pool/openssl-1_1
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1111331 from home:ohollmann:branches:security:tls

Browse Source 
- Update to 1.1.1w:
 * Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
   The POLY1305 MAC (message authentication code) implementation in OpenSSL
   does not save the contents of non-volatile XMM registers on Windows 64
   platform when calculating the MAC of data larger than 64 bytes. Before
   returning to the caller all the XMM registers are set to zero rather than
   restoring their previous content. The vulnerable code is used only on newer
   x86_64 processors supporting the AVX512-IFMA instructions.
   The consequences of this kind of internal application state corruption can
   be various - from no consequences, if the calling application does not
   depend on the contents of non-volatile XMM registers at all, to the worst
   consequences, where the attacker could get complete control of the
   application process. However given the contents of the registers are just
   zeroized so the attacker cannot put arbitrary values inside, the most likely
   consequence, if any, would be an incorrect result of some application
   dependent calculations or a crash leading to a denial of service.
   (CVE-2023-4807)

- Add missing FIPS patches from SLE:
  * Add patches:
    - bsc1185319-FIPS-KAT-for-ECDSA.patch
    - bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch
    - openssl-1.1.1-fips-fix-memory-leaks.patch
    - openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch
    - openssl-1_1-FIPS_drbg-rewire.patch
    - openssl-1_1-Zeroization.patch
    - openssl-1_1-fips-drbg-selftest.patch
    - openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch
    - openssl-1_1-jitterentropy-3.4.0.patch
    - openssl-1_1-ossl-sli-000-fix-build-error.patch

OBS-URL: https://build.opensuse.org/request/show/1111331
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=144
This commit is contained in:
Pedro Monreal Gonzalez 2023-09-14 19:44:42 +00:00 committed by Git OBS Bridge
parent 5c433ba865
commit 8f01c56ec8
40 changed files with 10972 additions and 846 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

399
bsc1185319-FIPS-KAT-for-ECDSA.patch Normal file
View File

@ -0,0 +1,399 @@
diff --git a/crypto/fips/fips_ecdsa_selftest.c b/crypto/fips/fips_ecdsa_selftest.c
index 9895aa8..77a1c77 100644
--- a/crypto/fips/fips_ecdsa_selftest.c
+++ b/crypto/fips/fips_ecdsa_selftest.c
@@ -65,102 +65,319 @@
#include <openssl/bn.h>
#ifdef OPENSSL_FIPS
+#include <openssl/rand.h>
+#include "internal/nelem.h"
+#include "fips_locl.h"
-static const char P_256_name[] = "ECDSA P-256";
+/* functions to change the RAND_METHOD */
+static int fbytes(unsigned char *buf, int num);
-static const unsigned char P_256_d[] = {
- 0x51, 0xbd, 0x06, 0xa1, 0x1c, 0xda, 0xe2, 0x12, 0x99, 0xc9, 0x52, 0x3f,
- 0xea, 0xa4, 0xd2, 0xd1, 0xf4, 0x7f, 0xd4, 0x3e, 0xbd, 0xf8, 0xfc, 0x87,
- 0xdc, 0x82, 0x53, 0x21, 0xee, 0xa0, 0xdc, 0x64
-};
+static RAND_METHOD fake_rand;
+static const RAND_METHOD *old_rand;
+static int use_fake = 0;
+static const unsigned char *numbers[2];
+static int numbers_len[2];
-static const unsigned char P_256_qx[] = {
- 0x23, 0x89, 0xe0, 0xf4, 0x69, 0xe0, 0x49, 0xe5, 0xc7, 0xe5, 0x40, 0x6e,
- 0x8f, 0x25, 0xdd, 0xad, 0x11, 0x16, 0x14, 0x9b, 0xab, 0x44, 0x06, 0x31,
- 0xbf, 0x5e, 0xa6, 0x44, 0xac, 0x86, 0x00, 0x07
-};
+static int change_rand(void)
+{
+ /* save old rand method */
+ old_rand = RAND_get_rand_method();
+ if (!old_rand)
+ return 0;
+
+ fake_rand = *old_rand;
+ /* use own random function */
+ fake_rand.bytes = fbytes;
+ /* set new RAND_METHOD */
+ if (!RAND_set_rand_method(&fake_rand))
+ return 0;
+
+ return 1;
+}
-static const unsigned char P_256_qy[] = {
- 0xb3, 0x05, 0x0d, 0xd0, 0xdc, 0xf7, 0x40, 0xe6, 0xf9, 0xd8, 0x6d, 0x7b,
- 0x63, 0xca, 0x97, 0xe6, 0x12, 0xf9, 0xd4, 0x18, 0x59, 0xbe, 0xb2, 0x5e,
- 0x4a, 0x6a, 0x77, 0x23, 0xf4, 0x11, 0x9d, 0xeb
-};
+static int restore_rand(void)
+{
+ if (!RAND_set_rand_method(old_rand))
+ return 0;
+
+ return 1;
+}
+
+static int fbytes(unsigned char *buf, int num)
+{
+ int ret = 0;
+ static int fbytes_counter = 0;
+
+ if (use_fake == 0)
+ return old_rand->bytes(buf, num);
+
+ use_fake = 0;
+
+ if (fbytes_counter >= OSSL_NELEM(numbers))
+ goto err;
+
+ if (numbers_len[fbytes_counter] > num)
+ goto err;
+
+ /* first zero out the buffer */
+ memset(buf, 0, num);
+
+ /* Now set the "random" values */
+ memcpy(buf + (num - numbers_len[fbytes_counter]), numbers[fbytes_counter], numbers_len[fbytes_counter]);
+
+ fbytes_counter = (fbytes_counter + 1) % OSSL_NELEM(numbers);
+ ret = 1;
+err:
+ return ret;
+}
+
+
+
+/*-
+ * NIST CAVP ECDSA KATs
+ * 2 X9.62 KATs; one for prime fields and one for binary fields.
+ *
+ * Taken from:
+ * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/dss/186-3ecdsatestvectors.zip
+ */
typedef struct {
- int curve;
- const char *name;
- const unsigned char *x;
- size_t xlen;
- const unsigned char *y;
- size_t ylen;
- const unsigned char *d;
- size_t dlen;
-} EC_SELFTEST_DATA;
-
-# define make_ecdsa_test(nid, pr) { nid, pr##_name, \
- pr##_qx, sizeof(pr##_qx), \
- pr##_qy, sizeof(pr##_qy), \
- pr##_d, sizeof(pr##_d)}
-
-static EC_SELFTEST_DATA test_ec_data[] = {
- make_ecdsa_test(NID_X9_62_prime256v1, P_256),
-};
+ const int nid; /* curve NID */
+ const int md_nid; /* hash function NID */
+ const unsigned char *msg; /* message to sign */
+ size_t msglen;
+ const unsigned char *d; /* ECDSA private key */
+ size_t dlen;
+ const unsigned char *Q; /* ECDSA public key: (Qx,Qy) */
+ size_t Qlen;
+ const unsigned char *k; /* ECDSA nonce */
+ size_t klen;
+ const unsigned char *r; /* ECDSA signature (r,s) */
+ size_t rlen;
+ const unsigned char *s;
+ size_t slen;
+} ECDSA_KAT_SELFTEST_DATA;
-int FIPS_selftest_ecdsa()
-{
- EC_KEY *ec = NULL;
- BIGNUM *x = NULL, *y = NULL, *d = NULL;
- EVP_PKEY *pk = NULL;
- int rv = 0;
- size_t i;
- for (i = 0; i < sizeof(test_ec_data) / sizeof(EC_SELFTEST_DATA); i++) {
- EC_SELFTEST_DATA *ecd = test_ec_data + i;
+static const unsigned char data1_msg[] = {
+ 0x59, 0x05, 0x23, 0x88, 0x77, 0xc7, 0x74, 0x21,
+ 0xf7, 0x3e, 0x43, 0xee, 0x3d, 0xa6, 0xf2, 0xd9,
+ 0xe2, 0xcc, 0xad, 0x5f, 0xc9, 0x42, 0xdc, 0xec,
+ 0x0c, 0xbd, 0x25, 0x48, 0x29, 0x35, 0xfa, 0xaf,
+ 0x41, 0x69, 0x83, 0xfe, 0x16, 0x5b, 0x1a, 0x04,
+ 0x5e, 0xe2, 0xbc, 0xd2, 0xe6, 0xdc, 0xa3, 0xbd,
+ 0xf4, 0x6c, 0x43, 0x10, 0xa7, 0x46, 0x1f, 0x9a,
+ 0x37, 0x96, 0x0c, 0xa6, 0x72, 0xd3, 0xfe, 0xb5,
+ 0x47, 0x3e, 0x25, 0x36, 0x05, 0xfb, 0x1d, 0xdf,
+ 0xd2, 0x80, 0x65, 0xb5, 0x3c, 0xb5, 0x85, 0x8a,
+ 0x8a, 0xd2, 0x81, 0x75, 0xbf, 0x9b, 0xd3, 0x86,
+ 0xa5, 0xe4, 0x71, 0xea, 0x7a, 0x65, 0xc1, 0x7c,
+ 0xc9, 0x34, 0xa9, 0xd7, 0x91, 0xe9, 0x14, 0x91,
+ 0xeb, 0x37, 0x54, 0xd0, 0x37, 0x99, 0x79, 0x0f,
+ 0xe2, 0xd3, 0x08, 0xd1, 0x61, 0x46, 0xd5, 0xc9,
+ 0xb0, 0xd0, 0xde, 0xbd, 0x97, 0xd7, 0x9c, 0xe8
+};
- x = BN_bin2bn(ecd->x, ecd->xlen, x);
- y = BN_bin2bn(ecd->y, ecd->ylen, y);
- d = BN_bin2bn(ecd->d, ecd->dlen, d);
+static const unsigned char data1_d[] = {
+ 0x51, 0x9b, 0x42, 0x3d, 0x71, 0x5f, 0x8b, 0x58,
+ 0x1f, 0x4f, 0xa8, 0xee, 0x59, 0xf4, 0x77, 0x1a,
+ 0x5b, 0x44, 0xc8, 0x13, 0x0b, 0x4e, 0x3e, 0xac,
+ 0xca, 0x54, 0xa5, 0x6d, 0xda, 0x72, 0xb4, 0x64
+};
- if (!x || !y || !d)
- goto err;
+static const unsigned char data1_Q[] = {
+ 0x04, 0x0c, 0xec, 0x02, 0x8e, 0xe0, 0x8d, 0x09,
+ 0xe0, 0x26, 0x72, 0xa6, 0x83, 0x10, 0x81, 0x43,
+ 0x54, 0xf9, 0xea, 0xbf, 0xff, 0x0d, 0xe6, 0xda,
+ 0xcc, 0x1c, 0xd3, 0xa7, 0x74, 0x49, 0x60, 0x76,
+ 0xae, 0xef, 0xf4, 0x71, 0xfb, 0xa0, 0x40, 0x98,
+ 0x97, 0xb6, 0xa4, 0x8e, 0x88, 0x01, 0xad, 0x12,
+ 0xf9, 0x5d, 0x00, 0x09, 0xb7, 0x53, 0xcf, 0x8f,
+ 0x51, 0xc1, 0x28, 0xbf, 0x6b, 0x0b, 0xd2, 0x7f,
+ 0xbd
+};
- ec = EC_KEY_new_by_curve_name(ecd->curve);
- if (!ec)
- goto err;
+static const unsigned char data1_k[] = {
+ 0x94, 0xa1, 0xbb, 0xb1, 0x4b, 0x90, 0x6a, 0x61,
+ 0xa2, 0x80, 0xf2, 0x45, 0xf9, 0xe9, 0x3c, 0x7f,
+ 0x3b, 0x4a, 0x62, 0x47, 0x82, 0x4f, 0x5d, 0x33,
+ 0xb9, 0x67, 0x07, 0x87, 0x64, 0x2a, 0x68, 0xde
+};
- if (!EC_KEY_set_public_key_affine_coordinates(ec, x, y))
- goto err;
+static const unsigned char data1_r[] = {
+ 0xe3, 0x95, 0xf6, 0xdb, 0x12, 0x71, 0x90, 0xfa,
+ 0x70, 0xa6, 0x80, 0xeb, 0xf6, 0x8a, 0x18, 0x35,
+ 0x6f, 0xef, 0xf2, 0x36, 0x65, 0xb9, 0x31, 0xc3,
+ 0xa2, 0x14, 0x80, 0xdf, 0x86, 0xc4, 0xec, 0xbc
+};
- if (!EC_KEY_set_private_key(ec, d))
- goto err;
+static const unsigned char data1_s[] = {
+ 0xa5, 0x01, 0x04, 0x78, 0x93, 0xd9, 0x60, 0xcc,
+ 0x20, 0xce, 0xbd, 0xbb, 0x6f, 0x79, 0xb9, 0x7e,
+ 0x45, 0x23, 0x80, 0x73, 0x87, 0x83, 0x53, 0x63,
+ 0xe3, 0x80, 0x2b, 0x68, 0xcf, 0x32, 0xa1, 0xa2
+};
- if ((pk = EVP_PKEY_new()) == NULL)
- goto err;
- EVP_PKEY_assign_EC_KEY(pk, ec);
+# define make_ecdsa_kat_test(nid, md_nid, pr) { \
+nid, md_nid, \
+pr##_msg, sizeof(pr##_msg), \
+pr##_d, sizeof(pr##_d), \
+pr##_Q, sizeof(pr##_Q), \
+pr##_k, sizeof(pr##_k), \
+pr##_r, sizeof(pr##_r), \
+pr##_s, sizeof(pr##_s) \
+}
- if (!fips_pkey_signature_test(pk, NULL, 0,
- NULL, 0, EVP_sha256(), 0, ecd->name))
- goto err;
- }
+static ECDSA_KAT_SELFTEST_DATA test_ecdsa_data[] = {
+ make_ecdsa_kat_test(NID_secp256k1, NID_sha256, data1)
+};
- rv = 1;
+int FIPS_selftest_ecdsa()
+{
+ int rv;
+ size_t i, siglen, p_len;
+
+ for (i = 0; i < sizeof(test_ecdsa_data) / sizeof(ECDSA_KAT_SELFTEST_DATA); i++) {
+ EC_KEY *ec = NULL;
+ BIGNUM *r = NULL, *s = NULL;
+ BIGNUM *sig_r = NULL, *sig_s = NULL;
+ EVP_PKEY *pk = NULL;
+ unsigned char *sig = NULL;
+ unsigned char *tsig = NULL;
+ unsigned char *p_buf = NULL;
+ ECDSA_SIG *dsa_sig = NULL;
+ rv = 0;
+
+ ECDSA_KAT_SELFTEST_DATA *ecd = test_ecdsa_data + i;
+
+ /* Create the Message Digest Context */
+ EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
+ if (!mdctx) goto err;
+
+ r = BN_bin2bn(ecd->r, ecd->rlen, r);
+ s = BN_bin2bn(ecd->s, ecd->slen, s);
+
+ if (!r || !s)
+ goto err;
+
+ /* d[] will be used to generate a key. */
+ /* k[] will be used for signature generation. */
+ numbers[0] = ecd->d;
+ numbers_len[0] = ecd->dlen;
+ numbers[1] = ecd->k;
+ numbers_len[1] = ecd->klen;
+ /* swap the RNG source */
+ if (!change_rand())
+ goto err;
+
+ ec = EC_KEY_new_by_curve_name(ecd->nid);
+ if (!ec)
+ goto err;
+
+ /* Use d[] to generate key. */
+ use_fake = 1;
+ if (EC_KEY_generate_key(ec) != 1)
+ goto err;
+
+ if ((pk = EVP_PKEY_new()) == NULL)
+ goto err;
+
+ EVP_PKEY_assign_EC_KEY(pk, ec);
+
+ p_len = EC_KEY_key2buf(ec, POINT_CONVERSION_UNCOMPRESSED, &p_buf, NULL);
+ if (!p_len)
+ goto err;
+
+ /* Make sure generated public key matches */
+ if (p_len != ecd->Qlen)
+ goto err;
+ if (memcmp(p_buf, ecd->Q, p_len))
+ goto err;
+
+ /* Initialise the DigestSign operation */
+ if(1 != EVP_DigestSignInit(mdctx, NULL, EVP_get_digestbynid(ecd->md_nid), NULL, pk))
+ goto err;
+
+ /* Call update with the message */
+ if(1 != EVP_DigestSignUpdate(mdctx, ecd->msg, ecd->msglen))
+ goto err;
+
+ /* Finalise the DigestSign operation */
+ /* First call EVP_DigestSignFinal with a NULL sig parameter to */
+ /* obtain the length of the signature. Length is returned in slen */
+ if(1 != EVP_DigestSignFinal(mdctx, NULL, &siglen))
+ goto err;
+
+ /* Allocate memory for the signature based on size in slen */
+ if(!(sig = OPENSSL_malloc(siglen)))
+ goto err;
+
+ /* Use k[] for signature. */
+ use_fake = 1;
+
+ /* Obtain the signature */
+ if(1 != EVP_DigestSignFinal(mdctx, sig, &siglen))
+ goto err;
- err:
+ /* extract r and s */
+ tsig = sig;
+ dsa_sig = d2i_ECDSA_SIG(NULL, &tsig, siglen);
+ if (dsa_sig == NULL)
+ goto err;
+
+ sig_r = ECDSA_SIG_get0_r(dsa_sig);
+ sig_s = ECDSA_SIG_get0_s(dsa_sig);
+ if ((sig_r == NULL) || (sig_s == NULL))
+ goto err;
- if (x)
- BN_clear_free(x);
- if (y)
- BN_clear_free(y);
- if (d)
- BN_clear_free(d);
+ /* Compare r and s against known. */
+ if ((BN_cmp(sig_r, r) != 0) || (BN_cmp(sig_s, s) != 0))
+ goto err;
+
+ /* Verify signature */
+ if(1 != EVP_DigestVerifyInit(mdctx, NULL, EVP_get_digestbynid(ecd->md_nid), NULL, pk))
+ goto err;
+
+ if (EVP_DigestVerify(mdctx, sig, siglen, ecd->msg, ecd->msglen) != 1)
+ goto err;
+
+ if (1 != restore_rand())
+ goto err;
+
+ /* Success */
+ rv = 1;
+
+
+ err:
+
+ if (mdctx)
+ EVP_MD_CTX_free(mdctx);
+ if (r)
+ BN_clear_free(r);
+ if (s)
+ BN_clear_free(s);
+ if (sig)
+ OPENSSL_free(sig);
+ if (dsa_sig)
+ ECDSA_SIG_free(dsa_sig);
+ if (p_buf)
+ OPENSSL_free(p_buf);
if (pk)
- EVP_PKEY_free(pk);
+ EVP_PKEY_free(pk);
else if (ec)
- EC_KEY_free(ec);
-
- return rv;
+ EC_KEY_free(ec);
+
+ if (rv != 1) {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_ECDSA, FIPS_R_SELFTEST_FAILED);
+ break;
+ }
+
+ }
+ return rv;
+
}
+
#endif

13
bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/crypto/fips/fips_post.c b/crypto/fips/fips_post.c
index 80de6f6..46003d1 100644
--- a/crypto/fips/fips_post.c
+++ b/crypto/fips/fips_post.c
@@ -72,7 +72,7 @@
int FIPS_selftest(void)
{
int rv = 1;
- if (!FIPS_selftest_drbg())
+ if (!FIPS_selftest_drbg_all())
rv = 0;
if (!FIPS_selftest_sha1())
rv = 0;

80
openssl-1.1.1-fips-fix-memory-leaks.patch Normal file
View File

@ -0,0 +1,80 @@
---
crypto/fips/fips.c | 8 ++++++++
crypto/fips/fips_drbg_rand.c | 6 ++++++
crypto/init.c | 4 ++++
include/crypto/fips_int.h | 1 +
include/openssl/fips_rand.h | 1 +
5 files changed, 20 insertions(+)
--- a/crypto/fips/fips.c
+++ b/crypto/fips/fips.c
@@ -93,6 +93,14 @@ DEFINE_RUN_ONCE_STATIC(do_fips_lock_init
return fips_lock != NULL && fips_owning_lock != NULL;
}
+void FIPS_owning_thread_lock_cleanup(void)
+{
+ CRYPTO_THREAD_lock_free(fips_lock);
+ fips_lock = NULL;
+ CRYPTO_THREAD_lock_free(fips_owning_lock);
+ fips_owning_lock = NULL;
+}
+
# define fips_w_lock() CRYPTO_THREAD_write_lock(fips_lock)
# define fips_w_unlock() CRYPTO_THREAD_unlock(fips_lock)
# define fips_r_lock() CRYPTO_THREAD_read_lock(fips_lock)
--- a/crypto/fips/fips_drbg_rand.c
+++ b/crypto/fips/fips_drbg_rand.c
@@ -84,6 +84,12 @@ DRBG_CTX *FIPS_get_default_drbg(void)
return &ossl_dctx;
}
+void FIPS_drbg_lock_cleanup(void)
+{
+ CRYPTO_THREAD_lock_free(fips_rand_lock);
+ fips_rand_lock = NULL;
+}
+
static int fips_drbg_bytes(unsigned char *out, int count)
{
DRBG_CTX *dctx = &ossl_dctx;
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -28,6 +28,8 @@
#include "internal/dso.h"
#include "crypto/store.h"
#include "openssl/fips.h"
+#include "openssl/fips_rand.h"
+#include "crypto/fips_int.h"
static int stopped = 0;
@@ -591,6 +593,8 @@ void OPENSSL_cleanup(void)
conf_modules_free_int();
#ifdef OPENSSL_FIPS
FIPS_entropy_cleanup();
+ FIPS_drbg_lock_cleanup();
+ FIPS_owning_thread_lock_cleanup();
#endif
#ifndef OPENSSL_NO_ENGINE
engine_cleanup_int();
--- a/include/crypto/fips_int.h
+++ b/include/crypto/fips_int.h
@@ -56,6 +56,7 @@
#ifdef OPENSSL_FIPS
+void FIPS_owning_thread_lock_cleanup(void);
int FIPS_module_mode_set(int onoff);
int FIPS_module_mode(void);
int FIPS_module_installed(void);
--- a/include/openssl/fips_rand.h
+++ b/include/openssl/fips_rand.h
@@ -125,6 +125,7 @@ extern "C" {
DRBG_CTX *FIPS_get_default_drbg(void);
const RAND_METHOD *FIPS_drbg_method(void);
+ void FIPS_drbg_lock_cleanup(void);
int FIPS_rand_set_method(const RAND_METHOD *meth);
const RAND_METHOD *FIPS_rand_get_method(void);

41
openssl-1.1.1-fips.patch
View File

@ -288,7 +288,7 @@ Index: openssl-1.1.1n/crypto/dh/dh_key.c
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
+ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) {
+ DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
+ DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
+ return 0;
+ }
+#endif
@ -2341,7 +2341,7 @@ Index: openssl-1.1.1n/crypto/fips/fips.c
+ rv = 0;
+
+ /* Installed == true */
+ return !rv;
+ return !rv || FIPS_module_mode();
+}
+
+int FIPS_module_mode_set(int onoff)
@ -7491,7 +7491,7 @@ Index: openssl-1.1.1n/crypto/fips/fips_dsa_selftest.c
+{
+ DSA *dsa = NULL;
+ EVP_PKEY *pk = NULL;
+ int ret = -1;
+ int ret = 0;
+ BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL;
+
+ fips_load_key_component(p, dsa_test_2048);
@ -7692,24 +7692,24 @@ Index: openssl-1.1.1n/crypto/fips/fips_ecdh_selftest.c
+ d = BN_bin2bn(ecd->d1, ecd->d1len, d);
+
+ if (!x || !y || !d || !ztmp) {
+ rv = -1;
+ rv = 0;
+ goto err;
+ }
+
+ ec1 = EC_KEY_new_by_curve_name(ecd->curve);
+ if (!ec1) {
+ rv = -1;
+ rv = 0;
+ goto err;
+ }
+ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
+
+ if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y)) {
+ rv = -1;
+ rv = 0;
+ goto err;
+ }
+
+ if (!EC_KEY_set_private_key(ec1, d)) {
+ rv = -1;
+ rv = 0;
+ goto err;
+ }
+
@ -7717,30 +7717,30 @@ Index: openssl-1.1.1n/crypto/fips/fips_ecdh_selftest.c
+ y = BN_bin2bn(ecd->y2, ecd->y2len, y);
+
+ if (!x || !y) {
+ rv = -1;
+ rv = 0;
+ goto err;
+ }
+
+ ec2 = EC_KEY_new_by_curve_name(ecd->curve);
+ if (!ec2) {
+ rv = -1;
+ rv = 0;
+ goto err;
+ }
+ EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
+
+ if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y)) {
+ rv = -1;
+ rv = 0;
+ goto err;
+ }
+
+ ecp = EC_KEY_get0_public_key(ec2);
+ if (!ecp) {
+ rv = -1;
+ rv = 0;
+ goto err;
+ }
+
+ if (!ECDH_compute_key(ztmp, ecd->zlen, ecp, ec1, 0)) {
+ rv = -1;
+ rv = 0;
+ goto err;
+ }
+
@ -9933,7 +9933,7 @@ Index: openssl-1.1.1n/crypto/o_init.c
===================================================================
--- openssl-1.1.1n.orig/crypto/o_init.c
+++ openssl-1.1.1n/crypto/o_init.c
@@ -7,8 +7,68 @@
@@ -7,8 +7,69 @@
* https://www.openssl.org/source/license.html
*/
@ -9959,16 +9959,20 @@ Index: openssl-1.1.1n/crypto/o_init.c
+ char buf[2] = "0";
+ int fd;
+
+ /* Ensure the selftests always run */
+ /* XXX: TO SOLVE - premature initialization due to selftests */
+ FIPS_mode_set(1);
+
+ if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
+ buf[0] = '1';
+ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
+ close(fd);
+ }
+
+ if (buf[0] != '1' && !FIPS_module_installed())
+ return;
+
+ /* Ensure the selftests always run */
+ /* XXX: TO SOLVE - premature initialization due to selftests */
+ FIPS_mode_set(1);
+
+ /* Failure reading the fips mode switch file means just not
+ * switching into FIPS mode. We would break too many things
+ * otherwise..
@ -9993,9 +9997,6 @@ Index: openssl-1.1.1n/crypto/o_init.c
+ if (done)
+ return;
+ done = 1;
+ if (!FIPS_module_installed()) {
+ return;
+ }
+ init_fips_mode();
+}
+#endif

BIN
openssl-1.1.1v.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

16
openssl-1.1.1v.tar.gz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE78CkZ9YTy4PH7W0w2JTizos9efUFAmTJDewACgkQ2JTizos9
efVPDBAAjgNq842XSAhmH3CBHHFtMuVlg5RV+tAV7PF7tDm/Bu0VPxZecvDhEHyk
y1bIzYki9kPQrnDc5Cz3UYHjnBp2n2GH+JDShedSJMH3qbsAlSB4j5b15UFjE8b4
yDl4rlcug3SydqEdYJAGnOD3QBghsX7GiS6S9BgnU1D1XDZ1LYF6NumrjeypGm2r
vodcjel0tD+Xu2Du398sGmXLZLfK7eBT8dYtzWHAZubf+dNQmfRRDALo2Q5Xux6p
xIDlEQvTUkt5mF+Rx0CI1boIKeaFoZFOReUW0zkKYfwNkfq1WvGj3sGA+StQsgn1
Dvfx6ONoS9UT+6KTegsLOIX2xOAHa8k4UgtW19eCovYzJNkBwNnq83lrvIEMoLY7
brALTqBmlFq4prPgzpDHlTeC78uDcf/Ao95CeBw5yKVsKAN7W7vA2u6Gr2ZgUWsF
zVnrxJ9difkrvkFxm6uO2qu1qA/84Bow77M6/7FSHFZ+oDB3tjGXtq4Tf6iBkhpf
XIRu79S1LxCY7HxKVHHfpKuGSfefV/tgPeOac8CvucIq6r1Be20h0crRnDEGJt8G
Otznvt04iX+FkSVC7PjiAVZqubQQWjXUZxDngQgUOye/suExGwEoaTMmhj95eiVu
ufee+jDrVGOjhLLoEClP/+zpl2Wplq3KzLVsvvJa8v5KTVot9r4=
=mu7b
-----END PGP SIGNATURE-----

BIN
openssl-1.1.1w.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

16
openssl-1.1.1w.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE78CkZ9YTy4PH7W0w2JTizos9efUFAmT/H2QACgkQ2JTizos9
efVL8A//XiYVgTnhAtnBs8W5+8fTJ2WUh+lcG7I+GF1wi1PRMaA9YddmXu70b9VF
x5EOcAVo7RsjlQ/VeWUtVuyTjd6eXCzoKRlbAwo9YovEsWcIo5sb6lSzuN17bIJi
NOrALx3+TF7SZfuOdd/czohfJfFUX/5mfEmcrkwY67UvIDFgO6E04+S2eFnU9HdC
KEF4kK10IObHRfvnAj+nSfUrnq5xtAAIpj2PBg9GFIEIxKBU72vvJYGdJ0HKFN8/
352rNVIxGMXlwsAtWY2L09S0kt4iFST4fANM4CkxTnvloimmCtcWJvcst6tTgCMD
PKqXJ4hJpElzCVJJJBNQxz+T2dxc97Upvense/lkB6h8bwQgYaZNgk6B8UsSZyE8
5v1p1HcOCJBNKc8zW86a3RvGCfxOfjrFz2CC7QPdT84Rv4S/xeCeUqM5b63Ws7pZ
3kA5jHUkP0yXsVOjxdMdqlJxqQ1wE2Q459fklLnsoHERrEQtsoaEW0DG6Kgima58
YGwY8GxQ/QFLPxYRMjsfaLO54pdSlXa2EZ3nmL6WTY1ScdzN8K+huXz8Ok2lbi7O
oPZCVaDl8cpO9Kh8y5Hc8KAqCU72eTgx4kDGmEou9z//bl33fq0s5+PAjaz0XDvZ
gdOlsOngaAlvcVF50ZkVERBvfVb41O0uWD8MSk+vvBKQvuecrQ0=
=ZcG7
-----END PGP SIGNATURE-----

45
openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch Normal file
View File

@ -0,0 +1,45 @@
Index: openssl-1.1.1l/crypto/fips/fips_kdf_selftest.c
===================================================================
--- openssl-1.1.1l.orig/crypto/fips/fips_kdf_selftest.c
+++ openssl-1.1.1l/crypto/fips/fips_kdf_selftest.c
@@ -63,18 +63,20 @@ int FIPS_selftest_pbkdf2(void)
{
int ret = 0;
EVP_KDF_CTX *kctx;
- unsigned char out[32];
+ unsigned char out[40];
if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) {
goto err;
}
- if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS,
+ "passwordPASSWORDpassword", (size_t)24) <= 0) {
goto err;
}
- if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
+ "saltSALTsaltSALTsaltSALTsaltSALTsalt", (size_t)36) <= 0) {
goto err;
}
- if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) {
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 4096) <= 0) {
goto err;
}
if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
@@ -86,10 +88,11 @@ int FIPS_selftest_pbkdf2(void)
{
const unsigned char expected[sizeof(out)] = {
- 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
- 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
- 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
- 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
+ 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
+ 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
+ 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
+ 0x1c, 0x4e, 0x2a, 0x1f, 0xb8, 0xdd, 0x53, 0xe1,
+ 0xc6, 0x35, 0x51, 0x8c, 0x7d, 0xac, 0x47, 0xe9
};
if (memcmp(out, expected, sizeof(expected))) {
goto err;

2
openssl-1_1-FIPS-fix-error-reason-codes.patch
View File

@ -32,7 +32,7 @@ Index: openssl-1.1.1l/crypto/err/openssl.ec
L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c
L SM2 include/crypto/sm2.h crypto/sm2/sm2_err.c
L OSSL_STORE include/openssl/store.h crypto/store/store_err.c
+L FIPS include/crypto/fips.h crypto/fips/fips_ers.c
+L FIPS include/crypto/fips_int.h crypto/fips/fips_ers.c
# additional header files to be scanned for function names
L NONE include/openssl/x509_vfy.h NONE

