diff --git a/openssl-3.1.4.tar.gz b/openssl-3.1.4.tar.gz deleted file mode 100644 index dde84fd..0000000 --- a/openssl-3.1.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:840af5366ab9b522bde525826be3ef0fb0af81c6a9ebd84caa600fea1731eee3 -size 15569450 diff --git a/openssl-3.1.4.tar.gz.asc b/openssl-3.1.4.tar.gz.asc deleted file mode 100644 index d7c5025..0000000 --- a/openssl-3.1.4.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEE78CkZ9YTy4PH7W0w2JTizos9efUFAmU3yaoACgkQ2JTizos9 -efXt8BAAqcF9RBzduklMCXSfG4Rzs2KcWmR1+BB0izxG3KwPr+r54qBbSRCCImHA -U22An//xsDsQZ0K4rrkkkumpJCxLV/4F3TlEBdoCS4wzDXz/LfONzTuZ8Z3QP/Si -ElHTKdqPo2tp6LrDIUSGa9BmK1AsxkhOoC/uJlGpLP0mLJGI3PGo5ordyERAjL/C -hTumE16ErrXY3kHVPAeD6tJlxtV3M9UxsZAOK6LVfnhXLzz8hWMu2H5ZigXZWCDx -NG6ylV4xxfqO9eLxT2wUrJzg24w0VZzmbD+ZeZ24v9aAxGsbl3ZHLgMKkDehNNuP -0ADh3aGq9FkIg5n53UQu0pbOc6aBPgWwVuaNfxOheG2GqBCoca42ikW20QZyJAec -h3uLQ76vnWOjUIjeRCjpw0+OCUaWr0wx5WzzfdgYc813VwN6FaC9ZmB46oaLfIeD -MBAyuUxdTif/7SXmGgUIQDIf4Vxr2H7I0NyyDxD+y+C2gwn+zVvuVcBBc2cNq4QN -UINxZvm75CwaCsys+MDjSneDhpcSlAPqTJqM3DvKf/r3+27buz+sFw463fTHnv0F -FpyBPgvvusY4Z4h/jqLcfkl2MBOxlo+lpZJdPpQoEvGz751GsKmmtb0YgZ7BjrYs -5vFvo0EJ066J9bWLbp6VZd825B9P2Uy7u3sUz+E5nuavT4eHv7o= -=EH33 ------END PGP SIGNATURE----- diff --git a/openssl-3.1.7.tar.gz b/openssl-3.1.7.tar.gz new file mode 100644 index 0000000..40b50ce --- /dev/null +++ b/openssl-3.1.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:053a31fa80cf4aebe1068c987d2ef1e44ce418881427c4464751ae800c31d06c +size 15684836 diff --git a/openssl-3.1.7.tar.gz.asc b/openssl-3.1.7.tar.gz.asc new file mode 100644 index 0000000..f9e9b5d --- /dev/null +++ b/openssl-3.1.7.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEulRzorBYewf7J88tIWCU39DLge8FAmbXB9UACgkQIWCU39DL +ge/wjg/+MwugS9yaSCXXeqfRDYphyyblQ915j30Zo4kOdxr/ZBkrrzExxQaAN9tC +NR+w33NPmiQQk8MPKKx3dcOZ3giHv7uGlBbo8fHihoUJ5cM9jDLd0UnqSUKU6C7h +mK0BcGBj+Y5Sj2wH0NLPbFgfqbk2rbFRyDDoszj/ZahdE/dr1m1W8vI+FFqqqLjO +hc4J26Dn/oTA1FWgXhIAPQDjG/sUy2waF1Q/nelVkeCwrL5modcW8CXGiwZa5Wan +93cAgk0VUVq20FGQLVVxhGJ9wMGv48nS/hJKugJci1CFqX1eLc5NrbDah3sejGpA +9ZgNoguolbxVe+pFDF+Qj5tLM34+ONI4m2wqtKNAA9UN/W2NuQxatDlHYU2u718C +YpiEodIuNz5ktGAtHAe0fI36rvMJGy/6nKuzMXNF+QmbFzWhtnQRXJuC6uY7dIOa +QHHYmKboVJCb9Ak2gSuTEJvov8HFnlCRzzXBEN2sP6Xd86flERRcMH41VtEu0u2c +wB54o5+9l/7PQ3TOSdNUD6JakjraE05KMHB0KwEUIvAEMceaIrp1q6BnVrEzRjdV +WMsagkvHiv4dUP8lT1DpCEhq7jHyzvHtFrrQq+SAHITgnYiENF6K89w2QLkqoK33 +Co/eerwMazO3+qxASYz7pFODPyVAsTIWvuWAJ6CmtubJBinjVnM= +=Z8CX +-----END PGP SIGNATURE----- diff --git a/openssl-3.changes b/openssl-3.changes index d28ac98..e274d88 100644 --- a/openssl-3.changes +++ b/openssl-3.changes @@ -1,3 +1,45 @@ +------------------------------------------------------------------- +Mon Oct 21 11:01:59 UTC 2024 - Pedro Monreal + +- Update to 3.1.7: + * Major changes between OpenSSL 3.1.6 and OpenSSL 3.1.7 [3 Sep 2024] + - Fixed possible denial of service in X.509 name checks (CVE-2024-6119) + - Fixed possible buffer overread in SSL_select_next_proto() + (CVE-2024-5535) + * Major changes between OpenSSL 3.1.5 and OpenSSL 3.1.6 [4 Jun 2024] + - Fixed potential use after free after SSL_free_buffers() is + called (CVE-2024-4741) + - Fixed an issue where checking excessively long DSA keys or + parameters may be very slow (CVE-2024-4603) + - Fixed unbounded memory growth with session handling in TLSv1.3 + (CVE-2024-2511) + * Major changes between OpenSSL 3.1.4 and OpenSSL 3.1.5 [30 Jan 2024] + - Fixed PKCS12 Decoding crashes (CVE-2024-0727) + - Fixed Excessive time spent checking invalid RSA public keys + [CVE-2023-6237) + - Fixed POLY1305 MAC implementation corrupting vector registers + on PowerPC CPUs which support PowerISA 2.07 (CVE-2023-6129) + - Fix excessive time spent in DH check / generation with large + Q parameter value (CVE-2023-5678) + * Update openssl.keyring with BA5473A2B0587B07FB27CF2D216094DFD0CB81EF + * Rebase patches: + - openssl-Force-FIPS.patch + - openssl-FIPS-embed-hmac.patch + - openssl-FIPS-services-minimize.patch + - openssl-FIPS-RSA-disable-shake.patch + - openssl-CVE-2023-50782.patch + * Remove patches fixed in the update: + - openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch + - openssl-CVE-2024-6119.patch openssl-CVE-2024-5535.patch + - openssl-CVE-2024-4741.patch openssl-CVE-2024-4603.patch + - openssl-CVE-2024-2511.patch openssl-CVE-2024-0727.patch + - openssl-CVE-2023-6237.patch openssl-CVE-2023-6129.patch + - openssl-CVE-2023-5678.patch + - openssl-Enable-BTI-feature-for-md5-on-aarch64.patch + - openssl-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch + - openssl-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch + - reproducible.patch + ------------------------------------------------------------------- Thu Oct 17 12:32:21 UTC 2024 - Pedro Monreal diff --git a/openssl-3.spec b/openssl-3.spec index 4b6c930..a2c9f53 100644 --- a/openssl-3.spec +++ b/openssl-3.spec @@ -28,7 +28,7 @@ Name: openssl-3 # Don't forget to update the version in the "openssl" meta-package! -Version: 3.1.4 +Version: 3.1.7 Release: 0 Summary: Secure Sockets and Transport Layer Security License: Apache-2.0 @@ -65,14 +65,6 @@ Patch13: openssl-ec-56-bit-Limb-Solinas-Strategy-for-secp384r1.patch Patch14: openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.patch Patch15: openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch Patch16: openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch -Patch17: openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch -# PATCH-FIX-UPSTREAM: bsc#1216922 CVE-2023-5678 Generating excessively long X9.42 DH keys or -# checking excessively long X9.42 DH keys or parameters may be very slow -Patch18: openssl-CVE-2023-5678.patch -# PATCH-FIX-UPSTREAM https://github.com/openssl/openssl/pull/22971 -Patch19: openssl-Enable-BTI-feature-for-md5-on-aarch64.patch -# PATCH-FIX-UPSTREAM: bsc#1218690 CVE-2023-6129 - POLY1305 MAC implementation corrupts vector registers on PowerPC -Patch20: openssl-CVE-2023-6129.patch # PATCH-FIX-FEDORA Load FIPS the provider and set FIPS properties implicitly Patch21: openssl-Force-FIPS.patch # PATCH-FIX-FEDORA Disable the fipsinstall command-line utility @@ -81,25 +73,8 @@ Patch22: openssl-disable-fipsinstall.patch Patch23: openssl-load-legacy-provider.patch # PATCH-FIX-FEDORA Embed the FIPS hmac Patch24: openssl-FIPS-embed-hmac.patch -# PATCH-FIX-UPSTREAM: bsc#1218810 CVE-2023-6237: Excessive time spent checking invalid RSA public keys -Patch25: openssl-CVE-2023-6237.patch # PATCH-FIX-SUSE bsc#1194187, bsc#1207472, bsc#1218933 - Add engines section in openssl.cnf Patch26: openssl-3-use-include-directive.patch -# PATCH-FIX-UPSTREAM: bsc#1219243 CVE-2024-0727: denial of service via null dereference -Patch27: openssl-CVE-2024-0727.patch -# PATCH-FIX-UPSTREAM: bsc#1222548 CVE-2024-2511: Unbounded memory growth with session handling in TLSv1.3 -Patch28: openssl-CVE-2024-2511.patch -# PATCH-FIX-UPSTREAM: bsc#1224388 CVE-2024-4603: excessive time spent checking DSA keys and parameters -Patch29: openssl-CVE-2024-4603.patch -# PATCH-FIX-UPSTREAM: bsc#1225291 NVMe/TCP TLS connection fails due to handshake failure -Patch30: openssl-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch -Patch31: openssl-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch -# PATCH-FIX-UPSTREAM bsc#1225551 CVE-2024-4741: use After Free with SSL_free_buffers -Patch32: openssl-CVE-2024-4741.patch -# PATCH-FIX-UPSTREAM: bsc#1223336 aes-gcm-avx512.pl: fix non-reproducibility issue -Patch33: reproducible.patch -# PATCH-FIX-UPSTREAM: bsc#1227138 CVE-2024-5535: SSL_select_next_proto buffer overread -Patch34: openssl-CVE-2024-5535.patch # PATCH-FIX-FEDORA bsc#1221786 FIPS: Use of non-Approved Elliptic Curves Patch35: openssl-Add-changes-to-ectest-and-eccurve.patch Patch36: openssl-Remove-EC-curves.patch @@ -165,8 +140,6 @@ Patch68: openssl-FIPS-enforce-security-checks-during-initialization.patch Patch69: openssl-3-FIPS-PCT_rsa_keygen.patch # PATCH-FIX-FEDORA bsc#1221365 FIPS: Deny SHA-1 signature verification in FIPS provider Patch70: openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch -# PATCH-FIX-UPSTREAM bsc#1229465 CVE-2024-6119: possible denial of service in X.509 name checks -Patch71: openssl-CVE-2024-6119.patch # PATCH-FIX-UPSTREAM bsc#1230698 CVE-2024-41996: Validation order of the DH public keys Patch72: openssl-CVE-2024-41996.patch # PATCH-FIX-UPSTREAM bsc#1220262 CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 @@ -474,7 +447,7 @@ fi %files %license LICENSE.txt -%doc CHANGES.md NEWS.md FAQ.md README.md +%doc CHANGES.md NEWS.md README.md %dir %{ssletcdir} %config %{ssletcdir}/openssl-orig.cnf %config (noreplace) %{ssletcdir}/openssl.cnf diff --git a/openssl-CVE-2023-50782.patch b/openssl-CVE-2023-50782.patch index d73988e..0556d9a 100644 --- a/openssl-CVE-2023-50782.patch +++ b/openssl-CVE-2023-50782.patch @@ -1,7 +1,7 @@ -Index: openssl-3.1.4/crypto/cms/cms_env.c +Index: openssl-3.1.7/crypto/cms/cms_env.c =================================================================== ---- openssl-3.1.4.orig/crypto/cms/cms_env.c -+++ openssl-3.1.4/crypto/cms/cms_env.c +--- openssl-3.1.7.orig/crypto/cms/cms_env.c ++++ openssl-3.1.7/crypto/cms/cms_env.c @@ -590,6 +590,13 @@ static int cms_RecipientInfo_ktri_decryp if (!ossl_cms_env_asn1_ctrl(ri, 1)) goto err; @@ -16,10 +16,10 @@ Index: openssl-3.1.4/crypto/cms/cms_env.c if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen, ktri->encryptedKey->data, ktri->encryptedKey->length) <= 0) -Index: openssl-3.1.4/crypto/evp/ctrl_params_translate.c +Index: openssl-3.1.7/crypto/evp/ctrl_params_translate.c =================================================================== ---- openssl-3.1.4.orig/crypto/evp/ctrl_params_translate.c -+++ openssl-3.1.4/crypto/evp/ctrl_params_translate.c +--- openssl-3.1.7.orig/crypto/evp/ctrl_params_translate.c ++++ openssl-3.1.7/crypto/evp/ctrl_params_translate.c @@ -2265,6 +2265,12 @@ static const struct translation_st evp_p EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL, OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL }, @@ -33,10 +33,10 @@ Index: openssl-3.1.4/crypto/evp/ctrl_params_translate.c { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN, EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL, OSSL_ALG_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, -Index: openssl-3.1.4/crypto/pkcs7/pk7_doit.c +Index: openssl-3.1.7/crypto/pkcs7/pk7_doit.c =================================================================== ---- openssl-3.1.4.orig/crypto/pkcs7/pk7_doit.c -+++ openssl-3.1.4/crypto/pkcs7/pk7_doit.c +--- openssl-3.1.7.orig/crypto/pkcs7/pk7_doit.c ++++ openssl-3.1.7/crypto/pkcs7/pk7_doit.c @@ -170,6 +170,13 @@ static int pkcs7_decrypt_rinfo(unsigned if (EVP_PKEY_decrypt_init(pctx) <= 0) goto err; @@ -51,10 +51,10 @@ Index: openssl-3.1.4/crypto/pkcs7/pk7_doit.c if (EVP_PKEY_decrypt(pctx, NULL, &eklen, ri->enc_key->data, ri->enc_key->length) <= 0) goto err; -Index: openssl-3.1.4/crypto/rsa/rsa_ossl.c +Index: openssl-3.1.7/crypto/rsa/rsa_ossl.c =================================================================== ---- openssl-3.1.4.orig/crypto/rsa/rsa_ossl.c -+++ openssl-3.1.4/crypto/rsa/rsa_ossl.c +--- openssl-3.1.7.orig/crypto/rsa/rsa_ossl.c ++++ openssl-3.1.7/crypto/rsa/rsa_ossl.c @@ -17,6 +17,9 @@ #include "crypto/bn.h" #include "rsa_local.h" @@ -209,10 +209,10 @@ Index: openssl-3.1.4/crypto/rsa/rsa_ossl.c BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); -Index: openssl-3.1.4/crypto/rsa/rsa_pk1.c +Index: openssl-3.1.7/crypto/rsa/rsa_pk1.c =================================================================== ---- openssl-3.1.4.orig/crypto/rsa/rsa_pk1.c -+++ openssl-3.1.4/crypto/rsa/rsa_pk1.c +--- openssl-3.1.7.orig/crypto/rsa/rsa_pk1.c ++++ openssl-3.1.7/crypto/rsa/rsa_pk1.c @@ -21,10 +21,14 @@ #include /* Just for the SSL_MAX_MASTER_KEY_LENGTH value */ @@ -483,10 +483,10 @@ Index: openssl-3.1.4/crypto/rsa/rsa_pk1.c /* * ossl_rsa_padding_check_PKCS1_type_2_TLS() checks and removes the PKCS1 type 2 * padding from a decrypted RSA message in a TLS signature. The result is stored -Index: openssl-3.1.4/crypto/rsa/rsa_pmeth.c +Index: openssl-3.1.7/crypto/rsa/rsa_pmeth.c =================================================================== ---- openssl-3.1.4.orig/crypto/rsa/rsa_pmeth.c -+++ openssl-3.1.4/crypto/rsa/rsa_pmeth.c +--- openssl-3.1.7.orig/crypto/rsa/rsa_pmeth.c ++++ openssl-3.1.7/crypto/rsa/rsa_pmeth.c @@ -52,6 +52,8 @@ typedef struct { /* OAEP label */ unsigned char *oaep_label; @@ -549,12 +549,12 @@ Index: openssl-3.1.4/crypto/rsa/rsa_pmeth.c case EVP_PKEY_CTRL_DIGESTINIT: case EVP_PKEY_CTRL_PKCS7_SIGN: #ifndef OPENSSL_NO_CMS -Index: openssl-3.1.4/doc/man1/openssl-pkeyutl.pod.in +Index: openssl-3.1.7/doc/man1/openssl-pkeyutl.pod.in =================================================================== ---- openssl-3.1.4.orig/doc/man1/openssl-pkeyutl.pod.in -+++ openssl-3.1.4/doc/man1/openssl-pkeyutl.pod.in +--- openssl-3.1.7.orig/doc/man1/openssl-pkeyutl.pod.in ++++ openssl-3.1.7/doc/man1/openssl-pkeyutl.pod.in @@ -240,6 +240,11 @@ signed or verified directly instead of u - digest is set then the a B structure is used and its the length + digest is set, then the B structure is used and its length must correspond to the digest type. +Note, for B padding, as a protection against Bleichenbacher attack, @@ -582,10 +582,10 @@ Index: openssl-3.1.4/doc/man1/openssl-pkeyutl.pod.in =back =head1 RSA-PSS ALGORITHM -Index: openssl-3.1.4/doc/man1/openssl-rsautl.pod.in +Index: openssl-3.1.7/doc/man1/openssl-rsautl.pod.in =================================================================== ---- openssl-3.1.4.orig/doc/man1/openssl-rsautl.pod.in -+++ openssl-3.1.4/doc/man1/openssl-rsautl.pod.in +--- openssl-3.1.7.orig/doc/man1/openssl-rsautl.pod.in ++++ openssl-3.1.7/doc/man1/openssl-rsautl.pod.in @@ -105,6 +105,11 @@ The padding to use: PKCS#1 v1.5 (the def ANSI X9.31, or no padding, respectively. For signatures, only B<-pkcs> and B<-raw> can be used. @@ -598,10 +598,10 @@ Index: openssl-3.1.4/doc/man1/openssl-rsautl.pod.in =item B<-hexdump> Hex dump the output data. -Index: openssl-3.1.4/doc/man3/EVP_PKEY_CTX_ctrl.pod +Index: openssl-3.1.7/doc/man3/EVP_PKEY_CTX_ctrl.pod =================================================================== ---- openssl-3.1.4.orig/doc/man3/EVP_PKEY_CTX_ctrl.pod -+++ openssl-3.1.4/doc/man3/EVP_PKEY_CTX_ctrl.pod +--- openssl-3.1.7.orig/doc/man3/EVP_PKEY_CTX_ctrl.pod ++++ openssl-3.1.7/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -393,6 +393,15 @@ this behaviour should be tolerated then OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION should be set to the actual negotiated protocol version. Otherwise it should be left unset. @@ -618,10 +618,10 @@ Index: openssl-3.1.4/doc/man3/EVP_PKEY_CTX_ctrl.pod =head2 DSA parameters EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used for DSA -Index: openssl-3.1.4/doc/man3/EVP_PKEY_decrypt.pod +Index: openssl-3.1.7/doc/man3/EVP_PKEY_decrypt.pod =================================================================== ---- openssl-3.1.4.orig/doc/man3/EVP_PKEY_decrypt.pod -+++ openssl-3.1.4/doc/man3/EVP_PKEY_decrypt.pod +--- openssl-3.1.7.orig/doc/man3/EVP_PKEY_decrypt.pod ++++ openssl-3.1.7/doc/man3/EVP_PKEY_decrypt.pod @@ -51,6 +51,18 @@ return 1 for success and 0 or a negative return value of -2 indicates the operation is not supported by the public key algorithm. @@ -641,10 +641,10 @@ Index: openssl-3.1.4/doc/man3/EVP_PKEY_decrypt.pod =head1 EXAMPLES Decrypt data using OAEP (for RSA keys): -Index: openssl-3.1.4/doc/man3/RSA_padding_add_PKCS1_type_1.pod +Index: openssl-3.1.7/doc/man3/RSA_padding_add_PKCS1_type_1.pod =================================================================== ---- openssl-3.1.4.orig/doc/man3/RSA_padding_add_PKCS1_type_1.pod -+++ openssl-3.1.4/doc/man3/RSA_padding_add_PKCS1_type_1.pod +--- openssl-3.1.7.orig/doc/man3/RSA_padding_add_PKCS1_type_1.pod ++++ openssl-3.1.7/doc/man3/RSA_padding_add_PKCS1_type_1.pod @@ -121,8 +121,8 @@ L. =head1 WARNINGS @@ -666,10 +666,10 @@ Index: openssl-3.1.4/doc/man3/RSA_padding_add_PKCS1_type_1.pod =head1 SEE ALSO L, -Index: openssl-3.1.4/doc/man3/RSA_public_encrypt.pod +Index: openssl-3.1.7/doc/man3/RSA_public_encrypt.pod =================================================================== ---- openssl-3.1.4.orig/doc/man3/RSA_public_encrypt.pod -+++ openssl-3.1.4/doc/man3/RSA_public_encrypt.pod +--- openssl-3.1.7.orig/doc/man3/RSA_public_encrypt.pod ++++ openssl-3.1.7/doc/man3/RSA_public_encrypt.pod @@ -52,8 +52,8 @@ Encrypting user data directly with RSA i =back @@ -695,10 +695,10 @@ Index: openssl-3.1.4/doc/man3/RSA_public_encrypt.pod =head1 CONFORMING TO SSL, PKCS #1 v2.0 -Index: openssl-3.1.4/doc/man7/provider-asym_cipher.pod +Index: openssl-3.1.7/doc/man7/provider-asym_cipher.pod =================================================================== ---- openssl-3.1.4.orig/doc/man7/provider-asym_cipher.pod -+++ openssl-3.1.4/doc/man7/provider-asym_cipher.pod +--- openssl-3.1.7.orig/doc/man7/provider-asym_cipher.pod ++++ openssl-3.1.7/doc/man7/provider-asym_cipher.pod @@ -234,6 +234,15 @@ The TLS protocol version first requested The negotiated TLS protocol version. @@ -715,10 +715,10 @@ Index: openssl-3.1.4/doc/man7/provider-asym_cipher.pod =back OSSL_FUNC_asym_cipher_gettable_ctx_params() and OSSL_FUNC_asym_cipher_settable_ctx_params() -Index: openssl-3.1.4/include/crypto/rsa.h +Index: openssl-3.1.7/include/crypto/rsa.h =================================================================== ---- openssl-3.1.4.orig/include/crypto/rsa.h -+++ openssl-3.1.4/include/crypto/rsa.h +--- openssl-3.1.7.orig/include/crypto/rsa.h ++++ openssl-3.1.7/include/crypto/rsa.h @@ -83,6 +83,10 @@ int ossl_rsa_param_decode(RSA *rsa, cons RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, OSSL_LIB_CTX *libctx, const char *propq); @@ -730,10 +730,10 @@ Index: openssl-3.1.4/include/crypto/rsa.h int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *ctx, unsigned char *to, size_t tlen, const unsigned char *from, -Index: openssl-3.1.4/include/openssl/core_names.h +Index: openssl-3.1.7/include/openssl/core_names.h =================================================================== ---- openssl-3.1.4.orig/include/openssl/core_names.h -+++ openssl-3.1.4/include/openssl/core_names.h +--- openssl-3.1.7.orig/include/openssl/core_names.h ++++ openssl-3.1.7/include/openssl/core_names.h @@ -299,6 +299,7 @@ extern "C" { #define OSSL_PKEY_PARAM_DIST_ID "distid" #define OSSL_PKEY_PARAM_PUB_KEY "pub" @@ -750,10 +750,10 @@ Index: openssl-3.1.4/include/openssl/core_names.h #ifdef FIPS_MODULE #define OSSL_ASYM_CIPHER_PARAM_SUSE_KAT_OEAP_SEED "suse-kat-oaep-seed" #endif -Index: openssl-3.1.4/include/openssl/rsa.h +Index: openssl-3.1.7/include/openssl/rsa.h =================================================================== ---- openssl-3.1.4.orig/include/openssl/rsa.h -+++ openssl-3.1.4/include/openssl/rsa.h +--- openssl-3.1.7.orig/include/openssl/rsa.h ++++ openssl-3.1.7/include/openssl/rsa.h @@ -189,6 +189,8 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) @@ -773,10 +773,10 @@ Index: openssl-3.1.4/include/openssl/rsa.h # define RSA_PKCS1_PADDING_SIZE 11 # define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) -Index: openssl-3.1.4/providers/implementations/asymciphers/rsa_enc.c +Index: openssl-3.1.7/providers/implementations/asymciphers/rsa_enc.c =================================================================== ---- openssl-3.1.4.orig/providers/implementations/asymciphers/rsa_enc.c -+++ openssl-3.1.4/providers/implementations/asymciphers/rsa_enc.c +--- openssl-3.1.7.orig/providers/implementations/asymciphers/rsa_enc.c ++++ openssl-3.1.7/providers/implementations/asymciphers/rsa_enc.c @@ -78,6 +78,8 @@ typedef struct { /* TLS padding */ unsigned int client_version; @@ -851,7 +851,7 @@ Index: openssl-3.1.4/providers/implementations/asymciphers/rsa_enc.c return 1; } -@@ -633,6 +654,7 @@ static const OSSL_PARAM known_settable_c +@@ -634,6 +655,7 @@ static const OSSL_PARAM known_settable_c OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, NULL, 0), OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), @@ -859,10 +859,10 @@ Index: openssl-3.1.4/providers/implementations/asymciphers/rsa_enc.c OSSL_PARAM_END }; -Index: openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +Index: openssl-3.1.7/test/recipes/30-test_evp_data/evppkey_rsa_common.txt =================================================================== ---- openssl-3.1.4.orig/test/recipes/30-test_evp_data/evppkey_rsa_common.txt -+++ openssl-3.1.4/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +--- openssl-3.1.7.orig/test/recipes/30-test_evp_data/evppkey_rsa_common.txt ++++ openssl-3.1.7/test/recipes/30-test_evp_data/evppkey_rsa_common.txt @@ -268,9 +268,25 @@ Decrypt = RSA-2048 Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78 Output = "Hello World" diff --git a/openssl-CVE-2023-5678.patch b/openssl-CVE-2023-5678.patch deleted file mode 100644 index f4cd8eb..0000000 --- a/openssl-CVE-2023-5678.patch +++ /dev/null @@ -1,172 +0,0 @@ -From ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 Mon Sep 17 00:00:00 2001 -From: Richard Levitte -Date: Fri, 20 Oct 2023 09:18:19 +0200 -Subject: [PATCH] Make DH_check_pub_key() and DH_generate_key() safer yet - -We already check for an excessively large P in DH_generate_key(), but not in -DH_check_pub_key(), and none of them check for an excessively large Q. - -This change adds all the missing excessive size checks of P and Q. - -It's to be noted that behaviours surrounding excessively sized P and Q -differ. DH_check() raises an error on the excessively sized P, but only -sets a flag for the excessively sized Q. This behaviour is mimicked in -DH_check_pub_key(). - -Reviewed-by: Tomas Mraz -Reviewed-by: Matt Caswell -Reviewed-by: Hugo Landau -(Merged from https://github.com/openssl/openssl/pull/22518) ---- - crypto/dh/dh_check.c | 12 ++++++++++++ - crypto/dh/dh_err.c | 3 ++- - crypto/dh/dh_key.c | 12 ++++++++++++ - crypto/err/openssl.txt | 1 + - include/crypto/dherr.h | 2 +- - include/openssl/dh.h | 6 +++--- - include/openssl/dherr.h | 3 ++- - 7 files changed, 33 insertions(+), 6 deletions(-) - -diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c -index 7ba2beae7fd6b..e20eb62081c5e 100644 ---- a/crypto/dh/dh_check.c -+++ b/crypto/dh/dh_check.c -@@ -249,6 +249,18 @@ int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key) - */ - int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) - { -+ /* Don't do any checks at all with an excessively large modulus */ -+ if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { -+ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); -+ *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID; -+ return 0; -+ } -+ -+ if (dh->params.q != NULL && BN_ucmp(dh->params.p, dh->params.q) < 0) { -+ *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID; -+ return 1; -+ } -+ - return ossl_ffc_validate_public_key(&dh->params, pub_key, ret); - } - -diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c -index 4152397426cc9..f76ac0dd1463f 100644 ---- a/crypto/dh/dh_err.c -+++ b/crypto/dh/dh_err.c -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -54,6 +54,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = { - {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), - "parameter encoding error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, -+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR), - "unable to check generator"}, -diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c -index d84ea99241b9e..afc49f5cdc87d 100644 ---- a/crypto/dh/dh_key.c -+++ b/crypto/dh/dh_key.c -@@ -49,6 +49,12 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - goto err; - } - -+ if (dh->params.q != NULL -+ && BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) { -+ ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE); -+ goto err; -+ } -+ - if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) { - ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL); - return 0; -@@ -267,6 +273,12 @@ static int generate_key(DH *dh) - return 0; - } - -+ if (dh->params.q != NULL -+ && BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) { -+ ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE); -+ return 0; -+ } -+ - if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) { - ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL); - return 0; -diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index a1e6bbb617fcb..69e4f61aa1801 100644 ---- a/crypto/err/openssl.txt -+++ b/crypto/err/openssl.txt -@@ -513,6 +513,7 @@ DH_R_NO_PARAMETERS_SET:107:no parameters set - DH_R_NO_PRIVATE_VALUE:100:no private value - DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error - DH_R_PEER_KEY_ERROR:111:peer key error -+DH_R_Q_TOO_LARGE:130:q too large - DH_R_SHARED_INFO_ERROR:113:shared info error - DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator - DSA_R_BAD_FFC_PARAMETERS:114:bad ffc parameters -diff --git a/include/crypto/dherr.h b/include/crypto/dherr.h -index bb24d131eb887..519327f795742 100644 ---- a/include/crypto/dherr.h -+++ b/include/crypto/dherr.h -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -diff --git a/include/openssl/dh.h b/include/openssl/dh.h -index 8bc17448a0817..f1c0ed06b375a 100644 ---- a/include/openssl/dh.h -+++ b/include/openssl/dh.h -@@ -144,7 +144,7 @@ DECLARE_ASN1_ITEM(DHparams) - # define DH_GENERATOR_3 3 - # define DH_GENERATOR_5 5 - --/* DH_check error codes */ -+/* DH_check error codes, some of them shared with DH_check_pub_key */ - /* - * NB: These values must align with the equivalently named macros in - * internal/ffc.h. -@@ -154,10 +154,10 @@ DECLARE_ASN1_ITEM(DHparams) - # define DH_UNABLE_TO_CHECK_GENERATOR 0x04 - # define DH_NOT_SUITABLE_GENERATOR 0x08 - # define DH_CHECK_Q_NOT_PRIME 0x10 --# define DH_CHECK_INVALID_Q_VALUE 0x20 -+# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */ - # define DH_CHECK_INVALID_J_VALUE 0x40 - # define DH_MODULUS_TOO_SMALL 0x80 --# define DH_MODULUS_TOO_LARGE 0x100 -+# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */ - - /* DH_check_pub_key error codes */ - # define DH_CHECK_PUBKEY_TOO_SMALL 0x01 -diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h -index 5d2a762a96f8c..074a70145f9f5 100644 ---- a/include/openssl/dherr.h -+++ b/include/openssl/dherr.h -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -50,6 +50,7 @@ - # define DH_R_NO_PRIVATE_VALUE 100 - # define DH_R_PARAMETER_ENCODING_ERROR 105 - # define DH_R_PEER_KEY_ERROR 111 -+# define DH_R_Q_TOO_LARGE 130 - # define DH_R_SHARED_INFO_ERROR 113 - # define DH_R_UNABLE_TO_CHECK_GENERATOR 121 - diff --git a/openssl-CVE-2023-6129.patch b/openssl-CVE-2023-6129.patch deleted file mode 100644 index 84cdec0..0000000 --- a/openssl-CVE-2023-6129.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 050d26383d4e264966fb83428e72d5d48f402d35 Mon Sep 17 00:00:00 2001 -From: Rohan McLure -Date: Thu, 4 Jan 2024 10:25:50 +0100 -Subject: [PATCH] poly1305-ppc.pl: Fix vector register clobbering - -Fixes CVE-2023-6129 - -The POLY1305 MAC (message authentication code) implementation in OpenSSL for -PowerPC CPUs saves the the contents of vector registers in different order -than they are restored. Thus the contents of some of these vector registers -is corrupted when returning to the caller. The vulnerable code is used only -on newer PowerPC processors supporting the PowerISA 2.07 instructions. - -Reviewed-by: Matt Caswell -Reviewed-by: Richard Levitte -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/23200) - -(cherry picked from commit 8d847a3ffd4f0b17ee33962cf69c36224925b34f) ---- - crypto/poly1305/asm/poly1305-ppc.pl | 42 ++++++++++++++--------------- - 1 file changed, 21 insertions(+), 21 deletions(-) - -diff --git a/crypto/poly1305/asm/poly1305-ppc.pl b/crypto/poly1305/asm/poly1305-ppc.pl -index 9f86134d923fb..2e601bb9c24be 100755 ---- a/crypto/poly1305/asm/poly1305-ppc.pl -+++ b/crypto/poly1305/asm/poly1305-ppc.pl -@@ -744,7 +744,7 @@ - my $LOCALS= 6*$SIZE_T; - my $VSXFRAME = $LOCALS + 6*$SIZE_T; - $VSXFRAME += 128; # local variables -- $VSXFRAME += 13*16; # v20-v31 offload -+ $VSXFRAME += 12*16; # v20-v31 offload - - my $BIG_ENDIAN = ($flavour !~ /le/) ? 4 : 0; - -@@ -919,12 +919,12 @@ - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 -- stvx v23,r10,$sp -- addi r10,r10,32 -- stvx v24,r11,$sp -+ stvx v23,r11,$sp - addi r11,r11,32 -- stvx v25,r10,$sp -+ stvx v24,r10,$sp - addi r10,r10,32 -+ stvx v25,r11,$sp -+ addi r11,r11,32 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp -@@ -1153,12 +1153,12 @@ - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 -- stvx v23,r10,$sp -- addi r10,r10,32 -- stvx v24,r11,$sp -+ stvx v23,r11,$sp - addi r11,r11,32 -- stvx v25,r10,$sp -+ stvx v24,r10,$sp - addi r10,r10,32 -+ stvx v25,r11,$sp -+ addi r11,r11,32 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp -@@ -1899,26 +1899,26 @@ - mtspr 256,r12 # restore vrsave - lvx v20,r10,$sp - addi r10,r10,32 -- lvx v21,r10,$sp -- addi r10,r10,32 -- lvx v22,r11,$sp -+ lvx v21,r11,$sp - addi r11,r11,32 -- lvx v23,r10,$sp -+ lvx v22,r10,$sp - addi r10,r10,32 -- lvx v24,r11,$sp -+ lvx v23,r11,$sp - addi r11,r11,32 -- lvx v25,r10,$sp -+ lvx v24,r10,$sp - addi r10,r10,32 -- lvx v26,r11,$sp -+ lvx v25,r11,$sp - addi r11,r11,32 -- lvx v27,r10,$sp -+ lvx v26,r10,$sp - addi r10,r10,32 -- lvx v28,r11,$sp -+ lvx v27,r11,$sp - addi r11,r11,32 -- lvx v29,r10,$sp -+ lvx v28,r10,$sp - addi r10,r10,32 -- lvx v30,r11,$sp -- lvx v31,r10,$sp -+ lvx v29,r11,$sp -+ addi r11,r11,32 -+ lvx v30,r10,$sp -+ lvx v31,r11,$sp - $POP r27,`$VSXFRAME-$SIZE_T*5`($sp) - $POP r28,`$VSXFRAME-$SIZE_T*4`($sp) - $POP r29,`$VSXFRAME-$SIZE_T*3`($sp) diff --git a/openssl-CVE-2023-6237.patch b/openssl-CVE-2023-6237.patch deleted file mode 100644 index 17459be..0000000 --- a/openssl-CVE-2023-6237.patch +++ /dev/null @@ -1,122 +0,0 @@ -From 18c02492138d1eb8b6548cb26e7b625fb2414a2a Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Fri, 22 Dec 2023 16:25:56 +0100 -Subject: [PATCH] Limit the execution time of RSA public key check - -Fixes CVE-2023-6237 - -If a large and incorrect RSA public key is checked with -EVP_PKEY_public_check() the computation could take very long time -due to no limit being applied to the RSA public key size and -unnecessarily high number of Miller-Rabin algorithm rounds -used for non-primality check of the modulus. - -Now the keys larger than 16384 bits (OPENSSL_RSA_MAX_MODULUS_BITS) -will fail the check with RSA_R_MODULUS_TOO_LARGE error reason. -Also the number of Miller-Rabin rounds was set to 5. - -Reviewed-by: Neil Horman -Reviewed-by: Matt Caswell -(Merged from https://github.com/openssl/openssl/pull/23243) - -(cherry picked from commit e09fc1d746a4fd15bb5c3d7bbbab950aadd005db) ---- - crypto/rsa/rsa_sp800_56b_check.c | 8 +++- - test/recipes/91-test_pkey_check.t | 2 +- - .../91-test_pkey_check_data/rsapub_17k.pem | 48 +++++++++++++++++++ - 3 files changed, 56 insertions(+), 2 deletions(-) - create mode 100644 test/recipes/91-test_pkey_check_data/rsapub_17k.pem - -diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c -index fc8f19b48770b..bcbdd24fb8199 100644 ---- a/crypto/rsa/rsa_sp800_56b_check.c -+++ b/crypto/rsa/rsa_sp800_56b_check.c -@@ -289,6 +289,11 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa) - return 0; - - nbits = BN_num_bits(rsa->n); -+ if (nbits > OPENSSL_RSA_MAX_MODULUS_BITS) { -+ ERR_raise(ERR_LIB_RSA, RSA_R_MODULUS_TOO_LARGE); -+ return 0; -+ } -+ - #ifdef FIPS_MODULE - /* - * (Step a): modulus must be 2048 or 3072 (caveat from SP800-56Br1) -@@ -324,7 +329,8 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa) - goto err; - } - -- ret = ossl_bn_miller_rabin_is_prime(rsa->n, 0, ctx, NULL, 1, &status); -+ /* Highest number of MR rounds from FIPS 186-5 Section B.3 Table B.1 */ -+ ret = ossl_bn_miller_rabin_is_prime(rsa->n, 5, ctx, NULL, 1, &status); - #ifdef FIPS_MODULE - if (ret != 1 || status != BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME) { - #else -diff --git a/test/recipes/91-test_pkey_check.t b/test/recipes/91-test_pkey_check.t -index dc7cc64533af2..f8088df14d36c 100644 ---- a/test/recipes/91-test_pkey_check.t -+++ b/test/recipes/91-test_pkey_check.t -@@ -70,7 +70,7 @@ push(@positive_tests, ( - "dhpkey.pem" - )) unless disabled("dh"); - --my @negative_pubtests = (); -+my @negative_pubtests = ("rsapub_17k.pem"); # Too big RSA public key - - push(@negative_pubtests, ( - "dsapub_noparam.der" -diff --git a/test/recipes/91-test_pkey_check_data/rsapub_17k.pem b/test/recipes/91-test_pkey_check_data/rsapub_17k.pem -new file mode 100644 -index 0000000000000..9a2eaedaf1b22 ---- /dev/null -+++ b/test/recipes/91-test_pkey_check_data/rsapub_17k.pem -@@ -0,0 +1,48 @@ -+-----BEGIN PUBLIC KEY----- -+MIIIbzANBgkqhkiG9w0BAQEFAAOCCFwAMIIIVwKCCE4Ang+cE5H+hg3RbapDAHqR -+B9lUnp2MlAwsZxQ/FhYepaR60bFQeumbu7817Eo5YLMObVI99hF1C4u/qcpD4Jph -+gZt87/JAYDbP+DIh/5gUXCL9m5Fp4u7mvZaZdnlcftBvR1uKUTCAwc9pZ/Cfr8W2 -+GzrRODzsNYnk2DcZMfe2vRDuDZRopE+Y+I72rom2SZLxoN547N1daM/M/CL9KVQ/ -+XMI/YOpJrBI0jI3brMRhLkvLckwies9joufydlGbJkeil9H7/grj3fQZtFkZ2Pkj -+b87XDzRVX7wsEpAgPJxskL3jApokCp1kQYKG+Uc3dKM9Ade6IAPK7VKcmbAQTYw2 -+gZxsc28dtstazmfGz0ACCTSMrmbgWAM3oPL7RRzhrXDWgmYQ0jHefGh8SNTIgtPq -+TuHxPYkDMQNaf0LmDGCxqlnf4b5ld3YaU8zZ/RqIRx5v/+w0rJUvU53qY1bYSnL1 -+vbqKSnN2mip0GYyQ4AUgkS1NBV4rGYU/VTvzEjLfkg02KOtHKandvEoUjmZPzCT0 -+V2ZhGc8K1UJNGYlIiHqCdwCBoghvly/pYajTkDXyd6BsukzA5H3IkZB1xDgl035j -+/0Cr7QeZLEOdi9fPdSSaBT6OmD0WFuZfJF0wMr7ucRhWzPXvSensD9v7MBE7tNfH -+SLeTSx8tLt8UeWriiM+0CnkPR1IOqMOxubOyf1eV8NQqEWm5wEQG/0IskbOKnaHa -+PqLFJZn/bvyL3XK5OxVIJG3z6bnRDOMS9SzkjqgPdIO8tkySEHVSi/6iuGUltx3Y -+Fmq6ye/r34ekyHPbfn6UuTON7joM6SIXb5bHM64x4iMVWx4hMvDjfy0UqfywAUyu -+C1o7BExSMxxFG8GJcqR0K8akpPp7EM588PC+YuItoxzXgfUJnP3BQ1Beev2Ve7/J -+xeGZH0N4ntfr+cuaLAakAER9zDglwChWflw3NNFgIdAgSxXv3XXx5xDXpdP4lxUo -+F5zAN4Mero3yV90FaJl7Vhq/UFVidbwFc15jUDwaE0mKRcsBeVd3GOhoECAgE0id -+aIPT20z8oVY0FyTJlRk7QSjo8WjJSrHY/Fn14gctX07ZdfkufyL6w+NijBdYluvB -+nIrgHEvpkDEWoIa8qcx0EppoIcmqgMV2mTShfFYSybsO33Pm8WXec2FXjwhzs1Pi -+R/BuIW8rHPI67xqWm0h8dEw11vtfi9a/BBBikFHe59KBjMTG+lW/gADNvRoTzGh7 -+kN4+UVDS3jlSisRZZOn1XoeQtpubNYWgUsecjKy45IwIj8h1SHgn3wkmUesY0woN -+mOdoNtq+NezN4RFtbCOHhxFVpKKDi/HQP2ro0ykkXMDjwEIVf2Lii1Mg9UP8m+Ux -+AOqkTrIkdogkRx+70h7/wUOfDIFUq2JbKzqxJYamyEphcdAko7/B8efQKc61Z93O -+f2SHa4++4WI7wIIx18v5KV4M/cRmrfc8w9WRkQN3gBT5AJMuqwcSHVXBWvNQeGmi -+ScMh7X6cCZ0daEujqb8svq4WgsJ8UT4GaGBRIYtt7QUKEh+JQwNJzneRYZ3pzpaH -+UJeeoYobMlkp3rM9cYzdq90nBQiI9Jsbim9m9ggb2dMOS5CsI9S/IuG2O5uTjfxx -+wkwsd5nLDFtNXHYZ7W6XlVJ1Rc6zShnEmdCn3mmibb6OaMUmun2yl9ryEjVSoXLP -+fSA8W9K9yNhKTRkzdXJfqlC+s/ovX2xBGxsuOoUDaXhRVz0qmpKIHeSFjIP4iXq4 -+y8gDiwvM3HbZfvVonbg6siPwpn4uvw3hesojk1DKAENS52i6U3uK2fs1ALVxsFNS -+Yh914rDu0Q3e4RXVhURaYzoEbLCot6WGYeCCfQOK0rkETMv+sTYYscC8/THuW7SL -+HG5zy9Ed95N1Xmf8J+My7gM7ZFodGdHsWvdzEmqsdOFh6IVx/VfHFX0MDBq0t6lZ -+eRvVgVCfu3gkYLwPScn/04E02vOom51ISKHsF/I11erC66jjNYV9BSpH8O7sAHxZ -+EmPT2ZVVRSgivOHdQW/FZ3UZQQhVaVSympo2Eb4yWEMFn84Q8T+9Honj6gnB5PXz -+chmeCsOMlcg1mwWwhn0k+OAWEZy7VRUk5Ahp0fBAGJgwBdqrZ3kM356DjUkVBiYq -+4eHyvafNKmjf2mnFsI3g2NKRNyl1Lh63wyCFx60yYvBUfXF/W9PFJbD9CiP83kEW -+gV36gxTsbOSfhpO1OXR90ODy0kx06XzWmJCUugK8u9bx4F/CjV+LIHExuNJiethC -+A8sIup/MT0fWp4RO/SsVblGqfoqJTaPnhptQzeH2N07pbWkxeMuL6ppPuwFmfVjK -+FJndqCVrAukcPEOQ16iVURuloJMudqYRc9QKkJFsnv0W/iMNbqQGmXe8Q/5qFiys -+26NIQBiE2ad9hNLnoccEnmYSRgnW3ZPSKuq5TDdYyDqTZH2r8cam65pr3beKw2XC -+xw4cc7VaxiwGC2Mg2wRmwwPaTjrcEt6sMa3RjwFEVBxBFyM26wnTEZsTBquCxV0J -+pgERaeplkixP2Q0m7XAdlDaob973SM2vOoUgypzDchWmpx7u775bnOfU5CihwXl+ -+k0i09WZuT8bPmhEAiGCw5sNzMkz1BC2cCZFfJIkE2vc/wXYOrGxBTJo0EKaUFswa -+2dnP/u0bn+VksBUM7ywW9LJSXh4mN+tpzdeJtxEObKwX1I0dQxSPWmjd2++wMr9q -+Unre5fCrDToy2H7C2VKSpuOCT2/Kv4JDQRWwI4KxQOpn0UknAGNmfBoTtpIZ3LEb -+77oBUJdMQD7tQBBLL0a6f1TdK0dHVprWWawJ+gGFMiMQXqAqblHcxFKWuHv9bQID -+AQAB -+-----END PUBLIC KEY----- diff --git a/openssl-CVE-2024-0727.patch b/openssl-CVE-2024-0727.patch deleted file mode 100644 index 6e1eb5b..0000000 --- a/openssl-CVE-2024-0727.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 09df4395b5071217b76dc7d3d2e630eb8c5a79c2 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 19 Jan 2024 11:28:58 +0000 -Subject: [PATCH] Add NULL checks where ContentInfo data can be NULL - -PKCS12 structures contain PKCS7 ContentInfo fields. These fields are -optional and can be NULL even if the "type" is a valid value. OpenSSL -was not properly accounting for this and a NULL dereference can occur -causing a crash. - -CVE-2024-0727 - -Reviewed-by: Tomas Mraz -Reviewed-by: Hugo Landau -Reviewed-by: Neil Horman -(Merged from https://github.com/openssl/openssl/pull/23362) - -(cherry picked from commit d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c) ---- - crypto/pkcs12/p12_add.c | 18 ++++++++++++++++++ - crypto/pkcs12/p12_mutl.c | 5 +++++ - crypto/pkcs12/p12_npas.c | 5 +++-- - crypto/pkcs7/pk7_mime.c | 7 +++++-- - 4 files changed, 31 insertions(+), 4 deletions(-) - -diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c -index 6fd4184af5a52..80ce31b3bca66 100644 ---- a/crypto/pkcs12/p12_add.c -+++ b/crypto/pkcs12/p12_add.c -@@ -78,6 +78,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA); - return NULL; - } -+ -+ if (p7->d.data == NULL) { -+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR); -+ return NULL; -+ } -+ - return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); - } - -@@ -150,6 +156,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, - { - if (!PKCS7_type_is_encrypted(p7)) - return NULL; -+ -+ if (p7->d.encrypted == NULL) { -+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR); -+ return NULL; -+ } -+ - return PKCS12_item_decrypt_d2i_ex(p7->d.encrypted->enc_data->algorithm, - ASN1_ITEM_rptr(PKCS12_SAFEBAGS), - pass, passlen, -@@ -188,6 +200,12 @@ STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12) - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA); - return NULL; - } -+ -+ if (p12->authsafes->d.data == NULL) { -+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR); -+ return NULL; -+ } -+ - p7s = ASN1_item_unpack(p12->authsafes->d.data, - ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); - if (p7s != NULL) { -diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c -index 67a885a45f89e..68ff54d0e90ee 100644 ---- a/crypto/pkcs12/p12_mutl.c -+++ b/crypto/pkcs12/p12_mutl.c -@@ -98,6 +98,11 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - return 0; - } - -+ if (p12->authsafes->d.data == NULL) { -+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR); -+ return 0; -+ } -+ - salt = p12->mac->salt->data; - saltlen = p12->mac->salt->length; - if (p12->mac->iter == NULL) -diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c -index 62230bc6187ff..1e5b5495991a4 100644 ---- a/crypto/pkcs12/p12_npas.c -+++ b/crypto/pkcs12/p12_npas.c -@@ -77,8 +77,9 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) - bags = PKCS12_unpack_p7data(p7); - } else if (bagnid == NID_pkcs7_encrypted) { - bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); -- if (!alg_get(p7->d.encrypted->enc_data->algorithm, -- &pbe_nid, &pbe_iter, &pbe_saltlen)) -+ if (p7->d.encrypted == NULL -+ || !alg_get(p7->d.encrypted->enc_data->algorithm, -+ &pbe_nid, &pbe_iter, &pbe_saltlen)) - goto err; - } else { - continue; -diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c -index 49a0da5f819c4..8228315eeaa3a 100644 ---- a/crypto/pkcs7/pk7_mime.c -+++ b/crypto/pkcs7/pk7_mime.c -@@ -33,10 +33,13 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) - int ctype_nid = OBJ_obj2nid(p7->type); - const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7); - -- if (ctype_nid == NID_pkcs7_signed) -+ if (ctype_nid == NID_pkcs7_signed) { -+ if (p7->d.sign == NULL) -+ return 0; - mdalgs = p7->d.sign->md_algs; -- else -+ } else { - mdalgs = NULL; -+ } - - flags ^= SMIME_OLDMIME; - diff --git a/openssl-CVE-2024-2511.patch b/openssl-CVE-2024-2511.patch deleted file mode 100644 index 0ffdd7f..0000000 --- a/openssl-CVE-2024-2511.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 7e4d731b1c07201ad9374c1cd9ac5263bdf35bce Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Tue, 5 Mar 2024 15:43:53 +0000 -Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3 - -In TLSv1.3 we create a new session object for each ticket that we send. -We do this by duplicating the original session. If SSL_OP_NO_TICKET is in -use then the new session will be added to the session cache. However, if -early data is not in use (and therefore anti-replay protection is being -used), then multiple threads could be resuming from the same session -simultaneously. If this happens and a problem occurs on one of the threads, -then the original session object could be marked as not_resumable. When we -duplicate the session object this not_resumable status gets copied into the -new session object. The new session object is then added to the session -cache even though it is not_resumable. - -Subsequently, another bug means that the session_id_length is set to 0 for -sessions that are marked as not_resumable - even though that session is -still in the cache. Once this happens the session can never be removed from -the cache. When that object gets to be the session cache tail object the -cache never shrinks again and grows indefinitely. - -CVE-2024-2511 - -Reviewed-by: Neil Horman -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24044) ---- - ssl/ssl_lib.c | 5 +++-- - ssl/ssl_sess.c | 28 ++++++++++++++++++++++------ - ssl/statem/statem_srvr.c | 5 ++--- - 3 files changed, 27 insertions(+), 11 deletions(-) - -diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index b5cc4af2f0302..e747b7f90aa71 100644 ---- a/ssl/ssl_lib.c -+++ b/ssl/ssl_lib.c -@@ -3737,9 +3737,10 @@ void ssl_update_cache(SSL *s, int mode) - - /* - * If the session_id_length is 0, we are not supposed to cache it, and it -- * would be rather hard to do anyway :-) -+ * would be rather hard to do anyway :-). Also if the session has already -+ * been marked as not_resumable we should not cache it for later reuse. - */ -- if (s->session->session_id_length == 0) -+ if (s->session->session_id_length == 0 || s->session->not_resumable) - return; - - /* -diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c -index bf84e792251b8..241cf43c46296 100644 ---- a/ssl/ssl_sess.c -+++ b/ssl/ssl_sess.c -@@ -154,16 +154,11 @@ SSL_SESSION *SSL_SESSION_new(void) - return ss; - } - --SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) --{ -- return ssl_session_dup(src, 1); --} -- - /* - * Create a new SSL_SESSION and duplicate the contents of |src| into it. If - * ticket == 0 then no ticket information is duplicated, otherwise it is. - */ --SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) -+static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) - { - SSL_SESSION *dest; - -@@ -287,6 +282,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) - return NULL; - } - -+SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) -+{ -+ return ssl_session_dup_intern(src, 1); -+} -+ -+/* -+ * Used internally when duplicating a session which might be already shared. -+ * We will have resumed the original session. Subsequently we might have marked -+ * it as non-resumable (e.g. in another thread) - but this copy should be ok to -+ * resume from. -+ */ -+SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) -+{ -+ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket); -+ -+ if (sess != NULL) -+ sess->not_resumable = 0; -+ -+ return sess; -+} -+ - const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) - { - if (len) -diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c -index 5d59d53563ed8..8e493176f658e 100644 ---- a/ssl/statem/statem_srvr.c -+++ b/ssl/statem/statem_srvr.c -@@ -2338,9 +2338,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) - * so the following won't overwrite an ID that we're supposed - * to send back. - */ -- if (s->session->not_resumable || -- (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) -- && !s->hit)) -+ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) -+ && !s->hit) - s->session->session_id_length = 0; - - if (usetls13) { diff --git a/openssl-CVE-2024-4603.patch b/openssl-CVE-2024-4603.patch deleted file mode 100644 index 23fa5d3..0000000 --- a/openssl-CVE-2024-4603.patch +++ /dev/null @@ -1,199 +0,0 @@ -From 9c39b3858091c152f52513c066ff2c5a47969f0d Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Wed, 8 May 2024 15:23:45 +0200 -Subject: [PATCH] Check DSA parameters for excessive sizes before validating - -This avoids overly long computation of various validation -checks. - -Fixes CVE-2024-4603 - -Reviewed-by: Paul Dale -Reviewed-by: Matt Caswell -Reviewed-by: Neil Horman -Reviewed-by: Shane Lontis -(Merged from https://github.com/openssl/openssl/pull/24346) - -(cherry picked from commit 85ccbab216da245cf9a6503dd327072f21950d9b) ---- - CHANGES.md | 17 ++++++ - crypto/dsa/dsa_check.c | 44 ++++++++++++-- - .../invalid/p10240_q256_too_big.pem | 57 +++++++++++++++++++ - 3 files changed, 114 insertions(+), 4 deletions(-) - create mode 100644 test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem - -Index: openssl-3.1.4/crypto/dsa/dsa_check.c -=================================================================== ---- openssl-3.1.4.orig/crypto/dsa/dsa_check.c -+++ openssl-3.1.4/crypto/dsa/dsa_check.c -@@ -19,8 +19,34 @@ - #include "dsa_local.h" - #include "crypto/dsa.h" - -+static int dsa_precheck_params(const DSA *dsa, int *ret) -+{ -+ if (dsa->params.p == NULL || dsa->params.q == NULL) { -+ ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS); -+ *ret = FFC_CHECK_INVALID_PQ; -+ return 0; -+ } -+ -+ if (BN_num_bits(dsa->params.p) > OPENSSL_DSA_MAX_MODULUS_BITS) { -+ ERR_raise(ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE); -+ *ret = FFC_CHECK_INVALID_PQ; -+ return 0; -+ } -+ -+ if (BN_num_bits(dsa->params.q) >= BN_num_bits(dsa->params.p)) { -+ ERR_raise(ERR_LIB_DSA, DSA_R_BAD_Q_VALUE); -+ *ret = FFC_CHECK_INVALID_PQ; -+ return 0; -+ } -+ -+ return 1; -+} -+ - int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret) - { -+ if (!dsa_precheck_params(dsa, ret)) -+ return 0; -+ - if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK) - return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params, - FFC_PARAM_TYPE_DSA, ret); -@@ -39,6 +65,9 @@ int ossl_dsa_check_params(const DSA *dsa - */ - int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) - { -+ if (!dsa_precheck_params(dsa, ret)) -+ return 0; -+ - return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret) - && *ret == 0; - } -@@ -50,6 +79,9 @@ int ossl_dsa_check_pub_key(const DSA *ds - */ - int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret) - { -+ if (!dsa_precheck_params(dsa, ret)) -+ return 0; -+ - return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret) - && *ret == 0; - } -@@ -58,8 +90,10 @@ int ossl_dsa_check_priv_key(const DSA *d - { - *ret = 0; - -- return (dsa->params.q != NULL -- && ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret)); -+ if (!dsa_precheck_params(dsa, ret)) -+ return 0; -+ -+ return ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret); - } - - /* -@@ -72,8 +106,10 @@ int ossl_dsa_check_pairwise(const DSA *d - BN_CTX *ctx = NULL; - BIGNUM *pub_key = NULL; - -- if (dsa->params.p == NULL -- || dsa->params.g == NULL -+ if (!dsa_precheck_params(dsa, &ret)) -+ return 0; -+ -+ if (dsa->params.g == NULL - || dsa->priv_key == NULL - || dsa->pub_key == NULL) - return 0; -Index: openssl-3.1.4/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem -=================================================================== ---- /dev/null -+++ openssl-3.1.4/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem -@@ -0,0 +1,57 @@ -+-----BEGIN DSA PARAMETERS----- -+MIIKLAKCBQEAym47LzPFZdbz16WvjczLKuzLtsP8yRk/exxL4bBthJhP1qOwctja -+p1586SF7gDxCMn7yWVEYdfRbFefGoq0gj1XOE917XqlbnkmZhMgxut2KbNJo/xil -+XNFUjGvKs3F413U9rAodC8f07cWHP1iTcWL+vPe6u2yilKWYYfnLWHQH+Z6aPrrF -+x/R08LI6DZ6nEsIo+hxaQnEtx+iqNTJC6Q1RIjWDqxQkFVTkJ0Y7miRDXmRdneWk -+oLrMZRpaXr5l5tSjEghh1pBgJcdyOv0lh4dlDy/alAiqE2Qlb667yHl6A9dDPlpW -+dAntpffy4LwOxfbuEhISvKjjQoBwIvYE4TBPqL0Q6bC6HgQ4+tqd9b44pQjdIQjb -+Xcjc6azheITSnPEex3OdKtKoQeRq01qCeLBpMXu1c+CTf4ApKArZvT3vZSg0hM1O -+pR71bRZrEEegDj0LH2HCgI5W6H3blOS9A0kUTddCoQXr2lsVdiPtRbPKH1gcd9FQ -+P8cGrvbakpTiC0dCczOMDaCteM1QNILlkM7ZoV6VghsKvDnFPxFsiIr5GgjasXP5 -+hhbn3g7sDoq1LiTEo+IKQY28pBWx7etSOSRuXW/spnvCkivZla7lSEGljoy9QlQ2 -+UZmsEQI9G3YyzgpxHvKZBK1CiZVTywdYKTZ4TYCxvqzhYhjv2bqbpjI12HRFLojB -+koyEmMSp53lldCzp158PrIanqSp2rksMR8SmmCL3FwfAp2OjqFMEglG9DT8x0WaN -+TLSkjGC6t2csMte7WyU1ekNoFDKfMjDSAz0+xIx21DEmZtYqFOg1DNPK1xYLS0pl -+RSMRRkJVN2mk/G7/1oxlB8Wb9wgi3GKUqqCYT11SnBjzq0NdoJ3E4GMedp5Lx3AZ -+4mFuRPUd4iV86tE0XDSHSFE7Y3ZkrOjD7Q/26/L53L/UH5z4HW6CHP5os7QERJjg -+c1S3x87wXWo9QXbB9b2xmf+c+aWwAAr1cviw38tru58jF3/IGyduj9H8claKQqBG -+cIOUF4aNe1hK2K3ArAOApUxr4KE+tCvrltRfiTmVFip0g9Jt1CPY3Zu7Bd4Z2ZkE -+DtSztpwa49HrWF5E9xpquvBL2U8jQ68E7Xd8Wp4orI/TIChriamBmdkgRz3H2LvN -+Ozb6+hsnEGrz3sp2RVAToSqA9ysa6nHZdfufPNtMEbQdO/k1ehmGRb0ljBRsO6b2 -+rsG2eYuC8tg8eCrIkua0TGRI7g6a4K32AJdzaX6NsISaaIW+OYJuoDSscvD3oOg8 -+PPEhU+zM7xJskTA+jxvPlikKx8V7MNHOCQECldJlUBwzJvqp40JvwfnDsF+8VYwd -+UaiieR3pzMzyTjpReXRmZbnRPusRcsVzxb2OhB79wmuy4UPjjQBX+7eD0rs8xxvW -+5a5q1Cjq4AvbwmmcA/wDrHDOjcbD/zodad2O1QtBWa/R4xyWea4zKsflgACE1zY9 -+wW2br7+YQFekcrXkkkEzgxd6zxv8KVEDpXRZjmAM1cI5LvkoN64To4GedN8Qe/G7 -+R9SZh9gnS17PTP64hK+aYqhFafMdu87q/+qLfxaSux727qE5hiW01u4nnWhACf9s -+xuOozowKqxZxkolMIyZv6Lddwy1Zv5qjCyd0DvM/1skpXWkb9kfabYC+OhjsjVhs -+0Ktfs6a5B3eixiw5x94hhIcTEcS4hmvhGUL72FiTca6ZeSERTKmNBy8CIQC9/ZUN -+uU/V5JTcnYyUGHzm7+XcZBjyGBagBj9rCmW3SQKCBQAJ/k9rb39f1cO+/3XDEMjy -+9bIEXSuS48g5RAc1UGd5nrrBQwuDxGWFyz0yvAY7LgyidZuJS21+MAp9EY7AOMmx -+TDttifNaBJYt4GZ8of166PcqTKkHQwq5uBpxeSDv/ZE8YbYfaCtLTcUC8KlO+l36 -+gjJHSkdkflSsGy1yObSNDQDfVAAwQs//TjDMnuEtvlNXZllsTvFFBceXVETn10K2 -+ZMmdSIJNfLnjReUKEN6PfeGqv7F4xoyGwUybEfRE4u5RmXrqCODaIjY3SNMrOq8B -+R3Ata/cCozsM1jIdIW2z+OybDJH+BYsYm2nkSZQjZS6javTYClLrntEKG/hAQwL8 -+F16YLOQXpHhgiAaWnTZzANtLppB2+5qCVy5ElzKongOwT8JTjTFXOaRnqe/ngm9W -+SSbrxfDaoWUOyK9XD8Cydzpv3n4Y8nWNGayi7/yAFCU36Ri040ufgv/TZLuKacnl -++3ga3ZUpRlSigzx0kb1+KjTSWeQ8vE/psdWjvBukVEbzdUauMLyRLo/6znSVvvPX -+UGhviThE5uhrsUg+wEPFINriSHfF7JDKVhDcJnLBdaXvfN52pkF/naLBF5Rt3Gvq -+fjCxjx0Sy9Lag1hDN4dor7dzuO7wmwOS01DJW1PtNLuuH0Bbqh1kYSaQkmyXBZWX -+qo8K3nkoDM0niOtJJubOhTNrGmSaZpNXkK3Mcy9rBbdvEs5O0Jmqaax/eOdU0Yot -+B3lX+3ddOseT2ZEFjzObqTtkWuFBeBxuYNcRTsu3qMdIBsEb8URQdsTtjoIja2fK -+hreVgjK36GW70KXEl8V/vq5qjQulmqkBEjmilcDuiREKqQuyeagUOnhQaBplqVco -+4xznh5DMBMRbpGb5lHxKv4cPNi+uNAJ5i98zWUM1JRt6aXnRCuWcll1z8fRZ+5kD -+vK9FaZU3VRMK/eknEG49cGr8OuJ6ZRSaC+tKwV1y+amkSZpKPWnk2bUnQI3ApJv3 -+k1e1EToeECpMUkLMDgNbpKBoz4nqMEvAAlYgw9xKNbLlQlahqTVEAmaJHh4yDMDy -+i7IZ9Wrn47IGoR7s3cvhDHUpRPeW4nsmgzj+tf5EAxemI61STZJTTWo0iaPGJxct -+9nhOOhw1I38Mvm4vkAbFH7YJ0B6QrjjYL2MbOTp5JiIh4vdOeWwNo9/y4ffyaN5+ -+ADpxuuIAmcbdr6GPOhkOFFixRJa0B2eP1i032HESlLs8RB9oYtdTXdXQotnIgJGd -+Y8tSKOa1zjzeLHn3AVpRZTUW++/BxmApV3GKIeG8fsUjg/df0QRrBcdC/1uccdaG -+KKlAOwlywVn5jUlwHkTmDiTM9w5AqVVGHZ2b+4ZgQW8jnPKN0SrKf6U555D+zp7E -+x4uXoE8ojN9y8m8UKf0cTLnujH2XgZorjPfuMOt5VZEhQFMS2QaljSeni5CJJ8gk -+XtztNqfBlAtWR4V5iAHeQOfIB2YaOy8GESda89tyKraKeaez41VblpTVHTeq9IIF -+YB4cQA2PfuNaGVRGLMAgT3Dvl+mxxxeJyxnGAiUcETU/jJJt9QombiuszBlYGQ5d -+ELOSm/eQSRARV9zNSt5jaQlMSjMBqenIEM09BzYqa7jDwqoztFxNdO8bcuQPuKwa -+4z3bBZ1yYm63WFdNbQqqGEwc0OYmqg1raJ0zltgHyjFyw8IGu4g/wETs+nVQcH7D -+vKuje86bePD6kD/LH3wmkA== -+-----END DSA PARAMETERS----- -Index: openssl-3.1.4/CHANGES.md -=================================================================== ---- openssl-3.1.4.orig/CHANGES.md -+++ openssl-3.1.4/CHANGES.md -@@ -22,6 +22,23 @@ OpenSSL Releases - OpenSSL 3.1 - ----------- - -+ * Fixed an issue where checking excessively long DSA keys or parameters may -+ be very slow. -+ -+ Applications that use the functions EVP_PKEY_param_check() or -+ EVP_PKEY_public_check() to check a DSA public key or DSA parameters may -+ experience long delays. Where the key or parameters that are being checked -+ have been obtained from an untrusted source this may lead to a Denial of -+ Service. -+ -+ To resolve this issue DSA keys larger than OPENSSL_DSA_MAX_MODULUS_BITS -+ will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error -+ reason. -+ -+ ([CVE-2024-4603]) -+ -+ *Tomáš Mráz* -+ - ### Changes between 3.1.3 and 3.1.4 [24 Oct 2023] - - * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), diff --git a/openssl-CVE-2024-4741.patch b/openssl-CVE-2024-4741.patch deleted file mode 100644 index 2e87ae8..0000000 --- a/openssl-CVE-2024-4741.patch +++ /dev/null @@ -1,28 +0,0 @@ -@@ -, +, @@ ---- - ssl/record/methods/tls_common.c | 8 ++++++++ - 1 file changed, 8 insertions(+) ---- openssl-3.0.8/ssl/record/ssl3_buffer.c -+++ openssl-3.0.8/ssl/record/ssl3_buffer.c -@@ -186,5 +186,7 @@ int ssl3_release_read_buffer(SSL *s) - OPENSSL_cleanse(b->buf, b->len); - OPENSSL_free(b->buf); - b->buf = NULL; -+ s->rlayer.packet = NULL; -+ s->rlayer.packet_length = 0; - return 1; - } ---- openssl-3.0.8/ssl/record/rec_layer_s3.c -+++ openssl-3.0.8/ssl/record/rec_layer_s3.c -@@ -238,6 +238,11 @@ int ssl3_read_n(SSL *s, size_t n, size_t - s->rlayer.packet_length = 0; - /* ... now we can act as if 'extend' was set */ - } -+ if (!ossl_assert(s->rlayer.packet != NULL)) { -+ /* does not happen */ -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); -+ return -1; -+ } - - len = s->rlayer.packet_length; - pkt = rb->buf + align; diff --git a/openssl-CVE-2024-5535.patch b/openssl-CVE-2024-5535.patch deleted file mode 100644 index b8ee00a..0000000 --- a/openssl-CVE-2024-5535.patch +++ /dev/null @@ -1,326 +0,0 @@ -From 4ada436a1946cbb24db5ab4ca082b69c1bc10f37 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 31 May 2024 11:14:33 +0100 -Subject: [PATCH] Fix SSL_select_next_proto - -Ensure that the provided client list is non-NULL and starts with a valid -entry. When called from the ALPN callback the client list should already -have been validated by OpenSSL so this should not cause a problem. When -called from the NPN callback the client list is locally configured and -will not have already been validated. Therefore SSL_select_next_proto -should not assume that it is correctly formatted. - -We implement stricter checking of the client protocol list. We also do the -same for the server list while we are about it. - -CVE-2024-5535 - -Reviewed-by: Neil Horman -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24718) ---- - ssl/ssl_lib.c | 63 ++++++++++++++++++++++++++++++++------------------- - 1 file changed, 40 insertions(+), 23 deletions(-) - -diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index 5493d9b9c7..f218dcf1db 100644 ---- a/ssl/ssl_lib.c -+++ b/ssl/ssl_lib.c -@@ -2953,37 +2953,54 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, - unsigned int server_len, - const unsigned char *client, unsigned int client_len) - { -- unsigned int i, j; -- const unsigned char *result; -- int status = OPENSSL_NPN_UNSUPPORTED; -+ PACKET cpkt, csubpkt, spkt, ssubpkt; -+ -+ if (!PACKET_buf_init(&cpkt, client, client_len) -+ || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt) -+ || PACKET_remaining(&csubpkt) == 0) { -+ *out = NULL; -+ *outlen = 0; -+ return OPENSSL_NPN_NO_OVERLAP; -+ } -+ -+ /* -+ * Set the default opportunistic protocol. Will be overwritten if we find -+ * a match. -+ */ -+ *out = (unsigned char *)PACKET_data(&csubpkt); -+ *outlen = (unsigned char)PACKET_remaining(&csubpkt); - - /* - * For each protocol in server preference order, see if we support it. - */ -- for (i = 0; i < server_len;) { -- for (j = 0; j < client_len;) { -- if (server[i] == client[j] && -- memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { -- /* We found a match */ -- result = &server[i]; -- status = OPENSSL_NPN_NEGOTIATED; -- goto found; -+ if (PACKET_buf_init(&spkt, server, server_len)) { -+ while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) { -+ if (PACKET_remaining(&ssubpkt) == 0) -+ continue; /* Invalid - ignore it */ -+ if (PACKET_buf_init(&cpkt, client, client_len)) { -+ while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) { -+ if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt), -+ PACKET_remaining(&ssubpkt))) { -+ /* We found a match */ -+ *out = (unsigned char *)PACKET_data(&ssubpkt); -+ *outlen = (unsigned char)PACKET_remaining(&ssubpkt); -+ return OPENSSL_NPN_NEGOTIATED; -+ } -+ } -+ /* Ignore spurious trailing bytes in the client list */ -+ } else { -+ /* This should never happen */ -+ return OPENSSL_NPN_NO_OVERLAP; - } -- j += client[j]; -- j++; - } -- i += server[i]; -- i++; -+ /* Ignore spurious trailing bytes in the server list */ - } - -- /* There's no overlap between our protocols and the server's list. */ -- result = client; -- status = OPENSSL_NPN_NO_OVERLAP; -- -- found: -- *out = (unsigned char *)result + 1; -- *outlen = result[0]; -- return status; -+ /* -+ * There's no overlap between our protocols and the server's list. We use -+ * the default opportunistic protocol selected earlier -+ */ -+ return OPENSSL_NPN_NO_OVERLAP; - } - - #ifndef OPENSSL_NO_NEXTPROTONEG --- -2.45.2 - -From 4279c89a726025c758db3dafb263b17e52211304 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 31 May 2024 11:18:27 +0100 -Subject: [PATCH] More correctly handle a selected_len of 0 when - processing NPN - -In the case where the NPN callback returns with SSL_TLEXT_ERR_OK, but -the selected_len is 0 we should fail. Previously this would fail with an -internal_error alert because calling OPENSSL_malloc(selected_len) will -return NULL when selected_len is 0. We make this error detection more -explicit and return a handshake failure alert. - -Follow on from CVE-2024-5535 - -Reviewed-by: Neil Horman -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24718) ---- - ssl/statem/extensions_clnt.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c -index 842be0722b..a07dc62e9a 100644 ---- a/ssl/statem/extensions_clnt.c -+++ b/ssl/statem/extensions_clnt.c -@@ -1536,7 +1536,8 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - PACKET_data(pkt), - PACKET_remaining(pkt), - s->ctx->ext.npn_select_cb_arg) != -- SSL_TLSEXT_ERR_OK) { -+ SSL_TLSEXT_ERR_OK -+ || selected_len == 0) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_BAD_EXTENSION); - return 0; - } --- -2.45.2 - -From 889ed19ba25abebd2690997acd6d4791cbe5c493 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 31 May 2024 11:46:38 +0100 -Subject: [PATCH] Clarify the SSL_select_next_proto() documentation - -We clarify the input preconditions and the expected behaviour in the event -of no overlap. - -Follow on from CVE-2024-5535 - -Reviewed-by: Neil Horman -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24718) ---- - doc/man3/SSL_CTX_set_alpn_select_cb.pod | 26 +++++++++++++++++-------- - 1 file changed, 18 insertions(+), 8 deletions(-) - -diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod -index 102e657851..a29557dd91 100644 ---- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod -+++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod -@@ -52,7 +52,8 @@ SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated - SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to - set the list of protocols available to be negotiated. The B must be in - protocol-list format, described below. The length of B is specified in --B. -+B. Setting B to 0 clears any existing list of ALPN -+protocols and no ALPN extension will be sent to the server. - - SSL_CTX_set_alpn_select_cb() sets the application callback B used by a - server to select which protocol to use for the incoming connection. When B -@@ -73,9 +74,16 @@ B and B, B must be in the protocol-list format - described below. The first item in the B, B list that - matches an item in the B, B list is selected, and returned - in B, B. The B value will point into either B or --B, so it should be copied immediately. If no match is found, the first --item in B, B is returned in B, B. This --function can also be used in the NPN callback. -+B, so it should be copied immediately. The client list must include at -+least one valid (nonempty) protocol entry in the list. -+ -+The SSL_select_next_proto() helper function can be useful from either the ALPN -+callback or the NPN callback (described below). If no match is found, the first -+item in B, B is returned in B, B and -+B is returned. This can be useful when implementating -+the NPN callback. In the ALPN case, the value returned in B and B -+must be ignored if B has been returned from -+SSL_select_next_proto(). - - SSL_CTX_set_next_proto_select_cb() sets a callback B that is called when a - client needs to select a protocol from the server's provided list, and a -@@ -85,9 +93,10 @@ must be set to point to the selected protocol (which may be within B). - The length of the protocol name must be written into B. The - server's advertised protocols are provided in B and B. The - callback can assume that B is syntactically valid. The client must --select a protocol. It is fatal to the connection if this callback returns --a value other than B. The B parameter is the pointer --set via SSL_CTX_set_next_proto_select_cb(). -+select a protocol (although it may be an empty, zero length protocol). It is -+fatal to the connection if this callback returns a value other than -+B or if the zero length protocol is selected. The B -+parameter is the pointer set via SSL_CTX_set_next_proto_select_cb(). - - SSL_CTX_set_next_protos_advertised_cb() sets a callback B that is called - when a TLS server needs a list of supported protocols for Next Protocol -@@ -149,7 +158,8 @@ A match was found and is returned in B, B. - =item OPENSSL_NPN_NO_OVERLAP - - No match was found. The first item in B, B is returned in --B, B. -+B, B (or B and 0 in the case where the first entry in -+B is invalid). - - =back - --- -2.45.2 - -From 087501b4f572825e27ca8cc2c5874fcf6fd47cf7 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 21 Jun 2024 10:41:55 +0100 -Subject: [PATCH] Correct return values for - tls_construct_stoc_next_proto_neg - -Return EXT_RETURN_NOT_SENT in the event that we don't send the extension, -rather than EXT_RETURN_SENT. This actually makes no difference at all to -the current control flow since this return value is ignored in this case -anyway. But lets make it correct anyway. - -Follow on from CVE-2024-5535 - -Reviewed-by: Neil Horman -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24718) ---- - ssl/statem/extensions_srvr.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c -index 4ea085e1a1..2da880450f 100644 ---- a/ssl/statem/extensions_srvr.c -+++ b/ssl/statem/extensions_srvr.c -@@ -1476,9 +1476,10 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, - return EXT_RETURN_FAIL; - } - s->s3.npn_seen = 1; -+ return EXT_RETURN_SENT; - } - -- return EXT_RETURN_SENT; -+ return EXT_RETURN_NOT_SENT; - } - #endif - --- -2.45.2 - -From 017e54183b95617825fb9316d618c154a34c634e Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 21 Jun 2024 11:51:54 +0100 -Subject: [PATCH] Add ALPN validation in the client - -The ALPN protocol selected by the server must be one that we originally -advertised. We should verify that it is. - -Follow on from CVE-2024-5535 - -Reviewed-by: Neil Horman -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24718) ---- - ssl/statem/extensions_clnt.