pool/openssl-3
SHA256
11
0
Fork 2
Code Issues Pull Requests Activity

Accepting request 1221596 from security:tls

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1221596
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-3?expand=0&rev=33
This commit is contained in:
Ana Guerrero
2024-11-06 15:49:16 +00:00
committed by Git OBS Bridge
parent dcc7abb986 8c598ed63d
commit 45b932767a
71 changed files with 5909 additions and 6864 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
View File

@@ -49,11 +49,11 @@ Signed-off-by: Clemens Lang <cllang@redhat.com>
test/smime-certs/smrsa3.pem | 38 ++++++------
19 files changed, 286 insertions(+), 256 deletions(-)
Index: openssl-3.1.4/providers/implementations/signature/dsa_sig.c
Index: openssl-3.2.3/providers/implementations/signature/dsa_sig.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/signature/dsa_sig.c
+++ openssl-3.1.4/providers/implementations/signature/dsa_sig.c
@@ -127,11 +127,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ct
--- openssl-3.2.3.orig/providers/implementations/signature/dsa_sig.c
+++ openssl-3.2.3/providers/implementations/signature/dsa_sig.c
@@ -129,11 +129,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ct
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
int md_nid;
size_t mdname_len = strlen(mdname);
@@ -65,11 +65,11 @@ Index: openssl-3.1.4/providers/implementations/signature/dsa_sig.c
md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
sha1_allowed);
Index: openssl-3.1.4/providers/implementations/signature/ecdsa_sig.c
Index: openssl-3.2.3/providers/implementations/signature/ecdsa_sig.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/signature/ecdsa_sig.c
+++ openssl-3.1.4/providers/implementations/signature/ecdsa_sig.c
@@ -237,11 +237,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX
--- openssl-3.2.3.orig/providers/implementations/signature/ecdsa_sig.c
+++ openssl-3.2.3/providers/implementations/signature/ecdsa_sig.c
@@ -247,11 +247,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX
"%s could not be fetched", mdname);
return 0;
}
@@ -81,11 +81,11 @@ Index: openssl-3.1.4/providers/implementations/signature/ecdsa_sig.c
md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
sha1_allowed);
if (md_nid < 0) {
Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
Index: openssl-3.2.3/providers/implementations/signature/rsa_sig.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.1.4/providers/implementations/signature/rsa_sig.c
@@ -306,11 +306,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ct
--- openssl-3.2.3.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.2.3/providers/implementations/signature/rsa_sig.c
@@ -321,11 +321,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ct
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
int md_nid;
size_t mdname_len = strlen(mdname);
@@ -97,7 +97,7 @@ Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
sha1_allowed);
@@ -1414,8 +1410,10 @@ static int rsa_set_ctx_params(void *vprs
@@ -1416,8 +1412,10 @@ static int rsa_set_ctx_params(void *vprs
if (prsactx->md == NULL && pmdname == NULL
&& pad_mode == RSA_PKCS1_PSS_PADDING) {
@@ -109,10 +109,10 @@ Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) {
pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY;
}
Index: openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
Index: openssl-3.2.3/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
===================================================================
--- openssl-3.1.4.orig/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+++ openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
--- openssl-3.2.3.orig/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+++ openssl-3.2.3/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
@@ -37,12 +37,14 @@ PrivPubKeyPair = P-256:P-256-PUBLIC
Title = ECDSA tests
@@ -167,10 +167,10 @@ Index: openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
Verify = P-256-PUBLIC
Ctrl = digest:SHA1
Input = "0123456789ABCDEF1234"
Index: openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
Index: openssl-3.2.3/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
===================================================================
--- openssl-3.1.4.orig/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+++ openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
--- openssl-3.2.3.orig/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+++ openssl-3.2.3/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
@@ -96,6 +96,7 @@ NDL6WCBbets=
Title = RSA tests
@@ -282,27 +282,27 @@ Index: openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
Verify = RSA-2048-PUBLIC
Ctrl = digest:SHA1
Input = "0123456789ABCDEF1234"
@@ -371,6 +386,8 @@ Input="0123456789ABCDEF0123456789ABCDEF"
@@ -858,6 +873,8 @@ Input="0123456789ABCDEF0123456789ABCDEF"
Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
# Verify using salt length auto detect
+# In the FIPS provider on RHEL-9, the default digest for PSS signatures is SHA-256
+# In the FIPS provider on SUSE/openSUSE, the default digest for PSS signatures is SHA-256
+Availablein = default
Verify = RSA-2048-PUBLIC
Ctrl = rsa_padding_mode:pss
Ctrl = rsa_pss_saltlen:auto
@@ -405,6 +422,10 @@ Output=4DE433D5844043EF08D354DA03CB29068
@@ -892,6 +909,10 @@ Output=4DE433D5844043EF08D354DA03CB29068
Result = VERIFY_ERROR
# Verify using default parameters, explicitly setting parameters
+# NOTE: RSA-PSS-DEFAULT contains a restriction to use SHA1 as digest, which
+# RHEL-9 does not support in FIPS mode; all these tests are thus marked
+# SUSE/openSUSE do not support in FIPS mode; all these tests are thus marked
+# Availablein = default.
+Availablein = default
Verify = RSA-PSS-DEFAULT
Ctrl = rsa_padding_mode:pss
Ctrl = rsa_pss_saltlen:20
@@ -413,6 +434,7 @@ Input="0123456789ABCDEF0123"
@@ -900,6 +921,7 @@ Input="0123456789ABCDEF0123"
Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF
# Verify explicitly setting parameters "digest" salt length
@@ -310,7 +310,7 @@ Index: openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
Verify = RSA-PSS-DEFAULT
Ctrl = rsa_padding_mode:pss
Ctrl = rsa_pss_saltlen:digest
@@ -421,18 +443,21 @@ Input="0123456789ABCDEF0123"
@@ -908,18 +930,21 @@ Input="0123456789ABCDEF0123"
Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF
# Verify using salt length larger than minimum
@@ -332,7 +332,7 @@ Index: openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
Verify = RSA-PSS-DEFAULT
Ctrl = rsa_pss_saltlen:0
Result = PKEY_CTRL_ERROR
@@ -440,21 +465,25 @@ Result = PKEY_CTRL_ERROR
@@ -927,21 +952,25 @@ Result = PKEY_CTRL_ERROR
# Attempt to change padding mode
# Note this used to return PKEY_CTRL_INVALID
# but it is limited because setparams only returns 0 or 1.
@@ -358,7 +358,7 @@ Index: openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
Verify = RSA-PSS-BAD2
Result = KEYOP_INIT_ERROR
Reason = invalid salt length
@@ -473,36 +502,42 @@ CAltWyuLbfXWce9jd8CSHLI8Jwpw4lmOb/idGfEF
@@ -960,36 +989,42 @@ CAltWyuLbfXWce9jd8CSHLI8Jwpw4lmOb/idGfEF
4fINDOjP+yJJvZohNwIDAQAB
-----END PUBLIC KEY-----
@@ -401,7 +401,7 @@ Index: openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
Verify=RSA-PSS-1
Ctrl = rsa_padding_mode:pss
Ctrl = rsa_mgf1_md:sha1
@@ -518,36 +553,42 @@ swU7R97S7NSkyu/WFIM9yLtiLzF+0Ha4BX/o3j+E
@@ -1005,36 +1040,42 @@ swU7R97S7NSkyu/WFIM9yLtiLzF+0Ha4BX/o3j+E
0w5GMTmBXG/U/VrFuBcqRSMOy2MYoE8UVdhOWosCAwEAAQ==
-----END PUBLIC KEY-----
@@ -444,7 +444,7 @@ Index: openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
Verify=RSA-PSS-9
Ctrl = rsa_padding_mode:pss
Ctrl = rsa_mgf1_md:sha1
@@ -565,36 +606,42 @@ F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5
@@ -1052,36 +1093,42 @@ F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5
BQIDAQAB
-----END PUBLIC KEY-----
@@ -487,12 +487,12 @@ Index: openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
Verify=RSA-PSS-10
Ctrl = rsa_padding_mode:pss
Ctrl = rsa_mgf1_md:sha1
@@ -1384,11 +1431,13 @@ Title = RSA FIPS tests
@@ -1817,11 +1864,13 @@ Title = RSA FIPS tests
# FIPS tests
-# Verifying with SHA1 is permitted in fips mode for older applications
+# Verifying with SHA1 is not permitted on RHEL-9 in FIPS mode
+# Verifying with SHA1 is not permitted on SUSE/openSUSE in FIPS mode
+Availablein = fips
DigestVerify = SHA1
Key = RSA-2048
@@ -502,10 +502,10 @@ Index: openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
# Verifying with a 1024 bit key is permitted in fips mode for older applications
DigestVerify = SHA256
Index: openssl-3.1.4/test/recipes/80-test_cms.t
Index: openssl-3.2.3/test/recipes/80-test_cms.t
===================================================================
--- openssl-3.1.4.orig/test/recipes/80-test_cms.t
+++ openssl-3.1.4/test/recipes/80-test_cms.t
--- openssl-3.2.3.orig/test/recipes/80-test_cms.t
+++ openssl-3.2.3/test/recipes/80-test_cms.t
@@ -163,7 +163,7 @@ my @smime_pkcs7_tests = (
[ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-md", "sha1",
"-certfile", $smroot,
@@ -524,11 +524,11 @@ Index: openssl-3.1.4/test/recipes/80-test_cms.t
"-CAfile", $smroot, "-out", "{output}.txt" ],
\&zero_compare
],
Index: openssl-3.1.4/test/recipes/80-test_ssl_old.t
Index: openssl-3.2.3/test/recipes/80-test_ssl_old.t
===================================================================
--- openssl-3.1.4.orig/test/recipes/80-test_ssl_old.t
+++ openssl-3.1.4/test/recipes/80-test_ssl_old.t
@@ -397,6 +397,9 @@ sub testssl {
--- openssl-3.2.3.orig/test/recipes/80-test_ssl_old.t
+++ openssl-3.2.3/test/recipes/80-test_ssl_old.t
@@ -394,6 +394,9 @@ sub testssl {
'test sslv2/sslv3 with 1024bit DHE via BIO pair');
}
@@ -538,7 +538,7 @@ Index: openssl-3.1.4/test/recipes/80-test_ssl_old.t
ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])),
'test sslv2/sslv3 with server authentication');
ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])),
@@ -405,6 +408,7 @@ sub testssl {
@@ -402,6 +405,7 @@ sub testssl {
'test sslv2/sslv3 with both client and server authentication via BIO pair');
ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])),
'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify');
@@ -546,3 +546,25 @@ Index: openssl-3.1.4/test/recipes/80-test_ssl_old.t
SKIP: {
skip "No IPv4 available on this machine", 4
Index: openssl-3.2.3/test/acvp_test.inc
===================================================================
--- openssl-3.2.3.orig/test/acvp_test.inc
+++ openssl-3.2.3/test/acvp_test.inc
@@ -1844,17 +1844,6 @@ static const struct rsa_sigver_st rsa_si
{
"x931",
3072,
- "SHA1",
- ITM(rsa_sigverx931_0_msg),
- ITM(rsa_sigverx931_0_n),
- ITM(rsa_sigverx931_0_e),
- ITM(rsa_sigverx931_0_sig),
- NO_PSS_SALT_LEN,
- PASS
- },
- {
- "x931",
- 3072,
"SHA256",
ITM(rsa_sigverx931_1_msg),
ITM(rsa_sigverx931_1_n),

54
openssl-3-FIPS-GCM-Implement-explicit-indicator-for-IV-gen.patch
View File

@@ -18,23 +18,11 @@ Signed-off-by: Clemens Lang <cllang@redhat.com>
.../ciphers/ciphercommon_gcm.c | 25 +++++++++++++++++++
4 files changed, 34 insertions(+)
Index: openssl-3.1.4/include/openssl/core_names.h
Index: openssl-3.2.3/include/openssl/evp.h
===================================================================
--- openssl-3.1.4.orig/include/openssl/core_names.h
+++ openssl-3.1.4/include/openssl/core_names.h
@@ -99,6 +99,7 @@ extern "C" {
#define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode" /* utf8_string */
/* For passing the AlgorithmIdentifier parameter in DER form */
#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param" /* octet_string */
+#define OSSL_CIPHER_PARAM_SUSE_FIPS_INDICATOR "suse-fips-indicator" /* int */
#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT \
"tls1multi_maxsndfrag" /* uint */
Index: openssl-3.1.4/include/openssl/evp.h
===================================================================
--- openssl-3.1.4.orig/include/openssl/evp.h
+++ openssl-3.1.4/include/openssl/evp.h
@@ -750,6 +750,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER
--- openssl-3.2.3.orig/include/openssl/evp.h
+++ openssl-3.2.3/include/openssl/evp.h
@@ -753,6 +753,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER
void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
@@ -44,12 +32,12 @@ Index: openssl-3.1.4/include/openssl/evp.h
+
__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv);
/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
Index: openssl-3.1.4/providers/implementations/ciphers/ciphercommon.c
__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
Index: openssl-3.2.3/providers/implementations/ciphers/ciphercommon.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/ciphers/ciphercommon.c
+++ openssl-3.1.4/providers/implementations/ciphers/ciphercommon.c
@@ -149,6 +149,10 @@ static const OSSL_PARAM cipher_aead_know
--- openssl-3.2.3.orig/providers/implementations/ciphers/ciphercommon.c
+++ openssl-3.2.3/providers/implementations/ciphers/ciphercommon.c
@@ -152,6 +152,10 @@ static const OSSL_PARAM cipher_aead_know
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0),
@@ -60,13 +48,13 @@ Index: openssl-3.1.4/providers/implementations/ciphers/ciphercommon.c
OSSL_PARAM_END
};
const OSSL_PARAM *ossl_cipher_aead_gettable_ctx_params(
Index: openssl-3.1.4/providers/implementations/ciphers/ciphercommon_gcm.c
Index: openssl-3.2.3/providers/implementations/ciphers/ciphercommon_gcm.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/ciphers/ciphercommon_gcm.c
+++ openssl-3.1.4/providers/implementations/ciphers/ciphercommon_gcm.c
@@ -224,6 +224,31 @@ int ossl_gcm_get_ctx_params(void *vctx,
|| !getivgen(ctx, p->data, p->data_size))
return 0;
--- openssl-3.2.3.orig/providers/implementations/ciphers/ciphercommon_gcm.c
+++ openssl-3.2.3/providers/implementations/ciphers/ciphercommon_gcm.c
@@ -238,6 +238,31 @@ int ossl_gcm_get_ctx_params(void *vctx,
break;
}
}
+
+ /* We would usually hide this under #ifdef FIPS_MODULE, but
@@ -96,3 +84,15 @@ Index: openssl-3.1.4/providers/implementations/ciphers/ciphercommon_gcm.c
return 1;
}
Index: openssl-3.2.3/util/perl/OpenSSL/paramnames.pm
===================================================================
--- openssl-3.2.3.orig/util/perl/OpenSSL/paramnames.pm
+++ openssl-3.2.3/util/perl/OpenSSL/paramnames.pm
@@ -102,6 +102,7 @@ my %params = (
'CIPHER_PARAM_CTS_MODE' => "cts_mode", # utf8_string
# For passing the AlgorithmIdentifier parameter in DER form
'CIPHER_PARAM_ALGORITHM_ID_PARAMS' => "alg_id_param",# octet_string
+ 'CIPHER_PARAM_SUSE_FIPS_INDICATOR' => "suse-fips-indicator",# int
'CIPHER_PARAM_XTS_STANDARD' => "xts_standard",# utf8_string
'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT' => "tls1multi_maxsndfrag",# uint

28
openssl-3-FIPS-PCT_rsa_keygen.patch
View File

@@ -1,28 +0,0 @@
Index: openssl-3.1.4/crypto/rsa/rsa_gen.c
===================================================================
--- openssl-3.1.4.orig/crypto/rsa/rsa_gen.c
+++ openssl-3.1.4/crypto/rsa/rsa_gen.c
@@ -428,7 +428,12 @@ static int rsa_keygen(OSSL_LIB_CTX *libc
#ifdef FIPS_MODULE
ok = ossl_rsa_sp800_56b_generate_key(rsa, bits, e_value, cb);
- pairwise_test = 1; /* FIPS MODE needs to always run the pairwise test */
+ /* FIPS MODE needs to always run the pairwise test. But, the
+ * rsa_keygen_pairwise_test() PCT as self-test requirements will be
+ * covered by do_rsa_pct() for both RSA-OAEP and RSA signatures and
+ * this PCT can be skipped here. See bsc#1221760 for more info.
+ */
+ pairwise_test = 0;
#else
/*
* Only multi-prime keys or insecure keys with a small key length or a
@@ -463,6 +468,9 @@ static int rsa_keygen(OSSL_LIB_CTX *libc
rsa->dmp1 = NULL;
rsa->dmq1 = NULL;
rsa->iqmp = NULL;
+#ifdef FIPS_MODULE
+ abort();
+#endif /* FIPS_MODULE */
}
}
return ok;

82
openssl-3-add-defines-CPACF-funcs.patch Normal file
View File

@@ -0,0 +1,82 @@
commit 518b53b139d7b4ac082ccedd401d2ee08fc66985
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed Jan 31 16:26:52 2024 +0100
s390x: Add defines for new CPACF functions
Add defines for new CPACF functions codes, its required MSA levels, and
document how to disable these functions via the OPENSSL_s390xcap environment
variable.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25161)
diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h
index fdc682af06..88ed866b0d 100644
--- a/crypto/s390x_arch.h
+++ b/crypto/s390x_arch.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -115,6 +115,7 @@ extern int OPENSSL_s390xcex;
# define S390X_MSA5 57 /* message-security-assist-ext. 5 */
# define S390X_MSA3 76 /* message-security-assist-ext. 3 */
# define S390X_MSA4 77 /* message-security-assist-ext. 4 */
+# define S390X_MSA12 86 /* message-security-assist-ext. 12 */
# define S390X_VX 129 /* vector */
# define S390X_VXD 134 /* vector packed decimal */
# define S390X_VXE 135 /* vector enhancements 1 */
@@ -150,6 +151,14 @@ extern int OPENSSL_s390xcex;
/* km */
# define S390X_XTS_AES_128 50
# define S390X_XTS_AES_256 52
+# define S390X_XTS_AES_128_MSA10 82
+# define S390X_XTS_AES_256_MSA10 84
+
+/* kmac */
+# define S390X_HMAC_SHA_224 112
+# define S390X_HMAC_SHA_256 113
+# define S390X_HMAC_SHA_384 114
+# define S390X_HMAC_SHA_512 115
/* prno */
# define S390X_SHA_512_DRNG 3
diff --git a/doc/man3/OPENSSL_s390xcap.pod b/doc/man3/OPENSSL_s390xcap.pod
index d7185530ec..363003d8d3 100644
--- a/doc/man3/OPENSSL_s390xcap.pod
+++ b/doc/man3/OPENSSL_s390xcap.pod
@@ -74,6 +74,7 @@ the numbering is continuous across 64-bit mask boundaries.
:
# 76 1<<51 message-security assist extension 3
# 77 1<<50 message-security assist extension 4
+ # 86 1<<41 message-security-assist extension 12
:
#129 1<<62 vector facility
#134 1<<57 vector packed decimal facility
@@ -110,6 +111,8 @@ the numbering is continuous across 64-bit mask boundaries.
# 50 1<<13 KM-XTS-AES-128
# 52 1<<11 KM-XTS-AES-256
:
+ # 82 1<<45 KM-XTS-AES-128-MSA10
+ # 84 1<<43 KM-XTS-AES-256-MSA10
kmc :
# 18 1<<45 KMC-AES-128
@@ -122,6 +125,10 @@ the numbering is continuous across 64-bit mask boundaries.
# 19 1<<44 KMAC-AES-192
# 20 1<<43 KMAC-AES-256
:
+ # 112 1<<15 KMAC-SHA-224
+ # 113 1<<14 KMAC-SHA-256
+ # 114 1<<13 KMAC-SHA-384
+ # 115 1<<12 KMAC-SHA-512
kmctr:
:

506
openssl-3-add-hw-acceleration-hmac.patch Normal file
View File

@@ -0,0 +1,506 @@
commit 0499de5adda26b1ef09660f70c12b4710b5f7c8a
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Thu Feb 1 15:15:27 2024 +0100
s390x: Add hardware acceleration for HMAC
The CPACF instruction KMAC provides support for accelerating the HMAC
algorithm on newer machines for HMAC with SHA-224, SHA-256, SHA-384, and
SHA-512.
Preliminary measurements showed performance improvements of up to a factor
of 2, dependent on the message size, whether chunking is used and the size
of the chunks.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25161)
Index: openssl-3.2.3/crypto/hmac/build.info
===================================================================
--- openssl-3.2.3.orig/crypto/hmac/build.info
+++ openssl-3.2.3/crypto/hmac/build.info
@@ -2,5 +2,22 @@ LIBS=../../libcrypto
$COMMON=hmac.c
-SOURCE[../../libcrypto]=$COMMON
-SOURCE[../../providers/libfips.a]=$COMMON
+IF[{- !$disabled{asm} -}]
+ IF[{- ($target{perlasm_scheme} // '') ne '31' -}]
+ $HMACASM_s390x=hmac_s390x.c
+ $HMACDEF_s390x=OPENSSL_HMAC_S390X
+ ENDIF
+
+ # Now that we have defined all the arch specific variables, use the
+ # appropriate ones, and define the appropriate macros
+ IF[$HMACASM_{- $target{asm_arch} -}]
+ $HMACASM=$HMACASM_{- $target{asm_arch} -}
+ $HMACDEF=$HMACDEF_{- $target{asm_arch} -}
+ ENDIF
+ENDIF
+
+DEFINE[../../libcrypto]=$HMACDEF
+DEFINE[../../providers/libfips.a]=$HMACDEF
+
+SOURCE[../../libcrypto]=$COMMON $HMACASM
+SOURCE[../../providers/libfips.a]=$COMMON $HMACASM
Index: openssl-3.2.3/crypto/hmac/hmac.c
===================================================================
--- openssl-3.2.3.orig/crypto/hmac/hmac.c
+++ openssl-3.2.3/crypto/hmac/hmac.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -49,6 +49,12 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
if ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0)
return 0;
+#ifdef OPENSSL_HMAC_S390X
+ rv = s390x_HMAC_init(ctx, key, len, impl);
+ if (rv >= 1)
+ return rv;
+#endif
+
if (key != NULL) {
reset = 1;
@@ -111,6 +117,12 @@ int HMAC_Update(HMAC_CTX *ctx, const uns
{
if (!ctx->md)
return 0;
+
+#ifdef OPENSSL_HMAC_S390X
+ if (ctx->plat.s390x.fc)
+ return s390x_HMAC_update(ctx, data, len);
+#endif
+
return EVP_DigestUpdate(ctx->md_ctx, data, len);
}
@@ -122,6 +134,11 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned c
if (!ctx->md)
goto err;
+#ifdef OPENSSL_HMAC_S390X
+ if (ctx->plat.s390x.fc)
+ return s390x_HMAC_final(ctx, md, len);
+#endif
+
if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i))
goto err;
if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->o_ctx))
@@ -161,6 +178,10 @@ static void hmac_ctx_cleanup(HMAC_CTX *c
EVP_MD_CTX_reset(ctx->o_ctx);
EVP_MD_CTX_reset(ctx->md_ctx);
ctx->md = NULL;
+
+#ifdef OPENSSL_HMAC_S390X
+ s390x_HMAC_CTX_cleanup(ctx);
+#endif
}
void HMAC_CTX_free(HMAC_CTX *ctx)
@@ -212,6 +233,12 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_C
if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx))
goto err;
dctx->md = sctx->md;
+
+#ifdef OPENSSL_HMAC_S390X
+ if (s390x_HMAC_CTX_copy(dctx, sctx) == 0)
+ goto err;
+#endif
+
return 1;
err:
hmac_ctx_cleanup(dctx);
Index: openssl-3.2.3/crypto/hmac/hmac_local.h
===================================================================
--- openssl-3.2.3.orig/crypto/hmac/hmac_local.h
+++ openssl-3.2.3/crypto/hmac/hmac_local.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -10,6 +10,10 @@
#ifndef OSSL_CRYPTO_HMAC_LOCAL_H
# define OSSL_CRYPTO_HMAC_LOCAL_H
+# include "internal/common.h"
+# include "internal/numbers.h"
+# include "openssl/sha.h"
+
/* The current largest case is for SHA3-224 */
#define HMAC_MAX_MD_CBLOCK_SIZE 144
@@ -18,6 +22,45 @@ struct hmac_ctx_st {
EVP_MD_CTX *md_ctx;
EVP_MD_CTX *i_ctx;
EVP_MD_CTX *o_ctx;
+
+ /* Platform specific data */
+ union {
+ int dummy;
+# ifdef OPENSSL_HMAC_S390X
+ struct {
+ unsigned int fc; /* 0 if not supported by kmac instruction */
+ int blk_size;
+ int ikp;
+ int iimp;
+ unsigned char *buf;
+ size_t size; /* must be multiple of digest block size */
+ size_t num;
+ union {
+ OSSL_UNION_ALIGN;
+ struct {
+ uint32_t h[8];
+ uint64_t imbl;
+ unsigned char key[64];
+ } hmac_224_256;
+ struct {
+ uint64_t h[8];
+ uint128_t imbl;
+ unsigned char key[128];
+ } hmac_384_512;
+ } param;
+ } s390x;
+# endif /* OPENSSL_HMAC_S390X */
+ } plat;
};
+# ifdef OPENSSL_HMAC_S390X
+# define HMAC_S390X_BUF_NUM_BLOCKS 64
+
+int s390x_HMAC_init(HMAC_CTX *ctx, const void *key, int key_len, ENGINE *impl);
+int s390x_HMAC_update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
+int s390x_HMAC_final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+int s390x_HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
+int s390x_HMAC_CTX_cleanup(HMAC_CTX *ctx);
+# endif /* OPENSSL_HMAC_S390X */
+
#endif
Index: openssl-3.2.3/crypto/hmac/hmac_s390x.c
===================================================================
--- /dev/null
+++ openssl-3.2.3/crypto/hmac/hmac_s390x.c
@@ -0,0 +1,298 @@
+/*
+ * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "crypto/s390x_arch.h"
+#include "hmac_local.h"
+#include "openssl/obj_mac.h"
+#include "openssl/evp.h"
+
+#ifdef OPENSSL_HMAC_S390X
+
+static int s390x_fc_from_md(const EVP_MD *md)
+{
+ int fc;
+
+ switch (EVP_MD_get_type(md)) {
+ case NID_sha224:
+ fc = S390X_HMAC_SHA_224;
+ break;
+ case NID_sha256:
+ fc = S390X_HMAC_SHA_256;
+ break;
+ case NID_sha384:
+ fc = S390X_HMAC_SHA_384;
+ break;
+ case NID_sha512:
+ fc = S390X_HMAC_SHA_512;
+ break;
+ default:
+ return 0;
+ }
+
+ if ((OPENSSL_s390xcap_P.kmac[1] & S390X_CAPBIT(fc)) == 0)
+ return 0;
+
+ return fc;
+}
+
+static void s390x_call_kmac(HMAC_CTX *ctx, const unsigned char *in, size_t len)
+{
+ unsigned int fc = ctx->plat.s390x.fc;
+
+ if (ctx->plat.s390x.ikp)
+ fc |= S390X_KMAC_IKP;
+
+ if (ctx->plat.s390x.iimp)
+ fc |= S390X_KMAC_IIMP;
+
+ switch (ctx->plat.s390x.fc) {
+ case S390X_HMAC_SHA_224:
+ case S390X_HMAC_SHA_256:
+ ctx->plat.s390x.param.hmac_224_256.imbl += ((uint64_t)len * 8);
+ break;
+ case S390X_HMAC_SHA_384:
+ case S390X_HMAC_SHA_512:
+ ctx->plat.s390x.param.hmac_384_512.imbl += ((uint128_t)len * 8);
+ break;
+ default:
+ break;
+ }
+
+ s390x_kmac(in, len, fc, &ctx->plat.s390x.param);
+
+ ctx->plat.s390x.ikp = 1;
+}
+
+int s390x_HMAC_init(HMAC_CTX *ctx, const void *key, int key_len, ENGINE *impl)
+{
+ unsigned char *key_param;
+ unsigned int key_param_len;
+
+ ctx->plat.s390x.fc = s390x_fc_from_md(ctx->md);
+ if (ctx->plat.s390x.fc == 0)
+ return -1; /* Not supported by kmac instruction */
+
+ ctx->plat.s390x.blk_size = EVP_MD_get_block_size(ctx->md);
+ if (ctx->plat.s390x.blk_size < 0)
+ return 0;
+
+ if (ctx->plat.s390x.size !=
+ (size_t)(ctx->plat.s390x.blk_size * HMAC_S390X_BUF_NUM_BLOCKS)) {
+ OPENSSL_clear_free(ctx->plat.s390x.buf, ctx->plat.s390x.size);
+ ctx->plat.s390x.size = 0;
+ ctx->plat.s390x.buf = OPENSSL_zalloc(ctx->plat.s390x.blk_size *
+ HMAC_S390X_BUF_NUM_BLOCKS);
+ if (ctx->plat.s390x.buf == NULL)
+ return 0;
+ ctx->plat.s390x.size = ctx->plat.s390x.blk_size *
+ HMAC_S390X_BUF_NUM_BLOCKS;
+ }
+ ctx->plat.s390x.num = 0;
+
+ ctx->plat.s390x.ikp = 0;
+ ctx->plat.s390x.iimp = 1;
+
+ switch (ctx->plat.s390x.fc) {
+ case S390X_HMAC_SHA_224:
+ case S390X_HMAC_SHA_256:
+ ctx->plat.s390x.param.hmac_224_256.imbl = 0;
+ OPENSSL_cleanse(ctx->plat.s390x.param.hmac_224_256.h,
+ sizeof(ctx->plat.s390x.param.hmac_224_256.h));
+ break;
+ case S390X_HMAC_SHA_384:
+ case S390X_HMAC_SHA_512:
+ ctx->plat.s390x.param.hmac_384_512.imbl = 0;
+ OPENSSL_cleanse(ctx->plat.s390x.param.hmac_384_512.h,
+ sizeof(ctx->plat.s390x.param.hmac_384_512.h));
+ break;
+ default:
+ return 0;
+ }
+
+ if (key != NULL) {
+ switch (ctx->plat.s390x.fc) {
+ case S390X_HMAC_SHA_224:
+ case S390X_HMAC_SHA_256:
+ OPENSSL_cleanse(&ctx->plat.s390x.param.hmac_224_256.key,
+ sizeof(ctx->plat.s390x.param.hmac_224_256.key));
+ key_param = ctx->plat.s390x.param.hmac_224_256.key;
+ key_param_len = sizeof(ctx->plat.s390x.param.hmac_224_256.key);
+ break;
+ case S390X_HMAC_SHA_384:
+ case S390X_HMAC_SHA_512:
+ OPENSSL_cleanse(&ctx->plat.s390x.param.hmac_384_512.key,
+ sizeof(ctx->plat.s390x.param.hmac_384_512.key));
+ key_param = ctx->plat.s390x.param.hmac_384_512.key;
+ key_param_len = sizeof(ctx->plat.s390x.param.hmac_384_512.key);
+ break;
+ default:
+ return 0;
+ }
+
+ if (!ossl_assert(ctx->plat.s390x.blk_size <= (int)key_param_len))
+ return 0;
+
+ if (key_len > ctx->plat.s390x.blk_size) {
+ if (!EVP_DigestInit_ex(ctx->md_ctx, ctx->md, impl)
+ || !EVP_DigestUpdate(ctx->md_ctx, key, key_len)
+ || !EVP_DigestFinal_ex(ctx->md_ctx, key_param,
+ &key_param_len))
+ return 0;
+ } else {
+ if (key_len < 0 || key_len > (int)key_param_len)
+ return 0;
+ memcpy(key_param, key, key_len);
+ /* remaining key bytes already zeroed out above */
+ }
+ }
+
+ return 1;
+}
+
+int s390x_HMAC_update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
+{
+ size_t remain, num;
+
+ if (len == 0)
+ return 1;
+
+ /* buffer is full, process it now */
+ if (ctx->plat.s390x.num == ctx->plat.s390x.size) {
+ s390x_call_kmac(ctx, ctx->plat.s390x.buf, ctx->plat.s390x.num);
+
+ ctx->plat.s390x.num = 0;
+ }
+
+ remain = ctx->plat.s390x.size - ctx->plat.s390x.num;
+ if (len > remain) {
+ /* data does not fit into buffer */
+ if (ctx->plat.s390x.num > 0) {
+ /* first fill buffer and process it */
+ memcpy(&ctx->plat.s390x.buf[ctx->plat.s390x.num], data, remain);
+ ctx->plat.s390x.num += remain;
+
+ s390x_call_kmac(ctx, ctx->plat.s390x.buf, ctx->plat.s390x.num);
+
+ ctx->plat.s390x.num = 0;
+
+ data += remain;
+ len -= remain;
+ }
+
+ if (!ossl_assert(ctx->plat.s390x.num == 0))
+ return 0;
+
+ if (len > ctx->plat.s390x.size) {
+ /*
+ * remaining data is still larger than buffer, process remaining
+ * full blocks of input directly
+ */
+ remain = len % ctx->plat.s390x.blk_size;
+ num = len - remain;
+
+ s390x_call_kmac(ctx, data, num);
+
+ data += num;
+ len -= num;
+ }
+ }
+
+ /* add remaining input data (which is < buffer size) to buffer */
+ if (!ossl_assert(len <= ctx->plat.s390x.size))
+ return 0;
+
+ if (len > 0) {
+ memcpy(&ctx->plat.s390x.buf[ctx->plat.s390x.num], data, len);
+ ctx->plat.s390x.num += len;
+ }
+
+ return 1;
+}
+
+int s390x_HMAC_final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+{
+ void *result;
+ unsigned int res_len;
+
+ ctx->plat.s390x.iimp = 0; /* last block */
+ s390x_call_kmac(ctx, ctx->plat.s390x.buf, ctx->plat.s390x.num);
+
+ ctx->plat.s390x.num = 0;
+
+ switch (ctx->plat.s390x.fc) {
+ case S390X_HMAC_SHA_224:
+ result = &ctx->plat.s390x.param.hmac_224_256.h[0];
+ res_len = SHA224_DIGEST_LENGTH;
+ break;
+ case S390X_HMAC_SHA_256:
+ result = &ctx->plat.s390x.param.hmac_224_256.h[0];
+ res_len = SHA256_DIGEST_LENGTH;
+ break;
+ case S390X_HMAC_SHA_384:
+ result = &ctx->plat.s390x.param.hmac_384_512.h[0];
+ res_len = SHA384_DIGEST_LENGTH;
+ break;
+ case S390X_HMAC_SHA_512:
+ result = &ctx->plat.s390x.param.hmac_384_512.h[0];
+ res_len = SHA512_DIGEST_LENGTH;
+ break;
+ default:
+ return 0;
+ }
+
+ memcpy(md, result, res_len);
+ if (len != NULL)
+ *len = res_len;
+
+ return 1;
+}
+
+int s390x_HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
+{
+ dctx->plat.s390x.fc = sctx->plat.s390x.fc;
+ dctx->plat.s390x.blk_size = sctx->plat.s390x.blk_size;
+ dctx->plat.s390x.ikp = sctx->plat.s390x.ikp;
+ dctx->plat.s390x.iimp = sctx->plat.s390x.iimp;
+
+ memcpy(&dctx->plat.s390x.param, &sctx->plat.s390x.param,
+ sizeof(dctx->plat.s390x.param));
+
+ dctx->plat.s390x.buf = NULL;
+ if (sctx->plat.s390x.buf != NULL) {
+ dctx->plat.s390x.buf = OPENSSL_memdup(sctx->plat.s390x.buf,
+ sctx->plat.s390x.size);
+ if (dctx->plat.s390x.buf == NULL)
+ return 0;
+ }
+
+ dctx->plat.s390x.size = sctx->plat.s390x.size;
+ dctx->plat.s390x.num = sctx->plat.s390x.num;
+
+ return 1;
+}
+
+int s390x_HMAC_CTX_cleanup(HMAC_CTX *ctx)
+{
+ OPENSSL_clear_free(ctx->plat.s390x.buf, ctx->plat.s390x.size);
+ ctx->plat.s390x.buf = NULL;
+ ctx->plat.s390x.size = 0;
+ ctx->plat.s390x.num = 0;
+
+ OPENSSL_cleanse(&ctx->plat.s390x.param, sizeof(ctx->plat.s390x.param));
+
+ ctx->plat.s390x.blk_size = 0;
+ ctx->plat.s390x.ikp = 0;
+ ctx->plat.s390x.iimp = 1;
+
+ ctx->plat.s390x.fc = 0;
+
+ return 1;
+}
+
+#endif
Index: openssl-3.2.3/crypto/s390x_arch.h
===================================================================
--- openssl-3.2.3.orig/crypto/s390x_arch.h
+++ openssl-3.2.3/crypto/s390x_arch.h
@@ -192,5 +192,8 @@ extern int OPENSSL_s390xcex;
# define S390X_KMA_HS 0x400
# define S390X_KDSA_D 0x80
# define S390X_KLMD_PS 0x100
+# define S390X_KMAC_IKP 0x8000
+# define S390X_KMAC_IIMP 0x4000
+# define S390X_KMAC_CCUP 0x2000
#endif

32
openssl-3-add-xof-state-handling-s3_absorb.patch Normal file
View File

@@ -0,0 +1,32 @@
commit 1337b50936ed190a98af1ee6601d857b42a3d296
Author: Holger Dengler <dengler@linux.ibm.com>
Date: Wed Sep 27 21:54:34 2023 +0200
Add xof state handing for generic sha3 absorb.
The digest life-cycle diagram specifies state transitions to `updated`
(aka XOF_STATE_ABSORB) only from `initialised` and `updated`. Add this
checking to the generic sha3 absorb implementation.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)
Index: openssl-3.2.3/providers/implementations/digests/sha3_prov.c
===================================================================
--- openssl-3.2.3.orig/providers/implementations/digests/sha3_prov.c
+++ openssl-3.2.3/providers/implementations/digests/sha3_prov.c
@@ -143,6 +143,10 @@ static size_t generic_sha3_absorb(void *
{
KECCAK1600_CTX *ctx = vctx;
+ if (!(ctx->xof_state == XOF_STATE_INIT ||
+ ctx->xof_state == XOF_STATE_ABSORB))
+ return 0;
+ ctx->xof_state = XOF_STATE_ABSORB;
return SHA3_absorb(ctx->A, inp, len, ctx->block_size);
}

1781
openssl-3-add_EVP_DigestSqueeze_api.patch Normal file
View File

File diff suppressed because it is too large Load Diff

90
openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch Normal file
View File

@@ -0,0 +1,90 @@
commit a75d62637aa165a7f37e39a3a36e2a8b089913bc
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Mon Aug 26 11:26:03 2024 +0200
s390x: Disable HMAC hardware acceleration when an engine is used for the digest
The TLSProxy uses the 'ossltest' engine to produce known output for digests
and HMAC calls. However, when running on a s390x system that supports
hardware acceleration of HMAC, the engine is not used for calculating HMACs,
but the s390x specific HMAC implementation is used, which does produce correct
output, but not the known output that the engine would produce. This causes
some tests (i.e. test_key_share, test_sslextension, test_sslrecords,
test_sslvertol, and test_tlsextms) to fail.
Disable the s390x HMAC hardware acceleration if an engine is used for the
digest of the HMAC calculation. This provides compatibility for engines that
provide digest implementations, and assume that these implementations are also
used when calculating an HMAC.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25287)
diff --git a/crypto/hmac/hmac_s390x.c b/crypto/hmac/hmac_s390x.c
index 5db7e9a221..02e1cd1dd6 100644
--- a/crypto/hmac/hmac_s390x.c
+++ b/crypto/hmac/hmac_s390x.c
@@ -7,10 +7,16 @@
* https://www.openssl.org/source/license.html
*/
+/* We need to use some engine deprecated APIs */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include "crypto/s390x_arch.h"
#include "hmac_local.h"
#include "openssl/obj_mac.h"
#include "openssl/evp.h"
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
+# include <openssl/engine.h>
+#endif
#ifdef OPENSSL_HMAC_S390X
@@ -63,6 +69,31 @@ static void s390x_call_kmac(HMAC_CTX *ctx, const unsigned char *in, size_t len)
ctx->plat.s390x.ikp = 1;
}
+static int s390x_check_engine_used(const EVP_MD *md, ENGINE *impl)
+{
+# if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
+ const EVP_MD *d;
+
+ if (impl != NULL) {
+ if (!ENGINE_init(impl))
+ return 0;
+ } else {
+ impl = ENGINE_get_digest_engine(EVP_MD_get_type(md));
+ }
+
+ if (impl == NULL)
+ return 0;
+
+ d = ENGINE_get_digest(impl, EVP_MD_get_type(md));
+ ENGINE_finish(impl);
+
+ if (d != NULL)
+ return 1;
+# endif
+
+ return 0;
+}
+
int s390x_HMAC_init(HMAC_CTX *ctx, const void *key, int key_len, ENGINE *impl)
{
unsigned char *key_param;
@@ -72,6 +103,11 @@ int s390x_HMAC_init(HMAC_CTX *ctx, const void *key, int key_len, ENGINE *impl)
if (ctx->plat.s390x.fc == 0)
return -1; /* Not supported by kmac instruction */
+ if (s390x_check_engine_used(ctx->md, impl)) {
+ ctx->plat.s390x.fc = 0;
+ return -1; /* An engine handles the digest, disable acceleration */
+ }
+
ctx->plat.s390x.blk_size = EVP_MD_get_block_size(ctx->md);
if (ctx->plat.s390x.blk_size < 0)
return 0;

49
openssl-3-fix-hmac-digest-detection-s390x.patch Normal file
View File

@@ -0,0 +1,49 @@
commit d5b3c0e24bc56614e92ffafdd705622beaef420a
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed Aug 28 14:56:33 2024 +0200
s390x: Fix HMAC digest detection
Use EVP_MD_is_a() instead of EVP_MD_get_type() to detect the digest
type. EVP_MD_get_type() does not always return the expected NID, e.g.
when running in the FIPS provider, EVP_MD_get_type() returns zero,
causing to skip the HMAC acceleration path.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25304)
diff --git a/crypto/hmac/hmac_s390x.c b/crypto/hmac/hmac_s390x.c
index 8b0da0d59d..5db7e9a221 100644
--- a/crypto/hmac/hmac_s390x.c
+++ b/crypto/hmac/hmac_s390x.c
@@ -18,22 +18,16 @@ static int s390x_fc_from_md(const EVP_MD *md)
{
int fc;
- switch (EVP_MD_get_type(md)) {
- case NID_sha224:
+ if (EVP_MD_is_a(md, "SHA2-224"))
fc = S390X_HMAC_SHA_224;
- break;
- case NID_sha256:
+ else if (EVP_MD_is_a(md, "SHA2-256"))
fc = S390X_HMAC_SHA_256;
- break;
- case NID_sha384:
+ else if (EVP_MD_is_a(md, "SHA2-384"))
fc = S390X_HMAC_SHA_384;
- break;
- case NID_sha512:
+ else if (EVP_MD_is_a(md, "SHA2-512"))
fc = S390X_HMAC_SHA_512;
- break;
- default:
+ else
return 0;
- }
if ((OPENSSL_s390xcap_P.kmac[1] & S390X_CAPBIT(fc)) == 0)
return 0;

28
openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch Normal file
View File

@@ -0,0 +1,28 @@
commit 19b87d2d2b022c20dd9043c3b6d021315011b45f
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Tue Aug 20 11:35:20 2024 +0200
s390x: Fix memory leak in s390x_HMAC_CTX_copy()
When s390x_HMAC_CTX_copy() is called, but the destination context already
has a buffer allocated, it is not freed before duplicating the buffer from
the source context.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25238)
diff --git a/crypto/hmac/hmac_s390x.c b/crypto/hmac/hmac_s390x.c
index 1124d9bc5d..8b0da0d59d 100644
--- a/crypto/hmac/hmac_s390x.c
+++ b/crypto/hmac/hmac_s390x.c
@@ -263,6 +263,7 @@ int s390x_HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
memcpy(&dctx->plat.s390x.param, &sctx->plat.s390x.param,
sizeof(dctx->plat.s390x.param));
+ OPENSSL_clear_free(dctx->plat.s390x.buf, dctx->plat.s390x.size);
dctx->plat.s390x.buf = NULL;
if (sctx->plat.s390x.buf != NULL) {
dctx->plat.s390x.buf = OPENSSL_memdup(sctx->plat.s390x.buf,

50
openssl-3-fix-s390x_sha3_absorb.patch Normal file
View File

@@ -0,0 +1,50 @@
From 979dc530010e3c0f045edf6e38c7ab894ffba7f2 Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Thu, 5 Sep 2024 08:45:29 +0200
Subject: [PATCH] s390x: Fix s390x_sha3_absorb() when no data is processed by
KIMD
If the data to absorb is less than a block, then the KIMD instruction is
called with zero bytes. This is superfluous, and causes incorrect hash
output later on if this is the very first absorb call, i.e. when the
xof_state is still XOF_STATE_INIT and MSA 12 is available. In this case
the NIP flag is set in the function code for KIMD, but KIMD ignores the
NIP flag when it is called with zero bytes to process.
Skip any KIMD calls for zero length data. Also do not set the xof_state
to XOF_STATE_ABSORB until the first call to KIMD with data. That way,
the next KIMD (with non-zero length data) or KLMD call will get the NIP
flag set and will then honor it to produce correct output.
Fixes: https://github.com/openssl/openssl/commit/25f5d7b85f6657cd2f9f1ab7ae87f319d9bafe54
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25388)
---
providers/implementations/digests/sha3_prov.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
Index: openssl-3.2.3/providers/implementations/digests/sha3_prov.c
===================================================================
--- openssl-3.2.3.orig/providers/implementations/digests/sha3_prov.c
+++ openssl-3.2.3/providers/implementations/digests/sha3_prov.c
@@ -192,10 +192,12 @@ static size_t s390x_sha3_absorb(void *vc
if (!(ctx->xof_state == XOF_STATE_INIT ||
ctx->xof_state == XOF_STATE_ABSORB))
return 0;
- fc = ctx->pad;
- fc |= ctx->xof_state == XOF_STATE_INIT ? S390X_KIMD_NIP : 0;
- ctx->xof_state = XOF_STATE_ABSORB;
- s390x_kimd(inp, len - rem, fc, ctx->A);
+ if (len - rem > 0) {
+ fc = ctx->pad;
+ fc |= ctx->xof_state == XOF_STATE_INIT ? S390X_KIMD_NIP : 0;
+ ctx->xof_state = XOF_STATE_ABSORB;
+ s390x_kimd(inp, len - rem, fc, ctx->A);
+ }
return rem;
}

98
openssl-3-fix-s390x_shake_squeeze.patch Normal file
View File

@@ -0,0 +1,98 @@
From dc5afb7e87ee448f4fecad0dc624c643505ba7f1 Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed, 4 Sep 2024 13:42:09 +0200
Subject: [PATCH] s390x: Fix s390x_shake_squeeze() when MSA 12 is available
On the first squeeze call, when finishing the absorb process, also set
the NIP flag, if we are still in XOF_STATE_INIT state. When MSA 12 is
available, the state buffer A has not been zeroed during initialization,
thus we must also pass the NIP flag here. This situation can happen
when a squeeze is performed without a preceding absorb (i.e. a SHAKE
of the empty message).
Add a test that performs a squeeze without a preceding absorb and check
if the result is correct.
Fixes: https://github.com/openssl/openssl/commit/25f5d7b85f6657cd2f9f1ab7ae87f319d9bafe54
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25388)
---
providers/implementations/digests/sha3_prov.c | 5 +++-
test/evp_xof_test.c | 29 +++++++++++++++++++
2 files changed, 33 insertions(+), 1 deletion(-)
Index: openssl-3.2.3/providers/implementations/digests/sha3_prov.c
===================================================================
--- openssl-3.2.3.orig/providers/implementations/digests/sha3_prov.c
+++ openssl-3.2.3/providers/implementations/digests/sha3_prov.c
@@ -239,6 +239,7 @@ static int s390x_shake_final(void *vctx,
static int s390x_shake_squeeze(void *vctx, unsigned char *out, size_t outlen)
{
KECCAK1600_CTX *ctx = vctx;
+ unsigned int fc;
size_t len;
if (!ossl_prov_is_running())
@@ -249,8 +250,10 @@ static int s390x_shake_squeeze(void *vct
* On the first squeeze call, finish the absorb process (incl. padding).
*/
if (ctx->xof_state != XOF_STATE_SQUEEZE) {
+ fc = ctx->pad;
+ fc |= ctx->xof_state == XOF_STATE_INIT ? S390X_KLMD_NIP : 0;
ctx->xof_state = XOF_STATE_SQUEEZE;
- s390x_klmd(ctx->buf, ctx->bufsz, out, outlen, ctx->pad, ctx->A);
+ s390x_klmd(ctx->buf, ctx->bufsz, out, outlen, fc, ctx->A);
ctx->bufsz = outlen % ctx->block_size;
/* reuse ctx->bufsz to count bytes squeezed from current sponge */
return 1;
Index: openssl-3.2.3/test/evp_xof_test.c
===================================================================
--- openssl-3.2.3.orig/test/evp_xof_test.c
+++ openssl-3.2.3/test/evp_xof_test.c
@@ -479,6 +479,34 @@ err:
return ret;
}
+/* Test that a squeeze without a preceding absorb works */
+static int shake_squeeze_no_absorb_test(void)
+{
+ int ret = 0;
+ EVP_MD_CTX *ctx = NULL;
+ unsigned char out[1000];
+ unsigned char out2[1000];
+ const char *alg = "SHAKE128";
+
+ if (!TEST_ptr(ctx = shake_setup(alg))
+ || !TEST_true(EVP_DigestFinalXOF(ctx, out, sizeof(out))))
+ goto err;
+
+ if (!TEST_true(EVP_DigestInit_ex2(ctx, NULL, NULL))
+ || !TEST_true(EVP_DigestSqueeze(ctx, out2, sizeof(out2) / 2))
+ || !TEST_true(EVP_DigestSqueeze(ctx, out2 + sizeof(out2) / 2,
+ sizeof(out2) / 2)))
+ goto err;
+
+ if (!TEST_mem_eq(out2, sizeof(out2), out, sizeof(out)))
+ goto err;
+ ret = 1;
+
+err:
+ EVP_MD_CTX_free(ctx);
+ return ret;
+}
+
int setup_tests(void)
{
ADD_TEST(shake_kat_test);
@@ -488,5 +516,7 @@ int setup_tests(void)
ADD_ALL_TESTS(shake_squeeze_kat_test, OSSL_NELEM(stride_tests));
ADD_ALL_TESTS(shake_squeeze_large_test, OSSL_NELEM(stride_tests));
ADD_ALL_TESTS(shake_squeeze_dup_test, OSSL_NELEM(dupoffset_tests));
+ ADD_TEST(shake_squeeze_no_absorb_test);
+
return 1;
}

32
openssl-3-fix-state-handling-keccak_final_s390x.patch Normal file
View File

@@ -0,0 +1,32 @@
commit 1022131d16e30cfbf896e02419019de48e8e1149
Author: Holger Dengler <dengler@linux.ibm.com>
Date: Wed Sep 27 15:43:18 2023 +0200
Fix state handling of keccak_final for s390x.
The digest life-cycle state diagram has been updated for XOF. Fix the
state handling in s390x_keccac_final() according to the updated state
diagram.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)
diff --git a/providers/implementations/digests/sha3_prov.c b/providers/implementations/digests/sha3_prov.c
index 34620cf95a..f691273baf 100644
--- a/providers/implementations/digests/sha3_prov.c
+++ b/providers/implementations/digests/sha3_prov.c
@@ -235,6 +235,10 @@ static int s390x_keccakc_final(void *vctx, unsigned char *out, size_t outlen,
if (!ossl_prov_is_running())
return 0;
+ if (!(ctx->xof_state == XOF_STATE_INIT ||
+ ctx->xof_state == XOF_STATE_ABSORB))
+ return 0;
+ ctx->xof_state = XOF_STATE_FINAL;
if (outlen == 0)
return 1;
memset(ctx->buf + num, 0, bsz - num);