182
openssl-1_1-FIPS_drbg-rewire.patch Normal file
View File

@ -0,0 +1,182 @@
Index: openssl-1.1.1l/crypto/fips/fips_drbg_lib.c
===================================================================
--- openssl-1.1.1l.orig/crypto/fips/fips_drbg_lib.c
+++ openssl-1.1.1l/crypto/fips/fips_drbg_lib.c
@@ -337,6 +337,19 @@ static int drbg_reseed(DRBG_CTX *dctx,
int FIPS_drbg_reseed(DRBG_CTX *dctx,
const unsigned char *adin, size_t adinlen)
{
+ int len = (int)adinlen;
+
+ if (len < 0 || (size_t)len != adinlen) {
+ FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
+ return 0;
+ }
+ RAND_seed(adin, len);
+ return 1;
+}
+
+int FIPS_drbg_reseed_internal(DRBG_CTX *dctx,
+ const unsigned char *adin, size_t adinlen)
+{
return drbg_reseed(dctx, adin, adinlen, 1);
}
@@ -358,6 +371,19 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, u
int prediction_resistance,
const unsigned char *adin, size_t adinlen)
{
+ int len = (int)outlen;
+
+ if (len < 0 || (size_t)len != outlen) {
+ FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG);
+ return 0;
+ }
+ return RAND_bytes(out, len);
+}
+
+int FIPS_drbg_generate_internal(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
+ int prediction_resistance,
+ const unsigned char *adin, size_t adinlen)
+{
int r = 0;
if (FIPS_selftest_failed()) {
Index: openssl-1.1.1l/crypto/fips/fips_drbg_rand.c
===================================================================
--- openssl-1.1.1l.orig/crypto/fips/fips_drbg_rand.c
+++ openssl-1.1.1l/crypto/fips/fips_drbg_rand.c
@@ -57,6 +57,8 @@
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/fips.h>
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
Index: openssl-1.1.1l/crypto/fips/fips_drbg_selftest.c
===================================================================
--- openssl-1.1.1l.orig/crypto/fips/fips_drbg_selftest.c
+++ openssl-1.1.1l/crypto/fips/fips_drbg_selftest.c
@@ -55,6 +55,8 @@
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/fips.h>
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
#include "fips_locl.h"
Index: openssl-1.1.1l/crypto/fips/fips_rand_lib.c
===================================================================
--- openssl-1.1.1l.orig/crypto/fips/fips_rand_lib.c
+++ openssl-1.1.1l/crypto/fips/fips_rand_lib.c
@@ -120,6 +120,7 @@ void FIPS_rand_reset(void)
int FIPS_rand_seed(const void *buf, int num)
{
+#if 0
if (!fips_approved_rand_meth && FIPS_module_mode()) {
FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
return 0;
@@ -127,10 +128,15 @@ int FIPS_rand_seed(const void *buf, int
if (fips_rand_meth && fips_rand_meth->seed)
fips_rand_meth->seed(buf, num);
return 1;
+#else
+ RAND_seed(buf, num);
+ return 1;
+#endif
}
int FIPS_rand_bytes(unsigned char *buf, int num)
{
+#if 0
if (!fips_approved_rand_meth && FIPS_module_mode()) {
FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
return 0;
@@ -138,10 +144,14 @@ int FIPS_rand_bytes(unsigned char *buf,
if (fips_rand_meth && fips_rand_meth->bytes)
return fips_rand_meth->bytes(buf, num);
return 0;
+#else
+ return RAND_bytes(buf, num);
+#endif
}
int FIPS_rand_status(void)
{
+#if 0
if (!fips_approved_rand_meth && FIPS_module_mode()) {
FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
return 0;
@@ -149,6 +159,9 @@ int FIPS_rand_status(void)
if (fips_rand_meth && fips_rand_meth->status)
return fips_rand_meth->status();
return 0;
+#else
+ return RAND_status();
+#endif
}
/* Return instantiated strength of PRNG. For DRBG this is an internal
Index: openssl-1.1.1l/include/openssl/fips.h
===================================================================
--- openssl-1.1.1l.orig/include/openssl/fips.h
+++ openssl-1.1.1l/include/openssl/fips.h
@@ -64,6 +64,11 @@ extern "C" {
int FIPS_selftest(void);
int FIPS_selftest_failed(void);
+
+ /*
+ * This function is deprecated as it performs selftest of the old FIPS drbg
+ * implementation that is not validated.
+ */
int FIPS_selftest_drbg_all(void);
void NONFIPS_selftest_check(void);
Index: openssl-1.1.1l/include/openssl/fips_rand.h
===================================================================
--- openssl-1.1.1l.orig/include/openssl/fips_rand.h
+++ openssl-1.1.1l/include/openssl/fips_rand.h
@@ -60,6 +60,20 @@
# ifdef __cplusplus
extern "C" {
# endif
+
+/*
+ * IMPORTANT NOTE:
+ * All functions in this header file are deprecated and should not be used
+ * as they use the old FIPS_drbg implementation that is not FIPS validated
+ * anymore.
+ * To provide backwards compatibility for applications that need FIPS compliant
+ * RNG number generation and use FIPS_drbg_generate, this function was
+ * re-wired to call the FIPS validated DRBG instance instead through
+ * the RAND_bytes() call.
+ *
+ * All these functions will be removed in future.
+ */
+
typedef struct drbg_ctx_st DRBG_CTX;
/* DRBG external flags */
/* Flag for CTR mode only: use derivation function ctr_df */
Index: openssl-1.1.1l/crypto/fips/fips_post.c
===================================================================
--- openssl-1.1.1l.orig/crypto/fips/fips_post.c
+++ openssl-1.1.1l/crypto/fips/fips_post.c
@@ -72,8 +72,13 @@
int FIPS_selftest(void)
{
int rv = 1;
+#if 0
+ /* This selftest is deprecated as it uses the old FIPS_drbg
+ * implementation that is not FIPS validated.
+ */
if (!FIPS_selftest_drbg_all())
rv = 0;
+#endif
if (!FIPS_selftest_sha1())
rv = 0;
if (!FIPS_selftest_sha2())

25
openssl-1_1-Zeroization.patch Normal file
View File

@ -0,0 +1,25 @@
--- openssl-1.1.1l/crypto/fips/fips.c
+++ openssl-1.1.1l/crypto/fips/fips.c
@@ -350,6 +350,10 @@ static int FIPSCHECK_verify(const char *
if (strcmp(hex, hmac) != 0) {
rv = -1;
}
+ if (hmaclen != 0) {
+ OPENSSL_cleanse(buf, hmaclen);
+ OPENSSL_cleanse(hex, hmaclen * 2 + 1);
+ }
free(buf);
free(hex);
} else {
@@ -357,7 +360,11 @@ static int FIPSCHECK_verify(const char *
}
end:
+ if (n != 0)
+ OPENSSL_cleanse(hmac, n);
free(hmac);
+ if (strlen(hmacpath) != 0)
+ OPENSSL_cleanse(hmacpath, strlen(hmacpath));
free(hmacpath);
fclose(hf);

588
openssl-1_1-fips-drbg-selftest.patch Normal file
View File

@ -0,0 +1,588 @@
---
crypto/fips/fips_post.c | 3
crypto/rand/build.info | 2
crypto/rand/drbg_selftest.c | 537 ++++++++++++++++++++++++++++++++++++++++++++
include/crypto/rand.h | 5
4 files changed, 546 insertions(+), 1 deletion(-)
--- a/crypto/fips/fips_post.c
+++ b/crypto/fips/fips_post.c
@@ -66,6 +66,7 @@
# include <openssl/fips.h>
# include "crypto/fips_int.h"
+# include "crypto/rand.h"
# include "fips_locl.h"
/* Run all selftests */
@@ -79,6 +80,8 @@ int FIPS_selftest(void)
if (!FIPS_selftest_drbg_all())
rv = 0;
#endif
+ if (!FIPS_selftest_drbg_new())
+ rv = 0;
if (!FIPS_selftest_sha1())
rv = 0;
if (!FIPS_selftest_sha2())
--- a/crypto/rand/build.info
+++ b/crypto/rand/build.info
@@ -1,6 +1,6 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
- rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
+ rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c drbg_selftest.c
INCLUDE[drbg_ctr.o]=../modes
--- /dev/null
+++ b/crypto/rand/drbg_selftest.c
@@ -0,0 +1,537 @@
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <stddef.h>
+#include "internal/nelem.h"
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand_drbg.h>
+#include <openssl/obj_mac.h>
+#include "internal/thread_once.h"
+#include "crypto/rand.h"
+
+typedef struct test_ctx_st {
+ const unsigned char *entropy;
+ size_t entropylen;
+ int entropycnt;
+ const unsigned char *nonce;
+ size_t noncelen;
+ int noncecnt;
+} TEST_CTX;
+
+static int app_data_index = -1;
+static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(drbg_app_data_index_init)
+{
+ app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
+
+ return 1;
+}
+
+enum drbg_kat_type {
+ NO_RESEED,
+ PR_FALSE,
+ PR_TRUE
+};
+
+enum drbg_df {
+ USE_DF,
+ NO_DF,
+ NA
+};
+
+struct drbg_kat_no_reseed {
+ size_t count;
+ const unsigned char *entropyin;
+ const unsigned char *nonce;
+ const unsigned char *persstr;
+ const unsigned char *addin1;
+ const unsigned char *addin2;
+ const unsigned char *retbytes;
+};
+
+struct drbg_kat_pr_false {
+ size_t count;
+ const unsigned char *entropyin;
+ const unsigned char *nonce;
+ const unsigned char *persstr;
+ const unsigned char *entropyinreseed;
+ const unsigned char *addinreseed;
+ const unsigned char *addin1;
+ const unsigned char *addin2;
+ const unsigned char *retbytes;
+};
+
+struct drbg_kat_pr_true {
+ size_t count;
+ const unsigned char *entropyin;
+ const unsigned char *nonce;
+ const unsigned char *persstr;
+ const unsigned char *entropyinpr1;
+ const unsigned char *addin1;
+ const unsigned char *entropyinpr2;
+ const unsigned char *addin2;
+ const unsigned char *retbytes;
+};
+
+struct drbg_kat {
+ enum drbg_kat_type type;
+ enum drbg_df df;
+ int nid;
+
+ size_t entropyinlen;
+ size_t noncelen;
+ size_t persstrlen;
+ size_t addinlen;
+ size_t retbyteslen;
+
+ const void *t;
+};
+
+/*
+ * Excerpt from test/drbg_cavs_data.c
+ * DRBG test vectors from:
+ * https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/
+ */
+
+static const unsigned char kat1308_entropyin[] = {
+ 0x7c, 0x5d, 0x90, 0x70, 0x3b, 0x8a, 0xc7, 0x0f, 0x23, 0x73, 0x24, 0x9c,
+ 0xa7, 0x15, 0x41, 0x71, 0x7a, 0x31, 0xea, 0x32, 0xfc, 0x28, 0x0d, 0xd7,
+ 0x5b, 0x09, 0x01, 0x98, 0x1b, 0xe2, 0xa5, 0x53, 0xd9, 0x05, 0x32, 0x97,
+ 0xec, 0xbe, 0x86, 0xfd, 0x1c, 0x1c, 0x71, 0x4c, 0x52, 0x29, 0x9e, 0x52,
+};
+static const unsigned char kat1308_nonce[] = {0};
+static const unsigned char kat1308_persstr[] = {
+ 0xdc, 0x07, 0x2f, 0x68, 0xfa, 0x77, 0x03, 0x23, 0x42, 0xb0, 0xf5, 0xa2,
+ 0xd9, 0xad, 0xa1, 0xd0, 0xad, 0xa2, 0x14, 0xb4, 0xd0, 0x8e, 0xfb, 0x39,
+ 0xdd, 0xc2, 0xac, 0xfb, 0x98, 0xdf, 0x7f, 0xce, 0x4c, 0x75, 0x56, 0x45,
+ 0xcd, 0x86, 0x93, 0x74, 0x90, 0x6e, 0xf6, 0x9e, 0x85, 0x7e, 0xfb, 0xc3,
+};
+static const unsigned char kat1308_addin0[] = {
+ 0x52, 0x25, 0xc4, 0x2f, 0x03, 0xce, 0x29, 0x71, 0xc5, 0x0b, 0xc3, 0x4e,
+ 0xad, 0x8d, 0x6f, 0x17, 0x82, 0xe1, 0xf3, 0xfd, 0xfd, 0x9b, 0x94, 0x9a,
+ 0x1d, 0xac, 0xd0, 0xd4, 0x3f, 0x2b, 0xe3, 0xab, 0x7c, 0x3d, 0x3e, 0x5a,
+ 0x68, 0xbb, 0xa4, 0x74, 0x68, 0x1a, 0xc6, 0x27, 0xff, 0xe0, 0xc0, 0x6c,
+};
+static const unsigned char kat1308_addin1[] = {
+ 0xdc, 0x91, 0xd7, 0xb7, 0xb9, 0x94, 0x79, 0x0f, 0x06, 0xc4, 0x70, 0x19,
+ 0x33, 0x25, 0x7c, 0x96, 0x01, 0xa0, 0x62, 0xb0, 0x50, 0xe6, 0xc0, 0x3a,
+ 0x56, 0x8f, 0xc5, 0x50, 0x48, 0xc6, 0xf4, 0x49, 0xe5, 0x70, 0x16, 0x2e,
+ 0xae, 0xf2, 0x99, 0xb4, 0x2d, 0x70, 0x18, 0x16, 0xcd, 0xe0, 0x24, 0xe4,
+};
+static const unsigned char kat1308_retbits[] = {
+ 0xde, 0xf8, 0x91, 0x1b, 0xf1, 0xe1, 0xa9, 0x97, 0xd8, 0x61, 0x84, 0xe2,
+ 0xdb, 0x83, 0x3e, 0x60, 0x45, 0xcd, 0xc8, 0x66, 0x93, 0x28, 0xc8, 0x92,
+ 0xbc, 0x25, 0xae, 0xe8, 0xb0, 0xed, 0xed, 0x16, 0x3d, 0xa5, 0xf9, 0x0f,
+ 0xb3, 0x72, 0x08, 0x84, 0xac, 0x3c, 0x3b, 0xaa, 0x5f, 0xf9, 0x7d, 0x63,
+ 0x3e, 0xde, 0x59, 0x37, 0x0e, 0x40, 0x12, 0x2b, 0xbc, 0x6c, 0x96, 0x53,
+ 0x26, 0x32, 0xd0, 0xb8,
+};
+static const struct drbg_kat_no_reseed kat1308_t = {
+ 2, kat1308_entropyin, kat1308_nonce, kat1308_persstr,
+ kat1308_addin0, kat1308_addin1, kat1308_retbits
+};
+static const struct drbg_kat kat1308 = {
+ NO_RESEED, NO_DF, NID_aes_256_ctr, 48, 0, 48, 48, 64, &kat1308_t
+};
+
+static const unsigned char kat1465_entropyin[] = {
+ 0xc9, 0x96, 0x3a, 0x15, 0x51, 0x76, 0x4f, 0xe0, 0x45, 0x82, 0x8a, 0x64,
+ 0x87, 0xbe, 0xaa, 0xc0,
+};
+static const unsigned char kat1465_nonce[] = {
+ 0x08, 0xcd, 0x69, 0x39, 0xf8, 0x58, 0x9a, 0x85,
+};
+static const unsigned char kat1465_persstr[] = {0};
+static const unsigned char kat1465_entropyinreseed[] = {
+ 0x16, 0xcc, 0x35, 0x15, 0xb1, 0x17, 0xf5, 0x33, 0x80, 0x9a, 0x80, 0xc5,
+ 0x1f, 0x4b, 0x7b, 0x51,
+};
+static const unsigned char kat1465_addinreseed[] = {
+ 0xf5, 0x3d, 0xf1, 0x2e, 0xdb, 0x28, 0x1c, 0x00, 0x7b, 0xcb, 0xb6, 0x12,
+ 0x61, 0x9f, 0x26, 0x5f,
+};
+static const unsigned char kat1465_addin0[] = {
+ 0xe2, 0x67, 0x06, 0x62, 0x09, 0xa7, 0xcf, 0xd6, 0x84, 0x8c, 0x20, 0xf6,
+ 0x10, 0x5a, 0x73, 0x9c,
+};
+static const unsigned char kat1465_addin1[] = {
+ 0x26, 0xfa, 0x50, 0xe1, 0xb3, 0xcb, 0x65, 0xed, 0xbc, 0x6d, 0xda, 0x18,
+ 0x47, 0x99, 0x1f, 0xeb,
+};
+static const unsigned char kat1465_retbits[] = {
+ 0xf9, 0x47, 0xc6, 0xb0, 0x58, 0xa8, 0x66, 0x8a, 0xf5, 0x2b, 0x2a, 0x6d,
+ 0x4e, 0x24, 0x6f, 0x65, 0xbf, 0x51, 0x22, 0xbf, 0xe8, 0x8d, 0x6c, 0xeb,
+ 0xf9, 0x68, 0x7f, 0xed, 0x3b, 0xdd, 0x6b, 0xd5, 0x28, 0x47, 0x56, 0x52,
+ 0xda, 0x50, 0xf0, 0x90, 0x73, 0x95, 0x06, 0x58, 0xaf, 0x08, 0x98, 0x6e,
+ 0x24, 0x18, 0xfd, 0x2f, 0x48, 0x72, 0x57, 0xd6, 0x59, 0xab, 0xe9, 0x41,
+ 0x58, 0xdb, 0x27, 0xba,
+};
+static const struct drbg_kat_pr_false kat1465_t = {
+ 9, kat1465_entropyin, kat1465_nonce, kat1465_persstr,
+ kat1465_entropyinreseed, kat1465_addinreseed, kat1465_addin0,
+ kat1465_addin1, kat1465_retbits
+};
+static const struct drbg_kat kat1465 = {
+ PR_FALSE, USE_DF, NID_aes_128_ctr, 16, 8, 0, 16, 64, &kat1465_t
+};
+
+static const unsigned char kat3146_entropyin[] = {
+ 0xd7, 0x08, 0x42, 0x82, 0xc2, 0xd2, 0xd1, 0xde, 0x01, 0xb4, 0x36, 0xb3,
+ 0x7f, 0xbd, 0xd3, 0xdd, 0xb3, 0xc4, 0x31, 0x4f, 0x8f, 0xa7, 0x10, 0xf4,
+};
+static const unsigned char kat3146_nonce[] = {
+ 0x7b, 0x9e, 0xcd, 0x49, 0x4f, 0x46, 0xa0, 0x08, 0x32, 0xff, 0x2e, 0xc3,
+ 0x50, 0x86, 0xca, 0xca,
+};
+static const unsigned char kat3146_persstr[] = {0};
+static const unsigned char kat3146_entropyinpr1[] = {
+ 0x68, 0xd0, 0x7b, 0xa4, 0xe7, 0x22, 0x19, 0xe6, 0xb6, 0x46, 0x6a, 0xda,
+ 0x8e, 0x67, 0xea, 0x63, 0x3f, 0xaf, 0x2f, 0x6c, 0x9d, 0x5e, 0x48, 0x15,
+};
+static const unsigned char kat3146_addinpr1[] = {
+ 0x70, 0x0f, 0x54, 0xf4, 0x53, 0xde, 0xca, 0x61, 0x5c, 0x49, 0x51, 0xd1,
+ 0x41, 0xc4, 0xf1, 0x2f, 0x65, 0xfb, 0x7e, 0xbc, 0x9b, 0x14, 0xba, 0x90,
+ 0x05, 0x33, 0x7e, 0x64, 0xb7, 0x2b, 0xaf, 0x99,
+};
+static const unsigned char kat3146_entropyinpr2[] = {
+ 0xeb, 0x77, 0xb0, 0xe9, 0x2d, 0x31, 0xc8, 0x66, 0xc5, 0xc4, 0xa7, 0xf7,
+ 0x6c, 0xb2, 0x74, 0x36, 0x4b, 0x25, 0x78, 0x04, 0xd8, 0xd7, 0xd2, 0x34,
+};
+static const unsigned char kat3146_addinpr2[] = {
+ 0x05, 0xcd, 0x2a, 0x97, 0x5a, 0x5d, 0xfb, 0x98, 0xc1, 0xf1, 0x00, 0x0c,
+ 0xed, 0xe6, 0x2a, 0xba, 0xf0, 0x89, 0x1f, 0x5a, 0x4f, 0xd7, 0x48, 0xb3,
+ 0x24, 0xc0, 0x8a, 0x3d, 0x60, 0x59, 0x5d, 0xb6,
+};
+static const unsigned char kat3146_retbits[] = {
+ 0x29, 0x94, 0xa4, 0xa8, 0x17, 0x3e, 0x62, 0x2f, 0x94, 0xdd, 0x40, 0x1f,
+ 0xe3, 0x7e, 0x77, 0xd4, 0x38, 0xbc, 0x0e, 0x49, 0x46, 0xf6, 0x0e, 0x28,
+ 0x91, 0xc6, 0x9c, 0xc4, 0xa6, 0xa1, 0xf8, 0x9a, 0x64, 0x5e, 0x99, 0x76,
+ 0xd0, 0x2d, 0xee, 0xde, 0xe1, 0x2c, 0x93, 0x29, 0x4b, 0x12, 0xcf, 0x87,
+ 0x03, 0x98, 0xb9, 0x74, 0x41, 0xdb, 0x3a, 0x49, 0x9f, 0x92, 0xd0, 0x45,
+ 0xd4, 0x30, 0x73, 0xbb,
+};
+static const struct drbg_kat_pr_true kat3146_t = {
+ 10, kat3146_entropyin, kat3146_nonce, kat3146_persstr,
+ kat3146_entropyinpr1, kat3146_addinpr1, kat3146_entropyinpr2,
+ kat3146_addinpr2, kat3146_retbits
+};
+static const struct drbg_kat kat3146 = {
+ PR_TRUE, USE_DF, NID_aes_192_ctr, 24, 16, 0, 32, 64, &kat3146_t
+};
+
+static const struct drbg_kat *drbg_test[] = { &kat1308, &kat1465, &kat3146 };
+
+static const size_t drbg_test_nelem = OSSL_NELEM(drbg_test);
+
+static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout,
+ int entropy, size_t min_len, size_t max_len,
+ int prediction_resistance)
+{
+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
+
+ t->entropycnt++;
+ *pout = (unsigned char *)t->entropy;
+ return t->entropylen;
+}
+
+static size_t kat_nonce(RAND_DRBG *drbg, unsigned char **pout,
+ int entropy, size_t min_len, size_t max_len)
+{
+ TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
+
+ t->noncecnt++;
+ *pout = (unsigned char *)t->nonce;
+ return t->noncelen;
+}
+
+/*
+ * Do a single NO_RESEED KAT:
+ *
+ * Instantiate
+ * Generate Random Bits (pr=false)
+ * Generate Random Bits (pr=false)
+ * Uninstantiate
+ *
+ * Return 0 on failure.
+ */
+static int single_kat_no_reseed(const struct drbg_kat *td)
+{
+ struct drbg_kat_no_reseed *data = (struct drbg_kat_no_reseed *)td->t;
+ RAND_DRBG *drbg = NULL;
+ unsigned char *buff = NULL;
+ unsigned int flags = 0;
+ int failures = 0;
+ TEST_CTX t;
+
+ if (td->df != USE_DF)
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
+
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
+ return 0;
+
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
+ kat_nonce, NULL)) {
+ failures++;
+ goto err;
+ }
+ memset(&t, 0, sizeof(t));
+ t.entropy = data->entropyin;
+ t.entropylen = td->entropyinlen;
+ t.nonce = data->nonce;
+ t.noncelen = td->noncelen;
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
+
+ buff = OPENSSL_malloc(td->retbyteslen);
+ if (buff == NULL) {
+ failures++;
+ goto err;
+ }
+
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
+ data->addin1, td->addinlen)
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
+ data->addin2, td->addinlen)
+ || memcmp(data->retbytes, buff,
+ td->retbyteslen) != 0)
+ failures++;
+
+err:
+ OPENSSL_free(buff);
+ RAND_DRBG_uninstantiate(drbg);
+ RAND_DRBG_free(drbg);
+ return failures == 0;
+}
+
+/*-
+ * Do a single PR_FALSE KAT:
+ *
+ * Instantiate
+ * Reseed
+ * Generate Random Bits (pr=false)
+ * Generate Random Bits (pr=false)
+ * Uninstantiate
+ *
+ * Return 0 on failure.
+ */
+static int single_kat_pr_false(const struct drbg_kat *td)
+{
+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
+ RAND_DRBG *drbg = NULL;
+ unsigned char *buff = NULL;
+ unsigned int flags = 0;
+ int failures = 0;
+ TEST_CTX t;
+
+ if (td->df != USE_DF)
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
+
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
+ return 0;
+
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
+ kat_nonce, NULL)) {
+ failures++;
+ goto err;
+ }
+ memset(&t, 0, sizeof(t));
+ t.entropy = data->entropyin;
+ t.entropylen = td->entropyinlen;
+ t.nonce = data->nonce;
+ t.noncelen = td->noncelen;
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
+
+ buff = OPENSSL_malloc(td->retbyteslen);
+ if (buff == NULL) {
+ failures++;
+ goto err;
+ }
+
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
+ failures++;
+
+ t.entropy = data->entropyinreseed;
+ t.entropylen = td->entropyinlen;
+
+ if (!RAND_DRBG_reseed(drbg, data->addinreseed, td->addinlen, 0)
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
+ data->addin1, td->addinlen)
+ || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
+ data->addin2, td->addinlen)
+ || memcmp(data->retbytes, buff,
+ td->retbyteslen) != 0)
+ failures++;
+
+err:
+ OPENSSL_free(buff);
+ RAND_DRBG_uninstantiate(drbg);
+ RAND_DRBG_free(drbg);
+ return failures == 0;
+}
+
+/*-
+ * Do a single PR_TRUE KAT:
+ *
+ * Instantiate
+ * Generate Random Bits (pr=true)
+ * Generate Random Bits (pr=true)
+ * Uninstantiate
+ *
+ * Return 0 on failure.
+ */
+static int single_kat_pr_true(const struct drbg_kat *td)
+{
+ struct drbg_kat_pr_true *data = (struct drbg_kat_pr_true *)td->t;
+ RAND_DRBG *drbg = NULL;
+ unsigned char *buff = NULL;
+ unsigned int flags = 0;
+ int failures = 0;
+ TEST_CTX t;
+
+ if (td->df != USE_DF)
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
+
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
+ return 0;
+
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
+ kat_nonce, NULL)) {
+ failures++;
+ goto err;
+ }
+ memset(&t, 0, sizeof(t));
+ t.nonce = data->nonce;
+ t.noncelen = td->noncelen;
+ t.entropy = data->entropyin;
+ t.entropylen = td->entropyinlen;
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
+
+ buff = OPENSSL_malloc(td->retbyteslen);
+ if (buff == NULL) {
+ failures++;
+ goto err;
+ }
+
+ if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
+ failures++;
+
+ t.entropy = data->entropyinpr1;
+ t.entropylen = td->entropyinlen;
+
+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
+ data->addin1, td->addinlen))
+ failures++;
+
+ t.entropy = data->entropyinpr2;
+ t.entropylen = td->entropyinlen;
+
+ if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
+ data->addin2, td->addinlen)
+ || memcmp(data->retbytes, buff,
+ td->retbyteslen) != 0)
+ failures++;
+
+err:
+ OPENSSL_free(buff);
+ RAND_DRBG_uninstantiate(drbg);
+ RAND_DRBG_free(drbg);
+ return failures == 0;
+}
+
+static int test_kats(int i)
+{
+ const struct drbg_kat *td = drbg_test[i];
+ int rv = 0;
+
+ switch (td->type) {
+ case NO_RESEED:
+ if (!single_kat_no_reseed(td))
+ goto err;
+ break;
+ case PR_FALSE:
+ if (!single_kat_pr_false(td))
+ goto err;
+ break;
+ case PR_TRUE:
+ if (!single_kat_pr_true(td))
+ goto err;
+ break;
+ default: /* cant happen */
+ goto err;
+ }
+ rv = 1;
+err:
+ return rv;
+}
+
+/*-
+ * Do one expected-error test:
+ *
+ * Instantiate with no entropy supplied
+ *
+ * Return 0 on failure.
+ */
+static int test_drbg_sanity(const struct drbg_kat *td)
+{
+ struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
+ RAND_DRBG *drbg = NULL;
+ unsigned int flags = 0;
+ int failures = 0;
+ TEST_CTX t;
+
+ if (td->df != USE_DF)
+ flags |= RAND_DRBG_FLAG_CTR_NO_DF;
+
+ if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
+ return 0;
+
+ if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
+ kat_nonce, NULL)) {
+ failures++;
+ goto err;
+ }
+ memset(&t, 0, sizeof(t));
+ t.entropy = data->entropyin;
+ t.entropylen = 0; /* No entropy */
+ t.nonce = data->nonce;
+ t.noncelen = td->noncelen;
+ RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
+
+ ERR_set_mark();
+ /* This must fail. */
+ if (RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
+ failures++;
+ RAND_DRBG_uninstantiate(drbg);
+ ERR_pop_to_mark();
+
+err:
+ RAND_DRBG_free(drbg);
+ return failures == 0;
+}
+
+
+int FIPS_selftest_drbg_new(void)
+{
+ int i;
+
+ if (!RUN_ONCE(&get_index_once, drbg_app_data_index_init))
+ return 0;
+
+ for (i = 0; i < drbg_test_nelem; i++) {
+ if (test_kats(i) <= 0)
+ return 0;
+ }
+
+ if (test_drbg_sanity(&kat1465) <= 0)
+ return 0;
+
+ return 1;
+}
--- a/include/crypto/rand.h
+++ b/include/crypto/rand.h
@@ -150,4 +150,9 @@ void rand_pool_cleanup(void);
*/
void rand_pool_keep_random_devices_open(int keep);
+/*
+ * Perform the DRBG KAT selftests
+ */
+int FIPS_selftest_drbg_new(void);
+
#endif

104
openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch Normal file
View File

@ -0,0 +1,104 @@
---
crypto/asn1/ameth_lib.c | 18 ++++++++++++++++++
crypto/asn1/standard_methods.h | 29 +++++++++++++++++++++++++++++
crypto/evp/c_alld.c | 6 +++++-
3 files changed, 52 insertions(+), 1 deletion(-)
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -35,7 +35,11 @@ IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_P
int EVP_PKEY_asn1_get_count(void)
{
+#ifdef OPENSSL_FIPS
+ int num = FIPS_mode() ? OSSL_NELEM(standard_fips_methods) : OSSL_NELEM(standard_methods);
+#else
int num = OSSL_NELEM(standard_methods);
+#endif
if (app_methods)
num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods);
return num;
@@ -43,11 +47,19 @@ int EVP_PKEY_asn1_get_count(void)
const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx)
{
+#ifdef OPENSSL_FIPS
+ int num = FIPS_mode() ? OSSL_NELEM(standard_fips_methods) : OSSL_NELEM(standard_methods);
+#else
int num = OSSL_NELEM(standard_methods);
+#endif
if (idx < 0)
return NULL;
if (idx < num)
+#ifdef OPENSSL_FIPS
+ return FIPS_mode() ? standard_fips_methods[idx] : standard_methods[idx];
+#else
return standard_methods[idx];
+#endif
idx -= num;
return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
}
@@ -63,7 +75,13 @@ static const EVP_PKEY_ASN1_METHOD *pkey_
if (idx >= 0)
return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
}
+#ifdef OPENSSL_FIPS
+ ret = FIPS_mode() ? \
+ OBJ_bsearch_ameth(&t, standard_fips_methods, OSSL_NELEM(standard_fips_methods)) : \
+ OBJ_bsearch_ameth(&t, standard_methods, OSSL_NELEM(standard_methods));
+#else
ret = OBJ_bsearch_ameth(&t, standard_methods, OSSL_NELEM(standard_methods));
+#endif
if (!ret || !*ret)
return NULL;
return *ret;
--- a/crypto/asn1/standard_methods.h
+++ b/crypto/asn1/standard_methods.h
@@ -59,3 +59,32 @@ static const EVP_PKEY_ASN1_METHOD *stand
#endif
};
+static const EVP_PKEY_ASN1_METHOD *standard_fips_methods[] = {
+#ifndef OPENSSL_NO_RSA
+ &rsa_asn1_meths[0],
+ &rsa_asn1_meths[1],
+#endif
+#ifndef OPENSSL_NO_DH
+ &dh_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_DSA
+ &dsa_asn1_meths[0],
+ &dsa_asn1_meths[1],
+ &dsa_asn1_meths[2],
+ &dsa_asn1_meths[3],
+ &dsa_asn1_meths[4],
+#endif
+#ifndef OPENSSL_NO_EC
+ &eckey_asn1_meth,
+#endif
+ &hmac_asn1_meth,
+#ifndef OPENSSL_NO_CMAC
+ &cmac_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_RSA
+ &rsa_pss_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_DH
+ &dhx_asn1_meth,
+#endif
+};
--- a/crypto/evp/c_alld.c
+++ b/crypto/evp/c_alld.c
@@ -17,7 +17,11 @@
void openssl_add_all_digests_int(void)
{
#ifdef OPENSSL_FIPS
- if (!FIPS_mode()) {
+ /*
+ * This function is called from FIPS_selftest_ecdsa() before FIPS mode is
+ * turned on. That is the reason why we need to also check fips_in_post().
+ */
+ if (!FIPS_mode() && !fips_in_post()) {
#endif
#ifndef OPENSSL_NO_MD4
EVP_add_digest(EVP_md4());