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c -index a07dc62e9a..b21ccf9273 100644 ---- a/ssl/statem/extensions_clnt.c -+++ b/ssl/statem/extensions_clnt.c -@@ -1566,6 +1566,8 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - size_t chainidx) - { - size_t len; -+ PACKET confpkt, protpkt; -+ int valid = 0; - - /* We must have requested it. */ - if (!s->s3.alpn_sent) { -@@ -1584,6 +1586,28 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); - return 0; - } -+ -+ /* It must be a protocol that we sent */ -+ if (!PACKET_buf_init(&confpkt, s->ext.alpn, s->ext.alpn_len)) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ while (PACKET_get_length_prefixed_1(&confpkt, &protpkt)) { -+ if (PACKET_remaining(&protpkt) != len) -+ continue; -+ if (memcmp(PACKET_data(pkt), PACKET_data(&protpkt), len) == 0) { -+ /* Valid protocol found */ -+ valid = 1; -+ break; -+ } -+ } -+ -+ if (!valid) { -+ /* The protocol sent from the server does not match one we advertised */ -+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); -+ return 0; -+ } -+ - OPENSSL_free(s->s3.alpn_selected); - s->s3.alpn_selected = OPENSSL_malloc(len); - if (s->s3.alpn_selected == NULL) { --- -2.45.2 - diff --git a/openssl-CVE-2024-6119.patch b/openssl-CVE-2024-6119.patch deleted file mode 100644 index f7aadcf..0000000 --- a/openssl-CVE-2024-6119.patch +++ /dev/null @@ -1,255 +0,0 @@ -commit 97ebe37033e8884f4cca5544a74376633c665e11 -Author: Viktor Dukhovni -Date: Wed Jun 19 21:04:11 2024 +1000 - - Avoid type errors in EAI-related name check logic. - - The incorrectly typed data is read only, used in a compare operation, so - neither remote code execution, nor memory content disclosure were possible. - However, applications performing certificate name checks were vulnerable to - denial of service. - - The GENERAL_TYPE data type is a union, and we must take care to access the - correct member, based on `gen->type`, not all the member fields have the same - structure, and a segfault is possible if the wrong member field is read. - - The code in question was lightly refactored with the intent to make it more - obviously correct. - - CVE-2024-6119 - - (cherry picked from commit 1486960d6cdb052e4fc0109a56a0597b4e902ba1) - -diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c -index 1a18174995..a09414c972 100644 ---- a/crypto/x509/v3_utl.c -+++ b/crypto/x509/v3_utl.c -@@ -916,36 +916,64 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, - ASN1_STRING *cstr; - - gen = sk_GENERAL_NAME_value(gens, i); -- if ((gen->type == GEN_OTHERNAME) && (check_type == GEN_EMAIL)) { -- if (OBJ_obj2nid(gen->d.otherName->type_id) == -- NID_id_on_SmtpUTF8Mailbox) { -- san_present = 1; -- -- /* -- * If it is not a UTF8String then that is unexpected and we -- * treat it as no match -- */ -- if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) { -- cstr = gen->d.otherName->value->value.utf8string; -- -- /* Positive on success, negative on error! */ -- if ((rv = do_check_string(cstr, 0, equal, flags, -- chk, chklen, peername)) != 0) -- break; -- } -- } else -+ switch (gen->type) { -+ default: -+ continue; -+ case GEN_OTHERNAME: -+ switch (OBJ_obj2nid(gen->d.otherName->type_id)) { -+ default: - continue; -- } else { -- if ((gen->type != check_type) && (gen->type != GEN_OTHERNAME)) -+ case NID_id_on_SmtpUTF8Mailbox: -+ /*- -+ * https://datatracker.ietf.org/doc/html/rfc8398#section-3 -+ * -+ * Due to name constraint compatibility reasons described -+ * in Section 6, SmtpUTF8Mailbox subjectAltName MUST NOT -+ * be used unless the local-part of the email address -+ * contains non-ASCII characters. When the local-part is -+ * ASCII, rfc822Name subjectAltName MUST be used instead -+ * of SmtpUTF8Mailbox. This is compatible with legacy -+ * software that supports only rfc822Name (and not -+ * SmtpUTF8Mailbox). [...] -+ * -+ * SmtpUTF8Mailbox is encoded as UTF8String. -+ * -+ * If it is not a UTF8String then that is unexpected, and -+ * we ignore the invalid SAN (neither set san_present nor -+ * consider it a candidate for equality). This does mean -+ * that the subject CN may be considered, as would be the -+ * case when the malformed SmtpUtf8Mailbox SAN is instead -+ * simply absent. -+ * -+ * When CN-ID matching is not desirable, applications can -+ * choose to turn it off, doing so is at this time a best -+ * practice. -+ */ -+ if (check_type != GEN_EMAIL -+ || gen->d.otherName->value->type != V_ASN1_UTF8STRING) -+ continue; -+ alt_type = 0; -+ cstr = gen->d.otherName->value->value.utf8string; -+ break; -+ } -+ break; -+ case GEN_EMAIL: -+ if (check_type != GEN_EMAIL) - continue; -- } -- san_present = 1; -- if (check_type == GEN_EMAIL) - cstr = gen->d.rfc822Name; -- else if (check_type == GEN_DNS) -+ break; -+ case GEN_DNS: -+ if (check_type != GEN_DNS) -+ continue; - cstr = gen->d.dNSName; -- else -+ break; -+ case GEN_IPADD: -+ if (check_type != GEN_IPADD) -+ continue; - cstr = gen->d.iPAddress; -+ break; -+ } -+ san_present = 1; - /* Positive on success, negative on error! */ - if ((rv = do_check_string(cstr, alt_type, equal, flags, - chk, chklen, peername)) != 0) -diff --git a/test/recipes/25-test_eai_data.t b/test/recipes/25-test_eai_data.t -index 522982ddfb..e18735d89a 100644 ---- a/test/recipes/25-test_eai_data.t -+++ b/test/recipes/25-test_eai_data.t -@@ -21,16 +21,18 @@ setup("test_eai_data"); - #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem - #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem - --plan tests => 12; -+plan tests => 16; - - require_ok(srctop_file('test','recipes','tconversion.pl')); - my $folder = "test/recipes/25-test_eai_data"; - - my $ascii_pem = srctop_file($folder, "ascii_leaf.pem"); - my $utf8_pem = srctop_file($folder, "utf8_leaf.pem"); -+my $kdc_pem = srctop_file($folder, "kdc-cert.pem"); - - my $ascii_chain_pem = srctop_file($folder, "ascii_chain.pem"); - my $utf8_chain_pem = srctop_file($folder, "utf8_chain.pem"); -+my $kdc_chain_pem = srctop_file($folder, "kdc-root-cert.pem"); - - my $out; - my $outcnt = 0; -@@ -56,10 +58,18 @@ SKIP: { - - ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $ascii_pem]))); - ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $utf8_pem]))); -+ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $kdc_chain_pem, $kdc_pem]))); - - ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $utf8_pem]))); - ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $ascii_pem]))); - -+# Check an otherName does not get misparsed as an DNS name, (should trigger ASAN errors if violated). -+ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_hostname", 'mx1.example.com', "-CAfile", $kdc_chain_pem, $kdc_pem]))); -+# Check an otherName does not get misparsed as an email address, (should trigger ASAN errors if violated). -+ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'joe@example.com', "-CAfile", $kdc_chain_pem, $kdc_pem]))); -+# We expect SmtpUTF8Mailbox to be a UTF8 String, not an IA5String. -+ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'moe@example.com', "-CAfile", $kdc_chain_pem, $kdc_pem]))); -+ - #Check that we get the expected failure return code - with({ exit_checker => sub { return shift == 2; } }, - sub { -diff --git a/test/recipes/25-test_eai_data/kdc-cert.pem b/test/recipes/25-test_eai_data/kdc-cert.pem -new file mode 100644 -index 0000000000..e8a2c6f55d ---- /dev/null -+++ b/test/recipes/25-test_eai_data/kdc-cert.pem -@@ -0,0 +1,21 @@ -+-----BEGIN CERTIFICATE----- -+MIIDbDCCAlSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 -+MCAXDTI0MDYyMDA2MTQxNVoYDzIxMjQwNjIwMDYxNDE1WjAXMRUwEwYDVQQDDAxU -+RVNULkVYQU1QTEUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6wfP+ -+6go79dkpo/dGLMlPZ7Gw/Q6gUYrCWZWUEgEeRVHCrqOlgUEyA+PcWas/XDPUxXry -+BQlJHLvlqamAQn8gs4QPBARFYWKNiTVGyaRkgNA1N5gqyZdrP9UE+ZJmdqxRAAe8 -+vvpGZWSgevPhLUiSCFYDiD0Rtji2Hm3rGUrReQFBQDEw2pNGwz9zIaxUs08kQZcx -+Yzyiplz5Oau+R/6sAgUwDlrD9xOlUxx/tA/MSDIfkK8qioU11uUZtO5VjkNQy/bT -+7zQMmXxWgm2MIgOs1u4YN7YGOtgqHE9v9iPHHfgrkbQDtVDGQsa8AQEhkUDSCtW9 -+3VFAKx6dGNXYzFwfAgMBAAGjgcgwgcUwHQYDVR0OBBYEFFR5tZycW19DmtbL4Zqj -+te1c2vZLMAkGA1UdIwQCMAAwCQYDVR0TBAIwADCBjQYDVR0RBIGFMIGCoD8GBisG -+AQUCAqA1MDOgDhsMVEVTVC5FWEFNUExFoSEwH6ADAgEBoRgwFhsGa3JidGd0GwxU -+RVNULkVYQU1QTEWgHQYIKwYBBQUHCAmgERYPbW9lQGV4YW1wbGUuY29tgQ9qb2VA -+ZXhhbXBsZS5jb22CD214MS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEA -+T0xzVtVpRtaOzIhgzw7XQUdzWD5UEGSJJ1cBCOmKUWwDLTAouCYLFB4TbEE7MMUb -+iuMy60bjmVtvfJIXorGUgSadRe5RWJ5DamJWvPA0Q9x7blnEcXqEF+9Td+ypevgU -+UYHFmg83OYwxOsFXZ5cRuXMk3WCsDHQIBi6D1L6oDDZ2pfArs5mqm3thQKVlqyl1 -+El3XRYEdqAz/5eCOFNfwxF0ALxjxVr/Z50StUZU8I7Zfev6+kHhyrR7dqzYJImv9 -+0fTCOBEMjIETDsrA70OxAMu4V16nrWZdJdvzblS2qrt97Omkj+2kiPAJFB76RpwI -+oDQ9fKfUOAmUFth2/R/eGA== -+-----END CERTIFICATE----- -diff --git a/test/recipes/25-test_eai_data/kdc-root-cert.pem b/test/recipes/25-test_eai_data/kdc-root-cert.pem -new file mode 100644 -index 0000000000..a74c96bf31 ---- /dev/null -+++ b/test/recipes/25-test_eai_data/kdc-root-cert.pem -@@ -0,0 +1,16 @@ -+-----BEGIN CERTIFICATE----- -+MIICnDCCAYQCCQCBswYcrlZSHjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARS -+b290MCAXDTI0MDYyMDA2MTQxNVoYDzIxMjQwNjIwMDYxNDE1WjAPMQ0wCwYDVQQD -+DARSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRj8S4kBbIUj -+61kZfi6nE35Q38U140+qt4uAiwAhKumfVHlBM0zQ98WFt5zMHIBQwIb3yjc2zj+0 -+qzUnQfwm1r/RfcMmBPEti9Ge+aEMSsds2gMXziOFM8wd2aAFPy7UVE0XpEWofsRK -+MGi61MKVdPSbGIxBwY9VW38/7D/wf1HtJe7y0xpuecR7GB2XAs+qST59NjuF+7wS -+dLM8Hb3TATgeYbXXWsRJgwz+SPzExg5WmLnU+7y4brZ32dHtdSmkRVSgSlaIf7Xj -+3Tc6Zi7I+W/JYk7hy1zUexVdWCak4PHcoWrXe0gNNN/t8VfLfMExt5z/HIylXnU7 -+pGUyqZlTGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAHpLF1UCRy7b6Hk0rLokxI -+lgwiH9BU9mktigAGASvkbllpt+YbUbWnuYAvpHBGiP1qZtfX2r96UrSJaGO9BEzT -+Gp9ThnSjoj4Srul0+s/NArU22irFLmDzbalgevAmm9gMGkdqkiIm/mXbwrPj0ncl -+KGicevXryVpvaP62eZ8cc3C4p97frMmXxRX8sTdQpD/gRI7prdEILRSKveqT+AEW -+7rFGM5AOevb4U8ddop8A3D/kX0wcCAIBF6jCNk3uEJ57jVcagL04kPnVfdRiedTS -+vfq1DRNcD29d1H/9u0fHdSn1/+8Ep3X+afQ3C6//5NvOEaXcIGO4QSwkprQydfv8 -+-----END CERTIFICATE----- -diff --git a/test/recipes/25-test_eai_data/kdc.sh b/test/recipes/25-test_eai_data/kdc.sh -new file mode 100755 -index 0000000000..7a8dbc719f ---- /dev/null -+++ b/test/recipes/25-test_eai_data/kdc.sh -@@ -0,0 +1,41 @@ -+#! /usr/bin/env bash -+ -+# Create a root CA, signing a leaf cert with a KDC principal otherName SAN, and -+# also a non-UTF8 smtpUtf8Mailbox SAN followed by an rfc822Name SAN and a DNS -+# name SAN. In the vulnerable EAI code, the KDC principal `otherName` should -+# trigger ASAN errors in DNS name checks, while the non-UTF8 `smtpUtf8Mailbox` -+# should likewise lead to ASAN issues with email name checks. -+ -+rm -f root-key.pem root-cert.pem -+openssl req -nodes -new -newkey rsa:2048 -keyout kdc-root-key.pem \ -+ -x509 -subj /CN=Root -days 36524 -out kdc-root-cert.pem -+ -+exts=$( -+ printf "%s\n%s\n%s\n%s = " \ -+ "subjectKeyIdentifier = hash" \ -+ "authorityKeyIdentifier = keyid" \ -+ "basicConstraints = CA:false" \ -+ "subjectAltName" -+ printf "%s, " "otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name" -+ printf "%s, " "otherName:1.3.6.1.5.5.7.8.9;IA5:moe@example.com" -+ printf "%s, " "email:joe@example.com" -+ printf "%s\n" "DNS:mx1.example.com" -+ printf "[kdc_princ_name]\n" -+ printf "realm = EXP:0, GeneralString:TEST.EXAMPLE\n" -+ printf "principal_name = EXP:1, SEQUENCE:kdc_principal_seq\n" -+ printf "[kdc_principal_seq]\n" -+ printf "name_type = EXP:0, INTEGER:1\n" -+ printf "name_string = EXP:1, SEQUENCE:kdc_principal_components\n" -+ printf "[kdc_principal_components]\n" -+ printf "princ1 = GeneralString:krbtgt\n" -+ printf "princ2 = GeneralString:TEST.EXAMPLE\n" -+ ) -+ -+printf "%s\n" "$exts" -+ -+openssl req -nodes -new -newkey rsa:2048 -keyout kdc-key.pem \ -+ -subj "/CN=TEST.EXAMPLE" | -+ openssl x509 -req -out kdc-cert.pem \ -+ -CA "kdc-root-cert.pem" -CAkey "kdc-root-key.pem" \ -+ -set_serial 2 -days 36524 \ -+ -extfile <(printf "%s\n" "$exts") diff --git a/openssl-Enable-BTI-feature-for-md5-on-aarch64.patch b/openssl-Enable-BTI-feature-for-md5-on-aarch64.patch deleted file mode 100644 index 031bef4..0000000 --- a/openssl-Enable-BTI-feature-for-md5-on-aarch64.patch +++ /dev/null @@ -1,28 +0,0 @@ -From d2bfec6e464aeb247a2d6853668d4e473f19e15f Mon Sep 17 00:00:00 2001 -From: "fangming.fang" -Date: Thu, 7 Dec 2023 06:17:51 +0000 -Subject: [PATCH] Enable BTI feature for md5 on aarch64 - -Fixes: #22959 ---- - crypto/md5/asm/md5-aarch64.pl | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/crypto/md5/asm/md5-aarch64.pl b/crypto/md5/asm/md5-aarch64.pl -index 3200a0fa9bff0..5a8608069691d 100755 ---- a/crypto/md5/asm/md5-aarch64.pl -+++ b/crypto/md5/asm/md5-aarch64.pl -@@ -28,10 +28,13 @@ - *STDOUT=*OUT; - - $code .= < "FIPS module config file only supported in a fips build" if $no_check; -diff --git a/test/recipes/01-test_fipsmodule_cnf.t b/test/recipes/01-test_fipsmodule_cnf.t -index ce594817d5..00cebacff8 100644 ---- a/test/recipes/01-test_fipsmodule_cnf.t -+++ b/test/recipes/01-test_fipsmodule_cnf.t +Index: openssl-3.1.7/test/recipes/01-test_fipsmodule_cnf.t +=================================================================== +--- openssl-3.1.7.orig/test/recipes/01-test_fipsmodule_cnf.t ++++ openssl-3.1.7/test/recipes/01-test_fipsmodule_cnf.t @@ -23,7 +23,7 @@ use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); use platform; @@ -193,10 +192,10 @@ index ce594817d5..00cebacff8 100644 plan skip_all => "Test only supported in a fips build" if $no_check; plan tests => 1; -diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t -index b8b136d110..8242f4ebc3 100644 ---- a/test/recipes/03-test_fipsinstall.t -+++ b/test/recipes/03-test_fipsinstall.t +Index: openssl-3.1.7/test/recipes/03-test_fipsinstall.t +=================================================================== +--- openssl-3.1.7.orig/test/recipes/03-test_fipsinstall.t ++++ openssl-3.1.7/test/recipes/03-test_fipsinstall.t @@ -22,7 +22,7 @@ use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); use platform; @@ -206,10 +205,10 @@ index b8b136d110..8242f4ebc3 100644 # Compatible options for pedantic FIPS compliance my @pedantic_okay = -diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t -index c8f145405b..56a2ec5dc4 100644 ---- a/test/recipes/30-test_defltfips.t -+++ b/test/recipes/30-test_defltfips.t +Index: openssl-3.1.7/test/recipes/30-test_defltfips.t +=================================================================== +--- openssl-3.1.7.orig/test/recipes/30-test_defltfips.t ++++ openssl-3.1.7/test/recipes/30-test_defltfips.t @@ -24,7 +24,7 @@ use lib bldtop_dir('.'); plan skip_all => "Configuration loading is turned off" if disabled("autoload-config"); @@ -219,10 +218,10 @@ index c8f145405b..56a2ec5dc4 100644 plan tests => ($no_fips ? 1 : 5); -diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t -index 0c6d6402d9..e45f9cb560 100644 ---- a/test/recipes/80-test_ssl_new.t -+++ b/test/recipes/80-test_ssl_new.t +Index: openssl-3.1.7/test/recipes/80-test_ssl_new.t +=================================================================== +--- openssl-3.1.7.orig/test/recipes/80-test_ssl_new.t ++++ openssl-3.1.7/test/recipes/80-test_ssl_new.t @@ -27,7 +27,7 @@ setup("test_ssl_new"); use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); @@ -232,19 +231,16 @@ index 0c6d6402d9..e45f9cb560 100644 $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); -diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t -index 9e9e32b51e..1a1a7159b5 100644 ---- a/test/recipes/90-test_sslapi.t -+++ b/test/recipes/90-test_sslapi.t -@@ -17,7 +17,7 @@ setup("test_sslapi"); - use lib srctop_dir('Configurations'); - use lib bldtop_dir('.'); +Index: openssl-3.1.7/test/recipes/90-test_sslapi.t +=================================================================== +--- openssl-3.1.7.orig/test/recipes/90-test_sslapi.t ++++ openssl-3.1.7/test/recipes/90-test_sslapi.t +@@ -14,7 +14,7 @@ BEGIN { + setup("test_sslapi"); + } -my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); +my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0); my $fipsmodcfg_filename = "fipsmodule.cnf"; my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename); --- -2.41.0 - diff --git a/openssl-FIPS-services-minimize.patch b/openssl-FIPS-services-minimize.patch index 9b0790a..7f28778 100644 --- a/openssl-FIPS-services-minimize.patch +++ b/openssl-FIPS-services-minimize.patch @@ -26,10 +26,10 @@ Patch-status: | test/recipes/80-test_ssl_old.t | 2 +- 16 files changed, 128 insertions(+), 47 deletions(-) -diff --git a/apps/ecparam.c b/apps/ecparam.c -index 9e9ad13683..9c66cf2434 100644 ---- a/apps/ecparam.c -+++ b/apps/ecparam.c +Index: openssl-3.1.7/apps/ecparam.c +=================================================================== +--- openssl-3.1.7.orig/apps/ecparam.c ++++ openssl-3.1.7/apps/ecparam.c @@ -79,6 +79,13 @@ static int list_builtin_curves(BIO *out) const char *comment = curves[n].comment; const char *sname = OBJ_nid2sn(curves[n].nid); @@ -44,10 +44,10 @@ index 9e9ad13683..9c66cf2434 100644 if (comment == NULL) comment = "CURVE DESCRIPTION NOT AVAILABLE"; if (sname == NULL) -diff --git a/apps/req.c b/apps/req.c -index 23757044ab..5916914978 100644 ---- a/apps/req.c -+++ b/apps/req.c +Index: openssl-3.1.7/apps/req.c +=================================================================== +--- openssl-3.1.7.orig/apps/req.c ++++ openssl-3.1.7/apps/req.c @@ -266,7 +266,7 @@ int req_main(int argc, char **argv) unsigned long chtype = MBSTRING_ASC, reqflag = 0; @@ -57,11 +57,11 @@ index 23757044ab..5916914978 100644 #endif prog = opt_init(argc, argv, req_options); -diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c -index ed37e76969..eb836dfa6a 100644 ---- a/providers/common/capabilities.c -+++ b/providers/common/capabilities.c -@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list[][10] = { +Index: openssl-3.1.7/providers/common/capabilities.c +=================================================================== +--- openssl-3.1.7.orig/providers/common/capabilities.c ++++ openssl-3.1.7/providers/common/capabilities.c +@@ -186,9 +186,9 @@ static const OSSL_PARAM param_group_list TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25), TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26), TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27), @@ -72,11 +72,11 @@ index ed37e76969..eb836dfa6a 100644 # endif /* OPENSSL_NO_EC */ # ifndef OPENSSL_NO_DH /* Security bit values for FFDHE groups are as per RFC 7919 */ -diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c -index 518226dfc6..29438faea8 100644 ---- a/providers/fips/fipsprov.c -+++ b/providers/fips/fipsprov.c -@@ -298,10 +298,11 @@ static const OSSL_ALGORITHM fips_digests[] = { +Index: openssl-3.1.7/providers/fips/fipsprov.c +=================================================================== +--- openssl-3.1.7.orig/providers/fips/fipsprov.c ++++ openssl-3.1.7/providers/fips/fipsprov.c +@@ -298,10 +298,11 @@ static const OSSL_ALGORITHM fips_digests * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for * KMAC128 and KMAC256. */ @@ -90,7 +90,7 @@ index 518226dfc6..29438faea8 100644 { NULL, NULL, NULL } }; -@@ -360,8 +361,9 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { +@@ -360,8 +361,9 @@ static const OSSL_ALGORITHM_CAPABLE fips ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, ossl_cipher_capable_aes_cbc_hmac_sha256), #ifndef OPENSSL_NO_DES @@ -102,7 +102,7 @@ index 518226dfc6..29438faea8 100644 #endif /* OPENSSL_NO_DES */ { { NULL, NULL, NULL }, NULL } }; -@@ -373,8 +375,9 @@ static const OSSL_ALGORITHM fips_macs[] = { +@@ -373,8 +375,9 @@ static const OSSL_ALGORITHM fips_macs[] #endif { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions }, { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions }, @@ -114,7 +114,7 @@ index 518226dfc6..29438faea8 100644 { NULL, NULL, NULL } }; -@@ -409,8 +412,9 @@ static const OSSL_ALGORITHM fips_keyexch[] = { +@@ -409,8 +412,9 @@ static const OSSL_ALGORITHM fips_keyexch #endif #ifndef OPENSSL_NO_EC { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, @@ -126,7 +126,7 @@ index 518226dfc6..29438faea8 100644 #endif { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_tls1_prf_keyexch_functions }, -@@ -420,13 +424,15 @@ static const OSSL_ALGORITHM fips_keyexch[] = { +@@ -420,13 +424,15 @@ static const OSSL_ALGORITHM fips_keyexch static const OSSL_ALGORITHM fips_signature[] = { #ifndef OPENSSL_NO_DSA @@ -145,7 +145,7 @@ index 518226dfc6..29438faea8 100644 { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, #endif { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, -@@ -456,8 +462,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { +@@ -456,8 +462,9 @@ static const OSSL_ALGORITHM fips_keymgmt PROV_DESCS_DHX }, #endif #ifndef OPENSSL_NO_DSA @@ -157,7 +157,7 @@ index 518226dfc6..29438faea8 100644 #endif { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions, PROV_DESCS_RSA }, -@@ -466,14 +473,15 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { +@@ -466,14 +473,15 @@ static const OSSL_ALGORITHM fips_keymgmt #ifndef OPENSSL_NO_EC { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, PROV_DESCS_EC }, @@ -175,11 +175,11 @@ index 518226dfc6..29438faea8 100644 #endif { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, PROV_DESCS_TLS1_PRF_SIGN }, -diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc -index 2057378d3d..4b80bb70b9 100644 ---- a/providers/fips/self_test_data.inc -+++ b/providers/fips/self_test_data.inc -@@ -177,6 +177,7 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] = +Index: openssl-3.1.7/providers/fips/self_test_data.inc +=================================================================== +--- openssl-3.1.7.orig/providers/fips/self_test_data.inc ++++ openssl-3.1.7/providers/fips/self_test_data.inc +@@ -177,6 +177,7 @@ static const ST_KAT_DIGEST st_kat_digest /*- CIPHER TEST DATA */ /* DES3 test data */ @@ -187,7 +187,7 @@ index 2057378d3d..4b80bb70b9 100644 static const unsigned char des_ede3_cbc_pt[] = { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, -@@ -197,7 +198,7 @@ static const unsigned char des_ede3_cbc_ct[] = { +@@ -197,7 +198,7 @@ static const unsigned char des_ede3_cbc_ 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 }; @@ -196,7 +196,7 @@ index 2057378d3d..4b80bb70b9 100644 /* AES-256 GCM test data */ static const unsigned char aes_256_gcm_key[] = { 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, -@@ -1454,8 +1455,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[] = { +@@ -1454,8 +1455,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[ # endif /* OPENSSL_NO_EC2M */ #endif /* OPENSSL_NO_EC */ @@ -215,7 +215,7 @@ index 2057378d3d..4b80bb70b9 100644 /* Hash DRBG inputs for signature KATs */ static const unsigned char sig_kat_entropyin[] = { -@@ -1642,6 +1645,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { +@@ -1642,6 +1645,7 @@ static const ST_KAT_SIGN st_kat_sign_tes }, # endif #endif /* OPENSSL_NO_EC */ @@ -223,7 +223,7 @@ index 2057378d3d..4b80bb70b9 100644 #ifndef OPENSSL_NO_DSA { OSSL_SELF_TEST_DESC_SIGN_DSA, -@@ -1654,6 +1658,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = { +@@ -1654,6 +1658,7 @@ static const ST_KAT_SIGN st_kat_sign_tes ITM(dsa_expected_sig) }, #endif /* OPENSSL_NO_DSA */ @@ -231,11 +231,11 @@ index 2057378d3d..4b80bb70b9 100644 }; static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = { -diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index d4261e8f7d..2a5504d104 100644 ---- a/providers/implementations/signature/rsa_sig.c -+++ b/providers/implementations/signature/rsa_sig.c -@@ -689,6 +689,14 @@ static int rsa_verify_recover(void *vprsactx, +Index: openssl-3.1.7/providers/implementations/signature/rsa_sig.c +=================================================================== +--- openssl-3.1.7.orig/providers/implementations/signature/rsa_sig.c ++++ openssl-3.1.7/providers/implementations/signature/rsa_sig.c +@@ -705,6 +705,14 @@ static int rsa_verify_recover(void *vprs { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; int ret; @@ -250,7 +250,7 @@ index d4261e8f7d..2a5504d104 100644 if (!ossl_prov_is_running()) return 0; -@@ -777,6 +790,14 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen, +@@ -793,6 +801,14 @@ static int rsa_verify(void *vprsactx, co { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; size_t rslen; @@ -265,10 +265,10 @@ index d4261e8f7d..2a5504d104 100644 if (!ossl_prov_is_running()) return 0; -diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index a5e60e8839..f9af07d12b 100644 ---- a/ssl/ssl_ciph.c -+++ b/ssl/ssl_ciph.c +Index: openssl-3.1.7/ssl/ssl_ciph.c +=================================================================== +--- openssl-3.1.7.orig/ssl/ssl_ciph.c ++++ openssl-3.1.7/ssl/ssl_ciph.c @@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx) ctx->disabled_mkey_mask = 0; ctx->disabled_auth_mask = 0; @@ -279,10 +279,10 @@ index a5e60e8839..f9af07d12b 100644 /* * We ignore any errors from the fetches below. They are expected to fail * if theose algorithms are not available. -diff --git a/test/acvp_test.c b/test/acvp_test.c -index fee880d441..13d7a0ea8b 100644 ---- a/test/acvp_test.c -+++ b/test/acvp_test.c +Index: openssl-3.1.7/test/acvp_test.c +=================================================================== +--- openssl-3.1.7.orig/test/acvp_test.c ++++ openssl-3.1.7/test/acvp_test.c @@ -1476,6 +1476,7 @@ int setup_tests(void) OSSL_NELEM(dh_safe_prime_keyver_data)); #endif /* OPENSSL_NO_DH */ @@ -299,11 +299,11 @@ index fee880d441..13d7a0ea8b 100644 #ifndef OPENSSL_NO_EC ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data)); -diff --git a/test/endecode_test.c b/test/endecode_test.c -index 9a437d8c64..53385028fc 100644 ---- a/test/endecode_test.c -+++ b/test/endecode_test.c -@@ -1407,6 +1407,7 @@ int setup_tests(void) +Index: openssl-3.1.7/test/endecode_test.c +=================================================================== +--- openssl-3.1.7.orig/test/endecode_test.c ++++ openssl-3.1.7/test/endecode_test.c +@@ -1424,6 +1424,7 @@ int setup_tests(void) * so no legacy tests. */ #endif @@ -311,7 +311,7 @@ index 9a437d8c64..53385028fc 100644 #ifndef OPENSSL_NO_DSA ADD_TEST_SUITE(DSA); ADD_TEST_SUITE_PARAMS(DSA); -@@ -1417,6 +1418,7 @@ int setup_tests(void) +@@ -1434,6 +1435,7 @@ int setup_tests(void) ADD_TEST_SUITE_PROTECTED_PVK(DSA); # endif #endif @@ -319,9 +319,9 @@ index 9a437d8c64..53385028fc 100644 #ifndef OPENSSL_NO_EC ADD_TEST_SUITE(EC); ADD_TEST_SUITE_PARAMS(EC); -@@ -1431,10 +1433,12 @@ int setup_tests(void) - ADD_TEST_SUITE(ECExplicitTri2G); - ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); +@@ -1454,10 +1456,12 @@ int setup_tests(void) + ADD_TEST_SUITE(SM2); + } # endif + if (is_fips == 0) { ADD_TEST_SUITE(ED25519); @@ -332,10 +332,10 @@ index 9a437d8c64..53385028fc 100644 /* * ED25519, ED448, X25519 and X448 have no support for * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. -diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c -index 2448c35a14..a7913cda4c 100644 ---- a/test/evp_libctx_test.c -+++ b/test/evp_libctx_test.c +Index: openssl-3.1.7/test/evp_libctx_test.c +=================================================================== +--- openssl-3.1.7.orig/test/evp_libctx_test.c ++++ openssl-3.1.7/test/evp_libctx_test.c @@ -21,6 +21,7 @@ */ #include "internal/deprecated.h" @@ -366,10 +366,10 @@ index 2448c35a14..a7913cda4c 100644 #endif return 1; } -diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t -index b495b08bda..69bd299521 100644 ---- a/test/recipes/15-test_gendsa.t -+++ b/test/recipes/15-test_gendsa.t +Index: openssl-3.1.7/test/recipes/15-test_gendsa.t +=================================================================== +--- openssl-3.1.7.orig/test/recipes/15-test_gendsa.t ++++ openssl-3.1.7/test/recipes/15-test_gendsa.t @@ -24,7 +24,7 @@ use lib bldtop_dir('.'); plan skip_all => "This test is unsupported in a no-dsa build" if disabled("dsa"); @@ -379,11 +379,11 @@ index b495b08bda..69bd299521 100644 plan tests => ($no_fips ? 