32
openssl-3-fix-state-handling-sha3_absorb_s390x.patch Normal file
View File

@@ -0,0 +1,32 @@
commit 7aa45b8bb3269e881d0378aa785ff344efdd2897
Author: Holger Dengler <dengler@linux.ibm.com>
Date: Wed Sep 27 15:36:23 2023 +0200
Fix state handling of sha3_absorb for s390x.
The digest life-cycle state diagram has been updated for XOF. Fix the
state handling in s390x_sha3_aborb() according to the updated state
diagram.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)
Index: openssl-3.2.3/providers/implementations/digests/sha3_prov.c
===================================================================
--- openssl-3.2.3.orig/providers/implementations/digests/sha3_prov.c
+++ openssl-3.2.3/providers/implementations/digests/sha3_prov.c
@@ -188,6 +188,10 @@ static size_t s390x_sha3_absorb(void *vc
KECCAK1600_CTX *ctx = vctx;
size_t rem = len % ctx->block_size;
+ if (!(ctx->xof_state == XOF_STATE_INIT ||
+ ctx->xof_state == XOF_STATE_ABSORB))
+ return 0;
+ ctx->xof_state = XOF_STATE_ABSORB;
s390x_kimd(inp, len - rem, ctx->pad, ctx->A);
return rem;
}

32
openssl-3-fix-state-handling-sha3_final_s390x.patch Normal file
View File

@@ -0,0 +1,32 @@
commit 017acc58f6b67d5b347db411a7a1c4e890434f42
Author: Holger Dengler <dengler@linux.ibm.com>
Date: Wed Sep 27 15:36:59 2023 +0200
Fix state handling of sha3_final for s390x.
The digest life-cycle state diagram has been updated for XOF. Fix the
state handling in s390x_sha3_final() according to the updated state
diagram.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)
Index: openssl-3.2.3/providers/implementations/digests/sha3_prov.c
===================================================================
--- openssl-3.2.3.orig/providers/implementations/digests/sha3_prov.c
+++ openssl-3.2.3/providers/implementations/digests/sha3_prov.c
@@ -202,6 +202,10 @@ static int s390x_sha3_final(void *vctx,
if (!ossl_prov_is_running())
return 0;
+ if (!(ctx->xof_state == XOF_STATE_INIT ||
+ ctx->xof_state == XOF_STATE_ABSORB))
+ return 0;
+ ctx->xof_state = XOF_STATE_FINAL;
s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A);
memcpy(out, ctx->A, outlen);
return 1;

32
openssl-3-fix-state-handling-shake_final_s390x.patch Normal file
View File

@@ -0,0 +1,32 @@
commit 288fbb4b71343516cee6f6a44b9ec55d82fb1532
Author: Holger Dengler <dengler@linux.ibm.com>
Date: Wed Sep 27 15:37:29 2023 +0200
Fix state handling of shake_final for s390x.
The digest life-cycle state diagram has been updated for XOF. Fix the
state handling in s390x_shake_final() according to the updated state
diagram.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)
Index: openssl-3.2.3/providers/implementations/digests/sha3_prov.c
===================================================================
--- openssl-3.2.3.orig/providers/implementations/digests/sha3_prov.c
+++ openssl-3.2.3/providers/implementations/digests/sha3_prov.c
@@ -217,6 +217,10 @@ static int s390x_shake_final(void *vctx,
if (!ossl_prov_is_running())
return 0;
+ if (!(ctx->xof_state == XOF_STATE_INIT ||
+ ctx->xof_state == XOF_STATE_ABSORB))
+ return 0;
+ ctx->xof_state = XOF_STATE_FINAL;
s390x_klmd(ctx->buf, ctx->bufsz, out, outlen, ctx->pad, ctx->A);
return 1;
}

327
openssl-3-hw-acceleration-aes-xts-s390x.patch Normal file
View File

@@ -0,0 +1,327 @@
commit 9cd4051e47c8da8398f93f42f0f56750552965f4
Author: Holger Dengler <dengler@linux.ibm.com>
Date: Tue Aug 6 14:00:49 2024 +0200
s390x: Add hardware acceleration for full AES-XTS
The CPACF instruction KM provides support for accelerating the full
AES-XTS algorithm on newer machines for AES_XTS_128 and AES_XTS_256.
Preliminary measurements showed performance improvements of up to 50%,
dependent on the message size.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25414)
diff --git a/providers/implementations/ciphers/build.info b/providers/implementations/ciphers/build.info
index 5eb705969f..1837070c21 100644
--- a/providers/implementations/ciphers/build.info
+++ b/providers/implementations/ciphers/build.info
@@ -71,6 +71,19 @@ IF[{- !$disabled{asm} -}]
ENDIF
ENDIF
+IF[{- !$disabled{asm} -}]
+ IF[{- ($target{perlasm_scheme} // '') ne '31' -}]
+ $AESXTSDEF_s390x=AES_XTS_S390X
+ ENDIF
+
+ # Now that we have defined all the arch specific variables, use the
+ # appropriate one, and define the appropriate macros
+
+ IF[$AESXTSDEF_{- $target{asm_arch} -}]
+ $AESXTSDEF=$AESXTSDEF_{- $target{asm_arch} -}
+ ENDIF
+ENDIF
+
# This source is common building blocks for all ciphers in all our providers.
SOURCE[$COMMON_GOAL]=\
ciphercommon.c ciphercommon_hw.c ciphercommon_block.c \
@@ -93,6 +106,7 @@ SOURCE[$AES_GOAL]=\
cipher_aes_cbc_hmac_sha.c \
cipher_aes_cbc_hmac_sha256_hw.c cipher_aes_cbc_hmac_sha1_hw.c \
cipher_cts.c
+DEFINE[$AES_GOAL]=$AESXTSDEF
# Extra code to satisfy the FIPS and non-FIPS separation.
# When the AES-xxx-XTS moves to legacy, cipher_aes_xts_fips.c can be removed.
diff --git a/providers/implementations/ciphers/cipher_aes_xts.c b/providers/implementations/ciphers/cipher_aes_xts.c
index cce2537ea7..2287834d62 100644
--- a/providers/implementations/ciphers/cipher_aes_xts.c
+++ b/providers/implementations/ciphers/cipher_aes_xts.c
@@ -62,6 +62,10 @@ static int aes_xts_check_keys_differ(const unsigned char *key, size_t bytes,
return 1;
}
+#ifdef AES_XTS_S390X
+# include "cipher_aes_xts_s390x.inc"
+#endif
+
/*-
* Provider dispatch functions
*/
@@ -98,6 +102,10 @@ static int aes_xts_einit(void *vctx, const unsigned char *key, size_t keylen,
const unsigned char *iv, size_t ivlen,
const OSSL_PARAM params[])
{
+#ifdef AES_XTS_S390X
+ if (s390x_aes_xts_einit(vctx, key, keylen, iv, ivlen, params) == 1)
+ return 1;
+#endif
return aes_xts_init(vctx, key, keylen, iv, ivlen, params, 1);
}
@@ -105,6 +113,10 @@ static int aes_xts_dinit(void *vctx, const unsigned char *key, size_t keylen,
const unsigned char *iv, size_t ivlen,
const OSSL_PARAM params[])
{
+#ifdef AES_XTS_S390X
+ if (s390x_aes_xts_dinit(vctx, key, keylen, iv, ivlen, params) == 1)
+ return 1;
+#endif
return aes_xts_init(vctx, key, keylen, iv, ivlen, params, 0);
}
@@ -137,6 +149,11 @@ static void *aes_xts_dupctx(void *vctx)
if (!ossl_prov_is_running())
return NULL;
+#ifdef AES_XTS_S390X
+ if (in->plat.s390x.fc)
+ return s390x_aes_xts_dupctx(vctx);
+#endif
+
if (in->xts.key1 != NULL) {
if (in->xts.key1 != &in->ks1)
return NULL;
@@ -157,6 +174,11 @@ static int aes_xts_cipher(void *vctx, unsigned char *out, size_t *outl,
{
PROV_AES_XTS_CTX *ctx = (PROV_AES_XTS_CTX *)vctx;
+#ifdef AES_XTS_S390X
+ if (ctx->plat.s390x.fc)
+ return s390x_aes_xts_cipher(vctx, out, outl, outsize, in, inl);
+#endif
+
if (!ossl_prov_is_running()
|| ctx->xts.key1 == NULL
|| ctx->xts.key2 == NULL
diff --git a/providers/implementations/ciphers/cipher_aes_xts.h b/providers/implementations/ciphers/cipher_aes_xts.h
index afc42ef444..56891ca98c 100644
--- a/providers/implementations/ciphers/cipher_aes_xts.h
+++ b/providers/implementations/ciphers/cipher_aes_xts.h
@@ -22,6 +22,14 @@ PROV_CIPHER_FUNC(void, xts_stream,
const AES_KEY *key1, const AES_KEY *key2,
const unsigned char iv[16]));
+#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
+typedef struct S390X_km_xts_params_st {
+ unsigned char key[64];
+ unsigned char tweak[16];
+ unsigned char nap[16];
+} S390X_KM_XTS_PARAMS;
+#endif
+
typedef struct prov_aes_xts_ctx_st {
PROV_CIPHER_CTX base; /* Must be first */
union {
@@ -30,6 +38,23 @@ typedef struct prov_aes_xts_ctx_st {
} ks1, ks2; /* AES key schedules to use */
XTS128_CONTEXT xts;
OSSL_xts_stream_fn stream;
+
+ /* Platform specific data */
+ union {
+ int dummy;
+#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
+ struct {
+ union {
+ OSSL_UNION_ALIGN;
+ S390X_KM_XTS_PARAMS km;
+ } param;
+ size_t offset;
+ unsigned int fc;
+ unsigned int iv_set : 1;
+ unsigned int key_set : 1;
+ } s390x;
+#endif
+ } plat;
} PROV_AES_XTS_CTX;
const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_xts(size_t keybits);
diff --git a/providers/implementations/ciphers/cipher_aes_xts_s390x.inc b/providers/implementations/ciphers/cipher_aes_xts_s390x.inc
new file mode 100644
index 0000000000..77341b3bbd
--- /dev/null
+++ b/providers/implementations/ciphers/cipher_aes_xts_s390x.inc
@@ -0,0 +1,167 @@
+/*
+ * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "crypto/s390x_arch.h"
+
+static OSSL_FUNC_cipher_encrypt_init_fn s390x_aes_xts_einit;
+static OSSL_FUNC_cipher_decrypt_init_fn s390x_aes_xts_dinit;
+static OSSL_FUNC_cipher_cipher_fn s390x_aes_xts_cipher;
+static OSSL_FUNC_cipher_dupctx_fn s390x_aes_xts_dupctx;
+
+static int s390x_aes_xts_init(void *vctx, const unsigned char *key,
+ size_t keylen, const unsigned char *iv,
+ size_t ivlen, const OSSL_PARAM params[],
+ unsigned int dec)
+{
+ PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)vctx;
+ S390X_KM_XTS_PARAMS *km = &xctx->plat.s390x.param.km;
+ unsigned int fc, offs;
+
+ switch (xctx->base.keylen) {
+ case 128 / 8 * 2:
+ fc = S390X_XTS_AES_128_MSA10;
+ offs = 32;
+ break;
+ case 256 / 8 * 2:
+ fc = S390X_XTS_AES_256_MSA10;
+ offs = 0;
+ break;
+ default:
+ goto not_supported;
+ }
+
+ if (!(OPENSSL_s390xcap_P.km[1] && S390X_CAPBIT(fc)))
+ goto not_supported;
+
+ if (iv != NULL) {
+ if (ivlen != xctx->base.ivlen
+ || ivlen > sizeof(km->tweak)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
+ return 0;
+ }
+ memcpy(km->tweak, iv, ivlen);
+ xctx->plat.s390x.iv_set = 1;
+ }
+
+ if (key != NULL) {
+ if (keylen != xctx->base.keylen) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
+ if (!aes_xts_check_keys_differ(key, keylen / 2, !dec))
+ return 0;
+
+ memcpy(km->key + offs, key, keylen);
+ xctx->plat.s390x.key_set = 1;
+ }
+
+ xctx->plat.s390x.fc = fc | dec;
+ xctx->plat.s390x.offset = offs;
+
+ memset(km->nap, 0, sizeof(km->nap));
+ km->nap[0] = 0x1;
+
+ return aes_xts_set_ctx_params(xctx, params);
+
+not_supported:
+ xctx->plat.s390x.fc = 0;
+ xctx->plat.s390x.offset = 0;
+ return 0;
+}
+
+static int s390x_aes_xts_einit(void *vctx, const unsigned char *key,
+ size_t keylen, const unsigned char *iv,
+ size_t ivlen, const OSSL_PARAM params[])
+{
+ return s390x_aes_xts_init(vctx, key, keylen, iv, ivlen, params, 0);
+}
+
+static int s390x_aes_xts_dinit(void *vctx, const unsigned char *key,
+ size_t keylen, const unsigned char *iv,
+ size_t ivlen, const OSSL_PARAM params[])
+{
+ return s390x_aes_xts_init(vctx, key, keylen, iv, ivlen, params,
+ S390X_DECRYPT);
+}
+
+static void *s390x_aes_xts_dupctx(void *vctx)
+{
+ PROV_AES_XTS_CTX *in = (PROV_AES_XTS_CTX *)vctx;
+ PROV_AES_XTS_CTX *ret = OPENSSL_zalloc(sizeof(*in));
+
+ if (ret != NULL)
+ *ret = *in;
+
+ return ret;
+}
+
+static int s390x_aes_xts_cipher(void *vctx, unsigned char *out, size_t *outl,
+ size_t outsize, const unsigned char *in,
+ size_t inl)
+{
+ PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)vctx;
+ S390X_KM_XTS_PARAMS *km = &xctx->plat.s390x.param.km;
+ unsigned char *param = (unsigned char *)km + xctx->plat.s390x.offset;
+ unsigned int fc = xctx->plat.s390x.fc;
+ unsigned char tmp[2][AES_BLOCK_SIZE];
+ unsigned char nap_n1[AES_BLOCK_SIZE];
+ unsigned char drop[AES_BLOCK_SIZE];
+ size_t len_incomplete, len_complete;
+
+ if (!ossl_prov_is_running()
+ || inl < AES_BLOCK_SIZE
+ || in == NULL
+ || out == NULL
+ || !xctx->plat.s390x.iv_set
+ || !xctx->plat.s390x.key_set)
+ return 0;
+
+ /*
+ * Impose a limit of 2^20 blocks per data unit as specified by
+ * IEEE Std 1619-2018. The earlier and obsolete IEEE Std 1619-2007
+ * indicated that this was a SHOULD NOT rather than a MUST NOT.
+ * NIST SP 800-38E mandates the same limit.
+ */
+ if (inl > XTS_MAX_BLOCKS_PER_DATA_UNIT * AES_BLOCK_SIZE) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_XTS_DATA_UNIT_IS_TOO_LARGE);
+ return 0;
+ }
+
+ len_incomplete = inl % AES_BLOCK_SIZE;
+ len_complete = (len_incomplete == 0) ? inl :
+ (inl / AES_BLOCK_SIZE - 1) * AES_BLOCK_SIZE;
+
+ if (len_complete > 0)
+ s390x_km(in, len_complete, out, fc, param);
+ if (len_incomplete == 0)
+ goto out;
+
+ memcpy(tmp, in + len_complete, AES_BLOCK_SIZE + len_incomplete);
+ /* swap NAP for decrypt */
+ if (fc & S390X_DECRYPT) {
+ memcpy(nap_n1, km->nap, AES_BLOCK_SIZE);
+ s390x_km(tmp[0], AES_BLOCK_SIZE, drop, fc, param);
+ }
+ s390x_km(tmp[0], AES_BLOCK_SIZE, tmp[0], fc, param);
+ if (fc & S390X_DECRYPT)
+ memcpy(km->nap, nap_n1, AES_BLOCK_SIZE);
+
+ memcpy(tmp[1] + len_incomplete, tmp[0] + len_incomplete,
+ AES_BLOCK_SIZE - len_incomplete);
+ s390x_km(tmp[1], AES_BLOCK_SIZE, out + len_complete, fc, param);
+ memcpy(out + len_complete + AES_BLOCK_SIZE, tmp[0], len_incomplete);
+
+ /* do not expose temporary data */
+ OPENSSL_cleanse(tmp, sizeof(tmp));
+out:
+ memcpy(xctx->base.iv, km->tweak, AES_BLOCK_SIZE);
+ *outl = inl;
+
+ return 1;
+}

124
openssl-3-jitterentropy-3.4.0.patch
View File

@@ -1,27 +1,19 @@
Index: openssl-3.1.4/Configurations/00-base-templates.conf
Index: openssl-3.2.3/Configurations/00-base-templates.conf
===================================================================
--- openssl-3.1.4.orig/Configurations/00-base-templates.conf
+++ openssl-3.1.4/Configurations/00-base-templates.conf
@@ -71,9 +71,12 @@ my %targets=(
lflags =>
sub { $withargs{zlib_lib} ? "-L".$withargs{zlib_lib} : () },
ex_libs =>
- sub { !defined($disabled{zlib})
- && defined($disabled{"zlib-dynamic"})
- ? "-lz" : () },
+ sub {
+ my @libs = ();
+ push(@libs, "-lz") if !defined($disabled{zlib}) && defined($disabled{"zlib-dynamic"});
+ push(@libs, "-ljitterentropy") if !defined($disabled{jitterentropy});
+ return join(" ", @libs);
+ },
HASHBANGPERL => "/usr/bin/env perl", # Only Unix actually cares
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
? "ranlib" : "" },
Index: openssl-3.1.4/crypto/rand/rand_jitter_entropy.c
--- openssl-3.2.3.orig/Configurations/00-base-templates.conf
+++ openssl-3.2.3/Configurations/00-base-templates.conf
@@ -88,6 +88,7 @@ my %targets=(
sub {
my @libs = ();
push(@libs, "-lz") if !defined($disabled{zlib}) && defined($disabled{"zlib-dynamic"});
+ push(@libs, "-ljitterentropy") if !defined($disabled{jitterentropy});
if (!defined($disabled{brotli}) && defined($disabled{"brotli-dynamic"})) {
push(@libs, "-lbrotlienc");
push(@libs, "-lbrotlidec");
Index: openssl-3.2.3/crypto/rand/rand_jitter_entropy.c
===================================================================
--- /dev/null
+++ openssl-3.1.4/crypto/rand/rand_jitter_entropy.c
+++ openssl-3.2.3/crypto/rand/rand_jitter_entropy.c
@@ -0,0 +1,97 @@
+# include "jitterentropy.h"
+# include "prov/jitter_entropy.h"
@@ -120,10 +112,10 @@ Index: openssl-3.1.4/crypto/rand/rand_jitter_entropy.c
+ CRYPTO_THREAD_lock_free(jent_lock);
+ jent_lock = NULL;
+}
Index: openssl-3.1.4/providers/implementations/rands/seeding/rand_unix.c
Index: openssl-3.2.3/providers/implementations/rands/seeding/rand_unix.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/rands/seeding/rand_unix.c
+++ openssl-3.1.4/providers/implementations/rands/seeding/rand_unix.c
--- openssl-3.2.3.orig/providers/implementations/rands/seeding/rand_unix.c
+++ openssl-3.2.3/providers/implementations/rands/seeding/rand_unix.c
@@ -20,6 +20,7 @@
#include "internal/dso.h"
#include "internal/nelem.h"
@@ -132,7 +124,7 @@ Index: openssl-3.1.4/providers/implementations/rands/seeding/rand_unix.c
#ifdef __linux
# include <sys/syscall.h>
@@ -631,6 +632,31 @@ size_t ossl_pool_acquire_entropy(RAND_PO
@@ -633,6 +634,31 @@ size_t ossl_pool_acquire_entropy(RAND_PO
(void)entropy_available; /* avoid compiler warning */
@@ -164,10 +156,10 @@ Index: openssl-3.1.4/providers/implementations/rands/seeding/rand_unix.c
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
{
size_t bytes_needed;
Index: openssl-3.1.4/providers/implementations/include/prov/jitter_entropy.h
Index: openssl-3.2.3/providers/implementations/include/prov/jitter_entropy.h
===================================================================
--- /dev/null
+++ openssl-3.1.4/providers/implementations/include/prov/jitter_entropy.h
+++ openssl-3.2.3/providers/implementations/include/prov/jitter_entropy.h
@@ -0,0 +1,17 @@
+#ifndef OSSL_PROVIDERS_JITTER_ENTROPY_H
+# define OSSL_PROVIDERS_JITTER_ENTROPY_H
@@ -186,10 +178,10 @@ Index: openssl-3.1.4/providers/implementations/include/prov/jitter_entropy.h
+void FIPS_entropy_cleanup(void);
+
+#endif
Index: openssl-3.1.4/providers/fips/self_test.c
Index: openssl-3.2.3/providers/fips/self_test.c
===================================================================
--- openssl-3.1.4.orig/providers/fips/self_test.c
+++ openssl-3.1.4/providers/fips/self_test.c
--- openssl-3.2.3.orig/providers/fips/self_test.c
+++ openssl-3.2.3/providers/fips/self_test.c
@@ -20,6 +20,7 @@
#include "internal/tsan_assist.h"
#include "prov/providercommon.h"
@@ -198,7 +190,7 @@ Index: openssl-3.1.4/providers/fips/self_test.c
/*
* We're cheating here. Normally we don't allow RUN_ONCE usage inside the FIPS
@@ -392,6 +393,11 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
@@ -498,6 +499,11 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
return 0;
}
@@ -210,10 +202,10 @@ Index: openssl-3.1.4/providers/fips/self_test.c
if (st == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
goto end;
Index: openssl-3.1.4/include/openssl/proverr.h
Index: openssl-3.2.3/include/openssl/proverr.h
===================================================================
--- openssl-3.1.4.orig/include/openssl/proverr.h
+++ openssl-3.1.4/include/openssl/proverr.h
--- openssl-3.2.3.orig/include/openssl/proverr.h
+++ openssl-3.2.3/include/openssl/proverr.h
@@ -44,6 +44,7 @@
# define PROV_R_FAILED_TO_GET_PARAMETER 103
# define PROV_R_FAILED_TO_SET_PARAMETER 104
@@ -222,10 +214,10 @@ Index: openssl-3.1.4/include/openssl/proverr.h
# define PROV_R_FIPS_MODULE_CONDITIONAL_ERROR 227
# define PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE 224
# define PROV_R_FIPS_MODULE_IN_ERROR_STATE 225
Index: openssl-3.1.4/providers/common/provider_err.c
Index: openssl-3.2.3/providers/common/provider_err.c
===================================================================
--- openssl-3.1.4.orig/providers/common/provider_err.c
+++ openssl-3.1.4/providers/common/provider_err.c
--- openssl-3.2.3.orig/providers/common/provider_err.c
+++ openssl-3.2.3/providers/common/provider_err.c
@@ -54,6 +54,8 @@ static const ERR_STRING_DATA PROV_str_re
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SET_PARAMETER),
"failed to set parameter"},
@@ -235,22 +227,22 @@ Index: openssl-3.1.4/providers/common/provider_err.c
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_CONDITIONAL_ERROR),
"fips module conditional error"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE),
Index: openssl-3.1.4/crypto/rand/build.info
Index: openssl-3.2.3/crypto/rand/build.info
===================================================================
--- openssl-3.1.4.orig/crypto/rand/build.info
+++ openssl-3.1.4/crypto/rand/build.info
--- openssl-3.2.3.orig/crypto/rand/build.info
+++ openssl-3.2.3/crypto/rand/build.info
@@ -1,6 +1,6 @@
LIBS=../../libcrypto
-$COMMON=rand_lib.c
+$COMMON=rand_lib.c rand_jitter_entropy.c
$CRYPTO=randfile.c rand_err.c rand_deprecated.c prov_seed.c rand_pool.c
$CRYPTO=randfile.c rand_err.c rand_deprecated.c prov_seed.c rand_pool.c \
rand_uniform.c
IF[{- !$disabled{'egd'} -}]
Index: openssl-3.1.4/providers/fips/fipsprov.c
Index: openssl-3.2.3/providers/fips/fipsprov.c
===================================================================
--- openssl-3.1.4.orig/providers/fips/fipsprov.c
+++ openssl-3.1.4/providers/fips/fipsprov.c
--- openssl-3.2.3.orig/providers/fips/fipsprov.c
+++ openssl-3.2.3/providers/fips/fipsprov.c
@@ -27,6 +27,7 @@
#include "crypto/context.h"
#include "internal/core.h"
@@ -259,7 +251,7 @@ Index: openssl-3.1.4/providers/fips/fipsprov.c
static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes";
static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no";
@@ -603,6 +604,7 @@ const OSSL_SUSE_FIPSINDICATOR_ALGORITHM
@@ -609,6 +610,7 @@ const OSSL_SUSE_FIPSINDICATOR_ALGORITHM
static void fips_teardown(void *provctx)
{
@@ -267,29 +259,29 @@ Index: openssl-3.1.4/providers/fips/fipsprov.c
OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx));
ossl_prov_ctx_free(provctx);
}
Index: openssl-3.1.4/util/libcrypto.num
Index: openssl-3.2.3/util/libcrypto.num
===================================================================
--- openssl-3.1.4.orig/util/libcrypto.num
+++ openssl-3.1.4/util/libcrypto.num
@@ -5441,3 +5441,5 @@ X509_get_default_cert_path_env
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
--- openssl-3.2.3.orig/util/libcrypto.num
+++ openssl-3.2.3/util/libcrypto.num
@@ -5539,3 +5539,5 @@ BIO_ADDR_copy
ossl_safe_getenv ? 3_2_0 EXIST::FUNCTION:
ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
+FIPS_entropy_init ? 3_1_4 EXIST::FUNCTION:
+FIPS_entropy_cleanup ? 3_1_4 EXIST::FUNCTION:
Index: openssl-3.1.4/Configure
Index: openssl-3.2.3/Configure
===================================================================
--- openssl-3.1.4.orig/Configure
+++ openssl-3.1.4/Configure
@@ -454,6 +454,7 @@ my @disablables = (
"fuzz-libfuzzer",
--- openssl-3.2.3.orig/Configure
+++ openssl-3.2.3/Configure
@@ -469,6 +469,7 @@ my @disablables = (
"gost",
"http",
"idea",
+ "jitterentropy",
"ktls",
"legacy",
"loadereng",
@@ -550,6 +551,7 @@ our %disabled = ( # "what" => "c
@@ -573,6 +574,7 @@ our %disabled = ( # "what" => "c
"external-tests" => "default",
"fuzz-afl" => "default",
"fuzz-libfuzzer" => "default",
@@ -297,7 +289,7 @@ Index: openssl-3.1.4/Configure
"ktls" => "default",
"md2" => "default",
"msan" => "default",
@@ -763,7 +765,7 @@ my %cmdvars = (); # Stores
@@ -801,7 +803,7 @@ my %cmdvars = (); # Stores
my %unsupported_options = ();
my %deprecated_options = ();
# If you change this, update apps/version.c
@@ -306,7 +298,7 @@ Index: openssl-3.1.4/Configure
my @seed_sources = ();
while (@argvcopy)
{
@@ -1231,6 +1233,9 @@ if (scalar(@seed_sources) == 0) {
@@ -1291,6 +1293,9 @@ if (scalar(@seed_sources) == 0) {
if (scalar(grep { $_ eq 'egd' } @seed_sources) > 0) {
delete $disabled{'egd'};
}
@@ -316,10 +308,10 @@ Index: openssl-3.1.4/Configure
if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
warn <<_____ if scalar(@seed_sources) == 1;
Index: openssl-3.1.4/crypto/info.c
Index: openssl-3.2.3/crypto/info.c
===================================================================
--- openssl-3.1.4.orig/crypto/info.c
+++ openssl-3.1.4/crypto/info.c
--- openssl-3.2.3.orig/crypto/info.c
+++ openssl-3.2.3/crypto/info.c
@@ -15,6 +15,9 @@
#include "internal/e_os.h"
#include "buildinf.h"
@@ -353,11 +345,11 @@ Index: openssl-3.1.4/crypto/info.c
seed_sources = seeds;
}
return 1;
Index: openssl-3.1.4/INSTALL.md
Index: openssl-3.2.3/INSTALL.md
===================================================================
--- openssl-3.1.4.orig/INSTALL.md
+++ openssl-3.1.4/INSTALL.md
@@ -463,6 +463,12 @@ if provided by the CPU.
--- openssl-3.2.3.orig/INSTALL.md
+++ openssl-3.2.3/INSTALL.md
@@ -511,6 +511,12 @@ if provided by the CPU.
Use librandom (not implemented yet).
This source is ignored by the FIPS provider.

196
openssl-3-support-CPACF-sha3-shake-perf-improvement.patch Normal file
View File

@@ -0,0 +1,196 @@
From 25f5d7b85f6657cd2f9f1ab7ae87f319d9bafe54 Mon Sep 17 00:00:00 2001
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
Date: Thu, 29 Feb 2024 12:50:05 +0100
Subject: [PATCH] s390x: support CPACF sha3/shake performance improvements
On newer machines the SHA3/SHAKE performance of CPACF instructions KIMD and KLMD
can be enhanced by using additional modifier bits. This allows the application
to omit initializing the ICV, but also affects the internal processing of the
instructions. Performance is mostly gained when processing short messages.
The new CPACF feature is backwards compatible with older machines, i.e. the new
modifier bits are ignored on older machines. However, to save the ICV
initialization, the application must detect the MSA level and omit the ICV
initialization only if this feature is supported.
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25235)
---
crypto/s390x_arch.h | 3 ++
crypto/s390xcpuid.pl | 4 +--
crypto/sha/sha3.c | 8 +++++-
providers/implementations/digests/sha3_prov.c | 28 +++++++++++++++----
4 files changed, 34 insertions(+), 9 deletions(-)
Index: openssl-3.2.3/crypto/s390x_arch.h
===================================================================
--- openssl-3.2.3.orig/crypto/s390x_arch.h
+++ openssl-3.2.3/crypto/s390x_arch.h
@@ -191,6 +191,9 @@ extern int OPENSSL_s390xcex;
# define S390X_KMA_LAAD 0x200
# define S390X_KMA_HS 0x400
# define S390X_KDSA_D 0x80
+# define S390X_KIMD_NIP 0x8000
+# define S390X_KLMD_DUFOP 0x4000
+# define S390X_KLMD_NIP 0x8000
# define S390X_KLMD_PS 0x100
# define S390X_KMAC_IKP 0x8000
# define S390X_KMAC_IIMP 0x4000
Index: openssl-3.2.3/crypto/s390xcpuid.pl
===================================================================
--- openssl-3.2.3.orig/crypto/s390xcpuid.pl
+++ openssl-3.2.3/crypto/s390xcpuid.pl
@@ -308,7 +308,7 @@ s390x_kimd:
llgfr %r0,$fc
lgr %r1,$param
- .long 0xb93e0002 # kimd %r0,%r2
+ .long 0xb93e8002 # kimd %r0,%r2[,M3]
brc 1,.-4 # pay attention to "partial completion"
br $ra
@@ -329,7 +329,7 @@ s390x_klmd:
llgfr %r0,$fc
l${g} %r1,$stdframe($sp)
- .long 0xb93f0042 # klmd %r4,%r2
+ .long 0xb93f8042 # klmd %r4,%r2[,M3]
brc 1,.-4 # pay attention to "partial completion"
br $ra
Index: openssl-3.2.3/crypto/sha/sha3.c
===================================================================
--- openssl-3.2.3.orig/crypto/sha/sha3.c
+++ openssl-3.2.3/crypto/sha/sha3.c
@@ -8,13 +8,19 @@
*/
#include <string.h>
+#if defined(__s390x__) && defined(OPENSSL_CPUID_OBJ)
+# include "crypto/s390x_arch.h"
+#endif
#include "internal/sha3.h"
void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r, int next);
void ossl_sha3_reset(KECCAK1600_CTX *ctx)
{
- memset(ctx->A, 0, sizeof(ctx->A));
+#if defined(__s390x__) && defined(OPENSSL_CPUID_OBJ)
+ if (!(OPENSSL_s390xcap_P.stfle[1] & S390X_CAPBIT(S390X_MSA12)))
+#endif
+ memset(ctx->A, 0, sizeof(ctx->A));
ctx->bufsz = 0;
ctx->xof_state = XOF_STATE_INIT;
}
Index: openssl-3.2.3/providers/implementations/digests/sha3_prov.c
===================================================================
--- openssl-3.2.3.orig/providers/implementations/digests/sha3_prov.c
+++ openssl-3.2.3/providers/implementations/digests/sha3_prov.c
@@ -187,26 +187,32 @@ static size_t s390x_sha3_absorb(void *vc
{
KECCAK1600_CTX *ctx = vctx;
size_t rem = len % ctx->block_size;
+ unsigned int fc;
if (!(ctx->xof_state == XOF_STATE_INIT ||
ctx->xof_state == XOF_STATE_ABSORB))
return 0;
+ fc = ctx->pad;
+ fc |= ctx->xof_state == XOF_STATE_INIT ? S390X_KIMD_NIP : 0;
ctx->xof_state = XOF_STATE_ABSORB;
- s390x_kimd(inp, len - rem, ctx->pad, ctx->A);
+ s390x_kimd(inp, len - rem, fc, ctx->A);
return rem;
}
static int s390x_sha3_final(void *vctx, unsigned char *out, size_t outlen)
{
KECCAK1600_CTX *ctx = vctx;
+ unsigned int fc;
if (!ossl_prov_is_running())
return 0;
if (!(ctx->xof_state == XOF_STATE_INIT ||
ctx->xof_state == XOF_STATE_ABSORB))
return 0;
+ fc = ctx->pad | S390X_KLMD_DUFOP;
+ fc |= ctx->xof_state == XOF_STATE_INIT ? S390X_KLMD_NIP : 0;
ctx->xof_state = XOF_STATE_FINAL;
- s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, ctx->pad, ctx->A);
+ s390x_klmd(ctx->buf, ctx->bufsz, NULL, 0, fc, ctx->A);
memcpy(out, ctx->A, outlen);
return 1;
}
@@ -214,14 +220,17 @@ static int s390x_sha3_final(void *vctx,
static int s390x_shake_final(void *vctx, unsigned char *out, size_t outlen)
{
KECCAK1600_CTX *ctx = vctx;
+ unsigned int fc;
if (!ossl_prov_is_running())
return 0;
if (!(ctx->xof_state == XOF_STATE_INIT ||
ctx->xof_state == XOF_STATE_ABSORB))
return 0;
+ fc = ctx->pad | S390X_KLMD_DUFOP;
+ fc |= ctx->xof_state == XOF_STATE_INIT ? S390X_KLMD_NIP : 0;
ctx->xof_state = XOF_STATE_FINAL;
- s390x_klmd(ctx->buf, ctx->bufsz, out, outlen, ctx->pad, ctx->A);
+ s390x_klmd(ctx->buf, ctx->bufsz, out, outlen, fc, ctx->A);
return 1;
}
@@ -271,24 +280,28 @@ static int s390x_keccakc_final(void *vct
size_t bsz = ctx->block_size;
size_t num = ctx->bufsz;
size_t needed = outlen;
+ unsigned int fc;
if (!ossl_prov_is_running())
return 0;
if (!(ctx->xof_state == XOF_STATE_INIT ||
ctx->xof_state == XOF_STATE_ABSORB))
return 0;
+ fc = ctx->pad;
+ fc |= ctx->xof_state == XOF_STATE_INIT ? S390X_KIMD_NIP : 0;
ctx->xof_state = XOF_STATE_FINAL;
if (outlen == 0)
return 1;
memset(ctx->buf + num, 0, bsz - num);
ctx->buf[num] = padding;
ctx->buf[bsz - 1] |= 0x80;
- s390x_kimd(ctx->buf, bsz, ctx->pad, ctx->A);
+ s390x_kimd(ctx->buf, bsz, fc, ctx->A);
num = needed > bsz ? bsz : needed;
memcpy(out, ctx->A, num);
needed -= num;
if (needed > 0)
- s390x_klmd(NULL, 0, out + bsz, needed, ctx->pad | S390X_KLMD_PS, ctx->A);
+ s390x_klmd(NULL, 0, out + bsz, needed,
+ ctx->pad | S390X_KLMD_PS | S390X_KLMD_DUFOP, ctx->A);
return 1;
}
@@ -308,6 +321,7 @@ static int s390x_keccakc_squeeze(void *v
{
KECCAK1600_CTX *ctx = vctx;
size_t len;
+ unsigned int fc;
if (!ossl_prov_is_running())
return 0;
@@ -323,7 +337,9 @@ static int s390x_keccakc_squeeze(void *v
memset(ctx->buf + ctx->bufsz, 0, len);
ctx->buf[ctx->bufsz] = padding;
ctx->buf[ctx->block_size - 1] |= 0x80;
- s390x_kimd(ctx->buf, ctx->block_size, ctx->pad, ctx->A);
+ fc = ctx->pad;
+ fc |= ctx->xof_state == XOF_STATE_INIT ? S390X_KIMD_NIP : 0;
+ s390x_kimd(ctx->buf, ctx->block_size, fc, ctx->A);
ctx->bufsz = 0;
/* reuse ctx->bufsz to count bytes squeezed from current sponge */
}

160
openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch Normal file
View File

@@ -0,0 +1,160 @@
commit 94898923538f686b74b6ddef34571f804d9b3811
Author: Holger Dengler <dengler@linux.ibm.com>
Date: Wed Sep 27 15:40:47 2023 +0200
Support EVP_DigestSqueeze() for in the digest provider for s390x.
The new EVP_DigestSqueeze() API requires changes to all keccak-based
digest provider implementations. Update the s390x-part of the SHA3
digest provider.
Squeeze for SHA3 is not supported, so add an empty function pointer
(NULL).
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)
diff --git a/providers/implementations/digests/sha3_prov.c b/providers/implementations/digests/sha3_prov.c
index f691273baf..2fd0f928e7 100644
--- a/providers/implementations/digests/sha3_prov.c
+++ b/providers/implementations/digests/sha3_prov.c
@@ -225,6 +225,45 @@ static int s390x_shake_final(void *vctx, unsigned char *out, size_t outlen)
return 1;
}
+static int s390x_shake_squeeze(void *vctx, unsigned char *out, size_t outlen)
+{
+ KECCAK1600_CTX *ctx = vctx;
+ size_t len;
+
+ if (!ossl_prov_is_running())
+ return 0;
+ if (ctx->xof_state == XOF_STATE_FINAL)
+ return 0;
+ /*
+ * On the first squeeze call, finish the absorb process (incl. padding).
+ */
+ if (ctx->xof_state != XOF_STATE_SQUEEZE) {
+ ctx->xof_state = XOF_STATE_SQUEEZE;
+ s390x_klmd(ctx->buf, ctx->bufsz, out, outlen, ctx->pad, ctx->A);
+ ctx->bufsz = outlen % ctx->block_size;
+ /* reuse ctx->bufsz to count bytes squeezed from current sponge */
+ return 1;
+ }
+ ctx->xof_state = XOF_STATE_SQUEEZE;
+ if (ctx->bufsz != 0) {
+ len = ctx->block_size - ctx->bufsz;
+ if (outlen < len)
+ len = outlen;
+ memcpy(out, (char *)ctx->A + ctx->bufsz, len);
+ out += len;
+ outlen -= len;
+ ctx->bufsz += len;
+ if (ctx->bufsz == ctx->block_size)
+ ctx->bufsz = 0;
+ }
+ if (outlen == 0)
+ return 1;
+ s390x_klmd(NULL, 0, out, outlen, ctx->pad | S390X_KLMD_PS, ctx->A);
+ ctx->bufsz = outlen % ctx->block_size;
+
+ return 1;
+}
+
static int s390x_keccakc_final(void *vctx, unsigned char *out, size_t outlen,
int padding)
{
@@ -264,28 +303,86 @@ static int s390x_kmac_final(void *vctx, unsigned char *out, size_t outlen)
return s390x_keccakc_final(vctx, out, outlen, 0x04);
}
+static int s390x_keccakc_squeeze(void *vctx, unsigned char *out, size_t outlen,
+ int padding)
+{
+ KECCAK1600_CTX *ctx = vctx;
+ size_t len;
+
+ if (!ossl_prov_is_running())
+ return 0;
+ if (ctx->xof_state == XOF_STATE_FINAL)
+ return 0;
+ /*
+ * On the first squeeze call, finish the absorb process
+ * by adding the trailing padding and then doing
+ * a final absorb.
+ */
+ if (ctx->xof_state != XOF_STATE_SQUEEZE) {
+ len = ctx->block_size - ctx->bufsz;
+ memset(ctx->buf + ctx->bufsz, 0, len);
+ ctx->buf[ctx->bufsz] = padding;
+ ctx->buf[ctx->block_size - 1] |= 0x80;
+ s390x_kimd(ctx->buf, ctx->block_size, ctx->pad, ctx->A);
+ ctx->bufsz = 0;
+ /* reuse ctx->bufsz to count bytes squeezed from current sponge */
+ }
+ if (ctx->bufsz != 0 || ctx->xof_state != XOF_STATE_SQUEEZE) {
+ len = ctx->block_size - ctx->bufsz;
+ if (outlen < len)
+ len = outlen;
+ memcpy(out, (char *)ctx->A + ctx->bufsz, len);
+ out += len;
+ outlen -= len;
+ ctx->bufsz += len;
+ if (ctx->bufsz == ctx->block_size)
+ ctx->bufsz = 0;
+ }
+ ctx->xof_state = XOF_STATE_SQUEEZE;
+ if (outlen == 0)
+ return 1;
+ s390x_klmd(NULL, 0, out, outlen, ctx->pad | S390X_KLMD_PS, ctx->A);
+ ctx->bufsz = outlen % ctx->block_size;
+
+ return 1;
+}
+
+static int s390x_keccak_squeeze(void *vctx, unsigned char *out, size_t outlen)
+{
+ return s390x_keccakc_squeeze(vctx, out, outlen, 0x01);
+}
+
+static int s390x_kmac_squeeze(void *vctx, unsigned char *out, size_t outlen)
+{
+ return s390x_keccakc_squeeze(vctx, out, outlen, 0x04);
+}
+
static PROV_SHA3_METHOD sha3_s390x_md =
{
s390x_sha3_absorb,
- s390x_sha3_final
+ s390x_sha3_final,
+ NULL,
};
static PROV_SHA3_METHOD keccak_s390x_md =
{
s390x_sha3_absorb,
s390x_keccak_final,
+ s390x_keccak_squeeze,
};
static PROV_SHA3_METHOD shake_s390x_md =
{
s390x_sha3_absorb,
- s390x_shake_final
+ s390x_shake_final,
+ s390x_shake_squeeze,
};
static PROV_SHA3_METHOD kmac_s390x_md =
{
s390x_sha3_absorb,
- s390x_kmac_final
+ s390x_kmac_final,
+ s390x_kmac_squeeze,
};
# define SHAKE_SET_MD(uname, typ) \

46
openssl-3-support-multiple-sha3_squeeze_s390x.patch Normal file
View File

@@ -0,0 +1,46 @@
commit bff62480333680463c82e88fdc67ed5ec14a0017
Author: Holger Dengler <dengler@linux.ibm.com>
Date: Wed Sep 27 11:18:18 2023 +0200
Support multiple calls of low level SHA3_squeeze() for s390x.
The low level SHA3_Squeeze() function needed to change slightly so
that it can handle multiple squeezes. Support this on s390x
architecture as well.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)
diff --git a/crypto/sha/asm/keccak1600-s390x.pl b/crypto/sha/asm/keccak1600-s390x.pl
index 86233c7e38..7d5ebde117 100755
--- a/crypto/sha/asm/keccak1600-s390x.pl
+++ b/crypto/sha/asm/keccak1600-s390x.pl
@@ -472,7 +472,7 @@ SHA3_absorb:
.size SHA3_absorb,.-SHA3_absorb
___
}
-{ my ($A_flat,$out,$len,$bsz) = map("%r$_",(2..5));
+{ my ($A_flat,$out,$len,$bsz,$next) = map("%r$_",(2..6));
$code.=<<___;
.globl SHA3_squeeze
@@ -484,6 +484,7 @@ SHA3_squeeze:
lghi %r14,8
st${g} $bsz,5*$SIZE_T($sp)
la %r1,0($A_flat)
+ cijne $next,0,.Lnext_block
j .Loop_squeeze
@@ -501,6 +502,7 @@ SHA3_squeeze:
brct $bsz,.Loop_squeeze # bsz--
+.Lnext_block:
stm${g} $out,$len,3*$SIZE_T($sp)
bras %r14,.LKeccakF1600
lm${g} $out,$bsz,3*$SIZE_T($sp)

35
openssl-3-use-include-directive.patch
View File

@@ -1,35 +0,0 @@
---
apps/openssl.cnf | 13 +++++++++++++
1 file changed, 13 insertions(+)
Index: openssl-3.1.4/apps/openssl.cnf
===================================================================
--- openssl-3.1.4.orig/apps/openssl.cnf
+++ openssl-3.1.4/apps/openssl.cnf
@@ -19,6 +19,7 @@ openssl_conf = openssl_init
# Comment out the next line to ignore configuration errors
config_diagnostics = 1
+[ oid_section ]
# Extra OBJECT IDENTIFIER info:
# oid_file = $ENV::HOME/.oid
oid_section = new_oids
@@ -47,6 +48,18 @@ providers = provider_sect
# Load default TLS policy configuration
ssl_conf = ssl_module
+engines = engine_section
+
+[ engine_section ]
+
+# This include will look through the directory that will contain the
+# engine declarations for any engines provided by other packages.
+.include /etc/ssl/engines3.d
+
+# This include will look through the directory that will contain the
+# definitions of the engines declared in the engine section.
+.include /etc/ssl/engdef3.d
+
# Uncomment the sections that start with ## below to enable the legacy provider.
# Loading the legacy provider enables support for the following algorithms:
# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160

3
openssl-3.1.7.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:053a31fa80cf4aebe1068c987d2ef1e44ce418881427c4464751ae800c31d06c
size 15684836

16
openssl-3.1.7.tar.gz.asc
View File

@@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEulRzorBYewf7J88tIWCU39DLge8FAmbXB9UACgkQIWCU39DL
ge/wjg/+MwugS9yaSCXXeqfRDYphyyblQ915j30Zo4kOdxr/ZBkrrzExxQaAN9tC
NR+w33NPmiQQk8MPKKx3dcOZ3giHv7uGlBbo8fHihoUJ5cM9jDLd0UnqSUKU6C7h
mK0BcGBj+Y5Sj2wH0NLPbFgfqbk2rbFRyDDoszj/ZahdE/dr1m1W8vI+FFqqqLjO
hc4J26Dn/oTA1FWgXhIAPQDjG/sUy2waF1Q/nelVkeCwrL5modcW8CXGiwZa5Wan
93cAgk0VUVq20FGQLVVxhGJ9wMGv48nS/hJKugJci1CFqX1eLc5NrbDah3sejGpA
9ZgNoguolbxVe+pFDF+Qj5tLM34+ONI4m2wqtKNAA9UN/W2NuQxatDlHYU2u718C
YpiEodIuNz5ktGAtHAe0fI36rvMJGy/6nKuzMXNF+QmbFzWhtnQRXJuC6uY7dIOa
QHHYmKboVJCb9Ak2gSuTEJvov8HFnlCRzzXBEN2sP6Xd86flERRcMH41VtEu0u2c
wB54o5+9l/7PQ3TOSdNUD6JakjraE05KMHB0KwEUIvAEMceaIrp1q6BnVrEzRjdV
WMsagkvHiv4dUP8lT1DpCEhq7jHyzvHtFrrQq+SAHITgnYiENF6K89w2QLkqoK33
Co/eerwMazO3+qxASYz7pFODPyVAsTIWvuWAJ6CmtubJBinjVnM=
=Z8CX
-----END PGP SIGNATURE-----

BIN
openssl-3.2.3.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

16
openssl-3.2.3.tar.gz.asc Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEulRzorBYewf7J88tIWCU39DLge8FAmbXBpkACgkQIWCU39DL
ge81Ww//d6tE9XznGxx/+xfBFADDTALPDaO8yogJtECMMxixXn1zuWYheH40z5zO
MTmIeHVLowXlfBl4YO8I+SDGbZy4CKFix3j+r/dojvteiPXrBKd83e67e0mDotAD
w3NYar1Gh8kXnq63zEV8JRBjRhLb2b7uJhi1UUtaCgOfK/wvRVWiBDWyVAkVjR0V
NGCQg6FXCjxXY9G01wyqBlZt4T/h/SxN+iZUWRRPrekTxVNAQxFsMLYupuULpeaz
uHvXXJ1Os/Mh4zD8a/SHrbdw3ncHb7JmCNZu4cPUkNVw0Dc0y64SP+Wviet1oOio
/pTnfq6ptUTpzkSFiI9ZmTS1eiqQ24BLdwu3J/6ss9hZUlFZPUozsH6HTVpRxWhI
edp5fa8rpQ5wX+ftGNxA1tRhWjCrR1VgFhdZX5T4rS5fU3OX5TXPwHKqaFyGlxQd
GV467+BgxixgEU5xMirkJ/WbYrcSEFS1i9EbL6HwJ2vO02jHNfK7Biy+krOZKnx1
Oniv4DoPR1s2De+OinDI30Zo9STizpiFiv27vw+l8Wj6+SnCFoyAZMVYcdYXSAws
Im054SFCpw1cqhhHMBMOodqUv2CEMyBLuUyjjOF6oFteUp/VEe8JUrkQBA+LhDgX
kPNzpSTnX9lB/ALvaedOUyIQf8sV3IEGn7zWGOTBp1QLu6hiId8=
=1Xgs
-----END PGP SIGNATURE-----