203
openssl-1_1-jitterentropy-3.4.0.patch Normal file
View File

@ -0,0 +1,203 @@
---
Configurations/00-base-templates.conf | 2 -
crypto/fips/build.info | 3 +-
crypto/fips/fips.c | 8 +++++++
crypto/fips/fips_entropy.c | 38 ++++++++++++++++++++++++++++++++++
crypto/fips/fips_err.h | 1
crypto/init.c | 4 +++
crypto/rand/rand_unix.c | 30 +++++++++++++++++++++++++-
include/crypto/fips_int.h | 2 +
include/openssl/fips.h | 4 +++
util/libcrypto.num | 2 +
10 files changed, 91 insertions(+), 3 deletions(-)
--- a/Configurations/00-base-templates.conf
+++ b/Configurations/00-base-templates.conf
@@ -96,7 +96,7 @@ my %targets=(
ex_libs =>
sub { !defined($disabled{zlib})
&& defined($disabled{"zlib-dynamic"})
- ? "-lz" : () },
+ ? "-lz -ljitterentropy" : "-ljitterentropy" },
HASHBANGPERL => "/usr/bin/env perl", # Only Unix actually cares
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
? "ranlib" : "" },
--- a/crypto/fips/build.info
+++ b/crypto/fips/build.info
@@ -5,7 +5,8 @@ SOURCE[../../libcrypto]=\
fips_post.c drbgtest.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
- fips_dh_selftest.c fips_kdf_selftest.c fips_ers.c fips_sli.c
+ fips_dh_selftest.c fips_kdf_selftest.c fips_ers.c fips_sli.c \
+ fips_entropy.c
PROGRAMS=\
fips_standalone_hmac
--- a/crypto/fips/fips.c
+++ b/crypto/fips/fips.c
@@ -461,6 +461,14 @@ int FIPS_module_mode_set(int onoff)
fips_post = 1;
+ if (!FIPS_entropy_init()) {
+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
+ FIPS_R_ENTROPY_INIT_FAILED);
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+
/* Run the KATs before the HMAC verification for FIPS 140-3 compliance */
if (!FIPS_selftest()) {
fips_selftest_fail = 1;
--- /dev/null
+++ b/crypto/fips/fips_entropy.c
@@ -0,0 +1,38 @@
+#include <openssl/fips.h>
+
+#include "crypto/fips_int.h"
+#include "jitterentropy.h"
+
+static struct rand_data* ec = NULL;
+
+struct rand_data* FIPS_entropy_init(void)
+{
+ if (ec != NULL)
+ /* Entropy source has been initiated and collector allocated */
+ return ec;
+ /* If the initialization is successful, the call returns with 0 */
+ if (jent_entropy_init_ex(1, JENT_FORCE_FIPS) == 0)
+ /* Allocate entropy collector */
+ ec = jent_entropy_collector_alloc(1, JENT_FORCE_FIPS);
+ return ec;
+}
+
+void FIPS_entropy_cleanup(void)
+{
+ /* Free entropy collector */
+ if (ec != NULL) {
+ jent_entropy_collector_free(ec);
+ ec = NULL;
+ }
+}
+
+ssize_t FIPS_jitter_entropy(unsigned char *buf, size_t buflen)
+{
+ ssize_t ent_bytes = -1;
+
+ if (buf != NULL && buflen != 0 && FIPS_entropy_init()) {
+ /* Get entropy */
+ ent_bytes = jent_read_entropy_safe(&ec, (char *)buf, buflen);
+ }
+ return ent_bytes;
+}
--- a/crypto/fips/fips_err.h
+++ b/crypto/fips/fips_err.h
@@ -135,6 +135,7 @@ static ERR_STRING_DATA FIPS_str_reasons[
{ERR_REASON(FIPS_R_DRBG_NOT_INITIALISED), "drbg not initialised"},
{ERR_REASON(FIPS_R_DRBG_STUCK), "drbg stuck"},
{ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED), "entropy error undetected"},
+ {ERR_REASON(FIPS_R_ENTROPY_INIT_FAILED), "entropy init failed"},
{ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),
"entropy not requested for reseed"},
{ERR_REASON(FIPS_R_ENTROPY_SOURCE_STUCK), "entropy source stuck"},
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -27,6 +27,7 @@
#include "crypto/dso_conf.h"
#include "internal/dso.h"
#include "crypto/store.h"
+#include "openssl/fips.h"
static int stopped = 0;
@@ -597,6 +598,9 @@ void OPENSSL_cleanup(void)
rand_cleanup_int();
rand_drbg_cleanup_int();
conf_modules_free_int();
+#ifdef OPENSSL_FIPS
+ FIPS_entropy_cleanup();
+#endif
#ifndef OPENSSL_NO_ENGINE
engine_cleanup_int();
#endif
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -642,9 +642,37 @@ size_t rand_pool_acquire_entropy(RAND_PO
return rand_pool_entropy_available(pool);
# else
size_t entropy_available;
+ int in_post;
+
+# ifdef OPENSSL_FIPS
+ if (FIPS_mode()) {
+ /* Use jitter entropy in FIPS mode */
+ for (in_post = fips_in_post(); in_post >= 0; --in_post) {
+ size_t bytes_needed;
+ unsigned char *buffer;
+ ssize_t bytes;
+ /* Maximum allowed number of consecutive unsuccessful attempts */
+ int attempts = 3;
+
+ bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+ while (bytes_needed != 0 && attempts-- > 0) {
+ buffer = rand_pool_add_begin(pool, bytes_needed);
+ bytes = FIPS_jitter_entropy(buffer, bytes_needed);
+ if (bytes > 0) {
+ rand_pool_add_end(pool, bytes, 8 * bytes);
+ bytes_needed -= bytes;
+ attempts = 3; /* reset counter after successful attempt */
+ } else if (bytes < 0) {
+ break;
+ }
+ }
+ }
+ entropy_available = rand_pool_entropy_available(pool);
+ return entropy_available;
+ }
+# endif
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
- int in_post;
for (in_post = fips_in_post(); in_post >= 0; --in_post) {
{
--- a/include/crypto/fips_int.h
+++ b/include/crypto/fips_int.h
@@ -101,4 +101,6 @@ void fips_set_selftest_fail(void);
void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
+ssize_t FIPS_jitter_entropy(unsigned char *buf, size_t buflen);
+
#endif
--- a/include/openssl/fips.h
+++ b/include/openssl/fips.h
@@ -74,6 +74,9 @@ extern "C" {
BN_GENCB *cb);
int FIPS_dsa_paramgen_check_g(DSA *dsa);
+ struct rand_data* FIPS_entropy_init(void);
+ void FIPS_entropy_cleanup(void);
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
@@ -151,6 +154,7 @@ extern "C" {
# define FIPS_R_DRBG_NOT_INITIALISED 152
# define FIPS_R_DRBG_STUCK 103
# define FIPS_R_ENTROPY_ERROR_UNDETECTED 104
+# define FIPS_R_ENTROPY_INIT_FAILED 161
# define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105
# define FIPS_R_ENTROPY_SOURCE_STUCK 142
# define FIPS_R_ERROR_INITIALISING_DRBG 115
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4647,3 +4647,5 @@ fips_sli_PKCS5_PBKDF2_HMAC_is_approved
fips_sli_HMAC_is_approved 6608 1_1_1l EXIST::FUNCTION:
fips_sli_RAND_bytes_is_approved 6609 1_1_1l EXIST::FUNCTION:
fips_sli_RAND_priv_bytes_is_approved 6610 1_1_1l EXIST::FUNCTION:
+FIPS_entropy_init 6611 1_1_1l EXIST::FUNCTION:
+FIPS_entropy_cleanup 6612 1_1_1l EXIST::FUNCTION:

10
openssl-1_1-ossl-sli-000-fix-build-error.patch Normal file
View File

@ -0,0 +1,10 @@
diff --git a/util/libcrypto.num b/util/libcrypto.num
index e4a490a82..2a778ce92 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4634,3 +4634,5 @@ EVP_KDF_vctrl 6594 1_1_1d EXIST::FUNCTION:
EVP_KDF_ctrl_str 6595 1_1_1d EXIST::FUNCTION:
EVP_KDF_size 6596 1_1_1d EXIST::FUNCTION:
EVP_KDF_derive 6597 1_1_1d EXIST::FUNCTION:
+EC_GROUP_get0_field 6598 1_1_1l EXIST::FUNCTION:EC
+NONFIPS_selftest_check 6599 1_1_1l EXIST::FUNCTION:

111
openssl-1_1-ossl-sli-001-fix-faults-preventing-make-update.patch Normal file
View File

@ -0,0 +1,111 @@
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 43c916fc1..fab410b9e 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -472,16 +472,16 @@ int ec_key_public_check(const EC_KEY *eckey, BN_CTX *ctx)
*/
if (eckey->priv_key != NULL) {
if (BN_cmp(eckey->priv_key, order) >= 0) {
- ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER);
+ ECerr(EC_F_EC_KEY_PUBLIC_CHECK, EC_R_WRONG_ORDER);
goto err;
}
if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
NULL, NULL, ctx)) {
- ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB);
+ ECerr(EC_F_EC_KEY_PUBLIC_CHECK, ERR_R_EC_LIB);
goto err;
}
if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {
- ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
+ ECerr(EC_F_EC_KEY_PUBLIC_CHECK, EC_R_INVALID_PRIVATE_KEY);
goto err;
}
}
diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c
index 8794a6781..f38137388 100644
--- a/crypto/ec/ecdh_ossl.c
+++ b/crypto/ec/ecdh_ossl.c
@@ -28,7 +28,7 @@ int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen,
{
#ifdef OPENSSL_FIPS
if (FIPS_selftest_failed()) {
- FIPSerr(FIPS_F_ECDH_COMPUTE_KEY, FIPS_R_FIPS_SELFTEST_FAILED);
+ FIPSerr(FIPS_F_OSSL_ECDH_COMPUTE_KEY, FIPS_R_FIPS_SELFTEST_FAILED);
return -1;
}
#endif
diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c
index 3445abd02..9e9526241 100644
--- a/crypto/ec/ecdsa_ossl.c
+++ b/crypto/ec/ecdsa_ossl.c
@@ -204,7 +204,7 @@ ECDSA_SIG *ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
#ifdef OPENSSL_FIPS
if (FIPS_selftest_failed()) {
- FIPSerr(FIPS_F_OSSL_ECDSA_SIGN_SIG, FIPS_R_FIPS_SELFTEST_FAILED);
+ FIPSerr(FIPS_F_ECDSA_SIMPLE_SIGN_SIG, FIPS_R_FIPS_SELFTEST_FAILED);
return NULL;
}
#endif
@@ -373,7 +373,7 @@ int ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len,
#ifdef OPENSSL_FIPS
if (FIPS_selftest_failed()) {
- FIPSerr(FIPS_F_OSSL_ECDSA_VERIFY_SIG, FIPS_R_FIPS_SELFTEST_FAILED);
+ FIPSerr(FIPS_F_ECDSA_SIMPLE_VERIFY_SIG, FIPS_R_FIPS_SELFTEST_FAILED);
return -1;
}
#endif
diff --git a/crypto/fips/fips_sha_selftest.c b/crypto/fips/fips_sha_selftest.c
index 035c2c092..4a6336248 100644
--- a/crypto/fips/fips_sha_selftest.c
+++ b/crypto/fips/fips_sha_selftest.c
@@ -195,25 +195,25 @@ int FIPS_selftest_sha3(void)
EVP_Digest(msg_sha3_256, sizeof(msg_sha3_256), md, NULL, EVP_sha3_256(), NULL);
if (memcmp(dig_sha3_256, md, sizeof(dig_sha3_256))) {
- FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED);
+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA3, FIPS_R_SELFTEST_FAILED);
return 0;
}
EVP_Digest(msg_sha3_512, sizeof(msg_sha3_512), md, NULL, EVP_sha3_512(), NULL);
if (memcmp(dig_sha3_512, md, sizeof(dig_sha3_512))) {
- FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED);
+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA3, FIPS_R_SELFTEST_FAILED);
return 0;
}
EVP_Digest(msg_shake_128, sizeof(msg_shake_128), md, NULL, EVP_shake128(), NULL);
if (memcmp(dig_shake_128, md, sizeof(dig_shake_128))) {
- FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED);
+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA3, FIPS_R_SELFTEST_FAILED);
return 0;
}
EVP_Digest(msg_shake_256, sizeof(msg_shake_256), md, NULL, EVP_shake256(), NULL);
if (memcmp(dig_shake_256, md, sizeof(dig_shake_256))) {
- FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_SELFTEST_FAILED);
+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA3, FIPS_R_SELFTEST_FAILED);
return 0;
}
diff --git a/include/openssl/fips.h b/include/openssl/fips.h
index e4208cbfa..7af006e7b 100644
--- a/include/openssl/fips.h
+++ b/include/openssl/fips.h
@@ -130,8 +130,13 @@ extern "C" {
# define FIPS_F_FIPS_SELFTEST_HKDF 155
# define FIPS_F_FIPS_SELFTEST_SHA1 115
# define FIPS_F_FIPS_SELFTEST_SHA2 105
+# define FIPS_F_FIPS_SELFTEST_SHA3 156
+# define FIPS_F_ECDSA_SIMPLE_VERIFY_SIG 157
+# define FIPS_F_ECDSA_SIMPLE_SIGN_SIG 158
# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143
# define FIPS_F_OSSL_ECDSA_VERIFY_SIG 148
+# define FIPS_F_OSSL_ECDSA_SIMPLE_VERIFY_SIG 159
+# define FIPS_F_OSSL_ECDH_COMPUTE_KEY 160
# define FIPS_F_RSA_BUILTIN_KEYGEN 116
# define FIPS_F_RSA_OSSL_INIT 149
# define FIPS_F_RSA_OSSL_PRIVATE_DECRYPT 117