0 : 2) # FIPS related tests -diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t -index 6d3c5ba1bb..2ba47b5fca 100644 ---- a/test/recipes/20-test_cli_fips.t -+++ b/test/recipes/20-test_cli_fips.t -@@ -273,8 +273,7 @@ SKIP: { +Index: openssl-3.1.7/test/recipes/20-test_cli_fips.t +=================================================================== +--- openssl-3.1.7.orig/test/recipes/20-test_cli_fips.t ++++ openssl-3.1.7/test/recipes/20-test_cli_fips.t +@@ -278,8 +278,7 @@ SKIP: { } SKIP : { @@ -393,10 +393,10 @@ index 6d3c5ba1bb..2ba47b5fca 100644 subtest DSA => sub { my $testtext_prefix = 'DSA'; -diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t -index 9d7040ced2..f8beb538d4 100644 ---- a/test/recipes/30-test_evp.t -+++ b/test/recipes/30-test_evp.t +Index: openssl-3.1.7/test/recipes/30-test_evp.t +=================================================================== +--- openssl-3.1.7.orig/test/recipes/30-test_evp.t ++++ openssl-3.1.7/test/recipes/30-test_evp.t @@ -42,10 +42,8 @@ my @files = qw( evpciph_aes_cts.txt evpciph_aes_wrap.txt @@ -408,19 +408,19 @@ index 9d7040ced2..f8beb538d4 100644 evpkdf_pbkdf1.txt evpkdf_pbkdf2.txt evpkdf_ss.txt -@@ -65,12 +63,6 @@ push @files, qw( - evppkey_ffdhe.txt +@@ -66,12 +64,6 @@ push @files, qw( evppkey_dh.txt ) unless $no_dh; --push @files, qw( + push @files, qw( - evpkdf_x942_des.txt - evpmac_cmac_des.txt - ) unless $no_des; -push @files, qw(evppkey_dsa.txt) unless $no_dsa; -push @files, qw(evppkey_ecx.txt) unless $no_ec; - push @files, qw( +-push @files, qw( evppkey_ecc.txt evppkey_ecdh.txt + evppkey_ecdsa.txt @@ -91,6 +83,7 @@ my @defltfiles = qw( evpciph_cast5.txt evpciph_chacha.txt @@ -447,10 +447,10 @@ index 9d7040ced2..f8beb538d4 100644 push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec; push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2; -diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt -index 93195df97c..315413cd9b 100644 ---- a/test/recipes/30-test_evp_data/evpmac_common.txt -+++ b/test/recipes/30-test_evp_data/evpmac_common.txt +Index: openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt +=================================================================== +--- openssl-3.1.7.orig/test/recipes/30-test_evp_data/evpmac_common.txt ++++ openssl-3.1.7/test/recipes/30-test_evp_data/evpmac_common.txt @@ -340,6 +340,7 @@ IV = 7AE8E2CA4EC500012E58495C Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007 Result = MAC_INIT_ERROR @@ -482,7 +482,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 -@@ -371,12 +375,14 @@ Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC +@@ -371,12 +375,14 @@ Output = 20C570C31346F703C9AC36C61C03CB6 OutputSize = 64 BlockSize = 136 @@ -520,7 +520,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -407,6 +416,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F +@@ -407,6 +416,7 @@ Output = 47026C7CD793084AA0283C253EF6584 XOF = 1 Ctrl = size:32 @@ -575,7 +575,7 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -@@ -462,6 +478,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F +@@ -462,6 +478,7 @@ Output = 47026C7CD793084AA0283C253EF6584 Ctrl = xof:1 Ctrl = size:32 @@ -623,10 +623,10 @@ index 93195df97c..315413cd9b 100644 MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t -index 40dd585c18..cbec426137 100644 ---- a/test/recipes/80-test_cms.t -+++ b/test/recipes/80-test_cms.t +Index: openssl-3.1.7/test/recipes/80-test_cms.t +=================================================================== +--- openssl-3.1.7.orig/test/recipes/80-test_cms.t ++++ openssl-3.1.7/test/recipes/80-test_cms.t @@ -96,7 +96,7 @@ my @smime_pkcs7_tests = ( \&final_compare ], @@ -699,7 +699,7 @@ index 40dd585c18..cbec426137 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-signer", $smrsa1, "-signer", catfile($smdir, "smrsa2.pem"), -@@ -248,7 +248,7 @@ my @smime_pkcs7_tests = ( +@@ -250,7 +250,7 @@ my @smime_pkcs7_tests = ( my @smime_cms_tests = ( @@ -708,7 +708,7 @@ index 40dd585c18..cbec426137 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid", "-signer", $smrsa1, -@@ -261,7 +261,7 @@ my @smime_cms_tests = ( +@@ -263,7 +263,7 @@ my @smime_cms_tests = ( \&final_compare ], @@ -717,7 +717,7 @@ index 40dd585c18..cbec426137 100644 [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-signer", $smrsa1, "-signer", catfile($smdir, "smrsa2.pem"), -@@ -371,7 +371,7 @@ my @smime_cms_tests = ( +@@ -373,7 +373,7 @@ my @smime_cms_tests = ( \&final_compare ], @@ -726,10 +726,10 @@ index 40dd585c18..cbec426137 100644 [ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", "-stream", "-out", "{output}.cms" ], -diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t -index 50b74a1e29..e2dcb68fb5 100644 ---- a/test/recipes/80-test_ssl_old.t -+++ b/test/recipes/80-test_ssl_old.t +Index: openssl-3.1.7/test/recipes/80-test_ssl_old.t +=================================================================== +--- openssl-3.1.7.orig/test/recipes/80-test_ssl_old.t ++++ openssl-3.1.7/test/recipes/80-test_ssl_old.t @@ -436,7 +436,7 @@ sub testssl { my @exkeys = (); my $ciphers = '-PSK:-SRP:@SECLEVEL=0'; @@ -739,6 +739,3 @@ index 50b74a1e29..e2dcb68fb5 100644 push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey; } --- -2.41.0 - diff --git a/openssl-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch b/openssl-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch deleted file mode 100644 index e79c626..0000000 --- a/openssl-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch +++ /dev/null @@ -1,309 +0,0 @@ -From 4580c303fa88f77a98461fee5fe26b5db725967c Mon Sep 17 00:00:00 2001 -From: Todd Short -Date: Thu, 1 Feb 2024 23:09:38 -0500 -Subject: [PATCH 1/2] Fix EVP_PKEY_CTX_add1_hkdf_info() behavior - -Fix #23448 - -`EVP_PKEY_CTX_add1_hkdf_info()` behaves like a `set1` function. - -Fix the setting of the parameter in the params code. -Update the TLS_PRF code to also use the params code. -Add tests. - -Reviewed-by: Shane Lontis -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/23456) - -(cherry picked from commit 6b566687b58fde08b28e3331377f050768fad89b) ---- - crypto/evp/pmeth_lib.c | 65 ++++++++++++++++++- - providers/implementations/exchange/kdf_exch.c | 42 ++++++++++++ - providers/implementations/kdfs/hkdf.c | 8 +++ - test/pkey_meth_kdf_test.c | 53 +++++++++++---- - 4 files changed, 156 insertions(+), 12 deletions(-) - -diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c -index ba1971c..d0eeaf7 100644 ---- a/crypto/evp/pmeth_lib.c -+++ b/crypto/evp/pmeth_lib.c -@@ -1028,6 +1028,69 @@ static int evp_pkey_ctx_set1_octet_string(EVP_PKEY_CTX *ctx, int fallback, - return EVP_PKEY_CTX_set_params(ctx, octet_string_params); - } - -+static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback, -+ const char *param, int op, int ctrl, -+ const unsigned char *data, -+ int datalen) -+{ -+ OSSL_PARAM os_params[2]; -+ unsigned char *info = NULL; -+ size_t info_len = 0; -+ size_t info_alloc = 0; -+ int ret = 0; -+ -+ if (ctx == NULL || (ctx->operation & op) == 0) { -+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); -+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */ -+ return -2; -+ } -+ -+ /* Code below to be removed when legacy support is dropped. */ -+ if (fallback) -+ return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, datalen, (void *)(data)); -+ /* end of legacy support */ -+ -+ if (datalen < 0) { -+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH); -+ return 0; -+ } -+ -+ /* Get the original value length */ -+ os_params[0] = OSSL_PARAM_construct_octet_string(param, NULL, 0); -+ os_params[1] = OSSL_PARAM_construct_end(); -+ -+ if (!EVP_PKEY_CTX_get_params(ctx, os_params)) -+ return 0; -+ -+ /* Older provider that doesn't support getting this parameter */ -+ if (os_params[0].return_size == OSSL_PARAM_UNMODIFIED) -+ return evp_pkey_ctx_set1_octet_string(ctx, fallback, param, op, ctrl, data, datalen); -+ -+ info_alloc = os_params[0].return_size + datalen; -+ if (info_alloc == 0) -+ return 0; -+ info = OPENSSL_zalloc(info_alloc); -+ if (info == NULL) -+ return 0; -+ info_len = os_params[0].return_size; -+ -+ os_params[0] = OSSL_PARAM_construct_octet_string(param, info, info_alloc); -+ -+ /* if we have data, then go get it */ -+ if (info_len > 0) { -+ if (!EVP_PKEY_CTX_get_params(ctx, os_params)) -+ goto error; -+ } -+ -+ /* Copy the input data */ -+ memcpy(&info[info_len], data, datalen); -+ ret = EVP_PKEY_CTX_set_params(ctx, os_params); -+ -+ error: -+ OPENSSL_clear_free(info, info_alloc); -+ return ret; -+} -+ - int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *ctx, - const unsigned char *sec, int seclen) - { -@@ -1078,7 +1141,7 @@ int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx, - int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx, - const unsigned char *info, int infolen) - { -- return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, -+ return evp_pkey_ctx_add1_octet_string(ctx, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_INFO, - EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_INFO, -diff --git a/providers/implementations/exchange/kdf_exch.c b/providers/implementations/exchange/kdf_exch.c -index 527a866..4bc8102 100644 ---- a/providers/implementations/exchange/kdf_exch.c -+++ b/providers/implementations/exchange/kdf_exch.c -@@ -28,9 +28,13 @@ static OSSL_FUNC_keyexch_derive_fn kdf_derive; - static OSSL_FUNC_keyexch_freectx_fn kdf_freectx; - static OSSL_FUNC_keyexch_dupctx_fn kdf_dupctx; - static OSSL_FUNC_keyexch_set_ctx_params_fn kdf_set_ctx_params; -+static OSSL_FUNC_keyexch_get_ctx_params_fn kdf_get_ctx_params; - static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_tls1_prf_settable_ctx_params; - static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_hkdf_settable_ctx_params; - static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_scrypt_settable_ctx_params; -+static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_tls1_prf_gettable_ctx_params; -+static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params; -+static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_scrypt_gettable_ctx_params; - - typedef struct { - void *provctx; -@@ -169,6 +173,13 @@ static int kdf_set_ctx_params(void *vpkdfctx, const OSSL_PARAM params[]) - return EVP_KDF_CTX_set_params(pkdfctx->kdfctx, params); - } - -+static int kdf_get_ctx_params(void *vpkdfctx, OSSL_PARAM params[]) -+{ -+ PROV_KDF_CTX *pkdfctx = (PROV_KDF_CTX *)vpkdfctx; -+ -+ return EVP_KDF_CTX_get_params(pkdfctx->kdfctx, params); -+} -+ - static const OSSL_PARAM *kdf_settable_ctx_params(ossl_unused void *vpkdfctx, - void *provctx, - const char *kdfname) -@@ -197,6 +208,34 @@ KDF_SETTABLE_CTX_PARAMS(tls1_prf, "TLS1-PRF") - KDF_SETTABLE_CTX_PARAMS(hkdf, "HKDF") - KDF_SETTABLE_CTX_PARAMS(scrypt, "SCRYPT") - -+static const OSSL_PARAM *kdf_gettable_ctx_params(ossl_unused void *vpkdfctx, -+ void *provctx, -+ const char *kdfname) -+{ -+ EVP_KDF *kdf = EVP_KDF_fetch(PROV_LIBCTX_OF(provctx), kdfname, -+ NULL); -+ const OSSL_PARAM *params; -+ -+ if (kdf == NULL) -+ return NULL; -+ -+ params = EVP_KDF_gettable_ctx_params(kdf); -+ EVP_KDF_free(kdf); -+ -+ return params; -+} -+ -+#define KDF_GETTABLE_CTX_PARAMS(funcname, kdfname) \ -+ static const OSSL_PARAM *kdf_##funcname##_gettable_ctx_params(void *vpkdfctx, \ -+ void *provctx) \ -+ { \ -+ return kdf_gettable_ctx_params(vpkdfctx, provctx, kdfname); \ -+ } -+ -+KDF_GETTABLE_CTX_PARAMS(tls1_prf, "TLS1-PRF") -+KDF_GETTABLE_CTX_PARAMS(hkdf, "HKDF") -+KDF_GETTABLE_CTX_PARAMS(scrypt, "SCRYPT") -+ - #define KDF_KEYEXCH_FUNCTIONS(funcname) \ - const OSSL_DISPATCH ossl_kdf_##funcname##_keyexch_functions[] = { \ - { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))kdf_##funcname##_newctx }, \ -@@ -205,8 +244,11 @@ KDF_SETTABLE_CTX_PARAMS(scrypt, "SCRYPT") - { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))kdf_freectx }, \ - { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))kdf_dupctx }, \ - { OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS, (void (*)(void))kdf_set_ctx_params }, \ -+ { OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS, (void (*)(void))kdf_get_ctx_params }, \ - { OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS, \ - (void (*)(void))kdf_##funcname##_settable_ctx_params }, \ -+ { OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS, \ -+ (void (*)(void))kdf_##funcname##_gettable_ctx_params }, \ - { 0, NULL } \ - }; - -diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c -index daa619b..dd65a2a 100644 ---- a/providers/implementations/kdfs/hkdf.c -+++ b/providers/implementations/kdfs/hkdf.c -@@ -371,6 +371,13 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) - return 0; - return OSSL_PARAM_set_size_t(p, sz); - } -+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_INFO)) != NULL) { -+ if (ctx->info == NULL || ctx->info_len == 0) { -+ p->return_size = 0; -+ return 1; -+ } -+ return OSSL_PARAM_set_octet_string(p, ctx->info, ctx->info_len); -+ } - return -2; - } - -@@ -379,6 +386,7 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx, - { - static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), -+ OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0), - OSSL_PARAM_END - }; - return known_gettable_ctx_params; -diff --git a/test/pkey_meth_kdf_test.c b/test/pkey_meth_kdf_test.c -index f816d24..c09e2f3 100644 ---- a/test/pkey_meth_kdf_test.c -+++ b/test/pkey_meth_kdf_test.c -@@ -16,7 +16,7 @@ - #include - #include "testutil.h" - --static int test_kdf_tls1_prf(void) -+static int test_kdf_tls1_prf(int index) - { - int ret = 0; - EVP_PKEY_CTX *pctx; -@@ -40,10 +40,23 @@ static int test_kdf_tls1_prf(void) - TEST_error("EVP_PKEY_CTX_set1_tls1_prf_secret"); - goto err; - } -- if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, -- (unsigned char *)"seed", 4) <= 0) { -- TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); -- goto err; -+ if (index == 0) { -+ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, -+ (unsigned char *)"seed", 4) <= 0) { -+ TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); -+ goto err; -+ } -+ } else { -+ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, -+ (unsigned char *)"se", 2) <= 0) { -+ TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); -+ goto err; -+ } -+ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, -+ (unsigned char *)"ed", 2) <= 0) { -+ TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); -+ goto err; -+ } - } - if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { - TEST_error("EVP_PKEY_derive"); -@@ -65,7 +78,7 @@ err: - return ret; - } - --static int test_kdf_hkdf(void) -+static int test_kdf_hkdf(int index) - { - int ret = 0; - EVP_PKEY_CTX *pctx; -@@ -94,10 +107,23 @@ static int test_kdf_hkdf(void) - TEST_error("EVP_PKEY_CTX_set1_hkdf_key"); - goto err; - } -- if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"label", 5) -+ if (index == 0) { -+ if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"label", 5) - <= 0) { -- TEST_error("EVP_PKEY_CTX_set1_hkdf_info"); -- goto err; -+ TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); -+ goto err; -+ } -+ } else { -+ if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"lab", 3) -+ <= 0) { -+ TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); -+ goto err; -+ } -+ if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"el", 2) -+ <= 0) { -+ TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); -+ goto err; -+ } - } - if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { - TEST_error("EVP_PKEY_derive"); -@@ -195,8 +221,13 @@ err: - - int setup_tests(void) - { -- ADD_TEST(test_kdf_tls1_prf); -- ADD_TEST(test_kdf_hkdf); -+ int tests = 1; -+ -+ if (fips_provider_version_ge(NULL, 3, 3, 1)) -+ tests = 2; -+ -+ ADD_ALL_TESTS(test_kdf_tls1_prf, tests); -+ ADD_ALL_TESTS(test_kdf_hkdf, tests); - #ifndef OPENSSL_NO_SCRYPT - ADD_TEST(test_kdf_scrypt); - #endif --- -2.45.1 - diff --git a/openssl-Force-FIPS.patch b/openssl-Force-FIPS.patch index 3ba0f44..ea7e6ad 100644 --- a/openssl-Force-FIPS.patch +++ b/openssl-Force-FIPS.patch @@ -11,10 +11,10 @@ Patch-status: | crypto/provider_conf.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) -Index: openssl-3.1.4/crypto/provider_conf.c +Index: openssl-3.1.7/crypto/provider_conf.c =================================================================== ---- openssl-3.1.4.orig/crypto/provider_conf.c -+++ openssl-3.1.4/crypto/provider_conf.c +--- openssl-3.1.7.orig/crypto/provider_conf.c ++++ openssl-3.1.7/crypto/provider_conf.c @@ -10,6 +10,8 @@ #include #include @@ -24,25 +24,25 @@ Index: openssl-3.1.4/crypto/provider_conf.c #include #include #include -@@ -169,7 +171,7 @@ static int provider_conf_activate(OSSL_L +@@ -237,7 +239,7 @@ static int provider_conf_activate(OSSL_L if (path != NULL) ossl_provider_set_module_path(prov, path); - ok = provider_conf_params(prov, NULL, NULL, value, cnf); + ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1; - if (ok) { + if (ok == 1) { if (!ossl_provider_activate(prov, 1, 0)) { -@@ -197,6 +199,8 @@ static int provider_conf_activate(OSSL_L - } - if (!ok) +@@ -266,6 +268,8 @@ static int provider_conf_activate(OSSL_L + + if (ok <= 0) ossl_provider_free(prov); + } else { + ok = 1; } CRYPTO_THREAD_unlock(pcgbl->lock); -@@ -309,6 +313,33 @@ static int provider_conf_init(CONF_IMODU +@@ -383,6 +387,33 @@ static int provider_conf_init(CONF_IMODU return 0; } diff --git a/openssl-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch b/openssl-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch deleted file mode 100644 index 0ad7660..0000000 --- a/openssl-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch +++ /dev/null @@ -1,94 +0,0 @@ -From d6a9c21302e01c33a9a919e7ba380ba3b0ed65b0 Mon Sep 17 00:00:00 2001 -From: trinity-1686a -Date: Mon, 15 Apr 2024 11:13:14 +0200 -Subject: [PATCH 2/2] Handle empty param in EVP_PKEY_CTX_add1_hkdf_info - -Fixes #24130 -The regression was introduced in PR #23456. - -Reviewed-by: Paul Dale -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24141) - -(cherry picked from commit 299996fb1fcd76eeadfd547958de2a1b822f37f5) ---- - crypto/evp/pmeth_lib.c | 2 ++ - test/evp_extra_test.c | 42 ++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 44 insertions(+) - -diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c -index d0eeaf7..bce1ebc 100644 ---- a/crypto/evp/pmeth_lib.c -+++ b/crypto/evp/pmeth_lib.c -@@ -1053,6 +1053,8 @@ static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback, - if (datalen < 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH); - return 0; -+ } else if (datalen == 0) { -+ return 1; - } - - /* Get the original value length */ -diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c -index 9b3bee7..22121ce 100644 ---- a/test/evp_extra_test.c -+++ b/test/evp_extra_test.c -@@ -2565,6 +2565,47 @@ static int test_emptyikm_HKDF(void) - return ret; - } - -+static int test_empty_salt_info_HKDF(void) -+{ -+ EVP_PKEY_CTX *pctx; -+ unsigned char out[20]; -+ size_t outlen; -+ int ret = 0; -+ unsigned char salt[] = ""; -+ unsigned char key[] = "012345678901234567890123456789"; -+ unsigned char info[] = ""; -+ const unsigned char expected[] = { -+ 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a, -+ 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06, -+ }; -+ size_t expectedlen = sizeof(expected); -+ -+ if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) -+ goto done; -+ -+ outlen = sizeof(out); -+ memset(out, 0, outlen); -+ -+ if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) -+ || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) -+ || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, -+ sizeof(salt) - 1), 0) -+ || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, -+ sizeof(key) - 1), 0) -+ || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, -+ sizeof(info) - 1), 0) -+ || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) -+ || !TEST_mem_eq(out, outlen, expected, expectedlen)) -+ goto done; -+ -+ ret = 1; -+ -+ done: -+ EVP_PKEY_CTX_free(pctx); -+ -+ return ret; -+} -+ - #ifndef OPENSSL_NO_EC - static int test_X509_PUBKEY_inplace(void) - { -@@ -5166,6 +5207,7 @@ int setup_tests(void) - #endif - ADD_TEST(test_HKDF); - ADD_TEST(test_emptyikm_HKDF); -+ ADD_TEST(test_empty_salt_info_HKDF); - #ifndef OPENSSL_NO_EC - ADD_TEST(test_X509_PUBKEY_inplace); - ADD_TEST(test_X509_PUBKEY_dup); --- -2.45.1 - diff --git a/openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch b/openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch deleted file mode 100644 index 7c57d6b..0000000 --- a/openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch +++ /dev/null @@ -1,495 +0,0 @@ -From 3d3a7ecd1ae5ab08d22041f7b3b035c34f12fa02 Mon Sep 17 00:00:00 2001 -From: Danny Tsen -Date: Tue, 22 Aug 2023 15:58:53 -0400 -Subject: [PATCH] Improve performance for 6x unrolling with vpermxor - instruction - -Reviewed-by: Paul Dale -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/21812) ---- - crypto/aes/asm/aesp8-ppc.pl | 145 +++++++++++++++++++++++------------- - 1 file changed, 95 insertions(+), 50 deletions(-) - -diff --git a/crypto/aes/asm/aesp8-ppc.pl b/crypto/aes/asm/aesp8-ppc.pl -index 60cf86f52aed2..38b9405a283b7 100755 ---- a/crypto/aes/asm/aesp8-ppc.pl -+++ b/crypto/aes/asm/aesp8-ppc.pl -@@ -99,11 +99,12 @@ - .long 0x1b000000, 0x1b000000, 0x1b000000, 0x1b000000 ?rev - .long 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c ?rev - .long 0,0,0,0 ?asis -+.long 0x0f102132, 0x43546576, 0x8798a9ba, 0xcbdcedfe - Lconsts: - mflr r0 - bcl 20,31,\$+4 - mflr $ptr #vvvvv "distance between . and rcon -- addi $ptr,$ptr,-0x48 -+ addi $ptr,$ptr,-0x58 - mtlr r0 - blr - .long 0 -@@ -2405,7 +2406,7 @@ () - my $key_=$key2; - my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,3,26..31)); - $x00=0 if ($flavour =~ /osx/); --my ($in0, $in1, $in2, $in3, $in4, $in5 )=map("v$_",(0..5)); -+my ($in0, $in1, $in2, $in3, $in4, $in5)=map("v$_",(0..5)); - my ($out0, $out1, $out2, $out3, $out4, $out5)=map("v$_",(7,12..16)); - my ($twk0, $twk1, $twk2, $twk3, $twk4, $twk5)=map("v$_",(17..22)); - my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys -@@ -2460,6 +2461,18 @@ () - li $x70,0x70 - mtspr 256,r0 - -+ # Reverse eighty7 to 0x010101..87 -+ xxlor 2, 32+$eighty7, 32+$eighty7 -+ vsldoi $eighty7,$tmp,$eighty7,1 # 0x010101..87 -+ xxlor 1, 32+$eighty7, 32+$eighty7 -+ -+ # Load XOR contents. 