ -59,8 +59,8 @@ DEFINE_LHASH_OF(MEM);
# ifndef OPENSSL_SYS_VMS
# define X509_CERT_AREA OPENSSLDIR

100
openssl-urandom-reseeding.patch
View File

@ -1,100 +0,0 @@
Index: openssl-1.1.0c/crypto/rand/rand_unix.c
===================================================================
--- openssl-1.1.0c.orig/crypto/rand/rand_unix.c 2016-12-12 17:33:05.654295693 +0100
+++ openssl-1.1.0c/crypto/rand/rand_unix.c 2016-12-12 17:44:44.608814886 +0100
@@ -144,7 +144,8 @@ int RAND_poll(void)
unsigned long l;
pid_t curr_pid = getpid();
# if defined(DEVRANDOM) || (!defined(OPENSS_NO_EGD) && defined(DEVRANDOM_EGD))
- unsigned char tmpbuf[ENTROPY_NEEDED];
+ /* STATE_SIZE is 1023 ... but it was suggested to seed with 1024 bytes */
+ unsigned char tmpbuf[1024];
int n = 0;
# endif
# ifdef DEVRANDOM
@@ -166,7 +167,7 @@ int RAND_poll(void)
* out of random entries.
*/
- for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < ENTROPY_NEEDED); i++) {
+ for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < sizeof(tmpbuf)); i++) {
if ((fd = open(randomfiles[i], O_RDONLY
# ifdef O_NONBLOCK
| O_NONBLOCK
@@ -246,7 +247,7 @@ int RAND_poll(void)
if (try_read) {
r = read(fd, (unsigned char *)tmpbuf + n,
- ENTROPY_NEEDED - n);
+ sizeof(tmpbuf) - n);
if (r > 0)
n += r;
} else
@@ -263,7 +264,7 @@ int RAND_poll(void)
}
while ((r > 0 ||
(errno == EINTR || errno == EAGAIN)) && usec != 0
- && n < ENTROPY_NEEDED);
+ && n < sizeof(tmpbuf));
close(fd);
}
@@ -276,12 +277,12 @@ int RAND_poll(void)
* collecting daemon.
*/
- for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED;
+ for (egdsocket = egdsockets; *egdsocket && n < sizeof(tmpbuf);
egdsocket++) {
int r;
r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n,
- ENTROPY_NEEDED - n);
+ sizeof(tmpbuf) - n);
if (r > 0)
n += r;
}
Index: openssl-1.1.0c/crypto/rand/md_rand.c
===================================================================
--- openssl-1.1.0c.orig/crypto/rand/md_rand.c 2016-12-12 17:33:05.690296235 +0100
+++ openssl-1.1.0c/crypto/rand/md_rand.c 2016-12-12 18:01:49.036286763 +0100
@@ -318,6 +318,10 @@ static int rand_bytes(unsigned char *buf
if (num <= 0)
return 1;
+ /* special rule for /dev/urandom seeding ... seed with as much bytes
+ * from /dev/urandom as you get out */
+ RAND_load_file("/dev/urandom", num);
+
m = EVP_MD_CTX_new();
if (m == NULL)
goto err_mem;
Index: openssl-1.1.0c/crypto/fips/fips_drbg_rand.c
===================================================================
--- openssl-1.1.0c.orig/crypto/fips/fips_drbg_rand.c 2016-12-12 17:33:05.690296235 +0100
+++ openssl-1.1.0c/crypto/fips/fips_drbg_rand.c 2016-12-12 18:05:52.779971206 +0100
@@ -90,6 +90,11 @@ static int fips_drbg_bytes(unsigned char
int rv = 0;
unsigned char *adin = NULL;
size_t adinlen = 0;
+
+ /* add entropy in 1:1 relation (number pulled bytes / number pushed from /dev/urandom) */
+ if (count > dctx->min_entropy)
+ RAND_load_file("/dev/urandom", count - dctx->min_entropy);
+
CRYPTO_THREAD_write_lock(fips_rand_lock);
do {
size_t rcnt;
Index: openssl-1.1.0c/crypto/rand/rand_lib.c
===================================================================
--- openssl-1.1.0c.orig/crypto/rand/rand_lib.c 2016-12-12 17:33:05.690296235 +0100
+++ openssl-1.1.0c/crypto/rand/rand_lib.c 2016-12-12 18:05:01.499195179 +0100
@@ -188,7 +188,7 @@ static int drbg_rand_add(DRBG_CTX *ctx,
{
RAND_OpenSSL()->add(in, inlen, entropy);
if (FIPS_rand_status()) {
- FIPS_drbg_reseed(ctx, NULL, 0);
+ FIPS_drbg_reseed(ctx, in, inlen);
}
return 1;
}