946
openssl-1_1-ossl-sli-002-ran-make-update.patch Normal file
View File

@ -0,0 +1,946 @@
---
apps/openssl-vms.cnf | 18 ++++
crypto/dh/dh_err.c | 8 -
crypto/dsa/dsa_err.c | 8 +
crypto/ec/ec_err.c | 29 ++++++-
crypto/err/openssl.txt | 40 +++++++++
crypto/evp/evp_err.c | 6 -
crypto/fips/fips_ers.c | 189 +++++++++++++++++++++++++++++++++++++++++++++--
crypto/rsa/rsa_err.c | 23 +++--
include/openssl/dherr.h | 15 +--
include/openssl/dsaerr.h | 18 +---
include/openssl/ecerr.h | 7 -
include/openssl/evperr.h | 19 ++--
include/openssl/rsaerr.h | 32 +++----
13 files changed, 333 insertions(+), 79 deletions(-)
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
@@ -11,6 +11,24 @@
# defined.
HOME = .
+openssl_conf = openssl_init
+
+[ openssl_init ]
+
+engines = engine_section
+
+[ engine_section ]
+
+# This include will look through the directory that will contain the
+# engine declarations for any engines provided by other packages.
+.include /etc/ssl/engines.d
+
+# This include will look through the directory that will contain the
+# definitions of the engines declared in the engine section.
+.include /etc/ssl/engdef.d
+
+[ oid_section ]
+
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -26,8 +26,8 @@ static const ERR_STRING_DATA DH_str_func
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0),
"dh_cms_set_shared_info"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_COMPUTE_KEY, 0), "DH_compute_key"},
- {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_KEY, 0), "DH_generate_key"},
- {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_PARAMETERS_EX, 0), "DH_generate_parameters_ex"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_PARAMETERS_EX, 0),
+ "DH_generate_parameters_ex"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_DUP, 0), "DH_meth_dup"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_NEW, 0), "DH_meth_new"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_SET1_NAME, 0), "DH_meth_set1_name"},
@@ -78,11 +78,11 @@ static const ERR_STRING_DATA DH_str_reas
{ERR_PACK(ERR_LIB_DH, 0, DH_R_KEY_SIZE_TOO_SMALL), "key size too small"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_NON_FIPS_METHOD), "non fips method"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR),
"not suitable generator"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"},
- {ERR_PACK(ERR_LIB_DH, 0, DH_R_NON_FIPS_METHOD), "non FIPS method"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
"parameter encoding error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -24,7 +24,8 @@ static const ERR_STRING_DATA DSA_str_fun
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, 0), "DSA_do_sign"},
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_VERIFY, 0), "DSA_do_verify"},
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_KEY, 0), "DSA_generate_key"},
- {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_PARAMETERS_EX, 0), "DSA_generate_parameters_ex"},
+ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_PARAMETERS_EX, 0),
+ "DSA_generate_parameters_ex"},
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"},
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"},
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"},
@@ -60,8 +61,9 @@ static const ERR_STRING_DATA DSA_str_rea
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY),
"missing private key"},
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
+ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NON_FIPS_DSA_METHOD),
+ "non fips dsa method"},
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"},
- {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NON_FIPS_DSA_METHOD), "non FIPS DSA method"},
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR),
"parameter encoding error"},
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"},
--- a/crypto/ec/ec_err.c
+++ b/crypto/ec/ec_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,9 +27,19 @@ static const ERR_STRING_DATA EC_str_func
"ecdh_simple_compute_key"},
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_SIGN_EX, 0), "ECDSA_do_sign_ex"},
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_VERIFY, 0), "ECDSA_do_verify"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_S390X_NISTP_SIGN_SIG, 0),
+ "ecdsa_s390x_nistp_sign_sig"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, 0),
+ "ecdsa_s390x_nistp_verify_sig"},
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_EX, 0), "ECDSA_sign_ex"},
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_SETUP, 0), "ECDSA_sign_setup"},
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIG_NEW, 0), "ECDSA_SIG_new"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIMPLE_SIGN_SETUP, 0),
+ "ecdsa_simple_sign_setup"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIMPLE_SIGN_SIG, 0),
+ "ecdsa_simple_sign_sig"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIMPLE_VERIFY_SIG, 0),
+ "ecdsa_simple_verify_sig"},
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_VERIFY, 0), "ECDSA_verify"},
{ERR_PACK(ERR_LIB_EC, EC_F_ECD_ITEM_VERIFY, 0), "ecd_item_verify"},
{ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM2TYPE, 0), "eckey_param2type"},
@@ -193,6 +203,7 @@ static const ERR_STRING_DATA EC_str_func
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT_FP, 0), "EC_KEY_print_fp"},
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2BUF, 0), "EC_KEY_priv2buf"},
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2OCT, 0), "EC_KEY_priv2oct"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PUBLIC_CHECK, 0), "ec_key_public_check"},
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, 0),
"EC_KEY_set_public_key_affine_coordinates"},
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_CHECK_KEY, 0),
@@ -266,6 +277,8 @@ static const ERR_STRING_DATA EC_str_func
{ERR_PACK(ERR_LIB_EC, EC_F_OLD_EC_PRIV_DECODE, 0), "old_ec_priv_decode"},
{ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDH_COMPUTE_KEY, 0),
"ossl_ecdh_compute_key"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_SIGN_SETUP, 0),
+ "ossl_ecdsa_sign_setup"},
{ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_SIGN_SIG, 0), "ossl_ecdsa_sign_sig"},
{ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_VERIFY_SIG, 0),
"ossl_ecdsa_verify_sig"},
@@ -284,6 +297,18 @@ static const ERR_STRING_DATA EC_str_func
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KEYGEN, 0), "pkey_ec_keygen"},
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_PARAMGEN, 0), "pkey_ec_paramgen"},
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, 0), "pkey_ec_sign"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_DIGESTSIGN25519, 0),
+ "s390x_pkey_ecd_digestsign25519"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_DIGESTSIGN448, 0),
+ "s390x_pkey_ecd_digestsign448"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_KEYGEN25519, 0),
+ "s390x_pkey_ecd_keygen25519"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_KEYGEN448, 0),
+ "s390x_pkey_ecd_keygen448"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECX_KEYGEN25519, 0),
+ "s390x_pkey_ecx_keygen25519"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECX_KEYGEN448, 0),
+ "s390x_pkey_ecx_keygen448"},
{ERR_PACK(ERR_LIB_EC, EC_F_VALIDATE_ECX_DERIVE, 0), "validate_ecx_derive"},
{0, NULL}
};
@@ -298,6 +323,8 @@ static const ERR_STRING_DATA EC_str_reas
"coordinates out of range"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH),
"curve does not support ecdh"},
+ {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA),
+ "curve does not support ecdsa"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING),
"curve does not support signing"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_D2I_ECPKPARAMETERS_FAILURE),
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -408,6 +408,8 @@ DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pu
DH_F_DH_CMS_DECRYPT:114:dh_cms_decrypt
DH_F_DH_CMS_SET_PEERKEY:115:dh_cms_set_peerkey
DH_F_DH_CMS_SET_SHARED_INFO:116:dh_cms_set_shared_info
+DH_F_DH_COMPUTE_KEY:126:DH_compute_key
+DH_F_DH_GENERATE_PARAMETERS_EX:127:DH_generate_parameters_ex
DH_F_DH_METH_DUP:117:DH_meth_dup
DH_F_DH_METH_NEW:118:DH_meth_new
DH_F_DH_METH_SET1_NAME:119:DH_meth_set1_name
@@ -427,10 +429,13 @@ DH_F_PKEY_DH_INIT:125:pkey_dh_init
DH_F_PKEY_DH_KEYGEN:113:pkey_dh_keygen
DSA_F_DSAPARAMS_PRINT:100:DSAparams_print
DSA_F_DSAPARAMS_PRINT_FP:101:DSAparams_print_fp
+DSA_F_DSA_BUILTIN_KEYGEN:108:dsa_builtin_keygen
DSA_F_DSA_BUILTIN_PARAMGEN:125:dsa_builtin_paramgen
DSA_F_DSA_BUILTIN_PARAMGEN2:126:dsa_builtin_paramgen2
DSA_F_DSA_DO_SIGN:112:DSA_do_sign
DSA_F_DSA_DO_VERIFY:113:DSA_do_verify
+DSA_F_DSA_GENERATE_KEY:109:DSA_generate_key
+DSA_F_DSA_GENERATE_PARAMETERS_EX:110:DSA_generate_parameters_ex
DSA_F_DSA_METH_DUP:127:DSA_meth_dup
DSA_F_DSA_METH_NEW:128:DSA_meth_new
DSA_F_DSA_METH_SET1_NAME:129:DSA_meth_set1_name
@@ -494,15 +499,15 @@ EC_F_ECDH_COMPUTE_KEY:246:ECDH_compute_k
EC_F_ECDH_SIMPLE_COMPUTE_KEY:257:ecdh_simple_compute_key
EC_F_ECDSA_DO_SIGN_EX:251:ECDSA_do_sign_ex
EC_F_ECDSA_DO_VERIFY:252:ECDSA_do_verify
+EC_F_ECDSA_S390X_NISTP_SIGN_SIG:313:ecdsa_s390x_nistp_sign_sig
+EC_F_ECDSA_S390X_NISTP_VERIFY_SIG:314:ecdsa_s390x_nistp_verify_sig
EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex
EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup
EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new
-EC_F_ECDSA_VERIFY:253:ECDSA_verify
EC_F_ECDSA_SIMPLE_SIGN_SETUP:310:ecdsa_simple_sign_setup
EC_F_ECDSA_SIMPLE_SIGN_SIG:311:ecdsa_simple_sign_sig
EC_F_ECDSA_SIMPLE_VERIFY_SIG:312:ecdsa_simple_verify_sig
-EC_F_ECDSA_S390X_NISTP_SIGN_SIG:313:ecdsa_s390x_nistp_sign_sig
-EC_F_ECDSA_S390X_NISTP_VERIFY_SIG:314:ecdsa_s390x_nistp_verify_sig
+EC_F_ECDSA_VERIFY:253:ECDSA_verify
EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
@@ -610,6 +615,7 @@ EC_F_EC_KEY_PRINT:180:EC_KEY_print
EC_F_EC_KEY_PRINT_FP:181:EC_KEY_print_fp
EC_F_EC_KEY_PRIV2BUF:279:EC_KEY_priv2buf
EC_F_EC_KEY_PRIV2OCT:256:EC_KEY_priv2oct
+EC_F_EC_KEY_PUBLIC_CHECK:299:ec_key_public_check
EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES:229:\
EC_KEY_set_public_key_affine_coordinates
EC_F_EC_KEY_SIMPLE_CHECK_KEY:258:ec_key_simple_check_key
@@ -735,6 +741,7 @@ EVP_F_AES_OCB_CIPHER:169:aes_ocb_cipher
EVP_F_AES_T4_INIT_KEY:178:aes_t4_init_key
EVP_F_AES_T4_XTS_INIT_KEY:208:aes_t4_xts_init_key
EVP_F_AES_WRAP_CIPHER:170:aes_wrap_cipher
+EVP_F_AES_XTS_CIPHER:210:aes_xts_cipher
EVP_F_AES_XTS_INIT_KEY:209:aes_xts_init_key
EVP_F_ALG_MODULE_INIT:177:alg_module_init
EVP_F_ARIA_CCM_INIT_KEY:175:aria_ccm_init_key
@@ -844,6 +851,8 @@ FIPS_F_EVP_CIPHER_CTX_NEW:137:EVP_CIPHER
FIPS_F_EVP_CIPHER_CTX_RESET:122:EVP_CIPHER_CTX_reset
FIPS_F_EVP_CIPHERINIT_EX:124:EVP_CipherInit_ex
FIPS_F_EVP_DIGESTINIT_EX:125:EVP_DigestInit_ex
+FIPS_F_ECDSA_SIMPLE_SIGN_SIG:104:ecdsa_simple_sign_sig
+FIPS_F_ECDSA_SIMPLE_VERIFY_SIG:105:ecdsa_simple_verify_sig
FIPS_F_FIPS_CHECK_DSA:104:fips_check_dsa
FIPS_F_FIPS_CHECK_EC:142:fips_check_ec
FIPS_F_FIPS_CHECK_RSA:106:fips_check_rsa
@@ -874,9 +883,15 @@ FIPS_F_FIPS_SELFTEST_CMAC:130:FIPS_selft
FIPS_F_FIPS_SELFTEST_DES:111:FIPS_selftest_des
FIPS_F_FIPS_SELFTEST_DSA:112:FIPS_selftest_dsa
FIPS_F_FIPS_SELFTEST_ECDSA:133:FIPS_selftest_ecdsa
+FIPS_F_FIPS_SELFTEST_HKDF:136:FIPS_selftest_hkdf
FIPS_F_FIPS_SELFTEST_HMAC:113:FIPS_selftest_hmac
+FIPS_F_FIPS_SELFTEST_PBKDF2:138:FIPS_selftest_pbkdf2
FIPS_F_FIPS_SELFTEST_SHA1:115:FIPS_selftest_sha1
FIPS_F_FIPS_SELFTEST_SHA2:105:FIPS_selftest_sha2
+FIPS_F_FIPS_SELFTEST_SHA3:141:FIPS_selftest_sha3
+FIPS_F_FIPS_SELFTEST_SSH:142:FIPS_selftest_ssh
+FIPS_F_FIPS_SELFTEST_TLS:143:FIPS_selftest_tls
+FIPS_F_OSSL_ECDH_COMPUTE_KEY:144:ossl_ecdh_compute_key
FIPS_F_OSSL_ECDSA_SIGN_SIG:143:ossl_ecdsa_sign_sig
FIPS_F_OSSL_ECDSA_VERIFY_SIG:148:ossl_ecdsa_verify_sig
FIPS_F_RSA_BUILTIN_KEYGEN:116:rsa_builtin_keygen
@@ -1126,6 +1141,7 @@ RAND_F_RAND_PSEUDO_BYTES:126:RAND_pseudo
RAND_F_RAND_WRITE_FILE:112:RAND_write_file
RSA_F_CHECK_PADDING_MD:140:check_padding_md
RSA_F_ENCODE_PKCS1:146:encode_pkcs1
+RSA_F_FIPS_RSA_BUILTIN_KEYGEN:168:fips_rsa_builtin_keygen
RSA_F_INT_RSA_VERIFY:145:int_rsa_verify
RSA_F_OLD_RSA_PRIV_DECODE:147:old_rsa_priv_decode
RSA_F_PKEY_PSS_INIT:165:pkey_pss_init
@@ -1140,6 +1156,8 @@ RSA_F_RSA_CHECK_KEY:123:RSA_check_key
RSA_F_RSA_CHECK_KEY_EX:160:RSA_check_key_ex
RSA_F_RSA_CMS_DECRYPT:159:rsa_cms_decrypt
RSA_F_RSA_CMS_VERIFY:158:rsa_cms_verify
+RSA_F_RSA_GENERATE_KEY_EX:169:RSA_generate_key_ex
+RSA_F_RSA_GENERATE_MULTI_PRIME_KEY:170:RSA_generate_multi_prime_key
RSA_F_RSA_ITEM_VERIFY:148:rsa_item_verify
RSA_F_RSA_METH_DUP:161:RSA_meth_dup
RSA_F_RSA_METH_NEW:162:RSA_meth_new
@@ -1175,12 +1193,18 @@ RSA_F_RSA_PADDING_CHECK_X931:128:RSA_pad
RSA_F_RSA_PARAM_DECODE:164:rsa_param_decode
RSA_F_RSA_PRINT:115:RSA_print
RSA_F_RSA_PRINT_FP:116:RSA_print_fp
+RSA_F_RSA_PRIVATE_DECRYPT:171:RSA_private_decrypt
+RSA_F_RSA_PRIVATE_ENCRYPT:172:RSA_private_encrypt
RSA_F_RSA_PRIV_DECODE:150:rsa_priv_decode
RSA_F_RSA_PRIV_ENCODE:138:rsa_priv_encode
RSA_F_RSA_PSS_GET_PARAM:151:rsa_pss_get_param
RSA_F_RSA_PSS_TO_CTX:155:rsa_pss_to_ctx
+RSA_F_RSA_PUBLIC_DECRYPT:173:RSA_public_decrypt
+RSA_F_RSA_PUBLIC_ENCRYPT:174:RSA_public_encrypt
RSA_F_RSA_PUB_DECODE:139:rsa_pub_decode
RSA_F_RSA_SETUP_BLINDING:136:RSA_setup_blinding
+RSA_F_RSA_SET_DEFAULT_METHOD:175:RSA_set_default_method
+RSA_F_RSA_SET_METHOD:176:RSA_set_method
RSA_F_RSA_SIGN:117:RSA_sign
RSA_F_RSA_SIGN_ASN1_OCTET_STRING:118:RSA_sign_ASN1_OCTET_STRING
RSA_F_RSA_VERIFY:119:RSA_verify
@@ -2189,8 +2213,10 @@ DH_R_INVALID_PARAMETER_NID:114:invalid p
DH_R_INVALID_PUBKEY:102:invalid public key
DH_R_KDF_PARAMETER_ERROR:112:kdf parameter error
DH_R_KEYS_NOT_SET:108:keys not set
+DH_R_KEY_SIZE_TOO_SMALL:126:key size too small
DH_R_MISSING_PUBKEY:125:missing pubkey
DH_R_MODULUS_TOO_LARGE:103:modulus too large
+DH_R_NON_FIPS_METHOD:127:non fips method
DH_R_NOT_SUITABLE_GENERATOR:120:not suitable generator
DH_R_NO_PARAMETERS_SET:107:no parameters set
DH_R_NO_PRIVATE_VALUE:100:no private value
@@ -2204,9 +2230,12 @@ DSA_R_BN_ERROR:109:bn error
DSA_R_DECODE_ERROR:104:decode error
DSA_R_INVALID_DIGEST_TYPE:106:invalid digest type
DSA_R_INVALID_PARAMETERS:112:invalid parameters
+DSA_R_KEY_SIZE_INVALID:114:key size invalid
+DSA_R_KEY_SIZE_TOO_SMALL:115:key size too small
DSA_R_MISSING_PARAMETERS:101:missing parameters
DSA_R_MISSING_PRIVATE_KEY:111:missing private key
DSA_R_MODULUS_TOO_LARGE:103:modulus too large
+DSA_R_NON_FIPS_DSA_METHOD:116:non fips dsa method
DSA_R_NO_PARAMETERS_SET:107:no parameters set
DSA_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
DSA_R_Q_NOT_PRIME:113:q not prime
@@ -2344,6 +2373,7 @@ EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH:
EVP_R_DECODE_ERROR:114:decode error
EVP_R_DIFFERENT_KEY_TYPES:101:different key types
EVP_R_DIFFERENT_PARAMETERS:153:different parameters
+EVP_R_DISABLED_FOR_FIPS:185:disabled for fips
EVP_R_ERROR_LOADING_SECTION:165:error loading section
EVP_R_ERROR_SETTING_FIPS_MODE:166:error setting fips mode
EVP_R_EXPECTING_AN_HMAC_KEY:174:expecting an hmac key
@@ -2389,6 +2419,7 @@ EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREA
EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error
EVP_R_PRIVATE_KEY_ENCODE_ERROR:146:private key encode error
EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa
+EVP_R_TOO_LARGE:186:too large
EVP_R_UNKNOWN_CIPHER:160:unknown cipher
EVP_R_UNKNOWN_DIGEST:161:unknown digest
EVP_R_UNKNOWN_OPTION:169:unknown option
@@ -2711,11 +2742,13 @@ RSA_R_MODULUS_TOO_LARGE:105:modulus too
RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R:168:mp coefficient not inverse of r
RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D:169:mp exponent not congruent to d
RSA_R_MP_R_NOT_PRIME:170:mp r not prime
+RSA_R_NON_FIPS_RSA_METHOD:171:non fips rsa method
RSA_R_NO_PUBLIC_EXPONENT:140:no public exponent
RSA_R_NULL_BEFORE_BLOCK_MISSING:113:null before block missing
RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES:172:n does not equal product of primes
RSA_R_N_DOES_NOT_EQUAL_P_Q:127:n does not equal p q
RSA_R_OAEP_DECODING_ERROR:121:oaep decoding error
+RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE:173:operation not allowed in fips mode
RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:148:\
operation not supported for this keytype
RSA_R_PADDING_CHECK_FAILED:114:padding check failed
@@ -2737,6 +2770,7 @@ RSA_R_UNSUPPORTED_ENCRYPTION_TYPE:162:un
RSA_R_UNSUPPORTED_LABEL_SOURCE:163:unsupported label source
RSA_R_UNSUPPORTED_MASK_ALGORITHM:153:unsupported mask algorithm
RSA_R_UNSUPPORTED_MASK_PARAMETER:154:unsupported mask parameter
+RSA_R_UNSUPPORTED_PARAMETERS:174:unsupported parameters
RSA_R_UNSUPPORTED_SIGNATURE_TYPE:155:unsupported signature type
RSA_R_VALUE_MISSING:147:value missing
RSA_R_WRONG_SIGNATURE_LENGTH:119:wrong signature length
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -192,7 +192,7 @@ static const ERR_STRING_DATA EVP_str_rea
"different key types"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS),
"different parameters"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DISABLED_FOR_FIPS), "disabled for FIPS"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DISABLED_FOR_FIPS), "disabled for fips"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION),
"error loading section"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE),
@@ -286,8 +286,6 @@ static const ERR_STRING_DATA EVP_str_rea
"wrap mode not allowed"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH),
"wrong final block length"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE),
- "xts data unit is too large"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS),
"xts duplicated keys"},
{0, NULL}
--- a/crypto/fips/fips_ers.c
+++ b/crypto/fips/fips_ers.c
@@ -1,7 +1,186 @@
-#include <openssl/opensslconf.h>
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
-#ifdef OPENSSL_FIPS
-# include "fips_err.h"
-#else
-static void *dummy = &dummy;
+#include <openssl/err.h>
+#include "crypto/fipserr.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA FIPS_str_functs[] = {
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_DRBG_RESEED, 0), "drbg_reseed"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_DSA_BUILTIN_PARAMGEN2, 0),
+ "dsa_builtin_paramgen2"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_DSA_DO_SIGN, 0), "DSA_do_sign"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_DSA_DO_VERIFY, 0), "DSA_do_verify"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_ECDSA_SIMPLE_SIGN_SIG, 0),
+ "ecdsa_simple_sign_sig"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_ECDSA_SIMPLE_VERIFY_SIG, 0),
+ "ecdsa_simple_verify_sig"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_EVP_CIPHERINIT_EX, 0), "EVP_CipherInit_ex"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_EVP_CIPHER_CTX_NEW, 0),
+ "EVP_CIPHER_CTX_new"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_EVP_CIPHER_CTX_RESET, 0),
+ "EVP_CIPHER_CTX_reset"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_EVP_DIGESTINIT_EX, 0), "EVP_DigestInit_ex"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_CHECK_DSA, 0), "fips_check_dsa"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_CHECK_EC, 0), "fips_check_ec"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_CHECK_RSA, 0), "fips_check_rsa"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_BYTES, 0), "fips_drbg_bytes"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_CHECK, 0), "fips_drbg_check"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_ERROR_CHECK, 0),
+ "fips_drbg_error_check"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_GENERATE, 0),
+ "FIPS_drbg_generate"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_INIT, 0), "FIPS_drbg_init"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_INSTANTIATE, 0),
+ "FIPS_drbg_instantiate"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_NEW, 0), "FIPS_drbg_new"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_SINGLE_KAT, 0),
+ "fips_drbg_single_kat"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_GET_ENTROPY, 0), "fips_get_entropy"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_MODULE_MODE_SET, 0),
+ "FIPS_module_mode_set"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_PKEY_SIGNATURE_TEST, 0),
+ "fips_pkey_signature_test"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RAND_BYTES, 0), "FIPS_rand_bytes"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RAND_SEED, 0), "FIPS_rand_seed"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RAND_SET_METHOD, 0),
+ "FIPS_rand_set_method"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RAND_STATUS, 0), "FIPS_rand_status"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, 0),
+ "fips_rsa_builtin_keygen"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_AES, 0), "FIPS_selftest_aes"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_AES_CCM, 0),
+ "FIPS_selftest_aes_ccm"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_AES_GCM, 0),
+ "FIPS_selftest_aes_gcm"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_AES_XTS, 0),
+ "FIPS_selftest_aes_xts"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_CMAC, 0),
+ "FIPS_selftest_cmac"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_DES, 0), "FIPS_selftest_des"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_ECDSA, 0),
+ "FIPS_selftest_ecdsa"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_HKDF, 0),
+ "FIPS_selftest_hkdf"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_HMAC, 0),
+ "FIPS_selftest_hmac"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_PBKDF2, 0),
+ "FIPS_selftest_pbkdf2"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_SHA1, 0),
+ "FIPS_selftest_sha1"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_SHA2, 0),
+ "FIPS_selftest_sha2"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_SHA3, 0),
+ "FIPS_selftest_sha3"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_SSH, 0), "FIPS_selftest_ssh"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_TLS, 0), "FIPS_selftest_tls"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_OSSL_ECDH_COMPUTE_KEY, 0),
+ "ossl_ecdh_compute_key"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_RSA_OSSL_PRIVATE_DECRYPT, 0),
+ "rsa_ossl_private_decrypt"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT, 0),
+ "rsa_ossl_private_encrypt"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_RSA_OSSL_PUBLIC_DECRYPT, 0),
+ "rsa_ossl_public_decrypt"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT, 0),
+ "rsa_ossl_public_encrypt"},
+ {0, NULL}
+};
+
+static const ERR_STRING_DATA FIPS_str_reasons[] = {
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED),
+ "additional input error undetected"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ADDITIONAL_INPUT_TOO_LONG),
+ "additional input too long"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ALREADY_INSTANTIATED),
+ "already instantiated"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_DRBG_NOT_INITIALISED),
+ "drbg not initialised"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ENTROPY_ERROR_UNDETECTED),
+ "entropy error undetected"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),
+ "entropy not requested for reseed"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ENTROPY_SOURCE_STUCK),
+ "entropy source stuck"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_INITIALISING_DRBG),
+ "error initialising drbg"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_INSTANTIATING_DRBG),
+ "error instantiating drbg"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),
+ "error retrieving additional input"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_RETRIEVING_ENTROPY),
+ "error retrieving entropy"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_RETRIEVING_NONCE),
+ "error retrieving nonce"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_FINGERPRINT_DOES_NOT_MATCH),
+ "fingerprint does not match"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_FIPS_MODE_ALREADY_SET),
+ "fips mode already set"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_FIPS_SELFTEST_FAILED),
+ "fips selftest failed"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_FUNCTION_ERROR), "function error"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_GENERATE_ERROR), "generate error"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_GENERATE_ERROR_UNDETECTED),
+ "generate error undetected"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_INSTANTIATE_ERROR), "instantiate error"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_INVALID_KEY_LENGTH),
+ "invalid key length"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_IN_ERROR_STATE), "in error state"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_KEY_TOO_SHORT), "key too short"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NONCE_ERROR_UNDETECTED),
+ "nonce error undetected"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NON_FIPS_METHOD), "non fips method"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NOPR_TEST1_FAILURE),
+ "nopr test1 failure"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NOPR_TEST2_FAILURE),
+ "nopr test2 failure"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NOT_INSTANTIATED), "not instantiated"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PAIRWISE_TEST_FAILED),
+ "pairwise test failed"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PERSONALISATION_ERROR_UNDETECTED),
+ "personalisation error undetected"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PERSONALISATION_STRING_TOO_LONG),
+ "personalisation string too long"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PR_TEST1_FAILURE), "pr test1 failure"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PR_TEST2_FAILURE), "pr test2 failure"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED),
+ "request length error undetected"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG),
+ "request too large for drbg"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_RESEED_COUNTER_ERROR),
+ "reseed counter error"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_RESEED_ERROR), "reseed error"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_SELFTEST_FAILED), "selftest failed"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_SELFTEST_FAILURE), "selftest failure"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_TEST_FAILURE), "test failure"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_UNINSTANTIATE_ERROR),
+ "uninstantiate error"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_UNINSTANTIATE_ZEROISE_ERROR),
+ "uninstantiate zeroise error"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_UNSUPPORTED_DRBG_TYPE),
+ "unsupported drbg type"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_UNSUPPORTED_PLATFORM),
+ "unsupported platform"},
+ {0, NULL}
+};
+
+#endif
+
+int ERR_load_FIPS_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+ if (ERR_func_error_string(FIPS_str_functs[0].error) == NULL) {
+ ERR_load_strings_const(FIPS_str_functs);
+ ERR_load_strings_const(FIPS_str_reasons);
+ }
#endif
+ return 1;
+}
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -34,7 +34,8 @@ static const ERR_STRING_DATA RSA_str_fun
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY_EX, 0), "RSA_check_key_ex"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_DECRYPT, 0), "rsa_cms_decrypt"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_VERIFY, 0), "rsa_cms_verify"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_KEY_EX, 0), "RSA_generate_key_ex"},
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_KEY_EX, 0),
+ "RSA_generate_key_ex"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_MULTI_PRIME_KEY, 0),
"RSA_generate_multi_prime_key"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ITEM_VERIFY, 0), "rsa_item_verify"},
@@ -93,16 +94,21 @@ static const ERR_STRING_DATA RSA_str_fun
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PARAM_DECODE, 0), "rsa_param_decode"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT, 0), "RSA_print"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT_FP, 0), "RSA_print_fp"},
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_DECRYPT, 0),
+ "RSA_private_decrypt"},
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_ENCRYPT, 0),
+ "RSA_private_encrypt"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_DECODE, 0), "rsa_priv_decode"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_ENCODE, 0), "rsa_priv_encode"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_DECRYPT, 0), "RSA_private_decrypt"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_ENCRYPT, 0), "RSA_private_encrypt"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_GET_PARAM, 0), "rsa_pss_get_param"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_TO_CTX, 0), "rsa_pss_to_ctx"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_DECRYPT, 0), "RSA_public_decrypt"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_ENCRYPT, 0), "RSA_public_encrypt"},
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SETUP_BLINDING, 0), "RSA_setup_blinding"},
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_DEFAULT_METHOD, 0),
+ "RSA_set_default_method"},
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_METHOD, 0), "RSA_set_method"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN, 0), "RSA_sign"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN_ASN1_OCTET_STRING, 0),
"RSA_sign_ASN1_OCTET_STRING"},
@@ -111,8 +117,6 @@ static const ERR_STRING_DATA RSA_str_fun
"RSA_verify_ASN1_OCTET_STRING"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 0),
"RSA_verify_PKCS1_PSS_mgf1"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_DEFAULT_METHOD, 0), "RSA_set_default_method"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_METHOD, 0), "RSA_set_method"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"},
{0, NULL}
};
@@ -193,8 +197,9 @@ static const ERR_STRING_DATA RSA_str_rea
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D),
"mp exponent not congruent to d"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"},
+ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NON_FIPS_RSA_METHOD),
+ "non fips rsa method"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
- {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NON_FIPS_RSA_METHOD), "non FIPS rsa method"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING),
"null before block missing"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES),
@@ -204,7 +209,7 @@ static const ERR_STRING_DATA RSA_str_rea
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR),
"oaep decoding error"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),
- "operation not allowed in FIPS mode"},
+ "operation not allowed in fips mode"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
"operation not supported for this keytype"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED),
--- a/include/openssl/dherr.h
+++ b/include/openssl/dherr.h
@@ -11,9 +11,7 @@
#ifndef HEADER_DHERR_H
# define HEADER_DHERR_H
-# ifndef HEADER_SYMHACKS_H
-# include <openssl/symhacks.h>
-# endif
+# include <openssl/symhacks.h>
# include <openssl/opensslconf.h>
@@ -36,9 +34,8 @@ int ERR_load_DH_strings(void);
# define DH_F_DH_CMS_DECRYPT 114
# define DH_F_DH_CMS_SET_PEERKEY 115
# define DH_F_DH_CMS_SET_SHARED_INFO 116
-# define DH_F_DH_COMPUTE_KEY 203
-# define DH_F_DH_GENERATE_KEY 202
-# define DH_F_DH_GENERATE_PARAMETERS_EX 201
+# define DH_F_DH_COMPUTE_KEY 126
+# define DH_F_DH_GENERATE_PARAMETERS_EX 127
# define DH_F_DH_METH_DUP 117
# define DH_F_DH_METH_NEW 118
# define DH_F_DH_METH_SET1_NAME 119
@@ -76,14 +73,14 @@ int ERR_load_DH_strings(void);
# define DH_R_INVALID_PARAMETER_NID 114
# define DH_R_INVALID_PUBKEY 102
# define DH_R_KDF_PARAMETER_ERROR 112
-# define DH_R_KEY_SIZE_TOO_SMALL 201
# define DH_R_KEYS_NOT_SET 108
+# define DH_R_KEY_SIZE_TOO_SMALL 126
# define DH_R_MISSING_PUBKEY 125
# define DH_R_MODULUS_TOO_LARGE 103
+# define DH_R_NON_FIPS_METHOD 127
# define DH_R_NOT_SUITABLE_GENERATOR 120
# define DH_R_NO_PARAMETERS_SET 107
# define DH_R_NO_PRIVATE_VALUE 100
-# define DH_R_NON_FIPS_METHOD 202
# define DH_R_PARAMETER_ENCODING_ERROR 105
# define DH_R_PEER_KEY_ERROR 111
# define DH_R_SHARED_INFO_ERROR 113
--- a/include/openssl/dsaerr.h
+++ b/include/openssl/dsaerr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,9 +11,7 @@
#ifndef HEADER_DSAERR_H
# define HEADER_DSAERR_H
-# ifndef HEADER_SYMHACKS_H
-# include <openssl/symhacks.h>
-# endif
+# include <openssl/symhacks.h>
# include <openssl/opensslconf.h>
@@ -29,13 +27,13 @@ int ERR_load_DSA_strings(void);
*/
# define DSA_F_DSAPARAMS_PRINT 100
# define DSA_F_DSAPARAMS_PRINT_FP 101
-# define DSA_F_DSA_BUILTIN_KEYGEN 202
+# define DSA_F_DSA_BUILTIN_KEYGEN 108
# define DSA_F_DSA_BUILTIN_PARAMGEN 125
# define DSA_F_DSA_BUILTIN_PARAMGEN2 126
-# define DSA_F_DSA_GENERATE_KEY 201
-# define DSA_F_DSA_GENERATE_PARAMETERS_EX 200
# define DSA_F_DSA_DO_SIGN 112
# define DSA_F_DSA_DO_VERIFY 113
+# define DSA_F_DSA_GENERATE_KEY 109
+# define DSA_F_DSA_GENERATE_PARAMETERS_EX 110
# define DSA_F_DSA_METH_DUP 127
# define DSA_F_DSA_METH_NEW 128
# define DSA_F_DSA_METH_SET1_NAME 129
@@ -63,13 +61,13 @@ int ERR_load_DSA_strings(void);
# define DSA_R_DECODE_ERROR 104
# define DSA_R_INVALID_DIGEST_TYPE 106
# define DSA_R_INVALID_PARAMETERS 112
-# define DSA_R_KEY_SIZE_INVALID 201
-# define DSA_R_KEY_SIZE_TOO_SMALL 202
+# define DSA_R_KEY_SIZE_INVALID 114
+# define DSA_R_KEY_SIZE_TOO_SMALL 115
# define DSA_R_MISSING_PARAMETERS 101
# define DSA_R_MISSING_PRIVATE_KEY 111
# define DSA_R_MODULUS_TOO_LARGE 103
+# define DSA_R_NON_FIPS_DSA_METHOD 116
# define DSA_R_NO_PARAMETERS_SET 107
-# define DSA_R_NON_FIPS_DSA_METHOD 200
# define DSA_R_PARAMETER_ENCODING_ERROR 105
# define DSA_R_Q_NOT_PRIME 113
# define DSA_R_SEED_LEN_SMALL 110
--- a/include/openssl/ecerr.h
+++ b/include/openssl/ecerr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,9 +11,7 @@
#ifndef HEADER_ECERR_H
# define HEADER_ECERR_H
-# ifndef HEADER_SYMHACKS_H
-# include <openssl/symhacks.h>
-# endif
+# include <openssl/symhacks.h>
# include <openssl/opensslconf.h>
@@ -143,6 +141,7 @@ int ERR_load_EC_strings(void);
# define EC_F_EC_KEY_PRINT_FP 181
# define EC_F_EC_KEY_PRIV2BUF 279
# define EC_F_EC_KEY_PRIV2OCT 256
+# define EC_F_EC_KEY_PUBLIC_CHECK 299
# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229
# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 258
# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 259
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -22,15 +22,15 @@ int ERR_load_EVP_strings(void);
* EVP function codes.
*/
# define EVP_F_AESNI_INIT_KEY 165
-# define EVP_F_AESNI_XTS_INIT_KEY 233
+# define EVP_F_AESNI_XTS_INIT_KEY 207
# define EVP_F_AES_GCM_CTRL 196
# define EVP_F_AES_INIT_KEY 133
# define EVP_F_AES_OCB_CIPHER 169
# define EVP_F_AES_T4_INIT_KEY 178
-# define EVP_F_AES_T4_XTS_INIT_KEY 234
+# define EVP_F_AES_T4_XTS_INIT_KEY 208
# define EVP_F_AES_WRAP_CIPHER 170
-# define EVP_F_AES_XTS_CIPHER 229
-# define EVP_F_AES_XTS_INIT_KEY 235
+# define EVP_F_AES_XTS_CIPHER 210
+# define EVP_F_AES_XTS_INIT_KEY 209
# define EVP_F_ALG_MODULE_INIT 177
# define EVP_F_ARIA_CCM_INIT_KEY 175
# define EVP_F_ARIA_GCM_CTRL 197
@@ -146,9 +146,9 @@ int ERR_load_EVP_strings(void);
# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
# define EVP_R_DECODE_ERROR 114
-# define EVP_R_DISABLED_FOR_FIPS 200
# define EVP_R_DIFFERENT_KEY_TYPES 101
# define EVP_R_DIFFERENT_PARAMETERS 153
+# define EVP_R_DISABLED_FOR_FIPS 185
# define EVP_R_ERROR_LOADING_SECTION 165
# define EVP_R_ERROR_SETTING_FIPS_MODE 166
# define EVP_R_EXPECTING_AN_HMAC_KEY 174
@@ -184,15 +184,15 @@ int ERR_load_EVP_strings(void);
# define EVP_R_ONLY_ONESHOT_SUPPORTED 177
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
# define EVP_R_OPERATON_NOT_INITIALIZED 151
-# define EVP_R_PARAMETER_TOO_LARGE 187
# define EVP_R_OUTPUT_WOULD_OVERFLOW 184
+# define EVP_R_PARAMETER_TOO_LARGE 187
# define EVP_R_PARTIALLY_OVERLAPPING 162
# define EVP_R_PBKDF2_ERROR 181
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
# define EVP_R_PUBLIC_KEY_NOT_RSA 106
-# define EVP_R_TOO_LARGE 201
+# define EVP_R_TOO_LARGE 186
# define EVP_R_UNKNOWN_CIPHER 160
# define EVP_R_UNKNOWN_DIGEST 161
# define EVP_R_UNKNOWN_OPTION 169
@@ -208,7 +208,6 @@ int ERR_load_EVP_strings(void);
# define EVP_R_UNSUPPORTED_SALT_TYPE 126
# define EVP_R_WRAP_MODE_NOT_ALLOWED 170
# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
-# define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE 191
-# define EVP_R_XTS_DUPLICATED_KEYS 192
+# define EVP_R_XTS_DUPLICATED_KEYS 183
#endif
--- a/include/openssl/rsaerr.h
+++ b/include/openssl/rsaerr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,9 +11,7 @@
#ifndef HEADER_RSAERR_H
# define HEADER_RSAERR_H
-# ifndef HEADER_SYMHACKS_H
-# include <openssl/symhacks.h>
-# endif
+# include <openssl/symhacks.h>
# ifdef __cplusplus
extern "C"
@@ -25,7 +23,7 @@ int ERR_load_RSA_strings(void);
*/
# define RSA_F_CHECK_PADDING_MD 140
# define RSA_F_ENCODE_PKCS1 146
-# define RSA_F_FIPS_RSA_BUILTIN_KEYGEN 206
+# define RSA_F_FIPS_RSA_BUILTIN_KEYGEN 168
# define RSA_F_INT_RSA_VERIFY 145
# define RSA_F_OLD_RSA_PRIV_DECODE 147
# define RSA_F_PKEY_PSS_INIT 165
@@ -40,8 +38,8 @@ int ERR_load_RSA_strings(void);
# define RSA_F_RSA_CHECK_KEY_EX 160
# define RSA_F_RSA_CMS_DECRYPT 159
# define RSA_F_RSA_CMS_VERIFY 158
-# define RSA_F_RSA_GENERATE_KEY_EX 204
-# define RSA_F_RSA_GENERATE_MULTI_PRIME_KEY 207
+# define RSA_F_RSA_GENERATE_KEY_EX 169
+# define RSA_F_RSA_GENERATE_MULTI_PRIME_KEY 170
# define RSA_F_RSA_ITEM_VERIFY 148
# define RSA_F_RSA_METH_DUP 161
# define RSA_F_RSA_METH_NEW 162
@@ -77,18 +75,18 @@ int ERR_load_RSA_strings(void);
# define RSA_F_RSA_PARAM_DECODE 164
# define RSA_F_RSA_PRINT 115
# define RSA_F_RSA_PRINT_FP 116
+# define RSA_F_RSA_PRIVATE_DECRYPT 171
+# define RSA_F_RSA_PRIVATE_ENCRYPT 172
# define RSA_F_RSA_PRIV_DECODE 150
# define RSA_F_RSA_PRIV_ENCODE 138
-# define RSA_F_RSA_PRIVATE_DECRYPT 200
-# define RSA_F_RSA_PRIVATE_ENCRYPT 201
# define RSA_F_RSA_PSS_GET_PARAM 151
# define RSA_F_RSA_PSS_TO_CTX 155
+# define RSA_F_RSA_PUBLIC_DECRYPT 173
+# define RSA_F_RSA_PUBLIC_ENCRYPT 174
# define RSA_F_RSA_PUB_DECODE 139
-# define RSA_F_RSA_PUBLIC_DECRYPT 202
-# define RSA_F_RSA_PUBLIC_ENCRYPT 203
# define RSA_F_RSA_SETUP_BLINDING 136
-# define RSA_F_RSA_SET_DEFAULT_METHOD 205
-# define RSA_F_RSA_SET_METHOD 204
+# define RSA_F_RSA_SET_DEFAULT_METHOD 175
+# define RSA_F_RSA_SET_METHOD 176
# define RSA_F_RSA_SIGN 117
# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
# define RSA_F_RSA_VERIFY 119
@@ -139,19 +137,19 @@ int ERR_load_RSA_strings(void);
# define RSA_R_KEY_PRIME_NUM_INVALID 165
# define RSA_R_KEY_SIZE_TOO_SMALL 120
# define RSA_R_LAST_OCTET_INVALID 134
-# define RSA_R_MISSING_PRIVATE_KEY 179
# define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152
+# define RSA_R_MISSING_PRIVATE_KEY 179
# define RSA_R_MODULUS_TOO_LARGE 105
# define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168
# define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169
# define RSA_R_MP_R_NOT_PRIME 170
+# define RSA_R_NON_FIPS_RSA_METHOD 171
# define RSA_R_NO_PUBLIC_EXPONENT 140
-# define RSA_R_NON_FIPS_RSA_METHOD 200
# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
# define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172
# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
# define RSA_R_OAEP_DECODING_ERROR 121
-# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 201
+# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 173
# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
# define RSA_R_PADDING_CHECK_FAILED 114
# define RSA_R_PKCS_DECODING_ERROR 159
@@ -171,7 +169,7 @@ int ERR_load_RSA_strings(void);
# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163
# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153
# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154
-# define RSA_R_UNSUPPORTED_PARAMETERS 202
+# define RSA_R_UNSUPPORTED_PARAMETERS 174
# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155
# define RSA_R_VALUE_MISSING 147
# define RSA_R_WRONG_SIGNATURE_LENGTH 119

3333
openssl-1_1-ossl-sli-003-add-sli.patch Normal file
View File

File diff suppressed because it is too large Load Diff

39
openssl-1_1-ossl-sli-004-allow-aes-xts-256.patch Normal file
View File

@ -0,0 +1,39 @@
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 6adff696c..29b23f9f7 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -4366,6 +4366,21 @@ FIPS_STATUS EVP_CIPHER_get_fips_status(const EVP_CIPHER *cipher) {
/* intended fall-through */
case 256:
return FIPS_APPROVED;
+ case 512:
+ if (cipher->do_cipher == aes_xts_cipher
+ #if defined(OPENSSL_CPUID_OBJ) && ( \
+ ((defined(__i386) || defined(__i386__) || defined(_M_IX86))\
+ && defined(OPENSSL_IA32_SSE2)) \
+ || defined(__x86_64) || defined(__x86_64__) \
+ || defined(_M_AMD64) || defined(_M_X64))
+ || cipher->do_cipher == aesni_xts_cipher
+ #elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
+ || cipher->do_cipher == s390x_aes_xts_cipher
+ #endif
+ )
+ return FIPS_APPROVED;
+ else
+ return FIPS_ERROR;
}
}
/* disapproved for enc and dec: all others, including
diff --git a/test/fips_slitest.c b/test/fips_slitest.c
index d32f748a6..9e37cf36b 100644
--- a/test/fips_slitest.c
+++ b/test/fips_slitest.c
@@ -260,6 +260,8 @@ static const SLI_CIPHER_TEST cipher_tests[] = {
{0, NID_des_ede_ecb},
{0, NID_des_ede_ofb64},
{0, NID_idea_cbc},
+ {1, NID_aes_128_xts},
+ {1, NID_aes_256_xts},
};
static const size_t cipher_tests_len = sizeof(cipher_tests) / sizeof(cipher_tests[0]);

24
openssl-1_1-ossl-sli-005-EC_group_order_bits.patch Normal file
View File

@ -0,0 +1,24 @@
---
crypto/fips/fips_sli.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/crypto/fips/fips_sli.c
+++ b/crypto/fips/fips_sli.c
@@ -328,14 +328,14 @@ static FIPS_STATUS get_fips_keygen_ecdsa
BN_set_bit(pwr24, 24);
BN_set_bit(pwr32, 32);
- if (224 < n && n <= 255) {
+ if (224 <= n && n <= 255) {
if (BN_cmp(cofactor, pwr14) != 1)
ret = FIPS_APPROVED;
- } else if (256 < n && n <= 383) {
+ } else if (256 <= n && n <= 383) {
if (BN_cmp(cofactor, pwr16) != 1)
ret = FIPS_APPROVED;
- } else if (384 < n && n <= 511) {
+ } else if (384 <= n && n <= 511) {
if (BN_cmp(cofactor, pwr24) != 1)
ret = FIPS_APPROVED;

52
openssl-1_1-ossl-sli-006-rsa_pkcs1_padding.patch Normal file
View File

@ -0,0 +1,52 @@
Index: openssl-1.1.1l/crypto/rsa/rsa_pmeth.c
===================================================================
--- openssl-1.1.1l.orig/crypto/rsa/rsa_pmeth.c
+++ openssl-1.1.1l/crypto/rsa/rsa_pmeth.c
@@ -140,13 +140,11 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c
unsigned int sltmp;
if (rctx->pad_mode != RSA_PKCS1_PADDING)
return -1;
- /* PKCS1-v1.5 padding is disallowed after 2023 */
- fips_sli_disapprove_EVP_PKEY_CTX(ctx);
ret = RSA_sign_ASN1_OCTET_STRING(0,
tbs, tbslen, sig, &sltmp, rsa);
-
if (ret <= 0)
return ret;
+ fips_sli_check_hash_siggen_EVP_PKEY_CTX(ctx, rctx->md);
ret = sltmp;
} else if (rctx->pad_mode == RSA_X931_PADDING) {
if ((size_t)EVP_PKEY_size(ctx->pkey) < tbslen + 1) {
@@ -179,13 +177,12 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c
ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
sig, rsa, RSA_X931_PADDING);
} else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
- /* PKCS1-v1.5 padding is disallowed after 2023 */
- fips_sli_disapprove_EVP_PKEY_CTX(ctx);
unsigned int sltmp;
ret = RSA_sign(EVP_MD_type(rctx->md),
tbs, tbslen, sig, &sltmp, rsa);
if (ret <= 0)
return ret;
+ fips_sli_check_hash_siggen_EVP_PKEY_CTX(ctx, rctx->md);
ret = sltmp;
} else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
if (!setup_tbuf(rctx, ctx))
@@ -290,10 +287,13 @@ static int pkey_rsa_verify(EVP_PKEY_CTX
if (rctx->md) {
if (rctx->pad_mode == RSA_PKCS1_PADDING) {
- /* PKCS1-v1.5 padding is disallowed after 2023 */
- fips_sli_disapprove_EVP_PKEY_CTX(ctx);
- return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
- sig, siglen, rsa);
+ int ret;
+ ret = RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
+ sig, siglen, rsa);
+ if (ret <= 0)
+ return 0;
+ fips_sli_check_hash_sigver_EVP_PKEY_CTX(ctx, rctx->md);
+ return ret;
}
if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);