308
openssl-3.changes
View File

@@ -1,3 +1,311 @@
-------------------------------------------------------------------
Tue Nov 5 15:11:46 UTC 2024 - Angel Yankov <angel.yankov@suse.com>
- Support MSA 11 HMAC on s390x jsc#PED-10273
* Add openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch
* Add openssl-3-fix-hmac-digest-detection-s390x.patch
* Add openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch
-------------------------------------------------------------------
Tue Nov 5 10:39:14 UTC 2024 - Angel Yankov <angel.yankov@suse.com>
- Add hardware acceleration for full AES-XTS jsc#PED-10273
* Add openssl-3-hw-acceleration-aes-xts-s390x.patch
-------------------------------------------------------------------
Fri Nov 1 14:32:50 UTC 2024 - Angel Yankov <angel.yankov@suse.com>
- Support MSA 12 SHA3 on s390x jsc#PED-10280
* Add openssl-3-add_EVP_DigestSqueeze_api.patch
* Add openssl-3-support-multiple-sha3_squeeze_s390x.patch
* Add openssl-3-add-xof-state-handling-s3_absorb.patch
* Add openssl-3-fix-state-handling-sha3_absorb_s390x.patch
* Add openssl-3-fix-state-handling-sha3_final_s390x.patch
* Add openssl-3-fix-state-handling-shake_final_s390x.patch
* Add openssl-3-fix-state-handling-keccak_final_s390x.patch
* Add openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch
* Add openssl-3-add-defines-CPACF-funcs.patch
* Add openssl-3-add-hw-acceleration-hmac.patch
* Add openssl-3-support-CPACF-sha3-shake-perf-improvement.patch
* Add openssl-3-fix-s390x_sha3_absorb.patch
* Add openssl-3-fix-s390x_shake_squeeze.patch
-------------------------------------------------------------------
Mon Oct 28 09:38:20 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.2.3:
* Changes between 3.2.2 and 3.2.3:
- Fixed possible denial of service in X.509 name checks. [CVE-2024-6119]
- Fixed possible buffer overread in SSL_select_next_proto(). [CVE-2024-5535]
* Changes between 3.2.1 and 3.2.2:
- Fixed potential use after free after SSL_free_buffers() is called. [CVE-2024-4741]
- Fixed an issue where checking excessively long DSA keys or parameters may
be very slow. [CVE-2024-4603]
- Improved EC/DSA nonce generation routines to avoid bias and timing
side channel leaks.
- Fixed an issue where some non-default TLS server configurations can cause
unbounded memory growth when processing TLSv1.3 sessions. [CVE-2024-2511]
- New atexit configuration switch, which controls whether the OPENSSL_cleanup
is registered when libcrypto is unloaded. This can be used on platforms
where using atexit() from shared libraries causes crashes on exit.
- Fixed bug where SSL_export_keying_material() could not be used with QUIC
connections.
* Add openssl-skip-quic-pairwise.patch to adapt the pairwise tests.
* Merge openssl-FIPS-release_num_in_version_string.patch into
openssl-FIPS-services-minimize.patch
* Rebase patches:
- openssl-Add-changes-to-ectest-and-eccurve.patch
- openssl-FIPS-140-3-keychecks.patch
- openssl-FIPS-embed-hmac.patch
- openssl-Remove-EC-curves.patch
- openssl-skipped-tests-EC-curves.patch
- openssl-FIPS-early-KATS.patch
- openssl-Allow-disabling-of-SHA1-signatures.patch
- openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
- openssl-FIPS-limit-rsa-encrypt.patch
- openssl-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
- openssl-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
- openssl-FIPS-140-3-DRBG.patch
- openssl-FIPS-140-3-zeroization.patch
- openssl-Add-FIPS-indicator-parameter-to-HKDF.patch
- openssl-FIPS-Remove-X9.31-padding-from-FIPS-prov.patch
- openssl-FIPS-Add-explicit-indicator-for-key-length.patch
- openssl-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
- openssl-FIPS-signature-Add-indicator-for-PSS-salt-length.patch
- openssl-3-FIPS-GCM-Implement-explicit-indicator-for-IV-gen.patch
- openssl-FIPS-enforce-EMS-support.patch
- openssl-3-jitterentropy-3.4.0.patch
* Remove not needed patches:
- openssl-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
- openssl-3-FIPS-PCT_rsa_keygen.patch
-------------------------------------------------------------------
Mon Oct 28 09:22:33 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Remove the engines' directories and symlinks that were added to
allow parallel installations with openssl-1_1.
* Remove openssl-3-use-include-directive.patch
-------------------------------------------------------------------
Mon Oct 28 08:43:34 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Remove the hardcoded DEFAULT_SUSE cipherlist selection.
* Remove openssl-DEFAULT_SUSE_cipher.patch
-------------------------------------------------------------------
Fri Oct 25 09:32:01 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.2.1:
* Changes between 3.2.0 and 3.2.1:
- A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. [CVE-2024-0727]
- When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time. [CVE-2023-6237]
- Restore the encoding of SM2 PrivateKeyInfo and SubjectPublicKeyInfo to
have the contained AlgorithmIdentifier.algorithm set to id-ecPublicKey
rather than SM2.
- The POLY1305 MAC (message authentication code) implementation in OpenSSL
for PowerPC CPUs saves the contents of vector registers in different
order than they are restored. [CVE-2023-6129]
- Disable building QUIC server utility when OpenSSL is configured with 'no-apps'.
* The openssl-crypto-policies-support.patch has been merged into
openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
* Rename openssl-Disable-default-provider-for-test-suite.patch and rebase to
openssl-TESTS-Disable-default-provider-crypto-policies.patch
* Patches removed in the update:
- openssl-Add_support_for_Windows_CA_certificate_store.patch
- openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch
- openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch
- openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch
- openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch
- openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch
- openssl-CVE-2024-41996.patch
- openssl-CVE-2023-50782.patch
- openssl-CVE-2024-9143.patch
* Patches rebased:
- openssl-3-use-include-directive.patch
- openssl-Add-Kernel-FIPS-mode-flag-support.patch
- openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
- openssl-DEFAULT_SUSE_cipher.patch
- openssl-FIPS-embed-hmac.patch
- openssl-Force-FIPS.patch
- openssl-load-legacy-provider.patch
- openssl-no-html-docs.patch
- openssl-pkgconfig.patch
- openssl-ppc64-config.patch
- openssl-truststore.patch
-------------------------------------------------------------------
Fri Oct 25 09:14:20 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
- Update to 3.2.0:
* Changes between 3.1.x and 3.2.0:
- Fix excessive time spent in DH check/ generation with large Q parameter
value. [CVE-2023-5678]
- The BLAKE2b hash algorithm supports a configurable output length
by setting the "size" parameter.
- Added a function to delete objects from store by URI - OSSL_STORE_delete()
and the corresponding provider-storemgmt API function OSSL_FUNC_store_delete().
- Added OSSL_FUNC_store_open_ex() provider-storemgmt API function to pass
a passphrase callback when opening a store.
- Changed the default salt length used by PBES2 KDF's (PBKDF2 and scrypt)
from 8 bytes to 16 bytes.
- Changed the default value of the 'ess_cert_id_alg' configuration
option which is used to calculate the TSA's public key certificate
identifier. The default algorithm is updated to be sha256 instead of sha1.
- Added optimization for SM2 algorithm on aarch64. A new configure option
'no-sm2-precomp' has been added to disable the precomputed table.
- Added client side support for QUIC
- Added secp384r1 implementation using Solinas' reduction to improve
speed of the NIST P-384 elliptic curve. To enable the implementation
the build option 'enable-ec_nistp_64_gcc_128' must be used.
- Improved RFC7468 compliance of the asn1parse command.
- Added SHA256/192 algorithm support.
- Added support for securely getting root CA certificate update in CMP.
- Improved contention on global write locks by using more read locks where
appropriate.
- Improved performance of OSSL_PARAM lookups in performance critical
provider functions.
- Added the SSL_get0_group_name() function to provide access to the
name of the group used for the TLS key exchange.
- Provide a new configure option 'no-http' that can be used to disable the
HTTP support. Provide new configure options 'no-apps' and 'no-docs' to
disable building the openssl command line application and the documentation.
- Provide a new configure option 'no-ecx' that can be used to disable the
X25519, X448, and EdDSA support.
- When multiple OSSL_KDF_PARAM_INFO parameters are passed to
the EVP_KDF_CTX_set_params() function they are now concatenated not just
for the HKDF algorithm but also for SSKDF and X9.63 KDF algorithms.
- Added OSSL_FUNC_keymgmt_im/export_types_ex() provider functions that get
the provider context as a parameter.
- TLS round-trip time calculation was added by a Brigham Young University
Capstone team partnering with Sandia National Laboratories. A new function
in ssl_lib titled SSL_get_handshake_rtt will calculate and retrieve this
value.
- Added the "-quic" option to s_client to enable connectivity to QUIC servers.
QUIC requires the use of ALPN, so this must be specified via the "-alpn"
option. Use of the "advanced" s_client command command via the "-adv" option
is recommended.
- Added an "advanced" command mode to s_client. Use this with the "-adv" option.
- Add Raw Public Key (RFC7250) support.
- Added support for modular exponentiation and CRT offloading for the
S390x architecture.
- Added further assembler code for the RISC-V architecture.
- Added EC_GROUP_to_params() which creates an OSSL_PARAM array
from a given EC_GROUP.
- Improved support for non-default library contexts and property queries
when parsing PKCS#12 files.
- Implemented support for all five instances of EdDSA from RFC8032:
Ed25519, Ed25519ctx, Ed25519ph, Ed448, and Ed448ph.
The streaming is not yet supported for the HashEdDSA variants
(Ed25519ph and Ed448ph).
- Added SM4 optimization for ARM processors using ASIMD and AES HW instructions.
- Implemented SM4-XTS support.
- Added platform-agnostic OSSL_sleep() function.
- Implemented deterministic ECDSA signatures (RFC6979) support.
- Implemented AES-GCM-SIV (RFC8452) support.
- Added support for pluggable (provider-based) TLS signature algorithms.
This enables TLS 1.3 authentication operations with algorithms embedded
in providers not included by default in OpenSSL. In combination with
the already available pluggable KEM and X.509 support, this enables
for example suitable providers to deliver post-quantum or quantum-safe
cryptography to OpenSSL users.
- Added support for pluggable (provider-based) CMS signature algorithms.
This enables CMS sign and verify operations with algorithms embedded
in providers not included by default in OpenSSL.
- Implemented HPKE DHKEM support in providers used by HPKE (RFC9180) API.
- Add support for certificate compression (RFC8879), including
library support for Brotli and Zstandard compression.
- Add the ability to add custom attributes to PKCS12 files. Add a new API
PKCS12_create_ex2, identical to the existing PKCS12_create_ex but allows
for a user specified callback and optional argument.
Added a new PKCS12_SAFEBAG_set0_attr, which allows for a new attr to be
added to the existing STACK_OF attrs.
- Major refactor of the libssl record layer.
- Add a mac salt length option for the pkcs12 command.
- Add more SRTP protection profiles from RFC8723 and RFC8269.
- Extended Kernel TLS (KTLS) to support TLS 1.3 receive offload.
- Add support for TCP Fast Open (RFC7413) to macOS, Linux, and FreeBSD where
supported and enabled.
- Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
to the list of ciphersuites providing Perfect Forward Secrecy as
required by SECLEVEL >= 3.
- Add new SSL APIs to aid in efficiently implementing TLS/SSL fingerprinting.
The SSL_CTRL_GET_IANA_GROUPS control code, exposed as the
SSL_get0_iana_groups() function-like macro, retrieves the list of
supported groups sent by the peer.
- Fixed PEM_write_bio_PKCS8PrivateKey() and PEM_write_bio_PKCS8PrivateKey_nid()
to make it possible to use empty passphrase strings.
- The PKCS12_parse() function now supports MAC-less PKCS12 files.
- Added ASYNC_set_mem_functions() and ASYNC_get_mem_functions() calls to be able
to change functions used for allocating the memory of asynchronous call stack.
- Added support for signed BIGNUMs in the OSSL_PARAM APIs.
- A failure exit code is returned when using the openssl x509 command to check
certificate attributes and the checks fail.
- The default SSL/TLS security level has been changed from 1 to 2. RSA,
DSA and DH keys of 1024 bits and above and less than 2048 bits and ECC keys
of 160 bits and above and less than 224 bits were previously accepted by
default but are now no longer allowed. By default TLS compression was
already disabled in previous OpenSSL versions. At security level 2 it cannot
be enabled.
- The SSL_CTX_set_cipher_list family functions now accept ciphers using their
IANA standard names.
- The PVK key derivation function has been moved from b2i_PVK_bio_ex() into
the legacy crypto provider as an EVP_KDF. Applications requiring this KDF
will need to load the legacy crypto provider.
- CCM8 cipher suites in TLS have been downgraded to security level zero
because they use a short authentication tag which lowers their strength.
- Subject or issuer names in X.509 objects are now displayed as UTF-8 strings
by default. Also spaces surrounding '=' in DN output are removed.
- Add X.509 certificate codeSigning purpose and related checks on key usage and
extended key usage of the leaf certificate according to the CA/Browser Forum.
- The 'x509', 'ca', and 'req' apps now produce X.509 v3 certificates.
The '-x509v1' option of 'req' prefers generation of X.509 v1 certificates.
'X509_sign()' and 'X509_sign_ctx()' make sure that the certificate has
X.509 version 3 if the certificate information includes X.509 extensions.
- Fix and extend certificate handling and the apps 'x509', 'verify' etc.
such as adding a trace facility for debugging certificate chain building.
- Various fixes and extensions to the CMP+CRMF implementation and the 'cmp' app
in particular supporting requests for central key generation, generalized
polling, and various types of genm/genp exchanges defined in CMP Updates.
- Fixes and extensions to the HTTP client and to the HTTP server in 'apps/'
like correcting the TLS and proxy support and adding tracing for debugging.
- Extended the CMS API for handling 'CMS_SignedData' and 'CMS_EnvelopedData'.
- 'CMS_add0_cert()' and 'CMS_add1_cert()' no longer throw an error if
a certificate to be added is already present. 'CMS_sign_ex()' and
'CMS_sign()' now ignore any duplicate certificates in their 'certs' argument
and no longer throw an error for them.
- Added BIO_s_dgram_pair() and BIO_s_dgram_mem() that provide memory-based
BIOs with datagram semantics and support for BIO_sendmmsg() and BIO_recvmmsg()
calls. They can be used as the transport BIOs for QUIC.
- Add new BIO_sendmmsg() and BIO_recvmmsg() BIO methods which allow
sending and receiving multiple messages in a single call. An implementation
is provided for BIO_dgram. For further details, see BIO_sendmmsg(3).
- Support for loading root certificates from the Windows certificate store
has been added.
- Enable KTLS with the TLS 1.3 CCM mode ciphersuites. Note that some linux
kernel versions that support KTLS have a known bug in CCM processing. That
has been fixed in stable releases starting from 5.4.164, 5.10.84, 5.15.7,
and all releases since 5.16. KTLS with CCM ciphersuites should be only used
on these releases.
- Added '-ktls' option to 's_server' and 's_client' commands to enable the
KTLS support.
- Zerocopy KTLS sendfile() support on Linux.
- The OBJ_ calls are now thread safe using a global lock.
- New parameter '-digest' for openssl cms command allowing signing
pre-computed digests and new CMS API functions supporting that
functionality.
- OPENSSL_malloc() and other allocation functions now raise errors on
allocation failures. The callers do not need to explicitly raise errors
unless they want to for tracing purposes.
- Added support for Brainpool curves in TLS-1.3.
- Support for Argon2d, Argon2i, Argon2id KDFs has been added along with
a basic thread pool implementation for select platforms.
-------------------------------------------------------------------
Mon Oct 21 11:01:59 UTC 2024 - Pedro Monreal <pmonreal@suse.com>

200
openssl-3.spec
View File

@@ -20,132 +20,127 @@
%define sover 3
%define _rname openssl
%define man_suffix 3ssl
%global sslengcnf %{ssletcdir}/engines%{sover}.d
%global sslengdef %{ssletcdir}/engdef%{sover}.d
# Enable userspace livepatching.
%define livepatchable 1
Name: openssl-3
# Don't forget to update the version in the "openssl" meta-package!
Version: 3.1.7
Version: 3.2.3
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: Apache-2.0
URL: https://www.openssl.org/
Source: https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz
Source1: https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz.asc
# https://keys.openpgp.org/search?q=openssl@openssl.org
# BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF
Source2: %{_rname}.keyring
# to get mtime of file:
Source1: %{name}.changes
Source2: baselibs.conf
Source3: https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz.asc
# https://www.openssl.org/about/
# http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/openssl.keyring
Source4: %{_rname}.keyring
Source3: %{name}.changes
Source4: baselibs.conf
Source5: showciphers.c
Source6: openssl-Disable-default-provider-for-test-suite.patch
Source6: openssl-TESTS-Disable-default-provider-crypto-policies.patch
# PATCH-FIX-OPENSUSE: Do not install html docs as it takes ages
Patch1: openssl-no-html-docs.patch
Patch2: openssl-truststore.patch
Patch3: openssl-pkgconfig.patch
Patch4: openssl-DEFAULT_SUSE_cipher.patch
Patch5: openssl-ppc64-config.patch
Patch6: openssl-no-date.patch
Patch4: openssl-ppc64-config.patch
Patch5: openssl-no-date.patch
# Add crypto-policies support
Patch7: openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
Patch8: openssl-crypto-policies-support.patch
# PATCH-FIX-UPSTREAM: bsc#1209430 Upgrade OpenSSL from 3.0.8 to 3.1.0 in TW
Patch9: openssl-Add_support_for_Windows_CA_certificate_store.patch
Patch6: openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
# PATCH-FIX-FEDORA Add FIPS_mode compatibility macro and flag support
Patch10: openssl-Add-FIPS_mode-compatibility-macro.patch
Patch11: openssl-Add-Kernel-FIPS-mode-flag-support.patch
# PATCH-FIX-UPSTREAM jsc#PED-5086, jsc#PED-3514
# POWER10 performance enhancements for cryptography
Patch12: openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch
Patch13: openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch
Patch14: openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch
Patch15: openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch
Patch16: openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch
Patch7: openssl-Add-FIPS_mode-compatibility-macro.patch
Patch8: openssl-Add-Kernel-FIPS-mode-flag-support.patch
# PATCH-FIX-FEDORA Load FIPS the provider and set FIPS properties implicitly
Patch21: openssl-Force-FIPS.patch
Patch9: openssl-Force-FIPS.patch
# PATCH-FIX-FEDORA Disable the fipsinstall command-line utility
Patch22: openssl-disable-fipsinstall.patch
Patch10: openssl-disable-fipsinstall.patch
# PATCH-FIX-FEDORA Instructions to load legacy provider in openssl.cnf
Patch23: openssl-load-legacy-provider.patch
Patch11: openssl-load-legacy-provider.patch
# PATCH-FIX-FEDORA Embed the FIPS hmac
Patch24: openssl-FIPS-embed-hmac.patch
# PATCH-FIX-SUSE bsc#1194187, bsc#1207472, bsc#1218933 - Add engines section in openssl.cnf
Patch26: openssl-3-use-include-directive.patch
Patch12: openssl-FIPS-embed-hmac.patch
# PATCH-FIX-FEDORA bsc#1221786 FIPS: Use of non-Approved Elliptic Curves
Patch35: openssl-Add-changes-to-ectest-and-eccurve.patch
Patch36: openssl-Remove-EC-curves.patch
Patch37: openssl-Disable-explicit-ec.patch
Patch38: openssl-skipped-tests-EC-curves.patch
Patch13: openssl-Add-changes-to-ectest-and-eccurve.patch
Patch14: openssl-Remove-EC-curves.patch
Patch15: openssl-Disable-explicit-ec.patch
Patch16: openssl-skipped-tests-EC-curves.patch
# PATCH-FIX-FEDORA bsc#1221753 bsc#1221760 bsc#1221822 FIPS: Extra public/private key checks required by FIPS-140-3
Patch39: openssl-FIPS-140-3-keychecks.patch
Patch17: openssl-FIPS-140-3-keychecks.patch
# PATCH-FIX-FEDORA bsc#1221365 bsc#1221786 bsc#1221787 FIPS: Minimize fips services
Patch40: openssl-FIPS-services-minimize.patch
# PATCH-FIX-SUSE bsc#1221751 FIPS: Add release number to version string
Patch41: openssl-FIPS-release_num_in_version_string.patch
Patch18: openssl-FIPS-services-minimize.patch
# PATCH-FIX-FEDORA bsc#1221760 FIPS: Execute KATS before HMAC verification
Patch42: openssl-FIPS-early-KATS.patch
Patch19: openssl-FIPS-early-KATS.patch
# PATCH-FIX-SUSE bsc#1221787 FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4
Patch43: openssl-Revert-Improve-FIPS-RSA-keygen-performance.patch
Patch20: openssl-Revert-Improve-FIPS-RSA-keygen-performance.patch
# PATCH-FIX-FEDORA bsc#1221787 FIPS: Selectively disallow SHA1 signatures
Patch44: openssl-Allow-disabling-of-SHA1-signatures.patch
Patch45: openssl-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
Patch21: openssl-Allow-disabling-of-SHA1-signatures.patch
# # PATCH-FIX-FEDORA bsc#1221365 FIPS: Deny SHA-1 signature verification in FIPS provider
Patch22: openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
# PATCH-FIX-FEDORA bsc#1221365 bsc#1221824 FIPS: Service Level Indicator is needed
Patch46: openssl-FIPS-limit-rsa-encrypt.patch
Patch47: openssl-FIPS-Expose-a-FIPS-indicator.patch
Patch23: openssl-FIPS-limit-rsa-encrypt.patch
Patch24: openssl-FIPS-Expose-a-FIPS-indicator.patch
# PATCH-FIX-FEDORA bsc#1221760 FIPS: Execute KATS before HMAC verification
Patch48: openssl-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
Patch25: openssl-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
# PATCH-FIX-FEDORA bsc#1221365 bsc#1221760 FIPS: Selftests are required
Patch49: openssl-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
Patch26: openssl-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
# PATCH-FIX-FEDORA bsc#1221760 FIPS: Selftests are required
Patch50: openssl-FIPS-Use-FFDHE2048-in-self-test.patch
Patch27: openssl-FIPS-Use-FFDHE2048-in-self-test.patch
# PATCH-FIX-FEDORA bsc#1220690 bsc#1220693 bsc#1220696 FIPS: Reseed DRBG
Patch51: openssl-FIPS-140-3-DRBG.patch
Patch28: openssl-FIPS-140-3-DRBG.patch
# PATCH-FIX-FEDORA bsc#1221752 FIPS: Zeroisation is required
Patch52: openssl-FIPS-140-3-zeroization.patch
Patch29: openssl-FIPS-140-3-zeroization.patch
# PATCH-FIX-FEDORA bsc#1221365 FIPS: Service Level Indicator is needed
Patch53: openssl-Add-FIPS-indicator-parameter-to-HKDF.patch
Patch54: openssl-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
Patch30: openssl-Add-FIPS-indicator-parameter-to-HKDF.patch
Patch31: openssl-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
# PATCH-FIX-FEDORA bsc#1221365 bsc#1221365 FIPS: Service Level Indicator is needed
Patch55: openssl-FIPS-Remove-X9.31-padding-from-FIPS-prov.patch
Patch32: openssl-FIPS-Remove-X9.31-padding-from-FIPS-prov.patch
# PATCH-FIX-FEDORA bsc#1221365 FIPS: Service Level Indicator is needed
Patch56: openssl-FIPS-Add-explicit-indicator-for-key-length.patch
Patch33: openssl-FIPS-Add-explicit-indicator-for-key-length.patch
# PATCH-FIX-FEDORA bsc#1221827 FIPS: Recommendation for Password-Based Key Derivation
Patch57: openssl-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
Patch34: openssl-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
# PATCH-FIX-FEDORA bsc#1221365 FIPS: Service Level Indicator is needed
Patch58: openssl-FIPS-RSA-disable-shake.patch
Patch59: openssl-FIPS-signature-Add-indicator-for-PSS-salt-length.patch
Patch35: openssl-FIPS-RSA-disable-shake.patch
Patch36: openssl-FIPS-signature-Add-indicator-for-PSS-salt-length.patch
# PATCH-FIX-FEDORA bsc#1221824 FIPS: NIST SP 800-56Brev2 Section 6.4.1.2.1
Patch60: openssl-FIPS-RSA-encapsulate.patch
Patch37: openssl-FIPS-RSA-encapsulate.patch
# PATCH-FIX-FEDORA bsc#1221821 FIPS: Disable FIPS 186-4 Domain Parameters
Patch61: openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
Patch38: openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
# PATCH-FIX-SUSE bsc#1221365 FIPS: Service Level Indicator is needed
Patch62: openssl-3-FIPS-GCM-Implement-explicit-indicator-for-IV-gen.patch
Patch39: openssl-3-FIPS-GCM-Implement-explicit-indicator-for-IV-gen.patch
# PATCH-FIX-FEDORA bsc#1221827 FIPS: Recommendation for Password-Based Key Derivation
Patch63: openssl-pbkdf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
Patch40: openssl-pbkdf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
# PATCH-FIX-FEDORA bsc#1221365 FIPS: Service Level Indicator is needed
Patch64: openssl-FIPS-enforce-EMS-support.patch
Patch41: openssl-FIPS-enforce-EMS-support.patch
# PATCH-FIX-SUSE bsc#1221824 FIPS: Add check for SP 800-56Brev2 Section 6.4.1.2.1
Patch65: openssl-FIPS-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch
Patch42: openssl-FIPS-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch
# PATCH-FIX-SUSE bsc#1220523 FIPS: Port openssl to use jitterentropy
Patch66: openssl-3-jitterentropy-3.4.0.patch
Patch43: openssl-3-jitterentropy-3.4.0.patch
# PATCH-FIX-SUSE bsc#1221753 FIPS: Enforce error state
Patch67: openssl-FIPS-Enforce-error-state.patch
Patch44: openssl-FIPS-Enforce-error-state.patch
# PATCH-FIX-SUSE bsc#1221365 FIPS: Service Level Indicator is needed
Patch68: openssl-FIPS-enforce-security-checks-during-initialization.patch
# PATCH-FIX-SUSE bsc#1221753 bsc#1221760 FIPS: RSA keygen PCT requirements
Patch69: openssl-3-FIPS-PCT_rsa_keygen.patch
# PATCH-FIX-FEDORA bsc#1221365 FIPS: Deny SHA-1 signature verification in FIPS provider
Patch70: openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
# PATCH-FIX-UPSTREAM bsc#1230698 CVE-2024-41996: Validation order of the DH public keys
Patch72: openssl-CVE-2024-41996.patch
# PATCH-FIX-UPSTREAM bsc#1220262 CVE-2023-50782: Implicit rejection in PKCS#1 v1.5
Patch73: openssl-CVE-2023-50782.patch
# PATCH-FIX-UPSTREAM bsc#1231741 CVE-2024-9143: low-level invalid GF(2^m) parameters lead to OOB memory access
Patch74: openssl-CVE-2024-9143.patch
Patch45: openssl-FIPS-enforce-security-checks-during-initialization.patch
# PATCH-FIX-FEDORA Adapt pairwise tests
Patch46: openssl-skip-quic-pairwise.patch
# PATCH-FIX-UPSTREAM support MSA 12 (SHA3) jsc#PED-10280
Patch48: openssl-3-add_EVP_DigestSqueeze_api.patch
Patch49: openssl-3-support-multiple-sha3_squeeze_s390x.patch
Patch50: openssl-3-add-xof-state-handling-s3_absorb.patch
Patch51: openssl-3-fix-state-handling-sha3_absorb_s390x.patch
Patch52: openssl-3-fix-state-handling-sha3_final_s390x.patch
Patch53: openssl-3-fix-state-handling-shake_final_s390x.patch
Patch54: openssl-3-fix-state-handling-keccak_final_s390x.patch
Patch55: openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch
Patch56: openssl-3-add-defines-CPACF-funcs.patch
Patch57: openssl-3-add-hw-acceleration-hmac.patch
Patch58: openssl-3-support-CPACF-sha3-shake-perf-improvement.patch
Patch59: openssl-3-fix-s390x_sha3_absorb.patch
Patch60: openssl-3-fix-s390x_shake_squeeze.patch
# PATCH-FIX-UPSTREAM: support MSA 10 XTS #jsc-PED-10273
Patch61: openssl-3-hw-acceleration-aes-xts-s390x.patch
# PATCH-FIX-UPSTREAM: support MSA 11 HMAC #jsc-PED-10274
Patch62: openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch
Patch63: openssl-3-fix-hmac-digest-detection-s390x.patch
Patch64: openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch
BuildRequires: pkgconfig
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
@@ -248,16 +243,21 @@ export MACHINE=armv5el
export MACHINE=armv6l
%endif
export HASHBANGPERL=/usr/bin/perl
./Configure \
no-mdc2 no-ec2m \
no-afalgeng \
enable-rfc3779 enable-camellia enable-seed \
enable-camellia \
%ifarch x86_64 aarch64 ppc64le
enable-ec_nistp_64_gcc_128 \
%endif
enable-fips \
enable-jitterentropy \
enable-ktls \
enable-rfc3779 \
enable-seed \
no-afalgeng \
no-ec2m \
no-mdc2 \
zlib \
--prefix=%{_prefix} \
--libdir=%{_lib} \
@@ -287,14 +287,8 @@ perl configdata.pm --dump
%make_build all
%check
# Relax the crypto-policies requirements for the regression tests
# Revert patch8 before running tests
patch -p1 -R < %{PATCH8}
# Revert openssl-3-use-include-directive.patch because these directories
# exists only in buildroot but not in build system and some tests are failing
# because of it.
patch -p1 -R < %{PATCH26}
# Disable the default provider for the test suite.
# Relax the crypto-policies requirements and disable the default
# provider for the test suite regression tests
patch -p1 < %{SOURCE6}
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
export MALLOC_CHECK_=3
@@ -340,7 +334,7 @@ for lib in %{buildroot}%{_libdir}/*.so.%{version} ; do
done
# Remove static libraries
rm -f %{buildroot}%{_libdir}/lib*.a
rm -f %{buildroot}%{_libdir}/*.a
# Remove the cnf.dist
rm -f %{buildroot}%{ssletcdir}/openssl.cnf.dist
@@ -353,21 +347,13 @@ cp %{buildroot}%{ssletcdir}/openssl.cnf %{buildroot}%{ssletcdir}/openssl-orig.cn
mkdir -p %{buildroot}%{_localstatedir}/lib/ca-certificates/openssl
install -d -m 555 %{buildroot}%{_localstatedir}/lib/ca-certificates/openssl
# Remove the fipsmodule.cnf because FIPS module is loaded automatically
# Remove the fipsmodule.cnf because FIPS module is loaded automatically in FIPS mode
rm -f %{buildroot}%{ssletcdir}/fipsmodule.cnf
ln -sf ./%{_rname} %{buildroot}/%{_includedir}/ssl
mkdir %{buildroot}/%{_datadir}/ssl
mv %{buildroot}/%{ssletcdir}/misc %{buildroot}/%{_datadir}/ssl/
# Create the two directories into which packages will drop their configuration
# files.
mkdir %{buildroot}/%{sslengcnf}
mkdir %{buildroot}/%{sslengdef}
# Create unversioned symbolic links to above directories
ln -s %{sslengcnf} %{buildroot}/%{ssletcdir}/engines.d
ln -s %{sslengdef} %{buildroot}/%{ssletcdir}/engdef.d
# Add the FIPS module configuration from crypto-policies since SP6
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150600
ln -s %{_sysconfdir}/crypto-policies/back-ends/openssl_fips.config %{buildroot}%{ssletcdir}/fips_local.cnf
@@ -402,17 +388,6 @@ if [ "$1" -gt 1 ] ; then
fi
%pre
# Migrate old engines.d to engines1.1.d.rpmsave
if [ ! -L %{ssletcdir}/engines.d ] && [ -d %{ssletcdir}/engines.d ]; then
mkdir %{ssletcdir}/engines1.1.d.rpmsave ||:
mv %{ssletcdir}/engines.d %{ssletcdir}/engines1.1.d.rpmsave ||:
fi
# Migrate old engdef.d to engdef1.1.d.rpmsave
if [ ! -L %{ssletcdir}/engdef.d ] && [ -d %{ssletcdir}/engdef.d ]; then
mkdir %{ssletcdir}/engdef1.1.d.rpmsave ||:
mv %{ssletcdir}/engdef.d %{ssletcdir}/engdef1.1.d.rpmsave ||:
fi
%post -n libopenssl3 -p /sbin/ldconfig
%postun -n libopenssl3 -p /sbin/ldconfig
@@ -456,11 +431,6 @@ fi
%config %{ssletcdir}/fips_local.cnf
%endif
%attr(700,root,root) %{ssletcdir}/private
%dir %{sslengcnf}
%dir %{sslengdef}
# symbolic link to above directories
%{ssletcdir}/engines.d
%{ssletcdir}/engdef.d
%dir %{_datadir}/ssl
%{_datadir}/ssl/misc
%dir %{_localstatedir}/lib/ca-certificates/

224
openssl-Add-FIPS-indicator-parameter-to-HKDF.patch
View File

@@ -1,16 +1,47 @@
From 2000eaead63732669283e6b54c8ef02e268eaeb8 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:29 +0200
Subject: [PATCH 34/48] 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
From 2290280617183863eb15425b8925765966723725 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Thu, 11 Aug 2022 09:27:12 +0200
Subject: KDF: Add FIPS indicators
Patch-name: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
Patch-id: 78
Patch-status: |
# https://bugzilla.redhat.com/show_bug.cgi?id=2114772
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
FIPS requires a number of restrictions on the parameters of the various
key derivation functions implemented in OpenSSL. The KDFs that use
digest algorithms usually should not allow SHAKE (due to FIPS 140-3 IG
C.C). Additionally, some application-specific KDFs have further
restrictions defined in SP 800-135r1.
Generally, all KDFs shall use a key-derivation key length of at least
112 bits due to SP 800-131Ar2 section 8. Additionally any use of a KDF
to generate and output length of less than 112 bits will also set the
indicator to unapproved.
Add explicit indicators to all KDFs usable in FIPS mode except for
PBKDF2 (which has its specific FIPS limits already implemented). The
indicator can be queried using EVP_KDF_CTX_get_params() after setting
the required parameters and keys for the KDF.
Our FIPS provider implements SHA1, SHA2 (both -256 and -512, and the
truncated variants -224 and -384) and SHA3 (-256 and -512, and the
truncated versions -224 and -384), as well as SHAKE-128 and -256.
The SHAKE functions are generally not allowed in KDFs. For the rest, the
support matrix is:
KDF | SHA-1 | SHA-2 | SHA-2 truncated | SHA-3 | SHA-3 truncated
==========================================================================
KBKDF | x | x | x | x | x
HKDF | x | x | x | x | x
TLS1PRF | | SHA-{256,384,512} only | |
SSHKDF | x | x | x | |
SSKDF | x | x | x | x | x
X9.63KDF | | x | x | x | x
X9.42-ASN1 | x | x | x | x | x
TLS1.3PRF | | SHA-{256,384} only | |
Signed-off-by: Clemens Lang <cllang@redhat.com>
Resolves: rhbz#2160733 rhbz#2164763
Related: rhbz#2114772 rhbz#2141695
---
include/crypto/evp.h | 7 ++
include/openssl/core_names.h | 1 +
include/openssl/kdf.h | 4 +
providers/implementations/kdfs/hkdf.c | 100 +++++++++++++++++++++-
providers/implementations/kdfs/kbkdf.c | 82 ++++++++++++++++--
@@ -18,12 +49,13 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
providers/implementations/kdfs/sskdf.c | 100 +++++++++++++++++++++-
providers/implementations/kdfs/tls1_prf.c | 74 +++++++++++++++-
providers/implementations/kdfs/x942kdf.c | 66 +++++++++++++-
util/perl/OpenSSL/paramnames.pm | 1 +
9 files changed, 487 insertions(+), 22 deletions(-)
Index: openssl-3.1.4/include/crypto/evp.h
===================================================================
--- openssl-3.1.4.orig/include/crypto/evp.h
+++ openssl-3.1.4/include/crypto/evp.h
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index e70d8e9e84..76fb990de4 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -219,6 +219,13 @@ struct evp_mac_st {
OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params;
};
@@ -38,23 +70,11 @@ Index: openssl-3.1.4/include/crypto/evp.h
struct evp_kdf_st {
OSSL_PROVIDER *prov;
int name_id;
Index: openssl-3.1.4/include/openssl/core_names.h
===================================================================
--- openssl-3.1.4.orig/include/openssl/core_names.h
+++ openssl-3.1.4/include/openssl/core_names.h
@@ -226,6 +226,7 @@ extern "C" {
#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
#define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
+#define OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR "suse-fips-indicator"
/* Known KDF names */
#define OSSL_KDF_NAME_HKDF "HKDF"
Index: openssl-3.1.4/include/openssl/kdf.h
===================================================================
--- openssl-3.1.4.orig/include/openssl/kdf.h
+++ openssl-3.1.4/include/openssl/kdf.h
@@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *
diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
index 0983230a48..86171635ea 100644
--- a/include/openssl/kdf.h
+++ b/include/openssl/kdf.h
@@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *kdf,
# define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1
# define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2
@@ -65,11 +85,11 @@ Index: openssl-3.1.4/include/openssl/kdf.h
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65
#define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66
#define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
Index: openssl-3.1.4/providers/implementations/kdfs/hkdf.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/kdfs/hkdf.c
+++ openssl-3.1.4/providers/implementations/kdfs/hkdf.c
@@ -43,6 +43,7 @@ static OSSL_FUNC_kdf_settable_ctx_params
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
index dfa7786bde..f01e40ff5a 100644
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -42,6 +42,7 @@ static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_hkdf_settable_ctx_params;
static OSSL_FUNC_kdf_set_ctx_params_fn kdf_hkdf_set_ctx_params;
static OSSL_FUNC_kdf_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params;
static OSSL_FUNC_kdf_get_ctx_params_fn kdf_hkdf_get_ctx_params;
@@ -77,7 +97,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/hkdf.c
static OSSL_FUNC_kdf_derive_fn kdf_tls1_3_derive;
static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_tls1_3_settable_ctx_params;
static OSSL_FUNC_kdf_set_ctx_params_fn kdf_tls1_3_set_ctx_params;
@@ -86,6 +87,10 @@ typedef struct {
@@ -85,6 +86,10 @@ typedef struct {
size_t data_len;
unsigned char *info;
size_t info_len;
@@ -88,7 +108,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/hkdf.c
} KDF_HKDF;
static void *kdf_hkdf_new(void *provctx)
@@ -201,6 +206,11 @@ static int kdf_hkdf_derive(void *vctx, u
@@ -170,6 +175,11 @@ static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen,
return 0;
}
@@ -100,7 +120,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/hkdf.c
switch (ctx->mode) {
case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
default:
@@ -363,13 +373,15 @@ static int kdf_hkdf_get_ctx_params(void
@@ -318,22 +318,85 @@ static int kdf_hkdf_get_ctx_params(void
{
KDF_HKDF *ctx = (KDF_HKDF *)vctx;
OSSL_PARAM *p;
@@ -109,21 +129,20 @@ Index: openssl-3.1.4/providers/implementations/kdfs/hkdf.c
if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
size_t sz = kdf_hkdf_size(ctx);
- if (sz == 0)
+ any_valid = 1;
+
+ if (sz == 0 || !OSSL_PARAM_set_size_t(p, sz))
if (sz == 0)
return 0;
- return OSSL_PARAM_set_size_t(p, sz);
return OSSL_PARAM_set_size_t(p, sz);
}
if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_INFO)) != NULL) {
+ any_valid = 1;
if (ctx->info == NULL || ctx->info_len == 0) {
@@ -378,7 +390,68 @@ static int kdf_hkdf_get_ctx_params(void
p->return_size = 0;
return 1;
}
return OSSL_PARAM_set_octet_string(p, ctx->info, ctx->info_len);
}
- return -2;
+
+#ifdef FIPS_MODULE
+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR))
+ != NULL) {
@@ -188,7 +207,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/hkdf.c
}
static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
@@ -387,6 +460,9 @@ static const OSSL_PARAM *kdf_hkdf_gettab
@@ -348,6 +421,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0),
@@ -198,7 +217,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/hkdf.c
OSSL_PARAM_END
};
return known_gettable_ctx_params;
@@ -717,6 +793,17 @@ static int prov_tls13_hkdf_generate_secr
@@ -677,6 +753,17 @@ static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx,
return ret;
}
@@ -216,7 +235,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/hkdf.c
static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen,
const OSSL_PARAM params[])
{
@@ -732,6 +819,11 @@ static int kdf_tls1_3_derive(void *vctx,
@@ -692,6 +779,11 @@ static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen,
return 0;
}
@@ -228,7 +247,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/hkdf.c
switch (ctx->mode) {
default:
return 0;
@@ -809,7 +901,7 @@ static const OSSL_PARAM *kdf_tls1_3_sett
@@ -769,7 +861,7 @@ static const OSSL_PARAM *kdf_tls1_3_settable_ctx_params(ossl_unused void *ctx,
}
const OSSL_DISPATCH ossl_kdf_tls1_3_kdf_functions[] = {
@@ -237,10 +256,10 @@ Index: openssl-3.1.4/providers/implementations/kdfs/hkdf.c
{ OSSL_FUNC_KDF_DUPCTX, (void(*)(void))kdf_hkdf_dup },
{ OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_hkdf_free },
{ OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_hkdf_reset },
Index: openssl-3.1.4/providers/implementations/kdfs/kbkdf.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/kdfs/kbkdf.c
+++ openssl-3.1.4/providers/implementations/kdfs/kbkdf.c
diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
index a542f84dfa..6b6dfb94ac 100644
--- a/providers/implementations/kdfs/kbkdf.c
+++ b/providers/implementations/kdfs/kbkdf.c
@@ -59,6 +59,9 @@ typedef struct {
kbkdf_mode mode;
EVP_MAC_CTX *ctx_init;
@@ -251,7 +270,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/kbkdf.c
/* Names are lowercased versions of those found in SP800-108. */
int r;
unsigned char *ki;
@@ -72,6 +75,9 @@ typedef struct {
@@ -73,6 +76,9 @@ typedef struct {
int use_l;
int is_kmac;
int use_separator;
@@ -261,7 +280,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/kbkdf.c
} KBKDF;
/* Definitions needed for typechecking. */
@@ -143,6 +149,7 @@ static void kbkdf_reset(void *vctx)
@@ -138,6 +144,7 @@ static void kbkdf_reset(void *vctx)
void *provctx = ctx->provctx;
EVP_MAC_CTX_free(ctx->ctx_init);
@@ -269,7 +288,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/kbkdf.c
OPENSSL_clear_free(ctx->context, ctx->context_len);
OPENSSL_clear_free(ctx->label, ctx->label_len);
OPENSSL_clear_free(ctx->ki, ctx->ki_len);
@@ -308,6 +315,11 @@ static int kbkdf_derive(void *vctx, unsi
@@ -240,6 +247,11 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen,
goto done;
}
@@ -281,7 +300,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/kbkdf.c
h = EVP_MAC_CTX_get_mac_size(ctx->ctx_init);
if (h == 0)
goto done;
@@ -381,6 +393,9 @@ static int kbkdf_set_ctx_params(void *vc
@@ -297,6 +309,9 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
}
}
@@ -291,7 +310,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/kbkdf.c
p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE);
if (p != NULL
&& OPENSSL_strncasecmp("counter", p->data, p->data_size) == 0) {
@@ -461,20 +476,77 @@ static const OSSL_PARAM *kbkdf_settable_
@@ -363,20 +378,77 @@ static const OSSL_PARAM *kbkdf_settable_ctx_params(ossl_unused void *ctx,
static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
OSSL_PARAM *p;
@@ -374,11 +393,11 @@ Index: openssl-3.1.4/providers/implementations/kdfs/kbkdf.c
return known_gettable_ctx_params;
}
Index: openssl-3.1.4/providers/implementations/kdfs/sshkdf.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/kdfs/sshkdf.c
+++ openssl-3.1.4/providers/implementations/kdfs/sshkdf.c
@@ -49,6 +49,9 @@ typedef struct {
diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c
index c592ba72f1..4a52b38266 100644
--- a/providers/implementations/kdfs/sshkdf.c
+++ b/providers/implementations/kdfs/sshkdf.c
@@ -48,6 +48,9 @@ typedef struct {
char type; /* X */
unsigned char *session_id;
size_t session_id_len;
@@ -388,7 +407,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/sshkdf.c
} KDF_SSHKDF;
static void *kdf_sshkdf_new(void *provctx)
@@ -151,6 +154,12 @@ static int kdf_sshkdf_derive(void *vctx,
@@ -126,6 +129,12 @@ static int kdf_sshkdf_derive(void *vctx, unsigned char *key, size_t keylen,
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_TYPE);
return 0;
}
@@ -401,7 +420,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/sshkdf.c
return SSHKDF(md, ctx->key, ctx->key_len,
ctx->xcghash, ctx->xcghash_len,
ctx->session_id, ctx->session_id_len,
@@ -219,10 +228,67 @@ static const OSSL_PARAM *kdf_sshkdf_sett
@@ -194,10 +203,67 @@ static const OSSL_PARAM *kdf_sshkdf_settable_ctx_params(ossl_unused void *ctx,
static int kdf_sshkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
OSSL_PARAM *p;
@@ -472,7 +491,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/sshkdf.c
}
static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx,
@@ -230,6 +296,9 @@ static const OSSL_PARAM *kdf_sshkdf_gett
@@ -205,6 +271,9 @@ static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx,
{
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
@@ -482,11 +501,11 @@ Index: openssl-3.1.4/providers/implementations/kdfs/sshkdf.c
OSSL_PARAM_END
};
return known_gettable_ctx_params;
Index: openssl-3.1.4/providers/implementations/kdfs/sskdf.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/kdfs/sskdf.c
+++ openssl-3.1.4/providers/implementations/kdfs/sskdf.c
@@ -63,6 +63,10 @@ typedef struct {
diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c
index eb54972e1c..23865cd70f 100644
--- a/providers/implementations/kdfs/sskdf.c
+++ b/providers/implementations/kdfs/sskdf.c
@@ -64,6 +64,10 @@ typedef struct {
size_t salt_len;
size_t out_len; /* optional KMAC parameter */
int is_kmac;
@@ -505,7 +524,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/sskdf.c
static OSSL_FUNC_kdf_dupctx_fn sskdf_dup;
static OSSL_FUNC_kdf_freectx_fn sskdf_free;
static OSSL_FUNC_kdf_reset_fn sskdf_reset;
@@ -297,6 +302,16 @@ static void *sskdf_new(void *provctx)
@@ -296,6 +301,16 @@ static void *sskdf_new(void *provctx)
return ctx;
}
@@ -522,7 +541,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/sskdf.c
static void sskdf_reset(void *vctx)
{
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
@@ -392,6 +407,11 @@ static int sskdf_derive(void *vctx, unsi
@@ -361,6 +376,11 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen,
}
md = ossl_prov_digest_md(&ctx->digest);
@@ -534,7 +553,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/sskdf.c
if (ctx->macctx != NULL) {
/* H(x) = KMAC or H(x) = HMAC */
int ret;
@@ -473,6 +493,11 @@ static int x963kdf_derive(void *vctx, un
@@ -442,6 +462,11 @@ static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen,
return 0;
}
@@ -546,7 +565,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/sskdf.c
return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len,
ctx->info, ctx->info_len, 1, key, keylen);
}
@@ -545,10 +570,74 @@ static int sskdf_get_ctx_params(void *vc
@@ -514,10 +539,74 @@ static int sskdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
OSSL_PARAM *p;
@@ -624,7 +643,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/sskdf.c
}
static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx,
@@ -556,6 +645,9 @@ static const OSSL_PARAM *sskdf_gettable_
@@ -525,6 +614,9 @@ static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx,
{
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
@@ -634,7 +653,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/sskdf.c
OSSL_PARAM_END
};
return known_gettable_ctx_params;
@@ -577,7 +669,7 @@ const OSSL_DISPATCH ossl_kdf_sskdf_funct
@@ -545,7 +637,7 @@ const OSSL_DISPATCH ossl_kdf_sskdf_functions[] = {
};
const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[] = {
@@ -643,11 +662,11 @@ Index: openssl-3.1.4/providers/implementations/kdfs/sskdf.c
{ OSSL_FUNC_KDF_DUPCTX, (void(*)(void))sskdf_dup },
{ OSSL_FUNC_KDF_FREECTX, (void(*)(void))sskdf_free },
{ OSSL_FUNC_KDF_RESET, (void(*)(void))sskdf_reset },
Index: openssl-3.1.4/providers/implementations/kdfs/tls1_prf.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/kdfs/tls1_prf.c
+++ openssl-3.1.4/providers/implementations/kdfs/tls1_prf.c
@@ -104,6 +104,13 @@ typedef struct {
diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c
index a4d64b9352..f6782a6ca2 100644
--- a/providers/implementations/kdfs/tls1_prf.c
+++ b/providers/implementations/kdfs/tls1_prf.c
@@ -93,6 +93,13 @@ typedef struct {
/* Buffer of concatenated seed data */
unsigned char seed[TLS1_PRF_MAXBUF];
size_t seedlen;
@@ -661,7 +680,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/tls1_prf.c
} TLS1_PRF;
static void *kdf_tls1_prf_new(void *provctx)
@@ -140,6 +147,7 @@ static void kdf_tls1_prf_reset(void *vct
@@ -129,6 +136,7 @@ static void kdf_tls1_prf_reset(void *vctx)
EVP_MAC_CTX_free(ctx->P_sha1);
OPENSSL_clear_free(ctx->sec, ctx->seclen);
OPENSSL_cleanse(ctx->seed, ctx->seedlen);
@@ -669,7 +688,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/tls1_prf.c
memset(ctx, 0, sizeof(*ctx));
ctx->provctx = provctx;
}
@@ -194,6 +202,10 @@ static int kdf_tls1_prf_derive(void *vct
@@ -157,6 +165,10 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen,
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}
@@ -680,7 +699,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/tls1_prf.c
/*
* The seed buffer is prepended with a label.
@@ -243,6 +255,9 @@ static int kdf_tls1_prf_set_ctx_params(v
@@ -191,6 +203,9 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
}
}
@@ -690,7 +709,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/tls1_prf.c
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL) {
OPENSSL_clear_free(ctx->sec, ctx->seclen);
ctx->sec = NULL;
@@ -284,10 +299,60 @@ static const OSSL_PARAM *kdf_tls1_prf_se
@@ -232,10 +247,60 @@ static const OSSL_PARAM *kdf_tls1_prf_settable_ctx_params(
static int kdf_tls1_prf_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
OSSL_PARAM *p;
@@ -754,7 +773,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/tls1_prf.c
}
static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params(
@@ -295,6 +360,9 @@ static const OSSL_PARAM *kdf_tls1_prf_ge
@@ -243,6 +308,9 @@ static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params(
{
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
@@ -764,10 +783,10 @@ Index: openssl-3.1.4/providers/implementations/kdfs/tls1_prf.c
OSSL_PARAM_END
};
return known_gettable_ctx_params;
Index: openssl-3.1.4/providers/implementations/kdfs/x942kdf.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/kdfs/x942kdf.c
+++ openssl-3.1.4/providers/implementations/kdfs/x942kdf.c
diff --git a/providers/implementations/kdfs/x942kdf.c b/providers/implementations/kdfs/x942kdf.c
index b1bc6f7e1b..8173fc2cc7 100644
--- a/providers/implementations/kdfs/x942kdf.c
+++ b/providers/implementations/kdfs/x942kdf.c
@@ -13,11 +13,13 @@
#include <openssl/core_dispatch.h>
#include <openssl/err.h>
@@ -782,7 +801,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/x942kdf.c
#include "prov/provider_ctx.h"
#include "prov/providercommon.h"
#include "prov/implementations.h"
@@ -49,6 +51,9 @@ typedef struct {
@@ -47,6 +50,9 @@ typedef struct {
const unsigned char *cek_oid;
size_t cek_oid_len;
int use_keybits;
@@ -792,7 +811,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/x942kdf.c
} KDF_X942;
/*
@@ -497,6 +502,10 @@ static int x942kdf_derive(void *vctx, un
@@ -460,6 +466,10 @@ static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen,
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_ENCODING);
return 0;
}
@@ -803,7 +822,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/x942kdf.c
ret = x942kdf_hash_kdm(md, ctx->secret, ctx->secret_len,
der, der_len, ctr, key, keylen);
OPENSSL_free(der);
@@ -600,10 +609,58 @@ static int x942kdf_get_ctx_params(void *
@@ -563,10 +573,58 @@ static int x942kdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
KDF_X942 *ctx = (KDF_X942 *)vctx;
OSSL_PARAM *p;
@@ -865,7 +884,7 @@ Index: openssl-3.1.4/providers/implementations/kdfs/x942kdf.c
}
static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx,
@@ -611,6 +668,9 @@ static const OSSL_PARAM *x942kdf_gettabl
@@ -574,6 +632,9 @@ static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx,
{
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
@@ -875,3 +894,18 @@ Index: openssl-3.1.4/providers/implementations/kdfs/x942kdf.c
OSSL_PARAM_END
};
return known_gettable_ctx_params;
diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
index 70f7c50fe4..6618122417 100644
--- a/util/perl/OpenSSL/paramnames.pm
+++ b/util/perl/OpenSSL/paramnames.pm
@@ -183,6 +183,7 @@ my %params = (
'KDF_PARAM_X942_SUPP_PUBINFO' => "supp-pubinfo",
'KDF_PARAM_X942_SUPP_PRIVINFO' => "supp-privinfo",
'KDF_PARAM_X942_USE_KEYBITS' => "use-keybits",
+ 'KDF_PARAM_SUSE_FIPS_INDICATOR' => "suse-fips-indicator",
'KDF_PARAM_HMACDRBG_ENTROPY' => "entropy",
'KDF_PARAM_HMACDRBG_NONCE' => "nonce",
'KDF_PARAM_THREADS' => "threads", # uint32_t
--
2.39.2