0xf102132435465768798a9bacbdcedfe -+ mr $x70, r6 -+ bl Lconsts -+ lxvw4x 0, $x40, r6 # load XOR contents -+ mr r6, $x70 -+ li $x70,0x70 -+ - subi $rounds,$rounds,3 # -4 in total - - lvx $rndkey0,$x00,$key1 # load key schedule -@@ -2502,69 +2515,77 @@ () - ?vperm v31,v31,$twk5,$keyperm - lvx v25,$x10,$key_ # pre-load round[2] - -+ # Switch to use the following codes with 0x010101..87 to generate tweak. -+ # eighty7 = 0x010101..87 -+ # vsrab tmp, tweak, seven # next tweak value, right shift 7 bits -+ # vand tmp, tmp, eighty7 # last byte with carry -+ # vaddubm tweak, tweak, tweak # left shift 1 bit (x2) -+ # xxlor vsx, 0, 0 -+ # vpermxor tweak, tweak, tmp, vsx -+ - vperm $in0,$inout,$inptail,$inpperm - subi $inp,$inp,31 # undo "caller" - vxor $twk0,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - vand $tmp,$tmp,$eighty7 - vxor $out0,$in0,$twk0 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in1, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in1 - - lvx_u $in1,$x10,$inp - vxor $twk1,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in1,$in1,$in1,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out1,$in1,$twk1 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in2, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in2 - - lvx_u $in2,$x20,$inp - andi. $taillen,$len,15 - vxor $twk2,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in2,$in2,$in2,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out2,$in2,$twk2 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in3, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in3 - - lvx_u $in3,$x30,$inp - sub $len,$len,$taillen - vxor $twk3,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in3,$in3,$in3,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out3,$in3,$twk3 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in4, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in4 - - lvx_u $in4,$x40,$inp - subi $len,$len,0x60 - vxor $twk4,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in4,$in4,$in4,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out4,$in4,$twk4 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in5, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in5 - - lvx_u $in5,$x50,$inp - addi $inp,$inp,0x60 - vxor $twk5,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in5,$in5,$in5,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out5,$in5,$twk5 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in0, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in0 - - vxor v31,v31,$rndkey0 - mtctr $rounds -@@ -2590,6 +2611,8 @@ () - lvx v25,$x10,$key_ # round[4] - bdnz Loop_xts_enc6x - -+ xxlor 32+$eighty7, 1, 1 # 0x010101..87 -+ - subic $len,$len,96 # $len-=96 - vxor $in0,$twk0,v31 # xor with last round key - vcipher $out0,$out0,v24 -@@ -2599,7 +2622,6 @@ () - vaddubm $tweak,$tweak,$tweak - vcipher $out2,$out2,v24 - vcipher $out3,$out3,v24 -- vsldoi $tmp,$tmp,$tmp,15 - vcipher $out4,$out4,v24 - vcipher $out5,$out5,v24 - -@@ -2607,7 +2629,8 @@ () - vand $tmp,$tmp,$eighty7 - vcipher $out0,$out0,v25 - vcipher $out1,$out1,v25 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in1, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in1 - vcipher $out2,$out2,v25 - vcipher $out3,$out3,v25 - vxor $in1,$twk1,v31 -@@ -2618,13 +2641,13 @@ () - - and r0,r0,$len - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - vcipher $out0,$out0,v26 - vcipher $out1,$out1,v26 - vand $tmp,$tmp,$eighty7 - vcipher $out2,$out2,v26 - vcipher $out3,$out3,v26 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in2, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in2 - vcipher $out4,$out4,v26 - vcipher $out5,$out5,v26 - -@@ -2638,7 +2661,6 @@ () - vaddubm $tweak,$tweak,$tweak - vcipher $out0,$out0,v27 - vcipher $out1,$out1,v27 -- vsldoi $tmp,$tmp,$tmp,15 - vcipher $out2,$out2,v27 - vcipher $out3,$out3,v27 - vand $tmp,$tmp,$eighty7 -@@ -2646,7 +2668,8 @@ () - vcipher $out5,$out5,v27 - - addi $key_,$sp,$FRAME+15 # rewind $key_ -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in3, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in3 - vcipher $out0,$out0,v28 - vcipher $out1,$out1,v28 - vxor $in3,$twk3,v31 -@@ -2655,7 +2678,6 @@ () - vcipher $out2,$out2,v28 - vcipher $out3,$out3,v28 - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - vcipher $out4,$out4,v28 - vcipher $out5,$out5,v28 - lvx v24,$x00,$key_ # re-pre-load round[1] -@@ -2663,7 +2685,8 @@ () - - vcipher $out0,$out0,v29 - vcipher $out1,$out1,v29 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in4, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in4 - vcipher $out2,$out2,v29 - vcipher $out3,$out3,v29 - vxor $in4,$twk4,v31 -@@ -2673,14 +2696,14 @@ () - vcipher $out5,$out5,v29 - lvx v25,$x10,$key_ # re-pre-load round[2] - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - - vcipher $out0,$out0,v30 - vcipher $out1,$out1,v30 - vand $tmp,$tmp,$eighty7 - vcipher $out2,$out2,v30 - vcipher $out3,$out3,v30 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in5, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in5 - vcipher $out4,$out4,v30 - vcipher $out5,$out5,v30 - vxor $in5,$twk5,v31 -@@ -2690,7 +2713,6 @@ () - vcipherlast $out0,$out0,$in0 - lvx_u $in0,$x00,$inp # load next input block - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - vcipherlast $out1,$out1,$in1 - lvx_u $in1,$x10,$inp - vcipherlast $out2,$out2,$in2 -@@ -2703,7 +2725,10 @@ () - vcipherlast $out4,$out4,$in4 - le?vperm $in2,$in2,$in2,$leperm - lvx_u $in4,$x40,$inp -- vxor $tweak,$tweak,$tmp -+ xxlor 10, 32+$in0, 32+$in0 -+ xxlor 32+$in0, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in0 -+ xxlor 32+$in0, 10, 10 - vcipherlast $tmp,$out5,$in5 # last block might be needed - # in stealing mode - le?vperm $in3,$in3,$in3,$leperm -@@ -2736,6 +2761,8 @@ () - mtctr $rounds - beq Loop_xts_enc6x # did $len-=96 borrow? - -+ xxlor 32+$eighty7, 2, 2 # 0x870101..01 -+ - addic. $len,$len,0x60 - beq Lxts_enc6x_zero - cmpwi $len,0x20 -@@ -3112,6 +3139,18 @@ () - li $x70,0x70 - mtspr 256,r0 - -+ # Reverse eighty7 to 0x010101..87 -+ xxlor 2, 32+$eighty7, 32+$eighty7 -+ vsldoi $eighty7,$tmp,$eighty7,1 # 0x010101..87 -+ xxlor 1, 32+$eighty7, 32+$eighty7 -+ -+ # Load XOR contents. 0xf102132435465768798a9bacbdcedfe -+ mr $x70, r6 -+ bl Lconsts -+ lxvw4x 0, $x40, r6 # load XOR contents -+ mr r6, $x70 -+ li $x70,0x70 -+ - subi $rounds,$rounds,3 # -4 in total - - lvx $rndkey0,$x00,$key1 # load key schedule -@@ -3159,64 +3198,64 @@ () - vxor $twk0,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - vand $tmp,$tmp,$eighty7 - vxor $out0,$in0,$twk0 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in1, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in1 - - lvx_u $in1,$x10,$inp - vxor $twk1,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in1,$in1,$in1,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out1,$in1,$twk1 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in2, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in2 - - lvx_u $in2,$x20,$inp - andi. $taillen,$len,15 - vxor $twk2,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in2,$in2,$in2,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out2,$in2,$twk2 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in3, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in3 - - lvx_u $in3,$x30,$inp - sub $len,$len,$taillen - vxor $twk3,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in3,$in3,$in3,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out3,$in3,$twk3 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in4, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in4 - - lvx_u $in4,$x40,$inp - subi $len,$len,0x60 - vxor $twk4,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in4,$in4,$in4,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out4,$in4,$twk4 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in5, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in5 - - lvx_u $in5,$x50,$inp - addi $inp,$inp,0x60 - vxor $twk5,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in5,$in5,$in5,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out5,$in5,$twk5 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in0, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in0 - - vxor v31,v31,$rndkey0 - mtctr $rounds -@@ -3242,6 +3281,8 @@ () - lvx v25,$x10,$key_ # round[4] - bdnz Loop_xts_dec6x - -+ xxlor 32+$eighty7, 1, 1 -+ - subic $len,$len,96 # $len-=96 - vxor $in0,$twk0,v31 # xor with last round key - vncipher $out0,$out0,v24 -@@ -3251,7 +3292,6 @@ () - vaddubm $tweak,$tweak,$tweak - vncipher $out2,$out2,v24 - vncipher $out3,$out3,v24 -- vsldoi $tmp,$tmp,$tmp,15 - vncipher $out4,$out4,v24 - vncipher $out5,$out5,v24 - -@@ -3259,7 +3299,8 @@ () - vand $tmp,$tmp,$eighty7 - vncipher $out0,$out0,v25 - vncipher $out1,$out1,v25 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in1, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in1 - vncipher $out2,$out2,v25 - vncipher $out3,$out3,v25 - vxor $in1,$twk1,v31 -@@ -3270,13 +3311,13 @@ () - - and r0,r0,$len - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - vncipher $out0,$out0,v26 - vncipher $out1,$out1,v26 - vand $tmp,$tmp,$eighty7 - vncipher $out2,$out2,v26 - vncipher $out3,$out3,v26 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in2, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in2 - vncipher $out4,$out4,v26 - vncipher $out5,$out5,v26 - -@@ -3290,7 +3331,6 @@ () - vaddubm $tweak,$tweak,$tweak - vncipher $out0,$out0,v27 - vncipher $out1,$out1,v27 -- vsldoi $tmp,$tmp,$tmp,15 - vncipher $out2,$out2,v27 - vncipher $out3,$out3,v27 - vand $tmp,$tmp,$eighty7 -@@ -3298,7 +3338,8 @@ () - vncipher $out5,$out5,v27 - - addi $key_,$sp,$FRAME+15 # rewind $key_ -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in3, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in3 - vncipher $out0,$out0,v28 - vncipher $out1,$out1,v28 - vxor $in3,$twk3,v31 -@@ -3307,7 +3348,6 @@ () - vncipher $out2,$out2,v28 - vncipher $out3,$out3,v28 - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - vncipher $out4,$out4,v28 - vncipher $out5,$out5,v28 - lvx v24,$x00,$key_ # re-pre-load round[1] -@@ -3315,7 +3355,8 @@ () - - vncipher $out0,$out0,v29 - vncipher $out1,$out1,v29 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in4, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in4 - vncipher $out2,$out2,v29 - vncipher $out3,$out3,v29 - vxor $in4,$twk4,v31 -@@ -3325,14 +3366,14 @@ () - vncipher $out5,$out5,v29 - lvx v25,$x10,$key_ # re-pre-load round[2] - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - - vncipher $out0,$out0,v30 - vncipher $out1,$out1,v30 - vand $tmp,$tmp,$eighty7 - vncipher $out2,$out2,v30 - vncipher $out3,$out3,v30 -- vxor $tweak,$tweak,$tmp -+ xxlor 32+$in5, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in5 - vncipher $out4,$out4,v30 - vncipher $out5,$out5,v30 - vxor $in5,$twk5,v31 -@@ -3342,7 +3383,6 @@ () - vncipherlast $out0,$out0,$in0 - lvx_u $in0,$x00,$inp # load next input block - vaddubm $tweak,$tweak,$tweak -- vsldoi $tmp,$tmp,$tmp,15 - vncipherlast $out1,$out1,$in1 - lvx_u $in1,$x10,$inp - vncipherlast $out2,$out2,$in2 -@@ -3355,7 +3395,10 @@ () - vncipherlast $out4,$out4,$in4 - le?vperm $in2,$in2,$in2,$leperm - lvx_u $in4,$x40,$inp -- vxor $tweak,$tweak,$tmp -+ xxlor 10, 32+$in0, 32+$in0 -+ xxlor 32+$in0, 0, 0 -+ vpermxor $tweak, $tweak, $tmp, $in0 -+ xxlor 32+$in0, 10, 10 - vncipherlast $out5,$out5,$in5 - le?vperm $in3,$in3,$in3,$leperm - lvx_u $in5,$x50,$inp -@@ -3386,6 +3429,8 @@ () - mtctr $rounds - beq Loop_xts_dec6x # did $len-=96 borrow? - -+ xxlor 32+$eighty7, 2, 2 -+ - addic. $len,$len,0x60 - beq Lxts_dec6x_zero - cmpwi $len,0x20 diff --git a/openssl.keyring b/openssl.keyring index d7ab2d7..84cbddc 100644 --- a/openssl.keyring +++ b/openssl.keyring @@ -1,305 +1,31 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Comment: 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 -Comment: Matt Caswell -Comment: Matt Caswell +Comment: BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF +Comment: OpenSSL -mQENBFGALsIBCADBkh6zfxbewW2KJjaMaishSrpxuiVaUyvWgpe6Moae7JNCW8ay -hJbwAtsQ69SGA4gUkyrR6PBvDMVYEiYqZwXB/3IErStESjcu+gkbmsa0XcwHpkE3 -iN7I8aU66yMt710nGEmcrR5E4u4NuNoHtnOBKEh+RCLGp5mo6hwbUYUzG3eUI/zi -2hLApPpaATXnD3ZkhgtHV3ln3Z16nUWQAdIVToxYhvVno2EQsqe8Q3ifl2Uf0Ypa -N19BDBrxM3WPOAKbJk0Ab1bjgEadavrFBCOl9CrbThewRGmkOdxJWaVkERXMShlz -UzjJvKOUEUGOxJCmnfQimPQoCdQyVFLgHfRFABEBAAG0H01hdHQgQ2Fzd2VsbCA8 -bWF0dEBvcGVuc3NsLm9yZz6JATgEEwECACIFAlPevrwCGwMGCwkIBwMCBhUIAgkK -CwQWAgMBAh4BAheAAAoJENnE0m0OYESRoD0H/1lEJXfr66rdvskyOi0zU0ARvUXH -jbmmYkZ7ETkdXh7Va/Tjn81T3pwmr3F4IcLGNLDz4Eg67xbq/T8rrsEPOx5nV/mR -nUT97UmsQuLnR2wLGbRBu24FKM7oX3KQvgIdJWdxHHJsjpGCViE1mIFARAzlN+6p -3tPbnQzANjRy7i/PYU/niGdqVcMhcnZCX5F7YH6w6t0ZmYH3m1QeREnWqfxu7eyH -sIvebMgKTI/bMG8Z7KlLZha9HwrFXQAPIST6sfc1blKJ9INUDM9iK6DR/ulkw7e0 -hmHLqjWqYs5PzyXeoNnsPXJt69wiADYqj4KNDIdNp1RoF9qfb1nE+DM6rga0IE1h -dHQgQ2Fzd2VsbCA8ZnJvZG9AYmFnZ2lucy5vcmc+iQE4BBMBAgAiBQJRgC7CAhsD -BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDZxNJtDmBEkWP+B/0SsWSeLGo+ -viob8935Uirei4FvnzGOUV1w/dgDLSzavmysVxb4q9psp1vj1KEtm18vzZO79AeA -RGwWTQYGmFmrNRWZ2DgbjGyJ4LS5kLBqQ9FaF7vUFtml6R04yx+RTgQTg601XsAj -eU8uSarmeZgGVMAInsdMrUc74lJeWKSnovr4IFOdgiU/env19tK355bsfTvb0ksE -5Q7wnnoRXdLyNet0AWf4ednWDEnRb6cIVDF28URjxH6yIfqAVe7VnuDB4Sfuck4R -4gYFS/xGfTgocPUDZ4rUz8wleGLwDIiU7GpilmtZTl1FTPkFa/mqbcJgdVTJqLZO -5vISJkZvqE5UuQENBFGALsIBCADPZ1CQBKbFQWMCvdjz/TJaNf3rV6eiYASOvLDg -icU8Mwa208yJXr1UF6lvc3Tgw+jmynIBjbhvhujcJ+eD+jHEaXdncaK/WAPsmiNM -k+glZ4cbF48HP77kOLQQC+rX7jAF0VSHhFZNtnCpOByQevCJlwgkXckYvRyBOYk6 -2R7BwuLIwLIq4ZXNKPIVN4KpCodhIcGuvlPJczcdOoaBRGcSFUbXqM9Y8whyJhex -F87RHAyGpjvLnJFSgLimyYBRpFN25LzYFpXPD4MeLUVDSRgtSxOJ2KmkhMHntUqQ -P1XsIgzm4/ez6Mwkxc0QlAQp0r2gJU56QPdE5zgx+2q/i+WhABEBAAGJAR8EGAEC -AAkFAlGALsICGwwACgkQ2cTSbQ5gRJELNgf/elwfYchaV/24buNWDa+50gOuXQ4v -Xfj5DKry6aYnJBt1UeMV1ssMxCU8OltgzTMhTupjrXV1oDXYAxexymWLxwa+qcrb -SwDD+wX1gb1O2GOfbiplEnOb5dDc7Gkm8eTw0kBJEiAiyPv4SMLhFzm+me4Dq1+x -dbsvN05hxTjow9pi5eYrFMxYWi1ZNH2UmPpgoIN/4p28G/IN9fdWG5Ni315p3WhL -HRMzC609IOsCIJsm8+lHVblT30jxpctFVlQBtbDTzgqQLiaTVevlca3VYgMd70D2 -8d186gxUtSEpZ3dKkv+0V8DLhQ6VR/wQ780HKIpFp6UWP5aDxpEoOEwe2g== -=Z0q9 ------END PGP PUBLIC KEY BLOCK----- ------BEGIN PGP PUBLIC KEY BLOCK----- -Comment: B7C1 C143 60F3 53A3 6862 E4D5 231C 84CD DCC6 9C45 -Comment: Paul Dale - -mQINBGApr7sBEACoyczHMNgWiVg4jMjtdkb5j7csKPdFx8B7FJNMFrL/Z/I1BjwM -TQ7fxKvDN6z3mjAMKhU+wCL9vUSSMUtyze/fox09n84jYDwN3n37ozkrhcDB01ia -iKCCeRNEW6meTs3/aJPGCznIOk/kMHlnZnQPcSphIexo/ZUyB59h6smz2LvoTZg0 -aeZeJwe0cfaVnWYA1a9wr+QJDQwRkEqdy772cM03Phs/sRWd4+nBqP1XxWlX30Yj -VGjDsY3gH9AAy4oUnb7tOmk5S9FIKuMdkkWeU0Abm8/36OfZyMFbZDAMbO8i3un4 -eIQOg5tjynSXYel3nlJ/fwoSHefPgavCkBdknk842LM9xr22t+IKmy99uW7FDqvj -wbPoMg6z2Jarl0Fqu3GhIjCmKMe6TBfkYwB4fp5KtzRwrSjDo16vkMoM69mXqA7w -f1JV+BKvE6QTePNt8ix4ib5c6mPOrFnYG1X3tkNOc4/q6KcGbvS1xMax12q2/zSZ -PmoJvzWTrSF8lQDZKjMnXnhrZMY8h7lu/QE4DQ1M9U1PFdf6vwLrNaHHfi/rWKTe -fsrGp2TIqU4lm45p0fDroYqDML+gp8RMUZBU8M4wGwhludEiCoOFjXu2ECvvgrB7 -JHrh+FtMuuRPx4q2eRO75NepDfZqmp48PIqkt2b3VjisNceB70uYiUQ2eQARAQAB -tB1QYXVsIERhbGUgPHBhdWxpQG9wZW5zc2wub3JnPokCTgQTAQoAOBYhBLfBwUNg -81OjaGLk1SMchM3cxpxFBQJgKa+7AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA -AAoJECMchM3cxpxFa0YQAIAnnNek3+UXZL/u4R6hs/lJopC9p/MFbCnL0b1zZnbz -Kbbva10PA3PEv+szhylDKeDIbDKF1yEjI4BTNCLS8sLKEZWSLTMW1MZhmxWm5TdF -ebhoj6Tjjfxme4ETyk3+v3hC3Ylm0jiqHHErutRAPIW1VDFQVxKZPasv1yj3YNiB -SktTSH1MjZZtlDYjp9z3VTczvrO3BBJJSxQ5CY749pEwtjwdLTqOVtoJL8thZ3J9 -jSnSDsgFVp/pPNVxxV98Yd89JqM34MvOuD3jYSOEtMUCJgMFXNZ/c2+BpWrX+ssP -qrY9vBrq7o91K+OQHbb4Z1pjK/dzDq183E32uTOYbco7ga/JqE7c997zY0fgQsIz -hdEveC4oMydzwHQ9WzHUYR7AtTgF9kKsTHy8H6ye3uaJMIMSEdAvI4mxG/k/zG/Q -KrIt1nUJh/M7uu2IT9fM+AoR+2VV1u1vimxpCpOXpTB4mTIR5YfiaRfXnHm55iq/ -odxVj/yVqFUcujy+YC9SAoKRGJRQV0KZur1xAOJsgwUJ1iXJZwypowkI59jpwl2q -WCfZIS1ZrpIebiVk4ZBaHDe1v178uLO3IasZR7HLvcD7ESX8U88ng8J1nXHq+Uc7 -4j5Dc6CMTd5WYTkFvhjO33JiHncK8CLYOFsndIGXts/OEhp08N5JELHCeSuu4UIb -uQINBGApr7sBEADNQ6w6jQNqxWxHDjJzcXclQJFPB2qlT/5eMa7QeOYiJ5DmY2VQ -P0Mltkmrc8T/I9NfRFpaB7Z+8zE5lmjSi3N5fYWjhoZp9oP0WYfSLef4KpD7KfEE -TaBohn8cw0Kt+nmEN904w9kpLE+WAvD0qRKnilcCUWE5Es719W8dMh/8cB6FiCI5 -8myIvV63yDV1DiNyEcKNeasIFF8n3FCd0gWPXXS9Fe7muQpIJ4Lb2p3ylqcY9UaU -8n+LQAb1LL1kC468MU0LBhhkCnZ2BacWnJu7JrzQ1Nihk+JRyXt0QARcgsITt8+3 -rQdZDb6o6jTixClNXOJ2LGZMAI2NrQppfn3uBny06veyde9l3riwtOYwqEfETt6O -Ndy0gOd4zelPOnfMtzwDePC0m0b5ibNsMGVYGu5bmu4XFZrk8ivcAiEg4TJHcYtU -meONyuhmaCbcG8in0GZvUgb/YLcBpLBhFFUUd1ALBfi6cXlvFlSU0HHQoNRIAyFt -C1DQaAOWQ9v21KSF6zFG9Qg3yHKy+xBjXjfp0IZOqN5jrmXxbfl/+LWqUHD54tmS -iHrUf1CiW6no+4WBI9f6/+QCVLFBoStlNgoRt/OcIXmq1cTJ2pTSPl3S0+HobCEa -llEGEDXqsGxmV2kNmxsUks/knEGFElp/XtMrhykicIdQYntMaRebljrpiwARAQAB -iQI2BBgBCgAgFiEEt8HBQ2DzU6NoYuTVIxyEzdzGnEUFAmApr7sCGwwACgkQIxyE -zdzGnEW2ew/+IzGVXgB34NeHnaLVDTtiUXgrNoOV4xFTS+kvZXrGC5i+mMhae9Pc -gvAyjssJ7dVP2RJBSNkfdxrRd2D4HFcf3dn/n646HNiTinirfvoUf4VIA1jdDp9q -ixi//tO7fsPyn35d672OA9AC3ccBgji6V9XA58REonF+ap2bE0JBJYTJZrET9Wny -BPEjefdpORSHaXqimfHN59QV5gXEFZ4Ci1jCt9n6WEb0oo+kQTkUb8z7F9P+7ojj -Q+4KrgtlXb9ijxCwMfGRPNInnumqyKJ0PhTVwhM1JNdi53nwVY98OGEZXWiKPFQ6 -lAGyLLXwaOSztKGSdsFPK/tpyVihwoqHjJCU5St/PVlpvRKhbtq24FfDu7YyDO2Q -Dp2/F+QIdVnUFO2I1xeb2k+/Tx+3nfKYNui+AFaudOblrYQzPrlswJzCmmB/OTkt -wuOqr2nvQr2JUwmSaRvdCAe8EI/HAa/ujlA87T69L4T66KwBWuBkIYZQxFtCiC+B -mksPCYe9TBTZm2+8xk6UiSMKurwESTkDj/uUGmtGHi3cSJPSQ5x41COSEc+/yZ0k -eQTSnnkVrB71cMr2yVe9WWiUqUoHbkwiiy9YAHkp76jHbTRsCjs8O2otioAW06Yb -7r1iWp6twh/giBzsVJndeP5Ss/85TQfrl8x8yJjv1OQiIRrTTz6GdU0= -=AbiA ------END PGP PUBLIC KEY BLOCK----- ------BEGIN PGP PUBLIC KEY BLOCK----- -Comment: A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C -Comment: Tomáš Mráz -Comment: Tomáš Mráz -Comment: Tomáš Mráz - -mQINBGDxTCUBEACi0J1AgwXxjrAV/Gam5o4aZSVcPFBcO0bfWML5mT8ZUc3xO1cr -55DscbkXb27OK/FSdrq1YP7+pCtSZOstNPY/7k4VzNS1o8VoMzJZ3LAiXI5WB/LH -F8XSyzGuFEco/VT1hjTvb8EW2KlcBCR6Y22z5Wm1rVLqu7Q8b/ff1+M/kaWM6BFi -UKqfBZdqJuDDNFRGqFr0JjCol0D1v1vollm612OARKpzuUSOERdc11utidkGihag -pJDyP5a+qHZ4GNzZkZ+BBduuZDMUdEKgK28Pi0P0Nm17XRzX1Of1uXojMvroov7K -/Bkbpv+uvZoiSEAeD+G/+Tyk9VLhmyji9P+0lwYyHb3ACgS3wElz7CZwFgB3kjJv -MX93OlCAMruFht/+6hQu0zx1KPxx+55j/w7oSVzH8ZmYND5kM4zlGVnJxJk6aBu8 -laOARZw7EENz3c+hdgo+C+kXostNsbiuQTQnlFFaIM7Uy029wWnlCKSEmyElW9ZB -HnPhcihi8WbfoRdTcdfMraxCEIU1G/oVxYKfzV2koZTSkwPpqJYckyjHs7Zez5A3 -zVlAXPFEVLECEr02ESpWxFabk8itAz0oMZSn5tb3lBHs1XFqDvJaqME1unasjj06 -YUuDgKHxCWZLxo/cfJRrVxlRcsDgZ3s4PjxKkAmzUXt5yb7K3EVWDQri0wARAQAB -tBtUb23DocWhIE1yw6F6IDx0bUB0OG0uaW5mbz6JAlQEEwEIAD4WIQSiH6t0sAiK -o2EVJYa47xprqdotXAUCYPFMkQIbAwUJEswDAAULCQgHAgYVCgkICwIEFgIDAQIe -AQIXgAAKCRC47xprqdotXEGoD/9CyRFM8tzcdQsQBeQewKGTGdJvPx9saDLO6EVy -U9lEy8vLKMHnmAk+9myVBf0UHxCjVZblvXEL6U/eCINW8TBu9ZH56AMkPQgvfZkE -KrpBoP2yfkA9/2rfChec7jkFUwArWKAB8hyLPiABXdm3vRZMhiBAsFTv9rdrr89W -nAvcd9OXPxrEM7mNkkCDUlRkfRwdxSezStmJ/18bM5lrlR4Dj9MYUOieYICsu/nh -1u9C+QDOGruo/xku7B87qVSnKM4My28/RtSeGjTBNw3QPEmumArINNUDNZbe3e+I -m23l6tyP7nmtLbo0wPcRB9q4K1GlmecqzSgLsdf8YCOZKax9DLaA2fWVJCyp22Uj -kCmHkVgeXmByndWVdfYyJO4LGJhM7BfmWGa/yIRKRKZGlJavRY+UAkfqkXCbzhFD -IMyRTU3zqJfJcXrVDslvB1mMbBGIR7gmL2HSToNvN5E2xiEamHbSOv0ze0Vw5A1M -8S71i+jLUSenGTgjLdu52+K7SGLtyhG/kA5NpvMyCLBOYZ+4HPgbIwKLlcm5SRJ6 -z4sKLSZmU7HLMp69jXfGQqjYbJoUEHsCsLOeVMGiOVZqoZWQWcMHy9VvOA0FVx41 -xrpdDLft9ad+cM/oaiYXEWhqYRnBM5eIH0B3HOk/kmLZ6crNE+X5xG1qhoZgAurM -MriPFbQfVG9tw6HFoSBNcsOheiA8dG9tYXNAYXJsZXRvLmN6PokCVAQTAQgAPhYh -BKIfq3SwCIqjYRUlhrjvGmup2i1cBQJg8UxqAhsDBQkSzAMABQsJCAcCBhUKCQgL -AgQWAgMBAh4BAheAAAoJELjvGmup2i1cessP/jG7dFv/YEIn7p47wA+q+43Korjk -8LLpdb+YhVEpXgLK3yUNOcghs+e+UxSlS4jDV9ThpKgBEgTCn6V8vEWe5djvLVcO -UNG/wx33ksZKDOrZt2qGzz9VBd2ur100HjA3ibGClMjchMQCctlAHBCI/jV7g9Sv -FIHr/qECDnr50lh4kNeBZH/6gYEnB1Uqkc+7y/0gopk3kEcxO00qKj9d8QPatsoW -FOBW6OT0ldX5m19EL+x4Ku2/ayBwmobsQyj3cDV8cJN9QxJxB1AqLAKXK3XpEQ8Q -UERor6Z2gQu9bCRoQCl3Xu+lfqh2gmfoXoWiZFinoBzEETtILEUdNa2MsJheNuVy -Tf+W/vrfyAKVl7DgPk+n360frxmR8n7pkSpDq12s9J4eimX7aUlbhDX2XiMo/kGS -2oo2ulB083oJq09UieI2acwRIn6fFAOXx4Cr9IRAnKtvGxT3XzkDJ8WkC/+QE7wW -kjtD994kD2Jf1GCqFIWPx+J88VXp5UbobOENYBGWvc5Pki541aFKkXe5mvK9n2Fm -T3fOeBnyhT27J79UYSkOg9Zk0o7lcLKvgX3TqOwRrwMOGqyBIrHkLprIbeX5KOBI -yvtovyTuq3piF6OcfOYuZJOcV4LnnW6Ok9sgia1WgqNyJ+FSdSl6tLabzcM6sZ1I -8tmXB4BcoHFB9N0AtCFUb23DocWhIE1yw6F6IDx0b21hc0BvcGVuc3NsLm9yZz6J -AlQEEwEIAD4WIQSiH6t0sAiKo2EVJYa47xprqdotXAUCYPFMJQIbAwUJEswDAAUL -CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC47xprqdotXJUfD/9qFJURXryr8/Uh -KJIAYQawc3rgSCeMaSi60fgPhteBf9VPA5w84OKLtnZFcPcpvGpaHuRxj+mchOSo -2HkYz7eseTsWbfguDiBNf1sA0IW6/WfIjqfGliw/ikLn/mA8GgLzgPPEiEbZH+gZ -+J1ttxv15E8dWVSYILJcn7VLX8EgYc93uaiPbcc6wG3qBz5UD7FW6pg6AjEhz6j4 -yQBq/dAUUL9nfrrx8p6548aslAR5A7e1kWPSMkrXD6ECdlJ8LReaPjiWrvLCtf1M -cmAQJkXX9PLHtPtkXzfT97GdcEWtPF3qpu9k8gK3QC/dPoACIsDUU1+muaqlRB3A -ozLVFbSJ2kA0BqnHvhB+7cIB/ZkAasiI1jJ9XPwJJnzZGlRFGJnUg6MRX//FIvly -Vi+hFt1DQ2tWMo6peu1sNDDONYKL7/NhFedJhIRoYUiQtcEuWqtTjOUn7ErkaC2y -q8hzWgYCe2afy1sUvyDtUjuldVTNzV1ic4MPC+QZ5ZEw2uHfP2oELlK2zUlLZIpt -Bwvgzqw5qcxj0nBHoaDTRyJXrXDWf/DsyS6Df1t8Uidoc6W3zNEhKbabvTb4gtWj -hh/QezJNtyRSg4SZ2Zx+ExgAngFdhKUk01XytLcEqYHjOjO6ZHpP0/+E7T8yZ7sI -w5AnBC/mkTbqp5Nsbk/spoN0Wl7PZbkCDQRg8UyoARAApiWRrHjdEu9Fp2yd7K93 -VpttsAWGeZo6adA7kKrdB+DFwyQdQQIGF1MoxzKb3rcO2sxoU/SnY/TpxdVbSO27 -1MLUcqoEc5F+uxuXsp4Tx5s6iXY9xTwQeBi8pAUQSLlWc/yoakF4sahG+5+0NUDp -djCEevRw2nHVbMbyzACgB0VRErhpY6gOBK7LkHwXAEXh1pN836P1s3DLLInjoM50 -IGQJLJ38/dBeWf9lqJrDif3lZ9Br7h2xHVhaj+08iWKFXb+MDkW6lXOuT+A8pzHK -bz1TVhopid9NOcw8ws00Vnq9R0/dhk+FT81XJC6GmoBi2GjjKpLNMzfBE6IkJjhn -gMY9Wz5sSfXhyd0x7ZGdS3w9SiIXXoxw35woC1/Ue6QVasm/ldCNSNH63y8G5b7w -NA84/fhVa9/Tug8zyzRj9p5Ge7b1yMbtVy9Ret8e1xB3yOJH8rjwmd13ocNBrFYh -D4b1+P0DScr4TburR3S4gwzawB2juIToELQGseR8nQg8k6Fk5vZ8MaYslMU2za7H -a379C8+A9h0C2mobqtw7Gq8NzDH2H4Bgpy0Ce8ByWnRHEIrZcK4vZDTzBfW+lYJB -HFlNc0mheV2ih6vjmz940cakzLvGF65UA69tsS8Q/3sWH2QLFTywdcEUZNgZRWnc -nAaLOI/nw1ydegw8F+s1ALEAEQEAAYkEcgQYAQgAJhYhBKIfq3SwCIqjYRUlhrjv -Gmup2i1cBQJg8UyoAhsCBQkLRzUAAkAJELjvGmup2i1cwXQgBBkBCAAdFiEE3HAy -Zir4heL0fyQ/UnRmohynnm0FAmDxTKgACgkQUnRmohynnm3v+Q/+NpYQuO+0a57+ -otwvuN3xoMsOmiingnd6u5fefi8qCjHgYJxnZQhihk4MOyiY46CxJImFKI6M13H5 -SlsuaGMbl17f5V8dE7rUDD9D9tD4+hVe504UsAdqaKHFhE8xyWJ24it9LmIXY358 -cQ7gm/EzA/wCKEez1Z/IUlx6hrG6BnAuE6FYhLTQt5WcCGbA17I72M1H50rX8fa0 -8qOg4rzyNEOesz1auI3pt1VOy/VJo7V+oO2yz4NNGBqjCN1mMOmBl1vBldZz4oZJ -vqoCFgx4Bj4h8LHilyg2OWZV4Xh7fUGH2/RIdfAYhCTz495N1sdDHew9Qc3PP0vV -yzwoCJY2moCiZ16K0o215rgYAJcY2KCCithjw+ktHZ/E108cmJJE0ZXG9sFVdF6A -HEEofaYRgXEvwFOwEBnytAq2l1ePmlTe6eu5/hSMYlan93YpsF2tol+jw7F+aspg -K2JPWqB4FsupxnvvAvzGBrTTGfCL4z7K8/6QmYrJBByx0W/lkFsebEfOz0SY/Rvs -aGQ3LEmQkbn+Cz2c2PwmIuYJisunHNC1rH6lF1a19D2lpe82Eh3TsXEsgjty2+sh -uHsKCX/snSa+zySqMbsE6o/8AquuT7tkdHO1rYfr3ffvIeX8HVj6NKm1eyk6uyCE -cb08jqBWOG8tzpNt6PIviyrQRrK+ncSLjw/9GT4LhZKnfLM5pVAFV0jVqf29lVhk -RHDeiNmdprqpvW35cAS7LH2wv2xGj4+wGaJmksruiJj2KtNAWa+7Uvd4xvntrL3F -9kG5qC04iTx9nng4qliZAI1wGxT/fAKS165L5sdTXRvcywokshxtsPgCXcH/J2v/ -JC6BGn44o8qo/CLGIaTBk6V8NfY4YqNFyMaMRAQSQ9Pk0KXQxswdxASaYzTTb93g -muoO7XrIu7ae1lppeL3HB5hQ0/zF1cVzCrLXffsEZNVW/1/9VamicTOWP8dV/ylN -86d7NvfJk8L7O+YIsEKYhKEDfCXIZrF7Ynu9SCWiR8LAqxZpBx2/6lommQJ7RlKr -HBkWUGyC8WHYr/sxORy0uxSevGFcfK2sFMnpLJhC6C830O05B6SFTWTrD9c/NC2S -DDWQCr1Tud3GZ634BowTlQRgJpGJc2s4wOMaARnhVtr/GZQhfCzOhcaHAVMBX0FE -ce+LktihEnzEJJgc/bzTH+t3fIW8bS4c65YlwCzMCJ1oYyALlD1BlZ6whFSVUZro -uYVu8diJ4Alf9+hcYOU/Gnbyi3bFbRGhBVz8lB3TcEeP02+gSSFD7iDi2Wt3hkmY -YaT7k3YGM2ksXdQ25SGM1aW4drxaqAj5sZ48OXTMNT9ira3TL/o/Xp6GRhVE8iOl -JKbGoqC+wchHmOK5Ag0EYPFMJQEQAN/J6BypHYuzqwVDH8hrCQJ0s9I1fFdiu60u -aeLTQPeB2JVwV4t9WZsM6mVMEUZJGIobk2Y5FFzLsHtbPlSs7MXtLhlLa05iiMXq -oZsS7EYI+GDNO6OP1j8h9On2Ik5EnK/0dWGQglSY/ryw+5ShdAjHSd4hCRvBxfX7 -FJGNrvIkIp8AxlTvNBQyuR4rluOnfS1LXFDlaTWxRAZBJdB/GyAbCqKmkfbkXZbM -ZFA93E2skrLJ66CPgaK83r+DUi6+EyvOKTkZw0OU6S0k7xT4Z1f0AbS/ON5G8wjL -vxKu+Tmd2LHLMUTMiSQ7/K0iw4+pms1+MOBWFDX8aS/poRe0NS779RIk+Hy4OG7+ -i9Rpf4wU+Z2QHbUYrun6h7+RySv+E27QWCgNuAdm2F8cIsxQ3B0mAapqf2ECIkNb -PftDlv/iDqzAxAobNJzlsKQrcRmEPIOqNxi3TP+H85ekwHTdwwdPb5u8pgehpDum -ciyHfYZ7A3eNl6RubQMIWQgQzxUbreUJkKjHwLoqkTHDafJeKI7+2nII4r3peQfE -N0jZ5HSXHTHu4520FUBHNutvuHqCy0nQrhvoXEfD4woYk27OOwSKHu1ZdEFa6iJH -eAW0f6pSOMkEMDRtFWv0/hVpNDbhA+jAswzD4+XYDk+xZdDONua9inO930MGI2Bs -LQ1kotFTABEBAAGJAjwEGAEIACYWIQSiH6t0sAiKo2EVJYa47xprqdotXAUCYPFM -JQIbDAUJEswDAAAKCRC47xprqdotXBU2D/4vF/5FrkPz78jSl7YN77gc/sTpBGMh -QxhZxKpf+8xE/oig9/F90BMKaFAflChiEMPc+Dj0VrCGwP2xMTVO4J7lw7bTr3RB -uETuVq8S3XgtmTlXwoRQL91XtoGjAjhfgpXbi/DEyZ6+34QwMYr474rsKiMsBcMS -nWTDuqRqkFYAaF4LRbD6RkWck+C7k4ps/KIflEKiSEuvpjk1TpibwoSt+zIeZI6u -sSLWbGcADqnXHe0GClUqcMYbIgLzVyXQQzUvfrwAzi8XvfW+8QhP+B5oZT6y8YBD -NHQDcITC4OYaVHYnZWS+tPtPQZK4duAlZRd/lBxKPbNWee5ufPh5ALFAINpBWP0C -nHKVj/P3fBcCrz2ZYaH5iQmqhSbJ3lyFKJoQQgrcnWbnOWI91DdhmvE2GIyn1JJE -FT2YQqRH52dDX5gOl5OcwT7PxV1jc03bhZsOCylBoq1Yd9iD3U0bgiqI71dGZrXZ -qaQzuigCRxlv8nF97SUGLDCuvqC5ejmecQBYmLCrgIiRcI+FXSVnZhUYkeBbg9sX -Cla8mCgxF1RhH2S9z9blrLEf2r+l/8P0+IWmmaTvCbZ7kIrUsbGv7FNCubVA3UXc -zPrDR7hQC/xNAX1RXMGNmPru9wVtgnn72UneoD/dLYY65U/ZFLNeQAnq9c3VJKQ2 -TIdjvGbJ/k4qxw== -=Ctij ------END PGP PUBLIC KEY BLOCK----- ------BEGIN PGP PUBLIC KEY BLOCK----- -Comment: EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5 -Comment: OpenSSL security team -Comment: OpenSSL OMC -Comment: OpenSSL Security - -mQINBFQv6Z8BEACuJwJkw/Iniec6U1RzocYHBFKl1eE0WBu1vthYmcn0D/GJKvWM -kRhx9GSlWMqj9mgSFUOsFWrpPIm3Jzh4bLweUjH5I7R0Frh39dDFh1hhwHEholBy -yUGFTb8TppptXnzzDoNz4yUQcRP2oeG1vC/ePXPWHKgtp+0hmM3MQ3WIN+gSmpdt -4vMIoWKKCq+E1tYcsFk9URBWWEwBw+OJ37o7TrernyxwtXwdPOjYhA4mLtnKHs+5 -QivuOvK7gNf5hggyv6fp6d2ixvJZ9CdUYFdlOwaHA97B694RcAMxaMtzUpfkiJ/Q -2zR83QG4az6COKK38W6Kp7bLveMF6Rb4Y+gOjV4KvHKpzNAP2sNkmCIohlmoPhT9 -Ce9tWq6oK+o1MEc1Ejb1/kn9CeCloKlF8HkzhFLpqqkZ//3j73/6kuK45UVg5PbO -3GLcyTJW4enmTUFxy0d24Bfdgu7FpH1vHIisDkON3QO4TMwCJoLWGULqpJKP7kUf -5HCnafDroN5wF9jMVxFhmDOOdXyIeYkBVF6swwIlyq8VlYSjYWGAUtIb3rOiUNWc -zYY6spdAN6VtKTMnXTm608yH118p+UOB5rJuKBqk3tMaiIjoyOcya4ImenX85rfK -eCOVNtdOC/0N8McfO0eFc6fZxcy7ykZ1a7FLyqQDexpZM7OLoM5SXObX1QARAQAB -tDRPcGVuU1NMIHNlY3VyaXR5IHRlYW0gPG9wZW5zc2wtc2VjdXJpdHlAb3BlbnNz -bC5vcmc+iQJUBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE78Ck -Z9YTy4PH7W0w2JTizos9efUFAmPX/PkFCRGJRs4ACgkQ2JTizos9efWXgg/+Negn -a1HZIWs18LDktjV49a3IeKhjJV+UrTvQnFpSNXbwpnKa6iVX9PlE+3nLkIrkz6HJ -uBl1MZElcmrqIsVCKHcrbcJSgZM4fV0AgEEm5gNfK19gbJjs1qdbtwTYccDiHwGl -4EeTkPsOCo20QEC8jvkdHvMsvoD11c57NprQVVsOyuyz7B7LwV+6hZ2MAv6BZrNE -XBjzqxHGKcq4iyOKTGwRAufiXdq2+kV7GVjihH41YjV08f/b7O2uAm4k/IbULtvY -3Y/9rVvtU/Na044FQBGObH7/DbEOc8uFAH8Vy7M32rZmQet7pO8M5BrBMAaU2OAz -ZQ5CqauGvjTJ4GXi+pBoCVafPvsGkB1W6IxnPPJZsFw9kxOKSV1Md4jh90OdaIGe -HW4qagRaLDtDRtkFnIkbtc38HC/e30ANoNS3Enws7XSNvQ+O7HfeSsATsM/2cjL8 -c281Nv9o+xaNI4TN3KsfRswcQtnsN2cCkPZWKgTJcjpdANkX9CK7mYNS8bu6YsAV -nRF2iAB25Vjcz/92Dd28/nPI2CkKkOMhDtnFty8B2LZ2tbfoU1DsNzg+b3ejaXLZ -jhnZdL3b3F4iKpyzDhTpDHo4P/yxrtV8LOmHJN63oc1JljqgkU+RcxndSZ/LDHqt -VH02VwVHMVt4no62mZj2UNT2+Ci5p+tze4Rhfl60JU9wZW5TU0wgT01DIDxvcGVu -c3NsLW9tY0BvcGVuc3NsLm9yZz6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgID -AQACHgECF4AWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCY9f87QUJEYlGzgAKCRDY -lOLOiz159XBzD/9InUdyS1hdC7f2uEbD5A+5UFUwy9hqzy8sXLrGfUMtJC3Ur+CA -RqpHw6LC9oqFlAMhdSpIINzswLvpYqYKUllQWw0bStqWed6wuonC7nQk4fJhaWhT -MEyVNC7gpy1FcFQYZZ/rwVxftvV6EesOIL+cM9Tg2IKvdrJsuFtmhcrEmrAVrPuO -VkIBbOjylU5iHbs3hW15DqMXiu6s9wLlxSJtqWWcGT4Xp3SjUy2XRzsWwFPrdsnZ -cj1h1C1onglIpNuq7yQF6rrBmKUdy7FClXswEg+He6qV6zLhZo6bRAZO2b/g4aNX -NVOh5BS9ZpQds5FejHx3la6GzfPM/szC0WJR2r/6RqR/dizrPlhsJX3g5I+fRnNG -mOrUa7S/OrR3QlWyE5pvytKTno0UvPuITA7MGtQf3z4n4UbM7bYyLmCIVEkDQl9K -ax1vtEYLKKx7sVLmJUQVqo8RmmjottRZ6+B5UWOB+dXvt3Z+mJLHt92y6NLk4iOX -q3bgO9eMPgk+GdLXjgtgeu7S33BNE984/0B+jDLqhgEjK2spA50uPXBUtDm+Au+s -1zfePJVfQxdaoKY00iOltujRS6sqE1PtbebTHgDakxnr9MClzTmRz6ymAglxo72o -gk0OJCNELdckK0HHd5hGLEKBlSVGYSx2J985o7VE/raBr7/YULm4k0LXJbQvT3Bl -blNTTCBTZWN1cml0eSA8b3BlbnNzbC1zZWN1cml0eUBvcGVuc3NsLm9yZz6JAlUE -EwEKAD8CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEE78CkZ9YTy4PH7W0w -2JTizos9efUFAmIp6vAFCRdgAsUACgkQ2JTizos9efWbyA//cw5h9kzqjHNPrWyU -nqchSA/BAxGAfv8IW5vTXKIGou/vbF+2eV4pGe8cjYErfiEMI2XEqgW3NqtB8Ie1 -JpvHb/JARDpXRAeO0nAz68UZiv0s+BYG1cL0MJgxSmwLEo1XIxx+NYQRPaIPhWId -gdJmhOylGHRbZPfUu0gsX3JvFYYJvqSbZYJx47JzLgvsaRtY06oOt89hqVOp9geS -4HtwcZiIohq1E4Fy8+TYR7iMv62lBAG0xOoLCy4UzM3pVbChzcfmLLtH4ZbDO2ks -vhafec6lUetxMJuvqClp4oYDp9ucrcZF3pJA0feSGF6EXOmYo3KMiVbG35DqfJrI -8gva6QPTFo8WRsTZ7hUrn/BioXx7Orrmtl5++IPAU7c/0JPHCVordxinD/XDdcFV -s2IIf5iL914/CaI8AXmeM4H0m9kuaS9N0UI8+3gIBhO19cP1VJBw/EWdwjwHtUlf -d6mOAbwuVAjPEWQmcf0jIxoUR9t+3ieZjPdcHus5d9/xH2iOLdEHYQRHRiLlKFtu -PhWgqy7UgpWRye/628at5C9m5TfGQBldSoOkUzPQGGpV3pUiHeJlQPBAYl1AAvAK -8+Y2T9iSZXUuMXiMp3lplDEzXKHjUaXXUkgFuGs/L8YB+BBNBSE/GS078kQrc6Wu -y7mmnE22aFf7G0N/hin+9QeIWJq0J09wZW5TU0wgdGVhbSA8b3BlbnNzbC10ZWFt -QG9wZW5zc2wub3JnPokCWQQwAQoAQxYhBO/ApGfWE8uDx+1tMNiU4s6LPXn1BQJZ -2fY1JR0gUmVwbGFjZWQgYnkgb3BlbnNzbC1vbWNAb3BlbnNzbC5vcmcACgkQ2JTi -zos9efVQIg/8C1c/ChPOM/ojwXA1yUeIa4rD6BXlLDetE3KIqD1MvR251xV8Ox21 -3GYFHW+6CEfQ82xiy02CB+VsYh58tMi41NDWq6fkZOW4vFnJbFx/pYk8xFMl0ml3 -LkGsh9cVoesSiEBAsF4vQ/bmCNfM68DsLtjAK7GQobcW5ArIqvgc3LlYXUspkgE9 -yMcQcPqyMsNrEPgrFCcd3fWzXF1qsO8Rtd4bwyaJACkpQnZ832wY91uuMGzWcG2A -+SxkdOFPuDkWm5l8hbA6+DpdFp/YiDnfwAZqr6uoqdkcT0e8IRsGqJ2FJ7qHeGSv -kFjkGHaOPkJM69lJIEFMCrjvBQVN4b8HhcqbnJbnrWVGFDxgSdjNvXqzBDJgDqMh -GN5ZHJhGhiZDi02uzqJ0p+OUzK1CiEo0/Mc7Nb5sVfvYrP4LoqKRceNePgwZp8Jw -OnC5U84TWa6pHYm3rijfrBPPMFex9NDQQ/KEFINhAMQVMUtj2iy5ANPpqsftOIjs -RfWWn+7QIi4EuYRADcllRaHJaTBAzI56ngkDaA55oyaMnSUnu0fjgWTiD4CEVbsS -rR0nWJKhCg5DbVwq/dImoN1iK78ziR6cJdeQhe3GY+AdWe7Ci+75TiYy8Zlh9Sz4 -mpl81xRz9eYcO/g0xG6wpPE/fqua8/AgeKArEKJWN1uvKCCFZzRB7uq5Ag0EVC/p -nwEQAMB3s+8dq5T8fW+b3OcGujEcbhyguc6D5shlNWsuCV3W7+izsVUe+0hD1YwD -30C6zj2+CJrMxPQ/BB3u3SbyHMDP5fKL7GQiA/n192hX2DuHxvQwnDNkHxYghtrF -KOlXAyte2awA0fC+e0o8lHa1Yd2ZZNqlDC23qJtLMJH8bX8CIr59KckNyv64bF+h -VPIN3evnh1Ajn4A85848EZMQcjedg72MsA3TW2D4omayY7eXE5uut7FYcY6SM4pT -hIB2X9DM39Rgy3qC4ObvEkEfaWnJfHxyXiA8XF+FZukXc/iM68P0VS/sMml9QPsY -MWnMHcGlOcuzQJRAalqZJwuK0ZIvobh/Y9rYLxrHtNCgSjaFuSN9K/YhpAxs80H6 -lVa7GCSASTRrS3OvmY++fTsUPzSOvit0kqQfimziYx7QcJIagG92mvUmuf2PEfzv -Si6iaIqMhaTaJq5qxOR0q430KakQktNPX53HflWL7YenDPYw1rEyQFxGqjaBY1X8 -NtuzZ0P4cahgsBFc8HgYu2u3Ysd5wmvSTsOXld8Qsns1KIUOpzgWw56AJ6dxS3lK -4QSUFwjzbZW9H0jJ49eBMAaA+hCjv8c/4BFuZq9Gvsafn425Lx1V/3PFJlPu55V+ -7qWjeOkSzNctMlmCqPQVetbZ/pHLAJO5IUO3SoTs5kl6bARzABEBAAGJAjwEGAEK -ACYCGwwWIQTvwKRn1hPLg8ftbTDYlOLOiz159QUCY9f9DQUJEYlG7gAKCRDYlOLO -iz159f5RD/9Dhv5+muyWX9U4wNH7Dt7KHOtFyQ6+YrlLGj6WgZlFQD3sz1hVabJs -HwFuiaIjnZmQwiUJm72jCMUncL3OsWrQXm6SU60aG20XeQl1oXWmSD9D/len23hO -Yo/3WsC3o1AIkLA9cJ3h/oo3I7RE30skw4MwQ4oCFlmidmOLvkz3TD22qxf+WaK7 -KO0vJRVHQIVl1ZdsBSSULcr8BcupKXaKSBJQDya2TkEh6OUf1B/7EIk811oeNSaL -9eJXS9VGDytVyjGGXSbudBw2XAV0/oiPPDKYElbOZH66d6marGwCCdc29cNono/7 -zf0+/hyunzY3m1PkYGyzUmfWq4WNulJ9GEAz0O1rss/4hxnGqn/m3gue+aQx4hji -/K/vAV+531YT9MEp6m6e3074a7Hvn2l/tsBoL1Xseb6J9ZGL8fnZiuG6RF4sP1Lz -sQXmyjgr1yTlCShgNQCYXAgprWXPCwv176kL0WxkGhcI+GmSe3kNWr3HYoeTfBQ/ -G8GWaIZ2qJRY/d/P9bgWu3oztWcVqEDorK3Pbu5/VeIeEfIkc717EgvdZU4EB70v -E/jnY1V9GLFzdPcygy7bz5aA4IA/Y12VFdhQ9/E7HFvEv0KUa294rQiH86lRyCJI -aEUqeymypLjoU2oeR4Cujkne+5spQHBfn2/RWGqH28v+vqHysb/8GA== -=Q+Oa +xsFNBGYT46cBEADnGgpkGwVTO5hu+sqoC3UWXM1nxr3v+tLveHQQlMA/MLDwK+TS +1sMFSsOEE1ehAlhaEVCaiHSh+8PSqs8bvxrkbC8FXj6UkHvdZOoBgoDqEVUXawen +UmW/3OEQtC/815ByacwHsbgabTY+bXQBAvKnDsKMIg04YlE1UVLnO6Rf0v/AvnlK +400c0J/KOPOXP2+e5dYMxRN/8CMFA+Jo8m1N2/gDKb3y1Ga6Ug9Qg/7VmL+zp/9A ++JnVQFhVQgpt2hVGKcKteJvDJODRAmBG371E+KV+lnh0jvALUxGiC+h/XrHmm8Em +7hQM7LLoVKGDPxYYUQKA6U6+//Q3J7JgrstLTxAZ6Xz3516o8gM4EeNXo/rXNqNw +Ng4zKeYAU0klk0hDIf7JHluT/Xxy9ezgRK6V3RJEvvjA1RjpsTVe7uDw5GPEoRO/ +xXtcLghhPixbL6y1FOspZqx3BzroX6Ic4V03Ub61YL6Zx3Q3tTcaj+4QFGXVA3SN +WL6is2XBdvZAiOgO/7lbRXGq/vFtvynYPLEx6LbZdKtdfADUCgD7If4gvif5yaL2 +isSfD3UmoXPdDDLGdga5/dhmg2658AigHw6t0fPWnxPx4EUc1tL2bb+dEG+soRoj +s4QHHoAhEeVEKdeFfu7lE3i0omS/mp63IFUFI7AybnHYiZ2ujyc5sBBsnwARAQAB +zR1PcGVuU1NMIDxvcGVuc3NsQG9wZW5zc2wub3JnPsLBlAQTAQoAPhYhBLpUc6Kw +WHsH+yfPLSFglN/Qy4HvBQJmE+OnAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMB +Ah4BAheAAAoJECFglN/Qy4HvXIcP/jCgVgZ7wMwMaDqbwBJOVKQ7sVzNvjy1xMr+ +XkXn1FHme1MlRl4Uw9Wzeh8TUckzx59+CAqe/pRRYhR9kL0S8WUhoa4VK61c47WS +0wFWzOOuQ4JQO9v9zP6hsKubnQdA9ggq3rvkFrRDIV0DPU6iFxXs2/kYmuqHxIkO +GgLx+aCWPx0XNAdJyov46EbQnIjJOdialeC2dIEdIU0Vk5N0jWYv6MKweAmXRVLM +Jusz3yfNZ0FmydSo90aNQcQz4fp3vgF8qP7Z5BmMOSWOnXJawJd8+ic0RXRWdsMS +oxyAEKH/98IUPZII8N8c5u8pAJ52m7LQRm8CKk4GzylStaV+Pe6PuNTVkx1sIE62 +Sv0RFbd2yJ5Wou5Z/1lRZvzjF5R3G+dobKZLym2HwNkJtFROODFqiPkcKYCSSd4c +sqlOVh2X6/8VlJZ9Q4r7pAm/ulPnf/PSEo8l7kr/JS7Q09nlwNaa5l9nwvrt2z+u ++5dNZt5syyVgpNd4mPZMFb9TXqoFrhrZfLGZ2I3GQ7tLX2boHhBXNl32a1sb2Qsv +9fbz++sFbYrfDhsjH5eEwBjW7o4Kkd/cTMJGufLczy3Cb+RyrjyBrSwfMQf0xHkp +QKidfWOKv9j+yeEhGVCHaIPilYNVeZFRHzL1H9oIkda2BZamj7iYveVnnDBjgpN7 +k6YNfbUM +=Fi54 -----END PGP PUBLIC KEY BLOCK----- diff --git a/reproducible.patch b/reproducible.patch deleted file mode 100644 index 6c40942..0000000 --- a/reproducible.patch +++ /dev/null @@ -1,929 +0,0 @@ -commit 0fbc50ef0cb8894973d4739af62e95be825b7ccf -Author: trigpolynom -Date: Tue Oct 17 22:44:45 2023 -0400 - - aes-gcm-avx512.pl: fix non-reproducibility issue - - Replace the random suffix with a counter, to make the - build reproducible. - - Fixes #20954 - - Reviewed-by: Richard Levitte - Reviewed-by: Matthias St. Pierre - Reviewed-by: Tom Cosgrove - Reviewed-by: Hugo Landau - (Merged from https://github.com/openssl/openssl/pull/22415) - -diff --git a/crypto/modes/asm/aes-gcm-avx512.pl b/crypto/modes/asm/aes-gcm-avx512.pl -index afd2af941a..9f9124373b 100644 ---- a/crypto/modes/asm/aes-gcm-avx512.pl -+++ b/crypto/modes/asm/aes-gcm-avx512.pl -@@ -155,6 +155,9 @@ my $STACK_LOCAL_OFFSET = ($STACK_HKEYS_OFFSET + $HKEYS_STORAGE); - # ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - my ($arg1, $arg2, $arg3, $arg4, $arg5, $arg6, $arg7, $arg8, $arg9, $arg10, $arg11); - -+# ; Counter used for assembly label generation -+my $label_count = 0; -+ - # ; This implementation follows the convention: for non-leaf functions (they - # ; must call PROLOG) %rbp is used as a frame pointer, and has fixed offset from - # ; the function entry: $GP_STORAGE + [8 bytes alignment (Windows only)]. This -@@ -200,15 +203,6 @@ my $CTX_OFFSET_HTable = (16 * 6); # ; (Htable) Precomputed table (a - # ;;; Helper functions - # ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - --# ; Generates "random" local labels --sub random_string() { -- my @chars = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '_'); -- my $length = 15; -- my $str; -- map { $str .= $chars[rand(33)] } 1 .. $length; -- return $str; --} -- - sub BYTE { - my ($reg) = @_; - if ($reg =~ /%r[abcd]x/i) { -@@ -417,7 +411,7 @@ ___ - sub EPILOG { - my ($hkeys_storage_on_stack, $payload_len) = @_; - -- my $rndsuffix = &random_string(); -+ my $label_suffix = $label_count++; - - if ($hkeys_storage_on_stack && $CLEAR_HKEYS_STORAGE_ON_EXIT) { - -@@ -425,13 +419,13 @@ sub EPILOG { - # ; were stored in the local frame storage - $code .= <<___; - cmpq \$`16*16`,$payload_len -- jbe .Lskip_hkeys_cleanup_${rndsuffix} -+ jbe .Lskip_hkeys_cleanup_${label_suffix} - vpxor %xmm0,%xmm0,%xmm0 - ___ - for (my $i = 0; $i < int($HKEYS_STORAGE / 64); $i++) { - $code .= "vmovdqa64 %zmm0,`$STACK_HKEYS_OFFSET + 64*$i`(%rsp)\n"; - } -- $code .= ".Lskip_hkeys_cleanup_${rndsuffix}:\n"; -+ $code .= ".Lskip_hkeys_cleanup_${label_suffix}:\n"; - } - - if ($CLEAR_SCRATCH_REGISTERS) { -@@ -537,11 +531,11 @@ sub precompute_hkeys_on_stack { - && $HKEYS_RANGE ne "first32" - && $HKEYS_RANGE ne "last32"); - -- my $rndsuffix = &random_string(); -+ my $label_suffix = $label_count++; - - $code .= <<___; - test $HKEYS_READY,$HKEYS_READY -- jnz .L_skip_hkeys_precomputation_${rndsuffix} -+ jnz .L_skip_hkeys_precomputation_${label_suffix} - ___ - - if ($HKEYS_RANGE eq "first16" || $HKEYS_RANGE eq "first32" || $HKEYS_RANGE eq "all") { -@@ -615,7 +609,7 @@ ___ - } - } - -- $code .= ".L_skip_hkeys_precomputation_${rndsuffix}:\n"; -+ $code .= ".L_skip_hkeys_precomputation_${label_suffix}:\n"; - } - - # ;; ============================================================================= -@@ -1418,20 +1412,20 @@ sub CALC_AAD_HASH { - - my $SHFMSK = $ZT13; - -- my $rndsuffix = &random_string(); -+ my $label_suffix = $label_count++; - - $code .= <<___; - mov $A_IN,$T1 # ; T1 = AAD - mov $A_LEN,$T2 # ; T2 = aadLen - or $T2,$T2 -- jz .L_CALC_AAD_done_${rndsuffix} -+ jz .L_CALC_AAD_done_${label_suffix} - - xor $HKEYS_READY,$HKEYS_READY - vmovdqa64 SHUF_MASK(%rip),$SHFMSK - --.L_get_AAD_loop48x16_${rndsuffix}: -+.L_get_AAD_loop48x16_${label_suffix}: - cmp \$`(48*16)`,$T2 -- jl .L_exit_AAD_loop48x16_${rndsuffix} -+ jl .L_exit_AAD_loop48x16_${label_suffix} - ___ - - $code .= <<___; -@@ -1499,15 +1493,15 @@ ___ - - $code .= <<___; - sub \$`(48*16)`,$T2 -- je .L_CALC_AAD_done_${rndsuffix} -+ je .L_CALC_AAD_done_${label_suffix} - - add \$`(48*16)`,$T1 -- jmp .L_get_AAD_loop48x16_${rndsuffix} -+ jmp .L_get_AAD_loop48x16_${label_suffix} - --.L_exit_AAD_loop48x16_${rndsuffix}: -+.L_exit_AAD_loop48x16_${label_suffix}: - # ; Less than 48x16 bytes remaining - cmp \$`(32*16)`,$T2 -- jl .L_less_than_32x16_${rndsuffix} -+ jl .L_less_than_32x16_${label_suffix} - ___ - - $code .= <<___; -@@ -1556,14 +1550,14 @@ ___ - - $code .= <<___; - sub \$`(32*16)`,$T2 -- je .L_CALC_AAD_done_${rndsuffix} -+ je .L_CALC_AAD_done_${label_suffix} - - add \$`(32*16)`,$T1 -- jmp .L_less_than_16x16_${rndsuffix} -+ jmp .L_less_than_16x16_${label_suffix} - --.L_less_than_32x16_${rndsuffix}: -+.L_less_than_32x16_${label_suffix}: - cmp \$`(16*16)`,$T2 -- jl .L_less_than_16x16_${rndsuffix} -+ jl .L_less_than_16x16_${label_suffix} - # ; Get next 16 blocks - vmovdqu64 `64*0`($T1),$ZT1 - vmovdqu64 `64*1`($T1),$ZT2 -@@ -1588,11 +1582,11 @@ ___ - - $code .= <<___; - sub \$`(16*16)`,$T2 -- je .L_CALC_AAD_done_${rndsuffix} -+ je .L_CALC_AAD_done_${label_suffix} - - add \$`(16*16)`,$T1 - # ; Less than 16x16 bytes remaining --.L_less_than_16x16_${rndsuffix}: -+.L_less_than_16x16_${label_suffix}: - # ;; prep mask source address - lea byte64_len_to_mask_table(%rip),$T3 - lea ($T3,$T2,8),$T3 -@@ -1601,28 +1595,28 @@ ___ - add \$15,@{[DWORD($T2)]} - shr \$4,@{[DWORD($T2)]} - cmp \$2,@{[DWORD($T2)]} -- jb .L_AAD_blocks_1_${rndsuffix} -- je .L_AAD_blocks_2_${rndsuffix} -+ jb .L_AAD_blocks_1_${label_suffix} -+ je .L_AAD_blocks_2_${label_suffix} - cmp \$4,@{[DWORD($T2)]} -- jb .L_AAD_blocks_3_${rndsuffix} -- je .L_AAD_blocks_4_${rndsuffix} -+ jb .L_AAD_blocks_3_${label_suffix} -+ je .L_AAD_blocks_4_${label_suffix} - cmp \$6,@{[DWORD($T2)]} -- jb .L_AAD_blocks_5_${rndsuffix} -- je .L_AAD_blocks_6_${rndsuffix} -+ jb .L_AAD_blocks_5_${label_suffix} -+ je .L_AAD_blocks_6_${label_suffix} - cmp \$8,@{[DWORD($T2)]} -- jb .L_AAD_blocks_7_${rndsuffix} -- je .L_AAD_blocks_8_${rndsuffix} -+ jb .L_AAD_blocks_7_${label_suffix} -+ je .L_AAD_blocks_8_${label_suffix} - cmp \$10,@{[DWORD($T2)]} -- jb .L_AAD_blocks_9_${rndsuffix} -- je .L_AAD_blocks_10_${rndsuffix} -+ jb .L_AAD_blocks_9_${label_suffix} -+ je .L_AAD_blocks_10_${label_suffix} - cmp \$12,@{[DWORD($T2)]} -- jb .L_AAD_blocks_11_${rndsuffix} -- je .L_AAD_blocks_12_${rndsuffix} -+ jb .L_AAD_blocks_11_${label_suffix} -+ je .L_AAD_blocks_12_${label_suffix} - cmp \$14,@{[DWORD($T2)]} -- jb .L_AAD_blocks_13_${rndsuffix} -- je .L_AAD_blocks_14_${rndsuffix} -+ jb .L_AAD_blocks_13_${label_suffix} -+ je .L_AAD_blocks_14_${label_suffix} - cmp \$15,@{[DWORD($T2)]} -- je .L_AAD_blocks_15_${rndsuffix} -+ je .L_AAD_blocks_15_${label_suffix} - ___ - - # ;; fall through for 16 blocks -@@ -1635,7 +1629,7 @@ ___ - # ;; - jump to reduction code - - for (my $aad_blocks = 16; $aad_blocks > 0; $aad_blocks--) { -- $code .= ".L_AAD_blocks_${aad_blocks}_${rndsuffix}:\n"; -+ $code .= ".L_AAD_blocks_${aad_blocks}_${label_suffix}:\n"; - if ($aad_blocks > 12) { - $code .= "sub \$`12*16*8`, $T3\n"; - } elsif ($aad_blocks > 8) { -@@ -1656,11 +1650,11 @@ ___ - if ($aad_blocks > 1) { - - # ;; fall through to CALC_AAD_done in 1 block case -- $code .= "jmp .L_CALC_AAD_done_${rndsuffix}\n"; -+ $code .= "jmp .L_CALC_AAD_done_${label_suffix}\n"; - } - - } -- $code .= ".L_CALC_AAD_done_${rndsuffix}:\n"; -+ $code .= ".L_CALC_AAD_done_${label_suffix}:\n"; - - # ;; result in AAD_HASH - } -@@ -1710,13 +1704,13 @@ sub PARTIAL_BLOCK { - my $IA1 = $GPTMP2; - my $IA2 = $GPTMP0; - -- my $rndsuffix = &random_string(); -+ my $label_suffix = $label_count++; - - $code .= <<___; - # ;; if no partial block present then LENGTH/DATA_OFFSET will be set to zero - mov ($PBLOCK_LEN),$LENGTH - or $LENGTH,$LENGTH -- je .L_partial_block_done_${rndsuffix} # ;Leave Macro if no partial blocks -+ je .L_partial_block_done_${label_suffix} # ;Leave Macro if no partial blocks - ___ - - &READ_SMALL_DATA_INPUT($XTMP0, $PLAIN_CIPH_IN, $PLAIN_CIPH_LEN, $IA0, $IA2, $MASKREG); -@@ -1755,9 +1749,9 @@ ___ - } - $code .= <<___; - sub \$16,$IA1 -- jge .L_no_extra_mask_${rndsuffix} -+ jge .L_no_extra_mask_${label_suffix} - sub $IA1,$IA0 --.L_no_extra_mask_${rndsuffix}: -+.L_no_extra_mask_${label_suffix}: - # ;; get the appropriate mask to mask out bottom $LENGTH bytes of $XTMP1 - # ;; - mask out bottom $LENGTH bytes of $XTMP1 - # ;; sizeof(SHIFT_MASK) == 16 bytes -@@ -1781,7 +1775,7 @@ ___ - } - $code .= <<___; - cmp \$0,$IA1 -- jl .L_partial_incomplete_${rndsuffix} -+ jl .L_partial_incomplete_${label_suffix} - ___ - - # ;; GHASH computation for the last <16 Byte block -@@ -1793,9 +1787,9 @@ ___ - mov $LENGTH,$IA0 - mov \$16,$LENGTH - sub $IA0,$LENGTH -- jmp .L_enc_dec_done_${rndsuffix} -+ jmp .L_enc_dec_done_${label_suffix} - --.L_partial_incomplete_${rndsuffix}: -+.L_partial_incomplete_${label_suffix}: - ___ - if ($win64) { - $code .