14
openssl-1_1-ossl-sli-007-pbkdf2-keylen.patch Normal file
View File

@ -0,0 +1,14 @@
Index: openssl-1.1.1l/crypto/kdf/pbkdf2.c
===================================================================
--- openssl-1.1.1l.orig/crypto/kdf/pbkdf2.c
+++ openssl-1.1.1l/crypto/kdf/pbkdf2.c
@@ -185,7 +185,8 @@ static int kdf_pbkdf2_derive(EVP_KDF_IMP
}
fips_sli_check_hash_kdf_struct_evp_kdf_impl_st(impl);
-
+ fips_sli_fsm_struct_evp_kdf_impl_st(impl,
+ fips_sli_get_kdf_keylen_status(keylen));
return pkcs5_pbkdf2_alg((char *)impl->pass, impl->pass_len,
impl->salt, impl->salt_len, impl->iter,
impl->md, key, keylen);

136
openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch Normal file
View File

@ -0,0 +1,136 @@
---
crypto/fips/fips_sli.c | 21 +++++++++++++++++++
crypto/kdf/pbkdf2.c | 6 +++++
include/internal/fips_sli_local.h | 3 ++
test/fips_slitest.c | 41 ++++++++++++++++++++++----------------
4 files changed, 54 insertions(+), 17 deletions(-)
--- a/crypto/fips/fips_sli.c
+++ b/crypto/fips/fips_sli.c
@@ -231,6 +231,27 @@ FIPS_STATUS fips_sli_get_kdf_keylen_stat
return FIPS_NONAPPROVED;
}
+FIPS_STATUS fips_sli_get_kdf_saltlen_status(size_t saltlen_bytes) {
+ if (saltlen_bytes >= 128/8)
+ return FIPS_APPROVED;
+ else
+ return FIPS_NONAPPROVED;
+}
+
+FIPS_STATUS fips_sli_get_kdf_iteration_status(size_t iter) {
+ if (iter >= 1000)
+ return FIPS_APPROVED;
+ else
+ return FIPS_NONAPPROVED;
+}
+
+FIPS_STATUS fips_sli_get_kdf_passlen_status(size_t passlen_bytes) {
+ if (passlen_bytes >= 20)
+ return FIPS_APPROVED;
+ else
+ return FIPS_NONAPPROVED;
+}
+
void fips_sli_check_key_rsa_keygen_EVP_PKEY_CTX(EVP_PKEY_CTX * ctx, const RSA * rsa) {
fips_sli_check_key_rsa_siggen_EVP_PKEY_CTX(ctx, rsa);
}
--- a/crypto/kdf/pbkdf2.c
+++ b/crypto/kdf/pbkdf2.c
@@ -187,6 +187,12 @@ static int kdf_pbkdf2_derive(EVP_KDF_IMP
fips_sli_check_hash_kdf_struct_evp_kdf_impl_st(impl);
fips_sli_fsm_struct_evp_kdf_impl_st(impl,
fips_sli_get_kdf_keylen_status(keylen));
+ fips_sli_fsm_struct_evp_kdf_impl_st(impl,
+ fips_sli_get_kdf_saltlen_status(impl->salt_len));
+ fips_sli_fsm_struct_evp_kdf_impl_st(impl,
+ fips_sli_get_kdf_iteration_status(impl->iter));
+ fips_sli_fsm_struct_evp_kdf_impl_st(impl,
+ fips_sli_get_kdf_passlen_status(impl->pass_len));
return pkcs5_pbkdf2_alg((char *)impl->pass, impl->pass_len,
impl->salt, impl->salt_len, impl->iter,
impl->md, key, keylen);
--- a/include/internal/fips_sli_local.h
+++ b/include/internal/fips_sli_local.h
@@ -70,6 +70,9 @@ FIPS_STATUS fips_sli_get_hash_status_ssh
FIPS_STATUS fips_sli_get_hash_status_pbkdf2(const EVP_MD * md);
FIPS_STATUS fips_sli_get_hash_status_kdf_tls1_prf(const EVP_MD * md);
FIPS_STATUS fips_sli_get_kdf_keylen_status(size_t keylen_bytes);
+FIPS_STATUS fips_sli_get_kdf_saltlen_status(size_t saltlen_bytes);
+FIPS_STATUS fips_sli_get_kdf_iteration_status(size_t iter);
+FIPS_STATUS fips_sli_get_kdf_passlen_status(size_t passlen_bytes);
/* Check if used curve is okay for and in this context */
void fips_sli_check_curve_siggen_EVP_PKEY_CTX(EVP_PKEY_CTX *ctx, const EC_GROUP *group);
--- a/test/fips_slitest.c
+++ b/test/fips_slitest.c
@@ -490,36 +490,41 @@ typedef struct {
int nid_digest;
const uint8_t key_expected[32]; // length has to be 32
} SLI_PBKDF2_TEST;
-
static const SLI_PBKDF2_TEST pbkdf2_tests[] = {
{
- 1, 4200, NID_sha256, {
- 0xE7, 0xBE, 0x37, 0x75, 0x9D, 0x53, 0x3E, 0x5A, 0x06, 0x20, 0xC9, 0xA5, 0x3A, 0x8D, 0xA2, 0x9E,
- 0x9C, 0x27, 0xDF, 0x26, 0x24, 0xAB, 0xD8, 0x8E, 0x56, 0xE5, 0xB9, 0xF5, 0xA0, 0xD6, 0xD5, 0xEE
+ 1, 4096, NID_sha1, {
+ 0x3D, 0x2E, 0xEC, 0x4F, 0xE4, 0x1C, 0x84, 0x9B, 0x80, 0xC8, 0xD8, 0x36, 0x62, 0xC0, 0xE4, 0x4A,
+ 0x8B, 0x29, 0x1A, 0x96, 0x4C, 0xF2, 0xF0, 0x70, 0x38, 0xB6, 0xB8, 0x9A, 0x48, 0x61, 0x2C, 0x5A
+ }
+ },
+ {
+ 1, 4096, NID_sha256, {
+ 0x34, 0x8C, 0x89, 0xDB, 0xCB, 0xD3, 0x2B, 0x2F, 0x32, 0xD8, 0x14, 0xB8, 0x11, 0x6E, 0x84, 0xCF,
+ 0x2B, 0x17, 0x34, 0x7E, 0xBC, 0x18, 0x00, 0x18, 0x1C, 0x4E, 0x2A, 0x1F, 0xB8, 0xDD, 0x53, 0xE1
}
},
{
1, 1347, NID_sha256, {
- 0xFB, 0xBB, 0xEC, 0x28, 0x5B, 0x48, 0xE7, 0xC2, 0x54, 0x4E, 0x65, 0x0F, 0x1E, 0xC8, 0xB5, 0x1C,
- 0xF5, 0xAD, 0xAE, 0x2A, 0x21, 0x56, 0x94, 0xD2, 0xE1, 0xB7, 0xC8, 0x7D, 0x7A, 0x0D, 0x63, 0x86
+ 0xD5, 0x99, 0x16, 0xFF, 0x8A, 0xBC, 0x26, 0x37, 0xAF, 0x4B, 0x26, 0xF1, 0x7E, 0x56, 0x8B, 0x7A,
+ 0x00, 0x16, 0xA9, 0xF2, 0x7D, 0x96, 0xDB, 0x33, 0x0A, 0xD0, 0x5F, 0xC3, 0x0C, 0x22, 0xA2, 0xD0
}
},
{
- 1, 4200, NID_sha1, {
- 0x45, 0x96, 0x78, 0xF3, 0x92, 0x74, 0xAC, 0x5B, 0x1F, 0x2B, 0xD3, 0x75, 0x1A, 0xBA, 0x5D, 0xBE,
- 0xF2, 0xDE, 0xE9, 0x88, 0x16, 0x4B, 0x0B, 0x84, 0x94, 0xD9, 0xC2, 0x2D, 0xC1, 0xB9, 0xB0, 0x8A
+ 1, 4096, NID_sha512, {
+ 0x8C, 0x05, 0x11, 0xF4, 0xC6, 0xE5, 0x97, 0xC6, 0xAC, 0x63, 0x15, 0xD8, 0xF0, 0x36, 0x2E, 0x22,
+ 0x5F, 0x3C, 0x50, 0x14, 0x95, 0xBA, 0x23, 0xB8, 0x68, 0xC0, 0x05, 0x17, 0x4D, 0xC4, 0xEE, 0x71
}
},
{
- 1, 4200, NID_sha3_512, {
- 0x1E, 0x77, 0xC8, 0x28, 0x9A, 0x79, 0x2E, 0x25, 0x85, 0x8D, 0x73, 0xB3, 0x0D, 0xA1, 0x26, 0x65,
- 0xC0, 0x04, 0x7D, 0x91, 0xB6, 0x5F, 0x89, 0x5E, 0x01, 0x82, 0x23, 0x35, 0x19, 0x2E, 0x5C, 0x09
+ 1, 4096, NID_sha3_512, {
+ 0xD6, 0x07, 0x91, 0xA4, 0xED, 0x27, 0x19, 0x5D, 0x81, 0x3F, 0x35, 0x51, 0x03, 0x51, 0xB9, 0xD1,
+ 0xFF, 0x9A, 0xD4, 0x26, 0x21, 0x53, 0x94, 0x46, 0x09, 0x50, 0xA4, 0xFE, 0x03, 0xDD, 0x9F, 0x54
}
},
{
- 0, 1347, NID_md5, {
- 0xC2, 0x78, 0x16, 0xDC, 0xD1, 0xC5, 0x71, 0xBD, 0x4A, 0x06, 0x2B, 0x38, 0x50, 0xE7, 0x4E, 0xC2,
- 0x0E, 0x74, 0x9D, 0xB1, 0x59, 0xA8, 0xFF, 0x11, 0x24, 0x68, 0xD0, 0xCF, 0x69, 0xE5, 0x30, 0x36
+ 0, 4096, NID_md5, {
+ 0x8D, 0x5D, 0x0A, 0xAD, 0x94, 0xD1, 0x44, 0x20, 0x42, 0x9F, 0xBC, 0x7E, 0x5B, 0x08, 0x7D, 0x7A,
+ 0x55, 0x27, 0xE6, 0x5D, 0xFD, 0x0D, 0x48, 0x6A, 0x31, 0x0E, 0x8A, 0x7B, 0x6F, 0xF5, 0xA2, 0x1B
}
}
};
@@ -527,8 +532,10 @@ static const size_t pbkdf2_tests_len = s
static int test_PKCS5_PBKDF2_HMAC(int pbkdf2_tests_idx) {
int success = 0;
- const char password[] = "password";
- const unsigned char salt[] = {'s', 'a', 'l', 't'};
+ const char password[] = "passwordPASSWORDpassword";
+ const unsigned char salt[] = {'s', 'a', 'l', 't', 'S', 'A', 'L', 'T', 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
+ 's', 'a', 'l', 't', 'S', 'A', 'L', 'T', 's', 'a', 'l', 't', 'S', 'A', 'L', 'T',
+ 's', 'a', 'l', 't'};
const size_t password_len = sizeof(password) / sizeof(password[0]);
const size_t salt_len = sizeof(salt) / sizeof(salt[0]);

80
openssl-1_1-serialize-jitterentropy-calls.patch Normal file
View File

@ -0,0 +1,80 @@
---
crypto/fips/fips_entropy.c | 40 ++++++++++++++++++++++++++++++++++++++--
1 file changed, 38 insertions(+), 2 deletions(-)
--- a/crypto/fips/fips_entropy.c
+++ b/crypto/fips/fips_entropy.c
@@ -4,35 +4,71 @@
#include "jitterentropy.h"
static struct rand_data* ec = NULL;
+static CRYPTO_RWLOCK *jent_lock = NULL;
+static int stop = 0;
struct rand_data* FIPS_entropy_init(void)
{
- if (ec != NULL)
+ if (ec != NULL) {
/* Entropy source has been initiated and collector allocated */
return ec;
+ }
+ if (stop != 0) {
+ /* FIPS_entropy_cleanup() already called, don't initialize it again */
+ return NULL;
+ }
+ if (jent_lock == NULL) {
+ /* Allocates a new lock to serialize access to jent library */
+ jent_lock = CRYPTO_THREAD_lock_new();
+ if (jent_lock == NULL) {
+ return NULL;
+ }
+ }
+ if (CRYPTO_THREAD_write_lock(jent_lock) == 0) {
+ return NULL;
+ }
/* If the initialization is successful, the call returns with 0 */
if (jent_entropy_init_ex(1, JENT_FORCE_FIPS) == 0)
/* Allocate entropy collector */
ec = jent_entropy_collector_alloc(1, JENT_FORCE_FIPS);
+ CRYPTO_THREAD_unlock(jent_lock);
return ec;
}
void FIPS_entropy_cleanup(void)
{
+ if (jent_lock != NULL && stop == 0) {
+ CRYPTO_THREAD_write_lock(jent_lock);
+ }
+ /* Disable re-initialization in FIPS_entropy_init() */
+ stop = 1;
/* Free entropy collector */
if (ec != NULL) {
jent_entropy_collector_free(ec);
ec = NULL;
}
+ CRYPTO_THREAD_lock_free(jent_lock);
+ jent_lock = NULL;
}
ssize_t FIPS_jitter_entropy(unsigned char *buf, size_t buflen)
{
ssize_t ent_bytes = -1;
- if (buf != NULL && buflen != 0 && FIPS_entropy_init()) {
+ /*
+ * Order is important. We need to call FIPS_entropy_init() before we
+ * acquire jent_lock, otherwise it can lead to deadlock. Once we have
+ * jent_lock, we need to ensure that FIPS_entropy_cleanup() was not called
+ * in the meantime. Then it's safe to read entropy.
+ */
+ if (buf != NULL
+ && buflen != 0
+ && FIPS_entropy_init()
+ && CRYPTO_THREAD_write_lock(jent_lock) != 0
+ && stop == 0) {
/* Get entropy */
ent_bytes = jent_read_entropy_safe(&ec, (char *)buf, buflen);
+ CRYPTO_THREAD_unlock(jent_lock);
}
return ent_bytes;
}

14
openssl-1_1-shortcut-test_afalg_aes_cbc.patch Normal file
View File

@ -0,0 +1,14 @@
diff --git a/test/afalgtest.c b/test/afalgtest.c
index adb2977..c4f848a 100644
--- a/test/afalgtest.c
+++ b/test/afalgtest.c
@@ -43,6 +43,9 @@ static ENGINE *e;
static int test_afalg_aes_cbc(int keysize_idx)
{
+ /* This test fails in fips mode, so just shortcut out. */
+ if ( FIPS_mode()) return 1;
+
EVP_CIPHER_CTX *ctx;
const EVP_CIPHER *cipher;
unsigned char key[] = "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"

68
openssl-1_1.changes
View File

@ -1,3 +1,71 @@
-------------------------------------------------------------------
Tue Sep 12 05:09:28 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- Update to 1.1.1w:
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
The POLY1305 MAC (message authentication code) implementation in OpenSSL
does not save the contents of non-volatile XMM registers on Windows 64
platform when calculating the MAC of data larger than 64 bytes. Before
returning to the caller all the XMM registers are set to zero rather than
restoring their previous content. The vulnerable code is used only on newer
x86_64 processors supporting the AVX512-IFMA instructions.
The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the
application process. However given the contents of the registers are just
zeroized so the attacker cannot put arbitrary values inside, the most likely
consequence, if any, would be an incorrect result of some application
dependent calculations or a crash leading to a denial of service.
(CVE-2023-4807)
-------------------------------------------------------------------
Tue Aug 8 10:34:14 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- Add missing FIPS patches from SLE:
* Add patches:
- bsc1185319-FIPS-KAT-for-ECDSA.patch
- bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch
- openssl-1.1.1-fips-fix-memory-leaks.patch
- openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch
- openssl-1_1-FIPS_drbg-rewire.patch
- openssl-1_1-Zeroization.patch
- openssl-1_1-fips-drbg-selftest.patch
- openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch
- openssl-1_1-jitterentropy-3.4.0.patch
- openssl-1_1-ossl-sli-000-fix-build-error.patch
- openssl-1_1-ossl-sli-001-fix-faults-preventing-make-update.patch
- openssl-1_1-ossl-sli-002-ran-make-update.patch
- openssl-1_1-ossl-sli-003-add-sli.patch
- openssl-1_1-ossl-sli-004-allow-aes-xts-256.patch
- openssl-1_1-ossl-sli-005-EC_group_order_bits.patch
- openssl-1_1-ossl-sli-006-rsa_pkcs1_padding.patch
- openssl-1_1-ossl-sli-007-pbkdf2-keylen.patch
- openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch
- openssl-1_1-serialize-jitterentropy-calls.patch
- openssl-1_1-shortcut-test_afalg_aes_cbc.patch
- openssl-DH.patch
- openssl-FIPS-KAT-before-integrity-tests.patch
- openssl-fips-DH_selftest_shared_secret_KAT.patch
- openssl-fips-kdf-hkdf-selftest.patch
- openssl-kdf-selftest.patch
- openssl-kdf-ssh-selftest.patch
- openssl-kdf-tls-selftest.patch
- openssl-no-date.patch
- openssl-s_client-check-ocsp-status.patch
* Modify patches:
- openssl-1.1.1-fips.patch
- openssl-1_1-FIPS-fix-error-reason-codes.patch
* Remove patches:
- openssl-add_rfc3526_rfc7919.patch
- openssl-fips-dont_run_FIPS_module_installed.patch
- openssl-fips_fix_selftests_return_value.patch
* Add build and runtime dependency on jitterentropy
- Pass over with spec-cleaner
-------------------------------------------------------------------
Tue Aug 1 16:12:36 UTC 2023 - Pedro Monreal <pmonreal@suse.com>

142
openssl-1_1.spec
View File

@ -16,11 +16,13 @@
#
%define ssletcdir %{_sysconfdir}/ssl
%define maj_min 1.1
%define _rname openssl
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
# Enable livepatching support for SLE15-SP4 onwards. It requires
# compiler support introduced there.
%define livepatchable 1
# Set variables for livepatching.
%define _other %{_topdir}/OTHER
%define tar_basename %{_rname}-livepatch-%{version}-%{release}
@ -30,18 +32,13 @@
# Unsupported operating system.
%define livepatchable 0
%endif
%ifnarch x86_64
# Unsupported architectures must have livepatch disabled.
%define livepatchable 0
%endif
%define ssletcdir %{_sysconfdir}/ssl
%define maj_min 1.1
%define _rname openssl
Name: openssl-1_1
# Don't forget to update the version in the "openssl" meta-package!
Version: 1.1.1v
Version: 1.1.1w
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: OpenSSL
@ -63,6 +60,7 @@ Patch3: openssl-pkgconfig.patch
Patch4: openssl-DEFAULT_SUSE_cipher.patch
Patch5: openssl-ppc64-config.patch
Patch6: openssl-riscv64-config.patch
Patch7: openssl-no-date.patch
# PATCH-FIX-UPSTREAM jsc#SLE-6126 and jsc#SLE-6129
Patch8: 0001-s390x-assembly-pack-perlasm-support.patch
Patch9: 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch
@ -94,57 +92,103 @@ Patch35: openssl-ship_fips_standalone_hmac.patch
Patch36: openssl-fips_mode.patch
Patch37: openssl-1.1.1-evp-kdf.patch
Patch38: openssl-1.1.1-ssh-kdf.patch
Patch39: openssl-fips-dont_run_FIPS_module_installed.patch
Patch40: openssl-fips-selftests_in_nonfips_mode.patch
Patch41: openssl-fips-clearerror.patch
Patch42: openssl-fips-ignore_broken_atexit_test.patch
Patch43: openssl-keep_EVP_KDF_functions_version.patch
Patch44: openssl-fips_fix_selftests_return_value.patch
Patch45: openssl-fips-add-SHA3-selftest.patch
Patch46: openssl-fips_selftest_upstream_drbg.patch
Patch47: openssl-unknown_dgst.patch
# PATCH-FIX-UPSTREAM jsc#SLE-7403 Support for CPACF enhancements - part 2 (crypto)
Patch50: openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch
Patch51: openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch
Patch52: openssl-1.1.1-system-cipherlist.patch
# PATCH-FIX-UPSTREAM bsc#1175844 FIPS: (EC)Diffie-Hellman requirements
# from SP800-56Arev3 SLE-15-SP2
Patch52: openssl-DH.patch
Patch53: openssl-kdf-selftest.patch
Patch54: openssl-kdf-tls-selftest.patch
Patch55: openssl-kdf-ssh-selftest.patch
Patch56: openssl-fips-DH_selftest_shared_secret_KAT.patch
# PATCH-FIX-UPSTREAM bsc#1192442 FIPS: missing KAT for HKDF/TLS 1.3/IPSEC IKEv2
Patch57: openssl-fips-kdf-hkdf-selftest.patch
Patch58: openssl-1.1.1-system-cipherlist.patch
# PATCH-FIX-OPENSUSE jsc#SLE-15832 Centralized Crypto Compliance Configuration
Patch53: openssl-1_1-seclevel.patch
Patch54: openssl-1_1-use-seclevel2-in-tests.patch
Patch55: openssl-1_1-disable-test_srp-sslapi.patch
Patch56: openssl-add_rfc3526_rfc7919.patch
Patch57: openssl-1_1-use-include-directive.patch
#PATCH-FIX-UPSTREAM jsc#SLE-18136 POWER10 performance enhancements for cryptography
Patch59: openssl-1_1-seclevel.patch
Patch60: openssl-1_1-use-seclevel2-in-tests.patch
Patch61: openssl-1_1-disable-test_srp-sslapi.patch
# PATCH-FIX-UPSTREAM jsc#SLE-18136 POWER10 performance enhancements for cryptography
Patch69: openssl-1_1-Optimize-ppc64.patch
#PATCH-FIX-UPSTREAM jsc#SLE-19742 Backport Arm improvements from OpenSSL 3
# PATCH-FIX-UPSTREAM jsc#SLE-19742 Backport Arm improvements from OpenSSL 3
Patch70: openssl-1_1-Optimize-RSA-armv8.patch
Patch71: openssl-1_1-Optimize-AES-XTS-aarch64.patch
Patch72: openssl-1_1-Optimize-AES-GCM-uarchs.patch
#PATCH-FIX-SUSE bsc#1182959 FIPS: Fix function and reason error codes
Patch73: openssl-1_1-FIPS-fix-error-reason-codes.patch
#PATCH-FIX-SUSE bsc#1180995 Default to RFC7919 groups in FIPS mode
Patch74: openssl-1_1-paramgen-default_to_rfc7919.patch
# PATCH-FIX-SUSE bsc#1185320 FIPS: move the HMAC-SHA2-256 used for integrity test
Patch73: openssl-FIPS-KAT-before-integrity-tests.patch
# PATCH-FIX-SUSE bsc#1182959 FIPS: Fix function and reason error codes
Patch74: openssl-1_1-FIPS-fix-error-reason-codes.patch
# PATCH-FIX-SUSE bsc#1180995 Default to RFC7919 groups in FIPS mode
Patch75: openssl-1_1-paramgen-default_to_rfc7919.patch
# PATCH-FIX-SUSE bsc#1194187 bsc#1004463 Add engines section in openssl.cnf
Patch76: openssl-1_1-use-include-directive.patch
# PATCH-FIX-SUSE bsc#1197280 FIPS: Additional PBKDF2 requirements for KAT
Patch77: openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch
Patch78: bsc1185319-FIPS-KAT-for-ECDSA.patch
Patch79: bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch
Patch81: openssl-1_1-shortcut-test_afalg_aes_cbc.patch
# PATCH-FIX-SUSE bsc#1190653 FIPS: Provide methods to zeroize all unprotected SSPs and key components
Patch84: openssl-1_1-Zeroization.patch
# PATCH-FIX-SUSE bsc#1190651 FIPS: Provide a service-level indicator
Patch85: openssl-1_1-ossl-sli-000-fix-build-error.patch
Patch86: openssl-1_1-ossl-sli-001-fix-faults-preventing-make-update.patch
Patch87: openssl-1_1-ossl-sli-002-ran-make-update.patch
Patch88: openssl-1_1-ossl-sli-003-add-sli.patch
# PATCH-FIX-SUSE bsc#1202148 FIPS: Port openssl to use jitterentropy
Patch89: openssl-1_1-jitterentropy-3.4.0.patch
# PATCH-FIX-SUSE bsc#1203046 FIPS: Fix memory leak when FIPS mode is enabled
Patch90: openssl-1.1.1-fips-fix-memory-leaks.patch
# PATCH-FIX-FEDORA bsc#1201293 FIPS: RAND api should call into FIPS DRBG
Patch91: openssl-1_1-FIPS_drbg-rewire.patch
# PATCH-FIX-FEDORA bsc#1203069 FIPS: Add KAT for the RAND_DRBG implementation
Patch92: openssl-1_1-fips-drbg-selftest.patch
# PATCH-FIX-SUSE bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472
# FIPS: List only approved digest and pubkey algorithms
Patch93: openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch
# PATCH-FIX-SUSE bsc#1190651 FIPS: Provide a service-level indicator
Patch94: openssl-1_1-ossl-sli-004-allow-aes-xts-256.patch
Patch95: openssl-1_1-ossl-sli-005-EC_group_order_bits.patch
Patch96: openssl-1_1-ossl-sli-006-rsa_pkcs1_padding.patch
Patch97: openssl-1_1-ossl-sli-007-pbkdf2-keylen.patch
# PATCH-FIX-UPSTREAM jsc#PED-512
# POWER10 performance enhancements for cryptography
Patch75: openssl-1_1-AES-GCM-performance-optimzation-with-stitched-method.patch
Patch76: openssl-1_1-Fixed-counter-overflow.patch
Patch77: openssl-1_1-chacha20-performance-optimizations-for-ppc64le-with-.patch
Patch78: openssl-1_1-Fixed-conditional-statement-testing-64-and-256-bytes.patch
Patch79: openssl-1_1-Fix-AES-GCM-on-Power-8-CPUs.patch
#PATCH-FIX-OPENSUSE bsc#1205042 Set OpenSSL 3.0 as the default openssl
Patch80: openssl-1_1-openssl-config.patch
Patch98: openssl-1_1-AES-GCM-performance-optimzation-with-stitched-method.patch
Patch99: openssl-1_1-Fixed-counter-overflow.patch
Patch100: openssl-1_1-chacha20-performance-optimizations-for-ppc64le-with-.patch
Patch101: openssl-1_1-Fixed-conditional-statement-testing-64-and-256-bytes.patch
Patch102: openssl-1_1-Fix-AES-GCM-on-Power-8-CPUs.patch
# PATCH-FIX-OPENSUSE bsc#1205042 Set OpenSSL 3.0 as the default openssl
Patch103: openssl-1_1-openssl-config.patch
# PATCH-FIX-SUSE bsc#1207994 FIPS Make jitterentropy calls thread-safe
Patch104: openssl-1_1-serialize-jitterentropy-calls.patch
# PATCH-FIX-SUSE bsc#1208998 FIPS: PBKDF2 requirements for openssl
Patch105: openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch
# PATCH-FIX-SUSE bsc#1212623 openssl s_client does not honor ocsp revocation status
Patch106: openssl-s_client-check-ocsp-status.patch
# PATCH-FIX-SUSE bsc#1213517 Dont pass zero length input to EVP_Cipher
Patch81: openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
Patch107: openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
BuildRequires: jitterentropy-devel >= 3.4.0
BuildRequires: pkgconfig
BuildRequires: pkgconfig(zlib)
Requires: libjitterentropy3 >= 3.4.0
Provides: ssl
Requires: libopenssl1_1 = %{version}-%{release}
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
Requires: crypto-policies
%endif
# Needed for clean upgrade path, boo#1070003
Obsoletes: openssl-1_0_0
# Needed for clean upgrade from former openssl-1_1_0, boo#1081335
Obsoletes: openssl-1_1_0
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
Requires: crypto-policies
%endif
%description
OpenSSL is a software library to be used in applications that need to
@ -155,12 +199,12 @@ OpenSSL contains an implementation of the SSL and TLS protocols.
%package -n libopenssl1_1
Summary: Secure Sockets and Transport Layer Security
Group: Productivity/Networking/Security
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
Requires: crypto-policies
%endif
Recommends: ca-certificates-mozilla
# Needed for clean upgrade from former openssl-1_1_0, boo#1081335
Obsoletes: libopenssl1_1_0
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
Requires: crypto-policies
%endif
Conflicts: %{name} < %{version}-%{release}
# Merge back the hmac files bsc#1185116
Provides: libopenssl1_1-hmac = %{version}-%{release}
@ -179,6 +223,7 @@ OpenSSL contains an implementation of the SSL and TLS protocols.
%package -n libopenssl-1_1-devel
Summary: Development files for OpenSSL
Group: Development/Libraries/C and C++
Requires: jitterentropy-devel >= 3.4.0
Requires: libopenssl1_1 = %{version}
Requires: pkgconfig(zlib)
Recommends: %{name} = %{version}
@ -250,21 +295,40 @@ export MACHINE=armv6l
perl configdata.pm --dump
util/mkdef.pl crypto update
make depend %{?_smp_mflags}
make all %{?_smp_mflags}
%make_build depend
%make_build all
%check
export MALLOC_CHECK_=3
export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
#export HARNESS_VERBOSE=1
#export OPENSSL_FORCE_FIPS_MODE=1
LD_LIBRARY_PATH=`pwd` make test -j1
# Create the hmac files required to run the regression tests in FIPS mode
#%{buildroot}%{_bindir}/fips_standalone_hmac \
# libssl.so.%{maj_min} > .libssl.so.%{maj_min}.hmac
#%{buildroot}%{_bindir}/fips_standalone_hmac \
# libcrypto.so.%{maj_min} > .libcrypto.so.%{maj_min}.hmac
#OPENSSL_FORCE_FIPS_MODE=1 LD_LIBRARY_PATH=`pwd` make TESTS='-test_pem \
# -test_hmac -test_mdc2 -test_dh -test_dsa -test_genrsa \
# -test_mp_rsa -test_enc -test_enc_more -test_passwd -test_req \
# -test_verify -test_evp -test_evp_extra -test_pkey_meth_kdf \
# -test_bad_dtls -test_comp -test_key_share -test_renegotiation \
# -test_sslcbcpadding -test_sslcertstatus -test_sslextension \
# -test_sslmessages -test_sslrecords -test_sslsessiontick \
# -test_sslsigalgs -test_sslsignature -test_sslskewith0p \
# -test_sslversions -test_sslvertol -test_tls13alerts \
# -test_tls13cookie -test_tls13downgrade -test_tls13hrr \
# -test_tls13kexmodes -test_tls13messages -test_tls13psk \
# -test_tlsextms -test_ca -test_cipherlist -test_cms \
# -test_dtls_mtu -test_ssl_new -test_ssl_old -test_bio_enc \
# -test_sslapi -test_tls13ccs -test_ec' test -j1
# show ciphers
gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE5} -L%{buildroot}%{_libdir} -lssl -lcrypto
LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers
%install
%if %{livepatchable}
# Ipa-clones are files generated by gcc which logs changes made across

3294
openssl-DH.patch Normal file
View File

File diff suppressed because it is too large Load Diff

26
openssl-FIPS-KAT-before-integrity-tests.patch Normal file
View File

@ -0,0 +1,26 @@
Index: openssl-1.1.1l/crypto/fips/fips.c
===================================================================
--- openssl-1.1.1l.orig/crypto/fips/fips.c
+++ openssl-1.1.1l/crypto/fips/fips.c
@@ -453,15 +453,17 @@ int FIPS_module_mode_set(int onoff)
fips_post = 1;
- if (!verify_checksums()) {
- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
- FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+ /* Run the KATs before the HMAC verification for FIPS 140-3 compliance */
+ if (!FIPS_selftest()) {
fips_selftest_fail = 1;
ret = 0;
goto end;
}
- if (!FIPS_selftest()) {
+ /* Run the HMAC verification after the KATs for FIPS 140-3 compliance */
+ if (!verify_checksums()) {
+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
+ FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
fips_selftest_fail = 1;
ret = 0;
goto end;