54
openssl-Add-Kernel-FIPS-mode-flag-support.patch
View File

@@ -13,12 +13,12 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
include/internal/provider.h | 3 +++
2 files changed, 39 insertions(+)
diff --git a/crypto/context.c b/crypto/context.c
index e294ea1512..51002ba79a 100644
--- a/crypto/context.c
+++ b/crypto/context.c
@@ -16,6 +16,41 @@
#include "internal/provider.h"
Index: openssl-3.2.3/crypto/context.c
===================================================================
--- openssl-3.2.3.orig/crypto/context.c
+++ openssl-3.2.3/crypto/context.c
@@ -17,6 +17,40 @@
#include "crypto/decoder.h"
#include "crypto/context.h"
+# include <sys/types.h>
@@ -33,33 +33,32 @@ index e294ea1512..51002ba79a 100644
+
+static void read_kernel_fips_flag(void)
+{
+ char buf[2] = "0";
+ int fd;
+ char buf[2] = "0";
+ int fd;
+
+ if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
+ buf[0] = '1';
+ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
+ close(fd);
+ }
+ if (ossl_safe_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
+ buf[0] = '1';
+ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
+ close(fd);
+ }
+
+ if (buf[0] == '1') {
+ kernel_fips_flag = 1;
+ }
+ if (buf[0] == '1') {
+ kernel_fips_flag = 1;
+ }
+
+ return;
+ return;
+}
+
+int ossl_get_kernel_fips_flag()
+{
+ return kernel_fips_flag;
+ return kernel_fips_flag;
+}
+
+
struct ossl_lib_ctx_st {
CRYPTO_RWLOCK *lock, *rand_crngt_lock;
OSSL_EX_DATA_GLOBAL global;
@@ -336,6 +371,7 @@ static int default_context_inited = 0;
@@ -368,6 +402,7 @@ static int default_context_inited = 0;
DEFINE_RUN_ONCE_STATIC(default_context_do_init)
{
@@ -67,11 +66,11 @@ index e294ea1512..51002ba79a 100644
if (!CRYPTO_THREAD_init_local(&default_context_thread_local, NULL))
goto err;
diff --git a/include/internal/provider.h b/include/internal/provider.h
index 18937f84c7..1446bf7afb 100644
--- a/include/internal/provider.h
+++ b/include/internal/provider.h
@@ -112,6 +112,9 @@ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
Index: openssl-3.2.3/include/internal/provider.h
===================================================================
--- openssl-3.2.3.orig/include/internal/provider.h
+++ openssl-3.2.3/include/internal/provider.h
@@ -112,6 +112,9 @@ int ossl_provider_init_as_child(OSSL_LIB
const OSSL_DISPATCH *in);
void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx);
@@ -81,6 +80,3 @@ index 18937f84c7..1446bf7afb 100644
# ifdef __cplusplus
}
# endif
--
2.41.0

3
openssl-Add-changes-to-ectest-and-eccurve.patch
View File

@@ -1135,9 +1135,9 @@ index afef85b0e6..4890b0555e 100644
|| !TEST_int_eq(1, BN_check_prime(p, ctx, NULL))
|| !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF"
@@ -3015,7 +2857,7 @@ int setup_tests(void)
return 0;
ADD_TEST(parameter_test);
ADD_TEST(ossl_parameter_test);
- ADD_TEST(cofactor_range_test);
+ /* ADD_TEST(cofactor_range_test); */
ADD_ALL_TESTS(cardinality_test, crv_len);
@@ -1145,4 +1145,3 @@ index afef85b0e6..4890b0555e 100644
#ifndef OPENSSL_NO_EC2M
--
2.41.0

139
openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
View File

@@ -15,9 +15,11 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
util/libcrypto.num | 1
8 files changed, 110 insertions(+), 14 deletions(-)
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -315,6 +315,10 @@ MANDIR=$(INSTALLTOP)/share/man
Index: openssl-3.2.3/Configurations/unix-Makefile.tmpl
===================================================================
--- openssl-3.2.3.orig/Configurations/unix-Makefile.tmpl
+++ openssl-3.2.3/Configurations/unix-Makefile.tmpl
@@ -324,6 +324,10 @@ MANDIR=$(INSTALLTOP)/share/man
DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
HTMLDIR=$(DOCDIR)/html
@@ -28,7 +30,7 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
# MANSUFFIX is for the benefit of anyone who may want to have a suffix
# appended after the manpage file section number. "ssl" is popular,
# resulting in files such as config.5ssl rather than config.5.
@@ -338,6 +342,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
@@ -347,6 +351,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
CPPFLAGS={- our $cppflags1 = join(" ",
(map { "-D".$_} @{$config{CPPDEFINES}}),
@@ -36,14 +38,16 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
(map { "-I".$_} @{$config{CPPINCLUDES}}),
@{$config{CPPFLAGS}}) -}
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
--- a/Configure
+++ b/Configure
Index: openssl-3.2.3/Configure
===================================================================
--- openssl-3.2.3.orig/Configure
+++ openssl-3.2.3/Configure
@@ -27,7 +27,7 @@ use OpenSSL::config;
my $orig_death_handler = $SIG{__DIE__};
$SIG{__DIE__} = \&death_handler;
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
-my $usage="Usage: Configure [no-<feature> ...] [enable-<feature> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]thread-pool] [[no-]default-thread-pool] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<feature> ...] [enable-<feature> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]thread-pool] [[no-]default-thread-pool] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
my $banner = <<"EOF";
@@ -58,7 +62,7 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
# --banner=".." Output specified text instead of default completion banner
#
# -w Don't wait after showing a Configure warning
@@ -387,6 +391,7 @@ $config{prefix}="";
@@ -393,6 +397,7 @@ $config{prefix}="";
$config{openssldir}="";
$config{processor}="";
$config{libdir}="";
@@ -66,7 +70,7 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
@@ -989,6 +994,10 @@ while (@argvcopy)
@@ -1047,6 +1052,10 @@ while (@argvcopy)
die "FIPS key too long (64 bytes max)\n"
if length $1 > 64;
}
@@ -77,9 +81,11 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
elsif (/^--banner=(.*)$/)
{
$banner = $1 . "\n";
--- a/doc/man1/openssl-ciphers.pod.in
+++ b/doc/man1/openssl-ciphers.pod.in
@@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
Index: openssl-3.2.3/doc/man1/openssl-ciphers.pod.in
===================================================================
--- openssl-3.2.3.orig/doc/man1/openssl-ciphers.pod.in
+++ openssl-3.2.3/doc/man1/openssl-ciphers.pod.in
@@ -190,6 +190,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
The cipher suites not enabled by B<ALL>, currently B<eNULL>.
@@ -95,9 +101,11 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
=item B<HIGH>
"High" encryption cipher suites. This currently means those with key lengths
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -213,6 +213,11 @@ extern "C" {
Index: openssl-3.2.3/include/openssl/ssl.h.in
===================================================================
--- openssl-3.2.3.orig/include/openssl/ssl.h.in
+++ openssl-3.2.3/include/openssl/ssl.h.in
@@ -214,6 +214,11 @@ extern "C" {
* throwing out anonymous and unencrypted ciphersuites! (The latter are not
* actually enabled by ALL, but "ALL:RSA" would enable some of them.)
*/
@@ -109,9 +117,11 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
# define SSL_SENT_SHUTDOWN 1
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1443,6 +1443,53 @@ int SSL_set_ciphersuites(SSL *s, const c
Index: openssl-3.2.3/ssl/ssl_ciph.c
===================================================================
--- openssl-3.2.3.orig/ssl/ssl_ciph.c
+++ openssl-3.2.3/ssl/ssl_ciph.c
@@ -1455,6 +1455,53 @@ int SSL_set_ciphersuites(SSL *s, const c
return ret;
}
@@ -165,7 +175,7 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
STACK_OF(SSL_CIPHER) **cipher_list,
@@ -1457,15 +1504,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
@@ -1469,15 +1516,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
const SSL_CIPHER **ca_list = NULL;
const SSL_METHOD *ssl_method = ctx->method;
@@ -193,16 +203,16 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
/*
* To reduce the work to do we only want to process the compiled
@@ -1487,7 +1544,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
if (co_list == NULL) {
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
- return NULL; /* Failure */
+ goto err;
@@ -1499,7 +1556,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
if (num_of_ciphers > 0) {
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
if (co_list == NULL)
- return NULL; /* Failure */
+ goto err;
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
@@ -1553,8 +1610,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
@@ -1565,8 +1622,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
* in force within each class
*/
if (!ssl_cipher_strength_sort(&head, &tail)) {
@@ -212,18 +222,17 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
}
/*
@@ -1598,9 +1654,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
@@ -1610,8 +1666,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
if (ca_list == NULL) {
- OPENSSL_free(co_list);
ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE);
- return NULL; /* Failure */
+ goto err;
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc,
@@ -1633,8 +1688,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
@@ -1644,8 +1699,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
OPENSSL_free(ca_list); /* Not needed anymore */
if (!ok) { /* Rule processing failure */
@@ -233,7 +242,7 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
}
/*
@@ -1642,10 +1696,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
@@ -1653,10 +1707,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
* if we cannot get one.
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
@@ -249,7 +258,7 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
/* Add TLSv1.3 ciphers first - we always prefer those if possible */
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
@@ -1697,6 +1754,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
@@ -1708,6 +1765,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
*cipher_list = cipherstack;
return cipherstack;
@@ -264,9 +273,11 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
}
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -661,7 +661,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
Index: openssl-3.2.3/ssl/ssl_lib.c
===================================================================
--- openssl-3.2.3.orig/ssl/ssl_lib.c
+++ openssl-3.2.3/ssl/ssl_lib.c
@@ -670,7 +670,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
ctx->tls13_ciphersuites,
&(ctx->cipher_list),
&(ctx->cipher_list_by_id),
@@ -275,7 +286,7 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return 0;
@@ -3286,7 +3286,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *li
@@ -3955,7 +3955,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *li
if (!ssl_create_cipher_list(ret,
ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id,
@@ -283,10 +294,12 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert)
|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
--- a/test/cipherlist_test.c
+++ b/test/cipherlist_test.c
@@ -246,7 +246,9 @@ end:
goto err;
Index: openssl-3.2.3/test/cipherlist_test.c
===================================================================
--- openssl-3.2.3.orig/test/cipherlist_test.c
+++ openssl-3.2.3/test/cipherlist_test.c
@@ -261,7 +261,9 @@ end:
int setup_tests(void)
{
@@ -295,11 +308,41 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
+#endif
ADD_TEST(test_default_cipherlist_explicit);
ADD_TEST(test_default_cipherlist_clear);
return 1;
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5435,3 +5435,4 @@ EVP_MD_CTX_dup
EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
ADD_TEST(test_stdname_cipherlist);
Index: openssl-3.2.3/util/libcrypto.num
===================================================================
--- openssl-3.2.3.orig/util/libcrypto.num
+++ openssl-3.2.3/util/libcrypto.num
@@ -5536,3 +5536,4 @@ X509_STORE_CTX_set_get_crl
X509_STORE_CTX_set_current_reasons 5664 3_2_0 EXIST::FUNCTION:
OSSL_STORE_delete 5665 3_2_0 EXIST::FUNCTION:
BIO_ADDR_copy 5666 3_2_0 EXIST::FUNCTION:SOCK
+ossl_safe_getenv ? 3_2_0 EXIST::FUNCTION:
Index: openssl-3.2.3/apps/openssl.cnf
===================================================================
--- openssl-3.2.3.orig/apps/openssl.cnf
+++ openssl-3.2.3/apps/openssl.cnf
@@ -52,6 +52,11 @@ tsa_policy3 = 1.2.3.4.5.7
[openssl_init]
providers = provider_sect
+# Load default TLS policy configuration
+ssl_conf = ssl_module
+
+[ evp_properties ]
+# This section is intentionally added empty here to be tuned on particular systems
# List of providers to load
[provider_sect]
@@ -71,6 +76,11 @@ default = default_sect
[default_sect]
# activate = 1
+[ ssl_module ]
+system_default = crypto_policy
+
+[ crypto_policy ]
+.include = /etc/crypto-policies/back-ends/opensslcnf.config
####################################################################
[ ca ]

743
openssl-Add_support_for_Windows_CA_certificate_store.patch
View File

@@ -1,743 +0,0 @@
From 2a071544f7d2e963a1f68f266f4e375568909d38 Mon Sep 17 00:00:00 2001
From: Hugo Landau <hlandau@openssl.org>
Date: Fri, 8 Apr 2022 13:10:52 +0100
Subject: [PATCH 1/8] Fix URI handling in SSL_CERT_DIR/introduce SSL_CERT_URI
env
Fixes #18068.
---
CHANGES.md | 21
Configure | 7
crypto/x509/by_dir.c | 17
crypto/x509/by_store.c | 14
crypto/x509/x509_def.c | 15
doc/build.info | 6
doc/man3/X509_get_default_cert_file.pod | 113 +++++
include/internal/cryptlib.h | 11
include/internal/e_os.h | 2
include/openssl/x509.h.in | 3
providers/implementations/include/prov/implementations.h | 1
providers/implementations/storemgmt/build.info | 3
providers/implementations/storemgmt/winstore_store.c | 327 +++++++++++++++
providers/stores.inc | 3
util/libcrypto.num | 3
util/missingcrypto.txt | 4
16 files changed, 536 insertions(+), 14 deletions(-)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -24,6 +24,27 @@ OpenSSL 3.1
### Changes between 3.1.0 and 3.1.1 [30 May 2023]
+ * The `SSL_CERT_PATH` and `SSL_CERT_URI` environment variables are introduced.
+ `SSL_CERT_URI` can be used to specify a URI for a root certificate store. The
+ `SSL_CERT_PATH` environment variable specifies a delimiter-separated list of
+ paths which are searched for root certificates.
+
+ The existing `SSL_CERT_DIR` environment variable is deprecated.
+ `SSL_CERT_DIR` was previously used to specify either a delimiter-separated
+ list of paths or an URI, which is ambiguous. Setting `SSL_CERT_PATH` causes
+ `SSL_CERT_DIR` to be ignored for the purposes of determining root certificate
+ directories, and setting `SSL_CERT_URI` causes `SSL_CERT_DIR` to be ignored
+ for the purposes of determining root certificate stores.
+
+ *Hugo Landau*
+
+ * Support for loading root certificates from the Windows certificate store
+ has been added. The support is in the form of a store which recognises the
+ URI string of `org.openssl.winstore://`. This store is enabled by default and
+ can be disabled using the new compile-time option `no-winstore`.
+
+ *Hugo Landau*
+
* Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.
--- a/Configure
+++ b/Configure
@@ -420,6 +420,7 @@ my @disablables = (
"cached-fetch",
"camellia",
"capieng",
+ "winstore",
"cast",
"chacha",
"cmac",
@@ -1726,6 +1727,12 @@ unless ($disabled{ktls}) {
}
}
+unless ($disabled{winstore}) {
+ unless ($target =~ /^(?:Cygwin|mingw|VC-|BC-)/) {
+ disable('not-windows', 'winstore');
+ }
+}
+
push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls});
# Get the extra flags used when building shared libraries and modules. We
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -88,13 +88,18 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
switch (cmd) {
case X509_L_ADD_DIR:
if (argl == X509_FILETYPE_DEFAULT) {
- const char *dir = ossl_safe_getenv(X509_get_default_cert_dir_env());
+ /* If SSL_CERT_PATH is provided and non-empty, use that. */
+ const char *dir = ossl_safe_getenv(X509_get_default_cert_path_env());
- if (dir)
- ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
- else
- ret = add_cert_dir(ld, X509_get_default_cert_dir(),
- X509_FILETYPE_PEM);
+ /* Fallback to SSL_CERT_DIR. */
+ if (dir == NULL)
+ dir = ossl_safe_getenv(X509_get_default_cert_dir_env());
+
+ /* Fallback to built-in default. */
+ if (dir == NULL)
+ dir = X509_get_default_cert_dir();
+
+ ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
if (!ret) {
ERR_raise(ERR_LIB_X509, X509_R_LOADING_CERT_DIR);
}
--- a/crypto/x509/by_store.c
+++ b/crypto/x509/by_store.c
@@ -111,11 +111,21 @@ static int by_store_ctrl_ex(X509_LOOKUP
{
switch (cmd) {
case X509_L_ADD_STORE:
- /* If no URI is given, use the default cert dir as default URI */
+ /* First try the newer default cert URI envvar. */
+ if (argp == NULL)
+ argp = ossl_safe_getenv(X509_get_default_cert_uri_env());
+
+ /* If not set, see if we have a URI in the older cert dir envvar. */
if (argp == NULL)
argp = ossl_safe_getenv(X509_get_default_cert_dir_env());
+
+ /* Fallback to default store URI. */
if (argp == NULL)
- argp = X509_get_default_cert_dir();
+ argp = X509_get_default_cert_uri();
+
+ /* No point adding an empty URI. */
+ if (!*argp)
+ return 1;
{
STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
--- a/crypto/x509/x509_def.c
+++ b/crypto/x509/x509_def.c
@@ -22,6 +22,11 @@ const char *X509_get_default_cert_area(v
return X509_CERT_AREA;
}
+const char *X509_get_default_cert_uri(void)
+{
+ return X509_CERT_URI;
+}
+
const char *X509_get_default_cert_dir(void)
{
return X509_CERT_DIR;
@@ -32,6 +37,16 @@ const char *X509_get_default_cert_file(v
return X509_CERT_FILE;
}
+const char *X509_get_default_cert_uri_env(void)
+{
+ return X509_CERT_URI_EVP;
+}
+
+const char *X509_get_default_cert_path_env(void)
+{
+ return X509_CERT_PATH_EVP;
+}
+
const char *X509_get_default_cert_dir_env(void)
{
return X509_CERT_DIR_EVP;
--- a/doc/build.info
+++ b/doc/build.info
@@ -2791,6 +2791,10 @@ DEPEND[html/man3/X509_get0_uids.html]=ma
GENERATE[html/man3/X509_get0_uids.html]=man3/X509_get0_uids.pod
DEPEND[man/man3/X509_get0_uids.3]=man3/X509_get0_uids.pod
GENERATE[man/man3/X509_get0_uids.3]=man3/X509_get0_uids.pod
+DEPEND[html/man3/X509_get_default_cert_file.html]=man3/X509_get_default_cert_file.pod
+GENERATE[html/man3/X509_get_default_cert_file.html]=man3/X509_get_default_cert_file.pod
+DEPEND[man/man3/X509_get_default_cert_file.3]=man3/X509_get_default_cert_file.pod
+GENERATE[man/man3/X509_get_default_cert_file.3]=man3/X509_get_default_cert_file.pod
DEPEND[html/man3/X509_get_extension_flags.html]=man3/X509_get_extension_flags.pod
GENERATE[html/man3/X509_get_extension_flags.html]=man3/X509_get_extension_flags.pod
DEPEND[man/man3/X509_get_extension_flags.3]=man3/X509_get_extension_flags.pod
@@ -3461,6 +3465,7 @@ html/man3/X509_get0_distinguishing_id.ht
html/man3/X509_get0_notBefore.html \
html/man3/X509_get0_signature.html \
html/man3/X509_get0_uids.html \
+html/man3/X509_get_default_cert_file.html \
html/man3/X509_get_extension_flags.html \
html/man3/X509_get_pubkey.html \
html/man3/X509_get_serialNumber.html \
@@ -4064,6 +4069,7 @@ man/man3/X509_get0_distinguishing_id.3 \
man/man3/X509_get0_notBefore.3 \
man/man3/X509_get0_signature.3 \
man/man3/X509_get0_uids.3 \
+man/man3/X509_get_default_cert_file.3 \
man/man3/X509_get_extension_flags.3 \
man/man3/X509_get_pubkey.3 \
man/man3/X509_get_serialNumber.3 \
--- /dev/null
+++ b/doc/man3/X509_get_default_cert_file.pod
@@ -0,0 +1,113 @@
+=pod
+
+=head1 NAME
+
+X509_get_default_cert_file, X509_get_default_cert_file_env,
+X509_get_default_cert_path_env,
+X509_get_default_cert_dir, X509_get_default_cert_dir_env,
+X509_get_default_cert_uri, X509_get_default_cert_uri_env -
+retrieve default locations for trusted CA certificates
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ const char *X509_get_default_cert_file(void);
+ const char *X509_get_default_cert_dir(void);
+ const char *X509_get_default_cert_uri(void);
+
+ const char *X509_get_default_cert_file_env(void);
+ const char *X509_get_default_cert_path_env(void);
+ const char *X509_get_default_cert_dir_env(void);
+ const char *X509_get_default_cert_uri_env(void);
+
+=head1 DESCRIPTION
+
+The X509_get_default_cert_file() function returns the default path
+to a file containing trusted CA certificates. OpenSSL will use this as
+the default path when it is asked to load trusted CA certificates
+from a file and no other path is specified. If the file exists, CA certificates
+are loaded from the file.
+
+The X509_get_default_cert_dir() function returns a default delimeter-separated
+list of paths to a directories containing trusted CA certificates named in the
+hashed format. OpenSSL will use this as the default list of paths when it is
+asked to load trusted CA certificates from a directory and no other path is
+specified. If a given directory in the list exists, OpenSSL attempts to lookup
+CA certificates in this directory by calculating a filename based on a hash of
+the certificate's subject name.
+
+The X509_get_default_cert_uri() function returns the default URI for a
+certificate store accessed programmatically via an OpenSSL provider. If there is
+no default store applicable to the system for which OpenSSL was compiled, this
+returns an empty string.
+
+X509_get_default_cert_file_env() and X509_get_default_cert_uri_env() return
+environment variable names which are recommended to specify nondefault values to
+be used instead of the values returned by X509_get_default_cert_file() and
+X509_get_default_cert_uri() respectively. The values returned by the latter
+functions are not affected by these environment variables; you must check for
+these environment variables yourself, using these functions to retrieve the
+correct environment variable names. If an environment variable is not set, the
+value returned by the corresponding function above should be used.
+
+X509_get_default_cert_path_env() returns the environment variable name which is
+recommended to specify a nondefault value to be used instead of the value
+returned by X509_get_default_cert_dir(). This environment variable supercedes
+the deprecated environment variable whose name is returned by
+X509_get_default_cert_dir_env(). This environment variable was deprecated as its
+contents can be interpreted ambiguously; see NOTES.
+
+By default, OpenSSL uses the path list specified in the environment variable
+whose name is returned by X509_get_default_cert_path_env() if it is set;
+otherwise, it uses the path list specified in the environment variable whose
+name is returned by X509_get_default_cert_dir_env() if it is set; otherwise, it
+uses the value returned by X509_get_default_cert_dir()).
+
+=head1 NOTES
+
+X509_get_default_cert_uri(), X509_get_default_cert_uri_env() and
+X509_get_default_cert_path_env() were introduced in OpenSSL 3.1. Prior to this
+release, store URIs were expressed via the environment variable returned by
+X509_get_default_cert_dir_env(); this environment variable could be used to
+specify either a list of directories or a store URI. This creates an ambiguity
+in which the environment variable returned by X509_get_default_cert_dir_env() is
+interpreted both as a list of directories and as a store URI.
+
+This usage and the environment variable returned by
+X509_get_default_cert_dir_env() are now deprecated; to specify a store URI, use
+the environment variable returned by X509_get_default_cert_uri_env(), and to
+specify a list of directories, use the environment variable returned by
+X509_get_default_cert_path_env().
+
+=head1 RETURN VALUES
+
+These functions return pointers to constant strings with static storage
+duration.
+
+=head1 SEE ALSO
+
+L<X509_LOOKUP(3)>,
+L<SSL_CTX_set_default_verify_file(3)>,
+L<SSL_CTX_set_default_verify_dir(3)>,
+L<SSL_CTX_set_default_verify_store(3)>,
+L<SSL_CTX_load_verify_file(3)>,
+L<SSL_CTX_load_verify_dir(3)>,
+L<SSL_CTX_load_verify_store(3)>,
+L<SSL_CTX_load_verify_locations(3)>
+
+=head1 HISTORY
+
+X509_get_default_cert_uri(), X509_get_default_cert_path_env() and
+X509_get_default_cert_uri_env() were introduced in OpenSSL 3.1.
+
+=head1 COPYRIGHT
+
+Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@@ -13,6 +13,8 @@
# include <stdlib.h>
# include <string.h>
+# include "openssl/configuration.h"
+# include "internal/e_os.h" /* ossl_inline in many files */
# ifdef OPENSSL_USE_APPLINK
# define BIO_FLAGS_UPLINK_INTERNAL 0x8000
@@ -77,6 +79,14 @@ DEFINE_LHASH_OF_EX(MEM);
# define CTLOG_FILE "OSSL$DATAROOT:[000000]ct_log_list.cnf"
# endif
+#ifndef OPENSSL_NO_WINSTORE
+# define X509_CERT_URI "org.openssl.winstore://"
+#else
+# define X509_CERT_URI ""
+#endif
+
+# define X509_CERT_URI_EVP "SSL_CERT_URI"
+# define X509_CERT_PATH_EVP "SSL_CERT_PATH"
# define X509_CERT_DIR_EVP "SSL_CERT_DIR"
# define X509_CERT_FILE_EVP "SSL_CERT_FILE"
# define CTLOG_FILE_EVP "CTLOG_FILE"
@@ -240,5 +250,4 @@ static ossl_inline int ossl_is_absolute_
# endif
return path[0] == '/';
}
-
#endif
--- a/include/internal/e_os.h
+++ b/include/internal/e_os.h
@@ -249,7 +249,7 @@ FILE *__iob_func();
/***********************************************/
# if defined(OPENSSL_SYS_WINDOWS)
-# if (_MSC_VER >= 1310) && !defined(_WIN32_WCE)
+# if defined(_MSC_VER) && (_MSC_VER >= 1310) && !defined(_WIN32_WCE)
# define open _open
# define fdopen _fdopen
# define close _close
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -491,8 +491,11 @@ ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s
ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj);
const char *X509_get_default_cert_area(void);
+const char *X509_get_default_cert_uri(void);
const char *X509_get_default_cert_dir(void);
const char *X509_get_default_cert_file(void);
+const char *X509_get_default_cert_uri_env(void);
+const char *X509_get_default_cert_path_env(void);
const char *X509_get_default_cert_dir_env(void);
const char *X509_get_default_cert_file_env(void);
const char *X509_get_default_private_dir(void);
--- a/providers/implementations/include/prov/implementations.h
+++ b/providers/implementations/include/prov/implementations.h
@@ -517,3 +517,4 @@ extern const OSSL_DISPATCH ossl_SubjectP
extern const OSSL_DISPATCH ossl_pem_to_der_decoder_functions[];
extern const OSSL_DISPATCH ossl_file_store_functions[];
+extern const OSSL_DISPATCH ossl_winstore_store_functions[];
--- a/providers/implementations/storemgmt/build.info
+++ b/providers/implementations/storemgmt/build.info
@@ -4,3 +4,6 @@
$STORE_GOAL=../../libdefault.a
SOURCE[$STORE_GOAL]=file_store.c file_store_any2obj.c
+IF[{- !$disabled{winstore} -}]
+ SOURCE[$STORE_GOAL]=winstore_store.c
+ENDIF
--- /dev/null
+++ b/providers/implementations/storemgmt/winstore_store.c
@@ -0,0 +1,327 @@
+/*
+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <openssl/store.h>
+#include <openssl/core_dispatch.h>
+#include <openssl/core_names.h>
+#include <openssl/core_object.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/params.h>
+#include <openssl/decoder.h>
+#include <openssl/proverr.h>
+#include <openssl/store.h> /* The OSSL_STORE_INFO type numbers */
+#include "internal/cryptlib.h"
+#include "internal/o_dir.h"
+#include "crypto/decoder.h"
+#include "crypto/ctype.h" /* ossl_isdigit() */
+#include "prov/implementations.h"
+#include "prov/bio.h"
+#include "file_store_local.h"
+
+#include <wincrypt.h>
+
+enum {
+ STATE_IDLE,
+ STATE_READ,
+ STATE_EOF,
+};
+
+struct winstore_ctx_st {
+ void *provctx;
+ char *propq;
+ unsigned char *subject;
+ size_t subject_len;
+
+ HCERTSTORE win_store;
+ const CERT_CONTEXT *win_ctx;
+ int state;
+
+ OSSL_DECODER_CTX *dctx;
+};
+
+static void winstore_win_reset(struct winstore_ctx_st *ctx)
+{
+ if (ctx->win_ctx != NULL) {
+ CertFreeCertificateContext(ctx->win_ctx);
+ ctx->win_ctx = NULL;
+ }
+
+ ctx->state = STATE_IDLE;
+}
+
+static void winstore_win_advance(struct winstore_ctx_st *ctx)
+{
+ CERT_NAME_BLOB name = {0};
+
+ if (ctx->state == STATE_EOF)
+ return;
+
+ name.cbData = ctx->subject_len;
+ name.pbData = ctx->subject;
+
+ ctx->win_ctx = (name.cbData == 0 ? NULL :
+ CertFindCertificateInStore(ctx->win_store,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0, CERT_FIND_SUBJECT_NAME,
+ &name, ctx->win_ctx));
+
+ ctx->state = (ctx->win_ctx == NULL) ? STATE_EOF : STATE_READ;
+}
+
+static void *winstore_open(void *provctx, const char *uri)
+{
+ struct winstore_ctx_st *ctx = NULL;
+
+ if (!HAS_CASE_PREFIX(uri, "org.openssl.winstore:"))
+ return NULL;
+
+ ctx = OPENSSL_zalloc(sizeof(*ctx));
+ if (ctx == NULL)
+ return NULL;
+
+ ctx->provctx = provctx;
+ ctx->win_store = CertOpenSystemStoreW(0, L"ROOT");
+ if (ctx->win_store == NULL) {
+ OPENSSL_free(ctx);
+ return NULL;
+ }
+
+ winstore_win_reset(ctx);
+ return ctx;
+}
+
+static void *winstore_attach(void *provctx, OSSL_CORE_BIO *cin)
+{
+ return NULL; /* not supported */
+}
+
+static const OSSL_PARAM *winstore_settable_ctx_params(void *loaderctx, const OSSL_PARAM params[])
+{
+ static const OSSL_PARAM known_settable_ctx_params[] = {
+ OSSL_PARAM_octet_string(OSSL_STORE_PARAM_SUBJECT, NULL, 0),
+ OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES, NULL, 0),
+ OSSL_PARAM_END
+ };
+ return known_settable_ctx_params;
+}
+
+static int winstore_set_ctx_params(void *loaderctx, const OSSL_PARAM params[])
+{
+ struct winstore_ctx_st *ctx = loaderctx;
+ const OSSL_PARAM *p;
+ int do_reset = 0;
+
+ if (params == NULL)
+ return 1;
+
+ p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_PROPERTIES);
+ if (p != NULL) {
+ do_reset = 1;
+ OPENSSL_free(ctx->propq);
+ ctx->propq = NULL;
+ if (!OSSL_PARAM_get_utf8_string(p, &ctx->propq, 0))
+ return 0;
+ }
+
+ p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT);
+ if (p != NULL) {
+ const unsigned char *der = NULL;
+ size_t der_len = 0;
+
+ if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&der, &der_len))
+ return 0;
+
+ do_reset = 1;
+
+ OPENSSL_free(ctx->subject);
+
+ ctx->subject = OPENSSL_malloc(der_len);
+ if (ctx->subject == NULL) {
+ ctx->subject_len = 0;
+ return 0;
+ }
+
+ ctx->subject_len = der_len;
+ memcpy(ctx->subject, der, der_len);
+ }
+
+ if (do_reset) {
+ winstore_win_reset(ctx);
+ winstore_win_advance(ctx);
+ }
+
+ return 1;
+}
+
+struct load_data_st {
+ OSSL_CALLBACK *object_cb;
+ void *object_cbarg;
+};
+
+static int load_construct(OSSL_DECODER_INSTANCE *decoder_inst,
+ const OSSL_PARAM *params, void *construct_data)
+{
+ struct load_data_st *data = construct_data;
+ return data->object_cb(params, data->object_cbarg);
+}
+
+static void load_cleanup(void *construct_data)
+{
+ /* No-op. */
+}
+
+static int setup_decoder(struct winstore_ctx_st *ctx)
+{
+ OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx);
+ const OSSL_ALGORITHM *to_algo = NULL;
+
+ if (ctx->dctx != NULL)
+ return 1;
+
+ ctx->dctx = OSSL_DECODER_CTX_new();
+ if (ctx->dctx == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ if (!OSSL_DECODER_CTX_set_input_type(ctx->dctx, "DER")) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
+ goto err;
+ }
+
+ if (!OSSL_DECODER_CTX_set_input_structure(ctx->dctx, "Certificate")) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
+ goto err;
+ }
+
+ for (to_algo = ossl_any_to_obj_algorithm;
+ to_algo->algorithm_names != NULL;
+ to_algo++) {
+ OSSL_DECODER *to_obj = NULL;
+ OSSL_DECODER_INSTANCE *to_obj_inst = NULL;
+
+ /*
+ * Create the internal last resort decoder implementation
+ * together with a "decoder instance".
+ * The decoder doesn't need any identification or to be
+ * attached to any provider, since it's only used locally.
+ */
+ to_obj = ossl_decoder_from_algorithm(0, to_algo, NULL);
+ if (to_obj != NULL)
+ to_obj_inst = ossl_decoder_instance_new(to_obj, ctx->provctx);
+
+ OSSL_DECODER_free(to_obj);
+ if (to_obj_inst == NULL)
+ goto err;
+
+ if (!ossl_decoder_ctx_add_decoder_inst(ctx->dctx,
+ to_obj_inst)) {
+ ossl_decoder_instance_free(to_obj_inst);
+ ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
+ goto err;
+ }
+ }
+
+ if (!OSSL_DECODER_CTX_add_extra(ctx->dctx, libctx, ctx->propq)) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
+ goto err;
+ }
+
+ if (!OSSL_DECODER_CTX_set_construct(ctx->dctx, load_construct)) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
+ goto err;
+ }
+
+ if (!OSSL_DECODER_CTX_set_cleanup(ctx->dctx, load_cleanup)) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
+ goto err;
+ }
+
+ return 1;
+
+err:
+ OSSL_DECODER_CTX_free(ctx->dctx);
+ ctx->dctx = NULL;
+ return 0;
+}
+
+static int winstore_load_using(struct winstore_ctx_st *ctx,
+ OSSL_CALLBACK *object_cb, void *object_cbarg,
+ OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg,
+ const void *der, size_t der_len)
+{
+ struct load_data_st data;
+ const unsigned char *der_ = der;
+ size_t der_len_ = der_len;
+
+ if (setup_decoder(ctx) == 0)
+ return 0;
+
+ data.object_cb = object_cb;
+ data.object_cbarg = object_cbarg;
+
+ OSSL_DECODER_CTX_set_construct_data(ctx->dctx, &data);
+ OSSL_DECODER_CTX_set_passphrase_cb(ctx->dctx, pw_cb, pw_cbarg);
+
+ if (OSSL_DECODER_from_data(ctx->dctx, &der_, &der_len_) == 0)
+ return 0;
+
+ return 1;
+}
+
+static int winstore_load(void *loaderctx,
+ OSSL_CALLBACK *object_cb, void *object_cbarg,
+ OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
+{
+ int ret = 0;
+ struct winstore_ctx_st *ctx = loaderctx;
+
+ if (ctx->state != STATE_READ)
+ return 0;
+
+ ret = winstore_load_using(ctx, object_cb, object_cbarg, pw_cb, pw_cbarg,
+ ctx->win_ctx->pbCertEncoded,
+ ctx->win_ctx->cbCertEncoded);
+
+ if (ret == 1)
+ winstore_win_advance(ctx);
+
+ return ret;
+}
+
+static int winstore_eof(void *loaderctx)
+{
+ struct winstore_ctx_st *ctx = loaderctx;
+
+ return ctx->state != STATE_READ;
+}
+
+static int winstore_close(void *loaderctx)
+{
+ struct winstore_ctx_st *ctx = loaderctx;
+
+ winstore_win_reset(ctx);
+ CertCloseStore(ctx->win_store, 0);
+ OSSL_DECODER_CTX_free(ctx->dctx);
+ OPENSSL_free(ctx->propq);
+ OPENSSL_free(ctx->subject);
+ OPENSSL_free(ctx);
+ return 1;
+}
+
+const OSSL_DISPATCH ossl_winstore_store_functions[] = {
+ { OSSL_FUNC_STORE_OPEN, (void (*)(void))winstore_open },
+ { OSSL_FUNC_STORE_ATTACH, (void (*)(void))winstore_attach },
+ { OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS, (void (*)(void))winstore_settable_ctx_params },
+ { OSSL_FUNC_STORE_SET_CTX_PARAMS, (void (*)(void))winstore_set_ctx_params },
+ { OSSL_FUNC_STORE_LOAD, (void (*)(void))winstore_load },
+ { OSSL_FUNC_STORE_EOF, (void (*)(void))winstore_eof },
+ { OSSL_FUNC_STORE_CLOSE, (void (*)(void))winstore_close },
+ { 0, NULL },
+};
--- a/providers/stores.inc
+++ b/providers/stores.inc
@@ -12,3 +12,6 @@
#endif
STORE("file", "yes", ossl_file_store_functions)
+#ifndef OPENSSL_NO_WINSTORE
+STORE("org.openssl.winstore", "yes", ossl_winstore_store_functions)
+#endif
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5435,4 +5435,7 @@ EVP_MD_CTX_dup
EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
+X509_get_default_cert_uri ? 3_1_0 EXIST::FUNCTION:
+X509_get_default_cert_uri_env ? 3_1_0 EXIST::FUNCTION:
+X509_get_default_cert_path_env ? 3_1_0 EXIST::FUNCTION:
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -1273,10 +1273,6 @@ X509_get0_trust_objects(3)
X509_get1_email(3)
X509_get1_ocsp(3)
X509_get_default_cert_area(3)
-X509_get_default_cert_dir(3)
-X509_get_default_cert_dir_env(3)
-X509_get_default_cert_file(3)
-X509_get_default_cert_file_env(3)
X509_get_default_private_dir(3)
X509_get_pubkey_parameters(3)
X509_get_signature_type(3)

217
openssl-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
View File

@@ -1,217 +0,0 @@
From f470b130139919f32926b3f5a75ba4d161cbcf88 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Tue, 1 Mar 2022 15:44:18 +0100
Subject: Allow SHA1 in seclevel 1 if rh-allow-sha1-signatures = yes
NOTE: This patch is ported from CentOS 9 / RHEL 9, where it allows SHA1
in seclevel 2 if rh-allow-sha1-signatures = yes. This was chosen because
on CentOS 9 and RHEL 9, the LEGACY crypto policy sets the security level
to 2.
On Fedora 35 (with OpenSSL 1.1) the legacy crypto policy uses security
level 1. Because Fedora 36 supports both OpenSSL 1.1 and OpenSSL 3, and
we want the legacy crypto policy to allow SHA-1 in TLS, the only option
to make this happen consistently in both OpenSSL 1.1 and OpenSSL 3 is
SECLEVEL=1 (which will allow SHA-1 in OpenSSL 1.1) and this change to
allow SHA-1 in SECLEVEL=1 with rh-allow-sha1-signatures = yes (which
will allow SHA-1 in OpenSSL 3).
The change from CentOS 9 / RHEL 9 cannot be applied unmodified, because
rh-allow-sha1-signatures will default to yes in Fedora (according to our
current plans including until F38), and the security level in the
DEFAULT crypto policy is 2, i.e., the unmodified change would weaken the
default configuration.
Related: rhbz#2055796
Related: rhbz#2070977
---
crypto/x509/x509_vfy.c | 20 ++++++++++-
doc/man5/config.pod | 7 ++++
ssl/t1_lib.c | 67 ++++++++++++++++++++++++++++-------
test/recipes/25-test_verify.t | 4 +--
4 files changed, 82 insertions(+), 16 deletions(-)
Index: openssl-3.1.4/crypto/x509/x509_vfy.c
===================================================================
--- openssl-3.1.4.orig/crypto/x509/x509_vfy.c
+++ openssl-3.1.4/crypto/x509/x509_vfy.c
@@ -25,6 +25,7 @@
#include <openssl/objects.h>
#include <openssl/core_names.h>
#include "internal/dane.h"
+#include "internal/sslconf.h"
#include "crypto/x509.h"
#include "x509_local.h"
@@ -3438,14 +3439,31 @@ static int check_sig_level(X509_STORE_CT
{
int secbits = -1;
int level = ctx->param->auth_level;
+ int nid;
+ OSSL_LIB_CTX *libctx = NULL;
if (level <= 0)
return 1;
if (level > NUM_AUTH_LEVELS)
level = NUM_AUTH_LEVELS;
- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
+ if (ctx->libctx)
+ libctx = ctx->libctx;
+ else if (cert->libctx)
+ libctx = cert->libctx;
+ else
+ libctx = OSSL_LIB_CTX_get0_global_default();
+
+ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL))
return 0;
+ if ((nid == NID_sha1 || nid == NID_md5_sha1)
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
+ && ctx->param->auth_level < 2)
+ /* When rh-allow-sha1-signatures = yes and security level <= 1,
+ * explicitly allow SHA1 for backwards compatibility. Also allow
+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
+ return 1;
+
return secbits >= minbits_table[level - 1];
}
Index: openssl-3.1.4/doc/man5/config.pod
===================================================================
--- openssl-3.1.4.orig/doc/man5/config.pod
+++ openssl-3.1.4/doc/man5/config.pod
@@ -317,6 +317,13 @@ this option is set to B<no>. Because TL
pseudorandom function (PRF) to derive key material, disabling
B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or newer.
+Note that enabling B<rh-allow-sha1-signatures> will allow TLS signature
+algorithms that use SHA1 in security level 1, despite the definition of
+security level 1 of 80 bits of security, which SHA1 and MD5-SHA1 do not meet.
+This allows using SHA1 and MD5-SHA1 in TLS in the LEGACY crypto-policy on
+Fedora without requiring to set the security level to 0, which would include
+further insecure algorithms, and thus restores support for TLS 1.0 and 1.1.
+
This is a downstream specific option, and normally it should be set up via crypto-policies.
=item B<fips_mode> (deprecated)
Index: openssl-3.1.4/ssl/t1_lib.c
===================================================================
--- openssl-3.1.4.orig/ssl/t1_lib.c
+++ openssl-3.1.4/ssl/t1_lib.c
@@ -20,6 +20,7 @@
#include <openssl/bn.h>
#include <openssl/provider.h>
#include <openssl/param_build.h>
+#include "crypto/x509.h"
#include "internal/sslconf.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
@@ -1588,19 +1589,28 @@ int tls12_check_peer_sigalg(SSL *s, uint
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
return 0;
}
- /*
- * Make sure security callback allows algorithm. For historical
- * reasons we have to pass the sigalg as a two byte char array.
- */
- sigalgstr[0] = (sig >> 8) & 0xff;
- sigalgstr[1] = sig & 0xff;
- secbits = sigalg_security_bits(s->ctx, lu);
- if (secbits == 0 ||
- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
- md != NULL ? EVP_MD_get_type(md) : NID_undef,
- (void *)sigalgstr)) {
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
- return 0;
+
+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
+ && SSL_get_security_level(s) < 2) {
+ /* When rh-allow-sha1-signatures = yes and security level <= 1,
+ * explicitly allow SHA1 for backwards compatibility. Also allow
+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
+ } else {
+ /*
+ * Make sure security callback allows algorithm. For historical
+ * reasons we have to pass the sigalg as a two byte char array.
+ */
+ sigalgstr[0] = (sig >> 8) & 0xff;
+ sigalgstr[1] = sig & 0xff;
+ secbits = sigalg_security_bits(s->ctx, lu);
+ if (secbits == 0 ||
+ !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
+ md != NULL ? EVP_MD_get_type(md) : NID_undef,
+ (void *)sigalgstr)) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
+ return 0;
+ }
}
/* Store the sigalg the peer uses */
s->s3.tmp.peer_sigalg = lu;
@@ -2138,6 +2148,15 @@ static int tls12_sigalg_allowed(const SS
}
}
+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
+ && SSL_get_security_level(s) < 2) {
+ /* When rh-allow-sha1-signatures = yes and security level <= 1,
+ * explicitly allow SHA1 for backwards compatibility. Also allow
+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
+ return 1;
+ }
+
/* Finally see if security callback allows it */
secbits = sigalg_security_bits(s->ctx, lu);
sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
@@ -3007,6 +3026,8 @@ static int ssl_security_cert_sig(SSL *s,
{
/* Lookup signature algorithm digest */
int secbits, nid, pknid;
+ OSSL_LIB_CTX *libctx = NULL;
+
/* Don't check signature if self signed */
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
return 1;
@@ -3015,6 +3036,26 @@ static int ssl_security_cert_sig(SSL *s,
/* If digest NID not defined use signature NID */
if (nid == NID_undef)
nid = pknid;
+
+ if (x && x->libctx)
+ libctx = x->libctx;
+ else if (ctx && ctx->libctx)
+ libctx = ctx->libctx;
+ else if (s && s->ctx && s->ctx->libctx)
+ libctx = s->ctx->libctx;
+ else
+ libctx = OSSL_LIB_CTX_get0_global_default();
+
+ if ((nid == NID_sha1 || nid == NID_md5_sha1)
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
+ && ((s != NULL && SSL_get_security_level(s) < 2)
+ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2)
+ ))
+ /* When rh-allow-sha1-signatures = yes and security level <= 1,
+ * explicitly allow SHA1 for backwards compatibility. Also allow
+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
+ return 1;
+
if (s)
return ssl_security(s, op, secbits, nid, x);
else
Index: openssl-3.1.4/test/recipes/25-test_verify.t
===================================================================
--- openssl-3.1.4.orig/test/recipes/25-test_verify.t
+++ openssl-3.1.4/test/recipes/25-test_verify.t
@@ -439,8 +439,8 @@ ok(verify("ee-pss-sha1-cert", "", ["root
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
"CA with PSS signature using SHA256");
-ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
- "Reject PSS signature using SHA1 and auth level 1");
+ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
+ "Reject PSS signature using SHA1 and auth level 2");
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
"PSS signature using SHA256 and auth level 2");