= <<___; -@@ -1808,7 +1802,7 @@ ___ - $code .= <<___; - mov $PLAIN_CIPH_LEN,$LENGTH - --.L_enc_dec_done_${rndsuffix}: -+.L_enc_dec_done_${label_suffix}: - # ;; output encrypted Bytes - - lea byte_len_to_mask_table(%rip),$IA0 -@@ -1826,7 +1820,7 @@ ___ - $code .= <<___; - mov $CIPH_PLAIN_OUT,$IA0 - vmovdqu8 $XTMP1,($IA0){$MASKREG} --.L_partial_block_done_${rndsuffix}: -+.L_partial_block_done_${label_suffix}: - ___ - } - -@@ -2016,7 +2010,7 @@ sub INITIAL_BLOCKS_PARTIAL_GHASH { - my $GM = $_[23]; # [in] ZMM with mid prodcut part - my $GL = $_[24]; # [in] ZMM with lo product part - -- my $rndsuffix = &random_string(); -+ my $label_suffix = $label_count++; - - # ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - # ;;; - Hash all but the last partial block of data -@@ -2034,7 +2028,7 @@ sub INITIAL_BLOCKS_PARTIAL_GHASH { - # ;; NOTE: the 'jl' is always taken for num_initial_blocks = 16. - # ;; This is run in the context of GCM_ENC_DEC_SMALL for length < 256. - cmp \$16,$LENGTH -- jl .L_small_initial_partial_block_${rndsuffix} -+ jl .L_small_initial_partial_block_${label_suffix} - - # ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - # ;;; Handle a full length final block - encrypt and hash all blocks -@@ -2056,11 +2050,11 @@ ___ - &GHASH_1_TO_16($GCM128_CTX, $HASH_IN_OUT, $ZT0, $ZT1, $ZT2, $ZT3, $ZT4, - $ZT5, $ZT6, $ZT7, $ZT8, &ZWORD($HASH_IN_OUT), $DAT0, $DAT1, $DAT2, $DAT3, $NUM_BLOCKS, $GH, $GM, $GL); - } -- $code .= "jmp .L_small_initial_compute_done_${rndsuffix}\n"; -+ $code .= "jmp .L_small_initial_compute_done_${label_suffix}\n"; - } - - $code .= <<___; --.L_small_initial_partial_block_${rndsuffix}: -+.L_small_initial_partial_block_${label_suffix}: - - # ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - # ;;; Handle ghash for a <16B final block -@@ -2125,7 +2119,7 @@ ___ - # ;; a partial block of data, so xor that into the hash. - vpxorq $LAST_GHASH_BLK,$HASH_IN_OUT,$HASH_IN_OUT - # ;; The result is in $HASH_IN_OUT -- jmp .L_after_reduction_${rndsuffix} -+ jmp .L_after_reduction_${label_suffix} - ___ - } - -@@ -2133,7 +2127,7 @@ ___ - # ;;; After GHASH reduction - # ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -- $code .= ".L_small_initial_compute_done_${rndsuffix}:\n"; -+ $code .= ".L_small_initial_compute_done_${label_suffix}:\n"; - - # ;; If using init/update/finalize, we need to xor any partial block data - # ;; into the hash. -@@ -2144,13 +2138,13 @@ ___ - $code .= <<___; - # ;; NOTE: for $NUM_BLOCKS = 16, $LENGTH, stored in [PBlockLen] is never zero - or $LENGTH,$LENGTH -- je .L_after_reduction_${rndsuffix} -+ je .L_after_reduction_${label_suffix} - ___ - } - $code .= "vpxorq $LAST_GHASH_BLK,$HASH_IN_OUT,$HASH_IN_OUT\n"; - } - -- $code .= ".L_after_reduction_${rndsuffix}:\n"; -+ $code .= ".L_after_reduction_${label_suffix}:\n"; - - # ;; Final hash is now in HASH_IN_OUT - } -@@ -2266,7 +2260,7 @@ sub GHASH_16_ENCRYPT_N_GHASH_N { - die "GHASH_16_ENCRYPT_N_GHASH_N: num_blocks is out of bounds = $NUM_BLOCKS\n" - if ($NUM_BLOCKS > 16 || $NUM_BLOCKS < 0); - -- my $rndsuffix = &random_string(); -+ my $label_suffix = $label_count++; - - my $GH1H = $HASH_IN_OUT; - -@@ -2326,16 +2320,16 @@ ___ - - $code .= <<___; - cmp \$`(256 - $NUM_BLOCKS)`,@{[DWORD($CTR_CHECK)]} -- jae .L_16_blocks_overflow_${rndsuffix} -+ jae .L_16_blocks_overflow_${label_suffix} - ___ - - &ZMM_OPCODE3_DSTR_SRC1R_SRC2R_BLOCKS_0_16( - $NUM_BLOCKS, "vpaddd", $B00_03, $B04_07, $B08_11, $B12_15, $CTR_BE, - $B00_03, $B04_07, $B08_11, $ADDBE_1234, $ADDBE_4x4, $ADDBE_4x4, $ADDBE_4x4); - $code .= <<___; -- jmp .L_16_blocks_ok_${rndsuffix} -+ jmp .L_16_blocks_ok_${label_suffix} - --.L_16_blocks_overflow_${rndsuffix}: -+.L_16_blocks_overflow_${label_suffix}: - vpshufb $SHFMSK,$CTR_BE,$CTR_BE - vpaddd ddq_add_1234(%rip),$CTR_BE,$B00_03 - ___ -@@ -2355,7 +2349,7 @@ ___ - $NUM_BLOCKS, "vpshufb", $B00_03, $B04_07, $B08_11, $B12_15, $B00_03, - $B04_07, $B08_11, $B12_15, $SHFMSK, $SHFMSK, $SHFMSK, $SHFMSK); - $code .= <<___; --.L_16_blocks_ok_${rndsuffix}: -+.L_16_blocks_ok_${label_suffix}: - - # ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - # ;; - pre-load constants -@@ -2805,53 +2799,53 @@ sub GCM_ENC_DEC_LAST { - my $MASKREG = $_[44]; # [clobbered] mask register - my $PBLOCK_LEN = $_[45]; # [in] partial block length - -- my $rndsuffix = &random_string(); -+ my $label_suffix = $label_count++; - - $code .= <<___; - mov @{[DWORD($LENGTH)]},@{[DWORD($IA0)]} - add \$15,@{[DWORD($IA0)]} - shr \$4,@{[DWORD($IA0)]} -- je .L_last_num_blocks_is_0_${rndsuffix} -+ je .L_last_num_blocks_is_0_${label_suffix} - - cmp \$8,@{[DWORD($IA0)]} -- je .L_last_num_blocks_is_8_${rndsuffix} -- jb .L_last_num_blocks_is_7_1_${rndsuffix} -+ je .L_last_num_blocks_is_8_${label_suffix} -+ jb .L_last_num_blocks_is_7_1_${label_suffix} - - - cmp \$12,@{[DWORD($IA0)]} -- je .L_last_num_blocks_is_12_${rndsuffix} -- jb .L_last_num_blocks_is_11_9_${rndsuffix} -+ je .L_last_num_blocks_is_12_${label_suffix} -+ jb .L_last_num_blocks_is_11_9_${label_suffix} - - # ;; 16, 15, 14 or 13 - cmp \$15,@{[DWORD($IA0)]} -- je .L_last_num_blocks_is_15_${rndsuffix} -- ja .L_last_num_blocks_is_16_${rndsuffix} -+ je .L_last_num_blocks_is_15_${label_suffix} -+ ja .L_last_num_blocks_is_16_${label_suffix} - cmp \$14,@{[DWORD($IA0)]} -- je .L_last_num_blocks_is_14_${rndsuffix} -- jmp .L_last_num_blocks_is_13_${rndsuffix} -+ je .L_last_num_blocks_is_14_${label_suffix} -+ jmp .L_last_num_blocks_is_13_${label_suffix} - --.L_last_num_blocks_is_11_9_${rndsuffix}: -+.L_last_num_blocks_is_11_9_${label_suffix}: - # ;; 11, 10 or 9 - cmp \$10,@{[DWORD($IA0)]} -- je .L_last_num_blocks_is_10_${rndsuffix} -- ja .L_last_num_blocks_is_11_${rndsuffix} -- jmp .L_last_num_blocks_is_9_${rndsuffix} -+ je .L_last_num_blocks_is_10_${label_suffix} -+ ja .L_last_num_blocks_is_11_${label_suffix} -+ jmp .L_last_num_blocks_is_9_${label_suffix} - --.L_last_num_blocks_is_7_1_${rndsuffix}: -+.L_last_num_blocks_is_7_1_${label_suffix}: - cmp \$4,@{[DWORD($IA0)]} -- je .L_last_num_blocks_is_4_${rndsuffix} -- jb .L_last_num_blocks_is_3_1_${rndsuffix} -+ je .L_last_num_blocks_is_4_${label_suffix} -+ jb .L_last_num_blocks_is_3_1_${label_suffix} - # ;; 7, 6 or 5 - cmp \$6,@{[DWORD($IA0)]} -- ja .L_last_num_blocks_is_7_${rndsuffix} -- je .L_last_num_blocks_is_6_${rndsuffix} -- jmp .L_last_num_blocks_is_5_${rndsuffix} -+ ja .L_last_num_blocks_is_7_${label_suffix} -+ je .L_last_num_blocks_is_6_${label_suffix} -+ jmp .L_last_num_blocks_is_5_${label_suffix} - --.L_last_num_blocks_is_3_1_${rndsuffix}: -+.L_last_num_blocks_is_3_1_${label_suffix}: - # ;; 3, 2 or 1 - cmp \$2,@{[DWORD($IA0)]} -- ja .L_last_num_blocks_is_3_${rndsuffix} -- je .L_last_num_blocks_is_2_${rndsuffix} -+ ja .L_last_num_blocks_is_3_${label_suffix} -+ je .L_last_num_blocks_is_2_${label_suffix} - ___ - - # ;; fall through for `jmp .L_last_num_blocks_is_1` -@@ -2859,7 +2853,7 @@ ___ - # ;; Use rep to generate different block size variants - # ;; - one block size has to be the first one - for my $num_blocks (1 .. 16) { -- $code .= ".L_last_num_blocks_is_${num_blocks}_${rndsuffix}:\n"; -+ $code .= ".L_last_num_blocks_is_${num_blocks}_${label_suffix}:\n"; - &GHASH_16_ENCRYPT_N_GHASH_N( - $AES_KEYS, $GCM128_CTX, $CIPH_PLAIN_OUT, $PLAIN_CIPH_IN, $DATA_OFFSET, - $LENGTH, $CTR_BE, $CTR_CHECK, $HASHKEY_OFFSET, $GHASHIN_BLK_OFFSET, -@@ -2872,10 +2866,10 @@ ___ - $ENC_DEC, $HASH_IN_OUT, $IA0, $IA1, $MASKREG, - $num_blocks, $PBLOCK_LEN); - -- $code .= "jmp .L_last_blocks_done_${rndsuffix}\n"; -+ $code .= "jmp .L_last_blocks_done_${label_suffix}\n"; - } - -- $code .= ".L_last_num_blocks_is_0_${rndsuffix}:\n"; -+ $code .= ".L_last_num_blocks_is_0_${label_suffix}:\n"; - - # ;; if there is 0 blocks to cipher then there are only 16 blocks for ghash and reduction - # ;; - convert mid into end_reduce -@@ -2891,7 +2885,7 @@ ___ - $GHASHIN_BLK_OFFSET, 0, "%rsp", $HASHKEY_OFFSET, 0, $HASH_IN_OUT, $ZT00, $ZT01, - $ZT02, $ZT03, $ZT04, $ZT05, $ZT06, $ZT07, $ZT08, $ZT09); - -- $code .= ".L_last_blocks_done_${rndsuffix}:\n"; -+ $code .= ".L_last_blocks_done_${label_suffix}:\n"; - } - - # ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -@@ -2985,20 +2979,20 @@ sub GHASH_16_ENCRYPT_16_PARALLEL { - my $GHDAT1 = $ZT21; - my $GHDAT2 = $ZT22; - -- my $rndsuffix = &random_string(); -+ my $label_suffix = $label_count++; - - # ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - # ;; prepare counter blocks - - $code .= <<___; - cmpb \$`(256 - 16)`,@{[BYTE($CTR_CHECK)]} -- jae .L_16_blocks_overflow_${rndsuffix} -+ jae .L_16_blocks_overflow_${label_suffix} - vpaddd $ADDBE_1234,$CTR_BE,$B00_03 - vpaddd $ADDBE_4x4,$B00_03,$B04_07 - vpaddd $ADDBE_4x4,$B04_07,$B08_11 - vpaddd $ADDBE_4x4,$B08_11,$B12_15 -- jmp .L_16_blocks_ok_${rndsuffix} --.L_16_blocks_overflow_${rndsuffix}: -+ jmp .L_16_blocks_ok_${label_suffix} -+.L_16_blocks_overflow_${label_suffix}: - vpshufb $SHFMSK,$CTR_BE,$CTR_BE - vmovdqa64 ddq_add_4444(%rip),$B12_15 - vpaddd ddq_add_1234(%rip),$CTR_BE,$B00_03 -@@ -3009,7 +3003,7 @@ sub GHASH_16_ENCRYPT_16_PARALLEL { - vpshufb $SHFMSK,$B04_07,$B04_07 - vpshufb $SHFMSK,$B08_11,$B08_11 - vpshufb $SHFMSK,$B12_15,$B12_15 --.L_16_blocks_ok_${rndsuffix}: -+.L_16_blocks_ok_${label_suffix}: - ___ - - # ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -@@ -3338,25 +3332,25 @@ sub ENCRYPT_SINGLE_BLOCK { - my $XMM0 = $_[1]; # ; [in/out] - my $GPR1 = $_[2]; # ; [clobbered] - -- my $rndsuffix = &random_string(); -+ my $label_suffix = $label_count++; - - $code .= <<___; - # ; load number of rounds from AES_KEY structure (offset in bytes is - # ; size of the |rd_key| buffer) - mov `4*15*4`($AES_KEY),@{[DWORD($GPR1)]} - cmp \$9,@{[DWORD($GPR1)]} -- je .Laes_128_${rndsuffix} -+ je .Laes_128_${label_suffix} - cmp \$11,@{[DWORD($GPR1)]} -- je .Laes_192_${rndsuffix} -+ je .Laes_192_${label_suffix} - cmp \$13,@{[DWORD($GPR1)]} -- je .Laes_256_${rndsuffix} -- jmp .Lexit_aes_${rndsuffix} -+ je .Laes_256_${label_suffix} -+ jmp .Lexit_aes_${label_suffix} - ___ - for my $keylen (sort keys %aes_rounds) { - my $nr = $aes_rounds{$keylen}; - $code .= <<___; - .align 32 --.Laes_${keylen}_${rndsuffix}: -+.Laes_${keylen}_${label_suffix}: - ___ - $code .= "vpxorq `16*0`($AES_KEY),$XMM0, $XMM0\n\n"; - for (my $i = 1; $i <= $nr; $i++) { -@@ -3364,10 +3358,10 @@ ___ - } - $code .= <<___; - vaesenclast `16*($nr+1)`($AES_KEY),$XMM0,$XMM0 -- jmp .Lexit_aes_${rndsuffix} -+ jmp .Lexit_aes_${label_suffix} - ___ - } -- $code .= ".Lexit_aes_${rndsuffix}:\n\n"; -+ $code .= ".Lexit_aes_${label_suffix}:\n\n"; - } - - sub CALC_J0 { -@@ -3562,52 +3556,52 @@ sub GCM_ENC_DEC_SMALL { - my $SHUFMASK = $_[29]; # [in] ZMM with BE/LE shuffle mask - my $PBLOCK_LEN = $_[30]; # [in] partial block length - -- my $rndsuffix = &random_string(); -+ my $label_suffix = $label_count++; - - $code .= <<___; - cmp \$8,$NUM_BLOCKS -- je .L_small_initial_num_blocks_is_8_${rndsuffix} -- jl .L_small_initial_num_blocks_is_7_1_${rndsuffix} -+ je .L_small_initial_num_blocks_is_8_${label_suffix} -+ jl .L_small_initial_num_blocks_is_7_1_${label_suffix} - - - cmp \$12,$NUM_BLOCKS -- je .L_small_initial_num_blocks_is_12_${rndsuffix} -- jl .L_small_initial_num_blocks_is_11_9_${rndsuffix} -+ je .L_small_initial_num_blocks_is_12_${label_suffix} -+ jl .L_small_initial_num_blocks_is_11_9_${label_suffix} - - # ;; 16, 15, 14 or 13 - cmp \$16,$NUM_BLOCKS -- je .L_small_initial_num_blocks_is_16_${rndsuffix} -+ je .L_small_initial_num_blocks_is_16_${label_suffix} - cmp \$15,$NUM_BLOCKS -- je .L_small_initial_num_blocks_is_15_${rndsuffix} -+ je .L_small_initial_num_blocks_is_15_${label_suffix} - cmp \$14,$NUM_BLOCKS -- je .L_small_initial_num_blocks_is_14_${rndsuffix} -- jmp .L_small_initial_num_blocks_is_13_${rndsuffix} -+ je .L_small_initial_num_blocks_is_14_${label_suffix} -+ jmp .L_small_initial_num_blocks_is_13_${label_suffix} - --.L_small_initial_num_blocks_is_11_9_${rndsuffix}: -+.L_small_initial_num_blocks_is_11_9_${label_suffix}: - # ;; 11, 10 or 9 - cmp \$11,$NUM_BLOCKS -- je .L_small_initial_num_blocks_is_11_${rndsuffix} -+ je .L_small_initial_num_blocks_is_11_${label_suffix} - cmp \$10,$NUM_BLOCKS -- je .L_small_initial_num_blocks_is_10_${rndsuffix} -- jmp .L_small_initial_num_blocks_is_9_${rndsuffix} -+ je .L_small_initial_num_blocks_is_10_${label_suffix} -+ jmp .L_small_initial_num_blocks_is_9_${label_suffix} - --.L_small_initial_num_blocks_is_7_1_${rndsuffix}: -+.L_small_initial_num_blocks_is_7_1_${label_suffix}: - cmp \$4,$NUM_BLOCKS -- je .L_small_initial_num_blocks_is_4_${rndsuffix} -- jl .L_small_initial_num_blocks_is_3_1_${rndsuffix} -+ je .L_small_initial_num_blocks_is_4_${label_suffix} -+ jl .L_small_initial_num_blocks_is_3_1_${label_suffix} - # ;; 7, 6 or 5 - cmp \$7,$NUM_BLOCKS -- je .L_small_initial_num_blocks_is_7_${rndsuffix} -+ je .L_small_initial_num_blocks_is_7_${label_suffix} - cmp \$6,$NUM_BLOCKS -- je .L_small_initial_num_blocks_is_6_${rndsuffix} -- jmp .L_small_initial_num_blocks_is_5_${rndsuffix} -+ je .L_small_initial_num_blocks_is_6_${label_suffix} -+ jmp .L_small_initial_num_blocks_is_5_${label_suffix} - --.L_small_initial_num_blocks_is_3_1_${rndsuffix}: -+.L_small_initial_num_blocks_is_3_1_${label_suffix}: - # ;; 3, 2 or 1 - cmp \$3,$NUM_BLOCKS -- je .L_small_initial_num_blocks_is_3_${rndsuffix} -+ je .L_small_initial_num_blocks_is_3_${label_suffix} - cmp \$2,$NUM_BLOCKS -- je .L_small_initial_num_blocks_is_2_${rndsuffix} -+ je .L_small_initial_num_blocks_is_2_${label_suffix} - - # ;; for $NUM_BLOCKS == 1, just fall through and no 'jmp' needed - -@@ -3616,7 +3610,7 @@ sub GCM_ENC_DEC_SMALL { - ___ - - for (my $num_blocks = 1; $num_blocks <= 16; $num_blocks++) { -- $code .= ".L_small_initial_num_blocks_is_${num_blocks}_${rndsuffix}:\n"; -+ $code .= ".L_small_initial_num_blocks_is_${num_blocks}_${label_suffix}:\n"; - &INITIAL_BLOCKS_PARTIAL( - $AES_KEYS, $GCM128_CTX, $CIPH_PLAIN_OUT, $PLAIN_CIPH_IN, $LENGTH, $DATA_OFFSET, - $num_blocks, $CTR, $HASH_IN_OUT, $ENC_DEC, $ZTMP0, $ZTMP1, -@@ -3625,11 +3619,11 @@ ___ - $ZTMP14, $IA0, $IA1, $MASKREG, $SHUFMASK, $PBLOCK_LEN); - - if ($num_blocks != 16) { -- $code .= "jmp .L_small_initial_blocks_encrypted_${rndsuffix}\n"; -+ $code .= "jmp .L_small_initial_blocks_encrypted_${label_suffix}\n"; - } - } - -- $code .= ".L_small_initial_blocks_encrypted_${rndsuffix}:\n"; -+ $code .= ".L_small_initial_blocks_encrypted_${label_suffix}:\n"; - } - - # ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -@@ -3710,7 +3704,7 @@ sub GCM_ENC_DEC { - - my $MASKREG = "%k1"; - -- my $rndsuffix = &random_string(); -+ my $label_suffix = $label_count++; - - # ;; reduction every 48 blocks, depth 32 blocks - # ;; @note 48 blocks is the maximum capacity of the stack frame -@@ -3751,7 +3745,7 @@ sub GCM_ENC_DEC { - } else { - $code .= "or $PLAIN_CIPH_LEN,$PLAIN_CIPH_LEN\n"; - } -- $code .= "je .L_enc_dec_done_${rndsuffix}\n"; -+ $code .= "je .L_enc_dec_done_${label_suffix}\n"; - - # Length value from context $CTX_OFFSET_InLen`($GCM128_CTX) is updated in - # 'providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc' -@@ -3778,12 +3772,12 @@ sub GCM_ENC_DEC { - # ;; There may be no more data if it was consumed in the partial block. - $code .= <<___; - sub $DATA_OFFSET,$LENGTH -- je .L_enc_dec_done_${rndsuffix} -+ je .L_enc_dec_done_${label_suffix} - ___ - - $code .= <<___; - cmp \$`(16 * 16)`,$LENGTH -- jbe .L_message_below_equal_16_blocks_${rndsuffix} -+ jbe .L_message_below_equal_16_blocks_${label_suffix} - - vmovdqa64 SHUF_MASK(%rip),$SHUF_MASK - vmovdqa64 ddq_addbe_4444(%rip),$ADDBE_4x4 -@@ -3815,7 +3809,7 @@ ___ - - $code .= <<___; - cmp \$`(32 * 16)`,$LENGTH -- jb .L_message_below_32_blocks_${rndsuffix} -+ jb .L_message_below_32_blocks_${label_suffix} - ___ - - # ;; ==== AES-CTR - next 16 blocks -@@ -3836,13 +3830,13 @@ ___ - sub \$`(32 * 16)`,$LENGTH - - cmp \$`($big_loop_nblocks * 16)`,$LENGTH -- jb .L_no_more_big_nblocks_${rndsuffix} -+ jb .L_no_more_big_nblocks_${label_suffix} - ___ - - # ;; ==== - # ;; ==== AES-CTR + GHASH - 48 blocks loop - # ;; ==== -- $code .= ".L_encrypt_big_nblocks_${rndsuffix}:\n"; -+ $code .= ".L_encrypt_big_nblocks_${label_suffix}:\n"; - - # ;; ==== AES-CTR + GHASH - 16 blocks, start - $aesout_offset = ($STACK_LOCAL_OFFSET + (32 * 16)); -@@ -3893,15 +3887,15 @@ ___ - add \$`($big_loop_nblocks * 16)`,$DATA_OFFSET - sub \$`($big_loop_nblocks * 16)`,$LENGTH - cmp \$`($big_loop_nblocks * 16)`,$LENGTH -- jae .L_encrypt_big_nblocks_${rndsuffix} -+ jae .L_encrypt_big_nblocks_${label_suffix} - --.L_no_more_big_nblocks_${rndsuffix}: -+.L_no_more_big_nblocks_${label_suffix}: - - cmp \$`(32 * 16)`,$LENGTH -- jae .L_encrypt_32_blocks_${rndsuffix} -+ jae .L_encrypt_32_blocks_${label_suffix} - - cmp \$`(16 * 16)`,$LENGTH -- jae .L_encrypt_16_blocks_${rndsuffix} -+ jae .L_encrypt_16_blocks_${label_suffix} - ___ - - # ;; ===================================================== -@@ -3909,7 +3903,7 @@ ___ - # ;; ==== GHASH 1 x 16 blocks - # ;; ==== GHASH 1 x 16 blocks (reduction) & encrypt N blocks - # ;; ==== then GHASH N blocks -- $code .= ".L_encrypt_0_blocks_ghash_32_${rndsuffix}:\n"; -+ $code .= ".L_encrypt_0_blocks_ghash_32_${label_suffix}:\n"; - - # ;; calculate offset to the right hash key - $code .= <<___; -@@ -3937,7 +3931,7 @@ ___ - $IA0, $IA5, $MASKREG, $PBLOCK_LEN); - - $code .= "vpshufb @{[XWORD($SHUF_MASK)]},$CTR_BLOCKx,$CTR_BLOCKx\n"; -- $code .= "jmp .L_ghash_done_${rndsuffix}\n"; -+ $code .= "jmp .L_ghash_done_${label_suffix}\n"; - - # ;; ===================================================== - # ;; ===================================================== -@@ -3946,7 +3940,7 @@ ___ - # ;; ==== GHASH 1 x 16 blocks (reduction) - # ;; ==== GHASH 1 x 16 blocks (reduction) & encrypt N blocks - # ;; ==== then GHASH N blocks -- $code .= ".L_encrypt_32_blocks_${rndsuffix}:\n"; -+ $code .= ".L_encrypt_32_blocks_${label_suffix}:\n"; - - # ;; ==== AES-CTR + GHASH - 16 blocks, start - $aesout_offset = ($STACK_LOCAL_OFFSET + (32 * 16)); -@@ -4007,7 +4001,7 @@ ___ - $IA0, $IA5, $MASKREG, $PBLOCK_LEN); - - $code .= "vpshufb @{[XWORD($SHUF_MASK)]},$CTR_BLOCKx,$CTR_BLOCKx\n"; -- $code .= "jmp .L_ghash_done_${rndsuffix}\n"; -+ $code .= "jmp .L_ghash_done_${label_suffix}\n"; - - # ;; ===================================================== - # ;; ===================================================== -@@ -4015,7 +4009,7 @@ ___ - # ;; ==== GHASH 1 x 16 blocks - # ;; ==== GHASH 1 x 16 blocks (reduction) & encrypt N blocks - # ;; ==== then GHASH N blocks -- $code .= ".L_encrypt_16_blocks_${rndsuffix}:\n"; -+ $code .= ".L_encrypt_16_blocks_${label_suffix}:\n"; - - # ;; ==== AES-CTR + GHASH - 16 blocks, start - $aesout_offset = ($STACK_LOCAL_OFFSET + (32 * 16)); -@@ -4059,9 +4053,9 @@ ___ - - $code .= "vpshufb @{[XWORD($SHUF_MASK)]},$CTR_BLOCKx,$CTR_BLOCKx\n"; - $code .= <<___; -- jmp .L_ghash_done_${rndsuffix} -+ jmp .L_ghash_done_${label_suffix} - --.L_message_below_32_blocks_${rndsuffix}: -+.L_message_below_32_blocks_${label_suffix}: - # ;; 32 > number of blocks > 16 - - sub \$`(16 * 16)`,$LENGTH -@@ -4094,9 +4088,9 @@ ___ - - $code .= "vpshufb @{[XWORD($SHUF_MASK)]},$CTR_BLOCKx,$CTR_BLOCKx\n"; - $code .= <<___; -- jmp .L_ghash_done_${rndsuffix} -+ jmp .L_ghash_done_${label_suffix} - --.L_message_below_equal_16_blocks_${rndsuffix}: -+.L_message_below_equal_16_blocks_${label_suffix}: - # ;; Determine how many blocks to process - # ;; - process one additional block if there is a partial block - mov @{[DWORD($LENGTH)]},@{[DWORD($IA1)]} -@@ -4113,13 +4107,13 @@ ___ - - # ;; fall through to exit - -- $code .= ".L_ghash_done_${rndsuffix}:\n"; -+ $code .= ".L_ghash_done_${label_suffix}:\n"; - - # ;; save the last counter block - $code .= "vmovdqu64 $CTR_BLOCKx,`$CTX_OFFSET_CurCount`($GCM128_CTX)\n"; - $code .= <<___; - vmovdqu64 $AAD_HASHx,`$CTX_OFFSET_AadHash`($GCM128_CTX) --.L_enc_dec_done_${rndsuffix}: -+.L_enc_dec_done_${label_suffix}: - ___ - } - -@@ -4155,7 +4149,7 @@ sub INITIAL_BLOCKS_16 { - my $B08_11 = $T7; - my $B12_15 = $T8; - -- my $rndsuffix = &random_string(); -+ my $label_suffix = $label_count++; - - my $stack_offset = $BLK_OFFSET; - $code .= <<___; -@@ -4163,13 +4157,13 @@ sub INITIAL_BLOCKS_16 { - # ;; prepare counter blocks - - cmpb \$`(256 - 16)`,@{[BYTE($CTR_CHECK)]} -- jae .L_next_16_overflow_${rndsuffix} -+ jae .L_next_16_overflow_${label_suffix} - vpaddd $ADDBE_1234,$CTR,$B00_03 - vpaddd $ADDBE_4x4,$B00_03,$B04_07 - vpaddd $ADDBE_4x4,$B04_07,$B08_11 - vpaddd $ADDBE_4x4,$B08_11,$B12_15 -- jmp .L_next_16_ok_${rndsuffix} --.L_next_16_overflow_${rndsuffix}: -+ jmp .L_next_16_ok_${label_suffix} -+.L_next_16_overflow_${label_suffix}: - vpshufb $SHUF_MASK,$CTR,$CTR - vmovdqa64 ddq_add_4444(%rip),$B12_15 - vpaddd ddq_add_1234(%rip),$CTR,$B00_03 -@@ -4180,7 +4174,7 @@ sub INITIAL_BLOCKS_16 { - vpshufb $SHUF_MASK,$B04_07,$B04_07 - vpshufb $SHUF_MASK,$B08_11,$B08_11 - vpshufb $SHUF_MASK,$B12_15,$B12_15 --.L_next_16_ok_${rndsuffix}: -+.L_next_16_ok_${label_suffix}: - vshufi64x2 \$0b11111111,$B12_15,$B12_15,$CTR - addb \$16,@{[BYTE($CTR_CHECK)]} - # ;; === load 16 blocks of data -@@ -4264,7 +4258,7 @@ sub GCM_COMPLETE { - my $GCM128_CTX = $_[0]; - my $PBLOCK_LEN = $_[1]; - -- my $rndsuffix = &random_string(); -+ my $label_suffix = $label_count++; - - $code .= <<___; - vmovdqu @{[HashKeyByIdx(1,$GCM128_CTX)]},%xmm2 -@@ -4276,14 +4270,14 @@ ___ - - # ;; Process the final partial block. - cmp \$0,$PBLOCK_LEN -- je .L_partial_done_${rndsuffix} -+ je .L_partial_done_${label_suffix} - ___ - - # ;GHASH computation for the last <16 Byte block - &GHASH_MUL("%xmm4", "%xmm2", "%xmm0", "%xmm16", "%xmm17"); - - $code .= <<___; --.L_partial_done_${rndsuffix}: -+.L_partial_done_${label_suffix}: - vmovq `$CTX_OFFSET_InLen`($GCM128_CTX), %xmm5 - vpinsrq \$1, `$CTX_OFFSET_AadLen`($GCM128_CTX), %xmm5, %xmm5 # ; xmm5 = len(A)||len(C) - vpsllq \$3, %xmm5, %xmm5 # ; convert bytes into bits -@@ -4297,7 +4291,7 @@ ___ - vpshufb SHUF_MASK(%rip),%xmm4,%xmm4 # ; perform a 16Byte swap - vpxor %xmm4,%xmm3,%xmm3 - --.L_return_T_${rndsuffix}: -+.L_return_T_${label_suffix}: - vmovdqu %xmm3,`$CTX_OFFSET_AadHash`($GCM128_CTX) - ___ - }