726
openssl-add_rfc3526_rfc7919.patch
View File

@ -1,726 +0,0 @@
diff --git a/crypto/bn/bn_dh.c b/crypto/bn/bn_dh.c
index 58c44f0..1094716 100644
--- a/crypto/bn/bn_dh.c
+++ b/crypto/bn/bn_dh.c
@@ -13,6 +13,488 @@
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#include "crypto/bn_dh.h"
+
+# if BN_BITS2 == 64
+# define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
+# else
+# define BN_DEF(lo, hi) lo, hi
+# endif
+
+/* DH parameters from RFC3526 */
+
+/*
+ * "1536-bit MODP Group" from RFC3526, Section 2.
+ *
+ * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
+ *
+ * RFC3526 specifies a generator of 2.
+ * RFC2412 specifies a generator of 22.
+ */
+static const BN_ULONG modp_1536_p[] = {
+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xCA237327, 0xF1746C08),
+ BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907),
+ BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23),
+ BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836),
+ BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651),
+ BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB),
+ BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9),
+ BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D),
+ BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3),
+ BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6),
+ BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B),
+ BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
+};
+/* q = (p - 1) / 2 */
+static const BN_ULONG modp_1536_q[] = {
+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x6511B993, 0x78BA3604),
+ BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483),
+ BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91),
+ BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B),
+ BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328),
+ BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD),
+ BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174),
+ BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6),
+ BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9),
+ BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53),
+ BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145),
+ BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF)
+};
+
+/*-
+ * "2048-bit MODP Group" from RFC3526, Section 3.
+ *
+ * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+static const BN_ULONG modp_2048_p[] = {
+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x8AACAA68, 0x15728E5A),
+ BN_DEF(0x98FA0510, 0x15D22618), BN_DEF(0xEA956AE5, 0x3995497C),
+ BN_DEF(0x95581718, 0xDE2BCBF6), BN_DEF(0x6F4C52C9, 0xB5C55DF0),
+ BN_DEF(0xEC07A28F, 0x9B2783A2), BN_DEF(0x180E8603, 0xE39E772C),
+ BN_DEF(0x2E36CE3B, 0x32905E46), BN_DEF(0xCA18217C, 0xF1746C08),
+ BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907),
+ BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23),
+ BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836),
+ BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651),
+ BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB),
+ BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9),
+ BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D),
+ BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3),
+ BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6),
+ BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B),
+ BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
+};
+/* q = (p - 1) / 2 */
+static const BN_ULONG modp_2048_q[] = {
+ BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x45565534, 0x0AB9472D),
+ BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE),
+ BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8),
+ BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96),
+ BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604),
+ BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483),
+ BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91),
+ BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B),
+ BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328),
+ BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD),
+ BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174),
+ BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6),
+ BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9),
+ BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53),
+ BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145),
+ BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF),
+};
+
+/*-
+ * "3072-bit MODP Group" from RFC3526, Section 4.
+ *
+ * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+static const BN_ULONG modp_3072_p[] = {
+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xA93AD2CA, 0x4B82D120),
+ BN_DEF(0xE0FD108E, 0x43DB5BFC), BN_DEF(0x74E5AB31, 0x08E24FA0),
+ BN_DEF(0xBAD946E2, 0x770988C0), BN_DEF(0x7A615D6C, 0xBBE11757),
+ BN_DEF(0x177B200C, 0x521F2B18), BN_DEF(0x3EC86A64, 0xD8760273),
+ BN_DEF(0xD98A0864, 0xF12FFA06), BN_DEF(0x1AD2EE6B, 0xCEE3D226),
+ BN_DEF(0x4A25619D, 0x1E8C94E0), BN_DEF(0xDB0933D7, 0xABF5AE8C),
+ BN_DEF(0xA6E1E4C7, 0xB3970F85), BN_DEF(0x5D060C7D, 0x8AEA7157),
+ BN_DEF(0x58DBEF0A, 0xECFB8504), BN_DEF(0xDF1CBA64, 0xA85521AB),
+ BN_DEF(0x04507A33, 0xAD33170D), BN_DEF(0x8AAAC42D, 0x15728E5A),
+ BN_DEF(0x98FA0510, 0x15D22618), BN_DEF(0xEA956AE5, 0x3995497C),
+ BN_DEF(0x95581718, 0xDE2BCBF6), BN_DEF(0x6F4C52C9, 0xB5C55DF0),
+ BN_DEF(0xEC07A28F, 0x9B2783A2), BN_DEF(0x180E8603, 0xE39E772C),
+ BN_DEF(0x2E36CE3B, 0x32905E46), BN_DEF(0xCA18217C, 0xF1746C08),
+ BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907),
+ BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23),
+ BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836),
+ BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651),
+ BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB),
+ BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9),
+ BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D),
+ BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3),
+ BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6),
+ BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B),
+ BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
+};
+/* q = (p - 1) / 2 */
+static const BN_ULONG modp_3072_q[] = {
+ BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x549D6965, 0x25C16890),
+ BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0),
+ BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB),
+ BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139),
+ BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913),
+ BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746),
+ BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB),
+ BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5),
+ BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D),
+ BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE),
+ BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8),
+ BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96),
+ BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604),
+ BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483),
+ BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91),
+ BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B),
+ BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328),
+ BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD),
+ BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174),
+ BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6),
+ BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9),
+ BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53),
+ BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145),
+ BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF),
+};
+
+/*-
+ * "4096-bit MODP Group" from RFC3526, Section 5.
+ *
+ * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+static const BN_ULONG modp_4096_p[] = {
+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x34063199, 0x4DF435C9),
+ BN_DEF(0x90A6C08F, 0x86FFB7DC), BN_DEF(0x8D8FDDC1, 0x93B4EA98),
+ BN_DEF(0xD5B05AA9, 0xD0069127), BN_DEF(0x2170481C, 0xB81BDD76),
+ BN_DEF(0xCEE2D7AF, 0x1F612970), BN_DEF(0x515BE7ED, 0x233BA186),
+ BN_DEF(0xA090C3A2, 0x99B2964F), BN_DEF(0x4E6BC05D, 0x287C5947),
+ BN_DEF(0x1FBECAA6, 0x2E8EFC14), BN_DEF(0x04DE8EF9, 0xDBBBC2DB),
+ BN_DEF(0x2AD44CE8, 0x2583E9CA), BN_DEF(0xB6150BDA, 0x1A946834),
+ BN_DEF(0x6AF4E23C, 0x99C32718), BN_DEF(0xBDBA5B26, 0x88719A10),
+ BN_DEF(0xA787E6D7, 0x1A723C12), BN_DEF(0xA9210801, 0x4B82D120),
+ BN_DEF(0xE0FD108E, 0x43DB5BFC), BN_DEF(0x74E5AB31, 0x08E24FA0),
+ BN_DEF(0xBAD946E2, 0x770988C0), BN_DEF(0x7A615D6C, 0xBBE11757),
+ BN_DEF(0x177B200C, 0x521F2B18), BN_DEF(0x3EC86A64, 0xD8760273),
+ BN_DEF(0xD98A0864, 0xF12FFA06), BN_DEF(0x1AD2EE6B, 0xCEE3D226),
+ BN_DEF(0x4A25619D, 0x1E8C94E0), BN_DEF(0xDB0933D7, 0xABF5AE8C),
+ BN_DEF(0xA6E1E4C7, 0xB3970F85), BN_DEF(0x5D060C7D, 0x8AEA7157),
+ BN_DEF(0x58DBEF0A, 0xECFB8504), BN_DEF(0xDF1CBA64, 0xA85521AB),
+ BN_DEF(0x04507A33, 0xAD33170D), BN_DEF(0x8AAAC42D, 0x15728E5A),
+ BN_DEF(0x98FA0510, 0x15D22618), BN_DEF(0xEA956AE5, 0x3995497C),
+ BN_DEF(0x95581718, 0xDE2BCBF6), BN_DEF(0x6F4C52C9, 0xB5C55DF0),
+ BN_DEF(0xEC07A28F, 0x9B2783A2), BN_DEF(0x180E8603, 0xE39E772C),
+ BN_DEF(0x2E36CE3B, 0x32905E46), BN_DEF(0xCA18217C, 0xF1746C08),
+ BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907),
+ BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23),
+ BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836),
+ BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651),
+ BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB),
+ BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9),
+ BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D),
+ BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3),
+ BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6),
+ BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B),
+ BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
+};
+/* q = (p - 1) / 2 */
+static const BN_ULONG modp_4096_q[] = {
+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x9A0318CC, 0xA6FA1AE4),
+ BN_DEF(0x48536047, 0xC37FDBEE), BN_DEF(0x46C7EEE0, 0xC9DA754C),
+ BN_DEF(0xEAD82D54, 0x68034893), BN_DEF(0x10B8240E, 0xDC0DEEBB),
+ BN_DEF(0x67716BD7, 0x8FB094B8), BN_DEF(0x28ADF3F6, 0x119DD0C3),
+ BN_DEF(0xD04861D1, 0xCCD94B27), BN_DEF(0xA735E02E, 0x143E2CA3),
+ BN_DEF(0x0FDF6553, 0x97477E0A), BN_DEF(0x826F477C, 0x6DDDE16D),
+ BN_DEF(0x156A2674, 0x12C1F4E5), BN_DEF(0x5B0A85ED, 0x0D4A341A),
+ BN_DEF(0x357A711E, 0x4CE1938C), BN_DEF(0x5EDD2D93, 0xC438CD08),
+ BN_DEF(0x53C3F36B, 0x8D391E09), BN_DEF(0x54908400, 0x25C16890),
+ BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0),
+ BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB),
+ BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139),
+ BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913),
+ BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746),
+ BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB),
+ BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5),
+ BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D),
+ BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE),
+ BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8),
+ BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96),
+ BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604),
+ BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483),
+ BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91),
+ BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B),
+ BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328),
+ BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD),
+ BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174),
+ BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6),
+ BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9),
+ BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53),
+ BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145),
+ BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF),
+};
+
+/*-
+ * "6144-bit MODP Group" from RFC3526, Section 6.
+ *
+ * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+static const BN_ULONG modp_6144_p[] = {
+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x6DCC4024, 0xE694F91E),
+ BN_DEF(0x0B7474D6, 0x12BF2D5B), BN_DEF(0x3F4860EE, 0x043E8F66),
+ BN_DEF(0x6E3C0468, 0x387FE8D7), BN_DEF(0x2EF29632, 0xDA56C9EC),
+ BN_DEF(0xA313D55C, 0xEB19CCB1), BN_DEF(0x8A1FBFF0, 0xF550AA3D),
+ BN_DEF(0xB7C5DA76, 0x06A1D58B), BN_DEF(0xF29BE328, 0xA79715EE),
+ BN_DEF(0x0F8037E0, 0x14CC5ED2), BN_DEF(0xBF48E1D8, 0xCC8F6D7E),
+ BN_DEF(0x2B4154AA, 0x4BD407B2), BN_DEF(0xFF585AC5, 0x0F1D45B7),
+ BN_DEF(0x36CC88BE, 0x23A97A7E), BN_DEF(0xBEC7E8F3, 0x59E7C97F),
+ BN_DEF(0x900B1C9E, 0xB5A84031), BN_DEF(0x46980C82, 0xD55E702F),
+ BN_DEF(0x6E74FEF6, 0xF482D7CE), BN_DEF(0xD1721D03, 0xF032EA15),
+ BN_DEF(0xC64B92EC, 0x5983CA01), BN_DEF(0x378CD2BF, 0x6FB8F401),
+ BN_DEF(0x2BD7AF42, 0x33205151), BN_DEF(0xE6CC254B, 0xDB7F1447),
+ BN_DEF(0xCED4BB1B, 0x44CE6CBA), BN_DEF(0xCF9B14ED, 0xDA3EDBEB),
+ BN_DEF(0x865A8918, 0x179727B0), BN_DEF(0x9027D831, 0xB06A53ED),
+ BN_DEF(0x413001AE, 0xE5DB382F), BN_DEF(0xAD9E530E, 0xF8FF9406),
+ BN_DEF(0x3DBA37BD, 0xC9751E76), BN_DEF(0x602646DE, 0xC1D4DCB2),
+ BN_DEF(0xD27C7026, 0x36C3FAB4), BN_DEF(0x34028492, 0x4DF435C9),
+ BN_DEF(0x90A6C08F, 0x86FFB7DC), BN_DEF(0x8D8FDDC1, 0x93B4EA98),
+ BN_DEF(0xD5B05AA9, 0xD0069127), BN_DEF(0x2170481C, 0xB81BDD76),
+ BN_DEF(0xCEE2D7AF, 0x1F612970), BN_DEF(0x515BE7ED, 0x233BA186),
+ BN_DEF(0xA090C3A2, 0x99B2964F), BN_DEF(0x4E6BC05D, 0x287C5947),
+ BN_DEF(0x1FBECAA6, 0x2E8EFC14), BN_DEF(0x04DE8EF9, 0xDBBBC2DB),
+ BN_DEF(0x2AD44CE8, 0x2583E9CA), BN_DEF(0xB6150BDA, 0x1A946834),
+ BN_DEF(0x6AF4E23C, 0x99C32718), BN_DEF(0xBDBA5B26, 0x88719A10),
+ BN_DEF(0xA787E6D7, 0x1A723C12), BN_DEF(0xA9210801, 0x4B82D120),
+ BN_DEF(0xE0FD108E, 0x43DB5BFC), BN_DEF(0x74E5AB31, 0x08E24FA0),
+ BN_DEF(0xBAD946E2, 0x770988C0), BN_DEF(0x7A615D6C, 0xBBE11757),
+ BN_DEF(0x177B200C, 0x521F2B18), BN_DEF(0x3EC86A64, 0xD8760273),
+ BN_DEF(0xD98A0864, 0xF12FFA06), BN_DEF(0x1AD2EE6B, 0xCEE3D226),
+ BN_DEF(0x4A25619D, 0x1E8C94E0), BN_DEF(0xDB0933D7, 0xABF5AE8C),
+ BN_DEF(0xA6E1E4C7, 0xB3970F85), BN_DEF(0x5D060C7D, 0x8AEA7157),
+ BN_DEF(0x58DBEF0A, 0xECFB8504), BN_DEF(0xDF1CBA64, 0xA85521AB),
+ BN_DEF(0x04507A33, 0xAD33170D), BN_DEF(0x8AAAC42D, 0x15728E5A),
+ BN_DEF(0x98FA0510, 0x15D22618), BN_DEF(0xEA956AE5, 0x3995497C),
+ BN_DEF(0x95581718, 0xDE2BCBF6), BN_DEF(0x6F4C52C9, 0xB5C55DF0),
+ BN_DEF(0xEC07A28F, 0x9B2783A2), BN_DEF(0x180E8603, 0xE39E772C),
+ BN_DEF(0x2E36CE3B, 0x32905E46), BN_DEF(0xCA18217C, 0xF1746C08),
+ BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907),
+ BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23),
+ BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836),
+ BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651),
+ BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB),
+ BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9),
+ BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D),
+ BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3),
+ BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6),
+ BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B),
+ BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
+};
+/* q = (p - 1) / 2 */
+static const BN_ULONG modp_6144_q[] = {
+ BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x36E62012, 0x734A7C8F),
+ BN_DEF(0x85BA3A6B, 0x095F96AD), BN_DEF(0x1FA43077, 0x021F47B3),
+ BN_DEF(0xB71E0234, 0x1C3FF46B), BN_DEF(0x17794B19, 0x6D2B64F6),
+ BN_DEF(0xD189EAAE, 0x758CE658), BN_DEF(0xC50FDFF8, 0x7AA8551E),
+ BN_DEF(0xDBE2ED3B, 0x0350EAC5), BN_DEF(0x794DF194, 0x53CB8AF7),
+ BN_DEF(0x07C01BF0, 0x0A662F69), BN_DEF(0x5FA470EC, 0x6647B6BF),
+ BN_DEF(0x15A0AA55, 0xA5EA03D9), BN_DEF(0xFFAC2D62, 0x078EA2DB),
+ BN_DEF(0x1B66445F, 0x91D4BD3F), BN_DEF(0xDF63F479, 0x2CF3E4BF),
+ BN_DEF(0xC8058E4F, 0x5AD42018), BN_DEF(0xA34C0641, 0x6AAF3817),
+ BN_DEF(0x373A7F7B, 0xFA416BE7), BN_DEF(0xE8B90E81, 0x7819750A),
+ BN_DEF(0xE325C976, 0xACC1E500), BN_DEF(0x9BC6695F, 0x37DC7A00),
+ BN_DEF(0x95EBD7A1, 0x999028A8), BN_DEF(0xF36612A5, 0xEDBF8A23),
+ BN_DEF(0x676A5D8D, 0xA267365D), BN_DEF(0xE7CD8A76, 0x6D1F6DF5),
+ BN_DEF(0x432D448C, 0x8BCB93D8), BN_DEF(0xC813EC18, 0x583529F6),
+ BN_DEF(0xA09800D7, 0x72ED9C17), BN_DEF(0x56CF2987, 0xFC7FCA03),
+ BN_DEF(0x1EDD1BDE, 0x64BA8F3B), BN_DEF(0x3013236F, 0x60EA6E59),
+ BN_DEF(0x693E3813, 0x1B61FD5A), BN_DEF(0x9A014249, 0xA6FA1AE4),
+ BN_DEF(0x48536047, 0xC37FDBEE), BN_DEF(0x46C7EEE0, 0xC9DA754C),
+ BN_DEF(0xEAD82D54, 0x68034893), BN_DEF(0x10B8240E, 0xDC0DEEBB),
+ BN_DEF(0x67716BD7, 0x8FB094B8), BN_DEF(0x28ADF3F6, 0x119DD0C3),
+ BN_DEF(0xD04861D1, 0xCCD94B27), BN_DEF(0xA735E02E, 0x143E2CA3),
+ BN_DEF(0x0FDF6553, 0x97477E0A), BN_DEF(0x826F477C, 0x6DDDE16D),
+ BN_DEF(0x156A2674, 0x12C1F4E5), BN_DEF(0x5B0A85ED, 0x0D4A341A),
+ BN_DEF(0x357A711E, 0x4CE1938C), BN_DEF(0x5EDD2D93, 0xC438CD08),
+ BN_DEF(0x53C3F36B, 0x8D391E09), BN_DEF(0x54908400, 0x25C16890),
+ BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0),
+ BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB),
+ BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139),
+ BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913),
+ BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746),
+ BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB),
+ BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5),
+ BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D),
+ BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE),
+ BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8),
+ BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96),
+ BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604),
+ BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483),
+ BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91),
+ BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B),
+ BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328),
+ BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD),
+ BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174),
+ BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6),
+ BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9),
+ BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53),
+ BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145),
+ BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF),
+};
+
+/*
+ * "8192-bit MODP Group" from RFC3526, Section 7.
+ *
+ * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+static const BN_ULONG modp_8192_p[] = {
+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x98EDD3DF, 0x60C980DD),
+ BN_DEF(0x80B96E71, 0xC81F56E8), BN_DEF(0x765694DF, 0x9E3050E2),
+ BN_DEF(0x5677E9AA, 0x9558E447), BN_DEF(0xFC026E47, 0xC9190DA6),
+ BN_DEF(0xD5EE382B, 0x889A002E), BN_DEF(0x481C6CD7, 0x4009438B),
+ BN_DEF(0xEB879F92, 0x359046F4), BN_DEF(0x1ECFA268, 0xFAF36BC3),
+ BN_DEF(0x7EE74D73, 0xB1D510BD), BN_DEF(0x5DED7EA1, 0xF9AB4819),
+ BN_DEF(0x0846851D, 0x64F31CC5), BN_DEF(0xA0255DC1, 0x4597E899),
+ BN_DEF(0x74AB6A36, 0xDF310EE0), BN_DEF(0x3F44F82D, 0x6D2A13F8),
+ BN_DEF(0xB3A278A6, 0x062B3CF5), BN_DEF(0xED5BDD3A, 0x79683303),
+ BN_DEF(0xA2C087E8, 0xFA9D4B7F), BN_DEF(0x2F8385DD, 0x4BCBC886),
+ BN_DEF(0x6CEA306B, 0x3473FC64), BN_DEF(0x1A23F0C7, 0x13EB57A8),
+ BN_DEF(0xA4037C07, 0x22222E04), BN_DEF(0xFC848AD9, 0xE3FDB8BE),
+ BN_DEF(0xE39D652D, 0x238F16CB), BN_DEF(0x2BF1C978, 0x3423B474),
+ BN_DEF(0x5AE4F568, 0x3AAB639C), BN_DEF(0x6BA42466, 0x2576F693),
+ BN_DEF(0x8AFC47ED, 0x741FA7BF), BN_DEF(0x8D9DD300, 0x3BC832B6),
+ BN_DEF(0x73B931BA, 0xD8BEC4D0), BN_DEF(0xA932DF8C, 0x38777CB6),
+ BN_DEF(0x12FEE5E4, 0x74A3926F), BN_DEF(0x6DBE1159, 0xE694F91E),
+ BN_DEF(0x0B7474D6, 0x12BF2D5B), BN_DEF(0x3F4860EE, 0x043E8F66),
+ BN_DEF(0x6E3C0468, 0x387FE8D7), BN_DEF(0x2EF29632, 0xDA56C9EC),
+ BN_DEF(0xA313D55C, 0xEB19CCB1), BN_DEF(0x8A1FBFF0, 0xF550AA3D),
+ BN_DEF(0xB7C5DA76, 0x06A1D58B), BN_DEF(0xF29BE328, 0xA79715EE),
+ BN_DEF(0x0F8037E0, 0x14CC5ED2), BN_DEF(0xBF48E1D8, 0xCC8F6D7E),
+ BN_DEF(0x2B4154AA, 0x4BD407B2), BN_DEF(0xFF585AC5, 0x0F1D45B7),
+ BN_DEF(0x36CC88BE, 0x23A97A7E), BN_DEF(0xBEC7E8F3, 0x59E7C97F),
+ BN_DEF(0x900B1C9E, 0xB5A84031), BN_DEF(0x46980C82, 0xD55E702F),
+ BN_DEF(0x6E74FEF6, 0xF482D7CE), BN_DEF(0xD1721D03, 0xF032EA15),
+ BN_DEF(0xC64B92EC, 0x5983CA01), BN_DEF(0x378CD2BF, 0x6FB8F401),
+ BN_DEF(0x2BD7AF42, 0x33205151), BN_DEF(0xE6CC254B, 0xDB7F1447),
+ BN_DEF(0xCED4BB1B, 0x44CE6CBA), BN_DEF(0xCF9B14ED, 0xDA3EDBEB),
+ BN_DEF(0x865A8918, 0x179727B0), BN_DEF(0x9027D831, 0xB06A53ED),
+ BN_DEF(0x413001AE, 0xE5DB382F), BN_DEF(0xAD9E530E, 0xF8FF9406),
+ BN_DEF(0x3DBA37BD, 0xC9751E76), BN_DEF(0x602646DE, 0xC1D4DCB2),
+ BN_DEF(0xD27C7026, 0x36C3FAB4), BN_DEF(0x34028492, 0x4DF435C9),
+ BN_DEF(0x90A6C08F, 0x86FFB7DC), BN_DEF(0x8D8FDDC1, 0x93B4EA98),
+ BN_DEF(0xD5B05AA9, 0xD0069127), BN_DEF(0x2170481C, 0xB81BDD76),
+ BN_DEF(0xCEE2D7AF, 0x1F612970), BN_DEF(0x515BE7ED, 0x233BA186),
+ BN_DEF(0xA090C3A2, 0x99B2964F), BN_DEF(0x4E6BC05D, 0x287C5947),
+ BN_DEF(0x1FBECAA6, 0x2E8EFC14), BN_DEF(0x04DE8EF9, 0xDBBBC2DB),
+ BN_DEF(0x2AD44CE8, 0x2583E9CA), BN_DEF(0xB6150BDA, 0x1A946834),
+ BN_DEF(0x6AF4E23C, 0x99C32718), BN_DEF(0xBDBA5B26, 0x88719A10),
+ BN_DEF(0xA787E6D7, 0x1A723C12), BN_DEF(0xA9210801, 0x4B82D120),
+ BN_DEF(0xE0FD108E, 0x43DB5BFC), BN_DEF(0x74E5AB31, 0x08E24FA0),
+ BN_DEF(0xBAD946E2, 0x770988C0), BN_DEF(0x7A615D6C, 0xBBE11757),
+ BN_DEF(0x177B200C, 0x521F2B18), BN_DEF(0x3EC86A64, 0xD8760273),
+ BN_DEF(0xD98A0864, 0xF12FFA06), BN_DEF(0x1AD2EE6B, 0xCEE3D226),
+ BN_DEF(0x4A25619D, 0x1E8C94E0), BN_DEF(0xDB0933D7, 0xABF5AE8C),
+ BN_DEF(0xA6E1E4C7, 0xB3970F85), BN_DEF(0x5D060C7D, 0x8AEA7157),
+ BN_DEF(0x58DBEF0A, 0xECFB8504), BN_DEF(0xDF1CBA64, 0xA85521AB),
+ BN_DEF(0x04507A33, 0xAD33170D), BN_DEF(0x8AAAC42D, 0x15728E5A),
+ BN_DEF(0x98FA0510, 0x15D22618), BN_DEF(0xEA956AE5, 0x3995497C),
+ BN_DEF(0x95581718, 0xDE2BCBF6), BN_DEF(0x6F4C52C9, 0xB5C55DF0),
+ BN_DEF(0xEC07A28F, 0x9B2783A2), BN_DEF(0x180E8603, 0xE39E772C),
+ BN_DEF(0x2E36CE3B, 0x32905E46), BN_DEF(0xCA18217C, 0xF1746C08),
+ BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907),
+ BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23),
+ BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836),
+ BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651),
+ BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB),
+ BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9),
+ BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D),
+ BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3),
+ BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6),
+ BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B),
+ BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF)
+};
+/* q = (p - 1) / 2 */
+static const BN_ULONG modp_8192_q[] = {
+ BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xCC76E9EF, 0xB064C06E),
+ BN_DEF(0x405CB738, 0xE40FAB74), BN_DEF(0x3B2B4A6F, 0x4F182871),
+ BN_DEF(0xAB3BF4D5, 0xCAAC7223), BN_DEF(0x7E013723, 0xE48C86D3),
+ BN_DEF(0x6AF71C15, 0xC44D0017), BN_DEF(0xA40E366B, 0x2004A1C5),
+ BN_DEF(0x75C3CFC9, 0x1AC8237A), BN_DEF(0x8F67D134, 0xFD79B5E1),
+ BN_DEF(0xBF73A6B9, 0xD8EA885E), BN_DEF(0xAEF6BF50, 0xFCD5A40C),
+ BN_DEF(0x8423428E, 0xB2798E62), BN_DEF(0xD012AEE0, 0x22CBF44C),
+ BN_DEF(0x3A55B51B, 0xEF988770), BN_DEF(0x1FA27C16, 0x369509FC),
+ BN_DEF(0xD9D13C53, 0x03159E7A), BN_DEF(0xF6ADEE9D, 0x3CB41981),
+ BN_DEF(0xD16043F4, 0xFD4EA5BF), BN_DEF(0x17C1C2EE, 0xA5E5E443),
+ BN_DEF(0x36751835, 0x9A39FE32), BN_DEF(0x0D11F863, 0x89F5ABD4),
+ BN_DEF(0x5201BE03, 0x91111702), BN_DEF(0x7E42456C, 0xF1FEDC5F),
+ BN_DEF(0xF1CEB296, 0x11C78B65), BN_DEF(0x15F8E4BC, 0x1A11DA3A),
+ BN_DEF(0x2D727AB4, 0x1D55B1CE), BN_DEF(0xB5D21233, 0x92BB7B49),
+ BN_DEF(0xC57E23F6, 0x3A0FD3DF), BN_DEF(0x46CEE980, 0x1DE4195B),
+ BN_DEF(0x39DC98DD, 0x6C5F6268), BN_DEF(0x54996FC6, 0x1C3BBE5B),
+ BN_DEF(0x897F72F2, 0xBA51C937), BN_DEF(0x36DF08AC, 0x734A7C8F),
+ BN_DEF(0x85BA3A6B, 0x095F96AD), BN_DEF(0x1FA43077, 0x021F47B3),
+ BN_DEF(0xB71E0234, 0x1C3FF46B), BN_DEF(0x17794B19, 0x6D2B64F6),
+ BN_DEF(0xD189EAAE, 0x758CE658), BN_DEF(0xC50FDFF8, 0x7AA8551E),
+ BN_DEF(0xDBE2ED3B, 0x0350EAC5), BN_DEF(0x794DF194, 0x53CB8AF7),
+ BN_DEF(0x07C01BF0, 0x0A662F69), BN_DEF(0x5FA470EC, 0x6647B6BF),
+ BN_DEF(0x15A0AA55, 0xA5EA03D9), BN_DEF(0xFFAC2D62, 0x078EA2DB),
+ BN_DEF(0x1B66445F, 0x91D4BD3F), BN_DEF(0xDF63F479, 0x2CF3E4BF),
+ BN_DEF(0xC8058E4F, 0x5AD42018), BN_DEF(0xA34C0641, 0x6AAF3817),
+ BN_DEF(0x373A7F7B, 0xFA416BE7), BN_DEF(0xE8B90E81, 0x7819750A),
+ BN_DEF(0xE325C976, 0xACC1E500), BN_DEF(0x9BC6695F, 0x37DC7A00),
+ BN_DEF(0x95EBD7A1, 0x999028A8), BN_DEF(0xF36612A5, 0xEDBF8A23),
+ BN_DEF(0x676A5D8D, 0xA267365D), BN_DEF(0xE7CD8A76, 0x6D1F6DF5),
+ BN_DEF(0x432D448C, 0x8BCB93D8), BN_DEF(0xC813EC18, 0x583529F6),
+ BN_DEF(0xA09800D7, 0x72ED9C17), BN_DEF(0x56CF2987, 0xFC7FCA03),
+ BN_DEF(0x1EDD1BDE, 0x64BA8F3B), BN_DEF(0x3013236F, 0x60EA6E59),
+ BN_DEF(0x693E3813, 0x1B61FD5A), BN_DEF(0x9A014249, 0xA6FA1AE4),
+ BN_DEF(0x48536047, 0xC37FDBEE), BN_DEF(0x46C7EEE0, 0xC9DA754C),
+ BN_DEF(0xEAD82D54, 0x68034893), BN_DEF(0x10B8240E, 0xDC0DEEBB),
+ BN_DEF(0x67716BD7, 0x8FB094B8), BN_DEF(0x28ADF3F6, 0x119DD0C3),
+ BN_DEF(0xD04861D1, 0xCCD94B27), BN_DEF(0xA735E02E, 0x143E2CA3),
+ BN_DEF(0x0FDF6553, 0x97477E0A), BN_DEF(0x826F477C, 0x6DDDE16D),
+ BN_DEF(0x156A2674, 0x12C1F4E5), BN_DEF(0x5B0A85ED, 0x0D4A341A),
+ BN_DEF(0x357A711E, 0x4CE1938C), BN_DEF(0x5EDD2D93, 0xC438CD08),
+ BN_DEF(0x53C3F36B, 0x8D391E09), BN_DEF(0x54908400, 0x25C16890),
+ BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0),
+ BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB),
+ BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139),
+ BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913),
+ BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746),
+ BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB),
+ BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5),
+ BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D),
+ BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE),
+ BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8),
+ BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96),
+ BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604),
+ BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483),
+ BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91),
+ BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B),
+ BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328),
+ BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD),
+ BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174),
+ BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6),
+ BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9),
+ BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53),
+ BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145),
+ BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF),
+};
+
+
+
/* DH parameters from RFC5114 */
# if BN_BITS2 == 64
@@ -508,5 +990,17 @@ make_dh_bn(ffdhe4096_p)
make_dh_bn(ffdhe6144_p)
make_dh_bn(ffdhe8192_p)
+make_dh_bn(modp_1536_p)
+make_dh_bn(modp_1536_q)
+make_dh_bn(modp_2048_p)
+make_dh_bn(modp_2048_q)
+make_dh_bn(modp_3072_p)
+make_dh_bn(modp_3072_q)
+make_dh_bn(modp_4096_p)
+make_dh_bn(modp_4096_q)
+make_dh_bn(modp_6144_p)
+make_dh_bn(modp_6144_q)
+make_dh_bn(modp_8192_p)
+make_dh_bn(modp_8192_q)
#endif
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index e0805e7..261c8a1 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -351,6 +351,10 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
return 1;
}
+ /*
+ * Look for a safe prime group for key establishment. Which uses
+ * either RFC_3526 (modp_XXXX) or RFC_7919 (ffdheXXXX).
+ */
if (dctx->param_nid != 0) {
if ((dh = DH_new_by_nid(dctx->param_nid)) == NULL)
return 0;
diff --git a/crypto/dh/dh_rfc7919.c b/crypto/dh/dh_rfc7919.c
index 03d30a1..f339bd9 100644
--- a/crypto/dh/dh_rfc7919.c
+++ b/crypto/dh/dh_rfc7919.c
@@ -38,6 +38,18 @@ DH *DH_new_by_nid(int nid)
return dh_param_init(&_bignum_ffdhe6144_p, 375);
case NID_ffdhe8192:
return dh_param_init(&_bignum_ffdhe8192_p, 400);
+ case NID_modp_1536:
+ return dh_param_init(&_bignum_modp_1536_p, 175);
+ case NID_modp_2048:
+ return dh_param_init(&_bignum_modp_2048_p, 225);
+ case NID_modp_3072:
+ return dh_param_init(&_bignum_modp_3072_p, 275);
+ case NID_modp_4096:
+ return dh_param_init(&_bignum_modp_4096_p, 325);
+ case NID_modp_6144:
+ return dh_param_init(&_bignum_modp_6144_p, 375);
+ case NID_modp_8192:
+ return dh_param_init(&_bignum_modp_8192_p, 400);
default:
DHerr(DH_F_DH_NEW_BY_NID, DH_R_INVALID_PARAMETER_NID);
return NULL;
@@ -60,6 +72,18 @@ int DH_get_nid(const DH *dh)
nid = NID_ffdhe6144;
else if (!BN_cmp(dh->p, &_bignum_ffdhe8192_p))
nid = NID_ffdhe8192;
+ else if (!BN_cmp(dh->p, &_bignum_modp_1536_p))
+ nid = NID_modp_1536;
+ else if (!BN_cmp(dh->p, &_bignum_modp_2048_p))
+ nid = NID_modp_2048;
+ else if (!BN_cmp(dh->p, &_bignum_modp_3072_p))
+ nid = NID_modp_3072;
+ else if (!BN_cmp(dh->p, &_bignum_modp_4096_p))
+ nid = NID_modp_4096;
+ else if (!BN_cmp(dh->p, &_bignum_modp_6144_p))
+ nid = NID_modp_6144;
+ else if (!BN_cmp(dh->p, &_bignum_modp_8192_p))
+ nid = NID_modp_8192;
else
return NID_undef;
if (dh->q != NULL) {
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 12ca5ec..2fbd9a9 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */
};
-#define NUM_NID 1196
+#define NUM_NID 1202
static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2276,9 +2276,15 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]},
{"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]},
{"SSHKDF", "sshkdf", NID_sshkdf},
+ {"modp_1536", "modp_1536", NID_modp_1536},
+ {"modp_2048", "modp_2048", NID_modp_2048},
+ {"modp_3072", "modp_3072", NID_modp_3072},
+ {"modp_4096", "modp_4096", NID_modp_4096},
+ {"modp_6144", "modp_6144", NID_modp_6144},
+ {"modp_8192", "modp_8192", NID_modp_8192},
};
-#define NUM_SN 1187
+#define NUM_SN 1193
static const unsigned int sn_objs[NUM_SN] = {
364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */
@@ -3121,6 +3127,12 @@ static const unsigned int sn_objs[NUM_SN] = {
506, /* "mime-mhs-bodies" */
505, /* "mime-mhs-headings" */
488, /* "mobileTelephoneNumber" */
+ 1196, /* "modp_1536" */
+ 1197, /* "modp_2048" */
+ 1198, /* "modp_3072" */
+ 1199, /* "modp_4096" */
+ 1200, /* "modp_6144" */
+ 1201, /* "modp_8192" */
136, /* "msCTLSign" */
135, /* "msCodeCom" */
134, /* "msCodeInd" */
@@ -3469,7 +3481,7 @@ static const unsigned int sn_objs[NUM_SN] = {
1093, /* "x509ExtAdmission" */
};
-#define NUM_LN 1187
+#define NUM_LN 1193
static const unsigned int ln_objs[NUM_LN] = {
363, /* "AD Time Stamping" */
405, /* "ANSI X9.62" */
@@ -4305,6 +4317,12 @@ static const unsigned int ln_objs[NUM_LN] = {
506, /* "mime-mhs-bodies" */
505, /* "mime-mhs-headings" */
488, /* "mobileTelephoneNumber" */
+ 1196, /* "modp_1536" */
+ 1197, /* "modp_2048" */
+ 1198, /* "modp_3072" */
+ 1199, /* "modp_4096" */
+ 1200, /* "modp_6144" */
+ 1201, /* "modp_8192" */
481, /* "nSRecord" */
173, /* "name" */
681, /* "onBasis" */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index 231c183..7ee5912 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1193,3 +1193,9 @@ magma_mac 1192
hmacWithSHA512_224 1193
hmacWithSHA512_256 1194
sshkdf 1195
+modp_1536 1196
+modp_2048 1197
+modp_3072 1198
+modp_4096 1199
+modp_6144 1200
+modp_8192 1201
diff --git a/doc/man3/DH_new_by_nid.pod b/doc/man3/DH_new_by_nid.pod
index 73636c5..fcea642 100644
--- a/doc/man3/DH_new_by_nid.pod
+++ b/doc/man3/DH_new_by_nid.pod
@@ -14,7 +14,9 @@ DH_new_by_nid, DH_get_nid - get or find DH named parameters
DH_new_by_nid() creates and returns a DH structure containing named parameters
B<nid>. Currently B<nid> must be B<NID_ffdhe2048>, B<NID_ffdhe3072>,
-B<NID_ffdhe4096>, B<NID_ffdhe6144> or B<NID_ffdhe8192>.
+B<NID_ffdhe4096>, B<NID_ffdhe6144> or B<NID_ffdhe8192>,
+B<NID_modp_1536>, B<NID_modp_2048>, B<NID_modp_3072>,
+B<NID_modp_4096>, B<NID_modp_6144> or B<NID_modp_8192>.
DH_get_nid() determines if the parameters contained in B<dh> match
any named set. It returns the NID corresponding to the matching parameters or
diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
index e475316..9c695b9 100644
--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
+++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
@@ -294,10 +294,11 @@ The EVP_PKEY_CTX_set_dh_pad() macro sets the DH padding mode. If B<pad> is
If B<pad> is zero (the default) then no padding is performed.
EVP_PKEY_CTX_set_dh_nid() sets the DH parameters to values corresponding to
-B<nid> as defined in RFC7919. The B<nid> parameter must be B<NID_ffdhe2048>,
-B<NID_ffdhe3072>, B<NID_ffdhe4096>, B<NID_ffdhe6144>, B<NID_ffdhe8192>
-or B<NID_undef> to clear the stored value. This macro can be called during
-parameter or key generation.
+I<nid> as defined in RFC7919 or RFC3526. The I<nid> parameter must be
+B<NID_ffdhe2048>, B<NID_ffdhe3072>, B<NID_ffdhe4096>, B<NID_ffdhe6144>,
+B<NID_ffdhe8192>, B<NID_modp_1536>, B<NID_modp_2048>, B<NID_modp_3072>,
+B<NID_modp_4096>, B<NID_modp_6144>, B<NID_modp_8192> or B<NID_undef> to clear
+the stored value. This function can be called during parameter or key generation.
The nid parameter and the rfc5114 parameter are mutually exclusive.
The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are
diff --git a/include/crypto/bn_dh.h b/include/crypto/bn_dh.h
index 70ebca2..5cb83d0 100644
--- a/include/crypto/bn_dh.h
+++ b/include/crypto/bn_dh.h
@@ -22,3 +22,10 @@ extern const BIGNUM _bignum_ffdhe4096_p;
extern const BIGNUM _bignum_ffdhe6144_p;
extern const BIGNUM _bignum_ffdhe8192_p;
extern const BIGNUM _bignum_const_2;
+
+extern const BIGNUM _bignum_modp_1536_p;
+extern const BIGNUM _bignum_modp_2048_p;
+extern const BIGNUM _bignum_modp_3072_p;
+extern const BIGNUM _bignum_modp_4096_p;
+extern const BIGNUM _bignum_modp_6144_p;
+extern const BIGNUM _bignum_modp_8192_p;
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index 4616eaf..cfaedf5 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -5103,6 +5103,24 @@
#define SN_ffdhe8192 "ffdhe8192"
#define NID_ffdhe8192 1130
+#define SN_modp_1536 "modp_1536"
+#define NID_modp_1536 1196
+
+#define SN_modp_2048 "modp_2048"
+#define NID_modp_2048 1197
+
+#define SN_modp_3072 "modp_3072"
+#define NID_modp_3072 1198
+
+#define SN_modp_4096 "modp_4096"
+#define NID_modp_4096 1199
+
+#define SN_modp_6144 "modp_6144"
+#define NID_modp_6144 1200
+
+#define SN_modp_8192 "modp_8192"
+#define NID_modp_8192 1201
+
#define SN_ISO_UA "ISO-UA"
#define NID_ISO_UA 1150
#define OBJ_ISO_UA OBJ_member_body,804L