150
openssl-Allow-disabling-of-SHA1-signatures.patch
View File

@@ -26,11 +26,11 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
util/libcrypto.num | 2 +
15 files changed, 209 insertions(+), 9 deletions(-)
Index: openssl-3.1.4/crypto/context.c
Index: openssl-3.2.3/crypto/context.c
===================================================================
--- openssl-3.1.4.orig/crypto/context.c
+++ openssl-3.1.4/crypto/context.c
@@ -78,6 +78,8 @@ struct ossl_lib_ctx_st {
--- openssl-3.2.3.orig/crypto/context.c
+++ openssl-3.2.3/crypto/context.c
@@ -82,6 +82,8 @@ struct ossl_lib_ctx_st {
void *fips_prov;
#endif
@@ -39,7 +39,7 @@ Index: openssl-3.1.4/crypto/context.c
unsigned int ischild:1;
};
@@ -206,6 +208,10 @@ static int context_init(OSSL_LIB_CTX *ct
@@ -222,6 +224,10 @@ static int context_init(OSSL_LIB_CTX *ct
goto err;
#endif
@@ -50,7 +50,7 @@ Index: openssl-3.1.4/crypto/context.c
/* Low priority. */
#ifndef FIPS_MODULE
ctx->child_provider = ossl_child_prov_ctx_new(ctx);
@@ -334,6 +340,11 @@ static void context_deinit_objs(OSSL_LIB
@@ -365,6 +371,11 @@ static void context_deinit_objs(OSSL_LIB
}
#endif
@@ -62,7 +62,7 @@ Index: openssl-3.1.4/crypto/context.c
/* Low priority. */
#ifndef FIPS_MODULE
if (ctx->child_provider != NULL) {
@@ -625,6 +636,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX
@@ -662,6 +673,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX
return ctx->fips_prov;
#endif
@@ -72,10 +72,10 @@ Index: openssl-3.1.4/crypto/context.c
default:
return NULL;
}
Index: openssl-3.1.4/crypto/evp/evp_cnf.c
Index: openssl-3.2.3/crypto/evp/evp_cnf.c
===================================================================
--- openssl-3.1.4.orig/crypto/evp/evp_cnf.c
+++ openssl-3.1.4/crypto/evp/evp_cnf.c
--- openssl-3.2.3.orig/crypto/evp/evp_cnf.c
+++ openssl-3.2.3/crypto/evp/evp_cnf.c
@@ -10,6 +10,7 @@
#include <stdio.h>
#include <openssl/crypto.h>
@@ -103,10 +103,10 @@ Index: openssl-3.1.4/crypto/evp/evp_cnf.c
} else {
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
"name=%s, value=%s", oval->name, oval->value);
Index: openssl-3.1.4/crypto/evp/m_sigver.c
Index: openssl-3.2.3/crypto/evp/m_sigver.c
===================================================================
--- openssl-3.1.4.orig/crypto/evp/m_sigver.c
+++ openssl-3.1.4/crypto/evp/m_sigver.c
--- openssl-3.2.3.orig/crypto/evp/m_sigver.c
+++ openssl-3.2.3/crypto/evp/m_sigver.c
@@ -15,6 +15,69 @@
#include "internal/provider.h"
#include "internal/numbers.h" /* includes SIZE_MAX */
@@ -177,7 +177,7 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
#ifndef FIPS_MODULE
@@ -251,6 +314,18 @@ static int do_sigver_init(EVP_MD_CTX *ct
@@ -253,6 +316,18 @@ static int do_sigver_init(EVP_MD_CTX *ct
}
}
@@ -196,10 +196,10 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
if (ver) {
if (signature->digest_verify_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
Index: openssl-3.1.4/crypto/evp/pmeth_lib.c
Index: openssl-3.2.3/crypto/evp/pmeth_lib.c
===================================================================
--- openssl-3.1.4.orig/crypto/evp/pmeth_lib.c
+++ openssl-3.1.4/crypto/evp/pmeth_lib.c
--- openssl-3.2.3.orig/crypto/evp/pmeth_lib.c
+++ openssl-3.2.3/crypto/evp/pmeth_lib.c
@@ -33,6 +33,7 @@
#include "internal/ffc.h"
#include "internal/numbers.h"
@@ -208,7 +208,7 @@ Index: openssl-3.1.4/crypto/evp/pmeth_lib.c
#include "evp_local.h"
#ifndef FIPS_MODULE
@@ -959,6 +960,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_
@@ -951,6 +952,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_
return -2;
}
@@ -229,10 +229,10 @@ Index: openssl-3.1.4/crypto/evp/pmeth_lib.c
if (fallback)
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
Index: openssl-3.1.4/doc/man5/config.pod
Index: openssl-3.2.3/doc/man5/config.pod
===================================================================
--- openssl-3.1.4.orig/doc/man5/config.pod
+++ openssl-3.1.4/doc/man5/config.pod
--- openssl-3.2.3.orig/doc/man5/config.pod
+++ openssl-3.2.3/doc/man5/config.pod
@@ -304,6 +304,21 @@ Within the algorithm properties section,
The value may be anything that is acceptable as a property query
string for EVP_set_default_properties().
@@ -255,35 +255,35 @@ Index: openssl-3.1.4/doc/man5/config.pod
=item B<fips_mode> (deprecated)
The value is a boolean that can be B<yes> or B<no>. If the value is
Index: openssl-3.1.4/include/crypto/context.h
Index: openssl-3.2.3/include/crypto/context.h
===================================================================
--- openssl-3.1.4.orig/include/crypto/context.h
+++ openssl-3.1.4/include/crypto/context.h
@@ -40,3 +40,6 @@ void ossl_rand_crng_ctx_free(void *);
void ossl_thread_event_ctx_free(void *);
void ossl_fips_prov_ossl_ctx_free(void *);
void ossl_release_default_drbg_ctx(void);
--- openssl-3.2.3.orig/include/crypto/context.h
+++ openssl-3.2.3/include/crypto/context.h
@@ -46,3 +46,6 @@ void ossl_release_default_drbg_ctx(void)
#if defined(OPENSSL_THREADS)
void ossl_threads_ctx_free(void *);
#endif
+
+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *);
+void ossl_ctx_legacy_digest_signatures_free(void *);
Index: openssl-3.1.4/include/internal/cryptlib.h
Index: openssl-3.2.3/include/internal/cryptlib.h
===================================================================
--- openssl-3.1.4.orig/include/internal/cryptlib.h
+++ openssl-3.1.4/include/internal/cryptlib.h
@@ -178,7 +178,8 @@ typedef struct ossl_ex_data_global_st {
# define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16
# define OSSL_LIB_CTX_BIO_CORE_INDEX 17
--- openssl-3.2.3.orig/include/internal/cryptlib.h
+++ openssl-3.2.3/include/internal/cryptlib.h
@@ -117,7 +117,8 @@ typedef struct ossl_ex_data_global_st {
# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
-# define OSSL_LIB_CTX_MAX_INDEXES 19
+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 19
+# define OSSL_LIB_CTX_MAX_INDEXES 20
# define OSSL_LIB_CTX_THREAD_INDEX 19
# define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20
-# define OSSL_LIB_CTX_MAX_INDEXES 20
+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 21
+# define OSSL_LIB_CTX_MAX_INDEXES 21
OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx);
int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx);
Index: openssl-3.1.4/include/internal/sslconf.h
Index: openssl-3.2.3/include/internal/sslconf.h
===================================================================
--- openssl-3.1.4.orig/include/internal/sslconf.h
+++ openssl-3.1.4/include/internal/sslconf.h
--- openssl-3.2.3.orig/include/internal/sslconf.h
+++ openssl-3.2.3/include/internal/sslconf.h
@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name,
void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
char **arg);
@@ -293,10 +293,10 @@ Index: openssl-3.1.4/include/internal/sslconf.h
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
+ int loadconfig);
#endif
Index: openssl-3.1.4/providers/common/securitycheck.c
Index: openssl-3.2.3/providers/common/securitycheck.c
===================================================================
--- openssl-3.1.4.orig/providers/common/securitycheck.c
+++ openssl-3.1.4/providers/common/securitycheck.c
--- openssl-3.2.3.orig/providers/common/securitycheck.c
+++ openssl-3.2.3/providers/common/securitycheck.c
@@ -19,6 +19,7 @@
#include <openssl/core_names.h>
#include <openssl/obj_mac.h>
@@ -336,10 +336,10 @@ Index: openssl-3.1.4/providers/common/securitycheck.c
+
return 1;
}
Index: openssl-3.1.4/providers/common/securitycheck_default.c
Index: openssl-3.2.3/providers/common/securitycheck_default.c
===================================================================
--- openssl-3.1.4.orig/providers/common/securitycheck_default.c
+++ openssl-3.1.4/providers/common/securitycheck_default.c
--- openssl-3.2.3.orig/providers/common/securitycheck_default.c
+++ openssl-3.2.3/providers/common/securitycheck_default.c
@@ -15,6 +15,7 @@
#include <openssl/obj_mac.h>
#include "prov/securitycheck.h"
@@ -373,11 +373,11 @@ Index: openssl-3.1.4/providers/common/securitycheck_default.c
+ mdnid = -1;
return mdnid;
}
Index: openssl-3.1.4/providers/implementations/signature/dsa_sig.c
Index: openssl-3.2.3/providers/implementations/signature/dsa_sig.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/signature/dsa_sig.c
+++ openssl-3.1.4/providers/implementations/signature/dsa_sig.c
@@ -123,12 +123,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ct
--- openssl-3.2.3.orig/providers/implementations/signature/dsa_sig.c
+++ openssl-3.2.3/providers/implementations/signature/dsa_sig.c
@@ -125,12 +125,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ct
mdprops = ctx->propq;
if (mdname != NULL) {
@@ -398,11 +398,11 @@ Index: openssl-3.1.4/providers/implementations/signature/dsa_sig.c
if (md == NULL || md_nid < 0) {
if (md == NULL)
Index: openssl-3.1.4/providers/implementations/signature/ecdsa_sig.c
Index: openssl-3.2.3/providers/implementations/signature/ecdsa_sig.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/signature/ecdsa_sig.c
+++ openssl-3.1.4/providers/implementations/signature/ecdsa_sig.c
@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX
--- openssl-3.2.3.orig/providers/implementations/signature/ecdsa_sig.c
+++ openssl-3.2.3/providers/implementations/signature/ecdsa_sig.c
@@ -247,7 +247,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX
"%s could not be fetched", mdname);
return 0;
}
@@ -414,10 +414,10 @@ Index: openssl-3.1.4/providers/implementations/signature/ecdsa_sig.c
md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
sha1_allowed);
if (md_nid < 0) {
Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
Index: openssl-3.2.3/providers/implementations/signature/rsa_sig.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.1.4/providers/implementations/signature/rsa_sig.c
--- openssl-3.2.3.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.2.3/providers/implementations/signature/rsa_sig.c
@@ -25,6 +25,7 @@
#include "internal/cryptlib.h"
#include "internal/nelem.h"
@@ -434,7 +434,7 @@ Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
OSSL_FUNC_signature_newctx_fn rsa_newctx;
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ct
@@ -317,10 +319,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ct
if (mdname != NULL) {
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
@@ -452,7 +452,7 @@ Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
if (md == NULL
|| md_nid <= 0
@@ -1386,8 +1393,15 @@ static int rsa_set_ctx_params(void *vprs
@@ -1408,8 +1415,15 @@ static int rsa_set_ctx_params(void *vprs
prsactx->pad_mode = pad_mode;
if (prsactx->md == NULL && pmdname == NULL
@@ -469,10 +469,10 @@ Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
if (pmgf1mdname != NULL
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
Index: openssl-3.1.4/ssl/t1_lib.c
Index: openssl-3.2.3/ssl/t1_lib.c
===================================================================
--- openssl-3.1.4.orig/ssl/t1_lib.c
+++ openssl-3.1.4/ssl/t1_lib.c
--- openssl-3.2.3.orig/ssl/t1_lib.c
+++ openssl-3.2.3/ssl/t1_lib.c
@@ -20,6 +20,7 @@
#include <openssl/bn.h>
#include <openssl/provider.h>
@@ -481,21 +481,23 @@ Index: openssl-3.1.4/ssl/t1_lib.c
#include "internal/nelem.h"
#include "internal/sizes.h"
#include "internal/tlsgroups.h"
@@ -1172,11 +1173,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
= OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl));
@@ -1508,6 +1509,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
uint16_t *tls12_sigalgs_list = NULL;
EVP_PKEY *tmpkey = EVP_PKEY_new();
int ret = 0;
+ int ldsigs_allowed;
if (cache == NULL || tmpkey == NULL)
if (ctx == NULL)
goto err;
@@ -1523,6 +1525,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
goto err;
ERR_set_mark();
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0);
/* First fill cache and tls12_sigalgs list from legacy algorithm list */
for (i = 0, lu = sigalg_lookup_tbl;
i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
EVP_PKEY_CTX *pctx;
@@ -1196,6 +1199,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
@@ -1544,6 +1547,11 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
cache[i].enabled = 0;
continue;
}
@@ -507,13 +509,13 @@ Index: openssl-3.1.4/ssl/t1_lib.c
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
cache[i].enabled = 0;
Index: openssl-3.1.4/util/libcrypto.num
Index: openssl-3.2.3/util/libcrypto.num
===================================================================
--- openssl-3.1.4.orig/util/libcrypto.num
+++ openssl-3.1.4/util/libcrypto.num
@@ -5439,3 +5439,5 @@ X509_get_default_cert_uri
X509_get_default_cert_uri_env ? 3_1_0 EXIST::FUNCTION:
X509_get_default_cert_path_env ? 3_1_0 EXIST::FUNCTION:
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
--- openssl-3.2.3.orig/util/libcrypto.num
+++ openssl-3.2.3/util/libcrypto.num
@@ -5537,3 +5537,5 @@ X509_STORE_CTX_set_current_reasons
OSSL_STORE_delete 5665 3_2_0 EXIST::FUNCTION:
BIO_ADDR_copy 5666 3_2_0 EXIST::FUNCTION:SOCK
ossl_safe_getenv ? 3_2_0 EXIST::FUNCTION:
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:

1354
openssl-CVE-2023-50782.patch
View File

File diff suppressed because it is too large Load Diff

41
openssl-CVE-2024-41996.patch
View File

@@ -1,41 +0,0 @@
From e70e34d857d4003199bcb5d3b52ca8102ccc1b98 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 5 Aug 2024 17:54:14 +0200
Subject: [PATCH] dh_kmgmt.c: Avoid expensive public key validation for known
safe-prime groups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The partial validation is fully sufficient to check the key validity.
Thanks to Szilárd Pfeiffer for reporting the issue.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25088)
---
providers/implementations/keymgmt/dh_kmgmt.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index 82c3093b122c2..ebdce767102ee 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -388,9 +388,11 @@ static int dh_validate_public(const DH *dh, int checktype)
if (pub_key == NULL)
return 0;
- /* The partial test is only valid for named group's with q = (p - 1) / 2 */
- if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK
- && ossl_dh_is_named_safe_prime_group(dh))
+ /*
+ * The partial test is only valid for named group's with q = (p - 1) / 2
+ * but for that case it is also fully sufficient to check the key validity.
+ */
+ if (ossl_dh_is_named_safe_prime_group(dh))
return ossl_dh_check_pub_key_partial(dh, pub_key, &res);
return DH_check_pub_key_ex(dh, pub_key);

198
openssl-CVE-2024-9143.patch
View File

@@ -1,198 +0,0 @@
From fdf6723362ca51bd883295efe206cb5b1cfa5154 Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <viktor@openssl.org>
Date: Thu, 19 Sep 2024 01:02:40 +1000
Subject: [PATCH] Harden BN_GF2m_poly2arr against misuse.
The BN_GF2m_poly2arr() function converts characteristic-2 field
(GF_{2^m}) Galois polynomials from a representation as a BIGNUM bitmask,
to a compact array with just the exponents of the non-zero terms.
These polynomials are then used in BN_GF2m_mod_arr() to perform modular
reduction. A precondition of calling BN_GF2m_mod_arr() is that the
polynomial must have a non-zero constant term (i.e. the array has `0` as
its final element).
Internally, callers of BN_GF2m_poly2arr() did not verify that
precondition, and binary EC curve parameters with an invalid polynomial
could lead to out of bounds memory reads and writes in BN_GF2m_mod_arr().
The precondition is always true for polynomials that arise from the
standard form of EC parameters for characteristic-two fields (X9.62).
See the "Finite Field Identification" section of:
https://www.itu.int/ITU-T/formal-language/itu-t/x/x894/2018-cor1/ANSI-X9-62.html
The OpenSSL GF(2^m) code supports only the trinomial and pentanomial
basis X9.62 forms.
This commit updates BN_GF2m_poly2arr() to return `0` (failure) when
the constant term is zero (i.e. the input bitmask BIGNUM is not odd).
Additionally, the return value is made unambiguous when there is not
enough space to also pad the array with a final `-1` sentinel value.
The return value is now always the number of elements (including the
final `-1`) that would be filled when the output array is sufficiently
large. Previously the same count was returned both when the array has
just enough room for the final `-1` and when it had only enough space
for non-sentinel values.
Finally, BN_GF2m_poly2arr() is updated to reject polynomials whose
degree exceeds `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against
CPU exhausition attacks via excessively large inputs.
The above issues do not arise in processing X.509 certificates. These
generally have EC keys from "named curves", and RFC5840 (Section 2.1.1)
disallows explicit EC parameters. The TLS code in OpenSSL enforces this
constraint only after the certificate is decoded, but, even if explicit
parameters are specified, they are in X9.62 form, which cannot represent
problem values as noted above.
Initially reported as oss-fuzz issue 71623.
A closely related issue was earlier reported in
<https://github.com/openssl/openssl/issues/19826>.
Severity: Low, CVE-2024-9143
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25639)
(cherry picked from commit 8e008cb8b23ec7dc75c45a66eeed09c815b11cd2)
---
crypto/bn/bn_gf2m.c | 28 +++++++++++++++-------
test/ec_internal_test.c | 51 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 71 insertions(+), 8 deletions(-)
diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c
index c811ae82d6b15..bcc66613cc14d 100644
--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
@@ -15,6 +15,7 @@
#include "bn_local.h"
#ifndef OPENSSL_NO_EC2M
+# include <openssl/ec.h>
/*
* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should
@@ -1140,16 +1141,26 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
/*
* Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i *
* x^i) into an array of integers corresponding to the bits with non-zero
- * coefficient. Array is terminated with -1. Up to max elements of the array
- * will be filled. Return value is total number of array elements that would
- * be filled if array was large enough.
+ * coefficient. The array is intended to be suitable for use with
+ * `BN_GF2m_mod_arr()`, and so the constant term of the polynomial must not be
+ * zero. This translates to a requirement that the input BIGNUM `a` is odd.
+ *
+ * Given sufficient room, the array is terminated with -1. Up to max elements
+ * of the array will be filled.
+ *
+ * The return value is total number of array elements that would be filled if
+ * array was large enough, including the terminating `-1`. It is `0` when `a`
+ * is not odd or the constant term is zero contrary to requirement.
+ *
+ * The return value is also `0` when the leading exponent exceeds
+ * `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against CPU exhaustion attacks,
*/
int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
{
int i, j, k = 0;
BN_ULONG mask;
- if (BN_is_zero(a))
+ if (!BN_is_odd(a))
return 0;
for (i = a->top - 1; i >= 0; i--) {
@@ -1167,12 +1178,13 @@ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
}
}
- if (k < max) {
+ if (k > 0 && p[0] > OPENSSL_ECC_MAX_FIELD_BITS)
+ return 0;
+
+ if (k < max)
p[k] = -1;
- k++;
- }
- return k;
+ return k + 1;
}
/*
diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c
index 8c2cd05631696..02cfd4e9d8858 100644
--- a/test/ec_internal_test.c
+++ b/test/ec_internal_test.c
@@ -155,6 +155,56 @@ static int field_tests_ecp_mont(void)
}
#ifndef OPENSSL_NO_EC2M
+/* Test that decoding of invalid GF2m field parameters fails. */
+static int ec2m_field_sanity(void)
+{
+ int ret = 0;
+ BN_CTX *ctx = BN_CTX_new();
+ BIGNUM *p, *a, *b;
+ EC_GROUP *group1 = NULL, *group2 = NULL, *group3 = NULL;
+
+ TEST_info("Testing GF2m hardening\n");
+
+ BN_CTX_start(ctx);
+ p = BN_CTX_get(ctx);
+ a = BN_CTX_get(ctx);
+ if (!TEST_ptr(b = BN_CTX_get(ctx))
+ || !TEST_true(BN_one(a))
+ || !TEST_true(BN_one(b)))
+ goto out;
+
+ /* Even pentanomial value should be rejected */
+ if (!TEST_true(BN_set_word(p, 0xf2)))
+ goto out;
+ if (!TEST_ptr_null(group1 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
+ TEST_error("Zero constant term accepted in GF2m polynomial");
+
+ /* Odd hexanomial should also be rejected */
+ if (!TEST_true(BN_set_word(p, 0xf3)))
+ goto out;
+ if (!TEST_ptr_null(group2 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
+ TEST_error("Hexanomial accepted as GF2m polynomial");
+
+ /* Excessive polynomial degree should also be rejected */
+ if (!TEST_true(BN_set_word(p, 0x71))
+ || !TEST_true(BN_set_bit(p, OPENSSL_ECC_MAX_FIELD_BITS + 1)))
+ goto out;
+ if (!TEST_ptr_null(group3 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
+ TEST_error("GF2m polynomial degree > %d accepted",
+ OPENSSL_ECC_MAX_FIELD_BITS);
+
+ ret = group1 == NULL && group2 == NULL && group3 == NULL;
+
+ out:
+ EC_GROUP_free(group1);
+ EC_GROUP_free(group2);
+ EC_GROUP_free(group3);
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+
+ return ret;
+}
+
/* test EC_GF2m_simple_method directly */
static int field_tests_ec2_simple(void)
{
@@ -443,6 +493,7 @@ int setup_tests(void)
ADD_TEST(field_tests_ecp_simple);
ADD_TEST(field_tests_ecp_mont);
#ifndef OPENSSL_NO_EC2M
+ ADD_TEST(ec2m_field_sanity);
ADD_TEST(field_tests_ec2_simple);
#endif
ADD_ALL_TESTS(field_tests_default, crv_len);

64
openssl-DEFAULT_SUSE_cipher.patch
View File

@@ -1,64 +0,0 @@
Index: openssl-3.0.0-alpha7/ssl/ssl_ciph.c
===================================================================
--- openssl-3.0.0-alpha7.orig/ssl/ssl_ciph.c
+++ openssl-3.0.0-alpha7/ssl/ssl_ciph.c
@@ -1592,7 +1592,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
*/
ok = 1;
rule_p = rule_str;
- if (strncmp(rule_str, "DEFAULT", 7) == 0) {
+ if (strncmp(rule_str,"DEFAULT_SUSE", 12) == 0) {
+ ok = ssl_cipher_process_rulestr(SSL_DEFAULT_SUSE_CIPHER_LIST,
+ &head, &tail, ca_list, c);
+ rule_p += 12;
+ if (*rule_p == ':')
+ rule_p++;
+ }
+ else if (strncmp(rule_str, "DEFAULT", 7) == 0) {
ok = ssl_cipher_process_rulestr(OSSL_default_cipher_list(),
&head, &tail, ca_list, c);
rule_p += 7;
Index: openssl-3.0.0-alpha7/test/recipes/99-test_suse_default_ciphers.t
===================================================================
--- /dev/null
+++ openssl-3.0.0-alpha7/test/recipes/99-test_suse_default_ciphers.t
@@ -0,0 +1,23 @@
+#! /usr/bin/env perl
+
+use strict;
+use warnings;
+
+use OpenSSL::Test qw/:DEFAULT/;
+use OpenSSL::Test::Utils;
+
+setup("test_default_ciphersuites");
+
+plan tests => 6;
+
+my @cipher_suites = ("DEFAULT_SUSE", "DEFAULT");
+
+foreach my $cipherlist (@cipher_suites) {
+ ok(run(app(["openssl", "ciphers", "-s", $cipherlist])),
+ "openssl ciphers works with ciphersuite $cipherlist");
+ ok(!grep(/(MD5|RC4|DES)/, run(app(["openssl", "ciphers", "-s", $cipherlist]), capture => 1)),
+ "$cipherlist shouldn't contain MD5, DES or RC4\n");
+ ok(grep(/(TLSv1.3)/, run(app(["openssl", "ciphers", "-tls1_3", "-s", "-v", $cipherlist]), capture => 1)),
+ "$cipherlist should contain TLSv1.3 ciphers\n");
+}
+
Index: openssl-3.0.0-alpha7/include/openssl/ssl.h.in
===================================================================
--- openssl-3.0.0-alpha7.orig/include/openssl/ssl.h.in
+++ openssl-3.0.0-alpha7/include/openssl/ssl.h.in
@@ -189,6 +189,11 @@ extern "C" {
*/
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
+# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\
+ "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:"\
+ "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
+ "DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
+ "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA"
/*
* This is the default set of TLSv1.3 ciphersuites
* DEPRECATED IN 3.0.0, in favor of OSSL_default_ciphersuites()

19
openssl-Disable-default-provider-for-test-suite.patch
View File

@@ -1,19 +0,0 @@
Index: openssl-3.1.4/apps/openssl.cnf
===================================================================
--- openssl-3.1.4.orig/apps/openssl.cnf
+++ openssl-3.1.4/apps/openssl.cnf
@@ -70,11 +70,11 @@ engines = engine_section
# to side-channel attacks and as such have been deprecated.
[provider_sect]
-default = default_sect
+##default = default_sect
##legacy = legacy_sect
-[default_sect]
-activate = 1
+##[default_sect]
+##activate = 1
##[legacy_sect]
##activate = 1

113
openssl-FIPS-140-3-DRBG.patch
View File

@@ -1,37 +1,7 @@
Index: openssl-3.1.4/providers/implementations/rands/drbg.c
Index: openssl-3.2.3/crypto/rand/prov_seed.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/rands/drbg.c
+++ openssl-3.1.4/providers/implementations/rands/drbg.c
@@ -570,6 +570,9 @@ int ossl_prov_drbg_reseed(PROV_DRBG *drb
#endif
}
+#ifdef FIPS_MODULE
+ prediction_resistance = 1;
+#endif
/* Reseed using our sources in addition */
entropylen = get_entropy(drbg, &entropy, drbg->strength,
drbg->min_entropylen, drbg->max_entropylen,
@@ -662,8 +665,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *d
reseed_required = 1;
}
if (drbg->parent != NULL
- && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter)
+ && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) {
+#ifdef FIPS_MODULE
+ /* SUSE patches provide chain reseeding when necessary so just sync counters*/
+ drbg->parent_reseed_counter = get_parent_reseed_count(drbg);
+#else
reseed_required = 1;
+#endif
+ }
if (reseed_required || prediction_resistance) {
if (!ossl_prov_drbg_reseed(drbg, prediction_resistance, NULL, 0,
Index: openssl-3.1.4/crypto/rand/prov_seed.c
===================================================================
--- openssl-3.1.4.orig/crypto/rand/prov_seed.c
+++ openssl-3.1.4/crypto/rand/prov_seed.c
--- openssl-3.2.3.orig/crypto/rand/prov_seed.c
+++ openssl-3.2.3/crypto/rand/prov_seed.c
@@ -23,7 +23,14 @@ size_t ossl_rand_get_entropy(ossl_unused
size_t entropy_available;
RAND_POOL *pool;
@@ -46,12 +16,33 @@ Index: openssl-3.1.4/crypto/rand/prov_seed.c
+ */
+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len);
if (pool == NULL) {
ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_RAND, ERR_R_RAND_LIB);
return 0;
Index: openssl-3.1.4/providers/implementations/rands/crngt.c
Index: openssl-3.2.3/crypto/rand/rand_lib.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/rands/crngt.c
+++ openssl-3.1.4/providers/implementations/rands/crngt.c
--- openssl-3.2.3.orig/crypto/rand/rand_lib.c
+++ openssl-3.2.3/crypto/rand/rand_lib.c
@@ -723,15 +723,7 @@ EVP_RAND_CTX *RAND_get0_primary(OSSL_LIB
return ret;
}
-#ifndef FIPS_MODULE
- if (dgbl->seed == NULL) {
- ERR_set_mark();
- dgbl->seed = rand_new_seed(ctx);
- ERR_pop_to_mark();
- }
-#endif
-
- ret = dgbl->primary = rand_new_drbg(ctx, dgbl->seed,
+ ret = dgbl->primary = rand_new_drbg(ctx, NULL,
PRIMARY_RESEED_INTERVAL,
PRIMARY_RESEED_TIME_INTERVAL, 1);
/*
Index: openssl-3.2.3/providers/implementations/rands/crngt.c
===================================================================
--- openssl-3.2.3.orig/providers/implementations/rands/crngt.c
+++ openssl-3.2.3/providers/implementations/rands/crngt.c
@@ -133,7 +133,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG
* to the nearest byte. If the entropy is of less than full quality,
* the amount required should be scaled up appropriately here.
@@ -65,10 +56,40 @@ Index: openssl-3.1.4/providers/implementations/rands/crngt.c
if (bytes_needed < min_len)
bytes_needed = min_len;
if (bytes_needed > max_len)
Index: openssl-3.1.4/providers/implementations/rands/drbg_local.h
Index: openssl-3.2.3/providers/implementations/rands/drbg.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/rands/drbg_local.h
+++ openssl-3.1.4/providers/implementations/rands/drbg_local.h
--- openssl-3.2.3.orig/providers/implementations/rands/drbg.c
+++ openssl-3.2.3/providers/implementations/rands/drbg.c
@@ -569,6 +569,9 @@ static int ossl_prov_drbg_reseed_unlocke
#endif
}
+#ifdef FIPS_MODULE
+ prediction_resistance = 1;
+#endif
/* Reseed using our sources in addition */
entropylen = get_entropy(drbg, &entropy, drbg->strength,
drbg->min_entropylen, drbg->max_entropylen,
@@ -690,8 +693,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *d
reseed_required = 1;
}
if (drbg->parent != NULL
- && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter)
+ && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) {
+#ifdef FIPS_MODULE
+ /* SUSE patches provide chain reseeding when necessary so just sync counters*/
+ drbg->parent_reseed_counter = get_parent_reseed_count(drbg);
+#else
reseed_required = 1;
+#endif
+ }
if (reseed_required || prediction_resistance) {
if (!ossl_prov_drbg_reseed_unlocked(drbg, prediction_resistance, NULL,
Index: openssl-3.2.3/providers/implementations/rands/drbg_local.h
===================================================================
--- openssl-3.2.3.orig/providers/implementations/rands/drbg_local.h
+++ openssl-3.2.3/providers/implementations/rands/drbg_local.h
@@ -38,7 +38,7 @@
*
* The value is in bytes.
@@ -78,11 +99,11 @@ Index: openssl-3.1.4/providers/implementations/rands/drbg_local.h
/*
* Maximum input size for the DRBG (entropy, nonce, personalization string)
Index: openssl-3.1.4/providers/implementations/rands/seed_src.c
Index: openssl-3.2.3/providers/implementations/rands/seed_src.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/rands/seed_src.c
+++ openssl-3.1.4/providers/implementations/rands/seed_src.c
@@ -104,7 +104,14 @@ static int seed_src_generate(void *vseed
--- openssl-3.2.3.orig/providers/implementations/rands/seed_src.c
+++ openssl-3.2.3/providers/implementations/rands/seed_src.c
@@ -102,7 +102,14 @@ static int seed_src_generate(void *vseed
return 0;
}
@@ -96,9 +117,9 @@ Index: openssl-3.1.4/providers/implementations/rands/seed_src.c
+ */
+ pool = ossl_rand_pool_new(strength + 64, 1, outlen, outlen);
if (pool == NULL) {
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
ERR_raise(ERR_LIB_PROV, ERR_R_RAND_LIB);
return 0;
@@ -184,7 +191,14 @@ static size_t seed_get_seed(void *vseed,
@@ -182,7 +189,14 @@ static size_t seed_get_seed(void *vseed,
size_t i;
RAND_POOL *pool;

76
openssl-FIPS-140-3-keychecks.patch
View File

@@ -1,23 +1,25 @@
From b300beb172d5813b01b93bfd62fe191f8187fe1e Mon Sep 17 00:00:00 2001
From 4512f620199126e6b87433ef184f0450652ee28a Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Mon, 21 Aug 2023 12:05:23 +0200
Subject: [PATCH 20/48] 0044-FIPS-140-3-keychecks.patch
Date: Thu, 4 Apr 2024 11:42:18 +0200
Subject: [PATCH 19/50] 0044-FIPS-140-3-keychecks.patch
Patch-name: 0044-FIPS-140-3-keychecks.patch
Patch-id: 44
Patch-status: |
# Extra public/private key checks required by FIPS-140-3
From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
crypto/dh/dh_key.c | 26 ++++++++++
crypto/rsa/rsa_gen.c | 3 ++
.../implementations/exchange/ecdh_exch.c | 19 ++++++++
providers/implementations/keymgmt/ec_kmgmt.c | 24 +++++++++-
providers/implementations/keymgmt/rsa_kmgmt.c | 18 +++++++
.../implementations/signature/ecdsa_sig.c | 37 +++++++++++++--
providers/implementations/signature/rsa_sig.c | 47 +++++++++++++++++--
6 files changed, 162 insertions(+), 9 deletions(-)
7 files changed, 165 insertions(+), 9 deletions(-)
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 4e9705beef..83773cceea 100644
index 7132b9b68e..189bfc3e8b 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
@@ -30,7 +32,7 @@ index 4e9705beef..83773cceea 100644
if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
@@ -54,6 +57,13 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
@@ -60,6 +63,13 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
return 0;
}
@@ -44,7 +46,7 @@ index 4e9705beef..83773cceea 100644
ctx = BN_CTX_new_ex(dh->libctx);
if (ctx == NULL)
goto err;
@@ -262,6 +272,9 @@ static int generate_key(DH *dh)
@@ -271,6 +281,9 @@ static int generate_key(DH *dh)
#endif
BN_CTX *ctx = NULL;
BIGNUM *pub_key = NULL, *priv_key = NULL;
@@ -54,7 +56,7 @@ index 4e9705beef..83773cceea 100644
if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
@@ -354,8 +367,21 @@ static int generate_key(DH *dh)
@@ -369,8 +382,21 @@ static int generate_key(DH *dh)
if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key))
goto err;
@@ -76,8 +78,22 @@ index 4e9705beef..83773cceea 100644
dh->dirty_cnt++;
ok = 1;
err:
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 0cdbb3fde2..65ff9d2d47 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -464,6 +464,9 @@ static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes,
rsa->dmp1 = NULL;
rsa->dmq1 = NULL;
rsa->iqmp = NULL;
+#ifdef FIPS_MODULE
+ abort();
+#endif /* defined(FIPS_MODULE) */
}
}
return ok;
diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c
index 43caedb6df..73873f9758 100644
index 5b8412aba1..1d98eba132 100644
--- a/providers/implementations/exchange/ecdh_exch.c
+++ b/providers/implementations/exchange/ecdh_exch.c
@@ -489,6 +489,25 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret,
@@ -107,13 +123,13 @@ index 43caedb6df..73873f9758 100644
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index a37cbbdba8..bca3f3c674 100644
index 9390935394..1399be1751 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -989,8 +989,17 @@ struct ec_gen_ctx {
int selection;
int ecdh_mode;
@@ -991,8 +991,17 @@ struct ec_gen_ctx {
EC_GROUP *gen_group;
unsigned char *dhkem_ikm;
size_t dhkem_ikmlen;
+#ifdef FIPS_MODULE
+ void *ecdsa_sig_ctx;
+#endif
@@ -128,7 +144,7 @@ index a37cbbdba8..bca3f3c674 100644
static void *ec_gen_init(void *provctx, int selection,
const OSSL_PARAM params[])
{
@@ -1009,6 +1018,10 @@ static void *ec_gen_init(void *provctx, int selection,
@@ -1011,6 +1020,10 @@ static void *ec_gen_init(void *provctx, int selection,
gctx = NULL;
}
}
@@ -139,7 +155,7 @@ index a37cbbdba8..bca3f3c674 100644
return gctx;
}
@@ -1279,6 +1292,12 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
@@ -1291,6 +1304,12 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
if (gctx->ecdh_mode != -1)
ret = ret && ossl_ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode);
@@ -151,8 +167,8 @@ index a37cbbdba8..bca3f3c674 100644
+#endif
if (gctx->group_check != NULL)
ret = ret && ossl_ec_set_check_group_type_from_name(ec, gctx->group_check);
@@ -1348,7 +1367,10 @@ static void ec_gen_cleanup(void *genctx)
ret = ret && ossl_ec_set_check_group_type_from_name(ec,
@@ -1361,7 +1380,10 @@ static void ec_gen_cleanup(void *genctx)
if (gctx == NULL)
return;
@@ -161,11 +177,11 @@ index a37cbbdba8..bca3f3c674 100644
+ ecdsa_freectx(gctx->ecdsa_sig_ctx);
+ gctx->ecdsa_sig_ctx = NULL;
+#endif
OPENSSL_clear_free(gctx->dhkem_ikm, gctx->dhkem_ikmlen);
EC_GROUP_free(gctx->gen_group);
BN_free(gctx->p);
BN_free(gctx->a);
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
index 3ba12c4889..ff49f8fcd8 100644
index c24cb8da88..4462afa041 100644
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -434,6 +434,7 @@ struct rsa_gen_ctx {
@@ -222,10 +238,10 @@ index 3ba12c4889..ff49f8fcd8 100644
BN_clear_free(gctx->pub_exp);
OPENSSL_free(gctx);
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
index 865d49d100..ebeb30e002 100644
index fe65ed8dc6..f158105e71 100644
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
@@ -32,7 +32,7 @@
@@ -33,7 +33,7 @@
#include "crypto/ec.h"
#include "prov/der_ec.h"
@@ -234,7 +250,7 @@ index 865d49d100..ebeb30e002 100644
static OSSL_FUNC_signature_sign_init_fn ecdsa_sign_init;
static OSSL_FUNC_signature_verify_init_fn ecdsa_verify_init;
static OSSL_FUNC_signature_sign_fn ecdsa_sign;
@@ -43,7 +43,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn ecdsa_digest_sign_final;
@@ -44,7 +44,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn ecdsa_digest_sign_final;
static OSSL_FUNC_signature_digest_verify_init_fn ecdsa_digest_verify_init;
static OSSL_FUNC_signature_digest_verify_update_fn ecdsa_digest_signverify_update;
static OSSL_FUNC_signature_digest_verify_final_fn ecdsa_digest_verify_final;
@@ -243,8 +259,8 @@ index 865d49d100..ebeb30e002 100644
static OSSL_FUNC_signature_dupctx_fn ecdsa_dupctx;
static OSSL_FUNC_signature_get_ctx_params_fn ecdsa_get_ctx_params;
static OSSL_FUNC_signature_gettable_ctx_params_fn ecdsa_gettable_ctx_params;
@@ -104,7 +104,7 @@ typedef struct {
#endif
@@ -107,7 +107,7 @@ typedef struct {
unsigned int nonce_type;
} PROV_ECDSA_CTX;
-static void *ecdsa_newctx(void *provctx, const char *propq)
@@ -252,7 +268,7 @@ index 865d49d100..ebeb30e002 100644
{
PROV_ECDSA_CTX *ctx;
@@ -370,7 +370,7 @@ int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig,
@@ -380,7 +380,7 @@ int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig,
return ecdsa_verify(ctx, sig, siglen, digest, (size_t)dlen);
}
@@ -261,7 +277,7 @@ index 865d49d100..ebeb30e002 100644
{
PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
@@ -581,6 +581,35 @@ static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx)
@@ -601,6 +601,35 @@ static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx)
return EVP_MD_settable_ctx_params(ctx->md);
}
@@ -298,7 +314,7 @@ index 865d49d100..ebeb30e002 100644
{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx },
{ OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_sign_init },
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index cd5de6bd51..d4261e8f7d 100644
index 76db37dd02..22d93ead53 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -34,7 +34,7 @@
@@ -328,7 +344,7 @@ index cd5de6bd51..d4261e8f7d 100644
{
PROV_RSA_CTX *prsactx = NULL;
char *propq_copy = NULL;
@@ -977,7 +977,7 @@ int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig,
@@ -974,7 +974,7 @@ int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig,
return rsa_verify(vprsactx, sig, siglen, digest, (size_t)dlen);
}
@@ -337,7 +353,7 @@ index cd5de6bd51..d4261e8f7d 100644
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
@@ -1455,6 +1455,45 @@ static const OSSL_PARAM *rsa_settable_ctx_md_params(void *vprsactx)
@@ -1451,6 +1451,45 @@ static const OSSL_PARAM *rsa_settable_ctx_md_params(void *vprsactx)
return EVP_MD_settable_ctx_params(prsactx->md);
}
@@ -384,5 +400,5 @@ index cd5de6bd51..d4261e8f7d 100644
{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx },
{ OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init },
--
2.41.0
2.44.0

128
openssl-FIPS-140-3-zeroization.patch
View File

@@ -1,68 +1,8 @@
Index: openssl-3.1.4/crypto/ffc/ffc_params.c
Index: openssl-3.2.3/crypto/ec/ec_lib.c
===================================================================
--- openssl-3.1.4.orig/crypto/ffc/ffc_params.c
+++ openssl-3.1.4/crypto/ffc/ffc_params.c
@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *pa
void ossl_ffc_params_cleanup(FFC_PARAMS *params)
{
- BN_free(params->p);
- BN_free(params->q);
- BN_free(params->g);
- BN_free(params->j);
+ BN_clear_free(params->p);
+ BN_clear_free(params->q);
+ BN_clear_free(params->g);
+ BN_clear_free(params->j);
OPENSSL_free(params->seed);
ossl_ffc_params_init(params);
}
Index: openssl-3.1.4/crypto/rsa/rsa_lib.c
===================================================================
--- openssl-3.1.4.orig/crypto/rsa/rsa_lib.c
+++ openssl-3.1.4/crypto/rsa/rsa_lib.c
@@ -155,8 +155,8 @@ void RSA_free(RSA *r)
CRYPTO_THREAD_lock_free(r->lock);
- BN_free(r->n);
- BN_free(r->e);
+ BN_clear_free(r->n);
+ BN_clear_free(r->e);
BN_clear_free(r->d);
BN_clear_free(r->p);
BN_clear_free(r->q);
Index: openssl-3.1.4/providers/implementations/kdfs/hkdf.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/kdfs/hkdf.c
+++ openssl-3.1.4/providers/implementations/kdfs/hkdf.c
@@ -118,7 +118,7 @@ static void kdf_hkdf_reset(void *vctx)
void *provctx = ctx->provctx;
ossl_prov_digest_reset(&ctx->digest);
- OPENSSL_free(ctx->salt);
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
OPENSSL_free(ctx->prefix);
OPENSSL_free(ctx->label);
OPENSSL_clear_free(ctx->data, ctx->data_len);
Index: openssl-3.1.4/providers/implementations/kdfs/pbkdf2.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/kdfs/pbkdf2.c
+++ openssl-3.1.4/providers/implementations/kdfs/pbkdf2.c
@@ -92,7 +92,7 @@ static void *kdf_pbkdf2_new(void *provct
static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx)
{
ossl_prov_digest_reset(&ctx->digest);
- OPENSSL_free(ctx->salt);
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
OPENSSL_clear_free(ctx->pass, ctx->pass_len);
memset(ctx, 0, sizeof(*ctx));
}
Index: openssl-3.1.4/crypto/ec/ec_lib.c
===================================================================
--- openssl-3.1.4.orig/crypto/ec/ec_lib.c
+++ openssl-3.1.4/crypto/ec/ec_lib.c
@@ -752,12 +752,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *g
--- openssl-3.2.3.orig/crypto/ec/ec_lib.c
+++ openssl-3.2.3/crypto/ec/ec_lib.c
@@ -743,12 +743,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *g
void EC_POINT_free(EC_POINT *point)
{
@@ -79,3 +19,63 @@ Index: openssl-3.1.4/crypto/ec/ec_lib.c
}
void EC_POINT_clear_free(EC_POINT *point)
Index: openssl-3.2.3/crypto/ffc/ffc_params.c
===================================================================
--- openssl-3.2.3.orig/crypto/ffc/ffc_params.c
+++ openssl-3.2.3/crypto/ffc/ffc_params.c
@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *pa
void ossl_ffc_params_cleanup(FFC_PARAMS *params)
{
- BN_free(params->p);
- BN_free(params->q);
- BN_free(params->g);
- BN_free(params->j);
+ BN_clear_free(params->p);
+ BN_clear_free(params->q);
+ BN_clear_free(params->g);
+ BN_clear_free(params->j);
OPENSSL_free(params->seed);
ossl_ffc_params_init(params);
}
Index: openssl-3.2.3/crypto/rsa/rsa_lib.c
===================================================================
--- openssl-3.2.3.orig/crypto/rsa/rsa_lib.c
+++ openssl-3.2.3/crypto/rsa/rsa_lib.c
@@ -159,8 +159,8 @@ void RSA_free(RSA *r)
CRYPTO_THREAD_lock_free(r->lock);
CRYPTO_FREE_REF(&r->references);
- BN_free(r->n);
- BN_free(r->e);
+ BN_clear_free(r->n);
+ BN_clear_free(r->e);
BN_clear_free(r->d);
BN_clear_free(r->p);
BN_clear_free(r->q);
Index: openssl-3.2.3/providers/implementations/kdfs/hkdf.c
===================================================================
--- openssl-3.2.3.orig/providers/implementations/kdfs/hkdf.c
+++ openssl-3.2.3/providers/implementations/kdfs/hkdf.c
@@ -117,7 +117,7 @@ static void kdf_hkdf_reset(void *vctx)
void *provctx = ctx->provctx;
ossl_prov_digest_reset(&ctx->digest);
- OPENSSL_free(ctx->salt);
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
OPENSSL_free(ctx->prefix);
OPENSSL_free(ctx->label);
OPENSSL_clear_free(ctx->data, ctx->data_len);
Index: openssl-3.2.3/providers/implementations/kdfs/pbkdf2.c
===================================================================
--- openssl-3.2.3.orig/providers/implementations/kdfs/pbkdf2.c
+++ openssl-3.2.3/providers/implementations/kdfs/pbkdf2.c
@@ -90,7 +90,7 @@ static void *kdf_pbkdf2_new(void *provct
static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx)
{
ossl_prov_digest_reset(&ctx->digest);
- OPENSSL_free(ctx->salt);
+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
OPENSSL_clear_free(ctx->pass, ctx->pass_len);
memset(ctx, 0, sizeof(*ctx));
}

52
openssl-FIPS-Add-explicit-indicator-for-key-length.patch
View File

@@ -20,11 +20,11 @@ Signed-off-by: Clemens Lang <cllang@redhat.com>
providers/implementations/macs/hmac_prov.c | 17 +++++++++++++++++
4 files changed, 28 insertions(+)
Index: openssl-3.1.4/include/crypto/evp.h
Index: openssl-3.2.3/include/crypto/evp.h
===================================================================
--- openssl-3.1.4.orig/include/crypto/evp.h
+++ openssl-3.1.4/include/crypto/evp.h
@@ -196,6 +196,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_m
--- openssl-3.2.3.orig/include/crypto/evp.h
+++ openssl-3.2.3/include/crypto/evp.h
@@ -206,6 +206,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_m
const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
@@ -38,11 +38,11 @@ Index: openssl-3.1.4/include/crypto/evp.h
struct evp_mac_st {
OSSL_PROVIDER *prov;
int name_id;
Index: openssl-3.1.4/include/openssl/evp.h
Index: openssl-3.2.3/include/openssl/evp.h
===================================================================
--- openssl-3.1.4.orig/include/openssl/evp.h
+++ openssl-3.1.4/include/openssl/evp.h
@@ -1196,6 +1196,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX
--- openssl-3.2.3.orig/include/openssl/evp.h
+++ openssl-3.2.3/include/openssl/evp.h
@@ -1199,6 +1199,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX
void *arg);
/* MAC stuff */
@@ -52,20 +52,20 @@ Index: openssl-3.1.4/include/openssl/evp.h
EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
const char *properties);
Index: openssl-3.1.4/providers/implementations/macs/hmac_prov.c
Index: openssl-3.2.3/providers/implementations/macs/hmac_prov.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/macs/hmac_prov.c
+++ openssl-3.1.4/providers/implementations/macs/hmac_prov.c
@@ -21,6 +21,8 @@
#include <openssl/evp.h>
#include <openssl/hmac.h>
--- openssl-3.2.3.orig/providers/implementations/macs/hmac_prov.c
+++ openssl-3.2.3/providers/implementations/macs/hmac_prov.c
@@ -23,6 +23,8 @@
#include "internal/ssl3_cbc.h"
+#include "crypto/evp.h"
+
#include "prov/implementations.h"
#include "prov/provider_ctx.h"
#include "prov/provider_util.h"
@@ -244,6 +246,9 @@ static int hmac_final(void *vmacctx, uns
@@ -235,6 +237,9 @@ static int hmac_final(void *vmacctx, uns
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
@@ -75,7 +75,7 @@ Index: openssl-3.1.4/providers/implementations/macs/hmac_prov.c
OSSL_PARAM_END
};
static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx,
@@ -265,6 +270,18 @@ static int hmac_get_ctx_params(void *vma
@@ -256,6 +261,18 @@ static int hmac_get_ctx_params(void *vma
&& !OSSL_PARAM_set_int(p, hmac_block_size(macctx)))
return 0;
@@ -94,15 +94,15 @@ Index: openssl-3.1.4/providers/implementations/macs/hmac_prov.c
return 1;
}
Index: openssl-3.1.4/include/openssl/core_names.h
Index: openssl-3.2.3/util/perl/OpenSSL/paramnames.pm
===================================================================
--- openssl-3.1.4.orig/include/openssl/core_names.h
+++ openssl-3.1.4/include/openssl/core_names.h
@@ -175,6 +175,7 @@ extern "C" {
#define OSSL_MAC_PARAM_SIZE "size" /* size_t */
#define OSSL_MAC_PARAM_BLOCK_SIZE "block-size" /* size_t */
#define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size" /* size_t */
+#define OSSL_MAC_PARAM_SUSE_FIPS_INDICATOR "suse-fips-indicator" /* size_t */
--- openssl-3.2.3.orig/util/perl/OpenSSL/paramnames.pm
+++ openssl-3.2.3/util/perl/OpenSSL/paramnames.pm
@@ -143,6 +143,7 @@ my %params = (
'MAC_PARAM_SIZE' => "size", # size_t
'MAC_PARAM_BLOCK_SIZE' => "block-size", # size_t
'MAC_PARAM_TLS_DATA_SIZE' => "tls-data-size", # size_t
+ 'MAC_PARAM_SUSE_FIPS_INDICATOR' => "suse-fips-indicator", # size_t
/* Known MAC names */
#define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC"
# KDF / PRF parameters
'KDF_PARAM_SECRET' => "secret", # octet string

56
openssl-FIPS-Remove-X9.31-padding-from-FIPS-prov.patch
View File

@@ -1,36 +1,21 @@
From 4de5fa26873297f5c2eeed53e5c988437f837f55 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Thu, 17 Nov 2022 13:53:31 +0100
Subject: [PATCH] signature: Remove X9.31 padding from FIPS prov
From 930e7acf7dd225102b6e88d23f5e2a3f4acea9fa Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Mon, 21 Aug 2023 15:43:57 +0200
Subject: [PATCH 37/48]
0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
The current draft of FIPS 186-5 [1] no longer contains specifications
for X9.31 signature padding. Instead, it contains the following
information in Appendix E:
> ANSI X9.31 was withdrawn, so X9.31 RSA signatures were removed from
> this standard.
Since this situation is unlikely to change in future revisions of the
draft, and future FIPS 140-3 validations of the provider will require
X9.31 to be disabled or marked as not approved with an explicit
indicator, disallow this padding mode now.
Remove the X9.31 tests from the acvp test, since they will always fail
now.
[1]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf
Signed-off-by: Clemens Lang <cllang@redhat.com>
Patch-name: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
Patch-id: 81
---
providers/implementations/signature/rsa_sig.c | 6 +
test/acvp_test.inc | 214 ------------------
2 files changed, 6 insertions(+), 214 deletions(-)
Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
Index: openssl-3.2.3/providers/implementations/signature/rsa_sig.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.1.4/providers/implementations/signature/rsa_sig.c
@@ -1250,7 +1250,13 @@ static int rsa_set_ctx_params(void *vprs
--- openssl-3.2.3.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.2.3/providers/implementations/signature/rsa_sig.c
@@ -1291,7 +1291,13 @@ static int rsa_set_ctx_params(void *vprs
err_extra_text = "No padding not allowed with RSA-PSS";
goto cont;
case RSA_X931_PADDING:
@@ -44,10 +29,10 @@ Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
cont:
if (RSA_test_flags(prsactx->rsa,
RSA_FLAG_TYPE_MASK) == RSA_FLAG_TYPE_RSA)
Index: openssl-3.1.4/test/acvp_test.inc
Index: openssl-3.2.3/test/acvp_test.inc
===================================================================
--- openssl-3.1.4.orig/test/acvp_test.inc
+++ openssl-3.1.4/test/acvp_test.inc
--- openssl-3.2.3.orig/test/acvp_test.inc
+++ openssl-3.2.3/test/acvp_test.inc
@@ -1214,13 +1214,6 @@ static const struct rsa_siggen_st rsa_si
NO_PSS_SALT_LEN,
},
@@ -265,24 +250,13 @@ Index: openssl-3.1.4/test/acvp_test.inc
static const struct rsa_sigver_st rsa_sigver_data[] = {
{
"pkcs1", /* pkcs1v1.5 */
@@ -1850,28 +1647,6 @@ static const struct rsa_sigver_st rsa_si
@@ -1850,17 +1647,6 @@ static const struct rsa_sigver_st rsa_si
NO_PSS_SALT_LEN,
FAIL
},
- {
- "x931",
- 3072,
- "SHA1",
- ITM(rsa_sigverx931_0_msg),
- ITM(rsa_sigverx931_0_n),
- ITM(rsa_sigverx931_0_e),
- ITM(rsa_sigverx931_0_sig),
- NO_PSS_SALT_LEN,
- PASS
- },
- {
- "x931",
- 3072,
- "SHA256",
- ITM(rsa_sigverx931_1_msg),
- ITM(rsa_sigverx931_1_n),

