pool/openssl-1_1
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 805872 from home:vitezslav_cizek:branches:security:tls

Browse Source 
- Limit the DRBG selftests to not deplete entropy (bsc#1165274)
  * fixes also Firefox crashing with Kerberos (bsc#1167132)
  * update openssl-fips_selftest_upstream_drbg.patch

OBS-URL: https://build.opensuse.org/request/show/805872
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=70
This commit is contained in:
Pedro Monreal Gonzalez 2020-05-15 15:20:55 +00:00 committed by Git OBS Bridge
parent 5a11d9c32d
commit e4417781b1
2 changed files with 29 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
openssl-1_1.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Fri May 15 09:51:22 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
- Limit the DRBG selftests to not deplete entropy (bsc#1165274)
* fixes also Firefox crashing with Kerberos (bsc#1167132)
* update openssl-fips_selftest_upstream_drbg.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Apr 21 13:47:04 UTC 2020 - Vítězslav Čížek <vcizek@suse.com> Tue Apr 21 13:47:04 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>

43
openssl-fips_selftest_upstream_drbg.patch
View File

@ -1,8 +1,8 @@
Index: openssl-1.1.1e/crypto/fips/drbgtest.c Index: openssl-1.1.1g/crypto/fips/drbgtest.c
=================================================================== ===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1e/crypto/fips/drbgtest.c 2020-03-20 14:15:42.114115340 +0100 +++ openssl-1.1.1g/crypto/fips/drbgtest.c 2020-05-15 16:20:15.962172616 +0200
@@ -0,0 +1,1178 @@ @@ -0,0 +1,1179 @@
+/* +/*
+ * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * + *
@ -34,7 +34,6 @@ Index: openssl-1.1.1e/crypto/fips/drbgtest.c
+# include <unistd.h> +# include <unistd.h>
+#endif +#endif
+ +
+//#include "../../test/testutil.h"
+#include "../../test/drbgtest.h" +#include "../../test/drbgtest.h"
+ +
+typedef struct drbg_selftest_data_st { +typedef struct drbg_selftest_data_st {
@ -1139,9 +1138,11 @@ Index: openssl-1.1.1e/crypto/fips/drbgtest.c
+fin: +fin:
+ res = 1; + res = 1;
+err: +err:
+#if 0
+ if (!res) + if (!res)
+ //TEST_note("DRBG %zd case %zd block %zd", n / crngt_num_cases, + TEST_note("DRBG %zd case %zd block %zd", n / crngt_num_cases,
+ //crngt_case, crngt_idx); + crngt_case, crngt_idx);
+#endif
+ uninstantiate(drbg); + uninstantiate(drbg);
+ RAND_DRBG_free(drbg); + RAND_DRBG_free(drbg);
+ crngt_get_entropy = &rand_crngt_get_entropy_cb; + crngt_get_entropy = &rand_crngt_get_entropy_cb;
@ -1162,9 +1163,9 @@ Index: openssl-1.1.1e/crypto/fips/drbgtest.c
+ return 0; + return 0;
+ } + }
+ +
+#if 0
+ if (!test_rand_drbg_reseed()) + if (!test_rand_drbg_reseed())
+ return 0; + return 0;
+#if 0
+ if (!test_rand_seed()) + if (!test_rand_seed())
+ return 0; + return 0;
+ if (!test_rand_add()) + if (!test_rand_add())
@ -1181,10 +1182,10 @@ Index: openssl-1.1.1e/crypto/fips/drbgtest.c
+ return 1; + return 1;
+} +}
+ +
Index: openssl-1.1.1e/crypto/fips/drbgtest.h Index: openssl-1.1.1g/crypto/fips/drbgtest.h
=================================================================== ===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.1e/crypto/fips/drbgtest.h 2020-03-20 14:15:42.114115340 +0100 +++ openssl-1.1.1g/crypto/fips/drbgtest.h 2020-05-15 16:19:01.662586731 +0200
@@ -0,0 +1,579 @@ @@ -0,0 +1,579 @@
+/* +/*
+ * Copyright 2011-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2017 The OpenSSL Project Authors. All Rights Reserved.
@ -1765,10 +1766,10 @@ Index: openssl-1.1.1e/crypto/fips/drbgtest.h
+ 0xef, 0xd2, 0xd8, 0x5c, 0xdc, 0x62, 0x25, 0x9f, 0xaa, 0x1e, 0x2c, 0x67, + 0xef, 0xd2, 0xd8, 0x5c, 0xdc, 0x62, 0x25, 0x9f, 0xaa, 0x1e, 0x2c, 0x67,