82
openssl-fips-DH_selftest_shared_secret_KAT.patch Normal file
View File

@ -0,0 +1,82 @@
Index: openssl-1.1.1d/crypto/fips/fips_dh_selftest.c
===================================================================
--- openssl-1.1.1d.orig/crypto/fips/fips_dh_selftest.c 2020-09-08 20:40:41.313074570 +0200
+++ openssl-1.1.1d/crypto/fips/fips_dh_selftest.c 2020-09-08 20:41:05.337219024 +0200
@@ -119,6 +119,41 @@ static const unsigned char dh_test_2048_
0xEC, 0x55, 0xF6, 0xCC
};
+static const unsigned char dh_test_2048_shared_secret[] = {
+ 0x62, 0x68, 0x15, 0xbd, 0xc4, 0x9a, 0x3c, 0xfc,
+ 0xda, 0x5d, 0xc5, 0x81, 0xc9, 0xe7, 0x1b, 0xbb,
+ 0x94, 0x19, 0xb0, 0x5d, 0x95, 0xc3, 0x98, 0xd0,
+ 0xc6, 0x8b, 0x05, 0x34, 0xa5, 0xe2, 0xe4, 0xa8,
+ 0x7c, 0x4b, 0x7c, 0x41, 0xf9, 0x6d, 0xc1, 0xcc,
+ 0x6e, 0xb6, 0x34, 0xe1, 0x71, 0xc3, 0x00, 0x03,
+ 0x06, 0x08, 0x1d, 0x90, 0x88, 0x3c, 0x5d, 0x14,
+ 0x2d, 0x56, 0xac, 0x78, 0x83, 0xd6, 0xe9, 0x7c,
+ 0x6c, 0x34, 0xdf, 0xe0, 0x98, 0x14, 0xaa, 0xbe,
+ 0x3b, 0x83, 0xc5, 0xd1, 0xac, 0xec, 0xa6, 0x0b,
+ 0xc1, 0x94, 0x8d, 0x42, 0x3f, 0xb8, 0x63, 0xef,
+ 0xb1, 0x1b, 0x60, 0x4f, 0xfa, 0xfa, 0xbb, 0x57,
+ 0x28, 0x27, 0x4d, 0x78, 0xa4, 0x3d, 0x7a, 0xd8,
+ 0xab, 0x2e, 0x7d, 0x8b, 0xd3, 0xa9, 0x78, 0x74,
+ 0xfe, 0x3a, 0x08, 0x5f, 0xe3, 0xf5, 0x5a, 0xfa,
+ 0xa6, 0x93, 0x67, 0xea, 0xae, 0x5e, 0xd6, 0xc5,
+ 0xa1, 0xab, 0x0a, 0x1e, 0x78, 0xe7, 0xdd, 0xbc,
+ 0xae, 0xb7, 0x3e, 0x7d, 0x8b, 0xd8, 0x66, 0x92,
+ 0x38, 0x1b, 0x96, 0xeb, 0xcb, 0xcb, 0x6a, 0xcc,
+ 0xd8, 0x42, 0x80, 0x66, 0xa9, 0xa2, 0x75, 0xeb,
+ 0xe4, 0x79, 0x11, 0x7a, 0xca, 0x84, 0x77, 0x7a,
+ 0xe6, 0xe2, 0x13, 0xb1, 0x90, 0xd3, 0x0f, 0x87,
+ 0x2a, 0x0f, 0xf5, 0x17, 0x61, 0x15, 0x05, 0x31,
+ 0x5f, 0xdf, 0xb4, 0x8e, 0xf3, 0x21, 0x27, 0x6a,
+ 0x69, 0xdc, 0x52, 0x79, 0x64, 0x51, 0x1f, 0xc0,
+ 0xed, 0x55, 0x57, 0xd9, 0x5c, 0x6f, 0xdb, 0xaa,
+ 0x08, 0x44, 0xb9, 0x71, 0x71, 0x15, 0x27, 0xe8,
+ 0xe9, 0x42, 0x78, 0xc1, 0xc4, 0xc0, 0xbd, 0x28,
+ 0x23, 0xa1, 0x30, 0x57, 0xf0, 0x2e, 0x24, 0xf0,
+ 0x34, 0x17, 0x97, 0x1c, 0x4c, 0x2a, 0x98, 0x76,
+ 0x3d, 0x50, 0x7f, 0x32, 0xa2, 0x25, 0x94, 0x9e,
+ 0x1e, 0xbc, 0x97, 0x96, 0xd6, 0x14, 0x61, 0x5b
+};
+
int FIPS_selftest_dh()
{
DH *dh = NULL;
@@ -127,6 +162,7 @@ int FIPS_selftest_dh()
int len;
BIGNUM *p = NULL, *g = NULL, *priv_key = NULL, *tmp_pub_key = NULL;
const BIGNUM *pub_key;
+ unsigned char *shared_secret = NULL;
fips_load_key_component(p, dh_test_2048);
fips_load_key_component(g, dh_test_2048);
@@ -162,6 +198,19 @@ int FIPS_selftest_dh()
memcmp(pub_key_bin, dh_test_2048_pub_key, len) != 0)
goto err;
+ /* Shared secret KAT test */
+ len = DH_size(dh);
+ if ((shared_secret = OPENSSL_malloc(len)) == NULL)
+ goto err;
+
+ if ((len = DH_compute_key(shared_secret, pub_key, dh)) == -1)
+ goto err;
+
+ if (len != sizeof(dh_test_2048_shared_secret) ||
+ (memcmp(shared_secret, dh_test_2048_shared_secret, len) != 0)) {
+ goto err;
+ }
+
ret = 1;
err:
@@ -175,6 +224,7 @@ int FIPS_selftest_dh()
}
OPENSSL_free(pub_key_bin);
+ OPENSSL_free(shared_secret);
return ret;
}
#endif

14
openssl-fips-dont_run_FIPS_module_installed.patch
View File

@ -1,14 +0,0 @@
Index: openssl-1.1.1d/crypto/o_init.c
===================================================================
--- openssl-1.1.1d.orig/crypto/o_init.c 2020-01-23 13:45:11.336633643 +0100
+++ openssl-1.1.1d/crypto/o_init.c 2020-01-23 13:45:21.316692954 +0100
@@ -63,9 +63,6 @@ void __attribute__ ((constructor)) OPENS
if (done)
return;
done = 1;
- if (!FIPS_module_installed()) {
- return;
- }
init_fips_mode();
}
#endif

103
openssl-fips-kdf-hkdf-selftest.patch Normal file
View File

@ -0,0 +1,103 @@
Index: openssl-1.1.1m/crypto/fips/fips_err.h
===================================================================
--- openssl-1.1.1m.orig/crypto/fips/fips_err.h
+++ openssl-1.1.1m/crypto/fips/fips_err.h
@@ -114,6 +114,7 @@ static ERR_STRING_DATA FIPS_str_functs[]
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_PBKDF2), "FIPS_selftest_pbkdf2"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_TLS), "FIPS_selftest_tls"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SSH), "FIPS_selftest_ssh"},
+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_HKDF), "FIPS_selftest_hkdf"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA2), "FIPS_selftest_sha2"},
{ERR_FUNC(FIPS_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"},
Index: openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
===================================================================
--- openssl-1.1.1m.orig/crypto/fips/fips_kdf_selftest.c
+++ openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
@@ -16,6 +16,49 @@
#include <openssl/kdf.h>
#ifdef OPENSSL_FIPS
+
+int FIPS_selftest_hkdf(void)
+{
+ int ret = 0;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[10];
+
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF)) == NULL) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO,
+ "label", (size_t)5) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+ goto err;
+ }
+
+ {
+ const unsigned char expected[sizeof(out)] = {
+ 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
+ };
+ if (memcmp(out, expected, sizeof(expected))) {
+ goto err;
+ }
+ }
+ ret = 1;
+err:
+ if (!ret)
+ FIPSerr(FIPS_F_FIPS_SELFTEST_HKDF, FIPS_R_SELFTEST_FAILED);
+ EVP_KDF_CTX_free(kctx);
+ return ret;
+}
+
int FIPS_selftest_pbkdf2(void)
{
int ret = 0;
Index: openssl-1.1.1m/crypto/fips/fips_post.c
===================================================================
--- openssl-1.1.1m.orig/crypto/fips/fips_post.c
+++ openssl-1.1.1m/crypto/fips/fips_post.c
@@ -110,6 +110,8 @@ int FIPS_selftest(void)
rv = 0;
if (!FIPS_selftest_ssh())
rv = 0;
+ if (!FIPS_selftest_hkdf())
+ rv = 0;
return rv;
}
Index: openssl-1.1.1m/include/openssl/fips.h
===================================================================
--- openssl-1.1.1m.orig/include/openssl/fips.h
+++ openssl-1.1.1m/include/openssl/fips.h
@@ -127,6 +127,7 @@ extern "C" {
# define FIPS_F_FIPS_SELFTEST_PBKDF2 152
# define FIPS_F_FIPS_SELFTEST_TLS 153
# define FIPS_F_FIPS_SELFTEST_SSH 154
+# define FIPS_F_FIPS_SELFTEST_HKDF 155
# define FIPS_F_FIPS_SELFTEST_SHA1 115
# define FIPS_F_FIPS_SELFTEST_SHA2 105
# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143
Index: openssl-1.1.1m/include/crypto/fips_int.h
===================================================================
--- openssl-1.1.1m.orig/include/crypto/fips_int.h
+++ openssl-1.1.1m/include/crypto/fips_int.h
@@ -79,6 +79,7 @@ int FIPS_selftest_cmac(void);
int FIPS_selftest_pbkdf2(void);
int FIPS_selftest_tls(void);
int FIPS_selftest_ssh(void);
+int FIPS_selftest_hkdf(void);
int fips_in_post(void);

27
openssl-fips_fix_selftests_return_value.patch
View File

@ -1,27 +0,0 @@
Index: openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c
===================================================================
--- openssl-1.1.1d.orig/crypto/fips/fips_dsa_selftest.c 2020-02-17 10:40:18.006796026 +0100
+++ openssl-1.1.1d/crypto/fips/fips_dsa_selftest.c 2020-02-17 10:40:18.946801354 +0100
@@ -150,7 +150,7 @@ int FIPS_selftest_dsa()
{
DSA *dsa = NULL;
EVP_PKEY *pk = NULL;
- int ret = -1;
+ int ret = 0;
BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL;
fips_load_key_component(p, dsa_test_2048);
Index: openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c
===================================================================
--- openssl-1.1.1d.orig/crypto/fips/fips_ecdh_selftest.c 2020-02-17 10:40:18.006796026 +0100
+++ openssl-1.1.1d/crypto/fips/fips_ecdh_selftest.c 2020-02-17 10:40:18.950801378 +0100
@@ -221,6 +221,9 @@ int FIPS_selftest_ecdh(void)
}
err:
+ if (rv == -1) {
+ rv = 0;
+ }
if (x)
BN_clear_free(x);

131
openssl-kdf-selftest.patch Normal file
View File

@ -0,0 +1,131 @@
Index: openssl-1.1.1m/crypto/fips/build.info
===================================================================
--- openssl-1.1.1m.orig/crypto/fips/build.info
+++ openssl-1.1.1m/crypto/fips/build.info
@@ -5,7 +5,7 @@ SOURCE[../../libcrypto]=\
fips_post.c drbgtest.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
- fips_dh_selftest.c fips_ers.c
+ fips_dh_selftest.c fips_kdf_selftest.c fips_ers.c
PROGRAMS=\
fips_standalone_hmac
Index: openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
===================================================================
--- /dev/null
+++ openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+
+#ifdef OPENSSL_FIPS
+int FIPS_selftest_pbkdf2(void)
+{
+ int ret = 0;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[32];
+
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
+ goto err;
+ }
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
+ goto err;
+ }
+
+ {
+ const unsigned char expected[sizeof(out)] = {
+ 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
+ 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
+ 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
+ 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
+ };
+ if (memcmp(out, expected, sizeof(expected))) {
+ goto err;
+ }
+ }
+ ret = 1;
+
+err:
+ if (!ret)
+ FIPSerr(FIPS_F_FIPS_SELFTEST_PBKDF2, FIPS_R_SELFTEST_FAILED);
+ EVP_KDF_CTX_free(kctx);
+ return ret;
+}
+
+#endif
Index: openssl-1.1.1m/crypto/fips/fips_post.c
===================================================================
--- openssl-1.1.1m.orig/crypto/fips/fips_post.c
+++ openssl-1.1.1m/crypto/fips/fips_post.c
@@ -104,6 +104,8 @@ int FIPS_selftest(void)
rv = 0;
if (!FIPS_selftest_ecdh())
rv = 0;
+ if (!FIPS_selftest_pbkdf2())
+ rv = 0;
return rv;
}
Index: openssl-1.1.1m/include/crypto/fips_int.h
===================================================================
--- openssl-1.1.1m.orig/include/crypto/fips_int.h
+++ openssl-1.1.1m/include/crypto/fips_int.h
@@ -76,6 +76,7 @@ void FIPS_drbg_stick(int onoff);
int FIPS_selftest_hmac(void);
int FIPS_selftest_drbg(void);
int FIPS_selftest_cmac(void);
+int FIPS_selftest_pbkdf2(void);
int fips_in_post(void);
Index: openssl-1.1.1m/include/openssl/fips.h
===================================================================
--- openssl-1.1.1m.orig/include/openssl/fips.h
+++ openssl-1.1.1m/include/openssl/fips.h
@@ -124,6 +124,7 @@ extern "C" {
# define FIPS_F_FIPS_SELFTEST_DSA 112
# define FIPS_F_FIPS_SELFTEST_ECDSA 133
# define FIPS_F_FIPS_SELFTEST_HMAC 113
+# define FIPS_F_FIPS_SELFTEST_PBKDF2 152
# define FIPS_F_FIPS_SELFTEST_SHA1 115
# define FIPS_F_FIPS_SELFTEST_SHA2 105
# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143
Index: openssl-1.1.1m/crypto/fips/fips_err.h
===================================================================
--- openssl-1.1.1m.orig/crypto/fips/fips_err.h
+++ openssl-1.1.1m/crypto/fips/fips_err.h
@@ -111,6 +111,7 @@ static ERR_STRING_DATA FIPS_str_functs[]
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_ECDSA), "FIPS_selftest_ecdsa"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"},
+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_PBKDF2), "FIPS_selftest_pbkdf2"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA2), "FIPS_selftest_sha2"},
{ERR_FUNC(FIPS_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"},

122
openssl-kdf-ssh-selftest.patch Normal file
View File

@ -0,0 +1,122 @@
Index: openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
===================================================================
--- openssl-1.1.1m.orig/crypto/fips/fips_kdf_selftest.c
+++ openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
@@ -101,4 +101,68 @@ err:
return ret;
}
+int FIPS_selftest_ssh(void)
+{
+ int ret = 0;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[8];
+
+ /* Test data from NIST CAVS 14.1 test vectors */
+ const unsigned char key[] = {
+ 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
+ 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
+ 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
+ 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
+ 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
+ 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
+ 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
+ 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
+ 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
+ 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
+ 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
+ 0x4e
+ };
+ const unsigned char xcghash[] = {
+ 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
+ 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
+ 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
+ };
+ const unsigned char sessid[] = {
+ 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
+ 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
+ 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
+ };
+ const unsigned char expected[sizeof(out)] = {
+ 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
+ };
+
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF)) == NULL)
+ goto err;
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0)
+ goto err;
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, key, sizeof(key)) <= 0)
+ goto err;
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, xcghash,
+ sizeof(xcghash)) <= 0)
+ goto err;
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, sessid,
+ sizeof(sessid)) <= 0)
+ goto err;
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE,
+ (int)EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV) <= 0)
+ goto err;
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
+ goto err;
+ if (memcmp(out, expected, sizeof(expected)))
+ goto err;
+
+ ret = 1;
+
+ err:
+ if (!ret)
+ FIPSerr(FIPS_F_FIPS_SELFTEST_SSH, FIPS_R_SELFTEST_FAILED);
+ EVP_KDF_CTX_free(kctx);
+ return ret;
+}
+
#endif
Index: openssl-1.1.1m/crypto/fips/fips_post.c
===================================================================
--- openssl-1.1.1m.orig/crypto/fips/fips_post.c
+++ openssl-1.1.1m/crypto/fips/fips_post.c
@@ -108,6 +108,8 @@ int FIPS_selftest(void)
rv = 0;
if (!FIPS_selftest_tls())
rv = 0;
+ if (!FIPS_selftest_ssh())
+ rv = 0;
return rv;
}
Index: openssl-1.1.1m/include/crypto/fips_int.h
===================================================================
--- openssl-1.1.1m.orig/include/crypto/fips_int.h
+++ openssl-1.1.1m/include/crypto/fips_int.h
@@ -78,6 +78,7 @@ int FIPS_selftest_drbg(void);
int FIPS_selftest_cmac(void);
int FIPS_selftest_pbkdf2(void);
int FIPS_selftest_tls(void);
+int FIPS_selftest_ssh(void);
int fips_in_post(void);
Index: openssl-1.1.1m/include/openssl/fips.h
===================================================================
--- openssl-1.1.1m.orig/include/openssl/fips.h
+++ openssl-1.1.1m/include/openssl/fips.h
@@ -126,6 +126,7 @@ extern "C" {
# define FIPS_F_FIPS_SELFTEST_HMAC 113
# define FIPS_F_FIPS_SELFTEST_PBKDF2 152
# define FIPS_F_FIPS_SELFTEST_TLS 153
+# define FIPS_F_FIPS_SELFTEST_SSH 154
# define FIPS_F_FIPS_SELFTEST_SHA1 115
# define FIPS_F_FIPS_SELFTEST_SHA2 105
# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143
Index: openssl-1.1.1m/crypto/fips/fips_err.h
===================================================================
--- openssl-1.1.1m.orig/crypto/fips/fips_err.h
+++ openssl-1.1.1m/crypto/fips/fips_err.h
@@ -113,6 +113,7 @@ static ERR_STRING_DATA FIPS_str_functs[]
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_PBKDF2), "FIPS_selftest_pbkdf2"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_TLS), "FIPS_selftest_tls"},
+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SSH), "FIPS_selftest_ssh"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA2), "FIPS_selftest_sha2"},
{ERR_FUNC(FIPS_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"},

99
openssl-kdf-tls-selftest.patch Normal file
View File

@ -0,0 +1,99 @@
Index: openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
===================================================================
--- openssl-1.1.1m.orig/crypto/fips/fips_kdf_selftest.c
+++ openssl-1.1.1m/crypto/fips/fips_kdf_selftest.c
@@ -61,4 +61,44 @@ err:
return ret;
}
+int FIPS_selftest_tls(void)
+{
+ int ret = 0;
+ EVP_KDF_CTX *kctx;
+ unsigned char out[16];
+
+ if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF)) == NULL)
+ goto err;
+
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0)
+ goto err;
+
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET,
+ "secret", (size_t)6) <= 0)
+ goto err;
+
+ if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed", (size_t)4) <= 0)
+ goto err;
+
+ if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
+ goto err;
+
+ {
+ const unsigned char expected[sizeof(out)] = {
+ 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
+ 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
+ };
+ if (memcmp(out, expected, sizeof(expected))) {
+ goto err;
+ }
+ }
+ ret = 1;
+
+err:
+ if (!ret)
+ FIPSerr(FIPS_F_FIPS_SELFTEST_TLS, FIPS_R_SELFTEST_FAILED);
+ EVP_KDF_CTX_free(kctx);
+ return ret;
+}
+
#endif
Index: openssl-1.1.1m/crypto/fips/fips_post.c
===================================================================
--- openssl-1.1.1m.orig/crypto/fips/fips_post.c
+++ openssl-1.1.1m/crypto/fips/fips_post.c
@@ -106,6 +106,9 @@ int FIPS_selftest(void)
rv = 0;
if (!FIPS_selftest_pbkdf2())
rv = 0;
+ if (!FIPS_selftest_tls())
+ rv = 0;
+
return rv;
}
Index: openssl-1.1.1m/include/crypto/fips_int.h
===================================================================
--- openssl-1.1.1m.orig/include/crypto/fips_int.h
+++ openssl-1.1.1m/include/crypto/fips_int.h
@@ -77,6 +77,7 @@ int FIPS_selftest_hmac(void);
int FIPS_selftest_drbg(void);
int FIPS_selftest_cmac(void);
int FIPS_selftest_pbkdf2(void);
+int FIPS_selftest_tls(void);
int fips_in_post(void);
Index: openssl-1.1.1m/include/openssl/fips.h
===================================================================
--- openssl-1.1.1m.orig/include/openssl/fips.h
+++ openssl-1.1.1m/include/openssl/fips.h
@@ -125,6 +125,7 @@ extern "C" {
# define FIPS_F_FIPS_SELFTEST_ECDSA 133
# define FIPS_F_FIPS_SELFTEST_HMAC 113
# define FIPS_F_FIPS_SELFTEST_PBKDF2 152
+# define FIPS_F_FIPS_SELFTEST_TLS 153
# define FIPS_F_FIPS_SELFTEST_SHA1 115
# define FIPS_F_FIPS_SELFTEST_SHA2 105
# define FIPS_F_OSSL_ECDSA_SIGN_SIG 143
Index: openssl-1.1.1m/crypto/fips/fips_err.h
===================================================================
--- openssl-1.1.1m.orig/crypto/fips/fips_err.h
+++ openssl-1.1.1m/crypto/fips/fips_err.h
@@ -112,6 +112,7 @@ static ERR_STRING_DATA FIPS_str_functs[]
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_ECDSA), "FIPS_selftest_ecdsa"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_PBKDF2), "FIPS_selftest_pbkdf2"},
+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_TLS), "FIPS_selftest_tls"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA2), "FIPS_selftest_sha2"},
{ERR_FUNC(FIPS_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"},

13
openssl-no-date.patch Normal file
View File

@ -0,0 +1,13 @@
Index: openssl-1.1.1-pre1/util/mkbuildinf.pl
===================================================================
--- openssl-1.1.1-pre1.orig/util/mkbuildinf.pl 2018-02-13 16:31:28.011389734 +0100
+++ openssl-1.1.1-pre1/util/mkbuildinf.pl 2018-02-13 16:31:51.539764582 +0100
@@ -28,7 +28,7 @@ print <<"END_OUTPUT";
*/
#define PLATFORM "platform: $platform"
-#define DATE "built on: $date"
+#define DATE ""
/*
* Generate compiler_flags as an array of individual characters. This is a