72
openssl-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
View File

@@ -1,22 +1,22 @@
From abeda0b0475adb0d4f89b0c97cfc349779915bbf Mon Sep 17 00:00:00 2001
From 62721a92ebec8746888d94bea0082c8d8763219e Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 29/35]
Date: Wed, 6 Mar 2024 19:17:15 +0100
Subject: [PATCH 27/49]
0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
Patch-name: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
Patch-id: 73
Patch-status: |
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
crypto/rsa/rsa_local.h | 8 ++
crypto/rsa/rsa_oaep.c | 34 ++++++--
include/openssl/core_names.h | 3 +
providers/fips/self_test_data.inc | 79 ++++++++++---------
providers/fips/self_test_kats.c | 7 ++
.../implementations/asymciphers/rsa_enc.c | 41 +++++++++-
6 files changed, 128 insertions(+), 44 deletions(-)
util/perl/OpenSSL/paramnames.pm | 1 +
6 files changed, 126 insertions(+), 44 deletions(-)
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
index ea70da05ad..dde57a1a0e 100644
@@ -36,7 +36,7 @@ index ea70da05ad..dde57a1a0e 100644
+
#endif /* OSSL_CRYPTO_RSA_LOCAL_H */
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index d9be1a4f98..b2f7f7dc4b 100644
index b9030440c4..3d665c3860 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
@@ -75,14 +75,14 @@ index d9be1a4f98..b2f7f7dc4b 100644
memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
/* step 3d: generate random byte string */
+#ifdef FIPS_MODULE
+ if (suse_st_seed != NULL && SUSE_FIPS_asym_cipher_st) {
+ if (suse_st_seed != NULL && SUSE_FIPS_asym_cipher_st) {
+ memcpy(seed, suse_st_seed, mdlen);
+ } else
+#endif
if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0)
goto err;
@@ -138,6 +148,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
@@ -136,6 +146,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
return rv;
}
@@ -101,22 +101,8 @@ index d9be1a4f98..b2f7f7dc4b 100644
int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
const unsigned char *from, int flen,
const unsigned char *param, int plen,
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 5e3c132f5b..c0cce14297 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -471,6 +471,9 @@ extern "C" {
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
+#ifdef FIPS_MODULE
+#define OSSL_ASYM_CIPHER_PARAM_SUSE_KAT_OEAP_SEED "suse-kat-oaep-seed"
+#endif
/*
* Encoder / decoder parameters
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
index e0fdc0daa4..aa2012c04a 100644
index 4b80bb70b9..c33ecd0791 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
@@ -1296,14 +1296,21 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
@@ -222,10 +208,10 @@ index e0fdc0daa4..aa2012c04a 100644
#ifndef OPENSSL_NO_EC
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index 74ee25dcb6..a9bc8be7fa 100644
index f13c41abd6..4ea10670c0 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -641,14 +641,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
@@ -642,14 +642,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
return ret;
}
@@ -248,7 +234,7 @@ index 74ee25dcb6..a9bc8be7fa 100644
}
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index 9cd8904131..40de5ce8fa 100644
index d548560f1f..f3443b0c66 100644
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -30,6 +30,9 @@
@@ -268,10 +254,10 @@ index 9cd8904131..40de5ce8fa 100644
+#ifdef FIPS_MODULE
+ char *suse_st_oaep_seed;
+#endif /* FIPS_MODULE */
/* PKCS#1 v1.5 decryption mode */
unsigned int implicit_rejection;
} PROV_RSA_CTX;
static void *rsa_newctx(void *provctx)
@@ -192,12 +198,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
@@ -193,12 +199,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
}
}
ret =
@@ -295,7 +281,7 @@ index 9cd8904131..40de5ce8fa 100644
if (!ret) {
OPENSSL_free(tbuf);
@@ -328,6 +343,9 @@ static void rsa_freectx(void *vprsactx)
@@ -332,6 +347,9 @@ static void rsa_freectx(void *vprsactx)
EVP_MD_free(prsactx->oaep_md);
EVP_MD_free(prsactx->mgf1_md);
OPENSSL_free(prsactx->oaep_label);
@@ -305,17 +291,17 @@ index 9cd8904131..40de5ce8fa 100644
OPENSSL_free(prsactx);
}
@@ -447,6 +465,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
@@ -455,6 +473,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
NULL, 0),
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
+#ifdef FIPS_MODULE
+ OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_SUSE_KAT_OEAP_SEED, NULL, 0),
+#endif /* FIPS_MODULE */
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL),
OSSL_PARAM_END
};
@@ -456,6 +477,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
@@ -465,6 +486,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
return known_gettable_ctx_params;
}
@@ -326,7 +312,7 @@ index 9cd8904131..40de5ce8fa 100644
static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
@@ -567,6 +592,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
@@ -576,6 +601,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
prsactx->oaep_labellen = tmp_labellen;
}
@@ -345,6 +331,18 @@ index 9cd8904131..40de5ce8fa 100644
p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION);
if (p != NULL) {
unsigned int client_version;
diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
index c37ed7815f..70f7c50fe4 100644
--- a/util/perl/OpenSSL/paramnames.pm
+++ b/util/perl/OpenSSL/paramnames.pm
@@ -401,6 +401,7 @@ my %params = (
'ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION' => "tls-client-version",
'ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION' => "tls-negotiated-version",
'ASYM_CIPHER_PARAM_IMPLICIT_REJECTION' => "implicit-rejection",
+ 'ASYM_CIPHER_PARAM_SUSE_KAT_OEAP_SEED' => "suse-kat-oaep-seed",
# Encoder / decoder parameters
--
2.41.0
2.44.0

141
openssl-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
View File

@@ -1,32 +1,25 @@
From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Fri, 15 Jul 2022 17:45:40 +0200
Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test
From dc41625dc4a793f0e21188165711181ca085339b Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:16 +0100
Subject: [PATCH 28/49]
0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
In review for FIPS 140-3, the lack of a self-test for the digest_sign
and digest_verify provider functions was highlighted as a problem. NIST
no longer provides ACVP tests for the RSA SigVer primitive (see
https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3
recommends the use of functions that compute the digest and signature
within the module, we have been advised in our module review that the
self tests should also use the combined digest and signature APIs, i.e.
the digest_sign and digest_verify provider functions.
Modify the signature self-test to use these instead by switching to
EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to
crypto/evp/m_sigver.c to make these functions usable in the FIPS module.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Patch-name: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
Patch-id: 74
Patch-status: |
# [PATCH 29/46]
# 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------
providers/fips/self_test_kats.c | 37 +++++++++++++++-------------
2 files changed, 56 insertions(+), 24 deletions(-)
crypto/evp/m_sigver.c | 54 ++++++++++++++++++++++++++++-----
providers/fips/self_test_kats.c | 43 +++++++++++++++-----------
2 files changed, 73 insertions(+), 24 deletions(-)
Index: openssl-3.1.4/crypto/evp/m_sigver.c
Index: openssl-3.2.3/crypto/evp/m_sigver.c
===================================================================
--- openssl-3.1.4.orig/crypto/evp/m_sigver.c
+++ openssl-3.1.4/crypto/evp/m_sigver.c
@@ -90,6 +90,7 @@ static int update(EVP_MD_CTX *ctx, const
--- openssl-3.2.3.orig/crypto/evp/m_sigver.c
+++ openssl-3.2.3/crypto/evp/m_sigver.c
@@ -86,6 +86,7 @@ static int update(EVP_MD_CTX *ctx, const
ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED);
return 0;
}
@@ -34,7 +27,7 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
/*
* If we get the "NULL" md then the name comes back as "UNDEF". We want to use
@@ -125,8 +126,10 @@ static int do_sigver_init(EVP_MD_CTX *ct
@@ -121,8 +122,10 @@ static int do_sigver_init(EVP_MD_CTX *ct
reinit = 0;
if (e == NULL)
ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
@@ -45,7 +38,7 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
}
if (ctx->pctx == NULL)
return 0;
@@ -134,8 +137,10 @@ static int do_sigver_init(EVP_MD_CTX *ct
@@ -132,8 +135,10 @@ static int do_sigver_init(EVP_MD_CTX *ct
locpctx = ctx->pctx;
ERR_set_mark();
@@ -56,7 +49,7 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
/* do not reinitialize if pkey is set or operation is different */
if (reinit
@@ -220,8 +225,10 @@ static int do_sigver_init(EVP_MD_CTX *ct
@@ -218,8 +223,10 @@ static int do_sigver_init(EVP_MD_CTX *ct
signature =
evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
supported_sig, locpctx->propquery);
@@ -67,7 +60,7 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
break;
}
if (signature == NULL)
@@ -305,6 +312,7 @@ static int do_sigver_init(EVP_MD_CTX *ct
@@ -303,6 +310,7 @@ static int do_sigver_init(EVP_MD_CTX *ct
ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
if (ctx->fetched_digest != NULL) {
ctx->digest = ctx->reqdigest = ctx->fetched_digest;
@@ -75,7 +68,7 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
} else {
/* legacy engine support : remove the mark when this is deleted */
ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
@@ -313,11 +321,13 @@ static int do_sigver_init(EVP_MD_CTX *ct
@@ -311,11 +319,13 @@ static int do_sigver_init(EVP_MD_CTX *ct
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
goto err;
}
@@ -89,7 +82,7 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
if (ctx->reqdigest != NULL
&& !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
@@ -329,6 +339,7 @@ static int do_sigver_init(EVP_MD_CTX *ct
@@ -327,6 +337,7 @@ static int do_sigver_init(EVP_MD_CTX *ct
goto err;
}
}
@@ -97,7 +90,7 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
if (ver) {
if (signature->digest_verify_init == NULL) {
@@ -361,6 +372,7 @@ static int do_sigver_init(EVP_MD_CTX *ct
@@ -359,6 +370,7 @@ static int do_sigver_init(EVP_MD_CTX *ct
EVP_KEYMGMT_free(tmp_keymgmt);
return 0;
@@ -105,7 +98,7 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
legacy:
/*
* If we don't have the full support we need with provided methods,
@@ -432,6 +444,7 @@ static int do_sigver_init(EVP_MD_CTX *ct
@@ -430,6 +442,7 @@ static int do_sigver_init(EVP_MD_CTX *ct
ctx->pctx->flag_call_digest_custom = 1;
ret = 1;
@@ -113,7 +106,7 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
end:
#ifndef FIPS_MODULE
@@ -474,7 +487,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx
@@ -472,7 +485,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx
return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1,
NULL);
}
@@ -121,7 +114,7 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
{
@@ -536,23 +548,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *c
@@ -544,24 +556,30 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *c
return EVP_DigestUpdate(ctx, data, dsize);
}
@@ -130,14 +123,19 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
size_t *siglen)
{
- int sctx = 0, r = 0;
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx;
+ int r = 0;
+#ifndef FIPS_MODULE
+ int sctx = 0;
+ EVP_PKEY_CTX *dctx;
+ EVP_PKEY_CTX *dctx = NULL;
+#endif /* !defined(FIPS_MODULE) */
+ EVP_PKEY_CTX *pctx = ctx->pctx;
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
return 0;
}
+#ifndef FIPS_MODULE
if (pctx == NULL
|| pctx->operation != EVP_PKEY_OP_SIGNCTX
@@ -146,26 +144,26 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
goto legacy;
+#endif /* !defined(FIPS_MODULE) */
if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
sigret, siglen,
sigret == NULL ? 0 : *siglen);
+#ifndef FIPS_MODULE
dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx == NULL)
return 0;
@@ -561,8 +579,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx,
sigret, siglen,
*siglen);
EVP_PKEY_CTX_free(dctx);
+#endif /* defined(FIPS_MODULE) */
if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
/* try dup */
dctx = EVP_PKEY_CTX_dup(pctx);
@@ -576,7 +594,14 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx,
else
EVP_PKEY_CTX_free(dctx);
return r;
+#else
+ r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
+ sigret, siglen,
+ sigret == NULL ? 0 : *siglen);
+ return r;
+#endif /* !defined(FIPS_MODULE) */
+#ifndef FIPS_MODULE
legacy:
if (pctx == NULL || pctx->pmeth == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
@@ -634,6 +654,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx,
@@ -649,6 +674,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx,
}
}
return 1;
@@ -173,7 +171,7 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
}
int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
@@ -664,21 +685,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsi
@@ -687,23 +713,29 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsi
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen)
{
@@ -183,11 +181,16 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
+ unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen = 0;
int vctx = 0;
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
+ EVP_PKEY_CTX *dctx;
- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx;
+ EVP_PKEY_CTX *dctx = NULL;
+#endif /* !defined(FIPS_MODULE) */
+ EVP_PKEY_CTX *pctx = ctx->pctx;
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
return 0;
}
+#ifndef FIPS_MODULE
if (pctx == NULL
|| pctx->operation != EVP_PKEY_OP_VERIFYCTX
@@ -196,25 +199,25 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
goto legacy;
+#endif /* !defined(FIPS_MODULE) */
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
sig, siglen);
+#ifndef FIPS_MODULE
dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx == NULL)
return 0;
@@ -686,8 +713,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct
r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx,
sig, siglen);
EVP_PKEY_CTX_free(dctx);
+#endif /* !defined(FIPS_MODULE) */
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
/* try dup */
dctx = EVP_PKEY_CTX_dup(pctx);
@@ -717,7 +749,13 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct
else
EVP_PKEY_CTX_free(dctx);
return r;
+#else
+ r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
+ sig, siglen);
+ return r;
+#endif /* !defined(FIPS_MODULE) */
+#ifndef FIPS_MODULE
legacy:
if (pctx == NULL || pctx->pmeth == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
@@ -727,6 +756,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct
@@ -758,6 +796,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ct
if (vctx || !r)
return r;
return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
@@ -222,15 +225,15 @@ Index: openssl-3.1.4/crypto/evp/m_sigver.c
}
int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
@@ -752,4 +782,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, co
@@ -790,4 +829,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, co
return -1;
return EVP_DigestVerifyFinal(ctx, sigret, siglen);
}
-#endif /* FIPS_MODULE */
Index: openssl-3.1.4/providers/fips/self_test_kats.c
Index: openssl-3.2.3/providers/fips/self_test_kats.c
===================================================================
--- openssl-3.1.4.orig/providers/fips/self_test_kats.c
+++ openssl-3.1.4/providers/fips/self_test_kats.c
--- openssl-3.2.3.orig/providers/fips/self_test_kats.c
+++ openssl-3.2.3/providers/fips/self_test_kats.c
@@ -450,10 +450,13 @@ static int self_test_sign(const ST_KAT_S
int ret = 0;
OSSL_PARAM *params = NULL, *params_sig = NULL;

30
openssl-FIPS-early-KATS.patch
View File

@@ -1,8 +1,22 @@
Index: openssl-3.1.4/providers/fips/self_test.c
From ba6e65e2f7e7fe8d9cd62e1e7e345bc41dda424f Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 19 Oct 2023 13:12:40 +0200
Subject: [PATCH 21/46] 0047-FIPS-early-KATS.patch
Patch-name: 0047-FIPS-early-KATS.patch
Patch-id: 47
Patch-status: |
# # Execute KATS before HMAC verification
From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
---
providers/fips/self_test.c | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
Index: openssl-3.2.3/providers/fips/self_test.c
===================================================================
--- openssl-3.1.4.orig/providers/fips/self_test.c
+++ openssl-3.1.4/providers/fips/self_test.c
@@ -401,6 +401,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
--- openssl-3.2.3.orig/providers/fips/self_test.c
+++ openssl-3.2.3/providers/fips/self_test.c
@@ -507,6 +507,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
if (ev == NULL)
goto end;
@@ -16,10 +30,10 @@ Index: openssl-3.1.4/providers/fips/self_test.c
+ }
+ }
+
module_checksum = fips_hmac_container;
checksum_len = sizeof(fips_hmac_container);
@@ -451,18 +461,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
if (st->module_checksum_data == NULL) {
module_checksum = fips_hmac_container;
checksum_len = sizeof(fips_hmac_container);
@@ -575,18 +585,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
}
}

264
openssl-FIPS-embed-hmac.patch
View File

@@ -1,30 +1,32 @@
From e364a858262c8f563954544cc81e66f1b3b8db8c Mon Sep 17 00:00:00 2001
From 831d0025257fd3746ab3fe30c05dbbfc0043f78e Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 19 Oct 2023 13:12:40 +0200
Subject: [PATCH 16/46] 0033-FIPS-embed-hmac.patch
Date: Wed, 6 Mar 2024 19:17:15 +0100
Subject: [PATCH 16/49] 0033-FIPS-embed-hmac.patch
Patch-name: 0033-FIPS-embed-hmac.patch
Patch-id: 33
Patch-status: |
# # Embed HMAC into the fips.so
From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
# Modify fips self test as per
# https://github.com/simo5/openssl/commit/9b95ef8bd2f5ac862e5eee74c724b535f1a8578a
From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
providers/fips/self_test.c | 70 ++++++++++++++++++++++++---
test/fipsmodule.cnf | 2 +
test/recipes/00-prep_fipsmodule_cnf.t | 2 +-
test/recipes/01-test_fipsmodule_cnf.t | 2 +-
test/recipes/03-test_fipsinstall.t | 2 +-
test/recipes/30-test_defltfips.t | 2 +-
test/recipes/80-test_ssl_new.t | 2 +-
test/recipes/90-test_sslapi.t | 2 +-
8 files changed, 71 insertions(+), 13 deletions(-)
providers/fips/self_test.c | 204 ++++++++++++++++++++++++--
test/fipsmodule.cnf | 2 +
test/recipes/00-prep_fipsmodule_cnf.t | 2 +-
test/recipes/01-test_fipsmodule_cnf.t | 2 +-
test/recipes/03-test_fipsinstall.t | 2 +-
test/recipes/30-test_defltfips.t | 2 +-
test/recipes/80-test_ssl_new.t | 2 +-
test/recipes/90-test_sslapi.t | 2 +-
8 files changed, 200 insertions(+), 18 deletions(-)
create mode 100644 test/fipsmodule.cnf
Index: openssl-3.1.7/providers/fips/self_test.c
Index: openssl-3.2.3/providers/fips/self_test.c
===================================================================
--- openssl-3.1.7.orig/providers/fips/self_test.c
+++ openssl-3.1.7/providers/fips/self_test.c
@@ -230,11 +230,27 @@ err:
--- openssl-3.2.3.orig/providers/fips/self_test.c
+++ openssl-3.2.3/providers/fips/self_test.c
@@ -230,11 +230,133 @@ err:
return ok;
}
@@ -40,6 +42,7 @@ Index: openssl-3.1.7/providers/fips/self_test.c
* the result matches the expected value.
* Return 1 if verified, or 0 if it fails.
*/
+
+#ifndef __USE_GNU
+#define __USE_GNU
+#include <dlfcn.h>
@@ -48,11 +51,116 @@ Index: openssl-3.1.7/providers/fips/self_test.c
+#include <dlfcn.h>
+#endif
+#include <link.h>
+
+static int verify_integrity_rodata(OSSL_CORE_BIO *bio,
+ OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
+ unsigned char *expected, size_t expected_len,
+ OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
+ const char *event_type)
+{
+ int ret = 0, status;
+ unsigned char out[MAX_MD_SIZE];
+ unsigned char buf[INTEGRITY_BUF_SIZE];
+ size_t bytes_read = 0, out_len = 0;
+ EVP_MAC *mac = NULL;
+ EVP_MAC_CTX *ctx = NULL;
+ OSSL_PARAM params[2], *p = params;
+ Dl_info info;
+ void *extra_info = NULL;
+ struct link_map *lm = NULL;
+ unsigned long paddr;
+ unsigned long off = 0;
+
+ if (expected_len != HMAC_LEN)
+ goto err;
+
+ if (!integrity_self_test(ev, libctx))
+ goto err;
+
+ OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
+
+ if (!dladdr1 ((const void *)fips_hmac_container,
+ &info, &extra_info, RTLD_DL_LINKMAP))
+ goto err;
+ lm = extra_info;
+ paddr = (unsigned long)fips_hmac_container - lm->l_addr;
+
+ mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
+ if (mac == NULL)
+ goto err;
+ ctx = EVP_MAC_CTX_new(mac);
+ if (ctx == NULL)
+ goto err;
+
+ *p++ = OSSL_PARAM_construct_utf8_string("digest", DIGEST_NAME, 0);
+ *p = OSSL_PARAM_construct_end();
+
+ if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
+ goto err;
+
+ while ((off + INTEGRITY_BUF_SIZE) <= paddr) {
+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
+ if (status != 1)
+ break;
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
+ goto err;
+ off += bytes_read;
+ }
+
+ if (off < paddr) {
+ int delta = paddr - off;
+ status = read_ex_cb(bio, buf, delta, &bytes_read);
+ if (status != 1)
+ goto err;
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
+ goto err;
+ off += bytes_read;
+ }
+
+ /* read away the buffer */
+ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read);
+ if (status != 1)
+ goto err;
+
+ /* check that it is the expect bytes, no point in continuing otherwise */
+ if (memcmp(expected, buf, HMAC_LEN) != 0)
+ goto err;
+
+ /* replace in-file HMAC buffer with the original zeros */
+ memset(buf, 0, HMAC_LEN);
+ if (!EVP_MAC_update(ctx, buf, HMAC_LEN))
+ goto err;
+ off += HMAC_LEN;
+
+ while (bytes_read > 0) {
+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
+ if (status != 1)
+ break;
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
+ goto err;
+ off += bytes_read;
+ }
+
+ if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
+ goto err;
+
+ OSSL_SELF_TEST_oncorrupt_byte(ev, out);
+ if (expected_len != out_len
+ || memcmp(expected, out, out_len) != 0)
+ goto err;
+ ret = 1;
+err:
+ OPENSSL_cleanse(out, MAX_MD_SIZE);
+ OSSL_SELF_TEST_onend(ev, ret);
+ EVP_MAC_CTX_free(ctx);
+ EVP_MAC_free(mac);
+ return ret;
+}
+
static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
unsigned char *expected, size_t expected_len,
OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
@@ -247,12 +263,23 @@ static int verify_integrity(OSSL_CORE_BI
@@ -247,12 +369,23 @@ static int verify_integrity(OSSL_CORE_BI
EVP_MAC *mac = NULL;
EVP_MAC_CTX *ctx = NULL;
OSSL_PARAM params[2], *p = params;
@@ -76,7 +184,7 @@ Index: openssl-3.1.7/providers/fips/self_test.c
mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
if (mac == NULL)
goto err;
@@ -266,13 +293,42 @@ static int verify_integrity(OSSL_CORE_BI
@@ -266,13 +399,42 @@ static int verify_integrity(OSSL_CORE_BI
if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
goto err;
@@ -84,12 +192,12 @@ Index: openssl-3.1.7/providers/fips/self_test.c
- status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read);
+ while ((off + INTEGRITY_BUF_SIZE) <= paddr) {
+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
+ if (status != 1)
+ break;
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
+ goto err;
+ off += bytes_read;
+ }
if (status != 1)
break;
if (!EVP_MAC_update(ctx, buf, bytes_read))
goto err;
+ off += bytes_read;
}
+
+ if (off + INTEGRITY_BUF_SIZE > paddr) {
+ int delta = paddr - off;
@@ -98,7 +206,7 @@ Index: openssl-3.1.7/providers/fips/self_test.c
+ goto err;
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
+ goto err;
+ off += bytes_read;
+ off += bytes_read;
+
+ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read);
+ memset(buf, 0, HMAC_LEN);
@@ -106,22 +214,22 @@ Index: openssl-3.1.7/providers/fips/self_test.c
+ goto err;
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
+ goto err;
+ off += bytes_read;
+ off += bytes_read;
+ }
+
+ while (bytes_read > 0) {
+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
if (status != 1)
break;
if (!EVP_MAC_update(ctx, buf, bytes_read))
goto err;
+ off += bytes_read;
}
+ if (status != 1)
+ break;
+ if (!EVP_MAC_update(ctx, buf, bytes_read))
+ goto err;
+ off += bytes_read;
+ }
+
if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
goto err;
@@ -282,6 +338,7 @@ static int verify_integrity(OSSL_CORE_BI
@@ -282,6 +444,7 @@ static int verify_integrity(OSSL_CORE_BI
goto err;
ret = 1;
err:
@@ -129,7 +237,7 @@ Index: openssl-3.1.7/providers/fips/self_test.c
OSSL_SELF_TEST_onend(ev, ret);
EVP_MAC_CTX_free(ctx);
EVP_MAC_free(mac);
@@ -335,8 +392,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
@@ -335,8 +498,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
return 0;
}
@@ -139,19 +247,57 @@ Index: openssl-3.1.7/providers/fips/self_test.c
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
goto end;
}
@@ -345,8 +401,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
@@ -345,8 +507,14 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
if (ev == NULL)
goto end;
- module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data,
- &checksum_len);
+ module_checksum = fips_hmac_container;
+ checksum_len = sizeof(fips_hmac_container);
+ if (st->module_checksum_data == NULL) {
+ module_checksum = fips_hmac_container;
+ checksum_len = sizeof(fips_hmac_container);
+ } else {
+ module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data,
+ &checksum_len);
+ }
+
if (module_checksum == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
goto end;
@@ -420,7 +477,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
@@ -354,14 +522,27 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
bio_module = (*st->bio_new_file_cb)(st->module_filename, "rb");
/* Always check the integrity of the fips module */
- if (bio_module == NULL
- || !verify_integrity(bio_module, st->bio_read_ex_cb,
- module_checksum, checksum_len, st->libctx,
- ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
+ if (bio_module == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
goto end;
}
-
+ if (st->module_checksum_data == NULL) {
+ if (!verify_integrity_rodata(bio_module, st->bio_read_ex_cb,
+ module_checksum, checksum_len,
+ st->libctx, ev,
+ OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
+ goto end;
+ }
+ } else {
+ if (!verify_integrity(bio_module, st->bio_read_ex_cb,
+ module_checksum, checksum_len,
+ st->libctx, ev,
+ OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
+ goto end;
+ }
+ }
/* This will be NULL during installation - so the self test KATS will run */
if (st->indicator_data != NULL) {
/*
@@ -420,7 +601,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
end:
EVP_RAND_free(testrand);
OSSL_SELF_TEST_free(ev);
@@ -159,17 +305,17 @@ Index: openssl-3.1.7/providers/fips/self_test.c
OPENSSL_free(indicator_checksum);
if (st != NULL) {
Index: openssl-3.1.7/test/fipsmodule.cnf
Index: openssl-3.2.3/test/fipsmodule.cnf
===================================================================
--- /dev/null
+++ openssl-3.1.7/test/fipsmodule.cnf
+++ openssl-3.2.3/test/fipsmodule.cnf
@@ -0,0 +1,2 @@
+[fips_sect]
+activate = 1
Index: openssl-3.1.7/test/recipes/00-prep_fipsmodule_cnf.t
Index: openssl-3.2.3/test/recipes/00-prep_fipsmodule_cnf.t
===================================================================
--- openssl-3.1.7.orig/test/recipes/00-prep_fipsmodule_cnf.t
+++ openssl-3.1.7/test/recipes/00-prep_fipsmodule_cnf.t
--- openssl-3.2.3.orig/test/recipes/00-prep_fipsmodule_cnf.t
+++ openssl-3.2.3/test/recipes/00-prep_fipsmodule_cnf.t
@@ -20,7 +20,7 @@ use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
use platform;
@@ -179,10 +325,10 @@ Index: openssl-3.1.7/test/recipes/00-prep_fipsmodule_cnf.t
plan skip_all => "FIPS module config file only supported in a fips build"
if $no_check;
Index: openssl-3.1.7/test/recipes/01-test_fipsmodule_cnf.t
Index: openssl-3.2.3/test/recipes/01-test_fipsmodule_cnf.t
===================================================================
--- openssl-3.1.7.orig/test/recipes/01-test_fipsmodule_cnf.t
+++ openssl-3.1.7/test/recipes/01-test_fipsmodule_cnf.t
--- openssl-3.2.3.orig/test/recipes/01-test_fipsmodule_cnf.t
+++ openssl-3.2.3/test/recipes/01-test_fipsmodule_cnf.t
@@ -23,7 +23,7 @@ use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
use platform;
@@ -192,10 +338,10 @@ Index: openssl-3.1.7/test/recipes/01-test_fipsmodule_cnf.t
plan skip_all => "Test only supported in a fips build"
if $no_check;
plan tests => 1;
Index: openssl-3.1.7/test/recipes/03-test_fipsinstall.t
Index: openssl-3.2.3/test/recipes/03-test_fipsinstall.t
===================================================================
--- openssl-3.1.7.orig/test/recipes/03-test_fipsinstall.t
+++ openssl-3.1.7/test/recipes/03-test_fipsinstall.t
--- openssl-3.2.3.orig/test/recipes/03-test_fipsinstall.t
+++ openssl-3.2.3/test/recipes/03-test_fipsinstall.t
@@ -22,7 +22,7 @@ use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
use platform;
@@ -205,10 +351,10 @@ Index: openssl-3.1.7/test/recipes/03-test_fipsinstall.t
# Compatible options for pedantic FIPS compliance
my @pedantic_okay =
Index: openssl-3.1.7/test/recipes/30-test_defltfips.t
Index: openssl-3.2.3/test/recipes/30-test_defltfips.t
===================================================================
--- openssl-3.1.7.orig/test/recipes/30-test_defltfips.t
+++ openssl-3.1.7/test/recipes/30-test_defltfips.t
--- openssl-3.2.3.orig/test/recipes/30-test_defltfips.t
+++ openssl-3.2.3/test/recipes/30-test_defltfips.t
@@ -24,7 +24,7 @@ use lib bldtop_dir('.');
plan skip_all => "Configuration loading is turned off"
if disabled("autoload-config");
@@ -218,10 +364,10 @@ Index: openssl-3.1.7/test/recipes/30-test_defltfips.t
plan tests =>
($no_fips ? 1 : 5);
Index: openssl-3.1.7/test/recipes/80-test_ssl_new.t
Index: openssl-3.2.3/test/recipes/80-test_ssl_new.t
===================================================================
--- openssl-3.1.7.orig/test/recipes/80-test_ssl_new.t
+++ openssl-3.1.7/test/recipes/80-test_ssl_new.t
--- openssl-3.2.3.orig/test/recipes/80-test_ssl_new.t
+++ openssl-3.2.3/test/recipes/80-test_ssl_new.t
@@ -27,7 +27,7 @@ setup("test_ssl_new");
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
@@ -231,10 +377,10 @@ Index: openssl-3.1.7/test/recipes/80-test_ssl_new.t
$ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
Index: openssl-3.1.7/test/recipes/90-test_sslapi.t
Index: openssl-3.2.3/test/recipes/90-test_sslapi.t
===================================================================
--- openssl-3.1.7.orig/test/recipes/90-test_sslapi.t
+++ openssl-3.1.7/test/recipes/90-test_sslapi.t
--- openssl-3.2.3.orig/test/recipes/90-test_sslapi.t
+++ openssl-3.2.3/test/recipes/90-test_sslapi.t
@@ -14,7 +14,7 @@ BEGIN {
setup("test_sslapi");
}

133
openssl-FIPS-enforce-EMS-support.patch
View File

@@ -22,31 +22,31 @@ Patch-status: |
test/sslapitest.c | 2 +-
11 files changed, 76 insertions(+), 5 deletions(-)
Index: openssl-3.1.4/doc/man3/SSL_CONF_cmd.pod
===================================================================
--- openssl-3.1.4.orig/doc/man3/SSL_CONF_cmd.pod
+++ openssl-3.1.4/doc/man3/SSL_CONF_cmd.pod
@@ -524,6 +524,9 @@ B<ExtendedMasterSecret>: use extended ma
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index ae6ca43282..b83c04a308 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -524,6 +524,9 @@ B<ExtendedMasterSecret>: use extended master secret extension, enabled by
default. Inverse of B<SSL_OP_NO_EXTENDED_MASTER_SECRET>: that is,
B<-ExtendedMasterSecret> is the same as setting B<SSL_OP_NO_EXTENDED_MASTER_SECRET>.
+B<RHNoEnforceEMSinFIPS>: allow establishing connections without EMS in FIPS mode.
+This is a downstream specific option, and normally it should be set up via crypto-policies.
+This is a downstream specific option, and normally it should be set up via crypto policies.
+
B<CANames>: use CA names extension, enabled by
default. Inverse of B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>: that is,
B<-CANames> is the same as setting B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>.
Index: openssl-3.1.4/doc/man5/fips_config.pod
===================================================================
--- openssl-3.1.4.orig/doc/man5/fips_config.pod
+++ openssl-3.1.4/doc/man5/fips_config.pod
@@ -15,6 +15,19 @@ See the documentation for more informati
diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod
index 1c15e32a5c..f2cedaf88d 100644
--- a/doc/man5/fips_config.pod
+++ b/doc/man5/fips_config.pod
@@ -15,6 +15,19 @@ for more information.
This functionality was added in OpenSSL 3.0.
+SUSE Linux Enterprise uses a supplementary downstream config for FIPS module located
+in OpenSSL configuration directory and managed by crypto-policies. If present, it
+should have the following format:
+SUSE Enterprise Linux uses a supplementary config for FIPS module located in
+OpenSSL configuration directory and managed by crypto policies. If present, it
+should have format
+
+ [fips_sect]
+ tls1-prf-ems-check = 0
@@ -59,11 +59,11 @@ Index: openssl-3.1.4/doc/man5/fips_config.pod
+
=head1 COPYRIGHT
Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
Index: openssl-3.1.4/include/openssl/fips_names.h
===================================================================
--- openssl-3.1.4.orig/include/openssl/fips_names.h
+++ openssl-3.1.4/include/openssl/fips_names.h
Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/fips_names.h b/include/openssl/fips_names.h
index 5c77f6d691..8cdd5a6bf7 100644
--- a/include/openssl/fips_names.h
+++ b/include/openssl/fips_names.h
@@ -70,6 +70,14 @@ extern "C" {
*/
# define OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
@@ -79,23 +79,23 @@ Index: openssl-3.1.4/include/openssl/fips_names.h
# ifdef __cplusplus
}
# endif
Index: openssl-3.1.4/include/openssl/ssl.h.in
===================================================================
--- openssl-3.1.4.orig/include/openssl/ssl.h.in
+++ openssl-3.1.4/include/openssl/ssl.h.in
@@ -420,6 +420,7 @@ typedef int (*SSL_async_callback_fn)(SSL
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 0b6de603e2..26a69ca282 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -415,6 +415,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
* interoperability with CryptoPro CSP 3.x
*/
# define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31)
+# define SSL_OP_PERMIT_NOEMS_FIPS SSL_OP_BIT(48)
/*
* Option "collections."
Index: openssl-3.1.4/providers/fips/fipsprov.c
===================================================================
--- openssl-3.1.4.orig/providers/fips/fipsprov.c
+++ openssl-3.1.4/providers/fips/fipsprov.c
@@ -105,7 +105,7 @@ void *ossl_fips_prov_ossl_ctx_new(OSSL_L
* Disable RFC8879 certificate compression
* SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 5ff9872bd8..eb9653a9df 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -105,7 +105,7 @@ void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx)
if (fgbl == NULL)
return NULL;
init_fips_option(&fgbl->fips_security_checks, 1);
@@ -104,11 +104,11 @@ Index: openssl-3.1.4/providers/fips/fipsprov.c
init_fips_option(&fgbl->fips_restricted_drgb_digests, 0);
return fgbl;
}
Index: openssl-3.1.4/providers/implementations/kdfs/tls1_prf.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/kdfs/tls1_prf.c
+++ openssl-3.1.4/providers/implementations/kdfs/tls1_prf.c
@@ -222,6 +222,27 @@ static int kdf_tls1_prf_derive(void *vct
diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c
index 25a6c79a2e..79bc7a9719 100644
--- a/providers/implementations/kdfs/tls1_prf.c
+++ b/providers/implementations/kdfs/tls1_prf.c
@@ -222,6 +223,27 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen,
}
}
@@ -136,11 +136,11 @@ Index: openssl-3.1.4/providers/implementations/kdfs/tls1_prf.c
return tls1_prf_alg(ctx->P_hash, ctx->P_sha1,
ctx->sec, ctx->seclen,
ctx->seed, ctx->seedlen,
Index: openssl-3.1.4/ssl/ssl_conf.c
===================================================================
--- openssl-3.1.4.orig/ssl/ssl_conf.c
+++ openssl-3.1.4/ssl/ssl_conf.c
@@ -389,6 +389,7 @@ static int cmd_Options(SSL_CONF_CTX *cct
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 5146cedb96..086db98c33 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -389,6 +389,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
SSL_FLAG_TBL("ClientRenegotiation",
SSL_OP_ALLOW_CLIENT_RENEGOTIATION),
SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
@@ -148,10 +148,10 @@ Index: openssl-3.1.4/ssl/ssl_conf.c
SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA),
Index: openssl-3.1.4/ssl/statem/extensions_srvr.c
===================================================================
--- openssl-3.1.4.orig/ssl/statem/extensions_srvr.c
+++ openssl-3.1.4/ssl/statem/extensions_srvr.c
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 00b1ee531e..22cdabb308 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -11,6 +11,7 @@
#include "../ssl_local.h"
#include "statem_local.h"
@@ -160,13 +160,13 @@ Index: openssl-3.1.4/ssl/statem/extensions_srvr.c
#define COOKIE_STATE_FORMAT_VERSION 1
@@ -1552,8 +1553,13 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s
EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context,
@@ -1552,8 +1553,13 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context,
unsigned int context,
X509 *x, size_t chainidx)
{
- if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
+ if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) {
+ if (FIPS_mode() && !(SSL_get_options(s) & SSL_OP_PERMIT_NOEMS_FIPS) ) {
+ if (FIPS_mode() && !(SSL_get_options(SSL_CONNECTION_GET_SSL(s)) & SSL_OP_PERMIT_NOEMS_FIPS) ) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED);
+ return EXT_RETURN_FAIL;
+ }
@@ -175,10 +175,10 @@ Index: openssl-3.1.4/ssl/statem/extensions_srvr.c
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
|| !WPACKET_put_bytes_u16(pkt, 0)) {
Index: openssl-3.1.4/ssl/t1_enc.c
===================================================================
--- openssl-3.1.4.orig/ssl/t1_enc.c
+++ openssl-3.1.4/ssl/t1_enc.c
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 91238e6457..e8ad8ecd9e 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -20,6 +20,7 @@
#include <openssl/obj_mac.h>
#include <openssl/core_names.h>
@@ -186,7 +186,7 @@ Index: openssl-3.1.4/ssl/t1_enc.c
+#include <openssl/fips.h>
/* seed1 through seed5 are concatenated */
static int tls1_PRF(SSL *s,
static int tls1_PRF(SSL_CONNECTION *s,
@@ -75,8 +76,14 @@ static int tls1_PRF(SSL *s,
}
@@ -198,17 +198,17 @@ Index: openssl-3.1.4/ssl/t1_enc.c
+ if (FIPS_mode() && seed1_len >= TLS_MD_MASTER_SECRET_CONST_SIZE
+ && memcmp(seed1, TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED);
+ else
+ else
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ }
else
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
EVP_KDF_CTX_free(kctx);
Index: openssl-3.1.4/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
===================================================================
--- openssl-3.1.4.orig/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
+++ openssl-3.1.4/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
@@ -22,6 +22,16 @@ Ctrl.client_random = hexseed:36c129d01a3
diff --git a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
index 44040ff66b..deb6bf3fcb 100644
--- a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
@@ -22,6 +22,16 @@ Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587c
Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
@@ -225,3 +225,18 @@ Index: openssl-3.1.4/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
FIPSversion = <=3.1.0
KDF = TLS1-PRF
Ctrl.digest = digest:SHA256
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 169e3c7466..e67b5bb44c 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -574,7 +574,7 @@ static int test_client_cert_verify_cb(void)
STACK_OF(X509) *server_chain;
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
- int testresult = 0;
+ int testresult = 0, status;
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(), TLS1_VERSION, 0,
--
2.41.0