+ 0xf6, 0x02, 0x32, 0xe2 + 0xf6, 0x02, 0x32, 0xe2
+}; +};
Index: openssl-1.1.1e/crypto/fips/fips_post.c Index: openssl-1.1.1g/crypto/fips/fips_post.c
=================================================================== ===================================================================
--- openssl-1.1.1e.orig/crypto/fips/fips_post.c 2020-03-20 14:15:40.018104341 +0100 --- openssl-1.1.1g.orig/crypto/fips/fips_post.c 2020-05-15 16:18:44.030685013 +0200
+++ openssl-1.1.1e/crypto/fips/fips_post.c 2020-03-20 14:15:42.114115340 +0100 +++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-05-15 16:19:01.662586731 +0200
@@ -51,7 +51,6 @@ @@ -51,7 +51,6 @@
#include <openssl/crypto.h> #include <openssl/crypto.h>
@ -1777,10 +1778,10 @@ Index: openssl-1.1.1e/crypto/fips/fips_post.c
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/bio.h> #include <openssl/bio.h>
#include <openssl/hmac.h> #include <openssl/hmac.h>
Index: openssl-1.1.1e/crypto/fips/build.info Index: openssl-1.1.1g/crypto/fips/build.info
=================================================================== ===================================================================
--- openssl-1.1.1e.orig/crypto/fips/build.info 2020-03-20 14:15:40.018104341 +0100 --- openssl-1.1.1g.orig/crypto/fips/build.info 2020-05-15 16:18:44.030685013 +0200
+++ openssl-1.1.1e/crypto/fips/build.info 2020-03-20 14:15:42.114115340 +0100 +++ openssl-1.1.1g/crypto/fips/build.info 2020-05-15 16:19:01.662586731 +0200
@@ -2,7 +2,7 @@ LIBS=../../libcrypto @@ -2,7 +2,7 @@ LIBS=../../libcrypto
SOURCE[../../libcrypto]=\ SOURCE[../../libcrypto]=\
fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c \ fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c \
@ -1790,10 +1791,10 @@ Index: openssl-1.1.1e/crypto/fips/build.info
fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \ fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \ fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
fips_dh_selftest.c fips_ers.c fips_dh_selftest.c fips_ers.c
Index: openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c Index: openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c
=================================================================== ===================================================================
--- openssl-1.1.1e.orig/crypto/fips/fips_drbg_selftest.c 2020-03-20 14:15:40.018104341 +0100 --- openssl-1.1.1g.orig/crypto/fips/fips_drbg_selftest.c 2020-05-15 16:18:44.030685013 +0200
+++ openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c 2020-03-20 14:15:42.114115340 +0100 +++ openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c 2020-05-15 16:19:01.666586709 +0200
@@ -774,6 +774,7 @@ int FIPS_drbg_health_check(DRBG_CTX *dct @@ -774,6 +774,7 @@ int FIPS_drbg_health_check(DRBG_CTX *dct
return rv; return rv;
} }
@ -1810,10 +1811,10 @@ Index: openssl-1.1.1e/crypto/fips/fips_drbg_selftest.c
int FIPS_selftest_drbg_all(void) int FIPS_selftest_drbg_all(void)
{ {
Index: openssl-1.1.1e/crypto/fips/fips.c Index: openssl-1.1.1g/crypto/fips/fips.c
=================================================================== ===================================================================
--- openssl-1.1.1e.orig/crypto/fips/fips.c 2020-03-20 14:15:40.018104341 +0100 --- openssl-1.1.1g.orig/crypto/fips/fips.c 2020-05-15 16:18:44.030685013 +0200
+++ openssl-1.1.1e/crypto/fips/fips.c 2020-03-20 14:15:42.114115340 +0100 +++ openssl-1.1.1g/crypto/fips/fips.c 2020-05-15 16:19:01.666586709 +0200
@@ -50,7 +50,6 @@ @@ -50,7 +50,6 @@
#define _GNU_SOURCE #define _GNU_SOURCE