492
openssl-s_client-check-ocsp-status.patch Normal file
View File

@ -0,0 +1,492 @@
commit c43f598838acaf3b98df4fce4b6babb663d2f902
Author: Otto Hollmann <otto.hollmann@suse.com>
Date: Fri Jun 30 11:15:30 2023 +0200
Add OCSP_RESPONSE_check_status(), a function to check OCSP response for revoked certificate in s_client.
---
apps/s_client.c | 10 +
crypto/ocsp/ocsp_vfy.c | 31 +++++
doc/man3/OCSP_response_status.pod | 15 ++
include/openssl/ocsp.h | 1
test/recipes/80-test_ocsp_check.t | 90 +++++++++++++++++
test/recipes/80-test_ocsp_check_data/ca.pem | 19 +++
test/recipes/80-test_ocsp_check_data/index-revoked.txt | 2
test/recipes/80-test_ocsp_check_data/index-valid.txt | 2
test/recipes/80-test_ocsp_check_data/ocsp.key | 28 +++++
test/recipes/80-test_ocsp_check_data/ocsp.pem | 75 ++++++++++++++
test/recipes/80-test_ocsp_check_data/server.key | 28 +++++
test/recipes/80-test_ocsp_check_data/server.pem | 75 ++++++++++++++
util/libcrypto.num | 1
13 files changed, 372 insertions(+), 5 deletions(-)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -3390,7 +3390,7 @@ static void print_stuff(BIO *bio, SSL *s
static int ocsp_resp_cb(SSL *s, void *arg)
{
const unsigned char *p;
- int len;
+ int len, ret;
OCSP_RESPONSE *rsp;
len = SSL_get_tlsext_status_ocsp_resp(s, &p);
BIO_puts(arg, "OCSP response: ");
@@ -3407,8 +3407,14 @@ static int ocsp_resp_cb(SSL *s, void *ar
BIO_puts(arg, "\n======================================\n");
OCSP_RESPONSE_print(arg, rsp, 0);
BIO_puts(arg, "======================================\n");
+ ret = OCSP_RESPONSE_check_status(rsp);
OCSP_RESPONSE_free(rsp);
- return 1;
+ if (ret <= -1) {
+ BIO_puts(arg, "unable to verify OCSP response\n");
+ } else if (ret == 0) {
+ BIO_puts(arg, "revoked certificate found in OCSP response\n");
+ }
+ return ret;
}
# endif
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -433,3 +433,34 @@ static int ocsp_req_find_signer(X509 **p
}
return 0;
}
+
+/*
+ * Check an OCSP response for revoked certificate. Return a negative value on
+ * error; 0 if the response is not acceptable (in which case the handshake
+ * will fail) or a positive value if it is acceptable (no revoked certificate
+ * is found).
+ */
+
+int OCSP_RESPONSE_check_status(OCSP_RESPONSE *o)
+{
+ int i;
+ OCSP_BASICRESP *br = NULL;
+ OCSP_RESPDATA *rd = NULL;
+ OCSP_SINGLERESP *single = NULL;
+ OCSP_RESPBYTES *rb = o->responseBytes;
+ if (rb == NULL)
+ return -1;
+ if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic)
+ return -1;
+ if ((br = OCSP_response_get1_basic(o)) == NULL)
+ return -1;
+ rd = &br->tbsResponseData;
+ for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) {
+ if (!sk_OCSP_SINGLERESP_value(rd->responses, i))
+ continue;
+ single = sk_OCSP_SINGLERESP_value(rd->responses, i);
+ if (single->certStatus->type == V_OCSP_CERTSTATUS_REVOKED)
+ return 0;
+ }
+ return 1;
+}
--- a/doc/man3/OCSP_response_status.pod
+++ b/doc/man3/OCSP_response_status.pod
@@ -2,8 +2,8 @@
=head1 NAME
-OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create,
-OCSP_RESPONSE_free, OCSP_RESPID_set_by_name,
+OCSP_response_status, OCSP_RESPONSE_check_status, OCSP_response_get1_basic,
+OCSP_response_create, OCSP_RESPONSE_free, OCSP_RESPID_set_by_name,
OCSP_RESPID_set_by_key, OCSP_RESPID_match,
OCSP_basic_sign, OCSP_basic_sign_ctx - OCSP response functions
@@ -12,6 +12,7 @@ OCSP_basic_sign, OCSP_basic_sign_ctx - O
#include <openssl/ocsp.h>
int OCSP_response_status(OCSP_RESPONSE *resp);
+ int OCSP_RESPONSE_check_status(OCSP_RESPONSE *resp);
OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
void OCSP_RESPONSE_free(OCSP_RESPONSE *resp);
@@ -34,6 +35,10 @@ B<OCSP_RESPONSE_STATUS_MALFORMEDREQUEST>
B<OCSP_RESPONSE_STATUS_INTERNALERROR>, B<OCSP_RESPONSE_STATUS_TRYLATER>
B<OCSP_RESPONSE_STATUS_SIGREQUIRED>, or B<OCSP_RESPONSE_STATUS_UNAUTHORIZED>.
+OCSP_RESPONSE_check_status() check status of the OCSP response I<resp>. It
+returns a negative value on error; 0 if the response is not acceptable
+(e.g. contains revoked certificate) or a positive value if it is acceptable.
+
OCSP_response_get1_basic() decodes and returns the B<OCSP_BASICRESP> structure
contained in B<resp>.
@@ -65,7 +70,11 @@ uses the parameters contained in digest
=head1 RETURN VALUES
-OCSP_RESPONSE_status() returns a status value.
+OCSP_response_status() returns a status value.
+
+OCSP_RESPONSE_check_status() returns a result of check - negative value on
+error; 0 if the response is not acceptable; positive value if response is
+acceptable.
OCSP_response_get1_basic() returns an B<OCSP_BASICRESP> structure pointer or
B<NULL> if an error occurred.
--- a/include/openssl/ocsp.h
+++ b/include/openssl/ocsp.h
@@ -340,6 +340,7 @@ const char *OCSP_crl_reason_str(long s);
int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags);
int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags);
+int OCSP_RESPONSE_check_status(OCSP_RESPONSE *o);
int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
X509_STORE *st, unsigned long flags);
--- /dev/null
+++ b/test/recipes/80-test_ocsp_check.t
@@ -0,0 +1,90 @@
+#! /usr/bin/env perl
+# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use IPC::Open2;
+use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_file/;
+use OpenSSL::Test::Utils;
+
+setup("test_ocsp_check");
+
+plan tests => 2;
+
+my $shlib_wrap = bldtop_file("util", "shlib_wrap.sh");
+my $apps_openssl = bldtop_file("apps", "openssl");
+my $ca = srctop_file("test", "recipes", "80-test_ocsp_check_data", "ca.pem");
+my $ca_key = srctop_file("test", "recipes", "80-test_ocsp_check_data", "ca.key");
+my $ocsp = srctop_file("test", "recipes", "80-test_ocsp_check_data", "ocsp.pem");
+my $ocsp_key = srctop_file("test", "recipes", "80-test_ocsp_check_data", "ocsp.key");
+my $server = srctop_file("test", "recipes", "80-test_ocsp_check_data", "server.pem");
+my $server_key = srctop_file("test", "recipes", "80-test_ocsp_check_data", "server.key");
+my $index;
+my $ocsp_port = 9999;
+my $https_port = 8443;
+# 20 July 2023 so we don't get certificate expiry errors.
+my @check_time=("-attime", "1689811200");
+
+sub run_test {
+ my $id = shift;
+ my $connect_good = 0;
+
+ if ($id == 0) {
+ $index = srctop_file("test", "recipes", "80-test_ocsp_check_data", "index-valid.txt");
+ }
+ if ($id == 1) {
+ $index = srctop_file("test", "recipes", "80-test_ocsp_check_data", "index-revoked.txt");
+ }
+ # OCSP responder
+ my @o_cmd = ("ocsp", "-index", $index, "-port", "$ocsp_port", "-rsigner", $ocsp, "-rkey", $ocsp_key, "-CA", $ca, "-nrequest", "1", @check_time);
+ # server
+ my @s_cmd = ("s_server", "-www", "-status_url", "http://127.0.0.1:$ocsp_port", "-accept", "$https_port", "-cert", $server, "-key", $server_key, "-state", "-CAfile", $ca, "-naccept", "1", @check_time);
+ # client
+ my @c_cmd = ("s_client", "-connect", ":$https_port", "-CAfile", $ca, "-status", "-verify_return_error", "-strict", @check_time);
+
+ # Run the OCSP responder
+ my $o_pid = open2(my $o_out, my $o_in, $shlib_wrap, $apps_openssl, @o_cmd);
+
+ # Start up the server
+ my $s_pid = open2(my $s_out, my $s_in, $shlib_wrap, $apps_openssl, @s_cmd);
+ while (<$s_out>) {
+ chomp;
+ if (/^ACCEPT$/) {
+ print "Server ready\n";
+ last;
+ }
+ }
+
+ # Start up the client
+ my $c_pid = open2(my $c_out, my $c_in, $shlib_wrap, $apps_openssl, @c_cmd);
+ if ($id == 0) {
+ # Do the "GET", which will cause the client to finish
+ print $c_in "GET /\r\n";
+ }
+
+ waitpid($c_pid, 0);
+ waitpid($s_pid, 0);
+ waitpid($o_pid, 0);
+
+ # Check the client output
+ while (<$c_out>) {
+ chomp;
+ if ($id == 0) {
+ $connect_good = 1 if /^Content-type: text/;
+ }
+ if ($id == 1) {
+ $connect_good = 1 if /^revoked certificate found in OCSP response/;
+ }
+ }
+ print STDERR "Connection failed\n" if ! ok($connect_good);
+}
+
+for my $index (0..1) {
+ run_test($index)
+}
\ No newline at end of file
--- /dev/null
+++ b/test/recipes/80-test_ocsp_check_data/ca.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBTCCAe2gAwIBAgIUZot4eag1ZaofYsMIB7HIzq8+zGEwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMzA3MTIwOTI5NDdaFw0zMzA3MDkw
+OTI5NDdaMBIxEDAOBgNVBAMMB1Jvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDRRSlP0gUVVlzMkEtVzX95n5lM+P36lyNgevKqY1Dl3ygPAzaq
+HRUBsgcxdDwWwMPO2u5UJOWaQ80nwFGROwX8WrRoBTvsUZ+URyXx98tHrhnD6wI9
+v30xYGN0RU2Ef2XnMvThhKRQVZJJWAHFPWZdPes0/g3H4FGJudOQJUHpiDD1UEF+
+cWxyujhVbvBFCX+mBS+r/tn75axjsUqmbxwCE7TK3CD0JdvlLUYxtybvozYoONot
+/mFleCMmPaTzPHan+iXNHp4Tn+3Ssndo3uiTr0pEbGgSOy2PppbZmv0ml0+CSLN4
+G8VaBBf7VTMayowEmmDgTpsOTi9tJqW2CcGzAgMBAAGjUzBRMB0GA1UdDgQWBBRj
+L87V9mqTdWYMCNNBb6Hay7OwPjAfBgNVHSMEGDAWgBRjL87V9mqTdWYMCNNBb6Ha
+y7OwPjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC09qzufLI/
+AoBscY8e9Q4pRhzeVVAKQ6yAZiO2O0o3trI5xKqD3iD0pOC7Mbfg0e0lneK6ovpd
+J178HwF4PMdiwvPH0KkAf0DaB96nC6U6oGQmItq8668jeVBjat0UCP3xiLmLhhAl
+mnnsgFC1eALmpWQPVlixUaXF4ri3R0QBUcc2kIV5zr1P3LJVboMSgCZULvrlfQLC
+kA0GdCCf6h08AFHRaIW8EE3I1IHNZc7eQcmnCLewHU5cPAYJ69GjhblSLS8kbpXK
+k7BllPLkk99zc/94okTasTjUkmha3RhRqMNL8jrYVc1m7H4U+4XUyh1y4C4Nmz18
+fBbrMxN2SCXM
+-----END CERTIFICATE-----
--- /dev/null
+++ b/test/recipes/80-test_ocsp_check_data/index-revoked.txt
@@ -0,0 +1,2 @@
+V 240711093229Z 1000 unknown /CN=OCSP
+R 240711093313Z 230621000000Z 1001 unknown /CN=Server
--- /dev/null
+++ b/test/recipes/80-test_ocsp_check_data/index-valid.txt
@@ -0,0 +1,2 @@
+V 240711093229Z 1000 unknown /CN=OCSP
+V 240711093313Z 1001 unknown /CN=Server
--- /dev/null
+++ b/test/recipes/80-test_ocsp_check_data/ocsp.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDZ2OLi8cpvoinQ
+bs4YEmk9GdQNcg9+zBRHy/YRJF+bbdreINweLYigHg2D3rcJnrjXkNAmd08aD0x+
+4iq58Tvy5P48VZ+c1R3XUs1YQR20sKgnM8w+uF2SXxX18Idy31pNErYh3J8jVpBi
+moMP9dC22iNB4kTKf1ORM6HaKnHM8wg3JzXv9lVoIQgAgyAmJOoQXhQ8Kn1AOj3j
+vp1Jgm2hI4e2MTjgjraT9sKxPXIZkKnTwnZX88MpE9HvsQ7XV2CdYmMry+L69X68
+bl3S1eisDjeIvHPtz6TenZs7wxbupy7OtdOKRxa/mDh9C76XHiNPoukUF1NVZ93S
+647ud7enAgMBAAECggEAFy+JbQxn9nwExZ2Cy4wWGFM0lF5vPhhmu4IpRTIhB4Vo
+gIYbIg5y6/vBhidWRYICUVXP2ZrkLTVd97kxlqBmuCzdeZAcEKXxavacoAfaK142
+n2mDaP+CsgPzGJMfj2nXOLxvlxNd+qBey1J/oDC8+eEl/yqfwLT5hiA/2dz08hI6
+IU0BudOB6H5iBK74MJsubdm0tsY4iqTykXeiR+n5dvVGDXLUX74BDHlD9O7AAo10
+h74Vw22luigsV0spCVLoOYy6z9KMkOaHZRruPmF3UCsfJZFY2y6uMapvbdgUavr9
+5fpsx40ep/mjRkYainHfJK1YkV/AoTxKjPQu2owJIQKBgQD0akN75lGXaAMQ0oEA
+1UrvZg75BQxPN+3qVtyynoQGVh58uRIaeG4DQdtc4nNPYI6o6NGbJk4T4wXU7W/3
+XUr+U/LdSGpHfM9gXGCUNgoJeUKY3NLUGdE4DIGDiJrmJfd5NDj37+PAQUTLBO49
+A0+BPnictZPffXuXCGL7lt7hYQKBgQDkLD9jV6HNtv8pAxFdQM+89NhWZCvpuTAs
+rihG3ebblBotMuGsrZDJ75UKq5wPEGCZWDc5q2h8L6CiyQF7Vht4/pi4NEhsA9My
+5hOGUJJVvvFmEIYz0GoCGqoDqag1XpKx8MYMvcc52bhzsYCy+dpnqraISeyiFPLM
+hdy+3jROBwKBgAqKEoLjOZ13xLoS+bEZgXO1SOwABbncxYuXV0j0gOjtCb+DE37E
+tqm5S0ZEFYjUtxIdh/xSuIcvAO9flbZq9XLmF9Dm8H5IqYCUOy3o7qHd8rs4unae
+7mCmWWdcmqFV/cfiMpquY3nE1rySZ9uFqwX9taG8SrYWaR/oIqyKou3BAoGBAJgX
+2oT4s/UxJzKKRffYLOEygEZN7WuVMsSFrnlWjv0M4soAIaf95gaFOd7r91GfRBTT
+VbSOSk6FXNlFjUROaG+lnd0jlKbTgeNqs9cTPAgGCFlVaG9/XDpc1bktTN+OU9Bi
+w1FY60TnmOkdh8FFhM0XYSbFyANeXV3xWOytp0XfAoGBAO2FkR3oGd3DSJmeljwJ
+HciEmlYCk38z93mZXiDTh4axS+mxAMYVRXt0dDUveyImlpcGi9coYmQPEzgk6spQ
+DOeRzRQcWQWfny9/UoGFU/Kv6QmpteAWaSjinBWKONx9d5AGzAkzms79tS8JMeL5
++wlkyD8NclbRA+ILu+V8HLed
+-----END PRIVATE KEY-----
--- /dev/null
+++ b/test/recipes/80-test_ocsp_check_data/ocsp.pem
@@ -0,0 +1,75 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4096 (0x1000)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=Root CA
+ Validity
+ Not Before: Jul 12 09:32:29 2023 GMT
+ Not After : Jul 11 09:32:29 2024 GMT
+ Subject: CN=OCSP
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:d9:d8:e2:e2:f1:ca:6f:a2:29:d0:6e:ce:18:12:
+ 69:3d:19:d4:0d:72:0f:7e:cc:14:47:cb:f6:11:24:
+ 5f:9b:6d:da:de:20:dc:1e:2d:88:a0:1e:0d:83:de:
+ b7:09:9e:b8:d7:90:d0:26:77:4f:1a:0f:4c:7e:e2:
+ 2a:b9:f1:3b:f2:e4:fe:3c:55:9f:9c:d5:1d:d7:52:
+ cd:58:41:1d:b4:b0:a8:27:33:cc:3e:b8:5d:92:5f:
+ 15:f5:f0:87:72:df:5a:4d:12:b6:21:dc:9f:23:56:
+ 90:62:9a:83:0f:f5:d0:b6:da:23:41:e2:44:ca:7f:
+ 53:91:33:a1:da:2a:71:cc:f3:08:37:27:35:ef:f6:
+ 55:68:21:08:00:83:20:26:24:ea:10:5e:14:3c:2a:
+ 7d:40:3a:3d:e3:be:9d:49:82:6d:a1:23:87:b6:31:
+ 38:e0:8e:b6:93:f6:c2:b1:3d:72:19:90:a9:d3:c2:
+ 76:57:f3:c3:29:13:d1:ef:b1:0e:d7:57:60:9d:62:
+ 63:2b:cb:e2:fa:f5:7e:bc:6e:5d:d2:d5:e8:ac:0e:
+ 37:88:bc:73:ed:cf:a4:de:9d:9b:3b:c3:16:ee:a7:
+ 2e:ce:b5:d3:8a:47:16:bf:98:38:7d:0b:be:97:1e:
+ 23:4f:a2:e9:14:17:53:55:67:dd:d2:eb:8e:ee:77:
+ b7:a7
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 2B:C9:AC:45:83:BB:96:5B:73:77:1A:F8:DB:F9:98:44:C6:E8:55:95
+ X509v3 Authority Key Identifier:
+ 63:2F:CE:D5:F6:6A:93:75:66:0C:08:D3:41:6F:A1:DA:CB:B3:B0:3E
+ Signature Algorithm: sha256WithRSAEncryption
+ Signature Value:
+ 02:87:49:a3:6f:c4:59:38:94:f9:f7:1a:ff:6f:4c:b4:6b:bd:
+ d2:79:98:5c:90:a8:49:45:ec:91:4e:ac:45:ec:8d:81:7f:ce:
+ ea:2f:93:c1:40:49:d4:c7:f2:ae:c0:60:1d:7d:65:91:83:63:
+ 51:4c:f0:ce:ef:81:dc:43:a6:b3:01:39:66:52:2d:1d:08:16:
+ a7:a7:54:78:e6:7a:06:49:5f:86:37:12:48:42:ab:37:a9:c0:
+ 04:98:70:45:50:9e:6d:30:6d:6d:81:05:79:1b:5c:2b:75:b9:
+ a8:46:22:4a:80:c9:ab:7c:f7:b2:63:69:ed:08:31:32:bd:8e:
+ f8:d7:8e:8e:29:8e:f6:b0:52:c2:a3:19:c1:e0:88:de:de:94:
+ 4f:f1:a5:9b:1c:1c:c0:11:79:7f:df:38:1b:97:a9:6c:26:fc:
+ 7e:31:f5:78:ba:c1:1d:e6:7c:e1:8e:b3:c5:91:fc:f6:5f:44:
+ 18:44:0b:15:c8:94:a5:a7:02:58:2f:be:f4:e4:80:0a:ce:8e:
+ 33:36:dd:0f:39:d3:b6:ae:57:d2:46:b4:a2:d1:49:c9:29:a7:
+ a0:a7:62:a7:2e:2d:7d:91:94:12:f7:55:13:54:d5:4e:4d:eb:
+ 1f:78:a7:9e:a9:93:f9:6c:a9:ec:97:2e:c6:04:67:fa:95:47:
+ 1e:2c:d2:74
+-----BEGIN CERTIFICATE-----
+MIIC6jCCAdKgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UEAwwHUm9v
+dCBDQTAeFw0yMzA3MTIwOTMyMjlaFw0yNDA3MTEwOTMyMjlaMA8xDTALBgNVBAMM
+BE9DU1AwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ2OLi8cpvoinQ
+bs4YEmk9GdQNcg9+zBRHy/YRJF+bbdreINweLYigHg2D3rcJnrjXkNAmd08aD0x+
+4iq58Tvy5P48VZ+c1R3XUs1YQR20sKgnM8w+uF2SXxX18Idy31pNErYh3J8jVpBi
+moMP9dC22iNB4kTKf1ORM6HaKnHM8wg3JzXv9lVoIQgAgyAmJOoQXhQ8Kn1AOj3j
+vp1Jgm2hI4e2MTjgjraT9sKxPXIZkKnTwnZX88MpE9HvsQ7XV2CdYmMry+L69X68
+bl3S1eisDjeIvHPtz6TenZs7wxbupy7OtdOKRxa/mDh9C76XHiNPoukUF1NVZ93S
+647ud7enAgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCvJrEWDu5Zbc3ca
++Nv5mETG6FWVMB8GA1UdIwQYMBaAFGMvztX2apN1ZgwI00FvodrLs7A+MA0GCSqG
+SIb3DQEBCwUAA4IBAQACh0mjb8RZOJT59xr/b0y0a73SeZhckKhJReyRTqxF7I2B
+f87qL5PBQEnUx/KuwGAdfWWRg2NRTPDO74HcQ6azATlmUi0dCBanp1R45noGSV+G
+NxJIQqs3qcAEmHBFUJ5tMG1tgQV5G1wrdbmoRiJKgMmrfPeyY2ntCDEyvY74146O
+KY72sFLCoxnB4Ije3pRP8aWbHBzAEXl/3zgbl6lsJvx+MfV4usEd5nzhjrPFkfz2
+X0QYRAsVyJSlpwJYL7705IAKzo4zNt0POdO2rlfSRrSi0UnJKaegp2KnLi19kZQS
+91UTVNVOTesfeKeeqZP5bKnsly7GBGf6lUceLNJ0
+-----END CERTIFICATE-----
--- /dev/null
+++ b/test/recipes/80-test_ocsp_check_data/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDb4qMIdALYSZd7
+/RBJ5PTRZS23d4SkIxZuOGXiSdYNyDNqg+jZZ5HPJu1ZcZFZ7AYINCAnk/yv1rPd
+Aoz50sZKTjHacQZLhaSds0PlN5/TrkwU0WUbalFWm5D6LB+VlDdkOSWSO3UNo23n
+X3wBMCWL9tTqNCwzNx8o3P6L8gjEOyOU3lIB3DU0FgGZN0Fkk7ZrbZxoln78Hcgf
+wBxWC2SafOwU9zofjdcEQr4Q6kAKDK1M7EYbq8U67BUS7SRRoj2Ub6KNhTGCuH5f
+0M4umykvong4bvqYqmrpAM0qV/F0ngus8qJgAH21AeHAvG9iuP/AphbslKFl+Me5
+3J3/2A/lAgMBAAECggEAAsC9Ist1B6kwNNSvwgUUTZTTNDNSXU21J68cE2+yNtz1
+S9WX8jTaPfoySYbi93m9f5fLeUNgjAEHonI4Op55bg+5jw8QMZzcOT83z+RY42kQ
+ucf/WI8Fsqxi7cbkpFZFNUOD5WdKKWAM7bMj1c35Al4WP1Jk5UVA5h2SMEVY97/x
+2TeQIzxBVX7w8d3jSHQXizWLB06IRs0F1Kpp0qIXJ558GcWEYVLk7ORIcJACWJSh
+UmhmtUVXI5OoWTTk4Ac7wus5GlCaLkwZ1RxV8iSwlQ5dhEBdDPRofrH9QgeULJrq
+l+G+Cv32FizTzC3QuiPrXrbfPVxffYZuJ5g2RORh9wKBgQD4IqS3WzXYOoKwkA5d
+8rVAL55tTE8I7/GZCoMrmRsXKV/30gJjhDlf5TyKWpFB7gcxBBZhd+lK/daH8d+S
+EAeBdN45VM/xbQkVKyfOQMQ5JuKmLJUyUP7yevMDZ0TYWQGDWmnVMzhfICIKWQvM
+lnPqCHFeYx+zWFBTDukr+aitywKBgQDi2sY1KAJiC24M7DILvjF0vFQGIPCyoOfQ
+VKemT3O5BKXbEK/WgBmTHMZzGPUGCZ7dxjEeTpE1d6YIadSa3FMyA34PWi8+3jdn
+lGSnK5MBlfKnk8Qo5vYOKPMgVmRPzqyJ8gUorNvAUEKZeFjV+wZeX/0yxSunumCj
+dfOk2TWDDwKBgEQE0xxED32HhH2774RHXPIMW6Rgb6XmiFbIb+6KmMd/mwQG+Iqp
+G0UzRKY0b28gPa5tDWmIglYBQUagwgV7CWOuUqBqpFns5rl7y/yY+nEkPKsKu5dA
+ZrK3i1gafd/EfkqwhSRhVwmUeGBXyok5kOrNh641A+KYyeQKyVY5qMiDAoGALJgb
+DIn/5ewfRxULRXmu2SbIUagaCNNOnop1pmDJ+93pCKZAGqd135BxhmCqkfREMY5r
+S2zgaKVLky3SqFqVVCiRmEz/KpmeRJNMMfyD2nTyjXSjw/Ka/e+Y04uIDpQvILLd
+xsAsNqLQZMDenbnJ57Vw3ZEa4s7lflyKd6ZnOYsCgYEA5jRpE1+lw1mAieDNovqH
+Mp2VwrmuFWhkeC7RW0G8ngNRzP9K6p77cDZGuR8GO5OHhpC3JG14OhOGL5rmDcwc
+ufXRlGMeAfWSY6EOY2hPWltML4EiX0zRESipQty8ns/HekIVlmOh4sv+3N3EqLlE
+edJcYLfcg1FGwnVQLHuVhy4=
+-----END PRIVATE KEY-----
--- /dev/null
+++ b/test/recipes/80-test_ocsp_check_data/server.pem
@@ -0,0 +1,75 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4097 (0x1001)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=Root CA
+ Validity
+ Not Before: Jul 12 09:33:13 2023 GMT
+ Not After : Jul 11 09:33:13 2024 GMT
+ Subject: CN=Server
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:db:e2:a3:08:74:02:d8:49:97:7b:fd:10:49:e4:
+ f4:d1:65:2d:b7:77:84:a4:23:16:6e:38:65:e2:49:
+ d6:0d:c8:33:6a:83:e8:d9:67:91:cf:26:ed:59:71:
+ 91:59:ec:06:08:34:20:27:93:fc:af:d6:b3:dd:02:
+ 8c:f9:d2:c6:4a:4e:31:da:71:06:4b:85:a4:9d:b3:
+ 43:e5:37:9f:d3:ae:4c:14:d1:65:1b:6a:51:56:9b:
+ 90:fa:2c:1f:95:94:37:64:39:25:92:3b:75:0d:a3:
+ 6d:e7:5f:7c:01:30:25:8b:f6:d4:ea:34:2c:33:37:
+ 1f:28:dc:fe:8b:f2:08:c4:3b:23:94:de:52:01:dc:
+ 35:34:16:01:99:37:41:64:93:b6:6b:6d:9c:68:96:
+ 7e:fc:1d:c8:1f:c0:1c:56:0b:64:9a:7c:ec:14:f7:
+ 3a:1f:8d:d7:04:42:be:10:ea:40:0a:0c:ad:4c:ec:
+ 46:1b:ab:c5:3a:ec:15:12:ed:24:51:a2:3d:94:6f:
+ a2:8d:85:31:82:b8:7e:5f:d0:ce:2e:9b:29:2f:a2:
+ 78:38:6e:fa:98:aa:6a:e9:00:cd:2a:57:f1:74:9e:
+ 0b:ac:f2:a2:60:00:7d:b5:01:e1:c0:bc:6f:62:b8:
+ ff:c0:a6:16:ec:94:a1:65:f8:c7:b9:dc:9d:ff:d8:
+ 0f:e5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Subject Key Identifier:
+ 3E:48:4E:C9:24:FA:DE:27:EA:A4:98:81:2A:06:12:9A:F6:FA:17:4E
+ X509v3 Authority Key Identifier:
+ 63:2F:CE:D5:F6:6A:93:75:66:0C:08:D3:41:6F:A1:DA:CB:B3:B0:3E
+ Signature Algorithm: sha256WithRSAEncryption
+ Signature Value:
+ 22:fe:de:97:6e:e8:5d:65:91:f0:70:af:97:85:53:5e:8e:c8:
+ 88:9b:e5:b3:33:d4:21:b9:3b:09:b7:72:70:16:8c:a8:0e:80:
+ 0f:1b:03:cb:95:94:ae:40:e2:3b:54:06:ec:1e:f5:bc:58:8a:
+ 22:57:cf:fe:14:b0:15:8c:18:5d:9d:fe:0e:70:55:26:c5:cc:
+ 92:f3:bf:03:19:e6:bd:41:b5:c3:cf:15:d3:e9:10:df:65:2a:
+ 68:c0:a3:df:93:a4:b1:66:20:94:1d:df:0a:9c:05:e7:74:a1:
+ 1a:39:db:c2:5b:78:8c:0c:f6:5e:30:80:cc:39:04:8a:8c:db:
+ 81:c1:5b:b4:3e:c2:ba:ae:06:ec:19:91:b4:a5:46:05:e7:8c:
+ ef:88:3f:d1:38:d3:37:42:88:25:c2:43:9b:df:7f:7c:15:c3:
+ 7b:72:d2:b6:49:45:ce:c8:ce:f1:2d:be:7b:86:1c:31:8d:c9:
+ de:51:d4:06:9f:1d:f2:86:ac:bf:5f:4d:da:31:26:70:ce:e1:
+ 0a:87:1f:a9:73:24:78:a2:4a:c2:73:ea:4c:6b:2c:a7:b6:1c:
+ d7:c3:5e:3a:8a:f9:02:54:62:73:a2:a6:3e:e5:d6:2d:6f:6e:
+ ba:57:11:20:d1:41:2e:c7:6b:d8:7d:70:5e:1d:17:03:5e:a7:
+ 16:c9:4b:fb
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAdSgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UEAwwHUm9v
+dCBDQTAeFw0yMzA3MTIwOTMzMTNaFw0yNDA3MTEwOTMzMTNaMBExDzANBgNVBAMM
+BlNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANviowh0AthJ
+l3v9EEnk9NFlLbd3hKQjFm44ZeJJ1g3IM2qD6Nlnkc8m7VlxkVnsBgg0ICeT/K/W
+s90CjPnSxkpOMdpxBkuFpJ2zQ+U3n9OuTBTRZRtqUVabkPosH5WUN2Q5JZI7dQ2j
+bedffAEwJYv21Oo0LDM3Hyjc/ovyCMQ7I5TeUgHcNTQWAZk3QWSTtmttnGiWfvwd
+yB/AHFYLZJp87BT3Oh+N1wRCvhDqQAoMrUzsRhurxTrsFRLtJFGiPZRvoo2FMYK4
+fl/Qzi6bKS+ieDhu+piqaukAzSpX8XSeC6zyomAAfbUB4cC8b2K4/8CmFuyUoWX4
+x7ncnf/YD+UCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUPkhOyST63ifq
+pJiBKgYSmvb6F04wHwYDVR0jBBgwFoAUYy/O1fZqk3VmDAjTQW+h2suzsD4wDQYJ
+KoZIhvcNAQELBQADggEBACL+3pdu6F1lkfBwr5eFU16OyIib5bMz1CG5Owm3cnAW
+jKgOgA8bA8uVlK5A4jtUBuwe9bxYiiJXz/4UsBWMGF2d/g5wVSbFzJLzvwMZ5r1B
+tcPPFdPpEN9lKmjAo9+TpLFmIJQd3wqcBed0oRo528JbeIwM9l4wgMw5BIqM24HB
+W7Q+wrquBuwZkbSlRgXnjO+IP9E40zdCiCXCQ5vff3wVw3ty0rZJRc7IzvEtvnuG
+HDGNyd5R1AafHfKGrL9fTdoxJnDO4QqHH6lzJHiiSsJz6kxrLKe2HNfDXjqK+QJU
+YnOipj7l1i1vbrpXESDRQS7Ha9h9cF4dFwNepxbJS/s=
+-----END CERTIFICATE-----
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4649,3 +4649,4 @@ fips_sli_RAND_bytes_is_approved
fips_sli_RAND_priv_bytes_is_approved 6610 1_1_1l EXIST::FUNCTION:
FIPS_entropy_init 6611 1_1_1l EXIST::FUNCTION:
FIPS_entropy_cleanup 6612 1_1_1l EXIST::FUNCTION:
+OCSP_RESPONSE_check_status 6613 1_1_1l EXIST::FUNCTION:OCSP