517
openssl-FIPS-limit-rsa-encrypt.patch
View File

@@ -1,38 +1,41 @@
From 56511d480823bedafce604374fa3b15d3b3ffd6b Mon Sep 17 00:00:00 2001
From 012e319b3d5b936a9208b1c75c13d9c4a2d0cc04 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 31 Jul 2023 09:41:28 +0200
Subject: [PATCH 26/48] 0058-FIPS-limit-rsa-encrypt.patch
Date: Wed, 6 Mar 2024 19:17:15 +0100
Subject: [PATCH 24/49] 0058-FIPS-limit-rsa-encrypt.patch
Patch-name: 0058-FIPS-limit-rsa-encrypt.patch
Patch-id: 58
Patch-status: |
# https://bugzilla.redhat.com/show_bug.cgi?id=2053289
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
# # https://bugzilla.redhat.com/show_bug.cgi?id=2053289
From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
providers/common/securitycheck.c | 1 +
.../implementations/asymciphers/rsa_enc.c | 35 +++++++++++
.../30-test_evp_data/evppkey_rsa_common.txt | 58 ++++++++++++++++++-
test/recipes/80-test_cms.t | 5 +-
test/recipes/80-test_ssl_old.t | 27 +++++++--
5 files changed, 118 insertions(+), 8 deletions(-)
providers/common/securitycheck.c | 1 +
.../implementations/asymciphers/rsa_enc.c | 35 +++++
.../30-test_evp_data/evppkey_rsa_common.txt | 140 +++++++++++++-----
test/recipes/80-test_cms.t | 5 +-
test/recipes/80-test_ssl_old.t | 27 +++-
5 files changed, 168 insertions(+), 40 deletions(-)
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
index e534ad0a5f..c017c658e5 100644
--- a/providers/common/securitycheck.c
+++ b/providers/common/securitycheck.c
@@ -27,6 +27,7 @@
Index: openssl-3.2.3/providers/common/securitycheck.c
===================================================================
--- openssl-3.2.3.orig/providers/common/securitycheck.c
+++ openssl-3.2.3/providers/common/securitycheck.c
@@ -27,6 +27,10 @@
* Set protect = 1 for encryption or signing operations, or 0 otherwise. See
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
*/
+/* SUSE build implements some extra limitations in providers/implementations/asymciphers/rsa_enc.c */
+/*
+ * SUSE/openSUSE builds implement some extra limitations in
+ * providers/implementations/asymciphers/rsa_enc.c
+ */
int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation)
{
int protect = 0;
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index d865968058..872967bcb3 100644
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -132,6 +132,17 @@ static int rsa_decrypt_init(void *vprsactx, void *vrsa,
Index: openssl-3.2.3/providers/implementations/asymciphers/rsa_enc.c
===================================================================
--- openssl-3.2.3.orig/providers/implementations/asymciphers/rsa_enc.c
+++ openssl-3.2.3/providers/implementations/asymciphers/rsa_enc.c
@@ -135,6 +135,17 @@ static int rsa_decrypt_init(void *vprsac
return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT);
}
@@ -50,7 +53,7 @@ index d865968058..872967bcb3 100644
static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
size_t outsize, const unsigned char *in, size_t inlen)
{
@@ -141,6 +152,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
@@ -144,6 +155,18 @@ static int rsa_encrypt(void *vprsactx, u
if (!ossl_prov_is_running())
return 0;
@@ -69,7 +72,7 @@ index d865968058..872967bcb3 100644
if (out == NULL) {
size_t len = RSA_size(prsactx->rsa);
@@ -204,6 +227,18 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
@@ -206,6 +229,18 @@ static int rsa_decrypt(void *vprsactx, u
if (!ossl_prov_is_running())
return 0;
@@ -88,11 +91,11 @@ index d865968058..872967bcb3 100644
if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) {
if (out == NULL) {
*outlen = SSL_MAX_MASTER_KEY_LENGTH;
diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
index 8680797b90..95d5d51102 100644
--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
@@ -248,13 +248,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e377
Index: openssl-3.2.3/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
===================================================================
--- openssl-3.2.3.orig/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+++ openssl-3.2.3/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
@@ -263,13 +263,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974
Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
# RSA decrypt
@@ -102,13 +105,394 @@ index 8680797b90..95d5d51102 100644
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
Output = "Hello World"
# Corrupted ciphertext
-FIPSversion = <3.2.0
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# Note: disable the Bleichenbacher workaround to see if it passes
Decrypt = RSA-2048
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79
Ctrl = rsa_pkcs1_implicit_rejection:0
@@ -277,7 +277,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235
Output = "Hello World"
@@ -619,36 +619,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# Corrupted ciphertext
# Note: output is generated synthethically by the Bleichenbacher workaround
Decrypt = RSA-2048
@@ -285,7 +285,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235
Output = 4cbb988d6a46228379132b0b5f8c249b3860043848c93632fb982c807c7c82fffc7a9ef83f4908f890373ac181ffea6381e103bcaa27e65638b6ecebef38b59ed4226a9d12af675cfcb634d8c40e7a7aff
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# Corrupted ciphertext
# Note: disable the Bleichenbacher workaround to see if it fails
Decrypt = RSA-2048
@@ -360,82 +360,90 @@ PrivPubKeyPair = RSA-2048-2:RSA-2048-2-P
# RSA decrypt
# a random positive test case
+Availablein = default
Decrypt = RSA-2048-2
Input = 8bfe264e85d3bdeaa6b8851b8e3b956ee3d226fd3f69063a86880173a273d9f283b2eebdd1ed35f7e02d91c571981b6737d5320bd8396b0f3ad5b019daec1b0aab3cbbc026395f4fd14f13673f2dfc81f9b660ec26ac381e6db3299b4e460b43fab9955df2b3cfaa20e900e19c856238fd371899c2bf2ce8c868b76754e5db3b036533fd603746be13c10d4e3e6022ebc905d20c2a7f32b215a4cd53b3f44ca1c327d2c2b651145821c08396c89071f665349c25e44d2733cd9305985ceef6430c3cf57af5fa224089221218fa34737c79c446d28a94c41c96e4e92ac53fbcf384dea8419ea089f8784445a492c812eb0d409467f75afd7d4d1078886205a066
Output = "lorem ipsum dolor sit amet"
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# a random negative test case decrypting to empty
Decrypt = RSA-2048-2
Input = 20aaa8adbbc593a924ba1c5c7990b5c2242ae4b99d0fe636a19a4cf754edbcee774e472fe028160ed42634f8864900cb514006da642cae6ae8c7d087caebcfa6dad1551301e130344989a1d462d4164505f6393933450c67bc6d39d8f5160907cabc251b737925a1cf21e5c6aa5781b7769f6a2a583d97cce008c0f8b6add5f0b2bd80bee60237aa39bb20719fe75749f4bc4e42466ef5a861ae3a92395c7d858d430bfe38040f445ea93fa2958b503539800ffa5ce5f8cf51fa8171a91f36cb4f4575e8de6b4d3f096ee140b938fd2f50ee13f0d050222e2a72b0a3069ff3a6738e82c87090caa5aed4fcbe882c49646aa250b98f12f83c8d528113614a29e7
Output =
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# invalid decrypting to max length message
Decrypt = RSA-2048-2
Input = 48cceab10f39a4db32f60074feea473cbcdb7accf92e150417f76b44756b190e843e79ec12aa85083a21f5437e7bad0a60482e601198f9d86923239c8786ee728285afd0937f7dde12717f28389843d7375912b07b991f4fdb0190fced8ba665314367e8c5f9d2981d0f5128feeb46cb50fc237e64438a86df198dd0209364ae3a842d77532b66b7ef263b83b1541ed671b120dfd660462e2107a4ee7b964e734a7bd68d90dda61770658a3c242948532da32648687e0318286473f675b412d6468f013f14d760a358dfcad3cda2afeec5e268a37d250c37f722f468a70dfd92d7294c3c1ee1e7f8843b7d16f9f37ef35748c3ae93aa155cdcdfeb4e78567303
Output = 22d850137b9eebe092b24f602dc5bb7918c16bd89ddbf20467b119d205f9c2e4bd7d2592cf1e532106e0f33557565923c73a02d4f09c0c22bea89148183e60317f7028b3aa1f261f91c979393101d7e15f4067e63979b32751658ef769610fe97cf9cef3278b3117d384051c3b1d82c251c2305418c8f6840530e631aad63e70e20e025bcd8efb54c92ec6d3b106a2f8e64eeff7d38495b0fc50c97138af4b1c0a67a1c4e27b077b8439332edfa8608dfeae653cd6a628ac550395f7e74390e42c11682234870925eeaa1fa71b76cf1f2ee3bda69f6717033ff8b7c95c9799e7a3bea5e7e4a1c359772fb6b1c6e6c516661dfe30c3
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
# invalid decrypting to message with length specified by second to last value from PRF
+Availablein = default
Decrypt = RSA-2048-2
Input = 1439e08c3f84c1a7fec74ce07614b20e01f6fa4e8c2a6cffdc3520d8889e5d9a950c6425798f85d4be38d300ea5695f13ecd4cb389d1ff5b82484b494d6280ab7fa78e645933981cb934cce8bfcd114cc0e6811eefa47aae20af638a1cd163d2d3366186d0a07df0c81f6c9f3171cf3561472e98a6006bf75ddb457bed036dcce199369de7d94ef2c68e8467ee0604eea2b3009479162a7891ba5c40cab17f49e1c438cb6eaea4f76ce23cce0e483ff0e96fa790ea15be67671814342d0a23f4a20262b6182e72f3a67cd289711503c85516a9ed225422f98b116f1ab080a80abd6f0216df88d8cfd67c139243be8dd78502a7aaf6bc99d7da71bcdf627e7354
Output = 0f9b
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# invalid decrypting to message with length specified by third to last value from PRF
Decrypt = RSA-2048-2
Input = 1690ebcceece2ce024f382e467cf8510e74514120937978576caf684d4a02ad569e8d76cbe365a060e00779de2f0865ccf0d923de3b4783a4e2c74f422e2f326086c390b658ba47f31ab013aa80f468c71256e5fa5679b24e83cd82c3d1e05e398208155de2212993cd2b8bab6987cf4cc1293f19909219439d74127545e9ed8a706961b8ee2119f6bfacafbef91b75a789ba65b8b833bc6149cf49b5c4d2c6359f62808659ba6541e1cd24bf7f7410486b5103f6c0ea29334ea6f4975b17387474fe920710ea61568d7b7c0a7916acf21665ad5a31c4eabcde44f8fb6120d8457afa1f3c85d517cda364af620113ae5a3c52a048821731922737307f77a1081
Output = 4f02
# positive test with 11 byte long value
+Availablein = default
Decrypt = RSA-2048-2
Input = 6213634593332c485cef783ea2846e3d6e8b0e005cd8293eaebbaa5079712fd681579bdfbbda138ae4d9d952917a03c92398ec0cb2bb0c6b5a8d55061fed0d0d8d72473563152648cfe640b335dc95331c21cb133a91790fa93ae44497c128708970d2beeb77e8721b061b1c44034143734a77be8220877415a6dba073c3871605380542a9f25252a4babe8331cdd53cf828423f3cc70b560624d0581fb126b2ed4f4ed358f0eb8065cf176399ac1a846a31055f9ae8c9c24a1ba050bc20842125bc1753158f8065f3adb9cc16bfdf83816bdf38b624f12022c5a6fbfe29bc91542be8c0208a770bcd677dc597f5557dc2ce28a11bf3e3857f158717a33f6592
Output = "lorem ipsum"
# positive test with 11 byte long value and zero padded ciphertext
+Availablein = default
Decrypt = RSA-2048-2
Input = 00a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b
Output = "lorem ipsum"
# positive test with 11 byte long value and zero truncated ciphertext
+Availablein = default
Decrypt = RSA-2048-2
Input = a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b
Output = "lorem ipsum"
# positive test with 11 byte long value and double zero padded ciphertext
+Availablein = default
Decrypt = RSA-2048-2
Input = 00001f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc
Output = "lorem ipsum"
# positive test with 11 byte long value and double zero truncated ciphertext
+Availablein = default
Decrypt = RSA-2048-2
Input = 1f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc
Output = "lorem ipsum"
# positive that generates a 0 byte long synthetic message internally
+Availablein = default
Decrypt = RSA-2048-2
Input = b5e49308f6e9590014ffaffc5b8560755739dd501f1d4e9227a7d291408cf4b753f292322ff8bead613bf2caa181b221bc38caf6392deafb28eb21ad60930841ed02fd6225cc9c463409adbe7d8f32440212fbe3881c51375bb09565efb22e62b071472fb38676e5b4e23a0617db5d14d93519ac0007a30a9c822eb31c38b57fcb1be29608fcf1ca2abdcaf5d5752bbc2b5ac7dba5afcff4a5641da360dd01f7112539b1ed46cdb550a3b1006559b9fe1891030ec80f0727c42401ddd6cbb5e3c80f312df6ec89394c5a7118f573105e7ab00fe57833c126141b50a935224842addfb479f75160659ba28877b512bb9a93084ad8bec540f92640f63a11a010e0
Output = "lorem ipsum"
# positive that generates a 245 byte long synthetic message internally
+Availablein = default
Decrypt = RSA-2048-2
Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50
Output = "lorem ipsum"
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# a random negative test that generates an 11 byte long message
Decrypt = RSA-2048-2
Input = 5f02f4b1f46935c742ebe62b6f05aa0a3286aab91a49b34780adde6410ab46f7386e05748331864ac98e1da63686e4babe3a19ed40a7f5ceefb89179596aab07ab1015e03b8f825084dab028b6731288f2e511a4b314b6ea3997d2e8fe2825cef8897cbbdfb6c939d441d6e04948414bb69e682927ef8576c9a7090d4aad0e74c520d6d5ce63a154720f00b76de8cc550b1aa14f016d63a7b6d6eaa1f7dbe9e50200d3159b3d099c900116bf4eba3b94204f18b1317b07529751abf64a26b0a0bf1c8ce757333b3d673211b67cc0653f2fe2620d57c8b6ee574a0323a167eab1106d9bc7fd90d415be5f1e9891a0e6c709f4fc0404e8226f8477b4e939b36eb2
Output = af9ac70191c92413cb9f2d
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# an otherwise correct plaintext, but with wrong first byte
# (0x01 instead of 0x00), generates a random 11 byte long plaintext
Decrypt = RSA-2048-2
@@ -443,7 +451,7 @@ Input = 9b2ec9c0c917c98f1ad3d0119aec6be5
Output = a1f8c9255c35cfba403ccc
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# an otherwise correct plaintext, but with wrong second byte
# (0x01 instead of 0x02), generates a random 11 byte long plaintext
Decrypt = RSA-2048-2
@@ -451,7 +459,7 @@ Input = 782c2b59a21a511243820acedd567c13
Output = e6d700309ca0ed62452254
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# an invalid ciphertext, with a zero byte in first byte of
# ciphertext, decrypts to a random 11 byte long synthetic
# plaintext
@@ -460,7 +468,7 @@ Input = 0096136621faf36d5290b16bd26295de
Output = ba27b1842e7c21c0e7ef6a
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# an invalid ciphertext, with a zero byte removed from first byte of
# ciphertext, decrypts to a random 11 byte long synthetic
# plaintext
@@ -469,7 +477,7 @@ Input = 96136621faf36d5290b16bd26295de27
Output = ba27b1842e7c21c0e7ef6a
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# an invalid ciphertext, with two zero bytes in first bytes of
# ciphertext, decrypts to a random 11 byte long synthetic
# plaintext
@@ -478,7 +486,7 @@ Input = 0000587cccc6b264bdfe0dc2149a9880
Output = d5cf555b1d6151029a429a
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# an invalid ciphertext, with two zero bytes removed from first bytes of
# ciphertext, decrypts to a random 11 byte long synthetic
# plaintext
@@ -487,7 +495,7 @@ Input = 587cccc6b264bdfe0dc2149a988047fa
Output = d5cf555b1d6151029a429a
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# and invalid ciphertext, otherwise valid but starting with 000002, decrypts
# to random 11 byte long synthetic plaintext
Decrypt = RSA-2048-2
@@ -495,7 +503,7 @@ Input = 1786550ce8d8433052e01ecba8b76d30
Output = 3d4a054d9358209e9cbbb9
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# negative test with otherwise valid padding but a zero byte in first byte
# of padding
Decrypt = RSA-2048-2
@@ -503,7 +511,7 @@ Input = 179598823812d2c58a7eb50521150a48
Output = 1f037dd717b07d3e7f7359
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# negative test with otherwise valid padding but a zero byte at the eighth
# byte of padding
Decrypt = RSA-2048-2
@@ -511,7 +519,7 @@ Input = a7a340675a82c30e22219a55bc07cdf3
Output = 63cb0bf65fc8255dd29e17
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# negative test with an otherwise valid plaintext but with missing separator
# byte
Decrypt = RSA-2048-2
@@ -566,53 +574,58 @@ PrivPubKeyPair = RSA-2049:RSA-2049-PUBLI
# RSA decrypt
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# malformed that generates length specified by 3rd last value from PRF
Decrypt = RSA-2049
Input = 00b26f6404b82649629f2704494282443776929122e279a9cf30b0c6fe8122a0a9042870d97cc8ef65490fe58f031eb2442352191f5fbc311026b5147d32df914599f38b825ebb824af0d63f2d541a245c5775d1c4b78630e4996cc5fe413d38455a776cf4edcc0aa7fccb31c584d60502ed2b77398f536e137ff7ba6430e9258e21c2db5b82f5380f566876110ac4c759178900fbad7ab70ea07b1daf7a1639cbb4196543a6cbe8271f35dddb8120304f6eef83059e1c5c5678710f904a6d760c4d1d8ad076be17904b9e69910040b47914a0176fb7eea0c06444a6c4b86d674d19a556a1de5490373cb01ce31bbd15a5633362d3d2cd7d4af1b4c5121288b894
Output = 42
# simple positive test case
+Availablein = default
Decrypt = RSA-2049
Input = 013300edbf0bb3571e59889f7ed76970bf6d57e1c89bbb6d1c3991d9df8e65ed54b556d928da7d768facb395bbcc81e9f8573b45cf8195dbd85d83a59281cddf4163aec11b53b4140053e3bd109f787a7c3cec31d535af1f50e0598d85d96d91ea01913d07097d25af99c67464ebf2bb396fb28a9233e56f31f7e105d71a23e9ef3b736d1e80e713d1691713df97334779552fc94b40dd733c7251bc522b673d3ec9354af3dd4ad44fa71c0662213a57ada1d75149697d0eb55c053aaed5ffd0b815832f454179519d3736fb4faf808416071db0d0f801aca8548311ee708c131f4be658b15f6b54256872c2903ac708bd43b017b073b5707bc84c2cd9da70e967
Output = "lorem ipsum"
# positive test case with null padded ciphertext
+Availablein = default
Decrypt = RSA-2049
Input = 0002aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162
Output = "lorem ipsum"
# positive test case with null truncated ciphertext
+Availablein = default
Decrypt = RSA-2049
Input = 02aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162
Output = "lorem ipsum"
# positive test case with double null padded ciphertext
+Availablein = default
Decrypt = RSA-2049
Input = 0000f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052
Output = "lorem ipsum"
# positive test case with double null truncated ciphertext
+Availablein = default
Decrypt = RSA-2049
Input = f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052
Output = "lorem ipsum"
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# a random negative test case that generates an 11 byte long message
Decrypt = RSA-2049
Input = 00f910200830fc8fff478e99e145f1474b312e2512d0f90b8cef77f8001d09861688c156d1cbaf8a8957f7ebf35f724466952d0524cad48aad4fba1e45ce8ea27e8f3ba44131b7831b62d60c0762661f4c1d1a88cd06263a259abf1ba9e6b0b172069afb86a7e88387726f8ab3adb30bfd6b3f6be6d85d5dfd044e7ef052395474a9cbb1c3667a92780b43a22693015af6c513041bdaf87d43b24ddd244e791eeaea1066e1f4917117b3a468e22e0f7358852bb981248de4d720add2d15dccba6280355935b67c96f9dcb6c419cc38ab9f6fba2d649ef2066e0c34c9f788ae49babd9025fa85b21113e56ce4f43aa134c512b030dd7ac7ce82e76f0be9ce09ebca
Output = 1189b6f5498fd6df532b00
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# otherwise correct plaintext, but with wrong first byte (0x01 instead of 0x00)
Decrypt = RSA-2049
Input = 002c9ddc36ba4cf0038692b2d3a1c61a4bb3786a97ce2e46a3ba74d03158aeef456ce0f4db04dda3fe062268a1711250a18c69778a6280d88e133a16254e1f0e30ce8dac9b57d2e39a2f7d7be3ee4e08aec2fdbe8dadad7fdbf442a29a8fb40857407bf6be35596b8eefb5c2b3f58b894452c2dc54a6123a1a38d642e23751746597e08d71ac92704adc17803b19e131b4d1927881f43b0200e6f95658f559f912c889b4cd51862784364896cd6e8618f485a992f82997ad6a0917e32ae5872eaf850092b2d6c782ad35f487b79682333c1750c685d7d32ab3e1538f31dcaa5e7d5d2825875242c83947308dcf63ba4bfff20334c9c140c837dbdbae7a8dee72ff
Output = f6d0f5b78082fe61c04674
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# otherwise correct plaintext, but with wrong second byte (0x01 instead of 0x02)
Decrypt = RSA-2049
Input = 00c5d77826c1ab7a34d6390f9d342d5dbe848942e2618287952ba0350d7de6726112e9cebc391a0fae1839e2bf168229e3e0d71d4161801509f1f28f6e1487ca52df05c466b6b0a6fbbe57a3268a970610ec0beac39ec0fa67babce1ef2a86bf77466dc127d7d0d2962c20e66593126f276863cd38dc6351428f884c1384f67cad0a0ffdbc2af16711fb68dc559b96b37b4f04cd133ffc7d79c43c42ca4948fa895b9daeb853150c8a5169849b730cc77d68b0217d6c0e3dbf38d751a1998186633418367e7576530566c23d6d4e0da9b038d0bb5169ce40133ea076472d055001f0135645940fd08ea44269af2604c8b1ba225053d6db9ab43577689401bdc0f3
@@ -676,14 +689,14 @@ ooCElYcob01/JWzoXl61Z5sdrMH5CVZJty5foHKu
PrivPubKeyPair = RSA-3072:RSA-3072-PUBLIC
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# a random invalid ciphertext that generates an empty synthetic one
Decrypt = RSA-3072
Input = 5e956cd9652f4a2ece902931013e09662b6a9257ad1e987fb75f73a0606df2a4b04789770820c2e02322c4e826f767bd895734a01e20609c3be4517a7a2a589ea1cdc137beb73eb38dac781b52e863de9620f79f9b90fd5b953651fcbfef4a9f1cc07421d511a87dd6942caab6a5a0f4df473e62defb529a7de1509ab99c596e1dff1320402298d8be73a896cc86c38ae3f2f576e9ea70cc28ad575cb0f854f0be43186baa9c18e29c47c6ca77135db79c811231b7c1730955887d321fdc06568382b86643cf089b10e35ab23e827d2e5aa7b4e99ff2e914f302351819eb4d1693243b35f8bf1d42d08f8ec4acafa35f747a4a975a28643ec630d8e4fa5be59d81995660a14bb64c1fea5146d6b11f92da6a3956dd5cb5e0d747cf2ea23f81617769185336263d46ef4c144b754de62a6337342d6c85a95f19f015724546ee3fc4823eca603dbc1dc01c2d5ed50bd72d8e96df2dc048edde0081284068283fc5e73a6139851abf2f29977d0b3d160c883a42a37efba1be05c1a0b1741d7ddf59
Output =
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# a random invalid that has PRF output with a length one byte too long
# in the last value
Decrypt = RSA-3072
@@ -691,46 +704,51 @@ Input = 7db0390d75fcf9d4c59cf27b264190d8
Output = 56a3bea054e01338be9b7d7957539c
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# a random invalid that generates a synthetic of maximum size
Decrypt = RSA-3072
Input = 1715065322522dff85049800f6a29ab5f98c465020467414b2a44127fe9446da47fa18047900f99afe67c2df6f50160bb8e90bff296610fde632b3859d4d0d2e644f23835028c46cca01b84b88231d7e03154edec6627bcba23de76740d839851fa12d74c8f92e540c73fe837b91b7d699b311997d5f0f7864c486d499c3a79c111faaacbe4799597a25066c6200215c3d158f3817c1aa57f18bdaad0be1658da9da93f5cc6c3c4dd72788af57adbb6a0c26f42d32d95b8a4f95e8c6feb2f8a5d53b19a50a0b7cbc25e055ad03e5ace8f3f7db13e57759f67b65d143f08cca15992c6b2aae643390483de111c2988d4e76b42596266005103c8de6044fb7398eb3c28a864fa672de5fd8774510ff45e05969a11a4c7d3f343e331190d2dcf24fb9154ba904dc94af98afc5774a9617d0418fe6d13f8245c7d7626c176138dd698a23547c25f27c2b98ea4d8a45c7842b81888e4cc14e5b72e9cf91f56956c93dbf2e5f44a8282a7813157fc481ff1371a0f66b31797e81ebdb09a673d4db96d6
Output = 7b036fcd6243900e4236c894e2462c17738acc87e01a76f4d95cb9a328d9acde81650283b8e8f60a217e3bdee835c7b222ad4c85d0acdb9a309bd2a754609a65dec50f3aa04c6d5891034566b9563d42668ede1f8992b17753a2132e28970584e255efc8b45a41c5dbd7567f014acec5fe6fdb6d484790360a913ebb9defcd74ff377f2a8ba46d2ed85f733c9a3da08eb57ecedfafda806778f03c66b2c5d2874cec1c291b2d49eb194c7b5d0dd2908ae90f4843268a2c45563092ade08acb6ab481a08176102fc803fbb2f8ad11b0e1531bd37df543498daf180b12017f4d4d426ca29b4161075534bfb914968088a9d13785d0adc0e2580d3548494b2a9e91605f2b27e6cc701c796f0de7c6f471f6ab6cb9272a1ed637ca32a60d117505d82af3c1336104afb537d01a8f70b510e1eebf4869cb976c419473795a66c7f5e6e20a8094b1bb603a74330c537c5c0698c31538bd2e138c1275a1bdf24c5fa8ab3b7b526324e7918a382d1363b3d463764222150e04
# a positive test case that decrypts to 9 byte long value
+Availablein = default
Decrypt = RSA-3072
Input = 6c60845a854b4571f678941ae35a2ac03f67c21e21146f9db1f2306be9f136453b86ad55647d4f7b5c9e62197aaff0c0e40a3b54c4cde14e774b1c5959b6c2a2302896ffae1f73b00b862a20ff4304fe06cea7ff30ecb3773ca9af27a0b54547350d7c07dfb0a39629c7e71e83fc5af9b2adbaf898e037f1de696a3f328cf45af7ec9aff7173854087fb8fbf34be981efbd8493f9438d1b2ba2a86af082662aa46ae9adfbec51e5f3d9550a4dd1dcb7c8969c9587a6edc82a8cabbc785c40d9fbd12064559fb769450ac3e47e87bc046148130d7eaa843e4b3ccef3675d0630500803cb7ffee3882378c1a404e850c3e20707bb745e42b13c18786c4976076ed9fa8fd0ff15e571bef02cbbe2f90c908ac3734a433b73e778d4d17fcc28f49185ebc6e8536a06d293202d94496453bfdf1c2c7833a3f99fa38ca8a81f42eaa529d603b890308a319c0ab63a35ff8ebac965f6278f5a7e5d622be5d5fe55f0ca3ec993d55430d2bf59c5d3e860e90c16d91a04596f6fdf60d89ed95d88c036dde
Output = "forty two"
# a positive test case with null padded ciphertext
+Availablein = default
Decrypt = RSA-3072
Input = 00f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727
Output = "forty two"
# a positive test case with null truncated ciphertext
+Availablein = default
Decrypt = RSA-3072
Input = f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727
Output = "forty two"
# a positive test case with double null padded ciphertext
+Availablein = default
Decrypt = RSA-3072
Input = 00001ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0
Output = "forty two"
# a positive test case with double null truncated ciphertext
+Availablein = default
Decrypt = RSA-3072
Input = 1ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0
Output = "forty two"
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# a random negative test case that generates a 9 byte long message
Decrypt = RSA-3072
Input = 5c8555f5cef627c15d37f85c7f5fd6e499264ea4b8e3f9112023aeb722eb38d8eac2be3751fd5a3785ab7f2d59fa3728e5be8c3de78a67464e30b21ee23b5484bb3cd06d0e1c6ad25649c8518165653eb80488bfb491b20c04897a6772f69292222fc5ef50b5cf9efc6d60426a449b6c489569d48c83488df629d695653d409ce49a795447fcec2c58a1a672e4a391401d428baaf781516e11e323d302fcf20f6eab2b2dbe53a48c987e407c4d7e1cb41131329138313d330204173a4f3ff06c6fadf970f0ed1005d0b27e35c3d11693e0429e272d583e57b2c58d24315c397856b34485dcb077665592b747f889d34febf2be8fce66c265fd9fc3575a6286a5ce88b4b413a08efc57a07a8f57a999605a837b0542695c0d189e678b53662ecf7c3d37d9dbeea585eebfaf79141118e06762c2381fe27ca6288edddc19fd67cd64f16b46e06d8a59ac530f22cd83cc0bc4e37feb52015cbb2283043ccf5e78a4eb7146827d7a466b66c8a4a4826c1bad68123a7f2d00fc1736525ff90c058f56
Output = 257906ca6de8307728
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# a random negative test case that generates a 9 byte long message based on
# second to last value from PRF
Decrypt = RSA-3072
@@ -738,7 +756,7 @@ Input = 758c215aa6acd61248062b88284bf43c
Output = 043383c929060374ed
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# a random negative test that generates message based on 3rd last value from
# PRF
Decrypt = RSA-3072
@@ -746,35 +764,35 @@ Input = 7b22d5e62d287968c6622171a1f75db4
Output = 70263fa6050534b9e0
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# an otherwise valid plaintext, but with wrong first byte (0x01 instead of 0x00)
Decrypt = RSA-3072
Input = 6db80adb5ff0a768caf1378ecc382a694e7d1bde2eff4ba12c48aaf794ded7a994a5b2b57acec20dbec4ae385c9dd531945c0f197a5496908725fc99d88601a17d3bb0b2d38d2c1c3100f39955a4cb3dbed5a38bf900f23d91e173640e4ec655c84fdfe71fcdb12a386108fcf718c9b7af37d39703e882436224c877a2235e8344fba6c951eb7e2a4d1d1de81fb463ac1b880f6cc0e59ade05c8ce35179ecd09546731fc07b141d3d6b342a97ae747e61a9130f72d37ac5a2c30215b6cbd66c7db893810df58b4c457b4b54f34428247d584e0fa71062446210db08254fb9ead1ba1a393c724bd291f0cf1a7143f32df849051dc896d7d176fef3b57ab6dffd626d0c3044e9edb2e3d012ace202d2581df01bec7e9aa0727a6650dd373d374f0bc0f4a611f8139dfe97d63e70c6188f4df5b672e47c51d8aa567097293fbff127c75ec690b43407578b73c85451710a0cece58fd497d7f7bd36a8a92783ef7dc6265dff52aac8b70340b996508d39217f2783ce6fc91a1cc94bb2ac487b84f62
Output = 6d8d3a094ff3afff4c
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# an otherwise valid plaintext, but with wrong second byte (0x01 instead of 0x02)
Decrypt = RSA-3072
Input = 417328c034458563079a4024817d0150340c34e25ae16dcad690623f702e5c748a6ebb3419ff48f486f83ba9df35c05efbd7f40613f0fc996c53706c30df6bba6dcd4a40825f96133f3c21638a342bd4663dffbd0073980dac47f8c1dd8e97ce1412e4f91f2a8adb1ac2b1071066efe8d718bbb88ca4a59bd61500e826f2365255a409bece0f972df97c3a55e09289ef5fa815a2353ef393fd1aecfc888d611c16aec532e5148be15ef1bf2834b8f75bb26db08b66d2baad6464f8439d1986b533813321dbb180080910f233bcc4dd784fb21871aef41be08b7bfad4ecc3b68f228cb5317ac6ec1227bc7d0e452037ba918ee1da9fdb8393ae93b1e937a8d4691a17871d5092d2384b6190a53df888f65b951b05ed4ad57fe4b0c6a47b5b22f32a7f23c1a234c9feb5d8713d949686760680da4db454f4acad972470033472b9864d63e8d23eefc87ebcf464ecf33f67fbcdd48eab38c5292586b36aef5981ed2fa07b2f9e23fc57d9eb71bfff4111c857e9fff23ceb31e72592e70c874b4936
Output = c6ae80ffa80bc184b0
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# an otherwise valid plaintext, but with zero byte in first byte of padding
Decrypt = RSA-3072
Input = 8542c626fe533467acffcd4e617692244c9b5a3bf0a215c5d64891ced4bf4f9591b4b2aedff9843057986d81631b0acb3704ec2180e5696e8bd15b217a0ec36d2061b0e2182faa3d1c59bd3f9086a10077a3337a3f5da503ec3753535ffd25b837a12f2541afefd0cffb0224b8f874e4bed13949e105c075ed44e287c5ae03b155e06b90ed247d2c07f1ef3323e3508cce4e4074606c54172ad74d12f8c3a47f654ad671104bf7681e5b061862747d9afd37e07d8e0e2291e01f14a95a1bb4cbb47c304ef067595a3947ee2d722067e38a0f046f43ec29cac6a8801c6e3e9a2331b1d45a7aa2c6af3205be382dd026e389614ee095665a611ab2e8dced2ee1c9d08ac9de11aef5b3803fc9a9ce8231ec87b5fed386fb92ee3db995a89307bcba844bd0a691c29ae51216e949dfc813133cb06a07265fd807bcb3377f6adb0a481d9b7f442003115895939773e6b95371c4febef29edae946fa245e7c50729e2e558cfaad773d1fd5f67b457a6d9d17a847c6fcbdb103a86f35f228cefc06cea0
Output = a8a9301daa01bb25c7
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# an otherwise valid plaintext, but with zero byte in eight byte of padding
Decrypt = RSA-3072
Input = 449dfa237a70a99cb0351793ec8677882021c2aa743580bf6a0ea672055cffe8303ac42855b1d1f3373aae6af09cb9074180fc963e9d1478a4f98b3b4861d3e7f0aa8560cf603711f139db77667ca14ba3a1acdedfca9ef4603d6d7eb0645bfc805304f9ad9d77d34762ce5cd84bd3ec9d35c30e3be72a1e8d355d5674a141b5530659ad64ebb6082e6f73a80832ab6388912538914654d34602f4b3b1c78589b4a5d964b2efcca1dc7004c41f6cafcb5a7159a7fc7c0398604d0edbd4c8f4f04067da6a153a05e7cbeea13b5ee412400ef7d4f3106f4798da707ec37a11286df2b7a204856d5ff773613fd1e453a7114b78e347d3e8078e1cb3276b3562486ba630bf719697e0073a123c3e60ebb5c7a1ccff4279faffa2402bc1109f8d559d6766e73591943dfcf25ba10c3762f02af85187799b8b4b135c3990793a6fd32642f1557405ba55cc7cf7336a0e967073c5fa50743f9cc5e3017c172d9898d2af83345e71b3e0c22ab791eacb6484a32ec60ebc226ec9deaee91b1a0560c2b571
Output = 6c716fe01d44398018
# The old FIPS provider doesn't include the workaround (#13817)
-FIPSversion = >=3.2.0
+Availablein = default
# an otherwise valid plaintext, but with null separator missing
Decrypt = RSA-3072
Input = a7a5c99e50da48769ecb779d9abe86ef9ec8c38c6f43f17c7f2d7af608a4a1bd6cf695b47e97c191c61fb5a27318d02f495a176b9fae5a55b5d3fabd1d8aae4957e3879cb0c60f037724e11be5f30f08fc51c033731f14b44b414d11278cd3dba7e1c8bfe208d2b2bb7ec36366dacb6c88b24cd79ab394adf19dbbc21dfa5788bacbadc6a62f79cf54fd8cf585c615b5c0eb94c35aa9de25321c8ffefb8916bbaa2697cb2dd82ee98939df9b6704cee77793edd2b4947d82e00e5749664970736c59a84197bd72b5c71e36aae29cd39af6ac73a368edbc1ca792e1309f442aafcd77c992c88f8e4863149f221695cb7b0236e75b2339a02c4ea114854372c306b9412d8eedb600a31532002f2cea07b4df963a093185e4607732e46d753b540974fb5a5c3f9432df22e85bb17611370966c5522fd23f2ad3484341ba7fd8885fc8e6d379a611d13a2aca784fba2073208faad2137bf1979a0fa146c1880d4337db3274269493bab44a1bcd0681f7227ffdf589c2e925ed9d36302509d1109ba4
@@ -1153,36 +1171,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mN
h90qjKHS9PvY4Q==
-----END PRIVATE KEY-----
@@ -151,7 +535,7 @@ index 8680797b90..95d5d51102 100644
Decrypt=RSA-OAEP-1
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -673,36 +679,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64e2EbcTLLfqc1bCMVHB53UVB8
@@ -1207,36 +1231,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64
eG2e4XlBcKjI6A==
-----END PRIVATE KEY-----
@@ -194,7 +578,7 @@ index 8680797b90..95d5d51102 100644
Decrypt=RSA-OAEP-2
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -727,36 +739,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+WJ9N6z/c8J3nmNLsmARwsj38z
@@ -1261,36 +1291,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+W
Ya4qnqZe1onjY5o=
-----END PRIVATE KEY-----
@@ -237,7 +621,7 @@ index 8680797b90..95d5d51102 100644
Decrypt=RSA-OAEP-3
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -781,36 +799,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/kSbj6XloJ5qGWywrQmUkz8Uq
@@ -1315,36 +1351,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/
aD0x7TDrmEvkEro=
-----END PRIVATE KEY-----
@@ -280,7 +664,7 @@ index 8680797b90..95d5d51102 100644
Decrypt=RSA-OAEP-4
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -835,36 +859,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/GOeBWKNKXF1fhgoPbAQHGn0B
@@ -1369,36 +1411,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/
MSwGUGLx60i3nRyDyw==
-----END PRIVATE KEY-----
@@ -323,7 +707,7 @@ index 8680797b90..95d5d51102 100644
Decrypt=RSA-OAEP-5
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -889,36 +919,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hqziQG4iyeBY3bSuVAYnri/bCC
@@ -1423,36 +1471,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hq
Yejn5Ly8mU2q+jBcRQ==
-----END PRIVATE KEY-----
@@ -366,7 +750,7 @@ index 8680797b90..95d5d51102 100644
Decrypt=RSA-OAEP-6
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -943,36 +979,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4ohPIOWIGzfukQi8Y1vYdvLXS
@@ -1477,36 +1531,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4
FMlxv0gq65dqc3DC
-----END PRIVATE KEY-----
@@ -409,7 +793,7 @@ index 8680797b90..95d5d51102 100644
Decrypt=RSA-OAEP-7
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -997,36 +1039,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15EtXgyL2QF1iEdoZUZZmqof9xM
@@ -1531,36 +1591,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15E
2MiPa249Z+lh3Luj0A==
-----END PRIVATE KEY-----
@@ -452,7 +836,7 @@ index 8680797b90..95d5d51102 100644
Decrypt=RSA-OAEP-8
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
@@ -1057,36 +1105,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSckFlJCf6zfby2VL63Jo7IAeWo
@@ -1591,36 +1657,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSc
tKo5Eb69iFQvBb4=
-----END PRIVATE KEY-----
@@ -495,11 +879,11 @@ index 8680797b90..95d5d51102 100644
Decrypt=RSA-OAEP-9
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index cbec426137..9ba7fbeed2 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -233,7 +233,7 @@ my @smime_pkcs7_tests = (
Index: openssl-3.2.3/test/recipes/80-test_cms.t
===================================================================
--- openssl-3.2.3.orig/test/recipes/80-test_cms.t
+++ openssl-3.2.3/test/recipes/80-test_cms.t
@@ -235,7 +235,7 @@ my @smime_pkcs7_tests = (
\&final_compare
],
@@ -508,7 +892,7 @@ index cbec426137..9ba7fbeed2 100644
[ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
"-aes256", "-stream", "-out", "{output}.cms",
$smrsa1,
@@ -1022,6 +1022,9 @@ sub check_availability {
@@ -1125,6 +1125,9 @@ sub check_availability {
return "$tnam: skipped, DSA disabled\n"
if ($no_dsa && $tnam =~ / DSA/);
@@ -518,30 +902,30 @@ index cbec426137..9ba7fbeed2 100644
return "";
}
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index e2dcb68fb5..0775112b40 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -493,6 +493,18 @@ sub testssl {
Index: openssl-3.2.3/test/recipes/80-test_ssl_old.t
===================================================================
--- openssl-3.2.3.orig/test/recipes/80-test_ssl_old.t
+++ openssl-3.2.3/test/recipes/80-test_ssl_old.t
@@ -497,6 +497,18 @@ sub testssl {
# the default choice if TLSv1.3 enabled
my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
my $ciphersuites = "";
+ my %suse_skip_cipher = map {$_ => 1} qw(
+AES256-GCM-SHA384:@SECLEVEL=0
+AES256-CCM8:@SECLEVEL=0
+AES256-CCM:@SECLEVEL=0
+AES128-GCM-SHA256:@SECLEVEL=0
+AES128-CCM8:@SECLEVEL=0
+AES128-CCM:@SECLEVEL=0
+AES256-SHA256:@SECLEVEL=0
+AES128-SHA256:@SECLEVEL=0
+AES256-SHA:@SECLEVEL=0
+AES128-SHA:@SECLEVEL=0
+ my %FIPS_skip_cipher = map {$_ => 1} qw(
+ AES256-GCM-SHA384:@SECLEVEL=0
+ AES256-CCM8:@SECLEVEL=0
+ AES256-CCM:@SECLEVEL=0
+ AES128-GCM-SHA256:@SECLEVEL=0
+ AES128-CCM8:@SECLEVEL=0
+ AES128-CCM:@SECLEVEL=0
+ AES256-SHA256:@SECLEVEL=0
+ AES128-SHA256:@SECLEVEL=0
+ AES256-SHA:@SECLEVEL=0
+ AES128-SHA:@SECLEVEL=0
+ );
foreach my $cipher (@{$ciphersuites{$protocol}}) {
if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
note "*****SKIPPING $protocol $cipher";
@@ -504,11 +516,16 @@ sub testssl {
@@ -508,11 +520,16 @@ sub testssl {
} else {
$cipher = $cipher.':@SECLEVEL=0';
}
@@ -550,7 +934,7 @@ index e2dcb68fb5..0775112b40 100644
- "-ciphersuites", $ciphersuites,
- $flag || ()])),
- "Testing $cipher");
+ if ($provider eq "fips" && exists $suse_skip_cipher{$cipher}) {
+ if ($provider eq "fips" && exists $FIPS_skip_cipher{$cipher}) {
+ note "*****SKIPPING $cipher in SUSE FIPS mode";
+ ok(1);
+ } else {
@@ -563,6 +947,3 @@ index e2dcb68fb5..0775112b40 100644
}
}
next if $protocol eq "-tls1_3";
--
2.41.0

27
openssl-FIPS-release_num_in_version_string.patch
View File

@@ -1,27 +0,0 @@
Index: openssl-3.1.4/providers/fips/fipsprov.c
===================================================================
--- openssl-3.1.4.orig/providers/fips/fipsprov.c
+++ openssl-3.1.4/providers/fips/fipsprov.c
@@ -194,18 +194,19 @@ static const OSSL_PARAM *fips_gettable_p
static int fips_get_params(void *provctx, OSSL_PARAM params[])
{
+#define SUSE_OPENSSL_VERSION_STR OPENSSL_VERSION_STR " SUSE release " SUSE_OPENSSL_RELEASE
OSSL_PARAM *p;
FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(ossl_prov_ctx_get0_libctx(provctx),
OSSL_LIB_CTX_FIPS_PROV_INDEX);
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "SUSE Linux Enterprise - OpenSSL FIPS Provider"))
return 0;
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, SUSE_OPENSSL_VERSION_STR))
return 0;
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, SUSE_OPENSSL_VERSION_STR))
return 0;
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS);
if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running()))

257
openssl-FIPS-services-minimize.patch
View File

@@ -1,12 +1,13 @@
From a9dc983f82cabe29d6b48f3af3e30e26074ce5cf Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Mon, 21 Aug 2023 12:55:57 +0200
Subject: [PATCH 21/48] 0045-FIPS-services-minimize.patch
From e25b25227043a2b2cf156527c31d7686a4265bf3 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Wed, 6 Mar 2024 19:17:15 +0100
Subject: [PATCH 20/49] 0045-FIPS-services-minimize.patch
Patch-name: 0045-FIPS-services-minimize.patch
Patch-id: 45
Patch-status: |
# Minimize fips services
# # Minimize fips services
From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
---
apps/ecparam.c | 7 +++
apps/req.c | 2 +-
@@ -20,16 +21,16 @@ Patch-status: |
test/evp_libctx_test.c | 9 +++-
test/recipes/15-test_gendsa.t | 2 +-
test/recipes/20-test_cli_fips.t | 3 +-
test/recipes/30-test_evp.t | 16 +++----
test/recipes/30-test_evp.t | 20 ++++-----
.../30-test_evp_data/evpmac_common.txt | 22 ++++++++++
test/recipes/80-test_cms.t | 22 +++++-----
test/recipes/80-test_ssl_old.t | 2 +-
16 files changed, 128 insertions(+), 47 deletions(-)
16 files changed, 128 insertions(+), 51 deletions(-)
Index: openssl-3.1.7/apps/ecparam.c
Index: openssl-3.2.3/apps/ecparam.c
===================================================================
--- openssl-3.1.7.orig/apps/ecparam.c
+++ openssl-3.1.7/apps/ecparam.c
--- openssl-3.2.3.orig/apps/ecparam.c
+++ openssl-3.2.3/apps/ecparam.c
@@ -79,6 +79,13 @@ static int list_builtin_curves(BIO *out)
const char *comment = curves[n].comment;
const char *sname = OBJ_nid2sn(curves[n].nid);
@@ -44,11 +45,11 @@ Index: openssl-3.1.7/apps/ecparam.c
if (comment == NULL)
comment = "CURVE DESCRIPTION NOT AVAILABLE";
if (sname == NULL)
Index: openssl-3.1.7/apps/req.c
Index: openssl-3.2.3/apps/req.c
===================================================================
--- openssl-3.1.7.orig/apps/req.c
+++ openssl-3.1.7/apps/req.c
@@ -266,7 +266,7 @@ int req_main(int argc, char **argv)
--- openssl-3.2.3.orig/apps/req.c
+++ openssl-3.2.3/apps/req.c
@@ -268,7 +268,7 @@ int req_main(int argc, char **argv)
unsigned long chtype = MBSTRING_ASC, reqflag = 0;
#ifndef OPENSSL_NO_DES
@@ -56,12 +57,12 @@ Index: openssl-3.1.7/apps/req.c
+ cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
#endif
prog = opt_init(argc, argv, req_options);
Index: openssl-3.1.7/providers/common/capabilities.c
opt_set_unknown_name("digest");
Index: openssl-3.2.3/providers/common/capabilities.c
===================================================================
--- openssl-3.1.7.orig/providers/common/capabilities.c
+++ openssl-3.1.7/providers/common/capabilities.c
@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list
--- openssl-3.2.3.orig/providers/common/capabilities.c
+++ openssl-3.2.3/providers/common/capabilities.c
@@ -189,9 +189,9 @@ static const OSSL_PARAM param_group_list
TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25),
TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26),
TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27),
@@ -69,14 +70,37 @@ Index: openssl-3.1.7/providers/common/capabilities.c
TLS_GROUP_ENTRY("x25519", "X25519", "X25519", 28),
TLS_GROUP_ENTRY("x448", "X448", "X448", 29),
+# endif
# endif /* OPENSSL_NO_EC */
# ifndef OPENSSL_NO_DH
/* Security bit values for FFDHE groups are as per RFC 7919 */
Index: openssl-3.1.7/providers/fips/fipsprov.c
# ifndef FIPS_MODULE
TLS_GROUP_ENTRY("brainpoolP256r1tls13", "brainpoolP256r1", "EC", 30),
TLS_GROUP_ENTRY("brainpoolP384r1tls13", "brainpoolP384r1", "EC", 31),
Index: openssl-3.2.3/providers/fips/fipsprov.c
===================================================================
--- openssl-3.1.7.orig/providers/fips/fipsprov.c
+++ openssl-3.1.7/providers/fips/fipsprov.c
@@ -298,10 +298,11 @@ static const OSSL_ALGORITHM fips_digests
--- openssl-3.2.3.orig/providers/fips/fipsprov.c
+++ openssl-3.2.3/providers/fips/fipsprov.c
@@ -194,18 +194,19 @@ static const OSSL_PARAM *fips_gettable_p
static int fips_get_params(void *provctx, OSSL_PARAM params[])
{
+#define SUSE_OPENSSL_VERSION_STR OPENSSL_VERSION_STR " SUSE release " SUSE_OPENSSL_RELEASE
OSSL_PARAM *p;
FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(ossl_prov_ctx_get0_libctx(provctx),
OSSL_LIB_CTX_FIPS_PROV_INDEX);
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "SUSE Linux Enterprise - OpenSSL FIPS Provider"))
return 0;
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, SUSE_OPENSSL_VERSION_STR))
return 0;
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, SUSE_OPENSSL_VERSION_STR))
return 0;
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS);
if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running()))
@@ -298,10 +299,11 @@ static const OSSL_ALGORITHM fips_digests
* KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
* KMAC128 and KMAC256.
*/
@@ -90,7 +114,7 @@ Index: openssl-3.1.7/providers/fips/fipsprov.c
{ NULL, NULL, NULL }
};
@@ -360,8 +361,9 @@ static const OSSL_ALGORITHM_CAPABLE fips
@@ -360,8 +362,9 @@ static const OSSL_ALGORITHM_CAPABLE fips
ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions,
ossl_cipher_capable_aes_cbc_hmac_sha256),
#ifndef OPENSSL_NO_DES
@@ -102,7 +126,7 @@ Index: openssl-3.1.7/providers/fips/fipsprov.c
#endif /* OPENSSL_NO_DES */
{ { NULL, NULL, NULL }, NULL }
};
@@ -373,8 +375,9 @@ static const OSSL_ALGORITHM fips_macs[]
@@ -373,8 +376,9 @@ static const OSSL_ALGORITHM fips_macs[]
#endif
{ PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions },
{ PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions },
@@ -114,38 +138,39 @@ Index: openssl-3.1.7/providers/fips/fipsprov.c
{ NULL, NULL, NULL }
};
@@ -409,8 +412,9 @@ static const OSSL_ALGORITHM fips_keyexch
#endif
@@ -410,8 +414,9 @@ static const OSSL_ALGORITHM fips_keyexch
#ifndef OPENSSL_NO_EC
{ PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions },
# ifndef OPENSSL_NO_ECX
- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions },
- { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },
+ /* We don't certify Edwards curves in our FIPS provider */
+ /*{ PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions },
+ { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },*/
# endif
#endif
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES,
ossl_kdf_tls1_prf_keyexch_functions },
@@ -420,13 +424,15 @@ static const OSSL_ALGORITHM fips_keyexch
@@ -422,14 +427,16 @@ static const OSSL_ALGORITHM fips_keyexch
static const OSSL_ALGORITHM fips_signature[] = {
#ifndef OPENSSL_NO_DSA
- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },
+ /* We don't certify DSA in our FIPS provider */
+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, */
+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },*/
#endif
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions },
#ifndef OPENSSL_NO_EC
# ifndef OPENSSL_NO_ECX
- { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES,
+ /* We don't certify Edwards curves in our FIPS provider */
+ /* { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES,
ossl_ed25519_signature_functions },
- { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },
+ { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions }, */
+ { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },*/
# endif
{ PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions },
#endif
{ PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES,
@@ -456,8 +462,9 @@ static const OSSL_ALGORITHM fips_keymgmt
@@ -460,8 +467,9 @@ static const OSSL_ALGORITHM fips_keymgmt
PROV_DESCS_DHX },
#endif
#ifndef OPENSSL_NO_DSA
@@ -157,10 +182,10 @@ Index: openssl-3.1.7/providers/fips/fipsprov.c
#endif
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions,
PROV_DESCS_RSA },
@@ -466,14 +473,15 @@ static const OSSL_ALGORITHM fips_keymgmt
#ifndef OPENSSL_NO_EC
@@ -471,14 +479,15 @@ static const OSSL_ALGORITHM fips_keymgmt
{ PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions,
PROV_DESCS_EC },
# ifndef OPENSSL_NO_ECX
- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions,
+ /* We don't certify Edwards curves in our FIPS provider */
+ /* { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions,
@@ -172,13 +197,13 @@ Index: openssl-3.1.7/providers/fips/fipsprov.c
{ PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_keymgmt_functions,
- PROV_DESCS_ED448 },
+ PROV_DESCS_ED448 }, */
# endif
#endif
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions,
PROV_DESCS_TLS1_PRF_SIGN },
Index: openssl-3.1.7/providers/fips/self_test_data.inc
Index: openssl-3.2.3/providers/fips/self_test_data.inc
===================================================================
--- openssl-3.1.7.orig/providers/fips/self_test_data.inc
+++ openssl-3.1.7/providers/fips/self_test_data.inc
--- openssl-3.2.3.orig/providers/fips/self_test_data.inc
+++ openssl-3.2.3/providers/fips/self_test_data.inc
@@ -177,6 +177,7 @@ static const ST_KAT_DIGEST st_kat_digest
/*- CIPHER TEST DATA */
@@ -231,11 +256,11 @@ Index: openssl-3.1.7/providers/fips/self_test_data.inc
};
static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = {
Index: openssl-3.1.7/providers/implementations/signature/rsa_sig.c
Index: openssl-3.2.3/providers/implementations/signature/rsa_sig.c
===================================================================
--- openssl-3.1.7.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.1.7/providers/implementations/signature/rsa_sig.c
@@ -705,6 +705,14 @@ static int rsa_verify_recover(void *vprs
--- openssl-3.2.3.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.2.3/providers/implementations/signature/rsa_sig.c
@@ -702,6 +702,19 @@ static int rsa_verify_recover(void *vprs
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
int ret;
@@ -243,14 +268,19 @@ Index: openssl-3.1.7/providers/implementations/signature/rsa_sig.c
+ size_t rsabits = RSA_bits(prsactx->rsa);
+
+ if (rsabits < 2048) {
+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ if (rsabits != 1024
+ && rsabits != 1280
+ && rsabits != 1536
+ && rsabits != 1792) {
+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
+ }
+# endif
if (!ossl_prov_is_running())
return 0;
@@ -793,6 +801,14 @@ static int rsa_verify(void *vprsactx, co
@@ -790,6 +803,19 @@ static int rsa_verify(void *vprsactx, co
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
size_t rslen;
@@ -258,17 +288,22 @@ Index: openssl-3.1.7/providers/implementations/signature/rsa_sig.c
+ size_t rsabits = RSA_bits(prsactx->rsa);
+
+ if (rsabits < 2048) {
+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ if (rsabits != 1024
+ && rsabits != 1280
+ && rsabits != 1536
+ && rsabits != 1792) {
+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
+ }
+# endif
if (!ossl_prov_is_running())
return 0;
Index: openssl-3.1.7/ssl/ssl_ciph.c
Index: openssl-3.2.3/ssl/ssl_ciph.c
===================================================================
--- openssl-3.1.7.orig/ssl/ssl_ciph.c
+++ openssl-3.1.7/ssl/ssl_ciph.c
--- openssl-3.2.3.orig/ssl/ssl_ciph.c
+++ openssl-3.2.3/ssl/ssl_ciph.c
@@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx)
ctx->disabled_mkey_mask = 0;
ctx->disabled_auth_mask = 0;
@@ -278,12 +313,12 @@ Index: openssl-3.1.7/ssl/ssl_ciph.c
+
/*
* We ignore any errors from the fetches below. They are expected to fail
* if theose algorithms are not available.
Index: openssl-3.1.7/test/acvp_test.c
* if these algorithms are not available.
Index: openssl-3.2.3/test/acvp_test.c
===================================================================
--- openssl-3.1.7.orig/test/acvp_test.c
+++ openssl-3.1.7/test/acvp_test.c
@@ -1476,6 +1476,7 @@ int setup_tests(void)
--- openssl-3.2.3.orig/test/acvp_test.c
+++ openssl-3.2.3/test/acvp_test.c
@@ -1478,6 +1478,7 @@ int setup_tests(void)
OSSL_NELEM(dh_safe_prime_keyver_data));
#endif /* OPENSSL_NO_DH */
@@ -291,7 +326,7 @@ Index: openssl-3.1.7/test/acvp_test.c
#ifndef OPENSSL_NO_DSA
ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
@@ -1483,6 +1484,7 @@ int setup_tests(void)
@@ -1485,6 +1486,7 @@ int setup_tests(void)
ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
#endif /* OPENSSL_NO_DSA */
@@ -299,10 +334,10 @@ Index: openssl-3.1.7/test/acvp_test.c
#ifndef OPENSSL_NO_EC
ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
Index: openssl-3.1.7/test/endecode_test.c
Index: openssl-3.2.3/test/endecode_test.c
===================================================================
--- openssl-3.1.7.orig/test/endecode_test.c
+++ openssl-3.1.7/test/endecode_test.c
--- openssl-3.2.3.orig/test/endecode_test.c
+++ openssl-3.2.3/test/endecode_test.c
@@ -1424,6 +1424,7 @@ int setup_tests(void)
* so no legacy tests.
*/
@@ -332,10 +367,10 @@ Index: openssl-3.1.7/test/endecode_test.c
/*
* ED25519, ED448, X25519 and X448 have no support for
* PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
Index: openssl-3.1.7/test/evp_libctx_test.c
Index: openssl-3.2.3/test/evp_libctx_test.c
===================================================================
--- openssl-3.1.7.orig/test/evp_libctx_test.c
+++ openssl-3.1.7/test/evp_libctx_test.c
--- openssl-3.2.3.orig/test/evp_libctx_test.c
+++ openssl-3.2.3/test/evp_libctx_test.c
@@ -21,6 +21,7 @@
*/
#include "internal/deprecated.h"
@@ -366,10 +401,10 @@ Index: openssl-3.1.7/test/evp_libctx_test.c
#endif
return 1;
}
Index: openssl-3.1.7/test/recipes/15-test_gendsa.t
Index: openssl-3.2.3/test/recipes/15-test_gendsa.t
===================================================================
--- openssl-3.1.7.orig/test/recipes/15-test_gendsa.t
+++ openssl-3.1.7/test/recipes/15-test_gendsa.t
--- openssl-3.2.3.orig/test/recipes/15-test_gendsa.t
+++ openssl-3.2.3/test/recipes/15-test_gendsa.t
@@ -24,7 +24,7 @@ use lib bldtop_dir('.');
plan skip_all => "This test is unsupported in a no-dsa build"
if disabled("dsa");
@@ -379,10 +414,10 @@ Index: openssl-3.1.7/test/recipes/15-test_gendsa.t
plan tests =>
($no_fips ? 0 : 2) # FIPS related tests
Index: openssl-3.1.7/test/recipes/20-test_cli_fips.t
Index: openssl-3.2.3/test/recipes/20-test_cli_fips.t
===================================================================
--- openssl-3.1.7.orig/test/recipes/20-test_cli_fips.t
+++ openssl-3.1.7/test/recipes/20-test_cli_fips.t
--- openssl-3.2.3.orig/test/recipes/20-test_cli_fips.t
+++ openssl-3.2.3/test/recipes/20-test_cli_fips.t
@@ -278,8 +278,7 @@ SKIP: {
}
@@ -393,11 +428,11 @@ Index: openssl-3.1.7/test/recipes/20-test_cli_fips.t
subtest DSA => sub {
my $testtext_prefix = 'DSA';
Index: openssl-3.1.7/test/recipes/30-test_evp.t
Index: openssl-3.2.3/test/recipes/30-test_evp.t
===================================================================
--- openssl-3.1.7.orig/test/recipes/30-test_evp.t
+++ openssl-3.1.7/test/recipes/30-test_evp.t
@@ -42,10 +42,8 @@ my @files = qw(
--- openssl-3.2.3.orig/test/recipes/30-test_evp.t
+++ openssl-3.2.3/test/recipes/30-test_evp.t
@@ -46,10 +46,8 @@ my @files = qw(
evpciph_aes_cts.txt
evpciph_aes_wrap.txt
evpciph_aes_stitched.txt
@@ -408,7 +443,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp.t
evpkdf_pbkdf1.txt
evpkdf_pbkdf2.txt
evpkdf_ss.txt
@@ -66,12 +64,6 @@ push @files, qw(
@@ -70,15 +68,6 @@ push @files, qw(
evppkey_dh.txt
) unless $no_dh;
push @files, qw(
@@ -416,12 +451,15 @@ Index: openssl-3.1.7/test/recipes/30-test_evp.t
- evpmac_cmac_des.txt
- ) unless $no_des;
-push @files, qw(evppkey_dsa.txt) unless $no_dsa;
-push @files, qw(evppkey_ecx.txt) unless $no_ec;
-push @files, qw(
- evppkey_ecx.txt
- evppkey_mismatch_ecx.txt
- ) unless $no_ecx;
-push @files, qw(
evppkey_ecc.txt
evppkey_ecdh.txt
evppkey_ecdsa.txt
@@ -91,6 +83,7 @@ my @defltfiles = qw(
@@ -97,6 +86,7 @@ my @defltfiles = qw(
evpciph_cast5.txt
evpciph_chacha.txt
evpciph_des.txt
@@ -429,7 +467,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp.t
evpciph_idea.txt
evpciph_rc2.txt
evpciph_rc4.txt
@@ -114,10 +107,17 @@ my @defltfiles = qw(
@@ -121,13 +111,19 @@ my @defltfiles = qw(
evpmd_whirlpool.txt
evppbe_scrypt.txt
evppbe_pkcs12.txt
@@ -445,13 +483,16 @@ Index: openssl-3.1.7/test/recipes/30-test_evp.t
+ evpmac_cmac_des.txt
+ ) unless $no_des;
push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec;
-push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa;
push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv;
push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv;
Index: openssl-3.2.3/test/recipes/30-test_evp_data/evpmac_common.txt
===================================================================
--- openssl-3.1.7.orig/test/recipes/30-test_evp_data/evpmac_common.txt
+++ openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
@@ -340,6 +340,7 @@ IV = 7AE8E2CA4EC500012E58495C
--- openssl-3.2.3.orig/test/recipes/30-test_evp_data/evpmac_common.txt
+++ openssl-3.2.3/test/recipes/30-test_evp_data/evpmac_common.txt
@@ -363,6 +363,7 @@ IV = 7AE8E2CA4EC500012E58495C
Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007
Result = MAC_INIT_ERROR
@@ -459,7 +500,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
Title = KMAC Tests (From NIST)
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
@@ -350,12 +351,14 @@ Ctrl = xof:0
@@ -373,12 +374,14 @@ Ctrl = xof:0
OutputSize = 32
BlockSize = 168
@@ -474,7 +515,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -363,6 +366,7 @@ Custom = "My Tagged Application"
@@ -386,6 +389,7 @@ Custom = "My Tagged Application"
Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230
Ctrl = size:32
@@ -482,7 +523,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
@@ -371,12 +375,14 @@ Output = 20C570C31346F703C9AC36C61C03CB6
@@ -394,12 +398,14 @@ Output = 20C570C31346F703C9AC36C61C03CB6
OutputSize = 64
BlockSize = 136
@@ -497,7 +538,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -386,12 +392,14 @@ Ctrl = size:64
@@ -409,12 +415,14 @@ Ctrl = size:64
Title = KMAC XOF Tests (From NIST)
@@ -512,7 +553,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
@@ -399,6 +407,7 @@ Custom = "My Tagged Application"
@@ -422,6 +430,7 @@ Custom = "My Tagged Application"
Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
XOF = 1
@@ -520,7 +561,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -407,6 +416,7 @@ Output = 47026C7CD793084AA0283C253EF6584
@@ -430,6 +439,7 @@ Output = 47026C7CD793084AA0283C253EF6584
XOF = 1
Ctrl = size:32
@@ -528,7 +569,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
@@ -414,6 +424,7 @@ Custom = "My Tagged Application"
@@ -437,6 +447,7 @@ Custom = "My Tagged Application"
Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
XOF = 1
@@ -536,7 +577,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -421,6 +432,7 @@ Custom = ""
@@ -444,6 +455,7 @@ Custom = ""
Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
XOF = 1
@@ -544,7 +585,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -431,6 +443,7 @@ XOF = 1
@@ -454,6 +466,7 @@ XOF = 1
Title = KMAC long customisation string (from NIST ACVP)
@@ -552,7 +593,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
MAC = KMAC256
Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
@@ -441,12 +454,14 @@ XOF = 1
@@ -464,12 +477,14 @@ XOF = 1
Title = KMAC XOF Tests via ctrl (From NIST)
@@ -567,7 +608,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
@@ -454,6 +469,7 @@ Custom = "My Tagged Application"
@@ -477,6 +492,7 @@ Custom = "My Tagged Application"
Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
Ctrl = xof:1
@@ -575,7 +616,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -462,6 +478,7 @@ Output = 47026C7CD793084AA0283C253EF6584
@@ -485,6 +501,7 @@ Output = 47026C7CD793084AA0283C253EF6584
Ctrl = xof:1
Ctrl = size:32
@@ -583,7 +624,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 00010203
@@ -469,6 +486,7 @@ Custom = "My Tagged Application"
@@ -492,6 +509,7 @@ Custom = "My Tagged Application"
Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
Ctrl = xof:1
@@ -591,7 +632,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -476,6 +494,7 @@ Custom = ""
@@ -499,6 +517,7 @@ Custom = ""
Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
Ctrl = xof:1
@@ -599,7 +640,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -486,6 +505,7 @@ Ctrl = xof:1
@@ -509,6 +528,7 @@ Ctrl = xof:1
Title = KMAC long customisation string via ctrl (from NIST ACVP)
@@ -607,7 +648,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
MAC = KMAC256
Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
@@ -496,6 +516,7 @@ Ctrl = xof:1
@@ -519,6 +539,7 @@ Ctrl = xof:1
Title = KMAC long customisation string negative test
@@ -615,7 +656,7 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
MAC = KMAC128
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
@@ -504,6 +525,7 @@ Result = MAC_INIT_ERROR
@@ -527,6 +548,7 @@ Result = MAC_INIT_ERROR
Title = KMAC output is too large
@@ -623,10 +664,10 @@ Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt
MAC = KMAC256
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
Index: openssl-3.1.7/test/recipes/80-test_cms.t
Index: openssl-3.2.3/test/recipes/80-test_cms.t
===================================================================
--- openssl-3.1.7.orig/test/recipes/80-test_cms.t
+++ openssl-3.1.7/test/recipes/80-test_cms.t
--- openssl-3.2.3.orig/test/recipes/80-test_cms.t
+++ openssl-3.2.3/test/recipes/80-test_cms.t
@@ -96,7 +96,7 @@ my @smime_pkcs7_tests = (
\&final_compare
],
@@ -726,10 +767,10 @@ Index: openssl-3.1.7/test/recipes/80-test_cms.t
[ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
"-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
"-stream", "-out", "{output}.cms" ],
Index: openssl-3.1.7/test/recipes/80-test_ssl_old.t
Index: openssl-3.2.3/test/recipes/80-test_ssl_old.t
===================================================================
--- openssl-3.1.7.orig/test/recipes/80-test_ssl_old.t
+++ openssl-3.1.7/test/recipes/80-test_ssl_old.t
--- openssl-3.2.3.orig/test/recipes/80-test_ssl_old.t
+++ openssl-3.2.3/test/recipes/80-test_ssl_old.t
@@ -436,7 +436,7 @@ sub testssl {
my @exkeys = ();
my $ciphers = '-PSK:-SRP:@SECLEVEL=0';

74
openssl-FIPS-signature-Add-indicator-for-PSS-salt-length.patch
View File

@@ -45,11 +45,11 @@ Signed-off-by: Clemens Lang <cllang@redhat.com>
util/perl/OpenSSL/paramnames.pm | 23 ++++++++++---------
3 files changed, 37 insertions(+), 11 deletions(-)
Index: openssl-3.1.4/include/openssl/evp.h
Index: openssl-3.2.3/include/openssl/evp.h
===================================================================
--- openssl-3.1.4.orig/include/openssl/evp.h
+++ openssl-3.1.4/include/openssl/evp.h
@@ -801,6 +801,10 @@ __owur int EVP_CipherFinal(EVP_CIPHER_CT
--- openssl-3.2.3.orig/include/openssl/evp.h
+++ openssl-3.2.3/include/openssl/evp.h
@@ -804,6 +804,10 @@ __owur int EVP_CipherFinal(EVP_CIPHER_CT
__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
int *outl);
@@ -60,11 +60,11 @@ Index: openssl-3.1.4/include/openssl/evp.h
__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
EVP_PKEY *pkey);
__owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
Index: openssl-3.2.3/providers/implementations/signature/rsa_sig.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.1.4/providers/implementations/signature/rsa_sig.c
@@ -1167,6 +1167,24 @@ static int rsa_get_ctx_params(void *vprs
--- openssl-3.2.3.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.2.3/providers/implementations/signature/rsa_sig.c
@@ -1185,6 +1185,24 @@ static int rsa_get_ctx_params(void *vprs
}
}
@@ -89,7 +89,7 @@ Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
return 1;
}
@@ -1176,6 +1194,9 @@ static const OSSL_PARAM known_gettable_c
@@ -1194,6 +1212,9 @@ static const OSSL_PARAM known_gettable_c
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0),
@@ -99,51 +99,15 @@ Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
OSSL_PARAM_END
};
Index: openssl-3.1.4/include/openssl/core_names.h
Index: openssl-3.2.3/util/perl/OpenSSL/paramnames.pm
===================================================================
--- openssl-3.1.4.orig/include/openssl/core_names.h
+++ openssl-3.1.4/include/openssl/core_names.h
@@ -458,6 +458,7 @@ extern "C" {
#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES \
OSSL_PKEY_PARAM_MGF1_PROPERTIES
#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
+#define OSSL_SIGNATURE_PARAM_SUSE_FIPS_INDICATOR "suse-fips-indicator"
/* Asym cipher parameters */
#define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
Index: openssl-3.1.4/providers/implementations/signature/rsa_sig.c
===================================================================
--- openssl-3.1.4.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.1.4/providers/implementations/signature/rsa_sig.c
@@ -696,8 +696,13 @@ static int rsa_verify_recover(void *vprs
size_t rsabits = RSA_bits(prsactx->rsa);
if (rsabits < 2048) {
- ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
- return 0;
+ if (rsabits != 1024
+ && rsabits != 1280
+ && rsabits != 1536
+ && rsabits != 1792) {
+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
}
# endif
@@ -792,8 +797,13 @@ static int rsa_verify(void *vprsactx, co
size_t rsabits = RSA_bits(prsactx->rsa);
if (rsabits < 2048) {
- ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
- return 0;
+ if (rsabits != 1024
+ && rsabits != 1280
+ && rsabits != 1536
+ && rsabits != 1792) {
+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
}
# endif
--- openssl-3.2.3.orig/util/perl/OpenSSL/paramnames.pm
+++ openssl-3.2.3/util/perl/OpenSSL/paramnames.pm
@@ -386,6 +386,7 @@ my %params = (
'SIGNATURE_PARAM_MGF1_PROPERTIES' => '*PKEY_PARAM_MGF1_PROPERTIES',
'SIGNATURE_PARAM_DIGEST_SIZE' => '*PKEY_PARAM_DIGEST_SIZE',
'SIGNATURE_PARAM_NONCE_TYPE' => "nonce-type",
+ 'SIGNATURE_PARAM_SUSE_FIPS_INDICATOR' => "suse-fips-indicator",
'SIGNATURE_PARAM_INSTANCE' => "instance",
'SIGNATURE_PARAM_CONTEXT_STRING' => "context-string",

3
openssl-Force-FIPS.patch
View File

@@ -42,7 +42,7 @@ Index: openssl-3.1.7/crypto/provider_conf.c
}
CRYPTO_THREAD_unlock(pcgbl->lock);
@@ -383,6 +387,33 @@ static int provider_conf_init(CONF_IMODU
@@ -383,6 +387,32 @@ static int provider_conf_init(CONF_IMODU
return 0;
}
@@ -54,7 +54,6 @@ Index: openssl-3.1.7/crypto/provider_conf.c
+ CONF *fips_conf = NCONF_new_ex(libctx, NCONF_default());
+ if (NCONF_load(fips_conf, FIPS_LOCAL_CONF, NULL) <= 0)
+ return 0;
+
+ if (provider_conf_load(libctx, "fips", "fips_sect", fips_conf) != 1) {
+ NCONF_free(fips_conf);
+ return 0;

65
openssl-Remove-EC-curves.patch
View File

@@ -15,11 +15,11 @@ Patch-status: |
test/recipes/15-test_genec.t | 27 -----------
5 files changed, 1 insertion(+), 147 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
index cace25eda1..d527f12f18 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -385,7 +385,7 @@ static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */
Index: openssl-3.2.3/apps/speed.c
===================================================================
--- openssl-3.2.3.orig/apps/speed.c
+++ openssl-3.2.3/apps/speed.c
@@ -401,7 +401,7 @@ static double ffdh_results[FFDH_NUM][1];
#endif /* OPENSSL_NO_DH */
enum ec_curves_t {
@@ -28,7 +28,7 @@ index cace25eda1..d527f12f18 100644
#ifndef OPENSSL_NO_EC2M
R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
@@ -395,8 +395,6 @@ enum ec_curves_t {
@@ -411,8 +411,6 @@ enum ec_curves_t {
};
/* list of ecdsa curves */
static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
@@ -37,8 +37,8 @@ index cace25eda1..d527f12f18 100644
{"ecdsap224", R_EC_P224},
{"ecdsap256", R_EC_P256},
{"ecdsap384", R_EC_P384},
@@ -423,8 +421,6 @@ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM };
@@ -445,8 +443,6 @@ enum {
};
/* list of ecdh curves, extension of |ecdsa_choices| list above */
static const OPT_PAIR ecdh_choices[EC_NUM] = {
- {"ecdhp160", R_EC_P160},
@@ -46,7 +46,7 @@ index cace25eda1..d527f12f18 100644
{"ecdhp224", R_EC_P224},
{"ecdhp256", R_EC_P256},
{"ecdhp384", R_EC_P384},
@@ -1442,8 +1438,6 @@ int speed_main(int argc, char **argv)
@@ -1781,8 +1777,6 @@ int speed_main(int argc, char **argv)
*/
static const EC_CURVE ec_curves[EC_NUM] = {
/* Prime Curves */
@@ -55,10 +55,10 @@ index cace25eda1..d527f12f18 100644
{"nistp224", NID_secp224r1, 224},
{"nistp256", NID_X9_62_prime256v1, 256},
{"nistp384", NID_secp384r1, 384},
diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c
index 1ec10143d2..82b95294b4 100644
--- a/crypto/evp/ec_support.c
+++ b/crypto/evp/ec_support.c
Index: openssl-3.2.3/crypto/evp/ec_support.c
===================================================================
--- openssl-3.2.3.orig/crypto/evp/ec_support.c
+++ openssl-3.2.3/crypto/evp/ec_support.c
@@ -20,89 +20,15 @@ typedef struct ec_name2nid_st {
static const EC_NAME2NID curve_list[] = {
/* prime field curves */
@@ -149,7 +149,7 @@ index 1ec10143d2..82b95294b4 100644
{"brainpoolP256r1", NID_brainpoolP256r1 },
{"brainpoolP256t1", NID_brainpoolP256t1 },
{"brainpoolP320r1", NID_brainpoolP320r1 },
@@ -150,17 +74,6 @@ int ossl_ec_curve_name2nid(const char *name)
@@ -150,17 +76,6 @@ int ossl_ec_curve_name2nid(const char *n
/* Functions to translate between common NIST curve names and NIDs */
static const EC_NAME2NID nist_curves[] = {
@@ -167,15 +167,14 @@ index 1ec10143d2..82b95294b4 100644
{"P-224", NID_secp224r1},
{"P-256", NID_X9_62_prime256v1},
{"P-384", NID_secp384r1},
diff --git a/test/acvp_test.inc b/test/acvp_test.inc
index ad11d3ae1e..894a0bff9d 100644
--- a/test/acvp_test.inc
+++ b/test/acvp_test.inc
@@ -211,15 +211,6 @@ static const unsigned char ecdsa_sigver_s1[] = {
0xB1, 0xAC,
Index: openssl-3.2.3/test/acvp_test.inc
===================================================================
--- openssl-3.2.3.orig/test/acvp_test.inc
+++ openssl-3.2.3/test/acvp_test.inc
@@ -212,15 +212,6 @@ static const unsigned char ecdsa_sigver_
};
static const struct ecdsa_sigver_st ecdsa_sigver_data[] = {
- {
{
- "SHA-1",
- "P-192",
- ITM(ecdsa_sigver_msg0),
@@ -184,13 +183,14 @@ index ad11d3ae1e..894a0bff9d 100644
- ITM(ecdsa_sigver_s0),
- PASS,
- },
{
- {
"SHA2-512",
"P-521",
diff --git a/test/ecdsatest.h b/test/ecdsatest.h
index 63fe319025..06b5c0aac5 100644
--- a/test/ecdsatest.h
+++ b/test/ecdsatest.h
ITM(ecdsa_sigver_msg1),
Index: openssl-3.2.3/test/ecdsatest.h
===================================================================
--- openssl-3.2.3.orig/test/ecdsatest.h
+++ openssl-3.2.3/test/ecdsatest.h
@@ -32,23 +32,6 @@ typedef struct {
} ecdsa_cavs_kat_t;
@@ -215,11 +215,11 @@ index 63fe319025..06b5c0aac5 100644
/* prime KATs from NIST CAVP */
{NID_secp224r1, NID_sha224,
"699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t
index 2dfed387ca..c733b68f83 100644
--- a/test/recipes/15-test_genec.t
+++ b/test/recipes/15-test_genec.t
@@ -41,37 +41,11 @@ plan skip_all => "This test is unsupported in a no-ec build"
Index: openssl-3.2.3/test/recipes/15-test_genec.t
===================================================================
--- openssl-3.2.3.orig/test/recipes/15-test_genec.t
+++ openssl-3.2.3/test/recipes/15-test_genec.t
@@ -41,37 +41,11 @@ plan skip_all => "This test is unsupport
if disabled("ec");
my @prime_curves = qw(
@@ -265,6 +265,3 @@ index 2dfed387ca..c733b68f83 100644
P-224
P-256
P-384
--
2.41.0

41
openssl-TESTS-Disable-default-provider-crypto-policies.patch Normal file
View File

@@ -0,0 +1,41 @@
Index: openssl-3.2.3/apps/openssl.cnf
===================================================================
--- openssl-3.2.3.orig/apps/openssl.cnf
+++ openssl-3.2.3/apps/openssl.cnf
@@ -45,7 +45,7 @@ tsa_policy3 = 1.2.3.4.5.7
[openssl_init]
providers = provider_sect
# Load default TLS policy configuration
-ssl_conf = ssl_module
+##ssl_conf = ssl_module
[ evp_properties ]
# This section is intentionally added empty here to be tuned on particular systems
@@ -60,20 +60,20 @@ ssl_conf = ssl_module
# to side-channel attacks and as such have been deprecated.
[provider_sect]
-default = default_sect
+##default = default_sect
##legacy = legacy_sect
-[default_sect]
-activate = 1
+##[default_sect]
+##activate = 1
##[legacy_sect]
##activate = 1
-[ ssl_module ]
-system_default = crypto_policy
+##[ ssl_module ]
+##system_default = crypto_policy
-[ crypto_policy ]
-.include = /etc/crypto-policies/back-ends/opensslcnf.config
+##[ crypto_policy ]
+##.include = /etc/crypto-policies/back-ends/opensslcnf.config
####################################################################
[ ca ]

35
openssl-crypto-policies-support.patch
View File

@@ -1,35 +0,0 @@
Add default section to load crypto-policies configuration for TLS.
It needs to be reverted before running tests.
---
apps/openssl.cnf | 20 ++++++++++++++++++--
2 files changed, 19 insertions(+), 3 deletions(-)
Index: openssl-3.2.0/apps/openssl.cnf
===================================================================
--- openssl-3.2.0.orig/apps/openssl.cnf
+++ openssl-3.2.0/apps/openssl.cnf
@@ -52,6 +52,8 @@ tsa_policy3 = 1.2.3.4.5.7
[openssl_init]
providers = provider_sect
+# Load default TLS policy configuration
+ssl_conf = ssl_module
# List of providers to load
[provider_sect]
@@ -71,6 +73,13 @@ default = default_sect
[default_sect]
# activate = 1
+[ ssl_module ]
+
+system_default = crypto_policy
+
+[ crypto_policy ]
+
+.include = /etc/crypto-policies/back-ends/opensslcnf.config
####################################################################
[ ca ]

2159
openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch
View File

File diff suppressed because it is too large Load Diff

65
openssl-ec-Use-static-linkage-on-nistp521-felem_-square-mul-.patch
View File

@@ -1,65 +0,0 @@
From 3e47a286dc3274bda72a196c3a4030a1fc8302f1 Mon Sep 17 00:00:00 2001
From: Rohan McLure <rohanmclure@linux.ibm.com>
Date: Fri, 23 Jun 2023 16:41:48 +1000
Subject: [PATCH] ec: Use static linkage on nistp521 felem_{square,mul}
wrappers
Runtime selection of implementations for felem_{square,mul} depends on
felem_{square,mul}_wrapper functions, which overwrite function points in
a similar design to that of .plt.got sections used by program loaders
during dynamic linking.
There's no reason why these functions need to have external linkage.
Mark static.
Signed-off-by: Rohan McLure <rohanmclure@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21471)
---
crypto/ec/ecp_nistp521.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c
index 97815cac1f13..32a9268ecf17 100644
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -676,8 +676,8 @@ static void felem_reduce(felem out, const largefelem in)
}
#if defined(ECP_NISTP521_ASM)
-void felem_square_wrapper(largefelem out, const felem in);
-void felem_mul_wrapper(largefelem out, const felem in1, const felem in2);
+static void felem_square_wrapper(largefelem out, const felem in);
+static void felem_mul_wrapper(largefelem out, const felem in1, const felem in2);
static void (*felem_square_p)(largefelem out, const felem in) =
felem_square_wrapper;
@@ -691,7 +691,7 @@ void p521_felem_mul(largefelem out, const felem in1, const felem in2);
# include "crypto/ppc_arch.h"
# endif
-void felem_select(void)
+static void felem_select(void)
{
# if defined(_ARCH_PPC64)
if ((OPENSSL_ppccap_P & PPC_MADD300) && (OPENSSL_ppccap_P & PPC_ALTIVEC)) {
@@ -707,13 +707,13 @@ void felem_select(void)
felem_mul_p = felem_mul_ref;
}
-void felem_square_wrapper(largefelem out, const felem in)
+static void felem_square_wrapper(largefelem out, const felem in)
{
felem_select();
felem_square_p(out, in);
}
-void felem_mul_wrapper(largefelem out, const felem in1, const felem in2)
+static void felem_mul_wrapper(largefelem out, const felem in1, const felem in2)
{
felem_select();
felem_mul_p(out, in1, in2);

428
openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch
View File

@@ -1,428 +0,0 @@
From 966047ee13188e8634af25af348940acceb9316d Mon Sep 17 00:00:00 2001
From: Rohan McLure <rohanmclure@linux.ibm.com>
Date: Wed, 31 May 2023 14:32:26 +1000
Subject: [PATCH] ec: powerpc64le: Add asm implementation of felem_{square,mul}
Add an assembly implementation of felem_{square,mul}, which will be
implemented whenever Altivec support is present and the core implements
ISA 3.0 (Power 9) or greater.
Signed-off-by: Rohan McLure <rohanmclure@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21471)
---
crypto/ec/asm/ecp_nistp384-ppc64.pl | 355 ++++++++++++++++++++++++++++
crypto/ec/build.info | 6 +-
crypto/ec/ecp_nistp384.c | 9 +
3 files changed, 368 insertions(+), 2 deletions(-)
create mode 100755 crypto/ec/asm/ecp_nistp384-ppc64.pl
diff --git a/crypto/ec/asm/ecp_nistp384-ppc64.pl b/crypto/ec/asm/ecp_nistp384-ppc64.pl
new file mode 100755
index 000000000000..3f86b391af69
--- /dev/null
+++ b/crypto/ec/asm/ecp_nistp384-ppc64.pl
@@ -0,0 +1,355 @@
+#! /usr/bin/env perl
+# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# ====================================================================
+# Written by Rohan McLure <rmclure@linux.ibm.com> for the OpenSSL
+# project.
+# ====================================================================
+#
+# p384 lower-level primitives for PPC64 using vector instructions.
+#
+
+use strict;
+use warnings;
+
+my $flavour = shift;
+my $output = "";
+while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+if (!$output) {
+ $output = "-";
+}
+
+my ($xlate, $dir);
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+my $code = "";
+
+my ($sp, $outp, $savelr, $savesp) = ("r1", "r3", "r10", "r12");
+
+my $vzero = "v32";
+
+sub startproc($)
+{
+ my ($name) = @_;
+
+ $code.=<<___;
+ .globl ${name}
+ .align 5
+${name}:
+
+___
+}
+
+sub endproc($)
+{
+ my ($name) = @_;
+
+ $code.=<<___;
+ blr
+ .size ${name},.-${name}
+
+___
+}
+
+
+sub push_vrs($$)
+{
+ my ($min, $max) = @_;
+
+ my $count = $max - $min + 1;
+
+ $code.=<<___;
+ mr $savesp,$sp
+ stdu $sp,-16*`$count+1`($sp)
+
+___
+ for (my $i = $min; $i <= $max; $i++) {
+ my $mult = $max - $i + 1;
+ $code.=<<___;
+ stxv $i,-16*$mult($savesp)
+___
+
+ }
+
+ $code.=<<___;
+
+___
+}
+
+sub pop_vrs($$)
+{
+ my ($min, $max) = @_;
+
+ $code.=<<___;
+ ld $savesp,0($sp)
+___
+ for (my $i = $min; $i <= $max; $i++) {
+ my $mult = $max - $i + 1;
+ $code.=<<___;
+ lxv $i,-16*$mult($savesp)
+___
+ }
+
+ $code.=<<___;
+ mr $sp,$savesp
+
+___
+}
+
+sub load_vrs($$)
+{
+ my ($pointer, $reg_list) = @_;
+
+ for (my $i = 0; $i <= 6; $i++) {
+ my $offset = $i * 8;
+ $code.=<<___;
+ lxsd $reg_list->[$i],$offset($pointer)
+___
+ }
+
+ $code.=<<___;
+
+___
+}
+
+sub store_vrs($$)
+{
+ my ($pointer, $reg_list) = @_;
+
+ for (my $i = 0; $i <= 12; $i++) {
+ my $offset = $i * 16;
+ $code.=<<___;
+ stxv $reg_list->[$i],$offset($pointer)
+___
+ }
+
+ $code.=<<___;
+
+___
+}
+
+$code.=<<___;
+.machine "any"
+.text
+
+___
+
+{
+ # mul/square common
+ my ($t1, $t2, $t3, $t4) = ("v33", "v34", "v42", "v43");
+ my ($zero, $one) = ("r8", "r9");
+ my $out = "v51";
+
+ {
+ #
+ # p384_felem_mul
+ #
+
+ my ($in1p, $in2p) = ("r4", "r5");
+ my @in1 = map("v$_",(44..50));
+ my @in2 = map("v$_",(35..41));
+
+ startproc("p384_felem_mul");
+
+ push_vrs(52, 63);
+
+ $code.=<<___;
+ vspltisw $vzero,0
+
+___
+
+ load_vrs($in1p, \@in1);
+ load_vrs($in2p, \@in2);
+
+ $code.=<<___;
+ vmsumudm $out,$in1[0],$in2[0],$vzero
+ stxv $out,0($outp)
+
+ xxpermdi $t1,$in1[0],$in1[1],0b00
+ xxpermdi $t2,$in2[1],$in2[0],0b00
+ vmsumudm $out,$t1,$t2,$vzero
+ stxv $out,16($outp)
+
+ xxpermdi $t2,$in2[2],$in2[1],0b00
+ vmsumudm $out,$t1,$t2,$vzero
+ vmsumudm $out,$in1[2],$in2[0],$out
+ stxv $out,32($outp)
+
+ xxpermdi $t2,$in2[1],$in2[0],0b00
+ xxpermdi $t3,$in1[2],$in1[3],0b00
+ xxpermdi $t4,$in2[3],$in2[2],0b00
+ vmsumudm $out,$t1,$t4,$vzero
+ vmsumudm $out,$t3,$t2,$out
+ stxv $out,48($outp)
+
+ xxpermdi $t2,$in2[4],$in2[3],0b00
+ xxpermdi $t4,$in2[2],$in2[1],0b00
+ vmsumudm $out,$t1,$t2,$vzero
+ vmsumudm $out,$t3,$t4,$out
+ vmsumudm $out,$in1[4],$in2[0],$out
+ stxv $out,64($outp)
+
+ xxpermdi $t2,$in2[5],$in2[4],0b00
+ xxpermdi $t4,$in2[3],$in2[2],0b00
+ vmsumudm $out,$t1,$t2,$vzero
+ vmsumudm $out,$t3,$t4,$out
+ xxpermdi $t4,$in2[1],$in2[0],0b00
+ xxpermdi $t1,$in1[4],$in1[5],0b00
+ vmsumudm $out,$t1,$t4,$out
+ stxv $out,80($outp)
+
+ xxpermdi $t1,$in1[0],$in1[1],0b00
+ xxpermdi $t2,$in2[6],$in2[5],0b00
+ xxpermdi $t4,$in2[4],$in2[3],0b00
+ vmsumudm $out,$t1,$t2,$vzero
+ vmsumudm $out,$t3,$t4,$out
+ xxpermdi $t2,$in2[2],$in2[1],0b00
+ xxpermdi $t1,$in1[4],$in1[5],0b00
+ vmsumudm $out,$t1,$t2,$out
+ vmsumudm $out,$in1[6],$in2[0],$out
+ stxv $out,96($outp)
+
+ xxpermdi $t1,$in1[1],$in1[2],0b00
+ xxpermdi $t2,$in2[6],$in2[5],0b00
+ xxpermdi $t3,$in1[3],$in1[4],0b00
+ vmsumudm $out,$t1,$t2,$vzero
+ vmsumudm $out,$t3,$t4,$out
+ xxpermdi $t3,$in2[2],$in2[1],0b00
+ xxpermdi $t1,$in1[5],$in1[6],0b00
+ vmsumudm $out,$t1,$t3,$out
+ stxv $out,112($outp)
+
+ xxpermdi $t1,$in1[2],$in1[3],0b00
+ xxpermdi $t3,$in1[4],$in1[5],0b00
+ vmsumudm $out,$t1,$t2,$vzero
+ vmsumudm $out,$t3,$t4,$out
+ vmsumudm $out,$in1[6],$in2[2],$out
+ stxv $out,128($outp)
+
+ xxpermdi $t1,$in1[3],$in1[4],0b00
+ vmsumudm $out,$t1,$t2,$vzero
+ xxpermdi $t1,$in1[5],$in1[6],0b00
+ vmsumudm $out,$t1,$t4,$out
+ stxv $out,144($outp)
+
+ vmsumudm $out,$t3,$t2,$vzero
+ vmsumudm $out,$in1[6],$in2[4],$out
+ stxv $out,160($outp)
+
+ vmsumudm $out,$t1,$t2,$vzero
+ stxv $out,176($outp)
+
+ vmsumudm $out,$in1[6],$in2[6],$vzero
+ stxv $out,192($outp)
+___
+
+ endproc("p384_felem_mul");
+ }
+
+ {
+ #
+ # p384_felem_square
+ #
+
+ my ($inp) = ("r4");
+ my @in = map("v$_",(44..50));
+ my @inx2 = map("v$_",(35..41));
+
+ startproc("p384_felem_square");
+
+ push_vrs(52, 63);
+
+ $code.=<<___;
+ vspltisw $vzero,0
+
+___
+
+ load_vrs($inp, \@in);
+
+ $code.=<<___;
+ li $zero,0
+ li $one,1
+ mtvsrdd $t1,$one,$zero
+___
+
+ for (my $i = 0; $i <= 6; $i++) {
+ $code.=<<___;
+ vsld $inx2[$i],$in[$i],$t1
+___
+ }
+
+ $code.=<<___;
+ vmsumudm $out,$in[0],$in[0],$vzero
+ stxv $out,0($outp)
+
+ vmsumudm $out,$in[0],$inx2[1],$vzero
+ stxv $out,16($outp)
+
+ vmsumudm $out,$in[0],$inx2[2],$vzero
+ vmsumudm $out,$in[1],$in[1],$out
+ stxv $out,32($outp)
+
+ xxpermdi $t1,$in[0],$in[1],0b00
+ xxpermdi $t2,$inx2[3],$inx2[2],0b00
+ vmsumudm $out,$t1,$t2,$vzero
+ stxv $out,48($outp)
+
+ xxpermdi $t4,$inx2[4],$inx2[3],0b00
+ vmsumudm $out,$t1,$t4,$vzero
+ vmsumudm $out,$in[2],$in[2],$out
+ stxv $out,64($outp)
+
+ xxpermdi $t2,$inx2[5],$inx2[4],0b00
+ vmsumudm $out,$t1,$t2,$vzero
+ vmsumudm $out,$in[2],$inx2[3],$out
+ stxv $out,80($outp)
+
+ xxpermdi $t2,$inx2[6],$inx2[5],0b00
+ vmsumudm $out,$t1,$t2,$vzero
+ vmsumudm $out,$in[2],$inx2[4],$out
+ vmsumudm $out,$in[3],$in[3],$out
+ stxv $out,96($outp)
+
+ xxpermdi $t3,$in[1],$in[2],0b00
+ vmsumudm $out,$t3,$t2,$vzero
+ vmsumudm $out,$in[3],$inx2[4],$out
+ stxv $out,112($outp)
+
+ xxpermdi $t1,$in[2],$in[3],0b00
+ vmsumudm $out,$t1,$t2,$vzero
+ vmsumudm $out,$in[4],$in[4],$out
+ stxv $out,128($outp)
+
+ xxpermdi $t1,$in[3],$in[4],0b00
+ vmsumudm $out,$t1,$t2,$vzero
+ stxv $out,144($outp)
+
+ vmsumudm $out,$in[4],$inx2[6],$vzero
+ vmsumudm $out,$in[5],$in[5],$out
+ stxv $out,160($outp)
+
+ vmsumudm $out,$in[5],$inx2[6],$vzero
+ stxv $out,176($outp)
+
+ vmsumudm $out,$in[6],$in[6],$vzero
+ stxv $out,192($outp)
+___
+
+ endproc("p384_felem_square");
+ }
+}
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/ec/build.info b/crypto/ec/build.info
index 1fa60a1deddd..4077bead7bdb 100644
--- a/crypto/ec/build.info
+++ b/crypto/ec/build.info
@@ -39,8 +39,9 @@ IF[{- !$disabled{asm} -}]
$ECASM_ppc64=ecp_nistz256.c ecp_ppc.c ecp_nistz256-ppc64.s x25519-ppc64.s
$ECDEF_ppc64=ECP_NISTZ256_ASM X25519_ASM
IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}]
- $ECASM_ppc64=$ECASM_ppc64 ecp_nistp521-ppc64.s
- $ECDEF_ppc64=$ECDEF_ppc64 ECP_NISTP521_ASM
+ $ECASM_ppc64=$ECASM_ppc64 ecp_nistp384-ppc64.s ecp_nistp521-ppc64.s
+ $ECDEF_ppc64=$ECDEF_ppc64 ECP_NISTP384_ASM ECP_NISTP521_ASM
+ INCLUDE[ecp_nistp384.o]=..
INCLUDE[ecp_nistp521.o]=..
ENDIF
@@ -119,6 +120,7 @@ GENERATE[ecp_nistz256-armv8.S]=asm/ecp_nistz256-armv8.pl
INCLUDE[ecp_nistz256-armv8.o]=..
GENERATE[ecp_nistz256-ppc64.s]=asm/ecp_nistz256-ppc64.pl
+GENERATE[ecp_nistp384-ppc64.s]=asm/ecp_nistp384-ppc64.pl
GENERATE[ecp_nistp521-ppc64.s]=asm/ecp_nistp521-ppc64.pl
GENERATE[x25519-x86_64.s]=asm/x25519-x86_64.pl
diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c
index a0559487ed4e..14f9530d07c6 100644
--- a/crypto/ec/ecp_nistp384.c
+++ b/crypto/ec/ecp_nistp384.c
@@ -691,6 +691,15 @@ void p384_felem_mul(widefelem out, const felem in1, const felem in2);
static void felem_select(void)
{
+# if defined(_ARCH_PPC64)
+ if ((OPENSSL_ppccap_P & PPC_MADD300) && (OPENSSL_ppccap_P & PPC_ALTIVEC)) {
+ felem_square_p = p384_felem_square;
+ felem_mul_p = p384_felem_mul;
+
+ return;
+ }
+# endif
+
/* Default */
felem_square_p = felem_square_ref;
felem_mul_p = felem_mul_ref;

76
openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch
View File

@@ -1,76 +0,0 @@
From 670e73d9084465384b11ef24802ca4a313e1d2f4 Mon Sep 17 00:00:00 2001
From: Rohan McLure <rohanmclure@linux.ibm.com>
Date: Tue, 15 Aug 2023 15:20:20 +1000
Subject: [PATCH] ecc: Remove extraneous parentheses in secp384r1
Substitutions in the felem_reduce() method feature unecessary
parentheses, remove them.
Signed-off-by: Rohan McLure <rohan.mclure@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21749)
---
crypto/ec/ecp_nistp384.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c
index 14f9530d07c6..ff68f9cc7ad0 100644
--- a/crypto/ec/ecp_nistp384.c
+++ b/crypto/ec/ecp_nistp384.c
@@ -540,7 +540,7 @@ static void felem_reduce(felem out, const widefelem in)
acc[7] += in[12] >> 8;
acc[6] += (in[12] & 0xff) << 48;
acc[6] -= in[12] >> 16;
- acc[5] -= ((in[12] & 0xffff) << 40);
+ acc[5] -= (in[12] & 0xffff) << 40;
acc[6] += in[12] >> 48;
acc[5] += (in[12] & 0xffffffffffff) << 8;
@@ -549,7 +549,7 @@ static void felem_reduce(felem out, const widefelem in)
acc[6] += in[11] >> 8;
acc[5] += (in[11] & 0xff) << 48;
acc[5] -= in[11] >> 16;
- acc[4] -= ((in[11] & 0xffff) << 40);
+ acc[4] -= (in[11] & 0xffff) << 40;
acc[5] += in[11] >> 48;
acc[4] += (in[11] & 0xffffffffffff) << 8;
@@ -558,7 +558,7 @@ static void felem_reduce(felem out, const widefelem in)
acc[5] += in[10] >> 8;
acc[4] += (in[10] & 0xff) << 48;
acc[4] -= in[10] >> 16;
- acc[3] -= ((in[10] & 0xffff) << 40);
+ acc[3] -= (in[10] & 0xffff) << 40;
acc[4] += in[10] >> 48;
acc[3] += (in[10] & 0xffffffffffff) << 8;
@@ -567,7 +567,7 @@ static void felem_reduce(felem out, const widefelem in)
acc[4] += in[9] >> 8;
acc[3] += (in[9] & 0xff) << 48;
acc[3] -= in[9] >> 16;
- acc[2] -= ((in[9] & 0xffff) << 40);
+ acc[2] -= (in[9] & 0xffff) << 40;
acc[3] += in[9] >> 48;
acc[2] += (in[9] & 0xffffffffffff) << 8;
@@ -582,7 +582,7 @@ static void felem_reduce(felem out, const widefelem in)
acc[3] += acc[8] >> 8;
acc[2] += (acc[8] & 0xff) << 48;
acc[2] -= acc[8] >> 16;
- acc[1] -= ((acc[8] & 0xffff) << 40);
+ acc[1] -= (acc[8] & 0xffff) << 40;
acc[2] += acc[8] >> 48;
acc[1] += (acc[8] & 0xffffffffffff) << 8;
@@ -591,7 +591,7 @@ static void felem_reduce(felem out, const widefelem in)
acc[2] += acc[7] >> 8;
acc[1] += (acc[7] & 0xff) << 48;
acc[1] -= acc[7] >> 16;
- acc[0] -= ((acc[7] & 0xffff) << 40);
+ acc[0] -= (acc[7] & 0xffff) << 40;
acc[1] += acc[7] >> 48;
acc[0] += (acc[7] & 0xffffffffffff) << 8;

20
openssl-load-legacy-provider.patch
View File

@@ -13,11 +13,11 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
doc/man5/config.pod | 8 ++++++++
2 files changed, 23 insertions(+), 22 deletions(-)
Index: openssl-3.1.4/apps/openssl.cnf
Index: openssl-3.2.3/apps/openssl.cnf
===================================================================
--- openssl-3.1.4.orig/apps/openssl.cnf
+++ openssl-3.1.4/apps/openssl.cnf
@@ -42,36 +42,29 @@ tsa_policy1 = 1.2.3.4.1
--- openssl-3.2.3.orig/apps/openssl.cnf
+++ openssl-3.2.3/apps/openssl.cnf
@@ -42,14 +42,6 @@ tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
@@ -32,7 +32,9 @@ Index: openssl-3.1.4/apps/openssl.cnf
[openssl_init]
providers = provider_sect
# Load default TLS policy configuration
ssl_conf = ssl_module
@@ -58,23 +50,24 @@ ssl_conf = ssl_module
[ evp_properties ]
# This section is intentionally added empty here to be tuned on particular systems
-# List of providers to load
+# Uncomment the sections that start with ## below to enable the legacy provider.
@@ -68,11 +70,11 @@ Index: openssl-3.1.4/apps/openssl.cnf
+##activate = 1
[ ssl_module ]
Index: openssl-3.1.4/doc/man5/config.pod
system_default = crypto_policy
Index: openssl-3.2.3/doc/man5/config.pod
===================================================================
--- openssl-3.1.4.orig/doc/man5/config.pod
+++ openssl-3.1.4/doc/man5/config.pod
--- openssl-3.2.3.orig/doc/man5/config.pod
+++ openssl-3.2.3/doc/man5/config.pod
@@ -273,6 +273,14 @@ significant.
All parameters in the section as well as sub-sections are made
available to the provider.

16
openssl-no-html-docs.patch
View File

@@ -1,13 +1,13 @@
Index: openssl-3.1.4/Configurations/unix-Makefile.tmpl
Index: openssl-3.2.3/Configurations/unix-Makefile.tmpl
===================================================================
--- openssl-3.1.4.orig/Configurations/unix-Makefile.tmpl
+++ openssl-3.1.4/Configurations/unix-Makefile.tmpl
@@ -611,7 +611,7 @@ install_sw: install_dev install_engines
--- openssl-3.2.3.orig/Configurations/unix-Makefile.tmpl
+++ openssl-3.2.3/Configurations/unix-Makefile.tmpl
@@ -633,7 +633,7 @@ install_sw: install_dev install_engines
uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev
uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev ## Uninstall the software and libraries
-install_docs: install_man_docs install_html_docs
+install_docs: install_man_docs
-install_docs: install_man_docs install_html_docs ## Install manpages and HTML documentation
+install_docs: install_man_docs # install_html_docs ## Install manpages and HTML documentation
uninstall_docs: uninstall_man_docs uninstall_html_docs
uninstall_docs: uninstall_man_docs uninstall_html_docs ## Uninstall manpages and HTML documentation
$(RM) -r "$(DESTDIR)$(DOCDIR)"

17
openssl-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
View File

@@ -10,10 +10,10 @@ Patch-id: 84
providers/implementations/kdfs/pbkdf2.c | 27 ++++++++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
index 349c3dd657..11820d1e69 100644
--- a/providers/implementations/kdfs/pbkdf2.c
+++ b/providers/implementations/kdfs/pbkdf2.c
Index: openssl-3.2.3/providers/implementations/kdfs/pbkdf2.c
===================================================================
--- openssl-3.2.3.orig/providers/implementations/kdfs/pbkdf2.c
+++ openssl-3.2.3/providers/implementations/kdfs/pbkdf2.c
@@ -35,6 +35,21 @@
#define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF
#define KDF_PBKDF2_MIN_ITERATIONS 1000
@@ -32,11 +32,11 @@ index 349c3dd657..11820d1e69 100644
+ * testing uses passwords as short as 8 bytes, and requiring longer passwords
+ * combined with an implicit indicator (i.e., returning an error) would cause
+ * the module to fail ACVP testing. */
+#define KDF_PBKDF2_MIN_PASSWORD_LEN (20)
+#define KDF_PBKDF2_MIN_PASSWORD_LEN (8)
static OSSL_FUNC_kdf_newctx_fn kdf_pbkdf2_new;
static OSSL_FUNC_kdf_dupctx_fn kdf_pbkdf2_dup;
@@ -219,9 +234,15 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
@@ -215,9 +230,15 @@ static int kdf_pbkdf2_set_ctx_params(voi
ctx->lower_bound_checks = pkcs5 == 0;
}
@@ -53,7 +53,7 @@ index 349c3dd657..11820d1e69 100644
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) {
if (ctx->lower_bound_checks != 0
@@ -331,6 +352,10 @@ static int pbkdf2_derive(const char *pass, size_t passlen,
@@ -327,6 +348,10 @@ static int pbkdf2_derive(const char *pas
}
if (lower_bound_checks) {
@@ -64,6 +64,3 @@ index 349c3dd657..11820d1e69 100644
if ((keylen * 8) < KDF_PBKDF2_MIN_KEY_LEN_BITS) {
ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
return 0;
--
2.41.0

10
openssl-pkgconfig.patch
View File

@@ -1,8 +1,8 @@
Index: openssl-1.1.1-pre3/Configurations/unix-Makefile.tmpl
Index: openssl-3.2.3/Configurations/unix-Makefile.tmpl
===================================================================
--- openssl-1.1.1-pre3.orig/Configurations/unix-Makefile.tmpl 2018-03-20 15:20:03.037124698 +0100
+++ openssl-1.1.1-pre3/Configurations/unix-Makefile.tmpl 2018-03-20 15:21:04.206084731 +0100
@@ -843,7 +843,7 @@ libcrypto.pc:
--- openssl-3.2.3.orig/Configurations/unix-Makefile.tmpl
+++ openssl-3.2.3/Configurations/unix-Makefile.tmpl
@@ -1453,7 +1453,7 @@ libcrypto.pc:
echo 'Version: '$(VERSION); \
echo 'Libs: -L$${libdir} -lcrypto'; \
echo 'Libs.private: $(LIB_EX_LIBS)'; \
@@ -11,7 +11,7 @@ Index: openssl-1.1.1-pre3/Configurations/unix-Makefile.tmpl
libssl.pc:
@ ( echo 'prefix=$(INSTALLTOP)'; \
@@ -860,7 +860,7 @@ libssl.pc:
@@ -1470,7 +1470,7 @@ libssl.pc:
echo 'Version: '$(VERSION); \
echo 'Requires.private: libcrypto'; \
echo 'Libs: -L$${libdir} -lssl'; \

96
openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch
View File

@@ -1,96 +0,0 @@
From 50f8b936b00dc18ce1f622a7a6aa46daf03da48b Mon Sep 17 00:00:00 2001
From: Rohan McLure <rohanmclure@linux.ibm.com>
Date: Wed, 16 Aug 2023 16:52:47 +1000
Subject: [PATCH] powerpc: ecc: Fix stack allocation secp384r1 asm
Assembly acceleration secp384r1 opts to not use any callee-save VSRs, as
VSX enabled systems make extensive use of renaming, and so writebacks in
felem_{mul,square}() can be reordered for best cache effects.
Remove stack allocations. This in turn fixes unmatched push/pops in
felem_{mul,square}().
Signed-off-by: Rohan McLure <rohan.mclure@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21749)
---
crypto/ec/asm/ecp_nistp384-ppc64.pl | 49 -----------------------------
1 file changed, 49 deletions(-)
diff --git a/crypto/ec/asm/ecp_nistp384-ppc64.pl b/crypto/ec/asm/ecp_nistp384-ppc64.pl
index 3f86b391af69..28f4168e5218 100755
--- a/crypto/ec/asm/ecp_nistp384-ppc64.pl
+++ b/crypto/ec/asm/ecp_nistp384-ppc64.pl
@@ -62,51 +62,6 @@ ($)
___
}
-
-sub push_vrs($$)
-{
- my ($min, $max) = @_;
-
- my $count = $max - $min + 1;
-
- $code.=<<___;
- mr $savesp,$sp
- stdu $sp,-16*`$count+1`($sp)
-
-___
- for (my $i = $min; $i <= $max; $i++) {
- my $mult = $max - $i + 1;
- $code.=<<___;
- stxv $i,-16*$mult($savesp)
-___
-
- }
-
- $code.=<<___;
-
-___
-}
-
-sub pop_vrs($$)
-{
- my ($min, $max) = @_;
-
- $code.=<<___;
- ld $savesp,0($sp)
-___
- for (my $i = $min; $i <= $max; $i++) {
- my $mult = $max - $i + 1;
- $code.=<<___;
- lxv $i,-16*$mult($savesp)
-___
- }
-
- $code.=<<___;
- mr $sp,$savesp
-
-___
-}
-
sub load_vrs($$)
{
my ($pointer, $reg_list) = @_;
@@ -162,8 +117,6 @@ ($$)
startproc("p384_felem_mul");
- push_vrs(52, 63);
-
$code.=<<___;
vspltisw $vzero,0
@@ -268,8 +221,6 @@ ($$)
startproc("p384_felem_square");
- push_vrs(52, 63);
-
$code.=<<___;
vspltisw $vzero,0

8
openssl-ppc64-config.patch
View File

@@ -1,8 +1,8 @@
Index: openssl-3.0.0-alpha5/util/perl/OpenSSL/config.pm
Index: openssl-3.2.3/util/perl/OpenSSL/config.pm
===================================================================
--- openssl-3.0.0-alpha5.orig/util/perl/OpenSSL/config.pm
+++ openssl-3.0.0-alpha5/util/perl/OpenSSL/config.pm
@@ -525,14 +525,19 @@ EOF
--- openssl-3.2.3.orig/util/perl/OpenSSL/config.pm
+++ openssl-3.2.3/util/perl/OpenSSL/config.pm
@@ -592,14 +592,19 @@ EOF
return { target => "linux-ppc64" } if $KERNEL_BITS eq '64';
my %config = ();

85
openssl-skip-quic-pairwise.patch Normal file
View File

@@ -0,0 +1,85 @@
From 42ed594a3a905830374fb65cced431748f8c639c Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Thu, 4 Apr 2024 11:50:58 +0200
Subject: [PATCH 45/50] 0115-skip-quic-pairwise.patch
Patch-name: 0115-skip-quic-pairwise.patch
Patch-id: 115
Patch-status: |
# Amend tests according to Fedora/RHEL code
---
test/quicapitest.c | 4 +++-
test/recipes/01-test_symbol_presence.t | 1 +
test/recipes/30-test_pairwise_fail.t | 13 +++++++++++--
3 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/test/quicapitest.c b/test/quicapitest.c
index 41cf0fc7a8..0fb7492700 100644
--- a/test/quicapitest.c
+++ b/test/quicapitest.c
@@ -2139,7 +2139,9 @@ int setup_tests(void)
ADD_TEST(test_cipher_find);
ADD_TEST(test_version);
#if defined(DO_SSL_TRACE_TEST)
- ADD_TEST(test_ssl_trace);
+ if (is_fips == 0) {
+ ADD_TEST(test_ssl_trace);
+ }
#endif
ADD_TEST(test_quic_forbidden_apis_ctx);
ADD_TEST(test_quic_forbidden_apis);
diff --git a/test/recipes/30-test_pairwise_fail.t b/test/recipes/30-test_pairwise_fail.t
index c837d48fb4..f06ef04b1a 100644
--- a/test/recipes/30-test_pairwise_fail.t
+++ b/test/recipes/30-test_pairwise_fail.t
@@ -9,7 +9,7 @@
use strict;
use warnings;
-use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file);
+use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file with);
use OpenSSL::Test::Utils;
BEGIN {
@@ -31,28 +31,37 @@ run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]),
SKIP: {
skip "Skip RSA test because of no rsa in this build", 1
if disabled("rsa");
+ with({ exit_checker => sub {my $val = shift; return $val == 134; } },
+ sub {
ok(run(test(["pairwise_fail_test", "-config", $provconf,
"-pairwise", "rsa"])),
"fips provider rsa keygen pairwise failure test");
+ });
}
SKIP: {
skip "Skip EC test because of no ec in this build", 2
if disabled("ec");
+ with({ exit_checker => sub {my $val = shift; return $val == 134; } },
+ sub {
ok(run(test(["pairwise_fail_test", "-config", $provconf,
"-pairwise", "ec"])),
"fips provider ec keygen pairwise failure test");
+ });
skip "FIPS provider version is too old", 1
if !$fips_exit;
+ with({ exit_checker => sub {my $val = shift; return $val == 134; } },
+ sub {
ok(run(test(["pairwise_fail_test", "-config", $provconf,
"-pairwise", "eckat"])),
"fips provider ec keygen kat failure test");
+ });
}
SKIP: {
skip "Skip DSA tests because of no dsa in this build", 2
- if disabled("dsa");
+ if 1; #if disabled("dsa");
ok(run(test(["pairwise_fail_test", "-config", $provconf,
"-pairwise", "dsa", "-dsaparam", data_file("dsaparam.pem")])),
"fips provider dsa keygen pairwise failure test");
--
2.44.0

35
openssl-skipped-tests-EC-curves.patch
View File

@@ -14,11 +14,11 @@ From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
test/recipes/65-test_cmp_vfy.t | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t
index 0638d626e7..c0efd77649 100644
--- a/test/recipes/15-test_ec.t
+++ b/test/recipes/15-test_ec.t
@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key' => sub {
Index: openssl-3.2.3/test/recipes/15-test_ec.t
===================================================================
--- openssl-3.2.3.orig/test/recipes/15-test_ec.t
+++ openssl-3.2.3/test/recipes/15-test_ec.t
@@ -94,7 +94,7 @@ SKIP: {
subtest 'Check loading of fips and non-fips keys' => sub {
plan skip_all => "FIPS is disabled"
@@ -27,11 +27,11 @@ index 0638d626e7..c0efd77649 100644
plan tests => 2;
diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t
index 631603df7c..4cb2ffebbc 100644
--- a/test/recipes/65-test_cmp_protect.t
+++ b/test/recipes/65-test_cmp_protect.t
@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build"
Index: openssl-3.2.3/test/recipes/65-test_cmp_protect.t
===================================================================
--- openssl-3.2.3.orig/test/recipes/65-test_cmp_protect.t
+++ openssl-3.2.3/test/recipes/65-test_cmp_protect.t
@@ -27,7 +27,7 @@ plan skip_all => "This test is not suppo
plan skip_all => "This test is not supported in a shared library build on Windows"
if $^O eq 'MSWin32' && !disabled("shared");
@@ -39,12 +39,12 @@ index 631603df7c..4cb2ffebbc 100644
+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test
my @basic_cmd = ("cmp_protect_test",
data_file("server.pem"),
diff --git a/test/recipes/65-test_cmp_vfy.t b/test/recipes/65-test_cmp_vfy.t
index f722800e27..26a01786bb 100644
--- a/test/recipes/65-test_cmp_vfy.t
+++ b/test/recipes/65-test_cmp_vfy.t
@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build"
data_file("prot_RSA.pem"),
Index: openssl-3.2.3/test/recipes/65-test_cmp_vfy.t
===================================================================
--- openssl-3.2.3.orig/test/recipes/65-test_cmp_vfy.t
+++ openssl-3.2.3/test/recipes/65-test_cmp_vfy.t
@@ -27,7 +27,7 @@ plan skip_all => "This test is not suppo
plan skip_all => "This test is not supported in a no-ec build"
if disabled("ec");
@@ -53,6 +53,3 @@ index f722800e27..26a01786bb 100644
my @basic_cmd = ("cmp_vfy_test",
data_file("server.crt"), data_file("client.crt"),
--
2.41.0

8
openssl-truststore.patch
View File

@@ -1,10 +1,10 @@
Don't use the legacy /etc/ssl/certs directory anymore but rather the
p11-kit generated /var/lib/ca-certificates/openssl one (fate#314991)
Index: openssl-1.1.1-pre1/include/internal/cryptlib.h
Index: openssl-3.2.3/include/internal/common.h
===================================================================
--- openssl-1.1.1-pre1.orig/include/internal/cryptlib.h 2018-02-13 14:48:12.000000000 +0100
+++ openssl-1.1.1-pre1/include/internal/cryptlib.h 2018-02-13 16:30:11.738161984 +0100
@@ -59,8 +59,8 @@ DEFINE_LHASH_OF(MEM);
--- openssl-3.2.3.orig/include/internal/common.h
+++ openssl-3.2.3/include/internal/common.h
@@ -82,8 +82,8 @@ __owur static ossl_inline int ossl_asser
# ifndef OPENSSL_SYS_VMS
# define X509_CERT_AREA OPENSSLDIR